diff --git a/go.mod b/go.mod
index 4b78cc716..f886ee1f8 100644
--- a/go.mod
+++ b/go.mod
@@ -1,21 +1,15 @@
-module github.com/okta/okta-sdk-golang/v2
+module github.com/okta/okta-sdk-golang/v3
 
-go 1.19
+go 1.13
 
 require (
-	github.com/BurntSushi/toml v1.1.0
 	github.com/cenkalti/backoff/v4 v4.1.3
 	github.com/go-jose/go-jose/v3 v3.0.0
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/jarcoal/httpmock v1.2.0
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627
 	github.com/stretchr/testify v1.7.1
+	golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
 	gopkg.in/yaml.v3 v3.0.1
 )
-
-require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
-)
diff --git a/go.sum b/go.sum
index af6ffd0eb..d2691ffe2 100644
--- a/go.sum
+++ b/go.sum
@@ -1,39 +1,388 @@
-github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
-github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
 github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jarcoal/httpmock v1.2.0 h1:gSvTxxFR/MEMfsGrvRbdfpRUMBStovlSRLw0Ep1bwwc=
 github.com/jarcoal/httpmock v1.2.0/go.mod h1:oCoTsnAz4+UoOUIf5lJOWV2QQIW5UoeUI6aM2YnWAZk=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
 github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/maxatome/go-testdeep v1.11.0 h1:Tgh5efyCYyJFGUYiT0qxBSIDeXw0F5zSoatlou685kk=
+github.com/maxatome/go-testdeep v1.11.0/go.mod h1:011SgQ6efzZYAen6fDn4BqQ+lUR72ysdyKe7Dyogw70=
 github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627 h1:pSCLCl6joCFRnjpeojzOpEYs4q7Vditq8fySFG5ap3Y=
 github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558 h1:D7nTwh4J0i+5mW4Zjzn5omvlr6YBcWywE6KOcatyNxY=
+golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/okta/README.md b/okta/README.md
new file mode 100644
index 000000000..7166343c3
--- /dev/null
+++ b/okta/README.md
@@ -0,0 +1,1460 @@
+# Go API client for okta
+
+Allows customers to easily access the Okta Management APIs
+
+## Overview
+This API client was generated by the [OpenAPI Generator](https://openapi-generator.tech) project.  By using the [OpenAPI-spec](https://www.openapis.org/) from a remote server, you can easily generate an API client.
+
+- API version: 4.0.0
+- Package version: 3.0.0
+- Build package: org.openapitools.codegen.languages.GoClientCodegen
+For more information, please visit [https://developer.okta.com/](https://developer.okta.com/)
+
+## Getting started
+
+- Install the [OpenAPI generator CLI](https://www.npmjs.com/package/@openapitools/openapi-generator-cli)
+- Run `openapi-generator generate -c ./.generator/config.yaml -i .generator/okta-management-APIs-oasv3-enum-inheritance.yaml`
+
+> Note that `config.yaml` contains all the configuration required (templates, supporting files, global configuration, etc) to generate the Okta SDK. For more details about the generator's customization visit [this link](https://openapi-generator.tech/docs/customization).
+
+## Installation
+
+Install the following dependencies:
+
+```shell
+go get github.com/stretchr/testify/assert
+go get golang.org/x/oauth2
+go get golang.org/x/net/context
+```
+
+Put the package under your project folder and add the following in import:
+
+```golang
+import okta "github.com/okta/okta-sdk-golang"
+```
+
+To use a proxy, set the environment variable `HTTP_PROXY` or use configuration in okta.Configuration.Okta.Client.Proxy. 
+In the event that environment variable and configuration are both set, the configuration will take precedence.
+
+```golang
+os.Setenv("HTTP_PROXY", "http://proxy_name:proxy_port")
+```
+
+## Configuration of Server URL
+
+Default configuration comes with `Servers` field that contains server objects as defined in the OpenAPI specification.
+
+### Select Server Configuration
+
+For using other server than the one defined on index 0 set context value `sw.ContextServerIndex` of type `int`.
+
+```golang
+ctx := context.WithValue(context.Background(), okta.ContextServerIndex, 1)
+```
+
+### Templated Server URL
+
+Templated server URL is formatted using default variables from configuration or from context value `sw.ContextServerVariables` of type `map[string]string`.
+
+```golang
+ctx := context.WithValue(context.Background(), okta.ContextServerVariables, map[string]string{
+	"basePath": "v2",
+})
+```
+
+Note, enum values are always validated and all unused variables are silently ignored.
+
+### URLs Configuration per Operation
+
+Each operation can use different server URL defined using `OperationServers` map in the `Configuration`.
+An operation is uniquely identified by `"{classname}Service.{nickname}"` string.
+Similar rules for overriding default operation server index and variables applies by using `sw.ContextOperationServerIndices` and `sw.ContextOperationServerVariables` context maps.
+
+```golang
+ctx := context.WithValue(context.Background(), okta.ContextOperationServerIndices, map[string]int{
+	"{classname}Service.{nickname}": 2,
+})
+ctx = context.WithValue(context.Background(), okta.ContextOperationServerVariables, map[string]map[string]string{
+	"{classname}Service.{nickname}": {
+		"port": "8443",
+	},
+})
+```
+
+## Documentation for API Endpoints
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Class | Method | HTTP request | Description
+------------ | ------------- | ------------- | -------------
+*AgentPoolsApi* | [**ActivateAgentPoolsUpdate**](docs/AgentPoolsApi.md#activateagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/activate | Activate an Agent Pool update
+*AgentPoolsApi* | [**CreateAgentPoolsUpdate**](docs/AgentPoolsApi.md#createagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates | Create an Agent Pool update
+*AgentPoolsApi* | [**DeactivateAgentPoolsUpdate**](docs/AgentPoolsApi.md#deactivateagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate | Deactivate an Agent Pool update
+*AgentPoolsApi* | [**DeleteAgentPoolsUpdate**](docs/AgentPoolsApi.md#deleteagentpoolsupdate) | **Delete** /api/v1/agentPools/{poolId}/updates/{updateId} | Delete an Agent Pool update
+*AgentPoolsApi* | [**GetAgentPoolsUpdateInstance**](docs/AgentPoolsApi.md#getagentpoolsupdateinstance) | **Get** /api/v1/agentPools/{poolId}/updates/{updateId} | Retrieve an Agent Pool update by id
+*AgentPoolsApi* | [**GetAgentPoolsUpdateSettings**](docs/AgentPoolsApi.md#getagentpoolsupdatesettings) | **Get** /api/v1/agentPools/{poolId}/updates/settings | Retrieve an Agent Pool update's settings
+*AgentPoolsApi* | [**ListAgentPools**](docs/AgentPoolsApi.md#listagentpools) | **Get** /api/v1/agentPools | List all Agent Pools
+*AgentPoolsApi* | [**ListAgentPoolsUpdates**](docs/AgentPoolsApi.md#listagentpoolsupdates) | **Get** /api/v1/agentPools/{poolId}/updates | List all Agent Pool updates
+*AgentPoolsApi* | [**PauseAgentPoolsUpdate**](docs/AgentPoolsApi.md#pauseagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/pause | Pause an Agent Pool update
+*AgentPoolsApi* | [**ResumeAgentPoolsUpdate**](docs/AgentPoolsApi.md#resumeagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/resume | Resume an Agent Pool update
+*AgentPoolsApi* | [**RetryAgentPoolsUpdate**](docs/AgentPoolsApi.md#retryagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/retry | Retry an Agent Pool update
+*AgentPoolsApi* | [**StopAgentPoolsUpdate**](docs/AgentPoolsApi.md#stopagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/stop | Stop an Agent Pool update
+*AgentPoolsApi* | [**UpdateAgentPoolsUpdate**](docs/AgentPoolsApi.md#updateagentpoolsupdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId} | Update an Agent Pool update by id
+*AgentPoolsApi* | [**UpdateAgentPoolsUpdateSettings**](docs/AgentPoolsApi.md#updateagentpoolsupdatesettings) | **Post** /api/v1/agentPools/{poolId}/updates/settings | Update an Agent Pool update settings
+*ApiTokenApi* | [**GetApiToken**](docs/ApiTokenApi.md#getapitoken) | **Get** /api/v1/api-tokens/{apiTokenId} | Retrieve an API Token's Metadata
+*ApiTokenApi* | [**ListApiTokens**](docs/ApiTokenApi.md#listapitokens) | **Get** /api/v1/api-tokens | List all API Token Metadata
+*ApiTokenApi* | [**RevokeApiToken**](docs/ApiTokenApi.md#revokeapitoken) | **Delete** /api/v1/api-tokens/{apiTokenId} | Revoke an API Token
+*ApiTokenApi* | [**RevokeCurrentApiToken**](docs/ApiTokenApi.md#revokecurrentapitoken) | **Delete** /api/v1/api-tokens/current | Revoke the Current API Token
+*ApplicationApi* | [**ActivateApplication**](docs/ApplicationApi.md#activateapplication) | **Post** /api/v1/apps/{appId}/lifecycle/activate | Activate an Application
+*ApplicationApi* | [**ActivateDefaultProvisioningConnectionForApplication**](docs/ApplicationApi.md#activatedefaultprovisioningconnectionforapplication) | **Post** /api/v1/apps/{appId}/connections/default/lifecycle/activate | Activate the default Provisioning Connection
+*ApplicationApi* | [**AssignApplicationPolicy**](docs/ApplicationApi.md#assignapplicationpolicy) | **Put** /api/v1/apps/{appId}/policies/{policyId} | Assign an Application to a Policy
+*ApplicationApi* | [**AssignGroupToApplication**](docs/ApplicationApi.md#assigngrouptoapplication) | **Put** /api/v1/apps/{appId}/groups/{groupId} | Assign a Group
+*ApplicationApi* | [**AssignUserToApplication**](docs/ApplicationApi.md#assignusertoapplication) | **Post** /api/v1/apps/{appId}/users | Assign a User
+*ApplicationApi* | [**CloneApplicationKey**](docs/ApplicationApi.md#cloneapplicationkey) | **Post** /api/v1/apps/{appId}/credentials/keys/{keyId}/clone | Clone a Key Credential
+*ApplicationApi* | [**CreateApplication**](docs/ApplicationApi.md#createapplication) | **Post** /api/v1/apps | Create an Application
+*ApplicationApi* | [**DeactivateApplication**](docs/ApplicationApi.md#deactivateapplication) | **Post** /api/v1/apps/{appId}/lifecycle/deactivate | Deactivate an Application
+*ApplicationApi* | [**DeactivateDefaultProvisioningConnectionForApplication**](docs/ApplicationApi.md#deactivatedefaultprovisioningconnectionforapplication) | **Post** /api/v1/apps/{appId}/connections/default/lifecycle/deactivate | Deactivate the default Provisioning Connection for an Application
+*ApplicationApi* | [**DeleteApplication**](docs/ApplicationApi.md#deleteapplication) | **Delete** /api/v1/apps/{appId} | Delete an Application
+*ApplicationApi* | [**GenerateApplicationKey**](docs/ApplicationApi.md#generateapplicationkey) | **Post** /api/v1/apps/{appId}/credentials/keys/generate | Generate a Key Credential
+*ApplicationApi* | [**GenerateCsrForApplication**](docs/ApplicationApi.md#generatecsrforapplication) | **Post** /api/v1/apps/{appId}/credentials/csrs | Generate a Certificate Signing Request
+*ApplicationApi* | [**GetApplication**](docs/ApplicationApi.md#getapplication) | **Get** /api/v1/apps/{appId} | Retrieve an Application
+*ApplicationApi* | [**GetApplicationGroupAssignment**](docs/ApplicationApi.md#getapplicationgroupassignment) | **Get** /api/v1/apps/{appId}/groups/{groupId} | Retrieve an Assigned Group
+*ApplicationApi* | [**GetApplicationKey**](docs/ApplicationApi.md#getapplicationkey) | **Get** /api/v1/apps/{appId}/credentials/keys/{keyId} | Retrieve a Key Credential
+*ApplicationApi* | [**GetApplicationUser**](docs/ApplicationApi.md#getapplicationuser) | **Get** /api/v1/apps/{appId}/users/{userId} | Retrieve an Assigned User
+*ApplicationApi* | [**GetCsrForApplication**](docs/ApplicationApi.md#getcsrforapplication) | **Get** /api/v1/apps/{appId}/credentials/csrs/{csrId} | Retrieve a Certificate Signing Request
+*ApplicationApi* | [**GetDefaultProvisioningConnectionForApplication**](docs/ApplicationApi.md#getdefaultprovisioningconnectionforapplication) | **Get** /api/v1/apps/{appId}/connections/default | Retrieve the default Provisioning Connection
+*ApplicationApi* | [**GetFeatureForApplication**](docs/ApplicationApi.md#getfeatureforapplication) | **Get** /api/v1/apps/{appId}/features/{name} | Retrieve a Feature
+*ApplicationApi* | [**GetOAuth2TokenForApplication**](docs/ApplicationApi.md#getoauth2tokenforapplication) | **Get** /api/v1/apps/{appId}/tokens/{tokenId} | Retrieve an OAuth 2.0 Token
+*ApplicationApi* | [**GetScopeConsentGrant**](docs/ApplicationApi.md#getscopeconsentgrant) | **Get** /api/v1/apps/{appId}/grants/{grantId} | Retrieve a Scope Consent Grant
+*ApplicationApi* | [**GrantConsentToScope**](docs/ApplicationApi.md#grantconsenttoscope) | **Post** /api/v1/apps/{appId}/grants | Grant Consent to Scope
+*ApplicationApi* | [**ListApplicationGroupAssignments**](docs/ApplicationApi.md#listapplicationgroupassignments) | **Get** /api/v1/apps/{appId}/groups | List all Assigned Groups
+*ApplicationApi* | [**ListApplicationKeys**](docs/ApplicationApi.md#listapplicationkeys) | **Get** /api/v1/apps/{appId}/credentials/keys | List all Key Credentials
+*ApplicationApi* | [**ListApplicationUsers**](docs/ApplicationApi.md#listapplicationusers) | **Get** /api/v1/apps/{appId}/users | List all Assigned Users
+*ApplicationApi* | [**ListApplications**](docs/ApplicationApi.md#listapplications) | **Get** /api/v1/apps | List all Applications
+*ApplicationApi* | [**ListCsrsForApplication**](docs/ApplicationApi.md#listcsrsforapplication) | **Get** /api/v1/apps/{appId}/credentials/csrs | List all Certificate Signing Requests
+*ApplicationApi* | [**ListFeaturesForApplication**](docs/ApplicationApi.md#listfeaturesforapplication) | **Get** /api/v1/apps/{appId}/features | List all Features
+*ApplicationApi* | [**ListOAuth2TokensForApplication**](docs/ApplicationApi.md#listoauth2tokensforapplication) | **Get** /api/v1/apps/{appId}/tokens | List all OAuth 2.0 Tokens
+*ApplicationApi* | [**ListScopeConsentGrants**](docs/ApplicationApi.md#listscopeconsentgrants) | **Get** /api/v1/apps/{appId}/grants | List all Scope Consent Grants
+*ApplicationApi* | [**PublishCsrFromApplication**](docs/ApplicationApi.md#publishcsrfromapplication) | **Post** /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish | Publish a Certificate Signing Request
+*ApplicationApi* | [**ReplaceApplication**](docs/ApplicationApi.md#replaceapplication) | **Put** /api/v1/apps/{appId} | Replace an Application
+*ApplicationApi* | [**RevokeCsrFromApplication**](docs/ApplicationApi.md#revokecsrfromapplication) | **Delete** /api/v1/apps/{appId}/credentials/csrs/{csrId} | Revoke a Certificate Signing Request
+*ApplicationApi* | [**RevokeOAuth2TokenForApplication**](docs/ApplicationApi.md#revokeoauth2tokenforapplication) | **Delete** /api/v1/apps/{appId}/tokens/{tokenId} | Revoke an OAuth 2.0 Token
+*ApplicationApi* | [**RevokeOAuth2TokensForApplication**](docs/ApplicationApi.md#revokeoauth2tokensforapplication) | **Delete** /api/v1/apps/{appId}/tokens | Revoke all OAuth 2.0 Tokens
+*ApplicationApi* | [**RevokeScopeConsentGrant**](docs/ApplicationApi.md#revokescopeconsentgrant) | **Delete** /api/v1/apps/{appId}/grants/{grantId} | Revoke a Scope Consent Grant
+*ApplicationApi* | [**UnassignApplicationFromGroup**](docs/ApplicationApi.md#unassignapplicationfromgroup) | **Delete** /api/v1/apps/{appId}/groups/{groupId} | Unassign a Group
+*ApplicationApi* | [**UnassignUserFromApplication**](docs/ApplicationApi.md#unassignuserfromapplication) | **Delete** /api/v1/apps/{appId}/users/{userId} | Unassign a User
+*ApplicationApi* | [**UpdateApplicationUser**](docs/ApplicationApi.md#updateapplicationuser) | **Post** /api/v1/apps/{appId}/users/{userId} | Update an Application Profile for Assigned User
+*ApplicationApi* | [**UpdateDefaultProvisioningConnectionForApplication**](docs/ApplicationApi.md#updatedefaultprovisioningconnectionforapplication) | **Post** /api/v1/apps/{appId}/connections/default | Update the default Provisioning Connection
+*ApplicationApi* | [**UpdateFeatureForApplication**](docs/ApplicationApi.md#updatefeatureforapplication) | **Put** /api/v1/apps/{appId}/features/{name} | Update a Feature
+*ApplicationApi* | [**UploadApplicationLogo**](docs/ApplicationApi.md#uploadapplicationlogo) | **Post** /api/v1/apps/{appId}/logo | Upload a Logo
+*AttackProtectionApi* | [**GetUserLockoutSettings**](docs/AttackProtectionApi.md#getuserlockoutsettings) | **Get** /attack-protection/api/v1/user-lockout-settings | Retrieve the User Lockout Settings
+*AttackProtectionApi* | [**ReplaceUserLockoutSettings**](docs/AttackProtectionApi.md#replaceuserlockoutsettings) | **Put** /attack-protection/api/v1/user-lockout-settings | Replace the User Lockout Settings
+*AuthenticatorApi* | [**ActivateAuthenticator**](docs/AuthenticatorApi.md#activateauthenticator) | **Post** /api/v1/authenticators/{authenticatorId}/lifecycle/activate | Activate an Authenticator
+*AuthenticatorApi* | [**CreateAuthenticator**](docs/AuthenticatorApi.md#createauthenticator) | **Post** /api/v1/authenticators | Create an Authenticator
+*AuthenticatorApi* | [**DeactivateAuthenticator**](docs/AuthenticatorApi.md#deactivateauthenticator) | **Post** /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate | Deactivate an Authenticator
+*AuthenticatorApi* | [**GetAuthenticator**](docs/AuthenticatorApi.md#getauthenticator) | **Get** /api/v1/authenticators/{authenticatorId} | Retrieve an Authenticator
+*AuthenticatorApi* | [**ListAuthenticators**](docs/AuthenticatorApi.md#listauthenticators) | **Get** /api/v1/authenticators | List all Authenticators
+*AuthenticatorApi* | [**ReplaceAuthenticator**](docs/AuthenticatorApi.md#replaceauthenticator) | **Put** /api/v1/authenticators/{authenticatorId} | Replace an Authenticator
+*AuthorizationServerApi* | [**ActivateAuthorizationServer**](docs/AuthorizationServerApi.md#activateauthorizationserver) | **Post** /api/v1/authorizationServers/{authServerId}/lifecycle/activate | Activate an Authorization Server
+*AuthorizationServerApi* | [**ActivateAuthorizationServerPolicy**](docs/AuthorizationServerApi.md#activateauthorizationserverpolicy) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate | Activate a Policy
+*AuthorizationServerApi* | [**ActivateAuthorizationServerPolicyRule**](docs/AuthorizationServerApi.md#activateauthorizationserverpolicyrule) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate | Activate a Policy Rule
+*AuthorizationServerApi* | [**CreateAuthorizationServer**](docs/AuthorizationServerApi.md#createauthorizationserver) | **Post** /api/v1/authorizationServers | Create an Authorization Server
+*AuthorizationServerApi* | [**CreateAuthorizationServerPolicy**](docs/AuthorizationServerApi.md#createauthorizationserverpolicy) | **Post** /api/v1/authorizationServers/{authServerId}/policies | Create a Policy
+*AuthorizationServerApi* | [**CreateAuthorizationServerPolicyRule**](docs/AuthorizationServerApi.md#createauthorizationserverpolicyrule) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules | Create a Policy Rule
+*AuthorizationServerApi* | [**CreateOAuth2Claim**](docs/AuthorizationServerApi.md#createoauth2claim) | **Post** /api/v1/authorizationServers/{authServerId}/claims | Create a Custom Token Claim
+*AuthorizationServerApi* | [**CreateOAuth2Scope**](docs/AuthorizationServerApi.md#createoauth2scope) | **Post** /api/v1/authorizationServers/{authServerId}/scopes | Create a Custom Token Scope
+*AuthorizationServerApi* | [**DeactivateAuthorizationServer**](docs/AuthorizationServerApi.md#deactivateauthorizationserver) | **Post** /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate | Deactivate an Authorization Server
+*AuthorizationServerApi* | [**DeactivateAuthorizationServerPolicy**](docs/AuthorizationServerApi.md#deactivateauthorizationserverpolicy) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate | Deactivate a Policy
+*AuthorizationServerApi* | [**DeactivateAuthorizationServerPolicyRule**](docs/AuthorizationServerApi.md#deactivateauthorizationserverpolicyrule) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate | Deactivate a Policy Rule
+*AuthorizationServerApi* | [**DeleteAuthorizationServer**](docs/AuthorizationServerApi.md#deleteauthorizationserver) | **Delete** /api/v1/authorizationServers/{authServerId} | Delete an Authorization Server
+*AuthorizationServerApi* | [**DeleteAuthorizationServerPolicy**](docs/AuthorizationServerApi.md#deleteauthorizationserverpolicy) | **Delete** /api/v1/authorizationServers/{authServerId}/policies/{policyId} | Delete a Policy
+*AuthorizationServerApi* | [**DeleteAuthorizationServerPolicyRule**](docs/AuthorizationServerApi.md#deleteauthorizationserverpolicyrule) | **Delete** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId} | Delete a Policy Rule
+*AuthorizationServerApi* | [**DeleteOAuth2Claim**](docs/AuthorizationServerApi.md#deleteoauth2claim) | **Delete** /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Delete a Custom Token Claim
+*AuthorizationServerApi* | [**DeleteOAuth2Scope**](docs/AuthorizationServerApi.md#deleteoauth2scope) | **Delete** /api/v1/authorizationServers/{authServerId}/scopes/{scopeId} | Delete a Custom Token Scope
+*AuthorizationServerApi* | [**GetAuthorizationServer**](docs/AuthorizationServerApi.md#getauthorizationserver) | **Get** /api/v1/authorizationServers/{authServerId} | Retrieve an Authorization Server
+*AuthorizationServerApi* | [**GetAuthorizationServerPolicy**](docs/AuthorizationServerApi.md#getauthorizationserverpolicy) | **Get** /api/v1/authorizationServers/{authServerId}/policies/{policyId} | Retrieve a Policy
+*AuthorizationServerApi* | [**GetAuthorizationServerPolicyRule**](docs/AuthorizationServerApi.md#getauthorizationserverpolicyrule) | **Get** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId} | Retrieve a Policy Rule
+*AuthorizationServerApi* | [**GetOAuth2Claim**](docs/AuthorizationServerApi.md#getoauth2claim) | **Get** /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Retrieve a Custom Token Claim
+*AuthorizationServerApi* | [**GetOAuth2Scope**](docs/AuthorizationServerApi.md#getoauth2scope) | **Get** /api/v1/authorizationServers/{authServerId}/scopes/{scopeId} | Retrieve a Custom Token Scope
+*AuthorizationServerApi* | [**GetRefreshTokenForAuthorizationServerAndClient**](docs/AuthorizationServerApi.md#getrefreshtokenforauthorizationserverandclient) | **Get** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId} | Retrieve a Refresh Token for a Client
+*AuthorizationServerApi* | [**ListAuthorizationServerKeys**](docs/AuthorizationServerApi.md#listauthorizationserverkeys) | **Get** /api/v1/authorizationServers/{authServerId}/credentials/keys | List all Credential Keys
+*AuthorizationServerApi* | [**ListAuthorizationServerPolicies**](docs/AuthorizationServerApi.md#listauthorizationserverpolicies) | **Get** /api/v1/authorizationServers/{authServerId}/policies | List all Policies
+*AuthorizationServerApi* | [**ListAuthorizationServerPolicyRules**](docs/AuthorizationServerApi.md#listauthorizationserverpolicyrules) | **Get** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules | List all Policy Rules
+*AuthorizationServerApi* | [**ListAuthorizationServers**](docs/AuthorizationServerApi.md#listauthorizationservers) | **Get** /api/v1/authorizationServers | List all Authorization Servers
+*AuthorizationServerApi* | [**ListOAuth2Claims**](docs/AuthorizationServerApi.md#listoauth2claims) | **Get** /api/v1/authorizationServers/{authServerId}/claims | List all Custom Token Claims
+*AuthorizationServerApi* | [**ListOAuth2ClientsForAuthorizationServer**](docs/AuthorizationServerApi.md#listoauth2clientsforauthorizationserver) | **Get** /api/v1/authorizationServers/{authServerId}/clients | List all Clients
+*AuthorizationServerApi* | [**ListOAuth2Scopes**](docs/AuthorizationServerApi.md#listoauth2scopes) | **Get** /api/v1/authorizationServers/{authServerId}/scopes | List all Custom Token Scopes
+*AuthorizationServerApi* | [**ListRefreshTokensForAuthorizationServerAndClient**](docs/AuthorizationServerApi.md#listrefreshtokensforauthorizationserverandclient) | **Get** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens | List all Refresh Tokens for a Client
+*AuthorizationServerApi* | [**ReplaceAuthorizationServer**](docs/AuthorizationServerApi.md#replaceauthorizationserver) | **Put** /api/v1/authorizationServers/{authServerId} | Replace an Authorization Server
+*AuthorizationServerApi* | [**ReplaceAuthorizationServerPolicy**](docs/AuthorizationServerApi.md#replaceauthorizationserverpolicy) | **Put** /api/v1/authorizationServers/{authServerId}/policies/{policyId} | Replace a Policy
+*AuthorizationServerApi* | [**ReplaceAuthorizationServerPolicyRule**](docs/AuthorizationServerApi.md#replaceauthorizationserverpolicyrule) | **Put** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId} | Replace a Policy Rule
+*AuthorizationServerApi* | [**ReplaceOAuth2Claim**](docs/AuthorizationServerApi.md#replaceoauth2claim) | **Put** /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Replace a Custom Token Claim
+*AuthorizationServerApi* | [**ReplaceOAuth2Scope**](docs/AuthorizationServerApi.md#replaceoauth2scope) | **Put** /api/v1/authorizationServers/{authServerId}/scopes/{scopeId} | Replace a Custom Token Scope
+*AuthorizationServerApi* | [**RevokeRefreshTokenForAuthorizationServerAndClient**](docs/AuthorizationServerApi.md#revokerefreshtokenforauthorizationserverandclient) | **Delete** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId} | Revoke a Refresh Token for a Client
+*AuthorizationServerApi* | [**RevokeRefreshTokensForAuthorizationServerAndClient**](docs/AuthorizationServerApi.md#revokerefreshtokensforauthorizationserverandclient) | **Delete** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens | Revoke all Refresh Tokens for a Client
+*AuthorizationServerApi* | [**RotateAuthorizationServerKeys**](docs/AuthorizationServerApi.md#rotateauthorizationserverkeys) | **Post** /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate | Rotate all Credential Keys
+*BehaviorApi* | [**ActivateBehaviorDetectionRule**](docs/BehaviorApi.md#activatebehaviordetectionrule) | **Post** /api/v1/behaviors/{behaviorId}/lifecycle/activate | Activate a Behavior Detection Rule
+*BehaviorApi* | [**CreateBehaviorDetectionRule**](docs/BehaviorApi.md#createbehaviordetectionrule) | **Post** /api/v1/behaviors | Create a Behavior Detection Rule
+*BehaviorApi* | [**DeactivateBehaviorDetectionRule**](docs/BehaviorApi.md#deactivatebehaviordetectionrule) | **Post** /api/v1/behaviors/{behaviorId}/lifecycle/deactivate | Deactivate a Behavior Detection Rule
+*BehaviorApi* | [**DeleteBehaviorDetectionRule**](docs/BehaviorApi.md#deletebehaviordetectionrule) | **Delete** /api/v1/behaviors/{behaviorId} | Delete a Behavior Detection Rule
+*BehaviorApi* | [**GetBehaviorDetectionRule**](docs/BehaviorApi.md#getbehaviordetectionrule) | **Get** /api/v1/behaviors/{behaviorId} | Retrieve a Behavior Detection Rule
+*BehaviorApi* | [**ListBehaviorDetectionRules**](docs/BehaviorApi.md#listbehaviordetectionrules) | **Get** /api/v1/behaviors | List all Behavior Detection Rules
+*BehaviorApi* | [**ReplaceBehaviorDetectionRule**](docs/BehaviorApi.md#replacebehaviordetectionrule) | **Put** /api/v1/behaviors/{behaviorId} | Replace a Behavior Detection Rule
+*CAPTCHAApi* | [**CreateCaptchaInstance**](docs/CAPTCHAApi.md#createcaptchainstance) | **Post** /api/v1/captchas | Create a CAPTCHA instance
+*CAPTCHAApi* | [**DeleteCaptchaInstance**](docs/CAPTCHAApi.md#deletecaptchainstance) | **Delete** /api/v1/captchas/{captchaId} | Delete a CAPTCHA Instance
+*CAPTCHAApi* | [**GetCaptchaInstance**](docs/CAPTCHAApi.md#getcaptchainstance) | **Get** /api/v1/captchas/{captchaId} | Retrieve a CAPTCHA Instance
+*CAPTCHAApi* | [**ListCaptchaInstances**](docs/CAPTCHAApi.md#listcaptchainstances) | **Get** /api/v1/captchas | List all CAPTCHA instances
+*CAPTCHAApi* | [**ReplaceCaptchaInstance**](docs/CAPTCHAApi.md#replacecaptchainstance) | **Put** /api/v1/captchas/{captchaId} | Replace a CAPTCHA instance
+*CAPTCHAApi* | [**UpdateCaptchaInstance**](docs/CAPTCHAApi.md#updatecaptchainstance) | **Post** /api/v1/captchas/{captchaId} | Update a CAPTCHA instance
+*CustomizationApi* | [**CreateBrand**](docs/CustomizationApi.md#createbrand) | **Post** /api/v1/brands | Create a Brand
+*CustomizationApi* | [**CreateEmailCustomization**](docs/CustomizationApi.md#createemailcustomization) | **Post** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations | Create an Email Customization
+*CustomizationApi* | [**DeleteAllCustomizations**](docs/CustomizationApi.md#deleteallcustomizations) | **Delete** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations | Delete all Email Customizations
+*CustomizationApi* | [**DeleteBrand**](docs/CustomizationApi.md#deletebrand) | **Delete** /api/v1/brands/{brandId} | Delete a brand
+*CustomizationApi* | [**DeleteBrandThemeBackgroundImage**](docs/CustomizationApi.md#deletebrandthemebackgroundimage) | **Delete** /api/v1/brands/{brandId}/themes/{themeId}/background-image | Delete the Background Image
+*CustomizationApi* | [**DeleteBrandThemeFavicon**](docs/CustomizationApi.md#deletebrandthemefavicon) | **Delete** /api/v1/brands/{brandId}/themes/{themeId}/favicon | Delete the Favicon
+*CustomizationApi* | [**DeleteBrandThemeLogo**](docs/CustomizationApi.md#deletebrandthemelogo) | **Delete** /api/v1/brands/{brandId}/themes/{themeId}/logo | Delete the Logo
+*CustomizationApi* | [**DeleteEmailCustomization**](docs/CustomizationApi.md#deleteemailcustomization) | **Delete** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId} | Delete an Email Customization
+*CustomizationApi* | [**GetBrand**](docs/CustomizationApi.md#getbrand) | **Get** /api/v1/brands/{brandId} | Retrieve a Brand
+*CustomizationApi* | [**GetBrandTheme**](docs/CustomizationApi.md#getbrandtheme) | **Get** /api/v1/brands/{brandId}/themes/{themeId} | Retrieve a Theme
+*CustomizationApi* | [**GetCustomizationPreview**](docs/CustomizationApi.md#getcustomizationpreview) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview | Retrieve a Preview of an Email Customization
+*CustomizationApi* | [**GetCustomizedErrorPage**](docs/CustomizationApi.md#getcustomizederrorpage) | **Get** /api/v1/brands/{brandId}/pages/error/customized | Retrieve the Customized Error Page
+*CustomizationApi* | [**GetCustomizedSignInPage**](docs/CustomizationApi.md#getcustomizedsigninpage) | **Get** /api/v1/brands/{brandId}/pages/sign-in/customized | Retrieve the Customized Sign-in Page
+*CustomizationApi* | [**GetDefaultErrorPage**](docs/CustomizationApi.md#getdefaulterrorpage) | **Get** /api/v1/brands/{brandId}/pages/error/default | Retrieve the Default Error Page
+*CustomizationApi* | [**GetDefaultSignInPage**](docs/CustomizationApi.md#getdefaultsigninpage) | **Get** /api/v1/brands/{brandId}/pages/sign-in/default | Retrieve the Default Sign-in Page
+*CustomizationApi* | [**GetEmailCustomization**](docs/CustomizationApi.md#getemailcustomization) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId} | Retrieve an Email Customization
+*CustomizationApi* | [**GetEmailDefaultContent**](docs/CustomizationApi.md#getemaildefaultcontent) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/default-content | Retrieve an Email Template Default Content
+*CustomizationApi* | [**GetEmailDefaultPreview**](docs/CustomizationApi.md#getemaildefaultpreview) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview | Retrieve a Preview of the Email Template Default Content
+*CustomizationApi* | [**GetEmailSettings**](docs/CustomizationApi.md#getemailsettings) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/settings | Retrieve the Email Template Settings
+*CustomizationApi* | [**GetEmailTemplate**](docs/CustomizationApi.md#getemailtemplate) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName} | Retrieve an Email Template
+*CustomizationApi* | [**GetErrorPage**](docs/CustomizationApi.md#geterrorpage) | **Get** /api/v1/brands/{brandId}/pages/error | Retrieve the Error Page
+*CustomizationApi* | [**GetPreviewErrorPage**](docs/CustomizationApi.md#getpreviewerrorpage) | **Get** /api/v1/brands/{brandId}/pages/error/preview | Retrieve the Preview Error Page Preview
+*CustomizationApi* | [**GetPreviewSignInPage**](docs/CustomizationApi.md#getpreviewsigninpage) | **Get** /api/v1/brands/{brandId}/pages/sign-in/preview | Retrieve the Preview Sign-in Page Preview
+*CustomizationApi* | [**GetSignInPage**](docs/CustomizationApi.md#getsigninpage) | **Get** /api/v1/brands/{brandId}/pages/sign-in | Retrieve the Sign-in Page
+*CustomizationApi* | [**GetSignOutPageSettings**](docs/CustomizationApi.md#getsignoutpagesettings) | **Get** /api/v1/brands/{brandId}/pages/sign-out/customized | Retrieve the Sign-out Page Settings
+*CustomizationApi* | [**LinkBrandDomain**](docs/CustomizationApi.md#linkbranddomain) | **Post** /api/v1/brands/{brandId}/domains | Link a Brand to a Domain
+*CustomizationApi* | [**ListAllSignInWidgetVersions**](docs/CustomizationApi.md#listallsigninwidgetversions) | **Get** /api/v1/brands/{brandId}/pages/sign-in/widget-versions | List all Sign-in Widget Versions
+*CustomizationApi* | [**ListBrandDomains**](docs/CustomizationApi.md#listbranddomains) | **Get** /api/v1/brands/{brandId}/domains | List all Domains associated with a Brand
+*CustomizationApi* | [**ListBrandThemes**](docs/CustomizationApi.md#listbrandthemes) | **Get** /api/v1/brands/{brandId}/themes | List all Themes
+*CustomizationApi* | [**ListBrands**](docs/CustomizationApi.md#listbrands) | **Get** /api/v1/brands | List all Brands
+*CustomizationApi* | [**ListEmailCustomizations**](docs/CustomizationApi.md#listemailcustomizations) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations | List all Email Customizations
+*CustomizationApi* | [**ListEmailTemplates**](docs/CustomizationApi.md#listemailtemplates) | **Get** /api/v1/brands/{brandId}/templates/email | List all Email Templates
+*CustomizationApi* | [**ReplaceBrand**](docs/CustomizationApi.md#replacebrand) | **Put** /api/v1/brands/{brandId} | Replace a Brand
+*CustomizationApi* | [**ReplaceBrandTheme**](docs/CustomizationApi.md#replacebrandtheme) | **Put** /api/v1/brands/{brandId}/themes/{themeId} | Replace a Theme
+*CustomizationApi* | [**ReplaceCustomizedErrorPage**](docs/CustomizationApi.md#replacecustomizederrorpage) | **Put** /api/v1/brands/{brandId}/pages/error/customized | Replace the Customized Error Page
+*CustomizationApi* | [**ReplaceCustomizedSignInPage**](docs/CustomizationApi.md#replacecustomizedsigninpage) | **Put** /api/v1/brands/{brandId}/pages/sign-in/customized | Replace the Customized Sign-in Page
+*CustomizationApi* | [**ReplaceEmailCustomization**](docs/CustomizationApi.md#replaceemailcustomization) | **Put** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId} | Replace an Email Customization
+*CustomizationApi* | [**ReplaceEmailSettings**](docs/CustomizationApi.md#replaceemailsettings) | **Put** /api/v1/brands/{brandId}/templates/email/{templateName}/settings | Replace the Email Template Settings
+*CustomizationApi* | [**ReplacePreviewErrorPage**](docs/CustomizationApi.md#replacepreviewerrorpage) | **Put** /api/v1/brands/{brandId}/pages/error/preview | Replace the Preview Error Page
+*CustomizationApi* | [**ReplacePreviewSignInPage**](docs/CustomizationApi.md#replacepreviewsigninpage) | **Put** /api/v1/brands/{brandId}/pages/sign-in/preview | Replace the Preview Sign-in Page
+*CustomizationApi* | [**ReplaceSignOutPageSettings**](docs/CustomizationApi.md#replacesignoutpagesettings) | **Put** /api/v1/brands/{brandId}/pages/sign-out/customized | Replace the Sign-out Page Settings
+*CustomizationApi* | [**ResetCustomizedErrorPage**](docs/CustomizationApi.md#resetcustomizederrorpage) | **Delete** /api/v1/brands/{brandId}/pages/error/customized | Reset the Customized Error Page
+*CustomizationApi* | [**ResetCustomizedSignInPage**](docs/CustomizationApi.md#resetcustomizedsigninpage) | **Delete** /api/v1/brands/{brandId}/pages/sign-in/customized | Reset the Customized Sign-in Page
+*CustomizationApi* | [**ResetPreviewErrorPage**](docs/CustomizationApi.md#resetpreviewerrorpage) | **Delete** /api/v1/brands/{brandId}/pages/error/preview | Reset the Preview Error Page
+*CustomizationApi* | [**ResetPreviewSignInPage**](docs/CustomizationApi.md#resetpreviewsigninpage) | **Delete** /api/v1/brands/{brandId}/pages/sign-in/preview | Reset the Preview Sign-in Page
+*CustomizationApi* | [**SendTestEmail**](docs/CustomizationApi.md#sendtestemail) | **Post** /api/v1/brands/{brandId}/templates/email/{templateName}/test | Send a Test Email
+*CustomizationApi* | [**UnlinkBrandDomain**](docs/CustomizationApi.md#unlinkbranddomain) | **Delete** /api/v1/brands/{brandId}/domains/{domainId} | Unlink a Brand from a Domain
+*CustomizationApi* | [**UploadBrandThemeBackgroundImage**](docs/CustomizationApi.md#uploadbrandthemebackgroundimage) | **Post** /api/v1/brands/{brandId}/themes/{themeId}/background-image | Upload the Background Image
+*CustomizationApi* | [**UploadBrandThemeFavicon**](docs/CustomizationApi.md#uploadbrandthemefavicon) | **Post** /api/v1/brands/{brandId}/themes/{themeId}/favicon | Upload the Favicon
+*CustomizationApi* | [**UploadBrandThemeLogo**](docs/CustomizationApi.md#uploadbrandthemelogo) | **Post** /api/v1/brands/{brandId}/themes/{themeId}/logo | Upload the Logo
+*DeviceApi* | [**ActivateDevice**](docs/DeviceApi.md#activatedevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/activate | Activate a Device
+*DeviceApi* | [**DeactivateDevice**](docs/DeviceApi.md#deactivatedevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/deactivate | Deactivate a Device
+*DeviceApi* | [**DeleteDevice**](docs/DeviceApi.md#deletedevice) | **Delete** /api/v1/devices/{deviceId} | Delete a Device
+*DeviceApi* | [**GetDevice**](docs/DeviceApi.md#getdevice) | **Get** /api/v1/devices/{deviceId} | Retrieve a Device
+*DeviceApi* | [**ListDevices**](docs/DeviceApi.md#listdevices) | **Get** /api/v1/devices | List all Devices
+*DeviceApi* | [**SuspendDevice**](docs/DeviceApi.md#suspenddevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/suspend | Suspend a Device
+*DeviceApi* | [**UnsuspendDevice**](docs/DeviceApi.md#unsuspenddevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/unsuspend | Unsuspend a Device
+*DeviceAssuranceApi* | [**CreateDeviceAssurancePolicy**](docs/DeviceAssuranceApi.md#createdeviceassurancepolicy) | **Post** /api/v1/device-assurances | Create a Device Assurance Policy
+*DeviceAssuranceApi* | [**DeleteDeviceAssurancePolicy**](docs/DeviceAssuranceApi.md#deletedeviceassurancepolicy) | **Delete** /api/v1/device-assurances/{deviceAssuranceId} | Delete a Device Assurance Policy
+*DeviceAssuranceApi* | [**GetDeviceAssurancePolicy**](docs/DeviceAssuranceApi.md#getdeviceassurancepolicy) | **Get** /api/v1/device-assurances/{deviceAssuranceId} | Retrieve a Device Assurance Policy
+*DeviceAssuranceApi* | [**ListDeviceAssurancePolicies**](docs/DeviceAssuranceApi.md#listdeviceassurancepolicies) | **Get** /api/v1/device-assurances | List all Device Assurance Policies
+*DeviceAssuranceApi* | [**ReplaceDeviceAssurancePolicy**](docs/DeviceAssuranceApi.md#replacedeviceassurancepolicy) | **Put** /api/v1/device-assurances/{deviceAssuranceId} | Replace a Device Assurance Policy
+*DomainApi* | [**CreateDomain**](docs/DomainApi.md#createdomain) | **Post** /api/v1/domains | Create a Domain
+*DomainApi* | [**DeleteDomain**](docs/DomainApi.md#deletedomain) | **Delete** /api/v1/domains/{domainId} | Delete a Domain
+*DomainApi* | [**GetDomain**](docs/DomainApi.md#getdomain) | **Get** /api/v1/domains/{domainId} | Retrieve a Domain
+*DomainApi* | [**ListDomains**](docs/DomainApi.md#listdomains) | **Get** /api/v1/domains | List all Domains
+*DomainApi* | [**ReplaceDomain**](docs/DomainApi.md#replacedomain) | **Put** /api/v1/domains/{domainId} | Replace a Domain's brandId
+*DomainApi* | [**UpsertCertificate**](docs/DomainApi.md#upsertcertificate) | **Put** /api/v1/domains/{domainId}/certificate | Upsert the Certificate
+*DomainApi* | [**VerifyDomain**](docs/DomainApi.md#verifydomain) | **Post** /api/v1/domains/{domainId}/verify | Verify a Domain
+*EmailDomainApi* | [**CreateEmailDomain**](docs/EmailDomainApi.md#createemaildomain) | **Post** /api/v1/email-domains | Create an Email Domain
+*EmailDomainApi* | [**DeleteEmailDomain**](docs/EmailDomainApi.md#deleteemaildomain) | **Delete** /api/v1/email-domains/{emailDomainId} | Delete an Email Domain
+*EmailDomainApi* | [**GetEmailDomain**](docs/EmailDomainApi.md#getemaildomain) | **Get** /api/v1/email-domains/{emailDomainId} | Retrieve an Email Domain
+*EmailDomainApi* | [**ListEmailDomains**](docs/EmailDomainApi.md#listemaildomains) | **Get** /api/v1/email-domains | List all Email Domains
+*EmailDomainApi* | [**ReplaceEmailDomain**](docs/EmailDomainApi.md#replaceemaildomain) | **Put** /api/v1/email-domains/{emailDomainId} | Replace an Email Domain
+*EmailDomainApi* | [**VerifyEmailDomain**](docs/EmailDomainApi.md#verifyemaildomain) | **Post** /api/v1/email-domains/{emailDomainId}/verify | Verify an Email Domain
+*EventHookApi* | [**ActivateEventHook**](docs/EventHookApi.md#activateeventhook) | **Post** /api/v1/eventHooks/{eventHookId}/lifecycle/activate | Activate an Event Hook
+*EventHookApi* | [**CreateEventHook**](docs/EventHookApi.md#createeventhook) | **Post** /api/v1/eventHooks | Create an Event Hook
+*EventHookApi* | [**DeactivateEventHook**](docs/EventHookApi.md#deactivateeventhook) | **Post** /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate | Deactivate an Event Hook
+*EventHookApi* | [**DeleteEventHook**](docs/EventHookApi.md#deleteeventhook) | **Delete** /api/v1/eventHooks/{eventHookId} | Delete an Event Hook
+*EventHookApi* | [**GetEventHook**](docs/EventHookApi.md#geteventhook) | **Get** /api/v1/eventHooks/{eventHookId} | Retrieve an Event Hook
+*EventHookApi* | [**ListEventHooks**](docs/EventHookApi.md#listeventhooks) | **Get** /api/v1/eventHooks | List all Event Hooks
+*EventHookApi* | [**ReplaceEventHook**](docs/EventHookApi.md#replaceeventhook) | **Put** /api/v1/eventHooks/{eventHookId} | Replace an Event Hook
+*EventHookApi* | [**VerifyEventHook**](docs/EventHookApi.md#verifyeventhook) | **Post** /api/v1/eventHooks/{eventHookId}/lifecycle/verify | Verify an Event Hook
+*FeatureApi* | [**GetFeature**](docs/FeatureApi.md#getfeature) | **Get** /api/v1/features/{featureId} | Retrieve a Feature
+*FeatureApi* | [**ListFeatureDependencies**](docs/FeatureApi.md#listfeaturedependencies) | **Get** /api/v1/features/{featureId}/dependencies | List all Dependencies
+*FeatureApi* | [**ListFeatureDependents**](docs/FeatureApi.md#listfeaturedependents) | **Get** /api/v1/features/{featureId}/dependents | List all Dependents
+*FeatureApi* | [**ListFeatures**](docs/FeatureApi.md#listfeatures) | **Get** /api/v1/features | List all Features
+*FeatureApi* | [**UpdateFeatureLifecycle**](docs/FeatureApi.md#updatefeaturelifecycle) | **Post** /api/v1/features/{featureId}/{lifecycle} | Update a Feature Lifecycle
+*GroupApi* | [**ActivateGroupRule**](docs/GroupApi.md#activategrouprule) | **Post** /api/v1/groups/rules/{ruleId}/lifecycle/activate | Activate a Group Rule
+*GroupApi* | [**AssignGroupOwner**](docs/GroupApi.md#assigngroupowner) | **Post** /api/v1/groups/{groupId}/owners | Assign a Group Owner
+*GroupApi* | [**AssignUserToGroup**](docs/GroupApi.md#assignusertogroup) | **Put** /api/v1/groups/{groupId}/users/{userId} | Assign a User
+*GroupApi* | [**CreateGroup**](docs/GroupApi.md#creategroup) | **Post** /api/v1/groups | Create a Group
+*GroupApi* | [**CreateGroupRule**](docs/GroupApi.md#creategrouprule) | **Post** /api/v1/groups/rules | Create a Group Rule
+*GroupApi* | [**DeactivateGroupRule**](docs/GroupApi.md#deactivategrouprule) | **Post** /api/v1/groups/rules/{ruleId}/lifecycle/deactivate | Deactivate a Group Rule
+*GroupApi* | [**DeleteGroup**](docs/GroupApi.md#deletegroup) | **Delete** /api/v1/groups/{groupId} | Delete a Group
+*GroupApi* | [**DeleteGroupOwner**](docs/GroupApi.md#deletegroupowner) | **Delete** /api/v1/groups/{groupId}/owners/{ownerId} | Delete a Group Owner
+*GroupApi* | [**DeleteGroupRule**](docs/GroupApi.md#deletegrouprule) | **Delete** /api/v1/groups/rules/{ruleId} | Delete a group Rule
+*GroupApi* | [**GetGroup**](docs/GroupApi.md#getgroup) | **Get** /api/v1/groups/{groupId} | Retrieve a Group
+*GroupApi* | [**GetGroupRule**](docs/GroupApi.md#getgrouprule) | **Get** /api/v1/groups/rules/{ruleId} | Retrieve a Group Rule
+*GroupApi* | [**ListAssignedApplicationsForGroup**](docs/GroupApi.md#listassignedapplicationsforgroup) | **Get** /api/v1/groups/{groupId}/apps | List all Assigned Applications
+*GroupApi* | [**ListGroupOwners**](docs/GroupApi.md#listgroupowners) | **Get** /api/v1/groups/{groupId}/owners | List all Group Owners
+*GroupApi* | [**ListGroupRules**](docs/GroupApi.md#listgrouprules) | **Get** /api/v1/groups/rules | List all Group Rules
+*GroupApi* | [**ListGroupUsers**](docs/GroupApi.md#listgroupusers) | **Get** /api/v1/groups/{groupId}/users | List all Member Users
+*GroupApi* | [**ListGroups**](docs/GroupApi.md#listgroups) | **Get** /api/v1/groups | List all Groups
+*GroupApi* | [**ReplaceGroup**](docs/GroupApi.md#replacegroup) | **Put** /api/v1/groups/{groupId} | Replace a Group
+*GroupApi* | [**ReplaceGroupRule**](docs/GroupApi.md#replacegrouprule) | **Put** /api/v1/groups/rules/{ruleId} | Replace a Group Rule
+*GroupApi* | [**UnassignUserFromGroup**](docs/GroupApi.md#unassignuserfromgroup) | **Delete** /api/v1/groups/{groupId}/users/{userId} | Unassign a User
+*HookKeyApi* | [**CreateHookKey**](docs/HookKeyApi.md#createhookkey) | **Post** /api/v1/hook-keys | Create a key
+*HookKeyApi* | [**DeleteHookKey**](docs/HookKeyApi.md#deletehookkey) | **Delete** /api/v1/hook-keys/{hookKeyId} | Delete a key
+*HookKeyApi* | [**GetHookKey**](docs/HookKeyApi.md#gethookkey) | **Get** /api/v1/hook-keys/{hookKeyId} | Retrieve a key
+*HookKeyApi* | [**GetPublicKey**](docs/HookKeyApi.md#getpublickey) | **Get** /api/v1/hook-keys/public/{keyId} | Retrieve a public key
+*HookKeyApi* | [**ListHookKeys**](docs/HookKeyApi.md#listhookkeys) | **Get** /api/v1/hook-keys | List all keys
+*HookKeyApi* | [**ReplaceHookKey**](docs/HookKeyApi.md#replacehookkey) | **Put** /api/v1/hook-keys/{hookKeyId} | Replace a key
+*IdentityProviderApi* | [**ActivateIdentityProvider**](docs/IdentityProviderApi.md#activateidentityprovider) | **Post** /api/v1/idps/{idpId}/lifecycle/activate | Activate an Identity Provider
+*IdentityProviderApi* | [**CloneIdentityProviderKey**](docs/IdentityProviderApi.md#cloneidentityproviderkey) | **Post** /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone | Clone a Signing Credential Key
+*IdentityProviderApi* | [**CreateIdentityProvider**](docs/IdentityProviderApi.md#createidentityprovider) | **Post** /api/v1/idps | Create an Identity Provider
+*IdentityProviderApi* | [**CreateIdentityProviderKey**](docs/IdentityProviderApi.md#createidentityproviderkey) | **Post** /api/v1/idps/credentials/keys | Create an X.509 Certificate Public Key
+*IdentityProviderApi* | [**DeactivateIdentityProvider**](docs/IdentityProviderApi.md#deactivateidentityprovider) | **Post** /api/v1/idps/{idpId}/lifecycle/deactivate | Deactivate an Identity Provider
+*IdentityProviderApi* | [**DeleteIdentityProvider**](docs/IdentityProviderApi.md#deleteidentityprovider) | **Delete** /api/v1/idps/{idpId} | Delete an Identity Provider
+*IdentityProviderApi* | [**DeleteIdentityProviderKey**](docs/IdentityProviderApi.md#deleteidentityproviderkey) | **Delete** /api/v1/idps/credentials/keys/{keyId} | Delete a Signing Credential Key
+*IdentityProviderApi* | [**GenerateCsrForIdentityProvider**](docs/IdentityProviderApi.md#generatecsrforidentityprovider) | **Post** /api/v1/idps/{idpId}/credentials/csrs | Generate a Certificate Signing Request
+*IdentityProviderApi* | [**GenerateIdentityProviderSigningKey**](docs/IdentityProviderApi.md#generateidentityprovidersigningkey) | **Post** /api/v1/idps/{idpId}/credentials/keys/generate | Generate a new Signing Credential Key
+*IdentityProviderApi* | [**GetCsrForIdentityProvider**](docs/IdentityProviderApi.md#getcsrforidentityprovider) | **Get** /api/v1/idps/{idpId}/credentials/csrs/{csrId} | Retrieve a Certificate Signing Request
+*IdentityProviderApi* | [**GetIdentityProvider**](docs/IdentityProviderApi.md#getidentityprovider) | **Get** /api/v1/idps/{idpId} | Retrieve an Identity Provider
+*IdentityProviderApi* | [**GetIdentityProviderApplicationUser**](docs/IdentityProviderApi.md#getidentityproviderapplicationuser) | **Get** /api/v1/idps/{idpId}/users/{userId} | Retrieve a User
+*IdentityProviderApi* | [**GetIdentityProviderKey**](docs/IdentityProviderApi.md#getidentityproviderkey) | **Get** /api/v1/idps/credentials/keys/{keyId} | Retrieve an Credential Key
+*IdentityProviderApi* | [**GetIdentityProviderSigningKey**](docs/IdentityProviderApi.md#getidentityprovidersigningkey) | **Get** /api/v1/idps/{idpId}/credentials/keys/{keyId} | Retrieve a Signing Credential Key
+*IdentityProviderApi* | [**LinkUserToIdentityProvider**](docs/IdentityProviderApi.md#linkusertoidentityprovider) | **Post** /api/v1/idps/{idpId}/users/{userId} | Link a User to a Social IdP
+*IdentityProviderApi* | [**ListCsrsForIdentityProvider**](docs/IdentityProviderApi.md#listcsrsforidentityprovider) | **Get** /api/v1/idps/{idpId}/credentials/csrs | List all Certificate Signing Requests
+*IdentityProviderApi* | [**ListIdentityProviderApplicationUsers**](docs/IdentityProviderApi.md#listidentityproviderapplicationusers) | **Get** /api/v1/idps/{idpId}/users | List all Users
+*IdentityProviderApi* | [**ListIdentityProviderKeys**](docs/IdentityProviderApi.md#listidentityproviderkeys) | **Get** /api/v1/idps/credentials/keys | List all Credential Keys
+*IdentityProviderApi* | [**ListIdentityProviderSigningKeys**](docs/IdentityProviderApi.md#listidentityprovidersigningkeys) | **Get** /api/v1/idps/{idpId}/credentials/keys | List all Signing Credential Keys
+*IdentityProviderApi* | [**ListIdentityProviders**](docs/IdentityProviderApi.md#listidentityproviders) | **Get** /api/v1/idps | List all Identity Providers
+*IdentityProviderApi* | [**ListSocialAuthTokens**](docs/IdentityProviderApi.md#listsocialauthtokens) | **Get** /api/v1/idps/{idpId}/users/{userId}/credentials/tokens | List all Tokens from a OIDC Identity Provider
+*IdentityProviderApi* | [**PublishCsrForIdentityProvider**](docs/IdentityProviderApi.md#publishcsrforidentityprovider) | **Post** /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish | Publish a Certificate Signing Request
+*IdentityProviderApi* | [**ReplaceIdentityProvider**](docs/IdentityProviderApi.md#replaceidentityprovider) | **Put** /api/v1/idps/{idpId} | Replace an Identity Provider
+*IdentityProviderApi* | [**RevokeCsrForIdentityProvider**](docs/IdentityProviderApi.md#revokecsrforidentityprovider) | **Delete** /api/v1/idps/{idpId}/credentials/csrs/{csrId} | Revoke a Certificate Signing Request
+*IdentityProviderApi* | [**UnlinkUserFromIdentityProvider**](docs/IdentityProviderApi.md#unlinkuserfromidentityprovider) | **Delete** /api/v1/idps/{idpId}/users/{userId} | Unlink a User from IdP
+*IdentitySourceApi* | [**CreateIdentitySourceSession**](docs/IdentitySourceApi.md#createidentitysourcesession) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions | Create an Identity Source Session
+*IdentitySourceApi* | [**DeleteIdentitySourceSession**](docs/IdentitySourceApi.md#deleteidentitysourcesession) | **Delete** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId} | Delete an Identity Source Session
+*IdentitySourceApi* | [**GetIdentitySourceSession**](docs/IdentitySourceApi.md#getidentitysourcesession) | **Get** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId} | Retrieve an Identity Source Session
+*IdentitySourceApi* | [**ListIdentitySourceSessions**](docs/IdentitySourceApi.md#listidentitysourcesessions) | **Get** /api/v1/identity-sources/{identitySourceId}/sessions | List all Identity Source Sessions
+*IdentitySourceApi* | [**StartImportFromIdentitySource**](docs/IdentitySourceApi.md#startimportfromidentitysource) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import | Start the import from the Identity Source
+*IdentitySourceApi* | [**UploadIdentitySourceDataForDelete**](docs/IdentitySourceApi.md#uploadidentitysourcedatafordelete) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete | Upload the data to be deleted in Okta
+*IdentitySourceApi* | [**UploadIdentitySourceDataForUpsert**](docs/IdentitySourceApi.md#uploadidentitysourcedataforupsert) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert | Upload the data to be upserted in Okta
+*InlineHookApi* | [**ActivateInlineHook**](docs/InlineHookApi.md#activateinlinehook) | **Post** /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate | Activate an Inline Hook
+*InlineHookApi* | [**CreateInlineHook**](docs/InlineHookApi.md#createinlinehook) | **Post** /api/v1/inlineHooks | Create an Inline Hook
+*InlineHookApi* | [**DeactivateInlineHook**](docs/InlineHookApi.md#deactivateinlinehook) | **Post** /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate | Deactivate an Inline Hook
+*InlineHookApi* | [**DeleteInlineHook**](docs/InlineHookApi.md#deleteinlinehook) | **Delete** /api/v1/inlineHooks/{inlineHookId} | Delete an Inline Hook
+*InlineHookApi* | [**ExecuteInlineHook**](docs/InlineHookApi.md#executeinlinehook) | **Post** /api/v1/inlineHooks/{inlineHookId}/execute | Execute an Inline Hook
+*InlineHookApi* | [**GetInlineHook**](docs/InlineHookApi.md#getinlinehook) | **Get** /api/v1/inlineHooks/{inlineHookId} | Retrieve an Inline Hook
+*InlineHookApi* | [**ListInlineHooks**](docs/InlineHookApi.md#listinlinehooks) | **Get** /api/v1/inlineHooks | List all Inline Hooks
+*InlineHookApi* | [**ReplaceInlineHook**](docs/InlineHookApi.md#replaceinlinehook) | **Put** /api/v1/inlineHooks/{inlineHookId} | Replace an Inline Hook
+*LinkedObjectApi* | [**CreateLinkedObjectDefinition**](docs/LinkedObjectApi.md#createlinkedobjectdefinition) | **Post** /api/v1/meta/schemas/user/linkedObjects | Create a Linked Object Definition
+*LinkedObjectApi* | [**DeleteLinkedObjectDefinition**](docs/LinkedObjectApi.md#deletelinkedobjectdefinition) | **Delete** /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName} | Delete a Linked Object Definition
+*LinkedObjectApi* | [**GetLinkedObjectDefinition**](docs/LinkedObjectApi.md#getlinkedobjectdefinition) | **Get** /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName} | Retrieve a Linked Object Definition
+*LinkedObjectApi* | [**ListLinkedObjectDefinitions**](docs/LinkedObjectApi.md#listlinkedobjectdefinitions) | **Get** /api/v1/meta/schemas/user/linkedObjects | List all Linked Object Definitions
+*LogStreamApi* | [**ActivateLogStream**](docs/LogStreamApi.md#activatelogstream) | **Post** /api/v1/logStreams/{logStreamId}/lifecycle/activate | Activate a Log Stream
+*LogStreamApi* | [**CreateLogStream**](docs/LogStreamApi.md#createlogstream) | **Post** /api/v1/logStreams | Create a Log Stream
+*LogStreamApi* | [**DeactivateLogStream**](docs/LogStreamApi.md#deactivatelogstream) | **Post** /api/v1/logStreams/{logStreamId}/lifecycle/deactivate | Deactivate a Log Stream
+*LogStreamApi* | [**DeleteLogStream**](docs/LogStreamApi.md#deletelogstream) | **Delete** /api/v1/logStreams/{logStreamId} | Delete a Log Stream
+*LogStreamApi* | [**GetLogStream**](docs/LogStreamApi.md#getlogstream) | **Get** /api/v1/logStreams/{logStreamId} | Retrieve a Log Stream
+*LogStreamApi* | [**ListLogStreams**](docs/LogStreamApi.md#listlogstreams) | **Get** /api/v1/logStreams | List all Log Streams
+*LogStreamApi* | [**ReplaceLogStream**](docs/LogStreamApi.md#replacelogstream) | **Put** /api/v1/logStreams/{logStreamId} | Replace a Log Stream
+*NetworkZoneApi* | [**ActivateNetworkZone**](docs/NetworkZoneApi.md#activatenetworkzone) | **Post** /api/v1/zones/{zoneId}/lifecycle/activate | Activate a Network Zone
+*NetworkZoneApi* | [**CreateNetworkZone**](docs/NetworkZoneApi.md#createnetworkzone) | **Post** /api/v1/zones | Create a Network Zone
+*NetworkZoneApi* | [**DeactivateNetworkZone**](docs/NetworkZoneApi.md#deactivatenetworkzone) | **Post** /api/v1/zones/{zoneId}/lifecycle/deactivate | Deactivate a Network Zone
+*NetworkZoneApi* | [**DeleteNetworkZone**](docs/NetworkZoneApi.md#deletenetworkzone) | **Delete** /api/v1/zones/{zoneId} | Delete a Network Zone
+*NetworkZoneApi* | [**GetNetworkZone**](docs/NetworkZoneApi.md#getnetworkzone) | **Get** /api/v1/zones/{zoneId} | Retrieve a Network Zone
+*NetworkZoneApi* | [**ListNetworkZones**](docs/NetworkZoneApi.md#listnetworkzones) | **Get** /api/v1/zones | List all Network Zones
+*NetworkZoneApi* | [**ReplaceNetworkZone**](docs/NetworkZoneApi.md#replacenetworkzone) | **Put** /api/v1/zones/{zoneId} | Replace a Network Zone
+*OrgSettingApi* | [**BulkRemoveEmailAddressBounces**](docs/OrgSettingApi.md#bulkremoveemailaddressbounces) | **Post** /api/v1/org/email/bounces/remove-list | Remove Emails from Email Provider Bounce List
+*OrgSettingApi* | [**ExtendOktaSupport**](docs/OrgSettingApi.md#extendoktasupport) | **Post** /api/v1/org/privacy/oktaSupport/extend | Extend Okta Support Access
+*OrgSettingApi* | [**GetOktaCommunicationSettings**](docs/OrgSettingApi.md#getoktacommunicationsettings) | **Get** /api/v1/org/privacy/oktaCommunication | Retrieve the Okta Communication Settings
+*OrgSettingApi* | [**GetOrgContactTypes**](docs/OrgSettingApi.md#getorgcontacttypes) | **Get** /api/v1/org/contacts | Retrieve the Org Contact Types
+*OrgSettingApi* | [**GetOrgContactUser**](docs/OrgSettingApi.md#getorgcontactuser) | **Get** /api/v1/org/contacts/{contactType} | Retrieve the User of the Contact Type
+*OrgSettingApi* | [**GetOrgOktaSupportSettings**](docs/OrgSettingApi.md#getorgoktasupportsettings) | **Get** /api/v1/org/privacy/oktaSupport | Retrieve the Okta Support Settings
+*OrgSettingApi* | [**GetOrgPreferences**](docs/OrgSettingApi.md#getorgpreferences) | **Get** /api/v1/org/preferences | Retrieve the Org Preferences
+*OrgSettingApi* | [**GetOrgSettings**](docs/OrgSettingApi.md#getorgsettings) | **Get** /api/v1/org | Retrieve the Org Settings
+*OrgSettingApi* | [**GetWellknownOrgMetadata**](docs/OrgSettingApi.md#getwellknownorgmetadata) | **Get** /.well-known/okta-organization | Retrieve the Well-Known Org Metadata
+*OrgSettingApi* | [**GrantOktaSupport**](docs/OrgSettingApi.md#grantoktasupport) | **Post** /api/v1/org/privacy/oktaSupport/grant | Grant Okta Support Access to your Org
+*OrgSettingApi* | [**OptInUsersToOktaCommunicationEmails**](docs/OrgSettingApi.md#optinuserstooktacommunicationemails) | **Post** /api/v1/org/privacy/oktaCommunication/optIn | Opt in all Users to Okta Communication emails
+*OrgSettingApi* | [**OptOutUsersFromOktaCommunicationEmails**](docs/OrgSettingApi.md#optoutusersfromoktacommunicationemails) | **Post** /api/v1/org/privacy/oktaCommunication/optOut | Opt out all Users from Okta Communication emails
+*OrgSettingApi* | [**ReplaceOrgContactUser**](docs/OrgSettingApi.md#replaceorgcontactuser) | **Put** /api/v1/org/contacts/{contactType} | Replace the User of the Contact Type
+*OrgSettingApi* | [**ReplaceOrgSettings**](docs/OrgSettingApi.md#replaceorgsettings) | **Put** /api/v1/org | Replace the Org Settings
+*OrgSettingApi* | [**RevokeOktaSupport**](docs/OrgSettingApi.md#revokeoktasupport) | **Post** /api/v1/org/privacy/oktaSupport/revoke | Revoke Okta Support Access
+*OrgSettingApi* | [**UpdateOrgHideOktaUIFooter**](docs/OrgSettingApi.md#updateorghideoktauifooter) | **Post** /api/v1/org/preferences/hideEndUserFooter | Update the Preference to Hide the Okta Dashboard Footer
+*OrgSettingApi* | [**UpdateOrgSettings**](docs/OrgSettingApi.md#updateorgsettings) | **Post** /api/v1/org | Update the Org Settings
+*OrgSettingApi* | [**UpdateOrgShowOktaUIFooter**](docs/OrgSettingApi.md#updateorgshowoktauifooter) | **Post** /api/v1/org/preferences/showEndUserFooter | Update the Preference to Show the Okta Dashboard Footer
+*OrgSettingApi* | [**UploadOrgLogo**](docs/OrgSettingApi.md#uploadorglogo) | **Post** /api/v1/org/logo | Upload the Org Logo
+*PolicyApi* | [**ActivatePolicy**](docs/PolicyApi.md#activatepolicy) | **Post** /api/v1/policies/{policyId}/lifecycle/activate | Activate a Policy
+*PolicyApi* | [**ActivatePolicyRule**](docs/PolicyApi.md#activatepolicyrule) | **Post** /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate | Activate a Policy Rule
+*PolicyApi* | [**ClonePolicy**](docs/PolicyApi.md#clonepolicy) | **Post** /api/v1/policies/{policyId}/clone | Clone an existing policy
+*PolicyApi* | [**CreatePolicy**](docs/PolicyApi.md#createpolicy) | **Post** /api/v1/policies | Create a Policy
+*PolicyApi* | [**CreatePolicyRule**](docs/PolicyApi.md#createpolicyrule) | **Post** /api/v1/policies/{policyId}/rules | Create a Policy Rule
+*PolicyApi* | [**DeactivatePolicy**](docs/PolicyApi.md#deactivatepolicy) | **Post** /api/v1/policies/{policyId}/lifecycle/deactivate | Deactivate a Policy
+*PolicyApi* | [**DeactivatePolicyRule**](docs/PolicyApi.md#deactivatepolicyrule) | **Post** /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate | Deactivate a Policy Rule
+*PolicyApi* | [**DeletePolicy**](docs/PolicyApi.md#deletepolicy) | **Delete** /api/v1/policies/{policyId} | Delete a Policy
+*PolicyApi* | [**DeletePolicyRule**](docs/PolicyApi.md#deletepolicyrule) | **Delete** /api/v1/policies/{policyId}/rules/{ruleId} | Delete a Policy Rule
+*PolicyApi* | [**GetPolicy**](docs/PolicyApi.md#getpolicy) | **Get** /api/v1/policies/{policyId} | Retrieve a Policy
+*PolicyApi* | [**GetPolicyRule**](docs/PolicyApi.md#getpolicyrule) | **Get** /api/v1/policies/{policyId}/rules/{ruleId} | Retrieve a Policy Rule
+*PolicyApi* | [**ListPolicies**](docs/PolicyApi.md#listpolicies) | **Get** /api/v1/policies | List all Policies
+*PolicyApi* | [**ListPolicyRules**](docs/PolicyApi.md#listpolicyrules) | **Get** /api/v1/policies/{policyId}/rules | List all Policy Rules
+*PolicyApi* | [**ReplacePolicy**](docs/PolicyApi.md#replacepolicy) | **Put** /api/v1/policies/{policyId} | Replace a Policy
+*PolicyApi* | [**ReplacePolicyRule**](docs/PolicyApi.md#replacepolicyrule) | **Put** /api/v1/policies/{policyId}/rules/{ruleId} | Replace a Policy Rule
+*PrincipalRateLimitApi* | [**CreatePrincipalRateLimitEntity**](docs/PrincipalRateLimitApi.md#createprincipalratelimitentity) | **Post** /api/v1/principal-rate-limits | Create a Principal Rate Limit
+*PrincipalRateLimitApi* | [**GetPrincipalRateLimitEntity**](docs/PrincipalRateLimitApi.md#getprincipalratelimitentity) | **Get** /api/v1/principal-rate-limits/{principalRateLimitId} | Retrieve a Principal Rate Limit
+*PrincipalRateLimitApi* | [**ListPrincipalRateLimitEntities**](docs/PrincipalRateLimitApi.md#listprincipalratelimitentities) | **Get** /api/v1/principal-rate-limits | List all Principal Rate Limits
+*PrincipalRateLimitApi* | [**ReplacePrincipalRateLimitEntity**](docs/PrincipalRateLimitApi.md#replaceprincipalratelimitentity) | **Put** /api/v1/principal-rate-limits/{principalRateLimitId} | Replace a Principal Rate Limit
+*ProfileMappingApi* | [**GetProfileMapping**](docs/ProfileMappingApi.md#getprofilemapping) | **Get** /api/v1/mappings/{mappingId} | Retrieve a Profile Mapping
+*ProfileMappingApi* | [**ListProfileMappings**](docs/ProfileMappingApi.md#listprofilemappings) | **Get** /api/v1/mappings | List all Profile Mappings
+*ProfileMappingApi* | [**UpdateProfileMapping**](docs/ProfileMappingApi.md#updateprofilemapping) | **Post** /api/v1/mappings/{mappingId} | Update a Profile Mapping
+*PushProviderApi* | [**CreatePushProvider**](docs/PushProviderApi.md#createpushprovider) | **Post** /api/v1/push-providers | Create a Push Provider
+*PushProviderApi* | [**DeletePushProvider**](docs/PushProviderApi.md#deletepushprovider) | **Delete** /api/v1/push-providers/{pushProviderId} | Delete a Push Provider
+*PushProviderApi* | [**GetPushProvider**](docs/PushProviderApi.md#getpushprovider) | **Get** /api/v1/push-providers/{pushProviderId} | Retrieve a Push Provider
+*PushProviderApi* | [**ListPushProviders**](docs/PushProviderApi.md#listpushproviders) | **Get** /api/v1/push-providers | List all Push Providers
+*PushProviderApi* | [**ReplacePushProvider**](docs/PushProviderApi.md#replacepushprovider) | **Put** /api/v1/push-providers/{pushProviderId} | Replace a Push Provider
+*RateLimitSettingsApi* | [**GetRateLimitSettingsAdminNotifications**](docs/RateLimitSettingsApi.md#getratelimitsettingsadminnotifications) | **Get** /api/v1/rate-limit-settings/admin-notifications | Retrieve the Rate Limit Admin Notification Settings
+*RateLimitSettingsApi* | [**GetRateLimitSettingsPerClient**](docs/RateLimitSettingsApi.md#getratelimitsettingsperclient) | **Get** /api/v1/rate-limit-settings/per-client | Retrieve the Per-Client Rate Limit Settings
+*RateLimitSettingsApi* | [**ReplaceRateLimitSettingsAdminNotifications**](docs/RateLimitSettingsApi.md#replaceratelimitsettingsadminnotifications) | **Put** /api/v1/rate-limit-settings/admin-notifications | Replace the Rate Limit Admin Notification Settings
+*RateLimitSettingsApi* | [**ReplaceRateLimitSettingsPerClient**](docs/RateLimitSettingsApi.md#replaceratelimitsettingsperclient) | **Put** /api/v1/rate-limit-settings/per-client | Replace the Per-Client Rate Limit Settings
+*ResourceSetApi* | [**AddMembersToBinding**](docs/ResourceSetApi.md#addmemberstobinding) | **Patch** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members | Add more Members to a binding
+*ResourceSetApi* | [**AddResourceSetResource**](docs/ResourceSetApi.md#addresourcesetresource) | **Patch** /api/v1/iam/resource-sets/{resourceSetId}/resources | Add more Resource to a resource set
+*ResourceSetApi* | [**CreateResourceSet**](docs/ResourceSetApi.md#createresourceset) | **Post** /api/v1/iam/resource-sets | Create a Resource Set
+*ResourceSetApi* | [**CreateResourceSetBinding**](docs/ResourceSetApi.md#createresourcesetbinding) | **Post** /api/v1/iam/resource-sets/{resourceSetId}/bindings | Create a Resource Set Binding
+*ResourceSetApi* | [**DeleteBinding**](docs/ResourceSetApi.md#deletebinding) | **Delete** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel} | Delete a Binding
+*ResourceSetApi* | [**DeleteResourceSet**](docs/ResourceSetApi.md#deleteresourceset) | **Delete** /api/v1/iam/resource-sets/{resourceSetId} | Delete a Resource Set
+*ResourceSetApi* | [**DeleteResourceSetResource**](docs/ResourceSetApi.md#deleteresourcesetresource) | **Delete** /api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId} | Delete a Resource from a resource set
+*ResourceSetApi* | [**GetBinding**](docs/ResourceSetApi.md#getbinding) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel} | Retrieve a Binding
+*ResourceSetApi* | [**GetMemberOfBinding**](docs/ResourceSetApi.md#getmemberofbinding) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId} | Retrieve a Member of a binding
+*ResourceSetApi* | [**GetResourceSet**](docs/ResourceSetApi.md#getresourceset) | **Get** /api/v1/iam/resource-sets/{resourceSetId} | Retrieve a Resource Set
+*ResourceSetApi* | [**ListBindings**](docs/ResourceSetApi.md#listbindings) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings | List all Bindings
+*ResourceSetApi* | [**ListMembersOfBinding**](docs/ResourceSetApi.md#listmembersofbinding) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members | List all Members of a binding
+*ResourceSetApi* | [**ListResourceSetResources**](docs/ResourceSetApi.md#listresourcesetresources) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/resources | List all Resources of a resource set
+*ResourceSetApi* | [**ListResourceSets**](docs/ResourceSetApi.md#listresourcesets) | **Get** /api/v1/iam/resource-sets | List all Resource Sets
+*ResourceSetApi* | [**ReplaceResourceSet**](docs/ResourceSetApi.md#replaceresourceset) | **Put** /api/v1/iam/resource-sets/{resourceSetId} | Replace a Resource Set
+*ResourceSetApi* | [**UnassignMemberFromBinding**](docs/ResourceSetApi.md#unassignmemberfrombinding) | **Delete** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId} | Unassign a Member from a binding
+*RiskEventApi* | [**SendRiskEvents**](docs/RiskEventApi.md#sendriskevents) | **Post** /api/v1/risk/events/ip | Send multiple Risk Events
+*RiskProviderApi* | [**CreateRiskProvider**](docs/RiskProviderApi.md#createriskprovider) | **Post** /api/v1/risk/providers | Create a Risk Provider
+*RiskProviderApi* | [**DeleteRiskProvider**](docs/RiskProviderApi.md#deleteriskprovider) | **Delete** /api/v1/risk/providers/{riskProviderId} | Delete a Risk Provider
+*RiskProviderApi* | [**GetRiskProvider**](docs/RiskProviderApi.md#getriskprovider) | **Get** /api/v1/risk/providers/{riskProviderId} | Retrieve a Risk Provider
+*RiskProviderApi* | [**ListRiskProviders**](docs/RiskProviderApi.md#listriskproviders) | **Get** /api/v1/risk/providers | List all Risk Providers
+*RiskProviderApi* | [**ReplaceRiskProvider**](docs/RiskProviderApi.md#replaceriskprovider) | **Put** /api/v1/risk/providers/{riskProviderId} | Replace a Risk Provider
+*RoleApi* | [**CreateRole**](docs/RoleApi.md#createrole) | **Post** /api/v1/iam/roles | Create a Role
+*RoleApi* | [**CreateRolePermission**](docs/RoleApi.md#createrolepermission) | **Post** /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType} | Create a Permission
+*RoleApi* | [**DeleteRole**](docs/RoleApi.md#deleterole) | **Delete** /api/v1/iam/roles/{roleIdOrLabel} | Delete a Role
+*RoleApi* | [**DeleteRolePermission**](docs/RoleApi.md#deleterolepermission) | **Delete** /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType} | Delete a Permission
+*RoleApi* | [**GetRole**](docs/RoleApi.md#getrole) | **Get** /api/v1/iam/roles/{roleIdOrLabel} | Retrieve a Role
+*RoleApi* | [**GetRolePermission**](docs/RoleApi.md#getrolepermission) | **Get** /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType} | Retrieve a Permission
+*RoleApi* | [**ListRolePermissions**](docs/RoleApi.md#listrolepermissions) | **Get** /api/v1/iam/roles/{roleIdOrLabel}/permissions | List all Permissions
+*RoleApi* | [**ListRoles**](docs/RoleApi.md#listroles) | **Get** /api/v1/iam/roles | List all Roles
+*RoleApi* | [**ReplaceRole**](docs/RoleApi.md#replacerole) | **Put** /api/v1/iam/roles/{roleIdOrLabel} | Replace a Role
+*RoleAssignmentApi* | [**AssignRoleToGroup**](docs/RoleAssignmentApi.md#assignroletogroup) | **Post** /api/v1/groups/{groupId}/roles | Assign a Role to a Group
+*RoleAssignmentApi* | [**AssignRoleToUser**](docs/RoleAssignmentApi.md#assignroletouser) | **Post** /api/v1/users/{userId}/roles | Assign a Role to a User
+*RoleAssignmentApi* | [**GetGroupAssignedRole**](docs/RoleAssignmentApi.md#getgroupassignedrole) | **Get** /api/v1/groups/{groupId}/roles/{roleId} | Retrieve a Role assigned to Group
+*RoleAssignmentApi* | [**GetUserAssignedRole**](docs/RoleAssignmentApi.md#getuserassignedrole) | **Get** /api/v1/users/{userId}/roles/{roleId} | Retrieve a Role assigned to a User
+*RoleAssignmentApi* | [**ListAssignedRolesForUser**](docs/RoleAssignmentApi.md#listassignedrolesforuser) | **Get** /api/v1/users/{userId}/roles | List all Roles assigned to a User
+*RoleAssignmentApi* | [**ListGroupAssignedRoles**](docs/RoleAssignmentApi.md#listgroupassignedroles) | **Get** /api/v1/groups/{groupId}/roles | List all Assigned Roles of Group
+*RoleAssignmentApi* | [**UnassignRoleFromGroup**](docs/RoleAssignmentApi.md#unassignrolefromgroup) | **Delete** /api/v1/groups/{groupId}/roles/{roleId} | Unassign a Role from a Group
+*RoleAssignmentApi* | [**UnassignRoleFromUser**](docs/RoleAssignmentApi.md#unassignrolefromuser) | **Delete** /api/v1/users/{userId}/roles/{roleId} | Unassign a Role from a User
+*RoleTargetApi* | [**AssignAllAppsAsTargetToRoleForUser**](docs/RoleTargetApi.md#assignallappsastargettoroleforuser) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps | Assign all Apps as Target to Role
+*RoleTargetApi* | [**AssignAppInstanceTargetToAppAdminRoleForGroup**](docs/RoleTargetApi.md#assignappinstancetargettoappadminroleforgroup) | **Put** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Assign an Application Instance Target to Application Administrator Role
+*RoleTargetApi* | [**AssignAppInstanceTargetToAppAdminRoleForUser**](docs/RoleTargetApi.md#assignappinstancetargettoappadminroleforuser) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Assign an Application Instance Target to an Application Administrator Role
+*RoleTargetApi* | [**AssignAppTargetToAdminRoleForGroup**](docs/RoleTargetApi.md#assignapptargettoadminroleforgroup) | **Put** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName} | Assign an Application Target to Administrator Role
+*RoleTargetApi* | [**AssignAppTargetToAdminRoleForUser**](docs/RoleTargetApi.md#assignapptargettoadminroleforuser) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName} | Assign an Application Target to Administrator Role
+*RoleTargetApi* | [**AssignGroupTargetToGroupAdminRole**](docs/RoleTargetApi.md#assigngrouptargettogroupadminrole) | **Put** /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId} | Assign a Group Target to a Group Role
+*RoleTargetApi* | [**AssignGroupTargetToUserRole**](docs/RoleTargetApi.md#assigngrouptargettouserrole) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId} | Assign a Group Target to Role
+*RoleTargetApi* | [**ListApplicationTargetsForApplicationAdministratorRoleForGroup**](docs/RoleTargetApi.md#listapplicationtargetsforapplicationadministratorroleforgroup) | **Get** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps | List all Application Targets for an Application Administrator Role
+*RoleTargetApi* | [**ListApplicationTargetsForApplicationAdministratorRoleForUser**](docs/RoleTargetApi.md#listapplicationtargetsforapplicationadministratorroleforuser) | **Get** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps | List all Application Targets for Application Administrator Role
+*RoleTargetApi* | [**ListGroupTargetsForGroupRole**](docs/RoleTargetApi.md#listgrouptargetsforgrouprole) | **Get** /api/v1/groups/{groupId}/roles/{roleId}/targets/groups | List all Group Targets for a Group Role
+*RoleTargetApi* | [**ListGroupTargetsForRole**](docs/RoleTargetApi.md#listgrouptargetsforrole) | **Get** /api/v1/users/{userId}/roles/{roleId}/targets/groups | List all Group Targets for Role
+*RoleTargetApi* | [**UnassignAppInstanceTargetFromAdminRoleForUser**](docs/RoleTargetApi.md#unassignappinstancetargetfromadminroleforuser) | **Delete** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Unassign an Application Instance Target from an Application Administrator Role
+*RoleTargetApi* | [**UnassignAppInstanceTargetToAppAdminRoleForGroup**](docs/RoleTargetApi.md#unassignappinstancetargettoappadminroleforgroup) | **Delete** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Unassign an Application Instance Target from an Application Administrator Role
+*RoleTargetApi* | [**UnassignAppTargetFromAppAdminRoleForUser**](docs/RoleTargetApi.md#unassignapptargetfromappadminroleforuser) | **Delete** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName} | Unassign an Application Target from an Application Administrator Role
+*RoleTargetApi* | [**UnassignAppTargetToAdminRoleForGroup**](docs/RoleTargetApi.md#unassignapptargettoadminroleforgroup) | **Delete** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName} | Unassign an Application Target from Application Administrator Role
+*RoleTargetApi* | [**UnassignGroupTargetFromGroupAdminRole**](docs/RoleTargetApi.md#unassigngrouptargetfromgroupadminrole) | **Delete** /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId} | Unassign a Group Target from a Group Role
+*RoleTargetApi* | [**UnassignGroupTargetFromUserAdminRole**](docs/RoleTargetApi.md#unassigngrouptargetfromuseradminrole) | **Delete** /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId} | Unassign a Group Target from Role
+*SchemaApi* | [**GetApplicationLayout**](docs/SchemaApi.md#getapplicationlayout) | **Get** /api/v1/meta/layouts/apps/{appName} | Retrieve the UI Layout for an Application
+*SchemaApi* | [**GetApplicationUserSchema**](docs/SchemaApi.md#getapplicationuserschema) | **Get** /api/v1/meta/schemas/apps/{appInstanceId}/default | Retrieve the default Application User Schema for an Application
+*SchemaApi* | [**GetGroupSchema**](docs/SchemaApi.md#getgroupschema) | **Get** /api/v1/meta/schemas/group/default | Retrieve the default Group Schema
+*SchemaApi* | [**GetLogStreamSchema**](docs/SchemaApi.md#getlogstreamschema) | **Get** /api/v1/meta/schemas/logStream/{logStreamType} | Retrieve the Log Stream Schema for the schema type
+*SchemaApi* | [**GetUserSchema**](docs/SchemaApi.md#getuserschema) | **Get** /api/v1/meta/schemas/user/{schemaId} | Retrieve a User Schema
+*SchemaApi* | [**ListLogStreamSchemas**](docs/SchemaApi.md#listlogstreamschemas) | **Get** /api/v1/meta/schemas/logStream | List the Log Stream Schemas
+*SchemaApi* | [**UpdateApplicationUserProfile**](docs/SchemaApi.md#updateapplicationuserprofile) | **Post** /api/v1/meta/schemas/apps/{appInstanceId}/default | Update the default Application User Schema for an Application
+*SchemaApi* | [**UpdateGroupSchema**](docs/SchemaApi.md#updategroupschema) | **Post** /api/v1/meta/schemas/group/default | Update the default Group Schema
+*SchemaApi* | [**UpdateUserProfile**](docs/SchemaApi.md#updateuserprofile) | **Post** /api/v1/meta/schemas/user/{schemaId} | Update a User Schema
+*SessionApi* | [**CreateSession**](docs/SessionApi.md#createsession) | **Post** /api/v1/sessions | Create a Session with Session Token
+*SessionApi* | [**GetSession**](docs/SessionApi.md#getsession) | **Get** /api/v1/sessions/{sessionId} | Retrieve a Session
+*SessionApi* | [**RefreshSession**](docs/SessionApi.md#refreshsession) | **Post** /api/v1/sessions/{sessionId}/lifecycle/refresh | Refresh a Session
+*SessionApi* | [**RevokeSession**](docs/SessionApi.md#revokesession) | **Delete** /api/v1/sessions/{sessionId} | Revoke a Session
+*SubscriptionApi* | [**ListRoleSubscriptions**](docs/SubscriptionApi.md#listrolesubscriptions) | **Get** /api/v1/roles/{roleTypeOrRoleId}/subscriptions | List all Subscriptions of a Custom Role
+*SubscriptionApi* | [**ListRoleSubscriptionsByNotificationType**](docs/SubscriptionApi.md#listrolesubscriptionsbynotificationtype) | **Get** /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType} | List all Subscriptions of a Custom Role with a specific notification type
+*SubscriptionApi* | [**ListUserSubscriptions**](docs/SubscriptionApi.md#listusersubscriptions) | **Get** /api/v1/users/{userId}/subscriptions | List all Subscriptions
+*SubscriptionApi* | [**ListUserSubscriptionsByNotificationType**](docs/SubscriptionApi.md#listusersubscriptionsbynotificationtype) | **Get** /api/v1/users/{userId}/subscriptions/{notificationType} | List all Subscriptions by type
+*SubscriptionApi* | [**SubscribeRoleSubscriptionByNotificationType**](docs/SubscriptionApi.md#subscriberolesubscriptionbynotificationtype) | **Post** /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe | Subscribe a Custom Role to a specific notification type
+*SubscriptionApi* | [**SubscribeUserSubscriptionByNotificationType**](docs/SubscriptionApi.md#subscribeusersubscriptionbynotificationtype) | **Post** /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe | Subscribe to a specific notification type
+*SubscriptionApi* | [**UnsubscribeRoleSubscriptionByNotificationType**](docs/SubscriptionApi.md#unsubscriberolesubscriptionbynotificationtype) | **Post** /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe | Unsubscribe a Custom Role from a specific notification type
+*SubscriptionApi* | [**UnsubscribeUserSubscriptionByNotificationType**](docs/SubscriptionApi.md#unsubscribeusersubscriptionbynotificationtype) | **Post** /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe | Unsubscribe from a specific notification type
+*SystemLogApi* | [**ListLogEvents**](docs/SystemLogApi.md#listlogevents) | **Get** /api/v1/logs | List all System Log Events
+*TemplateApi* | [**CreateSmsTemplate**](docs/TemplateApi.md#createsmstemplate) | **Post** /api/v1/templates/sms | Create an SMS Template
+*TemplateApi* | [**DeleteSmsTemplate**](docs/TemplateApi.md#deletesmstemplate) | **Delete** /api/v1/templates/sms/{templateId} | Delete an SMS Template
+*TemplateApi* | [**GetSmsTemplate**](docs/TemplateApi.md#getsmstemplate) | **Get** /api/v1/templates/sms/{templateId} | Retrieve an SMS Template
+*TemplateApi* | [**ListSmsTemplates**](docs/TemplateApi.md#listsmstemplates) | **Get** /api/v1/templates/sms | List all SMS Templates
+*TemplateApi* | [**ReplaceSmsTemplate**](docs/TemplateApi.md#replacesmstemplate) | **Put** /api/v1/templates/sms/{templateId} | Replace an SMS Template
+*TemplateApi* | [**UpdateSmsTemplate**](docs/TemplateApi.md#updatesmstemplate) | **Post** /api/v1/templates/sms/{templateId} | Update an SMS Template
+*ThreatInsightApi* | [**GetCurrentConfiguration**](docs/ThreatInsightApi.md#getcurrentconfiguration) | **Get** /api/v1/threats/configuration | Retrieve the ThreatInsight Configuration
+*ThreatInsightApi* | [**UpdateConfiguration**](docs/ThreatInsightApi.md#updateconfiguration) | **Post** /api/v1/threats/configuration | Update the ThreatInsight Configuration
+*TrustedOriginApi* | [**ActivateTrustedOrigin**](docs/TrustedOriginApi.md#activatetrustedorigin) | **Post** /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate | Activate a Trusted Origin
+*TrustedOriginApi* | [**CreateTrustedOrigin**](docs/TrustedOriginApi.md#createtrustedorigin) | **Post** /api/v1/trustedOrigins | Create a Trusted Origin
+*TrustedOriginApi* | [**DeactivateTrustedOrigin**](docs/TrustedOriginApi.md#deactivatetrustedorigin) | **Post** /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate | Deactivate a Trusted Origin
+*TrustedOriginApi* | [**DeleteTrustedOrigin**](docs/TrustedOriginApi.md#deletetrustedorigin) | **Delete** /api/v1/trustedOrigins/{trustedOriginId} | Delete a Trusted Origin
+*TrustedOriginApi* | [**GetTrustedOrigin**](docs/TrustedOriginApi.md#gettrustedorigin) | **Get** /api/v1/trustedOrigins/{trustedOriginId} | Retrieve a Trusted Origin
+*TrustedOriginApi* | [**ListTrustedOrigins**](docs/TrustedOriginApi.md#listtrustedorigins) | **Get** /api/v1/trustedOrigins | List all Trusted Origins
+*TrustedOriginApi* | [**ReplaceTrustedOrigin**](docs/TrustedOriginApi.md#replacetrustedorigin) | **Put** /api/v1/trustedOrigins/{trustedOriginId} | Replace a Trusted Origin
+*UserApi* | [**ActivateUser**](docs/UserApi.md#activateuser) | **Post** /api/v1/users/{userId}/lifecycle/activate | Activate a User
+*UserApi* | [**ChangePassword**](docs/UserApi.md#changepassword) | **Post** /api/v1/users/{userId}/credentials/change_password | Change Password
+*UserApi* | [**ChangeRecoveryQuestion**](docs/UserApi.md#changerecoveryquestion) | **Post** /api/v1/users/{userId}/credentials/change_recovery_question | Change Recovery Question
+*UserApi* | [**CreateUser**](docs/UserApi.md#createuser) | **Post** /api/v1/users | Create a User
+*UserApi* | [**DeactivateUser**](docs/UserApi.md#deactivateuser) | **Post** /api/v1/users/{userId}/lifecycle/deactivate | Deactivate a User
+*UserApi* | [**DeleteLinkedObjectForUser**](docs/UserApi.md#deletelinkedobjectforuser) | **Delete** /api/v1/users/{userId}/linkedObjects/{relationshipName} | Delete a Linked Object
+*UserApi* | [**DeleteUser**](docs/UserApi.md#deleteuser) | **Delete** /api/v1/users/{userId} | Delete a User
+*UserApi* | [**ExpirePassword**](docs/UserApi.md#expirepassword) | **Post** /api/v1/users/{userId}/lifecycle/expire_password | Expire Password
+*UserApi* | [**ExpirePasswordAndGetTemporaryPassword**](docs/UserApi.md#expirepasswordandgettemporarypassword) | **Post** /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password | Expire Password and Set Temporary Password
+*UserApi* | [**ForgotPassword**](docs/UserApi.md#forgotpassword) | **Post** /api/v1/users/{userId}/credentials/forgot_password | Initiate Forgot Password
+*UserApi* | [**ForgotPasswordSetNewPassword**](docs/UserApi.md#forgotpasswordsetnewpassword) | **Post** /api/v1/users/{userId}/credentials/forgot_password_recovery_question | Reset Password with Recovery Question
+*UserApi* | [**GenerateResetPasswordToken**](docs/UserApi.md#generateresetpasswordtoken) | **Post** /api/v1/users/{userId}/lifecycle/reset_password | Generate a Reset Password Token
+*UserApi* | [**GetRefreshTokenForUserAndClient**](docs/UserApi.md#getrefreshtokenforuserandclient) | **Get** /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId} | Retrieve a Refresh Token for a Client
+*UserApi* | [**GetUser**](docs/UserApi.md#getuser) | **Get** /api/v1/users/{userId} | Retrieve a User
+*UserApi* | [**GetUserGrant**](docs/UserApi.md#getusergrant) | **Get** /api/v1/users/{userId}/grants/{grantId} | Retrieve a User Grant
+*UserApi* | [**ListAppLinks**](docs/UserApi.md#listapplinks) | **Get** /api/v1/users/{userId}/appLinks | List all Assigned Application Links
+*UserApi* | [**ListGrantsForUserAndClient**](docs/UserApi.md#listgrantsforuserandclient) | **Get** /api/v1/users/{userId}/clients/{clientId}/grants | List all Grants for a Client
+*UserApi* | [**ListLinkedObjectsForUser**](docs/UserApi.md#listlinkedobjectsforuser) | **Get** /api/v1/users/{userId}/linkedObjects/{relationshipName} | List all Linked Objects
+*UserApi* | [**ListRefreshTokensForUserAndClient**](docs/UserApi.md#listrefreshtokensforuserandclient) | **Get** /api/v1/users/{userId}/clients/{clientId}/tokens | List all Refresh Tokens for a Client
+*UserApi* | [**ListUserBlocks**](docs/UserApi.md#listuserblocks) | **Get** /api/v1/users/{userId}/blocks | List all User Blocks
+*UserApi* | [**ListUserClients**](docs/UserApi.md#listuserclients) | **Get** /api/v1/users/{userId}/clients | List all Clients
+*UserApi* | [**ListUserGrants**](docs/UserApi.md#listusergrants) | **Get** /api/v1/users/{userId}/grants | List all User Grants
+*UserApi* | [**ListUserGroups**](docs/UserApi.md#listusergroups) | **Get** /api/v1/users/{userId}/groups | List all Groups
+*UserApi* | [**ListUserIdentityProviders**](docs/UserApi.md#listuseridentityproviders) | **Get** /api/v1/users/{userId}/idps | List all Identity Providers
+*UserApi* | [**ListUsers**](docs/UserApi.md#listusers) | **Get** /api/v1/users | List all Users
+*UserApi* | [**ReactivateUser**](docs/UserApi.md#reactivateuser) | **Post** /api/v1/users/{userId}/lifecycle/reactivate | Reactivate a User
+*UserApi* | [**ReplaceUser**](docs/UserApi.md#replaceuser) | **Put** /api/v1/users/{userId} | Replace a User
+*UserApi* | [**ResetFactors**](docs/UserApi.md#resetfactors) | **Post** /api/v1/users/{userId}/lifecycle/reset_factors | Reset all Factors
+*UserApi* | [**RevokeGrantsForUserAndClient**](docs/UserApi.md#revokegrantsforuserandclient) | **Delete** /api/v1/users/{userId}/clients/{clientId}/grants | Revoke all Grants for a Client
+*UserApi* | [**RevokeTokenForUserAndClient**](docs/UserApi.md#revoketokenforuserandclient) | **Delete** /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId} | Revoke a Token for a Client
+*UserApi* | [**RevokeTokensForUserAndClient**](docs/UserApi.md#revoketokensforuserandclient) | **Delete** /api/v1/users/{userId}/clients/{clientId}/tokens | Revoke all Refresh Tokens for a Client
+*UserApi* | [**RevokeUserGrant**](docs/UserApi.md#revokeusergrant) | **Delete** /api/v1/users/{userId}/grants/{grantId} | Revoke a User Grant
+*UserApi* | [**RevokeUserGrants**](docs/UserApi.md#revokeusergrants) | **Delete** /api/v1/users/{userId}/grants | Revoke all User Grants
+*UserApi* | [**RevokeUserSessions**](docs/UserApi.md#revokeusersessions) | **Delete** /api/v1/users/{userId}/sessions | Revoke all User Sessions
+*UserApi* | [**SetLinkedObjectForUser**](docs/UserApi.md#setlinkedobjectforuser) | **Put** /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId} | Create a Linked Object for two User
+*UserApi* | [**SuspendUser**](docs/UserApi.md#suspenduser) | **Post** /api/v1/users/{userId}/lifecycle/suspend | Suspend a User
+*UserApi* | [**UnlockUser**](docs/UserApi.md#unlockuser) | **Post** /api/v1/users/{userId}/lifecycle/unlock | Unlock a User
+*UserApi* | [**UnsuspendUser**](docs/UserApi.md#unsuspenduser) | **Post** /api/v1/users/{userId}/lifecycle/unsuspend | Unsuspend a User
+*UserApi* | [**UpdateUser**](docs/UserApi.md#updateuser) | **Post** /api/v1/users/{userId} | Update a User
+*UserFactorApi* | [**ActivateFactor**](docs/UserFactorApi.md#activatefactor) | **Post** /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate | Activate a Factor
+*UserFactorApi* | [**EnrollFactor**](docs/UserFactorApi.md#enrollfactor) | **Post** /api/v1/users/{userId}/factors | Enroll a Factor
+*UserFactorApi* | [**GetFactor**](docs/UserFactorApi.md#getfactor) | **Get** /api/v1/users/{userId}/factors/{factorId} | Retrieve a Factor
+*UserFactorApi* | [**GetFactorTransactionStatus**](docs/UserFactorApi.md#getfactortransactionstatus) | **Get** /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId} | Retrieve a Factor Transaction Status
+*UserFactorApi* | [**ListFactors**](docs/UserFactorApi.md#listfactors) | **Get** /api/v1/users/{userId}/factors | List all Factors
+*UserFactorApi* | [**ListSupportedFactors**](docs/UserFactorApi.md#listsupportedfactors) | **Get** /api/v1/users/{userId}/factors/catalog | List all Supported Factors
+*UserFactorApi* | [**ListSupportedSecurityQuestions**](docs/UserFactorApi.md#listsupportedsecurityquestions) | **Get** /api/v1/users/{userId}/factors/questions | List all Supported Security Questions
+*UserFactorApi* | [**UnenrollFactor**](docs/UserFactorApi.md#unenrollfactor) | **Delete** /api/v1/users/{userId}/factors/{factorId} | Unenroll a Factor
+*UserFactorApi* | [**VerifyFactor**](docs/UserFactorApi.md#verifyfactor) | **Post** /api/v1/users/{userId}/factors/{factorId}/verify | Verify an MFA Factor
+*UserTypeApi* | [**CreateUserType**](docs/UserTypeApi.md#createusertype) | **Post** /api/v1/meta/types/user | Create a User Type
+*UserTypeApi* | [**DeleteUserType**](docs/UserTypeApi.md#deleteusertype) | **Delete** /api/v1/meta/types/user/{typeId} | Delete a User Type
+*UserTypeApi* | [**GetUserType**](docs/UserTypeApi.md#getusertype) | **Get** /api/v1/meta/types/user/{typeId} | Retrieve a User Type
+*UserTypeApi* | [**ListUserTypes**](docs/UserTypeApi.md#listusertypes) | **Get** /api/v1/meta/types/user | List all User Types
+*UserTypeApi* | [**ReplaceUserType**](docs/UserTypeApi.md#replaceusertype) | **Put** /api/v1/meta/types/user/{typeId} | Replace a User Type
+*UserTypeApi* | [**UpdateUserType**](docs/UserTypeApi.md#updateusertype) | **Post** /api/v1/meta/types/user/{typeId} | Update a User Type
+
+
+## Documentation For Models
+
+ - [APNSConfiguration](docs/APNSConfiguration.md)
+ - [APNSPushProvider](docs/APNSPushProvider.md)
+ - [APNSPushProviderAllOf](docs/APNSPushProviderAllOf.md)
+ - [AccessPolicy](docs/AccessPolicy.md)
+ - [AccessPolicyAllOf](docs/AccessPolicyAllOf.md)
+ - [AccessPolicyConstraint](docs/AccessPolicyConstraint.md)
+ - [AccessPolicyConstraints](docs/AccessPolicyConstraints.md)
+ - [AccessPolicyRule](docs/AccessPolicyRule.md)
+ - [AccessPolicyRuleActions](docs/AccessPolicyRuleActions.md)
+ - [AccessPolicyRuleActionsAllOf](docs/AccessPolicyRuleActionsAllOf.md)
+ - [AccessPolicyRuleAllOf](docs/AccessPolicyRuleAllOf.md)
+ - [AccessPolicyRuleApplicationSignOn](docs/AccessPolicyRuleApplicationSignOn.md)
+ - [AccessPolicyRuleConditions](docs/AccessPolicyRuleConditions.md)
+ - [AccessPolicyRuleConditionsAllOf](docs/AccessPolicyRuleConditionsAllOf.md)
+ - [AccessPolicyRuleCustomCondition](docs/AccessPolicyRuleCustomCondition.md)
+ - [AcsEndpoint](docs/AcsEndpoint.md)
+ - [ActivateFactorRequest](docs/ActivateFactorRequest.md)
+ - [Agent](docs/Agent.md)
+ - [AgentPool](docs/AgentPool.md)
+ - [AgentPoolUpdate](docs/AgentPoolUpdate.md)
+ - [AgentPoolUpdateSetting](docs/AgentPoolUpdateSetting.md)
+ - [AgentType](docs/AgentType.md)
+ - [AgentUpdateInstanceStatus](docs/AgentUpdateInstanceStatus.md)
+ - [AgentUpdateJobStatus](docs/AgentUpdateJobStatus.md)
+ - [AllowedForEnum](docs/AllowedForEnum.md)
+ - [ApiToken](docs/ApiToken.md)
+ - [ApiTokenLink](docs/ApiTokenLink.md)
+ - [AppAndInstanceConditionEvaluatorAppOrInstance](docs/AppAndInstanceConditionEvaluatorAppOrInstance.md)
+ - [AppAndInstancePolicyRuleCondition](docs/AppAndInstancePolicyRuleCondition.md)
+ - [AppAndInstanceType](docs/AppAndInstanceType.md)
+ - [AppInstancePolicyRuleCondition](docs/AppInstancePolicyRuleCondition.md)
+ - [AppLink](docs/AppLink.md)
+ - [AppUser](docs/AppUser.md)
+ - [AppUserCredentials](docs/AppUserCredentials.md)
+ - [AppUserPasswordCredential](docs/AppUserPasswordCredential.md)
+ - [Application](docs/Application.md)
+ - [ApplicationAccessibility](docs/ApplicationAccessibility.md)
+ - [ApplicationCredentials](docs/ApplicationCredentials.md)
+ - [ApplicationCredentialsOAuthClient](docs/ApplicationCredentialsOAuthClient.md)
+ - [ApplicationCredentialsScheme](docs/ApplicationCredentialsScheme.md)
+ - [ApplicationCredentialsSigning](docs/ApplicationCredentialsSigning.md)
+ - [ApplicationCredentialsSigningUse](docs/ApplicationCredentialsSigningUse.md)
+ - [ApplicationCredentialsUsernameTemplate](docs/ApplicationCredentialsUsernameTemplate.md)
+ - [ApplicationFeature](docs/ApplicationFeature.md)
+ - [ApplicationGroupAssignment](docs/ApplicationGroupAssignment.md)
+ - [ApplicationLayout](docs/ApplicationLayout.md)
+ - [ApplicationLayoutRule](docs/ApplicationLayoutRule.md)
+ - [ApplicationLayoutRuleCondition](docs/ApplicationLayoutRuleCondition.md)
+ - [ApplicationLicensing](docs/ApplicationLicensing.md)
+ - [ApplicationLifecycleStatus](docs/ApplicationLifecycleStatus.md)
+ - [ApplicationLinks](docs/ApplicationLinks.md)
+ - [ApplicationSettings](docs/ApplicationSettings.md)
+ - [ApplicationSettingsNotes](docs/ApplicationSettingsNotes.md)
+ - [ApplicationSettingsNotifications](docs/ApplicationSettingsNotifications.md)
+ - [ApplicationSettingsNotificationsVpn](docs/ApplicationSettingsNotificationsVpn.md)
+ - [ApplicationSettingsNotificationsVpnNetwork](docs/ApplicationSettingsNotificationsVpnNetwork.md)
+ - [ApplicationSignOnMode](docs/ApplicationSignOnMode.md)
+ - [ApplicationVisibility](docs/ApplicationVisibility.md)
+ - [ApplicationVisibilityHide](docs/ApplicationVisibilityHide.md)
+ - [AssignRoleRequest](docs/AssignRoleRequest.md)
+ - [AuthenticationProvider](docs/AuthenticationProvider.md)
+ - [AuthenticationProviderType](docs/AuthenticationProviderType.md)
+ - [Authenticator](docs/Authenticator.md)
+ - [AuthenticatorProvider](docs/AuthenticatorProvider.md)
+ - [AuthenticatorProviderConfiguration](docs/AuthenticatorProviderConfiguration.md)
+ - [AuthenticatorProviderConfigurationUserNameTemplate](docs/AuthenticatorProviderConfigurationUserNameTemplate.md)
+ - [AuthenticatorSettings](docs/AuthenticatorSettings.md)
+ - [AuthenticatorStatus](docs/AuthenticatorStatus.md)
+ - [AuthenticatorType](docs/AuthenticatorType.md)
+ - [AuthorizationServer](docs/AuthorizationServer.md)
+ - [AuthorizationServerCredentials](docs/AuthorizationServerCredentials.md)
+ - [AuthorizationServerCredentialsRotationMode](docs/AuthorizationServerCredentialsRotationMode.md)
+ - [AuthorizationServerCredentialsSigningConfig](docs/AuthorizationServerCredentialsSigningConfig.md)
+ - [AuthorizationServerCredentialsUse](docs/AuthorizationServerCredentialsUse.md)
+ - [AuthorizationServerPolicy](docs/AuthorizationServerPolicy.md)
+ - [AuthorizationServerPolicyRule](docs/AuthorizationServerPolicyRule.md)
+ - [AuthorizationServerPolicyRuleActions](docs/AuthorizationServerPolicyRuleActions.md)
+ - [AuthorizationServerPolicyRuleActionsAllOf](docs/AuthorizationServerPolicyRuleActionsAllOf.md)
+ - [AuthorizationServerPolicyRuleAllOf](docs/AuthorizationServerPolicyRuleAllOf.md)
+ - [AuthorizationServerPolicyRuleConditions](docs/AuthorizationServerPolicyRuleConditions.md)
+ - [AuthorizationServerPolicyRuleConditionsAllOf](docs/AuthorizationServerPolicyRuleConditionsAllOf.md)
+ - [AutoLoginApplication](docs/AutoLoginApplication.md)
+ - [AutoLoginApplicationAllOf](docs/AutoLoginApplicationAllOf.md)
+ - [AutoLoginApplicationSettings](docs/AutoLoginApplicationSettings.md)
+ - [AutoLoginApplicationSettingsAllOf](docs/AutoLoginApplicationSettingsAllOf.md)
+ - [AutoLoginApplicationSettingsSignOn](docs/AutoLoginApplicationSettingsSignOn.md)
+ - [AutoUpdateSchedule](docs/AutoUpdateSchedule.md)
+ - [AwsRegion](docs/AwsRegion.md)
+ - [BaseEmailDomain](docs/BaseEmailDomain.md)
+ - [BasicApplicationSettings](docs/BasicApplicationSettings.md)
+ - [BasicApplicationSettingsAllOf](docs/BasicApplicationSettingsAllOf.md)
+ - [BasicApplicationSettingsApplication](docs/BasicApplicationSettingsApplication.md)
+ - [BasicAuthApplication](docs/BasicAuthApplication.md)
+ - [BasicAuthApplicationAllOf](docs/BasicAuthApplicationAllOf.md)
+ - [BeforeScheduledActionPolicyRuleCondition](docs/BeforeScheduledActionPolicyRuleCondition.md)
+ - [BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour](docs/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.md)
+ - [BehaviorDetectionRuleSettingsBasedOnEventHistory](docs/BehaviorDetectionRuleSettingsBasedOnEventHistory.md)
+ - [BehaviorRule](docs/BehaviorRule.md)
+ - [BehaviorRuleAnomalousDevice](docs/BehaviorRuleAnomalousDevice.md)
+ - [BehaviorRuleAnomalousDeviceAllOf](docs/BehaviorRuleAnomalousDeviceAllOf.md)
+ - [BehaviorRuleAnomalousIP](docs/BehaviorRuleAnomalousIP.md)
+ - [BehaviorRuleAnomalousIPAllOf](docs/BehaviorRuleAnomalousIPAllOf.md)
+ - [BehaviorRuleAnomalousLocation](docs/BehaviorRuleAnomalousLocation.md)
+ - [BehaviorRuleAnomalousLocationAllOf](docs/BehaviorRuleAnomalousLocationAllOf.md)
+ - [BehaviorRuleSettingsAnomalousDevice](docs/BehaviorRuleSettingsAnomalousDevice.md)
+ - [BehaviorRuleSettingsAnomalousIP](docs/BehaviorRuleSettingsAnomalousIP.md)
+ - [BehaviorRuleSettingsAnomalousIPAllOf](docs/BehaviorRuleSettingsAnomalousIPAllOf.md)
+ - [BehaviorRuleSettingsAnomalousLocation](docs/BehaviorRuleSettingsAnomalousLocation.md)
+ - [BehaviorRuleSettingsAnomalousLocationAllOf](docs/BehaviorRuleSettingsAnomalousLocationAllOf.md)
+ - [BehaviorRuleSettingsHistoryBased](docs/BehaviorRuleSettingsHistoryBased.md)
+ - [BehaviorRuleSettingsVelocity](docs/BehaviorRuleSettingsVelocity.md)
+ - [BehaviorRuleType](docs/BehaviorRuleType.md)
+ - [BehaviorRuleVelocity](docs/BehaviorRuleVelocity.md)
+ - [BehaviorRuleVelocityAllOf](docs/BehaviorRuleVelocityAllOf.md)
+ - [BookmarkApplication](docs/BookmarkApplication.md)
+ - [BookmarkApplicationAllOf](docs/BookmarkApplicationAllOf.md)
+ - [BookmarkApplicationSettings](docs/BookmarkApplicationSettings.md)
+ - [BookmarkApplicationSettingsAllOf](docs/BookmarkApplicationSettingsAllOf.md)
+ - [BookmarkApplicationSettingsApplication](docs/BookmarkApplicationSettingsApplication.md)
+ - [BouncesRemoveListError](docs/BouncesRemoveListError.md)
+ - [BouncesRemoveListObj](docs/BouncesRemoveListObj.md)
+ - [BouncesRemoveListResult](docs/BouncesRemoveListResult.md)
+ - [Brand](docs/Brand.md)
+ - [BrandDefaultApp](docs/BrandDefaultApp.md)
+ - [BrandDomain](docs/BrandDomain.md)
+ - [BrandDomainLinks](docs/BrandDomainLinks.md)
+ - [BrandLinks](docs/BrandLinks.md)
+ - [BrandRequest](docs/BrandRequest.md)
+ - [BrowserPluginApplication](docs/BrowserPluginApplication.md)
+ - [BrowserPluginApplicationAllOf](docs/BrowserPluginApplicationAllOf.md)
+ - [BulkDeleteRequestBody](docs/BulkDeleteRequestBody.md)
+ - [BulkUpsertRequestBody](docs/BulkUpsertRequestBody.md)
+ - [CAPTCHAInstance](docs/CAPTCHAInstance.md)
+ - [CAPTCHAType](docs/CAPTCHAType.md)
+ - [CallUserFactor](docs/CallUserFactor.md)
+ - [CallUserFactorAllOf](docs/CallUserFactorAllOf.md)
+ - [CallUserFactorProfile](docs/CallUserFactorProfile.md)
+ - [CapabilitiesCreateObject](docs/CapabilitiesCreateObject.md)
+ - [CapabilitiesObject](docs/CapabilitiesObject.md)
+ - [CapabilitiesUpdateObject](docs/CapabilitiesUpdateObject.md)
+ - [CatalogApplication](docs/CatalogApplication.md)
+ - [CatalogApplicationStatus](docs/CatalogApplicationStatus.md)
+ - [ChangeEnum](docs/ChangeEnum.md)
+ - [ChangePasswordRequest](docs/ChangePasswordRequest.md)
+ - [ChannelBinding](docs/ChannelBinding.md)
+ - [ChromeBrowserVersion](docs/ChromeBrowserVersion.md)
+ - [ClientPolicyCondition](docs/ClientPolicyCondition.md)
+ - [Compliance](docs/Compliance.md)
+ - [ContextPolicyRuleCondition](docs/ContextPolicyRuleCondition.md)
+ - [ContextPolicyRuleConditionAllOf](docs/ContextPolicyRuleConditionAllOf.md)
+ - [CreateBrandDomainRequest](docs/CreateBrandDomainRequest.md)
+ - [CreateBrandRequest](docs/CreateBrandRequest.md)
+ - [CreateSessionRequest](docs/CreateSessionRequest.md)
+ - [CreateUserRequest](docs/CreateUserRequest.md)
+ - [Csr](docs/Csr.md)
+ - [CsrMetadata](docs/CsrMetadata.md)
+ - [CsrMetadataSubject](docs/CsrMetadataSubject.md)
+ - [CsrMetadataSubjectAltNames](docs/CsrMetadataSubjectAltNames.md)
+ - [CustomHotpUserFactor](docs/CustomHotpUserFactor.md)
+ - [CustomHotpUserFactorAllOf](docs/CustomHotpUserFactorAllOf.md)
+ - [CustomHotpUserFactorProfile](docs/CustomHotpUserFactorProfile.md)
+ - [CustomizablePage](docs/CustomizablePage.md)
+ - [DNSRecord](docs/DNSRecord.md)
+ - [DNSRecordType](docs/DNSRecordType.md)
+ - [DTCChromeOS](docs/DTCChromeOS.md)
+ - [DTCMacOS](docs/DTCMacOS.md)
+ - [DTCWindows](docs/DTCWindows.md)
+ - [Device](docs/Device.md)
+ - [DeviceAccessPolicyRuleCondition](docs/DeviceAccessPolicyRuleCondition.md)
+ - [DeviceAccessPolicyRuleConditionAllOf](docs/DeviceAccessPolicyRuleConditionAllOf.md)
+ - [DeviceAssurance](docs/DeviceAssurance.md)
+ - [DeviceAssuranceAndroidPlatform](docs/DeviceAssuranceAndroidPlatform.md)
+ - [DeviceAssuranceAndroidPlatformAllOf](docs/DeviceAssuranceAndroidPlatformAllOf.md)
+ - [DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType](docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md)
+ - [DeviceAssuranceAndroidPlatformAllOfScreenLockType](docs/DeviceAssuranceAndroidPlatformAllOfScreenLockType.md)
+ - [DeviceAssuranceChromeOSPlatform](docs/DeviceAssuranceChromeOSPlatform.md)
+ - [DeviceAssuranceChromeOSPlatformAllOf](docs/DeviceAssuranceChromeOSPlatformAllOf.md)
+ - [DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders](docs/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.md)
+ - [DeviceAssuranceIOSPlatform](docs/DeviceAssuranceIOSPlatform.md)
+ - [DeviceAssuranceMacOSPlatform](docs/DeviceAssuranceMacOSPlatform.md)
+ - [DeviceAssuranceMacOSPlatformAllOf](docs/DeviceAssuranceMacOSPlatformAllOf.md)
+ - [DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders](docs/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.md)
+ - [DeviceAssuranceWindowsPlatform](docs/DeviceAssuranceWindowsPlatform.md)
+ - [DeviceAssuranceWindowsPlatformAllOf](docs/DeviceAssuranceWindowsPlatformAllOf.md)
+ - [DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders](docs/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.md)
+ - [DeviceDisplayName](docs/DeviceDisplayName.md)
+ - [DeviceLinks](docs/DeviceLinks.md)
+ - [DevicePlatform](docs/DevicePlatform.md)
+ - [DevicePolicyMDMFramework](docs/DevicePolicyMDMFramework.md)
+ - [DevicePolicyPlatformType](docs/DevicePolicyPlatformType.md)
+ - [DevicePolicyRuleCondition](docs/DevicePolicyRuleCondition.md)
+ - [DevicePolicyRuleConditionPlatform](docs/DevicePolicyRuleConditionPlatform.md)
+ - [DevicePolicyTrustLevel](docs/DevicePolicyTrustLevel.md)
+ - [DeviceProfile](docs/DeviceProfile.md)
+ - [DeviceStatus](docs/DeviceStatus.md)
+ - [DiskEncryptionType](docs/DiskEncryptionType.md)
+ - [Domain](docs/Domain.md)
+ - [DomainCertificate](docs/DomainCertificate.md)
+ - [DomainCertificateMetadata](docs/DomainCertificateMetadata.md)
+ - [DomainCertificateSourceType](docs/DomainCertificateSourceType.md)
+ - [DomainCertificateType](docs/DomainCertificateType.md)
+ - [DomainLinks](docs/DomainLinks.md)
+ - [DomainListResponse](docs/DomainListResponse.md)
+ - [DomainResponse](docs/DomainResponse.md)
+ - [DomainValidationStatus](docs/DomainValidationStatus.md)
+ - [Duration](docs/Duration.md)
+ - [EmailContent](docs/EmailContent.md)
+ - [EmailCustomization](docs/EmailCustomization.md)
+ - [EmailCustomizationAllOf](docs/EmailCustomizationAllOf.md)
+ - [EmailCustomizationAllOfLinks](docs/EmailCustomizationAllOfLinks.md)
+ - [EmailDefaultContent](docs/EmailDefaultContent.md)
+ - [EmailDefaultContentAllOf](docs/EmailDefaultContentAllOf.md)
+ - [EmailDefaultContentAllOfLinks](docs/EmailDefaultContentAllOfLinks.md)
+ - [EmailDomain](docs/EmailDomain.md)
+ - [EmailDomainResponse](docs/EmailDomainResponse.md)
+ - [EmailDomainResponseWithEmbedded](docs/EmailDomainResponseWithEmbedded.md)
+ - [EmailDomainResponseWithEmbeddedEmbedded](docs/EmailDomainResponseWithEmbeddedEmbedded.md)
+ - [EmailDomainStatus](docs/EmailDomainStatus.md)
+ - [EmailPreview](docs/EmailPreview.md)
+ - [EmailPreviewLinks](docs/EmailPreviewLinks.md)
+ - [EmailSettings](docs/EmailSettings.md)
+ - [EmailTemplate](docs/EmailTemplate.md)
+ - [EmailTemplateEmbedded](docs/EmailTemplateEmbedded.md)
+ - [EmailTemplateLinks](docs/EmailTemplateLinks.md)
+ - [EmailTemplateTouchPointVariant](docs/EmailTemplateTouchPointVariant.md)
+ - [EmailUserFactor](docs/EmailUserFactor.md)
+ - [EmailUserFactorAllOf](docs/EmailUserFactorAllOf.md)
+ - [EmailUserFactorProfile](docs/EmailUserFactorProfile.md)
+ - [EnabledStatus](docs/EnabledStatus.md)
+ - [EndUserDashboardTouchPointVariant](docs/EndUserDashboardTouchPointVariant.md)
+ - [Error](docs/Error.md)
+ - [ErrorErrorCausesInner](docs/ErrorErrorCausesInner.md)
+ - [ErrorPageTouchPointVariant](docs/ErrorPageTouchPointVariant.md)
+ - [EventHook](docs/EventHook.md)
+ - [EventHookChannel](docs/EventHookChannel.md)
+ - [EventHookChannelConfig](docs/EventHookChannelConfig.md)
+ - [EventHookChannelConfigAuthScheme](docs/EventHookChannelConfigAuthScheme.md)
+ - [EventHookChannelConfigAuthSchemeType](docs/EventHookChannelConfigAuthSchemeType.md)
+ - [EventHookChannelConfigHeader](docs/EventHookChannelConfigHeader.md)
+ - [EventHookChannelType](docs/EventHookChannelType.md)
+ - [EventHookVerificationStatus](docs/EventHookVerificationStatus.md)
+ - [EventSubscriptionType](docs/EventSubscriptionType.md)
+ - [EventSubscriptions](docs/EventSubscriptions.md)
+ - [FCMConfiguration](docs/FCMConfiguration.md)
+ - [FCMPushProvider](docs/FCMPushProvider.md)
+ - [FCMPushProviderAllOf](docs/FCMPushProviderAllOf.md)
+ - [FactorProvider](docs/FactorProvider.md)
+ - [FactorResultType](docs/FactorResultType.md)
+ - [FactorStatus](docs/FactorStatus.md)
+ - [FactorType](docs/FactorType.md)
+ - [Feature](docs/Feature.md)
+ - [FeatureStage](docs/FeatureStage.md)
+ - [FeatureStageState](docs/FeatureStageState.md)
+ - [FeatureStageValue](docs/FeatureStageValue.md)
+ - [FeatureType](docs/FeatureType.md)
+ - [FipsEnum](docs/FipsEnum.md)
+ - [ForgotPasswordResponse](docs/ForgotPasswordResponse.md)
+ - [GrantOrTokenStatus](docs/GrantOrTokenStatus.md)
+ - [GrantTypePolicyRuleCondition](docs/GrantTypePolicyRuleCondition.md)
+ - [Group](docs/Group.md)
+ - [GroupCondition](docs/GroupCondition.md)
+ - [GroupLinks](docs/GroupLinks.md)
+ - [GroupOwner](docs/GroupOwner.md)
+ - [GroupOwnerOriginType](docs/GroupOwnerOriginType.md)
+ - [GroupOwnerType](docs/GroupOwnerType.md)
+ - [GroupPolicyRuleCondition](docs/GroupPolicyRuleCondition.md)
+ - [GroupProfile](docs/GroupProfile.md)
+ - [GroupRule](docs/GroupRule.md)
+ - [GroupRuleAction](docs/GroupRuleAction.md)
+ - [GroupRuleConditions](docs/GroupRuleConditions.md)
+ - [GroupRuleExpression](docs/GroupRuleExpression.md)
+ - [GroupRuleGroupAssignment](docs/GroupRuleGroupAssignment.md)
+ - [GroupRuleGroupCondition](docs/GroupRuleGroupCondition.md)
+ - [GroupRulePeopleCondition](docs/GroupRulePeopleCondition.md)
+ - [GroupRuleStatus](docs/GroupRuleStatus.md)
+ - [GroupRuleUserCondition](docs/GroupRuleUserCondition.md)
+ - [GroupSchema](docs/GroupSchema.md)
+ - [GroupSchemaAttribute](docs/GroupSchemaAttribute.md)
+ - [GroupSchemaBase](docs/GroupSchemaBase.md)
+ - [GroupSchemaBaseProperties](docs/GroupSchemaBaseProperties.md)
+ - [GroupSchemaCustom](docs/GroupSchemaCustom.md)
+ - [GroupSchemaDefinitions](docs/GroupSchemaDefinitions.md)
+ - [GroupType](docs/GroupType.md)
+ - [HardwareUserFactor](docs/HardwareUserFactor.md)
+ - [HardwareUserFactorAllOf](docs/HardwareUserFactorAllOf.md)
+ - [HardwareUserFactorProfile](docs/HardwareUserFactorProfile.md)
+ - [HookKey](docs/HookKey.md)
+ - [HostedPage](docs/HostedPage.md)
+ - [HostedPageType](docs/HostedPageType.md)
+ - [HrefObject](docs/HrefObject.md)
+ - [HrefObjectHints](docs/HrefObjectHints.md)
+ - [HrefObjectSelfLink](docs/HrefObjectSelfLink.md)
+ - [HttpMethod](docs/HttpMethod.md)
+ - [IamRole](docs/IamRole.md)
+ - [IamRoleLinks](docs/IamRoleLinks.md)
+ - [IamRoles](docs/IamRoles.md)
+ - [IamRolesLinks](docs/IamRolesLinks.md)
+ - [IdentityProvider](docs/IdentityProvider.md)
+ - [IdentityProviderApplicationUser](docs/IdentityProviderApplicationUser.md)
+ - [IdentityProviderCredentials](docs/IdentityProviderCredentials.md)
+ - [IdentityProviderCredentialsClient](docs/IdentityProviderCredentialsClient.md)
+ - [IdentityProviderCredentialsSigning](docs/IdentityProviderCredentialsSigning.md)
+ - [IdentityProviderCredentialsTrust](docs/IdentityProviderCredentialsTrust.md)
+ - [IdentityProviderCredentialsTrustRevocation](docs/IdentityProviderCredentialsTrustRevocation.md)
+ - [IdentityProviderPolicy](docs/IdentityProviderPolicy.md)
+ - [IdentityProviderPolicyAllOf](docs/IdentityProviderPolicyAllOf.md)
+ - [IdentityProviderPolicyProvider](docs/IdentityProviderPolicyProvider.md)
+ - [IdentityProviderPolicyRuleCondition](docs/IdentityProviderPolicyRuleCondition.md)
+ - [IdentityProviderType](docs/IdentityProviderType.md)
+ - [IdentitySourceSession](docs/IdentitySourceSession.md)
+ - [IdentitySourceSessionStatus](docs/IdentitySourceSessionStatus.md)
+ - [IdentitySourceUserProfileForDelete](docs/IdentitySourceUserProfileForDelete.md)
+ - [IdentitySourceUserProfileForUpsert](docs/IdentitySourceUserProfileForUpsert.md)
+ - [IdpPolicyRuleAction](docs/IdpPolicyRuleAction.md)
+ - [IdpPolicyRuleActionProvider](docs/IdpPolicyRuleActionProvider.md)
+ - [IframeEmbedScopeAllowedApps](docs/IframeEmbedScopeAllowedApps.md)
+ - [ImageUploadResponse](docs/ImageUploadResponse.md)
+ - [InactivityPolicyRuleCondition](docs/InactivityPolicyRuleCondition.md)
+ - [InlineHook](docs/InlineHook.md)
+ - [InlineHookChannel](docs/InlineHookChannel.md)
+ - [InlineHookChannelConfig](docs/InlineHookChannelConfig.md)
+ - [InlineHookChannelConfigAuthScheme](docs/InlineHookChannelConfigAuthScheme.md)
+ - [InlineHookChannelConfigHeaders](docs/InlineHookChannelConfigHeaders.md)
+ - [InlineHookChannelHttp](docs/InlineHookChannelHttp.md)
+ - [InlineHookChannelHttpAllOf](docs/InlineHookChannelHttpAllOf.md)
+ - [InlineHookChannelOAuth](docs/InlineHookChannelOAuth.md)
+ - [InlineHookChannelOAuthAllOf](docs/InlineHookChannelOAuthAllOf.md)
+ - [InlineHookChannelType](docs/InlineHookChannelType.md)
+ - [InlineHookOAuthBasicConfig](docs/InlineHookOAuthBasicConfig.md)
+ - [InlineHookOAuthChannelConfig](docs/InlineHookOAuthChannelConfig.md)
+ - [InlineHookOAuthClientSecretConfig](docs/InlineHookOAuthClientSecretConfig.md)
+ - [InlineHookOAuthPrivateKeyJwtConfig](docs/InlineHookOAuthPrivateKeyJwtConfig.md)
+ - [InlineHookResponse](docs/InlineHookResponse.md)
+ - [InlineHookResponseCommandValue](docs/InlineHookResponseCommandValue.md)
+ - [InlineHookResponseCommands](docs/InlineHookResponseCommands.md)
+ - [InlineHookStatus](docs/InlineHookStatus.md)
+ - [InlineHookType](docs/InlineHookType.md)
+ - [IssuerMode](docs/IssuerMode.md)
+ - [JsonWebKey](docs/JsonWebKey.md)
+ - [JwkUse](docs/JwkUse.md)
+ - [JwkUseType](docs/JwkUseType.md)
+ - [KeyRequest](docs/KeyRequest.md)
+ - [KeyTrustLevelBrowserKey](docs/KeyTrustLevelBrowserKey.md)
+ - [KeyTrustLevelOSMode](docs/KeyTrustLevelOSMode.md)
+ - [KnowledgeConstraint](docs/KnowledgeConstraint.md)
+ - [LifecycleCreateSettingObject](docs/LifecycleCreateSettingObject.md)
+ - [LifecycleDeactivateSettingObject](docs/LifecycleDeactivateSettingObject.md)
+ - [LifecycleExpirationPolicyRuleCondition](docs/LifecycleExpirationPolicyRuleCondition.md)
+ - [LifecycleStatus](docs/LifecycleStatus.md)
+ - [LinkedObject](docs/LinkedObject.md)
+ - [LinkedObjectDetails](docs/LinkedObjectDetails.md)
+ - [LinkedObjectDetailsType](docs/LinkedObjectDetailsType.md)
+ - [LinksSelf](docs/LinksSelf.md)
+ - [ListApplications200ResponseInner](docs/ListApplications200ResponseInner.md)
+ - [ListBehaviorDetectionRules200ResponseInner](docs/ListBehaviorDetectionRules200ResponseInner.md)
+ - [ListDeviceAssurancePolicies200ResponseInner](docs/ListDeviceAssurancePolicies200ResponseInner.md)
+ - [ListFactors200ResponseInner](docs/ListFactors200ResponseInner.md)
+ - [ListLogStreams200ResponseInner](docs/ListLogStreams200ResponseInner.md)
+ - [ListPolicies200ResponseInner](docs/ListPolicies200ResponseInner.md)
+ - [ListPolicyRules200ResponseInner](docs/ListPolicyRules200ResponseInner.md)
+ - [ListPushProviders200ResponseInner](docs/ListPushProviders200ResponseInner.md)
+ - [LoadingPageTouchPointVariant](docs/LoadingPageTouchPointVariant.md)
+ - [LocationGranularity](docs/LocationGranularity.md)
+ - [LogActor](docs/LogActor.md)
+ - [LogAuthenticationContext](docs/LogAuthenticationContext.md)
+ - [LogAuthenticationProvider](docs/LogAuthenticationProvider.md)
+ - [LogClient](docs/LogClient.md)
+ - [LogCredentialProvider](docs/LogCredentialProvider.md)
+ - [LogCredentialType](docs/LogCredentialType.md)
+ - [LogDebugContext](docs/LogDebugContext.md)
+ - [LogEvent](docs/LogEvent.md)
+ - [LogGeographicalContext](docs/LogGeographicalContext.md)
+ - [LogGeolocation](docs/LogGeolocation.md)
+ - [LogIpAddress](docs/LogIpAddress.md)
+ - [LogIssuer](docs/LogIssuer.md)
+ - [LogOutcome](docs/LogOutcome.md)
+ - [LogRequest](docs/LogRequest.md)
+ - [LogSecurityContext](docs/LogSecurityContext.md)
+ - [LogSeverity](docs/LogSeverity.md)
+ - [LogStream](docs/LogStream.md)
+ - [LogStreamAws](docs/LogStreamAws.md)
+ - [LogStreamAwsAllOf](docs/LogStreamAwsAllOf.md)
+ - [LogStreamLinks](docs/LogStreamLinks.md)
+ - [LogStreamSchema](docs/LogStreamSchema.md)
+ - [LogStreamSettingsAws](docs/LogStreamSettingsAws.md)
+ - [LogStreamSettingsAwsAllOf](docs/LogStreamSettingsAwsAllOf.md)
+ - [LogStreamSettingsSplunk](docs/LogStreamSettingsSplunk.md)
+ - [LogStreamSettingsSplunkAllOf](docs/LogStreamSettingsSplunkAllOf.md)
+ - [LogStreamSplunk](docs/LogStreamSplunk.md)
+ - [LogStreamSplunkAllOf](docs/LogStreamSplunkAllOf.md)
+ - [LogStreamType](docs/LogStreamType.md)
+ - [LogTarget](docs/LogTarget.md)
+ - [LogTransaction](docs/LogTransaction.md)
+ - [LogUserAgent](docs/LogUserAgent.md)
+ - [MDMEnrollmentPolicyEnrollment](docs/MDMEnrollmentPolicyEnrollment.md)
+ - [MDMEnrollmentPolicyRuleCondition](docs/MDMEnrollmentPolicyRuleCondition.md)
+ - [MultifactorEnrollmentPolicy](docs/MultifactorEnrollmentPolicy.md)
+ - [MultifactorEnrollmentPolicyAllOf](docs/MultifactorEnrollmentPolicyAllOf.md)
+ - [MultifactorEnrollmentPolicyAuthenticatorSettings](docs/MultifactorEnrollmentPolicyAuthenticatorSettings.md)
+ - [MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll](docs/MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll.md)
+ - [MultifactorEnrollmentPolicyAuthenticatorStatus](docs/MultifactorEnrollmentPolicyAuthenticatorStatus.md)
+ - [MultifactorEnrollmentPolicyAuthenticatorType](docs/MultifactorEnrollmentPolicyAuthenticatorType.md)
+ - [MultifactorEnrollmentPolicySettings](docs/MultifactorEnrollmentPolicySettings.md)
+ - [MultifactorEnrollmentPolicySettingsType](docs/MultifactorEnrollmentPolicySettingsType.md)
+ - [NetworkZone](docs/NetworkZone.md)
+ - [NetworkZoneAddress](docs/NetworkZoneAddress.md)
+ - [NetworkZoneAddressType](docs/NetworkZoneAddressType.md)
+ - [NetworkZoneLocation](docs/NetworkZoneLocation.md)
+ - [NetworkZoneStatus](docs/NetworkZoneStatus.md)
+ - [NetworkZoneType](docs/NetworkZoneType.md)
+ - [NetworkZoneUsage](docs/NetworkZoneUsage.md)
+ - [NotificationType](docs/NotificationType.md)
+ - [OAuth2Actor](docs/OAuth2Actor.md)
+ - [OAuth2Claim](docs/OAuth2Claim.md)
+ - [OAuth2ClaimConditions](docs/OAuth2ClaimConditions.md)
+ - [OAuth2ClaimGroupFilterType](docs/OAuth2ClaimGroupFilterType.md)
+ - [OAuth2ClaimType](docs/OAuth2ClaimType.md)
+ - [OAuth2ClaimValueType](docs/OAuth2ClaimValueType.md)
+ - [OAuth2Client](docs/OAuth2Client.md)
+ - [OAuth2RefreshToken](docs/OAuth2RefreshToken.md)
+ - [OAuth2Scope](docs/OAuth2Scope.md)
+ - [OAuth2ScopeConsentGrant](docs/OAuth2ScopeConsentGrant.md)
+ - [OAuth2ScopeConsentGrantSource](docs/OAuth2ScopeConsentGrantSource.md)
+ - [OAuth2ScopeConsentType](docs/OAuth2ScopeConsentType.md)
+ - [OAuth2ScopeMetadataPublish](docs/OAuth2ScopeMetadataPublish.md)
+ - [OAuth2ScopesMediationPolicyRuleCondition](docs/OAuth2ScopesMediationPolicyRuleCondition.md)
+ - [OAuth2Token](docs/OAuth2Token.md)
+ - [OAuthApplicationCredentials](docs/OAuthApplicationCredentials.md)
+ - [OAuthApplicationCredentialsAllOf](docs/OAuthApplicationCredentialsAllOf.md)
+ - [OAuthEndpointAuthenticationMethod](docs/OAuthEndpointAuthenticationMethod.md)
+ - [OAuthGrantType](docs/OAuthGrantType.md)
+ - [OAuthResponseType](docs/OAuthResponseType.md)
+ - [OSVersion](docs/OSVersion.md)
+ - [OktaSignOnPolicy](docs/OktaSignOnPolicy.md)
+ - [OktaSignOnPolicyAllOf](docs/OktaSignOnPolicyAllOf.md)
+ - [OktaSignOnPolicyConditions](docs/OktaSignOnPolicyConditions.md)
+ - [OktaSignOnPolicyConditionsAllOf](docs/OktaSignOnPolicyConditionsAllOf.md)
+ - [OktaSignOnPolicyFactorPromptMode](docs/OktaSignOnPolicyFactorPromptMode.md)
+ - [OktaSignOnPolicyRule](docs/OktaSignOnPolicyRule.md)
+ - [OktaSignOnPolicyRuleActions](docs/OktaSignOnPolicyRuleActions.md)
+ - [OktaSignOnPolicyRuleActionsAllOf](docs/OktaSignOnPolicyRuleActionsAllOf.md)
+ - [OktaSignOnPolicyRuleAllOf](docs/OktaSignOnPolicyRuleAllOf.md)
+ - [OktaSignOnPolicyRuleConditions](docs/OktaSignOnPolicyRuleConditions.md)
+ - [OktaSignOnPolicyRuleConditionsAllOf](docs/OktaSignOnPolicyRuleConditionsAllOf.md)
+ - [OktaSignOnPolicyRuleSignonActions](docs/OktaSignOnPolicyRuleSignonActions.md)
+ - [OktaSignOnPolicyRuleSignonSessionActions](docs/OktaSignOnPolicyRuleSignonSessionActions.md)
+ - [OpenIdConnectApplication](docs/OpenIdConnectApplication.md)
+ - [OpenIdConnectApplicationAllOf](docs/OpenIdConnectApplicationAllOf.md)
+ - [OpenIdConnectApplicationConsentMethod](docs/OpenIdConnectApplicationConsentMethod.md)
+ - [OpenIdConnectApplicationIdpInitiatedLogin](docs/OpenIdConnectApplicationIdpInitiatedLogin.md)
+ - [OpenIdConnectApplicationIssuerMode](docs/OpenIdConnectApplicationIssuerMode.md)
+ - [OpenIdConnectApplicationSettings](docs/OpenIdConnectApplicationSettings.md)
+ - [OpenIdConnectApplicationSettingsAllOf](docs/OpenIdConnectApplicationSettingsAllOf.md)
+ - [OpenIdConnectApplicationSettingsClient](docs/OpenIdConnectApplicationSettingsClient.md)
+ - [OpenIdConnectApplicationSettingsClientKeys](docs/OpenIdConnectApplicationSettingsClientKeys.md)
+ - [OpenIdConnectApplicationSettingsRefreshToken](docs/OpenIdConnectApplicationSettingsRefreshToken.md)
+ - [OpenIdConnectApplicationType](docs/OpenIdConnectApplicationType.md)
+ - [OpenIdConnectRefreshTokenRotationType](docs/OpenIdConnectRefreshTokenRotationType.md)
+ - [OperationalStatus](docs/OperationalStatus.md)
+ - [OrgContactType](docs/OrgContactType.md)
+ - [OrgContactTypeObj](docs/OrgContactTypeObj.md)
+ - [OrgContactUser](docs/OrgContactUser.md)
+ - [OrgOktaCommunicationSetting](docs/OrgOktaCommunicationSetting.md)
+ - [OrgOktaSupportSetting](docs/OrgOktaSupportSetting.md)
+ - [OrgOktaSupportSettingsObj](docs/OrgOktaSupportSettingsObj.md)
+ - [OrgPreferences](docs/OrgPreferences.md)
+ - [OrgSetting](docs/OrgSetting.md)
+ - [PageRoot](docs/PageRoot.md)
+ - [PageRootEmbedded](docs/PageRootEmbedded.md)
+ - [PageRootLinks](docs/PageRootLinks.md)
+ - [PasswordCredential](docs/PasswordCredential.md)
+ - [PasswordCredentialHash](docs/PasswordCredentialHash.md)
+ - [PasswordCredentialHashAlgorithm](docs/PasswordCredentialHashAlgorithm.md)
+ - [PasswordCredentialHook](docs/PasswordCredentialHook.md)
+ - [PasswordDictionary](docs/PasswordDictionary.md)
+ - [PasswordDictionaryCommon](docs/PasswordDictionaryCommon.md)
+ - [PasswordExpirationPolicyRuleCondition](docs/PasswordExpirationPolicyRuleCondition.md)
+ - [PasswordPolicy](docs/PasswordPolicy.md)
+ - [PasswordPolicyAllOf](docs/PasswordPolicyAllOf.md)
+ - [PasswordPolicyAuthenticationProviderCondition](docs/PasswordPolicyAuthenticationProviderCondition.md)
+ - [PasswordPolicyAuthenticationProviderType](docs/PasswordPolicyAuthenticationProviderType.md)
+ - [PasswordPolicyConditions](docs/PasswordPolicyConditions.md)
+ - [PasswordPolicyConditionsAllOf](docs/PasswordPolicyConditionsAllOf.md)
+ - [PasswordPolicyDelegationSettings](docs/PasswordPolicyDelegationSettings.md)
+ - [PasswordPolicyDelegationSettingsOptions](docs/PasswordPolicyDelegationSettingsOptions.md)
+ - [PasswordPolicyPasswordSettings](docs/PasswordPolicyPasswordSettings.md)
+ - [PasswordPolicyPasswordSettingsAge](docs/PasswordPolicyPasswordSettingsAge.md)
+ - [PasswordPolicyPasswordSettingsComplexity](docs/PasswordPolicyPasswordSettingsComplexity.md)
+ - [PasswordPolicyPasswordSettingsLockout](docs/PasswordPolicyPasswordSettingsLockout.md)
+ - [PasswordPolicyRecoveryEmail](docs/PasswordPolicyRecoveryEmail.md)
+ - [PasswordPolicyRecoveryEmailProperties](docs/PasswordPolicyRecoveryEmailProperties.md)
+ - [PasswordPolicyRecoveryEmailRecoveryToken](docs/PasswordPolicyRecoveryEmailRecoveryToken.md)
+ - [PasswordPolicyRecoveryFactorSettings](docs/PasswordPolicyRecoveryFactorSettings.md)
+ - [PasswordPolicyRecoveryFactors](docs/PasswordPolicyRecoveryFactors.md)
+ - [PasswordPolicyRecoveryQuestion](docs/PasswordPolicyRecoveryQuestion.md)
+ - [PasswordPolicyRecoveryQuestionComplexity](docs/PasswordPolicyRecoveryQuestionComplexity.md)
+ - [PasswordPolicyRecoveryQuestionProperties](docs/PasswordPolicyRecoveryQuestionProperties.md)
+ - [PasswordPolicyRecoverySettings](docs/PasswordPolicyRecoverySettings.md)
+ - [PasswordPolicyRule](docs/PasswordPolicyRule.md)
+ - [PasswordPolicyRuleAction](docs/PasswordPolicyRuleAction.md)
+ - [PasswordPolicyRuleActions](docs/PasswordPolicyRuleActions.md)
+ - [PasswordPolicyRuleActionsAllOf](docs/PasswordPolicyRuleActionsAllOf.md)
+ - [PasswordPolicyRuleAllOf](docs/PasswordPolicyRuleAllOf.md)
+ - [PasswordPolicyRuleConditions](docs/PasswordPolicyRuleConditions.md)
+ - [PasswordPolicyRuleConditionsAllOf](docs/PasswordPolicyRuleConditionsAllOf.md)
+ - [PasswordPolicySettings](docs/PasswordPolicySettings.md)
+ - [PasswordProtectionWarningTrigger](docs/PasswordProtectionWarningTrigger.md)
+ - [PasswordSettingObject](docs/PasswordSettingObject.md)
+ - [PerClientRateLimitMode](docs/PerClientRateLimitMode.md)
+ - [PerClientRateLimitSettings](docs/PerClientRateLimitSettings.md)
+ - [PerClientRateLimitSettingsUseCaseModeOverrides](docs/PerClientRateLimitSettingsUseCaseModeOverrides.md)
+ - [Permission](docs/Permission.md)
+ - [PermissionLinks](docs/PermissionLinks.md)
+ - [Permissions](docs/Permissions.md)
+ - [PipelineType](docs/PipelineType.md)
+ - [Platform](docs/Platform.md)
+ - [PlatformConditionEvaluatorPlatform](docs/PlatformConditionEvaluatorPlatform.md)
+ - [PlatformConditionEvaluatorPlatformOperatingSystem](docs/PlatformConditionEvaluatorPlatformOperatingSystem.md)
+ - [PlatformConditionEvaluatorPlatformOperatingSystemVersion](docs/PlatformConditionEvaluatorPlatformOperatingSystemVersion.md)
+ - [PlatformConditionOperatingSystemVersionMatchType](docs/PlatformConditionOperatingSystemVersionMatchType.md)
+ - [PlatformPolicyRuleCondition](docs/PlatformPolicyRuleCondition.md)
+ - [Policy](docs/Policy.md)
+ - [PolicyAccess](docs/PolicyAccess.md)
+ - [PolicyAccountLink](docs/PolicyAccountLink.md)
+ - [PolicyAccountLinkAction](docs/PolicyAccountLinkAction.md)
+ - [PolicyAccountLinkFilter](docs/PolicyAccountLinkFilter.md)
+ - [PolicyAccountLinkFilterGroups](docs/PolicyAccountLinkFilterGroups.md)
+ - [PolicyNetworkCondition](docs/PolicyNetworkCondition.md)
+ - [PolicyNetworkConnection](docs/PolicyNetworkConnection.md)
+ - [PolicyPeopleCondition](docs/PolicyPeopleCondition.md)
+ - [PolicyPlatformOperatingSystemType](docs/PolicyPlatformOperatingSystemType.md)
+ - [PolicyPlatformType](docs/PolicyPlatformType.md)
+ - [PolicyRule](docs/PolicyRule.md)
+ - [PolicyRuleActions](docs/PolicyRuleActions.md)
+ - [PolicyRuleActionsEnroll](docs/PolicyRuleActionsEnroll.md)
+ - [PolicyRuleActionsEnrollSelf](docs/PolicyRuleActionsEnrollSelf.md)
+ - [PolicyRuleAuthContextCondition](docs/PolicyRuleAuthContextCondition.md)
+ - [PolicyRuleAuthContextType](docs/PolicyRuleAuthContextType.md)
+ - [PolicyRuleConditions](docs/PolicyRuleConditions.md)
+ - [PolicyRuleType](docs/PolicyRuleType.md)
+ - [PolicySubject](docs/PolicySubject.md)
+ - [PolicySubjectMatchType](docs/PolicySubjectMatchType.md)
+ - [PolicyType](docs/PolicyType.md)
+ - [PolicyUserNameTemplate](docs/PolicyUserNameTemplate.md)
+ - [PolicyUserStatus](docs/PolicyUserStatus.md)
+ - [PossessionConstraint](docs/PossessionConstraint.md)
+ - [PossessionConstraintAllOf](docs/PossessionConstraintAllOf.md)
+ - [PreRegistrationInlineHook](docs/PreRegistrationInlineHook.md)
+ - [PrincipalRateLimitEntity](docs/PrincipalRateLimitEntity.md)
+ - [PrincipalType](docs/PrincipalType.md)
+ - [ProfileEnrollmentPolicy](docs/ProfileEnrollmentPolicy.md)
+ - [ProfileEnrollmentPolicyRule](docs/ProfileEnrollmentPolicyRule.md)
+ - [ProfileEnrollmentPolicyRuleAction](docs/ProfileEnrollmentPolicyRuleAction.md)
+ - [ProfileEnrollmentPolicyRuleActions](docs/ProfileEnrollmentPolicyRuleActions.md)
+ - [ProfileEnrollmentPolicyRuleActionsAllOf](docs/ProfileEnrollmentPolicyRuleActionsAllOf.md)
+ - [ProfileEnrollmentPolicyRuleActivationRequirement](docs/ProfileEnrollmentPolicyRuleActivationRequirement.md)
+ - [ProfileEnrollmentPolicyRuleAllOf](docs/ProfileEnrollmentPolicyRuleAllOf.md)
+ - [ProfileEnrollmentPolicyRuleProfileAttribute](docs/ProfileEnrollmentPolicyRuleProfileAttribute.md)
+ - [ProfileMapping](docs/ProfileMapping.md)
+ - [ProfileMappingProperty](docs/ProfileMappingProperty.md)
+ - [ProfileMappingPropertyPushStatus](docs/ProfileMappingPropertyPushStatus.md)
+ - [ProfileMappingSource](docs/ProfileMappingSource.md)
+ - [ProfileSettingObject](docs/ProfileSettingObject.md)
+ - [Protocol](docs/Protocol.md)
+ - [ProtocolAlgorithmType](docs/ProtocolAlgorithmType.md)
+ - [ProtocolAlgorithmTypeSignature](docs/ProtocolAlgorithmTypeSignature.md)
+ - [ProtocolAlgorithmTypeSignatureScope](docs/ProtocolAlgorithmTypeSignatureScope.md)
+ - [ProtocolAlgorithms](docs/ProtocolAlgorithms.md)
+ - [ProtocolEndpoint](docs/ProtocolEndpoint.md)
+ - [ProtocolEndpointBinding](docs/ProtocolEndpointBinding.md)
+ - [ProtocolEndpointType](docs/ProtocolEndpointType.md)
+ - [ProtocolEndpoints](docs/ProtocolEndpoints.md)
+ - [ProtocolRelayState](docs/ProtocolRelayState.md)
+ - [ProtocolRelayStateFormat](docs/ProtocolRelayStateFormat.md)
+ - [ProtocolSettings](docs/ProtocolSettings.md)
+ - [ProtocolType](docs/ProtocolType.md)
+ - [ProviderType](docs/ProviderType.md)
+ - [Provisioning](docs/Provisioning.md)
+ - [ProvisioningAction](docs/ProvisioningAction.md)
+ - [ProvisioningConditions](docs/ProvisioningConditions.md)
+ - [ProvisioningConnection](docs/ProvisioningConnection.md)
+ - [ProvisioningConnectionAuthScheme](docs/ProvisioningConnectionAuthScheme.md)
+ - [ProvisioningConnectionProfile](docs/ProvisioningConnectionProfile.md)
+ - [ProvisioningConnectionRequest](docs/ProvisioningConnectionRequest.md)
+ - [ProvisioningConnectionStatus](docs/ProvisioningConnectionStatus.md)
+ - [ProvisioningDeprovisionedAction](docs/ProvisioningDeprovisionedAction.md)
+ - [ProvisioningDeprovisionedCondition](docs/ProvisioningDeprovisionedCondition.md)
+ - [ProvisioningGroups](docs/ProvisioningGroups.md)
+ - [ProvisioningGroupsAction](docs/ProvisioningGroupsAction.md)
+ - [ProvisioningSuspendedAction](docs/ProvisioningSuspendedAction.md)
+ - [ProvisioningSuspendedCondition](docs/ProvisioningSuspendedCondition.md)
+ - [PushProvider](docs/PushProvider.md)
+ - [PushUserFactor](docs/PushUserFactor.md)
+ - [PushUserFactorAllOf](docs/PushUserFactorAllOf.md)
+ - [PushUserFactorProfile](docs/PushUserFactorProfile.md)
+ - [RateLimitAdminNotifications](docs/RateLimitAdminNotifications.md)
+ - [RecoveryQuestionCredential](docs/RecoveryQuestionCredential.md)
+ - [ReleaseChannel](docs/ReleaseChannel.md)
+ - [RequiredEnum](docs/RequiredEnum.md)
+ - [ResetPasswordToken](docs/ResetPasswordToken.md)
+ - [ResourceSet](docs/ResourceSet.md)
+ - [ResourceSetBindingAddMembersRequest](docs/ResourceSetBindingAddMembersRequest.md)
+ - [ResourceSetBindingCreateRequest](docs/ResourceSetBindingCreateRequest.md)
+ - [ResourceSetBindingMember](docs/ResourceSetBindingMember.md)
+ - [ResourceSetBindingMembers](docs/ResourceSetBindingMembers.md)
+ - [ResourceSetBindingMembersLinks](docs/ResourceSetBindingMembersLinks.md)
+ - [ResourceSetBindingResponse](docs/ResourceSetBindingResponse.md)
+ - [ResourceSetBindingResponseLinks](docs/ResourceSetBindingResponseLinks.md)
+ - [ResourceSetBindingRole](docs/ResourceSetBindingRole.md)
+ - [ResourceSetBindingRoleLinks](docs/ResourceSetBindingRoleLinks.md)
+ - [ResourceSetBindings](docs/ResourceSetBindings.md)
+ - [ResourceSetLinks](docs/ResourceSetLinks.md)
+ - [ResourceSetResource](docs/ResourceSetResource.md)
+ - [ResourceSetResourcePatchRequest](docs/ResourceSetResourcePatchRequest.md)
+ - [ResourceSetResources](docs/ResourceSetResources.md)
+ - [ResourceSetResourcesLinks](docs/ResourceSetResourcesLinks.md)
+ - [ResourceSets](docs/ResourceSets.md)
+ - [RiskEvent](docs/RiskEvent.md)
+ - [RiskEventSubject](docs/RiskEventSubject.md)
+ - [RiskEventSubjectRiskLevel](docs/RiskEventSubjectRiskLevel.md)
+ - [RiskPolicyRuleCondition](docs/RiskPolicyRuleCondition.md)
+ - [RiskProvider](docs/RiskProvider.md)
+ - [RiskProviderAction](docs/RiskProviderAction.md)
+ - [RiskScorePolicyRuleCondition](docs/RiskScorePolicyRuleCondition.md)
+ - [Role](docs/Role.md)
+ - [RoleAssignmentType](docs/RoleAssignmentType.md)
+ - [RolePermissionType](docs/RolePermissionType.md)
+ - [RoleType](docs/RoleType.md)
+ - [SafeBrowsingProtectionLevel](docs/SafeBrowsingProtectionLevel.md)
+ - [SamlApplication](docs/SamlApplication.md)
+ - [SamlApplicationAllOf](docs/SamlApplicationAllOf.md)
+ - [SamlApplicationSettings](docs/SamlApplicationSettings.md)
+ - [SamlApplicationSettingsAllOf](docs/SamlApplicationSettingsAllOf.md)
+ - [SamlApplicationSettingsApplication](docs/SamlApplicationSettingsApplication.md)
+ - [SamlApplicationSettingsSignOn](docs/SamlApplicationSettingsSignOn.md)
+ - [SamlAttributeStatement](docs/SamlAttributeStatement.md)
+ - [ScheduledUserLifecycleAction](docs/ScheduledUserLifecycleAction.md)
+ - [SchemeApplicationCredentials](docs/SchemeApplicationCredentials.md)
+ - [SchemeApplicationCredentialsAllOf](docs/SchemeApplicationCredentialsAllOf.md)
+ - [ScreenLockType](docs/ScreenLockType.md)
+ - [SecurePasswordStoreApplication](docs/SecurePasswordStoreApplication.md)
+ - [SecurePasswordStoreApplicationAllOf](docs/SecurePasswordStoreApplicationAllOf.md)
+ - [SecurePasswordStoreApplicationSettings](docs/SecurePasswordStoreApplicationSettings.md)
+ - [SecurePasswordStoreApplicationSettingsAllOf](docs/SecurePasswordStoreApplicationSettingsAllOf.md)
+ - [SecurePasswordStoreApplicationSettingsApplication](docs/SecurePasswordStoreApplicationSettingsApplication.md)
+ - [SecurityQuestion](docs/SecurityQuestion.md)
+ - [SecurityQuestionUserFactor](docs/SecurityQuestionUserFactor.md)
+ - [SecurityQuestionUserFactorAllOf](docs/SecurityQuestionUserFactorAllOf.md)
+ - [SecurityQuestionUserFactorProfile](docs/SecurityQuestionUserFactorProfile.md)
+ - [SeedEnum](docs/SeedEnum.md)
+ - [Session](docs/Session.md)
+ - [SessionAuthenticationMethod](docs/SessionAuthenticationMethod.md)
+ - [SessionIdentityProvider](docs/SessionIdentityProvider.md)
+ - [SessionIdentityProviderType](docs/SessionIdentityProviderType.md)
+ - [SessionStatus](docs/SessionStatus.md)
+ - [SignInPage](docs/SignInPage.md)
+ - [SignInPageAllOf](docs/SignInPageAllOf.md)
+ - [SignInPageAllOfWidgetCustomizations](docs/SignInPageAllOfWidgetCustomizations.md)
+ - [SignInPageTouchPointVariant](docs/SignInPageTouchPointVariant.md)
+ - [SignOnInlineHook](docs/SignOnInlineHook.md)
+ - [SingleLogout](docs/SingleLogout.md)
+ - [SmsTemplate](docs/SmsTemplate.md)
+ - [SmsTemplateType](docs/SmsTemplateType.md)
+ - [SmsUserFactor](docs/SmsUserFactor.md)
+ - [SmsUserFactorAllOf](docs/SmsUserFactorAllOf.md)
+ - [SmsUserFactorProfile](docs/SmsUserFactorProfile.md)
+ - [SocialAuthToken](docs/SocialAuthToken.md)
+ - [SpCertificate](docs/SpCertificate.md)
+ - [Subscription](docs/Subscription.md)
+ - [SubscriptionStatus](docs/SubscriptionStatus.md)
+ - [SwaApplicationSettings](docs/SwaApplicationSettings.md)
+ - [SwaApplicationSettingsAllOf](docs/SwaApplicationSettingsAllOf.md)
+ - [SwaApplicationSettingsApplication](docs/SwaApplicationSettingsApplication.md)
+ - [TempPassword](docs/TempPassword.md)
+ - [Theme](docs/Theme.md)
+ - [ThemeResponse](docs/ThemeResponse.md)
+ - [ThreatInsightConfiguration](docs/ThreatInsightConfiguration.md)
+ - [TokenAuthorizationServerPolicyRuleAction](docs/TokenAuthorizationServerPolicyRuleAction.md)
+ - [TokenAuthorizationServerPolicyRuleActionInlineHook](docs/TokenAuthorizationServerPolicyRuleActionInlineHook.md)
+ - [TokenUserFactor](docs/TokenUserFactor.md)
+ - [TokenUserFactorAllOf](docs/TokenUserFactorAllOf.md)
+ - [TokenUserFactorProfile](docs/TokenUserFactorProfile.md)
+ - [TotpUserFactor](docs/TotpUserFactor.md)
+ - [TotpUserFactorAllOf](docs/TotpUserFactorAllOf.md)
+ - [TotpUserFactorProfile](docs/TotpUserFactorProfile.md)
+ - [TrustedOrigin](docs/TrustedOrigin.md)
+ - [TrustedOriginScope](docs/TrustedOriginScope.md)
+ - [TrustedOriginScopeType](docs/TrustedOriginScopeType.md)
+ - [U2fUserFactor](docs/U2fUserFactor.md)
+ - [U2fUserFactorAllOf](docs/U2fUserFactorAllOf.md)
+ - [U2fUserFactorProfile](docs/U2fUserFactorProfile.md)
+ - [UpdateDomain](docs/UpdateDomain.md)
+ - [UpdateEmailDomain](docs/UpdateEmailDomain.md)
+ - [UpdateUserRequest](docs/UpdateUserRequest.md)
+ - [User](docs/User.md)
+ - [UserActivationToken](docs/UserActivationToken.md)
+ - [UserBlock](docs/UserBlock.md)
+ - [UserCondition](docs/UserCondition.md)
+ - [UserCredentials](docs/UserCredentials.md)
+ - [UserFactor](docs/UserFactor.md)
+ - [UserIdentifierConditionEvaluatorPattern](docs/UserIdentifierConditionEvaluatorPattern.md)
+ - [UserIdentifierMatchType](docs/UserIdentifierMatchType.md)
+ - [UserIdentifierPolicyRuleCondition](docs/UserIdentifierPolicyRuleCondition.md)
+ - [UserIdentifierType](docs/UserIdentifierType.md)
+ - [UserIdentityProviderLinkRequest](docs/UserIdentityProviderLinkRequest.md)
+ - [UserLifecycleAttributePolicyRuleCondition](docs/UserLifecycleAttributePolicyRuleCondition.md)
+ - [UserLockoutSettings](docs/UserLockoutSettings.md)
+ - [UserNextLogin](docs/UserNextLogin.md)
+ - [UserPolicyRuleCondition](docs/UserPolicyRuleCondition.md)
+ - [UserProfile](docs/UserProfile.md)
+ - [UserSchema](docs/UserSchema.md)
+ - [UserSchemaAttribute](docs/UserSchemaAttribute.md)
+ - [UserSchemaAttributeEnum](docs/UserSchemaAttributeEnum.md)
+ - [UserSchemaAttributeItems](docs/UserSchemaAttributeItems.md)
+ - [UserSchemaAttributeMaster](docs/UserSchemaAttributeMaster.md)
+ - [UserSchemaAttributeMasterPriority](docs/UserSchemaAttributeMasterPriority.md)
+ - [UserSchemaAttributeMasterType](docs/UserSchemaAttributeMasterType.md)
+ - [UserSchemaAttributePermission](docs/UserSchemaAttributePermission.md)
+ - [UserSchemaAttributeScope](docs/UserSchemaAttributeScope.md)
+ - [UserSchemaAttributeType](docs/UserSchemaAttributeType.md)
+ - [UserSchemaAttributeUnion](docs/UserSchemaAttributeUnion.md)
+ - [UserSchemaBase](docs/UserSchemaBase.md)
+ - [UserSchemaBaseProperties](docs/UserSchemaBaseProperties.md)
+ - [UserSchemaDefinitions](docs/UserSchemaDefinitions.md)
+ - [UserSchemaProperties](docs/UserSchemaProperties.md)
+ - [UserSchemaPropertiesProfile](docs/UserSchemaPropertiesProfile.md)
+ - [UserSchemaPropertiesProfileItem](docs/UserSchemaPropertiesProfileItem.md)
+ - [UserSchemaPublic](docs/UserSchemaPublic.md)
+ - [UserStatus](docs/UserStatus.md)
+ - [UserStatusPolicyRuleCondition](docs/UserStatusPolicyRuleCondition.md)
+ - [UserType](docs/UserType.md)
+ - [UserTypeCondition](docs/UserTypeCondition.md)
+ - [UserVerificationEnum](docs/UserVerificationEnum.md)
+ - [VerificationMethod](docs/VerificationMethod.md)
+ - [VerifyFactorRequest](docs/VerifyFactorRequest.md)
+ - [VerifyUserFactorResponse](docs/VerifyUserFactorResponse.md)
+ - [VerifyUserFactorResult](docs/VerifyUserFactorResult.md)
+ - [VersionObject](docs/VersionObject.md)
+ - [WebAuthnUserFactor](docs/WebAuthnUserFactor.md)
+ - [WebAuthnUserFactorAllOf](docs/WebAuthnUserFactorAllOf.md)
+ - [WebAuthnUserFactorProfile](docs/WebAuthnUserFactorProfile.md)
+ - [WebUserFactor](docs/WebUserFactor.md)
+ - [WebUserFactorAllOf](docs/WebUserFactorAllOf.md)
+ - [WebUserFactorProfile](docs/WebUserFactorProfile.md)
+ - [WellKnownOrgMetadata](docs/WellKnownOrgMetadata.md)
+ - [WellKnownOrgMetadataLinks](docs/WellKnownOrgMetadataLinks.md)
+ - [WellKnownOrgMetadataSettings](docs/WellKnownOrgMetadataSettings.md)
+ - [WsFederationApplication](docs/WsFederationApplication.md)
+ - [WsFederationApplicationAllOf](docs/WsFederationApplicationAllOf.md)
+ - [WsFederationApplicationSettings](docs/WsFederationApplicationSettings.md)
+ - [WsFederationApplicationSettingsAllOf](docs/WsFederationApplicationSettingsAllOf.md)
+ - [WsFederationApplicationSettingsApplication](docs/WsFederationApplicationSettingsApplication.md)
+
+
+## Documentation For Authorization
+
+
+
+### apiToken
+
+- **Type**: API key
+- **API key parameter name**: Authorization
+- **Location**: HTTP header
+
+Note, each API key must be added to a map of `map[string]APIKey` where the key is: Authorization and passed in as the auth context for each request.
+
+
+### oauth2
+
+
+- **Type**: OAuth
+- **Flow**: accessCode
+- **Authorization URL**: /oauth2/v1/authorize
+- **Scopes**: 
+ - **okta.agentPools.manage**: Allows the app to create and manage agent pools in your Okta organization.
+ - **okta.agentPools.read**: Allows the app to read agent pools in your Okta organization.
+ - **okta.apiToken.manage**: Allows the app to manage API Tokens in your Okta organization.
+ - **okta.apiToken.read**: Allows the app to read API Tokens in your Okta organization.
+ - **okta.apps.manage**: Allows the app to create and manage Apps in your Okta organization.
+ - **okta.apps.read**: Allows the app to read information about Apps in your Okta organization.
+ - **okta.authenticators.manage**: Allows the app to manage all authenticators (e.g. enrollments, reset).
+ - **okta.authenticators.read**: Allows the app to read org authenticators information.
+ - **okta.authorizationServers.manage**: Allows the app to create and manage Authorization Servers in your Okta organization.
+ - **okta.authorizationServers.read**: Allows the app to read information about Authorization Servers in your Okta organization.
+ - **okta.behaviors.manage**: Allows the app to create and manage behavior detection rules in your Okta organization.
+ - **okta.behaviors.read**: Allows the app to read behavior detection rules in your Okta organization.
+ - **okta.brands.manage**: Allows the app to create and manage Brands and Themes in your Okta organization.
+ - **okta.brands.read**: Allows the app to read information about Brands and Themes in your Okta organization.
+ - **okta.captchas.manage**: Allows the app to create and manage CAPTCHAs in your Okta organization.
+ - **okta.captchas.read**: Allows the app to read information about CAPTCHAs in your Okta organization.
+ - **okta.deviceAssurance.manage**: Allows the app to manage device assurances.
+ - **okta.deviceAssurance.read**: Allows the app to read device assurances.
+ - **okta.devices.manage**: Allows the app to manage device status transitions and delete a device.
+ - **okta.devices.read**: Allows the app to read the existing device's profile and search devices.
+ - **okta.domains.manage**: Allows the app to manage custom Domains for your Okta organization.
+ - **okta.domains.read**: Allows the app to read information about custom Domains for your Okta organization.
+ - **okta.eventHooks.manage**: Allows the app to create and manage Event Hooks in your Okta organization.
+ - **okta.eventHooks.read**: Allows the app to read information about Event Hooks in your Okta organization.
+ - **okta.groups.manage**: Allows the app to manage existing groups in your Okta organization.
+ - **okta.groups.read**: Allows the app to read information about groups and their members in your Okta organization.
+ - **okta.identitySources.manage**: Allows the custom identity sources to manage user entities in your Okta organization
+ - **okta.identitySources.read**: Allows to read session information for custom identity sources in your Okta organization
+ - **okta.idps.manage**: Allows the app to create and manage Identity Providers in your Okta organization.
+ - **okta.idps.read**: Allows the app to read information about Identity Providers in your Okta organization.
+ - **okta.inlineHooks.manage**: Allows the app to create and manage Inline Hooks in your Okta organization.
+ - **okta.inlineHooks.read**: Allows the app to read information about Inline Hooks in your Okta organization.
+ - **okta.linkedObjects.manage**: Allows the app to manage linked object definitions in your Okta organization.
+ - **okta.linkedObjects.read**: Allows the app to read linked object definitions in your Okta organization.
+ - **okta.logStreams.manage**: Allows the app to create and manage log streams in your Okta organization.
+ - **okta.logStreams.read**: Allows the app to read information about log streams in your Okta organization.
+ - **okta.logs.read**: Allows the app to read information about System Log entries in your Okta organization.
+ - **okta.orgs.manage**: Allows the app to manage organization-specific details for your Okta organization.
+ - **okta.orgs.read**: Allows the app to read organization-specific details about your Okta organization.
+ - **okta.policies.manage**: Allows the app to manage policies in your Okta organization.
+ - **okta.policies.read**: Allows the app to read information about policies in your Okta organization.
+ - **okta.principalRateLimits.manage**: Allows the app to create and manage Principal Rate Limits in your Okta organization.
+ - **okta.principalRateLimits.read**: Allows the app to read information about Principal Rate Limits in your Okta organization.
+ - **okta.profileMappings.manage**: Allows the app to manage user profile mappings in your Okta organization.
+ - **okta.profileMappings.read**: Allows the app to read user profile mappings in your Okta organization.
+ - **okta.pushProviders.manage**: Allows the app to create and manage push notification providers such as APNs and FCM.
+ - **okta.pushProviders.read**: Allows the app to read push notification providers such as APNs and FCM.
+ - **okta.rateLimits.manage**: Allows the app to create and manage rate limits in your Okta organization.
+ - **okta.rateLimits.read**: Allows the app to read information about rate limits in your Okta organization.
+ - **okta.riskEvents.manage**: Allows the app to publish risk events to your Okta organization.
+ - **okta.riskProviders.manage**: Allows the app to create and manage risk provider integrations in your Okta organization.
+ - **okta.riskProviders.read**: Allows the app to read all risk provider integrations in your Okta organization.
+ - **okta.roles.manage**: Allows the app to manage administrative role assignments for users in your Okta organization.
+ - **okta.roles.read**: Allows the app to read administrative role assignments for users in your Okta organization.
+ - **okta.schemas.manage**: Allows the app to create and manage Schemas in your Okta organization.
+ - **okta.schemas.read**: Allows the app to read information about Schemas in your Okta organization.
+ - **okta.sessions.manage**: Allows the app to manage all sessions in your Okta organization.
+ - **okta.sessions.read**: Allows the app to read all sessions in your Okta organization.
+ - **okta.templates.manage**: Allows the app to manage all custom templates in your Okta organization.
+ - **okta.templates.read**: Allows the app to read all custom templates in your Okta organization.
+ - **okta.trustedOrigins.manage**: Allows the app to manage all Trusted Origins in your Okta organization.
+ - **okta.trustedOrigins.read**: Allows the app to read all Trusted Origins in your Okta organization.
+ - **okta.userTypes.manage**: Allows the app to manage user types in your Okta organization.
+ - **okta.userTypes.read**: Allows the app to read user types in your Okta organization.
+ - **okta.users.manage**: Allows the app to create new users and to manage all users' profile and credentials information.
+ - **okta.users.read**: Allows the app to read the existing users' profiles and credentials.
+
+Example
+
+```golang
+auth := context.WithValue(context.Background(), sw.ContextAccessToken, "ACCESSTOKENSTRING")
+r, err := client.Service.Operation(auth, args)
+```
+
+Or via OAuth2 module to automatically refresh tokens and perform user authentication.
+
+```golang
+import "golang.org/x/oauth2"
+
+/* Perform OAuth2 round trip request and obtain a token */
+
+tokenSource := oauth2cfg.TokenSource(createContext(httpClient), &token)
+auth := context.WithValue(oauth2.NoContext, sw.ContextOAuth2, tokenSource)
+r, err := client.Service.Operation(auth, args)
+```
+
+
+## Documentation for Utility Methods
+
+Due to the fact that model structure members are all pointers, this package contains
+a number of utility functions to easily obtain pointers to values of basic types.
+Each of these functions takes a value of the given basic type and returns a pointer to it:
+
+* `PtrBool`
+* `PtrInt`
+* `PtrInt32`
+* `PtrInt64`
+* `PtrFloat`
+* `PtrFloat32`
+* `PtrFloat64`
+* `PtrString`
+* `PtrTime`
+
+## Author
+
+devex-public@okta.com
diff --git a/okta/accessPolicy.go b/okta/accessPolicy.go
deleted file mode 100644
index c61325d63..000000000
--- a/okta/accessPolicy.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type AccessPolicy struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Conditions  *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	Description string                `json:"description,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Name        string                `json:"name,omitempty"`
-	Priority    int64                 `json:"-"`
-	PriorityPtr *int64                `json:"priority,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	System      *bool                 `json:"system,omitempty"`
-	Type        string                `json:"type,omitempty"`
-}
-
-func NewAccessPolicy() *AccessPolicy {
-	return &AccessPolicy{
-		Type: "ACCESS_POLICY",
-	}
-}
-
-func (a *AccessPolicy) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *AccessPolicy) MarshalJSON() ([]byte, error) {
-	type Alias AccessPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AccessPolicy) UnmarshalJSON(data []byte) error {
-	type Alias AccessPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/accessPolicyConstraint.go b/okta/accessPolicyConstraint.go
deleted file mode 100644
index 6a7d9e3d5..000000000
--- a/okta/accessPolicyConstraint.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AccessPolicyConstraint struct {
-	Methods          []string `json:"methods,omitempty"`
-	ReauthenticateIn string   `json:"reauthenticateIn,omitempty"`
-	Types            []string `json:"types,omitempty"`
-}
-
-func NewAccessPolicyConstraint() *AccessPolicyConstraint {
-	return &AccessPolicyConstraint{}
-}
-
-func (a *AccessPolicyConstraint) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/accessPolicyConstraints.go b/okta/accessPolicyConstraints.go
deleted file mode 100644
index fc6004b60..000000000
--- a/okta/accessPolicyConstraints.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AccessPolicyConstraints struct {
-	Knowledge  *KnowledgeConstraint  `json:"knowledge,omitempty"`
-	Possession *PossessionConstraint `json:"possession,omitempty"`
-}
-
-func NewAccessPolicyConstraints() *AccessPolicyConstraints {
-	return &AccessPolicyConstraints{}
-}
-
-func (a *AccessPolicyConstraints) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/accessPolicyRule.go b/okta/accessPolicyRule.go
deleted file mode 100644
index 0fffb5010..000000000
--- a/okta/accessPolicyRule.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type AccessPolicyRule struct {
-	Actions     *AccessPolicyRuleActions    `json:"actions,omitempty"`
-	Conditions  *AccessPolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time                  `json:"created,omitempty"`
-	Id          string                      `json:"id,omitempty"`
-	LastUpdated *time.Time                  `json:"lastUpdated,omitempty"`
-	Name        string                      `json:"name,omitempty"`
-	Priority    int64                       `json:"-"`
-	PriorityPtr *int64                      `json:"priority,omitempty"`
-	Status      string                      `json:"status,omitempty"`
-	System      *bool                       `json:"system,omitempty"`
-	Type        string                      `json:"type,omitempty"`
-}
-
-func NewAccessPolicyRule() *AccessPolicyRule {
-	return &AccessPolicyRule{
-		Status: "ACTIVE",
-		System: boolPtr(false),
-		Type:   "ACCESS_POLICY",
-	}
-}
-
-func (a *AccessPolicyRule) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *AccessPolicyRule) MarshalJSON() ([]byte, error) {
-	type Alias AccessPolicyRule
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AccessPolicyRule) UnmarshalJSON(data []byte) error {
-	type Alias AccessPolicyRule
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/accessPolicyRuleActions.go b/okta/accessPolicyRuleActions.go
deleted file mode 100644
index 93dc5613c..000000000
--- a/okta/accessPolicyRuleActions.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AccessPolicyRuleActions struct {
-	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
-	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
-	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
-	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
-	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
-	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
-	AppSignOn                *AccessPolicyRuleApplicationSignOn `json:"appSignOn,omitempty"`
-}
-
-func NewAccessPolicyRuleActions() *AccessPolicyRuleActions {
-	return &AccessPolicyRuleActions{}
-}
-
-func (a *AccessPolicyRuleActions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/accessPolicyRuleApplicationSignOn.go b/okta/accessPolicyRuleApplicationSignOn.go
deleted file mode 100644
index 1a3284cfb..000000000
--- a/okta/accessPolicyRuleApplicationSignOn.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AccessPolicyRuleApplicationSignOn struct {
-	Access             string              `json:"access,omitempty"`
-	VerificationMethod *VerificationMethod `json:"verificationMethod,omitempty"`
-}
-
-func NewAccessPolicyRuleApplicationSignOn() *AccessPolicyRuleApplicationSignOn {
-	return &AccessPolicyRuleApplicationSignOn{}
-}
-
-func (a *AccessPolicyRuleApplicationSignOn) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/accessPolicyRuleConditions.go b/okta/accessPolicyRuleConditions.go
deleted file mode 100644
index 78a17f15f..000000000
--- a/okta/accessPolicyRuleConditions.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AccessPolicyRuleConditions struct {
-	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
-	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
-	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
-	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
-	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
-	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
-	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
-	Device                *DeviceAccessPolicyRuleCondition               `json:"device,omitempty"`
-	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
-	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
-	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
-	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
-	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
-	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
-	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
-	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
-	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
-	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
-	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
-	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
-	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
-	ElCondition           *AccessPolicyRuleCustomCondition               `json:"elCondition,omitempty"`
-	UserType              *UserTypeCondition                             `json:"userType,omitempty"`
-}
-
-func NewAccessPolicyRuleConditions() *AccessPolicyRuleConditions {
-	return &AccessPolicyRuleConditions{}
-}
-
-func (a *AccessPolicyRuleConditions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/accessPolicyRuleCustomCondition.go b/okta/accessPolicyRuleCustomCondition.go
deleted file mode 100644
index ed13dd355..000000000
--- a/okta/accessPolicyRuleCustomCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AccessPolicyRuleCustomCondition struct {
-	Condition string `json:"condition,omitempty"`
-}
-
-func NewAccessPolicyRuleCustomCondition() *AccessPolicyRuleCustomCondition {
-	return &AccessPolicyRuleCustomCondition{}
-}
-
-func (a *AccessPolicyRuleCustomCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/acsEndpoint.go b/okta/acsEndpoint.go
deleted file mode 100644
index 40212a4d7..000000000
--- a/okta/acsEndpoint.go
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type AcsEndpoint struct {
-	Index    int64  `json:"-"`
-	IndexPtr *int64 `json:"index,omitempty"`
-	Url      string `json:"url,omitempty"`
-}
-
-func (a *AcsEndpoint) MarshalJSON() ([]byte, error) {
-	type Alias AcsEndpoint
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Index != 0 {
-		result.IndexPtr = Int64Ptr(a.Index)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AcsEndpoint) UnmarshalJSON(data []byte) error {
-	type Alias AcsEndpoint
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.IndexPtr != nil {
-		a.Index = *result.IndexPtr
-		a.IndexPtr = result.IndexPtr
-	}
-	return nil
-}
diff --git a/okta/activateFactorRequest.go b/okta/activateFactorRequest.go
deleted file mode 100644
index 5f683ad60..000000000
--- a/okta/activateFactorRequest.go
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ActivateFactorRequest struct {
-	Attestation      string `json:"attestation,omitempty"`
-	ClientData       string `json:"clientData,omitempty"`
-	PassCode         string `json:"passCode,omitempty"`
-	RegistrationData string `json:"registrationData,omitempty"`
-	StateToken       string `json:"stateToken,omitempty"`
-}
-
-func NewActivateFactorRequest() *ActivateFactorRequest {
-	return &ActivateFactorRequest{}
-}
-
-func (a *ActivateFactorRequest) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/allowedForEnum.go b/okta/allowedForEnum.go
deleted file mode 100644
index 96eac341d..000000000
--- a/okta/allowedForEnum.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AllowedForEnum string
diff --git a/okta/api/openapi.yaml b/okta/api/openapi.yaml
new file mode 100644
index 000000000..c94854afc
--- /dev/null
+++ b/okta/api/openapi.yaml
@@ -0,0 +1,51660 @@
+openapi: 3.0.3
+info:
+  contact:
+    email: devex-public@okta.com
+    name: Okta Developer Team
+    url: https://developer.okta.com/
+  description: Allows customers to easily access the Okta Management APIs
+  license:
+    name: Apache-2.0
+    url: https://www.apache.org/licenses/LICENSE-2.0.html
+  termsOfService: https://developer.okta.com/terms/
+  title: Okta Admin Management
+  version: 4.0.0
+  x-logo:
+    url: logo.svg
+    backgroundColor: transparent
+    altText: Okta Developer
+externalDocs:
+  description: Find more info here
+  url: https://developer.okta.com/docs/api/getting_started/design_principles.html
+servers:
+- url: "https://{yourOktaDomain}"
+  variables:
+    yourOktaDomain:
+      default: subdomain.okta.com
+      description: "The domain of your organization. This can be a provided subdomain\
+        \ of an official okta domain (okta.com, oktapreview.com, etc) or one of your\
+        \ configured custom domains."
+tags:
+- description: The Agent Pools API provides operation to manage the update settings
+    of the agents for your organization.
+  name: AgentPools
+  x-displayName: Agent Pools
+- description: The API Tokens API provides operations to manage SSWS API tokens for
+    your organization.
+  name: ApiToken
+  x-displayName: API Tokens
+- description: The Applications API provides operations to manage applications and/or
+    assignments to users or groups for your organization.
+  name: Application
+  x-displayName: Applications
+- description: The Attack Protection API provides operations to configure the User
+    Lockout Settings in your org to prevent brute-force attacks.
+  name: AttackProtection
+  x-displayName: Attack Protection
+- description: "The Authenticators Administration API provides operations to configure\
+    \ which Authenticators are available to end users for use when signing in to applications.\n\
+    \nEnd users are required to use one or more Authenticators depending on the security\
+    \ requirements of the authentication policy.\n\nOkta Identity Engine currently\
+    \ supports Authenticators for the following factors:\n\n**Knowledge-based:**\n\
+    \n* Password\n* Security Question\n\n**Possession-based:**\n\n* Phone (SMS, Voice\
+    \ Call)\n* Email\n* WebAuthn\n* Duo\n* Custom App <ea>Early Access</ea>"
+  name: Authenticator
+  x-displayName: Authenticators
+- description: "Authorization Servers generate OAuth 2.0 and OpenID Connect tokens,\
+    \ including access tokens and ID tokens. The Okta Management API gives you the\
+    \ ability to configure and manage Authorization Servers and the security policies\
+    \ that are attached to them."
+  name: AuthorizationServer
+  x-displayName: Authorization Servers
+- description: The Behavior Rules API provides operations to manage the behavior detection
+    rules for your organization.
+  name: Behavior
+  x-displayName: Behavior Rules
+- description: "As an option to increase org security, Okta supports CAPTCHA services\
+    \ to prevent automated sign-in attempts. You can integrate one of two providers:\
+    \ [hCaptcha](https://www.hcaptcha.com/) or [reCAPTCHA v2](https://developers.google.com/recaptcha/docs/invisible).\n\
+    \nThe vendor implementations supported by Okta are both invisible. They each run\
+    \ risk-analysis software in the background during user sign in to determine the\
+    \ likelihood that the user is a bot. This risk analysis is based on the settings\
+    \ that you configure with the provider that you choose.\n\nBefore you configure\
+    \ your org to use CAPTCHA, sign in to the vendor of your choice or sign up for\
+    \ an account. For more details, refer to [CAPTCHA integration](https://help.okta.com/okta_help.htm?type=oie&id=csh-captcha)."
+  name: CAPTCHA
+  x-displayName: CAPTCHAs
+- description: "The Brands API allows you to customize the look and feel of pages\
+    \ and templates, such as the Okta-hosted sign-in page, error pages, email templates,\
+    \ and the Okta End-User Dashboard.\n\nEach org starts off with Okta's default\
+    \ branding. You can upload your own assets (colors, background image, logo, and\
+    \ favicon) to replace Okta's default brand assets. You can then publish these\
+    \ assets directly to your pages and templates.\n\n>**Important:** Despite being\
+    \ called the Brands API (due to conventions around REST API naming), each org\
+    \ can currently contain only one brand and one theme. We will likely allow multiple\
+    \ brands and themes per org at some point in the future, so stay tuned!"
+  name: Customization
+  x-displayName: Customizations
+- description: "The Okta Devices API provides a centralized integration platform to\
+    \ fetch and manage device information. Okta administrators can use these APIs\
+    \ to manage workforce identity Device object information.\n\nThe Devices API supports\
+    \ the following **Device Operations**:\n* Get, Delete Device objects.\n* Perform\
+    \ lifecycle transitions on the Device objects.\n\nThe Devices API supports the\
+    \ following **Authorization Schemes**:\n* SSWS - [API tokens](https://developer.okta.com/docs/reference/core-okta-api/#authentication)\n\
+    * Bearer - [OAuth2.0 and OpenID Connect](https://developer.okta.com/docs/concepts/oauth-openid/)\n\
+    \n> **Note:** For devices to enroll in Okta and show up in the Devices API, the\
+    \ following actions are required:\n> 1. Admins - Enable Okta FastPass. See [Enable\
+    \ FastPass](https://help.okta.com/okta_help.htm?type=oie&id=ext-fp-enable)\n>\
+    \ 2. End users with existing mobile Okta Verify enrollments - After you upgrade\
+    \ your org to Okta Identity Engine, direct end users with existing Okta Verify\
+    \ enrollments to use [FastPass](https://help.okta.com/okta_help.htm?type=oie&id=csh-fp-main).\n\
+    \n> End users with a new enrollment in Okta Verify on an Okta Identity Engine\
+    \ org have a device record created in the device inventory by default.\nSee [Device\
+    \ Registration](https://help.okta.com/okta_help.htm?type=oie&id=csh-device-registration),\
+    \ [Login Using Okta Verify](https://help.okta.com/okta_help.htm?type=eu&id=ext-ov-user-overview)."
+  name: Device
+  x-displayName: Devices
+- description: The Device Assurance Policies API provides operations to manage device
+    assurance policies in your organization.
+  name: DeviceAssurance
+  x-displayName: Device Assurance Policies
+- description: The Domains API provides operations to manage custom domains for your
+    organization.
+  name: Domain
+  x-displayName: Domains
+- description: The Email Domains API provides operations to manage custom domains
+    for your organization.
+  name: EmailDomain
+  x-displayName: Email Domains
+- description: "The Event Hooks API provides operations to manage event hooks for\
+    \ your organization.\n\nFor general information on event hooks and how to create\
+    \ and use them, see [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/).\
+    \ The following documentation is only for the management API, which provides a\
+    \ CRUD interface for registering event hooks.\n\nFor a step-by-step guide on implementing\
+    \ an example event hook, see the [Event hook](https://developer.okta.com/docs/guides/event-hook-implementation/)\
+    \ guide."
+  name: EventHook
+  x-displayName: Event Hooks
+- description: "The Okta Features API provides operations to manage self-service Early\
+    \ Access (EA) and Beta features in your org.\n\n> **Note:** Important background\
+    \ information for this API is available on the [Feature Lifecycle Management](https://developer.okta.com/docs/concepts/feature-lifecycle-management/)\
+    \ page."
+  name: Feature
+  x-displayName: Features
+- description: The Groups API provides operations to manage Okta Groups and their
+    user members for your organization.
+  name: Group
+  x-displayName: Groups
+- description: The Hook Keys API provides operations to manage hook keys for your
+    organization.
+  name: HookKey
+  x-displayName: Hook Keys
+- description: "The Identity Providers API provides operations to manage federations\
+    \ with external Identity Providers (IdP). For example, your app can support signing\
+    \ in with credentials from Apple, Facebook, Google, LinkedIn, Microsoft, an enterprise\
+    \ IdP using SAML 2.0, or an IdP using the OpenID Connect (`OIDC`) protocol."
+  name: IdentityProvider
+  x-displayName: Identity Providers
+- description: The Okta Identity Source API provides a mechanism to synchronize an
+    HR source (the custom identity source) with Okta user profiles in an org.
+  name: IdentitySource
+  x-displayName: Identity Sources
+- description: "The Inline Hooks API provides operations to manage inline hooks for\
+    \ your organization.\n\nFor general information on inline hooks and how to create\
+    \ and use them, see [inline hooks](https://developer.okta.com/docs/concepts/inline-hooks/).\
+    \ The following documentation is only for the management API, which provides a\
+    \ CRUD interface for registering inline hooks."
+  name: InlineHook
+  x-displayName: Inline Hooks
+- description: "Users have relationships to each other, like manager and subordinate\
+    \ or customer and sales representative. You can create users with relationships\
+    \ by using the Linked Objects API to represent the relationship.\n\n1. Create\
+    \ a Linked Object definition such as Manager:Subordinate or Case Worker:Client.\
+    \ These pairs are represented by a `primary` attribute and an `associated` attribute.\n\
+    2. Link users together to create the relationship between the two. You create\
+    \ a Linked Object value with a single request that links one `primary` and one\
+    \ `associated` user.\n\nFor each relationship:\n\n* A user has at most one `primary`\
+    \ link (a user has a single manager), but can have many `associated` links (a\
+    \ user can have many subordinates).\n* A user can be the `primary` in one relationship\
+    \ and the `associated` in another.\n* A user can be both the `primary` and `associated`\
+    \ in the same relationship.\n\nOkta Expression Language function for [Linked Objects](https://developer.okta.com/docs/reference/okta-expression-language/#linked-object-function)\
+    \ provides access to the details about a linked user.\n\n> **Note:** The Linked\
+    \ Objects feature isn't available for OpenID Connect claims.\n\n## Example usage\n\
+    \nOkta allows you to create up to 200 Linked Object definitions. These definitions\
+    \ are one-to-many, for example:\n\n* A manager has many subordinates. Each subordinate\
+    \ has one manager.\n* A sales representative has many customers. Each customer\
+    \ has one sales rep.\n* A case worker has many clients. Each client has one case\
+    \ worker.\n\nMost organizations have more than one manager or sales representative.\
+    \ You can create the Linked Object definition once, and then assign the `primary`\
+    \ relationship to as many users as you have people in that relationship.\n\nYou\
+    \ can assign the `associated` relationship for a single `primary` user to as many\
+    \ users as needed. The `associated` user can be related to only one `primary`\
+    \ per Linked Object definition. But a user can be assigned to more than one Linked\
+    \ Object definition.\n\nFor example, assume that you've created one Linked Object\
+    \ definition for manager (`primary`) and for subordinates (`associated`):\n\n\
+    * Joe is Frank's manager.\n* Bob is Joe's manager, but Jane's subordinate.\n*\
+    \ Jane is the CEO, so she reports to herself.\n\nThus, you can create chains of\
+    \ relationships (Jane > Bob > Joe > Frank) or terminal relationships (Jane is\
+    \ both `primary` and `associated` user).\n\nThen, if you create another Linked\
+    \ Object relationship for scrum team membership, you could assign relationships\
+    \ to the same four users:\n\n* Bob is the scrum lead for the Identity Scrum team.\n\
+    * Joe and Frank are both contributors to the team.\n\nBob can be the `primary`\
+    \ for a Manager:Subordinate, an `associated` user for that same Linked Object\
+    \ definition, and also the `primary` for the Scrumlead:Contributor Linked Object\
+    \ definition.\n\nTo represent a relationship, create a Linked Object definition\
+    \ that specifies a `primary` (parent) relationship and an `associated` (child)\
+    \ relationship, and then add a link in which the appropriate user is assigned\
+    \ to each side of that link type.\n\n## Links between User Types\n\nIf you created\
+    \ multiple User Types, they all share the same Linked Object definitions. For\
+    \ example, if you have separate User Types for employees and contractors, a link\
+    \ could designate an employee as the manager for a contractor, with the contractor\
+    \ being a subordinate of that employee."
+  name: LinkedObject
+  x-displayName: Linked Objects
+- description: The Log Streaming API provides operations to manage Log Stream configurations
+    for an org. You can configure up to two Log Stream integrations per org.
+  name: LogStream
+  x-displayName: Log Streaming
+- description: "The Okta Network Zones API provides operations to manage Zones in\
+    \ your organization. There are two usage Zone types: Policy Network Zones and\
+    \ Blocklist Network Zones. Policy Network Zones are used to guide policy decisions.\
+    \ Blocklist Network Zones are used to deny access from certain IP addresses, locations,\
+    \ proxy types, or Autonomous System Numbers (ASNs) before policy evaluation.\n\
+    \nA default system Policy Network Zone is provided in your Okta org. You can use\
+    \ the Network Zones API to modify the default Policy Network Zone or to create\
+    \ a custom Policy or Blocklist Network Zone. When you create your custom Zone,\
+    \ you can specify if the Zone is an IP Zone or a Dynamic Zone. An IP Zone allows\
+    \ you to define network perimeters around a set of IPs, whereas a Dynamic Zone\
+    \ allows you to define network perimeters around location, IP type, and ASNs."
+  name: NetworkZone
+  x-displayName: Network Zones
+- description: "The Org Settings API provides operations to manage your org account\
+    \ settings such as contact information, granting Okta Support access, and more."
+  name: OrgSetting
+  x-displayName: Org Settings
+- description: "The Okta Policy API enables an Administrator to perform Policy and\
+    \ Policy Rule operations. The Policy framework is used by Okta to control Rules\
+    \ and settings that govern, among other things, user session lifetime, whether\
+    \ multi-factor authentication is required when logging in, what MFA factors may\
+    \ be employed, password complexity requirements, what types of self-service operations\
+    \ are permitted under various circumstances, and what identity provider to route\
+    \ users to.\n\nPolicy settings for a particular Policy type, such as Sign On Policy,\
+    \ consist of one or more Policy objects, each of which contains one or more Policy\
+    \ Rules. Policies and Rules contain conditions that determine whether they are\
+    \ applicable to a particular user at a particular time."
+  name: Policy
+  x-displayName: Policies
+- description: The Principal Rate Limits API provides operations to manage Principal
+    Rate Limits for your organization.
+  name: PrincipalRateLimit
+  x-displayName: Principal Rate Limits
+- description: "The Mappings API provides operations to manage the mapping of properties\
+    \ between an Okta User's and an App User's Profile properties using [Okta Expression\
+    \ Language](https://developer.okta.com/docs/reference/okta-expression-language).\
+    \ More information on Okta User and App User Profiles can be found in Okta's [User\
+    \ profiles](https://developer.okta.com/docs/concepts/user-profiles/#what-is-the-okta-universal-directory)."
+  name: ProfileMapping
+  x-displayName: Profile Mappings
+- description: The Push Providers API provides operations to manage Push Providers
+    for your organization.
+  name: PushProvider
+  x-displayName: Push Providers
+- description: The Rate Limit Settings APIs provide operations to manage settings
+    and configurations surrounding rate limiting in your Okta organization.
+  name: RateLimitSettings
+  x-displayName: Rate Limit Settings
+- description: "The Resource Sets API provides operations to manage Resource Sets\
+    \ as custom collections of resources. You can use Resource Sets to assign Custom\
+    \ Roles to administrators who are scoped to the designated resources. See [Supported\
+    \ Resources](https://developer.okta.com/docs/concepts/role-assignment/#supported-resources)."
+  name: ResourceSet
+  x-displayName: Resource Sets
+- description: "The Risk Events API provides the ability for third-party Risk Providers\
+    \ to send Risk Events to Okta. See [Third-party risk provider integration overview](https://developer.okta.com/docs/guides/third-party-risk-integration/)\
+    \ for guidance on integrating third-party risk providers with Okta."
+  name: RiskEvent
+  x-displayName: Risk Events
+- description: "The Risk Providers API provides the ability to manage the Risk Providers\
+    \ within Okta. See [Third-party risk provider integration overview](https://developer.okta.com/docs/guides/third-party-risk-integration/)\
+    \ for guidance on integrating third-party risk providers with Okta."
+  name: RiskProvider
+  x-displayName: Risk Providers
+- description: |-
+    The Roles API provides operations to manage administrative Role assignments for a User.
+
+    Role listing APIs provide a union of both standard and Custom Roles assigned to a User or Group.
+  name: Role
+  x-displayName: Roles
+- description: "These APIs allow you to assign custom roles to user and groups, as\
+    \ well as designate Third-Party Administrator status to a user or group."
+  name: RoleAssignment
+  x-displayName: Role Assignments
+- description: "Role targets are a way of defining permissions for admin roles into\
+    \ a smaller subset of Groups or Apps within your org. Targets limit an admin's\
+    \ permissions to a targeted area of the org. You can define admin roles to target\
+    \ Groups, Applications, and Application Instances.\n\n* **Group targets:** Grant\
+    \ an admin permission to manage only a specified Group. For example, an admin\
+    \ role may be assigned to manage only the IT Group.\n* **App targets:** Grant\
+    \ an admin permission to manage all instances of the specified Apps. Target Apps\
+    \ are Okta catalog Apps. For example, you can have multiple configurations of\
+    \ an Okta catalog App, such as Salesforce or Facebook. When you add a Salesforce\
+    \ or Facebook App as a target, that grants the admin permission to manage all\
+    \ the instances of those Apps and create new instances of them.\n* **App Instance\
+    \ targets:** Grant an admin permission to manage an instance of one App or instances\
+    \ of multiple Apps. App Instances are specific Apps that admins have created in\
+    \ their org. For example, there may be a Salesforce App configured differently\
+    \ for each sales region of a company. When you create an App Instance target,\
+    \ you can assign an admin to manage only two instances of the configured Salesforce\
+    \ Apps and then also to manage an instance of another configured App such as Workday.\n\
+    \n> **Note:** Don't use these operations with a Custom Role ID. Custom Role assignments\
+    \ always require a target Resource Set. See [Role Assignments](https://developer.okta.com/docs/concepts/role-assignment/)\
+    \ for more information."
+  name: RoleTarget
+  x-displayName: Role Targets
+- description: "The Schemas API provides operations to manage custom User profiles\
+    \ as well as endpoints to discover the structure of the Log Stream configuration.\n\
+    \nOkta's [Universal Directory](https://help.okta.com/okta_help.htm?id=ext_About_Universal_Directory)\
+    \ allows administrators to define custom User profiles for Okta Users and Applications.\n\
+    Okta adopts a subset of [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04)\
+    \ as the schema language to describe and validate extensible User profiles.\n\
+    For Log Stream Schemas, Okta uses [JSON Schema Draft 2020-12](https://json-schema.org/specification.html).\n\
+    [JSON Schema](http://json-schema.org/) is a lightweight declarative format for\
+    \ describing the structure, constraints, and validation of JSON documents.\n\n\
+    > **Note:** Okta implements only a subset of [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04)\
+    \ and [JSON Schema Draft 2020-12](https://json-schema.org/specification.html).\
+    \ This document describes which parts apply to Okta, and any extensions Okta has\
+    \ made to [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04)\
+    \ and [JSON Schema Draft 2020-12](https://json-schema.org/specification.html)."
+  name: Schema
+  x-displayName: Schemas
+- description: "Okta uses a cookie-based authentication mechanism to maintain a user's\
+    \ authentication Session across web requests. The Okta Sessions API provides operations\
+    \ to create and manage authentication Sessions for users in your Okta organization.\n\
+    \n>**Note:** Some browsers block third-party cookies by default, which disrupts\
+    \ Okta functionality in certain flows. See [FAQ: How Blocked Third Party Cookies\
+    \ Can Potentially Impact Your Okta Environment](https://support.okta.com/help/s/article/FAQ-How-Blocking-Third-Party-Cookies-Can-Potentially-Impact-Your-Okta-Environment).\n\
+    \n>**Note:** The Sessions API doesn't support direct authentication. Direct authentication\
+    \ is supported through the [Authentication API](https://developer.okta.com/docs/reference/api/authn/#authentication-operations)\
+    \ or through OIDC using the [Resource Owner Password flow](https://developer.okta.com/docs/guides/implement-grant-type/ropassword/main/).\n\
+    \n### Session cookie\n\nOkta uses an HTTP session cookie to provide access to\
+    \ your Okta organization and applications across web requests for an interactive\
+    \ user agent such as a web browser. A session cookie has an expiration configurable\
+    \ by an administrator for the organization and is valid until the cookie expires\
+    \ or the user closes the Session (logout) or browser application.\n\n### Session\
+    \ token\n\nA [session token](https://developer.okta.com/docs/reference/api/authn/#session-token)\
+    \ is a one-time bearer token that provides proof of authentication and may be\
+    \ redeemed for an interactive SSO session in Okta in a user agent. Session tokens\
+    \ can only be used **once** to establish a Session for a user and are revoked\
+    \ when the token expires.\n\nOkta provides a very rich [Authentication API](https://developer.okta.com/docs/reference/api/authn/)\
+    \ to validate a [user's primary credentials](https://developer.okta.com/docs/reference/api/authn/#primary-authentication)\
+    \ and secondary [MFA factor](https://developer.okta.com/docs/reference/api/authn/#verify-factor).\
+    \ A session token is returned after successful authentication, which can be later\
+    \ exchanged for a session cookie that uses one of the following flows:\n\n- [Retrieve\
+    \ a session cookie by visiting the OpenID Connect Authorization Endpoint](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-through-the-openid-connect-authorization-endpoint)\n\
+    - [Retrieve a session cookie by visiting a session redirect link](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-by-visiting-a-session-redirect-link)\n\
+    - [Retrieve a session cookie by visiting an application embed link](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-by-visiting-an-application-embed-link)\n\
+    \n>**Note:** **Session tokens** are secrets and should be protected at rest and\
+    \ during transit. A session token for a user is equivalent to having the user's\
+    \ actual credentials."
+  name: Session
+  x-displayName: Sessions
+- description: The Subscriptions API provides operations to manage email subscription
+    settings for Okta administrator notifications.
+  name: Subscription
+  x-displayName: Subscriptions
+- description: "The System Log records system events that are related to your organization\
+    \ in order to provide an audit trail that can be used to understand platform activity\
+    \ and to diagnose problems.\n\nThe System Log API provides near real-time, read-only\
+    \ access to your organization's system log and is the programmatic counterpart\
+    \ of the [System Log UI](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog).\n\
+    \nThe terms \"event\" and \"log event\" are often used interchangeably. In the\
+    \ context of this API, an \"event\" is an occurrence of interest within the system,\
+    \ and a \"log\" or \"log event\" is the recorded fact.\n\nThe System Log API supports\
+    \ these primary use cases:\n  * Event data export into a security information\
+    \ and event management system (SIEM)\n  * System monitoring\n  * Development debugging\n\
+    \  * Event introspection and audit\n\nThe System Log API isn't intended for use\
+    \ as a Database as a Service (DBaaS) or to serve data directly to downstream consumers\
+    \ without an intermediate data store.\n\nSee [Events API Migration](https://developer.okta.com/docs/concepts/events-api-migration/)\
+    \ for information on migrating from the Events API to the System Log API."
+  name: SystemLog
+  x-displayName: System Log
+- description: "The SMS Templates API provides operations to manage custom SMS templates\
+    \ for verification.\n\n> **Note:** Only SMS custom Templates are available through\
+    \ the API.\n\nSMS Templates customize the SMS message that is sent to users. One\
+    \ default SMS Template is provided. All custom Templates must have the variable\
+    \ `${code}` as part of the text. The `${code}` variable is replaced with the actual\
+    \ SMS code when the message is sent. Optionally, you can also use the variable\
+    \ `${org.name}`. If a Template contains `${org.name}`, it is replaced with the\
+    \ organization name before the SMS message is sent."
+  name: Template
+  x-displayName: SMS Templates
+- description: "[Okta ThreatInsight](https://help.okta.com/okta_help.htm?id=ext_threatinsight)\
+    \ maintains a constantly evolving list of IPs that exhibit suspicious behaviors\
+    \ suggestive of malicious activity. Authentication requests associated with an\
+    \ IP in this list can be logged in [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog)\
+    \ and blocked. The Okta ThreatInsight Configuration API provides operations to\
+    \ manage your ThreatInsight configuration.\n\nIn order to prevent abuse, Okta\
+    \ ThreatInsight works in a limited capacity for free trial editions. Please contact\
+    \ Okta support if fully functional Okta ThreatInsight is required."
+  name: ThreatInsight
+  x-displayName: ThreatInsight
+- description: "The Trusted Origins API provides operations to manage Trusted Origins\
+    \ and sources.\n\nWhen external URLs are requested during sign-in, sign-out, or\
+    \ recovery operations, Okta checks those URLs against the allowed list of Trusted\
+    \ Origins. Trusted Origins also enable browser-based applications to access Okta\
+    \ APIs from JavaScript (CORS). If the origins aren't specified, the related operation\
+    \ (redirect or Okta API access) isn't permitted.\n\nYou can also configure Trusted\
+    \ Origins to allow iFrame embedding of Okta resources, such as Okta sign-in pages\
+    \ and the Okta End-User Dashboard, within that origin. This is an Early Access\
+    \ feature. To enable it, contact [Okta Support](https://support.okta.com/help/s/).\n\
+    \n> **Note:** This Early Access feature is supported for Okta domains only. It\
+    \ isn't currently supported for custom domains."
+  name: TrustedOrigin
+  x-displayName: Trusted Origins
+- description: The User API provides operations to manage users in your organization.
+  name: User
+  x-displayName: Users
+- description: "The Factors API provides operations to enroll, manage, and verify\
+    \ factors for multifactor authentication (MFA). Manage both administration and\
+    \ end-user accounts, or verify an individual factor at any time."
+  name: UserFactor
+  x-displayName: User Factors
+- description: The User Types API provides operations to manage User Types.
+  name: UserType
+  x-displayName: User Types
+paths:
+  /.well-known/okta-organization:
+    get:
+      description: "Retrieves the well-known org metadata, which includes the id,\
+        \ configured custom domains, authentication pipeline, and various other org\
+        \ settings"
+      operationId: getWellknownOrgMetadata
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Identity Engine Org with Custom Domain:
+                  $ref: '#/components/examples/WellKnownOrgMetadataResponseCustomUrlOie'
+                Classic Org:
+                  $ref: '#/components/examples/WellKnownOrgMetadataResponseClassic'
+              schema:
+                $ref: '#/components/schemas/WellKnownOrgMetadata'
+          description: Success
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security: []
+      summary: Retrieve the Well-Known Org Metadata
+      tags:
+      - OrgSetting
+  /api/v1/agentPools:
+    get:
+      description: Lists all agent pools with pagination support
+      operationId: listAgentPools
+      parameters:
+      - description: Maximum number of AgentPools being returned
+        explode: true
+        in: query
+        name: limitPerPoolType
+        required: false
+        schema:
+          default: 5
+          type: integer
+        style: form
+      - description: Agent type to search for
+        explode: true
+        in: query
+        name: poolType
+        required: false
+        schema:
+          $ref: '#/components/schemas/AgentType'
+        style: form
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/AgentPool'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.read
+      summary: List all Agent Pools
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates:
+    get:
+      description: Lists all agent pool updates
+      operationId: listAgentPoolsUpdates
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Scope the list only to scheduled or ad-hoc updates. If the parameter
+          is not provided we will return the whole list of updates.
+        explode: true
+        in: query
+        name: scheduled
+        required: false
+        schema:
+          type: boolean
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/AgentPoolUpdate'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.read
+      summary: List all Agent Pool updates
+      tags:
+      - AgentPools
+    post:
+      description: "Creates an Agent pool update \\n For user flow 2 manual update,\
+        \ starts the update immediately. \\n For user flow 3, schedules the update\
+        \ based on the configured update window and delay."
+      operationId: createAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AgentPoolUpdate'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Create an Agent Pool update
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/settings:
+    get:
+      description: Retrieves the current state of the agent pool update instance settings
+      operationId: getAgentPoolsUpdateSettings
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdateSetting'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.read
+      summary: Retrieve an Agent Pool update's settings
+      tags:
+      - AgentPools
+    post:
+      description: Updates an agent pool update settings
+      operationId: updateAgentPoolsUpdateSettings
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AgentPoolUpdateSetting'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdateSetting'
+          description: Updated
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Update an Agent Pool update settings
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}:
+    delete:
+      description: Deletes Agent pool update
+      operationId: deleteAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: Deleted
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Delete an Agent Pool update
+      tags:
+      - AgentPools
+    get:
+      description: Retrieves Agent pool update from updateId
+      operationId: getAgentPoolsUpdateInstance
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.read
+      summary: Retrieve an Agent Pool update by id
+      tags:
+      - AgentPools
+    post:
+      description: Updates Agent pool update and return latest agent pool update
+      operationId: updateAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AgentPoolUpdate'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Updated
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Update an Agent Pool update by id
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/activate:
+    post:
+      description: Activates scheduled Agent pool update
+      operationId: activateAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Activated
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Activate an Agent Pool update
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate:
+    post:
+      description: Deactivates scheduled Agent pool update
+      operationId: deactivateAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Deactivated
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Deactivate an Agent Pool update
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/pause:
+    post:
+      description: Pauses running or queued Agent pool update
+      operationId: pauseAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Paused
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Pause an Agent Pool update
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/resume:
+    post:
+      description: Resumes running or queued Agent pool update
+      operationId: resumeAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Resumed
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Resume an Agent Pool update
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/retry:
+    post:
+      description: Retries Agent pool update
+      operationId: retryAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Retried
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Retry an Agent Pool update
+      tags:
+      - AgentPools
+  /api/v1/agentPools/{poolId}/updates/{updateId}/stop:
+    post:
+      description: Stops Agent pool update
+      operationId: stopAgentPoolsUpdate
+      parameters:
+      - description: Id of the agent pool for which the settings will apply
+        explode: false
+        in: path
+        name: poolId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Id of the update
+        explode: false
+        in: path
+        name: updateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AgentPoolUpdate'
+          description: Stopped
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.agentPools.manage
+      summary: Stop an Agent Pool update
+      tags:
+      - AgentPools
+  /api/v1/api-tokens:
+    get:
+      description: Lists all the metadata of the active API tokens
+      operationId: listApiTokens
+      parameters:
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: A limit on the number of objects to return.
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          maximum: 200
+          minimum: 1
+          type: integer
+        style: form
+      - description: Finds a token that matches the name or clientName.
+        explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                List Tokens:
+                  $ref: '#/components/examples/ApiTokenListMetadataResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/ApiToken'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apiTokens.read
+      summary: List all API Token Metadata
+      tags:
+      - ApiToken
+  /api/v1/api-tokens/current:
+    delete:
+      description: Revokes the API token provided in the Authorization header
+      operationId: revokeCurrentApiToken
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      summary: Revoke the Current API Token
+      tags:
+      - ApiToken
+  /api/v1/api-tokens/{apiTokenId}:
+    delete:
+      description: Revokes an API token by `apiTokenId`
+      operationId: revokeApiToken
+      parameters:
+      - description: id of the API Token
+        explode: false
+        in: path
+        name: apiTokenId
+        required: true
+        schema:
+          example: 00Tabcdefg1234567890
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apiTokens.manage
+      summary: Revoke an API Token
+      tags:
+      - ApiToken
+    get:
+      description: Retrieves the metadata for an active API token by id
+      operationId: getApiToken
+      parameters:
+      - description: id of the API Token
+        explode: false
+        in: path
+        name: apiTokenId
+        required: true
+        schema:
+          example: 00Tabcdefg1234567890
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/ApiTokenMetadataResponse'
+              schema:
+                $ref: '#/components/schemas/ApiToken'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apiTokens.read
+      summary: Retrieve an API Token's Metadata
+      tags:
+      - ApiToken
+  /api/v1/apps:
+    get:
+      description: Lists all applications with pagination. A subset of apps can be
+        returned that match a supported filter expression or query.
+      operationId: listApplications
+      parameters:
+      - explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the pagination cursor for the next page of apps
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of results for a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      - description: "Filters apps by status, user.id, group.id or credentials.signing.kid\
+          \ expression"
+        explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Traverses users link relationship and optionally embeds Application
+          User resource
+        explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: includeNonDeleted
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listApplications_200_response_inner'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: List all Applications
+      tags:
+      - Application
+    post:
+      description: Creates a new application to your Okta organization
+      operationId: createApplication
+      parameters:
+      - description: Executes activation lifecycle operation when creating the app
+        explode: true
+        in: query
+        name: activate
+        required: false
+        schema:
+          default: true
+          type: boolean
+        style: form
+      - explode: false
+        in: header
+        name: OktaAccessGateway-Agent
+        required: false
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/listApplications_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listApplications_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Create an Application
+      tags:
+      - Application
+      x-codegen-request-body-name: application
+  /api/v1/apps/{appId}:
+    delete:
+      description: Deletes an inactive application
+      operationId: deleteApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Delete an Application
+      tags:
+      - Application
+    get:
+      description: Retrieves an application from your Okta organization by `id`
+      operationId: getApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listApplications_200_response_inner'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve an Application
+      tags:
+      - Application
+    put:
+      description: Replaces an application
+      operationId: replaceApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/listApplications_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listApplications_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Replace an Application
+      tags:
+      - Application
+      x-codegen-request-body-name: application
+  /api/v1/apps/{appId}/connections/default:
+    get:
+      description: Retrieves the default Provisioning Connection for application
+      operationId: getDefaultProvisioningConnectionForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProvisioningConnection'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve the default Provisioning Connection
+      tags:
+      - Application
+    post:
+      description: Updates the default provisioning connection for application
+      operationId: updateDefaultProvisioningConnectionForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: activate
+        required: false
+        schema:
+          type: boolean
+        style: form
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ProvisioningConnectionRequest'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProvisioningConnection'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Update the default Provisioning Connection
+      tags:
+      - Application
+  /api/v1/apps/{appId}/connections/default/lifecycle/activate:
+    post:
+      description: Activates the default Provisioning Connection for an application
+      operationId: activateDefaultProvisioningConnectionForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Activate the default Provisioning Connection
+      tags:
+      - Application
+  /api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
+    post:
+      description: Deactivates the default Provisioning Connection for an application
+      operationId: deactivateDefaultProvisioningConnectionForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Deactivate the default Provisioning Connection for an Application
+      tags:
+      - Application
+  /api/v1/apps/{appId}/credentials/csrs:
+    get:
+      description: Lists all Certificate Signing Requests for an application
+      operationId: listCsrsForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Csr'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: List all Certificate Signing Requests
+      tags:
+      - Application
+    post:
+      description: Generates a new key pair and returns the Certificate Signing Request
+        for it
+      operationId: generateCsrForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CsrMetadata'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Generate a Certificate Signing Request
+      tags:
+      - Application
+      x-codegen-request-body-name: metadata
+  /api/v1/apps/{appId}/credentials/csrs/{csrId}:
+    delete:
+      description: Revokes a certificate signing request and deletes the key pair
+        from the application
+      operationId: revokeCsrFromApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: csrId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Revoke a Certificate Signing Request
+      tags:
+      - Application
+    get:
+      description: Retrieves a certificate signing request for the app by `id`
+      operationId: getCsrForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: csrId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve a Certificate Signing Request
+      tags:
+      - Application
+  /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
+    post:
+      description: Publishes a certificate signing request for the app with a signed
+        X.509 certificate and adds it into the application key credentials
+      operationId: publishCsrFromApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: csrId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/x-x509-ca-cert:
+            schema:
+              format: binary
+              type: string
+              x-okta-operationId: publishBinaryCerCert
+          application/pkix-cert:
+            schema:
+              format: binary
+              type: string
+              x-okta-operationId: publishBinaryDerCert
+          application/x-pem-file:
+            schema:
+              format: binary
+              type: string
+              x-okta-operationId: publishBinaryPemCert
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Publish a Certificate Signing Request
+      tags:
+      - Application
+  /api/v1/apps/{appId}/credentials/keys:
+    get:
+      description: Lists all key credentials for an application
+      operationId: listApplicationKeys
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: List all Key Credentials
+      tags:
+      - Application
+  /api/v1/apps/{appId}/credentials/keys/generate:
+    post:
+      description: Generates a new X.509 certificate for an application key credential
+      operationId: generateApplicationKey
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: validityYears
+        required: false
+        schema:
+          type: integer
+        style: form
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Created
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Generate a Key Credential
+      tags:
+      - Application
+  /api/v1/apps/{appId}/credentials/keys/{keyId}:
+    get:
+      description: Retrieves a specific application key credential by kid
+      operationId: getApplicationKey
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: keyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve a Key Credential
+      tags:
+      - Application
+  /api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
+    post:
+      description: Clones a X.509 certificate for an application key credential from
+        a source application to target application.
+      operationId: cloneApplicationKey
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: keyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Unique key of the target Application
+        explode: true
+        in: query
+        name: targetAid
+        required: true
+        schema:
+          type: string
+        style: form
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Created
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Clone a Key Credential
+      tags:
+      - Application
+  /api/v1/apps/{appId}/features:
+    get:
+      description: Lists all features for an application
+      operationId: listFeaturesForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/ApplicationFeature'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: List all Features
+      tags:
+      - Application
+  /api/v1/apps/{appId}/features/{name}:
+    get:
+      description: Retrieves a Feature object for an application
+      operationId: getFeatureForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: name
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationFeature'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve a Feature
+      tags:
+      - Application
+    put:
+      description: Updates a Feature object for an application
+      operationId: updateFeatureForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: name
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CapabilitiesObject'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationFeature'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Update a Feature
+      tags:
+      - Application
+  /api/v1/apps/{appId}/grants:
+    get:
+      description: Lists all scope consent grants for the application
+      operationId: listScopeConsentGrants
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      summary: List all Scope Consent Grants
+      tags:
+      - Application
+    post:
+      description: Grants consent for the application to request an OAuth 2.0 Okta
+        scope
+      operationId: grantConsentToScope
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      summary: Grant Consent to Scope
+      tags:
+      - Application
+      x-codegen-request-body-name: oAuth2ScopeConsentGrant
+  /api/v1/apps/{appId}/grants/{grantId}:
+    delete:
+      description: Revokes permission for the application to request the given scope
+      operationId: revokeScopeConsentGrant
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: grantId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      summary: Revoke a Scope Consent Grant
+      tags:
+      - Application
+    get:
+      description: Retrieves a single scope consent grant for the application
+      operationId: getScopeConsentGrant
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: grantId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      summary: Retrieve a Scope Consent Grant
+      tags:
+      - Application
+  /api/v1/apps/{appId}/groups:
+    get:
+      description: Lists all group assignments for an application
+      operationId: listApplicationGroupAssignments
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the pagination cursor for the next page of assignments
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of results for a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/ApplicationGroupAssignment'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: List all Assigned Groups
+      tags:
+      - Application
+  /api/v1/apps/{appId}/groups/{groupId}:
+    delete:
+      description: Unassigns a group from an application
+      operationId: unassignApplicationFromGroup
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Unassign a Group
+      tags:
+      - Application
+    get:
+      description: Retrieves an application group assignment
+      operationId: getApplicationGroupAssignment
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationGroupAssignment'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve an Assigned Group
+      tags:
+      - Application
+    put:
+      description: Assigns a group to an application
+      operationId: assignGroupToApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ApplicationGroupAssignment'
+        required: false
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationGroupAssignment'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Assign a Group
+      tags:
+      - Application
+      x-codegen-request-body-name: applicationGroupAssignment
+  /api/v1/apps/{appId}/lifecycle/activate:
+    post:
+      description: Activates an inactive application
+      operationId: activateApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Activate an Application
+      tags:
+      - Application
+  /api/v1/apps/{appId}/lifecycle/deactivate:
+    post:
+      description: Deactivates an active application
+      operationId: deactivateApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Deactivate an Application
+      tags:
+      - Application
+  /api/v1/apps/{appId}/logo:
+    post:
+      description: "Uploads a logo for the application. The file must be in PNG, JPG,\
+        \ or GIF format, and less than 1 MB in size. For best results use landscape\
+        \ orientation, a transparent background, and a minimum size of 420px by 120px\
+        \ to prevent upscaling."
+      operationId: uploadApplicationLogo
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              $ref: '#/components/schemas/uploadApplicationLogo_request'
+      responses:
+        "201":
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Upload a Logo
+      tags:
+      - Application
+  /api/v1/apps/{appId}/policies/{policyId}:
+    put:
+      description: "Assigns an application to a policy identified by `policyId`. If\
+        \ the application was previously assigned to another policy, this removes\
+        \ that assignment."
+      operationId: assignApplicationPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Assign an Application to a Policy
+      tags:
+      - Application
+  /api/v1/apps/{appId}/tokens:
+    delete:
+      description: Revokes all tokens for the specified application
+      operationId: revokeOAuth2TokensForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Revoke all OAuth 2.0 Tokens
+      tags:
+      - Application
+    get:
+      description: Lists all tokens for the application
+      operationId: listOAuth2TokensForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2Token'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: List all OAuth 2.0 Tokens
+      tags:
+      - Application
+  /api/v1/apps/{appId}/tokens/{tokenId}:
+    delete:
+      description: Revokes the specified token for the specified application
+      operationId: revokeOAuth2TokenForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: tokenId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Revoke an OAuth 2.0 Token
+      tags:
+      - Application
+    get:
+      description: Retrieves a token for the specified application
+      operationId: getOAuth2TokenForApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: tokenId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Token'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve an OAuth 2.0 Token
+      tags:
+      - Application
+  /api/v1/apps/{appId}/users:
+    get:
+      description: "Lists all assigned [application users](#application-user-model)\
+        \ for an application"
+      operationId: listApplicationUsers
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: query_scope
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: specifies the pagination cursor for the next page of assignments
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: specifies the number of results for a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      - explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/AppUser'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: List all Assigned Users
+      tags:
+      - Application
+    post:
+      description: "Assigns an user to an application with [credentials](#application-user-credentials-object)\
+        \ and an app-specific [profile](#application-user-profile-object). Profile\
+        \ mappings defined for the application are first applied before applying any\
+        \ profile properties specified in the request."
+      operationId: assignUserToApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AppUser'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AppUser'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Assign a User
+      tags:
+      - Application
+      x-codegen-request-body-name: appUser
+  /api/v1/apps/{appId}/users/{userId}:
+    delete:
+      description: Unassigns a user from an application
+      operationId: unassignUserFromApplication
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: sendEmail
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+        x-okta-added-version: 1.5.0
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Unassign a User
+      tags:
+      - Application
+    get:
+      description: Retrieves a specific user assignment for application by `id`
+      operationId: getApplicationUser
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AppUser'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.read
+      summary: Retrieve an Assigned User
+      tags:
+      - Application
+    post:
+      description: Updates a user's profile for an application
+      operationId: updateApplicationUser
+      parameters:
+      - explode: false
+        in: path
+        name: appId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AppUser'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AppUser'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Update an Application Profile for Assigned User
+      tags:
+      - Application
+      x-codegen-request-body-name: appUser
+  /api/v1/authenticators:
+    get:
+      description: Lists all authenticators
+      operationId: listAuthenticators
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Org Authenticators:
+                  $ref: '#/components/examples/AuthenticatorsResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/Authenticator'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authenticators.read
+      summary: List all Authenticators
+      tags:
+      - Authenticator
+    post:
+      description: "Creates an authenticator. You can use this operation as part of\
+        \ the \"Create a custom authenticator\" flow. See the [Custom authenticator\
+        \ integration guide](https://developer.okta.com/docs/guides/authenticators-custom-authenticator/android/main/)."
+      operationId: createAuthenticator
+      parameters:
+      - description: Whether to execute the activation lifecycle operation when Okta
+          creates the authenticator
+        explode: true
+        in: query
+        name: activate
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+      requestBody:
+        $ref: '#/components/requestBodies/AuthenticatorRequestBody'
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Duo:
+                  $ref: '#/components/examples/AuthenticatorResponseDuo'
+                Email:
+                  $ref: '#/components/examples/AuthenticatorResponseEmail'
+                Password:
+                  $ref: '#/components/examples/AuthenticatorResponsePassword'
+                Phone:
+                  $ref: '#/components/examples/AuthenticatorResponsePhone'
+                WebAuthn:
+                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+                Security Question:
+                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+              schema:
+                $ref: '#/components/schemas/Authenticator'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authenticators.manage
+      summary: Create an Authenticator
+      tags:
+      - Authenticator
+      x-codegen-request-body-name: authenticator
+  /api/v1/authenticators/{authenticatorId}:
+    get:
+      description: Retrieves an authenticator from your Okta organization by `authenticatorId`
+      operationId: getAuthenticator
+      parameters:
+      - explode: false
+        in: path
+        name: authenticatorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Duo:
+                  $ref: '#/components/examples/AuthenticatorResponseDuo'
+                Email:
+                  $ref: '#/components/examples/AuthenticatorResponseEmail'
+                Password:
+                  $ref: '#/components/examples/AuthenticatorResponsePassword'
+                Phone:
+                  $ref: '#/components/examples/AuthenticatorResponsePhone'
+                WebAuthn:
+                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+                Security Question:
+                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+              schema:
+                $ref: '#/components/schemas/Authenticator'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authenticators.read
+      summary: Retrieve an Authenticator
+      tags:
+      - Authenticator
+    put:
+      description: Replaces an authenticator
+      operationId: replaceAuthenticator
+      parameters:
+      - explode: false
+        in: path
+        name: authenticatorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        $ref: '#/components/requestBodies/AuthenticatorRequestBody'
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Duo:
+                  $ref: '#/components/examples/AuthenticatorResponseDuo'
+                Email:
+                  $ref: '#/components/examples/AuthenticatorResponseEmail'
+                Password:
+                  $ref: '#/components/examples/AuthenticatorResponsePassword'
+                Phone:
+                  $ref: '#/components/examples/AuthenticatorResponsePhone'
+                WebAuthn:
+                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+                Security Question:
+                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+              schema:
+                $ref: '#/components/schemas/Authenticator'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authenticators.manage
+      summary: Replace an Authenticator
+      tags:
+      - Authenticator
+      x-codegen-request-body-name: authenticator
+  /api/v1/authenticators/{authenticatorId}/lifecycle/activate:
+    post:
+      description: Activates an authenticator by `authenticatorId`
+      operationId: activateAuthenticator
+      parameters:
+      - explode: false
+        in: path
+        name: authenticatorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Duo:
+                  $ref: '#/components/examples/AuthenticatorResponseDuo'
+                Email:
+                  $ref: '#/components/examples/AuthenticatorResponseEmail'
+                Password:
+                  $ref: '#/components/examples/AuthenticatorResponsePassword'
+                Phone:
+                  $ref: '#/components/examples/AuthenticatorResponsePhone'
+                WebAuthn:
+                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+                Security Question:
+                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+              schema:
+                $ref: '#/components/schemas/Authenticator'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authenticators.manage
+      summary: Activate an Authenticator
+      tags:
+      - Authenticator
+  /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate:
+    post:
+      description: Deactivates an authenticator by `authenticatorId`
+      operationId: deactivateAuthenticator
+      parameters:
+      - explode: false
+        in: path
+        name: authenticatorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Duo:
+                  $ref: '#/components/examples/AuthenticatorResponseDuo'
+                Email:
+                  $ref: '#/components/examples/AuthenticatorResponseEmail'
+                Password:
+                  $ref: '#/components/examples/AuthenticatorResponsePassword'
+                Phone:
+                  $ref: '#/components/examples/AuthenticatorResponsePhone'
+                WebAuthn:
+                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+                Security Question:
+                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+              schema:
+                $ref: '#/components/schemas/Authenticator'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authenticators.manage
+      summary: Deactivate an Authenticator
+      tags:
+      - Authenticator
+  /api/v1/authorizationServers:
+    get:
+      description: Lists all authorization servers
+      operationId: listAuthorizationServers
+      parameters:
+      - explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 200
+          format: int32
+          type: integer
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/AuthorizationServer'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Authorization Servers
+      tags:
+      - AuthorizationServer
+    post:
+      description: Creates an authorization server
+      operationId: createAuthorizationServer
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServer'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServer'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Create an Authorization Server
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: authorizationServer
+  /api/v1/authorizationServers/{authServerId}:
+    delete:
+      description: Deletes an authorization server
+      operationId: deleteAuthorizationServer
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Delete an Authorization Server
+      tags:
+      - AuthorizationServer
+    get:
+      description: Retrieves an authorization server
+      operationId: getAuthorizationServer
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServer'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: Retrieve an Authorization Server
+      tags:
+      - AuthorizationServer
+    put:
+      description: Replaces an authorization server
+      operationId: replaceAuthorizationServer
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServer'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServer'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Replace an Authorization Server
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: authorizationServer
+  /api/v1/authorizationServers/{authServerId}/claims:
+    get:
+      description: Lists all custom token claims
+      operationId: listOAuth2Claims
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2Claim'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Custom Token Claims
+      tags:
+      - AuthorizationServer
+    post:
+      description: Creates a custom token claim
+      operationId: createOAuth2Claim
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Claim'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Claim'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Create a Custom Token Claim
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: oAuth2Claim
+  /api/v1/authorizationServers/{authServerId}/claims/{claimId}:
+    delete:
+      description: Deletes a custom token claim
+      operationId: deleteOAuth2Claim
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: claimId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Delete a Custom Token Claim
+      tags:
+      - AuthorizationServer
+    get:
+      description: Retrieves a custom token claim
+      operationId: getOAuth2Claim
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: claimId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Claim'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: Retrieve a Custom Token Claim
+      tags:
+      - AuthorizationServer
+    put:
+      description: Replaces a custom token claim
+      operationId: replaceOAuth2Claim
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: claimId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Claim'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Claim'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Replace a Custom Token Claim
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: oAuth2Claim
+  /api/v1/authorizationServers/{authServerId}/clients:
+    get:
+      description: Lists all clients
+      operationId: listOAuth2ClientsForAuthorizationServer
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2Client'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Clients
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens:
+    delete:
+      description: Revokes all refresh tokens for a client
+      operationId: revokeRefreshTokensForAuthorizationServerAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Revoke all Refresh Tokens for a Client
+      tags:
+      - AuthorizationServer
+    get:
+      description: Lists all refresh tokens for a client
+      operationId: listRefreshTokensForAuthorizationServerAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2RefreshToken'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Refresh Tokens for a Client
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}:
+    delete:
+      description: Revokes a refresh token for a client
+      operationId: revokeRefreshTokenForAuthorizationServerAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: tokenId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Revoke a Refresh Token for a Client
+      tags:
+      - AuthorizationServer
+    get:
+      description: Retrieves a refresh token for a client
+      operationId: getRefreshTokenForAuthorizationServerAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: tokenId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2RefreshToken'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: Retrieve a Refresh Token for a Client
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/credentials/keys:
+    get:
+      description: Lists all credential keys
+      operationId: listAuthorizationServerKeys
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Credential Keys
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate:
+    post:
+      description: Rotates all credential keys
+      operationId: rotateAuthorizationServerKeys
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/JwkUse'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+                type: array
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Rotate all Credential Keys
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: use
+  /api/v1/authorizationServers/{authServerId}/lifecycle/activate:
+    post:
+      description: Activates an authorization server
+      operationId: activateAuthorizationServer
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Activate an Authorization Server
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate:
+    post:
+      description: Deactivates an authorization server
+      operationId: deactivateAuthorizationServer
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Deactivate an Authorization Server
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies:
+    get:
+      description: Lists all policies
+      operationId: listAuthorizationServerPolicies
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/AuthorizationServerPolicy'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Policies
+      tags:
+      - AuthorizationServer
+    post:
+      description: Creates a policy
+      operationId: createAuthorizationServerPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicy'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicy'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Create a Policy
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: policy
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}:
+    delete:
+      description: Deletes a policy
+      operationId: deleteAuthorizationServerPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Delete a Policy
+      tags:
+      - AuthorizationServer
+    get:
+      description: Retrieves a policy
+      operationId: getAuthorizationServerPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicy'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: Retrieve a Policy
+      tags:
+      - AuthorizationServer
+    put:
+      description: Replaces a policy
+      operationId: replaceAuthorizationServerPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicy'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicy'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Replace a Policy
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: policy
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate:
+    post:
+      description: Activates an authorization server policy
+      operationId: activateAuthorizationServerPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Activate a Policy
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate:
+    post:
+      description: Deactivates an authorization server policy
+      operationId: deactivateAuthorizationServerPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Deactivate a Policy
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules:
+    get:
+      description: Lists all policy rules for the specified Custom Authorization Server
+        and Policy
+      operationId: listAuthorizationServerPolicyRules
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Policy Rules
+      tags:
+      - AuthorizationServer
+    post:
+      description: Creates a policy rule for the specified Custom Authorization Server
+        and Policy
+      operationId: createAuthorizationServerPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Create a Policy Rule
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: policyRule
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}:
+    delete:
+      description: Deletes a Policy Rule defined in the specified Custom Authorization
+        Server and Policy
+      operationId: deleteAuthorizationServerPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Delete a Policy Rule
+      tags:
+      - AuthorizationServer
+    get:
+      description: Retrieves a policy rule by `ruleId`
+      operationId: getAuthorizationServerPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: Retrieve a Policy Rule
+      tags:
+      - AuthorizationServer
+    put:
+      description: Replaces the configuration of the Policy Rule defined in the specified
+        Custom Authorization Server and Policy
+      operationId: replaceAuthorizationServerPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Replace a Policy Rule
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: policyRule
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
+    post:
+      description: Activates an authorization server policy rule
+      operationId: activateAuthorizationServerPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Activate a Policy Rule
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
+    post:
+      description: Deactivates an authorization server policy rule
+      operationId: deactivateAuthorizationServerPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Deactivate a Policy Rule
+      tags:
+      - AuthorizationServer
+  /api/v1/authorizationServers/{authServerId}/scopes:
+    get:
+      description: Lists all custom token scopes
+      operationId: listOAuth2Scopes
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: cursor
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2Scope'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: List all Custom Token Scopes
+      tags:
+      - AuthorizationServer
+    post:
+      description: Creates a custom token scope
+      operationId: createOAuth2Scope
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Scope'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Scope'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Create a Custom Token Scope
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: oAuth2Scope
+  /api/v1/authorizationServers/{authServerId}/scopes/{scopeId}:
+    delete:
+      description: Deletes a custom token scope
+      operationId: deleteOAuth2Scope
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: scopeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Delete a Custom Token Scope
+      tags:
+      - AuthorizationServer
+    get:
+      description: Retrieves a custom token scope
+      operationId: getOAuth2Scope
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: scopeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Scope'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.read
+      summary: Retrieve a Custom Token Scope
+      tags:
+      - AuthorizationServer
+    put:
+      description: Replaces a custom token scope
+      operationId: replaceOAuth2Scope
+      parameters:
+      - explode: false
+        in: path
+        name: authServerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: scopeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OAuth2Scope'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2Scope'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.authorizationServers.manage
+      summary: Replace a Custom Token Scope
+      tags:
+      - AuthorizationServer
+      x-codegen-request-body-name: oAuth2Scope
+  /api/v1/behaviors:
+    get:
+      description: Lists all behavior detection rules with pagination support
+      operationId: listBehaviorDetectionRules
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listBehaviorDetectionRules_200_response_inner'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.behaviors.read
+      summary: List all Behavior Detection Rules
+      tags:
+      - Behavior
+    post:
+      description: Creates a new behavior detection rule
+      operationId: createBehaviorDetectionRule
+      requestBody:
+        content:
+          application/json:
+            examples:
+              BehaviorRuleRequest:
+                $ref: '#/components/examples/BehaviorRuleRequest'
+            schema:
+              $ref: '#/components/schemas/listBehaviorDetectionRules_200_response_inner'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+              schema:
+                $ref: '#/components/schemas/BehaviorRule'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.behaviors.manage
+      summary: Create a Behavior Detection Rule
+      tags:
+      - Behavior
+      x-codegen-request-body-name: rule
+  /api/v1/behaviors/{behaviorId}:
+    delete:
+      description: Deletes a Behavior Detection Rule by `behaviorId`
+      operationId: deleteBehaviorDetectionRule
+      parameters:
+      - description: id of the Behavior Detection Rule
+        explode: false
+        in: path
+        name: behaviorId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.behaviors.manage
+      summary: Delete a Behavior Detection Rule
+      tags:
+      - Behavior
+    get:
+      description: Retrieves a Behavior Detection Rule by `behaviorId`
+      operationId: getBehaviorDetectionRule
+      parameters:
+      - description: id of the Behavior Detection Rule
+        explode: false
+        in: path
+        name: behaviorId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listBehaviorDetectionRules_200_response_inner'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.behaviors.read
+      summary: Retrieve a Behavior Detection Rule
+      tags:
+      - Behavior
+    put:
+      description: Replaces a Behavior Detection Rule by `behaviorId`
+      operationId: replaceBehaviorDetectionRule
+      parameters:
+      - description: id of the Behavior Detection Rule
+        explode: false
+        in: path
+        name: behaviorId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              BehaviorRuleRequest:
+                $ref: '#/components/examples/BehaviorRuleRequest'
+            schema:
+              $ref: '#/components/schemas/listBehaviorDetectionRules_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+              schema:
+                $ref: '#/components/schemas/listBehaviorDetectionRules_200_response_inner'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.behaviors.manage
+      summary: Replace a Behavior Detection Rule
+      tags:
+      - Behavior
+      x-codegen-request-body-name: rule
+  /api/v1/behaviors/{behaviorId}/lifecycle/activate:
+    post:
+      description: Activates a behavior detection rule
+      operationId: activateBehaviorDetectionRule
+      parameters:
+      - description: id of the Behavior Detection Rule
+        explode: false
+        in: path
+        name: behaviorId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+              schema:
+                $ref: '#/components/schemas/listBehaviorDetectionRules_200_response_inner'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.behaviors.manage
+      summary: Activate a Behavior Detection Rule
+      tags:
+      - Behavior
+  /api/v1/behaviors/{behaviorId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a behavior detection rule
+      operationId: deactivateBehaviorDetectionRule
+      parameters:
+      - description: id of the Behavior Detection Rule
+        explode: false
+        in: path
+        name: behaviorId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                BehaviorRuleReSponse:
+                  $ref: '#/components/examples/BehaviorRuleResponse'
+              schema:
+                $ref: '#/components/schemas/listBehaviorDetectionRules_200_response_inner'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.behaviors.manage
+      summary: Deactivate a Behavior Detection Rule
+      tags:
+      - Behavior
+  /api/v1/brands:
+    get:
+      description: Lists all the brands in your org
+      operationId: listBrands
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Get brands response:
+                  $ref: '#/components/examples/ListBrandsResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/Brand'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: List all Brands
+      tags:
+      - Customization
+    post:
+      description: Creates new brand in your org
+      operationId: createBrand
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Create brand request:
+                $ref: '#/components/examples/CreateBrandRequest'
+            schema:
+              $ref: '#/components/schemas/CreateBrandRequest'
+      responses:
+        "201":
+          content:
+            application/json:
+              examples:
+                Create brand response:
+                  $ref: '#/components/examples/CreateBrandResponse'
+              schema:
+                $ref: '#/components/schemas/Brand'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Create a Brand
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}:
+    delete:
+      description: Deletes a brand by its unique identifier
+      operationId: deleteBrand
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: Successfully deleted the brand.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                Cannot delete default brand:
+                  $ref: '#/components/examples/ErrorDeleteDefaultBrand'
+                Cannot delete brand associated with a domain:
+                  $ref: '#/components/examples/ErrorDeleteBrandAssociatedWithDomain'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Conflict
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Delete a brand
+      tags:
+      - Customization
+    get:
+      description: Retrieves a brand by `brandId`
+      operationId: getBrand
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Get brand response:
+                  $ref: '#/components/examples/GetBrandResponse'
+              schema:
+                $ref: '#/components/schemas/Brand'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve a Brand
+      tags:
+      - Customization
+    put:
+      description: Replaces a brand by `brandId`
+      operationId: replaceBrand
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Update brand request:
+                $ref: '#/components/examples/UpdateBrandRequest'
+            schema:
+              $ref: '#/components/schemas/BrandRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Update brand response:
+                  $ref: '#/components/examples/UpdateBrandResponse'
+              schema:
+                $ref: '#/components/schemas/Brand'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Replace a Brand
+      tags:
+      - Customization
+      x-codegen-request-body-name: brand
+  /api/v1/brands/{brandId}/domains:
+    get:
+      description: Lists all domains associated with a brand by `brandId`
+      operationId: listBrandDomains
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/BrandDomains'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: List all Domains associated with a Brand
+      tags:
+      - Customization
+    post:
+      description: Links a brand to a domain by `domainId`
+      operationId: linkBrandDomain
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Create brand request:
+                $ref: '#/components/examples/CreateBrandDomainRequest'
+            schema:
+              $ref: '#/components/schemas/CreateBrandDomainRequest'
+      responses:
+        "201":
+          content:
+            application/json:
+              examples:
+                Link a brand with a domain:
+                  $ref: '#/components/examples/LinkBrandDomain'
+              schema:
+                $ref: '#/components/schemas/BrandDomain'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                Cannot link default brand with a domain:
+                  $ref: '#/components/examples/ErrorLinkDefaultBrand'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Conflict
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Link a Brand to a Domain
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/domains/{domainId}:
+    delete:
+      description: Unlinks a brand and domain by their identifiers
+      operationId: unlinkBrandDomain
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the domain.
+        explode: false
+        in: path
+        name: domainId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: Successfully unlinked the domain from the brand
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Unlink a Brand from a Domain
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/error:
+    get:
+      description: Retrieves the error page
+      operationId: getErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Specifies additional metadata to be included in the response.
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - default
+            - customized
+            - customizedUrl
+            - preview
+            - previewUrl
+            type: string
+          type: array
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PageRoot'
+          description: Successfully retrieved the error page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Error Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/error/customized:
+    delete:
+      description: Resets the customized error page
+      operationId: resetCustomizedErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Successfully reset the customized error page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Reset the Customized Error Page
+      tags:
+      - Customization
+    get:
+      description: Retrieves the customized error page
+      operationId: getCustomizedErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CustomizablePage'
+          description: Successfully retrieved the customized error page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Customized Error Page
+      tags:
+      - Customization
+    put:
+      description: Replaces the customized error page
+      operationId: replaceCustomizedErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CustomizablePage'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CustomizablePage'
+          description: Successfully replaced the customized error page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Replace the Customized Error Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/error/default:
+    get:
+      description: Retrieves the default error page
+      operationId: getDefaultErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CustomizablePage'
+          description: Successfully retrieved the default error page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Default Error Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/error/preview:
+    delete:
+      description: Resets the preview error page
+      operationId: resetPreviewErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Successfully reset the preview error page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Reset the Preview Error Page
+      tags:
+      - Customization
+    get:
+      description: Retrieves the preview error page
+      operationId: getPreviewErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CustomizablePage'
+          description: Successfully retrieved the preview error page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Preview Error Page Preview
+      tags:
+      - Customization
+    put:
+      description: Replaces the preview error page
+      operationId: replacePreviewErrorPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CustomizablePage'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CustomizablePage'
+          description: Successfully replaced the preview error page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Replace the Preview Error Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/sign-in:
+    get:
+      description: Retrieves the sign-in page
+      operationId: getSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Specifies additional metadata to be included in the response.
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - default
+            - customized
+            - customizedUrl
+            - preview
+            - previewUrl
+            type: string
+          type: array
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PageRoot'
+          description: Successfully retrieved the sign-in page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Sign-in Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/customized:
+    delete:
+      description: Resets the customized sign-in page
+      operationId: resetCustomizedSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Successfully reset the sign-in page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Reset the Customized Sign-in Page
+      tags:
+      - Customization
+    get:
+      description: Retrieves the customized sign-in page
+      operationId: getCustomizedSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+          description: Successfully retrieved the customized sign-in page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Customized Sign-in Page
+      tags:
+      - Customization
+    put:
+      description: Replaces the customized sign-in page
+      operationId: replaceCustomizedSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SignInPage'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+          description: Successfully replaced the customized sign-in page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Replace the Customized Sign-in Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/default:
+    get:
+      description: Retrieves the default sign-in page
+      operationId: getDefaultSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+          description: Successfully retrieved the default sign-in page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Default Sign-in Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/preview:
+    delete:
+      description: Resets the preview sign-in page
+      operationId: resetPreviewSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Successfully reset the preview sign-in page.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Reset the Preview Sign-in Page
+      tags:
+      - Customization
+    get:
+      description: Retrieves the preview sign-in page
+      operationId: getPreviewSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+          description: Successfully retrieved the preview sign-in page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Preview Sign-in Page Preview
+      tags:
+      - Customization
+    put:
+      description: Replaces the preview sign-in page
+      operationId: replacePreviewSignInPage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SignInPage'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SignInPage'
+          description: Successfully replaced the preview sign-in page.
+          headers:
+            Location:
+              explode: false
+              schema:
+                format: uri
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Replace the Preview Sign-in Page
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/sign-in/widget-versions:
+    get:
+      description: Lists all sign-in widget versions
+      operationId: listAllSignInWidgetVersions
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  pattern: ^\d+\.\d+$
+                  type: string
+                type: array
+          description: Successfully listed the sign-in widget versions.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: List all Sign-in Widget Versions
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/pages/sign-out/customized:
+    get:
+      description: Retrieves the sign-out page settings
+      operationId: getSignOutPageSettings
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HostedPage'
+          description: Successfully retrieved the sign-out page settings.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve the Sign-out Page Settings
+      tags:
+      - Customization
+    put:
+      description: Replaces the sign-out page settings
+      operationId: replaceSignOutPageSettings
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/HostedPage'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HostedPage'
+          description: Successfully replaced the sign-out page settings.
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Replace the Sign-out Page Settings
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/templates/email:
+    get:
+      description: Lists all email templates
+      operationId: listEmailTemplates
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: A limit on the number of objects to return.
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          maximum: 200
+          minimum: 1
+          type: integer
+        style: form
+      - description: Specifies additional metadata to be included in the response.
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - settings
+            - customizationCount
+            type: string
+          type: array
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                List email templates response:
+                  $ref: '#/components/examples/ListEmailTemplateResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/EmailTemplate'
+                type: array
+          description: Successfully returned the list of email templates.
+          headers:
+            Link:
+              description: "The pagination header containing links to the current\
+                \ and next page of results. See [Pagination](/#pagination) for more\
+                \ information."
+              explode: false
+              schema:
+                type: string
+              style: simple
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: List all Email Templates
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}:
+    get:
+      description: Retrieves the details of an email template by name
+      operationId: getEmailTemplate
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Specifies additional metadata to be included in the response.
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - settings
+            - customizationCount
+            type: string
+          type: array
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Get email template response:
+                  $ref: '#/components/examples/GetEmailTemplateResponse'
+              schema:
+                $ref: '#/components/schemas/EmailTemplate'
+          description: Successfully retrieved the email template.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Retrieve an Email Template
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations:
+    delete:
+      description: Deletes all customizations for an email template
+      operationId: deleteAllCustomizations
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Successfully deleted all customizations for the email template.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Delete all Email Customizations
+      tags:
+      - Customization
+    get:
+      description: Lists all customizations of an email template
+      operationId: listEmailCustomizations
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: A limit on the number of objects to return.
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          maximum: 200
+          minimum: 1
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                List Email customizations response:
+                  $ref: '#/components/examples/ListEmailCustomizationResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/EmailCustomization'
+                type: array
+          description: Successfully retrieved all email customizations for the specified
+            email template.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: List all Email Customizations
+      tags:
+      - Customization
+    post:
+      description: Creates a new email customization
+      operationId: createEmailCustomization
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Create email customization request:
+                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
+            schema:
+              $ref: '#/components/schemas/EmailCustomization'
+      responses:
+        "201":
+          content:
+            application/json:
+              examples:
+                Create email customization response:
+                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
+              schema:
+                $ref: '#/components/schemas/EmailCustomization'
+          description: Successfully created the email customization.
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                Default email customization already exists:
+                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
+                Email customization already exists for the specified language:
+                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Could not create the email customization because it conflicts
+            with an existing email customization.
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Create an Email Customization
+      tags:
+      - Customization
+      x-codegen-request-body-name: instance
+  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}:
+    delete:
+      description: Deletes an email customization by its unique identifier
+      operationId: deleteEmailCustomization
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the email customization.
+        explode: false
+        in: path
+        name: customizationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Successfully deleted the email customization.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                Cannot delete default email customization:
+                  $ref: '#/components/examples/ErrorEmailCustomizationCannotDeleteDefault'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Could not delete the email customization deleted because it
+            is the default email customization.
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Delete an Email Customization
+      tags:
+      - Customization
+    get:
+      description: Retrieves an email customization by its unique identifier
+      operationId: getEmailCustomization
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the email customization.
+        explode: false
+        in: path
+        name: customizationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Get email customization response:
+                  $ref: '#/components/examples/EmailCustomizationResponse'
+              schema:
+                $ref: '#/components/schemas/EmailCustomization'
+          description: Successfully retrieved the email customization.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Retrieve an Email Customization
+      tags:
+      - Customization
+    put:
+      description: Replaces an existing email customization using the property values
+        provided
+      operationId: replaceEmailCustomization
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the email customization.
+        explode: false
+        in: path
+        name: customizationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Update email customization request:
+                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
+            schema:
+              $ref: '#/components/schemas/EmailCustomization'
+        description: Request
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Update email customization response:
+                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
+              schema:
+                $ref: '#/components/schemas/EmailCustomization'
+          description: Successfully updated the email customization.
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                Default email customization already exists:
+                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
+                Email customization already exists for the specified language:
+                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
+                Cannot set the default email customization's isDefault to false:
+                  $ref: '#/components/examples/ErrorEmailCustomizationCannotClearDefault'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Could not update the email customization because the update
+            would cause a conflict with an existing email customization.
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Replace an Email Customization
+      tags:
+      - Customization
+      x-codegen-request-body-name: instance
+  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview:
+    get:
+      description: "Retrieves a preview of an email customization. All variable references\
+        \ (e.g., `${user.profile.firstName}`) are populated using the current user's\
+        \ context."
+      operationId: getCustomizationPreview
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the email customization.
+        explode: false
+        in: path
+        name: customizationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Preview email customization response:
+                  $ref: '#/components/examples/PreviewEmailCustomizationResponse'
+              schema:
+                $ref: '#/components/schemas/EmailPreview'
+          description: Successfully generated a preview of the email customization.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Retrieve a Preview of an Email Customization
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content:
+    get:
+      description: Retrieves an email template's default content
+      operationId: getEmailDefaultContent
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The language to use for the email. Defaults to the current user's
+          language if unspecified.
+        explode: true
+        in: query
+        name: language
+        required: false
+        schema:
+          $ref: '#/components/schemas/Language'
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Get email template default content response:
+                  $ref: '#/components/examples/EmailTemplateDefaultContentResponse'
+              schema:
+                $ref: '#/components/schemas/EmailDefaultContent'
+          description: Successfully retrieved the email template's default content.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Retrieve an Email Template Default Content
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview:
+    get:
+      description: "Retrieves a preview of an email template's default content. All\
+        \ variable references (e.g., `${user.profile.firstName}`) are populated using\
+        \ the current user's context."
+      operationId: getEmailDefaultPreview
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The language to use for the email. Defaults to the current user's
+          language if unspecified.
+        explode: true
+        in: query
+        name: language
+        required: false
+        schema:
+          $ref: '#/components/schemas/Language'
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Preview email template default content response:
+                  $ref: '#/components/examples/PreviewEmailTemplateDefaultContentResponse'
+              schema:
+                $ref: '#/components/schemas/EmailPreview'
+          description: Successfully generated a preview of the email template's default
+            content.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Retrieve a Preview of the Email Template Default Content
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/settings:
+    get:
+      description: Retrieves an email template's settings
+      operationId: getEmailSettings
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Get email template settings response:
+                  $ref: '#/components/examples/EmailSettingsResponse'
+              schema:
+                $ref: '#/components/schemas/EmailSettings'
+          description: Successfully retrieved the email template's settings.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Retrieve the Email Template Settings
+      tags:
+      - Customization
+    put:
+      description: Replaces an email template's settings
+      operationId: replaceEmailSettings
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmailSettings'
+      responses:
+        "204":
+          description: Successfully updated the email template's settings.
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "422":
+          content:
+            application/json:
+              examples:
+                Invalid email template recipients:
+                  $ref: '#/components/examples/ErrorInvalidEmailTemplateRecipients'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Could not update the email template's settings due to an invalid
+            setting value.
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Replace the Email Template Settings
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/templates/email/{templateName}/test:
+    post:
+      description: "Sends a test email to the current user’s primary and secondary\
+        \ email addresses. The email content is selected based on the following priority:\n\
+        1. The email customization for the language specified in the `language` query\
+        \ parameter.\n2. The email template's default customization.\n3. The email\
+        \ template’s default content, translated to the current user's language."
+      operationId: sendTestEmail
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The name of the email template.
+        explode: false
+        in: path
+        name: templateName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The language to use for the email. Defaults to the current user's
+          language if unspecified.
+        explode: true
+        in: query
+        name: language
+        required: false
+        schema:
+          $ref: '#/components/schemas/Language'
+        style: form
+      responses:
+        "204":
+          content: {}
+          description: Successfully sent a test email.
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Send a Test Email
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/themes:
+    get:
+      description: Lists all the themes in your brand
+      operationId: listBrandThemes
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/ThemeResponse'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: List all Themes
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/themes/{themeId}:
+    get:
+      description: Retrieves a theme for a brand
+      operationId: getBrandTheme
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThemeResponse'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.read
+      summary: Retrieve a Theme
+      tags:
+      - Customization
+    put:
+      description: Replaces a theme for a brand
+      operationId: replaceBrandTheme
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Theme'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThemeResponse'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Replace a Theme
+      tags:
+      - Customization
+      x-codegen-request-body-name: theme
+  /api/v1/brands/{brandId}/themes/{themeId}/background-image:
+    delete:
+      description: Deletes a Theme background image
+      operationId: deleteBrandThemeBackgroundImage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Delete the Background Image
+      tags:
+      - Customization
+    post:
+      description: "Uploads and replaces the background image for the theme. The file\
+        \ must be in PNG, JPG, or GIF format and less than 2 MB in size."
+      operationId: uploadBrandThemeBackgroundImage
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              $ref: '#/components/schemas/uploadBrandThemeBackgroundImage_request'
+        description: background image file
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ImageUploadResponse'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Upload the Background Image
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/themes/{themeId}/favicon:
+    delete:
+      description: Deletes a Theme favicon. The theme will use the default Okta favicon.
+      operationId: deleteBrandThemeFavicon
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Delete the Favicon
+      tags:
+      - Customization
+    post:
+      description: Uploads and replaces the favicon for the theme
+      operationId: uploadBrandThemeFavicon
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              $ref: '#/components/schemas/uploadBrandThemeFavicon_request'
+        description: favicon file
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ImageUploadResponse'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Upload the Favicon
+      tags:
+      - Customization
+  /api/v1/brands/{brandId}/themes/{themeId}/logo:
+    delete:
+      description: Deletes a Theme logo. The theme will use the default Okta logo.
+      operationId: deleteBrandThemeLogo
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Delete the Logo
+      tags:
+      - Customization
+    post:
+      description: "Uploads and replaces the logo for the theme. The file must be\
+        \ in PNG, JPG, or GIF format and less than 100kB in size. For best results\
+        \ use landscape orientation, a transparent background, and a minimum size\
+        \ of 300px by 50px to prevent upscaling."
+      operationId: uploadBrandThemeLogo
+      parameters:
+      - description: The ID of the brand.
+        explode: false
+        in: path
+        name: brandId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: The ID of the theme.
+        explode: false
+        in: path
+        name: themeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              $ref: '#/components/schemas/uploadBrandThemeLogo_request'
+        description: logo file
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ImageUploadResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.brands.manage
+      summary: Upload the Logo
+      tags:
+      - Customization
+  /api/v1/captchas:
+    get:
+      description: Lists all CAPTCHA instances with pagination support. A subset of
+        CAPTCHA instances can be returned that match a supported filter expression
+        or query.
+      operationId: listCaptchaInstances
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/CAPTCHAInstance'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.captchas.read
+      summary: List all CAPTCHA instances
+      tags:
+      - CAPTCHA
+    post:
+      description: "Creates a new CAPTCHA instance. In the current release, we only\
+        \ allow one CAPTCHA instance per org."
+      operationId: createCaptchaInstance
+      requestBody:
+        content:
+          application/json:
+            examples:
+              HCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
+              ReCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
+            schema:
+              $ref: '#/components/schemas/CAPTCHAInstance'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+                Error Limit of One CAPTCHA instance per org:
+                  $ref: '#/components/examples/ErrorCAPTCHALimitOfOne'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.captchas.manage
+      summary: Create a CAPTCHA instance
+      tags:
+      - CAPTCHA
+      x-codegen-request-body-name: instance
+  /api/v1/captchas/{captchaId}:
+    delete:
+      description: "Deletes a CAPTCHA instance by `captchaId`. If the CAPTCHA instance\
+        \ is currently being used in the org, the delete will not be allowed."
+      operationId: deleteCaptchaInstance
+      parameters:
+      - description: id of the CAPTCHA
+        explode: false
+        in: path
+        name: captchaId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+                Cannot remove CAPTCHA in use:
+                  $ref: '#/components/examples/ErrorCAPTCHAOrgWideSetting'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.captchas.manage
+      summary: Delete a CAPTCHA Instance
+      tags:
+      - CAPTCHA
+    get:
+      description: Retrieves a CAPTCHA instance by `captchaId`
+      operationId: getCaptchaInstance
+      parameters:
+      - description: id of the CAPTCHA
+        explode: false
+        in: path
+        name: captchaId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.captchas.read
+      summary: Retrieve a CAPTCHA Instance
+      tags:
+      - CAPTCHA
+    post:
+      description: Partially updates a CAPTCHA instance by `captchaId`
+      operationId: updateCaptchaInstance
+      parameters:
+      - description: id of the CAPTCHA
+        explode: false
+        in: path
+        name: captchaId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              HCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
+              ReCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
+            schema:
+              $ref: '#/components/schemas/CAPTCHAInstance'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.captchas.manage
+      summary: Update a CAPTCHA instance
+      tags:
+      - CAPTCHA
+      x-codegen-request-body-name: instance
+    put:
+      description: Replaces a CAPTCHA instance by `captchaId`
+      operationId: replaceCaptchaInstance
+      parameters:
+      - description: id of the CAPTCHA
+        explode: false
+        in: path
+        name: captchaId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              HCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
+              ReCaptcha:
+                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
+            schema:
+              $ref: '#/components/schemas/CAPTCHAInstance'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                HCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
+                ReCaptcha:
+                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
+              schema:
+                $ref: '#/components/schemas/CAPTCHAInstance'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.captchas.manage
+      summary: Replace a CAPTCHA instance
+      tags:
+      - CAPTCHA
+      x-codegen-request-body-name: instance
+  /api/v1/device-assurances:
+    get:
+      description: Lists all device assurance policies
+      operationId: listDeviceAssurancePolicies
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listDeviceAssurancePolicies_200_response_inner'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.deviceAssurance.read
+      summary: List all Device Assurance Policies
+      tags:
+      - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+        - Okta Identity Engine
+    post:
+      description: Creates a new Device Assurance Policy
+      operationId: createDeviceAssurancePolicy
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Android:
+                $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
+              iOS:
+                $ref: '#/components/examples/DeviceAssuranceIosRequest'
+              MacOS:
+                $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
+              Windows:
+                $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
+              ChromeOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
+              MacOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
+              WindowsWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+            schema:
+              $ref: '#/components/schemas/listDeviceAssurancePolicies_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Android:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+                iOS:
+                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
+                MacOS:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+                Windows:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+                ChromeOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+                MacOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+                WindowsWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+              schema:
+                $ref: '#/components/schemas/listDeviceAssurancePolicies_200_response_inner'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.deviceAssurance.manage
+      summary: Create a Device Assurance Policy
+      tags:
+      - DeviceAssurance
+      x-codegen-request-body-name: deviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+        - Okta Identity Engine
+  /api/v1/device-assurances/{deviceAssuranceId}:
+    delete:
+      description: "Deletes a Device Assurance Policy by `deviceAssuranceId`. If the\
+        \ Device Assurance Policy is currently being used in the org Authentication\
+        \ Policies, the delete will not be allowed."
+      operationId: deleteDeviceAssurancePolicy
+      parameters:
+      - description: Id of the Device Assurance Policy
+        explode: false
+        in: path
+        name: deviceAssuranceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                ErrorDeviceAssuranceInUse:
+                  $ref: '#/components/examples/ErrorDeviceAssuranceInUse'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Conflict
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.deviceAssurance.manage
+      summary: Delete a Device Assurance Policy
+      tags:
+      - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+        - Okta Identity Engine
+    get:
+      description: Retrieves a Device Assurance Policy by `deviceAssuranceId`
+      operationId: getDeviceAssurancePolicy
+      parameters:
+      - description: Id of the Device Assurance Policy
+        explode: false
+        in: path
+        name: deviceAssuranceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Android:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+                iOS:
+                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
+                MacOS:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+                Windows:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+                ChromeOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+                MacOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+                WindowsWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+              schema:
+                $ref: '#/components/schemas/listDeviceAssurancePolicies_200_response_inner'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.deviceAssurance.read
+      summary: Retrieve a Device Assurance Policy
+      tags:
+      - DeviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+        - Okta Identity Engine
+    put:
+      description: Replaces a Device Assurance Policy by `deviceAssuranceId`
+      operationId: replaceDeviceAssurancePolicy
+      parameters:
+      - description: Id of the Device Assurance Policy
+        explode: false
+        in: path
+        name: deviceAssuranceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Android:
+                $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
+              iOS:
+                $ref: '#/components/examples/DeviceAssuranceIosRequest'
+              MacOS:
+                $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
+              Windows:
+                $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
+              ChromeOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
+              MacOSWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
+              WindowsWithThirdPartySignalProviders:
+                $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+            schema:
+              $ref: '#/components/schemas/listDeviceAssurancePolicies_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Android:
+                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+                iOS:
+                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
+                MacOS:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+                Windows:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+                ChromeOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+                MacOSWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+                WindowsWithThirdPartySignalProviders:
+                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+              schema:
+                $ref: '#/components/schemas/listDeviceAssurancePolicies_200_response_inner'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.deviceAssurance.manage
+      summary: Replace a Device Assurance Policy
+      tags:
+      - DeviceAssurance
+      x-codegen-request-body-name: deviceAssurance
+      x-okta-lifecycle:
+        lifecycle: LIMITED_GA
+        isGenerallyAvailable: false
+        SKUs:
+        - Okta Identity Engine
+  /api/v1/devices:
+    get:
+      description: "Lists all devices with pagination support.\n\nA subset of Devices\
+        \ can be returned that match a supported search criteria using the `search`\
+        \ query parameter.\n\nSearches for devices based on the properties specified\
+        \ in the `search` parameter conforming SCIM filter specifications (case-insensitive).\
+        \ This data is eventually consistent. The API returns different results depending\
+        \ on specified queries in the request. Empty list is returned if no objects\
+        \ match `search` request.\n\n> **Note:** Listing devices with `search` should\
+        \ not be used as a part of any critical flows—such as authentication or updates—\
+        to prevent potential data loss. `search` results may not reflect the latest\
+        \ information, as this endpoint uses a search index which may not be up-to-date\
+        \ with recent updates to the object. <br> Don't use search results directly\
+        \ for record updates, as the data might be stale and therefore overwrite newer\
+        \ data, resulting in data loss. <br> Use an `id` lookup for records that you\
+        \ update to ensure your results contain the latest data.\n\nThis operation\
+        \ equires [URL encoding](http://en.wikipedia.org/wiki/Percent-encoding). For\
+        \ example, `search=profile.displayName eq \"Bob\"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`."
+      operationId: listDevices
+      parameters:
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: A limit on the number of objects to return.
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          maximum: 200
+          minimum: 1
+          type: integer
+        style: form
+      - description: "SCIM filter expression that filters the results. Searches include\
+          \ all Device `profile` properties, as well as the Device `id`, `status`\
+          \ and `lastUpdated` properties."
+        examples:
+          Devices that have a `status` of `ACTIVE`:
+            value: status eq "ACTIVE"
+          Devices last updated after a specific timestamp:
+            value: lastUpdated gt "yyyy-MM-dd'T'HH:mm:ss.SSSZ"
+          Devices with a specified `id`:
+            value: id eq "guo4a5u7JHHhjXrMK0g4"
+          Devices that have a `displayName` of `Bob`:
+            value: profile.displayName eq "Bob"
+          Devices that have an `platform` of `WINDOWS`:
+            value: profile.platform eq "WINDOWS"
+          Devices whose `sid` starts with `S-1`:
+            value: profile.sid sw "S-1"
+        explode: true
+        in: query
+        name: search
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Device'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.devices.read
+      summary: List all Devices
+      tags:
+      - Device
+  /api/v1/devices/{deviceId}:
+    delete:
+      description: Deletes a device by `deviceId`
+      operationId: deleteDevice
+      parameters:
+      - description: '`id` of the device'
+        explode: false
+        in: path
+        name: deviceId
+        required: true
+        schema:
+          example: guo4a5u7JHHhjXrMK0g4
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.devices.manage
+      summary: Delete a Device
+      tags:
+      - Device
+    get:
+      description: Retrieves a device by `deviceId`
+      operationId: getDevice
+      parameters:
+      - description: '`id` of the device'
+        explode: false
+        in: path
+        name: deviceId
+        required: true
+        schema:
+          example: guo4a5u7JHHhjXrMK0g4
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/DeviceResponse'
+              schema:
+                $ref: '#/components/schemas/Device'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.devices.read
+      summary: Retrieve a Device
+      tags:
+      - Device
+  /api/v1/devices/{deviceId}/lifecycle/activate:
+    post:
+      description: Activates a device by `deviceId`
+      operationId: activateDevice
+      parameters:
+      - description: '`id` of the device'
+        explode: false
+        in: path
+        name: deviceId
+        required: true
+        schema:
+          example: guo4a5u7JHHhjXrMK0g4
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.devices.manage
+      summary: Activate a Device
+      tags:
+      - Device
+  /api/v1/devices/{deviceId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a device by `deviceId`
+      operationId: deactivateDevice
+      parameters:
+      - description: '`id` of the device'
+        explode: false
+        in: path
+        name: deviceId
+        required: true
+        schema:
+          example: guo4a5u7JHHhjXrMK0g4
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.devices.manage
+      summary: Deactivate a Device
+      tags:
+      - Device
+  /api/v1/devices/{deviceId}/lifecycle/suspend:
+    post:
+      description: Suspends a device by `deviceId`
+      operationId: suspendDevice
+      parameters:
+      - description: '`id` of the device'
+        explode: false
+        in: path
+        name: deviceId
+        required: true
+        schema:
+          example: guo4a5u7JHHhjXrMK0g4
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.devices.manage
+      summary: Suspend a Device
+      tags:
+      - Device
+  /api/v1/devices/{deviceId}/lifecycle/unsuspend:
+    post:
+      description: Unsuspends a device by `deviceId`
+      operationId: unsuspendDevice
+      parameters:
+      - description: '`id` of the device'
+        explode: false
+        in: path
+        name: deviceId
+        required: true
+        schema:
+          example: guo4a5u7JHHhjXrMK0g4
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.devices.manage
+      summary: Unsuspend a Device
+      tags:
+      - Device
+  /api/v1/domains:
+    get:
+      description: Lists all verified custom Domains for the org
+      operationId: listDomains
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainListResponse'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.domains.read
+      summary: List all Domains
+      tags:
+      - Domain
+    post:
+      description: Creates your domain
+      operationId: createDomain
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Domain'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.domains.manage
+      summary: Create a Domain
+      tags:
+      - Domain
+      x-codegen-request-body-name: domain
+  /api/v1/domains/{domainId}:
+    delete:
+      description: Deletes a Domain by `id`
+      operationId: deleteDomain
+      parameters:
+      - explode: false
+        in: path
+        name: domainId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.domains.manage
+      summary: Delete a Domain
+      tags:
+      - Domain
+    get:
+      description: Retrieves a Domain by `id`
+      operationId: getDomain
+      parameters:
+      - explode: false
+        in: path
+        name: domainId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.domains.read
+      summary: Retrieve a Domain
+      tags:
+      - Domain
+    put:
+      description: Replaces a Domain by `id`
+      operationId: replaceDomain
+      parameters:
+      - explode: false
+        in: path
+        name: domainId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateDomain'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.domains.manage
+      summary: Replace a Domain's brandId
+      tags:
+      - Domain
+  /api/v1/domains/{domainId}/certificate:
+    put:
+      description: Creates or replaces the certificate for the domain
+      operationId: upsertCertificate
+      parameters:
+      - explode: false
+        in: path
+        name: domainId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/DomainCertificate'
+        required: true
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.domains.manage
+      summary: Upsert the Certificate
+      tags:
+      - Domain
+      x-codegen-request-body-name: certificate
+  /api/v1/domains/{domainId}/verify:
+    post:
+      description: Verifies the Domain by `id`
+      operationId: verifyDomain
+      parameters:
+      - explode: false
+        in: path
+        name: domainId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DomainResponse'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.domains.manage
+      summary: Verify a Domain
+      tags:
+      - Domain
+  /api/v1/email-domains:
+    get:
+      description: Lists all the Email Domains in your org
+      operationId: listEmailDomains
+      parameters:
+      - description: Specifies additional metadata to be included in the response
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - brands
+            type: string
+          type: array
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                List email domain response:
+                  $ref: '#/components/examples/EmailDomainResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.emailDomains.read
+      summary: List all Email Domains
+      tags:
+      - EmailDomain
+    post:
+      description: Creates an Email Domain in your org
+      operationId: createEmailDomain
+      parameters:
+      - description: Specifies additional metadata to be included in the response
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - brands
+            type: string
+          type: array
+        style: form
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Create email domain request:
+                $ref: '#/components/examples/CreateEmailDomainRequest'
+            schema:
+              $ref: '#/components/schemas/EmailDomain'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Create email domain response:
+                  $ref: '#/components/examples/EmailDomainResponse'
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                Email domain already exists:
+                  $ref: '#/components/examples/ErrorEmailDomainAlreadyExists'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Conflict
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.emailDomains.manage
+      summary: Create an Email Domain
+      tags:
+      - EmailDomain
+      x-codegen-request-body-name: emailDomain
+  /api/v1/email-domains/{emailDomainId}:
+    delete:
+      description: Deletes an Email Domain by `emailDomainId`
+      operationId: deleteEmailDomain
+      parameters:
+      - explode: false
+        in: path
+        name: emailDomainId
+        required: true
+        schema:
+          description: The ID of the email domain.
+          type: string
+        style: simple
+      - description: Specifies additional metadata to be included in the response
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - brands
+            type: string
+          type: array
+        style: form
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "400":
+          content:
+            application/json:
+              examples:
+                Email domain in use:
+                  $ref: '#/components/examples/ErrorEmailDomainInUse'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Unable to delete custom email domain due to mail provider specific
+            restrictions
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.emailDomains.manage
+      summary: Delete an Email Domain
+      tags:
+      - EmailDomain
+    get:
+      description: Retrieves an Email Domain by `emailDomainId`
+      operationId: getEmailDomain
+      parameters:
+      - explode: false
+        in: path
+        name: emailDomainId
+        required: true
+        schema:
+          description: The ID of the email domain.
+          type: string
+        style: simple
+      - description: Specifies additional metadata to be included in the response
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - brands
+            type: string
+          type: array
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Retrieve email domain response:
+                  $ref: '#/components/examples/EmailDomainResponse'
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.emailDomains.read
+      summary: Retrieve an Email Domain
+      tags:
+      - EmailDomain
+    put:
+      description: Replaces associated username and sender display name by `emailDomainId`
+      operationId: replaceEmailDomain
+      parameters:
+      - explode: false
+        in: path
+        name: emailDomainId
+        required: true
+        schema:
+          description: The ID of the email domain.
+          type: string
+        style: simple
+      - description: Specifies additional metadata to be included in the response
+        explode: false
+        in: query
+        name: expand
+        required: false
+        schema:
+          items:
+            enum:
+            - brands
+            type: string
+          type: array
+        style: form
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Update email domain request:
+                $ref: '#/components/examples/UpdateEmailDomainRequest'
+            schema:
+              $ref: '#/components/schemas/UpdateEmailDomain'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Update email domain response:
+                  $ref: '#/components/examples/UpdatedEmailDomainResponse'
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponse'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.emailDomains.manage
+      summary: Replace an Email Domain
+      tags:
+      - EmailDomain
+      x-codegen-request-body-name: updateEmailDomain
+  /api/v1/email-domains/{emailDomainId}/verify:
+    post:
+      description: Verifies an Email Domain by `emailDomainId`
+      operationId: verifyEmailDomain
+      parameters:
+      - explode: false
+        in: path
+        name: emailDomainId
+        required: true
+        schema:
+          description: The ID of the email domain.
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Verified email domain response:
+                  $ref: '#/components/examples/VerifiedEmailDomainResponse'
+              schema:
+                $ref: '#/components/schemas/EmailDomainResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                Email domain could not be verified:
+                  $ref: '#/components/examples/ErrorEmailDomainNotVerified'
+                Email domain invalid status:
+                  $ref: '#/components/examples/ErrorEmailDomainInvalidStatus'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Email domain could not be verified by mail provider
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.emailDomains.manage
+      summary: Verify an Email Domain
+      tags:
+      - EmailDomain
+  /api/v1/eventHooks:
+    get:
+      description: Lists all event hooks
+      operationId: listEventHooks
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/EventHook'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.read
+      summary: List all Event Hooks
+      tags:
+      - EventHook
+    post:
+      description: Creates an event hook
+      operationId: createEventHook
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EventHook'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.manage
+      summary: Create an Event Hook
+      tags:
+      - EventHook
+      x-codegen-request-body-name: eventHook
+  /api/v1/eventHooks/{eventHookId}:
+    delete:
+      description: Deletes an event hook
+      operationId: deleteEventHook
+      parameters:
+      - explode: false
+        in: path
+        name: eventHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.manage
+      summary: Delete an Event Hook
+      tags:
+      - EventHook
+    get:
+      description: Retrieves an event hook
+      operationId: getEventHook
+      parameters:
+      - explode: false
+        in: path
+        name: eventHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.read
+      summary: Retrieve an Event Hook
+      tags:
+      - EventHook
+    put:
+      description: Replaces an event hook
+      operationId: replaceEventHook
+      parameters:
+      - explode: false
+        in: path
+        name: eventHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EventHook'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.manage
+      summary: Replace an Event Hook
+      tags:
+      - EventHook
+      x-codegen-request-body-name: eventHook
+  /api/v1/eventHooks/{eventHookId}/lifecycle/activate:
+    post:
+      description: Activates an event hook
+      operationId: activateEventHook
+      parameters:
+      - explode: false
+        in: path
+        name: eventHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.manage
+      summary: Activate an Event Hook
+      tags:
+      - EventHook
+  /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate:
+    post:
+      description: Deactivates an event hook
+      operationId: deactivateEventHook
+      parameters:
+      - explode: false
+        in: path
+        name: eventHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.manage
+      summary: Deactivate an Event Hook
+      tags:
+      - EventHook
+  /api/v1/eventHooks/{eventHookId}/lifecycle/verify:
+    post:
+      description: Verifies an event hook
+      operationId: verifyEventHook
+      parameters:
+      - explode: false
+        in: path
+        name: eventHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EventHook'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.eventHooks.manage
+      summary: Verify an Event Hook
+      tags:
+      - EventHook
+  /api/v1/features:
+    get:
+      description: Lists all features
+      operationId: listFeatures
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Feature'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.features.read
+      summary: List all Features
+      tags:
+      - Feature
+  /api/v1/features/{featureId}:
+    get:
+      description: Retrieves a feature
+      operationId: getFeature
+      parameters:
+      - explode: false
+        in: path
+        name: featureId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Feature'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.features.read
+      summary: Retrieve a Feature
+      tags:
+      - Feature
+  /api/v1/features/{featureId}/dependencies:
+    get:
+      description: Lists all dependencies
+      operationId: listFeatureDependencies
+      parameters:
+      - explode: false
+        in: path
+        name: featureId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Feature'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.features.read
+      summary: List all Dependencies
+      tags:
+      - Feature
+  /api/v1/features/{featureId}/dependents:
+    get:
+      description: Lists all dependents
+      operationId: listFeatureDependents
+      parameters:
+      - explode: false
+        in: path
+        name: featureId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Feature'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.features.read
+      summary: List all Dependents
+      tags:
+      - Feature
+  /api/v1/features/{featureId}/{lifecycle}:
+    post:
+      description: Updates a feature lifecycle
+      operationId: updateFeatureLifecycle
+      parameters:
+      - explode: false
+        in: path
+        name: featureId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: lifecycle
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: mode
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Feature'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.features.manage
+      summary: Update a Feature Lifecycle
+      tags:
+      - Feature
+  /api/v1/groups:
+    get:
+      description: Lists all groups with pagination support. A subset of groups can
+        be returned that match a supported filter expression or query.
+      operationId: listGroups
+      parameters:
+      - description: Searches the name property of groups for matching value
+        explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Filter expression for groups
+        explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the pagination cursor for the next page of groups
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of group results in a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 10000
+          format: int32
+          type: integer
+        style: form
+      - description: "If specified, it causes additional metadata to be included in\
+          \ the response."
+        explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: "Searches for groups with a supported filtering expression for\
+          \ all attributes except for _embedded, _links, and objectClass"
+        explode: true
+        in: query
+        name: search
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Group'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.read
+      summary: List all Groups
+      tags:
+      - Group
+    post:
+      description: Creates a new group with `OKTA_GROUP` type
+      operationId: createGroup
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Group'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Group'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Create a Group
+      tags:
+      - Group
+      x-codegen-request-body-name: group
+  /api/v1/groups/rules:
+    get:
+      description: Lists all group rules
+      operationId: listGroupRules
+      parameters:
+      - description: Specifies the number of rule results in a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 50
+          format: int32
+          type: integer
+        style: form
+      - description: Specifies the pagination cursor for the next page of rules
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the keyword to search fules for
+        explode: true
+        in: query
+        name: search
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: "If specified as `groupIdToGroupNameMap`, then show group names"
+        explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+        x-okta-added-version: 1.3.0
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/GroupRule'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.read
+      summary: List all Group Rules
+      tags:
+      - Group
+    post:
+      description: Creates a group rule to dynamically add users to the specified
+        group if they match the condition
+      operationId: createGroupRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GroupRule'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupRule'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Create a Group Rule
+      tags:
+      - Group
+      x-codegen-request-body-name: groupRule
+  /api/v1/groups/rules/{ruleId}:
+    delete:
+      description: Deletes a specific group rule by `ruleId`
+      operationId: deleteGroupRule
+      parameters:
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Indicates whether to keep or remove users from groups assigned
+          by this rule.
+        explode: true
+        in: query
+        name: removeUsers
+        required: false
+        schema:
+          type: boolean
+        style: form
+      responses:
+        "202":
+          content: {}
+          description: Accepted
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Delete a group Rule
+      tags:
+      - Group
+    get:
+      description: Retrieves a specific group rule by `ruleId`
+      operationId: getGroupRule
+      parameters:
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupRule'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.read
+      summary: Retrieve a Group Rule
+      tags:
+      - Group
+    put:
+      description: Replaces a group rule. Only `INACTIVE` rules can be updated.
+      operationId: replaceGroupRule
+      parameters:
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GroupRule'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupRule'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Replace a Group Rule
+      tags:
+      - Group
+      x-codegen-request-body-name: groupRule
+  /api/v1/groups/rules/{ruleId}/lifecycle/activate:
+    post:
+      description: Activates a specific group rule by `ruleId`
+      operationId: activateGroupRule
+      parameters:
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Activate a Group Rule
+      tags:
+      - Group
+  /api/v1/groups/rules/{ruleId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a specific group rule by `ruleId`
+      operationId: deactivateGroupRule
+      parameters:
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Deactivate a Group Rule
+      tags:
+      - Group
+  /api/v1/groups/{groupId}:
+    delete:
+      description: Deletes a group with `OKTA_GROUP` type
+      operationId: deleteGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Delete a Group
+      tags:
+      - Group
+    get:
+      description: Retrieves a group by `groupId`
+      operationId: getGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Group'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.read
+      summary: Retrieve a Group
+      tags:
+      - Group
+    put:
+      description: Replaces the profile for a group with `OKTA_GROUP` type
+      operationId: replaceGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Group'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Group'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Replace a Group
+      tags:
+      - Group
+      x-codegen-request-body-name: group
+  /api/v1/groups/{groupId}/apps:
+    get:
+      description: Lists all applications that are assigned to a group
+      operationId: listAssignedApplicationsForGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Specifies the pagination cursor for the next page of apps
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of app results for a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listApplications_200_response_inner'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.read
+      summary: List all Assigned Applications
+      tags:
+      - Group
+  /api/v1/groups/{groupId}/owners:
+    get:
+      description: Lists all owners for a specific group
+      operationId: listGroupOwners
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: SCIM Filter expression for group owners. Allows to filter owners
+          by type.
+        explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the pagination cursor for the next page of owners
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of owner results in a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 1000
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/GroupOwner'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.read
+      summary: List all Group Owners
+      tags:
+      - Group
+    post:
+      description: Assigns a group owner
+      operationId: assignGroupOwner
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GroupOwner'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GroupOwner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Assign a Group Owner
+      tags:
+      - Group
+  /api/v1/groups/{groupId}/owners/{ownerId}:
+    delete:
+      description: Deletes a group owner from a specific group
+      operationId: deleteGroupOwner
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ownerId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Delete a Group Owner
+      tags:
+      - Group
+  /api/v1/groups/{groupId}/roles:
+    get:
+      description: Lists all assigned roles of group identified by `groupId`
+      operationId: listGroupAssignedRoles
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Role'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Assigned Roles of Group
+      tags:
+      - RoleAssignment
+    post:
+      description: Assigns a role to a group
+      operationId: assignRoleToGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Setting this to `true` grants the group third-party admin status
+        explode: true
+        in: query
+        name: disableNotifications
+        required: false
+        schema:
+          type: boolean
+        style: form
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AssignRoleRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+          description: Success
+        "201":
+          content: {}
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign a Role to a Group
+      tags:
+      - RoleAssignment
+      x-codegen-request-body-name: assignRoleRequest
+  /api/v1/groups/{groupId}/roles/{roleId}:
+    delete:
+      description: Unassigns a role identified by `roleId` assigned to group identified
+        by `groupId`
+      operationId: unassignRoleFromGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign a Role from a Group
+      tags:
+      - RoleAssignment
+    get:
+      description: Retrieves a role identified by `roleId` assigned to group identified
+        by `groupId`
+      operationId: getGroupAssignedRole
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: Retrieve a Role assigned to Group
+      tags:
+      - RoleAssignment
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps:
+    get:
+      description: "Lists all App targets for an `APP_ADMIN` Role assigned to a Group.\
+        \ This methods return list may include full Applications or Instances. The\
+        \ response for an instance will have an `ID` value, while Application will\
+        \ not have an ID."
+      operationId: listApplicationTargetsForApplicationAdministratorRoleForGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/CatalogApplication'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Application Targets for an Application Administrator Role
+      tags:
+      - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}:
+    delete:
+      description: Unassigns an application target from application administrator
+        role
+      operationId: unassignAppTargetToAdminRoleForGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign an Application Target from Application Administrator Role
+      tags:
+      - RoleTarget
+    put:
+      description: Assigns an application target to administrator role
+      operationId: assignAppTargetToAdminRoleForGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign an Application Target to Administrator Role
+      tags:
+      - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}:
+    delete:
+      description: Unassigns an application instance target from application administrator
+        role
+      operationId: unassignAppInstanceTargetToAppAdminRoleForGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: applicationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign an Application Instance Target from an Application Administrator
+        Role
+      tags:
+      - RoleTarget
+    put:
+      description: Assigns App Instance Target to App Administrator Role given to
+        a Group
+      operationId: assignAppInstanceTargetToAppAdminRoleForGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: applicationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign an Application Instance Target to Application Administrator
+        Role
+      tags:
+      - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/groups:
+    get:
+      description: Lists all group targets for a group role
+      operationId: listGroupTargetsForGroupRole
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Group'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Group Targets for a Group Role
+      tags:
+      - RoleTarget
+  /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}:
+    delete:
+      description: Unassigns a group target from a group role
+      operationId: unassignGroupTargetFromGroupAdminRole
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: targetGroupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign a Group Target from a Group Role
+      tags:
+      - RoleTarget
+    put:
+      description: Assigns a group target to a group role
+      operationId: assignGroupTargetToGroupAdminRole
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: targetGroupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign a Group Target to a Group Role
+      tags:
+      - RoleTarget
+  /api/v1/groups/{groupId}/users:
+    get:
+      description: Lists all users that are a member of a group
+      operationId: listGroupUsers
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Specifies the pagination cursor for the next page of users
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of user results in a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 1000
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/User'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.read
+      summary: List all Member Users
+      tags:
+      - Group
+  /api/v1/groups/{groupId}/users/{userId}:
+    delete:
+      description: Unassigns a user from a group with 'OKTA_GROUP' type
+      operationId: unassignUserFromGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Unassign a User
+      tags:
+      - Group
+    put:
+      description: Assigns a user to a group with 'OKTA_GROUP' type
+      operationId: assignUserToGroup
+      parameters:
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.groups.manage
+      summary: Assign a User
+      tags:
+      - Group
+  /api/v1/hook-keys:
+    get:
+      description: Lists all keys
+      operationId: listHookKeys
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/HookKey'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.read
+      summary: List all keys
+      tags:
+      - HookKey
+    post:
+      description: Creates a key
+      operationId: createHookKey
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/KeyRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HookKey'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Create a key
+      tags:
+      - HookKey
+      x-codegen-request-body-name: keyRequest
+  /api/v1/hook-keys/public/{keyId}:
+    get:
+      description: Retrieves a public key by `keyId`
+      operationId: getPublicKey
+      parameters:
+      - explode: false
+        in: path
+        name: keyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.read
+      summary: Retrieve a public key
+      tags:
+      - HookKey
+  /api/v1/hook-keys/{hookKeyId}:
+    delete:
+      description: "Deletes a key by `hookKeyId`. Once deleted, the Hook Key is unrecoverable.\
+        \ As a safety precaution, unused keys are eligible for deletion."
+      operationId: deleteHookKey
+      parameters:
+      - explode: false
+        in: path
+        name: hookKeyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Delete a key
+      tags:
+      - HookKey
+    get:
+      description: Retrieves a key by `hookKeyId`
+      operationId: getHookKey
+      parameters:
+      - explode: false
+        in: path
+        name: hookKeyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HookKey'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.read
+      summary: Retrieve a key
+      tags:
+      - HookKey
+    put:
+      description: Replaces a key by `hookKeyId`
+      operationId: replaceHookKey
+      parameters:
+      - explode: false
+        in: path
+        name: hookKeyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/KeyRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HookKey'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Replace a key
+      tags:
+      - HookKey
+      x-codegen-request-body-name: keyRequest
+  /api/v1/iam/resource-sets:
+    get:
+      description: Lists all resource sets with pagination support
+      operationId: listResourceSets
+      parameters:
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetsResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSets'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Resource Sets
+      tags:
+      - ResourceSet
+    post:
+      description: Creates a new resource set
+      operationId: createResourceSet
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetRequest'
+            schema:
+              $ref: '#/components/schemas/ResourceSet'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Create a Resource Set
+      tags:
+      - ResourceSet
+      x-codegen-request-body-name: instance
+  /api/v1/iam/resource-sets/{resourceSetId}:
+    delete:
+      description: Deletes a role by `resourceSetId`
+      operationId: deleteResourceSet
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Delete a Resource Set
+      tags:
+      - ResourceSet
+    get:
+      description: Retrieves a resource set by `resourceSetId`
+      operationId: getResourceSet
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: Retrieve a Resource Set
+      tags:
+      - ResourceSet
+    put:
+      description: Replaces a resource set by `resourceSetId`
+      operationId: replaceResourceSet
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetRequest'
+            schema:
+              $ref: '#/components/schemas/ResourceSet'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Replace a Resource Set
+      tags:
+      - ResourceSet
+      x-codegen-request-body-name: instance
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings:
+    get:
+      description: Lists all resource set bindings with pagination support
+      operationId: listBindings
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingsResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindings'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Bindings
+      tags:
+      - ResourceSet
+    post:
+      description: Creates a new resource set binding
+      operationId: createResourceSetBinding
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetBindingCreateRequestExample'
+            schema:
+              $ref: '#/components/schemas/ResourceSetBindingCreateRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingResponseExample'
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Create a Resource Set Binding
+      tags:
+      - ResourceSet
+      x-codegen-request-body-name: instance
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}:
+    delete:
+      description: Deletes a resource set binding by `resourceSetId` and `roleIdOrLabel`
+      operationId: deleteBinding
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Delete a Binding
+      tags:
+      - ResourceSet
+    get:
+      description: Retrieves a resource set binding by `resourceSetId` and `roleIdOrLabel`
+      operationId: getBinding
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingResponseWithIdExample'
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingResponse'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: Retrieve a Binding
+      tags:
+      - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members:
+    get:
+      description: Lists all members of a resource set binding with pagination support
+      operationId: listMembersOfBinding
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingMembersResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingMembers'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Members of a binding
+      tags:
+      - ResourceSet
+    patch:
+      description: Adds more members to a resource set binding
+      operationId: addMembersToBinding
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetBindingAddMembersRequestExample'
+            schema:
+              $ref: '#/components/schemas/ResourceSetBindingAddMembersRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingResponseExample'
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Add more Members to a binding
+      tags:
+      - ResourceSet
+      x-codegen-request-body-name: instance
+  /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}:
+    delete:
+      description: Unassigns a member identified by `memberId` from a binding
+      operationId: unassignMemberFromBinding
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      - description: '`id` of a member'
+        explode: false
+        in: path
+        name: memberId
+        required: true
+        schema:
+          example: irb1qe6PGuMc7Oh8N0g4
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign a Member from a binding
+      tags:
+      - ResourceSet
+      x-codegen-request-body-name: instance
+    get:
+      description: Retrieves a member identified by `memberId` for a binding
+      operationId: getMemberOfBinding
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      - description: '`id` of a member'
+        explode: false
+        in: path
+        name: memberId
+        required: true
+        schema:
+          example: irb1qe6PGuMc7Oh8N0g4
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetBindingMemberResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSetBindingMember'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: Retrieve a Member of a binding
+      tags:
+      - ResourceSet
+  /api/v1/iam/resource-sets/{resourceSetId}/resources:
+    get:
+      description: Lists all resources that make up the resource set
+      operationId: listResourceSetResources
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResourcesResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSetResources'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Resources of a resource set
+      tags:
+      - ResourceSet
+    patch:
+      description: Adds more resources to a resource set
+      operationId: addResourceSetResource
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/ResourceSetResourcePatchRequestExample'
+            schema:
+              $ref: '#/components/schemas/ResourceSetResourcePatchRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/ResourceSetResponse'
+              schema:
+                $ref: '#/components/schemas/ResourceSet'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Add more Resource to a resource set
+      tags:
+      - ResourceSet
+      x-codegen-request-body-name: instance
+  /api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}:
+    delete:
+      description: Deletes a resource identified by `resourceId` from a resource set
+      operationId: deleteResourceSetResource
+      parameters:
+      - description: '`id` of a resource set'
+        explode: false
+        in: path
+        name: resourceSetId
+        required: true
+        schema:
+          example: iamoJDFKaJxGIr0oamd9g
+          type: string
+        style: simple
+      - description: '`id` of a resource'
+        explode: false
+        in: path
+        name: resourceId
+        required: true
+        schema:
+          example: ire106sQKoHoXXsAe0g4
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Delete a Resource from a resource set
+      tags:
+      - ResourceSet
+  /api/v1/iam/roles:
+    get:
+      description: Lists all roles with pagination support
+      operationId: listRoles
+      parameters:
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RolesResponse'
+              schema:
+                $ref: '#/components/schemas/IamRoles'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Roles
+      tags:
+      - Role
+    post:
+      description: Creates a new role
+      operationId: createRole
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/RoleRequest'
+            schema:
+              $ref: '#/components/schemas/IamRole'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RoleResponse'
+              schema:
+                $ref: '#/components/schemas/IamRole'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Create a Role
+      tags:
+      - Role
+      x-codegen-request-body-name: instance
+  /api/v1/iam/roles/{roleIdOrLabel}:
+    delete:
+      description: Deletes a role by `roleIdOrLabel`
+      operationId: deleteRole
+      parameters:
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Delete a Role
+      tags:
+      - Role
+    get:
+      description: Retrieves a role by `roleIdOrLabel`
+      operationId: getRole
+      parameters:
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RoleResponse'
+              schema:
+                $ref: '#/components/schemas/IamRole'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: Retrieve a Role
+      tags:
+      - Role
+    put:
+      description: Replaces a role by `roleIdOrLabel`
+      operationId: replaceRole
+      parameters:
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/RoleRequest'
+            schema:
+              $ref: '#/components/schemas/IamRole'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RoleResponse'
+              schema:
+                $ref: '#/components/schemas/IamRole'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Replace a Role
+      tags:
+      - Role
+      x-codegen-request-body-name: instance
+  /api/v1/iam/roles/{roleIdOrLabel}/permissions:
+    get:
+      description: Lists all permissions of the role by `roleIdOrLabel`
+      operationId: listRolePermissions
+      parameters:
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/PermissionsResponse'
+              schema:
+                $ref: '#/components/schemas/Permissions'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Permissions
+      tags:
+      - Role
+  /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}:
+    delete:
+      description: Deletes a permission from a role by `permissionType`
+      operationId: deleteRolePermission
+      parameters:
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      - description: An okta permission type
+        explode: false
+        in: path
+        name: permissionType
+        required: true
+        schema:
+          example: okta.users.manage
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Delete a Permission
+      tags:
+      - Role
+    get:
+      description: Retrieves a permission by `permissionType`
+      operationId: getRolePermission
+      parameters:
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      - description: An okta permission type
+        explode: false
+        in: path
+        name: permissionType
+        required: true
+        schema:
+          example: okta.users.manage
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/PermissionResponse'
+              schema:
+                $ref: '#/components/schemas/Permission'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: Retrieve a Permission
+      tags:
+      - Role
+    post:
+      description: Creates a permission specified by `permissionType` to the role
+      operationId: createRolePermission
+      parameters:
+      - description: '`id` or `label` of the role'
+        explode: false
+        in: path
+        name: roleIdOrLabel
+        required: true
+        schema:
+          example: cr0Yq6IJxGIr0ouum0g3
+          type: string
+        style: simple
+      - description: An okta permission type
+        explode: false
+        in: path
+        name: permissionType
+        required: true
+        schema:
+          example: okta.users.manage
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Create a Permission
+      tags:
+      - Role
+      x-codegen-request-body-name: instance
+  /api/v1/identity-sources/{identitySourceId}/sessions:
+    get:
+      description: Lists all identity source sessions for the given identity source
+        instance
+      operationId: listIdentitySourceSessions
+      parameters:
+      - explode: false
+        in: path
+        name: identitySourceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Sessions List:
+                  $ref: '#/components/examples/ListSessionsResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/IdentitySourceSession'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.identitySources.read
+      summary: List all Identity Source Sessions
+      tags:
+      - IdentitySource
+    post:
+      description: Creates an identity source session for the given identity source
+        instance
+      operationId: createIdentitySourceSession
+      parameters:
+      - explode: false
+        in: path
+        name: identitySourceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                sessionsList:
+                  $ref: '#/components/examples/ListSessionsResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/IdentitySourceSession'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.identitySources.manage
+      summary: Create an Identity Source Session
+      tags:
+      - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}:
+    delete:
+      description: Deletes an identity source session for a given `identitySourceId`
+        and `sessionId`
+      operationId: deleteIdentitySourceSession
+      parameters:
+      - explode: false
+        in: path
+        name: identitySourceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.identitySources.manage
+      summary: Delete an Identity Source Session
+      tags:
+      - IdentitySource
+    get:
+      description: Retrieves an identity source session for a given identity source
+        id and session id
+      operationId: getIdentitySourceSession
+      parameters:
+      - explode: false
+        in: path
+        name: identitySourceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Session:
+                  $ref: '#/components/examples/ListSessionsResponse'
+              schema:
+                $ref: '#/components/schemas/IdentitySourceSession'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.identitySources.read
+      summary: Retrieve an Identity Source Session
+      tags:
+      - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete:
+    post:
+      description: Uploads entities that need to be deleted in Okta from the identity
+        source for the given session
+      operationId: uploadIdentitySourceDataForDelete
+      parameters:
+      - explode: false
+        in: path
+        name: identitySourceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BulkDeleteRequestBody'
+      responses:
+        "202":
+          description: Accepted
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.identitySources.manage
+      summary: Upload the data to be deleted in Okta
+      tags:
+      - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert:
+    post:
+      description: Uploads entities that need to be upserted in Okta from the identity
+        source for the given session
+      operationId: uploadIdentitySourceDataForUpsert
+      parameters:
+      - explode: false
+        in: path
+        name: identitySourceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/BulkUpsertRequestBody'
+      responses:
+        "202":
+          description: Accepted
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.identitySources.manage
+      summary: Upload the data to be upserted in Okta
+      tags:
+      - IdentitySource
+  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import:
+    post:
+      description: Starts the import from the identity source described by the uploaded
+        bulk operations
+      operationId: startImportFromIdentitySource
+      parameters:
+      - explode: false
+        in: path
+        name: identitySourceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                sessionsList:
+                  $ref: '#/components/examples/TriggerSessionResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/IdentitySourceSession'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.identitySources.manage
+      summary: Start the import from the Identity Source
+      tags:
+      - IdentitySource
+  /api/v1/idps:
+    get:
+      description: Lists all identity provider integrations with pagination. A subset
+        of IdPs can be returned that match a supported filter expression or query.
+      operationId: listIdentityProviders
+      parameters:
+      - description: Searches the name property of IdPs for matching value
+        explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the pagination cursor for the next page of IdPs
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of IdP results in a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      - description: Filters IdPs by type
+        explode: true
+        in: query
+        name: type
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/IdentityProvider'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: List all Identity Providers
+      tags:
+      - IdentityProvider
+    post:
+      description: Creates a new identity provider integration
+      operationId: createIdentityProvider
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/IdentityProvider'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Create an Identity Provider
+      tags:
+      - IdentityProvider
+      x-codegen-request-body-name: identityProvider
+  /api/v1/idps/credentials/keys:
+    get:
+      description: Lists all IdP key credentials
+      operationId: listIdentityProviderKeys
+      parameters:
+      - description: Specifies the pagination cursor for the next page of keys
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of key results in a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: List all Credential Keys
+      tags:
+      - IdentityProvider
+    post:
+      description: Creates a new X.509 certificate credential to the IdP key store.
+      operationId: createIdentityProviderKey
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/JsonWebKey'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Create an X.509 Certificate Public Key
+      tags:
+      - IdentityProvider
+      x-codegen-request-body-name: jsonWebKey
+  /api/v1/idps/credentials/keys/{keyId}:
+    delete:
+      description: Deletes a specific IdP Key Credential by `kid` if it is not currently
+        being used by an Active or Inactive IdP
+      operationId: deleteIdentityProviderKey
+      parameters:
+      - explode: false
+        in: path
+        name: keyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Delete a Signing Credential Key
+      tags:
+      - IdentityProvider
+    get:
+      description: Retrieves a specific IdP Key Credential by `kid`
+      operationId: getIdentityProviderKey
+      parameters:
+      - explode: false
+        in: path
+        name: keyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: Retrieve an Credential Key
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}:
+    delete:
+      description: Deletes an identity provider integration by `idpId`
+      operationId: deleteIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Delete an Identity Provider
+      tags:
+      - IdentityProvider
+    get:
+      description: Retrieves an identity provider integration by `idpId`
+      operationId: getIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: Retrieve an Identity Provider
+      tags:
+      - IdentityProvider
+    put:
+      description: Replaces an identity provider integration by `idpId`
+      operationId: replaceIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/IdentityProvider'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Replace an Identity Provider
+      tags:
+      - IdentityProvider
+      x-codegen-request-body-name: identityProvider
+  /api/v1/idps/{idpId}/credentials/csrs:
+    get:
+      description: Lists all Certificate Signing Requests for an IdP
+      operationId: listCsrsForIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Csr'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: List all Certificate Signing Requests
+      tags:
+      - IdentityProvider
+    post:
+      description: Generates a new key pair and returns a Certificate Signing Request
+        for it
+      operationId: generateCsrForIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CsrMetadata'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Generate a Certificate Signing Request
+      tags:
+      - IdentityProvider
+      x-codegen-request-body-name: metadata
+  /api/v1/idps/{idpId}/credentials/csrs/{csrId}:
+    delete:
+      description: Revokes a certificate signing request and deletes the key pair
+        from the IdP
+      operationId: revokeCsrForIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: csrId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Revoke a Certificate Signing Request
+      tags:
+      - IdentityProvider
+    get:
+      description: Retrieves a specific Certificate Signing Request model by id
+      operationId: getCsrForIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: csrId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Csr'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: Retrieve a Certificate Signing Request
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish:
+    post:
+      description: Publishes a certificate signing request with a signed X.509 certificate
+        and adds it into the signing key credentials for the IdP
+      operationId: publishCsrForIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: csrId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/x-x509-ca-cert:
+            schema:
+              format: binary
+              type: string
+              x-okta-operationId: publishBinaryCerCertForIdentityProvider
+          application/pkix-cert:
+            schema:
+              format: binary
+              type: string
+              x-okta-operationId: publishBinaryDerCertForIdentityProvider
+          application/x-pem-file:
+            schema:
+              format: binary
+              type: string
+              x-okta-operationId: publishBinaryPemCertForIdentityProvider
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Publish a Certificate Signing Request
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys:
+    get:
+      description: Lists all signing key credentials for an IdP
+      operationId: listIdentityProviderSigningKeys
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/JsonWebKey'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: List all Signing Credential Keys
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys/generate:
+    post:
+      description: Generates a new X.509 certificate for an IdP signing key credential
+        to be used for signing assertions sent to the IdP
+      operationId: generateIdentityProviderSigningKey
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: expiry of the IdP Key Credential
+        explode: true
+        in: query
+        name: validityYears
+        required: true
+        schema:
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Generate a new Signing Credential Key
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys/{keyId}:
+    get:
+      description: Retrieves a specific IdP Key Credential by `kid`
+      operationId: getIdentityProviderSigningKey
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: keyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: Retrieve a Signing Credential Key
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone:
+    post:
+      description: Clones a X.509 certificate for an IdP signing key credential from
+        a source IdP to target IdP
+      operationId: cloneIdentityProviderKey
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: keyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: targetIdpId
+        required: true
+        schema:
+          type: string
+        style: form
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JsonWebKey'
+          description: Created
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Clone a Signing Credential Key
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/lifecycle/activate:
+    post:
+      description: Activates an inactive IdP
+      operationId: activateIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Activate an Identity Provider
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/lifecycle/deactivate:
+    post:
+      description: Deactivates an active IdP
+      operationId: deactivateIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProvider'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Deactivate an Identity Provider
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/users:
+    get:
+      description: Lists all users linked to the identity provider
+      operationId: listIdentityProviderApplicationUsers
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/IdentityProviderApplicationUser'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: List all Users
+      tags:
+      - IdentityProvider
+  /api/v1/idps/{idpId}/users/{userId}:
+    delete:
+      description: Unlinks the link between the Okta user and the IdP user
+      operationId: unlinkUserFromIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.manage
+      summary: Unlink a User from IdP
+      tags:
+      - IdentityProvider
+    get:
+      description: Retrieves a linked IdP user by ID
+      operationId: getIdentityProviderApplicationUser
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProviderApplicationUser'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: Retrieve a User
+      tags:
+      - IdentityProvider
+    post:
+      description: Links an Okta user to an existing Social Identity Provider. This
+        does not support the SAML2 Identity Provider Type
+      operationId: linkUserToIdentityProvider
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserIdentityProviderLinkRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/IdentityProviderApplicationUser'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Link a User to a Social IdP
+      tags:
+      - IdentityProvider
+      x-codegen-request-body-name: userIdentityProviderLinkRequest
+  /api/v1/idps/{idpId}/users/{userId}/credentials/tokens:
+    get:
+      description: Lists the tokens minted by the Social Authentication Provider when
+        the user authenticates with Okta via Social Auth
+      operationId: listSocialAuthTokens
+      parameters:
+      - explode: false
+        in: path
+        name: idpId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/SocialAuthToken'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.idps.read
+      summary: List all Tokens from a OIDC Identity Provider
+      tags:
+      - IdentityProvider
+  /api/v1/inlineHooks:
+    get:
+      description: Lists all inline hooks
+      operationId: listInlineHooks
+      parameters:
+      - explode: true
+        in: query
+        name: type
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/InlineHook'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.read
+      summary: List all Inline Hooks
+      tags:
+      - InlineHook
+    post:
+      description: Creates an inline hook
+      operationId: createInlineHook
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InlineHook'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Create an Inline Hook
+      tags:
+      - InlineHook
+      x-codegen-request-body-name: inlineHook
+  /api/v1/inlineHooks/{inlineHookId}:
+    delete:
+      description: "Deletes an inline hook by `inlineHookId`. Once deleted, the Inline\
+        \ Hook is unrecoverable. As a safety precaution, only Inline Hooks with a\
+        \ status of INACTIVE are eligible for deletion."
+      operationId: deleteInlineHook
+      parameters:
+      - explode: false
+        in: path
+        name: inlineHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Delete an Inline Hook
+      tags:
+      - InlineHook
+    get:
+      description: Retrieves an inline hook by `inlineHookId`
+      operationId: getInlineHook
+      parameters:
+      - explode: false
+        in: path
+        name: inlineHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.read
+      summary: Retrieve an Inline Hook
+      tags:
+      - InlineHook
+    put:
+      description: Replaces an inline hook by `inlineHookId`
+      operationId: replaceInlineHook
+      parameters:
+      - explode: false
+        in: path
+        name: inlineHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InlineHook'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Replace an Inline Hook
+      tags:
+      - InlineHook
+      x-codegen-request-body-name: inlineHook
+  /api/v1/inlineHooks/{inlineHookId}/execute:
+    post:
+      description: Executes the inline hook by `inlineHookId` using the request body
+        as the input. This will send the provided data through the Channel and return
+        a response if it matches the correct data contract. This execution endpoint
+        should only be used for testing purposes.
+      operationId: executeInlineHook
+      parameters:
+      - explode: false
+        in: path
+        name: inlineHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InlineHookPayload'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHookResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Execute an Inline Hook
+      tags:
+      - InlineHook
+      x-codegen-request-body-name: payloadData
+  /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate:
+    post:
+      description: Activates the inline hook by `inlineHookId`
+      operationId: activateInlineHook
+      parameters:
+      - explode: false
+        in: path
+        name: inlineHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Activate an Inline Hook
+      tags:
+      - InlineHook
+  /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate:
+    post:
+      description: Deactivates the inline hook by `inlineHookId`
+      operationId: deactivateInlineHook
+      parameters:
+      - explode: false
+        in: path
+        name: inlineHookId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/InlineHook'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.inlineHooks.manage
+      summary: Deactivate an Inline Hook
+      tags:
+      - InlineHook
+  /api/v1/logStreams:
+    get:
+      description: Lists all log streams. You can request a paginated list or a subset
+        of Log Streams that match a supported filter expression.
+      operationId: listLogStreams
+      parameters:
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: A limit on the number of objects to return.
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          maximum: 200
+          minimum: 1
+          type: integer
+        style: form
+      - description: SCIM filter expression that filters the results. This expression
+          only supports the `eq` operator on either the `status` or `type`.
+        examples:
+          Filter on type for AWS EventBridge:
+            value: type eq "aws_eventbridge"
+          Filter on status for `ACTIVE` Log Streams:
+            value: status eq "ACTIVE"
+        explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listLogStreams_200_response_inner'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.read
+      summary: List all Log Streams
+      tags:
+      - LogStream
+    post:
+      description: Creates a new log stream
+      operationId: createLogStream
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/LogStreamRequest'
+            schema:
+              $ref: '#/components/schemas/listLogStreams_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/LogStreamResponse'
+              schema:
+                $ref: '#/components/schemas/listLogStreams_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.manage
+      summary: Create a Log Stream
+      tags:
+      - LogStream
+      x-codegen-request-body-name: instance
+  /api/v1/logStreams/{logStreamId}:
+    delete:
+      description: Deletes a log stream by `logStreamId`
+      operationId: deleteLogStream
+      parameters:
+      - description: id of the log stream
+        explode: false
+        in: path
+        name: logStreamId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.manage
+      summary: Delete a Log Stream
+      tags:
+      - LogStream
+    get:
+      description: Retrieves a log stream by `logStreamId`
+      operationId: getLogStream
+      parameters:
+      - description: id of the log stream
+        explode: false
+        in: path
+        name: logStreamId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/LogStreamResponse'
+              schema:
+                $ref: '#/components/schemas/listLogStreams_200_response_inner'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.read
+      summary: Retrieve a Log Stream
+      tags:
+      - LogStream
+    put:
+      description: Replaces a log stream by `logStreamId`
+      operationId: replaceLogStream
+      parameters:
+      - description: id of the log stream
+        explode: false
+        in: path
+        name: logStreamId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/LogStreamRequest'
+            schema:
+              $ref: '#/components/schemas/listLogStreams_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/LogStreamResponse'
+              schema:
+                $ref: '#/components/schemas/listLogStreams_200_response_inner'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.manage
+      summary: Replace a Log Stream
+      tags:
+      - LogStream
+      x-codegen-request-body-name: instance
+  /api/v1/logStreams/{logStreamId}/lifecycle/activate:
+    post:
+      description: Activates a log stream by `logStreamId`
+      operationId: activateLogStream
+      parameters:
+      - description: id of the log stream
+        explode: false
+        in: path
+        name: logStreamId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/LogStreamResponse'
+              schema:
+                $ref: '#/components/schemas/listLogStreams_200_response_inner'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.manage
+      summary: Activate a Log Stream
+      tags:
+      - LogStream
+  /api/v1/logStreams/{logStreamId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a log stream by `logStreamId`
+      operationId: deactivateLogStream
+      parameters:
+      - description: id of the log stream
+        explode: false
+        in: path
+        name: logStreamId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/LogStreamResponse'
+              schema:
+                $ref: '#/components/schemas/listLogStreams_200_response_inner'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.manage
+      summary: Deactivate a Log Stream
+      tags:
+      - LogStream
+  /api/v1/logs:
+    get:
+      description: Lists all system log events. The Okta System Log API provides read
+        access to your organization’s system log. This API provides more functionality
+        than the Events API
+      operationId: listLogEvents
+      parameters:
+      - explode: true
+        in: query
+        name: since
+        required: false
+        schema:
+          format: date-time
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: until
+        required: false
+        schema:
+          format: date-time
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 100
+          type: integer
+        style: form
+      - explode: true
+        in: query
+        name: sortOrder
+        required: false
+        schema:
+          default: ASCENDING
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/LogEvent'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logs.read
+      summary: List all System Log Events
+      tags:
+      - SystemLog
+  /api/v1/mappings:
+    get:
+      description: Lists all profile mappings with pagination
+      operationId: listProfileMappings
+      parameters:
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      - explode: true
+        in: query
+        name: sourceId
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: targetId
+        required: false
+        schema:
+          default: ""
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/ProfileMapping'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.profileMappings.read
+      summary: List all Profile Mappings
+      tags:
+      - ProfileMapping
+  /api/v1/mappings/{mappingId}:
+    get:
+      description: Retrieves a single Profile Mapping referenced by its ID
+      operationId: getProfileMapping
+      parameters:
+      - explode: false
+        in: path
+        name: mappingId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProfileMapping'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.profileMappings.read
+      summary: Retrieve a Profile Mapping
+      tags:
+      - ProfileMapping
+    post:
+      description: "Updates an existing Profile Mapping by adding, updating, or removing\
+        \ one or many Property Mappings"
+      operationId: updateProfileMapping
+      parameters:
+      - explode: false
+        in: path
+        name: mappingId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ProfileMapping'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ProfileMapping'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.profileMappings.manage
+      summary: Update a Profile Mapping
+      tags:
+      - ProfileMapping
+      x-codegen-request-body-name: profileMapping
+  /api/v1/meta/layouts/apps/{appName}:
+    get:
+      description: Retrieves the UI layout for an application by `appName`
+      operationId: getApplicationLayout
+      parameters:
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationLayout'
+          description: successful operation
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.schemas.read
+      summary: Retrieve the UI Layout for an Application
+      tags:
+      - Schema
+  /api/v1/meta/schemas/apps/{appInstanceId}/default:
+    get:
+      description: Retrieves the Schema for an App User
+      operationId: getApplicationUserSchema
+      parameters:
+      - explode: false
+        in: path
+        name: appInstanceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+          description: successful operation
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.schemas.read
+      summary: Retrieve the default Application User Schema for an Application
+      tags:
+      - Schema
+    post:
+      description: Partially updates on the User Profile properties of the Application
+        User Schema
+      operationId: updateApplicationUserProfile
+      parameters:
+      - explode: false
+        in: path
+        name: appInstanceId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Add a custom property to the app user schema:
+                $ref: '#/components/examples/AppUserSchemaAddRequest'
+            schema:
+              $ref: '#/components/schemas/UserSchema'
+        required: false
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/AppUserSchemaResponse'
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+          description: successful operation
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.schemas.manage
+      summary: Update the default Application User Schema for an Application
+      tags:
+      - Schema
+      x-codegen-request-body-name: body
+  /api/v1/meta/schemas/group/default:
+    get:
+      description: Retrieves the group schema
+      operationId: getGroupSchema
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/GroupSchemaResponse'
+              schema:
+                $ref: '#/components/schemas/GroupSchema'
+          description: successful operation
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.schemas.read
+      summary: Retrieve the default Group Schema
+      tags:
+      - Schema
+    post:
+      description: "Updates the default group schema. This updates, adds, or removes\
+        \ one or more custom Group Profile properties in the schema."
+      operationId: updateGroupSchema
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Add a custom property to the group schema:
+                $ref: '#/components/examples/GroupSchemaAddRequest'
+            schema:
+              $ref: '#/components/schemas/GroupSchema'
+      responses:
+        "200":
+          content:
+            application/json:
+              example:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/GroupSchemaResponse'
+              schema:
+                $ref: '#/components/schemas/GroupSchema'
+          description: successful operation
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.schemas.manage
+      summary: Update the default Group Schema
+      tags:
+      - Schema
+  /api/v1/meta/schemas/logStream:
+    get:
+      description: Lists the schema for all log stream types visible for this org
+      operationId: listLogStreamSchemas
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                All log stream schemas for your org:
+                  $ref: '#/components/examples/LogStreamSchemaList'
+              schema:
+                items:
+                  $ref: '#/components/schemas/LogStreamSchema'
+                type: array
+          description: successful operation
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.read
+      summary: List the Log Stream Schemas
+      tags:
+      - Schema
+  /api/v1/meta/schemas/logStream/{logStreamType}:
+    get:
+      description: "Retrieves the schema for a Log Stream type. The `logStreamType`\
+        \ element in the URL specifies the Log Stream type, which is either `aws_eventbridge`\
+        \ or `splunk_cloud_logstreaming`. Use the `aws_eventbridge` literal to retrieve\
+        \ the AWS EventBridge type schema, and use the `splunk_cloud_logstreaming`\
+        \ literal retrieve the Splunk Cloud type schema."
+      operationId: getLogStreamSchema
+      parameters:
+      - explode: false
+        in: path
+        name: logStreamType
+        required: true
+        schema:
+          $ref: '#/components/schemas/LogStreamType'
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Schema for type `aws_eventbridge`:
+                  $ref: '#/components/examples/LogStreamSchemaAws'
+                Schema for type `splunk_cloud_logstreaming`:
+                  $ref: '#/components/examples/LogStreamSchemaSplunk'
+              schema:
+                $ref: '#/components/schemas/LogStreamSchema'
+          description: successful operation
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.logStreams.read
+      summary: Retrieve the Log Stream Schema for the schema type
+      tags:
+      - Schema
+  /api/v1/meta/schemas/user/linkedObjects:
+    get:
+      description: Lists all linked object definitions
+      operationId: listLinkedObjectDefinitions
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/LinkedObject'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.linkedObjects.read
+      summary: List all Linked Object Definitions
+      tags:
+      - LinkedObject
+    post:
+      description: Creates a linked object definition
+      operationId: createLinkedObjectDefinition
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LinkedObject'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LinkedObject'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.linkedObjects.manage
+      summary: Create a Linked Object Definition
+      tags:
+      - LinkedObject
+      x-codegen-request-body-name: linkedObject
+  /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}:
+    delete:
+      description: Deletes a linked object definition
+      operationId: deleteLinkedObjectDefinition
+      parameters:
+      - explode: false
+        in: path
+        name: linkedObjectName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.linkedObjects.manage
+      summary: Delete a Linked Object Definition
+      tags:
+      - LinkedObject
+    get:
+      description: Retrieves a linked object definition
+      operationId: getLinkedObjectDefinition
+      parameters:
+      - explode: false
+        in: path
+        name: linkedObjectName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LinkedObject'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.linkedObjects.read
+      summary: Retrieve a Linked Object Definition
+      tags:
+      - LinkedObject
+  /api/v1/meta/schemas/user/{schemaId}:
+    get:
+      description: Retrieves the schema for a Schema Id
+      operationId: getUserSchema
+      parameters:
+      - explode: false
+        in: path
+        name: schemaId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/UserSchemaResponse'
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.schemas.read
+      summary: Retrieve a User Schema
+      tags:
+      - Schema
+    post:
+      description: Partially updates on the User Profile properties of the user schema
+      operationId: updateUserProfile
+      parameters:
+      - explode: false
+        in: path
+        name: schemaId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Add a custom property to the user schema:
+                $ref: '#/components/examples/UserSchemaAddRequest'
+            schema:
+              $ref: '#/components/schemas/UserSchema'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Response with a subset of properties for brevity:
+                  $ref: '#/components/examples/UserSchemaResponse'
+              schema:
+                $ref: '#/components/schemas/UserSchema'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.schemas.manage
+      summary: Update a User Schema
+      tags:
+      - Schema
+      x-codegen-request-body-name: userSchema
+  /api/v1/meta/types/user:
+    get:
+      description: Lists all User Types in your org
+      operationId: listUserTypes
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/UserType'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.userTypes.read
+      summary: List all User Types
+      tags:
+      - UserType
+    post:
+      description: "Creates a new User Type. A default User Type is automatically\
+        \ created along with your org, and you may add another 9 User Types for a\
+        \ maximum of 10."
+      operationId: createUserType
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserType'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.userTypes.manage
+      summary: Create a User Type
+      tags:
+      - UserType
+      x-codegen-request-body-name: userType
+  /api/v1/meta/types/user/{typeId}:
+    delete:
+      description: "Deletes a User Type permanently. This operation is not permitted\
+        \ for the default type, nor for any User Type that has existing users"
+      operationId: deleteUserType
+      parameters:
+      - explode: false
+        in: path
+        name: typeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.userTypes.manage
+      summary: Delete a User Type
+      tags:
+      - UserType
+    get:
+      description: Retrieves a User Type by ID. The special identifier `default` may
+        be used to fetch the default User Type.
+      operationId: getUserType
+      parameters:
+      - explode: false
+        in: path
+        name: typeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.userTypes.read
+      summary: Retrieve a User Type
+      tags:
+      - UserType
+    post:
+      description: Updates an existing User Type
+      operationId: updateUserType
+      parameters:
+      - explode: false
+        in: path
+        name: typeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserType'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.userTypes.manage
+      summary: Update a User Type
+      tags:
+      - UserType
+      x-codegen-request-body-name: userType
+    put:
+      description: Replaces an existing user type
+      operationId: replaceUserType
+      parameters:
+      - explode: false
+        in: path
+        name: typeId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserType'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserType'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.userTypes.manage
+      summary: Replace a User Type
+      tags:
+      - UserType
+      x-codegen-request-body-name: userType
+  /api/v1/org:
+    get:
+      description: Retrieves the org settings
+      operationId: getOrgSettings
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgSetting'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.read
+      summary: Retrieve the Org Settings
+      tags:
+      - OrgSetting
+    post:
+      description: Partially updates the org settings depending on provided fields
+      operationId: updateOrgSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OrgSetting'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgSetting'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Update the Org Settings
+      tags:
+      - OrgSetting
+    put:
+      description: Replaces the settings of your organization
+      operationId: replaceOrgSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OrgSetting'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgSetting'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Replace the Org Settings
+      tags:
+      - OrgSetting
+      x-codegen-request-body-name: orgSetting
+  /api/v1/org/contacts:
+    get:
+      description: Retrieves Contact Types of your organization
+      operationId: getOrgContactTypes
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OrgContactTypeObj'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.read
+      summary: Retrieve the Org Contact Types
+      tags:
+      - OrgSetting
+  /api/v1/org/contacts/{contactType}:
+    get:
+      description: Retrieves the URL of the User associated with the specified Contact
+        Type
+      operationId: getOrgContactUser
+      parameters:
+      - explode: false
+        in: path
+        name: contactType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgContactUser'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.read
+      summary: Retrieve the User of the Contact Type
+      tags:
+      - OrgSetting
+    put:
+      description: Replaces the User associated with the specified Contact Type
+      operationId: replaceOrgContactUser
+      parameters:
+      - explode: false
+        in: path
+        name: contactType
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/OrgContactUser'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgContactUser'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Replace the User of the Contact Type
+      tags:
+      - OrgSetting
+      x-codegen-request-body-name: orgContactUser
+  /api/v1/org/email/bounces/remove-list:
+    post:
+      description: Removes a list of email addresses to be removed from the set of
+        email addresses that are bounced
+      operationId: bulkRemoveEmailAddressBounces
+      requestBody:
+        content:
+          application/json:
+            examples:
+              example-1:
+                value:
+                  emailAddresses:
+                  - name@company.com
+                  - unknown.email@okta.com
+                  - name@okta@com
+            schema:
+              $ref: '#/components/schemas/BouncesRemoveListObj'
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                example-1:
+                  value:
+                    errors:
+                    - emailAddress: unknown.email@okta.com
+                      reason: This email address does not belong to any user in your
+                        organization.
+                    - emailAddress: name@okta@com
+                      reason: Invalid email address. The provided email address failed
+                        validation against RFC 3696.
+              schema:
+                $ref: '#/components/schemas/BouncesRemoveListResult'
+          description: Deletes the provided list of emails from the set of email addresses
+            that are bounced so that the provider resumes sending emails to those
+            addresses.
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Remove Emails from Email Provider Bounce List
+      tags:
+      - OrgSetting
+  /api/v1/org/logo:
+    post:
+      description: "Uploads and replaces the logo for your organization. The file\
+        \ must be in PNG, JPG, or GIF format and less than 100kB in size. For best\
+        \ results use landscape orientation, a transparent background, and a minimum\
+        \ size of 300px by 50px to prevent upscaling."
+      operationId: uploadOrgLogo
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              $ref: '#/components/schemas/uploadBrandThemeLogo_request'
+        description: logo file
+      responses:
+        "201":
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.apps.manage
+      summary: Upload the Org Logo
+      tags:
+      - OrgSetting
+  /api/v1/org/preferences:
+    get:
+      description: Retrieves preferences of your organization
+      operationId: getOrgPreferences
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgPreferences'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.read
+      summary: Retrieve the Org Preferences
+      tags:
+      - OrgSetting
+  /api/v1/org/preferences/hideEndUserFooter:
+    post:
+      description: Updates the preference hide the Okta UI footer for all end users
+        of your organization
+      operationId: updateOrgHideOktaUIFooter
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgPreferences'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Update the Preference to Hide the Okta Dashboard Footer
+      tags:
+      - OrgSetting
+  /api/v1/org/preferences/showEndUserFooter:
+    post:
+      description: Updates the preference to show the Okta UI footer for all end users
+        of your organization
+      operationId: updateOrgShowOktaUIFooter
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgPreferences'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Update the Preference to Show the Okta Dashboard Footer
+      tags:
+      - OrgSetting
+  /api/v1/org/privacy/oktaCommunication:
+    get:
+      description: Retrieves Okta Communication Settings of your organization
+      operationId: getOktaCommunicationSettings
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.read
+      summary: Retrieve the Okta Communication Settings
+      tags:
+      - OrgSetting
+  /api/v1/org/privacy/oktaCommunication/optIn:
+    post:
+      description: Opts in all users of this org to Okta Communication emails
+      operationId: optInUsersToOktaCommunicationEmails
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Opt in all Users to Okta Communication emails
+      tags:
+      - OrgSetting
+  /api/v1/org/privacy/oktaCommunication/optOut:
+    post:
+      description: Opts out all users of this org from Okta Communication emails
+      operationId: optOutUsersFromOktaCommunicationEmails
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Opt out all Users from Okta Communication emails
+      tags:
+      - OrgSetting
+  /api/v1/org/privacy/oktaSupport:
+    get:
+      description: Retrieves Okta Support Settings of your organization
+      operationId: getOrgOktaSupportSettings
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.read
+      summary: Retrieve the Okta Support Settings
+      tags:
+      - OrgSetting
+  /api/v1/org/privacy/oktaSupport/extend:
+    post:
+      description: Extends the length of time that Okta Support can access your org
+        by 24 hours. This means that 24 hours are added to the remaining access time.
+      operationId: extendOktaSupport
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Extend Okta Support Access
+      tags:
+      - OrgSetting
+  /api/v1/org/privacy/oktaSupport/grant:
+    post:
+      description: Grants Okta Support temporary access your org as an administrator
+        for eight hours
+      operationId: grantOktaSupport
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Grant Okta Support Access to your Org
+      tags:
+      - OrgSetting
+  /api/v1/org/privacy/oktaSupport/revoke:
+    post:
+      description: Revokes Okta Support access to your organization
+      operationId: revokeOktaSupport
+      parameters: []
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Revoke Okta Support Access
+      tags:
+      - OrgSetting
+  /api/v1/policies:
+    get:
+      description: Lists all policies with the specified type
+      operationId: listPolicies
+      parameters:
+      - explode: true
+        in: query
+        name: type
+        required: true
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: status
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          default: ""
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listPolicies_200_response_inner'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.read
+      summary: List all Policies
+      tags:
+      - Policy
+    post:
+      description: Creates a policy
+      operationId: createPolicy
+      parameters:
+      - explode: true
+        in: query
+        name: activate
+        required: false
+        schema:
+          default: true
+          type: boolean
+        style: form
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/listPolicies_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listPolicies_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Create a Policy
+      tags:
+      - Policy
+      x-codegen-request-body-name: policy
+  /api/v1/policies/{policyId}:
+    delete:
+      description: Deletes a policy
+      operationId: deletePolicy
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Delete a Policy
+      tags:
+      - Policy
+    get:
+      description: Retrieves a policy
+      operationId: getPolicy
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          default: ""
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listPolicies_200_response_inner'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.read
+      summary: Retrieve a Policy
+      tags:
+      - Policy
+    put:
+      description: Replaces a policy
+      operationId: replacePolicy
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/listPolicies_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listPolicies_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Replace a Policy
+      tags:
+      - Policy
+      x-codegen-request-body-name: policy
+  /api/v1/policies/{policyId}/clone:
+    post:
+      description: Clones an existing policy
+      operationId: clonePolicy
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listPolicies_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Clone an existing policy
+      tags:
+      - Policy
+  /api/v1/policies/{policyId}/lifecycle/activate:
+    post:
+      description: Activates a policy
+      operationId: activatePolicy
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Activate a Policy
+      tags:
+      - Policy
+  /api/v1/policies/{policyId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a policy
+      operationId: deactivatePolicy
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Deactivate a Policy
+      tags:
+      - Policy
+  /api/v1/policies/{policyId}/rules:
+    get:
+      description: Lists all policy rules
+      operationId: listPolicyRules
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listPolicyRules_200_response_inner'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.read
+      summary: List all Policy Rules
+      tags:
+      - Policy
+    post:
+      description: Creates a policy rule
+      operationId: createPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/listPolicyRules_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listPolicyRules_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Create a Policy Rule
+      tags:
+      - Policy
+      x-codegen-request-body-name: policyRule
+  /api/v1/policies/{policyId}/rules/{ruleId}:
+    delete:
+      description: Deletes a policy rule
+      operationId: deletePolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Delete a Policy Rule
+      tags:
+      - Policy
+    get:
+      description: Retrieves a policy rule
+      operationId: getPolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listPolicyRules_200_response_inner'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.read
+      summary: Retrieve a Policy Rule
+      tags:
+      - Policy
+    put:
+      description: Replaces a policy rules
+      operationId: replacePolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/listPolicyRules_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listPolicyRules_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Replace a Policy Rule
+      tags:
+      - Policy
+      x-codegen-request-body-name: policyRule
+  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
+    post:
+      description: Activates a policy rule
+      operationId: activatePolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Activate a Policy Rule
+      tags:
+      - Policy
+  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a policy rule
+      operationId: deactivatePolicyRule
+      parameters:
+      - explode: false
+        in: path
+        name: policyId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: ruleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.policies.manage
+      summary: Deactivate a Policy Rule
+      tags:
+      - Policy
+  /api/v1/principal-rate-limits:
+    get:
+      description: Lists all Principal Rate Limit entities considering the provided
+        parameters
+      operationId: listPrincipalRateLimitEntities
+      parameters:
+      - explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          maximum: 50
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/PrincipalRateLimitEntity'
+                type: array
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.principalRateLimits.read
+      summary: List all Principal Rate Limits
+      tags:
+      - PrincipalRateLimit
+    post:
+      description: "Creates a new Principal Rate Limit entity. In the current release,\
+        \ we only allow one Principal Rate Limit entity per org and principal."
+      operationId: createPrincipalRateLimitEntity
+      requestBody:
+        content:
+          application/json:
+            examples:
+              SSWSToken:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
+              EmptyPercentages:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
+            schema:
+              $ref: '#/components/schemas/PrincipalRateLimitEntity'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              examples:
+                SSWSToken:
+                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
+              schema:
+                $ref: '#/components/schemas/PrincipalRateLimitEntity'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.principalRateLimits.manage
+      summary: Create a Principal Rate Limit
+      tags:
+      - PrincipalRateLimit
+      x-codegen-request-body-name: entity
+  /api/v1/principal-rate-limits/{principalRateLimitId}:
+    get:
+      description: Retrieves a Principal Rate Limit entity by `principalRateLimitId`
+      operationId: getPrincipalRateLimitEntity
+      parameters:
+      - description: id of the Principal Rate Limit
+        explode: false
+        in: path
+        name: principalRateLimitId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                SSWSToken:
+                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
+              schema:
+                $ref: '#/components/schemas/PrincipalRateLimitEntity'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.principalRateLimits.read
+      summary: Retrieve a Principal Rate Limit
+      tags:
+      - PrincipalRateLimit
+    put:
+      description: Replaces a principal rate limit entity by `principalRateLimitId`
+      operationId: replacePrincipalRateLimitEntity
+      parameters:
+      - description: id of the Principal Rate Limit
+        explode: false
+        in: path
+        name: principalRateLimitId
+        required: true
+        schema:
+          example: abcd1234
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              SSWSToken:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
+              EmptyPercentages:
+                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
+            schema:
+              $ref: '#/components/schemas/PrincipalRateLimitEntity'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                SSWSToken:
+                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
+              schema:
+                $ref: '#/components/schemas/PrincipalRateLimitEntity'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.principalRateLimits.manage
+      summary: Replace a Principal Rate Limit
+      tags:
+      - PrincipalRateLimit
+      x-codegen-request-body-name: entity
+  /api/v1/push-providers:
+    get:
+      description: Lists all push providers
+      operationId: listPushProviders
+      parameters:
+      - description: Filters push providers by `providerType`
+        explode: true
+        in: query
+        name: type
+        required: false
+        schema:
+          $ref: '#/components/schemas/ProviderType'
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listPushProviders_200_response_inner'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.pushProviders.read
+      summary: List all Push Providers
+      tags:
+      - PushProvider
+    post:
+      description: Creates a new push provider
+      operationId: createPushProvider
+      requestBody:
+        content:
+          application/json:
+            examples:
+              APNs:
+                $ref: '#/components/examples/PushProviderAPNsRequest'
+              FCM:
+                $ref: '#/components/examples/PushProviderFCMRequest'
+            schema:
+              $ref: '#/components/schemas/listPushProviders_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                APNs:
+                  $ref: '#/components/examples/PushProviderAPNsResponse'
+                FCM:
+                  $ref: '#/components/examples/PushProviderFCMResponse'
+              schema:
+                $ref: '#/components/schemas/listPushProviders_200_response_inner'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.pushProviders.manage
+      summary: Create a Push Provider
+      tags:
+      - PushProvider
+      x-codegen-request-body-name: pushProvider
+  /api/v1/push-providers/{pushProviderId}:
+    delete:
+      description: "Deletes a push provider by `pushProviderId`. If the push provider\
+        \ is currently being used in the org by a custom authenticator, the delete\
+        \ will not be allowed."
+      operationId: deletePushProvider
+      parameters:
+      - description: Id of the push provider
+        explode: false
+        in: path
+        name: pushProviderId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              examples:
+                Cannot remove push provider in use by a custom app authenticator:
+                  $ref: '#/components/examples/ErrorPushProviderUsedByCustomAppAuthenticator'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Conflict
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.pushProviders.manage
+      summary: Delete a Push Provider
+      tags:
+      - PushProvider
+    get:
+      description: Retrieves a push provider by `pushProviderId`
+      operationId: getPushProvider
+      parameters:
+      - description: Id of the push provider
+        explode: false
+        in: path
+        name: pushProviderId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                APNs:
+                  $ref: '#/components/examples/PushProviderAPNsResponse'
+                FCM:
+                  $ref: '#/components/examples/PushProviderFCMResponse'
+              schema:
+                $ref: '#/components/schemas/listPushProviders_200_response_inner'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.pushProviders.read
+      summary: Retrieve a Push Provider
+      tags:
+      - PushProvider
+    put:
+      description: Replaces a push provider by `pushProviderId`
+      operationId: replacePushProvider
+      parameters:
+      - description: Id of the push provider
+        explode: false
+        in: path
+        name: pushProviderId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              APNs:
+                $ref: '#/components/examples/PushProviderAPNsRequest'
+              FCM:
+                $ref: '#/components/examples/PushProviderFCMRequest'
+            schema:
+              $ref: '#/components/schemas/listPushProviders_200_response_inner'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                APNs:
+                  $ref: '#/components/examples/PushProviderAPNsResponse'
+                FCM:
+                  $ref: '#/components/examples/PushProviderFCMResponse'
+              schema:
+                $ref: '#/components/schemas/listPushProviders_200_response_inner'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.pushProviders.manage
+      summary: Replace a Push Provider
+      tags:
+      - PushProvider
+      x-codegen-request-body-name: pushProvider
+  /api/v1/rate-limit-settings/admin-notifications:
+    get:
+      description: Retrieves the currently configured Rate Limit Admin Notification
+        Settings
+      operationId: getRateLimitSettingsAdminNotifications
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Enabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
+                Disabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
+              schema:
+                $ref: '#/components/schemas/RateLimitAdminNotifications'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.rateLimits.read
+      summary: Retrieve the Rate Limit Admin Notification Settings
+      tags:
+      - RateLimitSettings
+    put:
+      description: Replaces the Rate Limit Admin Notification Settings and returns
+        the configured properties
+      operationId: replaceRateLimitSettingsAdminNotifications
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Enabled:
+                $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
+              Disabled:
+                $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
+            schema:
+              $ref: '#/components/schemas/RateLimitAdminNotifications'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Enabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
+                Disabled:
+                  $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
+              schema:
+                $ref: '#/components/schemas/RateLimitAdminNotifications'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.rateLimits.manage
+      summary: Replace the Rate Limit Admin Notification Settings
+      tags:
+      - RateLimitSettings
+      x-codegen-request-body-name: RateLimitAdminNotifications
+  /api/v1/rate-limit-settings/per-client:
+    get:
+      description: Retrieves the currently configured Per-Client Rate Limit Settings
+      operationId: getRateLimitSettingsPerClient
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                EnforceDefault:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
+                EnforceDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
+                PreviewDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
+              schema:
+                $ref: '#/components/schemas/PerClientRateLimitSettings'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.rateLimits.read
+      summary: Retrieve the Per-Client Rate Limit Settings
+      tags:
+      - RateLimitSettings
+    put:
+      description: Replaces the Per-Client Rate Limit Settings and returns the configured
+        properties
+      operationId: replaceRateLimitSettingsPerClient
+      requestBody:
+        content:
+          application/json:
+            examples:
+              EnforceDefault:
+                $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
+              EnforceDefaultWithOverrides:
+                $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
+              PreviewDefaultWithOverrides:
+                $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
+            schema:
+              $ref: '#/components/schemas/PerClientRateLimitSettings'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                EnforceDefault:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
+                EnforceDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
+                PreviewDefaultWithOverrides:
+                  $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
+              schema:
+                $ref: '#/components/schemas/PerClientRateLimitSettings'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.rateLimits.manage
+      summary: Replace the Per-Client Rate Limit Settings
+      tags:
+      - RateLimitSettings
+      x-codegen-request-body-name: perClientRateLimitSettings
+  /api/v1/risk/events/ip:
+    post:
+      description: "Sends multiple risk events to Okta. This API is intended for Risk\
+        \ Providers. This API has a rate limit of 30 requests per minute. The caller\
+        \ should include multiple Risk Events (up to a maximum of 20 events) in a\
+        \ single payload to reduce the number of API calls. If a client has more risk\
+        \ signals to send than what the API supports, we recommend prioritizing posting\
+        \ high risk signals."
+      operationId: sendRiskEvents
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Example Request:
+                $ref: '#/components/examples/RiskEventsRequest'
+            schema:
+              items:
+                $ref: '#/components/schemas/RiskEvent'
+              type: array
+        required: true
+      responses:
+        "202":
+          description: Accepted
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.riskEvents.manage
+      summary: Send multiple Risk Events
+      tags:
+      - RiskEvent
+      x-codegen-request-body-name: instance
+  /api/v1/risk/providers:
+    get:
+      description: Lists all Risk Providers
+      operationId: listRiskProviders
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/RiskProvider'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.riskProviders.read
+      summary: List all Risk Providers
+      tags:
+      - RiskProvider
+    post:
+      description: "Creates a risk provider. A maximum of 3 providers can be created.\
+        \ By default, one risk provider is created by Okta."
+      operationId: createRiskProvider
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Request Example:
+                $ref: '#/components/examples/RiskProviderRequest'
+            schema:
+              $ref: '#/components/schemas/RiskProvider'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RiskProviderResponse'
+              schema:
+                $ref: '#/components/schemas/RiskProvider'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.riskProviders.manage
+      summary: Create a Risk Provider
+      tags:
+      - RiskProvider
+      x-codegen-request-body-name: instance
+  /api/v1/risk/providers/{riskProviderId}:
+    delete:
+      description: Deletes a CAPTCHA instance by `riskProviderId`
+      operationId: deleteRiskProvider
+      parameters:
+      - description: '`id` of the risk provider'
+        explode: false
+        in: path
+        name: riskProviderId
+        required: true
+        schema:
+          example: 00rp12r4skkjkjgsn
+          type: string
+        style: simple
+      responses:
+        "204":
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.riskProviders.manage
+      summary: Delete a Risk Provider
+      tags:
+      - RiskProvider
+    get:
+      description: Retrieves a risk provider by `riskProviderId`
+      operationId: getRiskProvider
+      parameters:
+      - description: '`id` of the risk provider'
+        explode: false
+        in: path
+        name: riskProviderId
+        required: true
+        schema:
+          example: 00rp12r4skkjkjgsn
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RiskProviderResponse'
+              schema:
+                $ref: '#/components/schemas/RiskProvider'
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.riskProviders.read
+      summary: Retrieve a Risk Provider
+      tags:
+      - RiskProvider
+    put:
+      description: Replaces a risk provider by `riskProviderId`
+      operationId: replaceRiskProvider
+      parameters:
+      - description: '`id` of the risk provider'
+        explode: false
+        in: path
+        name: riskProviderId
+        required: true
+        schema:
+          example: 00rp12r4skkjkjgsn
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            examples:
+              Request Example:
+                $ref: '#/components/examples/RiskProviderRequest'
+            schema:
+              $ref: '#/components/schemas/RiskProvider'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                Example Response:
+                  $ref: '#/components/examples/RiskProviderResponse'
+              schema:
+                $ref: '#/components/schemas/RiskProvider'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.riskProviders.manage
+      summary: Replace a Risk Provider
+      tags:
+      - RiskProvider
+      x-codegen-request-body-name: instance
+  /api/v1/roles/{roleTypeOrRoleId}/subscriptions:
+    get:
+      description: Lists all subscriptions of a Role identified by `roleType` or of
+        a Custom Role identified by `roleId`
+      operationId: listRoleSubscriptions
+      parameters:
+      - explode: false
+        in: path
+        name: roleTypeOrRoleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Subscription'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Subscriptions of a Custom Role
+      tags:
+      - Subscription
+  /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}:
+    get:
+      description: Lists all subscriptions with a specific notification type of a
+        Role identified by `roleType` or of a Custom Role identified by `roleId`
+      operationId: listRoleSubscriptionsByNotificationType
+      parameters:
+      - explode: false
+        in: path
+        name: roleTypeOrRoleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: notificationType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Subscription'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Subscriptions of a Custom Role with a specific notification
+        type
+      tags:
+      - Subscription
+  /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe:
+    post:
+      description: "Subscribes a Role identified by `roleType` or of a Custom Role\
+        \ identified by `roleId` to a specific notification type. When you change\
+        \ the subscription status of a Role or Custom Role, it overrides the subscription\
+        \ of any individual user of that Role or Custom Role."
+      operationId: subscribeRoleSubscriptionByNotificationType
+      parameters:
+      - explode: false
+        in: path
+        name: roleTypeOrRoleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: notificationType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Subscribe a Custom Role to a specific notification type
+      tags:
+      - Subscription
+  /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe:
+    post:
+      description: "Unsubscribes a Role identified by `roleType` or of a Custom Role\
+        \ identified by `roleId` from a specific notification type. When you change\
+        \ the subscription status of a Role or Custom Role, it overrides the subscription\
+        \ of any individual user of that Role or Custom Role."
+      operationId: unsubscribeRoleSubscriptionByNotificationType
+      parameters:
+      - explode: false
+        in: path
+        name: roleTypeOrRoleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: notificationType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unsubscribe a Custom Role from a specific notification type
+      tags:
+      - Subscription
+  /api/v1/sessions:
+    post:
+      description: "Creates a new session for a user with a valid session token. Use\
+        \ this API if, for example, you want to set the session cookie yourself instead\
+        \ of allowing Okta to set it, or want to hold the session ID in order to delete\
+        \ a session via the API instead of visiting the logout URL."
+      operationId: createSession
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateSessionRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Session'
+          description: Success
+        "400":
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      summary: Create a Session with Session Token
+      tags:
+      - Session
+      x-codegen-request-body-name: createSessionRequest
+  /api/v1/sessions/{sessionId}:
+    delete:
+      description: Revokes a session
+      operationId: revokeSession
+      parameters:
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.sessions.manage
+      summary: Revoke a Session
+      tags:
+      - Session
+    get:
+      description: Retrieves the details about a session
+      operationId: getSession
+      parameters:
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Session'
+          description: Success
+        "400":
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.sessions.read
+      summary: Retrieve a Session
+      tags:
+      - Session
+  /api/v1/sessions/{sessionId}/lifecycle/refresh:
+    post:
+      description: Refreshes a session
+      operationId: refreshSession
+      parameters:
+      - explode: false
+        in: path
+        name: sessionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Session'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.sessions.manage
+      summary: Refresh a Session
+      tags:
+      - Session
+  /api/v1/templates/sms:
+    get:
+      description: Lists all custom SMS templates. A subset of templates can be returned
+        that match a template type.
+      operationId: listSmsTemplates
+      parameters:
+      - explode: true
+        in: query
+        name: templateType
+        required: false
+        schema:
+          $ref: '#/components/schemas/SmsTemplateType'
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/SmsTemplate'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: List all SMS Templates
+      tags:
+      - Template
+    post:
+      description: Creates a new custom SMS template
+      operationId: createSmsTemplate
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Create an SMS Template
+      tags:
+      - Template
+      x-codegen-request-body-name: smsTemplate
+  /api/v1/templates/sms/{templateId}:
+    delete:
+      description: Deletes an SMS template
+      operationId: deleteSmsTemplate
+      parameters:
+      - explode: false
+        in: path
+        name: templateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Delete an SMS Template
+      tags:
+      - Template
+    get:
+      description: Retrieves a specific template by `id`
+      operationId: getSmsTemplate
+      parameters:
+      - explode: false
+        in: path
+        name: templateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.read
+      summary: Retrieve an SMS Template
+      tags:
+      - Template
+    post:
+      description: Updates an SMS template
+      operationId: updateSmsTemplate
+      parameters:
+      - explode: false
+        in: path
+        name: templateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Update an SMS Template
+      tags:
+      - Template
+      x-codegen-request-body-name: smsTemplate
+    put:
+      description: Replaces the SMS template
+      operationId: replaceSmsTemplate
+      parameters:
+      - explode: false
+        in: path
+        name: templateId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SmsTemplate'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SmsTemplate'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.templates.manage
+      summary: Replace an SMS Template
+      tags:
+      - Template
+      x-codegen-request-body-name: smsTemplate
+  /api/v1/threats/configuration:
+    get:
+      description: Retrieves current ThreatInsight configuration
+      operationId: getCurrentConfiguration
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThreatInsightConfiguration'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.threatInsights.read
+      summary: Retrieve the ThreatInsight Configuration
+      tags:
+      - ThreatInsight
+    post:
+      description: Updates ThreatInsight configuration
+      operationId: updateConfiguration
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ThreatInsightConfiguration'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ThreatInsightConfiguration'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.threatInsights.manage
+      summary: Update the ThreatInsight Configuration
+      tags:
+      - ThreatInsight
+      x-codegen-request-body-name: threatInsightConfiguration
+  /api/v1/trustedOrigins:
+    get:
+      description: Lists all trusted origins
+      operationId: listTrustedOrigins
+      parameters:
+      - explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/TrustedOrigin'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.trustedOrigins.read
+      summary: List all Trusted Origins
+      tags:
+      - TrustedOrigin
+    post:
+      description: Creates a trusted origin
+      operationId: createTrustedOrigin
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TrustedOrigin'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.trustedOrigins.manage
+      summary: Create a Trusted Origin
+      tags:
+      - TrustedOrigin
+      x-codegen-request-body-name: trustedOrigin
+  /api/v1/trustedOrigins/{trustedOriginId}:
+    delete:
+      description: Deletes a trusted origin
+      operationId: deleteTrustedOrigin
+      parameters:
+      - explode: false
+        in: path
+        name: trustedOriginId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.trustedOrigins.manage
+      summary: Delete a Trusted Origin
+      tags:
+      - TrustedOrigin
+    get:
+      description: Retrieves a trusted origin
+      operationId: getTrustedOrigin
+      parameters:
+      - explode: false
+        in: path
+        name: trustedOriginId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.trustedOrigins.read
+      summary: Retrieve a Trusted Origin
+      tags:
+      - TrustedOrigin
+    put:
+      description: Replaces a trusted origin
+      operationId: replaceTrustedOrigin
+      parameters:
+      - explode: false
+        in: path
+        name: trustedOriginId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TrustedOrigin'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.trustedOrigins.manage
+      summary: Replace a Trusted Origin
+      tags:
+      - TrustedOrigin
+      x-codegen-request-body-name: trustedOrigin
+  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate:
+    post:
+      description: Activates a trusted origin
+      operationId: activateTrustedOrigin
+      parameters:
+      - explode: false
+        in: path
+        name: trustedOriginId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.trustedOrigins.manage
+      summary: Activate a Trusted Origin
+      tags:
+      - TrustedOrigin
+  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a trusted origin
+      operationId: deactivateTrustedOrigin
+      parameters:
+      - explode: false
+        in: path
+        name: trustedOriginId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustedOrigin'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.trustedOrigins.manage
+      summary: Deactivate a Trusted Origin
+      tags:
+      - TrustedOrigin
+  /api/v1/users:
+    get:
+      description: "Lists all users that do not have a status of 'DEPROVISIONED' (by\
+        \ default), up to the maximum (200 for most orgs), with pagination.  A subset\
+        \ of users can be returned that match a supported filter expression or search\
+        \ criteria."
+      operationId: listUsers
+      parameters:
+      - description: "Finds a user that matches firstName, lastName, and email properties"
+        explode: true
+        in: query
+        name: q
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: "The cursor to use for pagination. It is an opaque string that\
+          \ specifies your current location in the list and is obtained from the `Link`\
+          \ response header. See [Pagination](/#pagination) for more information."
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of results returned. Defaults to 10 if `q`
+          is provided.
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 200
+          format: int32
+          type: integer
+        style: form
+      - description: Filters users with a supported expression for a subset of properties
+        explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Searches for users with a supported filtering expression for
+          most properties. Okta recommends using this parameter for search for best
+          performance.
+        explode: true
+        in: query
+        name: search
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: sortBy
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: sortOrder
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                User List:
+                  $ref: '#/components/examples/ListUsersResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/User'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Users
+      tags:
+      - User
+    post:
+      description: Creates a new user in your Okta organization with or without credentials
+      operationId: createUser
+      parameters:
+      - description: Executes activation lifecycle operation when creating the user
+        explode: true
+        in: query
+        name: activate
+        required: false
+        schema:
+          default: true
+          type: boolean
+        style: form
+      - description: Indicates whether to create a user with a specified authentication
+          provider
+        explode: true
+        in: query
+        name: provider
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+      - description: "With activate=true, set nextLogin to \"changePassword\" to have\
+          \ the password be EXPIRED, so user must change it the next time they log\
+          \ in."
+        explode: true
+        in: query
+        name: nextLogin
+        required: false
+        schema:
+          $ref: '#/components/schemas/UserNextLogin'
+        style: form
+        x-okta-added-version: 0.14.0
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CreateUserRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                Create user with too many groups specified:
+                  $ref: '#/components/examples/ErrorCreateUserWithTooManyManyGroupsResponse'
+                Create user with expired password and activate set to `false`:
+                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithoutActivation'
+                Create user with expired password and `null` password:
+                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithNullPassword'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Create a User
+      tags:
+      - User
+      x-codegen-request-body-name: body
+  /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
+    put:
+      description: Creates a linked object for two users
+      operationId: setLinkedObjectForUser
+      parameters:
+      - explode: false
+        in: path
+        name: associatedUserId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: primaryRelationshipName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: primaryUserId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - oauth2:
+        - okta.users.manage
+      summary: Create a Linked Object for two User
+      tags:
+      - User
+  /api/v1/users/{userId}:
+    delete:
+      description: Deletes a user permanently. This operation can only be performed
+        on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**.
+        Calling this on an `ACTIVE` user will transition the user to `DEPROVISIONED`.
+      operationId: deleteUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: sendEmail
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+        x-okta-added-version: 1.5.0
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Delete a User
+      tags:
+      - User
+    get:
+      description: Retrieves a user from your Okta organization
+      operationId: getUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: "Specifies additional metadata to include in the response. Possible\
+          \ value: `blocks`"
+        explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+          description: Success
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: Retrieve a User
+      tags:
+      - User
+    post:
+      description: Updates a user partially determined by the request parameters
+      operationId: updateUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: strict
+        required: false
+        schema:
+          type: boolean
+        style: form
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateUserRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+          description: Success
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Update a User
+      tags:
+      - User
+      x-codegen-request-body-name: user
+    put:
+      description: Replaces a user's profile and/or credentials using strict-update
+        semantics
+      operationId: replaceUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: strict
+        required: false
+        schema:
+          type: boolean
+        style: form
+        x-okta-added-version: 1.10.0
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateUserRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+          description: Success
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Replace a User
+      tags:
+      - User
+      x-codegen-request-body-name: user
+  /api/v1/users/{userId}/appLinks:
+    get:
+      description: Lists all appLinks for all direct or indirect (via group membership)
+        assigned applications
+      operationId: listAppLinks
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/AppLink'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Assigned Application Links
+      tags:
+      - User
+  /api/v1/users/{userId}/blocks:
+    get:
+      description: Lists information about how the user is blocked from accessing
+        their account
+      operationId: listUserBlocks
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                BlocksUnknownDevices:
+                  $ref: '#/components/examples/ListUserBlocksUnknownDevicesResponse'
+                BlocksAnyDevices:
+                  $ref: '#/components/examples/ListUserBlocksAnyDevicesResponse'
+              schema:
+                items:
+                  $ref: '#/components/schemas/UserBlock'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all User Blocks
+      tags:
+      - User
+  /api/v1/users/{userId}/clients:
+    get:
+      description: Lists all client resources for which the specified user has grants
+        or tokens
+      operationId: listUserClients
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2Client'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Clients
+      tags:
+      - User
+  /api/v1/users/{userId}/clients/{clientId}/grants:
+    delete:
+      description: Revokes all grants for the specified user and client
+      operationId: revokeGrantsForUserAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Revoke all Grants for a Client
+      tags:
+      - User
+    get:
+      description: Lists all grants for a specified user and client
+      operationId: listGrantsForUserAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Grants for a Client
+      tags:
+      - User
+  /api/v1/users/{userId}/clients/{clientId}/tokens:
+    delete:
+      description: Revokes all refresh tokens issued for the specified User and Client
+      operationId: revokeTokensForUserAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Revoke all Refresh Tokens for a Client
+      tags:
+      - User
+    get:
+      description: Lists all refresh tokens issued for the specified User and Client
+      operationId: listRefreshTokensForUserAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2RefreshToken'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Refresh Tokens for a Client
+      tags:
+      - User
+  /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}:
+    delete:
+      description: Revokes the specified refresh token
+      operationId: revokeTokenForUserAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: tokenId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Revoke a Token for a Client
+      tags:
+      - User
+    get:
+      description: Retrieves a refresh token issued for the specified User and Client
+      operationId: getRefreshTokenForUserAndClient
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: clientId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: tokenId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          type: integer
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2RefreshToken'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: Retrieve a Refresh Token for a Client
+      tags:
+      - User
+  /api/v1/users/{userId}/credentials/change_password:
+    post:
+      description: "Changes a user's password by validating the user's current password.\
+        \ This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`,\
+        \ or `RECOVERY` status that have a valid password credential"
+      operationId: changePassword
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: strict
+        required: false
+        schema:
+          type: boolean
+        style: form
+        x-okta-added-version: 1.10.0
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ChangePasswordRequest'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserCredentials'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Change Password
+      tags:
+      - User
+      x-codegen-request-body-name: changePasswordRequest
+  /api/v1/users/{userId}/credentials/change_recovery_question:
+    post:
+      description: "Changes a user's recovery question & answer credential by validating\
+        \ the user's current password.  This operation can only be performed on users\
+        \ in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password\
+        \ credential"
+      operationId: changeRecoveryQuestion
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserCredentials'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserCredentials'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Change Recovery Question
+      tags:
+      - User
+      x-codegen-request-body-name: userCredentials
+  /api/v1/users/{userId}/credentials/forgot_password:
+    post:
+      description: Initiates the forgot password flow. Generates a one-time token
+        (OTT) that can be used to reset a user's password.
+      operationId: forgotPassword
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: sendEmail
+        required: false
+        schema:
+          default: true
+          type: boolean
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ForgotPasswordResponse'
+          description: Reset url
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Initiate Forgot Password
+      tags:
+      - User
+  /api/v1/users/{userId}/credentials/forgot_password_recovery_question:
+    post:
+      description: Resets the user's password to the specified password if the provided
+        answer to the recovery question is correct
+      operationId: forgotPasswordSetNewPassword
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: sendEmail
+        required: false
+        schema:
+          default: true
+          type: boolean
+        style: form
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserCredentials'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserCredentials'
+          description: Credentials
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Reset Password with Recovery Question
+      tags:
+      - User
+      x-codegen-request-body-name: userCredentials
+  /api/v1/users/{userId}/factors:
+    get:
+      description: Lists all the enrolled factors for the specified user
+      operationId: listFactors
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listFactors_200_response_inner'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Factors
+      tags:
+      - UserFactor
+    post:
+      description: Enrolls a user with a supported factor
+      operationId: enrollFactor
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: updatePhone
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+      - description: id of SMS template (only for SMS factor)
+        explode: true
+        in: query
+        name: templateId
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: tokenLifetimeSeconds
+        required: false
+        schema:
+          default: 300
+          format: int32
+          type: integer
+        style: form
+        x-okta-added-version: 1.3.0
+      - explode: true
+        in: query
+        name: activate
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+        x-okta-added-version: 1.3.0
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/listFactors_200_response_inner'
+        description: Factor
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listFactors_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Enroll a Factor
+      tags:
+      - UserFactor
+      x-codegen-request-body-name: body
+  /api/v1/users/{userId}/factors/catalog:
+    get:
+      description: Lists all the supported factors that can be enrolled for the specified
+        user
+      operationId: listSupportedFactors
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/listFactors_200_response_inner'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Supported Factors
+      tags:
+      - UserFactor
+  /api/v1/users/{userId}/factors/questions:
+    get:
+      description: Lists all available security questions for a user's `question`
+        factor
+      operationId: listSupportedSecurityQuestions
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/SecurityQuestion'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      summary: List all Supported Security Questions
+      tags:
+      - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}:
+    delete:
+      description: "Unenrolls an existing factor for the specified user, allowing\
+        \ the user to enroll a new factor"
+      operationId: unenrollFactor
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: factorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: removeEnrollmentRecovery
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Unenroll a Factor
+      tags:
+      - UserFactor
+    get:
+      description: Retrieves a factor for the specified user
+      operationId: getFactor
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: factorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listFactors_200_response_inner'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: Retrieve a Factor
+      tags:
+      - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate:
+    post:
+      description: Activates a factor. The `sms` and `token:software:totp` factor
+        types require activation to complete the enrollment process.
+      operationId: activateFactor
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: factorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ActivateFactorRequest'
+        required: false
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/listFactors_200_response_inner'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Activate a Factor
+      tags:
+      - UserFactor
+      x-codegen-request-body-name: body
+  /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}:
+    get:
+      description: Retrieves the factors verification transaction status
+      operationId: getFactorTransactionStatus
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: factorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: transactionId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/VerifyUserFactorResponse'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: Retrieve a Factor Transaction Status
+      tags:
+      - UserFactor
+  /api/v1/users/{userId}/factors/{factorId}/verify:
+    post:
+      description: Verifies an OTP for a `token` or `token:hardware` factor
+      operationId: verifyFactor
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: factorId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: templateId
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: tokenLifetimeSeconds
+        required: false
+        schema:
+          default: 300
+          format: int32
+          type: integer
+        style: form
+        x-okta-added-version: 1.3.0
+      - explode: false
+        in: header
+        name: X-Forwarded-For
+        required: false
+        schema:
+          type: string
+        style: simple
+        x-okta-added-version: 1.11.0
+      - explode: false
+        in: header
+        name: User-Agent
+        required: false
+        schema:
+          type: string
+        style: simple
+        x-okta-added-version: 1.11.0
+      - explode: false
+        in: header
+        name: Accept-Language
+        required: false
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/VerifyFactorRequest'
+        required: false
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/VerifyUserFactorResponse'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Verify an MFA Factor
+      tags:
+      - UserFactor
+      x-codegen-request-body-name: body
+  /api/v1/users/{userId}/grants:
+    delete:
+      description: Revokes all grants for a specified user
+      operationId: revokeUserGrants
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Revoke all User Grants
+      tags:
+      - User
+    get:
+      description: Lists all grants for the specified user
+      operationId: listUserGrants
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: scopeId
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all User Grants
+      tags:
+      - User
+  /api/v1/users/{userId}/grants/{grantId}:
+    delete:
+      description: Revokes one grant for a specified user
+      operationId: revokeUserGrant
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: grantId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Revoke a User Grant
+      tags:
+      - User
+    get:
+      description: Retrieves a grant for the specified user
+      operationId: getUserGrant
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: grantId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: Retrieve a User Grant
+      tags:
+      - User
+  /api/v1/users/{userId}/groups:
+    get:
+      description: Lists all groups of which the user is a member
+      operationId: listUserGroups
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Group'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Groups
+      tags:
+      - User
+  /api/v1/users/{userId}/idps:
+    get:
+      description: Lists the IdPs associated with the user
+      operationId: listUserIdentityProviders
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/IdentityProvider'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Identity Providers
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/activate:
+    post:
+      description: Activates a user.  This operation can only be performed on users
+        with a `STAGED` status.  Activation of a user is an asynchronous operation.
+        The user will have the `transitioningToStatus` property with a value of `ACTIVE`
+        during activation to indicate that the user hasn't completed the asynchronous
+        operation.  The user will have a status of `ACTIVE` when the activation process
+        is complete.
+      operationId: activateUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Sends an activation email to the user if true
+        explode: true
+        in: query
+        name: sendEmail
+        required: true
+        schema:
+          default: true
+          type: boolean
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserActivationToken'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Activate a User
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/deactivate:
+    post:
+      description: "Deactivates a user. This operation can only be performed on users\
+        \ that do not have a `DEPROVISIONED` status. While the asynchronous operation\
+        \ (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's\
+        \ `transitioningToStatus` property is `DEPROVISIONED`. The user's status is\
+        \ `DEPROVISIONED` when the deactivation process is complete."
+      operationId: deactivateUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: sendEmail
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+        x-okta-added-version: 1.5.0
+      responses:
+        "200":
+          content: {}
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Deactivate a User
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/expire_password:
+    post:
+      description: Expires a user's password and transitions the user to the status
+        of `PASSWORD_EXPIRED` so that the user is required to change their password
+        at their next login
+      operationId: expirePassword
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Expire Password
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password:
+    post:
+      description: "Expires a user's password and transitions the user to the status\
+        \ of `PASSWORD_EXPIRED` so that the user is required to change their password\
+        \ at their next login, and also sets the user's password to a temporary password\
+        \ returned in the response"
+      operationId: expirePasswordAndGetTemporaryPassword
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TempPassword'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Expire Password and Set Temporary Password
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/reactivate:
+    post:
+      description: "Reactivates a user.  This operation can only be performed on users\
+        \ with a `PROVISIONED` status.  This operation restarts the activation workflow\
+        \ if for some reason the user activation was not completed when using the\
+        \ activationToken from [Activate User](#activate-user)."
+      operationId: reactivateUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Sends an activation email to the user if true
+        explode: true
+        in: query
+        name: sendEmail
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserActivationToken'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Reactivate a User
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/reset_factors:
+    post:
+      description: Resets all factors for the specified user. All MFA factor enrollments
+        returned to the unenrolled state. The user's status remains ACTIVE. This link
+        is present only if the user is currently enrolled in one or more MFA factors.
+      operationId: resetFactors
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Reset all Factors
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/reset_password:
+    post:
+      description: Generates a one-time token (OTT) that can be used to reset a user's
+        password.  The OTT link can be automatically emailed to the user or returned
+        to the API caller and distributed using a custom flow.
+      operationId: generateResetPasswordToken
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: sendEmail
+        required: true
+        schema:
+          type: boolean
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ResetPasswordToken'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Generate a Reset Password Token
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/suspend:
+    post:
+      description: Suspends a user.  This operation can only be performed on users
+        with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when
+        the process is complete.
+      operationId: suspendUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Suspend a User
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/unlock:
+    post:
+      description: Unlocks a user with a `LOCKED_OUT` status or unlocks a user with
+        an `ACTIVE` status that is blocked from unknown devices. Unlocked users have
+        an `ACTIVE` status and can sign in with their current password.
+      operationId: unlockUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Unlock a User
+      tags:
+      - User
+  /api/v1/users/{userId}/lifecycle/unsuspend:
+    post:
+      description: Unsuspends a user and returns them to the `ACTIVE` state.  This
+        operation can only be performed on users that have a `SUSPENDED` status.
+      operationId: unsuspendUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Unsuspend a User
+      tags:
+      - User
+  /api/v1/users/{userId}/linkedObjects/{relationshipName}:
+    delete:
+      description: "Deletes linked objects for a user, relationshipName can be ONLY\
+        \ a primary relationship name"
+      operationId: deleteLinkedObjectForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: relationshipName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Delete a Linked Object
+      tags:
+      - User
+    get:
+      description: "Lists all linked objects for a user, relationshipName can be a\
+        \ primary or associated relationship name"
+      operationId: listLinkedObjectsForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: relationshipName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/ResponseLinks'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Linked Objects
+      tags:
+      - User
+  /api/v1/users/{userId}/roles:
+    get:
+      description: Lists all roles assigned to a user identified by `userId`
+      operationId: listAssignedRolesForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: expand
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Role'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Roles assigned to a User
+      tags:
+      - RoleAssignment
+    post:
+      description: Assigns a role to a user identified by `userId`
+      operationId: assignRoleToUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Setting this to `true` grants the user third-party admin status
+        explode: true
+        in: query
+        name: disableNotifications
+        required: false
+        schema:
+          type: boolean
+        style: form
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AssignRoleRequest'
+        required: true
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+          description: Created
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign a Role to a User
+      tags:
+      - RoleAssignment
+      x-codegen-request-body-name: assignRoleRequest
+  /api/v1/users/{userId}/roles/{roleId}:
+    delete:
+      description: Unassigns a role identified by `roleId` from a user identified
+        by `userId`
+      operationId: unassignRoleFromUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign a Role from a User
+      tags:
+      - RoleAssignment
+    get:
+      description: Retrieves a role identified by `roleId` assigned to a user identified
+        by `userId`
+      operationId: getUserAssignedRole
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Role'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: Retrieve a Role assigned to a User
+      tags:
+      - RoleAssignment
+  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps:
+    get:
+      description: "Lists all App targets for an `APP_ADMIN` Role assigned to a User.\
+        \ This methods return list may include full Applications or Instances. The\
+        \ response for an instance will have an `ID` value, while Application will\
+        \ not have an ID."
+      operationId: listApplicationTargetsForApplicationAdministratorRoleForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/CatalogApplication'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Application Targets for Application Administrator Role
+      tags:
+      - RoleTarget
+    put:
+      description: Assigns all Apps as Target to Role
+      operationId: assignAllAppsAsTargetToRoleForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign all Apps as Target to Role
+      tags:
+      - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}:
+    delete:
+      description: Unassigns an application target from application administrator
+        role
+      operationId: unassignAppTargetFromAppAdminRoleForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign an Application Target from an Application Administrator Role
+      tags:
+      - RoleTarget
+    put:
+      description: Assigns an application target to administrator role
+      operationId: assignAppTargetToAdminRoleForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign an Application Target to Administrator Role
+      tags:
+      - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}:
+    delete:
+      description: Unassigns an application instance target from an application administrator
+        role
+      operationId: unassignAppInstanceTargetFromAdminRoleForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: applicationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign an Application Instance Target from an Application Administrator
+        Role
+      tags:
+      - RoleTarget
+    put:
+      description: Assigns anapplication instance target to appplication administrator
+        role
+      operationId: assignAppInstanceTargetToAppAdminRoleForUser
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: appName
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: applicationId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign an Application Instance Target to an Application Administrator
+        Role
+      tags:
+      - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/groups:
+    get:
+      description: Lists all group targets for role
+      operationId: listGroupTargetsForRole
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 20
+          format: int32
+          type: integer
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Group'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.read
+      summary: List all Group Targets for Role
+      tags:
+      - RoleTarget
+  /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}:
+    delete:
+      description: Unassigns a Group Target from Role
+      operationId: unassignGroupTargetFromUserAdminRole
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Unassign a Group Target from Role
+      tags:
+      - RoleTarget
+    put:
+      description: Assigns a Group Target to Role
+      operationId: assignGroupTargetToUserRole
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: roleId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: groupId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.roles.manage
+      summary: Assign a Group Target to Role
+      tags:
+      - RoleTarget
+  /api/v1/users/{userId}/sessions:
+    delete:
+      description: Revokes all active identity provider sessions of the user. This
+        forces the user to authenticate on the next operation. Optionally revokes
+        OpenID Connect and OAuth refresh and access tokens issued to the user.
+      operationId: revokeUserSessions
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Revoke issued OpenID Connect and OAuth refresh and access tokens
+        explode: true
+        in: query
+        name: oauthTokens
+        required: false
+        schema:
+          default: false
+          type: boolean
+        style: form
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Revoke all User Sessions
+      tags:
+      - User
+  /api/v1/users/{userId}/subscriptions:
+    get:
+      description: Lists all subscriptions of a user. Only lists subscriptions for
+        current user. An AccessDeniedException message is sent if requests are made
+        from other users.
+      operationId: listUserSubscriptions
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/Subscription'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Subscriptions
+      tags:
+      - Subscription
+  /api/v1/users/{userId}/subscriptions/{notificationType}:
+    get:
+      description: Lists all the subscriptions of a User with a specific notification
+        type. Only gets subscriptions for current user. An AccessDeniedException message
+        is sent if requests are made from other users.
+      operationId: listUserSubscriptionsByNotificationType
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: notificationType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Subscription'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.read
+      summary: List all Subscriptions by type
+      tags:
+      - Subscription
+  /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe:
+    post:
+      description: Subscribes a User to a specific notification type. Only the current
+        User can subscribe to a specific notification type. An AccessDeniedException
+        message is sent if requests are made from other users.
+      operationId: subscribeUserSubscriptionByNotificationType
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: notificationType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Subscribe to a specific notification type
+      tags:
+      - Subscription
+  /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe:
+    post:
+      description: Unsubscribes a User from a specific notification type. Only the
+        current User can unsubscribe from a specific notification type. An AccessDeniedException
+        message is sent if requests are made from other users.
+      operationId: unsubscribeUserSubscriptionByNotificationType
+      parameters:
+      - explode: false
+        in: path
+        name: userId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: notificationType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.users.manage
+      summary: Unsubscribe from a specific notification type
+      tags:
+      - Subscription
+  /api/v1/zones:
+    get:
+      description: "Lists all network zones with pagination. A subset of zones can\
+        \ be returned that match a supported filter expression or query.\n\nThis operation\
+        \ requires URL encoding. For example, `filter=(id eq \"nzoul0wf9jyb8xwZm0g3\"\
+        \ or id eq \"nzoul1MxmGN18NDQT0g3\")` is encoded as `filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29`.\n\
+        \nOkta supports filtering on the `id` and `usage` properties. See [Filtering](https://developer.okta.com/docs/reference/core-okta-api/#filter)\
+        \ for more information on the expressions that are used in filtering."
+      operationId: listNetworkZones
+      parameters:
+      - description: Specifies the pagination cursor for the next page of network
+          zones
+        explode: true
+        in: query
+        name: after
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Specifies the number of results for a page
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: -1
+          format: int32
+          type: integer
+        style: form
+      - description: Filters zones by usage or id expression
+        explode: true
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
+        style: form
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/NetworkZone'
+                type: array
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.networkZones.read
+      summary: List all Network Zones
+      tags:
+      - NetworkZone
+    post:
+      description: "Creates a new network zone.\n* At least one of either the `gateways`\
+        \ attribute or `proxies` attribute must be defined when creating a Network\
+        \ Zone.\n* At least one of the following attributes must be defined: `proxyType`,\
+        \ `locations`, or `asns`."
+      operationId: createNetworkZone
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/NetworkZone'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.networkZones.manage
+      summary: Create a Network Zone
+      tags:
+      - NetworkZone
+      x-codegen-request-body-name: zone
+  /api/v1/zones/{zoneId}:
+    delete:
+      description: Deletes network zone by `zoneId`
+      operationId: deleteNetworkZone
+      parameters:
+      - explode: false
+        in: path
+        name: zoneId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "204":
+          content: {}
+          description: No Content
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.networkZones.manage
+      summary: Delete a Network Zone
+      tags:
+      - NetworkZone
+    get:
+      description: Retrieves a network zone by `zoneId`
+      operationId: getNetworkZone
+      parameters:
+      - explode: false
+        in: path
+        name: zoneId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.networkZones.read
+      summary: Retrieve a Network Zone
+      tags:
+      - NetworkZone
+    put:
+      description: "Replaces a network zone by `zoneId`. The replaced network zone\
+        \ type must be the same as the existing type.\nYou may replace the usage (`POLICY`,\
+        \ `BLOCKLIST`) of a network zone by updating the `usage` attribute."
+      operationId: replaceNetworkZone
+      parameters:
+      - explode: false
+        in: path
+        name: zoneId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/NetworkZone'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+          description: Success
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.networkZones.manage
+      summary: Replace a Network Zone
+      tags:
+      - NetworkZone
+      x-codegen-request-body-name: zone
+  /api/v1/zones/{zoneId}/lifecycle/activate:
+    post:
+      description: Activates a network zone by `zoneId`
+      operationId: activateNetworkZone
+      parameters:
+      - explode: false
+        in: path
+        name: zoneId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.networkZones.manage
+      summary: Activate a Network Zone
+      tags:
+      - NetworkZone
+  /api/v1/zones/{zoneId}/lifecycle/deactivate:
+    post:
+      description: Deactivates a network zone by `zoneId`
+      operationId: deactivateNetworkZone
+      parameters:
+      - explode: false
+        in: path
+        name: zoneId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NetworkZone'
+          description: Success
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorResourceNotFound'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.networkZones.manage
+      summary: Deactivate a Network Zone
+      tags:
+      - NetworkZone
+  /attack-protection/api/v1/user-lockout-settings:
+    get:
+      description: Retrieves the User Lockout Settings for an org
+      operationId: getUserLockoutSettings
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                items:
+                  $ref: '#/components/schemas/UserLockoutSettings'
+                type: array
+          description: OK
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.read
+      summary: Retrieve the User Lockout Settings
+      tags:
+      - AttackProtection
+    put:
+      description: Replaces the User Lockout Settings for an org
+      operationId: replaceUserLockoutSettings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserLockoutSettings'
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/UserLockoutSettings'
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                API Validation Failed:
+                  $ref: '#/components/examples/ErrorApiValidationFailed'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              examples:
+                Access Denied:
+                  $ref: '#/components/examples/ErrorAccessDenied'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Forbidden
+        "429":
+          content:
+            application/json:
+              examples:
+                Resource Not Found:
+                  $ref: '#/components/examples/ErrorTooManyRequests'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Too Many Requests
+      security:
+      - apiToken: []
+      - oauth2:
+        - okta.orgs.manage
+      summary: Replace the User Lockout Settings
+      tags:
+      - AttackProtection
+      x-codegen-request-body-name: lockoutSettings
+components:
+  examples:
+    ApiTokenListMetadataResponse:
+      value:
+      - name: My API Token
+        userId: 00uabcdefg1234567890
+        tokenWindow: P30D
+        id: 00Tabcdefg1234567890
+        clientName: Okta API
+        expiresAt: 2021-12-11T20:38:10.000Z
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890"
+            hints:
+              allow:
+              - GET
+              - DELETE
+          user:
+            href: "https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890"
+            hints:
+              allow:
+              - GET
+      - name: Another API Token
+        userId: 00uabcdefg1234567890
+        tokenWindow: PT5M
+        id: 00T1234567890abcdefg
+        clientName: Okta API
+        expiresAt: 2021-11-11T20:43:10.000Z
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg"
+            hints:
+              allow:
+              - GET
+              - DELETE
+          user:
+            href: "https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890"
+            hints:
+              allow:
+              - GET
+    ApiTokenMetadataResponse:
+      value:
+        name: My API Token
+        userId: 00uXXXXXXXXXXXXXXXXX
+        tokenWindow: P30D
+        id: 00Tabcdefg1234567890
+        clientName: Okta API
+        expiresAt: 2021-12-11T20:38:10.000Z
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890"
+            hints:
+              allow:
+              - GET
+              - DELETE
+          user:
+            href: "https://{yourOktaDomain}/api/v1/users/00uXXXXXXXXXXXXXXXXX"
+            hints:
+              allow:
+              - GET
+    AppUserSchemaAddRequest:
+      value:
+        definitions:
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: User's username for twitter.com
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+            required: []
+    AppUserSchemaResponse:
+      value:
+        id: "https://{yourOktaDomain}/meta/schemas/apps/0oa25gejWwdXNnFH90g4/default"
+        $schema: http://json-schema.org/draft-04/schema#
+        name: Example App
+        title: Example App User
+        lastUpdated: 2017-07-18T23:18:43.000Z
+        created: 2017-07-18T22:35:30.000Z
+        definitions:
+          base:
+            id: '#base'
+            type: object
+            properties:
+              userName:
+                title: Username
+                type: string
+                required: true
+                scope: NONE
+                maxLength: 100
+            required:
+            - userName
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: User's username for twitter.com
+                type: string
+                scope: NONE
+                minLength: 1
+                maxLength: 20
+            required: []
+        type: object
+        properties:
+          profile:
+            allOf:
+            - $ref: '#/definitions/base'
+            - $ref: '#/definitions/custom'
+    AuthenticatorRequestDuo:
+      value:
+        key: duo
+        name: Duo Security
+        provider:
+          type: DUO
+          configuration:
+            userNameTemplate:
+              template: oktaId
+            integrationKey: testIntegrationKey
+            secretKey: testSecretKey
+            host: https://api-xxxxxxxx.duosecurity.com
+    AuthenticatorResponseDuo:
+      value:
+        type: app
+        id: aut9gnvcjUHIWb37J0g4
+        key: duo
+        status: ACTIVE
+        name: Duo Security
+        created: 2022-07-15T21:14:02.000Z
+        lastUpdated: 2022-07-15T21:14:02.000Z
+        settings: {}
+        provider:
+          type: DUO
+          configuration:
+            host: https://api-xxxxxxxx.duosecurity.com
+            userNameTemplate:
+              template: oktaId
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+          deactivate:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/lifecycle/deactivate"
+            hints:
+              allow:
+              - POST
+          methods:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/methods"
+            hints:
+              allow:
+              - GET
+    AuthenticatorResponseEmail:
+      value:
+        type: email
+        id: aut1nbsPHh7jNjjyP0g4
+        key: okta_email
+        status: ACTIVE
+        name: Email
+        created: 2020-07-26T21:05:23.000Z
+        lastUpdated: 2020-07-28T21:45:52.000Z
+        settings:
+          allowedFor: any
+          tokenLifetimeInMinutes: 5
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+          methods:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods"
+            hints:
+              allow:
+              - GET
+          deactivate:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate"
+            hints:
+              allow:
+              - POST
+    AuthenticatorResponsePassword:
+      value:
+        type: password
+        id: aut1nbtrJKKA9m45a0g4
+        key: okta_password
+        status: ACTIVE
+        name: Password
+        created: 2020-07-26T21:05:23.000Z
+        lastUpdated: 2020-07-26T21:05:23.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+          methods:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods"
+            hints:
+              allow:
+              - GET
+    AuthenticatorResponsePhone:
+      value:
+        type: phone
+        id: aut1nbuyD8m1ckAYc0g4
+        key: phone_number
+        status: INACTIVE
+        name: Phone
+        created: 2020-07-26T21:05:23.000Z
+        lastUpdated: 2020-07-29T00:21:29.000Z
+        settings:
+          allowedFor: none
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+          methods:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods"
+            hints:
+              allow:
+              - GET
+          activate:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate"
+            hints:
+              allow:
+              - POST
+    AuthenticatorResponseSecurityQuestion:
+      value:
+        type: security_question
+        id: aut1nbvIgEenhwE6c0g4
+        key: security_question
+        status: ACTIVE
+        name: Security Question
+        created: 2020-07-26T21:05:23.000Z
+        lastUpdated: 2020-07-26T21:05:23.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4"
+            hints:
+              allow:
+              - GET
+          methods:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/methods"
+            hints:
+              allow:
+              - GET
+          deactivate:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/lifecycle/deactivate"
+            hints:
+              allow:
+              - POST
+    AuthenticatorResponseWebAuthn:
+      value:
+        type: security_key
+        id: aut1nd8PQhGcQtSxB0g4
+        key: webauthn
+        status: ACTIVE
+        name: Security Key or Biometric
+        created: 2020-07-26T21:16:37.000Z
+        lastUpdated: 2020-07-27T18:59:30.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+          methods:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods"
+            hints:
+              allow:
+              - GET
+          deactivate:
+            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate"
+            hints:
+              allow:
+              - POST
+    AuthenticatorsResponse:
+      value:
+      - value:
+          type: email
+          id: aut1nbsPHh7jNjjyP0g4
+          key: okta_email
+          status: ACTIVE
+          name: Email
+          created: 2020-07-26T21:05:23.000Z
+          lastUpdated: 2020-07-28T21:45:52.000Z
+          settings:
+            allowedFor: any
+            tokenLifetimeInMinutes: 5
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4"
+              hints:
+                allow:
+                - GET
+                - PUT
+            methods:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods"
+              hints:
+                allow:
+                - GET
+            deactivate:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate"
+              hints:
+                allow:
+                - POST
+      - value:
+          type: password
+          id: aut1nbtrJKKA9m45a0g4
+          key: okta_password
+          status: ACTIVE
+          name: Password
+          created: 2020-07-26T21:05:23.000Z
+          lastUpdated: 2020-07-26T21:05:23.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4"
+              hints:
+                allow:
+                - GET
+                - PUT
+            methods:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods"
+              hints:
+                allow:
+                - GET
+      - value:
+          type: phone
+          id: aut1nbuyD8m1ckAYc0g4
+          key: phone_number
+          status: INACTIVE
+          name: Phone
+          created: 2020-07-26T21:05:23.000Z
+          lastUpdated: 2020-07-29T00:21:29.000Z
+          settings:
+            allowedFor: none
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4"
+              hints:
+                allow:
+                - GET
+                - PUT
+            methods:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods"
+              hints:
+                allow:
+                - GET
+            activate:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate"
+              hints:
+                allow:
+                - POST
+      - value:
+          type: security_key
+          id: aut1nd8PQhGcQtSxB0g4
+          key: webauthn
+          status: ACTIVE
+          name: Security Key or Biometric
+          created: 2020-07-26T21:16:37.000Z
+          lastUpdated: 2020-07-27T18:59:30.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4"
+              hints:
+                allow:
+                - GET
+                - PUT
+            methods:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods"
+              hints:
+                allow:
+                - GET
+            deactivate:
+              href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate"
+              hints:
+                allow:
+                - POST
+    BehaviorRuleRequest:
+      value:
+        name: My Behavior Rule
+        type: VELOCITY
+    BehaviorRuleResponse:
+      value:
+        id: abcd1234
+        name: My Behavior Rule
+        type: VELOCITY
+        settings:
+          velocityKph: 805
+        status: ACTIVE
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _link:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
+            hints:
+              allow:
+              - GET
+              - POST
+              - PUT
+              - DELETE
+    CAPTCHAInstanceRequestHCaptcha:
+      value:
+        name: myHCaptcha
+        secretKey: xxxxxxxxxxx
+        siteKey: xxxxxxxxxxx
+        type: HCAPTCHA
+    CAPTCHAInstanceRequestReCaptcha:
+      value:
+        name: myReCaptcha
+        secretKey: xxxxxxxxxxx
+        siteKey: yyyyyyyyyyyyyyy
+        type: RECAPTCHA_V2
+    CAPTCHAInstanceResponseHCaptcha:
+      value:
+        id: abcd1234
+        name: myHCaptcha
+        siteKey: xxxxxxxxxxx
+        type: HCAPTCHA
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas/abcd1234
+            hints:
+              allow:
+              - GET
+              - POST
+              - PUT
+              - DELETE
+    CAPTCHAInstanceResponseReCaptcha:
+      value:
+        id: abcd4567
+        name: myReCaptcha
+        siteKey: yyyyyyyyyyyyyyy
+        type: RECAPTCHA_V2
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
+            hints:
+              allow:
+              - GET
+              - POST
+              - PUT
+              - DELETE
+    CreateBrandDomainRequest:
+      value:
+        domainId: OcD11vyscTlIkpC7i0g4
+    CreateBrandRequest:
+      value:
+        name: My Awesome Brand
+    CreateBrandResponse:
+      value:
+        id: bnd114iNkrcN6aR680g5
+        removePoweredByOkta: false
+        customPrivacyPolicyUrl: null
+        name: My Awesome Brand
+        isDefault: false
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          themes:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5/themes"
+            hints:
+              allow:
+              - GET
+    CreateEmailDomainRequest:
+      value:
+        displayName: Admin
+        username: admin
+        domain: example.com
+        brandId: bnd100iSrkcN6aR680g1
+    CreateUpdateEmailCustomizationRequest:
+      value:
+        language: fr
+        subject: "Bienvenue dans ${org.name}!"
+        body: "<!DOCTYPE html><html><body><p>Bonjour ${user.profile.firstName}. <a\
+          \ href=\"${activationLink}\">Activer le compte</a></p></body></html>"
+        isDefault: false
+    CreateUpdateEmailCustomizationResponse:
+      value:
+        language: fr
+        subject: "Bienvenue dans ${org.name}!"
+        body: "<!DOCTYPE html><html><body><p>Bonjour ${user.profile.firstName}. <a\
+          \ href=\"${activationLink}\">Activer le compte</a></p></body></html>"
+        isDefault: false
+        id: oel11u6DqUiMbQkpl0g4
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          template:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          preview:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview"
+            hints:
+              allow:
+              - GET
+          test:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
+            hints:
+              allow:
+              - POST
+    DeviceAssuranceAndroidRequest:
+      summary: Android request
+      value:
+        name: Device Assurance Android
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+          - USER
+          - FULL
+        jailbreak: false
+        platform: ANDROID
+        screenLockType:
+          include:
+          - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceIosRequest:
+      summary: iOS request
+      value:
+        name: Device Assurance iOS
+        osVersion:
+          minimum: 12.4.5
+        jailbreak: false
+        platform: IOS
+        screenLockType:
+          include:
+          - BIOMETRIC
+    DeviceAssuranceMacOSRequest:
+      summary: macOS request
+      value:
+        name: Device Assurance macOS
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceWindowsRequest:
+      summary: Windows request
+      value:
+        name: Device Assurance Windows
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+    DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest:
+      summary: macOS with third-party signal providers request
+      value:
+        name: Device Assurance macOS
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain": testDomain
+            builtInDnsClientEnabled": true
+            chromeRemoteDesktopAppBlocked": true
+            safeBrowsingProtectionLevel": true
+            siteIsolationEnabled": true
+            passwordProtectionWarningTrigger": PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode": true
+      x-okta-lifecycle:
+        features:
+        - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+    DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest:
+      summary: Windows with third-party signal providers request
+      value:
+        name: Device Assurance Windows
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            secureBootEnabled: true
+            windowsMachineDomain: testMachineDomain
+            windowsUserDomain: testUserDomain
+            thirdPartyBlockingEnabled: true
+            crowdStrikeCustomerId: testCustomerId
+            crowdStrikeAgentId": testAgentId
+            keyTrustLevel: CHROME_BROWSER_HW_KEY
+      x-okta-lifecycle:
+        features:
+        - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+    DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest:
+      summary: ChromeOS with third-party signal providers request
+      value:
+        name: Device Assurance ChromeOS
+        platform: CHROMEOS
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            allowScreenLock: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            keyTrustLevel: CHROME_OS_VERIFIED_MODE
+      x-okta-lifecycle:
+        features:
+        - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+    DeviceAssuranceAndroidResponse:
+      summary: Android response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Android
+        lastUpdate: 2022-01-01T00:00:00.000Z
+        createdUpdate: 2022-01-01T00:00:00.000Z
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+          - USER
+          - FULL
+        jailbreak: false
+        platform: ANDROID
+        screenLockType:
+          include:
+          - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+    DeviceAssuranceIosResponse:
+      summary: iOS response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance iOS
+        lastUpdate: 2022-01-01T00:00:00.000Z
+        createdUpdate: 2022-01-01T00:00:00.000Z
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        jailbroken: false
+        platform: IOS
+        screenLockType:
+          include:
+          - BIOMETRIC
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+    DeviceAssuranceMacOSResponse:
+      summary: macOS response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance macOS
+        lastUpdate: 2022-01-01T00:00:00.000Z
+        createdUpdate: 2022-01-01T00:00:00.000Z
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+    DeviceAssuranceWindowsResponse:
+      summary: Windows response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Windows
+        lastUpdate: 2022-01-01T00:00:00.000Z
+        createdUpdate: 2022-01-01T00:00:00.000Z
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+    DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse:
+      summary: macOS with third-party signal providers response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance macOS
+        lastUpdate: 2022-01-01T00:00:00.000Z
+        createdUpdate: 2022-01-01T00:00:00.000Z
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: MACOS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            keyTrustLevel: CHROME_BROWSER_HW_KEY
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+      x-okta-lifecycle:
+        features:
+        - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+    DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse:
+      summary: Windows with third-party signal providers response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance Windows
+        lastUpdate: 2022-01-01T00:00:00.000Z
+        createdUpdate: 2022-01-01T00:00:00.000Z
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        osVersion:
+          minimum: 12.4.5.9
+        diskEncryptionType:
+          include:
+          - ALL_INTERNAL_VOLUMES
+        platform: WINDOWS
+        screenLockType:
+          include:
+          - PASSCODE
+          - BIOMETRIC
+        secureHardwarePresent: true
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            secureBootEnabled: true
+            windowsMachineDomain: testMachineDomain
+            windowsUserDomain: testUserDomain
+            thirdPartyBlockingEnabled: true
+            crowdStrikeCustomerId: testCustomerId
+            crowdStrikeAgentId": testAgentId
+            keyTrustLevel: CHROME_BROWSER_HW_KEY
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+      x-okta-lifecycle:
+        features:
+        - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+    DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse:
+      summary: ChromeOS with third-party signal providers response
+      value:
+        id: dae3m8o4rWhwReDeM1c5
+        name: Device Assurance ChromeOS
+        lastUpdate: 2022-01-01T00:00:00.000Z
+        createdUpdate: 2022-01-01T00:00:00.000Z
+        lastUpdatedBy: 00u217pyf72CdUrBt1c5
+        createdBy: 00u217pyf72CdUrBt1c5
+        platform: CHROMEOS
+        thirdPartySignalProviders:
+          dtc:
+            osVersion:
+              minimum: 10.0.19041.1110
+            diskEncrypted: true
+            osFirewall: true
+            screenLockSecured: true
+            allowScreenLock: true
+            browserVersion:
+              minimum: 15393.27.0
+            deviceEnrollmentDomain: testDomain
+            builtInDnsClientEnabled: true
+            chromeRemoteDesktopAppBlocked: true
+            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+            siteIsolationEnabled: true
+            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+            realtimeUrlCheckMode: true
+            keyTrustLevel: CHROME_OS_VERIFIED_MODE
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+      x-okta-lifecycle:
+        features:
+        - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+    DeviceResponse:
+      value:
+        id: guo8jx5vVoxfvJeLb0w4
+        status: ACTIVE
+        created: 2020-11-03T21:47:01.000Z
+        lastUpdated: 2020-11-03T23:46:27.000Z
+        profile:
+          displayName: DESKTOP-EHAD3IE
+          platform: WINDOWS
+          manufacturer: International Corp
+          model: "VMware7,1"
+          osVersion: 10.0.18362
+          serialNumber: 56 4d 4f 95 74 c5 d3 e7-fc 3a 57 9c c2 f8 5d ce
+          udid: 954F4D56-C574-E7D3-FC3A-579CC2F85DCE
+          sid: S-1-5-21-3992267483-1860856704-2413701314-500
+          registered: true
+          secureHardwarePresent: false
+        resourceId: guo8jx5vVoxfvJeLb0w4
+        resourceDisplayName:
+          value: DESKTOP-EHAD3IE
+          sensitive: false
+        resourceType: UDDevice
+        resourceAlternateId: null
+        _links:
+          suspend:
+            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/suspend"
+            hints:
+              allow:
+              - POST
+          self:
+            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4"
+            hints:
+              allow:
+              - GET
+              - PATCH
+              - PUT
+          users:
+            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/users"
+            hints:
+              allow:
+              - GET
+          deactivate:
+            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/deactivate"
+            hints:
+              allow:
+              - POST
+    EmailCustomizationResponse:
+      value:
+        language: en
+        isDefault: true
+        subject: "Welcome to ${org.name}!"
+        body: "<!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click\
+          \ <a href=\"${activationLink}\">here</a> to activate your account.</body></html>"
+        id: oel11u6DqUiMbQkpl0g4
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          template:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          preview:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview"
+            hints:
+              allow:
+              - GET
+          test:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
+            hints:
+              allow:
+              - POST
+    EmailSettingsResponse:
+      value:
+        recipients: ALL_USERS
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
+            hints:
+              allow:
+              - GET
+              - PUT
+          template:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+    EmailTemplateDefaultContentResponse:
+      value:
+        subject: "Welcome to ${org.name}!"
+        body: "<!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click\
+          \ <a href=\"${activationLink}\">here</a> to activate your account.</body></html>"
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content"
+            hints:
+              allow:
+              - GET
+          template:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          preview:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview"
+            hints:
+              allow:
+              - GET
+    ErrorAccessDenied:
+      value:
+        errorCode: E0000006
+        errorSummary: You do not have permission to perform the requested action
+        errorLink: E0000006
+        errorId: sampleNUSD_8fdkFd8fs8SDBK
+        errorCauses: []
+    ErrorApiValidationFailed:
+      value:
+        errorCode: E0000001
+        errorSummary: "Api validation failed: {0}"
+        errorLink: E0000001
+        errorId: sampleiCF-8D5rLW6myqiPItW
+        errorCauses: []
+    ErrorCAPTCHALimitOfOne:
+      value:
+        errorCode: E0000165
+        errorSummary: CAPTCHA count limit reached. At most one CAPTCHA instance is
+          allowed per Org.
+        errorLink: E0000165
+        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
+        errorCauses: []
+    ErrorCAPTCHAOrgWideSetting:
+      value:
+        errorCode: E0000149
+        errorSummary: "Current CAPTCHA is associated with org-wide settings, cannot\
+          \ be removed."
+        errorLink: E0000149
+        errorId: samplezsusshPdiTWiITwqBt8
+        errorCauses: []
+    ErrorCreateUserWithExpiredPasswordWithNullPassword:
+      value:
+        errorCode: E0000124
+        errorSummary: "Could not create user. To create a user and expire their password\
+          \ immediately, a password must be specified"
+        errorLink: E0000124
+        errorId: oaeXxuZgXBySvqi1FvtkwoYCA
+        errorCauses:
+        - errorSummary: "Could not create user. To create a user and expire their\
+            \ password immediately, a password must be specified"
+    ErrorCreateUserWithExpiredPasswordWithoutActivation:
+      value:
+        errorCode: E0000125
+        errorSummary: "Could not create user. To create a user and expire their password\
+          \ immediately, \"activate\" must be true"
+        errorLink: E0000125
+        errorId: oaeDd77L9R-TJaD7j_rXsQ31w
+        errorCauses:
+        - errorSummary: "Could not create user. To create a user and expire their\
+            \ password immediately, \"activate\" must be true"
+    ErrorCreateUserWithTooManyManyGroupsResponse:
+      value:
+        errorCode: E0000093
+        errorSummary: Target count limit exceeded
+        errorLink: E0000093
+        errorId: oaePVSLIYnIQsC0B-ptBIllVA
+        errorCauses:
+        - errorSummary: The number of group targets is too large.
+    ErrorDeleteBrandAssociatedWithDomain:
+      value:
+        errorCode: E0000201
+        errorSummary: A brand associated with a domain cannot be deleted
+        errorLink: E0000201
+        errorId: oaeAdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorDeleteDefaultBrand:
+      value:
+        errorCode: E0000200
+        errorSummary: A default brand cannot be deleted
+        errorLink: E0000200
+        errorId: oaeAdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorDeviceAssuranceInUse:
+      value:
+        errorSummary: Device assurance is in use and cannot be deleted.
+        errorId: oaenwA1ra80S9W-pvbh4m6haA
+        errorCauses: []
+    ErrorEmailCustomizationCannotClearDefault:
+      value:
+        errorCode: E0000185
+        errorSummary: The isDefault parameter of the default email template customization
+          can't be set to false.
+        errorLink: E0000185
+        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
+        errorCauses: []
+    ErrorEmailCustomizationCannotDeleteDefault:
+      value:
+        errorCode: E0000184
+        errorSummary: A default email template customization can't be deleted.
+        errorLink: E0000184
+        errorId: oaeAdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorEmailCustomizationDefaultAlreadyExists:
+      value:
+        errorCode: E0000182
+        errorSummary: A default email template customization already exists.
+        errorLink: E0000182
+        errorId: oaeXYwTiMvASsC3O4HCzjFaCA
+        errorCauses: []
+    ErrorEmailCustomizationLanguageAlreadyExists:
+      value:
+        errorCode: E0000183
+        errorSummary: An email template customization for that language already exists.
+        errorLink: E0000183
+        errorId: oaeUcGELffqRay0u1OPdnPypw
+        errorCauses: []
+    ErrorEmailDomainAlreadyExists:
+      value:
+        errorCode: E0000197
+        errorSummary: Email domain already exists.
+        errorLink: E0000197
+        errorId: oaeEdRqprFuTyKokyYPbURJkA
+        errorCauses: []
+    ErrorEmailDomainInUse:
+      value:
+        errorCode: E0000216
+        errorSummary: Email domain can't be deleted due to mail provider restrictions.
+        errorLink: E0000216
+        errorId: oaeEdRqprFuTyKokyYPbURJkB
+        errorCauses: []
+    ErrorEmailDomainInvalidStatus:
+      value:
+        errorCode: E0000217
+        errorSummary: Invalid status. Can't validate email domain with current status.
+        errorLink: E0000217
+        errorId: oaeEdRqprFuTyKokyYPbURJkD
+        errorCauses: []
+    ErrorEmailDomainNotVerified:
+      value:
+        errorCode: E0000218
+        errorSummary: Email domain couldn't be verified by mail provider.
+        errorLink: E0000218
+        errorId: oaeEdRqprFuTyKokyYPbURJkC
+        errorCauses: []
+    ErrorInvalidEmailTemplateRecipients:
+      value:
+        errorCode: E0000189
+        errorSummary: This template does not support the recipients value.
+        errorLink: E0000189
+        errorId: oae8L1-UkcNTeGi5xVQ28_lww
+        errorCauses: []
+    ErrorLinkDefaultBrand:
+      value:
+        errorCode: E0000203
+        errorSummary: Failed to associate this domain with the given brandId
+        errorLink: E0000203
+        errorId: oaeAdRqprFuTyKokyYPbURJkA
+        errorCauses:
+        - errorSummary: The default brand cannot be mapped to a domain
+    ErrorPushProviderUsedByCustomAppAuthenticator:
+      value:
+        errorCode: E0000187
+        errorSummary: Cannot delete push provider because it is being used by a custom
+          app authenticator.
+        errorLink: E0000187
+        errorId: oaenwA1ra80S9W-pvbh4m6haA
+        errorCauses: []
+    ErrorResourceNotFound:
+      value:
+        errorCode: E0000007
+        errorSummary: "Not found: {0}"
+        errorLink: E0000007
+        errorId: sampleMlLvGUj_YD5v16vkYWY
+        errorCauses: []
+    ErrorTooManyRequests:
+      value:
+        errorCode: E0000047
+        errorSummary: You exceeded the maximum number of requests. Try again in a
+          while.
+        errorLink: E0000047
+        errorId: sampleQPivGUj_ND5v78vbYWW
+        errorCauses: []
+    GetBrandResponse:
+      value:
+        id: bnd114iNkrcN6aR680g4
+        removePoweredByOkta: false
+        customPrivacyPolicyUrl: null
+        name: Okta Default
+        isDefault: true
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          themes:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes"
+            hints:
+              allow:
+              - GET
+    GetEmailTemplateResponse:
+      value:
+        name: UserActivation
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          settings:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
+            hints:
+              allow:
+              - GET
+              - PUT
+          defaultContent:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content"
+            hints:
+              allow:
+              - GET
+          customizations:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations"
+            hints:
+              allow:
+              - GET
+              - POST
+              - DELETE
+          test:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
+            hints:
+              allow:
+              - POST
+    GroupSchemaAddRequest:
+      value:
+        definitions:
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              groupContact:
+                title: Group administrative contact
+                description: Group administrative contact
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+                permissions:
+                - principal: SELF
+                  action: READ_WRITE
+            required: []
+    GroupSchemaResponse:
+      value:
+        $schema: http://json-schema.org/draft-04/schema#
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/meta/schemas/group/default"
+            method: GET
+            rel: self
+        created: 2021-01-30T00:18:24.000Z
+        definitions:
+          base:
+            id: '#base'
+            properties: {}
+            required:
+            - name
+            type: object
+          custom:
+            id: '#custom'
+            properties:
+              groupContact:
+                description: Group administrative contact
+                master:
+                  type: PROFILE_MASTER
+                mutability: READ_WRITE
+                permissions:
+                - action: READ_WRITE
+                  principal: SELF
+                scope: NONE
+                title: Group administrative contact
+                type: string
+            required: []
+            type: object
+        description: Okta group profile template
+        id: "https://{yourOktaDomain}/meta/schemas/group/default"
+        lastUpdated: 2021-02-25T23:05:31.000Z
+        name: group
+        properties:
+          profile:
+            allOf:
+            - $ref: '#/definitions/custom'
+            - $ref: '#/definitions/base'
+        title: Okta group
+        type: object
+    LinkBrandDomain:
+      value:
+        domainId: OcD11vyscTlIkpC7i0g4
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/domains/OcD11vyscTlIkpC7i0g4"
+            hints:
+              allow:
+              - PUT
+              - DELETE
+          brand:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          domain:
+            href: "https://{yourOktaDomain}/api/v1/domains/OcD11vyscTlIkpC7i0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+    ListBrandsResponse:
+      value:
+      - id: bnd114iNkrcN6aR680g4
+        name: Okta Default
+        isDefault: true
+        removePoweredByOkta: false
+        customPrivacyPolicyUrl: null
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          themes:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes"
+            hints:
+              allow:
+              - GET
+    ListEmailCustomizationResponse:
+      value:
+      - language: en
+        isDefault: true
+        subject: "Welcome to ${org.name}!"
+        body: "<!DOCTYPE html><html><body><p>Hello, ${user.profile.firstName}. Click\
+          \ <a href=\"${activationLink}\">here</a> to activate your account.</body></html>"
+        id: oel11u6DqUiMbQkpl0g4
+        created: 2021-11-09T20:38:10.000Z
+        lastUpdated: 2021-11-11T20:38:10.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          template:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          preview:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview"
+            hints:
+              allow:
+              - GET
+          test:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
+            hints:
+              allow:
+              - POST
+    ListEmailTemplateResponse:
+      value:
+      - name: UserActivation
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          settings:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
+            hints:
+              allow:
+              - GET
+              - PUT
+          defaultContent:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content"
+            hints:
+              allow:
+              - GET
+          customizations:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations"
+            hints:
+              allow:
+              - GET
+              - POST
+              - DELETE
+          test:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
+            hints:
+              allow:
+              - POST
+    ListSessionsResponse:
+      value:
+      - id: uij4ri8ZLk0ywyqxB0g4
+        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+        status: CREATED
+        importType: INCREMENTAL
+    ListUserBlocksAnyDevicesResponse:
+      value:
+      - type: DEVICE_BASED
+        appliesTo: ANY_DEVICES
+    ListUserBlocksUnknownDevicesResponse:
+      value:
+      - type: DEVICE_BASED
+        appliesTo: UNKNOWN_DEVICES
+    ListUsersResponse:
+      value:
+      - id: 00u118oQYT4TBGuay0g4
+        status: ACTIVE
+        created: 2022-04-04T15:56:05.000Z
+        activated: null
+        statusChanged: null
+        lastLogin: 2022-05-04T19:50:52.000Z
+        lastUpdated: 2022-05-05T18:15:44.000Z
+        passwordChanged: 2022-04-04T16:00:22.000Z
+        type:
+          id: oty1162QAr8hJjTaq0g4
+        profile:
+          firstName: Alice
+          lastName: Smith
+          mobilePhone: null
+          secondEmail: null
+          login: alice.smith@example.com
+          email: alice.smith@example.com
+        credentials:
+          password: {}
+          provider:
+            type: OKTA
+            name: OKTA
+        _links:
+          self:
+            href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
+    LogStreamRequest:
+      value:
+        type: aws_eventbridge
+        name: Example AWS EventBridge
+        settings:
+          eventSourceName: your-event-source-name
+          accountId: "123456789012"
+          region: us-east-2
+    LogStreamResponse:
+      value:
+        id: 0oa1orqUGCIoCGNxf0g4
+        type: aws_eventbridge
+        name: Example AWS EventBridge
+        lastUpdated: 2021-10-21T16:55:30.000Z
+        created: 2021-10-21T16:55:29.000Z
+        status: ACTIVE
+        settings:
+          accountId: "123456789012"
+          eventSourceName: your-event-source-name
+          region: us-east-2
+        _links:
+          self:
+            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4"
+            method: GET
+          deactivate:
+            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate"
+            method: POST
+    LogStreamSchemaAws:
+      value:
+        $schema: https://json-schema.org/draft/2020-12/schema
+        $id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge"
+        title: AWS EventBridge
+        type: object
+        properties:
+          settings:
+            description: Configuration properties specific to AWS EventBridge
+            type: object
+            properties:
+              accountId:
+                title: AWS Account ID
+                description: Your Amazon AWS Account ID.
+                type: string
+                writeOnce: true
+                pattern: "^\\d{12}$"
+              eventSourceName:
+                title: AWS Event Source Name
+                description: An alphanumeric name (no spaces) to identify this event
+                  source in AWS EventBridge.
+                type: string
+                writeOnce: true
+                pattern: "^[\\.\\-_A-Za-z0-9]{1,75}$"
+              region:
+                title: AWS Region
+                description: The destination AWS region for your system log events.
+                type: string
+                writeOnce: true
+                oneOf:
+                - title: US East (Ohio)
+                  const: us-east-2
+                - title: US East (N. Virginia)
+                  const: us-east-1
+                - title: US West (N. California)
+                  const: us-west-1
+                - title: US West (Oregon)
+                  const: us-west-2
+                - title: Canada (Central)
+                  const: ca-central-1
+                - title: Europe (Frankfurt)
+                  const: eu-central-1
+                - title: Europe (Ireland)
+                  const: eu-west-1
+                - title: Europe (London)
+                  const: eu-west-2
+                - title: Europe (Paris)
+                  const: eu-west-3
+                - title: Europe (Milan)
+                  const: eu-south-1
+                - title: Europe (Stockholm)
+                  const: eu-north-1
+            required:
+            - eventSourceName
+            - accountId
+            - region
+            errorMessage:
+              properties:
+                accountId: Account number must be 12 digits.
+                eventSourceName: "Event source name can use numbers, letters, the\
+                  \ symbols \".\", \"-\" or \"_\". It must use fewer than 76 characters."
+          name:
+            title: Name
+            description: A name for this log stream in Okta
+            type: string
+            writeOnce: false
+            pattern: "^.{1,100}$"
+        required:
+        - name
+        - settings
+        errorMessage:
+          properties:
+            name: Name can't exceed 100 characters.
+    LogStreamSchemaList:
+      value:
+      - $schema: https://json-schema.org/draft/2020-12/schema
+        $id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge"
+        title: AWS EventBridge
+        type: object
+        properties:
+          settings:
+            description: Configuration properties specific to AWS EventBridge
+            type: object
+            properties:
+              accountId:
+                title: AWS Account ID
+                description: Your Amazon AWS Account ID.
+                type: string
+                writeOnce: true
+                pattern: "^\\d{12}$"
+              eventSourceName:
+                title: AWS Event Source Name
+                description: An alphanumeric name (no spaces) to identify this event
+                  source in AWS EventBridge.
+                type: string
+                writeOnce: true
+                pattern: "^[\\.\\-_A-Za-z0-9]{1,75}$"
+              region:
+                title: AWS Region
+                description: The destination AWS region for your system log events.
+                type: string
+                writeOnce: true
+                oneOf:
+                - title: US East (Ohio)
+                  const: us-east-2
+                - title: US East (N. Virginia)
+                  const: us-east-1
+                - title: US West (N. California)
+                  const: us-west-1
+                - title: US West (Oregon)
+                  const: us-west-2
+                - title: Canada (Central)
+                  const: ca-central-1
+                - title: Europe (Frankfurt)
+                  const: eu-central-1
+                - title: Europe (Ireland)
+                  const: eu-west-1
+                - title: Europe (London)
+                  const: eu-west-2
+                - title: Europe (Paris)
+                  const: eu-west-3
+                - title: Europe (Milan)
+                  const: eu-south-1
+                - title: Europe (Stockholm)
+                  const: eu-north-1
+            required:
+            - eventSourceName
+            - accountId
+            - region
+            errorMessage:
+              properties:
+                accountId: Account number must be 12 digits.
+                eventSourceName: "Event source name can use numbers, letters, the\
+                  \ symbols \".\", \"-\" or \"_\". It must use fewer than 76 characters."
+          name:
+            title: Name
+            description: A name for this log stream in Okta
+            type: string
+            writeOnce: false
+            pattern: "^.{1,100}$"
+        required:
+        - name
+        - settings
+        errorMessage:
+          properties:
+            name: Name can't exceed 100 characters.
+      - $schema: https://json-schema.org/draft/2020-12/schema
+        $id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming"
+        title: Splunk Cloud
+        type: object
+        properties:
+          settings:
+            description: Configuration properties specific to Splunk Cloud
+            type: object
+            properties:
+              host:
+                title: Host
+                description: "The domain for your Splunk Cloud instance without http\
+                  \ or https. For example: acme.splunkcloud.com"
+                type: string
+                writeOnce: false
+                pattern: "^([a-z0-9]+(-[a-z0-9]+)*){1,100}\\.splunkcloud(gc|fed)?\\\
+                  .com$"
+              token:
+                title: HEC Token
+                description: The token from your Splunk Cloud HTTP Event Collector
+                  (HEC).
+                type: string
+                writeOnce: false
+                pattern: "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"
+            required:
+            - host
+            - token
+            errorMessage:
+              properties:
+                host: "Host should be a domain without http or https. For example:\
+                  \ acme.splunkcloud.com"
+          name:
+            title: Name
+            description: A name for this log stream in Okta
+            type: string
+            writeOnce: false
+            pattern: "^.{1,100}$"
+        required:
+        - name
+        - settings
+        errorMessage:
+          properties:
+            name: Name can't exceed 100 characters.
+    LogStreamSchemaSplunk:
+      value:
+        $schema: https://json-schema.org/draft/2020-12/schema
+        $id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming"
+        title: Splunk Cloud
+        type: object
+        properties:
+          settings:
+            description: Configuration properties specific to Splunk Cloud
+            type: object
+            properties:
+              host:
+                title: Host
+                description: "The domain for your Splunk Cloud instance without http\
+                  \ or https. For example: acme.splunkcloud.com"
+                type: string
+                writeOnce: false
+                pattern: "^([a-z0-9]+(-[a-z0-9]+)*){1,100}\\.splunkcloud(gc|fed)?\\\
+                  .com$"
+              token:
+                title: HEC Token
+                description: The token from your Splunk Cloud HTTP Event Collector
+                  (HEC).
+                type: string
+                writeOnce: false
+                pattern: "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"
+            required:
+            - host
+            - token
+            errorMessage:
+              properties:
+                host: "Host should be a domain without http or https. For example:\
+                  \ acme.splunkcloud.com"
+          name:
+            title: Name
+            description: A name for this log stream in Okta
+            type: string
+            writeOnce: false
+            pattern: "^.{1,100}$"
+        required:
+        - name
+        - settings
+        errorMessage:
+          properties:
+            name: Name can't exceed 100 characters.
+    PerClientRateLimitSettingsEnforceDefault:
+      value:
+        defaultMode: ENFORCE
+    PerClientRateLimitSettingsEnforceDefaultWithOverrides:
+      value:
+        defaultMode: ENFORCE
+        useCaseModeOverrides:
+          OAUTH2_AUTHORIZE: PREVIEW
+          OIE_APP_INTENT: DISABLE
+    PerClientRateLimitSettingsPreviewDefaultWithOverrides:
+      value:
+        defaultMode: PREVIEW
+        useCaseModeOverrides:
+          LOGIN_PAGE: ENFORCE
+    PermissionResponse:
+      value:
+        label: okta.users.manage
+        created: 2021-02-06T16:20:57.000Z
+        lastUpdated: 2021-02-06T16:20:57.000Z
+        _links:
+          role:
+            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
+          self:
+            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.manage"
+    PermissionsResponse:
+      value:
+        permissions:
+        - label: okta.users.create
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            role:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.create"
+        - label: okta.users.read
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            role:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read"
+        - label: okta.groups.read
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            role:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.groups.read"
+        - label: okta.users.userprofile.manage
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            role:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.userprofile.manage"
+    PreviewEmailCustomizationResponse:
+      value:
+        subject: Welcome to Okta!
+        body: "<!DOCTYPE html><html><body><p>Hello, John. Click <a href=\"https://{yourOktaDomain}/...\"\
+          >here</a> to activate your account.</body></html>"
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel2kk1zYJBJbeaGo0g4/preview"
+            hints:
+              allow:
+              - GET
+          template:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          test:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
+            hints:
+              allow:
+              - POST
+    PreviewEmailTemplateDefaultContentResponse:
+      value:
+        subject: Welcome to Okta!
+        body: "<!DOCTYPE html><html><body><p>Hello, John. Click <a href=\"https://{yourOktaDomain}/...\"\
+          >here</a> to activate your account.</body></html>"
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview"
+            hints:
+              allow:
+              - GET
+          template:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
+            hints:
+              allow:
+              - GET
+          defaultContent:
+            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test/default-content"
+            hints:
+              allow:
+              - POST
+    PrincipalRateLimitEntityRequestEmptyPercentages:
+      value:
+        principalId: token1234
+        principalType: SSWS_TOKEN
+    PrincipalRateLimitEntityRequestSSWSToken:
+      value:
+        principalId: token1234
+        principalType: SSWS_TOKEN
+        defaultPercentage: 50
+        defaultConcurrencyPercentage: 75
+    PrincipalRateLimitEntityResponseSSWSToken:
+      value:
+        id: abcd1234
+        orgId: org1234
+        principalId: token1234
+        principalType: SSWS_TOKEN
+        defaultPercentage: 50
+        defaultConcurrencyPercentage: 75
+        createdDate: 2022-05-19T20:05:32.720Z
+        createdBy: user1234
+        lastUpdate: 2022-05-20T21:13:07.410Z
+        lastUpdatedBy: user4321
+    PushProviderAPNsRequest:
+      value:
+        name: APNs Example
+        providerType: APNS
+        configuration:
+          keyId: KEY_ID
+          teamId: TEAM_ID
+          tokenSigningKey: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE
+            KEY-----\n'
+          fileName: fileName.p8
+    PushProviderAPNsResponse:
+      value:
+        id: ppctekcmngGaqeiBxB0g4
+        name: APNs Example
+        providerType: APNS
+        lastUpdatedDate: 2022-01-01T00:00:00.000Z
+        configuration:
+          keyId: KEY_ID
+          teamId: TEAM_ID
+          fileName: fileName.p8
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+    PushProviderFCMRequest:
+      value:
+        name: FCM Example
+        providerType: FCM
+        configuration:
+          serviceAccountJson:
+            type: service_account
+            project_id: PROJECT_ID
+            private_key_id: KEY_ID
+            private_key: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE
+              KEY-----\n'
+            client_email: SERVICE_ACCOUNT_EMAIL
+            client_id: CLIENT_ID
+            auth_uri: https://accounts.google.com/o/oauth2/auth
+            token_uri: https://accounts.google.com/o/oauth2/token
+            auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
+            client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL
+          fileName: fileName.json
+    PushProviderFCMResponse:
+      value:
+        id: ppctekcmngGaqeiBxB0g4
+        name: FCM Example
+        providerType: FCM
+        lastUpdatedDate: 2022-01-01T00:00:00.000Z
+        configuration:
+          projectId: PROJECT_ID
+          fileName: fileName.p8
+        _links:
+          self:
+            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
+            hints:
+              allow:
+              - DELETE
+              - GET
+              - PUT
+    RateLimitAdminNotificationsDisabled:
+      value:
+        notificationsEnabled: false
+    RateLimitAdminNotificationsEnabled:
+      value:
+        notificationsEnabled: true
+    ResourceSetBindingAddMembersRequestExample:
+      value:
+        additions:
+        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
+        - "https://{yourOktaDomain}/api/v1/users/00u67DU2qNCjNZYO0g3"
+    ResourceSetBindingCreateRequestExample:
+      value:
+        role: cr0Yq6IJxGIr0ouum0g3
+        members:
+        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
+    ResourceSetBindingMemberResponse:
+      value:
+        id: irb1qe6PGuMc7Oh8N0g4
+        created: 2021-02-06T16:20:57.000Z
+        lastUpdated: 2021-02-06T16:20:57.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3"
+    ResourceSetBindingMembersResponse:
+      value:
+        members:
+        - id: irb1qe6PGuMc7Oh8N0g4
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3"
+        - id: irb1q92TFAHzySt3x0g4
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
+        _links:
+          binding:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
+          next:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members?after=0ouRq6IJmGIr3ouum0g3"
+    ResourceSetBindingResponseExample:
+      value:
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
+          bindings:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
+          resource-set:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
+    ResourceSetBindingResponseWithIdExample:
+      value:
+        id: cr0Yq6IJxGIr0ouum0g3
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
+          bindings:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
+          resource-set:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
+    ResourceSetBindingsResponse:
+      value:
+        roles:
+        - id: cr0WxyzJxGIr0ouum0g4
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0WxyzJxGIr0ouum0g4"
+            members:
+              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0WxyzJxGIr0ouum0g4/members"
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
+          resource-set:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
+          next:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings?after=cr0WxyzJxGIr0ouum0g4"
+    ResourceSetRequest:
+      value:
+        label: SF-IT-People
+        description: People in the IT department of San Francisco
+        resources:
+        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
+        - "https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
+        - "https://{yourOktaDomain}/api/v1/users"
+    ResourceSetResourcePatchRequestExample:
+      value:
+        additions:
+        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
+        - "https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
+    ResourceSetResourcesResponse:
+      value:
+        resources:
+        - id: ire106sQKoHoXXsAe0g4
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
+        - id: ire106riDrTYl4qA70g4
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
+        - id: irezvo4AwE2ngpMw40g3
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            users:
+              href: "https://{yourOktaDomain}/api/v1/users"
+            groups:
+              href: "https://{yourOktaDomain}/api/v1/groups"
+        _links:
+          next:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources?after=irezvn1ZZxLSIBM2J0g3"
+          resource-set:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
+    ResourceSetResponse:
+      value:
+        id: iamoJDFKaJxGIr0oamd9g
+        label: SF-IT-People
+        description: People in the IT department of San Francisco
+        created: 2021-02-06T16:20:57.000Z
+        lastUpdated: 2021-02-06T16:20:57.000Z
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
+          resources:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
+          bindings:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
+    ResourceSetsResponse:
+      value:
+        resource-sets:
+        - id: iamoJDFKaJxGIr0oamd9g
+          label: SF-IT-1
+          description: First San Francisco IT Resource Set
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
+            resources:
+              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
+            bindings:
+              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
+        - id: iamoJDFKaJxGIr0oamd0q
+          label: SF-IT-2
+          description: Second San Francisco IT Resource Set
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q"
+            resources:
+              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/resources"
+            bindings:
+              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/bindings"
+        _links:
+          next:
+            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets?after=iamoJDFKaJxGIr0oamd0q"
+    RiskEventsRequest:
+      value:
+      - timestamp: 2021-01-20T00:00:00.001Z
+        subjects:
+        - ip: 6.7.6.7
+          riskLevel: MEDIUM
+        - ip: 1.1.1.1
+          riskLevel: HIGH
+          message: Detected Attack tooling and suspicious activity
+      - timestamp: 2021-01-20T01:00:00.001Z
+        subjects:
+        - ip: 6.7.6.7
+          riskLevel: LOW
+        - ip: 2.2.2.2
+          riskLevel: HIGH
+    RiskProviderRequest:
+      value:
+        name: Risk-Partner-X
+        action: log_only
+        clientId: 00ckjsfgjkdkjdkkljjsd
+    RiskProviderResponse:
+      value:
+        id: 00rp12r4skkjkjgsn
+        action: log_only
+        name: Risk-Partner-X
+        clientId: 00ckjsfgjkdkjdkkljjsd
+        created: 2021-01-05 22:18:30
+        lastUpdated: 2021-01-05 21:23:10
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn"
+            hints:
+              allow:
+              - GET
+              - PUT
+    RoleRequest:
+      value:
+        label: UserCreator
+        description: Create users
+        permissions:
+        - okta.users.create
+        - okta.users.read
+        - okta.groups.read
+        - okta.users.userprofile.manage
+    RoleResponse:
+      value:
+        id: cr0Yq6IJxGIr0ouum0g3
+        label: UserCreator
+        description: Create users
+        created: 2021-02-06T16:20:57.000Z
+        lastUpdated: 2021-02-06T16:20:57.000Z
+        _links:
+          permissions:
+            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions"
+          self:
+            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
+    RolesResponse:
+      value:
+        roles:
+        - id: cr0Yq6IJxGIr0ouum0g3
+          label: UserCreator
+          description: Create users
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            permissions:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions"
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
+        - id: cr0Fw7HKcWIroo88m3r1
+          label: GroupMembershipManager
+          description: Manage group membership
+          created: 2021-02-06T16:20:57.000Z
+          lastUpdated: 2021-02-06T16:20:57.000Z
+          _links:
+            permissions:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Fw7HKcWIroo88m3r1/permissions"
+            self:
+              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Fw7HKcWIroo88m3r1"
+        _links:
+          next:
+            href: "https://{yourOktaDomain}/api/v1/iam/roles?after=cr0Fw7HKcWIroo88m3r1"
+    TriggerSessionResponse:
+      value:
+      - id: uij4ri8ZLk0ywyqxB0g4
+        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+        status: TRIGGERED
+        importType: INCREMENTAL
+    UpdateBrandRequest:
+      value:
+        customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
+        agreeToCustomPrivacyPolicy: true
+        removePoweredByOkta: true
+        name: New Name For Brand
+    UpdateBrandResponse:
+      value:
+        id: bnd114iNkrcN6aR680g4
+        removePoweredByOkta: true
+        agreeToCustomPrivacyPolicy: true
+        name: New Name For Brand
+        isDefault: true
+        customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
+        _links:
+          self:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4"
+            hints:
+              allow:
+              - GET
+              - PUT
+              - DELETE
+          themes:
+            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes"
+            hints:
+              allow:
+              - GET
+    UpdateEmailDomainRequest:
+      value:
+        displayName: IT Admin
+        username: noreply
+    UpdatedEmailDomainResponse:
+      value:
+        id: OeD114iNkrcN6aR680g4
+        validationStatus: NOT_STARTED
+        displayName: IT Admin
+        username: noreply
+        domain: example.com
+        dnsValidationRecords:
+        - recordType: TXT
+          fqdn: _oktaverification.example.com
+          verificationValue: 759080212bda43e3bc825a7d73b4bb64
+        - recordType: CNAME
+          fqdn: mail.example.com
+          verificationValue: u22224444.wl024.sendgrid.net
+        - recordType: CNAME
+          fqdn: t02._domainkey.example.com
+          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+        - recordType: CNAME
+          fqdn: t022._domainkey.example.com
+          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+    UserSchemaAddRequest:
+      value:
+        definitions:
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: Twitter Username
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+                permissions:
+                - principal: SELF
+                  action: READ_WRITE
+            required: []
+    UserSchemaResponse:
+      value:
+        id: "https://{yourOktaDomain}/meta/schemas/user/default"
+        $schema: http://json-schema.org/draft-04/schema#
+        name: user
+        title: Default Okta User
+        lastUpdated: 2015-09-05T10:40:45.000Z
+        created: 2015-02-02T10:27:36.000Z
+        definitions:
+          base:
+            id: '#base'
+            type: object
+            properties:
+              login:
+                title: Username
+                type: string
+                required: true
+                minLength: 5
+                maxLength: 100
+                permissions:
+                - principal: SELF
+                  action: READ_WRITE
+              firstName:
+                title: First name
+                type: string
+                required: true
+                minLength: 1
+                maxLength: 50
+                permissions:
+                - principal: SELF
+                  action: READ_WRITE
+              lastName:
+                title: Last name
+                type: string
+                required: true
+                minLength: 1
+                maxLength: 50
+                permissions:
+                - principal: SELF
+                  action: READ_WRITE
+              email:
+                title: Primary email
+                type: string
+                required: true
+                format: email
+                permissions:
+                - principal: SELF
+                  action: READ_WRITE
+            required:
+            - login
+            - firstName
+            - lastName
+            - email
+          custom:
+            id: '#custom'
+            type: object
+            properties:
+              twitterUserName:
+                title: Twitter username
+                description: User's username for twitter.com
+                type: string
+                required: false
+                minLength: 1
+                maxLength: 20
+                permissions:
+                - principal: SELF
+                  action: READ_WRITE
+            required: []
+        type: object
+        properties:
+          profile:
+            allOf:
+            - $ref: '#/definitions/base'
+            - $ref: '#/definitions/custom'
+    VerifiedEmailDomainResponse:
+      value:
+        id: OeD114iNkrcN6aR680g4
+        validationStatus: VERIFIED
+        displayName: IT Admin
+        username: noreply
+        domain: example.com
+        dnsValidationRecords:
+        - recordType: TXT
+          fqdn: _oktaverification.example.com
+          verificationValue: 759080212bda43e3bc825a7d73b4bb64
+        - recordType: CNAME
+          fqdn: mail.example.com
+          verificationValue: u22224444.wl024.sendgrid.net
+        - recordType: CNAME
+          fqdn: t02._domainkey.example.com
+          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+        - recordType: CNAME
+          fqdn: t022._domainkey.example.com
+          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+    WellKnownOrgMetadataResponseClassic:
+      value:
+        id: 00o5rb5mt2H3d1TJd0h7
+        _links:
+          organization:
+            href: "https://{{yourOktaDomain}}"
+        pipeline: v1
+        settings:
+          analyticsCollectionEnabled: false
+          bugReportingEnabled: true
+          omEnabled: true
+    WellKnownOrgMetadataResponseCustomUrlOie:
+      value:
+        id: 00o47wwoytgsDqEtz0g7
+        _links:
+          organization:
+            href: "https://{{yourSubdomain}}.okta.com"
+          alternate:
+            href: "https://{{yourCustomDomain}}"
+        pipeline: idx
+        settings:
+          analyticsCollectionEnabled: false
+          bugReportingEnabled: true
+          omEnabled: false
+  parameters:
+    pathApiTokenId:
+      description: id of the API Token
+      explode: false
+      in: path
+      name: apiTokenId
+      required: true
+      schema:
+        example: 00Tabcdefg1234567890
+        type: string
+      style: simple
+    pathBehaviorId:
+      description: id of the Behavior Detection Rule
+      explode: false
+      in: path
+      name: behaviorId
+      required: true
+      schema:
+        example: abcd1234
+        type: string
+      style: simple
+    pathBrandId:
+      description: The ID of the brand.
+      explode: false
+      in: path
+      name: brandId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathCaptchaId:
+      description: id of the CAPTCHA
+      explode: false
+      in: path
+      name: captchaId
+      required: true
+      schema:
+        example: abcd1234
+        type: string
+      style: simple
+    pathCustomizationId:
+      description: The ID of the email customization.
+      explode: false
+      in: path
+      name: customizationId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathDeviceAssuranceId:
+      description: Id of the Device Assurance Policy
+      explode: false
+      in: path
+      name: deviceAssuranceId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathDeviceId:
+      description: '`id` of the device'
+      explode: false
+      in: path
+      name: deviceId
+      required: true
+      schema:
+        example: guo4a5u7JHHhjXrMK0g4
+        type: string
+      style: simple
+    pathDomainId:
+      description: The ID of the domain.
+      explode: false
+      in: path
+      name: domainId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathEmailDomainId:
+      explode: false
+      in: path
+      name: emailDomainId
+      required: true
+      schema:
+        description: The ID of the email domain.
+        type: string
+      style: simple
+    pathIdentitySourceId:
+      explode: false
+      in: path
+      name: identitySourceId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathLogStreamId:
+      description: id of the log stream
+      explode: false
+      in: path
+      name: logStreamId
+      required: true
+      schema:
+        example: abcd1234
+        type: string
+      style: simple
+    pathMemberId:
+      description: '`id` of a member'
+      explode: false
+      in: path
+      name: memberId
+      required: true
+      schema:
+        example: irb1qe6PGuMc7Oh8N0g4
+        type: string
+      style: simple
+    pathPermissionType:
+      description: An okta permission type
+      explode: false
+      in: path
+      name: permissionType
+      required: true
+      schema:
+        example: okta.users.manage
+        type: string
+      style: simple
+    pathPoolId:
+      description: Id of the agent pool for which the settings will apply
+      explode: false
+      in: path
+      name: poolId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathPrincipalRateLimitId:
+      description: id of the Principal Rate Limit
+      explode: false
+      in: path
+      name: principalRateLimitId
+      required: true
+      schema:
+        example: abcd1234
+        type: string
+      style: simple
+    pathPushProviderId:
+      description: Id of the push provider
+      explode: false
+      in: path
+      name: pushProviderId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathResourceId:
+      description: '`id` of a resource'
+      explode: false
+      in: path
+      name: resourceId
+      required: true
+      schema:
+        example: ire106sQKoHoXXsAe0g4
+        type: string
+      style: simple
+    pathResourceSetId:
+      description: '`id` of a resource set'
+      explode: false
+      in: path
+      name: resourceSetId
+      required: true
+      schema:
+        example: iamoJDFKaJxGIr0oamd9g
+        type: string
+      style: simple
+    pathRiskProviderId:
+      description: '`id` of the risk provider'
+      explode: false
+      in: path
+      name: riskProviderId
+      required: true
+      schema:
+        example: 00rp12r4skkjkjgsn
+        type: string
+      style: simple
+    pathRoleIdOrLabel:
+      description: '`id` or `label` of the role'
+      explode: false
+      in: path
+      name: roleIdOrLabel
+      required: true
+      schema:
+        example: cr0Yq6IJxGIr0ouum0g3
+        type: string
+      style: simple
+    pathSessionId:
+      explode: false
+      in: path
+      name: sessionId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathTemplateName:
+      description: The name of the email template.
+      explode: false
+      in: path
+      name: templateName
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathThemeId:
+      description: The ID of the theme.
+      explode: false
+      in: path
+      name: themeId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathUpdateId:
+      description: Id of the update
+      explode: false
+      in: path
+      name: updateId
+      required: true
+      schema:
+        type: string
+      style: simple
+    pathUserId:
+      explode: false
+      in: path
+      name: userId
+      required: true
+      schema:
+        type: string
+      style: simple
+    queryAfter:
+      description: "The cursor to use for pagination. It is an opaque string that\
+        \ specifies your current location in the list and is obtained from the `Link`\
+        \ response header. See [Pagination](/#pagination) for more information."
+      explode: true
+      in: query
+      name: after
+      required: false
+      schema:
+        type: string
+      style: form
+    queryExpandEmailDomain:
+      description: Specifies additional metadata to be included in the response
+      explode: false
+      in: query
+      name: expand
+      required: false
+      schema:
+        items:
+          enum:
+          - brands
+          type: string
+        type: array
+      style: form
+    queryExpandEmailTemplate:
+      description: Specifies additional metadata to be included in the response.
+      explode: false
+      in: query
+      name: expand
+      required: false
+      schema:
+        items:
+          enum:
+          - settings
+          - customizationCount
+          type: string
+        type: array
+      style: form
+    queryExpandPageRoot:
+      description: Specifies additional metadata to be included in the response.
+      explode: false
+      in: query
+      name: expand
+      required: false
+      schema:
+        items:
+          enum:
+          - default
+          - customized
+          - customizedUrl
+          - preview
+          - previewUrl
+          type: string
+        type: array
+      style: form
+    queryLanguage:
+      description: The language to use for the email. Defaults to the current user's
+        language if unspecified.
+      explode: true
+      in: query
+      name: language
+      required: false
+      schema:
+        $ref: '#/components/schemas/Language'
+      style: form
+    queryLimit:
+      description: A limit on the number of objects to return.
+      explode: true
+      in: query
+      name: limit
+      required: false
+      schema:
+        default: 20
+        maximum: 200
+        minimum: 1
+        type: integer
+      style: form
+    queryLimitPerPoolType:
+      description: Maximum number of AgentPools being returned
+      explode: true
+      in: query
+      name: limitPerPoolType
+      required: false
+      schema:
+        default: 5
+        type: integer
+      style: form
+    queryPoolType:
+      description: Agent type to search for
+      explode: true
+      in: query
+      name: poolType
+      required: false
+      schema:
+        $ref: '#/components/schemas/AgentType'
+      style: form
+    queryScheduled:
+      description: Scope the list only to scheduled or ad-hoc updates. If the parameter
+        is not provided we will return the whole list of updates.
+      explode: true
+      in: query
+      name: scheduled
+      required: false
+      schema:
+        type: boolean
+      style: form
+  requestBodies:
+    AuthenticatorRequestBody:
+      content:
+        application/json:
+          examples:
+            Duo:
+              $ref: '#/components/examples/AuthenticatorRequestDuo'
+          schema:
+            $ref: '#/components/schemas/Authenticator'
+      required: true
+  responses:
+    ErrorApiValidationFailed400:
+      content:
+        application/json:
+          examples:
+            API Validation Failed:
+              $ref: '#/components/examples/ErrorApiValidationFailed'
+          schema:
+            $ref: '#/components/schemas/Error'
+      description: Bad Request
+    ErrorAccessDenied403:
+      content:
+        application/json:
+          examples:
+            Access Denied:
+              $ref: '#/components/examples/ErrorAccessDenied'
+          schema:
+            $ref: '#/components/schemas/Error'
+      description: Forbidden
+    ErrorResourceNotFound404:
+      content:
+        application/json:
+          examples:
+            Resource Not Found:
+              $ref: '#/components/examples/ErrorResourceNotFound'
+          schema:
+            $ref: '#/components/schemas/Error'
+      description: Not Found
+    ErrorTooManyRequests429:
+      content:
+        application/json:
+          examples:
+            Resource Not Found:
+              $ref: '#/components/examples/ErrorTooManyRequests'
+          schema:
+            $ref: '#/components/schemas/Error'
+      description: Too Many Requests
+    AuthenticatorResponse:
+      content:
+        application/json:
+          examples:
+            Duo:
+              $ref: '#/components/examples/AuthenticatorResponseDuo'
+            Email:
+              $ref: '#/components/examples/AuthenticatorResponseEmail'
+            Password:
+              $ref: '#/components/examples/AuthenticatorResponsePassword'
+            Phone:
+              $ref: '#/components/examples/AuthenticatorResponsePhone'
+            WebAuthn:
+              $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+            Security Question:
+              $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
+          schema:
+            $ref: '#/components/schemas/Authenticator'
+      description: OK
+  schemas:
+    APNSConfiguration:
+      properties:
+        fileName:
+          description: (Optional) File name for Admin Console display
+          type: string
+        keyId:
+          description: 10-character Key ID obtained from the Apple developer account
+          type: string
+        teamId:
+          description: 10-character Team ID used to develop the iOS app
+          type: string
+        tokenSigningKey:
+          description: APNs private authentication token signing key
+          type: string
+          writeOnly: true
+    APNSPushProvider:
+      allOf:
+      - $ref: '#/components/schemas/PushProvider'
+      - $ref: '#/components/schemas/APNSPushProvider_allOf'
+    AccessPolicy:
+      allOf:
+      - $ref: '#/components/schemas/Policy'
+      - $ref: '#/components/schemas/AccessPolicy_allOf'
+    AccessPolicyConstraint:
+      properties:
+        methods:
+          items:
+            type: string
+          type: array
+        reauthenticateIn:
+          type: string
+        types:
+          items:
+            type: string
+          type: array
+      type: object
+    AccessPolicyConstraints:
+      properties:
+        knowledge:
+          $ref: '#/components/schemas/KnowledgeConstraint'
+        possession:
+          $ref: '#/components/schemas/PossessionConstraint'
+      type: object
+    AccessPolicyRule:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRule'
+      - $ref: '#/components/schemas/AccessPolicyRule_allOf'
+    AccessPolicyRuleActions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleActions'
+      - $ref: '#/components/schemas/AccessPolicyRuleActions_allOf'
+    AccessPolicyRuleApplicationSignOn:
+      properties:
+        access:
+          type: string
+        verificationMethod:
+          $ref: '#/components/schemas/VerificationMethod'
+      type: object
+    AccessPolicyRuleConditions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleConditions'
+      - $ref: '#/components/schemas/AccessPolicyRuleConditions_allOf'
+    AccessPolicyRuleCustomCondition:
+      properties:
+        condition:
+          type: string
+    AcsEndpoint:
+      properties:
+        index:
+          type: integer
+        url:
+          type: string
+      type: object
+    ActivateFactorRequest:
+      example:
+        attestation: attestation
+        stateToken: stateToken
+        clientData: clientData
+        passCode: passCode
+        registrationData: registrationData
+      properties:
+        attestation:
+          type: string
+        clientData:
+          type: string
+        passCode:
+          type: string
+        registrationData:
+          type: string
+        stateToken:
+          type: string
+      type: object
+    Agent:
+      description: Agent details
+      example:
+        operationalStatus: null
+        isLatestGAedVersion: true
+        _links:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        updateStatus: null
+        name: name
+        poolId: poolId
+        id: id
+        type: null
+        version: version
+        updateMessage: updateMessage
+        isHidden: true
+        lastConnection: 2000-01-23T04:56:07.000+00:00
+      properties:
+        id:
+          readOnly: true
+          type: string
+        isHidden:
+          type: boolean
+        isLatestGAedVersion:
+          type: boolean
+        lastConnection:
+          format: date-time
+          type: string
+        name:
+          type: string
+        operationalStatus:
+          $ref: '#/components/schemas/OperationalStatus'
+        poolId:
+          type: string
+        type:
+          $ref: '#/components/schemas/AgentType'
+        updateMessage:
+          type: string
+        updateStatus:
+          $ref: '#/components/schemas/AgentUpdateInstanceStatus'
+        version:
+          type: string
+        _links:
+          $ref: '#/components/schemas/HrefObject'
+      type: object
+    AgentPool:
+      description: "An AgentPool is a collection of agents that serve a common purpose.\
+        \ An AgentPool has a unique ID within an org, and contains a collection of\
+        \ agents disjoint to every other AgentPool (i.e. no two AgentPools share an\
+        \ Agent)."
+      example:
+        operationalStatus: null
+        name: name
+        id: id
+        type: null
+        agents:
+        - operationalStatus: null
+          isLatestGAedVersion: true
+          _links:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          updateStatus: null
+          name: name
+          poolId: poolId
+          id: id
+          type: null
+          version: version
+          updateMessage: updateMessage
+          isHidden: true
+          lastConnection: 2000-01-23T04:56:07.000+00:00
+        - operationalStatus: null
+          isLatestGAedVersion: true
+          _links:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          updateStatus: null
+          name: name
+          poolId: poolId
+          id: id
+          type: null
+          version: version
+          updateMessage: updateMessage
+          isHidden: true
+          lastConnection: 2000-01-23T04:56:07.000+00:00
+      properties:
+        agents:
+          items:
+            $ref: '#/components/schemas/Agent'
+          type: array
+        id:
+          readOnly: true
+          type: string
+        name:
+          type: string
+        operationalStatus:
+          $ref: '#/components/schemas/OperationalStatus'
+        type:
+          $ref: '#/components/schemas/AgentType'
+      type: object
+    AgentPoolUpdate:
+      description: Various information about agent auto update configuration
+      example:
+        reason: reason
+        schedule:
+          cron: cron
+          duration: 6
+          lastUpdated: 2000-01-23T04:56:07.000+00:00
+          delay: 0
+          timezone: timezone
+        agentType: null
+        notifyAdmin: true
+        _links:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        sortOrder: 1
+        name: name
+        id: id
+        enabled: true
+        agents:
+        - operationalStatus: null
+          isLatestGAedVersion: true
+          _links:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          updateStatus: null
+          name: name
+          poolId: poolId
+          id: id
+          type: null
+          version: version
+          updateMessage: updateMessage
+          isHidden: true
+          lastConnection: 2000-01-23T04:56:07.000+00:00
+        - operationalStatus: null
+          isLatestGAedVersion: true
+          _links:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          updateStatus: null
+          name: name
+          poolId: poolId
+          id: id
+          type: null
+          version: version
+          updateMessage: updateMessage
+          isHidden: true
+          lastConnection: 2000-01-23T04:56:07.000+00:00
+        status: null
+        targetVersion: targetVersion
+      properties:
+        agents:
+          items:
+            $ref: '#/components/schemas/Agent'
+          type: array
+        agentType:
+          $ref: '#/components/schemas/AgentType'
+        enabled:
+          type: boolean
+        id:
+          readOnly: true
+          type: string
+        name:
+          type: string
+        notifyAdmin:
+          type: boolean
+        reason:
+          type: string
+        schedule:
+          $ref: '#/components/schemas/AutoUpdateSchedule'
+        sortOrder:
+          type: integer
+        status:
+          $ref: '#/components/schemas/AgentUpdateJobStatus'
+        targetVersion:
+          type: string
+        _links:
+          $ref: '#/components/schemas/HrefObject'
+      type: object
+    AgentPoolUpdateSetting:
+      description: Setting for auto-update
+      example:
+        releaseChannel: null
+        agentType: null
+        latestVersion: latestVersion
+        poolId: poolId
+        continueOnError: true
+        minimalSupportedVersion: minimalSupportedVersion
+        poolName: poolName
+      properties:
+        agentType:
+          $ref: '#/components/schemas/AgentType'
+        continueOnError:
+          type: boolean
+        latestVersion:
+          type: string
+        minimalSupportedVersion:
+          type: string
+        poolId:
+          readOnly: true
+          type: string
+        poolName:
+          type: string
+        releaseChannel:
+          $ref: '#/components/schemas/ReleaseChannel'
+      type: object
+    AgentType:
+      description: Agent types that are being monitored
+      enum:
+      - AD
+      - IWA
+      - LDAP
+      - MFA
+      - OPP
+      - RUM
+      - Radius
+      type: string
+    AgentUpdateInstanceStatus:
+      description: Status for one agent regarding the status to auto-update that agent
+      enum:
+      - Cancelled
+      - Failed
+      - InProgress
+      - PendingCompletion
+      - Scheduled
+      - Success
+      type: string
+    AgentUpdateJobStatus:
+      description: Overall state for the auto-update job from admin perspective
+      enum:
+      - Cancelled
+      - Failed
+      - InProgress
+      - Paused
+      - Scheduled
+      - Success
+      type: string
+    AllowedForEnum:
+      enum:
+      - any
+      - none
+      - recovery
+      - sso
+      type: string
+    ApiToken:
+      description: An API token for an Okta User. This token is NOT scoped any further
+        and can be used for any API the user has permissions to call.
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        tokenWindow: tokenWindow
+        _link:
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        clientName: clientName
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        id: id
+        userId: userId
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+      properties:
+        clientName:
+          readOnly: true
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        tokenWindow:
+          description: "A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations)."
+          pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$
+          type: string
+        userId:
+          type: string
+        _link:
+          $ref: '#/components/schemas/ApiToken__link'
+      required:
+      - name
+      title: API Token
+      type: object
+    AppAndInstanceConditionEvaluatorAppOrInstance:
+      properties:
+        id:
+          readOnly: true
+          type: string
+        name:
+          type: string
+        type:
+          $ref: '#/components/schemas/AppAndInstanceType'
+      type: object
+    AppAndInstancePolicyRuleCondition:
+      properties:
+        exclude:
+          items:
+            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
+          type: array
+        include:
+          items:
+            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
+          type: array
+      type: object
+    AppAndInstanceType:
+      enum:
+      - APP
+      - APP_TYPE
+      type: string
+    AppInstancePolicyRuleCondition:
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    AppLink:
+      example:
+        appInstanceId: appInstanceId
+        credentialsSetup: true
+        hidden: true
+        appName: appName
+        appAssignmentId: appAssignmentId
+        sortOrder: 0
+        linkUrl: linkUrl
+        id: id
+        label: label
+        logoUrl: logoUrl
+      properties:
+        appAssignmentId:
+          readOnly: true
+          type: string
+        appInstanceId:
+          readOnly: true
+          type: string
+        appName:
+          readOnly: true
+          type: string
+        credentialsSetup:
+          readOnly: true
+          type: boolean
+        hidden:
+          readOnly: true
+          type: boolean
+        id:
+          readOnly: true
+          type: string
+        label:
+          readOnly: true
+          type: string
+        linkUrl:
+          readOnly: true
+          type: string
+        logoUrl:
+          readOnly: true
+          type: string
+        sortOrder:
+          readOnly: true
+          type: integer
+      type: object
+    AppUser:
+      example:
+        credentials:
+          password:
+            value: value
+          userName: userName
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        profile:
+          key: "{}"
+        syncState: syncState
+        externalId: externalId
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        passwordChanged: 2000-01-23T04:56:07.000+00:00
+        lastSync: 2000-01-23T04:56:07.000+00:00
+        _embedded:
+          key: "{}"
+        scope: scope
+        statusChanged: 2000-01-23T04:56:07.000+00:00
+        id: id
+        status: status
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        credentials:
+          $ref: '#/components/schemas/AppUserCredentials'
+        externalId:
+          readOnly: true
+          type: string
+        id:
+          readOnly: false
+          type: string
+        lastSync:
+          format: date-time
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        passwordChanged:
+          format: date-time
+          readOnly: true
+          type: string
+        profile:
+          additionalProperties:
+            properties: {}
+            type: object
+          type: object
+        scope:
+          type: string
+        status:
+          readOnly: true
+          type: string
+        statusChanged:
+          format: date-time
+          readOnly: true
+          type: string
+        syncState:
+          readOnly: true
+          type: string
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    AppUserCredentials:
+      example:
+        password:
+          value: value
+        userName: userName
+      properties:
+        password:
+          $ref: '#/components/schemas/AppUserPasswordCredential'
+        userName:
+          type: string
+      type: object
+    AppUserPasswordCredential:
+      example:
+        value: value
+      properties:
+        value:
+          format: password
+          type: string
+      type: object
+    Application:
+      discriminator:
+        mapping:
+          AUTO_LOGIN: '#/components/schemas/AutoLoginApplication'
+          BASIC_AUTH: '#/components/schemas/BasicAuthApplication'
+          BOOKMARK: '#/components/schemas/BookmarkApplication'
+          BROWSER_PLUGIN: '#/components/schemas/BrowserPluginApplication'
+          OPENID_CONNECT: '#/components/schemas/OpenIdConnectApplication'
+          SAML_1_1: '#/components/schemas/SamlApplication'
+          SAML_2_0: '#/components/schemas/SamlApplication'
+          SECURE_PASSWORD_STORE: '#/components/schemas/SecurePasswordStoreApplication'
+          WS_FEDERATION: '#/components/schemas/WsFederationApplication'
+        propertyName: signOnMode
+      properties:
+        accessibility:
+          $ref: '#/components/schemas/ApplicationAccessibility'
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        features:
+          items:
+            type: string
+          type: array
+        id:
+          readOnly: true
+          type: string
+        label:
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        licensing:
+          $ref: '#/components/schemas/ApplicationLicensing'
+        profile:
+          additionalProperties:
+            properties: {}
+            type: object
+          type: object
+        signOnMode:
+          $ref: '#/components/schemas/ApplicationSignOnMode'
+        status:
+          $ref: '#/components/schemas/ApplicationLifecycleStatus'
+        visibility:
+          $ref: '#/components/schemas/ApplicationVisibility'
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          $ref: '#/components/schemas/ApplicationLinks'
+      type: object
+    ApplicationAccessibility:
+      properties:
+        errorRedirectUrl:
+          type: string
+        loginRedirectUrl:
+          type: string
+        selfService:
+          type: boolean
+      type: object
+    ApplicationCredentials:
+      properties:
+        signing:
+          $ref: '#/components/schemas/ApplicationCredentialsSigning'
+        userNameTemplate:
+          $ref: '#/components/schemas/ApplicationCredentialsUsernameTemplate'
+      type: object
+    ApplicationCredentialsOAuthClient:
+      properties:
+        autoKeyRotation:
+          type: boolean
+        client_id:
+          type: string
+        client_secret:
+          type: string
+        token_endpoint_auth_method:
+          $ref: '#/components/schemas/OAuthEndpointAuthenticationMethod'
+      type: object
+    ApplicationCredentialsScheme:
+      enum:
+      - ADMIN_SETS_CREDENTIALS
+      - EDIT_PASSWORD_ONLY
+      - EDIT_USERNAME_AND_PASSWORD
+      - EXTERNAL_PASSWORD_SYNC
+      - SHARED_USERNAME_AND_PASSWORD
+      type: string
+    ApplicationCredentialsSigning:
+      properties:
+        kid:
+          type: string
+        lastRotated:
+          format: date-time
+          readOnly: true
+          type: string
+        nextRotation:
+          format: date-time
+          readOnly: true
+          type: string
+        rotationMode:
+          type: string
+        use:
+          $ref: '#/components/schemas/ApplicationCredentialsSigningUse'
+      type: object
+    ApplicationCredentialsSigningUse:
+      enum:
+      - sig
+      type: string
+    ApplicationCredentialsUsernameTemplate:
+      properties:
+        pushStatus:
+          type: string
+        template:
+          type: string
+        type:
+          type: string
+        userSuffix:
+          type: string
+      type: object
+    ApplicationFeature:
+      example:
+        capabilities:
+          create:
+            lifecycleCreate:
+              status: null
+          update:
+            password:
+              seed: null
+              change: null
+              status: null
+            profile:
+              status: null
+            lifecycleDeactivate:
+              status: null
+        _links:
+          key: "{}"
+        name: name
+        description: description
+        status: null
+      properties:
+        capabilities:
+          $ref: '#/components/schemas/CapabilitiesObject'
+        description:
+          type: string
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ApplicationGroupAssignment:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _embedded:
+          key: "{}"
+        _links:
+          key: "{}"
+        profile:
+          key: "{}"
+        id: id
+        priority: 0
+      properties:
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        priority:
+          type: integer
+        profile:
+          additionalProperties:
+            properties: {}
+            type: object
+          type: object
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ApplicationLabel:
+      type: string
+    ApplicationLayout:
+      example:
+        elements:
+        - key: ""
+        - key: ""
+        scope: scope
+        options:
+          key: ""
+        rule:
+          condition:
+            schema:
+              key: ""
+            scope: scope
+          effect: effect
+        label: label
+        type: type
+      properties:
+        elements:
+          items:
+            additionalProperties: true
+            type: object
+          type: array
+        label:
+          type: string
+        options:
+          additionalProperties: {}
+          type: object
+        rule:
+          $ref: '#/components/schemas/ApplicationLayout_rule'
+        scope:
+          type: string
+        type:
+          type: string
+      type: object
+    ApplicationLayoutRuleCondition:
+      example:
+        schema:
+          key: ""
+        scope: scope
+      properties:
+        schema:
+          additionalProperties: {}
+          type: object
+        scope:
+          type: string
+      type: object
+    ApplicationLicensing:
+      properties:
+        seatCount:
+          type: integer
+      type: object
+    ApplicationLifecycleStatus:
+      enum:
+      - ACTIVE
+      - DELETED
+      - INACTIVE
+      readOnly: true
+      type: string
+    ApplicationLinks:
+      additionalProperties: true
+      properties:
+        accessPolicy:
+          $ref: '#/components/schemas/HrefObject'
+        activate:
+          $ref: '#/components/schemas/HrefObject'
+        deactivate:
+          $ref: '#/components/schemas/HrefObject'
+        groups:
+          $ref: '#/components/schemas/HrefObject'
+        logo:
+          items:
+            $ref: '#/components/schemas/HrefObject'
+          type: array
+        metadata:
+          $ref: '#/components/schemas/HrefObject'
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        users:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    ApplicationSettings:
+      properties:
+        identityStoreId:
+          type: string
+        implicitAssignment:
+          type: boolean
+        inlineHookId:
+          type: string
+        notes:
+          $ref: '#/components/schemas/ApplicationSettingsNotes'
+        notifications:
+          $ref: '#/components/schemas/ApplicationSettingsNotifications'
+      type: object
+    ApplicationSettingsNotes:
+      properties:
+        admin:
+          type: string
+        enduser:
+          type: string
+      type: object
+    ApplicationSettingsNotifications:
+      properties:
+        vpn:
+          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpn'
+      type: object
+    ApplicationSettingsNotificationsVpn:
+      properties:
+        helpUrl:
+          type: string
+        message:
+          type: string
+        network:
+          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpnNetwork'
+      type: object
+    ApplicationSettingsNotificationsVpnNetwork:
+      properties:
+        connection:
+          type: string
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    ApplicationSignOnMode:
+      enum:
+      - AUTO_LOGIN
+      - BASIC_AUTH
+      - BOOKMARK
+      - BROWSER_PLUGIN
+      - OPENID_CONNECT
+      - SAML_1_1
+      - SAML_2_0
+      - SECURE_PASSWORD_STORE
+      - WS_FEDERATION
+      type: string
+    ApplicationVisibility:
+      properties:
+        appLinks:
+          additionalProperties:
+            type: boolean
+          type: object
+        autoLaunch:
+          type: boolean
+        autoSubmitToolbar:
+          type: boolean
+        hide:
+          $ref: '#/components/schemas/ApplicationVisibilityHide'
+      type: object
+    ApplicationVisibilityHide:
+      properties:
+        iOS:
+          type: boolean
+        web:
+          type: boolean
+      type: object
+    AssignRoleRequest:
+      example:
+        type: null
+      properties:
+        type:
+          $ref: '#/components/schemas/RoleType'
+      type: object
+    AuthenticationProvider:
+      example:
+        name: name
+        type: null
+      properties:
+        name:
+          type: string
+        type:
+          $ref: '#/components/schemas/AuthenticationProviderType'
+      type: object
+    AuthenticationProviderType:
+      enum:
+      - ACTIVE_DIRECTORY
+      - FEDERATION
+      - IMPORT
+      - LDAP
+      - OKTA
+      - SOCIAL
+      type: string
+    Authenticator:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        settings:
+          appInstanceId: appInstanceId
+          allowedFor: null
+          userVerification: null
+          channelBinding:
+            style: style
+            required: null
+          compliance:
+            fips: null
+          tokenLifetimeInMinutes: 6
+        provider:
+          configuration:
+            hostName: hostName
+            instanceId: instanceId
+            authPort: 0
+            userNameTemplate:
+              template: template
+            sharedSecret: sharedSecret
+          type: type
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        id: id
+        type: null
+        key: key
+        status: null
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        key:
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        provider:
+          $ref: '#/components/schemas/AuthenticatorProvider'
+        settings:
+          $ref: '#/components/schemas/AuthenticatorSettings'
+        status:
+          $ref: '#/components/schemas/AuthenticatorStatus'
+        type:
+          $ref: '#/components/schemas/AuthenticatorType'
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    AuthenticatorProvider:
+      example:
+        configuration:
+          hostName: hostName
+          instanceId: instanceId
+          authPort: 0
+          userNameTemplate:
+            template: template
+          sharedSecret: sharedSecret
+        type: type
+      properties:
+        configuration:
+          $ref: '#/components/schemas/AuthenticatorProviderConfiguration'
+        type:
+          type: string
+    AuthenticatorProviderConfiguration:
+      example:
+        hostName: hostName
+        instanceId: instanceId
+        authPort: 0
+        userNameTemplate:
+          template: template
+        sharedSecret: sharedSecret
+      properties:
+        authPort:
+          type: integer
+        hostName:
+          type: string
+        instanceId:
+          type: string
+        sharedSecret:
+          type: string
+        userNameTemplate:
+          $ref: '#/components/schemas/AuthenticatorProviderConfigurationUserNameTemplate'
+    AuthenticatorProviderConfigurationUserNameTemplate:
+      example:
+        template: template
+      properties:
+        template:
+          type: string
+    AuthenticatorSettings:
+      example:
+        appInstanceId: appInstanceId
+        allowedFor: null
+        userVerification: null
+        channelBinding:
+          style: style
+          required: null
+        compliance:
+          fips: null
+        tokenLifetimeInMinutes: 6
+      properties:
+        allowedFor:
+          $ref: '#/components/schemas/AllowedForEnum'
+        appInstanceId:
+          type: string
+        channelBinding:
+          $ref: '#/components/schemas/ChannelBinding'
+        compliance:
+          $ref: '#/components/schemas/Compliance'
+        tokenLifetimeInMinutes:
+          type: integer
+        userVerification:
+          $ref: '#/components/schemas/UserVerificationEnum'
+      type: object
+    AuthenticatorStatus:
+      enum:
+      - ACTIVE
+      - INACTIVE
+      type: string
+    AuthenticatorType:
+      enum:
+      - app
+      - email
+      - federated
+      - password
+      - phone
+      - security_key
+      - security_question
+      type: string
+    AuthorizationServer:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        credentials:
+          signing:
+            nextRotation: 2000-01-23T04:56:07.000+00:00
+            use: null
+            kid: kid
+            rotationMode: null
+            lastRotated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        audiences:
+        - audiences
+        - audiences
+        description: description
+        id: id
+        issuer: issuer
+        issuerMode: null
+        status: null
+      properties:
+        audiences:
+          items:
+            type: string
+          type: array
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        credentials:
+          $ref: '#/components/schemas/AuthorizationServerCredentials'
+        description:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        issuer:
+          type: string
+        issuerMode:
+          $ref: '#/components/schemas/IssuerMode'
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    AuthorizationServerCredentials:
+      example:
+        signing:
+          nextRotation: 2000-01-23T04:56:07.000+00:00
+          use: null
+          kid: kid
+          rotationMode: null
+          lastRotated: 2000-01-23T04:56:07.000+00:00
+      properties:
+        signing:
+          $ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig'
+      type: object
+    AuthorizationServerCredentialsRotationMode:
+      enum:
+      - AUTO
+      - MANUAL
+      type: string
+    AuthorizationServerCredentialsSigningConfig:
+      example:
+        nextRotation: 2000-01-23T04:56:07.000+00:00
+        use: null
+        kid: kid
+        rotationMode: null
+        lastRotated: 2000-01-23T04:56:07.000+00:00
+      properties:
+        kid:
+          type: string
+        lastRotated:
+          format: date-time
+          readOnly: true
+          type: string
+        nextRotation:
+          format: date-time
+          readOnly: true
+          type: string
+        rotationMode:
+          $ref: '#/components/schemas/AuthorizationServerCredentialsRotationMode'
+        use:
+          $ref: '#/components/schemas/AuthorizationServerCredentialsUse'
+      type: object
+    AuthorizationServerCredentialsUse:
+      enum:
+      - sig
+      type: string
+    AuthorizationServerPolicy:
+      allOf:
+      - $ref: '#/components/schemas/Policy'
+      - $ref: '#/components/schemas/AccessPolicy_allOf'
+    AuthorizationServerPolicyRule:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRule'
+      - $ref: '#/components/schemas/AuthorizationServerPolicyRule_allOf'
+    AuthorizationServerPolicyRuleActions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleActions'
+      - $ref: '#/components/schemas/AuthorizationServerPolicyRuleActions_allOf'
+    AuthorizationServerPolicyRuleConditions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleConditions'
+      - $ref: '#/components/schemas/AuthorizationServerPolicyRuleConditions_allOf'
+    AutoLoginApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/AutoLoginApplication_allOf'
+    AutoLoginApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/AutoLoginApplicationSettings_allOf'
+    AutoLoginApplicationSettingsSignOn:
+      properties:
+        loginUrl:
+          type: string
+        redirectUrl:
+          type: string
+      type: object
+    AutoUpdateSchedule:
+      description: The schedule of auto-update configured by admin.
+      example:
+        cron: cron
+        duration: 6
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        delay: 0
+        timezone: timezone
+      properties:
+        cron:
+          type: string
+        delay:
+          description: delay in days
+          type: integer
+        duration:
+          description: duration in minutes
+          type: integer
+        lastUpdated:
+          description: "last time when the updated finished (success or failed, exclude\
+            \ cancelled), null if job haven't finished once yet."
+          format: date-time
+          type: string
+        timezone:
+          type: string
+      type: object
+    AwsRegion:
+      description: An AWS region
+      enum:
+      - ca-central-1
+      - eu-central-1
+      - eu-north-1
+      - eu-south-1
+      - eu-west-1
+      - eu-west-2
+      - eu-west-3
+      - us-east-1
+      - us-east-2
+      - us-west-1
+      - us-west-2
+      type: string
+    BaseEmailDomain:
+      properties:
+        displayName:
+          type: string
+        userName:
+          type: string
+      required:
+      - displayName
+      - userName
+      type: object
+    BasicApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/BasicApplicationSettings_allOf'
+    BasicApplicationSettingsApplication:
+      properties:
+        authURL:
+          type: string
+        url:
+          type: string
+      type: object
+    BasicAuthApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/BasicAuthApplication_allOf'
+      x-okta-defined-as:
+        name: template_basic_auth
+    BeforeScheduledActionPolicyRuleCondition:
+      properties:
+        duration:
+          $ref: '#/components/schemas/Duration'
+        lifecycleAction:
+          $ref: '#/components/schemas/ScheduledUserLifecycleAction'
+      type: object
+    BehaviorRule:
+      discriminator:
+        mapping:
+          ANOMALOUS_LOCATION: '#/components/schemas/BehaviorRuleAnomalousLocation'
+          ANOMALOUS_IP: '#/components/schemas/BehaviorRuleAnomalousIP'
+          ANOMALOUS_DEVICE: '#/components/schemas/BehaviorRuleAnomalousDevice'
+          VELOCITY: '#/components/schemas/BehaviorRuleVelocity'
+        propertyName: type
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _link:
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        id: id
+        type: null
+        status: null
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          maxLength: 128
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/BehaviorRuleType'
+        _link:
+          $ref: '#/components/schemas/ApiToken__link'
+      required:
+      - name
+      - type
+      title: Behavior Detection Rule
+      type: object
+    BehaviorRuleAnomalousDevice:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRule'
+      - $ref: '#/components/schemas/BehaviorRuleAnomalousDevice_allOf'
+    BehaviorRuleAnomalousIP:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRule'
+      - $ref: '#/components/schemas/BehaviorRuleAnomalousIP_allOf'
+    BehaviorRuleAnomalousLocation:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRule'
+      - $ref: '#/components/schemas/BehaviorRuleAnomalousLocation_allOf'
+    BehaviorRuleSettings:
+      title: Behavior Detection Rule Settings
+      type: object
+    BehaviorRuleSettingsAnomalousDevice:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
+    BehaviorRuleSettingsAnomalousIP:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
+      - $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousIP_allOf'
+    BehaviorRuleSettingsAnomalousLocation:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
+      - $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousLocation_allOf'
+    BehaviorRuleSettingsHistoryBased:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRuleSettings'
+      - $ref: '#/components/schemas/Behavior_Detection_Rule_Settings_based_on_Event_History'
+    BehaviorRuleSettingsVelocity:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRuleSettings'
+      - $ref: '#/components/schemas/Behavior_Detection_Rule_Settings_based_on_device_velocity_in_kilometers_per_hour_'
+    BehaviorRuleType:
+      enum:
+      - ANOMALOUS_DEVICE
+      - ANOMALOUS_IP
+      - ANOMALOUS_LOCATION
+      - VELOCITY
+      type: string
+    BehaviorRuleVelocity:
+      allOf:
+      - $ref: '#/components/schemas/BehaviorRule'
+      - $ref: '#/components/schemas/BehaviorRuleVelocity_allOf'
+    BookmarkApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/BookmarkApplication_allOf'
+      x-okta-defined-as:
+        name: bookmark
+    BookmarkApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/BookmarkApplicationSettings_allOf'
+    BookmarkApplicationSettingsApplication:
+      properties:
+        requestIntegration:
+          type: boolean
+        url:
+          type: string
+      type: object
+    BouncesRemoveListError:
+      example:
+        reason: reason
+        emailAddress: emailAddress
+      properties:
+        emailAddress:
+          type: string
+        reason:
+          type: string
+      type: object
+    BouncesRemoveListObj:
+      example:
+        emailAddresses:
+        - emailAddresses
+        - emailAddresses
+      properties:
+        emailAddresses:
+          items:
+            type: string
+          type: array
+      type: object
+    BouncesRemoveListResult:
+      example:
+        errors:
+        - reason: reason
+          emailAddress: emailAddress
+        - reason: reason
+          emailAddress: emailAddress
+      properties:
+        errors:
+          items:
+            $ref: '#/components/schemas/BouncesRemoveListError'
+          type: array
+      type: object
+    Brand:
+      example:
+        agreeToCustomPrivacyPolicy: true
+        defaultApp:
+          appInstanceId: appInstanceId
+          appLinkName: appLinkName
+          classicApplicationUri: classicApplicationUri
+        isDefault: true
+        removePoweredByOkta: true
+        _links:
+          themes:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        name: name
+        id: id
+        locale: locale
+        customPrivacyPolicyUrl: customPrivacyPolicyUrl
+      properties:
+        agreeToCustomPrivacyPolicy:
+          type: boolean
+        customPrivacyPolicyUrl:
+          type: string
+        defaultApp:
+          $ref: '#/components/schemas/Brand_defaultApp'
+        id:
+          readOnly: true
+          type: string
+        isDefault:
+          readOnly: true
+          type: boolean
+        locale:
+          description: "The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)."
+          type: string
+        name:
+          type: string
+        removePoweredByOkta:
+          type: boolean
+        _links:
+          $ref: '#/components/schemas/Brand__links'
+      type: object
+    BrandDomain:
+      example:
+        _links:
+          domain:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          brand:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        domainId: domainId
+      properties:
+        domainId:
+          readOnly: true
+          type: string
+        _links:
+          $ref: '#/components/schemas/BrandDomain__links'
+      type: object
+    BrandDomains:
+      items:
+        $ref: '#/components/schemas/DomainResponse'
+      title: BrandDomains
+      type: array
+    BrandRequest:
+      example:
+        agreeToCustomPrivacyPolicy: true
+        removePoweredByOkta: true
+        name: name
+        customPrivacyPolicyUrl: customPrivacyPolicyUrl
+      properties:
+        agreeToCustomPrivacyPolicy:
+          type: boolean
+        customPrivacyPolicyUrl:
+          type: string
+        name:
+          type: string
+        removePoweredByOkta:
+          type: boolean
+      type: object
+    BrowserPluginApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/BrowserPluginApplication_allOf'
+    BulkDeleteRequestBody:
+      example:
+        entityType: USERS
+        profiles:
+        - externalId: externalId
+        - externalId: externalId
+      properties:
+        entityType:
+          enum:
+          - USERS
+          type: string
+        profiles:
+          items:
+            $ref: '#/components/schemas/IdentitySourceUserProfileForDelete'
+          type: array
+      type: object
+    BulkUpsertRequestBody:
+      example:
+        entityType: USERS
+        profiles:
+        - firstName: firstName
+          lastName: lastName
+          mobilePhone: mobilePhone
+          secondEmail: secondEmail
+          userName: userName
+          email: email
+          homeAddress: homeAddress
+        - firstName: firstName
+          lastName: lastName
+          mobilePhone: mobilePhone
+          secondEmail: secondEmail
+          userName: userName
+          email: email
+          homeAddress: homeAddress
+      properties:
+        entityType:
+          enum:
+          - USERS
+          type: string
+        profiles:
+          items:
+            $ref: '#/components/schemas/IdentitySourceUserProfileForUpsert'
+          type: array
+      type: object
+    CAPTCHAInstance:
+      description: ""
+      example:
+        siteKey: siteKey
+        secretKey: secretKey
+        _links:
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        name: name
+        id: id
+        type: null
+      properties:
+        id:
+          readOnly: true
+          type: string
+        name:
+          type: string
+        secretKey:
+          type: string
+          writeOnly: true
+        siteKey:
+          type: string
+        type:
+          $ref: '#/components/schemas/CAPTCHAType'
+        _links:
+          $ref: '#/components/schemas/ApiToken__link'
+      title: CAPTCHAInstance
+      type: object
+    CAPTCHAType:
+      enum:
+      - HCAPTCHA
+      - RECAPTCHA_V2
+      type: string
+    CallUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/CallUserFactor_allOf'
+    CallUserFactorProfile:
+      properties:
+        phoneExtension:
+          type: string
+        phoneNumber:
+          type: string
+      type: object
+    CapabilitiesCreateObject:
+      example:
+        lifecycleCreate:
+          status: null
+      properties:
+        lifecycleCreate:
+          $ref: '#/components/schemas/LifecycleCreateSettingObject'
+      type: object
+    CapabilitiesObject:
+      example:
+        create:
+          lifecycleCreate:
+            status: null
+        update:
+          password:
+            seed: null
+            change: null
+            status: null
+          profile:
+            status: null
+          lifecycleDeactivate:
+            status: null
+      properties:
+        create:
+          $ref: '#/components/schemas/CapabilitiesCreateObject'
+        update:
+          $ref: '#/components/schemas/CapabilitiesUpdateObject'
+      type: object
+    CapabilitiesUpdateObject:
+      example:
+        password:
+          seed: null
+          change: null
+          status: null
+        profile:
+          status: null
+        lifecycleDeactivate:
+          status: null
+      properties:
+        lifecycleDeactivate:
+          $ref: '#/components/schemas/LifecycleDeactivateSettingObject'
+        password:
+          $ref: '#/components/schemas/PasswordSettingObject'
+        profile:
+          $ref: '#/components/schemas/ProfileSettingObject'
+      type: object
+    CatalogApplication:
+      example:
+        features:
+        - features
+        - features
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        website: website
+        verificationStatus: verificationStatus
+        _links:
+          key: "{}"
+        displayName: displayName
+        name: name
+        description: description
+        id: id
+        category: category
+        signOnModes:
+        - signOnModes
+        - signOnModes
+        status: null
+      properties:
+        category:
+          type: string
+        description:
+          type: string
+        displayName:
+          type: string
+        features:
+          items:
+            type: string
+          type: array
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        signOnModes:
+          items:
+            type: string
+          type: array
+        status:
+          $ref: '#/components/schemas/CatalogApplicationStatus'
+        verificationStatus:
+          type: string
+        website:
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    CatalogApplicationStatus:
+      enum:
+      - ACTIVE
+      - INACTIVE
+      type: string
+    ChangeEnum:
+      enum:
+      - CHANGE
+      - KEEP_EXISTING
+      type: string
+    ChangePasswordRequest:
+      example:
+        oldPassword:
+          hook:
+            type: type
+          value: value
+          hash:
+            salt: salt
+            saltOrder: saltOrder
+            workFactor: 0
+            value: value
+            algorithm: null
+        newPassword:
+          hook:
+            type: type
+          value: value
+          hash:
+            salt: salt
+            saltOrder: saltOrder
+            workFactor: 0
+            value: value
+            algorithm: null
+      properties:
+        newPassword:
+          $ref: '#/components/schemas/PasswordCredential'
+        oldPassword:
+          $ref: '#/components/schemas/PasswordCredential'
+      type: object
+    ChannelBinding:
+      example:
+        style: style
+        required: null
+      properties:
+        required:
+          $ref: '#/components/schemas/RequiredEnum'
+        style:
+          type: string
+      type: object
+    ClientPolicyCondition:
+      properties:
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    Compliance:
+      example:
+        fips: null
+      properties:
+        fips:
+          $ref: '#/components/schemas/FipsEnum'
+      type: object
+    ContextPolicyRuleCondition:
+      allOf:
+      - $ref: '#/components/schemas/DevicePolicyRuleCondition'
+      - $ref: '#/components/schemas/ContextPolicyRuleCondition_allOf'
+    ChromeBrowserVersion:
+      description: Current version of the Chrome Browser
+      properties:
+        minimum:
+          type: string
+      type: object
+    CreateBrandDomainRequest:
+      example:
+        domainId: domainId
+      properties:
+        domainId:
+          type: string
+      title: CreateBrandDomainRequest
+      type: object
+    CreateBrandRequest:
+      example:
+        name: name
+      properties:
+        name:
+          type: string
+      title: CreateBrandRequest
+      type: object
+    CreateSessionRequest:
+      example:
+        sessionToken: sessionToken
+      properties:
+        sessionToken:
+          type: string
+      type: object
+    CreateUserRequest:
+      example:
+        credentials:
+          password:
+            hook:
+              type: type
+            value: value
+            hash:
+              salt: salt
+              saltOrder: saltOrder
+              workFactor: 0
+              value: value
+              algorithm: null
+          provider:
+            name: name
+            type: null
+          recovery_question:
+            answer: answer
+            question: question
+        groupIds:
+        - groupIds
+        - groupIds
+        profile:
+          profileUrl: profileUrl
+          lastName: lastName
+          zipCode: zipCode
+          preferredLanguage: preferredLanguage
+          city: city
+          displayName: displayName
+          timezone: timezone
+          locale: locale
+          login: login
+          title: title
+          employeeNumber: employeeNumber
+          division: division
+          honorificSuffix: honorificSuffix
+          countryCode: countryCode
+          state: state
+          department: department
+          email: email
+          manager: manager
+          costCenter: costCenter
+          nickName: nickName
+          secondEmail: secondEmail
+          honorificPrefix: honorificPrefix
+          managerId: managerId
+          firstName: firstName
+          primaryPhone: primaryPhone
+          postalAddress: postalAddress
+          mobilePhone: mobilePhone
+          streetAddress: streetAddress
+          organization: organization
+          middleName: middleName
+          userType: userType
+        type:
+          lastUpdated: 2000-01-23T04:56:07.000+00:00
+          lastUpdatedBy: lastUpdatedBy
+          default: true
+          createdBy: createdBy
+          _links:
+            key: "{}"
+          created: 2000-01-23T04:56:07.000+00:00
+          displayName: displayName
+          name: name
+          description: description
+          id: id
+      properties:
+        credentials:
+          $ref: '#/components/schemas/UserCredentials'
+        groupIds:
+          items:
+            type: string
+          type: array
+        profile:
+          $ref: '#/components/schemas/UserProfile'
+        type:
+          $ref: '#/components/schemas/UserType'
+      required:
+      - profile
+      type: object
+    Csr:
+      example:
+        kty: kty
+        csr: csr
+        created: 2000-01-23T04:56:07.000+00:00
+        id: id
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        csr:
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        kty:
+          readOnly: true
+          type: string
+      type: object
+    CsrMetadata:
+      example:
+        subject:
+          commonName: commonName
+          localityName: localityName
+          organizationName: organizationName
+          organizationalUnitName: organizationalUnitName
+          countryName: countryName
+          stateOrProvinceName: stateOrProvinceName
+        subjectAltNames:
+          dnsNames:
+          - dnsNames
+          - dnsNames
+      properties:
+        subject:
+          $ref: '#/components/schemas/CsrMetadataSubject'
+        subjectAltNames:
+          $ref: '#/components/schemas/CsrMetadataSubjectAltNames'
+      type: object
+    CsrMetadataSubject:
+      example:
+        commonName: commonName
+        localityName: localityName
+        organizationName: organizationName
+        organizationalUnitName: organizationalUnitName
+        countryName: countryName
+        stateOrProvinceName: stateOrProvinceName
+      properties:
+        commonName:
+          type: string
+        countryName:
+          type: string
+        localityName:
+          type: string
+        organizationalUnitName:
+          type: string
+        organizationName:
+          type: string
+        stateOrProvinceName:
+          type: string
+      type: object
+    CsrMetadataSubjectAltNames:
+      example:
+        dnsNames:
+        - dnsNames
+        - dnsNames
+      properties:
+        dnsNames:
+          items:
+            type: string
+          type: array
+      type: object
+    CustomHotpUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/CustomHotpUserFactor_allOf'
+    CustomHotpUserFactorProfile:
+      properties:
+        sharedSecret:
+          type: string
+      type: object
+    CustomizablePage:
+      example:
+        pageContent: pageContent
+      properties:
+        pageContent:
+          type: string
+      type: object
+    DNSRecord:
+      example:
+        fqdn: fqdn
+        recordType: null
+        expiration: expiration
+        verificationValue: verificationValue
+      properties:
+        expiration:
+          type: string
+        fqdn:
+          type: string
+        recordType:
+          $ref: '#/components/schemas/DNSRecordType'
+        verificationValue:
+          type: string
+      type: object
+    DNSRecordType:
+      enum:
+      - cname
+      - TXT
+      type: string
+    Device:
+      example:
+        resourceAlternateId: resourceAlternateId
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        resourceDisplayName:
+          sensitive: true
+          value: value
+        resourceId: resourceId
+        _links:
+          suspend:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          unsuspend:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          activate:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          users:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          deactivate:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        profile:
+          meid: meid
+          serialNumber: serialNumber
+          displayName: displayName
+          registered: true
+          platform: null
+          manufacturer: manufacturer
+          sid: sid
+          osVersion: osVersion
+          imei: imei
+          model: model
+          udid: udid
+          secureHardwarePresent: true
+          tpmPublicKeyHash: tpmPublicKeyHash
+        id: id
+        resourceType: UDDevice
+        status: null
+      properties:
+        created:
+          description: Timestamp when the device was created
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          description: Unique key for the device
+          readOnly: true
+          type: string
+        lastUpdated:
+          description: Timestamp when the device was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        profile:
+          $ref: '#/components/schemas/DeviceProfile'
+        resourceAlternateId:
+          readOnly: true
+          type: string
+        resourceDisplayName:
+          $ref: '#/components/schemas/DeviceDisplayName'
+        resourceId:
+          description: Alternate key for the `id`
+          readOnly: true
+          type: string
+        resourceType:
+          default: UDDevice
+          readOnly: true
+          type: string
+        status:
+          $ref: '#/components/schemas/DeviceStatus'
+        _links:
+          $ref: '#/components/schemas/Device__links'
+      type: object
+    DeviceAccessPolicyRuleCondition:
+      allOf:
+      - $ref: '#/components/schemas/DevicePolicyRuleCondition'
+      - $ref: '#/components/schemas/DeviceAccessPolicyRuleCondition_allOf'
+    DeviceAssurance:
+      discriminator:
+        mapping:
+          ACCESS_POLICY: '#/components/schemas/AccessPolicy'
+          IDP_DISCOVERY: '#/components/schemas/IdentityProviderPolicy'
+          MFA_ENROLL: '#/components/schemas/MultifactorEnrollmentPolicy'
+          OAUTH_AUTHORIZATION_POLICY: '#/components/schemas/AuthorizationServerPolicy'
+          OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
+          PASSWORD: '#/components/schemas/PasswordPolicy'
+          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicy'
+        propertyName: type
+      properties:
+        createdBy:
+          readOnly: true
+          type: string
+        createdDate:
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdatedBy:
+          readOnly: true
+          type: string
+        lastUpdatedDate:
+          readOnly: true
+          type: string
+        name:
+          description: Display name of the Device Assurance Policy
+          type: string
+        platform:
+          $ref: '#/components/schemas/Platform'
+        _links:
+          $ref: '#/components/schemas/LinksSelf'
+      title: DeviceAssurance
+      type: object
+    DeviceAssuranceAndroidPlatform:
+      allOf:
+      - $ref: '#/components/schemas/DeviceAssurance'
+      - $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf'
+    DeviceAssuranceChromeOSPlatform:
+      allOf:
+      - $ref: '#/components/schemas/DeviceAssurance'
+      - $ref: '#/components/schemas/DeviceAssuranceChromeOSPlatform_allOf'
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    DeviceAssuranceIOSPlatform:
+      allOf:
+      - $ref: '#/components/schemas/DeviceAssurance'
+      - $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf'
+    DeviceAssuranceMacOSPlatform:
+      allOf:
+      - $ref: '#/components/schemas/DeviceAssurance'
+      - $ref: '#/components/schemas/DeviceAssuranceMacOSPlatform_allOf'
+    DeviceAssuranceWindowsPlatform:
+      allOf:
+      - $ref: '#/components/schemas/DeviceAssurance'
+      - $ref: '#/components/schemas/DeviceAssuranceWindowsPlatform_allOf'
+    DeviceDisplayName:
+      example:
+        sensitive: true
+        value: value
+      properties:
+        sensitive:
+          type: boolean
+        value:
+          type: string
+      type: object
+    DevicePlatform:
+      description: OS platform of the device
+      enum:
+      - ANDROID
+      - IOS
+      - MACOS
+      - WINDOWS
+      type: string
+    DevicePolicyMDMFramework:
+      enum:
+      - AFW
+      - NATIVE
+      - SAFE
+      type: string
+    DevicePolicyPlatformType:
+      enum:
+      - ANDROID
+      - IOS
+      - OSX
+      - WINDOWS
+      type: string
+    DevicePolicyRuleCondition:
+      properties:
+        migrated:
+          type: boolean
+        platform:
+          $ref: '#/components/schemas/DevicePolicyRuleConditionPlatform'
+        rooted:
+          type: boolean
+        trustLevel:
+          $ref: '#/components/schemas/DevicePolicyTrustLevel'
+      type: object
+    DevicePolicyRuleConditionPlatform:
+      properties:
+        supportedMDMFrameworks:
+          items:
+            $ref: '#/components/schemas/DevicePolicyMDMFramework'
+          type: array
+        types:
+          items:
+            $ref: '#/components/schemas/DevicePolicyPlatformType'
+          type: array
+      type: object
+    DevicePolicyTrustLevel:
+      enum:
+      - ANY
+      - TRUSTED
+      type: string
+    DeviceProfile:
+      example:
+        meid: meid
+        serialNumber: serialNumber
+        displayName: displayName
+        registered: true
+        platform: null
+        manufacturer: manufacturer
+        sid: sid
+        osVersion: osVersion
+        imei: imei
+        model: model
+        udid: udid
+        secureHardwarePresent: true
+        tpmPublicKeyHash: tpmPublicKeyHash
+      properties:
+        displayName:
+          description: Display name of the device
+          maxLength: 255
+          minLength: 1
+          type: string
+        imei:
+          description: International Mobile Equipment Identity of the device
+          maxLength: 17
+          minLength: 14
+          type: string
+        manufacturer:
+          description: Name of the manufacturer of the device
+          maxLength: 127
+          type: string
+        meid:
+          description: Mobile equipment identifier of the device
+          maxLength: 14
+          type: string
+        model:
+          description: Model of the device
+          maxLength: 127
+          type: string
+        osVersion:
+          description: Version of the device OS
+          maxLength: 127
+          type: string
+        platform:
+          $ref: '#/components/schemas/DevicePlatform'
+        registered:
+          description: Indicates if the device is registered at Okta
+          type: boolean
+        secureHardwarePresent:
+          description: Indicates if the device constains a secure hardware functionality
+          type: boolean
+        serialNumber:
+          description: Serial number of the device
+          maxLength: 127
+          type: string
+        sid:
+          description: Windows Security identifier of the device
+          maxLength: 256
+          type: string
+        tpmPublicKeyHash:
+          description: Windows Trsted Platform Module hash value
+          type: string
+        udid:
+          description: macOS Unique Device identifier of the device
+          maxLength: 47
+          type: string
+      required:
+      - displayName
+      - platform
+      - registered
+      type: object
+    DeviceStatus:
+      enum:
+      - ACTIVE
+      - CREATED
+      - DEACTIVATED
+      - SUSPENDED
+      type: string
+    DiskEncryptionType:
+      enum:
+      - ALL_INTERNAL_VOLUMES
+      - FULL
+      - USER
+      type: string
+    Domain:
+      example:
+        certificateSourceType: null
+        brandId: brandId
+        dnsRecords:
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        domain: domain
+        publicCertificate:
+          subject: subject
+          fingerprint: fingerprint
+          expiration: expiration
+        id: id
+        validationStatus: null
+      properties:
+        brandId:
+          type: string
+        certificateSourceType:
+          $ref: '#/components/schemas/DomainCertificateSourceType'
+        dnsRecords:
+          items:
+            $ref: '#/components/schemas/DNSRecord'
+          type: array
+        domain:
+          type: string
+        id:
+          type: string
+        publicCertificate:
+          $ref: '#/components/schemas/DomainCertificateMetadata'
+        validationStatus:
+          $ref: '#/components/schemas/DomainValidationStatus'
+      type: object
+    DomainCertificate:
+      example:
+        privateKey: privateKey
+        certificateChain: certificateChain
+        certificate: certificate
+        type: null
+      properties:
+        certificate:
+          type: string
+        certificateChain:
+          type: string
+        privateKey:
+          type: string
+        type:
+          $ref: '#/components/schemas/DomainCertificateType'
+      type: object
+    DomainCertificateMetadata:
+      example:
+        subject: subject
+        fingerprint: fingerprint
+        expiration: expiration
+      properties:
+        expiration:
+          type: string
+        fingerprint:
+          type: string
+        subject:
+          type: string
+      type: object
+    DomainCertificateSourceType:
+      enum:
+      - MANUAL
+      - OKTA_MANAGED
+      type: string
+    DomainCertificateType:
+      enum:
+      - PEM
+      type: string
+    DomainLinks:
+      example:
+        certificate:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        verify:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        brand:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        brand:
+          $ref: '#/components/schemas/HrefObject'
+        certificate:
+          $ref: '#/components/schemas/HrefObject'
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        verify:
+          $ref: '#/components/schemas/HrefObject'
+      type: object
+    DomainListResponse:
+      example:
+        domains:
+        - _links:
+            certificate:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            verify:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            brand:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          certificateSourceType: null
+          brandId: brandId
+          dnsRecords:
+          - fqdn: fqdn
+            recordType: null
+            expiration: expiration
+            verificationValue: verificationValue
+          - fqdn: fqdn
+            recordType: null
+            expiration: expiration
+            verificationValue: verificationValue
+          domain: domain
+          publicCertificate:
+            subject: subject
+            fingerprint: fingerprint
+            expiration: expiration
+          id: id
+          validationStatus: null
+        - _links:
+            certificate:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            verify:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            brand:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          certificateSourceType: null
+          brandId: brandId
+          dnsRecords:
+          - fqdn: fqdn
+            recordType: null
+            expiration: expiration
+            verificationValue: verificationValue
+          - fqdn: fqdn
+            recordType: null
+            expiration: expiration
+            verificationValue: verificationValue
+          domain: domain
+          publicCertificate:
+            subject: subject
+            fingerprint: fingerprint
+            expiration: expiration
+          id: id
+          validationStatus: null
+      properties:
+        domains:
+          items:
+            $ref: '#/components/schemas/DomainResponse'
+          type: array
+      type: object
+    DomainResponse:
+      example:
+        _links:
+          certificate:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          verify:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          brand:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        certificateSourceType: null
+        brandId: brandId
+        dnsRecords:
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        domain: domain
+        publicCertificate:
+          subject: subject
+          fingerprint: fingerprint
+          expiration: expiration
+        id: id
+        validationStatus: null
+      properties:
+        brandId:
+          type: string
+        certificateSourceType:
+          $ref: '#/components/schemas/DomainCertificateSourceType'
+        dnsRecords:
+          items:
+            $ref: '#/components/schemas/DNSRecord'
+          type: array
+        domain:
+          type: string
+        id:
+          type: string
+        publicCertificate:
+          $ref: '#/components/schemas/DomainCertificateMetadata'
+        validationStatus:
+          $ref: '#/components/schemas/DomainValidationStatus'
+        _links:
+          $ref: '#/components/schemas/DomainLinks'
+      type: object
+    DomainValidationStatus:
+      enum:
+      - COMPLETED
+      - IN_PROGRESS
+      - NOT_STARTED
+      - VERIFIED
+      type: string
+    DTCChromeOS:
+      description: Google Chrome Device Trust Connector provider
+      properties:
+        allowScreenLock:
+          description: Indicates whether the AllowScreenLock enterprise policy is
+            enabled
+          type: boolean
+        browserVersion:
+          $ref: '#/components/schemas/ChromeBrowserVersion'
+        builtInDnsClientEnabled:
+          description: Indicates if a software stack is used to communicate with the
+            DNS server
+          type: boolean
+        chromeRemoteDesktopAppBlocked:
+          description: Indicates whether access to the Chrome Remote Desktop application
+            is blocked through a policy
+          type: boolean
+        deviceEnrollmentDomain:
+          description: Enrollment domain of the customer that is currently managing
+            the device
+          type: string
+        diskEnrypted:
+          description: Indicates whether the main disk is encrypted
+          type: boolean
+        keyTrustLevel:
+          $ref: '#/components/schemas/KeyTrustLevelOSMode'
+        osFirewall:
+          description: Indicates whether a firewall is enabled at the OS-level on
+            the device
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        passwordProtectionWarningTrigger:
+          $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+        realtimeUrlCheckMode:
+          description: Indicates whether enterprise-grade (custom) unsafe URL scanning
+            is enabled
+          type: boolean
+        safeBrowsingProtectionLevel:
+          $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+        screenLockSecured:
+          description: Indicates whether the device is password-protected
+          type: boolean
+        siteIsolationEnabled:
+          description: Indicates whether the Site Isolation (also known as **Site
+            Per Process**) setting is enabled
+          type: boolean
+      type: object
+    DTCMacOS:
+      description: Google Chrome Device Trust Connector provider
+      properties:
+        browserVersion:
+          $ref: '#/components/schemas/ChromeBrowserVersion'
+        builtInDnsClientEnabled:
+          description: Indicates if a software stack is used to communicate with the
+            DNS server
+          type: boolean
+        chromeRemoteDesktopAppBlocked:
+          description: Indicates whether access to the Chrome Remote Desktop application
+            is blocked through a policy
+          type: boolean
+        deviceEnrollmentDomain:
+          description: Enrollment domain of the customer that is currently managing
+            the device
+          type: string
+        diskEnrypted:
+          description: Indicates whether the main disk is encrypted
+          type: boolean
+        keyTrustLevel:
+          $ref: '#/components/schemas/KeyTrustLevelBrowserKey'
+        osFirewall:
+          description: Indicates whether a firewall is enabled at the OS-level on
+            the device
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        passwordProtectionWarningTrigger:
+          $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+        realtimeUrlCheckMode:
+          description: Indicates whether enterprise-grade (custom) unsafe URL scanning
+            is enabled
+          type: boolean
+        safeBrowsingProtectionLevel:
+          $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+        screenLockSecured:
+          description: Indicates whether the device is password-protected
+          type: boolean
+        siteIsolationEnabled:
+          description: Indicates whether the Site Isolation (also known as **Site
+            Per Process**) setting is enabled
+          type: boolean
+      type: object
+    DTCWindows:
+      description: Google Chrome Device Trust Connector provider
+      properties:
+        browserVersion:
+          $ref: '#/components/schemas/ChromeBrowserVersion'
+        builtInDnsClientEnabled:
+          description: Indicates if a software stack is used to communicate with the
+            DNS server
+          type: boolean
+        chromeRemoteDesktopAppBlocked:
+          description: Indicates whether access to the Chrome Remote Desktop application
+            is blocked through a policy
+          type: boolean
+        crowdStrikeAgentId:
+          description: Agent ID of an installed CrowdStrike agent
+          type: string
+        crowdStrikeCustomerId:
+          description: Customer ID of an installed CrowdStrike agent
+          type: string
+        deviceEnrollmentDomain:
+          description: Enrollment domain of the customer that is currently managing
+            the device
+          type: string
+        diskEnrypted:
+          description: Indicates whether the main disk is encrypted
+          type: boolean
+        keyTrustLevel:
+          $ref: '#/components/schemas/KeyTrustLevelBrowserKey'
+        osFirewall:
+          description: Indicates whether a firewall is enabled at the OS-level on
+            the device
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        passwordProtectionWarningTrigger:
+          $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+        realtimeUrlCheckMode:
+          description: Indicates whether enterprise-grade (custom) unsafe URL scanning
+            is enabled
+          type: boolean
+        safeBrowsingProtectionLevel:
+          $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+        screenLockSecured:
+          description: Indicates whether the device is password-protected
+          type: boolean
+        secureBootEnabled:
+          description: Indicates whether the device's startup software has its Secure
+            Boot feature enabled
+          type: boolean
+        siteIsolationEnabled:
+          description: Indicates whether the Site Isolation (also known as **Site
+            Per Process**) setting is enabled
+          type: boolean
+        thirdPartyBlockingEnabled:
+          description: Indicates whether Chrome is blocking third-party software injection
+          type: boolean
+        windowsMachineDomain:
+          description: Windows domain that the current machine has joined
+          type: string
+        windowsUserDomain:
+          description: Windows domain for the current OS user
+          type: string
+      type: object
+    Duration:
+      properties:
+        number:
+          type: integer
+        unit:
+          type: string
+      type: object
+    EmailContent:
+      properties:
+        body:
+          description: "The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references)."
+          type: string
+        subject:
+          description: "The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references)."
+          type: string
+      required:
+      - body
+      - subject
+      type: object
+    EmailCustomization:
+      allOf:
+      - $ref: '#/components/schemas/EmailContent'
+      - $ref: '#/components/schemas/EmailCustomization_allOf'
+    EmailDefaultContent:
+      allOf:
+      - $ref: '#/components/schemas/EmailContent'
+      - $ref: '#/components/schemas/EmailDefaultContent_allOf'
+    EmailDomain:
+      allOf:
+      - $ref: '#/components/schemas/BaseEmailDomain'
+      example:
+        brandId: brandId
+        domain: domain
+      properties:
+        brandId:
+          type: string
+        domain:
+          type: string
+      required:
+      - brandId
+      - domain
+      type: object
+    EmailDomainResponse:
+      allOf:
+      - $ref: '#/components/schemas/BaseEmailDomain'
+      example:
+        dnsValidationRecords:
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        domain: domain
+        id: id
+        validationStatus: null
+      properties:
+        dnsValidationRecords:
+          items:
+            $ref: '#/components/schemas/DNSRecord'
+          type: array
+        domain:
+          type: string
+        id:
+          type: string
+        validationStatus:
+          $ref: '#/components/schemas/EmailDomainStatus'
+      type: object
+    EmailDomainResponseWithEmbedded:
+      example:
+        dnsValidationRecords:
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        - fqdn: fqdn
+          recordType: null
+          expiration: expiration
+          verificationValue: verificationValue
+        _embedded:
+          brands:
+          - agreeToCustomPrivacyPolicy: true
+            defaultApp:
+              appInstanceId: appInstanceId
+              appLinkName: appLinkName
+              classicApplicationUri: classicApplicationUri
+            isDefault: true
+            removePoweredByOkta: true
+            _links:
+              themes:
+                hints:
+                  allow:
+                  - null
+                  - null
+                name: name
+                href: href
+                type: type
+              self:
+                hints:
+                  allow:
+                  - null
+                  - null
+                name: name
+                href: href
+                type: type
+            name: name
+            id: id
+            locale: locale
+            customPrivacyPolicyUrl: customPrivacyPolicyUrl
+          - agreeToCustomPrivacyPolicy: true
+            defaultApp:
+              appInstanceId: appInstanceId
+              appLinkName: appLinkName
+              classicApplicationUri: classicApplicationUri
+            isDefault: true
+            removePoweredByOkta: true
+            _links:
+              themes:
+                hints:
+                  allow:
+                  - null
+                  - null
+                name: name
+                href: href
+                type: type
+              self:
+                hints:
+                  allow:
+                  - null
+                  - null
+                name: name
+                href: href
+                type: type
+            name: name
+            id: id
+            locale: locale
+            customPrivacyPolicyUrl: customPrivacyPolicyUrl
+        displayName: displayName
+        domain: domain
+        id: id
+        userName: userName
+        validationStatus: null
+      properties:
+        displayName:
+          type: string
+        userName:
+          type: string
+        dnsValidationRecords:
+          items:
+            $ref: '#/components/schemas/DNSRecord'
+          type: array
+        domain:
+          type: string
+        id:
+          type: string
+        validationStatus:
+          $ref: '#/components/schemas/EmailDomainStatus'
+        _embedded:
+          $ref: '#/components/schemas/EmailDomainResponseWithEmbedded__embedded'
+      type: object
+    EmailDomainStatus:
+      enum:
+      - DELETED
+      - ERROR
+      - NOT_STARTED
+      - POLLING
+      - VERIFIED
+      type: string
+    EmailPreview:
+      example:
+        _links:
+          template:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          contentSource:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          defaultContent:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          test:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        subject: subject
+        body: body
+      properties:
+        body:
+          description: The email's HTML body.
+          readOnly: true
+          type: string
+        subject:
+          description: The email's subject.
+          readOnly: true
+          type: string
+        _links:
+          $ref: '#/components/schemas/EmailPreview__links'
+      type: object
+    EmailSettings:
+      example:
+        recipients: ALL_USERS
+      properties:
+        recipients:
+          enum:
+          - ALL_USERS
+          - ADMINS_ONLY
+          - NO_USERS
+          type: string
+      required:
+      - recipients
+      type: object
+    EmailTemplate:
+      example:
+        _embedded:
+          customizationCount: 0
+          settings:
+            recipients: ALL_USERS
+        _links:
+          settings:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          defaultContent:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          test:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          customizations:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        name: name
+      properties:
+        name:
+          description: The name of this email template.
+          readOnly: true
+          type: string
+        _embedded:
+          $ref: '#/components/schemas/EmailTemplate__embedded'
+        _links:
+          $ref: '#/components/schemas/EmailTemplate__links'
+      type: object
+    EmailTemplateTouchPointVariant:
+      enum:
+      - FULL_THEME
+      - OKTA_DEFAULT
+      type: string
+    EmailUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/EmailUserFactor_allOf'
+    EmailUserFactorProfile:
+      properties:
+        email:
+          type: string
+      type: object
+    EnabledStatus:
+      enum:
+      - DISABLED
+      - ENABLED
+      type: string
+    EndUserDashboardTouchPointVariant:
+      enum:
+      - FULL_THEME
+      - LOGO_ON_FULL_WHITE_BACKGROUND
+      - OKTA_DEFAULT
+      - WHITE_LOGO_BACKGROUND
+      type: string
+    Error:
+      properties:
+        errorCauses:
+          items:
+            $ref: '#/components/schemas/Error_errorCauses_inner'
+          type: array
+        errorCode:
+          description: An Okta code for this type of error
+          type: string
+        errorId:
+          description: A unique identifier for this error. This can be used by Okta
+            Support to help with troubleshooting.
+          type: string
+        errorLink:
+          description: An Okta code for this type of error
+          type: string
+        errorSummary:
+          description: A short description of what caused this error. Sometimes this
+            contains dynamically-generated information about your specific error.
+          type: string
+      title: Error
+      type: object
+    ErrorPageTouchPointVariant:
+      enum:
+      - BACKGROUND_IMAGE
+      - BACKGROUND_SECONDARY_COLOR
+      - OKTA_DEFAULT
+      type: string
+    EventHook:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        createdBy: createdBy
+        verificationStatus: null
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        channel:
+          type: null
+          config:
+            headers:
+            - value: value
+              key: key
+            - value: value
+              key: key
+            authScheme:
+              type: null
+              value: value
+              key: key
+            uri: uri
+          version: version
+        name: name
+        id: id
+        events:
+          type: null
+          items:
+          - items
+          - items
+        status: null
+      properties:
+        channel:
+          $ref: '#/components/schemas/EventHookChannel'
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        createdBy:
+          type: string
+        events:
+          $ref: '#/components/schemas/EventSubscriptions'
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        verificationStatus:
+          $ref: '#/components/schemas/EventHookVerificationStatus'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    EventHookChannel:
+      example:
+        type: null
+        config:
+          headers:
+          - value: value
+            key: key
+          - value: value
+            key: key
+          authScheme:
+            type: null
+            value: value
+            key: key
+          uri: uri
+        version: version
+      properties:
+        config:
+          $ref: '#/components/schemas/EventHookChannelConfig'
+        type:
+          $ref: '#/components/schemas/EventHookChannelType'
+        version:
+          type: string
+      type: object
+    EventHookChannelConfig:
+      example:
+        headers:
+        - value: value
+          key: key
+        - value: value
+          key: key
+        authScheme:
+          type: null
+          value: value
+          key: key
+        uri: uri
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/EventHookChannelConfigAuthScheme'
+        headers:
+          items:
+            $ref: '#/components/schemas/EventHookChannelConfigHeader'
+          type: array
+        uri:
+          type: string
+      type: object
+    EventHookChannelConfigAuthScheme:
+      example:
+        type: null
+        value: value
+        key: key
+      properties:
+        key:
+          type: string
+        type:
+          $ref: '#/components/schemas/EventHookChannelConfigAuthSchemeType'
+        value:
+          type: string
+      type: object
+    EventHookChannelConfigAuthSchemeType:
+      enum:
+      - HEADER
+      type: string
+    EventHookChannelConfigHeader:
+      example:
+        value: value
+        key: key
+      properties:
+        key:
+          type: string
+        value:
+          type: string
+      type: object
+    EventHookChannelType:
+      enum:
+      - HTTP
+      type: string
+    EventHookVerificationStatus:
+      enum:
+      - UNVERIFIED
+      - VERIFIED
+      type: string
+    EventSubscriptionType:
+      enum:
+      - EVENT_TYPE
+      - FLOW_EVENT
+      type: string
+    EventSubscriptions:
+      discriminator:
+        propertyName: type
+      example:
+        type: null
+        items:
+        - items
+        - items
+      properties:
+        items:
+          items:
+            type: string
+          type: array
+        type:
+          $ref: '#/components/schemas/EventSubscriptionType'
+      type: object
+    FCMConfiguration:
+      properties:
+        fileName:
+          description: (Optional) File name for Admin Console display
+          type: string
+        projectId:
+          description: Project ID of FCM configuration
+          readOnly: true
+          type: string
+        serviceAccountJson:
+          description: "JSON containing the private service account key and service\
+            \ account details. See [Creating and managing service account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys)\
+            \ for more information on creating service account keys in JSON."
+          type: object
+          writeOnly: true
+    FCMPushProvider:
+      allOf:
+      - $ref: '#/components/schemas/PushProvider'
+      - $ref: '#/components/schemas/FCMPushProvider_allOf'
+    FactorProvider:
+      enum:
+      - CUSTOM
+      - DUO
+      - FIDO
+      - GOOGLE
+      - OKTA
+      - RSA
+      - SYMANTEC
+      - YUBICO
+      type: string
+    FactorResultType:
+      enum:
+      - CANCELLED
+      - CHALLENGE
+      - ERROR
+      - FAILED
+      - PASSCODE_REPLAYED
+      - REJECTED
+      - SUCCESS
+      - TIMEOUT
+      - TIME_WINDOW_EXCEEDED
+      - WAITING
+      type: string
+    FactorStatus:
+      enum:
+      - ACTIVE
+      - DISABLED
+      - ENROLLED
+      - EXPIRED
+      - INACTIVE
+      - NOT_SETUP
+      - PENDING_ACTIVATION
+      type: string
+    FactorType:
+      enum:
+      - call
+      - email
+      - hotp
+      - push
+      - question
+      - sms
+      - token
+      - token:hardware
+      - token:hotp
+      - token:software:totp
+      - u2f
+      - web
+      - webauthn
+      type: string
+    Feature:
+      example:
+        stage:
+          state: null
+          value: null
+        _links:
+          key: "{}"
+        name: name
+        description: description
+        id: id
+        type: null
+        status: null
+      properties:
+        description:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        name:
+          type: string
+        stage:
+          $ref: '#/components/schemas/FeatureStage'
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+        type:
+          $ref: '#/components/schemas/FeatureType'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    FeatureStage:
+      example:
+        state: null
+        value: null
+      properties:
+        state:
+          $ref: '#/components/schemas/FeatureStageState'
+        value:
+          $ref: '#/components/schemas/FeatureStageValue'
+      type: object
+    FeatureStageState:
+      enum:
+      - CLOSED
+      - OPEN
+      type: string
+    FeatureStageValue:
+      enum:
+      - BETA
+      - EA
+      type: string
+    FeatureType:
+      enum:
+      - self-service
+      type: string
+    FipsEnum:
+      enum:
+      - OPTIONAL
+      - REQUIRED
+      type: string
+    ForgotPasswordResponse:
+      example:
+        resetPasswordUrl: resetPasswordUrl
+      properties:
+        resetPasswordUrl:
+          readOnly: true
+          type: string
+      type: object
+    GrantOrTokenStatus:
+      enum:
+      - ACTIVE
+      - REVOKED
+      type: string
+    GrantTypePolicyRuleCondition:
+      properties:
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    Group:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        lastMembershipUpdated: 2000-01-23T04:56:07.000+00:00
+        _embedded:
+          key: "{}"
+        _links:
+          logo:
+          - hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          - hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          source:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          users:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          apps:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        profile:
+          name: name
+          description: description
+        objectClass:
+        - objectClass
+        - objectClass
+        id: id
+        type: null
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastMembershipUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        objectClass:
+          items:
+            type: string
+          readOnly: true
+          type: array
+        profile:
+          $ref: '#/components/schemas/GroupProfile'
+        type:
+          $ref: '#/components/schemas/GroupType'
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          $ref: '#/components/schemas/Group__links'
+      type: object
+    GroupCondition:
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    GroupOwner:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        originType: null
+        originId: originId
+        displayName: displayName
+        id: id
+        type: null
+        resolved: true
+      properties:
+        displayName:
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        originId:
+          type: string
+        originType:
+          $ref: '#/components/schemas/GroupOwnerOriginType'
+        resolved:
+          type: boolean
+        type:
+          $ref: '#/components/schemas/GroupOwnerType'
+      type: object
+    GroupOwnerOriginType:
+      enum:
+      - APPLICATION
+      - OKTA_DIRECTORY
+      type: string
+    GroupOwnerType:
+      enum:
+      - GROUP
+      - UNKNOWN
+      - USER
+      type: string
+    GroupPolicyRuleCondition:
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    GroupProfile:
+      example:
+        name: name
+        description: description
+      properties:
+        description:
+          type: string
+        name:
+          type: string
+      type: object
+      x-okta-extensible: true
+    GroupRule:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        id: id
+        conditions:
+          expression:
+            type: type
+            value: value
+          people:
+            groups:
+              include:
+              - include
+              - include
+              exclude:
+              - exclude
+              - exclude
+            users:
+              include:
+              - include
+              - include
+              exclude:
+              - exclude
+              - exclude
+        type: type
+        actions:
+          assignUserToGroups:
+            groupIds:
+            - groupIds
+            - groupIds
+        status: null
+      properties:
+        actions:
+          $ref: '#/components/schemas/GroupRuleAction'
+        conditions:
+          $ref: '#/components/schemas/GroupRuleConditions'
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/GroupRuleStatus'
+        type:
+          type: string
+      type: object
+    GroupRuleAction:
+      example:
+        assignUserToGroups:
+          groupIds:
+          - groupIds
+          - groupIds
+      properties:
+        assignUserToGroups:
+          $ref: '#/components/schemas/GroupRuleGroupAssignment'
+      type: object
+    GroupRuleConditions:
+      example:
+        expression:
+          type: type
+          value: value
+        people:
+          groups:
+            include:
+            - include
+            - include
+            exclude:
+            - exclude
+            - exclude
+          users:
+            include:
+            - include
+            - include
+            exclude:
+            - exclude
+            - exclude
+      properties:
+        expression:
+          $ref: '#/components/schemas/GroupRuleExpression'
+        people:
+          $ref: '#/components/schemas/GroupRulePeopleCondition'
+      type: object
+    GroupRuleExpression:
+      example:
+        type: type
+        value: value
+      properties:
+        type:
+          type: string
+        value:
+          type: string
+      type: object
+    GroupRuleGroupAssignment:
+      example:
+        groupIds:
+        - groupIds
+        - groupIds
+      properties:
+        groupIds:
+          items:
+            type: string
+          type: array
+      type: object
+    GroupRuleGroupCondition:
+      example:
+        include:
+        - include
+        - include
+        exclude:
+        - exclude
+        - exclude
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    GroupRulePeopleCondition:
+      example:
+        groups:
+          include:
+          - include
+          - include
+          exclude:
+          - exclude
+          - exclude
+        users:
+          include:
+          - include
+          - include
+          exclude:
+          - exclude
+          - exclude
+      properties:
+        groups:
+          $ref: '#/components/schemas/GroupRuleGroupCondition'
+        users:
+          $ref: '#/components/schemas/GroupRuleUserCondition'
+      type: object
+    GroupRuleStatus:
+      enum:
+      - ACTIVE
+      - INACTIVE
+      - INVALID
+      type: string
+    GroupRuleUserCondition:
+      example:
+        include:
+        - include
+        - include
+        exclude:
+        - exclude
+        - exclude
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    GroupSchema:
+      example:
+        lastUpdated: lastUpdated
+        $schema: $schema
+        _links:
+          key: "{}"
+        created: created
+        name: name
+        description: description
+        id: id
+        title: title
+        type: type
+        definitions:
+          custom:
+            id: id
+            type: type
+            properties:
+              key:
+                minLength: 6
+                externalNamespace: externalNamespace
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+            required:
+            - required
+            - required
+          base:
+            id: id
+            type: type
+            properties:
+              name:
+                minLength: 6
+                externalNamespace: externalNamespace
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              description:
+                minLength: 6
+                externalNamespace: externalNamespace
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+            required:
+            - required
+            - required
+        properties:
+          profile:
+            allOf:
+            - $ref: $ref
+            - $ref: $ref
+      properties:
+        $schema:
+          readOnly: true
+          type: string
+        created:
+          readOnly: true
+          type: string
+        definitions:
+          $ref: '#/components/schemas/GroupSchemaDefinitions'
+        description:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          readOnly: true
+          type: string
+        name:
+          readOnly: true
+          type: string
+        properties:
+          $ref: '#/components/schemas/UserSchemaProperties'
+        title:
+          type: string
+        type:
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+      x-okta-allow-null-property-value-for-updates: true
+    GroupSchemaAttribute:
+      example:
+        minLength: 6
+        externalNamespace: externalNamespace
+        description: description
+        union: null
+        title: title
+        type: null
+        enum:
+        - enum
+        - enum
+        required: true
+        master:
+          priority:
+          - type: type
+            value: value
+          - type: type
+            value: value
+          type: null
+        oneOf:
+        - const: const
+          title: title
+        - const: const
+          title: title
+        permissions:
+        - principal: principal
+          action: action
+        - principal: principal
+          action: action
+        externalName: externalName
+        scope: null
+        unique: unique
+        mutability: mutability
+        items:
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          type: type
+          enum:
+          - enum
+          - enum
+        maxLength: 0
+      properties:
+        description:
+          type: string
+        enum:
+          items:
+            type: string
+          type: array
+        externalName:
+          type: string
+        externalNamespace:
+          type: string
+        items:
+          $ref: '#/components/schemas/UserSchemaAttributeItems'
+        master:
+          $ref: '#/components/schemas/UserSchemaAttributeMaster'
+        maxLength:
+          type: integer
+        minLength:
+          type: integer
+        mutability:
+          type: string
+        oneOf:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeEnum'
+          type: array
+        permissions:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributePermission'
+          type: array
+        required:
+          type: boolean
+        scope:
+          $ref: '#/components/schemas/UserSchemaAttributeScope'
+        title:
+          type: string
+        type:
+          $ref: '#/components/schemas/UserSchemaAttributeType'
+        union:
+          $ref: '#/components/schemas/UserSchemaAttributeUnion'
+        unique:
+          type: string
+      type: object
+    GroupSchemaBase:
+      example:
+        id: id
+        type: type
+        properties:
+          name:
+            minLength: 6
+            externalNamespace: externalNamespace
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          description:
+            minLength: 6
+            externalNamespace: externalNamespace
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+        required:
+        - required
+        - required
+      properties:
+        id:
+          readOnly: true
+          type: string
+        properties:
+          $ref: '#/components/schemas/GroupSchemaBaseProperties'
+        required:
+          items:
+            type: string
+          type: array
+        type:
+          type: string
+      type: object
+    GroupSchemaBaseProperties:
+      example:
+        name:
+          minLength: 6
+          externalNamespace: externalNamespace
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        description:
+          minLength: 6
+          externalNamespace: externalNamespace
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+      properties:
+        description:
+          $ref: '#/components/schemas/GroupSchemaAttribute'
+        name:
+          $ref: '#/components/schemas/GroupSchemaAttribute'
+      type: object
+    GroupSchemaCustom:
+      example:
+        id: id
+        type: type
+        properties:
+          key:
+            minLength: 6
+            externalNamespace: externalNamespace
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+        required:
+        - required
+        - required
+      properties:
+        id:
+          readOnly: true
+          type: string
+        properties:
+          additionalProperties:
+            $ref: '#/components/schemas/GroupSchemaAttribute'
+          type: object
+        required:
+          items:
+            type: string
+          type: array
+        type:
+          type: string
+      type: object
+    GroupSchemaDefinitions:
+      example:
+        custom:
+          id: id
+          type: type
+          properties:
+            key:
+              minLength: 6
+              externalNamespace: externalNamespace
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+          required:
+          - required
+          - required
+        base:
+          id: id
+          type: type
+          properties:
+            name:
+              minLength: 6
+              externalNamespace: externalNamespace
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            description:
+              minLength: 6
+              externalNamespace: externalNamespace
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+          required:
+          - required
+          - required
+      properties:
+        base:
+          $ref: '#/components/schemas/GroupSchemaBase'
+        custom:
+          $ref: '#/components/schemas/GroupSchemaCustom'
+      type: object
+    GroupType:
+      enum:
+      - APP_GROUP
+      - BUILT_IN
+      - OKTA_GROUP
+      type: string
+    HardwareUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/HardwareUserFactor_allOf'
+    HardwareUserFactorProfile:
+      properties:
+        credentialId:
+          type: string
+      type: object
+    HookKey:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _embedded:
+          e: e
+          _links:
+            key: "{}"
+          created: 2000-01-23T04:56:07.000+00:00
+          use: use
+          kid: kid
+          x5c:
+          - x5c
+          - x5c
+          expiresAt: 2000-01-23T04:56:07.000+00:00
+          "n": "n"
+          kty: kty
+          lastUpdated: 2000-01-23T04:56:07.000+00:00
+          x5t#S256: x5t#S256
+          x5t: x5t
+          key_ops:
+          - key_ops
+          - key_ops
+          x5u: x5u
+          alg: alg
+          status: status
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        keyId: keyId
+        id: id
+        isUsed: isUsed
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        isUsed:
+          format: boolean
+          type: string
+        keyId:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          readOnly: false
+          type: string
+        _embedded:
+          $ref: '#/components/schemas/JsonWebKey'
+      type: object
+    HostedPage:
+      example:
+        type: null
+        url: url
+      properties:
+        type:
+          $ref: '#/components/schemas/HostedPageType'
+        url:
+          type: string
+      required:
+      - type
+      type: object
+    HostedPageType:
+      enum:
+      - EXTERNALLY_HOSTED
+      - OKTA_DEFAULT
+      type: string
+    HrefObject:
+      description: Singular link objected returned in HAL `_links` object.
+      example:
+        hints:
+          allow:
+          - null
+          - null
+        name: name
+        href: href
+        type: type
+      properties:
+        hints:
+          $ref: '#/components/schemas/HrefObject_hints'
+        href:
+          type: string
+        name:
+          type: string
+        type:
+          description: "The media type of the link. If omitted, it is implicitly `application/json`."
+          type: string
+      required:
+      - href
+      title: Link Object
+      type: object
+    HrefObjectSelfLink:
+      allOf:
+      - $ref: '#/components/schemas/HrefObject'
+      - description: Link to the resource (self)
+    HttpMethod:
+      enum:
+      - DELETE
+      - GET
+      - POST
+      - PUT
+      type: string
+    IamRole:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          permissions:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        permissions:
+        - null
+        - null
+        description: description
+        id: id
+        label: label
+      properties:
+        created:
+          description: Timestamp when the role was created
+          format: date-time
+          readOnly: true
+          type: string
+        description:
+          description: Description of the role
+          type: string
+        id:
+          description: Unique key for the role
+          readOnly: true
+          type: string
+        label:
+          description: Unique label for the role
+          type: string
+        lastUpdated:
+          description: Timestamp when the role was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        permissions:
+          description: "Array of permissions that the role will grant. See [Permission\
+            \ Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types)."
+          items:
+            $ref: '#/components/schemas/RolePermissionType'
+          type: array
+        _links:
+          $ref: '#/components/schemas/IamRole__links'
+      required:
+      - description
+      - label
+      - permissions
+      type: object
+    IamRoles:
+      example:
+        _links:
+          next:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        roles:
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            permissions:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          permissions:
+          - null
+          - null
+          description: description
+          id: id
+          label: label
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            permissions:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          permissions:
+          - null
+          - null
+          description: description
+          id: id
+          label: label
+      properties:
+        roles:
+          items:
+            $ref: '#/components/schemas/IamRole'
+          type: array
+        _links:
+          $ref: '#/components/schemas/IamRoles__links'
+      type: object
+    IdentityProvider:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        protocol:
+          algorithms:
+            request:
+              signature:
+                scope: null
+                algorithm: algorithm
+            response:
+              signature:
+                scope: null
+                algorithm: algorithm
+          relayState:
+            format: null
+          settings:
+            nameFormat: nameFormat
+          endpoints:
+            acs:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+            authorization:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+            userInfo:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+            metadata:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+            jwks:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+            slo:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+            sso:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+            token:
+              destination: destination
+              binding: null
+              type: null
+              url: url
+          credentials:
+            trust:
+              revocation: null
+              audience: audience
+              revocationCacheLifetime: 0
+              kid: kid
+              issuer: issuer
+            client:
+              client_secret: client_secret
+              client_id: client_id
+            signing:
+              kid: kid
+          scopes:
+          - scopes
+          - scopes
+          type: null
+          issuer:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        id: id
+        type: null
+        issuerMode: null
+        policy: null
+        status: null
+      properties:
+        created:
+          format: date-time
+          nullable: true
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        issuerMode:
+          $ref: '#/components/schemas/IssuerMode'
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        policy:
+          $ref: '#/components/schemas/IdentityProviderPolicy'
+        protocol:
+          $ref: '#/components/schemas/Protocol'
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/IdentityProviderType'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    IdentityProviderApplicationUser:
+      example:
+        lastUpdated: lastUpdated
+        _embedded:
+          key: "{}"
+        _links:
+          key: "{}"
+        created: created
+        profile:
+          key: "{}"
+        externalId: externalId
+        id: id
+      properties:
+        created:
+          type: string
+        externalId:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          type: string
+        profile:
+          additionalProperties:
+            properties: {}
+            type: object
+          type: object
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    IdentityProviderCredentials:
+      example:
+        trust:
+          revocation: null
+          audience: audience
+          revocationCacheLifetime: 0
+          kid: kid
+          issuer: issuer
+        client:
+          client_secret: client_secret
+          client_id: client_id
+        signing:
+          kid: kid
+      properties:
+        client:
+          $ref: '#/components/schemas/IdentityProviderCredentialsClient'
+        signing:
+          $ref: '#/components/schemas/IdentityProviderCredentialsSigning'
+        trust:
+          $ref: '#/components/schemas/IdentityProviderCredentialsTrust'
+      type: object
+    IdentityProviderCredentialsClient:
+      example:
+        client_secret: client_secret
+        client_id: client_id
+      properties:
+        client_id:
+          type: string
+        client_secret:
+          type: string
+      type: object
+    IdentityProviderCredentialsSigning:
+      example:
+        kid: kid
+      properties:
+        kid:
+          type: string
+      type: object
+    IdentityProviderCredentialsTrust:
+      example:
+        revocation: null
+        audience: audience
+        revocationCacheLifetime: 0
+        kid: kid
+        issuer: issuer
+      properties:
+        audience:
+          type: string
+        issuer:
+          type: string
+        kid:
+          type: string
+        revocation:
+          $ref: '#/components/schemas/IdentityProviderCredentialsTrustRevocation'
+        revocationCacheLifetime:
+          type: integer
+      type: object
+    IdentityProviderCredentialsTrustRevocation:
+      enum:
+      - CRL
+      - DELTA_CRL
+      - OCSP
+      type: string
+    IdentityProviderPolicy:
+      allOf:
+      - $ref: '#/components/schemas/Policy'
+      - $ref: '#/components/schemas/IdentityProviderPolicy_allOf'
+    IdentityProviderPolicyProvider:
+      enum:
+      - ANY
+      - OKTA
+      - SPECIFIC_IDP
+      type: string
+    IdentityProviderPolicyRuleCondition:
+      properties:
+        idpIds:
+          items:
+            type: string
+          type: array
+        provider:
+          $ref: '#/components/schemas/IdentityProviderPolicyProvider'
+      type: object
+    IdentityProviderType:
+      enum:
+      - AgentlessDSSO
+      - FACEBOOK
+      - GOOGLE
+      - IWA
+      - LINKEDIN
+      - MICROSOFT
+      - OIDC
+      - OKTA
+      - SAML2
+      - X509
+      type: string
+    IdentitySourceSession:
+      example:
+        identitySourceId: identitySourceId
+        importType: importType
+        id: id
+        status: null
+      properties:
+        id:
+          readOnly: true
+          type: string
+        identitySourceId:
+          readOnly: true
+          type: string
+        importType:
+          readOnly: true
+          type: string
+        status:
+          $ref: '#/components/schemas/IdentitySourceSessionStatus'
+      type: object
+    IdentitySourceSessionStatus:
+      enum:
+      - CLOSED
+      - COMPLETED
+      - CREATED
+      - ERROR
+      - EXPIRED
+      - TRIGGERED
+      type: string
+    IdentitySourceUserProfileForDelete:
+      example:
+        externalId: externalId
+      properties:
+        externalId:
+          maxLength: 512
+          type: string
+      type: object
+    IdentitySourceUserProfileForUpsert:
+      additionalProperties: true
+      example:
+        firstName: firstName
+        lastName: lastName
+        mobilePhone: mobilePhone
+        secondEmail: secondEmail
+        userName: userName
+        email: email
+        homeAddress: homeAddress
+      properties:
+        email:
+          format: email
+          maxLength: 100
+          minLength: 5
+          type: string
+        firstName:
+          maxLength: 50
+          minLength: 1
+          nullable: true
+          type: string
+        homeAddress:
+          maxLength: 4096
+          nullable: true
+          type: string
+        lastName:
+          maxLength: 50
+          minLength: 1
+          nullable: true
+          type: string
+        mobilePhone:
+          maxLength: 100
+          nullable: true
+          type: string
+        secondEmail:
+          format: email
+          maxLength: 100
+          minLength: 5
+          type: string
+        userName:
+          maxLength: 100
+          type: string
+      type: object
+    IdpPolicyRuleAction:
+      properties:
+        providers:
+          items:
+            $ref: '#/components/schemas/IdpPolicyRuleActionProvider'
+          type: array
+      type: object
+    IdpPolicyRuleActionProvider:
+      properties:
+        id:
+          readOnly: true
+          type: string
+        type:
+          type: string
+      type: object
+    IframeEmbedScopeAllowedApps:
+      enum:
+      - OKTA_ENDUSER
+      type: string
+    ImageUploadResponse:
+      example:
+        url: url
+      properties:
+        url:
+          readOnly: true
+          type: string
+      type: object
+    InactivityPolicyRuleCondition:
+      properties:
+        number:
+          type: integer
+        unit:
+          type: string
+      type: object
+    InlineHook:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        channel:
+          type: null
+          version: version
+        name: name
+        id: id
+        type: null
+        version: version
+        status: null
+      properties:
+        channel:
+          $ref: '#/components/schemas/InlineHookChannel'
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/InlineHookStatus'
+        type:
+          $ref: '#/components/schemas/InlineHookType'
+        version:
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    InlineHookChannel:
+      discriminator:
+        mapping:
+          HTTP: '#/components/schemas/InlineHookChannelHttp'
+          OAUTH: '#/components/schemas/InlineHookChannelOAuth'
+        propertyName: type
+      example:
+        type: null
+        version: version
+      properties:
+        type:
+          $ref: '#/components/schemas/InlineHookChannelType'
+        version:
+          type: string
+      type: object
+    InlineHookChannelConfig:
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/InlineHookChannelConfigAuthScheme'
+        headers:
+          items:
+            $ref: '#/components/schemas/InlineHookChannelConfigHeaders'
+          type: array
+        method:
+          type: string
+        uri:
+          type: string
+      type: object
+    InlineHookChannelConfigAuthScheme:
+      properties:
+        key:
+          type: string
+        type:
+          type: string
+        value:
+          type: string
+      type: object
+    InlineHookChannelConfigHeaders:
+      properties:
+        key:
+          type: string
+        value:
+          type: string
+      type: object
+    InlineHookChannelHttp:
+      allOf:
+      - $ref: '#/components/schemas/InlineHookChannel'
+      - $ref: '#/components/schemas/InlineHookChannelHttp_allOf'
+    InlineHookChannelOAuth:
+      allOf:
+      - $ref: '#/components/schemas/InlineHookChannel'
+      - $ref: '#/components/schemas/InlineHookChannelOAuth_allOf'
+    InlineHookChannelType:
+      enum:
+      - HTTP
+      - OAUTH
+      type: string
+    InlineHookOAuthBasicConfig:
+      allOf:
+      - $ref: '#/components/schemas/InlineHookChannelConfig'
+      properties:
+        authType:
+          type: string
+        clientId:
+          type: string
+        scope:
+          type: string
+        tokenUrl:
+          type: string
+      type: object
+    InlineHookOAuthChannelConfig:
+      discriminator:
+        mapping:
+          client_secret_post: '#/components/schemas/InlineHookOAuthClientSecretConfig'
+          private_key_jwt: '#/components/schemas/InlineHookOAuthPrivateKeyJwtConfig'
+        propertyName: authType
+      properties:
+        authType:
+          type: string
+      type: object
+    InlineHookOAuthClientSecretConfig:
+      allOf:
+      - $ref: '#/components/schemas/InlineHookOAuthBasicConfig'
+      properties:
+        clientSecret:
+          type: string
+      type: object
+    InlineHookOAuthPrivateKeyJwtConfig:
+      allOf:
+      - $ref: '#/components/schemas/InlineHookOAuthBasicConfig'
+      properties:
+        hookKeyId:
+          type: string
+      type: object
+    InlineHookPayload:
+      type: object
+      x-okta-extensible: true
+    InlineHookResponse:
+      example:
+        commands:
+        - type: type
+          value:
+          - op: op
+            path: path
+            value: value
+          - op: op
+            path: path
+            value: value
+        - type: type
+          value:
+          - op: op
+            path: path
+            value: value
+          - op: op
+            path: path
+            value: value
+      properties:
+        commands:
+          items:
+            $ref: '#/components/schemas/InlineHookResponseCommands'
+          type: array
+      type: object
+    InlineHookResponseCommandValue:
+      example:
+        op: op
+        path: path
+        value: value
+      properties:
+        op:
+          type: string
+        path:
+          type: string
+        value:
+          type: string
+      type: object
+    InlineHookResponseCommands:
+      example:
+        type: type
+        value:
+        - op: op
+          path: path
+          value: value
+        - op: op
+          path: path
+          value: value
+      properties:
+        type:
+          type: string
+        value:
+          items:
+            $ref: '#/components/schemas/InlineHookResponseCommandValue'
+          type: array
+      type: object
+    InlineHookStatus:
+      enum:
+      - ACTIVE
+      - INACTIVE
+      type: string
+    InlineHookType:
+      enum:
+      - com.okta.import.transform
+      - com.okta.oauth2.tokens.transform
+      - com.okta.saml.tokens.transform
+      - com.okta.user.credential.password.import
+      - com.okta.user.pre-registration
+      type: string
+    IssuerMode:
+      enum:
+      - CUSTOM_URL
+      - DYNAMIC
+      - ORG_URL
+      type: string
+    JsonWebKey:
+      example:
+        e: e
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        use: use
+        kid: kid
+        x5c:
+        - x5c
+        - x5c
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+        "n": "n"
+        kty: kty
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        x5t#S256: x5t#S256
+        x5t: x5t
+        key_ops:
+        - key_ops
+        - key_ops
+        x5u: x5u
+        alg: alg
+        status: status
+      properties:
+        alg:
+          type: string
+        created:
+          format: date-time
+          type: string
+        e:
+          type: string
+        expiresAt:
+          format: date-time
+          type: string
+        key_ops:
+          items:
+            type: string
+          type: array
+        kid:
+          type: string
+        kty:
+          type: string
+        lastUpdated:
+          format: date-time
+          type: string
+        "n":
+          type: string
+        status:
+          type: string
+        use:
+          type: string
+        x5c:
+          items:
+            type: string
+          type: array
+        x5t:
+          type: string
+        x5t#S256:
+          type: string
+        x5u:
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    JwkUse:
+      example:
+        use: null
+      properties:
+        use:
+          $ref: '#/components/schemas/JwkUseType'
+      type: object
+    JwkUseType:
+      enum:
+      - sig
+      type: string
+    KeyRequest:
+      example:
+        name: name
+      properties:
+        name:
+          type: string
+      type: object
+    KeyTrustLevelBrowserKey:
+      description: Represents the attestation strength used by the Chrome Verified
+        Access API
+      enum:
+      - CHROME_BROWSER_HW_KEY
+      - CHROME_BROWSER_OS_KEY
+      example: CHROME_BROWSER_HW_KEY
+      type: string
+      x-enumDescriptions:
+        CHROME_BROWSER_HW_KEY: Identity of the device was attested using a key pair
+          that is OS encapsulated by a hardware layer
+        CHROME_BROWSER_OS_KEY: Identity of the device was attested using a key pair
+          that is simply stored on the device but not in any specific hardware layer
+    KeyTrustLevelOSMode:
+      description: Represents the attestation strength used by the Chrome Verified
+        Access API
+      enum:
+      - CHROME_OS_VERIFIED_MODE
+      - CHROME_OS_DEVELOPER_MODE
+      example: CHROME_OS_VERIFIED_MODE
+      type: string
+      x-enumDescriptions:
+        CHROME_OS_VERIFIED_MODE: "Identity of the device was attested using an enterprise-emitted\
+          \ certificate, and the device is in Verified mode"
+        CHROME_OS_DEVELOPER_MODE: "Identity of the device was attested using an enterprise-emitted\
+          \ certificate, and the device is in Developer mode"
+    KnowledgeConstraint:
+      allOf:
+      - $ref: '#/components/schemas/AccessPolicyConstraint'
+    Language:
+      description: "The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)."
+      type: string
+    LifecycleCreateSettingObject:
+      example:
+        status: null
+      properties:
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+      type: object
+    LifecycleDeactivateSettingObject:
+      example:
+        status: null
+      properties:
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+      type: object
+    LifecycleExpirationPolicyRuleCondition:
+      properties:
+        lifecycleStatus:
+          type: string
+        number:
+          type: integer
+        unit:
+          type: string
+      type: object
+    LifecycleStatus:
+      enum:
+      - ACTIVE
+      - INACTIVE
+      type: string
+    LinkedObject:
+      example:
+        _links:
+          key: "{}"
+        associated:
+          name: name
+          description: description
+          title: title
+          type: null
+        primary:
+          name: name
+          description: description
+          title: title
+          type: null
+      properties:
+        associated:
+          $ref: '#/components/schemas/LinkedObjectDetails'
+        primary:
+          $ref: '#/components/schemas/LinkedObjectDetails'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    LinkedObjectDetails:
+      example:
+        name: name
+        description: description
+        title: title
+        type: null
+      properties:
+        description:
+          type: string
+        name:
+          type: string
+        title:
+          type: string
+        type:
+          $ref: '#/components/schemas/LinkedObjectDetailsType'
+      type: object
+    LinkedObjectDetailsType:
+      enum:
+      - USER
+      type: string
+    LinksSelf:
+      description: "Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288))\
+        \ available for the current status of an application using the [JSON Hypertext\
+        \ Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)\
+        \ specification. This object is used for dynamic discovery of related resources\
+        \ and lifecycle operations."
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObjectSelfLink'
+      readOnly: true
+      type: object
+    LoadingPageTouchPointVariant:
+      enum:
+      - NONE
+      - OKTA_DEFAULT
+      type: string
+    LocationGranularity:
+      enum:
+      - CITY
+      - COUNTRY
+      - LAT_LONG
+      - SUBDIVISION
+      type: string
+    LogActor:
+      example:
+        alternateId: alternateId
+        displayName: displayName
+        detail:
+          key: "{}"
+        id: id
+        type: type
+      properties:
+        alternateId:
+          readOnly: true
+          type: string
+        detail:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        displayName:
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        type:
+          readOnly: true
+          type: string
+      type: object
+    LogAuthenticationContext:
+      example:
+        credentialType: null
+        authenticationProvider: null
+        credentialProvider: null
+        externalSessionId: externalSessionId
+        interface: interface
+        authenticationStep: 0
+        issuer:
+          id: id
+          type: type
+      properties:
+        authenticationProvider:
+          $ref: '#/components/schemas/LogAuthenticationProvider'
+        authenticationStep:
+          readOnly: true
+          type: integer
+        credentialProvider:
+          $ref: '#/components/schemas/LogCredentialProvider'
+        credentialType:
+          $ref: '#/components/schemas/LogCredentialType'
+        externalSessionId:
+          readOnly: true
+          type: string
+        interface:
+          readOnly: true
+          type: string
+        issuer:
+          $ref: '#/components/schemas/LogIssuer'
+      type: object
+    LogAuthenticationProvider:
+      enum:
+      - ACTIVE_DIRECTORY
+      - FACTOR_PROVIDER
+      - FEDERATION
+      - LDAP
+      - OKTA_AUTHENTICATION_PROVIDER
+      - SOCIAL
+      type: string
+    LogClient:
+      example:
+        zone: zone
+        ipAddress: ipAddress
+        userAgent:
+          os: os
+          browser: browser
+          rawUserAgent: rawUserAgent
+        id: id
+        device: device
+        geographicalContext:
+          country: country
+          city: city
+          postalCode: postalCode
+          state: state
+          geolocation:
+            lon: 1.4658129805029452
+            lat: 6.027456183070403
+      properties:
+        device:
+          readOnly: true
+          type: string
+        geographicalContext:
+          $ref: '#/components/schemas/LogGeographicalContext'
+        id:
+          readOnly: true
+          type: string
+        ipAddress:
+          readOnly: true
+          type: string
+        userAgent:
+          $ref: '#/components/schemas/LogUserAgent'
+        zone:
+          readOnly: true
+          type: string
+      type: object
+    LogCredentialProvider:
+      enum:
+      - DUO
+      - GOOGLE
+      - OKTA_AUTHENTICATION_PROVIDER
+      - OKTA_CREDENTIAL_PROVIDER
+      - RSA
+      - SYMANTEC
+      - YUBIKEY
+      type: string
+    LogCredentialType:
+      enum:
+      - ASSERTION
+      - EMAIL
+      - IWA
+      - JWT
+      - OAuth 2.0
+      - OTP
+      - PASSWORD
+      - SMS
+      type: string
+    LogDebugContext:
+      example:
+        debugData:
+          key: "{}"
+      properties:
+        debugData:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    LogEvent:
+      example:
+        severity: null
+        request:
+          ipChain:
+          - ip: ip
+            source: source
+            geographicalContext:
+              country: country
+              city: city
+              postalCode: postalCode
+              state: state
+              geolocation:
+                lon: 1.4658129805029452
+                lat: 6.027456183070403
+            version: version
+          - ip: ip
+            source: source
+            geographicalContext:
+              country: country
+              city: city
+              postalCode: postalCode
+              state: state
+              geolocation:
+                lon: 1.4658129805029452
+                lat: 6.027456183070403
+            version: version
+        authenticationContext:
+          credentialType: null
+          authenticationProvider: null
+          credentialProvider: null
+          externalSessionId: externalSessionId
+          interface: interface
+          authenticationStep: 0
+          issuer:
+            id: id
+            type: type
+        eventType: eventType
+        published: 2000-01-23T04:56:07.000+00:00
+        securityContext:
+          asNumber: 5
+          domain: domain
+          isp: isp
+          isProxy: true
+          asOrg: asOrg
+        uuid: uuid
+        version: version
+        target:
+        - alternateId: alternateId
+          displayName: displayName
+          id: id
+          detailEntry:
+            key: "{}"
+          type: type
+        - alternateId: alternateId
+          displayName: displayName
+          id: id
+          detailEntry:
+            key: "{}"
+          type: type
+        actor:
+          alternateId: alternateId
+          displayName: displayName
+          detail:
+            key: "{}"
+          id: id
+          type: type
+        debugContext:
+          debugData:
+            key: "{}"
+        displayMessage: displayMessage
+        client:
+          zone: zone
+          ipAddress: ipAddress
+          userAgent:
+            os: os
+            browser: browser
+            rawUserAgent: rawUserAgent
+          id: id
+          device: device
+          geographicalContext:
+            country: country
+            city: city
+            postalCode: postalCode
+            state: state
+            geolocation:
+              lon: 1.4658129805029452
+              lat: 6.027456183070403
+        legacyEventType: legacyEventType
+        outcome:
+          result: result
+          reason: reason
+        transaction:
+          detail:
+            key: "{}"
+          id: id
+          type: type
+      properties:
+        actor:
+          $ref: '#/components/schemas/LogActor'
+        authenticationContext:
+          $ref: '#/components/schemas/LogAuthenticationContext'
+        client:
+          $ref: '#/components/schemas/LogClient'
+        debugContext:
+          $ref: '#/components/schemas/LogDebugContext'
+        displayMessage:
+          readOnly: true
+          type: string
+        eventType:
+          readOnly: true
+          type: string
+        legacyEventType:
+          readOnly: true
+          type: string
+        outcome:
+          $ref: '#/components/schemas/LogOutcome'
+        published:
+          format: date-time
+          readOnly: true
+          type: string
+        request:
+          $ref: '#/components/schemas/LogRequest'
+        securityContext:
+          $ref: '#/components/schemas/LogSecurityContext'
+        severity:
+          $ref: '#/components/schemas/LogSeverity'
+        target:
+          items:
+            $ref: '#/components/schemas/LogTarget'
+          readOnly: true
+          type: array
+        transaction:
+          $ref: '#/components/schemas/LogTransaction'
+        uuid:
+          readOnly: true
+          type: string
+        version:
+          readOnly: true
+          type: string
+      type: object
+    LogGeographicalContext:
+      example:
+        country: country
+        city: city
+        postalCode: postalCode
+        state: state
+        geolocation:
+          lon: 1.4658129805029452
+          lat: 6.027456183070403
+      properties:
+        city:
+          readOnly: true
+          type: string
+        country:
+          readOnly: true
+          type: string
+        geolocation:
+          $ref: '#/components/schemas/LogGeolocation'
+        postalCode:
+          readOnly: true
+          type: string
+        state:
+          readOnly: true
+          type: string
+      type: object
+    LogGeolocation:
+      example:
+        lon: 1.4658129805029452
+        lat: 6.027456183070403
+      properties:
+        lat:
+          format: double
+          readOnly: true
+          type: number
+        lon:
+          format: double
+          readOnly: true
+          type: number
+      type: object
+    LogIpAddress:
+      example:
+        ip: ip
+        source: source
+        geographicalContext:
+          country: country
+          city: city
+          postalCode: postalCode
+          state: state
+          geolocation:
+            lon: 1.4658129805029452
+            lat: 6.027456183070403
+        version: version
+      properties:
+        geographicalContext:
+          $ref: '#/components/schemas/LogGeographicalContext'
+        ip:
+          readOnly: true
+          type: string
+        source:
+          readOnly: true
+          type: string
+        version:
+          readOnly: true
+          type: string
+      type: object
+    LogIssuer:
+      example:
+        id: id
+        type: type
+      properties:
+        id:
+          readOnly: true
+          type: string
+        type:
+          readOnly: true
+          type: string
+      type: object
+    LogOutcome:
+      example:
+        result: result
+        reason: reason
+      properties:
+        reason:
+          readOnly: true
+          type: string
+        result:
+          readOnly: true
+          type: string
+      type: object
+    LogRequest:
+      example:
+        ipChain:
+        - ip: ip
+          source: source
+          geographicalContext:
+            country: country
+            city: city
+            postalCode: postalCode
+            state: state
+            geolocation:
+              lon: 1.4658129805029452
+              lat: 6.027456183070403
+          version: version
+        - ip: ip
+          source: source
+          geographicalContext:
+            country: country
+            city: city
+            postalCode: postalCode
+            state: state
+            geolocation:
+              lon: 1.4658129805029452
+              lat: 6.027456183070403
+          version: version
+      properties:
+        ipChain:
+          items:
+            $ref: '#/components/schemas/LogIpAddress'
+          readOnly: true
+          type: array
+      type: object
+    LogSecurityContext:
+      example:
+        asNumber: 5
+        domain: domain
+        isp: isp
+        isProxy: true
+        asOrg: asOrg
+      properties:
+        asNumber:
+          readOnly: true
+          type: integer
+        asOrg:
+          readOnly: true
+          type: string
+        domain:
+          readOnly: true
+          type: string
+        isp:
+          readOnly: true
+          type: string
+        isProxy:
+          readOnly: true
+          type: boolean
+      type: object
+    LogSeverity:
+      enum:
+      - DEBUG
+      - ERROR
+      - INFO
+      - WARN
+      type: string
+    LogStream:
+      discriminator:
+        mapping:
+          aws_eventbridge: '#/components/schemas/LogStreamAws'
+          splunk_cloud_logstreaming: '#/components/schemas/LogStreamSplunk'
+        propertyName: type
+      properties:
+        created:
+          description: Timestamp when the Log Stream was created
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          description: Unique key for the Log Stream
+          readOnly: true
+          type: string
+        lastUpdated:
+          description: Timestamp when the Log Stream was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          description: Unique name for the Log Stream
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/LogStreamType'
+        _links:
+          $ref: '#/components/schemas/LogStream__links'
+      type: object
+    LogStreamAws:
+      allOf:
+      - $ref: '#/components/schemas/LogStream'
+      - $ref: '#/components/schemas/LogStreamAws_allOf'
+    LogStreamSchema:
+      example:
+        lastUpdated: lastUpdated
+        $schema: $schema
+        _links:
+          key: "{}"
+        created: created
+        errorMessage: "{}"
+        name: name
+        id: id
+        title: title
+        type: type
+        properties: "{}"
+        required:
+        - required
+        - required
+      properties:
+        $schema:
+          readOnly: true
+          type: string
+        created:
+          readOnly: true
+          type: string
+        errorMessage:
+          type: object
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          readOnly: true
+          type: string
+        name:
+          readOnly: true
+          type: string
+        properties:
+          type: object
+        required:
+          items:
+            type: string
+          type: array
+        title:
+          type: string
+        type:
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    LogStreamSettings:
+      type: object
+    LogStreamSettingsAws:
+      allOf:
+      - $ref: '#/components/schemas/LogStreamSettings'
+      - $ref: '#/components/schemas/LogStreamSettingsAws_allOf'
+    LogStreamSettingsSplunk:
+      allOf:
+      - $ref: '#/components/schemas/LogStreamSettings'
+      - $ref: '#/components/schemas/LogStreamSettingsSplunk_allOf'
+    LogStreamSplunk:
+      allOf:
+      - $ref: '#/components/schemas/LogStream'
+      - $ref: '#/components/schemas/LogStreamSplunk_allOf'
+    LogStreamType:
+      description: "The Log Stream type specifies the streaming provider used. Okta\
+        \ supports [AWS EventBridge](https://aws.amazon.com/eventbridge/) and [Splunk\
+        \ Cloud](https://www.splunk.com/en_us/software/splunk-cloud-platform.html)."
+      enum:
+      - aws_eventbridge
+      - splunk_cloud_logstreaming
+      type: string
+    LogTarget:
+      example:
+        alternateId: alternateId
+        displayName: displayName
+        id: id
+        detailEntry:
+          key: "{}"
+        type: type
+      properties:
+        alternateId:
+          readOnly: true
+          type: string
+        detailEntry:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        displayName:
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        type:
+          readOnly: true
+          type: string
+      type: object
+    LogTransaction:
+      example:
+        detail:
+          key: "{}"
+        id: id
+        type: type
+      properties:
+        detail:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        id:
+          readOnly: true
+          type: string
+        type:
+          readOnly: true
+          type: string
+      type: object
+    LogUserAgent:
+      example:
+        os: os
+        browser: browser
+        rawUserAgent: rawUserAgent
+      properties:
+        browser:
+          readOnly: true
+          type: string
+        os:
+          readOnly: true
+          type: string
+        rawUserAgent:
+          readOnly: true
+          type: string
+      type: object
+    MDMEnrollmentPolicyEnrollment:
+      enum:
+      - ANY_OR_NONE
+      - OMM
+      type: string
+    MDMEnrollmentPolicyRuleCondition:
+      properties:
+        blockNonSafeAndroid:
+          type: boolean
+        enrollment:
+          $ref: '#/components/schemas/MDMEnrollmentPolicyEnrollment'
+      type: object
+    MultifactorEnrollmentPolicy:
+      allOf:
+      - $ref: '#/components/schemas/Policy'
+      - $ref: '#/components/schemas/MultifactorEnrollmentPolicy_allOf'
+    MultifactorEnrollmentPolicyAuthenticatorSettings:
+      properties:
+        enroll:
+          $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorSettings_enroll'
+        key:
+          $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorType'
+      type: object
+    MultifactorEnrollmentPolicyAuthenticatorStatus:
+      enum:
+      - NOT_ALLOWED
+      - OPTIONAL
+      - REQUIRED
+      type: string
+    MultifactorEnrollmentPolicyAuthenticatorType:
+      enum:
+      - custom_app
+      - custom_otp
+      - duo
+      - external_idp
+      - google_otp
+      - okta_email
+      - okta_password
+      - okta_verify
+      - onprem_mfa
+      - phone_number
+      - rsa_token
+      - security_question
+      - symantec_vip
+      - webauthn
+      - yubikey_token
+      type: string
+    MultifactorEnrollmentPolicySettings:
+      properties:
+        authenticators:
+          items:
+            $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorSettings'
+          type: array
+        type:
+          $ref: '#/components/schemas/MultifactorEnrollmentPolicySettingsType'
+      type: object
+    MultifactorEnrollmentPolicySettingsType:
+      enum:
+      - AUTHENTICATORS
+      type: string
+    NetworkZone:
+      example:
+        gateways:
+        - 1.2.3.4/24
+        - 1.2.3.4/24
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        usage: BLOCKLIST
+        proxyType: ANY
+        type: IP
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        system: true
+        name: newNetworkZone
+        asns:
+        - 23457
+        locations:
+        - country: US
+          region: US-CA
+        - country: US
+          region: US-CA
+        proxies:
+        - 1.2.3.4/24
+        - 1.2.3.4/24
+        id: id
+        status: ACTIVE
+      properties:
+        asns:
+          description: "Format of each array value: a string representation of an\
+            \ ASN numeric value"
+          example:
+          - 23457
+          items:
+            type: string
+          maximum: 75
+          type: array
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        gateways:
+          description: "IP addresses (range or CIDR form) of this Zone.\nThe maximum\
+            \ array length is 150 entries for admin-created IP zones, 1000 entries\
+            \ for IP blocklist zones, and 5000 entries for the default system IP Zone."
+          items:
+            $ref: '#/components/schemas/NetworkZoneAddress'
+          type: array
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        locations:
+          description: The geolocations of this Zone
+          items:
+            $ref: '#/components/schemas/NetworkZoneLocation'
+          maximum: 75
+          type: array
+        name:
+          description: Unique name for this Zone. Maximum of 128 characters.
+          example: newNetworkZone
+          type: string
+        proxies:
+          description: "IP address (range or CIDR form) that are allowed to forward\
+            \ a request from gateway addresses.\nThese proxies are automatically trusted\
+            \ by Threat Insights, and used to identify the client IP of a request.\n\
+            The maximum array length is 150 entries for admin-created zones and 5000\
+            \ entries for the default system IP Zone."
+          items:
+            $ref: '#/components/schemas/NetworkZoneAddress'
+          type: array
+        proxyType:
+          description: "One of: `\"\"` or `null` (when not specified), `Any` (meaning\
+            \ any proxy), `Tor`, or `NotTorAnonymizer`"
+          example: ANY
+          type: string
+        status:
+          $ref: '#/components/schemas/NetworkZoneStatus'
+        system:
+          description: "Indicates if this is a system Network Zone. For admin-created\
+            \ zones, this is always `false`.\nThe system IP Policy Network Zone (`LegacyIpZone`)\
+            \ is included by default in your Okta org. Notice that `system=true` for\
+            \ the `LegacyIpZone` object. Admin users can modify the name of this default\
+            \ system Zone and can add up to 5000 gateway or proxy IP entries."
+          type: boolean
+        type:
+          $ref: '#/components/schemas/NetworkZoneType'
+        usage:
+          $ref: '#/components/schemas/NetworkZoneUsage'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    NetworkZoneAddress:
+      description: Specifies the value of an IP address expressed using either `range`
+        or `CIDR` form.
+      example: 1.2.3.4/24
+      properties:
+        type:
+          $ref: '#/components/schemas/NetworkZoneAddressType'
+        value:
+          type: string
+      type: object
+    NetworkZoneAddressType:
+      enum:
+      - CIDR
+      - RANGE
+      example: CIDR
+      type: string
+    NetworkZoneLocation:
+      example:
+        country: US
+        region: US-CA
+      properties:
+        country:
+          description: "Format of the country value: length 2 [ISO-3166-1](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)\
+            \ country code.\nDo not use continent codes as they are treated as generic\
+            \ codes for undesignated countries."
+          example: US
+          type: string
+        region:
+          description: "Format of the region value (optional): region code [ISO-3166-2](https://en.wikipedia.org/wiki/ISO_3166-2)\
+            \ appended to country code (`countryCode-regionCode`), or `null` if empty.\n\
+            Do not use continent codes as they are treated as generic codes for undesignated\
+            \ regions."
+          example: US-CA
+          type: string
+      type: object
+    NetworkZoneStatus:
+      enum:
+      - ACTIVE
+      - INACTIVE
+      example: ACTIVE
+      type: string
+    NetworkZoneType:
+      enum:
+      - DYNAMIC
+      - IP
+      example: IP
+      type: string
+    NetworkZoneUsage:
+      enum:
+      - BLOCKLIST
+      - POLICY
+      example: BLOCKLIST
+      type: string
+    NotificationType:
+      enum:
+      - AD_AGENT
+      - APP_IMPORT
+      - CONNECTOR_AGENT
+      - IWA_AGENT
+      - LDAP_AGENT
+      - OKTA_ANNOUNCEMENT
+      - OKTA_ISSUE
+      - OKTA_UPDATE
+      - RATELIMIT_NOTIFICATION
+      - REPORT_SUSPICIOUS_ACTIVITY
+      - USER_DEPROVISION
+      - USER_LOCKED_OUT
+      - AGENT_AUTO_UPDATE_NOTIFICATION
+      type: string
+    OAuth2Actor:
+      example:
+        id: id
+        type: type
+      properties:
+        id:
+          readOnly: true
+          type: string
+        type:
+          type: string
+      type: object
+    OAuth2Claim:
+      example:
+        group_filter_type: null
+        claimType: null
+        system: true
+        alwaysIncludeInToken: true
+        _links:
+          key: "{}"
+        valueType: null
+        name: name
+        id: id
+        conditions:
+          scopes:
+          - scopes
+          - scopes
+        value: value
+        status: null
+      properties:
+        alwaysIncludeInToken:
+          type: boolean
+        claimType:
+          $ref: '#/components/schemas/OAuth2ClaimType'
+        conditions:
+          $ref: '#/components/schemas/OAuth2ClaimConditions'
+        group_filter_type:
+          $ref: '#/components/schemas/OAuth2ClaimGroupFilterType'
+        id:
+          readOnly: true
+          type: string
+        name:
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        system:
+          type: boolean
+        value:
+          type: string
+        valueType:
+          $ref: '#/components/schemas/OAuth2ClaimValueType'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    OAuth2ClaimConditions:
+      example:
+        scopes:
+        - scopes
+        - scopes
+      properties:
+        scopes:
+          items:
+            type: string
+          type: array
+      type: object
+    OAuth2ClaimGroupFilterType:
+      enum:
+      - CONTAINS
+      - EQUALS
+      - REGEX
+      - STARTS_WITH
+      type: string
+    OAuth2ClaimType:
+      enum:
+      - IDENTITY
+      - RESOURCE
+      type: string
+    OAuth2ClaimValueType:
+      enum:
+      - EXPRESSION
+      - GROUPS
+      - SYSTEM
+      type: string
+    OAuth2Client:
+      example:
+        client_uri: client_uri
+        _links:
+          key: "{}"
+        logo_uri: logo_uri
+        client_name: client_name
+        client_id: client_id
+      properties:
+        client_id:
+          readOnly: true
+          type: string
+        client_name:
+          readOnly: true
+          type: string
+        client_uri:
+          readOnly: true
+          type: string
+        logo_uri:
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    OAuth2RefreshToken:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        clientId: clientId
+        createdBy:
+          id: id
+          type: type
+        _embedded:
+          key: "{}"
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        id: id
+        scopes:
+        - scopes
+        - scopes
+        userId: userId
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+        issuer: issuer
+        status: null
+      properties:
+        clientId:
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        createdBy:
+          $ref: '#/components/schemas/OAuth2Actor'
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        issuer:
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        scopes:
+          items:
+            type: string
+          type: array
+        status:
+          $ref: '#/components/schemas/GrantOrTokenStatus'
+        userId:
+          type: string
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    OAuth2Scope:
+      example:
+        default: true
+        system: true
+        displayName: displayName
+        name: name
+        description: description
+        metadataPublish: null
+        id: id
+        consent: null
+      properties:
+        consent:
+          $ref: '#/components/schemas/OAuth2ScopeConsentType'
+        default:
+          type: boolean
+        description:
+          type: string
+        displayName:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        metadataPublish:
+          $ref: '#/components/schemas/OAuth2ScopeMetadataPublish'
+        name:
+          type: string
+        system:
+          type: boolean
+      type: object
+    OAuth2ScopeConsentGrant:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        scopeId: scopeId
+        clientId: clientId
+        createdBy:
+          id: id
+          type: type
+        _embedded:
+          key: "{}"
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        id: id
+        source: null
+        userId: userId
+        issuer: issuer
+        status: null
+      properties:
+        clientId:
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        createdBy:
+          $ref: '#/components/schemas/OAuth2Actor'
+        id:
+          readOnly: true
+          type: string
+        issuer:
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        scopeId:
+          type: string
+        source:
+          $ref: '#/components/schemas/OAuth2ScopeConsentGrantSource'
+        status:
+          $ref: '#/components/schemas/GrantOrTokenStatus'
+        userId:
+          type: string
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    OAuth2ScopeConsentGrantSource:
+      enum:
+      - ADMIN
+      - END_USER
+      type: string
+    OAuth2ScopeConsentType:
+      enum:
+      - ADMIN
+      - IMPLICIT
+      - REQUIRED
+      type: string
+    OAuth2ScopeMetadataPublish:
+      enum:
+      - ALL_CLIENTS
+      - NO_CLIENTS
+      type: string
+    OAuth2ScopesMediationPolicyRuleCondition:
+      properties:
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    OAuth2Token:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        clientId: clientId
+        _embedded:
+          key: "{}"
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        id: id
+        scopes:
+        - scopes
+        - scopes
+        userId: userId
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+        issuer: issuer
+        status: null
+      properties:
+        clientId:
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        issuer:
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        scopes:
+          items:
+            type: string
+          type: array
+        status:
+          $ref: '#/components/schemas/GrantOrTokenStatus'
+        userId:
+          type: string
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    OAuthApplicationCredentials:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationCredentials'
+      - $ref: '#/components/schemas/OAuthApplicationCredentials_allOf'
+    OAuthEndpointAuthenticationMethod:
+      enum:
+      - client_secret_basic
+      - client_secret_jwt
+      - client_secret_post
+      - none
+      - private_key_jwt
+      type: string
+    OAuthGrantType:
+      enum:
+      - authorization_code
+      - client_credentials
+      - implicit
+      - interaction_code
+      - password
+      - refresh_token
+      - urn:ietf:params:oauth:grant-type:device_code
+      - urn:ietf:params:oauth:grant-type:saml2-bearer
+      - urn:ietf:params:oauth:grant-type:token-exchange
+      type: string
+    OAuthResponseType:
+      enum:
+      - code
+      - id_token
+      - token
+      type: string
+    OktaSignOnPolicy:
+      allOf:
+      - $ref: '#/components/schemas/Policy'
+      - $ref: '#/components/schemas/OktaSignOnPolicy_allOf'
+    OktaSignOnPolicyConditions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleConditions'
+      - $ref: '#/components/schemas/OktaSignOnPolicyConditions_allOf'
+    OktaSignOnPolicyFactorPromptMode:
+      enum:
+      - ALWAYS
+      - DEVICE
+      - SESSION
+      type: string
+    OktaSignOnPolicyRule:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRule'
+      - $ref: '#/components/schemas/OktaSignOnPolicyRule_allOf'
+    OktaSignOnPolicyRuleActions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleActions'
+      - $ref: '#/components/schemas/OktaSignOnPolicyRuleActions_allOf'
+    OktaSignOnPolicyRuleConditions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleConditions'
+      - $ref: '#/components/schemas/OktaSignOnPolicyRuleConditions_allOf'
+    OktaSignOnPolicyRuleSignonActions:
+      properties:
+        access:
+          $ref: '#/components/schemas/PolicyAccess'
+        factorLifetime:
+          type: integer
+        factorPromptMode:
+          $ref: '#/components/schemas/OktaSignOnPolicyFactorPromptMode'
+        rememberDeviceByDefault:
+          default: false
+          type: boolean
+        requireFactor:
+          default: false
+          type: boolean
+        session:
+          $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonSessionActions'
+      type: object
+    OktaSignOnPolicyRuleSignonSessionActions:
+      properties:
+        maxSessionIdleMinutes:
+          type: integer
+        maxSessionLifetimeMinutes:
+          type: integer
+        usePersistentCookie:
+          default: false
+          type: boolean
+      type: object
+    OpenIdConnectApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/OpenIdConnectApplication_allOf'
+      x-okta-defined-as:
+        name: oidc_client
+    OpenIdConnectApplicationConsentMethod:
+      enum:
+      - REQUIRED
+      - TRUSTED
+      type: string
+    OpenIdConnectApplicationIdpInitiatedLogin:
+      properties:
+        default_scope:
+          items:
+            type: string
+          type: array
+        mode:
+          type: string
+      type: object
+    OpenIdConnectApplicationIssuerMode:
+      enum:
+      - CUSTOM_URL
+      - DYNAMIC
+      - ORG_URL
+      type: string
+    OpenIdConnectApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/OpenIdConnectApplicationSettings_allOf'
+    OpenIdConnectApplicationSettingsClient:
+      properties:
+        application_type:
+          $ref: '#/components/schemas/OpenIdConnectApplicationType'
+        client_uri:
+          type: string
+        consent_method:
+          $ref: '#/components/schemas/OpenIdConnectApplicationConsentMethod'
+        grant_types:
+          items:
+            $ref: '#/components/schemas/OAuthGrantType'
+          type: array
+        idp_initiated_login:
+          $ref: '#/components/schemas/OpenIdConnectApplicationIdpInitiatedLogin'
+        initiate_login_uri:
+          type: string
+        issuer_mode:
+          $ref: '#/components/schemas/OpenIdConnectApplicationIssuerMode'
+        jwks:
+          $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClientKeys'
+        logo_uri:
+          type: string
+        policy_uri:
+          type: string
+        post_logout_redirect_uris:
+          items:
+            type: string
+          type: array
+        redirect_uris:
+          items:
+            type: string
+          type: array
+        refresh_token:
+          $ref: '#/components/schemas/OpenIdConnectApplicationSettingsRefreshToken'
+        response_types:
+          items:
+            $ref: '#/components/schemas/OAuthResponseType'
+          type: array
+        tos_uri:
+          type: string
+        wildcard_redirect:
+          type: string
+        jwks_uri:
+          type: string
+      type: object
+    OpenIdConnectApplicationSettingsClientKeys:
+      properties:
+        keys:
+          items:
+            $ref: '#/components/schemas/JsonWebKey'
+          type: array
+      type: object
+    OpenIdConnectApplicationSettingsRefreshToken:
+      properties:
+        leeway:
+          type: integer
+        rotation_type:
+          $ref: '#/components/schemas/OpenIdConnectRefreshTokenRotationType'
+      type: object
+    OpenIdConnectApplicationType:
+      enum:
+      - browser
+      - native
+      - service
+      - web
+      type: string
+    OpenIdConnectRefreshTokenRotationType:
+      enum:
+      - ROTATE
+      - STATIC
+      type: string
+    OperationalStatus:
+      description: Operational status of a given agent
+      enum:
+      - DEGRADED
+      - DISRUPTED
+      - INACTIVE
+      - OPERATIONAL
+      type: string
+    OrgContactType:
+      enum:
+      - BILLING
+      - TECHNICAL
+      type: string
+    OrgContactTypeObj:
+      example:
+        _links:
+          key: "{}"
+        contactType: null
+      properties:
+        contactType:
+          $ref: '#/components/schemas/OrgContactType'
+        _links:
+          additionalProperties:
+            type: object
+          type: object
+      type: object
+    OrgContactUser:
+      example:
+        _links:
+          key: "{}"
+        userId: userId
+      properties:
+        userId:
+          type: string
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    OrgOktaCommunicationSetting:
+      example:
+        _links:
+          key: "{}"
+        optOutEmailUsers: true
+      properties:
+        optOutEmailUsers:
+          readOnly: true
+          type: boolean
+        _links:
+          additionalProperties:
+            type: object
+          type: object
+      type: object
+    OrgOktaSupportSetting:
+      enum:
+      - DISABLED
+      - ENABLED
+      type: string
+    OrgOktaSupportSettingsObj:
+      example:
+        _links:
+          key: "{}"
+        expiration: 2000-01-23T04:56:07.000+00:00
+        support: null
+      properties:
+        expiration:
+          format: date-time
+          readOnly: true
+          type: string
+        support:
+          $ref: '#/components/schemas/OrgOktaSupportSetting'
+        _links:
+          additionalProperties:
+            type: object
+          type: object
+      type: object
+    OrgPreferences:
+      example:
+        _links:
+          key: "{}"
+        showEndUserFooter: true
+      properties:
+        showEndUserFooter:
+          readOnly: true
+          type: boolean
+        _links:
+          additionalProperties:
+            type: object
+          type: object
+      type: object
+    OrgSetting:
+      example:
+        country: country
+        website: website
+        supportPhoneNumber: supportPhoneNumber
+        address2: address2
+        city: city
+        _links:
+          key: "{}"
+        address1: address1
+        created: 2000-01-23T04:56:07.000+00:00
+        companyName: companyName
+        postalCode: postalCode
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        phoneNumber: phoneNumber
+        endUserSupportHelpURL: endUserSupportHelpURL
+        subdomain: subdomain
+        id: id
+        state: state
+        status: status
+      properties:
+        address1:
+          type: string
+        address2:
+          type: string
+        city:
+          type: string
+        companyName:
+          type: string
+        country:
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        endUserSupportHelpURL:
+          type: string
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        phoneNumber:
+          type: string
+        postalCode:
+          type: string
+        state:
+          type: string
+        status:
+          readOnly: true
+          type: string
+        subdomain:
+          readOnly: true
+          type: string
+        supportPhoneNumber:
+          type: string
+        website:
+          type: string
+        _links:
+          additionalProperties:
+            type: object
+          type: object
+      type: object
+    OSVersion:
+      description: Current version of the operating system
+      properties:
+        minimum:
+          type: string
+      type: object
+    PageRoot:
+      example:
+        _embedded:
+          preview:
+            pageContent: pageContent
+          default:
+            pageContent: pageContent
+          customized:
+            pageContent: pageContent
+          previewUrl: https://openapi-generator.tech
+          customizedUrl: https://openapi-generator.tech
+        _links:
+          preview:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          default:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          customized:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+      properties:
+        _embedded:
+          $ref: '#/components/schemas/PageRoot__embedded'
+        _links:
+          $ref: '#/components/schemas/PageRoot__links'
+      type: object
+    PasswordCredential:
+      example:
+        hook:
+          type: type
+        value: value
+        hash:
+          salt: salt
+          saltOrder: saltOrder
+          workFactor: 0
+          value: value
+          algorithm: null
+      properties:
+        hash:
+          $ref: '#/components/schemas/PasswordCredentialHash'
+        hook:
+          $ref: '#/components/schemas/PasswordCredentialHook'
+        value:
+          format: password
+          type: string
+      type: object
+    PasswordCredentialHash:
+      example:
+        salt: salt
+        saltOrder: saltOrder
+        workFactor: 0
+        value: value
+        algorithm: null
+      properties:
+        algorithm:
+          $ref: '#/components/schemas/PasswordCredentialHashAlgorithm'
+        salt:
+          type: string
+        saltOrder:
+          type: string
+        value:
+          type: string
+        workFactor:
+          type: integer
+      type: object
+    PasswordCredentialHashAlgorithm:
+      enum:
+      - BCRYPT
+      - MD5
+      - SHA-1
+      - SHA-256
+      - SHA-512
+      type: string
+    PasswordCredentialHook:
+      example:
+        type: type
+      properties:
+        type:
+          type: string
+      type: object
+    PasswordDictionary:
+      properties:
+        common:
+          $ref: '#/components/schemas/PasswordDictionaryCommon'
+      type: object
+    PasswordDictionaryCommon:
+      properties:
+        exclude:
+          default: false
+          type: boolean
+      type: object
+    PasswordExpirationPolicyRuleCondition:
+      properties:
+        number:
+          type: integer
+        unit:
+          type: string
+      type: object
+    PasswordPolicy:
+      allOf:
+      - $ref: '#/components/schemas/Policy'
+      - $ref: '#/components/schemas/PasswordPolicy_allOf'
+    PasswordPolicyAuthenticationProviderCondition:
+      properties:
+        include:
+          items:
+            type: string
+          type: array
+        provider:
+          $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderType'
+      type: object
+    PasswordPolicyAuthenticationProviderType:
+      enum:
+      - ACTIVE_DIRECTORY
+      - ANY
+      - LDAP
+      - OKTA
+      type: string
+    PasswordPolicyConditions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleConditions'
+      - $ref: '#/components/schemas/PasswordPolicyConditions_allOf'
+    PasswordPolicyDelegationSettings:
+      properties:
+        options:
+          $ref: '#/components/schemas/PasswordPolicyDelegationSettingsOptions'
+      type: object
+    PasswordPolicyDelegationSettingsOptions:
+      properties:
+        skipUnlock:
+          type: boolean
+      type: object
+    PasswordPolicyPasswordSettings:
+      properties:
+        age:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsAge'
+        complexity:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsComplexity'
+        lockout:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettingsLockout'
+      type: object
+    PasswordPolicyPasswordSettingsAge:
+      properties:
+        expireWarnDays:
+          type: integer
+        historyCount:
+          type: integer
+        maxAgeDays:
+          type: integer
+        minAgeMinutes:
+          type: integer
+      type: object
+    PasswordPolicyPasswordSettingsComplexity:
+      properties:
+        dictionary:
+          $ref: '#/components/schemas/PasswordDictionary'
+        excludeAttributes:
+          items:
+            type: string
+          type: array
+        excludeUsername:
+          default: true
+          type: boolean
+        minLength:
+          type: integer
+        minLowerCase:
+          type: integer
+        minNumber:
+          type: integer
+        minSymbol:
+          type: integer
+        minUpperCase:
+          type: integer
+      type: object
+    PasswordPolicyPasswordSettingsLockout:
+      properties:
+        autoUnlockMinutes:
+          type: integer
+        maxAttempts:
+          type: integer
+        showLockoutFailures:
+          type: boolean
+        userLockoutNotificationChannels:
+          items:
+            type: string
+          type: array
+      type: object
+    PasswordPolicyRecoveryEmail:
+      properties:
+        properties:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryEmailProperties'
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+      type: object
+    PasswordPolicyRecoveryEmailProperties:
+      properties:
+        recoveryToken:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryEmailRecoveryToken'
+      type: object
+    PasswordPolicyRecoveryEmailRecoveryToken:
+      properties:
+        tokenLifetimeMinutes:
+          type: integer
+      type: object
+    PasswordPolicyRecoveryFactorSettings:
+      properties:
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+      type: object
+    PasswordPolicyRecoveryFactors:
+      properties:
+        okta_call:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings'
+        okta_email:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryEmail'
+        okta_sms:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings'
+        recovery_question:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestion'
+      type: object
+    PasswordPolicyRecoveryQuestion:
+      properties:
+        properties:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionProperties'
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+      type: object
+    PasswordPolicyRecoveryQuestionComplexity:
+      properties:
+        minLength:
+          readOnly: true
+          type: integer
+      type: object
+    PasswordPolicyRecoveryQuestionProperties:
+      properties:
+        complexity:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionComplexity'
+      type: object
+    PasswordPolicyRecoverySettings:
+      properties:
+        factors:
+          $ref: '#/components/schemas/PasswordPolicyRecoveryFactors'
+      type: object
+    PasswordPolicyRule:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRule'
+      - $ref: '#/components/schemas/PasswordPolicyRule_allOf'
+    PasswordPolicyRuleAction:
+      properties:
+        access:
+          $ref: '#/components/schemas/PolicyAccess'
+      type: object
+    PasswordPolicyRuleActions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleActions'
+      - $ref: '#/components/schemas/PasswordPolicyRuleActions_allOf'
+    PasswordPolicyRuleConditions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleConditions'
+      - $ref: '#/components/schemas/PasswordPolicyRuleConditions_allOf'
+    PasswordPolicySettings:
+      properties:
+        delegation:
+          $ref: '#/components/schemas/PasswordPolicyDelegationSettings'
+        password:
+          $ref: '#/components/schemas/PasswordPolicyPasswordSettings'
+        recovery:
+          $ref: '#/components/schemas/PasswordPolicyRecoverySettings'
+      type: object
+    PasswordProtectionWarningTrigger:
+      description: Indicates whether the Password Protection Warning feature is enabled
+      enum:
+      - PASSWORD_PROTECTION_OFF
+      - PASSWORD_REUSE
+      - PHISHING_REUSE
+      example: PHISHING_REUSE
+      type: string
+      x-enumDescriptions:
+        PASSWORD_PROTECTION_OFF: Password protection warning is off
+        PASSWORD_REUSE: Password protection warning is triggered by password reuse
+        PHISHING_REUSE: Password protection warning is triggered by password reuse
+          on a phishing page
+    PasswordSettingObject:
+      example:
+        seed: null
+        change: null
+        status: null
+      properties:
+        change:
+          $ref: '#/components/schemas/ChangeEnum'
+        seed:
+          $ref: '#/components/schemas/SeedEnum'
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+      type: object
+    PerClientRateLimitMode:
+      enum:
+      - DISABLE
+      - ENFORCE
+      - PREVIEW
+      type: string
+    PerClientRateLimitSettings:
+      description: ""
+      example:
+        defaultMode: null
+        useCaseModeOverrides:
+          LOGIN_PAGE: null
+          OIE_APP_INTENT: null
+          OAUTH2_AUTHORIZE: null
+      properties:
+        defaultMode:
+          $ref: '#/components/schemas/PerClientRateLimitMode'
+        useCaseModeOverrides:
+          $ref: '#/components/schemas/PerClientRateLimitSettings_useCaseModeOverrides'
+      required:
+      - defaultMode
+      title: PerClientRateLimitSettings
+      type: object
+    Permission:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          role:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        label: label
+      properties:
+        created:
+          description: Timestamp when the role was created
+          format: date-time
+          readOnly: true
+          type: string
+        label:
+          description: The permission type
+          readOnly: true
+          type: string
+        lastUpdated:
+          description: Timestamp when the role was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        _links:
+          $ref: '#/components/schemas/Permission__links'
+      type: object
+    Permissions:
+      example:
+        permissions:
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            role:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          label: label
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            role:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          label: label
+      properties:
+        permissions:
+          items:
+            $ref: '#/components/schemas/Permission'
+          type: array
+      type: object
+    PipelineType:
+      description: "The authentication pipeline of the org. `idx` means the org is\
+        \ using the Identity Engine, while `v1` means the org is using the Classic\
+        \ authentication pipeline."
+      enum:
+      - idx
+      - v1
+      type: string
+    Platform:
+      enum:
+      - ANDROID
+      - IOS
+      - MACOS
+      - WINDOWS
+      type: string
+    PlatformConditionEvaluatorPlatform:
+      properties:
+        os:
+          $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystem'
+        type:
+          $ref: '#/components/schemas/PolicyPlatformType'
+      type: object
+    PlatformConditionEvaluatorPlatformOperatingSystem:
+      properties:
+        expression:
+          type: string
+        type:
+          $ref: '#/components/schemas/PolicyPlatformOperatingSystemType'
+        version:
+          $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystemVersion'
+      type: object
+    PlatformConditionEvaluatorPlatformOperatingSystemVersion:
+      properties:
+        matchType:
+          $ref: '#/components/schemas/PlatformConditionOperatingSystemVersionMatchType'
+        value:
+          type: string
+      type: object
+    PlatformConditionOperatingSystemVersionMatchType:
+      enum:
+      - EXPRESSION
+      - SEMVER
+      type: string
+    PlatformPolicyRuleCondition:
+      properties:
+        exclude:
+          items:
+            $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform'
+          type: array
+        include:
+          items:
+            $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform'
+          type: array
+      type: object
+    Policy:
+      discriminator:
+        mapping:
+          ACCESS_POLICY: '#/components/schemas/AccessPolicy'
+          IDP_DISCOVERY: '#/components/schemas/IdentityProviderPolicy'
+          MFA_ENROLL: '#/components/schemas/MultifactorEnrollmentPolicy'
+          OAUTH_AUTHORIZATION_POLICY: '#/components/schemas/AuthorizationServerPolicy'
+          OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
+          PASSWORD: '#/components/schemas/PasswordPolicy'
+          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicy'
+        propertyName: type
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        description:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        priority:
+          type: integer
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        system:
+          type: boolean
+        type:
+          $ref: '#/components/schemas/PolicyType'
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    PolicyAccess:
+      enum:
+      - ALLOW
+      - DENY
+      type: string
+    PolicyAccountLink:
+      properties:
+        action:
+          $ref: '#/components/schemas/PolicyAccountLinkAction'
+        filter:
+          $ref: '#/components/schemas/PolicyAccountLinkFilter'
+      type: object
+    PolicyAccountLinkAction:
+      enum:
+      - AUTO
+      - DISABLED
+      type: string
+    PolicyAccountLinkFilter:
+      properties:
+        groups:
+          $ref: '#/components/schemas/PolicyAccountLinkFilterGroups'
+      type: object
+    PolicyAccountLinkFilterGroups:
+      properties:
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    PolicyNetworkCondition:
+      properties:
+        connection:
+          $ref: '#/components/schemas/PolicyNetworkConnection'
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    PolicyNetworkConnection:
+      enum:
+      - ANYWHERE
+      - ZONE
+      type: string
+    PolicyPeopleCondition:
+      properties:
+        groups:
+          $ref: '#/components/schemas/GroupCondition'
+        users:
+          $ref: '#/components/schemas/UserCondition'
+      type: object
+    PolicyPlatformOperatingSystemType:
+      enum:
+      - ANDROID
+      - ANY
+      - IOS
+      - OSX
+      - OTHER
+      - WINDOWS
+      type: string
+    PolicyPlatformType:
+      enum:
+      - ANY
+      - DESKTOP
+      - MOBILE
+      - OTHER
+      type: string
+    PolicyRule:
+      discriminator:
+        mapping:
+          ACCESS_POLICY: '#/components/schemas/AccessPolicyRule'
+          PASSWORD: '#/components/schemas/PasswordPolicyRule'
+          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicyRule'
+          RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
+          SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
+        propertyName: type
+      properties:
+        created:
+          format: date-time
+          nullable: true
+          readOnly: true
+          type: string
+        id:
+          type: string
+        lastUpdated:
+          format: date-time
+          nullable: true
+          readOnly: true
+          type: string
+        name:
+          type: string
+        priority:
+          type: integer
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        system:
+          default: false
+          type: boolean
+        type:
+          $ref: '#/components/schemas/PolicyRuleType'
+      type: object
+    PolicyRuleActions:
+      properties:
+        enroll:
+          $ref: '#/components/schemas/PolicyRuleActionsEnroll'
+        idp:
+          $ref: '#/components/schemas/IdpPolicyRuleAction'
+        passwordChange:
+          $ref: '#/components/schemas/PasswordPolicyRuleAction'
+        selfServicePasswordReset:
+          $ref: '#/components/schemas/PasswordPolicyRuleAction'
+        selfServiceUnlock:
+          $ref: '#/components/schemas/PasswordPolicyRuleAction'
+        signon:
+          $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions'
+      type: object
+    PolicyRuleActionsEnroll:
+      properties:
+        self:
+          $ref: '#/components/schemas/PolicyRuleActionsEnrollSelf'
+      type: object
+    PolicyRuleActionsEnrollSelf:
+      enum:
+      - CHALLENGE
+      - LOGIN
+      - NEVER
+      type: string
+    PolicyRuleAuthContextCondition:
+      properties:
+        authType:
+          $ref: '#/components/schemas/PolicyRuleAuthContextType'
+      type: object
+    PolicyRuleAuthContextType:
+      enum:
+      - ANY
+      - RADIUS
+      type: string
+    PolicyRuleConditions:
+      properties:
+        app:
+          $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
+        apps:
+          $ref: '#/components/schemas/AppInstancePolicyRuleCondition'
+        authContext:
+          $ref: '#/components/schemas/PolicyRuleAuthContextCondition'
+        authProvider:
+          $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition'
+        beforeScheduledAction:
+          $ref: '#/components/schemas/BeforeScheduledActionPolicyRuleCondition'
+        clients:
+          $ref: '#/components/schemas/ClientPolicyCondition'
+        context:
+          $ref: '#/components/schemas/ContextPolicyRuleCondition'
+        device:
+          $ref: '#/components/schemas/DevicePolicyRuleCondition'
+        grantTypes:
+          $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
+        groups:
+          $ref: '#/components/schemas/GroupPolicyRuleCondition'
+        identityProvider:
+          $ref: '#/components/schemas/IdentityProviderPolicyRuleCondition'
+        mdmEnrollment:
+          $ref: '#/components/schemas/MDMEnrollmentPolicyRuleCondition'
+        network:
+          $ref: '#/components/schemas/PolicyNetworkCondition'
+        people:
+          $ref: '#/components/schemas/PolicyPeopleCondition'
+        platform:
+          $ref: '#/components/schemas/PlatformPolicyRuleCondition'
+        risk:
+          $ref: '#/components/schemas/RiskPolicyRuleCondition'
+        riskScore:
+          $ref: '#/components/schemas/RiskScorePolicyRuleCondition'
+        scopes:
+          $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+        userIdentifier:
+          $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
+        users:
+          $ref: '#/components/schemas/UserPolicyRuleCondition'
+        userStatus:
+          $ref: '#/components/schemas/UserStatusPolicyRuleCondition'
+      type: object
+    PolicyRuleType:
+      enum:
+      - ACCESS_POLICY
+      - IDP_DISCOVERY
+      - MFA_ENROLL
+      - PASSWORD
+      - PROFILE_ENROLLMENT
+      - RESOURCE_ACCESS
+      - SIGN_ON
+      type: string
+    PolicySubject:
+      properties:
+        filter:
+          type: string
+        format:
+          items:
+            type: string
+          type: array
+        matchAttribute:
+          type: string
+        matchType:
+          $ref: '#/components/schemas/PolicySubjectMatchType'
+        userNameTemplate:
+          $ref: '#/components/schemas/PolicyUserNameTemplate'
+      type: object
+    PolicySubjectMatchType:
+      enum:
+      - CUSTOM_ATTRIBUTE
+      - EMAIL
+      - USERNAME
+      - USERNAME_OR_EMAIL
+      type: string
+    PolicyType:
+      enum:
+      - ACCESS_POLICY
+      - IDP_DISCOVERY
+      - MFA_ENROLL
+      - OAUTH_AUTHORIZATION_POLICY
+      - OKTA_SIGN_ON
+      - PASSWORD
+      - PROFILE_ENROLLMENT
+      type: string
+    PolicyUserNameTemplate:
+      properties:
+        template:
+          type: string
+      type: object
+    PolicyUserStatus:
+      enum:
+      - ACTIVATING
+      - ACTIVE
+      - DELETED
+      - DELETING
+      - EXPIRED_PASSWORD
+      - INACTIVE
+      - PENDING
+      - SUSPENDED
+      type: string
+    PossessionConstraint:
+      allOf:
+      - $ref: '#/components/schemas/AccessPolicyConstraint'
+      - $ref: '#/components/schemas/PossessionConstraint_allOf'
+    PreRegistrationInlineHook:
+      properties:
+        inlineHookId:
+          type: string
+      type: object
+    PrincipalRateLimitEntity:
+      description: ""
+      example:
+        defaultConcurrencyPercentage: 0
+        lastUpdatedBy: lastUpdatedBy
+        createdDate: 2000-01-23T04:56:07.000+00:00
+        createdBy: createdBy
+        lastUpdate: 2000-01-23T04:56:07.000+00:00
+        defaultPercentage: 6
+        principalId: principalId
+        id: id
+        orgId: orgId
+        principalType: null
+      properties:
+        createdBy:
+          readOnly: true
+          type: string
+        createdDate:
+          format: date-time
+          readOnly: true
+          type: string
+        defaultConcurrencyPercentage:
+          readOnly: true
+          type: integer
+        defaultPercentage:
+          readOnly: true
+          type: integer
+        id:
+          readOnly: true
+          type: string
+        lastUpdate:
+          format: date-time
+          readOnly: true
+          type: string
+        lastUpdatedBy:
+          readOnly: true
+          type: string
+        orgId:
+          readOnly: true
+          type: string
+        principalId:
+          type: string
+        principalType:
+          $ref: '#/components/schemas/PrincipalType'
+      required:
+      - principalId
+      - principalType
+      title: PrincipalRateLimitEntity
+      type: object
+    PrincipalType:
+      enum:
+      - SSWS_TOKEN
+      type: string
+    ProfileEnrollmentPolicy:
+      allOf:
+      - $ref: '#/components/schemas/Policy'
+      - $ref: '#/components/schemas/AccessPolicy_allOf'
+    ProfileEnrollmentPolicyRule:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRule'
+      - $ref: '#/components/schemas/ProfileEnrollmentPolicyRule_allOf'
+    ProfileEnrollmentPolicyRuleAction:
+      properties:
+        access:
+          type: string
+        activationRequirements:
+          $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActivationRequirement'
+        preRegistrationInlineHooks:
+          items:
+            $ref: '#/components/schemas/PreRegistrationInlineHook'
+          type: array
+        profileAttributes:
+          items:
+            $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleProfileAttribute'
+          type: array
+        targetGroupIds:
+          items:
+            type: string
+          type: array
+        unknownUserAction:
+          type: string
+      type: object
+    ProfileEnrollmentPolicyRuleActions:
+      allOf:
+      - $ref: '#/components/schemas/PolicyRuleActions'
+      - $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActions_allOf'
+    ProfileEnrollmentPolicyRuleActivationRequirement:
+      properties:
+        emailVerification:
+          type: boolean
+      type: object
+    ProfileEnrollmentPolicyRuleProfileAttribute:
+      properties:
+        label:
+          type: string
+        name:
+          type: string
+        required:
+          type: boolean
+      type: object
+    ProfileMapping:
+      example:
+        _links:
+          key: "{}"
+        id: id
+        source:
+          _links:
+            key: "{}"
+          name: name
+          id: id
+          type: type
+        properties:
+          key:
+            expression: expression
+            pushStatus: null
+        target:
+          _links:
+            key: "{}"
+          name: name
+          id: id
+          type: type
+      properties:
+        id:
+          readOnly: true
+          type: string
+        properties:
+          additionalProperties:
+            $ref: '#/components/schemas/ProfileMappingProperty'
+          readOnly: true
+          type: object
+        source:
+          $ref: '#/components/schemas/ProfileMappingSource'
+        target:
+          $ref: '#/components/schemas/ProfileMappingSource'
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ProfileMappingProperty:
+      example:
+        expression: expression
+        pushStatus: null
+      properties:
+        expression:
+          type: string
+        pushStatus:
+          $ref: '#/components/schemas/ProfileMappingPropertyPushStatus'
+      type: object
+    ProfileMappingPropertyPushStatus:
+      enum:
+      - DONT_PUSH
+      - PUSH
+      type: string
+    ProfileMappingSource:
+      example:
+        _links:
+          key: "{}"
+        name: name
+        id: id
+        type: type
+      properties:
+        id:
+          readOnly: true
+          type: string
+        name:
+          readOnly: true
+          type: string
+        type:
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ProfileSettingObject:
+      example:
+        status: null
+      properties:
+        status:
+          $ref: '#/components/schemas/EnabledStatus'
+      type: object
+    Protocol:
+      example:
+        algorithms:
+          request:
+            signature:
+              scope: null
+              algorithm: algorithm
+          response:
+            signature:
+              scope: null
+              algorithm: algorithm
+        relayState:
+          format: null
+        settings:
+          nameFormat: nameFormat
+        endpoints:
+          acs:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+          authorization:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+          userInfo:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+          metadata:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+          jwks:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+          slo:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+          sso:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+          token:
+            destination: destination
+            binding: null
+            type: null
+            url: url
+        credentials:
+          trust:
+            revocation: null
+            audience: audience
+            revocationCacheLifetime: 0
+            kid: kid
+            issuer: issuer
+          client:
+            client_secret: client_secret
+            client_id: client_id
+          signing:
+            kid: kid
+        scopes:
+        - scopes
+        - scopes
+        type: null
+        issuer:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+      properties:
+        algorithms:
+          $ref: '#/components/schemas/ProtocolAlgorithms'
+        credentials:
+          $ref: '#/components/schemas/IdentityProviderCredentials'
+        endpoints:
+          $ref: '#/components/schemas/ProtocolEndpoints'
+        issuer:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        relayState:
+          $ref: '#/components/schemas/ProtocolRelayState'
+        scopes:
+          items:
+            type: string
+          type: array
+        settings:
+          $ref: '#/components/schemas/ProtocolSettings'
+        type:
+          $ref: '#/components/schemas/ProtocolType'
+      type: object
+    ProtocolAlgorithmType:
+      example:
+        signature:
+          scope: null
+          algorithm: algorithm
+      properties:
+        signature:
+          $ref: '#/components/schemas/ProtocolAlgorithmTypeSignature'
+      type: object
+    ProtocolAlgorithmTypeSignature:
+      example:
+        scope: null
+        algorithm: algorithm
+      properties:
+        algorithm:
+          type: string
+        scope:
+          $ref: '#/components/schemas/ProtocolAlgorithmTypeSignatureScope'
+      type: object
+    ProtocolAlgorithmTypeSignatureScope:
+      enum:
+      - ANY
+      - NONE
+      - REQUEST
+      - RESPONSE
+      - TOKEN
+      type: string
+    ProtocolAlgorithms:
+      example:
+        request:
+          signature:
+            scope: null
+            algorithm: algorithm
+        response:
+          signature:
+            scope: null
+            algorithm: algorithm
+      properties:
+        request:
+          $ref: '#/components/schemas/ProtocolAlgorithmType'
+        response:
+          $ref: '#/components/schemas/ProtocolAlgorithmType'
+      type: object
+    ProtocolEndpoint:
+      example:
+        destination: destination
+        binding: null
+        type: null
+        url: url
+      properties:
+        binding:
+          $ref: '#/components/schemas/ProtocolEndpointBinding'
+        destination:
+          type: string
+        type:
+          $ref: '#/components/schemas/ProtocolEndpointType'
+        url:
+          type: string
+      type: object
+    ProtocolEndpointBinding:
+      enum:
+      - HTTP-POST
+      - HTTP-REDIRECT
+      type: string
+    ProtocolEndpointType:
+      enum:
+      - INSTANCE
+      - ORG
+      type: string
+    ProtocolEndpoints:
+      example:
+        acs:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+        authorization:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+        userInfo:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+        metadata:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+        jwks:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+        slo:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+        sso:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+        token:
+          destination: destination
+          binding: null
+          type: null
+          url: url
+      properties:
+        acs:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        authorization:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        jwks:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        metadata:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        slo:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        sso:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        token:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+        userInfo:
+          $ref: '#/components/schemas/ProtocolEndpoint'
+      type: object
+    ProtocolRelayState:
+      example:
+        format: null
+      properties:
+        format:
+          $ref: '#/components/schemas/ProtocolRelayStateFormat'
+      type: object
+    ProtocolRelayStateFormat:
+      enum:
+      - FROM_URL
+      - OPAQUE
+      type: string
+    ProtocolSettings:
+      example:
+        nameFormat: nameFormat
+      properties:
+        nameFormat:
+          type: string
+      type: object
+    ProtocolType:
+      enum:
+      - MTLS
+      - OAUTH2
+      - OIDC
+      - SAML2
+      type: string
+    ProviderType:
+      enum:
+      - APNS
+      - FCM
+      type: string
+    Provisioning:
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningAction'
+        conditions:
+          $ref: '#/components/schemas/ProvisioningConditions'
+        groups:
+          $ref: '#/components/schemas/ProvisioningGroups'
+        profileMaster:
+          type: boolean
+      type: object
+    ProvisioningAction:
+      enum:
+      - AUTO
+      - CALLOUT
+      - DISABLED
+      type: string
+    ProvisioningConditions:
+      properties:
+        deprovisioned:
+          $ref: '#/components/schemas/ProvisioningDeprovisionedCondition'
+        suspended:
+          $ref: '#/components/schemas/ProvisioningSuspendedCondition'
+      type: object
+    ProvisioningConnection:
+      example:
+        _links:
+          key: "{}"
+        authScheme: null
+        status: null
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
+        status:
+          $ref: '#/components/schemas/ProvisioningConnectionStatus'
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ProvisioningConnectionAuthScheme:
+      enum:
+      - TOKEN
+      - UNKNOWN
+      type: string
+    ProvisioningConnectionProfile:
+      example:
+        authScheme: null
+        token: token
+      properties:
+        authScheme:
+          $ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
+        token:
+          type: string
+      type: object
+    ProvisioningConnectionRequest:
+      example:
+        profile:
+          authScheme: null
+          token: token
+      properties:
+        profile:
+          $ref: '#/components/schemas/ProvisioningConnectionProfile'
+      type: object
+    ProvisioningConnectionStatus:
+      enum:
+      - DISABLED
+      - ENABLED
+      - UNKNOWN
+      type: string
+    ProvisioningDeprovisionedAction:
+      enum:
+      - NONE
+      - REACTIVATE
+      type: string
+    ProvisioningDeprovisionedCondition:
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningDeprovisionedAction'
+      type: object
+    ProvisioningGroups:
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningGroupsAction'
+        assignments:
+          items:
+            type: string
+          type: array
+        filter:
+          items:
+            type: string
+          type: array
+        sourceAttributeName:
+          type: string
+      type: object
+    ProvisioningGroupsAction:
+      enum:
+      - APPEND
+      - ASSIGN
+      - NONE
+      - SYNC
+      type: string
+    ProvisioningSuspendedAction:
+      enum:
+      - NONE
+      - UNSUSPEND
+      type: string
+    ProvisioningSuspendedCondition:
+      properties:
+        action:
+          $ref: '#/components/schemas/ProvisioningSuspendedAction'
+      type: object
+    PushProvider:
+      discriminator:
+        mapping:
+          APNS: '#/components/schemas/APNSPushProvider'
+          FCM: '#/components/schemas/FCMPushProvider'
+        propertyName: providerType
+      properties:
+        id:
+          readOnly: true
+          type: string
+        lastUpdatedDate:
+          readOnly: true
+          type: string
+        name:
+          description: Display name of the push provider
+          type: string
+        providerType:
+          $ref: '#/components/schemas/ProviderType'
+        _links:
+          $ref: '#/components/schemas/ApiToken__link'
+      title: PushProvider
+      type: object
+    PushUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/PushUserFactor_allOf'
+    PushUserFactorProfile:
+      properties:
+        credentialId:
+          type: string
+        deviceToken:
+          type: string
+        deviceType:
+          type: string
+        name:
+          type: string
+        platform:
+          type: string
+        version:
+          type: string
+      type: object
+    RateLimitAdminNotifications:
+      description: ""
+      example:
+        notificationsEnabled: true
+      properties:
+        notificationsEnabled:
+          type: boolean
+      required:
+      - notificationsEnabled
+      title: RateLimitAdminNotifications
+      type: object
+    RecoveryQuestionCredential:
+      example:
+        answer: answer
+        question: question
+      properties:
+        answer:
+          type: string
+        question:
+          type: string
+      type: object
+    ReleaseChannel:
+      description: Release channel for auto-update
+      enum:
+      - BETA
+      - EA
+      - GA
+      - TEST
+      type: string
+    RequiredEnum:
+      enum:
+      - ALWAYS
+      - HIGH_RISK_ONLY
+      - NEVER
+      type: string
+    ResetPasswordToken:
+      example:
+        resetPasswordUrl: resetPasswordUrl
+      properties:
+        resetPasswordUrl:
+          readOnly: true
+          type: string
+      type: object
+    ResourceSet:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          bindings:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          resources:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        description: description
+        id: id
+        label: label
+      properties:
+        created:
+          description: Timestamp when the role was created
+          format: date-time
+          readOnly: true
+          type: string
+        description:
+          description: Description of the resource set
+          type: string
+        id:
+          description: Unique key for the role
+          readOnly: true
+          type: string
+        label:
+          description: Unique label for the resource set
+          type: string
+        lastUpdated:
+          description: Timestamp when the role was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        _links:
+          $ref: '#/components/schemas/ResourceSet__links'
+      type: object
+    ResourceSetBindingAddMembersRequest:
+      example:
+        additions:
+        - additions
+        - additions
+      properties:
+        additions:
+          items:
+            type: string
+          type: array
+      type: object
+    ResourceSetBindingCreateRequest:
+      example:
+        role: role
+        members:
+        - members
+        - members
+      properties:
+        members:
+          items:
+            type: string
+          type: array
+        role:
+          description: Unique key for the role
+          type: string
+      type: object
+    ResourceSetBindingMember:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        id: id
+      properties:
+        created:
+          description: Timestamp when the role was created
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          description: Unique key for the role
+          readOnly: true
+          type: string
+        lastUpdated:
+          description: Timestamp when the role was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        _links:
+          $ref: '#/components/schemas/ApiToken__link'
+      type: object
+    ResourceSetBindingMembers:
+      example:
+        _links:
+          next:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          binding:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        members:
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          id: id
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          id: id
+      properties:
+        members:
+          items:
+            $ref: '#/components/schemas/ResourceSetBindingMember'
+          type: array
+        _links:
+          $ref: '#/components/schemas/ResourceSetBindingMembers__links'
+      type: object
+    ResourceSetBindingResponse:
+      example:
+        _links:
+          resource-set:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          bindings:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        id: id
+      properties:
+        id:
+          description: '`id` of the role'
+          type: string
+        _links:
+          $ref: '#/components/schemas/ResourceSetBindingResponse__links'
+      type: object
+    ResourceSetBindingRole:
+      example:
+        _links:
+          members:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        id: id
+      properties:
+        id:
+          type: string
+        _links:
+          $ref: '#/components/schemas/ResourceSetBindingRole__links'
+      type: object
+    ResourceSetBindings:
+      example:
+        _links:
+          resource-set:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          bindings:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        roles:
+        - _links:
+            members:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          id: id
+        - _links:
+            members:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          id: id
+      properties:
+        roles:
+          items:
+            $ref: '#/components/schemas/ResourceSetBindingRole'
+          type: array
+        _links:
+          $ref: '#/components/schemas/ResourceSetBindingResponse__links'
+      type: object
+    ResourceSetResource:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        description: description
+        id: id
+      properties:
+        created:
+          description: Timestamp when the role was created
+          format: date-time
+          readOnly: true
+          type: string
+        description:
+          description: Description of the resource set
+          type: string
+        id:
+          description: Unique key for the role
+          readOnly: true
+          type: string
+        lastUpdated:
+          description: Timestamp when the role was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ResourceSetResourcePatchRequest:
+      example:
+        additions:
+        - additions
+        - additions
+      properties:
+        additions:
+          items:
+            type: string
+          type: array
+      type: object
+    ResourceSetResources:
+      example:
+        _links:
+          next:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          resource-set:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        resources:
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            key: "{}"
+          created: 2000-01-23T04:56:07.000+00:00
+          description: description
+          id: id
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            key: "{}"
+          created: 2000-01-23T04:56:07.000+00:00
+          description: description
+          id: id
+      properties:
+        resources:
+          items:
+            $ref: '#/components/schemas/ResourceSetResource'
+          type: array
+        _links:
+          $ref: '#/components/schemas/ResourceSetResources__links'
+      type: object
+    ResourceSets:
+      example:
+        resource-sets:
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            bindings:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            resources:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          description: description
+          id: id
+          label: label
+        - lastUpdated: 2000-01-23T04:56:07.000+00:00
+          _links:
+            bindings:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            resources:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          created: 2000-01-23T04:56:07.000+00:00
+          description: description
+          id: id
+          label: label
+        _links:
+          next:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+      properties:
+        resource-sets:
+          items:
+            $ref: '#/components/schemas/ResourceSet'
+          type: array
+        _links:
+          $ref: '#/components/schemas/IamRoles__links'
+      type: object
+    ResponseLinks:
+      type: object
+    RiskEvent:
+      example:
+        subjects:
+        - riskLevel: null
+          ip: ip
+          message: message
+        - riskLevel: null
+          ip: ip
+          message: message
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+        timestamp: 2000-01-23T04:56:07.000+00:00
+      properties:
+        expiresAt:
+          description: "Time stamp at which the event expires (Expressed as a UTC\
+            \ time zone using ISO 8601 format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'). If this\
+            \ optional field is not included, Okta automatically expires the event\
+            \ 24 hours after the event is consumed."
+          format: date-time
+          type: string
+        subjects:
+          items:
+            $ref: '#/components/schemas/RiskEventSubject'
+          type: array
+        timestamp:
+          description: "Time stamp at which the event is produced (Expressed as a\
+            \ UTC time zone using ISO 8601 format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z')."
+          format: date-time
+          type: string
+      required:
+      - subjects
+      type: object
+    RiskEventSubject:
+      example:
+        riskLevel: null
+        ip: ip
+        message: message
+      properties:
+        ip:
+          description: Either an IpV4 or IpV6 address.
+          type: string
+        message:
+          description: Any additional message that the provider can send specifying
+            the reason for the risk level of the IP.
+          maxLength: 512
+          pattern: "^[a-zA-Z0-9.\\-_]$"
+          type: string
+        riskLevel:
+          $ref: '#/components/schemas/RiskEventSubjectRiskLevel'
+      required:
+      - ip
+      type: object
+    RiskEventSubjectRiskLevel:
+      enum:
+      - HIGH
+      - LOW
+      - MEDIUM
+      type: string
+    RiskPolicyRuleCondition:
+      properties:
+        behaviors:
+          items:
+            type: string
+          type: array
+          uniqueItems: true
+      type: object
+    RiskProvider:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        clientId: clientId
+        _links:
+          self:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        created: 2000-01-23T04:56:07.000+00:00
+        name: name
+        action: null
+        id: id
+      properties:
+        action:
+          $ref: '#/components/schemas/RiskProviderAction'
+        clientId:
+          description: "The ID of the [OAuth service app](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/#create-a-service-app-and-grant-scopes)\
+            \ that is used to send risk events to Okta"
+          type: string
+        created:
+          description: Timestamp when the risk provider was created
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          description: The ID of the risk provider
+          readOnly: true
+          type: string
+        lastUpdated:
+          description: Timestamp when the risk provider was last updated
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          description: Name of the risk provider
+          maxLength: 50
+          type: string
+        _links:
+          $ref: '#/components/schemas/ApiToken__link'
+      required:
+      - clientId
+      - name
+      type: object
+    RiskProviderAction:
+      default: log_only
+      description: The action taken by Okta during authentication attempts based on
+        the risk events sent by this provider. Logging can be found in the SystemLogs.
+      enum:
+      - enforce_and_log
+      - log_only
+      - none
+      type: string
+    RiskScorePolicyRuleCondition:
+      properties:
+        level:
+          type: string
+      type: object
+    Role:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _embedded:
+          key: "{}"
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        description: description
+        id: id
+        label: label
+        type: null
+        assignmentType: null
+        status: null
+      properties:
+        assignmentType:
+          $ref: '#/components/schemas/RoleAssignmentType'
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        description:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        label:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        status:
+          $ref: '#/components/schemas/LifecycleStatus'
+        type:
+          $ref: '#/components/schemas/RoleType'
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    RoleAssignmentType:
+      enum:
+      - GROUP
+      - USER
+      type: string
+    RolePermissionType:
+      enum:
+      - okta.apps.assignment.manage
+      - okta.apps.manage
+      - okta.apps.manageFirstPartyApps
+      - okta.apps.read
+      - okta.authzServers.manage
+      - okta.authzServers.read
+      - okta.customizations.manage
+      - okta.customizations.read
+      - okta.governance.accessCertifications.manage
+      - okta.governance.accessRequests.manage
+      - okta.groups.appAssignment.manage
+      - okta.groups.create
+      - okta.groups.manage
+      - okta.groups.members.manage
+      - okta.groups.read
+      - okta.profilesources.import.run
+      - okta.users.appAssignment.manage
+      - okta.users.create
+      - okta.users.credentials.expirePassword
+      - okta.users.credentials.manage
+      - okta.users.credentials.resetFactors
+      - okta.users.credentials.resetPassword
+      - okta.users.groupMembership.manage
+      - okta.users.lifecycle.activate
+      - okta.users.lifecycle.clearSessions
+      - okta.users.lifecycle.deactivate
+      - okta.users.lifecycle.delete
+      - okta.users.lifecycle.manage
+      - okta.users.lifecycle.suspend
+      - okta.users.lifecycle.unlock
+      - okta.users.lifecycle.unsuspend
+      - okta.users.manage
+      - okta.users.read
+      - okta.users.userprofile.manage
+      type: string
+    RoleType:
+      enum:
+      - API_ACCESS_MANAGEMENT_ADMIN
+      - APP_ADMIN
+      - GROUP_MEMBERSHIP_ADMIN
+      - HELP_DESK_ADMIN
+      - MOBILE_ADMIN
+      - ORG_ADMIN
+      - READ_ONLY_ADMIN
+      - REPORT_ADMIN
+      - SUPER_ADMIN
+      - USER_ADMIN
+      type: string
+    SafeBrowsingProtectionLevel:
+      description: Represents the current value of the Safe Browsing protection level
+      enum:
+      - ENHANCED_PROTECTION
+      - NO_SAFE_BROWSING
+      - STANDARD_PROTECTION
+      example: ENHANCED_PROTECTION
+      type: string
+      x-enumDescriptions:
+        NO_SAFE_BROWSING: Safe Browsing is never active
+        STANDARD_PROTECTION: Safe Browsing is active in the standard mode
+        ENHANCED_PROTECTION: Safe Browsing is active in the enhanced mode
+    SamlApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/SamlApplication_allOf'
+    SamlApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/SamlApplicationSettings_allOf'
+    SamlApplicationSettingsApplication:
+      properties:
+        acsUrl:
+          type: string
+        audRestriction:
+          type: string
+        baseUrl:
+          type: string
+      type: object
+    SamlApplicationSettingsSignOn:
+      properties:
+        acsEndpoints:
+          items:
+            $ref: '#/components/schemas/AcsEndpoint'
+          type: array
+        allowMultipleAcsEndpoints:
+          type: boolean
+        assertionSigned:
+          type: boolean
+        attributeStatements:
+          items:
+            $ref: '#/components/schemas/SamlAttributeStatement'
+          type: array
+        audience:
+          type: string
+        audienceOverride:
+          type: string
+        authnContextClassRef:
+          type: string
+        defaultRelayState:
+          type: string
+        destination:
+          type: string
+        destinationOverride:
+          type: string
+        digestAlgorithm:
+          type: string
+        honorForceAuthn:
+          type: boolean
+        idpIssuer:
+          type: string
+        inlineHooks:
+          items:
+            $ref: '#/components/schemas/SignOnInlineHook'
+          type: array
+        recipient:
+          type: string
+        recipientOverride:
+          type: string
+        requestCompressed:
+          type: boolean
+        responseSigned:
+          type: boolean
+        signatureAlgorithm:
+          type: string
+        slo:
+          $ref: '#/components/schemas/SingleLogout'
+        spCertificate:
+          $ref: '#/components/schemas/SpCertificate'
+        spIssuer:
+          type: string
+        ssoAcsUrl:
+          type: string
+        ssoAcsUrlOverride:
+          type: string
+        subjectNameIdFormat:
+          type: string
+        subjectNameIdTemplate:
+          type: string
+      type: object
+    SamlAttributeStatement:
+      properties:
+        filterType:
+          type: string
+        filterValue:
+          type: string
+        name:
+          type: string
+        namespace:
+          type: string
+        type:
+          type: string
+        values:
+          items:
+            type: string
+          type: array
+      type: object
+    ScheduledUserLifecycleAction:
+      properties:
+        status:
+          $ref: '#/components/schemas/PolicyUserStatus'
+      type: object
+    SchemeApplicationCredentials:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationCredentials'
+      - $ref: '#/components/schemas/SchemeApplicationCredentials_allOf'
+    ScreenLockType:
+      enum:
+      - BIOMETRIC
+      - PASSCODE
+      type: string
+    SecurePasswordStoreApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/SecurePasswordStoreApplication_allOf'
+      x-okta-defined-as:
+        name: template_sps
+    SecurePasswordStoreApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings_allOf'
+    SecurePasswordStoreApplicationSettingsApplication:
+      properties:
+        optionalField1:
+          type: string
+        optionalField1Value:
+          type: string
+        optionalField2:
+          type: string
+        optionalField2Value:
+          type: string
+        optionalField3:
+          type: string
+        optionalField3Value:
+          type: string
+        passwordField:
+          type: string
+        url:
+          type: string
+        usernameField:
+          type: string
+      type: object
+    SecurityQuestion:
+      example:
+        answer: answer
+        question: question
+        questionText: questionText
+      properties:
+        answer:
+          type: string
+        question:
+          type: string
+        questionText:
+          type: string
+      type: object
+    SecurityQuestionUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/SecurityQuestionUserFactor_allOf'
+    SecurityQuestionUserFactorProfile:
+      properties:
+        answer:
+          type: string
+        question:
+          type: string
+        questionText:
+          type: string
+      type: object
+    SeedEnum:
+      enum:
+      - OKTA
+      - RANDOM
+      type: string
+    Session:
+      example:
+        createdAt: 2000-01-23T04:56:07.000+00:00
+        lastFactorVerification: 2000-01-23T04:56:07.000+00:00
+        idp:
+          id: id
+          type: null
+        _links:
+          key: "{}"
+        amr:
+        - null
+        - null
+        id: id
+        login: login
+        userId: userId
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+        lastPasswordVerification: 2000-01-23T04:56:07.000+00:00
+        status: null
+      properties:
+        amr:
+          items:
+            $ref: '#/components/schemas/SessionAuthenticationMethod'
+          readOnly: true
+          type: array
+        createdAt:
+          format: date-time
+          readOnly: true
+          type: string
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        idp:
+          $ref: '#/components/schemas/SessionIdentityProvider'
+        lastFactorVerification:
+          format: date-time
+          readOnly: true
+          type: string
+        lastPasswordVerification:
+          format: date-time
+          readOnly: true
+          type: string
+        login:
+          readOnly: true
+          type: string
+        status:
+          $ref: '#/components/schemas/SessionStatus'
+        userId:
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    SessionAuthenticationMethod:
+      enum:
+      - fpt
+      - geo
+      - hwk
+      - kba
+      - mca
+      - mfa
+      - otp
+      - pwd
+      - sc
+      - sms
+      - swk
+      - tel
+      type: string
+    SessionIdentityProvider:
+      example:
+        id: id
+        type: null
+      properties:
+        id:
+          readOnly: true
+          type: string
+        type:
+          $ref: '#/components/schemas/SessionIdentityProviderType'
+      type: object
+    SessionIdentityProviderType:
+      enum:
+      - ACTIVE_DIRECTORY
+      - FEDERATION
+      - LDAP
+      - OKTA
+      - SOCIAL
+      type: string
+    SessionStatus:
+      enum:
+      - ACTIVE
+      - MFA_ENROLL
+      - MFA_REQUIRED
+      type: string
+    SignInPage:
+      allOf:
+      - $ref: '#/components/schemas/CustomizablePage'
+      - $ref: '#/components/schemas/SignInPage_allOf'
+    SignInPageTouchPointVariant:
+      enum:
+      - BACKGROUND_IMAGE
+      - BACKGROUND_SECONDARY_COLOR
+      - OKTA_DEFAULT
+      type: string
+    SignOnInlineHook:
+      properties:
+        id:
+          readOnly: false
+          type: string
+    SingleLogout:
+      properties:
+        enabled:
+          type: boolean
+        issuer:
+          type: string
+        logoutUrl:
+          type: string
+      type: object
+    SmsTemplate:
+      example:
+        template: template
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        created: 2000-01-23T04:56:07.000+00:00
+        translations: "{}"
+        name: name
+        id: id
+        type: null
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        name:
+          type: string
+        template:
+          type: string
+        translations:
+          type: object
+          x-okta-extensible: true
+        type:
+          $ref: '#/components/schemas/SmsTemplateType'
+      type: object
+    SmsTemplateTranslations:
+      type: object
+      x-okta-extensible: true
+    SmsTemplateType:
+      enum:
+      - SMS_VERIFY_CODE
+      type: string
+    SmsUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/SmsUserFactor_allOf'
+    SmsUserFactorProfile:
+      properties:
+        phoneNumber:
+          type: string
+      type: object
+    SocialAuthToken:
+      example:
+        id: id
+        scopes:
+        - scopes
+        - scopes
+        tokenType: tokenType
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+        tokenAuthScheme: tokenAuthScheme
+        token: token
+      properties:
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        scopes:
+          items:
+            type: string
+          type: array
+        token:
+          type: string
+        tokenAuthScheme:
+          type: string
+        tokenType:
+          type: string
+      type: object
+    SpCertificate:
+      properties:
+        x5c:
+          items:
+            type: string
+          type: array
+      type: object
+    Subscription:
+      example:
+        channels:
+        - channels
+        - channels
+        _links:
+          key: "{}"
+        notificationType: null
+        status: null
+      properties:
+        channels:
+          items:
+            type: string
+          type: array
+        notificationType:
+          $ref: '#/components/schemas/NotificationType'
+        status:
+          $ref: '#/components/schemas/SubscriptionStatus'
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    SubscriptionStatus:
+      enum:
+      - subscribed
+      - unsubscribed
+      type: string
+    SwaApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/SwaApplicationSettings_allOf'
+    SwaApplicationSettingsApplication:
+      properties:
+        buttonField:
+          type: string
+        buttonSelector:
+          type: string
+        checkbox:
+          type: string
+        extraFieldSelector:
+          type: string
+        extraFieldValue:
+          type: string
+        loginUrlRegex:
+          type: string
+        passwordField:
+          type: string
+        passwordSelector:
+          type: string
+        redirectUrl:
+          type: string
+        targetURL:
+          type: string
+        url:
+          type: string
+        usernameField:
+          type: string
+        userNameSelector:
+          type: string
+      type: object
+    TempPassword:
+      example:
+        tempPassword: tempPassword
+      properties:
+        tempPassword:
+          readOnly: true
+          type: string
+      type: object
+    Theme:
+      example:
+        emailTemplateTouchPointVariant: null
+        signInPageTouchPointVariant: null
+        primaryColorContrastHex: primaryColorContrastHex
+        loadingPageTouchPointVariant: null
+        _links:
+          key: "{}"
+        backgroundImage: backgroundImage
+        secondaryColorHex: secondaryColorHex
+        secondaryColorContrastHex: secondaryColorContrastHex
+        primaryColorHex: primaryColorHex
+        errorPageTouchPointVariant: null
+        endUserDashboardTouchPointVariant: null
+      properties:
+        backgroundImage:
+          readOnly: true
+          type: string
+        emailTemplateTouchPointVariant:
+          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
+        endUserDashboardTouchPointVariant:
+          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
+        errorPageTouchPointVariant:
+          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
+        loadingPageTouchPointVariant:
+          $ref: '#/components/schemas/LoadingPageTouchPointVariant'
+        primaryColorContrastHex:
+          type: string
+        primaryColorHex:
+          type: string
+        secondaryColorContrastHex:
+          type: string
+        secondaryColorHex:
+          type: string
+        signInPageTouchPointVariant:
+          $ref: '#/components/schemas/SignInPageTouchPointVariant'
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ThemeResponse:
+      example:
+        primaryColorContrastHex: primaryColorContrastHex
+        favicon: favicon
+        _links:
+          key: "{}"
+        backgroundImage: backgroundImage
+        secondaryColorHex: secondaryColorHex
+        secondaryColorContrastHex: secondaryColorContrastHex
+        primaryColorHex: primaryColorHex
+        errorPageTouchPointVariant: null
+        emailTemplateTouchPointVariant: null
+        signInPageTouchPointVariant: null
+        loadingPageTouchPointVariant: null
+        logo: logo
+        id: id
+        endUserDashboardTouchPointVariant: null
+      properties:
+        backgroundImage:
+          readOnly: true
+          type: string
+        emailTemplateTouchPointVariant:
+          $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
+        endUserDashboardTouchPointVariant:
+          $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
+        errorPageTouchPointVariant:
+          $ref: '#/components/schemas/ErrorPageTouchPointVariant'
+        favicon:
+          readOnly: true
+          type: string
+        id:
+          readOnly: true
+          type: string
+        loadingPageTouchPointVariant:
+          $ref: '#/components/schemas/LoadingPageTouchPointVariant'
+        logo:
+          readOnly: true
+          type: string
+        primaryColorContrastHex:
+          type: string
+        primaryColorHex:
+          type: string
+        secondaryColorContrastHex:
+          type: string
+        secondaryColorHex:
+          type: string
+        signInPageTouchPointVariant:
+          $ref: '#/components/schemas/SignInPageTouchPointVariant'
+        _links:
+          additionalProperties:
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    ThreatInsightConfiguration:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        excludeZones:
+        - excludeZones
+        - excludeZones
+        action: action
+      properties:
+        action:
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        excludeZones:
+          items:
+            type: string
+          type: array
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    TimeDuration:
+      description: "A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations)."
+      pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$
+      type: string
+    TokenAuthorizationServerPolicyRuleAction:
+      properties:
+        accessTokenLifetimeMinutes:
+          type: integer
+        inlineHook:
+          $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook'
+        refreshTokenLifetimeMinutes:
+          type: integer
+        refreshTokenWindowMinutes:
+          type: integer
+      type: object
+    TokenAuthorizationServerPolicyRuleActionInlineHook:
+      properties:
+        id:
+          readOnly: false
+          type: string
+      type: object
+    TokenUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/TokenUserFactor_allOf'
+    TokenUserFactorProfile:
+      properties:
+        credentialId:
+          type: string
+      type: object
+    TotpUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/TotpUserFactor_allOf'
+    TotpUserFactorProfile:
+      properties:
+        credentialId:
+          type: string
+      type: object
+    TrustedOrigin:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        lastUpdatedBy: lastUpdatedBy
+        createdBy: createdBy
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        origin: origin
+        name: name
+        id: id
+        scopes:
+        - allowedOktaApps:
+          - null
+          - null
+          type: null
+        - allowedOktaApps:
+          - null
+          - null
+          type: null
+        status: status
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        createdBy:
+          type: string
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        lastUpdatedBy:
+          type: string
+        name:
+          type: string
+        origin:
+          type: string
+        scopes:
+          items:
+            $ref: '#/components/schemas/TrustedOriginScope'
+          type: array
+        status:
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    TrustedOriginScope:
+      example:
+        allowedOktaApps:
+        - null
+        - null
+        type: null
+      properties:
+        allowedOktaApps:
+          items:
+            $ref: '#/components/schemas/IframeEmbedScopeAllowedApps'
+          type: array
+        type:
+          $ref: '#/components/schemas/TrustedOriginScopeType'
+      type: object
+    TrustedOriginScopeType:
+      enum:
+      - CORS
+      - IFRAME_EMBED
+      - REDIRECT
+      type: string
+    U2fUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/U2fUserFactor_allOf'
+    U2fUserFactorProfile:
+      properties:
+        credentialId:
+          type: string
+      type: object
+    UpdateDomain:
+      example:
+        brandId: brandId
+      properties:
+        brandId:
+          type: string
+      type: object
+    UpdateEmailDomain:
+      allOf:
+      - $ref: '#/components/schemas/BaseEmailDomain'
+    UpdateUserRequest:
+      example:
+        credentials:
+          password:
+            hook:
+              type: type
+            value: value
+            hash:
+              salt: salt
+              saltOrder: saltOrder
+              workFactor: 0
+              value: value
+              algorithm: null
+          provider:
+            name: name
+            type: null
+          recovery_question:
+            answer: answer
+            question: question
+        profile:
+          profileUrl: profileUrl
+          lastName: lastName
+          zipCode: zipCode
+          preferredLanguage: preferredLanguage
+          city: city
+          displayName: displayName
+          timezone: timezone
+          locale: locale
+          login: login
+          title: title
+          employeeNumber: employeeNumber
+          division: division
+          honorificSuffix: honorificSuffix
+          countryCode: countryCode
+          state: state
+          department: department
+          email: email
+          manager: manager
+          costCenter: costCenter
+          nickName: nickName
+          secondEmail: secondEmail
+          honorificPrefix: honorificPrefix
+          managerId: managerId
+          firstName: firstName
+          primaryPhone: primaryPhone
+          postalAddress: postalAddress
+          mobilePhone: mobilePhone
+          streetAddress: streetAddress
+          organization: organization
+          middleName: middleName
+          userType: userType
+      properties:
+        credentials:
+          $ref: '#/components/schemas/UserCredentials'
+        profile:
+          $ref: '#/components/schemas/UserProfile'
+      type: object
+    User:
+      example:
+        lastLogin: 2000-01-23T04:56:07.000+00:00
+        transitioningToStatus: null
+        credentials:
+          password:
+            hook:
+              type: type
+            value: value
+            hash:
+              salt: salt
+              saltOrder: saltOrder
+              workFactor: 0
+              value: value
+              algorithm: null
+          provider:
+            name: name
+            type: null
+          recovery_question:
+            answer: answer
+            question: question
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        profile:
+          profileUrl: profileUrl
+          lastName: lastName
+          zipCode: zipCode
+          preferredLanguage: preferredLanguage
+          city: city
+          displayName: displayName
+          timezone: timezone
+          locale: locale
+          login: login
+          title: title
+          employeeNumber: employeeNumber
+          division: division
+          honorificSuffix: honorificSuffix
+          countryCode: countryCode
+          state: state
+          department: department
+          email: email
+          manager: manager
+          costCenter: costCenter
+          nickName: nickName
+          secondEmail: secondEmail
+          honorificPrefix: honorificPrefix
+          managerId: managerId
+          firstName: firstName
+          primaryPhone: primaryPhone
+          postalAddress: postalAddress
+          mobilePhone: mobilePhone
+          streetAddress: streetAddress
+          organization: organization
+          middleName: middleName
+          userType: userType
+        type:
+          lastUpdated: 2000-01-23T04:56:07.000+00:00
+          lastUpdatedBy: lastUpdatedBy
+          default: true
+          createdBy: createdBy
+          _links:
+            key: "{}"
+          created: 2000-01-23T04:56:07.000+00:00
+          displayName: displayName
+          name: name
+          description: description
+          id: id
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        passwordChanged: 2000-01-23T04:56:07.000+00:00
+        _embedded:
+          key: "{}"
+        statusChanged: 2000-01-23T04:56:07.000+00:00
+        id: id
+        activated: 2000-01-23T04:56:07.000+00:00
+        status: null
+      properties:
+        activated:
+          format: date-time
+          nullable: true
+          readOnly: true
+          type: string
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        credentials:
+          $ref: '#/components/schemas/UserCredentials'
+        id:
+          readOnly: true
+          type: string
+        lastLogin:
+          format: date-time
+          nullable: true
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        passwordChanged:
+          format: date-time
+          nullable: true
+          readOnly: true
+          type: string
+        profile:
+          $ref: '#/components/schemas/UserProfile'
+        status:
+          $ref: '#/components/schemas/UserStatus'
+        statusChanged:
+          format: date-time
+          nullable: true
+          readOnly: true
+          type: string
+        transitioningToStatus:
+          $ref: '#/components/schemas/UserStatus'
+        type:
+          $ref: '#/components/schemas/UserType'
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    UserActivationToken:
+      example:
+        activationUrl: activationUrl
+        activationToken: activationToken
+      properties:
+        activationToken:
+          readOnly: true
+          type: string
+        activationUrl:
+          readOnly: true
+          type: string
+      type: object
+    UserBlock:
+      example:
+        appliesTo: appliesTo
+        type: type
+      properties:
+        appliesTo:
+          readOnly: true
+          type: string
+        type:
+          readOnly: true
+          type: string
+      type: object
+    UserCondition:
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+      type: object
+    UserCredentials:
+      example:
+        password:
+          hook:
+            type: type
+          value: value
+          hash:
+            salt: salt
+            saltOrder: saltOrder
+            workFactor: 0
+            value: value
+            algorithm: null
+        provider:
+          name: name
+          type: null
+        recovery_question:
+          answer: answer
+          question: question
+      properties:
+        password:
+          $ref: '#/components/schemas/PasswordCredential'
+        provider:
+          $ref: '#/components/schemas/AuthenticationProvider'
+        recovery_question:
+          $ref: '#/components/schemas/RecoveryQuestionCredential'
+      type: object
+    UserFactor:
+      discriminator:
+        mapping:
+          call: '#/components/schemas/CallUserFactor'
+          email: '#/components/schemas/EmailUserFactor'
+          push: '#/components/schemas/PushUserFactor'
+          question: '#/components/schemas/SecurityQuestionUserFactor'
+          sms: '#/components/schemas/SmsUserFactor'
+          token: '#/components/schemas/TokenUserFactor'
+          token:hardware: '#/components/schemas/HardwareUserFactor'
+          token:hotp: '#/components/schemas/CustomHotpUserFactor'
+          token:software:totp: '#/components/schemas/TotpUserFactor'
+          u2f: '#/components/schemas/U2fUserFactor'
+          web: '#/components/schemas/WebUserFactor'
+          webauthn: '#/components/schemas/WebAuthnUserFactor'
+          hotp: '#/components/schemas/CustomHotpUserFactor'
+        propertyName: factorType
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        factorType:
+          $ref: '#/components/schemas/FactorType'
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        provider:
+          $ref: '#/components/schemas/FactorProvider'
+        status:
+          $ref: '#/components/schemas/FactorStatus'
+        verify:
+          $ref: '#/components/schemas/VerifyFactorRequest'
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    UserIdentifierConditionEvaluatorPattern:
+      properties:
+        matchType:
+          $ref: '#/components/schemas/UserIdentifierMatchType'
+        value:
+          type: string
+      type: object
+    UserIdentifierMatchType:
+      enum:
+      - CONTAINS
+      - EQUALS
+      - EXPRESSION
+      - STARTS_WITH
+      - SUFFIX
+      type: string
+    UserIdentifierPolicyRuleCondition:
+      properties:
+        attribute:
+          type: string
+        patterns:
+          items:
+            $ref: '#/components/schemas/UserIdentifierConditionEvaluatorPattern'
+          type: array
+        type:
+          $ref: '#/components/schemas/UserIdentifierType'
+      type: object
+    UserIdentifierType:
+      enum:
+      - ATTRIBUTE
+      - IDENTIFIER
+      type: string
+    UserIdentityProviderLinkRequest:
+      example:
+        externalId: externalId
+      properties:
+        externalId:
+          type: string
+      type: object
+    UserLifecycleAttributePolicyRuleCondition:
+      properties:
+        attributeName:
+          type: string
+        matchingValue:
+          type: string
+      type: object
+    UserLockoutSettings:
+      example:
+        preventBruteForceLockoutFromUnknownDevices: true
+      properties:
+        preventBruteForceLockoutFromUnknownDevices:
+          description: Prevents brute-force lockout from unknown devices for the password
+            authenticator.
+          type: boolean
+      type: object
+    UserNextLogin:
+      enum:
+      - changePassword
+      type: string
+    UserPolicyRuleCondition:
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        inactivity:
+          $ref: '#/components/schemas/InactivityPolicyRuleCondition'
+        include:
+          items:
+            type: string
+          type: array
+        lifecycleExpiration:
+          $ref: '#/components/schemas/LifecycleExpirationPolicyRuleCondition'
+        passwordExpiration:
+          $ref: '#/components/schemas/PasswordExpirationPolicyRuleCondition'
+        userLifecycleAttribute:
+          $ref: '#/components/schemas/UserLifecycleAttributePolicyRuleCondition'
+      type: object
+    UserProfile:
+      additionalProperties: true
+      example:
+        profileUrl: profileUrl
+        lastName: lastName
+        zipCode: zipCode
+        preferredLanguage: preferredLanguage
+        city: city
+        displayName: displayName
+        timezone: timezone
+        locale: locale
+        login: login
+        title: title
+        employeeNumber: employeeNumber
+        division: division
+        honorificSuffix: honorificSuffix
+        countryCode: countryCode
+        state: state
+        department: department
+        email: email
+        manager: manager
+        costCenter: costCenter
+        nickName: nickName
+        secondEmail: secondEmail
+        honorificPrefix: honorificPrefix
+        managerId: managerId
+        firstName: firstName
+        primaryPhone: primaryPhone
+        postalAddress: postalAddress
+        mobilePhone: mobilePhone
+        streetAddress: streetAddress
+        organization: organization
+        middleName: middleName
+        userType: userType
+      properties:
+        city:
+          maxLength: 128
+          nullable: true
+          type: string
+        costCenter:
+          type: string
+        countryCode:
+          maxLength: 2
+          nullable: true
+          type: string
+        department:
+          type: string
+        displayName:
+          type: string
+        division:
+          type: string
+        email:
+          format: email
+          maxLength: 100
+          minLength: 5
+          type: string
+        employeeNumber:
+          type: string
+        firstName:
+          maxLength: 50
+          minLength: 1
+          nullable: true
+          type: string
+        honorificPrefix:
+          type: string
+        honorificSuffix:
+          type: string
+        lastName:
+          maxLength: 50
+          minLength: 1
+          nullable: true
+          type: string
+        locale:
+          description: "The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)."
+          type: string
+        login:
+          maxLength: 100
+          type: string
+        manager:
+          type: string
+        managerId:
+          type: string
+        middleName:
+          type: string
+        mobilePhone:
+          maxLength: 100
+          nullable: true
+          type: string
+        nickName:
+          type: string
+        organization:
+          type: string
+        postalAddress:
+          maxLength: 4096
+          nullable: true
+          type: string
+        preferredLanguage:
+          type: string
+        primaryPhone:
+          maxLength: 100
+          nullable: true
+          type: string
+        profileUrl:
+          type: string
+        secondEmail:
+          format: email
+          maxLength: 100
+          minLength: 5
+          nullable: true
+          type: string
+        state:
+          maxLength: 128
+          nullable: true
+          type: string
+        streetAddress:
+          maxLength: 1024
+          nullable: true
+          type: string
+        timezone:
+          type: string
+        title:
+          type: string
+        userType:
+          type: string
+        zipCode:
+          maxLength: 50
+          nullable: true
+          type: string
+      type: object
+    UserSchema:
+      example:
+        lastUpdated: lastUpdated
+        $schema: $schema
+        _links:
+          key: "{}"
+        created: created
+        name: name
+        id: id
+        title: title
+        type: type
+        definitions:
+          custom:
+            id: id
+            type: type
+            properties:
+              key:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+            required:
+            - required
+            - required
+          base:
+            id: id
+            type: type
+            properties:
+              profileUrl:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              lastName:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              zipCode:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              preferredLanguage:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              city:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              displayName:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              timezone:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              locale:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              login:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              title:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              employeeNumber:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              division:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              honorificSuffix:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              countryCode:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              state:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              department:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              email:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              manager:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              costCenter:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              nickName:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              secondEmail:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              honorificPrefix:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              managerId:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              firstName:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              primaryPhone:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              postalAddress:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              mobilePhone:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              streetAddress:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              organization:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              middleName:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+              userType:
+                minLength: 6
+                externalNamespace: externalNamespace
+                pattern: pattern
+                description: description
+                union: null
+                title: title
+                type: null
+                enum:
+                - enum
+                - enum
+                required: true
+                master:
+                  priority:
+                  - type: type
+                    value: value
+                  - type: type
+                    value: value
+                  type: null
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                permissions:
+                - principal: principal
+                  action: action
+                - principal: principal
+                  action: action
+                externalName: externalName
+                scope: null
+                unique: unique
+                mutability: mutability
+                items:
+                  oneOf:
+                  - const: const
+                    title: title
+                  - const: const
+                    title: title
+                  type: type
+                  enum:
+                  - enum
+                  - enum
+                maxLength: 0
+            required:
+            - required
+            - required
+        properties:
+          profile:
+            allOf:
+            - $ref: $ref
+            - $ref: $ref
+      properties:
+        $schema:
+          readOnly: true
+          type: string
+        created:
+          readOnly: true
+          type: string
+        definitions:
+          $ref: '#/components/schemas/UserSchemaDefinitions'
+        id:
+          readOnly: true
+          type: string
+        lastUpdated:
+          readOnly: true
+          type: string
+        name:
+          readOnly: true
+          type: string
+        properties:
+          $ref: '#/components/schemas/UserSchemaProperties'
+        title:
+          type: string
+        type:
+          readOnly: true
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    UserSchemaAttribute:
+      example:
+        minLength: 6
+        externalNamespace: externalNamespace
+        pattern: pattern
+        description: description
+        union: null
+        title: title
+        type: null
+        enum:
+        - enum
+        - enum
+        required: true
+        master:
+          priority:
+          - type: type
+            value: value
+          - type: type
+            value: value
+          type: null
+        oneOf:
+        - const: const
+          title: title
+        - const: const
+          title: title
+        permissions:
+        - principal: principal
+          action: action
+        - principal: principal
+          action: action
+        externalName: externalName
+        scope: null
+        unique: unique
+        mutability: mutability
+        items:
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          type: type
+          enum:
+          - enum
+          - enum
+        maxLength: 0
+      properties:
+        description:
+          type: string
+        enum:
+          items:
+            type: string
+          type: array
+        externalName:
+          type: string
+        externalNamespace:
+          type: string
+        items:
+          $ref: '#/components/schemas/UserSchemaAttributeItems'
+        master:
+          $ref: '#/components/schemas/UserSchemaAttributeMaster'
+        maxLength:
+          type: integer
+        minLength:
+          type: integer
+        mutability:
+          type: string
+        oneOf:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeEnum'
+          type: array
+        pattern:
+          type: string
+        permissions:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributePermission'
+          type: array
+        required:
+          type: boolean
+        scope:
+          $ref: '#/components/schemas/UserSchemaAttributeScope'
+        title:
+          type: string
+        type:
+          $ref: '#/components/schemas/UserSchemaAttributeType'
+        union:
+          $ref: '#/components/schemas/UserSchemaAttributeUnion'
+        unique:
+          type: string
+      type: object
+      x-okta-allow-null-property-value-for-updates: true
+    UserSchemaAttributeEnum:
+      example:
+        const: const
+        title: title
+      properties:
+        const:
+          type: string
+        title:
+          type: string
+      type: object
+    UserSchemaAttributeItems:
+      example:
+        oneOf:
+        - const: const
+          title: title
+        - const: const
+          title: title
+        type: type
+        enum:
+        - enum
+        - enum
+      properties:
+        enum:
+          items:
+            type: string
+          type: array
+        oneOf:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeEnum'
+          type: array
+        type:
+          type: string
+      type: object
+    UserSchemaAttributeMaster:
+      example:
+        priority:
+        - type: type
+          value: value
+        - type: type
+          value: value
+        type: null
+      properties:
+        priority:
+          items:
+            $ref: '#/components/schemas/UserSchemaAttributeMasterPriority'
+          type: array
+        type:
+          $ref: '#/components/schemas/UserSchemaAttributeMasterType'
+      type: object
+    UserSchemaAttributeMasterPriority:
+      example:
+        type: type
+        value: value
+      properties:
+        type:
+          type: string
+        value:
+          type: string
+      type: object
+    UserSchemaAttributeMasterType:
+      enum:
+      - OKTA
+      - OVERRIDE
+      - PROFILE_MASTER
+      type: string
+    UserSchemaAttributePermission:
+      example:
+        principal: principal
+        action: action
+      properties:
+        action:
+          type: string
+        principal:
+          type: string
+      type: object
+    UserSchemaAttributeScope:
+      enum:
+      - NONE
+      - SELF
+      type: string
+    UserSchemaAttributeType:
+      enum:
+      - array
+      - boolean
+      - integer
+      - number
+      - string
+      type: string
+    UserSchemaAttributeUnion:
+      enum:
+      - DISABLE
+      - ENABLE
+      type: string
+    UserSchemaBase:
+      example:
+        id: id
+        type: type
+        properties:
+          profileUrl:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          lastName:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          zipCode:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          preferredLanguage:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          city:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          displayName:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          timezone:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          locale:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          login:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          title:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          employeeNumber:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          division:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          honorificSuffix:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          countryCode:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          state:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          department:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          email:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          manager:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          costCenter:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          nickName:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          secondEmail:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          honorificPrefix:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          managerId:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          firstName:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          primaryPhone:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          postalAddress:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          mobilePhone:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          streetAddress:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          organization:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          middleName:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+          userType:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+        required:
+        - required
+        - required
+      properties:
+        id:
+          type: string
+        properties:
+          $ref: '#/components/schemas/UserSchemaBaseProperties'
+        required:
+          items:
+            type: string
+          type: array
+        type:
+          type: string
+      type: object
+    UserSchemaBaseProperties:
+      example:
+        profileUrl:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        lastName:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        zipCode:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        preferredLanguage:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        city:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        displayName:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        timezone:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        locale:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        login:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        title:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        employeeNumber:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        division:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        honorificSuffix:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        countryCode:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        state:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        department:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        email:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        manager:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        costCenter:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        nickName:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        secondEmail:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        honorificPrefix:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        managerId:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        firstName:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        primaryPhone:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        postalAddress:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        mobilePhone:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        streetAddress:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        organization:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        middleName:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+        userType:
+          minLength: 6
+          externalNamespace: externalNamespace
+          pattern: pattern
+          description: description
+          union: null
+          title: title
+          type: null
+          enum:
+          - enum
+          - enum
+          required: true
+          master:
+            priority:
+            - type: type
+              value: value
+            - type: type
+              value: value
+            type: null
+          oneOf:
+          - const: const
+            title: title
+          - const: const
+            title: title
+          permissions:
+          - principal: principal
+            action: action
+          - principal: principal
+            action: action
+          externalName: externalName
+          scope: null
+          unique: unique
+          mutability: mutability
+          items:
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            type: type
+            enum:
+            - enum
+            - enum
+          maxLength: 0
+      properties:
+        city:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        costCenter:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        countryCode:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        department:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        displayName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        division:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        email:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        employeeNumber:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        firstName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        honorificPrefix:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        honorificSuffix:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        lastName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        locale:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        login:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        manager:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        managerId:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        middleName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        mobilePhone:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        nickName:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        organization:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        postalAddress:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        preferredLanguage:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        primaryPhone:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        profileUrl:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        secondEmail:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        state:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        streetAddress:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        timezone:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        title:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        userType:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+        zipCode:
+          $ref: '#/components/schemas/UserSchemaAttribute'
+      type: object
+    UserSchemaDefinitions:
+      example:
+        custom:
+          id: id
+          type: type
+          properties:
+            key:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+          required:
+          - required
+          - required
+        base:
+          id: id
+          type: type
+          properties:
+            profileUrl:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            lastName:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            zipCode:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            preferredLanguage:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            city:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            displayName:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            timezone:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            locale:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            login:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            title:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            employeeNumber:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            division:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            honorificSuffix:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            countryCode:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            state:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            department:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            email:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            manager:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            costCenter:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            nickName:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            secondEmail:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            honorificPrefix:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            managerId:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            firstName:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            primaryPhone:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            postalAddress:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            mobilePhone:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            streetAddress:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            organization:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            middleName:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+            userType:
+              minLength: 6
+              externalNamespace: externalNamespace
+              pattern: pattern
+              description: description
+              union: null
+              title: title
+              type: null
+              enum:
+              - enum
+              - enum
+              required: true
+              master:
+                priority:
+                - type: type
+                  value: value
+                - type: type
+                  value: value
+                type: null
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              permissions:
+              - principal: principal
+                action: action
+              - principal: principal
+                action: action
+              externalName: externalName
+              scope: null
+              unique: unique
+              mutability: mutability
+              items:
+                oneOf:
+                - const: const
+                  title: title
+                - const: const
+                  title: title
+                type: type
+                enum:
+                - enum
+                - enum
+              maxLength: 0
+          required:
+          - required
+          - required
+      properties:
+        base:
+          $ref: '#/components/schemas/UserSchemaBase'
+        custom:
+          $ref: '#/components/schemas/UserSchemaPublic'
+      type: object
+    UserSchemaProperties:
+      example:
+        profile:
+          allOf:
+          - $ref: $ref
+          - $ref: $ref
+      properties:
+        profile:
+          $ref: '#/components/schemas/UserSchemaPropertiesProfile'
+      type: object
+    UserSchemaPropertiesProfile:
+      example:
+        allOf:
+        - $ref: $ref
+        - $ref: $ref
+      properties:
+        allOf:
+          items:
+            $ref: '#/components/schemas/UserSchemaPropertiesProfileItem'
+          type: array
+      type: object
+    UserSchemaPropertiesProfileItem:
+      example:
+        $ref: $ref
+      properties:
+        $ref:
+          type: string
+      type: object
+    UserSchemaPublic:
+      example:
+        id: id
+        type: type
+        properties:
+          key:
+            minLength: 6
+            externalNamespace: externalNamespace
+            pattern: pattern
+            description: description
+            union: null
+            title: title
+            type: null
+            enum:
+            - enum
+            - enum
+            required: true
+            master:
+              priority:
+              - type: type
+                value: value
+              - type: type
+                value: value
+              type: null
+            oneOf:
+            - const: const
+              title: title
+            - const: const
+              title: title
+            permissions:
+            - principal: principal
+              action: action
+            - principal: principal
+              action: action
+            externalName: externalName
+            scope: null
+            unique: unique
+            mutability: mutability
+            items:
+              oneOf:
+              - const: const
+                title: title
+              - const: const
+                title: title
+              type: type
+              enum:
+              - enum
+              - enum
+            maxLength: 0
+        required:
+        - required
+        - required
+      properties:
+        id:
+          type: string
+        properties:
+          additionalProperties:
+            $ref: '#/components/schemas/UserSchemaAttribute'
+          type: object
+        required:
+          items:
+            type: string
+          type: array
+        type:
+          type: string
+      type: object
+    UserStatus:
+      enum:
+      - ACTIVE
+      - DEPROVISIONED
+      - LOCKED_OUT
+      - PASSWORD_EXPIRED
+      - PROVISIONED
+      - RECOVERY
+      - STAGED
+      - SUSPENDED
+      type: string
+    UserStatusPolicyRuleCondition:
+      properties:
+        value:
+          $ref: '#/components/schemas/PolicyUserStatus'
+      type: object
+    UserType:
+      example:
+        lastUpdated: 2000-01-23T04:56:07.000+00:00
+        lastUpdatedBy: lastUpdatedBy
+        default: true
+        createdBy: createdBy
+        _links:
+          key: "{}"
+        created: 2000-01-23T04:56:07.000+00:00
+        displayName: displayName
+        name: name
+        description: description
+        id: id
+      properties:
+        created:
+          format: date-time
+          readOnly: true
+          type: string
+        createdBy:
+          readOnly: true
+          type: string
+        default:
+          readOnly: true
+          type: boolean
+        description:
+          type: string
+        displayName:
+          type: string
+        id:
+          type: string
+        lastUpdated:
+          format: date-time
+          readOnly: true
+          type: string
+        lastUpdatedBy:
+          readOnly: true
+          type: string
+        name:
+          type: string
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    UserTypeCondition:
+      properties:
+        exclude:
+          items:
+            type: string
+          type: array
+        include:
+          items:
+            type: string
+          type: array
+    UserVerificationEnum:
+      enum:
+      - PREFERRED
+      - REQUIRED
+      type: string
+    VerificationMethod:
+      properties:
+        constraints:
+          items:
+            $ref: '#/components/schemas/AccessPolicyConstraints'
+          type: array
+        factorMode:
+          type: string
+        reauthenticateIn:
+          type: string
+        type:
+          type: string
+      type: object
+    VerifyFactorRequest:
+      example:
+        attestation: attestation
+        answer: answer
+        nextPassCode: nextPassCode
+        stateToken: stateToken
+        clientData: clientData
+        passCode: passCode
+        registrationData: registrationData
+        activationToken: activationToken
+      properties:
+        activationToken:
+          type: string
+        answer:
+          type: string
+        attestation:
+          type: string
+        clientData:
+          type: string
+        nextPassCode:
+          type: string
+        passCode:
+          type: string
+        registrationData:
+          type: string
+        stateToken:
+          type: string
+      type: object
+    VerifyUserFactorResponse:
+      example:
+        factorResultMessage: factorResultMessage
+        _embedded:
+          key: "{}"
+        _links:
+          key: "{}"
+        factorResult: null
+        expiresAt: 2000-01-23T04:56:07.000+00:00
+      properties:
+        expiresAt:
+          format: date-time
+          readOnly: true
+          type: string
+        factorResult:
+          $ref: '#/components/schemas/VerifyUserFactorResult'
+        factorResultMessage:
+          type: string
+        _embedded:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+        _links:
+          additionalProperties:
+            properties: {}
+            type: object
+          readOnly: true
+          type: object
+      type: object
+    VerifyUserFactorResult:
+      enum:
+      - CHALLENGE
+      - ERROR
+      - EXPIRED
+      - FAILED
+      - PASSCODE_REPLAYED
+      - REJECTED
+      - SUCCESS
+      - TIMEOUT
+      - TIME_WINDOW_EXCEEDED
+      - WAITING
+      type: string
+    Version:
+      description: "The version specified as a [Semantic Version](https://semver.org/)."
+      pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\\
+        d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\
+        +([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
+      type: string
+    VersionObject:
+      properties:
+        minimum:
+          type: string
+      type: object
+    WebAuthnUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/WebAuthnUserFactor_allOf'
+    WebAuthnUserFactorProfile:
+      properties:
+        authenticatorName:
+          type: string
+        credentialId:
+          type: string
+      type: object
+    WebUserFactor:
+      allOf:
+      - $ref: '#/components/schemas/UserFactor'
+      - $ref: '#/components/schemas/WebUserFactor_allOf'
+    WebUserFactorProfile:
+      properties:
+        credentialId:
+          type: string
+      type: object
+    WellKnownOrgMetadata:
+      example:
+        pipeline: null
+        settings:
+          analyticsCollectionEnabled: true
+          bugReportingEnabled: true
+          omEnabled: true
+        _links:
+          organization:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+          alternate:
+            hints:
+              allow:
+              - null
+              - null
+            name: name
+            href: href
+            type: type
+        id: id
+      properties:
+        id:
+          description: The unique identifier of the Org
+          type: string
+        pipeline:
+          $ref: '#/components/schemas/PipelineType'
+        settings:
+          $ref: '#/components/schemas/WellKnownOrgMetadataSettings'
+        _links:
+          $ref: '#/components/schemas/WellKnownOrgMetadata__links'
+      type: object
+    WellKnownOrgMetadataSettings:
+      example:
+        analyticsCollectionEnabled: true
+        bugReportingEnabled: true
+        omEnabled: true
+      properties:
+        analyticsCollectionEnabled:
+          type: boolean
+        bugReportingEnabled:
+          type: boolean
+        omEnabled:
+          description: Whether the legacy Okta Mobile application is enabled for the
+            org
+          type: boolean
+      type: object
+    WsFederationApplication:
+      allOf:
+      - $ref: '#/components/schemas/Application'
+      - $ref: '#/components/schemas/WsFederationApplication_allOf'
+      x-okta-defined-as:
+        name: template_wsfed
+    WsFederationApplicationSettings:
+      allOf:
+      - $ref: '#/components/schemas/ApplicationSettings'
+      - $ref: '#/components/schemas/WsFederationApplicationSettings_allOf'
+    WsFederationApplicationSettingsApplication:
+      properties:
+        attributeStatements:
+          type: string
+        audienceRestriction:
+          type: string
+        authnContextClassRef:
+          type: string
+        groupFilter:
+          type: string
+        groupName:
+          type: string
+        groupValueFormat:
+          type: string
+        nameIDFormat:
+          type: string
+        realm:
+          type: string
+        siteURL:
+          type: string
+        usernameAttribute:
+          type: string
+        wReplyOverride:
+          type: boolean
+        wReplyURL:
+          type: string
+      type: object
+    listApplications_200_response_inner:
+      discriminator:
+        mapping:
+          AUTO_LOGIN: '#/components/schemas/AutoLoginApplication'
+          BASIC_AUTH: '#/components/schemas/BasicAuthApplication'
+          BOOKMARK: '#/components/schemas/BookmarkApplication'
+          BROWSER_PLUGIN: '#/components/schemas/BrowserPluginApplication'
+          OPENID_CONNECT: '#/components/schemas/OpenIdConnectApplication'
+          SAML_1_1: '#/components/schemas/SamlApplication'
+          SAML_2_0: '#/components/schemas/SamlApplication'
+          SECURE_PASSWORD_STORE: '#/components/schemas/SecurePasswordStoreApplication'
+          WS_FEDERATION: '#/components/schemas/WsFederationApplication'
+        propertyName: signOnMode
+      oneOf:
+      - $ref: '#/components/schemas/AutoLoginApplication'
+      - $ref: '#/components/schemas/BasicAuthApplication'
+      - $ref: '#/components/schemas/BookmarkApplication'
+      - $ref: '#/components/schemas/BrowserPluginApplication'
+      - $ref: '#/components/schemas/OpenIdConnectApplication'
+      - $ref: '#/components/schemas/SamlApplication'
+      - $ref: '#/components/schemas/SecurePasswordStoreApplication'
+      - $ref: '#/components/schemas/WsFederationApplication'
+    uploadApplicationLogo_request:
+      properties:
+        file:
+          format: binary
+          type: string
+      required:
+      - file
+      type: object
+    listBehaviorDetectionRules_200_response_inner:
+      discriminator:
+        mapping:
+          ANOMALOUS_LOCATION: '#/components/schemas/BehaviorRuleAnomalousLocation'
+          ANOMALOUS_IP: '#/components/schemas/BehaviorRuleAnomalousIP'
+          ANOMALOUS_DEVICE: '#/components/schemas/BehaviorRuleAnomalousDevice'
+          VELOCITY: '#/components/schemas/BehaviorRuleVelocity'
+        propertyName: type
+      oneOf:
+      - $ref: '#/components/schemas/BehaviorRuleAnomalousLocation'
+      - $ref: '#/components/schemas/BehaviorRuleAnomalousIP'
+      - $ref: '#/components/schemas/BehaviorRuleAnomalousDevice'
+      - $ref: '#/components/schemas/BehaviorRuleVelocity'
+    uploadBrandThemeBackgroundImage_request:
+      description: "The file must be in PNG, JPG, or GIF format and less than 2 MB\
+        \ in size."
+      properties:
+        file:
+          format: binary
+          type: string
+      required:
+      - file
+      type: object
+    uploadBrandThemeFavicon_request:
+      description: "The file must be in PNG, or ico format and less than ?? in size\
+        \ and 128 x 128 dimensions"
+      properties:
+        file:
+          format: binary
+          type: string
+      required:
+      - file
+      type: object
+    uploadBrandThemeLogo_request:
+      description: "The file must be in PNG, JPG, or GIF format and less than 100kB\
+        \ in size. For best results use landscape orientation, a transparent background,\
+        \ and a minimum size of 300px by 50px to prevent upscaling."
+      properties:
+        file:
+          format: binary
+          type: string
+      required:
+      - file
+      type: object
+    listDeviceAssurancePolicies_200_response_inner:
+      discriminator:
+        mapping:
+          WINDOWS: '#/components/schemas/DeviceAssuranceWindowsPlatform'
+          MACOS: '#/components/schemas/DeviceAssuranceMacOSPlatform'
+          CHROMEOS: '#/components/schemas/DeviceAssuranceChromeOSPlatform'
+          IOS: '#/components/schemas/DeviceAssuranceIOSPlatform'
+          ANDROID: '#/components/schemas/DeviceAssuranceAndroidPlatform'
+        propertyName: platform
+      oneOf:
+      - $ref: '#/components/schemas/DeviceAssuranceWindowsPlatform'
+      - $ref: '#/components/schemas/DeviceAssuranceMacOSPlatform'
+      - $ref: '#/components/schemas/DeviceAssuranceChromeOSPlatform'
+      - $ref: '#/components/schemas/DeviceAssuranceIOSPlatform'
+      - $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform'
+    listLogStreams_200_response_inner:
+      discriminator:
+        mapping:
+          aws_eventbridge: '#/components/schemas/LogStreamAws'
+          splunk_cloud_logstreaming: '#/components/schemas/LogStreamSplunk'
+        propertyName: type
+      oneOf:
+      - $ref: '#/components/schemas/LogStreamAws'
+      - $ref: '#/components/schemas/LogStreamSplunk'
+    listPolicies_200_response_inner:
+      discriminator:
+        mapping:
+          ACCESS_POLICY: '#/components/schemas/AccessPolicy'
+          IDP_DISCOVERY: '#/components/schemas/IdentityProviderPolicy'
+          MFA_ENROLL: '#/components/schemas/MultifactorEnrollmentPolicy'
+          OAUTH_AUTHORIZATION_POLICY: '#/components/schemas/AuthorizationServerPolicy'
+          OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
+          PASSWORD: '#/components/schemas/PasswordPolicy'
+          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicy'
+        propertyName: type
+      oneOf:
+      - $ref: '#/components/schemas/AccessPolicy'
+      - $ref: '#/components/schemas/IdentityProviderPolicy'
+      - $ref: '#/components/schemas/MultifactorEnrollmentPolicy'
+      - $ref: '#/components/schemas/AuthorizationServerPolicy'
+      - $ref: '#/components/schemas/OktaSignOnPolicy'
+      - $ref: '#/components/schemas/PasswordPolicy'
+      - $ref: '#/components/schemas/ProfileEnrollmentPolicy'
+    listPolicyRules_200_response_inner:
+      discriminator:
+        mapping:
+          ACCESS_POLICY: '#/components/schemas/AccessPolicyRule'
+          PASSWORD: '#/components/schemas/PasswordPolicyRule'
+          PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicyRule'
+          RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
+          SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
+        propertyName: type
+      oneOf:
+      - $ref: '#/components/schemas/AccessPolicyRule'
+      - $ref: '#/components/schemas/PasswordPolicyRule'
+      - $ref: '#/components/schemas/ProfileEnrollmentPolicyRule'
+      - $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+      - $ref: '#/components/schemas/OktaSignOnPolicyRule'
+    listPushProviders_200_response_inner:
+      discriminator:
+        mapping:
+          APNS: '#/components/schemas/APNSPushProvider'
+          FCM: '#/components/schemas/FCMPushProvider'
+        propertyName: providerType
+      oneOf:
+      - $ref: '#/components/schemas/APNSPushProvider'
+      - $ref: '#/components/schemas/FCMPushProvider'
+    listFactors_200_response_inner:
+      discriminator:
+        mapping:
+          call: '#/components/schemas/CallUserFactor'
+          email: '#/components/schemas/EmailUserFactor'
+          push: '#/components/schemas/PushUserFactor'
+          question: '#/components/schemas/SecurityQuestionUserFactor'
+          sms: '#/components/schemas/SmsUserFactor'
+          token: '#/components/schemas/TokenUserFactor'
+          token:hardware: '#/components/schemas/HardwareUserFactor'
+          token:hotp: '#/components/schemas/CustomHotpUserFactor'
+          token:software:totp: '#/components/schemas/TotpUserFactor'
+          u2f: '#/components/schemas/U2fUserFactor'
+          web: '#/components/schemas/WebUserFactor'
+          webauthn: '#/components/schemas/WebAuthnUserFactor'
+          hotp: '#/components/schemas/CustomHotpUserFactor'
+        propertyName: factorType
+      oneOf:
+      - $ref: '#/components/schemas/CallUserFactor'
+      - $ref: '#/components/schemas/EmailUserFactor'
+      - $ref: '#/components/schemas/PushUserFactor'
+      - $ref: '#/components/schemas/SecurityQuestionUserFactor'
+      - $ref: '#/components/schemas/SmsUserFactor'
+      - $ref: '#/components/schemas/TokenUserFactor'
+      - $ref: '#/components/schemas/HardwareUserFactor'
+      - $ref: '#/components/schemas/CustomHotpUserFactor'
+      - $ref: '#/components/schemas/TotpUserFactor'
+      - $ref: '#/components/schemas/U2fUserFactor'
+      - $ref: '#/components/schemas/WebUserFactor'
+      - $ref: '#/components/schemas/WebAuthnUserFactor'
+    APNSPushProvider_allOf:
+      properties:
+        configuration:
+          $ref: '#/components/schemas/APNSConfiguration'
+      type: object
+    AccessPolicy_allOf:
+      properties:
+        conditions:
+          $ref: '#/components/schemas/PolicyRuleConditions'
+      type: object
+    AccessPolicyRule_allOf:
+      properties:
+        actions:
+          $ref: '#/components/schemas/AccessPolicyRuleActions'
+        conditions:
+          $ref: '#/components/schemas/AccessPolicyRuleConditions'
+      type: object
+    AccessPolicyRuleActions_allOf:
+      properties:
+        appSignOn:
+          $ref: '#/components/schemas/AccessPolicyRuleApplicationSignOn'
+      type: object
+    AccessPolicyRuleConditions_allOf:
+      properties:
+        device:
+          $ref: '#/components/schemas/DeviceAccessPolicyRuleCondition'
+        elCondition:
+          $ref: '#/components/schemas/AccessPolicyRuleCustomCondition'
+        userType:
+          $ref: '#/components/schemas/UserTypeCondition'
+      type: object
+    ApiToken__link:
+      example:
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    ApplicationLayout_rule:
+      example:
+        condition:
+          schema:
+            key: ""
+          scope: scope
+        effect: effect
+      properties:
+        effect:
+          type: string
+        condition:
+          $ref: '#/components/schemas/ApplicationLayoutRuleCondition'
+      type: object
+    AuthorizationServerPolicyRule_allOf:
+      properties:
+        actions:
+          $ref: '#/components/schemas/AuthorizationServerPolicyRuleActions'
+        conditions:
+          $ref: '#/components/schemas/AuthorizationServerPolicyRuleConditions'
+      type: object
+    AuthorizationServerPolicyRuleActions_allOf:
+      properties:
+        token:
+          $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction'
+      type: object
+    AuthorizationServerPolicyRuleConditions_allOf:
+      properties:
+        clients:
+          $ref: '#/components/schemas/ClientPolicyCondition'
+        grantTypes:
+          $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
+        people:
+          $ref: '#/components/schemas/PolicyPeopleCondition'
+        scopes:
+          $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+      type: object
+    AutoLoginApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/SchemeApplicationCredentials'
+        name:
+          type: string
+        settings:
+          $ref: '#/components/schemas/AutoLoginApplicationSettings'
+      type: object
+    AutoLoginApplicationSettings_allOf:
+      properties:
+        signOn:
+          $ref: '#/components/schemas/AutoLoginApplicationSettingsSignOn'
+      type: object
+    BasicApplicationSettings_allOf:
+      properties:
+        app:
+          $ref: '#/components/schemas/BasicApplicationSettingsApplication'
+      type: object
+    BasicAuthApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/SchemeApplicationCredentials'
+        name:
+          default: template_basic_auth
+          type: string
+        settings:
+          $ref: '#/components/schemas/BasicApplicationSettings'
+      type: object
+    BehaviorRuleAnomalousDevice_allOf:
+      properties:
+        settings:
+          $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousDevice'
+      type: object
+    BehaviorRuleAnomalousIP_allOf:
+      properties:
+        settings:
+          $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousIP'
+      type: object
+    BehaviorRuleAnomalousLocation_allOf:
+      properties:
+        settings:
+          $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousLocation'
+      type: object
+    BehaviorRuleSettingsAnomalousIP_allOf:
+      properties:
+        maxEventsUsedForEvaluation:
+          default: 50
+          maximum: 100
+          minimum: 0
+          type: integer
+      type: object
+    BehaviorRuleSettingsAnomalousLocation_allOf:
+      properties:
+        granularity:
+          $ref: '#/components/schemas/LocationGranularity'
+        radiusKilometers:
+          description: Required when `granularity` is `LAT_LONG`. Radius from the
+            provided coordinates in kilometers.
+          type: integer
+      required:
+      - granularity
+      type: object
+    Behavior_Detection_Rule_Settings_based_on_Event_History:
+      properties:
+        maxEventsUsedForEvaluation:
+          default: 20
+          maximum: 100
+          minimum: 1
+          type: integer
+        minEventsNeededForEvaluation:
+          default: 0
+          maximum: 10
+          minimum: 0
+          type: integer
+      title: Behavior Detection Rule Settings based on Event History
+      type: object
+    Behavior_Detection_Rule_Settings_based_on_device_velocity_in_kilometers_per_hour_:
+      properties:
+        velocityKph:
+          default: 805
+          minimum: 1
+          type: integer
+      required:
+      - velocityKph
+      title: Behavior Detection Rule Settings based on device velocity in kilometers
+        per hour.
+      type: object
+    BehaviorRuleVelocity_allOf:
+      properties:
+        settings:
+          $ref: '#/components/schemas/BehaviorRuleSettingsVelocity'
+      type: object
+    BookmarkApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/ApplicationCredentials'
+        name:
+          default: bookmark
+          type: string
+        settings:
+          $ref: '#/components/schemas/BookmarkApplicationSettings'
+      type: object
+    BookmarkApplicationSettings_allOf:
+      properties:
+        app:
+          $ref: '#/components/schemas/BookmarkApplicationSettingsApplication'
+      type: object
+    Brand_defaultApp:
+      example:
+        appInstanceId: appInstanceId
+        appLinkName: appLinkName
+        classicApplicationUri: classicApplicationUri
+      properties:
+        appInstanceId:
+          type: string
+        appLinkName:
+          type: string
+        classicApplicationUri:
+          type: string
+      type: object
+    Brand__links:
+      example:
+        themes:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        themes:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    BrandDomain__links:
+      description: Links to resources related to this brand domain
+      example:
+        domain:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        brand:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        brand:
+          $ref: '#/components/schemas/HrefObject'
+        domain:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    BrowserPluginApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/SchemeApplicationCredentials'
+        name:
+          type: string
+        settings:
+          $ref: '#/components/schemas/SwaApplicationSettings'
+      type: object
+    CallUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/CallUserFactorProfile'
+      type: object
+    ContextPolicyRuleCondition_allOf:
+      properties:
+        expression:
+          type: string
+      type: object
+    CustomHotpUserFactor_allOf:
+      properties:
+        factorProfileId:
+          type: string
+        profile:
+          $ref: '#/components/schemas/CustomHotpUserFactorProfile'
+      type: object
+    Device__links:
+      example:
+        suspend:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        unsuspend:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        activate:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        users:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        deactivate:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        users:
+          $ref: '#/components/schemas/HrefObject'
+        activate:
+          $ref: '#/components/schemas/HrefObject'
+        deactivate:
+          $ref: '#/components/schemas/HrefObject'
+        suspend:
+          $ref: '#/components/schemas/HrefObject'
+        unsuspend:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    DeviceAccessPolicyRuleCondition_allOf:
+      properties:
+        managed:
+          type: boolean
+        registered:
+          type: boolean
+      type: object
+    DeviceAssuranceAndroidPlatform_allOf_diskEncryptionType:
+      properties:
+        include:
+          items:
+            $ref: '#/components/schemas/DiskEncryptionType'
+          type: array
+      type: object
+    DeviceAssuranceAndroidPlatform_allOf_screenLockType:
+      properties:
+        include:
+          items:
+            $ref: '#/components/schemas/ScreenLockType'
+          type: array
+      type: object
+    DeviceAssuranceAndroidPlatform_allOf:
+      properties:
+        diskEncryptionType:
+          $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf_diskEncryptionType'
+        jailbreak:
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        screenLockType:
+          $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf_screenLockType'
+        secureHardwarePresent:
+          type: boolean
+      type: object
+    DeviceAssuranceChromeOSPlatform_allOf_thirdPartySignalProviders:
+      description: Settings for third-party signal providers (based on the `CHROMEOS`
+        platform)
+      properties:
+        dtc:
+          $ref: '#/components/schemas/DTCChromeOS'
+      type: object
+    DeviceAssuranceChromeOSPlatform_allOf:
+      properties:
+        thirdPartySignalProviders:
+          $ref: '#/components/schemas/DeviceAssuranceChromeOSPlatform_allOf_thirdPartySignalProviders'
+      type: object
+    DeviceAssuranceMacOSPlatform_allOf_thirdPartySignalProviders:
+      description: Settings for third-party signal providers (based on the `MACOS`
+        platform)
+      properties:
+        dtc:
+          $ref: '#/components/schemas/DTCMacOS'
+      type: object
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    DeviceAssuranceMacOSPlatform_allOf:
+      properties:
+        diskEncryptionType:
+          $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf_diskEncryptionType'
+        jailbreak:
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        screenLockType:
+          $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf_screenLockType'
+        secureHardwarePresent:
+          type: boolean
+        thirdPartySignalProviders:
+          $ref: '#/components/schemas/DeviceAssuranceMacOSPlatform_allOf_thirdPartySignalProviders'
+      type: object
+    DeviceAssuranceWindowsPlatform_allOf_thirdPartySignalProviders:
+      description: Settings for third-party signal providers (based on the `WINDOWS`
+        platform)
+      properties:
+        dtc:
+          $ref: '#/components/schemas/DTCWindows'
+      type: object
+      x-okta-lifecycle:
+        lifecycle: EA
+        isGenerallyAvailable: false
+        SKUs: []
+    DeviceAssuranceWindowsPlatform_allOf:
+      properties:
+        diskEncryptionType:
+          $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf_diskEncryptionType'
+        jailbreak:
+          type: boolean
+        osVersion:
+          $ref: '#/components/schemas/OSVersion'
+        screenLockType:
+          $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform_allOf_screenLockType'
+        secureHardwarePresent:
+          type: boolean
+        thirdPartySignalProviders:
+          $ref: '#/components/schemas/DeviceAssuranceWindowsPlatform_allOf_thirdPartySignalProviders'
+      type: object
+    EmailCustomization_allOf__links:
+      description: Links to resources related to this email customization.
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        template:
+          $ref: '#/components/schemas/HrefObject'
+        preview:
+          $ref: '#/components/schemas/HrefObject'
+        test:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    EmailCustomization_allOf:
+      properties:
+        created:
+          description: The UTC time at which this email customization was created.
+          format: date-time
+          readOnly: true
+          type: string
+        id:
+          description: A unique identifier for this email customization.
+          readOnly: true
+          type: string
+        isDefault:
+          description: Whether this is the default customization for the email template.
+            Each customized email template must have exactly one default customization.
+            Defaults to `true` for the first customization and `false` thereafter.
+          type: boolean
+        language:
+          description: "The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)."
+          type: string
+        lastUpdated:
+          description: The UTC time at which this email customization was last updated.
+          format: date-time
+          readOnly: true
+          type: string
+        _links:
+          $ref: '#/components/schemas/EmailCustomization_allOf__links'
+      required:
+      - language
+      type: object
+    EmailDefaultContent_allOf__links:
+      description: Links to resources related to this email template's default content.
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        template:
+          $ref: '#/components/schemas/HrefObject'
+        preview:
+          $ref: '#/components/schemas/HrefObject'
+        test:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    EmailDefaultContent_allOf:
+      properties:
+        _links:
+          $ref: '#/components/schemas/EmailDefaultContent_allOf__links'
+      type: object
+    EmailDomainResponseWithEmbedded__embedded:
+      example:
+        brands:
+        - agreeToCustomPrivacyPolicy: true
+          defaultApp:
+            appInstanceId: appInstanceId
+            appLinkName: appLinkName
+            classicApplicationUri: classicApplicationUri
+          isDefault: true
+          removePoweredByOkta: true
+          _links:
+            themes:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          name: name
+          id: id
+          locale: locale
+          customPrivacyPolicyUrl: customPrivacyPolicyUrl
+        - agreeToCustomPrivacyPolicy: true
+          defaultApp:
+            appInstanceId: appInstanceId
+            appLinkName: appLinkName
+            classicApplicationUri: classicApplicationUri
+          isDefault: true
+          removePoweredByOkta: true
+          _links:
+            themes:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+            self:
+              hints:
+                allow:
+                - null
+                - null
+              name: name
+              href: href
+              type: type
+          name: name
+          id: id
+          locale: locale
+          customPrivacyPolicyUrl: customPrivacyPolicyUrl
+      properties:
+        brands:
+          items:
+            $ref: '#/components/schemas/Brand'
+          type: array
+      readOnly: true
+      type: object
+    EmailPreview__links:
+      description: Links to resources related to this email preview.
+      example:
+        template:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        contentSource:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        defaultContent:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        test:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        contentSource:
+          $ref: '#/components/schemas/HrefObject'
+        template:
+          $ref: '#/components/schemas/HrefObject'
+        test:
+          $ref: '#/components/schemas/HrefObject'
+        defaultContent:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    EmailTemplate__embedded:
+      example:
+        customizationCount: 0
+        settings:
+          recipients: ALL_USERS
+      properties:
+        settings:
+          $ref: '#/components/schemas/EmailSettings'
+        customizationCount:
+          type: integer
+      readOnly: true
+      type: object
+    EmailTemplate__links:
+      description: Links to resources related to this email template.
+      example:
+        settings:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        defaultContent:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        test:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        customizations:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        settings:
+          $ref: '#/components/schemas/HrefObject'
+        defaultContent:
+          $ref: '#/components/schemas/HrefObject'
+        customizations:
+          $ref: '#/components/schemas/HrefObject'
+        test:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    EmailUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/EmailUserFactorProfile'
+      type: object
+    Error_errorCauses_inner:
+      properties:
+        errorSummary:
+          type: string
+      type: object
+    FCMPushProvider_allOf:
+      properties:
+        configuration:
+          $ref: '#/components/schemas/FCMConfiguration'
+      type: object
+    Group__links:
+      example:
+        logo:
+        - hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        - hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        source:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        users:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        apps:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        apps:
+          $ref: '#/components/schemas/HrefObject'
+        logo:
+          items:
+            $ref: '#/components/schemas/HrefObject'
+          type: array
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        source:
+          $ref: '#/components/schemas/HrefObject'
+        users:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    HardwareUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/HardwareUserFactorProfile'
+      type: object
+    HrefObject_hints:
+      example:
+        allow:
+        - null
+        - null
+      properties:
+        allow:
+          items:
+            $ref: '#/components/schemas/HttpMethod'
+          type: array
+      type: object
+    IamRole__links:
+      example:
+        permissions:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        permissions:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    IamRoles__links:
+      example:
+        next:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        next:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    IdentityProviderPolicy_allOf:
+      properties:
+        accountLink:
+          $ref: '#/components/schemas/PolicyAccountLink'
+        conditions:
+          $ref: '#/components/schemas/PolicyRuleConditions'
+        maxClockSkew:
+          type: integer
+        provisioning:
+          $ref: '#/components/schemas/Provisioning'
+        subject:
+          $ref: '#/components/schemas/PolicySubject'
+      type: object
+    InlineHookChannelHttp_allOf:
+      properties:
+        config:
+          $ref: '#/components/schemas/InlineHookChannelConfig'
+      type: object
+    InlineHookChannelOAuth_allOf:
+      properties:
+        config:
+          $ref: '#/components/schemas/InlineHookOAuthChannelConfig'
+      type: object
+    LogStream__links:
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        activate:
+          $ref: '#/components/schemas/HrefObject'
+        deactivate:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    LogStreamAws_allOf:
+      properties:
+        settings:
+          $ref: '#/components/schemas/LogStreamSettingsAws'
+      type: object
+    LogStreamSettingsAws_allOf:
+      description: The AWS EventBridge Settings object specifies the configuration
+        for the `aws_eventbridge` Log Stream type. This can't be modified after creation.
+      properties:
+        accountId:
+          description: Your AWS account ID
+          maxLength: 12
+          minLength: 12
+          type: string
+        eventSourceName:
+          description: An alphanumeric name (no spaces) to identify this event source
+            in AWS EventBridge
+          maxLength: 75
+          minLength: 1
+          pattern: "^[a-zA-Z0-9.\\-_]$"
+          type: string
+        region:
+          $ref: '#/components/schemas/AwsRegion'
+      type: object
+    LogStreamSettingsSplunk_allOf:
+      description: The Splunk Cloud Settings object specifies the configuration for
+        the `splunk_cloud_logstreaming` Log Stream type.
+      properties:
+        host:
+          description: "The domain name for your Splunk Cloud instance. Don't include\
+            \ `http` or `https` in the string. For example: `acme.splunkcloud.com`"
+          maxLength: 116
+          minLength: 17
+          type: string
+        token:
+          description: The HEC token for your Splunk Cloud HTTP Event Collector
+          pattern: "(?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$"
+          type: string
+      type: object
+    LogStreamSplunk_allOf:
+      properties:
+        settings:
+          $ref: '#/components/schemas/LogStreamSettingsSplunk'
+      type: object
+    MultifactorEnrollmentPolicy_allOf:
+      properties:
+        conditions:
+          $ref: '#/components/schemas/PolicyRuleConditions'
+        settings:
+          $ref: '#/components/schemas/MultifactorEnrollmentPolicySettings'
+      type: object
+    MultifactorEnrollmentPolicyAuthenticatorSettings_enroll:
+      properties:
+        self:
+          $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorStatus'
+      type: object
+    OAuthApplicationCredentials_allOf:
+      properties:
+        oauthClient:
+          $ref: '#/components/schemas/ApplicationCredentialsOAuthClient'
+      type: object
+    OktaSignOnPolicy_allOf:
+      properties:
+        conditions:
+          $ref: '#/components/schemas/OktaSignOnPolicyConditions'
+      type: object
+    OktaSignOnPolicyConditions_allOf:
+      properties:
+        people:
+          $ref: '#/components/schemas/PolicyPeopleCondition'
+      type: object
+    OktaSignOnPolicyRule_allOf:
+      properties:
+        actions:
+          $ref: '#/components/schemas/OktaSignOnPolicyRuleActions'
+        conditions:
+          $ref: '#/components/schemas/OktaSignOnPolicyRuleConditions'
+      type: object
+    OktaSignOnPolicyRuleActions_allOf:
+      properties:
+        signon:
+          $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions'
+      type: object
+    OktaSignOnPolicyRuleConditions_allOf:
+      properties:
+        authContext:
+          $ref: '#/components/schemas/PolicyRuleAuthContextCondition'
+        network:
+          $ref: '#/components/schemas/PolicyNetworkCondition'
+        people:
+          $ref: '#/components/schemas/PolicyPeopleCondition'
+      type: object
+    OpenIdConnectApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/OAuthApplicationCredentials'
+        name:
+          default: oidc_client
+          type: string
+        settings:
+          $ref: '#/components/schemas/OpenIdConnectApplicationSettings'
+      type: object
+    OpenIdConnectApplicationSettings_allOf:
+      properties:
+        oauthClient:
+          $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClient'
+      type: object
+    PageRoot__embedded:
+      example:
+        preview:
+          pageContent: pageContent
+        default:
+          pageContent: pageContent
+        customized:
+          pageContent: pageContent
+        previewUrl: https://openapi-generator.tech
+        customizedUrl: https://openapi-generator.tech
+      properties:
+        default:
+          $ref: '#/components/schemas/CustomizablePage'
+        customized:
+          $ref: '#/components/schemas/CustomizablePage'
+        customizedUrl:
+          format: uri
+          type: string
+        preview:
+          $ref: '#/components/schemas/CustomizablePage'
+        previewUrl:
+          format: uri
+          type: string
+      readOnly: true
+      type: object
+    PageRoot__links:
+      example:
+        preview:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        default:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        customized:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        default:
+          $ref: '#/components/schemas/HrefObject'
+        customized:
+          $ref: '#/components/schemas/HrefObject'
+        preview:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    PasswordPolicy_allOf:
+      properties:
+        conditions:
+          $ref: '#/components/schemas/PasswordPolicyConditions'
+        settings:
+          $ref: '#/components/schemas/PasswordPolicySettings'
+      type: object
+    PasswordPolicyConditions_allOf:
+      properties:
+        authProvider:
+          $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition'
+        people:
+          $ref: '#/components/schemas/PolicyPeopleCondition'
+      type: object
+    PasswordPolicyRule_allOf:
+      properties:
+        actions:
+          $ref: '#/components/schemas/PasswordPolicyRuleActions'
+        conditions:
+          $ref: '#/components/schemas/PasswordPolicyRuleConditions'
+      type: object
+    PasswordPolicyRuleActions_allOf:
+      properties:
+        passwordChange:
+          $ref: '#/components/schemas/PasswordPolicyRuleAction'
+        selfServicePasswordReset:
+          $ref: '#/components/schemas/PasswordPolicyRuleAction'
+        selfServiceUnlock:
+          $ref: '#/components/schemas/PasswordPolicyRuleAction'
+      type: object
+    PasswordPolicyRuleConditions_allOf:
+      properties:
+        network:
+          $ref: '#/components/schemas/PolicyNetworkCondition'
+        people:
+          $ref: '#/components/schemas/PolicyPeopleCondition'
+      type: object
+    PerClientRateLimitSettings_useCaseModeOverrides:
+      description: A map of Per-Client Rate Limit Use Case to the applicable PerClientRateLimitMode.
+        Overrides the `defaultMode` property for the specified use cases.
+      example:
+        LOGIN_PAGE: null
+        OIE_APP_INTENT: null
+        OAUTH2_AUTHORIZE: null
+      properties:
+        LOGIN_PAGE:
+          $ref: '#/components/schemas/PerClientRateLimitMode'
+        OAUTH2_AUTHORIZE:
+          $ref: '#/components/schemas/PerClientRateLimitMode'
+        OIE_APP_INTENT:
+          $ref: '#/components/schemas/PerClientRateLimitMode'
+      type: object
+    Permission__links:
+      example:
+        role:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        role:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    PossessionConstraint_allOf:
+      properties:
+        deviceBound:
+          type: string
+        hardwareProtection:
+          type: string
+        phishingResistant:
+          type: string
+        userPresence:
+          type: string
+      type: object
+    ProfileEnrollmentPolicyRule_allOf:
+      properties:
+        actions:
+          $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActions'
+        conditions:
+          $ref: '#/components/schemas/PolicyRuleConditions'
+      type: object
+    ProfileEnrollmentPolicyRuleActions_allOf:
+      properties:
+        profileEnrollment:
+          $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleAction'
+      type: object
+    PushUserFactor_allOf:
+      properties:
+        expiresAt:
+          format: date-time
+          type: string
+        factorResult:
+          $ref: '#/components/schemas/FactorResultType'
+        profile:
+          $ref: '#/components/schemas/PushUserFactorProfile'
+      type: object
+    ResourceSet__links:
+      example:
+        bindings:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        resources:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        resources:
+          $ref: '#/components/schemas/HrefObject'
+        bindings:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    ResourceSetBindingMembers__links:
+      example:
+        next:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        binding:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        binding:
+          $ref: '#/components/schemas/HrefObject'
+        next:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    ResourceSetBindingResponse__links:
+      example:
+        resource-set:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        bindings:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        bindings:
+          $ref: '#/components/schemas/HrefObject'
+        resource-set:
+          $ref: '#/components/schemas/HrefObject'
+      readOnly: true
+      type: object
+    ResourceSetBindingRole__links:
+      example:
+        members:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        self:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        self:
+          $ref: '#/components/schemas/HrefObject'
+        members:
+          $ref: '#/components/schemas/HrefObject'
+      type: object
+    ResourceSetResources__links:
+      example:
+        next:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        resource-set:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        next:
+          $ref: '#/components/schemas/HrefObject'
+        resource-set:
+          $ref: '#/components/schemas/HrefObject'
+      type: object
+    SamlApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/ApplicationCredentials'
+        name:
+          type: string
+        settings:
+          $ref: '#/components/schemas/SamlApplicationSettings'
+      type: object
+    SamlApplicationSettings_allOf:
+      properties:
+        app:
+          $ref: '#/components/schemas/SamlApplicationSettingsApplication'
+        signOn:
+          $ref: '#/components/schemas/SamlApplicationSettingsSignOn'
+      type: object
+    SchemeApplicationCredentials_allOf:
+      properties:
+        password:
+          $ref: '#/components/schemas/PasswordCredential'
+        revealPassword:
+          type: boolean
+        scheme:
+          $ref: '#/components/schemas/ApplicationCredentialsScheme'
+        signing:
+          $ref: '#/components/schemas/ApplicationCredentialsSigning'
+        userName:
+          type: string
+      type: object
+    SecurePasswordStoreApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/SchemeApplicationCredentials'
+        name:
+          default: template_sps
+          type: string
+        settings:
+          $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings'
+      type: object
+    SecurePasswordStoreApplicationSettings_allOf:
+      properties:
+        app:
+          $ref: '#/components/schemas/SecurePasswordStoreApplicationSettingsApplication'
+      type: object
+    SecurityQuestionUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/SecurityQuestionUserFactorProfile'
+      type: object
+    SignInPage_allOf_widgetCustomizations:
+      properties:
+        signInLabel:
+          type: string
+        usernameLabel:
+          type: string
+        usernameInfoTip:
+          type: string
+        passwordLabel:
+          type: string
+        passwordInfoTip:
+          type: string
+        showPasswordVisibilityToggle:
+          type: boolean
+        showUserIdentifier:
+          type: boolean
+        forgotPasswordLabel:
+          type: string
+        forgotPasswordUrl:
+          type: string
+        unlockAccountLabel:
+          type: string
+        unlockAccountUrl:
+          type: string
+        helpLabel:
+          type: string
+        helpUrl:
+          type: string
+        customLink1Label:
+          type: string
+        customLink1Url:
+          type: string
+        customLink2Label:
+          type: string
+        customLink2Url:
+          type: string
+        authenticatorPageCustomLinkLabel:
+          type: string
+        authenticatorPageCustomLinkUrl:
+          type: string
+        classicRecoveryFlowEmailOrUsernameLabel:
+          type: string
+      type: object
+    SignInPage_allOf:
+      properties:
+        widgetCustomizations:
+          $ref: '#/components/schemas/SignInPage_allOf_widgetCustomizations'
+        widgetVersion:
+          description: "The version specified as a [Semantic Version](https://semver.org/)."
+          pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\\
+            d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\\
+            +([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
+          type: string
+      type: object
+    SmsUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/SmsUserFactorProfile'
+      type: object
+    SwaApplicationSettings_allOf:
+      properties:
+        app:
+          $ref: '#/components/schemas/SwaApplicationSettingsApplication'
+      type: object
+    TokenUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/TokenUserFactorProfile'
+      type: object
+    TotpUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/TotpUserFactorProfile'
+      type: object
+    U2fUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/U2fUserFactorProfile'
+      type: object
+    WebAuthnUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/WebAuthnUserFactorProfile'
+      type: object
+    WebUserFactor_allOf:
+      properties:
+        profile:
+          $ref: '#/components/schemas/WebUserFactorProfile'
+      type: object
+    WellKnownOrgMetadata__links:
+      example:
+        organization:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+        alternate:
+          hints:
+            allow:
+            - null
+            - null
+          name: name
+          href: href
+          type: type
+      properties:
+        alternate:
+          $ref: '#/components/schemas/HrefObject'
+        organization:
+          $ref: '#/components/schemas/HrefObject'
+      type: object
+    WsFederationApplication_allOf:
+      properties:
+        credentials:
+          $ref: '#/components/schemas/ApplicationCredentials'
+        name:
+          default: template_wsfed
+          type: string
+        settings:
+          $ref: '#/components/schemas/WsFederationApplicationSettings'
+      type: object
+    WsFederationApplicationSettings_allOf:
+      properties:
+        app:
+          $ref: '#/components/schemas/WsFederationApplicationSettingsApplication'
+      type: object
+  securitySchemes:
+    apiToken:
+      description: "Pass the API token as the Authorization header value prefixed\
+        \ with SSWS: `Authorization: SSWS {API Token}`"
+      in: header
+      name: Authorization
+      type: apiKey
+    oauth2:
+      description: "Pass the access_token as the value of the Authorization header:\
+        \ `Authorization: Bearer {access_token}`"
+      flows:
+        authorizationCode:
+          authorizationUrl: /oauth2/v1/authorize
+          scopes:
+            okta.agentPools.manage: Allows the app to create and manage agent pools
+              in your Okta organization.
+            okta.agentPools.read: Allows the app to read agent pools in your Okta
+              organization.
+            okta.apiToken.manage: Allows the app to manage API Tokens in your Okta
+              organization.
+            okta.apiToken.read: Allows the app to read API Tokens in your Okta organization.
+            okta.apps.manage: Allows the app to create and manage Apps in your Okta
+              organization.
+            okta.apps.read: Allows the app to read information about Apps in your
+              Okta organization.
+            okta.authenticators.manage: "Allows the app to manage all authenticators\
+              \ (e.g. enrollments, reset)."
+            okta.authenticators.read: Allows the app to read org authenticators information.
+            okta.authorizationServers.manage: Allows the app to create and manage
+              Authorization Servers in your Okta organization.
+            okta.authorizationServers.read: Allows the app to read information about
+              Authorization Servers in your Okta organization.
+            okta.behaviors.manage: Allows the app to create and manage behavior detection
+              rules in your Okta organization.
+            okta.behaviors.read: Allows the app to read behavior detection rules in
+              your Okta organization.
+            okta.brands.manage: Allows the app to create and manage Brands and Themes
+              in your Okta organization.
+            okta.brands.read: Allows the app to read information about Brands and
+              Themes in your Okta organization.
+            okta.captchas.manage: Allows the app to create and manage CAPTCHAs in
+              your Okta organization.
+            okta.captchas.read: Allows the app to read information about CAPTCHAs
+              in your Okta organization.
+            okta.deviceAssurance.manage: Allows the app to manage device assurances.
+            okta.deviceAssurance.read: Allows the app to read device assurances.
+            okta.devices.manage: Allows the app to manage device status transitions
+              and delete a device.
+            okta.devices.read: Allows the app to read the existing device's profile
+              and search devices.
+            okta.domains.manage: Allows the app to manage custom Domains for your
+              Okta organization.
+            okta.domains.read: Allows the app to read information about custom Domains
+              for your Okta organization.
+            okta.eventHooks.manage: Allows the app to create and manage Event Hooks
+              in your Okta organization.
+            okta.eventHooks.read: Allows the app to read information about Event Hooks
+              in your Okta organization.
+            okta.groups.manage: Allows the app to manage existing groups in your Okta
+              organization.
+            okta.groups.read: Allows the app to read information about groups and
+              their members in your Okta organization.
+            okta.identitySources.manage: Allows the custom identity sources to manage
+              user entities in your Okta organization
+            okta.identitySources.read: Allows to read session information for custom
+              identity sources in your Okta organization
+            okta.idps.manage: Allows the app to create and manage Identity Providers
+              in your Okta organization.
+            okta.idps.read: Allows the app to read information about Identity Providers
+              in your Okta organization.
+            okta.inlineHooks.manage: Allows the app to create and manage Inline Hooks
+              in your Okta organization.
+            okta.inlineHooks.read: Allows the app to read information about Inline
+              Hooks in your Okta organization.
+            okta.linkedObjects.manage: Allows the app to manage linked object definitions
+              in your Okta organization.
+            okta.linkedObjects.read: Allows the app to read linked object definitions
+              in your Okta organization.
+            okta.logStreams.manage: Allows the app to create and manage log streams
+              in your Okta organization.
+            okta.logStreams.read: Allows the app to read information about log streams
+              in your Okta organization.
+            okta.logs.read: Allows the app to read information about System Log entries
+              in your Okta organization.
+            okta.orgs.manage: Allows the app to manage organization-specific details
+              for your Okta organization.
+            okta.orgs.read: Allows the app to read organization-specific details about
+              your Okta organization.
+            okta.policies.manage: Allows the app to manage policies in your Okta organization.
+            okta.policies.read: Allows the app to read information about policies
+              in your Okta organization.
+            okta.principalRateLimits.manage: Allows the app to create and manage Principal
+              Rate Limits in your Okta organization.
+            okta.principalRateLimits.read: Allows the app to read information about
+              Principal Rate Limits in your Okta organization.
+            okta.profileMappings.manage: Allows the app to manage user profile mappings
+              in your Okta organization.
+            okta.profileMappings.read: Allows the app to read user profile mappings
+              in your Okta organization.
+            okta.pushProviders.manage: Allows the app to create and manage push notification
+              providers such as APNs and FCM.
+            okta.pushProviders.read: Allows the app to read push notification providers
+              such as APNs and FCM.
+            okta.rateLimits.manage: Allows the app to create and manage rate limits
+              in your Okta organization.
+            okta.rateLimits.read: Allows the app to read information about rate limits
+              in your Okta organization.
+            okta.riskEvents.manage: Allows the app to publish risk events to your
+              Okta organization.
+            okta.riskProviders.manage: Allows the app to create and manage risk provider
+              integrations in your Okta organization.
+            okta.riskProviders.read: Allows the app to read all risk provider integrations
+              in your Okta organization.
+            okta.roles.manage: Allows the app to manage administrative role assignments
+              for users in your Okta organization.
+            okta.roles.read: Allows the app to read administrative role assignments
+              for users in your Okta organization.
+            okta.schemas.manage: Allows the app to create and manage Schemas in your
+              Okta organization.
+            okta.schemas.read: Allows the app to read information about Schemas in
+              your Okta organization.
+            okta.sessions.manage: Allows the app to manage all sessions in your Okta
+              organization.
+            okta.sessions.read: Allows the app to read all sessions in your Okta organization.
+            okta.templates.manage: Allows the app to manage all custom templates in
+              your Okta organization.
+            okta.templates.read: Allows the app to read all custom templates in your
+              Okta organization.
+            okta.trustedOrigins.manage: Allows the app to manage all Trusted Origins
+              in your Okta organization.
+            okta.trustedOrigins.read: Allows the app to read all Trusted Origins in
+              your Okta organization.
+            okta.userTypes.manage: Allows the app to manage user types in your Okta
+              organization.
+            okta.userTypes.read: Allows the app to read user types in your Okta organization.
+            okta.users.manage: Allows the app to create new users and to manage all
+              users' profile and credentials information.
+            okta.users.read: Allows the app to read the existing users' profiles and
+              credentials.
+          tokenUrl: /oauth2/v1/token
+      type: oauth2
diff --git a/okta/api_agent_pools.go b/okta/api_agent_pools.go
new file mode 100644
index 000000000..e4322f364
--- /dev/null
+++ b/okta/api_agent_pools.go
@@ -0,0 +1,2697 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type AgentPoolsApi interface {
+	/*
+		ActivateAgentPoolsUpdate Activate an Agent Pool update
+
+		Activates scheduled Agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiActivateAgentPoolsUpdateRequest
+	*/
+	ActivateAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiActivateAgentPoolsUpdateRequest
+
+	// ActivateAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	ActivateAgentPoolsUpdateExecute(r ApiActivateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		CreateAgentPoolsUpdate Create an Agent Pool update
+
+		Creates an Agent pool update \n For user flow 2 manual update, starts the update immediately. \n For user flow 3, schedules the update based on the configured update window and delay.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@return ApiCreateAgentPoolsUpdateRequest
+	*/
+	CreateAgentPoolsUpdate(ctx context.Context, poolId string) ApiCreateAgentPoolsUpdateRequest
+
+	// CreateAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	CreateAgentPoolsUpdateExecute(r ApiCreateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		DeactivateAgentPoolsUpdate Deactivate an Agent Pool update
+
+		Deactivates scheduled Agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiDeactivateAgentPoolsUpdateRequest
+	*/
+	DeactivateAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiDeactivateAgentPoolsUpdateRequest
+
+	// DeactivateAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	DeactivateAgentPoolsUpdateExecute(r ApiDeactivateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		DeleteAgentPoolsUpdate Delete an Agent Pool update
+
+		Deletes Agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiDeleteAgentPoolsUpdateRequest
+	*/
+	DeleteAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiDeleteAgentPoolsUpdateRequest
+
+	// DeleteAgentPoolsUpdateExecute executes the request
+	DeleteAgentPoolsUpdateExecute(r ApiDeleteAgentPoolsUpdateRequest) (*APIResponse, error)
+
+	/*
+		GetAgentPoolsUpdateInstance Retrieve an Agent Pool update by id
+
+		Retrieves Agent pool update from updateId
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiGetAgentPoolsUpdateInstanceRequest
+	*/
+	GetAgentPoolsUpdateInstance(ctx context.Context, poolId string, updateId string) ApiGetAgentPoolsUpdateInstanceRequest
+
+	// GetAgentPoolsUpdateInstanceExecute executes the request
+	//  @return AgentPoolUpdate
+	GetAgentPoolsUpdateInstanceExecute(r ApiGetAgentPoolsUpdateInstanceRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		GetAgentPoolsUpdateSettings Retrieve an Agent Pool update's settings
+
+		Retrieves the current state of the agent pool update instance settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@return ApiGetAgentPoolsUpdateSettingsRequest
+	*/
+	GetAgentPoolsUpdateSettings(ctx context.Context, poolId string) ApiGetAgentPoolsUpdateSettingsRequest
+
+	// GetAgentPoolsUpdateSettingsExecute executes the request
+	//  @return AgentPoolUpdateSetting
+	GetAgentPoolsUpdateSettingsExecute(r ApiGetAgentPoolsUpdateSettingsRequest) (*AgentPoolUpdateSetting, *APIResponse, error)
+
+	/*
+		ListAgentPools List all Agent Pools
+
+		Lists all agent pools with pagination support
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListAgentPoolsRequest
+	*/
+	ListAgentPools(ctx context.Context) ApiListAgentPoolsRequest
+
+	// ListAgentPoolsExecute executes the request
+	//  @return []AgentPool
+	ListAgentPoolsExecute(r ApiListAgentPoolsRequest) ([]AgentPool, *APIResponse, error)
+
+	/*
+		ListAgentPoolsUpdates List all Agent Pool updates
+
+		Lists all agent pool updates
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@return ApiListAgentPoolsUpdatesRequest
+	*/
+	ListAgentPoolsUpdates(ctx context.Context, poolId string) ApiListAgentPoolsUpdatesRequest
+
+	// ListAgentPoolsUpdatesExecute executes the request
+	//  @return []AgentPoolUpdate
+	ListAgentPoolsUpdatesExecute(r ApiListAgentPoolsUpdatesRequest) ([]AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		PauseAgentPoolsUpdate Pause an Agent Pool update
+
+		Pauses running or queued Agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiPauseAgentPoolsUpdateRequest
+	*/
+	PauseAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiPauseAgentPoolsUpdateRequest
+
+	// PauseAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	PauseAgentPoolsUpdateExecute(r ApiPauseAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		ResumeAgentPoolsUpdate Resume an Agent Pool update
+
+		Resumes running or queued Agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiResumeAgentPoolsUpdateRequest
+	*/
+	ResumeAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiResumeAgentPoolsUpdateRequest
+
+	// ResumeAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	ResumeAgentPoolsUpdateExecute(r ApiResumeAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		RetryAgentPoolsUpdate Retry an Agent Pool update
+
+		Retries Agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiRetryAgentPoolsUpdateRequest
+	*/
+	RetryAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiRetryAgentPoolsUpdateRequest
+
+	// RetryAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	RetryAgentPoolsUpdateExecute(r ApiRetryAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		StopAgentPoolsUpdate Stop an Agent Pool update
+
+		Stops Agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiStopAgentPoolsUpdateRequest
+	*/
+	StopAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiStopAgentPoolsUpdateRequest
+
+	// StopAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	StopAgentPoolsUpdateExecute(r ApiStopAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		UpdateAgentPoolsUpdate Update an Agent Pool update by id
+
+		Updates Agent pool update and return latest agent pool update
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@param updateId Id of the update
+		@return ApiUpdateAgentPoolsUpdateRequest
+	*/
+	UpdateAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiUpdateAgentPoolsUpdateRequest
+
+	// UpdateAgentPoolsUpdateExecute executes the request
+	//  @return AgentPoolUpdate
+	UpdateAgentPoolsUpdateExecute(r ApiUpdateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error)
+
+	/*
+		UpdateAgentPoolsUpdateSettings Update an Agent Pool update settings
+
+		Updates an agent pool update settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param poolId Id of the agent pool for which the settings will apply
+		@return ApiUpdateAgentPoolsUpdateSettingsRequest
+	*/
+	UpdateAgentPoolsUpdateSettings(ctx context.Context, poolId string) ApiUpdateAgentPoolsUpdateSettingsRequest
+
+	// UpdateAgentPoolsUpdateSettingsExecute executes the request
+	//  @return AgentPoolUpdateSetting
+	UpdateAgentPoolsUpdateSettingsExecute(r ApiUpdateAgentPoolsUpdateSettingsRequest) (*AgentPoolUpdateSetting, *APIResponse, error)
+}
+
+// AgentPoolsApiService AgentPoolsApi service
+type AgentPoolsApiService service
+
+type ApiActivateAgentPoolsUpdateRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiActivateAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.ActivateAgentPoolsUpdateExecute(r)
+}
+
+/*
+ActivateAgentPoolsUpdate Activate an Agent Pool update
+
+Activates scheduled Agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiActivateAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) ActivateAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiActivateAgentPoolsUpdateRequest {
+	return ApiActivateAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) ActivateAgentPoolsUpdateExecute(r ApiActivateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.ActivateAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateAgentPoolsUpdateRequest struct {
+	ctx             context.Context
+	ApiService      AgentPoolsApi
+	poolId          string
+	agentPoolUpdate *AgentPoolUpdate
+	retryCount      int32
+}
+
+func (r ApiCreateAgentPoolsUpdateRequest) AgentPoolUpdate(agentPoolUpdate AgentPoolUpdate) ApiCreateAgentPoolsUpdateRequest {
+	r.agentPoolUpdate = &agentPoolUpdate
+	return r
+}
+
+func (r ApiCreateAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.CreateAgentPoolsUpdateExecute(r)
+}
+
+/*
+CreateAgentPoolsUpdate Create an Agent Pool update
+
+Creates an Agent pool update \n For user flow 2 manual update, starts the update immediately. \n For user flow 3, schedules the update based on the configured update window and delay.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@return ApiCreateAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) CreateAgentPoolsUpdate(ctx context.Context, poolId string) ApiCreateAgentPoolsUpdateRequest {
+	return ApiCreateAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) CreateAgentPoolsUpdateExecute(r ApiCreateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.CreateAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.agentPoolUpdate == nil {
+		return localVarReturnValue, nil, reportError("agentPoolUpdate is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.agentPoolUpdate
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateAgentPoolsUpdateRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiDeactivateAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.DeactivateAgentPoolsUpdateExecute(r)
+}
+
+/*
+DeactivateAgentPoolsUpdate Deactivate an Agent Pool update
+
+Deactivates scheduled Agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiDeactivateAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) DeactivateAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiDeactivateAgentPoolsUpdateRequest {
+	return ApiDeactivateAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) DeactivateAgentPoolsUpdateExecute(r ApiDeactivateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.DeactivateAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteAgentPoolsUpdateRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiDeleteAgentPoolsUpdateRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteAgentPoolsUpdateExecute(r)
+}
+
+/*
+DeleteAgentPoolsUpdate Delete an Agent Pool update
+
+Deletes Agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiDeleteAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) DeleteAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiDeleteAgentPoolsUpdateRequest {
+	return ApiDeleteAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *AgentPoolsApiService) DeleteAgentPoolsUpdateExecute(r ApiDeleteAgentPoolsUpdateRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.DeleteAgentPoolsUpdate")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetAgentPoolsUpdateInstanceRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiGetAgentPoolsUpdateInstanceRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.GetAgentPoolsUpdateInstanceExecute(r)
+}
+
+/*
+GetAgentPoolsUpdateInstance Retrieve an Agent Pool update by id
+
+Retrieves Agent pool update from updateId
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiGetAgentPoolsUpdateInstanceRequest
+*/
+func (a *AgentPoolsApiService) GetAgentPoolsUpdateInstance(ctx context.Context, poolId string, updateId string) ApiGetAgentPoolsUpdateInstanceRequest {
+	return ApiGetAgentPoolsUpdateInstanceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) GetAgentPoolsUpdateInstanceExecute(r ApiGetAgentPoolsUpdateInstanceRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.GetAgentPoolsUpdateInstance")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetAgentPoolsUpdateSettingsRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	retryCount int32
+}
+
+func (r ApiGetAgentPoolsUpdateSettingsRequest) Execute() (*AgentPoolUpdateSetting, *APIResponse, error) {
+	return r.ApiService.GetAgentPoolsUpdateSettingsExecute(r)
+}
+
+/*
+GetAgentPoolsUpdateSettings Retrieve an Agent Pool update's settings
+
+Retrieves the current state of the agent pool update instance settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@return ApiGetAgentPoolsUpdateSettingsRequest
+*/
+func (a *AgentPoolsApiService) GetAgentPoolsUpdateSettings(ctx context.Context, poolId string) ApiGetAgentPoolsUpdateSettingsRequest {
+	return ApiGetAgentPoolsUpdateSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdateSetting
+func (a *AgentPoolsApiService) GetAgentPoolsUpdateSettingsExecute(r ApiGetAgentPoolsUpdateSettingsRequest) (*AgentPoolUpdateSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdateSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.GetAgentPoolsUpdateSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/settings"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAgentPoolsRequest struct {
+	ctx              context.Context
+	ApiService       AgentPoolsApi
+	limitPerPoolType *int32
+	poolType         *AgentType
+	after            *string
+	retryCount       int32
+}
+
+// Maximum number of AgentPools being returned
+func (r ApiListAgentPoolsRequest) LimitPerPoolType(limitPerPoolType int32) ApiListAgentPoolsRequest {
+	r.limitPerPoolType = &limitPerPoolType
+	return r
+}
+
+// Agent type to search for
+func (r ApiListAgentPoolsRequest) PoolType(poolType AgentType) ApiListAgentPoolsRequest {
+	r.poolType = &poolType
+	return r
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListAgentPoolsRequest) After(after string) ApiListAgentPoolsRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListAgentPoolsRequest) Execute() ([]AgentPool, *APIResponse, error) {
+	return r.ApiService.ListAgentPoolsExecute(r)
+}
+
+/*
+ListAgentPools List all Agent Pools
+
+Lists all agent pools with pagination support
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListAgentPoolsRequest
+*/
+func (a *AgentPoolsApiService) ListAgentPools(ctx context.Context) ApiListAgentPoolsRequest {
+	return ApiListAgentPoolsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []AgentPool
+func (a *AgentPoolsApiService) ListAgentPoolsExecute(r ApiListAgentPoolsRequest) ([]AgentPool, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AgentPool
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.ListAgentPools")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.limitPerPoolType != nil {
+		localVarQueryParams.Add("limitPerPoolType", parameterToString(*r.limitPerPoolType, ""))
+	}
+	if r.poolType != nil {
+		localVarQueryParams.Add("poolType", parameterToString(*r.poolType, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAgentPoolsUpdatesRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	scheduled  *bool
+	retryCount int32
+}
+
+// Scope the list only to scheduled or ad-hoc updates. If the parameter is not provided we will return the whole list of updates.
+func (r ApiListAgentPoolsUpdatesRequest) Scheduled(scheduled bool) ApiListAgentPoolsUpdatesRequest {
+	r.scheduled = &scheduled
+	return r
+}
+
+func (r ApiListAgentPoolsUpdatesRequest) Execute() ([]AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.ListAgentPoolsUpdatesExecute(r)
+}
+
+/*
+ListAgentPoolsUpdates List all Agent Pool updates
+
+Lists all agent pool updates
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@return ApiListAgentPoolsUpdatesRequest
+*/
+func (a *AgentPoolsApiService) ListAgentPoolsUpdates(ctx context.Context, poolId string) ApiListAgentPoolsUpdatesRequest {
+	return ApiListAgentPoolsUpdatesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []AgentPoolUpdate
+func (a *AgentPoolsApiService) ListAgentPoolsUpdatesExecute(r ApiListAgentPoolsUpdatesRequest) ([]AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.ListAgentPoolsUpdates")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.scheduled != nil {
+		localVarQueryParams.Add("scheduled", parameterToString(*r.scheduled, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiPauseAgentPoolsUpdateRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiPauseAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.PauseAgentPoolsUpdateExecute(r)
+}
+
+/*
+PauseAgentPoolsUpdate Pause an Agent Pool update
+
+Pauses running or queued Agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiPauseAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) PauseAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiPauseAgentPoolsUpdateRequest {
+	return ApiPauseAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) PauseAgentPoolsUpdateExecute(r ApiPauseAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.PauseAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}/pause"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiResumeAgentPoolsUpdateRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiResumeAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.ResumeAgentPoolsUpdateExecute(r)
+}
+
+/*
+ResumeAgentPoolsUpdate Resume an Agent Pool update
+
+Resumes running or queued Agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiResumeAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) ResumeAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiResumeAgentPoolsUpdateRequest {
+	return ApiResumeAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) ResumeAgentPoolsUpdateExecute(r ApiResumeAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.ResumeAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}/resume"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRetryAgentPoolsUpdateRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiRetryAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.RetryAgentPoolsUpdateExecute(r)
+}
+
+/*
+RetryAgentPoolsUpdate Retry an Agent Pool update
+
+Retries Agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiRetryAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) RetryAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiRetryAgentPoolsUpdateRequest {
+	return ApiRetryAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) RetryAgentPoolsUpdateExecute(r ApiRetryAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.RetryAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}/retry"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiStopAgentPoolsUpdateRequest struct {
+	ctx        context.Context
+	ApiService AgentPoolsApi
+	poolId     string
+	updateId   string
+	retryCount int32
+}
+
+func (r ApiStopAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.StopAgentPoolsUpdateExecute(r)
+}
+
+/*
+StopAgentPoolsUpdate Stop an Agent Pool update
+
+Stops Agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiStopAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) StopAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiStopAgentPoolsUpdateRequest {
+	return ApiStopAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) StopAgentPoolsUpdateExecute(r ApiStopAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.StopAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}/stop"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateAgentPoolsUpdateRequest struct {
+	ctx             context.Context
+	ApiService      AgentPoolsApi
+	poolId          string
+	updateId        string
+	agentPoolUpdate *AgentPoolUpdate
+	retryCount      int32
+}
+
+func (r ApiUpdateAgentPoolsUpdateRequest) AgentPoolUpdate(agentPoolUpdate AgentPoolUpdate) ApiUpdateAgentPoolsUpdateRequest {
+	r.agentPoolUpdate = &agentPoolUpdate
+	return r
+}
+
+func (r ApiUpdateAgentPoolsUpdateRequest) Execute() (*AgentPoolUpdate, *APIResponse, error) {
+	return r.ApiService.UpdateAgentPoolsUpdateExecute(r)
+}
+
+/*
+UpdateAgentPoolsUpdate Update an Agent Pool update by id
+
+Updates Agent pool update and return latest agent pool update
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@param updateId Id of the update
+	@return ApiUpdateAgentPoolsUpdateRequest
+*/
+func (a *AgentPoolsApiService) UpdateAgentPoolsUpdate(ctx context.Context, poolId string, updateId string) ApiUpdateAgentPoolsUpdateRequest {
+	return ApiUpdateAgentPoolsUpdateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		updateId:   updateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdate
+func (a *AgentPoolsApiService) UpdateAgentPoolsUpdateExecute(r ApiUpdateAgentPoolsUpdateRequest) (*AgentPoolUpdate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.UpdateAgentPoolsUpdate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/{updateId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"updateId"+"}", url.PathEscape(parameterToString(r.updateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.agentPoolUpdate == nil {
+		return localVarReturnValue, nil, reportError("agentPoolUpdate is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.agentPoolUpdate
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateAgentPoolsUpdateSettingsRequest struct {
+	ctx                    context.Context
+	ApiService             AgentPoolsApi
+	poolId                 string
+	agentPoolUpdateSetting *AgentPoolUpdateSetting
+	retryCount             int32
+}
+
+func (r ApiUpdateAgentPoolsUpdateSettingsRequest) AgentPoolUpdateSetting(agentPoolUpdateSetting AgentPoolUpdateSetting) ApiUpdateAgentPoolsUpdateSettingsRequest {
+	r.agentPoolUpdateSetting = &agentPoolUpdateSetting
+	return r
+}
+
+func (r ApiUpdateAgentPoolsUpdateSettingsRequest) Execute() (*AgentPoolUpdateSetting, *APIResponse, error) {
+	return r.ApiService.UpdateAgentPoolsUpdateSettingsExecute(r)
+}
+
+/*
+UpdateAgentPoolsUpdateSettings Update an Agent Pool update settings
+
+Updates an agent pool update settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param poolId Id of the agent pool for which the settings will apply
+	@return ApiUpdateAgentPoolsUpdateSettingsRequest
+*/
+func (a *AgentPoolsApiService) UpdateAgentPoolsUpdateSettings(ctx context.Context, poolId string) ApiUpdateAgentPoolsUpdateSettingsRequest {
+	return ApiUpdateAgentPoolsUpdateSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		poolId:     poolId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AgentPoolUpdateSetting
+func (a *AgentPoolsApiService) UpdateAgentPoolsUpdateSettingsExecute(r ApiUpdateAgentPoolsUpdateSettingsRequest) (*AgentPoolUpdateSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AgentPoolUpdateSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AgentPoolsApiService.UpdateAgentPoolsUpdateSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/agentPools/{poolId}/updates/settings"
+	localVarPath = strings.Replace(localVarPath, "{"+"poolId"+"}", url.PathEscape(parameterToString(r.poolId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.agentPoolUpdateSetting == nil {
+		return localVarReturnValue, nil, reportError("agentPoolUpdateSetting is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.agentPoolUpdateSetting
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_api_token.go b/okta/api_api_token.go
new file mode 100644
index 000000000..219d02e69
--- /dev/null
+++ b/okta/api_api_token.go
@@ -0,0 +1,732 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type ApiTokenApi interface {
+	/*
+		GetApiToken Retrieve an API Token's Metadata
+
+		Retrieves the metadata for an active API token by id
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param apiTokenId id of the API Token
+		@return ApiGetApiTokenRequest
+	*/
+	GetApiToken(ctx context.Context, apiTokenId string) ApiGetApiTokenRequest
+
+	// GetApiTokenExecute executes the request
+	//  @return ApiToken
+	GetApiTokenExecute(r ApiGetApiTokenRequest) (*ApiToken, *APIResponse, error)
+
+	/*
+		ListApiTokens List all API Token Metadata
+
+		Lists all the metadata of the active API tokens
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListApiTokensRequest
+	*/
+	ListApiTokens(ctx context.Context) ApiListApiTokensRequest
+
+	// ListApiTokensExecute executes the request
+	//  @return []ApiToken
+	ListApiTokensExecute(r ApiListApiTokensRequest) ([]ApiToken, *APIResponse, error)
+
+	/*
+		RevokeApiToken Revoke an API Token
+
+		Revokes an API token by `apiTokenId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param apiTokenId id of the API Token
+		@return ApiRevokeApiTokenRequest
+	*/
+	RevokeApiToken(ctx context.Context, apiTokenId string) ApiRevokeApiTokenRequest
+
+	// RevokeApiTokenExecute executes the request
+	RevokeApiTokenExecute(r ApiRevokeApiTokenRequest) (*APIResponse, error)
+
+	/*
+		RevokeCurrentApiToken Revoke the Current API Token
+
+		Revokes the API token provided in the Authorization header
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiRevokeCurrentApiTokenRequest
+	*/
+	RevokeCurrentApiToken(ctx context.Context) ApiRevokeCurrentApiTokenRequest
+
+	// RevokeCurrentApiTokenExecute executes the request
+	RevokeCurrentApiTokenExecute(r ApiRevokeCurrentApiTokenRequest) (*APIResponse, error)
+}
+
+// ApiTokenApiService ApiTokenApi service
+type ApiTokenApiService service
+
+type ApiGetApiTokenRequest struct {
+	ctx        context.Context
+	ApiService ApiTokenApi
+	apiTokenId string
+	retryCount int32
+}
+
+func (r ApiGetApiTokenRequest) Execute() (*ApiToken, *APIResponse, error) {
+	return r.ApiService.GetApiTokenExecute(r)
+}
+
+/*
+GetApiToken Retrieve an API Token's Metadata
+
+Retrieves the metadata for an active API token by id
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param apiTokenId id of the API Token
+	@return ApiGetApiTokenRequest
+*/
+func (a *ApiTokenApiService) GetApiToken(ctx context.Context, apiTokenId string) ApiGetApiTokenRequest {
+	return ApiGetApiTokenRequest{
+		ApiService: a,
+		ctx:        ctx,
+		apiTokenId: apiTokenId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ApiToken
+func (a *ApiTokenApiService) GetApiTokenExecute(r ApiGetApiTokenRequest) (*ApiToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ApiToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApiTokenApiService.GetApiToken")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/api-tokens/{apiTokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"apiTokenId"+"}", url.PathEscape(parameterToString(r.apiTokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListApiTokensRequest struct {
+	ctx        context.Context
+	ApiService ApiTokenApi
+	after      *string
+	limit      *int32
+	q          *string
+	retryCount int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListApiTokensRequest) After(after string) ApiListApiTokensRequest {
+	r.after = &after
+	return r
+}
+
+// A limit on the number of objects to return.
+func (r ApiListApiTokensRequest) Limit(limit int32) ApiListApiTokensRequest {
+	r.limit = &limit
+	return r
+}
+
+// Finds a token that matches the name or clientName.
+func (r ApiListApiTokensRequest) Q(q string) ApiListApiTokensRequest {
+	r.q = &q
+	return r
+}
+
+func (r ApiListApiTokensRequest) Execute() ([]ApiToken, *APIResponse, error) {
+	return r.ApiService.ListApiTokensExecute(r)
+}
+
+/*
+ListApiTokens List all API Token Metadata
+
+Lists all the metadata of the active API tokens
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListApiTokensRequest
+*/
+func (a *ApiTokenApiService) ListApiTokens(ctx context.Context) ApiListApiTokensRequest {
+	return ApiListApiTokensRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ApiToken
+func (a *ApiTokenApiService) ListApiTokensExecute(r ApiListApiTokensRequest) ([]ApiToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ApiToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApiTokenApiService.ListApiTokens")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/api-tokens"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRevokeApiTokenRequest struct {
+	ctx        context.Context
+	ApiService ApiTokenApi
+	apiTokenId string
+	retryCount int32
+}
+
+func (r ApiRevokeApiTokenRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeApiTokenExecute(r)
+}
+
+/*
+RevokeApiToken Revoke an API Token
+
+Revokes an API token by `apiTokenId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param apiTokenId id of the API Token
+	@return ApiRevokeApiTokenRequest
+*/
+func (a *ApiTokenApiService) RevokeApiToken(ctx context.Context, apiTokenId string) ApiRevokeApiTokenRequest {
+	return ApiRevokeApiTokenRequest{
+		ApiService: a,
+		ctx:        ctx,
+		apiTokenId: apiTokenId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApiTokenApiService) RevokeApiTokenExecute(r ApiRevokeApiTokenRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApiTokenApiService.RevokeApiToken")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/api-tokens/{apiTokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"apiTokenId"+"}", url.PathEscape(parameterToString(r.apiTokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeCurrentApiTokenRequest struct {
+	ctx        context.Context
+	ApiService ApiTokenApi
+	retryCount int32
+}
+
+func (r ApiRevokeCurrentApiTokenRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeCurrentApiTokenExecute(r)
+}
+
+/*
+RevokeCurrentApiToken Revoke the Current API Token
+
+Revokes the API token provided in the Authorization header
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiRevokeCurrentApiTokenRequest
+*/
+func (a *ApiTokenApiService) RevokeCurrentApiToken(ctx context.Context) ApiRevokeCurrentApiTokenRequest {
+	return ApiRevokeCurrentApiTokenRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApiTokenApiService) RevokeCurrentApiTokenExecute(r ApiRevokeCurrentApiTokenRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApiTokenApiService.RevokeCurrentApiToken")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/api-tokens/current"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_application.go b/okta/api_application.go
new file mode 100644
index 000000000..4d6abf8d7
--- /dev/null
+++ b/okta/api_application.go
@@ -0,0 +1,8069 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+)
+
+type ApplicationApi interface {
+	/*
+		ActivateApplication Activate an Application
+
+		Activates an inactive application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiActivateApplicationRequest
+	*/
+	ActivateApplication(ctx context.Context, appId string) ApiActivateApplicationRequest
+
+	// ActivateApplicationExecute executes the request
+	ActivateApplicationExecute(r ApiActivateApplicationRequest) (*APIResponse, error)
+
+	/*
+		ActivateDefaultProvisioningConnectionForApplication Activate the default Provisioning Connection
+
+		Activates the default Provisioning Connection for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiActivateDefaultProvisioningConnectionForApplicationRequest
+	*/
+	ActivateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiActivateDefaultProvisioningConnectionForApplicationRequest
+
+	// ActivateDefaultProvisioningConnectionForApplicationExecute executes the request
+	ActivateDefaultProvisioningConnectionForApplicationExecute(r ApiActivateDefaultProvisioningConnectionForApplicationRequest) (*APIResponse, error)
+
+	/*
+		AssignApplicationPolicy Assign an Application to a Policy
+
+		Assigns an application to a policy identified by `policyId`. If the application was previously assigned to another policy, this removes that assignment.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param policyId
+		@return ApiAssignApplicationPolicyRequest
+	*/
+	AssignApplicationPolicy(ctx context.Context, appId string, policyId string) ApiAssignApplicationPolicyRequest
+
+	// AssignApplicationPolicyExecute executes the request
+	AssignApplicationPolicyExecute(r ApiAssignApplicationPolicyRequest) (*APIResponse, error)
+
+	/*
+		AssignGroupToApplication Assign a Group
+
+		Assigns a group to an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param groupId
+		@return ApiAssignGroupToApplicationRequest
+	*/
+	AssignGroupToApplication(ctx context.Context, appId string, groupId string) ApiAssignGroupToApplicationRequest
+
+	// AssignGroupToApplicationExecute executes the request
+	//  @return ApplicationGroupAssignment
+	AssignGroupToApplicationExecute(r ApiAssignGroupToApplicationRequest) (*ApplicationGroupAssignment, *APIResponse, error)
+
+	/*
+		AssignUserToApplication Assign a User
+
+		Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiAssignUserToApplicationRequest
+	*/
+	AssignUserToApplication(ctx context.Context, appId string) ApiAssignUserToApplicationRequest
+
+	// AssignUserToApplicationExecute executes the request
+	//  @return AppUser
+	AssignUserToApplicationExecute(r ApiAssignUserToApplicationRequest) (*AppUser, *APIResponse, error)
+
+	/*
+		CloneApplicationKey Clone a Key Credential
+
+		Clones a X.509 certificate for an application key credential from a source application to target application.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param keyId
+		@return ApiCloneApplicationKeyRequest
+	*/
+	CloneApplicationKey(ctx context.Context, appId string, keyId string) ApiCloneApplicationKeyRequest
+
+	// CloneApplicationKeyExecute executes the request
+	//  @return JsonWebKey
+	CloneApplicationKeyExecute(r ApiCloneApplicationKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		CreateApplication Create an Application
+
+		Creates a new application to your Okta organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateApplicationRequest
+	*/
+	CreateApplication(ctx context.Context) ApiCreateApplicationRequest
+
+	// CreateApplicationExecute executes the request
+	//  @return ListApplications200ResponseInner
+	CreateApplicationExecute(r ApiCreateApplicationRequest) (*ListApplications200ResponseInner, *APIResponse, error)
+
+	/*
+		DeactivateApplication Deactivate an Application
+
+		Deactivates an active application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiDeactivateApplicationRequest
+	*/
+	DeactivateApplication(ctx context.Context, appId string) ApiDeactivateApplicationRequest
+
+	// DeactivateApplicationExecute executes the request
+	DeactivateApplicationExecute(r ApiDeactivateApplicationRequest) (*APIResponse, error)
+
+	/*
+		DeactivateDefaultProvisioningConnectionForApplication Deactivate the default Provisioning Connection for an Application
+
+		Deactivates the default Provisioning Connection for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiDeactivateDefaultProvisioningConnectionForApplicationRequest
+	*/
+	DeactivateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiDeactivateDefaultProvisioningConnectionForApplicationRequest
+
+	// DeactivateDefaultProvisioningConnectionForApplicationExecute executes the request
+	DeactivateDefaultProvisioningConnectionForApplicationExecute(r ApiDeactivateDefaultProvisioningConnectionForApplicationRequest) (*APIResponse, error)
+
+	/*
+		DeleteApplication Delete an Application
+
+		Deletes an inactive application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiDeleteApplicationRequest
+	*/
+	DeleteApplication(ctx context.Context, appId string) ApiDeleteApplicationRequest
+
+	// DeleteApplicationExecute executes the request
+	DeleteApplicationExecute(r ApiDeleteApplicationRequest) (*APIResponse, error)
+
+	/*
+		GenerateApplicationKey Generate a Key Credential
+
+		Generates a new X.509 certificate for an application key credential
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiGenerateApplicationKeyRequest
+	*/
+	GenerateApplicationKey(ctx context.Context, appId string) ApiGenerateApplicationKeyRequest
+
+	// GenerateApplicationKeyExecute executes the request
+	//  @return JsonWebKey
+	GenerateApplicationKeyExecute(r ApiGenerateApplicationKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		GenerateCsrForApplication Generate a Certificate Signing Request
+
+		Generates a new key pair and returns the Certificate Signing Request for it
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiGenerateCsrForApplicationRequest
+	*/
+	GenerateCsrForApplication(ctx context.Context, appId string) ApiGenerateCsrForApplicationRequest
+
+	// GenerateCsrForApplicationExecute executes the request
+	//  @return Csr
+	GenerateCsrForApplicationExecute(r ApiGenerateCsrForApplicationRequest) (*Csr, *APIResponse, error)
+
+	/*
+		GetApplication Retrieve an Application
+
+		Retrieves an application from your Okta organization by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiGetApplicationRequest
+	*/
+	GetApplication(ctx context.Context, appId string) ApiGetApplicationRequest
+
+	// GetApplicationExecute executes the request
+	//  @return ListApplications200ResponseInner
+	GetApplicationExecute(r ApiGetApplicationRequest) (*ListApplications200ResponseInner, *APIResponse, error)
+
+	/*
+		GetApplicationGroupAssignment Retrieve an Assigned Group
+
+		Retrieves an application group assignment
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param groupId
+		@return ApiGetApplicationGroupAssignmentRequest
+	*/
+	GetApplicationGroupAssignment(ctx context.Context, appId string, groupId string) ApiGetApplicationGroupAssignmentRequest
+
+	// GetApplicationGroupAssignmentExecute executes the request
+	//  @return ApplicationGroupAssignment
+	GetApplicationGroupAssignmentExecute(r ApiGetApplicationGroupAssignmentRequest) (*ApplicationGroupAssignment, *APIResponse, error)
+
+	/*
+		GetApplicationKey Retrieve a Key Credential
+
+		Retrieves a specific application key credential by kid
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param keyId
+		@return ApiGetApplicationKeyRequest
+	*/
+	GetApplicationKey(ctx context.Context, appId string, keyId string) ApiGetApplicationKeyRequest
+
+	// GetApplicationKeyExecute executes the request
+	//  @return JsonWebKey
+	GetApplicationKeyExecute(r ApiGetApplicationKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		GetApplicationUser Retrieve an Assigned User
+
+		Retrieves a specific user assignment for application by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param userId
+		@return ApiGetApplicationUserRequest
+	*/
+	GetApplicationUser(ctx context.Context, appId string, userId string) ApiGetApplicationUserRequest
+
+	// GetApplicationUserExecute executes the request
+	//  @return AppUser
+	GetApplicationUserExecute(r ApiGetApplicationUserRequest) (*AppUser, *APIResponse, error)
+
+	/*
+		GetCsrForApplication Retrieve a Certificate Signing Request
+
+		Retrieves a certificate signing request for the app by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param csrId
+		@return ApiGetCsrForApplicationRequest
+	*/
+	GetCsrForApplication(ctx context.Context, appId string, csrId string) ApiGetCsrForApplicationRequest
+
+	// GetCsrForApplicationExecute executes the request
+	//  @return Csr
+	GetCsrForApplicationExecute(r ApiGetCsrForApplicationRequest) (*Csr, *APIResponse, error)
+
+	/*
+		GetDefaultProvisioningConnectionForApplication Retrieve the default Provisioning Connection
+
+		Retrieves the default Provisioning Connection for application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiGetDefaultProvisioningConnectionForApplicationRequest
+	*/
+	GetDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiGetDefaultProvisioningConnectionForApplicationRequest
+
+	// GetDefaultProvisioningConnectionForApplicationExecute executes the request
+	//  @return ProvisioningConnection
+	GetDefaultProvisioningConnectionForApplicationExecute(r ApiGetDefaultProvisioningConnectionForApplicationRequest) (*ProvisioningConnection, *APIResponse, error)
+
+	/*
+		GetFeatureForApplication Retrieve a Feature
+
+		Retrieves a Feature object for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param name
+		@return ApiGetFeatureForApplicationRequest
+	*/
+	GetFeatureForApplication(ctx context.Context, appId string, name string) ApiGetFeatureForApplicationRequest
+
+	// GetFeatureForApplicationExecute executes the request
+	//  @return ApplicationFeature
+	GetFeatureForApplicationExecute(r ApiGetFeatureForApplicationRequest) (*ApplicationFeature, *APIResponse, error)
+
+	/*
+		GetOAuth2TokenForApplication Retrieve an OAuth 2.0 Token
+
+		Retrieves a token for the specified application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param tokenId
+		@return ApiGetOAuth2TokenForApplicationRequest
+	*/
+	GetOAuth2TokenForApplication(ctx context.Context, appId string, tokenId string) ApiGetOAuth2TokenForApplicationRequest
+
+	// GetOAuth2TokenForApplicationExecute executes the request
+	//  @return OAuth2Token
+	GetOAuth2TokenForApplicationExecute(r ApiGetOAuth2TokenForApplicationRequest) (*OAuth2Token, *APIResponse, error)
+
+	/*
+		GetScopeConsentGrant Retrieve a Scope Consent Grant
+
+		Retrieves a single scope consent grant for the application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param grantId
+		@return ApiGetScopeConsentGrantRequest
+	*/
+	GetScopeConsentGrant(ctx context.Context, appId string, grantId string) ApiGetScopeConsentGrantRequest
+
+	// GetScopeConsentGrantExecute executes the request
+	//  @return OAuth2ScopeConsentGrant
+	GetScopeConsentGrantExecute(r ApiGetScopeConsentGrantRequest) (*OAuth2ScopeConsentGrant, *APIResponse, error)
+
+	/*
+		GrantConsentToScope Grant Consent to Scope
+
+		Grants consent for the application to request an OAuth 2.0 Okta scope
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiGrantConsentToScopeRequest
+	*/
+	GrantConsentToScope(ctx context.Context, appId string) ApiGrantConsentToScopeRequest
+
+	// GrantConsentToScopeExecute executes the request
+	//  @return OAuth2ScopeConsentGrant
+	GrantConsentToScopeExecute(r ApiGrantConsentToScopeRequest) (*OAuth2ScopeConsentGrant, *APIResponse, error)
+
+	/*
+		ListApplicationGroupAssignments List all Assigned Groups
+
+		Lists all group assignments for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiListApplicationGroupAssignmentsRequest
+	*/
+	ListApplicationGroupAssignments(ctx context.Context, appId string) ApiListApplicationGroupAssignmentsRequest
+
+	// ListApplicationGroupAssignmentsExecute executes the request
+	//  @return []ApplicationGroupAssignment
+	ListApplicationGroupAssignmentsExecute(r ApiListApplicationGroupAssignmentsRequest) ([]ApplicationGroupAssignment, *APIResponse, error)
+
+	/*
+		ListApplicationKeys List all Key Credentials
+
+		Lists all key credentials for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiListApplicationKeysRequest
+	*/
+	ListApplicationKeys(ctx context.Context, appId string) ApiListApplicationKeysRequest
+
+	// ListApplicationKeysExecute executes the request
+	//  @return []JsonWebKey
+	ListApplicationKeysExecute(r ApiListApplicationKeysRequest) ([]JsonWebKey, *APIResponse, error)
+
+	/*
+		ListApplicationUsers List all Assigned Users
+
+		Lists all assigned [application users](#application-user-model) for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiListApplicationUsersRequest
+	*/
+	ListApplicationUsers(ctx context.Context, appId string) ApiListApplicationUsersRequest
+
+	// ListApplicationUsersExecute executes the request
+	//  @return []AppUser
+	ListApplicationUsersExecute(r ApiListApplicationUsersRequest) ([]AppUser, *APIResponse, error)
+
+	/*
+		ListApplications List all Applications
+
+		Lists all applications with pagination. A subset of apps can be returned that match a supported filter expression or query.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListApplicationsRequest
+	*/
+	ListApplications(ctx context.Context) ApiListApplicationsRequest
+
+	// ListApplicationsExecute executes the request
+	//  @return []ListApplications200ResponseInner
+	ListApplicationsExecute(r ApiListApplicationsRequest) ([]ListApplications200ResponseInner, *APIResponse, error)
+
+	/*
+		ListCsrsForApplication List all Certificate Signing Requests
+
+		Lists all Certificate Signing Requests for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiListCsrsForApplicationRequest
+	*/
+	ListCsrsForApplication(ctx context.Context, appId string) ApiListCsrsForApplicationRequest
+
+	// ListCsrsForApplicationExecute executes the request
+	//  @return []Csr
+	ListCsrsForApplicationExecute(r ApiListCsrsForApplicationRequest) ([]Csr, *APIResponse, error)
+
+	/*
+		ListFeaturesForApplication List all Features
+
+		Lists all features for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiListFeaturesForApplicationRequest
+	*/
+	ListFeaturesForApplication(ctx context.Context, appId string) ApiListFeaturesForApplicationRequest
+
+	// ListFeaturesForApplicationExecute executes the request
+	//  @return []ApplicationFeature
+	ListFeaturesForApplicationExecute(r ApiListFeaturesForApplicationRequest) ([]ApplicationFeature, *APIResponse, error)
+
+	/*
+		ListOAuth2TokensForApplication List all OAuth 2.0 Tokens
+
+		Lists all tokens for the application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiListOAuth2TokensForApplicationRequest
+	*/
+	ListOAuth2TokensForApplication(ctx context.Context, appId string) ApiListOAuth2TokensForApplicationRequest
+
+	// ListOAuth2TokensForApplicationExecute executes the request
+	//  @return []OAuth2Token
+	ListOAuth2TokensForApplicationExecute(r ApiListOAuth2TokensForApplicationRequest) ([]OAuth2Token, *APIResponse, error)
+
+	/*
+		ListScopeConsentGrants List all Scope Consent Grants
+
+		Lists all scope consent grants for the application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiListScopeConsentGrantsRequest
+	*/
+	ListScopeConsentGrants(ctx context.Context, appId string) ApiListScopeConsentGrantsRequest
+
+	// ListScopeConsentGrantsExecute executes the request
+	//  @return []OAuth2ScopeConsentGrant
+	ListScopeConsentGrantsExecute(r ApiListScopeConsentGrantsRequest) ([]OAuth2ScopeConsentGrant, *APIResponse, error)
+
+	/*
+		PublishCsrFromApplication Publish a Certificate Signing Request
+
+		Publishes a certificate signing request for the app with a signed X.509 certificate and adds it into the application key credentials
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param csrId
+		@return ApiPublishCsrFromApplicationRequest
+	*/
+	PublishCsrFromApplication(ctx context.Context, appId string, csrId string) ApiPublishCsrFromApplicationRequest
+
+	// PublishCsrFromApplicationExecute executes the request
+	//  @return JsonWebKey
+	PublishCsrFromApplicationExecute(r ApiPublishCsrFromApplicationRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		ReplaceApplication Replace an Application
+
+		Replaces an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiReplaceApplicationRequest
+	*/
+	ReplaceApplication(ctx context.Context, appId string) ApiReplaceApplicationRequest
+
+	// ReplaceApplicationExecute executes the request
+	//  @return ListApplications200ResponseInner
+	ReplaceApplicationExecute(r ApiReplaceApplicationRequest) (*ListApplications200ResponseInner, *APIResponse, error)
+
+	/*
+		RevokeCsrFromApplication Revoke a Certificate Signing Request
+
+		Revokes a certificate signing request and deletes the key pair from the application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param csrId
+		@return ApiRevokeCsrFromApplicationRequest
+	*/
+	RevokeCsrFromApplication(ctx context.Context, appId string, csrId string) ApiRevokeCsrFromApplicationRequest
+
+	// RevokeCsrFromApplicationExecute executes the request
+	RevokeCsrFromApplicationExecute(r ApiRevokeCsrFromApplicationRequest) (*APIResponse, error)
+
+	/*
+		RevokeOAuth2TokenForApplication Revoke an OAuth 2.0 Token
+
+		Revokes the specified token for the specified application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param tokenId
+		@return ApiRevokeOAuth2TokenForApplicationRequest
+	*/
+	RevokeOAuth2TokenForApplication(ctx context.Context, appId string, tokenId string) ApiRevokeOAuth2TokenForApplicationRequest
+
+	// RevokeOAuth2TokenForApplicationExecute executes the request
+	RevokeOAuth2TokenForApplicationExecute(r ApiRevokeOAuth2TokenForApplicationRequest) (*APIResponse, error)
+
+	/*
+		RevokeOAuth2TokensForApplication Revoke all OAuth 2.0 Tokens
+
+		Revokes all tokens for the specified application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiRevokeOAuth2TokensForApplicationRequest
+	*/
+	RevokeOAuth2TokensForApplication(ctx context.Context, appId string) ApiRevokeOAuth2TokensForApplicationRequest
+
+	// RevokeOAuth2TokensForApplicationExecute executes the request
+	RevokeOAuth2TokensForApplicationExecute(r ApiRevokeOAuth2TokensForApplicationRequest) (*APIResponse, error)
+
+	/*
+		RevokeScopeConsentGrant Revoke a Scope Consent Grant
+
+		Revokes permission for the application to request the given scope
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param grantId
+		@return ApiRevokeScopeConsentGrantRequest
+	*/
+	RevokeScopeConsentGrant(ctx context.Context, appId string, grantId string) ApiRevokeScopeConsentGrantRequest
+
+	// RevokeScopeConsentGrantExecute executes the request
+	RevokeScopeConsentGrantExecute(r ApiRevokeScopeConsentGrantRequest) (*APIResponse, error)
+
+	/*
+		UnassignApplicationFromGroup Unassign a Group
+
+		Unassigns a group from an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param groupId
+		@return ApiUnassignApplicationFromGroupRequest
+	*/
+	UnassignApplicationFromGroup(ctx context.Context, appId string, groupId string) ApiUnassignApplicationFromGroupRequest
+
+	// UnassignApplicationFromGroupExecute executes the request
+	UnassignApplicationFromGroupExecute(r ApiUnassignApplicationFromGroupRequest) (*APIResponse, error)
+
+	/*
+		UnassignUserFromApplication Unassign a User
+
+		Unassigns a user from an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param userId
+		@return ApiUnassignUserFromApplicationRequest
+	*/
+	UnassignUserFromApplication(ctx context.Context, appId string, userId string) ApiUnassignUserFromApplicationRequest
+
+	// UnassignUserFromApplicationExecute executes the request
+	UnassignUserFromApplicationExecute(r ApiUnassignUserFromApplicationRequest) (*APIResponse, error)
+
+	/*
+		UpdateApplicationUser Update an Application Profile for Assigned User
+
+		Updates a user's profile for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param userId
+		@return ApiUpdateApplicationUserRequest
+	*/
+	UpdateApplicationUser(ctx context.Context, appId string, userId string) ApiUpdateApplicationUserRequest
+
+	// UpdateApplicationUserExecute executes the request
+	//  @return AppUser
+	UpdateApplicationUserExecute(r ApiUpdateApplicationUserRequest) (*AppUser, *APIResponse, error)
+
+	/*
+		UpdateDefaultProvisioningConnectionForApplication Update the default Provisioning Connection
+
+		Updates the default provisioning connection for application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiUpdateDefaultProvisioningConnectionForApplicationRequest
+	*/
+	UpdateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiUpdateDefaultProvisioningConnectionForApplicationRequest
+
+	// UpdateDefaultProvisioningConnectionForApplicationExecute executes the request
+	//  @return ProvisioningConnection
+	UpdateDefaultProvisioningConnectionForApplicationExecute(r ApiUpdateDefaultProvisioningConnectionForApplicationRequest) (*ProvisioningConnection, *APIResponse, error)
+
+	/*
+		UpdateFeatureForApplication Update a Feature
+
+		Updates a Feature object for an application
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@param name
+		@return ApiUpdateFeatureForApplicationRequest
+	*/
+	UpdateFeatureForApplication(ctx context.Context, appId string, name string) ApiUpdateFeatureForApplicationRequest
+
+	// UpdateFeatureForApplicationExecute executes the request
+	//  @return ApplicationFeature
+	UpdateFeatureForApplicationExecute(r ApiUpdateFeatureForApplicationRequest) (*ApplicationFeature, *APIResponse, error)
+
+	/*
+		UploadApplicationLogo Upload a Logo
+
+		Uploads a logo for the application. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appId
+		@return ApiUploadApplicationLogoRequest
+	*/
+	UploadApplicationLogo(ctx context.Context, appId string) ApiUploadApplicationLogoRequest
+
+	// UploadApplicationLogoExecute executes the request
+	UploadApplicationLogoExecute(r ApiUploadApplicationLogoRequest) (*APIResponse, error)
+}
+
+// ApplicationApiService ApplicationApi service
+type ApplicationApiService service
+
+type ApiActivateApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiActivateApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivateApplicationExecute(r)
+}
+
+/*
+ActivateApplication Activate an Application
+
+Activates an inactive application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiActivateApplicationRequest
+*/
+func (a *ApplicationApiService) ActivateApplication(ctx context.Context, appId string) ApiActivateApplicationRequest {
+	return ApiActivateApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) ActivateApplicationExecute(r ApiActivateApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ActivateApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiActivateDefaultProvisioningConnectionForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiActivateDefaultProvisioningConnectionForApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivateDefaultProvisioningConnectionForApplicationExecute(r)
+}
+
+/*
+ActivateDefaultProvisioningConnectionForApplication Activate the default Provisioning Connection
+
+Activates the default Provisioning Connection for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiActivateDefaultProvisioningConnectionForApplicationRequest
+*/
+func (a *ApplicationApiService) ActivateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiActivateDefaultProvisioningConnectionForApplicationRequest {
+	return ApiActivateDefaultProvisioningConnectionForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) ActivateDefaultProvisioningConnectionForApplicationExecute(r ApiActivateDefaultProvisioningConnectionForApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ActivateDefaultProvisioningConnectionForApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/connections/default/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignApplicationPolicyRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	policyId   string
+	retryCount int32
+}
+
+func (r ApiAssignApplicationPolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignApplicationPolicyExecute(r)
+}
+
+/*
+AssignApplicationPolicy Assign an Application to a Policy
+
+Assigns an application to a policy identified by `policyId`. If the application was previously assigned to another policy, this removes that assignment.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param policyId
+	@return ApiAssignApplicationPolicyRequest
+*/
+func (a *ApplicationApiService) AssignApplicationPolicy(ctx context.Context, appId string, policyId string) ApiAssignApplicationPolicyRequest {
+	return ApiAssignApplicationPolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) AssignApplicationPolicyExecute(r ApiAssignApplicationPolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.AssignApplicationPolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/policies/{policyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignGroupToApplicationRequest struct {
+	ctx                        context.Context
+	ApiService                 ApplicationApi
+	appId                      string
+	groupId                    string
+	applicationGroupAssignment *ApplicationGroupAssignment
+	retryCount                 int32
+}
+
+func (r ApiAssignGroupToApplicationRequest) ApplicationGroupAssignment(applicationGroupAssignment ApplicationGroupAssignment) ApiAssignGroupToApplicationRequest {
+	r.applicationGroupAssignment = &applicationGroupAssignment
+	return r
+}
+
+func (r ApiAssignGroupToApplicationRequest) Execute() (*ApplicationGroupAssignment, *APIResponse, error) {
+	return r.ApiService.AssignGroupToApplicationExecute(r)
+}
+
+/*
+AssignGroupToApplication Assign a Group
+
+Assigns a group to an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param groupId
+	@return ApiAssignGroupToApplicationRequest
+*/
+func (a *ApplicationApiService) AssignGroupToApplication(ctx context.Context, appId string, groupId string) ApiAssignGroupToApplicationRequest {
+	return ApiAssignGroupToApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ApplicationGroupAssignment
+func (a *ApplicationApiService) AssignGroupToApplicationExecute(r ApiAssignGroupToApplicationRequest) (*ApplicationGroupAssignment, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ApplicationGroupAssignment
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.AssignGroupToApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.applicationGroupAssignment
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiAssignUserToApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	appUser    *AppUser
+	retryCount int32
+}
+
+func (r ApiAssignUserToApplicationRequest) AppUser(appUser AppUser) ApiAssignUserToApplicationRequest {
+	r.appUser = &appUser
+	return r
+}
+
+func (r ApiAssignUserToApplicationRequest) Execute() (*AppUser, *APIResponse, error) {
+	return r.ApiService.AssignUserToApplicationExecute(r)
+}
+
+/*
+AssignUserToApplication Assign a User
+
+Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiAssignUserToApplicationRequest
+*/
+func (a *ApplicationApiService) AssignUserToApplication(ctx context.Context, appId string) ApiAssignUserToApplicationRequest {
+	return ApiAssignUserToApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AppUser
+func (a *ApplicationApiService) AssignUserToApplicationExecute(r ApiAssignUserToApplicationRequest) (*AppUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AppUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.AssignUserToApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/users"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.appUser == nil {
+		return localVarReturnValue, nil, reportError("appUser is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.appUser
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCloneApplicationKeyRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	keyId      string
+	targetAid  *string
+	retryCount int32
+}
+
+// Unique key of the target Application
+func (r ApiCloneApplicationKeyRequest) TargetAid(targetAid string) ApiCloneApplicationKeyRequest {
+	r.targetAid = &targetAid
+	return r
+}
+
+func (r ApiCloneApplicationKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.CloneApplicationKeyExecute(r)
+}
+
+/*
+CloneApplicationKey Clone a Key Credential
+
+Clones a X.509 certificate for an application key credential from a source application to target application.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param keyId
+	@return ApiCloneApplicationKeyRequest
+*/
+func (a *ApplicationApiService) CloneApplicationKey(ctx context.Context, appId string, keyId string) ApiCloneApplicationKeyRequest {
+	return ApiCloneApplicationKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		keyId:      keyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *ApplicationApiService) CloneApplicationKeyExecute(r ApiCloneApplicationKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.CloneApplicationKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/keys/{keyId}/clone"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"keyId"+"}", url.PathEscape(parameterToString(r.keyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.targetAid == nil {
+		return localVarReturnValue, nil, reportError("targetAid is required and must be specified")
+	}
+
+	localVarQueryParams.Add("targetAid", parameterToString(*r.targetAid, ""))
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateApplicationRequest struct {
+	ctx                    context.Context
+	ApiService             ApplicationApi
+	application            *ListApplications200ResponseInner
+	activate               *bool
+	oktaAccessGatewayAgent *string
+	retryCount             int32
+}
+
+func (r ApiCreateApplicationRequest) Application(application ListApplications200ResponseInner) ApiCreateApplicationRequest {
+	r.application = &application
+	return r
+}
+
+// Executes activation lifecycle operation when creating the app
+func (r ApiCreateApplicationRequest) Activate(activate bool) ApiCreateApplicationRequest {
+	r.activate = &activate
+	return r
+}
+
+func (r ApiCreateApplicationRequest) OktaAccessGatewayAgent(oktaAccessGatewayAgent string) ApiCreateApplicationRequest {
+	r.oktaAccessGatewayAgent = &oktaAccessGatewayAgent
+	return r
+}
+
+func (r ApiCreateApplicationRequest) Execute() (*ListApplications200ResponseInner, *APIResponse, error) {
+	return r.ApiService.CreateApplicationExecute(r)
+}
+
+/*
+CreateApplication Create an Application
+
+Creates a new application to your Okta organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateApplicationRequest
+*/
+func (a *ApplicationApiService) CreateApplication(ctx context.Context) ApiCreateApplicationRequest {
+	return ApiCreateApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListApplications200ResponseInner
+func (a *ApplicationApiService) CreateApplicationExecute(r ApiCreateApplicationRequest) (*ListApplications200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListApplications200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.CreateApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.application == nil {
+		return localVarReturnValue, nil, reportError("application is required and must be specified")
+	}
+
+	if r.activate != nil {
+		localVarQueryParams.Add("activate", parameterToString(*r.activate, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.oktaAccessGatewayAgent != nil {
+		localVarHeaderParams["OktaAccessGateway-Agent"] = parameterToString(*r.oktaAccessGatewayAgent, "")
+	}
+	// body params
+	localVarPostBody = r.application
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiDeactivateApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateApplicationExecute(r)
+}
+
+/*
+DeactivateApplication Deactivate an Application
+
+Deactivates an active application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiDeactivateApplicationRequest
+*/
+func (a *ApplicationApiService) DeactivateApplication(ctx context.Context, appId string) ApiDeactivateApplicationRequest {
+	return ApiDeactivateApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) DeactivateApplicationExecute(r ApiDeactivateApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.DeactivateApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeactivateDefaultProvisioningConnectionForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiDeactivateDefaultProvisioningConnectionForApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateDefaultProvisioningConnectionForApplicationExecute(r)
+}
+
+/*
+DeactivateDefaultProvisioningConnectionForApplication Deactivate the default Provisioning Connection for an Application
+
+Deactivates the default Provisioning Connection for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiDeactivateDefaultProvisioningConnectionForApplicationRequest
+*/
+func (a *ApplicationApiService) DeactivateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiDeactivateDefaultProvisioningConnectionForApplicationRequest {
+	return ApiDeactivateDefaultProvisioningConnectionForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) DeactivateDefaultProvisioningConnectionForApplicationExecute(r ApiDeactivateDefaultProvisioningConnectionForApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.DeactivateDefaultProvisioningConnectionForApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/connections/default/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiDeleteApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteApplicationExecute(r)
+}
+
+/*
+DeleteApplication Delete an Application
+
+Deletes an inactive application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiDeleteApplicationRequest
+*/
+func (a *ApplicationApiService) DeleteApplication(ctx context.Context, appId string) ApiDeleteApplicationRequest {
+	return ApiDeleteApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) DeleteApplicationExecute(r ApiDeleteApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.DeleteApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGenerateApplicationKeyRequest struct {
+	ctx           context.Context
+	ApiService    ApplicationApi
+	appId         string
+	validityYears *int32
+	retryCount    int32
+}
+
+func (r ApiGenerateApplicationKeyRequest) ValidityYears(validityYears int32) ApiGenerateApplicationKeyRequest {
+	r.validityYears = &validityYears
+	return r
+}
+
+func (r ApiGenerateApplicationKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.GenerateApplicationKeyExecute(r)
+}
+
+/*
+GenerateApplicationKey Generate a Key Credential
+
+Generates a new X.509 certificate for an application key credential
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiGenerateApplicationKeyRequest
+*/
+func (a *ApplicationApiService) GenerateApplicationKey(ctx context.Context, appId string) ApiGenerateApplicationKeyRequest {
+	return ApiGenerateApplicationKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *ApplicationApiService) GenerateApplicationKeyExecute(r ApiGenerateApplicationKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GenerateApplicationKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/keys/generate"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.validityYears != nil {
+		localVarQueryParams.Add("validityYears", parameterToString(*r.validityYears, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGenerateCsrForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	metadata   *CsrMetadata
+	retryCount int32
+}
+
+func (r ApiGenerateCsrForApplicationRequest) Metadata(metadata CsrMetadata) ApiGenerateCsrForApplicationRequest {
+	r.metadata = &metadata
+	return r
+}
+
+func (r ApiGenerateCsrForApplicationRequest) Execute() (*Csr, *APIResponse, error) {
+	return r.ApiService.GenerateCsrForApplicationExecute(r)
+}
+
+/*
+GenerateCsrForApplication Generate a Certificate Signing Request
+
+Generates a new key pair and returns the Certificate Signing Request for it
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiGenerateCsrForApplicationRequest
+*/
+func (a *ApplicationApiService) GenerateCsrForApplication(ctx context.Context, appId string) ApiGenerateCsrForApplicationRequest {
+	return ApiGenerateCsrForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Csr
+func (a *ApplicationApiService) GenerateCsrForApplicationExecute(r ApiGenerateCsrForApplicationRequest) (*Csr, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Csr
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GenerateCsrForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/csrs"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.metadata == nil {
+		return localVarReturnValue, nil, reportError("metadata is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.metadata
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetApplicationRequest) Expand(expand string) ApiGetApplicationRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetApplicationRequest) Execute() (*ListApplications200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetApplicationExecute(r)
+}
+
+/*
+GetApplication Retrieve an Application
+
+Retrieves an application from your Okta organization by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiGetApplicationRequest
+*/
+func (a *ApplicationApiService) GetApplication(ctx context.Context, appId string) ApiGetApplicationRequest {
+	return ApiGetApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListApplications200ResponseInner
+func (a *ApplicationApiService) GetApplicationExecute(r ApiGetApplicationRequest) (*ListApplications200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListApplications200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetApplicationGroupAssignmentRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	groupId    string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetApplicationGroupAssignmentRequest) Expand(expand string) ApiGetApplicationGroupAssignmentRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetApplicationGroupAssignmentRequest) Execute() (*ApplicationGroupAssignment, *APIResponse, error) {
+	return r.ApiService.GetApplicationGroupAssignmentExecute(r)
+}
+
+/*
+GetApplicationGroupAssignment Retrieve an Assigned Group
+
+Retrieves an application group assignment
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param groupId
+	@return ApiGetApplicationGroupAssignmentRequest
+*/
+func (a *ApplicationApiService) GetApplicationGroupAssignment(ctx context.Context, appId string, groupId string) ApiGetApplicationGroupAssignmentRequest {
+	return ApiGetApplicationGroupAssignmentRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ApplicationGroupAssignment
+func (a *ApplicationApiService) GetApplicationGroupAssignmentExecute(r ApiGetApplicationGroupAssignmentRequest) (*ApplicationGroupAssignment, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ApplicationGroupAssignment
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetApplicationGroupAssignment")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetApplicationKeyRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	keyId      string
+	retryCount int32
+}
+
+func (r ApiGetApplicationKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.GetApplicationKeyExecute(r)
+}
+
+/*
+GetApplicationKey Retrieve a Key Credential
+
+Retrieves a specific application key credential by kid
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param keyId
+	@return ApiGetApplicationKeyRequest
+*/
+func (a *ApplicationApiService) GetApplicationKey(ctx context.Context, appId string, keyId string) ApiGetApplicationKeyRequest {
+	return ApiGetApplicationKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		keyId:      keyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *ApplicationApiService) GetApplicationKeyExecute(r ApiGetApplicationKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetApplicationKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/keys/{keyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"keyId"+"}", url.PathEscape(parameterToString(r.keyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetApplicationUserRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	userId     string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetApplicationUserRequest) Expand(expand string) ApiGetApplicationUserRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetApplicationUserRequest) Execute() (*AppUser, *APIResponse, error) {
+	return r.ApiService.GetApplicationUserExecute(r)
+}
+
+/*
+GetApplicationUser Retrieve an Assigned User
+
+Retrieves a specific user assignment for application by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param userId
+	@return ApiGetApplicationUserRequest
+*/
+func (a *ApplicationApiService) GetApplicationUser(ctx context.Context, appId string, userId string) ApiGetApplicationUserRequest {
+	return ApiGetApplicationUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AppUser
+func (a *ApplicationApiService) GetApplicationUserExecute(r ApiGetApplicationUserRequest) (*AppUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AppUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetApplicationUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetCsrForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	csrId      string
+	retryCount int32
+}
+
+func (r ApiGetCsrForApplicationRequest) Execute() (*Csr, *APIResponse, error) {
+	return r.ApiService.GetCsrForApplicationExecute(r)
+}
+
+/*
+GetCsrForApplication Retrieve a Certificate Signing Request
+
+Retrieves a certificate signing request for the app by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param csrId
+	@return ApiGetCsrForApplicationRequest
+*/
+func (a *ApplicationApiService) GetCsrForApplication(ctx context.Context, appId string, csrId string) ApiGetCsrForApplicationRequest {
+	return ApiGetCsrForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		csrId:      csrId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Csr
+func (a *ApplicationApiService) GetCsrForApplicationExecute(r ApiGetCsrForApplicationRequest) (*Csr, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Csr
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetCsrForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/csrs/{csrId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"csrId"+"}", url.PathEscape(parameterToString(r.csrId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetDefaultProvisioningConnectionForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiGetDefaultProvisioningConnectionForApplicationRequest) Execute() (*ProvisioningConnection, *APIResponse, error) {
+	return r.ApiService.GetDefaultProvisioningConnectionForApplicationExecute(r)
+}
+
+/*
+GetDefaultProvisioningConnectionForApplication Retrieve the default Provisioning Connection
+
+Retrieves the default Provisioning Connection for application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiGetDefaultProvisioningConnectionForApplicationRequest
+*/
+func (a *ApplicationApiService) GetDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiGetDefaultProvisioningConnectionForApplicationRequest {
+	return ApiGetDefaultProvisioningConnectionForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ProvisioningConnection
+func (a *ApplicationApiService) GetDefaultProvisioningConnectionForApplicationExecute(r ApiGetDefaultProvisioningConnectionForApplicationRequest) (*ProvisioningConnection, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ProvisioningConnection
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetDefaultProvisioningConnectionForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/connections/default"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetFeatureForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	name       string
+	retryCount int32
+}
+
+func (r ApiGetFeatureForApplicationRequest) Execute() (*ApplicationFeature, *APIResponse, error) {
+	return r.ApiService.GetFeatureForApplicationExecute(r)
+}
+
+/*
+GetFeatureForApplication Retrieve a Feature
+
+Retrieves a Feature object for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param name
+	@return ApiGetFeatureForApplicationRequest
+*/
+func (a *ApplicationApiService) GetFeatureForApplication(ctx context.Context, appId string, name string) ApiGetFeatureForApplicationRequest {
+	return ApiGetFeatureForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		name:       name,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ApplicationFeature
+func (a *ApplicationApiService) GetFeatureForApplicationExecute(r ApiGetFeatureForApplicationRequest) (*ApplicationFeature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ApplicationFeature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetFeatureForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/features/{name}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"name"+"}", url.PathEscape(parameterToString(r.name, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOAuth2TokenForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	tokenId    string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetOAuth2TokenForApplicationRequest) Expand(expand string) ApiGetOAuth2TokenForApplicationRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetOAuth2TokenForApplicationRequest) Execute() (*OAuth2Token, *APIResponse, error) {
+	return r.ApiService.GetOAuth2TokenForApplicationExecute(r)
+}
+
+/*
+GetOAuth2TokenForApplication Retrieve an OAuth 2.0 Token
+
+Retrieves a token for the specified application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param tokenId
+	@return ApiGetOAuth2TokenForApplicationRequest
+*/
+func (a *ApplicationApiService) GetOAuth2TokenForApplication(ctx context.Context, appId string, tokenId string) ApiGetOAuth2TokenForApplicationRequest {
+	return ApiGetOAuth2TokenForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		tokenId:    tokenId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2Token
+func (a *ApplicationApiService) GetOAuth2TokenForApplicationExecute(r ApiGetOAuth2TokenForApplicationRequest) (*OAuth2Token, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2Token
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetOAuth2TokenForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/tokens/{tokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"tokenId"+"}", url.PathEscape(parameterToString(r.tokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetScopeConsentGrantRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	grantId    string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetScopeConsentGrantRequest) Expand(expand string) ApiGetScopeConsentGrantRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetScopeConsentGrantRequest) Execute() (*OAuth2ScopeConsentGrant, *APIResponse, error) {
+	return r.ApiService.GetScopeConsentGrantExecute(r)
+}
+
+/*
+GetScopeConsentGrant Retrieve a Scope Consent Grant
+
+Retrieves a single scope consent grant for the application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param grantId
+	@return ApiGetScopeConsentGrantRequest
+*/
+func (a *ApplicationApiService) GetScopeConsentGrant(ctx context.Context, appId string, grantId string) ApiGetScopeConsentGrantRequest {
+	return ApiGetScopeConsentGrantRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		grantId:    grantId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2ScopeConsentGrant
+func (a *ApplicationApiService) GetScopeConsentGrantExecute(r ApiGetScopeConsentGrantRequest) (*OAuth2ScopeConsentGrant, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2ScopeConsentGrant
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GetScopeConsentGrant")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/grants/{grantId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"grantId"+"}", url.PathEscape(parameterToString(r.grantId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGrantConsentToScopeRequest struct {
+	ctx                     context.Context
+	ApiService              ApplicationApi
+	appId                   string
+	oAuth2ScopeConsentGrant *OAuth2ScopeConsentGrant
+	retryCount              int32
+}
+
+func (r ApiGrantConsentToScopeRequest) OAuth2ScopeConsentGrant(oAuth2ScopeConsentGrant OAuth2ScopeConsentGrant) ApiGrantConsentToScopeRequest {
+	r.oAuth2ScopeConsentGrant = &oAuth2ScopeConsentGrant
+	return r
+}
+
+func (r ApiGrantConsentToScopeRequest) Execute() (*OAuth2ScopeConsentGrant, *APIResponse, error) {
+	return r.ApiService.GrantConsentToScopeExecute(r)
+}
+
+/*
+GrantConsentToScope Grant Consent to Scope
+
+Grants consent for the application to request an OAuth 2.0 Okta scope
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiGrantConsentToScopeRequest
+*/
+func (a *ApplicationApiService) GrantConsentToScope(ctx context.Context, appId string) ApiGrantConsentToScopeRequest {
+	return ApiGrantConsentToScopeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2ScopeConsentGrant
+func (a *ApplicationApiService) GrantConsentToScopeExecute(r ApiGrantConsentToScopeRequest) (*OAuth2ScopeConsentGrant, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2ScopeConsentGrant
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.GrantConsentToScope")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/grants"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.oAuth2ScopeConsentGrant == nil {
+		return localVarReturnValue, nil, reportError("oAuth2ScopeConsentGrant is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.oAuth2ScopeConsentGrant
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListApplicationGroupAssignmentsRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	q          *string
+	after      *string
+	limit      *int32
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiListApplicationGroupAssignmentsRequest) Q(q string) ApiListApplicationGroupAssignmentsRequest {
+	r.q = &q
+	return r
+}
+
+// Specifies the pagination cursor for the next page of assignments
+func (r ApiListApplicationGroupAssignmentsRequest) After(after string) ApiListApplicationGroupAssignmentsRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of results for a page
+func (r ApiListApplicationGroupAssignmentsRequest) Limit(limit int32) ApiListApplicationGroupAssignmentsRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListApplicationGroupAssignmentsRequest) Expand(expand string) ApiListApplicationGroupAssignmentsRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListApplicationGroupAssignmentsRequest) Execute() ([]ApplicationGroupAssignment, *APIResponse, error) {
+	return r.ApiService.ListApplicationGroupAssignmentsExecute(r)
+}
+
+/*
+ListApplicationGroupAssignments List all Assigned Groups
+
+Lists all group assignments for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiListApplicationGroupAssignmentsRequest
+*/
+func (a *ApplicationApiService) ListApplicationGroupAssignments(ctx context.Context, appId string) ApiListApplicationGroupAssignmentsRequest {
+	return ApiListApplicationGroupAssignmentsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ApplicationGroupAssignment
+func (a *ApplicationApiService) ListApplicationGroupAssignmentsExecute(r ApiListApplicationGroupAssignmentsRequest) ([]ApplicationGroupAssignment, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ApplicationGroupAssignment
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListApplicationGroupAssignments")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/groups"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListApplicationKeysRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiListApplicationKeysRequest) Execute() ([]JsonWebKey, *APIResponse, error) {
+	return r.ApiService.ListApplicationKeysExecute(r)
+}
+
+/*
+ListApplicationKeys List all Key Credentials
+
+Lists all key credentials for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiListApplicationKeysRequest
+*/
+func (a *ApplicationApiService) ListApplicationKeys(ctx context.Context, appId string) ApiListApplicationKeysRequest {
+	return ApiListApplicationKeysRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []JsonWebKey
+func (a *ApplicationApiService) ListApplicationKeysExecute(r ApiListApplicationKeysRequest) ([]JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListApplicationKeys")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/keys"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListApplicationUsersRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	q          *string
+	queryScope *string
+	after      *string
+	limit      *int32
+	filter     *string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiListApplicationUsersRequest) Q(q string) ApiListApplicationUsersRequest {
+	r.q = &q
+	return r
+}
+
+func (r ApiListApplicationUsersRequest) QueryScope(queryScope string) ApiListApplicationUsersRequest {
+	r.queryScope = &queryScope
+	return r
+}
+
+// specifies the pagination cursor for the next page of assignments
+func (r ApiListApplicationUsersRequest) After(after string) ApiListApplicationUsersRequest {
+	r.after = &after
+	return r
+}
+
+// specifies the number of results for a page
+func (r ApiListApplicationUsersRequest) Limit(limit int32) ApiListApplicationUsersRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListApplicationUsersRequest) Filter(filter string) ApiListApplicationUsersRequest {
+	r.filter = &filter
+	return r
+}
+
+func (r ApiListApplicationUsersRequest) Expand(expand string) ApiListApplicationUsersRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListApplicationUsersRequest) Execute() ([]AppUser, *APIResponse, error) {
+	return r.ApiService.ListApplicationUsersExecute(r)
+}
+
+/*
+ListApplicationUsers List all Assigned Users
+
+Lists all assigned [application users](#application-user-model) for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiListApplicationUsersRequest
+*/
+func (a *ApplicationApiService) ListApplicationUsers(ctx context.Context, appId string) ApiListApplicationUsersRequest {
+	return ApiListApplicationUsersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []AppUser
+func (a *ApplicationApiService) ListApplicationUsersExecute(r ApiListApplicationUsersRequest) ([]AppUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AppUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListApplicationUsers")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/users"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.queryScope != nil {
+		localVarQueryParams.Add("query_scope", parameterToString(*r.queryScope, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListApplicationsRequest struct {
+	ctx               context.Context
+	ApiService        ApplicationApi
+	q                 *string
+	after             *string
+	limit             *int32
+	filter            *string
+	expand            *string
+	includeNonDeleted *bool
+	retryCount        int32
+}
+
+func (r ApiListApplicationsRequest) Q(q string) ApiListApplicationsRequest {
+	r.q = &q
+	return r
+}
+
+// Specifies the pagination cursor for the next page of apps
+func (r ApiListApplicationsRequest) After(after string) ApiListApplicationsRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of results for a page
+func (r ApiListApplicationsRequest) Limit(limit int32) ApiListApplicationsRequest {
+	r.limit = &limit
+	return r
+}
+
+// Filters apps by status, user.id, group.id or credentials.signing.kid expression
+func (r ApiListApplicationsRequest) Filter(filter string) ApiListApplicationsRequest {
+	r.filter = &filter
+	return r
+}
+
+// Traverses users link relationship and optionally embeds Application User resource
+func (r ApiListApplicationsRequest) Expand(expand string) ApiListApplicationsRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListApplicationsRequest) IncludeNonDeleted(includeNonDeleted bool) ApiListApplicationsRequest {
+	r.includeNonDeleted = &includeNonDeleted
+	return r
+}
+
+func (r ApiListApplicationsRequest) Execute() ([]ListApplications200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListApplicationsExecute(r)
+}
+
+/*
+ListApplications List all Applications
+
+Lists all applications with pagination. A subset of apps can be returned that match a supported filter expression or query.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListApplicationsRequest
+*/
+func (a *ApplicationApiService) ListApplications(ctx context.Context) ApiListApplicationsRequest {
+	return ApiListApplicationsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListApplications200ResponseInner
+func (a *ApplicationApiService) ListApplicationsExecute(r ApiListApplicationsRequest) ([]ListApplications200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListApplications200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListApplications")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.includeNonDeleted != nil {
+		localVarQueryParams.Add("includeNonDeleted", parameterToString(*r.includeNonDeleted, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListCsrsForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiListCsrsForApplicationRequest) Execute() ([]Csr, *APIResponse, error) {
+	return r.ApiService.ListCsrsForApplicationExecute(r)
+}
+
+/*
+ListCsrsForApplication List all Certificate Signing Requests
+
+Lists all Certificate Signing Requests for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiListCsrsForApplicationRequest
+*/
+func (a *ApplicationApiService) ListCsrsForApplication(ctx context.Context, appId string) ApiListCsrsForApplicationRequest {
+	return ApiListCsrsForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Csr
+func (a *ApplicationApiService) ListCsrsForApplicationExecute(r ApiListCsrsForApplicationRequest) ([]Csr, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Csr
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListCsrsForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/csrs"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListFeaturesForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiListFeaturesForApplicationRequest) Execute() ([]ApplicationFeature, *APIResponse, error) {
+	return r.ApiService.ListFeaturesForApplicationExecute(r)
+}
+
+/*
+ListFeaturesForApplication List all Features
+
+Lists all features for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiListFeaturesForApplicationRequest
+*/
+func (a *ApplicationApiService) ListFeaturesForApplication(ctx context.Context, appId string) ApiListFeaturesForApplicationRequest {
+	return ApiListFeaturesForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ApplicationFeature
+func (a *ApplicationApiService) ListFeaturesForApplicationExecute(r ApiListFeaturesForApplicationRequest) ([]ApplicationFeature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ApplicationFeature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListFeaturesForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/features"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListOAuth2TokensForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	expand     *string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListOAuth2TokensForApplicationRequest) Expand(expand string) ApiListOAuth2TokensForApplicationRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListOAuth2TokensForApplicationRequest) After(after string) ApiListOAuth2TokensForApplicationRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListOAuth2TokensForApplicationRequest) Limit(limit int32) ApiListOAuth2TokensForApplicationRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListOAuth2TokensForApplicationRequest) Execute() ([]OAuth2Token, *APIResponse, error) {
+	return r.ApiService.ListOAuth2TokensForApplicationExecute(r)
+}
+
+/*
+ListOAuth2TokensForApplication List all OAuth 2.0 Tokens
+
+Lists all tokens for the application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiListOAuth2TokensForApplicationRequest
+*/
+func (a *ApplicationApiService) ListOAuth2TokensForApplication(ctx context.Context, appId string) ApiListOAuth2TokensForApplicationRequest {
+	return ApiListOAuth2TokensForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2Token
+func (a *ApplicationApiService) ListOAuth2TokensForApplicationExecute(r ApiListOAuth2TokensForApplicationRequest) ([]OAuth2Token, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2Token
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListOAuth2TokensForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/tokens"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListScopeConsentGrantsRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiListScopeConsentGrantsRequest) Expand(expand string) ApiListScopeConsentGrantsRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListScopeConsentGrantsRequest) Execute() ([]OAuth2ScopeConsentGrant, *APIResponse, error) {
+	return r.ApiService.ListScopeConsentGrantsExecute(r)
+}
+
+/*
+ListScopeConsentGrants List all Scope Consent Grants
+
+Lists all scope consent grants for the application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiListScopeConsentGrantsRequest
+*/
+func (a *ApplicationApiService) ListScopeConsentGrants(ctx context.Context, appId string) ApiListScopeConsentGrantsRequest {
+	return ApiListScopeConsentGrantsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2ScopeConsentGrant
+func (a *ApplicationApiService) ListScopeConsentGrantsExecute(r ApiListScopeConsentGrantsRequest) ([]OAuth2ScopeConsentGrant, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2ScopeConsentGrant
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ListScopeConsentGrants")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/grants"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiPublishCsrFromApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	csrId      string
+	body       **os.File
+	retryCount int32
+}
+
+func (r ApiPublishCsrFromApplicationRequest) Body(body *os.File) ApiPublishCsrFromApplicationRequest {
+	r.body = &body
+	return r
+}
+
+func (r ApiPublishCsrFromApplicationRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.PublishCsrFromApplicationExecute(r)
+}
+
+/*
+PublishCsrFromApplication Publish a Certificate Signing Request
+
+Publishes a certificate signing request for the app with a signed X.509 certificate and adds it into the application key credentials
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param csrId
+	@return ApiPublishCsrFromApplicationRequest
+*/
+func (a *ApplicationApiService) PublishCsrFromApplication(ctx context.Context, appId string, csrId string) ApiPublishCsrFromApplicationRequest {
+	return ApiPublishCsrFromApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		csrId:      csrId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *ApplicationApiService) PublishCsrFromApplicationExecute(r ApiPublishCsrFromApplicationRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.PublishCsrFromApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"csrId"+"}", url.PathEscape(parameterToString(r.csrId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.body == nil {
+		return localVarReturnValue, nil, reportError("body is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/x-x509-ca-cert", "application/pkix-cert", "application/x-pem-file"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.body
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceApplicationRequest struct {
+	ctx         context.Context
+	ApiService  ApplicationApi
+	appId       string
+	application *ListApplications200ResponseInner
+	retryCount  int32
+}
+
+func (r ApiReplaceApplicationRequest) Application(application ListApplications200ResponseInner) ApiReplaceApplicationRequest {
+	r.application = &application
+	return r
+}
+
+func (r ApiReplaceApplicationRequest) Execute() (*ListApplications200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ReplaceApplicationExecute(r)
+}
+
+/*
+ReplaceApplication Replace an Application
+
+Replaces an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiReplaceApplicationRequest
+*/
+func (a *ApplicationApiService) ReplaceApplication(ctx context.Context, appId string) ApiReplaceApplicationRequest {
+	return ApiReplaceApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListApplications200ResponseInner
+func (a *ApplicationApiService) ReplaceApplicationExecute(r ApiReplaceApplicationRequest) (*ListApplications200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListApplications200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.ReplaceApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.application == nil {
+		return localVarReturnValue, nil, reportError("application is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.application
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRevokeCsrFromApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	csrId      string
+	retryCount int32
+}
+
+func (r ApiRevokeCsrFromApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeCsrFromApplicationExecute(r)
+}
+
+/*
+RevokeCsrFromApplication Revoke a Certificate Signing Request
+
+Revokes a certificate signing request and deletes the key pair from the application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param csrId
+	@return ApiRevokeCsrFromApplicationRequest
+*/
+func (a *ApplicationApiService) RevokeCsrFromApplication(ctx context.Context, appId string, csrId string) ApiRevokeCsrFromApplicationRequest {
+	return ApiRevokeCsrFromApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		csrId:      csrId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) RevokeCsrFromApplicationExecute(r ApiRevokeCsrFromApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.RevokeCsrFromApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/credentials/csrs/{csrId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"csrId"+"}", url.PathEscape(parameterToString(r.csrId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeOAuth2TokenForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	tokenId    string
+	retryCount int32
+}
+
+func (r ApiRevokeOAuth2TokenForApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeOAuth2TokenForApplicationExecute(r)
+}
+
+/*
+RevokeOAuth2TokenForApplication Revoke an OAuth 2.0 Token
+
+Revokes the specified token for the specified application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param tokenId
+	@return ApiRevokeOAuth2TokenForApplicationRequest
+*/
+func (a *ApplicationApiService) RevokeOAuth2TokenForApplication(ctx context.Context, appId string, tokenId string) ApiRevokeOAuth2TokenForApplicationRequest {
+	return ApiRevokeOAuth2TokenForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		tokenId:    tokenId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) RevokeOAuth2TokenForApplicationExecute(r ApiRevokeOAuth2TokenForApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.RevokeOAuth2TokenForApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/tokens/{tokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"tokenId"+"}", url.PathEscape(parameterToString(r.tokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeOAuth2TokensForApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	retryCount int32
+}
+
+func (r ApiRevokeOAuth2TokensForApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeOAuth2TokensForApplicationExecute(r)
+}
+
+/*
+RevokeOAuth2TokensForApplication Revoke all OAuth 2.0 Tokens
+
+Revokes all tokens for the specified application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiRevokeOAuth2TokensForApplicationRequest
+*/
+func (a *ApplicationApiService) RevokeOAuth2TokensForApplication(ctx context.Context, appId string) ApiRevokeOAuth2TokensForApplicationRequest {
+	return ApiRevokeOAuth2TokensForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) RevokeOAuth2TokensForApplicationExecute(r ApiRevokeOAuth2TokensForApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.RevokeOAuth2TokensForApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/tokens"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeScopeConsentGrantRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	grantId    string
+	retryCount int32
+}
+
+func (r ApiRevokeScopeConsentGrantRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeScopeConsentGrantExecute(r)
+}
+
+/*
+RevokeScopeConsentGrant Revoke a Scope Consent Grant
+
+Revokes permission for the application to request the given scope
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param grantId
+	@return ApiRevokeScopeConsentGrantRequest
+*/
+func (a *ApplicationApiService) RevokeScopeConsentGrant(ctx context.Context, appId string, grantId string) ApiRevokeScopeConsentGrantRequest {
+	return ApiRevokeScopeConsentGrantRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		grantId:    grantId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) RevokeScopeConsentGrantExecute(r ApiRevokeScopeConsentGrantRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.RevokeScopeConsentGrant")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/grants/{grantId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"grantId"+"}", url.PathEscape(parameterToString(r.grantId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignApplicationFromGroupRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	groupId    string
+	retryCount int32
+}
+
+func (r ApiUnassignApplicationFromGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignApplicationFromGroupExecute(r)
+}
+
+/*
+UnassignApplicationFromGroup Unassign a Group
+
+Unassigns a group from an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param groupId
+	@return ApiUnassignApplicationFromGroupRequest
+*/
+func (a *ApplicationApiService) UnassignApplicationFromGroup(ctx context.Context, appId string, groupId string) ApiUnassignApplicationFromGroupRequest {
+	return ApiUnassignApplicationFromGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) UnassignApplicationFromGroupExecute(r ApiUnassignApplicationFromGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.UnassignApplicationFromGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignUserFromApplicationRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	userId     string
+	sendEmail  *bool
+	retryCount int32
+}
+
+func (r ApiUnassignUserFromApplicationRequest) SendEmail(sendEmail bool) ApiUnassignUserFromApplicationRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiUnassignUserFromApplicationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignUserFromApplicationExecute(r)
+}
+
+/*
+UnassignUserFromApplication Unassign a User
+
+Unassigns a user from an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param userId
+	@return ApiUnassignUserFromApplicationRequest
+*/
+func (a *ApplicationApiService) UnassignUserFromApplication(ctx context.Context, appId string, userId string) ApiUnassignUserFromApplicationRequest {
+	return ApiUnassignUserFromApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) UnassignUserFromApplicationExecute(r ApiUnassignUserFromApplicationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.UnassignUserFromApplication")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.sendEmail != nil {
+		localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUpdateApplicationUserRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	userId     string
+	appUser    *AppUser
+	retryCount int32
+}
+
+func (r ApiUpdateApplicationUserRequest) AppUser(appUser AppUser) ApiUpdateApplicationUserRequest {
+	r.appUser = &appUser
+	return r
+}
+
+func (r ApiUpdateApplicationUserRequest) Execute() (*AppUser, *APIResponse, error) {
+	return r.ApiService.UpdateApplicationUserExecute(r)
+}
+
+/*
+UpdateApplicationUser Update an Application Profile for Assigned User
+
+Updates a user's profile for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param userId
+	@return ApiUpdateApplicationUserRequest
+*/
+func (a *ApplicationApiService) UpdateApplicationUser(ctx context.Context, appId string, userId string) ApiUpdateApplicationUserRequest {
+	return ApiUpdateApplicationUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AppUser
+func (a *ApplicationApiService) UpdateApplicationUserExecute(r ApiUpdateApplicationUserRequest) (*AppUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AppUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.UpdateApplicationUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.appUser == nil {
+		return localVarReturnValue, nil, reportError("appUser is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.appUser
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateDefaultProvisioningConnectionForApplicationRequest struct {
+	ctx                           context.Context
+	ApiService                    ApplicationApi
+	appId                         string
+	provisioningConnectionRequest *ProvisioningConnectionRequest
+	activate                      *bool
+	retryCount                    int32
+}
+
+func (r ApiUpdateDefaultProvisioningConnectionForApplicationRequest) ProvisioningConnectionRequest(provisioningConnectionRequest ProvisioningConnectionRequest) ApiUpdateDefaultProvisioningConnectionForApplicationRequest {
+	r.provisioningConnectionRequest = &provisioningConnectionRequest
+	return r
+}
+
+func (r ApiUpdateDefaultProvisioningConnectionForApplicationRequest) Activate(activate bool) ApiUpdateDefaultProvisioningConnectionForApplicationRequest {
+	r.activate = &activate
+	return r
+}
+
+func (r ApiUpdateDefaultProvisioningConnectionForApplicationRequest) Execute() (*ProvisioningConnection, *APIResponse, error) {
+	return r.ApiService.UpdateDefaultProvisioningConnectionForApplicationExecute(r)
+}
+
+/*
+UpdateDefaultProvisioningConnectionForApplication Update the default Provisioning Connection
+
+Updates the default provisioning connection for application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiUpdateDefaultProvisioningConnectionForApplicationRequest
+*/
+func (a *ApplicationApiService) UpdateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) ApiUpdateDefaultProvisioningConnectionForApplicationRequest {
+	return ApiUpdateDefaultProvisioningConnectionForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ProvisioningConnection
+func (a *ApplicationApiService) UpdateDefaultProvisioningConnectionForApplicationExecute(r ApiUpdateDefaultProvisioningConnectionForApplicationRequest) (*ProvisioningConnection, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ProvisioningConnection
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.UpdateDefaultProvisioningConnectionForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/connections/default"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.provisioningConnectionRequest == nil {
+		return localVarReturnValue, nil, reportError("provisioningConnectionRequest is required and must be specified")
+	}
+
+	if r.activate != nil {
+		localVarQueryParams.Add("activate", parameterToString(*r.activate, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.provisioningConnectionRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateFeatureForApplicationRequest struct {
+	ctx                context.Context
+	ApiService         ApplicationApi
+	appId              string
+	name               string
+	capabilitiesObject *CapabilitiesObject
+	retryCount         int32
+}
+
+func (r ApiUpdateFeatureForApplicationRequest) CapabilitiesObject(capabilitiesObject CapabilitiesObject) ApiUpdateFeatureForApplicationRequest {
+	r.capabilitiesObject = &capabilitiesObject
+	return r
+}
+
+func (r ApiUpdateFeatureForApplicationRequest) Execute() (*ApplicationFeature, *APIResponse, error) {
+	return r.ApiService.UpdateFeatureForApplicationExecute(r)
+}
+
+/*
+UpdateFeatureForApplication Update a Feature
+
+Updates a Feature object for an application
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@param name
+	@return ApiUpdateFeatureForApplicationRequest
+*/
+func (a *ApplicationApiService) UpdateFeatureForApplication(ctx context.Context, appId string, name string) ApiUpdateFeatureForApplicationRequest {
+	return ApiUpdateFeatureForApplicationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		name:       name,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ApplicationFeature
+func (a *ApplicationApiService) UpdateFeatureForApplicationExecute(r ApiUpdateFeatureForApplicationRequest) (*ApplicationFeature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ApplicationFeature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.UpdateFeatureForApplication")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/features/{name}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"name"+"}", url.PathEscape(parameterToString(r.name, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.capabilitiesObject == nil {
+		return localVarReturnValue, nil, reportError("capabilitiesObject is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.capabilitiesObject
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUploadApplicationLogoRequest struct {
+	ctx        context.Context
+	ApiService ApplicationApi
+	appId      string
+	file       **os.File
+	retryCount int32
+}
+
+func (r ApiUploadApplicationLogoRequest) File(file *os.File) ApiUploadApplicationLogoRequest {
+	r.file = &file
+	return r
+}
+
+func (r ApiUploadApplicationLogoRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UploadApplicationLogoExecute(r)
+}
+
+/*
+UploadApplicationLogo Upload a Logo
+
+Uploads a logo for the application. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appId
+	@return ApiUploadApplicationLogoRequest
+*/
+func (a *ApplicationApiService) UploadApplicationLogo(ctx context.Context, appId string) ApiUploadApplicationLogoRequest {
+	return ApiUploadApplicationLogoRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appId:      appId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *ApplicationApiService) UploadApplicationLogoExecute(r ApiUploadApplicationLogoRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ApplicationApiService.UploadApplicationLogo")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/apps/{appId}/logo"
+	localVarPath = strings.Replace(localVarPath, "{"+"appId"+"}", url.PathEscape(parameterToString(r.appId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.file == nil {
+		return nil, reportError("file is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"multipart/form-data"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	var fileLocalVarFormFileName string
+	var fileLocalVarFileName string
+	var fileLocalVarFileBytes []byte
+
+	fileLocalVarFormFileName = "file"
+
+	fileLocalVarFile := *r.file
+	if fileLocalVarFile != nil {
+		fbs, _ := ioutil.ReadAll(fileLocalVarFile)
+		fileLocalVarFileBytes = fbs
+		fileLocalVarFileName = fileLocalVarFile.Name()
+		fileLocalVarFile.Close()
+	}
+	formFiles = append(formFiles, formFile{fileBytes: fileLocalVarFileBytes, fileName: fileLocalVarFileName, formFileName: fileLocalVarFormFileName})
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_application_test.go b/okta/api_application_test.go
new file mode 100644
index 000000000..4cb7b0039
--- /dev/null
+++ b/okta/api_application_test.go
@@ -0,0 +1,412 @@
+package okta
+
+import (
+	"os"
+	"path"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func setupBasicAuthApplication(label string) (*ListApplications200ResponseInner, *APIResponse, error) {
+	req := apiClient.ApplicationApi.CreateApplication(apiClient.cfg.Context)
+	req = req.Application(ListApplications200ResponseInner{BasicAuthApplication: testFactory.NewValidBasicAuthApplication(label)})
+	return req.Execute()
+}
+
+func setupOrg2OrgApplication(label string) (*ListApplications200ResponseInner, *APIResponse, error) {
+	req := apiClient.ApplicationApi.CreateApplication(apiClient.cfg.Context)
+	req = req.Application(ListApplications200ResponseInner{SamlApplication: testFactory.NewValidOrg2OrgApplication(label)})
+	return req.Execute()
+}
+
+func setupBookmarkApplication(label string) (*ListApplications200ResponseInner, *APIResponse, error) {
+	req := apiClient.ApplicationApi.CreateApplication(apiClient.cfg.Context)
+	req = req.Application(ListApplications200ResponseInner{BookmarkApplication: testFactory.NewValidBookmarkApplication(label)})
+	return req.Execute()
+}
+
+func setupOIDCApplication(label string) (*ListApplications200ResponseInner, *APIResponse, error) {
+	req := apiClient.ApplicationApi.CreateApplication(apiClient.cfg.Context)
+	req = req.Application(ListApplications200ResponseInner{OpenIdConnectApplication: testFactory.NewValidOIDCApplication(label)})
+	return req.Execute()
+}
+
+func cleanUpApplication(appId string) error {
+	_, err := apiClient.ApplicationApi.DeactivateApplication(apiClient.cfg.Context, appId).Execute()
+	if err != nil {
+		return err
+	}
+	_, err = apiClient.ApplicationApi.DeleteApplication(apiClient.cfg.Context, appId).Execute()
+	if err != nil {
+		return err
+	}
+	return err
+}
+
+func Test_Get_Applications(t *testing.T) {
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	t.Run("get applications by id", func(t *testing.T) {
+		app, _, err := apiClient.ApplicationApi.GetApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not get app by ID")
+		assert.Equal(t, createdApp.BasicAuthApplication.GetId(), app.BasicAuthApplication.GetId())
+	})
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func Test_Get_List_Applications(t *testing.T) {
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	t.Run("get all applications", func(t *testing.T) {
+		apps, _, err := apiClient.ApplicationApi.ListApplications(apiClient.cfg.Context).Limit(100).Execute()
+		require.NoError(t, err, "Could not get list apps")
+		var createAppInList bool
+		for _, a := range apps {
+			if (a.BasicAuthApplication != nil) && (a.BasicAuthApplication.GetId() == createdApp.BasicAuthApplication.GetId()) {
+				createAppInList = true
+				break
+			}
+		}
+		assert.True(t, createAppInList, "Could not find app from list")
+	})
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func Test_Update_App(t *testing.T) {
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	t.Run("update applications", func(t *testing.T) {
+		newName := randomTestString()
+		payload := testFactory.NewValidBasicAuthApplication(newName)
+		payload.Settings.App.SetAuthURL("https://example.org/auth.html")
+		payload.Settings.App.SetUrl("https://example.org/auth.html")
+		app, _, err := apiClient.ApplicationApi.ReplaceApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Application(ListApplications200ResponseInner{BasicAuthApplication: payload}).Execute()
+		require.NoError(t, err, "Could not update apps")
+		require.NotNil(t, app.BasicAuthApplication)
+		assert.Equal(t, newName, app.BasicAuthApplication.GetLabel())
+		assert.Equal(t, "https://example.org/auth.html", app.BasicAuthApplication.Settings.App.GetAuthURL())
+		assert.Equal(t, "https://example.org/auth.html", app.BasicAuthApplication.Settings.App.GetUrl())
+	})
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func Test_Activate_Application(t *testing.T) {
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	t.Run("deactivate applications", func(t *testing.T) {
+		_, err = apiClient.ApplicationApi.DeactivateApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not deactivate the app")
+		app, _, err := apiClient.ApplicationApi.GetApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not get app by ID")
+		assert.Equal(t, createdApp.BasicAuthApplication.GetId(), app.BasicAuthApplication.GetId())
+		assert.Equal(t, APPLICATIONLIFECYCLESTATUS_INACTIVE, app.BasicAuthApplication.GetStatus())
+	})
+	t.Run("activate applications", func(t *testing.T) {
+		_, err = apiClient.ApplicationApi.ActivateApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not activate the app")
+		newapp, _, err := apiClient.ApplicationApi.GetApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not get app by ID")
+		assert.Equal(t, createdApp.BasicAuthApplication.GetId(), newapp.BasicAuthApplication.GetId())
+		assert.Equal(t, APPLICATIONLIFECYCLESTATUS_ACTIVE, newapp.BasicAuthApplication.GetStatus())
+	})
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func Test_Application_Users_Operations(t *testing.T) {
+	if os.Getenv("OKTA_CCI") == "yes" {
+		time.Sleep(time.Duration(90))
+	}
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	appUserList, _, err := apiClient.ApplicationApi.ListApplicationUsers(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+	require.NoError(t, err, "Could not get list app users")
+	require.Empty(t, appUserList, "App User List should be empty")
+	user, _, _, err := setupUser(false)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("assign user to application", func(t *testing.T) {
+		pwcredentials := AppUserPasswordCredential{}
+		pwcredentials.SetValue(randomTestString())
+		credentials := AppUserCredentials{}
+		credentials.SetPassword(pwcredentials)
+		credentials.SetUserName(randomTestString())
+		payload := AppUser{}
+		payload.SetId(user.GetId())
+		payload.SetCredentials(credentials)
+		appUser, _, err := apiClient.ApplicationApi.AssignUserToApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).AppUser(payload).Execute()
+		require.NoError(t, err, "Assigning user to application should not error")
+		appUserList, _, err := apiClient.ApplicationApi.ListApplicationUsers(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not get list app users")
+		require.NotEmpty(t, appUserList, "App User List should not be empty")
+		var found bool
+		for _, ae := range appUserList {
+			if ae.GetId() == appUser.GetId() {
+				found = true
+				break
+			}
+		}
+		assert.True(t, found)
+	})
+	t.Run("get application user", func(t *testing.T) {
+		appUser, _, err := apiClient.ApplicationApi.GetApplicationUser(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), user.GetId()).Execute()
+		require.NoError(t, err, "Could not get app user")
+		assert.Equal(t, user.GetId(), appUser.GetId())
+	})
+	t.Run("update application user", func(t *testing.T) {
+		appUser, _, err := apiClient.ApplicationApi.GetApplicationUser(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), user.GetId()).Execute()
+		require.NoError(t, err, "Could not get app user")
+		oldUserName := appUser.Credentials.GetUserName()
+		newUserName := randomTestString()
+		pwcredentials := AppUserPasswordCredential{}
+		pwcredentials.SetValue(randomTestString())
+		credentials := AppUserCredentials{}
+		credentials.SetPassword(pwcredentials)
+		credentials.SetUserName(newUserName)
+		appUser.SetCredentials(credentials)
+		updatedAppUser, _, err := apiClient.ApplicationApi.UpdateApplicationUser(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), user.GetId()).AppUser(*appUser).Execute()
+		require.NoError(t, err, "Could not update app user")
+		assert.NotEqual(t, oldUserName, updatedAppUser.Credentials.GetUserName())
+		assert.Equal(t, newUserName, updatedAppUser.Credentials.GetUserName())
+	})
+	t.Run("remove application from user", func(t *testing.T) {
+		_, err = apiClient.ApplicationApi.UnassignUserFromApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), user.GetId()).Execute()
+		require.NoError(t, err, "Delete user to application should not error")
+		appUserList, _, err := apiClient.ApplicationApi.ListApplicationUsers(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not get list apps")
+		require.Empty(t, appUserList, "App User List should be empty")
+	})
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Application_Groups_Operations(t *testing.T) {
+	if os.Getenv("OKTA_CCI") == "yes" {
+		time.Sleep(time.Duration(90))
+	}
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	group, _, err := setupGroup(randomTestString())
+	require.NoError(t, err, "Creating a new group should not error")
+	t.Run("assign group to application", func(t *testing.T) {
+		payload := ApplicationGroupAssignment{}
+		payload.SetPriority(5)
+		appGroup, _, err := apiClient.ApplicationApi.AssignGroupToApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), group.GetId()).ApplicationGroupAssignment(payload).Execute()
+		require.NoError(t, err, "Create app group assignment should not error")
+		assert.NotNil(t, appGroup)
+	})
+	t.Run("get application group", func(t *testing.T) {
+		appGroup, _, err := apiClient.ApplicationApi.GetApplicationGroupAssignment(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), group.GetId()).Execute()
+		require.NoError(t, err, "Get app group assignment should not error")
+		assert.Equal(t, int32(5), appGroup.GetPriority())
+	})
+	t.Run("list application group", func(t *testing.T) {
+		appGroupList, _, err := apiClient.ApplicationApi.ListApplicationGroupAssignments(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Get list app group assignment should not error")
+		assert.NotEmpty(t, appGroupList)
+	})
+	t.Run("remove application from group", func(t *testing.T) {
+		_, err = apiClient.ApplicationApi.UnassignApplicationFromGroup(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), group.GetId()).Execute()
+		require.NoError(t, err, "Delete app group assignment should not error")
+		_, _, err := apiClient.ApplicationApi.GetApplicationGroupAssignment(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), group.GetId()).Execute()
+		assert.Equal(t, "404 Not Found", err.Error())
+	})
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func Test_CSR_For_Application(t *testing.T) {
+	if os.Getenv("OKTA_CCI") == "yes" {
+		time.Sleep(time.Duration(90))
+	}
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	var generatedCsr *Csr
+	t.Run("generate csr", func(t *testing.T) {
+		generatedCsr, _, err = apiClient.ApplicationApi.GenerateCsrForApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Metadata(*testFactory.NewValidTestCSRMetadata()).Execute()
+		require.NoError(t, err, "Generating a new csr should not error")
+		assert.NotNil(t, generatedCsr)
+		assert.Equal(t, "RSA", generatedCsr.GetKty())
+		assert.NotNil(t, generatedCsr.Csr)
+	})
+	t.Run("get CSR by ID", func(t *testing.T) {
+		rcsr, _, err := apiClient.ApplicationApi.GetCsrForApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), generatedCsr.GetId()).Execute()
+		require.NoError(t, err, "Could not get csr by ID")
+		assert.NotNil(t, rcsr)
+		assert.Equal(t, generatedCsr.GetKty(), rcsr.GetKty())
+		assert.NotNil(t, generatedCsr.GetCsr(), rcsr.GetCsr())
+	})
+	t.Run("list CSR", func(t *testing.T) {
+		listCSRs, _, err := apiClient.ApplicationApi.ListCsrsForApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not list csr by app ID")
+		assert.NotEmpty(t, listCSRs)
+		var result bool
+		for _, csr := range listCSRs {
+			if csr.GetId() == generatedCsr.GetId() {
+				result = true
+				break
+			}
+		}
+		assert.True(t, result)
+	})
+	t.Run("revoke csr", func(t *testing.T) {
+		_, err := apiClient.ApplicationApi.RevokeCsrFromApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId(), generatedCsr.GetId()).Execute()
+		require.NoError(t, err, "Unable to revoke csr")
+		listCSRs, _, err := apiClient.ApplicationApi.ListCsrsForApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "Could not list csr by app ID")
+		assert.Empty(t, listCSRs)
+	})
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func TestGetDefaultProvisioningConnectionForApplication(t *testing.T) {
+	if os.Getenv("OKTA_CCI") == "yes" {
+		time.Sleep(time.Duration(90))
+	}
+	createdApp, _, err := setupOrg2OrgApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	t.Run("get provisioning", func(t *testing.T) {
+		conn, _, err := apiClient.ApplicationApi.GetDefaultProvisioningConnectionForApplication(apiClient.cfg.Context, createdApp.SamlApplication.GetId()).Execute()
+		require.NoError(t, err, "getting default provisioning connection for application should not error.")
+		assert.NotEmpty(t, conn.GetAuthScheme())
+		assert.NotEmpty(t, conn.GetStatus())
+	})
+	t.Run("set provisioning", func(t *testing.T) {
+		profile := &ProvisioningConnectionProfile{}
+		profile.SetAuthScheme("TOKEN")
+		profile.SetToken("TEST")
+		payload := ProvisioningConnectionRequest{Profile: profile}
+		conn, _, err := apiClient.ApplicationApi.UpdateDefaultProvisioningConnectionForApplication(apiClient.cfg.Context, createdApp.SamlApplication.GetId()).ProvisioningConnectionRequest(payload).Activate(false).Execute()
+		require.NoError(t, err, "setting default provisioning connection for application should not error.")
+		assert.Equal(t, PROVISIONINGCONNECTIONAUTHSCHEME_TOKEN, conn.GetAuthScheme())
+	})
+	err = cleanUpApplication(createdApp.SamlApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+// support org2org apps only
+// func Test_List_Features_For_Application(t *testing.T) {
+// 	createdApp, _, err := setupOrg2OrgApplication(randomTestString())
+// 	require.NoError(t, err, "Creating a new application should not error")
+// 	t.Run("list feature for application", func(t *testing.T) {
+// 		profile := &ProvisioningConnectionProfile{}
+// 		profile.SetAuthScheme("TOKEN")
+// 		profile.SetToken("FIXME_WITH_REAL_ORG_TOKEN")
+// 		payload := ProvisioningConnectionRequest{Profile: profile}
+// 		_, _, err := apiClient.ApplicationApi.SetDefaultProvisioningConnectionForApplication(apiClient.cfg.Context, createdApp.SamlApplication.GetId()).ProvisioningConnectionRequest(payload).Activate(true).Execute()
+// 		require.NoError(t, err, "setting default provisioning connection for application should not error.")
+// 		features, _, err := apiClient.ApplicationApi.ListFeaturesForApplication(apiClient.cfg.Context, createdApp.SamlApplication.GetId()).Execute()
+// 		require.NoError(t, err, "listing features for application should not error.")
+// 		var found bool
+// 		for _, feature := range features {
+// 			if feature.GetName() == "USER_PROVISIONING" {
+// 				found = true
+// 				break
+// 			}
+// 		}
+// 		assert.True(t, found)
+// 	})
+// 	err = cleanUpApplication(createdApp.SamlApplication.GetId())
+// 	require.NoError(t, err, "Clean up app should not error")
+// }
+
+func Test_Upload_Application_Logo(t *testing.T) {
+	if os.Getenv("OKTA_CCI") == "yes" {
+		time.Sleep(time.Duration(180))
+	}
+	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	t.Run("upload application logo", func(t *testing.T) {
+		fileDir, _ := os.Getwd()
+		fileName := "asset/logo.png"
+		filePath := path.Join(fileDir, fileName)
+		file, err := os.Open(filePath)
+		require.NoError(t, err, "opening application logo should not error.")
+		_, err = apiClient.ApplicationApi.UploadApplicationLogo(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).File(file).Execute()
+		require.NoError(t, err, "uploading application logo should not error.")
+	})
+	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func Test_Application_Key_Operation(t *testing.T) {
+	if os.Getenv("OKTA_CCI") == "yes" {
+		time.Sleep(time.Duration(180))
+	}
+	createdApp1, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	createdApp2, _, err := setupBasicAuthApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	var createdKey *JsonWebKey
+	t.Run("generate application key", func(t *testing.T) {
+		createdKey, _, err = apiClient.ApplicationApi.GenerateApplicationKey(apiClient.cfg.Context, createdApp1.BasicAuthApplication.GetId()).ValidityYears(2).Execute()
+		assert.Nil(t, err, "generate new application key should not error")
+	})
+	t.Run("clone application key", func(t *testing.T) {
+		ckey, _, err := apiClient.ApplicationApi.CloneApplicationKey(apiClient.cfg.Context, createdApp1.BasicAuthApplication.GetId(), createdKey.GetKid()).TargetAid(createdApp2.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "clone application key should not error")
+		assert.Equal(t, createdKey.GetKid(), ckey.GetKid())
+		assert.Equal(t, createdKey.GetExpiresAt(), ckey.GetExpiresAt())
+		assert.Equal(t, createdKey.GetX5c(), ckey.GetX5c())
+	})
+	t.Run("get application key credentials", func(t *testing.T) {
+		rkey, _, err := apiClient.ApplicationApi.GetApplicationKey(apiClient.cfg.Context, createdApp1.BasicAuthApplication.GetId(), createdKey.GetKid()).Execute()
+		require.NoError(t, err, "get application key should not error")
+		assert.Equal(t, createdKey.GetKid(), rkey.GetKid())
+		assert.Equal(t, createdKey.GetCreated(), rkey.GetCreated())
+		assert.Equal(t, createdKey.GetExpiresAt(), rkey.GetExpiresAt())
+		assert.Equal(t, createdKey.GetX5c(), rkey.GetX5c())
+	})
+	t.Run("list application key credentials", func(t *testing.T) {
+		rkeys, _, err := apiClient.ApplicationApi.ListApplicationKeys(apiClient.cfg.Context, createdApp1.BasicAuthApplication.GetId()).Execute()
+		require.NoError(t, err, "get application key should not error")
+		assert.Equal(t, 2, len(rkeys))
+	})
+	err = cleanUpApplication(createdApp1.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+	err = cleanUpApplication(createdApp2.BasicAuthApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
+
+func Test_Scope_Consent_Grant_Operation_For_Application(t *testing.T) {
+	if os.Getenv("OKTA_CCI") == "yes" {
+		time.Sleep(time.Duration(180))
+	}
+	createdApp, _, err := setupOIDCApplication(randomTestString())
+	require.NoError(t, err, "Creating a new application should not error")
+	var grant *OAuth2ScopeConsentGrant
+	t.Run("grant consent to scope", func(t *testing.T) {
+		payload := OAuth2ScopeConsentGrant{}
+		payload.SetIssuer(apiClient.cfg.Okta.Client.OrgUrl)
+		payload.SetScopeId("okta.users.read")
+		grant, _, err = apiClient.ApplicationApi.GrantConsentToScope(apiClient.cfg.Context, createdApp.OpenIdConnectApplication.GetId()).OAuth2ScopeConsentGrant(payload).Execute()
+		assert.Nil(t, err, "grant consent to scope should not error")
+	})
+	t.Run("get scope consent grant", func(t *testing.T) {
+		rgrant, _, err := apiClient.ApplicationApi.GetScopeConsentGrant(apiClient.cfg.Context, createdApp.OpenIdConnectApplication.GetId(), grant.GetId()).Execute()
+		require.NoError(t, err, "get scope consent grant should not error")
+		assert.Equal(t, grant.GetId(), rgrant.GetId())
+		assert.Equal(t, grant.GetClientId(), rgrant.GetClientId())
+	})
+	t.Run("list scope consent grant", func(t *testing.T) {
+		rgrants, _, err := apiClient.ApplicationApi.ListScopeConsentGrants(apiClient.cfg.Context, createdApp.OpenIdConnectApplication.GetId()).Execute()
+		require.NoError(t, err, "list scope consent grant should not error")
+		assert.NotEmpty(t, rgrants)
+	})
+	t.Run("revoke consent grant", func(t *testing.T) {
+		_, err = apiClient.ApplicationApi.RevokeScopeConsentGrant(apiClient.cfg.Context, createdApp.OpenIdConnectApplication.GetId(), grant.GetId()).Execute()
+		assert.Nil(t, err, "revoke consent to scope should not error")
+	})
+	err = cleanUpApplication(createdApp.OpenIdConnectApplication.GetId())
+	require.NoError(t, err, "Clean up app should not error")
+}
diff --git a/okta/api_attack_protection.go b/okta/api_attack_protection.go
new file mode 100644
index 000000000..71e660b56
--- /dev/null
+++ b/okta/api_attack_protection.go
@@ -0,0 +1,390 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type AttackProtectionApi interface {
+	/*
+		GetUserLockoutSettings Retrieve the User Lockout Settings
+
+		Retrieves the User Lockout Settings for an org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetUserLockoutSettingsRequest
+	*/
+	GetUserLockoutSettings(ctx context.Context) ApiGetUserLockoutSettingsRequest
+
+	// GetUserLockoutSettingsExecute executes the request
+	//  @return []UserLockoutSettings
+	GetUserLockoutSettingsExecute(r ApiGetUserLockoutSettingsRequest) ([]UserLockoutSettings, *APIResponse, error)
+
+	/*
+		ReplaceUserLockoutSettings Replace the User Lockout Settings
+
+		Replaces the User Lockout Settings for an org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiReplaceUserLockoutSettingsRequest
+	*/
+	ReplaceUserLockoutSettings(ctx context.Context) ApiReplaceUserLockoutSettingsRequest
+
+	// ReplaceUserLockoutSettingsExecute executes the request
+	//  @return UserLockoutSettings
+	ReplaceUserLockoutSettingsExecute(r ApiReplaceUserLockoutSettingsRequest) (*UserLockoutSettings, *APIResponse, error)
+}
+
+// AttackProtectionApiService AttackProtectionApi service
+type AttackProtectionApiService service
+
+type ApiGetUserLockoutSettingsRequest struct {
+	ctx        context.Context
+	ApiService AttackProtectionApi
+	retryCount int32
+}
+
+func (r ApiGetUserLockoutSettingsRequest) Execute() ([]UserLockoutSettings, *APIResponse, error) {
+	return r.ApiService.GetUserLockoutSettingsExecute(r)
+}
+
+/*
+GetUserLockoutSettings Retrieve the User Lockout Settings
+
+Retrieves the User Lockout Settings for an org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetUserLockoutSettingsRequest
+*/
+func (a *AttackProtectionApiService) GetUserLockoutSettings(ctx context.Context) ApiGetUserLockoutSettingsRequest {
+	return ApiGetUserLockoutSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []UserLockoutSettings
+func (a *AttackProtectionApiService) GetUserLockoutSettingsExecute(r ApiGetUserLockoutSettingsRequest) ([]UserLockoutSettings, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []UserLockoutSettings
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AttackProtectionApiService.GetUserLockoutSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/attack-protection/api/v1/user-lockout-settings"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceUserLockoutSettingsRequest struct {
+	ctx             context.Context
+	ApiService      AttackProtectionApi
+	lockoutSettings *UserLockoutSettings
+	retryCount      int32
+}
+
+func (r ApiReplaceUserLockoutSettingsRequest) LockoutSettings(lockoutSettings UserLockoutSettings) ApiReplaceUserLockoutSettingsRequest {
+	r.lockoutSettings = &lockoutSettings
+	return r
+}
+
+func (r ApiReplaceUserLockoutSettingsRequest) Execute() (*UserLockoutSettings, *APIResponse, error) {
+	return r.ApiService.ReplaceUserLockoutSettingsExecute(r)
+}
+
+/*
+ReplaceUserLockoutSettings Replace the User Lockout Settings
+
+Replaces the User Lockout Settings for an org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiReplaceUserLockoutSettingsRequest
+*/
+func (a *AttackProtectionApiService) ReplaceUserLockoutSettings(ctx context.Context) ApiReplaceUserLockoutSettingsRequest {
+	return ApiReplaceUserLockoutSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserLockoutSettings
+func (a *AttackProtectionApiService) ReplaceUserLockoutSettingsExecute(r ApiReplaceUserLockoutSettingsRequest) (*UserLockoutSettings, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserLockoutSettings
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AttackProtectionApiService.ReplaceUserLockoutSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/attack-protection/api/v1/user-lockout-settings"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.lockoutSettings == nil {
+		return localVarReturnValue, nil, reportError("lockoutSettings is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.lockoutSettings
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_authenticator.go b/okta/api_authenticator.go
new file mode 100644
index 000000000..2bd51f563
--- /dev/null
+++ b/okta/api_authenticator.go
@@ -0,0 +1,1148 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type AuthenticatorApi interface {
+	/*
+		ActivateAuthenticator Activate an Authenticator
+
+		Activates an authenticator by `authenticatorId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authenticatorId
+		@return ApiActivateAuthenticatorRequest
+	*/
+	ActivateAuthenticator(ctx context.Context, authenticatorId string) ApiActivateAuthenticatorRequest
+
+	// ActivateAuthenticatorExecute executes the request
+	//  @return Authenticator
+	ActivateAuthenticatorExecute(r ApiActivateAuthenticatorRequest) (*Authenticator, *APIResponse, error)
+
+	/*
+		CreateAuthenticator Create an Authenticator
+
+		Creates an authenticator. You can use this operation as part of the "Create a custom authenticator" flow. See the [Custom authenticator integration guide](https://developer.okta.com/docs/guides/authenticators-custom-authenticator/android/main/).
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateAuthenticatorRequest
+	*/
+	CreateAuthenticator(ctx context.Context) ApiCreateAuthenticatorRequest
+
+	// CreateAuthenticatorExecute executes the request
+	//  @return Authenticator
+	CreateAuthenticatorExecute(r ApiCreateAuthenticatorRequest) (*Authenticator, *APIResponse, error)
+
+	/*
+		DeactivateAuthenticator Deactivate an Authenticator
+
+		Deactivates an authenticator by `authenticatorId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authenticatorId
+		@return ApiDeactivateAuthenticatorRequest
+	*/
+	DeactivateAuthenticator(ctx context.Context, authenticatorId string) ApiDeactivateAuthenticatorRequest
+
+	// DeactivateAuthenticatorExecute executes the request
+	//  @return Authenticator
+	DeactivateAuthenticatorExecute(r ApiDeactivateAuthenticatorRequest) (*Authenticator, *APIResponse, error)
+
+	/*
+		GetAuthenticator Retrieve an Authenticator
+
+		Retrieves an authenticator from your Okta organization by `authenticatorId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authenticatorId
+		@return ApiGetAuthenticatorRequest
+	*/
+	GetAuthenticator(ctx context.Context, authenticatorId string) ApiGetAuthenticatorRequest
+
+	// GetAuthenticatorExecute executes the request
+	//  @return Authenticator
+	GetAuthenticatorExecute(r ApiGetAuthenticatorRequest) (*Authenticator, *APIResponse, error)
+
+	/*
+		ListAuthenticators List all Authenticators
+
+		Lists all authenticators
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListAuthenticatorsRequest
+	*/
+	ListAuthenticators(ctx context.Context) ApiListAuthenticatorsRequest
+
+	// ListAuthenticatorsExecute executes the request
+	//  @return []Authenticator
+	ListAuthenticatorsExecute(r ApiListAuthenticatorsRequest) ([]Authenticator, *APIResponse, error)
+
+	/*
+		ReplaceAuthenticator Replace an Authenticator
+
+		Replaces an authenticator
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authenticatorId
+		@return ApiReplaceAuthenticatorRequest
+	*/
+	ReplaceAuthenticator(ctx context.Context, authenticatorId string) ApiReplaceAuthenticatorRequest
+
+	// ReplaceAuthenticatorExecute executes the request
+	//  @return Authenticator
+	ReplaceAuthenticatorExecute(r ApiReplaceAuthenticatorRequest) (*Authenticator, *APIResponse, error)
+}
+
+// AuthenticatorApiService AuthenticatorApi service
+type AuthenticatorApiService service
+
+type ApiActivateAuthenticatorRequest struct {
+	ctx             context.Context
+	ApiService      AuthenticatorApi
+	authenticatorId string
+	retryCount      int32
+}
+
+func (r ApiActivateAuthenticatorRequest) Execute() (*Authenticator, *APIResponse, error) {
+	return r.ApiService.ActivateAuthenticatorExecute(r)
+}
+
+/*
+ActivateAuthenticator Activate an Authenticator
+
+Activates an authenticator by `authenticatorId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authenticatorId
+	@return ApiActivateAuthenticatorRequest
+*/
+func (a *AuthenticatorApiService) ActivateAuthenticator(ctx context.Context, authenticatorId string) ApiActivateAuthenticatorRequest {
+	return ApiActivateAuthenticatorRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		authenticatorId: authenticatorId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Authenticator
+func (a *AuthenticatorApiService) ActivateAuthenticatorExecute(r ApiActivateAuthenticatorRequest) (*Authenticator, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Authenticator
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthenticatorApiService.ActivateAuthenticator")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authenticators/{authenticatorId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authenticatorId"+"}", url.PathEscape(parameterToString(r.authenticatorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateAuthenticatorRequest struct {
+	ctx           context.Context
+	ApiService    AuthenticatorApi
+	authenticator *Authenticator
+	activate      *bool
+	retryCount    int32
+}
+
+func (r ApiCreateAuthenticatorRequest) Authenticator(authenticator Authenticator) ApiCreateAuthenticatorRequest {
+	r.authenticator = &authenticator
+	return r
+}
+
+// Whether to execute the activation lifecycle operation when Okta creates the authenticator
+func (r ApiCreateAuthenticatorRequest) Activate(activate bool) ApiCreateAuthenticatorRequest {
+	r.activate = &activate
+	return r
+}
+
+func (r ApiCreateAuthenticatorRequest) Execute() (*Authenticator, *APIResponse, error) {
+	return r.ApiService.CreateAuthenticatorExecute(r)
+}
+
+/*
+CreateAuthenticator Create an Authenticator
+
+Creates an authenticator. You can use this operation as part of the "Create a custom authenticator" flow. See the [Custom authenticator integration guide](https://developer.okta.com/docs/guides/authenticators-custom-authenticator/android/main/).
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateAuthenticatorRequest
+*/
+func (a *AuthenticatorApiService) CreateAuthenticator(ctx context.Context) ApiCreateAuthenticatorRequest {
+	return ApiCreateAuthenticatorRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Authenticator
+func (a *AuthenticatorApiService) CreateAuthenticatorExecute(r ApiCreateAuthenticatorRequest) (*Authenticator, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Authenticator
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthenticatorApiService.CreateAuthenticator")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authenticators"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.authenticator == nil {
+		return localVarReturnValue, nil, reportError("authenticator is required and must be specified")
+	}
+
+	if r.activate != nil {
+		localVarQueryParams.Add("activate", parameterToString(*r.activate, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.authenticator
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateAuthenticatorRequest struct {
+	ctx             context.Context
+	ApiService      AuthenticatorApi
+	authenticatorId string
+	retryCount      int32
+}
+
+func (r ApiDeactivateAuthenticatorRequest) Execute() (*Authenticator, *APIResponse, error) {
+	return r.ApiService.DeactivateAuthenticatorExecute(r)
+}
+
+/*
+DeactivateAuthenticator Deactivate an Authenticator
+
+Deactivates an authenticator by `authenticatorId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authenticatorId
+	@return ApiDeactivateAuthenticatorRequest
+*/
+func (a *AuthenticatorApiService) DeactivateAuthenticator(ctx context.Context, authenticatorId string) ApiDeactivateAuthenticatorRequest {
+	return ApiDeactivateAuthenticatorRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		authenticatorId: authenticatorId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Authenticator
+func (a *AuthenticatorApiService) DeactivateAuthenticatorExecute(r ApiDeactivateAuthenticatorRequest) (*Authenticator, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Authenticator
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthenticatorApiService.DeactivateAuthenticator")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authenticatorId"+"}", url.PathEscape(parameterToString(r.authenticatorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetAuthenticatorRequest struct {
+	ctx             context.Context
+	ApiService      AuthenticatorApi
+	authenticatorId string
+	retryCount      int32
+}
+
+func (r ApiGetAuthenticatorRequest) Execute() (*Authenticator, *APIResponse, error) {
+	return r.ApiService.GetAuthenticatorExecute(r)
+}
+
+/*
+GetAuthenticator Retrieve an Authenticator
+
+Retrieves an authenticator from your Okta organization by `authenticatorId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authenticatorId
+	@return ApiGetAuthenticatorRequest
+*/
+func (a *AuthenticatorApiService) GetAuthenticator(ctx context.Context, authenticatorId string) ApiGetAuthenticatorRequest {
+	return ApiGetAuthenticatorRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		authenticatorId: authenticatorId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Authenticator
+func (a *AuthenticatorApiService) GetAuthenticatorExecute(r ApiGetAuthenticatorRequest) (*Authenticator, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Authenticator
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthenticatorApiService.GetAuthenticator")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authenticators/{authenticatorId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authenticatorId"+"}", url.PathEscape(parameterToString(r.authenticatorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAuthenticatorsRequest struct {
+	ctx        context.Context
+	ApiService AuthenticatorApi
+	retryCount int32
+}
+
+func (r ApiListAuthenticatorsRequest) Execute() ([]Authenticator, *APIResponse, error) {
+	return r.ApiService.ListAuthenticatorsExecute(r)
+}
+
+/*
+ListAuthenticators List all Authenticators
+
+Lists all authenticators
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListAuthenticatorsRequest
+*/
+func (a *AuthenticatorApiService) ListAuthenticators(ctx context.Context) ApiListAuthenticatorsRequest {
+	return ApiListAuthenticatorsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Authenticator
+func (a *AuthenticatorApiService) ListAuthenticatorsExecute(r ApiListAuthenticatorsRequest) ([]Authenticator, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Authenticator
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthenticatorApiService.ListAuthenticators")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authenticators"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceAuthenticatorRequest struct {
+	ctx             context.Context
+	ApiService      AuthenticatorApi
+	authenticatorId string
+	authenticator   *Authenticator
+	retryCount      int32
+}
+
+func (r ApiReplaceAuthenticatorRequest) Authenticator(authenticator Authenticator) ApiReplaceAuthenticatorRequest {
+	r.authenticator = &authenticator
+	return r
+}
+
+func (r ApiReplaceAuthenticatorRequest) Execute() (*Authenticator, *APIResponse, error) {
+	return r.ApiService.ReplaceAuthenticatorExecute(r)
+}
+
+/*
+ReplaceAuthenticator Replace an Authenticator
+
+Replaces an authenticator
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authenticatorId
+	@return ApiReplaceAuthenticatorRequest
+*/
+func (a *AuthenticatorApiService) ReplaceAuthenticator(ctx context.Context, authenticatorId string) ApiReplaceAuthenticatorRequest {
+	return ApiReplaceAuthenticatorRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		authenticatorId: authenticatorId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Authenticator
+func (a *AuthenticatorApiService) ReplaceAuthenticatorExecute(r ApiReplaceAuthenticatorRequest) (*Authenticator, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Authenticator
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthenticatorApiService.ReplaceAuthenticator")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authenticators/{authenticatorId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authenticatorId"+"}", url.PathEscape(parameterToString(r.authenticatorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.authenticator == nil {
+		return localVarReturnValue, nil, reportError("authenticator is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.authenticator
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_authorization_server.go b/okta/api_authorization_server.go
new file mode 100644
index 000000000..0e2d9ba47
--- /dev/null
+++ b/okta/api_authorization_server.go
@@ -0,0 +1,7199 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type AuthorizationServerApi interface {
+	/*
+		ActivateAuthorizationServer Activate an Authorization Server
+
+		Activates an authorization server
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiActivateAuthorizationServerRequest
+	*/
+	ActivateAuthorizationServer(ctx context.Context, authServerId string) ApiActivateAuthorizationServerRequest
+
+	// ActivateAuthorizationServerExecute executes the request
+	ActivateAuthorizationServerExecute(r ApiActivateAuthorizationServerRequest) (*APIResponse, error)
+
+	/*
+		ActivateAuthorizationServerPolicy Activate a Policy
+
+		Activates an authorization server policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param policyId
+		@return ApiActivateAuthorizationServerPolicyRequest
+	*/
+	ActivateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiActivateAuthorizationServerPolicyRequest
+
+	// ActivateAuthorizationServerPolicyExecute executes the request
+	ActivateAuthorizationServerPolicyExecute(r ApiActivateAuthorizationServerPolicyRequest) (*APIResponse, error)
+
+	/*
+		ActivateAuthorizationServerPolicyRule Activate a Policy Rule
+
+		Activates an authorization server policy rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param policyId
+		@param ruleId
+		@return ApiActivateAuthorizationServerPolicyRuleRequest
+	*/
+	ActivateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) ApiActivateAuthorizationServerPolicyRuleRequest
+
+	// ActivateAuthorizationServerPolicyRuleExecute executes the request
+	ActivateAuthorizationServerPolicyRuleExecute(r ApiActivateAuthorizationServerPolicyRuleRequest) (*APIResponse, error)
+
+	/*
+		CreateAuthorizationServer Create an Authorization Server
+
+		Creates an authorization server
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateAuthorizationServerRequest
+	*/
+	CreateAuthorizationServer(ctx context.Context) ApiCreateAuthorizationServerRequest
+
+	// CreateAuthorizationServerExecute executes the request
+	//  @return AuthorizationServer
+	CreateAuthorizationServerExecute(r ApiCreateAuthorizationServerRequest) (*AuthorizationServer, *APIResponse, error)
+
+	/*
+		CreateAuthorizationServerPolicy Create a Policy
+
+		Creates a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiCreateAuthorizationServerPolicyRequest
+	*/
+	CreateAuthorizationServerPolicy(ctx context.Context, authServerId string) ApiCreateAuthorizationServerPolicyRequest
+
+	// CreateAuthorizationServerPolicyExecute executes the request
+	//  @return AuthorizationServerPolicy
+	CreateAuthorizationServerPolicyExecute(r ApiCreateAuthorizationServerPolicyRequest) (*AuthorizationServerPolicy, *APIResponse, error)
+
+	/*
+		CreateAuthorizationServerPolicyRule Create a Policy Rule
+
+		Creates a policy rule for the specified Custom Authorization Server and Policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param authServerId
+		@return ApiCreateAuthorizationServerPolicyRuleRequest
+	*/
+	CreateAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string) ApiCreateAuthorizationServerPolicyRuleRequest
+
+	// CreateAuthorizationServerPolicyRuleExecute executes the request
+	//  @return AuthorizationServerPolicyRule
+	CreateAuthorizationServerPolicyRuleExecute(r ApiCreateAuthorizationServerPolicyRuleRequest) (*AuthorizationServerPolicyRule, *APIResponse, error)
+
+	/*
+		CreateOAuth2Claim Create a Custom Token Claim
+
+		Creates a custom token claim
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiCreateOAuth2ClaimRequest
+	*/
+	CreateOAuth2Claim(ctx context.Context, authServerId string) ApiCreateOAuth2ClaimRequest
+
+	// CreateOAuth2ClaimExecute executes the request
+	//  @return OAuth2Claim
+	CreateOAuth2ClaimExecute(r ApiCreateOAuth2ClaimRequest) (*OAuth2Claim, *APIResponse, error)
+
+	/*
+		CreateOAuth2Scope Create a Custom Token Scope
+
+		Creates a custom token scope
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiCreateOAuth2ScopeRequest
+	*/
+	CreateOAuth2Scope(ctx context.Context, authServerId string) ApiCreateOAuth2ScopeRequest
+
+	// CreateOAuth2ScopeExecute executes the request
+	//  @return OAuth2Scope
+	CreateOAuth2ScopeExecute(r ApiCreateOAuth2ScopeRequest) (*OAuth2Scope, *APIResponse, error)
+
+	/*
+		DeactivateAuthorizationServer Deactivate an Authorization Server
+
+		Deactivates an authorization server
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiDeactivateAuthorizationServerRequest
+	*/
+	DeactivateAuthorizationServer(ctx context.Context, authServerId string) ApiDeactivateAuthorizationServerRequest
+
+	// DeactivateAuthorizationServerExecute executes the request
+	DeactivateAuthorizationServerExecute(r ApiDeactivateAuthorizationServerRequest) (*APIResponse, error)
+
+	/*
+		DeactivateAuthorizationServerPolicy Deactivate a Policy
+
+		Deactivates an authorization server policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param policyId
+		@return ApiDeactivateAuthorizationServerPolicyRequest
+	*/
+	DeactivateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiDeactivateAuthorizationServerPolicyRequest
+
+	// DeactivateAuthorizationServerPolicyExecute executes the request
+	DeactivateAuthorizationServerPolicyExecute(r ApiDeactivateAuthorizationServerPolicyRequest) (*APIResponse, error)
+
+	/*
+		DeactivateAuthorizationServerPolicyRule Deactivate a Policy Rule
+
+		Deactivates an authorization server policy rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param policyId
+		@param ruleId
+		@return ApiDeactivateAuthorizationServerPolicyRuleRequest
+	*/
+	DeactivateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) ApiDeactivateAuthorizationServerPolicyRuleRequest
+
+	// DeactivateAuthorizationServerPolicyRuleExecute executes the request
+	DeactivateAuthorizationServerPolicyRuleExecute(r ApiDeactivateAuthorizationServerPolicyRuleRequest) (*APIResponse, error)
+
+	/*
+		DeleteAuthorizationServer Delete an Authorization Server
+
+		Deletes an authorization server
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiDeleteAuthorizationServerRequest
+	*/
+	DeleteAuthorizationServer(ctx context.Context, authServerId string) ApiDeleteAuthorizationServerRequest
+
+	// DeleteAuthorizationServerExecute executes the request
+	DeleteAuthorizationServerExecute(r ApiDeleteAuthorizationServerRequest) (*APIResponse, error)
+
+	/*
+		DeleteAuthorizationServerPolicy Delete a Policy
+
+		Deletes a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param policyId
+		@return ApiDeleteAuthorizationServerPolicyRequest
+	*/
+	DeleteAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiDeleteAuthorizationServerPolicyRequest
+
+	// DeleteAuthorizationServerPolicyExecute executes the request
+	DeleteAuthorizationServerPolicyExecute(r ApiDeleteAuthorizationServerPolicyRequest) (*APIResponse, error)
+
+	/*
+		DeleteAuthorizationServerPolicyRule Delete a Policy Rule
+
+		Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param authServerId
+		@param ruleId
+		@return ApiDeleteAuthorizationServerPolicyRuleRequest
+	*/
+	DeleteAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string, ruleId string) ApiDeleteAuthorizationServerPolicyRuleRequest
+
+	// DeleteAuthorizationServerPolicyRuleExecute executes the request
+	DeleteAuthorizationServerPolicyRuleExecute(r ApiDeleteAuthorizationServerPolicyRuleRequest) (*APIResponse, error)
+
+	/*
+		DeleteOAuth2Claim Delete a Custom Token Claim
+
+		Deletes a custom token claim
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param claimId
+		@return ApiDeleteOAuth2ClaimRequest
+	*/
+	DeleteOAuth2Claim(ctx context.Context, authServerId string, claimId string) ApiDeleteOAuth2ClaimRequest
+
+	// DeleteOAuth2ClaimExecute executes the request
+	DeleteOAuth2ClaimExecute(r ApiDeleteOAuth2ClaimRequest) (*APIResponse, error)
+
+	/*
+		DeleteOAuth2Scope Delete a Custom Token Scope
+
+		Deletes a custom token scope
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param scopeId
+		@return ApiDeleteOAuth2ScopeRequest
+	*/
+	DeleteOAuth2Scope(ctx context.Context, authServerId string, scopeId string) ApiDeleteOAuth2ScopeRequest
+
+	// DeleteOAuth2ScopeExecute executes the request
+	DeleteOAuth2ScopeExecute(r ApiDeleteOAuth2ScopeRequest) (*APIResponse, error)
+
+	/*
+		GetAuthorizationServer Retrieve an Authorization Server
+
+		Retrieves an authorization server
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiGetAuthorizationServerRequest
+	*/
+	GetAuthorizationServer(ctx context.Context, authServerId string) ApiGetAuthorizationServerRequest
+
+	// GetAuthorizationServerExecute executes the request
+	//  @return AuthorizationServer
+	GetAuthorizationServerExecute(r ApiGetAuthorizationServerRequest) (*AuthorizationServer, *APIResponse, error)
+
+	/*
+		GetAuthorizationServerPolicy Retrieve a Policy
+
+		Retrieves a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param policyId
+		@return ApiGetAuthorizationServerPolicyRequest
+	*/
+	GetAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiGetAuthorizationServerPolicyRequest
+
+	// GetAuthorizationServerPolicyExecute executes the request
+	//  @return AuthorizationServerPolicy
+	GetAuthorizationServerPolicyExecute(r ApiGetAuthorizationServerPolicyRequest) (*AuthorizationServerPolicy, *APIResponse, error)
+
+	/*
+		GetAuthorizationServerPolicyRule Retrieve a Policy Rule
+
+		Retrieves a policy rule by `ruleId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param authServerId
+		@param ruleId
+		@return ApiGetAuthorizationServerPolicyRuleRequest
+	*/
+	GetAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string, ruleId string) ApiGetAuthorizationServerPolicyRuleRequest
+
+	// GetAuthorizationServerPolicyRuleExecute executes the request
+	//  @return AuthorizationServerPolicyRule
+	GetAuthorizationServerPolicyRuleExecute(r ApiGetAuthorizationServerPolicyRuleRequest) (*AuthorizationServerPolicyRule, *APIResponse, error)
+
+	/*
+		GetOAuth2Claim Retrieve a Custom Token Claim
+
+		Retrieves a custom token claim
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param claimId
+		@return ApiGetOAuth2ClaimRequest
+	*/
+	GetOAuth2Claim(ctx context.Context, authServerId string, claimId string) ApiGetOAuth2ClaimRequest
+
+	// GetOAuth2ClaimExecute executes the request
+	//  @return OAuth2Claim
+	GetOAuth2ClaimExecute(r ApiGetOAuth2ClaimRequest) (*OAuth2Claim, *APIResponse, error)
+
+	/*
+		GetOAuth2Scope Retrieve a Custom Token Scope
+
+		Retrieves a custom token scope
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param scopeId
+		@return ApiGetOAuth2ScopeRequest
+	*/
+	GetOAuth2Scope(ctx context.Context, authServerId string, scopeId string) ApiGetOAuth2ScopeRequest
+
+	// GetOAuth2ScopeExecute executes the request
+	//  @return OAuth2Scope
+	GetOAuth2ScopeExecute(r ApiGetOAuth2ScopeRequest) (*OAuth2Scope, *APIResponse, error)
+
+	/*
+		GetRefreshTokenForAuthorizationServerAndClient Retrieve a Refresh Token for a Client
+
+		Retrieves a refresh token for a client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param clientId
+		@param tokenId
+		@return ApiGetRefreshTokenForAuthorizationServerAndClientRequest
+	*/
+	GetRefreshTokenForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string, tokenId string) ApiGetRefreshTokenForAuthorizationServerAndClientRequest
+
+	// GetRefreshTokenForAuthorizationServerAndClientExecute executes the request
+	//  @return OAuth2RefreshToken
+	GetRefreshTokenForAuthorizationServerAndClientExecute(r ApiGetRefreshTokenForAuthorizationServerAndClientRequest) (*OAuth2RefreshToken, *APIResponse, error)
+
+	/*
+		ListAuthorizationServerKeys List all Credential Keys
+
+		Lists all credential keys
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiListAuthorizationServerKeysRequest
+	*/
+	ListAuthorizationServerKeys(ctx context.Context, authServerId string) ApiListAuthorizationServerKeysRequest
+
+	// ListAuthorizationServerKeysExecute executes the request
+	//  @return []JsonWebKey
+	ListAuthorizationServerKeysExecute(r ApiListAuthorizationServerKeysRequest) ([]JsonWebKey, *APIResponse, error)
+
+	/*
+		ListAuthorizationServerPolicies List all Policies
+
+		Lists all policies
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiListAuthorizationServerPoliciesRequest
+	*/
+	ListAuthorizationServerPolicies(ctx context.Context, authServerId string) ApiListAuthorizationServerPoliciesRequest
+
+	// ListAuthorizationServerPoliciesExecute executes the request
+	//  @return []AuthorizationServerPolicy
+	ListAuthorizationServerPoliciesExecute(r ApiListAuthorizationServerPoliciesRequest) ([]AuthorizationServerPolicy, *APIResponse, error)
+
+	/*
+		ListAuthorizationServerPolicyRules List all Policy Rules
+
+		Lists all policy rules for the specified Custom Authorization Server and Policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param authServerId
+		@return ApiListAuthorizationServerPolicyRulesRequest
+	*/
+	ListAuthorizationServerPolicyRules(ctx context.Context, policyId string, authServerId string) ApiListAuthorizationServerPolicyRulesRequest
+
+	// ListAuthorizationServerPolicyRulesExecute executes the request
+	//  @return []AuthorizationServerPolicyRule
+	ListAuthorizationServerPolicyRulesExecute(r ApiListAuthorizationServerPolicyRulesRequest) ([]AuthorizationServerPolicyRule, *APIResponse, error)
+
+	/*
+		ListAuthorizationServers List all Authorization Servers
+
+		Lists all authorization servers
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListAuthorizationServersRequest
+	*/
+	ListAuthorizationServers(ctx context.Context) ApiListAuthorizationServersRequest
+
+	// ListAuthorizationServersExecute executes the request
+	//  @return []AuthorizationServer
+	ListAuthorizationServersExecute(r ApiListAuthorizationServersRequest) ([]AuthorizationServer, *APIResponse, error)
+
+	/*
+		ListOAuth2Claims List all Custom Token Claims
+
+		Lists all custom token claims
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiListOAuth2ClaimsRequest
+	*/
+	ListOAuth2Claims(ctx context.Context, authServerId string) ApiListOAuth2ClaimsRequest
+
+	// ListOAuth2ClaimsExecute executes the request
+	//  @return []OAuth2Claim
+	ListOAuth2ClaimsExecute(r ApiListOAuth2ClaimsRequest) ([]OAuth2Claim, *APIResponse, error)
+
+	/*
+		ListOAuth2ClientsForAuthorizationServer List all Clients
+
+		Lists all clients
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiListOAuth2ClientsForAuthorizationServerRequest
+	*/
+	ListOAuth2ClientsForAuthorizationServer(ctx context.Context, authServerId string) ApiListOAuth2ClientsForAuthorizationServerRequest
+
+	// ListOAuth2ClientsForAuthorizationServerExecute executes the request
+	//  @return []OAuth2Client
+	ListOAuth2ClientsForAuthorizationServerExecute(r ApiListOAuth2ClientsForAuthorizationServerRequest) ([]OAuth2Client, *APIResponse, error)
+
+	/*
+		ListOAuth2Scopes List all Custom Token Scopes
+
+		Lists all custom token scopes
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiListOAuth2ScopesRequest
+	*/
+	ListOAuth2Scopes(ctx context.Context, authServerId string) ApiListOAuth2ScopesRequest
+
+	// ListOAuth2ScopesExecute executes the request
+	//  @return []OAuth2Scope
+	ListOAuth2ScopesExecute(r ApiListOAuth2ScopesRequest) ([]OAuth2Scope, *APIResponse, error)
+
+	/*
+		ListRefreshTokensForAuthorizationServerAndClient List all Refresh Tokens for a Client
+
+		Lists all refresh tokens for a client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param clientId
+		@return ApiListRefreshTokensForAuthorizationServerAndClientRequest
+	*/
+	ListRefreshTokensForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string) ApiListRefreshTokensForAuthorizationServerAndClientRequest
+
+	// ListRefreshTokensForAuthorizationServerAndClientExecute executes the request
+	//  @return []OAuth2RefreshToken
+	ListRefreshTokensForAuthorizationServerAndClientExecute(r ApiListRefreshTokensForAuthorizationServerAndClientRequest) ([]OAuth2RefreshToken, *APIResponse, error)
+
+	/*
+		ReplaceAuthorizationServer Replace an Authorization Server
+
+		Replaces an authorization server
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiReplaceAuthorizationServerRequest
+	*/
+	ReplaceAuthorizationServer(ctx context.Context, authServerId string) ApiReplaceAuthorizationServerRequest
+
+	// ReplaceAuthorizationServerExecute executes the request
+	//  @return AuthorizationServer
+	ReplaceAuthorizationServerExecute(r ApiReplaceAuthorizationServerRequest) (*AuthorizationServer, *APIResponse, error)
+
+	/*
+		ReplaceAuthorizationServerPolicy Replace a Policy
+
+		Replaces a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param policyId
+		@return ApiReplaceAuthorizationServerPolicyRequest
+	*/
+	ReplaceAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiReplaceAuthorizationServerPolicyRequest
+
+	// ReplaceAuthorizationServerPolicyExecute executes the request
+	//  @return AuthorizationServerPolicy
+	ReplaceAuthorizationServerPolicyExecute(r ApiReplaceAuthorizationServerPolicyRequest) (*AuthorizationServerPolicy, *APIResponse, error)
+
+	/*
+		ReplaceAuthorizationServerPolicyRule Replace a Policy Rule
+
+		Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param authServerId
+		@param ruleId
+		@return ApiReplaceAuthorizationServerPolicyRuleRequest
+	*/
+	ReplaceAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string, ruleId string) ApiReplaceAuthorizationServerPolicyRuleRequest
+
+	// ReplaceAuthorizationServerPolicyRuleExecute executes the request
+	//  @return AuthorizationServerPolicyRule
+	ReplaceAuthorizationServerPolicyRuleExecute(r ApiReplaceAuthorizationServerPolicyRuleRequest) (*AuthorizationServerPolicyRule, *APIResponse, error)
+
+	/*
+		ReplaceOAuth2Claim Replace a Custom Token Claim
+
+		Replaces a custom token claim
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param claimId
+		@return ApiReplaceOAuth2ClaimRequest
+	*/
+	ReplaceOAuth2Claim(ctx context.Context, authServerId string, claimId string) ApiReplaceOAuth2ClaimRequest
+
+	// ReplaceOAuth2ClaimExecute executes the request
+	//  @return OAuth2Claim
+	ReplaceOAuth2ClaimExecute(r ApiReplaceOAuth2ClaimRequest) (*OAuth2Claim, *APIResponse, error)
+
+	/*
+		ReplaceOAuth2Scope Replace a Custom Token Scope
+
+		Replaces a custom token scope
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param scopeId
+		@return ApiReplaceOAuth2ScopeRequest
+	*/
+	ReplaceOAuth2Scope(ctx context.Context, authServerId string, scopeId string) ApiReplaceOAuth2ScopeRequest
+
+	// ReplaceOAuth2ScopeExecute executes the request
+	//  @return OAuth2Scope
+	ReplaceOAuth2ScopeExecute(r ApiReplaceOAuth2ScopeRequest) (*OAuth2Scope, *APIResponse, error)
+
+	/*
+		RevokeRefreshTokenForAuthorizationServerAndClient Revoke a Refresh Token for a Client
+
+		Revokes a refresh token for a client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param clientId
+		@param tokenId
+		@return ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest
+	*/
+	RevokeRefreshTokenForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string, tokenId string) ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest
+
+	// RevokeRefreshTokenForAuthorizationServerAndClientExecute executes the request
+	RevokeRefreshTokenForAuthorizationServerAndClientExecute(r ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest) (*APIResponse, error)
+
+	/*
+		RevokeRefreshTokensForAuthorizationServerAndClient Revoke all Refresh Tokens for a Client
+
+		Revokes all refresh tokens for a client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@param clientId
+		@return ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest
+	*/
+	RevokeRefreshTokensForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string) ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest
+
+	// RevokeRefreshTokensForAuthorizationServerAndClientExecute executes the request
+	RevokeRefreshTokensForAuthorizationServerAndClientExecute(r ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest) (*APIResponse, error)
+
+	/*
+		RotateAuthorizationServerKeys Rotate all Credential Keys
+
+		Rotates all credential keys
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param authServerId
+		@return ApiRotateAuthorizationServerKeysRequest
+	*/
+	RotateAuthorizationServerKeys(ctx context.Context, authServerId string) ApiRotateAuthorizationServerKeysRequest
+
+	// RotateAuthorizationServerKeysExecute executes the request
+	//  @return []JsonWebKey
+	RotateAuthorizationServerKeysExecute(r ApiRotateAuthorizationServerKeysRequest) ([]JsonWebKey, *APIResponse, error)
+}
+
+// AuthorizationServerApiService AuthorizationServerApi service
+type AuthorizationServerApiService service
+
+type ApiActivateAuthorizationServerRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiActivateAuthorizationServerRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivateAuthorizationServerExecute(r)
+}
+
+/*
+ActivateAuthorizationServer Activate an Authorization Server
+
+Activates an authorization server
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiActivateAuthorizationServerRequest
+*/
+func (a *AuthorizationServerApiService) ActivateAuthorizationServer(ctx context.Context, authServerId string) ApiActivateAuthorizationServerRequest {
+	return ApiActivateAuthorizationServerRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) ActivateAuthorizationServerExecute(r ApiActivateAuthorizationServerRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ActivateAuthorizationServer")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiActivateAuthorizationServerPolicyRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policyId     string
+	retryCount   int32
+}
+
+func (r ApiActivateAuthorizationServerPolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivateAuthorizationServerPolicyExecute(r)
+}
+
+/*
+ActivateAuthorizationServerPolicy Activate a Policy
+
+Activates an authorization server policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param policyId
+	@return ApiActivateAuthorizationServerPolicyRequest
+*/
+func (a *AuthorizationServerApiService) ActivateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiActivateAuthorizationServerPolicyRequest {
+	return ApiActivateAuthorizationServerPolicyRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		policyId:     policyId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) ActivateAuthorizationServerPolicyExecute(r ApiActivateAuthorizationServerPolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ActivateAuthorizationServerPolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiActivateAuthorizationServerPolicyRuleRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policyId     string
+	ruleId       string
+	retryCount   int32
+}
+
+func (r ApiActivateAuthorizationServerPolicyRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivateAuthorizationServerPolicyRuleExecute(r)
+}
+
+/*
+ActivateAuthorizationServerPolicyRule Activate a Policy Rule
+
+Activates an authorization server policy rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param policyId
+	@param ruleId
+	@return ApiActivateAuthorizationServerPolicyRuleRequest
+*/
+func (a *AuthorizationServerApiService) ActivateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) ApiActivateAuthorizationServerPolicyRuleRequest {
+	return ApiActivateAuthorizationServerPolicyRuleRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		policyId:     policyId,
+		ruleId:       ruleId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) ActivateAuthorizationServerPolicyRuleExecute(r ApiActivateAuthorizationServerPolicyRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ActivateAuthorizationServerPolicyRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiCreateAuthorizationServerRequest struct {
+	ctx                 context.Context
+	ApiService          AuthorizationServerApi
+	authorizationServer *AuthorizationServer
+	retryCount          int32
+}
+
+func (r ApiCreateAuthorizationServerRequest) AuthorizationServer(authorizationServer AuthorizationServer) ApiCreateAuthorizationServerRequest {
+	r.authorizationServer = &authorizationServer
+	return r
+}
+
+func (r ApiCreateAuthorizationServerRequest) Execute() (*AuthorizationServer, *APIResponse, error) {
+	return r.ApiService.CreateAuthorizationServerExecute(r)
+}
+
+/*
+CreateAuthorizationServer Create an Authorization Server
+
+Creates an authorization server
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateAuthorizationServerRequest
+*/
+func (a *AuthorizationServerApiService) CreateAuthorizationServer(ctx context.Context) ApiCreateAuthorizationServerRequest {
+	return ApiCreateAuthorizationServerRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServer
+func (a *AuthorizationServerApiService) CreateAuthorizationServerExecute(r ApiCreateAuthorizationServerRequest) (*AuthorizationServer, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServer
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.CreateAuthorizationServer")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.authorizationServer == nil {
+		return localVarReturnValue, nil, reportError("authorizationServer is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.authorizationServer
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateAuthorizationServerPolicyRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policy       *AuthorizationServerPolicy
+	retryCount   int32
+}
+
+func (r ApiCreateAuthorizationServerPolicyRequest) Policy(policy AuthorizationServerPolicy) ApiCreateAuthorizationServerPolicyRequest {
+	r.policy = &policy
+	return r
+}
+
+func (r ApiCreateAuthorizationServerPolicyRequest) Execute() (*AuthorizationServerPolicy, *APIResponse, error) {
+	return r.ApiService.CreateAuthorizationServerPolicyExecute(r)
+}
+
+/*
+CreateAuthorizationServerPolicy Create a Policy
+
+Creates a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiCreateAuthorizationServerPolicyRequest
+*/
+func (a *AuthorizationServerApiService) CreateAuthorizationServerPolicy(ctx context.Context, authServerId string) ApiCreateAuthorizationServerPolicyRequest {
+	return ApiCreateAuthorizationServerPolicyRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServerPolicy
+func (a *AuthorizationServerApiService) CreateAuthorizationServerPolicyExecute(r ApiCreateAuthorizationServerPolicyRequest) (*AuthorizationServerPolicy, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServerPolicy
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.CreateAuthorizationServerPolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policy == nil {
+		return localVarReturnValue, nil, reportError("policy is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policy
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateAuthorizationServerPolicyRuleRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	policyId     string
+	authServerId string
+	policyRule   *AuthorizationServerPolicyRule
+	retryCount   int32
+}
+
+func (r ApiCreateAuthorizationServerPolicyRuleRequest) PolicyRule(policyRule AuthorizationServerPolicyRule) ApiCreateAuthorizationServerPolicyRuleRequest {
+	r.policyRule = &policyRule
+	return r
+}
+
+func (r ApiCreateAuthorizationServerPolicyRuleRequest) Execute() (*AuthorizationServerPolicyRule, *APIResponse, error) {
+	return r.ApiService.CreateAuthorizationServerPolicyRuleExecute(r)
+}
+
+/*
+CreateAuthorizationServerPolicyRule Create a Policy Rule
+
+Creates a policy rule for the specified Custom Authorization Server and Policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param authServerId
+	@return ApiCreateAuthorizationServerPolicyRuleRequest
+*/
+func (a *AuthorizationServerApiService) CreateAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string) ApiCreateAuthorizationServerPolicyRuleRequest {
+	return ApiCreateAuthorizationServerPolicyRuleRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		policyId:     policyId,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServerPolicyRule
+func (a *AuthorizationServerApiService) CreateAuthorizationServerPolicyRuleExecute(r ApiCreateAuthorizationServerPolicyRuleRequest) (*AuthorizationServerPolicyRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServerPolicyRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.CreateAuthorizationServerPolicyRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policyRule == nil {
+		return localVarReturnValue, nil, reportError("policyRule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policyRule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateOAuth2ClaimRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	oAuth2Claim  *OAuth2Claim
+	retryCount   int32
+}
+
+func (r ApiCreateOAuth2ClaimRequest) OAuth2Claim(oAuth2Claim OAuth2Claim) ApiCreateOAuth2ClaimRequest {
+	r.oAuth2Claim = &oAuth2Claim
+	return r
+}
+
+func (r ApiCreateOAuth2ClaimRequest) Execute() (*OAuth2Claim, *APIResponse, error) {
+	return r.ApiService.CreateOAuth2ClaimExecute(r)
+}
+
+/*
+CreateOAuth2Claim Create a Custom Token Claim
+
+Creates a custom token claim
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiCreateOAuth2ClaimRequest
+*/
+func (a *AuthorizationServerApiService) CreateOAuth2Claim(ctx context.Context, authServerId string) ApiCreateOAuth2ClaimRequest {
+	return ApiCreateOAuth2ClaimRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2Claim
+func (a *AuthorizationServerApiService) CreateOAuth2ClaimExecute(r ApiCreateOAuth2ClaimRequest) (*OAuth2Claim, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2Claim
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.CreateOAuth2Claim")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/claims"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.oAuth2Claim == nil {
+		return localVarReturnValue, nil, reportError("oAuth2Claim is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.oAuth2Claim
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateOAuth2ScopeRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	oAuth2Scope  *OAuth2Scope
+	retryCount   int32
+}
+
+func (r ApiCreateOAuth2ScopeRequest) OAuth2Scope(oAuth2Scope OAuth2Scope) ApiCreateOAuth2ScopeRequest {
+	r.oAuth2Scope = &oAuth2Scope
+	return r
+}
+
+func (r ApiCreateOAuth2ScopeRequest) Execute() (*OAuth2Scope, *APIResponse, error) {
+	return r.ApiService.CreateOAuth2ScopeExecute(r)
+}
+
+/*
+CreateOAuth2Scope Create a Custom Token Scope
+
+Creates a custom token scope
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiCreateOAuth2ScopeRequest
+*/
+func (a *AuthorizationServerApiService) CreateOAuth2Scope(ctx context.Context, authServerId string) ApiCreateOAuth2ScopeRequest {
+	return ApiCreateOAuth2ScopeRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2Scope
+func (a *AuthorizationServerApiService) CreateOAuth2ScopeExecute(r ApiCreateOAuth2ScopeRequest) (*OAuth2Scope, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2Scope
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.CreateOAuth2Scope")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/scopes"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.oAuth2Scope == nil {
+		return localVarReturnValue, nil, reportError("oAuth2Scope is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.oAuth2Scope
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateAuthorizationServerRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiDeactivateAuthorizationServerRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateAuthorizationServerExecute(r)
+}
+
+/*
+DeactivateAuthorizationServer Deactivate an Authorization Server
+
+Deactivates an authorization server
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiDeactivateAuthorizationServerRequest
+*/
+func (a *AuthorizationServerApiService) DeactivateAuthorizationServer(ctx context.Context, authServerId string) ApiDeactivateAuthorizationServerRequest {
+	return ApiDeactivateAuthorizationServerRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeactivateAuthorizationServerExecute(r ApiDeactivateAuthorizationServerRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeactivateAuthorizationServer")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeactivateAuthorizationServerPolicyRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policyId     string
+	retryCount   int32
+}
+
+func (r ApiDeactivateAuthorizationServerPolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateAuthorizationServerPolicyExecute(r)
+}
+
+/*
+DeactivateAuthorizationServerPolicy Deactivate a Policy
+
+Deactivates an authorization server policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param policyId
+	@return ApiDeactivateAuthorizationServerPolicyRequest
+*/
+func (a *AuthorizationServerApiService) DeactivateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiDeactivateAuthorizationServerPolicyRequest {
+	return ApiDeactivateAuthorizationServerPolicyRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		policyId:     policyId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeactivateAuthorizationServerPolicyExecute(r ApiDeactivateAuthorizationServerPolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeactivateAuthorizationServerPolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeactivateAuthorizationServerPolicyRuleRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policyId     string
+	ruleId       string
+	retryCount   int32
+}
+
+func (r ApiDeactivateAuthorizationServerPolicyRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateAuthorizationServerPolicyRuleExecute(r)
+}
+
+/*
+DeactivateAuthorizationServerPolicyRule Deactivate a Policy Rule
+
+Deactivates an authorization server policy rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param policyId
+	@param ruleId
+	@return ApiDeactivateAuthorizationServerPolicyRuleRequest
+*/
+func (a *AuthorizationServerApiService) DeactivateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) ApiDeactivateAuthorizationServerPolicyRuleRequest {
+	return ApiDeactivateAuthorizationServerPolicyRuleRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		policyId:     policyId,
+		ruleId:       ruleId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeactivateAuthorizationServerPolicyRuleExecute(r ApiDeactivateAuthorizationServerPolicyRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeactivateAuthorizationServerPolicyRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteAuthorizationServerRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiDeleteAuthorizationServerRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteAuthorizationServerExecute(r)
+}
+
+/*
+DeleteAuthorizationServer Delete an Authorization Server
+
+Deletes an authorization server
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiDeleteAuthorizationServerRequest
+*/
+func (a *AuthorizationServerApiService) DeleteAuthorizationServer(ctx context.Context, authServerId string) ApiDeleteAuthorizationServerRequest {
+	return ApiDeleteAuthorizationServerRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeleteAuthorizationServerExecute(r ApiDeleteAuthorizationServerRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeleteAuthorizationServer")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteAuthorizationServerPolicyRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policyId     string
+	retryCount   int32
+}
+
+func (r ApiDeleteAuthorizationServerPolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteAuthorizationServerPolicyExecute(r)
+}
+
+/*
+DeleteAuthorizationServerPolicy Delete a Policy
+
+Deletes a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param policyId
+	@return ApiDeleteAuthorizationServerPolicyRequest
+*/
+func (a *AuthorizationServerApiService) DeleteAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiDeleteAuthorizationServerPolicyRequest {
+	return ApiDeleteAuthorizationServerPolicyRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		policyId:     policyId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeleteAuthorizationServerPolicyExecute(r ApiDeleteAuthorizationServerPolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeleteAuthorizationServerPolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteAuthorizationServerPolicyRuleRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	policyId     string
+	authServerId string
+	ruleId       string
+	retryCount   int32
+}
+
+func (r ApiDeleteAuthorizationServerPolicyRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteAuthorizationServerPolicyRuleExecute(r)
+}
+
+/*
+DeleteAuthorizationServerPolicyRule Delete a Policy Rule
+
+Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param authServerId
+	@param ruleId
+	@return ApiDeleteAuthorizationServerPolicyRuleRequest
+*/
+func (a *AuthorizationServerApiService) DeleteAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string, ruleId string) ApiDeleteAuthorizationServerPolicyRuleRequest {
+	return ApiDeleteAuthorizationServerPolicyRuleRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		policyId:     policyId,
+		authServerId: authServerId,
+		ruleId:       ruleId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeleteAuthorizationServerPolicyRuleExecute(r ApiDeleteAuthorizationServerPolicyRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeleteAuthorizationServerPolicyRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteOAuth2ClaimRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	claimId      string
+	retryCount   int32
+}
+
+func (r ApiDeleteOAuth2ClaimRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteOAuth2ClaimExecute(r)
+}
+
+/*
+DeleteOAuth2Claim Delete a Custom Token Claim
+
+Deletes a custom token claim
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param claimId
+	@return ApiDeleteOAuth2ClaimRequest
+*/
+func (a *AuthorizationServerApiService) DeleteOAuth2Claim(ctx context.Context, authServerId string, claimId string) ApiDeleteOAuth2ClaimRequest {
+	return ApiDeleteOAuth2ClaimRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		claimId:      claimId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeleteOAuth2ClaimExecute(r ApiDeleteOAuth2ClaimRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeleteOAuth2Claim")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/claims/{claimId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"claimId"+"}", url.PathEscape(parameterToString(r.claimId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteOAuth2ScopeRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	scopeId      string
+	retryCount   int32
+}
+
+func (r ApiDeleteOAuth2ScopeRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteOAuth2ScopeExecute(r)
+}
+
+/*
+DeleteOAuth2Scope Delete a Custom Token Scope
+
+Deletes a custom token scope
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param scopeId
+	@return ApiDeleteOAuth2ScopeRequest
+*/
+func (a *AuthorizationServerApiService) DeleteOAuth2Scope(ctx context.Context, authServerId string, scopeId string) ApiDeleteOAuth2ScopeRequest {
+	return ApiDeleteOAuth2ScopeRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		scopeId:      scopeId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) DeleteOAuth2ScopeExecute(r ApiDeleteOAuth2ScopeRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.DeleteOAuth2Scope")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"scopeId"+"}", url.PathEscape(parameterToString(r.scopeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetAuthorizationServerRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiGetAuthorizationServerRequest) Execute() (*AuthorizationServer, *APIResponse, error) {
+	return r.ApiService.GetAuthorizationServerExecute(r)
+}
+
+/*
+GetAuthorizationServer Retrieve an Authorization Server
+
+Retrieves an authorization server
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiGetAuthorizationServerRequest
+*/
+func (a *AuthorizationServerApiService) GetAuthorizationServer(ctx context.Context, authServerId string) ApiGetAuthorizationServerRequest {
+	return ApiGetAuthorizationServerRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServer
+func (a *AuthorizationServerApiService) GetAuthorizationServerExecute(r ApiGetAuthorizationServerRequest) (*AuthorizationServer, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServer
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.GetAuthorizationServer")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetAuthorizationServerPolicyRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policyId     string
+	retryCount   int32
+}
+
+func (r ApiGetAuthorizationServerPolicyRequest) Execute() (*AuthorizationServerPolicy, *APIResponse, error) {
+	return r.ApiService.GetAuthorizationServerPolicyExecute(r)
+}
+
+/*
+GetAuthorizationServerPolicy Retrieve a Policy
+
+Retrieves a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param policyId
+	@return ApiGetAuthorizationServerPolicyRequest
+*/
+func (a *AuthorizationServerApiService) GetAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiGetAuthorizationServerPolicyRequest {
+	return ApiGetAuthorizationServerPolicyRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		policyId:     policyId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServerPolicy
+func (a *AuthorizationServerApiService) GetAuthorizationServerPolicyExecute(r ApiGetAuthorizationServerPolicyRequest) (*AuthorizationServerPolicy, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServerPolicy
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.GetAuthorizationServerPolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetAuthorizationServerPolicyRuleRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	policyId     string
+	authServerId string
+	ruleId       string
+	retryCount   int32
+}
+
+func (r ApiGetAuthorizationServerPolicyRuleRequest) Execute() (*AuthorizationServerPolicyRule, *APIResponse, error) {
+	return r.ApiService.GetAuthorizationServerPolicyRuleExecute(r)
+}
+
+/*
+GetAuthorizationServerPolicyRule Retrieve a Policy Rule
+
+Retrieves a policy rule by `ruleId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param authServerId
+	@param ruleId
+	@return ApiGetAuthorizationServerPolicyRuleRequest
+*/
+func (a *AuthorizationServerApiService) GetAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string, ruleId string) ApiGetAuthorizationServerPolicyRuleRequest {
+	return ApiGetAuthorizationServerPolicyRuleRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		policyId:     policyId,
+		authServerId: authServerId,
+		ruleId:       ruleId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServerPolicyRule
+func (a *AuthorizationServerApiService) GetAuthorizationServerPolicyRuleExecute(r ApiGetAuthorizationServerPolicyRuleRequest) (*AuthorizationServerPolicyRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServerPolicyRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.GetAuthorizationServerPolicyRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOAuth2ClaimRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	claimId      string
+	retryCount   int32
+}
+
+func (r ApiGetOAuth2ClaimRequest) Execute() (*OAuth2Claim, *APIResponse, error) {
+	return r.ApiService.GetOAuth2ClaimExecute(r)
+}
+
+/*
+GetOAuth2Claim Retrieve a Custom Token Claim
+
+Retrieves a custom token claim
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param claimId
+	@return ApiGetOAuth2ClaimRequest
+*/
+func (a *AuthorizationServerApiService) GetOAuth2Claim(ctx context.Context, authServerId string, claimId string) ApiGetOAuth2ClaimRequest {
+	return ApiGetOAuth2ClaimRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		claimId:      claimId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2Claim
+func (a *AuthorizationServerApiService) GetOAuth2ClaimExecute(r ApiGetOAuth2ClaimRequest) (*OAuth2Claim, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2Claim
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.GetOAuth2Claim")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/claims/{claimId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"claimId"+"}", url.PathEscape(parameterToString(r.claimId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOAuth2ScopeRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	scopeId      string
+	retryCount   int32
+}
+
+func (r ApiGetOAuth2ScopeRequest) Execute() (*OAuth2Scope, *APIResponse, error) {
+	return r.ApiService.GetOAuth2ScopeExecute(r)
+}
+
+/*
+GetOAuth2Scope Retrieve a Custom Token Scope
+
+Retrieves a custom token scope
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param scopeId
+	@return ApiGetOAuth2ScopeRequest
+*/
+func (a *AuthorizationServerApiService) GetOAuth2Scope(ctx context.Context, authServerId string, scopeId string) ApiGetOAuth2ScopeRequest {
+	return ApiGetOAuth2ScopeRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		scopeId:      scopeId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2Scope
+func (a *AuthorizationServerApiService) GetOAuth2ScopeExecute(r ApiGetOAuth2ScopeRequest) (*OAuth2Scope, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2Scope
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.GetOAuth2Scope")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"scopeId"+"}", url.PathEscape(parameterToString(r.scopeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetRefreshTokenForAuthorizationServerAndClientRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	clientId     string
+	tokenId      string
+	expand       *string
+	retryCount   int32
+}
+
+func (r ApiGetRefreshTokenForAuthorizationServerAndClientRequest) Expand(expand string) ApiGetRefreshTokenForAuthorizationServerAndClientRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetRefreshTokenForAuthorizationServerAndClientRequest) Execute() (*OAuth2RefreshToken, *APIResponse, error) {
+	return r.ApiService.GetRefreshTokenForAuthorizationServerAndClientExecute(r)
+}
+
+/*
+GetRefreshTokenForAuthorizationServerAndClient Retrieve a Refresh Token for a Client
+
+Retrieves a refresh token for a client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param clientId
+	@param tokenId
+	@return ApiGetRefreshTokenForAuthorizationServerAndClientRequest
+*/
+func (a *AuthorizationServerApiService) GetRefreshTokenForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string, tokenId string) ApiGetRefreshTokenForAuthorizationServerAndClientRequest {
+	return ApiGetRefreshTokenForAuthorizationServerAndClientRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		clientId:     clientId,
+		tokenId:      tokenId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2RefreshToken
+func (a *AuthorizationServerApiService) GetRefreshTokenForAuthorizationServerAndClientExecute(r ApiGetRefreshTokenForAuthorizationServerAndClientRequest) (*OAuth2RefreshToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2RefreshToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.GetRefreshTokenForAuthorizationServerAndClient")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"tokenId"+"}", url.PathEscape(parameterToString(r.tokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAuthorizationServerKeysRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiListAuthorizationServerKeysRequest) Execute() ([]JsonWebKey, *APIResponse, error) {
+	return r.ApiService.ListAuthorizationServerKeysExecute(r)
+}
+
+/*
+ListAuthorizationServerKeys List all Credential Keys
+
+Lists all credential keys
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiListAuthorizationServerKeysRequest
+*/
+func (a *AuthorizationServerApiService) ListAuthorizationServerKeys(ctx context.Context, authServerId string) ApiListAuthorizationServerKeysRequest {
+	return ApiListAuthorizationServerKeysRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []JsonWebKey
+func (a *AuthorizationServerApiService) ListAuthorizationServerKeysExecute(r ApiListAuthorizationServerKeysRequest) ([]JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListAuthorizationServerKeys")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/credentials/keys"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAuthorizationServerPoliciesRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiListAuthorizationServerPoliciesRequest) Execute() ([]AuthorizationServerPolicy, *APIResponse, error) {
+	return r.ApiService.ListAuthorizationServerPoliciesExecute(r)
+}
+
+/*
+ListAuthorizationServerPolicies List all Policies
+
+Lists all policies
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiListAuthorizationServerPoliciesRequest
+*/
+func (a *AuthorizationServerApiService) ListAuthorizationServerPolicies(ctx context.Context, authServerId string) ApiListAuthorizationServerPoliciesRequest {
+	return ApiListAuthorizationServerPoliciesRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []AuthorizationServerPolicy
+func (a *AuthorizationServerApiService) ListAuthorizationServerPoliciesExecute(r ApiListAuthorizationServerPoliciesRequest) ([]AuthorizationServerPolicy, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AuthorizationServerPolicy
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListAuthorizationServerPolicies")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAuthorizationServerPolicyRulesRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	policyId     string
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiListAuthorizationServerPolicyRulesRequest) Execute() ([]AuthorizationServerPolicyRule, *APIResponse, error) {
+	return r.ApiService.ListAuthorizationServerPolicyRulesExecute(r)
+}
+
+/*
+ListAuthorizationServerPolicyRules List all Policy Rules
+
+Lists all policy rules for the specified Custom Authorization Server and Policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param authServerId
+	@return ApiListAuthorizationServerPolicyRulesRequest
+*/
+func (a *AuthorizationServerApiService) ListAuthorizationServerPolicyRules(ctx context.Context, policyId string, authServerId string) ApiListAuthorizationServerPolicyRulesRequest {
+	return ApiListAuthorizationServerPolicyRulesRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		policyId:     policyId,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []AuthorizationServerPolicyRule
+func (a *AuthorizationServerApiService) ListAuthorizationServerPolicyRulesExecute(r ApiListAuthorizationServerPolicyRulesRequest) ([]AuthorizationServerPolicyRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AuthorizationServerPolicyRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListAuthorizationServerPolicyRules")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAuthorizationServersRequest struct {
+	ctx        context.Context
+	ApiService AuthorizationServerApi
+	q          *string
+	limit      *int32
+	after      *string
+	retryCount int32
+}
+
+func (r ApiListAuthorizationServersRequest) Q(q string) ApiListAuthorizationServersRequest {
+	r.q = &q
+	return r
+}
+
+func (r ApiListAuthorizationServersRequest) Limit(limit int32) ApiListAuthorizationServersRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListAuthorizationServersRequest) After(after string) ApiListAuthorizationServersRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListAuthorizationServersRequest) Execute() ([]AuthorizationServer, *APIResponse, error) {
+	return r.ApiService.ListAuthorizationServersExecute(r)
+}
+
+/*
+ListAuthorizationServers List all Authorization Servers
+
+Lists all authorization servers
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListAuthorizationServersRequest
+*/
+func (a *AuthorizationServerApiService) ListAuthorizationServers(ctx context.Context) ApiListAuthorizationServersRequest {
+	return ApiListAuthorizationServersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []AuthorizationServer
+func (a *AuthorizationServerApiService) ListAuthorizationServersExecute(r ApiListAuthorizationServersRequest) ([]AuthorizationServer, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AuthorizationServer
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListAuthorizationServers")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListOAuth2ClaimsRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiListOAuth2ClaimsRequest) Execute() ([]OAuth2Claim, *APIResponse, error) {
+	return r.ApiService.ListOAuth2ClaimsExecute(r)
+}
+
+/*
+ListOAuth2Claims List all Custom Token Claims
+
+Lists all custom token claims
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiListOAuth2ClaimsRequest
+*/
+func (a *AuthorizationServerApiService) ListOAuth2Claims(ctx context.Context, authServerId string) ApiListOAuth2ClaimsRequest {
+	return ApiListOAuth2ClaimsRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2Claim
+func (a *AuthorizationServerApiService) ListOAuth2ClaimsExecute(r ApiListOAuth2ClaimsRequest) ([]OAuth2Claim, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2Claim
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListOAuth2Claims")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/claims"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListOAuth2ClientsForAuthorizationServerRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	retryCount   int32
+}
+
+func (r ApiListOAuth2ClientsForAuthorizationServerRequest) Execute() ([]OAuth2Client, *APIResponse, error) {
+	return r.ApiService.ListOAuth2ClientsForAuthorizationServerExecute(r)
+}
+
+/*
+ListOAuth2ClientsForAuthorizationServer List all Clients
+
+Lists all clients
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiListOAuth2ClientsForAuthorizationServerRequest
+*/
+func (a *AuthorizationServerApiService) ListOAuth2ClientsForAuthorizationServer(ctx context.Context, authServerId string) ApiListOAuth2ClientsForAuthorizationServerRequest {
+	return ApiListOAuth2ClientsForAuthorizationServerRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2Client
+func (a *AuthorizationServerApiService) ListOAuth2ClientsForAuthorizationServerExecute(r ApiListOAuth2ClientsForAuthorizationServerRequest) ([]OAuth2Client, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2Client
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListOAuth2ClientsForAuthorizationServer")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/clients"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListOAuth2ScopesRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	q            *string
+	filter       *string
+	cursor       *string
+	limit        *int32
+	retryCount   int32
+}
+
+func (r ApiListOAuth2ScopesRequest) Q(q string) ApiListOAuth2ScopesRequest {
+	r.q = &q
+	return r
+}
+
+func (r ApiListOAuth2ScopesRequest) Filter(filter string) ApiListOAuth2ScopesRequest {
+	r.filter = &filter
+	return r
+}
+
+func (r ApiListOAuth2ScopesRequest) Cursor(cursor string) ApiListOAuth2ScopesRequest {
+	r.cursor = &cursor
+	return r
+}
+
+func (r ApiListOAuth2ScopesRequest) Limit(limit int32) ApiListOAuth2ScopesRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListOAuth2ScopesRequest) Execute() ([]OAuth2Scope, *APIResponse, error) {
+	return r.ApiService.ListOAuth2ScopesExecute(r)
+}
+
+/*
+ListOAuth2Scopes List all Custom Token Scopes
+
+Lists all custom token scopes
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiListOAuth2ScopesRequest
+*/
+func (a *AuthorizationServerApiService) ListOAuth2Scopes(ctx context.Context, authServerId string) ApiListOAuth2ScopesRequest {
+	return ApiListOAuth2ScopesRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2Scope
+func (a *AuthorizationServerApiService) ListOAuth2ScopesExecute(r ApiListOAuth2ScopesRequest) ([]OAuth2Scope, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2Scope
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListOAuth2Scopes")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/scopes"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.cursor != nil {
+		localVarQueryParams.Add("cursor", parameterToString(*r.cursor, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListRefreshTokensForAuthorizationServerAndClientRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	clientId     string
+	expand       *string
+	after        *string
+	limit        *int32
+	retryCount   int32
+}
+
+func (r ApiListRefreshTokensForAuthorizationServerAndClientRequest) Expand(expand string) ApiListRefreshTokensForAuthorizationServerAndClientRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListRefreshTokensForAuthorizationServerAndClientRequest) After(after string) ApiListRefreshTokensForAuthorizationServerAndClientRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListRefreshTokensForAuthorizationServerAndClientRequest) Limit(limit int32) ApiListRefreshTokensForAuthorizationServerAndClientRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListRefreshTokensForAuthorizationServerAndClientRequest) Execute() ([]OAuth2RefreshToken, *APIResponse, error) {
+	return r.ApiService.ListRefreshTokensForAuthorizationServerAndClientExecute(r)
+}
+
+/*
+ListRefreshTokensForAuthorizationServerAndClient List all Refresh Tokens for a Client
+
+Lists all refresh tokens for a client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param clientId
+	@return ApiListRefreshTokensForAuthorizationServerAndClientRequest
+*/
+func (a *AuthorizationServerApiService) ListRefreshTokensForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string) ApiListRefreshTokensForAuthorizationServerAndClientRequest {
+	return ApiListRefreshTokensForAuthorizationServerAndClientRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		clientId:     clientId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2RefreshToken
+func (a *AuthorizationServerApiService) ListRefreshTokensForAuthorizationServerAndClientExecute(r ApiListRefreshTokensForAuthorizationServerAndClientRequest) ([]OAuth2RefreshToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2RefreshToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ListRefreshTokensForAuthorizationServerAndClient")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceAuthorizationServerRequest struct {
+	ctx                 context.Context
+	ApiService          AuthorizationServerApi
+	authServerId        string
+	authorizationServer *AuthorizationServer
+	retryCount          int32
+}
+
+func (r ApiReplaceAuthorizationServerRequest) AuthorizationServer(authorizationServer AuthorizationServer) ApiReplaceAuthorizationServerRequest {
+	r.authorizationServer = &authorizationServer
+	return r
+}
+
+func (r ApiReplaceAuthorizationServerRequest) Execute() (*AuthorizationServer, *APIResponse, error) {
+	return r.ApiService.ReplaceAuthorizationServerExecute(r)
+}
+
+/*
+ReplaceAuthorizationServer Replace an Authorization Server
+
+Replaces an authorization server
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiReplaceAuthorizationServerRequest
+*/
+func (a *AuthorizationServerApiService) ReplaceAuthorizationServer(ctx context.Context, authServerId string) ApiReplaceAuthorizationServerRequest {
+	return ApiReplaceAuthorizationServerRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServer
+func (a *AuthorizationServerApiService) ReplaceAuthorizationServerExecute(r ApiReplaceAuthorizationServerRequest) (*AuthorizationServer, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServer
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ReplaceAuthorizationServer")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.authorizationServer == nil {
+		return localVarReturnValue, nil, reportError("authorizationServer is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.authorizationServer
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceAuthorizationServerPolicyRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	policyId     string
+	policy       *AuthorizationServerPolicy
+	retryCount   int32
+}
+
+func (r ApiReplaceAuthorizationServerPolicyRequest) Policy(policy AuthorizationServerPolicy) ApiReplaceAuthorizationServerPolicyRequest {
+	r.policy = &policy
+	return r
+}
+
+func (r ApiReplaceAuthorizationServerPolicyRequest) Execute() (*AuthorizationServerPolicy, *APIResponse, error) {
+	return r.ApiService.ReplaceAuthorizationServerPolicyExecute(r)
+}
+
+/*
+ReplaceAuthorizationServerPolicy Replace a Policy
+
+Replaces a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param policyId
+	@return ApiReplaceAuthorizationServerPolicyRequest
+*/
+func (a *AuthorizationServerApiService) ReplaceAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) ApiReplaceAuthorizationServerPolicyRequest {
+	return ApiReplaceAuthorizationServerPolicyRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		policyId:     policyId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServerPolicy
+func (a *AuthorizationServerApiService) ReplaceAuthorizationServerPolicyExecute(r ApiReplaceAuthorizationServerPolicyRequest) (*AuthorizationServerPolicy, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServerPolicy
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ReplaceAuthorizationServerPolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policy == nil {
+		return localVarReturnValue, nil, reportError("policy is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policy
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceAuthorizationServerPolicyRuleRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	policyId     string
+	authServerId string
+	ruleId       string
+	policyRule   *AuthorizationServerPolicyRule
+	retryCount   int32
+}
+
+func (r ApiReplaceAuthorizationServerPolicyRuleRequest) PolicyRule(policyRule AuthorizationServerPolicyRule) ApiReplaceAuthorizationServerPolicyRuleRequest {
+	r.policyRule = &policyRule
+	return r
+}
+
+func (r ApiReplaceAuthorizationServerPolicyRuleRequest) Execute() (*AuthorizationServerPolicyRule, *APIResponse, error) {
+	return r.ApiService.ReplaceAuthorizationServerPolicyRuleExecute(r)
+}
+
+/*
+ReplaceAuthorizationServerPolicyRule Replace a Policy Rule
+
+Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param authServerId
+	@param ruleId
+	@return ApiReplaceAuthorizationServerPolicyRuleRequest
+*/
+func (a *AuthorizationServerApiService) ReplaceAuthorizationServerPolicyRule(ctx context.Context, policyId string, authServerId string, ruleId string) ApiReplaceAuthorizationServerPolicyRuleRequest {
+	return ApiReplaceAuthorizationServerPolicyRuleRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		policyId:     policyId,
+		authServerId: authServerId,
+		ruleId:       ruleId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return AuthorizationServerPolicyRule
+func (a *AuthorizationServerApiService) ReplaceAuthorizationServerPolicyRuleExecute(r ApiReplaceAuthorizationServerPolicyRuleRequest) (*AuthorizationServerPolicyRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *AuthorizationServerPolicyRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ReplaceAuthorizationServerPolicyRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policyRule == nil {
+		return localVarReturnValue, nil, reportError("policyRule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policyRule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceOAuth2ClaimRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	claimId      string
+	oAuth2Claim  *OAuth2Claim
+	retryCount   int32
+}
+
+func (r ApiReplaceOAuth2ClaimRequest) OAuth2Claim(oAuth2Claim OAuth2Claim) ApiReplaceOAuth2ClaimRequest {
+	r.oAuth2Claim = &oAuth2Claim
+	return r
+}
+
+func (r ApiReplaceOAuth2ClaimRequest) Execute() (*OAuth2Claim, *APIResponse, error) {
+	return r.ApiService.ReplaceOAuth2ClaimExecute(r)
+}
+
+/*
+ReplaceOAuth2Claim Replace a Custom Token Claim
+
+Replaces a custom token claim
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param claimId
+	@return ApiReplaceOAuth2ClaimRequest
+*/
+func (a *AuthorizationServerApiService) ReplaceOAuth2Claim(ctx context.Context, authServerId string, claimId string) ApiReplaceOAuth2ClaimRequest {
+	return ApiReplaceOAuth2ClaimRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		claimId:      claimId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2Claim
+func (a *AuthorizationServerApiService) ReplaceOAuth2ClaimExecute(r ApiReplaceOAuth2ClaimRequest) (*OAuth2Claim, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2Claim
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ReplaceOAuth2Claim")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/claims/{claimId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"claimId"+"}", url.PathEscape(parameterToString(r.claimId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.oAuth2Claim == nil {
+		return localVarReturnValue, nil, reportError("oAuth2Claim is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.oAuth2Claim
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceOAuth2ScopeRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	scopeId      string
+	oAuth2Scope  *OAuth2Scope
+	retryCount   int32
+}
+
+func (r ApiReplaceOAuth2ScopeRequest) OAuth2Scope(oAuth2Scope OAuth2Scope) ApiReplaceOAuth2ScopeRequest {
+	r.oAuth2Scope = &oAuth2Scope
+	return r
+}
+
+func (r ApiReplaceOAuth2ScopeRequest) Execute() (*OAuth2Scope, *APIResponse, error) {
+	return r.ApiService.ReplaceOAuth2ScopeExecute(r)
+}
+
+/*
+ReplaceOAuth2Scope Replace a Custom Token Scope
+
+Replaces a custom token scope
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param scopeId
+	@return ApiReplaceOAuth2ScopeRequest
+*/
+func (a *AuthorizationServerApiService) ReplaceOAuth2Scope(ctx context.Context, authServerId string, scopeId string) ApiReplaceOAuth2ScopeRequest {
+	return ApiReplaceOAuth2ScopeRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		scopeId:      scopeId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2Scope
+func (a *AuthorizationServerApiService) ReplaceOAuth2ScopeExecute(r ApiReplaceOAuth2ScopeRequest) (*OAuth2Scope, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2Scope
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.ReplaceOAuth2Scope")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"scopeId"+"}", url.PathEscape(parameterToString(r.scopeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.oAuth2Scope == nil {
+		return localVarReturnValue, nil, reportError("oAuth2Scope is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.oAuth2Scope
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	clientId     string
+	tokenId      string
+	retryCount   int32
+}
+
+func (r ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeRefreshTokenForAuthorizationServerAndClientExecute(r)
+}
+
+/*
+RevokeRefreshTokenForAuthorizationServerAndClient Revoke a Refresh Token for a Client
+
+Revokes a refresh token for a client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param clientId
+	@param tokenId
+	@return ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest
+*/
+func (a *AuthorizationServerApiService) RevokeRefreshTokenForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string, tokenId string) ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest {
+	return ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		clientId:     clientId,
+		tokenId:      tokenId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) RevokeRefreshTokenForAuthorizationServerAndClientExecute(r ApiRevokeRefreshTokenForAuthorizationServerAndClientRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.RevokeRefreshTokenForAuthorizationServerAndClient")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"tokenId"+"}", url.PathEscape(parameterToString(r.tokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	clientId     string
+	retryCount   int32
+}
+
+func (r ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeRefreshTokensForAuthorizationServerAndClientExecute(r)
+}
+
+/*
+RevokeRefreshTokensForAuthorizationServerAndClient Revoke all Refresh Tokens for a Client
+
+Revokes all refresh tokens for a client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@param clientId
+	@return ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest
+*/
+func (a *AuthorizationServerApiService) RevokeRefreshTokensForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string) ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest {
+	return ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		clientId:     clientId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *AuthorizationServerApiService) RevokeRefreshTokensForAuthorizationServerAndClientExecute(r ApiRevokeRefreshTokensForAuthorizationServerAndClientRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.RevokeRefreshTokensForAuthorizationServerAndClient")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRotateAuthorizationServerKeysRequest struct {
+	ctx          context.Context
+	ApiService   AuthorizationServerApi
+	authServerId string
+	use          *JwkUse
+	retryCount   int32
+}
+
+func (r ApiRotateAuthorizationServerKeysRequest) Use(use JwkUse) ApiRotateAuthorizationServerKeysRequest {
+	r.use = &use
+	return r
+}
+
+func (r ApiRotateAuthorizationServerKeysRequest) Execute() ([]JsonWebKey, *APIResponse, error) {
+	return r.ApiService.RotateAuthorizationServerKeysExecute(r)
+}
+
+/*
+RotateAuthorizationServerKeys Rotate all Credential Keys
+
+Rotates all credential keys
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param authServerId
+	@return ApiRotateAuthorizationServerKeysRequest
+*/
+func (a *AuthorizationServerApiService) RotateAuthorizationServerKeys(ctx context.Context, authServerId string) ApiRotateAuthorizationServerKeysRequest {
+	return ApiRotateAuthorizationServerKeysRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		authServerId: authServerId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []JsonWebKey
+func (a *AuthorizationServerApiService) RotateAuthorizationServerKeysExecute(r ApiRotateAuthorizationServerKeysRequest) ([]JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AuthorizationServerApiService.RotateAuthorizationServerKeys")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate"
+	localVarPath = strings.Replace(localVarPath, "{"+"authServerId"+"}", url.PathEscape(parameterToString(r.authServerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.use == nil {
+		return localVarReturnValue, nil, reportError("use is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.use
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_behavior.go b/okta/api_behavior.go
new file mode 100644
index 000000000..b8333229c
--- /dev/null
+++ b/okta/api_behavior.go
@@ -0,0 +1,1305 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type BehaviorApi interface {
+	/*
+		ActivateBehaviorDetectionRule Activate a Behavior Detection Rule
+
+		Activates a behavior detection rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param behaviorId id of the Behavior Detection Rule
+		@return ApiActivateBehaviorDetectionRuleRequest
+	*/
+	ActivateBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiActivateBehaviorDetectionRuleRequest
+
+	// ActivateBehaviorDetectionRuleExecute executes the request
+	//  @return ListBehaviorDetectionRules200ResponseInner
+	ActivateBehaviorDetectionRuleExecute(r ApiActivateBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error)
+
+	/*
+		CreateBehaviorDetectionRule Create a Behavior Detection Rule
+
+		Creates a new behavior detection rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateBehaviorDetectionRuleRequest
+	*/
+	CreateBehaviorDetectionRule(ctx context.Context) ApiCreateBehaviorDetectionRuleRequest
+
+	// CreateBehaviorDetectionRuleExecute executes the request
+	//  @return BehaviorRule
+	CreateBehaviorDetectionRuleExecute(r ApiCreateBehaviorDetectionRuleRequest) (*BehaviorRule, *APIResponse, error)
+
+	/*
+		DeactivateBehaviorDetectionRule Deactivate a Behavior Detection Rule
+
+		Deactivates a behavior detection rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param behaviorId id of the Behavior Detection Rule
+		@return ApiDeactivateBehaviorDetectionRuleRequest
+	*/
+	DeactivateBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiDeactivateBehaviorDetectionRuleRequest
+
+	// DeactivateBehaviorDetectionRuleExecute executes the request
+	//  @return ListBehaviorDetectionRules200ResponseInner
+	DeactivateBehaviorDetectionRuleExecute(r ApiDeactivateBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error)
+
+	/*
+		DeleteBehaviorDetectionRule Delete a Behavior Detection Rule
+
+		Deletes a Behavior Detection Rule by `behaviorId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param behaviorId id of the Behavior Detection Rule
+		@return ApiDeleteBehaviorDetectionRuleRequest
+	*/
+	DeleteBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiDeleteBehaviorDetectionRuleRequest
+
+	// DeleteBehaviorDetectionRuleExecute executes the request
+	DeleteBehaviorDetectionRuleExecute(r ApiDeleteBehaviorDetectionRuleRequest) (*APIResponse, error)
+
+	/*
+		GetBehaviorDetectionRule Retrieve a Behavior Detection Rule
+
+		Retrieves a Behavior Detection Rule by `behaviorId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param behaviorId id of the Behavior Detection Rule
+		@return ApiGetBehaviorDetectionRuleRequest
+	*/
+	GetBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiGetBehaviorDetectionRuleRequest
+
+	// GetBehaviorDetectionRuleExecute executes the request
+	//  @return ListBehaviorDetectionRules200ResponseInner
+	GetBehaviorDetectionRuleExecute(r ApiGetBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error)
+
+	/*
+		ListBehaviorDetectionRules List all Behavior Detection Rules
+
+		Lists all behavior detection rules with pagination support
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListBehaviorDetectionRulesRequest
+	*/
+	ListBehaviorDetectionRules(ctx context.Context) ApiListBehaviorDetectionRulesRequest
+
+	// ListBehaviorDetectionRulesExecute executes the request
+	//  @return []ListBehaviorDetectionRules200ResponseInner
+	ListBehaviorDetectionRulesExecute(r ApiListBehaviorDetectionRulesRequest) ([]ListBehaviorDetectionRules200ResponseInner, *APIResponse, error)
+
+	/*
+		ReplaceBehaviorDetectionRule Replace a Behavior Detection Rule
+
+		Replaces a Behavior Detection Rule by `behaviorId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param behaviorId id of the Behavior Detection Rule
+		@return ApiReplaceBehaviorDetectionRuleRequest
+	*/
+	ReplaceBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiReplaceBehaviorDetectionRuleRequest
+
+	// ReplaceBehaviorDetectionRuleExecute executes the request
+	//  @return ListBehaviorDetectionRules200ResponseInner
+	ReplaceBehaviorDetectionRuleExecute(r ApiReplaceBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error)
+}
+
+// BehaviorApiService BehaviorApi service
+type BehaviorApiService service
+
+type ApiActivateBehaviorDetectionRuleRequest struct {
+	ctx        context.Context
+	ApiService BehaviorApi
+	behaviorId string
+	retryCount int32
+}
+
+func (r ApiActivateBehaviorDetectionRuleRequest) Execute() (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ActivateBehaviorDetectionRuleExecute(r)
+}
+
+/*
+ActivateBehaviorDetectionRule Activate a Behavior Detection Rule
+
+Activates a behavior detection rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param behaviorId id of the Behavior Detection Rule
+	@return ApiActivateBehaviorDetectionRuleRequest
+*/
+func (a *BehaviorApiService) ActivateBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiActivateBehaviorDetectionRuleRequest {
+	return ApiActivateBehaviorDetectionRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		behaviorId: behaviorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListBehaviorDetectionRules200ResponseInner
+func (a *BehaviorApiService) ActivateBehaviorDetectionRuleExecute(r ApiActivateBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListBehaviorDetectionRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "BehaviorApiService.ActivateBehaviorDetectionRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/behaviors/{behaviorId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"behaviorId"+"}", url.PathEscape(parameterToString(r.behaviorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateBehaviorDetectionRuleRequest struct {
+	ctx        context.Context
+	ApiService BehaviorApi
+	rule       *ListBehaviorDetectionRules200ResponseInner
+	retryCount int32
+}
+
+func (r ApiCreateBehaviorDetectionRuleRequest) Rule(rule ListBehaviorDetectionRules200ResponseInner) ApiCreateBehaviorDetectionRuleRequest {
+	r.rule = &rule
+	return r
+}
+
+func (r ApiCreateBehaviorDetectionRuleRequest) Execute() (*BehaviorRule, *APIResponse, error) {
+	return r.ApiService.CreateBehaviorDetectionRuleExecute(r)
+}
+
+/*
+CreateBehaviorDetectionRule Create a Behavior Detection Rule
+
+Creates a new behavior detection rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateBehaviorDetectionRuleRequest
+*/
+func (a *BehaviorApiService) CreateBehaviorDetectionRule(ctx context.Context) ApiCreateBehaviorDetectionRuleRequest {
+	return ApiCreateBehaviorDetectionRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return BehaviorRule
+func (a *BehaviorApiService) CreateBehaviorDetectionRuleExecute(r ApiCreateBehaviorDetectionRuleRequest) (*BehaviorRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *BehaviorRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "BehaviorApiService.CreateBehaviorDetectionRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/behaviors"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.rule == nil {
+		return localVarReturnValue, nil, reportError("rule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.rule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateBehaviorDetectionRuleRequest struct {
+	ctx        context.Context
+	ApiService BehaviorApi
+	behaviorId string
+	retryCount int32
+}
+
+func (r ApiDeactivateBehaviorDetectionRuleRequest) Execute() (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.DeactivateBehaviorDetectionRuleExecute(r)
+}
+
+/*
+DeactivateBehaviorDetectionRule Deactivate a Behavior Detection Rule
+
+Deactivates a behavior detection rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param behaviorId id of the Behavior Detection Rule
+	@return ApiDeactivateBehaviorDetectionRuleRequest
+*/
+func (a *BehaviorApiService) DeactivateBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiDeactivateBehaviorDetectionRuleRequest {
+	return ApiDeactivateBehaviorDetectionRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		behaviorId: behaviorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListBehaviorDetectionRules200ResponseInner
+func (a *BehaviorApiService) DeactivateBehaviorDetectionRuleExecute(r ApiDeactivateBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListBehaviorDetectionRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "BehaviorApiService.DeactivateBehaviorDetectionRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/behaviors/{behaviorId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"behaviorId"+"}", url.PathEscape(parameterToString(r.behaviorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteBehaviorDetectionRuleRequest struct {
+	ctx        context.Context
+	ApiService BehaviorApi
+	behaviorId string
+	retryCount int32
+}
+
+func (r ApiDeleteBehaviorDetectionRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteBehaviorDetectionRuleExecute(r)
+}
+
+/*
+DeleteBehaviorDetectionRule Delete a Behavior Detection Rule
+
+Deletes a Behavior Detection Rule by `behaviorId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param behaviorId id of the Behavior Detection Rule
+	@return ApiDeleteBehaviorDetectionRuleRequest
+*/
+func (a *BehaviorApiService) DeleteBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiDeleteBehaviorDetectionRuleRequest {
+	return ApiDeleteBehaviorDetectionRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		behaviorId: behaviorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *BehaviorApiService) DeleteBehaviorDetectionRuleExecute(r ApiDeleteBehaviorDetectionRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "BehaviorApiService.DeleteBehaviorDetectionRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/behaviors/{behaviorId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"behaviorId"+"}", url.PathEscape(parameterToString(r.behaviorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetBehaviorDetectionRuleRequest struct {
+	ctx        context.Context
+	ApiService BehaviorApi
+	behaviorId string
+	retryCount int32
+}
+
+func (r ApiGetBehaviorDetectionRuleRequest) Execute() (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetBehaviorDetectionRuleExecute(r)
+}
+
+/*
+GetBehaviorDetectionRule Retrieve a Behavior Detection Rule
+
+Retrieves a Behavior Detection Rule by `behaviorId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param behaviorId id of the Behavior Detection Rule
+	@return ApiGetBehaviorDetectionRuleRequest
+*/
+func (a *BehaviorApiService) GetBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiGetBehaviorDetectionRuleRequest {
+	return ApiGetBehaviorDetectionRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		behaviorId: behaviorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListBehaviorDetectionRules200ResponseInner
+func (a *BehaviorApiService) GetBehaviorDetectionRuleExecute(r ApiGetBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListBehaviorDetectionRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "BehaviorApiService.GetBehaviorDetectionRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/behaviors/{behaviorId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"behaviorId"+"}", url.PathEscape(parameterToString(r.behaviorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListBehaviorDetectionRulesRequest struct {
+	ctx        context.Context
+	ApiService BehaviorApi
+	retryCount int32
+}
+
+func (r ApiListBehaviorDetectionRulesRequest) Execute() ([]ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListBehaviorDetectionRulesExecute(r)
+}
+
+/*
+ListBehaviorDetectionRules List all Behavior Detection Rules
+
+Lists all behavior detection rules with pagination support
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListBehaviorDetectionRulesRequest
+*/
+func (a *BehaviorApiService) ListBehaviorDetectionRules(ctx context.Context) ApiListBehaviorDetectionRulesRequest {
+	return ApiListBehaviorDetectionRulesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListBehaviorDetectionRules200ResponseInner
+func (a *BehaviorApiService) ListBehaviorDetectionRulesExecute(r ApiListBehaviorDetectionRulesRequest) ([]ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListBehaviorDetectionRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "BehaviorApiService.ListBehaviorDetectionRules")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/behaviors"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceBehaviorDetectionRuleRequest struct {
+	ctx        context.Context
+	ApiService BehaviorApi
+	behaviorId string
+	rule       *ListBehaviorDetectionRules200ResponseInner
+	retryCount int32
+}
+
+func (r ApiReplaceBehaviorDetectionRuleRequest) Rule(rule ListBehaviorDetectionRules200ResponseInner) ApiReplaceBehaviorDetectionRuleRequest {
+	r.rule = &rule
+	return r
+}
+
+func (r ApiReplaceBehaviorDetectionRuleRequest) Execute() (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ReplaceBehaviorDetectionRuleExecute(r)
+}
+
+/*
+ReplaceBehaviorDetectionRule Replace a Behavior Detection Rule
+
+Replaces a Behavior Detection Rule by `behaviorId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param behaviorId id of the Behavior Detection Rule
+	@return ApiReplaceBehaviorDetectionRuleRequest
+*/
+func (a *BehaviorApiService) ReplaceBehaviorDetectionRule(ctx context.Context, behaviorId string) ApiReplaceBehaviorDetectionRuleRequest {
+	return ApiReplaceBehaviorDetectionRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		behaviorId: behaviorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListBehaviorDetectionRules200ResponseInner
+func (a *BehaviorApiService) ReplaceBehaviorDetectionRuleExecute(r ApiReplaceBehaviorDetectionRuleRequest) (*ListBehaviorDetectionRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListBehaviorDetectionRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "BehaviorApiService.ReplaceBehaviorDetectionRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/behaviors/{behaviorId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"behaviorId"+"}", url.PathEscape(parameterToString(r.behaviorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.rule == nil {
+		return localVarReturnValue, nil, reportError("rule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.rule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_captcha.go b/okta/api_captcha.go
new file mode 100644
index 000000000..200cb029c
--- /dev/null
+++ b/okta/api_captcha.go
@@ -0,0 +1,1147 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type CAPTCHAApi interface {
+	/*
+		CreateCaptchaInstance Create a CAPTCHA instance
+
+		Creates a new CAPTCHA instance. In the current release, we only allow one CAPTCHA instance per org.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateCaptchaInstanceRequest
+	*/
+	CreateCaptchaInstance(ctx context.Context) ApiCreateCaptchaInstanceRequest
+
+	// CreateCaptchaInstanceExecute executes the request
+	//  @return CAPTCHAInstance
+	CreateCaptchaInstanceExecute(r ApiCreateCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error)
+
+	/*
+		DeleteCaptchaInstance Delete a CAPTCHA Instance
+
+		Deletes a CAPTCHA instance by `captchaId`. If the CAPTCHA instance is currently being used in the org, the delete will not be allowed.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param captchaId id of the CAPTCHA
+		@return ApiDeleteCaptchaInstanceRequest
+	*/
+	DeleteCaptchaInstance(ctx context.Context, captchaId string) ApiDeleteCaptchaInstanceRequest
+
+	// DeleteCaptchaInstanceExecute executes the request
+	DeleteCaptchaInstanceExecute(r ApiDeleteCaptchaInstanceRequest) (*APIResponse, error)
+
+	/*
+		GetCaptchaInstance Retrieve a CAPTCHA Instance
+
+		Retrieves a CAPTCHA instance by `captchaId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param captchaId id of the CAPTCHA
+		@return ApiGetCaptchaInstanceRequest
+	*/
+	GetCaptchaInstance(ctx context.Context, captchaId string) ApiGetCaptchaInstanceRequest
+
+	// GetCaptchaInstanceExecute executes the request
+	//  @return CAPTCHAInstance
+	GetCaptchaInstanceExecute(r ApiGetCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error)
+
+	/*
+		ListCaptchaInstances List all CAPTCHA instances
+
+		Lists all CAPTCHA instances with pagination support. A subset of CAPTCHA instances can be returned that match a supported filter expression or query.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListCaptchaInstancesRequest
+	*/
+	ListCaptchaInstances(ctx context.Context) ApiListCaptchaInstancesRequest
+
+	// ListCaptchaInstancesExecute executes the request
+	//  @return []CAPTCHAInstance
+	ListCaptchaInstancesExecute(r ApiListCaptchaInstancesRequest) ([]CAPTCHAInstance, *APIResponse, error)
+
+	/*
+		ReplaceCaptchaInstance Replace a CAPTCHA instance
+
+		Replaces a CAPTCHA instance by `captchaId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param captchaId id of the CAPTCHA
+		@return ApiReplaceCaptchaInstanceRequest
+	*/
+	ReplaceCaptchaInstance(ctx context.Context, captchaId string) ApiReplaceCaptchaInstanceRequest
+
+	// ReplaceCaptchaInstanceExecute executes the request
+	//  @return CAPTCHAInstance
+	ReplaceCaptchaInstanceExecute(r ApiReplaceCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error)
+
+	/*
+		UpdateCaptchaInstance Update a CAPTCHA instance
+
+		Partially updates a CAPTCHA instance by `captchaId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param captchaId id of the CAPTCHA
+		@return ApiUpdateCaptchaInstanceRequest
+	*/
+	UpdateCaptchaInstance(ctx context.Context, captchaId string) ApiUpdateCaptchaInstanceRequest
+
+	// UpdateCaptchaInstanceExecute executes the request
+	//  @return CAPTCHAInstance
+	UpdateCaptchaInstanceExecute(r ApiUpdateCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error)
+}
+
+// CAPTCHAApiService CAPTCHAApi service
+type CAPTCHAApiService service
+
+type ApiCreateCaptchaInstanceRequest struct {
+	ctx        context.Context
+	ApiService CAPTCHAApi
+	instance   *CAPTCHAInstance
+	retryCount int32
+}
+
+func (r ApiCreateCaptchaInstanceRequest) Instance(instance CAPTCHAInstance) ApiCreateCaptchaInstanceRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiCreateCaptchaInstanceRequest) Execute() (*CAPTCHAInstance, *APIResponse, error) {
+	return r.ApiService.CreateCaptchaInstanceExecute(r)
+}
+
+/*
+CreateCaptchaInstance Create a CAPTCHA instance
+
+Creates a new CAPTCHA instance. In the current release, we only allow one CAPTCHA instance per org.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateCaptchaInstanceRequest
+*/
+func (a *CAPTCHAApiService) CreateCaptchaInstance(ctx context.Context) ApiCreateCaptchaInstanceRequest {
+	return ApiCreateCaptchaInstanceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CAPTCHAInstance
+func (a *CAPTCHAApiService) CreateCaptchaInstanceExecute(r ApiCreateCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CAPTCHAInstance
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CAPTCHAApiService.CreateCaptchaInstance")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/captchas"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteCaptchaInstanceRequest struct {
+	ctx        context.Context
+	ApiService CAPTCHAApi
+	captchaId  string
+	retryCount int32
+}
+
+func (r ApiDeleteCaptchaInstanceRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteCaptchaInstanceExecute(r)
+}
+
+/*
+DeleteCaptchaInstance Delete a CAPTCHA Instance
+
+Deletes a CAPTCHA instance by `captchaId`. If the CAPTCHA instance is currently being used in the org, the delete will not be allowed.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param captchaId id of the CAPTCHA
+	@return ApiDeleteCaptchaInstanceRequest
+*/
+func (a *CAPTCHAApiService) DeleteCaptchaInstance(ctx context.Context, captchaId string) ApiDeleteCaptchaInstanceRequest {
+	return ApiDeleteCaptchaInstanceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		captchaId:  captchaId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CAPTCHAApiService) DeleteCaptchaInstanceExecute(r ApiDeleteCaptchaInstanceRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CAPTCHAApiService.DeleteCaptchaInstance")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/captchas/{captchaId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"captchaId"+"}", url.PathEscape(parameterToString(r.captchaId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetCaptchaInstanceRequest struct {
+	ctx        context.Context
+	ApiService CAPTCHAApi
+	captchaId  string
+	retryCount int32
+}
+
+func (r ApiGetCaptchaInstanceRequest) Execute() (*CAPTCHAInstance, *APIResponse, error) {
+	return r.ApiService.GetCaptchaInstanceExecute(r)
+}
+
+/*
+GetCaptchaInstance Retrieve a CAPTCHA Instance
+
+Retrieves a CAPTCHA instance by `captchaId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param captchaId id of the CAPTCHA
+	@return ApiGetCaptchaInstanceRequest
+*/
+func (a *CAPTCHAApiService) GetCaptchaInstance(ctx context.Context, captchaId string) ApiGetCaptchaInstanceRequest {
+	return ApiGetCaptchaInstanceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		captchaId:  captchaId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CAPTCHAInstance
+func (a *CAPTCHAApiService) GetCaptchaInstanceExecute(r ApiGetCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CAPTCHAInstance
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CAPTCHAApiService.GetCaptchaInstance")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/captchas/{captchaId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"captchaId"+"}", url.PathEscape(parameterToString(r.captchaId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListCaptchaInstancesRequest struct {
+	ctx        context.Context
+	ApiService CAPTCHAApi
+	retryCount int32
+}
+
+func (r ApiListCaptchaInstancesRequest) Execute() ([]CAPTCHAInstance, *APIResponse, error) {
+	return r.ApiService.ListCaptchaInstancesExecute(r)
+}
+
+/*
+ListCaptchaInstances List all CAPTCHA instances
+
+Lists all CAPTCHA instances with pagination support. A subset of CAPTCHA instances can be returned that match a supported filter expression or query.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListCaptchaInstancesRequest
+*/
+func (a *CAPTCHAApiService) ListCaptchaInstances(ctx context.Context) ApiListCaptchaInstancesRequest {
+	return ApiListCaptchaInstancesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []CAPTCHAInstance
+func (a *CAPTCHAApiService) ListCaptchaInstancesExecute(r ApiListCaptchaInstancesRequest) ([]CAPTCHAInstance, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []CAPTCHAInstance
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CAPTCHAApiService.ListCaptchaInstances")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/captchas"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceCaptchaInstanceRequest struct {
+	ctx        context.Context
+	ApiService CAPTCHAApi
+	captchaId  string
+	instance   *CAPTCHAInstance
+	retryCount int32
+}
+
+func (r ApiReplaceCaptchaInstanceRequest) Instance(instance CAPTCHAInstance) ApiReplaceCaptchaInstanceRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiReplaceCaptchaInstanceRequest) Execute() (*CAPTCHAInstance, *APIResponse, error) {
+	return r.ApiService.ReplaceCaptchaInstanceExecute(r)
+}
+
+/*
+ReplaceCaptchaInstance Replace a CAPTCHA instance
+
+Replaces a CAPTCHA instance by `captchaId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param captchaId id of the CAPTCHA
+	@return ApiReplaceCaptchaInstanceRequest
+*/
+func (a *CAPTCHAApiService) ReplaceCaptchaInstance(ctx context.Context, captchaId string) ApiReplaceCaptchaInstanceRequest {
+	return ApiReplaceCaptchaInstanceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		captchaId:  captchaId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CAPTCHAInstance
+func (a *CAPTCHAApiService) ReplaceCaptchaInstanceExecute(r ApiReplaceCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CAPTCHAInstance
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CAPTCHAApiService.ReplaceCaptchaInstance")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/captchas/{captchaId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"captchaId"+"}", url.PathEscape(parameterToString(r.captchaId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateCaptchaInstanceRequest struct {
+	ctx        context.Context
+	ApiService CAPTCHAApi
+	captchaId  string
+	instance   *CAPTCHAInstance
+	retryCount int32
+}
+
+func (r ApiUpdateCaptchaInstanceRequest) Instance(instance CAPTCHAInstance) ApiUpdateCaptchaInstanceRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiUpdateCaptchaInstanceRequest) Execute() (*CAPTCHAInstance, *APIResponse, error) {
+	return r.ApiService.UpdateCaptchaInstanceExecute(r)
+}
+
+/*
+UpdateCaptchaInstance Update a CAPTCHA instance
+
+Partially updates a CAPTCHA instance by `captchaId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param captchaId id of the CAPTCHA
+	@return ApiUpdateCaptchaInstanceRequest
+*/
+func (a *CAPTCHAApiService) UpdateCaptchaInstance(ctx context.Context, captchaId string) ApiUpdateCaptchaInstanceRequest {
+	return ApiUpdateCaptchaInstanceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		captchaId:  captchaId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CAPTCHAInstance
+func (a *CAPTCHAApiService) UpdateCaptchaInstanceExecute(r ApiUpdateCaptchaInstanceRequest) (*CAPTCHAInstance, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CAPTCHAInstance
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CAPTCHAApiService.UpdateCaptchaInstance")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/captchas/{captchaId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"captchaId"+"}", url.PathEscape(parameterToString(r.captchaId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_customization.go b/okta/api_customization.go
new file mode 100644
index 000000000..717da9f01
--- /dev/null
+++ b/okta/api_customization.go
@@ -0,0 +1,9560 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+)
+
+type CustomizationApi interface {
+	/*
+		CreateBrand Create a Brand
+
+		Creates new brand in your org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateBrandRequest
+	*/
+	CreateBrand(ctx context.Context) ApiCreateBrandRequest
+
+	// CreateBrandExecute executes the request
+	//  @return Brand
+	CreateBrandExecute(r ApiCreateBrandRequest) (*Brand, *APIResponse, error)
+
+	/*
+		CreateEmailCustomization Create an Email Customization
+
+		Creates a new email customization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiCreateEmailCustomizationRequest
+	*/
+	CreateEmailCustomization(ctx context.Context, brandId string, templateName string) ApiCreateEmailCustomizationRequest
+
+	// CreateEmailCustomizationExecute executes the request
+	//  @return EmailCustomization
+	CreateEmailCustomizationExecute(r ApiCreateEmailCustomizationRequest) (*EmailCustomization, *APIResponse, error)
+
+	/*
+		DeleteAllCustomizations Delete all Email Customizations
+
+		Deletes all customizations for an email template
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiDeleteAllCustomizationsRequest
+	*/
+	DeleteAllCustomizations(ctx context.Context, brandId string, templateName string) ApiDeleteAllCustomizationsRequest
+
+	// DeleteAllCustomizationsExecute executes the request
+	DeleteAllCustomizationsExecute(r ApiDeleteAllCustomizationsRequest) (*APIResponse, error)
+
+	/*
+		DeleteBrand Delete a brand
+
+		Deletes a brand by its unique identifier
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiDeleteBrandRequest
+	*/
+	DeleteBrand(ctx context.Context, brandId string) ApiDeleteBrandRequest
+
+	// DeleteBrandExecute executes the request
+	DeleteBrandExecute(r ApiDeleteBrandRequest) (*APIResponse, error)
+
+	/*
+		DeleteBrandThemeBackgroundImage Delete the Background Image
+
+		Deletes a Theme background image
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiDeleteBrandThemeBackgroundImageRequest
+	*/
+	DeleteBrandThemeBackgroundImage(ctx context.Context, brandId string, themeId string) ApiDeleteBrandThemeBackgroundImageRequest
+
+	// DeleteBrandThemeBackgroundImageExecute executes the request
+	DeleteBrandThemeBackgroundImageExecute(r ApiDeleteBrandThemeBackgroundImageRequest) (*APIResponse, error)
+
+	/*
+		DeleteBrandThemeFavicon Delete the Favicon
+
+		Deletes a Theme favicon. The theme will use the default Okta favicon.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiDeleteBrandThemeFaviconRequest
+	*/
+	DeleteBrandThemeFavicon(ctx context.Context, brandId string, themeId string) ApiDeleteBrandThemeFaviconRequest
+
+	// DeleteBrandThemeFaviconExecute executes the request
+	DeleteBrandThemeFaviconExecute(r ApiDeleteBrandThemeFaviconRequest) (*APIResponse, error)
+
+	/*
+		DeleteBrandThemeLogo Delete the Logo
+
+		Deletes a Theme logo. The theme will use the default Okta logo.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiDeleteBrandThemeLogoRequest
+	*/
+	DeleteBrandThemeLogo(ctx context.Context, brandId string, themeId string) ApiDeleteBrandThemeLogoRequest
+
+	// DeleteBrandThemeLogoExecute executes the request
+	DeleteBrandThemeLogoExecute(r ApiDeleteBrandThemeLogoRequest) (*APIResponse, error)
+
+	/*
+		DeleteEmailCustomization Delete an Email Customization
+
+		Deletes an email customization by its unique identifier
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@param customizationId The ID of the email customization.
+		@return ApiDeleteEmailCustomizationRequest
+	*/
+	DeleteEmailCustomization(ctx context.Context, brandId string, templateName string, customizationId string) ApiDeleteEmailCustomizationRequest
+
+	// DeleteEmailCustomizationExecute executes the request
+	DeleteEmailCustomizationExecute(r ApiDeleteEmailCustomizationRequest) (*APIResponse, error)
+
+	/*
+		GetBrand Retrieve a Brand
+
+		Retrieves a brand by `brandId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetBrandRequest
+	*/
+	GetBrand(ctx context.Context, brandId string) ApiGetBrandRequest
+
+	// GetBrandExecute executes the request
+	//  @return Brand
+	GetBrandExecute(r ApiGetBrandRequest) (*Brand, *APIResponse, error)
+
+	/*
+		GetBrandTheme Retrieve a Theme
+
+		Retrieves a theme for a brand
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiGetBrandThemeRequest
+	*/
+	GetBrandTheme(ctx context.Context, brandId string, themeId string) ApiGetBrandThemeRequest
+
+	// GetBrandThemeExecute executes the request
+	//  @return ThemeResponse
+	GetBrandThemeExecute(r ApiGetBrandThemeRequest) (*ThemeResponse, *APIResponse, error)
+
+	/*
+		GetCustomizationPreview Retrieve a Preview of an Email Customization
+
+		Retrieves a preview of an email customization. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@param customizationId The ID of the email customization.
+		@return ApiGetCustomizationPreviewRequest
+	*/
+	GetCustomizationPreview(ctx context.Context, brandId string, templateName string, customizationId string) ApiGetCustomizationPreviewRequest
+
+	// GetCustomizationPreviewExecute executes the request
+	//  @return EmailPreview
+	GetCustomizationPreviewExecute(r ApiGetCustomizationPreviewRequest) (*EmailPreview, *APIResponse, error)
+
+	/*
+		GetCustomizedErrorPage Retrieve the Customized Error Page
+
+		Retrieves the customized error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetCustomizedErrorPageRequest
+	*/
+	GetCustomizedErrorPage(ctx context.Context, brandId string) ApiGetCustomizedErrorPageRequest
+
+	// GetCustomizedErrorPageExecute executes the request
+	//  @return CustomizablePage
+	GetCustomizedErrorPageExecute(r ApiGetCustomizedErrorPageRequest) (*CustomizablePage, *APIResponse, error)
+
+	/*
+		GetCustomizedSignInPage Retrieve the Customized Sign-in Page
+
+		Retrieves the customized sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetCustomizedSignInPageRequest
+	*/
+	GetCustomizedSignInPage(ctx context.Context, brandId string) ApiGetCustomizedSignInPageRequest
+
+	// GetCustomizedSignInPageExecute executes the request
+	//  @return SignInPage
+	GetCustomizedSignInPageExecute(r ApiGetCustomizedSignInPageRequest) (*SignInPage, *APIResponse, error)
+
+	/*
+		GetDefaultErrorPage Retrieve the Default Error Page
+
+		Retrieves the default error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetDefaultErrorPageRequest
+	*/
+	GetDefaultErrorPage(ctx context.Context, brandId string) ApiGetDefaultErrorPageRequest
+
+	// GetDefaultErrorPageExecute executes the request
+	//  @return CustomizablePage
+	GetDefaultErrorPageExecute(r ApiGetDefaultErrorPageRequest) (*CustomizablePage, *APIResponse, error)
+
+	/*
+		GetDefaultSignInPage Retrieve the Default Sign-in Page
+
+		Retrieves the default sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetDefaultSignInPageRequest
+	*/
+	GetDefaultSignInPage(ctx context.Context, brandId string) ApiGetDefaultSignInPageRequest
+
+	// GetDefaultSignInPageExecute executes the request
+	//  @return SignInPage
+	GetDefaultSignInPageExecute(r ApiGetDefaultSignInPageRequest) (*SignInPage, *APIResponse, error)
+
+	/*
+		GetEmailCustomization Retrieve an Email Customization
+
+		Retrieves an email customization by its unique identifier
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@param customizationId The ID of the email customization.
+		@return ApiGetEmailCustomizationRequest
+	*/
+	GetEmailCustomization(ctx context.Context, brandId string, templateName string, customizationId string) ApiGetEmailCustomizationRequest
+
+	// GetEmailCustomizationExecute executes the request
+	//  @return EmailCustomization
+	GetEmailCustomizationExecute(r ApiGetEmailCustomizationRequest) (*EmailCustomization, *APIResponse, error)
+
+	/*
+		GetEmailDefaultContent Retrieve an Email Template Default Content
+
+		Retrieves an email template's default content
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiGetEmailDefaultContentRequest
+	*/
+	GetEmailDefaultContent(ctx context.Context, brandId string, templateName string) ApiGetEmailDefaultContentRequest
+
+	// GetEmailDefaultContentExecute executes the request
+	//  @return EmailDefaultContent
+	GetEmailDefaultContentExecute(r ApiGetEmailDefaultContentRequest) (*EmailDefaultContent, *APIResponse, error)
+
+	/*
+		GetEmailDefaultPreview Retrieve a Preview of the Email Template Default Content
+
+		Retrieves a preview of an email template's default content. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiGetEmailDefaultPreviewRequest
+	*/
+	GetEmailDefaultPreview(ctx context.Context, brandId string, templateName string) ApiGetEmailDefaultPreviewRequest
+
+	// GetEmailDefaultPreviewExecute executes the request
+	//  @return EmailPreview
+	GetEmailDefaultPreviewExecute(r ApiGetEmailDefaultPreviewRequest) (*EmailPreview, *APIResponse, error)
+
+	/*
+		GetEmailSettings Retrieve the Email Template Settings
+
+		Retrieves an email template's settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiGetEmailSettingsRequest
+	*/
+	GetEmailSettings(ctx context.Context, brandId string, templateName string) ApiGetEmailSettingsRequest
+
+	// GetEmailSettingsExecute executes the request
+	//  @return EmailSettings
+	GetEmailSettingsExecute(r ApiGetEmailSettingsRequest) (*EmailSettings, *APIResponse, error)
+
+	/*
+		GetEmailTemplate Retrieve an Email Template
+
+		Retrieves the details of an email template by name
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiGetEmailTemplateRequest
+	*/
+	GetEmailTemplate(ctx context.Context, brandId string, templateName string) ApiGetEmailTemplateRequest
+
+	// GetEmailTemplateExecute executes the request
+	//  @return EmailTemplate
+	GetEmailTemplateExecute(r ApiGetEmailTemplateRequest) (*EmailTemplate, *APIResponse, error)
+
+	/*
+		GetErrorPage Retrieve the Error Page
+
+		Retrieves the error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetErrorPageRequest
+	*/
+	GetErrorPage(ctx context.Context, brandId string) ApiGetErrorPageRequest
+
+	// GetErrorPageExecute executes the request
+	//  @return PageRoot
+	GetErrorPageExecute(r ApiGetErrorPageRequest) (*PageRoot, *APIResponse, error)
+
+	/*
+		GetPreviewErrorPage Retrieve the Preview Error Page Preview
+
+		Retrieves the preview error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetPreviewErrorPageRequest
+	*/
+	GetPreviewErrorPage(ctx context.Context, brandId string) ApiGetPreviewErrorPageRequest
+
+	// GetPreviewErrorPageExecute executes the request
+	//  @return CustomizablePage
+	GetPreviewErrorPageExecute(r ApiGetPreviewErrorPageRequest) (*CustomizablePage, *APIResponse, error)
+
+	/*
+		GetPreviewSignInPage Retrieve the Preview Sign-in Page Preview
+
+		Retrieves the preview sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetPreviewSignInPageRequest
+	*/
+	GetPreviewSignInPage(ctx context.Context, brandId string) ApiGetPreviewSignInPageRequest
+
+	// GetPreviewSignInPageExecute executes the request
+	//  @return SignInPage
+	GetPreviewSignInPageExecute(r ApiGetPreviewSignInPageRequest) (*SignInPage, *APIResponse, error)
+
+	/*
+		GetSignInPage Retrieve the Sign-in Page
+
+		Retrieves the sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetSignInPageRequest
+	*/
+	GetSignInPage(ctx context.Context, brandId string) ApiGetSignInPageRequest
+
+	// GetSignInPageExecute executes the request
+	//  @return PageRoot
+	GetSignInPageExecute(r ApiGetSignInPageRequest) (*PageRoot, *APIResponse, error)
+
+	/*
+		GetSignOutPageSettings Retrieve the Sign-out Page Settings
+
+		Retrieves the sign-out page settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiGetSignOutPageSettingsRequest
+	*/
+	GetSignOutPageSettings(ctx context.Context, brandId string) ApiGetSignOutPageSettingsRequest
+
+	// GetSignOutPageSettingsExecute executes the request
+	//  @return HostedPage
+	GetSignOutPageSettingsExecute(r ApiGetSignOutPageSettingsRequest) (*HostedPage, *APIResponse, error)
+
+	/*
+		LinkBrandDomain Link a Brand to a Domain
+
+		Links a brand to a domain by `domainId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiLinkBrandDomainRequest
+	*/
+	LinkBrandDomain(ctx context.Context, brandId string) ApiLinkBrandDomainRequest
+
+	// LinkBrandDomainExecute executes the request
+	//  @return BrandDomain
+	LinkBrandDomainExecute(r ApiLinkBrandDomainRequest) (*BrandDomain, *APIResponse, error)
+
+	/*
+		ListAllSignInWidgetVersions List all Sign-in Widget Versions
+
+		Lists all sign-in widget versions
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiListAllSignInWidgetVersionsRequest
+	*/
+	ListAllSignInWidgetVersions(ctx context.Context, brandId string) ApiListAllSignInWidgetVersionsRequest
+
+	// ListAllSignInWidgetVersionsExecute executes the request
+	//  @return []string
+	ListAllSignInWidgetVersionsExecute(r ApiListAllSignInWidgetVersionsRequest) ([]string, *APIResponse, error)
+
+	/*
+		ListBrandDomains List all Domains associated with a Brand
+
+		Lists all domains associated with a brand by `brandId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiListBrandDomainsRequest
+	*/
+	ListBrandDomains(ctx context.Context, brandId string) ApiListBrandDomainsRequest
+
+	// ListBrandDomainsExecute executes the request
+	//  @return []DomainResponse
+	ListBrandDomainsExecute(r ApiListBrandDomainsRequest) ([]DomainResponse, *APIResponse, error)
+
+	/*
+		ListBrandThemes List all Themes
+
+		Lists all the themes in your brand
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiListBrandThemesRequest
+	*/
+	ListBrandThemes(ctx context.Context, brandId string) ApiListBrandThemesRequest
+
+	// ListBrandThemesExecute executes the request
+	//  @return []ThemeResponse
+	ListBrandThemesExecute(r ApiListBrandThemesRequest) ([]ThemeResponse, *APIResponse, error)
+
+	/*
+		ListBrands List all Brands
+
+		Lists all the brands in your org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListBrandsRequest
+	*/
+	ListBrands(ctx context.Context) ApiListBrandsRequest
+
+	// ListBrandsExecute executes the request
+	//  @return []Brand
+	ListBrandsExecute(r ApiListBrandsRequest) ([]Brand, *APIResponse, error)
+
+	/*
+		ListEmailCustomizations List all Email Customizations
+
+		Lists all customizations of an email template
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiListEmailCustomizationsRequest
+	*/
+	ListEmailCustomizations(ctx context.Context, brandId string, templateName string) ApiListEmailCustomizationsRequest
+
+	// ListEmailCustomizationsExecute executes the request
+	//  @return []EmailCustomization
+	ListEmailCustomizationsExecute(r ApiListEmailCustomizationsRequest) ([]EmailCustomization, *APIResponse, error)
+
+	/*
+		ListEmailTemplates List all Email Templates
+
+		Lists all email templates
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiListEmailTemplatesRequest
+	*/
+	ListEmailTemplates(ctx context.Context, brandId string) ApiListEmailTemplatesRequest
+
+	// ListEmailTemplatesExecute executes the request
+	//  @return []EmailTemplate
+	ListEmailTemplatesExecute(r ApiListEmailTemplatesRequest) ([]EmailTemplate, *APIResponse, error)
+
+	/*
+		ReplaceBrand Replace a Brand
+
+		Replaces a brand by `brandId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiReplaceBrandRequest
+	*/
+	ReplaceBrand(ctx context.Context, brandId string) ApiReplaceBrandRequest
+
+	// ReplaceBrandExecute executes the request
+	//  @return Brand
+	ReplaceBrandExecute(r ApiReplaceBrandRequest) (*Brand, *APIResponse, error)
+
+	/*
+		ReplaceBrandTheme Replace a Theme
+
+		Replaces a theme for a brand
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiReplaceBrandThemeRequest
+	*/
+	ReplaceBrandTheme(ctx context.Context, brandId string, themeId string) ApiReplaceBrandThemeRequest
+
+	// ReplaceBrandThemeExecute executes the request
+	//  @return ThemeResponse
+	ReplaceBrandThemeExecute(r ApiReplaceBrandThemeRequest) (*ThemeResponse, *APIResponse, error)
+
+	/*
+		ReplaceCustomizedErrorPage Replace the Customized Error Page
+
+		Replaces the customized error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiReplaceCustomizedErrorPageRequest
+	*/
+	ReplaceCustomizedErrorPage(ctx context.Context, brandId string) ApiReplaceCustomizedErrorPageRequest
+
+	// ReplaceCustomizedErrorPageExecute executes the request
+	//  @return CustomizablePage
+	ReplaceCustomizedErrorPageExecute(r ApiReplaceCustomizedErrorPageRequest) (*CustomizablePage, *APIResponse, error)
+
+	/*
+		ReplaceCustomizedSignInPage Replace the Customized Sign-in Page
+
+		Replaces the customized sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiReplaceCustomizedSignInPageRequest
+	*/
+	ReplaceCustomizedSignInPage(ctx context.Context, brandId string) ApiReplaceCustomizedSignInPageRequest
+
+	// ReplaceCustomizedSignInPageExecute executes the request
+	//  @return SignInPage
+	ReplaceCustomizedSignInPageExecute(r ApiReplaceCustomizedSignInPageRequest) (*SignInPage, *APIResponse, error)
+
+	/*
+		ReplaceEmailCustomization Replace an Email Customization
+
+		Replaces an existing email customization using the property values provided
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@param customizationId The ID of the email customization.
+		@return ApiReplaceEmailCustomizationRequest
+	*/
+	ReplaceEmailCustomization(ctx context.Context, brandId string, templateName string, customizationId string) ApiReplaceEmailCustomizationRequest
+
+	// ReplaceEmailCustomizationExecute executes the request
+	//  @return EmailCustomization
+	ReplaceEmailCustomizationExecute(r ApiReplaceEmailCustomizationRequest) (*EmailCustomization, *APIResponse, error)
+
+	/*
+		ReplaceEmailSettings Replace the Email Template Settings
+
+		Replaces an email template's settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param templateName The name of the email template.
+		@return ApiReplaceEmailSettingsRequest
+	*/
+	ReplaceEmailSettings(ctx context.Context, brandId string, templateName string) ApiReplaceEmailSettingsRequest
+
+	// ReplaceEmailSettingsExecute executes the request
+	ReplaceEmailSettingsExecute(r ApiReplaceEmailSettingsRequest) (*APIResponse, error)
+
+	/*
+		ReplacePreviewErrorPage Replace the Preview Error Page
+
+		Replaces the preview error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiReplacePreviewErrorPageRequest
+	*/
+	ReplacePreviewErrorPage(ctx context.Context, brandId string) ApiReplacePreviewErrorPageRequest
+
+	// ReplacePreviewErrorPageExecute executes the request
+	//  @return CustomizablePage
+	ReplacePreviewErrorPageExecute(r ApiReplacePreviewErrorPageRequest) (*CustomizablePage, *APIResponse, error)
+
+	/*
+		ReplacePreviewSignInPage Replace the Preview Sign-in Page
+
+		Replaces the preview sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiReplacePreviewSignInPageRequest
+	*/
+	ReplacePreviewSignInPage(ctx context.Context, brandId string) ApiReplacePreviewSignInPageRequest
+
+	// ReplacePreviewSignInPageExecute executes the request
+	//  @return SignInPage
+	ReplacePreviewSignInPageExecute(r ApiReplacePreviewSignInPageRequest) (*SignInPage, *APIResponse, error)
+
+	/*
+		ReplaceSignOutPageSettings Replace the Sign-out Page Settings
+
+		Replaces the sign-out page settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiReplaceSignOutPageSettingsRequest
+	*/
+	ReplaceSignOutPageSettings(ctx context.Context, brandId string) ApiReplaceSignOutPageSettingsRequest
+
+	// ReplaceSignOutPageSettingsExecute executes the request
+	//  @return HostedPage
+	ReplaceSignOutPageSettingsExecute(r ApiReplaceSignOutPageSettingsRequest) (*HostedPage, *APIResponse, error)
+
+	/*
+		ResetCustomizedErrorPage Reset the Customized Error Page
+
+		Resets the customized error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiResetCustomizedErrorPageRequest
+	*/
+	ResetCustomizedErrorPage(ctx context.Context, brandId string) ApiResetCustomizedErrorPageRequest
+
+	// ResetCustomizedErrorPageExecute executes the request
+	ResetCustomizedErrorPageExecute(r ApiResetCustomizedErrorPageRequest) (*APIResponse, error)
+
+	/*
+		ResetCustomizedSignInPage Reset the Customized Sign-in Page
+
+		Resets the customized sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiResetCustomizedSignInPageRequest
+	*/
+	ResetCustomizedSignInPage(ctx context.Context, brandId string) ApiResetCustomizedSignInPageRequest
+
+	// ResetCustomizedSignInPageExecute executes the request
+	ResetCustomizedSignInPageExecute(r ApiResetCustomizedSignInPageRequest) (*APIResponse, error)
+
+	/*
+		ResetPreviewErrorPage Reset the Preview Error Page
+
+		Resets the preview error page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiResetPreviewErrorPageRequest
+	*/
+	ResetPreviewErrorPage(ctx context.Context, brandId string) ApiResetPreviewErrorPageRequest
+
+	// ResetPreviewErrorPageExecute executes the request
+	ResetPreviewErrorPageExecute(r ApiResetPreviewErrorPageRequest) (*APIResponse, error)
+
+	/*
+		ResetPreviewSignInPage Reset the Preview Sign-in Page
+
+		Resets the preview sign-in page
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@return ApiResetPreviewSignInPageRequest
+	*/
+	ResetPreviewSignInPage(ctx context.Context, brandId string) ApiResetPreviewSignInPageRequest
+
+	// ResetPreviewSignInPageExecute executes the request
+	ResetPreviewSignInPageExecute(r ApiResetPreviewSignInPageRequest) (*APIResponse, error)
+
+	/*
+			SendTestEmail Send a Test Email
+
+			Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
+		1. The email customization for the language specified in the `language` query parameter.
+		2. The email template's default customization.
+		3. The email template’s default content, translated to the current user's language.
+
+			@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			@param brandId The ID of the brand.
+			@param templateName The name of the email template.
+			@return ApiSendTestEmailRequest
+	*/
+	SendTestEmail(ctx context.Context, brandId string, templateName string) ApiSendTestEmailRequest
+
+	// SendTestEmailExecute executes the request
+	SendTestEmailExecute(r ApiSendTestEmailRequest) (*APIResponse, error)
+
+	/*
+		UnlinkBrandDomain Unlink a Brand from a Domain
+
+		Unlinks a brand and domain by their identifiers
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param domainId The ID of the domain.
+		@return ApiUnlinkBrandDomainRequest
+	*/
+	UnlinkBrandDomain(ctx context.Context, brandId string, domainId string) ApiUnlinkBrandDomainRequest
+
+	// UnlinkBrandDomainExecute executes the request
+	UnlinkBrandDomainExecute(r ApiUnlinkBrandDomainRequest) (*APIResponse, error)
+
+	/*
+		UploadBrandThemeBackgroundImage Upload the Background Image
+
+		Uploads and replaces the background image for the theme. The file must be in PNG, JPG, or GIF format and less than 2 MB in size.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiUploadBrandThemeBackgroundImageRequest
+	*/
+	UploadBrandThemeBackgroundImage(ctx context.Context, brandId string, themeId string) ApiUploadBrandThemeBackgroundImageRequest
+
+	// UploadBrandThemeBackgroundImageExecute executes the request
+	//  @return ImageUploadResponse
+	UploadBrandThemeBackgroundImageExecute(r ApiUploadBrandThemeBackgroundImageRequest) (*ImageUploadResponse, *APIResponse, error)
+
+	/*
+		UploadBrandThemeFavicon Upload the Favicon
+
+		Uploads and replaces the favicon for the theme
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiUploadBrandThemeFaviconRequest
+	*/
+	UploadBrandThemeFavicon(ctx context.Context, brandId string, themeId string) ApiUploadBrandThemeFaviconRequest
+
+	// UploadBrandThemeFaviconExecute executes the request
+	//  @return ImageUploadResponse
+	UploadBrandThemeFaviconExecute(r ApiUploadBrandThemeFaviconRequest) (*ImageUploadResponse, *APIResponse, error)
+
+	/*
+		UploadBrandThemeLogo Upload the Logo
+
+		Uploads and replaces the logo for the theme. The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param brandId The ID of the brand.
+		@param themeId The ID of the theme.
+		@return ApiUploadBrandThemeLogoRequest
+	*/
+	UploadBrandThemeLogo(ctx context.Context, brandId string, themeId string) ApiUploadBrandThemeLogoRequest
+
+	// UploadBrandThemeLogoExecute executes the request
+	//  @return ImageUploadResponse
+	UploadBrandThemeLogoExecute(r ApiUploadBrandThemeLogoRequest) (*ImageUploadResponse, *APIResponse, error)
+}
+
+// CustomizationApiService CustomizationApi service
+type CustomizationApiService service
+
+type ApiCreateBrandRequest struct {
+	ctx                context.Context
+	ApiService         CustomizationApi
+	createBrandRequest *CreateBrandRequest
+	retryCount         int32
+}
+
+func (r ApiCreateBrandRequest) CreateBrandRequest(createBrandRequest CreateBrandRequest) ApiCreateBrandRequest {
+	r.createBrandRequest = &createBrandRequest
+	return r
+}
+
+func (r ApiCreateBrandRequest) Execute() (*Brand, *APIResponse, error) {
+	return r.ApiService.CreateBrandExecute(r)
+}
+
+/*
+CreateBrand Create a Brand
+
+Creates new brand in your org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateBrandRequest
+*/
+func (a *CustomizationApiService) CreateBrand(ctx context.Context) ApiCreateBrandRequest {
+	return ApiCreateBrandRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Brand
+func (a *CustomizationApiService) CreateBrandExecute(r ApiCreateBrandRequest) (*Brand, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Brand
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.CreateBrand")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.createBrandRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateEmailCustomizationRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	instance     *EmailCustomization
+	retryCount   int32
+}
+
+func (r ApiCreateEmailCustomizationRequest) Instance(instance EmailCustomization) ApiCreateEmailCustomizationRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiCreateEmailCustomizationRequest) Execute() (*EmailCustomization, *APIResponse, error) {
+	return r.ApiService.CreateEmailCustomizationExecute(r)
+}
+
+/*
+CreateEmailCustomization Create an Email Customization
+
+Creates a new email customization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiCreateEmailCustomizationRequest
+*/
+func (a *CustomizationApiService) CreateEmailCustomization(ctx context.Context, brandId string, templateName string) ApiCreateEmailCustomizationRequest {
+	return ApiCreateEmailCustomizationRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailCustomization
+func (a *CustomizationApiService) CreateEmailCustomizationExecute(r ApiCreateEmailCustomizationRequest) (*EmailCustomization, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailCustomization
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.CreateEmailCustomization")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/customizations"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteAllCustomizationsRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	retryCount   int32
+}
+
+func (r ApiDeleteAllCustomizationsRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteAllCustomizationsExecute(r)
+}
+
+/*
+DeleteAllCustomizations Delete all Email Customizations
+
+Deletes all customizations for an email template
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiDeleteAllCustomizationsRequest
+*/
+func (a *CustomizationApiService) DeleteAllCustomizations(ctx context.Context, brandId string, templateName string) ApiDeleteAllCustomizationsRequest {
+	return ApiDeleteAllCustomizationsRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) DeleteAllCustomizationsExecute(r ApiDeleteAllCustomizationsRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.DeleteAllCustomizations")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/customizations"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteBrandRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiDeleteBrandRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteBrandExecute(r)
+}
+
+/*
+DeleteBrand Delete a brand
+
+Deletes a brand by its unique identifier
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiDeleteBrandRequest
+*/
+func (a *CustomizationApiService) DeleteBrand(ctx context.Context, brandId string) ApiDeleteBrandRequest {
+	return ApiDeleteBrandRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) DeleteBrandExecute(r ApiDeleteBrandRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.DeleteBrand")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteBrandThemeBackgroundImageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	retryCount int32
+}
+
+func (r ApiDeleteBrandThemeBackgroundImageRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteBrandThemeBackgroundImageExecute(r)
+}
+
+/*
+DeleteBrandThemeBackgroundImage Delete the Background Image
+
+Deletes a Theme background image
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiDeleteBrandThemeBackgroundImageRequest
+*/
+func (a *CustomizationApiService) DeleteBrandThemeBackgroundImage(ctx context.Context, brandId string, themeId string) ApiDeleteBrandThemeBackgroundImageRequest {
+	return ApiDeleteBrandThemeBackgroundImageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) DeleteBrandThemeBackgroundImageExecute(r ApiDeleteBrandThemeBackgroundImageRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.DeleteBrandThemeBackgroundImage")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}/background-image"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteBrandThemeFaviconRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	retryCount int32
+}
+
+func (r ApiDeleteBrandThemeFaviconRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteBrandThemeFaviconExecute(r)
+}
+
+/*
+DeleteBrandThemeFavicon Delete the Favicon
+
+Deletes a Theme favicon. The theme will use the default Okta favicon.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiDeleteBrandThemeFaviconRequest
+*/
+func (a *CustomizationApiService) DeleteBrandThemeFavicon(ctx context.Context, brandId string, themeId string) ApiDeleteBrandThemeFaviconRequest {
+	return ApiDeleteBrandThemeFaviconRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) DeleteBrandThemeFaviconExecute(r ApiDeleteBrandThemeFaviconRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.DeleteBrandThemeFavicon")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}/favicon"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteBrandThemeLogoRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	retryCount int32
+}
+
+func (r ApiDeleteBrandThemeLogoRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteBrandThemeLogoExecute(r)
+}
+
+/*
+DeleteBrandThemeLogo Delete the Logo
+
+Deletes a Theme logo. The theme will use the default Okta logo.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiDeleteBrandThemeLogoRequest
+*/
+func (a *CustomizationApiService) DeleteBrandThemeLogo(ctx context.Context, brandId string, themeId string) ApiDeleteBrandThemeLogoRequest {
+	return ApiDeleteBrandThemeLogoRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) DeleteBrandThemeLogoExecute(r ApiDeleteBrandThemeLogoRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.DeleteBrandThemeLogo")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}/logo"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteEmailCustomizationRequest struct {
+	ctx             context.Context
+	ApiService      CustomizationApi
+	brandId         string
+	templateName    string
+	customizationId string
+	retryCount      int32
+}
+
+func (r ApiDeleteEmailCustomizationRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteEmailCustomizationExecute(r)
+}
+
+/*
+DeleteEmailCustomization Delete an Email Customization
+
+Deletes an email customization by its unique identifier
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@param customizationId The ID of the email customization.
+	@return ApiDeleteEmailCustomizationRequest
+*/
+func (a *CustomizationApiService) DeleteEmailCustomization(ctx context.Context, brandId string, templateName string, customizationId string) ApiDeleteEmailCustomizationRequest {
+	return ApiDeleteEmailCustomizationRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		brandId:         brandId,
+		templateName:    templateName,
+		customizationId: customizationId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) DeleteEmailCustomizationExecute(r ApiDeleteEmailCustomizationRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.DeleteEmailCustomization")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"customizationId"+"}", url.PathEscape(parameterToString(r.customizationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetBrandRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetBrandRequest) Execute() (*Brand, *APIResponse, error) {
+	return r.ApiService.GetBrandExecute(r)
+}
+
+/*
+GetBrand Retrieve a Brand
+
+Retrieves a brand by `brandId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetBrandRequest
+*/
+func (a *CustomizationApiService) GetBrand(ctx context.Context, brandId string) ApiGetBrandRequest {
+	return ApiGetBrandRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Brand
+func (a *CustomizationApiService) GetBrandExecute(r ApiGetBrandRequest) (*Brand, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Brand
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetBrand")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetBrandThemeRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	retryCount int32
+}
+
+func (r ApiGetBrandThemeRequest) Execute() (*ThemeResponse, *APIResponse, error) {
+	return r.ApiService.GetBrandThemeExecute(r)
+}
+
+/*
+GetBrandTheme Retrieve a Theme
+
+Retrieves a theme for a brand
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiGetBrandThemeRequest
+*/
+func (a *CustomizationApiService) GetBrandTheme(ctx context.Context, brandId string, themeId string) ApiGetBrandThemeRequest {
+	return ApiGetBrandThemeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ThemeResponse
+func (a *CustomizationApiService) GetBrandThemeExecute(r ApiGetBrandThemeRequest) (*ThemeResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ThemeResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetBrandTheme")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetCustomizationPreviewRequest struct {
+	ctx             context.Context
+	ApiService      CustomizationApi
+	brandId         string
+	templateName    string
+	customizationId string
+	retryCount      int32
+}
+
+func (r ApiGetCustomizationPreviewRequest) Execute() (*EmailPreview, *APIResponse, error) {
+	return r.ApiService.GetCustomizationPreviewExecute(r)
+}
+
+/*
+GetCustomizationPreview Retrieve a Preview of an Email Customization
+
+Retrieves a preview of an email customization. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@param customizationId The ID of the email customization.
+	@return ApiGetCustomizationPreviewRequest
+*/
+func (a *CustomizationApiService) GetCustomizationPreview(ctx context.Context, brandId string, templateName string, customizationId string) ApiGetCustomizationPreviewRequest {
+	return ApiGetCustomizationPreviewRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		brandId:         brandId,
+		templateName:    templateName,
+		customizationId: customizationId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailPreview
+func (a *CustomizationApiService) GetCustomizationPreviewExecute(r ApiGetCustomizationPreviewRequest) (*EmailPreview, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailPreview
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetCustomizationPreview")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"customizationId"+"}", url.PathEscape(parameterToString(r.customizationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetCustomizedErrorPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetCustomizedErrorPageRequest) Execute() (*CustomizablePage, *APIResponse, error) {
+	return r.ApiService.GetCustomizedErrorPageExecute(r)
+}
+
+/*
+GetCustomizedErrorPage Retrieve the Customized Error Page
+
+Retrieves the customized error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetCustomizedErrorPageRequest
+*/
+func (a *CustomizationApiService) GetCustomizedErrorPage(ctx context.Context, brandId string) ApiGetCustomizedErrorPageRequest {
+	return ApiGetCustomizedErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CustomizablePage
+func (a *CustomizationApiService) GetCustomizedErrorPageExecute(r ApiGetCustomizedErrorPageRequest) (*CustomizablePage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CustomizablePage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetCustomizedErrorPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetCustomizedSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetCustomizedSignInPageRequest) Execute() (*SignInPage, *APIResponse, error) {
+	return r.ApiService.GetCustomizedSignInPageExecute(r)
+}
+
+/*
+GetCustomizedSignInPage Retrieve the Customized Sign-in Page
+
+Retrieves the customized sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetCustomizedSignInPageRequest
+*/
+func (a *CustomizationApiService) GetCustomizedSignInPage(ctx context.Context, brandId string) ApiGetCustomizedSignInPageRequest {
+	return ApiGetCustomizedSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SignInPage
+func (a *CustomizationApiService) GetCustomizedSignInPageExecute(r ApiGetCustomizedSignInPageRequest) (*SignInPage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SignInPage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetCustomizedSignInPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetDefaultErrorPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetDefaultErrorPageRequest) Execute() (*CustomizablePage, *APIResponse, error) {
+	return r.ApiService.GetDefaultErrorPageExecute(r)
+}
+
+/*
+GetDefaultErrorPage Retrieve the Default Error Page
+
+Retrieves the default error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetDefaultErrorPageRequest
+*/
+func (a *CustomizationApiService) GetDefaultErrorPage(ctx context.Context, brandId string) ApiGetDefaultErrorPageRequest {
+	return ApiGetDefaultErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CustomizablePage
+func (a *CustomizationApiService) GetDefaultErrorPageExecute(r ApiGetDefaultErrorPageRequest) (*CustomizablePage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CustomizablePage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetDefaultErrorPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error/default"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetDefaultSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetDefaultSignInPageRequest) Execute() (*SignInPage, *APIResponse, error) {
+	return r.ApiService.GetDefaultSignInPageExecute(r)
+}
+
+/*
+GetDefaultSignInPage Retrieve the Default Sign-in Page
+
+Retrieves the default sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetDefaultSignInPageRequest
+*/
+func (a *CustomizationApiService) GetDefaultSignInPage(ctx context.Context, brandId string) ApiGetDefaultSignInPageRequest {
+	return ApiGetDefaultSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SignInPage
+func (a *CustomizationApiService) GetDefaultSignInPageExecute(r ApiGetDefaultSignInPageRequest) (*SignInPage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SignInPage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetDefaultSignInPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/default"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetEmailCustomizationRequest struct {
+	ctx             context.Context
+	ApiService      CustomizationApi
+	brandId         string
+	templateName    string
+	customizationId string
+	retryCount      int32
+}
+
+func (r ApiGetEmailCustomizationRequest) Execute() (*EmailCustomization, *APIResponse, error) {
+	return r.ApiService.GetEmailCustomizationExecute(r)
+}
+
+/*
+GetEmailCustomization Retrieve an Email Customization
+
+Retrieves an email customization by its unique identifier
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@param customizationId The ID of the email customization.
+	@return ApiGetEmailCustomizationRequest
+*/
+func (a *CustomizationApiService) GetEmailCustomization(ctx context.Context, brandId string, templateName string, customizationId string) ApiGetEmailCustomizationRequest {
+	return ApiGetEmailCustomizationRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		brandId:         brandId,
+		templateName:    templateName,
+		customizationId: customizationId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailCustomization
+func (a *CustomizationApiService) GetEmailCustomizationExecute(r ApiGetEmailCustomizationRequest) (*EmailCustomization, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailCustomization
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetEmailCustomization")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"customizationId"+"}", url.PathEscape(parameterToString(r.customizationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetEmailDefaultContentRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	language     *string
+	retryCount   int32
+}
+
+// The language to use for the email. Defaults to the current user&#39;s language if unspecified.
+func (r ApiGetEmailDefaultContentRequest) Language(language string) ApiGetEmailDefaultContentRequest {
+	r.language = &language
+	return r
+}
+
+func (r ApiGetEmailDefaultContentRequest) Execute() (*EmailDefaultContent, *APIResponse, error) {
+	return r.ApiService.GetEmailDefaultContentExecute(r)
+}
+
+/*
+GetEmailDefaultContent Retrieve an Email Template Default Content
+
+Retrieves an email template's default content
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiGetEmailDefaultContentRequest
+*/
+func (a *CustomizationApiService) GetEmailDefaultContent(ctx context.Context, brandId string, templateName string) ApiGetEmailDefaultContentRequest {
+	return ApiGetEmailDefaultContentRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailDefaultContent
+func (a *CustomizationApiService) GetEmailDefaultContentExecute(r ApiGetEmailDefaultContentRequest) (*EmailDefaultContent, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailDefaultContent
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetEmailDefaultContent")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/default-content"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.language != nil {
+		localVarQueryParams.Add("language", parameterToString(*r.language, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetEmailDefaultPreviewRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	language     *string
+	retryCount   int32
+}
+
+// The language to use for the email. Defaults to the current user&#39;s language if unspecified.
+func (r ApiGetEmailDefaultPreviewRequest) Language(language string) ApiGetEmailDefaultPreviewRequest {
+	r.language = &language
+	return r
+}
+
+func (r ApiGetEmailDefaultPreviewRequest) Execute() (*EmailPreview, *APIResponse, error) {
+	return r.ApiService.GetEmailDefaultPreviewExecute(r)
+}
+
+/*
+GetEmailDefaultPreview Retrieve a Preview of the Email Template Default Content
+
+Retrieves a preview of an email template's default content. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiGetEmailDefaultPreviewRequest
+*/
+func (a *CustomizationApiService) GetEmailDefaultPreview(ctx context.Context, brandId string, templateName string) ApiGetEmailDefaultPreviewRequest {
+	return ApiGetEmailDefaultPreviewRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailPreview
+func (a *CustomizationApiService) GetEmailDefaultPreviewExecute(r ApiGetEmailDefaultPreviewRequest) (*EmailPreview, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailPreview
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetEmailDefaultPreview")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.language != nil {
+		localVarQueryParams.Add("language", parameterToString(*r.language, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetEmailSettingsRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	retryCount   int32
+}
+
+func (r ApiGetEmailSettingsRequest) Execute() (*EmailSettings, *APIResponse, error) {
+	return r.ApiService.GetEmailSettingsExecute(r)
+}
+
+/*
+GetEmailSettings Retrieve the Email Template Settings
+
+Retrieves an email template's settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiGetEmailSettingsRequest
+*/
+func (a *CustomizationApiService) GetEmailSettings(ctx context.Context, brandId string, templateName string) ApiGetEmailSettingsRequest {
+	return ApiGetEmailSettingsRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailSettings
+func (a *CustomizationApiService) GetEmailSettingsExecute(r ApiGetEmailSettingsRequest) (*EmailSettings, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailSettings
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetEmailSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/settings"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetEmailTemplateRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	expand       *[]string
+	retryCount   int32
+}
+
+// Specifies additional metadata to be included in the response.
+func (r ApiGetEmailTemplateRequest) Expand(expand []string) ApiGetEmailTemplateRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetEmailTemplateRequest) Execute() (*EmailTemplate, *APIResponse, error) {
+	return r.ApiService.GetEmailTemplateExecute(r)
+}
+
+/*
+GetEmailTemplate Retrieve an Email Template
+
+Retrieves the details of an email template by name
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiGetEmailTemplateRequest
+*/
+func (a *CustomizationApiService) GetEmailTemplate(ctx context.Context, brandId string, templateName string) ApiGetEmailTemplateRequest {
+	return ApiGetEmailTemplateRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailTemplate
+func (a *CustomizationApiService) GetEmailTemplateExecute(r ApiGetEmailTemplateRequest) (*EmailTemplate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailTemplate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetEmailTemplate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetErrorPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	expand     *[]string
+	retryCount int32
+}
+
+// Specifies additional metadata to be included in the response.
+func (r ApiGetErrorPageRequest) Expand(expand []string) ApiGetErrorPageRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetErrorPageRequest) Execute() (*PageRoot, *APIResponse, error) {
+	return r.ApiService.GetErrorPageExecute(r)
+}
+
+/*
+GetErrorPage Retrieve the Error Page
+
+Retrieves the error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetErrorPageRequest
+*/
+func (a *CustomizationApiService) GetErrorPage(ctx context.Context, brandId string) ApiGetErrorPageRequest {
+	return ApiGetErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return PageRoot
+func (a *CustomizationApiService) GetErrorPageExecute(r ApiGetErrorPageRequest) (*PageRoot, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *PageRoot
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetErrorPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetPreviewErrorPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetPreviewErrorPageRequest) Execute() (*CustomizablePage, *APIResponse, error) {
+	return r.ApiService.GetPreviewErrorPageExecute(r)
+}
+
+/*
+GetPreviewErrorPage Retrieve the Preview Error Page Preview
+
+Retrieves the preview error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetPreviewErrorPageRequest
+*/
+func (a *CustomizationApiService) GetPreviewErrorPage(ctx context.Context, brandId string) ApiGetPreviewErrorPageRequest {
+	return ApiGetPreviewErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CustomizablePage
+func (a *CustomizationApiService) GetPreviewErrorPageExecute(r ApiGetPreviewErrorPageRequest) (*CustomizablePage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CustomizablePage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetPreviewErrorPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetPreviewSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetPreviewSignInPageRequest) Execute() (*SignInPage, *APIResponse, error) {
+	return r.ApiService.GetPreviewSignInPageExecute(r)
+}
+
+/*
+GetPreviewSignInPage Retrieve the Preview Sign-in Page Preview
+
+Retrieves the preview sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetPreviewSignInPageRequest
+*/
+func (a *CustomizationApiService) GetPreviewSignInPage(ctx context.Context, brandId string) ApiGetPreviewSignInPageRequest {
+	return ApiGetPreviewSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SignInPage
+func (a *CustomizationApiService) GetPreviewSignInPageExecute(r ApiGetPreviewSignInPageRequest) (*SignInPage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SignInPage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetPreviewSignInPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	expand     *[]string
+	retryCount int32
+}
+
+// Specifies additional metadata to be included in the response.
+func (r ApiGetSignInPageRequest) Expand(expand []string) ApiGetSignInPageRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetSignInPageRequest) Execute() (*PageRoot, *APIResponse, error) {
+	return r.ApiService.GetSignInPageExecute(r)
+}
+
+/*
+GetSignInPage Retrieve the Sign-in Page
+
+Retrieves the sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetSignInPageRequest
+*/
+func (a *CustomizationApiService) GetSignInPage(ctx context.Context, brandId string) ApiGetSignInPageRequest {
+	return ApiGetSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return PageRoot
+func (a *CustomizationApiService) GetSignInPageExecute(r ApiGetSignInPageRequest) (*PageRoot, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *PageRoot
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetSignInPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetSignOutPageSettingsRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiGetSignOutPageSettingsRequest) Execute() (*HostedPage, *APIResponse, error) {
+	return r.ApiService.GetSignOutPageSettingsExecute(r)
+}
+
+/*
+GetSignOutPageSettings Retrieve the Sign-out Page Settings
+
+Retrieves the sign-out page settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiGetSignOutPageSettingsRequest
+*/
+func (a *CustomizationApiService) GetSignOutPageSettings(ctx context.Context, brandId string) ApiGetSignOutPageSettingsRequest {
+	return ApiGetSignOutPageSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return HostedPage
+func (a *CustomizationApiService) GetSignOutPageSettingsExecute(r ApiGetSignOutPageSettingsRequest) (*HostedPage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *HostedPage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.GetSignOutPageSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-out/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiLinkBrandDomainRequest struct {
+	ctx                      context.Context
+	ApiService               CustomizationApi
+	brandId                  string
+	createBrandDomainRequest *CreateBrandDomainRequest
+	retryCount               int32
+}
+
+func (r ApiLinkBrandDomainRequest) CreateBrandDomainRequest(createBrandDomainRequest CreateBrandDomainRequest) ApiLinkBrandDomainRequest {
+	r.createBrandDomainRequest = &createBrandDomainRequest
+	return r
+}
+
+func (r ApiLinkBrandDomainRequest) Execute() (*BrandDomain, *APIResponse, error) {
+	return r.ApiService.LinkBrandDomainExecute(r)
+}
+
+/*
+LinkBrandDomain Link a Brand to a Domain
+
+Links a brand to a domain by `domainId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiLinkBrandDomainRequest
+*/
+func (a *CustomizationApiService) LinkBrandDomain(ctx context.Context, brandId string) ApiLinkBrandDomainRequest {
+	return ApiLinkBrandDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return BrandDomain
+func (a *CustomizationApiService) LinkBrandDomainExecute(r ApiLinkBrandDomainRequest) (*BrandDomain, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *BrandDomain
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.LinkBrandDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/domains"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.createBrandDomainRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAllSignInWidgetVersionsRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiListAllSignInWidgetVersionsRequest) Execute() ([]string, *APIResponse, error) {
+	return r.ApiService.ListAllSignInWidgetVersionsExecute(r)
+}
+
+/*
+ListAllSignInWidgetVersions List all Sign-in Widget Versions
+
+Lists all sign-in widget versions
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiListAllSignInWidgetVersionsRequest
+*/
+func (a *CustomizationApiService) ListAllSignInWidgetVersions(ctx context.Context, brandId string) ApiListAllSignInWidgetVersionsRequest {
+	return ApiListAllSignInWidgetVersionsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []string
+func (a *CustomizationApiService) ListAllSignInWidgetVersionsExecute(r ApiListAllSignInWidgetVersionsRequest) ([]string, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []string
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ListAllSignInWidgetVersions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/widget-versions"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListBrandDomainsRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiListBrandDomainsRequest) Execute() ([]DomainResponse, *APIResponse, error) {
+	return r.ApiService.ListBrandDomainsExecute(r)
+}
+
+/*
+ListBrandDomains List all Domains associated with a Brand
+
+Lists all domains associated with a brand by `brandId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiListBrandDomainsRequest
+*/
+func (a *CustomizationApiService) ListBrandDomains(ctx context.Context, brandId string) ApiListBrandDomainsRequest {
+	return ApiListBrandDomainsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []DomainResponse
+func (a *CustomizationApiService) ListBrandDomainsExecute(r ApiListBrandDomainsRequest) ([]DomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []DomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ListBrandDomains")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/domains"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListBrandThemesRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiListBrandThemesRequest) Execute() ([]ThemeResponse, *APIResponse, error) {
+	return r.ApiService.ListBrandThemesExecute(r)
+}
+
+/*
+ListBrandThemes List all Themes
+
+Lists all the themes in your brand
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiListBrandThemesRequest
+*/
+func (a *CustomizationApiService) ListBrandThemes(ctx context.Context, brandId string) ApiListBrandThemesRequest {
+	return ApiListBrandThemesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ThemeResponse
+func (a *CustomizationApiService) ListBrandThemesExecute(r ApiListBrandThemesRequest) ([]ThemeResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ThemeResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ListBrandThemes")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListBrandsRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	retryCount int32
+}
+
+func (r ApiListBrandsRequest) Execute() ([]Brand, *APIResponse, error) {
+	return r.ApiService.ListBrandsExecute(r)
+}
+
+/*
+ListBrands List all Brands
+
+Lists all the brands in your org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListBrandsRequest
+*/
+func (a *CustomizationApiService) ListBrands(ctx context.Context) ApiListBrandsRequest {
+	return ApiListBrandsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Brand
+func (a *CustomizationApiService) ListBrandsExecute(r ApiListBrandsRequest) ([]Brand, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Brand
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ListBrands")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListEmailCustomizationsRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	after        *string
+	limit        *int32
+	retryCount   int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListEmailCustomizationsRequest) After(after string) ApiListEmailCustomizationsRequest {
+	r.after = &after
+	return r
+}
+
+// A limit on the number of objects to return.
+func (r ApiListEmailCustomizationsRequest) Limit(limit int32) ApiListEmailCustomizationsRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListEmailCustomizationsRequest) Execute() ([]EmailCustomization, *APIResponse, error) {
+	return r.ApiService.ListEmailCustomizationsExecute(r)
+}
+
+/*
+ListEmailCustomizations List all Email Customizations
+
+Lists all customizations of an email template
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiListEmailCustomizationsRequest
+*/
+func (a *CustomizationApiService) ListEmailCustomizations(ctx context.Context, brandId string, templateName string) ApiListEmailCustomizationsRequest {
+	return ApiListEmailCustomizationsRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []EmailCustomization
+func (a *CustomizationApiService) ListEmailCustomizationsExecute(r ApiListEmailCustomizationsRequest) ([]EmailCustomization, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []EmailCustomization
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ListEmailCustomizations")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/customizations"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListEmailTemplatesRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	after      *string
+	limit      *int32
+	expand     *[]string
+	retryCount int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListEmailTemplatesRequest) After(after string) ApiListEmailTemplatesRequest {
+	r.after = &after
+	return r
+}
+
+// A limit on the number of objects to return.
+func (r ApiListEmailTemplatesRequest) Limit(limit int32) ApiListEmailTemplatesRequest {
+	r.limit = &limit
+	return r
+}
+
+// Specifies additional metadata to be included in the response.
+func (r ApiListEmailTemplatesRequest) Expand(expand []string) ApiListEmailTemplatesRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListEmailTemplatesRequest) Execute() ([]EmailTemplate, *APIResponse, error) {
+	return r.ApiService.ListEmailTemplatesExecute(r)
+}
+
+/*
+ListEmailTemplates List all Email Templates
+
+Lists all email templates
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiListEmailTemplatesRequest
+*/
+func (a *CustomizationApiService) ListEmailTemplates(ctx context.Context, brandId string) ApiListEmailTemplatesRequest {
+	return ApiListEmailTemplatesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []EmailTemplate
+func (a *CustomizationApiService) ListEmailTemplatesExecute(r ApiListEmailTemplatesRequest) ([]EmailTemplate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []EmailTemplate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ListEmailTemplates")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceBrandRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	brand      *BrandRequest
+	retryCount int32
+}
+
+func (r ApiReplaceBrandRequest) Brand(brand BrandRequest) ApiReplaceBrandRequest {
+	r.brand = &brand
+	return r
+}
+
+func (r ApiReplaceBrandRequest) Execute() (*Brand, *APIResponse, error) {
+	return r.ApiService.ReplaceBrandExecute(r)
+}
+
+/*
+ReplaceBrand Replace a Brand
+
+Replaces a brand by `brandId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiReplaceBrandRequest
+*/
+func (a *CustomizationApiService) ReplaceBrand(ctx context.Context, brandId string) ApiReplaceBrandRequest {
+	return ApiReplaceBrandRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Brand
+func (a *CustomizationApiService) ReplaceBrandExecute(r ApiReplaceBrandRequest) (*Brand, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Brand
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplaceBrand")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.brand == nil {
+		return localVarReturnValue, nil, reportError("brand is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.brand
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceBrandThemeRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	theme      *Theme
+	retryCount int32
+}
+
+func (r ApiReplaceBrandThemeRequest) Theme(theme Theme) ApiReplaceBrandThemeRequest {
+	r.theme = &theme
+	return r
+}
+
+func (r ApiReplaceBrandThemeRequest) Execute() (*ThemeResponse, *APIResponse, error) {
+	return r.ApiService.ReplaceBrandThemeExecute(r)
+}
+
+/*
+ReplaceBrandTheme Replace a Theme
+
+Replaces a theme for a brand
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiReplaceBrandThemeRequest
+*/
+func (a *CustomizationApiService) ReplaceBrandTheme(ctx context.Context, brandId string, themeId string) ApiReplaceBrandThemeRequest {
+	return ApiReplaceBrandThemeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ThemeResponse
+func (a *CustomizationApiService) ReplaceBrandThemeExecute(r ApiReplaceBrandThemeRequest) (*ThemeResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ThemeResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplaceBrandTheme")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.theme == nil {
+		return localVarReturnValue, nil, reportError("theme is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.theme
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceCustomizedErrorPageRequest struct {
+	ctx              context.Context
+	ApiService       CustomizationApi
+	brandId          string
+	customizablePage *CustomizablePage
+	retryCount       int32
+}
+
+func (r ApiReplaceCustomizedErrorPageRequest) CustomizablePage(customizablePage CustomizablePage) ApiReplaceCustomizedErrorPageRequest {
+	r.customizablePage = &customizablePage
+	return r
+}
+
+func (r ApiReplaceCustomizedErrorPageRequest) Execute() (*CustomizablePage, *APIResponse, error) {
+	return r.ApiService.ReplaceCustomizedErrorPageExecute(r)
+}
+
+/*
+ReplaceCustomizedErrorPage Replace the Customized Error Page
+
+Replaces the customized error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiReplaceCustomizedErrorPageRequest
+*/
+func (a *CustomizationApiService) ReplaceCustomizedErrorPage(ctx context.Context, brandId string) ApiReplaceCustomizedErrorPageRequest {
+	return ApiReplaceCustomizedErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CustomizablePage
+func (a *CustomizationApiService) ReplaceCustomizedErrorPageExecute(r ApiReplaceCustomizedErrorPageRequest) (*CustomizablePage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CustomizablePage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplaceCustomizedErrorPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.customizablePage == nil {
+		return localVarReturnValue, nil, reportError("customizablePage is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.customizablePage
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceCustomizedSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	signInPage *SignInPage
+	retryCount int32
+}
+
+func (r ApiReplaceCustomizedSignInPageRequest) SignInPage(signInPage SignInPage) ApiReplaceCustomizedSignInPageRequest {
+	r.signInPage = &signInPage
+	return r
+}
+
+func (r ApiReplaceCustomizedSignInPageRequest) Execute() (*SignInPage, *APIResponse, error) {
+	return r.ApiService.ReplaceCustomizedSignInPageExecute(r)
+}
+
+/*
+ReplaceCustomizedSignInPage Replace the Customized Sign-in Page
+
+Replaces the customized sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiReplaceCustomizedSignInPageRequest
+*/
+func (a *CustomizationApiService) ReplaceCustomizedSignInPage(ctx context.Context, brandId string) ApiReplaceCustomizedSignInPageRequest {
+	return ApiReplaceCustomizedSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SignInPage
+func (a *CustomizationApiService) ReplaceCustomizedSignInPageExecute(r ApiReplaceCustomizedSignInPageRequest) (*SignInPage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SignInPage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplaceCustomizedSignInPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.signInPage == nil {
+		return localVarReturnValue, nil, reportError("signInPage is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.signInPage
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceEmailCustomizationRequest struct {
+	ctx             context.Context
+	ApiService      CustomizationApi
+	brandId         string
+	templateName    string
+	customizationId string
+	instance        *EmailCustomization
+	retryCount      int32
+}
+
+// Request
+func (r ApiReplaceEmailCustomizationRequest) Instance(instance EmailCustomization) ApiReplaceEmailCustomizationRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiReplaceEmailCustomizationRequest) Execute() (*EmailCustomization, *APIResponse, error) {
+	return r.ApiService.ReplaceEmailCustomizationExecute(r)
+}
+
+/*
+ReplaceEmailCustomization Replace an Email Customization
+
+Replaces an existing email customization using the property values provided
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@param customizationId The ID of the email customization.
+	@return ApiReplaceEmailCustomizationRequest
+*/
+func (a *CustomizationApiService) ReplaceEmailCustomization(ctx context.Context, brandId string, templateName string, customizationId string) ApiReplaceEmailCustomizationRequest {
+	return ApiReplaceEmailCustomizationRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		brandId:         brandId,
+		templateName:    templateName,
+		customizationId: customizationId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailCustomization
+func (a *CustomizationApiService) ReplaceEmailCustomizationExecute(r ApiReplaceEmailCustomizationRequest) (*EmailCustomization, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailCustomization
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplaceEmailCustomization")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"customizationId"+"}", url.PathEscape(parameterToString(r.customizationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceEmailSettingsRequest struct {
+	ctx           context.Context
+	ApiService    CustomizationApi
+	brandId       string
+	templateName  string
+	emailSettings *EmailSettings
+	retryCount    int32
+}
+
+func (r ApiReplaceEmailSettingsRequest) EmailSettings(emailSettings EmailSettings) ApiReplaceEmailSettingsRequest {
+	r.emailSettings = &emailSettings
+	return r
+}
+
+func (r ApiReplaceEmailSettingsRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ReplaceEmailSettingsExecute(r)
+}
+
+/*
+ReplaceEmailSettings Replace the Email Template Settings
+
+Replaces an email template's settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiReplaceEmailSettingsRequest
+*/
+func (a *CustomizationApiService) ReplaceEmailSettings(ctx context.Context, brandId string, templateName string) ApiReplaceEmailSettingsRequest {
+	return ApiReplaceEmailSettingsRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) ReplaceEmailSettingsExecute(r ApiReplaceEmailSettingsRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplaceEmailSettings")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/settings"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.emailSettings
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 422 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiReplacePreviewErrorPageRequest struct {
+	ctx              context.Context
+	ApiService       CustomizationApi
+	brandId          string
+	customizablePage *CustomizablePage
+	retryCount       int32
+}
+
+func (r ApiReplacePreviewErrorPageRequest) CustomizablePage(customizablePage CustomizablePage) ApiReplacePreviewErrorPageRequest {
+	r.customizablePage = &customizablePage
+	return r
+}
+
+func (r ApiReplacePreviewErrorPageRequest) Execute() (*CustomizablePage, *APIResponse, error) {
+	return r.ApiService.ReplacePreviewErrorPageExecute(r)
+}
+
+/*
+ReplacePreviewErrorPage Replace the Preview Error Page
+
+Replaces the preview error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiReplacePreviewErrorPageRequest
+*/
+func (a *CustomizationApiService) ReplacePreviewErrorPage(ctx context.Context, brandId string) ApiReplacePreviewErrorPageRequest {
+	return ApiReplacePreviewErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return CustomizablePage
+func (a *CustomizationApiService) ReplacePreviewErrorPageExecute(r ApiReplacePreviewErrorPageRequest) (*CustomizablePage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *CustomizablePage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplacePreviewErrorPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.customizablePage == nil {
+		return localVarReturnValue, nil, reportError("customizablePage is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.customizablePage
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplacePreviewSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	signInPage *SignInPage
+	retryCount int32
+}
+
+func (r ApiReplacePreviewSignInPageRequest) SignInPage(signInPage SignInPage) ApiReplacePreviewSignInPageRequest {
+	r.signInPage = &signInPage
+	return r
+}
+
+func (r ApiReplacePreviewSignInPageRequest) Execute() (*SignInPage, *APIResponse, error) {
+	return r.ApiService.ReplacePreviewSignInPageExecute(r)
+}
+
+/*
+ReplacePreviewSignInPage Replace the Preview Sign-in Page
+
+Replaces the preview sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiReplacePreviewSignInPageRequest
+*/
+func (a *CustomizationApiService) ReplacePreviewSignInPage(ctx context.Context, brandId string) ApiReplacePreviewSignInPageRequest {
+	return ApiReplacePreviewSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SignInPage
+func (a *CustomizationApiService) ReplacePreviewSignInPageExecute(r ApiReplacePreviewSignInPageRequest) (*SignInPage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SignInPage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplacePreviewSignInPage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.signInPage == nil {
+		return localVarReturnValue, nil, reportError("signInPage is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.signInPage
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceSignOutPageSettingsRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	hostedPage *HostedPage
+	retryCount int32
+}
+
+func (r ApiReplaceSignOutPageSettingsRequest) HostedPage(hostedPage HostedPage) ApiReplaceSignOutPageSettingsRequest {
+	r.hostedPage = &hostedPage
+	return r
+}
+
+func (r ApiReplaceSignOutPageSettingsRequest) Execute() (*HostedPage, *APIResponse, error) {
+	return r.ApiService.ReplaceSignOutPageSettingsExecute(r)
+}
+
+/*
+ReplaceSignOutPageSettings Replace the Sign-out Page Settings
+
+Replaces the sign-out page settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiReplaceSignOutPageSettingsRequest
+*/
+func (a *CustomizationApiService) ReplaceSignOutPageSettings(ctx context.Context, brandId string) ApiReplaceSignOutPageSettingsRequest {
+	return ApiReplaceSignOutPageSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return HostedPage
+func (a *CustomizationApiService) ReplaceSignOutPageSettingsExecute(r ApiReplaceSignOutPageSettingsRequest) (*HostedPage, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *HostedPage
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ReplaceSignOutPageSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-out/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.hostedPage == nil {
+		return localVarReturnValue, nil, reportError("hostedPage is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.hostedPage
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiResetCustomizedErrorPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiResetCustomizedErrorPageRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ResetCustomizedErrorPageExecute(r)
+}
+
+/*
+ResetCustomizedErrorPage Reset the Customized Error Page
+
+Resets the customized error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiResetCustomizedErrorPageRequest
+*/
+func (a *CustomizationApiService) ResetCustomizedErrorPage(ctx context.Context, brandId string) ApiResetCustomizedErrorPageRequest {
+	return ApiResetCustomizedErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) ResetCustomizedErrorPageExecute(r ApiResetCustomizedErrorPageRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ResetCustomizedErrorPage")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiResetCustomizedSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiResetCustomizedSignInPageRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ResetCustomizedSignInPageExecute(r)
+}
+
+/*
+ResetCustomizedSignInPage Reset the Customized Sign-in Page
+
+Resets the customized sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiResetCustomizedSignInPageRequest
+*/
+func (a *CustomizationApiService) ResetCustomizedSignInPage(ctx context.Context, brandId string) ApiResetCustomizedSignInPageRequest {
+	return ApiResetCustomizedSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) ResetCustomizedSignInPageExecute(r ApiResetCustomizedSignInPageRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ResetCustomizedSignInPage")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/customized"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiResetPreviewErrorPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiResetPreviewErrorPageRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ResetPreviewErrorPageExecute(r)
+}
+
+/*
+ResetPreviewErrorPage Reset the Preview Error Page
+
+Resets the preview error page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiResetPreviewErrorPageRequest
+*/
+func (a *CustomizationApiService) ResetPreviewErrorPage(ctx context.Context, brandId string) ApiResetPreviewErrorPageRequest {
+	return ApiResetPreviewErrorPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) ResetPreviewErrorPageExecute(r ApiResetPreviewErrorPageRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ResetPreviewErrorPage")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/error/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiResetPreviewSignInPageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	retryCount int32
+}
+
+func (r ApiResetPreviewSignInPageRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ResetPreviewSignInPageExecute(r)
+}
+
+/*
+ResetPreviewSignInPage Reset the Preview Sign-in Page
+
+Resets the preview sign-in page
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@return ApiResetPreviewSignInPageRequest
+*/
+func (a *CustomizationApiService) ResetPreviewSignInPage(ctx context.Context, brandId string) ApiResetPreviewSignInPageRequest {
+	return ApiResetPreviewSignInPageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) ResetPreviewSignInPageExecute(r ApiResetPreviewSignInPageRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.ResetPreviewSignInPage")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/pages/sign-in/preview"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiSendTestEmailRequest struct {
+	ctx          context.Context
+	ApiService   CustomizationApi
+	brandId      string
+	templateName string
+	language     *string
+	retryCount   int32
+}
+
+// The language to use for the email. Defaults to the current user&#39;s language if unspecified.
+func (r ApiSendTestEmailRequest) Language(language string) ApiSendTestEmailRequest {
+	r.language = &language
+	return r
+}
+
+func (r ApiSendTestEmailRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.SendTestEmailExecute(r)
+}
+
+/*
+SendTestEmail Send a Test Email
+
+Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
+1. The email customization for the language specified in the `language` query parameter.
+2. The email template's default customization.
+3. The email template’s default content, translated to the current user's language.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param templateName The name of the email template.
+	@return ApiSendTestEmailRequest
+*/
+func (a *CustomizationApiService) SendTestEmail(ctx context.Context, brandId string, templateName string) ApiSendTestEmailRequest {
+	return ApiSendTestEmailRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		brandId:      brandId,
+		templateName: templateName,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) SendTestEmailExecute(r ApiSendTestEmailRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.SendTestEmail")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/templates/email/{templateName}/test"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"templateName"+"}", url.PathEscape(parameterToString(r.templateName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.language != nil {
+		localVarQueryParams.Add("language", parameterToString(*r.language, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnlinkBrandDomainRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	domainId   string
+	retryCount int32
+}
+
+func (r ApiUnlinkBrandDomainRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnlinkBrandDomainExecute(r)
+}
+
+/*
+UnlinkBrandDomain Unlink a Brand from a Domain
+
+Unlinks a brand and domain by their identifiers
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param domainId The ID of the domain.
+	@return ApiUnlinkBrandDomainRequest
+*/
+func (a *CustomizationApiService) UnlinkBrandDomain(ctx context.Context, brandId string, domainId string) ApiUnlinkBrandDomainRequest {
+	return ApiUnlinkBrandDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		domainId:   domainId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *CustomizationApiService) UnlinkBrandDomainExecute(r ApiUnlinkBrandDomainRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.UnlinkBrandDomain")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/domains/{domainId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"domainId"+"}", url.PathEscape(parameterToString(r.domainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUploadBrandThemeBackgroundImageRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	file       **os.File
+	retryCount int32
+}
+
+func (r ApiUploadBrandThemeBackgroundImageRequest) File(file *os.File) ApiUploadBrandThemeBackgroundImageRequest {
+	r.file = &file
+	return r
+}
+
+func (r ApiUploadBrandThemeBackgroundImageRequest) Execute() (*ImageUploadResponse, *APIResponse, error) {
+	return r.ApiService.UploadBrandThemeBackgroundImageExecute(r)
+}
+
+/*
+UploadBrandThemeBackgroundImage Upload the Background Image
+
+Uploads and replaces the background image for the theme. The file must be in PNG, JPG, or GIF format and less than 2 MB in size.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiUploadBrandThemeBackgroundImageRequest
+*/
+func (a *CustomizationApiService) UploadBrandThemeBackgroundImage(ctx context.Context, brandId string, themeId string) ApiUploadBrandThemeBackgroundImageRequest {
+	return ApiUploadBrandThemeBackgroundImageRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ImageUploadResponse
+func (a *CustomizationApiService) UploadBrandThemeBackgroundImageExecute(r ApiUploadBrandThemeBackgroundImageRequest) (*ImageUploadResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ImageUploadResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.UploadBrandThemeBackgroundImage")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}/background-image"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.file == nil {
+		return localVarReturnValue, nil, reportError("file is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"multipart/form-data"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	var fileLocalVarFormFileName string
+	var fileLocalVarFileName string
+	var fileLocalVarFileBytes []byte
+
+	fileLocalVarFormFileName = "file"
+
+	fileLocalVarFile := *r.file
+	if fileLocalVarFile != nil {
+		fbs, _ := ioutil.ReadAll(fileLocalVarFile)
+		fileLocalVarFileBytes = fbs
+		fileLocalVarFileName = fileLocalVarFile.Name()
+		fileLocalVarFile.Close()
+	}
+	formFiles = append(formFiles, formFile{fileBytes: fileLocalVarFileBytes, fileName: fileLocalVarFileName, formFileName: fileLocalVarFormFileName})
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUploadBrandThemeFaviconRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	file       **os.File
+	retryCount int32
+}
+
+func (r ApiUploadBrandThemeFaviconRequest) File(file *os.File) ApiUploadBrandThemeFaviconRequest {
+	r.file = &file
+	return r
+}
+
+func (r ApiUploadBrandThemeFaviconRequest) Execute() (*ImageUploadResponse, *APIResponse, error) {
+	return r.ApiService.UploadBrandThemeFaviconExecute(r)
+}
+
+/*
+UploadBrandThemeFavicon Upload the Favicon
+
+Uploads and replaces the favicon for the theme
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiUploadBrandThemeFaviconRequest
+*/
+func (a *CustomizationApiService) UploadBrandThemeFavicon(ctx context.Context, brandId string, themeId string) ApiUploadBrandThemeFaviconRequest {
+	return ApiUploadBrandThemeFaviconRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ImageUploadResponse
+func (a *CustomizationApiService) UploadBrandThemeFaviconExecute(r ApiUploadBrandThemeFaviconRequest) (*ImageUploadResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ImageUploadResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.UploadBrandThemeFavicon")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}/favicon"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.file == nil {
+		return localVarReturnValue, nil, reportError("file is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"multipart/form-data"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	var fileLocalVarFormFileName string
+	var fileLocalVarFileName string
+	var fileLocalVarFileBytes []byte
+
+	fileLocalVarFormFileName = "file"
+
+	fileLocalVarFile := *r.file
+	if fileLocalVarFile != nil {
+		fbs, _ := ioutil.ReadAll(fileLocalVarFile)
+		fileLocalVarFileBytes = fbs
+		fileLocalVarFileName = fileLocalVarFile.Name()
+		fileLocalVarFile.Close()
+	}
+	formFiles = append(formFiles, formFile{fileBytes: fileLocalVarFileBytes, fileName: fileLocalVarFileName, formFileName: fileLocalVarFormFileName})
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUploadBrandThemeLogoRequest struct {
+	ctx        context.Context
+	ApiService CustomizationApi
+	brandId    string
+	themeId    string
+	file       **os.File
+	retryCount int32
+}
+
+func (r ApiUploadBrandThemeLogoRequest) File(file *os.File) ApiUploadBrandThemeLogoRequest {
+	r.file = &file
+	return r
+}
+
+func (r ApiUploadBrandThemeLogoRequest) Execute() (*ImageUploadResponse, *APIResponse, error) {
+	return r.ApiService.UploadBrandThemeLogoExecute(r)
+}
+
+/*
+UploadBrandThemeLogo Upload the Logo
+
+Uploads and replaces the logo for the theme. The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param brandId The ID of the brand.
+	@param themeId The ID of the theme.
+	@return ApiUploadBrandThemeLogoRequest
+*/
+func (a *CustomizationApiService) UploadBrandThemeLogo(ctx context.Context, brandId string, themeId string) ApiUploadBrandThemeLogoRequest {
+	return ApiUploadBrandThemeLogoRequest{
+		ApiService: a,
+		ctx:        ctx,
+		brandId:    brandId,
+		themeId:    themeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ImageUploadResponse
+func (a *CustomizationApiService) UploadBrandThemeLogoExecute(r ApiUploadBrandThemeLogoRequest) (*ImageUploadResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ImageUploadResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "CustomizationApiService.UploadBrandThemeLogo")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/brands/{brandId}/themes/{themeId}/logo"
+	localVarPath = strings.Replace(localVarPath, "{"+"brandId"+"}", url.PathEscape(parameterToString(r.brandId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"themeId"+"}", url.PathEscape(parameterToString(r.themeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.file == nil {
+		return localVarReturnValue, nil, reportError("file is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"multipart/form-data"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	var fileLocalVarFormFileName string
+	var fileLocalVarFileName string
+	var fileLocalVarFileBytes []byte
+
+	fileLocalVarFormFileName = "file"
+
+	fileLocalVarFile := *r.file
+	if fileLocalVarFile != nil {
+		fbs, _ := ioutil.ReadAll(fileLocalVarFile)
+		fileLocalVarFileBytes = fbs
+		fileLocalVarFileName = fileLocalVarFile.Name()
+		fileLocalVarFile.Close()
+	}
+	formFiles = append(formFiles, formFile{fileBytes: fileLocalVarFileBytes, fileName: fileLocalVarFileName, formFileName: fileLocalVarFormFileName})
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_device.go b/okta/api_device.go
new file mode 100644
index 000000000..0e392b6b2
--- /dev/null
+++ b/okta/api_device.go
@@ -0,0 +1,1266 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type DeviceApi interface {
+	/*
+		ActivateDevice Activate a Device
+
+		Activates a device by `deviceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceId `id` of the device
+		@return ApiActivateDeviceRequest
+	*/
+	ActivateDevice(ctx context.Context, deviceId string) ApiActivateDeviceRequest
+
+	// ActivateDeviceExecute executes the request
+	ActivateDeviceExecute(r ApiActivateDeviceRequest) (*APIResponse, error)
+
+	/*
+		DeactivateDevice Deactivate a Device
+
+		Deactivates a device by `deviceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceId `id` of the device
+		@return ApiDeactivateDeviceRequest
+	*/
+	DeactivateDevice(ctx context.Context, deviceId string) ApiDeactivateDeviceRequest
+
+	// DeactivateDeviceExecute executes the request
+	DeactivateDeviceExecute(r ApiDeactivateDeviceRequest) (*APIResponse, error)
+
+	/*
+		DeleteDevice Delete a Device
+
+		Deletes a device by `deviceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceId `id` of the device
+		@return ApiDeleteDeviceRequest
+	*/
+	DeleteDevice(ctx context.Context, deviceId string) ApiDeleteDeviceRequest
+
+	// DeleteDeviceExecute executes the request
+	DeleteDeviceExecute(r ApiDeleteDeviceRequest) (*APIResponse, error)
+
+	/*
+		GetDevice Retrieve a Device
+
+		Retrieves a device by `deviceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceId `id` of the device
+		@return ApiGetDeviceRequest
+	*/
+	GetDevice(ctx context.Context, deviceId string) ApiGetDeviceRequest
+
+	// GetDeviceExecute executes the request
+	//  @return Device
+	GetDeviceExecute(r ApiGetDeviceRequest) (*Device, *APIResponse, error)
+
+	/*
+			ListDevices List all Devices
+
+			Lists all devices with pagination support.
+
+		A subset of Devices can be returned that match a supported search criteria using the `search` query parameter.
+
+		Searches for devices based on the properties specified in the `search` parameter conforming SCIM filter specifications (case-insensitive). This data is eventually consistent. The API returns different results depending on specified queries in the request. Empty list is returned if no objects match `search` request.
+
+		> **Note:** Listing devices with `search` should not be used as a part of any critical flows—such as authentication or updates—to prevent potential data loss. `search` results may not reflect the latest information, as this endpoint uses a search index which may not be up-to-date with recent updates to the object. <br> Don't use search results directly for record updates, as the data might be stale and therefore overwrite newer data, resulting in data loss. <br> Use an `id` lookup for records that you update to ensure your results contain the latest data.
+
+		This operation equires [URL encoding](http://en.wikipedia.org/wiki/Percent-encoding). For example, `search=profile.displayName eq "Bob"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`.
+
+			@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			@return ApiListDevicesRequest
+	*/
+	ListDevices(ctx context.Context) ApiListDevicesRequest
+
+	// ListDevicesExecute executes the request
+	//  @return []Device
+	ListDevicesExecute(r ApiListDevicesRequest) ([]Device, *APIResponse, error)
+
+	/*
+		SuspendDevice Suspend a Device
+
+		Suspends a device by `deviceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceId `id` of the device
+		@return ApiSuspendDeviceRequest
+	*/
+	SuspendDevice(ctx context.Context, deviceId string) ApiSuspendDeviceRequest
+
+	// SuspendDeviceExecute executes the request
+	SuspendDeviceExecute(r ApiSuspendDeviceRequest) (*APIResponse, error)
+
+	/*
+		UnsuspendDevice Unsuspend a Device
+
+		Unsuspends a device by `deviceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceId `id` of the device
+		@return ApiUnsuspendDeviceRequest
+	*/
+	UnsuspendDevice(ctx context.Context, deviceId string) ApiUnsuspendDeviceRequest
+
+	// UnsuspendDeviceExecute executes the request
+	UnsuspendDeviceExecute(r ApiUnsuspendDeviceRequest) (*APIResponse, error)
+}
+
+// DeviceApiService DeviceApi service
+type DeviceApiService service
+
+type ApiActivateDeviceRequest struct {
+	ctx        context.Context
+	ApiService DeviceApi
+	deviceId   string
+	retryCount int32
+}
+
+func (r ApiActivateDeviceRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivateDeviceExecute(r)
+}
+
+/*
+ActivateDevice Activate a Device
+
+Activates a device by `deviceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceId `id` of the device
+	@return ApiActivateDeviceRequest
+*/
+func (a *DeviceApiService) ActivateDevice(ctx context.Context, deviceId string) ApiActivateDeviceRequest {
+	return ApiActivateDeviceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		deviceId:   deviceId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *DeviceApiService) ActivateDeviceExecute(r ApiActivateDeviceRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceApiService.ActivateDevice")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/devices/{deviceId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceId"+"}", url.PathEscape(parameterToString(r.deviceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeactivateDeviceRequest struct {
+	ctx        context.Context
+	ApiService DeviceApi
+	deviceId   string
+	retryCount int32
+}
+
+func (r ApiDeactivateDeviceRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateDeviceExecute(r)
+}
+
+/*
+DeactivateDevice Deactivate a Device
+
+Deactivates a device by `deviceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceId `id` of the device
+	@return ApiDeactivateDeviceRequest
+*/
+func (a *DeviceApiService) DeactivateDevice(ctx context.Context, deviceId string) ApiDeactivateDeviceRequest {
+	return ApiDeactivateDeviceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		deviceId:   deviceId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *DeviceApiService) DeactivateDeviceExecute(r ApiDeactivateDeviceRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceApiService.DeactivateDevice")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/devices/{deviceId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceId"+"}", url.PathEscape(parameterToString(r.deviceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteDeviceRequest struct {
+	ctx        context.Context
+	ApiService DeviceApi
+	deviceId   string
+	retryCount int32
+}
+
+func (r ApiDeleteDeviceRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteDeviceExecute(r)
+}
+
+/*
+DeleteDevice Delete a Device
+
+Deletes a device by `deviceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceId `id` of the device
+	@return ApiDeleteDeviceRequest
+*/
+func (a *DeviceApiService) DeleteDevice(ctx context.Context, deviceId string) ApiDeleteDeviceRequest {
+	return ApiDeleteDeviceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		deviceId:   deviceId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *DeviceApiService) DeleteDeviceExecute(r ApiDeleteDeviceRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceApiService.DeleteDevice")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/devices/{deviceId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceId"+"}", url.PathEscape(parameterToString(r.deviceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetDeviceRequest struct {
+	ctx        context.Context
+	ApiService DeviceApi
+	deviceId   string
+	retryCount int32
+}
+
+func (r ApiGetDeviceRequest) Execute() (*Device, *APIResponse, error) {
+	return r.ApiService.GetDeviceExecute(r)
+}
+
+/*
+GetDevice Retrieve a Device
+
+Retrieves a device by `deviceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceId `id` of the device
+	@return ApiGetDeviceRequest
+*/
+func (a *DeviceApiService) GetDevice(ctx context.Context, deviceId string) ApiGetDeviceRequest {
+	return ApiGetDeviceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		deviceId:   deviceId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Device
+func (a *DeviceApiService) GetDeviceExecute(r ApiGetDeviceRequest) (*Device, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Device
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceApiService.GetDevice")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/devices/{deviceId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceId"+"}", url.PathEscape(parameterToString(r.deviceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListDevicesRequest struct {
+	ctx        context.Context
+	ApiService DeviceApi
+	after      *string
+	limit      *int32
+	search     *string
+	retryCount int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListDevicesRequest) After(after string) ApiListDevicesRequest {
+	r.after = &after
+	return r
+}
+
+// A limit on the number of objects to return.
+func (r ApiListDevicesRequest) Limit(limit int32) ApiListDevicesRequest {
+	r.limit = &limit
+	return r
+}
+
+// SCIM filter expression that filters the results. Searches include all Device &#x60;profile&#x60; properties, as well as the Device &#x60;id&#x60;, &#x60;status&#x60; and &#x60;lastUpdated&#x60; properties.
+func (r ApiListDevicesRequest) Search(search string) ApiListDevicesRequest {
+	r.search = &search
+	return r
+}
+
+func (r ApiListDevicesRequest) Execute() ([]Device, *APIResponse, error) {
+	return r.ApiService.ListDevicesExecute(r)
+}
+
+/*
+ListDevices List all Devices
+
+Lists all devices with pagination support.
+
+A subset of Devices can be returned that match a supported search criteria using the `search` query parameter.
+
+Searches for devices based on the properties specified in the `search` parameter conforming SCIM filter specifications (case-insensitive). This data is eventually consistent. The API returns different results depending on specified queries in the request. Empty list is returned if no objects match `search` request.
+
+> **Note:** Listing devices with `search` should not be used as a part of any critical flows—such as authentication or updates—to prevent potential data loss. `search` results may not reflect the latest information, as this endpoint uses a search index which may not be up-to-date with recent updates to the object. <br> Don't use search results directly for record updates, as the data might be stale and therefore overwrite newer data, resulting in data loss. <br> Use an `id` lookup for records that you update to ensure your results contain the latest data.
+
+This operation equires [URL encoding](http://en.wikipedia.org/wiki/Percent-encoding). For example, `search=profile.displayName eq "Bob"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListDevicesRequest
+*/
+func (a *DeviceApiService) ListDevices(ctx context.Context) ApiListDevicesRequest {
+	return ApiListDevicesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Device
+func (a *DeviceApiService) ListDevicesExecute(r ApiListDevicesRequest) ([]Device, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Device
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceApiService.ListDevices")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/devices"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.search != nil {
+		localVarQueryParams.Add("search", parameterToString(*r.search, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiSuspendDeviceRequest struct {
+	ctx        context.Context
+	ApiService DeviceApi
+	deviceId   string
+	retryCount int32
+}
+
+func (r ApiSuspendDeviceRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.SuspendDeviceExecute(r)
+}
+
+/*
+SuspendDevice Suspend a Device
+
+Suspends a device by `deviceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceId `id` of the device
+	@return ApiSuspendDeviceRequest
+*/
+func (a *DeviceApiService) SuspendDevice(ctx context.Context, deviceId string) ApiSuspendDeviceRequest {
+	return ApiSuspendDeviceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		deviceId:   deviceId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *DeviceApiService) SuspendDeviceExecute(r ApiSuspendDeviceRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceApiService.SuspendDevice")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/devices/{deviceId}/lifecycle/suspend"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceId"+"}", url.PathEscape(parameterToString(r.deviceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnsuspendDeviceRequest struct {
+	ctx        context.Context
+	ApiService DeviceApi
+	deviceId   string
+	retryCount int32
+}
+
+func (r ApiUnsuspendDeviceRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnsuspendDeviceExecute(r)
+}
+
+/*
+UnsuspendDevice Unsuspend a Device
+
+Unsuspends a device by `deviceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceId `id` of the device
+	@return ApiUnsuspendDeviceRequest
+*/
+func (a *DeviceApiService) UnsuspendDevice(ctx context.Context, deviceId string) ApiUnsuspendDeviceRequest {
+	return ApiUnsuspendDeviceRequest{
+		ApiService: a,
+		ctx:        ctx,
+		deviceId:   deviceId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *DeviceApiService) UnsuspendDeviceExecute(r ApiUnsuspendDeviceRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceApiService.UnsuspendDevice")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/devices/{deviceId}/lifecycle/unsuspend"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceId"+"}", url.PathEscape(parameterToString(r.deviceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_device_assurance.go b/okta/api_device_assurance.go
new file mode 100644
index 000000000..c266c0b21
--- /dev/null
+++ b/okta/api_device_assurance.go
@@ -0,0 +1,955 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type DeviceAssuranceApi interface {
+	/*
+		CreateDeviceAssurancePolicy Create a Device Assurance Policy
+
+		Creates a new Device Assurance Policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateDeviceAssurancePolicyRequest
+	*/
+	CreateDeviceAssurancePolicy(ctx context.Context) ApiCreateDeviceAssurancePolicyRequest
+
+	// CreateDeviceAssurancePolicyExecute executes the request
+	//  @return ListDeviceAssurancePolicies200ResponseInner
+	CreateDeviceAssurancePolicyExecute(r ApiCreateDeviceAssurancePolicyRequest) (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		DeleteDeviceAssurancePolicy Delete a Device Assurance Policy
+
+		Deletes a Device Assurance Policy by `deviceAssuranceId`. If the Device Assurance Policy is currently being used in the org Authentication Policies, the delete will not be allowed.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceAssuranceId Id of the Device Assurance Policy
+		@return ApiDeleteDeviceAssurancePolicyRequest
+	*/
+	DeleteDeviceAssurancePolicy(ctx context.Context, deviceAssuranceId string) ApiDeleteDeviceAssurancePolicyRequest
+
+	// DeleteDeviceAssurancePolicyExecute executes the request
+	DeleteDeviceAssurancePolicyExecute(r ApiDeleteDeviceAssurancePolicyRequest) (*APIResponse, error)
+
+	/*
+		GetDeviceAssurancePolicy Retrieve a Device Assurance Policy
+
+		Retrieves a Device Assurance Policy by `deviceAssuranceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceAssuranceId Id of the Device Assurance Policy
+		@return ApiGetDeviceAssurancePolicyRequest
+	*/
+	GetDeviceAssurancePolicy(ctx context.Context, deviceAssuranceId string) ApiGetDeviceAssurancePolicyRequest
+
+	// GetDeviceAssurancePolicyExecute executes the request
+	//  @return ListDeviceAssurancePolicies200ResponseInner
+	GetDeviceAssurancePolicyExecute(r ApiGetDeviceAssurancePolicyRequest) (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		ListDeviceAssurancePolicies List all Device Assurance Policies
+
+		Lists all device assurance policies
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListDeviceAssurancePoliciesRequest
+	*/
+	ListDeviceAssurancePolicies(ctx context.Context) ApiListDeviceAssurancePoliciesRequest
+
+	// ListDeviceAssurancePoliciesExecute executes the request
+	//  @return []ListDeviceAssurancePolicies200ResponseInner
+	ListDeviceAssurancePoliciesExecute(r ApiListDeviceAssurancePoliciesRequest) ([]ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		ReplaceDeviceAssurancePolicy Replace a Device Assurance Policy
+
+		Replaces a Device Assurance Policy by `deviceAssuranceId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param deviceAssuranceId Id of the Device Assurance Policy
+		@return ApiReplaceDeviceAssurancePolicyRequest
+	*/
+	ReplaceDeviceAssurancePolicy(ctx context.Context, deviceAssuranceId string) ApiReplaceDeviceAssurancePolicyRequest
+
+	// ReplaceDeviceAssurancePolicyExecute executes the request
+	//  @return ListDeviceAssurancePolicies200ResponseInner
+	ReplaceDeviceAssurancePolicyExecute(r ApiReplaceDeviceAssurancePolicyRequest) (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error)
+}
+
+// DeviceAssuranceApiService DeviceAssuranceApi service
+type DeviceAssuranceApiService service
+
+type ApiCreateDeviceAssurancePolicyRequest struct {
+	ctx             context.Context
+	ApiService      DeviceAssuranceApi
+	deviceAssurance *ListDeviceAssurancePolicies200ResponseInner
+	retryCount      int32
+}
+
+func (r ApiCreateDeviceAssurancePolicyRequest) DeviceAssurance(deviceAssurance ListDeviceAssurancePolicies200ResponseInner) ApiCreateDeviceAssurancePolicyRequest {
+	r.deviceAssurance = &deviceAssurance
+	return r
+}
+
+func (r ApiCreateDeviceAssurancePolicyRequest) Execute() (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.CreateDeviceAssurancePolicyExecute(r)
+}
+
+/*
+CreateDeviceAssurancePolicy Create a Device Assurance Policy
+
+Creates a new Device Assurance Policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateDeviceAssurancePolicyRequest
+*/
+func (a *DeviceAssuranceApiService) CreateDeviceAssurancePolicy(ctx context.Context) ApiCreateDeviceAssurancePolicyRequest {
+	return ApiCreateDeviceAssurancePolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListDeviceAssurancePolicies200ResponseInner
+func (a *DeviceAssuranceApiService) CreateDeviceAssurancePolicyExecute(r ApiCreateDeviceAssurancePolicyRequest) (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListDeviceAssurancePolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceAssuranceApiService.CreateDeviceAssurancePolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/device-assurances"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.deviceAssurance == nil {
+		return localVarReturnValue, nil, reportError("deviceAssurance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.deviceAssurance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteDeviceAssurancePolicyRequest struct {
+	ctx               context.Context
+	ApiService        DeviceAssuranceApi
+	deviceAssuranceId string
+	retryCount        int32
+}
+
+func (r ApiDeleteDeviceAssurancePolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteDeviceAssurancePolicyExecute(r)
+}
+
+/*
+DeleteDeviceAssurancePolicy Delete a Device Assurance Policy
+
+Deletes a Device Assurance Policy by `deviceAssuranceId`. If the Device Assurance Policy is currently being used in the org Authentication Policies, the delete will not be allowed.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceAssuranceId Id of the Device Assurance Policy
+	@return ApiDeleteDeviceAssurancePolicyRequest
+*/
+func (a *DeviceAssuranceApiService) DeleteDeviceAssurancePolicy(ctx context.Context, deviceAssuranceId string) ApiDeleteDeviceAssurancePolicyRequest {
+	return ApiDeleteDeviceAssurancePolicyRequest{
+		ApiService:        a,
+		ctx:               ctx,
+		deviceAssuranceId: deviceAssuranceId,
+		retryCount:        0,
+	}
+}
+
+// Execute executes the request
+func (a *DeviceAssuranceApiService) DeleteDeviceAssurancePolicyExecute(r ApiDeleteDeviceAssurancePolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceAssuranceApiService.DeleteDeviceAssurancePolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/device-assurances/{deviceAssuranceId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceAssuranceId"+"}", url.PathEscape(parameterToString(r.deviceAssuranceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetDeviceAssurancePolicyRequest struct {
+	ctx               context.Context
+	ApiService        DeviceAssuranceApi
+	deviceAssuranceId string
+	retryCount        int32
+}
+
+func (r ApiGetDeviceAssurancePolicyRequest) Execute() (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetDeviceAssurancePolicyExecute(r)
+}
+
+/*
+GetDeviceAssurancePolicy Retrieve a Device Assurance Policy
+
+Retrieves a Device Assurance Policy by `deviceAssuranceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceAssuranceId Id of the Device Assurance Policy
+	@return ApiGetDeviceAssurancePolicyRequest
+*/
+func (a *DeviceAssuranceApiService) GetDeviceAssurancePolicy(ctx context.Context, deviceAssuranceId string) ApiGetDeviceAssurancePolicyRequest {
+	return ApiGetDeviceAssurancePolicyRequest{
+		ApiService:        a,
+		ctx:               ctx,
+		deviceAssuranceId: deviceAssuranceId,
+		retryCount:        0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListDeviceAssurancePolicies200ResponseInner
+func (a *DeviceAssuranceApiService) GetDeviceAssurancePolicyExecute(r ApiGetDeviceAssurancePolicyRequest) (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListDeviceAssurancePolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceAssuranceApiService.GetDeviceAssurancePolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/device-assurances/{deviceAssuranceId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceAssuranceId"+"}", url.PathEscape(parameterToString(r.deviceAssuranceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListDeviceAssurancePoliciesRequest struct {
+	ctx        context.Context
+	ApiService DeviceAssuranceApi
+	retryCount int32
+}
+
+func (r ApiListDeviceAssurancePoliciesRequest) Execute() ([]ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListDeviceAssurancePoliciesExecute(r)
+}
+
+/*
+ListDeviceAssurancePolicies List all Device Assurance Policies
+
+Lists all device assurance policies
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListDeviceAssurancePoliciesRequest
+*/
+func (a *DeviceAssuranceApiService) ListDeviceAssurancePolicies(ctx context.Context) ApiListDeviceAssurancePoliciesRequest {
+	return ApiListDeviceAssurancePoliciesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListDeviceAssurancePolicies200ResponseInner
+func (a *DeviceAssuranceApiService) ListDeviceAssurancePoliciesExecute(r ApiListDeviceAssurancePoliciesRequest) ([]ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListDeviceAssurancePolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceAssuranceApiService.ListDeviceAssurancePolicies")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/device-assurances"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceDeviceAssurancePolicyRequest struct {
+	ctx               context.Context
+	ApiService        DeviceAssuranceApi
+	deviceAssuranceId string
+	deviceAssurance   *ListDeviceAssurancePolicies200ResponseInner
+	retryCount        int32
+}
+
+func (r ApiReplaceDeviceAssurancePolicyRequest) DeviceAssurance(deviceAssurance ListDeviceAssurancePolicies200ResponseInner) ApiReplaceDeviceAssurancePolicyRequest {
+	r.deviceAssurance = &deviceAssurance
+	return r
+}
+
+func (r ApiReplaceDeviceAssurancePolicyRequest) Execute() (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ReplaceDeviceAssurancePolicyExecute(r)
+}
+
+/*
+ReplaceDeviceAssurancePolicy Replace a Device Assurance Policy
+
+Replaces a Device Assurance Policy by `deviceAssuranceId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param deviceAssuranceId Id of the Device Assurance Policy
+	@return ApiReplaceDeviceAssurancePolicyRequest
+*/
+func (a *DeviceAssuranceApiService) ReplaceDeviceAssurancePolicy(ctx context.Context, deviceAssuranceId string) ApiReplaceDeviceAssurancePolicyRequest {
+	return ApiReplaceDeviceAssurancePolicyRequest{
+		ApiService:        a,
+		ctx:               ctx,
+		deviceAssuranceId: deviceAssuranceId,
+		retryCount:        0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListDeviceAssurancePolicies200ResponseInner
+func (a *DeviceAssuranceApiService) ReplaceDeviceAssurancePolicyExecute(r ApiReplaceDeviceAssurancePolicyRequest) (*ListDeviceAssurancePolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListDeviceAssurancePolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DeviceAssuranceApiService.ReplaceDeviceAssurancePolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/device-assurances/{deviceAssuranceId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"deviceAssuranceId"+"}", url.PathEscape(parameterToString(r.deviceAssuranceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.deviceAssurance == nil {
+		return localVarReturnValue, nil, reportError("deviceAssurance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.deviceAssurance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_domain.go b/okta/api_domain.go
new file mode 100644
index 000000000..b34d73e69
--- /dev/null
+++ b/okta/api_domain.go
@@ -0,0 +1,1314 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type DomainApi interface {
+	/*
+		CreateDomain Create a Domain
+
+		Creates your domain
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateDomainRequest
+	*/
+	CreateDomain(ctx context.Context) ApiCreateDomainRequest
+
+	// CreateDomainExecute executes the request
+	//  @return DomainResponse
+	CreateDomainExecute(r ApiCreateDomainRequest) (*DomainResponse, *APIResponse, error)
+
+	/*
+		DeleteDomain Delete a Domain
+
+		Deletes a Domain by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param domainId
+		@return ApiDeleteDomainRequest
+	*/
+	DeleteDomain(ctx context.Context, domainId string) ApiDeleteDomainRequest
+
+	// DeleteDomainExecute executes the request
+	DeleteDomainExecute(r ApiDeleteDomainRequest) (*APIResponse, error)
+
+	/*
+		GetDomain Retrieve a Domain
+
+		Retrieves a Domain by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param domainId
+		@return ApiGetDomainRequest
+	*/
+	GetDomain(ctx context.Context, domainId string) ApiGetDomainRequest
+
+	// GetDomainExecute executes the request
+	//  @return DomainResponse
+	GetDomainExecute(r ApiGetDomainRequest) (*DomainResponse, *APIResponse, error)
+
+	/*
+		ListDomains List all Domains
+
+		Lists all verified custom Domains for the org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListDomainsRequest
+	*/
+	ListDomains(ctx context.Context) ApiListDomainsRequest
+
+	// ListDomainsExecute executes the request
+	//  @return DomainListResponse
+	ListDomainsExecute(r ApiListDomainsRequest) (*DomainListResponse, *APIResponse, error)
+
+	/*
+		ReplaceDomain Replace a Domain's brandId
+
+		Replaces a Domain by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param domainId
+		@return ApiReplaceDomainRequest
+	*/
+	ReplaceDomain(ctx context.Context, domainId string) ApiReplaceDomainRequest
+
+	// ReplaceDomainExecute executes the request
+	//  @return DomainResponse
+	ReplaceDomainExecute(r ApiReplaceDomainRequest) (*DomainResponse, *APIResponse, error)
+
+	/*
+		UpsertCertificate Upsert the Certificate
+
+		Creates or replaces the certificate for the domain
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param domainId
+		@return ApiUpsertCertificateRequest
+	*/
+	UpsertCertificate(ctx context.Context, domainId string) ApiUpsertCertificateRequest
+
+	// UpsertCertificateExecute executes the request
+	UpsertCertificateExecute(r ApiUpsertCertificateRequest) (*APIResponse, error)
+
+	/*
+		VerifyDomain Verify a Domain
+
+		Verifies the Domain by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param domainId
+		@return ApiVerifyDomainRequest
+	*/
+	VerifyDomain(ctx context.Context, domainId string) ApiVerifyDomainRequest
+
+	// VerifyDomainExecute executes the request
+	//  @return DomainResponse
+	VerifyDomainExecute(r ApiVerifyDomainRequest) (*DomainResponse, *APIResponse, error)
+}
+
+// DomainApiService DomainApi service
+type DomainApiService service
+
+type ApiCreateDomainRequest struct {
+	ctx        context.Context
+	ApiService DomainApi
+	domain     *Domain
+	retryCount int32
+}
+
+func (r ApiCreateDomainRequest) Domain(domain Domain) ApiCreateDomainRequest {
+	r.domain = &domain
+	return r
+}
+
+func (r ApiCreateDomainRequest) Execute() (*DomainResponse, *APIResponse, error) {
+	return r.ApiService.CreateDomainExecute(r)
+}
+
+/*
+CreateDomain Create a Domain
+
+Creates your domain
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateDomainRequest
+*/
+func (a *DomainApiService) CreateDomain(ctx context.Context) ApiCreateDomainRequest {
+	return ApiCreateDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return DomainResponse
+func (a *DomainApiService) CreateDomainExecute(r ApiCreateDomainRequest) (*DomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *DomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DomainApiService.CreateDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/domains"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.domain == nil {
+		return localVarReturnValue, nil, reportError("domain is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.domain
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteDomainRequest struct {
+	ctx        context.Context
+	ApiService DomainApi
+	domainId   string
+	retryCount int32
+}
+
+func (r ApiDeleteDomainRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteDomainExecute(r)
+}
+
+/*
+DeleteDomain Delete a Domain
+
+Deletes a Domain by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param domainId
+	@return ApiDeleteDomainRequest
+*/
+func (a *DomainApiService) DeleteDomain(ctx context.Context, domainId string) ApiDeleteDomainRequest {
+	return ApiDeleteDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		domainId:   domainId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *DomainApiService) DeleteDomainExecute(r ApiDeleteDomainRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DomainApiService.DeleteDomain")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/domains/{domainId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"domainId"+"}", url.PathEscape(parameterToString(r.domainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetDomainRequest struct {
+	ctx        context.Context
+	ApiService DomainApi
+	domainId   string
+	retryCount int32
+}
+
+func (r ApiGetDomainRequest) Execute() (*DomainResponse, *APIResponse, error) {
+	return r.ApiService.GetDomainExecute(r)
+}
+
+/*
+GetDomain Retrieve a Domain
+
+Retrieves a Domain by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param domainId
+	@return ApiGetDomainRequest
+*/
+func (a *DomainApiService) GetDomain(ctx context.Context, domainId string) ApiGetDomainRequest {
+	return ApiGetDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		domainId:   domainId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return DomainResponse
+func (a *DomainApiService) GetDomainExecute(r ApiGetDomainRequest) (*DomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *DomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DomainApiService.GetDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/domains/{domainId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"domainId"+"}", url.PathEscape(parameterToString(r.domainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListDomainsRequest struct {
+	ctx        context.Context
+	ApiService DomainApi
+	retryCount int32
+}
+
+func (r ApiListDomainsRequest) Execute() (*DomainListResponse, *APIResponse, error) {
+	return r.ApiService.ListDomainsExecute(r)
+}
+
+/*
+ListDomains List all Domains
+
+Lists all verified custom Domains for the org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListDomainsRequest
+*/
+func (a *DomainApiService) ListDomains(ctx context.Context) ApiListDomainsRequest {
+	return ApiListDomainsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return DomainListResponse
+func (a *DomainApiService) ListDomainsExecute(r ApiListDomainsRequest) (*DomainListResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *DomainListResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DomainApiService.ListDomains")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/domains"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceDomainRequest struct {
+	ctx          context.Context
+	ApiService   DomainApi
+	domainId     string
+	updateDomain *UpdateDomain
+	retryCount   int32
+}
+
+func (r ApiReplaceDomainRequest) UpdateDomain(updateDomain UpdateDomain) ApiReplaceDomainRequest {
+	r.updateDomain = &updateDomain
+	return r
+}
+
+func (r ApiReplaceDomainRequest) Execute() (*DomainResponse, *APIResponse, error) {
+	return r.ApiService.ReplaceDomainExecute(r)
+}
+
+/*
+ReplaceDomain Replace a Domain's brandId
+
+Replaces a Domain by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param domainId
+	@return ApiReplaceDomainRequest
+*/
+func (a *DomainApiService) ReplaceDomain(ctx context.Context, domainId string) ApiReplaceDomainRequest {
+	return ApiReplaceDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		domainId:   domainId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return DomainResponse
+func (a *DomainApiService) ReplaceDomainExecute(r ApiReplaceDomainRequest) (*DomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *DomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DomainApiService.ReplaceDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/domains/{domainId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"domainId"+"}", url.PathEscape(parameterToString(r.domainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.updateDomain == nil {
+		return localVarReturnValue, nil, reportError("updateDomain is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.updateDomain
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpsertCertificateRequest struct {
+	ctx         context.Context
+	ApiService  DomainApi
+	domainId    string
+	certificate *DomainCertificate
+	retryCount  int32
+}
+
+func (r ApiUpsertCertificateRequest) Certificate(certificate DomainCertificate) ApiUpsertCertificateRequest {
+	r.certificate = &certificate
+	return r
+}
+
+func (r ApiUpsertCertificateRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UpsertCertificateExecute(r)
+}
+
+/*
+UpsertCertificate Upsert the Certificate
+
+Creates or replaces the certificate for the domain
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param domainId
+	@return ApiUpsertCertificateRequest
+*/
+func (a *DomainApiService) UpsertCertificate(ctx context.Context, domainId string) ApiUpsertCertificateRequest {
+	return ApiUpsertCertificateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		domainId:   domainId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *DomainApiService) UpsertCertificateExecute(r ApiUpsertCertificateRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DomainApiService.UpsertCertificate")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/domains/{domainId}/certificate"
+	localVarPath = strings.Replace(localVarPath, "{"+"domainId"+"}", url.PathEscape(parameterToString(r.domainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.certificate == nil {
+		return nil, reportError("certificate is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.certificate
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiVerifyDomainRequest struct {
+	ctx        context.Context
+	ApiService DomainApi
+	domainId   string
+	retryCount int32
+}
+
+func (r ApiVerifyDomainRequest) Execute() (*DomainResponse, *APIResponse, error) {
+	return r.ApiService.VerifyDomainExecute(r)
+}
+
+/*
+VerifyDomain Verify a Domain
+
+Verifies the Domain by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param domainId
+	@return ApiVerifyDomainRequest
+*/
+func (a *DomainApiService) VerifyDomain(ctx context.Context, domainId string) ApiVerifyDomainRequest {
+	return ApiVerifyDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		domainId:   domainId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return DomainResponse
+func (a *DomainApiService) VerifyDomainExecute(r ApiVerifyDomainRequest) (*DomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *DomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "DomainApiService.VerifyDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/domains/{domainId}/verify"
+	localVarPath = strings.Replace(localVarPath, "{"+"domainId"+"}", url.PathEscape(parameterToString(r.domainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_email_domain.go b/okta/api_email_domain.go
new file mode 100644
index 000000000..9591dc9de
--- /dev/null
+++ b/okta/api_email_domain.go
@@ -0,0 +1,1222 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type EmailDomainApi interface {
+	/*
+		CreateEmailDomain Create an Email Domain
+
+		Creates an Email Domain in your org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateEmailDomainRequest
+	*/
+	CreateEmailDomain(ctx context.Context) ApiCreateEmailDomainRequest
+
+	// CreateEmailDomainExecute executes the request
+	//  @return EmailDomainResponse
+	CreateEmailDomainExecute(r ApiCreateEmailDomainRequest) (*EmailDomainResponse, *APIResponse, error)
+
+	/*
+		DeleteEmailDomain Delete an Email Domain
+
+		Deletes an Email Domain by `emailDomainId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param emailDomainId
+		@return ApiDeleteEmailDomainRequest
+	*/
+	DeleteEmailDomain(ctx context.Context, emailDomainId string) ApiDeleteEmailDomainRequest
+
+	// DeleteEmailDomainExecute executes the request
+	DeleteEmailDomainExecute(r ApiDeleteEmailDomainRequest) (*APIResponse, error)
+
+	/*
+		GetEmailDomain Retrieve an Email Domain
+
+		Retrieves an Email Domain by `emailDomainId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param emailDomainId
+		@return ApiGetEmailDomainRequest
+	*/
+	GetEmailDomain(ctx context.Context, emailDomainId string) ApiGetEmailDomainRequest
+
+	// GetEmailDomainExecute executes the request
+	//  @return EmailDomainResponseWithEmbedded
+	GetEmailDomainExecute(r ApiGetEmailDomainRequest) (*EmailDomainResponseWithEmbedded, *APIResponse, error)
+
+	/*
+		ListEmailDomains List all Email Domains
+
+		Lists all the Email Domains in your org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListEmailDomainsRequest
+	*/
+	ListEmailDomains(ctx context.Context) ApiListEmailDomainsRequest
+
+	// ListEmailDomainsExecute executes the request
+	//  @return []EmailDomainResponseWithEmbedded
+	ListEmailDomainsExecute(r ApiListEmailDomainsRequest) ([]EmailDomainResponseWithEmbedded, *APIResponse, error)
+
+	/*
+		ReplaceEmailDomain Replace an Email Domain
+
+		Replaces associated username and sender display name by `emailDomainId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param emailDomainId
+		@return ApiReplaceEmailDomainRequest
+	*/
+	ReplaceEmailDomain(ctx context.Context, emailDomainId string) ApiReplaceEmailDomainRequest
+
+	// ReplaceEmailDomainExecute executes the request
+	//  @return EmailDomainResponse
+	ReplaceEmailDomainExecute(r ApiReplaceEmailDomainRequest) (*EmailDomainResponse, *APIResponse, error)
+
+	/*
+		VerifyEmailDomain Verify an Email Domain
+
+		Verifies an Email Domain by `emailDomainId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param emailDomainId
+		@return ApiVerifyEmailDomainRequest
+	*/
+	VerifyEmailDomain(ctx context.Context, emailDomainId string) ApiVerifyEmailDomainRequest
+
+	// VerifyEmailDomainExecute executes the request
+	//  @return EmailDomainResponse
+	VerifyEmailDomainExecute(r ApiVerifyEmailDomainRequest) (*EmailDomainResponse, *APIResponse, error)
+}
+
+// EmailDomainApiService EmailDomainApi service
+type EmailDomainApiService service
+
+type ApiCreateEmailDomainRequest struct {
+	ctx         context.Context
+	ApiService  EmailDomainApi
+	emailDomain *EmailDomain
+	expand      *[]string
+	retryCount  int32
+}
+
+func (r ApiCreateEmailDomainRequest) EmailDomain(emailDomain EmailDomain) ApiCreateEmailDomainRequest {
+	r.emailDomain = &emailDomain
+	return r
+}
+
+// Specifies additional metadata to be included in the response
+func (r ApiCreateEmailDomainRequest) Expand(expand []string) ApiCreateEmailDomainRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiCreateEmailDomainRequest) Execute() (*EmailDomainResponse, *APIResponse, error) {
+	return r.ApiService.CreateEmailDomainExecute(r)
+}
+
+/*
+CreateEmailDomain Create an Email Domain
+
+Creates an Email Domain in your org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateEmailDomainRequest
+*/
+func (a *EmailDomainApiService) CreateEmailDomain(ctx context.Context) ApiCreateEmailDomainRequest {
+	return ApiCreateEmailDomainRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailDomainResponse
+func (a *EmailDomainApiService) CreateEmailDomainExecute(r ApiCreateEmailDomainRequest) (*EmailDomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailDomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EmailDomainApiService.CreateEmailDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/email-domains"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.emailDomain == nil {
+		return localVarReturnValue, nil, reportError("emailDomain is required and must be specified")
+	}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.emailDomain
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteEmailDomainRequest struct {
+	ctx           context.Context
+	ApiService    EmailDomainApi
+	emailDomainId string
+	expand        *[]string
+	retryCount    int32
+}
+
+// Specifies additional metadata to be included in the response
+func (r ApiDeleteEmailDomainRequest) Expand(expand []string) ApiDeleteEmailDomainRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiDeleteEmailDomainRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteEmailDomainExecute(r)
+}
+
+/*
+DeleteEmailDomain Delete an Email Domain
+
+Deletes an Email Domain by `emailDomainId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param emailDomainId
+	@return ApiDeleteEmailDomainRequest
+*/
+func (a *EmailDomainApiService) DeleteEmailDomain(ctx context.Context, emailDomainId string) ApiDeleteEmailDomainRequest {
+	return ApiDeleteEmailDomainRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		emailDomainId: emailDomainId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *EmailDomainApiService) DeleteEmailDomainExecute(r ApiDeleteEmailDomainRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EmailDomainApiService.DeleteEmailDomain")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/email-domains/{emailDomainId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"emailDomainId"+"}", url.PathEscape(parameterToString(r.emailDomainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetEmailDomainRequest struct {
+	ctx           context.Context
+	ApiService    EmailDomainApi
+	emailDomainId string
+	expand        *[]string
+	retryCount    int32
+}
+
+// Specifies additional metadata to be included in the response
+func (r ApiGetEmailDomainRequest) Expand(expand []string) ApiGetEmailDomainRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetEmailDomainRequest) Execute() (*EmailDomainResponseWithEmbedded, *APIResponse, error) {
+	return r.ApiService.GetEmailDomainExecute(r)
+}
+
+/*
+GetEmailDomain Retrieve an Email Domain
+
+Retrieves an Email Domain by `emailDomainId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param emailDomainId
+	@return ApiGetEmailDomainRequest
+*/
+func (a *EmailDomainApiService) GetEmailDomain(ctx context.Context, emailDomainId string) ApiGetEmailDomainRequest {
+	return ApiGetEmailDomainRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		emailDomainId: emailDomainId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailDomainResponseWithEmbedded
+func (a *EmailDomainApiService) GetEmailDomainExecute(r ApiGetEmailDomainRequest) (*EmailDomainResponseWithEmbedded, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailDomainResponseWithEmbedded
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EmailDomainApiService.GetEmailDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/email-domains/{emailDomainId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"emailDomainId"+"}", url.PathEscape(parameterToString(r.emailDomainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListEmailDomainsRequest struct {
+	ctx        context.Context
+	ApiService EmailDomainApi
+	expand     *[]string
+	retryCount int32
+}
+
+// Specifies additional metadata to be included in the response
+func (r ApiListEmailDomainsRequest) Expand(expand []string) ApiListEmailDomainsRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListEmailDomainsRequest) Execute() ([]EmailDomainResponseWithEmbedded, *APIResponse, error) {
+	return r.ApiService.ListEmailDomainsExecute(r)
+}
+
+/*
+ListEmailDomains List all Email Domains
+
+Lists all the Email Domains in your org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListEmailDomainsRequest
+*/
+func (a *EmailDomainApiService) ListEmailDomains(ctx context.Context) ApiListEmailDomainsRequest {
+	return ApiListEmailDomainsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []EmailDomainResponseWithEmbedded
+func (a *EmailDomainApiService) ListEmailDomainsExecute(r ApiListEmailDomainsRequest) ([]EmailDomainResponseWithEmbedded, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []EmailDomainResponseWithEmbedded
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EmailDomainApiService.ListEmailDomains")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/email-domains"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceEmailDomainRequest struct {
+	ctx               context.Context
+	ApiService        EmailDomainApi
+	emailDomainId     string
+	updateEmailDomain *UpdateEmailDomain
+	expand            *[]string
+	retryCount        int32
+}
+
+func (r ApiReplaceEmailDomainRequest) UpdateEmailDomain(updateEmailDomain UpdateEmailDomain) ApiReplaceEmailDomainRequest {
+	r.updateEmailDomain = &updateEmailDomain
+	return r
+}
+
+// Specifies additional metadata to be included in the response
+func (r ApiReplaceEmailDomainRequest) Expand(expand []string) ApiReplaceEmailDomainRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiReplaceEmailDomainRequest) Execute() (*EmailDomainResponse, *APIResponse, error) {
+	return r.ApiService.ReplaceEmailDomainExecute(r)
+}
+
+/*
+ReplaceEmailDomain Replace an Email Domain
+
+Replaces associated username and sender display name by `emailDomainId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param emailDomainId
+	@return ApiReplaceEmailDomainRequest
+*/
+func (a *EmailDomainApiService) ReplaceEmailDomain(ctx context.Context, emailDomainId string) ApiReplaceEmailDomainRequest {
+	return ApiReplaceEmailDomainRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		emailDomainId: emailDomainId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailDomainResponse
+func (a *EmailDomainApiService) ReplaceEmailDomainExecute(r ApiReplaceEmailDomainRequest) (*EmailDomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailDomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EmailDomainApiService.ReplaceEmailDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/email-domains/{emailDomainId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"emailDomainId"+"}", url.PathEscape(parameterToString(r.emailDomainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.updateEmailDomain == nil {
+		return localVarReturnValue, nil, reportError("updateEmailDomain is required and must be specified")
+	}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, "csv"))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.updateEmailDomain
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiVerifyEmailDomainRequest struct {
+	ctx           context.Context
+	ApiService    EmailDomainApi
+	emailDomainId string
+	retryCount    int32
+}
+
+func (r ApiVerifyEmailDomainRequest) Execute() (*EmailDomainResponse, *APIResponse, error) {
+	return r.ApiService.VerifyEmailDomainExecute(r)
+}
+
+/*
+VerifyEmailDomain Verify an Email Domain
+
+Verifies an Email Domain by `emailDomainId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param emailDomainId
+	@return ApiVerifyEmailDomainRequest
+*/
+func (a *EmailDomainApiService) VerifyEmailDomain(ctx context.Context, emailDomainId string) ApiVerifyEmailDomainRequest {
+	return ApiVerifyEmailDomainRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		emailDomainId: emailDomainId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EmailDomainResponse
+func (a *EmailDomainApiService) VerifyEmailDomainExecute(r ApiVerifyEmailDomainRequest) (*EmailDomainResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EmailDomainResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EmailDomainApiService.VerifyEmailDomain")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/email-domains/{emailDomainId}/verify"
+	localVarPath = strings.Replace(localVarPath, "{"+"emailDomainId"+"}", url.PathEscape(parameterToString(r.emailDomainId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_event_hook.go b/okta/api_event_hook.go
new file mode 100644
index 000000000..8f672c05b
--- /dev/null
+++ b/okta/api_event_hook.go
@@ -0,0 +1,1486 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type EventHookApi interface {
+	/*
+		ActivateEventHook Activate an Event Hook
+
+		Activates an event hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param eventHookId
+		@return ApiActivateEventHookRequest
+	*/
+	ActivateEventHook(ctx context.Context, eventHookId string) ApiActivateEventHookRequest
+
+	// ActivateEventHookExecute executes the request
+	//  @return EventHook
+	ActivateEventHookExecute(r ApiActivateEventHookRequest) (*EventHook, *APIResponse, error)
+
+	/*
+		CreateEventHook Create an Event Hook
+
+		Creates an event hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateEventHookRequest
+	*/
+	CreateEventHook(ctx context.Context) ApiCreateEventHookRequest
+
+	// CreateEventHookExecute executes the request
+	//  @return EventHook
+	CreateEventHookExecute(r ApiCreateEventHookRequest) (*EventHook, *APIResponse, error)
+
+	/*
+		DeactivateEventHook Deactivate an Event Hook
+
+		Deactivates an event hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param eventHookId
+		@return ApiDeactivateEventHookRequest
+	*/
+	DeactivateEventHook(ctx context.Context, eventHookId string) ApiDeactivateEventHookRequest
+
+	// DeactivateEventHookExecute executes the request
+	//  @return EventHook
+	DeactivateEventHookExecute(r ApiDeactivateEventHookRequest) (*EventHook, *APIResponse, error)
+
+	/*
+		DeleteEventHook Delete an Event Hook
+
+		Deletes an event hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param eventHookId
+		@return ApiDeleteEventHookRequest
+	*/
+	DeleteEventHook(ctx context.Context, eventHookId string) ApiDeleteEventHookRequest
+
+	// DeleteEventHookExecute executes the request
+	DeleteEventHookExecute(r ApiDeleteEventHookRequest) (*APIResponse, error)
+
+	/*
+		GetEventHook Retrieve an Event Hook
+
+		Retrieves an event hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param eventHookId
+		@return ApiGetEventHookRequest
+	*/
+	GetEventHook(ctx context.Context, eventHookId string) ApiGetEventHookRequest
+
+	// GetEventHookExecute executes the request
+	//  @return EventHook
+	GetEventHookExecute(r ApiGetEventHookRequest) (*EventHook, *APIResponse, error)
+
+	/*
+		ListEventHooks List all Event Hooks
+
+		Lists all event hooks
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListEventHooksRequest
+	*/
+	ListEventHooks(ctx context.Context) ApiListEventHooksRequest
+
+	// ListEventHooksExecute executes the request
+	//  @return []EventHook
+	ListEventHooksExecute(r ApiListEventHooksRequest) ([]EventHook, *APIResponse, error)
+
+	/*
+		ReplaceEventHook Replace an Event Hook
+
+		Replaces an event hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param eventHookId
+		@return ApiReplaceEventHookRequest
+	*/
+	ReplaceEventHook(ctx context.Context, eventHookId string) ApiReplaceEventHookRequest
+
+	// ReplaceEventHookExecute executes the request
+	//  @return EventHook
+	ReplaceEventHookExecute(r ApiReplaceEventHookRequest) (*EventHook, *APIResponse, error)
+
+	/*
+		VerifyEventHook Verify an Event Hook
+
+		Verifies an event hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param eventHookId
+		@return ApiVerifyEventHookRequest
+	*/
+	VerifyEventHook(ctx context.Context, eventHookId string) ApiVerifyEventHookRequest
+
+	// VerifyEventHookExecute executes the request
+	//  @return EventHook
+	VerifyEventHookExecute(r ApiVerifyEventHookRequest) (*EventHook, *APIResponse, error)
+}
+
+// EventHookApiService EventHookApi service
+type EventHookApiService service
+
+type ApiActivateEventHookRequest struct {
+	ctx         context.Context
+	ApiService  EventHookApi
+	eventHookId string
+	retryCount  int32
+}
+
+func (r ApiActivateEventHookRequest) Execute() (*EventHook, *APIResponse, error) {
+	return r.ApiService.ActivateEventHookExecute(r)
+}
+
+/*
+ActivateEventHook Activate an Event Hook
+
+Activates an event hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param eventHookId
+	@return ApiActivateEventHookRequest
+*/
+func (a *EventHookApiService) ActivateEventHook(ctx context.Context, eventHookId string) ApiActivateEventHookRequest {
+	return ApiActivateEventHookRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		eventHookId: eventHookId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EventHook
+func (a *EventHookApiService) ActivateEventHookExecute(r ApiActivateEventHookRequest) (*EventHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EventHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.ActivateEventHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks/{eventHookId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"eventHookId"+"}", url.PathEscape(parameterToString(r.eventHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateEventHookRequest struct {
+	ctx        context.Context
+	ApiService EventHookApi
+	eventHook  *EventHook
+	retryCount int32
+}
+
+func (r ApiCreateEventHookRequest) EventHook(eventHook EventHook) ApiCreateEventHookRequest {
+	r.eventHook = &eventHook
+	return r
+}
+
+func (r ApiCreateEventHookRequest) Execute() (*EventHook, *APIResponse, error) {
+	return r.ApiService.CreateEventHookExecute(r)
+}
+
+/*
+CreateEventHook Create an Event Hook
+
+Creates an event hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateEventHookRequest
+*/
+func (a *EventHookApiService) CreateEventHook(ctx context.Context) ApiCreateEventHookRequest {
+	return ApiCreateEventHookRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EventHook
+func (a *EventHookApiService) CreateEventHookExecute(r ApiCreateEventHookRequest) (*EventHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EventHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.CreateEventHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.eventHook == nil {
+		return localVarReturnValue, nil, reportError("eventHook is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.eventHook
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateEventHookRequest struct {
+	ctx         context.Context
+	ApiService  EventHookApi
+	eventHookId string
+	retryCount  int32
+}
+
+func (r ApiDeactivateEventHookRequest) Execute() (*EventHook, *APIResponse, error) {
+	return r.ApiService.DeactivateEventHookExecute(r)
+}
+
+/*
+DeactivateEventHook Deactivate an Event Hook
+
+Deactivates an event hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param eventHookId
+	@return ApiDeactivateEventHookRequest
+*/
+func (a *EventHookApiService) DeactivateEventHook(ctx context.Context, eventHookId string) ApiDeactivateEventHookRequest {
+	return ApiDeactivateEventHookRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		eventHookId: eventHookId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EventHook
+func (a *EventHookApiService) DeactivateEventHookExecute(r ApiDeactivateEventHookRequest) (*EventHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EventHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.DeactivateEventHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"eventHookId"+"}", url.PathEscape(parameterToString(r.eventHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteEventHookRequest struct {
+	ctx         context.Context
+	ApiService  EventHookApi
+	eventHookId string
+	retryCount  int32
+}
+
+func (r ApiDeleteEventHookRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteEventHookExecute(r)
+}
+
+/*
+DeleteEventHook Delete an Event Hook
+
+Deletes an event hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param eventHookId
+	@return ApiDeleteEventHookRequest
+*/
+func (a *EventHookApiService) DeleteEventHook(ctx context.Context, eventHookId string) ApiDeleteEventHookRequest {
+	return ApiDeleteEventHookRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		eventHookId: eventHookId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+func (a *EventHookApiService) DeleteEventHookExecute(r ApiDeleteEventHookRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.DeleteEventHook")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks/{eventHookId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"eventHookId"+"}", url.PathEscape(parameterToString(r.eventHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetEventHookRequest struct {
+	ctx         context.Context
+	ApiService  EventHookApi
+	eventHookId string
+	retryCount  int32
+}
+
+func (r ApiGetEventHookRequest) Execute() (*EventHook, *APIResponse, error) {
+	return r.ApiService.GetEventHookExecute(r)
+}
+
+/*
+GetEventHook Retrieve an Event Hook
+
+Retrieves an event hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param eventHookId
+	@return ApiGetEventHookRequest
+*/
+func (a *EventHookApiService) GetEventHook(ctx context.Context, eventHookId string) ApiGetEventHookRequest {
+	return ApiGetEventHookRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		eventHookId: eventHookId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EventHook
+func (a *EventHookApiService) GetEventHookExecute(r ApiGetEventHookRequest) (*EventHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EventHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.GetEventHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks/{eventHookId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"eventHookId"+"}", url.PathEscape(parameterToString(r.eventHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListEventHooksRequest struct {
+	ctx        context.Context
+	ApiService EventHookApi
+	retryCount int32
+}
+
+func (r ApiListEventHooksRequest) Execute() ([]EventHook, *APIResponse, error) {
+	return r.ApiService.ListEventHooksExecute(r)
+}
+
+/*
+ListEventHooks List all Event Hooks
+
+Lists all event hooks
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListEventHooksRequest
+*/
+func (a *EventHookApiService) ListEventHooks(ctx context.Context) ApiListEventHooksRequest {
+	return ApiListEventHooksRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []EventHook
+func (a *EventHookApiService) ListEventHooksExecute(r ApiListEventHooksRequest) ([]EventHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []EventHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.ListEventHooks")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceEventHookRequest struct {
+	ctx         context.Context
+	ApiService  EventHookApi
+	eventHookId string
+	eventHook   *EventHook
+	retryCount  int32
+}
+
+func (r ApiReplaceEventHookRequest) EventHook(eventHook EventHook) ApiReplaceEventHookRequest {
+	r.eventHook = &eventHook
+	return r
+}
+
+func (r ApiReplaceEventHookRequest) Execute() (*EventHook, *APIResponse, error) {
+	return r.ApiService.ReplaceEventHookExecute(r)
+}
+
+/*
+ReplaceEventHook Replace an Event Hook
+
+Replaces an event hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param eventHookId
+	@return ApiReplaceEventHookRequest
+*/
+func (a *EventHookApiService) ReplaceEventHook(ctx context.Context, eventHookId string) ApiReplaceEventHookRequest {
+	return ApiReplaceEventHookRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		eventHookId: eventHookId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EventHook
+func (a *EventHookApiService) ReplaceEventHookExecute(r ApiReplaceEventHookRequest) (*EventHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EventHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.ReplaceEventHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks/{eventHookId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"eventHookId"+"}", url.PathEscape(parameterToString(r.eventHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.eventHook == nil {
+		return localVarReturnValue, nil, reportError("eventHook is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.eventHook
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiVerifyEventHookRequest struct {
+	ctx         context.Context
+	ApiService  EventHookApi
+	eventHookId string
+	retryCount  int32
+}
+
+func (r ApiVerifyEventHookRequest) Execute() (*EventHook, *APIResponse, error) {
+	return r.ApiService.VerifyEventHookExecute(r)
+}
+
+/*
+VerifyEventHook Verify an Event Hook
+
+Verifies an event hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param eventHookId
+	@return ApiVerifyEventHookRequest
+*/
+func (a *EventHookApiService) VerifyEventHook(ctx context.Context, eventHookId string) ApiVerifyEventHookRequest {
+	return ApiVerifyEventHookRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		eventHookId: eventHookId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return EventHook
+func (a *EventHookApiService) VerifyEventHookExecute(r ApiVerifyEventHookRequest) (*EventHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EventHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EventHookApiService.VerifyEventHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/eventHooks/{eventHookId}/lifecycle/verify"
+	localVarPath = strings.Replace(localVarPath, "{"+"eventHookId"+"}", url.PathEscape(parameterToString(r.eventHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_feature.go b/okta/api_feature.go
new file mode 100644
index 000000000..b79b3bb1c
--- /dev/null
+++ b/okta/api_feature.go
@@ -0,0 +1,942 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type FeatureApi interface {
+	/*
+		GetFeature Retrieve a Feature
+
+		Retrieves a feature
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param featureId
+		@return ApiGetFeatureRequest
+	*/
+	GetFeature(ctx context.Context, featureId string) ApiGetFeatureRequest
+
+	// GetFeatureExecute executes the request
+	//  @return Feature
+	GetFeatureExecute(r ApiGetFeatureRequest) (*Feature, *APIResponse, error)
+
+	/*
+		ListFeatureDependencies List all Dependencies
+
+		Lists all dependencies
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param featureId
+		@return ApiListFeatureDependenciesRequest
+	*/
+	ListFeatureDependencies(ctx context.Context, featureId string) ApiListFeatureDependenciesRequest
+
+	// ListFeatureDependenciesExecute executes the request
+	//  @return []Feature
+	ListFeatureDependenciesExecute(r ApiListFeatureDependenciesRequest) ([]Feature, *APIResponse, error)
+
+	/*
+		ListFeatureDependents List all Dependents
+
+		Lists all dependents
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param featureId
+		@return ApiListFeatureDependentsRequest
+	*/
+	ListFeatureDependents(ctx context.Context, featureId string) ApiListFeatureDependentsRequest
+
+	// ListFeatureDependentsExecute executes the request
+	//  @return []Feature
+	ListFeatureDependentsExecute(r ApiListFeatureDependentsRequest) ([]Feature, *APIResponse, error)
+
+	/*
+		ListFeatures List all Features
+
+		Lists all features
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListFeaturesRequest
+	*/
+	ListFeatures(ctx context.Context) ApiListFeaturesRequest
+
+	// ListFeaturesExecute executes the request
+	//  @return []Feature
+	ListFeaturesExecute(r ApiListFeaturesRequest) ([]Feature, *APIResponse, error)
+
+	/*
+		UpdateFeatureLifecycle Update a Feature Lifecycle
+
+		Updates a feature lifecycle
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param featureId
+		@param lifecycle
+		@return ApiUpdateFeatureLifecycleRequest
+	*/
+	UpdateFeatureLifecycle(ctx context.Context, featureId string, lifecycle string) ApiUpdateFeatureLifecycleRequest
+
+	// UpdateFeatureLifecycleExecute executes the request
+	//  @return Feature
+	UpdateFeatureLifecycleExecute(r ApiUpdateFeatureLifecycleRequest) (*Feature, *APIResponse, error)
+}
+
+// FeatureApiService FeatureApi service
+type FeatureApiService service
+
+type ApiGetFeatureRequest struct {
+	ctx        context.Context
+	ApiService FeatureApi
+	featureId  string
+	retryCount int32
+}
+
+func (r ApiGetFeatureRequest) Execute() (*Feature, *APIResponse, error) {
+	return r.ApiService.GetFeatureExecute(r)
+}
+
+/*
+GetFeature Retrieve a Feature
+
+Retrieves a feature
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param featureId
+	@return ApiGetFeatureRequest
+*/
+func (a *FeatureApiService) GetFeature(ctx context.Context, featureId string) ApiGetFeatureRequest {
+	return ApiGetFeatureRequest{
+		ApiService: a,
+		ctx:        ctx,
+		featureId:  featureId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Feature
+func (a *FeatureApiService) GetFeatureExecute(r ApiGetFeatureRequest) (*Feature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Feature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "FeatureApiService.GetFeature")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/features/{featureId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"featureId"+"}", url.PathEscape(parameterToString(r.featureId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListFeatureDependenciesRequest struct {
+	ctx        context.Context
+	ApiService FeatureApi
+	featureId  string
+	retryCount int32
+}
+
+func (r ApiListFeatureDependenciesRequest) Execute() ([]Feature, *APIResponse, error) {
+	return r.ApiService.ListFeatureDependenciesExecute(r)
+}
+
+/*
+ListFeatureDependencies List all Dependencies
+
+Lists all dependencies
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param featureId
+	@return ApiListFeatureDependenciesRequest
+*/
+func (a *FeatureApiService) ListFeatureDependencies(ctx context.Context, featureId string) ApiListFeatureDependenciesRequest {
+	return ApiListFeatureDependenciesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		featureId:  featureId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Feature
+func (a *FeatureApiService) ListFeatureDependenciesExecute(r ApiListFeatureDependenciesRequest) ([]Feature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Feature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "FeatureApiService.ListFeatureDependencies")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/features/{featureId}/dependencies"
+	localVarPath = strings.Replace(localVarPath, "{"+"featureId"+"}", url.PathEscape(parameterToString(r.featureId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListFeatureDependentsRequest struct {
+	ctx        context.Context
+	ApiService FeatureApi
+	featureId  string
+	retryCount int32
+}
+
+func (r ApiListFeatureDependentsRequest) Execute() ([]Feature, *APIResponse, error) {
+	return r.ApiService.ListFeatureDependentsExecute(r)
+}
+
+/*
+ListFeatureDependents List all Dependents
+
+Lists all dependents
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param featureId
+	@return ApiListFeatureDependentsRequest
+*/
+func (a *FeatureApiService) ListFeatureDependents(ctx context.Context, featureId string) ApiListFeatureDependentsRequest {
+	return ApiListFeatureDependentsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		featureId:  featureId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Feature
+func (a *FeatureApiService) ListFeatureDependentsExecute(r ApiListFeatureDependentsRequest) ([]Feature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Feature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "FeatureApiService.ListFeatureDependents")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/features/{featureId}/dependents"
+	localVarPath = strings.Replace(localVarPath, "{"+"featureId"+"}", url.PathEscape(parameterToString(r.featureId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListFeaturesRequest struct {
+	ctx        context.Context
+	ApiService FeatureApi
+	retryCount int32
+}
+
+func (r ApiListFeaturesRequest) Execute() ([]Feature, *APIResponse, error) {
+	return r.ApiService.ListFeaturesExecute(r)
+}
+
+/*
+ListFeatures List all Features
+
+Lists all features
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListFeaturesRequest
+*/
+func (a *FeatureApiService) ListFeatures(ctx context.Context) ApiListFeaturesRequest {
+	return ApiListFeaturesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Feature
+func (a *FeatureApiService) ListFeaturesExecute(r ApiListFeaturesRequest) ([]Feature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Feature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "FeatureApiService.ListFeatures")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/features"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateFeatureLifecycleRequest struct {
+	ctx        context.Context
+	ApiService FeatureApi
+	featureId  string
+	lifecycle  string
+	mode       *string
+	retryCount int32
+}
+
+func (r ApiUpdateFeatureLifecycleRequest) Mode(mode string) ApiUpdateFeatureLifecycleRequest {
+	r.mode = &mode
+	return r
+}
+
+func (r ApiUpdateFeatureLifecycleRequest) Execute() (*Feature, *APIResponse, error) {
+	return r.ApiService.UpdateFeatureLifecycleExecute(r)
+}
+
+/*
+UpdateFeatureLifecycle Update a Feature Lifecycle
+
+Updates a feature lifecycle
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param featureId
+	@param lifecycle
+	@return ApiUpdateFeatureLifecycleRequest
+*/
+func (a *FeatureApiService) UpdateFeatureLifecycle(ctx context.Context, featureId string, lifecycle string) ApiUpdateFeatureLifecycleRequest {
+	return ApiUpdateFeatureLifecycleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		featureId:  featureId,
+		lifecycle:  lifecycle,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Feature
+func (a *FeatureApiService) UpdateFeatureLifecycleExecute(r ApiUpdateFeatureLifecycleRequest) (*Feature, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Feature
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "FeatureApiService.UpdateFeatureLifecycle")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/features/{featureId}/{lifecycle}"
+	localVarPath = strings.Replace(localVarPath, "{"+"featureId"+"}", url.PathEscape(parameterToString(r.featureId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"lifecycle"+"}", url.PathEscape(parameterToString(r.lifecycle, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.mode != nil {
+		localVarQueryParams.Add("mode", parameterToString(*r.mode, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_group.go b/okta/api_group.go
new file mode 100644
index 000000000..259d3a483
--- /dev/null
+++ b/okta/api_group.go
@@ -0,0 +1,3632 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type GroupApi interface {
+	/*
+		ActivateGroupRule Activate a Group Rule
+
+		Activates a specific group rule by `ruleId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param ruleId
+		@return ApiActivateGroupRuleRequest
+	*/
+	ActivateGroupRule(ctx context.Context, ruleId string) ApiActivateGroupRuleRequest
+
+	// ActivateGroupRuleExecute executes the request
+	ActivateGroupRuleExecute(r ApiActivateGroupRuleRequest) (*APIResponse, error)
+
+	/*
+		AssignGroupOwner Assign a Group Owner
+
+		Assigns a group owner
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiAssignGroupOwnerRequest
+	*/
+	AssignGroupOwner(ctx context.Context, groupId string) ApiAssignGroupOwnerRequest
+
+	// AssignGroupOwnerExecute executes the request
+	//  @return GroupOwner
+	AssignGroupOwnerExecute(r ApiAssignGroupOwnerRequest) (*GroupOwner, *APIResponse, error)
+
+	/*
+		AssignUserToGroup Assign a User
+
+		Assigns a user to a group with 'OKTA_GROUP' type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param userId
+		@return ApiAssignUserToGroupRequest
+	*/
+	AssignUserToGroup(ctx context.Context, groupId string, userId string) ApiAssignUserToGroupRequest
+
+	// AssignUserToGroupExecute executes the request
+	AssignUserToGroupExecute(r ApiAssignUserToGroupRequest) (*APIResponse, error)
+
+	/*
+		CreateGroup Create a Group
+
+		Creates a new group with `OKTA_GROUP` type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateGroupRequest
+	*/
+	CreateGroup(ctx context.Context) ApiCreateGroupRequest
+
+	// CreateGroupExecute executes the request
+	//  @return Group
+	CreateGroupExecute(r ApiCreateGroupRequest) (*Group, *APIResponse, error)
+
+	/*
+		CreateGroupRule Create a Group Rule
+
+		Creates a group rule to dynamically add users to the specified group if they match the condition
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateGroupRuleRequest
+	*/
+	CreateGroupRule(ctx context.Context) ApiCreateGroupRuleRequest
+
+	// CreateGroupRuleExecute executes the request
+	//  @return GroupRule
+	CreateGroupRuleExecute(r ApiCreateGroupRuleRequest) (*GroupRule, *APIResponse, error)
+
+	/*
+		DeactivateGroupRule Deactivate a Group Rule
+
+		Deactivates a specific group rule by `ruleId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param ruleId
+		@return ApiDeactivateGroupRuleRequest
+	*/
+	DeactivateGroupRule(ctx context.Context, ruleId string) ApiDeactivateGroupRuleRequest
+
+	// DeactivateGroupRuleExecute executes the request
+	DeactivateGroupRuleExecute(r ApiDeactivateGroupRuleRequest) (*APIResponse, error)
+
+	/*
+		DeleteGroup Delete a Group
+
+		Deletes a group with `OKTA_GROUP` type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiDeleteGroupRequest
+	*/
+	DeleteGroup(ctx context.Context, groupId string) ApiDeleteGroupRequest
+
+	// DeleteGroupExecute executes the request
+	DeleteGroupExecute(r ApiDeleteGroupRequest) (*APIResponse, error)
+
+	/*
+		DeleteGroupOwner Delete a Group Owner
+
+		Deletes a group owner from a specific group
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param ownerId
+		@return ApiDeleteGroupOwnerRequest
+	*/
+	DeleteGroupOwner(ctx context.Context, groupId string, ownerId string) ApiDeleteGroupOwnerRequest
+
+	// DeleteGroupOwnerExecute executes the request
+	DeleteGroupOwnerExecute(r ApiDeleteGroupOwnerRequest) (*APIResponse, error)
+
+	/*
+		DeleteGroupRule Delete a group Rule
+
+		Deletes a specific group rule by `ruleId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param ruleId
+		@return ApiDeleteGroupRuleRequest
+	*/
+	DeleteGroupRule(ctx context.Context, ruleId string) ApiDeleteGroupRuleRequest
+
+	// DeleteGroupRuleExecute executes the request
+	DeleteGroupRuleExecute(r ApiDeleteGroupRuleRequest) (*APIResponse, error)
+
+	/*
+		GetGroup Retrieve a Group
+
+		Retrieves a group by `groupId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiGetGroupRequest
+	*/
+	GetGroup(ctx context.Context, groupId string) ApiGetGroupRequest
+
+	// GetGroupExecute executes the request
+	//  @return Group
+	GetGroupExecute(r ApiGetGroupRequest) (*Group, *APIResponse, error)
+
+	/*
+		GetGroupRule Retrieve a Group Rule
+
+		Retrieves a specific group rule by `ruleId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param ruleId
+		@return ApiGetGroupRuleRequest
+	*/
+	GetGroupRule(ctx context.Context, ruleId string) ApiGetGroupRuleRequest
+
+	// GetGroupRuleExecute executes the request
+	//  @return GroupRule
+	GetGroupRuleExecute(r ApiGetGroupRuleRequest) (*GroupRule, *APIResponse, error)
+
+	/*
+		ListAssignedApplicationsForGroup List all Assigned Applications
+
+		Lists all applications that are assigned to a group
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiListAssignedApplicationsForGroupRequest
+	*/
+	ListAssignedApplicationsForGroup(ctx context.Context, groupId string) ApiListAssignedApplicationsForGroupRequest
+
+	// ListAssignedApplicationsForGroupExecute executes the request
+	//  @return []ListApplications200ResponseInner
+	ListAssignedApplicationsForGroupExecute(r ApiListAssignedApplicationsForGroupRequest) ([]ListApplications200ResponseInner, *APIResponse, error)
+
+	/*
+		ListGroupOwners List all Group Owners
+
+		Lists all owners for a specific group
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiListGroupOwnersRequest
+	*/
+	ListGroupOwners(ctx context.Context, groupId string) ApiListGroupOwnersRequest
+
+	// ListGroupOwnersExecute executes the request
+	//  @return []GroupOwner
+	ListGroupOwnersExecute(r ApiListGroupOwnersRequest) ([]GroupOwner, *APIResponse, error)
+
+	/*
+		ListGroupRules List all Group Rules
+
+		Lists all group rules
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListGroupRulesRequest
+	*/
+	ListGroupRules(ctx context.Context) ApiListGroupRulesRequest
+
+	// ListGroupRulesExecute executes the request
+	//  @return []GroupRule
+	ListGroupRulesExecute(r ApiListGroupRulesRequest) ([]GroupRule, *APIResponse, error)
+
+	/*
+		ListGroupUsers List all Member Users
+
+		Lists all users that are a member of a group
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiListGroupUsersRequest
+	*/
+	ListGroupUsers(ctx context.Context, groupId string) ApiListGroupUsersRequest
+
+	// ListGroupUsersExecute executes the request
+	//  @return []User
+	ListGroupUsersExecute(r ApiListGroupUsersRequest) ([]User, *APIResponse, error)
+
+	/*
+		ListGroups List all Groups
+
+		Lists all groups with pagination support. A subset of groups can be returned that match a supported filter expression or query.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListGroupsRequest
+	*/
+	ListGroups(ctx context.Context) ApiListGroupsRequest
+
+	// ListGroupsExecute executes the request
+	//  @return []Group
+	ListGroupsExecute(r ApiListGroupsRequest) ([]Group, *APIResponse, error)
+
+	/*
+		ReplaceGroup Replace a Group
+
+		Replaces the profile for a group with `OKTA_GROUP` type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiReplaceGroupRequest
+	*/
+	ReplaceGroup(ctx context.Context, groupId string) ApiReplaceGroupRequest
+
+	// ReplaceGroupExecute executes the request
+	//  @return Group
+	ReplaceGroupExecute(r ApiReplaceGroupRequest) (*Group, *APIResponse, error)
+
+	/*
+		ReplaceGroupRule Replace a Group Rule
+
+		Replaces a group rule. Only `INACTIVE` rules can be updated.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param ruleId
+		@return ApiReplaceGroupRuleRequest
+	*/
+	ReplaceGroupRule(ctx context.Context, ruleId string) ApiReplaceGroupRuleRequest
+
+	// ReplaceGroupRuleExecute executes the request
+	//  @return GroupRule
+	ReplaceGroupRuleExecute(r ApiReplaceGroupRuleRequest) (*GroupRule, *APIResponse, error)
+
+	/*
+		UnassignUserFromGroup Unassign a User
+
+		Unassigns a user from a group with 'OKTA_GROUP' type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param userId
+		@return ApiUnassignUserFromGroupRequest
+	*/
+	UnassignUserFromGroup(ctx context.Context, groupId string, userId string) ApiUnassignUserFromGroupRequest
+
+	// UnassignUserFromGroupExecute executes the request
+	UnassignUserFromGroupExecute(r ApiUnassignUserFromGroupRequest) (*APIResponse, error)
+}
+
+// GroupApiService GroupApi service
+type GroupApiService service
+
+type ApiActivateGroupRuleRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	ruleId     string
+	retryCount int32
+}
+
+func (r ApiActivateGroupRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivateGroupRuleExecute(r)
+}
+
+/*
+ActivateGroupRule Activate a Group Rule
+
+Activates a specific group rule by `ruleId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param ruleId
+	@return ApiActivateGroupRuleRequest
+*/
+func (a *GroupApiService) ActivateGroupRule(ctx context.Context, ruleId string) ApiActivateGroupRuleRequest {
+	return ApiActivateGroupRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *GroupApiService) ActivateGroupRuleExecute(r ApiActivateGroupRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ActivateGroupRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/rules/{ruleId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignGroupOwnerRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	groupOwner *GroupOwner
+	retryCount int32
+}
+
+func (r ApiAssignGroupOwnerRequest) GroupOwner(groupOwner GroupOwner) ApiAssignGroupOwnerRequest {
+	r.groupOwner = &groupOwner
+	return r
+}
+
+func (r ApiAssignGroupOwnerRequest) Execute() (*GroupOwner, *APIResponse, error) {
+	return r.ApiService.AssignGroupOwnerExecute(r)
+}
+
+/*
+AssignGroupOwner Assign a Group Owner
+
+Assigns a group owner
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiAssignGroupOwnerRequest
+*/
+func (a *GroupApiService) AssignGroupOwner(ctx context.Context, groupId string) ApiAssignGroupOwnerRequest {
+	return ApiAssignGroupOwnerRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return GroupOwner
+func (a *GroupApiService) AssignGroupOwnerExecute(r ApiAssignGroupOwnerRequest) (*GroupOwner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *GroupOwner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.AssignGroupOwner")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/owners"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.groupOwner == nil {
+		return localVarReturnValue, nil, reportError("groupOwner is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.groupOwner
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiAssignUserToGroupRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	userId     string
+	retryCount int32
+}
+
+func (r ApiAssignUserToGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignUserToGroupExecute(r)
+}
+
+/*
+AssignUserToGroup Assign a User
+
+Assigns a user to a group with 'OKTA_GROUP' type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param userId
+	@return ApiAssignUserToGroupRequest
+*/
+func (a *GroupApiService) AssignUserToGroup(ctx context.Context, groupId string, userId string) ApiAssignUserToGroupRequest {
+	return ApiAssignUserToGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *GroupApiService) AssignUserToGroupExecute(r ApiAssignUserToGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.AssignUserToGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiCreateGroupRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	group      *Group
+	retryCount int32
+}
+
+func (r ApiCreateGroupRequest) Group(group Group) ApiCreateGroupRequest {
+	r.group = &group
+	return r
+}
+
+func (r ApiCreateGroupRequest) Execute() (*Group, *APIResponse, error) {
+	return r.ApiService.CreateGroupExecute(r)
+}
+
+/*
+CreateGroup Create a Group
+
+Creates a new group with `OKTA_GROUP` type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateGroupRequest
+*/
+func (a *GroupApiService) CreateGroup(ctx context.Context) ApiCreateGroupRequest {
+	return ApiCreateGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Group
+func (a *GroupApiService) CreateGroupExecute(r ApiCreateGroupRequest) (*Group, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Group
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.CreateGroup")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.group == nil {
+		return localVarReturnValue, nil, reportError("group is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.group
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateGroupRuleRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupRule  *GroupRule
+	retryCount int32
+}
+
+func (r ApiCreateGroupRuleRequest) GroupRule(groupRule GroupRule) ApiCreateGroupRuleRequest {
+	r.groupRule = &groupRule
+	return r
+}
+
+func (r ApiCreateGroupRuleRequest) Execute() (*GroupRule, *APIResponse, error) {
+	return r.ApiService.CreateGroupRuleExecute(r)
+}
+
+/*
+CreateGroupRule Create a Group Rule
+
+Creates a group rule to dynamically add users to the specified group if they match the condition
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateGroupRuleRequest
+*/
+func (a *GroupApiService) CreateGroupRule(ctx context.Context) ApiCreateGroupRuleRequest {
+	return ApiCreateGroupRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return GroupRule
+func (a *GroupApiService) CreateGroupRuleExecute(r ApiCreateGroupRuleRequest) (*GroupRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *GroupRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.CreateGroupRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/rules"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.groupRule == nil {
+		return localVarReturnValue, nil, reportError("groupRule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.groupRule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateGroupRuleRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	ruleId     string
+	retryCount int32
+}
+
+func (r ApiDeactivateGroupRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateGroupRuleExecute(r)
+}
+
+/*
+DeactivateGroupRule Deactivate a Group Rule
+
+Deactivates a specific group rule by `ruleId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param ruleId
+	@return ApiDeactivateGroupRuleRequest
+*/
+func (a *GroupApiService) DeactivateGroupRule(ctx context.Context, ruleId string) ApiDeactivateGroupRuleRequest {
+	return ApiDeactivateGroupRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *GroupApiService) DeactivateGroupRuleExecute(r ApiDeactivateGroupRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.DeactivateGroupRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/rules/{ruleId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteGroupRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	retryCount int32
+}
+
+func (r ApiDeleteGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteGroupExecute(r)
+}
+
+/*
+DeleteGroup Delete a Group
+
+Deletes a group with `OKTA_GROUP` type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiDeleteGroupRequest
+*/
+func (a *GroupApiService) DeleteGroup(ctx context.Context, groupId string) ApiDeleteGroupRequest {
+	return ApiDeleteGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *GroupApiService) DeleteGroupExecute(r ApiDeleteGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.DeleteGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteGroupOwnerRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	ownerId    string
+	retryCount int32
+}
+
+func (r ApiDeleteGroupOwnerRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteGroupOwnerExecute(r)
+}
+
+/*
+DeleteGroupOwner Delete a Group Owner
+
+Deletes a group owner from a specific group
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param ownerId
+	@return ApiDeleteGroupOwnerRequest
+*/
+func (a *GroupApiService) DeleteGroupOwner(ctx context.Context, groupId string, ownerId string) ApiDeleteGroupOwnerRequest {
+	return ApiDeleteGroupOwnerRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		ownerId:    ownerId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *GroupApiService) DeleteGroupOwnerExecute(r ApiDeleteGroupOwnerRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.DeleteGroupOwner")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/owners/{ownerId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ownerId"+"}", url.PathEscape(parameterToString(r.ownerId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteGroupRuleRequest struct {
+	ctx         context.Context
+	ApiService  GroupApi
+	ruleId      string
+	removeUsers *bool
+	retryCount  int32
+}
+
+// Indicates whether to keep or remove users from groups assigned by this rule.
+func (r ApiDeleteGroupRuleRequest) RemoveUsers(removeUsers bool) ApiDeleteGroupRuleRequest {
+	r.removeUsers = &removeUsers
+	return r
+}
+
+func (r ApiDeleteGroupRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteGroupRuleExecute(r)
+}
+
+/*
+DeleteGroupRule Delete a group Rule
+
+Deletes a specific group rule by `ruleId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param ruleId
+	@return ApiDeleteGroupRuleRequest
+*/
+func (a *GroupApiService) DeleteGroupRule(ctx context.Context, ruleId string) ApiDeleteGroupRuleRequest {
+	return ApiDeleteGroupRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *GroupApiService) DeleteGroupRuleExecute(r ApiDeleteGroupRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.DeleteGroupRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.removeUsers != nil {
+		localVarQueryParams.Add("removeUsers", parameterToString(*r.removeUsers, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetGroupRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	retryCount int32
+}
+
+func (r ApiGetGroupRequest) Execute() (*Group, *APIResponse, error) {
+	return r.ApiService.GetGroupExecute(r)
+}
+
+/*
+GetGroup Retrieve a Group
+
+Retrieves a group by `groupId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiGetGroupRequest
+*/
+func (a *GroupApiService) GetGroup(ctx context.Context, groupId string) ApiGetGroupRequest {
+	return ApiGetGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Group
+func (a *GroupApiService) GetGroupExecute(r ApiGetGroupRequest) (*Group, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Group
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.GetGroup")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetGroupRuleRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	ruleId     string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetGroupRuleRequest) Expand(expand string) ApiGetGroupRuleRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetGroupRuleRequest) Execute() (*GroupRule, *APIResponse, error) {
+	return r.ApiService.GetGroupRuleExecute(r)
+}
+
+/*
+GetGroupRule Retrieve a Group Rule
+
+Retrieves a specific group rule by `ruleId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param ruleId
+	@return ApiGetGroupRuleRequest
+*/
+func (a *GroupApiService) GetGroupRule(ctx context.Context, ruleId string) ApiGetGroupRuleRequest {
+	return ApiGetGroupRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return GroupRule
+func (a *GroupApiService) GetGroupRuleExecute(r ApiGetGroupRuleRequest) (*GroupRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *GroupRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.GetGroupRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAssignedApplicationsForGroupRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+// Specifies the pagination cursor for the next page of apps
+func (r ApiListAssignedApplicationsForGroupRequest) After(after string) ApiListAssignedApplicationsForGroupRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of app results for a page
+func (r ApiListAssignedApplicationsForGroupRequest) Limit(limit int32) ApiListAssignedApplicationsForGroupRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListAssignedApplicationsForGroupRequest) Execute() ([]ListApplications200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListAssignedApplicationsForGroupExecute(r)
+}
+
+/*
+ListAssignedApplicationsForGroup List all Assigned Applications
+
+Lists all applications that are assigned to a group
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiListAssignedApplicationsForGroupRequest
+*/
+func (a *GroupApiService) ListAssignedApplicationsForGroup(ctx context.Context, groupId string) ApiListAssignedApplicationsForGroupRequest {
+	return ApiListAssignedApplicationsForGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListApplications200ResponseInner
+func (a *GroupApiService) ListAssignedApplicationsForGroupExecute(r ApiListAssignedApplicationsForGroupRequest) ([]ListApplications200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListApplications200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ListAssignedApplicationsForGroup")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/apps"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGroupOwnersRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	filter     *string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+// SCIM Filter expression for group owners. Allows to filter owners by type.
+func (r ApiListGroupOwnersRequest) Filter(filter string) ApiListGroupOwnersRequest {
+	r.filter = &filter
+	return r
+}
+
+// Specifies the pagination cursor for the next page of owners
+func (r ApiListGroupOwnersRequest) After(after string) ApiListGroupOwnersRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of owner results in a page
+func (r ApiListGroupOwnersRequest) Limit(limit int32) ApiListGroupOwnersRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListGroupOwnersRequest) Execute() ([]GroupOwner, *APIResponse, error) {
+	return r.ApiService.ListGroupOwnersExecute(r)
+}
+
+/*
+ListGroupOwners List all Group Owners
+
+Lists all owners for a specific group
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiListGroupOwnersRequest
+*/
+func (a *GroupApiService) ListGroupOwners(ctx context.Context, groupId string) ApiListGroupOwnersRequest {
+	return ApiListGroupOwnersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []GroupOwner
+func (a *GroupApiService) ListGroupOwnersExecute(r ApiListGroupOwnersRequest) ([]GroupOwner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []GroupOwner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ListGroupOwners")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/owners"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGroupRulesRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	limit      *int32
+	after      *string
+	search     *string
+	expand     *string
+	retryCount int32
+}
+
+// Specifies the number of rule results in a page
+func (r ApiListGroupRulesRequest) Limit(limit int32) ApiListGroupRulesRequest {
+	r.limit = &limit
+	return r
+}
+
+// Specifies the pagination cursor for the next page of rules
+func (r ApiListGroupRulesRequest) After(after string) ApiListGroupRulesRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the keyword to search fules for
+func (r ApiListGroupRulesRequest) Search(search string) ApiListGroupRulesRequest {
+	r.search = &search
+	return r
+}
+
+// If specified as &#x60;groupIdToGroupNameMap&#x60;, then show group names
+func (r ApiListGroupRulesRequest) Expand(expand string) ApiListGroupRulesRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListGroupRulesRequest) Execute() ([]GroupRule, *APIResponse, error) {
+	return r.ApiService.ListGroupRulesExecute(r)
+}
+
+/*
+ListGroupRules List all Group Rules
+
+Lists all group rules
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListGroupRulesRequest
+*/
+func (a *GroupApiService) ListGroupRules(ctx context.Context) ApiListGroupRulesRequest {
+	return ApiListGroupRulesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []GroupRule
+func (a *GroupApiService) ListGroupRulesExecute(r ApiListGroupRulesRequest) ([]GroupRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []GroupRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ListGroupRules")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/rules"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.search != nil {
+		localVarQueryParams.Add("search", parameterToString(*r.search, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGroupUsersRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+// Specifies the pagination cursor for the next page of users
+func (r ApiListGroupUsersRequest) After(after string) ApiListGroupUsersRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of user results in a page
+func (r ApiListGroupUsersRequest) Limit(limit int32) ApiListGroupUsersRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListGroupUsersRequest) Execute() ([]User, *APIResponse, error) {
+	return r.ApiService.ListGroupUsersExecute(r)
+}
+
+/*
+ListGroupUsers List all Member Users
+
+Lists all users that are a member of a group
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiListGroupUsersRequest
+*/
+func (a *GroupApiService) ListGroupUsers(ctx context.Context, groupId string) ApiListGroupUsersRequest {
+	return ApiListGroupUsersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []User
+func (a *GroupApiService) ListGroupUsersExecute(r ApiListGroupUsersRequest) ([]User, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []User
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ListGroupUsers")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/users"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGroupsRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	q          *string
+	filter     *string
+	after      *string
+	limit      *int32
+	expand     *string
+	search     *string
+	retryCount int32
+}
+
+// Searches the name property of groups for matching value
+func (r ApiListGroupsRequest) Q(q string) ApiListGroupsRequest {
+	r.q = &q
+	return r
+}
+
+// Filter expression for groups
+func (r ApiListGroupsRequest) Filter(filter string) ApiListGroupsRequest {
+	r.filter = &filter
+	return r
+}
+
+// Specifies the pagination cursor for the next page of groups
+func (r ApiListGroupsRequest) After(after string) ApiListGroupsRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of group results in a page
+func (r ApiListGroupsRequest) Limit(limit int32) ApiListGroupsRequest {
+	r.limit = &limit
+	return r
+}
+
+// If specified, it causes additional metadata to be included in the response.
+func (r ApiListGroupsRequest) Expand(expand string) ApiListGroupsRequest {
+	r.expand = &expand
+	return r
+}
+
+// Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass
+func (r ApiListGroupsRequest) Search(search string) ApiListGroupsRequest {
+	r.search = &search
+	return r
+}
+
+func (r ApiListGroupsRequest) Execute() ([]Group, *APIResponse, error) {
+	return r.ApiService.ListGroupsExecute(r)
+}
+
+/*
+ListGroups List all Groups
+
+Lists all groups with pagination support. A subset of groups can be returned that match a supported filter expression or query.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListGroupsRequest
+*/
+func (a *GroupApiService) ListGroups(ctx context.Context) ApiListGroupsRequest {
+	return ApiListGroupsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Group
+func (a *GroupApiService) ListGroupsExecute(r ApiListGroupsRequest) ([]Group, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Group
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ListGroups")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.search != nil {
+		localVarQueryParams.Add("search", parameterToString(*r.search, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceGroupRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	group      *Group
+	retryCount int32
+}
+
+func (r ApiReplaceGroupRequest) Group(group Group) ApiReplaceGroupRequest {
+	r.group = &group
+	return r
+}
+
+func (r ApiReplaceGroupRequest) Execute() (*Group, *APIResponse, error) {
+	return r.ApiService.ReplaceGroupExecute(r)
+}
+
+/*
+ReplaceGroup Replace a Group
+
+Replaces the profile for a group with `OKTA_GROUP` type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiReplaceGroupRequest
+*/
+func (a *GroupApiService) ReplaceGroup(ctx context.Context, groupId string) ApiReplaceGroupRequest {
+	return ApiReplaceGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Group
+func (a *GroupApiService) ReplaceGroupExecute(r ApiReplaceGroupRequest) (*Group, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Group
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ReplaceGroup")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.group == nil {
+		return localVarReturnValue, nil, reportError("group is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.group
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceGroupRuleRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	ruleId     string
+	groupRule  *GroupRule
+	retryCount int32
+}
+
+func (r ApiReplaceGroupRuleRequest) GroupRule(groupRule GroupRule) ApiReplaceGroupRuleRequest {
+	r.groupRule = &groupRule
+	return r
+}
+
+func (r ApiReplaceGroupRuleRequest) Execute() (*GroupRule, *APIResponse, error) {
+	return r.ApiService.ReplaceGroupRuleExecute(r)
+}
+
+/*
+ReplaceGroupRule Replace a Group Rule
+
+Replaces a group rule. Only `INACTIVE` rules can be updated.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param ruleId
+	@return ApiReplaceGroupRuleRequest
+*/
+func (a *GroupApiService) ReplaceGroupRule(ctx context.Context, ruleId string) ApiReplaceGroupRuleRequest {
+	return ApiReplaceGroupRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return GroupRule
+func (a *GroupApiService) ReplaceGroupRuleExecute(r ApiReplaceGroupRuleRequest) (*GroupRule, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *GroupRule
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.ReplaceGroupRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.groupRule == nil {
+		return localVarReturnValue, nil, reportError("groupRule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.groupRule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUnassignUserFromGroupRequest struct {
+	ctx        context.Context
+	ApiService GroupApi
+	groupId    string
+	userId     string
+	retryCount int32
+}
+
+func (r ApiUnassignUserFromGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignUserFromGroupExecute(r)
+}
+
+/*
+UnassignUserFromGroup Unassign a User
+
+Unassigns a user from a group with 'OKTA_GROUP' type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param userId
+	@return ApiUnassignUserFromGroupRequest
+*/
+func (a *GroupApiService) UnassignUserFromGroup(ctx context.Context, groupId string, userId string) ApiUnassignUserFromGroupRequest {
+	return ApiUnassignUserFromGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *GroupApiService) UnassignUserFromGroupExecute(r ApiUnassignUserFromGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "GroupApiService.UnassignUserFromGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_group_test.go b/okta/api_group_test.go
new file mode 100644
index 000000000..429a97b04
--- /dev/null
+++ b/okta/api_group_test.go
@@ -0,0 +1,264 @@
+package okta
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func setupGroup(name string) (*Group, *APIResponse, error) {
+	req := apiClient.GroupApi.CreateGroup(apiClient.cfg.Context)
+	gp := NewGroupProfile()
+	gp.SetName(name)
+	payload := Group{Profile: gp}
+	req = req.Group(payload)
+	return req.Execute()
+}
+
+func cleanUpGroup(groupId string) (err error) {
+	_, err = apiClient.GroupApi.DeleteGroup(apiClient.cfg.Context, groupId).Execute()
+	return
+}
+
+func cleanUpGroupRule(groupRuleId string) (err error) {
+	_, err = apiClient.GroupApi.DeleteGroupRule(apiClient.cfg.Context, groupRuleId).Execute()
+	return
+}
+
+func Test_Get_Group(t *testing.T) {
+	group, _, err := setupGroup(randomTestString())
+	require.NoError(t, err, "Creating a new group should not error")
+	t.Run("get group by id", func(t *testing.T) {
+		gid, _, err := apiClient.GroupApi.GetGroup(apiClient.cfg.Context, group.GetId()).Execute()
+		require.NoError(t, err, "Could not get group by ID")
+		assert.Equal(t, group.GetId(), gid.GetId())
+	})
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+}
+
+func Test_Get_List_Group(t *testing.T) {
+	group, _, err := setupGroup(randomTestString())
+	require.NoError(t, err, "Creating a new group should not error")
+	t.Run("get list group", func(t *testing.T) {
+		gs, _, err := apiClient.GroupApi.ListGroups(apiClient.cfg.Context).Execute()
+		require.NoError(t, err, "Could not get list group")
+		var createdGroupInList bool
+		for _, g := range gs {
+			if group.GetId() == g.GetId() {
+				createdGroupInList = true
+			}
+		}
+		assert.True(t, createdGroupInList, "Could not find group from list")
+	})
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+}
+
+func Test_Search_Group(t *testing.T) {
+	groupName := randomTestString()
+	group, _, err := setupGroup(groupName)
+	require.NoError(t, err, "Creating a new group should not error")
+	t.Run("search group", func(t *testing.T) {
+		req := apiClient.GroupApi.ListGroups(apiClient.cfg.Context)
+		req = req.Q(groupName)
+		gs, _, err := req.Execute()
+		require.NoError(t, err, "Could not get result from search keyword")
+		var createdGroupInList bool
+		for _, g := range gs {
+			if group.GetId() == g.GetId() {
+				createdGroupInList = true
+			}
+		}
+		assert.True(t, createdGroupInList, "Could not find group from list")
+	})
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+}
+
+func Test_Update_Group(t *testing.T) {
+	oldGroupName := randomTestString()
+	group, _, err := setupGroup(oldGroupName)
+	require.NoError(t, err, "Creating a new group should not error")
+	t.Run("update group", func(t *testing.T) {
+		newGroupName := randomTestString()
+		ngp := GroupProfile{}
+		ngp.SetName(newGroupName)
+		ng := Group{}
+		ng.SetProfile(ngp)
+		req := apiClient.GroupApi.ReplaceGroup(apiClient.cfg.Context, group.GetId())
+		req = req.Group(ng)
+		g, _, err := req.Execute()
+		require.NoError(t, err, "Could not update group")
+		assert.NotNil(t, g.Profile, "Group profile is nil")
+		assert.Equal(t, g.Profile.GetName(), newGroupName)
+	})
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+}
+
+func Test_Group_User_Operation(t *testing.T) {
+	group, _, err := setupGroup(randomTestString())
+	require.NoError(t, err, "Creating a new group should not error")
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("add user to group", func(t *testing.T) {
+		_, err := apiClient.GroupApi.AssignUserToGroup(apiClient.cfg.Context, group.GetId(), user.GetId()).Execute()
+		require.NoError(t, err, "Could not add user to group")
+		users, _, err := apiClient.GroupApi.ListGroupUsers(apiClient.cfg.Context, group.GetId()).Execute()
+		require.NoError(t, err)
+		found := false
+		for _, u := range users {
+			if u.GetId() == user.GetId() {
+				found = true
+			}
+		}
+		assert.True(t, found, "Could not find user in group")
+	})
+	t.Run("remove user from group", func(t *testing.T) {
+		_, err := apiClient.GroupApi.UnassignUserFromGroup(apiClient.cfg.Context, group.GetId(), user.GetId()).Execute()
+		require.NoError(t, err, "Could not remove user from group")
+		users, _, err := apiClient.GroupApi.ListGroupUsers(apiClient.cfg.Context, group.GetId()).Execute()
+		require.NoError(t, err)
+		found := false
+		for _, u := range users {
+			if u.GetId() == user.GetId() {
+				found = true
+			}
+		}
+		assert.False(t, found, "Found user in group")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+}
+
+func Test_Group_Rule_Operation(t *testing.T) {
+	group, _, err := setupGroup(randomTestString())
+	require.NoError(t, err, "Creating a new group should not error")
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	grce := NewGroupRuleExpression()
+	grce.SetType("urn:okta:expression:1.0")
+	grce.SetValue("user.lastName==\"" + user.Profile.GetLastName() + "\"")
+	grc := NewGroupRuleConditions()
+	grc.SetExpression(*grce)
+	grga := NewGroupRuleGroupAssignment()
+	grga.SetGroupIds([]string{group.GetId()})
+	gra := NewGroupRuleAction()
+	gra.SetAssignUserToGroups(*grga)
+	gr := NewGroupRule()
+	gr.SetActions(*gra)
+	gr.SetConditions(*grc)
+	gr.SetType("group_rule")
+	gr.SetName(randomTestString())
+	req := apiClient.GroupApi.CreateGroupRule(apiClient.cfg.Context)
+	req = req.GroupRule(*gr)
+	groupRule, _, err := req.Execute()
+	require.NoError(t, err, "Creating a new group rule should not error")
+	t.Run("activate group rule", func(t *testing.T) {
+		_, err = apiClient.GroupApi.ActivateGroupRule(apiClient.cfg.Context, groupRule.GetId()).Execute()
+		require.NoError(t, err, "Should not error when activating rule")
+		groupRules, _, err := apiClient.GroupApi.ListGroupRules(apiClient.cfg.Context).Execute()
+		require.NoError(t, err, "Should not error when listing group rule")
+		found := false
+		for _, grs := range groupRules {
+			if groupRule.GetId() == grs.GetId() {
+				found = true
+			}
+		}
+		assert.True(t, found, "Found group rule in list")
+	})
+	t.Run("deactivate group rule", func(t *testing.T) {
+		_, err = apiClient.GroupApi.DeactivateGroupRule(apiClient.cfg.Context, groupRule.GetId()).Execute()
+		require.NoError(t, err, "Should not error when deactivating rule")
+	})
+	t.Run("update group rule", func(t *testing.T) {
+		grce := NewGroupRuleExpression()
+		grce.SetType("urn:okta:expression:1.0")
+		grce.SetValue("user.lastName==\"Incorrect\"")
+		grc := NewGroupRuleConditions()
+		grc.SetExpression(*grce)
+		grga := NewGroupRuleGroupAssignment()
+		grga.SetGroupIds([]string{group.GetId()})
+		gra := NewGroupRuleAction()
+		gra.SetAssignUserToGroups(*grga)
+		gr := NewGroupRule()
+		gr.SetActions(*gra)
+		gr.SetConditions(*grc)
+		gr.SetType("group_rule")
+		gr.SetName(randomTestString())
+		req := apiClient.GroupApi.ReplaceGroupRule(apiClient.cfg.Context, groupRule.GetId())
+		req = req.GroupRule(*gr)
+		newGroupRule, _, err := req.Execute()
+		require.NoError(t, err, "Should not error when updating rule")
+		_, err = apiClient.GroupApi.ActivateGroupRule(apiClient.cfg.Context, newGroupRule.GetId()).Execute()
+		require.NoError(t, err, "Should not error when activating rule")
+		_, err = apiClient.GroupApi.DeactivateGroupRule(apiClient.cfg.Context, groupRule.GetId()).Execute()
+		require.NoError(t, err, "Should not error when deactivating rule")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+	err = cleanUpGroupRule(groupRule.GetId())
+	require.NoError(t, err, "Clean up group rule should not error")
+}
+
+func Test_List_Assigned_Applications_For_Group(t *testing.T) {
+	group, _, err := setupGroup(randomTestString())
+	require.NoError(t, err, "Creating a new group should not error")
+	var createdApp *ListApplications200ResponseInner
+	t.Run("get list assigned application for group", func(t *testing.T) {
+		apps, _, err := apiClient.GroupApi.ListAssignedApplicationsForGroup(apiClient.cfg.Context, group.GetId()).Execute()
+		require.NoError(t, err, "Should not error when listing assigned apps for group")
+		assert.Equal(t, 0, len(apps), "there shouldn't be any apps assigned to group")
+		createdApp, _, err = setupBookmarkApplication(randomTestString())
+		require.NoError(t, err, "Creating an application should not error")
+		aareq := apiClient.ApplicationApi.AssignGroupToApplication(apiClient.cfg.Context, createdApp.BookmarkApplication.GetId(), group.GetId())
+		aareq.applicationGroupAssignment = NewApplicationGroupAssignment()
+		_, _, err = aareq.Execute()
+		require.NoError(t, err, "Assigning application to group should not error")
+		apps, _, err = apiClient.GroupApi.ListAssignedApplicationsForGroup(apiClient.cfg.Context, group.GetId()).Execute()
+		require.NoError(t, err, "Should not error when listing assigned apps for group")
+		assert.Equal(t, 1, len(apps), "there shouldn't be any apps assigned to group")
+	})
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+	err = cleanUpApplication(createdApp.BookmarkApplication.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+}
+
+func Test_Assigned_Role_To_Group_Operation(t *testing.T) {
+	group, _, err := setupGroup(randomTestString())
+	require.NoError(t, err, "Creating a new group should not error")
+	var createdRole *Role
+	t.Run("assigned role to group", func(t *testing.T) {
+		req := apiClient.RoleAssignmentApi.AssignRoleToGroup(apiClient.cfg.Context, group.GetId())
+		assignedRoleSA := NewAssignRoleRequest()
+		assignedRoleSA.SetType("SUPER_ADMIN")
+		req = req.AssignRoleRequest(*assignedRoleSA)
+		createdRole, _, err = req.Execute()
+		require.NoError(t, err, "Assigned role to group should not error")
+		roles, _, err := apiClient.RoleAssignmentApi.ListGroupAssignedRoles(apiClient.cfg.Context, group.GetId()).Execute()
+		require.NoError(t, err, "Listing group assigned role should not error")
+		var found bool
+		for _, r := range roles {
+			if r.GetId() == createdRole.GetId() {
+				found = true
+			}
+		}
+		assert.True(t, found)
+	})
+	t.Run("unassigned role to group", func(t *testing.T) {
+		_, err = apiClient.RoleAssignmentApi.UnassignRoleFromGroup(apiClient.cfg.Context, group.GetId(), createdRole.GetId()).Execute()
+		require.NoError(t, err, "Unassigned role to group should not error")
+		roles, _, err := apiClient.RoleAssignmentApi.ListGroupAssignedRoles(apiClient.cfg.Context, group.GetId()).Execute()
+		require.NoError(t, err, "Listing group assigned role should not error")
+		assert.Empty(t, roles)
+	})
+	err = cleanUpGroup(group.GetId())
+	require.NoError(t, err, "Clean up group should not error")
+}
diff --git a/okta/api_hook_key.go b/okta/api_hook_key.go
new file mode 100644
index 000000000..3ac3e2f72
--- /dev/null
+++ b/okta/api_hook_key.go
@@ -0,0 +1,1124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type HookKeyApi interface {
+	/*
+		CreateHookKey Create a key
+
+		Creates a key
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateHookKeyRequest
+	*/
+	CreateHookKey(ctx context.Context) ApiCreateHookKeyRequest
+
+	// CreateHookKeyExecute executes the request
+	//  @return HookKey
+	CreateHookKeyExecute(r ApiCreateHookKeyRequest) (*HookKey, *APIResponse, error)
+
+	/*
+		DeleteHookKey Delete a key
+
+		Deletes a key by `hookKeyId`. Once deleted, the Hook Key is unrecoverable. As a safety precaution, unused keys are eligible for deletion.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param hookKeyId
+		@return ApiDeleteHookKeyRequest
+	*/
+	DeleteHookKey(ctx context.Context, hookKeyId string) ApiDeleteHookKeyRequest
+
+	// DeleteHookKeyExecute executes the request
+	DeleteHookKeyExecute(r ApiDeleteHookKeyRequest) (*APIResponse, error)
+
+	/*
+		GetHookKey Retrieve a key
+
+		Retrieves a key by `hookKeyId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param hookKeyId
+		@return ApiGetHookKeyRequest
+	*/
+	GetHookKey(ctx context.Context, hookKeyId string) ApiGetHookKeyRequest
+
+	// GetHookKeyExecute executes the request
+	//  @return HookKey
+	GetHookKeyExecute(r ApiGetHookKeyRequest) (*HookKey, *APIResponse, error)
+
+	/*
+		GetPublicKey Retrieve a public key
+
+		Retrieves a public key by `keyId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param keyId
+		@return ApiGetPublicKeyRequest
+	*/
+	GetPublicKey(ctx context.Context, keyId string) ApiGetPublicKeyRequest
+
+	// GetPublicKeyExecute executes the request
+	//  @return JsonWebKey
+	GetPublicKeyExecute(r ApiGetPublicKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		ListHookKeys List all keys
+
+		Lists all keys
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListHookKeysRequest
+	*/
+	ListHookKeys(ctx context.Context) ApiListHookKeysRequest
+
+	// ListHookKeysExecute executes the request
+	//  @return []HookKey
+	ListHookKeysExecute(r ApiListHookKeysRequest) ([]HookKey, *APIResponse, error)
+
+	/*
+		ReplaceHookKey Replace a key
+
+		Replaces a key by `hookKeyId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param hookKeyId
+		@return ApiReplaceHookKeyRequest
+	*/
+	ReplaceHookKey(ctx context.Context, hookKeyId string) ApiReplaceHookKeyRequest
+
+	// ReplaceHookKeyExecute executes the request
+	//  @return HookKey
+	ReplaceHookKeyExecute(r ApiReplaceHookKeyRequest) (*HookKey, *APIResponse, error)
+}
+
+// HookKeyApiService HookKeyApi service
+type HookKeyApiService service
+
+type ApiCreateHookKeyRequest struct {
+	ctx        context.Context
+	ApiService HookKeyApi
+	keyRequest *KeyRequest
+	retryCount int32
+}
+
+func (r ApiCreateHookKeyRequest) KeyRequest(keyRequest KeyRequest) ApiCreateHookKeyRequest {
+	r.keyRequest = &keyRequest
+	return r
+}
+
+func (r ApiCreateHookKeyRequest) Execute() (*HookKey, *APIResponse, error) {
+	return r.ApiService.CreateHookKeyExecute(r)
+}
+
+/*
+CreateHookKey Create a key
+
+Creates a key
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateHookKeyRequest
+*/
+func (a *HookKeyApiService) CreateHookKey(ctx context.Context) ApiCreateHookKeyRequest {
+	return ApiCreateHookKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return HookKey
+func (a *HookKeyApiService) CreateHookKeyExecute(r ApiCreateHookKeyRequest) (*HookKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *HookKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "HookKeyApiService.CreateHookKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/hook-keys"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.keyRequest == nil {
+		return localVarReturnValue, nil, reportError("keyRequest is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.keyRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteHookKeyRequest struct {
+	ctx        context.Context
+	ApiService HookKeyApi
+	hookKeyId  string
+	retryCount int32
+}
+
+func (r ApiDeleteHookKeyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteHookKeyExecute(r)
+}
+
+/*
+DeleteHookKey Delete a key
+
+Deletes a key by `hookKeyId`. Once deleted, the Hook Key is unrecoverable. As a safety precaution, unused keys are eligible for deletion.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param hookKeyId
+	@return ApiDeleteHookKeyRequest
+*/
+func (a *HookKeyApiService) DeleteHookKey(ctx context.Context, hookKeyId string) ApiDeleteHookKeyRequest {
+	return ApiDeleteHookKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		hookKeyId:  hookKeyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *HookKeyApiService) DeleteHookKeyExecute(r ApiDeleteHookKeyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "HookKeyApiService.DeleteHookKey")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/hook-keys/{hookKeyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"hookKeyId"+"}", url.PathEscape(parameterToString(r.hookKeyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetHookKeyRequest struct {
+	ctx        context.Context
+	ApiService HookKeyApi
+	hookKeyId  string
+	retryCount int32
+}
+
+func (r ApiGetHookKeyRequest) Execute() (*HookKey, *APIResponse, error) {
+	return r.ApiService.GetHookKeyExecute(r)
+}
+
+/*
+GetHookKey Retrieve a key
+
+Retrieves a key by `hookKeyId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param hookKeyId
+	@return ApiGetHookKeyRequest
+*/
+func (a *HookKeyApiService) GetHookKey(ctx context.Context, hookKeyId string) ApiGetHookKeyRequest {
+	return ApiGetHookKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		hookKeyId:  hookKeyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return HookKey
+func (a *HookKeyApiService) GetHookKeyExecute(r ApiGetHookKeyRequest) (*HookKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *HookKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "HookKeyApiService.GetHookKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/hook-keys/{hookKeyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"hookKeyId"+"}", url.PathEscape(parameterToString(r.hookKeyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetPublicKeyRequest struct {
+	ctx        context.Context
+	ApiService HookKeyApi
+	keyId      string
+	retryCount int32
+}
+
+func (r ApiGetPublicKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.GetPublicKeyExecute(r)
+}
+
+/*
+GetPublicKey Retrieve a public key
+
+Retrieves a public key by `keyId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param keyId
+	@return ApiGetPublicKeyRequest
+*/
+func (a *HookKeyApiService) GetPublicKey(ctx context.Context, keyId string) ApiGetPublicKeyRequest {
+	return ApiGetPublicKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		keyId:      keyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *HookKeyApiService) GetPublicKeyExecute(r ApiGetPublicKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "HookKeyApiService.GetPublicKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/hook-keys/public/{keyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"keyId"+"}", url.PathEscape(parameterToString(r.keyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListHookKeysRequest struct {
+	ctx        context.Context
+	ApiService HookKeyApi
+	retryCount int32
+}
+
+func (r ApiListHookKeysRequest) Execute() ([]HookKey, *APIResponse, error) {
+	return r.ApiService.ListHookKeysExecute(r)
+}
+
+/*
+ListHookKeys List all keys
+
+Lists all keys
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListHookKeysRequest
+*/
+func (a *HookKeyApiService) ListHookKeys(ctx context.Context) ApiListHookKeysRequest {
+	return ApiListHookKeysRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []HookKey
+func (a *HookKeyApiService) ListHookKeysExecute(r ApiListHookKeysRequest) ([]HookKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []HookKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "HookKeyApiService.ListHookKeys")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/hook-keys"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceHookKeyRequest struct {
+	ctx        context.Context
+	ApiService HookKeyApi
+	hookKeyId  string
+	keyRequest *KeyRequest
+	retryCount int32
+}
+
+func (r ApiReplaceHookKeyRequest) KeyRequest(keyRequest KeyRequest) ApiReplaceHookKeyRequest {
+	r.keyRequest = &keyRequest
+	return r
+}
+
+func (r ApiReplaceHookKeyRequest) Execute() (*HookKey, *APIResponse, error) {
+	return r.ApiService.ReplaceHookKeyExecute(r)
+}
+
+/*
+ReplaceHookKey Replace a key
+
+Replaces a key by `hookKeyId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param hookKeyId
+	@return ApiReplaceHookKeyRequest
+*/
+func (a *HookKeyApiService) ReplaceHookKey(ctx context.Context, hookKeyId string) ApiReplaceHookKeyRequest {
+	return ApiReplaceHookKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		hookKeyId:  hookKeyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return HookKey
+func (a *HookKeyApiService) ReplaceHookKeyExecute(r ApiReplaceHookKeyRequest) (*HookKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *HookKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "HookKeyApiService.ReplaceHookKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/hook-keys/{hookKeyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"hookKeyId"+"}", url.PathEscape(parameterToString(r.hookKeyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.keyRequest == nil {
+		return localVarReturnValue, nil, reportError("keyRequest is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.keyRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_identity_provider.go b/okta/api_identity_provider.go
new file mode 100644
index 000000000..ea789bacf
--- /dev/null
+++ b/okta/api_identity_provider.go
@@ -0,0 +1,4706 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+)
+
+type IdentityProviderApi interface {
+	/*
+		ActivateIdentityProvider Activate an Identity Provider
+
+		Activates an inactive IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiActivateIdentityProviderRequest
+	*/
+	ActivateIdentityProvider(ctx context.Context, idpId string) ApiActivateIdentityProviderRequest
+
+	// ActivateIdentityProviderExecute executes the request
+	//  @return IdentityProvider
+	ActivateIdentityProviderExecute(r ApiActivateIdentityProviderRequest) (*IdentityProvider, *APIResponse, error)
+
+	/*
+		CloneIdentityProviderKey Clone a Signing Credential Key
+
+		Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param keyId
+		@return ApiCloneIdentityProviderKeyRequest
+	*/
+	CloneIdentityProviderKey(ctx context.Context, idpId string, keyId string) ApiCloneIdentityProviderKeyRequest
+
+	// CloneIdentityProviderKeyExecute executes the request
+	//  @return JsonWebKey
+	CloneIdentityProviderKeyExecute(r ApiCloneIdentityProviderKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		CreateIdentityProvider Create an Identity Provider
+
+		Creates a new identity provider integration
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateIdentityProviderRequest
+	*/
+	CreateIdentityProvider(ctx context.Context) ApiCreateIdentityProviderRequest
+
+	// CreateIdentityProviderExecute executes the request
+	//  @return IdentityProvider
+	CreateIdentityProviderExecute(r ApiCreateIdentityProviderRequest) (*IdentityProvider, *APIResponse, error)
+
+	/*
+		CreateIdentityProviderKey Create an X.509 Certificate Public Key
+
+		Creates a new X.509 certificate credential to the IdP key store.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateIdentityProviderKeyRequest
+	*/
+	CreateIdentityProviderKey(ctx context.Context) ApiCreateIdentityProviderKeyRequest
+
+	// CreateIdentityProviderKeyExecute executes the request
+	//  @return JsonWebKey
+	CreateIdentityProviderKeyExecute(r ApiCreateIdentityProviderKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		DeactivateIdentityProvider Deactivate an Identity Provider
+
+		Deactivates an active IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiDeactivateIdentityProviderRequest
+	*/
+	DeactivateIdentityProvider(ctx context.Context, idpId string) ApiDeactivateIdentityProviderRequest
+
+	// DeactivateIdentityProviderExecute executes the request
+	//  @return IdentityProvider
+	DeactivateIdentityProviderExecute(r ApiDeactivateIdentityProviderRequest) (*IdentityProvider, *APIResponse, error)
+
+	/*
+		DeleteIdentityProvider Delete an Identity Provider
+
+		Deletes an identity provider integration by `idpId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiDeleteIdentityProviderRequest
+	*/
+	DeleteIdentityProvider(ctx context.Context, idpId string) ApiDeleteIdentityProviderRequest
+
+	// DeleteIdentityProviderExecute executes the request
+	DeleteIdentityProviderExecute(r ApiDeleteIdentityProviderRequest) (*APIResponse, error)
+
+	/*
+		DeleteIdentityProviderKey Delete a Signing Credential Key
+
+		Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param keyId
+		@return ApiDeleteIdentityProviderKeyRequest
+	*/
+	DeleteIdentityProviderKey(ctx context.Context, keyId string) ApiDeleteIdentityProviderKeyRequest
+
+	// DeleteIdentityProviderKeyExecute executes the request
+	DeleteIdentityProviderKeyExecute(r ApiDeleteIdentityProviderKeyRequest) (*APIResponse, error)
+
+	/*
+		GenerateCsrForIdentityProvider Generate a Certificate Signing Request
+
+		Generates a new key pair and returns a Certificate Signing Request for it
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiGenerateCsrForIdentityProviderRequest
+	*/
+	GenerateCsrForIdentityProvider(ctx context.Context, idpId string) ApiGenerateCsrForIdentityProviderRequest
+
+	// GenerateCsrForIdentityProviderExecute executes the request
+	//  @return Csr
+	GenerateCsrForIdentityProviderExecute(r ApiGenerateCsrForIdentityProviderRequest) (*Csr, *APIResponse, error)
+
+	/*
+		GenerateIdentityProviderSigningKey Generate a new Signing Credential Key
+
+		Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiGenerateIdentityProviderSigningKeyRequest
+	*/
+	GenerateIdentityProviderSigningKey(ctx context.Context, idpId string) ApiGenerateIdentityProviderSigningKeyRequest
+
+	// GenerateIdentityProviderSigningKeyExecute executes the request
+	//  @return JsonWebKey
+	GenerateIdentityProviderSigningKeyExecute(r ApiGenerateIdentityProviderSigningKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		GetCsrForIdentityProvider Retrieve a Certificate Signing Request
+
+		Retrieves a specific Certificate Signing Request model by id
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param csrId
+		@return ApiGetCsrForIdentityProviderRequest
+	*/
+	GetCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) ApiGetCsrForIdentityProviderRequest
+
+	// GetCsrForIdentityProviderExecute executes the request
+	//  @return Csr
+	GetCsrForIdentityProviderExecute(r ApiGetCsrForIdentityProviderRequest) (*Csr, *APIResponse, error)
+
+	/*
+		GetIdentityProvider Retrieve an Identity Provider
+
+		Retrieves an identity provider integration by `idpId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiGetIdentityProviderRequest
+	*/
+	GetIdentityProvider(ctx context.Context, idpId string) ApiGetIdentityProviderRequest
+
+	// GetIdentityProviderExecute executes the request
+	//  @return IdentityProvider
+	GetIdentityProviderExecute(r ApiGetIdentityProviderRequest) (*IdentityProvider, *APIResponse, error)
+
+	/*
+		GetIdentityProviderApplicationUser Retrieve a User
+
+		Retrieves a linked IdP user by ID
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param userId
+		@return ApiGetIdentityProviderApplicationUserRequest
+	*/
+	GetIdentityProviderApplicationUser(ctx context.Context, idpId string, userId string) ApiGetIdentityProviderApplicationUserRequest
+
+	// GetIdentityProviderApplicationUserExecute executes the request
+	//  @return IdentityProviderApplicationUser
+	GetIdentityProviderApplicationUserExecute(r ApiGetIdentityProviderApplicationUserRequest) (*IdentityProviderApplicationUser, *APIResponse, error)
+
+	/*
+		GetIdentityProviderKey Retrieve an Credential Key
+
+		Retrieves a specific IdP Key Credential by `kid`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param keyId
+		@return ApiGetIdentityProviderKeyRequest
+	*/
+	GetIdentityProviderKey(ctx context.Context, keyId string) ApiGetIdentityProviderKeyRequest
+
+	// GetIdentityProviderKeyExecute executes the request
+	//  @return JsonWebKey
+	GetIdentityProviderKeyExecute(r ApiGetIdentityProviderKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		GetIdentityProviderSigningKey Retrieve a Signing Credential Key
+
+		Retrieves a specific IdP Key Credential by `kid`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param keyId
+		@return ApiGetIdentityProviderSigningKeyRequest
+	*/
+	GetIdentityProviderSigningKey(ctx context.Context, idpId string, keyId string) ApiGetIdentityProviderSigningKeyRequest
+
+	// GetIdentityProviderSigningKeyExecute executes the request
+	//  @return JsonWebKey
+	GetIdentityProviderSigningKeyExecute(r ApiGetIdentityProviderSigningKeyRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		LinkUserToIdentityProvider Link a User to a Social IdP
+
+		Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param userId
+		@return ApiLinkUserToIdentityProviderRequest
+	*/
+	LinkUserToIdentityProvider(ctx context.Context, idpId string, userId string) ApiLinkUserToIdentityProviderRequest
+
+	// LinkUserToIdentityProviderExecute executes the request
+	//  @return IdentityProviderApplicationUser
+	LinkUserToIdentityProviderExecute(r ApiLinkUserToIdentityProviderRequest) (*IdentityProviderApplicationUser, *APIResponse, error)
+
+	/*
+		ListCsrsForIdentityProvider List all Certificate Signing Requests
+
+		Lists all Certificate Signing Requests for an IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiListCsrsForIdentityProviderRequest
+	*/
+	ListCsrsForIdentityProvider(ctx context.Context, idpId string) ApiListCsrsForIdentityProviderRequest
+
+	// ListCsrsForIdentityProviderExecute executes the request
+	//  @return []Csr
+	ListCsrsForIdentityProviderExecute(r ApiListCsrsForIdentityProviderRequest) ([]Csr, *APIResponse, error)
+
+	/*
+		ListIdentityProviderApplicationUsers List all Users
+
+		Lists all users linked to the identity provider
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiListIdentityProviderApplicationUsersRequest
+	*/
+	ListIdentityProviderApplicationUsers(ctx context.Context, idpId string) ApiListIdentityProviderApplicationUsersRequest
+
+	// ListIdentityProviderApplicationUsersExecute executes the request
+	//  @return []IdentityProviderApplicationUser
+	ListIdentityProviderApplicationUsersExecute(r ApiListIdentityProviderApplicationUsersRequest) ([]IdentityProviderApplicationUser, *APIResponse, error)
+
+	/*
+		ListIdentityProviderKeys List all Credential Keys
+
+		Lists all IdP key credentials
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListIdentityProviderKeysRequest
+	*/
+	ListIdentityProviderKeys(ctx context.Context) ApiListIdentityProviderKeysRequest
+
+	// ListIdentityProviderKeysExecute executes the request
+	//  @return []JsonWebKey
+	ListIdentityProviderKeysExecute(r ApiListIdentityProviderKeysRequest) ([]JsonWebKey, *APIResponse, error)
+
+	/*
+		ListIdentityProviderSigningKeys List all Signing Credential Keys
+
+		Lists all signing key credentials for an IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiListIdentityProviderSigningKeysRequest
+	*/
+	ListIdentityProviderSigningKeys(ctx context.Context, idpId string) ApiListIdentityProviderSigningKeysRequest
+
+	// ListIdentityProviderSigningKeysExecute executes the request
+	//  @return []JsonWebKey
+	ListIdentityProviderSigningKeysExecute(r ApiListIdentityProviderSigningKeysRequest) ([]JsonWebKey, *APIResponse, error)
+
+	/*
+		ListIdentityProviders List all Identity Providers
+
+		Lists all identity provider integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListIdentityProvidersRequest
+	*/
+	ListIdentityProviders(ctx context.Context) ApiListIdentityProvidersRequest
+
+	// ListIdentityProvidersExecute executes the request
+	//  @return []IdentityProvider
+	ListIdentityProvidersExecute(r ApiListIdentityProvidersRequest) ([]IdentityProvider, *APIResponse, error)
+
+	/*
+		ListSocialAuthTokens List all Tokens from a OIDC Identity Provider
+
+		Lists the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param userId
+		@return ApiListSocialAuthTokensRequest
+	*/
+	ListSocialAuthTokens(ctx context.Context, idpId string, userId string) ApiListSocialAuthTokensRequest
+
+	// ListSocialAuthTokensExecute executes the request
+	//  @return []SocialAuthToken
+	ListSocialAuthTokensExecute(r ApiListSocialAuthTokensRequest) ([]SocialAuthToken, *APIResponse, error)
+
+	/*
+		PublishCsrForIdentityProvider Publish a Certificate Signing Request
+
+		Publishes a certificate signing request with a signed X.509 certificate and adds it into the signing key credentials for the IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param csrId
+		@return ApiPublishCsrForIdentityProviderRequest
+	*/
+	PublishCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) ApiPublishCsrForIdentityProviderRequest
+
+	// PublishCsrForIdentityProviderExecute executes the request
+	//  @return JsonWebKey
+	PublishCsrForIdentityProviderExecute(r ApiPublishCsrForIdentityProviderRequest) (*JsonWebKey, *APIResponse, error)
+
+	/*
+		ReplaceIdentityProvider Replace an Identity Provider
+
+		Replaces an identity provider integration by `idpId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@return ApiReplaceIdentityProviderRequest
+	*/
+	ReplaceIdentityProvider(ctx context.Context, idpId string) ApiReplaceIdentityProviderRequest
+
+	// ReplaceIdentityProviderExecute executes the request
+	//  @return IdentityProvider
+	ReplaceIdentityProviderExecute(r ApiReplaceIdentityProviderRequest) (*IdentityProvider, *APIResponse, error)
+
+	/*
+		RevokeCsrForIdentityProvider Revoke a Certificate Signing Request
+
+		Revokes a certificate signing request and deletes the key pair from the IdP
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param csrId
+		@return ApiRevokeCsrForIdentityProviderRequest
+	*/
+	RevokeCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) ApiRevokeCsrForIdentityProviderRequest
+
+	// RevokeCsrForIdentityProviderExecute executes the request
+	RevokeCsrForIdentityProviderExecute(r ApiRevokeCsrForIdentityProviderRequest) (*APIResponse, error)
+
+	/*
+		UnlinkUserFromIdentityProvider Unlink a User from IdP
+
+		Unlinks the link between the Okta user and the IdP user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param idpId
+		@param userId
+		@return ApiUnlinkUserFromIdentityProviderRequest
+	*/
+	UnlinkUserFromIdentityProvider(ctx context.Context, idpId string, userId string) ApiUnlinkUserFromIdentityProviderRequest
+
+	// UnlinkUserFromIdentityProviderExecute executes the request
+	UnlinkUserFromIdentityProviderExecute(r ApiUnlinkUserFromIdentityProviderRequest) (*APIResponse, error)
+}
+
+// IdentityProviderApiService IdentityProviderApi service
+type IdentityProviderApiService service
+
+type ApiActivateIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	retryCount int32
+}
+
+func (r ApiActivateIdentityProviderRequest) Execute() (*IdentityProvider, *APIResponse, error) {
+	return r.ApiService.ActivateIdentityProviderExecute(r)
+}
+
+/*
+ActivateIdentityProvider Activate an Identity Provider
+
+Activates an inactive IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiActivateIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) ActivateIdentityProvider(ctx context.Context, idpId string) ApiActivateIdentityProviderRequest {
+	return ApiActivateIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentityProvider
+func (a *IdentityProviderApiService) ActivateIdentityProviderExecute(r ApiActivateIdentityProviderRequest) (*IdentityProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentityProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ActivateIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCloneIdentityProviderKeyRequest struct {
+	ctx         context.Context
+	ApiService  IdentityProviderApi
+	idpId       string
+	keyId       string
+	targetIdpId *string
+	retryCount  int32
+}
+
+func (r ApiCloneIdentityProviderKeyRequest) TargetIdpId(targetIdpId string) ApiCloneIdentityProviderKeyRequest {
+	r.targetIdpId = &targetIdpId
+	return r
+}
+
+func (r ApiCloneIdentityProviderKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.CloneIdentityProviderKeyExecute(r)
+}
+
+/*
+CloneIdentityProviderKey Clone a Signing Credential Key
+
+Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param keyId
+	@return ApiCloneIdentityProviderKeyRequest
+*/
+func (a *IdentityProviderApiService) CloneIdentityProviderKey(ctx context.Context, idpId string, keyId string) ApiCloneIdentityProviderKeyRequest {
+	return ApiCloneIdentityProviderKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		keyId:      keyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *IdentityProviderApiService) CloneIdentityProviderKeyExecute(r ApiCloneIdentityProviderKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.CloneIdentityProviderKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"keyId"+"}", url.PathEscape(parameterToString(r.keyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.targetIdpId == nil {
+		return localVarReturnValue, nil, reportError("targetIdpId is required and must be specified")
+	}
+
+	localVarQueryParams.Add("targetIdpId", parameterToString(*r.targetIdpId, ""))
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateIdentityProviderRequest struct {
+	ctx              context.Context
+	ApiService       IdentityProviderApi
+	identityProvider *IdentityProvider
+	retryCount       int32
+}
+
+func (r ApiCreateIdentityProviderRequest) IdentityProvider(identityProvider IdentityProvider) ApiCreateIdentityProviderRequest {
+	r.identityProvider = &identityProvider
+	return r
+}
+
+func (r ApiCreateIdentityProviderRequest) Execute() (*IdentityProvider, *APIResponse, error) {
+	return r.ApiService.CreateIdentityProviderExecute(r)
+}
+
+/*
+CreateIdentityProvider Create an Identity Provider
+
+Creates a new identity provider integration
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) CreateIdentityProvider(ctx context.Context) ApiCreateIdentityProviderRequest {
+	return ApiCreateIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentityProvider
+func (a *IdentityProviderApiService) CreateIdentityProviderExecute(r ApiCreateIdentityProviderRequest) (*IdentityProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentityProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.CreateIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.identityProvider == nil {
+		return localVarReturnValue, nil, reportError("identityProvider is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.identityProvider
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateIdentityProviderKeyRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	jsonWebKey *JsonWebKey
+	retryCount int32
+}
+
+func (r ApiCreateIdentityProviderKeyRequest) JsonWebKey(jsonWebKey JsonWebKey) ApiCreateIdentityProviderKeyRequest {
+	r.jsonWebKey = &jsonWebKey
+	return r
+}
+
+func (r ApiCreateIdentityProviderKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.CreateIdentityProviderKeyExecute(r)
+}
+
+/*
+CreateIdentityProviderKey Create an X.509 Certificate Public Key
+
+Creates a new X.509 certificate credential to the IdP key store.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateIdentityProviderKeyRequest
+*/
+func (a *IdentityProviderApiService) CreateIdentityProviderKey(ctx context.Context) ApiCreateIdentityProviderKeyRequest {
+	return ApiCreateIdentityProviderKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *IdentityProviderApiService) CreateIdentityProviderKeyExecute(r ApiCreateIdentityProviderKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.CreateIdentityProviderKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/credentials/keys"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.jsonWebKey == nil {
+		return localVarReturnValue, nil, reportError("jsonWebKey is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.jsonWebKey
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	retryCount int32
+}
+
+func (r ApiDeactivateIdentityProviderRequest) Execute() (*IdentityProvider, *APIResponse, error) {
+	return r.ApiService.DeactivateIdentityProviderExecute(r)
+}
+
+/*
+DeactivateIdentityProvider Deactivate an Identity Provider
+
+Deactivates an active IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiDeactivateIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) DeactivateIdentityProvider(ctx context.Context, idpId string) ApiDeactivateIdentityProviderRequest {
+	return ApiDeactivateIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentityProvider
+func (a *IdentityProviderApiService) DeactivateIdentityProviderExecute(r ApiDeactivateIdentityProviderRequest) (*IdentityProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentityProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.DeactivateIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	retryCount int32
+}
+
+func (r ApiDeleteIdentityProviderRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteIdentityProviderExecute(r)
+}
+
+/*
+DeleteIdentityProvider Delete an Identity Provider
+
+Deletes an identity provider integration by `idpId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiDeleteIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) DeleteIdentityProvider(ctx context.Context, idpId string) ApiDeleteIdentityProviderRequest {
+	return ApiDeleteIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *IdentityProviderApiService) DeleteIdentityProviderExecute(r ApiDeleteIdentityProviderRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.DeleteIdentityProvider")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteIdentityProviderKeyRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	keyId      string
+	retryCount int32
+}
+
+func (r ApiDeleteIdentityProviderKeyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteIdentityProviderKeyExecute(r)
+}
+
+/*
+DeleteIdentityProviderKey Delete a Signing Credential Key
+
+Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param keyId
+	@return ApiDeleteIdentityProviderKeyRequest
+*/
+func (a *IdentityProviderApiService) DeleteIdentityProviderKey(ctx context.Context, keyId string) ApiDeleteIdentityProviderKeyRequest {
+	return ApiDeleteIdentityProviderKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		keyId:      keyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *IdentityProviderApiService) DeleteIdentityProviderKeyExecute(r ApiDeleteIdentityProviderKeyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.DeleteIdentityProviderKey")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/credentials/keys/{keyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"keyId"+"}", url.PathEscape(parameterToString(r.keyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGenerateCsrForIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	metadata   *CsrMetadata
+	retryCount int32
+}
+
+func (r ApiGenerateCsrForIdentityProviderRequest) Metadata(metadata CsrMetadata) ApiGenerateCsrForIdentityProviderRequest {
+	r.metadata = &metadata
+	return r
+}
+
+func (r ApiGenerateCsrForIdentityProviderRequest) Execute() (*Csr, *APIResponse, error) {
+	return r.ApiService.GenerateCsrForIdentityProviderExecute(r)
+}
+
+/*
+GenerateCsrForIdentityProvider Generate a Certificate Signing Request
+
+Generates a new key pair and returns a Certificate Signing Request for it
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiGenerateCsrForIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) GenerateCsrForIdentityProvider(ctx context.Context, idpId string) ApiGenerateCsrForIdentityProviderRequest {
+	return ApiGenerateCsrForIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Csr
+func (a *IdentityProviderApiService) GenerateCsrForIdentityProviderExecute(r ApiGenerateCsrForIdentityProviderRequest) (*Csr, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Csr
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.GenerateCsrForIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/csrs"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.metadata == nil {
+		return localVarReturnValue, nil, reportError("metadata is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.metadata
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGenerateIdentityProviderSigningKeyRequest struct {
+	ctx           context.Context
+	ApiService    IdentityProviderApi
+	idpId         string
+	validityYears *int32
+	retryCount    int32
+}
+
+// expiry of the IdP Key Credential
+func (r ApiGenerateIdentityProviderSigningKeyRequest) ValidityYears(validityYears int32) ApiGenerateIdentityProviderSigningKeyRequest {
+	r.validityYears = &validityYears
+	return r
+}
+
+func (r ApiGenerateIdentityProviderSigningKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.GenerateIdentityProviderSigningKeyExecute(r)
+}
+
+/*
+GenerateIdentityProviderSigningKey Generate a new Signing Credential Key
+
+Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiGenerateIdentityProviderSigningKeyRequest
+*/
+func (a *IdentityProviderApiService) GenerateIdentityProviderSigningKey(ctx context.Context, idpId string) ApiGenerateIdentityProviderSigningKeyRequest {
+	return ApiGenerateIdentityProviderSigningKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *IdentityProviderApiService) GenerateIdentityProviderSigningKeyExecute(r ApiGenerateIdentityProviderSigningKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.GenerateIdentityProviderSigningKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/keys/generate"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.validityYears == nil {
+		return localVarReturnValue, nil, reportError("validityYears is required and must be specified")
+	}
+
+	localVarQueryParams.Add("validityYears", parameterToString(*r.validityYears, ""))
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetCsrForIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	csrId      string
+	retryCount int32
+}
+
+func (r ApiGetCsrForIdentityProviderRequest) Execute() (*Csr, *APIResponse, error) {
+	return r.ApiService.GetCsrForIdentityProviderExecute(r)
+}
+
+/*
+GetCsrForIdentityProvider Retrieve a Certificate Signing Request
+
+Retrieves a specific Certificate Signing Request model by id
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param csrId
+	@return ApiGetCsrForIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) GetCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) ApiGetCsrForIdentityProviderRequest {
+	return ApiGetCsrForIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		csrId:      csrId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Csr
+func (a *IdentityProviderApiService) GetCsrForIdentityProviderExecute(r ApiGetCsrForIdentityProviderRequest) (*Csr, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Csr
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.GetCsrForIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/csrs/{csrId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"csrId"+"}", url.PathEscape(parameterToString(r.csrId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	retryCount int32
+}
+
+func (r ApiGetIdentityProviderRequest) Execute() (*IdentityProvider, *APIResponse, error) {
+	return r.ApiService.GetIdentityProviderExecute(r)
+}
+
+/*
+GetIdentityProvider Retrieve an Identity Provider
+
+Retrieves an identity provider integration by `idpId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiGetIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) GetIdentityProvider(ctx context.Context, idpId string) ApiGetIdentityProviderRequest {
+	return ApiGetIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentityProvider
+func (a *IdentityProviderApiService) GetIdentityProviderExecute(r ApiGetIdentityProviderRequest) (*IdentityProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentityProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.GetIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetIdentityProviderApplicationUserRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	userId     string
+	retryCount int32
+}
+
+func (r ApiGetIdentityProviderApplicationUserRequest) Execute() (*IdentityProviderApplicationUser, *APIResponse, error) {
+	return r.ApiService.GetIdentityProviderApplicationUserExecute(r)
+}
+
+/*
+GetIdentityProviderApplicationUser Retrieve a User
+
+Retrieves a linked IdP user by ID
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param userId
+	@return ApiGetIdentityProviderApplicationUserRequest
+*/
+func (a *IdentityProviderApiService) GetIdentityProviderApplicationUser(ctx context.Context, idpId string, userId string) ApiGetIdentityProviderApplicationUserRequest {
+	return ApiGetIdentityProviderApplicationUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentityProviderApplicationUser
+func (a *IdentityProviderApiService) GetIdentityProviderApplicationUserExecute(r ApiGetIdentityProviderApplicationUserRequest) (*IdentityProviderApplicationUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentityProviderApplicationUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.GetIdentityProviderApplicationUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetIdentityProviderKeyRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	keyId      string
+	retryCount int32
+}
+
+func (r ApiGetIdentityProviderKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.GetIdentityProviderKeyExecute(r)
+}
+
+/*
+GetIdentityProviderKey Retrieve an Credential Key
+
+Retrieves a specific IdP Key Credential by `kid`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param keyId
+	@return ApiGetIdentityProviderKeyRequest
+*/
+func (a *IdentityProviderApiService) GetIdentityProviderKey(ctx context.Context, keyId string) ApiGetIdentityProviderKeyRequest {
+	return ApiGetIdentityProviderKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		keyId:      keyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *IdentityProviderApiService) GetIdentityProviderKeyExecute(r ApiGetIdentityProviderKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.GetIdentityProviderKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/credentials/keys/{keyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"keyId"+"}", url.PathEscape(parameterToString(r.keyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetIdentityProviderSigningKeyRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	keyId      string
+	retryCount int32
+}
+
+func (r ApiGetIdentityProviderSigningKeyRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.GetIdentityProviderSigningKeyExecute(r)
+}
+
+/*
+GetIdentityProviderSigningKey Retrieve a Signing Credential Key
+
+Retrieves a specific IdP Key Credential by `kid`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param keyId
+	@return ApiGetIdentityProviderSigningKeyRequest
+*/
+func (a *IdentityProviderApiService) GetIdentityProviderSigningKey(ctx context.Context, idpId string, keyId string) ApiGetIdentityProviderSigningKeyRequest {
+	return ApiGetIdentityProviderSigningKeyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		keyId:      keyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *IdentityProviderApiService) GetIdentityProviderSigningKeyExecute(r ApiGetIdentityProviderSigningKeyRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.GetIdentityProviderSigningKey")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/keys/{keyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"keyId"+"}", url.PathEscape(parameterToString(r.keyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiLinkUserToIdentityProviderRequest struct {
+	ctx                             context.Context
+	ApiService                      IdentityProviderApi
+	idpId                           string
+	userId                          string
+	userIdentityProviderLinkRequest *UserIdentityProviderLinkRequest
+	retryCount                      int32
+}
+
+func (r ApiLinkUserToIdentityProviderRequest) UserIdentityProviderLinkRequest(userIdentityProviderLinkRequest UserIdentityProviderLinkRequest) ApiLinkUserToIdentityProviderRequest {
+	r.userIdentityProviderLinkRequest = &userIdentityProviderLinkRequest
+	return r
+}
+
+func (r ApiLinkUserToIdentityProviderRequest) Execute() (*IdentityProviderApplicationUser, *APIResponse, error) {
+	return r.ApiService.LinkUserToIdentityProviderExecute(r)
+}
+
+/*
+LinkUserToIdentityProvider Link a User to a Social IdP
+
+Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param userId
+	@return ApiLinkUserToIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) LinkUserToIdentityProvider(ctx context.Context, idpId string, userId string) ApiLinkUserToIdentityProviderRequest {
+	return ApiLinkUserToIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentityProviderApplicationUser
+func (a *IdentityProviderApiService) LinkUserToIdentityProviderExecute(r ApiLinkUserToIdentityProviderRequest) (*IdentityProviderApplicationUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentityProviderApplicationUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.LinkUserToIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.userIdentityProviderLinkRequest == nil {
+		return localVarReturnValue, nil, reportError("userIdentityProviderLinkRequest is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.userIdentityProviderLinkRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListCsrsForIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	retryCount int32
+}
+
+func (r ApiListCsrsForIdentityProviderRequest) Execute() ([]Csr, *APIResponse, error) {
+	return r.ApiService.ListCsrsForIdentityProviderExecute(r)
+}
+
+/*
+ListCsrsForIdentityProvider List all Certificate Signing Requests
+
+Lists all Certificate Signing Requests for an IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiListCsrsForIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) ListCsrsForIdentityProvider(ctx context.Context, idpId string) ApiListCsrsForIdentityProviderRequest {
+	return ApiListCsrsForIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Csr
+func (a *IdentityProviderApiService) ListCsrsForIdentityProviderExecute(r ApiListCsrsForIdentityProviderRequest) ([]Csr, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Csr
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ListCsrsForIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/csrs"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListIdentityProviderApplicationUsersRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	retryCount int32
+}
+
+func (r ApiListIdentityProviderApplicationUsersRequest) Execute() ([]IdentityProviderApplicationUser, *APIResponse, error) {
+	return r.ApiService.ListIdentityProviderApplicationUsersExecute(r)
+}
+
+/*
+ListIdentityProviderApplicationUsers List all Users
+
+Lists all users linked to the identity provider
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiListIdentityProviderApplicationUsersRequest
+*/
+func (a *IdentityProviderApiService) ListIdentityProviderApplicationUsers(ctx context.Context, idpId string) ApiListIdentityProviderApplicationUsersRequest {
+	return ApiListIdentityProviderApplicationUsersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []IdentityProviderApplicationUser
+func (a *IdentityProviderApiService) ListIdentityProviderApplicationUsersExecute(r ApiListIdentityProviderApplicationUsersRequest) ([]IdentityProviderApplicationUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []IdentityProviderApplicationUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ListIdentityProviderApplicationUsers")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/users"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListIdentityProviderKeysRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+// Specifies the pagination cursor for the next page of keys
+func (r ApiListIdentityProviderKeysRequest) After(after string) ApiListIdentityProviderKeysRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of key results in a page
+func (r ApiListIdentityProviderKeysRequest) Limit(limit int32) ApiListIdentityProviderKeysRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListIdentityProviderKeysRequest) Execute() ([]JsonWebKey, *APIResponse, error) {
+	return r.ApiService.ListIdentityProviderKeysExecute(r)
+}
+
+/*
+ListIdentityProviderKeys List all Credential Keys
+
+Lists all IdP key credentials
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListIdentityProviderKeysRequest
+*/
+func (a *IdentityProviderApiService) ListIdentityProviderKeys(ctx context.Context) ApiListIdentityProviderKeysRequest {
+	return ApiListIdentityProviderKeysRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []JsonWebKey
+func (a *IdentityProviderApiService) ListIdentityProviderKeysExecute(r ApiListIdentityProviderKeysRequest) ([]JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ListIdentityProviderKeys")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/credentials/keys"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListIdentityProviderSigningKeysRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	retryCount int32
+}
+
+func (r ApiListIdentityProviderSigningKeysRequest) Execute() ([]JsonWebKey, *APIResponse, error) {
+	return r.ApiService.ListIdentityProviderSigningKeysExecute(r)
+}
+
+/*
+ListIdentityProviderSigningKeys List all Signing Credential Keys
+
+Lists all signing key credentials for an IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiListIdentityProviderSigningKeysRequest
+*/
+func (a *IdentityProviderApiService) ListIdentityProviderSigningKeys(ctx context.Context, idpId string) ApiListIdentityProviderSigningKeysRequest {
+	return ApiListIdentityProviderSigningKeysRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []JsonWebKey
+func (a *IdentityProviderApiService) ListIdentityProviderSigningKeysExecute(r ApiListIdentityProviderSigningKeysRequest) ([]JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ListIdentityProviderSigningKeys")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/keys"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListIdentityProvidersRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	q          *string
+	after      *string
+	limit      *int32
+	type_      *string
+	retryCount int32
+}
+
+// Searches the name property of IdPs for matching value
+func (r ApiListIdentityProvidersRequest) Q(q string) ApiListIdentityProvidersRequest {
+	r.q = &q
+	return r
+}
+
+// Specifies the pagination cursor for the next page of IdPs
+func (r ApiListIdentityProvidersRequest) After(after string) ApiListIdentityProvidersRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of IdP results in a page
+func (r ApiListIdentityProvidersRequest) Limit(limit int32) ApiListIdentityProvidersRequest {
+	r.limit = &limit
+	return r
+}
+
+// Filters IdPs by type
+func (r ApiListIdentityProvidersRequest) Type_(type_ string) ApiListIdentityProvidersRequest {
+	r.type_ = &type_
+	return r
+}
+
+func (r ApiListIdentityProvidersRequest) Execute() ([]IdentityProvider, *APIResponse, error) {
+	return r.ApiService.ListIdentityProvidersExecute(r)
+}
+
+/*
+ListIdentityProviders List all Identity Providers
+
+Lists all identity provider integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListIdentityProvidersRequest
+*/
+func (a *IdentityProviderApiService) ListIdentityProviders(ctx context.Context) ApiListIdentityProvidersRequest {
+	return ApiListIdentityProvidersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []IdentityProvider
+func (a *IdentityProviderApiService) ListIdentityProvidersExecute(r ApiListIdentityProvidersRequest) ([]IdentityProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []IdentityProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ListIdentityProviders")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.type_ != nil {
+		localVarQueryParams.Add("type", parameterToString(*r.type_, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListSocialAuthTokensRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListSocialAuthTokensRequest) Execute() ([]SocialAuthToken, *APIResponse, error) {
+	return r.ApiService.ListSocialAuthTokensExecute(r)
+}
+
+/*
+ListSocialAuthTokens List all Tokens from a OIDC Identity Provider
+
+Lists the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param userId
+	@return ApiListSocialAuthTokensRequest
+*/
+func (a *IdentityProviderApiService) ListSocialAuthTokens(ctx context.Context, idpId string, userId string) ApiListSocialAuthTokensRequest {
+	return ApiListSocialAuthTokensRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []SocialAuthToken
+func (a *IdentityProviderApiService) ListSocialAuthTokensExecute(r ApiListSocialAuthTokensRequest) ([]SocialAuthToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []SocialAuthToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ListSocialAuthTokens")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/users/{userId}/credentials/tokens"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiPublishCsrForIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	csrId      string
+	body       **os.File
+	retryCount int32
+}
+
+func (r ApiPublishCsrForIdentityProviderRequest) Body(body *os.File) ApiPublishCsrForIdentityProviderRequest {
+	r.body = &body
+	return r
+}
+
+func (r ApiPublishCsrForIdentityProviderRequest) Execute() (*JsonWebKey, *APIResponse, error) {
+	return r.ApiService.PublishCsrForIdentityProviderExecute(r)
+}
+
+/*
+PublishCsrForIdentityProvider Publish a Certificate Signing Request
+
+Publishes a certificate signing request with a signed X.509 certificate and adds it into the signing key credentials for the IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param csrId
+	@return ApiPublishCsrForIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) PublishCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) ApiPublishCsrForIdentityProviderRequest {
+	return ApiPublishCsrForIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		csrId:      csrId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return JsonWebKey
+func (a *IdentityProviderApiService) PublishCsrForIdentityProviderExecute(r ApiPublishCsrForIdentityProviderRequest) (*JsonWebKey, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *JsonWebKey
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.PublishCsrForIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"csrId"+"}", url.PathEscape(parameterToString(r.csrId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.body == nil {
+		return localVarReturnValue, nil, reportError("body is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/x-x509-ca-cert", "application/pkix-cert", "application/x-pem-file"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.body
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceIdentityProviderRequest struct {
+	ctx              context.Context
+	ApiService       IdentityProviderApi
+	idpId            string
+	identityProvider *IdentityProvider
+	retryCount       int32
+}
+
+func (r ApiReplaceIdentityProviderRequest) IdentityProvider(identityProvider IdentityProvider) ApiReplaceIdentityProviderRequest {
+	r.identityProvider = &identityProvider
+	return r
+}
+
+func (r ApiReplaceIdentityProviderRequest) Execute() (*IdentityProvider, *APIResponse, error) {
+	return r.ApiService.ReplaceIdentityProviderExecute(r)
+}
+
+/*
+ReplaceIdentityProvider Replace an Identity Provider
+
+Replaces an identity provider integration by `idpId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@return ApiReplaceIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) ReplaceIdentityProvider(ctx context.Context, idpId string) ApiReplaceIdentityProviderRequest {
+	return ApiReplaceIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentityProvider
+func (a *IdentityProviderApiService) ReplaceIdentityProviderExecute(r ApiReplaceIdentityProviderRequest) (*IdentityProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentityProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.ReplaceIdentityProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.identityProvider == nil {
+		return localVarReturnValue, nil, reportError("identityProvider is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.identityProvider
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRevokeCsrForIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	csrId      string
+	retryCount int32
+}
+
+func (r ApiRevokeCsrForIdentityProviderRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeCsrForIdentityProviderExecute(r)
+}
+
+/*
+RevokeCsrForIdentityProvider Revoke a Certificate Signing Request
+
+Revokes a certificate signing request and deletes the key pair from the IdP
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param csrId
+	@return ApiRevokeCsrForIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) RevokeCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) ApiRevokeCsrForIdentityProviderRequest {
+	return ApiRevokeCsrForIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		csrId:      csrId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *IdentityProviderApiService) RevokeCsrForIdentityProviderExecute(r ApiRevokeCsrForIdentityProviderRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.RevokeCsrForIdentityProvider")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/credentials/csrs/{csrId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"csrId"+"}", url.PathEscape(parameterToString(r.csrId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnlinkUserFromIdentityProviderRequest struct {
+	ctx        context.Context
+	ApiService IdentityProviderApi
+	idpId      string
+	userId     string
+	retryCount int32
+}
+
+func (r ApiUnlinkUserFromIdentityProviderRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnlinkUserFromIdentityProviderExecute(r)
+}
+
+/*
+UnlinkUserFromIdentityProvider Unlink a User from IdP
+
+Unlinks the link between the Okta user and the IdP user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param idpId
+	@param userId
+	@return ApiUnlinkUserFromIdentityProviderRequest
+*/
+func (a *IdentityProviderApiService) UnlinkUserFromIdentityProvider(ctx context.Context, idpId string, userId string) ApiUnlinkUserFromIdentityProviderRequest {
+	return ApiUnlinkUserFromIdentityProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		idpId:      idpId,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *IdentityProviderApiService) UnlinkUserFromIdentityProviderExecute(r ApiUnlinkUserFromIdentityProviderRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentityProviderApiService.UnlinkUserFromIdentityProvider")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/idps/{idpId}/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"idpId"+"}", url.PathEscape(parameterToString(r.idpId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_identity_source.go b/okta/api_identity_source.go
new file mode 100644
index 000000000..82d39bcbb
--- /dev/null
+++ b/okta/api_identity_source.go
@@ -0,0 +1,1330 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type IdentitySourceApi interface {
+	/*
+		CreateIdentitySourceSession Create an Identity Source Session
+
+		Creates an identity source session for the given identity source instance
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param identitySourceId
+		@return ApiCreateIdentitySourceSessionRequest
+	*/
+	CreateIdentitySourceSession(ctx context.Context, identitySourceId string) ApiCreateIdentitySourceSessionRequest
+
+	// CreateIdentitySourceSessionExecute executes the request
+	//  @return []IdentitySourceSession
+	CreateIdentitySourceSessionExecute(r ApiCreateIdentitySourceSessionRequest) ([]IdentitySourceSession, *APIResponse, error)
+
+	/*
+		DeleteIdentitySourceSession Delete an Identity Source Session
+
+		Deletes an identity source session for a given `identitySourceId` and `sessionId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param identitySourceId
+		@param sessionId
+		@return ApiDeleteIdentitySourceSessionRequest
+	*/
+	DeleteIdentitySourceSession(ctx context.Context, identitySourceId string, sessionId string) ApiDeleteIdentitySourceSessionRequest
+
+	// DeleteIdentitySourceSessionExecute executes the request
+	DeleteIdentitySourceSessionExecute(r ApiDeleteIdentitySourceSessionRequest) (*APIResponse, error)
+
+	/*
+		GetIdentitySourceSession Retrieve an Identity Source Session
+
+		Retrieves an identity source session for a given identity source id and session id
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param identitySourceId
+		@param sessionId
+		@return ApiGetIdentitySourceSessionRequest
+	*/
+	GetIdentitySourceSession(ctx context.Context, identitySourceId string, sessionId string) ApiGetIdentitySourceSessionRequest
+
+	// GetIdentitySourceSessionExecute executes the request
+	//  @return IdentitySourceSession
+	GetIdentitySourceSessionExecute(r ApiGetIdentitySourceSessionRequest) (*IdentitySourceSession, *APIResponse, error)
+
+	/*
+		ListIdentitySourceSessions List all Identity Source Sessions
+
+		Lists all identity source sessions for the given identity source instance
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param identitySourceId
+		@return ApiListIdentitySourceSessionsRequest
+	*/
+	ListIdentitySourceSessions(ctx context.Context, identitySourceId string) ApiListIdentitySourceSessionsRequest
+
+	// ListIdentitySourceSessionsExecute executes the request
+	//  @return []IdentitySourceSession
+	ListIdentitySourceSessionsExecute(r ApiListIdentitySourceSessionsRequest) ([]IdentitySourceSession, *APIResponse, error)
+
+	/*
+		StartImportFromIdentitySource Start the import from the Identity Source
+
+		Starts the import from the identity source described by the uploaded bulk operations
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param identitySourceId
+		@param sessionId
+		@return ApiStartImportFromIdentitySourceRequest
+	*/
+	StartImportFromIdentitySource(ctx context.Context, identitySourceId string, sessionId string) ApiStartImportFromIdentitySourceRequest
+
+	// StartImportFromIdentitySourceExecute executes the request
+	//  @return []IdentitySourceSession
+	StartImportFromIdentitySourceExecute(r ApiStartImportFromIdentitySourceRequest) ([]IdentitySourceSession, *APIResponse, error)
+
+	/*
+		UploadIdentitySourceDataForDelete Upload the data to be deleted in Okta
+
+		Uploads entities that need to be deleted in Okta from the identity source for the given session
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param identitySourceId
+		@param sessionId
+		@return ApiUploadIdentitySourceDataForDeleteRequest
+	*/
+	UploadIdentitySourceDataForDelete(ctx context.Context, identitySourceId string, sessionId string) ApiUploadIdentitySourceDataForDeleteRequest
+
+	// UploadIdentitySourceDataForDeleteExecute executes the request
+	UploadIdentitySourceDataForDeleteExecute(r ApiUploadIdentitySourceDataForDeleteRequest) (*APIResponse, error)
+
+	/*
+		UploadIdentitySourceDataForUpsert Upload the data to be upserted in Okta
+
+		Uploads entities that need to be upserted in Okta from the identity source for the given session
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param identitySourceId
+		@param sessionId
+		@return ApiUploadIdentitySourceDataForUpsertRequest
+	*/
+	UploadIdentitySourceDataForUpsert(ctx context.Context, identitySourceId string, sessionId string) ApiUploadIdentitySourceDataForUpsertRequest
+
+	// UploadIdentitySourceDataForUpsertExecute executes the request
+	UploadIdentitySourceDataForUpsertExecute(r ApiUploadIdentitySourceDataForUpsertRequest) (*APIResponse, error)
+}
+
+// IdentitySourceApiService IdentitySourceApi service
+type IdentitySourceApiService service
+
+type ApiCreateIdentitySourceSessionRequest struct {
+	ctx              context.Context
+	ApiService       IdentitySourceApi
+	identitySourceId string
+	retryCount       int32
+}
+
+func (r ApiCreateIdentitySourceSessionRequest) Execute() ([]IdentitySourceSession, *APIResponse, error) {
+	return r.ApiService.CreateIdentitySourceSessionExecute(r)
+}
+
+/*
+CreateIdentitySourceSession Create an Identity Source Session
+
+Creates an identity source session for the given identity source instance
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param identitySourceId
+	@return ApiCreateIdentitySourceSessionRequest
+*/
+func (a *IdentitySourceApiService) CreateIdentitySourceSession(ctx context.Context, identitySourceId string) ApiCreateIdentitySourceSessionRequest {
+	return ApiCreateIdentitySourceSessionRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		identitySourceId: identitySourceId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []IdentitySourceSession
+func (a *IdentitySourceApiService) CreateIdentitySourceSessionExecute(r ApiCreateIdentitySourceSessionRequest) ([]IdentitySourceSession, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []IdentitySourceSession
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentitySourceApiService.CreateIdentitySourceSession")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/identity-sources/{identitySourceId}/sessions"
+	localVarPath = strings.Replace(localVarPath, "{"+"identitySourceId"+"}", url.PathEscape(parameterToString(r.identitySourceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteIdentitySourceSessionRequest struct {
+	ctx              context.Context
+	ApiService       IdentitySourceApi
+	identitySourceId string
+	sessionId        string
+	retryCount       int32
+}
+
+func (r ApiDeleteIdentitySourceSessionRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteIdentitySourceSessionExecute(r)
+}
+
+/*
+DeleteIdentitySourceSession Delete an Identity Source Session
+
+Deletes an identity source session for a given `identitySourceId` and `sessionId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param identitySourceId
+	@param sessionId
+	@return ApiDeleteIdentitySourceSessionRequest
+*/
+func (a *IdentitySourceApiService) DeleteIdentitySourceSession(ctx context.Context, identitySourceId string, sessionId string) ApiDeleteIdentitySourceSessionRequest {
+	return ApiDeleteIdentitySourceSessionRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		identitySourceId: identitySourceId,
+		sessionId:        sessionId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *IdentitySourceApiService) DeleteIdentitySourceSessionExecute(r ApiDeleteIdentitySourceSessionRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentitySourceApiService.DeleteIdentitySourceSession")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"identitySourceId"+"}", url.PathEscape(parameterToString(r.identitySourceId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetIdentitySourceSessionRequest struct {
+	ctx              context.Context
+	ApiService       IdentitySourceApi
+	identitySourceId string
+	sessionId        string
+	retryCount       int32
+}
+
+func (r ApiGetIdentitySourceSessionRequest) Execute() (*IdentitySourceSession, *APIResponse, error) {
+	return r.ApiService.GetIdentitySourceSessionExecute(r)
+}
+
+/*
+GetIdentitySourceSession Retrieve an Identity Source Session
+
+Retrieves an identity source session for a given identity source id and session id
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param identitySourceId
+	@param sessionId
+	@return ApiGetIdentitySourceSessionRequest
+*/
+func (a *IdentitySourceApiService) GetIdentitySourceSession(ctx context.Context, identitySourceId string, sessionId string) ApiGetIdentitySourceSessionRequest {
+	return ApiGetIdentitySourceSessionRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		identitySourceId: identitySourceId,
+		sessionId:        sessionId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IdentitySourceSession
+func (a *IdentitySourceApiService) GetIdentitySourceSessionExecute(r ApiGetIdentitySourceSessionRequest) (*IdentitySourceSession, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IdentitySourceSession
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentitySourceApiService.GetIdentitySourceSession")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"identitySourceId"+"}", url.PathEscape(parameterToString(r.identitySourceId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListIdentitySourceSessionsRequest struct {
+	ctx              context.Context
+	ApiService       IdentitySourceApi
+	identitySourceId string
+	retryCount       int32
+}
+
+func (r ApiListIdentitySourceSessionsRequest) Execute() ([]IdentitySourceSession, *APIResponse, error) {
+	return r.ApiService.ListIdentitySourceSessionsExecute(r)
+}
+
+/*
+ListIdentitySourceSessions List all Identity Source Sessions
+
+Lists all identity source sessions for the given identity source instance
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param identitySourceId
+	@return ApiListIdentitySourceSessionsRequest
+*/
+func (a *IdentitySourceApiService) ListIdentitySourceSessions(ctx context.Context, identitySourceId string) ApiListIdentitySourceSessionsRequest {
+	return ApiListIdentitySourceSessionsRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		identitySourceId: identitySourceId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []IdentitySourceSession
+func (a *IdentitySourceApiService) ListIdentitySourceSessionsExecute(r ApiListIdentitySourceSessionsRequest) ([]IdentitySourceSession, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []IdentitySourceSession
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentitySourceApiService.ListIdentitySourceSessions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/identity-sources/{identitySourceId}/sessions"
+	localVarPath = strings.Replace(localVarPath, "{"+"identitySourceId"+"}", url.PathEscape(parameterToString(r.identitySourceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiStartImportFromIdentitySourceRequest struct {
+	ctx              context.Context
+	ApiService       IdentitySourceApi
+	identitySourceId string
+	sessionId        string
+	retryCount       int32
+}
+
+func (r ApiStartImportFromIdentitySourceRequest) Execute() ([]IdentitySourceSession, *APIResponse, error) {
+	return r.ApiService.StartImportFromIdentitySourceExecute(r)
+}
+
+/*
+StartImportFromIdentitySource Start the import from the Identity Source
+
+Starts the import from the identity source described by the uploaded bulk operations
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param identitySourceId
+	@param sessionId
+	@return ApiStartImportFromIdentitySourceRequest
+*/
+func (a *IdentitySourceApiService) StartImportFromIdentitySource(ctx context.Context, identitySourceId string, sessionId string) ApiStartImportFromIdentitySourceRequest {
+	return ApiStartImportFromIdentitySourceRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		identitySourceId: identitySourceId,
+		sessionId:        sessionId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []IdentitySourceSession
+func (a *IdentitySourceApiService) StartImportFromIdentitySourceExecute(r ApiStartImportFromIdentitySourceRequest) ([]IdentitySourceSession, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []IdentitySourceSession
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentitySourceApiService.StartImportFromIdentitySource")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import"
+	localVarPath = strings.Replace(localVarPath, "{"+"identitySourceId"+"}", url.PathEscape(parameterToString(r.identitySourceId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUploadIdentitySourceDataForDeleteRequest struct {
+	ctx                   context.Context
+	ApiService            IdentitySourceApi
+	identitySourceId      string
+	sessionId             string
+	bulkDeleteRequestBody *BulkDeleteRequestBody
+	retryCount            int32
+}
+
+func (r ApiUploadIdentitySourceDataForDeleteRequest) BulkDeleteRequestBody(bulkDeleteRequestBody BulkDeleteRequestBody) ApiUploadIdentitySourceDataForDeleteRequest {
+	r.bulkDeleteRequestBody = &bulkDeleteRequestBody
+	return r
+}
+
+func (r ApiUploadIdentitySourceDataForDeleteRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UploadIdentitySourceDataForDeleteExecute(r)
+}
+
+/*
+UploadIdentitySourceDataForDelete Upload the data to be deleted in Okta
+
+Uploads entities that need to be deleted in Okta from the identity source for the given session
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param identitySourceId
+	@param sessionId
+	@return ApiUploadIdentitySourceDataForDeleteRequest
+*/
+func (a *IdentitySourceApiService) UploadIdentitySourceDataForDelete(ctx context.Context, identitySourceId string, sessionId string) ApiUploadIdentitySourceDataForDeleteRequest {
+	return ApiUploadIdentitySourceDataForDeleteRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		identitySourceId: identitySourceId,
+		sessionId:        sessionId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *IdentitySourceApiService) UploadIdentitySourceDataForDeleteExecute(r ApiUploadIdentitySourceDataForDeleteRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentitySourceApiService.UploadIdentitySourceDataForDelete")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete"
+	localVarPath = strings.Replace(localVarPath, "{"+"identitySourceId"+"}", url.PathEscape(parameterToString(r.identitySourceId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.bulkDeleteRequestBody
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUploadIdentitySourceDataForUpsertRequest struct {
+	ctx                   context.Context
+	ApiService            IdentitySourceApi
+	identitySourceId      string
+	sessionId             string
+	bulkUpsertRequestBody *BulkUpsertRequestBody
+	retryCount            int32
+}
+
+func (r ApiUploadIdentitySourceDataForUpsertRequest) BulkUpsertRequestBody(bulkUpsertRequestBody BulkUpsertRequestBody) ApiUploadIdentitySourceDataForUpsertRequest {
+	r.bulkUpsertRequestBody = &bulkUpsertRequestBody
+	return r
+}
+
+func (r ApiUploadIdentitySourceDataForUpsertRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UploadIdentitySourceDataForUpsertExecute(r)
+}
+
+/*
+UploadIdentitySourceDataForUpsert Upload the data to be upserted in Okta
+
+Uploads entities that need to be upserted in Okta from the identity source for the given session
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param identitySourceId
+	@param sessionId
+	@return ApiUploadIdentitySourceDataForUpsertRequest
+*/
+func (a *IdentitySourceApiService) UploadIdentitySourceDataForUpsert(ctx context.Context, identitySourceId string, sessionId string) ApiUploadIdentitySourceDataForUpsertRequest {
+	return ApiUploadIdentitySourceDataForUpsertRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		identitySourceId: identitySourceId,
+		sessionId:        sessionId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *IdentitySourceApiService) UploadIdentitySourceDataForUpsertExecute(r ApiUploadIdentitySourceDataForUpsertRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "IdentitySourceApiService.UploadIdentitySourceDataForUpsert")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert"
+	localVarPath = strings.Replace(localVarPath, "{"+"identitySourceId"+"}", url.PathEscape(parameterToString(r.identitySourceId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.bulkUpsertRequestBody
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_idp_test.go b/okta/api_idp_test.go
new file mode 100644
index 000000000..bd84bb34e
--- /dev/null
+++ b/okta/api_idp_test.go
@@ -0,0 +1,242 @@
+package okta
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func setupIdp(name string) (*IdentityProvider, *APIResponse, error) {
+	req := apiClient.IdentityProviderApi.CreateIdentityProvider(apiClient.cfg.Context)
+	payload := testFactory.NewValidTestIdentityProvider()
+	payload.SetName(name)
+	req = req.IdentityProvider(*payload)
+	return req.Execute()
+}
+
+func cleanUpIdp(idpId string) (err error) {
+	_, err = apiClient.IdentityProviderApi.DeleteIdentityProvider(apiClient.cfg.Context, idpId).Execute()
+	return
+}
+
+func Test_Get_Identity_Provider(t *testing.T) {
+	createdIdp, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	t.Run("get idp by id", func(t *testing.T) {
+		ridp, _, err := apiClient.IdentityProviderApi.GetIdentityProvider(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Could not get idp by ID")
+		assert.Equal(t, createdIdp.GetId(), ridp.GetId())
+		assert.Equal(t, createdIdp.GetProtocol(), ridp.GetProtocol())
+		assert.Equal(t, createdIdp.GetPolicy(), ridp.GetPolicy())
+	})
+	t.Run("get list idp", func(t *testing.T) {
+		lidp, _, err := apiClient.IdentityProviderApi.ListIdentityProviders(apiClient.cfg.Context).Execute()
+		require.NoError(t, err, "Could not get list idp")
+		var createdIdpInList bool
+		for _, idp := range lidp {
+			if idp.GetId() == createdIdp.GetId() {
+				createdIdpInList = true
+			}
+		}
+		assert.True(t, createdIdpInList)
+	})
+	err = cleanUpIdp(createdIdp.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+}
+
+func Test_Activate_Identity_Provider(t *testing.T) {
+	createdIdp, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	assert.Equal(t, LIFECYCLESTATUS_ACTIVE, createdIdp.GetStatus())
+	t.Run("deactivate idp", func(t *testing.T) {
+		didp, _, err := apiClient.IdentityProviderApi.DeactivateIdentityProvider(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Could not deactivate idp")
+		assert.Equal(t, LIFECYCLESTATUS_INACTIVE, didp.GetStatus())
+	})
+	t.Run("activate idp", func(t *testing.T) {
+		aidp, _, err := apiClient.IdentityProviderApi.ActivateIdentityProvider(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Could not activate idp")
+		assert.Equal(t, LIFECYCLESTATUS_ACTIVE, aidp.GetStatus())
+	})
+	err = cleanUpIdp(createdIdp.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+}
+
+func Test_Update_Identity_Provider(t *testing.T) {
+	createdIdp, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	t.Run("update idp", func(t *testing.T) {
+		req := apiClient.IdentityProviderApi.ReplaceIdentityProvider(apiClient.cfg.Context, createdIdp.GetId())
+		createdIdp.SetName(fmt.Sprintf("%v%v", testPrefix, "Update"))
+		req = req.IdentityProvider(*createdIdp)
+		uidp, _, err := req.Execute()
+		require.NoError(t, err, "Could not update idp")
+		assert.Equal(t, fmt.Sprintf("%v%v", testPrefix, "Update"), uidp.GetName())
+	})
+	err = cleanUpIdp(createdIdp.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+}
+
+func Test_Get_Key(t *testing.T) {
+	req := apiClient.IdentityProviderApi.CreateIdentityProviderKey(apiClient.cfg.Context)
+	payload := testFactory.NewValidTestJsonWebKey()
+	req = req.JsonWebKey(*payload)
+	createdKey, _, err := req.Execute()
+	require.NoError(t, err, "Creating a new idp key should not error")
+	t.Run("get idp key by id", func(t *testing.T) {
+		ridpk, _, err := apiClient.IdentityProviderApi.GetIdentityProviderKey(apiClient.cfg.Context, createdKey.GetKid()).Execute()
+		require.NoError(t, err, "Could not get idp key by ID")
+		assert.Equal(t, createdKey.GetKid(), ridpk.GetKid())
+	})
+	t.Run("get list idp keys", func(t *testing.T) {
+		lidpk, _, err := apiClient.IdentityProviderApi.ListIdentityProviderKeys(apiClient.cfg.Context).Execute()
+		require.NoError(t, err, "Could not get list idp")
+		assert.Equal(t, len(lidpk), 1)
+	})
+	_, err = apiClient.IdentityProviderApi.DeleteIdentityProviderKey(apiClient.cfg.Context, createdKey.GetKid()).Execute()
+	require.NoError(t, err, "Clean up idp key should not error")
+}
+
+func Test_List_Signing_Keys(t *testing.T) {
+	createdIdp, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	var generatedKey *JsonWebKey
+	t.Run("generate signing key", func(t *testing.T) {
+		req := apiClient.IdentityProviderApi.GenerateIdentityProviderSigningKey(apiClient.cfg.Context, createdIdp.GetId())
+		req = req.ValidityYears(int32(2))
+		generatedKey, _, err = req.Execute()
+		require.NoError(t, err, "Generating a new signing key should not error")
+		assert.NotNil(t, generatedKey)
+		assert.NotEmpty(t, generatedKey.X5c)
+	})
+	t.Run("list signing keys", func(t *testing.T) {
+		retrievedKeys, _, err := apiClient.IdentityProviderApi.ListIdentityProviderSigningKeys(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Retrieveing signing keys should not error")
+		var result bool
+		for _, v := range retrievedKeys {
+			if contain(generatedKey.X5c[0], v.X5c) {
+				result = true
+			}
+		}
+		assert.True(t, result)
+	})
+	err = cleanUpIdp(createdIdp.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+}
+
+func Test_Clone_Signing_Key(t *testing.T) {
+	createdIdp1, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	createdIdp2, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	t.Run("clone signing key", func(t *testing.T) {
+		greq := apiClient.IdentityProviderApi.GenerateIdentityProviderSigningKey(apiClient.cfg.Context, createdIdp1.GetId())
+		greq = greq.ValidityYears(int32(2))
+		generatedKey, _, err := greq.Execute()
+		require.NoError(t, err, "Generating a new signing key should not error")
+		creq := apiClient.IdentityProviderApi.CloneIdentityProviderKey(apiClient.cfg.Context, createdIdp1.GetId(), generatedKey.GetKid())
+		creq = creq.TargetIdpId(createdIdp2.GetId())
+		clonedKey, _, err := creq.Execute()
+		require.NoError(t, err, "Could not clone signing key")
+		assert.NotNil(t, clonedKey)
+		assert.Equal(t, generatedKey.GetKid(), clonedKey.GetKid())
+	})
+	err = cleanUpIdp(createdIdp1.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+	err = cleanUpIdp(createdIdp2.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+}
+
+func Test_Get_CSR(t *testing.T) {
+	createdIdp, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	var generatedCsr *Csr
+	t.Run("generate CSR", func(t *testing.T) {
+		req := apiClient.IdentityProviderApi.GenerateCsrForIdentityProvider(apiClient.cfg.Context, createdIdp.GetId())
+		req = req.Metadata(*testFactory.NewValidTestCSRMetadata())
+		generatedCsr, _, err = req.Execute()
+		require.NoError(t, err, "Generating a new csr should not error")
+		assert.NotNil(t, generatedCsr)
+		assert.Equal(t, "RSA", generatedCsr.GetKty())
+		assert.NotNil(t, generatedCsr.Csr)
+	})
+	t.Run("get CSR by ID", func(t *testing.T) {
+		rcsr, _, err := apiClient.IdentityProviderApi.GetCsrForIdentityProvider(apiClient.cfg.Context, createdIdp.GetId(), generatedCsr.GetId()).Execute()
+		require.NoError(t, err, "Could not get csr by ID")
+		assert.NotNil(t, rcsr)
+		assert.Equal(t, generatedCsr.GetKty(), rcsr.GetKty())
+		assert.NotNil(t, generatedCsr.GetCsr(), rcsr.GetCsr())
+	})
+	t.Run("list CSR", func(t *testing.T) {
+		listCSRs, _, err := apiClient.IdentityProviderApi.ListCsrsForIdentityProvider(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Could not list csr by idp ID")
+		assert.NotEmpty(t, listCSRs)
+		var result bool
+		for _, csr := range listCSRs {
+			if csr.GetId() == generatedCsr.GetId() {
+				result = true
+			}
+		}
+		assert.True(t, result)
+	})
+	t.Run("revoke CSR", func(t *testing.T) {
+		_, err := apiClient.IdentityProviderApi.RevokeCsrForIdentityProvider(apiClient.cfg.Context, createdIdp.GetId(), generatedCsr.GetId()).Execute()
+		require.NoError(t, err, "Unable to revoke csr")
+	})
+	t.Run("list CSR", func(t *testing.T) {
+		listCSRs, _, err := apiClient.IdentityProviderApi.ListCsrsForIdentityProvider(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Could not list csr by idp ID")
+		assert.Empty(t, listCSRs)
+	})
+	err = cleanUpIdp(createdIdp.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+}
+
+func Test_Get_Linked_User(t *testing.T) {
+	createdUser, _, _, err := setupUser(false)
+	require.NoError(t, err, "Creating a new user should not error")
+	createdIdp, _, err := setupIdp(randomTestString())
+	require.NoError(t, err, "Creating a new idp should not error")
+	t.Run("link idp to user", func(t *testing.T) {
+		req := apiClient.IdentityProviderApi.LinkUserToIdentityProvider(apiClient.cfg.Context, createdIdp.GetId(), createdUser.GetId())
+		externalId := "externalId"
+		req = req.UserIdentityProviderLinkRequest(UserIdentityProviderLinkRequest{ExternalId: &externalId})
+		_, _, err := req.Execute()
+		require.NoError(t, err, "Could not link user and idp")
+	})
+	t.Run("get linked user for idps", func(t *testing.T) {
+		linkUser, _, err := apiClient.IdentityProviderApi.GetIdentityProviderApplicationUser(apiClient.cfg.Context, createdIdp.GetId(), createdUser.GetId()).Execute()
+		require.NoError(t, err, "Could not get user's idp")
+		assert.Equal(t, createdUser.GetId(), linkUser.GetId())
+		var idpInLink bool
+		if idp, ok := linkUser.Links["idp"]; ok {
+			if href, ok := idp["href"]; ok {
+				if strings.Contains(fmt.Sprintf("%v", href), createdIdp.GetId()) {
+					idpInLink = true
+				}
+			}
+		}
+		assert.True(t, idpInLink)
+	})
+	t.Run("list linked idp user", func(t *testing.T) {
+		listIdp, _, err := apiClient.IdentityProviderApi.ListIdentityProviderApplicationUsers(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Could not list idp's user")
+		assert.Equal(t, 1, len(listIdp))
+	})
+	t.Run("unlink idp from user", func(t *testing.T) {
+		_, err := apiClient.IdentityProviderApi.UnlinkUserFromIdentityProvider(apiClient.cfg.Context, createdIdp.GetId(), createdUser.GetId()).Execute()
+		require.NoError(t, err, "Could unlink idp and user")
+	})
+	t.Run("list linked idp user", func(t *testing.T) {
+		listIdp, _, err := apiClient.IdentityProviderApi.ListIdentityProviderApplicationUsers(apiClient.cfg.Context, createdIdp.GetId()).Execute()
+		require.NoError(t, err, "Could not list idp's user")
+		assert.Empty(t, listIdp)
+	})
+	err = cleanUpIdp(createdIdp.GetId())
+	require.NoError(t, err, "Clean up idp should not error")
+	err = cleanUpUser(createdUser.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
diff --git a/okta/api_inline_hook.go b/okta/api_inline_hook.go
new file mode 100644
index 000000000..ae006f69a
--- /dev/null
+++ b/okta/api_inline_hook.go
@@ -0,0 +1,1518 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type InlineHookApi interface {
+	/*
+		ActivateInlineHook Activate an Inline Hook
+
+		Activates the inline hook by `inlineHookId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param inlineHookId
+		@return ApiActivateInlineHookRequest
+	*/
+	ActivateInlineHook(ctx context.Context, inlineHookId string) ApiActivateInlineHookRequest
+
+	// ActivateInlineHookExecute executes the request
+	//  @return InlineHook
+	ActivateInlineHookExecute(r ApiActivateInlineHookRequest) (*InlineHook, *APIResponse, error)
+
+	/*
+		CreateInlineHook Create an Inline Hook
+
+		Creates an inline hook
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateInlineHookRequest
+	*/
+	CreateInlineHook(ctx context.Context) ApiCreateInlineHookRequest
+
+	// CreateInlineHookExecute executes the request
+	//  @return InlineHook
+	CreateInlineHookExecute(r ApiCreateInlineHookRequest) (*InlineHook, *APIResponse, error)
+
+	/*
+		DeactivateInlineHook Deactivate an Inline Hook
+
+		Deactivates the inline hook by `inlineHookId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param inlineHookId
+		@return ApiDeactivateInlineHookRequest
+	*/
+	DeactivateInlineHook(ctx context.Context, inlineHookId string) ApiDeactivateInlineHookRequest
+
+	// DeactivateInlineHookExecute executes the request
+	//  @return InlineHook
+	DeactivateInlineHookExecute(r ApiDeactivateInlineHookRequest) (*InlineHook, *APIResponse, error)
+
+	/*
+		DeleteInlineHook Delete an Inline Hook
+
+		Deletes an inline hook by `inlineHookId`. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param inlineHookId
+		@return ApiDeleteInlineHookRequest
+	*/
+	DeleteInlineHook(ctx context.Context, inlineHookId string) ApiDeleteInlineHookRequest
+
+	// DeleteInlineHookExecute executes the request
+	DeleteInlineHookExecute(r ApiDeleteInlineHookRequest) (*APIResponse, error)
+
+	/*
+		ExecuteInlineHook Execute an Inline Hook
+
+		Executes the inline hook by `inlineHookId` using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param inlineHookId
+		@return ApiExecuteInlineHookRequest
+	*/
+	ExecuteInlineHook(ctx context.Context, inlineHookId string) ApiExecuteInlineHookRequest
+
+	// ExecuteInlineHookExecute executes the request
+	//  @return InlineHookResponse
+	ExecuteInlineHookExecute(r ApiExecuteInlineHookRequest) (*InlineHookResponse, *APIResponse, error)
+
+	/*
+		GetInlineHook Retrieve an Inline Hook
+
+		Retrieves an inline hook by `inlineHookId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param inlineHookId
+		@return ApiGetInlineHookRequest
+	*/
+	GetInlineHook(ctx context.Context, inlineHookId string) ApiGetInlineHookRequest
+
+	// GetInlineHookExecute executes the request
+	//  @return InlineHook
+	GetInlineHookExecute(r ApiGetInlineHookRequest) (*InlineHook, *APIResponse, error)
+
+	/*
+		ListInlineHooks List all Inline Hooks
+
+		Lists all inline hooks
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListInlineHooksRequest
+	*/
+	ListInlineHooks(ctx context.Context) ApiListInlineHooksRequest
+
+	// ListInlineHooksExecute executes the request
+	//  @return []InlineHook
+	ListInlineHooksExecute(r ApiListInlineHooksRequest) ([]InlineHook, *APIResponse, error)
+
+	/*
+		ReplaceInlineHook Replace an Inline Hook
+
+		Replaces an inline hook by `inlineHookId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param inlineHookId
+		@return ApiReplaceInlineHookRequest
+	*/
+	ReplaceInlineHook(ctx context.Context, inlineHookId string) ApiReplaceInlineHookRequest
+
+	// ReplaceInlineHookExecute executes the request
+	//  @return InlineHook
+	ReplaceInlineHookExecute(r ApiReplaceInlineHookRequest) (*InlineHook, *APIResponse, error)
+}
+
+// InlineHookApiService InlineHookApi service
+type InlineHookApiService service
+
+type ApiActivateInlineHookRequest struct {
+	ctx          context.Context
+	ApiService   InlineHookApi
+	inlineHookId string
+	retryCount   int32
+}
+
+func (r ApiActivateInlineHookRequest) Execute() (*InlineHook, *APIResponse, error) {
+	return r.ApiService.ActivateInlineHookExecute(r)
+}
+
+/*
+ActivateInlineHook Activate an Inline Hook
+
+Activates the inline hook by `inlineHookId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param inlineHookId
+	@return ApiActivateInlineHookRequest
+*/
+func (a *InlineHookApiService) ActivateInlineHook(ctx context.Context, inlineHookId string) ApiActivateInlineHookRequest {
+	return ApiActivateInlineHookRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		inlineHookId: inlineHookId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return InlineHook
+func (a *InlineHookApiService) ActivateInlineHookExecute(r ApiActivateInlineHookRequest) (*InlineHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *InlineHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.ActivateInlineHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"inlineHookId"+"}", url.PathEscape(parameterToString(r.inlineHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateInlineHookRequest struct {
+	ctx        context.Context
+	ApiService InlineHookApi
+	inlineHook *InlineHook
+	retryCount int32
+}
+
+func (r ApiCreateInlineHookRequest) InlineHook(inlineHook InlineHook) ApiCreateInlineHookRequest {
+	r.inlineHook = &inlineHook
+	return r
+}
+
+func (r ApiCreateInlineHookRequest) Execute() (*InlineHook, *APIResponse, error) {
+	return r.ApiService.CreateInlineHookExecute(r)
+}
+
+/*
+CreateInlineHook Create an Inline Hook
+
+Creates an inline hook
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateInlineHookRequest
+*/
+func (a *InlineHookApiService) CreateInlineHook(ctx context.Context) ApiCreateInlineHookRequest {
+	return ApiCreateInlineHookRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return InlineHook
+func (a *InlineHookApiService) CreateInlineHookExecute(r ApiCreateInlineHookRequest) (*InlineHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *InlineHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.CreateInlineHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.inlineHook == nil {
+		return localVarReturnValue, nil, reportError("inlineHook is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.inlineHook
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateInlineHookRequest struct {
+	ctx          context.Context
+	ApiService   InlineHookApi
+	inlineHookId string
+	retryCount   int32
+}
+
+func (r ApiDeactivateInlineHookRequest) Execute() (*InlineHook, *APIResponse, error) {
+	return r.ApiService.DeactivateInlineHookExecute(r)
+}
+
+/*
+DeactivateInlineHook Deactivate an Inline Hook
+
+Deactivates the inline hook by `inlineHookId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param inlineHookId
+	@return ApiDeactivateInlineHookRequest
+*/
+func (a *InlineHookApiService) DeactivateInlineHook(ctx context.Context, inlineHookId string) ApiDeactivateInlineHookRequest {
+	return ApiDeactivateInlineHookRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		inlineHookId: inlineHookId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return InlineHook
+func (a *InlineHookApiService) DeactivateInlineHookExecute(r ApiDeactivateInlineHookRequest) (*InlineHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *InlineHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.DeactivateInlineHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"inlineHookId"+"}", url.PathEscape(parameterToString(r.inlineHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteInlineHookRequest struct {
+	ctx          context.Context
+	ApiService   InlineHookApi
+	inlineHookId string
+	retryCount   int32
+}
+
+func (r ApiDeleteInlineHookRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteInlineHookExecute(r)
+}
+
+/*
+DeleteInlineHook Delete an Inline Hook
+
+Deletes an inline hook by `inlineHookId`. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param inlineHookId
+	@return ApiDeleteInlineHookRequest
+*/
+func (a *InlineHookApiService) DeleteInlineHook(ctx context.Context, inlineHookId string) ApiDeleteInlineHookRequest {
+	return ApiDeleteInlineHookRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		inlineHookId: inlineHookId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+func (a *InlineHookApiService) DeleteInlineHookExecute(r ApiDeleteInlineHookRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.DeleteInlineHook")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks/{inlineHookId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"inlineHookId"+"}", url.PathEscape(parameterToString(r.inlineHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiExecuteInlineHookRequest struct {
+	ctx          context.Context
+	ApiService   InlineHookApi
+	inlineHookId string
+	payloadData  *map[string]interface{}
+	retryCount   int32
+}
+
+func (r ApiExecuteInlineHookRequest) PayloadData(payloadData map[string]interface{}) ApiExecuteInlineHookRequest {
+	r.payloadData = &payloadData
+	return r
+}
+
+func (r ApiExecuteInlineHookRequest) Execute() (*InlineHookResponse, *APIResponse, error) {
+	return r.ApiService.ExecuteInlineHookExecute(r)
+}
+
+/*
+ExecuteInlineHook Execute an Inline Hook
+
+Executes the inline hook by `inlineHookId` using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param inlineHookId
+	@return ApiExecuteInlineHookRequest
+*/
+func (a *InlineHookApiService) ExecuteInlineHook(ctx context.Context, inlineHookId string) ApiExecuteInlineHookRequest {
+	return ApiExecuteInlineHookRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		inlineHookId: inlineHookId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return InlineHookResponse
+func (a *InlineHookApiService) ExecuteInlineHookExecute(r ApiExecuteInlineHookRequest) (*InlineHookResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *InlineHookResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.ExecuteInlineHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks/{inlineHookId}/execute"
+	localVarPath = strings.Replace(localVarPath, "{"+"inlineHookId"+"}", url.PathEscape(parameterToString(r.inlineHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.payloadData == nil {
+		return localVarReturnValue, nil, reportError("payloadData is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.payloadData
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetInlineHookRequest struct {
+	ctx          context.Context
+	ApiService   InlineHookApi
+	inlineHookId string
+	retryCount   int32
+}
+
+func (r ApiGetInlineHookRequest) Execute() (*InlineHook, *APIResponse, error) {
+	return r.ApiService.GetInlineHookExecute(r)
+}
+
+/*
+GetInlineHook Retrieve an Inline Hook
+
+Retrieves an inline hook by `inlineHookId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param inlineHookId
+	@return ApiGetInlineHookRequest
+*/
+func (a *InlineHookApiService) GetInlineHook(ctx context.Context, inlineHookId string) ApiGetInlineHookRequest {
+	return ApiGetInlineHookRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		inlineHookId: inlineHookId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return InlineHook
+func (a *InlineHookApiService) GetInlineHookExecute(r ApiGetInlineHookRequest) (*InlineHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *InlineHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.GetInlineHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks/{inlineHookId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"inlineHookId"+"}", url.PathEscape(parameterToString(r.inlineHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListInlineHooksRequest struct {
+	ctx        context.Context
+	ApiService InlineHookApi
+	type_      *string
+	retryCount int32
+}
+
+func (r ApiListInlineHooksRequest) Type_(type_ string) ApiListInlineHooksRequest {
+	r.type_ = &type_
+	return r
+}
+
+func (r ApiListInlineHooksRequest) Execute() ([]InlineHook, *APIResponse, error) {
+	return r.ApiService.ListInlineHooksExecute(r)
+}
+
+/*
+ListInlineHooks List all Inline Hooks
+
+Lists all inline hooks
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListInlineHooksRequest
+*/
+func (a *InlineHookApiService) ListInlineHooks(ctx context.Context) ApiListInlineHooksRequest {
+	return ApiListInlineHooksRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []InlineHook
+func (a *InlineHookApiService) ListInlineHooksExecute(r ApiListInlineHooksRequest) ([]InlineHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []InlineHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.ListInlineHooks")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.type_ != nil {
+		localVarQueryParams.Add("type", parameterToString(*r.type_, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceInlineHookRequest struct {
+	ctx          context.Context
+	ApiService   InlineHookApi
+	inlineHookId string
+	inlineHook   *InlineHook
+	retryCount   int32
+}
+
+func (r ApiReplaceInlineHookRequest) InlineHook(inlineHook InlineHook) ApiReplaceInlineHookRequest {
+	r.inlineHook = &inlineHook
+	return r
+}
+
+func (r ApiReplaceInlineHookRequest) Execute() (*InlineHook, *APIResponse, error) {
+	return r.ApiService.ReplaceInlineHookExecute(r)
+}
+
+/*
+ReplaceInlineHook Replace an Inline Hook
+
+Replaces an inline hook by `inlineHookId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param inlineHookId
+	@return ApiReplaceInlineHookRequest
+*/
+func (a *InlineHookApiService) ReplaceInlineHook(ctx context.Context, inlineHookId string) ApiReplaceInlineHookRequest {
+	return ApiReplaceInlineHookRequest{
+		ApiService:   a,
+		ctx:          ctx,
+		inlineHookId: inlineHookId,
+		retryCount:   0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return InlineHook
+func (a *InlineHookApiService) ReplaceInlineHookExecute(r ApiReplaceInlineHookRequest) (*InlineHook, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *InlineHook
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "InlineHookApiService.ReplaceInlineHook")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/inlineHooks/{inlineHookId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"inlineHookId"+"}", url.PathEscape(parameterToString(r.inlineHookId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.inlineHook == nil {
+		return localVarReturnValue, nil, reportError("inlineHook is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.inlineHook
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_linked_object.go b/okta/api_linked_object.go
new file mode 100644
index 000000000..3b438ee6a
--- /dev/null
+++ b/okta/api_linked_object.go
@@ -0,0 +1,739 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type LinkedObjectApi interface {
+	/*
+		CreateLinkedObjectDefinition Create a Linked Object Definition
+
+		Creates a linked object definition
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateLinkedObjectDefinitionRequest
+	*/
+	CreateLinkedObjectDefinition(ctx context.Context) ApiCreateLinkedObjectDefinitionRequest
+
+	// CreateLinkedObjectDefinitionExecute executes the request
+	//  @return LinkedObject
+	CreateLinkedObjectDefinitionExecute(r ApiCreateLinkedObjectDefinitionRequest) (*LinkedObject, *APIResponse, error)
+
+	/*
+		DeleteLinkedObjectDefinition Delete a Linked Object Definition
+
+		Deletes a linked object definition
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param linkedObjectName
+		@return ApiDeleteLinkedObjectDefinitionRequest
+	*/
+	DeleteLinkedObjectDefinition(ctx context.Context, linkedObjectName string) ApiDeleteLinkedObjectDefinitionRequest
+
+	// DeleteLinkedObjectDefinitionExecute executes the request
+	DeleteLinkedObjectDefinitionExecute(r ApiDeleteLinkedObjectDefinitionRequest) (*APIResponse, error)
+
+	/*
+		GetLinkedObjectDefinition Retrieve a Linked Object Definition
+
+		Retrieves a linked object definition
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param linkedObjectName
+		@return ApiGetLinkedObjectDefinitionRequest
+	*/
+	GetLinkedObjectDefinition(ctx context.Context, linkedObjectName string) ApiGetLinkedObjectDefinitionRequest
+
+	// GetLinkedObjectDefinitionExecute executes the request
+	//  @return LinkedObject
+	GetLinkedObjectDefinitionExecute(r ApiGetLinkedObjectDefinitionRequest) (*LinkedObject, *APIResponse, error)
+
+	/*
+		ListLinkedObjectDefinitions List all Linked Object Definitions
+
+		Lists all linked object definitions
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListLinkedObjectDefinitionsRequest
+	*/
+	ListLinkedObjectDefinitions(ctx context.Context) ApiListLinkedObjectDefinitionsRequest
+
+	// ListLinkedObjectDefinitionsExecute executes the request
+	//  @return []LinkedObject
+	ListLinkedObjectDefinitionsExecute(r ApiListLinkedObjectDefinitionsRequest) ([]LinkedObject, *APIResponse, error)
+}
+
+// LinkedObjectApiService LinkedObjectApi service
+type LinkedObjectApiService service
+
+type ApiCreateLinkedObjectDefinitionRequest struct {
+	ctx          context.Context
+	ApiService   LinkedObjectApi
+	linkedObject *LinkedObject
+	retryCount   int32
+}
+
+func (r ApiCreateLinkedObjectDefinitionRequest) LinkedObject(linkedObject LinkedObject) ApiCreateLinkedObjectDefinitionRequest {
+	r.linkedObject = &linkedObject
+	return r
+}
+
+func (r ApiCreateLinkedObjectDefinitionRequest) Execute() (*LinkedObject, *APIResponse, error) {
+	return r.ApiService.CreateLinkedObjectDefinitionExecute(r)
+}
+
+/*
+CreateLinkedObjectDefinition Create a Linked Object Definition
+
+Creates a linked object definition
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateLinkedObjectDefinitionRequest
+*/
+func (a *LinkedObjectApiService) CreateLinkedObjectDefinition(ctx context.Context) ApiCreateLinkedObjectDefinitionRequest {
+	return ApiCreateLinkedObjectDefinitionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return LinkedObject
+func (a *LinkedObjectApiService) CreateLinkedObjectDefinitionExecute(r ApiCreateLinkedObjectDefinitionRequest) (*LinkedObject, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *LinkedObject
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LinkedObjectApiService.CreateLinkedObjectDefinition")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/user/linkedObjects"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.linkedObject == nil {
+		return localVarReturnValue, nil, reportError("linkedObject is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.linkedObject
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteLinkedObjectDefinitionRequest struct {
+	ctx              context.Context
+	ApiService       LinkedObjectApi
+	linkedObjectName string
+	retryCount       int32
+}
+
+func (r ApiDeleteLinkedObjectDefinitionRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteLinkedObjectDefinitionExecute(r)
+}
+
+/*
+DeleteLinkedObjectDefinition Delete a Linked Object Definition
+
+Deletes a linked object definition
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param linkedObjectName
+	@return ApiDeleteLinkedObjectDefinitionRequest
+*/
+func (a *LinkedObjectApiService) DeleteLinkedObjectDefinition(ctx context.Context, linkedObjectName string) ApiDeleteLinkedObjectDefinitionRequest {
+	return ApiDeleteLinkedObjectDefinitionRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		linkedObjectName: linkedObjectName,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *LinkedObjectApiService) DeleteLinkedObjectDefinitionExecute(r ApiDeleteLinkedObjectDefinitionRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LinkedObjectApiService.DeleteLinkedObjectDefinition")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"linkedObjectName"+"}", url.PathEscape(parameterToString(r.linkedObjectName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetLinkedObjectDefinitionRequest struct {
+	ctx              context.Context
+	ApiService       LinkedObjectApi
+	linkedObjectName string
+	retryCount       int32
+}
+
+func (r ApiGetLinkedObjectDefinitionRequest) Execute() (*LinkedObject, *APIResponse, error) {
+	return r.ApiService.GetLinkedObjectDefinitionExecute(r)
+}
+
+/*
+GetLinkedObjectDefinition Retrieve a Linked Object Definition
+
+Retrieves a linked object definition
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param linkedObjectName
+	@return ApiGetLinkedObjectDefinitionRequest
+*/
+func (a *LinkedObjectApiService) GetLinkedObjectDefinition(ctx context.Context, linkedObjectName string) ApiGetLinkedObjectDefinitionRequest {
+	return ApiGetLinkedObjectDefinitionRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		linkedObjectName: linkedObjectName,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return LinkedObject
+func (a *LinkedObjectApiService) GetLinkedObjectDefinitionExecute(r ApiGetLinkedObjectDefinitionRequest) (*LinkedObject, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *LinkedObject
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LinkedObjectApiService.GetLinkedObjectDefinition")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"linkedObjectName"+"}", url.PathEscape(parameterToString(r.linkedObjectName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListLinkedObjectDefinitionsRequest struct {
+	ctx        context.Context
+	ApiService LinkedObjectApi
+	retryCount int32
+}
+
+func (r ApiListLinkedObjectDefinitionsRequest) Execute() ([]LinkedObject, *APIResponse, error) {
+	return r.ApiService.ListLinkedObjectDefinitionsExecute(r)
+}
+
+/*
+ListLinkedObjectDefinitions List all Linked Object Definitions
+
+Lists all linked object definitions
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListLinkedObjectDefinitionsRequest
+*/
+func (a *LinkedObjectApiService) ListLinkedObjectDefinitions(ctx context.Context) ApiListLinkedObjectDefinitionsRequest {
+	return ApiListLinkedObjectDefinitionsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []LinkedObject
+func (a *LinkedObjectApiService) ListLinkedObjectDefinitionsExecute(r ApiListLinkedObjectDefinitionsRequest) ([]LinkedObject, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []LinkedObject
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LinkedObjectApiService.ListLinkedObjectDefinitions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/user/linkedObjects"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_log_stream.go b/okta/api_log_stream.go
new file mode 100644
index 000000000..0a0e4a47b
--- /dev/null
+++ b/okta/api_log_stream.go
@@ -0,0 +1,1335 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type LogStreamApi interface {
+	/*
+		ActivateLogStream Activate a Log Stream
+
+		Activates a log stream by `logStreamId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param logStreamId id of the log stream
+		@return ApiActivateLogStreamRequest
+	*/
+	ActivateLogStream(ctx context.Context, logStreamId string) ApiActivateLogStreamRequest
+
+	// ActivateLogStreamExecute executes the request
+	//  @return ListLogStreams200ResponseInner
+	ActivateLogStreamExecute(r ApiActivateLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error)
+
+	/*
+		CreateLogStream Create a Log Stream
+
+		Creates a new log stream
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateLogStreamRequest
+	*/
+	CreateLogStream(ctx context.Context) ApiCreateLogStreamRequest
+
+	// CreateLogStreamExecute executes the request
+	//  @return ListLogStreams200ResponseInner
+	CreateLogStreamExecute(r ApiCreateLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error)
+
+	/*
+		DeactivateLogStream Deactivate a Log Stream
+
+		Deactivates a log stream by `logStreamId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param logStreamId id of the log stream
+		@return ApiDeactivateLogStreamRequest
+	*/
+	DeactivateLogStream(ctx context.Context, logStreamId string) ApiDeactivateLogStreamRequest
+
+	// DeactivateLogStreamExecute executes the request
+	//  @return ListLogStreams200ResponseInner
+	DeactivateLogStreamExecute(r ApiDeactivateLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error)
+
+	/*
+		DeleteLogStream Delete a Log Stream
+
+		Deletes a log stream by `logStreamId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param logStreamId id of the log stream
+		@return ApiDeleteLogStreamRequest
+	*/
+	DeleteLogStream(ctx context.Context, logStreamId string) ApiDeleteLogStreamRequest
+
+	// DeleteLogStreamExecute executes the request
+	DeleteLogStreamExecute(r ApiDeleteLogStreamRequest) (*APIResponse, error)
+
+	/*
+		GetLogStream Retrieve a Log Stream
+
+		Retrieves a log stream by `logStreamId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param logStreamId id of the log stream
+		@return ApiGetLogStreamRequest
+	*/
+	GetLogStream(ctx context.Context, logStreamId string) ApiGetLogStreamRequest
+
+	// GetLogStreamExecute executes the request
+	//  @return ListLogStreams200ResponseInner
+	GetLogStreamExecute(r ApiGetLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error)
+
+	/*
+		ListLogStreams List all Log Streams
+
+		Lists all log streams. You can request a paginated list or a subset of Log Streams that match a supported filter expression.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListLogStreamsRequest
+	*/
+	ListLogStreams(ctx context.Context) ApiListLogStreamsRequest
+
+	// ListLogStreamsExecute executes the request
+	//  @return []ListLogStreams200ResponseInner
+	ListLogStreamsExecute(r ApiListLogStreamsRequest) ([]ListLogStreams200ResponseInner, *APIResponse, error)
+
+	/*
+		ReplaceLogStream Replace a Log Stream
+
+		Replaces a log stream by `logStreamId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param logStreamId id of the log stream
+		@return ApiReplaceLogStreamRequest
+	*/
+	ReplaceLogStream(ctx context.Context, logStreamId string) ApiReplaceLogStreamRequest
+
+	// ReplaceLogStreamExecute executes the request
+	//  @return ListLogStreams200ResponseInner
+	ReplaceLogStreamExecute(r ApiReplaceLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error)
+}
+
+// LogStreamApiService LogStreamApi service
+type LogStreamApiService service
+
+type ApiActivateLogStreamRequest struct {
+	ctx         context.Context
+	ApiService  LogStreamApi
+	logStreamId string
+	retryCount  int32
+}
+
+func (r ApiActivateLogStreamRequest) Execute() (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ActivateLogStreamExecute(r)
+}
+
+/*
+ActivateLogStream Activate a Log Stream
+
+Activates a log stream by `logStreamId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param logStreamId id of the log stream
+	@return ApiActivateLogStreamRequest
+*/
+func (a *LogStreamApiService) ActivateLogStream(ctx context.Context, logStreamId string) ApiActivateLogStreamRequest {
+	return ApiActivateLogStreamRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		logStreamId: logStreamId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListLogStreams200ResponseInner
+func (a *LogStreamApiService) ActivateLogStreamExecute(r ApiActivateLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListLogStreams200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LogStreamApiService.ActivateLogStream")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logStreams/{logStreamId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"logStreamId"+"}", url.PathEscape(parameterToString(r.logStreamId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateLogStreamRequest struct {
+	ctx        context.Context
+	ApiService LogStreamApi
+	instance   *ListLogStreams200ResponseInner
+	retryCount int32
+}
+
+func (r ApiCreateLogStreamRequest) Instance(instance ListLogStreams200ResponseInner) ApiCreateLogStreamRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiCreateLogStreamRequest) Execute() (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	return r.ApiService.CreateLogStreamExecute(r)
+}
+
+/*
+CreateLogStream Create a Log Stream
+
+Creates a new log stream
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateLogStreamRequest
+*/
+func (a *LogStreamApiService) CreateLogStream(ctx context.Context) ApiCreateLogStreamRequest {
+	return ApiCreateLogStreamRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListLogStreams200ResponseInner
+func (a *LogStreamApiService) CreateLogStreamExecute(r ApiCreateLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListLogStreams200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LogStreamApiService.CreateLogStream")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logStreams"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateLogStreamRequest struct {
+	ctx         context.Context
+	ApiService  LogStreamApi
+	logStreamId string
+	retryCount  int32
+}
+
+func (r ApiDeactivateLogStreamRequest) Execute() (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	return r.ApiService.DeactivateLogStreamExecute(r)
+}
+
+/*
+DeactivateLogStream Deactivate a Log Stream
+
+Deactivates a log stream by `logStreamId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param logStreamId id of the log stream
+	@return ApiDeactivateLogStreamRequest
+*/
+func (a *LogStreamApiService) DeactivateLogStream(ctx context.Context, logStreamId string) ApiDeactivateLogStreamRequest {
+	return ApiDeactivateLogStreamRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		logStreamId: logStreamId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListLogStreams200ResponseInner
+func (a *LogStreamApiService) DeactivateLogStreamExecute(r ApiDeactivateLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListLogStreams200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LogStreamApiService.DeactivateLogStream")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logStreams/{logStreamId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"logStreamId"+"}", url.PathEscape(parameterToString(r.logStreamId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteLogStreamRequest struct {
+	ctx         context.Context
+	ApiService  LogStreamApi
+	logStreamId string
+	retryCount  int32
+}
+
+func (r ApiDeleteLogStreamRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteLogStreamExecute(r)
+}
+
+/*
+DeleteLogStream Delete a Log Stream
+
+Deletes a log stream by `logStreamId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param logStreamId id of the log stream
+	@return ApiDeleteLogStreamRequest
+*/
+func (a *LogStreamApiService) DeleteLogStream(ctx context.Context, logStreamId string) ApiDeleteLogStreamRequest {
+	return ApiDeleteLogStreamRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		logStreamId: logStreamId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+func (a *LogStreamApiService) DeleteLogStreamExecute(r ApiDeleteLogStreamRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LogStreamApiService.DeleteLogStream")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logStreams/{logStreamId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"logStreamId"+"}", url.PathEscape(parameterToString(r.logStreamId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetLogStreamRequest struct {
+	ctx         context.Context
+	ApiService  LogStreamApi
+	logStreamId string
+	retryCount  int32
+}
+
+func (r ApiGetLogStreamRequest) Execute() (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetLogStreamExecute(r)
+}
+
+/*
+GetLogStream Retrieve a Log Stream
+
+Retrieves a log stream by `logStreamId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param logStreamId id of the log stream
+	@return ApiGetLogStreamRequest
+*/
+func (a *LogStreamApiService) GetLogStream(ctx context.Context, logStreamId string) ApiGetLogStreamRequest {
+	return ApiGetLogStreamRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		logStreamId: logStreamId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListLogStreams200ResponseInner
+func (a *LogStreamApiService) GetLogStreamExecute(r ApiGetLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListLogStreams200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LogStreamApiService.GetLogStream")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logStreams/{logStreamId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"logStreamId"+"}", url.PathEscape(parameterToString(r.logStreamId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListLogStreamsRequest struct {
+	ctx        context.Context
+	ApiService LogStreamApi
+	after      *string
+	limit      *int32
+	filter     *string
+	retryCount int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListLogStreamsRequest) After(after string) ApiListLogStreamsRequest {
+	r.after = &after
+	return r
+}
+
+// A limit on the number of objects to return.
+func (r ApiListLogStreamsRequest) Limit(limit int32) ApiListLogStreamsRequest {
+	r.limit = &limit
+	return r
+}
+
+// SCIM filter expression that filters the results. This expression only supports the &#x60;eq&#x60; operator on either the &#x60;status&#x60; or &#x60;type&#x60;.
+func (r ApiListLogStreamsRequest) Filter(filter string) ApiListLogStreamsRequest {
+	r.filter = &filter
+	return r
+}
+
+func (r ApiListLogStreamsRequest) Execute() ([]ListLogStreams200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListLogStreamsExecute(r)
+}
+
+/*
+ListLogStreams List all Log Streams
+
+Lists all log streams. You can request a paginated list or a subset of Log Streams that match a supported filter expression.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListLogStreamsRequest
+*/
+func (a *LogStreamApiService) ListLogStreams(ctx context.Context) ApiListLogStreamsRequest {
+	return ApiListLogStreamsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListLogStreams200ResponseInner
+func (a *LogStreamApiService) ListLogStreamsExecute(r ApiListLogStreamsRequest) ([]ListLogStreams200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListLogStreams200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LogStreamApiService.ListLogStreams")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logStreams"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceLogStreamRequest struct {
+	ctx         context.Context
+	ApiService  LogStreamApi
+	logStreamId string
+	instance    *ListLogStreams200ResponseInner
+	retryCount  int32
+}
+
+func (r ApiReplaceLogStreamRequest) Instance(instance ListLogStreams200ResponseInner) ApiReplaceLogStreamRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiReplaceLogStreamRequest) Execute() (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ReplaceLogStreamExecute(r)
+}
+
+/*
+ReplaceLogStream Replace a Log Stream
+
+Replaces a log stream by `logStreamId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param logStreamId id of the log stream
+	@return ApiReplaceLogStreamRequest
+*/
+func (a *LogStreamApiService) ReplaceLogStream(ctx context.Context, logStreamId string) ApiReplaceLogStreamRequest {
+	return ApiReplaceLogStreamRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		logStreamId: logStreamId,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListLogStreams200ResponseInner
+func (a *LogStreamApiService) ReplaceLogStreamExecute(r ApiReplaceLogStreamRequest) (*ListLogStreams200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListLogStreams200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "LogStreamApiService.ReplaceLogStream")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logStreams/{logStreamId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"logStreamId"+"}", url.PathEscape(parameterToString(r.logStreamId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_network_zone.go b/okta/api_network_zone.go
new file mode 100644
index 000000000..b0a66f2b8
--- /dev/null
+++ b/okta/api_network_zone.go
@@ -0,0 +1,1349 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type NetworkZoneApi interface {
+	/*
+		ActivateNetworkZone Activate a Network Zone
+
+		Activates a network zone by `zoneId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param zoneId
+		@return ApiActivateNetworkZoneRequest
+	*/
+	ActivateNetworkZone(ctx context.Context, zoneId string) ApiActivateNetworkZoneRequest
+
+	// ActivateNetworkZoneExecute executes the request
+	//  @return NetworkZone
+	ActivateNetworkZoneExecute(r ApiActivateNetworkZoneRequest) (*NetworkZone, *APIResponse, error)
+
+	/*
+			CreateNetworkZone Create a Network Zone
+
+			Creates a new network zone.
+		* At least one of either the `gateways` attribute or `proxies` attribute must be defined when creating a Network Zone.
+		* At least one of the following attributes must be defined: `proxyType`, `locations`, or `asns`.
+
+			@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			@return ApiCreateNetworkZoneRequest
+	*/
+	CreateNetworkZone(ctx context.Context) ApiCreateNetworkZoneRequest
+
+	// CreateNetworkZoneExecute executes the request
+	//  @return NetworkZone
+	CreateNetworkZoneExecute(r ApiCreateNetworkZoneRequest) (*NetworkZone, *APIResponse, error)
+
+	/*
+		DeactivateNetworkZone Deactivate a Network Zone
+
+		Deactivates a network zone by `zoneId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param zoneId
+		@return ApiDeactivateNetworkZoneRequest
+	*/
+	DeactivateNetworkZone(ctx context.Context, zoneId string) ApiDeactivateNetworkZoneRequest
+
+	// DeactivateNetworkZoneExecute executes the request
+	//  @return NetworkZone
+	DeactivateNetworkZoneExecute(r ApiDeactivateNetworkZoneRequest) (*NetworkZone, *APIResponse, error)
+
+	/*
+		DeleteNetworkZone Delete a Network Zone
+
+		Deletes network zone by `zoneId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param zoneId
+		@return ApiDeleteNetworkZoneRequest
+	*/
+	DeleteNetworkZone(ctx context.Context, zoneId string) ApiDeleteNetworkZoneRequest
+
+	// DeleteNetworkZoneExecute executes the request
+	DeleteNetworkZoneExecute(r ApiDeleteNetworkZoneRequest) (*APIResponse, error)
+
+	/*
+		GetNetworkZone Retrieve a Network Zone
+
+		Retrieves a network zone by `zoneId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param zoneId
+		@return ApiGetNetworkZoneRequest
+	*/
+	GetNetworkZone(ctx context.Context, zoneId string) ApiGetNetworkZoneRequest
+
+	// GetNetworkZoneExecute executes the request
+	//  @return NetworkZone
+	GetNetworkZoneExecute(r ApiGetNetworkZoneRequest) (*NetworkZone, *APIResponse, error)
+
+	/*
+			ListNetworkZones List all Network Zones
+
+			Lists all network zones with pagination. A subset of zones can be returned that match a supported filter expression or query.
+
+		This operation requires URL encoding. For example, `filter=(id eq "nzoul0wf9jyb8xwZm0g3" or id eq "nzoul1MxmGN18NDQT0g3")` is encoded as `filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29`.
+
+		Okta supports filtering on the `id` and `usage` properties. See [Filtering](https://developer.okta.com/docs/reference/core-okta-api/#filter) for more information on the expressions that are used in filtering.
+
+			@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			@return ApiListNetworkZonesRequest
+	*/
+	ListNetworkZones(ctx context.Context) ApiListNetworkZonesRequest
+
+	// ListNetworkZonesExecute executes the request
+	//  @return []NetworkZone
+	ListNetworkZonesExecute(r ApiListNetworkZonesRequest) ([]NetworkZone, *APIResponse, error)
+
+	/*
+			ReplaceNetworkZone Replace a Network Zone
+
+			Replaces a network zone by `zoneId`. The replaced network zone type must be the same as the existing type.
+		You may replace the usage (`POLICY`, `BLOCKLIST`) of a network zone by updating the `usage` attribute.
+
+			@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+			@param zoneId
+			@return ApiReplaceNetworkZoneRequest
+	*/
+	ReplaceNetworkZone(ctx context.Context, zoneId string) ApiReplaceNetworkZoneRequest
+
+	// ReplaceNetworkZoneExecute executes the request
+	//  @return NetworkZone
+	ReplaceNetworkZoneExecute(r ApiReplaceNetworkZoneRequest) (*NetworkZone, *APIResponse, error)
+}
+
+// NetworkZoneApiService NetworkZoneApi service
+type NetworkZoneApiService service
+
+type ApiActivateNetworkZoneRequest struct {
+	ctx        context.Context
+	ApiService NetworkZoneApi
+	zoneId     string
+	retryCount int32
+}
+
+func (r ApiActivateNetworkZoneRequest) Execute() (*NetworkZone, *APIResponse, error) {
+	return r.ApiService.ActivateNetworkZoneExecute(r)
+}
+
+/*
+ActivateNetworkZone Activate a Network Zone
+
+Activates a network zone by `zoneId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param zoneId
+	@return ApiActivateNetworkZoneRequest
+*/
+func (a *NetworkZoneApiService) ActivateNetworkZone(ctx context.Context, zoneId string) ApiActivateNetworkZoneRequest {
+	return ApiActivateNetworkZoneRequest{
+		ApiService: a,
+		ctx:        ctx,
+		zoneId:     zoneId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return NetworkZone
+func (a *NetworkZoneApiService) ActivateNetworkZoneExecute(r ApiActivateNetworkZoneRequest) (*NetworkZone, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *NetworkZone
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "NetworkZoneApiService.ActivateNetworkZone")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/zones/{zoneId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"zoneId"+"}", url.PathEscape(parameterToString(r.zoneId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateNetworkZoneRequest struct {
+	ctx        context.Context
+	ApiService NetworkZoneApi
+	zone       *NetworkZone
+	retryCount int32
+}
+
+func (r ApiCreateNetworkZoneRequest) Zone(zone NetworkZone) ApiCreateNetworkZoneRequest {
+	r.zone = &zone
+	return r
+}
+
+func (r ApiCreateNetworkZoneRequest) Execute() (*NetworkZone, *APIResponse, error) {
+	return r.ApiService.CreateNetworkZoneExecute(r)
+}
+
+/*
+CreateNetworkZone Create a Network Zone
+
+Creates a new network zone.
+* At least one of either the `gateways` attribute or `proxies` attribute must be defined when creating a Network Zone.
+* At least one of the following attributes must be defined: `proxyType`, `locations`, or `asns`.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateNetworkZoneRequest
+*/
+func (a *NetworkZoneApiService) CreateNetworkZone(ctx context.Context) ApiCreateNetworkZoneRequest {
+	return ApiCreateNetworkZoneRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return NetworkZone
+func (a *NetworkZoneApiService) CreateNetworkZoneExecute(r ApiCreateNetworkZoneRequest) (*NetworkZone, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *NetworkZone
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "NetworkZoneApiService.CreateNetworkZone")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/zones"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.zone == nil {
+		return localVarReturnValue, nil, reportError("zone is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.zone
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateNetworkZoneRequest struct {
+	ctx        context.Context
+	ApiService NetworkZoneApi
+	zoneId     string
+	retryCount int32
+}
+
+func (r ApiDeactivateNetworkZoneRequest) Execute() (*NetworkZone, *APIResponse, error) {
+	return r.ApiService.DeactivateNetworkZoneExecute(r)
+}
+
+/*
+DeactivateNetworkZone Deactivate a Network Zone
+
+Deactivates a network zone by `zoneId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param zoneId
+	@return ApiDeactivateNetworkZoneRequest
+*/
+func (a *NetworkZoneApiService) DeactivateNetworkZone(ctx context.Context, zoneId string) ApiDeactivateNetworkZoneRequest {
+	return ApiDeactivateNetworkZoneRequest{
+		ApiService: a,
+		ctx:        ctx,
+		zoneId:     zoneId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return NetworkZone
+func (a *NetworkZoneApiService) DeactivateNetworkZoneExecute(r ApiDeactivateNetworkZoneRequest) (*NetworkZone, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *NetworkZone
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "NetworkZoneApiService.DeactivateNetworkZone")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/zones/{zoneId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"zoneId"+"}", url.PathEscape(parameterToString(r.zoneId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteNetworkZoneRequest struct {
+	ctx        context.Context
+	ApiService NetworkZoneApi
+	zoneId     string
+	retryCount int32
+}
+
+func (r ApiDeleteNetworkZoneRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteNetworkZoneExecute(r)
+}
+
+/*
+DeleteNetworkZone Delete a Network Zone
+
+Deletes network zone by `zoneId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param zoneId
+	@return ApiDeleteNetworkZoneRequest
+*/
+func (a *NetworkZoneApiService) DeleteNetworkZone(ctx context.Context, zoneId string) ApiDeleteNetworkZoneRequest {
+	return ApiDeleteNetworkZoneRequest{
+		ApiService: a,
+		ctx:        ctx,
+		zoneId:     zoneId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *NetworkZoneApiService) DeleteNetworkZoneExecute(r ApiDeleteNetworkZoneRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "NetworkZoneApiService.DeleteNetworkZone")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/zones/{zoneId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"zoneId"+"}", url.PathEscape(parameterToString(r.zoneId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetNetworkZoneRequest struct {
+	ctx        context.Context
+	ApiService NetworkZoneApi
+	zoneId     string
+	retryCount int32
+}
+
+func (r ApiGetNetworkZoneRequest) Execute() (*NetworkZone, *APIResponse, error) {
+	return r.ApiService.GetNetworkZoneExecute(r)
+}
+
+/*
+GetNetworkZone Retrieve a Network Zone
+
+Retrieves a network zone by `zoneId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param zoneId
+	@return ApiGetNetworkZoneRequest
+*/
+func (a *NetworkZoneApiService) GetNetworkZone(ctx context.Context, zoneId string) ApiGetNetworkZoneRequest {
+	return ApiGetNetworkZoneRequest{
+		ApiService: a,
+		ctx:        ctx,
+		zoneId:     zoneId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return NetworkZone
+func (a *NetworkZoneApiService) GetNetworkZoneExecute(r ApiGetNetworkZoneRequest) (*NetworkZone, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *NetworkZone
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "NetworkZoneApiService.GetNetworkZone")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/zones/{zoneId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"zoneId"+"}", url.PathEscape(parameterToString(r.zoneId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListNetworkZonesRequest struct {
+	ctx        context.Context
+	ApiService NetworkZoneApi
+	after      *string
+	limit      *int32
+	filter     *string
+	retryCount int32
+}
+
+// Specifies the pagination cursor for the next page of network zones
+func (r ApiListNetworkZonesRequest) After(after string) ApiListNetworkZonesRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of results for a page
+func (r ApiListNetworkZonesRequest) Limit(limit int32) ApiListNetworkZonesRequest {
+	r.limit = &limit
+	return r
+}
+
+// Filters zones by usage or id expression
+func (r ApiListNetworkZonesRequest) Filter(filter string) ApiListNetworkZonesRequest {
+	r.filter = &filter
+	return r
+}
+
+func (r ApiListNetworkZonesRequest) Execute() ([]NetworkZone, *APIResponse, error) {
+	return r.ApiService.ListNetworkZonesExecute(r)
+}
+
+/*
+ListNetworkZones List all Network Zones
+
+Lists all network zones with pagination. A subset of zones can be returned that match a supported filter expression or query.
+
+This operation requires URL encoding. For example, `filter=(id eq "nzoul0wf9jyb8xwZm0g3" or id eq "nzoul1MxmGN18NDQT0g3")` is encoded as `filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29`.
+
+Okta supports filtering on the `id` and `usage` properties. See [Filtering](https://developer.okta.com/docs/reference/core-okta-api/#filter) for more information on the expressions that are used in filtering.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListNetworkZonesRequest
+*/
+func (a *NetworkZoneApiService) ListNetworkZones(ctx context.Context) ApiListNetworkZonesRequest {
+	return ApiListNetworkZonesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []NetworkZone
+func (a *NetworkZoneApiService) ListNetworkZonesExecute(r ApiListNetworkZonesRequest) ([]NetworkZone, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []NetworkZone
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "NetworkZoneApiService.ListNetworkZones")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/zones"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceNetworkZoneRequest struct {
+	ctx        context.Context
+	ApiService NetworkZoneApi
+	zoneId     string
+	zone       *NetworkZone
+	retryCount int32
+}
+
+func (r ApiReplaceNetworkZoneRequest) Zone(zone NetworkZone) ApiReplaceNetworkZoneRequest {
+	r.zone = &zone
+	return r
+}
+
+func (r ApiReplaceNetworkZoneRequest) Execute() (*NetworkZone, *APIResponse, error) {
+	return r.ApiService.ReplaceNetworkZoneExecute(r)
+}
+
+/*
+ReplaceNetworkZone Replace a Network Zone
+
+Replaces a network zone by `zoneId`. The replaced network zone type must be the same as the existing type.
+You may replace the usage (`POLICY`, `BLOCKLIST`) of a network zone by updating the `usage` attribute.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param zoneId
+	@return ApiReplaceNetworkZoneRequest
+*/
+func (a *NetworkZoneApiService) ReplaceNetworkZone(ctx context.Context, zoneId string) ApiReplaceNetworkZoneRequest {
+	return ApiReplaceNetworkZoneRequest{
+		ApiService: a,
+		ctx:        ctx,
+		zoneId:     zoneId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return NetworkZone
+func (a *NetworkZoneApiService) ReplaceNetworkZoneExecute(r ApiReplaceNetworkZoneRequest) (*NetworkZone, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *NetworkZone
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "NetworkZoneApiService.ReplaceNetworkZone")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/zones/{zoneId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"zoneId"+"}", url.PathEscape(parameterToString(r.zoneId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.zone == nil {
+		return localVarReturnValue, nil, reportError("zone is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.zone
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_org_setting.go b/okta/api_org_setting.go
new file mode 100644
index 000000000..d5f00a313
--- /dev/null
+++ b/okta/api_org_setting.go
@@ -0,0 +1,3272 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+)
+
+type OrgSettingApi interface {
+	/*
+		BulkRemoveEmailAddressBounces Remove Emails from Email Provider Bounce List
+
+		Removes a list of email addresses to be removed from the set of email addresses that are bounced
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiBulkRemoveEmailAddressBouncesRequest
+	*/
+	BulkRemoveEmailAddressBounces(ctx context.Context) ApiBulkRemoveEmailAddressBouncesRequest
+
+	// BulkRemoveEmailAddressBouncesExecute executes the request
+	//  @return BouncesRemoveListResult
+	BulkRemoveEmailAddressBouncesExecute(r ApiBulkRemoveEmailAddressBouncesRequest) (*BouncesRemoveListResult, *APIResponse, error)
+
+	/*
+		ExtendOktaSupport Extend Okta Support Access
+
+		Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiExtendOktaSupportRequest
+	*/
+	ExtendOktaSupport(ctx context.Context) ApiExtendOktaSupportRequest
+
+	// ExtendOktaSupportExecute executes the request
+	//  @return OrgOktaSupportSettingsObj
+	ExtendOktaSupportExecute(r ApiExtendOktaSupportRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error)
+
+	/*
+		GetOktaCommunicationSettings Retrieve the Okta Communication Settings
+
+		Retrieves Okta Communication Settings of your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetOktaCommunicationSettingsRequest
+	*/
+	GetOktaCommunicationSettings(ctx context.Context) ApiGetOktaCommunicationSettingsRequest
+
+	// GetOktaCommunicationSettingsExecute executes the request
+	//  @return OrgOktaCommunicationSetting
+	GetOktaCommunicationSettingsExecute(r ApiGetOktaCommunicationSettingsRequest) (*OrgOktaCommunicationSetting, *APIResponse, error)
+
+	/*
+		GetOrgContactTypes Retrieve the Org Contact Types
+
+		Retrieves Contact Types of your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetOrgContactTypesRequest
+	*/
+	GetOrgContactTypes(ctx context.Context) ApiGetOrgContactTypesRequest
+
+	// GetOrgContactTypesExecute executes the request
+	//  @return []OrgContactTypeObj
+	GetOrgContactTypesExecute(r ApiGetOrgContactTypesRequest) ([]OrgContactTypeObj, *APIResponse, error)
+
+	/*
+		GetOrgContactUser Retrieve the User of the Contact Type
+
+		Retrieves the URL of the User associated with the specified Contact Type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param contactType
+		@return ApiGetOrgContactUserRequest
+	*/
+	GetOrgContactUser(ctx context.Context, contactType string) ApiGetOrgContactUserRequest
+
+	// GetOrgContactUserExecute executes the request
+	//  @return OrgContactUser
+	GetOrgContactUserExecute(r ApiGetOrgContactUserRequest) (*OrgContactUser, *APIResponse, error)
+
+	/*
+		GetOrgOktaSupportSettings Retrieve the Okta Support Settings
+
+		Retrieves Okta Support Settings of your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetOrgOktaSupportSettingsRequest
+	*/
+	GetOrgOktaSupportSettings(ctx context.Context) ApiGetOrgOktaSupportSettingsRequest
+
+	// GetOrgOktaSupportSettingsExecute executes the request
+	//  @return OrgOktaSupportSettingsObj
+	GetOrgOktaSupportSettingsExecute(r ApiGetOrgOktaSupportSettingsRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error)
+
+	/*
+		GetOrgPreferences Retrieve the Org Preferences
+
+		Retrieves preferences of your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetOrgPreferencesRequest
+	*/
+	GetOrgPreferences(ctx context.Context) ApiGetOrgPreferencesRequest
+
+	// GetOrgPreferencesExecute executes the request
+	//  @return OrgPreferences
+	GetOrgPreferencesExecute(r ApiGetOrgPreferencesRequest) (*OrgPreferences, *APIResponse, error)
+
+	/*
+		GetOrgSettings Retrieve the Org Settings
+
+		Retrieves the org settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetOrgSettingsRequest
+	*/
+	GetOrgSettings(ctx context.Context) ApiGetOrgSettingsRequest
+
+	// GetOrgSettingsExecute executes the request
+	//  @return OrgSetting
+	GetOrgSettingsExecute(r ApiGetOrgSettingsRequest) (*OrgSetting, *APIResponse, error)
+
+	/*
+		GetWellknownOrgMetadata Retrieve the Well-Known Org Metadata
+
+		Retrieves the well-known org metadata, which includes the id, configured custom domains, authentication pipeline, and various other org settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetWellknownOrgMetadataRequest
+	*/
+	GetWellknownOrgMetadata(ctx context.Context) ApiGetWellknownOrgMetadataRequest
+
+	// GetWellknownOrgMetadataExecute executes the request
+	//  @return WellKnownOrgMetadata
+	GetWellknownOrgMetadataExecute(r ApiGetWellknownOrgMetadataRequest) (*WellKnownOrgMetadata, *APIResponse, error)
+
+	/*
+		GrantOktaSupport Grant Okta Support Access to your Org
+
+		Grants Okta Support temporary access your org as an administrator for eight hours
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGrantOktaSupportRequest
+	*/
+	GrantOktaSupport(ctx context.Context) ApiGrantOktaSupportRequest
+
+	// GrantOktaSupportExecute executes the request
+	//  @return OrgOktaSupportSettingsObj
+	GrantOktaSupportExecute(r ApiGrantOktaSupportRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error)
+
+	/*
+		OptInUsersToOktaCommunicationEmails Opt in all Users to Okta Communication emails
+
+		Opts in all users of this org to Okta Communication emails
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiOptInUsersToOktaCommunicationEmailsRequest
+	*/
+	OptInUsersToOktaCommunicationEmails(ctx context.Context) ApiOptInUsersToOktaCommunicationEmailsRequest
+
+	// OptInUsersToOktaCommunicationEmailsExecute executes the request
+	//  @return OrgOktaCommunicationSetting
+	OptInUsersToOktaCommunicationEmailsExecute(r ApiOptInUsersToOktaCommunicationEmailsRequest) (*OrgOktaCommunicationSetting, *APIResponse, error)
+
+	/*
+		OptOutUsersFromOktaCommunicationEmails Opt out all Users from Okta Communication emails
+
+		Opts out all users of this org from Okta Communication emails
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiOptOutUsersFromOktaCommunicationEmailsRequest
+	*/
+	OptOutUsersFromOktaCommunicationEmails(ctx context.Context) ApiOptOutUsersFromOktaCommunicationEmailsRequest
+
+	// OptOutUsersFromOktaCommunicationEmailsExecute executes the request
+	//  @return OrgOktaCommunicationSetting
+	OptOutUsersFromOktaCommunicationEmailsExecute(r ApiOptOutUsersFromOktaCommunicationEmailsRequest) (*OrgOktaCommunicationSetting, *APIResponse, error)
+
+	/*
+		ReplaceOrgContactUser Replace the User of the Contact Type
+
+		Replaces the User associated with the specified Contact Type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param contactType
+		@return ApiReplaceOrgContactUserRequest
+	*/
+	ReplaceOrgContactUser(ctx context.Context, contactType string) ApiReplaceOrgContactUserRequest
+
+	// ReplaceOrgContactUserExecute executes the request
+	//  @return OrgContactUser
+	ReplaceOrgContactUserExecute(r ApiReplaceOrgContactUserRequest) (*OrgContactUser, *APIResponse, error)
+
+	/*
+		ReplaceOrgSettings Replace the Org Settings
+
+		Replaces the settings of your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiReplaceOrgSettingsRequest
+	*/
+	ReplaceOrgSettings(ctx context.Context) ApiReplaceOrgSettingsRequest
+
+	// ReplaceOrgSettingsExecute executes the request
+	//  @return OrgSetting
+	ReplaceOrgSettingsExecute(r ApiReplaceOrgSettingsRequest) (*OrgSetting, *APIResponse, error)
+
+	/*
+		RevokeOktaSupport Revoke Okta Support Access
+
+		Revokes Okta Support access to your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiRevokeOktaSupportRequest
+	*/
+	RevokeOktaSupport(ctx context.Context) ApiRevokeOktaSupportRequest
+
+	// RevokeOktaSupportExecute executes the request
+	//  @return OrgOktaSupportSettingsObj
+	RevokeOktaSupportExecute(r ApiRevokeOktaSupportRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error)
+
+	/*
+		UpdateOrgHideOktaUIFooter Update the Preference to Hide the Okta Dashboard Footer
+
+		Updates the preference hide the Okta UI footer for all end users of your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiUpdateOrgHideOktaUIFooterRequest
+	*/
+	UpdateOrgHideOktaUIFooter(ctx context.Context) ApiUpdateOrgHideOktaUIFooterRequest
+
+	// UpdateOrgHideOktaUIFooterExecute executes the request
+	//  @return OrgPreferences
+	UpdateOrgHideOktaUIFooterExecute(r ApiUpdateOrgHideOktaUIFooterRequest) (*OrgPreferences, *APIResponse, error)
+
+	/*
+		UpdateOrgSettings Update the Org Settings
+
+		Partially updates the org settings depending on provided fields
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiUpdateOrgSettingsRequest
+	*/
+	UpdateOrgSettings(ctx context.Context) ApiUpdateOrgSettingsRequest
+
+	// UpdateOrgSettingsExecute executes the request
+	//  @return OrgSetting
+	UpdateOrgSettingsExecute(r ApiUpdateOrgSettingsRequest) (*OrgSetting, *APIResponse, error)
+
+	/*
+		UpdateOrgShowOktaUIFooter Update the Preference to Show the Okta Dashboard Footer
+
+		Updates the preference to show the Okta UI footer for all end users of your organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiUpdateOrgShowOktaUIFooterRequest
+	*/
+	UpdateOrgShowOktaUIFooter(ctx context.Context) ApiUpdateOrgShowOktaUIFooterRequest
+
+	// UpdateOrgShowOktaUIFooterExecute executes the request
+	//  @return OrgPreferences
+	UpdateOrgShowOktaUIFooterExecute(r ApiUpdateOrgShowOktaUIFooterRequest) (*OrgPreferences, *APIResponse, error)
+
+	/*
+		UploadOrgLogo Upload the Org Logo
+
+		Uploads and replaces the logo for your organization. The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiUploadOrgLogoRequest
+	*/
+	UploadOrgLogo(ctx context.Context) ApiUploadOrgLogoRequest
+
+	// UploadOrgLogoExecute executes the request
+	UploadOrgLogoExecute(r ApiUploadOrgLogoRequest) (*APIResponse, error)
+}
+
+// OrgSettingApiService OrgSettingApi service
+type OrgSettingApiService service
+
+type ApiBulkRemoveEmailAddressBouncesRequest struct {
+	ctx                  context.Context
+	ApiService           OrgSettingApi
+	bouncesRemoveListObj *BouncesRemoveListObj
+	retryCount           int32
+}
+
+func (r ApiBulkRemoveEmailAddressBouncesRequest) BouncesRemoveListObj(bouncesRemoveListObj BouncesRemoveListObj) ApiBulkRemoveEmailAddressBouncesRequest {
+	r.bouncesRemoveListObj = &bouncesRemoveListObj
+	return r
+}
+
+func (r ApiBulkRemoveEmailAddressBouncesRequest) Execute() (*BouncesRemoveListResult, *APIResponse, error) {
+	return r.ApiService.BulkRemoveEmailAddressBouncesExecute(r)
+}
+
+/*
+BulkRemoveEmailAddressBounces Remove Emails from Email Provider Bounce List
+
+Removes a list of email addresses to be removed from the set of email addresses that are bounced
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiBulkRemoveEmailAddressBouncesRequest
+*/
+func (a *OrgSettingApiService) BulkRemoveEmailAddressBounces(ctx context.Context) ApiBulkRemoveEmailAddressBouncesRequest {
+	return ApiBulkRemoveEmailAddressBouncesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return BouncesRemoveListResult
+func (a *OrgSettingApiService) BulkRemoveEmailAddressBouncesExecute(r ApiBulkRemoveEmailAddressBouncesRequest) (*BouncesRemoveListResult, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *BouncesRemoveListResult
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.BulkRemoveEmailAddressBounces")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/email/bounces/remove-list"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.bouncesRemoveListObj
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiExtendOktaSupportRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiExtendOktaSupportRequest) Execute() (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	return r.ApiService.ExtendOktaSupportExecute(r)
+}
+
+/*
+ExtendOktaSupport Extend Okta Support Access
+
+Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiExtendOktaSupportRequest
+*/
+func (a *OrgSettingApiService) ExtendOktaSupport(ctx context.Context) ApiExtendOktaSupportRequest {
+	return ApiExtendOktaSupportRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgOktaSupportSettingsObj
+func (a *OrgSettingApiService) ExtendOktaSupportExecute(r ApiExtendOktaSupportRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgOktaSupportSettingsObj
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.ExtendOktaSupport")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/privacy/oktaSupport/extend"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOktaCommunicationSettingsRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiGetOktaCommunicationSettingsRequest) Execute() (*OrgOktaCommunicationSetting, *APIResponse, error) {
+	return r.ApiService.GetOktaCommunicationSettingsExecute(r)
+}
+
+/*
+GetOktaCommunicationSettings Retrieve the Okta Communication Settings
+
+Retrieves Okta Communication Settings of your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetOktaCommunicationSettingsRequest
+*/
+func (a *OrgSettingApiService) GetOktaCommunicationSettings(ctx context.Context) ApiGetOktaCommunicationSettingsRequest {
+	return ApiGetOktaCommunicationSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgOktaCommunicationSetting
+func (a *OrgSettingApiService) GetOktaCommunicationSettingsExecute(r ApiGetOktaCommunicationSettingsRequest) (*OrgOktaCommunicationSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgOktaCommunicationSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GetOktaCommunicationSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/privacy/oktaCommunication"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOrgContactTypesRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiGetOrgContactTypesRequest) Execute() ([]OrgContactTypeObj, *APIResponse, error) {
+	return r.ApiService.GetOrgContactTypesExecute(r)
+}
+
+/*
+GetOrgContactTypes Retrieve the Org Contact Types
+
+Retrieves Contact Types of your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetOrgContactTypesRequest
+*/
+func (a *OrgSettingApiService) GetOrgContactTypes(ctx context.Context) ApiGetOrgContactTypesRequest {
+	return ApiGetOrgContactTypesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OrgContactTypeObj
+func (a *OrgSettingApiService) GetOrgContactTypesExecute(r ApiGetOrgContactTypesRequest) ([]OrgContactTypeObj, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OrgContactTypeObj
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GetOrgContactTypes")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/contacts"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOrgContactUserRequest struct {
+	ctx         context.Context
+	ApiService  OrgSettingApi
+	contactType string
+	retryCount  int32
+}
+
+func (r ApiGetOrgContactUserRequest) Execute() (*OrgContactUser, *APIResponse, error) {
+	return r.ApiService.GetOrgContactUserExecute(r)
+}
+
+/*
+GetOrgContactUser Retrieve the User of the Contact Type
+
+Retrieves the URL of the User associated with the specified Contact Type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param contactType
+	@return ApiGetOrgContactUserRequest
+*/
+func (a *OrgSettingApiService) GetOrgContactUser(ctx context.Context, contactType string) ApiGetOrgContactUserRequest {
+	return ApiGetOrgContactUserRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		contactType: contactType,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgContactUser
+func (a *OrgSettingApiService) GetOrgContactUserExecute(r ApiGetOrgContactUserRequest) (*OrgContactUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgContactUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GetOrgContactUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/contacts/{contactType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"contactType"+"}", url.PathEscape(parameterToString(r.contactType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOrgOktaSupportSettingsRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiGetOrgOktaSupportSettingsRequest) Execute() (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	return r.ApiService.GetOrgOktaSupportSettingsExecute(r)
+}
+
+/*
+GetOrgOktaSupportSettings Retrieve the Okta Support Settings
+
+Retrieves Okta Support Settings of your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetOrgOktaSupportSettingsRequest
+*/
+func (a *OrgSettingApiService) GetOrgOktaSupportSettings(ctx context.Context) ApiGetOrgOktaSupportSettingsRequest {
+	return ApiGetOrgOktaSupportSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgOktaSupportSettingsObj
+func (a *OrgSettingApiService) GetOrgOktaSupportSettingsExecute(r ApiGetOrgOktaSupportSettingsRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgOktaSupportSettingsObj
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GetOrgOktaSupportSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/privacy/oktaSupport"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOrgPreferencesRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiGetOrgPreferencesRequest) Execute() (*OrgPreferences, *APIResponse, error) {
+	return r.ApiService.GetOrgPreferencesExecute(r)
+}
+
+/*
+GetOrgPreferences Retrieve the Org Preferences
+
+Retrieves preferences of your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetOrgPreferencesRequest
+*/
+func (a *OrgSettingApiService) GetOrgPreferences(ctx context.Context) ApiGetOrgPreferencesRequest {
+	return ApiGetOrgPreferencesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgPreferences
+func (a *OrgSettingApiService) GetOrgPreferencesExecute(r ApiGetOrgPreferencesRequest) (*OrgPreferences, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgPreferences
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GetOrgPreferences")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/preferences"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetOrgSettingsRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiGetOrgSettingsRequest) Execute() (*OrgSetting, *APIResponse, error) {
+	return r.ApiService.GetOrgSettingsExecute(r)
+}
+
+/*
+GetOrgSettings Retrieve the Org Settings
+
+Retrieves the org settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetOrgSettingsRequest
+*/
+func (a *OrgSettingApiService) GetOrgSettings(ctx context.Context) ApiGetOrgSettingsRequest {
+	return ApiGetOrgSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgSetting
+func (a *OrgSettingApiService) GetOrgSettingsExecute(r ApiGetOrgSettingsRequest) (*OrgSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GetOrgSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetWellknownOrgMetadataRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiGetWellknownOrgMetadataRequest) Execute() (*WellKnownOrgMetadata, *APIResponse, error) {
+	return r.ApiService.GetWellknownOrgMetadataExecute(r)
+}
+
+/*
+GetWellknownOrgMetadata Retrieve the Well-Known Org Metadata
+
+Retrieves the well-known org metadata, which includes the id, configured custom domains, authentication pipeline, and various other org settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetWellknownOrgMetadataRequest
+*/
+func (a *OrgSettingApiService) GetWellknownOrgMetadata(ctx context.Context) ApiGetWellknownOrgMetadataRequest {
+	return ApiGetWellknownOrgMetadataRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return WellKnownOrgMetadata
+func (a *OrgSettingApiService) GetWellknownOrgMetadataExecute(r ApiGetWellknownOrgMetadataRequest) (*WellKnownOrgMetadata, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *WellKnownOrgMetadata
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GetWellknownOrgMetadata")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/.well-known/okta-organization"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGrantOktaSupportRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiGrantOktaSupportRequest) Execute() (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	return r.ApiService.GrantOktaSupportExecute(r)
+}
+
+/*
+GrantOktaSupport Grant Okta Support Access to your Org
+
+Grants Okta Support temporary access your org as an administrator for eight hours
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGrantOktaSupportRequest
+*/
+func (a *OrgSettingApiService) GrantOktaSupport(ctx context.Context) ApiGrantOktaSupportRequest {
+	return ApiGrantOktaSupportRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgOktaSupportSettingsObj
+func (a *OrgSettingApiService) GrantOktaSupportExecute(r ApiGrantOktaSupportRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgOktaSupportSettingsObj
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.GrantOktaSupport")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/privacy/oktaSupport/grant"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiOptInUsersToOktaCommunicationEmailsRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiOptInUsersToOktaCommunicationEmailsRequest) Execute() (*OrgOktaCommunicationSetting, *APIResponse, error) {
+	return r.ApiService.OptInUsersToOktaCommunicationEmailsExecute(r)
+}
+
+/*
+OptInUsersToOktaCommunicationEmails Opt in all Users to Okta Communication emails
+
+Opts in all users of this org to Okta Communication emails
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiOptInUsersToOktaCommunicationEmailsRequest
+*/
+func (a *OrgSettingApiService) OptInUsersToOktaCommunicationEmails(ctx context.Context) ApiOptInUsersToOktaCommunicationEmailsRequest {
+	return ApiOptInUsersToOktaCommunicationEmailsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgOktaCommunicationSetting
+func (a *OrgSettingApiService) OptInUsersToOktaCommunicationEmailsExecute(r ApiOptInUsersToOktaCommunicationEmailsRequest) (*OrgOktaCommunicationSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgOktaCommunicationSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.OptInUsersToOktaCommunicationEmails")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/privacy/oktaCommunication/optIn"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiOptOutUsersFromOktaCommunicationEmailsRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiOptOutUsersFromOktaCommunicationEmailsRequest) Execute() (*OrgOktaCommunicationSetting, *APIResponse, error) {
+	return r.ApiService.OptOutUsersFromOktaCommunicationEmailsExecute(r)
+}
+
+/*
+OptOutUsersFromOktaCommunicationEmails Opt out all Users from Okta Communication emails
+
+Opts out all users of this org from Okta Communication emails
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiOptOutUsersFromOktaCommunicationEmailsRequest
+*/
+func (a *OrgSettingApiService) OptOutUsersFromOktaCommunicationEmails(ctx context.Context) ApiOptOutUsersFromOktaCommunicationEmailsRequest {
+	return ApiOptOutUsersFromOktaCommunicationEmailsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgOktaCommunicationSetting
+func (a *OrgSettingApiService) OptOutUsersFromOktaCommunicationEmailsExecute(r ApiOptOutUsersFromOktaCommunicationEmailsRequest) (*OrgOktaCommunicationSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgOktaCommunicationSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.OptOutUsersFromOktaCommunicationEmails")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/privacy/oktaCommunication/optOut"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceOrgContactUserRequest struct {
+	ctx            context.Context
+	ApiService     OrgSettingApi
+	contactType    string
+	orgContactUser *OrgContactUser
+	retryCount     int32
+}
+
+func (r ApiReplaceOrgContactUserRequest) OrgContactUser(orgContactUser OrgContactUser) ApiReplaceOrgContactUserRequest {
+	r.orgContactUser = &orgContactUser
+	return r
+}
+
+func (r ApiReplaceOrgContactUserRequest) Execute() (*OrgContactUser, *APIResponse, error) {
+	return r.ApiService.ReplaceOrgContactUserExecute(r)
+}
+
+/*
+ReplaceOrgContactUser Replace the User of the Contact Type
+
+Replaces the User associated with the specified Contact Type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param contactType
+	@return ApiReplaceOrgContactUserRequest
+*/
+func (a *OrgSettingApiService) ReplaceOrgContactUser(ctx context.Context, contactType string) ApiReplaceOrgContactUserRequest {
+	return ApiReplaceOrgContactUserRequest{
+		ApiService:  a,
+		ctx:         ctx,
+		contactType: contactType,
+		retryCount:  0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgContactUser
+func (a *OrgSettingApiService) ReplaceOrgContactUserExecute(r ApiReplaceOrgContactUserRequest) (*OrgContactUser, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgContactUser
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.ReplaceOrgContactUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/contacts/{contactType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"contactType"+"}", url.PathEscape(parameterToString(r.contactType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.orgContactUser == nil {
+		return localVarReturnValue, nil, reportError("orgContactUser is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.orgContactUser
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceOrgSettingsRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	orgSetting *OrgSetting
+	retryCount int32
+}
+
+func (r ApiReplaceOrgSettingsRequest) OrgSetting(orgSetting OrgSetting) ApiReplaceOrgSettingsRequest {
+	r.orgSetting = &orgSetting
+	return r
+}
+
+func (r ApiReplaceOrgSettingsRequest) Execute() (*OrgSetting, *APIResponse, error) {
+	return r.ApiService.ReplaceOrgSettingsExecute(r)
+}
+
+/*
+ReplaceOrgSettings Replace the Org Settings
+
+Replaces the settings of your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiReplaceOrgSettingsRequest
+*/
+func (a *OrgSettingApiService) ReplaceOrgSettings(ctx context.Context) ApiReplaceOrgSettingsRequest {
+	return ApiReplaceOrgSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgSetting
+func (a *OrgSettingApiService) ReplaceOrgSettingsExecute(r ApiReplaceOrgSettingsRequest) (*OrgSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.ReplaceOrgSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.orgSetting == nil {
+		return localVarReturnValue, nil, reportError("orgSetting is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.orgSetting
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRevokeOktaSupportRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiRevokeOktaSupportRequest) Execute() (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	return r.ApiService.RevokeOktaSupportExecute(r)
+}
+
+/*
+RevokeOktaSupport Revoke Okta Support Access
+
+Revokes Okta Support access to your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiRevokeOktaSupportRequest
+*/
+func (a *OrgSettingApiService) RevokeOktaSupport(ctx context.Context) ApiRevokeOktaSupportRequest {
+	return ApiRevokeOktaSupportRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgOktaSupportSettingsObj
+func (a *OrgSettingApiService) RevokeOktaSupportExecute(r ApiRevokeOktaSupportRequest) (*OrgOktaSupportSettingsObj, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgOktaSupportSettingsObj
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.RevokeOktaSupport")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/privacy/oktaSupport/revoke"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateOrgHideOktaUIFooterRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiUpdateOrgHideOktaUIFooterRequest) Execute() (*OrgPreferences, *APIResponse, error) {
+	return r.ApiService.UpdateOrgHideOktaUIFooterExecute(r)
+}
+
+/*
+UpdateOrgHideOktaUIFooter Update the Preference to Hide the Okta Dashboard Footer
+
+Updates the preference hide the Okta UI footer for all end users of your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiUpdateOrgHideOktaUIFooterRequest
+*/
+func (a *OrgSettingApiService) UpdateOrgHideOktaUIFooter(ctx context.Context) ApiUpdateOrgHideOktaUIFooterRequest {
+	return ApiUpdateOrgHideOktaUIFooterRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgPreferences
+func (a *OrgSettingApiService) UpdateOrgHideOktaUIFooterExecute(r ApiUpdateOrgHideOktaUIFooterRequest) (*OrgPreferences, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgPreferences
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.UpdateOrgHideOktaUIFooter")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/preferences/hideEndUserFooter"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateOrgSettingsRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	orgSetting *OrgSetting
+	retryCount int32
+}
+
+func (r ApiUpdateOrgSettingsRequest) OrgSetting(orgSetting OrgSetting) ApiUpdateOrgSettingsRequest {
+	r.orgSetting = &orgSetting
+	return r
+}
+
+func (r ApiUpdateOrgSettingsRequest) Execute() (*OrgSetting, *APIResponse, error) {
+	return r.ApiService.UpdateOrgSettingsExecute(r)
+}
+
+/*
+UpdateOrgSettings Update the Org Settings
+
+Partially updates the org settings depending on provided fields
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiUpdateOrgSettingsRequest
+*/
+func (a *OrgSettingApiService) UpdateOrgSettings(ctx context.Context) ApiUpdateOrgSettingsRequest {
+	return ApiUpdateOrgSettingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgSetting
+func (a *OrgSettingApiService) UpdateOrgSettingsExecute(r ApiUpdateOrgSettingsRequest) (*OrgSetting, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgSetting
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.UpdateOrgSettings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.orgSetting
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateOrgShowOktaUIFooterRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	retryCount int32
+}
+
+func (r ApiUpdateOrgShowOktaUIFooterRequest) Execute() (*OrgPreferences, *APIResponse, error) {
+	return r.ApiService.UpdateOrgShowOktaUIFooterExecute(r)
+}
+
+/*
+UpdateOrgShowOktaUIFooter Update the Preference to Show the Okta Dashboard Footer
+
+Updates the preference to show the Okta UI footer for all end users of your organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiUpdateOrgShowOktaUIFooterRequest
+*/
+func (a *OrgSettingApiService) UpdateOrgShowOktaUIFooter(ctx context.Context) ApiUpdateOrgShowOktaUIFooterRequest {
+	return ApiUpdateOrgShowOktaUIFooterRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OrgPreferences
+func (a *OrgSettingApiService) UpdateOrgShowOktaUIFooterExecute(r ApiUpdateOrgShowOktaUIFooterRequest) (*OrgPreferences, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OrgPreferences
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.UpdateOrgShowOktaUIFooter")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/preferences/showEndUserFooter"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUploadOrgLogoRequest struct {
+	ctx        context.Context
+	ApiService OrgSettingApi
+	file       **os.File
+	retryCount int32
+}
+
+func (r ApiUploadOrgLogoRequest) File(file *os.File) ApiUploadOrgLogoRequest {
+	r.file = &file
+	return r
+}
+
+func (r ApiUploadOrgLogoRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UploadOrgLogoExecute(r)
+}
+
+/*
+UploadOrgLogo Upload the Org Logo
+
+Uploads and replaces the logo for your organization. The file must be in PNG, JPG, or GIF format and less than 100kB in size. For best results use landscape orientation, a transparent background, and a minimum size of 300px by 50px to prevent upscaling.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiUploadOrgLogoRequest
+*/
+func (a *OrgSettingApiService) UploadOrgLogo(ctx context.Context) ApiUploadOrgLogoRequest {
+	return ApiUploadOrgLogoRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *OrgSettingApiService) UploadOrgLogoExecute(r ApiUploadOrgLogoRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OrgSettingApiService.UploadOrgLogo")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/org/logo"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.file == nil {
+		return nil, reportError("file is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"multipart/form-data"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	var fileLocalVarFormFileName string
+	var fileLocalVarFileName string
+	var fileLocalVarFileBytes []byte
+
+	fileLocalVarFormFileName = "file"
+
+	fileLocalVarFile := *r.file
+	if fileLocalVarFile != nil {
+		fbs, _ := ioutil.ReadAll(fileLocalVarFile)
+		fileLocalVarFileBytes = fbs
+		fileLocalVarFileName = fileLocalVarFile.Name()
+		fileLocalVarFile.Close()
+	}
+	formFiles = append(formFiles, formFile{fileBytes: fileLocalVarFileBytes, fileName: fileLocalVarFileName, formFileName: fileLocalVarFormFileName})
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_policy.go b/okta/api_policy.go
new file mode 100644
index 000000000..00b7de5ef
--- /dev/null
+++ b/okta/api_policy.go
@@ -0,0 +1,2812 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type PolicyApi interface {
+	/*
+		ActivatePolicy Activate a Policy
+
+		Activates a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiActivatePolicyRequest
+	*/
+	ActivatePolicy(ctx context.Context, policyId string) ApiActivatePolicyRequest
+
+	// ActivatePolicyExecute executes the request
+	ActivatePolicyExecute(r ApiActivatePolicyRequest) (*APIResponse, error)
+
+	/*
+		ActivatePolicyRule Activate a Policy Rule
+
+		Activates a policy rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param ruleId
+		@return ApiActivatePolicyRuleRequest
+	*/
+	ActivatePolicyRule(ctx context.Context, policyId string, ruleId string) ApiActivatePolicyRuleRequest
+
+	// ActivatePolicyRuleExecute executes the request
+	ActivatePolicyRuleExecute(r ApiActivatePolicyRuleRequest) (*APIResponse, error)
+
+	/*
+		ClonePolicy Clone an existing policy
+
+		Clones an existing policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiClonePolicyRequest
+	*/
+	ClonePolicy(ctx context.Context, policyId string) ApiClonePolicyRequest
+
+	// ClonePolicyExecute executes the request
+	//  @return ListPolicies200ResponseInner
+	ClonePolicyExecute(r ApiClonePolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		CreatePolicy Create a Policy
+
+		Creates a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreatePolicyRequest
+	*/
+	CreatePolicy(ctx context.Context) ApiCreatePolicyRequest
+
+	// CreatePolicyExecute executes the request
+	//  @return ListPolicies200ResponseInner
+	CreatePolicyExecute(r ApiCreatePolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		CreatePolicyRule Create a Policy Rule
+
+		Creates a policy rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiCreatePolicyRuleRequest
+	*/
+	CreatePolicyRule(ctx context.Context, policyId string) ApiCreatePolicyRuleRequest
+
+	// CreatePolicyRuleExecute executes the request
+	//  @return ListPolicyRules200ResponseInner
+	CreatePolicyRuleExecute(r ApiCreatePolicyRuleRequest) (*ListPolicyRules200ResponseInner, *APIResponse, error)
+
+	/*
+		DeactivatePolicy Deactivate a Policy
+
+		Deactivates a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiDeactivatePolicyRequest
+	*/
+	DeactivatePolicy(ctx context.Context, policyId string) ApiDeactivatePolicyRequest
+
+	// DeactivatePolicyExecute executes the request
+	DeactivatePolicyExecute(r ApiDeactivatePolicyRequest) (*APIResponse, error)
+
+	/*
+		DeactivatePolicyRule Deactivate a Policy Rule
+
+		Deactivates a policy rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param ruleId
+		@return ApiDeactivatePolicyRuleRequest
+	*/
+	DeactivatePolicyRule(ctx context.Context, policyId string, ruleId string) ApiDeactivatePolicyRuleRequest
+
+	// DeactivatePolicyRuleExecute executes the request
+	DeactivatePolicyRuleExecute(r ApiDeactivatePolicyRuleRequest) (*APIResponse, error)
+
+	/*
+		DeletePolicy Delete a Policy
+
+		Deletes a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiDeletePolicyRequest
+	*/
+	DeletePolicy(ctx context.Context, policyId string) ApiDeletePolicyRequest
+
+	// DeletePolicyExecute executes the request
+	DeletePolicyExecute(r ApiDeletePolicyRequest) (*APIResponse, error)
+
+	/*
+		DeletePolicyRule Delete a Policy Rule
+
+		Deletes a policy rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param ruleId
+		@return ApiDeletePolicyRuleRequest
+	*/
+	DeletePolicyRule(ctx context.Context, policyId string, ruleId string) ApiDeletePolicyRuleRequest
+
+	// DeletePolicyRuleExecute executes the request
+	DeletePolicyRuleExecute(r ApiDeletePolicyRuleRequest) (*APIResponse, error)
+
+	/*
+		GetPolicy Retrieve a Policy
+
+		Retrieves a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiGetPolicyRequest
+	*/
+	GetPolicy(ctx context.Context, policyId string) ApiGetPolicyRequest
+
+	// GetPolicyExecute executes the request
+	//  @return ListPolicies200ResponseInner
+	GetPolicyExecute(r ApiGetPolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		GetPolicyRule Retrieve a Policy Rule
+
+		Retrieves a policy rule
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param ruleId
+		@return ApiGetPolicyRuleRequest
+	*/
+	GetPolicyRule(ctx context.Context, policyId string, ruleId string) ApiGetPolicyRuleRequest
+
+	// GetPolicyRuleExecute executes the request
+	//  @return ListPolicyRules200ResponseInner
+	GetPolicyRuleExecute(r ApiGetPolicyRuleRequest) (*ListPolicyRules200ResponseInner, *APIResponse, error)
+
+	/*
+		ListPolicies List all Policies
+
+		Lists all policies with the specified type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListPoliciesRequest
+	*/
+	ListPolicies(ctx context.Context) ApiListPoliciesRequest
+
+	// ListPoliciesExecute executes the request
+	//  @return []ListPolicies200ResponseInner
+	ListPoliciesExecute(r ApiListPoliciesRequest) ([]ListPolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		ListPolicyRules List all Policy Rules
+
+		Lists all policy rules
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiListPolicyRulesRequest
+	*/
+	ListPolicyRules(ctx context.Context, policyId string) ApiListPolicyRulesRequest
+
+	// ListPolicyRulesExecute executes the request
+	//  @return []ListPolicyRules200ResponseInner
+	ListPolicyRulesExecute(r ApiListPolicyRulesRequest) ([]ListPolicyRules200ResponseInner, *APIResponse, error)
+
+	/*
+		ReplacePolicy Replace a Policy
+
+		Replaces a policy
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@return ApiReplacePolicyRequest
+	*/
+	ReplacePolicy(ctx context.Context, policyId string) ApiReplacePolicyRequest
+
+	// ReplacePolicyExecute executes the request
+	//  @return ListPolicies200ResponseInner
+	ReplacePolicyExecute(r ApiReplacePolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error)
+
+	/*
+		ReplacePolicyRule Replace a Policy Rule
+
+		Replaces a policy rules
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param policyId
+		@param ruleId
+		@return ApiReplacePolicyRuleRequest
+	*/
+	ReplacePolicyRule(ctx context.Context, policyId string, ruleId string) ApiReplacePolicyRuleRequest
+
+	// ReplacePolicyRuleExecute executes the request
+	//  @return ListPolicyRules200ResponseInner
+	ReplacePolicyRuleExecute(r ApiReplacePolicyRuleRequest) (*ListPolicyRules200ResponseInner, *APIResponse, error)
+}
+
+// PolicyApiService PolicyApi service
+type PolicyApiService service
+
+type ApiActivatePolicyRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	retryCount int32
+}
+
+func (r ApiActivatePolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivatePolicyExecute(r)
+}
+
+/*
+ActivatePolicy Activate a Policy
+
+Activates a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiActivatePolicyRequest
+*/
+func (a *PolicyApiService) ActivatePolicy(ctx context.Context, policyId string) ApiActivatePolicyRequest {
+	return ApiActivatePolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *PolicyApiService) ActivatePolicyExecute(r ApiActivatePolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.ActivatePolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiActivatePolicyRuleRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	ruleId     string
+	retryCount int32
+}
+
+func (r ApiActivatePolicyRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ActivatePolicyRuleExecute(r)
+}
+
+/*
+ActivatePolicyRule Activate a Policy Rule
+
+Activates a policy rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param ruleId
+	@return ApiActivatePolicyRuleRequest
+*/
+func (a *PolicyApiService) ActivatePolicyRule(ctx context.Context, policyId string, ruleId string) ApiActivatePolicyRuleRequest {
+	return ApiActivatePolicyRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *PolicyApiService) ActivatePolicyRuleExecute(r ApiActivatePolicyRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.ActivatePolicyRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiClonePolicyRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	retryCount int32
+}
+
+func (r ApiClonePolicyRequest) Execute() (*ListPolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ClonePolicyExecute(r)
+}
+
+/*
+ClonePolicy Clone an existing policy
+
+Clones an existing policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiClonePolicyRequest
+*/
+func (a *PolicyApiService) ClonePolicy(ctx context.Context, policyId string) ApiClonePolicyRequest {
+	return ApiClonePolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPolicies200ResponseInner
+func (a *PolicyApiService) ClonePolicyExecute(r ApiClonePolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.ClonePolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/clone"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreatePolicyRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policy     *ListPolicies200ResponseInner
+	activate   *bool
+	retryCount int32
+}
+
+func (r ApiCreatePolicyRequest) Policy(policy ListPolicies200ResponseInner) ApiCreatePolicyRequest {
+	r.policy = &policy
+	return r
+}
+
+func (r ApiCreatePolicyRequest) Activate(activate bool) ApiCreatePolicyRequest {
+	r.activate = &activate
+	return r
+}
+
+func (r ApiCreatePolicyRequest) Execute() (*ListPolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.CreatePolicyExecute(r)
+}
+
+/*
+CreatePolicy Create a Policy
+
+Creates a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreatePolicyRequest
+*/
+func (a *PolicyApiService) CreatePolicy(ctx context.Context) ApiCreatePolicyRequest {
+	return ApiCreatePolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPolicies200ResponseInner
+func (a *PolicyApiService) CreatePolicyExecute(r ApiCreatePolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.CreatePolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policy == nil {
+		return localVarReturnValue, nil, reportError("policy is required and must be specified")
+	}
+
+	if r.activate != nil {
+		localVarQueryParams.Add("activate", parameterToString(*r.activate, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policy
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreatePolicyRuleRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	policyRule *ListPolicyRules200ResponseInner
+	retryCount int32
+}
+
+func (r ApiCreatePolicyRuleRequest) PolicyRule(policyRule ListPolicyRules200ResponseInner) ApiCreatePolicyRuleRequest {
+	r.policyRule = &policyRule
+	return r
+}
+
+func (r ApiCreatePolicyRuleRequest) Execute() (*ListPolicyRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.CreatePolicyRuleExecute(r)
+}
+
+/*
+CreatePolicyRule Create a Policy Rule
+
+Creates a policy rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiCreatePolicyRuleRequest
+*/
+func (a *PolicyApiService) CreatePolicyRule(ctx context.Context, policyId string) ApiCreatePolicyRuleRequest {
+	return ApiCreatePolicyRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPolicyRules200ResponseInner
+func (a *PolicyApiService) CreatePolicyRuleExecute(r ApiCreatePolicyRuleRequest) (*ListPolicyRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPolicyRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.CreatePolicyRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/rules"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policyRule == nil {
+		return localVarReturnValue, nil, reportError("policyRule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policyRule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivatePolicyRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	retryCount int32
+}
+
+func (r ApiDeactivatePolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivatePolicyExecute(r)
+}
+
+/*
+DeactivatePolicy Deactivate a Policy
+
+Deactivates a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiDeactivatePolicyRequest
+*/
+func (a *PolicyApiService) DeactivatePolicy(ctx context.Context, policyId string) ApiDeactivatePolicyRequest {
+	return ApiDeactivatePolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *PolicyApiService) DeactivatePolicyExecute(r ApiDeactivatePolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.DeactivatePolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeactivatePolicyRuleRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	ruleId     string
+	retryCount int32
+}
+
+func (r ApiDeactivatePolicyRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivatePolicyRuleExecute(r)
+}
+
+/*
+DeactivatePolicyRule Deactivate a Policy Rule
+
+Deactivates a policy rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param ruleId
+	@return ApiDeactivatePolicyRuleRequest
+*/
+func (a *PolicyApiService) DeactivatePolicyRule(ctx context.Context, policyId string, ruleId string) ApiDeactivatePolicyRuleRequest {
+	return ApiDeactivatePolicyRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *PolicyApiService) DeactivatePolicyRuleExecute(r ApiDeactivatePolicyRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.DeactivatePolicyRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeletePolicyRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	retryCount int32
+}
+
+func (r ApiDeletePolicyRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeletePolicyExecute(r)
+}
+
+/*
+DeletePolicy Delete a Policy
+
+Deletes a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiDeletePolicyRequest
+*/
+func (a *PolicyApiService) DeletePolicy(ctx context.Context, policyId string) ApiDeletePolicyRequest {
+	return ApiDeletePolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *PolicyApiService) DeletePolicyExecute(r ApiDeletePolicyRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.DeletePolicy")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeletePolicyRuleRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	ruleId     string
+	retryCount int32
+}
+
+func (r ApiDeletePolicyRuleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeletePolicyRuleExecute(r)
+}
+
+/*
+DeletePolicyRule Delete a Policy Rule
+
+Deletes a policy rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param ruleId
+	@return ApiDeletePolicyRuleRequest
+*/
+func (a *PolicyApiService) DeletePolicyRule(ctx context.Context, policyId string, ruleId string) ApiDeletePolicyRuleRequest {
+	return ApiDeletePolicyRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *PolicyApiService) DeletePolicyRuleExecute(r ApiDeletePolicyRuleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.DeletePolicyRule")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetPolicyRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetPolicyRequest) Expand(expand string) ApiGetPolicyRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetPolicyRequest) Execute() (*ListPolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetPolicyExecute(r)
+}
+
+/*
+GetPolicy Retrieve a Policy
+
+Retrieves a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiGetPolicyRequest
+*/
+func (a *PolicyApiService) GetPolicy(ctx context.Context, policyId string) ApiGetPolicyRequest {
+	return ApiGetPolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPolicies200ResponseInner
+func (a *PolicyApiService) GetPolicyExecute(r ApiGetPolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.GetPolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetPolicyRuleRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	ruleId     string
+	retryCount int32
+}
+
+func (r ApiGetPolicyRuleRequest) Execute() (*ListPolicyRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetPolicyRuleExecute(r)
+}
+
+/*
+GetPolicyRule Retrieve a Policy Rule
+
+Retrieves a policy rule
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param ruleId
+	@return ApiGetPolicyRuleRequest
+*/
+func (a *PolicyApiService) GetPolicyRule(ctx context.Context, policyId string, ruleId string) ApiGetPolicyRuleRequest {
+	return ApiGetPolicyRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPolicyRules200ResponseInner
+func (a *PolicyApiService) GetPolicyRuleExecute(r ApiGetPolicyRuleRequest) (*ListPolicyRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPolicyRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.GetPolicyRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListPoliciesRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	type_      *string
+	status     *string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiListPoliciesRequest) Type_(type_ string) ApiListPoliciesRequest {
+	r.type_ = &type_
+	return r
+}
+
+func (r ApiListPoliciesRequest) Status(status string) ApiListPoliciesRequest {
+	r.status = &status
+	return r
+}
+
+func (r ApiListPoliciesRequest) Expand(expand string) ApiListPoliciesRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListPoliciesRequest) Execute() ([]ListPolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListPoliciesExecute(r)
+}
+
+/*
+ListPolicies List all Policies
+
+Lists all policies with the specified type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListPoliciesRequest
+*/
+func (a *PolicyApiService) ListPolicies(ctx context.Context) ApiListPoliciesRequest {
+	return ApiListPoliciesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListPolicies200ResponseInner
+func (a *PolicyApiService) ListPoliciesExecute(r ApiListPoliciesRequest) ([]ListPolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListPolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.ListPolicies")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.type_ == nil {
+		return localVarReturnValue, nil, reportError("type_ is required and must be specified")
+	}
+
+	localVarQueryParams.Add("type", parameterToString(*r.type_, ""))
+	if r.status != nil {
+		localVarQueryParams.Add("status", parameterToString(*r.status, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListPolicyRulesRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	retryCount int32
+}
+
+func (r ApiListPolicyRulesRequest) Execute() ([]ListPolicyRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListPolicyRulesExecute(r)
+}
+
+/*
+ListPolicyRules List all Policy Rules
+
+Lists all policy rules
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiListPolicyRulesRequest
+*/
+func (a *PolicyApiService) ListPolicyRules(ctx context.Context, policyId string) ApiListPolicyRulesRequest {
+	return ApiListPolicyRulesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListPolicyRules200ResponseInner
+func (a *PolicyApiService) ListPolicyRulesExecute(r ApiListPolicyRulesRequest) ([]ListPolicyRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListPolicyRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.ListPolicyRules")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/rules"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplacePolicyRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	policy     *ListPolicies200ResponseInner
+	retryCount int32
+}
+
+func (r ApiReplacePolicyRequest) Policy(policy ListPolicies200ResponseInner) ApiReplacePolicyRequest {
+	r.policy = &policy
+	return r
+}
+
+func (r ApiReplacePolicyRequest) Execute() (*ListPolicies200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ReplacePolicyExecute(r)
+}
+
+/*
+ReplacePolicy Replace a Policy
+
+Replaces a policy
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@return ApiReplacePolicyRequest
+*/
+func (a *PolicyApiService) ReplacePolicy(ctx context.Context, policyId string) ApiReplacePolicyRequest {
+	return ApiReplacePolicyRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPolicies200ResponseInner
+func (a *PolicyApiService) ReplacePolicyExecute(r ApiReplacePolicyRequest) (*ListPolicies200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPolicies200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.ReplacePolicy")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policy == nil {
+		return localVarReturnValue, nil, reportError("policy is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policy
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplacePolicyRuleRequest struct {
+	ctx        context.Context
+	ApiService PolicyApi
+	policyId   string
+	ruleId     string
+	policyRule *ListPolicyRules200ResponseInner
+	retryCount int32
+}
+
+func (r ApiReplacePolicyRuleRequest) PolicyRule(policyRule ListPolicyRules200ResponseInner) ApiReplacePolicyRuleRequest {
+	r.policyRule = &policyRule
+	return r
+}
+
+func (r ApiReplacePolicyRuleRequest) Execute() (*ListPolicyRules200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ReplacePolicyRuleExecute(r)
+}
+
+/*
+ReplacePolicyRule Replace a Policy Rule
+
+Replaces a policy rules
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param policyId
+	@param ruleId
+	@return ApiReplacePolicyRuleRequest
+*/
+func (a *PolicyApiService) ReplacePolicyRule(ctx context.Context, policyId string, ruleId string) ApiReplacePolicyRuleRequest {
+	return ApiReplacePolicyRuleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		policyId:   policyId,
+		ruleId:     ruleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPolicyRules200ResponseInner
+func (a *PolicyApiService) ReplacePolicyRuleExecute(r ApiReplacePolicyRuleRequest) (*ListPolicyRules200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPolicyRules200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyApiService.ReplacePolicyRule")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/policies/{policyId}/rules/{ruleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"policyId"+"}", url.PathEscape(parameterToString(r.policyId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"ruleId"+"}", url.PathEscape(parameterToString(r.ruleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.policyRule == nil {
+		return localVarReturnValue, nil, reportError("policyRule is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.policyRule
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_policy_test.go b/okta/api_policy_test.go
new file mode 100644
index 000000000..aed7d1508
--- /dev/null
+++ b/okta/api_policy_test.go
@@ -0,0 +1,208 @@
+package okta
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func setupAccessPolicy(name string) (*ListPolicies200ResponseInner, *APIResponse, error) {
+	configuration := NewConfiguration()
+	configuration.Debug = true
+	proxyClient := NewAPIClient(configuration)
+	req := proxyClient.PolicyApi.CreatePolicy(apiClient.cfg.Context)
+	req = req.Policy(ListPolicies200ResponseInner{AccessPolicy: testFactory.NewValidAccessPolicy(name)})
+	return req.Execute()
+}
+
+func cleanUpPolicy(policyId string) error {
+	_, err := apiClient.PolicyApi.DeactivatePolicy(apiClient.cfg.Context, policyId).Execute()
+	if err != nil {
+		return err
+	}
+	_, err = apiClient.PolicyApi.DeletePolicy(apiClient.cfg.Context, policyId).Execute()
+	if err != nil {
+		return err
+	}
+	return err
+}
+
+func cleanUpPolicyRule(policyId, policyRuleId string) (err error) {
+	_, err = apiClient.PolicyApi.DeactivatePolicyRule(apiClient.cfg.Context, policyId, policyRuleId).Execute()
+	if err != nil {
+		return err
+	}
+	_, err = apiClient.PolicyApi.DeletePolicyRule(apiClient.cfg.Context, policyId, policyRuleId).Execute()
+	if err != nil {
+		return err
+	}
+	return err
+}
+
+func Test_Get_Policy(t *testing.T) {
+	createdPolicy, _, err := setupAccessPolicy(randomTestString())
+	require.NoError(t, err, "Creating a new policy should not error")
+	t.Run("get policy by id", func(t *testing.T) {
+		policy, _, err := apiClient.PolicyApi.GetPolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+		require.NoError(t, err, "Could not get policy by ID")
+		assert.Equal(t, createdPolicy.AccessPolicy.GetId(), policy.AccessPolicy.GetId())
+	})
+	err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
+	require.NoError(t, err, "Clean up policy should not error")
+}
+
+func Test_Get_List_Policies(t *testing.T) {
+	createdPolicy, _, err := setupAccessPolicy(randomTestString())
+	require.NoError(t, err, "Creating a new policy should not error")
+	t.Run("get all policy", func(t *testing.T) {
+		policies, _, err := apiClient.PolicyApi.ListPolicies(apiClient.cfg.Context).Type_("ACCESS_POLICY").Execute()
+		require.NoError(t, err, "Could not get list policy")
+		var createPolicyInList bool
+		for _, p := range policies {
+			if (p.AccessPolicy != nil) && (p.AccessPolicy.GetId() == createdPolicy.AccessPolicy.GetId()) {
+				createPolicyInList = true
+			}
+		}
+		assert.True(t, createPolicyInList, "Could not find policy from list")
+	})
+	err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
+	require.NoError(t, err, "Clean up policy should not error")
+}
+
+func Test_Update_Policies(t *testing.T) {
+	createdPolicy, _, err := setupAccessPolicy(randomTestString())
+	require.NoError(t, err, "Creating a new policy should not error")
+	t.Run("update policy", func(t *testing.T) {
+		newName := randomTestString()
+		payload := testFactory.NewValidAccessPolicy(newName)
+		policy, _, err := apiClient.PolicyApi.ReplacePolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Policy(ListPolicies200ResponseInner{AccessPolicy: payload}).Execute()
+		require.NoError(t, err, "Could not update policy")
+		require.NotNil(t, policy.AccessPolicy)
+		assert.Equal(t, newName, policy.AccessPolicy.GetName())
+	})
+	err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
+	require.NoError(t, err, "Clean up policy should not error")
+}
+
+func Test_Activate_Policy(t *testing.T) {
+	createdPolicy, _, err := setupAccessPolicy(randomTestString())
+	require.NoError(t, err, "Creating a new policy should not error")
+	t.Run("deactivate policy", func(t *testing.T) {
+		_, err = apiClient.PolicyApi.DeactivatePolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+		require.NoError(t, err, "Could not deactivate the policy")
+		policy, _, err := apiClient.PolicyApi.GetPolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+		require.NoError(t, err, "Could not get policy by ID")
+		assert.Equal(t, createdPolicy.AccessPolicy.GetId(), policy.AccessPolicy.GetId())
+		assert.Equal(t, LIFECYCLESTATUS_INACTIVE, policy.AccessPolicy.GetStatus())
+	})
+	t.Run("activate policy", func(t *testing.T) {
+		_, err = apiClient.PolicyApi.ActivatePolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+		require.NoError(t, err, "Could not activate the policy")
+		policy, _, err := apiClient.PolicyApi.GetPolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+		require.NoError(t, err, "Could not get policy by ID")
+		assert.Equal(t, createdPolicy.AccessPolicy.GetId(), policy.AccessPolicy.GetId())
+		assert.Equal(t, LIFECYCLESTATUS_ACTIVE, policy.AccessPolicy.GetStatus())
+	})
+	err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
+	require.NoError(t, err, "Clean up policy should not error")
+}
+
+// ACCESS/AUTHENTICATION POLICY ONLY
+func Test_Clone_Policy(t *testing.T) {
+	createdPolicy, _, err := setupAccessPolicy(randomTestString())
+	require.NoError(t, err, "Creating a new policy should not error")
+	var policyID string
+	t.Run("clone policy", func(t *testing.T) {
+		policy, _, err := apiClient.PolicyApi.ClonePolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+		require.NoError(t, err, "Could not get policy by ID")
+		policyID = policy.AccessPolicy.GetId()
+		assert.NotEqual(t, createdPolicy.AccessPolicy.GetId(), policy.AccessPolicy.GetId())
+		assert.Equal(t, fmt.Sprintf("[cloned] %v", createdPolicy.AccessPolicy.GetName()), policy.AccessPolicy.GetName())
+		assert.Equal(t, createdPolicy.AccessPolicy.GetDescription(), policy.AccessPolicy.GetDescription())
+		assert.Equal(t, createdPolicy.AccessPolicy.GetPriority(), policy.AccessPolicy.GetPriority())
+	})
+	err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
+	require.NoError(t, err, "Clean up policy should not error")
+	err = cleanUpPolicy(policyID)
+	require.NoError(t, err, "Clean up policy should not error")
+}
+
+func Test_Policy_Rules_Operation(t *testing.T) {
+	createdPolicy, _, err := setupAccessPolicy(randomTestString())
+	require.NoError(t, err, "Creating a new policy should not error")
+	configuration := NewConfiguration()
+	configuration.Debug = true
+	proxyClient := NewAPIClient(configuration)
+	accessPolicyRule := &AccessPolicyRule{}
+	accessPolicyRule.SetType(POLICYRULETYPE_ACCESS_POLICY)
+	name := randomTestString()
+	accessPolicyRule.SetName(name)
+	payload := ListPolicyRules200ResponseInner{AccessPolicyRule: accessPolicyRule}
+	createdPolicyRule, _, err := proxyClient.PolicyApi.CreatePolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).PolicyRule(payload).Execute()
+	require.NoError(t, err, "Creating a new policy rule should not error")
+	t.Run("get policy rule by id", func(t *testing.T) {
+		rpolicyRule, _, err := apiClient.PolicyApi.GetPolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).Execute()
+		require.NoError(t, err, "Could not get policy rule by ID")
+		assert.Equal(t, name, rpolicyRule.AccessPolicyRule.GetName())
+	})
+	t.Run("list policy rule", func(t *testing.T) {
+		rpolicyRules, _, err := apiClient.PolicyApi.ListPolicyRules(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+		require.NoError(t, err, "Could not listing policy rule by ID")
+		found := false
+		for _, pr := range rpolicyRules {
+			if pr.AccessPolicyRule.GetId() == createdPolicyRule.AccessPolicyRule.GetId() {
+				found = true
+			}
+		}
+		assert.True(t, found, "Found policy rule in list")
+	})
+	t.Run("update policy rule", func(t *testing.T) {
+		newName := randomTestString()
+		createdPolicyRule.AccessPolicyRule.SetName(newName)
+		rpolicyRule, _, err := apiClient.PolicyApi.ReplacePolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).PolicyRule(*createdPolicyRule).Execute()
+		require.NoError(t, err, "Could not update policy rule")
+		assert.NotEqual(t, name, rpolicyRule.AccessPolicyRule.GetName())
+		assert.Equal(t, newName, rpolicyRule.AccessPolicyRule.GetName())
+	})
+	t.Run("deactivate policy rule", func(t *testing.T) {
+		_, err = apiClient.PolicyApi.DeactivatePolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).Execute()
+		require.NoError(t, err, "Could not deactivate policy rule")
+		rpolicyRule, _, err := apiClient.PolicyApi.GetPolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).Execute()
+		require.NoError(t, err, "Could not get policy rule by ID")
+		assert.Equal(t, LIFECYCLESTATUS_INACTIVE, rpolicyRule.AccessPolicyRule.GetStatus())
+	})
+
+	t.Run("activate policy rule", func(t *testing.T) {
+		_, err = apiClient.PolicyApi.ActivatePolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).Execute()
+		require.NoError(t, err, "Could not activate policy rule")
+		rpolicyRule, _, err := apiClient.PolicyApi.GetPolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).Execute()
+		require.NoError(t, err, "Could not get policy rule by ID")
+		assert.Equal(t, LIFECYCLESTATUS_ACTIVE, rpolicyRule.AccessPolicyRule.GetStatus())
+	})
+	err = cleanUpPolicyRule(createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId())
+	require.NoError(t, err, "Clean up policy rule should not error")
+	err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
+	require.NoError(t, err, "Clean up policy should not error")
+}
+
+// TODU
+// func Test_Policy_Mapping_Operations(t *testing.T) {
+// 	createdPolicy, _, err := setupAccessPolicy(randomTestString())
+// 	require.NoError(t, err, "Creating a new policy should not error")
+// 	createdApp, _, err := setupBasicAuthApplication(randomTestString())
+// 	require.NoError(t, err, "Creating a new application should not error")
+// 	t.Run("assign app to policy", func(t *testing.T) {
+// 		_, err = apiClient.ApplicationApi.UpdateApplicationPolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+// 		require.NoError(t, err, "Could not deactivate the policy")
+// 		policy, _, err := apiClient.PolicyApi.ClonePolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
+// 		require.NoError(t, err, "Could not get policy by ID")
+// 		assert.Equal(t, createdPolicy.AccessPolicy.GetId(), policy.AccessPolicy.GetId())
+// 		assert.Equal(t, "INACTIVE", policy.AccessPolicy.GetStatus())
+// 	})
+// 	err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
+// 	require.NoError(t, err, "Clean up policy should not error")
+// 	err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
+// 	require.NoError(t, err, "Clean up app should not error")
+// }
diff --git a/okta/api_principal_rate_limit.go b/okta/api_principal_rate_limit.go
new file mode 100644
index 000000000..bccdb2546
--- /dev/null
+++ b/okta/api_principal_rate_limit.go
@@ -0,0 +1,827 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type PrincipalRateLimitApi interface {
+	/*
+		CreatePrincipalRateLimitEntity Create a Principal Rate Limit
+
+		Creates a new Principal Rate Limit entity. In the current release, we only allow one Principal Rate Limit entity per org and principal.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreatePrincipalRateLimitEntityRequest
+	*/
+	CreatePrincipalRateLimitEntity(ctx context.Context) ApiCreatePrincipalRateLimitEntityRequest
+
+	// CreatePrincipalRateLimitEntityExecute executes the request
+	//  @return PrincipalRateLimitEntity
+	CreatePrincipalRateLimitEntityExecute(r ApiCreatePrincipalRateLimitEntityRequest) (*PrincipalRateLimitEntity, *APIResponse, error)
+
+	/*
+		GetPrincipalRateLimitEntity Retrieve a Principal Rate Limit
+
+		Retrieves a Principal Rate Limit entity by `principalRateLimitId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param principalRateLimitId id of the Principal Rate Limit
+		@return ApiGetPrincipalRateLimitEntityRequest
+	*/
+	GetPrincipalRateLimitEntity(ctx context.Context, principalRateLimitId string) ApiGetPrincipalRateLimitEntityRequest
+
+	// GetPrincipalRateLimitEntityExecute executes the request
+	//  @return PrincipalRateLimitEntity
+	GetPrincipalRateLimitEntityExecute(r ApiGetPrincipalRateLimitEntityRequest) (*PrincipalRateLimitEntity, *APIResponse, error)
+
+	/*
+		ListPrincipalRateLimitEntities List all Principal Rate Limits
+
+		Lists all Principal Rate Limit entities considering the provided parameters
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListPrincipalRateLimitEntitiesRequest
+	*/
+	ListPrincipalRateLimitEntities(ctx context.Context) ApiListPrincipalRateLimitEntitiesRequest
+
+	// ListPrincipalRateLimitEntitiesExecute executes the request
+	//  @return []PrincipalRateLimitEntity
+	ListPrincipalRateLimitEntitiesExecute(r ApiListPrincipalRateLimitEntitiesRequest) ([]PrincipalRateLimitEntity, *APIResponse, error)
+
+	/*
+		ReplacePrincipalRateLimitEntity Replace a Principal Rate Limit
+
+		Replaces a principal rate limit entity by `principalRateLimitId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param principalRateLimitId id of the Principal Rate Limit
+		@return ApiReplacePrincipalRateLimitEntityRequest
+	*/
+	ReplacePrincipalRateLimitEntity(ctx context.Context, principalRateLimitId string) ApiReplacePrincipalRateLimitEntityRequest
+
+	// ReplacePrincipalRateLimitEntityExecute executes the request
+	//  @return PrincipalRateLimitEntity
+	ReplacePrincipalRateLimitEntityExecute(r ApiReplacePrincipalRateLimitEntityRequest) (*PrincipalRateLimitEntity, *APIResponse, error)
+}
+
+// PrincipalRateLimitApiService PrincipalRateLimitApi service
+type PrincipalRateLimitApiService service
+
+type ApiCreatePrincipalRateLimitEntityRequest struct {
+	ctx        context.Context
+	ApiService PrincipalRateLimitApi
+	entity     *PrincipalRateLimitEntity
+	retryCount int32
+}
+
+func (r ApiCreatePrincipalRateLimitEntityRequest) Entity(entity PrincipalRateLimitEntity) ApiCreatePrincipalRateLimitEntityRequest {
+	r.entity = &entity
+	return r
+}
+
+func (r ApiCreatePrincipalRateLimitEntityRequest) Execute() (*PrincipalRateLimitEntity, *APIResponse, error) {
+	return r.ApiService.CreatePrincipalRateLimitEntityExecute(r)
+}
+
+/*
+CreatePrincipalRateLimitEntity Create a Principal Rate Limit
+
+Creates a new Principal Rate Limit entity. In the current release, we only allow one Principal Rate Limit entity per org and principal.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreatePrincipalRateLimitEntityRequest
+*/
+func (a *PrincipalRateLimitApiService) CreatePrincipalRateLimitEntity(ctx context.Context) ApiCreatePrincipalRateLimitEntityRequest {
+	return ApiCreatePrincipalRateLimitEntityRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return PrincipalRateLimitEntity
+func (a *PrincipalRateLimitApiService) CreatePrincipalRateLimitEntityExecute(r ApiCreatePrincipalRateLimitEntityRequest) (*PrincipalRateLimitEntity, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *PrincipalRateLimitEntity
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PrincipalRateLimitApiService.CreatePrincipalRateLimitEntity")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/principal-rate-limits"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.entity == nil {
+		return localVarReturnValue, nil, reportError("entity is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.entity
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetPrincipalRateLimitEntityRequest struct {
+	ctx                  context.Context
+	ApiService           PrincipalRateLimitApi
+	principalRateLimitId string
+	retryCount           int32
+}
+
+func (r ApiGetPrincipalRateLimitEntityRequest) Execute() (*PrincipalRateLimitEntity, *APIResponse, error) {
+	return r.ApiService.GetPrincipalRateLimitEntityExecute(r)
+}
+
+/*
+GetPrincipalRateLimitEntity Retrieve a Principal Rate Limit
+
+Retrieves a Principal Rate Limit entity by `principalRateLimitId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param principalRateLimitId id of the Principal Rate Limit
+	@return ApiGetPrincipalRateLimitEntityRequest
+*/
+func (a *PrincipalRateLimitApiService) GetPrincipalRateLimitEntity(ctx context.Context, principalRateLimitId string) ApiGetPrincipalRateLimitEntityRequest {
+	return ApiGetPrincipalRateLimitEntityRequest{
+		ApiService:           a,
+		ctx:                  ctx,
+		principalRateLimitId: principalRateLimitId,
+		retryCount:           0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return PrincipalRateLimitEntity
+func (a *PrincipalRateLimitApiService) GetPrincipalRateLimitEntityExecute(r ApiGetPrincipalRateLimitEntityRequest) (*PrincipalRateLimitEntity, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *PrincipalRateLimitEntity
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PrincipalRateLimitApiService.GetPrincipalRateLimitEntity")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/principal-rate-limits/{principalRateLimitId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"principalRateLimitId"+"}", url.PathEscape(parameterToString(r.principalRateLimitId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListPrincipalRateLimitEntitiesRequest struct {
+	ctx        context.Context
+	ApiService PrincipalRateLimitApi
+	filter     *string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListPrincipalRateLimitEntitiesRequest) Filter(filter string) ApiListPrincipalRateLimitEntitiesRequest {
+	r.filter = &filter
+	return r
+}
+
+func (r ApiListPrincipalRateLimitEntitiesRequest) After(after string) ApiListPrincipalRateLimitEntitiesRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListPrincipalRateLimitEntitiesRequest) Limit(limit int32) ApiListPrincipalRateLimitEntitiesRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListPrincipalRateLimitEntitiesRequest) Execute() ([]PrincipalRateLimitEntity, *APIResponse, error) {
+	return r.ApiService.ListPrincipalRateLimitEntitiesExecute(r)
+}
+
+/*
+ListPrincipalRateLimitEntities List all Principal Rate Limits
+
+Lists all Principal Rate Limit entities considering the provided parameters
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListPrincipalRateLimitEntitiesRequest
+*/
+func (a *PrincipalRateLimitApiService) ListPrincipalRateLimitEntities(ctx context.Context) ApiListPrincipalRateLimitEntitiesRequest {
+	return ApiListPrincipalRateLimitEntitiesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []PrincipalRateLimitEntity
+func (a *PrincipalRateLimitApiService) ListPrincipalRateLimitEntitiesExecute(r ApiListPrincipalRateLimitEntitiesRequest) ([]PrincipalRateLimitEntity, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []PrincipalRateLimitEntity
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PrincipalRateLimitApiService.ListPrincipalRateLimitEntities")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/principal-rate-limits"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplacePrincipalRateLimitEntityRequest struct {
+	ctx                  context.Context
+	ApiService           PrincipalRateLimitApi
+	principalRateLimitId string
+	entity               *PrincipalRateLimitEntity
+	retryCount           int32
+}
+
+func (r ApiReplacePrincipalRateLimitEntityRequest) Entity(entity PrincipalRateLimitEntity) ApiReplacePrincipalRateLimitEntityRequest {
+	r.entity = &entity
+	return r
+}
+
+func (r ApiReplacePrincipalRateLimitEntityRequest) Execute() (*PrincipalRateLimitEntity, *APIResponse, error) {
+	return r.ApiService.ReplacePrincipalRateLimitEntityExecute(r)
+}
+
+/*
+ReplacePrincipalRateLimitEntity Replace a Principal Rate Limit
+
+Replaces a principal rate limit entity by `principalRateLimitId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param principalRateLimitId id of the Principal Rate Limit
+	@return ApiReplacePrincipalRateLimitEntityRequest
+*/
+func (a *PrincipalRateLimitApiService) ReplacePrincipalRateLimitEntity(ctx context.Context, principalRateLimitId string) ApiReplacePrincipalRateLimitEntityRequest {
+	return ApiReplacePrincipalRateLimitEntityRequest{
+		ApiService:           a,
+		ctx:                  ctx,
+		principalRateLimitId: principalRateLimitId,
+		retryCount:           0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return PrincipalRateLimitEntity
+func (a *PrincipalRateLimitApiService) ReplacePrincipalRateLimitEntityExecute(r ApiReplacePrincipalRateLimitEntityRequest) (*PrincipalRateLimitEntity, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *PrincipalRateLimitEntity
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PrincipalRateLimitApiService.ReplacePrincipalRateLimitEntity")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/principal-rate-limits/{principalRateLimitId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"principalRateLimitId"+"}", url.PathEscape(parameterToString(r.principalRateLimitId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.entity == nil {
+		return localVarReturnValue, nil, reportError("entity is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.entity
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_profile_mapping.go b/okta/api_profile_mapping.go
new file mode 100644
index 000000000..b02dd6d2c
--- /dev/null
+++ b/okta/api_profile_mapping.go
@@ -0,0 +1,625 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type ProfileMappingApi interface {
+	/*
+		GetProfileMapping Retrieve a Profile Mapping
+
+		Retrieves a single Profile Mapping referenced by its ID
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param mappingId
+		@return ApiGetProfileMappingRequest
+	*/
+	GetProfileMapping(ctx context.Context, mappingId string) ApiGetProfileMappingRequest
+
+	// GetProfileMappingExecute executes the request
+	//  @return ProfileMapping
+	GetProfileMappingExecute(r ApiGetProfileMappingRequest) (*ProfileMapping, *APIResponse, error)
+
+	/*
+		ListProfileMappings List all Profile Mappings
+
+		Lists all profile mappings with pagination
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListProfileMappingsRequest
+	*/
+	ListProfileMappings(ctx context.Context) ApiListProfileMappingsRequest
+
+	// ListProfileMappingsExecute executes the request
+	//  @return []ProfileMapping
+	ListProfileMappingsExecute(r ApiListProfileMappingsRequest) ([]ProfileMapping, *APIResponse, error)
+
+	/*
+		UpdateProfileMapping Update a Profile Mapping
+
+		Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param mappingId
+		@return ApiUpdateProfileMappingRequest
+	*/
+	UpdateProfileMapping(ctx context.Context, mappingId string) ApiUpdateProfileMappingRequest
+
+	// UpdateProfileMappingExecute executes the request
+	//  @return ProfileMapping
+	UpdateProfileMappingExecute(r ApiUpdateProfileMappingRequest) (*ProfileMapping, *APIResponse, error)
+}
+
+// ProfileMappingApiService ProfileMappingApi service
+type ProfileMappingApiService service
+
+type ApiGetProfileMappingRequest struct {
+	ctx        context.Context
+	ApiService ProfileMappingApi
+	mappingId  string
+	retryCount int32
+}
+
+func (r ApiGetProfileMappingRequest) Execute() (*ProfileMapping, *APIResponse, error) {
+	return r.ApiService.GetProfileMappingExecute(r)
+}
+
+/*
+GetProfileMapping Retrieve a Profile Mapping
+
+Retrieves a single Profile Mapping referenced by its ID
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param mappingId
+	@return ApiGetProfileMappingRequest
+*/
+func (a *ProfileMappingApiService) GetProfileMapping(ctx context.Context, mappingId string) ApiGetProfileMappingRequest {
+	return ApiGetProfileMappingRequest{
+		ApiService: a,
+		ctx:        ctx,
+		mappingId:  mappingId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ProfileMapping
+func (a *ProfileMappingApiService) GetProfileMappingExecute(r ApiGetProfileMappingRequest) (*ProfileMapping, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ProfileMapping
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ProfileMappingApiService.GetProfileMapping")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/mappings/{mappingId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"mappingId"+"}", url.PathEscape(parameterToString(r.mappingId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListProfileMappingsRequest struct {
+	ctx        context.Context
+	ApiService ProfileMappingApi
+	after      *string
+	limit      *int32
+	sourceId   *string
+	targetId   *string
+	retryCount int32
+}
+
+func (r ApiListProfileMappingsRequest) After(after string) ApiListProfileMappingsRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListProfileMappingsRequest) Limit(limit int32) ApiListProfileMappingsRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListProfileMappingsRequest) SourceId(sourceId string) ApiListProfileMappingsRequest {
+	r.sourceId = &sourceId
+	return r
+}
+
+func (r ApiListProfileMappingsRequest) TargetId(targetId string) ApiListProfileMappingsRequest {
+	r.targetId = &targetId
+	return r
+}
+
+func (r ApiListProfileMappingsRequest) Execute() ([]ProfileMapping, *APIResponse, error) {
+	return r.ApiService.ListProfileMappingsExecute(r)
+}
+
+/*
+ListProfileMappings List all Profile Mappings
+
+Lists all profile mappings with pagination
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListProfileMappingsRequest
+*/
+func (a *ProfileMappingApiService) ListProfileMappings(ctx context.Context) ApiListProfileMappingsRequest {
+	return ApiListProfileMappingsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ProfileMapping
+func (a *ProfileMappingApiService) ListProfileMappingsExecute(r ApiListProfileMappingsRequest) ([]ProfileMapping, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ProfileMapping
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ProfileMappingApiService.ListProfileMappings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/mappings"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.sourceId != nil {
+		localVarQueryParams.Add("sourceId", parameterToString(*r.sourceId, ""))
+	}
+	if r.targetId != nil {
+		localVarQueryParams.Add("targetId", parameterToString(*r.targetId, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateProfileMappingRequest struct {
+	ctx            context.Context
+	ApiService     ProfileMappingApi
+	mappingId      string
+	profileMapping *ProfileMapping
+	retryCount     int32
+}
+
+func (r ApiUpdateProfileMappingRequest) ProfileMapping(profileMapping ProfileMapping) ApiUpdateProfileMappingRequest {
+	r.profileMapping = &profileMapping
+	return r
+}
+
+func (r ApiUpdateProfileMappingRequest) Execute() (*ProfileMapping, *APIResponse, error) {
+	return r.ApiService.UpdateProfileMappingExecute(r)
+}
+
+/*
+UpdateProfileMapping Update a Profile Mapping
+
+Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param mappingId
+	@return ApiUpdateProfileMappingRequest
+*/
+func (a *ProfileMappingApiService) UpdateProfileMapping(ctx context.Context, mappingId string) ApiUpdateProfileMappingRequest {
+	return ApiUpdateProfileMappingRequest{
+		ApiService: a,
+		ctx:        ctx,
+		mappingId:  mappingId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ProfileMapping
+func (a *ProfileMappingApiService) UpdateProfileMappingExecute(r ApiUpdateProfileMappingRequest) (*ProfileMapping, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ProfileMapping
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ProfileMappingApiService.UpdateProfileMapping")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/mappings/{mappingId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"mappingId"+"}", url.PathEscape(parameterToString(r.mappingId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.profileMapping == nil {
+		return localVarReturnValue, nil, reportError("profileMapping is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.profileMapping
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_push_provider.go b/okta/api_push_provider.go
new file mode 100644
index 000000000..2e7798b90
--- /dev/null
+++ b/okta/api_push_provider.go
@@ -0,0 +1,965 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type PushProviderApi interface {
+	/*
+		CreatePushProvider Create a Push Provider
+
+		Creates a new push provider
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreatePushProviderRequest
+	*/
+	CreatePushProvider(ctx context.Context) ApiCreatePushProviderRequest
+
+	// CreatePushProviderExecute executes the request
+	//  @return ListPushProviders200ResponseInner
+	CreatePushProviderExecute(r ApiCreatePushProviderRequest) (*ListPushProviders200ResponseInner, *APIResponse, error)
+
+	/*
+		DeletePushProvider Delete a Push Provider
+
+		Deletes a push provider by `pushProviderId`. If the push provider is currently being used in the org by a custom authenticator, the delete will not be allowed.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param pushProviderId Id of the push provider
+		@return ApiDeletePushProviderRequest
+	*/
+	DeletePushProvider(ctx context.Context, pushProviderId string) ApiDeletePushProviderRequest
+
+	// DeletePushProviderExecute executes the request
+	DeletePushProviderExecute(r ApiDeletePushProviderRequest) (*APIResponse, error)
+
+	/*
+		GetPushProvider Retrieve a Push Provider
+
+		Retrieves a push provider by `pushProviderId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param pushProviderId Id of the push provider
+		@return ApiGetPushProviderRequest
+	*/
+	GetPushProvider(ctx context.Context, pushProviderId string) ApiGetPushProviderRequest
+
+	// GetPushProviderExecute executes the request
+	//  @return ListPushProviders200ResponseInner
+	GetPushProviderExecute(r ApiGetPushProviderRequest) (*ListPushProviders200ResponseInner, *APIResponse, error)
+
+	/*
+		ListPushProviders List all Push Providers
+
+		Lists all push providers
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListPushProvidersRequest
+	*/
+	ListPushProviders(ctx context.Context) ApiListPushProvidersRequest
+
+	// ListPushProvidersExecute executes the request
+	//  @return []ListPushProviders200ResponseInner
+	ListPushProvidersExecute(r ApiListPushProvidersRequest) ([]ListPushProviders200ResponseInner, *APIResponse, error)
+
+	/*
+		ReplacePushProvider Replace a Push Provider
+
+		Replaces a push provider by `pushProviderId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param pushProviderId Id of the push provider
+		@return ApiReplacePushProviderRequest
+	*/
+	ReplacePushProvider(ctx context.Context, pushProviderId string) ApiReplacePushProviderRequest
+
+	// ReplacePushProviderExecute executes the request
+	//  @return ListPushProviders200ResponseInner
+	ReplacePushProviderExecute(r ApiReplacePushProviderRequest) (*ListPushProviders200ResponseInner, *APIResponse, error)
+}
+
+// PushProviderApiService PushProviderApi service
+type PushProviderApiService service
+
+type ApiCreatePushProviderRequest struct {
+	ctx          context.Context
+	ApiService   PushProviderApi
+	pushProvider *ListPushProviders200ResponseInner
+	retryCount   int32
+}
+
+func (r ApiCreatePushProviderRequest) PushProvider(pushProvider ListPushProviders200ResponseInner) ApiCreatePushProviderRequest {
+	r.pushProvider = &pushProvider
+	return r
+}
+
+func (r ApiCreatePushProviderRequest) Execute() (*ListPushProviders200ResponseInner, *APIResponse, error) {
+	return r.ApiService.CreatePushProviderExecute(r)
+}
+
+/*
+CreatePushProvider Create a Push Provider
+
+Creates a new push provider
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreatePushProviderRequest
+*/
+func (a *PushProviderApiService) CreatePushProvider(ctx context.Context) ApiCreatePushProviderRequest {
+	return ApiCreatePushProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPushProviders200ResponseInner
+func (a *PushProviderApiService) CreatePushProviderExecute(r ApiCreatePushProviderRequest) (*ListPushProviders200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPushProviders200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PushProviderApiService.CreatePushProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/push-providers"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.pushProvider == nil {
+		return localVarReturnValue, nil, reportError("pushProvider is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.pushProvider
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeletePushProviderRequest struct {
+	ctx            context.Context
+	ApiService     PushProviderApi
+	pushProviderId string
+	retryCount     int32
+}
+
+func (r ApiDeletePushProviderRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeletePushProviderExecute(r)
+}
+
+/*
+DeletePushProvider Delete a Push Provider
+
+Deletes a push provider by `pushProviderId`. If the push provider is currently being used in the org by a custom authenticator, the delete will not be allowed.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param pushProviderId Id of the push provider
+	@return ApiDeletePushProviderRequest
+*/
+func (a *PushProviderApiService) DeletePushProvider(ctx context.Context, pushProviderId string) ApiDeletePushProviderRequest {
+	return ApiDeletePushProviderRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		pushProviderId: pushProviderId,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+func (a *PushProviderApiService) DeletePushProviderExecute(r ApiDeletePushProviderRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PushProviderApiService.DeletePushProvider")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/push-providers/{pushProviderId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"pushProviderId"+"}", url.PathEscape(parameterToString(r.pushProviderId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetPushProviderRequest struct {
+	ctx            context.Context
+	ApiService     PushProviderApi
+	pushProviderId string
+	retryCount     int32
+}
+
+func (r ApiGetPushProviderRequest) Execute() (*ListPushProviders200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetPushProviderExecute(r)
+}
+
+/*
+GetPushProvider Retrieve a Push Provider
+
+Retrieves a push provider by `pushProviderId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param pushProviderId Id of the push provider
+	@return ApiGetPushProviderRequest
+*/
+func (a *PushProviderApiService) GetPushProvider(ctx context.Context, pushProviderId string) ApiGetPushProviderRequest {
+	return ApiGetPushProviderRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		pushProviderId: pushProviderId,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPushProviders200ResponseInner
+func (a *PushProviderApiService) GetPushProviderExecute(r ApiGetPushProviderRequest) (*ListPushProviders200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPushProviders200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PushProviderApiService.GetPushProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/push-providers/{pushProviderId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"pushProviderId"+"}", url.PathEscape(parameterToString(r.pushProviderId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListPushProvidersRequest struct {
+	ctx        context.Context
+	ApiService PushProviderApi
+	type_      *ProviderType
+	retryCount int32
+}
+
+// Filters push providers by &#x60;providerType&#x60;
+func (r ApiListPushProvidersRequest) Type_(type_ ProviderType) ApiListPushProvidersRequest {
+	r.type_ = &type_
+	return r
+}
+
+func (r ApiListPushProvidersRequest) Execute() ([]ListPushProviders200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListPushProvidersExecute(r)
+}
+
+/*
+ListPushProviders List all Push Providers
+
+Lists all push providers
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListPushProvidersRequest
+*/
+func (a *PushProviderApiService) ListPushProviders(ctx context.Context) ApiListPushProvidersRequest {
+	return ApiListPushProvidersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListPushProviders200ResponseInner
+func (a *PushProviderApiService) ListPushProvidersExecute(r ApiListPushProvidersRequest) ([]ListPushProviders200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListPushProviders200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PushProviderApiService.ListPushProviders")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/push-providers"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.type_ != nil {
+		localVarQueryParams.Add("type", parameterToString(*r.type_, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplacePushProviderRequest struct {
+	ctx            context.Context
+	ApiService     PushProviderApi
+	pushProviderId string
+	pushProvider   *ListPushProviders200ResponseInner
+	retryCount     int32
+}
+
+func (r ApiReplacePushProviderRequest) PushProvider(pushProvider ListPushProviders200ResponseInner) ApiReplacePushProviderRequest {
+	r.pushProvider = &pushProvider
+	return r
+}
+
+func (r ApiReplacePushProviderRequest) Execute() (*ListPushProviders200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ReplacePushProviderExecute(r)
+}
+
+/*
+ReplacePushProvider Replace a Push Provider
+
+Replaces a push provider by `pushProviderId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param pushProviderId Id of the push provider
+	@return ApiReplacePushProviderRequest
+*/
+func (a *PushProviderApiService) ReplacePushProvider(ctx context.Context, pushProviderId string) ApiReplacePushProviderRequest {
+	return ApiReplacePushProviderRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		pushProviderId: pushProviderId,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListPushProviders200ResponseInner
+func (a *PushProviderApiService) ReplacePushProviderExecute(r ApiReplacePushProviderRequest) (*ListPushProviders200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListPushProviders200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PushProviderApiService.ReplacePushProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/push-providers/{pushProviderId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"pushProviderId"+"}", url.PathEscape(parameterToString(r.pushProviderId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.pushProvider == nil {
+		return localVarReturnValue, nil, reportError("pushProvider is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.pushProvider
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_rate_limit_settings.go b/okta/api_rate_limit_settings.go
new file mode 100644
index 000000000..c1545f4c1
--- /dev/null
+++ b/okta/api_rate_limit_settings.go
@@ -0,0 +1,741 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type RateLimitSettingsApi interface {
+	/*
+		GetRateLimitSettingsAdminNotifications Retrieve the Rate Limit Admin Notification Settings
+
+		Retrieves the currently configured Rate Limit Admin Notification Settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetRateLimitSettingsAdminNotificationsRequest
+	*/
+	GetRateLimitSettingsAdminNotifications(ctx context.Context) ApiGetRateLimitSettingsAdminNotificationsRequest
+
+	// GetRateLimitSettingsAdminNotificationsExecute executes the request
+	//  @return RateLimitAdminNotifications
+	GetRateLimitSettingsAdminNotificationsExecute(r ApiGetRateLimitSettingsAdminNotificationsRequest) (*RateLimitAdminNotifications, *APIResponse, error)
+
+	/*
+		GetRateLimitSettingsPerClient Retrieve the Per-Client Rate Limit Settings
+
+		Retrieves the currently configured Per-Client Rate Limit Settings
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetRateLimitSettingsPerClientRequest
+	*/
+	GetRateLimitSettingsPerClient(ctx context.Context) ApiGetRateLimitSettingsPerClientRequest
+
+	// GetRateLimitSettingsPerClientExecute executes the request
+	//  @return PerClientRateLimitSettings
+	GetRateLimitSettingsPerClientExecute(r ApiGetRateLimitSettingsPerClientRequest) (*PerClientRateLimitSettings, *APIResponse, error)
+
+	/*
+		ReplaceRateLimitSettingsAdminNotifications Replace the Rate Limit Admin Notification Settings
+
+		Replaces the Rate Limit Admin Notification Settings and returns the configured properties
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiReplaceRateLimitSettingsAdminNotificationsRequest
+	*/
+	ReplaceRateLimitSettingsAdminNotifications(ctx context.Context) ApiReplaceRateLimitSettingsAdminNotificationsRequest
+
+	// ReplaceRateLimitSettingsAdminNotificationsExecute executes the request
+	//  @return RateLimitAdminNotifications
+	ReplaceRateLimitSettingsAdminNotificationsExecute(r ApiReplaceRateLimitSettingsAdminNotificationsRequest) (*RateLimitAdminNotifications, *APIResponse, error)
+
+	/*
+		ReplaceRateLimitSettingsPerClient Replace the Per-Client Rate Limit Settings
+
+		Replaces the Per-Client Rate Limit Settings and returns the configured properties
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiReplaceRateLimitSettingsPerClientRequest
+	*/
+	ReplaceRateLimitSettingsPerClient(ctx context.Context) ApiReplaceRateLimitSettingsPerClientRequest
+
+	// ReplaceRateLimitSettingsPerClientExecute executes the request
+	//  @return PerClientRateLimitSettings
+	ReplaceRateLimitSettingsPerClientExecute(r ApiReplaceRateLimitSettingsPerClientRequest) (*PerClientRateLimitSettings, *APIResponse, error)
+}
+
+// RateLimitSettingsApiService RateLimitSettingsApi service
+type RateLimitSettingsApiService service
+
+type ApiGetRateLimitSettingsAdminNotificationsRequest struct {
+	ctx        context.Context
+	ApiService RateLimitSettingsApi
+	retryCount int32
+}
+
+func (r ApiGetRateLimitSettingsAdminNotificationsRequest) Execute() (*RateLimitAdminNotifications, *APIResponse, error) {
+	return r.ApiService.GetRateLimitSettingsAdminNotificationsExecute(r)
+}
+
+/*
+GetRateLimitSettingsAdminNotifications Retrieve the Rate Limit Admin Notification Settings
+
+Retrieves the currently configured Rate Limit Admin Notification Settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetRateLimitSettingsAdminNotificationsRequest
+*/
+func (a *RateLimitSettingsApiService) GetRateLimitSettingsAdminNotifications(ctx context.Context) ApiGetRateLimitSettingsAdminNotificationsRequest {
+	return ApiGetRateLimitSettingsAdminNotificationsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return RateLimitAdminNotifications
+func (a *RateLimitSettingsApiService) GetRateLimitSettingsAdminNotificationsExecute(r ApiGetRateLimitSettingsAdminNotificationsRequest) (*RateLimitAdminNotifications, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *RateLimitAdminNotifications
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RateLimitSettingsApiService.GetRateLimitSettingsAdminNotifications")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/rate-limit-settings/admin-notifications"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetRateLimitSettingsPerClientRequest struct {
+	ctx        context.Context
+	ApiService RateLimitSettingsApi
+	retryCount int32
+}
+
+func (r ApiGetRateLimitSettingsPerClientRequest) Execute() (*PerClientRateLimitSettings, *APIResponse, error) {
+	return r.ApiService.GetRateLimitSettingsPerClientExecute(r)
+}
+
+/*
+GetRateLimitSettingsPerClient Retrieve the Per-Client Rate Limit Settings
+
+Retrieves the currently configured Per-Client Rate Limit Settings
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetRateLimitSettingsPerClientRequest
+*/
+func (a *RateLimitSettingsApiService) GetRateLimitSettingsPerClient(ctx context.Context) ApiGetRateLimitSettingsPerClientRequest {
+	return ApiGetRateLimitSettingsPerClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return PerClientRateLimitSettings
+func (a *RateLimitSettingsApiService) GetRateLimitSettingsPerClientExecute(r ApiGetRateLimitSettingsPerClientRequest) (*PerClientRateLimitSettings, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *PerClientRateLimitSettings
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RateLimitSettingsApiService.GetRateLimitSettingsPerClient")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/rate-limit-settings/per-client"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceRateLimitSettingsAdminNotificationsRequest struct {
+	ctx                         context.Context
+	ApiService                  RateLimitSettingsApi
+	rateLimitAdminNotifications *RateLimitAdminNotifications
+	retryCount                  int32
+}
+
+func (r ApiReplaceRateLimitSettingsAdminNotificationsRequest) RateLimitAdminNotifications(rateLimitAdminNotifications RateLimitAdminNotifications) ApiReplaceRateLimitSettingsAdminNotificationsRequest {
+	r.rateLimitAdminNotifications = &rateLimitAdminNotifications
+	return r
+}
+
+func (r ApiReplaceRateLimitSettingsAdminNotificationsRequest) Execute() (*RateLimitAdminNotifications, *APIResponse, error) {
+	return r.ApiService.ReplaceRateLimitSettingsAdminNotificationsExecute(r)
+}
+
+/*
+ReplaceRateLimitSettingsAdminNotifications Replace the Rate Limit Admin Notification Settings
+
+Replaces the Rate Limit Admin Notification Settings and returns the configured properties
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiReplaceRateLimitSettingsAdminNotificationsRequest
+*/
+func (a *RateLimitSettingsApiService) ReplaceRateLimitSettingsAdminNotifications(ctx context.Context) ApiReplaceRateLimitSettingsAdminNotificationsRequest {
+	return ApiReplaceRateLimitSettingsAdminNotificationsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return RateLimitAdminNotifications
+func (a *RateLimitSettingsApiService) ReplaceRateLimitSettingsAdminNotificationsExecute(r ApiReplaceRateLimitSettingsAdminNotificationsRequest) (*RateLimitAdminNotifications, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *RateLimitAdminNotifications
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RateLimitSettingsApiService.ReplaceRateLimitSettingsAdminNotifications")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/rate-limit-settings/admin-notifications"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.rateLimitAdminNotifications == nil {
+		return localVarReturnValue, nil, reportError("rateLimitAdminNotifications is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.rateLimitAdminNotifications
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceRateLimitSettingsPerClientRequest struct {
+	ctx                        context.Context
+	ApiService                 RateLimitSettingsApi
+	perClientRateLimitSettings *PerClientRateLimitSettings
+	retryCount                 int32
+}
+
+func (r ApiReplaceRateLimitSettingsPerClientRequest) PerClientRateLimitSettings(perClientRateLimitSettings PerClientRateLimitSettings) ApiReplaceRateLimitSettingsPerClientRequest {
+	r.perClientRateLimitSettings = &perClientRateLimitSettings
+	return r
+}
+
+func (r ApiReplaceRateLimitSettingsPerClientRequest) Execute() (*PerClientRateLimitSettings, *APIResponse, error) {
+	return r.ApiService.ReplaceRateLimitSettingsPerClientExecute(r)
+}
+
+/*
+ReplaceRateLimitSettingsPerClient Replace the Per-Client Rate Limit Settings
+
+Replaces the Per-Client Rate Limit Settings and returns the configured properties
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiReplaceRateLimitSettingsPerClientRequest
+*/
+func (a *RateLimitSettingsApiService) ReplaceRateLimitSettingsPerClient(ctx context.Context) ApiReplaceRateLimitSettingsPerClientRequest {
+	return ApiReplaceRateLimitSettingsPerClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return PerClientRateLimitSettings
+func (a *RateLimitSettingsApiService) ReplaceRateLimitSettingsPerClientExecute(r ApiReplaceRateLimitSettingsPerClientRequest) (*PerClientRateLimitSettings, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *PerClientRateLimitSettings
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RateLimitSettingsApiService.ReplaceRateLimitSettingsPerClient")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/rate-limit-settings/per-client"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.perClientRateLimitSettings == nil {
+		return localVarReturnValue, nil, reportError("perClientRateLimitSettings is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.perClientRateLimitSettings
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_resource_set.go b/okta/api_resource_set.go
new file mode 100644
index 000000000..b98dd090f
--- /dev/null
+++ b/okta/api_resource_set.go
@@ -0,0 +1,3036 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type ResourceSetApi interface {
+	/*
+		AddMembersToBinding Add more Members to a binding
+
+		Adds more members to a resource set binding
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiAddMembersToBindingRequest
+	*/
+	AddMembersToBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiAddMembersToBindingRequest
+
+	// AddMembersToBindingExecute executes the request
+	//  @return ResourceSetBindingResponse
+	AddMembersToBindingExecute(r ApiAddMembersToBindingRequest) (*ResourceSetBindingResponse, *APIResponse, error)
+
+	/*
+		AddResourceSetResource Add more Resource to a resource set
+
+		Adds more resources to a resource set
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@return ApiAddResourceSetResourceRequest
+	*/
+	AddResourceSetResource(ctx context.Context, resourceSetId string) ApiAddResourceSetResourceRequest
+
+	// AddResourceSetResourceExecute executes the request
+	//  @return ResourceSet
+	AddResourceSetResourceExecute(r ApiAddResourceSetResourceRequest) (*ResourceSet, *APIResponse, error)
+
+	/*
+		CreateResourceSet Create a Resource Set
+
+		Creates a new resource set
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateResourceSetRequest
+	*/
+	CreateResourceSet(ctx context.Context) ApiCreateResourceSetRequest
+
+	// CreateResourceSetExecute executes the request
+	//  @return ResourceSet
+	CreateResourceSetExecute(r ApiCreateResourceSetRequest) (*ResourceSet, *APIResponse, error)
+
+	/*
+		CreateResourceSetBinding Create a Resource Set Binding
+
+		Creates a new resource set binding
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@return ApiCreateResourceSetBindingRequest
+	*/
+	CreateResourceSetBinding(ctx context.Context, resourceSetId string) ApiCreateResourceSetBindingRequest
+
+	// CreateResourceSetBindingExecute executes the request
+	//  @return ResourceSetBindingResponse
+	CreateResourceSetBindingExecute(r ApiCreateResourceSetBindingRequest) (*ResourceSetBindingResponse, *APIResponse, error)
+
+	/*
+		DeleteBinding Delete a Binding
+
+		Deletes a resource set binding by `resourceSetId` and `roleIdOrLabel`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiDeleteBindingRequest
+	*/
+	DeleteBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiDeleteBindingRequest
+
+	// DeleteBindingExecute executes the request
+	DeleteBindingExecute(r ApiDeleteBindingRequest) (*APIResponse, error)
+
+	/*
+		DeleteResourceSet Delete a Resource Set
+
+		Deletes a role by `resourceSetId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@return ApiDeleteResourceSetRequest
+	*/
+	DeleteResourceSet(ctx context.Context, resourceSetId string) ApiDeleteResourceSetRequest
+
+	// DeleteResourceSetExecute executes the request
+	DeleteResourceSetExecute(r ApiDeleteResourceSetRequest) (*APIResponse, error)
+
+	/*
+		DeleteResourceSetResource Delete a Resource from a resource set
+
+		Deletes a resource identified by `resourceId` from a resource set
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@param resourceId `id` of a resource
+		@return ApiDeleteResourceSetResourceRequest
+	*/
+	DeleteResourceSetResource(ctx context.Context, resourceSetId string, resourceId string) ApiDeleteResourceSetResourceRequest
+
+	// DeleteResourceSetResourceExecute executes the request
+	DeleteResourceSetResourceExecute(r ApiDeleteResourceSetResourceRequest) (*APIResponse, error)
+
+	/*
+		GetBinding Retrieve a Binding
+
+		Retrieves a resource set binding by `resourceSetId` and `roleIdOrLabel`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiGetBindingRequest
+	*/
+	GetBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiGetBindingRequest
+
+	// GetBindingExecute executes the request
+	//  @return ResourceSetBindingResponse
+	GetBindingExecute(r ApiGetBindingRequest) (*ResourceSetBindingResponse, *APIResponse, error)
+
+	/*
+		GetMemberOfBinding Retrieve a Member of a binding
+
+		Retrieves a member identified by `memberId` for a binding
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@param roleIdOrLabel `id` or `label` of the role
+		@param memberId `id` of a member
+		@return ApiGetMemberOfBindingRequest
+	*/
+	GetMemberOfBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string, memberId string) ApiGetMemberOfBindingRequest
+
+	// GetMemberOfBindingExecute executes the request
+	//  @return ResourceSetBindingMember
+	GetMemberOfBindingExecute(r ApiGetMemberOfBindingRequest) (*ResourceSetBindingMember, *APIResponse, error)
+
+	/*
+		GetResourceSet Retrieve a Resource Set
+
+		Retrieves a resource set by `resourceSetId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@return ApiGetResourceSetRequest
+	*/
+	GetResourceSet(ctx context.Context, resourceSetId string) ApiGetResourceSetRequest
+
+	// GetResourceSetExecute executes the request
+	//  @return ResourceSet
+	GetResourceSetExecute(r ApiGetResourceSetRequest) (*ResourceSet, *APIResponse, error)
+
+	/*
+		ListBindings List all Bindings
+
+		Lists all resource set bindings with pagination support
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@return ApiListBindingsRequest
+	*/
+	ListBindings(ctx context.Context, resourceSetId string) ApiListBindingsRequest
+
+	// ListBindingsExecute executes the request
+	//  @return ResourceSetBindings
+	ListBindingsExecute(r ApiListBindingsRequest) (*ResourceSetBindings, *APIResponse, error)
+
+	/*
+		ListMembersOfBinding List all Members of a binding
+
+		Lists all members of a resource set binding with pagination support
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiListMembersOfBindingRequest
+	*/
+	ListMembersOfBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiListMembersOfBindingRequest
+
+	// ListMembersOfBindingExecute executes the request
+	//  @return ResourceSetBindingMembers
+	ListMembersOfBindingExecute(r ApiListMembersOfBindingRequest) (*ResourceSetBindingMembers, *APIResponse, error)
+
+	/*
+		ListResourceSetResources List all Resources of a resource set
+
+		Lists all resources that make up the resource set
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@return ApiListResourceSetResourcesRequest
+	*/
+	ListResourceSetResources(ctx context.Context, resourceSetId string) ApiListResourceSetResourcesRequest
+
+	// ListResourceSetResourcesExecute executes the request
+	//  @return ResourceSetResources
+	ListResourceSetResourcesExecute(r ApiListResourceSetResourcesRequest) (*ResourceSetResources, *APIResponse, error)
+
+	/*
+		ListResourceSets List all Resource Sets
+
+		Lists all resource sets with pagination support
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListResourceSetsRequest
+	*/
+	ListResourceSets(ctx context.Context) ApiListResourceSetsRequest
+
+	// ListResourceSetsExecute executes the request
+	//  @return ResourceSets
+	ListResourceSetsExecute(r ApiListResourceSetsRequest) (*ResourceSets, *APIResponse, error)
+
+	/*
+		ReplaceResourceSet Replace a Resource Set
+
+		Replaces a resource set by `resourceSetId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@return ApiReplaceResourceSetRequest
+	*/
+	ReplaceResourceSet(ctx context.Context, resourceSetId string) ApiReplaceResourceSetRequest
+
+	// ReplaceResourceSetExecute executes the request
+	//  @return ResourceSet
+	ReplaceResourceSetExecute(r ApiReplaceResourceSetRequest) (*ResourceSet, *APIResponse, error)
+
+	/*
+		UnassignMemberFromBinding Unassign a Member from a binding
+
+		Unassigns a member identified by `memberId` from a binding
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param resourceSetId `id` of a resource set
+		@param roleIdOrLabel `id` or `label` of the role
+		@param memberId `id` of a member
+		@return ApiUnassignMemberFromBindingRequest
+	*/
+	UnassignMemberFromBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string, memberId string) ApiUnassignMemberFromBindingRequest
+
+	// UnassignMemberFromBindingExecute executes the request
+	UnassignMemberFromBindingExecute(r ApiUnassignMemberFromBindingRequest) (*APIResponse, error)
+}
+
+// ResourceSetApiService ResourceSetApi service
+type ResourceSetApiService service
+
+type ApiAddMembersToBindingRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	roleIdOrLabel string
+	instance      *ResourceSetBindingAddMembersRequest
+	retryCount    int32
+}
+
+func (r ApiAddMembersToBindingRequest) Instance(instance ResourceSetBindingAddMembersRequest) ApiAddMembersToBindingRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiAddMembersToBindingRequest) Execute() (*ResourceSetBindingResponse, *APIResponse, error) {
+	return r.ApiService.AddMembersToBindingExecute(r)
+}
+
+/*
+AddMembersToBinding Add more Members to a binding
+
+Adds more members to a resource set binding
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiAddMembersToBindingRequest
+*/
+func (a *ResourceSetApiService) AddMembersToBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiAddMembersToBindingRequest {
+	return ApiAddMembersToBindingRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSetBindingResponse
+func (a *ResourceSetApiService) AddMembersToBindingExecute(r ApiAddMembersToBindingRequest) (*ResourceSetBindingResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPatch
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSetBindingResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.AddMembersToBinding")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiAddResourceSetResourceRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	instance      *ResourceSetResourcePatchRequest
+	retryCount    int32
+}
+
+func (r ApiAddResourceSetResourceRequest) Instance(instance ResourceSetResourcePatchRequest) ApiAddResourceSetResourceRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiAddResourceSetResourceRequest) Execute() (*ResourceSet, *APIResponse, error) {
+	return r.ApiService.AddResourceSetResourceExecute(r)
+}
+
+/*
+AddResourceSetResource Add more Resource to a resource set
+
+Adds more resources to a resource set
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@return ApiAddResourceSetResourceRequest
+*/
+func (a *ResourceSetApiService) AddResourceSetResource(ctx context.Context, resourceSetId string) ApiAddResourceSetResourceRequest {
+	return ApiAddResourceSetResourceRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSet
+func (a *ResourceSetApiService) AddResourceSetResourceExecute(r ApiAddResourceSetResourceRequest) (*ResourceSet, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPatch
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSet
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.AddResourceSetResource")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/resources"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateResourceSetRequest struct {
+	ctx        context.Context
+	ApiService ResourceSetApi
+	instance   *ResourceSet
+	retryCount int32
+}
+
+func (r ApiCreateResourceSetRequest) Instance(instance ResourceSet) ApiCreateResourceSetRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiCreateResourceSetRequest) Execute() (*ResourceSet, *APIResponse, error) {
+	return r.ApiService.CreateResourceSetExecute(r)
+}
+
+/*
+CreateResourceSet Create a Resource Set
+
+Creates a new resource set
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateResourceSetRequest
+*/
+func (a *ResourceSetApiService) CreateResourceSet(ctx context.Context) ApiCreateResourceSetRequest {
+	return ApiCreateResourceSetRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSet
+func (a *ResourceSetApiService) CreateResourceSetExecute(r ApiCreateResourceSetRequest) (*ResourceSet, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSet
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.CreateResourceSet")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateResourceSetBindingRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	instance      *ResourceSetBindingCreateRequest
+	retryCount    int32
+}
+
+func (r ApiCreateResourceSetBindingRequest) Instance(instance ResourceSetBindingCreateRequest) ApiCreateResourceSetBindingRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiCreateResourceSetBindingRequest) Execute() (*ResourceSetBindingResponse, *APIResponse, error) {
+	return r.ApiService.CreateResourceSetBindingExecute(r)
+}
+
+/*
+CreateResourceSetBinding Create a Resource Set Binding
+
+Creates a new resource set binding
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@return ApiCreateResourceSetBindingRequest
+*/
+func (a *ResourceSetApiService) CreateResourceSetBinding(ctx context.Context, resourceSetId string) ApiCreateResourceSetBindingRequest {
+	return ApiCreateResourceSetBindingRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSetBindingResponse
+func (a *ResourceSetApiService) CreateResourceSetBindingExecute(r ApiCreateResourceSetBindingRequest) (*ResourceSetBindingResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSetBindingResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.CreateResourceSetBinding")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteBindingRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	roleIdOrLabel string
+	retryCount    int32
+}
+
+func (r ApiDeleteBindingRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteBindingExecute(r)
+}
+
+/*
+DeleteBinding Delete a Binding
+
+Deletes a resource set binding by `resourceSetId` and `roleIdOrLabel`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiDeleteBindingRequest
+*/
+func (a *ResourceSetApiService) DeleteBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiDeleteBindingRequest {
+	return ApiDeleteBindingRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *ResourceSetApiService) DeleteBindingExecute(r ApiDeleteBindingRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.DeleteBinding")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteResourceSetRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	retryCount    int32
+}
+
+func (r ApiDeleteResourceSetRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteResourceSetExecute(r)
+}
+
+/*
+DeleteResourceSet Delete a Resource Set
+
+Deletes a role by `resourceSetId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@return ApiDeleteResourceSetRequest
+*/
+func (a *ResourceSetApiService) DeleteResourceSet(ctx context.Context, resourceSetId string) ApiDeleteResourceSetRequest {
+	return ApiDeleteResourceSetRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *ResourceSetApiService) DeleteResourceSetExecute(r ApiDeleteResourceSetRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.DeleteResourceSet")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteResourceSetResourceRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	resourceId    string
+	retryCount    int32
+}
+
+func (r ApiDeleteResourceSetResourceRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteResourceSetResourceExecute(r)
+}
+
+/*
+DeleteResourceSetResource Delete a Resource from a resource set
+
+Deletes a resource identified by `resourceId` from a resource set
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@param resourceId `id` of a resource
+	@return ApiDeleteResourceSetResourceRequest
+*/
+func (a *ResourceSetApiService) DeleteResourceSetResource(ctx context.Context, resourceSetId string, resourceId string) ApiDeleteResourceSetResourceRequest {
+	return ApiDeleteResourceSetResourceRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		resourceId:    resourceId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *ResourceSetApiService) DeleteResourceSetResourceExecute(r ApiDeleteResourceSetResourceRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.DeleteResourceSetResource")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceId"+"}", url.PathEscape(parameterToString(r.resourceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetBindingRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	roleIdOrLabel string
+	retryCount    int32
+}
+
+func (r ApiGetBindingRequest) Execute() (*ResourceSetBindingResponse, *APIResponse, error) {
+	return r.ApiService.GetBindingExecute(r)
+}
+
+/*
+GetBinding Retrieve a Binding
+
+Retrieves a resource set binding by `resourceSetId` and `roleIdOrLabel`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiGetBindingRequest
+*/
+func (a *ResourceSetApiService) GetBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiGetBindingRequest {
+	return ApiGetBindingRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSetBindingResponse
+func (a *ResourceSetApiService) GetBindingExecute(r ApiGetBindingRequest) (*ResourceSetBindingResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSetBindingResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.GetBinding")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetMemberOfBindingRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	roleIdOrLabel string
+	memberId      string
+	retryCount    int32
+}
+
+func (r ApiGetMemberOfBindingRequest) Execute() (*ResourceSetBindingMember, *APIResponse, error) {
+	return r.ApiService.GetMemberOfBindingExecute(r)
+}
+
+/*
+GetMemberOfBinding Retrieve a Member of a binding
+
+Retrieves a member identified by `memberId` for a binding
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@param roleIdOrLabel `id` or `label` of the role
+	@param memberId `id` of a member
+	@return ApiGetMemberOfBindingRequest
+*/
+func (a *ResourceSetApiService) GetMemberOfBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string, memberId string) ApiGetMemberOfBindingRequest {
+	return ApiGetMemberOfBindingRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		roleIdOrLabel: roleIdOrLabel,
+		memberId:      memberId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSetBindingMember
+func (a *ResourceSetApiService) GetMemberOfBindingExecute(r ApiGetMemberOfBindingRequest) (*ResourceSetBindingMember, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSetBindingMember
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.GetMemberOfBinding")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"memberId"+"}", url.PathEscape(parameterToString(r.memberId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetResourceSetRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	retryCount    int32
+}
+
+func (r ApiGetResourceSetRequest) Execute() (*ResourceSet, *APIResponse, error) {
+	return r.ApiService.GetResourceSetExecute(r)
+}
+
+/*
+GetResourceSet Retrieve a Resource Set
+
+Retrieves a resource set by `resourceSetId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@return ApiGetResourceSetRequest
+*/
+func (a *ResourceSetApiService) GetResourceSet(ctx context.Context, resourceSetId string) ApiGetResourceSetRequest {
+	return ApiGetResourceSetRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSet
+func (a *ResourceSetApiService) GetResourceSetExecute(r ApiGetResourceSetRequest) (*ResourceSet, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSet
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.GetResourceSet")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListBindingsRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	after         *string
+	retryCount    int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListBindingsRequest) After(after string) ApiListBindingsRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListBindingsRequest) Execute() (*ResourceSetBindings, *APIResponse, error) {
+	return r.ApiService.ListBindingsExecute(r)
+}
+
+/*
+ListBindings List all Bindings
+
+Lists all resource set bindings with pagination support
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@return ApiListBindingsRequest
+*/
+func (a *ResourceSetApiService) ListBindings(ctx context.Context, resourceSetId string) ApiListBindingsRequest {
+	return ApiListBindingsRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSetBindings
+func (a *ResourceSetApiService) ListBindingsExecute(r ApiListBindingsRequest) (*ResourceSetBindings, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSetBindings
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.ListBindings")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListMembersOfBindingRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	roleIdOrLabel string
+	after         *string
+	retryCount    int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListMembersOfBindingRequest) After(after string) ApiListMembersOfBindingRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListMembersOfBindingRequest) Execute() (*ResourceSetBindingMembers, *APIResponse, error) {
+	return r.ApiService.ListMembersOfBindingExecute(r)
+}
+
+/*
+ListMembersOfBinding List all Members of a binding
+
+Lists all members of a resource set binding with pagination support
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiListMembersOfBindingRequest
+*/
+func (a *ResourceSetApiService) ListMembersOfBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string) ApiListMembersOfBindingRequest {
+	return ApiListMembersOfBindingRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSetBindingMembers
+func (a *ResourceSetApiService) ListMembersOfBindingExecute(r ApiListMembersOfBindingRequest) (*ResourceSetBindingMembers, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSetBindingMembers
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.ListMembersOfBinding")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListResourceSetResourcesRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	retryCount    int32
+}
+
+func (r ApiListResourceSetResourcesRequest) Execute() (*ResourceSetResources, *APIResponse, error) {
+	return r.ApiService.ListResourceSetResourcesExecute(r)
+}
+
+/*
+ListResourceSetResources List all Resources of a resource set
+
+Lists all resources that make up the resource set
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@return ApiListResourceSetResourcesRequest
+*/
+func (a *ResourceSetApiService) ListResourceSetResources(ctx context.Context, resourceSetId string) ApiListResourceSetResourcesRequest {
+	return ApiListResourceSetResourcesRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSetResources
+func (a *ResourceSetApiService) ListResourceSetResourcesExecute(r ApiListResourceSetResourcesRequest) (*ResourceSetResources, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSetResources
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.ListResourceSetResources")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/resources"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListResourceSetsRequest struct {
+	ctx        context.Context
+	ApiService ResourceSetApi
+	after      *string
+	retryCount int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListResourceSetsRequest) After(after string) ApiListResourceSetsRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListResourceSetsRequest) Execute() (*ResourceSets, *APIResponse, error) {
+	return r.ApiService.ListResourceSetsExecute(r)
+}
+
+/*
+ListResourceSets List all Resource Sets
+
+Lists all resource sets with pagination support
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListResourceSetsRequest
+*/
+func (a *ResourceSetApiService) ListResourceSets(ctx context.Context) ApiListResourceSetsRequest {
+	return ApiListResourceSetsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSets
+func (a *ResourceSetApiService) ListResourceSetsExecute(r ApiListResourceSetsRequest) (*ResourceSets, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSets
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.ListResourceSets")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceResourceSetRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	instance      *ResourceSet
+	retryCount    int32
+}
+
+func (r ApiReplaceResourceSetRequest) Instance(instance ResourceSet) ApiReplaceResourceSetRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiReplaceResourceSetRequest) Execute() (*ResourceSet, *APIResponse, error) {
+	return r.ApiService.ReplaceResourceSetExecute(r)
+}
+
+/*
+ReplaceResourceSet Replace a Resource Set
+
+Replaces a resource set by `resourceSetId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@return ApiReplaceResourceSetRequest
+*/
+func (a *ResourceSetApiService) ReplaceResourceSet(ctx context.Context, resourceSetId string) ApiReplaceResourceSetRequest {
+	return ApiReplaceResourceSetRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResourceSet
+func (a *ResourceSetApiService) ReplaceResourceSetExecute(r ApiReplaceResourceSetRequest) (*ResourceSet, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResourceSet
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.ReplaceResourceSet")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUnassignMemberFromBindingRequest struct {
+	ctx           context.Context
+	ApiService    ResourceSetApi
+	resourceSetId string
+	roleIdOrLabel string
+	memberId      string
+	retryCount    int32
+}
+
+func (r ApiUnassignMemberFromBindingRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignMemberFromBindingExecute(r)
+}
+
+/*
+UnassignMemberFromBinding Unassign a Member from a binding
+
+Unassigns a member identified by `memberId` from a binding
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param resourceSetId `id` of a resource set
+	@param roleIdOrLabel `id` or `label` of the role
+	@param memberId `id` of a member
+	@return ApiUnassignMemberFromBindingRequest
+*/
+func (a *ResourceSetApiService) UnassignMemberFromBinding(ctx context.Context, resourceSetId string, roleIdOrLabel string, memberId string) ApiUnassignMemberFromBindingRequest {
+	return ApiUnassignMemberFromBindingRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		resourceSetId: resourceSetId,
+		roleIdOrLabel: roleIdOrLabel,
+		memberId:      memberId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *ResourceSetApiService) UnassignMemberFromBindingExecute(r ApiUnassignMemberFromBindingRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ResourceSetApiService.UnassignMemberFromBinding")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"resourceSetId"+"}", url.PathEscape(parameterToString(r.resourceSetId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"memberId"+"}", url.PathEscape(parameterToString(r.memberId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_risk_event.go b/okta/api_risk_event.go
new file mode 100644
index 000000000..170957c0d
--- /dev/null
+++ b/okta/api_risk_event.go
@@ -0,0 +1,212 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type RiskEventApi interface {
+	/*
+		SendRiskEvents Send multiple Risk Events
+
+		Sends multiple risk events to Okta. This API is intended for Risk Providers. This API has a rate limit of 30 requests per minute. The caller should include multiple Risk Events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. If a client has more risk signals to send than what the API supports, we recommend prioritizing posting high risk signals.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiSendRiskEventsRequest
+	*/
+	SendRiskEvents(ctx context.Context) ApiSendRiskEventsRequest
+
+	// SendRiskEventsExecute executes the request
+	SendRiskEventsExecute(r ApiSendRiskEventsRequest) (*APIResponse, error)
+}
+
+// RiskEventApiService RiskEventApi service
+type RiskEventApiService service
+
+type ApiSendRiskEventsRequest struct {
+	ctx        context.Context
+	ApiService RiskEventApi
+	instance   *[]RiskEvent
+	retryCount int32
+}
+
+func (r ApiSendRiskEventsRequest) Instance(instance []RiskEvent) ApiSendRiskEventsRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiSendRiskEventsRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.SendRiskEventsExecute(r)
+}
+
+/*
+SendRiskEvents Send multiple Risk Events
+
+Sends multiple risk events to Okta. This API is intended for Risk Providers. This API has a rate limit of 30 requests per minute. The caller should include multiple Risk Events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. If a client has more risk signals to send than what the API supports, we recommend prioritizing posting high risk signals.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiSendRiskEventsRequest
+*/
+func (a *RiskEventApiService) SendRiskEvents(ctx context.Context) ApiSendRiskEventsRequest {
+	return ApiSendRiskEventsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RiskEventApiService) SendRiskEventsExecute(r ApiSendRiskEventsRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RiskEventApiService.SendRiskEvents")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/risk/events/ip"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_risk_provider.go b/okta/api_risk_provider.go
new file mode 100644
index 000000000..b6ac29556
--- /dev/null
+++ b/okta/api_risk_provider.go
@@ -0,0 +1,943 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type RiskProviderApi interface {
+	/*
+		CreateRiskProvider Create a Risk Provider
+
+		Creates a risk provider. A maximum of 3 providers can be created. By default, one risk provider is created by Okta.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateRiskProviderRequest
+	*/
+	CreateRiskProvider(ctx context.Context) ApiCreateRiskProviderRequest
+
+	// CreateRiskProviderExecute executes the request
+	//  @return RiskProvider
+	CreateRiskProviderExecute(r ApiCreateRiskProviderRequest) (*RiskProvider, *APIResponse, error)
+
+	/*
+		DeleteRiskProvider Delete a Risk Provider
+
+		Deletes a CAPTCHA instance by `riskProviderId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param riskProviderId `id` of the risk provider
+		@return ApiDeleteRiskProviderRequest
+	*/
+	DeleteRiskProvider(ctx context.Context, riskProviderId string) ApiDeleteRiskProviderRequest
+
+	// DeleteRiskProviderExecute executes the request
+	DeleteRiskProviderExecute(r ApiDeleteRiskProviderRequest) (*APIResponse, error)
+
+	/*
+		GetRiskProvider Retrieve a Risk Provider
+
+		Retrieves a risk provider by `riskProviderId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param riskProviderId `id` of the risk provider
+		@return ApiGetRiskProviderRequest
+	*/
+	GetRiskProvider(ctx context.Context, riskProviderId string) ApiGetRiskProviderRequest
+
+	// GetRiskProviderExecute executes the request
+	//  @return RiskProvider
+	GetRiskProviderExecute(r ApiGetRiskProviderRequest) (*RiskProvider, *APIResponse, error)
+
+	/*
+		ListRiskProviders List all Risk Providers
+
+		Lists all Risk Providers
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListRiskProvidersRequest
+	*/
+	ListRiskProviders(ctx context.Context) ApiListRiskProvidersRequest
+
+	// ListRiskProvidersExecute executes the request
+	//  @return []RiskProvider
+	ListRiskProvidersExecute(r ApiListRiskProvidersRequest) ([]RiskProvider, *APIResponse, error)
+
+	/*
+		ReplaceRiskProvider Replace a Risk Provider
+
+		Replaces a risk provider by `riskProviderId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param riskProviderId `id` of the risk provider
+		@return ApiReplaceRiskProviderRequest
+	*/
+	ReplaceRiskProvider(ctx context.Context, riskProviderId string) ApiReplaceRiskProviderRequest
+
+	// ReplaceRiskProviderExecute executes the request
+	//  @return RiskProvider
+	ReplaceRiskProviderExecute(r ApiReplaceRiskProviderRequest) (*RiskProvider, *APIResponse, error)
+}
+
+// RiskProviderApiService RiskProviderApi service
+type RiskProviderApiService service
+
+type ApiCreateRiskProviderRequest struct {
+	ctx        context.Context
+	ApiService RiskProviderApi
+	instance   *RiskProvider
+	retryCount int32
+}
+
+func (r ApiCreateRiskProviderRequest) Instance(instance RiskProvider) ApiCreateRiskProviderRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiCreateRiskProviderRequest) Execute() (*RiskProvider, *APIResponse, error) {
+	return r.ApiService.CreateRiskProviderExecute(r)
+}
+
+/*
+CreateRiskProvider Create a Risk Provider
+
+Creates a risk provider. A maximum of 3 providers can be created. By default, one risk provider is created by Okta.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateRiskProviderRequest
+*/
+func (a *RiskProviderApiService) CreateRiskProvider(ctx context.Context) ApiCreateRiskProviderRequest {
+	return ApiCreateRiskProviderRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return RiskProvider
+func (a *RiskProviderApiService) CreateRiskProviderExecute(r ApiCreateRiskProviderRequest) (*RiskProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *RiskProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RiskProviderApiService.CreateRiskProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/risk/providers"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteRiskProviderRequest struct {
+	ctx            context.Context
+	ApiService     RiskProviderApi
+	riskProviderId string
+	retryCount     int32
+}
+
+func (r ApiDeleteRiskProviderRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteRiskProviderExecute(r)
+}
+
+/*
+DeleteRiskProvider Delete a Risk Provider
+
+Deletes a CAPTCHA instance by `riskProviderId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param riskProviderId `id` of the risk provider
+	@return ApiDeleteRiskProviderRequest
+*/
+func (a *RiskProviderApiService) DeleteRiskProvider(ctx context.Context, riskProviderId string) ApiDeleteRiskProviderRequest {
+	return ApiDeleteRiskProviderRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		riskProviderId: riskProviderId,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+func (a *RiskProviderApiService) DeleteRiskProviderExecute(r ApiDeleteRiskProviderRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RiskProviderApiService.DeleteRiskProvider")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/risk/providers/{riskProviderId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"riskProviderId"+"}", url.PathEscape(parameterToString(r.riskProviderId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetRiskProviderRequest struct {
+	ctx            context.Context
+	ApiService     RiskProviderApi
+	riskProviderId string
+	retryCount     int32
+}
+
+func (r ApiGetRiskProviderRequest) Execute() (*RiskProvider, *APIResponse, error) {
+	return r.ApiService.GetRiskProviderExecute(r)
+}
+
+/*
+GetRiskProvider Retrieve a Risk Provider
+
+Retrieves a risk provider by `riskProviderId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param riskProviderId `id` of the risk provider
+	@return ApiGetRiskProviderRequest
+*/
+func (a *RiskProviderApiService) GetRiskProvider(ctx context.Context, riskProviderId string) ApiGetRiskProviderRequest {
+	return ApiGetRiskProviderRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		riskProviderId: riskProviderId,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return RiskProvider
+func (a *RiskProviderApiService) GetRiskProviderExecute(r ApiGetRiskProviderRequest) (*RiskProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *RiskProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RiskProviderApiService.GetRiskProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/risk/providers/{riskProviderId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"riskProviderId"+"}", url.PathEscape(parameterToString(r.riskProviderId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListRiskProvidersRequest struct {
+	ctx        context.Context
+	ApiService RiskProviderApi
+	retryCount int32
+}
+
+func (r ApiListRiskProvidersRequest) Execute() ([]RiskProvider, *APIResponse, error) {
+	return r.ApiService.ListRiskProvidersExecute(r)
+}
+
+/*
+ListRiskProviders List all Risk Providers
+
+Lists all Risk Providers
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListRiskProvidersRequest
+*/
+func (a *RiskProviderApiService) ListRiskProviders(ctx context.Context) ApiListRiskProvidersRequest {
+	return ApiListRiskProvidersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []RiskProvider
+func (a *RiskProviderApiService) ListRiskProvidersExecute(r ApiListRiskProvidersRequest) ([]RiskProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []RiskProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RiskProviderApiService.ListRiskProviders")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/risk/providers"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceRiskProviderRequest struct {
+	ctx            context.Context
+	ApiService     RiskProviderApi
+	riskProviderId string
+	instance       *RiskProvider
+	retryCount     int32
+}
+
+func (r ApiReplaceRiskProviderRequest) Instance(instance RiskProvider) ApiReplaceRiskProviderRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiReplaceRiskProviderRequest) Execute() (*RiskProvider, *APIResponse, error) {
+	return r.ApiService.ReplaceRiskProviderExecute(r)
+}
+
+/*
+ReplaceRiskProvider Replace a Risk Provider
+
+Replaces a risk provider by `riskProviderId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param riskProviderId `id` of the risk provider
+	@return ApiReplaceRiskProviderRequest
+*/
+func (a *RiskProviderApiService) ReplaceRiskProvider(ctx context.Context, riskProviderId string) ApiReplaceRiskProviderRequest {
+	return ApiReplaceRiskProviderRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		riskProviderId: riskProviderId,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return RiskProvider
+func (a *RiskProviderApiService) ReplaceRiskProviderExecute(r ApiReplaceRiskProviderRequest) (*RiskProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *RiskProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RiskProviderApiService.ReplaceRiskProvider")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/risk/providers/{riskProviderId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"riskProviderId"+"}", url.PathEscape(parameterToString(r.riskProviderId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_role.go b/okta/api_role.go
new file mode 100644
index 000000000..8208d90bb
--- /dev/null
+++ b/okta/api_role.go
@@ -0,0 +1,1676 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type RoleApi interface {
+	/*
+		CreateRole Create a Role
+
+		Creates a new role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateRoleRequest
+	*/
+	CreateRole(ctx context.Context) ApiCreateRoleRequest
+
+	// CreateRoleExecute executes the request
+	//  @return IamRole
+	CreateRoleExecute(r ApiCreateRoleRequest) (*IamRole, *APIResponse, error)
+
+	/*
+		CreateRolePermission Create a Permission
+
+		Creates a permission specified by `permissionType` to the role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleIdOrLabel `id` or `label` of the role
+		@param permissionType An okta permission type
+		@return ApiCreateRolePermissionRequest
+	*/
+	CreateRolePermission(ctx context.Context, roleIdOrLabel string, permissionType string) ApiCreateRolePermissionRequest
+
+	// CreateRolePermissionExecute executes the request
+	CreateRolePermissionExecute(r ApiCreateRolePermissionRequest) (*APIResponse, error)
+
+	/*
+		DeleteRole Delete a Role
+
+		Deletes a role by `roleIdOrLabel`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiDeleteRoleRequest
+	*/
+	DeleteRole(ctx context.Context, roleIdOrLabel string) ApiDeleteRoleRequest
+
+	// DeleteRoleExecute executes the request
+	DeleteRoleExecute(r ApiDeleteRoleRequest) (*APIResponse, error)
+
+	/*
+		DeleteRolePermission Delete a Permission
+
+		Deletes a permission from a role by `permissionType`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleIdOrLabel `id` or `label` of the role
+		@param permissionType An okta permission type
+		@return ApiDeleteRolePermissionRequest
+	*/
+	DeleteRolePermission(ctx context.Context, roleIdOrLabel string, permissionType string) ApiDeleteRolePermissionRequest
+
+	// DeleteRolePermissionExecute executes the request
+	DeleteRolePermissionExecute(r ApiDeleteRolePermissionRequest) (*APIResponse, error)
+
+	/*
+		GetRole Retrieve a Role
+
+		Retrieves a role by `roleIdOrLabel`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiGetRoleRequest
+	*/
+	GetRole(ctx context.Context, roleIdOrLabel string) ApiGetRoleRequest
+
+	// GetRoleExecute executes the request
+	//  @return IamRole
+	GetRoleExecute(r ApiGetRoleRequest) (*IamRole, *APIResponse, error)
+
+	/*
+		GetRolePermission Retrieve a Permission
+
+		Retrieves a permission by `permissionType`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleIdOrLabel `id` or `label` of the role
+		@param permissionType An okta permission type
+		@return ApiGetRolePermissionRequest
+	*/
+	GetRolePermission(ctx context.Context, roleIdOrLabel string, permissionType string) ApiGetRolePermissionRequest
+
+	// GetRolePermissionExecute executes the request
+	//  @return Permission
+	GetRolePermissionExecute(r ApiGetRolePermissionRequest) (*Permission, *APIResponse, error)
+
+	/*
+		ListRolePermissions List all Permissions
+
+		Lists all permissions of the role by `roleIdOrLabel`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiListRolePermissionsRequest
+	*/
+	ListRolePermissions(ctx context.Context, roleIdOrLabel string) ApiListRolePermissionsRequest
+
+	// ListRolePermissionsExecute executes the request
+	//  @return Permissions
+	ListRolePermissionsExecute(r ApiListRolePermissionsRequest) (*Permissions, *APIResponse, error)
+
+	/*
+		ListRoles List all Roles
+
+		Lists all roles with pagination support
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListRolesRequest
+	*/
+	ListRoles(ctx context.Context) ApiListRolesRequest
+
+	// ListRolesExecute executes the request
+	//  @return IamRoles
+	ListRolesExecute(r ApiListRolesRequest) (*IamRoles, *APIResponse, error)
+
+	/*
+		ReplaceRole Replace a Role
+
+		Replaces a role by `roleIdOrLabel`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleIdOrLabel `id` or `label` of the role
+		@return ApiReplaceRoleRequest
+	*/
+	ReplaceRole(ctx context.Context, roleIdOrLabel string) ApiReplaceRoleRequest
+
+	// ReplaceRoleExecute executes the request
+	//  @return IamRole
+	ReplaceRoleExecute(r ApiReplaceRoleRequest) (*IamRole, *APIResponse, error)
+}
+
+// RoleApiService RoleApi service
+type RoleApiService service
+
+type ApiCreateRoleRequest struct {
+	ctx        context.Context
+	ApiService RoleApi
+	instance   *IamRole
+	retryCount int32
+}
+
+func (r ApiCreateRoleRequest) Instance(instance IamRole) ApiCreateRoleRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiCreateRoleRequest) Execute() (*IamRole, *APIResponse, error) {
+	return r.ApiService.CreateRoleExecute(r)
+}
+
+/*
+CreateRole Create a Role
+
+Creates a new role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateRoleRequest
+*/
+func (a *RoleApiService) CreateRole(ctx context.Context) ApiCreateRoleRequest {
+	return ApiCreateRoleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IamRole
+func (a *RoleApiService) CreateRoleExecute(r ApiCreateRoleRequest) (*IamRole, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IamRole
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.CreateRole")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateRolePermissionRequest struct {
+	ctx            context.Context
+	ApiService     RoleApi
+	roleIdOrLabel  string
+	permissionType string
+	retryCount     int32
+}
+
+func (r ApiCreateRolePermissionRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.CreateRolePermissionExecute(r)
+}
+
+/*
+CreateRolePermission Create a Permission
+
+Creates a permission specified by `permissionType` to the role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleIdOrLabel `id` or `label` of the role
+	@param permissionType An okta permission type
+	@return ApiCreateRolePermissionRequest
+*/
+func (a *RoleApiService) CreateRolePermission(ctx context.Context, roleIdOrLabel string, permissionType string) ApiCreateRolePermissionRequest {
+	return ApiCreateRolePermissionRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		roleIdOrLabel:  roleIdOrLabel,
+		permissionType: permissionType,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleApiService) CreateRolePermissionExecute(r ApiCreateRolePermissionRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.CreateRolePermission")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"permissionType"+"}", url.PathEscape(parameterToString(r.permissionType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteRoleRequest struct {
+	ctx           context.Context
+	ApiService    RoleApi
+	roleIdOrLabel string
+	retryCount    int32
+}
+
+func (r ApiDeleteRoleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteRoleExecute(r)
+}
+
+/*
+DeleteRole Delete a Role
+
+Deletes a role by `roleIdOrLabel`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiDeleteRoleRequest
+*/
+func (a *RoleApiService) DeleteRole(ctx context.Context, roleIdOrLabel string) ApiDeleteRoleRequest {
+	return ApiDeleteRoleRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleApiService) DeleteRoleExecute(r ApiDeleteRoleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.DeleteRole")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles/{roleIdOrLabel}"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteRolePermissionRequest struct {
+	ctx            context.Context
+	ApiService     RoleApi
+	roleIdOrLabel  string
+	permissionType string
+	retryCount     int32
+}
+
+func (r ApiDeleteRolePermissionRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteRolePermissionExecute(r)
+}
+
+/*
+DeleteRolePermission Delete a Permission
+
+Deletes a permission from a role by `permissionType`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleIdOrLabel `id` or `label` of the role
+	@param permissionType An okta permission type
+	@return ApiDeleteRolePermissionRequest
+*/
+func (a *RoleApiService) DeleteRolePermission(ctx context.Context, roleIdOrLabel string, permissionType string) ApiDeleteRolePermissionRequest {
+	return ApiDeleteRolePermissionRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		roleIdOrLabel:  roleIdOrLabel,
+		permissionType: permissionType,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleApiService) DeleteRolePermissionExecute(r ApiDeleteRolePermissionRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.DeleteRolePermission")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"permissionType"+"}", url.PathEscape(parameterToString(r.permissionType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetRoleRequest struct {
+	ctx           context.Context
+	ApiService    RoleApi
+	roleIdOrLabel string
+	retryCount    int32
+}
+
+func (r ApiGetRoleRequest) Execute() (*IamRole, *APIResponse, error) {
+	return r.ApiService.GetRoleExecute(r)
+}
+
+/*
+GetRole Retrieve a Role
+
+Retrieves a role by `roleIdOrLabel`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiGetRoleRequest
+*/
+func (a *RoleApiService) GetRole(ctx context.Context, roleIdOrLabel string) ApiGetRoleRequest {
+	return ApiGetRoleRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IamRole
+func (a *RoleApiService) GetRoleExecute(r ApiGetRoleRequest) (*IamRole, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IamRole
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.GetRole")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles/{roleIdOrLabel}"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetRolePermissionRequest struct {
+	ctx            context.Context
+	ApiService     RoleApi
+	roleIdOrLabel  string
+	permissionType string
+	retryCount     int32
+}
+
+func (r ApiGetRolePermissionRequest) Execute() (*Permission, *APIResponse, error) {
+	return r.ApiService.GetRolePermissionExecute(r)
+}
+
+/*
+GetRolePermission Retrieve a Permission
+
+Retrieves a permission by `permissionType`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleIdOrLabel `id` or `label` of the role
+	@param permissionType An okta permission type
+	@return ApiGetRolePermissionRequest
+*/
+func (a *RoleApiService) GetRolePermission(ctx context.Context, roleIdOrLabel string, permissionType string) ApiGetRolePermissionRequest {
+	return ApiGetRolePermissionRequest{
+		ApiService:     a,
+		ctx:            ctx,
+		roleIdOrLabel:  roleIdOrLabel,
+		permissionType: permissionType,
+		retryCount:     0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Permission
+func (a *RoleApiService) GetRolePermissionExecute(r ApiGetRolePermissionRequest) (*Permission, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Permission
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.GetRolePermission")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"permissionType"+"}", url.PathEscape(parameterToString(r.permissionType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListRolePermissionsRequest struct {
+	ctx           context.Context
+	ApiService    RoleApi
+	roleIdOrLabel string
+	retryCount    int32
+}
+
+func (r ApiListRolePermissionsRequest) Execute() (*Permissions, *APIResponse, error) {
+	return r.ApiService.ListRolePermissionsExecute(r)
+}
+
+/*
+ListRolePermissions List all Permissions
+
+Lists all permissions of the role by `roleIdOrLabel`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiListRolePermissionsRequest
+*/
+func (a *RoleApiService) ListRolePermissions(ctx context.Context, roleIdOrLabel string) ApiListRolePermissionsRequest {
+	return ApiListRolePermissionsRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Permissions
+func (a *RoleApiService) ListRolePermissionsExecute(r ApiListRolePermissionsRequest) (*Permissions, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Permissions
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.ListRolePermissions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles/{roleIdOrLabel}/permissions"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListRolesRequest struct {
+	ctx        context.Context
+	ApiService RoleApi
+	after      *string
+	retryCount int32
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListRolesRequest) After(after string) ApiListRolesRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListRolesRequest) Execute() (*IamRoles, *APIResponse, error) {
+	return r.ApiService.ListRolesExecute(r)
+}
+
+/*
+ListRoles List all Roles
+
+Lists all roles with pagination support
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListRolesRequest
+*/
+func (a *RoleApiService) ListRoles(ctx context.Context) ApiListRolesRequest {
+	return ApiListRolesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IamRoles
+func (a *RoleApiService) ListRolesExecute(r ApiListRolesRequest) (*IamRoles, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IamRoles
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.ListRoles")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceRoleRequest struct {
+	ctx           context.Context
+	ApiService    RoleApi
+	roleIdOrLabel string
+	instance      *IamRole
+	retryCount    int32
+}
+
+func (r ApiReplaceRoleRequest) Instance(instance IamRole) ApiReplaceRoleRequest {
+	r.instance = &instance
+	return r
+}
+
+func (r ApiReplaceRoleRequest) Execute() (*IamRole, *APIResponse, error) {
+	return r.ApiService.ReplaceRoleExecute(r)
+}
+
+/*
+ReplaceRole Replace a Role
+
+Replaces a role by `roleIdOrLabel`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleIdOrLabel `id` or `label` of the role
+	@return ApiReplaceRoleRequest
+*/
+func (a *RoleApiService) ReplaceRole(ctx context.Context, roleIdOrLabel string) ApiReplaceRoleRequest {
+	return ApiReplaceRoleRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		roleIdOrLabel: roleIdOrLabel,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return IamRole
+func (a *RoleApiService) ReplaceRoleExecute(r ApiReplaceRoleRequest) (*IamRole, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *IamRole
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleApiService.ReplaceRole")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/iam/roles/{roleIdOrLabel}"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleIdOrLabel"+"}", url.PathEscape(parameterToString(r.roleIdOrLabel, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.instance == nil {
+		return localVarReturnValue, nil, reportError("instance is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.instance
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_role_assignment.go b/okta/api_role_assignment.go
new file mode 100644
index 000000000..34f14e9fe
--- /dev/null
+++ b/okta/api_role_assignment.go
@@ -0,0 +1,1564 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type RoleAssignmentApi interface {
+	/*
+		AssignRoleToGroup Assign a Role to a Group
+
+		Assigns a role to a group
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiAssignRoleToGroupRequest
+	*/
+	AssignRoleToGroup(ctx context.Context, groupId string) ApiAssignRoleToGroupRequest
+
+	// AssignRoleToGroupExecute executes the request
+	//  @return Role
+	AssignRoleToGroupExecute(r ApiAssignRoleToGroupRequest) (*Role, *APIResponse, error)
+
+	/*
+		AssignRoleToUser Assign a Role to a User
+
+		Assigns a role to a user identified by `userId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiAssignRoleToUserRequest
+	*/
+	AssignRoleToUser(ctx context.Context, userId string) ApiAssignRoleToUserRequest
+
+	// AssignRoleToUserExecute executes the request
+	//  @return Role
+	AssignRoleToUserExecute(r ApiAssignRoleToUserRequest) (*Role, *APIResponse, error)
+
+	/*
+		GetGroupAssignedRole Retrieve a Role assigned to Group
+
+		Retrieves a role identified by `roleId` assigned to group identified by `groupId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@return ApiGetGroupAssignedRoleRequest
+	*/
+	GetGroupAssignedRole(ctx context.Context, groupId string, roleId string) ApiGetGroupAssignedRoleRequest
+
+	// GetGroupAssignedRoleExecute executes the request
+	//  @return Role
+	GetGroupAssignedRoleExecute(r ApiGetGroupAssignedRoleRequest) (*Role, *APIResponse, error)
+
+	/*
+		GetUserAssignedRole Retrieve a Role assigned to a User
+
+		Retrieves a role identified by `roleId` assigned to a user identified by `userId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@return ApiGetUserAssignedRoleRequest
+	*/
+	GetUserAssignedRole(ctx context.Context, userId string, roleId string) ApiGetUserAssignedRoleRequest
+
+	// GetUserAssignedRoleExecute executes the request
+	//  @return Role
+	GetUserAssignedRoleExecute(r ApiGetUserAssignedRoleRequest) (*Role, *APIResponse, error)
+
+	/*
+		ListAssignedRolesForUser List all Roles assigned to a User
+
+		Lists all roles assigned to a user identified by `userId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListAssignedRolesForUserRequest
+	*/
+	ListAssignedRolesForUser(ctx context.Context, userId string) ApiListAssignedRolesForUserRequest
+
+	// ListAssignedRolesForUserExecute executes the request
+	//  @return []Role
+	ListAssignedRolesForUserExecute(r ApiListAssignedRolesForUserRequest) ([]Role, *APIResponse, error)
+
+	/*
+		ListGroupAssignedRoles List all Assigned Roles of Group
+
+		Lists all assigned roles of group identified by `groupId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@return ApiListGroupAssignedRolesRequest
+	*/
+	ListGroupAssignedRoles(ctx context.Context, groupId string) ApiListGroupAssignedRolesRequest
+
+	// ListGroupAssignedRolesExecute executes the request
+	//  @return []Role
+	ListGroupAssignedRolesExecute(r ApiListGroupAssignedRolesRequest) ([]Role, *APIResponse, error)
+
+	/*
+		UnassignRoleFromGroup Unassign a Role from a Group
+
+		Unassigns a role identified by `roleId` assigned to group identified by `groupId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@return ApiUnassignRoleFromGroupRequest
+	*/
+	UnassignRoleFromGroup(ctx context.Context, groupId string, roleId string) ApiUnassignRoleFromGroupRequest
+
+	// UnassignRoleFromGroupExecute executes the request
+	UnassignRoleFromGroupExecute(r ApiUnassignRoleFromGroupRequest) (*APIResponse, error)
+
+	/*
+		UnassignRoleFromUser Unassign a Role from a User
+
+		Unassigns a role identified by `roleId` from a user identified by `userId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@return ApiUnassignRoleFromUserRequest
+	*/
+	UnassignRoleFromUser(ctx context.Context, userId string, roleId string) ApiUnassignRoleFromUserRequest
+
+	// UnassignRoleFromUserExecute executes the request
+	UnassignRoleFromUserExecute(r ApiUnassignRoleFromUserRequest) (*APIResponse, error)
+}
+
+// RoleAssignmentApiService RoleAssignmentApi service
+type RoleAssignmentApiService service
+
+type ApiAssignRoleToGroupRequest struct {
+	ctx                  context.Context
+	ApiService           RoleAssignmentApi
+	groupId              string
+	assignRoleRequest    *AssignRoleRequest
+	disableNotifications *bool
+	retryCount           int32
+}
+
+func (r ApiAssignRoleToGroupRequest) AssignRoleRequest(assignRoleRequest AssignRoleRequest) ApiAssignRoleToGroupRequest {
+	r.assignRoleRequest = &assignRoleRequest
+	return r
+}
+
+// Setting this to &#x60;true&#x60; grants the group third-party admin status
+func (r ApiAssignRoleToGroupRequest) DisableNotifications(disableNotifications bool) ApiAssignRoleToGroupRequest {
+	r.disableNotifications = &disableNotifications
+	return r
+}
+
+func (r ApiAssignRoleToGroupRequest) Execute() (*Role, *APIResponse, error) {
+	return r.ApiService.AssignRoleToGroupExecute(r)
+}
+
+/*
+AssignRoleToGroup Assign a Role to a Group
+
+Assigns a role to a group
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiAssignRoleToGroupRequest
+*/
+func (a *RoleAssignmentApiService) AssignRoleToGroup(ctx context.Context, groupId string) ApiAssignRoleToGroupRequest {
+	return ApiAssignRoleToGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Role
+func (a *RoleAssignmentApiService) AssignRoleToGroupExecute(r ApiAssignRoleToGroupRequest) (*Role, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Role
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.AssignRoleToGroup")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.assignRoleRequest == nil {
+		return localVarReturnValue, nil, reportError("assignRoleRequest is required and must be specified")
+	}
+
+	if r.disableNotifications != nil {
+		localVarQueryParams.Add("disableNotifications", parameterToString(*r.disableNotifications, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.assignRoleRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiAssignRoleToUserRequest struct {
+	ctx                  context.Context
+	ApiService           RoleAssignmentApi
+	userId               string
+	assignRoleRequest    *AssignRoleRequest
+	disableNotifications *bool
+	retryCount           int32
+}
+
+func (r ApiAssignRoleToUserRequest) AssignRoleRequest(assignRoleRequest AssignRoleRequest) ApiAssignRoleToUserRequest {
+	r.assignRoleRequest = &assignRoleRequest
+	return r
+}
+
+// Setting this to &#x60;true&#x60; grants the user third-party admin status
+func (r ApiAssignRoleToUserRequest) DisableNotifications(disableNotifications bool) ApiAssignRoleToUserRequest {
+	r.disableNotifications = &disableNotifications
+	return r
+}
+
+func (r ApiAssignRoleToUserRequest) Execute() (*Role, *APIResponse, error) {
+	return r.ApiService.AssignRoleToUserExecute(r)
+}
+
+/*
+AssignRoleToUser Assign a Role to a User
+
+Assigns a role to a user identified by `userId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiAssignRoleToUserRequest
+*/
+func (a *RoleAssignmentApiService) AssignRoleToUser(ctx context.Context, userId string) ApiAssignRoleToUserRequest {
+	return ApiAssignRoleToUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Role
+func (a *RoleAssignmentApiService) AssignRoleToUserExecute(r ApiAssignRoleToUserRequest) (*Role, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Role
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.AssignRoleToUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.assignRoleRequest == nil {
+		return localVarReturnValue, nil, reportError("assignRoleRequest is required and must be specified")
+	}
+
+	if r.disableNotifications != nil {
+		localVarQueryParams.Add("disableNotifications", parameterToString(*r.disableNotifications, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.assignRoleRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetGroupAssignedRoleRequest struct {
+	ctx        context.Context
+	ApiService RoleAssignmentApi
+	groupId    string
+	roleId     string
+	retryCount int32
+}
+
+func (r ApiGetGroupAssignedRoleRequest) Execute() (*Role, *APIResponse, error) {
+	return r.ApiService.GetGroupAssignedRoleExecute(r)
+}
+
+/*
+GetGroupAssignedRole Retrieve a Role assigned to Group
+
+Retrieves a role identified by `roleId` assigned to group identified by `groupId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@return ApiGetGroupAssignedRoleRequest
+*/
+func (a *RoleAssignmentApiService) GetGroupAssignedRole(ctx context.Context, groupId string, roleId string) ApiGetGroupAssignedRoleRequest {
+	return ApiGetGroupAssignedRoleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Role
+func (a *RoleAssignmentApiService) GetGroupAssignedRoleExecute(r ApiGetGroupAssignedRoleRequest) (*Role, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Role
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.GetGroupAssignedRole")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetUserAssignedRoleRequest struct {
+	ctx        context.Context
+	ApiService RoleAssignmentApi
+	userId     string
+	roleId     string
+	retryCount int32
+}
+
+func (r ApiGetUserAssignedRoleRequest) Execute() (*Role, *APIResponse, error) {
+	return r.ApiService.GetUserAssignedRoleExecute(r)
+}
+
+/*
+GetUserAssignedRole Retrieve a Role assigned to a User
+
+Retrieves a role identified by `roleId` assigned to a user identified by `userId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@return ApiGetUserAssignedRoleRequest
+*/
+func (a *RoleAssignmentApiService) GetUserAssignedRole(ctx context.Context, userId string, roleId string) ApiGetUserAssignedRoleRequest {
+	return ApiGetUserAssignedRoleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Role
+func (a *RoleAssignmentApiService) GetUserAssignedRoleExecute(r ApiGetUserAssignedRoleRequest) (*Role, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Role
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.GetUserAssignedRole")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAssignedRolesForUserRequest struct {
+	ctx        context.Context
+	ApiService RoleAssignmentApi
+	userId     string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiListAssignedRolesForUserRequest) Expand(expand string) ApiListAssignedRolesForUserRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListAssignedRolesForUserRequest) Execute() ([]Role, *APIResponse, error) {
+	return r.ApiService.ListAssignedRolesForUserExecute(r)
+}
+
+/*
+ListAssignedRolesForUser List all Roles assigned to a User
+
+Lists all roles assigned to a user identified by `userId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListAssignedRolesForUserRequest
+*/
+func (a *RoleAssignmentApiService) ListAssignedRolesForUser(ctx context.Context, userId string) ApiListAssignedRolesForUserRequest {
+	return ApiListAssignedRolesForUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Role
+func (a *RoleAssignmentApiService) ListAssignedRolesForUserExecute(r ApiListAssignedRolesForUserRequest) ([]Role, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Role
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.ListAssignedRolesForUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGroupAssignedRolesRequest struct {
+	ctx        context.Context
+	ApiService RoleAssignmentApi
+	groupId    string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiListGroupAssignedRolesRequest) Expand(expand string) ApiListGroupAssignedRolesRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListGroupAssignedRolesRequest) Execute() ([]Role, *APIResponse, error) {
+	return r.ApiService.ListGroupAssignedRolesExecute(r)
+}
+
+/*
+ListGroupAssignedRoles List all Assigned Roles of Group
+
+Lists all assigned roles of group identified by `groupId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@return ApiListGroupAssignedRolesRequest
+*/
+func (a *RoleAssignmentApiService) ListGroupAssignedRoles(ctx context.Context, groupId string) ApiListGroupAssignedRolesRequest {
+	return ApiListGroupAssignedRolesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Role
+func (a *RoleAssignmentApiService) ListGroupAssignedRolesExecute(r ApiListGroupAssignedRolesRequest) ([]Role, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Role
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.ListGroupAssignedRoles")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUnassignRoleFromGroupRequest struct {
+	ctx        context.Context
+	ApiService RoleAssignmentApi
+	groupId    string
+	roleId     string
+	retryCount int32
+}
+
+func (r ApiUnassignRoleFromGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignRoleFromGroupExecute(r)
+}
+
+/*
+UnassignRoleFromGroup Unassign a Role from a Group
+
+Unassigns a role identified by `roleId` assigned to group identified by `groupId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@return ApiUnassignRoleFromGroupRequest
+*/
+func (a *RoleAssignmentApiService) UnassignRoleFromGroup(ctx context.Context, groupId string, roleId string) ApiUnassignRoleFromGroupRequest {
+	return ApiUnassignRoleFromGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleAssignmentApiService) UnassignRoleFromGroupExecute(r ApiUnassignRoleFromGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.UnassignRoleFromGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignRoleFromUserRequest struct {
+	ctx        context.Context
+	ApiService RoleAssignmentApi
+	userId     string
+	roleId     string
+	retryCount int32
+}
+
+func (r ApiUnassignRoleFromUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignRoleFromUserExecute(r)
+}
+
+/*
+UnassignRoleFromUser Unassign a Role from a User
+
+Unassigns a role identified by `roleId` from a user identified by `userId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@return ApiUnassignRoleFromUserRequest
+*/
+func (a *RoleAssignmentApiService) UnassignRoleFromUser(ctx context.Context, userId string, roleId string) ApiUnassignRoleFromUserRequest {
+	return ApiUnassignRoleFromUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleAssignmentApiService) UnassignRoleFromUserExecute(r ApiUnassignRoleFromUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleAssignmentApiService.UnassignRoleFromUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_role_target.go b/okta/api_role_target.go
new file mode 100644
index 000000000..725879e15
--- /dev/null
+++ b/okta/api_role_target.go
@@ -0,0 +1,3172 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type RoleTargetApi interface {
+	/*
+		AssignAllAppsAsTargetToRoleForUser Assign all Apps as Target to Role
+
+		Assigns all Apps as Target to Role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@return ApiAssignAllAppsAsTargetToRoleForUserRequest
+	*/
+	AssignAllAppsAsTargetToRoleForUser(ctx context.Context, userId string, roleId string) ApiAssignAllAppsAsTargetToRoleForUserRequest
+
+	// AssignAllAppsAsTargetToRoleForUserExecute executes the request
+	AssignAllAppsAsTargetToRoleForUserExecute(r ApiAssignAllAppsAsTargetToRoleForUserRequest) (*APIResponse, error)
+
+	/*
+		AssignAppInstanceTargetToAppAdminRoleForGroup Assign an Application Instance Target to Application Administrator Role
+
+		Assigns App Instance Target to App Administrator Role given to a Group
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@param appName
+		@param applicationId
+		@return ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest
+	*/
+	AssignAppInstanceTargetToAppAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string, applicationId string) ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest
+
+	// AssignAppInstanceTargetToAppAdminRoleForGroupExecute executes the request
+	AssignAppInstanceTargetToAppAdminRoleForGroupExecute(r ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest) (*APIResponse, error)
+
+	/*
+		AssignAppInstanceTargetToAppAdminRoleForUser Assign an Application Instance Target to an Application Administrator Role
+
+		Assigns anapplication instance target to appplication administrator role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@param appName
+		@param applicationId
+		@return ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest
+	*/
+	AssignAppInstanceTargetToAppAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string, applicationId string) ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest
+
+	// AssignAppInstanceTargetToAppAdminRoleForUserExecute executes the request
+	AssignAppInstanceTargetToAppAdminRoleForUserExecute(r ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest) (*APIResponse, error)
+
+	/*
+		AssignAppTargetToAdminRoleForGroup Assign an Application Target to Administrator Role
+
+		Assigns an application target to administrator role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@param appName
+		@return ApiAssignAppTargetToAdminRoleForGroupRequest
+	*/
+	AssignAppTargetToAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string) ApiAssignAppTargetToAdminRoleForGroupRequest
+
+	// AssignAppTargetToAdminRoleForGroupExecute executes the request
+	AssignAppTargetToAdminRoleForGroupExecute(r ApiAssignAppTargetToAdminRoleForGroupRequest) (*APIResponse, error)
+
+	/*
+		AssignAppTargetToAdminRoleForUser Assign an Application Target to Administrator Role
+
+		Assigns an application target to administrator role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@param appName
+		@return ApiAssignAppTargetToAdminRoleForUserRequest
+	*/
+	AssignAppTargetToAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string) ApiAssignAppTargetToAdminRoleForUserRequest
+
+	// AssignAppTargetToAdminRoleForUserExecute executes the request
+	AssignAppTargetToAdminRoleForUserExecute(r ApiAssignAppTargetToAdminRoleForUserRequest) (*APIResponse, error)
+
+	/*
+		AssignGroupTargetToGroupAdminRole Assign a Group Target to a Group Role
+
+		Assigns a group target to a group role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@param targetGroupId
+		@return ApiAssignGroupTargetToGroupAdminRoleRequest
+	*/
+	AssignGroupTargetToGroupAdminRole(ctx context.Context, groupId string, roleId string, targetGroupId string) ApiAssignGroupTargetToGroupAdminRoleRequest
+
+	// AssignGroupTargetToGroupAdminRoleExecute executes the request
+	AssignGroupTargetToGroupAdminRoleExecute(r ApiAssignGroupTargetToGroupAdminRoleRequest) (*APIResponse, error)
+
+	/*
+		AssignGroupTargetToUserRole Assign a Group Target to Role
+
+		Assigns a Group Target to Role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@param groupId
+		@return ApiAssignGroupTargetToUserRoleRequest
+	*/
+	AssignGroupTargetToUserRole(ctx context.Context, userId string, roleId string, groupId string) ApiAssignGroupTargetToUserRoleRequest
+
+	// AssignGroupTargetToUserRoleExecute executes the request
+	AssignGroupTargetToUserRoleExecute(r ApiAssignGroupTargetToUserRoleRequest) (*APIResponse, error)
+
+	/*
+		ListApplicationTargetsForApplicationAdministratorRoleForGroup List all Application Targets for an Application Administrator Role
+
+		Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@return ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest
+	*/
+	ListApplicationTargetsForApplicationAdministratorRoleForGroup(ctx context.Context, groupId string, roleId string) ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest
+
+	// ListApplicationTargetsForApplicationAdministratorRoleForGroupExecute executes the request
+	//  @return []CatalogApplication
+	ListApplicationTargetsForApplicationAdministratorRoleForGroupExecute(r ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest) ([]CatalogApplication, *APIResponse, error)
+
+	/*
+		ListApplicationTargetsForApplicationAdministratorRoleForUser List all Application Targets for Application Administrator Role
+
+		Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@return ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest
+	*/
+	ListApplicationTargetsForApplicationAdministratorRoleForUser(ctx context.Context, userId string, roleId string) ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest
+
+	// ListApplicationTargetsForApplicationAdministratorRoleForUserExecute executes the request
+	//  @return []CatalogApplication
+	ListApplicationTargetsForApplicationAdministratorRoleForUserExecute(r ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest) ([]CatalogApplication, *APIResponse, error)
+
+	/*
+		ListGroupTargetsForGroupRole List all Group Targets for a Group Role
+
+		Lists all group targets for a group role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@return ApiListGroupTargetsForGroupRoleRequest
+	*/
+	ListGroupTargetsForGroupRole(ctx context.Context, groupId string, roleId string) ApiListGroupTargetsForGroupRoleRequest
+
+	// ListGroupTargetsForGroupRoleExecute executes the request
+	//  @return []Group
+	ListGroupTargetsForGroupRoleExecute(r ApiListGroupTargetsForGroupRoleRequest) ([]Group, *APIResponse, error)
+
+	/*
+		ListGroupTargetsForRole List all Group Targets for Role
+
+		Lists all group targets for role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@return ApiListGroupTargetsForRoleRequest
+	*/
+	ListGroupTargetsForRole(ctx context.Context, userId string, roleId string) ApiListGroupTargetsForRoleRequest
+
+	// ListGroupTargetsForRoleExecute executes the request
+	//  @return []Group
+	ListGroupTargetsForRoleExecute(r ApiListGroupTargetsForRoleRequest) ([]Group, *APIResponse, error)
+
+	/*
+		UnassignAppInstanceTargetFromAdminRoleForUser Unassign an Application Instance Target from an Application Administrator Role
+
+		Unassigns an application instance target from an application administrator role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@param appName
+		@param applicationId
+		@return ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest
+	*/
+	UnassignAppInstanceTargetFromAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string, applicationId string) ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest
+
+	// UnassignAppInstanceTargetFromAdminRoleForUserExecute executes the request
+	UnassignAppInstanceTargetFromAdminRoleForUserExecute(r ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest) (*APIResponse, error)
+
+	/*
+		UnassignAppInstanceTargetToAppAdminRoleForGroup Unassign an Application Instance Target from an Application Administrator Role
+
+		Unassigns an application instance target from application administrator role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@param appName
+		@param applicationId
+		@return ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest
+	*/
+	UnassignAppInstanceTargetToAppAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string, applicationId string) ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest
+
+	// UnassignAppInstanceTargetToAppAdminRoleForGroupExecute executes the request
+	UnassignAppInstanceTargetToAppAdminRoleForGroupExecute(r ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest) (*APIResponse, error)
+
+	/*
+		UnassignAppTargetFromAppAdminRoleForUser Unassign an Application Target from an Application Administrator Role
+
+		Unassigns an application target from application administrator role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@param appName
+		@return ApiUnassignAppTargetFromAppAdminRoleForUserRequest
+	*/
+	UnassignAppTargetFromAppAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string) ApiUnassignAppTargetFromAppAdminRoleForUserRequest
+
+	// UnassignAppTargetFromAppAdminRoleForUserExecute executes the request
+	UnassignAppTargetFromAppAdminRoleForUserExecute(r ApiUnassignAppTargetFromAppAdminRoleForUserRequest) (*APIResponse, error)
+
+	/*
+		UnassignAppTargetToAdminRoleForGroup Unassign an Application Target from Application Administrator Role
+
+		Unassigns an application target from application administrator role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@param appName
+		@return ApiUnassignAppTargetToAdminRoleForGroupRequest
+	*/
+	UnassignAppTargetToAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string) ApiUnassignAppTargetToAdminRoleForGroupRequest
+
+	// UnassignAppTargetToAdminRoleForGroupExecute executes the request
+	UnassignAppTargetToAdminRoleForGroupExecute(r ApiUnassignAppTargetToAdminRoleForGroupRequest) (*APIResponse, error)
+
+	/*
+		UnassignGroupTargetFromGroupAdminRole Unassign a Group Target from a Group Role
+
+		Unassigns a group target from a group role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param groupId
+		@param roleId
+		@param targetGroupId
+		@return ApiUnassignGroupTargetFromGroupAdminRoleRequest
+	*/
+	UnassignGroupTargetFromGroupAdminRole(ctx context.Context, groupId string, roleId string, targetGroupId string) ApiUnassignGroupTargetFromGroupAdminRoleRequest
+
+	// UnassignGroupTargetFromGroupAdminRoleExecute executes the request
+	UnassignGroupTargetFromGroupAdminRoleExecute(r ApiUnassignGroupTargetFromGroupAdminRoleRequest) (*APIResponse, error)
+
+	/*
+		UnassignGroupTargetFromUserAdminRole Unassign a Group Target from Role
+
+		Unassigns a Group Target from Role
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param roleId
+		@param groupId
+		@return ApiUnassignGroupTargetFromUserAdminRoleRequest
+	*/
+	UnassignGroupTargetFromUserAdminRole(ctx context.Context, userId string, roleId string, groupId string) ApiUnassignGroupTargetFromUserAdminRoleRequest
+
+	// UnassignGroupTargetFromUserAdminRoleExecute executes the request
+	UnassignGroupTargetFromUserAdminRoleExecute(r ApiUnassignGroupTargetFromUserAdminRoleRequest) (*APIResponse, error)
+}
+
+// RoleTargetApiService RoleTargetApi service
+type RoleTargetApiService service
+
+type ApiAssignAllAppsAsTargetToRoleForUserRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	userId     string
+	roleId     string
+	retryCount int32
+}
+
+func (r ApiAssignAllAppsAsTargetToRoleForUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignAllAppsAsTargetToRoleForUserExecute(r)
+}
+
+/*
+AssignAllAppsAsTargetToRoleForUser Assign all Apps as Target to Role
+
+Assigns all Apps as Target to Role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@return ApiAssignAllAppsAsTargetToRoleForUserRequest
+*/
+func (a *RoleTargetApiService) AssignAllAppsAsTargetToRoleForUser(ctx context.Context, userId string, roleId string) ApiAssignAllAppsAsTargetToRoleForUserRequest {
+	return ApiAssignAllAppsAsTargetToRoleForUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) AssignAllAppsAsTargetToRoleForUserExecute(r ApiAssignAllAppsAsTargetToRoleForUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.AssignAllAppsAsTargetToRoleForUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest struct {
+	ctx           context.Context
+	ApiService    RoleTargetApi
+	groupId       string
+	roleId        string
+	appName       string
+	applicationId string
+	retryCount    int32
+}
+
+func (r ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignAppInstanceTargetToAppAdminRoleForGroupExecute(r)
+}
+
+/*
+AssignAppInstanceTargetToAppAdminRoleForGroup Assign an Application Instance Target to Application Administrator Role
+
+Assigns App Instance Target to App Administrator Role given to a Group
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@param appName
+	@param applicationId
+	@return ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest
+*/
+func (a *RoleTargetApiService) AssignAppInstanceTargetToAppAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string, applicationId string) ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest {
+	return ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		groupId:       groupId,
+		roleId:        roleId,
+		appName:       appName,
+		applicationId: applicationId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) AssignAppInstanceTargetToAppAdminRoleForGroupExecute(r ApiAssignAppInstanceTargetToAppAdminRoleForGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.AssignAppInstanceTargetToAppAdminRoleForGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"applicationId"+"}", url.PathEscape(parameterToString(r.applicationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest struct {
+	ctx           context.Context
+	ApiService    RoleTargetApi
+	userId        string
+	roleId        string
+	appName       string
+	applicationId string
+	retryCount    int32
+}
+
+func (r ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignAppInstanceTargetToAppAdminRoleForUserExecute(r)
+}
+
+/*
+AssignAppInstanceTargetToAppAdminRoleForUser Assign an Application Instance Target to an Application Administrator Role
+
+Assigns anapplication instance target to appplication administrator role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@param appName
+	@param applicationId
+	@return ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest
+*/
+func (a *RoleTargetApiService) AssignAppInstanceTargetToAppAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string, applicationId string) ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest {
+	return ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		userId:        userId,
+		roleId:        roleId,
+		appName:       appName,
+		applicationId: applicationId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) AssignAppInstanceTargetToAppAdminRoleForUserExecute(r ApiAssignAppInstanceTargetToAppAdminRoleForUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.AssignAppInstanceTargetToAppAdminRoleForUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"applicationId"+"}", url.PathEscape(parameterToString(r.applicationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignAppTargetToAdminRoleForGroupRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	groupId    string
+	roleId     string
+	appName    string
+	retryCount int32
+}
+
+func (r ApiAssignAppTargetToAdminRoleForGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignAppTargetToAdminRoleForGroupExecute(r)
+}
+
+/*
+AssignAppTargetToAdminRoleForGroup Assign an Application Target to Administrator Role
+
+Assigns an application target to administrator role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@param appName
+	@return ApiAssignAppTargetToAdminRoleForGroupRequest
+*/
+func (a *RoleTargetApiService) AssignAppTargetToAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string) ApiAssignAppTargetToAdminRoleForGroupRequest {
+	return ApiAssignAppTargetToAdminRoleForGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		roleId:     roleId,
+		appName:    appName,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) AssignAppTargetToAdminRoleForGroupExecute(r ApiAssignAppTargetToAdminRoleForGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.AssignAppTargetToAdminRoleForGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignAppTargetToAdminRoleForUserRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	userId     string
+	roleId     string
+	appName    string
+	retryCount int32
+}
+
+func (r ApiAssignAppTargetToAdminRoleForUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignAppTargetToAdminRoleForUserExecute(r)
+}
+
+/*
+AssignAppTargetToAdminRoleForUser Assign an Application Target to Administrator Role
+
+Assigns an application target to administrator role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@param appName
+	@return ApiAssignAppTargetToAdminRoleForUserRequest
+*/
+func (a *RoleTargetApiService) AssignAppTargetToAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string) ApiAssignAppTargetToAdminRoleForUserRequest {
+	return ApiAssignAppTargetToAdminRoleForUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		appName:    appName,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) AssignAppTargetToAdminRoleForUserExecute(r ApiAssignAppTargetToAdminRoleForUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.AssignAppTargetToAdminRoleForUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignGroupTargetToGroupAdminRoleRequest struct {
+	ctx           context.Context
+	ApiService    RoleTargetApi
+	groupId       string
+	roleId        string
+	targetGroupId string
+	retryCount    int32
+}
+
+func (r ApiAssignGroupTargetToGroupAdminRoleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignGroupTargetToGroupAdminRoleExecute(r)
+}
+
+/*
+AssignGroupTargetToGroupAdminRole Assign a Group Target to a Group Role
+
+Assigns a group target to a group role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@param targetGroupId
+	@return ApiAssignGroupTargetToGroupAdminRoleRequest
+*/
+func (a *RoleTargetApiService) AssignGroupTargetToGroupAdminRole(ctx context.Context, groupId string, roleId string, targetGroupId string) ApiAssignGroupTargetToGroupAdminRoleRequest {
+	return ApiAssignGroupTargetToGroupAdminRoleRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		groupId:       groupId,
+		roleId:        roleId,
+		targetGroupId: targetGroupId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) AssignGroupTargetToGroupAdminRoleExecute(r ApiAssignGroupTargetToGroupAdminRoleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.AssignGroupTargetToGroupAdminRole")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"targetGroupId"+"}", url.PathEscape(parameterToString(r.targetGroupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiAssignGroupTargetToUserRoleRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	userId     string
+	roleId     string
+	groupId    string
+	retryCount int32
+}
+
+func (r ApiAssignGroupTargetToUserRoleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.AssignGroupTargetToUserRoleExecute(r)
+}
+
+/*
+AssignGroupTargetToUserRole Assign a Group Target to Role
+
+Assigns a Group Target to Role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@param groupId
+	@return ApiAssignGroupTargetToUserRoleRequest
+*/
+func (a *RoleTargetApiService) AssignGroupTargetToUserRole(ctx context.Context, userId string, roleId string, groupId string) ApiAssignGroupTargetToUserRoleRequest {
+	return ApiAssignGroupTargetToUserRoleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) AssignGroupTargetToUserRoleExecute(r ApiAssignGroupTargetToUserRoleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.AssignGroupTargetToUserRole")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	groupId    string
+	roleId     string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest) After(after string) ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest) Limit(limit int32) ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest) Execute() ([]CatalogApplication, *APIResponse, error) {
+	return r.ApiService.ListApplicationTargetsForApplicationAdministratorRoleForGroupExecute(r)
+}
+
+/*
+ListApplicationTargetsForApplicationAdministratorRoleForGroup List all Application Targets for an Application Administrator Role
+
+Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@return ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest
+*/
+func (a *RoleTargetApiService) ListApplicationTargetsForApplicationAdministratorRoleForGroup(ctx context.Context, groupId string, roleId string) ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest {
+	return ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []CatalogApplication
+func (a *RoleTargetApiService) ListApplicationTargetsForApplicationAdministratorRoleForGroupExecute(r ApiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest) ([]CatalogApplication, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []CatalogApplication
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.ListApplicationTargetsForApplicationAdministratorRoleForGroup")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	userId     string
+	roleId     string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest) After(after string) ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest) Limit(limit int32) ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest) Execute() ([]CatalogApplication, *APIResponse, error) {
+	return r.ApiService.ListApplicationTargetsForApplicationAdministratorRoleForUserExecute(r)
+}
+
+/*
+ListApplicationTargetsForApplicationAdministratorRoleForUser List all Application Targets for Application Administrator Role
+
+Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@return ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest
+*/
+func (a *RoleTargetApiService) ListApplicationTargetsForApplicationAdministratorRoleForUser(ctx context.Context, userId string, roleId string) ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest {
+	return ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []CatalogApplication
+func (a *RoleTargetApiService) ListApplicationTargetsForApplicationAdministratorRoleForUserExecute(r ApiListApplicationTargetsForApplicationAdministratorRoleForUserRequest) ([]CatalogApplication, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []CatalogApplication
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.ListApplicationTargetsForApplicationAdministratorRoleForUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGroupTargetsForGroupRoleRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	groupId    string
+	roleId     string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListGroupTargetsForGroupRoleRequest) After(after string) ApiListGroupTargetsForGroupRoleRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListGroupTargetsForGroupRoleRequest) Limit(limit int32) ApiListGroupTargetsForGroupRoleRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListGroupTargetsForGroupRoleRequest) Execute() ([]Group, *APIResponse, error) {
+	return r.ApiService.ListGroupTargetsForGroupRoleExecute(r)
+}
+
+/*
+ListGroupTargetsForGroupRole List all Group Targets for a Group Role
+
+Lists all group targets for a group role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@return ApiListGroupTargetsForGroupRoleRequest
+*/
+func (a *RoleTargetApiService) ListGroupTargetsForGroupRole(ctx context.Context, groupId string, roleId string) ApiListGroupTargetsForGroupRoleRequest {
+	return ApiListGroupTargetsForGroupRoleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Group
+func (a *RoleTargetApiService) ListGroupTargetsForGroupRoleExecute(r ApiListGroupTargetsForGroupRoleRequest) ([]Group, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Group
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.ListGroupTargetsForGroupRole")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/groups"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGroupTargetsForRoleRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	userId     string
+	roleId     string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListGroupTargetsForRoleRequest) After(after string) ApiListGroupTargetsForRoleRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListGroupTargetsForRoleRequest) Limit(limit int32) ApiListGroupTargetsForRoleRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListGroupTargetsForRoleRequest) Execute() ([]Group, *APIResponse, error) {
+	return r.ApiService.ListGroupTargetsForRoleExecute(r)
+}
+
+/*
+ListGroupTargetsForRole List all Group Targets for Role
+
+Lists all group targets for role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@return ApiListGroupTargetsForRoleRequest
+*/
+func (a *RoleTargetApiService) ListGroupTargetsForRole(ctx context.Context, userId string, roleId string) ApiListGroupTargetsForRoleRequest {
+	return ApiListGroupTargetsForRoleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Group
+func (a *RoleTargetApiService) ListGroupTargetsForRoleExecute(r ApiListGroupTargetsForRoleRequest) ([]Group, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Group
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.ListGroupTargetsForRole")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/groups"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest struct {
+	ctx           context.Context
+	ApiService    RoleTargetApi
+	userId        string
+	roleId        string
+	appName       string
+	applicationId string
+	retryCount    int32
+}
+
+func (r ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignAppInstanceTargetFromAdminRoleForUserExecute(r)
+}
+
+/*
+UnassignAppInstanceTargetFromAdminRoleForUser Unassign an Application Instance Target from an Application Administrator Role
+
+Unassigns an application instance target from an application administrator role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@param appName
+	@param applicationId
+	@return ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest
+*/
+func (a *RoleTargetApiService) UnassignAppInstanceTargetFromAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string, applicationId string) ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest {
+	return ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		userId:        userId,
+		roleId:        roleId,
+		appName:       appName,
+		applicationId: applicationId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) UnassignAppInstanceTargetFromAdminRoleForUserExecute(r ApiUnassignAppInstanceTargetFromAdminRoleForUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.UnassignAppInstanceTargetFromAdminRoleForUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"applicationId"+"}", url.PathEscape(parameterToString(r.applicationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest struct {
+	ctx           context.Context
+	ApiService    RoleTargetApi
+	groupId       string
+	roleId        string
+	appName       string
+	applicationId string
+	retryCount    int32
+}
+
+func (r ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignAppInstanceTargetToAppAdminRoleForGroupExecute(r)
+}
+
+/*
+UnassignAppInstanceTargetToAppAdminRoleForGroup Unassign an Application Instance Target from an Application Administrator Role
+
+Unassigns an application instance target from application administrator role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@param appName
+	@param applicationId
+	@return ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest
+*/
+func (a *RoleTargetApiService) UnassignAppInstanceTargetToAppAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string, applicationId string) ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest {
+	return ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		groupId:       groupId,
+		roleId:        roleId,
+		appName:       appName,
+		applicationId: applicationId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) UnassignAppInstanceTargetToAppAdminRoleForGroupExecute(r ApiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.UnassignAppInstanceTargetToAppAdminRoleForGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"applicationId"+"}", url.PathEscape(parameterToString(r.applicationId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignAppTargetFromAppAdminRoleForUserRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	userId     string
+	roleId     string
+	appName    string
+	retryCount int32
+}
+
+func (r ApiUnassignAppTargetFromAppAdminRoleForUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignAppTargetFromAppAdminRoleForUserExecute(r)
+}
+
+/*
+UnassignAppTargetFromAppAdminRoleForUser Unassign an Application Target from an Application Administrator Role
+
+Unassigns an application target from application administrator role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@param appName
+	@return ApiUnassignAppTargetFromAppAdminRoleForUserRequest
+*/
+func (a *RoleTargetApiService) UnassignAppTargetFromAppAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string) ApiUnassignAppTargetFromAppAdminRoleForUserRequest {
+	return ApiUnassignAppTargetFromAppAdminRoleForUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		appName:    appName,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) UnassignAppTargetFromAppAdminRoleForUserExecute(r ApiUnassignAppTargetFromAppAdminRoleForUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.UnassignAppTargetFromAppAdminRoleForUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignAppTargetToAdminRoleForGroupRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	groupId    string
+	roleId     string
+	appName    string
+	retryCount int32
+}
+
+func (r ApiUnassignAppTargetToAdminRoleForGroupRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignAppTargetToAdminRoleForGroupExecute(r)
+}
+
+/*
+UnassignAppTargetToAdminRoleForGroup Unassign an Application Target from Application Administrator Role
+
+Unassigns an application target from application administrator role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@param appName
+	@return ApiUnassignAppTargetToAdminRoleForGroupRequest
+*/
+func (a *RoleTargetApiService) UnassignAppTargetToAdminRoleForGroup(ctx context.Context, groupId string, roleId string, appName string) ApiUnassignAppTargetToAdminRoleForGroupRequest {
+	return ApiUnassignAppTargetToAdminRoleForGroupRequest{
+		ApiService: a,
+		ctx:        ctx,
+		groupId:    groupId,
+		roleId:     roleId,
+		appName:    appName,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) UnassignAppTargetToAdminRoleForGroupExecute(r ApiUnassignAppTargetToAdminRoleForGroupRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.UnassignAppTargetToAdminRoleForGroup")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignGroupTargetFromGroupAdminRoleRequest struct {
+	ctx           context.Context
+	ApiService    RoleTargetApi
+	groupId       string
+	roleId        string
+	targetGroupId string
+	retryCount    int32
+}
+
+func (r ApiUnassignGroupTargetFromGroupAdminRoleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignGroupTargetFromGroupAdminRoleExecute(r)
+}
+
+/*
+UnassignGroupTargetFromGroupAdminRole Unassign a Group Target from a Group Role
+
+Unassigns a group target from a group role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param groupId
+	@param roleId
+	@param targetGroupId
+	@return ApiUnassignGroupTargetFromGroupAdminRoleRequest
+*/
+func (a *RoleTargetApiService) UnassignGroupTargetFromGroupAdminRole(ctx context.Context, groupId string, roleId string, targetGroupId string) ApiUnassignGroupTargetFromGroupAdminRoleRequest {
+	return ApiUnassignGroupTargetFromGroupAdminRoleRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		groupId:       groupId,
+		roleId:        roleId,
+		targetGroupId: targetGroupId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) UnassignGroupTargetFromGroupAdminRoleExecute(r ApiUnassignGroupTargetFromGroupAdminRoleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.UnassignGroupTargetFromGroupAdminRole")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"targetGroupId"+"}", url.PathEscape(parameterToString(r.targetGroupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnassignGroupTargetFromUserAdminRoleRequest struct {
+	ctx        context.Context
+	ApiService RoleTargetApi
+	userId     string
+	roleId     string
+	groupId    string
+	retryCount int32
+}
+
+func (r ApiUnassignGroupTargetFromUserAdminRoleRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnassignGroupTargetFromUserAdminRoleExecute(r)
+}
+
+/*
+UnassignGroupTargetFromUserAdminRole Unassign a Group Target from Role
+
+Unassigns a Group Target from Role
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param roleId
+	@param groupId
+	@return ApiUnassignGroupTargetFromUserAdminRoleRequest
+*/
+func (a *RoleTargetApiService) UnassignGroupTargetFromUserAdminRole(ctx context.Context, userId string, roleId string, groupId string) ApiUnassignGroupTargetFromUserAdminRoleRequest {
+	return ApiUnassignGroupTargetFromUserAdminRoleRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		roleId:     roleId,
+		groupId:    groupId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *RoleTargetApiService) UnassignGroupTargetFromUserAdminRoleExecute(r ApiUnassignGroupTargetFromUserAdminRoleRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "RoleTargetApiService.UnassignGroupTargetFromUserAdminRole")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"roleId"+"}", url.PathEscape(parameterToString(r.roleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"groupId"+"}", url.PathEscape(parameterToString(r.groupId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_schema.go b/okta/api_schema.go
new file mode 100644
index 000000000..3b6caf4bc
--- /dev/null
+++ b/okta/api_schema.go
@@ -0,0 +1,1681 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type SchemaApi interface {
+	/*
+		GetApplicationLayout Retrieve the UI Layout for an Application
+
+		Retrieves the UI layout for an application by `appName`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appName
+		@return ApiGetApplicationLayoutRequest
+	*/
+	GetApplicationLayout(ctx context.Context, appName string) ApiGetApplicationLayoutRequest
+
+	// GetApplicationLayoutExecute executes the request
+	//  @return ApplicationLayout
+	GetApplicationLayoutExecute(r ApiGetApplicationLayoutRequest) (*ApplicationLayout, *APIResponse, error)
+
+	/*
+		GetApplicationUserSchema Retrieve the default Application User Schema for an Application
+
+		Retrieves the Schema for an App User
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appInstanceId
+		@return ApiGetApplicationUserSchemaRequest
+	*/
+	GetApplicationUserSchema(ctx context.Context, appInstanceId string) ApiGetApplicationUserSchemaRequest
+
+	// GetApplicationUserSchemaExecute executes the request
+	//  @return UserSchema
+	GetApplicationUserSchemaExecute(r ApiGetApplicationUserSchemaRequest) (*UserSchema, *APIResponse, error)
+
+	/*
+		GetGroupSchema Retrieve the default Group Schema
+
+		Retrieves the group schema
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetGroupSchemaRequest
+	*/
+	GetGroupSchema(ctx context.Context) ApiGetGroupSchemaRequest
+
+	// GetGroupSchemaExecute executes the request
+	//  @return GroupSchema
+	GetGroupSchemaExecute(r ApiGetGroupSchemaRequest) (*GroupSchema, *APIResponse, error)
+
+	/*
+		GetLogStreamSchema Retrieve the Log Stream Schema for the schema type
+
+		Retrieves the schema for a Log Stream type. The `logStreamType` element in the URL specifies the Log Stream type, which is either `aws_eventbridge` or `splunk_cloud_logstreaming`. Use the `aws_eventbridge` literal to retrieve the AWS EventBridge type schema, and use the `splunk_cloud_logstreaming` literal retrieve the Splunk Cloud type schema.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param logStreamType
+		@return ApiGetLogStreamSchemaRequest
+	*/
+	GetLogStreamSchema(ctx context.Context, logStreamType LogStreamType) ApiGetLogStreamSchemaRequest
+
+	// GetLogStreamSchemaExecute executes the request
+	//  @return LogStreamSchema
+	GetLogStreamSchemaExecute(r ApiGetLogStreamSchemaRequest) (*LogStreamSchema, *APIResponse, error)
+
+	/*
+		GetUserSchema Retrieve a User Schema
+
+		Retrieves the schema for a Schema Id
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param schemaId
+		@return ApiGetUserSchemaRequest
+	*/
+	GetUserSchema(ctx context.Context, schemaId string) ApiGetUserSchemaRequest
+
+	// GetUserSchemaExecute executes the request
+	//  @return UserSchema
+	GetUserSchemaExecute(r ApiGetUserSchemaRequest) (*UserSchema, *APIResponse, error)
+
+	/*
+		ListLogStreamSchemas List the Log Stream Schemas
+
+		Lists the schema for all log stream types visible for this org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListLogStreamSchemasRequest
+	*/
+	ListLogStreamSchemas(ctx context.Context) ApiListLogStreamSchemasRequest
+
+	// ListLogStreamSchemasExecute executes the request
+	//  @return []LogStreamSchema
+	ListLogStreamSchemasExecute(r ApiListLogStreamSchemasRequest) ([]LogStreamSchema, *APIResponse, error)
+
+	/*
+		UpdateApplicationUserProfile Update the default Application User Schema for an Application
+
+		Partially updates on the User Profile properties of the Application User Schema
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param appInstanceId
+		@return ApiUpdateApplicationUserProfileRequest
+	*/
+	UpdateApplicationUserProfile(ctx context.Context, appInstanceId string) ApiUpdateApplicationUserProfileRequest
+
+	// UpdateApplicationUserProfileExecute executes the request
+	//  @return UserSchema
+	UpdateApplicationUserProfileExecute(r ApiUpdateApplicationUserProfileRequest) (*UserSchema, *APIResponse, error)
+
+	/*
+		UpdateGroupSchema Update the default Group Schema
+
+		Updates the default group schema. This updates, adds, or removes one or more custom Group Profile properties in the schema.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiUpdateGroupSchemaRequest
+	*/
+	UpdateGroupSchema(ctx context.Context) ApiUpdateGroupSchemaRequest
+
+	// UpdateGroupSchemaExecute executes the request
+	//  @return GroupSchema
+	UpdateGroupSchemaExecute(r ApiUpdateGroupSchemaRequest) (*GroupSchema, *APIResponse, error)
+
+	/*
+		UpdateUserProfile Update a User Schema
+
+		Partially updates on the User Profile properties of the user schema
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param schemaId
+		@return ApiUpdateUserProfileRequest
+	*/
+	UpdateUserProfile(ctx context.Context, schemaId string) ApiUpdateUserProfileRequest
+
+	// UpdateUserProfileExecute executes the request
+	//  @return UserSchema
+	UpdateUserProfileExecute(r ApiUpdateUserProfileRequest) (*UserSchema, *APIResponse, error)
+}
+
+// SchemaApiService SchemaApi service
+type SchemaApiService service
+
+type ApiGetApplicationLayoutRequest struct {
+	ctx        context.Context
+	ApiService SchemaApi
+	appName    string
+	retryCount int32
+}
+
+func (r ApiGetApplicationLayoutRequest) Execute() (*ApplicationLayout, *APIResponse, error) {
+	return r.ApiService.GetApplicationLayoutExecute(r)
+}
+
+/*
+GetApplicationLayout Retrieve the UI Layout for an Application
+
+Retrieves the UI layout for an application by `appName`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appName
+	@return ApiGetApplicationLayoutRequest
+*/
+func (a *SchemaApiService) GetApplicationLayout(ctx context.Context, appName string) ApiGetApplicationLayoutRequest {
+	return ApiGetApplicationLayoutRequest{
+		ApiService: a,
+		ctx:        ctx,
+		appName:    appName,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ApplicationLayout
+func (a *SchemaApiService) GetApplicationLayoutExecute(r ApiGetApplicationLayoutRequest) (*ApplicationLayout, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ApplicationLayout
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.GetApplicationLayout")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/layouts/apps/{appName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"appName"+"}", url.PathEscape(parameterToString(r.appName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetApplicationUserSchemaRequest struct {
+	ctx           context.Context
+	ApiService    SchemaApi
+	appInstanceId string
+	retryCount    int32
+}
+
+func (r ApiGetApplicationUserSchemaRequest) Execute() (*UserSchema, *APIResponse, error) {
+	return r.ApiService.GetApplicationUserSchemaExecute(r)
+}
+
+/*
+GetApplicationUserSchema Retrieve the default Application User Schema for an Application
+
+Retrieves the Schema for an App User
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appInstanceId
+	@return ApiGetApplicationUserSchemaRequest
+*/
+func (a *SchemaApiService) GetApplicationUserSchema(ctx context.Context, appInstanceId string) ApiGetApplicationUserSchemaRequest {
+	return ApiGetApplicationUserSchemaRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		appInstanceId: appInstanceId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserSchema
+func (a *SchemaApiService) GetApplicationUserSchemaExecute(r ApiGetApplicationUserSchemaRequest) (*UserSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.GetApplicationUserSchema")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/apps/{appInstanceId}/default"
+	localVarPath = strings.Replace(localVarPath, "{"+"appInstanceId"+"}", url.PathEscape(parameterToString(r.appInstanceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetGroupSchemaRequest struct {
+	ctx        context.Context
+	ApiService SchemaApi
+	retryCount int32
+}
+
+func (r ApiGetGroupSchemaRequest) Execute() (*GroupSchema, *APIResponse, error) {
+	return r.ApiService.GetGroupSchemaExecute(r)
+}
+
+/*
+GetGroupSchema Retrieve the default Group Schema
+
+Retrieves the group schema
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetGroupSchemaRequest
+*/
+func (a *SchemaApiService) GetGroupSchema(ctx context.Context) ApiGetGroupSchemaRequest {
+	return ApiGetGroupSchemaRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return GroupSchema
+func (a *SchemaApiService) GetGroupSchemaExecute(r ApiGetGroupSchemaRequest) (*GroupSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *GroupSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.GetGroupSchema")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/group/default"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetLogStreamSchemaRequest struct {
+	ctx           context.Context
+	ApiService    SchemaApi
+	logStreamType LogStreamType
+	retryCount    int32
+}
+
+func (r ApiGetLogStreamSchemaRequest) Execute() (*LogStreamSchema, *APIResponse, error) {
+	return r.ApiService.GetLogStreamSchemaExecute(r)
+}
+
+/*
+GetLogStreamSchema Retrieve the Log Stream Schema for the schema type
+
+Retrieves the schema for a Log Stream type. The `logStreamType` element in the URL specifies the Log Stream type, which is either `aws_eventbridge` or `splunk_cloud_logstreaming`. Use the `aws_eventbridge` literal to retrieve the AWS EventBridge type schema, and use the `splunk_cloud_logstreaming` literal retrieve the Splunk Cloud type schema.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param logStreamType
+	@return ApiGetLogStreamSchemaRequest
+*/
+func (a *SchemaApiService) GetLogStreamSchema(ctx context.Context, logStreamType LogStreamType) ApiGetLogStreamSchemaRequest {
+	return ApiGetLogStreamSchemaRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		logStreamType: logStreamType,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return LogStreamSchema
+func (a *SchemaApiService) GetLogStreamSchemaExecute(r ApiGetLogStreamSchemaRequest) (*LogStreamSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *LogStreamSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.GetLogStreamSchema")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/logStream/{logStreamType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"logStreamType"+"}", url.PathEscape(parameterToString(r.logStreamType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetUserSchemaRequest struct {
+	ctx        context.Context
+	ApiService SchemaApi
+	schemaId   string
+	retryCount int32
+}
+
+func (r ApiGetUserSchemaRequest) Execute() (*UserSchema, *APIResponse, error) {
+	return r.ApiService.GetUserSchemaExecute(r)
+}
+
+/*
+GetUserSchema Retrieve a User Schema
+
+Retrieves the schema for a Schema Id
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param schemaId
+	@return ApiGetUserSchemaRequest
+*/
+func (a *SchemaApiService) GetUserSchema(ctx context.Context, schemaId string) ApiGetUserSchemaRequest {
+	return ApiGetUserSchemaRequest{
+		ApiService: a,
+		ctx:        ctx,
+		schemaId:   schemaId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserSchema
+func (a *SchemaApiService) GetUserSchemaExecute(r ApiGetUserSchemaRequest) (*UserSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.GetUserSchema")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/user/{schemaId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"schemaId"+"}", url.PathEscape(parameterToString(r.schemaId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListLogStreamSchemasRequest struct {
+	ctx        context.Context
+	ApiService SchemaApi
+	retryCount int32
+}
+
+func (r ApiListLogStreamSchemasRequest) Execute() ([]LogStreamSchema, *APIResponse, error) {
+	return r.ApiService.ListLogStreamSchemasExecute(r)
+}
+
+/*
+ListLogStreamSchemas List the Log Stream Schemas
+
+Lists the schema for all log stream types visible for this org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListLogStreamSchemasRequest
+*/
+func (a *SchemaApiService) ListLogStreamSchemas(ctx context.Context) ApiListLogStreamSchemasRequest {
+	return ApiListLogStreamSchemasRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []LogStreamSchema
+func (a *SchemaApiService) ListLogStreamSchemasExecute(r ApiListLogStreamSchemasRequest) ([]LogStreamSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []LogStreamSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.ListLogStreamSchemas")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/logStream"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateApplicationUserProfileRequest struct {
+	ctx           context.Context
+	ApiService    SchemaApi
+	appInstanceId string
+	body          *UserSchema
+	retryCount    int32
+}
+
+func (r ApiUpdateApplicationUserProfileRequest) Body(body UserSchema) ApiUpdateApplicationUserProfileRequest {
+	r.body = &body
+	return r
+}
+
+func (r ApiUpdateApplicationUserProfileRequest) Execute() (*UserSchema, *APIResponse, error) {
+	return r.ApiService.UpdateApplicationUserProfileExecute(r)
+}
+
+/*
+UpdateApplicationUserProfile Update the default Application User Schema for an Application
+
+Partially updates on the User Profile properties of the Application User Schema
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param appInstanceId
+	@return ApiUpdateApplicationUserProfileRequest
+*/
+func (a *SchemaApiService) UpdateApplicationUserProfile(ctx context.Context, appInstanceId string) ApiUpdateApplicationUserProfileRequest {
+	return ApiUpdateApplicationUserProfileRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		appInstanceId: appInstanceId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserSchema
+func (a *SchemaApiService) UpdateApplicationUserProfileExecute(r ApiUpdateApplicationUserProfileRequest) (*UserSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.UpdateApplicationUserProfile")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/apps/{appInstanceId}/default"
+	localVarPath = strings.Replace(localVarPath, "{"+"appInstanceId"+"}", url.PathEscape(parameterToString(r.appInstanceId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.body
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateGroupSchemaRequest struct {
+	ctx         context.Context
+	ApiService  SchemaApi
+	groupSchema *GroupSchema
+	retryCount  int32
+}
+
+func (r ApiUpdateGroupSchemaRequest) GroupSchema(groupSchema GroupSchema) ApiUpdateGroupSchemaRequest {
+	r.groupSchema = &groupSchema
+	return r
+}
+
+func (r ApiUpdateGroupSchemaRequest) Execute() (*GroupSchema, *APIResponse, error) {
+	return r.ApiService.UpdateGroupSchemaExecute(r)
+}
+
+/*
+UpdateGroupSchema Update the default Group Schema
+
+Updates the default group schema. This updates, adds, or removes one or more custom Group Profile properties in the schema.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiUpdateGroupSchemaRequest
+*/
+func (a *SchemaApiService) UpdateGroupSchema(ctx context.Context) ApiUpdateGroupSchemaRequest {
+	return ApiUpdateGroupSchemaRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return GroupSchema
+func (a *SchemaApiService) UpdateGroupSchemaExecute(r ApiUpdateGroupSchemaRequest) (*GroupSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *GroupSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.UpdateGroupSchema")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/group/default"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.groupSchema
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateUserProfileRequest struct {
+	ctx        context.Context
+	ApiService SchemaApi
+	schemaId   string
+	userSchema *UserSchema
+	retryCount int32
+}
+
+func (r ApiUpdateUserProfileRequest) UserSchema(userSchema UserSchema) ApiUpdateUserProfileRequest {
+	r.userSchema = &userSchema
+	return r
+}
+
+func (r ApiUpdateUserProfileRequest) Execute() (*UserSchema, *APIResponse, error) {
+	return r.ApiService.UpdateUserProfileExecute(r)
+}
+
+/*
+UpdateUserProfile Update a User Schema
+
+Partially updates on the User Profile properties of the user schema
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param schemaId
+	@return ApiUpdateUserProfileRequest
+*/
+func (a *SchemaApiService) UpdateUserProfile(ctx context.Context, schemaId string) ApiUpdateUserProfileRequest {
+	return ApiUpdateUserProfileRequest{
+		ApiService: a,
+		ctx:        ctx,
+		schemaId:   schemaId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserSchema
+func (a *SchemaApiService) UpdateUserProfileExecute(r ApiUpdateUserProfileRequest) (*UserSchema, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserSchema
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SchemaApiService.UpdateUserProfile")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/schemas/user/{schemaId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"schemaId"+"}", url.PathEscape(parameterToString(r.schemaId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.userSchema == nil {
+		return localVarReturnValue, nil, reportError("userSchema is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.userSchema
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_session.go b/okta/api_session.go
new file mode 100644
index 000000000..839533a69
--- /dev/null
+++ b/okta/api_session.go
@@ -0,0 +1,720 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type SessionApi interface {
+	/*
+		CreateSession Create a Session with Session Token
+
+		Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateSessionRequest
+	*/
+	CreateSession(ctx context.Context) ApiCreateSessionRequest
+
+	// CreateSessionExecute executes the request
+	//  @return Session
+	CreateSessionExecute(r ApiCreateSessionRequest) (*Session, *APIResponse, error)
+
+	/*
+		GetSession Retrieve a Session
+
+		Retrieves the details about a session
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param sessionId
+		@return ApiGetSessionRequest
+	*/
+	GetSession(ctx context.Context, sessionId string) ApiGetSessionRequest
+
+	// GetSessionExecute executes the request
+	//  @return Session
+	GetSessionExecute(r ApiGetSessionRequest) (*Session, *APIResponse, error)
+
+	/*
+		RefreshSession Refresh a Session
+
+		Refreshes a session
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param sessionId
+		@return ApiRefreshSessionRequest
+	*/
+	RefreshSession(ctx context.Context, sessionId string) ApiRefreshSessionRequest
+
+	// RefreshSessionExecute executes the request
+	//  @return Session
+	RefreshSessionExecute(r ApiRefreshSessionRequest) (*Session, *APIResponse, error)
+
+	/*
+		RevokeSession Revoke a Session
+
+		Revokes a session
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param sessionId
+		@return ApiRevokeSessionRequest
+	*/
+	RevokeSession(ctx context.Context, sessionId string) ApiRevokeSessionRequest
+
+	// RevokeSessionExecute executes the request
+	RevokeSessionExecute(r ApiRevokeSessionRequest) (*APIResponse, error)
+}
+
+// SessionApiService SessionApi service
+type SessionApiService service
+
+type ApiCreateSessionRequest struct {
+	ctx                  context.Context
+	ApiService           SessionApi
+	createSessionRequest *CreateSessionRequest
+	retryCount           int32
+}
+
+func (r ApiCreateSessionRequest) CreateSessionRequest(createSessionRequest CreateSessionRequest) ApiCreateSessionRequest {
+	r.createSessionRequest = &createSessionRequest
+	return r
+}
+
+func (r ApiCreateSessionRequest) Execute() (*Session, *APIResponse, error) {
+	return r.ApiService.CreateSessionExecute(r)
+}
+
+/*
+CreateSession Create a Session with Session Token
+
+Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateSessionRequest
+*/
+func (a *SessionApiService) CreateSession(ctx context.Context) ApiCreateSessionRequest {
+	return ApiCreateSessionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Session
+func (a *SessionApiService) CreateSessionExecute(r ApiCreateSessionRequest) (*Session, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Session
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SessionApiService.CreateSession")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/sessions"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.createSessionRequest == nil {
+		return localVarReturnValue, nil, reportError("createSessionRequest is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.createSessionRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetSessionRequest struct {
+	ctx        context.Context
+	ApiService SessionApi
+	sessionId  string
+	retryCount int32
+}
+
+func (r ApiGetSessionRequest) Execute() (*Session, *APIResponse, error) {
+	return r.ApiService.GetSessionExecute(r)
+}
+
+/*
+GetSession Retrieve a Session
+
+Retrieves the details about a session
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param sessionId
+	@return ApiGetSessionRequest
+*/
+func (a *SessionApiService) GetSession(ctx context.Context, sessionId string) ApiGetSessionRequest {
+	return ApiGetSessionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		sessionId:  sessionId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Session
+func (a *SessionApiService) GetSessionExecute(r ApiGetSessionRequest) (*Session, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Session
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SessionApiService.GetSession")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/sessions/{sessionId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRefreshSessionRequest struct {
+	ctx        context.Context
+	ApiService SessionApi
+	sessionId  string
+	retryCount int32
+}
+
+func (r ApiRefreshSessionRequest) Execute() (*Session, *APIResponse, error) {
+	return r.ApiService.RefreshSessionExecute(r)
+}
+
+/*
+RefreshSession Refresh a Session
+
+Refreshes a session
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param sessionId
+	@return ApiRefreshSessionRequest
+*/
+func (a *SessionApiService) RefreshSession(ctx context.Context, sessionId string) ApiRefreshSessionRequest {
+	return ApiRefreshSessionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		sessionId:  sessionId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Session
+func (a *SessionApiService) RefreshSessionExecute(r ApiRefreshSessionRequest) (*Session, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Session
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SessionApiService.RefreshSession")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/sessions/{sessionId}/lifecycle/refresh"
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiRevokeSessionRequest struct {
+	ctx        context.Context
+	ApiService SessionApi
+	sessionId  string
+	retryCount int32
+}
+
+func (r ApiRevokeSessionRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeSessionExecute(r)
+}
+
+/*
+RevokeSession Revoke a Session
+
+Revokes a session
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param sessionId
+	@return ApiRevokeSessionRequest
+*/
+func (a *SessionApiService) RevokeSession(ctx context.Context, sessionId string) ApiRevokeSessionRequest {
+	return ApiRevokeSessionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		sessionId:  sessionId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *SessionApiService) RevokeSessionExecute(r ApiRevokeSessionRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SessionApiService.RevokeSession")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/sessions/{sessionId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"sessionId"+"}", url.PathEscape(parameterToString(r.sessionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_subscription.go b/okta/api_subscription.go
new file mode 100644
index 000000000..185e41259
--- /dev/null
+++ b/okta/api_subscription.go
@@ -0,0 +1,1366 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type SubscriptionApi interface {
+	/*
+		ListRoleSubscriptions List all Subscriptions of a Custom Role
+
+		Lists all subscriptions of a Role identified by `roleType` or of a Custom Role identified by `roleId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleTypeOrRoleId
+		@return ApiListRoleSubscriptionsRequest
+	*/
+	ListRoleSubscriptions(ctx context.Context, roleTypeOrRoleId string) ApiListRoleSubscriptionsRequest
+
+	// ListRoleSubscriptionsExecute executes the request
+	//  @return []Subscription
+	ListRoleSubscriptionsExecute(r ApiListRoleSubscriptionsRequest) ([]Subscription, *APIResponse, error)
+
+	/*
+		ListRoleSubscriptionsByNotificationType List all Subscriptions of a Custom Role with a specific notification type
+
+		Lists all subscriptions with a specific notification type of a Role identified by `roleType` or of a Custom Role identified by `roleId`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleTypeOrRoleId
+		@param notificationType
+		@return ApiListRoleSubscriptionsByNotificationTypeRequest
+	*/
+	ListRoleSubscriptionsByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) ApiListRoleSubscriptionsByNotificationTypeRequest
+
+	// ListRoleSubscriptionsByNotificationTypeExecute executes the request
+	//  @return Subscription
+	ListRoleSubscriptionsByNotificationTypeExecute(r ApiListRoleSubscriptionsByNotificationTypeRequest) (*Subscription, *APIResponse, error)
+
+	/*
+		ListUserSubscriptions List all Subscriptions
+
+		Lists all subscriptions of a user. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListUserSubscriptionsRequest
+	*/
+	ListUserSubscriptions(ctx context.Context, userId string) ApiListUserSubscriptionsRequest
+
+	// ListUserSubscriptionsExecute executes the request
+	//  @return []Subscription
+	ListUserSubscriptionsExecute(r ApiListUserSubscriptionsRequest) ([]Subscription, *APIResponse, error)
+
+	/*
+		ListUserSubscriptionsByNotificationType List all Subscriptions by type
+
+		Lists all the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param notificationType
+		@return ApiListUserSubscriptionsByNotificationTypeRequest
+	*/
+	ListUserSubscriptionsByNotificationType(ctx context.Context, userId string, notificationType string) ApiListUserSubscriptionsByNotificationTypeRequest
+
+	// ListUserSubscriptionsByNotificationTypeExecute executes the request
+	//  @return Subscription
+	ListUserSubscriptionsByNotificationTypeExecute(r ApiListUserSubscriptionsByNotificationTypeRequest) (*Subscription, *APIResponse, error)
+
+	/*
+		SubscribeRoleSubscriptionByNotificationType Subscribe a Custom Role to a specific notification type
+
+		Subscribes a Role identified by `roleType` or of a Custom Role identified by `roleId` to a specific notification type. When you change the subscription status of a Role or Custom Role, it overrides the subscription of any individual user of that Role or Custom Role.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleTypeOrRoleId
+		@param notificationType
+		@return ApiSubscribeRoleSubscriptionByNotificationTypeRequest
+	*/
+	SubscribeRoleSubscriptionByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) ApiSubscribeRoleSubscriptionByNotificationTypeRequest
+
+	// SubscribeRoleSubscriptionByNotificationTypeExecute executes the request
+	SubscribeRoleSubscriptionByNotificationTypeExecute(r ApiSubscribeRoleSubscriptionByNotificationTypeRequest) (*APIResponse, error)
+
+	/*
+		SubscribeUserSubscriptionByNotificationType Subscribe to a specific notification type
+
+		Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param notificationType
+		@return ApiSubscribeUserSubscriptionByNotificationTypeRequest
+	*/
+	SubscribeUserSubscriptionByNotificationType(ctx context.Context, userId string, notificationType string) ApiSubscribeUserSubscriptionByNotificationTypeRequest
+
+	// SubscribeUserSubscriptionByNotificationTypeExecute executes the request
+	SubscribeUserSubscriptionByNotificationTypeExecute(r ApiSubscribeUserSubscriptionByNotificationTypeRequest) (*APIResponse, error)
+
+	/*
+		UnsubscribeRoleSubscriptionByNotificationType Unsubscribe a Custom Role from a specific notification type
+
+		Unsubscribes a Role identified by `roleType` or of a Custom Role identified by `roleId` from a specific notification type. When you change the subscription status of a Role or Custom Role, it overrides the subscription of any individual user of that Role or Custom Role.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param roleTypeOrRoleId
+		@param notificationType
+		@return ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest
+	*/
+	UnsubscribeRoleSubscriptionByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest
+
+	// UnsubscribeRoleSubscriptionByNotificationTypeExecute executes the request
+	UnsubscribeRoleSubscriptionByNotificationTypeExecute(r ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest) (*APIResponse, error)
+
+	/*
+		UnsubscribeUserSubscriptionByNotificationType Unsubscribe from a specific notification type
+
+		Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param notificationType
+		@return ApiUnsubscribeUserSubscriptionByNotificationTypeRequest
+	*/
+	UnsubscribeUserSubscriptionByNotificationType(ctx context.Context, userId string, notificationType string) ApiUnsubscribeUserSubscriptionByNotificationTypeRequest
+
+	// UnsubscribeUserSubscriptionByNotificationTypeExecute executes the request
+	UnsubscribeUserSubscriptionByNotificationTypeExecute(r ApiUnsubscribeUserSubscriptionByNotificationTypeRequest) (*APIResponse, error)
+}
+
+// SubscriptionApiService SubscriptionApi service
+type SubscriptionApiService service
+
+type ApiListRoleSubscriptionsRequest struct {
+	ctx              context.Context
+	ApiService       SubscriptionApi
+	roleTypeOrRoleId string
+	retryCount       int32
+}
+
+func (r ApiListRoleSubscriptionsRequest) Execute() ([]Subscription, *APIResponse, error) {
+	return r.ApiService.ListRoleSubscriptionsExecute(r)
+}
+
+/*
+ListRoleSubscriptions List all Subscriptions of a Custom Role
+
+Lists all subscriptions of a Role identified by `roleType` or of a Custom Role identified by `roleId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleTypeOrRoleId
+	@return ApiListRoleSubscriptionsRequest
+*/
+func (a *SubscriptionApiService) ListRoleSubscriptions(ctx context.Context, roleTypeOrRoleId string) ApiListRoleSubscriptionsRequest {
+	return ApiListRoleSubscriptionsRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		roleTypeOrRoleId: roleTypeOrRoleId,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Subscription
+func (a *SubscriptionApiService) ListRoleSubscriptionsExecute(r ApiListRoleSubscriptionsRequest) ([]Subscription, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Subscription
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.ListRoleSubscriptions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/roles/{roleTypeOrRoleId}/subscriptions"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleTypeOrRoleId"+"}", url.PathEscape(parameterToString(r.roleTypeOrRoleId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListRoleSubscriptionsByNotificationTypeRequest struct {
+	ctx              context.Context
+	ApiService       SubscriptionApi
+	roleTypeOrRoleId string
+	notificationType string
+	retryCount       int32
+}
+
+func (r ApiListRoleSubscriptionsByNotificationTypeRequest) Execute() (*Subscription, *APIResponse, error) {
+	return r.ApiService.ListRoleSubscriptionsByNotificationTypeExecute(r)
+}
+
+/*
+ListRoleSubscriptionsByNotificationType List all Subscriptions of a Custom Role with a specific notification type
+
+Lists all subscriptions with a specific notification type of a Role identified by `roleType` or of a Custom Role identified by `roleId`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleTypeOrRoleId
+	@param notificationType
+	@return ApiListRoleSubscriptionsByNotificationTypeRequest
+*/
+func (a *SubscriptionApiService) ListRoleSubscriptionsByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) ApiListRoleSubscriptionsByNotificationTypeRequest {
+	return ApiListRoleSubscriptionsByNotificationTypeRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		roleTypeOrRoleId: roleTypeOrRoleId,
+		notificationType: notificationType,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Subscription
+func (a *SubscriptionApiService) ListRoleSubscriptionsByNotificationTypeExecute(r ApiListRoleSubscriptionsByNotificationTypeRequest) (*Subscription, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Subscription
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.ListRoleSubscriptionsByNotificationType")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleTypeOrRoleId"+"}", url.PathEscape(parameterToString(r.roleTypeOrRoleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"notificationType"+"}", url.PathEscape(parameterToString(r.notificationType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserSubscriptionsRequest struct {
+	ctx        context.Context
+	ApiService SubscriptionApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListUserSubscriptionsRequest) Execute() ([]Subscription, *APIResponse, error) {
+	return r.ApiService.ListUserSubscriptionsExecute(r)
+}
+
+/*
+ListUserSubscriptions List all Subscriptions
+
+Lists all subscriptions of a user. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListUserSubscriptionsRequest
+*/
+func (a *SubscriptionApiService) ListUserSubscriptions(ctx context.Context, userId string) ApiListUserSubscriptionsRequest {
+	return ApiListUserSubscriptionsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Subscription
+func (a *SubscriptionApiService) ListUserSubscriptionsExecute(r ApiListUserSubscriptionsRequest) ([]Subscription, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Subscription
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.ListUserSubscriptions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/subscriptions"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserSubscriptionsByNotificationTypeRequest struct {
+	ctx              context.Context
+	ApiService       SubscriptionApi
+	userId           string
+	notificationType string
+	retryCount       int32
+}
+
+func (r ApiListUserSubscriptionsByNotificationTypeRequest) Execute() (*Subscription, *APIResponse, error) {
+	return r.ApiService.ListUserSubscriptionsByNotificationTypeExecute(r)
+}
+
+/*
+ListUserSubscriptionsByNotificationType List all Subscriptions by type
+
+Lists all the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param notificationType
+	@return ApiListUserSubscriptionsByNotificationTypeRequest
+*/
+func (a *SubscriptionApiService) ListUserSubscriptionsByNotificationType(ctx context.Context, userId string, notificationType string) ApiListUserSubscriptionsByNotificationTypeRequest {
+	return ApiListUserSubscriptionsByNotificationTypeRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		userId:           userId,
+		notificationType: notificationType,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return Subscription
+func (a *SubscriptionApiService) ListUserSubscriptionsByNotificationTypeExecute(r ApiListUserSubscriptionsByNotificationTypeRequest) (*Subscription, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *Subscription
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.ListUserSubscriptionsByNotificationType")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/subscriptions/{notificationType}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"notificationType"+"}", url.PathEscape(parameterToString(r.notificationType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiSubscribeRoleSubscriptionByNotificationTypeRequest struct {
+	ctx              context.Context
+	ApiService       SubscriptionApi
+	roleTypeOrRoleId string
+	notificationType string
+	retryCount       int32
+}
+
+func (r ApiSubscribeRoleSubscriptionByNotificationTypeRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.SubscribeRoleSubscriptionByNotificationTypeExecute(r)
+}
+
+/*
+SubscribeRoleSubscriptionByNotificationType Subscribe a Custom Role to a specific notification type
+
+Subscribes a Role identified by `roleType` or of a Custom Role identified by `roleId` to a specific notification type. When you change the subscription status of a Role or Custom Role, it overrides the subscription of any individual user of that Role or Custom Role.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleTypeOrRoleId
+	@param notificationType
+	@return ApiSubscribeRoleSubscriptionByNotificationTypeRequest
+*/
+func (a *SubscriptionApiService) SubscribeRoleSubscriptionByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) ApiSubscribeRoleSubscriptionByNotificationTypeRequest {
+	return ApiSubscribeRoleSubscriptionByNotificationTypeRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		roleTypeOrRoleId: roleTypeOrRoleId,
+		notificationType: notificationType,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *SubscriptionApiService) SubscribeRoleSubscriptionByNotificationTypeExecute(r ApiSubscribeRoleSubscriptionByNotificationTypeRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.SubscribeRoleSubscriptionByNotificationType")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleTypeOrRoleId"+"}", url.PathEscape(parameterToString(r.roleTypeOrRoleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"notificationType"+"}", url.PathEscape(parameterToString(r.notificationType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiSubscribeUserSubscriptionByNotificationTypeRequest struct {
+	ctx              context.Context
+	ApiService       SubscriptionApi
+	userId           string
+	notificationType string
+	retryCount       int32
+}
+
+func (r ApiSubscribeUserSubscriptionByNotificationTypeRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.SubscribeUserSubscriptionByNotificationTypeExecute(r)
+}
+
+/*
+SubscribeUserSubscriptionByNotificationType Subscribe to a specific notification type
+
+Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param notificationType
+	@return ApiSubscribeUserSubscriptionByNotificationTypeRequest
+*/
+func (a *SubscriptionApiService) SubscribeUserSubscriptionByNotificationType(ctx context.Context, userId string, notificationType string) ApiSubscribeUserSubscriptionByNotificationTypeRequest {
+	return ApiSubscribeUserSubscriptionByNotificationTypeRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		userId:           userId,
+		notificationType: notificationType,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *SubscriptionApiService) SubscribeUserSubscriptionByNotificationTypeExecute(r ApiSubscribeUserSubscriptionByNotificationTypeRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.SubscribeUserSubscriptionByNotificationType")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"notificationType"+"}", url.PathEscape(parameterToString(r.notificationType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest struct {
+	ctx              context.Context
+	ApiService       SubscriptionApi
+	roleTypeOrRoleId string
+	notificationType string
+	retryCount       int32
+}
+
+func (r ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnsubscribeRoleSubscriptionByNotificationTypeExecute(r)
+}
+
+/*
+UnsubscribeRoleSubscriptionByNotificationType Unsubscribe a Custom Role from a specific notification type
+
+Unsubscribes a Role identified by `roleType` or of a Custom Role identified by `roleId` from a specific notification type. When you change the subscription status of a Role or Custom Role, it overrides the subscription of any individual user of that Role or Custom Role.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param roleTypeOrRoleId
+	@param notificationType
+	@return ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest
+*/
+func (a *SubscriptionApiService) UnsubscribeRoleSubscriptionByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest {
+	return ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		roleTypeOrRoleId: roleTypeOrRoleId,
+		notificationType: notificationType,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *SubscriptionApiService) UnsubscribeRoleSubscriptionByNotificationTypeExecute(r ApiUnsubscribeRoleSubscriptionByNotificationTypeRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.UnsubscribeRoleSubscriptionByNotificationType")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe"
+	localVarPath = strings.Replace(localVarPath, "{"+"roleTypeOrRoleId"+"}", url.PathEscape(parameterToString(r.roleTypeOrRoleId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"notificationType"+"}", url.PathEscape(parameterToString(r.notificationType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnsubscribeUserSubscriptionByNotificationTypeRequest struct {
+	ctx              context.Context
+	ApiService       SubscriptionApi
+	userId           string
+	notificationType string
+	retryCount       int32
+}
+
+func (r ApiUnsubscribeUserSubscriptionByNotificationTypeRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnsubscribeUserSubscriptionByNotificationTypeExecute(r)
+}
+
+/*
+UnsubscribeUserSubscriptionByNotificationType Unsubscribe from a specific notification type
+
+Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param notificationType
+	@return ApiUnsubscribeUserSubscriptionByNotificationTypeRequest
+*/
+func (a *SubscriptionApiService) UnsubscribeUserSubscriptionByNotificationType(ctx context.Context, userId string, notificationType string) ApiUnsubscribeUserSubscriptionByNotificationTypeRequest {
+	return ApiUnsubscribeUserSubscriptionByNotificationTypeRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		userId:           userId,
+		notificationType: notificationType,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *SubscriptionApiService) UnsubscribeUserSubscriptionByNotificationTypeExecute(r ApiUnsubscribeUserSubscriptionByNotificationTypeRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SubscriptionApiService.UnsubscribeUserSubscriptionByNotificationType")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"notificationType"+"}", url.PathEscape(parameterToString(r.notificationType, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
diff --git a/okta/api_system_log.go b/okta/api_system_log.go
new file mode 100644
index 000000000..d533e53ec
--- /dev/null
+++ b/okta/api_system_log.go
@@ -0,0 +1,266 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type SystemLogApi interface {
+	/*
+		ListLogEvents List all System Log Events
+
+		Lists all system log events. The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListLogEventsRequest
+	*/
+	ListLogEvents(ctx context.Context) ApiListLogEventsRequest
+
+	// ListLogEventsExecute executes the request
+	//  @return []LogEvent
+	ListLogEventsExecute(r ApiListLogEventsRequest) ([]LogEvent, *APIResponse, error)
+}
+
+// SystemLogApiService SystemLogApi service
+type SystemLogApiService service
+
+type ApiListLogEventsRequest struct {
+	ctx        context.Context
+	ApiService SystemLogApi
+	since      *time.Time
+	until      *time.Time
+	filter     *string
+	q          *string
+	limit      *int32
+	sortOrder  *string
+	after      *string
+	retryCount int32
+}
+
+func (r ApiListLogEventsRequest) Since(since time.Time) ApiListLogEventsRequest {
+	r.since = &since
+	return r
+}
+
+func (r ApiListLogEventsRequest) Until(until time.Time) ApiListLogEventsRequest {
+	r.until = &until
+	return r
+}
+
+func (r ApiListLogEventsRequest) Filter(filter string) ApiListLogEventsRequest {
+	r.filter = &filter
+	return r
+}
+
+func (r ApiListLogEventsRequest) Q(q string) ApiListLogEventsRequest {
+	r.q = &q
+	return r
+}
+
+func (r ApiListLogEventsRequest) Limit(limit int32) ApiListLogEventsRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListLogEventsRequest) SortOrder(sortOrder string) ApiListLogEventsRequest {
+	r.sortOrder = &sortOrder
+	return r
+}
+
+func (r ApiListLogEventsRequest) After(after string) ApiListLogEventsRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListLogEventsRequest) Execute() ([]LogEvent, *APIResponse, error) {
+	return r.ApiService.ListLogEventsExecute(r)
+}
+
+/*
+ListLogEvents List all System Log Events
+
+Lists all system log events. The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListLogEventsRequest
+*/
+func (a *SystemLogApiService) ListLogEvents(ctx context.Context) ApiListLogEventsRequest {
+	return ApiListLogEventsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []LogEvent
+func (a *SystemLogApiService) ListLogEventsExecute(r ApiListLogEventsRequest) ([]LogEvent, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []LogEvent
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "SystemLogApiService.ListLogEvents")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/logs"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.since != nil {
+		localVarQueryParams.Add("since", parameterToString(*r.since, ""))
+	}
+	if r.until != nil {
+		localVarQueryParams.Add("until", parameterToString(*r.until, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.sortOrder != nil {
+		localVarQueryParams.Add("sortOrder", parameterToString(*r.sortOrder, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_template.go b/okta/api_template.go
new file mode 100644
index 000000000..758360cc5
--- /dev/null
+++ b/okta/api_template.go
@@ -0,0 +1,1156 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type TemplateApi interface {
+	/*
+		CreateSmsTemplate Create an SMS Template
+
+		Creates a new custom SMS template
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateSmsTemplateRequest
+	*/
+	CreateSmsTemplate(ctx context.Context) ApiCreateSmsTemplateRequest
+
+	// CreateSmsTemplateExecute executes the request
+	//  @return SmsTemplate
+	CreateSmsTemplateExecute(r ApiCreateSmsTemplateRequest) (*SmsTemplate, *APIResponse, error)
+
+	/*
+		DeleteSmsTemplate Delete an SMS Template
+
+		Deletes an SMS template
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param templateId
+		@return ApiDeleteSmsTemplateRequest
+	*/
+	DeleteSmsTemplate(ctx context.Context, templateId string) ApiDeleteSmsTemplateRequest
+
+	// DeleteSmsTemplateExecute executes the request
+	DeleteSmsTemplateExecute(r ApiDeleteSmsTemplateRequest) (*APIResponse, error)
+
+	/*
+		GetSmsTemplate Retrieve an SMS Template
+
+		Retrieves a specific template by `id`
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param templateId
+		@return ApiGetSmsTemplateRequest
+	*/
+	GetSmsTemplate(ctx context.Context, templateId string) ApiGetSmsTemplateRequest
+
+	// GetSmsTemplateExecute executes the request
+	//  @return SmsTemplate
+	GetSmsTemplateExecute(r ApiGetSmsTemplateRequest) (*SmsTemplate, *APIResponse, error)
+
+	/*
+		ListSmsTemplates List all SMS Templates
+
+		Lists all custom SMS templates. A subset of templates can be returned that match a template type.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListSmsTemplatesRequest
+	*/
+	ListSmsTemplates(ctx context.Context) ApiListSmsTemplatesRequest
+
+	// ListSmsTemplatesExecute executes the request
+	//  @return []SmsTemplate
+	ListSmsTemplatesExecute(r ApiListSmsTemplatesRequest) ([]SmsTemplate, *APIResponse, error)
+
+	/*
+		ReplaceSmsTemplate Replace an SMS Template
+
+		Replaces the SMS template
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param templateId
+		@return ApiReplaceSmsTemplateRequest
+	*/
+	ReplaceSmsTemplate(ctx context.Context, templateId string) ApiReplaceSmsTemplateRequest
+
+	// ReplaceSmsTemplateExecute executes the request
+	//  @return SmsTemplate
+	ReplaceSmsTemplateExecute(r ApiReplaceSmsTemplateRequest) (*SmsTemplate, *APIResponse, error)
+
+	/*
+		UpdateSmsTemplate Update an SMS Template
+
+		Updates an SMS template
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param templateId
+		@return ApiUpdateSmsTemplateRequest
+	*/
+	UpdateSmsTemplate(ctx context.Context, templateId string) ApiUpdateSmsTemplateRequest
+
+	// UpdateSmsTemplateExecute executes the request
+	//  @return SmsTemplate
+	UpdateSmsTemplateExecute(r ApiUpdateSmsTemplateRequest) (*SmsTemplate, *APIResponse, error)
+}
+
+// TemplateApiService TemplateApi service
+type TemplateApiService service
+
+type ApiCreateSmsTemplateRequest struct {
+	ctx         context.Context
+	ApiService  TemplateApi
+	smsTemplate *SmsTemplate
+	retryCount  int32
+}
+
+func (r ApiCreateSmsTemplateRequest) SmsTemplate(smsTemplate SmsTemplate) ApiCreateSmsTemplateRequest {
+	r.smsTemplate = &smsTemplate
+	return r
+}
+
+func (r ApiCreateSmsTemplateRequest) Execute() (*SmsTemplate, *APIResponse, error) {
+	return r.ApiService.CreateSmsTemplateExecute(r)
+}
+
+/*
+CreateSmsTemplate Create an SMS Template
+
+Creates a new custom SMS template
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateSmsTemplateRequest
+*/
+func (a *TemplateApiService) CreateSmsTemplate(ctx context.Context) ApiCreateSmsTemplateRequest {
+	return ApiCreateSmsTemplateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SmsTemplate
+func (a *TemplateApiService) CreateSmsTemplateExecute(r ApiCreateSmsTemplateRequest) (*SmsTemplate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SmsTemplate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TemplateApiService.CreateSmsTemplate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/templates/sms"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.smsTemplate == nil {
+		return localVarReturnValue, nil, reportError("smsTemplate is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.smsTemplate
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteSmsTemplateRequest struct {
+	ctx        context.Context
+	ApiService TemplateApi
+	templateId string
+	retryCount int32
+}
+
+func (r ApiDeleteSmsTemplateRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteSmsTemplateExecute(r)
+}
+
+/*
+DeleteSmsTemplate Delete an SMS Template
+
+Deletes an SMS template
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param templateId
+	@return ApiDeleteSmsTemplateRequest
+*/
+func (a *TemplateApiService) DeleteSmsTemplate(ctx context.Context, templateId string) ApiDeleteSmsTemplateRequest {
+	return ApiDeleteSmsTemplateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		templateId: templateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *TemplateApiService) DeleteSmsTemplateExecute(r ApiDeleteSmsTemplateRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TemplateApiService.DeleteSmsTemplate")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/templates/sms/{templateId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"templateId"+"}", url.PathEscape(parameterToString(r.templateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetSmsTemplateRequest struct {
+	ctx        context.Context
+	ApiService TemplateApi
+	templateId string
+	retryCount int32
+}
+
+func (r ApiGetSmsTemplateRequest) Execute() (*SmsTemplate, *APIResponse, error) {
+	return r.ApiService.GetSmsTemplateExecute(r)
+}
+
+/*
+GetSmsTemplate Retrieve an SMS Template
+
+Retrieves a specific template by `id`
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param templateId
+	@return ApiGetSmsTemplateRequest
+*/
+func (a *TemplateApiService) GetSmsTemplate(ctx context.Context, templateId string) ApiGetSmsTemplateRequest {
+	return ApiGetSmsTemplateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		templateId: templateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SmsTemplate
+func (a *TemplateApiService) GetSmsTemplateExecute(r ApiGetSmsTemplateRequest) (*SmsTemplate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SmsTemplate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TemplateApiService.GetSmsTemplate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/templates/sms/{templateId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"templateId"+"}", url.PathEscape(parameterToString(r.templateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListSmsTemplatesRequest struct {
+	ctx          context.Context
+	ApiService   TemplateApi
+	templateType *SmsTemplateType
+	retryCount   int32
+}
+
+func (r ApiListSmsTemplatesRequest) TemplateType(templateType SmsTemplateType) ApiListSmsTemplatesRequest {
+	r.templateType = &templateType
+	return r
+}
+
+func (r ApiListSmsTemplatesRequest) Execute() ([]SmsTemplate, *APIResponse, error) {
+	return r.ApiService.ListSmsTemplatesExecute(r)
+}
+
+/*
+ListSmsTemplates List all SMS Templates
+
+Lists all custom SMS templates. A subset of templates can be returned that match a template type.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListSmsTemplatesRequest
+*/
+func (a *TemplateApiService) ListSmsTemplates(ctx context.Context) ApiListSmsTemplatesRequest {
+	return ApiListSmsTemplatesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []SmsTemplate
+func (a *TemplateApiService) ListSmsTemplatesExecute(r ApiListSmsTemplatesRequest) ([]SmsTemplate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []SmsTemplate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TemplateApiService.ListSmsTemplates")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/templates/sms"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.templateType != nil {
+		localVarQueryParams.Add("templateType", parameterToString(*r.templateType, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceSmsTemplateRequest struct {
+	ctx         context.Context
+	ApiService  TemplateApi
+	templateId  string
+	smsTemplate *SmsTemplate
+	retryCount  int32
+}
+
+func (r ApiReplaceSmsTemplateRequest) SmsTemplate(smsTemplate SmsTemplate) ApiReplaceSmsTemplateRequest {
+	r.smsTemplate = &smsTemplate
+	return r
+}
+
+func (r ApiReplaceSmsTemplateRequest) Execute() (*SmsTemplate, *APIResponse, error) {
+	return r.ApiService.ReplaceSmsTemplateExecute(r)
+}
+
+/*
+ReplaceSmsTemplate Replace an SMS Template
+
+Replaces the SMS template
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param templateId
+	@return ApiReplaceSmsTemplateRequest
+*/
+func (a *TemplateApiService) ReplaceSmsTemplate(ctx context.Context, templateId string) ApiReplaceSmsTemplateRequest {
+	return ApiReplaceSmsTemplateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		templateId: templateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SmsTemplate
+func (a *TemplateApiService) ReplaceSmsTemplateExecute(r ApiReplaceSmsTemplateRequest) (*SmsTemplate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SmsTemplate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TemplateApiService.ReplaceSmsTemplate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/templates/sms/{templateId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"templateId"+"}", url.PathEscape(parameterToString(r.templateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.smsTemplate == nil {
+		return localVarReturnValue, nil, reportError("smsTemplate is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.smsTemplate
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateSmsTemplateRequest struct {
+	ctx         context.Context
+	ApiService  TemplateApi
+	templateId  string
+	smsTemplate *SmsTemplate
+	retryCount  int32
+}
+
+func (r ApiUpdateSmsTemplateRequest) SmsTemplate(smsTemplate SmsTemplate) ApiUpdateSmsTemplateRequest {
+	r.smsTemplate = &smsTemplate
+	return r
+}
+
+func (r ApiUpdateSmsTemplateRequest) Execute() (*SmsTemplate, *APIResponse, error) {
+	return r.ApiService.UpdateSmsTemplateExecute(r)
+}
+
+/*
+UpdateSmsTemplate Update an SMS Template
+
+Updates an SMS template
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param templateId
+	@return ApiUpdateSmsTemplateRequest
+*/
+func (a *TemplateApiService) UpdateSmsTemplate(ctx context.Context, templateId string) ApiUpdateSmsTemplateRequest {
+	return ApiUpdateSmsTemplateRequest{
+		ApiService: a,
+		ctx:        ctx,
+		templateId: templateId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return SmsTemplate
+func (a *TemplateApiService) UpdateSmsTemplateExecute(r ApiUpdateSmsTemplateRequest) (*SmsTemplate, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *SmsTemplate
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TemplateApiService.UpdateSmsTemplate")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/templates/sms/{templateId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"templateId"+"}", url.PathEscape(parameterToString(r.templateId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.smsTemplate == nil {
+		return localVarReturnValue, nil, reportError("smsTemplate is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.smsTemplate
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_threat_insight.go b/okta/api_threat_insight.go
new file mode 100644
index 000000000..db119da25
--- /dev/null
+++ b/okta/api_threat_insight.go
@@ -0,0 +1,390 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type ThreatInsightApi interface {
+	/*
+		GetCurrentConfiguration Retrieve the ThreatInsight Configuration
+
+		Retrieves current ThreatInsight configuration
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiGetCurrentConfigurationRequest
+	*/
+	GetCurrentConfiguration(ctx context.Context) ApiGetCurrentConfigurationRequest
+
+	// GetCurrentConfigurationExecute executes the request
+	//  @return ThreatInsightConfiguration
+	GetCurrentConfigurationExecute(r ApiGetCurrentConfigurationRequest) (*ThreatInsightConfiguration, *APIResponse, error)
+
+	/*
+		UpdateConfiguration Update the ThreatInsight Configuration
+
+		Updates ThreatInsight configuration
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiUpdateConfigurationRequest
+	*/
+	UpdateConfiguration(ctx context.Context) ApiUpdateConfigurationRequest
+
+	// UpdateConfigurationExecute executes the request
+	//  @return ThreatInsightConfiguration
+	UpdateConfigurationExecute(r ApiUpdateConfigurationRequest) (*ThreatInsightConfiguration, *APIResponse, error)
+}
+
+// ThreatInsightApiService ThreatInsightApi service
+type ThreatInsightApiService service
+
+type ApiGetCurrentConfigurationRequest struct {
+	ctx        context.Context
+	ApiService ThreatInsightApi
+	retryCount int32
+}
+
+func (r ApiGetCurrentConfigurationRequest) Execute() (*ThreatInsightConfiguration, *APIResponse, error) {
+	return r.ApiService.GetCurrentConfigurationExecute(r)
+}
+
+/*
+GetCurrentConfiguration Retrieve the ThreatInsight Configuration
+
+Retrieves current ThreatInsight configuration
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiGetCurrentConfigurationRequest
+*/
+func (a *ThreatInsightApiService) GetCurrentConfiguration(ctx context.Context) ApiGetCurrentConfigurationRequest {
+	return ApiGetCurrentConfigurationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ThreatInsightConfiguration
+func (a *ThreatInsightApiService) GetCurrentConfigurationExecute(r ApiGetCurrentConfigurationRequest) (*ThreatInsightConfiguration, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ThreatInsightConfiguration
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ThreatInsightApiService.GetCurrentConfiguration")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/threats/configuration"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateConfigurationRequest struct {
+	ctx                        context.Context
+	ApiService                 ThreatInsightApi
+	threatInsightConfiguration *ThreatInsightConfiguration
+	retryCount                 int32
+}
+
+func (r ApiUpdateConfigurationRequest) ThreatInsightConfiguration(threatInsightConfiguration ThreatInsightConfiguration) ApiUpdateConfigurationRequest {
+	r.threatInsightConfiguration = &threatInsightConfiguration
+	return r
+}
+
+func (r ApiUpdateConfigurationRequest) Execute() (*ThreatInsightConfiguration, *APIResponse, error) {
+	return r.ApiService.UpdateConfigurationExecute(r)
+}
+
+/*
+UpdateConfiguration Update the ThreatInsight Configuration
+
+Updates ThreatInsight configuration
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiUpdateConfigurationRequest
+*/
+func (a *ThreatInsightApiService) UpdateConfiguration(ctx context.Context) ApiUpdateConfigurationRequest {
+	return ApiUpdateConfigurationRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ThreatInsightConfiguration
+func (a *ThreatInsightApiService) UpdateConfigurationExecute(r ApiUpdateConfigurationRequest) (*ThreatInsightConfiguration, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ThreatInsightConfiguration
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "ThreatInsightApiService.UpdateConfiguration")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/threats/configuration"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.threatInsightConfiguration == nil {
+		return localVarReturnValue, nil, reportError("threatInsightConfiguration is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.threatInsightConfiguration
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_trusted_origin.go b/okta/api_trusted_origin.go
new file mode 100644
index 000000000..74e991c96
--- /dev/null
+++ b/okta/api_trusted_origin.go
@@ -0,0 +1,1341 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type TrustedOriginApi interface {
+	/*
+		ActivateTrustedOrigin Activate a Trusted Origin
+
+		Activates a trusted origin
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param trustedOriginId
+		@return ApiActivateTrustedOriginRequest
+	*/
+	ActivateTrustedOrigin(ctx context.Context, trustedOriginId string) ApiActivateTrustedOriginRequest
+
+	// ActivateTrustedOriginExecute executes the request
+	//  @return TrustedOrigin
+	ActivateTrustedOriginExecute(r ApiActivateTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error)
+
+	/*
+		CreateTrustedOrigin Create a Trusted Origin
+
+		Creates a trusted origin
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateTrustedOriginRequest
+	*/
+	CreateTrustedOrigin(ctx context.Context) ApiCreateTrustedOriginRequest
+
+	// CreateTrustedOriginExecute executes the request
+	//  @return TrustedOrigin
+	CreateTrustedOriginExecute(r ApiCreateTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error)
+
+	/*
+		DeactivateTrustedOrigin Deactivate a Trusted Origin
+
+		Deactivates a trusted origin
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param trustedOriginId
+		@return ApiDeactivateTrustedOriginRequest
+	*/
+	DeactivateTrustedOrigin(ctx context.Context, trustedOriginId string) ApiDeactivateTrustedOriginRequest
+
+	// DeactivateTrustedOriginExecute executes the request
+	//  @return TrustedOrigin
+	DeactivateTrustedOriginExecute(r ApiDeactivateTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error)
+
+	/*
+		DeleteTrustedOrigin Delete a Trusted Origin
+
+		Deletes a trusted origin
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param trustedOriginId
+		@return ApiDeleteTrustedOriginRequest
+	*/
+	DeleteTrustedOrigin(ctx context.Context, trustedOriginId string) ApiDeleteTrustedOriginRequest
+
+	// DeleteTrustedOriginExecute executes the request
+	DeleteTrustedOriginExecute(r ApiDeleteTrustedOriginRequest) (*APIResponse, error)
+
+	/*
+		GetTrustedOrigin Retrieve a Trusted Origin
+
+		Retrieves a trusted origin
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param trustedOriginId
+		@return ApiGetTrustedOriginRequest
+	*/
+	GetTrustedOrigin(ctx context.Context, trustedOriginId string) ApiGetTrustedOriginRequest
+
+	// GetTrustedOriginExecute executes the request
+	//  @return TrustedOrigin
+	GetTrustedOriginExecute(r ApiGetTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error)
+
+	/*
+		ListTrustedOrigins List all Trusted Origins
+
+		Lists all trusted origins
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListTrustedOriginsRequest
+	*/
+	ListTrustedOrigins(ctx context.Context) ApiListTrustedOriginsRequest
+
+	// ListTrustedOriginsExecute executes the request
+	//  @return []TrustedOrigin
+	ListTrustedOriginsExecute(r ApiListTrustedOriginsRequest) ([]TrustedOrigin, *APIResponse, error)
+
+	/*
+		ReplaceTrustedOrigin Replace a Trusted Origin
+
+		Replaces a trusted origin
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param trustedOriginId
+		@return ApiReplaceTrustedOriginRequest
+	*/
+	ReplaceTrustedOrigin(ctx context.Context, trustedOriginId string) ApiReplaceTrustedOriginRequest
+
+	// ReplaceTrustedOriginExecute executes the request
+	//  @return TrustedOrigin
+	ReplaceTrustedOriginExecute(r ApiReplaceTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error)
+}
+
+// TrustedOriginApiService TrustedOriginApi service
+type TrustedOriginApiService service
+
+type ApiActivateTrustedOriginRequest struct {
+	ctx             context.Context
+	ApiService      TrustedOriginApi
+	trustedOriginId string
+	retryCount      int32
+}
+
+func (r ApiActivateTrustedOriginRequest) Execute() (*TrustedOrigin, *APIResponse, error) {
+	return r.ApiService.ActivateTrustedOriginExecute(r)
+}
+
+/*
+ActivateTrustedOrigin Activate a Trusted Origin
+
+Activates a trusted origin
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param trustedOriginId
+	@return ApiActivateTrustedOriginRequest
+*/
+func (a *TrustedOriginApiService) ActivateTrustedOrigin(ctx context.Context, trustedOriginId string) ApiActivateTrustedOriginRequest {
+	return ApiActivateTrustedOriginRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		trustedOriginId: trustedOriginId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return TrustedOrigin
+func (a *TrustedOriginApiService) ActivateTrustedOriginExecute(r ApiActivateTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *TrustedOrigin
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TrustedOriginApiService.ActivateTrustedOrigin")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"trustedOriginId"+"}", url.PathEscape(parameterToString(r.trustedOriginId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateTrustedOriginRequest struct {
+	ctx           context.Context
+	ApiService    TrustedOriginApi
+	trustedOrigin *TrustedOrigin
+	retryCount    int32
+}
+
+func (r ApiCreateTrustedOriginRequest) TrustedOrigin(trustedOrigin TrustedOrigin) ApiCreateTrustedOriginRequest {
+	r.trustedOrigin = &trustedOrigin
+	return r
+}
+
+func (r ApiCreateTrustedOriginRequest) Execute() (*TrustedOrigin, *APIResponse, error) {
+	return r.ApiService.CreateTrustedOriginExecute(r)
+}
+
+/*
+CreateTrustedOrigin Create a Trusted Origin
+
+Creates a trusted origin
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateTrustedOriginRequest
+*/
+func (a *TrustedOriginApiService) CreateTrustedOrigin(ctx context.Context) ApiCreateTrustedOriginRequest {
+	return ApiCreateTrustedOriginRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return TrustedOrigin
+func (a *TrustedOriginApiService) CreateTrustedOriginExecute(r ApiCreateTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *TrustedOrigin
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TrustedOriginApiService.CreateTrustedOrigin")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/trustedOrigins"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.trustedOrigin == nil {
+		return localVarReturnValue, nil, reportError("trustedOrigin is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.trustedOrigin
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateTrustedOriginRequest struct {
+	ctx             context.Context
+	ApiService      TrustedOriginApi
+	trustedOriginId string
+	retryCount      int32
+}
+
+func (r ApiDeactivateTrustedOriginRequest) Execute() (*TrustedOrigin, *APIResponse, error) {
+	return r.ApiService.DeactivateTrustedOriginExecute(r)
+}
+
+/*
+DeactivateTrustedOrigin Deactivate a Trusted Origin
+
+Deactivates a trusted origin
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param trustedOriginId
+	@return ApiDeactivateTrustedOriginRequest
+*/
+func (a *TrustedOriginApiService) DeactivateTrustedOrigin(ctx context.Context, trustedOriginId string) ApiDeactivateTrustedOriginRequest {
+	return ApiDeactivateTrustedOriginRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		trustedOriginId: trustedOriginId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return TrustedOrigin
+func (a *TrustedOriginApiService) DeactivateTrustedOriginExecute(r ApiDeactivateTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *TrustedOrigin
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TrustedOriginApiService.DeactivateTrustedOrigin")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"trustedOriginId"+"}", url.PathEscape(parameterToString(r.trustedOriginId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteTrustedOriginRequest struct {
+	ctx             context.Context
+	ApiService      TrustedOriginApi
+	trustedOriginId string
+	retryCount      int32
+}
+
+func (r ApiDeleteTrustedOriginRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteTrustedOriginExecute(r)
+}
+
+/*
+DeleteTrustedOrigin Delete a Trusted Origin
+
+Deletes a trusted origin
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param trustedOriginId
+	@return ApiDeleteTrustedOriginRequest
+*/
+func (a *TrustedOriginApiService) DeleteTrustedOrigin(ctx context.Context, trustedOriginId string) ApiDeleteTrustedOriginRequest {
+	return ApiDeleteTrustedOriginRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		trustedOriginId: trustedOriginId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+func (a *TrustedOriginApiService) DeleteTrustedOriginExecute(r ApiDeleteTrustedOriginRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TrustedOriginApiService.DeleteTrustedOrigin")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/trustedOrigins/{trustedOriginId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"trustedOriginId"+"}", url.PathEscape(parameterToString(r.trustedOriginId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetTrustedOriginRequest struct {
+	ctx             context.Context
+	ApiService      TrustedOriginApi
+	trustedOriginId string
+	retryCount      int32
+}
+
+func (r ApiGetTrustedOriginRequest) Execute() (*TrustedOrigin, *APIResponse, error) {
+	return r.ApiService.GetTrustedOriginExecute(r)
+}
+
+/*
+GetTrustedOrigin Retrieve a Trusted Origin
+
+Retrieves a trusted origin
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param trustedOriginId
+	@return ApiGetTrustedOriginRequest
+*/
+func (a *TrustedOriginApiService) GetTrustedOrigin(ctx context.Context, trustedOriginId string) ApiGetTrustedOriginRequest {
+	return ApiGetTrustedOriginRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		trustedOriginId: trustedOriginId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return TrustedOrigin
+func (a *TrustedOriginApiService) GetTrustedOriginExecute(r ApiGetTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *TrustedOrigin
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TrustedOriginApiService.GetTrustedOrigin")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/trustedOrigins/{trustedOriginId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"trustedOriginId"+"}", url.PathEscape(parameterToString(r.trustedOriginId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListTrustedOriginsRequest struct {
+	ctx        context.Context
+	ApiService TrustedOriginApi
+	q          *string
+	filter     *string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListTrustedOriginsRequest) Q(q string) ApiListTrustedOriginsRequest {
+	r.q = &q
+	return r
+}
+
+func (r ApiListTrustedOriginsRequest) Filter(filter string) ApiListTrustedOriginsRequest {
+	r.filter = &filter
+	return r
+}
+
+func (r ApiListTrustedOriginsRequest) After(after string) ApiListTrustedOriginsRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListTrustedOriginsRequest) Limit(limit int32) ApiListTrustedOriginsRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListTrustedOriginsRequest) Execute() ([]TrustedOrigin, *APIResponse, error) {
+	return r.ApiService.ListTrustedOriginsExecute(r)
+}
+
+/*
+ListTrustedOrigins List all Trusted Origins
+
+Lists all trusted origins
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListTrustedOriginsRequest
+*/
+func (a *TrustedOriginApiService) ListTrustedOrigins(ctx context.Context) ApiListTrustedOriginsRequest {
+	return ApiListTrustedOriginsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []TrustedOrigin
+func (a *TrustedOriginApiService) ListTrustedOriginsExecute(r ApiListTrustedOriginsRequest) ([]TrustedOrigin, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []TrustedOrigin
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TrustedOriginApiService.ListTrustedOrigins")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/trustedOrigins"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceTrustedOriginRequest struct {
+	ctx             context.Context
+	ApiService      TrustedOriginApi
+	trustedOriginId string
+	trustedOrigin   *TrustedOrigin
+	retryCount      int32
+}
+
+func (r ApiReplaceTrustedOriginRequest) TrustedOrigin(trustedOrigin TrustedOrigin) ApiReplaceTrustedOriginRequest {
+	r.trustedOrigin = &trustedOrigin
+	return r
+}
+
+func (r ApiReplaceTrustedOriginRequest) Execute() (*TrustedOrigin, *APIResponse, error) {
+	return r.ApiService.ReplaceTrustedOriginExecute(r)
+}
+
+/*
+ReplaceTrustedOrigin Replace a Trusted Origin
+
+Replaces a trusted origin
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param trustedOriginId
+	@return ApiReplaceTrustedOriginRequest
+*/
+func (a *TrustedOriginApiService) ReplaceTrustedOrigin(ctx context.Context, trustedOriginId string) ApiReplaceTrustedOriginRequest {
+	return ApiReplaceTrustedOriginRequest{
+		ApiService:      a,
+		ctx:             ctx,
+		trustedOriginId: trustedOriginId,
+		retryCount:      0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return TrustedOrigin
+func (a *TrustedOriginApiService) ReplaceTrustedOriginExecute(r ApiReplaceTrustedOriginRequest) (*TrustedOrigin, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *TrustedOrigin
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "TrustedOriginApiService.ReplaceTrustedOrigin")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/trustedOrigins/{trustedOriginId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"trustedOriginId"+"}", url.PathEscape(parameterToString(r.trustedOriginId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.trustedOrigin == nil {
+		return localVarReturnValue, nil, reportError("trustedOrigin is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.trustedOrigin
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_user.go b/okta/api_user.go
new file mode 100644
index 000000000..8c6cdc2c3
--- /dev/null
+++ b/okta/api_user.go
@@ -0,0 +1,7431 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type UserApi interface {
+	/*
+		ActivateUser Activate a User
+
+		Activates a user.  This operation can only be performed on users with a `STAGED` status.  Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.  The user will have a status of `ACTIVE` when the activation process is complete.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiActivateUserRequest
+	*/
+	ActivateUser(ctx context.Context, userId string) ApiActivateUserRequest
+
+	// ActivateUserExecute executes the request
+	//  @return UserActivationToken
+	ActivateUserExecute(r ApiActivateUserRequest) (*UserActivationToken, *APIResponse, error)
+
+	/*
+		ChangePassword Change Password
+
+		Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiChangePasswordRequest
+	*/
+	ChangePassword(ctx context.Context, userId string) ApiChangePasswordRequest
+
+	// ChangePasswordExecute executes the request
+	//  @return UserCredentials
+	ChangePasswordExecute(r ApiChangePasswordRequest) (*UserCredentials, *APIResponse, error)
+
+	/*
+		ChangeRecoveryQuestion Change Recovery Question
+
+		Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiChangeRecoveryQuestionRequest
+	*/
+	ChangeRecoveryQuestion(ctx context.Context, userId string) ApiChangeRecoveryQuestionRequest
+
+	// ChangeRecoveryQuestionExecute executes the request
+	//  @return UserCredentials
+	ChangeRecoveryQuestionExecute(r ApiChangeRecoveryQuestionRequest) (*UserCredentials, *APIResponse, error)
+
+	/*
+		CreateUser Create a User
+
+		Creates a new user in your Okta organization with or without credentials
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateUserRequest
+	*/
+	CreateUser(ctx context.Context) ApiCreateUserRequest
+
+	// CreateUserExecute executes the request
+	//  @return User
+	CreateUserExecute(r ApiCreateUserRequest) (*User, *APIResponse, error)
+
+	/*
+		DeactivateUser Deactivate a User
+
+		Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiDeactivateUserRequest
+	*/
+	DeactivateUser(ctx context.Context, userId string) ApiDeactivateUserRequest
+
+	// DeactivateUserExecute executes the request
+	DeactivateUserExecute(r ApiDeactivateUserRequest) (*APIResponse, error)
+
+	/*
+		DeleteLinkedObjectForUser Delete a Linked Object
+
+		Deletes linked objects for a user, relationshipName can be ONLY a primary relationship name
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param relationshipName
+		@return ApiDeleteLinkedObjectForUserRequest
+	*/
+	DeleteLinkedObjectForUser(ctx context.Context, userId string, relationshipName string) ApiDeleteLinkedObjectForUserRequest
+
+	// DeleteLinkedObjectForUserExecute executes the request
+	DeleteLinkedObjectForUserExecute(r ApiDeleteLinkedObjectForUserRequest) (*APIResponse, error)
+
+	/*
+		DeleteUser Delete a User
+
+		Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**. Calling this on an `ACTIVE` user will transition the user to `DEPROVISIONED`.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiDeleteUserRequest
+	*/
+	DeleteUser(ctx context.Context, userId string) ApiDeleteUserRequest
+
+	// DeleteUserExecute executes the request
+	DeleteUserExecute(r ApiDeleteUserRequest) (*APIResponse, error)
+
+	/*
+		ExpirePassword Expire Password
+
+		Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiExpirePasswordRequest
+	*/
+	ExpirePassword(ctx context.Context, userId string) ApiExpirePasswordRequest
+
+	// ExpirePasswordExecute executes the request
+	//  @return User
+	ExpirePasswordExecute(r ApiExpirePasswordRequest) (*User, *APIResponse, error)
+
+	/*
+		ExpirePasswordAndGetTemporaryPassword Expire Password and Set Temporary Password
+
+		Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login, and also sets the user's password to a temporary password returned in the response
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiExpirePasswordAndGetTemporaryPasswordRequest
+	*/
+	ExpirePasswordAndGetTemporaryPassword(ctx context.Context, userId string) ApiExpirePasswordAndGetTemporaryPasswordRequest
+
+	// ExpirePasswordAndGetTemporaryPasswordExecute executes the request
+	//  @return TempPassword
+	ExpirePasswordAndGetTemporaryPasswordExecute(r ApiExpirePasswordAndGetTemporaryPasswordRequest) (*TempPassword, *APIResponse, error)
+
+	/*
+		ForgotPassword Initiate Forgot Password
+
+		Initiates the forgot password flow. Generates a one-time token (OTT) that can be used to reset a user's password.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiForgotPasswordRequest
+	*/
+	ForgotPassword(ctx context.Context, userId string) ApiForgotPasswordRequest
+
+	// ForgotPasswordExecute executes the request
+	//  @return ForgotPasswordResponse
+	ForgotPasswordExecute(r ApiForgotPasswordRequest) (*ForgotPasswordResponse, *APIResponse, error)
+
+	/*
+		ForgotPasswordSetNewPassword Reset Password with Recovery Question
+
+		Resets the user's password to the specified password if the provided answer to the recovery question is correct
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiForgotPasswordSetNewPasswordRequest
+	*/
+	ForgotPasswordSetNewPassword(ctx context.Context, userId string) ApiForgotPasswordSetNewPasswordRequest
+
+	// ForgotPasswordSetNewPasswordExecute executes the request
+	//  @return UserCredentials
+	ForgotPasswordSetNewPasswordExecute(r ApiForgotPasswordSetNewPasswordRequest) (*UserCredentials, *APIResponse, error)
+
+	/*
+		GenerateResetPasswordToken Generate a Reset Password Token
+
+		Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiGenerateResetPasswordTokenRequest
+	*/
+	GenerateResetPasswordToken(ctx context.Context, userId string) ApiGenerateResetPasswordTokenRequest
+
+	// GenerateResetPasswordTokenExecute executes the request
+	//  @return ResetPasswordToken
+	GenerateResetPasswordTokenExecute(r ApiGenerateResetPasswordTokenRequest) (*ResetPasswordToken, *APIResponse, error)
+
+	/*
+		GetRefreshTokenForUserAndClient Retrieve a Refresh Token for a Client
+
+		Retrieves a refresh token issued for the specified User and Client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param clientId
+		@param tokenId
+		@return ApiGetRefreshTokenForUserAndClientRequest
+	*/
+	GetRefreshTokenForUserAndClient(ctx context.Context, userId string, clientId string, tokenId string) ApiGetRefreshTokenForUserAndClientRequest
+
+	// GetRefreshTokenForUserAndClientExecute executes the request
+	//  @return OAuth2RefreshToken
+	GetRefreshTokenForUserAndClientExecute(r ApiGetRefreshTokenForUserAndClientRequest) (*OAuth2RefreshToken, *APIResponse, error)
+
+	/*
+		GetUser Retrieve a User
+
+		Retrieves a user from your Okta organization
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiGetUserRequest
+	*/
+	GetUser(ctx context.Context, userId string) ApiGetUserRequest
+
+	// GetUserExecute executes the request
+	//  @return User
+	GetUserExecute(r ApiGetUserRequest) (*User, *APIResponse, error)
+
+	/*
+		GetUserGrant Retrieve a User Grant
+
+		Retrieves a grant for the specified user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param grantId
+		@return ApiGetUserGrantRequest
+	*/
+	GetUserGrant(ctx context.Context, userId string, grantId string) ApiGetUserGrantRequest
+
+	// GetUserGrantExecute executes the request
+	//  @return OAuth2ScopeConsentGrant
+	GetUserGrantExecute(r ApiGetUserGrantRequest) (*OAuth2ScopeConsentGrant, *APIResponse, error)
+
+	/*
+		ListAppLinks List all Assigned Application Links
+
+		Lists all appLinks for all direct or indirect (via group membership) assigned applications
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListAppLinksRequest
+	*/
+	ListAppLinks(ctx context.Context, userId string) ApiListAppLinksRequest
+
+	// ListAppLinksExecute executes the request
+	//  @return []AppLink
+	ListAppLinksExecute(r ApiListAppLinksRequest) ([]AppLink, *APIResponse, error)
+
+	/*
+		ListGrantsForUserAndClient List all Grants for a Client
+
+		Lists all grants for a specified user and client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param clientId
+		@return ApiListGrantsForUserAndClientRequest
+	*/
+	ListGrantsForUserAndClient(ctx context.Context, userId string, clientId string) ApiListGrantsForUserAndClientRequest
+
+	// ListGrantsForUserAndClientExecute executes the request
+	//  @return []OAuth2ScopeConsentGrant
+	ListGrantsForUserAndClientExecute(r ApiListGrantsForUserAndClientRequest) ([]OAuth2ScopeConsentGrant, *APIResponse, error)
+
+	/*
+		ListLinkedObjectsForUser List all Linked Objects
+
+		Lists all linked objects for a user, relationshipName can be a primary or associated relationship name
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param relationshipName
+		@return ApiListLinkedObjectsForUserRequest
+	*/
+	ListLinkedObjectsForUser(ctx context.Context, userId string, relationshipName string) ApiListLinkedObjectsForUserRequest
+
+	// ListLinkedObjectsForUserExecute executes the request
+	//  @return []map[string]interface{}
+	ListLinkedObjectsForUserExecute(r ApiListLinkedObjectsForUserRequest) ([]map[string]interface{}, *APIResponse, error)
+
+	/*
+		ListRefreshTokensForUserAndClient List all Refresh Tokens for a Client
+
+		Lists all refresh tokens issued for the specified User and Client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param clientId
+		@return ApiListRefreshTokensForUserAndClientRequest
+	*/
+	ListRefreshTokensForUserAndClient(ctx context.Context, userId string, clientId string) ApiListRefreshTokensForUserAndClientRequest
+
+	// ListRefreshTokensForUserAndClientExecute executes the request
+	//  @return []OAuth2RefreshToken
+	ListRefreshTokensForUserAndClientExecute(r ApiListRefreshTokensForUserAndClientRequest) ([]OAuth2RefreshToken, *APIResponse, error)
+
+	/*
+		ListUserBlocks List all User Blocks
+
+		Lists information about how the user is blocked from accessing their account
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListUserBlocksRequest
+	*/
+	ListUserBlocks(ctx context.Context, userId string) ApiListUserBlocksRequest
+
+	// ListUserBlocksExecute executes the request
+	//  @return []UserBlock
+	ListUserBlocksExecute(r ApiListUserBlocksRequest) ([]UserBlock, *APIResponse, error)
+
+	/*
+		ListUserClients List all Clients
+
+		Lists all client resources for which the specified user has grants or tokens
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListUserClientsRequest
+	*/
+	ListUserClients(ctx context.Context, userId string) ApiListUserClientsRequest
+
+	// ListUserClientsExecute executes the request
+	//  @return []OAuth2Client
+	ListUserClientsExecute(r ApiListUserClientsRequest) ([]OAuth2Client, *APIResponse, error)
+
+	/*
+		ListUserGrants List all User Grants
+
+		Lists all grants for the specified user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListUserGrantsRequest
+	*/
+	ListUserGrants(ctx context.Context, userId string) ApiListUserGrantsRequest
+
+	// ListUserGrantsExecute executes the request
+	//  @return []OAuth2ScopeConsentGrant
+	ListUserGrantsExecute(r ApiListUserGrantsRequest) ([]OAuth2ScopeConsentGrant, *APIResponse, error)
+
+	/*
+		ListUserGroups List all Groups
+
+		Lists all groups of which the user is a member
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListUserGroupsRequest
+	*/
+	ListUserGroups(ctx context.Context, userId string) ApiListUserGroupsRequest
+
+	// ListUserGroupsExecute executes the request
+	//  @return []Group
+	ListUserGroupsExecute(r ApiListUserGroupsRequest) ([]Group, *APIResponse, error)
+
+	/*
+		ListUserIdentityProviders List all Identity Providers
+
+		Lists the IdPs associated with the user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListUserIdentityProvidersRequest
+	*/
+	ListUserIdentityProviders(ctx context.Context, userId string) ApiListUserIdentityProvidersRequest
+
+	// ListUserIdentityProvidersExecute executes the request
+	//  @return []IdentityProvider
+	ListUserIdentityProvidersExecute(r ApiListUserIdentityProvidersRequest) ([]IdentityProvider, *APIResponse, error)
+
+	/*
+		ListUsers List all Users
+
+		Lists all users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination.  A subset of users can be returned that match a supported filter expression or search criteria.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListUsersRequest
+	*/
+	ListUsers(ctx context.Context) ApiListUsersRequest
+
+	// ListUsersExecute executes the request
+	//  @return []User
+	ListUsersExecute(r ApiListUsersRequest) ([]User, *APIResponse, error)
+
+	/*
+		ReactivateUser Reactivate a User
+
+		Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiReactivateUserRequest
+	*/
+	ReactivateUser(ctx context.Context, userId string) ApiReactivateUserRequest
+
+	// ReactivateUserExecute executes the request
+	//  @return UserActivationToken
+	ReactivateUserExecute(r ApiReactivateUserRequest) (*UserActivationToken, *APIResponse, error)
+
+	/*
+		ReplaceUser Replace a User
+
+		Replaces a user's profile and/or credentials using strict-update semantics
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiReplaceUserRequest
+	*/
+	ReplaceUser(ctx context.Context, userId string) ApiReplaceUserRequest
+
+	// ReplaceUserExecute executes the request
+	//  @return User
+	ReplaceUserExecute(r ApiReplaceUserRequest) (*User, *APIResponse, error)
+
+	/*
+		ResetFactors Reset all Factors
+
+		Resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiResetFactorsRequest
+	*/
+	ResetFactors(ctx context.Context, userId string) ApiResetFactorsRequest
+
+	// ResetFactorsExecute executes the request
+	ResetFactorsExecute(r ApiResetFactorsRequest) (*APIResponse, error)
+
+	/*
+		RevokeGrantsForUserAndClient Revoke all Grants for a Client
+
+		Revokes all grants for the specified user and client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param clientId
+		@return ApiRevokeGrantsForUserAndClientRequest
+	*/
+	RevokeGrantsForUserAndClient(ctx context.Context, userId string, clientId string) ApiRevokeGrantsForUserAndClientRequest
+
+	// RevokeGrantsForUserAndClientExecute executes the request
+	RevokeGrantsForUserAndClientExecute(r ApiRevokeGrantsForUserAndClientRequest) (*APIResponse, error)
+
+	/*
+		RevokeTokenForUserAndClient Revoke a Token for a Client
+
+		Revokes the specified refresh token
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param clientId
+		@param tokenId
+		@return ApiRevokeTokenForUserAndClientRequest
+	*/
+	RevokeTokenForUserAndClient(ctx context.Context, userId string, clientId string, tokenId string) ApiRevokeTokenForUserAndClientRequest
+
+	// RevokeTokenForUserAndClientExecute executes the request
+	RevokeTokenForUserAndClientExecute(r ApiRevokeTokenForUserAndClientRequest) (*APIResponse, error)
+
+	/*
+		RevokeTokensForUserAndClient Revoke all Refresh Tokens for a Client
+
+		Revokes all refresh tokens issued for the specified User and Client
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param clientId
+		@return ApiRevokeTokensForUserAndClientRequest
+	*/
+	RevokeTokensForUserAndClient(ctx context.Context, userId string, clientId string) ApiRevokeTokensForUserAndClientRequest
+
+	// RevokeTokensForUserAndClientExecute executes the request
+	RevokeTokensForUserAndClientExecute(r ApiRevokeTokensForUserAndClientRequest) (*APIResponse, error)
+
+	/*
+		RevokeUserGrant Revoke a User Grant
+
+		Revokes one grant for a specified user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param grantId
+		@return ApiRevokeUserGrantRequest
+	*/
+	RevokeUserGrant(ctx context.Context, userId string, grantId string) ApiRevokeUserGrantRequest
+
+	// RevokeUserGrantExecute executes the request
+	RevokeUserGrantExecute(r ApiRevokeUserGrantRequest) (*APIResponse, error)
+
+	/*
+		RevokeUserGrants Revoke all User Grants
+
+		Revokes all grants for a specified user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiRevokeUserGrantsRequest
+	*/
+	RevokeUserGrants(ctx context.Context, userId string) ApiRevokeUserGrantsRequest
+
+	// RevokeUserGrantsExecute executes the request
+	RevokeUserGrantsExecute(r ApiRevokeUserGrantsRequest) (*APIResponse, error)
+
+	/*
+		RevokeUserSessions Revoke all User Sessions
+
+		Revokes all active identity provider sessions of the user. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiRevokeUserSessionsRequest
+	*/
+	RevokeUserSessions(ctx context.Context, userId string) ApiRevokeUserSessionsRequest
+
+	// RevokeUserSessionsExecute executes the request
+	RevokeUserSessionsExecute(r ApiRevokeUserSessionsRequest) (*APIResponse, error)
+
+	/*
+		SetLinkedObjectForUser Create a Linked Object for two User
+
+		Creates a linked object for two users
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param associatedUserId
+		@param primaryRelationshipName
+		@param primaryUserId
+		@return ApiSetLinkedObjectForUserRequest
+	*/
+	SetLinkedObjectForUser(ctx context.Context, associatedUserId string, primaryRelationshipName string, primaryUserId string) ApiSetLinkedObjectForUserRequest
+
+	// SetLinkedObjectForUserExecute executes the request
+	SetLinkedObjectForUserExecute(r ApiSetLinkedObjectForUserRequest) (*APIResponse, error)
+
+	/*
+		SuspendUser Suspend a User
+
+		Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiSuspendUserRequest
+	*/
+	SuspendUser(ctx context.Context, userId string) ApiSuspendUserRequest
+
+	// SuspendUserExecute executes the request
+	SuspendUserExecute(r ApiSuspendUserRequest) (*APIResponse, error)
+
+	/*
+		UnlockUser Unlock a User
+
+		Unlocks a user with a `LOCKED_OUT` status or unlocks a user with an `ACTIVE` status that is blocked from unknown devices. Unlocked users have an `ACTIVE` status and can sign in with their current password.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiUnlockUserRequest
+	*/
+	UnlockUser(ctx context.Context, userId string) ApiUnlockUserRequest
+
+	// UnlockUserExecute executes the request
+	UnlockUserExecute(r ApiUnlockUserRequest) (*APIResponse, error)
+
+	/*
+		UnsuspendUser Unsuspend a User
+
+		Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiUnsuspendUserRequest
+	*/
+	UnsuspendUser(ctx context.Context, userId string) ApiUnsuspendUserRequest
+
+	// UnsuspendUserExecute executes the request
+	UnsuspendUserExecute(r ApiUnsuspendUserRequest) (*APIResponse, error)
+
+	/*
+		UpdateUser Update a User
+
+		Updates a user partially determined by the request parameters
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiUpdateUserRequest
+	*/
+	UpdateUser(ctx context.Context, userId string) ApiUpdateUserRequest
+
+	// UpdateUserExecute executes the request
+	//  @return User
+	UpdateUserExecute(r ApiUpdateUserRequest) (*User, *APIResponse, error)
+}
+
+// UserApiService UserApi service
+type UserApiService service
+
+type ApiActivateUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	sendEmail  *bool
+	retryCount int32
+}
+
+// Sends an activation email to the user if true
+func (r ApiActivateUserRequest) SendEmail(sendEmail bool) ApiActivateUserRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiActivateUserRequest) Execute() (*UserActivationToken, *APIResponse, error) {
+	return r.ApiService.ActivateUserExecute(r)
+}
+
+/*
+ActivateUser Activate a User
+
+Activates a user.  This operation can only be performed on users with a `STAGED` status.  Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.  The user will have a status of `ACTIVE` when the activation process is complete.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiActivateUserRequest
+*/
+func (a *UserApiService) ActivateUser(ctx context.Context, userId string) ApiActivateUserRequest {
+	return ApiActivateUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserActivationToken
+func (a *UserApiService) ActivateUserExecute(r ApiActivateUserRequest) (*UserActivationToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserActivationToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ActivateUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.sendEmail == nil {
+		return localVarReturnValue, nil, reportError("sendEmail is required and must be specified")
+	}
+
+	localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiChangePasswordRequest struct {
+	ctx                   context.Context
+	ApiService            UserApi
+	userId                string
+	changePasswordRequest *ChangePasswordRequest
+	strict                *bool
+	retryCount            int32
+}
+
+func (r ApiChangePasswordRequest) ChangePasswordRequest(changePasswordRequest ChangePasswordRequest) ApiChangePasswordRequest {
+	r.changePasswordRequest = &changePasswordRequest
+	return r
+}
+
+func (r ApiChangePasswordRequest) Strict(strict bool) ApiChangePasswordRequest {
+	r.strict = &strict
+	return r
+}
+
+func (r ApiChangePasswordRequest) Execute() (*UserCredentials, *APIResponse, error) {
+	return r.ApiService.ChangePasswordExecute(r)
+}
+
+/*
+ChangePassword Change Password
+
+Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiChangePasswordRequest
+*/
+func (a *UserApiService) ChangePassword(ctx context.Context, userId string) ApiChangePasswordRequest {
+	return ApiChangePasswordRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserCredentials
+func (a *UserApiService) ChangePasswordExecute(r ApiChangePasswordRequest) (*UserCredentials, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserCredentials
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ChangePassword")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/credentials/change_password"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.changePasswordRequest == nil {
+		return localVarReturnValue, nil, reportError("changePasswordRequest is required and must be specified")
+	}
+
+	if r.strict != nil {
+		localVarQueryParams.Add("strict", parameterToString(*r.strict, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.changePasswordRequest
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiChangeRecoveryQuestionRequest struct {
+	ctx             context.Context
+	ApiService      UserApi
+	userId          string
+	userCredentials *UserCredentials
+	retryCount      int32
+}
+
+func (r ApiChangeRecoveryQuestionRequest) UserCredentials(userCredentials UserCredentials) ApiChangeRecoveryQuestionRequest {
+	r.userCredentials = &userCredentials
+	return r
+}
+
+func (r ApiChangeRecoveryQuestionRequest) Execute() (*UserCredentials, *APIResponse, error) {
+	return r.ApiService.ChangeRecoveryQuestionExecute(r)
+}
+
+/*
+ChangeRecoveryQuestion Change Recovery Question
+
+Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiChangeRecoveryQuestionRequest
+*/
+func (a *UserApiService) ChangeRecoveryQuestion(ctx context.Context, userId string) ApiChangeRecoveryQuestionRequest {
+	return ApiChangeRecoveryQuestionRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserCredentials
+func (a *UserApiService) ChangeRecoveryQuestionExecute(r ApiChangeRecoveryQuestionRequest) (*UserCredentials, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserCredentials
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ChangeRecoveryQuestion")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/credentials/change_recovery_question"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.userCredentials == nil {
+		return localVarReturnValue, nil, reportError("userCredentials is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.userCredentials
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiCreateUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	body       *CreateUserRequest
+	activate   *bool
+	provider   *bool
+	nextLogin  *UserNextLogin
+	retryCount int32
+}
+
+func (r ApiCreateUserRequest) Body(body CreateUserRequest) ApiCreateUserRequest {
+	r.body = &body
+	return r
+}
+
+// Executes activation lifecycle operation when creating the user
+func (r ApiCreateUserRequest) Activate(activate bool) ApiCreateUserRequest {
+	r.activate = &activate
+	return r
+}
+
+// Indicates whether to create a user with a specified authentication provider
+func (r ApiCreateUserRequest) Provider(provider bool) ApiCreateUserRequest {
+	r.provider = &provider
+	return r
+}
+
+// With activate&#x3D;true, set nextLogin to \&quot;changePassword\&quot; to have the password be EXPIRED, so user must change it the next time they log in.
+func (r ApiCreateUserRequest) NextLogin(nextLogin UserNextLogin) ApiCreateUserRequest {
+	r.nextLogin = &nextLogin
+	return r
+}
+
+func (r ApiCreateUserRequest) Execute() (*User, *APIResponse, error) {
+	return r.ApiService.CreateUserExecute(r)
+}
+
+/*
+CreateUser Create a User
+
+Creates a new user in your Okta organization with or without credentials
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateUserRequest
+*/
+func (a *UserApiService) CreateUser(ctx context.Context) ApiCreateUserRequest {
+	return ApiCreateUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return User
+func (a *UserApiService) CreateUserExecute(r ApiCreateUserRequest) (*User, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *User
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.CreateUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.body == nil {
+		return localVarReturnValue, nil, reportError("body is required and must be specified")
+	}
+
+	if r.activate != nil {
+		localVarQueryParams.Add("activate", parameterToString(*r.activate, ""))
+	}
+	if r.provider != nil {
+		localVarQueryParams.Add("provider", parameterToString(*r.provider, ""))
+	}
+	if r.nextLogin != nil {
+		localVarQueryParams.Add("nextLogin", parameterToString(*r.nextLogin, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.body
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeactivateUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	sendEmail  *bool
+	retryCount int32
+}
+
+func (r ApiDeactivateUserRequest) SendEmail(sendEmail bool) ApiDeactivateUserRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiDeactivateUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeactivateUserExecute(r)
+}
+
+/*
+DeactivateUser Deactivate a User
+
+Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiDeactivateUserRequest
+*/
+func (a *UserApiService) DeactivateUser(ctx context.Context, userId string) ApiDeactivateUserRequest {
+	return ApiDeactivateUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) DeactivateUserExecute(r ApiDeactivateUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.DeactivateUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/deactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.sendEmail != nil {
+		localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteLinkedObjectForUserRequest struct {
+	ctx              context.Context
+	ApiService       UserApi
+	userId           string
+	relationshipName string
+	retryCount       int32
+}
+
+func (r ApiDeleteLinkedObjectForUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteLinkedObjectForUserExecute(r)
+}
+
+/*
+DeleteLinkedObjectForUser Delete a Linked Object
+
+Deletes linked objects for a user, relationshipName can be ONLY a primary relationship name
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param relationshipName
+	@return ApiDeleteLinkedObjectForUserRequest
+*/
+func (a *UserApiService) DeleteLinkedObjectForUser(ctx context.Context, userId string, relationshipName string) ApiDeleteLinkedObjectForUserRequest {
+	return ApiDeleteLinkedObjectForUserRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		userId:           userId,
+		relationshipName: relationshipName,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) DeleteLinkedObjectForUserExecute(r ApiDeleteLinkedObjectForUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.DeleteLinkedObjectForUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/linkedObjects/{relationshipName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"relationshipName"+"}", url.PathEscape(parameterToString(r.relationshipName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiDeleteUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	sendEmail  *bool
+	retryCount int32
+}
+
+func (r ApiDeleteUserRequest) SendEmail(sendEmail bool) ApiDeleteUserRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiDeleteUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteUserExecute(r)
+}
+
+/*
+DeleteUser Delete a User
+
+Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**. Calling this on an `ACTIVE` user will transition the user to `DEPROVISIONED`.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiDeleteUserRequest
+*/
+func (a *UserApiService) DeleteUser(ctx context.Context, userId string) ApiDeleteUserRequest {
+	return ApiDeleteUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) DeleteUserExecute(r ApiDeleteUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.DeleteUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.sendEmail != nil {
+		localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiExpirePasswordRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiExpirePasswordRequest) Execute() (*User, *APIResponse, error) {
+	return r.ApiService.ExpirePasswordExecute(r)
+}
+
+/*
+ExpirePassword Expire Password
+
+Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiExpirePasswordRequest
+*/
+func (a *UserApiService) ExpirePassword(ctx context.Context, userId string) ApiExpirePasswordRequest {
+	return ApiExpirePasswordRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return User
+func (a *UserApiService) ExpirePasswordExecute(r ApiExpirePasswordRequest) (*User, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *User
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ExpirePassword")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/expire_password"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiExpirePasswordAndGetTemporaryPasswordRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiExpirePasswordAndGetTemporaryPasswordRequest) Execute() (*TempPassword, *APIResponse, error) {
+	return r.ApiService.ExpirePasswordAndGetTemporaryPasswordExecute(r)
+}
+
+/*
+ExpirePasswordAndGetTemporaryPassword Expire Password and Set Temporary Password
+
+Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login, and also sets the user's password to a temporary password returned in the response
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiExpirePasswordAndGetTemporaryPasswordRequest
+*/
+func (a *UserApiService) ExpirePasswordAndGetTemporaryPassword(ctx context.Context, userId string) ApiExpirePasswordAndGetTemporaryPasswordRequest {
+	return ApiExpirePasswordAndGetTemporaryPasswordRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return TempPassword
+func (a *UserApiService) ExpirePasswordAndGetTemporaryPasswordExecute(r ApiExpirePasswordAndGetTemporaryPasswordRequest) (*TempPassword, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *TempPassword
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ExpirePasswordAndGetTemporaryPassword")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/expire_password_with_temp_password"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiForgotPasswordRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	sendEmail  *bool
+	retryCount int32
+}
+
+func (r ApiForgotPasswordRequest) SendEmail(sendEmail bool) ApiForgotPasswordRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiForgotPasswordRequest) Execute() (*ForgotPasswordResponse, *APIResponse, error) {
+	return r.ApiService.ForgotPasswordExecute(r)
+}
+
+/*
+ForgotPassword Initiate Forgot Password
+
+Initiates the forgot password flow. Generates a one-time token (OTT) that can be used to reset a user's password.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiForgotPasswordRequest
+*/
+func (a *UserApiService) ForgotPassword(ctx context.Context, userId string) ApiForgotPasswordRequest {
+	return ApiForgotPasswordRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ForgotPasswordResponse
+func (a *UserApiService) ForgotPasswordExecute(r ApiForgotPasswordRequest) (*ForgotPasswordResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ForgotPasswordResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ForgotPassword")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/credentials/forgot_password"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.sendEmail != nil {
+		localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiForgotPasswordSetNewPasswordRequest struct {
+	ctx             context.Context
+	ApiService      UserApi
+	userId          string
+	userCredentials *UserCredentials
+	sendEmail       *bool
+	retryCount      int32
+}
+
+func (r ApiForgotPasswordSetNewPasswordRequest) UserCredentials(userCredentials UserCredentials) ApiForgotPasswordSetNewPasswordRequest {
+	r.userCredentials = &userCredentials
+	return r
+}
+
+func (r ApiForgotPasswordSetNewPasswordRequest) SendEmail(sendEmail bool) ApiForgotPasswordSetNewPasswordRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiForgotPasswordSetNewPasswordRequest) Execute() (*UserCredentials, *APIResponse, error) {
+	return r.ApiService.ForgotPasswordSetNewPasswordExecute(r)
+}
+
+/*
+ForgotPasswordSetNewPassword Reset Password with Recovery Question
+
+Resets the user's password to the specified password if the provided answer to the recovery question is correct
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiForgotPasswordSetNewPasswordRequest
+*/
+func (a *UserApiService) ForgotPasswordSetNewPassword(ctx context.Context, userId string) ApiForgotPasswordSetNewPasswordRequest {
+	return ApiForgotPasswordSetNewPasswordRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserCredentials
+func (a *UserApiService) ForgotPasswordSetNewPasswordExecute(r ApiForgotPasswordSetNewPasswordRequest) (*UserCredentials, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserCredentials
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ForgotPasswordSetNewPassword")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/credentials/forgot_password_recovery_question"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.userCredentials == nil {
+		return localVarReturnValue, nil, reportError("userCredentials is required and must be specified")
+	}
+
+	if r.sendEmail != nil {
+		localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.userCredentials
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGenerateResetPasswordTokenRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	sendEmail  *bool
+	retryCount int32
+}
+
+func (r ApiGenerateResetPasswordTokenRequest) SendEmail(sendEmail bool) ApiGenerateResetPasswordTokenRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiGenerateResetPasswordTokenRequest) Execute() (*ResetPasswordToken, *APIResponse, error) {
+	return r.ApiService.GenerateResetPasswordTokenExecute(r)
+}
+
+/*
+GenerateResetPasswordToken Generate a Reset Password Token
+
+Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiGenerateResetPasswordTokenRequest
+*/
+func (a *UserApiService) GenerateResetPasswordToken(ctx context.Context, userId string) ApiGenerateResetPasswordTokenRequest {
+	return ApiGenerateResetPasswordTokenRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ResetPasswordToken
+func (a *UserApiService) GenerateResetPasswordTokenExecute(r ApiGenerateResetPasswordTokenRequest) (*ResetPasswordToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ResetPasswordToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.GenerateResetPasswordToken")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/reset_password"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.sendEmail == nil {
+		return localVarReturnValue, nil, reportError("sendEmail is required and must be specified")
+	}
+
+	localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetRefreshTokenForUserAndClientRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	clientId   string
+	tokenId    string
+	expand     *string
+	limit      *int32
+	after      *string
+	retryCount int32
+}
+
+func (r ApiGetRefreshTokenForUserAndClientRequest) Expand(expand string) ApiGetRefreshTokenForUserAndClientRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetRefreshTokenForUserAndClientRequest) Limit(limit int32) ApiGetRefreshTokenForUserAndClientRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiGetRefreshTokenForUserAndClientRequest) After(after string) ApiGetRefreshTokenForUserAndClientRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiGetRefreshTokenForUserAndClientRequest) Execute() (*OAuth2RefreshToken, *APIResponse, error) {
+	return r.ApiService.GetRefreshTokenForUserAndClientExecute(r)
+}
+
+/*
+GetRefreshTokenForUserAndClient Retrieve a Refresh Token for a Client
+
+Retrieves a refresh token issued for the specified User and Client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param clientId
+	@param tokenId
+	@return ApiGetRefreshTokenForUserAndClientRequest
+*/
+func (a *UserApiService) GetRefreshTokenForUserAndClient(ctx context.Context, userId string, clientId string, tokenId string) ApiGetRefreshTokenForUserAndClientRequest {
+	return ApiGetRefreshTokenForUserAndClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		clientId:   clientId,
+		tokenId:    tokenId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2RefreshToken
+func (a *UserApiService) GetRefreshTokenForUserAndClientExecute(r ApiGetRefreshTokenForUserAndClientRequest) (*OAuth2RefreshToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2RefreshToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.GetRefreshTokenForUserAndClient")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"tokenId"+"}", url.PathEscape(parameterToString(r.tokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	expand     *string
+	retryCount int32
+}
+
+// Specifies additional metadata to include in the response. Possible value: &#x60;blocks&#x60;
+func (r ApiGetUserRequest) Expand(expand string) ApiGetUserRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetUserRequest) Execute() (*User, *APIResponse, error) {
+	return r.ApiService.GetUserExecute(r)
+}
+
+/*
+GetUser Retrieve a User
+
+Retrieves a user from your Okta organization
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiGetUserRequest
+*/
+func (a *UserApiService) GetUser(ctx context.Context, userId string) ApiGetUserRequest {
+	return ApiGetUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return User
+func (a *UserApiService) GetUserExecute(r ApiGetUserRequest) (*User, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *User
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.GetUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetUserGrantRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	grantId    string
+	expand     *string
+	retryCount int32
+}
+
+func (r ApiGetUserGrantRequest) Expand(expand string) ApiGetUserGrantRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiGetUserGrantRequest) Execute() (*OAuth2ScopeConsentGrant, *APIResponse, error) {
+	return r.ApiService.GetUserGrantExecute(r)
+}
+
+/*
+GetUserGrant Retrieve a User Grant
+
+Retrieves a grant for the specified user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param grantId
+	@return ApiGetUserGrantRequest
+*/
+func (a *UserApiService) GetUserGrant(ctx context.Context, userId string, grantId string) ApiGetUserGrantRequest {
+	return ApiGetUserGrantRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		grantId:    grantId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return OAuth2ScopeConsentGrant
+func (a *UserApiService) GetUserGrantExecute(r ApiGetUserGrantRequest) (*OAuth2ScopeConsentGrant, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *OAuth2ScopeConsentGrant
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.GetUserGrant")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/grants/{grantId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"grantId"+"}", url.PathEscape(parameterToString(r.grantId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListAppLinksRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListAppLinksRequest) Execute() ([]AppLink, *APIResponse, error) {
+	return r.ApiService.ListAppLinksExecute(r)
+}
+
+/*
+ListAppLinks List all Assigned Application Links
+
+Lists all appLinks for all direct or indirect (via group membership) assigned applications
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListAppLinksRequest
+*/
+func (a *UserApiService) ListAppLinks(ctx context.Context, userId string) ApiListAppLinksRequest {
+	return ApiListAppLinksRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []AppLink
+func (a *UserApiService) ListAppLinksExecute(r ApiListAppLinksRequest) ([]AppLink, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []AppLink
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListAppLinks")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/appLinks"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListGrantsForUserAndClientRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	clientId   string
+	expand     *string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListGrantsForUserAndClientRequest) Expand(expand string) ApiListGrantsForUserAndClientRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListGrantsForUserAndClientRequest) After(after string) ApiListGrantsForUserAndClientRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListGrantsForUserAndClientRequest) Limit(limit int32) ApiListGrantsForUserAndClientRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListGrantsForUserAndClientRequest) Execute() ([]OAuth2ScopeConsentGrant, *APIResponse, error) {
+	return r.ApiService.ListGrantsForUserAndClientExecute(r)
+}
+
+/*
+ListGrantsForUserAndClient List all Grants for a Client
+
+Lists all grants for a specified user and client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param clientId
+	@return ApiListGrantsForUserAndClientRequest
+*/
+func (a *UserApiService) ListGrantsForUserAndClient(ctx context.Context, userId string, clientId string) ApiListGrantsForUserAndClientRequest {
+	return ApiListGrantsForUserAndClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		clientId:   clientId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2ScopeConsentGrant
+func (a *UserApiService) ListGrantsForUserAndClientExecute(r ApiListGrantsForUserAndClientRequest) ([]OAuth2ScopeConsentGrant, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2ScopeConsentGrant
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListGrantsForUserAndClient")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/clients/{clientId}/grants"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListLinkedObjectsForUserRequest struct {
+	ctx              context.Context
+	ApiService       UserApi
+	userId           string
+	relationshipName string
+	after            *string
+	limit            *int32
+	retryCount       int32
+}
+
+func (r ApiListLinkedObjectsForUserRequest) After(after string) ApiListLinkedObjectsForUserRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListLinkedObjectsForUserRequest) Limit(limit int32) ApiListLinkedObjectsForUserRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListLinkedObjectsForUserRequest) Execute() ([]map[string]interface{}, *APIResponse, error) {
+	return r.ApiService.ListLinkedObjectsForUserExecute(r)
+}
+
+/*
+ListLinkedObjectsForUser List all Linked Objects
+
+Lists all linked objects for a user, relationshipName can be a primary or associated relationship name
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param relationshipName
+	@return ApiListLinkedObjectsForUserRequest
+*/
+func (a *UserApiService) ListLinkedObjectsForUser(ctx context.Context, userId string, relationshipName string) ApiListLinkedObjectsForUserRequest {
+	return ApiListLinkedObjectsForUserRequest{
+		ApiService:       a,
+		ctx:              ctx,
+		userId:           userId,
+		relationshipName: relationshipName,
+		retryCount:       0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []map[string]interface{}
+func (a *UserApiService) ListLinkedObjectsForUserExecute(r ApiListLinkedObjectsForUserRequest) ([]map[string]interface{}, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []map[string]interface{}
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListLinkedObjectsForUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/linkedObjects/{relationshipName}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"relationshipName"+"}", url.PathEscape(parameterToString(r.relationshipName, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListRefreshTokensForUserAndClientRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	clientId   string
+	expand     *string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListRefreshTokensForUserAndClientRequest) Expand(expand string) ApiListRefreshTokensForUserAndClientRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListRefreshTokensForUserAndClientRequest) After(after string) ApiListRefreshTokensForUserAndClientRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListRefreshTokensForUserAndClientRequest) Limit(limit int32) ApiListRefreshTokensForUserAndClientRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListRefreshTokensForUserAndClientRequest) Execute() ([]OAuth2RefreshToken, *APIResponse, error) {
+	return r.ApiService.ListRefreshTokensForUserAndClientExecute(r)
+}
+
+/*
+ListRefreshTokensForUserAndClient List all Refresh Tokens for a Client
+
+Lists all refresh tokens issued for the specified User and Client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param clientId
+	@return ApiListRefreshTokensForUserAndClientRequest
+*/
+func (a *UserApiService) ListRefreshTokensForUserAndClient(ctx context.Context, userId string, clientId string) ApiListRefreshTokensForUserAndClientRequest {
+	return ApiListRefreshTokensForUserAndClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		clientId:   clientId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2RefreshToken
+func (a *UserApiService) ListRefreshTokensForUserAndClientExecute(r ApiListRefreshTokensForUserAndClientRequest) ([]OAuth2RefreshToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2RefreshToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListRefreshTokensForUserAndClient")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/clients/{clientId}/tokens"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserBlocksRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListUserBlocksRequest) Execute() ([]UserBlock, *APIResponse, error) {
+	return r.ApiService.ListUserBlocksExecute(r)
+}
+
+/*
+ListUserBlocks List all User Blocks
+
+Lists information about how the user is blocked from accessing their account
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListUserBlocksRequest
+*/
+func (a *UserApiService) ListUserBlocks(ctx context.Context, userId string) ApiListUserBlocksRequest {
+	return ApiListUserBlocksRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []UserBlock
+func (a *UserApiService) ListUserBlocksExecute(r ApiListUserBlocksRequest) ([]UserBlock, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []UserBlock
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListUserBlocks")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/blocks"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserClientsRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListUserClientsRequest) Execute() ([]OAuth2Client, *APIResponse, error) {
+	return r.ApiService.ListUserClientsExecute(r)
+}
+
+/*
+ListUserClients List all Clients
+
+Lists all client resources for which the specified user has grants or tokens
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListUserClientsRequest
+*/
+func (a *UserApiService) ListUserClients(ctx context.Context, userId string) ApiListUserClientsRequest {
+	return ApiListUserClientsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2Client
+func (a *UserApiService) ListUserClientsExecute(r ApiListUserClientsRequest) ([]OAuth2Client, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2Client
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListUserClients")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/clients"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserGrantsRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	scopeId    *string
+	expand     *string
+	after      *string
+	limit      *int32
+	retryCount int32
+}
+
+func (r ApiListUserGrantsRequest) ScopeId(scopeId string) ApiListUserGrantsRequest {
+	r.scopeId = &scopeId
+	return r
+}
+
+func (r ApiListUserGrantsRequest) Expand(expand string) ApiListUserGrantsRequest {
+	r.expand = &expand
+	return r
+}
+
+func (r ApiListUserGrantsRequest) After(after string) ApiListUserGrantsRequest {
+	r.after = &after
+	return r
+}
+
+func (r ApiListUserGrantsRequest) Limit(limit int32) ApiListUserGrantsRequest {
+	r.limit = &limit
+	return r
+}
+
+func (r ApiListUserGrantsRequest) Execute() ([]OAuth2ScopeConsentGrant, *APIResponse, error) {
+	return r.ApiService.ListUserGrantsExecute(r)
+}
+
+/*
+ListUserGrants List all User Grants
+
+Lists all grants for the specified user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListUserGrantsRequest
+*/
+func (a *UserApiService) ListUserGrants(ctx context.Context, userId string) ApiListUserGrantsRequest {
+	return ApiListUserGrantsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []OAuth2ScopeConsentGrant
+func (a *UserApiService) ListUserGrantsExecute(r ApiListUserGrantsRequest) ([]OAuth2ScopeConsentGrant, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []OAuth2ScopeConsentGrant
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListUserGrants")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/grants"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.scopeId != nil {
+		localVarQueryParams.Add("scopeId", parameterToString(*r.scopeId, ""))
+	}
+	if r.expand != nil {
+		localVarQueryParams.Add("expand", parameterToString(*r.expand, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserGroupsRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListUserGroupsRequest) Execute() ([]Group, *APIResponse, error) {
+	return r.ApiService.ListUserGroupsExecute(r)
+}
+
+/*
+ListUserGroups List all Groups
+
+Lists all groups of which the user is a member
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListUserGroupsRequest
+*/
+func (a *UserApiService) ListUserGroups(ctx context.Context, userId string) ApiListUserGroupsRequest {
+	return ApiListUserGroupsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []Group
+func (a *UserApiService) ListUserGroupsExecute(r ApiListUserGroupsRequest) ([]Group, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []Group
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListUserGroups")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/groups"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserIdentityProvidersRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListUserIdentityProvidersRequest) Execute() ([]IdentityProvider, *APIResponse, error) {
+	return r.ApiService.ListUserIdentityProvidersExecute(r)
+}
+
+/*
+ListUserIdentityProviders List all Identity Providers
+
+Lists the IdPs associated with the user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListUserIdentityProvidersRequest
+*/
+func (a *UserApiService) ListUserIdentityProviders(ctx context.Context, userId string) ApiListUserIdentityProvidersRequest {
+	return ApiListUserIdentityProvidersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []IdentityProvider
+func (a *UserApiService) ListUserIdentityProvidersExecute(r ApiListUserIdentityProvidersRequest) ([]IdentityProvider, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []IdentityProvider
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListUserIdentityProviders")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/idps"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUsersRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	q          *string
+	after      *string
+	limit      *int32
+	filter     *string
+	search     *string
+	sortBy     *string
+	sortOrder  *string
+	retryCount int32
+}
+
+// Finds a user that matches firstName, lastName, and email properties
+func (r ApiListUsersRequest) Q(q string) ApiListUsersRequest {
+	r.q = &q
+	return r
+}
+
+// The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information.
+func (r ApiListUsersRequest) After(after string) ApiListUsersRequest {
+	r.after = &after
+	return r
+}
+
+// Specifies the number of results returned. Defaults to 10 if &#x60;q&#x60; is provided.
+func (r ApiListUsersRequest) Limit(limit int32) ApiListUsersRequest {
+	r.limit = &limit
+	return r
+}
+
+// Filters users with a supported expression for a subset of properties
+func (r ApiListUsersRequest) Filter(filter string) ApiListUsersRequest {
+	r.filter = &filter
+	return r
+}
+
+// Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance.
+func (r ApiListUsersRequest) Search(search string) ApiListUsersRequest {
+	r.search = &search
+	return r
+}
+
+func (r ApiListUsersRequest) SortBy(sortBy string) ApiListUsersRequest {
+	r.sortBy = &sortBy
+	return r
+}
+
+func (r ApiListUsersRequest) SortOrder(sortOrder string) ApiListUsersRequest {
+	r.sortOrder = &sortOrder
+	return r
+}
+
+func (r ApiListUsersRequest) Execute() ([]User, *APIResponse, error) {
+	return r.ApiService.ListUsersExecute(r)
+}
+
+/*
+ListUsers List all Users
+
+Lists all users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination.  A subset of users can be returned that match a supported filter expression or search criteria.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListUsersRequest
+*/
+func (a *UserApiService) ListUsers(ctx context.Context) ApiListUsersRequest {
+	return ApiListUsersRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []User
+func (a *UserApiService) ListUsersExecute(r ApiListUsersRequest) ([]User, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []User
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ListUsers")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.q != nil {
+		localVarQueryParams.Add("q", parameterToString(*r.q, ""))
+	}
+	if r.after != nil {
+		localVarQueryParams.Add("after", parameterToString(*r.after, ""))
+	}
+	if r.limit != nil {
+		localVarQueryParams.Add("limit", parameterToString(*r.limit, ""))
+	}
+	if r.filter != nil {
+		localVarQueryParams.Add("filter", parameterToString(*r.filter, ""))
+	}
+	if r.search != nil {
+		localVarQueryParams.Add("search", parameterToString(*r.search, ""))
+	}
+	if r.sortBy != nil {
+		localVarQueryParams.Add("sortBy", parameterToString(*r.sortBy, ""))
+	}
+	if r.sortOrder != nil {
+		localVarQueryParams.Add("sortOrder", parameterToString(*r.sortOrder, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReactivateUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	sendEmail  *bool
+	retryCount int32
+}
+
+// Sends an activation email to the user if true
+func (r ApiReactivateUserRequest) SendEmail(sendEmail bool) ApiReactivateUserRequest {
+	r.sendEmail = &sendEmail
+	return r
+}
+
+func (r ApiReactivateUserRequest) Execute() (*UserActivationToken, *APIResponse, error) {
+	return r.ApiService.ReactivateUserExecute(r)
+}
+
+/*
+ReactivateUser Reactivate a User
+
+Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiReactivateUserRequest
+*/
+func (a *UserApiService) ReactivateUser(ctx context.Context, userId string) ApiReactivateUserRequest {
+	return ApiReactivateUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserActivationToken
+func (a *UserApiService) ReactivateUserExecute(r ApiReactivateUserRequest) (*UserActivationToken, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserActivationToken
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ReactivateUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/reactivate"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.sendEmail != nil {
+		localVarQueryParams.Add("sendEmail", parameterToString(*r.sendEmail, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	user       *UpdateUserRequest
+	strict     *bool
+	retryCount int32
+}
+
+func (r ApiReplaceUserRequest) User(user UpdateUserRequest) ApiReplaceUserRequest {
+	r.user = &user
+	return r
+}
+
+func (r ApiReplaceUserRequest) Strict(strict bool) ApiReplaceUserRequest {
+	r.strict = &strict
+	return r
+}
+
+func (r ApiReplaceUserRequest) Execute() (*User, *APIResponse, error) {
+	return r.ApiService.ReplaceUserExecute(r)
+}
+
+/*
+ReplaceUser Replace a User
+
+Replaces a user's profile and/or credentials using strict-update semantics
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiReplaceUserRequest
+*/
+func (a *UserApiService) ReplaceUser(ctx context.Context, userId string) ApiReplaceUserRequest {
+	return ApiReplaceUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return User
+func (a *UserApiService) ReplaceUserExecute(r ApiReplaceUserRequest) (*User, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *User
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ReplaceUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.user == nil {
+		return localVarReturnValue, nil, reportError("user is required and must be specified")
+	}
+
+	if r.strict != nil {
+		localVarQueryParams.Add("strict", parameterToString(*r.strict, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.user
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiResetFactorsRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiResetFactorsRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.ResetFactorsExecute(r)
+}
+
+/*
+ResetFactors Reset all Factors
+
+Resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiResetFactorsRequest
+*/
+func (a *UserApiService) ResetFactors(ctx context.Context, userId string) ApiResetFactorsRequest {
+	return ApiResetFactorsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) ResetFactorsExecute(r ApiResetFactorsRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.ResetFactors")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/reset_factors"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeGrantsForUserAndClientRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	clientId   string
+	retryCount int32
+}
+
+func (r ApiRevokeGrantsForUserAndClientRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeGrantsForUserAndClientExecute(r)
+}
+
+/*
+RevokeGrantsForUserAndClient Revoke all Grants for a Client
+
+Revokes all grants for the specified user and client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param clientId
+	@return ApiRevokeGrantsForUserAndClientRequest
+*/
+func (a *UserApiService) RevokeGrantsForUserAndClient(ctx context.Context, userId string, clientId string) ApiRevokeGrantsForUserAndClientRequest {
+	return ApiRevokeGrantsForUserAndClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		clientId:   clientId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) RevokeGrantsForUserAndClientExecute(r ApiRevokeGrantsForUserAndClientRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.RevokeGrantsForUserAndClient")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/clients/{clientId}/grants"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeTokenForUserAndClientRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	clientId   string
+	tokenId    string
+	retryCount int32
+}
+
+func (r ApiRevokeTokenForUserAndClientRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeTokenForUserAndClientExecute(r)
+}
+
+/*
+RevokeTokenForUserAndClient Revoke a Token for a Client
+
+Revokes the specified refresh token
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param clientId
+	@param tokenId
+	@return ApiRevokeTokenForUserAndClientRequest
+*/
+func (a *UserApiService) RevokeTokenForUserAndClient(ctx context.Context, userId string, clientId string, tokenId string) ApiRevokeTokenForUserAndClientRequest {
+	return ApiRevokeTokenForUserAndClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		clientId:   clientId,
+		tokenId:    tokenId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) RevokeTokenForUserAndClientExecute(r ApiRevokeTokenForUserAndClientRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.RevokeTokenForUserAndClient")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"tokenId"+"}", url.PathEscape(parameterToString(r.tokenId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeTokensForUserAndClientRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	clientId   string
+	retryCount int32
+}
+
+func (r ApiRevokeTokensForUserAndClientRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeTokensForUserAndClientExecute(r)
+}
+
+/*
+RevokeTokensForUserAndClient Revoke all Refresh Tokens for a Client
+
+Revokes all refresh tokens issued for the specified User and Client
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param clientId
+	@return ApiRevokeTokensForUserAndClientRequest
+*/
+func (a *UserApiService) RevokeTokensForUserAndClient(ctx context.Context, userId string, clientId string) ApiRevokeTokensForUserAndClientRequest {
+	return ApiRevokeTokensForUserAndClientRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		clientId:   clientId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) RevokeTokensForUserAndClientExecute(r ApiRevokeTokensForUserAndClientRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.RevokeTokensForUserAndClient")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/clients/{clientId}/tokens"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"clientId"+"}", url.PathEscape(parameterToString(r.clientId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeUserGrantRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	grantId    string
+	retryCount int32
+}
+
+func (r ApiRevokeUserGrantRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeUserGrantExecute(r)
+}
+
+/*
+RevokeUserGrant Revoke a User Grant
+
+Revokes one grant for a specified user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param grantId
+	@return ApiRevokeUserGrantRequest
+*/
+func (a *UserApiService) RevokeUserGrant(ctx context.Context, userId string, grantId string) ApiRevokeUserGrantRequest {
+	return ApiRevokeUserGrantRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		grantId:    grantId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) RevokeUserGrantExecute(r ApiRevokeUserGrantRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.RevokeUserGrant")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/grants/{grantId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"grantId"+"}", url.PathEscape(parameterToString(r.grantId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeUserGrantsRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiRevokeUserGrantsRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeUserGrantsExecute(r)
+}
+
+/*
+RevokeUserGrants Revoke all User Grants
+
+Revokes all grants for a specified user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiRevokeUserGrantsRequest
+*/
+func (a *UserApiService) RevokeUserGrants(ctx context.Context, userId string) ApiRevokeUserGrantsRequest {
+	return ApiRevokeUserGrantsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) RevokeUserGrantsExecute(r ApiRevokeUserGrantsRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.RevokeUserGrants")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/grants"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiRevokeUserSessionsRequest struct {
+	ctx         context.Context
+	ApiService  UserApi
+	userId      string
+	oauthTokens *bool
+	retryCount  int32
+}
+
+// Revoke issued OpenID Connect and OAuth refresh and access tokens
+func (r ApiRevokeUserSessionsRequest) OauthTokens(oauthTokens bool) ApiRevokeUserSessionsRequest {
+	r.oauthTokens = &oauthTokens
+	return r
+}
+
+func (r ApiRevokeUserSessionsRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.RevokeUserSessionsExecute(r)
+}
+
+/*
+RevokeUserSessions Revoke all User Sessions
+
+Revokes all active identity provider sessions of the user. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiRevokeUserSessionsRequest
+*/
+func (a *UserApiService) RevokeUserSessions(ctx context.Context, userId string) ApiRevokeUserSessionsRequest {
+	return ApiRevokeUserSessionsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) RevokeUserSessionsExecute(r ApiRevokeUserSessionsRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.RevokeUserSessions")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/sessions"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.oauthTokens != nil {
+		localVarQueryParams.Add("oauthTokens", parameterToString(*r.oauthTokens, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiSetLinkedObjectForUserRequest struct {
+	ctx                     context.Context
+	ApiService              UserApi
+	associatedUserId        string
+	primaryRelationshipName string
+	primaryUserId           string
+	retryCount              int32
+}
+
+func (r ApiSetLinkedObjectForUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.SetLinkedObjectForUserExecute(r)
+}
+
+/*
+SetLinkedObjectForUser Create a Linked Object for two User
+
+Creates a linked object for two users
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param associatedUserId
+	@param primaryRelationshipName
+	@param primaryUserId
+	@return ApiSetLinkedObjectForUserRequest
+*/
+func (a *UserApiService) SetLinkedObjectForUser(ctx context.Context, associatedUserId string, primaryRelationshipName string, primaryUserId string) ApiSetLinkedObjectForUserRequest {
+	return ApiSetLinkedObjectForUserRequest{
+		ApiService:              a,
+		ctx:                     ctx,
+		associatedUserId:        associatedUserId,
+		primaryRelationshipName: primaryRelationshipName,
+		primaryUserId:           primaryUserId,
+		retryCount:              0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) SetLinkedObjectForUserExecute(r ApiSetLinkedObjectForUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.SetLinkedObjectForUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"associatedUserId"+"}", url.PathEscape(parameterToString(r.associatedUserId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"primaryRelationshipName"+"}", url.PathEscape(parameterToString(r.primaryRelationshipName, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"primaryUserId"+"}", url.PathEscape(parameterToString(r.primaryUserId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiSuspendUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiSuspendUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.SuspendUserExecute(r)
+}
+
+/*
+SuspendUser Suspend a User
+
+Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiSuspendUserRequest
+*/
+func (a *UserApiService) SuspendUser(ctx context.Context, userId string) ApiSuspendUserRequest {
+	return ApiSuspendUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) SuspendUserExecute(r ApiSuspendUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.SuspendUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/suspend"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnlockUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiUnlockUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnlockUserExecute(r)
+}
+
+/*
+UnlockUser Unlock a User
+
+Unlocks a user with a `LOCKED_OUT` status or unlocks a user with an `ACTIVE` status that is blocked from unknown devices. Unlocked users have an `ACTIVE` status and can sign in with their current password.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiUnlockUserRequest
+*/
+func (a *UserApiService) UnlockUser(ctx context.Context, userId string) ApiUnlockUserRequest {
+	return ApiUnlockUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) UnlockUserExecute(r ApiUnlockUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.UnlockUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/unlock"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUnsuspendUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiUnsuspendUserRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnsuspendUserExecute(r)
+}
+
+/*
+UnsuspendUser Unsuspend a User
+
+Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiUnsuspendUserRequest
+*/
+func (a *UserApiService) UnsuspendUser(ctx context.Context, userId string) ApiUnsuspendUserRequest {
+	return ApiUnsuspendUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserApiService) UnsuspendUserExecute(r ApiUnsuspendUserRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.UnsuspendUser")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/lifecycle/unsuspend"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiUpdateUserRequest struct {
+	ctx        context.Context
+	ApiService UserApi
+	userId     string
+	user       *UpdateUserRequest
+	strict     *bool
+	retryCount int32
+}
+
+func (r ApiUpdateUserRequest) User(user UpdateUserRequest) ApiUpdateUserRequest {
+	r.user = &user
+	return r
+}
+
+func (r ApiUpdateUserRequest) Strict(strict bool) ApiUpdateUserRequest {
+	r.strict = &strict
+	return r
+}
+
+func (r ApiUpdateUserRequest) Execute() (*User, *APIResponse, error) {
+	return r.ApiService.UpdateUserExecute(r)
+}
+
+/*
+UpdateUser Update a User
+
+Updates a user partially determined by the request parameters
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiUpdateUserRequest
+*/
+func (a *UserApiService) UpdateUser(ctx context.Context, userId string) ApiUpdateUserRequest {
+	return ApiUpdateUserRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return User
+func (a *UserApiService) UpdateUserExecute(r ApiUpdateUserRequest) (*User, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *User
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserApiService.UpdateUser")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.user == nil {
+		return localVarReturnValue, nil, reportError("user is required and must be specified")
+	}
+
+	if r.strict != nil {
+		localVarQueryParams.Add("strict", parameterToString(*r.strict, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.user
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_user_factor.go b/okta/api_user_factor.go
new file mode 100644
index 000000000..527122aa5
--- /dev/null
+++ b/okta/api_user_factor.go
@@ -0,0 +1,1840 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type UserFactorApi interface {
+	/*
+		ActivateFactor Activate a Factor
+
+		Activates a factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param factorId
+		@return ApiActivateFactorRequest
+	*/
+	ActivateFactor(ctx context.Context, userId string, factorId string) ApiActivateFactorRequest
+
+	// ActivateFactorExecute executes the request
+	//  @return ListFactors200ResponseInner
+	ActivateFactorExecute(r ApiActivateFactorRequest) (*ListFactors200ResponseInner, *APIResponse, error)
+
+	/*
+		EnrollFactor Enroll a Factor
+
+		Enrolls a user with a supported factor
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiEnrollFactorRequest
+	*/
+	EnrollFactor(ctx context.Context, userId string) ApiEnrollFactorRequest
+
+	// EnrollFactorExecute executes the request
+	//  @return ListFactors200ResponseInner
+	EnrollFactorExecute(r ApiEnrollFactorRequest) (*ListFactors200ResponseInner, *APIResponse, error)
+
+	/*
+		GetFactor Retrieve a Factor
+
+		Retrieves a factor for the specified user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param factorId
+		@return ApiGetFactorRequest
+	*/
+	GetFactor(ctx context.Context, userId string, factorId string) ApiGetFactorRequest
+
+	// GetFactorExecute executes the request
+	//  @return ListFactors200ResponseInner
+	GetFactorExecute(r ApiGetFactorRequest) (*ListFactors200ResponseInner, *APIResponse, error)
+
+	/*
+		GetFactorTransactionStatus Retrieve a Factor Transaction Status
+
+		Retrieves the factors verification transaction status
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param factorId
+		@param transactionId
+		@return ApiGetFactorTransactionStatusRequest
+	*/
+	GetFactorTransactionStatus(ctx context.Context, userId string, factorId string, transactionId string) ApiGetFactorTransactionStatusRequest
+
+	// GetFactorTransactionStatusExecute executes the request
+	//  @return VerifyUserFactorResponse
+	GetFactorTransactionStatusExecute(r ApiGetFactorTransactionStatusRequest) (*VerifyUserFactorResponse, *APIResponse, error)
+
+	/*
+		ListFactors List all Factors
+
+		Lists all the enrolled factors for the specified user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListFactorsRequest
+	*/
+	ListFactors(ctx context.Context, userId string) ApiListFactorsRequest
+
+	// ListFactorsExecute executes the request
+	//  @return []ListFactors200ResponseInner
+	ListFactorsExecute(r ApiListFactorsRequest) ([]ListFactors200ResponseInner, *APIResponse, error)
+
+	/*
+		ListSupportedFactors List all Supported Factors
+
+		Lists all the supported factors that can be enrolled for the specified user
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListSupportedFactorsRequest
+	*/
+	ListSupportedFactors(ctx context.Context, userId string) ApiListSupportedFactorsRequest
+
+	// ListSupportedFactorsExecute executes the request
+	//  @return []ListFactors200ResponseInner
+	ListSupportedFactorsExecute(r ApiListSupportedFactorsRequest) ([]ListFactors200ResponseInner, *APIResponse, error)
+
+	/*
+		ListSupportedSecurityQuestions List all Supported Security Questions
+
+		Lists all available security questions for a user's `question` factor
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@return ApiListSupportedSecurityQuestionsRequest
+	*/
+	ListSupportedSecurityQuestions(ctx context.Context, userId string) ApiListSupportedSecurityQuestionsRequest
+
+	// ListSupportedSecurityQuestionsExecute executes the request
+	//  @return []SecurityQuestion
+	ListSupportedSecurityQuestionsExecute(r ApiListSupportedSecurityQuestionsRequest) ([]SecurityQuestion, *APIResponse, error)
+
+	/*
+		UnenrollFactor Unenroll a Factor
+
+		Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param factorId
+		@return ApiUnenrollFactorRequest
+	*/
+	UnenrollFactor(ctx context.Context, userId string, factorId string) ApiUnenrollFactorRequest
+
+	// UnenrollFactorExecute executes the request
+	UnenrollFactorExecute(r ApiUnenrollFactorRequest) (*APIResponse, error)
+
+	/*
+		VerifyFactor Verify an MFA Factor
+
+		Verifies an OTP for a `token` or `token:hardware` factor
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param userId
+		@param factorId
+		@return ApiVerifyFactorRequest
+	*/
+	VerifyFactor(ctx context.Context, userId string, factorId string) ApiVerifyFactorRequest
+
+	// VerifyFactorExecute executes the request
+	//  @return VerifyUserFactorResponse
+	VerifyFactorExecute(r ApiVerifyFactorRequest) (*VerifyUserFactorResponse, *APIResponse, error)
+}
+
+// UserFactorApiService UserFactorApi service
+type UserFactorApiService service
+
+type ApiActivateFactorRequest struct {
+	ctx        context.Context
+	ApiService UserFactorApi
+	userId     string
+	factorId   string
+	body       *ActivateFactorRequest
+	retryCount int32
+}
+
+func (r ApiActivateFactorRequest) Body(body ActivateFactorRequest) ApiActivateFactorRequest {
+	r.body = &body
+	return r
+}
+
+func (r ApiActivateFactorRequest) Execute() (*ListFactors200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ActivateFactorExecute(r)
+}
+
+/*
+ActivateFactor Activate a Factor
+
+Activates a factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param factorId
+	@return ApiActivateFactorRequest
+*/
+func (a *UserFactorApiService) ActivateFactor(ctx context.Context, userId string, factorId string) ApiActivateFactorRequest {
+	return ApiActivateFactorRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		factorId:   factorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListFactors200ResponseInner
+func (a *UserFactorApiService) ActivateFactorExecute(r ApiActivateFactorRequest) (*ListFactors200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListFactors200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.ActivateFactor")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"factorId"+"}", url.PathEscape(parameterToString(r.factorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.body
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiEnrollFactorRequest struct {
+	ctx                  context.Context
+	ApiService           UserFactorApi
+	userId               string
+	body                 *ListFactors200ResponseInner
+	updatePhone          *bool
+	templateId           *string
+	tokenLifetimeSeconds *int32
+	activate             *bool
+	retryCount           int32
+}
+
+// Factor
+func (r ApiEnrollFactorRequest) Body(body ListFactors200ResponseInner) ApiEnrollFactorRequest {
+	r.body = &body
+	return r
+}
+
+func (r ApiEnrollFactorRequest) UpdatePhone(updatePhone bool) ApiEnrollFactorRequest {
+	r.updatePhone = &updatePhone
+	return r
+}
+
+// id of SMS template (only for SMS factor)
+func (r ApiEnrollFactorRequest) TemplateId(templateId string) ApiEnrollFactorRequest {
+	r.templateId = &templateId
+	return r
+}
+
+func (r ApiEnrollFactorRequest) TokenLifetimeSeconds(tokenLifetimeSeconds int32) ApiEnrollFactorRequest {
+	r.tokenLifetimeSeconds = &tokenLifetimeSeconds
+	return r
+}
+
+func (r ApiEnrollFactorRequest) Activate(activate bool) ApiEnrollFactorRequest {
+	r.activate = &activate
+	return r
+}
+
+func (r ApiEnrollFactorRequest) Execute() (*ListFactors200ResponseInner, *APIResponse, error) {
+	return r.ApiService.EnrollFactorExecute(r)
+}
+
+/*
+EnrollFactor Enroll a Factor
+
+Enrolls a user with a supported factor
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiEnrollFactorRequest
+*/
+func (a *UserFactorApiService) EnrollFactor(ctx context.Context, userId string) ApiEnrollFactorRequest {
+	return ApiEnrollFactorRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListFactors200ResponseInner
+func (a *UserFactorApiService) EnrollFactorExecute(r ApiEnrollFactorRequest) (*ListFactors200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListFactors200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.EnrollFactor")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.body == nil {
+		return localVarReturnValue, nil, reportError("body is required and must be specified")
+	}
+
+	if r.updatePhone != nil {
+		localVarQueryParams.Add("updatePhone", parameterToString(*r.updatePhone, ""))
+	}
+	if r.templateId != nil {
+		localVarQueryParams.Add("templateId", parameterToString(*r.templateId, ""))
+	}
+	if r.tokenLifetimeSeconds != nil {
+		localVarQueryParams.Add("tokenLifetimeSeconds", parameterToString(*r.tokenLifetimeSeconds, ""))
+	}
+	if r.activate != nil {
+		localVarQueryParams.Add("activate", parameterToString(*r.activate, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.body
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetFactorRequest struct {
+	ctx        context.Context
+	ApiService UserFactorApi
+	userId     string
+	factorId   string
+	retryCount int32
+}
+
+func (r ApiGetFactorRequest) Execute() (*ListFactors200ResponseInner, *APIResponse, error) {
+	return r.ApiService.GetFactorExecute(r)
+}
+
+/*
+GetFactor Retrieve a Factor
+
+Retrieves a factor for the specified user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param factorId
+	@return ApiGetFactorRequest
+*/
+func (a *UserFactorApiService) GetFactor(ctx context.Context, userId string, factorId string) ApiGetFactorRequest {
+	return ApiGetFactorRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		factorId:   factorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return ListFactors200ResponseInner
+func (a *UserFactorApiService) GetFactorExecute(r ApiGetFactorRequest) (*ListFactors200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *ListFactors200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.GetFactor")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors/{factorId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"factorId"+"}", url.PathEscape(parameterToString(r.factorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiGetFactorTransactionStatusRequest struct {
+	ctx           context.Context
+	ApiService    UserFactorApi
+	userId        string
+	factorId      string
+	transactionId string
+	retryCount    int32
+}
+
+func (r ApiGetFactorTransactionStatusRequest) Execute() (*VerifyUserFactorResponse, *APIResponse, error) {
+	return r.ApiService.GetFactorTransactionStatusExecute(r)
+}
+
+/*
+GetFactorTransactionStatus Retrieve a Factor Transaction Status
+
+Retrieves the factors verification transaction status
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param factorId
+	@param transactionId
+	@return ApiGetFactorTransactionStatusRequest
+*/
+func (a *UserFactorApiService) GetFactorTransactionStatus(ctx context.Context, userId string, factorId string, transactionId string) ApiGetFactorTransactionStatusRequest {
+	return ApiGetFactorTransactionStatusRequest{
+		ApiService:    a,
+		ctx:           ctx,
+		userId:        userId,
+		factorId:      factorId,
+		transactionId: transactionId,
+		retryCount:    0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return VerifyUserFactorResponse
+func (a *UserFactorApiService) GetFactorTransactionStatusExecute(r ApiGetFactorTransactionStatusRequest) (*VerifyUserFactorResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *VerifyUserFactorResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.GetFactorTransactionStatus")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"factorId"+"}", url.PathEscape(parameterToString(r.factorId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"transactionId"+"}", url.PathEscape(parameterToString(r.transactionId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListFactorsRequest struct {
+	ctx        context.Context
+	ApiService UserFactorApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListFactorsRequest) Execute() ([]ListFactors200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListFactorsExecute(r)
+}
+
+/*
+ListFactors List all Factors
+
+Lists all the enrolled factors for the specified user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListFactorsRequest
+*/
+func (a *UserFactorApiService) ListFactors(ctx context.Context, userId string) ApiListFactorsRequest {
+	return ApiListFactorsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListFactors200ResponseInner
+func (a *UserFactorApiService) ListFactorsExecute(r ApiListFactorsRequest) ([]ListFactors200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListFactors200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.ListFactors")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListSupportedFactorsRequest struct {
+	ctx        context.Context
+	ApiService UserFactorApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListSupportedFactorsRequest) Execute() ([]ListFactors200ResponseInner, *APIResponse, error) {
+	return r.ApiService.ListSupportedFactorsExecute(r)
+}
+
+/*
+ListSupportedFactors List all Supported Factors
+
+Lists all the supported factors that can be enrolled for the specified user
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListSupportedFactorsRequest
+*/
+func (a *UserFactorApiService) ListSupportedFactors(ctx context.Context, userId string) ApiListSupportedFactorsRequest {
+	return ApiListSupportedFactorsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []ListFactors200ResponseInner
+func (a *UserFactorApiService) ListSupportedFactorsExecute(r ApiListSupportedFactorsRequest) ([]ListFactors200ResponseInner, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []ListFactors200ResponseInner
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.ListSupportedFactors")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors/catalog"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListSupportedSecurityQuestionsRequest struct {
+	ctx        context.Context
+	ApiService UserFactorApi
+	userId     string
+	retryCount int32
+}
+
+func (r ApiListSupportedSecurityQuestionsRequest) Execute() ([]SecurityQuestion, *APIResponse, error) {
+	return r.ApiService.ListSupportedSecurityQuestionsExecute(r)
+}
+
+/*
+ListSupportedSecurityQuestions List all Supported Security Questions
+
+Lists all available security questions for a user's `question` factor
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@return ApiListSupportedSecurityQuestionsRequest
+*/
+func (a *UserFactorApiService) ListSupportedSecurityQuestions(ctx context.Context, userId string) ApiListSupportedSecurityQuestionsRequest {
+	return ApiListSupportedSecurityQuestionsRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []SecurityQuestion
+func (a *UserFactorApiService) ListSupportedSecurityQuestionsExecute(r ApiListSupportedSecurityQuestionsRequest) ([]SecurityQuestion, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []SecurityQuestion
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.ListSupportedSecurityQuestions")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors/questions"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUnenrollFactorRequest struct {
+	ctx                      context.Context
+	ApiService               UserFactorApi
+	userId                   string
+	factorId                 string
+	removeEnrollmentRecovery *bool
+	retryCount               int32
+}
+
+func (r ApiUnenrollFactorRequest) RemoveEnrollmentRecovery(removeEnrollmentRecovery bool) ApiUnenrollFactorRequest {
+	r.removeEnrollmentRecovery = &removeEnrollmentRecovery
+	return r
+}
+
+func (r ApiUnenrollFactorRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.UnenrollFactorExecute(r)
+}
+
+/*
+UnenrollFactor Unenroll a Factor
+
+Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param factorId
+	@return ApiUnenrollFactorRequest
+*/
+func (a *UserFactorApiService) UnenrollFactor(ctx context.Context, userId string, factorId string) ApiUnenrollFactorRequest {
+	return ApiUnenrollFactorRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		factorId:   factorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserFactorApiService) UnenrollFactorExecute(r ApiUnenrollFactorRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.UnenrollFactor")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors/{factorId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"factorId"+"}", url.PathEscape(parameterToString(r.factorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.removeEnrollmentRecovery != nil {
+		localVarQueryParams.Add("removeEnrollmentRecovery", parameterToString(*r.removeEnrollmentRecovery, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiVerifyFactorRequest struct {
+	ctx                  context.Context
+	ApiService           UserFactorApi
+	userId               string
+	factorId             string
+	templateId           *string
+	tokenLifetimeSeconds *int32
+	xForwardedFor        *string
+	userAgent            *string
+	acceptLanguage       *string
+	body                 *VerifyFactorRequest
+	retryCount           int32
+}
+
+func (r ApiVerifyFactorRequest) TemplateId(templateId string) ApiVerifyFactorRequest {
+	r.templateId = &templateId
+	return r
+}
+
+func (r ApiVerifyFactorRequest) TokenLifetimeSeconds(tokenLifetimeSeconds int32) ApiVerifyFactorRequest {
+	r.tokenLifetimeSeconds = &tokenLifetimeSeconds
+	return r
+}
+
+func (r ApiVerifyFactorRequest) XForwardedFor(xForwardedFor string) ApiVerifyFactorRequest {
+	r.xForwardedFor = &xForwardedFor
+	return r
+}
+
+func (r ApiVerifyFactorRequest) UserAgent(userAgent string) ApiVerifyFactorRequest {
+	r.userAgent = &userAgent
+	return r
+}
+
+func (r ApiVerifyFactorRequest) AcceptLanguage(acceptLanguage string) ApiVerifyFactorRequest {
+	r.acceptLanguage = &acceptLanguage
+	return r
+}
+
+func (r ApiVerifyFactorRequest) Body(body VerifyFactorRequest) ApiVerifyFactorRequest {
+	r.body = &body
+	return r
+}
+
+func (r ApiVerifyFactorRequest) Execute() (*VerifyUserFactorResponse, *APIResponse, error) {
+	return r.ApiService.VerifyFactorExecute(r)
+}
+
+/*
+VerifyFactor Verify an MFA Factor
+
+Verifies an OTP for a `token` or `token:hardware` factor
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param userId
+	@param factorId
+	@return ApiVerifyFactorRequest
+*/
+func (a *UserFactorApiService) VerifyFactor(ctx context.Context, userId string, factorId string) ApiVerifyFactorRequest {
+	return ApiVerifyFactorRequest{
+		ApiService: a,
+		ctx:        ctx,
+		userId:     userId,
+		factorId:   factorId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return VerifyUserFactorResponse
+func (a *UserFactorApiService) VerifyFactorExecute(r ApiVerifyFactorRequest) (*VerifyUserFactorResponse, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *VerifyUserFactorResponse
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserFactorApiService.VerifyFactor")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/users/{userId}/factors/{factorId}/verify"
+	localVarPath = strings.Replace(localVarPath, "{"+"userId"+"}", url.PathEscape(parameterToString(r.userId, "")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"factorId"+"}", url.PathEscape(parameterToString(r.factorId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	if r.templateId != nil {
+		localVarQueryParams.Add("templateId", parameterToString(*r.templateId, ""))
+	}
+	if r.tokenLifetimeSeconds != nil {
+		localVarQueryParams.Add("tokenLifetimeSeconds", parameterToString(*r.tokenLifetimeSeconds, ""))
+	}
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.xForwardedFor != nil {
+		localVarHeaderParams["X-Forwarded-For"] = parameterToString(*r.xForwardedFor, "")
+	}
+	if r.userAgent != nil {
+		localVarHeaderParams["User-Agent"] = parameterToString(*r.userAgent, "")
+	}
+	if r.acceptLanguage != nil {
+		localVarHeaderParams["Accept-Language"] = parameterToString(*r.acceptLanguage, "")
+	}
+	// body params
+	localVarPostBody = r.body
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/api_user_schema_test.go b/okta/api_user_schema_test.go
new file mode 100644
index 000000000..92ffa99a0
--- /dev/null
+++ b/okta/api_user_schema_test.go
@@ -0,0 +1,50 @@
+package okta
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_Get_User_Schema(t *testing.T) {
+	t.Run("get default user schema", func(t *testing.T) {
+		schema, _, err := apiClient.SchemaApi.GetUserSchema(apiClient.cfg.Context, "default").Execute()
+		require.NoError(t, err, "Could not get default user schema")
+		assert.NotEmpty(t, schema, "User schema is empty")
+		assert.Equal(t, "Username", schema.Definitions.Base.Properties.Login.GetTitle())
+		assert.Equal(t, "READ_WRITE", schema.Definitions.Base.Properties.Login.GetMutability())
+		assert.Equal(t, USERSCHEMAATTRIBUTESCOPE_NONE, schema.Definitions.Base.Properties.Login.GetScope())
+		assert.Equal(t, int32(5), schema.Definitions.Base.Properties.Login.GetMinLength())
+		assert.Equal(t, int32(100), schema.Definitions.Base.Properties.Login.GetMaxLength())
+		assert.NotEmpty(t, schema.Definitions.Base.Properties.Login.GetPermissions())
+		assert.Equal(t, "SELF", schema.Definitions.Base.Properties.Login.GetPermissions()[0].GetPrincipal())
+	})
+}
+
+func Test_Update_Property_To_User_Schema(t *testing.T) {
+	schema, _, err := apiClient.SchemaApi.GetUserSchema(apiClient.cfg.Context, "default").Execute()
+	require.NoError(t, err, "Could not get default user schema")
+	assert.NotEmpty(t, schema, "User schema is empty")
+	t.Run("get update user schema", func(t *testing.T) {
+		req := apiClient.SchemaApi.UpdateUserProfile(apiClient.cfg.Context, "default")
+		customAttributeName := testPrefix + randomTestString()
+		customAttributeDetail := UserSchemaAttribute{}
+		customAttributeDetail.SetTitle(customAttributeName)
+		customAttributeDetail.SetType(USERSCHEMAATTRIBUTETYPE_STRING)
+		customAttributeDetail.SetMinLength(1)
+		customAttributeDetail.SetMaxLength(20)
+		customAttribute := make(map[string]UserSchemaAttribute)
+		customAttribute[customAttributeName] = customAttributeDetail
+		payload := UserSchemaPublic{Properties: &customAttribute}
+		schema.Definitions.SetCustom(payload)
+		req = req.UserSchema(*schema)
+		updateSchema, _, err := req.Execute()
+		require.NoError(t, err, "Could not update default user schema")
+		assert.NotEmpty(t, updateSchema, "User schema is empty")
+		updateAttribute := schema.Definitions.Custom.GetProperties()[customAttributeName]
+		assert.Equal(t, customAttributeName, updateAttribute.GetTitle())
+		assert.Equal(t, int32(1), updateAttribute.GetMinLength())
+		assert.Equal(t, int32(20), updateAttribute.GetMaxLength())
+	})
+}
diff --git a/okta/api_user_test.go b/okta/api_user_test.go
new file mode 100644
index 000000000..e96f97531
--- /dev/null
+++ b/okta/api_user_test.go
@@ -0,0 +1,382 @@
+package okta
+
+import (
+	"io/ioutil"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func setupUser(activate bool) (*User, *APIResponse, CreateUserRequest, error) {
+	req := apiClient.UserApi.CreateUser(apiClient.cfg.Context)
+	uc := testFactory.NewValidTestUserCredentialsWithPassword()
+	profile := testFactory.NewValidTestUserProfile()
+	body := CreateUserRequest{Credentials: uc, Profile: profile}
+	req = req.Body(body)
+	req = req.Activate(activate)
+	user, res, err := req.Execute()
+	return user, res, body, err
+}
+
+func cleanUpUser(userId string) error {
+	_, err := apiClient.UserApi.DeactivateUser(apiClient.cfg.Context, userId).Execute()
+	if err != nil {
+		return err
+	}
+	_, err = apiClient.UserApi.DeleteUser(apiClient.cfg.Context, userId).Execute()
+	if err != nil {
+		return err
+	}
+	_, res, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, userId).Execute()
+	if err != nil && res.StatusCode == http.StatusNotFound {
+		err = nil
+	}
+	return err
+}
+
+func Test_Get_User(t *testing.T) {
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("get user by id", func(t *testing.T) {
+		ubid, _, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not get user by ID")
+		assert.Equal(t, user.GetId(), ubid.GetId())
+	})
+	t.Run("get user by login", func(t *testing.T) {
+		ubid, _, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, *user.Profile.Login).Execute()
+		require.NoError(t, err, "Could not get user by login")
+		assert.Equal(t, user.GetId(), ubid.GetId())
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Activate_User(t *testing.T) {
+	user, _, _, err := setupUser(false)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("activate users", func(t *testing.T) {
+		req := apiClient.UserApi.ActivateUser(apiClient.cfg.Context, user.GetId())
+		req = req.SendEmail(false)
+		token, _, err := req.Execute()
+		require.NoError(t, err, "Could not activate the user")
+		assert.NotEmpty(t, token, "Token was not provided")
+		assert.IsType(t, &UserActivationToken{}, token, "Activation did not return correct type")
+	})
+	t.Run("get user by id", func(t *testing.T) {
+		crUser, _, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not get user by ID")
+		assert.NotNil(t, crUser.Activated, "users activation time is missing")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Update_User_Profile(t *testing.T) {
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	nickName := "Batman"
+	t.Run("update user", func(t *testing.T) {
+		newProfile := user.Profile
+		newProfile.NickName = &nickName
+		req := apiClient.UserApi.UpdateUser(apiClient.cfg.Context, user.GetId())
+		body := UpdateUserRequest{Profile: newProfile}
+		req = req.User(body)
+		_, _, err := req.Execute()
+		require.NoError(t, err, "Could not update user by ID")
+	})
+	t.Run("get user", func(t *testing.T) {
+		updatedUser, _, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not get user by ID")
+		assert.Equal(t, nickName, *updatedUser.Profile.NickName)
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Suspend_User(t *testing.T) {
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("suspend user", func(t *testing.T) {
+		_, err := apiClient.UserApi.SuspendUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not suspend user")
+		susReq := apiClient.UserApi.ListUsers(apiClient.cfg.Context)
+		susReq = susReq.Filter("status eq \"SUSPENDED\"")
+		listUsers, _, err := susReq.Execute()
+		require.NoError(t, err, "Could not get suspended user")
+		var found bool
+		for _, u := range listUsers {
+			if user.GetId() == u.GetId() {
+				found = true
+				break
+			}
+		}
+		assert.True(t, found, "The user was not found")
+	})
+	t.Run("unsuspend user", func(t *testing.T) {
+		_, err := apiClient.UserApi.UnsuspendUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not unsuspend user")
+		unsusReq := apiClient.UserApi.ListUsers(apiClient.cfg.Context)
+		unsusReq = unsusReq.Filter("status eq \"ACTIVE\"")
+		listUsers, _, err := unsusReq.Execute()
+		require.NoError(t, err, "Could not get active user")
+		var found bool
+		for _, u := range listUsers {
+			if user.GetId() == u.GetId() {
+				found = true
+				break
+			}
+		}
+		assert.True(t, found, "The user was not found")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Change_User_Password(t *testing.T) {
+	user, _, payload, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	time.Sleep(1 * time.Second)
+	t.Run("change users password", func(t *testing.T) {
+		req := apiClient.UserApi.ChangePassword(apiClient.cfg.Context, *user.Id)
+		newPassword := NewPasswordCredential()
+		newPassword.SetValue(testPassword(10))
+		payload := ChangePasswordRequest{
+			OldPassword: payload.GetCredentials().Password,
+			NewPassword: newPassword,
+		}
+		req = req.ChangePasswordRequest(payload)
+		_, _, err := req.Execute()
+		require.NoError(t, err, "Could not change user password")
+		ubid, _, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not get user by ID")
+		assert.Equal(t, user.GetId(), ubid.GetId())
+		assert.True(t, ubid.HasPasswordChanged())
+		assert.True(t, ubid.GetPasswordChanged().After(user.GetPasswordChanged()), "Password has not changed")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Get_Reset_Password_Link_User(t *testing.T) {
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("reset password", func(t *testing.T) {
+		req := apiClient.UserApi.GenerateResetPasswordToken(apiClient.cfg.Context, user.GetId())
+		req = req.SendEmail(false)
+		rpt, _, err := req.Execute()
+		require.NoError(t, err, "Could not reset password")
+		assert.IsType(t, &ResetPasswordToken{}, rpt)
+		assert.NotEmpty(t, rpt.ResetPasswordUrl, "Reset Password is not set")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Expire_Password_User_Get_Temp(t *testing.T) {
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("expire password", func(t *testing.T) {
+		tp, _, err := apiClient.UserApi.ExpirePasswordAndGetTemporaryPassword(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not reset password")
+		assert.IsType(t, &TempPassword{}, tp)
+		assert.NotEmpty(t, tp.TempPassword, "Temp Password not provided")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Change_User_Recovery_Question(t *testing.T) {
+	user, _, body, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("change recovery question", func(t *testing.T) {
+		req := apiClient.UserApi.ChangeRecoveryQuestion(apiClient.cfg.Context, user.GetId())
+		payload := UserCredentials{
+			Password:         body.GetCredentials().Password,
+			RecoveryQuestion: testFactory.NewValidTestRecoveryQuestionCredential(),
+		}
+		req = req.UserCredentials(payload)
+		tmpuc, _, err := req.Execute()
+		require.NoError(t, err, "Could not change recovery question")
+		assert.IsType(t, &UserCredentials{}, tmpuc)
+	})
+	t.Run("update password using recovery question", func(t *testing.T) {
+		req := apiClient.UserApi.ForgotPasswordSetNewPassword(apiClient.cfg.Context, user.GetId())
+		payload := UserCredentials{
+			Password:         testFactory.NewValidTestPasswordCredential(),
+			RecoveryQuestion: testFactory.NewValidTestRecoveryQuestionCredential(),
+		}
+		req = req.UserCredentials(payload)
+		_, _, err := req.Execute()
+		require.NoError(t, err, "Could not change password with recovery question")
+		ubid, _, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Could not get user by ID")
+		assert.Equal(t, user.GetId(), ubid.GetId())
+		assert.True(t, ubid.GetPasswordChanged().After(user.GetPasswordChanged()), "Password change did not happen")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_Assign_User_To_A_Role(t *testing.T) {
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	var roleId string
+	role := ROLETYPE_USER_ADMIN
+	t.Run("add role to user", func(t *testing.T) {
+		req := apiClient.RoleAssignmentApi.AssignRoleToUser(apiClient.cfg.Context, user.GetId())
+		payload := AssignRoleRequest{
+			Type: &role,
+		}
+		req = req.AssignRoleRequest(payload)
+		_, _, err = req.Execute()
+		require.NoError(t, err, "Should not have had an error when adding role to user")
+		listRoles, _, err := apiClient.RoleAssignmentApi.ListAssignedRolesForUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Should not have had an error when getting user's assigned role")
+		var found bool
+		for _, r := range listRoles {
+			if r.GetType() == role {
+				found = true
+				roleId = r.GetId()
+				break
+			}
+		}
+		assert.True(t, found, "Could not verify USER_ADMIN was added to the user")
+	})
+	t.Run("remove role from user", func(t *testing.T) {
+		_, err = apiClient.RoleAssignmentApi.UnassignRoleFromUser(apiClient.cfg.Context, user.GetId(), roleId).Execute()
+		require.NoError(t, err, "Should not have had an error when removing role to user")
+		listRoles, _, err := apiClient.RoleAssignmentApi.ListAssignedRolesForUser(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Should not have had an error when getting user's assigned role")
+		var found bool
+		for _, r := range listRoles {
+			if r.GetType() == role {
+				found = true
+				break
+			}
+		}
+		assert.False(t, found, "Could not verify USER_ADMIN was removed to the user")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_User_Group_Target_Role(t *testing.T) {
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	var groupId string
+	var roleId string
+	var newGroupId string
+	t.Run("add group target to role", func(t *testing.T) {
+		greq := apiClient.GroupApi.CreateGroup(apiClient.cfg.Context)
+		gp := NewGroupProfile()
+		gp.SetName("SDK_TEST Group-Target Test Group")
+		gpayload := Group{Profile: gp}
+		greq = greq.Group(gpayload)
+		group, _, err := greq.Execute()
+		require.NoError(t, err, "Creating an group should not error")
+		areq := apiClient.RoleAssignmentApi.AssignRoleToUser(apiClient.cfg.Context, user.GetId())
+		payload := NewAssignRoleRequest()
+		payload.SetType("USER_ADMIN")
+		areq = areq.AssignRoleRequest(*payload)
+		role, _, err := areq.Execute()
+		require.NoError(t, err, "Should not have had an error when adding role to user")
+		_, err = apiClient.RoleTargetApi.AssignGroupTargetToUserRole(apiClient.cfg.Context, user.GetId(), role.GetId(), group.GetId()).Execute()
+		require.NoError(t, err, "Should not have had an error when adding group target to role")
+		groups, _, err := apiClient.RoleTargetApi.ListGroupTargetsForRole(apiClient.cfg.Context, user.GetId(), role.GetId()).Execute()
+		require.NoError(t, err)
+		var found bool
+		for _, tmpgroup := range groups {
+			if tmpgroup.GetId() == group.GetId() {
+				found = true
+				groupId = group.GetId()
+				roleId = role.GetId()
+				break
+			}
+		}
+		assert.True(t, found, "Could not verify group target")
+	})
+	t.Run("remove group target from role", func(t *testing.T) {
+		greq := apiClient.GroupApi.CreateGroup(apiClient.cfg.Context)
+		gp := NewGroupProfile()
+		gp.SetName("SDK_TEST Group TMP-Target Test Group")
+		gpayload := Group{Profile: gp}
+		greq = greq.Group(gpayload)
+		newGroup, _, err := greq.Execute()
+		require.NoError(t, err, "Should not have had an error when adding role to user")
+		newGroupId = newGroup.GetId()
+		_, err = apiClient.RoleTargetApi.AssignGroupTargetToUserRole(apiClient.cfg.Context, user.GetId(), roleId, newGroup.GetId()).Execute()
+		require.NoError(t, err)
+		_, err = apiClient.RoleTargetApi.UnassignGroupTargetFromUserAdminRole(apiClient.cfg.Context, user.GetId(), roleId, groupId).Execute()
+		require.NoError(t, err, "Should not have had an error when removing group target to role")
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+	err = cleanUpGroup(groupId)
+	require.NoError(t, err, "Clean up group should not error")
+	err = cleanUpGroup(newGroupId)
+	require.NoError(t, err, "Clean up group should not error")
+}
+
+func Test_Get_User_With_Cache_Enabled(t *testing.T) {
+	configuration := NewConfiguration()
+	configuration.Debug = true
+	cachedApiClient := NewAPIClient(configuration)
+	user, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	t.Run("get user with cache", func(t *testing.T) {
+		for i := 0; i < 10; i++ {
+			u, resp, err := cachedApiClient.UserApi.GetUser(apiClient.cfg.Context, user.GetId()).Execute()
+			assert.NoError(t, err, "Should not error when getting user")
+			assert.NotNil(t, u, "user should not be nil")
+			assert.NotNil(t, resp, "resp should not be nil")
+		}
+	})
+	err = cleanUpUser(user.GetId())
+	require.NoError(t, err, "Clean up user should not error")
+}
+
+func Test_List_User_Subscriptions(t *testing.T) {
+	user, _, err := apiClient.UserApi.GetUser(apiClient.cfg.Context, "me").Execute()
+	require.NoError(t, err, "Getting the current user should not error")
+	t.Run("get user subscription", func(t *testing.T) {
+		subscriptions, _, err := apiClient.SubscriptionApi.ListUserSubscriptions(apiClient.cfg.Context, user.GetId()).Execute()
+		require.NoError(t, err, "Should not error listing user subscriptions")
+		assert.True(t, len(subscriptions) > 0, "User should have subscriptions")
+	})
+	t.Run("get user subscription by notification type", func(t *testing.T) {
+		expectedNotificationType := "OKTA_ANNOUNCEMENT"
+		subscription, _, err := apiClient.SubscriptionApi.ListUserSubscriptionsByNotificationType(apiClient.cfg.Context, user.GetId(), expectedNotificationType).Execute()
+		require.NoError(t, err, "Should not error getting user subscription by notification types")
+		assert.Equal(t, subscription.GetNotificationType(), NOTIFICATIONTYPE_OKTA_ANNOUNCEMENT, "User should have subscription notification type %q, got %q", expectedNotificationType, subscription.NotificationType)
+	})
+}
+
+func TestCanPaginateAcrossUsers(t *testing.T) {
+	createdUser1, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	createdUser2, _, _, err := setupUser(true)
+	require.NoError(t, err, "Creating a new user should not error")
+	user1, resp, err := apiClient.UserApi.ListUsers(apiClient.cfg.Context).Limit(1).Execute()
+	require.NoError(t, err)
+	assert.Equal(t, 1, len(user1), "User1 did not return 1 user")
+	user1Profile := user1[0].GetProfile()
+	hasNext := resp.HasNextPage()
+	assert.True(t, hasNext, "Should return true for HasNextPage")
+	var user2 []User
+	res, err := resp.Next(&user2)
+	require.NoError(t, err)
+	body, err := ioutil.ReadAll(res.Body)
+	res.Body.Close()
+	require.NoError(t, err)
+	assert.NotEmpty(t, string(body), "body is empty")
+	assert.Equal(t, 1, len(user2), "User2 did not return 1 user")
+	user2Profile := user2[0].GetProfile()
+	assert.NotEqual(t, user2Profile.GetEmail(), user1Profile.GetEmail(), "Emails should not be the same")
+	err = cleanUpUser(createdUser1.GetId())
+	require.NoError(t, err, "Should not error when deactivating")
+	err = cleanUpUser(createdUser2.GetId())
+	require.NoError(t, err, "Should not error when deactivating")
+}
diff --git a/okta/api_user_type.go b/okta/api_user_type.go
new file mode 100644
index 000000000..222a9c7d9
--- /dev/null
+++ b/okta/api_user_type.go
@@ -0,0 +1,1147 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type UserTypeApi interface {
+	/*
+		CreateUserType Create a User Type
+
+		Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiCreateUserTypeRequest
+	*/
+	CreateUserType(ctx context.Context) ApiCreateUserTypeRequest
+
+	// CreateUserTypeExecute executes the request
+	//  @return UserType
+	CreateUserTypeExecute(r ApiCreateUserTypeRequest) (*UserType, *APIResponse, error)
+
+	/*
+		DeleteUserType Delete a User Type
+
+		Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param typeId
+		@return ApiDeleteUserTypeRequest
+	*/
+	DeleteUserType(ctx context.Context, typeId string) ApiDeleteUserTypeRequest
+
+	// DeleteUserTypeExecute executes the request
+	DeleteUserTypeExecute(r ApiDeleteUserTypeRequest) (*APIResponse, error)
+
+	/*
+		GetUserType Retrieve a User Type
+
+		Retrieves a User Type by ID. The special identifier `default` may be used to fetch the default User Type.
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param typeId
+		@return ApiGetUserTypeRequest
+	*/
+	GetUserType(ctx context.Context, typeId string) ApiGetUserTypeRequest
+
+	// GetUserTypeExecute executes the request
+	//  @return UserType
+	GetUserTypeExecute(r ApiGetUserTypeRequest) (*UserType, *APIResponse, error)
+
+	/*
+		ListUserTypes List all User Types
+
+		Lists all User Types in your org
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@return ApiListUserTypesRequest
+	*/
+	ListUserTypes(ctx context.Context) ApiListUserTypesRequest
+
+	// ListUserTypesExecute executes the request
+	//  @return []UserType
+	ListUserTypesExecute(r ApiListUserTypesRequest) ([]UserType, *APIResponse, error)
+
+	/*
+		ReplaceUserType Replace a User Type
+
+		Replaces an existing user type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param typeId
+		@return ApiReplaceUserTypeRequest
+	*/
+	ReplaceUserType(ctx context.Context, typeId string) ApiReplaceUserTypeRequest
+
+	// ReplaceUserTypeExecute executes the request
+	//  @return UserType
+	ReplaceUserTypeExecute(r ApiReplaceUserTypeRequest) (*UserType, *APIResponse, error)
+
+	/*
+		UpdateUserType Update a User Type
+
+		Updates an existing User Type
+
+		@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+		@param typeId
+		@return ApiUpdateUserTypeRequest
+	*/
+	UpdateUserType(ctx context.Context, typeId string) ApiUpdateUserTypeRequest
+
+	// UpdateUserTypeExecute executes the request
+	//  @return UserType
+	UpdateUserTypeExecute(r ApiUpdateUserTypeRequest) (*UserType, *APIResponse, error)
+}
+
+// UserTypeApiService UserTypeApi service
+type UserTypeApiService service
+
+type ApiCreateUserTypeRequest struct {
+	ctx        context.Context
+	ApiService UserTypeApi
+	userType   *UserType
+	retryCount int32
+}
+
+func (r ApiCreateUserTypeRequest) UserType(userType UserType) ApiCreateUserTypeRequest {
+	r.userType = &userType
+	return r
+}
+
+func (r ApiCreateUserTypeRequest) Execute() (*UserType, *APIResponse, error) {
+	return r.ApiService.CreateUserTypeExecute(r)
+}
+
+/*
+CreateUserType Create a User Type
+
+Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiCreateUserTypeRequest
+*/
+func (a *UserTypeApiService) CreateUserType(ctx context.Context) ApiCreateUserTypeRequest {
+	return ApiCreateUserTypeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserType
+func (a *UserTypeApiService) CreateUserTypeExecute(r ApiCreateUserTypeRequest) (*UserType, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserType
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserTypeApiService.CreateUserType")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/types/user"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.userType == nil {
+		return localVarReturnValue, nil, reportError("userType is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.userType
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiDeleteUserTypeRequest struct {
+	ctx        context.Context
+	ApiService UserTypeApi
+	typeId     string
+	retryCount int32
+}
+
+func (r ApiDeleteUserTypeRequest) Execute() (*APIResponse, error) {
+	return r.ApiService.DeleteUserTypeExecute(r)
+}
+
+/*
+DeleteUserType Delete a User Type
+
+Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param typeId
+	@return ApiDeleteUserTypeRequest
+*/
+func (a *UserTypeApiService) DeleteUserType(ctx context.Context, typeId string) ApiDeleteUserTypeRequest {
+	return ApiDeleteUserTypeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		typeId:     typeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+func (a *UserTypeApiService) DeleteUserTypeExecute(r ApiDeleteUserTypeRequest) (*APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodDelete
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserTypeApiService.DeleteUserType")
+	if err != nil {
+		return nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/types/user/{typeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"typeId"+"}", url.PathEscape(parameterToString(r.typeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+			return localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+				return localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+		return localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, nil)
+	return localAPIResponse, nil
+}
+
+type ApiGetUserTypeRequest struct {
+	ctx        context.Context
+	ApiService UserTypeApi
+	typeId     string
+	retryCount int32
+}
+
+func (r ApiGetUserTypeRequest) Execute() (*UserType, *APIResponse, error) {
+	return r.ApiService.GetUserTypeExecute(r)
+}
+
+/*
+GetUserType Retrieve a User Type
+
+Retrieves a User Type by ID. The special identifier `default` may be used to fetch the default User Type.
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param typeId
+	@return ApiGetUserTypeRequest
+*/
+func (a *UserTypeApiService) GetUserType(ctx context.Context, typeId string) ApiGetUserTypeRequest {
+	return ApiGetUserTypeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		typeId:     typeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserType
+func (a *UserTypeApiService) GetUserTypeExecute(r ApiGetUserTypeRequest) (*UserType, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserType
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserTypeApiService.GetUserType")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/types/user/{typeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"typeId"+"}", url.PathEscape(parameterToString(r.typeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiListUserTypesRequest struct {
+	ctx        context.Context
+	ApiService UserTypeApi
+	retryCount int32
+}
+
+func (r ApiListUserTypesRequest) Execute() ([]UserType, *APIResponse, error) {
+	return r.ApiService.ListUserTypesExecute(r)
+}
+
+/*
+ListUserTypes List all User Types
+
+Lists all User Types in your org
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@return ApiListUserTypesRequest
+*/
+func (a *UserTypeApiService) ListUserTypes(ctx context.Context) ApiListUserTypesRequest {
+	return ApiListUserTypesRequest{
+		ApiService: a,
+		ctx:        ctx,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return []UserType
+func (a *UserTypeApiService) ListUserTypesExecute(r ApiListUserTypesRequest) ([]UserType, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  []UserType
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserTypeApiService.ListUserTypes")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/types/user"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiReplaceUserTypeRequest struct {
+	ctx        context.Context
+	ApiService UserTypeApi
+	typeId     string
+	userType   *UserType
+	retryCount int32
+}
+
+func (r ApiReplaceUserTypeRequest) UserType(userType UserType) ApiReplaceUserTypeRequest {
+	r.userType = &userType
+	return r
+}
+
+func (r ApiReplaceUserTypeRequest) Execute() (*UserType, *APIResponse, error) {
+	return r.ApiService.ReplaceUserTypeExecute(r)
+}
+
+/*
+ReplaceUserType Replace a User Type
+
+Replaces an existing user type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param typeId
+	@return ApiReplaceUserTypeRequest
+*/
+func (a *UserTypeApiService) ReplaceUserType(ctx context.Context, typeId string) ApiReplaceUserTypeRequest {
+	return ApiReplaceUserTypeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		typeId:     typeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserType
+func (a *UserTypeApiService) ReplaceUserTypeExecute(r ApiReplaceUserTypeRequest) (*UserType, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPut
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserType
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserTypeApiService.ReplaceUserType")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/types/user/{typeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"typeId"+"}", url.PathEscape(parameterToString(r.typeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.userType == nil {
+		return localVarReturnValue, nil, reportError("userType is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.userType
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
+
+type ApiUpdateUserTypeRequest struct {
+	ctx        context.Context
+	ApiService UserTypeApi
+	typeId     string
+	userType   *UserType
+	retryCount int32
+}
+
+func (r ApiUpdateUserTypeRequest) UserType(userType UserType) ApiUpdateUserTypeRequest {
+	r.userType = &userType
+	return r
+}
+
+func (r ApiUpdateUserTypeRequest) Execute() (*UserType, *APIResponse, error) {
+	return r.ApiService.UpdateUserTypeExecute(r)
+}
+
+/*
+UpdateUserType Update a User Type
+
+Updates an existing User Type
+
+	@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+	@param typeId
+	@return ApiUpdateUserTypeRequest
+*/
+func (a *UserTypeApiService) UpdateUserType(ctx context.Context, typeId string) ApiUpdateUserTypeRequest {
+	return ApiUpdateUserTypeRequest{
+		ApiService: a,
+		ctx:        ctx,
+		typeId:     typeId,
+		retryCount: 0,
+	}
+}
+
+// Execute executes the request
+//
+//	@return UserType
+func (a *UserTypeApiService) UpdateUserTypeExecute(r ApiUpdateUserTypeRequest) (*UserType, *APIResponse, error) {
+	var (
+		localVarHTTPMethod   = http.MethodPost
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *UserType
+		localVarHTTPResponse *http.Response
+		localAPIResponse     *APIResponse
+		err                  error
+	)
+
+	if a.client.cfg.Okta.Client.RequestTimeout > 0 {
+		localctx, cancel := context.WithTimeout(r.ctx, time.Second*time.Duration(a.client.cfg.Okta.Client.RequestTimeout))
+		r.ctx = localctx
+		defer cancel()
+	}
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "UserTypeApiService.UpdateUserType")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/meta/types/user/{typeId}"
+	localVarPath = strings.Replace(localVarPath, "{"+"typeId"+"}", url.PathEscape(parameterToString(r.typeId, "")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if r.userType == nil {
+		return localVarReturnValue, nil, reportError("userType is required and must be specified")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{"application/json"}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	// body params
+	localVarPostBody = r.userType
+	if r.ctx != nil {
+		// API Key Authentication
+		if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
+			if apiKey, ok := auth["apiToken"]; ok {
+				var key string
+				if apiKey.Prefix != "" {
+					key = apiKey.Prefix + " " + apiKey.Key
+				} else {
+					key = apiKey.Key
+				}
+				localVarHeaderParams["Authorization"] = key
+			}
+		}
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+	localVarHTTPResponse, err = a.client.do(r.ctx, req)
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+			localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+			return localVarReturnValue, localAPIResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v Error
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+				return localVarReturnValue, localAPIResponse, newErr
+			}
+			newErr.model = v
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+		return localVarReturnValue, localAPIResponse, newErr
+	}
+
+	localAPIResponse = newAPIResponse(localVarHTTPResponse, a.client, localVarReturnValue)
+	return localVarReturnValue, localAPIResponse, nil
+}
diff --git a/okta/appAndInstanceConditionEvaluatorAppOrInstance.go b/okta/appAndInstanceConditionEvaluatorAppOrInstance.go
deleted file mode 100644
index 0559fe536..000000000
--- a/okta/appAndInstanceConditionEvaluatorAppOrInstance.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AppAndInstanceConditionEvaluatorAppOrInstance struct {
-	Id   string `json:"id,omitempty"`
-	Name string `json:"name,omitempty"`
-	Type string `json:"type,omitempty"`
-}
-
-func NewAppAndInstanceConditionEvaluatorAppOrInstance() *AppAndInstanceConditionEvaluatorAppOrInstance {
-	return &AppAndInstanceConditionEvaluatorAppOrInstance{}
-}
-
-func (a *AppAndInstanceConditionEvaluatorAppOrInstance) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/appAndInstancePolicyRuleCondition.go b/okta/appAndInstancePolicyRuleCondition.go
deleted file mode 100644
index a93af6632..000000000
--- a/okta/appAndInstancePolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AppAndInstancePolicyRuleCondition struct {
-	Exclude []*AppAndInstanceConditionEvaluatorAppOrInstance `json:"exclude,omitempty"`
-	Include []*AppAndInstanceConditionEvaluatorAppOrInstance `json:"include,omitempty"`
-}
-
-func NewAppAndInstancePolicyRuleCondition() *AppAndInstancePolicyRuleCondition {
-	return &AppAndInstancePolicyRuleCondition{}
-}
-
-func (a *AppAndInstancePolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/appInstancePolicyRuleCondition.go b/okta/appInstancePolicyRuleCondition.go
deleted file mode 100644
index 22c020609..000000000
--- a/okta/appInstancePolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AppInstancePolicyRuleCondition struct {
-	Exclude []string `json:"exclude,omitempty"`
-	Include []string `json:"include,omitempty"`
-}
-
-func NewAppInstancePolicyRuleCondition() *AppInstancePolicyRuleCondition {
-	return &AppInstancePolicyRuleCondition{}
-}
-
-func (a *AppInstancePolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/appLink.go b/okta/appLink.go
deleted file mode 100644
index dbbfc1743..000000000
--- a/okta/appLink.go
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type AppLink struct {
-	AppAssignmentId  string `json:"appAssignmentId,omitempty"`
-	AppInstanceId    string `json:"appInstanceId,omitempty"`
-	AppName          string `json:"appName,omitempty"`
-	CredentialsSetup *bool  `json:"credentialsSetup,omitempty"`
-	Hidden           *bool  `json:"hidden,omitempty"`
-	Id               string `json:"id,omitempty"`
-	Label            string `json:"label,omitempty"`
-	LinkUrl          string `json:"linkUrl,omitempty"`
-	LogoUrl          string `json:"logoUrl,omitempty"`
-	SortOrder        int64  `json:"-"`
-	SortOrderPtr     *int64 `json:"sortOrder,omitempty"`
-}
-
-func (a *AppLink) MarshalJSON() ([]byte, error) {
-	type Alias AppLink
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.SortOrder != 0 {
-		result.SortOrderPtr = Int64Ptr(a.SortOrder)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AppLink) UnmarshalJSON(data []byte) error {
-	type Alias AppLink
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.SortOrderPtr != nil {
-		a.SortOrder = *result.SortOrderPtr
-		a.SortOrderPtr = result.SortOrderPtr
-	}
-	return nil
-}
diff --git a/okta/appUser.go b/okta/appUser.go
deleted file mode 100644
index 94f51eebd..000000000
--- a/okta/appUser.go
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type AppUserResource resource
-
-type AppUser struct {
-	Embedded        interface{}         `json:"_embedded,omitempty"`
-	Links           interface{}         `json:"_links,omitempty"`
-	Created         *time.Time          `json:"created,omitempty"`
-	Credentials     *AppUserCredentials `json:"credentials,omitempty"`
-	ExternalId      string              `json:"externalId,omitempty"`
-	Id              string              `json:"id,omitempty"`
-	LastSync        *time.Time          `json:"lastSync,omitempty"`
-	LastUpdated     *time.Time          `json:"lastUpdated,omitempty"`
-	PasswordChanged *time.Time          `json:"passwordChanged,omitempty"`
-	Profile         interface{}         `json:"profile,omitempty"`
-	Scope           string              `json:"scope,omitempty"`
-	Status          string              `json:"status,omitempty"`
-	StatusChanged   *time.Time          `json:"statusChanged,omitempty"`
-	SyncState       string              `json:"syncState,omitempty"`
-}
-
-// Updates a user&#x27;s profile for an application
-func (m *AppUserResource) UpdateApplicationUser(ctx context.Context, appId string, userId string, body AppUser) (*AppUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/users/%v", appId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var appUser *AppUser
-
-	resp, err := rq.Do(ctx, req, &appUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return appUser, resp, nil
-}
-
-// Removes an assignment for a user from an application.
-func (m *AppUserResource) DeleteApplicationUser(ctx context.Context, appId string, userId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/users/%v", appId, userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
diff --git a/okta/appUserCredentials.go b/okta/appUserCredentials.go
deleted file mode 100644
index 603cdbfea..000000000
--- a/okta/appUserCredentials.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AppUserCredentials struct {
-	Password *AppUserPasswordCredential `json:"password,omitempty"`
-	UserName string                     `json:"userName"`
-}
diff --git a/okta/appUserPasswordCredential.go b/okta/appUserPasswordCredential.go
deleted file mode 100644
index 3d0b6d5e4..000000000
--- a/okta/appUserPasswordCredential.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AppUserPasswordCredential struct {
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/application.go b/okta/application.go
deleted file mode 100644
index 2fac74f4a..000000000
--- a/okta/application.go
+++ /dev/null
@@ -1,1209 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"os"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type App interface {
-	IsApplicationInstance() bool
-}
-
-type ApplicationResource resource
-
-type Application struct {
-	Embedded      interface{}               `json:"_embedded,omitempty"`
-	Links         interface{}               `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility `json:"accessibility,omitempty"`
-	Created       *time.Time                `json:"created,omitempty"`
-	Credentials   *ApplicationCredentials   `json:"credentials,omitempty"`
-	Features      []string                  `json:"features,omitempty"`
-	Id            string                    `json:"id,omitempty"`
-	Label         string                    `json:"label,omitempty"`
-	LastUpdated   *time.Time                `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing     `json:"licensing,omitempty"`
-	Name          string                    `json:"name,omitempty"`
-	Profile       interface{}               `json:"profile,omitempty"`
-	Settings      *ApplicationSettings      `json:"settings,omitempty"`
-	SignOnMode    string                    `json:"signOnMode,omitempty"`
-	Status        string                    `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility    `json:"visibility,omitempty"`
-}
-
-func NewApplication() *Application {
-	return &Application{}
-}
-
-func (a *Application) IsApplicationInstance() bool {
-	return true
-}
-
-// Fetches an application from your Okta organization by &#x60;id&#x60;.
-func (m *ApplicationResource) GetApplication(ctx context.Context, appId string, appInstance App, qp *query.Params) (App, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	application := appInstance
-
-	resp, err := rq.Do(ctx, req, &application)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return application, resp, nil
-}
-
-// Updates an application in your organization.
-func (m *ApplicationResource) UpdateApplication(ctx context.Context, appId string, body App) (App, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	application := body
-
-	resp, err := rq.Do(ctx, req, &application)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return application, resp, nil
-}
-
-// Removes an inactive application.
-func (m *ApplicationResource) DeleteApplication(ctx context.Context, appId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.
-func (m *ApplicationResource) ListApplications(ctx context.Context, qp *query.Params) ([]App, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var application []Application
-
-	resp, err := rq.Do(ctx, req, &application)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	apps := make([]App, len(application))
-	for i := range application {
-		apps[i] = &application[i]
-	}
-	return apps, resp, nil
-}
-
-// Adds a new application to your Okta organization.
-func (m *ApplicationResource) CreateApplication(ctx context.Context, body App, qp *query.Params) (App, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	application := body
-
-	resp, err := rq.Do(ctx, req, &application)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return application, resp, nil
-}
-
-// Get default Provisioning Connection for application
-func (m *ApplicationResource) GetDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) (*ProvisioningConnection, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/connections/default", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var provisioningConnection *ProvisioningConnection
-
-	resp, err := rq.Do(ctx, req, &provisioningConnection)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return provisioningConnection, resp, nil
-}
-
-// Set default Provisioning Connection for application
-func (m *ApplicationResource) SetDefaultProvisioningConnectionForApplication(ctx context.Context, appId string, body ProvisioningConnectionRequest, qp *query.Params) (*ProvisioningConnection, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/connections/default", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var provisioningConnection *ProvisioningConnection
-
-	resp, err := rq.Do(ctx, req, &provisioningConnection)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return provisioningConnection, resp, nil
-}
-
-// Activates the default Provisioning Connection for an application.
-func (m *ApplicationResource) ActivateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/connections/default/lifecycle/activate", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Deactivates the default Provisioning Connection for an application.
-func (m *ApplicationResource) DeactivateDefaultProvisioningConnectionForApplication(ctx context.Context, appId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/connections/default/lifecycle/deactivate", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates Certificate Signing Requests for an application
-func (m *ApplicationResource) ListCsrsForApplication(ctx context.Context, appId string) ([]*Csr, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var csr []*Csr
-
-	resp, err := rq.Do(ctx, req, &csr)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return csr, resp, nil
-}
-
-// Generates a new key pair and returns the Certificate Signing Request for it.
-func (m *ApplicationResource) GenerateCsrForApplication(ctx context.Context, appId string, body CsrMetadata) (*Csr, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var csr *Csr
-
-	resp, err := rq.Do(ctx, req, &csr)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return csr, resp, nil
-}
-
-func (m *ApplicationResource) RevokeCsrFromApplication(ctx context.Context, appId string, csrId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs/%v", appId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *ApplicationResource) GetCsrForApplication(ctx context.Context, appId string, csrId string) (*Csr, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs/%v", appId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var csr *Csr
-
-	resp, err := rq.Do(ctx, req, &csr)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return csr, resp, nil
-}
-
-func (m *ApplicationResource) PublishCerCert(ctx context.Context, appId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs/%v/lifecycle/publish", appId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/x-x509-ca-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-func (m *ApplicationResource) PublishBinaryCerCert(ctx context.Context, appId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs/%v/lifecycle/publish", appId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.AsBinary().WithAccept("application/json").WithContentType("application/x-x509-ca-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-func (m *ApplicationResource) PublishDerCert(ctx context.Context, appId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs/%v/lifecycle/publish", appId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/pkix-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-func (m *ApplicationResource) PublishBinaryDerCert(ctx context.Context, appId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs/%v/lifecycle/publish", appId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.AsBinary().WithAccept("application/json").WithContentType("application/pkix-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-func (m *ApplicationResource) PublishBinaryPemCert(ctx context.Context, appId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/csrs/%v/lifecycle/publish", appId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.AsBinary().WithAccept("application/json").WithContentType("application/x-pem-file").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Enumerates key credentials for an application
-func (m *ApplicationResource) ListApplicationKeys(ctx context.Context, appId string) ([]*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/keys", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey []*JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Generates a new X.509 certificate for an application key credential
-func (m *ApplicationResource) GenerateApplicationKey(ctx context.Context, appId string, qp *query.Params) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/keys/generate", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Gets a specific application key credential by kid
-func (m *ApplicationResource) GetApplicationKey(ctx context.Context, appId string, keyId string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/keys/%v", appId, keyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Clones a X.509 certificate for an application key credential from a source application to target application.
-func (m *ApplicationResource) CloneApplicationKey(ctx context.Context, appId string, keyId string, qp *query.Params) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/keys/%v/clone", appId, keyId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Enumerates the client&#x27;s collection of secrets
-func (m *ApplicationResource) ListClientSecretsForApplication(ctx context.Context, appId string) ([]*ClientSecret, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/secrets", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var clientSecret []*ClientSecret
-
-	resp, err := rq.Do(ctx, req, &clientSecret)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return clientSecret, resp, nil
-}
-
-// Adds a new secret to the client&#x27;s collection of secrets.
-func (m *ApplicationResource) CreateNewClientSecretForApplication(ctx context.Context, appId string, body ClientSecretMetadata) (*ClientSecret, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/secrets", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var clientSecret *ClientSecret
-
-	resp, err := rq.Do(ctx, req, &clientSecret)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return clientSecret, resp, nil
-}
-
-// Removes a secret from the client&#x27;s collection of secrets.
-func (m *ApplicationResource) DeleteClientSecretForApplication(ctx context.Context, appId string, secretId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/secrets/%v", appId, secretId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets a specific client secret by secretId
-func (m *ApplicationResource) GetClientSecretForApplication(ctx context.Context, appId string, secretId string) (*ClientSecret, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/secrets/%v", appId, secretId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var clientSecret *ClientSecret
-
-	resp, err := rq.Do(ctx, req, &clientSecret)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return clientSecret, resp, nil
-}
-
-// Activates a specific client secret by secretId
-func (m *ApplicationResource) ActivateClientSecretForApplication(ctx context.Context, appId string, secretId string) (*ClientSecret, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/secrets/%v/lifecycle/activate", appId, secretId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var clientSecret *ClientSecret
-
-	resp, err := rq.Do(ctx, req, &clientSecret)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return clientSecret, resp, nil
-}
-
-// Deactivates a specific client secret by secretId
-func (m *ApplicationResource) DeactivateClientSecretForApplication(ctx context.Context, appId string, secretId string) (*ClientSecret, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/credentials/secrets/%v/lifecycle/deactivate", appId, secretId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var clientSecret *ClientSecret
-
-	resp, err := rq.Do(ctx, req, &clientSecret)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return clientSecret, resp, nil
-}
-
-// List Features for application
-func (m *ApplicationResource) ListFeaturesForApplication(ctx context.Context, appId string) ([]*ApplicationFeature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/features", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var applicationFeature []*ApplicationFeature
-
-	resp, err := rq.Do(ctx, req, &applicationFeature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return applicationFeature, resp, nil
-}
-
-// Fetches a Feature object for an application.
-func (m *ApplicationResource) GetFeatureForApplication(ctx context.Context, appId string, name string) (*ApplicationFeature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/features/%v", appId, name)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var applicationFeature *ApplicationFeature
-
-	resp, err := rq.Do(ctx, req, &applicationFeature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return applicationFeature, resp, nil
-}
-
-// Updates a Feature object for an application.
-func (m *ApplicationResource) UpdateFeatureForApplication(ctx context.Context, appId string, name string, body CapabilitiesObject) (*ApplicationFeature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/features/%v", appId, name)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var applicationFeature *ApplicationFeature
-
-	resp, err := rq.Do(ctx, req, &applicationFeature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return applicationFeature, resp, nil
-}
-
-// Lists all scope consent grants for the application
-func (m *ApplicationResource) ListScopeConsentGrants(ctx context.Context, appId string, qp *query.Params) ([]*OAuth2ScopeConsentGrant, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/grants", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2ScopeConsentGrant []*OAuth2ScopeConsentGrant
-
-	resp, err := rq.Do(ctx, req, &oAuth2ScopeConsentGrant)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2ScopeConsentGrant, resp, nil
-}
-
-// Grants consent for the application to request an OAuth 2.0 Okta scope
-func (m *ApplicationResource) GrantConsentToScope(ctx context.Context, appId string, body OAuth2ScopeConsentGrant) (*OAuth2ScopeConsentGrant, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/grants", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2ScopeConsentGrant *OAuth2ScopeConsentGrant
-
-	resp, err := rq.Do(ctx, req, &oAuth2ScopeConsentGrant)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2ScopeConsentGrant, resp, nil
-}
-
-// Revokes permission for the application to request the given scope
-func (m *ApplicationResource) RevokeScopeConsentGrant(ctx context.Context, appId string, grantId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/grants/%v", appId, grantId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches a single scope consent grant for the application
-func (m *ApplicationResource) GetScopeConsentGrant(ctx context.Context, appId string, grantId string, qp *query.Params) (*OAuth2ScopeConsentGrant, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/grants/%v", appId, grantId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2ScopeConsentGrant *OAuth2ScopeConsentGrant
-
-	resp, err := rq.Do(ctx, req, &oAuth2ScopeConsentGrant)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2ScopeConsentGrant, resp, nil
-}
-
-// Enumerates group assignments for an application.
-func (m *ApplicationResource) ListApplicationGroupAssignments(ctx context.Context, appId string, qp *query.Params) ([]*ApplicationGroupAssignment, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/groups", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var applicationGroupAssignment []*ApplicationGroupAssignment
-
-	resp, err := rq.Do(ctx, req, &applicationGroupAssignment)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return applicationGroupAssignment, resp, nil
-}
-
-// Removes a group assignment from an application.
-func (m *ApplicationResource) DeleteApplicationGroupAssignment(ctx context.Context, appId string, groupId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/groups/%v", appId, groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches an application group assignment
-func (m *ApplicationResource) GetApplicationGroupAssignment(ctx context.Context, appId string, groupId string, qp *query.Params) (*ApplicationGroupAssignment, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/groups/%v", appId, groupId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var applicationGroupAssignment *ApplicationGroupAssignment
-
-	resp, err := rq.Do(ctx, req, &applicationGroupAssignment)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return applicationGroupAssignment, resp, nil
-}
-
-// Assigns a group to an application
-func (m *ApplicationResource) CreateApplicationGroupAssignment(ctx context.Context, appId string, groupId string, body ApplicationGroupAssignment) (*ApplicationGroupAssignment, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/groups/%v", appId, groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var applicationGroupAssignment *ApplicationGroupAssignment
-
-	resp, err := rq.Do(ctx, req, &applicationGroupAssignment)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return applicationGroupAssignment, resp, nil
-}
-
-// Activates an inactive application.
-func (m *ApplicationResource) ActivateApplication(ctx context.Context, appId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/lifecycle/activate", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Deactivates an active application.
-func (m *ApplicationResource) DeactivateApplication(ctx context.Context, appId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/lifecycle/deactivate", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Update the logo for an application.
-func (m *ApplicationResource) UploadApplicationLogo(ctx context.Context, appId string, file string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/logo", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	fo, err := os.Open(file)
-	if err != nil {
-		return nil, err
-	}
-	defer fo.Close()
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	fw, err := writer.CreateFormFile("file", file)
-	if err != nil {
-		return nil, err
-	}
-	_, err = io.Copy(fw, fo)
-	if err != nil {
-		return nil, err
-	}
-	_ = writer.Close()
-
-	req, err := rq.WithAccept("application/json").WithContentType(writer.FormDataContentType()).NewRequest("POST", url, body)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Assign an application to a specific policy. This unassigns the application from its currently assigned policy.
-func (m *ApplicationResource) UpdateApplicationPolicy(ctx context.Context, appId string, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/policies/%v", appId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Previews SAML metadata based on a specific key credential for an application
-func (m *ApplicationResource) PreviewSAMLAppMetadata(ctx context.Context, appId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/sso/saml/metadata", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/xml").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Revokes all tokens for the specified application
-func (m *ApplicationResource) RevokeOAuth2TokensForApplication(ctx context.Context, appId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/tokens", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Lists all tokens for the application
-func (m *ApplicationResource) ListOAuth2TokensForApplication(ctx context.Context, appId string, qp *query.Params) ([]*OAuth2Token, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/tokens", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Token []*OAuth2Token
-
-	resp, err := rq.Do(ctx, req, &oAuth2Token)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Token, resp, nil
-}
-
-// Revokes the specified token for the specified application
-func (m *ApplicationResource) RevokeOAuth2TokenForApplication(ctx context.Context, appId string, tokenId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/tokens/%v", appId, tokenId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets a token for the specified application
-func (m *ApplicationResource) GetOAuth2TokenForApplication(ctx context.Context, appId string, tokenId string, qp *query.Params) (*OAuth2Token, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/tokens/%v", appId, tokenId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Token *OAuth2Token
-
-	resp, err := rq.Do(ctx, req, &oAuth2Token)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Token, resp, nil
-}
-
-// Enumerates all assigned [application users](#application-user-model) for an application.
-func (m *ApplicationResource) ListApplicationUsers(ctx context.Context, appId string, qp *query.Params) ([]*AppUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/users", appId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var appUser []*AppUser
-
-	resp, err := rq.Do(ctx, req, &appUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return appUser, resp, nil
-}
-
-// Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.
-func (m *ApplicationResource) AssignUserToApplication(ctx context.Context, appId string, body AppUser) (*AppUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/users", appId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var appUser *AppUser
-
-	resp, err := rq.Do(ctx, req, &appUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return appUser, resp, nil
-}
-
-// Removes an assignment for a user from an application.
-func (m *ApplicationResource) DeleteApplicationUser(ctx context.Context, appId string, userId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/users/%v", appId, userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches a specific user assignment for application by &#x60;id&#x60;.
-func (m *ApplicationResource) GetApplicationUser(ctx context.Context, appId string, userId string, qp *query.Params) (*AppUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/users/%v", appId, userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var appUser *AppUser
-
-	resp, err := rq.Do(ctx, req, &appUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return appUser, resp, nil
-}
-
-// Updates a user&#x27;s profile for an application
-func (m *ApplicationResource) UpdateApplicationUser(ctx context.Context, appId string, userId string, body AppUser) (*AppUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/users/%v", appId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var appUser *AppUser
-
-	resp, err := rq.Do(ctx, req, &appUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return appUser, resp, nil
-}
diff --git a/okta/applicationAccessibility.go b/okta/applicationAccessibility.go
deleted file mode 100644
index 0223bd47f..000000000
--- a/okta/applicationAccessibility.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationAccessibility struct {
-	ErrorRedirectUrl string `json:"errorRedirectUrl,omitempty"`
-	LoginRedirectUrl string `json:"loginRedirectUrl,omitempty"`
-	SelfService      *bool  `json:"selfService,omitempty"`
-}
diff --git a/okta/applicationCredentials.go b/okta/applicationCredentials.go
deleted file mode 100644
index bb5d49139..000000000
--- a/okta/applicationCredentials.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationCredentials struct {
-	Signing          *ApplicationCredentialsSigning          `json:"signing,omitempty"`
-	UserNameTemplate *ApplicationCredentialsUsernameTemplate `json:"userNameTemplate,omitempty"`
-}
diff --git a/okta/applicationCredentialsOAuthClient.go b/okta/applicationCredentialsOAuthClient.go
deleted file mode 100644
index 137f5075f..000000000
--- a/okta/applicationCredentialsOAuthClient.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationCredentialsOAuthClient struct {
-	AutoKeyRotation         *bool  `json:"autoKeyRotation,omitempty"`
-	ClientId                string `json:"client_id,omitempty"`
-	ClientSecret            string `json:"client_secret,omitempty"`
-	PkceRequired            *bool  `json:"pkce_required,omitempty"`
-	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`
-}
diff --git a/okta/applicationCredentialsScheme.go b/okta/applicationCredentialsScheme.go
deleted file mode 100644
index 9fabcdba4..000000000
--- a/okta/applicationCredentialsScheme.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationCredentialsScheme string
diff --git a/okta/applicationCredentialsSigning.go b/okta/applicationCredentialsSigning.go
deleted file mode 100644
index 278b2b7ac..000000000
--- a/okta/applicationCredentialsSigning.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type ApplicationCredentialsSigning struct {
-	Kid          string     `json:"kid,omitempty"`
-	LastRotated  *time.Time `json:"lastRotated,omitempty"`
-	NextRotation *time.Time `json:"nextRotation,omitempty"`
-	RotationMode string     `json:"rotationMode,omitempty"`
-	Use          string     `json:"use,omitempty"`
-}
diff --git a/okta/applicationCredentialsSigningUse.go b/okta/applicationCredentialsSigningUse.go
deleted file mode 100644
index a689044dd..000000000
--- a/okta/applicationCredentialsSigningUse.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationCredentialsSigningUse string
diff --git a/okta/applicationCredentialsUsernameTemplate.go b/okta/applicationCredentialsUsernameTemplate.go
deleted file mode 100644
index 4d6649a62..000000000
--- a/okta/applicationCredentialsUsernameTemplate.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationCredentialsUsernameTemplate struct {
-	PushStatus string `json:"pushStatus,omitempty"`
-	Suffix     string `json:"suffix,omitempty"`
-	Template   string `json:"template,omitempty"`
-	Type       string `json:"type,omitempty"`
-}
diff --git a/okta/applicationFeature.go b/okta/applicationFeature.go
deleted file mode 100644
index d7b2abc1a..000000000
--- a/okta/applicationFeature.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationFeatureResource resource
-
-type ApplicationFeature struct {
-	Links        interface{}         `json:"_links,omitempty"`
-	Capabilities *CapabilitiesObject `json:"capabilities,omitempty"`
-	Description  string              `json:"description,omitempty"`
-	Name         string              `json:"name,omitempty"`
-	Status       string              `json:"status,omitempty"`
-}
-
-func NewApplicationFeature() *ApplicationFeature {
-	return &ApplicationFeature{}
-}
-
-func (a *ApplicationFeature) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/applicationGroupAssignment.go b/okta/applicationGroupAssignment.go
deleted file mode 100644
index 67002c321..000000000
--- a/okta/applicationGroupAssignment.go
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"time"
-)
-
-type ApplicationGroupAssignmentResource resource
-
-type ApplicationGroupAssignment struct {
-	Embedded    interface{} `json:"_embedded,omitempty"`
-	Links       interface{} `json:"_links,omitempty"`
-	Id          string      `json:"id,omitempty"`
-	LastUpdated *time.Time  `json:"lastUpdated,omitempty"`
-	Priority    int64       `json:"-"`
-	PriorityPtr *int64      `json:"priority,omitempty"`
-	Profile     interface{} `json:"profile,omitempty"`
-}
-
-// Removes a group assignment from an application.
-func (m *ApplicationGroupAssignmentResource) DeleteApplicationGroupAssignment(ctx context.Context, appId string, groupId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/apps/%v/groups/%v", appId, groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (a *ApplicationGroupAssignment) MarshalJSON() ([]byte, error) {
-	type Alias ApplicationGroupAssignment
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *ApplicationGroupAssignment) UnmarshalJSON(data []byte) error {
-	type Alias ApplicationGroupAssignment
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/applicationLicensing.go b/okta/applicationLicensing.go
deleted file mode 100644
index fe99323ea..000000000
--- a/okta/applicationLicensing.go
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type ApplicationLicensing struct {
-	SeatCount    int64  `json:"-"`
-	SeatCountPtr *int64 `json:"seatCount,omitempty"`
-}
-
-func (a *ApplicationLicensing) MarshalJSON() ([]byte, error) {
-	type Alias ApplicationLicensing
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.SeatCount != 0 {
-		result.SeatCountPtr = Int64Ptr(a.SeatCount)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *ApplicationLicensing) UnmarshalJSON(data []byte) error {
-	type Alias ApplicationLicensing
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.SeatCountPtr != nil {
-		a.SeatCount = *result.SeatCountPtr
-		a.SeatCountPtr = result.SeatCountPtr
-	}
-	return nil
-}
diff --git a/okta/applicationSettings.go b/okta/applicationSettings.go
deleted file mode 100644
index 426fc7dc1..000000000
--- a/okta/applicationSettings.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationSettings struct {
-	App                *ApplicationSettingsApplication   `json:"app,omitempty"`
-	ImplicitAssignment *bool                             `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                            `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes         `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications `json:"notifications,omitempty"`
-}
diff --git a/okta/applicationSettingsApplication.go b/okta/applicationSettingsApplication.go
deleted file mode 100644
index 095e11780..000000000
--- a/okta/applicationSettingsApplication.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationSettingsApplication map[string]interface{}
diff --git a/okta/applicationSettingsNotes.go b/okta/applicationSettingsNotes.go
deleted file mode 100644
index 956b78f0e..000000000
--- a/okta/applicationSettingsNotes.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationSettingsNotes struct {
-	Admin   *string `json:"admin"`
-	Enduser *string `json:"enduser"`
-}
diff --git a/okta/applicationSettingsNotifications.go b/okta/applicationSettingsNotifications.go
deleted file mode 100644
index 43089fd2f..000000000
--- a/okta/applicationSettingsNotifications.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationSettingsNotifications struct {
-	Vpn *ApplicationSettingsNotificationsVpn `json:"vpn,omitempty"`
-}
diff --git a/okta/applicationSettingsNotificationsVpn.go b/okta/applicationSettingsNotificationsVpn.go
deleted file mode 100644
index 3de19a5bf..000000000
--- a/okta/applicationSettingsNotificationsVpn.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationSettingsNotificationsVpn struct {
-	HelpUrl string                                      `json:"helpUrl,omitempty"`
-	Message string                                      `json:"message,omitempty"`
-	Network *ApplicationSettingsNotificationsVpnNetwork `json:"network,omitempty"`
-}
diff --git a/okta/applicationSettingsNotificationsVpnNetwork.go b/okta/applicationSettingsNotificationsVpnNetwork.go
deleted file mode 100644
index d1ee9260b..000000000
--- a/okta/applicationSettingsNotificationsVpnNetwork.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationSettingsNotificationsVpnNetwork struct {
-	Connection string   `json:"connection,omitempty"`
-	Exclude    []string `json:"exclude,omitempty"`
-	Include    []string `json:"include,omitempty"`
-}
diff --git a/okta/applicationSignOnMode.go b/okta/applicationSignOnMode.go
deleted file mode 100644
index 9f6bea483..000000000
--- a/okta/applicationSignOnMode.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationSignOnMode string
diff --git a/okta/applicationVisibility.go b/okta/applicationVisibility.go
deleted file mode 100644
index 64fd77277..000000000
--- a/okta/applicationVisibility.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationVisibility struct {
-	AppLinks          map[string]bool            `json:"appLinks,omitempty"`
-	AutoLaunch        *bool                      `json:"autoLaunch,omitempty"`
-	AutoSubmitToolbar *bool                      `json:"autoSubmitToolbar,omitempty"`
-	Hide              *ApplicationVisibilityHide `json:"hide,omitempty"`
-}
diff --git a/okta/applicationVisibilityHide.go b/okta/applicationVisibilityHide.go
deleted file mode 100644
index 0fb7938ed..000000000
--- a/okta/applicationVisibilityHide.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ApplicationVisibilityHide struct {
-	IOS *bool `json:"iOS,omitempty"`
-	Web *bool `json:"web,omitempty"`
-}
diff --git a/tests/fixtures/logo.png b/okta/asset/logo.png
similarity index 100%
rename from tests/fixtures/logo.png
rename to okta/asset/logo.png
diff --git a/okta/assignRoleRequest.go b/okta/assignRoleRequest.go
deleted file mode 100644
index 5d866f167..000000000
--- a/okta/assignRoleRequest.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AssignRoleRequest struct {
-	Type string `json:"type,omitempty"`
-}
diff --git a/okta/authenticationProvider.go b/okta/authenticationProvider.go
deleted file mode 100644
index a676c1a4b..000000000
--- a/okta/authenticationProvider.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthenticationProvider struct {
-	Name string `json:"name,omitempty"`
-	Type string `json:"type,omitempty"`
-}
diff --git a/okta/authenticationProviderType.go b/okta/authenticationProviderType.go
deleted file mode 100644
index c497121f8..000000000
--- a/okta/authenticationProviderType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthenticationProviderType string
diff --git a/okta/authenticator.go b/okta/authenticator.go
deleted file mode 100644
index 3244f1826..000000000
--- a/okta/authenticator.go
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type AuthenticatorResource resource
-
-type Authenticator struct {
-	Links       interface{}            `json:"_links,omitempty"`
-	Created     *time.Time             `json:"created,omitempty"`
-	Id          string                 `json:"id,omitempty"`
-	Key         string                 `json:"key,omitempty"`
-	LastUpdated *time.Time             `json:"lastUpdated,omitempty"`
-	Name        string                 `json:"name,omitempty"`
-	Provider    *AuthenticatorProvider `json:"provider,omitempty"`
-	Settings    *AuthenticatorSettings `json:"settings,omitempty"`
-	Status      string                 `json:"status,omitempty"`
-	Type        string                 `json:"type,omitempty"`
-}
-
-func (m *AuthenticatorResource) GetAuthenticator(ctx context.Context, authenticatorId string) (*Authenticator, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authenticators/%v", authenticatorId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authenticator *Authenticator
-
-	resp, err := rq.Do(ctx, req, &authenticator)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authenticator, resp, nil
-}
-
-// Updates an authenticator
-func (m *AuthenticatorResource) UpdateAuthenticator(ctx context.Context, authenticatorId string, body Authenticator) (*Authenticator, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authenticators/%v", authenticatorId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authenticator *Authenticator
-
-	resp, err := rq.Do(ctx, req, &authenticator)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authenticator, resp, nil
-}
-
-// List Authenticators
-func (m *AuthenticatorResource) ListAuthenticators(ctx context.Context) ([]*Authenticator, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authenticators")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authenticator []*Authenticator
-
-	resp, err := rq.Do(ctx, req, &authenticator)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authenticator, resp, nil
-}
-
-// Create Authenticator
-func (m *AuthenticatorResource) CreateAuthenticator(ctx context.Context, body Authenticator, qp *query.Params) (*Authenticator, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authenticators")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authenticator *Authenticator
-
-	resp, err := rq.Do(ctx, req, &authenticator)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authenticator, resp, nil
-}
-
-func (m *AuthenticatorResource) ActivateAuthenticator(ctx context.Context, authenticatorId string) (*Authenticator, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authenticators/%v/lifecycle/activate", authenticatorId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authenticator *Authenticator
-
-	resp, err := rq.Do(ctx, req, &authenticator)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authenticator, resp, nil
-}
-
-func (m *AuthenticatorResource) DeactivateAuthenticator(ctx context.Context, authenticatorId string) (*Authenticator, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authenticators/%v/lifecycle/deactivate", authenticatorId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authenticator *Authenticator
-
-	resp, err := rq.Do(ctx, req, &authenticator)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authenticator, resp, nil
-}
diff --git a/okta/authenticatorProvider.go b/okta/authenticatorProvider.go
deleted file mode 100644
index 0e79ef980..000000000
--- a/okta/authenticatorProvider.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthenticatorProvider struct {
-	Configuration *AuthenticatorProviderConfiguration `json:"configuration,omitempty"`
-	Type          string                              `json:"type,omitempty"`
-}
diff --git a/okta/authenticatorProviderConfiguration.go b/okta/authenticatorProviderConfiguration.go
deleted file mode 100644
index 1a38c35dd..000000000
--- a/okta/authenticatorProviderConfiguration.go
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type AuthenticatorProviderConfiguration struct {
-	AuthPort         int64                                            `json:"-"`
-	AuthPortPtr      *int64                                           `json:"authPort,omitempty"`
-	Host             string                                           `json:"host,omitempty"`
-	HostName         string                                           `json:"hostName,omitempty"`
-	InstanceId       string                                           `json:"instanceId,omitempty"`
-	IntegrationKey   string                                           `json:"integrationKey,omitempty"`
-	SecretKey        string                                           `json:"secretKey,omitempty"`
-	SharedSecret     string                                           `json:"sharedSecret,omitempty"`
-	UserNameTemplate *AuthenticatorProviderConfigurationUserNamePlate `json:"userNameTemplate,omitempty"`
-}
-
-func (a *AuthenticatorProviderConfiguration) MarshalJSON() ([]byte, error) {
-	type Alias AuthenticatorProviderConfiguration
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.AuthPort != 0 {
-		result.AuthPortPtr = Int64Ptr(a.AuthPort)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AuthenticatorProviderConfiguration) UnmarshalJSON(data []byte) error {
-	type Alias AuthenticatorProviderConfiguration
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.AuthPortPtr != nil {
-		a.AuthPort = *result.AuthPortPtr
-		a.AuthPortPtr = result.AuthPortPtr
-	}
-	return nil
-}
diff --git a/okta/authenticatorProviderConfigurationUserNamePlate.go b/okta/authenticatorProviderConfigurationUserNamePlate.go
deleted file mode 100644
index 13711a806..000000000
--- a/okta/authenticatorProviderConfigurationUserNamePlate.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthenticatorProviderConfigurationUserNamePlate struct {
-	Template string `json:"template,omitempty"`
-}
diff --git a/okta/authenticatorSettings.go b/okta/authenticatorSettings.go
deleted file mode 100644
index c9695ee57..000000000
--- a/okta/authenticatorSettings.go
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type AuthenticatorSettings struct {
-	AllowedFor                string          `json:"allowedFor,omitempty"`
-	AppInstanceId             string          `json:"appInstanceId,omitempty"`
-	ChannelBinding            *ChannelBinding `json:"channelBinding,omitempty"`
-	Compliance                *Compliance     `json:"compliance,omitempty"`
-	TokenLifetimeInMinutes    int64           `json:"-"`
-	TokenLifetimeInMinutesPtr *int64          `json:"tokenLifetimeInMinutes,omitempty"`
-	UserVerification          string          `json:"userVerification,omitempty"`
-}
-
-func (a *AuthenticatorSettings) MarshalJSON() ([]byte, error) {
-	type Alias AuthenticatorSettings
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.TokenLifetimeInMinutes != 0 {
-		result.TokenLifetimeInMinutesPtr = Int64Ptr(a.TokenLifetimeInMinutes)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AuthenticatorSettings) UnmarshalJSON(data []byte) error {
-	type Alias AuthenticatorSettings
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.TokenLifetimeInMinutesPtr != nil {
-		a.TokenLifetimeInMinutes = *result.TokenLifetimeInMinutesPtr
-		a.TokenLifetimeInMinutesPtr = result.TokenLifetimeInMinutesPtr
-	}
-	return nil
-}
diff --git a/okta/authenticatorStatus.go b/okta/authenticatorStatus.go
deleted file mode 100644
index 2cc238300..000000000
--- a/okta/authenticatorStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthenticatorStatus string
diff --git a/okta/authenticatorType.go b/okta/authenticatorType.go
deleted file mode 100644
index 57f951b44..000000000
--- a/okta/authenticatorType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthenticatorType string
diff --git a/okta/authorizationServer.go b/okta/authorizationServer.go
deleted file mode 100644
index 59727a084..000000000
--- a/okta/authorizationServer.go
+++ /dev/null
@@ -1,799 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type AuthorizationServerResource resource
-
-type AuthorizationServer struct {
-	Links       interface{}                     `json:"_links,omitempty"`
-	Audiences   []string                        `json:"audiences,omitempty"`
-	Created     *time.Time                      `json:"created,omitempty"`
-	Credentials *AuthorizationServerCredentials `json:"credentials,omitempty"`
-	Default     *bool                           `json:"default,omitempty"`
-	Description string                          `json:"description,omitempty"`
-	Id          string                          `json:"id,omitempty"`
-	Issuer      string                          `json:"issuer,omitempty"`
-	IssuerMode  string                          `json:"issuerMode,omitempty"`
-	LastUpdated *time.Time                      `json:"lastUpdated,omitempty"`
-	Name        string                          `json:"name,omitempty"`
-	Status      string                          `json:"status,omitempty"`
-}
-
-func (m *AuthorizationServerResource) CreateAuthorizationServer(ctx context.Context, body AuthorizationServer) (*AuthorizationServer, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServer *AuthorizationServer
-
-	resp, err := rq.Do(ctx, req, &authorizationServer)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServer, resp, nil
-}
-
-func (m *AuthorizationServerResource) GetAuthorizationServer(ctx context.Context, authServerId string) (*AuthorizationServer, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServer *AuthorizationServer
-
-	resp, err := rq.Do(ctx, req, &authorizationServer)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServer, resp, nil
-}
-
-func (m *AuthorizationServerResource) UpdateAuthorizationServer(ctx context.Context, authServerId string, body AuthorizationServer) (*AuthorizationServer, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServer *AuthorizationServer
-
-	resp, err := rq.Do(ctx, req, &authorizationServer)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServer, resp, nil
-}
-
-func (m *AuthorizationServerResource) DeleteAuthorizationServer(ctx context.Context, authServerId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) ListAuthorizationServers(ctx context.Context, qp *query.Params) ([]*AuthorizationServer, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServer []*AuthorizationServer
-
-	resp, err := rq.Do(ctx, req, &authorizationServer)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServer, resp, nil
-}
-
-func (m *AuthorizationServerResource) ListOAuth2Claims(ctx context.Context, authServerId string) ([]*OAuth2Claim, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/claims", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Claim []*OAuth2Claim
-
-	resp, err := rq.Do(ctx, req, &oAuth2Claim)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Claim, resp, nil
-}
-
-func (m *AuthorizationServerResource) CreateOAuth2Claim(ctx context.Context, authServerId string, body OAuth2Claim) (*OAuth2Claim, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/claims", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Claim *OAuth2Claim
-
-	resp, err := rq.Do(ctx, req, &oAuth2Claim)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Claim, resp, nil
-}
-
-func (m *AuthorizationServerResource) DeleteOAuth2Claim(ctx context.Context, authServerId string, claimId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/claims/%v", authServerId, claimId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) GetOAuth2Claim(ctx context.Context, authServerId string, claimId string) (*OAuth2Claim, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/claims/%v", authServerId, claimId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Claim *OAuth2Claim
-
-	resp, err := rq.Do(ctx, req, &oAuth2Claim)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Claim, resp, nil
-}
-
-func (m *AuthorizationServerResource) UpdateOAuth2Claim(ctx context.Context, authServerId string, claimId string, body OAuth2Claim) (*OAuth2Claim, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/claims/%v", authServerId, claimId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Claim *OAuth2Claim
-
-	resp, err := rq.Do(ctx, req, &oAuth2Claim)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Claim, resp, nil
-}
-
-func (m *AuthorizationServerResource) ListOAuth2ClientsForAuthorizationServer(ctx context.Context, authServerId string) ([]*OAuth2Client, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/clients", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Client []*OAuth2Client
-
-	resp, err := rq.Do(ctx, req, &oAuth2Client)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Client, resp, nil
-}
-
-func (m *AuthorizationServerResource) RevokeRefreshTokensForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/clients/%v/tokens", authServerId, clientId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) ListRefreshTokensForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string, qp *query.Params) ([]*OAuth2RefreshToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/clients/%v/tokens", authServerId, clientId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2RefreshToken []*OAuth2RefreshToken
-
-	resp, err := rq.Do(ctx, req, &oAuth2RefreshToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2RefreshToken, resp, nil
-}
-
-func (m *AuthorizationServerResource) RevokeRefreshTokenForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string, tokenId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/clients/%v/tokens/%v", authServerId, clientId, tokenId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) GetRefreshTokenForAuthorizationServerAndClient(ctx context.Context, authServerId string, clientId string, tokenId string, qp *query.Params) (*OAuth2RefreshToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/clients/%v/tokens/%v", authServerId, clientId, tokenId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2RefreshToken *OAuth2RefreshToken
-
-	resp, err := rq.Do(ctx, req, &oAuth2RefreshToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2RefreshToken, resp, nil
-}
-
-func (m *AuthorizationServerResource) ListAuthorizationServerKeys(ctx context.Context, authServerId string) ([]*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/credentials/keys", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey []*JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-func (m *AuthorizationServerResource) RotateAuthorizationServerKeys(ctx context.Context, authServerId string, body JwkUse) ([]*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/credentials/lifecycle/keyRotate", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey []*JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-func (m *AuthorizationServerResource) ActivateAuthorizationServer(ctx context.Context, authServerId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/lifecycle/activate", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) DeactivateAuthorizationServer(ctx context.Context, authServerId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/lifecycle/deactivate", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) ListAuthorizationServerPolicies(ctx context.Context, authServerId string) ([]*AuthorizationServerPolicy, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicy []*AuthorizationServerPolicy
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicy, resp, nil
-}
-
-func (m *AuthorizationServerResource) CreateAuthorizationServerPolicy(ctx context.Context, authServerId string, body AuthorizationServerPolicy) (*AuthorizationServerPolicy, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicy *AuthorizationServerPolicy
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicy, resp, nil
-}
-
-func (m *AuthorizationServerResource) DeleteAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) GetAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) (*AuthorizationServerPolicy, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicy *AuthorizationServerPolicy
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicy, resp, nil
-}
-
-func (m *AuthorizationServerResource) UpdateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string, body AuthorizationServerPolicy) (*AuthorizationServerPolicy, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicy *AuthorizationServerPolicy
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicy, resp, nil
-}
-
-// Activate Authorization Server Policy
-func (m *AuthorizationServerResource) ActivateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/lifecycle/activate", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Deactivate Authorization Server Policy
-func (m *AuthorizationServerResource) DeactivateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/lifecycle/deactivate", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates all policy rules for the specified Custom Authorization Server and Policy.
-func (m *AuthorizationServerResource) ListAuthorizationServerPolicyRules(ctx context.Context, authServerId string, policyId string) ([]*AuthorizationServerPolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicyRule []*AuthorizationServerPolicyRule
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicyRule, resp, nil
-}
-
-// Creates a policy rule for the specified Custom Authorization Server and Policy.
-func (m *AuthorizationServerResource) CreateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, body AuthorizationServerPolicyRule) (*AuthorizationServerPolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicyRule *AuthorizationServerPolicyRule
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicyRule, resp, nil
-}
-
-// Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.
-func (m *AuthorizationServerResource) DeleteAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules/%v", authServerId, policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.
-func (m *AuthorizationServerResource) GetAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) (*AuthorizationServerPolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules/%v", authServerId, policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicyRule *AuthorizationServerPolicyRule
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicyRule, resp, nil
-}
-
-// Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.
-func (m *AuthorizationServerResource) UpdateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string, body AuthorizationServerPolicyRule) (*AuthorizationServerPolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules/%v", authServerId, policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicyRule *AuthorizationServerPolicyRule
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicyRule, resp, nil
-}
-
-// Activate Authorization Server Policy Rule
-func (m *AuthorizationServerResource) ActivateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules/%v/lifecycle/activate", authServerId, policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Deactivate Authorization Server Policy Rule
-func (m *AuthorizationServerResource) DeactivateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules/%v/lifecycle/deactivate", authServerId, policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) ListOAuth2Scopes(ctx context.Context, authServerId string, qp *query.Params) ([]*OAuth2Scope, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/scopes", authServerId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Scope []*OAuth2Scope
-
-	resp, err := rq.Do(ctx, req, &oAuth2Scope)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Scope, resp, nil
-}
-
-func (m *AuthorizationServerResource) CreateOAuth2Scope(ctx context.Context, authServerId string, body OAuth2Scope) (*OAuth2Scope, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/scopes", authServerId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Scope *OAuth2Scope
-
-	resp, err := rq.Do(ctx, req, &oAuth2Scope)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Scope, resp, nil
-}
-
-func (m *AuthorizationServerResource) DeleteOAuth2Scope(ctx context.Context, authServerId string, scopeId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/scopes/%v", authServerId, scopeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *AuthorizationServerResource) GetOAuth2Scope(ctx context.Context, authServerId string, scopeId string) (*OAuth2Scope, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/scopes/%v", authServerId, scopeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Scope *OAuth2Scope
-
-	resp, err := rq.Do(ctx, req, &oAuth2Scope)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Scope, resp, nil
-}
-
-func (m *AuthorizationServerResource) UpdateOAuth2Scope(ctx context.Context, authServerId string, scopeId string, body OAuth2Scope) (*OAuth2Scope, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/scopes/%v", authServerId, scopeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Scope *OAuth2Scope
-
-	resp, err := rq.Do(ctx, req, &oAuth2Scope)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Scope, resp, nil
-}
diff --git a/okta/authorizationServerCredentials.go b/okta/authorizationServerCredentials.go
deleted file mode 100644
index 44766998f..000000000
--- a/okta/authorizationServerCredentials.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthorizationServerCredentials struct {
-	Signing *AuthorizationServerCredentialsSigningConfig `json:"signing,omitempty"`
-}
diff --git a/okta/authorizationServerCredentialsRotationMode.go b/okta/authorizationServerCredentialsRotationMode.go
deleted file mode 100644
index 9284de68f..000000000
--- a/okta/authorizationServerCredentialsRotationMode.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthorizationServerCredentialsRotationMode string
diff --git a/okta/authorizationServerCredentialsSigningConfig.go b/okta/authorizationServerCredentialsSigningConfig.go
deleted file mode 100644
index bf45ba9bd..000000000
--- a/okta/authorizationServerCredentialsSigningConfig.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type AuthorizationServerCredentialsSigningConfig struct {
-	Kid          string     `json:"kid,omitempty"`
-	LastRotated  *time.Time `json:"lastRotated,omitempty"`
-	NextRotation *time.Time `json:"nextRotation,omitempty"`
-	RotationMode string     `json:"rotationMode,omitempty"`
-	Use          string     `json:"use,omitempty"`
-}
diff --git a/okta/authorizationServerCredentialsUse.go b/okta/authorizationServerCredentialsUse.go
deleted file mode 100644
index 9d1bbc09a..000000000
--- a/okta/authorizationServerCredentialsUse.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthorizationServerCredentialsUse string
diff --git a/okta/authorizationServerPolicy.go b/okta/authorizationServerPolicy.go
deleted file mode 100644
index 3dfb4faa8..000000000
--- a/okta/authorizationServerPolicy.go
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"time"
-)
-
-type AuthorizationServerPolicyResource resource
-
-type AuthorizationServerPolicy struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Conditions  *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	Description string                `json:"description,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Name        string                `json:"name,omitempty"`
-	Priority    int64                 `json:"-"`
-	PriorityPtr *int64                `json:"priority,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	System      *bool                 `json:"system,omitempty"`
-	Type        string                `json:"type,omitempty"`
-}
-
-func (m *AuthorizationServerPolicyResource) GetAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) (*AuthorizationServerPolicy, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicy *AuthorizationServerPolicy
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicy, resp, nil
-}
-
-func (m *AuthorizationServerPolicyResource) UpdateAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string, body AuthorizationServerPolicy) (*AuthorizationServerPolicy, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicy *AuthorizationServerPolicy
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicy, resp, nil
-}
-
-func (m *AuthorizationServerPolicyResource) DeleteAuthorizationServerPolicy(ctx context.Context, authServerId string, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v", authServerId, policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (a *AuthorizationServerPolicy) MarshalJSON() ([]byte, error) {
-	type Alias AuthorizationServerPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AuthorizationServerPolicy) UnmarshalJSON(data []byte) error {
-	type Alias AuthorizationServerPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/authorizationServerPolicyRule.go b/okta/authorizationServerPolicyRule.go
deleted file mode 100644
index afc27b2b6..000000000
--- a/okta/authorizationServerPolicyRule.go
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"time"
-)
-
-type AuthorizationServerPolicyRuleResource resource
-
-type AuthorizationServerPolicyRule struct {
-	Actions     *AuthorizationServerPolicyRuleActions    `json:"actions,omitempty"`
-	Conditions  *AuthorizationServerPolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time                               `json:"created,omitempty"`
-	Id          string                                   `json:"id,omitempty"`
-	LastUpdated *time.Time                               `json:"lastUpdated,omitempty"`
-	Name        string                                   `json:"name,omitempty"`
-	Priority    int64                                    `json:"-"`
-	PriorityPtr *int64                                   `json:"priority,omitempty"`
-	Status      string                                   `json:"status,omitempty"`
-	System      *bool                                    `json:"system,omitempty"`
-	Type        string                                   `json:"type,omitempty"`
-}
-
-// Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.
-func (m *AuthorizationServerPolicyRuleResource) UpdateAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string, body AuthorizationServerPolicyRule) (*AuthorizationServerPolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules/%v", authServerId, policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var authorizationServerPolicyRule *AuthorizationServerPolicyRule
-
-	resp, err := rq.Do(ctx, req, &authorizationServerPolicyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return authorizationServerPolicyRule, resp, nil
-}
-
-// Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.
-func (m *AuthorizationServerPolicyRuleResource) DeleteAuthorizationServerPolicyRule(ctx context.Context, authServerId string, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/authorizationServers/%v/policies/%v/rules/%v", authServerId, policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (a *AuthorizationServerPolicyRule) MarshalJSON() ([]byte, error) {
-	type Alias AuthorizationServerPolicyRule
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *AuthorizationServerPolicyRule) UnmarshalJSON(data []byte) error {
-	type Alias AuthorizationServerPolicyRule
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/authorizationServerPolicyRuleActions.go b/okta/authorizationServerPolicyRuleActions.go
deleted file mode 100644
index 0ff3e7b85..000000000
--- a/okta/authorizationServerPolicyRuleActions.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthorizationServerPolicyRuleActions struct {
-	Token *TokenAuthorizationServerPolicyRuleAction `json:"token,omitempty"`
-}
diff --git a/okta/authorizationServerPolicyRuleConditions.go b/okta/authorizationServerPolicyRuleConditions.go
deleted file mode 100644
index 54be6aafb..000000000
--- a/okta/authorizationServerPolicyRuleConditions.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AuthorizationServerPolicyRuleConditions struct {
-	Clients    *ClientPolicyCondition                    `json:"clients,omitempty"`
-	GrantTypes *GrantTypePolicyRuleCondition             `json:"grantTypes,omitempty"`
-	People     *PolicyPeopleCondition                    `json:"people,omitempty"`
-	Scopes     *OAuth2ScopesMediationPolicyRuleCondition `json:"scopes,omitempty"`
-}
diff --git a/okta/autoLoginApplication.go b/okta/autoLoginApplication.go
deleted file mode 100644
index e7c247554..000000000
--- a/okta/autoLoginApplication.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type AutoLoginApplication struct {
-	Embedded      interface{}                   `json:"_embedded,omitempty"`
-	Links         interface{}                   `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility     `json:"accessibility,omitempty"`
-	Created       *time.Time                    `json:"created,omitempty"`
-	Credentials   *SchemeApplicationCredentials `json:"credentials,omitempty"`
-	Features      []string                      `json:"features,omitempty"`
-	Id            string                        `json:"id,omitempty"`
-	Label         string                        `json:"label,omitempty"`
-	LastUpdated   *time.Time                    `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing         `json:"licensing,omitempty"`
-	Name          string                        `json:"name,omitempty"`
-	Profile       interface{}                   `json:"profile,omitempty"`
-	Settings      *AutoLoginApplicationSettings `json:"settings,omitempty"`
-	SignOnMode    string                        `json:"signOnMode,omitempty"`
-	Status        string                        `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility        `json:"visibility,omitempty"`
-}
-
-func NewAutoLoginApplication() *AutoLoginApplication {
-	return &AutoLoginApplication{
-		SignOnMode: "AUTO_LOGIN",
-	}
-}
-
-func (a *AutoLoginApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/autoLoginApplicationSettings.go b/okta/autoLoginApplicationSettings.go
deleted file mode 100644
index ec5da95fc..000000000
--- a/okta/autoLoginApplicationSettings.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AutoLoginApplicationSettings struct {
-	App                *ApplicationSettingsApplication     `json:"app,omitempty"`
-	ImplicitAssignment *bool                               `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                              `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes           `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications   `json:"notifications,omitempty"`
-	SignOn             *AutoLoginApplicationSettingsSignOn `json:"signOn,omitempty"`
-}
diff --git a/okta/autoLoginApplicationSettingsSignOn.go b/okta/autoLoginApplicationSettingsSignOn.go
deleted file mode 100644
index f6a7ad141..000000000
--- a/okta/autoLoginApplicationSettingsSignOn.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type AutoLoginApplicationSettingsSignOn struct {
-	LoginUrl    string `json:"loginUrl,omitempty"`
-	RedirectUrl string `json:"redirectUrl,omitempty"`
-}
diff --git a/okta/basicApplicationSettings.go b/okta/basicApplicationSettings.go
deleted file mode 100644
index 30a2418c3..000000000
--- a/okta/basicApplicationSettings.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type BasicApplicationSettings struct {
-	App                *BasicApplicationSettingsApplication `json:"app,omitempty"`
-	ImplicitAssignment *bool                                `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                               `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes            `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications    `json:"notifications,omitempty"`
-}
diff --git a/okta/basicApplicationSettingsApplication.go b/okta/basicApplicationSettingsApplication.go
deleted file mode 100644
index 877b73829..000000000
--- a/okta/basicApplicationSettingsApplication.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type BasicApplicationSettingsApplication struct {
-	AuthURL string `json:"authURL,omitempty"`
-	Url     string `json:"url,omitempty"`
-}
diff --git a/okta/basicAuthApplication.go b/okta/basicAuthApplication.go
deleted file mode 100644
index 771a29502..000000000
--- a/okta/basicAuthApplication.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type BasicAuthApplication struct {
-	Embedded      interface{}                   `json:"_embedded,omitempty"`
-	Links         interface{}                   `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility     `json:"accessibility,omitempty"`
-	Created       *time.Time                    `json:"created,omitempty"`
-	Credentials   *SchemeApplicationCredentials `json:"credentials,omitempty"`
-	Features      []string                      `json:"features,omitempty"`
-	Id            string                        `json:"id,omitempty"`
-	Label         string                        `json:"label,omitempty"`
-	LastUpdated   *time.Time                    `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing         `json:"licensing,omitempty"`
-	Name          string                        `json:"name,omitempty"`
-	Profile       interface{}                   `json:"profile,omitempty"`
-	Settings      *BasicApplicationSettings     `json:"settings,omitempty"`
-	SignOnMode    string                        `json:"signOnMode,omitempty"`
-	Status        string                        `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility        `json:"visibility,omitempty"`
-}
-
-func NewBasicAuthApplication() *BasicAuthApplication {
-	return &BasicAuthApplication{
-		Name:       "template_basic_auth",
-		SignOnMode: "BASIC_AUTH",
-	}
-}
-
-func (a *BasicAuthApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/beforeScheduledActionPolicyRuleCondition.go b/okta/beforeScheduledActionPolicyRuleCondition.go
deleted file mode 100644
index d89fe5209..000000000
--- a/okta/beforeScheduledActionPolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type BeforeScheduledActionPolicyRuleCondition struct {
-	Duration        *Duration                     `json:"duration,omitempty"`
-	LifecycleAction *ScheduledUserLifecycleAction `json:"lifecycleAction,omitempty"`
-}
-
-func NewBeforeScheduledActionPolicyRuleCondition() *BeforeScheduledActionPolicyRuleCondition {
-	return &BeforeScheduledActionPolicyRuleCondition{}
-}
-
-func (a *BeforeScheduledActionPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/bookmarkApplication.go b/okta/bookmarkApplication.go
deleted file mode 100644
index 220df299d..000000000
--- a/okta/bookmarkApplication.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type BookmarkApplication struct {
-	Embedded      interface{}                  `json:"_embedded,omitempty"`
-	Links         interface{}                  `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility    `json:"accessibility,omitempty"`
-	Created       *time.Time                   `json:"created,omitempty"`
-	Credentials   *ApplicationCredentials      `json:"credentials,omitempty"`
-	Features      []string                     `json:"features,omitempty"`
-	Id            string                       `json:"id,omitempty"`
-	Label         string                       `json:"label,omitempty"`
-	LastUpdated   *time.Time                   `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing        `json:"licensing,omitempty"`
-	Name          string                       `json:"name,omitempty"`
-	Profile       interface{}                  `json:"profile,omitempty"`
-	Settings      *BookmarkApplicationSettings `json:"settings,omitempty"`
-	SignOnMode    string                       `json:"signOnMode,omitempty"`
-	Status        string                       `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility       `json:"visibility,omitempty"`
-}
-
-func NewBookmarkApplication() *BookmarkApplication {
-	return &BookmarkApplication{
-		Name:       "bookmark",
-		SignOnMode: "BOOKMARK",
-	}
-}
-
-func (a *BookmarkApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/bookmarkApplicationSettings.go b/okta/bookmarkApplicationSettings.go
deleted file mode 100644
index 87891222f..000000000
--- a/okta/bookmarkApplicationSettings.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type BookmarkApplicationSettings struct {
-	App                *BookmarkApplicationSettingsApplication `json:"app,omitempty"`
-	ImplicitAssignment *bool                                   `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                                  `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes               `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications       `json:"notifications,omitempty"`
-}
diff --git a/okta/bookmarkApplicationSettingsApplication.go b/okta/bookmarkApplicationSettingsApplication.go
deleted file mode 100644
index 9ed520490..000000000
--- a/okta/bookmarkApplicationSettingsApplication.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type BookmarkApplicationSettingsApplication struct {
-	RequestIntegration *bool  `json:"requestIntegration,omitempty"`
-	Url                string `json:"url,omitempty"`
-}
diff --git a/okta/brand.go b/okta/brand.go
deleted file mode 100644
index 0e0f01abd..000000000
--- a/okta/brand.go
+++ /dev/null
@@ -1,586 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"os"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type BrandResource resource
-
-type Brand struct {
-	Links                      interface{} `json:"_links,omitempty"`
-	AgreeToCustomPrivacyPolicy *bool       `json:"agreeToCustomPrivacyPolicy,omitempty"`
-	CustomPrivacyPolicyUrl     string      `json:"customPrivacyPolicyUrl,omitempty"`
-	Id                         string      `json:"id,omitempty"`
-	RemovePoweredByOkta        *bool       `json:"removePoweredByOkta,omitempty"`
-}
-
-// Fetches a brand by &#x60;brandId&#x60;
-func (m *BrandResource) GetBrand(ctx context.Context, brandId string) (*Brand, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v", brandId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var brand *Brand
-
-	resp, err := rq.Do(ctx, req, &brand)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return brand, resp, nil
-}
-
-// Updates a brand by &#x60;brandId&#x60;
-func (m *BrandResource) UpdateBrand(ctx context.Context, brandId string, body Brand) (*Brand, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v", brandId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var brand *Brand
-
-	resp, err := rq.Do(ctx, req, &brand)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return brand, resp, nil
-}
-
-// List all the brands in your org.
-func (m *BrandResource) ListBrands(ctx context.Context) ([]*Brand, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var brand []*Brand
-
-	resp, err := rq.Do(ctx, req, &brand)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return brand, resp, nil
-}
-
-// List email templates in your organization with pagination.
-func (m *BrandResource) ListEmailTemplates(ctx context.Context, brandId string, qp *query.Params) ([]*EmailTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email", brandId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplate []*EmailTemplate
-
-	resp, err := rq.Do(ctx, req, &emailTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplate, resp, nil
-}
-
-// Fetch an email template by templateName
-func (m *BrandResource) GetEmailTemplate(ctx context.Context, brandId string, templateName string) (*EmailTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplate *EmailTemplate
-
-	resp, err := rq.Do(ctx, req, &emailTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplate, resp, nil
-}
-
-// Delete all customizations for an email template. Also known as “Reset to Default”.
-func (m *BrandResource) DeleteEmailTemplateCustomizations(ctx context.Context, brandId string, templateName string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/customizations", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// List all email customizations for an email template
-func (m *BrandResource) ListEmailTemplateCustomizations(ctx context.Context, brandId string, templateName string) ([]*EmailTemplateCustomization, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/customizations", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplateCustomization []*EmailTemplateCustomization
-
-	resp, err := rq.Do(ctx, req, &emailTemplateCustomization)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplateCustomization, resp, nil
-}
-
-// Create an email customization
-func (m *BrandResource) CreateEmailTemplateCustomization(ctx context.Context, brandId string, templateName string, body EmailTemplateCustomizationRequest) (*EmailTemplateCustomization, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/customizations", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplateCustomization *EmailTemplateCustomization
-
-	resp, err := rq.Do(ctx, req, &emailTemplateCustomization)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplateCustomization, resp, nil
-}
-
-// Delete an email customization
-func (m *BrandResource) DeleteEmailTemplateCustomization(ctx context.Context, brandId string, templateName string, customizationId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/customizations/%v", brandId, templateName, customizationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetch an email customization by id.
-func (m *BrandResource) GetEmailTemplateCustomization(ctx context.Context, brandId string, templateName string, customizationId string) (*EmailTemplateCustomization, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/customizations/%v", brandId, templateName, customizationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplateCustomization *EmailTemplateCustomization
-
-	resp, err := rq.Do(ctx, req, &emailTemplateCustomization)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplateCustomization, resp, nil
-}
-
-// Update an email customization
-func (m *BrandResource) UpdateEmailTemplateCustomization(ctx context.Context, brandId string, templateName string, customizationId string, body EmailTemplateCustomizationRequest) (*EmailTemplateCustomization, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/customizations/%v", brandId, templateName, customizationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplateCustomization *EmailTemplateCustomization
-
-	resp, err := rq.Do(ctx, req, &emailTemplateCustomization)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplateCustomization, resp, nil
-}
-
-// Get a preview of an email template customization.
-func (m *BrandResource) GetEmailTemplateCustomizationPreview(ctx context.Context, brandId string, templateName string, customizationId string) (*EmailTemplateContent, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/customizations/%v/preview", brandId, templateName, customizationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplateContent *EmailTemplateContent
-
-	resp, err := rq.Do(ctx, req, &emailTemplateContent)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplateContent, resp, nil
-}
-
-// Fetch the default content for an email template.
-func (m *BrandResource) GetEmailTemplateDefaultContent(ctx context.Context, brandId string, templateName string) (*EmailTemplateContent, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/default-content", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplateContent *EmailTemplateContent
-
-	resp, err := rq.Do(ctx, req, &emailTemplateContent)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplateContent, resp, nil
-}
-
-// Fetch a preview of an email template&#x27;s default content by populating velocity references with the current user&#x27;s environment.
-func (m *BrandResource) GetEmailTemplateDefaultContentPreview(ctx context.Context, brandId string, templateName string) (*EmailTemplateContent, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/default-content/preview", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplateContent *EmailTemplateContent
-
-	resp, err := rq.Do(ctx, req, &emailTemplateContent)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplateContent, resp, nil
-}
-
-// Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.
-func (m *BrandResource) SendTestEmail(ctx context.Context, brandId string, templateName string, body EmailTemplateTestRequest) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v/test", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// List all the themes in your brand
-func (m *BrandResource) ListBrandThemes(ctx context.Context, brandId string) ([]*ThemeResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes", brandId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var themeResponse []*ThemeResponse
-
-	resp, err := rq.Do(ctx, req, &themeResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return themeResponse, resp, nil
-}
-
-// Fetches a theme for a brand
-func (m *BrandResource) GetBrandTheme(ctx context.Context, brandId string, themeId string) (*ThemeResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var themeResponse *ThemeResponse
-
-	resp, err := rq.Do(ctx, req, &themeResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return themeResponse, resp, nil
-}
-
-// Updates a theme for a brand
-func (m *BrandResource) UpdateBrandTheme(ctx context.Context, brandId string, themeId string, body Theme) (*ThemeResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var themeResponse *ThemeResponse
-
-	resp, err := rq.Do(ctx, req, &themeResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return themeResponse, resp, nil
-}
-
-// Deletes a Theme background image
-func (m *BrandResource) DeleteBrandThemeBackgroundImage(ctx context.Context, brandId string, themeId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v/background-image", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Updates the background image for your Theme
-func (m *BrandResource) UploadBrandThemeBackgroundImage(ctx context.Context, brandId string, themeId string, file string) (*ImageUploadResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v/background-image", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	fo, err := os.Open(file)
-	if err != nil {
-		return nil, nil, err
-	}
-	defer fo.Close()
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	fw, err := writer.CreateFormFile("file", file)
-	if err != nil {
-		return nil, nil, err
-	}
-	_, err = io.Copy(fw, fo)
-	if err != nil {
-		return nil, nil, err
-	}
-	_ = writer.Close()
-
-	req, err := rq.WithAccept("application/json").WithContentType(writer.FormDataContentType()).NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var imageUploadResponse *ImageUploadResponse
-
-	resp, err := rq.Do(ctx, req, &imageUploadResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return imageUploadResponse, resp, nil
-}
-
-// Deletes a Theme favicon. The org then uses the Okta default favicon.
-func (m *BrandResource) DeleteBrandThemeFavicon(ctx context.Context, brandId string, themeId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v/favicon", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Updates the favicon for your theme
-func (m *BrandResource) UploadBrandThemeFavicon(ctx context.Context, brandId string, themeId string, file string) (*ImageUploadResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v/favicon", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	fo, err := os.Open(file)
-	if err != nil {
-		return nil, nil, err
-	}
-	defer fo.Close()
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	fw, err := writer.CreateFormFile("file", file)
-	if err != nil {
-		return nil, nil, err
-	}
-	_, err = io.Copy(fw, fo)
-	if err != nil {
-		return nil, nil, err
-	}
-	_ = writer.Close()
-
-	req, err := rq.WithAccept("application/json").WithContentType(writer.FormDataContentType()).NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var imageUploadResponse *ImageUploadResponse
-
-	resp, err := rq.Do(ctx, req, &imageUploadResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return imageUploadResponse, resp, nil
-}
-
-// Deletes a Theme logo. The org then uses the Okta default logo.
-func (m *BrandResource) DeleteBrandThemeLogo(ctx context.Context, brandId string, themeId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v/logo", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Updates the logo for your Theme
-func (m *BrandResource) UploadBrandThemeLogo(ctx context.Context, brandId string, themeId string, file string) (*ImageUploadResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v/logo", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	fo, err := os.Open(file)
-	if err != nil {
-		return nil, nil, err
-	}
-	defer fo.Close()
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	fw, err := writer.CreateFormFile("file", file)
-	if err != nil {
-		return nil, nil, err
-	}
-	_, err = io.Copy(fw, fo)
-	if err != nil {
-		return nil, nil, err
-	}
-	_ = writer.Close()
-
-	req, err := rq.WithAccept("application/json").WithContentType(writer.FormDataContentType()).NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var imageUploadResponse *ImageUploadResponse
-
-	resp, err := rq.Do(ctx, req, &imageUploadResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return imageUploadResponse, resp, nil
-}
diff --git a/okta/browserPluginApplication.go b/okta/browserPluginApplication.go
deleted file mode 100644
index b898a1661..000000000
--- a/okta/browserPluginApplication.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type BrowserPluginApplication struct {
-	Embedded      interface{}                   `json:"_embedded,omitempty"`
-	Links         interface{}                   `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility     `json:"accessibility,omitempty"`
-	Created       *time.Time                    `json:"created,omitempty"`
-	Credentials   *SchemeApplicationCredentials `json:"credentials,omitempty"`
-	Features      []string                      `json:"features,omitempty"`
-	Id            string                        `json:"id,omitempty"`
-	Label         string                        `json:"label,omitempty"`
-	LastUpdated   *time.Time                    `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing         `json:"licensing,omitempty"`
-	Name          string                        `json:"name,omitempty"`
-	Profile       interface{}                   `json:"profile,omitempty"`
-	Settings      *ApplicationSettings          `json:"settings,omitempty"`
-	SignOnMode    string                        `json:"signOnMode,omitempty"`
-	Status        string                        `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility        `json:"visibility,omitempty"`
-}
-
-func NewBrowserPluginApplication() *BrowserPluginApplication {
-	return &BrowserPluginApplication{
-		SignOnMode: "BROWSER_PLUGIN",
-	}
-}
-
-func (a *BrowserPluginApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/cache.go b/okta/cache.go
new file mode 100644
index 000000000..97017f044
--- /dev/null
+++ b/okta/cache.go
@@ -0,0 +1,34 @@
+package okta
+
+import (
+	"bytes"
+	"io/ioutil"
+	"net/http"
+)
+
+type Cache interface {
+	Get(key string) *http.Response
+	Set(key string, value *http.Response)
+	GetString(key string) string
+	SetString(key string, value string)
+	Delete(key string)
+	Clear()
+	Has(key string) bool
+}
+
+func CreateCacheKey(req *http.Request) string {
+	s := req.URL.Scheme + "://" + req.URL.Host + req.URL.RequestURI()
+	return s
+}
+
+func CopyResponse(resp *http.Response) *http.Response {
+	c := *resp
+	respBody, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return resp
+	}
+
+	c.Body = ioutil.NopCloser(bytes.NewBuffer(respBody))
+
+	return &c
+}
diff --git a/okta/cache/cache.go b/okta/cache/cache.go
deleted file mode 100644
index 62cc04dea..000000000
--- a/okta/cache/cache.go
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cache
-
-import (
-	"bytes"
-	"io/ioutil"
-	"net/http"
-)
-
-type Cache interface {
-	Get(key string) *http.Response
-	Set(key string, value *http.Response)
-	GetString(key string) string
-	SetString(key string, value string)
-	Delete(key string)
-	Clear()
-	Has(key string) bool
-}
-
-func CreateCacheKey(req *http.Request) string {
-	s := req.URL.Scheme + "://" + req.URL.Host + req.URL.RequestURI()
-	return s
-}
-
-func CopyResponse(resp *http.Response) *http.Response {
-	c := *resp
-	respBody, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return resp
-	}
-
-	c.Body = ioutil.NopCloser(bytes.NewBuffer(respBody))
-
-	return &c
-}
diff --git a/okta/cache/goCache.go b/okta/cache/goCache.go
deleted file mode 100644
index 19e537bdc..000000000
--- a/okta/cache/goCache.go
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cache
-
-import (
-	"bufio"
-	"bytes"
-	"net/http"
-	"net/http/httputil"
-	"time"
-
-	patrickmnGoCache "github.com/patrickmn/go-cache"
-)
-
-type GoCache struct {
-	ttl         time.Duration
-	tti         time.Duration
-	rootLibrary *patrickmnGoCache.Cache
-}
-
-func NewGoCache(ttl int32, tti int32) GoCache {
-	c := patrickmnGoCache.New(time.Duration(ttl)*time.Second, time.Duration(tti)*time.Second)
-
-	gc := GoCache{
-		ttl:         time.Duration(ttl) * time.Second,
-		tti:         time.Duration(tti) * time.Second,
-		rootLibrary: c,
-	}
-
-	return gc
-}
-
-func (c GoCache) Get(key string) *http.Response {
-	item, found := c.rootLibrary.Get(key)
-	if found {
-		r := bufio.NewReader(bytes.NewReader(item.([]byte)))
-		resp, _ := http.ReadResponse(r, nil)
-		return resp
-	}
-
-	return nil
-}
-
-func (c GoCache) Set(key string, value *http.Response) {
-	cacheableResponse, _ := httputil.DumpResponse(value, true)
-
-	c.rootLibrary.Set(key, cacheableResponse, c.ttl)
-}
-
-func (c GoCache) GetString(key string) string {
-	item, found := c.rootLibrary.Get(key)
-	if found {
-		return item.(string)
-	}
-
-	return ""
-}
-
-func (c GoCache) SetString(key string, value string) {
-	c.rootLibrary.Set(key, value, c.ttl)
-}
-
-func (c GoCache) Delete(key string) {
-	c.rootLibrary.Delete(key)
-}
-
-func (c GoCache) Clear() {
-	c.rootLibrary.Flush()
-}
-
-func (c GoCache) Has(key string) bool {
-	_, found := c.rootLibrary.Get(key)
-	return found
-}
diff --git a/okta/cache/noopCache.go b/okta/cache/noopCache.go
deleted file mode 100644
index 4cd5688b1..000000000
--- a/okta/cache/noopCache.go
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cache
-
-import "net/http"
-
-type NoOpCache struct{}
-
-func NewNoOpCache() Cache {
-	return NoOpCache{}
-}
-
-func (c NoOpCache) Get(key string) *http.Response {
-	return nil
-}
-
-func (c NoOpCache) Set(key string, value *http.Response) {
-}
-
-func (c NoOpCache) GetString(key string) string {
-	return ""
-}
-
-func (c NoOpCache) SetString(key string, value string) {
-}
-
-func (c NoOpCache) Delete(key string) {
-}
-
-func (c NoOpCache) Clear() {
-}
-
-func (c NoOpCache) Has(key string) bool {
-	return false
-}
diff --git a/okta/cache_test.go b/okta/cache_test.go
new file mode 100644
index 000000000..a955925a2
--- /dev/null
+++ b/okta/cache_test.go
@@ -0,0 +1,158 @@
+package okta
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/jarcoal/httpmock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_Create_Cache_Key(t *testing.T) {
+	var buff io.ReadWriter
+	request, _ := http.NewRequest("GET", "https://example.com/sample/cache-key/test+test@test."+"com?with=a&query=string", buff)
+	cacheKey := CreateCacheKey(request)
+	assert.Equal(t, "https://example.com/sample/cache-key/test+test@test.com?with=a&query=string", cacheKey, "The cache key was not created correctly.")
+}
+
+func Test_Item_Stored_Successful(t *testing.T) {
+	var buff io.ReadWriter
+	url := "https://example.com/sample/cache-key/"
+	request, _ := http.NewRequest("GET", url, buff)
+	cacheKey := CreateCacheKey(request)
+	myCache := NewGoCache(30, 30)
+	found := myCache.Has(cacheKey)
+	assert.False(t, found, "item already existed in cache")
+	toCache := "test Item"
+	record := httptest.NewRecorder()
+	record.WriteString(toCache)
+	result := record.Result()
+	myCache.Set(cacheKey, result)
+	found = myCache.Has(cacheKey)
+	assert.True(t, found, "item does not exist in cache")
+	pulledFromCache := myCache.Get(cacheKey)
+	assert.NotEqual(t, result, pulledFromCache, "Item pulled from cache was not a copy")
+	cachedBody, _ := ioutil.ReadAll(pulledFromCache.Body)
+	assert.Equal(t, toCache, string(cachedBody), "Item pulled from cache was not correct")
+}
+
+func Test_Item_Delete_Successful(t *testing.T) {
+	var buff io.ReadWriter
+	url := "https://example.com/sample/cache-key/delete"
+	request, _ := http.NewRequest("GET", url, buff)
+	cacheKey := CreateCacheKey(request)
+	myCache := NewGoCache(30, 30)
+	record := httptest.NewRecorder()
+	record.WriteString("test Item")
+	result := record.Result()
+	myCache.Set(cacheKey, result)
+	found := myCache.Has(cacheKey)
+	assert.True(t, found, "item does not exist in cache")
+	myCache.Delete(cacheKey)
+	found = myCache.Has(cacheKey)
+	assert.False(t, found, "item was not deleted from cache")
+}
+
+func Test_Cache_Cleared_Successful(t *testing.T) {
+	var buff io.ReadWriter
+	url := "https://example.com/sample/cache-key/clear"
+	request, _ := http.NewRequest("GET", url, buff)
+	cacheKey := CreateCacheKey(request)
+	myCache := NewGoCache(30, 30)
+	record := httptest.NewRecorder()
+	record.WriteString("test Item")
+	result := record.Result()
+	myCache.Set(cacheKey, result)
+	found := myCache.Has(cacheKey)
+	assert.True(t, found, "item does not exist in cache")
+	myCache.Clear()
+	found = myCache.Has(cacheKey)
+	assert.False(t, found, "cache was not cleared")
+}
+
+func TestOAuthTokensAlwaysCached(t *testing.T) {
+	httpmock.Activate()
+	defer httpmock.DeactivateAndReset()
+	WithCache(false)
+	cfg := NewConfiguration(
+		WithCache(false),
+		WithOrgUrl("https://testing.oktapreview.com"),
+		WithAuthorizationMode("PrivateKey"),
+		WithClientId("abc"),
+		WithPrivateKey(`
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
+KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
+o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
+TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
+9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
+v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
+/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
+-----END RSA PRIVATE KEY-----
+		`),
+		WithScopes(([]string{"okta.users.read"})),
+	)
+
+	client := NewAPIClient(cfg)
+
+	accessToken := RequestAccessToken{
+		TokenType:   "Bearer",
+		ExpiresIn:   3600,
+		AccessToken: "xyz",
+		Scope:       "okta.users.read",
+	}
+	httpmockTokenURLRegex := `=~^https://testing\.oktapreview\.com/oauth2/v1/token\?client_assertion=.*\z`
+	jsonResp, err := httpmock.NewJsonResponder(200, accessToken)
+	require.NoError(t, err)
+	httpmock.RegisterResponder("POST", httpmockTokenURLRegex, jsonResp)
+
+	adminConsole := Application{}
+	adminConsole.SetId("abc123")
+	adminConsole.SetStatus("ACTIVE")
+	adminConsole.SetLabel("Okta Admin Console")
+	apps1 := []*Application{
+		&adminConsole,
+	}
+	jsonResp, err = httpmock.NewJsonResponder(200, apps1)
+	require.NoError(t, err)
+	httpmockAdminConsoleRegex := `=~^https://testing\.oktapreview\.com/api/v1/apps?.*q\=Okta\+Admin\+Console.*\z`
+	httpmock.RegisterResponder("GET", httpmockAdminConsoleRegex, jsonResp)
+
+	dashboard := Application{}
+	adminConsole.SetId("def456")
+	adminConsole.SetStatus("ACTIVE")
+	adminConsole.SetLabel("Okta Dashboard")
+	apps2 := []*Application{
+		&dashboard,
+	}
+	jsonResp, err = httpmock.NewJsonResponder(200, apps2)
+	require.NoError(t, err)
+	httpmockDashboardRegex := `=~^https://testing\.oktapreview\.com/api/v1/apps?.*q\=Okta\+Dashboard.*\z`
+	httpmock.RegisterResponder("GET", httpmockDashboardRegex, jsonResp)
+
+	_, _, err = client.ApplicationApi.ListApplications(cfg.Context).Limit(1).Filter("status eq ACTIVE").Q("Okta Admin Console").Execute()
+	require.NoError(t, err)
+	_, _, err = client.ApplicationApi.ListApplications(cfg.Context).Limit(1).Filter("status eq ACTIVE").Q("Okta Admin Console").Execute()
+	require.NoError(t, err)
+
+	_, _, err = client.ApplicationApi.ListApplications(cfg.Context).Limit(1).Filter("status eq ACTIVE").Q("Okta Dashboard").Execute()
+	require.NoError(t, err)
+	_, _, err = client.ApplicationApi.ListApplications(cfg.Context).Limit(1).Filter("status eq ACTIVE").Q("Okta Dashboard").Execute()
+	require.NoError(t, err)
+
+	info := httpmock.GetCallCountInfo()
+	totalCalls := httpmock.GetTotalCallCount()
+
+	assert.Equal(t, 5, totalCalls, fmt.Sprintf("there should only be 5 API calls in this test but there were %d calls", totalCalls))
+	// Tokens from requests should be cached.
+	require.True(t, info[fmt.Sprintf("POST %s", httpmockTokenURLRegex)] == 1, "tokens endpoint should only be called once")
+
+	// But all other requests should not be cached.
+	require.True(t, info[fmt.Sprintf("GET %s", httpmockAdminConsoleRegex)] == 2)
+	require.True(t, info[fmt.Sprintf("GET %s", httpmockDashboardRegex)] == 2)
+}
diff --git a/okta/callUserFactor.go b/okta/callUserFactor.go
deleted file mode 100644
index 404971728..000000000
--- a/okta/callUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type CallUserFactor struct {
-	Embedded    interface{}            `json:"_embedded,omitempty"`
-	Links       interface{}            `json:"_links,omitempty"`
-	Created     *time.Time             `json:"created,omitempty"`
-	FactorType  string                 `json:"factorType,omitempty"`
-	Id          string                 `json:"id,omitempty"`
-	LastUpdated *time.Time             `json:"lastUpdated,omitempty"`
-	Provider    string                 `json:"provider,omitempty"`
-	Status      string                 `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest   `json:"verify,omitempty"`
-	Profile     *CallUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewCallUserFactor() *CallUserFactor {
-	return &CallUserFactor{
-		FactorType: "call",
-	}
-}
-
-func (a *CallUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/callUserFactorProfile.go b/okta/callUserFactorProfile.go
deleted file mode 100644
index 8efa077a9..000000000
--- a/okta/callUserFactorProfile.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CallUserFactorProfile struct {
-	PhoneExtension string `json:"phoneExtension,omitempty"`
-	PhoneNumber    string `json:"phoneNumber,omitempty"`
-}
-
-func NewCallUserFactorProfile() *CallUserFactorProfile {
-	return &CallUserFactorProfile{}
-}
-
-func (a *CallUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/capabilitiesCreateObject.go b/okta/capabilitiesCreateObject.go
deleted file mode 100644
index 10d36eb6f..000000000
--- a/okta/capabilitiesCreateObject.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CapabilitiesCreateObject struct {
-	LifecycleCreate *LifecycleCreateSettingObject `json:"lifecycleCreate,omitempty"`
-}
-
-func NewCapabilitiesCreateObject() *CapabilitiesCreateObject {
-	return &CapabilitiesCreateObject{}
-}
-
-func (a *CapabilitiesCreateObject) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/capabilitiesObject.go b/okta/capabilitiesObject.go
deleted file mode 100644
index c881bfa6b..000000000
--- a/okta/capabilitiesObject.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CapabilitiesObject struct {
-	Create *CapabilitiesCreateObject `json:"create,omitempty"`
-	Update *CapabilitiesUpdateObject `json:"update,omitempty"`
-}
-
-func NewCapabilitiesObject() *CapabilitiesObject {
-	return &CapabilitiesObject{}
-}
-
-func (a *CapabilitiesObject) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/capabilitiesUpdateObject.go b/okta/capabilitiesUpdateObject.go
deleted file mode 100644
index c0d118227..000000000
--- a/okta/capabilitiesUpdateObject.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CapabilitiesUpdateObject struct {
-	LifecycleDeactivate *LifecycleDeactivateSettingObject `json:"lifecycleDeactivate,omitempty"`
-	Password            *PasswordSettingObject            `json:"password,omitempty"`
-	Profile             *ProfileSettingObject             `json:"profile,omitempty"`
-}
-
-func NewCapabilitiesUpdateObject() *CapabilitiesUpdateObject {
-	return &CapabilitiesUpdateObject{}
-}
-
-func (a *CapabilitiesUpdateObject) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/catalogApplication.go b/okta/catalogApplication.go
deleted file mode 100644
index b30026715..000000000
--- a/okta/catalogApplication.go
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type CatalogApplication struct {
-	Links              interface{} `json:"_links,omitempty"`
-	Category           string      `json:"category,omitempty"`
-	Description        string      `json:"description,omitempty"`
-	DisplayName        string      `json:"displayName,omitempty"`
-	Features           []string    `json:"features,omitempty"`
-	Id                 string      `json:"id,omitempty"`
-	LastUpdated        *time.Time  `json:"lastUpdated,omitempty"`
-	Name               string      `json:"name,omitempty"`
-	SignOnModes        []string    `json:"signOnModes,omitempty"`
-	Status             string      `json:"status,omitempty"`
-	VerificationStatus string      `json:"verificationStatus,omitempty"`
-	Website            string      `json:"website,omitempty"`
-}
diff --git a/okta/catalogApplicationStatus.go b/okta/catalogApplicationStatus.go
deleted file mode 100644
index c06d867f5..000000000
--- a/okta/catalogApplicationStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CatalogApplicationStatus string
diff --git a/okta/changeEnum.go b/okta/changeEnum.go
deleted file mode 100644
index 95a852233..000000000
--- a/okta/changeEnum.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ChangeEnum string
diff --git a/okta/changePasswordRequest.go b/okta/changePasswordRequest.go
deleted file mode 100644
index 2afc8c972..000000000
--- a/okta/changePasswordRequest.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ChangePasswordRequest struct {
-	NewPassword *PasswordCredential `json:"newPassword,omitempty"`
-	OldPassword *PasswordCredential `json:"oldPassword,omitempty"`
-}
diff --git a/okta/channelBinding.go b/okta/channelBinding.go
deleted file mode 100644
index 28e9d67fd..000000000
--- a/okta/channelBinding.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ChannelBinding struct {
-	Required string `json:"required,omitempty"`
-	Style    string `json:"style,omitempty"`
-}
diff --git a/okta/client.go b/okta/client.go
new file mode 100644
index 000000000..0fc29a7b5
--- /dev/null
+++ b/okta/client.go
@@ -0,0 +1,1179 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"context"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"encoding/xml"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"mime/multipart"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+	"unicode/utf8"
+
+	"github.com/cenkalti/backoff/v4"
+	"github.com/go-jose/go-jose/v3"
+	"github.com/go-jose/go-jose/v3/jwt"
+	goCache "github.com/patrickmn/go-cache"
+	"golang.org/x/oauth2"
+)
+
+var (
+	jsonCheck = regexp.MustCompile(`(?i:(?:application|text)/(?:vnd\.[^;]+\+)?json)`)
+	xmlCheck  = regexp.MustCompile(`(?i:(?:application|text)/xml)`)
+)
+
+const (
+	VERSION             = "3.0.0"
+	AccessTokenCacheKey = "OKTA_ACCESS_TOKEN"
+)
+
+// APIClient manages communication with the Okta Admin Management API v4.0.0
+// In most cases there should be only one, shared, APIClient.
+type APIClient struct {
+	cfg        *Configuration
+	common     service // Reuse a single struct instead of allocating one for each service on the heap.
+	cache      Cache
+	tokenCache *goCache.Cache
+	freshcache bool
+
+	// API Services
+
+	AgentPoolsApi AgentPoolsApi
+
+	ApiTokenApi ApiTokenApi
+
+	ApplicationApi ApplicationApi
+
+	AttackProtectionApi AttackProtectionApi
+
+	AuthenticatorApi AuthenticatorApi
+
+	AuthorizationServerApi AuthorizationServerApi
+
+	BehaviorApi BehaviorApi
+
+	CAPTCHAApi CAPTCHAApi
+
+	CustomizationApi CustomizationApi
+
+	DeviceApi DeviceApi
+
+	DeviceAssuranceApi DeviceAssuranceApi
+
+	DomainApi DomainApi
+
+	EmailDomainApi EmailDomainApi
+
+	EventHookApi EventHookApi
+
+	FeatureApi FeatureApi
+
+	GroupApi GroupApi
+
+	HookKeyApi HookKeyApi
+
+	IdentityProviderApi IdentityProviderApi
+
+	IdentitySourceApi IdentitySourceApi
+
+	InlineHookApi InlineHookApi
+
+	LinkedObjectApi LinkedObjectApi
+
+	LogStreamApi LogStreamApi
+
+	NetworkZoneApi NetworkZoneApi
+
+	OrgSettingApi OrgSettingApi
+
+	PolicyApi PolicyApi
+
+	PrincipalRateLimitApi PrincipalRateLimitApi
+
+	ProfileMappingApi ProfileMappingApi
+
+	PushProviderApi PushProviderApi
+
+	RateLimitSettingsApi RateLimitSettingsApi
+
+	ResourceSetApi ResourceSetApi
+
+	RiskEventApi RiskEventApi
+
+	RiskProviderApi RiskProviderApi
+
+	RoleApi RoleApi
+
+	RoleAssignmentApi RoleAssignmentApi
+
+	RoleTargetApi RoleTargetApi
+
+	SchemaApi SchemaApi
+
+	SessionApi SessionApi
+
+	SubscriptionApi SubscriptionApi
+
+	SystemLogApi SystemLogApi
+
+	TemplateApi TemplateApi
+
+	ThreatInsightApi ThreatInsightApi
+
+	TrustedOriginApi TrustedOriginApi
+
+	UserApi UserApi
+
+	UserFactorApi UserFactorApi
+
+	UserTypeApi UserTypeApi
+}
+
+type service struct {
+	client *APIClient
+}
+
+type Authorization interface {
+	Authorize() error
+}
+
+type SSWSAuth struct {
+	token string
+	req   *http.Request
+}
+
+func NewSSWSAuth(token string, req *http.Request) *SSWSAuth {
+	return &SSWSAuth{token: token, req: req}
+}
+
+func (a *SSWSAuth) Authorize() error {
+	a.req.Header.Add("Authorization", "SSWS "+a.token)
+	return nil
+}
+
+type BearerAuth struct {
+	token string
+	req   *http.Request
+}
+
+func NewBearerAuth(token string, req *http.Request) *BearerAuth {
+	return &BearerAuth{token: token, req: req}
+}
+
+func (a *BearerAuth) Authorize() error {
+	a.req.Header.Add("Authorization", "Bearer "+a.token)
+	return nil
+}
+
+type PrivateKeyAuth struct {
+	tokenCache       *goCache.Cache
+	httpClient       *http.Client
+	privateKeySigner jose.Signer
+	privateKey       string
+	privateKeyId     string
+	clientId         string
+	orgURL           string
+	scopes           []string
+	maxRetries       int32
+	maxBackoff       int64
+	req              *http.Request
+}
+
+type PrivateKeyAuthConfig struct {
+	TokenCache       *goCache.Cache
+	HttpClient       *http.Client
+	PrivateKeySigner jose.Signer
+	PrivateKey       string
+	PrivateKeyId     string
+	ClientId         string
+	OrgURL           string
+	Scopes           []string
+	MaxRetries       int32
+	MaxBackoff       int64
+	Req              *http.Request
+}
+
+func NewPrivateKeyAuth(config PrivateKeyAuthConfig) *PrivateKeyAuth {
+	return &PrivateKeyAuth{
+		tokenCache:       config.TokenCache,
+		httpClient:       config.HttpClient,
+		privateKeySigner: config.PrivateKeySigner,
+		privateKey:       config.PrivateKey,
+		privateKeyId:     config.PrivateKeyId,
+		clientId:         config.ClientId,
+		orgURL:           config.OrgURL,
+		scopes:           config.Scopes,
+		maxRetries:       config.MaxRetries,
+		maxBackoff:       config.MaxBackoff,
+		req:              config.Req,
+	}
+}
+
+func (a *PrivateKeyAuth) Authorize() error {
+	accessToken, hasToken := a.tokenCache.Get(AccessTokenCacheKey)
+	if hasToken {
+		a.req.Header.Add("Authorization", "Bearer "+accessToken.(string))
+	} else {
+		if a.privateKeySigner == nil {
+			var err error
+			a.privateKeySigner, err = createKeySigner(a.privateKey, a.privateKeyId)
+			if err != nil {
+				return err
+			}
+		}
+
+		clientAssertion, err := createClientAssertion(a.orgURL, a.clientId, a.privateKeySigner)
+		if err != nil {
+			return err
+		}
+
+		accessToken, err := getAccessTokenForPrivateKey(a.httpClient, a.orgURL, clientAssertion, a.scopes, a.maxRetries, a.maxBackoff)
+		if err != nil {
+			return err
+		}
+
+		a.req.Header.Set("Authorization", "Bearer "+accessToken.AccessToken)
+
+		// Trim a couple of seconds off calculated expiry so cache expiry
+		// occures before Okta server side expiry.
+		expiration := accessToken.ExpiresIn - 2
+		a.tokenCache.Set(AccessTokenCacheKey, accessToken.AccessToken, time.Second*time.Duration(expiration))
+	}
+	return nil
+}
+
+type JWTAuth struct {
+	tokenCache      *goCache.Cache
+	httpClient      *http.Client
+	orgURL          string
+	scopes          []string
+	clientAssertion string
+	maxRetries      int32
+	maxBackoff      int64
+	req             *http.Request
+}
+
+type JWTAuthConfig struct {
+	TokenCache      *goCache.Cache
+	HttpClient      *http.Client
+	OrgURL          string
+	Scopes          []string
+	ClientAssertion string
+	MaxRetries      int32
+	MaxBackoff      int64
+	Req             *http.Request
+}
+
+func NewJWTAuth(config JWTAuthConfig) *JWTAuth {
+	return &JWTAuth{
+		tokenCache:      config.TokenCache,
+		httpClient:      config.HttpClient,
+		orgURL:          config.OrgURL,
+		scopes:          config.Scopes,
+		clientAssertion: config.ClientAssertion,
+		maxRetries:      config.MaxRetries,
+		maxBackoff:      config.MaxBackoff,
+		req:             config.Req,
+	}
+}
+
+func (a *JWTAuth) Authorize() error {
+	accessToken, hasToken := a.tokenCache.Get(AccessTokenCacheKey)
+	if hasToken {
+		a.req.Header.Add("Authorization", "Bearer "+accessToken.(string))
+	} else {
+		accessToken, err := getAccessTokenForPrivateKey(a.httpClient, a.orgURL, a.clientAssertion, a.scopes, a.maxRetries, a.maxBackoff)
+		if err != nil {
+			return err
+		}
+		a.req.Header.Set("Authorization", "Bearer "+accessToken.AccessToken)
+
+		// Trim a couple of seconds off calculated expiry so cache expiry
+		// occures before Okta server side expiry.
+		expiration := accessToken.ExpiresIn - 2
+		a.tokenCache.Set(AccessTokenCacheKey, accessToken.AccessToken, time.Second*time.Duration(expiration))
+	}
+	return nil
+}
+
+func createKeySigner(privateKey, privateKeyID string) (jose.Signer, error) {
+	priv := []byte(strings.ReplaceAll(privateKey, `\n`, "\n"))
+
+	privPem, _ := pem.Decode(priv)
+	if privPem == nil {
+		return nil, errors.New("invalid private key")
+	}
+	if privPem.Type != "RSA PRIVATE KEY" {
+		return nil, fmt.Errorf("RSA private key is of the wrong type")
+	}
+
+	parsedKey, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
+	if err != nil {
+		return nil, err
+	}
+
+	var signerOptions *jose.SignerOptions
+	if privateKeyID != "" {
+		signerOptions = (&jose.SignerOptions{}).WithHeader("kid", privateKeyID)
+	}
+
+	return jose.NewSigner(jose.SigningKey{Algorithm: jose.RS256, Key: parsedKey}, signerOptions)
+}
+
+func createClientAssertion(orgURL, clientID string, privateKeySinger jose.Signer) (clientAssertion string, err error) {
+	claims := ClientAssertionClaims{
+		Subject:  clientID,
+		IssuedAt: jwt.NewNumericDate(time.Now()),
+		Expiry:   jwt.NewNumericDate(time.Now().Add(time.Hour * time.Duration(1))),
+		Issuer:   clientID,
+		Audience: orgURL + "/oauth2/v1/token",
+	}
+	jwtBuilder := jwt.Signed(privateKeySinger).Claims(claims)
+	return jwtBuilder.CompactSerialize()
+}
+
+func getAccessTokenForPrivateKey(httpClient *http.Client, orgURL, clientAssertion string, scopes []string, maxRetries int32, maxBackoff int64) (*RequestAccessToken, error) {
+	var tokenRequestBuff io.ReadWriter
+	query := url.Values{}
+	tokenRequestURL := orgURL + "/oauth2/v1/token"
+
+	query.Add("grant_type", "client_credentials")
+	query.Add("scope", strings.Join(scopes, " "))
+	query.Add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
+	query.Add("client_assertion", clientAssertion)
+	tokenRequestURL += "?" + query.Encode()
+	tokenRequest, err := http.NewRequest("POST", tokenRequestURL, tokenRequestBuff)
+	if err != nil {
+		return nil, err
+	}
+
+	tokenRequest.Header.Add("Accept", "application/json")
+	tokenRequest.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+	bOff := &oktaBackoff{
+		ctx:             context.TODO(),
+		maxRetries:      maxRetries,
+		backoffDuration: time.Duration(maxBackoff),
+	}
+	var tokenResponse *http.Response
+	operation := func() error {
+		tokenResponse, err = httpClient.Do(tokenRequest)
+		bOff.retryCount++
+		return err
+	}
+	err = backoff.Retry(operation, bOff)
+	if err != nil {
+		return nil, err
+	}
+
+	respBody, err := io.ReadAll(tokenResponse.Body)
+	if err != nil {
+		return nil, err
+	}
+	origResp := io.NopCloser(bytes.NewBuffer(respBody))
+	tokenResponse.Body = origResp
+	var accessToken *RequestAccessToken
+
+	_, err = buildResponse(tokenResponse, nil, &accessToken)
+	if err != nil {
+		return nil, err
+	}
+	return accessToken, nil
+}
+
+// NewAPIClient creates a new API client. Requires a userAgent string describing your application.
+// optionally a custom http.Client to allow for advanced features such as caching.
+func NewAPIClient(cfg *Configuration) *APIClient {
+	if cfg.HTTPClient == nil {
+		cfg.HTTPClient = http.DefaultClient
+	}
+
+	if cfg.Okta.Client.Proxy.Host != "" {
+		var proxyURL url.URL
+		proxyURL.Host = fmt.Sprintf("%v:%v", cfg.Okta.Client.Proxy.Host, cfg.Okta.Client.Proxy.Port)
+		up := url.UserPassword(cfg.Okta.Client.Proxy.Username, cfg.Okta.Client.Proxy.Password)
+		proxyURL.User = up
+		transport := http.Transport{Proxy: http.ProxyURL(&proxyURL)}
+		cfg.HTTPClient = &http.Client{Transport: &transport}
+	}
+
+	var oktaCache Cache
+	if !cfg.Okta.Client.Cache.Enabled {
+		oktaCache = NewNoOpCache()
+	} else {
+		if cfg.CacheManager == nil {
+			oktaCache = NewGoCache(cfg.Okta.Client.Cache.DefaultTtl,
+				cfg.Okta.Client.Cache.DefaultTti)
+		} else {
+			oktaCache = cfg.CacheManager
+		}
+	}
+
+	c := &APIClient{}
+	c.cfg = cfg
+	c.cache = oktaCache
+	c.tokenCache = goCache.New(5*time.Minute, 10*time.Minute)
+	c.common.client = c
+
+	// API Services
+	c.AgentPoolsApi = (*AgentPoolsApiService)(&c.common)
+	c.ApiTokenApi = (*ApiTokenApiService)(&c.common)
+	c.ApplicationApi = (*ApplicationApiService)(&c.common)
+	c.AttackProtectionApi = (*AttackProtectionApiService)(&c.common)
+	c.AuthenticatorApi = (*AuthenticatorApiService)(&c.common)
+	c.AuthorizationServerApi = (*AuthorizationServerApiService)(&c.common)
+	c.BehaviorApi = (*BehaviorApiService)(&c.common)
+	c.CAPTCHAApi = (*CAPTCHAApiService)(&c.common)
+	c.CustomizationApi = (*CustomizationApiService)(&c.common)
+	c.DeviceApi = (*DeviceApiService)(&c.common)
+	c.DeviceAssuranceApi = (*DeviceAssuranceApiService)(&c.common)
+	c.DomainApi = (*DomainApiService)(&c.common)
+	c.EmailDomainApi = (*EmailDomainApiService)(&c.common)
+	c.EventHookApi = (*EventHookApiService)(&c.common)
+	c.FeatureApi = (*FeatureApiService)(&c.common)
+	c.GroupApi = (*GroupApiService)(&c.common)
+	c.HookKeyApi = (*HookKeyApiService)(&c.common)
+	c.IdentityProviderApi = (*IdentityProviderApiService)(&c.common)
+	c.IdentitySourceApi = (*IdentitySourceApiService)(&c.common)
+	c.InlineHookApi = (*InlineHookApiService)(&c.common)
+	c.LinkedObjectApi = (*LinkedObjectApiService)(&c.common)
+	c.LogStreamApi = (*LogStreamApiService)(&c.common)
+	c.NetworkZoneApi = (*NetworkZoneApiService)(&c.common)
+	c.OrgSettingApi = (*OrgSettingApiService)(&c.common)
+	c.PolicyApi = (*PolicyApiService)(&c.common)
+	c.PrincipalRateLimitApi = (*PrincipalRateLimitApiService)(&c.common)
+	c.ProfileMappingApi = (*ProfileMappingApiService)(&c.common)
+	c.PushProviderApi = (*PushProviderApiService)(&c.common)
+	c.RateLimitSettingsApi = (*RateLimitSettingsApiService)(&c.common)
+	c.ResourceSetApi = (*ResourceSetApiService)(&c.common)
+	c.RiskEventApi = (*RiskEventApiService)(&c.common)
+	c.RiskProviderApi = (*RiskProviderApiService)(&c.common)
+	c.RoleApi = (*RoleApiService)(&c.common)
+	c.RoleAssignmentApi = (*RoleAssignmentApiService)(&c.common)
+	c.RoleTargetApi = (*RoleTargetApiService)(&c.common)
+	c.SchemaApi = (*SchemaApiService)(&c.common)
+	c.SessionApi = (*SessionApiService)(&c.common)
+	c.SubscriptionApi = (*SubscriptionApiService)(&c.common)
+	c.SystemLogApi = (*SystemLogApiService)(&c.common)
+	c.TemplateApi = (*TemplateApiService)(&c.common)
+	c.ThreatInsightApi = (*ThreatInsightApiService)(&c.common)
+	c.TrustedOriginApi = (*TrustedOriginApiService)(&c.common)
+	c.UserApi = (*UserApiService)(&c.common)
+	c.UserFactorApi = (*UserFactorApiService)(&c.common)
+	c.UserTypeApi = (*UserTypeApiService)(&c.common)
+
+	return c
+}
+
+func atoi(in string) (int, error) {
+	return strconv.Atoi(in)
+}
+
+// selectHeaderContentType select a content type from the available list.
+func selectHeaderContentType(contentTypes []string) string {
+	if len(contentTypes) == 0 {
+		return ""
+	}
+	if contains(contentTypes, "application/json") {
+		return "application/json"
+	}
+	return contentTypes[0] // use the first content type specified in 'consumes'
+}
+
+// selectHeaderAccept join all accept types and return
+func selectHeaderAccept(accepts []string) string {
+	if len(accepts) == 0 {
+		return ""
+	}
+
+	if contains(accepts, "application/json") {
+		return "application/json"
+	}
+
+	return strings.Join(accepts, ",")
+}
+
+// contains is a case insensitive match, finding needle in a haystack
+func contains(haystack []string, needle string) bool {
+	for _, a := range haystack {
+		if strings.ToLower(a) == strings.ToLower(needle) {
+			return true
+		}
+	}
+	return false
+}
+
+// Verify optional parameters are of the correct type.
+func typeCheckParameter(obj interface{}, expected string, name string) error {
+	// Make sure there is an object.
+	if obj == nil {
+		return nil
+	}
+
+	// Check the type is as expected.
+	if reflect.TypeOf(obj).String() != expected {
+		return fmt.Errorf("Expected %s to be of type %s but received %s.", name, expected, reflect.TypeOf(obj).String())
+	}
+	return nil
+}
+
+// parameterToString convert interface{} parameters to string, using a delimiter if format is provided.
+func parameterToString(obj interface{}, collectionFormat string) string {
+	var delimiter string
+
+	switch collectionFormat {
+	case "pipes":
+		delimiter = "|"
+	case "ssv":
+		delimiter = " "
+	case "tsv":
+		delimiter = "\t"
+	case "csv":
+		delimiter = ","
+	}
+
+	if reflect.TypeOf(obj).Kind() == reflect.Slice {
+		return strings.Trim(strings.Replace(fmt.Sprint(obj), " ", delimiter, -1), "[]")
+	} else if t, ok := obj.(time.Time); ok {
+		return t.Format(time.RFC3339)
+	}
+
+	return fmt.Sprintf("%v", obj)
+}
+
+// helper for converting interface{} parameters to json strings
+func parameterToJson(obj interface{}) (string, error) {
+	jsonBuf, err := json.Marshal(obj)
+	if err != nil {
+		return "", err
+	}
+	return string(jsonBuf), err
+}
+
+// callAPI do the request.
+func (c *APIClient) callAPI(request *http.Request) (*http.Response, error) {
+	if c.cfg.Debug {
+		dump, err := httputil.DumpRequestOut(request, true)
+		if err != nil {
+			return nil, err
+		}
+		log.Printf("\n%s\n", string(dump))
+	}
+
+	resp, err := c.cfg.HTTPClient.Do(request)
+	if err != nil {
+		return resp, err
+	}
+
+	if c.cfg.Debug {
+		dump, err := httputil.DumpResponse(resp, true)
+		if err != nil {
+			return resp, err
+		}
+		log.Printf("\n%s\n", string(dump))
+	}
+	return resp, err
+}
+
+// Allow modification of underlying config for alternate implementations and testing
+// Caution: modifying the configuration while live can cause data races and potentially unwanted behavior
+func (c *APIClient) GetConfig() *Configuration {
+	return c.cfg
+}
+
+type formFile struct {
+	fileBytes    []byte
+	fileName     string
+	formFileName string
+}
+
+// prepareRequest build the request
+func (c *APIClient) prepareRequest(
+	ctx context.Context,
+	path string, method string,
+	postBody interface{},
+	headerParams map[string]string,
+	queryParams url.Values,
+	formParams url.Values,
+	formFiles []formFile,
+) (localVarRequest *http.Request, err error) {
+	var body *bytes.Buffer
+
+	// Detect postBody type and post.
+	if postBody != nil {
+		contentType := headerParams["Content-Type"]
+		if contentType == "" {
+			contentType = detectContentType(postBody)
+			headerParams["Content-Type"] = contentType
+		}
+
+		body, err = setBody(postBody, contentType)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// add form parameters and file if available.
+	if strings.HasPrefix(headerParams["Content-Type"], "multipart/form-data") && len(formParams) > 0 || (len(formFiles) > 0) {
+		if body != nil {
+			return nil, errors.New("Cannot specify postBody and multipart form at the same time.")
+		}
+		body = &bytes.Buffer{}
+		w := multipart.NewWriter(body)
+
+		for k, v := range formParams {
+			for _, iv := range v {
+				if strings.HasPrefix(k, "@") { // file
+					err = addFile(w, k[1:], iv)
+					if err != nil {
+						return nil, err
+					}
+				} else { // form value
+					w.WriteField(k, iv)
+				}
+			}
+		}
+		for _, formFile := range formFiles {
+			if len(formFile.fileBytes) > 0 && formFile.fileName != "" {
+				w.Boundary()
+				part, err := w.CreateFormFile(formFile.formFileName, filepath.Base(formFile.fileName))
+				if err != nil {
+					return nil, err
+				}
+				_, err = part.Write(formFile.fileBytes)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+
+		// Set the Boundary in the Content-Type
+		headerParams["Content-Type"] = w.FormDataContentType()
+
+		// Set Content-Length
+		headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len())
+		w.Close()
+	}
+
+	if strings.HasPrefix(headerParams["Content-Type"], "application/x-www-form-urlencoded") && len(formParams) > 0 {
+		if body != nil {
+			return nil, errors.New("Cannot specify postBody and x-www-form-urlencoded form at the same time.")
+		}
+		body = &bytes.Buffer{}
+		body.WriteString(formParams.Encode())
+		// Set Content-Length
+		headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len())
+	}
+
+	// Setup path and query parameters
+	URL, err := url.Parse(path)
+	if err != nil {
+		return nil, err
+	}
+
+	// Override request host, if applicable
+	if c.cfg.Host != "" {
+		URL.Host = c.cfg.Host
+	}
+
+	// Override request scheme, if applicable
+	if c.cfg.Scheme != "" {
+		URL.Scheme = c.cfg.Scheme
+	}
+
+	// Adding Query Param
+	query := URL.Query()
+	for k, v := range queryParams {
+		for _, iv := range v {
+			query.Add(k, iv)
+		}
+	}
+
+	// Encode the parameters.
+	URL.RawQuery = query.Encode()
+
+	// Generate a new request
+	if body != nil {
+		localVarRequest, err = http.NewRequest(method, URL.String(), body)
+	} else {
+		localVarRequest, err = http.NewRequest(method, URL.String(), nil)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// add header parameters, if any
+	if len(headerParams) > 0 {
+		headers := http.Header{}
+		for h, v := range headerParams {
+			headers[h] = []string{v}
+		}
+		localVarRequest.Header = headers
+	}
+
+	// Add the user agent to the request.
+	localVarRequest.Header.Add("User-Agent", c.cfg.UserAgent)
+
+	if ctx != nil {
+		// add context to the request
+		localVarRequest = localVarRequest.WithContext(ctx)
+
+		// Walk through any authentication.
+
+		// OAuth2 authentication
+		if tok, ok := ctx.Value(ContextOAuth2).(oauth2.TokenSource); ok {
+			// We were able to grab an oauth2 token from the context
+			var latestToken *oauth2.Token
+			if latestToken, err = tok.Token(); err != nil {
+				return nil, err
+			}
+
+			latestToken.SetAuthHeader(localVarRequest)
+		}
+
+		// Basic HTTP Authentication
+		if auth, ok := ctx.Value(ContextBasicAuth).(BasicAuth); ok {
+			localVarRequest.SetBasicAuth(auth.UserName, auth.Password)
+		}
+
+		// AccessToken Authentication
+		if auth, ok := ctx.Value(ContextAccessToken).(string); ok {
+			localVarRequest.Header.Add("Authorization", "Bearer "+auth)
+		}
+
+	}
+
+	// This will override the auth in context
+	var auth Authorization
+	switch c.cfg.Okta.Client.AuthorizationMode {
+	case "SSWS":
+		auth = NewSSWSAuth(c.cfg.Okta.Client.Token, localVarRequest)
+	case "Bearer":
+		auth = NewBearerAuth(c.cfg.Okta.Client.Token, localVarRequest)
+	case "PrivateKey":
+		auth = NewPrivateKeyAuth(PrivateKeyAuthConfig{
+			TokenCache:       c.tokenCache,
+			HttpClient:       c.cfg.HTTPClient,
+			PrivateKeySigner: c.cfg.PrivateKeySigner,
+			PrivateKey:       c.cfg.Okta.Client.PrivateKey,
+			PrivateKeyId:     c.cfg.Okta.Client.PrivateKeyId,
+			ClientId:         c.cfg.Okta.Client.ClientId,
+			OrgURL:           c.cfg.Okta.Client.OrgUrl,
+			Scopes:           c.cfg.Okta.Client.Scopes,
+			MaxRetries:       c.cfg.Okta.Client.RateLimit.MaxRetries,
+			MaxBackoff:       c.cfg.Okta.Client.RateLimit.MaxBackoff,
+			Req:              localVarRequest,
+		})
+	case "JWT":
+		auth = NewJWTAuth(JWTAuthConfig{
+			TokenCache:      c.tokenCache,
+			HttpClient:      c.cfg.HTTPClient,
+			OrgURL:          c.cfg.Okta.Client.OrgUrl,
+			Scopes:          c.cfg.Okta.Client.Scopes,
+			ClientAssertion: c.cfg.Okta.Client.ClientAssertion,
+			MaxRetries:      c.cfg.Okta.Client.RateLimit.MaxRetries,
+			MaxBackoff:      c.cfg.Okta.Client.RateLimit.MaxBackoff,
+			Req:             localVarRequest,
+		})
+	default:
+		return nil, fmt.Errorf("unknown authorization mode %v", c.cfg.Okta.Client.AuthorizationMode)
+	}
+	err = auth.Authorize()
+	if err != nil {
+		return nil, err
+	}
+
+	for header, value := range c.cfg.DefaultHeader {
+		localVarRequest.Header.Add(header, value)
+	}
+	return localVarRequest, nil
+}
+
+func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err error) {
+	if len(b) == 0 {
+		return nil
+	}
+	if s, ok := v.(*string); ok {
+		*s = string(b)
+		return nil
+	}
+	if f, ok := v.(**os.File); ok {
+		*f, err = ioutil.TempFile("", "HttpClientFile")
+		if err != nil {
+			return
+		}
+		_, err = (*f).Write(b)
+		if err != nil {
+			return
+		}
+		_, err = (*f).Seek(0, io.SeekStart)
+		return
+	}
+	if xmlCheck.MatchString(contentType) {
+		if err = xml.Unmarshal(b, v); err != nil {
+			return err
+		}
+		return nil
+	}
+	if jsonCheck.MatchString(contentType) {
+		if actualObj, ok := v.(interface{ GetActualInstance() interface{} }); ok { // oneOf, anyOf schemas
+			if unmarshalObj, ok := actualObj.(interface{ UnmarshalJSON([]byte) error }); ok { // make sure it has UnmarshalJSON defined
+				if err = unmarshalObj.UnmarshalJSON(b); err != nil {
+					return err
+				}
+			} else {
+				return errors.New("Unknown type with GetActualInstance but no unmarshalObj.UnmarshalJSON defined")
+			}
+		} else if err = json.Unmarshal(b, v); err != nil { // simple model
+			return err
+		}
+		return nil
+	}
+	return errors.New("undefined response type")
+}
+
+func (c *APIClient) RefreshNext() *APIClient {
+	c.freshcache = true
+	return c
+}
+
+func (c *APIClient) do(ctx context.Context, req *http.Request) (*http.Response, error) {
+	cacheKey := CreateCacheKey(req)
+	if req.Method != http.MethodGet {
+		c.cache.Delete(cacheKey)
+	}
+	inCache := c.cache.Has(cacheKey)
+	if c.freshcache {
+		c.cache.Delete(cacheKey)
+		inCache = false
+		c.freshcache = false
+	}
+	if !inCache {
+		resp, err := c.doWithRetries(ctx, req)
+		if err != nil {
+			return nil, err
+		}
+		if resp.StatusCode >= 200 && resp.StatusCode <= 299 && req.Method == http.MethodGet {
+			c.cache.Set(cacheKey, resp)
+		}
+		return resp, err
+	}
+	return c.cache.Get(cacheKey), nil
+}
+
+func (c *APIClient) doWithRetries(ctx context.Context, req *http.Request) (*http.Response, error) {
+	var bodyReader func() io.ReadCloser
+	if req.Body != nil {
+		buf, err := ioutil.ReadAll(req.Body)
+		if err != nil {
+			return nil, err
+		}
+		bodyReader = func() io.ReadCloser {
+			return ioutil.NopCloser(bytes.NewReader(buf))
+		}
+	}
+	var (
+		resp *http.Response
+		err  error
+	)
+	bOff := &oktaBackoff{
+		ctx:        ctx,
+		maxRetries: c.cfg.Okta.Client.RateLimit.MaxRetries,
+	}
+	operation := func() error {
+		// Always rewind the request body when non-nil.
+		if bodyReader != nil {
+			req.Body = bodyReader()
+		}
+		resp, err = c.callAPI(req)
+		if errors.Is(err, io.EOF) {
+			// retry on EOF errors, which might be caused by network connectivity issues
+			return fmt.Errorf("network error: %w", err)
+		} else if err != nil {
+			// this is error is considered to be permanent and should not be retried
+			return backoff.Permanent(err)
+		}
+		if !tooManyRequests(resp) {
+			return nil
+		}
+		if err = tryDrainBody(resp.Body); err != nil {
+			return err
+		}
+		backoffDuration, err := Get429BackoffTime(resp)
+		if err != nil {
+			return err
+		}
+		if c.cfg.Okta.Client.RateLimit.MaxBackoff < backoffDuration {
+			backoffDuration = c.cfg.Okta.Client.RateLimit.MaxBackoff
+		}
+		bOff.backoffDuration = time.Second * time.Duration(backoffDuration)
+		bOff.retryCount++
+		req.Header.Add("X-Okta-Retry-For", resp.Header.Get("X-Okta-Request-Id"))
+		req.Header.Add("X-Okta-Retry-Count", fmt.Sprint(bOff.retryCount))
+		return errors.New("too many requests")
+	}
+	err = backoff.Retry(operation, bOff)
+	return resp, err
+}
+
+// Add a file to the multipart request
+func addFile(w *multipart.Writer, fieldName, path string) error {
+	file, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	part, err := w.CreateFormFile(fieldName, filepath.Base(path))
+	if err != nil {
+		return err
+	}
+	_, err = io.Copy(part, file)
+
+	return err
+}
+
+// Prevent trying to import "fmt"
+func reportError(format string, a ...interface{}) error {
+	return fmt.Errorf(format, a...)
+}
+
+// A wrapper for strict JSON decoding
+func newStrictDecoder(data []byte) *json.Decoder {
+	dec := json.NewDecoder(bytes.NewBuffer(data))
+	dec.DisallowUnknownFields()
+	return dec
+}
+
+// Set request body from an interface{}
+func setBody(body interface{}, contentType string) (bodyBuf *bytes.Buffer, err error) {
+	if bodyBuf == nil {
+		bodyBuf = &bytes.Buffer{}
+	}
+
+	if reader, ok := body.(io.Reader); ok {
+		_, err = bodyBuf.ReadFrom(reader)
+	} else if fp, ok := body.(**os.File); ok {
+		_, err = bodyBuf.ReadFrom(*fp)
+	} else if b, ok := body.([]byte); ok {
+		_, err = bodyBuf.Write(b)
+	} else if s, ok := body.(string); ok {
+		_, err = bodyBuf.WriteString(s)
+	} else if s, ok := body.(*string); ok {
+		_, err = bodyBuf.WriteString(*s)
+	} else if jsonCheck.MatchString(contentType) {
+		err = json.NewEncoder(bodyBuf).Encode(body)
+	} else if xmlCheck.MatchString(contentType) {
+		err = xml.NewEncoder(bodyBuf).Encode(body)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if bodyBuf.Len() == 0 {
+		err = fmt.Errorf("Invalid body type %s\n", contentType)
+		return nil, err
+	}
+	return bodyBuf, nil
+}
+
+// detectContentType method is used to figure out `Request.Body` content type for request header
+func detectContentType(body interface{}) string {
+	contentType := "text/plain; charset=utf-8"
+	kind := reflect.TypeOf(body).Kind()
+
+	switch kind {
+	case reflect.Struct, reflect.Map, reflect.Ptr:
+		contentType = "application/json; charset=utf-8"
+	case reflect.String:
+		contentType = "text/plain; charset=utf-8"
+	default:
+		if b, ok := body.([]byte); ok {
+			contentType = http.DetectContentType(b)
+		} else if kind == reflect.Slice {
+			contentType = "application/json; charset=utf-8"
+		}
+	}
+
+	return contentType
+}
+
+// Ripped from https://github.com/gregjones/httpcache/blob/master/httpcache.go
+type cacheControl map[string]string
+
+func parseCacheControl(headers http.Header) cacheControl {
+	cc := cacheControl{}
+	ccHeader := headers.Get("Cache-Control")
+	for _, part := range strings.Split(ccHeader, ",") {
+		part = strings.Trim(part, " ")
+		if part == "" {
+			continue
+		}
+		if strings.ContainsRune(part, '=') {
+			keyval := strings.Split(part, "=")
+			cc[strings.Trim(keyval[0], " ")] = strings.Trim(keyval[1], ",")
+		} else {
+			cc[part] = ""
+		}
+	}
+	return cc
+}
+
+// CacheExpires helper function to determine remaining time before repeating a request.
+func CacheExpires(r *http.Response) time.Time {
+	// Figure out when the cache expires.
+	var expires time.Time
+	now, err := time.Parse(time.RFC1123, r.Header.Get("date"))
+	if err != nil {
+		return time.Now()
+	}
+	respCacheControl := parseCacheControl(r.Header)
+
+	if maxAge, ok := respCacheControl["max-age"]; ok {
+		lifetime, err := time.ParseDuration(maxAge + "s")
+		if err != nil {
+			expires = now
+		} else {
+			expires = now.Add(lifetime)
+		}
+	} else {
+		expiresHeader := r.Header.Get("Expires")
+		if expiresHeader != "" {
+			expires, err = time.Parse(time.RFC1123, expiresHeader)
+			if err != nil {
+				expires = now
+			}
+		}
+	}
+	return expires
+}
+
+func strlen(s string) int {
+	return utf8.RuneCountInString(s)
+}
+
+// GenericOpenAPIError Provides access to the body, error and model on returned errors.
+type GenericOpenAPIError struct {
+	body  []byte
+	error string
+	model interface{}
+}
+
+// Error returns non-empty string if there was an error.
+func (e GenericOpenAPIError) Error() string {
+	return e.error
+}
+
+// Body returns the raw bytes of the response
+func (e GenericOpenAPIError) Body() []byte {
+	return e.body
+}
+
+// Model returns the unpacked model of the error
+func (e GenericOpenAPIError) Model() interface{} {
+	return e.model
+}
+
+// Okta Backoff
+type oktaBackoff struct {
+	retryCount, maxRetries int32
+	backoffDuration        time.Duration
+	ctx                    context.Context
+}
+
+// NextBackOff returns the duration to wait before retrying the operation,
+// or backoff. Stop to indicate that no more retries should be made.
+func (o *oktaBackoff) NextBackOff() time.Duration {
+	// stop retrying if operation reached retry limit
+	if o.retryCount > o.maxRetries {
+		return backoff.Stop
+	}
+	return o.backoffDuration
+}
+
+// Reset to initial state.
+func (o *oktaBackoff) Reset() {}
+
+func (o *oktaBackoff) Context() context.Context {
+	return o.ctx
+}
+
+func tooManyRequests(resp *http.Response) bool {
+	return resp != nil && resp.StatusCode == http.StatusTooManyRequests
+}
+
+func tryDrainBody(body io.ReadCloser) error {
+	defer body.Close()
+	_, err := io.Copy(ioutil.Discard, io.LimitReader(body, 4096))
+	return err
+}
+
+func Get429BackoffTime(resp *http.Response) (int64, error) {
+	requestDate, err := time.Parse("Mon, 02 Jan 2006 15:04:05 GMT", resp.Header.Get("Date"))
+	if err != nil {
+		// this is error is considered to be permanent and should not be retried
+		return 0, backoff.Permanent(fmt.Errorf("date header is missing or invalid: %w", err))
+	}
+	rateLimitReset, err := strconv.Atoi(resp.Header.Get("X-Rate-Limit-Reset"))
+	if err != nil {
+		// this is error is considered to be permanent and should not be retried
+		return 0, backoff.Permanent(fmt.Errorf("X-Rate-Limit-Reset header is missing or invalid: %w", err))
+	}
+	return int64(rateLimitReset) - requestDate.Unix() + 1, nil
+}
+
+type ClientAssertionClaims struct {
+	Issuer   string           `json:"iss,omitempty"`
+	Subject  string           `json:"sub,omitempty"`
+	Audience string           `json:"aud,omitempty"`
+	Expiry   *jwt.NumericDate `json:"exp,omitempty"`
+	IssuedAt *jwt.NumericDate `json:"iat,omitempty"`
+	ID       string           `json:"jti,omitempty"`
+}
+
+type RequestAccessToken struct {
+	TokenType   string `json:"token_type,omitempty"`
+	ExpiresIn   int    `json:"expires_in,omitempty"`
+	AccessToken string `json:"access_token,omitempty"`
+	Scope       string `json:"scope,omitempty"`
+}
diff --git a/okta/clientPolicyCondition.go b/okta/clientPolicyCondition.go
deleted file mode 100644
index 004970895..000000000
--- a/okta/clientPolicyCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ClientPolicyCondition struct {
-	Include []string `json:"include,omitempty"`
-}
-
-func NewClientPolicyCondition() *ClientPolicyCondition {
-	return &ClientPolicyCondition{}
-}
-
-func (a *ClientPolicyCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/clientSecret.go b/okta/clientSecret.go
deleted file mode 100644
index a6073e469..000000000
--- a/okta/clientSecret.go
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type ClientSecret struct {
-	Links        interface{} `json:"_links,omitempty"`
-	ClientSecret string      `json:"client_secret,omitempty"`
-	Created      *time.Time  `json:"created,omitempty"`
-	Id           string      `json:"id,omitempty"`
-	LastUpdated  *time.Time  `json:"lastUpdated,omitempty"`
-	SecretHash   string      `json:"secret_hash,omitempty"`
-	Status       string      `json:"status,omitempty"`
-}
-
-func NewClientSecret() *ClientSecret {
-	return &ClientSecret{}
-}
-
-func (a *ClientSecret) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/clientSecretMetadata.go b/okta/clientSecretMetadata.go
deleted file mode 100644
index 36225e6d9..000000000
--- a/okta/clientSecretMetadata.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ClientSecretMetadata struct {
-	ClientSecret string `json:"client_secret,omitempty"`
-}
-
-func NewClientSecretMetadata() *ClientSecretMetadata {
-	return &ClientSecretMetadata{}
-}
-
-func (a *ClientSecretMetadata) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/compliance.go b/okta/compliance.go
deleted file mode 100644
index 3c7d35052..000000000
--- a/okta/compliance.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type Compliance struct {
-	Fips string `json:"fips,omitempty"`
-}
diff --git a/okta/config.go b/okta/config.go
deleted file mode 100644
index 748c37787..000000000
--- a/okta/config.go
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package okta
-
-import (
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"os"
-	"syscall"
-	"time"
-
-	"github.com/go-jose/go-jose/v3"
-	"github.com/okta/okta-sdk-golang/v2/okta/cache"
-)
-
-type config struct {
-	Okta struct {
-		Client struct {
-			Cache struct {
-				Enabled    bool  `yaml:"enabled" envconfig:"OKTA_CLIENT_CACHE_ENABLED"`
-				DefaultTtl int32 `yaml:"defaultTtl" envconfig:"OKTA_CLIENT_CACHE_DEFAULT_TTL"`
-				DefaultTti int32 `yaml:"defaultTti" envconfig:"OKTA_CLIENT_CACHE_DEFAULT_TTI"`
-			} `yaml:"cache"`
-			Proxy struct {
-				Port     int32  `yaml:"port" envconfig:"OKTA_CLIENT_PROXY_PORT"`
-				Host     string `yaml:"host" envconfig:"OKTA_CLIENT_PROXY_HOST"`
-				Username string `yaml:"username" envconfig:"OKTA_CLIENT_PROXY_USERNAME"`
-				Password string `yaml:"password" envconfig:"OKTA_CLIENT_PROXY_PASSWORD"`
-			} `yaml:"proxy"`
-			ConnectionTimeout int64 `yaml:"connectionTimeout" envconfig:"OKTA_CLIENT_CONNECTION_TIMEOUT"`
-			RequestTimeout    int64 `yaml:"requestTimeout" envconfig:"OKTA_CLIENT_REQUEST_TIMEOUT"`
-			RateLimit         struct {
-				MaxRetries int32 `yaml:"maxRetries" envconfig:"OKTA_CLIENT_RATE_LIMIT_MAX_RETRIES"`
-				MaxBackoff int64 `yaml:"maxBackoff" envconfig:"OKTA_CLIENT_RATE_LIMIT_MAX_BACKOFF"`
-			} `yaml:"rateLimit"`
-			OrgUrl            string   `yaml:"orgUrl" envconfig:"OKTA_CLIENT_ORGURL"`
-			Token             string   `yaml:"token" envconfig:"OKTA_CLIENT_TOKEN"`
-			AuthorizationMode string   `yaml:"authorizationMode" envconfig:"OKTA_CLIENT_AUTHORIZATIONMODE"`
-			ClientId          string   `yaml:"clientId" envconfig:"OKTA_CLIENT_CLIENTID"`
-			Scopes            []string `yaml:"scopes" envconfig:"OKTA_CLIENT_SCOPES"`
-			PrivateKey        string   `yaml:"privateKey" envconfig:"OKTA_CLIENT_PRIVATEKEY"`
-			PrivateKeyId      string   `yaml:"privateKeyId" envconfig:"OKTA_CLIENT_PRIVATEKEYID"`
-			ClientAssertion   string   `yaml:"clientAssertion" envconfig:"OKTA_CLIENT_CLIENTASSERTION"`
-		} `yaml:"client"`
-		Testing struct {
-			DisableHttpsCheck bool `yaml:"disableHttpsCheck" envconfig:"OKTA_TESTING_DISABLE_HTTPS_CHECK"`
-		} `yaml:"testing"`
-	} `yaml:"okta"`
-	UserAgentExtra   string
-	HttpClient       *http.Client
-	CacheManager     cache.Cache
-	PrivateKeySigner jose.Signer
-}
-
-type ConfigSetter func(*config)
-
-type InterceptingRoundTripper struct {
-	Transport   http.RoundTripper
-	Interceptor func(*http.Request) error
-	Blocking    bool
-}
-
-func WithHttpInterceptorAndHttpClientPtr(interceptor func(*http.Request) error, httpClient *http.Client, blocking bool) ConfigSetter {
-	return func(c *config) {
-		if httpClient == nil {
-			httpClient = http.DefaultClient
-		}
-
-		if httpClient.Transport == nil {
-			httpClient.Transport = &http.Transport{
-				IdleConnTimeout: 30 * time.Second,
-			}
-		}
-
-		c.HttpClient.Transport = NewInterceptingRoundTripper(interceptor, httpClient.Transport, blocking)
-	}
-}
-
-func WithCache(cache bool) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Cache.Enabled = cache
-	}
-}
-
-func WithCacheManager(cacheManager cache.Cache) ConfigSetter {
-	return func(c *config) {
-		c.CacheManager = cacheManager
-	}
-}
-
-func WithCacheTtl(i int32) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Cache.DefaultTtl = i
-	}
-}
-
-func WithCacheTti(i int32) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Cache.DefaultTti = i
-	}
-}
-
-func WithConnectionTimeout(i int64) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.ConnectionTimeout = i
-	}
-}
-
-func WithProxyPort(i int32) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Proxy.Port = i
-	}
-}
-
-func WithProxyHost(host string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Proxy.Host = host
-	}
-}
-
-func WithProxyUsername(username string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Proxy.Username = username
-	}
-}
-
-func WithProxyPassword(pass string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Proxy.Password = pass
-	}
-}
-
-func WithOrgUrl(url string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.OrgUrl = url
-	}
-}
-
-func WithToken(token string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Token = token
-	}
-}
-
-func WithUserAgentExtra(userAgent string) ConfigSetter {
-	return func(c *config) {
-		c.UserAgentExtra = userAgent
-	}
-}
-
-// Deprecated: please use WithHttpClientPtr method
-func WithHttpClient(httpClient http.Client) ConfigSetter {
-	return func(c *config) {
-		c.HttpClient = &httpClient
-	}
-}
-
-func WithHttpClientPtr(httpClient *http.Client) ConfigSetter {
-	return func(c *config) {
-		c.HttpClient = httpClient
-	}
-}
-
-func WithTestingDisableHttpsCheck(httpsCheck bool) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Testing.DisableHttpsCheck = httpsCheck
-	}
-}
-
-func WithRequestTimeout(requestTimeout int64) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.RequestTimeout = requestTimeout
-	}
-}
-
-func WithRateLimitMaxRetries(maxRetries int32) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.RateLimit.MaxRetries = maxRetries
-	}
-}
-
-func WithRateLimitMaxBackOff(maxBackoff int64) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.RateLimit.MaxBackoff = maxBackoff
-	}
-}
-
-func WithAuthorizationMode(authzMode string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.AuthorizationMode = authzMode
-	}
-}
-
-func WithClientId(clientId string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.ClientId = clientId
-	}
-}
-
-func WithClientAssertion(clientAssertion string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.ClientAssertion = clientAssertion
-	}
-}
-
-func WithScopes(scopes []string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.Scopes = scopes
-	}
-}
-
-// WithPrivateKey sets private key key. Can be either a path to a private key or private key itself.
-func WithPrivateKey(privateKey string) ConfigSetter {
-	return func(c *config) {
-		if fileExists(privateKey) {
-			content, err := ioutil.ReadFile(privateKey)
-			if err != nil {
-				log.Fatalf("failed to read from provided private key file path: %v", err)
-			}
-			c.Okta.Client.PrivateKey = string(content)
-		} else {
-			c.Okta.Client.PrivateKey = privateKey
-		}
-	}
-}
-
-func WithPrivateKeyId(privateKeyId string) ConfigSetter {
-	return func(c *config) {
-		c.Okta.Client.PrivateKeyId = privateKeyId
-	}
-}
-
-func WithPrivateKeySigner(signer jose.Signer) ConfigSetter {
-	return func(c *config) {
-		c.PrivateKeySigner = signer
-	}
-}
-
-func fileExists(filename string) bool {
-	info, err := os.Stat(filename)
-	if err != nil {
-		if os.IsNotExist(err) || errors.Is(err, syscall.ENAMETOOLONG) {
-			return false
-		}
-		log.Println("can not get information about the file containing private key, using provided value as the key itself")
-		return false
-	}
-	return !info.IsDir()
-}
-
-func (c *InterceptingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	interceptError := func() (err error) {
-		defer func() {
-			if panicked := recover(); panicked != nil {
-				if panickedErrString, ok := panicked.(string); ok {
-					err = fmt.Errorf("recovered panic in Okta HTTP interceptor: %s", panickedErrString)
-				} else {
-					err = fmt.Errorf("recovered panic in Okta HTTP interceptor, but failed to parse error string")
-				}
-			}
-		}()
-		return c.Interceptor(req)
-	}()
-
-	if interceptError != nil && c.Blocking {
-		return nil, interceptError
-	}
-
-	if c.Transport != nil {
-		response, roundTripperErr := c.Transport.RoundTrip(req)
-		return response, roundTripperErr
-	}
-	return nil, fmt.Errorf("an error ocurred in Okta SDK, Transport was nil")
-}
-
-func NewInterceptingRoundTripper(interceptor func(*http.Request) error, transport http.RoundTripper, blocking bool) *InterceptingRoundTripper {
-	return &InterceptingRoundTripper{
-		Interceptor: interceptor,
-		Blocking:    blocking,
-		Transport:   transport,
-	}
-}
diff --git a/okta/configuration.go b/okta/configuration.go
new file mode 100644
index 000000000..0b3eb33bc
--- /dev/null
+++ b/okta/configuration.go
@@ -0,0 +1,538 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"os/user"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"syscall"
+
+	"github.com/go-jose/go-jose/v3"
+	"github.com/kelseyhightower/envconfig"
+	"gopkg.in/yaml.v3"
+)
+
+// contextKeys are used to identify the type of value in the context.
+// Since these are string, it is possible to get a short description of the
+// context key for logging and debugging using key.String().
+
+type contextKey string
+
+func (c contextKey) String() string {
+	return "auth " + string(c)
+}
+
+var (
+	// ContextOAuth2 takes an oauth2.TokenSource as authentication for the request.
+	ContextOAuth2 = contextKey("token")
+
+	// ContextBasicAuth takes BasicAuth as authentication for the request.
+	ContextBasicAuth = contextKey("basic")
+
+	// ContextAccessToken takes a string oauth2 access token as authentication for the request.
+	ContextAccessToken = contextKey("accesstoken")
+
+	// ContextAPIKeys takes a string apikey as authentication for the request
+	ContextAPIKeys = contextKey("apiKeys")
+
+	// ContextHttpSignatureAuth takes HttpSignatureAuth as authentication for the request.
+	ContextHttpSignatureAuth = contextKey("httpsignature")
+
+	// ContextServerIndex uses a server configuration from the index.
+	ContextServerIndex = contextKey("serverIndex")
+
+	// ContextOperationServerIndices uses a server configuration from the index mapping.
+	ContextOperationServerIndices = contextKey("serverOperationIndices")
+
+	// ContextServerVariables overrides a server configuration variables.
+	ContextServerVariables = contextKey("serverVariables")
+
+	// ContextOperationServerVariables overrides a server configuration variables using operation specific values.
+	ContextOperationServerVariables = contextKey("serverOperationVariables")
+)
+
+// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth
+type BasicAuth struct {
+	UserName string `json:"userName,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+// APIKey provides API key based authentication to a request passed via context using ContextAPIKey
+type APIKey struct {
+	Key    string
+	Prefix string
+}
+
+// ServerVariable stores the information about a server variable
+type ServerVariable struct {
+	Description  string
+	DefaultValue string
+	EnumValues   []string
+}
+
+// ServerConfiguration stores the information about a server
+type ServerConfiguration struct {
+	URL         string
+	Description string
+	Variables   map[string]ServerVariable
+}
+
+// ServerConfigurations stores multiple ServerConfiguration items
+type ServerConfigurations []ServerConfiguration
+
+// Configuration stores the configuration of the API client
+type Configuration struct {
+	Host             string            `json:"host,omitempty"`
+	Scheme           string            `json:"scheme,omitempty"`
+	DefaultHeader    map[string]string `json:"defaultHeader,omitempty"`
+	UserAgent        string            `json:"userAgent,omitempty"`
+	Debug            bool              `json:"debug,omitempty"`
+	Servers          ServerConfigurations
+	OperationServers map[string]ServerConfigurations
+	HTTPClient       *http.Client
+	UserAgentExtra   string
+	Context          context.Context
+	Okta             struct {
+		Client struct {
+			Cache struct {
+				Enabled    bool  `yaml:"enabled" envconfig:"OKTA_CLIENT_CACHE_ENABLED"`
+				DefaultTtl int32 `yaml:"defaultTtl" envconfig:"OKTA_CLIENT_CACHE_DEFAULT_TTL"`
+				DefaultTti int32 `yaml:"defaultTti" envconfig:"OKTA_CLIENT_CACHE_DEFAULT_TTI"`
+			} `yaml:"cache"`
+			Proxy struct {
+				Port     int32  `yaml:"port" envconfig:"OKTA_CLIENT_PROXY_PORT"`
+				Host     string `yaml:"host" envconfig:"OKTA_CLIENT_PROXY_HOST"`
+				Username string `yaml:"username" envconfig:"OKTA_CLIENT_PROXY_USERNAME"`
+				Password string `yaml:"password" envconfig:"OKTA_CLIENT_PROXY_PASSWORD"`
+			} `yaml:"proxy"`
+			ConnectionTimeout int64 `yaml:"connectionTimeout" envconfig:"OKTA_CLIENT_CONNECTION_TIMEOUT"`
+			RequestTimeout    int64 `yaml:"requestTimeout" envconfig:"OKTA_CLIENT_REQUEST_TIMEOUT"`
+			RateLimit         struct {
+				MaxRetries int32 `yaml:"maxRetries" envconfig:"OKTA_CLIENT_RATE_LIMIT_MAX_RETRIES"`
+				MaxBackoff int64 `yaml:"maxBackoff" envconfig:"OKTA_CLIENT_RATE_LIMIT_MAX_BACKOFF"`
+			} `yaml:"rateLimit"`
+			OrgUrl            string   `yaml:"orgUrl" envconfig:"OKTA_CLIENT_ORGURL"`
+			Token             string   `yaml:"token" envconfig:"OKTA_CLIENT_TOKEN"`
+			AuthorizationMode string   `yaml:"authorizationMode" envconfig:"OKTA_CLIENT_AUTHORIZATIONMODE"`
+			ClientId          string   `yaml:"clientId" envconfig:"OKTA_CLIENT_CLIENTID"`
+			ClientAssertion   string   `yaml:"clientAssertion" envconfig:"OKTA_CLIENT_CLIENTASSERTION"`
+			Scopes            []string `yaml:"scopes" envconfig:"OKTA_CLIENT_SCOPES"`
+			PrivateKey        string   `yaml:"privateKey" envconfig:"OKTA_CLIENT_PRIVATEKEY"`
+			PrivateKeyId      string   `yaml:"privateKeyId" envconfig:"OKTA_CLIENT_PRIVATEKEYID"`
+		} `yaml:"client"`
+		Testing struct {
+			DisableHttpsCheck bool `yaml:"disableHttpsCheck" envconfig:"OKTA_TESTING_DISABLE_HTTPS_CHECK"`
+		} `yaml:"testing"`
+	} `yaml:"okta"`
+	PrivateKeySigner jose.Signer
+	CacheManager     Cache
+}
+
+// NewConfiguration returns a new Configuration object
+func NewConfiguration(conf ...ConfigSetter) *Configuration {
+	cfg := &Configuration{
+		DefaultHeader: make(map[string]string),
+		UserAgent:     fmt.Sprintf("okta-sdk-golang/%s golang/%s %s/%s", "3.0.0", runtime.Version(), runtime.GOOS, runtime.GOARCH),
+		Debug:         false,
+		Servers: ServerConfigurations{
+			{
+				URL:         "https://{yourOktaDomain}",
+				Description: "No description provided",
+				Variables: map[string]ServerVariable{
+					"yourOktaDomain": {
+						Description:  "The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains.",
+						DefaultValue: "subdomain.okta.com",
+					},
+				},
+			},
+		},
+		OperationServers: map[string]ServerConfigurations{},
+	}
+
+	cfg.Okta.Testing.DisableHttpsCheck = false
+	cfg.Okta.Client.AuthorizationMode = "SSWS"
+
+	cfg = readConfigFromSystem(*cfg)
+	cfg = readConfigFromApplication(*cfg)
+	cfg = readConfigFromEnvironment(*cfg)
+
+	for _, confSetter := range conf {
+		confSetter(cfg)
+	}
+
+	purl, _ := url.Parse(cfg.Okta.Client.OrgUrl)
+	cfg.Host = purl.Hostname()
+	cfg.Scheme = purl.Scheme
+
+	if cfg.UserAgentExtra != "" {
+		cfg.UserAgent = fmt.Sprintf("%s %s", cfg.UserAgent, cfg.UserAgentExtra)
+	}
+
+	ctx := context.WithValue(
+		context.Background(),
+		ContextAPIKeys,
+		map[string]APIKey{
+			"API_Token": {
+				Key:    cfg.Okta.Client.Token,
+				Prefix: cfg.Okta.Client.AuthorizationMode,
+			},
+		},
+	)
+
+	cfg.Context = ctx
+
+	return cfg
+}
+
+func readConfigFromFile(location string, c Configuration) (*Configuration, error) {
+	yamlConfig, err := ioutil.ReadFile(location)
+	if err != nil {
+		return nil, err
+	}
+	err = yaml.Unmarshal(yamlConfig, &c)
+	if err != nil {
+		return nil, err
+	}
+	return &c, err
+}
+
+func readConfigFromSystem(c Configuration) *Configuration {
+	currUser, err := user.Current()
+	if err != nil {
+		return &c
+	}
+	if currUser.HomeDir == "" {
+		return &c
+	}
+	conf, err := readConfigFromFile(currUser.HomeDir+"/.okta/okta.yaml", c)
+	if err != nil {
+		return &c
+	}
+	return conf
+}
+
+// read config from the project's root directory
+func readConfigFromApplication(c Configuration) *Configuration {
+	_, b, _, _ := runtime.Caller(0)
+	conf, err := readConfigFromFile(filepath.Join(filepath.Dir(path.Join(path.Dir(b))), ".okta.yaml"), c)
+	if err != nil {
+		return &c
+	}
+	return conf
+}
+
+func readConfigFromEnvironment(c Configuration) *Configuration {
+	err := envconfig.Process("okta", &c)
+	if err != nil {
+		fmt.Println("error parsing")
+		return &c
+	}
+	return &c
+}
+
+// AddDefaultHeader adds a new HTTP header to the default header in the request
+func (c *Configuration) AddDefaultHeader(key string, value string) {
+	c.DefaultHeader[key] = value
+}
+
+// URL formats template on a index using given variables
+func (sc ServerConfigurations) URL(index int, variables map[string]string) (string, error) {
+	if index < 0 || len(sc) <= index {
+		return "", fmt.Errorf("Index %v out of range %v", index, len(sc)-1)
+	}
+	server := sc[index]
+	url := server.URL
+
+	// go through variables and replace placeholders
+	for name, variable := range server.Variables {
+		if value, ok := variables[name]; ok {
+			found := bool(len(variable.EnumValues) == 0)
+			for _, enumValue := range variable.EnumValues {
+				if value == enumValue {
+					found = true
+				}
+			}
+			if !found {
+				return "", fmt.Errorf("The variable %s in the server URL has invalid value %v. Must be %v", name, value, variable.EnumValues)
+			}
+			url = strings.Replace(url, "{"+name+"}", value, -1)
+		} else {
+			url = strings.Replace(url, "{"+name+"}", variable.DefaultValue, -1)
+		}
+	}
+	return url, nil
+}
+
+// ServerURL returns URL based on server settings
+func (c *Configuration) ServerURL(index int, variables map[string]string) (string, error) {
+	return c.Servers.URL(index, variables)
+}
+
+func getServerIndex(ctx context.Context) (int, error) {
+	si := ctx.Value(ContextServerIndex)
+	if si != nil {
+		if index, ok := si.(int); ok {
+			return index, nil
+		}
+		return 0, reportError("Invalid type %T should be int", si)
+	}
+	return 0, nil
+}
+
+func getServerOperationIndex(ctx context.Context, endpoint string) (int, error) {
+	osi := ctx.Value(ContextOperationServerIndices)
+	if osi != nil {
+		if operationIndices, ok := osi.(map[string]int); !ok {
+			return 0, reportError("Invalid type %T should be map[string]int", osi)
+		} else {
+			index, ok := operationIndices[endpoint]
+			if ok {
+				return index, nil
+			}
+		}
+	}
+	return getServerIndex(ctx)
+}
+
+func getServerVariables(ctx context.Context) (map[string]string, error) {
+	sv := ctx.Value(ContextServerVariables)
+	if sv != nil {
+		if variables, ok := sv.(map[string]string); ok {
+			return variables, nil
+		}
+		return nil, reportError("ctx value of ContextServerVariables has invalid type %T should be map[string]string", sv)
+	}
+	return nil, nil
+}
+
+func getServerOperationVariables(ctx context.Context, endpoint string) (map[string]string, error) {
+	osv := ctx.Value(ContextOperationServerVariables)
+	if osv != nil {
+		if operationVariables, ok := osv.(map[string]map[string]string); !ok {
+			return nil, reportError("ctx value of ContextOperationServerVariables has invalid type %T should be map[string]map[string]string", osv)
+		} else {
+			variables, ok := operationVariables[endpoint]
+			if ok {
+				return variables, nil
+			}
+		}
+	}
+	return getServerVariables(ctx)
+}
+
+// ServerURLWithContext returns a new server URL given an endpoint
+func (c *Configuration) ServerURLWithContext(ctx context.Context, endpoint string) (string, error) {
+	sc, ok := c.OperationServers[endpoint]
+	if !ok {
+		sc = c.Servers
+	}
+
+	if ctx == nil {
+		return sc.URL(0, nil)
+	}
+
+	index, err := getServerOperationIndex(ctx, endpoint)
+	if err != nil {
+		return "", err
+	}
+
+	variables, err := getServerOperationVariables(ctx, endpoint)
+	if err != nil {
+		return "", err
+	}
+
+	return sc.URL(index, variables)
+}
+
+type ConfigSetter func(*Configuration)
+
+func WithCache(cache bool) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Cache.Enabled = cache
+	}
+}
+
+func WithCacheManager(cacheManager Cache) ConfigSetter {
+	return func(c *Configuration) {
+		c.CacheManager = cacheManager
+	}
+}
+
+func WithCacheTtl(i int32) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Cache.DefaultTtl = i
+	}
+}
+
+func WithCacheTti(i int32) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Cache.DefaultTti = i
+	}
+}
+
+func WithHttpClientPtr(httpClient *http.Client) ConfigSetter {
+	return func(c *Configuration) {
+		c.HTTPClient = httpClient
+	}
+}
+
+func WithConnectionTimeout(i int64) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.ConnectionTimeout = i
+	}
+}
+
+func WithProxyPort(i int32) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Proxy.Port = i
+	}
+}
+
+func WithProxyHost(host string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Proxy.Host = host
+	}
+}
+
+func WithProxyUsername(username string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Proxy.Username = username
+	}
+}
+
+func WithProxyPassword(pass string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Proxy.Password = pass
+	}
+}
+
+func WithOrgUrl(rawUrl string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.OrgUrl = rawUrl
+	}
+}
+
+func WithToken(token string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Token = token
+	}
+}
+
+func WithUserAgentExtra(userAgent string) ConfigSetter {
+	return func(c *Configuration) {
+		c.UserAgentExtra = userAgent
+	}
+}
+
+func WithTestingDisableHttpsCheck(httpsCheck bool) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Testing.DisableHttpsCheck = httpsCheck
+	}
+}
+
+func WithRequestTimeout(requestTimeout int64) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.RequestTimeout = requestTimeout
+	}
+}
+
+func WithRateLimitMaxRetries(maxRetries int32) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.RateLimit.MaxRetries = maxRetries
+	}
+}
+
+func WithRateLimitMaxBackOff(maxBackoff int64) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.RateLimit.MaxBackoff = maxBackoff
+	}
+}
+
+func WithAuthorizationMode(authzMode string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.AuthorizationMode = authzMode
+	}
+}
+
+func WithClientId(clientId string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.ClientId = clientId
+	}
+}
+
+func WithScopes(scopes []string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.Scopes = scopes
+	}
+}
+
+// WithPrivateKey sets private key key. Can be either a path to a private key or private key itself.
+func WithPrivateKey(privateKey string) ConfigSetter {
+	return func(c *Configuration) {
+		if fileExists(privateKey) {
+			content, err := ioutil.ReadFile(privateKey)
+			if err != nil {
+				fmt.Printf("failed to read from provided private key file path: %v", err)
+			}
+			c.Okta.Client.PrivateKey = string(content)
+		} else {
+			c.Okta.Client.PrivateKey = privateKey
+		}
+	}
+}
+
+func WithPrivateKeyId(privateKeyId string) ConfigSetter {
+	return func(c *Configuration) {
+		c.Okta.Client.PrivateKeyId = privateKeyId
+	}
+}
+
+func WithPrivateKeySigner(signer jose.Signer) ConfigSetter {
+	return func(c *Configuration) {
+		c.PrivateKeySigner = signer
+	}
+}
+
+func fileExists(filename string) bool {
+	info, err := os.Stat(filename)
+	if err != nil {
+		if os.IsNotExist(err) || errors.Is(err, syscall.ENAMETOOLONG) {
+			return false
+		}
+		fmt.Println("can not get information about the file containing private key, using provided value as the key itself")
+		return false
+	}
+	return !info.IsDir()
+}
diff --git a/okta/configuration_test.go b/okta/configuration_test.go
new file mode 100644
index 000000000..ccbf4675a
--- /dev/null
+++ b/okta/configuration_test.go
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2018 - Present Okta, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package okta
+
+import (
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestUserAgent(t *testing.T) {
+	configuration := NewConfiguration()
+	userAgent := "okta-sdk-golang/" + VERSION + " golang/" + runtime.Version() + " " + runtime.GOOS + "/" + runtime.GOARCH
+	require.Equal(t, userAgent, configuration.UserAgent)
+}
+
+func TestUserAgentWithExtra(t *testing.T) {
+	configuration := NewConfiguration(
+		WithUserAgentExtra("extra/info"),
+	)
+	userAgent := "okta-sdk-golang/" + VERSION + " golang/" + runtime.Version() + " " + runtime.GOOS + "/" + runtime.GOARCH + " extra/info"
+	require.Equal(t, userAgent, configuration.UserAgent)
+}
diff --git a/okta/contextPolicyRuleCondition.go b/okta/contextPolicyRuleCondition.go
deleted file mode 100644
index 0776cd86a..000000000
--- a/okta/contextPolicyRuleCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ContextPolicyRuleCondition struct {
-	Expression string `json:"expression,omitempty"`
-}
-
-func NewContextPolicyRuleCondition() *ContextPolicyRuleCondition {
-	return &ContextPolicyRuleCondition{}
-}
-
-func (a *ContextPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/createSessionRequest.go b/okta/createSessionRequest.go
deleted file mode 100644
index a6d28ae5d..000000000
--- a/okta/createSessionRequest.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CreateSessionRequest struct {
-	SessionToken string `json:"sessionToken,omitempty"`
-}
diff --git a/okta/createUserRequest.go b/okta/createUserRequest.go
deleted file mode 100644
index 8ae7f1ac7..000000000
--- a/okta/createUserRequest.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CreateUserRequest struct {
-	Credentials *UserCredentials `json:"credentials,omitempty"`
-	GroupIds    []string         `json:"groupIds,omitempty"`
-	Profile     *UserProfile     `json:"profile,omitempty"`
-	Type        *UserType        `json:"type,omitempty"`
-}
diff --git a/okta/csr.go b/okta/csr.go
deleted file mode 100644
index 39a70ac42..000000000
--- a/okta/csr.go
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type Csr struct {
-	Created *time.Time `json:"created,omitempty"`
-	Csr     string     `json:"csr,omitempty"`
-	Id      string     `json:"id,omitempty"`
-	Kty     string     `json:"kty,omitempty"`
-}
diff --git a/okta/csrMetadata.go b/okta/csrMetadata.go
deleted file mode 100644
index 69b42ca21..000000000
--- a/okta/csrMetadata.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CsrMetadata struct {
-	Subject         *CsrMetadataSubject         `json:"subject,omitempty"`
-	SubjectAltNames *CsrMetadataSubjectAltNames `json:"subjectAltNames,omitempty"`
-}
diff --git a/okta/csrMetadataSubject.go b/okta/csrMetadataSubject.go
deleted file mode 100644
index d2cbac1e8..000000000
--- a/okta/csrMetadataSubject.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CsrMetadataSubject struct {
-	CommonName             string `json:"commonName,omitempty"`
-	CountryName            string `json:"countryName,omitempty"`
-	LocalityName           string `json:"localityName,omitempty"`
-	OrganizationName       string `json:"organizationName,omitempty"`
-	OrganizationalUnitName string `json:"organizationalUnitName,omitempty"`
-	StateOrProvinceName    string `json:"stateOrProvinceName,omitempty"`
-}
diff --git a/okta/csrMetadataSubjectAltNames.go b/okta/csrMetadataSubjectAltNames.go
deleted file mode 100644
index 175bdf008..000000000
--- a/okta/csrMetadataSubjectAltNames.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CsrMetadataSubjectAltNames struct {
-	DnsNames []string `json:"dnsNames,omitempty"`
-}
diff --git a/okta/customHotpUserFactor.go b/okta/customHotpUserFactor.go
deleted file mode 100644
index e98c52dfd..000000000
--- a/okta/customHotpUserFactor.go
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type CustomHotpUserFactor struct {
-	Embedded        interface{}                  `json:"_embedded,omitempty"`
-	Links           interface{}                  `json:"_links,omitempty"`
-	Created         *time.Time                   `json:"created,omitempty"`
-	FactorType      string                       `json:"factorType,omitempty"`
-	Id              string                       `json:"id,omitempty"`
-	LastUpdated     *time.Time                   `json:"lastUpdated,omitempty"`
-	Provider        string                       `json:"provider,omitempty"`
-	Status          string                       `json:"status,omitempty"`
-	Verify          *VerifyFactorRequest         `json:"verify,omitempty"`
-	FactorProfileId string                       `json:"factorProfileId,omitempty"`
-	Profile         *CustomHotpUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewCustomHotpUserFactor() *CustomHotpUserFactor {
-	return &CustomHotpUserFactor{
-		FactorType: "token:hotp",
-	}
-}
-
-func (a *CustomHotpUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/customHotpUserFactorProfile.go b/okta/customHotpUserFactorProfile.go
deleted file mode 100644
index 7649b4ab6..000000000
--- a/okta/customHotpUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type CustomHotpUserFactorProfile struct {
-	SharedSecret string `json:"sharedSecret,omitempty"`
-}
-
-func NewCustomHotpUserFactorProfile() *CustomHotpUserFactorProfile {
-	return &CustomHotpUserFactorProfile{}
-}
-
-func (a *CustomHotpUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/deviceAccessPolicyRuleCondition.go b/okta/deviceAccessPolicyRuleCondition.go
deleted file mode 100644
index 960e557bb..000000000
--- a/okta/deviceAccessPolicyRuleCondition.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DeviceAccessPolicyRuleCondition struct {
-	Migrated   *bool                              `json:"migrated,omitempty"`
-	Platform   *DevicePolicyRuleConditionPlatform `json:"platform,omitempty"`
-	Rooted     *bool                              `json:"rooted,omitempty"`
-	TrustLevel string                             `json:"trustLevel,omitempty"`
-	Managed    *bool                              `json:"managed,omitempty"`
-	Registered *bool                              `json:"registered,omitempty"`
-}
-
-func NewDeviceAccessPolicyRuleCondition() *DeviceAccessPolicyRuleCondition {
-	return &DeviceAccessPolicyRuleCondition{}
-}
-
-func (a *DeviceAccessPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/devicePolicyRuleCondition.go b/okta/devicePolicyRuleCondition.go
deleted file mode 100644
index 8808d01e7..000000000
--- a/okta/devicePolicyRuleCondition.go
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DevicePolicyRuleCondition struct {
-	Migrated   *bool                              `json:"migrated,omitempty"`
-	Platform   *DevicePolicyRuleConditionPlatform `json:"platform,omitempty"`
-	Rooted     *bool                              `json:"rooted,omitempty"`
-	TrustLevel string                             `json:"trustLevel,omitempty"`
-}
-
-func NewDevicePolicyRuleCondition() *DevicePolicyRuleCondition {
-	return &DevicePolicyRuleCondition{}
-}
-
-func (a *DevicePolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/devicePolicyRuleConditionPlatform.go b/okta/devicePolicyRuleConditionPlatform.go
deleted file mode 100644
index 379b9ee9e..000000000
--- a/okta/devicePolicyRuleConditionPlatform.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DevicePolicyRuleConditionPlatform struct {
-	SupportedMDMFrameworks []string `json:"supportedMDMFrameworks,omitempty"`
-	Types                  []string `json:"types,omitempty"`
-}
-
-func NewDevicePolicyRuleConditionPlatform() *DevicePolicyRuleConditionPlatform {
-	return &DevicePolicyRuleConditionPlatform{}
-}
-
-func (a *DevicePolicyRuleConditionPlatform) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/dnsRecord.go b/okta/dnsRecord.go
deleted file mode 100644
index 1e7310f4a..000000000
--- a/okta/dnsRecord.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DNSRecord struct {
-	Expiration string   `json:"expiration,omitempty"`
-	Fqdn       string   `json:"fqdn,omitempty"`
-	RecordType string   `json:"recordType,omitempty"`
-	Values     []string `json:"values,omitempty"`
-}
diff --git a/okta/dnsRecordType.go b/okta/dnsRecordType.go
deleted file mode 100644
index a417e917b..000000000
--- a/okta/dnsRecordType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DNSRecordType string
diff --git a/okta/docs/APNSConfiguration.md b/okta/docs/APNSConfiguration.md
new file mode 100644
index 000000000..dd6b4affd
--- /dev/null
+++ b/okta/docs/APNSConfiguration.md
@@ -0,0 +1,134 @@
+# APNSConfiguration
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**FileName** | Pointer to **string** | (Optional) File name for Admin Console display | [optional] 
+**KeyId** | Pointer to **string** | 10-character Key ID obtained from the Apple developer account | [optional] 
+**TeamId** | Pointer to **string** | 10-character Team ID used to develop the iOS app | [optional] 
+**TokenSigningKey** | Pointer to **string** | APNs private authentication token signing key | [optional] 
+
+## Methods
+
+### NewAPNSConfiguration
+
+`func NewAPNSConfiguration() *APNSConfiguration`
+
+NewAPNSConfiguration instantiates a new APNSConfiguration object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAPNSConfigurationWithDefaults
+
+`func NewAPNSConfigurationWithDefaults() *APNSConfiguration`
+
+NewAPNSConfigurationWithDefaults instantiates a new APNSConfiguration object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFileName
+
+`func (o *APNSConfiguration) GetFileName() string`
+
+GetFileName returns the FileName field if non-nil, zero value otherwise.
+
+### GetFileNameOk
+
+`func (o *APNSConfiguration) GetFileNameOk() (*string, bool)`
+
+GetFileNameOk returns a tuple with the FileName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFileName
+
+`func (o *APNSConfiguration) SetFileName(v string)`
+
+SetFileName sets FileName field to given value.
+
+### HasFileName
+
+`func (o *APNSConfiguration) HasFileName() bool`
+
+HasFileName returns a boolean if a field has been set.
+
+### GetKeyId
+
+`func (o *APNSConfiguration) GetKeyId() string`
+
+GetKeyId returns the KeyId field if non-nil, zero value otherwise.
+
+### GetKeyIdOk
+
+`func (o *APNSConfiguration) GetKeyIdOk() (*string, bool)`
+
+GetKeyIdOk returns a tuple with the KeyId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKeyId
+
+`func (o *APNSConfiguration) SetKeyId(v string)`
+
+SetKeyId sets KeyId field to given value.
+
+### HasKeyId
+
+`func (o *APNSConfiguration) HasKeyId() bool`
+
+HasKeyId returns a boolean if a field has been set.
+
+### GetTeamId
+
+`func (o *APNSConfiguration) GetTeamId() string`
+
+GetTeamId returns the TeamId field if non-nil, zero value otherwise.
+
+### GetTeamIdOk
+
+`func (o *APNSConfiguration) GetTeamIdOk() (*string, bool)`
+
+GetTeamIdOk returns a tuple with the TeamId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTeamId
+
+`func (o *APNSConfiguration) SetTeamId(v string)`
+
+SetTeamId sets TeamId field to given value.
+
+### HasTeamId
+
+`func (o *APNSConfiguration) HasTeamId() bool`
+
+HasTeamId returns a boolean if a field has been set.
+
+### GetTokenSigningKey
+
+`func (o *APNSConfiguration) GetTokenSigningKey() string`
+
+GetTokenSigningKey returns the TokenSigningKey field if non-nil, zero value otherwise.
+
+### GetTokenSigningKeyOk
+
+`func (o *APNSConfiguration) GetTokenSigningKeyOk() (*string, bool)`
+
+GetTokenSigningKeyOk returns a tuple with the TokenSigningKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenSigningKey
+
+`func (o *APNSConfiguration) SetTokenSigningKey(v string)`
+
+SetTokenSigningKey sets TokenSigningKey field to given value.
+
+### HasTokenSigningKey
+
+`func (o *APNSConfiguration) HasTokenSigningKey() bool`
+
+HasTokenSigningKey returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/APNSPushProvider.md b/okta/docs/APNSPushProvider.md
new file mode 100644
index 000000000..6a7c76856
--- /dev/null
+++ b/okta/docs/APNSPushProvider.md
@@ -0,0 +1,56 @@
+# APNSPushProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Configuration** | Pointer to [**APNSConfiguration**](APNSConfiguration.md) |  | [optional] 
+
+## Methods
+
+### NewAPNSPushProvider
+
+`func NewAPNSPushProvider() *APNSPushProvider`
+
+NewAPNSPushProvider instantiates a new APNSPushProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAPNSPushProviderWithDefaults
+
+`func NewAPNSPushProviderWithDefaults() *APNSPushProvider`
+
+NewAPNSPushProviderWithDefaults instantiates a new APNSPushProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfiguration
+
+`func (o *APNSPushProvider) GetConfiguration() APNSConfiguration`
+
+GetConfiguration returns the Configuration field if non-nil, zero value otherwise.
+
+### GetConfigurationOk
+
+`func (o *APNSPushProvider) GetConfigurationOk() (*APNSConfiguration, bool)`
+
+GetConfigurationOk returns a tuple with the Configuration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfiguration
+
+`func (o *APNSPushProvider) SetConfiguration(v APNSConfiguration)`
+
+SetConfiguration sets Configuration field to given value.
+
+### HasConfiguration
+
+`func (o *APNSPushProvider) HasConfiguration() bool`
+
+HasConfiguration returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/APNSPushProviderAllOf.md b/okta/docs/APNSPushProviderAllOf.md
new file mode 100644
index 000000000..3bcbe1a83
--- /dev/null
+++ b/okta/docs/APNSPushProviderAllOf.md
@@ -0,0 +1,56 @@
+# APNSPushProviderAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Configuration** | Pointer to [**APNSConfiguration**](APNSConfiguration.md) |  | [optional] 
+
+## Methods
+
+### NewAPNSPushProviderAllOf
+
+`func NewAPNSPushProviderAllOf() *APNSPushProviderAllOf`
+
+NewAPNSPushProviderAllOf instantiates a new APNSPushProviderAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAPNSPushProviderAllOfWithDefaults
+
+`func NewAPNSPushProviderAllOfWithDefaults() *APNSPushProviderAllOf`
+
+NewAPNSPushProviderAllOfWithDefaults instantiates a new APNSPushProviderAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfiguration
+
+`func (o *APNSPushProviderAllOf) GetConfiguration() APNSConfiguration`
+
+GetConfiguration returns the Configuration field if non-nil, zero value otherwise.
+
+### GetConfigurationOk
+
+`func (o *APNSPushProviderAllOf) GetConfigurationOk() (*APNSConfiguration, bool)`
+
+GetConfigurationOk returns a tuple with the Configuration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfiguration
+
+`func (o *APNSPushProviderAllOf) SetConfiguration(v APNSConfiguration)`
+
+SetConfiguration sets Configuration field to given value.
+
+### HasConfiguration
+
+`func (o *APNSPushProviderAllOf) HasConfiguration() bool`
+
+HasConfiguration returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicy.md b/okta/docs/AccessPolicy.md
new file mode 100644
index 000000000..0eab6dffc
--- /dev/null
+++ b/okta/docs/AccessPolicy.md
@@ -0,0 +1,56 @@
+# AccessPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicy
+
+`func NewAccessPolicy() *AccessPolicy`
+
+NewAccessPolicy instantiates a new AccessPolicy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyWithDefaults
+
+`func NewAccessPolicyWithDefaults() *AccessPolicy`
+
+NewAccessPolicyWithDefaults instantiates a new AccessPolicy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *AccessPolicy) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *AccessPolicy) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *AccessPolicy) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *AccessPolicy) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyAllOf.md b/okta/docs/AccessPolicyAllOf.md
new file mode 100644
index 000000000..c764abf7c
--- /dev/null
+++ b/okta/docs/AccessPolicyAllOf.md
@@ -0,0 +1,56 @@
+# AccessPolicyAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyAllOf
+
+`func NewAccessPolicyAllOf() *AccessPolicyAllOf`
+
+NewAccessPolicyAllOf instantiates a new AccessPolicyAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyAllOfWithDefaults
+
+`func NewAccessPolicyAllOfWithDefaults() *AccessPolicyAllOf`
+
+NewAccessPolicyAllOfWithDefaults instantiates a new AccessPolicyAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *AccessPolicyAllOf) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *AccessPolicyAllOf) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *AccessPolicyAllOf) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *AccessPolicyAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyConstraint.md b/okta/docs/AccessPolicyConstraint.md
new file mode 100644
index 000000000..7d2975e2e
--- /dev/null
+++ b/okta/docs/AccessPolicyConstraint.md
@@ -0,0 +1,108 @@
+# AccessPolicyConstraint
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Methods** | Pointer to **[]string** |  | [optional] 
+**ReauthenticateIn** | Pointer to **string** |  | [optional] 
+**Types** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyConstraint
+
+`func NewAccessPolicyConstraint() *AccessPolicyConstraint`
+
+NewAccessPolicyConstraint instantiates a new AccessPolicyConstraint object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyConstraintWithDefaults
+
+`func NewAccessPolicyConstraintWithDefaults() *AccessPolicyConstraint`
+
+NewAccessPolicyConstraintWithDefaults instantiates a new AccessPolicyConstraint object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMethods
+
+`func (o *AccessPolicyConstraint) GetMethods() []string`
+
+GetMethods returns the Methods field if non-nil, zero value otherwise.
+
+### GetMethodsOk
+
+`func (o *AccessPolicyConstraint) GetMethodsOk() (*[]string, bool)`
+
+GetMethodsOk returns a tuple with the Methods field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethods
+
+`func (o *AccessPolicyConstraint) SetMethods(v []string)`
+
+SetMethods sets Methods field to given value.
+
+### HasMethods
+
+`func (o *AccessPolicyConstraint) HasMethods() bool`
+
+HasMethods returns a boolean if a field has been set.
+
+### GetReauthenticateIn
+
+`func (o *AccessPolicyConstraint) GetReauthenticateIn() string`
+
+GetReauthenticateIn returns the ReauthenticateIn field if non-nil, zero value otherwise.
+
+### GetReauthenticateInOk
+
+`func (o *AccessPolicyConstraint) GetReauthenticateInOk() (*string, bool)`
+
+GetReauthenticateInOk returns a tuple with the ReauthenticateIn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReauthenticateIn
+
+`func (o *AccessPolicyConstraint) SetReauthenticateIn(v string)`
+
+SetReauthenticateIn sets ReauthenticateIn field to given value.
+
+### HasReauthenticateIn
+
+`func (o *AccessPolicyConstraint) HasReauthenticateIn() bool`
+
+HasReauthenticateIn returns a boolean if a field has been set.
+
+### GetTypes
+
+`func (o *AccessPolicyConstraint) GetTypes() []string`
+
+GetTypes returns the Types field if non-nil, zero value otherwise.
+
+### GetTypesOk
+
+`func (o *AccessPolicyConstraint) GetTypesOk() (*[]string, bool)`
+
+GetTypesOk returns a tuple with the Types field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTypes
+
+`func (o *AccessPolicyConstraint) SetTypes(v []string)`
+
+SetTypes sets Types field to given value.
+
+### HasTypes
+
+`func (o *AccessPolicyConstraint) HasTypes() bool`
+
+HasTypes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyConstraints.md b/okta/docs/AccessPolicyConstraints.md
new file mode 100644
index 000000000..a91ee1a48
--- /dev/null
+++ b/okta/docs/AccessPolicyConstraints.md
@@ -0,0 +1,82 @@
+# AccessPolicyConstraints
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Knowledge** | Pointer to [**KnowledgeConstraint**](KnowledgeConstraint.md) |  | [optional] 
+**Possession** | Pointer to [**PossessionConstraint**](PossessionConstraint.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyConstraints
+
+`func NewAccessPolicyConstraints() *AccessPolicyConstraints`
+
+NewAccessPolicyConstraints instantiates a new AccessPolicyConstraints object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyConstraintsWithDefaults
+
+`func NewAccessPolicyConstraintsWithDefaults() *AccessPolicyConstraints`
+
+NewAccessPolicyConstraintsWithDefaults instantiates a new AccessPolicyConstraints object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKnowledge
+
+`func (o *AccessPolicyConstraints) GetKnowledge() KnowledgeConstraint`
+
+GetKnowledge returns the Knowledge field if non-nil, zero value otherwise.
+
+### GetKnowledgeOk
+
+`func (o *AccessPolicyConstraints) GetKnowledgeOk() (*KnowledgeConstraint, bool)`
+
+GetKnowledgeOk returns a tuple with the Knowledge field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKnowledge
+
+`func (o *AccessPolicyConstraints) SetKnowledge(v KnowledgeConstraint)`
+
+SetKnowledge sets Knowledge field to given value.
+
+### HasKnowledge
+
+`func (o *AccessPolicyConstraints) HasKnowledge() bool`
+
+HasKnowledge returns a boolean if a field has been set.
+
+### GetPossession
+
+`func (o *AccessPolicyConstraints) GetPossession() PossessionConstraint`
+
+GetPossession returns the Possession field if non-nil, zero value otherwise.
+
+### GetPossessionOk
+
+`func (o *AccessPolicyConstraints) GetPossessionOk() (*PossessionConstraint, bool)`
+
+GetPossessionOk returns a tuple with the Possession field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPossession
+
+`func (o *AccessPolicyConstraints) SetPossession(v PossessionConstraint)`
+
+SetPossession sets Possession field to given value.
+
+### HasPossession
+
+`func (o *AccessPolicyConstraints) HasPossession() bool`
+
+HasPossession returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRule.md b/okta/docs/AccessPolicyRule.md
new file mode 100644
index 000000000..84cedf9cc
--- /dev/null
+++ b/okta/docs/AccessPolicyRule.md
@@ -0,0 +1,82 @@
+# AccessPolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**AccessPolicyRuleActions**](AccessPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**AccessPolicyRuleConditions**](AccessPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRule
+
+`func NewAccessPolicyRule() *AccessPolicyRule`
+
+NewAccessPolicyRule instantiates a new AccessPolicyRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleWithDefaults
+
+`func NewAccessPolicyRuleWithDefaults() *AccessPolicyRule`
+
+NewAccessPolicyRuleWithDefaults instantiates a new AccessPolicyRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *AccessPolicyRule) GetActions() AccessPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *AccessPolicyRule) GetActionsOk() (*AccessPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *AccessPolicyRule) SetActions(v AccessPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *AccessPolicyRule) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *AccessPolicyRule) GetConditions() AccessPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *AccessPolicyRule) GetConditionsOk() (*AccessPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *AccessPolicyRule) SetConditions(v AccessPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *AccessPolicyRule) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRuleActions.md b/okta/docs/AccessPolicyRuleActions.md
new file mode 100644
index 000000000..d1752d676
--- /dev/null
+++ b/okta/docs/AccessPolicyRuleActions.md
@@ -0,0 +1,212 @@
+# AccessPolicyRuleActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enroll** | Pointer to [**PolicyRuleActionsEnroll**](PolicyRuleActionsEnroll.md) |  | [optional] 
+**Idp** | Pointer to [**IdpPolicyRuleAction**](IdpPolicyRuleAction.md) |  | [optional] 
+**PasswordChange** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServicePasswordReset** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServiceUnlock** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**Signon** | Pointer to [**OktaSignOnPolicyRuleSignonActions**](OktaSignOnPolicyRuleSignonActions.md) |  | [optional] 
+**AppSignOn** | Pointer to [**AccessPolicyRuleApplicationSignOn**](AccessPolicyRuleApplicationSignOn.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRuleActions
+
+`func NewAccessPolicyRuleActions() *AccessPolicyRuleActions`
+
+NewAccessPolicyRuleActions instantiates a new AccessPolicyRuleActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleActionsWithDefaults
+
+`func NewAccessPolicyRuleActionsWithDefaults() *AccessPolicyRuleActions`
+
+NewAccessPolicyRuleActionsWithDefaults instantiates a new AccessPolicyRuleActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnroll
+
+`func (o *AccessPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll`
+
+GetEnroll returns the Enroll field if non-nil, zero value otherwise.
+
+### GetEnrollOk
+
+`func (o *AccessPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool)`
+
+GetEnrollOk returns a tuple with the Enroll field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnroll
+
+`func (o *AccessPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll)`
+
+SetEnroll sets Enroll field to given value.
+
+### HasEnroll
+
+`func (o *AccessPolicyRuleActions) HasEnroll() bool`
+
+HasEnroll returns a boolean if a field has been set.
+
+### GetIdp
+
+`func (o *AccessPolicyRuleActions) GetIdp() IdpPolicyRuleAction`
+
+GetIdp returns the Idp field if non-nil, zero value otherwise.
+
+### GetIdpOk
+
+`func (o *AccessPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool)`
+
+GetIdpOk returns a tuple with the Idp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdp
+
+`func (o *AccessPolicyRuleActions) SetIdp(v IdpPolicyRuleAction)`
+
+SetIdp sets Idp field to given value.
+
+### HasIdp
+
+`func (o *AccessPolicyRuleActions) HasIdp() bool`
+
+HasIdp returns a boolean if a field has been set.
+
+### GetPasswordChange
+
+`func (o *AccessPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction`
+
+GetPasswordChange returns the PasswordChange field if non-nil, zero value otherwise.
+
+### GetPasswordChangeOk
+
+`func (o *AccessPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool)`
+
+GetPasswordChangeOk returns a tuple with the PasswordChange field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChange
+
+`func (o *AccessPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction)`
+
+SetPasswordChange sets PasswordChange field to given value.
+
+### HasPasswordChange
+
+`func (o *AccessPolicyRuleActions) HasPasswordChange() bool`
+
+HasPasswordChange returns a boolean if a field has been set.
+
+### GetSelfServicePasswordReset
+
+`func (o *AccessPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction`
+
+GetSelfServicePasswordReset returns the SelfServicePasswordReset field if non-nil, zero value otherwise.
+
+### GetSelfServicePasswordResetOk
+
+`func (o *AccessPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServicePasswordReset
+
+`func (o *AccessPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction)`
+
+SetSelfServicePasswordReset sets SelfServicePasswordReset field to given value.
+
+### HasSelfServicePasswordReset
+
+`func (o *AccessPolicyRuleActions) HasSelfServicePasswordReset() bool`
+
+HasSelfServicePasswordReset returns a boolean if a field has been set.
+
+### GetSelfServiceUnlock
+
+`func (o *AccessPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction`
+
+GetSelfServiceUnlock returns the SelfServiceUnlock field if non-nil, zero value otherwise.
+
+### GetSelfServiceUnlockOk
+
+`func (o *AccessPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServiceUnlock
+
+`func (o *AccessPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction)`
+
+SetSelfServiceUnlock sets SelfServiceUnlock field to given value.
+
+### HasSelfServiceUnlock
+
+`func (o *AccessPolicyRuleActions) HasSelfServiceUnlock() bool`
+
+HasSelfServiceUnlock returns a boolean if a field has been set.
+
+### GetSignon
+
+`func (o *AccessPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions`
+
+GetSignon returns the Signon field if non-nil, zero value otherwise.
+
+### GetSignonOk
+
+`func (o *AccessPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool)`
+
+GetSignonOk returns a tuple with the Signon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignon
+
+`func (o *AccessPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions)`
+
+SetSignon sets Signon field to given value.
+
+### HasSignon
+
+`func (o *AccessPolicyRuleActions) HasSignon() bool`
+
+HasSignon returns a boolean if a field has been set.
+
+### GetAppSignOn
+
+`func (o *AccessPolicyRuleActions) GetAppSignOn() AccessPolicyRuleApplicationSignOn`
+
+GetAppSignOn returns the AppSignOn field if non-nil, zero value otherwise.
+
+### GetAppSignOnOk
+
+`func (o *AccessPolicyRuleActions) GetAppSignOnOk() (*AccessPolicyRuleApplicationSignOn, bool)`
+
+GetAppSignOnOk returns a tuple with the AppSignOn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppSignOn
+
+`func (o *AccessPolicyRuleActions) SetAppSignOn(v AccessPolicyRuleApplicationSignOn)`
+
+SetAppSignOn sets AppSignOn field to given value.
+
+### HasAppSignOn
+
+`func (o *AccessPolicyRuleActions) HasAppSignOn() bool`
+
+HasAppSignOn returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRuleActionsAllOf.md b/okta/docs/AccessPolicyRuleActionsAllOf.md
new file mode 100644
index 000000000..c6215e94f
--- /dev/null
+++ b/okta/docs/AccessPolicyRuleActionsAllOf.md
@@ -0,0 +1,56 @@
+# AccessPolicyRuleActionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AppSignOn** | Pointer to [**AccessPolicyRuleApplicationSignOn**](AccessPolicyRuleApplicationSignOn.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRuleActionsAllOf
+
+`func NewAccessPolicyRuleActionsAllOf() *AccessPolicyRuleActionsAllOf`
+
+NewAccessPolicyRuleActionsAllOf instantiates a new AccessPolicyRuleActionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleActionsAllOfWithDefaults
+
+`func NewAccessPolicyRuleActionsAllOfWithDefaults() *AccessPolicyRuleActionsAllOf`
+
+NewAccessPolicyRuleActionsAllOfWithDefaults instantiates a new AccessPolicyRuleActionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAppSignOn
+
+`func (o *AccessPolicyRuleActionsAllOf) GetAppSignOn() AccessPolicyRuleApplicationSignOn`
+
+GetAppSignOn returns the AppSignOn field if non-nil, zero value otherwise.
+
+### GetAppSignOnOk
+
+`func (o *AccessPolicyRuleActionsAllOf) GetAppSignOnOk() (*AccessPolicyRuleApplicationSignOn, bool)`
+
+GetAppSignOnOk returns a tuple with the AppSignOn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppSignOn
+
+`func (o *AccessPolicyRuleActionsAllOf) SetAppSignOn(v AccessPolicyRuleApplicationSignOn)`
+
+SetAppSignOn sets AppSignOn field to given value.
+
+### HasAppSignOn
+
+`func (o *AccessPolicyRuleActionsAllOf) HasAppSignOn() bool`
+
+HasAppSignOn returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRuleAllOf.md b/okta/docs/AccessPolicyRuleAllOf.md
new file mode 100644
index 000000000..ff0ed544f
--- /dev/null
+++ b/okta/docs/AccessPolicyRuleAllOf.md
@@ -0,0 +1,82 @@
+# AccessPolicyRuleAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**AccessPolicyRuleActions**](AccessPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**AccessPolicyRuleConditions**](AccessPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRuleAllOf
+
+`func NewAccessPolicyRuleAllOf() *AccessPolicyRuleAllOf`
+
+NewAccessPolicyRuleAllOf instantiates a new AccessPolicyRuleAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleAllOfWithDefaults
+
+`func NewAccessPolicyRuleAllOfWithDefaults() *AccessPolicyRuleAllOf`
+
+NewAccessPolicyRuleAllOfWithDefaults instantiates a new AccessPolicyRuleAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *AccessPolicyRuleAllOf) GetActions() AccessPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *AccessPolicyRuleAllOf) GetActionsOk() (*AccessPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *AccessPolicyRuleAllOf) SetActions(v AccessPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *AccessPolicyRuleAllOf) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *AccessPolicyRuleAllOf) GetConditions() AccessPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *AccessPolicyRuleAllOf) GetConditionsOk() (*AccessPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *AccessPolicyRuleAllOf) SetConditions(v AccessPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *AccessPolicyRuleAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRuleApplicationSignOn.md b/okta/docs/AccessPolicyRuleApplicationSignOn.md
new file mode 100644
index 000000000..1be725331
--- /dev/null
+++ b/okta/docs/AccessPolicyRuleApplicationSignOn.md
@@ -0,0 +1,82 @@
+# AccessPolicyRuleApplicationSignOn
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Access** | Pointer to **string** |  | [optional] 
+**VerificationMethod** | Pointer to [**VerificationMethod**](VerificationMethod.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRuleApplicationSignOn
+
+`func NewAccessPolicyRuleApplicationSignOn() *AccessPolicyRuleApplicationSignOn`
+
+NewAccessPolicyRuleApplicationSignOn instantiates a new AccessPolicyRuleApplicationSignOn object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleApplicationSignOnWithDefaults
+
+`func NewAccessPolicyRuleApplicationSignOnWithDefaults() *AccessPolicyRuleApplicationSignOn`
+
+NewAccessPolicyRuleApplicationSignOnWithDefaults instantiates a new AccessPolicyRuleApplicationSignOn object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccess
+
+`func (o *AccessPolicyRuleApplicationSignOn) GetAccess() string`
+
+GetAccess returns the Access field if non-nil, zero value otherwise.
+
+### GetAccessOk
+
+`func (o *AccessPolicyRuleApplicationSignOn) GetAccessOk() (*string, bool)`
+
+GetAccessOk returns a tuple with the Access field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccess
+
+`func (o *AccessPolicyRuleApplicationSignOn) SetAccess(v string)`
+
+SetAccess sets Access field to given value.
+
+### HasAccess
+
+`func (o *AccessPolicyRuleApplicationSignOn) HasAccess() bool`
+
+HasAccess returns a boolean if a field has been set.
+
+### GetVerificationMethod
+
+`func (o *AccessPolicyRuleApplicationSignOn) GetVerificationMethod() VerificationMethod`
+
+GetVerificationMethod returns the VerificationMethod field if non-nil, zero value otherwise.
+
+### GetVerificationMethodOk
+
+`func (o *AccessPolicyRuleApplicationSignOn) GetVerificationMethodOk() (*VerificationMethod, bool)`
+
+GetVerificationMethodOk returns a tuple with the VerificationMethod field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerificationMethod
+
+`func (o *AccessPolicyRuleApplicationSignOn) SetVerificationMethod(v VerificationMethod)`
+
+SetVerificationMethod sets VerificationMethod field to given value.
+
+### HasVerificationMethod
+
+`func (o *AccessPolicyRuleApplicationSignOn) HasVerificationMethod() bool`
+
+HasVerificationMethod returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRuleConditions.md b/okta/docs/AccessPolicyRuleConditions.md
new file mode 100644
index 000000000..10ae9f2dd
--- /dev/null
+++ b/okta/docs/AccessPolicyRuleConditions.md
@@ -0,0 +1,628 @@
+# AccessPolicyRuleConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
+**Apps** | Pointer to [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**BeforeScheduledAction** | Pointer to [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**Context** | Pointer to [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
+**Device** | Pointer to [**DeviceAccessPolicyRuleCondition**](DeviceAccessPolicyRuleCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**Groups** | Pointer to [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
+**IdentityProvider** | Pointer to [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
+**MdmEnrollment** | Pointer to [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Platform** | Pointer to [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
+**Risk** | Pointer to [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
+**RiskScore** | Pointer to [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+**UserIdentifier** | Pointer to [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
+**UserStatus** | Pointer to [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
+**ElCondition** | Pointer to [**AccessPolicyRuleCustomCondition**](AccessPolicyRuleCustomCondition.md) |  | [optional] 
+**UserType** | Pointer to [**UserTypeCondition**](UserTypeCondition.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRuleConditions
+
+`func NewAccessPolicyRuleConditions() *AccessPolicyRuleConditions`
+
+NewAccessPolicyRuleConditions instantiates a new AccessPolicyRuleConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleConditionsWithDefaults
+
+`func NewAccessPolicyRuleConditionsWithDefaults() *AccessPolicyRuleConditions`
+
+NewAccessPolicyRuleConditionsWithDefaults instantiates a new AccessPolicyRuleConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *AccessPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *AccessPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *AccessPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *AccessPolicyRuleConditions) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetApps
+
+`func (o *AccessPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *AccessPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *AccessPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *AccessPolicyRuleConditions) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetAuthContext
+
+`func (o *AccessPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *AccessPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *AccessPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *AccessPolicyRuleConditions) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetAuthProvider
+
+`func (o *AccessPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *AccessPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *AccessPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *AccessPolicyRuleConditions) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetBeforeScheduledAction
+
+`func (o *AccessPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition`
+
+GetBeforeScheduledAction returns the BeforeScheduledAction field if non-nil, zero value otherwise.
+
+### GetBeforeScheduledActionOk
+
+`func (o *AccessPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool)`
+
+GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBeforeScheduledAction
+
+`func (o *AccessPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition)`
+
+SetBeforeScheduledAction sets BeforeScheduledAction field to given value.
+
+### HasBeforeScheduledAction
+
+`func (o *AccessPolicyRuleConditions) HasBeforeScheduledAction() bool`
+
+HasBeforeScheduledAction returns a boolean if a field has been set.
+
+### GetClients
+
+`func (o *AccessPolicyRuleConditions) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *AccessPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *AccessPolicyRuleConditions) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *AccessPolicyRuleConditions) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetContext
+
+`func (o *AccessPolicyRuleConditions) GetContext() ContextPolicyRuleCondition`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *AccessPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *AccessPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition)`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *AccessPolicyRuleConditions) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### GetDevice
+
+`func (o *AccessPolicyRuleConditions) GetDevice() DeviceAccessPolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *AccessPolicyRuleConditions) GetDeviceOk() (*DeviceAccessPolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *AccessPolicyRuleConditions) SetDevice(v DeviceAccessPolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *AccessPolicyRuleConditions) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *AccessPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *AccessPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *AccessPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *AccessPolicyRuleConditions) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *AccessPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *AccessPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *AccessPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *AccessPolicyRuleConditions) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetIdentityProvider
+
+`func (o *AccessPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition`
+
+GetIdentityProvider returns the IdentityProvider field if non-nil, zero value otherwise.
+
+### GetIdentityProviderOk
+
+`func (o *AccessPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool)`
+
+GetIdentityProviderOk returns a tuple with the IdentityProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityProvider
+
+`func (o *AccessPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition)`
+
+SetIdentityProvider sets IdentityProvider field to given value.
+
+### HasIdentityProvider
+
+`func (o *AccessPolicyRuleConditions) HasIdentityProvider() bool`
+
+HasIdentityProvider returns a boolean if a field has been set.
+
+### GetMdmEnrollment
+
+`func (o *AccessPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition`
+
+GetMdmEnrollment returns the MdmEnrollment field if non-nil, zero value otherwise.
+
+### GetMdmEnrollmentOk
+
+`func (o *AccessPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool)`
+
+GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMdmEnrollment
+
+`func (o *AccessPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition)`
+
+SetMdmEnrollment sets MdmEnrollment field to given value.
+
+### HasMdmEnrollment
+
+`func (o *AccessPolicyRuleConditions) HasMdmEnrollment() bool`
+
+HasMdmEnrollment returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *AccessPolicyRuleConditions) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *AccessPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *AccessPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *AccessPolicyRuleConditions) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *AccessPolicyRuleConditions) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *AccessPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *AccessPolicyRuleConditions) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *AccessPolicyRuleConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *AccessPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *AccessPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *AccessPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *AccessPolicyRuleConditions) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRisk
+
+`func (o *AccessPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition`
+
+GetRisk returns the Risk field if non-nil, zero value otherwise.
+
+### GetRiskOk
+
+`func (o *AccessPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool)`
+
+GetRiskOk returns a tuple with the Risk field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRisk
+
+`func (o *AccessPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition)`
+
+SetRisk sets Risk field to given value.
+
+### HasRisk
+
+`func (o *AccessPolicyRuleConditions) HasRisk() bool`
+
+HasRisk returns a boolean if a field has been set.
+
+### GetRiskScore
+
+`func (o *AccessPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition`
+
+GetRiskScore returns the RiskScore field if non-nil, zero value otherwise.
+
+### GetRiskScoreOk
+
+`func (o *AccessPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool)`
+
+GetRiskScoreOk returns a tuple with the RiskScore field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskScore
+
+`func (o *AccessPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition)`
+
+SetRiskScore sets RiskScore field to given value.
+
+### HasRiskScore
+
+`func (o *AccessPolicyRuleConditions) HasRiskScore() bool`
+
+HasRiskScore returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *AccessPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *AccessPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *AccessPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *AccessPolicyRuleConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetUserIdentifier
+
+`func (o *AccessPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition`
+
+GetUserIdentifier returns the UserIdentifier field if non-nil, zero value otherwise.
+
+### GetUserIdentifierOk
+
+`func (o *AccessPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool)`
+
+GetUserIdentifierOk returns a tuple with the UserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserIdentifier
+
+`func (o *AccessPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition)`
+
+SetUserIdentifier sets UserIdentifier field to given value.
+
+### HasUserIdentifier
+
+`func (o *AccessPolicyRuleConditions) HasUserIdentifier() bool`
+
+HasUserIdentifier returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *AccessPolicyRuleConditions) GetUsers() UserPolicyRuleCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *AccessPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *AccessPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *AccessPolicyRuleConditions) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetUserStatus
+
+`func (o *AccessPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition`
+
+GetUserStatus returns the UserStatus field if non-nil, zero value otherwise.
+
+### GetUserStatusOk
+
+`func (o *AccessPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool)`
+
+GetUserStatusOk returns a tuple with the UserStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserStatus
+
+`func (o *AccessPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition)`
+
+SetUserStatus sets UserStatus field to given value.
+
+### HasUserStatus
+
+`func (o *AccessPolicyRuleConditions) HasUserStatus() bool`
+
+HasUserStatus returns a boolean if a field has been set.
+
+### GetElCondition
+
+`func (o *AccessPolicyRuleConditions) GetElCondition() AccessPolicyRuleCustomCondition`
+
+GetElCondition returns the ElCondition field if non-nil, zero value otherwise.
+
+### GetElConditionOk
+
+`func (o *AccessPolicyRuleConditions) GetElConditionOk() (*AccessPolicyRuleCustomCondition, bool)`
+
+GetElConditionOk returns a tuple with the ElCondition field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetElCondition
+
+`func (o *AccessPolicyRuleConditions) SetElCondition(v AccessPolicyRuleCustomCondition)`
+
+SetElCondition sets ElCondition field to given value.
+
+### HasElCondition
+
+`func (o *AccessPolicyRuleConditions) HasElCondition() bool`
+
+HasElCondition returns a boolean if a field has been set.
+
+### GetUserType
+
+`func (o *AccessPolicyRuleConditions) GetUserType() UserTypeCondition`
+
+GetUserType returns the UserType field if non-nil, zero value otherwise.
+
+### GetUserTypeOk
+
+`func (o *AccessPolicyRuleConditions) GetUserTypeOk() (*UserTypeCondition, bool)`
+
+GetUserTypeOk returns a tuple with the UserType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserType
+
+`func (o *AccessPolicyRuleConditions) SetUserType(v UserTypeCondition)`
+
+SetUserType sets UserType field to given value.
+
+### HasUserType
+
+`func (o *AccessPolicyRuleConditions) HasUserType() bool`
+
+HasUserType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRuleConditionsAllOf.md b/okta/docs/AccessPolicyRuleConditionsAllOf.md
new file mode 100644
index 000000000..f63e9b12e
--- /dev/null
+++ b/okta/docs/AccessPolicyRuleConditionsAllOf.md
@@ -0,0 +1,108 @@
+# AccessPolicyRuleConditionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Device** | Pointer to [**DeviceAccessPolicyRuleCondition**](DeviceAccessPolicyRuleCondition.md) |  | [optional] 
+**ElCondition** | Pointer to [**AccessPolicyRuleCustomCondition**](AccessPolicyRuleCustomCondition.md) |  | [optional] 
+**UserType** | Pointer to [**UserTypeCondition**](UserTypeCondition.md) |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRuleConditionsAllOf
+
+`func NewAccessPolicyRuleConditionsAllOf() *AccessPolicyRuleConditionsAllOf`
+
+NewAccessPolicyRuleConditionsAllOf instantiates a new AccessPolicyRuleConditionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleConditionsAllOfWithDefaults
+
+`func NewAccessPolicyRuleConditionsAllOfWithDefaults() *AccessPolicyRuleConditionsAllOf`
+
+NewAccessPolicyRuleConditionsAllOfWithDefaults instantiates a new AccessPolicyRuleConditionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDevice
+
+`func (o *AccessPolicyRuleConditionsAllOf) GetDevice() DeviceAccessPolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *AccessPolicyRuleConditionsAllOf) GetDeviceOk() (*DeviceAccessPolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *AccessPolicyRuleConditionsAllOf) SetDevice(v DeviceAccessPolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *AccessPolicyRuleConditionsAllOf) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetElCondition
+
+`func (o *AccessPolicyRuleConditionsAllOf) GetElCondition() AccessPolicyRuleCustomCondition`
+
+GetElCondition returns the ElCondition field if non-nil, zero value otherwise.
+
+### GetElConditionOk
+
+`func (o *AccessPolicyRuleConditionsAllOf) GetElConditionOk() (*AccessPolicyRuleCustomCondition, bool)`
+
+GetElConditionOk returns a tuple with the ElCondition field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetElCondition
+
+`func (o *AccessPolicyRuleConditionsAllOf) SetElCondition(v AccessPolicyRuleCustomCondition)`
+
+SetElCondition sets ElCondition field to given value.
+
+### HasElCondition
+
+`func (o *AccessPolicyRuleConditionsAllOf) HasElCondition() bool`
+
+HasElCondition returns a boolean if a field has been set.
+
+### GetUserType
+
+`func (o *AccessPolicyRuleConditionsAllOf) GetUserType() UserTypeCondition`
+
+GetUserType returns the UserType field if non-nil, zero value otherwise.
+
+### GetUserTypeOk
+
+`func (o *AccessPolicyRuleConditionsAllOf) GetUserTypeOk() (*UserTypeCondition, bool)`
+
+GetUserTypeOk returns a tuple with the UserType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserType
+
+`func (o *AccessPolicyRuleConditionsAllOf) SetUserType(v UserTypeCondition)`
+
+SetUserType sets UserType field to given value.
+
+### HasUserType
+
+`func (o *AccessPolicyRuleConditionsAllOf) HasUserType() bool`
+
+HasUserType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AccessPolicyRuleCustomCondition.md b/okta/docs/AccessPolicyRuleCustomCondition.md
new file mode 100644
index 000000000..37aae69fa
--- /dev/null
+++ b/okta/docs/AccessPolicyRuleCustomCondition.md
@@ -0,0 +1,56 @@
+# AccessPolicyRuleCustomCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Condition** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAccessPolicyRuleCustomCondition
+
+`func NewAccessPolicyRuleCustomCondition() *AccessPolicyRuleCustomCondition`
+
+NewAccessPolicyRuleCustomCondition instantiates a new AccessPolicyRuleCustomCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAccessPolicyRuleCustomConditionWithDefaults
+
+`func NewAccessPolicyRuleCustomConditionWithDefaults() *AccessPolicyRuleCustomCondition`
+
+NewAccessPolicyRuleCustomConditionWithDefaults instantiates a new AccessPolicyRuleCustomCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCondition
+
+`func (o *AccessPolicyRuleCustomCondition) GetCondition() string`
+
+GetCondition returns the Condition field if non-nil, zero value otherwise.
+
+### GetConditionOk
+
+`func (o *AccessPolicyRuleCustomCondition) GetConditionOk() (*string, bool)`
+
+GetConditionOk returns a tuple with the Condition field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCondition
+
+`func (o *AccessPolicyRuleCustomCondition) SetCondition(v string)`
+
+SetCondition sets Condition field to given value.
+
+### HasCondition
+
+`func (o *AccessPolicyRuleCustomCondition) HasCondition() bool`
+
+HasCondition returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AcsEndpoint.md b/okta/docs/AcsEndpoint.md
new file mode 100644
index 000000000..fa003e564
--- /dev/null
+++ b/okta/docs/AcsEndpoint.md
@@ -0,0 +1,82 @@
+# AcsEndpoint
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Index** | Pointer to **int32** |  | [optional] 
+**Url** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAcsEndpoint
+
+`func NewAcsEndpoint() *AcsEndpoint`
+
+NewAcsEndpoint instantiates a new AcsEndpoint object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAcsEndpointWithDefaults
+
+`func NewAcsEndpointWithDefaults() *AcsEndpoint`
+
+NewAcsEndpointWithDefaults instantiates a new AcsEndpoint object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIndex
+
+`func (o *AcsEndpoint) GetIndex() int32`
+
+GetIndex returns the Index field if non-nil, zero value otherwise.
+
+### GetIndexOk
+
+`func (o *AcsEndpoint) GetIndexOk() (*int32, bool)`
+
+GetIndexOk returns a tuple with the Index field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIndex
+
+`func (o *AcsEndpoint) SetIndex(v int32)`
+
+SetIndex sets Index field to given value.
+
+### HasIndex
+
+`func (o *AcsEndpoint) HasIndex() bool`
+
+HasIndex returns a boolean if a field has been set.
+
+### GetUrl
+
+`func (o *AcsEndpoint) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *AcsEndpoint) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *AcsEndpoint) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *AcsEndpoint) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ActivateFactorRequest.md b/okta/docs/ActivateFactorRequest.md
new file mode 100644
index 000000000..1e172a016
--- /dev/null
+++ b/okta/docs/ActivateFactorRequest.md
@@ -0,0 +1,160 @@
+# ActivateFactorRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Attestation** | Pointer to **string** |  | [optional] 
+**ClientData** | Pointer to **string** |  | [optional] 
+**PassCode** | Pointer to **string** |  | [optional] 
+**RegistrationData** | Pointer to **string** |  | [optional] 
+**StateToken** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewActivateFactorRequest
+
+`func NewActivateFactorRequest() *ActivateFactorRequest`
+
+NewActivateFactorRequest instantiates a new ActivateFactorRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewActivateFactorRequestWithDefaults
+
+`func NewActivateFactorRequestWithDefaults() *ActivateFactorRequest`
+
+NewActivateFactorRequestWithDefaults instantiates a new ActivateFactorRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAttestation
+
+`func (o *ActivateFactorRequest) GetAttestation() string`
+
+GetAttestation returns the Attestation field if non-nil, zero value otherwise.
+
+### GetAttestationOk
+
+`func (o *ActivateFactorRequest) GetAttestationOk() (*string, bool)`
+
+GetAttestationOk returns a tuple with the Attestation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAttestation
+
+`func (o *ActivateFactorRequest) SetAttestation(v string)`
+
+SetAttestation sets Attestation field to given value.
+
+### HasAttestation
+
+`func (o *ActivateFactorRequest) HasAttestation() bool`
+
+HasAttestation returns a boolean if a field has been set.
+
+### GetClientData
+
+`func (o *ActivateFactorRequest) GetClientData() string`
+
+GetClientData returns the ClientData field if non-nil, zero value otherwise.
+
+### GetClientDataOk
+
+`func (o *ActivateFactorRequest) GetClientDataOk() (*string, bool)`
+
+GetClientDataOk returns a tuple with the ClientData field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientData
+
+`func (o *ActivateFactorRequest) SetClientData(v string)`
+
+SetClientData sets ClientData field to given value.
+
+### HasClientData
+
+`func (o *ActivateFactorRequest) HasClientData() bool`
+
+HasClientData returns a boolean if a field has been set.
+
+### GetPassCode
+
+`func (o *ActivateFactorRequest) GetPassCode() string`
+
+GetPassCode returns the PassCode field if non-nil, zero value otherwise.
+
+### GetPassCodeOk
+
+`func (o *ActivateFactorRequest) GetPassCodeOk() (*string, bool)`
+
+GetPassCodeOk returns a tuple with the PassCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassCode
+
+`func (o *ActivateFactorRequest) SetPassCode(v string)`
+
+SetPassCode sets PassCode field to given value.
+
+### HasPassCode
+
+`func (o *ActivateFactorRequest) HasPassCode() bool`
+
+HasPassCode returns a boolean if a field has been set.
+
+### GetRegistrationData
+
+`func (o *ActivateFactorRequest) GetRegistrationData() string`
+
+GetRegistrationData returns the RegistrationData field if non-nil, zero value otherwise.
+
+### GetRegistrationDataOk
+
+`func (o *ActivateFactorRequest) GetRegistrationDataOk() (*string, bool)`
+
+GetRegistrationDataOk returns a tuple with the RegistrationData field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegistrationData
+
+`func (o *ActivateFactorRequest) SetRegistrationData(v string)`
+
+SetRegistrationData sets RegistrationData field to given value.
+
+### HasRegistrationData
+
+`func (o *ActivateFactorRequest) HasRegistrationData() bool`
+
+HasRegistrationData returns a boolean if a field has been set.
+
+### GetStateToken
+
+`func (o *ActivateFactorRequest) GetStateToken() string`
+
+GetStateToken returns the StateToken field if non-nil, zero value otherwise.
+
+### GetStateTokenOk
+
+`func (o *ActivateFactorRequest) GetStateTokenOk() (*string, bool)`
+
+GetStateTokenOk returns a tuple with the StateToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStateToken
+
+`func (o *ActivateFactorRequest) SetStateToken(v string)`
+
+SetStateToken sets StateToken field to given value.
+
+### HasStateToken
+
+`func (o *ActivateFactorRequest) HasStateToken() bool`
+
+HasStateToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Agent.md b/okta/docs/Agent.md
new file mode 100644
index 000000000..2f5a0d1ed
--- /dev/null
+++ b/okta/docs/Agent.md
@@ -0,0 +1,342 @@
+# Agent
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**IsHidden** | Pointer to **bool** |  | [optional] 
+**IsLatestGAedVersion** | Pointer to **bool** |  | [optional] 
+**LastConnection** | Pointer to **time.Time** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**OperationalStatus** | Pointer to [**OperationalStatus**](OperationalStatus.md) |  | [optional] 
+**PoolId** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**AgentType**](AgentType.md) |  | [optional] 
+**UpdateMessage** | Pointer to **string** |  | [optional] 
+**UpdateStatus** | Pointer to [**AgentUpdateInstanceStatus**](AgentUpdateInstanceStatus.md) |  | [optional] 
+**Version** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewAgent
+
+`func NewAgent() *Agent`
+
+NewAgent instantiates a new Agent object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAgentWithDefaults
+
+`func NewAgentWithDefaults() *Agent`
+
+NewAgentWithDefaults instantiates a new Agent object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *Agent) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Agent) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Agent) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Agent) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIsHidden
+
+`func (o *Agent) GetIsHidden() bool`
+
+GetIsHidden returns the IsHidden field if non-nil, zero value otherwise.
+
+### GetIsHiddenOk
+
+`func (o *Agent) GetIsHiddenOk() (*bool, bool)`
+
+GetIsHiddenOk returns a tuple with the IsHidden field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsHidden
+
+`func (o *Agent) SetIsHidden(v bool)`
+
+SetIsHidden sets IsHidden field to given value.
+
+### HasIsHidden
+
+`func (o *Agent) HasIsHidden() bool`
+
+HasIsHidden returns a boolean if a field has been set.
+
+### GetIsLatestGAedVersion
+
+`func (o *Agent) GetIsLatestGAedVersion() bool`
+
+GetIsLatestGAedVersion returns the IsLatestGAedVersion field if non-nil, zero value otherwise.
+
+### GetIsLatestGAedVersionOk
+
+`func (o *Agent) GetIsLatestGAedVersionOk() (*bool, bool)`
+
+GetIsLatestGAedVersionOk returns a tuple with the IsLatestGAedVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsLatestGAedVersion
+
+`func (o *Agent) SetIsLatestGAedVersion(v bool)`
+
+SetIsLatestGAedVersion sets IsLatestGAedVersion field to given value.
+
+### HasIsLatestGAedVersion
+
+`func (o *Agent) HasIsLatestGAedVersion() bool`
+
+HasIsLatestGAedVersion returns a boolean if a field has been set.
+
+### GetLastConnection
+
+`func (o *Agent) GetLastConnection() time.Time`
+
+GetLastConnection returns the LastConnection field if non-nil, zero value otherwise.
+
+### GetLastConnectionOk
+
+`func (o *Agent) GetLastConnectionOk() (*time.Time, bool)`
+
+GetLastConnectionOk returns a tuple with the LastConnection field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastConnection
+
+`func (o *Agent) SetLastConnection(v time.Time)`
+
+SetLastConnection sets LastConnection field to given value.
+
+### HasLastConnection
+
+`func (o *Agent) HasLastConnection() bool`
+
+HasLastConnection returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *Agent) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *Agent) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *Agent) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *Agent) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetOperationalStatus
+
+`func (o *Agent) GetOperationalStatus() OperationalStatus`
+
+GetOperationalStatus returns the OperationalStatus field if non-nil, zero value otherwise.
+
+### GetOperationalStatusOk
+
+`func (o *Agent) GetOperationalStatusOk() (*OperationalStatus, bool)`
+
+GetOperationalStatusOk returns a tuple with the OperationalStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOperationalStatus
+
+`func (o *Agent) SetOperationalStatus(v OperationalStatus)`
+
+SetOperationalStatus sets OperationalStatus field to given value.
+
+### HasOperationalStatus
+
+`func (o *Agent) HasOperationalStatus() bool`
+
+HasOperationalStatus returns a boolean if a field has been set.
+
+### GetPoolId
+
+`func (o *Agent) GetPoolId() string`
+
+GetPoolId returns the PoolId field if non-nil, zero value otherwise.
+
+### GetPoolIdOk
+
+`func (o *Agent) GetPoolIdOk() (*string, bool)`
+
+GetPoolIdOk returns a tuple with the PoolId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPoolId
+
+`func (o *Agent) SetPoolId(v string)`
+
+SetPoolId sets PoolId field to given value.
+
+### HasPoolId
+
+`func (o *Agent) HasPoolId() bool`
+
+HasPoolId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *Agent) GetType() AgentType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *Agent) GetTypeOk() (*AgentType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *Agent) SetType(v AgentType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *Agent) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetUpdateMessage
+
+`func (o *Agent) GetUpdateMessage() string`
+
+GetUpdateMessage returns the UpdateMessage field if non-nil, zero value otherwise.
+
+### GetUpdateMessageOk
+
+`func (o *Agent) GetUpdateMessageOk() (*string, bool)`
+
+GetUpdateMessageOk returns a tuple with the UpdateMessage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUpdateMessage
+
+`func (o *Agent) SetUpdateMessage(v string)`
+
+SetUpdateMessage sets UpdateMessage field to given value.
+
+### HasUpdateMessage
+
+`func (o *Agent) HasUpdateMessage() bool`
+
+HasUpdateMessage returns a boolean if a field has been set.
+
+### GetUpdateStatus
+
+`func (o *Agent) GetUpdateStatus() AgentUpdateInstanceStatus`
+
+GetUpdateStatus returns the UpdateStatus field if non-nil, zero value otherwise.
+
+### GetUpdateStatusOk
+
+`func (o *Agent) GetUpdateStatusOk() (*AgentUpdateInstanceStatus, bool)`
+
+GetUpdateStatusOk returns a tuple with the UpdateStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUpdateStatus
+
+`func (o *Agent) SetUpdateStatus(v AgentUpdateInstanceStatus)`
+
+SetUpdateStatus sets UpdateStatus field to given value.
+
+### HasUpdateStatus
+
+`func (o *Agent) HasUpdateStatus() bool`
+
+HasUpdateStatus returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *Agent) GetVersion() string`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *Agent) GetVersionOk() (*string, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *Agent) SetVersion(v string)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *Agent) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Agent) GetLinks() HrefObject`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Agent) GetLinksOk() (*HrefObject, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Agent) SetLinks(v HrefObject)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Agent) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AgentPool.md b/okta/docs/AgentPool.md
new file mode 100644
index 000000000..e0f3e9236
--- /dev/null
+++ b/okta/docs/AgentPool.md
@@ -0,0 +1,160 @@
+# AgentPool
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Agents** | Pointer to [**[]Agent**](Agent.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**OperationalStatus** | Pointer to [**OperationalStatus**](OperationalStatus.md) |  | [optional] 
+**Type** | Pointer to [**AgentType**](AgentType.md) |  | [optional] 
+
+## Methods
+
+### NewAgentPool
+
+`func NewAgentPool() *AgentPool`
+
+NewAgentPool instantiates a new AgentPool object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAgentPoolWithDefaults
+
+`func NewAgentPoolWithDefaults() *AgentPool`
+
+NewAgentPoolWithDefaults instantiates a new AgentPool object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAgents
+
+`func (o *AgentPool) GetAgents() []Agent`
+
+GetAgents returns the Agents field if non-nil, zero value otherwise.
+
+### GetAgentsOk
+
+`func (o *AgentPool) GetAgentsOk() (*[]Agent, bool)`
+
+GetAgentsOk returns a tuple with the Agents field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAgents
+
+`func (o *AgentPool) SetAgents(v []Agent)`
+
+SetAgents sets Agents field to given value.
+
+### HasAgents
+
+`func (o *AgentPool) HasAgents() bool`
+
+HasAgents returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *AgentPool) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *AgentPool) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *AgentPool) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *AgentPool) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *AgentPool) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AgentPool) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AgentPool) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *AgentPool) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetOperationalStatus
+
+`func (o *AgentPool) GetOperationalStatus() OperationalStatus`
+
+GetOperationalStatus returns the OperationalStatus field if non-nil, zero value otherwise.
+
+### GetOperationalStatusOk
+
+`func (o *AgentPool) GetOperationalStatusOk() (*OperationalStatus, bool)`
+
+GetOperationalStatusOk returns a tuple with the OperationalStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOperationalStatus
+
+`func (o *AgentPool) SetOperationalStatus(v OperationalStatus)`
+
+SetOperationalStatus sets OperationalStatus field to given value.
+
+### HasOperationalStatus
+
+`func (o *AgentPool) HasOperationalStatus() bool`
+
+HasOperationalStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *AgentPool) GetType() AgentType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *AgentPool) GetTypeOk() (*AgentType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *AgentPool) SetType(v AgentType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *AgentPool) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AgentPoolUpdate.md b/okta/docs/AgentPoolUpdate.md
new file mode 100644
index 000000000..d7ede81aa
--- /dev/null
+++ b/okta/docs/AgentPoolUpdate.md
@@ -0,0 +1,342 @@
+# AgentPoolUpdate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Agents** | Pointer to [**[]Agent**](Agent.md) |  | [optional] 
+**AgentType** | Pointer to [**AgentType**](AgentType.md) |  | [optional] 
+**Enabled** | Pointer to **bool** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**NotifyAdmin** | Pointer to **bool** |  | [optional] 
+**Reason** | Pointer to **string** |  | [optional] 
+**Schedule** | Pointer to [**AutoUpdateSchedule**](AutoUpdateSchedule.md) |  | [optional] 
+**SortOrder** | Pointer to **int32** |  | [optional] 
+**Status** | Pointer to [**AgentUpdateJobStatus**](AgentUpdateJobStatus.md) |  | [optional] 
+**TargetVersion** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewAgentPoolUpdate
+
+`func NewAgentPoolUpdate() *AgentPoolUpdate`
+
+NewAgentPoolUpdate instantiates a new AgentPoolUpdate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAgentPoolUpdateWithDefaults
+
+`func NewAgentPoolUpdateWithDefaults() *AgentPoolUpdate`
+
+NewAgentPoolUpdateWithDefaults instantiates a new AgentPoolUpdate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAgents
+
+`func (o *AgentPoolUpdate) GetAgents() []Agent`
+
+GetAgents returns the Agents field if non-nil, zero value otherwise.
+
+### GetAgentsOk
+
+`func (o *AgentPoolUpdate) GetAgentsOk() (*[]Agent, bool)`
+
+GetAgentsOk returns a tuple with the Agents field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAgents
+
+`func (o *AgentPoolUpdate) SetAgents(v []Agent)`
+
+SetAgents sets Agents field to given value.
+
+### HasAgents
+
+`func (o *AgentPoolUpdate) HasAgents() bool`
+
+HasAgents returns a boolean if a field has been set.
+
+### GetAgentType
+
+`func (o *AgentPoolUpdate) GetAgentType() AgentType`
+
+GetAgentType returns the AgentType field if non-nil, zero value otherwise.
+
+### GetAgentTypeOk
+
+`func (o *AgentPoolUpdate) GetAgentTypeOk() (*AgentType, bool)`
+
+GetAgentTypeOk returns a tuple with the AgentType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAgentType
+
+`func (o *AgentPoolUpdate) SetAgentType(v AgentType)`
+
+SetAgentType sets AgentType field to given value.
+
+### HasAgentType
+
+`func (o *AgentPoolUpdate) HasAgentType() bool`
+
+HasAgentType returns a boolean if a field has been set.
+
+### GetEnabled
+
+`func (o *AgentPoolUpdate) GetEnabled() bool`
+
+GetEnabled returns the Enabled field if non-nil, zero value otherwise.
+
+### GetEnabledOk
+
+`func (o *AgentPoolUpdate) GetEnabledOk() (*bool, bool)`
+
+GetEnabledOk returns a tuple with the Enabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnabled
+
+`func (o *AgentPoolUpdate) SetEnabled(v bool)`
+
+SetEnabled sets Enabled field to given value.
+
+### HasEnabled
+
+`func (o *AgentPoolUpdate) HasEnabled() bool`
+
+HasEnabled returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *AgentPoolUpdate) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *AgentPoolUpdate) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *AgentPoolUpdate) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *AgentPoolUpdate) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *AgentPoolUpdate) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AgentPoolUpdate) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AgentPoolUpdate) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *AgentPoolUpdate) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetNotifyAdmin
+
+`func (o *AgentPoolUpdate) GetNotifyAdmin() bool`
+
+GetNotifyAdmin returns the NotifyAdmin field if non-nil, zero value otherwise.
+
+### GetNotifyAdminOk
+
+`func (o *AgentPoolUpdate) GetNotifyAdminOk() (*bool, bool)`
+
+GetNotifyAdminOk returns a tuple with the NotifyAdmin field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifyAdmin
+
+`func (o *AgentPoolUpdate) SetNotifyAdmin(v bool)`
+
+SetNotifyAdmin sets NotifyAdmin field to given value.
+
+### HasNotifyAdmin
+
+`func (o *AgentPoolUpdate) HasNotifyAdmin() bool`
+
+HasNotifyAdmin returns a boolean if a field has been set.
+
+### GetReason
+
+`func (o *AgentPoolUpdate) GetReason() string`
+
+GetReason returns the Reason field if non-nil, zero value otherwise.
+
+### GetReasonOk
+
+`func (o *AgentPoolUpdate) GetReasonOk() (*string, bool)`
+
+GetReasonOk returns a tuple with the Reason field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReason
+
+`func (o *AgentPoolUpdate) SetReason(v string)`
+
+SetReason sets Reason field to given value.
+
+### HasReason
+
+`func (o *AgentPoolUpdate) HasReason() bool`
+
+HasReason returns a boolean if a field has been set.
+
+### GetSchedule
+
+`func (o *AgentPoolUpdate) GetSchedule() AutoUpdateSchedule`
+
+GetSchedule returns the Schedule field if non-nil, zero value otherwise.
+
+### GetScheduleOk
+
+`func (o *AgentPoolUpdate) GetScheduleOk() (*AutoUpdateSchedule, bool)`
+
+GetScheduleOk returns a tuple with the Schedule field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSchedule
+
+`func (o *AgentPoolUpdate) SetSchedule(v AutoUpdateSchedule)`
+
+SetSchedule sets Schedule field to given value.
+
+### HasSchedule
+
+`func (o *AgentPoolUpdate) HasSchedule() bool`
+
+HasSchedule returns a boolean if a field has been set.
+
+### GetSortOrder
+
+`func (o *AgentPoolUpdate) GetSortOrder() int32`
+
+GetSortOrder returns the SortOrder field if non-nil, zero value otherwise.
+
+### GetSortOrderOk
+
+`func (o *AgentPoolUpdate) GetSortOrderOk() (*int32, bool)`
+
+GetSortOrderOk returns a tuple with the SortOrder field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSortOrder
+
+`func (o *AgentPoolUpdate) SetSortOrder(v int32)`
+
+SetSortOrder sets SortOrder field to given value.
+
+### HasSortOrder
+
+`func (o *AgentPoolUpdate) HasSortOrder() bool`
+
+HasSortOrder returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *AgentPoolUpdate) GetStatus() AgentUpdateJobStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *AgentPoolUpdate) GetStatusOk() (*AgentUpdateJobStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *AgentPoolUpdate) SetStatus(v AgentUpdateJobStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *AgentPoolUpdate) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetTargetVersion
+
+`func (o *AgentPoolUpdate) GetTargetVersion() string`
+
+GetTargetVersion returns the TargetVersion field if non-nil, zero value otherwise.
+
+### GetTargetVersionOk
+
+`func (o *AgentPoolUpdate) GetTargetVersionOk() (*string, bool)`
+
+GetTargetVersionOk returns a tuple with the TargetVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTargetVersion
+
+`func (o *AgentPoolUpdate) SetTargetVersion(v string)`
+
+SetTargetVersion sets TargetVersion field to given value.
+
+### HasTargetVersion
+
+`func (o *AgentPoolUpdate) HasTargetVersion() bool`
+
+HasTargetVersion returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *AgentPoolUpdate) GetLinks() HrefObject`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *AgentPoolUpdate) GetLinksOk() (*HrefObject, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *AgentPoolUpdate) SetLinks(v HrefObject)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *AgentPoolUpdate) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AgentPoolUpdateSetting.md b/okta/docs/AgentPoolUpdateSetting.md
new file mode 100644
index 000000000..1fa0506de
--- /dev/null
+++ b/okta/docs/AgentPoolUpdateSetting.md
@@ -0,0 +1,212 @@
+# AgentPoolUpdateSetting
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AgentType** | Pointer to [**AgentType**](AgentType.md) |  | [optional] 
+**ContinueOnError** | Pointer to **bool** |  | [optional] 
+**LatestVersion** | Pointer to **string** |  | [optional] 
+**MinimalSupportedVersion** | Pointer to **string** |  | [optional] 
+**PoolId** | Pointer to **string** |  | [optional] [readonly] 
+**PoolName** | Pointer to **string** |  | [optional] 
+**ReleaseChannel** | Pointer to [**ReleaseChannel**](ReleaseChannel.md) |  | [optional] 
+
+## Methods
+
+### NewAgentPoolUpdateSetting
+
+`func NewAgentPoolUpdateSetting() *AgentPoolUpdateSetting`
+
+NewAgentPoolUpdateSetting instantiates a new AgentPoolUpdateSetting object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAgentPoolUpdateSettingWithDefaults
+
+`func NewAgentPoolUpdateSettingWithDefaults() *AgentPoolUpdateSetting`
+
+NewAgentPoolUpdateSettingWithDefaults instantiates a new AgentPoolUpdateSetting object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAgentType
+
+`func (o *AgentPoolUpdateSetting) GetAgentType() AgentType`
+
+GetAgentType returns the AgentType field if non-nil, zero value otherwise.
+
+### GetAgentTypeOk
+
+`func (o *AgentPoolUpdateSetting) GetAgentTypeOk() (*AgentType, bool)`
+
+GetAgentTypeOk returns a tuple with the AgentType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAgentType
+
+`func (o *AgentPoolUpdateSetting) SetAgentType(v AgentType)`
+
+SetAgentType sets AgentType field to given value.
+
+### HasAgentType
+
+`func (o *AgentPoolUpdateSetting) HasAgentType() bool`
+
+HasAgentType returns a boolean if a field has been set.
+
+### GetContinueOnError
+
+`func (o *AgentPoolUpdateSetting) GetContinueOnError() bool`
+
+GetContinueOnError returns the ContinueOnError field if non-nil, zero value otherwise.
+
+### GetContinueOnErrorOk
+
+`func (o *AgentPoolUpdateSetting) GetContinueOnErrorOk() (*bool, bool)`
+
+GetContinueOnErrorOk returns a tuple with the ContinueOnError field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContinueOnError
+
+`func (o *AgentPoolUpdateSetting) SetContinueOnError(v bool)`
+
+SetContinueOnError sets ContinueOnError field to given value.
+
+### HasContinueOnError
+
+`func (o *AgentPoolUpdateSetting) HasContinueOnError() bool`
+
+HasContinueOnError returns a boolean if a field has been set.
+
+### GetLatestVersion
+
+`func (o *AgentPoolUpdateSetting) GetLatestVersion() string`
+
+GetLatestVersion returns the LatestVersion field if non-nil, zero value otherwise.
+
+### GetLatestVersionOk
+
+`func (o *AgentPoolUpdateSetting) GetLatestVersionOk() (*string, bool)`
+
+GetLatestVersionOk returns a tuple with the LatestVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLatestVersion
+
+`func (o *AgentPoolUpdateSetting) SetLatestVersion(v string)`
+
+SetLatestVersion sets LatestVersion field to given value.
+
+### HasLatestVersion
+
+`func (o *AgentPoolUpdateSetting) HasLatestVersion() bool`
+
+HasLatestVersion returns a boolean if a field has been set.
+
+### GetMinimalSupportedVersion
+
+`func (o *AgentPoolUpdateSetting) GetMinimalSupportedVersion() string`
+
+GetMinimalSupportedVersion returns the MinimalSupportedVersion field if non-nil, zero value otherwise.
+
+### GetMinimalSupportedVersionOk
+
+`func (o *AgentPoolUpdateSetting) GetMinimalSupportedVersionOk() (*string, bool)`
+
+GetMinimalSupportedVersionOk returns a tuple with the MinimalSupportedVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinimalSupportedVersion
+
+`func (o *AgentPoolUpdateSetting) SetMinimalSupportedVersion(v string)`
+
+SetMinimalSupportedVersion sets MinimalSupportedVersion field to given value.
+
+### HasMinimalSupportedVersion
+
+`func (o *AgentPoolUpdateSetting) HasMinimalSupportedVersion() bool`
+
+HasMinimalSupportedVersion returns a boolean if a field has been set.
+
+### GetPoolId
+
+`func (o *AgentPoolUpdateSetting) GetPoolId() string`
+
+GetPoolId returns the PoolId field if non-nil, zero value otherwise.
+
+### GetPoolIdOk
+
+`func (o *AgentPoolUpdateSetting) GetPoolIdOk() (*string, bool)`
+
+GetPoolIdOk returns a tuple with the PoolId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPoolId
+
+`func (o *AgentPoolUpdateSetting) SetPoolId(v string)`
+
+SetPoolId sets PoolId field to given value.
+
+### HasPoolId
+
+`func (o *AgentPoolUpdateSetting) HasPoolId() bool`
+
+HasPoolId returns a boolean if a field has been set.
+
+### GetPoolName
+
+`func (o *AgentPoolUpdateSetting) GetPoolName() string`
+
+GetPoolName returns the PoolName field if non-nil, zero value otherwise.
+
+### GetPoolNameOk
+
+`func (o *AgentPoolUpdateSetting) GetPoolNameOk() (*string, bool)`
+
+GetPoolNameOk returns a tuple with the PoolName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPoolName
+
+`func (o *AgentPoolUpdateSetting) SetPoolName(v string)`
+
+SetPoolName sets PoolName field to given value.
+
+### HasPoolName
+
+`func (o *AgentPoolUpdateSetting) HasPoolName() bool`
+
+HasPoolName returns a boolean if a field has been set.
+
+### GetReleaseChannel
+
+`func (o *AgentPoolUpdateSetting) GetReleaseChannel() ReleaseChannel`
+
+GetReleaseChannel returns the ReleaseChannel field if non-nil, zero value otherwise.
+
+### GetReleaseChannelOk
+
+`func (o *AgentPoolUpdateSetting) GetReleaseChannelOk() (*ReleaseChannel, bool)`
+
+GetReleaseChannelOk returns a tuple with the ReleaseChannel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReleaseChannel
+
+`func (o *AgentPoolUpdateSetting) SetReleaseChannel(v ReleaseChannel)`
+
+SetReleaseChannel sets ReleaseChannel field to given value.
+
+### HasReleaseChannel
+
+`func (o *AgentPoolUpdateSetting) HasReleaseChannel() bool`
+
+HasReleaseChannel returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AgentPoolsApi.md b/okta/docs/AgentPoolsApi.md
new file mode 100644
index 000000000..807dedc8c
--- /dev/null
+++ b/okta/docs/AgentPoolsApi.md
@@ -0,0 +1,1035 @@
+# \AgentPoolsApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateAgentPoolsUpdate**](AgentPoolsApi.md#ActivateAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/activate | Activate an Agent Pool update
+[**CreateAgentPoolsUpdate**](AgentPoolsApi.md#CreateAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates | Create an Agent Pool update
+[**DeactivateAgentPoolsUpdate**](AgentPoolsApi.md#DeactivateAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate | Deactivate an Agent Pool update
+[**DeleteAgentPoolsUpdate**](AgentPoolsApi.md#DeleteAgentPoolsUpdate) | **Delete** /api/v1/agentPools/{poolId}/updates/{updateId} | Delete an Agent Pool update
+[**GetAgentPoolsUpdateInstance**](AgentPoolsApi.md#GetAgentPoolsUpdateInstance) | **Get** /api/v1/agentPools/{poolId}/updates/{updateId} | Retrieve an Agent Pool update by id
+[**GetAgentPoolsUpdateSettings**](AgentPoolsApi.md#GetAgentPoolsUpdateSettings) | **Get** /api/v1/agentPools/{poolId}/updates/settings | Retrieve an Agent Pool update&#39;s settings
+[**ListAgentPools**](AgentPoolsApi.md#ListAgentPools) | **Get** /api/v1/agentPools | List all Agent Pools
+[**ListAgentPoolsUpdates**](AgentPoolsApi.md#ListAgentPoolsUpdates) | **Get** /api/v1/agentPools/{poolId}/updates | List all Agent Pool updates
+[**PauseAgentPoolsUpdate**](AgentPoolsApi.md#PauseAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/pause | Pause an Agent Pool update
+[**ResumeAgentPoolsUpdate**](AgentPoolsApi.md#ResumeAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/resume | Resume an Agent Pool update
+[**RetryAgentPoolsUpdate**](AgentPoolsApi.md#RetryAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/retry | Retry an Agent Pool update
+[**StopAgentPoolsUpdate**](AgentPoolsApi.md#StopAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId}/stop | Stop an Agent Pool update
+[**UpdateAgentPoolsUpdate**](AgentPoolsApi.md#UpdateAgentPoolsUpdate) | **Post** /api/v1/agentPools/{poolId}/updates/{updateId} | Update an Agent Pool update by id
+[**UpdateAgentPoolsUpdateSettings**](AgentPoolsApi.md#UpdateAgentPoolsUpdateSettings) | **Post** /api/v1/agentPools/{poolId}/updates/settings | Update an Agent Pool update settings
+
+
+
+## ActivateAgentPoolsUpdate
+
+> AgentPoolUpdate ActivateAgentPoolsUpdate(ctx, poolId, updateId).Execute()
+
+Activate an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.ActivateAgentPoolsUpdate(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.ActivateAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.ActivateAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateAgentPoolsUpdate
+
+> AgentPoolUpdate CreateAgentPoolsUpdate(ctx, poolId).AgentPoolUpdate(agentPoolUpdate).Execute()
+
+Create an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    agentPoolUpdate := *openapiclient.NewAgentPoolUpdate() // AgentPoolUpdate | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.CreateAgentPoolsUpdate(context.Background(), poolId).AgentPoolUpdate(agentPoolUpdate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.CreateAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.CreateAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **agentPoolUpdate** | [**AgentPoolUpdate**](AgentPoolUpdate.md) |  | 
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateAgentPoolsUpdate
+
+> AgentPoolUpdate DeactivateAgentPoolsUpdate(ctx, poolId, updateId).Execute()
+
+Deactivate an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.DeactivateAgentPoolsUpdate(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.DeactivateAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.DeactivateAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteAgentPoolsUpdate
+
+> DeleteAgentPoolsUpdate(ctx, poolId, updateId).Execute()
+
+Delete an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.DeleteAgentPoolsUpdate(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.DeleteAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetAgentPoolsUpdateInstance
+
+> AgentPoolUpdate GetAgentPoolsUpdateInstance(ctx, poolId, updateId).Execute()
+
+Retrieve an Agent Pool update by id
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.GetAgentPoolsUpdateInstance(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.GetAgentPoolsUpdateInstance``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetAgentPoolsUpdateInstance`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.GetAgentPoolsUpdateInstance`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetAgentPoolsUpdateInstanceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetAgentPoolsUpdateSettings
+
+> AgentPoolUpdateSetting GetAgentPoolsUpdateSettings(ctx, poolId).Execute()
+
+Retrieve an Agent Pool update's settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.GetAgentPoolsUpdateSettings(context.Background(), poolId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.GetAgentPoolsUpdateSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetAgentPoolsUpdateSettings`: AgentPoolUpdateSetting
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.GetAgentPoolsUpdateSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetAgentPoolsUpdateSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**AgentPoolUpdateSetting**](AgentPoolUpdateSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAgentPools
+
+> []AgentPool ListAgentPools(ctx).LimitPerPoolType(limitPerPoolType).PoolType(poolType).After(after).Execute()
+
+List all Agent Pools
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    limitPerPoolType := int32(56) // int32 | Maximum number of AgentPools being returned (optional) (default to 5)
+    poolType := openapiclient.AgentType("AD") // AgentType | Agent type to search for (optional)
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.ListAgentPools(context.Background()).LimitPerPoolType(limitPerPoolType).PoolType(poolType).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.ListAgentPools``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAgentPools`: []AgentPool
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.ListAgentPools`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAgentPoolsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **limitPerPoolType** | **int32** | Maximum number of AgentPools being returned | [default to 5]
+ **poolType** | [**AgentType**](AgentType.md) | Agent type to search for | 
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+
+### Return type
+
+[**[]AgentPool**](AgentPool.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAgentPoolsUpdates
+
+> []AgentPoolUpdate ListAgentPoolsUpdates(ctx, poolId).Scheduled(scheduled).Execute()
+
+List all Agent Pool updates
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    scheduled := true // bool | Scope the list only to scheduled or ad-hoc updates. If the parameter is not provided we will return the whole list of updates. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.ListAgentPoolsUpdates(context.Background(), poolId).Scheduled(scheduled).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.ListAgentPoolsUpdates``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAgentPoolsUpdates`: []AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.ListAgentPoolsUpdates`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAgentPoolsUpdatesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **scheduled** | **bool** | Scope the list only to scheduled or ad-hoc updates. If the parameter is not provided we will return the whole list of updates. | 
+
+### Return type
+
+[**[]AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## PauseAgentPoolsUpdate
+
+> AgentPoolUpdate PauseAgentPoolsUpdate(ctx, poolId, updateId).Execute()
+
+Pause an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.PauseAgentPoolsUpdate(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.PauseAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `PauseAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.PauseAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiPauseAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ResumeAgentPoolsUpdate
+
+> AgentPoolUpdate ResumeAgentPoolsUpdate(ctx, poolId, updateId).Execute()
+
+Resume an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.ResumeAgentPoolsUpdate(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.ResumeAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ResumeAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.ResumeAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiResumeAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RetryAgentPoolsUpdate
+
+> AgentPoolUpdate RetryAgentPoolsUpdate(ctx, poolId, updateId).Execute()
+
+Retry an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.RetryAgentPoolsUpdate(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.RetryAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `RetryAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.RetryAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRetryAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## StopAgentPoolsUpdate
+
+> AgentPoolUpdate StopAgentPoolsUpdate(ctx, poolId, updateId).Execute()
+
+Stop an Agent Pool update
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.StopAgentPoolsUpdate(context.Background(), poolId, updateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.StopAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `StopAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.StopAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiStopAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateAgentPoolsUpdate
+
+> AgentPoolUpdate UpdateAgentPoolsUpdate(ctx, poolId, updateId).AgentPoolUpdate(agentPoolUpdate).Execute()
+
+Update an Agent Pool update by id
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    updateId := "updateId_example" // string | Id of the update
+    agentPoolUpdate := *openapiclient.NewAgentPoolUpdate() // AgentPoolUpdate | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.UpdateAgentPoolsUpdate(context.Background(), poolId, updateId).AgentPoolUpdate(agentPoolUpdate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.UpdateAgentPoolsUpdate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateAgentPoolsUpdate`: AgentPoolUpdate
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.UpdateAgentPoolsUpdate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+**updateId** | **string** | Id of the update | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateAgentPoolsUpdateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **agentPoolUpdate** | [**AgentPoolUpdate**](AgentPoolUpdate.md) |  | 
+
+### Return type
+
+[**AgentPoolUpdate**](AgentPoolUpdate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateAgentPoolsUpdateSettings
+
+> AgentPoolUpdateSetting UpdateAgentPoolsUpdateSettings(ctx, poolId).AgentPoolUpdateSetting(agentPoolUpdateSetting).Execute()
+
+Update an Agent Pool update settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    poolId := "poolId_example" // string | Id of the agent pool for which the settings will apply
+    agentPoolUpdateSetting := *openapiclient.NewAgentPoolUpdateSetting() // AgentPoolUpdateSetting | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AgentPoolsApi.UpdateAgentPoolsUpdateSettings(context.Background(), poolId).AgentPoolUpdateSetting(agentPoolUpdateSetting).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AgentPoolsApi.UpdateAgentPoolsUpdateSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateAgentPoolsUpdateSettings`: AgentPoolUpdateSetting
+    fmt.Fprintf(os.Stdout, "Response from `AgentPoolsApi.UpdateAgentPoolsUpdateSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**poolId** | **string** | Id of the agent pool for which the settings will apply | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateAgentPoolsUpdateSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **agentPoolUpdateSetting** | [**AgentPoolUpdateSetting**](AgentPoolUpdateSetting.md) |  | 
+
+### Return type
+
+[**AgentPoolUpdateSetting**](AgentPoolUpdateSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/AgentType.md b/okta/docs/AgentType.md
new file mode 100644
index 000000000..04d00b95f
--- /dev/null
+++ b/okta/docs/AgentType.md
@@ -0,0 +1,23 @@
+# AgentType
+
+## Enum
+
+
+* `AD` (value: `"AD"`)
+
+* `IWA` (value: `"IWA"`)
+
+* `LDAP` (value: `"LDAP"`)
+
+* `MFA` (value: `"MFA"`)
+
+* `OPP` (value: `"OPP"`)
+
+* `RUM` (value: `"RUM"`)
+
+* `RADIUS` (value: `"Radius"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AgentUpdateInstanceStatus.md b/okta/docs/AgentUpdateInstanceStatus.md
new file mode 100644
index 000000000..8fd222708
--- /dev/null
+++ b/okta/docs/AgentUpdateInstanceStatus.md
@@ -0,0 +1,21 @@
+# AgentUpdateInstanceStatus
+
+## Enum
+
+
+* `CANCELLED` (value: `"Cancelled"`)
+
+* `FAILED` (value: `"Failed"`)
+
+* `IN_PROGRESS` (value: `"InProgress"`)
+
+* `PENDING_COMPLETION` (value: `"PendingCompletion"`)
+
+* `SCHEDULED` (value: `"Scheduled"`)
+
+* `SUCCESS` (value: `"Success"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AgentUpdateJobStatus.md b/okta/docs/AgentUpdateJobStatus.md
new file mode 100644
index 000000000..4c9beca8c
--- /dev/null
+++ b/okta/docs/AgentUpdateJobStatus.md
@@ -0,0 +1,21 @@
+# AgentUpdateJobStatus
+
+## Enum
+
+
+* `CANCELLED` (value: `"Cancelled"`)
+
+* `FAILED` (value: `"Failed"`)
+
+* `IN_PROGRESS` (value: `"InProgress"`)
+
+* `PAUSED` (value: `"Paused"`)
+
+* `SCHEDULED` (value: `"Scheduled"`)
+
+* `SUCCESS` (value: `"Success"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AllowedForEnum.md b/okta/docs/AllowedForEnum.md
new file mode 100644
index 000000000..529e532d1
--- /dev/null
+++ b/okta/docs/AllowedForEnum.md
@@ -0,0 +1,17 @@
+# AllowedForEnum
+
+## Enum
+
+
+* `ANY` (value: `"any"`)
+
+* `NONE` (value: `"none"`)
+
+* `RECOVERY` (value: `"recovery"`)
+
+* `SSO` (value: `"sso"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApiToken.md b/okta/docs/ApiToken.md
new file mode 100644
index 000000000..4121a2e4d
--- /dev/null
+++ b/okta/docs/ApiToken.md
@@ -0,0 +1,259 @@
+# ApiToken
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientName** | Pointer to **string** |  | [optional] [readonly] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | **string** |  | 
+**TokenWindow** | Pointer to **string** | A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). | [optional] 
+**UserId** | Pointer to **string** |  | [optional] 
+**Link** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+
+## Methods
+
+### NewApiToken
+
+`func NewApiToken(name string, ) *ApiToken`
+
+NewApiToken instantiates a new ApiToken object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApiTokenWithDefaults
+
+`func NewApiTokenWithDefaults() *ApiToken`
+
+NewApiTokenWithDefaults instantiates a new ApiToken object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClientName
+
+`func (o *ApiToken) GetClientName() string`
+
+GetClientName returns the ClientName field if non-nil, zero value otherwise.
+
+### GetClientNameOk
+
+`func (o *ApiToken) GetClientNameOk() (*string, bool)`
+
+GetClientNameOk returns a tuple with the ClientName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientName
+
+`func (o *ApiToken) SetClientName(v string)`
+
+SetClientName sets ClientName field to given value.
+
+### HasClientName
+
+`func (o *ApiToken) HasClientName() bool`
+
+HasClientName returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *ApiToken) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ApiToken) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ApiToken) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ApiToken) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetExpiresAt
+
+`func (o *ApiToken) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *ApiToken) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *ApiToken) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *ApiToken) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ApiToken) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ApiToken) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ApiToken) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ApiToken) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ApiToken) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ApiToken) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ApiToken) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ApiToken) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ApiToken) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ApiToken) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ApiToken) SetName(v string)`
+
+SetName sets Name field to given value.
+
+
+### GetTokenWindow
+
+`func (o *ApiToken) GetTokenWindow() string`
+
+GetTokenWindow returns the TokenWindow field if non-nil, zero value otherwise.
+
+### GetTokenWindowOk
+
+`func (o *ApiToken) GetTokenWindowOk() (*string, bool)`
+
+GetTokenWindowOk returns a tuple with the TokenWindow field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenWindow
+
+`func (o *ApiToken) SetTokenWindow(v string)`
+
+SetTokenWindow sets TokenWindow field to given value.
+
+### HasTokenWindow
+
+`func (o *ApiToken) HasTokenWindow() bool`
+
+HasTokenWindow returns a boolean if a field has been set.
+
+### GetUserId
+
+`func (o *ApiToken) GetUserId() string`
+
+GetUserId returns the UserId field if non-nil, zero value otherwise.
+
+### GetUserIdOk
+
+`func (o *ApiToken) GetUserIdOk() (*string, bool)`
+
+GetUserIdOk returns a tuple with the UserId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserId
+
+`func (o *ApiToken) SetUserId(v string)`
+
+SetUserId sets UserId field to given value.
+
+### HasUserId
+
+`func (o *ApiToken) HasUserId() bool`
+
+HasUserId returns a boolean if a field has been set.
+
+### GetLink
+
+`func (o *ApiToken) GetLink() ApiTokenLink`
+
+GetLink returns the Link field if non-nil, zero value otherwise.
+
+### GetLinkOk
+
+`func (o *ApiToken) GetLinkOk() (*ApiTokenLink, bool)`
+
+GetLinkOk returns a tuple with the Link field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLink
+
+`func (o *ApiToken) SetLink(v ApiTokenLink)`
+
+SetLink sets Link field to given value.
+
+### HasLink
+
+`func (o *ApiToken) HasLink() bool`
+
+HasLink returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApiTokenApi.md b/okta/docs/ApiTokenApi.md
new file mode 100644
index 000000000..920bdfa11
--- /dev/null
+++ b/okta/docs/ApiTokenApi.md
@@ -0,0 +1,279 @@
+# \ApiTokenApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetApiToken**](ApiTokenApi.md#GetApiToken) | **Get** /api/v1/api-tokens/{apiTokenId} | Retrieve an API Token&#39;s Metadata
+[**ListApiTokens**](ApiTokenApi.md#ListApiTokens) | **Get** /api/v1/api-tokens | List all API Token Metadata
+[**RevokeApiToken**](ApiTokenApi.md#RevokeApiToken) | **Delete** /api/v1/api-tokens/{apiTokenId} | Revoke an API Token
+[**RevokeCurrentApiToken**](ApiTokenApi.md#RevokeCurrentApiToken) | **Delete** /api/v1/api-tokens/current | Revoke the Current API Token
+
+
+
+## GetApiToken
+
+> ApiToken GetApiToken(ctx, apiTokenId).Execute()
+
+Retrieve an API Token's Metadata
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    apiTokenId := "00Tabcdefg1234567890" // string | id of the API Token
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApiTokenApi.GetApiToken(context.Background(), apiTokenId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApiTokenApi.GetApiToken``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetApiToken`: ApiToken
+    fmt.Fprintf(os.Stdout, "Response from `ApiTokenApi.GetApiToken`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**apiTokenId** | **string** | id of the API Token | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetApiTokenRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ApiToken**](ApiToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListApiTokens
+
+> []ApiToken ListApiTokens(ctx).After(after).Limit(limit).Q(q).Execute()
+
+List all API Token Metadata
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+    limit := int32(56) // int32 | A limit on the number of objects to return. (optional) (default to 20)
+    q := "q_example" // string | Finds a token that matches the name or clientName. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApiTokenApi.ListApiTokens(context.Background()).After(after).Limit(limit).Q(q).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApiTokenApi.ListApiTokens``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListApiTokens`: []ApiToken
+    fmt.Fprintf(os.Stdout, "Response from `ApiTokenApi.ListApiTokens`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListApiTokensRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+ **limit** | **int32** | A limit on the number of objects to return. | [default to 20]
+ **q** | **string** | Finds a token that matches the name or clientName. | 
+
+### Return type
+
+[**[]ApiToken**](ApiToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeApiToken
+
+> RevokeApiToken(ctx, apiTokenId).Execute()
+
+Revoke an API Token
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    apiTokenId := "00Tabcdefg1234567890" // string | id of the API Token
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApiTokenApi.RevokeApiToken(context.Background(), apiTokenId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApiTokenApi.RevokeApiToken``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**apiTokenId** | **string** | id of the API Token | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeApiTokenRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeCurrentApiToken
+
+> RevokeCurrentApiToken(ctx).Execute()
+
+Revoke the Current API Token
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApiTokenApi.RevokeCurrentApiToken(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApiTokenApi.RevokeCurrentApiToken``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeCurrentApiTokenRequest struct via the builder pattern
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/ApiTokenLink.md b/okta/docs/ApiTokenLink.md
new file mode 100644
index 000000000..42316ef65
--- /dev/null
+++ b/okta/docs/ApiTokenLink.md
@@ -0,0 +1,56 @@
+# ApiTokenLink
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewApiTokenLink
+
+`func NewApiTokenLink() *ApiTokenLink`
+
+NewApiTokenLink instantiates a new ApiTokenLink object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApiTokenLinkWithDefaults
+
+`func NewApiTokenLinkWithDefaults() *ApiTokenLink`
+
+NewApiTokenLinkWithDefaults instantiates a new ApiTokenLink object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *ApiTokenLink) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *ApiTokenLink) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *ApiTokenLink) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *ApiTokenLink) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppAndInstanceConditionEvaluatorAppOrInstance.md b/okta/docs/AppAndInstanceConditionEvaluatorAppOrInstance.md
new file mode 100644
index 000000000..bf421a98a
--- /dev/null
+++ b/okta/docs/AppAndInstanceConditionEvaluatorAppOrInstance.md
@@ -0,0 +1,108 @@
+# AppAndInstanceConditionEvaluatorAppOrInstance
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**AppAndInstanceType**](AppAndInstanceType.md) |  | [optional] 
+
+## Methods
+
+### NewAppAndInstanceConditionEvaluatorAppOrInstance
+
+`func NewAppAndInstanceConditionEvaluatorAppOrInstance() *AppAndInstanceConditionEvaluatorAppOrInstance`
+
+NewAppAndInstanceConditionEvaluatorAppOrInstance instantiates a new AppAndInstanceConditionEvaluatorAppOrInstance object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAppAndInstanceConditionEvaluatorAppOrInstanceWithDefaults
+
+`func NewAppAndInstanceConditionEvaluatorAppOrInstanceWithDefaults() *AppAndInstanceConditionEvaluatorAppOrInstance`
+
+NewAppAndInstanceConditionEvaluatorAppOrInstanceWithDefaults instantiates a new AppAndInstanceConditionEvaluatorAppOrInstance object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetType() AppAndInstanceType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetTypeOk() (*AppAndInstanceType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) SetType(v AppAndInstanceType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *AppAndInstanceConditionEvaluatorAppOrInstance) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppAndInstancePolicyRuleCondition.md b/okta/docs/AppAndInstancePolicyRuleCondition.md
new file mode 100644
index 000000000..689feb4c6
--- /dev/null
+++ b/okta/docs/AppAndInstancePolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# AppAndInstancePolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to [**[]AppAndInstanceConditionEvaluatorAppOrInstance**](AppAndInstanceConditionEvaluatorAppOrInstance.md) |  | [optional] 
+**Include** | Pointer to [**[]AppAndInstanceConditionEvaluatorAppOrInstance**](AppAndInstanceConditionEvaluatorAppOrInstance.md) |  | [optional] 
+
+## Methods
+
+### NewAppAndInstancePolicyRuleCondition
+
+`func NewAppAndInstancePolicyRuleCondition() *AppAndInstancePolicyRuleCondition`
+
+NewAppAndInstancePolicyRuleCondition instantiates a new AppAndInstancePolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAppAndInstancePolicyRuleConditionWithDefaults
+
+`func NewAppAndInstancePolicyRuleConditionWithDefaults() *AppAndInstancePolicyRuleCondition`
+
+NewAppAndInstancePolicyRuleConditionWithDefaults instantiates a new AppAndInstancePolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *AppAndInstancePolicyRuleCondition) GetExclude() []AppAndInstanceConditionEvaluatorAppOrInstance`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *AppAndInstancePolicyRuleCondition) GetExcludeOk() (*[]AppAndInstanceConditionEvaluatorAppOrInstance, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *AppAndInstancePolicyRuleCondition) SetExclude(v []AppAndInstanceConditionEvaluatorAppOrInstance)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *AppAndInstancePolicyRuleCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *AppAndInstancePolicyRuleCondition) GetInclude() []AppAndInstanceConditionEvaluatorAppOrInstance`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *AppAndInstancePolicyRuleCondition) GetIncludeOk() (*[]AppAndInstanceConditionEvaluatorAppOrInstance, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *AppAndInstancePolicyRuleCondition) SetInclude(v []AppAndInstanceConditionEvaluatorAppOrInstance)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *AppAndInstancePolicyRuleCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppAndInstanceType.md b/okta/docs/AppAndInstanceType.md
new file mode 100644
index 000000000..c8b4d3abf
--- /dev/null
+++ b/okta/docs/AppAndInstanceType.md
@@ -0,0 +1,13 @@
+# AppAndInstanceType
+
+## Enum
+
+
+* `APP` (value: `"APP"`)
+
+* `APP_TYPE` (value: `"APP_TYPE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppInstancePolicyRuleCondition.md b/okta/docs/AppInstancePolicyRuleCondition.md
new file mode 100644
index 000000000..91613554a
--- /dev/null
+++ b/okta/docs/AppInstancePolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# AppInstancePolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewAppInstancePolicyRuleCondition
+
+`func NewAppInstancePolicyRuleCondition() *AppInstancePolicyRuleCondition`
+
+NewAppInstancePolicyRuleCondition instantiates a new AppInstancePolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAppInstancePolicyRuleConditionWithDefaults
+
+`func NewAppInstancePolicyRuleConditionWithDefaults() *AppInstancePolicyRuleCondition`
+
+NewAppInstancePolicyRuleConditionWithDefaults instantiates a new AppInstancePolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *AppInstancePolicyRuleCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *AppInstancePolicyRuleCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *AppInstancePolicyRuleCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *AppInstancePolicyRuleCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *AppInstancePolicyRuleCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *AppInstancePolicyRuleCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *AppInstancePolicyRuleCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *AppInstancePolicyRuleCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppLink.md b/okta/docs/AppLink.md
new file mode 100644
index 000000000..801756d07
--- /dev/null
+++ b/okta/docs/AppLink.md
@@ -0,0 +1,290 @@
+# AppLink
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AppAssignmentId** | Pointer to **string** |  | [optional] [readonly] 
+**AppInstanceId** | Pointer to **string** |  | [optional] [readonly] 
+**AppName** | Pointer to **string** |  | [optional] [readonly] 
+**CredentialsSetup** | Pointer to **bool** |  | [optional] [readonly] 
+**Hidden** | Pointer to **bool** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Label** | Pointer to **string** |  | [optional] [readonly] 
+**LinkUrl** | Pointer to **string** |  | [optional] [readonly] 
+**LogoUrl** | Pointer to **string** |  | [optional] [readonly] 
+**SortOrder** | Pointer to **int32** |  | [optional] [readonly] 
+
+## Methods
+
+### NewAppLink
+
+`func NewAppLink() *AppLink`
+
+NewAppLink instantiates a new AppLink object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAppLinkWithDefaults
+
+`func NewAppLinkWithDefaults() *AppLink`
+
+NewAppLinkWithDefaults instantiates a new AppLink object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAppAssignmentId
+
+`func (o *AppLink) GetAppAssignmentId() string`
+
+GetAppAssignmentId returns the AppAssignmentId field if non-nil, zero value otherwise.
+
+### GetAppAssignmentIdOk
+
+`func (o *AppLink) GetAppAssignmentIdOk() (*string, bool)`
+
+GetAppAssignmentIdOk returns a tuple with the AppAssignmentId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppAssignmentId
+
+`func (o *AppLink) SetAppAssignmentId(v string)`
+
+SetAppAssignmentId sets AppAssignmentId field to given value.
+
+### HasAppAssignmentId
+
+`func (o *AppLink) HasAppAssignmentId() bool`
+
+HasAppAssignmentId returns a boolean if a field has been set.
+
+### GetAppInstanceId
+
+`func (o *AppLink) GetAppInstanceId() string`
+
+GetAppInstanceId returns the AppInstanceId field if non-nil, zero value otherwise.
+
+### GetAppInstanceIdOk
+
+`func (o *AppLink) GetAppInstanceIdOk() (*string, bool)`
+
+GetAppInstanceIdOk returns a tuple with the AppInstanceId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppInstanceId
+
+`func (o *AppLink) SetAppInstanceId(v string)`
+
+SetAppInstanceId sets AppInstanceId field to given value.
+
+### HasAppInstanceId
+
+`func (o *AppLink) HasAppInstanceId() bool`
+
+HasAppInstanceId returns a boolean if a field has been set.
+
+### GetAppName
+
+`func (o *AppLink) GetAppName() string`
+
+GetAppName returns the AppName field if non-nil, zero value otherwise.
+
+### GetAppNameOk
+
+`func (o *AppLink) GetAppNameOk() (*string, bool)`
+
+GetAppNameOk returns a tuple with the AppName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppName
+
+`func (o *AppLink) SetAppName(v string)`
+
+SetAppName sets AppName field to given value.
+
+### HasAppName
+
+`func (o *AppLink) HasAppName() bool`
+
+HasAppName returns a boolean if a field has been set.
+
+### GetCredentialsSetup
+
+`func (o *AppLink) GetCredentialsSetup() bool`
+
+GetCredentialsSetup returns the CredentialsSetup field if non-nil, zero value otherwise.
+
+### GetCredentialsSetupOk
+
+`func (o *AppLink) GetCredentialsSetupOk() (*bool, bool)`
+
+GetCredentialsSetupOk returns a tuple with the CredentialsSetup field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialsSetup
+
+`func (o *AppLink) SetCredentialsSetup(v bool)`
+
+SetCredentialsSetup sets CredentialsSetup field to given value.
+
+### HasCredentialsSetup
+
+`func (o *AppLink) HasCredentialsSetup() bool`
+
+HasCredentialsSetup returns a boolean if a field has been set.
+
+### GetHidden
+
+`func (o *AppLink) GetHidden() bool`
+
+GetHidden returns the Hidden field if non-nil, zero value otherwise.
+
+### GetHiddenOk
+
+`func (o *AppLink) GetHiddenOk() (*bool, bool)`
+
+GetHiddenOk returns a tuple with the Hidden field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHidden
+
+`func (o *AppLink) SetHidden(v bool)`
+
+SetHidden sets Hidden field to given value.
+
+### HasHidden
+
+`func (o *AppLink) HasHidden() bool`
+
+HasHidden returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *AppLink) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *AppLink) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *AppLink) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *AppLink) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *AppLink) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *AppLink) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *AppLink) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *AppLink) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetLinkUrl
+
+`func (o *AppLink) GetLinkUrl() string`
+
+GetLinkUrl returns the LinkUrl field if non-nil, zero value otherwise.
+
+### GetLinkUrlOk
+
+`func (o *AppLink) GetLinkUrlOk() (*string, bool)`
+
+GetLinkUrlOk returns a tuple with the LinkUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinkUrl
+
+`func (o *AppLink) SetLinkUrl(v string)`
+
+SetLinkUrl sets LinkUrl field to given value.
+
+### HasLinkUrl
+
+`func (o *AppLink) HasLinkUrl() bool`
+
+HasLinkUrl returns a boolean if a field has been set.
+
+### GetLogoUrl
+
+`func (o *AppLink) GetLogoUrl() string`
+
+GetLogoUrl returns the LogoUrl field if non-nil, zero value otherwise.
+
+### GetLogoUrlOk
+
+`func (o *AppLink) GetLogoUrlOk() (*string, bool)`
+
+GetLogoUrlOk returns a tuple with the LogoUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogoUrl
+
+`func (o *AppLink) SetLogoUrl(v string)`
+
+SetLogoUrl sets LogoUrl field to given value.
+
+### HasLogoUrl
+
+`func (o *AppLink) HasLogoUrl() bool`
+
+HasLogoUrl returns a boolean if a field has been set.
+
+### GetSortOrder
+
+`func (o *AppLink) GetSortOrder() int32`
+
+GetSortOrder returns the SortOrder field if non-nil, zero value otherwise.
+
+### GetSortOrderOk
+
+`func (o *AppLink) GetSortOrderOk() (*int32, bool)`
+
+GetSortOrderOk returns a tuple with the SortOrder field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSortOrder
+
+`func (o *AppLink) SetSortOrder(v int32)`
+
+SetSortOrder sets SortOrder field to given value.
+
+### HasSortOrder
+
+`func (o *AppLink) HasSortOrder() bool`
+
+HasSortOrder returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppUser.md b/okta/docs/AppUser.md
new file mode 100644
index 000000000..6e6297e40
--- /dev/null
+++ b/okta/docs/AppUser.md
@@ -0,0 +1,394 @@
+# AppUser
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Credentials** | Pointer to [**AppUserCredentials**](AppUserCredentials.md) |  | [optional] 
+**ExternalId** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] 
+**LastSync** | Pointer to **time.Time** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**PasswordChanged** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Profile** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+**Scope** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to **string** |  | [optional] [readonly] 
+**StatusChanged** | Pointer to **time.Time** |  | [optional] [readonly] 
+**SyncState** | Pointer to **string** |  | [optional] [readonly] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewAppUser
+
+`func NewAppUser() *AppUser`
+
+NewAppUser instantiates a new AppUser object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAppUserWithDefaults
+
+`func NewAppUserWithDefaults() *AppUser`
+
+NewAppUserWithDefaults instantiates a new AppUser object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *AppUser) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *AppUser) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *AppUser) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *AppUser) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCredentials
+
+`func (o *AppUser) GetCredentials() AppUserCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *AppUser) GetCredentialsOk() (*AppUserCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *AppUser) SetCredentials(v AppUserCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *AppUser) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetExternalId
+
+`func (o *AppUser) GetExternalId() string`
+
+GetExternalId returns the ExternalId field if non-nil, zero value otherwise.
+
+### GetExternalIdOk
+
+`func (o *AppUser) GetExternalIdOk() (*string, bool)`
+
+GetExternalIdOk returns a tuple with the ExternalId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalId
+
+`func (o *AppUser) SetExternalId(v string)`
+
+SetExternalId sets ExternalId field to given value.
+
+### HasExternalId
+
+`func (o *AppUser) HasExternalId() bool`
+
+HasExternalId returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *AppUser) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *AppUser) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *AppUser) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *AppUser) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastSync
+
+`func (o *AppUser) GetLastSync() time.Time`
+
+GetLastSync returns the LastSync field if non-nil, zero value otherwise.
+
+### GetLastSyncOk
+
+`func (o *AppUser) GetLastSyncOk() (*time.Time, bool)`
+
+GetLastSyncOk returns a tuple with the LastSync field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastSync
+
+`func (o *AppUser) SetLastSync(v time.Time)`
+
+SetLastSync sets LastSync field to given value.
+
+### HasLastSync
+
+`func (o *AppUser) HasLastSync() bool`
+
+HasLastSync returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *AppUser) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *AppUser) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *AppUser) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *AppUser) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetPasswordChanged
+
+`func (o *AppUser) GetPasswordChanged() time.Time`
+
+GetPasswordChanged returns the PasswordChanged field if non-nil, zero value otherwise.
+
+### GetPasswordChangedOk
+
+`func (o *AppUser) GetPasswordChangedOk() (*time.Time, bool)`
+
+GetPasswordChangedOk returns a tuple with the PasswordChanged field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChanged
+
+`func (o *AppUser) SetPasswordChanged(v time.Time)`
+
+SetPasswordChanged sets PasswordChanged field to given value.
+
+### HasPasswordChanged
+
+`func (o *AppUser) HasPasswordChanged() bool`
+
+HasPasswordChanged returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *AppUser) GetProfile() map[string]map[string]interface{}`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *AppUser) GetProfileOk() (*map[string]map[string]interface{}, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *AppUser) SetProfile(v map[string]map[string]interface{})`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *AppUser) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *AppUser) GetScope() string`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *AppUser) GetScopeOk() (*string, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *AppUser) SetScope(v string)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *AppUser) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *AppUser) GetStatus() string`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *AppUser) GetStatusOk() (*string, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *AppUser) SetStatus(v string)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *AppUser) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetStatusChanged
+
+`func (o *AppUser) GetStatusChanged() time.Time`
+
+GetStatusChanged returns the StatusChanged field if non-nil, zero value otherwise.
+
+### GetStatusChangedOk
+
+`func (o *AppUser) GetStatusChangedOk() (*time.Time, bool)`
+
+GetStatusChangedOk returns a tuple with the StatusChanged field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatusChanged
+
+`func (o *AppUser) SetStatusChanged(v time.Time)`
+
+SetStatusChanged sets StatusChanged field to given value.
+
+### HasStatusChanged
+
+`func (o *AppUser) HasStatusChanged() bool`
+
+HasStatusChanged returns a boolean if a field has been set.
+
+### GetSyncState
+
+`func (o *AppUser) GetSyncState() string`
+
+GetSyncState returns the SyncState field if non-nil, zero value otherwise.
+
+### GetSyncStateOk
+
+`func (o *AppUser) GetSyncStateOk() (*string, bool)`
+
+GetSyncStateOk returns a tuple with the SyncState field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSyncState
+
+`func (o *AppUser) SetSyncState(v string)`
+
+SetSyncState sets SyncState field to given value.
+
+### HasSyncState
+
+`func (o *AppUser) HasSyncState() bool`
+
+HasSyncState returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *AppUser) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *AppUser) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *AppUser) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *AppUser) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *AppUser) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *AppUser) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *AppUser) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *AppUser) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppUserCredentials.md b/okta/docs/AppUserCredentials.md
new file mode 100644
index 000000000..07725cf46
--- /dev/null
+++ b/okta/docs/AppUserCredentials.md
@@ -0,0 +1,82 @@
+# AppUserCredentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Password** | Pointer to [**AppUserPasswordCredential**](AppUserPasswordCredential.md) |  | [optional] 
+**UserName** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAppUserCredentials
+
+`func NewAppUserCredentials() *AppUserCredentials`
+
+NewAppUserCredentials instantiates a new AppUserCredentials object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAppUserCredentialsWithDefaults
+
+`func NewAppUserCredentialsWithDefaults() *AppUserCredentials`
+
+NewAppUserCredentialsWithDefaults instantiates a new AppUserCredentials object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPassword
+
+`func (o *AppUserCredentials) GetPassword() AppUserPasswordCredential`
+
+GetPassword returns the Password field if non-nil, zero value otherwise.
+
+### GetPasswordOk
+
+`func (o *AppUserCredentials) GetPasswordOk() (*AppUserPasswordCredential, bool)`
+
+GetPasswordOk returns a tuple with the Password field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassword
+
+`func (o *AppUserCredentials) SetPassword(v AppUserPasswordCredential)`
+
+SetPassword sets Password field to given value.
+
+### HasPassword
+
+`func (o *AppUserCredentials) HasPassword() bool`
+
+HasPassword returns a boolean if a field has been set.
+
+### GetUserName
+
+`func (o *AppUserCredentials) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *AppUserCredentials) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *AppUserCredentials) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+### HasUserName
+
+`func (o *AppUserCredentials) HasUserName() bool`
+
+HasUserName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AppUserPasswordCredential.md b/okta/docs/AppUserPasswordCredential.md
new file mode 100644
index 000000000..5aa053991
--- /dev/null
+++ b/okta/docs/AppUserPasswordCredential.md
@@ -0,0 +1,56 @@
+# AppUserPasswordCredential
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAppUserPasswordCredential
+
+`func NewAppUserPasswordCredential() *AppUserPasswordCredential`
+
+NewAppUserPasswordCredential instantiates a new AppUserPasswordCredential object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAppUserPasswordCredentialWithDefaults
+
+`func NewAppUserPasswordCredentialWithDefaults() *AppUserPasswordCredential`
+
+NewAppUserPasswordCredentialWithDefaults instantiates a new AppUserPasswordCredential object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetValue
+
+`func (o *AppUserPasswordCredential) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *AppUserPasswordCredential) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *AppUserPasswordCredential) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *AppUserPasswordCredential) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Application.md b/okta/docs/Application.md
new file mode 100644
index 000000000..f34a52ac2
--- /dev/null
+++ b/okta/docs/Application.md
@@ -0,0 +1,368 @@
+# Application
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Accessibility** | Pointer to [**ApplicationAccessibility**](ApplicationAccessibility.md) |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Features** | Pointer to **[]string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Label** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Licensing** | Pointer to [**ApplicationLicensing**](ApplicationLicensing.md) |  | [optional] 
+**Profile** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+**SignOnMode** | Pointer to [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | [optional] 
+**Status** | Pointer to [**ApplicationLifecycleStatus**](ApplicationLifecycleStatus.md) |  | [optional] 
+**Visibility** | Pointer to [**ApplicationVisibility**](ApplicationVisibility.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to [**ApplicationLinks**](ApplicationLinks.md) |  | [optional] 
+
+## Methods
+
+### NewApplication
+
+`func NewApplication() *Application`
+
+NewApplication instantiates a new Application object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationWithDefaults
+
+`func NewApplicationWithDefaults() *Application`
+
+NewApplicationWithDefaults instantiates a new Application object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccessibility
+
+`func (o *Application) GetAccessibility() ApplicationAccessibility`
+
+GetAccessibility returns the Accessibility field if non-nil, zero value otherwise.
+
+### GetAccessibilityOk
+
+`func (o *Application) GetAccessibilityOk() (*ApplicationAccessibility, bool)`
+
+GetAccessibilityOk returns a tuple with the Accessibility field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccessibility
+
+`func (o *Application) SetAccessibility(v ApplicationAccessibility)`
+
+SetAccessibility sets Accessibility field to given value.
+
+### HasAccessibility
+
+`func (o *Application) HasAccessibility() bool`
+
+HasAccessibility returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *Application) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Application) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Application) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Application) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetFeatures
+
+`func (o *Application) GetFeatures() []string`
+
+GetFeatures returns the Features field if non-nil, zero value otherwise.
+
+### GetFeaturesOk
+
+`func (o *Application) GetFeaturesOk() (*[]string, bool)`
+
+GetFeaturesOk returns a tuple with the Features field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFeatures
+
+`func (o *Application) SetFeatures(v []string)`
+
+SetFeatures sets Features field to given value.
+
+### HasFeatures
+
+`func (o *Application) HasFeatures() bool`
+
+HasFeatures returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Application) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Application) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Application) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Application) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *Application) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *Application) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *Application) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *Application) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *Application) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *Application) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *Application) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *Application) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLicensing
+
+`func (o *Application) GetLicensing() ApplicationLicensing`
+
+GetLicensing returns the Licensing field if non-nil, zero value otherwise.
+
+### GetLicensingOk
+
+`func (o *Application) GetLicensingOk() (*ApplicationLicensing, bool)`
+
+GetLicensingOk returns a tuple with the Licensing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLicensing
+
+`func (o *Application) SetLicensing(v ApplicationLicensing)`
+
+SetLicensing sets Licensing field to given value.
+
+### HasLicensing
+
+`func (o *Application) HasLicensing() bool`
+
+HasLicensing returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *Application) GetProfile() map[string]map[string]interface{}`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *Application) GetProfileOk() (*map[string]map[string]interface{}, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *Application) SetProfile(v map[string]map[string]interface{})`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *Application) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetSignOnMode
+
+`func (o *Application) GetSignOnMode() ApplicationSignOnMode`
+
+GetSignOnMode returns the SignOnMode field if non-nil, zero value otherwise.
+
+### GetSignOnModeOk
+
+`func (o *Application) GetSignOnModeOk() (*ApplicationSignOnMode, bool)`
+
+GetSignOnModeOk returns a tuple with the SignOnMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignOnMode
+
+`func (o *Application) SetSignOnMode(v ApplicationSignOnMode)`
+
+SetSignOnMode sets SignOnMode field to given value.
+
+### HasSignOnMode
+
+`func (o *Application) HasSignOnMode() bool`
+
+HasSignOnMode returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Application) GetStatus() ApplicationLifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Application) GetStatusOk() (*ApplicationLifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Application) SetStatus(v ApplicationLifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Application) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetVisibility
+
+`func (o *Application) GetVisibility() ApplicationVisibility`
+
+GetVisibility returns the Visibility field if non-nil, zero value otherwise.
+
+### GetVisibilityOk
+
+`func (o *Application) GetVisibilityOk() (*ApplicationVisibility, bool)`
+
+GetVisibilityOk returns a tuple with the Visibility field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVisibility
+
+`func (o *Application) SetVisibility(v ApplicationVisibility)`
+
+SetVisibility sets Visibility field to given value.
+
+### HasVisibility
+
+`func (o *Application) HasVisibility() bool`
+
+HasVisibility returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *Application) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *Application) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *Application) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *Application) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Application) GetLinks() ApplicationLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Application) GetLinksOk() (*ApplicationLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Application) SetLinks(v ApplicationLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Application) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationAccessibility.md b/okta/docs/ApplicationAccessibility.md
new file mode 100644
index 000000000..160e033d4
--- /dev/null
+++ b/okta/docs/ApplicationAccessibility.md
@@ -0,0 +1,108 @@
+# ApplicationAccessibility
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ErrorRedirectUrl** | Pointer to **string** |  | [optional] 
+**LoginRedirectUrl** | Pointer to **string** |  | [optional] 
+**SelfService** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewApplicationAccessibility
+
+`func NewApplicationAccessibility() *ApplicationAccessibility`
+
+NewApplicationAccessibility instantiates a new ApplicationAccessibility object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationAccessibilityWithDefaults
+
+`func NewApplicationAccessibilityWithDefaults() *ApplicationAccessibility`
+
+NewApplicationAccessibilityWithDefaults instantiates a new ApplicationAccessibility object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetErrorRedirectUrl
+
+`func (o *ApplicationAccessibility) GetErrorRedirectUrl() string`
+
+GetErrorRedirectUrl returns the ErrorRedirectUrl field if non-nil, zero value otherwise.
+
+### GetErrorRedirectUrlOk
+
+`func (o *ApplicationAccessibility) GetErrorRedirectUrlOk() (*string, bool)`
+
+GetErrorRedirectUrlOk returns a tuple with the ErrorRedirectUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorRedirectUrl
+
+`func (o *ApplicationAccessibility) SetErrorRedirectUrl(v string)`
+
+SetErrorRedirectUrl sets ErrorRedirectUrl field to given value.
+
+### HasErrorRedirectUrl
+
+`func (o *ApplicationAccessibility) HasErrorRedirectUrl() bool`
+
+HasErrorRedirectUrl returns a boolean if a field has been set.
+
+### GetLoginRedirectUrl
+
+`func (o *ApplicationAccessibility) GetLoginRedirectUrl() string`
+
+GetLoginRedirectUrl returns the LoginRedirectUrl field if non-nil, zero value otherwise.
+
+### GetLoginRedirectUrlOk
+
+`func (o *ApplicationAccessibility) GetLoginRedirectUrlOk() (*string, bool)`
+
+GetLoginRedirectUrlOk returns a tuple with the LoginRedirectUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLoginRedirectUrl
+
+`func (o *ApplicationAccessibility) SetLoginRedirectUrl(v string)`
+
+SetLoginRedirectUrl sets LoginRedirectUrl field to given value.
+
+### HasLoginRedirectUrl
+
+`func (o *ApplicationAccessibility) HasLoginRedirectUrl() bool`
+
+HasLoginRedirectUrl returns a boolean if a field has been set.
+
+### GetSelfService
+
+`func (o *ApplicationAccessibility) GetSelfService() bool`
+
+GetSelfService returns the SelfService field if non-nil, zero value otherwise.
+
+### GetSelfServiceOk
+
+`func (o *ApplicationAccessibility) GetSelfServiceOk() (*bool, bool)`
+
+GetSelfServiceOk returns a tuple with the SelfService field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfService
+
+`func (o *ApplicationAccessibility) SetSelfService(v bool)`
+
+SetSelfService sets SelfService field to given value.
+
+### HasSelfService
+
+`func (o *ApplicationAccessibility) HasSelfService() bool`
+
+HasSelfService returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationApi.md b/okta/docs/ApplicationApi.md
new file mode 100644
index 000000000..a11cb5369
--- /dev/null
+++ b/okta/docs/ApplicationApi.md
@@ -0,0 +1,3090 @@
+# \ApplicationApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateApplication**](ApplicationApi.md#ActivateApplication) | **Post** /api/v1/apps/{appId}/lifecycle/activate | Activate an Application
+[**ActivateDefaultProvisioningConnectionForApplication**](ApplicationApi.md#ActivateDefaultProvisioningConnectionForApplication) | **Post** /api/v1/apps/{appId}/connections/default/lifecycle/activate | Activate the default Provisioning Connection
+[**AssignApplicationPolicy**](ApplicationApi.md#AssignApplicationPolicy) | **Put** /api/v1/apps/{appId}/policies/{policyId} | Assign an Application to a Policy
+[**AssignGroupToApplication**](ApplicationApi.md#AssignGroupToApplication) | **Put** /api/v1/apps/{appId}/groups/{groupId} | Assign a Group
+[**AssignUserToApplication**](ApplicationApi.md#AssignUserToApplication) | **Post** /api/v1/apps/{appId}/users | Assign a User
+[**CloneApplicationKey**](ApplicationApi.md#CloneApplicationKey) | **Post** /api/v1/apps/{appId}/credentials/keys/{keyId}/clone | Clone a Key Credential
+[**CreateApplication**](ApplicationApi.md#CreateApplication) | **Post** /api/v1/apps | Create an Application
+[**DeactivateApplication**](ApplicationApi.md#DeactivateApplication) | **Post** /api/v1/apps/{appId}/lifecycle/deactivate | Deactivate an Application
+[**DeactivateDefaultProvisioningConnectionForApplication**](ApplicationApi.md#DeactivateDefaultProvisioningConnectionForApplication) | **Post** /api/v1/apps/{appId}/connections/default/lifecycle/deactivate | Deactivate the default Provisioning Connection for an Application
+[**DeleteApplication**](ApplicationApi.md#DeleteApplication) | **Delete** /api/v1/apps/{appId} | Delete an Application
+[**GenerateApplicationKey**](ApplicationApi.md#GenerateApplicationKey) | **Post** /api/v1/apps/{appId}/credentials/keys/generate | Generate a Key Credential
+[**GenerateCsrForApplication**](ApplicationApi.md#GenerateCsrForApplication) | **Post** /api/v1/apps/{appId}/credentials/csrs | Generate a Certificate Signing Request
+[**GetApplication**](ApplicationApi.md#GetApplication) | **Get** /api/v1/apps/{appId} | Retrieve an Application
+[**GetApplicationGroupAssignment**](ApplicationApi.md#GetApplicationGroupAssignment) | **Get** /api/v1/apps/{appId}/groups/{groupId} | Retrieve an Assigned Group
+[**GetApplicationKey**](ApplicationApi.md#GetApplicationKey) | **Get** /api/v1/apps/{appId}/credentials/keys/{keyId} | Retrieve a Key Credential
+[**GetApplicationUser**](ApplicationApi.md#GetApplicationUser) | **Get** /api/v1/apps/{appId}/users/{userId} | Retrieve an Assigned User
+[**GetCsrForApplication**](ApplicationApi.md#GetCsrForApplication) | **Get** /api/v1/apps/{appId}/credentials/csrs/{csrId} | Retrieve a Certificate Signing Request
+[**GetDefaultProvisioningConnectionForApplication**](ApplicationApi.md#GetDefaultProvisioningConnectionForApplication) | **Get** /api/v1/apps/{appId}/connections/default | Retrieve the default Provisioning Connection
+[**GetFeatureForApplication**](ApplicationApi.md#GetFeatureForApplication) | **Get** /api/v1/apps/{appId}/features/{name} | Retrieve a Feature
+[**GetOAuth2TokenForApplication**](ApplicationApi.md#GetOAuth2TokenForApplication) | **Get** /api/v1/apps/{appId}/tokens/{tokenId} | Retrieve an OAuth 2.0 Token
+[**GetScopeConsentGrant**](ApplicationApi.md#GetScopeConsentGrant) | **Get** /api/v1/apps/{appId}/grants/{grantId} | Retrieve a Scope Consent Grant
+[**GrantConsentToScope**](ApplicationApi.md#GrantConsentToScope) | **Post** /api/v1/apps/{appId}/grants | Grant Consent to Scope
+[**ListApplicationGroupAssignments**](ApplicationApi.md#ListApplicationGroupAssignments) | **Get** /api/v1/apps/{appId}/groups | List all Assigned Groups
+[**ListApplicationKeys**](ApplicationApi.md#ListApplicationKeys) | **Get** /api/v1/apps/{appId}/credentials/keys | List all Key Credentials
+[**ListApplicationUsers**](ApplicationApi.md#ListApplicationUsers) | **Get** /api/v1/apps/{appId}/users | List all Assigned Users
+[**ListApplications**](ApplicationApi.md#ListApplications) | **Get** /api/v1/apps | List all Applications
+[**ListCsrsForApplication**](ApplicationApi.md#ListCsrsForApplication) | **Get** /api/v1/apps/{appId}/credentials/csrs | List all Certificate Signing Requests
+[**ListFeaturesForApplication**](ApplicationApi.md#ListFeaturesForApplication) | **Get** /api/v1/apps/{appId}/features | List all Features
+[**ListOAuth2TokensForApplication**](ApplicationApi.md#ListOAuth2TokensForApplication) | **Get** /api/v1/apps/{appId}/tokens | List all OAuth 2.0 Tokens
+[**ListScopeConsentGrants**](ApplicationApi.md#ListScopeConsentGrants) | **Get** /api/v1/apps/{appId}/grants | List all Scope Consent Grants
+[**PublishCsrFromApplication**](ApplicationApi.md#PublishCsrFromApplication) | **Post** /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish | Publish a Certificate Signing Request
+[**ReplaceApplication**](ApplicationApi.md#ReplaceApplication) | **Put** /api/v1/apps/{appId} | Replace an Application
+[**RevokeCsrFromApplication**](ApplicationApi.md#RevokeCsrFromApplication) | **Delete** /api/v1/apps/{appId}/credentials/csrs/{csrId} | Revoke a Certificate Signing Request
+[**RevokeOAuth2TokenForApplication**](ApplicationApi.md#RevokeOAuth2TokenForApplication) | **Delete** /api/v1/apps/{appId}/tokens/{tokenId} | Revoke an OAuth 2.0 Token
+[**RevokeOAuth2TokensForApplication**](ApplicationApi.md#RevokeOAuth2TokensForApplication) | **Delete** /api/v1/apps/{appId}/tokens | Revoke all OAuth 2.0 Tokens
+[**RevokeScopeConsentGrant**](ApplicationApi.md#RevokeScopeConsentGrant) | **Delete** /api/v1/apps/{appId}/grants/{grantId} | Revoke a Scope Consent Grant
+[**UnassignApplicationFromGroup**](ApplicationApi.md#UnassignApplicationFromGroup) | **Delete** /api/v1/apps/{appId}/groups/{groupId} | Unassign a Group
+[**UnassignUserFromApplication**](ApplicationApi.md#UnassignUserFromApplication) | **Delete** /api/v1/apps/{appId}/users/{userId} | Unassign a User
+[**UpdateApplicationUser**](ApplicationApi.md#UpdateApplicationUser) | **Post** /api/v1/apps/{appId}/users/{userId} | Update an Application Profile for Assigned User
+[**UpdateDefaultProvisioningConnectionForApplication**](ApplicationApi.md#UpdateDefaultProvisioningConnectionForApplication) | **Post** /api/v1/apps/{appId}/connections/default | Update the default Provisioning Connection
+[**UpdateFeatureForApplication**](ApplicationApi.md#UpdateFeatureForApplication) | **Put** /api/v1/apps/{appId}/features/{name} | Update a Feature
+[**UploadApplicationLogo**](ApplicationApi.md#UploadApplicationLogo) | **Post** /api/v1/apps/{appId}/logo | Upload a Logo
+
+
+
+## ActivateApplication
+
+> ActivateApplication(ctx, appId).Execute()
+
+Activate an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ActivateApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ActivateApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ActivateDefaultProvisioningConnectionForApplication
+
+> ActivateDefaultProvisioningConnectionForApplication(ctx, appId).Execute()
+
+Activate the default Provisioning Connection
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ActivateDefaultProvisioningConnectionForApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ActivateDefaultProvisioningConnectionForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateDefaultProvisioningConnectionForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignApplicationPolicy
+
+> AssignApplicationPolicy(ctx, appId, policyId).Execute()
+
+Assign an Application to a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.AssignApplicationPolicy(context.Background(), appId, policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.AssignApplicationPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignApplicationPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignGroupToApplication
+
+> ApplicationGroupAssignment AssignGroupToApplication(ctx, appId, groupId).ApplicationGroupAssignment(applicationGroupAssignment).Execute()
+
+Assign a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    groupId := "groupId_example" // string | 
+    applicationGroupAssignment := *openapiclient.NewApplicationGroupAssignment() // ApplicationGroupAssignment |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.AssignGroupToApplication(context.Background(), appId, groupId).ApplicationGroupAssignment(applicationGroupAssignment).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.AssignGroupToApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AssignGroupToApplication`: ApplicationGroupAssignment
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.AssignGroupToApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignGroupToApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **applicationGroupAssignment** | [**ApplicationGroupAssignment**](ApplicationGroupAssignment.md) |  | 
+
+### Return type
+
+[**ApplicationGroupAssignment**](ApplicationGroupAssignment.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignUserToApplication
+
+> AppUser AssignUserToApplication(ctx, appId).AppUser(appUser).Execute()
+
+Assign a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    appUser := *openapiclient.NewAppUser() // AppUser | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.AssignUserToApplication(context.Background(), appId).AppUser(appUser).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.AssignUserToApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AssignUserToApplication`: AppUser
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.AssignUserToApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignUserToApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **appUser** | [**AppUser**](AppUser.md) |  | 
+
+### Return type
+
+[**AppUser**](AppUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CloneApplicationKey
+
+> JsonWebKey CloneApplicationKey(ctx, appId, keyId).TargetAid(targetAid).Execute()
+
+Clone a Key Credential
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    keyId := "keyId_example" // string | 
+    targetAid := "targetAid_example" // string | Unique key of the target Application
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.CloneApplicationKey(context.Background(), appId, keyId).TargetAid(targetAid).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.CloneApplicationKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CloneApplicationKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.CloneApplicationKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**keyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCloneApplicationKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **targetAid** | **string** | Unique key of the target Application | 
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateApplication
+
+> ListApplications200ResponseInner CreateApplication(ctx).Application(application).Activate(activate).OktaAccessGatewayAgent(oktaAccessGatewayAgent).Execute()
+
+Create an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    application := openapiclient.listApplications_200_response_inner{AutoLoginApplication: openapiclient.NewAutoLoginApplication()} // ListApplications200ResponseInner | 
+    activate := true // bool | Executes activation lifecycle operation when creating the app (optional) (default to true)
+    oktaAccessGatewayAgent := "oktaAccessGatewayAgent_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.CreateApplication(context.Background()).Application(application).Activate(activate).OktaAccessGatewayAgent(oktaAccessGatewayAgent).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.CreateApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateApplication`: ListApplications200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.CreateApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **application** | [**ListApplications200ResponseInner**](ListApplications200ResponseInner.md) |  | 
+ **activate** | **bool** | Executes activation lifecycle operation when creating the app | [default to true]
+ **oktaAccessGatewayAgent** | **string** |  | 
+
+### Return type
+
+[**ListApplications200ResponseInner**](ListApplications200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateApplication
+
+> DeactivateApplication(ctx, appId).Execute()
+
+Deactivate an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.DeactivateApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.DeactivateApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateDefaultProvisioningConnectionForApplication
+
+> DeactivateDefaultProvisioningConnectionForApplication(ctx, appId).Execute()
+
+Deactivate the default Provisioning Connection for an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.DeactivateDefaultProvisioningConnectionForApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.DeactivateDefaultProvisioningConnectionForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateDefaultProvisioningConnectionForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteApplication
+
+> DeleteApplication(ctx, appId).Execute()
+
+Delete an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.DeleteApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.DeleteApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GenerateApplicationKey
+
+> JsonWebKey GenerateApplicationKey(ctx, appId).ValidityYears(validityYears).Execute()
+
+Generate a Key Credential
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    validityYears := int32(56) // int32 |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GenerateApplicationKey(context.Background(), appId).ValidityYears(validityYears).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GenerateApplicationKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GenerateApplicationKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GenerateApplicationKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGenerateApplicationKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **validityYears** | **int32** |  | 
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GenerateCsrForApplication
+
+> Csr GenerateCsrForApplication(ctx, appId).Metadata(metadata).Execute()
+
+Generate a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    metadata := *openapiclient.NewCsrMetadata() // CsrMetadata | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GenerateCsrForApplication(context.Background(), appId).Metadata(metadata).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GenerateCsrForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GenerateCsrForApplication`: Csr
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GenerateCsrForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGenerateCsrForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **metadata** | [**CsrMetadata**](CsrMetadata.md) |  | 
+
+### Return type
+
+[**Csr**](Csr.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetApplication
+
+> ListApplications200ResponseInner GetApplication(ctx, appId).Expand(expand).Execute()
+
+Retrieve an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetApplication(context.Background(), appId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetApplication`: ListApplications200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**ListApplications200ResponseInner**](ListApplications200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetApplicationGroupAssignment
+
+> ApplicationGroupAssignment GetApplicationGroupAssignment(ctx, appId, groupId).Expand(expand).Execute()
+
+Retrieve an Assigned Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    groupId := "groupId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetApplicationGroupAssignment(context.Background(), appId, groupId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetApplicationGroupAssignment``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetApplicationGroupAssignment`: ApplicationGroupAssignment
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetApplicationGroupAssignment`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetApplicationGroupAssignmentRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**ApplicationGroupAssignment**](ApplicationGroupAssignment.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetApplicationKey
+
+> JsonWebKey GetApplicationKey(ctx, appId, keyId).Execute()
+
+Retrieve a Key Credential
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    keyId := "keyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetApplicationKey(context.Background(), appId, keyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetApplicationKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetApplicationKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetApplicationKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**keyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetApplicationKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetApplicationUser
+
+> AppUser GetApplicationUser(ctx, appId, userId).Expand(expand).Execute()
+
+Retrieve an Assigned User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    userId := "userId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetApplicationUser(context.Background(), appId, userId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetApplicationUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetApplicationUser`: AppUser
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetApplicationUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetApplicationUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**AppUser**](AppUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetCsrForApplication
+
+> Csr GetCsrForApplication(ctx, appId, csrId).Execute()
+
+Retrieve a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    csrId := "csrId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetCsrForApplication(context.Background(), appId, csrId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetCsrForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetCsrForApplication`: Csr
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetCsrForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**csrId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetCsrForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**Csr**](Csr.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetDefaultProvisioningConnectionForApplication
+
+> ProvisioningConnection GetDefaultProvisioningConnectionForApplication(ctx, appId).Execute()
+
+Retrieve the default Provisioning Connection
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetDefaultProvisioningConnectionForApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetDefaultProvisioningConnectionForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetDefaultProvisioningConnectionForApplication`: ProvisioningConnection
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetDefaultProvisioningConnectionForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetDefaultProvisioningConnectionForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ProvisioningConnection**](ProvisioningConnection.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetFeatureForApplication
+
+> ApplicationFeature GetFeatureForApplication(ctx, appId, name).Execute()
+
+Retrieve a Feature
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    name := "name_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetFeatureForApplication(context.Background(), appId, name).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetFeatureForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetFeatureForApplication`: ApplicationFeature
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetFeatureForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**name** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetFeatureForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**ApplicationFeature**](ApplicationFeature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOAuth2TokenForApplication
+
+> OAuth2Token GetOAuth2TokenForApplication(ctx, appId, tokenId).Expand(expand).Execute()
+
+Retrieve an OAuth 2.0 Token
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    tokenId := "tokenId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetOAuth2TokenForApplication(context.Background(), appId, tokenId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetOAuth2TokenForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOAuth2TokenForApplication`: OAuth2Token
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetOAuth2TokenForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**tokenId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOAuth2TokenForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**OAuth2Token**](OAuth2Token.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetScopeConsentGrant
+
+> OAuth2ScopeConsentGrant GetScopeConsentGrant(ctx, appId, grantId).Expand(expand).Execute()
+
+Retrieve a Scope Consent Grant
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    grantId := "grantId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GetScopeConsentGrant(context.Background(), appId, grantId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GetScopeConsentGrant``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetScopeConsentGrant`: OAuth2ScopeConsentGrant
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GetScopeConsentGrant`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**grantId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetScopeConsentGrantRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**OAuth2ScopeConsentGrant**](OAuth2ScopeConsentGrant.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GrantConsentToScope
+
+> OAuth2ScopeConsentGrant GrantConsentToScope(ctx, appId).OAuth2ScopeConsentGrant(oAuth2ScopeConsentGrant).Execute()
+
+Grant Consent to Scope
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    oAuth2ScopeConsentGrant := *openapiclient.NewOAuth2ScopeConsentGrant() // OAuth2ScopeConsentGrant | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.GrantConsentToScope(context.Background(), appId).OAuth2ScopeConsentGrant(oAuth2ScopeConsentGrant).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.GrantConsentToScope``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GrantConsentToScope`: OAuth2ScopeConsentGrant
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.GrantConsentToScope`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGrantConsentToScopeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **oAuth2ScopeConsentGrant** | [**OAuth2ScopeConsentGrant**](OAuth2ScopeConsentGrant.md) |  | 
+
+### Return type
+
+[**OAuth2ScopeConsentGrant**](OAuth2ScopeConsentGrant.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListApplicationGroupAssignments
+
+> []ApplicationGroupAssignment ListApplicationGroupAssignments(ctx, appId).Q(q).After(after).Limit(limit).Expand(expand).Execute()
+
+List all Assigned Groups
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    q := "q_example" // string |  (optional)
+    after := "after_example" // string | Specifies the pagination cursor for the next page of assignments (optional)
+    limit := int32(56) // int32 | Specifies the number of results for a page (optional) (default to -1)
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListApplicationGroupAssignments(context.Background(), appId).Q(q).After(after).Limit(limit).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListApplicationGroupAssignments``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListApplicationGroupAssignments`: []ApplicationGroupAssignment
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListApplicationGroupAssignments`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListApplicationGroupAssignmentsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **q** | **string** |  | 
+ **after** | **string** | Specifies the pagination cursor for the next page of assignments | 
+ **limit** | **int32** | Specifies the number of results for a page | [default to -1]
+ **expand** | **string** |  | 
+
+### Return type
+
+[**[]ApplicationGroupAssignment**](ApplicationGroupAssignment.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListApplicationKeys
+
+> []JsonWebKey ListApplicationKeys(ctx, appId).Execute()
+
+List all Key Credentials
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListApplicationKeys(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListApplicationKeys``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListApplicationKeys`: []JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListApplicationKeys`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListApplicationKeysRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListApplicationUsers
+
+> []AppUser ListApplicationUsers(ctx, appId).Q(q).QueryScope(queryScope).After(after).Limit(limit).Filter(filter).Expand(expand).Execute()
+
+List all Assigned Users
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    q := "q_example" // string |  (optional)
+    queryScope := "queryScope_example" // string |  (optional)
+    after := "after_example" // string | specifies the pagination cursor for the next page of assignments (optional)
+    limit := int32(56) // int32 | specifies the number of results for a page (optional) (default to -1)
+    filter := "filter_example" // string |  (optional)
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListApplicationUsers(context.Background(), appId).Q(q).QueryScope(queryScope).After(after).Limit(limit).Filter(filter).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListApplicationUsers``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListApplicationUsers`: []AppUser
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListApplicationUsers`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListApplicationUsersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **q** | **string** |  | 
+ **queryScope** | **string** |  | 
+ **after** | **string** | specifies the pagination cursor for the next page of assignments | 
+ **limit** | **int32** | specifies the number of results for a page | [default to -1]
+ **filter** | **string** |  | 
+ **expand** | **string** |  | 
+
+### Return type
+
+[**[]AppUser**](AppUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListApplications
+
+> []ListApplications200ResponseInner ListApplications(ctx).Q(q).After(after).Limit(limit).Filter(filter).Expand(expand).IncludeNonDeleted(includeNonDeleted).Execute()
+
+List all Applications
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    q := "q_example" // string |  (optional)
+    after := "after_example" // string | Specifies the pagination cursor for the next page of apps (optional)
+    limit := int32(56) // int32 | Specifies the number of results for a page (optional) (default to -1)
+    filter := "filter_example" // string | Filters apps by status, user.id, group.id or credentials.signing.kid expression (optional)
+    expand := "expand_example" // string | Traverses users link relationship and optionally embeds Application User resource (optional)
+    includeNonDeleted := true // bool |  (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListApplications(context.Background()).Q(q).After(after).Limit(limit).Filter(filter).Expand(expand).IncludeNonDeleted(includeNonDeleted).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListApplications``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListApplications`: []ListApplications200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListApplications`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListApplicationsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **q** | **string** |  | 
+ **after** | **string** | Specifies the pagination cursor for the next page of apps | 
+ **limit** | **int32** | Specifies the number of results for a page | [default to -1]
+ **filter** | **string** | Filters apps by status, user.id, group.id or credentials.signing.kid expression | 
+ **expand** | **string** | Traverses users link relationship and optionally embeds Application User resource | 
+ **includeNonDeleted** | **bool** |  | [default to false]
+
+### Return type
+
+[**[]ListApplications200ResponseInner**](ListApplications200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListCsrsForApplication
+
+> []Csr ListCsrsForApplication(ctx, appId).Execute()
+
+List all Certificate Signing Requests
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListCsrsForApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListCsrsForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListCsrsForApplication`: []Csr
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListCsrsForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListCsrsForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]Csr**](Csr.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListFeaturesForApplication
+
+> []ApplicationFeature ListFeaturesForApplication(ctx, appId).Execute()
+
+List all Features
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListFeaturesForApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListFeaturesForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListFeaturesForApplication`: []ApplicationFeature
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListFeaturesForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListFeaturesForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]ApplicationFeature**](ApplicationFeature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListOAuth2TokensForApplication
+
+> []OAuth2Token ListOAuth2TokensForApplication(ctx, appId).Expand(expand).After(after).Limit(limit).Execute()
+
+List all OAuth 2.0 Tokens
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListOAuth2TokensForApplication(context.Background(), appId).Expand(expand).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListOAuth2TokensForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListOAuth2TokensForApplication`: []OAuth2Token
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListOAuth2TokensForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListOAuth2TokensForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** |  | 
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]OAuth2Token**](OAuth2Token.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListScopeConsentGrants
+
+> []OAuth2ScopeConsentGrant ListScopeConsentGrants(ctx, appId).Expand(expand).Execute()
+
+List all Scope Consent Grants
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ListScopeConsentGrants(context.Background(), appId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ListScopeConsentGrants``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListScopeConsentGrants`: []OAuth2ScopeConsentGrant
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ListScopeConsentGrants`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListScopeConsentGrantsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**[]OAuth2ScopeConsentGrant**](OAuth2ScopeConsentGrant.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## PublishCsrFromApplication
+
+> JsonWebKey PublishCsrFromApplication(ctx, appId, csrId).Body(body).Execute()
+
+Publish a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    csrId := "csrId_example" // string | 
+    body := os.NewFile(1234, "some_file") // *os.File | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.PublishCsrFromApplication(context.Background(), appId, csrId).Body(body).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.PublishCsrFromApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `PublishCsrFromApplication`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.PublishCsrFromApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**csrId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiPublishCsrFromApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **body** | ***os.File** |  | 
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/x-x509-ca-cert, application/pkix-cert, application/x-pem-file
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceApplication
+
+> ListApplications200ResponseInner ReplaceApplication(ctx, appId).Application(application).Execute()
+
+Replace an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    application := openapiclient.listApplications_200_response_inner{AutoLoginApplication: openapiclient.NewAutoLoginApplication()} // ListApplications200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.ReplaceApplication(context.Background(), appId).Application(application).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.ReplaceApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceApplication`: ListApplications200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.ReplaceApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **application** | [**ListApplications200ResponseInner**](ListApplications200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListApplications200ResponseInner**](ListApplications200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeCsrFromApplication
+
+> RevokeCsrFromApplication(ctx, appId, csrId).Execute()
+
+Revoke a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    csrId := "csrId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.RevokeCsrFromApplication(context.Background(), appId, csrId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.RevokeCsrFromApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**csrId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeCsrFromApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeOAuth2TokenForApplication
+
+> RevokeOAuth2TokenForApplication(ctx, appId, tokenId).Execute()
+
+Revoke an OAuth 2.0 Token
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    tokenId := "tokenId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.RevokeOAuth2TokenForApplication(context.Background(), appId, tokenId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.RevokeOAuth2TokenForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**tokenId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeOAuth2TokenForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeOAuth2TokensForApplication
+
+> RevokeOAuth2TokensForApplication(ctx, appId).Execute()
+
+Revoke all OAuth 2.0 Tokens
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.RevokeOAuth2TokensForApplication(context.Background(), appId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.RevokeOAuth2TokensForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeOAuth2TokensForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeScopeConsentGrant
+
+> RevokeScopeConsentGrant(ctx, appId, grantId).Execute()
+
+Revoke a Scope Consent Grant
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    grantId := "grantId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.RevokeScopeConsentGrant(context.Background(), appId, grantId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.RevokeScopeConsentGrant``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**grantId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeScopeConsentGrantRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignApplicationFromGroup
+
+> UnassignApplicationFromGroup(ctx, appId, groupId).Execute()
+
+Unassign a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    groupId := "groupId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.UnassignApplicationFromGroup(context.Background(), appId, groupId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.UnassignApplicationFromGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignApplicationFromGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignUserFromApplication
+
+> UnassignUserFromApplication(ctx, appId, userId).SendEmail(sendEmail).Execute()
+
+Unassign a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    userId := "userId_example" // string | 
+    sendEmail := true // bool |  (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.UnassignUserFromApplication(context.Background(), appId, userId).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.UnassignUserFromApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignUserFromApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **sendEmail** | **bool** |  | [default to false]
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateApplicationUser
+
+> AppUser UpdateApplicationUser(ctx, appId, userId).AppUser(appUser).Execute()
+
+Update an Application Profile for Assigned User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    userId := "userId_example" // string | 
+    appUser := *openapiclient.NewAppUser() // AppUser | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.UpdateApplicationUser(context.Background(), appId, userId).AppUser(appUser).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.UpdateApplicationUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateApplicationUser`: AppUser
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.UpdateApplicationUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateApplicationUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **appUser** | [**AppUser**](AppUser.md) |  | 
+
+### Return type
+
+[**AppUser**](AppUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateDefaultProvisioningConnectionForApplication
+
+> ProvisioningConnection UpdateDefaultProvisioningConnectionForApplication(ctx, appId).ProvisioningConnectionRequest(provisioningConnectionRequest).Activate(activate).Execute()
+
+Update the default Provisioning Connection
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    provisioningConnectionRequest := *openapiclient.NewProvisioningConnectionRequest() // ProvisioningConnectionRequest | 
+    activate := true // bool |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.UpdateDefaultProvisioningConnectionForApplication(context.Background(), appId).ProvisioningConnectionRequest(provisioningConnectionRequest).Activate(activate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.UpdateDefaultProvisioningConnectionForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateDefaultProvisioningConnectionForApplication`: ProvisioningConnection
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.UpdateDefaultProvisioningConnectionForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateDefaultProvisioningConnectionForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **provisioningConnectionRequest** | [**ProvisioningConnectionRequest**](ProvisioningConnectionRequest.md) |  | 
+ **activate** | **bool** |  | 
+
+### Return type
+
+[**ProvisioningConnection**](ProvisioningConnection.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateFeatureForApplication
+
+> ApplicationFeature UpdateFeatureForApplication(ctx, appId, name).CapabilitiesObject(capabilitiesObject).Execute()
+
+Update a Feature
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    name := "name_example" // string | 
+    capabilitiesObject := *openapiclient.NewCapabilitiesObject() // CapabilitiesObject | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.UpdateFeatureForApplication(context.Background(), appId, name).CapabilitiesObject(capabilitiesObject).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.UpdateFeatureForApplication``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateFeatureForApplication`: ApplicationFeature
+    fmt.Fprintf(os.Stdout, "Response from `ApplicationApi.UpdateFeatureForApplication`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+**name** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateFeatureForApplicationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **capabilitiesObject** | [**CapabilitiesObject**](CapabilitiesObject.md) |  | 
+
+### Return type
+
+[**ApplicationFeature**](ApplicationFeature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UploadApplicationLogo
+
+> UploadApplicationLogo(ctx, appId).File(file).Execute()
+
+Upload a Logo
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appId := "appId_example" // string | 
+    file := os.NewFile(1234, "some_file") // *os.File | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ApplicationApi.UploadApplicationLogo(context.Background(), appId).File(file).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ApplicationApi.UploadApplicationLogo``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUploadApplicationLogoRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **file** | ***os.File** |  | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: multipart/form-data
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/ApplicationCredentials.md b/okta/docs/ApplicationCredentials.md
new file mode 100644
index 000000000..e8af5722a
--- /dev/null
+++ b/okta/docs/ApplicationCredentials.md
@@ -0,0 +1,82 @@
+# ApplicationCredentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Signing** | Pointer to [**ApplicationCredentialsSigning**](ApplicationCredentialsSigning.md) |  | [optional] 
+**UserNameTemplate** | Pointer to [**ApplicationCredentialsUsernameTemplate**](ApplicationCredentialsUsernameTemplate.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationCredentials
+
+`func NewApplicationCredentials() *ApplicationCredentials`
+
+NewApplicationCredentials instantiates a new ApplicationCredentials object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationCredentialsWithDefaults
+
+`func NewApplicationCredentialsWithDefaults() *ApplicationCredentials`
+
+NewApplicationCredentialsWithDefaults instantiates a new ApplicationCredentials object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSigning
+
+`func (o *ApplicationCredentials) GetSigning() ApplicationCredentialsSigning`
+
+GetSigning returns the Signing field if non-nil, zero value otherwise.
+
+### GetSigningOk
+
+`func (o *ApplicationCredentials) GetSigningOk() (*ApplicationCredentialsSigning, bool)`
+
+GetSigningOk returns a tuple with the Signing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSigning
+
+`func (o *ApplicationCredentials) SetSigning(v ApplicationCredentialsSigning)`
+
+SetSigning sets Signing field to given value.
+
+### HasSigning
+
+`func (o *ApplicationCredentials) HasSigning() bool`
+
+HasSigning returns a boolean if a field has been set.
+
+### GetUserNameTemplate
+
+`func (o *ApplicationCredentials) GetUserNameTemplate() ApplicationCredentialsUsernameTemplate`
+
+GetUserNameTemplate returns the UserNameTemplate field if non-nil, zero value otherwise.
+
+### GetUserNameTemplateOk
+
+`func (o *ApplicationCredentials) GetUserNameTemplateOk() (*ApplicationCredentialsUsernameTemplate, bool)`
+
+GetUserNameTemplateOk returns a tuple with the UserNameTemplate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserNameTemplate
+
+`func (o *ApplicationCredentials) SetUserNameTemplate(v ApplicationCredentialsUsernameTemplate)`
+
+SetUserNameTemplate sets UserNameTemplate field to given value.
+
+### HasUserNameTemplate
+
+`func (o *ApplicationCredentials) HasUserNameTemplate() bool`
+
+HasUserNameTemplate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationCredentialsOAuthClient.md b/okta/docs/ApplicationCredentialsOAuthClient.md
new file mode 100644
index 000000000..b0df3465c
--- /dev/null
+++ b/okta/docs/ApplicationCredentialsOAuthClient.md
@@ -0,0 +1,134 @@
+# ApplicationCredentialsOAuthClient
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AutoKeyRotation** | Pointer to **bool** |  | [optional] 
+**ClientId** | Pointer to **string** |  | [optional] 
+**ClientSecret** | Pointer to **string** |  | [optional] 
+**TokenEndpointAuthMethod** | Pointer to [**OAuthEndpointAuthenticationMethod**](OAuthEndpointAuthenticationMethod.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationCredentialsOAuthClient
+
+`func NewApplicationCredentialsOAuthClient() *ApplicationCredentialsOAuthClient`
+
+NewApplicationCredentialsOAuthClient instantiates a new ApplicationCredentialsOAuthClient object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationCredentialsOAuthClientWithDefaults
+
+`func NewApplicationCredentialsOAuthClientWithDefaults() *ApplicationCredentialsOAuthClient`
+
+NewApplicationCredentialsOAuthClientWithDefaults instantiates a new ApplicationCredentialsOAuthClient object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAutoKeyRotation
+
+`func (o *ApplicationCredentialsOAuthClient) GetAutoKeyRotation() bool`
+
+GetAutoKeyRotation returns the AutoKeyRotation field if non-nil, zero value otherwise.
+
+### GetAutoKeyRotationOk
+
+`func (o *ApplicationCredentialsOAuthClient) GetAutoKeyRotationOk() (*bool, bool)`
+
+GetAutoKeyRotationOk returns a tuple with the AutoKeyRotation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAutoKeyRotation
+
+`func (o *ApplicationCredentialsOAuthClient) SetAutoKeyRotation(v bool)`
+
+SetAutoKeyRotation sets AutoKeyRotation field to given value.
+
+### HasAutoKeyRotation
+
+`func (o *ApplicationCredentialsOAuthClient) HasAutoKeyRotation() bool`
+
+HasAutoKeyRotation returns a boolean if a field has been set.
+
+### GetClientId
+
+`func (o *ApplicationCredentialsOAuthClient) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *ApplicationCredentialsOAuthClient) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *ApplicationCredentialsOAuthClient) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *ApplicationCredentialsOAuthClient) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetClientSecret
+
+`func (o *ApplicationCredentialsOAuthClient) GetClientSecret() string`
+
+GetClientSecret returns the ClientSecret field if non-nil, zero value otherwise.
+
+### GetClientSecretOk
+
+`func (o *ApplicationCredentialsOAuthClient) GetClientSecretOk() (*string, bool)`
+
+GetClientSecretOk returns a tuple with the ClientSecret field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientSecret
+
+`func (o *ApplicationCredentialsOAuthClient) SetClientSecret(v string)`
+
+SetClientSecret sets ClientSecret field to given value.
+
+### HasClientSecret
+
+`func (o *ApplicationCredentialsOAuthClient) HasClientSecret() bool`
+
+HasClientSecret returns a boolean if a field has been set.
+
+### GetTokenEndpointAuthMethod
+
+`func (o *ApplicationCredentialsOAuthClient) GetTokenEndpointAuthMethod() OAuthEndpointAuthenticationMethod`
+
+GetTokenEndpointAuthMethod returns the TokenEndpointAuthMethod field if non-nil, zero value otherwise.
+
+### GetTokenEndpointAuthMethodOk
+
+`func (o *ApplicationCredentialsOAuthClient) GetTokenEndpointAuthMethodOk() (*OAuthEndpointAuthenticationMethod, bool)`
+
+GetTokenEndpointAuthMethodOk returns a tuple with the TokenEndpointAuthMethod field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenEndpointAuthMethod
+
+`func (o *ApplicationCredentialsOAuthClient) SetTokenEndpointAuthMethod(v OAuthEndpointAuthenticationMethod)`
+
+SetTokenEndpointAuthMethod sets TokenEndpointAuthMethod field to given value.
+
+### HasTokenEndpointAuthMethod
+
+`func (o *ApplicationCredentialsOAuthClient) HasTokenEndpointAuthMethod() bool`
+
+HasTokenEndpointAuthMethod returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationCredentialsScheme.md b/okta/docs/ApplicationCredentialsScheme.md
new file mode 100644
index 000000000..a3c671190
--- /dev/null
+++ b/okta/docs/ApplicationCredentialsScheme.md
@@ -0,0 +1,19 @@
+# ApplicationCredentialsScheme
+
+## Enum
+
+
+* `ADMIN_SETS_CREDENTIALS` (value: `"ADMIN_SETS_CREDENTIALS"`)
+
+* `EDIT_PASSWORD_ONLY` (value: `"EDIT_PASSWORD_ONLY"`)
+
+* `EDIT_USERNAME_AND_PASSWORD` (value: `"EDIT_USERNAME_AND_PASSWORD"`)
+
+* `EXTERNAL_PASSWORD_SYNC` (value: `"EXTERNAL_PASSWORD_SYNC"`)
+
+* `SHARED_USERNAME_AND_PASSWORD` (value: `"SHARED_USERNAME_AND_PASSWORD"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationCredentialsSigning.md b/okta/docs/ApplicationCredentialsSigning.md
new file mode 100644
index 000000000..0cf580ddd
--- /dev/null
+++ b/okta/docs/ApplicationCredentialsSigning.md
@@ -0,0 +1,160 @@
+# ApplicationCredentialsSigning
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Kid** | Pointer to **string** |  | [optional] 
+**LastRotated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**NextRotation** | Pointer to **time.Time** |  | [optional] [readonly] 
+**RotationMode** | Pointer to **string** |  | [optional] 
+**Use** | Pointer to [**ApplicationCredentialsSigningUse**](ApplicationCredentialsSigningUse.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationCredentialsSigning
+
+`func NewApplicationCredentialsSigning() *ApplicationCredentialsSigning`
+
+NewApplicationCredentialsSigning instantiates a new ApplicationCredentialsSigning object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationCredentialsSigningWithDefaults
+
+`func NewApplicationCredentialsSigningWithDefaults() *ApplicationCredentialsSigning`
+
+NewApplicationCredentialsSigningWithDefaults instantiates a new ApplicationCredentialsSigning object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKid
+
+`func (o *ApplicationCredentialsSigning) GetKid() string`
+
+GetKid returns the Kid field if non-nil, zero value otherwise.
+
+### GetKidOk
+
+`func (o *ApplicationCredentialsSigning) GetKidOk() (*string, bool)`
+
+GetKidOk returns a tuple with the Kid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKid
+
+`func (o *ApplicationCredentialsSigning) SetKid(v string)`
+
+SetKid sets Kid field to given value.
+
+### HasKid
+
+`func (o *ApplicationCredentialsSigning) HasKid() bool`
+
+HasKid returns a boolean if a field has been set.
+
+### GetLastRotated
+
+`func (o *ApplicationCredentialsSigning) GetLastRotated() time.Time`
+
+GetLastRotated returns the LastRotated field if non-nil, zero value otherwise.
+
+### GetLastRotatedOk
+
+`func (o *ApplicationCredentialsSigning) GetLastRotatedOk() (*time.Time, bool)`
+
+GetLastRotatedOk returns a tuple with the LastRotated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastRotated
+
+`func (o *ApplicationCredentialsSigning) SetLastRotated(v time.Time)`
+
+SetLastRotated sets LastRotated field to given value.
+
+### HasLastRotated
+
+`func (o *ApplicationCredentialsSigning) HasLastRotated() bool`
+
+HasLastRotated returns a boolean if a field has been set.
+
+### GetNextRotation
+
+`func (o *ApplicationCredentialsSigning) GetNextRotation() time.Time`
+
+GetNextRotation returns the NextRotation field if non-nil, zero value otherwise.
+
+### GetNextRotationOk
+
+`func (o *ApplicationCredentialsSigning) GetNextRotationOk() (*time.Time, bool)`
+
+GetNextRotationOk returns a tuple with the NextRotation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNextRotation
+
+`func (o *ApplicationCredentialsSigning) SetNextRotation(v time.Time)`
+
+SetNextRotation sets NextRotation field to given value.
+
+### HasNextRotation
+
+`func (o *ApplicationCredentialsSigning) HasNextRotation() bool`
+
+HasNextRotation returns a boolean if a field has been set.
+
+### GetRotationMode
+
+`func (o *ApplicationCredentialsSigning) GetRotationMode() string`
+
+GetRotationMode returns the RotationMode field if non-nil, zero value otherwise.
+
+### GetRotationModeOk
+
+`func (o *ApplicationCredentialsSigning) GetRotationModeOk() (*string, bool)`
+
+GetRotationModeOk returns a tuple with the RotationMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRotationMode
+
+`func (o *ApplicationCredentialsSigning) SetRotationMode(v string)`
+
+SetRotationMode sets RotationMode field to given value.
+
+### HasRotationMode
+
+`func (o *ApplicationCredentialsSigning) HasRotationMode() bool`
+
+HasRotationMode returns a boolean if a field has been set.
+
+### GetUse
+
+`func (o *ApplicationCredentialsSigning) GetUse() ApplicationCredentialsSigningUse`
+
+GetUse returns the Use field if non-nil, zero value otherwise.
+
+### GetUseOk
+
+`func (o *ApplicationCredentialsSigning) GetUseOk() (*ApplicationCredentialsSigningUse, bool)`
+
+GetUseOk returns a tuple with the Use field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUse
+
+`func (o *ApplicationCredentialsSigning) SetUse(v ApplicationCredentialsSigningUse)`
+
+SetUse sets Use field to given value.
+
+### HasUse
+
+`func (o *ApplicationCredentialsSigning) HasUse() bool`
+
+HasUse returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationCredentialsSigningUse.md b/okta/docs/ApplicationCredentialsSigningUse.md
new file mode 100644
index 000000000..102e7eda4
--- /dev/null
+++ b/okta/docs/ApplicationCredentialsSigningUse.md
@@ -0,0 +1,11 @@
+# ApplicationCredentialsSigningUse
+
+## Enum
+
+
+* `SIG` (value: `"sig"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationCredentialsUsernameTemplate.md b/okta/docs/ApplicationCredentialsUsernameTemplate.md
new file mode 100644
index 000000000..fcd2cc2e7
--- /dev/null
+++ b/okta/docs/ApplicationCredentialsUsernameTemplate.md
@@ -0,0 +1,134 @@
+# ApplicationCredentialsUsernameTemplate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PushStatus** | Pointer to **string** |  | [optional] 
+**Template** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+**UserSuffix** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewApplicationCredentialsUsernameTemplate
+
+`func NewApplicationCredentialsUsernameTemplate() *ApplicationCredentialsUsernameTemplate`
+
+NewApplicationCredentialsUsernameTemplate instantiates a new ApplicationCredentialsUsernameTemplate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationCredentialsUsernameTemplateWithDefaults
+
+`func NewApplicationCredentialsUsernameTemplateWithDefaults() *ApplicationCredentialsUsernameTemplate`
+
+NewApplicationCredentialsUsernameTemplateWithDefaults instantiates a new ApplicationCredentialsUsernameTemplate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPushStatus
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetPushStatus() string`
+
+GetPushStatus returns the PushStatus field if non-nil, zero value otherwise.
+
+### GetPushStatusOk
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetPushStatusOk() (*string, bool)`
+
+GetPushStatusOk returns a tuple with the PushStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPushStatus
+
+`func (o *ApplicationCredentialsUsernameTemplate) SetPushStatus(v string)`
+
+SetPushStatus sets PushStatus field to given value.
+
+### HasPushStatus
+
+`func (o *ApplicationCredentialsUsernameTemplate) HasPushStatus() bool`
+
+HasPushStatus returns a boolean if a field has been set.
+
+### GetTemplate
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetTemplate() string`
+
+GetTemplate returns the Template field if non-nil, zero value otherwise.
+
+### GetTemplateOk
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetTemplateOk() (*string, bool)`
+
+GetTemplateOk returns a tuple with the Template field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTemplate
+
+`func (o *ApplicationCredentialsUsernameTemplate) SetTemplate(v string)`
+
+SetTemplate sets Template field to given value.
+
+### HasTemplate
+
+`func (o *ApplicationCredentialsUsernameTemplate) HasTemplate() bool`
+
+HasTemplate returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ApplicationCredentialsUsernameTemplate) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *ApplicationCredentialsUsernameTemplate) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetUserSuffix
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetUserSuffix() string`
+
+GetUserSuffix returns the UserSuffix field if non-nil, zero value otherwise.
+
+### GetUserSuffixOk
+
+`func (o *ApplicationCredentialsUsernameTemplate) GetUserSuffixOk() (*string, bool)`
+
+GetUserSuffixOk returns a tuple with the UserSuffix field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserSuffix
+
+`func (o *ApplicationCredentialsUsernameTemplate) SetUserSuffix(v string)`
+
+SetUserSuffix sets UserSuffix field to given value.
+
+### HasUserSuffix
+
+`func (o *ApplicationCredentialsUsernameTemplate) HasUserSuffix() bool`
+
+HasUserSuffix returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationFeature.md b/okta/docs/ApplicationFeature.md
new file mode 100644
index 000000000..588674efa
--- /dev/null
+++ b/okta/docs/ApplicationFeature.md
@@ -0,0 +1,160 @@
+# ApplicationFeature
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Capabilities** | Pointer to [**CapabilitiesObject**](CapabilitiesObject.md) |  | [optional] 
+**Description** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to [**EnabledStatus**](EnabledStatus.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewApplicationFeature
+
+`func NewApplicationFeature() *ApplicationFeature`
+
+NewApplicationFeature instantiates a new ApplicationFeature object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationFeatureWithDefaults
+
+`func NewApplicationFeatureWithDefaults() *ApplicationFeature`
+
+NewApplicationFeatureWithDefaults instantiates a new ApplicationFeature object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCapabilities
+
+`func (o *ApplicationFeature) GetCapabilities() CapabilitiesObject`
+
+GetCapabilities returns the Capabilities field if non-nil, zero value otherwise.
+
+### GetCapabilitiesOk
+
+`func (o *ApplicationFeature) GetCapabilitiesOk() (*CapabilitiesObject, bool)`
+
+GetCapabilitiesOk returns a tuple with the Capabilities field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCapabilities
+
+`func (o *ApplicationFeature) SetCapabilities(v CapabilitiesObject)`
+
+SetCapabilities sets Capabilities field to given value.
+
+### HasCapabilities
+
+`func (o *ApplicationFeature) HasCapabilities() bool`
+
+HasCapabilities returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *ApplicationFeature) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *ApplicationFeature) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *ApplicationFeature) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *ApplicationFeature) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ApplicationFeature) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ApplicationFeature) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ApplicationFeature) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ApplicationFeature) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *ApplicationFeature) GetStatus() EnabledStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ApplicationFeature) GetStatusOk() (*EnabledStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ApplicationFeature) SetStatus(v EnabledStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ApplicationFeature) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ApplicationFeature) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ApplicationFeature) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ApplicationFeature) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ApplicationFeature) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationGroupAssignment.md b/okta/docs/ApplicationGroupAssignment.md
new file mode 100644
index 000000000..1824f8808
--- /dev/null
+++ b/okta/docs/ApplicationGroupAssignment.md
@@ -0,0 +1,186 @@
+# ApplicationGroupAssignment
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Priority** | Pointer to **int32** |  | [optional] 
+**Profile** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewApplicationGroupAssignment
+
+`func NewApplicationGroupAssignment() *ApplicationGroupAssignment`
+
+NewApplicationGroupAssignment instantiates a new ApplicationGroupAssignment object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationGroupAssignmentWithDefaults
+
+`func NewApplicationGroupAssignmentWithDefaults() *ApplicationGroupAssignment`
+
+NewApplicationGroupAssignmentWithDefaults instantiates a new ApplicationGroupAssignment object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *ApplicationGroupAssignment) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ApplicationGroupAssignment) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ApplicationGroupAssignment) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ApplicationGroupAssignment) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ApplicationGroupAssignment) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ApplicationGroupAssignment) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ApplicationGroupAssignment) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ApplicationGroupAssignment) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetPriority
+
+`func (o *ApplicationGroupAssignment) GetPriority() int32`
+
+GetPriority returns the Priority field if non-nil, zero value otherwise.
+
+### GetPriorityOk
+
+`func (o *ApplicationGroupAssignment) GetPriorityOk() (*int32, bool)`
+
+GetPriorityOk returns a tuple with the Priority field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPriority
+
+`func (o *ApplicationGroupAssignment) SetPriority(v int32)`
+
+SetPriority sets Priority field to given value.
+
+### HasPriority
+
+`func (o *ApplicationGroupAssignment) HasPriority() bool`
+
+HasPriority returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *ApplicationGroupAssignment) GetProfile() map[string]map[string]interface{}`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *ApplicationGroupAssignment) GetProfileOk() (*map[string]map[string]interface{}, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *ApplicationGroupAssignment) SetProfile(v map[string]map[string]interface{})`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *ApplicationGroupAssignment) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *ApplicationGroupAssignment) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *ApplicationGroupAssignment) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *ApplicationGroupAssignment) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *ApplicationGroupAssignment) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ApplicationGroupAssignment) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ApplicationGroupAssignment) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ApplicationGroupAssignment) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ApplicationGroupAssignment) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationLayout.md b/okta/docs/ApplicationLayout.md
new file mode 100644
index 000000000..50d374313
--- /dev/null
+++ b/okta/docs/ApplicationLayout.md
@@ -0,0 +1,186 @@
+# ApplicationLayout
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Elements** | Pointer to **[]map[string]interface{}** |  | [optional] 
+**Label** | Pointer to **string** |  | [optional] 
+**Options** | Pointer to **map[string]interface{}** |  | [optional] 
+**Rule** | Pointer to [**ApplicationLayoutRule**](ApplicationLayoutRule.md) |  | [optional] 
+**Scope** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewApplicationLayout
+
+`func NewApplicationLayout() *ApplicationLayout`
+
+NewApplicationLayout instantiates a new ApplicationLayout object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationLayoutWithDefaults
+
+`func NewApplicationLayoutWithDefaults() *ApplicationLayout`
+
+NewApplicationLayoutWithDefaults instantiates a new ApplicationLayout object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetElements
+
+`func (o *ApplicationLayout) GetElements() []map[string]interface{}`
+
+GetElements returns the Elements field if non-nil, zero value otherwise.
+
+### GetElementsOk
+
+`func (o *ApplicationLayout) GetElementsOk() (*[]map[string]interface{}, bool)`
+
+GetElementsOk returns a tuple with the Elements field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetElements
+
+`func (o *ApplicationLayout) SetElements(v []map[string]interface{})`
+
+SetElements sets Elements field to given value.
+
+### HasElements
+
+`func (o *ApplicationLayout) HasElements() bool`
+
+HasElements returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *ApplicationLayout) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *ApplicationLayout) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *ApplicationLayout) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *ApplicationLayout) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetOptions
+
+`func (o *ApplicationLayout) GetOptions() map[string]interface{}`
+
+GetOptions returns the Options field if non-nil, zero value otherwise.
+
+### GetOptionsOk
+
+`func (o *ApplicationLayout) GetOptionsOk() (*map[string]interface{}, bool)`
+
+GetOptionsOk returns a tuple with the Options field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptions
+
+`func (o *ApplicationLayout) SetOptions(v map[string]interface{})`
+
+SetOptions sets Options field to given value.
+
+### HasOptions
+
+`func (o *ApplicationLayout) HasOptions() bool`
+
+HasOptions returns a boolean if a field has been set.
+
+### GetRule
+
+`func (o *ApplicationLayout) GetRule() ApplicationLayoutRule`
+
+GetRule returns the Rule field if non-nil, zero value otherwise.
+
+### GetRuleOk
+
+`func (o *ApplicationLayout) GetRuleOk() (*ApplicationLayoutRule, bool)`
+
+GetRuleOk returns a tuple with the Rule field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRule
+
+`func (o *ApplicationLayout) SetRule(v ApplicationLayoutRule)`
+
+SetRule sets Rule field to given value.
+
+### HasRule
+
+`func (o *ApplicationLayout) HasRule() bool`
+
+HasRule returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *ApplicationLayout) GetScope() string`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *ApplicationLayout) GetScopeOk() (*string, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *ApplicationLayout) SetScope(v string)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *ApplicationLayout) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ApplicationLayout) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ApplicationLayout) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ApplicationLayout) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *ApplicationLayout) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationLayoutRule.md b/okta/docs/ApplicationLayoutRule.md
new file mode 100644
index 000000000..4b45115e8
--- /dev/null
+++ b/okta/docs/ApplicationLayoutRule.md
@@ -0,0 +1,82 @@
+# ApplicationLayoutRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Effect** | Pointer to **string** |  | [optional] 
+**Condition** | Pointer to [**ApplicationLayoutRuleCondition**](ApplicationLayoutRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationLayoutRule
+
+`func NewApplicationLayoutRule() *ApplicationLayoutRule`
+
+NewApplicationLayoutRule instantiates a new ApplicationLayoutRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationLayoutRuleWithDefaults
+
+`func NewApplicationLayoutRuleWithDefaults() *ApplicationLayoutRule`
+
+NewApplicationLayoutRuleWithDefaults instantiates a new ApplicationLayoutRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEffect
+
+`func (o *ApplicationLayoutRule) GetEffect() string`
+
+GetEffect returns the Effect field if non-nil, zero value otherwise.
+
+### GetEffectOk
+
+`func (o *ApplicationLayoutRule) GetEffectOk() (*string, bool)`
+
+GetEffectOk returns a tuple with the Effect field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEffect
+
+`func (o *ApplicationLayoutRule) SetEffect(v string)`
+
+SetEffect sets Effect field to given value.
+
+### HasEffect
+
+`func (o *ApplicationLayoutRule) HasEffect() bool`
+
+HasEffect returns a boolean if a field has been set.
+
+### GetCondition
+
+`func (o *ApplicationLayoutRule) GetCondition() ApplicationLayoutRuleCondition`
+
+GetCondition returns the Condition field if non-nil, zero value otherwise.
+
+### GetConditionOk
+
+`func (o *ApplicationLayoutRule) GetConditionOk() (*ApplicationLayoutRuleCondition, bool)`
+
+GetConditionOk returns a tuple with the Condition field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCondition
+
+`func (o *ApplicationLayoutRule) SetCondition(v ApplicationLayoutRuleCondition)`
+
+SetCondition sets Condition field to given value.
+
+### HasCondition
+
+`func (o *ApplicationLayoutRule) HasCondition() bool`
+
+HasCondition returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationLayoutRuleCondition.md b/okta/docs/ApplicationLayoutRuleCondition.md
new file mode 100644
index 000000000..93f781356
--- /dev/null
+++ b/okta/docs/ApplicationLayoutRuleCondition.md
@@ -0,0 +1,82 @@
+# ApplicationLayoutRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Schema** | Pointer to **map[string]interface{}** |  | [optional] 
+**Scope** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewApplicationLayoutRuleCondition
+
+`func NewApplicationLayoutRuleCondition() *ApplicationLayoutRuleCondition`
+
+NewApplicationLayoutRuleCondition instantiates a new ApplicationLayoutRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationLayoutRuleConditionWithDefaults
+
+`func NewApplicationLayoutRuleConditionWithDefaults() *ApplicationLayoutRuleCondition`
+
+NewApplicationLayoutRuleConditionWithDefaults instantiates a new ApplicationLayoutRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSchema
+
+`func (o *ApplicationLayoutRuleCondition) GetSchema() map[string]interface{}`
+
+GetSchema returns the Schema field if non-nil, zero value otherwise.
+
+### GetSchemaOk
+
+`func (o *ApplicationLayoutRuleCondition) GetSchemaOk() (*map[string]interface{}, bool)`
+
+GetSchemaOk returns a tuple with the Schema field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSchema
+
+`func (o *ApplicationLayoutRuleCondition) SetSchema(v map[string]interface{})`
+
+SetSchema sets Schema field to given value.
+
+### HasSchema
+
+`func (o *ApplicationLayoutRuleCondition) HasSchema() bool`
+
+HasSchema returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *ApplicationLayoutRuleCondition) GetScope() string`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *ApplicationLayoutRuleCondition) GetScopeOk() (*string, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *ApplicationLayoutRuleCondition) SetScope(v string)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *ApplicationLayoutRuleCondition) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationLicensing.md b/okta/docs/ApplicationLicensing.md
new file mode 100644
index 000000000..af9fa5c2b
--- /dev/null
+++ b/okta/docs/ApplicationLicensing.md
@@ -0,0 +1,56 @@
+# ApplicationLicensing
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SeatCount** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewApplicationLicensing
+
+`func NewApplicationLicensing() *ApplicationLicensing`
+
+NewApplicationLicensing instantiates a new ApplicationLicensing object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationLicensingWithDefaults
+
+`func NewApplicationLicensingWithDefaults() *ApplicationLicensing`
+
+NewApplicationLicensingWithDefaults instantiates a new ApplicationLicensing object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSeatCount
+
+`func (o *ApplicationLicensing) GetSeatCount() int32`
+
+GetSeatCount returns the SeatCount field if non-nil, zero value otherwise.
+
+### GetSeatCountOk
+
+`func (o *ApplicationLicensing) GetSeatCountOk() (*int32, bool)`
+
+GetSeatCountOk returns a tuple with the SeatCount field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSeatCount
+
+`func (o *ApplicationLicensing) SetSeatCount(v int32)`
+
+SetSeatCount sets SeatCount field to given value.
+
+### HasSeatCount
+
+`func (o *ApplicationLicensing) HasSeatCount() bool`
+
+HasSeatCount returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationLifecycleStatus.md b/okta/docs/ApplicationLifecycleStatus.md
new file mode 100644
index 000000000..fc6438259
--- /dev/null
+++ b/okta/docs/ApplicationLifecycleStatus.md
@@ -0,0 +1,15 @@
+# ApplicationLifecycleStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `DELETED` (value: `"DELETED"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationLinks.md b/okta/docs/ApplicationLinks.md
new file mode 100644
index 000000000..abe7587cb
--- /dev/null
+++ b/okta/docs/ApplicationLinks.md
@@ -0,0 +1,238 @@
+# ApplicationLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AccessPolicy** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Activate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Deactivate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Groups** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Logo** | Pointer to [**[]HrefObject**](HrefObject.md) |  | [optional] 
+**Metadata** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Users** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationLinks
+
+`func NewApplicationLinks() *ApplicationLinks`
+
+NewApplicationLinks instantiates a new ApplicationLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationLinksWithDefaults
+
+`func NewApplicationLinksWithDefaults() *ApplicationLinks`
+
+NewApplicationLinksWithDefaults instantiates a new ApplicationLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccessPolicy
+
+`func (o *ApplicationLinks) GetAccessPolicy() HrefObject`
+
+GetAccessPolicy returns the AccessPolicy field if non-nil, zero value otherwise.
+
+### GetAccessPolicyOk
+
+`func (o *ApplicationLinks) GetAccessPolicyOk() (*HrefObject, bool)`
+
+GetAccessPolicyOk returns a tuple with the AccessPolicy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccessPolicy
+
+`func (o *ApplicationLinks) SetAccessPolicy(v HrefObject)`
+
+SetAccessPolicy sets AccessPolicy field to given value.
+
+### HasAccessPolicy
+
+`func (o *ApplicationLinks) HasAccessPolicy() bool`
+
+HasAccessPolicy returns a boolean if a field has been set.
+
+### GetActivate
+
+`func (o *ApplicationLinks) GetActivate() HrefObject`
+
+GetActivate returns the Activate field if non-nil, zero value otherwise.
+
+### GetActivateOk
+
+`func (o *ApplicationLinks) GetActivateOk() (*HrefObject, bool)`
+
+GetActivateOk returns a tuple with the Activate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivate
+
+`func (o *ApplicationLinks) SetActivate(v HrefObject)`
+
+SetActivate sets Activate field to given value.
+
+### HasActivate
+
+`func (o *ApplicationLinks) HasActivate() bool`
+
+HasActivate returns a boolean if a field has been set.
+
+### GetDeactivate
+
+`func (o *ApplicationLinks) GetDeactivate() HrefObject`
+
+GetDeactivate returns the Deactivate field if non-nil, zero value otherwise.
+
+### GetDeactivateOk
+
+`func (o *ApplicationLinks) GetDeactivateOk() (*HrefObject, bool)`
+
+GetDeactivateOk returns a tuple with the Deactivate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeactivate
+
+`func (o *ApplicationLinks) SetDeactivate(v HrefObject)`
+
+SetDeactivate sets Deactivate field to given value.
+
+### HasDeactivate
+
+`func (o *ApplicationLinks) HasDeactivate() bool`
+
+HasDeactivate returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *ApplicationLinks) GetGroups() HrefObject`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *ApplicationLinks) GetGroupsOk() (*HrefObject, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *ApplicationLinks) SetGroups(v HrefObject)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *ApplicationLinks) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetLogo
+
+`func (o *ApplicationLinks) GetLogo() []HrefObject`
+
+GetLogo returns the Logo field if non-nil, zero value otherwise.
+
+### GetLogoOk
+
+`func (o *ApplicationLinks) GetLogoOk() (*[]HrefObject, bool)`
+
+GetLogoOk returns a tuple with the Logo field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogo
+
+`func (o *ApplicationLinks) SetLogo(v []HrefObject)`
+
+SetLogo sets Logo field to given value.
+
+### HasLogo
+
+`func (o *ApplicationLinks) HasLogo() bool`
+
+HasLogo returns a boolean if a field has been set.
+
+### GetMetadata
+
+`func (o *ApplicationLinks) GetMetadata() HrefObject`
+
+GetMetadata returns the Metadata field if non-nil, zero value otherwise.
+
+### GetMetadataOk
+
+`func (o *ApplicationLinks) GetMetadataOk() (*HrefObject, bool)`
+
+GetMetadataOk returns a tuple with the Metadata field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMetadata
+
+`func (o *ApplicationLinks) SetMetadata(v HrefObject)`
+
+SetMetadata sets Metadata field to given value.
+
+### HasMetadata
+
+`func (o *ApplicationLinks) HasMetadata() bool`
+
+HasMetadata returns a boolean if a field has been set.
+
+### GetSelf
+
+`func (o *ApplicationLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *ApplicationLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *ApplicationLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *ApplicationLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *ApplicationLinks) GetUsers() HrefObject`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *ApplicationLinks) GetUsersOk() (*HrefObject, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *ApplicationLinks) SetUsers(v HrefObject)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *ApplicationLinks) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationSettings.md b/okta/docs/ApplicationSettings.md
new file mode 100644
index 000000000..25c81d327
--- /dev/null
+++ b/okta/docs/ApplicationSettings.md
@@ -0,0 +1,160 @@
+# ApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationSettings
+
+`func NewApplicationSettings() *ApplicationSettings`
+
+NewApplicationSettings instantiates a new ApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationSettingsWithDefaults
+
+`func NewApplicationSettingsWithDefaults() *ApplicationSettings`
+
+NewApplicationSettingsWithDefaults instantiates a new ApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *ApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *ApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *ApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *ApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *ApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *ApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *ApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *ApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *ApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *ApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *ApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *ApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *ApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *ApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *ApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *ApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *ApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *ApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *ApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *ApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationSettingsNotes.md b/okta/docs/ApplicationSettingsNotes.md
new file mode 100644
index 000000000..664c437a7
--- /dev/null
+++ b/okta/docs/ApplicationSettingsNotes.md
@@ -0,0 +1,82 @@
+# ApplicationSettingsNotes
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Admin** | Pointer to **string** |  | [optional] 
+**Enduser** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewApplicationSettingsNotes
+
+`func NewApplicationSettingsNotes() *ApplicationSettingsNotes`
+
+NewApplicationSettingsNotes instantiates a new ApplicationSettingsNotes object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationSettingsNotesWithDefaults
+
+`func NewApplicationSettingsNotesWithDefaults() *ApplicationSettingsNotes`
+
+NewApplicationSettingsNotesWithDefaults instantiates a new ApplicationSettingsNotes object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAdmin
+
+`func (o *ApplicationSettingsNotes) GetAdmin() string`
+
+GetAdmin returns the Admin field if non-nil, zero value otherwise.
+
+### GetAdminOk
+
+`func (o *ApplicationSettingsNotes) GetAdminOk() (*string, bool)`
+
+GetAdminOk returns a tuple with the Admin field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAdmin
+
+`func (o *ApplicationSettingsNotes) SetAdmin(v string)`
+
+SetAdmin sets Admin field to given value.
+
+### HasAdmin
+
+`func (o *ApplicationSettingsNotes) HasAdmin() bool`
+
+HasAdmin returns a boolean if a field has been set.
+
+### GetEnduser
+
+`func (o *ApplicationSettingsNotes) GetEnduser() string`
+
+GetEnduser returns the Enduser field if non-nil, zero value otherwise.
+
+### GetEnduserOk
+
+`func (o *ApplicationSettingsNotes) GetEnduserOk() (*string, bool)`
+
+GetEnduserOk returns a tuple with the Enduser field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnduser
+
+`func (o *ApplicationSettingsNotes) SetEnduser(v string)`
+
+SetEnduser sets Enduser field to given value.
+
+### HasEnduser
+
+`func (o *ApplicationSettingsNotes) HasEnduser() bool`
+
+HasEnduser returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationSettingsNotifications.md b/okta/docs/ApplicationSettingsNotifications.md
new file mode 100644
index 000000000..c3c44bbce
--- /dev/null
+++ b/okta/docs/ApplicationSettingsNotifications.md
@@ -0,0 +1,56 @@
+# ApplicationSettingsNotifications
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Vpn** | Pointer to [**ApplicationSettingsNotificationsVpn**](ApplicationSettingsNotificationsVpn.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationSettingsNotifications
+
+`func NewApplicationSettingsNotifications() *ApplicationSettingsNotifications`
+
+NewApplicationSettingsNotifications instantiates a new ApplicationSettingsNotifications object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationSettingsNotificationsWithDefaults
+
+`func NewApplicationSettingsNotificationsWithDefaults() *ApplicationSettingsNotifications`
+
+NewApplicationSettingsNotificationsWithDefaults instantiates a new ApplicationSettingsNotifications object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetVpn
+
+`func (o *ApplicationSettingsNotifications) GetVpn() ApplicationSettingsNotificationsVpn`
+
+GetVpn returns the Vpn field if non-nil, zero value otherwise.
+
+### GetVpnOk
+
+`func (o *ApplicationSettingsNotifications) GetVpnOk() (*ApplicationSettingsNotificationsVpn, bool)`
+
+GetVpnOk returns a tuple with the Vpn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVpn
+
+`func (o *ApplicationSettingsNotifications) SetVpn(v ApplicationSettingsNotificationsVpn)`
+
+SetVpn sets Vpn field to given value.
+
+### HasVpn
+
+`func (o *ApplicationSettingsNotifications) HasVpn() bool`
+
+HasVpn returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationSettingsNotificationsVpn.md b/okta/docs/ApplicationSettingsNotificationsVpn.md
new file mode 100644
index 000000000..00f40724c
--- /dev/null
+++ b/okta/docs/ApplicationSettingsNotificationsVpn.md
@@ -0,0 +1,108 @@
+# ApplicationSettingsNotificationsVpn
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**HelpUrl** | Pointer to **string** |  | [optional] 
+**Message** | Pointer to **string** |  | [optional] 
+**Network** | Pointer to [**ApplicationSettingsNotificationsVpnNetwork**](ApplicationSettingsNotificationsVpnNetwork.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationSettingsNotificationsVpn
+
+`func NewApplicationSettingsNotificationsVpn() *ApplicationSettingsNotificationsVpn`
+
+NewApplicationSettingsNotificationsVpn instantiates a new ApplicationSettingsNotificationsVpn object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationSettingsNotificationsVpnWithDefaults
+
+`func NewApplicationSettingsNotificationsVpnWithDefaults() *ApplicationSettingsNotificationsVpn`
+
+NewApplicationSettingsNotificationsVpnWithDefaults instantiates a new ApplicationSettingsNotificationsVpn object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetHelpUrl
+
+`func (o *ApplicationSettingsNotificationsVpn) GetHelpUrl() string`
+
+GetHelpUrl returns the HelpUrl field if non-nil, zero value otherwise.
+
+### GetHelpUrlOk
+
+`func (o *ApplicationSettingsNotificationsVpn) GetHelpUrlOk() (*string, bool)`
+
+GetHelpUrlOk returns a tuple with the HelpUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHelpUrl
+
+`func (o *ApplicationSettingsNotificationsVpn) SetHelpUrl(v string)`
+
+SetHelpUrl sets HelpUrl field to given value.
+
+### HasHelpUrl
+
+`func (o *ApplicationSettingsNotificationsVpn) HasHelpUrl() bool`
+
+HasHelpUrl returns a boolean if a field has been set.
+
+### GetMessage
+
+`func (o *ApplicationSettingsNotificationsVpn) GetMessage() string`
+
+GetMessage returns the Message field if non-nil, zero value otherwise.
+
+### GetMessageOk
+
+`func (o *ApplicationSettingsNotificationsVpn) GetMessageOk() (*string, bool)`
+
+GetMessageOk returns a tuple with the Message field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMessage
+
+`func (o *ApplicationSettingsNotificationsVpn) SetMessage(v string)`
+
+SetMessage sets Message field to given value.
+
+### HasMessage
+
+`func (o *ApplicationSettingsNotificationsVpn) HasMessage() bool`
+
+HasMessage returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *ApplicationSettingsNotificationsVpn) GetNetwork() ApplicationSettingsNotificationsVpnNetwork`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *ApplicationSettingsNotificationsVpn) GetNetworkOk() (*ApplicationSettingsNotificationsVpnNetwork, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *ApplicationSettingsNotificationsVpn) SetNetwork(v ApplicationSettingsNotificationsVpnNetwork)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *ApplicationSettingsNotificationsVpn) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationSettingsNotificationsVpnNetwork.md b/okta/docs/ApplicationSettingsNotificationsVpnNetwork.md
new file mode 100644
index 000000000..a043d3d3c
--- /dev/null
+++ b/okta/docs/ApplicationSettingsNotificationsVpnNetwork.md
@@ -0,0 +1,108 @@
+# ApplicationSettingsNotificationsVpnNetwork
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Connection** | Pointer to **string** |  | [optional] 
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewApplicationSettingsNotificationsVpnNetwork
+
+`func NewApplicationSettingsNotificationsVpnNetwork() *ApplicationSettingsNotificationsVpnNetwork`
+
+NewApplicationSettingsNotificationsVpnNetwork instantiates a new ApplicationSettingsNotificationsVpnNetwork object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationSettingsNotificationsVpnNetworkWithDefaults
+
+`func NewApplicationSettingsNotificationsVpnNetworkWithDefaults() *ApplicationSettingsNotificationsVpnNetwork`
+
+NewApplicationSettingsNotificationsVpnNetworkWithDefaults instantiates a new ApplicationSettingsNotificationsVpnNetwork object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConnection
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) GetConnection() string`
+
+GetConnection returns the Connection field if non-nil, zero value otherwise.
+
+### GetConnectionOk
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) GetConnectionOk() (*string, bool)`
+
+GetConnectionOk returns a tuple with the Connection field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConnection
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) SetConnection(v string)`
+
+SetConnection sets Connection field to given value.
+
+### HasConnection
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) HasConnection() bool`
+
+HasConnection returns a boolean if a field has been set.
+
+### GetExclude
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *ApplicationSettingsNotificationsVpnNetwork) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationSignOnMode.md b/okta/docs/ApplicationSignOnMode.md
new file mode 100644
index 000000000..c82f56c3b
--- /dev/null
+++ b/okta/docs/ApplicationSignOnMode.md
@@ -0,0 +1,27 @@
+# ApplicationSignOnMode
+
+## Enum
+
+
+* `AUTO_LOGIN` (value: `"AUTO_LOGIN"`)
+
+* `BASIC_AUTH` (value: `"BASIC_AUTH"`)
+
+* `BOOKMARK` (value: `"BOOKMARK"`)
+
+* `BROWSER_PLUGIN` (value: `"BROWSER_PLUGIN"`)
+
+* `OPENID_CONNECT` (value: `"OPENID_CONNECT"`)
+
+* `SAML_1_1` (value: `"SAML_1_1"`)
+
+* `SAML_2_0` (value: `"SAML_2_0"`)
+
+* `SECURE_PASSWORD_STORE` (value: `"SECURE_PASSWORD_STORE"`)
+
+* `WS_FEDERATION` (value: `"WS_FEDERATION"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationVisibility.md b/okta/docs/ApplicationVisibility.md
new file mode 100644
index 000000000..4b263a0ee
--- /dev/null
+++ b/okta/docs/ApplicationVisibility.md
@@ -0,0 +1,134 @@
+# ApplicationVisibility
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AppLinks** | Pointer to **map[string]bool** |  | [optional] 
+**AutoLaunch** | Pointer to **bool** |  | [optional] 
+**AutoSubmitToolbar** | Pointer to **bool** |  | [optional] 
+**Hide** | Pointer to [**ApplicationVisibilityHide**](ApplicationVisibilityHide.md) |  | [optional] 
+
+## Methods
+
+### NewApplicationVisibility
+
+`func NewApplicationVisibility() *ApplicationVisibility`
+
+NewApplicationVisibility instantiates a new ApplicationVisibility object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationVisibilityWithDefaults
+
+`func NewApplicationVisibilityWithDefaults() *ApplicationVisibility`
+
+NewApplicationVisibilityWithDefaults instantiates a new ApplicationVisibility object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAppLinks
+
+`func (o *ApplicationVisibility) GetAppLinks() map[string]bool`
+
+GetAppLinks returns the AppLinks field if non-nil, zero value otherwise.
+
+### GetAppLinksOk
+
+`func (o *ApplicationVisibility) GetAppLinksOk() (*map[string]bool, bool)`
+
+GetAppLinksOk returns a tuple with the AppLinks field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppLinks
+
+`func (o *ApplicationVisibility) SetAppLinks(v map[string]bool)`
+
+SetAppLinks sets AppLinks field to given value.
+
+### HasAppLinks
+
+`func (o *ApplicationVisibility) HasAppLinks() bool`
+
+HasAppLinks returns a boolean if a field has been set.
+
+### GetAutoLaunch
+
+`func (o *ApplicationVisibility) GetAutoLaunch() bool`
+
+GetAutoLaunch returns the AutoLaunch field if non-nil, zero value otherwise.
+
+### GetAutoLaunchOk
+
+`func (o *ApplicationVisibility) GetAutoLaunchOk() (*bool, bool)`
+
+GetAutoLaunchOk returns a tuple with the AutoLaunch field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAutoLaunch
+
+`func (o *ApplicationVisibility) SetAutoLaunch(v bool)`
+
+SetAutoLaunch sets AutoLaunch field to given value.
+
+### HasAutoLaunch
+
+`func (o *ApplicationVisibility) HasAutoLaunch() bool`
+
+HasAutoLaunch returns a boolean if a field has been set.
+
+### GetAutoSubmitToolbar
+
+`func (o *ApplicationVisibility) GetAutoSubmitToolbar() bool`
+
+GetAutoSubmitToolbar returns the AutoSubmitToolbar field if non-nil, zero value otherwise.
+
+### GetAutoSubmitToolbarOk
+
+`func (o *ApplicationVisibility) GetAutoSubmitToolbarOk() (*bool, bool)`
+
+GetAutoSubmitToolbarOk returns a tuple with the AutoSubmitToolbar field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAutoSubmitToolbar
+
+`func (o *ApplicationVisibility) SetAutoSubmitToolbar(v bool)`
+
+SetAutoSubmitToolbar sets AutoSubmitToolbar field to given value.
+
+### HasAutoSubmitToolbar
+
+`func (o *ApplicationVisibility) HasAutoSubmitToolbar() bool`
+
+HasAutoSubmitToolbar returns a boolean if a field has been set.
+
+### GetHide
+
+`func (o *ApplicationVisibility) GetHide() ApplicationVisibilityHide`
+
+GetHide returns the Hide field if non-nil, zero value otherwise.
+
+### GetHideOk
+
+`func (o *ApplicationVisibility) GetHideOk() (*ApplicationVisibilityHide, bool)`
+
+GetHideOk returns a tuple with the Hide field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHide
+
+`func (o *ApplicationVisibility) SetHide(v ApplicationVisibilityHide)`
+
+SetHide sets Hide field to given value.
+
+### HasHide
+
+`func (o *ApplicationVisibility) HasHide() bool`
+
+HasHide returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ApplicationVisibilityHide.md b/okta/docs/ApplicationVisibilityHide.md
new file mode 100644
index 000000000..dfacec929
--- /dev/null
+++ b/okta/docs/ApplicationVisibilityHide.md
@@ -0,0 +1,82 @@
+# ApplicationVisibilityHide
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IOS** | Pointer to **bool** |  | [optional] 
+**Web** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewApplicationVisibilityHide
+
+`func NewApplicationVisibilityHide() *ApplicationVisibilityHide`
+
+NewApplicationVisibilityHide instantiates a new ApplicationVisibilityHide object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewApplicationVisibilityHideWithDefaults
+
+`func NewApplicationVisibilityHideWithDefaults() *ApplicationVisibilityHide`
+
+NewApplicationVisibilityHideWithDefaults instantiates a new ApplicationVisibilityHide object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIOS
+
+`func (o *ApplicationVisibilityHide) GetIOS() bool`
+
+GetIOS returns the IOS field if non-nil, zero value otherwise.
+
+### GetIOSOk
+
+`func (o *ApplicationVisibilityHide) GetIOSOk() (*bool, bool)`
+
+GetIOSOk returns a tuple with the IOS field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIOS
+
+`func (o *ApplicationVisibilityHide) SetIOS(v bool)`
+
+SetIOS sets IOS field to given value.
+
+### HasIOS
+
+`func (o *ApplicationVisibilityHide) HasIOS() bool`
+
+HasIOS returns a boolean if a field has been set.
+
+### GetWeb
+
+`func (o *ApplicationVisibilityHide) GetWeb() bool`
+
+GetWeb returns the Web field if non-nil, zero value otherwise.
+
+### GetWebOk
+
+`func (o *ApplicationVisibilityHide) GetWebOk() (*bool, bool)`
+
+GetWebOk returns a tuple with the Web field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWeb
+
+`func (o *ApplicationVisibilityHide) SetWeb(v bool)`
+
+SetWeb sets Web field to given value.
+
+### HasWeb
+
+`func (o *ApplicationVisibilityHide) HasWeb() bool`
+
+HasWeb returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AssignRoleRequest.md b/okta/docs/AssignRoleRequest.md
new file mode 100644
index 000000000..61c0dba52
--- /dev/null
+++ b/okta/docs/AssignRoleRequest.md
@@ -0,0 +1,56 @@
+# AssignRoleRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | Pointer to [**RoleType**](RoleType.md) |  | [optional] 
+
+## Methods
+
+### NewAssignRoleRequest
+
+`func NewAssignRoleRequest() *AssignRoleRequest`
+
+NewAssignRoleRequest instantiates a new AssignRoleRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAssignRoleRequestWithDefaults
+
+`func NewAssignRoleRequestWithDefaults() *AssignRoleRequest`
+
+NewAssignRoleRequestWithDefaults instantiates a new AssignRoleRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *AssignRoleRequest) GetType() RoleType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *AssignRoleRequest) GetTypeOk() (*RoleType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *AssignRoleRequest) SetType(v RoleType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *AssignRoleRequest) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AttackProtectionApi.md b/okta/docs/AttackProtectionApi.md
new file mode 100644
index 000000000..813d9b54b
--- /dev/null
+++ b/okta/docs/AttackProtectionApi.md
@@ -0,0 +1,137 @@
+# \AttackProtectionApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetUserLockoutSettings**](AttackProtectionApi.md#GetUserLockoutSettings) | **Get** /attack-protection/api/v1/user-lockout-settings | Retrieve the User Lockout Settings
+[**ReplaceUserLockoutSettings**](AttackProtectionApi.md#ReplaceUserLockoutSettings) | **Put** /attack-protection/api/v1/user-lockout-settings | Replace the User Lockout Settings
+
+
+
+## GetUserLockoutSettings
+
+> []UserLockoutSettings GetUserLockoutSettings(ctx).Execute()
+
+Retrieve the User Lockout Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AttackProtectionApi.GetUserLockoutSettings(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AttackProtectionApi.GetUserLockoutSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetUserLockoutSettings`: []UserLockoutSettings
+    fmt.Fprintf(os.Stdout, "Response from `AttackProtectionApi.GetUserLockoutSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetUserLockoutSettingsRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]UserLockoutSettings**](UserLockoutSettings.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceUserLockoutSettings
+
+> UserLockoutSettings ReplaceUserLockoutSettings(ctx).LockoutSettings(lockoutSettings).Execute()
+
+Replace the User Lockout Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    lockoutSettings := *openapiclient.NewUserLockoutSettings() // UserLockoutSettings | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AttackProtectionApi.ReplaceUserLockoutSettings(context.Background()).LockoutSettings(lockoutSettings).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AttackProtectionApi.ReplaceUserLockoutSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceUserLockoutSettings`: UserLockoutSettings
+    fmt.Fprintf(os.Stdout, "Response from `AttackProtectionApi.ReplaceUserLockoutSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceUserLockoutSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **lockoutSettings** | [**UserLockoutSettings**](UserLockoutSettings.md) |  | 
+
+### Return type
+
+[**UserLockoutSettings**](UserLockoutSettings.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/AuthenticationProvider.md b/okta/docs/AuthenticationProvider.md
new file mode 100644
index 000000000..c6a96839d
--- /dev/null
+++ b/okta/docs/AuthenticationProvider.md
@@ -0,0 +1,82 @@
+# AuthenticationProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Name** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**AuthenticationProviderType**](AuthenticationProviderType.md) |  | [optional] 
+
+## Methods
+
+### NewAuthenticationProvider
+
+`func NewAuthenticationProvider() *AuthenticationProvider`
+
+NewAuthenticationProvider instantiates a new AuthenticationProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthenticationProviderWithDefaults
+
+`func NewAuthenticationProviderWithDefaults() *AuthenticationProvider`
+
+NewAuthenticationProviderWithDefaults instantiates a new AuthenticationProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetName
+
+`func (o *AuthenticationProvider) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AuthenticationProvider) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AuthenticationProvider) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *AuthenticationProvider) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *AuthenticationProvider) GetType() AuthenticationProviderType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *AuthenticationProvider) GetTypeOk() (*AuthenticationProviderType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *AuthenticationProvider) SetType(v AuthenticationProviderType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *AuthenticationProvider) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthenticationProviderType.md b/okta/docs/AuthenticationProviderType.md
new file mode 100644
index 000000000..72c072659
--- /dev/null
+++ b/okta/docs/AuthenticationProviderType.md
@@ -0,0 +1,21 @@
+# AuthenticationProviderType
+
+## Enum
+
+
+* `ACTIVE_DIRECTORY` (value: `"ACTIVE_DIRECTORY"`)
+
+* `FEDERATION` (value: `"FEDERATION"`)
+
+* `IMPORT` (value: `"IMPORT"`)
+
+* `LDAP` (value: `"LDAP"`)
+
+* `OKTA` (value: `"OKTA"`)
+
+* `SOCIAL` (value: `"SOCIAL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Authenticator.md b/okta/docs/Authenticator.md
new file mode 100644
index 000000000..018b26252
--- /dev/null
+++ b/okta/docs/Authenticator.md
@@ -0,0 +1,290 @@
+# Authenticator
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Key** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Provider** | Pointer to [**AuthenticatorProvider**](AuthenticatorProvider.md) |  | [optional] 
+**Settings** | Pointer to [**AuthenticatorSettings**](AuthenticatorSettings.md) |  | [optional] 
+**Status** | Pointer to [**AuthenticatorStatus**](AuthenticatorStatus.md) |  | [optional] 
+**Type** | Pointer to [**AuthenticatorType**](AuthenticatorType.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewAuthenticator
+
+`func NewAuthenticator() *Authenticator`
+
+NewAuthenticator instantiates a new Authenticator object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthenticatorWithDefaults
+
+`func NewAuthenticatorWithDefaults() *Authenticator`
+
+NewAuthenticatorWithDefaults instantiates a new Authenticator object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *Authenticator) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Authenticator) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Authenticator) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Authenticator) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Authenticator) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Authenticator) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Authenticator) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Authenticator) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetKey
+
+`func (o *Authenticator) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *Authenticator) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *Authenticator) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *Authenticator) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *Authenticator) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *Authenticator) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *Authenticator) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *Authenticator) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *Authenticator) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *Authenticator) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *Authenticator) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *Authenticator) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetProvider
+
+`func (o *Authenticator) GetProvider() AuthenticatorProvider`
+
+GetProvider returns the Provider field if non-nil, zero value otherwise.
+
+### GetProviderOk
+
+`func (o *Authenticator) GetProviderOk() (*AuthenticatorProvider, bool)`
+
+GetProviderOk returns a tuple with the Provider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvider
+
+`func (o *Authenticator) SetProvider(v AuthenticatorProvider)`
+
+SetProvider sets Provider field to given value.
+
+### HasProvider
+
+`func (o *Authenticator) HasProvider() bool`
+
+HasProvider returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *Authenticator) GetSettings() AuthenticatorSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *Authenticator) GetSettingsOk() (*AuthenticatorSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *Authenticator) SetSettings(v AuthenticatorSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *Authenticator) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Authenticator) GetStatus() AuthenticatorStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Authenticator) GetStatusOk() (*AuthenticatorStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Authenticator) SetStatus(v AuthenticatorStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Authenticator) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *Authenticator) GetType() AuthenticatorType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *Authenticator) GetTypeOk() (*AuthenticatorType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *Authenticator) SetType(v AuthenticatorType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *Authenticator) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Authenticator) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Authenticator) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Authenticator) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Authenticator) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthenticatorApi.md b/okta/docs/AuthenticatorApi.md
new file mode 100644
index 000000000..aa8a426c4
--- /dev/null
+++ b/okta/docs/AuthenticatorApi.md
@@ -0,0 +1,425 @@
+# \AuthenticatorApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateAuthenticator**](AuthenticatorApi.md#ActivateAuthenticator) | **Post** /api/v1/authenticators/{authenticatorId}/lifecycle/activate | Activate an Authenticator
+[**CreateAuthenticator**](AuthenticatorApi.md#CreateAuthenticator) | **Post** /api/v1/authenticators | Create an Authenticator
+[**DeactivateAuthenticator**](AuthenticatorApi.md#DeactivateAuthenticator) | **Post** /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate | Deactivate an Authenticator
+[**GetAuthenticator**](AuthenticatorApi.md#GetAuthenticator) | **Get** /api/v1/authenticators/{authenticatorId} | Retrieve an Authenticator
+[**ListAuthenticators**](AuthenticatorApi.md#ListAuthenticators) | **Get** /api/v1/authenticators | List all Authenticators
+[**ReplaceAuthenticator**](AuthenticatorApi.md#ReplaceAuthenticator) | **Put** /api/v1/authenticators/{authenticatorId} | Replace an Authenticator
+
+
+
+## ActivateAuthenticator
+
+> Authenticator ActivateAuthenticator(ctx, authenticatorId).Execute()
+
+Activate an Authenticator
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authenticatorId := "authenticatorId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthenticatorApi.ActivateAuthenticator(context.Background(), authenticatorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthenticatorApi.ActivateAuthenticator``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateAuthenticator`: Authenticator
+    fmt.Fprintf(os.Stdout, "Response from `AuthenticatorApi.ActivateAuthenticator`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authenticatorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateAuthenticatorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Authenticator**](Authenticator.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateAuthenticator
+
+> Authenticator CreateAuthenticator(ctx).Authenticator(authenticator).Activate(activate).Execute()
+
+Create an Authenticator
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authenticator := *openapiclient.NewAuthenticator() // Authenticator | 
+    activate := true // bool | Whether to execute the activation lifecycle operation when Okta creates the authenticator (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthenticatorApi.CreateAuthenticator(context.Background()).Authenticator(authenticator).Activate(activate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthenticatorApi.CreateAuthenticator``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateAuthenticator`: Authenticator
+    fmt.Fprintf(os.Stdout, "Response from `AuthenticatorApi.CreateAuthenticator`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateAuthenticatorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **authenticator** | [**Authenticator**](Authenticator.md) |  | 
+ **activate** | **bool** | Whether to execute the activation lifecycle operation when Okta creates the authenticator | [default to false]
+
+### Return type
+
+[**Authenticator**](Authenticator.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateAuthenticator
+
+> Authenticator DeactivateAuthenticator(ctx, authenticatorId).Execute()
+
+Deactivate an Authenticator
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authenticatorId := "authenticatorId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthenticatorApi.DeactivateAuthenticator(context.Background(), authenticatorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthenticatorApi.DeactivateAuthenticator``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateAuthenticator`: Authenticator
+    fmt.Fprintf(os.Stdout, "Response from `AuthenticatorApi.DeactivateAuthenticator`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authenticatorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateAuthenticatorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Authenticator**](Authenticator.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetAuthenticator
+
+> Authenticator GetAuthenticator(ctx, authenticatorId).Execute()
+
+Retrieve an Authenticator
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authenticatorId := "authenticatorId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthenticatorApi.GetAuthenticator(context.Background(), authenticatorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthenticatorApi.GetAuthenticator``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetAuthenticator`: Authenticator
+    fmt.Fprintf(os.Stdout, "Response from `AuthenticatorApi.GetAuthenticator`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authenticatorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetAuthenticatorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Authenticator**](Authenticator.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAuthenticators
+
+> []Authenticator ListAuthenticators(ctx).Execute()
+
+List all Authenticators
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthenticatorApi.ListAuthenticators(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthenticatorApi.ListAuthenticators``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAuthenticators`: []Authenticator
+    fmt.Fprintf(os.Stdout, "Response from `AuthenticatorApi.ListAuthenticators`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAuthenticatorsRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]Authenticator**](Authenticator.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceAuthenticator
+
+> Authenticator ReplaceAuthenticator(ctx, authenticatorId).Authenticator(authenticator).Execute()
+
+Replace an Authenticator
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authenticatorId := "authenticatorId_example" // string | 
+    authenticator := *openapiclient.NewAuthenticator() // Authenticator | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthenticatorApi.ReplaceAuthenticator(context.Background(), authenticatorId).Authenticator(authenticator).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthenticatorApi.ReplaceAuthenticator``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceAuthenticator`: Authenticator
+    fmt.Fprintf(os.Stdout, "Response from `AuthenticatorApi.ReplaceAuthenticator`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authenticatorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceAuthenticatorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **authenticator** | [**Authenticator**](Authenticator.md) |  | 
+
+### Return type
+
+[**Authenticator**](Authenticator.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/AuthenticatorProvider.md b/okta/docs/AuthenticatorProvider.md
new file mode 100644
index 000000000..625fb470e
--- /dev/null
+++ b/okta/docs/AuthenticatorProvider.md
@@ -0,0 +1,82 @@
+# AuthenticatorProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Configuration** | Pointer to [**AuthenticatorProviderConfiguration**](AuthenticatorProviderConfiguration.md) |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAuthenticatorProvider
+
+`func NewAuthenticatorProvider() *AuthenticatorProvider`
+
+NewAuthenticatorProvider instantiates a new AuthenticatorProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthenticatorProviderWithDefaults
+
+`func NewAuthenticatorProviderWithDefaults() *AuthenticatorProvider`
+
+NewAuthenticatorProviderWithDefaults instantiates a new AuthenticatorProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfiguration
+
+`func (o *AuthenticatorProvider) GetConfiguration() AuthenticatorProviderConfiguration`
+
+GetConfiguration returns the Configuration field if non-nil, zero value otherwise.
+
+### GetConfigurationOk
+
+`func (o *AuthenticatorProvider) GetConfigurationOk() (*AuthenticatorProviderConfiguration, bool)`
+
+GetConfigurationOk returns a tuple with the Configuration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfiguration
+
+`func (o *AuthenticatorProvider) SetConfiguration(v AuthenticatorProviderConfiguration)`
+
+SetConfiguration sets Configuration field to given value.
+
+### HasConfiguration
+
+`func (o *AuthenticatorProvider) HasConfiguration() bool`
+
+HasConfiguration returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *AuthenticatorProvider) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *AuthenticatorProvider) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *AuthenticatorProvider) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *AuthenticatorProvider) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthenticatorProviderConfiguration.md b/okta/docs/AuthenticatorProviderConfiguration.md
new file mode 100644
index 000000000..8ad8d6068
--- /dev/null
+++ b/okta/docs/AuthenticatorProviderConfiguration.md
@@ -0,0 +1,160 @@
+# AuthenticatorProviderConfiguration
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthPort** | Pointer to **int32** |  | [optional] 
+**HostName** | Pointer to **string** |  | [optional] 
+**InstanceId** | Pointer to **string** |  | [optional] 
+**SharedSecret** | Pointer to **string** |  | [optional] 
+**UserNameTemplate** | Pointer to [**AuthenticatorProviderConfigurationUserNameTemplate**](AuthenticatorProviderConfigurationUserNameTemplate.md) |  | [optional] 
+
+## Methods
+
+### NewAuthenticatorProviderConfiguration
+
+`func NewAuthenticatorProviderConfiguration() *AuthenticatorProviderConfiguration`
+
+NewAuthenticatorProviderConfiguration instantiates a new AuthenticatorProviderConfiguration object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthenticatorProviderConfigurationWithDefaults
+
+`func NewAuthenticatorProviderConfigurationWithDefaults() *AuthenticatorProviderConfiguration`
+
+NewAuthenticatorProviderConfigurationWithDefaults instantiates a new AuthenticatorProviderConfiguration object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthPort
+
+`func (o *AuthenticatorProviderConfiguration) GetAuthPort() int32`
+
+GetAuthPort returns the AuthPort field if non-nil, zero value otherwise.
+
+### GetAuthPortOk
+
+`func (o *AuthenticatorProviderConfiguration) GetAuthPortOk() (*int32, bool)`
+
+GetAuthPortOk returns a tuple with the AuthPort field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthPort
+
+`func (o *AuthenticatorProviderConfiguration) SetAuthPort(v int32)`
+
+SetAuthPort sets AuthPort field to given value.
+
+### HasAuthPort
+
+`func (o *AuthenticatorProviderConfiguration) HasAuthPort() bool`
+
+HasAuthPort returns a boolean if a field has been set.
+
+### GetHostName
+
+`func (o *AuthenticatorProviderConfiguration) GetHostName() string`
+
+GetHostName returns the HostName field if non-nil, zero value otherwise.
+
+### GetHostNameOk
+
+`func (o *AuthenticatorProviderConfiguration) GetHostNameOk() (*string, bool)`
+
+GetHostNameOk returns a tuple with the HostName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHostName
+
+`func (o *AuthenticatorProviderConfiguration) SetHostName(v string)`
+
+SetHostName sets HostName field to given value.
+
+### HasHostName
+
+`func (o *AuthenticatorProviderConfiguration) HasHostName() bool`
+
+HasHostName returns a boolean if a field has been set.
+
+### GetInstanceId
+
+`func (o *AuthenticatorProviderConfiguration) GetInstanceId() string`
+
+GetInstanceId returns the InstanceId field if non-nil, zero value otherwise.
+
+### GetInstanceIdOk
+
+`func (o *AuthenticatorProviderConfiguration) GetInstanceIdOk() (*string, bool)`
+
+GetInstanceIdOk returns a tuple with the InstanceId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInstanceId
+
+`func (o *AuthenticatorProviderConfiguration) SetInstanceId(v string)`
+
+SetInstanceId sets InstanceId field to given value.
+
+### HasInstanceId
+
+`func (o *AuthenticatorProviderConfiguration) HasInstanceId() bool`
+
+HasInstanceId returns a boolean if a field has been set.
+
+### GetSharedSecret
+
+`func (o *AuthenticatorProviderConfiguration) GetSharedSecret() string`
+
+GetSharedSecret returns the SharedSecret field if non-nil, zero value otherwise.
+
+### GetSharedSecretOk
+
+`func (o *AuthenticatorProviderConfiguration) GetSharedSecretOk() (*string, bool)`
+
+GetSharedSecretOk returns a tuple with the SharedSecret field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSharedSecret
+
+`func (o *AuthenticatorProviderConfiguration) SetSharedSecret(v string)`
+
+SetSharedSecret sets SharedSecret field to given value.
+
+### HasSharedSecret
+
+`func (o *AuthenticatorProviderConfiguration) HasSharedSecret() bool`
+
+HasSharedSecret returns a boolean if a field has been set.
+
+### GetUserNameTemplate
+
+`func (o *AuthenticatorProviderConfiguration) GetUserNameTemplate() AuthenticatorProviderConfigurationUserNameTemplate`
+
+GetUserNameTemplate returns the UserNameTemplate field if non-nil, zero value otherwise.
+
+### GetUserNameTemplateOk
+
+`func (o *AuthenticatorProviderConfiguration) GetUserNameTemplateOk() (*AuthenticatorProviderConfigurationUserNameTemplate, bool)`
+
+GetUserNameTemplateOk returns a tuple with the UserNameTemplate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserNameTemplate
+
+`func (o *AuthenticatorProviderConfiguration) SetUserNameTemplate(v AuthenticatorProviderConfigurationUserNameTemplate)`
+
+SetUserNameTemplate sets UserNameTemplate field to given value.
+
+### HasUserNameTemplate
+
+`func (o *AuthenticatorProviderConfiguration) HasUserNameTemplate() bool`
+
+HasUserNameTemplate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthenticatorProviderConfigurationUserNameTemplate.md b/okta/docs/AuthenticatorProviderConfigurationUserNameTemplate.md
new file mode 100644
index 000000000..2a2ca67d5
--- /dev/null
+++ b/okta/docs/AuthenticatorProviderConfigurationUserNameTemplate.md
@@ -0,0 +1,56 @@
+# AuthenticatorProviderConfigurationUserNameTemplate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Template** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAuthenticatorProviderConfigurationUserNameTemplate
+
+`func NewAuthenticatorProviderConfigurationUserNameTemplate() *AuthenticatorProviderConfigurationUserNameTemplate`
+
+NewAuthenticatorProviderConfigurationUserNameTemplate instantiates a new AuthenticatorProviderConfigurationUserNameTemplate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthenticatorProviderConfigurationUserNameTemplateWithDefaults
+
+`func NewAuthenticatorProviderConfigurationUserNameTemplateWithDefaults() *AuthenticatorProviderConfigurationUserNameTemplate`
+
+NewAuthenticatorProviderConfigurationUserNameTemplateWithDefaults instantiates a new AuthenticatorProviderConfigurationUserNameTemplate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetTemplate
+
+`func (o *AuthenticatorProviderConfigurationUserNameTemplate) GetTemplate() string`
+
+GetTemplate returns the Template field if non-nil, zero value otherwise.
+
+### GetTemplateOk
+
+`func (o *AuthenticatorProviderConfigurationUserNameTemplate) GetTemplateOk() (*string, bool)`
+
+GetTemplateOk returns a tuple with the Template field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTemplate
+
+`func (o *AuthenticatorProviderConfigurationUserNameTemplate) SetTemplate(v string)`
+
+SetTemplate sets Template field to given value.
+
+### HasTemplate
+
+`func (o *AuthenticatorProviderConfigurationUserNameTemplate) HasTemplate() bool`
+
+HasTemplate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthenticatorSettings.md b/okta/docs/AuthenticatorSettings.md
new file mode 100644
index 000000000..3712f5a4b
--- /dev/null
+++ b/okta/docs/AuthenticatorSettings.md
@@ -0,0 +1,186 @@
+# AuthenticatorSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllowedFor** | Pointer to [**AllowedForEnum**](AllowedForEnum.md) |  | [optional] 
+**AppInstanceId** | Pointer to **string** |  | [optional] 
+**ChannelBinding** | Pointer to [**ChannelBinding**](ChannelBinding.md) |  | [optional] 
+**Compliance** | Pointer to [**Compliance**](Compliance.md) |  | [optional] 
+**TokenLifetimeInMinutes** | Pointer to **int32** |  | [optional] 
+**UserVerification** | Pointer to [**UserVerificationEnum**](UserVerificationEnum.md) |  | [optional] 
+
+## Methods
+
+### NewAuthenticatorSettings
+
+`func NewAuthenticatorSettings() *AuthenticatorSettings`
+
+NewAuthenticatorSettings instantiates a new AuthenticatorSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthenticatorSettingsWithDefaults
+
+`func NewAuthenticatorSettingsWithDefaults() *AuthenticatorSettings`
+
+NewAuthenticatorSettingsWithDefaults instantiates a new AuthenticatorSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAllowedFor
+
+`func (o *AuthenticatorSettings) GetAllowedFor() AllowedForEnum`
+
+GetAllowedFor returns the AllowedFor field if non-nil, zero value otherwise.
+
+### GetAllowedForOk
+
+`func (o *AuthenticatorSettings) GetAllowedForOk() (*AllowedForEnum, bool)`
+
+GetAllowedForOk returns a tuple with the AllowedFor field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllowedFor
+
+`func (o *AuthenticatorSettings) SetAllowedFor(v AllowedForEnum)`
+
+SetAllowedFor sets AllowedFor field to given value.
+
+### HasAllowedFor
+
+`func (o *AuthenticatorSettings) HasAllowedFor() bool`
+
+HasAllowedFor returns a boolean if a field has been set.
+
+### GetAppInstanceId
+
+`func (o *AuthenticatorSettings) GetAppInstanceId() string`
+
+GetAppInstanceId returns the AppInstanceId field if non-nil, zero value otherwise.
+
+### GetAppInstanceIdOk
+
+`func (o *AuthenticatorSettings) GetAppInstanceIdOk() (*string, bool)`
+
+GetAppInstanceIdOk returns a tuple with the AppInstanceId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppInstanceId
+
+`func (o *AuthenticatorSettings) SetAppInstanceId(v string)`
+
+SetAppInstanceId sets AppInstanceId field to given value.
+
+### HasAppInstanceId
+
+`func (o *AuthenticatorSettings) HasAppInstanceId() bool`
+
+HasAppInstanceId returns a boolean if a field has been set.
+
+### GetChannelBinding
+
+`func (o *AuthenticatorSettings) GetChannelBinding() ChannelBinding`
+
+GetChannelBinding returns the ChannelBinding field if non-nil, zero value otherwise.
+
+### GetChannelBindingOk
+
+`func (o *AuthenticatorSettings) GetChannelBindingOk() (*ChannelBinding, bool)`
+
+GetChannelBindingOk returns a tuple with the ChannelBinding field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChannelBinding
+
+`func (o *AuthenticatorSettings) SetChannelBinding(v ChannelBinding)`
+
+SetChannelBinding sets ChannelBinding field to given value.
+
+### HasChannelBinding
+
+`func (o *AuthenticatorSettings) HasChannelBinding() bool`
+
+HasChannelBinding returns a boolean if a field has been set.
+
+### GetCompliance
+
+`func (o *AuthenticatorSettings) GetCompliance() Compliance`
+
+GetCompliance returns the Compliance field if non-nil, zero value otherwise.
+
+### GetComplianceOk
+
+`func (o *AuthenticatorSettings) GetComplianceOk() (*Compliance, bool)`
+
+GetComplianceOk returns a tuple with the Compliance field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCompliance
+
+`func (o *AuthenticatorSettings) SetCompliance(v Compliance)`
+
+SetCompliance sets Compliance field to given value.
+
+### HasCompliance
+
+`func (o *AuthenticatorSettings) HasCompliance() bool`
+
+HasCompliance returns a boolean if a field has been set.
+
+### GetTokenLifetimeInMinutes
+
+`func (o *AuthenticatorSettings) GetTokenLifetimeInMinutes() int32`
+
+GetTokenLifetimeInMinutes returns the TokenLifetimeInMinutes field if non-nil, zero value otherwise.
+
+### GetTokenLifetimeInMinutesOk
+
+`func (o *AuthenticatorSettings) GetTokenLifetimeInMinutesOk() (*int32, bool)`
+
+GetTokenLifetimeInMinutesOk returns a tuple with the TokenLifetimeInMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenLifetimeInMinutes
+
+`func (o *AuthenticatorSettings) SetTokenLifetimeInMinutes(v int32)`
+
+SetTokenLifetimeInMinutes sets TokenLifetimeInMinutes field to given value.
+
+### HasTokenLifetimeInMinutes
+
+`func (o *AuthenticatorSettings) HasTokenLifetimeInMinutes() bool`
+
+HasTokenLifetimeInMinutes returns a boolean if a field has been set.
+
+### GetUserVerification
+
+`func (o *AuthenticatorSettings) GetUserVerification() UserVerificationEnum`
+
+GetUserVerification returns the UserVerification field if non-nil, zero value otherwise.
+
+### GetUserVerificationOk
+
+`func (o *AuthenticatorSettings) GetUserVerificationOk() (*UserVerificationEnum, bool)`
+
+GetUserVerificationOk returns a tuple with the UserVerification field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserVerification
+
+`func (o *AuthenticatorSettings) SetUserVerification(v UserVerificationEnum)`
+
+SetUserVerification sets UserVerification field to given value.
+
+### HasUserVerification
+
+`func (o *AuthenticatorSettings) HasUserVerification() bool`
+
+HasUserVerification returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthenticatorStatus.md b/okta/docs/AuthenticatorStatus.md
new file mode 100644
index 000000000..e0e728f73
--- /dev/null
+++ b/okta/docs/AuthenticatorStatus.md
@@ -0,0 +1,13 @@
+# AuthenticatorStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthenticatorType.md b/okta/docs/AuthenticatorType.md
new file mode 100644
index 000000000..6af5316a1
--- /dev/null
+++ b/okta/docs/AuthenticatorType.md
@@ -0,0 +1,23 @@
+# AuthenticatorType
+
+## Enum
+
+
+* `APP` (value: `"app"`)
+
+* `EMAIL` (value: `"email"`)
+
+* `FEDERATED` (value: `"federated"`)
+
+* `PASSWORD` (value: `"password"`)
+
+* `PHONE` (value: `"phone"`)
+
+* `SECURITY_KEY` (value: `"security_key"`)
+
+* `SECURITY_QUESTION` (value: `"security_question"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServer.md b/okta/docs/AuthorizationServer.md
new file mode 100644
index 000000000..7c6e92bf7
--- /dev/null
+++ b/okta/docs/AuthorizationServer.md
@@ -0,0 +1,316 @@
+# AuthorizationServer
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Audiences** | Pointer to **[]string** |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Credentials** | Pointer to [**AuthorizationServerCredentials**](AuthorizationServerCredentials.md) |  | [optional] 
+**Description** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Issuer** | Pointer to **string** |  | [optional] 
+**IssuerMode** | Pointer to [**IssuerMode**](IssuerMode.md) |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewAuthorizationServer
+
+`func NewAuthorizationServer() *AuthorizationServer`
+
+NewAuthorizationServer instantiates a new AuthorizationServer object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerWithDefaults
+
+`func NewAuthorizationServerWithDefaults() *AuthorizationServer`
+
+NewAuthorizationServerWithDefaults instantiates a new AuthorizationServer object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAudiences
+
+`func (o *AuthorizationServer) GetAudiences() []string`
+
+GetAudiences returns the Audiences field if non-nil, zero value otherwise.
+
+### GetAudiencesOk
+
+`func (o *AuthorizationServer) GetAudiencesOk() (*[]string, bool)`
+
+GetAudiencesOk returns a tuple with the Audiences field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAudiences
+
+`func (o *AuthorizationServer) SetAudiences(v []string)`
+
+SetAudiences sets Audiences field to given value.
+
+### HasAudiences
+
+`func (o *AuthorizationServer) HasAudiences() bool`
+
+HasAudiences returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *AuthorizationServer) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *AuthorizationServer) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *AuthorizationServer) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *AuthorizationServer) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCredentials
+
+`func (o *AuthorizationServer) GetCredentials() AuthorizationServerCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *AuthorizationServer) GetCredentialsOk() (*AuthorizationServerCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *AuthorizationServer) SetCredentials(v AuthorizationServerCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *AuthorizationServer) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *AuthorizationServer) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *AuthorizationServer) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *AuthorizationServer) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *AuthorizationServer) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *AuthorizationServer) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *AuthorizationServer) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *AuthorizationServer) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *AuthorizationServer) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *AuthorizationServer) GetIssuer() string`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *AuthorizationServer) GetIssuerOk() (*string, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *AuthorizationServer) SetIssuer(v string)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *AuthorizationServer) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+### GetIssuerMode
+
+`func (o *AuthorizationServer) GetIssuerMode() IssuerMode`
+
+GetIssuerMode returns the IssuerMode field if non-nil, zero value otherwise.
+
+### GetIssuerModeOk
+
+`func (o *AuthorizationServer) GetIssuerModeOk() (*IssuerMode, bool)`
+
+GetIssuerModeOk returns a tuple with the IssuerMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuerMode
+
+`func (o *AuthorizationServer) SetIssuerMode(v IssuerMode)`
+
+SetIssuerMode sets IssuerMode field to given value.
+
+### HasIssuerMode
+
+`func (o *AuthorizationServer) HasIssuerMode() bool`
+
+HasIssuerMode returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *AuthorizationServer) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *AuthorizationServer) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *AuthorizationServer) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *AuthorizationServer) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *AuthorizationServer) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AuthorizationServer) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AuthorizationServer) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *AuthorizationServer) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *AuthorizationServer) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *AuthorizationServer) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *AuthorizationServer) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *AuthorizationServer) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *AuthorizationServer) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *AuthorizationServer) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *AuthorizationServer) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *AuthorizationServer) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerApi.md b/okta/docs/AuthorizationServerApi.md
new file mode 100644
index 000000000..96208dc9d
--- /dev/null
+++ b/okta/docs/AuthorizationServerApi.md
@@ -0,0 +1,2799 @@
+# \AuthorizationServerApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateAuthorizationServer**](AuthorizationServerApi.md#ActivateAuthorizationServer) | **Post** /api/v1/authorizationServers/{authServerId}/lifecycle/activate | Activate an Authorization Server
+[**ActivateAuthorizationServerPolicy**](AuthorizationServerApi.md#ActivateAuthorizationServerPolicy) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate | Activate a Policy
+[**ActivateAuthorizationServerPolicyRule**](AuthorizationServerApi.md#ActivateAuthorizationServerPolicyRule) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate | Activate a Policy Rule
+[**CreateAuthorizationServer**](AuthorizationServerApi.md#CreateAuthorizationServer) | **Post** /api/v1/authorizationServers | Create an Authorization Server
+[**CreateAuthorizationServerPolicy**](AuthorizationServerApi.md#CreateAuthorizationServerPolicy) | **Post** /api/v1/authorizationServers/{authServerId}/policies | Create a Policy
+[**CreateAuthorizationServerPolicyRule**](AuthorizationServerApi.md#CreateAuthorizationServerPolicyRule) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules | Create a Policy Rule
+[**CreateOAuth2Claim**](AuthorizationServerApi.md#CreateOAuth2Claim) | **Post** /api/v1/authorizationServers/{authServerId}/claims | Create a Custom Token Claim
+[**CreateOAuth2Scope**](AuthorizationServerApi.md#CreateOAuth2Scope) | **Post** /api/v1/authorizationServers/{authServerId}/scopes | Create a Custom Token Scope
+[**DeactivateAuthorizationServer**](AuthorizationServerApi.md#DeactivateAuthorizationServer) | **Post** /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate | Deactivate an Authorization Server
+[**DeactivateAuthorizationServerPolicy**](AuthorizationServerApi.md#DeactivateAuthorizationServerPolicy) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate | Deactivate a Policy
+[**DeactivateAuthorizationServerPolicyRule**](AuthorizationServerApi.md#DeactivateAuthorizationServerPolicyRule) | **Post** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate | Deactivate a Policy Rule
+[**DeleteAuthorizationServer**](AuthorizationServerApi.md#DeleteAuthorizationServer) | **Delete** /api/v1/authorizationServers/{authServerId} | Delete an Authorization Server
+[**DeleteAuthorizationServerPolicy**](AuthorizationServerApi.md#DeleteAuthorizationServerPolicy) | **Delete** /api/v1/authorizationServers/{authServerId}/policies/{policyId} | Delete a Policy
+[**DeleteAuthorizationServerPolicyRule**](AuthorizationServerApi.md#DeleteAuthorizationServerPolicyRule) | **Delete** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId} | Delete a Policy Rule
+[**DeleteOAuth2Claim**](AuthorizationServerApi.md#DeleteOAuth2Claim) | **Delete** /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Delete a Custom Token Claim
+[**DeleteOAuth2Scope**](AuthorizationServerApi.md#DeleteOAuth2Scope) | **Delete** /api/v1/authorizationServers/{authServerId}/scopes/{scopeId} | Delete a Custom Token Scope
+[**GetAuthorizationServer**](AuthorizationServerApi.md#GetAuthorizationServer) | **Get** /api/v1/authorizationServers/{authServerId} | Retrieve an Authorization Server
+[**GetAuthorizationServerPolicy**](AuthorizationServerApi.md#GetAuthorizationServerPolicy) | **Get** /api/v1/authorizationServers/{authServerId}/policies/{policyId} | Retrieve a Policy
+[**GetAuthorizationServerPolicyRule**](AuthorizationServerApi.md#GetAuthorizationServerPolicyRule) | **Get** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId} | Retrieve a Policy Rule
+[**GetOAuth2Claim**](AuthorizationServerApi.md#GetOAuth2Claim) | **Get** /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Retrieve a Custom Token Claim
+[**GetOAuth2Scope**](AuthorizationServerApi.md#GetOAuth2Scope) | **Get** /api/v1/authorizationServers/{authServerId}/scopes/{scopeId} | Retrieve a Custom Token Scope
+[**GetRefreshTokenForAuthorizationServerAndClient**](AuthorizationServerApi.md#GetRefreshTokenForAuthorizationServerAndClient) | **Get** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId} | Retrieve a Refresh Token for a Client
+[**ListAuthorizationServerKeys**](AuthorizationServerApi.md#ListAuthorizationServerKeys) | **Get** /api/v1/authorizationServers/{authServerId}/credentials/keys | List all Credential Keys
+[**ListAuthorizationServerPolicies**](AuthorizationServerApi.md#ListAuthorizationServerPolicies) | **Get** /api/v1/authorizationServers/{authServerId}/policies | List all Policies
+[**ListAuthorizationServerPolicyRules**](AuthorizationServerApi.md#ListAuthorizationServerPolicyRules) | **Get** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules | List all Policy Rules
+[**ListAuthorizationServers**](AuthorizationServerApi.md#ListAuthorizationServers) | **Get** /api/v1/authorizationServers | List all Authorization Servers
+[**ListOAuth2Claims**](AuthorizationServerApi.md#ListOAuth2Claims) | **Get** /api/v1/authorizationServers/{authServerId}/claims | List all Custom Token Claims
+[**ListOAuth2ClientsForAuthorizationServer**](AuthorizationServerApi.md#ListOAuth2ClientsForAuthorizationServer) | **Get** /api/v1/authorizationServers/{authServerId}/clients | List all Clients
+[**ListOAuth2Scopes**](AuthorizationServerApi.md#ListOAuth2Scopes) | **Get** /api/v1/authorizationServers/{authServerId}/scopes | List all Custom Token Scopes
+[**ListRefreshTokensForAuthorizationServerAndClient**](AuthorizationServerApi.md#ListRefreshTokensForAuthorizationServerAndClient) | **Get** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens | List all Refresh Tokens for a Client
+[**ReplaceAuthorizationServer**](AuthorizationServerApi.md#ReplaceAuthorizationServer) | **Put** /api/v1/authorizationServers/{authServerId} | Replace an Authorization Server
+[**ReplaceAuthorizationServerPolicy**](AuthorizationServerApi.md#ReplaceAuthorizationServerPolicy) | **Put** /api/v1/authorizationServers/{authServerId}/policies/{policyId} | Replace a Policy
+[**ReplaceAuthorizationServerPolicyRule**](AuthorizationServerApi.md#ReplaceAuthorizationServerPolicyRule) | **Put** /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId} | Replace a Policy Rule
+[**ReplaceOAuth2Claim**](AuthorizationServerApi.md#ReplaceOAuth2Claim) | **Put** /api/v1/authorizationServers/{authServerId}/claims/{claimId} | Replace a Custom Token Claim
+[**ReplaceOAuth2Scope**](AuthorizationServerApi.md#ReplaceOAuth2Scope) | **Put** /api/v1/authorizationServers/{authServerId}/scopes/{scopeId} | Replace a Custom Token Scope
+[**RevokeRefreshTokenForAuthorizationServerAndClient**](AuthorizationServerApi.md#RevokeRefreshTokenForAuthorizationServerAndClient) | **Delete** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId} | Revoke a Refresh Token for a Client
+[**RevokeRefreshTokensForAuthorizationServerAndClient**](AuthorizationServerApi.md#RevokeRefreshTokensForAuthorizationServerAndClient) | **Delete** /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens | Revoke all Refresh Tokens for a Client
+[**RotateAuthorizationServerKeys**](AuthorizationServerApi.md#RotateAuthorizationServerKeys) | **Post** /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate | Rotate all Credential Keys
+
+
+
+## ActivateAuthorizationServer
+
+> ActivateAuthorizationServer(ctx, authServerId).Execute()
+
+Activate an Authorization Server
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ActivateAuthorizationServer(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ActivateAuthorizationServer``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateAuthorizationServerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ActivateAuthorizationServerPolicy
+
+> ActivateAuthorizationServerPolicy(ctx, authServerId, policyId).Execute()
+
+Activate a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ActivateAuthorizationServerPolicy(context.Background(), authServerId, policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ActivateAuthorizationServerPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateAuthorizationServerPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ActivateAuthorizationServerPolicyRule
+
+> ActivateAuthorizationServerPolicyRule(ctx, authServerId, policyId, ruleId).Execute()
+
+Activate a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policyId := "policyId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ActivateAuthorizationServerPolicyRule(context.Background(), authServerId, policyId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ActivateAuthorizationServerPolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**policyId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateAuthorizationServerPolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateAuthorizationServer
+
+> AuthorizationServer CreateAuthorizationServer(ctx).AuthorizationServer(authorizationServer).Execute()
+
+Create an Authorization Server
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authorizationServer := *openapiclient.NewAuthorizationServer() // AuthorizationServer | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.CreateAuthorizationServer(context.Background()).AuthorizationServer(authorizationServer).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.CreateAuthorizationServer``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateAuthorizationServer`: AuthorizationServer
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.CreateAuthorizationServer`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateAuthorizationServerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **authorizationServer** | [**AuthorizationServer**](AuthorizationServer.md) |  | 
+
+### Return type
+
+[**AuthorizationServer**](AuthorizationServer.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateAuthorizationServerPolicy
+
+> AuthorizationServerPolicy CreateAuthorizationServerPolicy(ctx, authServerId).Policy(policy).Execute()
+
+Create a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policy := *openapiclient.NewAuthorizationServerPolicy() // AuthorizationServerPolicy | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.CreateAuthorizationServerPolicy(context.Background(), authServerId).Policy(policy).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.CreateAuthorizationServerPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateAuthorizationServerPolicy`: AuthorizationServerPolicy
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.CreateAuthorizationServerPolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateAuthorizationServerPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **policy** | [**AuthorizationServerPolicy**](AuthorizationServerPolicy.md) |  | 
+
+### Return type
+
+[**AuthorizationServerPolicy**](AuthorizationServerPolicy.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateAuthorizationServerPolicyRule
+
+> AuthorizationServerPolicyRule CreateAuthorizationServerPolicyRule(ctx, policyId, authServerId).PolicyRule(policyRule).Execute()
+
+Create a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    authServerId := "authServerId_example" // string | 
+    policyRule := *openapiclient.NewAuthorizationServerPolicyRule() // AuthorizationServerPolicyRule | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.CreateAuthorizationServerPolicyRule(context.Background(), policyId, authServerId).PolicyRule(policyRule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.CreateAuthorizationServerPolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateAuthorizationServerPolicyRule`: AuthorizationServerPolicyRule
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.CreateAuthorizationServerPolicyRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateAuthorizationServerPolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **policyRule** | [**AuthorizationServerPolicyRule**](AuthorizationServerPolicyRule.md) |  | 
+
+### Return type
+
+[**AuthorizationServerPolicyRule**](AuthorizationServerPolicyRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateOAuth2Claim
+
+> OAuth2Claim CreateOAuth2Claim(ctx, authServerId).OAuth2Claim(oAuth2Claim).Execute()
+
+Create a Custom Token Claim
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    oAuth2Claim := *openapiclient.NewOAuth2Claim() // OAuth2Claim | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.CreateOAuth2Claim(context.Background(), authServerId).OAuth2Claim(oAuth2Claim).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.CreateOAuth2Claim``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateOAuth2Claim`: OAuth2Claim
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.CreateOAuth2Claim`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateOAuth2ClaimRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **oAuth2Claim** | [**OAuth2Claim**](OAuth2Claim.md) |  | 
+
+### Return type
+
+[**OAuth2Claim**](OAuth2Claim.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateOAuth2Scope
+
+> OAuth2Scope CreateOAuth2Scope(ctx, authServerId).OAuth2Scope(oAuth2Scope).Execute()
+
+Create a Custom Token Scope
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    oAuth2Scope := *openapiclient.NewOAuth2Scope() // OAuth2Scope | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.CreateOAuth2Scope(context.Background(), authServerId).OAuth2Scope(oAuth2Scope).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.CreateOAuth2Scope``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateOAuth2Scope`: OAuth2Scope
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.CreateOAuth2Scope`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateOAuth2ScopeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **oAuth2Scope** | [**OAuth2Scope**](OAuth2Scope.md) |  | 
+
+### Return type
+
+[**OAuth2Scope**](OAuth2Scope.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateAuthorizationServer
+
+> DeactivateAuthorizationServer(ctx, authServerId).Execute()
+
+Deactivate an Authorization Server
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeactivateAuthorizationServer(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeactivateAuthorizationServer``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateAuthorizationServerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateAuthorizationServerPolicy
+
+> DeactivateAuthorizationServerPolicy(ctx, authServerId, policyId).Execute()
+
+Deactivate a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeactivateAuthorizationServerPolicy(context.Background(), authServerId, policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeactivateAuthorizationServerPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateAuthorizationServerPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateAuthorizationServerPolicyRule
+
+> DeactivateAuthorizationServerPolicyRule(ctx, authServerId, policyId, ruleId).Execute()
+
+Deactivate a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policyId := "policyId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeactivateAuthorizationServerPolicyRule(context.Background(), authServerId, policyId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeactivateAuthorizationServerPolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**policyId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateAuthorizationServerPolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteAuthorizationServer
+
+> DeleteAuthorizationServer(ctx, authServerId).Execute()
+
+Delete an Authorization Server
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeleteAuthorizationServer(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeleteAuthorizationServer``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteAuthorizationServerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteAuthorizationServerPolicy
+
+> DeleteAuthorizationServerPolicy(ctx, authServerId, policyId).Execute()
+
+Delete a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeleteAuthorizationServerPolicy(context.Background(), authServerId, policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeleteAuthorizationServerPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteAuthorizationServerPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteAuthorizationServerPolicyRule
+
+> DeleteAuthorizationServerPolicyRule(ctx, policyId, authServerId, ruleId).Execute()
+
+Delete a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    authServerId := "authServerId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeleteAuthorizationServerPolicyRule(context.Background(), policyId, authServerId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeleteAuthorizationServerPolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**authServerId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteAuthorizationServerPolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteOAuth2Claim
+
+> DeleteOAuth2Claim(ctx, authServerId, claimId).Execute()
+
+Delete a Custom Token Claim
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    claimId := "claimId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeleteOAuth2Claim(context.Background(), authServerId, claimId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeleteOAuth2Claim``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**claimId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteOAuth2ClaimRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteOAuth2Scope
+
+> DeleteOAuth2Scope(ctx, authServerId, scopeId).Execute()
+
+Delete a Custom Token Scope
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    scopeId := "scopeId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.DeleteOAuth2Scope(context.Background(), authServerId, scopeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.DeleteOAuth2Scope``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**scopeId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteOAuth2ScopeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetAuthorizationServer
+
+> AuthorizationServer GetAuthorizationServer(ctx, authServerId).Execute()
+
+Retrieve an Authorization Server
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.GetAuthorizationServer(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.GetAuthorizationServer``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetAuthorizationServer`: AuthorizationServer
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.GetAuthorizationServer`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetAuthorizationServerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**AuthorizationServer**](AuthorizationServer.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetAuthorizationServerPolicy
+
+> AuthorizationServerPolicy GetAuthorizationServerPolicy(ctx, authServerId, policyId).Execute()
+
+Retrieve a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.GetAuthorizationServerPolicy(context.Background(), authServerId, policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.GetAuthorizationServerPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetAuthorizationServerPolicy`: AuthorizationServerPolicy
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.GetAuthorizationServerPolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetAuthorizationServerPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**AuthorizationServerPolicy**](AuthorizationServerPolicy.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetAuthorizationServerPolicyRule
+
+> AuthorizationServerPolicyRule GetAuthorizationServerPolicyRule(ctx, policyId, authServerId, ruleId).Execute()
+
+Retrieve a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    authServerId := "authServerId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.GetAuthorizationServerPolicyRule(context.Background(), policyId, authServerId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.GetAuthorizationServerPolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetAuthorizationServerPolicyRule`: AuthorizationServerPolicyRule
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.GetAuthorizationServerPolicyRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**authServerId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetAuthorizationServerPolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+[**AuthorizationServerPolicyRule**](AuthorizationServerPolicyRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOAuth2Claim
+
+> OAuth2Claim GetOAuth2Claim(ctx, authServerId, claimId).Execute()
+
+Retrieve a Custom Token Claim
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    claimId := "claimId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.GetOAuth2Claim(context.Background(), authServerId, claimId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.GetOAuth2Claim``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOAuth2Claim`: OAuth2Claim
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.GetOAuth2Claim`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**claimId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOAuth2ClaimRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**OAuth2Claim**](OAuth2Claim.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOAuth2Scope
+
+> OAuth2Scope GetOAuth2Scope(ctx, authServerId, scopeId).Execute()
+
+Retrieve a Custom Token Scope
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    scopeId := "scopeId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.GetOAuth2Scope(context.Background(), authServerId, scopeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.GetOAuth2Scope``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOAuth2Scope`: OAuth2Scope
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.GetOAuth2Scope`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**scopeId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOAuth2ScopeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**OAuth2Scope**](OAuth2Scope.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetRefreshTokenForAuthorizationServerAndClient
+
+> OAuth2RefreshToken GetRefreshTokenForAuthorizationServerAndClient(ctx, authServerId, clientId, tokenId).Expand(expand).Execute()
+
+Retrieve a Refresh Token for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    clientId := "clientId_example" // string | 
+    tokenId := "tokenId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.GetRefreshTokenForAuthorizationServerAndClient(context.Background(), authServerId, clientId, tokenId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.GetRefreshTokenForAuthorizationServerAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetRefreshTokenForAuthorizationServerAndClient`: OAuth2RefreshToken
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.GetRefreshTokenForAuthorizationServerAndClient`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**clientId** | **string** |  | 
+**tokenId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetRefreshTokenForAuthorizationServerAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**OAuth2RefreshToken**](OAuth2RefreshToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAuthorizationServerKeys
+
+> []JsonWebKey ListAuthorizationServerKeys(ctx, authServerId).Execute()
+
+List all Credential Keys
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListAuthorizationServerKeys(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListAuthorizationServerKeys``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAuthorizationServerKeys`: []JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListAuthorizationServerKeys`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAuthorizationServerKeysRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAuthorizationServerPolicies
+
+> []AuthorizationServerPolicy ListAuthorizationServerPolicies(ctx, authServerId).Execute()
+
+List all Policies
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListAuthorizationServerPolicies(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListAuthorizationServerPolicies``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAuthorizationServerPolicies`: []AuthorizationServerPolicy
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListAuthorizationServerPolicies`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAuthorizationServerPoliciesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]AuthorizationServerPolicy**](AuthorizationServerPolicy.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAuthorizationServerPolicyRules
+
+> []AuthorizationServerPolicyRule ListAuthorizationServerPolicyRules(ctx, policyId, authServerId).Execute()
+
+List all Policy Rules
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListAuthorizationServerPolicyRules(context.Background(), policyId, authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListAuthorizationServerPolicyRules``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAuthorizationServerPolicyRules`: []AuthorizationServerPolicyRule
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListAuthorizationServerPolicyRules`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAuthorizationServerPolicyRulesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**[]AuthorizationServerPolicyRule**](AuthorizationServerPolicyRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAuthorizationServers
+
+> []AuthorizationServer ListAuthorizationServers(ctx).Q(q).Limit(limit).After(after).Execute()
+
+List all Authorization Servers
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    q := "q_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 200)
+    after := "after_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListAuthorizationServers(context.Background()).Q(q).Limit(limit).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListAuthorizationServers``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAuthorizationServers`: []AuthorizationServer
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListAuthorizationServers`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAuthorizationServersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **q** | **string** |  | 
+ **limit** | **int32** |  | [default to 200]
+ **after** | **string** |  | 
+
+### Return type
+
+[**[]AuthorizationServer**](AuthorizationServer.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListOAuth2Claims
+
+> []OAuth2Claim ListOAuth2Claims(ctx, authServerId).Execute()
+
+List all Custom Token Claims
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListOAuth2Claims(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListOAuth2Claims``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListOAuth2Claims`: []OAuth2Claim
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListOAuth2Claims`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListOAuth2ClaimsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]OAuth2Claim**](OAuth2Claim.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListOAuth2ClientsForAuthorizationServer
+
+> []OAuth2Client ListOAuth2ClientsForAuthorizationServer(ctx, authServerId).Execute()
+
+List all Clients
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListOAuth2ClientsForAuthorizationServer(context.Background(), authServerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListOAuth2ClientsForAuthorizationServer``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListOAuth2ClientsForAuthorizationServer`: []OAuth2Client
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListOAuth2ClientsForAuthorizationServer`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListOAuth2ClientsForAuthorizationServerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]OAuth2Client**](OAuth2Client.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListOAuth2Scopes
+
+> []OAuth2Scope ListOAuth2Scopes(ctx, authServerId).Q(q).Filter(filter).Cursor(cursor).Limit(limit).Execute()
+
+List all Custom Token Scopes
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    q := "q_example" // string |  (optional)
+    filter := "filter_example" // string |  (optional)
+    cursor := "cursor_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to -1)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListOAuth2Scopes(context.Background(), authServerId).Q(q).Filter(filter).Cursor(cursor).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListOAuth2Scopes``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListOAuth2Scopes`: []OAuth2Scope
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListOAuth2Scopes`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListOAuth2ScopesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **q** | **string** |  | 
+ **filter** | **string** |  | 
+ **cursor** | **string** |  | 
+ **limit** | **int32** |  | [default to -1]
+
+### Return type
+
+[**[]OAuth2Scope**](OAuth2Scope.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListRefreshTokensForAuthorizationServerAndClient
+
+> []OAuth2RefreshToken ListRefreshTokensForAuthorizationServerAndClient(ctx, authServerId, clientId).Expand(expand).After(after).Limit(limit).Execute()
+
+List all Refresh Tokens for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    clientId := "clientId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to -1)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ListRefreshTokensForAuthorizationServerAndClient(context.Background(), authServerId, clientId).Expand(expand).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ListRefreshTokensForAuthorizationServerAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListRefreshTokensForAuthorizationServerAndClient`: []OAuth2RefreshToken
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ListRefreshTokensForAuthorizationServerAndClient`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**clientId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListRefreshTokensForAuthorizationServerAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to -1]
+
+### Return type
+
+[**[]OAuth2RefreshToken**](OAuth2RefreshToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceAuthorizationServer
+
+> AuthorizationServer ReplaceAuthorizationServer(ctx, authServerId).AuthorizationServer(authorizationServer).Execute()
+
+Replace an Authorization Server
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    authorizationServer := *openapiclient.NewAuthorizationServer() // AuthorizationServer | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ReplaceAuthorizationServer(context.Background(), authServerId).AuthorizationServer(authorizationServer).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ReplaceAuthorizationServer``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceAuthorizationServer`: AuthorizationServer
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ReplaceAuthorizationServer`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceAuthorizationServerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **authorizationServer** | [**AuthorizationServer**](AuthorizationServer.md) |  | 
+
+### Return type
+
+[**AuthorizationServer**](AuthorizationServer.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceAuthorizationServerPolicy
+
+> AuthorizationServerPolicy ReplaceAuthorizationServerPolicy(ctx, authServerId, policyId).Policy(policy).Execute()
+
+Replace a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    policyId := "policyId_example" // string | 
+    policy := *openapiclient.NewAuthorizationServerPolicy() // AuthorizationServerPolicy | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ReplaceAuthorizationServerPolicy(context.Background(), authServerId, policyId).Policy(policy).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ReplaceAuthorizationServerPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceAuthorizationServerPolicy`: AuthorizationServerPolicy
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ReplaceAuthorizationServerPolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceAuthorizationServerPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **policy** | [**AuthorizationServerPolicy**](AuthorizationServerPolicy.md) |  | 
+
+### Return type
+
+[**AuthorizationServerPolicy**](AuthorizationServerPolicy.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceAuthorizationServerPolicyRule
+
+> AuthorizationServerPolicyRule ReplaceAuthorizationServerPolicyRule(ctx, policyId, authServerId, ruleId).PolicyRule(policyRule).Execute()
+
+Replace a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    authServerId := "authServerId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+    policyRule := *openapiclient.NewAuthorizationServerPolicyRule() // AuthorizationServerPolicyRule | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ReplaceAuthorizationServerPolicyRule(context.Background(), policyId, authServerId, ruleId).PolicyRule(policyRule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ReplaceAuthorizationServerPolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceAuthorizationServerPolicyRule`: AuthorizationServerPolicyRule
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ReplaceAuthorizationServerPolicyRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**authServerId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceAuthorizationServerPolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+ **policyRule** | [**AuthorizationServerPolicyRule**](AuthorizationServerPolicyRule.md) |  | 
+
+### Return type
+
+[**AuthorizationServerPolicyRule**](AuthorizationServerPolicyRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceOAuth2Claim
+
+> OAuth2Claim ReplaceOAuth2Claim(ctx, authServerId, claimId).OAuth2Claim(oAuth2Claim).Execute()
+
+Replace a Custom Token Claim
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    claimId := "claimId_example" // string | 
+    oAuth2Claim := *openapiclient.NewOAuth2Claim() // OAuth2Claim | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ReplaceOAuth2Claim(context.Background(), authServerId, claimId).OAuth2Claim(oAuth2Claim).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ReplaceOAuth2Claim``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceOAuth2Claim`: OAuth2Claim
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ReplaceOAuth2Claim`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**claimId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceOAuth2ClaimRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **oAuth2Claim** | [**OAuth2Claim**](OAuth2Claim.md) |  | 
+
+### Return type
+
+[**OAuth2Claim**](OAuth2Claim.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceOAuth2Scope
+
+> OAuth2Scope ReplaceOAuth2Scope(ctx, authServerId, scopeId).OAuth2Scope(oAuth2Scope).Execute()
+
+Replace a Custom Token Scope
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    scopeId := "scopeId_example" // string | 
+    oAuth2Scope := *openapiclient.NewOAuth2Scope() // OAuth2Scope | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.ReplaceOAuth2Scope(context.Background(), authServerId, scopeId).OAuth2Scope(oAuth2Scope).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.ReplaceOAuth2Scope``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceOAuth2Scope`: OAuth2Scope
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.ReplaceOAuth2Scope`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**scopeId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceOAuth2ScopeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **oAuth2Scope** | [**OAuth2Scope**](OAuth2Scope.md) |  | 
+
+### Return type
+
+[**OAuth2Scope**](OAuth2Scope.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeRefreshTokenForAuthorizationServerAndClient
+
+> RevokeRefreshTokenForAuthorizationServerAndClient(ctx, authServerId, clientId, tokenId).Execute()
+
+Revoke a Refresh Token for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    clientId := "clientId_example" // string | 
+    tokenId := "tokenId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.RevokeRefreshTokenForAuthorizationServerAndClient(context.Background(), authServerId, clientId, tokenId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.RevokeRefreshTokenForAuthorizationServerAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**clientId** | **string** |  | 
+**tokenId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeRefreshTokenForAuthorizationServerAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeRefreshTokensForAuthorizationServerAndClient
+
+> RevokeRefreshTokensForAuthorizationServerAndClient(ctx, authServerId, clientId).Execute()
+
+Revoke all Refresh Tokens for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    clientId := "clientId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.RevokeRefreshTokensForAuthorizationServerAndClient(context.Background(), authServerId, clientId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.RevokeRefreshTokensForAuthorizationServerAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+**clientId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeRefreshTokensForAuthorizationServerAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RotateAuthorizationServerKeys
+
+> []JsonWebKey RotateAuthorizationServerKeys(ctx, authServerId).Use(use).Execute()
+
+Rotate all Credential Keys
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    authServerId := "authServerId_example" // string | 
+    use := *openapiclient.NewJwkUse() // JwkUse | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.AuthorizationServerApi.RotateAuthorizationServerKeys(context.Background(), authServerId).Use(use).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `AuthorizationServerApi.RotateAuthorizationServerKeys``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `RotateAuthorizationServerKeys`: []JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `AuthorizationServerApi.RotateAuthorizationServerKeys`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**authServerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRotateAuthorizationServerKeysRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **use** | [**JwkUse**](JwkUse.md) |  | 
+
+### Return type
+
+[**[]JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/AuthorizationServerCredentials.md b/okta/docs/AuthorizationServerCredentials.md
new file mode 100644
index 000000000..9c3f95f85
--- /dev/null
+++ b/okta/docs/AuthorizationServerCredentials.md
@@ -0,0 +1,56 @@
+# AuthorizationServerCredentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Signing** | Pointer to [**AuthorizationServerCredentialsSigningConfig**](AuthorizationServerCredentialsSigningConfig.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerCredentials
+
+`func NewAuthorizationServerCredentials() *AuthorizationServerCredentials`
+
+NewAuthorizationServerCredentials instantiates a new AuthorizationServerCredentials object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerCredentialsWithDefaults
+
+`func NewAuthorizationServerCredentialsWithDefaults() *AuthorizationServerCredentials`
+
+NewAuthorizationServerCredentialsWithDefaults instantiates a new AuthorizationServerCredentials object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSigning
+
+`func (o *AuthorizationServerCredentials) GetSigning() AuthorizationServerCredentialsSigningConfig`
+
+GetSigning returns the Signing field if non-nil, zero value otherwise.
+
+### GetSigningOk
+
+`func (o *AuthorizationServerCredentials) GetSigningOk() (*AuthorizationServerCredentialsSigningConfig, bool)`
+
+GetSigningOk returns a tuple with the Signing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSigning
+
+`func (o *AuthorizationServerCredentials) SetSigning(v AuthorizationServerCredentialsSigningConfig)`
+
+SetSigning sets Signing field to given value.
+
+### HasSigning
+
+`func (o *AuthorizationServerCredentials) HasSigning() bool`
+
+HasSigning returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerCredentialsRotationMode.md b/okta/docs/AuthorizationServerCredentialsRotationMode.md
new file mode 100644
index 000000000..0b982a72c
--- /dev/null
+++ b/okta/docs/AuthorizationServerCredentialsRotationMode.md
@@ -0,0 +1,13 @@
+# AuthorizationServerCredentialsRotationMode
+
+## Enum
+
+
+* `AUTO` (value: `"AUTO"`)
+
+* `MANUAL` (value: `"MANUAL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerCredentialsSigningConfig.md b/okta/docs/AuthorizationServerCredentialsSigningConfig.md
new file mode 100644
index 000000000..859aec646
--- /dev/null
+++ b/okta/docs/AuthorizationServerCredentialsSigningConfig.md
@@ -0,0 +1,160 @@
+# AuthorizationServerCredentialsSigningConfig
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Kid** | Pointer to **string** |  | [optional] 
+**LastRotated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**NextRotation** | Pointer to **time.Time** |  | [optional] [readonly] 
+**RotationMode** | Pointer to [**AuthorizationServerCredentialsRotationMode**](AuthorizationServerCredentialsRotationMode.md) |  | [optional] 
+**Use** | Pointer to [**AuthorizationServerCredentialsUse**](AuthorizationServerCredentialsUse.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerCredentialsSigningConfig
+
+`func NewAuthorizationServerCredentialsSigningConfig() *AuthorizationServerCredentialsSigningConfig`
+
+NewAuthorizationServerCredentialsSigningConfig instantiates a new AuthorizationServerCredentialsSigningConfig object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerCredentialsSigningConfigWithDefaults
+
+`func NewAuthorizationServerCredentialsSigningConfigWithDefaults() *AuthorizationServerCredentialsSigningConfig`
+
+NewAuthorizationServerCredentialsSigningConfigWithDefaults instantiates a new AuthorizationServerCredentialsSigningConfig object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKid
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetKid() string`
+
+GetKid returns the Kid field if non-nil, zero value otherwise.
+
+### GetKidOk
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetKidOk() (*string, bool)`
+
+GetKidOk returns a tuple with the Kid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKid
+
+`func (o *AuthorizationServerCredentialsSigningConfig) SetKid(v string)`
+
+SetKid sets Kid field to given value.
+
+### HasKid
+
+`func (o *AuthorizationServerCredentialsSigningConfig) HasKid() bool`
+
+HasKid returns a boolean if a field has been set.
+
+### GetLastRotated
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetLastRotated() time.Time`
+
+GetLastRotated returns the LastRotated field if non-nil, zero value otherwise.
+
+### GetLastRotatedOk
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetLastRotatedOk() (*time.Time, bool)`
+
+GetLastRotatedOk returns a tuple with the LastRotated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastRotated
+
+`func (o *AuthorizationServerCredentialsSigningConfig) SetLastRotated(v time.Time)`
+
+SetLastRotated sets LastRotated field to given value.
+
+### HasLastRotated
+
+`func (o *AuthorizationServerCredentialsSigningConfig) HasLastRotated() bool`
+
+HasLastRotated returns a boolean if a field has been set.
+
+### GetNextRotation
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetNextRotation() time.Time`
+
+GetNextRotation returns the NextRotation field if non-nil, zero value otherwise.
+
+### GetNextRotationOk
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetNextRotationOk() (*time.Time, bool)`
+
+GetNextRotationOk returns a tuple with the NextRotation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNextRotation
+
+`func (o *AuthorizationServerCredentialsSigningConfig) SetNextRotation(v time.Time)`
+
+SetNextRotation sets NextRotation field to given value.
+
+### HasNextRotation
+
+`func (o *AuthorizationServerCredentialsSigningConfig) HasNextRotation() bool`
+
+HasNextRotation returns a boolean if a field has been set.
+
+### GetRotationMode
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetRotationMode() AuthorizationServerCredentialsRotationMode`
+
+GetRotationMode returns the RotationMode field if non-nil, zero value otherwise.
+
+### GetRotationModeOk
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetRotationModeOk() (*AuthorizationServerCredentialsRotationMode, bool)`
+
+GetRotationModeOk returns a tuple with the RotationMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRotationMode
+
+`func (o *AuthorizationServerCredentialsSigningConfig) SetRotationMode(v AuthorizationServerCredentialsRotationMode)`
+
+SetRotationMode sets RotationMode field to given value.
+
+### HasRotationMode
+
+`func (o *AuthorizationServerCredentialsSigningConfig) HasRotationMode() bool`
+
+HasRotationMode returns a boolean if a field has been set.
+
+### GetUse
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetUse() AuthorizationServerCredentialsUse`
+
+GetUse returns the Use field if non-nil, zero value otherwise.
+
+### GetUseOk
+
+`func (o *AuthorizationServerCredentialsSigningConfig) GetUseOk() (*AuthorizationServerCredentialsUse, bool)`
+
+GetUseOk returns a tuple with the Use field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUse
+
+`func (o *AuthorizationServerCredentialsSigningConfig) SetUse(v AuthorizationServerCredentialsUse)`
+
+SetUse sets Use field to given value.
+
+### HasUse
+
+`func (o *AuthorizationServerCredentialsSigningConfig) HasUse() bool`
+
+HasUse returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerCredentialsUse.md b/okta/docs/AuthorizationServerCredentialsUse.md
new file mode 100644
index 000000000..1494e3170
--- /dev/null
+++ b/okta/docs/AuthorizationServerCredentialsUse.md
@@ -0,0 +1,11 @@
+# AuthorizationServerCredentialsUse
+
+## Enum
+
+
+* `SIG` (value: `"sig"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerPolicy.md b/okta/docs/AuthorizationServerPolicy.md
new file mode 100644
index 000000000..d4a895500
--- /dev/null
+++ b/okta/docs/AuthorizationServerPolicy.md
@@ -0,0 +1,56 @@
+# AuthorizationServerPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerPolicy
+
+`func NewAuthorizationServerPolicy() *AuthorizationServerPolicy`
+
+NewAuthorizationServerPolicy instantiates a new AuthorizationServerPolicy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerPolicyWithDefaults
+
+`func NewAuthorizationServerPolicyWithDefaults() *AuthorizationServerPolicy`
+
+NewAuthorizationServerPolicyWithDefaults instantiates a new AuthorizationServerPolicy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *AuthorizationServerPolicy) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *AuthorizationServerPolicy) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *AuthorizationServerPolicy) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *AuthorizationServerPolicy) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerPolicyRule.md b/okta/docs/AuthorizationServerPolicyRule.md
new file mode 100644
index 000000000..8477b876b
--- /dev/null
+++ b/okta/docs/AuthorizationServerPolicyRule.md
@@ -0,0 +1,82 @@
+# AuthorizationServerPolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**AuthorizationServerPolicyRuleActions**](AuthorizationServerPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**AuthorizationServerPolicyRuleConditions**](AuthorizationServerPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerPolicyRule
+
+`func NewAuthorizationServerPolicyRule() *AuthorizationServerPolicyRule`
+
+NewAuthorizationServerPolicyRule instantiates a new AuthorizationServerPolicyRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerPolicyRuleWithDefaults
+
+`func NewAuthorizationServerPolicyRuleWithDefaults() *AuthorizationServerPolicyRule`
+
+NewAuthorizationServerPolicyRuleWithDefaults instantiates a new AuthorizationServerPolicyRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *AuthorizationServerPolicyRule) GetActions() AuthorizationServerPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *AuthorizationServerPolicyRule) GetActionsOk() (*AuthorizationServerPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *AuthorizationServerPolicyRule) SetActions(v AuthorizationServerPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *AuthorizationServerPolicyRule) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *AuthorizationServerPolicyRule) GetConditions() AuthorizationServerPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *AuthorizationServerPolicyRule) GetConditionsOk() (*AuthorizationServerPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *AuthorizationServerPolicyRule) SetConditions(v AuthorizationServerPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *AuthorizationServerPolicyRule) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerPolicyRuleActions.md b/okta/docs/AuthorizationServerPolicyRuleActions.md
new file mode 100644
index 000000000..fca839d4f
--- /dev/null
+++ b/okta/docs/AuthorizationServerPolicyRuleActions.md
@@ -0,0 +1,212 @@
+# AuthorizationServerPolicyRuleActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enroll** | Pointer to [**PolicyRuleActionsEnroll**](PolicyRuleActionsEnroll.md) |  | [optional] 
+**Idp** | Pointer to [**IdpPolicyRuleAction**](IdpPolicyRuleAction.md) |  | [optional] 
+**PasswordChange** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServicePasswordReset** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServiceUnlock** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**Signon** | Pointer to [**OktaSignOnPolicyRuleSignonActions**](OktaSignOnPolicyRuleSignonActions.md) |  | [optional] 
+**Token** | Pointer to [**TokenAuthorizationServerPolicyRuleAction**](TokenAuthorizationServerPolicyRuleAction.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerPolicyRuleActions
+
+`func NewAuthorizationServerPolicyRuleActions() *AuthorizationServerPolicyRuleActions`
+
+NewAuthorizationServerPolicyRuleActions instantiates a new AuthorizationServerPolicyRuleActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerPolicyRuleActionsWithDefaults
+
+`func NewAuthorizationServerPolicyRuleActionsWithDefaults() *AuthorizationServerPolicyRuleActions`
+
+NewAuthorizationServerPolicyRuleActionsWithDefaults instantiates a new AuthorizationServerPolicyRuleActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnroll
+
+`func (o *AuthorizationServerPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll`
+
+GetEnroll returns the Enroll field if non-nil, zero value otherwise.
+
+### GetEnrollOk
+
+`func (o *AuthorizationServerPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool)`
+
+GetEnrollOk returns a tuple with the Enroll field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnroll
+
+`func (o *AuthorizationServerPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll)`
+
+SetEnroll sets Enroll field to given value.
+
+### HasEnroll
+
+`func (o *AuthorizationServerPolicyRuleActions) HasEnroll() bool`
+
+HasEnroll returns a boolean if a field has been set.
+
+### GetIdp
+
+`func (o *AuthorizationServerPolicyRuleActions) GetIdp() IdpPolicyRuleAction`
+
+GetIdp returns the Idp field if non-nil, zero value otherwise.
+
+### GetIdpOk
+
+`func (o *AuthorizationServerPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool)`
+
+GetIdpOk returns a tuple with the Idp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdp
+
+`func (o *AuthorizationServerPolicyRuleActions) SetIdp(v IdpPolicyRuleAction)`
+
+SetIdp sets Idp field to given value.
+
+### HasIdp
+
+`func (o *AuthorizationServerPolicyRuleActions) HasIdp() bool`
+
+HasIdp returns a boolean if a field has been set.
+
+### GetPasswordChange
+
+`func (o *AuthorizationServerPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction`
+
+GetPasswordChange returns the PasswordChange field if non-nil, zero value otherwise.
+
+### GetPasswordChangeOk
+
+`func (o *AuthorizationServerPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool)`
+
+GetPasswordChangeOk returns a tuple with the PasswordChange field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChange
+
+`func (o *AuthorizationServerPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction)`
+
+SetPasswordChange sets PasswordChange field to given value.
+
+### HasPasswordChange
+
+`func (o *AuthorizationServerPolicyRuleActions) HasPasswordChange() bool`
+
+HasPasswordChange returns a boolean if a field has been set.
+
+### GetSelfServicePasswordReset
+
+`func (o *AuthorizationServerPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction`
+
+GetSelfServicePasswordReset returns the SelfServicePasswordReset field if non-nil, zero value otherwise.
+
+### GetSelfServicePasswordResetOk
+
+`func (o *AuthorizationServerPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServicePasswordReset
+
+`func (o *AuthorizationServerPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction)`
+
+SetSelfServicePasswordReset sets SelfServicePasswordReset field to given value.
+
+### HasSelfServicePasswordReset
+
+`func (o *AuthorizationServerPolicyRuleActions) HasSelfServicePasswordReset() bool`
+
+HasSelfServicePasswordReset returns a boolean if a field has been set.
+
+### GetSelfServiceUnlock
+
+`func (o *AuthorizationServerPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction`
+
+GetSelfServiceUnlock returns the SelfServiceUnlock field if non-nil, zero value otherwise.
+
+### GetSelfServiceUnlockOk
+
+`func (o *AuthorizationServerPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServiceUnlock
+
+`func (o *AuthorizationServerPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction)`
+
+SetSelfServiceUnlock sets SelfServiceUnlock field to given value.
+
+### HasSelfServiceUnlock
+
+`func (o *AuthorizationServerPolicyRuleActions) HasSelfServiceUnlock() bool`
+
+HasSelfServiceUnlock returns a boolean if a field has been set.
+
+### GetSignon
+
+`func (o *AuthorizationServerPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions`
+
+GetSignon returns the Signon field if non-nil, zero value otherwise.
+
+### GetSignonOk
+
+`func (o *AuthorizationServerPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool)`
+
+GetSignonOk returns a tuple with the Signon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignon
+
+`func (o *AuthorizationServerPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions)`
+
+SetSignon sets Signon field to given value.
+
+### HasSignon
+
+`func (o *AuthorizationServerPolicyRuleActions) HasSignon() bool`
+
+HasSignon returns a boolean if a field has been set.
+
+### GetToken
+
+`func (o *AuthorizationServerPolicyRuleActions) GetToken() TokenAuthorizationServerPolicyRuleAction`
+
+GetToken returns the Token field if non-nil, zero value otherwise.
+
+### GetTokenOk
+
+`func (o *AuthorizationServerPolicyRuleActions) GetTokenOk() (*TokenAuthorizationServerPolicyRuleAction, bool)`
+
+GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetToken
+
+`func (o *AuthorizationServerPolicyRuleActions) SetToken(v TokenAuthorizationServerPolicyRuleAction)`
+
+SetToken sets Token field to given value.
+
+### HasToken
+
+`func (o *AuthorizationServerPolicyRuleActions) HasToken() bool`
+
+HasToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerPolicyRuleActionsAllOf.md b/okta/docs/AuthorizationServerPolicyRuleActionsAllOf.md
new file mode 100644
index 000000000..912601ebd
--- /dev/null
+++ b/okta/docs/AuthorizationServerPolicyRuleActionsAllOf.md
@@ -0,0 +1,56 @@
+# AuthorizationServerPolicyRuleActionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Token** | Pointer to [**TokenAuthorizationServerPolicyRuleAction**](TokenAuthorizationServerPolicyRuleAction.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerPolicyRuleActionsAllOf
+
+`func NewAuthorizationServerPolicyRuleActionsAllOf() *AuthorizationServerPolicyRuleActionsAllOf`
+
+NewAuthorizationServerPolicyRuleActionsAllOf instantiates a new AuthorizationServerPolicyRuleActionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerPolicyRuleActionsAllOfWithDefaults
+
+`func NewAuthorizationServerPolicyRuleActionsAllOfWithDefaults() *AuthorizationServerPolicyRuleActionsAllOf`
+
+NewAuthorizationServerPolicyRuleActionsAllOfWithDefaults instantiates a new AuthorizationServerPolicyRuleActionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetToken
+
+`func (o *AuthorizationServerPolicyRuleActionsAllOf) GetToken() TokenAuthorizationServerPolicyRuleAction`
+
+GetToken returns the Token field if non-nil, zero value otherwise.
+
+### GetTokenOk
+
+`func (o *AuthorizationServerPolicyRuleActionsAllOf) GetTokenOk() (*TokenAuthorizationServerPolicyRuleAction, bool)`
+
+GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetToken
+
+`func (o *AuthorizationServerPolicyRuleActionsAllOf) SetToken(v TokenAuthorizationServerPolicyRuleAction)`
+
+SetToken sets Token field to given value.
+
+### HasToken
+
+`func (o *AuthorizationServerPolicyRuleActionsAllOf) HasToken() bool`
+
+HasToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerPolicyRuleAllOf.md b/okta/docs/AuthorizationServerPolicyRuleAllOf.md
new file mode 100644
index 000000000..ce297c92e
--- /dev/null
+++ b/okta/docs/AuthorizationServerPolicyRuleAllOf.md
@@ -0,0 +1,82 @@
+# AuthorizationServerPolicyRuleAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**AuthorizationServerPolicyRuleActions**](AuthorizationServerPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**AuthorizationServerPolicyRuleConditions**](AuthorizationServerPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerPolicyRuleAllOf
+
+`func NewAuthorizationServerPolicyRuleAllOf() *AuthorizationServerPolicyRuleAllOf`
+
+NewAuthorizationServerPolicyRuleAllOf instantiates a new AuthorizationServerPolicyRuleAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerPolicyRuleAllOfWithDefaults
+
+`func NewAuthorizationServerPolicyRuleAllOfWithDefaults() *AuthorizationServerPolicyRuleAllOf`
+
+NewAuthorizationServerPolicyRuleAllOfWithDefaults instantiates a new AuthorizationServerPolicyRuleAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *AuthorizationServerPolicyRuleAllOf) GetActions() AuthorizationServerPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *AuthorizationServerPolicyRuleAllOf) GetActionsOk() (*AuthorizationServerPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *AuthorizationServerPolicyRuleAllOf) SetActions(v AuthorizationServerPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *AuthorizationServerPolicyRuleAllOf) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *AuthorizationServerPolicyRuleAllOf) GetConditions() AuthorizationServerPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *AuthorizationServerPolicyRuleAllOf) GetConditionsOk() (*AuthorizationServerPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *AuthorizationServerPolicyRuleAllOf) SetConditions(v AuthorizationServerPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *AuthorizationServerPolicyRuleAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerPolicyRuleConditions.md b/okta/docs/AuthorizationServerPolicyRuleConditions.md
new file mode 100644
index 000000000..3a97a087b
--- /dev/null
+++ b/okta/docs/AuthorizationServerPolicyRuleConditions.md
@@ -0,0 +1,576 @@
+# AuthorizationServerPolicyRuleConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
+**Apps** | Pointer to [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**BeforeScheduledAction** | Pointer to [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**Context** | Pointer to [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
+**Device** | Pointer to [**DevicePolicyRuleCondition**](DevicePolicyRuleCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**Groups** | Pointer to [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
+**IdentityProvider** | Pointer to [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
+**MdmEnrollment** | Pointer to [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Platform** | Pointer to [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
+**Risk** | Pointer to [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
+**RiskScore** | Pointer to [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+**UserIdentifier** | Pointer to [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
+**UserStatus** | Pointer to [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerPolicyRuleConditions
+
+`func NewAuthorizationServerPolicyRuleConditions() *AuthorizationServerPolicyRuleConditions`
+
+NewAuthorizationServerPolicyRuleConditions instantiates a new AuthorizationServerPolicyRuleConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerPolicyRuleConditionsWithDefaults
+
+`func NewAuthorizationServerPolicyRuleConditionsWithDefaults() *AuthorizationServerPolicyRuleConditions`
+
+NewAuthorizationServerPolicyRuleConditionsWithDefaults instantiates a new AuthorizationServerPolicyRuleConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetApps
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetAuthContext
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetAuthProvider
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetBeforeScheduledAction
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition`
+
+GetBeforeScheduledAction returns the BeforeScheduledAction field if non-nil, zero value otherwise.
+
+### GetBeforeScheduledActionOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool)`
+
+GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBeforeScheduledAction
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition)`
+
+SetBeforeScheduledAction sets BeforeScheduledAction field to given value.
+
+### HasBeforeScheduledAction
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasBeforeScheduledAction() bool`
+
+HasBeforeScheduledAction returns a boolean if a field has been set.
+
+### GetClients
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetContext
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetContext() ContextPolicyRuleCondition`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition)`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### GetDevice
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetDevice() DevicePolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetIdentityProvider
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition`
+
+GetIdentityProvider returns the IdentityProvider field if non-nil, zero value otherwise.
+
+### GetIdentityProviderOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool)`
+
+GetIdentityProviderOk returns a tuple with the IdentityProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityProvider
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition)`
+
+SetIdentityProvider sets IdentityProvider field to given value.
+
+### HasIdentityProvider
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasIdentityProvider() bool`
+
+HasIdentityProvider returns a boolean if a field has been set.
+
+### GetMdmEnrollment
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition`
+
+GetMdmEnrollment returns the MdmEnrollment field if non-nil, zero value otherwise.
+
+### GetMdmEnrollmentOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool)`
+
+GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMdmEnrollment
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition)`
+
+SetMdmEnrollment sets MdmEnrollment field to given value.
+
+### HasMdmEnrollment
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasMdmEnrollment() bool`
+
+HasMdmEnrollment returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRisk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition`
+
+GetRisk returns the Risk field if non-nil, zero value otherwise.
+
+### GetRiskOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool)`
+
+GetRiskOk returns a tuple with the Risk field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRisk
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition)`
+
+SetRisk sets Risk field to given value.
+
+### HasRisk
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasRisk() bool`
+
+HasRisk returns a boolean if a field has been set.
+
+### GetRiskScore
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition`
+
+GetRiskScore returns the RiskScore field if non-nil, zero value otherwise.
+
+### GetRiskScoreOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool)`
+
+GetRiskScoreOk returns a tuple with the RiskScore field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskScore
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition)`
+
+SetRiskScore sets RiskScore field to given value.
+
+### HasRiskScore
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasRiskScore() bool`
+
+HasRiskScore returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetUserIdentifier
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition`
+
+GetUserIdentifier returns the UserIdentifier field if non-nil, zero value otherwise.
+
+### GetUserIdentifierOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool)`
+
+GetUserIdentifierOk returns a tuple with the UserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserIdentifier
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition)`
+
+SetUserIdentifier sets UserIdentifier field to given value.
+
+### HasUserIdentifier
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasUserIdentifier() bool`
+
+HasUserIdentifier returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetUsers() UserPolicyRuleCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetUserStatus
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition`
+
+GetUserStatus returns the UserStatus field if non-nil, zero value otherwise.
+
+### GetUserStatusOk
+
+`func (o *AuthorizationServerPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool)`
+
+GetUserStatusOk returns a tuple with the UserStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserStatus
+
+`func (o *AuthorizationServerPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition)`
+
+SetUserStatus sets UserStatus field to given value.
+
+### HasUserStatus
+
+`func (o *AuthorizationServerPolicyRuleConditions) HasUserStatus() bool`
+
+HasUserStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AuthorizationServerPolicyRuleConditionsAllOf.md b/okta/docs/AuthorizationServerPolicyRuleConditionsAllOf.md
new file mode 100644
index 000000000..11214db57
--- /dev/null
+++ b/okta/docs/AuthorizationServerPolicyRuleConditionsAllOf.md
@@ -0,0 +1,134 @@
+# AuthorizationServerPolicyRuleConditionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewAuthorizationServerPolicyRuleConditionsAllOf
+
+`func NewAuthorizationServerPolicyRuleConditionsAllOf() *AuthorizationServerPolicyRuleConditionsAllOf`
+
+NewAuthorizationServerPolicyRuleConditionsAllOf instantiates a new AuthorizationServerPolicyRuleConditionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAuthorizationServerPolicyRuleConditionsAllOfWithDefaults
+
+`func NewAuthorizationServerPolicyRuleConditionsAllOfWithDefaults() *AuthorizationServerPolicyRuleConditionsAllOf`
+
+NewAuthorizationServerPolicyRuleConditionsAllOfWithDefaults instantiates a new AuthorizationServerPolicyRuleConditionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClients
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AutoLoginApplication.md b/okta/docs/AutoLoginApplication.md
new file mode 100644
index 000000000..a2f5190d3
--- /dev/null
+++ b/okta/docs/AutoLoginApplication.md
@@ -0,0 +1,108 @@
+# AutoLoginApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Settings** | Pointer to [**AutoLoginApplicationSettings**](AutoLoginApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewAutoLoginApplication
+
+`func NewAutoLoginApplication() *AutoLoginApplication`
+
+NewAutoLoginApplication instantiates a new AutoLoginApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAutoLoginApplicationWithDefaults
+
+`func NewAutoLoginApplicationWithDefaults() *AutoLoginApplication`
+
+NewAutoLoginApplicationWithDefaults instantiates a new AutoLoginApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *AutoLoginApplication) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *AutoLoginApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *AutoLoginApplication) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *AutoLoginApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *AutoLoginApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AutoLoginApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AutoLoginApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *AutoLoginApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *AutoLoginApplication) GetSettings() AutoLoginApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *AutoLoginApplication) GetSettingsOk() (*AutoLoginApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *AutoLoginApplication) SetSettings(v AutoLoginApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *AutoLoginApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AutoLoginApplicationAllOf.md b/okta/docs/AutoLoginApplicationAllOf.md
new file mode 100644
index 000000000..3e29b19ee
--- /dev/null
+++ b/okta/docs/AutoLoginApplicationAllOf.md
@@ -0,0 +1,108 @@
+# AutoLoginApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Settings** | Pointer to [**AutoLoginApplicationSettings**](AutoLoginApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewAutoLoginApplicationAllOf
+
+`func NewAutoLoginApplicationAllOf() *AutoLoginApplicationAllOf`
+
+NewAutoLoginApplicationAllOf instantiates a new AutoLoginApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAutoLoginApplicationAllOfWithDefaults
+
+`func NewAutoLoginApplicationAllOfWithDefaults() *AutoLoginApplicationAllOf`
+
+NewAutoLoginApplicationAllOfWithDefaults instantiates a new AutoLoginApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *AutoLoginApplicationAllOf) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *AutoLoginApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *AutoLoginApplicationAllOf) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *AutoLoginApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *AutoLoginApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *AutoLoginApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *AutoLoginApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *AutoLoginApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *AutoLoginApplicationAllOf) GetSettings() AutoLoginApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *AutoLoginApplicationAllOf) GetSettingsOk() (*AutoLoginApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *AutoLoginApplicationAllOf) SetSettings(v AutoLoginApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *AutoLoginApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AutoLoginApplicationSettings.md b/okta/docs/AutoLoginApplicationSettings.md
new file mode 100644
index 000000000..1bdb509e0
--- /dev/null
+++ b/okta/docs/AutoLoginApplicationSettings.md
@@ -0,0 +1,186 @@
+# AutoLoginApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**SignOn** | Pointer to [**AutoLoginApplicationSettingsSignOn**](AutoLoginApplicationSettingsSignOn.md) |  | [optional] 
+
+## Methods
+
+### NewAutoLoginApplicationSettings
+
+`func NewAutoLoginApplicationSettings() *AutoLoginApplicationSettings`
+
+NewAutoLoginApplicationSettings instantiates a new AutoLoginApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAutoLoginApplicationSettingsWithDefaults
+
+`func NewAutoLoginApplicationSettingsWithDefaults() *AutoLoginApplicationSettings`
+
+NewAutoLoginApplicationSettingsWithDefaults instantiates a new AutoLoginApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *AutoLoginApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *AutoLoginApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *AutoLoginApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *AutoLoginApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *AutoLoginApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *AutoLoginApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *AutoLoginApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *AutoLoginApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *AutoLoginApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *AutoLoginApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *AutoLoginApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *AutoLoginApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *AutoLoginApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *AutoLoginApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *AutoLoginApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *AutoLoginApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *AutoLoginApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *AutoLoginApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *AutoLoginApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *AutoLoginApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetSignOn
+
+`func (o *AutoLoginApplicationSettings) GetSignOn() AutoLoginApplicationSettingsSignOn`
+
+GetSignOn returns the SignOn field if non-nil, zero value otherwise.
+
+### GetSignOnOk
+
+`func (o *AutoLoginApplicationSettings) GetSignOnOk() (*AutoLoginApplicationSettingsSignOn, bool)`
+
+GetSignOnOk returns a tuple with the SignOn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignOn
+
+`func (o *AutoLoginApplicationSettings) SetSignOn(v AutoLoginApplicationSettingsSignOn)`
+
+SetSignOn sets SignOn field to given value.
+
+### HasSignOn
+
+`func (o *AutoLoginApplicationSettings) HasSignOn() bool`
+
+HasSignOn returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AutoLoginApplicationSettingsAllOf.md b/okta/docs/AutoLoginApplicationSettingsAllOf.md
new file mode 100644
index 000000000..0d1bc42f3
--- /dev/null
+++ b/okta/docs/AutoLoginApplicationSettingsAllOf.md
@@ -0,0 +1,56 @@
+# AutoLoginApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SignOn** | Pointer to [**AutoLoginApplicationSettingsSignOn**](AutoLoginApplicationSettingsSignOn.md) |  | [optional] 
+
+## Methods
+
+### NewAutoLoginApplicationSettingsAllOf
+
+`func NewAutoLoginApplicationSettingsAllOf() *AutoLoginApplicationSettingsAllOf`
+
+NewAutoLoginApplicationSettingsAllOf instantiates a new AutoLoginApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAutoLoginApplicationSettingsAllOfWithDefaults
+
+`func NewAutoLoginApplicationSettingsAllOfWithDefaults() *AutoLoginApplicationSettingsAllOf`
+
+NewAutoLoginApplicationSettingsAllOfWithDefaults instantiates a new AutoLoginApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSignOn
+
+`func (o *AutoLoginApplicationSettingsAllOf) GetSignOn() AutoLoginApplicationSettingsSignOn`
+
+GetSignOn returns the SignOn field if non-nil, zero value otherwise.
+
+### GetSignOnOk
+
+`func (o *AutoLoginApplicationSettingsAllOf) GetSignOnOk() (*AutoLoginApplicationSettingsSignOn, bool)`
+
+GetSignOnOk returns a tuple with the SignOn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignOn
+
+`func (o *AutoLoginApplicationSettingsAllOf) SetSignOn(v AutoLoginApplicationSettingsSignOn)`
+
+SetSignOn sets SignOn field to given value.
+
+### HasSignOn
+
+`func (o *AutoLoginApplicationSettingsAllOf) HasSignOn() bool`
+
+HasSignOn returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AutoLoginApplicationSettingsSignOn.md b/okta/docs/AutoLoginApplicationSettingsSignOn.md
new file mode 100644
index 000000000..b8d46d043
--- /dev/null
+++ b/okta/docs/AutoLoginApplicationSettingsSignOn.md
@@ -0,0 +1,82 @@
+# AutoLoginApplicationSettingsSignOn
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**LoginUrl** | Pointer to **string** |  | [optional] 
+**RedirectUrl** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAutoLoginApplicationSettingsSignOn
+
+`func NewAutoLoginApplicationSettingsSignOn() *AutoLoginApplicationSettingsSignOn`
+
+NewAutoLoginApplicationSettingsSignOn instantiates a new AutoLoginApplicationSettingsSignOn object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAutoLoginApplicationSettingsSignOnWithDefaults
+
+`func NewAutoLoginApplicationSettingsSignOnWithDefaults() *AutoLoginApplicationSettingsSignOn`
+
+NewAutoLoginApplicationSettingsSignOnWithDefaults instantiates a new AutoLoginApplicationSettingsSignOn object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLoginUrl
+
+`func (o *AutoLoginApplicationSettingsSignOn) GetLoginUrl() string`
+
+GetLoginUrl returns the LoginUrl field if non-nil, zero value otherwise.
+
+### GetLoginUrlOk
+
+`func (o *AutoLoginApplicationSettingsSignOn) GetLoginUrlOk() (*string, bool)`
+
+GetLoginUrlOk returns a tuple with the LoginUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLoginUrl
+
+`func (o *AutoLoginApplicationSettingsSignOn) SetLoginUrl(v string)`
+
+SetLoginUrl sets LoginUrl field to given value.
+
+### HasLoginUrl
+
+`func (o *AutoLoginApplicationSettingsSignOn) HasLoginUrl() bool`
+
+HasLoginUrl returns a boolean if a field has been set.
+
+### GetRedirectUrl
+
+`func (o *AutoLoginApplicationSettingsSignOn) GetRedirectUrl() string`
+
+GetRedirectUrl returns the RedirectUrl field if non-nil, zero value otherwise.
+
+### GetRedirectUrlOk
+
+`func (o *AutoLoginApplicationSettingsSignOn) GetRedirectUrlOk() (*string, bool)`
+
+GetRedirectUrlOk returns a tuple with the RedirectUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRedirectUrl
+
+`func (o *AutoLoginApplicationSettingsSignOn) SetRedirectUrl(v string)`
+
+SetRedirectUrl sets RedirectUrl field to given value.
+
+### HasRedirectUrl
+
+`func (o *AutoLoginApplicationSettingsSignOn) HasRedirectUrl() bool`
+
+HasRedirectUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AutoUpdateSchedule.md b/okta/docs/AutoUpdateSchedule.md
new file mode 100644
index 000000000..497eef5a7
--- /dev/null
+++ b/okta/docs/AutoUpdateSchedule.md
@@ -0,0 +1,160 @@
+# AutoUpdateSchedule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Cron** | Pointer to **string** |  | [optional] 
+**Delay** | Pointer to **int32** | delay in days | [optional] 
+**Duration** | Pointer to **int32** | duration in minutes | [optional] 
+**LastUpdated** | Pointer to **time.Time** | last time when the updated finished (success or failed, exclude cancelled), null if job haven&#39;t finished once yet. | [optional] 
+**Timezone** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewAutoUpdateSchedule
+
+`func NewAutoUpdateSchedule() *AutoUpdateSchedule`
+
+NewAutoUpdateSchedule instantiates a new AutoUpdateSchedule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAutoUpdateScheduleWithDefaults
+
+`func NewAutoUpdateScheduleWithDefaults() *AutoUpdateSchedule`
+
+NewAutoUpdateScheduleWithDefaults instantiates a new AutoUpdateSchedule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCron
+
+`func (o *AutoUpdateSchedule) GetCron() string`
+
+GetCron returns the Cron field if non-nil, zero value otherwise.
+
+### GetCronOk
+
+`func (o *AutoUpdateSchedule) GetCronOk() (*string, bool)`
+
+GetCronOk returns a tuple with the Cron field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCron
+
+`func (o *AutoUpdateSchedule) SetCron(v string)`
+
+SetCron sets Cron field to given value.
+
+### HasCron
+
+`func (o *AutoUpdateSchedule) HasCron() bool`
+
+HasCron returns a boolean if a field has been set.
+
+### GetDelay
+
+`func (o *AutoUpdateSchedule) GetDelay() int32`
+
+GetDelay returns the Delay field if non-nil, zero value otherwise.
+
+### GetDelayOk
+
+`func (o *AutoUpdateSchedule) GetDelayOk() (*int32, bool)`
+
+GetDelayOk returns a tuple with the Delay field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDelay
+
+`func (o *AutoUpdateSchedule) SetDelay(v int32)`
+
+SetDelay sets Delay field to given value.
+
+### HasDelay
+
+`func (o *AutoUpdateSchedule) HasDelay() bool`
+
+HasDelay returns a boolean if a field has been set.
+
+### GetDuration
+
+`func (o *AutoUpdateSchedule) GetDuration() int32`
+
+GetDuration returns the Duration field if non-nil, zero value otherwise.
+
+### GetDurationOk
+
+`func (o *AutoUpdateSchedule) GetDurationOk() (*int32, bool)`
+
+GetDurationOk returns a tuple with the Duration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDuration
+
+`func (o *AutoUpdateSchedule) SetDuration(v int32)`
+
+SetDuration sets Duration field to given value.
+
+### HasDuration
+
+`func (o *AutoUpdateSchedule) HasDuration() bool`
+
+HasDuration returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *AutoUpdateSchedule) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *AutoUpdateSchedule) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *AutoUpdateSchedule) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *AutoUpdateSchedule) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetTimezone
+
+`func (o *AutoUpdateSchedule) GetTimezone() string`
+
+GetTimezone returns the Timezone field if non-nil, zero value otherwise.
+
+### GetTimezoneOk
+
+`func (o *AutoUpdateSchedule) GetTimezoneOk() (*string, bool)`
+
+GetTimezoneOk returns a tuple with the Timezone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTimezone
+
+`func (o *AutoUpdateSchedule) SetTimezone(v string)`
+
+SetTimezone sets Timezone field to given value.
+
+### HasTimezone
+
+`func (o *AutoUpdateSchedule) HasTimezone() bool`
+
+HasTimezone returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/AwsRegion.md b/okta/docs/AwsRegion.md
new file mode 100644
index 000000000..428a57454
--- /dev/null
+++ b/okta/docs/AwsRegion.md
@@ -0,0 +1,31 @@
+# AwsRegion
+
+## Enum
+
+
+* `CA_CENTRAL_1` (value: `"ca-central-1"`)
+
+* `EU_CENTRAL_1` (value: `"eu-central-1"`)
+
+* `EU_NORTH_1` (value: `"eu-north-1"`)
+
+* `EU_SOUTH_1` (value: `"eu-south-1"`)
+
+* `EU_WEST_1` (value: `"eu-west-1"`)
+
+* `EU_WEST_2` (value: `"eu-west-2"`)
+
+* `EU_WEST_3` (value: `"eu-west-3"`)
+
+* `US_EAST_1` (value: `"us-east-1"`)
+
+* `US_EAST_2` (value: `"us-east-2"`)
+
+* `US_WEST_1` (value: `"us-west-1"`)
+
+* `US_WEST_2` (value: `"us-west-2"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BaseEmailDomain.md b/okta/docs/BaseEmailDomain.md
new file mode 100644
index 000000000..a9f16f92c
--- /dev/null
+++ b/okta/docs/BaseEmailDomain.md
@@ -0,0 +1,72 @@
+# BaseEmailDomain
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DisplayName** | **string** |  | 
+**UserName** | **string** |  | 
+
+## Methods
+
+### NewBaseEmailDomain
+
+`func NewBaseEmailDomain(displayName string, userName string, ) *BaseEmailDomain`
+
+NewBaseEmailDomain instantiates a new BaseEmailDomain object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBaseEmailDomainWithDefaults
+
+`func NewBaseEmailDomainWithDefaults() *BaseEmailDomain`
+
+NewBaseEmailDomainWithDefaults instantiates a new BaseEmailDomain object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDisplayName
+
+`func (o *BaseEmailDomain) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *BaseEmailDomain) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *BaseEmailDomain) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+
+### GetUserName
+
+`func (o *BaseEmailDomain) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *BaseEmailDomain) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *BaseEmailDomain) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BasicApplicationSettings.md b/okta/docs/BasicApplicationSettings.md
new file mode 100644
index 000000000..1481bea16
--- /dev/null
+++ b/okta/docs/BasicApplicationSettings.md
@@ -0,0 +1,186 @@
+# BasicApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**App** | Pointer to [**BasicApplicationSettingsApplication**](BasicApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewBasicApplicationSettings
+
+`func NewBasicApplicationSettings() *BasicApplicationSettings`
+
+NewBasicApplicationSettings instantiates a new BasicApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBasicApplicationSettingsWithDefaults
+
+`func NewBasicApplicationSettingsWithDefaults() *BasicApplicationSettings`
+
+NewBasicApplicationSettingsWithDefaults instantiates a new BasicApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *BasicApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *BasicApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *BasicApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *BasicApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *BasicApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *BasicApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *BasicApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *BasicApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *BasicApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *BasicApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *BasicApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *BasicApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *BasicApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *BasicApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *BasicApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *BasicApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *BasicApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *BasicApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *BasicApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *BasicApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetApp
+
+`func (o *BasicApplicationSettings) GetApp() BasicApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *BasicApplicationSettings) GetAppOk() (*BasicApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *BasicApplicationSettings) SetApp(v BasicApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *BasicApplicationSettings) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BasicApplicationSettingsAllOf.md b/okta/docs/BasicApplicationSettingsAllOf.md
new file mode 100644
index 000000000..13899aee6
--- /dev/null
+++ b/okta/docs/BasicApplicationSettingsAllOf.md
@@ -0,0 +1,56 @@
+# BasicApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**BasicApplicationSettingsApplication**](BasicApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewBasicApplicationSettingsAllOf
+
+`func NewBasicApplicationSettingsAllOf() *BasicApplicationSettingsAllOf`
+
+NewBasicApplicationSettingsAllOf instantiates a new BasicApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBasicApplicationSettingsAllOfWithDefaults
+
+`func NewBasicApplicationSettingsAllOfWithDefaults() *BasicApplicationSettingsAllOf`
+
+NewBasicApplicationSettingsAllOfWithDefaults instantiates a new BasicApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *BasicApplicationSettingsAllOf) GetApp() BasicApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *BasicApplicationSettingsAllOf) GetAppOk() (*BasicApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *BasicApplicationSettingsAllOf) SetApp(v BasicApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *BasicApplicationSettingsAllOf) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BasicApplicationSettingsApplication.md b/okta/docs/BasicApplicationSettingsApplication.md
new file mode 100644
index 000000000..54619000f
--- /dev/null
+++ b/okta/docs/BasicApplicationSettingsApplication.md
@@ -0,0 +1,82 @@
+# BasicApplicationSettingsApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthURL** | Pointer to **string** |  | [optional] 
+**Url** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewBasicApplicationSettingsApplication
+
+`func NewBasicApplicationSettingsApplication() *BasicApplicationSettingsApplication`
+
+NewBasicApplicationSettingsApplication instantiates a new BasicApplicationSettingsApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBasicApplicationSettingsApplicationWithDefaults
+
+`func NewBasicApplicationSettingsApplicationWithDefaults() *BasicApplicationSettingsApplication`
+
+NewBasicApplicationSettingsApplicationWithDefaults instantiates a new BasicApplicationSettingsApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthURL
+
+`func (o *BasicApplicationSettingsApplication) GetAuthURL() string`
+
+GetAuthURL returns the AuthURL field if non-nil, zero value otherwise.
+
+### GetAuthURLOk
+
+`func (o *BasicApplicationSettingsApplication) GetAuthURLOk() (*string, bool)`
+
+GetAuthURLOk returns a tuple with the AuthURL field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthURL
+
+`func (o *BasicApplicationSettingsApplication) SetAuthURL(v string)`
+
+SetAuthURL sets AuthURL field to given value.
+
+### HasAuthURL
+
+`func (o *BasicApplicationSettingsApplication) HasAuthURL() bool`
+
+HasAuthURL returns a boolean if a field has been set.
+
+### GetUrl
+
+`func (o *BasicApplicationSettingsApplication) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *BasicApplicationSettingsApplication) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *BasicApplicationSettingsApplication) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *BasicApplicationSettingsApplication) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BasicAuthApplication.md b/okta/docs/BasicAuthApplication.md
new file mode 100644
index 000000000..39a1204b9
--- /dev/null
+++ b/okta/docs/BasicAuthApplication.md
@@ -0,0 +1,108 @@
+# BasicAuthApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "template_basic_auth"]
+**Settings** | Pointer to [**BasicApplicationSettings**](BasicApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewBasicAuthApplication
+
+`func NewBasicAuthApplication() *BasicAuthApplication`
+
+NewBasicAuthApplication instantiates a new BasicAuthApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBasicAuthApplicationWithDefaults
+
+`func NewBasicAuthApplicationWithDefaults() *BasicAuthApplication`
+
+NewBasicAuthApplicationWithDefaults instantiates a new BasicAuthApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *BasicAuthApplication) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *BasicAuthApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *BasicAuthApplication) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *BasicAuthApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BasicAuthApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BasicAuthApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BasicAuthApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *BasicAuthApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *BasicAuthApplication) GetSettings() BasicApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BasicAuthApplication) GetSettingsOk() (*BasicApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BasicAuthApplication) SetSettings(v BasicApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BasicAuthApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BasicAuthApplicationAllOf.md b/okta/docs/BasicAuthApplicationAllOf.md
new file mode 100644
index 000000000..2098b893f
--- /dev/null
+++ b/okta/docs/BasicAuthApplicationAllOf.md
@@ -0,0 +1,108 @@
+# BasicAuthApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "template_basic_auth"]
+**Settings** | Pointer to [**BasicApplicationSettings**](BasicApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewBasicAuthApplicationAllOf
+
+`func NewBasicAuthApplicationAllOf() *BasicAuthApplicationAllOf`
+
+NewBasicAuthApplicationAllOf instantiates a new BasicAuthApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBasicAuthApplicationAllOfWithDefaults
+
+`func NewBasicAuthApplicationAllOfWithDefaults() *BasicAuthApplicationAllOf`
+
+NewBasicAuthApplicationAllOfWithDefaults instantiates a new BasicAuthApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *BasicAuthApplicationAllOf) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *BasicAuthApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *BasicAuthApplicationAllOf) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *BasicAuthApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BasicAuthApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BasicAuthApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BasicAuthApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *BasicAuthApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *BasicAuthApplicationAllOf) GetSettings() BasicApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BasicAuthApplicationAllOf) GetSettingsOk() (*BasicApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BasicAuthApplicationAllOf) SetSettings(v BasicApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BasicAuthApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BeforeScheduledActionPolicyRuleCondition.md b/okta/docs/BeforeScheduledActionPolicyRuleCondition.md
new file mode 100644
index 000000000..7208d4ead
--- /dev/null
+++ b/okta/docs/BeforeScheduledActionPolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# BeforeScheduledActionPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Duration** | Pointer to [**Duration**](Duration.md) |  | [optional] 
+**LifecycleAction** | Pointer to [**ScheduledUserLifecycleAction**](ScheduledUserLifecycleAction.md) |  | [optional] 
+
+## Methods
+
+### NewBeforeScheduledActionPolicyRuleCondition
+
+`func NewBeforeScheduledActionPolicyRuleCondition() *BeforeScheduledActionPolicyRuleCondition`
+
+NewBeforeScheduledActionPolicyRuleCondition instantiates a new BeforeScheduledActionPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBeforeScheduledActionPolicyRuleConditionWithDefaults
+
+`func NewBeforeScheduledActionPolicyRuleConditionWithDefaults() *BeforeScheduledActionPolicyRuleCondition`
+
+NewBeforeScheduledActionPolicyRuleConditionWithDefaults instantiates a new BeforeScheduledActionPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDuration
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) GetDuration() Duration`
+
+GetDuration returns the Duration field if non-nil, zero value otherwise.
+
+### GetDurationOk
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) GetDurationOk() (*Duration, bool)`
+
+GetDurationOk returns a tuple with the Duration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDuration
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) SetDuration(v Duration)`
+
+SetDuration sets Duration field to given value.
+
+### HasDuration
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) HasDuration() bool`
+
+HasDuration returns a boolean if a field has been set.
+
+### GetLifecycleAction
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) GetLifecycleAction() ScheduledUserLifecycleAction`
+
+GetLifecycleAction returns the LifecycleAction field if non-nil, zero value otherwise.
+
+### GetLifecycleActionOk
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) GetLifecycleActionOk() (*ScheduledUserLifecycleAction, bool)`
+
+GetLifecycleActionOk returns a tuple with the LifecycleAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLifecycleAction
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) SetLifecycleAction(v ScheduledUserLifecycleAction)`
+
+SetLifecycleAction sets LifecycleAction field to given value.
+
+### HasLifecycleAction
+
+`func (o *BeforeScheduledActionPolicyRuleCondition) HasLifecycleAction() bool`
+
+HasLifecycleAction returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorApi.md b/okta/docs/BehaviorApi.md
new file mode 100644
index 000000000..4f733025f
--- /dev/null
+++ b/okta/docs/BehaviorApi.md
@@ -0,0 +1,492 @@
+# \BehaviorApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateBehaviorDetectionRule**](BehaviorApi.md#ActivateBehaviorDetectionRule) | **Post** /api/v1/behaviors/{behaviorId}/lifecycle/activate | Activate a Behavior Detection Rule
+[**CreateBehaviorDetectionRule**](BehaviorApi.md#CreateBehaviorDetectionRule) | **Post** /api/v1/behaviors | Create a Behavior Detection Rule
+[**DeactivateBehaviorDetectionRule**](BehaviorApi.md#DeactivateBehaviorDetectionRule) | **Post** /api/v1/behaviors/{behaviorId}/lifecycle/deactivate | Deactivate a Behavior Detection Rule
+[**DeleteBehaviorDetectionRule**](BehaviorApi.md#DeleteBehaviorDetectionRule) | **Delete** /api/v1/behaviors/{behaviorId} | Delete a Behavior Detection Rule
+[**GetBehaviorDetectionRule**](BehaviorApi.md#GetBehaviorDetectionRule) | **Get** /api/v1/behaviors/{behaviorId} | Retrieve a Behavior Detection Rule
+[**ListBehaviorDetectionRules**](BehaviorApi.md#ListBehaviorDetectionRules) | **Get** /api/v1/behaviors | List all Behavior Detection Rules
+[**ReplaceBehaviorDetectionRule**](BehaviorApi.md#ReplaceBehaviorDetectionRule) | **Put** /api/v1/behaviors/{behaviorId} | Replace a Behavior Detection Rule
+
+
+
+## ActivateBehaviorDetectionRule
+
+> ListBehaviorDetectionRules200ResponseInner ActivateBehaviorDetectionRule(ctx, behaviorId).Execute()
+
+Activate a Behavior Detection Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    behaviorId := "abcd1234" // string | id of the Behavior Detection Rule
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.BehaviorApi.ActivateBehaviorDetectionRule(context.Background(), behaviorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `BehaviorApi.ActivateBehaviorDetectionRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateBehaviorDetectionRule`: ListBehaviorDetectionRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `BehaviorApi.ActivateBehaviorDetectionRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**behaviorId** | **string** | id of the Behavior Detection Rule | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateBehaviorDetectionRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListBehaviorDetectionRules200ResponseInner**](ListBehaviorDetectionRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateBehaviorDetectionRule
+
+> BehaviorRule CreateBehaviorDetectionRule(ctx).Rule(rule).Execute()
+
+Create a Behavior Detection Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    rule := openapiclient.listBehaviorDetectionRules_200_response_inner{BehaviorRuleAnomalousDevice: openapiclient.NewBehaviorRuleAnomalousDevice("Name_example", openapiclient.BehaviorRuleType("ANOMALOUS_DEVICE"))} // ListBehaviorDetectionRules200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.BehaviorApi.CreateBehaviorDetectionRule(context.Background()).Rule(rule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `BehaviorApi.CreateBehaviorDetectionRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateBehaviorDetectionRule`: BehaviorRule
+    fmt.Fprintf(os.Stdout, "Response from `BehaviorApi.CreateBehaviorDetectionRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateBehaviorDetectionRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **rule** | [**ListBehaviorDetectionRules200ResponseInner**](ListBehaviorDetectionRules200ResponseInner.md) |  | 
+
+### Return type
+
+[**BehaviorRule**](BehaviorRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateBehaviorDetectionRule
+
+> ListBehaviorDetectionRules200ResponseInner DeactivateBehaviorDetectionRule(ctx, behaviorId).Execute()
+
+Deactivate a Behavior Detection Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    behaviorId := "abcd1234" // string | id of the Behavior Detection Rule
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.BehaviorApi.DeactivateBehaviorDetectionRule(context.Background(), behaviorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `BehaviorApi.DeactivateBehaviorDetectionRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateBehaviorDetectionRule`: ListBehaviorDetectionRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `BehaviorApi.DeactivateBehaviorDetectionRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**behaviorId** | **string** | id of the Behavior Detection Rule | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateBehaviorDetectionRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListBehaviorDetectionRules200ResponseInner**](ListBehaviorDetectionRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteBehaviorDetectionRule
+
+> DeleteBehaviorDetectionRule(ctx, behaviorId).Execute()
+
+Delete a Behavior Detection Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    behaviorId := "abcd1234" // string | id of the Behavior Detection Rule
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.BehaviorApi.DeleteBehaviorDetectionRule(context.Background(), behaviorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `BehaviorApi.DeleteBehaviorDetectionRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**behaviorId** | **string** | id of the Behavior Detection Rule | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteBehaviorDetectionRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetBehaviorDetectionRule
+
+> ListBehaviorDetectionRules200ResponseInner GetBehaviorDetectionRule(ctx, behaviorId).Execute()
+
+Retrieve a Behavior Detection Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    behaviorId := "abcd1234" // string | id of the Behavior Detection Rule
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.BehaviorApi.GetBehaviorDetectionRule(context.Background(), behaviorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `BehaviorApi.GetBehaviorDetectionRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetBehaviorDetectionRule`: ListBehaviorDetectionRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `BehaviorApi.GetBehaviorDetectionRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**behaviorId** | **string** | id of the Behavior Detection Rule | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetBehaviorDetectionRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListBehaviorDetectionRules200ResponseInner**](ListBehaviorDetectionRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListBehaviorDetectionRules
+
+> []ListBehaviorDetectionRules200ResponseInner ListBehaviorDetectionRules(ctx).Execute()
+
+List all Behavior Detection Rules
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.BehaviorApi.ListBehaviorDetectionRules(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `BehaviorApi.ListBehaviorDetectionRules``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListBehaviorDetectionRules`: []ListBehaviorDetectionRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `BehaviorApi.ListBehaviorDetectionRules`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListBehaviorDetectionRulesRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]ListBehaviorDetectionRules200ResponseInner**](ListBehaviorDetectionRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceBehaviorDetectionRule
+
+> ListBehaviorDetectionRules200ResponseInner ReplaceBehaviorDetectionRule(ctx, behaviorId).Rule(rule).Execute()
+
+Replace a Behavior Detection Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    behaviorId := "abcd1234" // string | id of the Behavior Detection Rule
+    rule := openapiclient.listBehaviorDetectionRules_200_response_inner{BehaviorRuleAnomalousDevice: openapiclient.NewBehaviorRuleAnomalousDevice("Name_example", openapiclient.BehaviorRuleType("ANOMALOUS_DEVICE"))} // ListBehaviorDetectionRules200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.BehaviorApi.ReplaceBehaviorDetectionRule(context.Background(), behaviorId).Rule(rule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `BehaviorApi.ReplaceBehaviorDetectionRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceBehaviorDetectionRule`: ListBehaviorDetectionRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `BehaviorApi.ReplaceBehaviorDetectionRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**behaviorId** | **string** | id of the Behavior Detection Rule | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceBehaviorDetectionRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **rule** | [**ListBehaviorDetectionRules200ResponseInner**](ListBehaviorDetectionRules200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListBehaviorDetectionRules200ResponseInner**](ListBehaviorDetectionRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.md b/okta/docs/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.md
new file mode 100644
index 000000000..3287747fc
--- /dev/null
+++ b/okta/docs/BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour.md
@@ -0,0 +1,51 @@
+# BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**VelocityKph** | **int32** |  | [default to 805]
+
+## Methods
+
+### NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour
+
+`func NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour(velocityKph int32, ) *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour`
+
+NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour instantiates a new BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHourWithDefaults
+
+`func NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHourWithDefaults() *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour`
+
+NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHourWithDefaults instantiates a new BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetVelocityKph
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) GetVelocityKph() int32`
+
+GetVelocityKph returns the VelocityKph field if non-nil, zero value otherwise.
+
+### GetVelocityKphOk
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) GetVelocityKphOk() (*int32, bool)`
+
+GetVelocityKphOk returns a tuple with the VelocityKph field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVelocityKph
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) SetVelocityKph(v int32)`
+
+SetVelocityKph sets VelocityKph field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorDetectionRuleSettingsBasedOnEventHistory.md b/okta/docs/BehaviorDetectionRuleSettingsBasedOnEventHistory.md
new file mode 100644
index 000000000..e5131380e
--- /dev/null
+++ b/okta/docs/BehaviorDetectionRuleSettingsBasedOnEventHistory.md
@@ -0,0 +1,82 @@
+# BehaviorDetectionRuleSettingsBasedOnEventHistory
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MaxEventsUsedForEvaluation** | Pointer to **int32** |  | [optional] [default to 20]
+**MinEventsNeededForEvaluation** | Pointer to **int32** |  | [optional] [default to 0]
+
+## Methods
+
+### NewBehaviorDetectionRuleSettingsBasedOnEventHistory
+
+`func NewBehaviorDetectionRuleSettingsBasedOnEventHistory() *BehaviorDetectionRuleSettingsBasedOnEventHistory`
+
+NewBehaviorDetectionRuleSettingsBasedOnEventHistory instantiates a new BehaviorDetectionRuleSettingsBasedOnEventHistory object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorDetectionRuleSettingsBasedOnEventHistoryWithDefaults
+
+`func NewBehaviorDetectionRuleSettingsBasedOnEventHistoryWithDefaults() *BehaviorDetectionRuleSettingsBasedOnEventHistory`
+
+NewBehaviorDetectionRuleSettingsBasedOnEventHistoryWithDefaults instantiates a new BehaviorDetectionRuleSettingsBasedOnEventHistory object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMaxEventsUsedForEvaluation() int32`
+
+GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field if non-nil, zero value otherwise.
+
+### GetMaxEventsUsedForEvaluationOk
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMaxEventsUsedForEvaluationOk() (*int32, bool)`
+
+GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) SetMaxEventsUsedForEvaluation(v int32)`
+
+SetMaxEventsUsedForEvaluation sets MaxEventsUsedForEvaluation field to given value.
+
+### HasMaxEventsUsedForEvaluation
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) HasMaxEventsUsedForEvaluation() bool`
+
+HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+
+### GetMinEventsNeededForEvaluation
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMinEventsNeededForEvaluation() int32`
+
+GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field if non-nil, zero value otherwise.
+
+### GetMinEventsNeededForEvaluationOk
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMinEventsNeededForEvaluationOk() (*int32, bool)`
+
+GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinEventsNeededForEvaluation
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) SetMinEventsNeededForEvaluation(v int32)`
+
+SetMinEventsNeededForEvaluation sets MinEventsNeededForEvaluation field to given value.
+
+### HasMinEventsNeededForEvaluation
+
+`func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) HasMinEventsNeededForEvaluation() bool`
+
+HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRule.md b/okta/docs/BehaviorRule.md
new file mode 100644
index 000000000..47bfe84d6
--- /dev/null
+++ b/okta/docs/BehaviorRule.md
@@ -0,0 +1,202 @@
+# BehaviorRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | **string** |  | 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Type** | [**BehaviorRuleType**](BehaviorRuleType.md) |  | 
+**Link** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRule
+
+`func NewBehaviorRule(name string, type_ BehaviorRuleType, ) *BehaviorRule`
+
+NewBehaviorRule instantiates a new BehaviorRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleWithDefaults
+
+`func NewBehaviorRuleWithDefaults() *BehaviorRule`
+
+NewBehaviorRuleWithDefaults instantiates a new BehaviorRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *BehaviorRule) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *BehaviorRule) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *BehaviorRule) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *BehaviorRule) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *BehaviorRule) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *BehaviorRule) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *BehaviorRule) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *BehaviorRule) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *BehaviorRule) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *BehaviorRule) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *BehaviorRule) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *BehaviorRule) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BehaviorRule) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BehaviorRule) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BehaviorRule) SetName(v string)`
+
+SetName sets Name field to given value.
+
+
+### GetStatus
+
+`func (o *BehaviorRule) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *BehaviorRule) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *BehaviorRule) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *BehaviorRule) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *BehaviorRule) GetType() BehaviorRuleType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *BehaviorRule) GetTypeOk() (*BehaviorRuleType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *BehaviorRule) SetType(v BehaviorRuleType)`
+
+SetType sets Type field to given value.
+
+
+### GetLink
+
+`func (o *BehaviorRule) GetLink() ApiTokenLink`
+
+GetLink returns the Link field if non-nil, zero value otherwise.
+
+### GetLinkOk
+
+`func (o *BehaviorRule) GetLinkOk() (*ApiTokenLink, bool)`
+
+GetLinkOk returns a tuple with the Link field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLink
+
+`func (o *BehaviorRule) SetLink(v ApiTokenLink)`
+
+SetLink sets Link field to given value.
+
+### HasLink
+
+`func (o *BehaviorRule) HasLink() bool`
+
+HasLink returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleAnomalousDevice.md b/okta/docs/BehaviorRuleAnomalousDevice.md
new file mode 100644
index 000000000..0eecf63b2
--- /dev/null
+++ b/okta/docs/BehaviorRuleAnomalousDevice.md
@@ -0,0 +1,56 @@
+# BehaviorRuleAnomalousDevice
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsAnomalousDevice**](BehaviorRuleSettingsAnomalousDevice.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleAnomalousDevice
+
+`func NewBehaviorRuleAnomalousDevice() *BehaviorRuleAnomalousDevice`
+
+NewBehaviorRuleAnomalousDevice instantiates a new BehaviorRuleAnomalousDevice object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleAnomalousDeviceWithDefaults
+
+`func NewBehaviorRuleAnomalousDeviceWithDefaults() *BehaviorRuleAnomalousDevice`
+
+NewBehaviorRuleAnomalousDeviceWithDefaults instantiates a new BehaviorRuleAnomalousDevice object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleAnomalousDevice) GetSettings() BehaviorRuleSettingsAnomalousDevice`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleAnomalousDevice) GetSettingsOk() (*BehaviorRuleSettingsAnomalousDevice, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleAnomalousDevice) SetSettings(v BehaviorRuleSettingsAnomalousDevice)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleAnomalousDevice) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleAnomalousDeviceAllOf.md b/okta/docs/BehaviorRuleAnomalousDeviceAllOf.md
new file mode 100644
index 000000000..b3e5dd8eb
--- /dev/null
+++ b/okta/docs/BehaviorRuleAnomalousDeviceAllOf.md
@@ -0,0 +1,56 @@
+# BehaviorRuleAnomalousDeviceAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsAnomalousDevice**](BehaviorRuleSettingsAnomalousDevice.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleAnomalousDeviceAllOf
+
+`func NewBehaviorRuleAnomalousDeviceAllOf() *BehaviorRuleAnomalousDeviceAllOf`
+
+NewBehaviorRuleAnomalousDeviceAllOf instantiates a new BehaviorRuleAnomalousDeviceAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleAnomalousDeviceAllOfWithDefaults
+
+`func NewBehaviorRuleAnomalousDeviceAllOfWithDefaults() *BehaviorRuleAnomalousDeviceAllOf`
+
+NewBehaviorRuleAnomalousDeviceAllOfWithDefaults instantiates a new BehaviorRuleAnomalousDeviceAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleAnomalousDeviceAllOf) GetSettings() BehaviorRuleSettingsAnomalousDevice`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleAnomalousDeviceAllOf) GetSettingsOk() (*BehaviorRuleSettingsAnomalousDevice, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleAnomalousDeviceAllOf) SetSettings(v BehaviorRuleSettingsAnomalousDevice)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleAnomalousDeviceAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleAnomalousIP.md b/okta/docs/BehaviorRuleAnomalousIP.md
new file mode 100644
index 000000000..bee656744
--- /dev/null
+++ b/okta/docs/BehaviorRuleAnomalousIP.md
@@ -0,0 +1,56 @@
+# BehaviorRuleAnomalousIP
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsAnomalousIP**](BehaviorRuleSettingsAnomalousIP.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleAnomalousIP
+
+`func NewBehaviorRuleAnomalousIP() *BehaviorRuleAnomalousIP`
+
+NewBehaviorRuleAnomalousIP instantiates a new BehaviorRuleAnomalousIP object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleAnomalousIPWithDefaults
+
+`func NewBehaviorRuleAnomalousIPWithDefaults() *BehaviorRuleAnomalousIP`
+
+NewBehaviorRuleAnomalousIPWithDefaults instantiates a new BehaviorRuleAnomalousIP object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleAnomalousIP) GetSettings() BehaviorRuleSettingsAnomalousIP`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleAnomalousIP) GetSettingsOk() (*BehaviorRuleSettingsAnomalousIP, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleAnomalousIP) SetSettings(v BehaviorRuleSettingsAnomalousIP)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleAnomalousIP) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleAnomalousIPAllOf.md b/okta/docs/BehaviorRuleAnomalousIPAllOf.md
new file mode 100644
index 000000000..d706e1932
--- /dev/null
+++ b/okta/docs/BehaviorRuleAnomalousIPAllOf.md
@@ -0,0 +1,56 @@
+# BehaviorRuleAnomalousIPAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsAnomalousIP**](BehaviorRuleSettingsAnomalousIP.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleAnomalousIPAllOf
+
+`func NewBehaviorRuleAnomalousIPAllOf() *BehaviorRuleAnomalousIPAllOf`
+
+NewBehaviorRuleAnomalousIPAllOf instantiates a new BehaviorRuleAnomalousIPAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleAnomalousIPAllOfWithDefaults
+
+`func NewBehaviorRuleAnomalousIPAllOfWithDefaults() *BehaviorRuleAnomalousIPAllOf`
+
+NewBehaviorRuleAnomalousIPAllOfWithDefaults instantiates a new BehaviorRuleAnomalousIPAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleAnomalousIPAllOf) GetSettings() BehaviorRuleSettingsAnomalousIP`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleAnomalousIPAllOf) GetSettingsOk() (*BehaviorRuleSettingsAnomalousIP, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleAnomalousIPAllOf) SetSettings(v BehaviorRuleSettingsAnomalousIP)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleAnomalousIPAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleAnomalousLocation.md b/okta/docs/BehaviorRuleAnomalousLocation.md
new file mode 100644
index 000000000..41d19b9e4
--- /dev/null
+++ b/okta/docs/BehaviorRuleAnomalousLocation.md
@@ -0,0 +1,56 @@
+# BehaviorRuleAnomalousLocation
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsAnomalousLocation**](BehaviorRuleSettingsAnomalousLocation.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleAnomalousLocation
+
+`func NewBehaviorRuleAnomalousLocation() *BehaviorRuleAnomalousLocation`
+
+NewBehaviorRuleAnomalousLocation instantiates a new BehaviorRuleAnomalousLocation object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleAnomalousLocationWithDefaults
+
+`func NewBehaviorRuleAnomalousLocationWithDefaults() *BehaviorRuleAnomalousLocation`
+
+NewBehaviorRuleAnomalousLocationWithDefaults instantiates a new BehaviorRuleAnomalousLocation object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleAnomalousLocation) GetSettings() BehaviorRuleSettingsAnomalousLocation`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleAnomalousLocation) GetSettingsOk() (*BehaviorRuleSettingsAnomalousLocation, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleAnomalousLocation) SetSettings(v BehaviorRuleSettingsAnomalousLocation)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleAnomalousLocation) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleAnomalousLocationAllOf.md b/okta/docs/BehaviorRuleAnomalousLocationAllOf.md
new file mode 100644
index 000000000..8dab1d7f5
--- /dev/null
+++ b/okta/docs/BehaviorRuleAnomalousLocationAllOf.md
@@ -0,0 +1,56 @@
+# BehaviorRuleAnomalousLocationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsAnomalousLocation**](BehaviorRuleSettingsAnomalousLocation.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleAnomalousLocationAllOf
+
+`func NewBehaviorRuleAnomalousLocationAllOf() *BehaviorRuleAnomalousLocationAllOf`
+
+NewBehaviorRuleAnomalousLocationAllOf instantiates a new BehaviorRuleAnomalousLocationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleAnomalousLocationAllOfWithDefaults
+
+`func NewBehaviorRuleAnomalousLocationAllOfWithDefaults() *BehaviorRuleAnomalousLocationAllOf`
+
+NewBehaviorRuleAnomalousLocationAllOfWithDefaults instantiates a new BehaviorRuleAnomalousLocationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleAnomalousLocationAllOf) GetSettings() BehaviorRuleSettingsAnomalousLocation`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleAnomalousLocationAllOf) GetSettingsOk() (*BehaviorRuleSettingsAnomalousLocation, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleAnomalousLocationAllOf) SetSettings(v BehaviorRuleSettingsAnomalousLocation)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleAnomalousLocationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleSettingsAnomalousDevice.md b/okta/docs/BehaviorRuleSettingsAnomalousDevice.md
new file mode 100644
index 000000000..40a74784e
--- /dev/null
+++ b/okta/docs/BehaviorRuleSettingsAnomalousDevice.md
@@ -0,0 +1,82 @@
+# BehaviorRuleSettingsAnomalousDevice
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MaxEventsUsedForEvaluation** | Pointer to **int32** |  | [optional] [default to 20]
+**MinEventsNeededForEvaluation** | Pointer to **int32** |  | [optional] [default to 0]
+
+## Methods
+
+### NewBehaviorRuleSettingsAnomalousDevice
+
+`func NewBehaviorRuleSettingsAnomalousDevice() *BehaviorRuleSettingsAnomalousDevice`
+
+NewBehaviorRuleSettingsAnomalousDevice instantiates a new BehaviorRuleSettingsAnomalousDevice object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleSettingsAnomalousDeviceWithDefaults
+
+`func NewBehaviorRuleSettingsAnomalousDeviceWithDefaults() *BehaviorRuleSettingsAnomalousDevice`
+
+NewBehaviorRuleSettingsAnomalousDeviceWithDefaults instantiates a new BehaviorRuleSettingsAnomalousDevice object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) GetMaxEventsUsedForEvaluation() int32`
+
+GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field if non-nil, zero value otherwise.
+
+### GetMaxEventsUsedForEvaluationOk
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) GetMaxEventsUsedForEvaluationOk() (*int32, bool)`
+
+GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) SetMaxEventsUsedForEvaluation(v int32)`
+
+SetMaxEventsUsedForEvaluation sets MaxEventsUsedForEvaluation field to given value.
+
+### HasMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) HasMaxEventsUsedForEvaluation() bool`
+
+HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+
+### GetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) GetMinEventsNeededForEvaluation() int32`
+
+GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field if non-nil, zero value otherwise.
+
+### GetMinEventsNeededForEvaluationOk
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) GetMinEventsNeededForEvaluationOk() (*int32, bool)`
+
+GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) SetMinEventsNeededForEvaluation(v int32)`
+
+SetMinEventsNeededForEvaluation sets MinEventsNeededForEvaluation field to given value.
+
+### HasMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousDevice) HasMinEventsNeededForEvaluation() bool`
+
+HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleSettingsAnomalousIP.md b/okta/docs/BehaviorRuleSettingsAnomalousIP.md
new file mode 100644
index 000000000..ec5f372e3
--- /dev/null
+++ b/okta/docs/BehaviorRuleSettingsAnomalousIP.md
@@ -0,0 +1,82 @@
+# BehaviorRuleSettingsAnomalousIP
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MaxEventsUsedForEvaluation** | Pointer to **int32** |  | [optional] [default to 50]
+**MinEventsNeededForEvaluation** | Pointer to **int32** |  | [optional] [default to 0]
+
+## Methods
+
+### NewBehaviorRuleSettingsAnomalousIP
+
+`func NewBehaviorRuleSettingsAnomalousIP() *BehaviorRuleSettingsAnomalousIP`
+
+NewBehaviorRuleSettingsAnomalousIP instantiates a new BehaviorRuleSettingsAnomalousIP object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleSettingsAnomalousIPWithDefaults
+
+`func NewBehaviorRuleSettingsAnomalousIPWithDefaults() *BehaviorRuleSettingsAnomalousIP`
+
+NewBehaviorRuleSettingsAnomalousIPWithDefaults instantiates a new BehaviorRuleSettingsAnomalousIP object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIP) GetMaxEventsUsedForEvaluation() int32`
+
+GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field if non-nil, zero value otherwise.
+
+### GetMaxEventsUsedForEvaluationOk
+
+`func (o *BehaviorRuleSettingsAnomalousIP) GetMaxEventsUsedForEvaluationOk() (*int32, bool)`
+
+GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIP) SetMaxEventsUsedForEvaluation(v int32)`
+
+SetMaxEventsUsedForEvaluation sets MaxEventsUsedForEvaluation field to given value.
+
+### HasMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIP) HasMaxEventsUsedForEvaluation() bool`
+
+HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+
+### GetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIP) GetMinEventsNeededForEvaluation() int32`
+
+GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field if non-nil, zero value otherwise.
+
+### GetMinEventsNeededForEvaluationOk
+
+`func (o *BehaviorRuleSettingsAnomalousIP) GetMinEventsNeededForEvaluationOk() (*int32, bool)`
+
+GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIP) SetMinEventsNeededForEvaluation(v int32)`
+
+SetMinEventsNeededForEvaluation sets MinEventsNeededForEvaluation field to given value.
+
+### HasMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIP) HasMinEventsNeededForEvaluation() bool`
+
+HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleSettingsAnomalousIPAllOf.md b/okta/docs/BehaviorRuleSettingsAnomalousIPAllOf.md
new file mode 100644
index 000000000..e31d04a81
--- /dev/null
+++ b/okta/docs/BehaviorRuleSettingsAnomalousIPAllOf.md
@@ -0,0 +1,56 @@
+# BehaviorRuleSettingsAnomalousIPAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MaxEventsUsedForEvaluation** | Pointer to **int32** |  | [optional] [default to 50]
+
+## Methods
+
+### NewBehaviorRuleSettingsAnomalousIPAllOf
+
+`func NewBehaviorRuleSettingsAnomalousIPAllOf() *BehaviorRuleSettingsAnomalousIPAllOf`
+
+NewBehaviorRuleSettingsAnomalousIPAllOf instantiates a new BehaviorRuleSettingsAnomalousIPAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleSettingsAnomalousIPAllOfWithDefaults
+
+`func NewBehaviorRuleSettingsAnomalousIPAllOfWithDefaults() *BehaviorRuleSettingsAnomalousIPAllOf`
+
+NewBehaviorRuleSettingsAnomalousIPAllOfWithDefaults instantiates a new BehaviorRuleSettingsAnomalousIPAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIPAllOf) GetMaxEventsUsedForEvaluation() int32`
+
+GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field if non-nil, zero value otherwise.
+
+### GetMaxEventsUsedForEvaluationOk
+
+`func (o *BehaviorRuleSettingsAnomalousIPAllOf) GetMaxEventsUsedForEvaluationOk() (*int32, bool)`
+
+GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIPAllOf) SetMaxEventsUsedForEvaluation(v int32)`
+
+SetMaxEventsUsedForEvaluation sets MaxEventsUsedForEvaluation field to given value.
+
+### HasMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousIPAllOf) HasMaxEventsUsedForEvaluation() bool`
+
+HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleSettingsAnomalousLocation.md b/okta/docs/BehaviorRuleSettingsAnomalousLocation.md
new file mode 100644
index 000000000..0f8b25172
--- /dev/null
+++ b/okta/docs/BehaviorRuleSettingsAnomalousLocation.md
@@ -0,0 +1,129 @@
+# BehaviorRuleSettingsAnomalousLocation
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MaxEventsUsedForEvaluation** | Pointer to **int32** |  | [optional] [default to 20]
+**MinEventsNeededForEvaluation** | Pointer to **int32** |  | [optional] [default to 0]
+**Granularity** | [**LocationGranularity**](LocationGranularity.md) |  | 
+**RadiusKilometers** | Pointer to **int32** | Required when &#x60;granularity&#x60; is &#x60;LAT_LONG&#x60;. Radius from the provided coordinates in kilometers. | [optional] 
+
+## Methods
+
+### NewBehaviorRuleSettingsAnomalousLocation
+
+`func NewBehaviorRuleSettingsAnomalousLocation(granularity LocationGranularity, ) *BehaviorRuleSettingsAnomalousLocation`
+
+NewBehaviorRuleSettingsAnomalousLocation instantiates a new BehaviorRuleSettingsAnomalousLocation object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleSettingsAnomalousLocationWithDefaults
+
+`func NewBehaviorRuleSettingsAnomalousLocationWithDefaults() *BehaviorRuleSettingsAnomalousLocation`
+
+NewBehaviorRuleSettingsAnomalousLocationWithDefaults instantiates a new BehaviorRuleSettingsAnomalousLocation object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetMaxEventsUsedForEvaluation() int32`
+
+GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field if non-nil, zero value otherwise.
+
+### GetMaxEventsUsedForEvaluationOk
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetMaxEventsUsedForEvaluationOk() (*int32, bool)`
+
+GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) SetMaxEventsUsedForEvaluation(v int32)`
+
+SetMaxEventsUsedForEvaluation sets MaxEventsUsedForEvaluation field to given value.
+
+### HasMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) HasMaxEventsUsedForEvaluation() bool`
+
+HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+
+### GetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetMinEventsNeededForEvaluation() int32`
+
+GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field if non-nil, zero value otherwise.
+
+### GetMinEventsNeededForEvaluationOk
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetMinEventsNeededForEvaluationOk() (*int32, bool)`
+
+GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) SetMinEventsNeededForEvaluation(v int32)`
+
+SetMinEventsNeededForEvaluation sets MinEventsNeededForEvaluation field to given value.
+
+### HasMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) HasMinEventsNeededForEvaluation() bool`
+
+HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+
+### GetGranularity
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetGranularity() LocationGranularity`
+
+GetGranularity returns the Granularity field if non-nil, zero value otherwise.
+
+### GetGranularityOk
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetGranularityOk() (*LocationGranularity, bool)`
+
+GetGranularityOk returns a tuple with the Granularity field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGranularity
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) SetGranularity(v LocationGranularity)`
+
+SetGranularity sets Granularity field to given value.
+
+
+### GetRadiusKilometers
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetRadiusKilometers() int32`
+
+GetRadiusKilometers returns the RadiusKilometers field if non-nil, zero value otherwise.
+
+### GetRadiusKilometersOk
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) GetRadiusKilometersOk() (*int32, bool)`
+
+GetRadiusKilometersOk returns a tuple with the RadiusKilometers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRadiusKilometers
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) SetRadiusKilometers(v int32)`
+
+SetRadiusKilometers sets RadiusKilometers field to given value.
+
+### HasRadiusKilometers
+
+`func (o *BehaviorRuleSettingsAnomalousLocation) HasRadiusKilometers() bool`
+
+HasRadiusKilometers returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleSettingsAnomalousLocationAllOf.md b/okta/docs/BehaviorRuleSettingsAnomalousLocationAllOf.md
new file mode 100644
index 000000000..84967171f
--- /dev/null
+++ b/okta/docs/BehaviorRuleSettingsAnomalousLocationAllOf.md
@@ -0,0 +1,77 @@
+# BehaviorRuleSettingsAnomalousLocationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Granularity** | [**LocationGranularity**](LocationGranularity.md) |  | 
+**RadiusKilometers** | Pointer to **int32** | Required when &#x60;granularity&#x60; is &#x60;LAT_LONG&#x60;. Radius from the provided coordinates in kilometers. | [optional] 
+
+## Methods
+
+### NewBehaviorRuleSettingsAnomalousLocationAllOf
+
+`func NewBehaviorRuleSettingsAnomalousLocationAllOf(granularity LocationGranularity, ) *BehaviorRuleSettingsAnomalousLocationAllOf`
+
+NewBehaviorRuleSettingsAnomalousLocationAllOf instantiates a new BehaviorRuleSettingsAnomalousLocationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleSettingsAnomalousLocationAllOfWithDefaults
+
+`func NewBehaviorRuleSettingsAnomalousLocationAllOfWithDefaults() *BehaviorRuleSettingsAnomalousLocationAllOf`
+
+NewBehaviorRuleSettingsAnomalousLocationAllOfWithDefaults instantiates a new BehaviorRuleSettingsAnomalousLocationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetGranularity
+
+`func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetGranularity() LocationGranularity`
+
+GetGranularity returns the Granularity field if non-nil, zero value otherwise.
+
+### GetGranularityOk
+
+`func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetGranularityOk() (*LocationGranularity, bool)`
+
+GetGranularityOk returns a tuple with the Granularity field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGranularity
+
+`func (o *BehaviorRuleSettingsAnomalousLocationAllOf) SetGranularity(v LocationGranularity)`
+
+SetGranularity sets Granularity field to given value.
+
+
+### GetRadiusKilometers
+
+`func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetRadiusKilometers() int32`
+
+GetRadiusKilometers returns the RadiusKilometers field if non-nil, zero value otherwise.
+
+### GetRadiusKilometersOk
+
+`func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetRadiusKilometersOk() (*int32, bool)`
+
+GetRadiusKilometersOk returns a tuple with the RadiusKilometers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRadiusKilometers
+
+`func (o *BehaviorRuleSettingsAnomalousLocationAllOf) SetRadiusKilometers(v int32)`
+
+SetRadiusKilometers sets RadiusKilometers field to given value.
+
+### HasRadiusKilometers
+
+`func (o *BehaviorRuleSettingsAnomalousLocationAllOf) HasRadiusKilometers() bool`
+
+HasRadiusKilometers returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleSettingsHistoryBased.md b/okta/docs/BehaviorRuleSettingsHistoryBased.md
new file mode 100644
index 000000000..3291243f8
--- /dev/null
+++ b/okta/docs/BehaviorRuleSettingsHistoryBased.md
@@ -0,0 +1,82 @@
+# BehaviorRuleSettingsHistoryBased
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MaxEventsUsedForEvaluation** | Pointer to **int32** |  | [optional] [default to 20]
+**MinEventsNeededForEvaluation** | Pointer to **int32** |  | [optional] [default to 0]
+
+## Methods
+
+### NewBehaviorRuleSettingsHistoryBased
+
+`func NewBehaviorRuleSettingsHistoryBased() *BehaviorRuleSettingsHistoryBased`
+
+NewBehaviorRuleSettingsHistoryBased instantiates a new BehaviorRuleSettingsHistoryBased object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleSettingsHistoryBasedWithDefaults
+
+`func NewBehaviorRuleSettingsHistoryBasedWithDefaults() *BehaviorRuleSettingsHistoryBased`
+
+NewBehaviorRuleSettingsHistoryBasedWithDefaults instantiates a new BehaviorRuleSettingsHistoryBased object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsHistoryBased) GetMaxEventsUsedForEvaluation() int32`
+
+GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field if non-nil, zero value otherwise.
+
+### GetMaxEventsUsedForEvaluationOk
+
+`func (o *BehaviorRuleSettingsHistoryBased) GetMaxEventsUsedForEvaluationOk() (*int32, bool)`
+
+GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsHistoryBased) SetMaxEventsUsedForEvaluation(v int32)`
+
+SetMaxEventsUsedForEvaluation sets MaxEventsUsedForEvaluation field to given value.
+
+### HasMaxEventsUsedForEvaluation
+
+`func (o *BehaviorRuleSettingsHistoryBased) HasMaxEventsUsedForEvaluation() bool`
+
+HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+
+### GetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsHistoryBased) GetMinEventsNeededForEvaluation() int32`
+
+GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field if non-nil, zero value otherwise.
+
+### GetMinEventsNeededForEvaluationOk
+
+`func (o *BehaviorRuleSettingsHistoryBased) GetMinEventsNeededForEvaluationOk() (*int32, bool)`
+
+GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsHistoryBased) SetMinEventsNeededForEvaluation(v int32)`
+
+SetMinEventsNeededForEvaluation sets MinEventsNeededForEvaluation field to given value.
+
+### HasMinEventsNeededForEvaluation
+
+`func (o *BehaviorRuleSettingsHistoryBased) HasMinEventsNeededForEvaluation() bool`
+
+HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleSettingsVelocity.md b/okta/docs/BehaviorRuleSettingsVelocity.md
new file mode 100644
index 000000000..9334d22ee
--- /dev/null
+++ b/okta/docs/BehaviorRuleSettingsVelocity.md
@@ -0,0 +1,51 @@
+# BehaviorRuleSettingsVelocity
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**VelocityKph** | **int32** |  | [default to 805]
+
+## Methods
+
+### NewBehaviorRuleSettingsVelocity
+
+`func NewBehaviorRuleSettingsVelocity(velocityKph int32, ) *BehaviorRuleSettingsVelocity`
+
+NewBehaviorRuleSettingsVelocity instantiates a new BehaviorRuleSettingsVelocity object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleSettingsVelocityWithDefaults
+
+`func NewBehaviorRuleSettingsVelocityWithDefaults() *BehaviorRuleSettingsVelocity`
+
+NewBehaviorRuleSettingsVelocityWithDefaults instantiates a new BehaviorRuleSettingsVelocity object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetVelocityKph
+
+`func (o *BehaviorRuleSettingsVelocity) GetVelocityKph() int32`
+
+GetVelocityKph returns the VelocityKph field if non-nil, zero value otherwise.
+
+### GetVelocityKphOk
+
+`func (o *BehaviorRuleSettingsVelocity) GetVelocityKphOk() (*int32, bool)`
+
+GetVelocityKphOk returns a tuple with the VelocityKph field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVelocityKph
+
+`func (o *BehaviorRuleSettingsVelocity) SetVelocityKph(v int32)`
+
+SetVelocityKph sets VelocityKph field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleType.md b/okta/docs/BehaviorRuleType.md
new file mode 100644
index 000000000..6e8779b1e
--- /dev/null
+++ b/okta/docs/BehaviorRuleType.md
@@ -0,0 +1,17 @@
+# BehaviorRuleType
+
+## Enum
+
+
+* `ANOMALOUS_DEVICE` (value: `"ANOMALOUS_DEVICE"`)
+
+* `ANOMALOUS_IP` (value: `"ANOMALOUS_IP"`)
+
+* `ANOMALOUS_LOCATION` (value: `"ANOMALOUS_LOCATION"`)
+
+* `VELOCITY` (value: `"VELOCITY"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleVelocity.md b/okta/docs/BehaviorRuleVelocity.md
new file mode 100644
index 000000000..ef4812be2
--- /dev/null
+++ b/okta/docs/BehaviorRuleVelocity.md
@@ -0,0 +1,56 @@
+# BehaviorRuleVelocity
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsVelocity**](BehaviorRuleSettingsVelocity.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleVelocity
+
+`func NewBehaviorRuleVelocity() *BehaviorRuleVelocity`
+
+NewBehaviorRuleVelocity instantiates a new BehaviorRuleVelocity object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleVelocityWithDefaults
+
+`func NewBehaviorRuleVelocityWithDefaults() *BehaviorRuleVelocity`
+
+NewBehaviorRuleVelocityWithDefaults instantiates a new BehaviorRuleVelocity object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleVelocity) GetSettings() BehaviorRuleSettingsVelocity`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleVelocity) GetSettingsOk() (*BehaviorRuleSettingsVelocity, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleVelocity) SetSettings(v BehaviorRuleSettingsVelocity)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleVelocity) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BehaviorRuleVelocityAllOf.md b/okta/docs/BehaviorRuleVelocityAllOf.md
new file mode 100644
index 000000000..bb569faef
--- /dev/null
+++ b/okta/docs/BehaviorRuleVelocityAllOf.md
@@ -0,0 +1,56 @@
+# BehaviorRuleVelocityAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**BehaviorRuleSettingsVelocity**](BehaviorRuleSettingsVelocity.md) |  | [optional] 
+
+## Methods
+
+### NewBehaviorRuleVelocityAllOf
+
+`func NewBehaviorRuleVelocityAllOf() *BehaviorRuleVelocityAllOf`
+
+NewBehaviorRuleVelocityAllOf instantiates a new BehaviorRuleVelocityAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBehaviorRuleVelocityAllOfWithDefaults
+
+`func NewBehaviorRuleVelocityAllOfWithDefaults() *BehaviorRuleVelocityAllOf`
+
+NewBehaviorRuleVelocityAllOfWithDefaults instantiates a new BehaviorRuleVelocityAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *BehaviorRuleVelocityAllOf) GetSettings() BehaviorRuleSettingsVelocity`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BehaviorRuleVelocityAllOf) GetSettingsOk() (*BehaviorRuleSettingsVelocity, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BehaviorRuleVelocityAllOf) SetSettings(v BehaviorRuleSettingsVelocity)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BehaviorRuleVelocityAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BookmarkApplication.md b/okta/docs/BookmarkApplication.md
new file mode 100644
index 000000000..046178a51
--- /dev/null
+++ b/okta/docs/BookmarkApplication.md
@@ -0,0 +1,108 @@
+# BookmarkApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "bookmark"]
+**Settings** | Pointer to [**BookmarkApplicationSettings**](BookmarkApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewBookmarkApplication
+
+`func NewBookmarkApplication() *BookmarkApplication`
+
+NewBookmarkApplication instantiates a new BookmarkApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBookmarkApplicationWithDefaults
+
+`func NewBookmarkApplicationWithDefaults() *BookmarkApplication`
+
+NewBookmarkApplicationWithDefaults instantiates a new BookmarkApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *BookmarkApplication) GetCredentials() ApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *BookmarkApplication) GetCredentialsOk() (*ApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *BookmarkApplication) SetCredentials(v ApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *BookmarkApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BookmarkApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BookmarkApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BookmarkApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *BookmarkApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *BookmarkApplication) GetSettings() BookmarkApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BookmarkApplication) GetSettingsOk() (*BookmarkApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BookmarkApplication) SetSettings(v BookmarkApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BookmarkApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BookmarkApplicationAllOf.md b/okta/docs/BookmarkApplicationAllOf.md
new file mode 100644
index 000000000..a2b104e26
--- /dev/null
+++ b/okta/docs/BookmarkApplicationAllOf.md
@@ -0,0 +1,108 @@
+# BookmarkApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "bookmark"]
+**Settings** | Pointer to [**BookmarkApplicationSettings**](BookmarkApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewBookmarkApplicationAllOf
+
+`func NewBookmarkApplicationAllOf() *BookmarkApplicationAllOf`
+
+NewBookmarkApplicationAllOf instantiates a new BookmarkApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBookmarkApplicationAllOfWithDefaults
+
+`func NewBookmarkApplicationAllOfWithDefaults() *BookmarkApplicationAllOf`
+
+NewBookmarkApplicationAllOfWithDefaults instantiates a new BookmarkApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *BookmarkApplicationAllOf) GetCredentials() ApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *BookmarkApplicationAllOf) GetCredentialsOk() (*ApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *BookmarkApplicationAllOf) SetCredentials(v ApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *BookmarkApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BookmarkApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BookmarkApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BookmarkApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *BookmarkApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *BookmarkApplicationAllOf) GetSettings() BookmarkApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BookmarkApplicationAllOf) GetSettingsOk() (*BookmarkApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BookmarkApplicationAllOf) SetSettings(v BookmarkApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BookmarkApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BookmarkApplicationSettings.md b/okta/docs/BookmarkApplicationSettings.md
new file mode 100644
index 000000000..54adf3890
--- /dev/null
+++ b/okta/docs/BookmarkApplicationSettings.md
@@ -0,0 +1,186 @@
+# BookmarkApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**App** | Pointer to [**BookmarkApplicationSettingsApplication**](BookmarkApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewBookmarkApplicationSettings
+
+`func NewBookmarkApplicationSettings() *BookmarkApplicationSettings`
+
+NewBookmarkApplicationSettings instantiates a new BookmarkApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBookmarkApplicationSettingsWithDefaults
+
+`func NewBookmarkApplicationSettingsWithDefaults() *BookmarkApplicationSettings`
+
+NewBookmarkApplicationSettingsWithDefaults instantiates a new BookmarkApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *BookmarkApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *BookmarkApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *BookmarkApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *BookmarkApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *BookmarkApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *BookmarkApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *BookmarkApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *BookmarkApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *BookmarkApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *BookmarkApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *BookmarkApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *BookmarkApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *BookmarkApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *BookmarkApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *BookmarkApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *BookmarkApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *BookmarkApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *BookmarkApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *BookmarkApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *BookmarkApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetApp
+
+`func (o *BookmarkApplicationSettings) GetApp() BookmarkApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *BookmarkApplicationSettings) GetAppOk() (*BookmarkApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *BookmarkApplicationSettings) SetApp(v BookmarkApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *BookmarkApplicationSettings) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BookmarkApplicationSettingsAllOf.md b/okta/docs/BookmarkApplicationSettingsAllOf.md
new file mode 100644
index 000000000..590cfc6b3
--- /dev/null
+++ b/okta/docs/BookmarkApplicationSettingsAllOf.md
@@ -0,0 +1,56 @@
+# BookmarkApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**BookmarkApplicationSettingsApplication**](BookmarkApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewBookmarkApplicationSettingsAllOf
+
+`func NewBookmarkApplicationSettingsAllOf() *BookmarkApplicationSettingsAllOf`
+
+NewBookmarkApplicationSettingsAllOf instantiates a new BookmarkApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBookmarkApplicationSettingsAllOfWithDefaults
+
+`func NewBookmarkApplicationSettingsAllOfWithDefaults() *BookmarkApplicationSettingsAllOf`
+
+NewBookmarkApplicationSettingsAllOfWithDefaults instantiates a new BookmarkApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *BookmarkApplicationSettingsAllOf) GetApp() BookmarkApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *BookmarkApplicationSettingsAllOf) GetAppOk() (*BookmarkApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *BookmarkApplicationSettingsAllOf) SetApp(v BookmarkApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *BookmarkApplicationSettingsAllOf) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BookmarkApplicationSettingsApplication.md b/okta/docs/BookmarkApplicationSettingsApplication.md
new file mode 100644
index 000000000..ffff9ec6d
--- /dev/null
+++ b/okta/docs/BookmarkApplicationSettingsApplication.md
@@ -0,0 +1,82 @@
+# BookmarkApplicationSettingsApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**RequestIntegration** | Pointer to **bool** |  | [optional] 
+**Url** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewBookmarkApplicationSettingsApplication
+
+`func NewBookmarkApplicationSettingsApplication() *BookmarkApplicationSettingsApplication`
+
+NewBookmarkApplicationSettingsApplication instantiates a new BookmarkApplicationSettingsApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBookmarkApplicationSettingsApplicationWithDefaults
+
+`func NewBookmarkApplicationSettingsApplicationWithDefaults() *BookmarkApplicationSettingsApplication`
+
+NewBookmarkApplicationSettingsApplicationWithDefaults instantiates a new BookmarkApplicationSettingsApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRequestIntegration
+
+`func (o *BookmarkApplicationSettingsApplication) GetRequestIntegration() bool`
+
+GetRequestIntegration returns the RequestIntegration field if non-nil, zero value otherwise.
+
+### GetRequestIntegrationOk
+
+`func (o *BookmarkApplicationSettingsApplication) GetRequestIntegrationOk() (*bool, bool)`
+
+GetRequestIntegrationOk returns a tuple with the RequestIntegration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestIntegration
+
+`func (o *BookmarkApplicationSettingsApplication) SetRequestIntegration(v bool)`
+
+SetRequestIntegration sets RequestIntegration field to given value.
+
+### HasRequestIntegration
+
+`func (o *BookmarkApplicationSettingsApplication) HasRequestIntegration() bool`
+
+HasRequestIntegration returns a boolean if a field has been set.
+
+### GetUrl
+
+`func (o *BookmarkApplicationSettingsApplication) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *BookmarkApplicationSettingsApplication) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *BookmarkApplicationSettingsApplication) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *BookmarkApplicationSettingsApplication) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BouncesRemoveListError.md b/okta/docs/BouncesRemoveListError.md
new file mode 100644
index 000000000..61f4dda0d
--- /dev/null
+++ b/okta/docs/BouncesRemoveListError.md
@@ -0,0 +1,82 @@
+# BouncesRemoveListError
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EmailAddress** | Pointer to **string** |  | [optional] 
+**Reason** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewBouncesRemoveListError
+
+`func NewBouncesRemoveListError() *BouncesRemoveListError`
+
+NewBouncesRemoveListError instantiates a new BouncesRemoveListError object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBouncesRemoveListErrorWithDefaults
+
+`func NewBouncesRemoveListErrorWithDefaults() *BouncesRemoveListError`
+
+NewBouncesRemoveListErrorWithDefaults instantiates a new BouncesRemoveListError object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEmailAddress
+
+`func (o *BouncesRemoveListError) GetEmailAddress() string`
+
+GetEmailAddress returns the EmailAddress field if non-nil, zero value otherwise.
+
+### GetEmailAddressOk
+
+`func (o *BouncesRemoveListError) GetEmailAddressOk() (*string, bool)`
+
+GetEmailAddressOk returns a tuple with the EmailAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmailAddress
+
+`func (o *BouncesRemoveListError) SetEmailAddress(v string)`
+
+SetEmailAddress sets EmailAddress field to given value.
+
+### HasEmailAddress
+
+`func (o *BouncesRemoveListError) HasEmailAddress() bool`
+
+HasEmailAddress returns a boolean if a field has been set.
+
+### GetReason
+
+`func (o *BouncesRemoveListError) GetReason() string`
+
+GetReason returns the Reason field if non-nil, zero value otherwise.
+
+### GetReasonOk
+
+`func (o *BouncesRemoveListError) GetReasonOk() (*string, bool)`
+
+GetReasonOk returns a tuple with the Reason field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReason
+
+`func (o *BouncesRemoveListError) SetReason(v string)`
+
+SetReason sets Reason field to given value.
+
+### HasReason
+
+`func (o *BouncesRemoveListError) HasReason() bool`
+
+HasReason returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BouncesRemoveListObj.md b/okta/docs/BouncesRemoveListObj.md
new file mode 100644
index 000000000..45f0ecb58
--- /dev/null
+++ b/okta/docs/BouncesRemoveListObj.md
@@ -0,0 +1,56 @@
+# BouncesRemoveListObj
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EmailAddresses** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewBouncesRemoveListObj
+
+`func NewBouncesRemoveListObj() *BouncesRemoveListObj`
+
+NewBouncesRemoveListObj instantiates a new BouncesRemoveListObj object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBouncesRemoveListObjWithDefaults
+
+`func NewBouncesRemoveListObjWithDefaults() *BouncesRemoveListObj`
+
+NewBouncesRemoveListObjWithDefaults instantiates a new BouncesRemoveListObj object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEmailAddresses
+
+`func (o *BouncesRemoveListObj) GetEmailAddresses() []string`
+
+GetEmailAddresses returns the EmailAddresses field if non-nil, zero value otherwise.
+
+### GetEmailAddressesOk
+
+`func (o *BouncesRemoveListObj) GetEmailAddressesOk() (*[]string, bool)`
+
+GetEmailAddressesOk returns a tuple with the EmailAddresses field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmailAddresses
+
+`func (o *BouncesRemoveListObj) SetEmailAddresses(v []string)`
+
+SetEmailAddresses sets EmailAddresses field to given value.
+
+### HasEmailAddresses
+
+`func (o *BouncesRemoveListObj) HasEmailAddresses() bool`
+
+HasEmailAddresses returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BouncesRemoveListResult.md b/okta/docs/BouncesRemoveListResult.md
new file mode 100644
index 000000000..257ad6249
--- /dev/null
+++ b/okta/docs/BouncesRemoveListResult.md
@@ -0,0 +1,56 @@
+# BouncesRemoveListResult
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Errors** | Pointer to [**[]BouncesRemoveListError**](BouncesRemoveListError.md) |  | [optional] 
+
+## Methods
+
+### NewBouncesRemoveListResult
+
+`func NewBouncesRemoveListResult() *BouncesRemoveListResult`
+
+NewBouncesRemoveListResult instantiates a new BouncesRemoveListResult object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBouncesRemoveListResultWithDefaults
+
+`func NewBouncesRemoveListResultWithDefaults() *BouncesRemoveListResult`
+
+NewBouncesRemoveListResultWithDefaults instantiates a new BouncesRemoveListResult object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetErrors
+
+`func (o *BouncesRemoveListResult) GetErrors() []BouncesRemoveListError`
+
+GetErrors returns the Errors field if non-nil, zero value otherwise.
+
+### GetErrorsOk
+
+`func (o *BouncesRemoveListResult) GetErrorsOk() (*[]BouncesRemoveListError, bool)`
+
+GetErrorsOk returns a tuple with the Errors field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrors
+
+`func (o *BouncesRemoveListResult) SetErrors(v []BouncesRemoveListError)`
+
+SetErrors sets Errors field to given value.
+
+### HasErrors
+
+`func (o *BouncesRemoveListResult) HasErrors() bool`
+
+HasErrors returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Brand.md b/okta/docs/Brand.md
new file mode 100644
index 000000000..65b16b5c6
--- /dev/null
+++ b/okta/docs/Brand.md
@@ -0,0 +1,264 @@
+# Brand
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AgreeToCustomPrivacyPolicy** | Pointer to **bool** |  | [optional] 
+**CustomPrivacyPolicyUrl** | Pointer to **string** |  | [optional] 
+**DefaultApp** | Pointer to [**BrandDefaultApp**](BrandDefaultApp.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**IsDefault** | Pointer to **bool** |  | [optional] [readonly] 
+**Locale** | Pointer to **string** | The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646). | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**RemovePoweredByOkta** | Pointer to **bool** |  | [optional] 
+**Links** | Pointer to [**BrandLinks**](BrandLinks.md) |  | [optional] 
+
+## Methods
+
+### NewBrand
+
+`func NewBrand() *Brand`
+
+NewBrand instantiates a new Brand object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrandWithDefaults
+
+`func NewBrandWithDefaults() *Brand`
+
+NewBrandWithDefaults instantiates a new Brand object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAgreeToCustomPrivacyPolicy
+
+`func (o *Brand) GetAgreeToCustomPrivacyPolicy() bool`
+
+GetAgreeToCustomPrivacyPolicy returns the AgreeToCustomPrivacyPolicy field if non-nil, zero value otherwise.
+
+### GetAgreeToCustomPrivacyPolicyOk
+
+`func (o *Brand) GetAgreeToCustomPrivacyPolicyOk() (*bool, bool)`
+
+GetAgreeToCustomPrivacyPolicyOk returns a tuple with the AgreeToCustomPrivacyPolicy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAgreeToCustomPrivacyPolicy
+
+`func (o *Brand) SetAgreeToCustomPrivacyPolicy(v bool)`
+
+SetAgreeToCustomPrivacyPolicy sets AgreeToCustomPrivacyPolicy field to given value.
+
+### HasAgreeToCustomPrivacyPolicy
+
+`func (o *Brand) HasAgreeToCustomPrivacyPolicy() bool`
+
+HasAgreeToCustomPrivacyPolicy returns a boolean if a field has been set.
+
+### GetCustomPrivacyPolicyUrl
+
+`func (o *Brand) GetCustomPrivacyPolicyUrl() string`
+
+GetCustomPrivacyPolicyUrl returns the CustomPrivacyPolicyUrl field if non-nil, zero value otherwise.
+
+### GetCustomPrivacyPolicyUrlOk
+
+`func (o *Brand) GetCustomPrivacyPolicyUrlOk() (*string, bool)`
+
+GetCustomPrivacyPolicyUrlOk returns a tuple with the CustomPrivacyPolicyUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomPrivacyPolicyUrl
+
+`func (o *Brand) SetCustomPrivacyPolicyUrl(v string)`
+
+SetCustomPrivacyPolicyUrl sets CustomPrivacyPolicyUrl field to given value.
+
+### HasCustomPrivacyPolicyUrl
+
+`func (o *Brand) HasCustomPrivacyPolicyUrl() bool`
+
+HasCustomPrivacyPolicyUrl returns a boolean if a field has been set.
+
+### GetDefaultApp
+
+`func (o *Brand) GetDefaultApp() BrandDefaultApp`
+
+GetDefaultApp returns the DefaultApp field if non-nil, zero value otherwise.
+
+### GetDefaultAppOk
+
+`func (o *Brand) GetDefaultAppOk() (*BrandDefaultApp, bool)`
+
+GetDefaultAppOk returns a tuple with the DefaultApp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultApp
+
+`func (o *Brand) SetDefaultApp(v BrandDefaultApp)`
+
+SetDefaultApp sets DefaultApp field to given value.
+
+### HasDefaultApp
+
+`func (o *Brand) HasDefaultApp() bool`
+
+HasDefaultApp returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Brand) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Brand) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Brand) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Brand) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIsDefault
+
+`func (o *Brand) GetIsDefault() bool`
+
+GetIsDefault returns the IsDefault field if non-nil, zero value otherwise.
+
+### GetIsDefaultOk
+
+`func (o *Brand) GetIsDefaultOk() (*bool, bool)`
+
+GetIsDefaultOk returns a tuple with the IsDefault field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsDefault
+
+`func (o *Brand) SetIsDefault(v bool)`
+
+SetIsDefault sets IsDefault field to given value.
+
+### HasIsDefault
+
+`func (o *Brand) HasIsDefault() bool`
+
+HasIsDefault returns a boolean if a field has been set.
+
+### GetLocale
+
+`func (o *Brand) GetLocale() string`
+
+GetLocale returns the Locale field if non-nil, zero value otherwise.
+
+### GetLocaleOk
+
+`func (o *Brand) GetLocaleOk() (*string, bool)`
+
+GetLocaleOk returns a tuple with the Locale field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLocale
+
+`func (o *Brand) SetLocale(v string)`
+
+SetLocale sets Locale field to given value.
+
+### HasLocale
+
+`func (o *Brand) HasLocale() bool`
+
+HasLocale returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *Brand) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *Brand) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *Brand) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *Brand) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetRemovePoweredByOkta
+
+`func (o *Brand) GetRemovePoweredByOkta() bool`
+
+GetRemovePoweredByOkta returns the RemovePoweredByOkta field if non-nil, zero value otherwise.
+
+### GetRemovePoweredByOktaOk
+
+`func (o *Brand) GetRemovePoweredByOktaOk() (*bool, bool)`
+
+GetRemovePoweredByOktaOk returns a tuple with the RemovePoweredByOkta field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRemovePoweredByOkta
+
+`func (o *Brand) SetRemovePoweredByOkta(v bool)`
+
+SetRemovePoweredByOkta sets RemovePoweredByOkta field to given value.
+
+### HasRemovePoweredByOkta
+
+`func (o *Brand) HasRemovePoweredByOkta() bool`
+
+HasRemovePoweredByOkta returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Brand) GetLinks() BrandLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Brand) GetLinksOk() (*BrandLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Brand) SetLinks(v BrandLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Brand) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BrandDefaultApp.md b/okta/docs/BrandDefaultApp.md
new file mode 100644
index 000000000..d7da89c74
--- /dev/null
+++ b/okta/docs/BrandDefaultApp.md
@@ -0,0 +1,108 @@
+# BrandDefaultApp
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AppInstanceId** | Pointer to **string** |  | [optional] 
+**AppLinkName** | Pointer to **string** |  | [optional] 
+**ClassicApplicationUri** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewBrandDefaultApp
+
+`func NewBrandDefaultApp() *BrandDefaultApp`
+
+NewBrandDefaultApp instantiates a new BrandDefaultApp object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrandDefaultAppWithDefaults
+
+`func NewBrandDefaultAppWithDefaults() *BrandDefaultApp`
+
+NewBrandDefaultAppWithDefaults instantiates a new BrandDefaultApp object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAppInstanceId
+
+`func (o *BrandDefaultApp) GetAppInstanceId() string`
+
+GetAppInstanceId returns the AppInstanceId field if non-nil, zero value otherwise.
+
+### GetAppInstanceIdOk
+
+`func (o *BrandDefaultApp) GetAppInstanceIdOk() (*string, bool)`
+
+GetAppInstanceIdOk returns a tuple with the AppInstanceId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppInstanceId
+
+`func (o *BrandDefaultApp) SetAppInstanceId(v string)`
+
+SetAppInstanceId sets AppInstanceId field to given value.
+
+### HasAppInstanceId
+
+`func (o *BrandDefaultApp) HasAppInstanceId() bool`
+
+HasAppInstanceId returns a boolean if a field has been set.
+
+### GetAppLinkName
+
+`func (o *BrandDefaultApp) GetAppLinkName() string`
+
+GetAppLinkName returns the AppLinkName field if non-nil, zero value otherwise.
+
+### GetAppLinkNameOk
+
+`func (o *BrandDefaultApp) GetAppLinkNameOk() (*string, bool)`
+
+GetAppLinkNameOk returns a tuple with the AppLinkName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppLinkName
+
+`func (o *BrandDefaultApp) SetAppLinkName(v string)`
+
+SetAppLinkName sets AppLinkName field to given value.
+
+### HasAppLinkName
+
+`func (o *BrandDefaultApp) HasAppLinkName() bool`
+
+HasAppLinkName returns a boolean if a field has been set.
+
+### GetClassicApplicationUri
+
+`func (o *BrandDefaultApp) GetClassicApplicationUri() string`
+
+GetClassicApplicationUri returns the ClassicApplicationUri field if non-nil, zero value otherwise.
+
+### GetClassicApplicationUriOk
+
+`func (o *BrandDefaultApp) GetClassicApplicationUriOk() (*string, bool)`
+
+GetClassicApplicationUriOk returns a tuple with the ClassicApplicationUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClassicApplicationUri
+
+`func (o *BrandDefaultApp) SetClassicApplicationUri(v string)`
+
+SetClassicApplicationUri sets ClassicApplicationUri field to given value.
+
+### HasClassicApplicationUri
+
+`func (o *BrandDefaultApp) HasClassicApplicationUri() bool`
+
+HasClassicApplicationUri returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BrandDomain.md b/okta/docs/BrandDomain.md
new file mode 100644
index 000000000..93a68919f
--- /dev/null
+++ b/okta/docs/BrandDomain.md
@@ -0,0 +1,82 @@
+# BrandDomain
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DomainId** | Pointer to **string** |  | [optional] [readonly] 
+**Links** | Pointer to [**BrandDomainLinks**](BrandDomainLinks.md) |  | [optional] 
+
+## Methods
+
+### NewBrandDomain
+
+`func NewBrandDomain() *BrandDomain`
+
+NewBrandDomain instantiates a new BrandDomain object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrandDomainWithDefaults
+
+`func NewBrandDomainWithDefaults() *BrandDomain`
+
+NewBrandDomainWithDefaults instantiates a new BrandDomain object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDomainId
+
+`func (o *BrandDomain) GetDomainId() string`
+
+GetDomainId returns the DomainId field if non-nil, zero value otherwise.
+
+### GetDomainIdOk
+
+`func (o *BrandDomain) GetDomainIdOk() (*string, bool)`
+
+GetDomainIdOk returns a tuple with the DomainId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomainId
+
+`func (o *BrandDomain) SetDomainId(v string)`
+
+SetDomainId sets DomainId field to given value.
+
+### HasDomainId
+
+`func (o *BrandDomain) HasDomainId() bool`
+
+HasDomainId returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *BrandDomain) GetLinks() BrandDomainLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *BrandDomain) GetLinksOk() (*BrandDomainLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *BrandDomain) SetLinks(v BrandDomainLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *BrandDomain) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BrandDomainLinks.md b/okta/docs/BrandDomainLinks.md
new file mode 100644
index 000000000..734629c42
--- /dev/null
+++ b/okta/docs/BrandDomainLinks.md
@@ -0,0 +1,108 @@
+# BrandDomainLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Brand** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Domain** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewBrandDomainLinks
+
+`func NewBrandDomainLinks() *BrandDomainLinks`
+
+NewBrandDomainLinks instantiates a new BrandDomainLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrandDomainLinksWithDefaults
+
+`func NewBrandDomainLinksWithDefaults() *BrandDomainLinks`
+
+NewBrandDomainLinksWithDefaults instantiates a new BrandDomainLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *BrandDomainLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *BrandDomainLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *BrandDomainLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *BrandDomainLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetBrand
+
+`func (o *BrandDomainLinks) GetBrand() HrefObject`
+
+GetBrand returns the Brand field if non-nil, zero value otherwise.
+
+### GetBrandOk
+
+`func (o *BrandDomainLinks) GetBrandOk() (*HrefObject, bool)`
+
+GetBrandOk returns a tuple with the Brand field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrand
+
+`func (o *BrandDomainLinks) SetBrand(v HrefObject)`
+
+SetBrand sets Brand field to given value.
+
+### HasBrand
+
+`func (o *BrandDomainLinks) HasBrand() bool`
+
+HasBrand returns a boolean if a field has been set.
+
+### GetDomain
+
+`func (o *BrandDomainLinks) GetDomain() HrefObject`
+
+GetDomain returns the Domain field if non-nil, zero value otherwise.
+
+### GetDomainOk
+
+`func (o *BrandDomainLinks) GetDomainOk() (*HrefObject, bool)`
+
+GetDomainOk returns a tuple with the Domain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomain
+
+`func (o *BrandDomainLinks) SetDomain(v HrefObject)`
+
+SetDomain sets Domain field to given value.
+
+### HasDomain
+
+`func (o *BrandDomainLinks) HasDomain() bool`
+
+HasDomain returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BrandLinks.md b/okta/docs/BrandLinks.md
new file mode 100644
index 000000000..c1b921836
--- /dev/null
+++ b/okta/docs/BrandLinks.md
@@ -0,0 +1,82 @@
+# BrandLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Themes** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewBrandLinks
+
+`func NewBrandLinks() *BrandLinks`
+
+NewBrandLinks instantiates a new BrandLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrandLinksWithDefaults
+
+`func NewBrandLinksWithDefaults() *BrandLinks`
+
+NewBrandLinksWithDefaults instantiates a new BrandLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *BrandLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *BrandLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *BrandLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *BrandLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetThemes
+
+`func (o *BrandLinks) GetThemes() HrefObject`
+
+GetThemes returns the Themes field if non-nil, zero value otherwise.
+
+### GetThemesOk
+
+`func (o *BrandLinks) GetThemesOk() (*HrefObject, bool)`
+
+GetThemesOk returns a tuple with the Themes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThemes
+
+`func (o *BrandLinks) SetThemes(v HrefObject)`
+
+SetThemes sets Themes field to given value.
+
+### HasThemes
+
+`func (o *BrandLinks) HasThemes() bool`
+
+HasThemes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BrandRequest.md b/okta/docs/BrandRequest.md
new file mode 100644
index 000000000..d5e389477
--- /dev/null
+++ b/okta/docs/BrandRequest.md
@@ -0,0 +1,134 @@
+# BrandRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AgreeToCustomPrivacyPolicy** | Pointer to **bool** |  | [optional] 
+**CustomPrivacyPolicyUrl** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**RemovePoweredByOkta** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewBrandRequest
+
+`func NewBrandRequest() *BrandRequest`
+
+NewBrandRequest instantiates a new BrandRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrandRequestWithDefaults
+
+`func NewBrandRequestWithDefaults() *BrandRequest`
+
+NewBrandRequestWithDefaults instantiates a new BrandRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAgreeToCustomPrivacyPolicy
+
+`func (o *BrandRequest) GetAgreeToCustomPrivacyPolicy() bool`
+
+GetAgreeToCustomPrivacyPolicy returns the AgreeToCustomPrivacyPolicy field if non-nil, zero value otherwise.
+
+### GetAgreeToCustomPrivacyPolicyOk
+
+`func (o *BrandRequest) GetAgreeToCustomPrivacyPolicyOk() (*bool, bool)`
+
+GetAgreeToCustomPrivacyPolicyOk returns a tuple with the AgreeToCustomPrivacyPolicy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAgreeToCustomPrivacyPolicy
+
+`func (o *BrandRequest) SetAgreeToCustomPrivacyPolicy(v bool)`
+
+SetAgreeToCustomPrivacyPolicy sets AgreeToCustomPrivacyPolicy field to given value.
+
+### HasAgreeToCustomPrivacyPolicy
+
+`func (o *BrandRequest) HasAgreeToCustomPrivacyPolicy() bool`
+
+HasAgreeToCustomPrivacyPolicy returns a boolean if a field has been set.
+
+### GetCustomPrivacyPolicyUrl
+
+`func (o *BrandRequest) GetCustomPrivacyPolicyUrl() string`
+
+GetCustomPrivacyPolicyUrl returns the CustomPrivacyPolicyUrl field if non-nil, zero value otherwise.
+
+### GetCustomPrivacyPolicyUrlOk
+
+`func (o *BrandRequest) GetCustomPrivacyPolicyUrlOk() (*string, bool)`
+
+GetCustomPrivacyPolicyUrlOk returns a tuple with the CustomPrivacyPolicyUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomPrivacyPolicyUrl
+
+`func (o *BrandRequest) SetCustomPrivacyPolicyUrl(v string)`
+
+SetCustomPrivacyPolicyUrl sets CustomPrivacyPolicyUrl field to given value.
+
+### HasCustomPrivacyPolicyUrl
+
+`func (o *BrandRequest) HasCustomPrivacyPolicyUrl() bool`
+
+HasCustomPrivacyPolicyUrl returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BrandRequest) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BrandRequest) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BrandRequest) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *BrandRequest) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetRemovePoweredByOkta
+
+`func (o *BrandRequest) GetRemovePoweredByOkta() bool`
+
+GetRemovePoweredByOkta returns the RemovePoweredByOkta field if non-nil, zero value otherwise.
+
+### GetRemovePoweredByOktaOk
+
+`func (o *BrandRequest) GetRemovePoweredByOktaOk() (*bool, bool)`
+
+GetRemovePoweredByOktaOk returns a tuple with the RemovePoweredByOkta field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRemovePoweredByOkta
+
+`func (o *BrandRequest) SetRemovePoweredByOkta(v bool)`
+
+SetRemovePoweredByOkta sets RemovePoweredByOkta field to given value.
+
+### HasRemovePoweredByOkta
+
+`func (o *BrandRequest) HasRemovePoweredByOkta() bool`
+
+HasRemovePoweredByOkta returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BrowserPluginApplication.md b/okta/docs/BrowserPluginApplication.md
new file mode 100644
index 000000000..41a0910e0
--- /dev/null
+++ b/okta/docs/BrowserPluginApplication.md
@@ -0,0 +1,108 @@
+# BrowserPluginApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Settings** | Pointer to [**SwaApplicationSettings**](SwaApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewBrowserPluginApplication
+
+`func NewBrowserPluginApplication() *BrowserPluginApplication`
+
+NewBrowserPluginApplication instantiates a new BrowserPluginApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrowserPluginApplicationWithDefaults
+
+`func NewBrowserPluginApplicationWithDefaults() *BrowserPluginApplication`
+
+NewBrowserPluginApplicationWithDefaults instantiates a new BrowserPluginApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *BrowserPluginApplication) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *BrowserPluginApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *BrowserPluginApplication) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *BrowserPluginApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BrowserPluginApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BrowserPluginApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BrowserPluginApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *BrowserPluginApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *BrowserPluginApplication) GetSettings() SwaApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BrowserPluginApplication) GetSettingsOk() (*SwaApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BrowserPluginApplication) SetSettings(v SwaApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BrowserPluginApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BrowserPluginApplicationAllOf.md b/okta/docs/BrowserPluginApplicationAllOf.md
new file mode 100644
index 000000000..5e3651792
--- /dev/null
+++ b/okta/docs/BrowserPluginApplicationAllOf.md
@@ -0,0 +1,108 @@
+# BrowserPluginApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Settings** | Pointer to [**SwaApplicationSettings**](SwaApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewBrowserPluginApplicationAllOf
+
+`func NewBrowserPluginApplicationAllOf() *BrowserPluginApplicationAllOf`
+
+NewBrowserPluginApplicationAllOf instantiates a new BrowserPluginApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBrowserPluginApplicationAllOfWithDefaults
+
+`func NewBrowserPluginApplicationAllOfWithDefaults() *BrowserPluginApplicationAllOf`
+
+NewBrowserPluginApplicationAllOfWithDefaults instantiates a new BrowserPluginApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *BrowserPluginApplicationAllOf) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *BrowserPluginApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *BrowserPluginApplicationAllOf) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *BrowserPluginApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *BrowserPluginApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *BrowserPluginApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *BrowserPluginApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *BrowserPluginApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *BrowserPluginApplicationAllOf) GetSettings() SwaApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *BrowserPluginApplicationAllOf) GetSettingsOk() (*SwaApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *BrowserPluginApplicationAllOf) SetSettings(v SwaApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *BrowserPluginApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BulkDeleteRequestBody.md b/okta/docs/BulkDeleteRequestBody.md
new file mode 100644
index 000000000..bbf5e9e58
--- /dev/null
+++ b/okta/docs/BulkDeleteRequestBody.md
@@ -0,0 +1,82 @@
+# BulkDeleteRequestBody
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EntityType** | Pointer to **string** |  | [optional] 
+**Profiles** | Pointer to [**[]IdentitySourceUserProfileForDelete**](IdentitySourceUserProfileForDelete.md) |  | [optional] 
+
+## Methods
+
+### NewBulkDeleteRequestBody
+
+`func NewBulkDeleteRequestBody() *BulkDeleteRequestBody`
+
+NewBulkDeleteRequestBody instantiates a new BulkDeleteRequestBody object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBulkDeleteRequestBodyWithDefaults
+
+`func NewBulkDeleteRequestBodyWithDefaults() *BulkDeleteRequestBody`
+
+NewBulkDeleteRequestBodyWithDefaults instantiates a new BulkDeleteRequestBody object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEntityType
+
+`func (o *BulkDeleteRequestBody) GetEntityType() string`
+
+GetEntityType returns the EntityType field if non-nil, zero value otherwise.
+
+### GetEntityTypeOk
+
+`func (o *BulkDeleteRequestBody) GetEntityTypeOk() (*string, bool)`
+
+GetEntityTypeOk returns a tuple with the EntityType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEntityType
+
+`func (o *BulkDeleteRequestBody) SetEntityType(v string)`
+
+SetEntityType sets EntityType field to given value.
+
+### HasEntityType
+
+`func (o *BulkDeleteRequestBody) HasEntityType() bool`
+
+HasEntityType returns a boolean if a field has been set.
+
+### GetProfiles
+
+`func (o *BulkDeleteRequestBody) GetProfiles() []IdentitySourceUserProfileForDelete`
+
+GetProfiles returns the Profiles field if non-nil, zero value otherwise.
+
+### GetProfilesOk
+
+`func (o *BulkDeleteRequestBody) GetProfilesOk() (*[]IdentitySourceUserProfileForDelete, bool)`
+
+GetProfilesOk returns a tuple with the Profiles field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfiles
+
+`func (o *BulkDeleteRequestBody) SetProfiles(v []IdentitySourceUserProfileForDelete)`
+
+SetProfiles sets Profiles field to given value.
+
+### HasProfiles
+
+`func (o *BulkDeleteRequestBody) HasProfiles() bool`
+
+HasProfiles returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/BulkUpsertRequestBody.md b/okta/docs/BulkUpsertRequestBody.md
new file mode 100644
index 000000000..34a759126
--- /dev/null
+++ b/okta/docs/BulkUpsertRequestBody.md
@@ -0,0 +1,82 @@
+# BulkUpsertRequestBody
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EntityType** | Pointer to **string** |  | [optional] 
+**Profiles** | Pointer to [**[]IdentitySourceUserProfileForUpsert**](IdentitySourceUserProfileForUpsert.md) |  | [optional] 
+
+## Methods
+
+### NewBulkUpsertRequestBody
+
+`func NewBulkUpsertRequestBody() *BulkUpsertRequestBody`
+
+NewBulkUpsertRequestBody instantiates a new BulkUpsertRequestBody object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBulkUpsertRequestBodyWithDefaults
+
+`func NewBulkUpsertRequestBodyWithDefaults() *BulkUpsertRequestBody`
+
+NewBulkUpsertRequestBodyWithDefaults instantiates a new BulkUpsertRequestBody object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEntityType
+
+`func (o *BulkUpsertRequestBody) GetEntityType() string`
+
+GetEntityType returns the EntityType field if non-nil, zero value otherwise.
+
+### GetEntityTypeOk
+
+`func (o *BulkUpsertRequestBody) GetEntityTypeOk() (*string, bool)`
+
+GetEntityTypeOk returns a tuple with the EntityType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEntityType
+
+`func (o *BulkUpsertRequestBody) SetEntityType(v string)`
+
+SetEntityType sets EntityType field to given value.
+
+### HasEntityType
+
+`func (o *BulkUpsertRequestBody) HasEntityType() bool`
+
+HasEntityType returns a boolean if a field has been set.
+
+### GetProfiles
+
+`func (o *BulkUpsertRequestBody) GetProfiles() []IdentitySourceUserProfileForUpsert`
+
+GetProfiles returns the Profiles field if non-nil, zero value otherwise.
+
+### GetProfilesOk
+
+`func (o *BulkUpsertRequestBody) GetProfilesOk() (*[]IdentitySourceUserProfileForUpsert, bool)`
+
+GetProfilesOk returns a tuple with the Profiles field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfiles
+
+`func (o *BulkUpsertRequestBody) SetProfiles(v []IdentitySourceUserProfileForUpsert)`
+
+SetProfiles sets Profiles field to given value.
+
+### HasProfiles
+
+`func (o *BulkUpsertRequestBody) HasProfiles() bool`
+
+HasProfiles returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CAPTCHAApi.md b/okta/docs/CAPTCHAApi.md
new file mode 100644
index 000000000..50f1fb91f
--- /dev/null
+++ b/okta/docs/CAPTCHAApi.md
@@ -0,0 +1,423 @@
+# \CAPTCHAApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateCaptchaInstance**](CAPTCHAApi.md#CreateCaptchaInstance) | **Post** /api/v1/captchas | Create a CAPTCHA instance
+[**DeleteCaptchaInstance**](CAPTCHAApi.md#DeleteCaptchaInstance) | **Delete** /api/v1/captchas/{captchaId} | Delete a CAPTCHA Instance
+[**GetCaptchaInstance**](CAPTCHAApi.md#GetCaptchaInstance) | **Get** /api/v1/captchas/{captchaId} | Retrieve a CAPTCHA Instance
+[**ListCaptchaInstances**](CAPTCHAApi.md#ListCaptchaInstances) | **Get** /api/v1/captchas | List all CAPTCHA instances
+[**ReplaceCaptchaInstance**](CAPTCHAApi.md#ReplaceCaptchaInstance) | **Put** /api/v1/captchas/{captchaId} | Replace a CAPTCHA instance
+[**UpdateCaptchaInstance**](CAPTCHAApi.md#UpdateCaptchaInstance) | **Post** /api/v1/captchas/{captchaId} | Update a CAPTCHA instance
+
+
+
+## CreateCaptchaInstance
+
+> CAPTCHAInstance CreateCaptchaInstance(ctx).Instance(instance).Execute()
+
+Create a CAPTCHA instance
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    instance := *openapiclient.NewCAPTCHAInstance() // CAPTCHAInstance | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CAPTCHAApi.CreateCaptchaInstance(context.Background()).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CAPTCHAApi.CreateCaptchaInstance``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateCaptchaInstance`: CAPTCHAInstance
+    fmt.Fprintf(os.Stdout, "Response from `CAPTCHAApi.CreateCaptchaInstance`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateCaptchaInstanceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **instance** | [**CAPTCHAInstance**](CAPTCHAInstance.md) |  | 
+
+### Return type
+
+[**CAPTCHAInstance**](CAPTCHAInstance.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteCaptchaInstance
+
+> DeleteCaptchaInstance(ctx, captchaId).Execute()
+
+Delete a CAPTCHA Instance
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    captchaId := "abcd1234" // string | id of the CAPTCHA
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CAPTCHAApi.DeleteCaptchaInstance(context.Background(), captchaId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CAPTCHAApi.DeleteCaptchaInstance``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**captchaId** | **string** | id of the CAPTCHA | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteCaptchaInstanceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetCaptchaInstance
+
+> CAPTCHAInstance GetCaptchaInstance(ctx, captchaId).Execute()
+
+Retrieve a CAPTCHA Instance
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    captchaId := "abcd1234" // string | id of the CAPTCHA
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CAPTCHAApi.GetCaptchaInstance(context.Background(), captchaId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CAPTCHAApi.GetCaptchaInstance``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetCaptchaInstance`: CAPTCHAInstance
+    fmt.Fprintf(os.Stdout, "Response from `CAPTCHAApi.GetCaptchaInstance`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**captchaId** | **string** | id of the CAPTCHA | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetCaptchaInstanceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**CAPTCHAInstance**](CAPTCHAInstance.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListCaptchaInstances
+
+> []CAPTCHAInstance ListCaptchaInstances(ctx).Execute()
+
+List all CAPTCHA instances
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CAPTCHAApi.ListCaptchaInstances(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CAPTCHAApi.ListCaptchaInstances``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListCaptchaInstances`: []CAPTCHAInstance
+    fmt.Fprintf(os.Stdout, "Response from `CAPTCHAApi.ListCaptchaInstances`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListCaptchaInstancesRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]CAPTCHAInstance**](CAPTCHAInstance.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceCaptchaInstance
+
+> CAPTCHAInstance ReplaceCaptchaInstance(ctx, captchaId).Instance(instance).Execute()
+
+Replace a CAPTCHA instance
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    captchaId := "abcd1234" // string | id of the CAPTCHA
+    instance := *openapiclient.NewCAPTCHAInstance() // CAPTCHAInstance | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CAPTCHAApi.ReplaceCaptchaInstance(context.Background(), captchaId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CAPTCHAApi.ReplaceCaptchaInstance``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceCaptchaInstance`: CAPTCHAInstance
+    fmt.Fprintf(os.Stdout, "Response from `CAPTCHAApi.ReplaceCaptchaInstance`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**captchaId** | **string** | id of the CAPTCHA | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceCaptchaInstanceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**CAPTCHAInstance**](CAPTCHAInstance.md) |  | 
+
+### Return type
+
+[**CAPTCHAInstance**](CAPTCHAInstance.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateCaptchaInstance
+
+> CAPTCHAInstance UpdateCaptchaInstance(ctx, captchaId).Instance(instance).Execute()
+
+Update a CAPTCHA instance
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    captchaId := "abcd1234" // string | id of the CAPTCHA
+    instance := *openapiclient.NewCAPTCHAInstance() // CAPTCHAInstance | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CAPTCHAApi.UpdateCaptchaInstance(context.Background(), captchaId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CAPTCHAApi.UpdateCaptchaInstance``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateCaptchaInstance`: CAPTCHAInstance
+    fmt.Fprintf(os.Stdout, "Response from `CAPTCHAApi.UpdateCaptchaInstance`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**captchaId** | **string** | id of the CAPTCHA | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateCaptchaInstanceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**CAPTCHAInstance**](CAPTCHAInstance.md) |  | 
+
+### Return type
+
+[**CAPTCHAInstance**](CAPTCHAInstance.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/CAPTCHAInstance.md b/okta/docs/CAPTCHAInstance.md
new file mode 100644
index 000000000..0f3947029
--- /dev/null
+++ b/okta/docs/CAPTCHAInstance.md
@@ -0,0 +1,186 @@
+# CAPTCHAInstance
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**SecretKey** | Pointer to **string** |  | [optional] 
+**SiteKey** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**CAPTCHAType**](CAPTCHAType.md) |  | [optional] 
+**Links** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+
+## Methods
+
+### NewCAPTCHAInstance
+
+`func NewCAPTCHAInstance() *CAPTCHAInstance`
+
+NewCAPTCHAInstance instantiates a new CAPTCHAInstance object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCAPTCHAInstanceWithDefaults
+
+`func NewCAPTCHAInstanceWithDefaults() *CAPTCHAInstance`
+
+NewCAPTCHAInstanceWithDefaults instantiates a new CAPTCHAInstance object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *CAPTCHAInstance) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *CAPTCHAInstance) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *CAPTCHAInstance) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *CAPTCHAInstance) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *CAPTCHAInstance) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *CAPTCHAInstance) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *CAPTCHAInstance) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *CAPTCHAInstance) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSecretKey
+
+`func (o *CAPTCHAInstance) GetSecretKey() string`
+
+GetSecretKey returns the SecretKey field if non-nil, zero value otherwise.
+
+### GetSecretKeyOk
+
+`func (o *CAPTCHAInstance) GetSecretKeyOk() (*string, bool)`
+
+GetSecretKeyOk returns a tuple with the SecretKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecretKey
+
+`func (o *CAPTCHAInstance) SetSecretKey(v string)`
+
+SetSecretKey sets SecretKey field to given value.
+
+### HasSecretKey
+
+`func (o *CAPTCHAInstance) HasSecretKey() bool`
+
+HasSecretKey returns a boolean if a field has been set.
+
+### GetSiteKey
+
+`func (o *CAPTCHAInstance) GetSiteKey() string`
+
+GetSiteKey returns the SiteKey field if non-nil, zero value otherwise.
+
+### GetSiteKeyOk
+
+`func (o *CAPTCHAInstance) GetSiteKeyOk() (*string, bool)`
+
+GetSiteKeyOk returns a tuple with the SiteKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSiteKey
+
+`func (o *CAPTCHAInstance) SetSiteKey(v string)`
+
+SetSiteKey sets SiteKey field to given value.
+
+### HasSiteKey
+
+`func (o *CAPTCHAInstance) HasSiteKey() bool`
+
+HasSiteKey returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *CAPTCHAInstance) GetType() CAPTCHAType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *CAPTCHAInstance) GetTypeOk() (*CAPTCHAType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *CAPTCHAInstance) SetType(v CAPTCHAType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *CAPTCHAInstance) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *CAPTCHAInstance) GetLinks() ApiTokenLink`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *CAPTCHAInstance) GetLinksOk() (*ApiTokenLink, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *CAPTCHAInstance) SetLinks(v ApiTokenLink)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *CAPTCHAInstance) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CAPTCHAType.md b/okta/docs/CAPTCHAType.md
new file mode 100644
index 000000000..14eab7943
--- /dev/null
+++ b/okta/docs/CAPTCHAType.md
@@ -0,0 +1,13 @@
+# CAPTCHAType
+
+## Enum
+
+
+* `HCAPTCHA` (value: `"HCAPTCHA"`)
+
+* `RECAPTCHA_V2` (value: `"RECAPTCHA_V2"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CallUserFactor.md b/okta/docs/CallUserFactor.md
new file mode 100644
index 000000000..b975aa610
--- /dev/null
+++ b/okta/docs/CallUserFactor.md
@@ -0,0 +1,56 @@
+# CallUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**CallUserFactorProfile**](CallUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewCallUserFactor
+
+`func NewCallUserFactor() *CallUserFactor`
+
+NewCallUserFactor instantiates a new CallUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCallUserFactorWithDefaults
+
+`func NewCallUserFactorWithDefaults() *CallUserFactor`
+
+NewCallUserFactorWithDefaults instantiates a new CallUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *CallUserFactor) GetProfile() CallUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *CallUserFactor) GetProfileOk() (*CallUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *CallUserFactor) SetProfile(v CallUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *CallUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CallUserFactorAllOf.md b/okta/docs/CallUserFactorAllOf.md
new file mode 100644
index 000000000..2afdbd9ef
--- /dev/null
+++ b/okta/docs/CallUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# CallUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**CallUserFactorProfile**](CallUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewCallUserFactorAllOf
+
+`func NewCallUserFactorAllOf() *CallUserFactorAllOf`
+
+NewCallUserFactorAllOf instantiates a new CallUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCallUserFactorAllOfWithDefaults
+
+`func NewCallUserFactorAllOfWithDefaults() *CallUserFactorAllOf`
+
+NewCallUserFactorAllOfWithDefaults instantiates a new CallUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *CallUserFactorAllOf) GetProfile() CallUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *CallUserFactorAllOf) GetProfileOk() (*CallUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *CallUserFactorAllOf) SetProfile(v CallUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *CallUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CallUserFactorProfile.md b/okta/docs/CallUserFactorProfile.md
new file mode 100644
index 000000000..40a022ed7
--- /dev/null
+++ b/okta/docs/CallUserFactorProfile.md
@@ -0,0 +1,82 @@
+# CallUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PhoneExtension** | Pointer to **string** |  | [optional] 
+**PhoneNumber** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewCallUserFactorProfile
+
+`func NewCallUserFactorProfile() *CallUserFactorProfile`
+
+NewCallUserFactorProfile instantiates a new CallUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCallUserFactorProfileWithDefaults
+
+`func NewCallUserFactorProfileWithDefaults() *CallUserFactorProfile`
+
+NewCallUserFactorProfileWithDefaults instantiates a new CallUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPhoneExtension
+
+`func (o *CallUserFactorProfile) GetPhoneExtension() string`
+
+GetPhoneExtension returns the PhoneExtension field if non-nil, zero value otherwise.
+
+### GetPhoneExtensionOk
+
+`func (o *CallUserFactorProfile) GetPhoneExtensionOk() (*string, bool)`
+
+GetPhoneExtensionOk returns a tuple with the PhoneExtension field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPhoneExtension
+
+`func (o *CallUserFactorProfile) SetPhoneExtension(v string)`
+
+SetPhoneExtension sets PhoneExtension field to given value.
+
+### HasPhoneExtension
+
+`func (o *CallUserFactorProfile) HasPhoneExtension() bool`
+
+HasPhoneExtension returns a boolean if a field has been set.
+
+### GetPhoneNumber
+
+`func (o *CallUserFactorProfile) GetPhoneNumber() string`
+
+GetPhoneNumber returns the PhoneNumber field if non-nil, zero value otherwise.
+
+### GetPhoneNumberOk
+
+`func (o *CallUserFactorProfile) GetPhoneNumberOk() (*string, bool)`
+
+GetPhoneNumberOk returns a tuple with the PhoneNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPhoneNumber
+
+`func (o *CallUserFactorProfile) SetPhoneNumber(v string)`
+
+SetPhoneNumber sets PhoneNumber field to given value.
+
+### HasPhoneNumber
+
+`func (o *CallUserFactorProfile) HasPhoneNumber() bool`
+
+HasPhoneNumber returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CapabilitiesCreateObject.md b/okta/docs/CapabilitiesCreateObject.md
new file mode 100644
index 000000000..1091cfdc1
--- /dev/null
+++ b/okta/docs/CapabilitiesCreateObject.md
@@ -0,0 +1,56 @@
+# CapabilitiesCreateObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**LifecycleCreate** | Pointer to [**LifecycleCreateSettingObject**](LifecycleCreateSettingObject.md) |  | [optional] 
+
+## Methods
+
+### NewCapabilitiesCreateObject
+
+`func NewCapabilitiesCreateObject() *CapabilitiesCreateObject`
+
+NewCapabilitiesCreateObject instantiates a new CapabilitiesCreateObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCapabilitiesCreateObjectWithDefaults
+
+`func NewCapabilitiesCreateObjectWithDefaults() *CapabilitiesCreateObject`
+
+NewCapabilitiesCreateObjectWithDefaults instantiates a new CapabilitiesCreateObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLifecycleCreate
+
+`func (o *CapabilitiesCreateObject) GetLifecycleCreate() LifecycleCreateSettingObject`
+
+GetLifecycleCreate returns the LifecycleCreate field if non-nil, zero value otherwise.
+
+### GetLifecycleCreateOk
+
+`func (o *CapabilitiesCreateObject) GetLifecycleCreateOk() (*LifecycleCreateSettingObject, bool)`
+
+GetLifecycleCreateOk returns a tuple with the LifecycleCreate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLifecycleCreate
+
+`func (o *CapabilitiesCreateObject) SetLifecycleCreate(v LifecycleCreateSettingObject)`
+
+SetLifecycleCreate sets LifecycleCreate field to given value.
+
+### HasLifecycleCreate
+
+`func (o *CapabilitiesCreateObject) HasLifecycleCreate() bool`
+
+HasLifecycleCreate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CapabilitiesObject.md b/okta/docs/CapabilitiesObject.md
new file mode 100644
index 000000000..c6540b26c
--- /dev/null
+++ b/okta/docs/CapabilitiesObject.md
@@ -0,0 +1,82 @@
+# CapabilitiesObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Create** | Pointer to [**CapabilitiesCreateObject**](CapabilitiesCreateObject.md) |  | [optional] 
+**Update** | Pointer to [**CapabilitiesUpdateObject**](CapabilitiesUpdateObject.md) |  | [optional] 
+
+## Methods
+
+### NewCapabilitiesObject
+
+`func NewCapabilitiesObject() *CapabilitiesObject`
+
+NewCapabilitiesObject instantiates a new CapabilitiesObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCapabilitiesObjectWithDefaults
+
+`func NewCapabilitiesObjectWithDefaults() *CapabilitiesObject`
+
+NewCapabilitiesObjectWithDefaults instantiates a new CapabilitiesObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreate
+
+`func (o *CapabilitiesObject) GetCreate() CapabilitiesCreateObject`
+
+GetCreate returns the Create field if non-nil, zero value otherwise.
+
+### GetCreateOk
+
+`func (o *CapabilitiesObject) GetCreateOk() (*CapabilitiesCreateObject, bool)`
+
+GetCreateOk returns a tuple with the Create field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreate
+
+`func (o *CapabilitiesObject) SetCreate(v CapabilitiesCreateObject)`
+
+SetCreate sets Create field to given value.
+
+### HasCreate
+
+`func (o *CapabilitiesObject) HasCreate() bool`
+
+HasCreate returns a boolean if a field has been set.
+
+### GetUpdate
+
+`func (o *CapabilitiesObject) GetUpdate() CapabilitiesUpdateObject`
+
+GetUpdate returns the Update field if non-nil, zero value otherwise.
+
+### GetUpdateOk
+
+`func (o *CapabilitiesObject) GetUpdateOk() (*CapabilitiesUpdateObject, bool)`
+
+GetUpdateOk returns a tuple with the Update field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUpdate
+
+`func (o *CapabilitiesObject) SetUpdate(v CapabilitiesUpdateObject)`
+
+SetUpdate sets Update field to given value.
+
+### HasUpdate
+
+`func (o *CapabilitiesObject) HasUpdate() bool`
+
+HasUpdate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CapabilitiesUpdateObject.md b/okta/docs/CapabilitiesUpdateObject.md
new file mode 100644
index 000000000..22976dc58
--- /dev/null
+++ b/okta/docs/CapabilitiesUpdateObject.md
@@ -0,0 +1,108 @@
+# CapabilitiesUpdateObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**LifecycleDeactivate** | Pointer to [**LifecycleDeactivateSettingObject**](LifecycleDeactivateSettingObject.md) |  | [optional] 
+**Password** | Pointer to [**PasswordSettingObject**](PasswordSettingObject.md) |  | [optional] 
+**Profile** | Pointer to [**ProfileSettingObject**](ProfileSettingObject.md) |  | [optional] 
+
+## Methods
+
+### NewCapabilitiesUpdateObject
+
+`func NewCapabilitiesUpdateObject() *CapabilitiesUpdateObject`
+
+NewCapabilitiesUpdateObject instantiates a new CapabilitiesUpdateObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCapabilitiesUpdateObjectWithDefaults
+
+`func NewCapabilitiesUpdateObjectWithDefaults() *CapabilitiesUpdateObject`
+
+NewCapabilitiesUpdateObjectWithDefaults instantiates a new CapabilitiesUpdateObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLifecycleDeactivate
+
+`func (o *CapabilitiesUpdateObject) GetLifecycleDeactivate() LifecycleDeactivateSettingObject`
+
+GetLifecycleDeactivate returns the LifecycleDeactivate field if non-nil, zero value otherwise.
+
+### GetLifecycleDeactivateOk
+
+`func (o *CapabilitiesUpdateObject) GetLifecycleDeactivateOk() (*LifecycleDeactivateSettingObject, bool)`
+
+GetLifecycleDeactivateOk returns a tuple with the LifecycleDeactivate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLifecycleDeactivate
+
+`func (o *CapabilitiesUpdateObject) SetLifecycleDeactivate(v LifecycleDeactivateSettingObject)`
+
+SetLifecycleDeactivate sets LifecycleDeactivate field to given value.
+
+### HasLifecycleDeactivate
+
+`func (o *CapabilitiesUpdateObject) HasLifecycleDeactivate() bool`
+
+HasLifecycleDeactivate returns a boolean if a field has been set.
+
+### GetPassword
+
+`func (o *CapabilitiesUpdateObject) GetPassword() PasswordSettingObject`
+
+GetPassword returns the Password field if non-nil, zero value otherwise.
+
+### GetPasswordOk
+
+`func (o *CapabilitiesUpdateObject) GetPasswordOk() (*PasswordSettingObject, bool)`
+
+GetPasswordOk returns a tuple with the Password field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassword
+
+`func (o *CapabilitiesUpdateObject) SetPassword(v PasswordSettingObject)`
+
+SetPassword sets Password field to given value.
+
+### HasPassword
+
+`func (o *CapabilitiesUpdateObject) HasPassword() bool`
+
+HasPassword returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *CapabilitiesUpdateObject) GetProfile() ProfileSettingObject`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *CapabilitiesUpdateObject) GetProfileOk() (*ProfileSettingObject, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *CapabilitiesUpdateObject) SetProfile(v ProfileSettingObject)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *CapabilitiesUpdateObject) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CatalogApplication.md b/okta/docs/CatalogApplication.md
new file mode 100644
index 000000000..85b992880
--- /dev/null
+++ b/okta/docs/CatalogApplication.md
@@ -0,0 +1,342 @@
+# CatalogApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Category** | Pointer to **string** |  | [optional] 
+**Description** | Pointer to **string** |  | [optional] 
+**DisplayName** | Pointer to **string** |  | [optional] 
+**Features** | Pointer to **[]string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**SignOnModes** | Pointer to **[]string** |  | [optional] 
+**Status** | Pointer to [**CatalogApplicationStatus**](CatalogApplicationStatus.md) |  | [optional] 
+**VerificationStatus** | Pointer to **string** |  | [optional] 
+**Website** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewCatalogApplication
+
+`func NewCatalogApplication() *CatalogApplication`
+
+NewCatalogApplication instantiates a new CatalogApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCatalogApplicationWithDefaults
+
+`func NewCatalogApplicationWithDefaults() *CatalogApplication`
+
+NewCatalogApplicationWithDefaults instantiates a new CatalogApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCategory
+
+`func (o *CatalogApplication) GetCategory() string`
+
+GetCategory returns the Category field if non-nil, zero value otherwise.
+
+### GetCategoryOk
+
+`func (o *CatalogApplication) GetCategoryOk() (*string, bool)`
+
+GetCategoryOk returns a tuple with the Category field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCategory
+
+`func (o *CatalogApplication) SetCategory(v string)`
+
+SetCategory sets Category field to given value.
+
+### HasCategory
+
+`func (o *CatalogApplication) HasCategory() bool`
+
+HasCategory returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *CatalogApplication) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *CatalogApplication) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *CatalogApplication) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *CatalogApplication) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *CatalogApplication) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *CatalogApplication) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *CatalogApplication) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *CatalogApplication) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetFeatures
+
+`func (o *CatalogApplication) GetFeatures() []string`
+
+GetFeatures returns the Features field if non-nil, zero value otherwise.
+
+### GetFeaturesOk
+
+`func (o *CatalogApplication) GetFeaturesOk() (*[]string, bool)`
+
+GetFeaturesOk returns a tuple with the Features field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFeatures
+
+`func (o *CatalogApplication) SetFeatures(v []string)`
+
+SetFeatures sets Features field to given value.
+
+### HasFeatures
+
+`func (o *CatalogApplication) HasFeatures() bool`
+
+HasFeatures returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *CatalogApplication) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *CatalogApplication) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *CatalogApplication) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *CatalogApplication) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *CatalogApplication) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *CatalogApplication) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *CatalogApplication) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *CatalogApplication) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *CatalogApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *CatalogApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *CatalogApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *CatalogApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSignOnModes
+
+`func (o *CatalogApplication) GetSignOnModes() []string`
+
+GetSignOnModes returns the SignOnModes field if non-nil, zero value otherwise.
+
+### GetSignOnModesOk
+
+`func (o *CatalogApplication) GetSignOnModesOk() (*[]string, bool)`
+
+GetSignOnModesOk returns a tuple with the SignOnModes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignOnModes
+
+`func (o *CatalogApplication) SetSignOnModes(v []string)`
+
+SetSignOnModes sets SignOnModes field to given value.
+
+### HasSignOnModes
+
+`func (o *CatalogApplication) HasSignOnModes() bool`
+
+HasSignOnModes returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *CatalogApplication) GetStatus() CatalogApplicationStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *CatalogApplication) GetStatusOk() (*CatalogApplicationStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *CatalogApplication) SetStatus(v CatalogApplicationStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *CatalogApplication) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetVerificationStatus
+
+`func (o *CatalogApplication) GetVerificationStatus() string`
+
+GetVerificationStatus returns the VerificationStatus field if non-nil, zero value otherwise.
+
+### GetVerificationStatusOk
+
+`func (o *CatalogApplication) GetVerificationStatusOk() (*string, bool)`
+
+GetVerificationStatusOk returns a tuple with the VerificationStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerificationStatus
+
+`func (o *CatalogApplication) SetVerificationStatus(v string)`
+
+SetVerificationStatus sets VerificationStatus field to given value.
+
+### HasVerificationStatus
+
+`func (o *CatalogApplication) HasVerificationStatus() bool`
+
+HasVerificationStatus returns a boolean if a field has been set.
+
+### GetWebsite
+
+`func (o *CatalogApplication) GetWebsite() string`
+
+GetWebsite returns the Website field if non-nil, zero value otherwise.
+
+### GetWebsiteOk
+
+`func (o *CatalogApplication) GetWebsiteOk() (*string, bool)`
+
+GetWebsiteOk returns a tuple with the Website field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWebsite
+
+`func (o *CatalogApplication) SetWebsite(v string)`
+
+SetWebsite sets Website field to given value.
+
+### HasWebsite
+
+`func (o *CatalogApplication) HasWebsite() bool`
+
+HasWebsite returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *CatalogApplication) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *CatalogApplication) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *CatalogApplication) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *CatalogApplication) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CatalogApplicationStatus.md b/okta/docs/CatalogApplicationStatus.md
new file mode 100644
index 000000000..78d4ecc37
--- /dev/null
+++ b/okta/docs/CatalogApplicationStatus.md
@@ -0,0 +1,13 @@
+# CatalogApplicationStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ChangeEnum.md b/okta/docs/ChangeEnum.md
new file mode 100644
index 000000000..ed62540d7
--- /dev/null
+++ b/okta/docs/ChangeEnum.md
@@ -0,0 +1,13 @@
+# ChangeEnum
+
+## Enum
+
+
+* `CHANGE` (value: `"CHANGE"`)
+
+* `KEEP_EXISTING` (value: `"KEEP_EXISTING"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ChangePasswordRequest.md b/okta/docs/ChangePasswordRequest.md
new file mode 100644
index 000000000..54133de5d
--- /dev/null
+++ b/okta/docs/ChangePasswordRequest.md
@@ -0,0 +1,82 @@
+# ChangePasswordRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**NewPassword** | Pointer to [**PasswordCredential**](PasswordCredential.md) |  | [optional] 
+**OldPassword** | Pointer to [**PasswordCredential**](PasswordCredential.md) |  | [optional] 
+
+## Methods
+
+### NewChangePasswordRequest
+
+`func NewChangePasswordRequest() *ChangePasswordRequest`
+
+NewChangePasswordRequest instantiates a new ChangePasswordRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewChangePasswordRequestWithDefaults
+
+`func NewChangePasswordRequestWithDefaults() *ChangePasswordRequest`
+
+NewChangePasswordRequestWithDefaults instantiates a new ChangePasswordRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNewPassword
+
+`func (o *ChangePasswordRequest) GetNewPassword() PasswordCredential`
+
+GetNewPassword returns the NewPassword field if non-nil, zero value otherwise.
+
+### GetNewPasswordOk
+
+`func (o *ChangePasswordRequest) GetNewPasswordOk() (*PasswordCredential, bool)`
+
+GetNewPasswordOk returns a tuple with the NewPassword field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNewPassword
+
+`func (o *ChangePasswordRequest) SetNewPassword(v PasswordCredential)`
+
+SetNewPassword sets NewPassword field to given value.
+
+### HasNewPassword
+
+`func (o *ChangePasswordRequest) HasNewPassword() bool`
+
+HasNewPassword returns a boolean if a field has been set.
+
+### GetOldPassword
+
+`func (o *ChangePasswordRequest) GetOldPassword() PasswordCredential`
+
+GetOldPassword returns the OldPassword field if non-nil, zero value otherwise.
+
+### GetOldPasswordOk
+
+`func (o *ChangePasswordRequest) GetOldPasswordOk() (*PasswordCredential, bool)`
+
+GetOldPasswordOk returns a tuple with the OldPassword field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOldPassword
+
+`func (o *ChangePasswordRequest) SetOldPassword(v PasswordCredential)`
+
+SetOldPassword sets OldPassword field to given value.
+
+### HasOldPassword
+
+`func (o *ChangePasswordRequest) HasOldPassword() bool`
+
+HasOldPassword returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ChannelBinding.md b/okta/docs/ChannelBinding.md
new file mode 100644
index 000000000..676ca2df1
--- /dev/null
+++ b/okta/docs/ChannelBinding.md
@@ -0,0 +1,82 @@
+# ChannelBinding
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Required** | Pointer to [**RequiredEnum**](RequiredEnum.md) |  | [optional] 
+**Style** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewChannelBinding
+
+`func NewChannelBinding() *ChannelBinding`
+
+NewChannelBinding instantiates a new ChannelBinding object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewChannelBindingWithDefaults
+
+`func NewChannelBindingWithDefaults() *ChannelBinding`
+
+NewChannelBindingWithDefaults instantiates a new ChannelBinding object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRequired
+
+`func (o *ChannelBinding) GetRequired() RequiredEnum`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *ChannelBinding) GetRequiredOk() (*RequiredEnum, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *ChannelBinding) SetRequired(v RequiredEnum)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *ChannelBinding) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetStyle
+
+`func (o *ChannelBinding) GetStyle() string`
+
+GetStyle returns the Style field if non-nil, zero value otherwise.
+
+### GetStyleOk
+
+`func (o *ChannelBinding) GetStyleOk() (*string, bool)`
+
+GetStyleOk returns a tuple with the Style field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStyle
+
+`func (o *ChannelBinding) SetStyle(v string)`
+
+SetStyle sets Style field to given value.
+
+### HasStyle
+
+`func (o *ChannelBinding) HasStyle() bool`
+
+HasStyle returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ChromeBrowserVersion.md b/okta/docs/ChromeBrowserVersion.md
new file mode 100644
index 000000000..d06f39801
--- /dev/null
+++ b/okta/docs/ChromeBrowserVersion.md
@@ -0,0 +1,56 @@
+# ChromeBrowserVersion
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Minimum** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewChromeBrowserVersion
+
+`func NewChromeBrowserVersion() *ChromeBrowserVersion`
+
+NewChromeBrowserVersion instantiates a new ChromeBrowserVersion object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewChromeBrowserVersionWithDefaults
+
+`func NewChromeBrowserVersionWithDefaults() *ChromeBrowserVersion`
+
+NewChromeBrowserVersionWithDefaults instantiates a new ChromeBrowserVersion object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMinimum
+
+`func (o *ChromeBrowserVersion) GetMinimum() string`
+
+GetMinimum returns the Minimum field if non-nil, zero value otherwise.
+
+### GetMinimumOk
+
+`func (o *ChromeBrowserVersion) GetMinimumOk() (*string, bool)`
+
+GetMinimumOk returns a tuple with the Minimum field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinimum
+
+`func (o *ChromeBrowserVersion) SetMinimum(v string)`
+
+SetMinimum sets Minimum field to given value.
+
+### HasMinimum
+
+`func (o *ChromeBrowserVersion) HasMinimum() bool`
+
+HasMinimum returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ClientPolicyCondition.md b/okta/docs/ClientPolicyCondition.md
new file mode 100644
index 000000000..543aca831
--- /dev/null
+++ b/okta/docs/ClientPolicyCondition.md
@@ -0,0 +1,56 @@
+# ClientPolicyCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewClientPolicyCondition
+
+`func NewClientPolicyCondition() *ClientPolicyCondition`
+
+NewClientPolicyCondition instantiates a new ClientPolicyCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewClientPolicyConditionWithDefaults
+
+`func NewClientPolicyConditionWithDefaults() *ClientPolicyCondition`
+
+NewClientPolicyConditionWithDefaults instantiates a new ClientPolicyCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInclude
+
+`func (o *ClientPolicyCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *ClientPolicyCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *ClientPolicyCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *ClientPolicyCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Compliance.md b/okta/docs/Compliance.md
new file mode 100644
index 000000000..68db0ba28
--- /dev/null
+++ b/okta/docs/Compliance.md
@@ -0,0 +1,56 @@
+# Compliance
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Fips** | Pointer to [**FipsEnum**](FipsEnum.md) |  | [optional] 
+
+## Methods
+
+### NewCompliance
+
+`func NewCompliance() *Compliance`
+
+NewCompliance instantiates a new Compliance object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewComplianceWithDefaults
+
+`func NewComplianceWithDefaults() *Compliance`
+
+NewComplianceWithDefaults instantiates a new Compliance object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFips
+
+`func (o *Compliance) GetFips() FipsEnum`
+
+GetFips returns the Fips field if non-nil, zero value otherwise.
+
+### GetFipsOk
+
+`func (o *Compliance) GetFipsOk() (*FipsEnum, bool)`
+
+GetFipsOk returns a tuple with the Fips field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFips
+
+`func (o *Compliance) SetFips(v FipsEnum)`
+
+SetFips sets Fips field to given value.
+
+### HasFips
+
+`func (o *Compliance) HasFips() bool`
+
+HasFips returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ContextPolicyRuleCondition.md b/okta/docs/ContextPolicyRuleCondition.md
new file mode 100644
index 000000000..7234d2a4b
--- /dev/null
+++ b/okta/docs/ContextPolicyRuleCondition.md
@@ -0,0 +1,160 @@
+# ContextPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Migrated** | Pointer to **bool** |  | [optional] 
+**Platform** | Pointer to [**DevicePolicyRuleConditionPlatform**](DevicePolicyRuleConditionPlatform.md) |  | [optional] 
+**Rooted** | Pointer to **bool** |  | [optional] 
+**TrustLevel** | Pointer to [**DevicePolicyTrustLevel**](DevicePolicyTrustLevel.md) |  | [optional] 
+**Expression** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewContextPolicyRuleCondition
+
+`func NewContextPolicyRuleCondition() *ContextPolicyRuleCondition`
+
+NewContextPolicyRuleCondition instantiates a new ContextPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewContextPolicyRuleConditionWithDefaults
+
+`func NewContextPolicyRuleConditionWithDefaults() *ContextPolicyRuleCondition`
+
+NewContextPolicyRuleConditionWithDefaults instantiates a new ContextPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMigrated
+
+`func (o *ContextPolicyRuleCondition) GetMigrated() bool`
+
+GetMigrated returns the Migrated field if non-nil, zero value otherwise.
+
+### GetMigratedOk
+
+`func (o *ContextPolicyRuleCondition) GetMigratedOk() (*bool, bool)`
+
+GetMigratedOk returns a tuple with the Migrated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMigrated
+
+`func (o *ContextPolicyRuleCondition) SetMigrated(v bool)`
+
+SetMigrated sets Migrated field to given value.
+
+### HasMigrated
+
+`func (o *ContextPolicyRuleCondition) HasMigrated() bool`
+
+HasMigrated returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *ContextPolicyRuleCondition) GetPlatform() DevicePolicyRuleConditionPlatform`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *ContextPolicyRuleCondition) GetPlatformOk() (*DevicePolicyRuleConditionPlatform, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *ContextPolicyRuleCondition) SetPlatform(v DevicePolicyRuleConditionPlatform)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *ContextPolicyRuleCondition) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRooted
+
+`func (o *ContextPolicyRuleCondition) GetRooted() bool`
+
+GetRooted returns the Rooted field if non-nil, zero value otherwise.
+
+### GetRootedOk
+
+`func (o *ContextPolicyRuleCondition) GetRootedOk() (*bool, bool)`
+
+GetRootedOk returns a tuple with the Rooted field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRooted
+
+`func (o *ContextPolicyRuleCondition) SetRooted(v bool)`
+
+SetRooted sets Rooted field to given value.
+
+### HasRooted
+
+`func (o *ContextPolicyRuleCondition) HasRooted() bool`
+
+HasRooted returns a boolean if a field has been set.
+
+### GetTrustLevel
+
+`func (o *ContextPolicyRuleCondition) GetTrustLevel() DevicePolicyTrustLevel`
+
+GetTrustLevel returns the TrustLevel field if non-nil, zero value otherwise.
+
+### GetTrustLevelOk
+
+`func (o *ContextPolicyRuleCondition) GetTrustLevelOk() (*DevicePolicyTrustLevel, bool)`
+
+GetTrustLevelOk returns a tuple with the TrustLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTrustLevel
+
+`func (o *ContextPolicyRuleCondition) SetTrustLevel(v DevicePolicyTrustLevel)`
+
+SetTrustLevel sets TrustLevel field to given value.
+
+### HasTrustLevel
+
+`func (o *ContextPolicyRuleCondition) HasTrustLevel() bool`
+
+HasTrustLevel returns a boolean if a field has been set.
+
+### GetExpression
+
+`func (o *ContextPolicyRuleCondition) GetExpression() string`
+
+GetExpression returns the Expression field if non-nil, zero value otherwise.
+
+### GetExpressionOk
+
+`func (o *ContextPolicyRuleCondition) GetExpressionOk() (*string, bool)`
+
+GetExpressionOk returns a tuple with the Expression field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpression
+
+`func (o *ContextPolicyRuleCondition) SetExpression(v string)`
+
+SetExpression sets Expression field to given value.
+
+### HasExpression
+
+`func (o *ContextPolicyRuleCondition) HasExpression() bool`
+
+HasExpression returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ContextPolicyRuleConditionAllOf.md b/okta/docs/ContextPolicyRuleConditionAllOf.md
new file mode 100644
index 000000000..cb0259bd2
--- /dev/null
+++ b/okta/docs/ContextPolicyRuleConditionAllOf.md
@@ -0,0 +1,56 @@
+# ContextPolicyRuleConditionAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expression** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewContextPolicyRuleConditionAllOf
+
+`func NewContextPolicyRuleConditionAllOf() *ContextPolicyRuleConditionAllOf`
+
+NewContextPolicyRuleConditionAllOf instantiates a new ContextPolicyRuleConditionAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewContextPolicyRuleConditionAllOfWithDefaults
+
+`func NewContextPolicyRuleConditionAllOfWithDefaults() *ContextPolicyRuleConditionAllOf`
+
+NewContextPolicyRuleConditionAllOfWithDefaults instantiates a new ContextPolicyRuleConditionAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpression
+
+`func (o *ContextPolicyRuleConditionAllOf) GetExpression() string`
+
+GetExpression returns the Expression field if non-nil, zero value otherwise.
+
+### GetExpressionOk
+
+`func (o *ContextPolicyRuleConditionAllOf) GetExpressionOk() (*string, bool)`
+
+GetExpressionOk returns a tuple with the Expression field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpression
+
+`func (o *ContextPolicyRuleConditionAllOf) SetExpression(v string)`
+
+SetExpression sets Expression field to given value.
+
+### HasExpression
+
+`func (o *ContextPolicyRuleConditionAllOf) HasExpression() bool`
+
+HasExpression returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CreateBrandDomainRequest.md b/okta/docs/CreateBrandDomainRequest.md
new file mode 100644
index 000000000..006d6dfca
--- /dev/null
+++ b/okta/docs/CreateBrandDomainRequest.md
@@ -0,0 +1,56 @@
+# CreateBrandDomainRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DomainId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewCreateBrandDomainRequest
+
+`func NewCreateBrandDomainRequest() *CreateBrandDomainRequest`
+
+NewCreateBrandDomainRequest instantiates a new CreateBrandDomainRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCreateBrandDomainRequestWithDefaults
+
+`func NewCreateBrandDomainRequestWithDefaults() *CreateBrandDomainRequest`
+
+NewCreateBrandDomainRequestWithDefaults instantiates a new CreateBrandDomainRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDomainId
+
+`func (o *CreateBrandDomainRequest) GetDomainId() string`
+
+GetDomainId returns the DomainId field if non-nil, zero value otherwise.
+
+### GetDomainIdOk
+
+`func (o *CreateBrandDomainRequest) GetDomainIdOk() (*string, bool)`
+
+GetDomainIdOk returns a tuple with the DomainId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomainId
+
+`func (o *CreateBrandDomainRequest) SetDomainId(v string)`
+
+SetDomainId sets DomainId field to given value.
+
+### HasDomainId
+
+`func (o *CreateBrandDomainRequest) HasDomainId() bool`
+
+HasDomainId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CreateBrandRequest.md b/okta/docs/CreateBrandRequest.md
new file mode 100644
index 000000000..6f131725d
--- /dev/null
+++ b/okta/docs/CreateBrandRequest.md
@@ -0,0 +1,56 @@
+# CreateBrandRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Name** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewCreateBrandRequest
+
+`func NewCreateBrandRequest() *CreateBrandRequest`
+
+NewCreateBrandRequest instantiates a new CreateBrandRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCreateBrandRequestWithDefaults
+
+`func NewCreateBrandRequestWithDefaults() *CreateBrandRequest`
+
+NewCreateBrandRequestWithDefaults instantiates a new CreateBrandRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetName
+
+`func (o *CreateBrandRequest) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *CreateBrandRequest) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *CreateBrandRequest) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *CreateBrandRequest) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CreateSessionRequest.md b/okta/docs/CreateSessionRequest.md
new file mode 100644
index 000000000..7a32f2fa4
--- /dev/null
+++ b/okta/docs/CreateSessionRequest.md
@@ -0,0 +1,56 @@
+# CreateSessionRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SessionToken** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewCreateSessionRequest
+
+`func NewCreateSessionRequest() *CreateSessionRequest`
+
+NewCreateSessionRequest instantiates a new CreateSessionRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCreateSessionRequestWithDefaults
+
+`func NewCreateSessionRequestWithDefaults() *CreateSessionRequest`
+
+NewCreateSessionRequestWithDefaults instantiates a new CreateSessionRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSessionToken
+
+`func (o *CreateSessionRequest) GetSessionToken() string`
+
+GetSessionToken returns the SessionToken field if non-nil, zero value otherwise.
+
+### GetSessionTokenOk
+
+`func (o *CreateSessionRequest) GetSessionTokenOk() (*string, bool)`
+
+GetSessionTokenOk returns a tuple with the SessionToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSessionToken
+
+`func (o *CreateSessionRequest) SetSessionToken(v string)`
+
+SetSessionToken sets SessionToken field to given value.
+
+### HasSessionToken
+
+`func (o *CreateSessionRequest) HasSessionToken() bool`
+
+HasSessionToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CreateUserRequest.md b/okta/docs/CreateUserRequest.md
new file mode 100644
index 000000000..8d31f45fc
--- /dev/null
+++ b/okta/docs/CreateUserRequest.md
@@ -0,0 +1,129 @@
+# CreateUserRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**UserCredentials**](UserCredentials.md) |  | [optional] 
+**GroupIds** | Pointer to **[]string** |  | [optional] 
+**Profile** | [**UserProfile**](UserProfile.md) |  | 
+**Type** | Pointer to [**UserType**](UserType.md) |  | [optional] 
+
+## Methods
+
+### NewCreateUserRequest
+
+`func NewCreateUserRequest(profile UserProfile, ) *CreateUserRequest`
+
+NewCreateUserRequest instantiates a new CreateUserRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCreateUserRequestWithDefaults
+
+`func NewCreateUserRequestWithDefaults() *CreateUserRequest`
+
+NewCreateUserRequestWithDefaults instantiates a new CreateUserRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *CreateUserRequest) GetCredentials() UserCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *CreateUserRequest) GetCredentialsOk() (*UserCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *CreateUserRequest) SetCredentials(v UserCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *CreateUserRequest) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetGroupIds
+
+`func (o *CreateUserRequest) GetGroupIds() []string`
+
+GetGroupIds returns the GroupIds field if non-nil, zero value otherwise.
+
+### GetGroupIdsOk
+
+`func (o *CreateUserRequest) GetGroupIdsOk() (*[]string, bool)`
+
+GetGroupIdsOk returns a tuple with the GroupIds field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroupIds
+
+`func (o *CreateUserRequest) SetGroupIds(v []string)`
+
+SetGroupIds sets GroupIds field to given value.
+
+### HasGroupIds
+
+`func (o *CreateUserRequest) HasGroupIds() bool`
+
+HasGroupIds returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *CreateUserRequest) GetProfile() UserProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *CreateUserRequest) GetProfileOk() (*UserProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *CreateUserRequest) SetProfile(v UserProfile)`
+
+SetProfile sets Profile field to given value.
+
+
+### GetType
+
+`func (o *CreateUserRequest) GetType() UserType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *CreateUserRequest) GetTypeOk() (*UserType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *CreateUserRequest) SetType(v UserType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *CreateUserRequest) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Csr.md b/okta/docs/Csr.md
new file mode 100644
index 000000000..1792d6e8e
--- /dev/null
+++ b/okta/docs/Csr.md
@@ -0,0 +1,134 @@
+# Csr
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Csr** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Kty** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewCsr
+
+`func NewCsr() *Csr`
+
+NewCsr instantiates a new Csr object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCsrWithDefaults
+
+`func NewCsrWithDefaults() *Csr`
+
+NewCsrWithDefaults instantiates a new Csr object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *Csr) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Csr) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Csr) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Csr) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCsr
+
+`func (o *Csr) GetCsr() string`
+
+GetCsr returns the Csr field if non-nil, zero value otherwise.
+
+### GetCsrOk
+
+`func (o *Csr) GetCsrOk() (*string, bool)`
+
+GetCsrOk returns a tuple with the Csr field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCsr
+
+`func (o *Csr) SetCsr(v string)`
+
+SetCsr sets Csr field to given value.
+
+### HasCsr
+
+`func (o *Csr) HasCsr() bool`
+
+HasCsr returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Csr) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Csr) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Csr) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Csr) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetKty
+
+`func (o *Csr) GetKty() string`
+
+GetKty returns the Kty field if non-nil, zero value otherwise.
+
+### GetKtyOk
+
+`func (o *Csr) GetKtyOk() (*string, bool)`
+
+GetKtyOk returns a tuple with the Kty field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKty
+
+`func (o *Csr) SetKty(v string)`
+
+SetKty sets Kty field to given value.
+
+### HasKty
+
+`func (o *Csr) HasKty() bool`
+
+HasKty returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CsrMetadata.md b/okta/docs/CsrMetadata.md
new file mode 100644
index 000000000..59caff6d5
--- /dev/null
+++ b/okta/docs/CsrMetadata.md
@@ -0,0 +1,82 @@
+# CsrMetadata
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Subject** | Pointer to [**CsrMetadataSubject**](CsrMetadataSubject.md) |  | [optional] 
+**SubjectAltNames** | Pointer to [**CsrMetadataSubjectAltNames**](CsrMetadataSubjectAltNames.md) |  | [optional] 
+
+## Methods
+
+### NewCsrMetadata
+
+`func NewCsrMetadata() *CsrMetadata`
+
+NewCsrMetadata instantiates a new CsrMetadata object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCsrMetadataWithDefaults
+
+`func NewCsrMetadataWithDefaults() *CsrMetadata`
+
+NewCsrMetadataWithDefaults instantiates a new CsrMetadata object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSubject
+
+`func (o *CsrMetadata) GetSubject() CsrMetadataSubject`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *CsrMetadata) GetSubjectOk() (*CsrMetadataSubject, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *CsrMetadata) SetSubject(v CsrMetadataSubject)`
+
+SetSubject sets Subject field to given value.
+
+### HasSubject
+
+`func (o *CsrMetadata) HasSubject() bool`
+
+HasSubject returns a boolean if a field has been set.
+
+### GetSubjectAltNames
+
+`func (o *CsrMetadata) GetSubjectAltNames() CsrMetadataSubjectAltNames`
+
+GetSubjectAltNames returns the SubjectAltNames field if non-nil, zero value otherwise.
+
+### GetSubjectAltNamesOk
+
+`func (o *CsrMetadata) GetSubjectAltNamesOk() (*CsrMetadataSubjectAltNames, bool)`
+
+GetSubjectAltNamesOk returns a tuple with the SubjectAltNames field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubjectAltNames
+
+`func (o *CsrMetadata) SetSubjectAltNames(v CsrMetadataSubjectAltNames)`
+
+SetSubjectAltNames sets SubjectAltNames field to given value.
+
+### HasSubjectAltNames
+
+`func (o *CsrMetadata) HasSubjectAltNames() bool`
+
+HasSubjectAltNames returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CsrMetadataSubject.md b/okta/docs/CsrMetadataSubject.md
new file mode 100644
index 000000000..838d131fb
--- /dev/null
+++ b/okta/docs/CsrMetadataSubject.md
@@ -0,0 +1,186 @@
+# CsrMetadataSubject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CommonName** | Pointer to **string** |  | [optional] 
+**CountryName** | Pointer to **string** |  | [optional] 
+**LocalityName** | Pointer to **string** |  | [optional] 
+**OrganizationalUnitName** | Pointer to **string** |  | [optional] 
+**OrganizationName** | Pointer to **string** |  | [optional] 
+**StateOrProvinceName** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewCsrMetadataSubject
+
+`func NewCsrMetadataSubject() *CsrMetadataSubject`
+
+NewCsrMetadataSubject instantiates a new CsrMetadataSubject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCsrMetadataSubjectWithDefaults
+
+`func NewCsrMetadataSubjectWithDefaults() *CsrMetadataSubject`
+
+NewCsrMetadataSubjectWithDefaults instantiates a new CsrMetadataSubject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCommonName
+
+`func (o *CsrMetadataSubject) GetCommonName() string`
+
+GetCommonName returns the CommonName field if non-nil, zero value otherwise.
+
+### GetCommonNameOk
+
+`func (o *CsrMetadataSubject) GetCommonNameOk() (*string, bool)`
+
+GetCommonNameOk returns a tuple with the CommonName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCommonName
+
+`func (o *CsrMetadataSubject) SetCommonName(v string)`
+
+SetCommonName sets CommonName field to given value.
+
+### HasCommonName
+
+`func (o *CsrMetadataSubject) HasCommonName() bool`
+
+HasCommonName returns a boolean if a field has been set.
+
+### GetCountryName
+
+`func (o *CsrMetadataSubject) GetCountryName() string`
+
+GetCountryName returns the CountryName field if non-nil, zero value otherwise.
+
+### GetCountryNameOk
+
+`func (o *CsrMetadataSubject) GetCountryNameOk() (*string, bool)`
+
+GetCountryNameOk returns a tuple with the CountryName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCountryName
+
+`func (o *CsrMetadataSubject) SetCountryName(v string)`
+
+SetCountryName sets CountryName field to given value.
+
+### HasCountryName
+
+`func (o *CsrMetadataSubject) HasCountryName() bool`
+
+HasCountryName returns a boolean if a field has been set.
+
+### GetLocalityName
+
+`func (o *CsrMetadataSubject) GetLocalityName() string`
+
+GetLocalityName returns the LocalityName field if non-nil, zero value otherwise.
+
+### GetLocalityNameOk
+
+`func (o *CsrMetadataSubject) GetLocalityNameOk() (*string, bool)`
+
+GetLocalityNameOk returns a tuple with the LocalityName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLocalityName
+
+`func (o *CsrMetadataSubject) SetLocalityName(v string)`
+
+SetLocalityName sets LocalityName field to given value.
+
+### HasLocalityName
+
+`func (o *CsrMetadataSubject) HasLocalityName() bool`
+
+HasLocalityName returns a boolean if a field has been set.
+
+### GetOrganizationalUnitName
+
+`func (o *CsrMetadataSubject) GetOrganizationalUnitName() string`
+
+GetOrganizationalUnitName returns the OrganizationalUnitName field if non-nil, zero value otherwise.
+
+### GetOrganizationalUnitNameOk
+
+`func (o *CsrMetadataSubject) GetOrganizationalUnitNameOk() (*string, bool)`
+
+GetOrganizationalUnitNameOk returns a tuple with the OrganizationalUnitName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOrganizationalUnitName
+
+`func (o *CsrMetadataSubject) SetOrganizationalUnitName(v string)`
+
+SetOrganizationalUnitName sets OrganizationalUnitName field to given value.
+
+### HasOrganizationalUnitName
+
+`func (o *CsrMetadataSubject) HasOrganizationalUnitName() bool`
+
+HasOrganizationalUnitName returns a boolean if a field has been set.
+
+### GetOrganizationName
+
+`func (o *CsrMetadataSubject) GetOrganizationName() string`
+
+GetOrganizationName returns the OrganizationName field if non-nil, zero value otherwise.
+
+### GetOrganizationNameOk
+
+`func (o *CsrMetadataSubject) GetOrganizationNameOk() (*string, bool)`
+
+GetOrganizationNameOk returns a tuple with the OrganizationName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOrganizationName
+
+`func (o *CsrMetadataSubject) SetOrganizationName(v string)`
+
+SetOrganizationName sets OrganizationName field to given value.
+
+### HasOrganizationName
+
+`func (o *CsrMetadataSubject) HasOrganizationName() bool`
+
+HasOrganizationName returns a boolean if a field has been set.
+
+### GetStateOrProvinceName
+
+`func (o *CsrMetadataSubject) GetStateOrProvinceName() string`
+
+GetStateOrProvinceName returns the StateOrProvinceName field if non-nil, zero value otherwise.
+
+### GetStateOrProvinceNameOk
+
+`func (o *CsrMetadataSubject) GetStateOrProvinceNameOk() (*string, bool)`
+
+GetStateOrProvinceNameOk returns a tuple with the StateOrProvinceName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStateOrProvinceName
+
+`func (o *CsrMetadataSubject) SetStateOrProvinceName(v string)`
+
+SetStateOrProvinceName sets StateOrProvinceName field to given value.
+
+### HasStateOrProvinceName
+
+`func (o *CsrMetadataSubject) HasStateOrProvinceName() bool`
+
+HasStateOrProvinceName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CsrMetadataSubjectAltNames.md b/okta/docs/CsrMetadataSubjectAltNames.md
new file mode 100644
index 000000000..f7d96424e
--- /dev/null
+++ b/okta/docs/CsrMetadataSubjectAltNames.md
@@ -0,0 +1,56 @@
+# CsrMetadataSubjectAltNames
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DnsNames** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewCsrMetadataSubjectAltNames
+
+`func NewCsrMetadataSubjectAltNames() *CsrMetadataSubjectAltNames`
+
+NewCsrMetadataSubjectAltNames instantiates a new CsrMetadataSubjectAltNames object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCsrMetadataSubjectAltNamesWithDefaults
+
+`func NewCsrMetadataSubjectAltNamesWithDefaults() *CsrMetadataSubjectAltNames`
+
+NewCsrMetadataSubjectAltNamesWithDefaults instantiates a new CsrMetadataSubjectAltNames object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDnsNames
+
+`func (o *CsrMetadataSubjectAltNames) GetDnsNames() []string`
+
+GetDnsNames returns the DnsNames field if non-nil, zero value otherwise.
+
+### GetDnsNamesOk
+
+`func (o *CsrMetadataSubjectAltNames) GetDnsNamesOk() (*[]string, bool)`
+
+GetDnsNamesOk returns a tuple with the DnsNames field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDnsNames
+
+`func (o *CsrMetadataSubjectAltNames) SetDnsNames(v []string)`
+
+SetDnsNames sets DnsNames field to given value.
+
+### HasDnsNames
+
+`func (o *CsrMetadataSubjectAltNames) HasDnsNames() bool`
+
+HasDnsNames returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CustomHotpUserFactor.md b/okta/docs/CustomHotpUserFactor.md
new file mode 100644
index 000000000..8998d7bcf
--- /dev/null
+++ b/okta/docs/CustomHotpUserFactor.md
@@ -0,0 +1,82 @@
+# CustomHotpUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**FactorProfileId** | Pointer to **string** |  | [optional] 
+**Profile** | Pointer to [**CustomHotpUserFactorProfile**](CustomHotpUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewCustomHotpUserFactor
+
+`func NewCustomHotpUserFactor() *CustomHotpUserFactor`
+
+NewCustomHotpUserFactor instantiates a new CustomHotpUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCustomHotpUserFactorWithDefaults
+
+`func NewCustomHotpUserFactorWithDefaults() *CustomHotpUserFactor`
+
+NewCustomHotpUserFactorWithDefaults instantiates a new CustomHotpUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFactorProfileId
+
+`func (o *CustomHotpUserFactor) GetFactorProfileId() string`
+
+GetFactorProfileId returns the FactorProfileId field if non-nil, zero value otherwise.
+
+### GetFactorProfileIdOk
+
+`func (o *CustomHotpUserFactor) GetFactorProfileIdOk() (*string, bool)`
+
+GetFactorProfileIdOk returns a tuple with the FactorProfileId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorProfileId
+
+`func (o *CustomHotpUserFactor) SetFactorProfileId(v string)`
+
+SetFactorProfileId sets FactorProfileId field to given value.
+
+### HasFactorProfileId
+
+`func (o *CustomHotpUserFactor) HasFactorProfileId() bool`
+
+HasFactorProfileId returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *CustomHotpUserFactor) GetProfile() CustomHotpUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *CustomHotpUserFactor) GetProfileOk() (*CustomHotpUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *CustomHotpUserFactor) SetProfile(v CustomHotpUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *CustomHotpUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CustomHotpUserFactorAllOf.md b/okta/docs/CustomHotpUserFactorAllOf.md
new file mode 100644
index 000000000..58ef22d0f
--- /dev/null
+++ b/okta/docs/CustomHotpUserFactorAllOf.md
@@ -0,0 +1,82 @@
+# CustomHotpUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**FactorProfileId** | Pointer to **string** |  | [optional] 
+**Profile** | Pointer to [**CustomHotpUserFactorProfile**](CustomHotpUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewCustomHotpUserFactorAllOf
+
+`func NewCustomHotpUserFactorAllOf() *CustomHotpUserFactorAllOf`
+
+NewCustomHotpUserFactorAllOf instantiates a new CustomHotpUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCustomHotpUserFactorAllOfWithDefaults
+
+`func NewCustomHotpUserFactorAllOfWithDefaults() *CustomHotpUserFactorAllOf`
+
+NewCustomHotpUserFactorAllOfWithDefaults instantiates a new CustomHotpUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFactorProfileId
+
+`func (o *CustomHotpUserFactorAllOf) GetFactorProfileId() string`
+
+GetFactorProfileId returns the FactorProfileId field if non-nil, zero value otherwise.
+
+### GetFactorProfileIdOk
+
+`func (o *CustomHotpUserFactorAllOf) GetFactorProfileIdOk() (*string, bool)`
+
+GetFactorProfileIdOk returns a tuple with the FactorProfileId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorProfileId
+
+`func (o *CustomHotpUserFactorAllOf) SetFactorProfileId(v string)`
+
+SetFactorProfileId sets FactorProfileId field to given value.
+
+### HasFactorProfileId
+
+`func (o *CustomHotpUserFactorAllOf) HasFactorProfileId() bool`
+
+HasFactorProfileId returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *CustomHotpUserFactorAllOf) GetProfile() CustomHotpUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *CustomHotpUserFactorAllOf) GetProfileOk() (*CustomHotpUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *CustomHotpUserFactorAllOf) SetProfile(v CustomHotpUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *CustomHotpUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CustomHotpUserFactorProfile.md b/okta/docs/CustomHotpUserFactorProfile.md
new file mode 100644
index 000000000..bb1b2fc1b
--- /dev/null
+++ b/okta/docs/CustomHotpUserFactorProfile.md
@@ -0,0 +1,56 @@
+# CustomHotpUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SharedSecret** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewCustomHotpUserFactorProfile
+
+`func NewCustomHotpUserFactorProfile() *CustomHotpUserFactorProfile`
+
+NewCustomHotpUserFactorProfile instantiates a new CustomHotpUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCustomHotpUserFactorProfileWithDefaults
+
+`func NewCustomHotpUserFactorProfileWithDefaults() *CustomHotpUserFactorProfile`
+
+NewCustomHotpUserFactorProfileWithDefaults instantiates a new CustomHotpUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSharedSecret
+
+`func (o *CustomHotpUserFactorProfile) GetSharedSecret() string`
+
+GetSharedSecret returns the SharedSecret field if non-nil, zero value otherwise.
+
+### GetSharedSecretOk
+
+`func (o *CustomHotpUserFactorProfile) GetSharedSecretOk() (*string, bool)`
+
+GetSharedSecretOk returns a tuple with the SharedSecret field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSharedSecret
+
+`func (o *CustomHotpUserFactorProfile) SetSharedSecret(v string)`
+
+SetSharedSecret sets SharedSecret field to given value.
+
+### HasSharedSecret
+
+`func (o *CustomHotpUserFactorProfile) HasSharedSecret() bool`
+
+HasSharedSecret returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CustomizablePage.md b/okta/docs/CustomizablePage.md
new file mode 100644
index 000000000..344ed1968
--- /dev/null
+++ b/okta/docs/CustomizablePage.md
@@ -0,0 +1,56 @@
+# CustomizablePage
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PageContent** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewCustomizablePage
+
+`func NewCustomizablePage() *CustomizablePage`
+
+NewCustomizablePage instantiates a new CustomizablePage object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCustomizablePageWithDefaults
+
+`func NewCustomizablePageWithDefaults() *CustomizablePage`
+
+NewCustomizablePageWithDefaults instantiates a new CustomizablePage object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPageContent
+
+`func (o *CustomizablePage) GetPageContent() string`
+
+GetPageContent returns the PageContent field if non-nil, zero value otherwise.
+
+### GetPageContentOk
+
+`func (o *CustomizablePage) GetPageContentOk() (*string, bool)`
+
+GetPageContentOk returns a tuple with the PageContent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPageContent
+
+`func (o *CustomizablePage) SetPageContent(v string)`
+
+SetPageContent sets PageContent field to given value.
+
+### HasPageContent
+
+`func (o *CustomizablePage) HasPageContent() bool`
+
+HasPageContent returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/CustomizationApi.md b/okta/docs/CustomizationApi.md
new file mode 100644
index 000000000..798000dcc
--- /dev/null
+++ b/okta/docs/CustomizationApi.md
@@ -0,0 +1,3647 @@
+# \CustomizationApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateBrand**](CustomizationApi.md#CreateBrand) | **Post** /api/v1/brands | Create a Brand
+[**CreateEmailCustomization**](CustomizationApi.md#CreateEmailCustomization) | **Post** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations | Create an Email Customization
+[**DeleteAllCustomizations**](CustomizationApi.md#DeleteAllCustomizations) | **Delete** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations | Delete all Email Customizations
+[**DeleteBrand**](CustomizationApi.md#DeleteBrand) | **Delete** /api/v1/brands/{brandId} | Delete a brand
+[**DeleteBrandThemeBackgroundImage**](CustomizationApi.md#DeleteBrandThemeBackgroundImage) | **Delete** /api/v1/brands/{brandId}/themes/{themeId}/background-image | Delete the Background Image
+[**DeleteBrandThemeFavicon**](CustomizationApi.md#DeleteBrandThemeFavicon) | **Delete** /api/v1/brands/{brandId}/themes/{themeId}/favicon | Delete the Favicon
+[**DeleteBrandThemeLogo**](CustomizationApi.md#DeleteBrandThemeLogo) | **Delete** /api/v1/brands/{brandId}/themes/{themeId}/logo | Delete the Logo
+[**DeleteEmailCustomization**](CustomizationApi.md#DeleteEmailCustomization) | **Delete** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId} | Delete an Email Customization
+[**GetBrand**](CustomizationApi.md#GetBrand) | **Get** /api/v1/brands/{brandId} | Retrieve a Brand
+[**GetBrandTheme**](CustomizationApi.md#GetBrandTheme) | **Get** /api/v1/brands/{brandId}/themes/{themeId} | Retrieve a Theme
+[**GetCustomizationPreview**](CustomizationApi.md#GetCustomizationPreview) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview | Retrieve a Preview of an Email Customization
+[**GetCustomizedErrorPage**](CustomizationApi.md#GetCustomizedErrorPage) | **Get** /api/v1/brands/{brandId}/pages/error/customized | Retrieve the Customized Error Page
+[**GetCustomizedSignInPage**](CustomizationApi.md#GetCustomizedSignInPage) | **Get** /api/v1/brands/{brandId}/pages/sign-in/customized | Retrieve the Customized Sign-in Page
+[**GetDefaultErrorPage**](CustomizationApi.md#GetDefaultErrorPage) | **Get** /api/v1/brands/{brandId}/pages/error/default | Retrieve the Default Error Page
+[**GetDefaultSignInPage**](CustomizationApi.md#GetDefaultSignInPage) | **Get** /api/v1/brands/{brandId}/pages/sign-in/default | Retrieve the Default Sign-in Page
+[**GetEmailCustomization**](CustomizationApi.md#GetEmailCustomization) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId} | Retrieve an Email Customization
+[**GetEmailDefaultContent**](CustomizationApi.md#GetEmailDefaultContent) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/default-content | Retrieve an Email Template Default Content
+[**GetEmailDefaultPreview**](CustomizationApi.md#GetEmailDefaultPreview) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview | Retrieve a Preview of the Email Template Default Content
+[**GetEmailSettings**](CustomizationApi.md#GetEmailSettings) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/settings | Retrieve the Email Template Settings
+[**GetEmailTemplate**](CustomizationApi.md#GetEmailTemplate) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName} | Retrieve an Email Template
+[**GetErrorPage**](CustomizationApi.md#GetErrorPage) | **Get** /api/v1/brands/{brandId}/pages/error | Retrieve the Error Page
+[**GetPreviewErrorPage**](CustomizationApi.md#GetPreviewErrorPage) | **Get** /api/v1/brands/{brandId}/pages/error/preview | Retrieve the Preview Error Page Preview
+[**GetPreviewSignInPage**](CustomizationApi.md#GetPreviewSignInPage) | **Get** /api/v1/brands/{brandId}/pages/sign-in/preview | Retrieve the Preview Sign-in Page Preview
+[**GetSignInPage**](CustomizationApi.md#GetSignInPage) | **Get** /api/v1/brands/{brandId}/pages/sign-in | Retrieve the Sign-in Page
+[**GetSignOutPageSettings**](CustomizationApi.md#GetSignOutPageSettings) | **Get** /api/v1/brands/{brandId}/pages/sign-out/customized | Retrieve the Sign-out Page Settings
+[**LinkBrandDomain**](CustomizationApi.md#LinkBrandDomain) | **Post** /api/v1/brands/{brandId}/domains | Link a Brand to a Domain
+[**ListAllSignInWidgetVersions**](CustomizationApi.md#ListAllSignInWidgetVersions) | **Get** /api/v1/brands/{brandId}/pages/sign-in/widget-versions | List all Sign-in Widget Versions
+[**ListBrandDomains**](CustomizationApi.md#ListBrandDomains) | **Get** /api/v1/brands/{brandId}/domains | List all Domains associated with a Brand
+[**ListBrandThemes**](CustomizationApi.md#ListBrandThemes) | **Get** /api/v1/brands/{brandId}/themes | List all Themes
+[**ListBrands**](CustomizationApi.md#ListBrands) | **Get** /api/v1/brands | List all Brands
+[**ListEmailCustomizations**](CustomizationApi.md#ListEmailCustomizations) | **Get** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations | List all Email Customizations
+[**ListEmailTemplates**](CustomizationApi.md#ListEmailTemplates) | **Get** /api/v1/brands/{brandId}/templates/email | List all Email Templates
+[**ReplaceBrand**](CustomizationApi.md#ReplaceBrand) | **Put** /api/v1/brands/{brandId} | Replace a Brand
+[**ReplaceBrandTheme**](CustomizationApi.md#ReplaceBrandTheme) | **Put** /api/v1/brands/{brandId}/themes/{themeId} | Replace a Theme
+[**ReplaceCustomizedErrorPage**](CustomizationApi.md#ReplaceCustomizedErrorPage) | **Put** /api/v1/brands/{brandId}/pages/error/customized | Replace the Customized Error Page
+[**ReplaceCustomizedSignInPage**](CustomizationApi.md#ReplaceCustomizedSignInPage) | **Put** /api/v1/brands/{brandId}/pages/sign-in/customized | Replace the Customized Sign-in Page
+[**ReplaceEmailCustomization**](CustomizationApi.md#ReplaceEmailCustomization) | **Put** /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId} | Replace an Email Customization
+[**ReplaceEmailSettings**](CustomizationApi.md#ReplaceEmailSettings) | **Put** /api/v1/brands/{brandId}/templates/email/{templateName}/settings | Replace the Email Template Settings
+[**ReplacePreviewErrorPage**](CustomizationApi.md#ReplacePreviewErrorPage) | **Put** /api/v1/brands/{brandId}/pages/error/preview | Replace the Preview Error Page
+[**ReplacePreviewSignInPage**](CustomizationApi.md#ReplacePreviewSignInPage) | **Put** /api/v1/brands/{brandId}/pages/sign-in/preview | Replace the Preview Sign-in Page
+[**ReplaceSignOutPageSettings**](CustomizationApi.md#ReplaceSignOutPageSettings) | **Put** /api/v1/brands/{brandId}/pages/sign-out/customized | Replace the Sign-out Page Settings
+[**ResetCustomizedErrorPage**](CustomizationApi.md#ResetCustomizedErrorPage) | **Delete** /api/v1/brands/{brandId}/pages/error/customized | Reset the Customized Error Page
+[**ResetCustomizedSignInPage**](CustomizationApi.md#ResetCustomizedSignInPage) | **Delete** /api/v1/brands/{brandId}/pages/sign-in/customized | Reset the Customized Sign-in Page
+[**ResetPreviewErrorPage**](CustomizationApi.md#ResetPreviewErrorPage) | **Delete** /api/v1/brands/{brandId}/pages/error/preview | Reset the Preview Error Page
+[**ResetPreviewSignInPage**](CustomizationApi.md#ResetPreviewSignInPage) | **Delete** /api/v1/brands/{brandId}/pages/sign-in/preview | Reset the Preview Sign-in Page
+[**SendTestEmail**](CustomizationApi.md#SendTestEmail) | **Post** /api/v1/brands/{brandId}/templates/email/{templateName}/test | Send a Test Email
+[**UnlinkBrandDomain**](CustomizationApi.md#UnlinkBrandDomain) | **Delete** /api/v1/brands/{brandId}/domains/{domainId} | Unlink a Brand from a Domain
+[**UploadBrandThemeBackgroundImage**](CustomizationApi.md#UploadBrandThemeBackgroundImage) | **Post** /api/v1/brands/{brandId}/themes/{themeId}/background-image | Upload the Background Image
+[**UploadBrandThemeFavicon**](CustomizationApi.md#UploadBrandThemeFavicon) | **Post** /api/v1/brands/{brandId}/themes/{themeId}/favicon | Upload the Favicon
+[**UploadBrandThemeLogo**](CustomizationApi.md#UploadBrandThemeLogo) | **Post** /api/v1/brands/{brandId}/themes/{themeId}/logo | Upload the Logo
+
+
+
+## CreateBrand
+
+> Brand CreateBrand(ctx).CreateBrandRequest(createBrandRequest).Execute()
+
+Create a Brand
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    createBrandRequest := *openapiclient.NewCreateBrandRequest() // CreateBrandRequest |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.CreateBrand(context.Background()).CreateBrandRequest(createBrandRequest).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.CreateBrand``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateBrand`: Brand
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.CreateBrand`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateBrandRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **createBrandRequest** | [**CreateBrandRequest**](CreateBrandRequest.md) |  | 
+
+### Return type
+
+[**Brand**](Brand.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateEmailCustomization
+
+> EmailCustomization CreateEmailCustomization(ctx, brandId, templateName).Instance(instance).Execute()
+
+Create an Email Customization
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    instance := *openapiclient.NewEmailCustomization("Body_example", "Subject_example", "Language_example") // EmailCustomization |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.CreateEmailCustomization(context.Background(), brandId, templateName).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.CreateEmailCustomization``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateEmailCustomization`: EmailCustomization
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.CreateEmailCustomization`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateEmailCustomizationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **instance** | [**EmailCustomization**](EmailCustomization.md) |  | 
+
+### Return type
+
+[**EmailCustomization**](EmailCustomization.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteAllCustomizations
+
+> DeleteAllCustomizations(ctx, brandId, templateName).Execute()
+
+Delete all Email Customizations
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.DeleteAllCustomizations(context.Background(), brandId, templateName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.DeleteAllCustomizations``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteAllCustomizationsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteBrand
+
+> DeleteBrand(ctx, brandId).Execute()
+
+Delete a brand
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.DeleteBrand(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.DeleteBrand``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteBrandRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteBrandThemeBackgroundImage
+
+> DeleteBrandThemeBackgroundImage(ctx, brandId, themeId).Execute()
+
+Delete the Background Image
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.DeleteBrandThemeBackgroundImage(context.Background(), brandId, themeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.DeleteBrandThemeBackgroundImage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteBrandThemeBackgroundImageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteBrandThemeFavicon
+
+> DeleteBrandThemeFavicon(ctx, brandId, themeId).Execute()
+
+Delete the Favicon
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.DeleteBrandThemeFavicon(context.Background(), brandId, themeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.DeleteBrandThemeFavicon``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteBrandThemeFaviconRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteBrandThemeLogo
+
+> DeleteBrandThemeLogo(ctx, brandId, themeId).Execute()
+
+Delete the Logo
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.DeleteBrandThemeLogo(context.Background(), brandId, themeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.DeleteBrandThemeLogo``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteBrandThemeLogoRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteEmailCustomization
+
+> DeleteEmailCustomization(ctx, brandId, templateName, customizationId).Execute()
+
+Delete an Email Customization
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    customizationId := "customizationId_example" // string | The ID of the email customization.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.DeleteEmailCustomization(context.Background(), brandId, templateName, customizationId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.DeleteEmailCustomization``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+**customizationId** | **string** | The ID of the email customization. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteEmailCustomizationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetBrand
+
+> Brand GetBrand(ctx, brandId).Execute()
+
+Retrieve a Brand
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetBrand(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetBrand``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetBrand`: Brand
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetBrand`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetBrandRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Brand**](Brand.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetBrandTheme
+
+> ThemeResponse GetBrandTheme(ctx, brandId, themeId).Execute()
+
+Retrieve a Theme
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetBrandTheme(context.Background(), brandId, themeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetBrandTheme``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetBrandTheme`: ThemeResponse
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetBrandTheme`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetBrandThemeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**ThemeResponse**](ThemeResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetCustomizationPreview
+
+> EmailPreview GetCustomizationPreview(ctx, brandId, templateName, customizationId).Execute()
+
+Retrieve a Preview of an Email Customization
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    customizationId := "customizationId_example" // string | The ID of the email customization.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetCustomizationPreview(context.Background(), brandId, templateName, customizationId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetCustomizationPreview``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetCustomizationPreview`: EmailPreview
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetCustomizationPreview`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+**customizationId** | **string** | The ID of the email customization. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetCustomizationPreviewRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+[**EmailPreview**](EmailPreview.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetCustomizedErrorPage
+
+> CustomizablePage GetCustomizedErrorPage(ctx, brandId).Execute()
+
+Retrieve the Customized Error Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetCustomizedErrorPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetCustomizedErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetCustomizedErrorPage`: CustomizablePage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetCustomizedErrorPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetCustomizedErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**CustomizablePage**](CustomizablePage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetCustomizedSignInPage
+
+> SignInPage GetCustomizedSignInPage(ctx, brandId).Execute()
+
+Retrieve the Customized Sign-in Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetCustomizedSignInPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetCustomizedSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetCustomizedSignInPage`: SignInPage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetCustomizedSignInPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetCustomizedSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**SignInPage**](SignInPage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetDefaultErrorPage
+
+> CustomizablePage GetDefaultErrorPage(ctx, brandId).Execute()
+
+Retrieve the Default Error Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetDefaultErrorPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetDefaultErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetDefaultErrorPage`: CustomizablePage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetDefaultErrorPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetDefaultErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**CustomizablePage**](CustomizablePage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetDefaultSignInPage
+
+> SignInPage GetDefaultSignInPage(ctx, brandId).Execute()
+
+Retrieve the Default Sign-in Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetDefaultSignInPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetDefaultSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetDefaultSignInPage`: SignInPage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetDefaultSignInPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetDefaultSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**SignInPage**](SignInPage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetEmailCustomization
+
+> EmailCustomization GetEmailCustomization(ctx, brandId, templateName, customizationId).Execute()
+
+Retrieve an Email Customization
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    customizationId := "customizationId_example" // string | The ID of the email customization.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetEmailCustomization(context.Background(), brandId, templateName, customizationId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetEmailCustomization``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetEmailCustomization`: EmailCustomization
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetEmailCustomization`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+**customizationId** | **string** | The ID of the email customization. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetEmailCustomizationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+[**EmailCustomization**](EmailCustomization.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetEmailDefaultContent
+
+> EmailDefaultContent GetEmailDefaultContent(ctx, brandId, templateName).Language(language).Execute()
+
+Retrieve an Email Template Default Content
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    language := "language_example" // string | The language to use for the email. Defaults to the current user's language if unspecified. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetEmailDefaultContent(context.Background(), brandId, templateName).Language(language).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetEmailDefaultContent``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetEmailDefaultContent`: EmailDefaultContent
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetEmailDefaultContent`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetEmailDefaultContentRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **language** | **string** | The language to use for the email. Defaults to the current user&#39;s language if unspecified. | 
+
+### Return type
+
+[**EmailDefaultContent**](EmailDefaultContent.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetEmailDefaultPreview
+
+> EmailPreview GetEmailDefaultPreview(ctx, brandId, templateName).Language(language).Execute()
+
+Retrieve a Preview of the Email Template Default Content
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    language := "language_example" // string | The language to use for the email. Defaults to the current user's language if unspecified. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetEmailDefaultPreview(context.Background(), brandId, templateName).Language(language).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetEmailDefaultPreview``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetEmailDefaultPreview`: EmailPreview
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetEmailDefaultPreview`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetEmailDefaultPreviewRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **language** | **string** | The language to use for the email. Defaults to the current user&#39;s language if unspecified. | 
+
+### Return type
+
+[**EmailPreview**](EmailPreview.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetEmailSettings
+
+> EmailSettings GetEmailSettings(ctx, brandId, templateName).Execute()
+
+Retrieve the Email Template Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetEmailSettings(context.Background(), brandId, templateName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetEmailSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetEmailSettings`: EmailSettings
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetEmailSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetEmailSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**EmailSettings**](EmailSettings.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetEmailTemplate
+
+> EmailTemplate GetEmailTemplate(ctx, brandId, templateName).Expand(expand).Execute()
+
+Retrieve an Email Template
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetEmailTemplate(context.Background(), brandId, templateName).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetEmailTemplate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetEmailTemplate`: EmailTemplate
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetEmailTemplate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetEmailTemplateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **[]string** | Specifies additional metadata to be included in the response. | 
+
+### Return type
+
+[**EmailTemplate**](EmailTemplate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetErrorPage
+
+> PageRoot GetErrorPage(ctx, brandId).Expand(expand).Execute()
+
+Retrieve the Error Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetErrorPage(context.Background(), brandId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetErrorPage`: PageRoot
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetErrorPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **[]string** | Specifies additional metadata to be included in the response. | 
+
+### Return type
+
+[**PageRoot**](PageRoot.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetPreviewErrorPage
+
+> CustomizablePage GetPreviewErrorPage(ctx, brandId).Execute()
+
+Retrieve the Preview Error Page Preview
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetPreviewErrorPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetPreviewErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetPreviewErrorPage`: CustomizablePage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetPreviewErrorPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetPreviewErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**CustomizablePage**](CustomizablePage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetPreviewSignInPage
+
+> SignInPage GetPreviewSignInPage(ctx, brandId).Execute()
+
+Retrieve the Preview Sign-in Page Preview
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetPreviewSignInPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetPreviewSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetPreviewSignInPage`: SignInPage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetPreviewSignInPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetPreviewSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**SignInPage**](SignInPage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetSignInPage
+
+> PageRoot GetSignInPage(ctx, brandId).Expand(expand).Execute()
+
+Retrieve the Sign-in Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetSignInPage(context.Background(), brandId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSignInPage`: PageRoot
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetSignInPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **[]string** | Specifies additional metadata to be included in the response. | 
+
+### Return type
+
+[**PageRoot**](PageRoot.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetSignOutPageSettings
+
+> HostedPage GetSignOutPageSettings(ctx, brandId).Execute()
+
+Retrieve the Sign-out Page Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.GetSignOutPageSettings(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.GetSignOutPageSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSignOutPageSettings`: HostedPage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.GetSignOutPageSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSignOutPageSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**HostedPage**](HostedPage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## LinkBrandDomain
+
+> BrandDomain LinkBrandDomain(ctx, brandId).CreateBrandDomainRequest(createBrandDomainRequest).Execute()
+
+Link a Brand to a Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    createBrandDomainRequest := *openapiclient.NewCreateBrandDomainRequest() // CreateBrandDomainRequest |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.LinkBrandDomain(context.Background(), brandId).CreateBrandDomainRequest(createBrandDomainRequest).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.LinkBrandDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `LinkBrandDomain`: BrandDomain
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.LinkBrandDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiLinkBrandDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **createBrandDomainRequest** | [**CreateBrandDomainRequest**](CreateBrandDomainRequest.md) |  | 
+
+### Return type
+
+[**BrandDomain**](BrandDomain.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAllSignInWidgetVersions
+
+> []string ListAllSignInWidgetVersions(ctx, brandId).Execute()
+
+List all Sign-in Widget Versions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ListAllSignInWidgetVersions(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ListAllSignInWidgetVersions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAllSignInWidgetVersions`: []string
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ListAllSignInWidgetVersions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAllSignInWidgetVersionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+**[]string**
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListBrandDomains
+
+> []DomainResponse ListBrandDomains(ctx, brandId).Execute()
+
+List all Domains associated with a Brand
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ListBrandDomains(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ListBrandDomains``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListBrandDomains`: []DomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ListBrandDomains`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListBrandDomainsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]DomainResponse**](DomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListBrandThemes
+
+> []ThemeResponse ListBrandThemes(ctx, brandId).Execute()
+
+List all Themes
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ListBrandThemes(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ListBrandThemes``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListBrandThemes`: []ThemeResponse
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ListBrandThemes`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListBrandThemesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]ThemeResponse**](ThemeResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListBrands
+
+> []Brand ListBrands(ctx).Execute()
+
+List all Brands
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ListBrands(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ListBrands``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListBrands`: []Brand
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ListBrands`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListBrandsRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]Brand**](Brand.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListEmailCustomizations
+
+> []EmailCustomization ListEmailCustomizations(ctx, brandId, templateName).After(after).Limit(limit).Execute()
+
+List all Email Customizations
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+    limit := int32(56) // int32 | A limit on the number of objects to return. (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ListEmailCustomizations(context.Background(), brandId, templateName).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ListEmailCustomizations``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListEmailCustomizations`: []EmailCustomization
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ListEmailCustomizations`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListEmailCustomizationsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+ **limit** | **int32** | A limit on the number of objects to return. | [default to 20]
+
+### Return type
+
+[**[]EmailCustomization**](EmailCustomization.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListEmailTemplates
+
+> []EmailTemplate ListEmailTemplates(ctx, brandId).After(after).Limit(limit).Expand(expand).Execute()
+
+List all Email Templates
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+    limit := int32(56) // int32 | A limit on the number of objects to return. (optional) (default to 20)
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ListEmailTemplates(context.Background(), brandId).After(after).Limit(limit).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ListEmailTemplates``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListEmailTemplates`: []EmailTemplate
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ListEmailTemplates`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListEmailTemplatesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+ **limit** | **int32** | A limit on the number of objects to return. | [default to 20]
+ **expand** | **[]string** | Specifies additional metadata to be included in the response. | 
+
+### Return type
+
+[**[]EmailTemplate**](EmailTemplate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceBrand
+
+> Brand ReplaceBrand(ctx, brandId).Brand(brand).Execute()
+
+Replace a Brand
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    brand := *openapiclient.NewBrandRequest() // BrandRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplaceBrand(context.Background(), brandId).Brand(brand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplaceBrand``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceBrand`: Brand
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplaceBrand`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceBrandRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **brand** | [**BrandRequest**](BrandRequest.md) |  | 
+
+### Return type
+
+[**Brand**](Brand.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceBrandTheme
+
+> ThemeResponse ReplaceBrandTheme(ctx, brandId, themeId).Theme(theme).Execute()
+
+Replace a Theme
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+    theme := *openapiclient.NewTheme() // Theme | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplaceBrandTheme(context.Background(), brandId, themeId).Theme(theme).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplaceBrandTheme``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceBrandTheme`: ThemeResponse
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplaceBrandTheme`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceBrandThemeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **theme** | [**Theme**](Theme.md) |  | 
+
+### Return type
+
+[**ThemeResponse**](ThemeResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceCustomizedErrorPage
+
+> CustomizablePage ReplaceCustomizedErrorPage(ctx, brandId).CustomizablePage(customizablePage).Execute()
+
+Replace the Customized Error Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    customizablePage := *openapiclient.NewCustomizablePage() // CustomizablePage | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplaceCustomizedErrorPage(context.Background(), brandId).CustomizablePage(customizablePage).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplaceCustomizedErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceCustomizedErrorPage`: CustomizablePage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplaceCustomizedErrorPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceCustomizedErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **customizablePage** | [**CustomizablePage**](CustomizablePage.md) |  | 
+
+### Return type
+
+[**CustomizablePage**](CustomizablePage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceCustomizedSignInPage
+
+> SignInPage ReplaceCustomizedSignInPage(ctx, brandId).SignInPage(signInPage).Execute()
+
+Replace the Customized Sign-in Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    signInPage := *openapiclient.NewSignInPage() // SignInPage | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplaceCustomizedSignInPage(context.Background(), brandId).SignInPage(signInPage).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplaceCustomizedSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceCustomizedSignInPage`: SignInPage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplaceCustomizedSignInPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceCustomizedSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **signInPage** | [**SignInPage**](SignInPage.md) |  | 
+
+### Return type
+
+[**SignInPage**](SignInPage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceEmailCustomization
+
+> EmailCustomization ReplaceEmailCustomization(ctx, brandId, templateName, customizationId).Instance(instance).Execute()
+
+Replace an Email Customization
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    customizationId := "customizationId_example" // string | The ID of the email customization.
+    instance := *openapiclient.NewEmailCustomization("Body_example", "Subject_example", "Language_example") // EmailCustomization | Request (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplaceEmailCustomization(context.Background(), brandId, templateName, customizationId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplaceEmailCustomization``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceEmailCustomization`: EmailCustomization
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplaceEmailCustomization`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+**customizationId** | **string** | The ID of the email customization. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceEmailCustomizationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+ **instance** | [**EmailCustomization**](EmailCustomization.md) | Request | 
+
+### Return type
+
+[**EmailCustomization**](EmailCustomization.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceEmailSettings
+
+> ReplaceEmailSettings(ctx, brandId, templateName).EmailSettings(emailSettings).Execute()
+
+Replace the Email Template Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    emailSettings := *openapiclient.NewEmailSettings("Recipients_example") // EmailSettings |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplaceEmailSettings(context.Background(), brandId, templateName).EmailSettings(emailSettings).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplaceEmailSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceEmailSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **emailSettings** | [**EmailSettings**](EmailSettings.md) |  | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplacePreviewErrorPage
+
+> CustomizablePage ReplacePreviewErrorPage(ctx, brandId).CustomizablePage(customizablePage).Execute()
+
+Replace the Preview Error Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    customizablePage := *openapiclient.NewCustomizablePage() // CustomizablePage | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplacePreviewErrorPage(context.Background(), brandId).CustomizablePage(customizablePage).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplacePreviewErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplacePreviewErrorPage`: CustomizablePage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplacePreviewErrorPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplacePreviewErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **customizablePage** | [**CustomizablePage**](CustomizablePage.md) |  | 
+
+### Return type
+
+[**CustomizablePage**](CustomizablePage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplacePreviewSignInPage
+
+> SignInPage ReplacePreviewSignInPage(ctx, brandId).SignInPage(signInPage).Execute()
+
+Replace the Preview Sign-in Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    signInPage := *openapiclient.NewSignInPage() // SignInPage | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplacePreviewSignInPage(context.Background(), brandId).SignInPage(signInPage).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplacePreviewSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplacePreviewSignInPage`: SignInPage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplacePreviewSignInPage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplacePreviewSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **signInPage** | [**SignInPage**](SignInPage.md) |  | 
+
+### Return type
+
+[**SignInPage**](SignInPage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceSignOutPageSettings
+
+> HostedPage ReplaceSignOutPageSettings(ctx, brandId).HostedPage(hostedPage).Execute()
+
+Replace the Sign-out Page Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    hostedPage := *openapiclient.NewHostedPage(openapiclient.HostedPageType("EXTERNALLY_HOSTED")) // HostedPage | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ReplaceSignOutPageSettings(context.Background(), brandId).HostedPage(hostedPage).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ReplaceSignOutPageSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceSignOutPageSettings`: HostedPage
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.ReplaceSignOutPageSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceSignOutPageSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **hostedPage** | [**HostedPage**](HostedPage.md) |  | 
+
+### Return type
+
+[**HostedPage**](HostedPage.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ResetCustomizedErrorPage
+
+> ResetCustomizedErrorPage(ctx, brandId).Execute()
+
+Reset the Customized Error Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ResetCustomizedErrorPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ResetCustomizedErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiResetCustomizedErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ResetCustomizedSignInPage
+
+> ResetCustomizedSignInPage(ctx, brandId).Execute()
+
+Reset the Customized Sign-in Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ResetCustomizedSignInPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ResetCustomizedSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiResetCustomizedSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ResetPreviewErrorPage
+
+> ResetPreviewErrorPage(ctx, brandId).Execute()
+
+Reset the Preview Error Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ResetPreviewErrorPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ResetPreviewErrorPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiResetPreviewErrorPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ResetPreviewSignInPage
+
+> ResetPreviewSignInPage(ctx, brandId).Execute()
+
+Reset the Preview Sign-in Page
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.ResetPreviewSignInPage(context.Background(), brandId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.ResetPreviewSignInPage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiResetPreviewSignInPageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## SendTestEmail
+
+> SendTestEmail(ctx, brandId, templateName).Language(language).Execute()
+
+Send a Test Email
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    templateName := "templateName_example" // string | The name of the email template.
+    language := "language_example" // string | The language to use for the email. Defaults to the current user's language if unspecified. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.SendTestEmail(context.Background(), brandId, templateName).Language(language).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.SendTestEmail``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**templateName** | **string** | The name of the email template. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiSendTestEmailRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **language** | **string** | The language to use for the email. Defaults to the current user&#39;s language if unspecified. | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnlinkBrandDomain
+
+> UnlinkBrandDomain(ctx, brandId, domainId).Execute()
+
+Unlink a Brand from a Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    domainId := "domainId_example" // string | The ID of the domain.
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.UnlinkBrandDomain(context.Background(), brandId, domainId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.UnlinkBrandDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**domainId** | **string** | The ID of the domain. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnlinkBrandDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UploadBrandThemeBackgroundImage
+
+> ImageUploadResponse UploadBrandThemeBackgroundImage(ctx, brandId, themeId).File(file).Execute()
+
+Upload the Background Image
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+    file := os.NewFile(1234, "some_file") // *os.File | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.UploadBrandThemeBackgroundImage(context.Background(), brandId, themeId).File(file).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.UploadBrandThemeBackgroundImage``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UploadBrandThemeBackgroundImage`: ImageUploadResponse
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.UploadBrandThemeBackgroundImage`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUploadBrandThemeBackgroundImageRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **file** | ***os.File** |  | 
+
+### Return type
+
+[**ImageUploadResponse**](ImageUploadResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: multipart/form-data
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UploadBrandThemeFavicon
+
+> ImageUploadResponse UploadBrandThemeFavicon(ctx, brandId, themeId).File(file).Execute()
+
+Upload the Favicon
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+    file := os.NewFile(1234, "some_file") // *os.File | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.UploadBrandThemeFavicon(context.Background(), brandId, themeId).File(file).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.UploadBrandThemeFavicon``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UploadBrandThemeFavicon`: ImageUploadResponse
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.UploadBrandThemeFavicon`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUploadBrandThemeFaviconRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **file** | ***os.File** |  | 
+
+### Return type
+
+[**ImageUploadResponse**](ImageUploadResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: multipart/form-data
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UploadBrandThemeLogo
+
+> ImageUploadResponse UploadBrandThemeLogo(ctx, brandId, themeId).File(file).Execute()
+
+Upload the Logo
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    brandId := "brandId_example" // string | The ID of the brand.
+    themeId := "themeId_example" // string | The ID of the theme.
+    file := os.NewFile(1234, "some_file") // *os.File | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.CustomizationApi.UploadBrandThemeLogo(context.Background(), brandId, themeId).File(file).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `CustomizationApi.UploadBrandThemeLogo``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UploadBrandThemeLogo`: ImageUploadResponse
+    fmt.Fprintf(os.Stdout, "Response from `CustomizationApi.UploadBrandThemeLogo`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**brandId** | **string** | The ID of the brand. | 
+**themeId** | **string** | The ID of the theme. | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUploadBrandThemeLogoRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **file** | ***os.File** |  | 
+
+### Return type
+
+[**ImageUploadResponse**](ImageUploadResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: multipart/form-data
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/DNSRecord.md b/okta/docs/DNSRecord.md
new file mode 100644
index 000000000..7d15c5c30
--- /dev/null
+++ b/okta/docs/DNSRecord.md
@@ -0,0 +1,134 @@
+# DNSRecord
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expiration** | Pointer to **string** |  | [optional] 
+**Fqdn** | Pointer to **string** |  | [optional] 
+**RecordType** | Pointer to [**DNSRecordType**](DNSRecordType.md) |  | [optional] 
+**VerificationValue** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewDNSRecord
+
+`func NewDNSRecord() *DNSRecord`
+
+NewDNSRecord instantiates a new DNSRecord object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDNSRecordWithDefaults
+
+`func NewDNSRecordWithDefaults() *DNSRecord`
+
+NewDNSRecordWithDefaults instantiates a new DNSRecord object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiration
+
+`func (o *DNSRecord) GetExpiration() string`
+
+GetExpiration returns the Expiration field if non-nil, zero value otherwise.
+
+### GetExpirationOk
+
+`func (o *DNSRecord) GetExpirationOk() (*string, bool)`
+
+GetExpirationOk returns a tuple with the Expiration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiration
+
+`func (o *DNSRecord) SetExpiration(v string)`
+
+SetExpiration sets Expiration field to given value.
+
+### HasExpiration
+
+`func (o *DNSRecord) HasExpiration() bool`
+
+HasExpiration returns a boolean if a field has been set.
+
+### GetFqdn
+
+`func (o *DNSRecord) GetFqdn() string`
+
+GetFqdn returns the Fqdn field if non-nil, zero value otherwise.
+
+### GetFqdnOk
+
+`func (o *DNSRecord) GetFqdnOk() (*string, bool)`
+
+GetFqdnOk returns a tuple with the Fqdn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFqdn
+
+`func (o *DNSRecord) SetFqdn(v string)`
+
+SetFqdn sets Fqdn field to given value.
+
+### HasFqdn
+
+`func (o *DNSRecord) HasFqdn() bool`
+
+HasFqdn returns a boolean if a field has been set.
+
+### GetRecordType
+
+`func (o *DNSRecord) GetRecordType() DNSRecordType`
+
+GetRecordType returns the RecordType field if non-nil, zero value otherwise.
+
+### GetRecordTypeOk
+
+`func (o *DNSRecord) GetRecordTypeOk() (*DNSRecordType, bool)`
+
+GetRecordTypeOk returns a tuple with the RecordType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecordType
+
+`func (o *DNSRecord) SetRecordType(v DNSRecordType)`
+
+SetRecordType sets RecordType field to given value.
+
+### HasRecordType
+
+`func (o *DNSRecord) HasRecordType() bool`
+
+HasRecordType returns a boolean if a field has been set.
+
+### GetVerificationValue
+
+`func (o *DNSRecord) GetVerificationValue() string`
+
+GetVerificationValue returns the VerificationValue field if non-nil, zero value otherwise.
+
+### GetVerificationValueOk
+
+`func (o *DNSRecord) GetVerificationValueOk() (*string, bool)`
+
+GetVerificationValueOk returns a tuple with the VerificationValue field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerificationValue
+
+`func (o *DNSRecord) SetVerificationValue(v string)`
+
+SetVerificationValue sets VerificationValue field to given value.
+
+### HasVerificationValue
+
+`func (o *DNSRecord) HasVerificationValue() bool`
+
+HasVerificationValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DNSRecordType.md b/okta/docs/DNSRecordType.md
new file mode 100644
index 000000000..c3abf3249
--- /dev/null
+++ b/okta/docs/DNSRecordType.md
@@ -0,0 +1,13 @@
+# DNSRecordType
+
+## Enum
+
+
+* `CNAME` (value: `"cname"`)
+
+* `TXT` (value: `"TXT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DTCChromeOS.md b/okta/docs/DTCChromeOS.md
new file mode 100644
index 000000000..07d4a107c
--- /dev/null
+++ b/okta/docs/DTCChromeOS.md
@@ -0,0 +1,394 @@
+# DTCChromeOS
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllowScreenLock** | Pointer to **bool** | Indicates whether the AllowScreenLock enterprise policy is enabled | [optional] 
+**BrowserVersion** | Pointer to [**ChromeBrowserVersion**](ChromeBrowserVersion.md) |  | [optional] 
+**BuiltInDnsClientEnabled** | Pointer to **bool** | Indicates if a software stack is used to communicate with the DNS server | [optional] 
+**ChromeRemoteDesktopAppBlocked** | Pointer to **bool** | Indicates whether access to the Chrome Remote Desktop application is blocked through a policy | [optional] 
+**DeviceEnrollmentDomain** | Pointer to **string** | Enrollment domain of the customer that is currently managing the device | [optional] 
+**DiskEnrypted** | Pointer to **bool** | Indicates whether the main disk is encrypted | [optional] 
+**KeyTrustLevel** | Pointer to [**KeyTrustLevelOSMode**](KeyTrustLevelOSMode.md) |  | [optional] 
+**OsFirewall** | Pointer to **bool** | Indicates whether a firewall is enabled at the OS-level on the device | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**PasswordProtectionWarningTrigger** | Pointer to [**PasswordProtectionWarningTrigger**](PasswordProtectionWarningTrigger.md) |  | [optional] 
+**RealtimeUrlCheckMode** | Pointer to **bool** | Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled | [optional] 
+**SafeBrowsingProtectionLevel** | Pointer to [**SafeBrowsingProtectionLevel**](SafeBrowsingProtectionLevel.md) |  | [optional] 
+**ScreenLockSecured** | Pointer to **bool** | Indicates whether the device is password-protected | [optional] 
+**SiteIsolationEnabled** | Pointer to **bool** | Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled | [optional] 
+
+## Methods
+
+### NewDTCChromeOS
+
+`func NewDTCChromeOS() *DTCChromeOS`
+
+NewDTCChromeOS instantiates a new DTCChromeOS object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDTCChromeOSWithDefaults
+
+`func NewDTCChromeOSWithDefaults() *DTCChromeOS`
+
+NewDTCChromeOSWithDefaults instantiates a new DTCChromeOS object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAllowScreenLock
+
+`func (o *DTCChromeOS) GetAllowScreenLock() bool`
+
+GetAllowScreenLock returns the AllowScreenLock field if non-nil, zero value otherwise.
+
+### GetAllowScreenLockOk
+
+`func (o *DTCChromeOS) GetAllowScreenLockOk() (*bool, bool)`
+
+GetAllowScreenLockOk returns a tuple with the AllowScreenLock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllowScreenLock
+
+`func (o *DTCChromeOS) SetAllowScreenLock(v bool)`
+
+SetAllowScreenLock sets AllowScreenLock field to given value.
+
+### HasAllowScreenLock
+
+`func (o *DTCChromeOS) HasAllowScreenLock() bool`
+
+HasAllowScreenLock returns a boolean if a field has been set.
+
+### GetBrowserVersion
+
+`func (o *DTCChromeOS) GetBrowserVersion() ChromeBrowserVersion`
+
+GetBrowserVersion returns the BrowserVersion field if non-nil, zero value otherwise.
+
+### GetBrowserVersionOk
+
+`func (o *DTCChromeOS) GetBrowserVersionOk() (*ChromeBrowserVersion, bool)`
+
+GetBrowserVersionOk returns a tuple with the BrowserVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrowserVersion
+
+`func (o *DTCChromeOS) SetBrowserVersion(v ChromeBrowserVersion)`
+
+SetBrowserVersion sets BrowserVersion field to given value.
+
+### HasBrowserVersion
+
+`func (o *DTCChromeOS) HasBrowserVersion() bool`
+
+HasBrowserVersion returns a boolean if a field has been set.
+
+### GetBuiltInDnsClientEnabled
+
+`func (o *DTCChromeOS) GetBuiltInDnsClientEnabled() bool`
+
+GetBuiltInDnsClientEnabled returns the BuiltInDnsClientEnabled field if non-nil, zero value otherwise.
+
+### GetBuiltInDnsClientEnabledOk
+
+`func (o *DTCChromeOS) GetBuiltInDnsClientEnabledOk() (*bool, bool)`
+
+GetBuiltInDnsClientEnabledOk returns a tuple with the BuiltInDnsClientEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBuiltInDnsClientEnabled
+
+`func (o *DTCChromeOS) SetBuiltInDnsClientEnabled(v bool)`
+
+SetBuiltInDnsClientEnabled sets BuiltInDnsClientEnabled field to given value.
+
+### HasBuiltInDnsClientEnabled
+
+`func (o *DTCChromeOS) HasBuiltInDnsClientEnabled() bool`
+
+HasBuiltInDnsClientEnabled returns a boolean if a field has been set.
+
+### GetChromeRemoteDesktopAppBlocked
+
+`func (o *DTCChromeOS) GetChromeRemoteDesktopAppBlocked() bool`
+
+GetChromeRemoteDesktopAppBlocked returns the ChromeRemoteDesktopAppBlocked field if non-nil, zero value otherwise.
+
+### GetChromeRemoteDesktopAppBlockedOk
+
+`func (o *DTCChromeOS) GetChromeRemoteDesktopAppBlockedOk() (*bool, bool)`
+
+GetChromeRemoteDesktopAppBlockedOk returns a tuple with the ChromeRemoteDesktopAppBlocked field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChromeRemoteDesktopAppBlocked
+
+`func (o *DTCChromeOS) SetChromeRemoteDesktopAppBlocked(v bool)`
+
+SetChromeRemoteDesktopAppBlocked sets ChromeRemoteDesktopAppBlocked field to given value.
+
+### HasChromeRemoteDesktopAppBlocked
+
+`func (o *DTCChromeOS) HasChromeRemoteDesktopAppBlocked() bool`
+
+HasChromeRemoteDesktopAppBlocked returns a boolean if a field has been set.
+
+### GetDeviceEnrollmentDomain
+
+`func (o *DTCChromeOS) GetDeviceEnrollmentDomain() string`
+
+GetDeviceEnrollmentDomain returns the DeviceEnrollmentDomain field if non-nil, zero value otherwise.
+
+### GetDeviceEnrollmentDomainOk
+
+`func (o *DTCChromeOS) GetDeviceEnrollmentDomainOk() (*string, bool)`
+
+GetDeviceEnrollmentDomainOk returns a tuple with the DeviceEnrollmentDomain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceEnrollmentDomain
+
+`func (o *DTCChromeOS) SetDeviceEnrollmentDomain(v string)`
+
+SetDeviceEnrollmentDomain sets DeviceEnrollmentDomain field to given value.
+
+### HasDeviceEnrollmentDomain
+
+`func (o *DTCChromeOS) HasDeviceEnrollmentDomain() bool`
+
+HasDeviceEnrollmentDomain returns a boolean if a field has been set.
+
+### GetDiskEnrypted
+
+`func (o *DTCChromeOS) GetDiskEnrypted() bool`
+
+GetDiskEnrypted returns the DiskEnrypted field if non-nil, zero value otherwise.
+
+### GetDiskEnryptedOk
+
+`func (o *DTCChromeOS) GetDiskEnryptedOk() (*bool, bool)`
+
+GetDiskEnryptedOk returns a tuple with the DiskEnrypted field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEnrypted
+
+`func (o *DTCChromeOS) SetDiskEnrypted(v bool)`
+
+SetDiskEnrypted sets DiskEnrypted field to given value.
+
+### HasDiskEnrypted
+
+`func (o *DTCChromeOS) HasDiskEnrypted() bool`
+
+HasDiskEnrypted returns a boolean if a field has been set.
+
+### GetKeyTrustLevel
+
+`func (o *DTCChromeOS) GetKeyTrustLevel() KeyTrustLevelOSMode`
+
+GetKeyTrustLevel returns the KeyTrustLevel field if non-nil, zero value otherwise.
+
+### GetKeyTrustLevelOk
+
+`func (o *DTCChromeOS) GetKeyTrustLevelOk() (*KeyTrustLevelOSMode, bool)`
+
+GetKeyTrustLevelOk returns a tuple with the KeyTrustLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKeyTrustLevel
+
+`func (o *DTCChromeOS) SetKeyTrustLevel(v KeyTrustLevelOSMode)`
+
+SetKeyTrustLevel sets KeyTrustLevel field to given value.
+
+### HasKeyTrustLevel
+
+`func (o *DTCChromeOS) HasKeyTrustLevel() bool`
+
+HasKeyTrustLevel returns a boolean if a field has been set.
+
+### GetOsFirewall
+
+`func (o *DTCChromeOS) GetOsFirewall() bool`
+
+GetOsFirewall returns the OsFirewall field if non-nil, zero value otherwise.
+
+### GetOsFirewallOk
+
+`func (o *DTCChromeOS) GetOsFirewallOk() (*bool, bool)`
+
+GetOsFirewallOk returns a tuple with the OsFirewall field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsFirewall
+
+`func (o *DTCChromeOS) SetOsFirewall(v bool)`
+
+SetOsFirewall sets OsFirewall field to given value.
+
+### HasOsFirewall
+
+`func (o *DTCChromeOS) HasOsFirewall() bool`
+
+HasOsFirewall returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DTCChromeOS) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DTCChromeOS) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DTCChromeOS) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DTCChromeOS) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetPasswordProtectionWarningTrigger
+
+`func (o *DTCChromeOS) GetPasswordProtectionWarningTrigger() PasswordProtectionWarningTrigger`
+
+GetPasswordProtectionWarningTrigger returns the PasswordProtectionWarningTrigger field if non-nil, zero value otherwise.
+
+### GetPasswordProtectionWarningTriggerOk
+
+`func (o *DTCChromeOS) GetPasswordProtectionWarningTriggerOk() (*PasswordProtectionWarningTrigger, bool)`
+
+GetPasswordProtectionWarningTriggerOk returns a tuple with the PasswordProtectionWarningTrigger field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordProtectionWarningTrigger
+
+`func (o *DTCChromeOS) SetPasswordProtectionWarningTrigger(v PasswordProtectionWarningTrigger)`
+
+SetPasswordProtectionWarningTrigger sets PasswordProtectionWarningTrigger field to given value.
+
+### HasPasswordProtectionWarningTrigger
+
+`func (o *DTCChromeOS) HasPasswordProtectionWarningTrigger() bool`
+
+HasPasswordProtectionWarningTrigger returns a boolean if a field has been set.
+
+### GetRealtimeUrlCheckMode
+
+`func (o *DTCChromeOS) GetRealtimeUrlCheckMode() bool`
+
+GetRealtimeUrlCheckMode returns the RealtimeUrlCheckMode field if non-nil, zero value otherwise.
+
+### GetRealtimeUrlCheckModeOk
+
+`func (o *DTCChromeOS) GetRealtimeUrlCheckModeOk() (*bool, bool)`
+
+GetRealtimeUrlCheckModeOk returns a tuple with the RealtimeUrlCheckMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRealtimeUrlCheckMode
+
+`func (o *DTCChromeOS) SetRealtimeUrlCheckMode(v bool)`
+
+SetRealtimeUrlCheckMode sets RealtimeUrlCheckMode field to given value.
+
+### HasRealtimeUrlCheckMode
+
+`func (o *DTCChromeOS) HasRealtimeUrlCheckMode() bool`
+
+HasRealtimeUrlCheckMode returns a boolean if a field has been set.
+
+### GetSafeBrowsingProtectionLevel
+
+`func (o *DTCChromeOS) GetSafeBrowsingProtectionLevel() SafeBrowsingProtectionLevel`
+
+GetSafeBrowsingProtectionLevel returns the SafeBrowsingProtectionLevel field if non-nil, zero value otherwise.
+
+### GetSafeBrowsingProtectionLevelOk
+
+`func (o *DTCChromeOS) GetSafeBrowsingProtectionLevelOk() (*SafeBrowsingProtectionLevel, bool)`
+
+GetSafeBrowsingProtectionLevelOk returns a tuple with the SafeBrowsingProtectionLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSafeBrowsingProtectionLevel
+
+`func (o *DTCChromeOS) SetSafeBrowsingProtectionLevel(v SafeBrowsingProtectionLevel)`
+
+SetSafeBrowsingProtectionLevel sets SafeBrowsingProtectionLevel field to given value.
+
+### HasSafeBrowsingProtectionLevel
+
+`func (o *DTCChromeOS) HasSafeBrowsingProtectionLevel() bool`
+
+HasSafeBrowsingProtectionLevel returns a boolean if a field has been set.
+
+### GetScreenLockSecured
+
+`func (o *DTCChromeOS) GetScreenLockSecured() bool`
+
+GetScreenLockSecured returns the ScreenLockSecured field if non-nil, zero value otherwise.
+
+### GetScreenLockSecuredOk
+
+`func (o *DTCChromeOS) GetScreenLockSecuredOk() (*bool, bool)`
+
+GetScreenLockSecuredOk returns a tuple with the ScreenLockSecured field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockSecured
+
+`func (o *DTCChromeOS) SetScreenLockSecured(v bool)`
+
+SetScreenLockSecured sets ScreenLockSecured field to given value.
+
+### HasScreenLockSecured
+
+`func (o *DTCChromeOS) HasScreenLockSecured() bool`
+
+HasScreenLockSecured returns a boolean if a field has been set.
+
+### GetSiteIsolationEnabled
+
+`func (o *DTCChromeOS) GetSiteIsolationEnabled() bool`
+
+GetSiteIsolationEnabled returns the SiteIsolationEnabled field if non-nil, zero value otherwise.
+
+### GetSiteIsolationEnabledOk
+
+`func (o *DTCChromeOS) GetSiteIsolationEnabledOk() (*bool, bool)`
+
+GetSiteIsolationEnabledOk returns a tuple with the SiteIsolationEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSiteIsolationEnabled
+
+`func (o *DTCChromeOS) SetSiteIsolationEnabled(v bool)`
+
+SetSiteIsolationEnabled sets SiteIsolationEnabled field to given value.
+
+### HasSiteIsolationEnabled
+
+`func (o *DTCChromeOS) HasSiteIsolationEnabled() bool`
+
+HasSiteIsolationEnabled returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DTCMacOS.md b/okta/docs/DTCMacOS.md
new file mode 100644
index 000000000..6d4a3ff2e
--- /dev/null
+++ b/okta/docs/DTCMacOS.md
@@ -0,0 +1,368 @@
+# DTCMacOS
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BrowserVersion** | Pointer to [**ChromeBrowserVersion**](ChromeBrowserVersion.md) |  | [optional] 
+**BuiltInDnsClientEnabled** | Pointer to **bool** | Indicates if a software stack is used to communicate with the DNS server | [optional] 
+**ChromeRemoteDesktopAppBlocked** | Pointer to **bool** | Indicates whether access to the Chrome Remote Desktop application is blocked through a policy | [optional] 
+**DeviceEnrollmentDomain** | Pointer to **string** | Enrollment domain of the customer that is currently managing the device | [optional] 
+**DiskEnrypted** | Pointer to **bool** | Indicates whether the main disk is encrypted | [optional] 
+**KeyTrustLevel** | Pointer to [**KeyTrustLevelBrowserKey**](KeyTrustLevelBrowserKey.md) |  | [optional] 
+**OsFirewall** | Pointer to **bool** | Indicates whether a firewall is enabled at the OS-level on the device | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**PasswordProtectionWarningTrigger** | Pointer to [**PasswordProtectionWarningTrigger**](PasswordProtectionWarningTrigger.md) |  | [optional] 
+**RealtimeUrlCheckMode** | Pointer to **bool** | Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled | [optional] 
+**SafeBrowsingProtectionLevel** | Pointer to [**SafeBrowsingProtectionLevel**](SafeBrowsingProtectionLevel.md) |  | [optional] 
+**ScreenLockSecured** | Pointer to **bool** | Indicates whether the device is password-protected | [optional] 
+**SiteIsolationEnabled** | Pointer to **bool** | Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled | [optional] 
+
+## Methods
+
+### NewDTCMacOS
+
+`func NewDTCMacOS() *DTCMacOS`
+
+NewDTCMacOS instantiates a new DTCMacOS object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDTCMacOSWithDefaults
+
+`func NewDTCMacOSWithDefaults() *DTCMacOS`
+
+NewDTCMacOSWithDefaults instantiates a new DTCMacOS object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrowserVersion
+
+`func (o *DTCMacOS) GetBrowserVersion() ChromeBrowserVersion`
+
+GetBrowserVersion returns the BrowserVersion field if non-nil, zero value otherwise.
+
+### GetBrowserVersionOk
+
+`func (o *DTCMacOS) GetBrowserVersionOk() (*ChromeBrowserVersion, bool)`
+
+GetBrowserVersionOk returns a tuple with the BrowserVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrowserVersion
+
+`func (o *DTCMacOS) SetBrowserVersion(v ChromeBrowserVersion)`
+
+SetBrowserVersion sets BrowserVersion field to given value.
+
+### HasBrowserVersion
+
+`func (o *DTCMacOS) HasBrowserVersion() bool`
+
+HasBrowserVersion returns a boolean if a field has been set.
+
+### GetBuiltInDnsClientEnabled
+
+`func (o *DTCMacOS) GetBuiltInDnsClientEnabled() bool`
+
+GetBuiltInDnsClientEnabled returns the BuiltInDnsClientEnabled field if non-nil, zero value otherwise.
+
+### GetBuiltInDnsClientEnabledOk
+
+`func (o *DTCMacOS) GetBuiltInDnsClientEnabledOk() (*bool, bool)`
+
+GetBuiltInDnsClientEnabledOk returns a tuple with the BuiltInDnsClientEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBuiltInDnsClientEnabled
+
+`func (o *DTCMacOS) SetBuiltInDnsClientEnabled(v bool)`
+
+SetBuiltInDnsClientEnabled sets BuiltInDnsClientEnabled field to given value.
+
+### HasBuiltInDnsClientEnabled
+
+`func (o *DTCMacOS) HasBuiltInDnsClientEnabled() bool`
+
+HasBuiltInDnsClientEnabled returns a boolean if a field has been set.
+
+### GetChromeRemoteDesktopAppBlocked
+
+`func (o *DTCMacOS) GetChromeRemoteDesktopAppBlocked() bool`
+
+GetChromeRemoteDesktopAppBlocked returns the ChromeRemoteDesktopAppBlocked field if non-nil, zero value otherwise.
+
+### GetChromeRemoteDesktopAppBlockedOk
+
+`func (o *DTCMacOS) GetChromeRemoteDesktopAppBlockedOk() (*bool, bool)`
+
+GetChromeRemoteDesktopAppBlockedOk returns a tuple with the ChromeRemoteDesktopAppBlocked field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChromeRemoteDesktopAppBlocked
+
+`func (o *DTCMacOS) SetChromeRemoteDesktopAppBlocked(v bool)`
+
+SetChromeRemoteDesktopAppBlocked sets ChromeRemoteDesktopAppBlocked field to given value.
+
+### HasChromeRemoteDesktopAppBlocked
+
+`func (o *DTCMacOS) HasChromeRemoteDesktopAppBlocked() bool`
+
+HasChromeRemoteDesktopAppBlocked returns a boolean if a field has been set.
+
+### GetDeviceEnrollmentDomain
+
+`func (o *DTCMacOS) GetDeviceEnrollmentDomain() string`
+
+GetDeviceEnrollmentDomain returns the DeviceEnrollmentDomain field if non-nil, zero value otherwise.
+
+### GetDeviceEnrollmentDomainOk
+
+`func (o *DTCMacOS) GetDeviceEnrollmentDomainOk() (*string, bool)`
+
+GetDeviceEnrollmentDomainOk returns a tuple with the DeviceEnrollmentDomain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceEnrollmentDomain
+
+`func (o *DTCMacOS) SetDeviceEnrollmentDomain(v string)`
+
+SetDeviceEnrollmentDomain sets DeviceEnrollmentDomain field to given value.
+
+### HasDeviceEnrollmentDomain
+
+`func (o *DTCMacOS) HasDeviceEnrollmentDomain() bool`
+
+HasDeviceEnrollmentDomain returns a boolean if a field has been set.
+
+### GetDiskEnrypted
+
+`func (o *DTCMacOS) GetDiskEnrypted() bool`
+
+GetDiskEnrypted returns the DiskEnrypted field if non-nil, zero value otherwise.
+
+### GetDiskEnryptedOk
+
+`func (o *DTCMacOS) GetDiskEnryptedOk() (*bool, bool)`
+
+GetDiskEnryptedOk returns a tuple with the DiskEnrypted field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEnrypted
+
+`func (o *DTCMacOS) SetDiskEnrypted(v bool)`
+
+SetDiskEnrypted sets DiskEnrypted field to given value.
+
+### HasDiskEnrypted
+
+`func (o *DTCMacOS) HasDiskEnrypted() bool`
+
+HasDiskEnrypted returns a boolean if a field has been set.
+
+### GetKeyTrustLevel
+
+`func (o *DTCMacOS) GetKeyTrustLevel() KeyTrustLevelBrowserKey`
+
+GetKeyTrustLevel returns the KeyTrustLevel field if non-nil, zero value otherwise.
+
+### GetKeyTrustLevelOk
+
+`func (o *DTCMacOS) GetKeyTrustLevelOk() (*KeyTrustLevelBrowserKey, bool)`
+
+GetKeyTrustLevelOk returns a tuple with the KeyTrustLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKeyTrustLevel
+
+`func (o *DTCMacOS) SetKeyTrustLevel(v KeyTrustLevelBrowserKey)`
+
+SetKeyTrustLevel sets KeyTrustLevel field to given value.
+
+### HasKeyTrustLevel
+
+`func (o *DTCMacOS) HasKeyTrustLevel() bool`
+
+HasKeyTrustLevel returns a boolean if a field has been set.
+
+### GetOsFirewall
+
+`func (o *DTCMacOS) GetOsFirewall() bool`
+
+GetOsFirewall returns the OsFirewall field if non-nil, zero value otherwise.
+
+### GetOsFirewallOk
+
+`func (o *DTCMacOS) GetOsFirewallOk() (*bool, bool)`
+
+GetOsFirewallOk returns a tuple with the OsFirewall field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsFirewall
+
+`func (o *DTCMacOS) SetOsFirewall(v bool)`
+
+SetOsFirewall sets OsFirewall field to given value.
+
+### HasOsFirewall
+
+`func (o *DTCMacOS) HasOsFirewall() bool`
+
+HasOsFirewall returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DTCMacOS) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DTCMacOS) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DTCMacOS) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DTCMacOS) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetPasswordProtectionWarningTrigger
+
+`func (o *DTCMacOS) GetPasswordProtectionWarningTrigger() PasswordProtectionWarningTrigger`
+
+GetPasswordProtectionWarningTrigger returns the PasswordProtectionWarningTrigger field if non-nil, zero value otherwise.
+
+### GetPasswordProtectionWarningTriggerOk
+
+`func (o *DTCMacOS) GetPasswordProtectionWarningTriggerOk() (*PasswordProtectionWarningTrigger, bool)`
+
+GetPasswordProtectionWarningTriggerOk returns a tuple with the PasswordProtectionWarningTrigger field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordProtectionWarningTrigger
+
+`func (o *DTCMacOS) SetPasswordProtectionWarningTrigger(v PasswordProtectionWarningTrigger)`
+
+SetPasswordProtectionWarningTrigger sets PasswordProtectionWarningTrigger field to given value.
+
+### HasPasswordProtectionWarningTrigger
+
+`func (o *DTCMacOS) HasPasswordProtectionWarningTrigger() bool`
+
+HasPasswordProtectionWarningTrigger returns a boolean if a field has been set.
+
+### GetRealtimeUrlCheckMode
+
+`func (o *DTCMacOS) GetRealtimeUrlCheckMode() bool`
+
+GetRealtimeUrlCheckMode returns the RealtimeUrlCheckMode field if non-nil, zero value otherwise.
+
+### GetRealtimeUrlCheckModeOk
+
+`func (o *DTCMacOS) GetRealtimeUrlCheckModeOk() (*bool, bool)`
+
+GetRealtimeUrlCheckModeOk returns a tuple with the RealtimeUrlCheckMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRealtimeUrlCheckMode
+
+`func (o *DTCMacOS) SetRealtimeUrlCheckMode(v bool)`
+
+SetRealtimeUrlCheckMode sets RealtimeUrlCheckMode field to given value.
+
+### HasRealtimeUrlCheckMode
+
+`func (o *DTCMacOS) HasRealtimeUrlCheckMode() bool`
+
+HasRealtimeUrlCheckMode returns a boolean if a field has been set.
+
+### GetSafeBrowsingProtectionLevel
+
+`func (o *DTCMacOS) GetSafeBrowsingProtectionLevel() SafeBrowsingProtectionLevel`
+
+GetSafeBrowsingProtectionLevel returns the SafeBrowsingProtectionLevel field if non-nil, zero value otherwise.
+
+### GetSafeBrowsingProtectionLevelOk
+
+`func (o *DTCMacOS) GetSafeBrowsingProtectionLevelOk() (*SafeBrowsingProtectionLevel, bool)`
+
+GetSafeBrowsingProtectionLevelOk returns a tuple with the SafeBrowsingProtectionLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSafeBrowsingProtectionLevel
+
+`func (o *DTCMacOS) SetSafeBrowsingProtectionLevel(v SafeBrowsingProtectionLevel)`
+
+SetSafeBrowsingProtectionLevel sets SafeBrowsingProtectionLevel field to given value.
+
+### HasSafeBrowsingProtectionLevel
+
+`func (o *DTCMacOS) HasSafeBrowsingProtectionLevel() bool`
+
+HasSafeBrowsingProtectionLevel returns a boolean if a field has been set.
+
+### GetScreenLockSecured
+
+`func (o *DTCMacOS) GetScreenLockSecured() bool`
+
+GetScreenLockSecured returns the ScreenLockSecured field if non-nil, zero value otherwise.
+
+### GetScreenLockSecuredOk
+
+`func (o *DTCMacOS) GetScreenLockSecuredOk() (*bool, bool)`
+
+GetScreenLockSecuredOk returns a tuple with the ScreenLockSecured field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockSecured
+
+`func (o *DTCMacOS) SetScreenLockSecured(v bool)`
+
+SetScreenLockSecured sets ScreenLockSecured field to given value.
+
+### HasScreenLockSecured
+
+`func (o *DTCMacOS) HasScreenLockSecured() bool`
+
+HasScreenLockSecured returns a boolean if a field has been set.
+
+### GetSiteIsolationEnabled
+
+`func (o *DTCMacOS) GetSiteIsolationEnabled() bool`
+
+GetSiteIsolationEnabled returns the SiteIsolationEnabled field if non-nil, zero value otherwise.
+
+### GetSiteIsolationEnabledOk
+
+`func (o *DTCMacOS) GetSiteIsolationEnabledOk() (*bool, bool)`
+
+GetSiteIsolationEnabledOk returns a tuple with the SiteIsolationEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSiteIsolationEnabled
+
+`func (o *DTCMacOS) SetSiteIsolationEnabled(v bool)`
+
+SetSiteIsolationEnabled sets SiteIsolationEnabled field to given value.
+
+### HasSiteIsolationEnabled
+
+`func (o *DTCMacOS) HasSiteIsolationEnabled() bool`
+
+HasSiteIsolationEnabled returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DTCWindows.md b/okta/docs/DTCWindows.md
new file mode 100644
index 000000000..e8b31681d
--- /dev/null
+++ b/okta/docs/DTCWindows.md
@@ -0,0 +1,524 @@
+# DTCWindows
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BrowserVersion** | Pointer to [**ChromeBrowserVersion**](ChromeBrowserVersion.md) |  | [optional] 
+**BuiltInDnsClientEnabled** | Pointer to **bool** | Indicates if a software stack is used to communicate with the DNS server | [optional] 
+**ChromeRemoteDesktopAppBlocked** | Pointer to **bool** | Indicates whether access to the Chrome Remote Desktop application is blocked through a policy | [optional] 
+**CrowdStrikeAgentId** | Pointer to **string** | Agent ID of an installed CrowdStrike agent | [optional] 
+**CrowdStrikeCustomerId** | Pointer to **string** | Customer ID of an installed CrowdStrike agent | [optional] 
+**DeviceEnrollmentDomain** | Pointer to **string** | Enrollment domain of the customer that is currently managing the device | [optional] 
+**DiskEnrypted** | Pointer to **bool** | Indicates whether the main disk is encrypted | [optional] 
+**KeyTrustLevel** | Pointer to [**KeyTrustLevelBrowserKey**](KeyTrustLevelBrowserKey.md) |  | [optional] 
+**OsFirewall** | Pointer to **bool** | Indicates whether a firewall is enabled at the OS-level on the device | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**PasswordProtectionWarningTrigger** | Pointer to [**PasswordProtectionWarningTrigger**](PasswordProtectionWarningTrigger.md) |  | [optional] 
+**RealtimeUrlCheckMode** | Pointer to **bool** | Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled | [optional] 
+**SafeBrowsingProtectionLevel** | Pointer to [**SafeBrowsingProtectionLevel**](SafeBrowsingProtectionLevel.md) |  | [optional] 
+**ScreenLockSecured** | Pointer to **bool** | Indicates whether the device is password-protected | [optional] 
+**SecureBootEnabled** | Pointer to **bool** | Indicates whether the device&#39;s startup software has its Secure Boot feature enabled | [optional] 
+**SiteIsolationEnabled** | Pointer to **bool** | Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled | [optional] 
+**ThirdPartyBlockingEnabled** | Pointer to **bool** | Indicates whether Chrome is blocking third-party software injection | [optional] 
+**WindowsMachineDomain** | Pointer to **string** | Windows domain that the current machine has joined | [optional] 
+**WindowsUserDomain** | Pointer to **string** | Windows domain for the current OS user | [optional] 
+
+## Methods
+
+### NewDTCWindows
+
+`func NewDTCWindows() *DTCWindows`
+
+NewDTCWindows instantiates a new DTCWindows object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDTCWindowsWithDefaults
+
+`func NewDTCWindowsWithDefaults() *DTCWindows`
+
+NewDTCWindowsWithDefaults instantiates a new DTCWindows object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrowserVersion
+
+`func (o *DTCWindows) GetBrowserVersion() ChromeBrowserVersion`
+
+GetBrowserVersion returns the BrowserVersion field if non-nil, zero value otherwise.
+
+### GetBrowserVersionOk
+
+`func (o *DTCWindows) GetBrowserVersionOk() (*ChromeBrowserVersion, bool)`
+
+GetBrowserVersionOk returns a tuple with the BrowserVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrowserVersion
+
+`func (o *DTCWindows) SetBrowserVersion(v ChromeBrowserVersion)`
+
+SetBrowserVersion sets BrowserVersion field to given value.
+
+### HasBrowserVersion
+
+`func (o *DTCWindows) HasBrowserVersion() bool`
+
+HasBrowserVersion returns a boolean if a field has been set.
+
+### GetBuiltInDnsClientEnabled
+
+`func (o *DTCWindows) GetBuiltInDnsClientEnabled() bool`
+
+GetBuiltInDnsClientEnabled returns the BuiltInDnsClientEnabled field if non-nil, zero value otherwise.
+
+### GetBuiltInDnsClientEnabledOk
+
+`func (o *DTCWindows) GetBuiltInDnsClientEnabledOk() (*bool, bool)`
+
+GetBuiltInDnsClientEnabledOk returns a tuple with the BuiltInDnsClientEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBuiltInDnsClientEnabled
+
+`func (o *DTCWindows) SetBuiltInDnsClientEnabled(v bool)`
+
+SetBuiltInDnsClientEnabled sets BuiltInDnsClientEnabled field to given value.
+
+### HasBuiltInDnsClientEnabled
+
+`func (o *DTCWindows) HasBuiltInDnsClientEnabled() bool`
+
+HasBuiltInDnsClientEnabled returns a boolean if a field has been set.
+
+### GetChromeRemoteDesktopAppBlocked
+
+`func (o *DTCWindows) GetChromeRemoteDesktopAppBlocked() bool`
+
+GetChromeRemoteDesktopAppBlocked returns the ChromeRemoteDesktopAppBlocked field if non-nil, zero value otherwise.
+
+### GetChromeRemoteDesktopAppBlockedOk
+
+`func (o *DTCWindows) GetChromeRemoteDesktopAppBlockedOk() (*bool, bool)`
+
+GetChromeRemoteDesktopAppBlockedOk returns a tuple with the ChromeRemoteDesktopAppBlocked field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChromeRemoteDesktopAppBlocked
+
+`func (o *DTCWindows) SetChromeRemoteDesktopAppBlocked(v bool)`
+
+SetChromeRemoteDesktopAppBlocked sets ChromeRemoteDesktopAppBlocked field to given value.
+
+### HasChromeRemoteDesktopAppBlocked
+
+`func (o *DTCWindows) HasChromeRemoteDesktopAppBlocked() bool`
+
+HasChromeRemoteDesktopAppBlocked returns a boolean if a field has been set.
+
+### GetCrowdStrikeAgentId
+
+`func (o *DTCWindows) GetCrowdStrikeAgentId() string`
+
+GetCrowdStrikeAgentId returns the CrowdStrikeAgentId field if non-nil, zero value otherwise.
+
+### GetCrowdStrikeAgentIdOk
+
+`func (o *DTCWindows) GetCrowdStrikeAgentIdOk() (*string, bool)`
+
+GetCrowdStrikeAgentIdOk returns a tuple with the CrowdStrikeAgentId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCrowdStrikeAgentId
+
+`func (o *DTCWindows) SetCrowdStrikeAgentId(v string)`
+
+SetCrowdStrikeAgentId sets CrowdStrikeAgentId field to given value.
+
+### HasCrowdStrikeAgentId
+
+`func (o *DTCWindows) HasCrowdStrikeAgentId() bool`
+
+HasCrowdStrikeAgentId returns a boolean if a field has been set.
+
+### GetCrowdStrikeCustomerId
+
+`func (o *DTCWindows) GetCrowdStrikeCustomerId() string`
+
+GetCrowdStrikeCustomerId returns the CrowdStrikeCustomerId field if non-nil, zero value otherwise.
+
+### GetCrowdStrikeCustomerIdOk
+
+`func (o *DTCWindows) GetCrowdStrikeCustomerIdOk() (*string, bool)`
+
+GetCrowdStrikeCustomerIdOk returns a tuple with the CrowdStrikeCustomerId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCrowdStrikeCustomerId
+
+`func (o *DTCWindows) SetCrowdStrikeCustomerId(v string)`
+
+SetCrowdStrikeCustomerId sets CrowdStrikeCustomerId field to given value.
+
+### HasCrowdStrikeCustomerId
+
+`func (o *DTCWindows) HasCrowdStrikeCustomerId() bool`
+
+HasCrowdStrikeCustomerId returns a boolean if a field has been set.
+
+### GetDeviceEnrollmentDomain
+
+`func (o *DTCWindows) GetDeviceEnrollmentDomain() string`
+
+GetDeviceEnrollmentDomain returns the DeviceEnrollmentDomain field if non-nil, zero value otherwise.
+
+### GetDeviceEnrollmentDomainOk
+
+`func (o *DTCWindows) GetDeviceEnrollmentDomainOk() (*string, bool)`
+
+GetDeviceEnrollmentDomainOk returns a tuple with the DeviceEnrollmentDomain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceEnrollmentDomain
+
+`func (o *DTCWindows) SetDeviceEnrollmentDomain(v string)`
+
+SetDeviceEnrollmentDomain sets DeviceEnrollmentDomain field to given value.
+
+### HasDeviceEnrollmentDomain
+
+`func (o *DTCWindows) HasDeviceEnrollmentDomain() bool`
+
+HasDeviceEnrollmentDomain returns a boolean if a field has been set.
+
+### GetDiskEnrypted
+
+`func (o *DTCWindows) GetDiskEnrypted() bool`
+
+GetDiskEnrypted returns the DiskEnrypted field if non-nil, zero value otherwise.
+
+### GetDiskEnryptedOk
+
+`func (o *DTCWindows) GetDiskEnryptedOk() (*bool, bool)`
+
+GetDiskEnryptedOk returns a tuple with the DiskEnrypted field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEnrypted
+
+`func (o *DTCWindows) SetDiskEnrypted(v bool)`
+
+SetDiskEnrypted sets DiskEnrypted field to given value.
+
+### HasDiskEnrypted
+
+`func (o *DTCWindows) HasDiskEnrypted() bool`
+
+HasDiskEnrypted returns a boolean if a field has been set.
+
+### GetKeyTrustLevel
+
+`func (o *DTCWindows) GetKeyTrustLevel() KeyTrustLevelBrowserKey`
+
+GetKeyTrustLevel returns the KeyTrustLevel field if non-nil, zero value otherwise.
+
+### GetKeyTrustLevelOk
+
+`func (o *DTCWindows) GetKeyTrustLevelOk() (*KeyTrustLevelBrowserKey, bool)`
+
+GetKeyTrustLevelOk returns a tuple with the KeyTrustLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKeyTrustLevel
+
+`func (o *DTCWindows) SetKeyTrustLevel(v KeyTrustLevelBrowserKey)`
+
+SetKeyTrustLevel sets KeyTrustLevel field to given value.
+
+### HasKeyTrustLevel
+
+`func (o *DTCWindows) HasKeyTrustLevel() bool`
+
+HasKeyTrustLevel returns a boolean if a field has been set.
+
+### GetOsFirewall
+
+`func (o *DTCWindows) GetOsFirewall() bool`
+
+GetOsFirewall returns the OsFirewall field if non-nil, zero value otherwise.
+
+### GetOsFirewallOk
+
+`func (o *DTCWindows) GetOsFirewallOk() (*bool, bool)`
+
+GetOsFirewallOk returns a tuple with the OsFirewall field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsFirewall
+
+`func (o *DTCWindows) SetOsFirewall(v bool)`
+
+SetOsFirewall sets OsFirewall field to given value.
+
+### HasOsFirewall
+
+`func (o *DTCWindows) HasOsFirewall() bool`
+
+HasOsFirewall returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DTCWindows) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DTCWindows) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DTCWindows) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DTCWindows) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetPasswordProtectionWarningTrigger
+
+`func (o *DTCWindows) GetPasswordProtectionWarningTrigger() PasswordProtectionWarningTrigger`
+
+GetPasswordProtectionWarningTrigger returns the PasswordProtectionWarningTrigger field if non-nil, zero value otherwise.
+
+### GetPasswordProtectionWarningTriggerOk
+
+`func (o *DTCWindows) GetPasswordProtectionWarningTriggerOk() (*PasswordProtectionWarningTrigger, bool)`
+
+GetPasswordProtectionWarningTriggerOk returns a tuple with the PasswordProtectionWarningTrigger field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordProtectionWarningTrigger
+
+`func (o *DTCWindows) SetPasswordProtectionWarningTrigger(v PasswordProtectionWarningTrigger)`
+
+SetPasswordProtectionWarningTrigger sets PasswordProtectionWarningTrigger field to given value.
+
+### HasPasswordProtectionWarningTrigger
+
+`func (o *DTCWindows) HasPasswordProtectionWarningTrigger() bool`
+
+HasPasswordProtectionWarningTrigger returns a boolean if a field has been set.
+
+### GetRealtimeUrlCheckMode
+
+`func (o *DTCWindows) GetRealtimeUrlCheckMode() bool`
+
+GetRealtimeUrlCheckMode returns the RealtimeUrlCheckMode field if non-nil, zero value otherwise.
+
+### GetRealtimeUrlCheckModeOk
+
+`func (o *DTCWindows) GetRealtimeUrlCheckModeOk() (*bool, bool)`
+
+GetRealtimeUrlCheckModeOk returns a tuple with the RealtimeUrlCheckMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRealtimeUrlCheckMode
+
+`func (o *DTCWindows) SetRealtimeUrlCheckMode(v bool)`
+
+SetRealtimeUrlCheckMode sets RealtimeUrlCheckMode field to given value.
+
+### HasRealtimeUrlCheckMode
+
+`func (o *DTCWindows) HasRealtimeUrlCheckMode() bool`
+
+HasRealtimeUrlCheckMode returns a boolean if a field has been set.
+
+### GetSafeBrowsingProtectionLevel
+
+`func (o *DTCWindows) GetSafeBrowsingProtectionLevel() SafeBrowsingProtectionLevel`
+
+GetSafeBrowsingProtectionLevel returns the SafeBrowsingProtectionLevel field if non-nil, zero value otherwise.
+
+### GetSafeBrowsingProtectionLevelOk
+
+`func (o *DTCWindows) GetSafeBrowsingProtectionLevelOk() (*SafeBrowsingProtectionLevel, bool)`
+
+GetSafeBrowsingProtectionLevelOk returns a tuple with the SafeBrowsingProtectionLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSafeBrowsingProtectionLevel
+
+`func (o *DTCWindows) SetSafeBrowsingProtectionLevel(v SafeBrowsingProtectionLevel)`
+
+SetSafeBrowsingProtectionLevel sets SafeBrowsingProtectionLevel field to given value.
+
+### HasSafeBrowsingProtectionLevel
+
+`func (o *DTCWindows) HasSafeBrowsingProtectionLevel() bool`
+
+HasSafeBrowsingProtectionLevel returns a boolean if a field has been set.
+
+### GetScreenLockSecured
+
+`func (o *DTCWindows) GetScreenLockSecured() bool`
+
+GetScreenLockSecured returns the ScreenLockSecured field if non-nil, zero value otherwise.
+
+### GetScreenLockSecuredOk
+
+`func (o *DTCWindows) GetScreenLockSecuredOk() (*bool, bool)`
+
+GetScreenLockSecuredOk returns a tuple with the ScreenLockSecured field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockSecured
+
+`func (o *DTCWindows) SetScreenLockSecured(v bool)`
+
+SetScreenLockSecured sets ScreenLockSecured field to given value.
+
+### HasScreenLockSecured
+
+`func (o *DTCWindows) HasScreenLockSecured() bool`
+
+HasScreenLockSecured returns a boolean if a field has been set.
+
+### GetSecureBootEnabled
+
+`func (o *DTCWindows) GetSecureBootEnabled() bool`
+
+GetSecureBootEnabled returns the SecureBootEnabled field if non-nil, zero value otherwise.
+
+### GetSecureBootEnabledOk
+
+`func (o *DTCWindows) GetSecureBootEnabledOk() (*bool, bool)`
+
+GetSecureBootEnabledOk returns a tuple with the SecureBootEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureBootEnabled
+
+`func (o *DTCWindows) SetSecureBootEnabled(v bool)`
+
+SetSecureBootEnabled sets SecureBootEnabled field to given value.
+
+### HasSecureBootEnabled
+
+`func (o *DTCWindows) HasSecureBootEnabled() bool`
+
+HasSecureBootEnabled returns a boolean if a field has been set.
+
+### GetSiteIsolationEnabled
+
+`func (o *DTCWindows) GetSiteIsolationEnabled() bool`
+
+GetSiteIsolationEnabled returns the SiteIsolationEnabled field if non-nil, zero value otherwise.
+
+### GetSiteIsolationEnabledOk
+
+`func (o *DTCWindows) GetSiteIsolationEnabledOk() (*bool, bool)`
+
+GetSiteIsolationEnabledOk returns a tuple with the SiteIsolationEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSiteIsolationEnabled
+
+`func (o *DTCWindows) SetSiteIsolationEnabled(v bool)`
+
+SetSiteIsolationEnabled sets SiteIsolationEnabled field to given value.
+
+### HasSiteIsolationEnabled
+
+`func (o *DTCWindows) HasSiteIsolationEnabled() bool`
+
+HasSiteIsolationEnabled returns a boolean if a field has been set.
+
+### GetThirdPartyBlockingEnabled
+
+`func (o *DTCWindows) GetThirdPartyBlockingEnabled() bool`
+
+GetThirdPartyBlockingEnabled returns the ThirdPartyBlockingEnabled field if non-nil, zero value otherwise.
+
+### GetThirdPartyBlockingEnabledOk
+
+`func (o *DTCWindows) GetThirdPartyBlockingEnabledOk() (*bool, bool)`
+
+GetThirdPartyBlockingEnabledOk returns a tuple with the ThirdPartyBlockingEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartyBlockingEnabled
+
+`func (o *DTCWindows) SetThirdPartyBlockingEnabled(v bool)`
+
+SetThirdPartyBlockingEnabled sets ThirdPartyBlockingEnabled field to given value.
+
+### HasThirdPartyBlockingEnabled
+
+`func (o *DTCWindows) HasThirdPartyBlockingEnabled() bool`
+
+HasThirdPartyBlockingEnabled returns a boolean if a field has been set.
+
+### GetWindowsMachineDomain
+
+`func (o *DTCWindows) GetWindowsMachineDomain() string`
+
+GetWindowsMachineDomain returns the WindowsMachineDomain field if non-nil, zero value otherwise.
+
+### GetWindowsMachineDomainOk
+
+`func (o *DTCWindows) GetWindowsMachineDomainOk() (*string, bool)`
+
+GetWindowsMachineDomainOk returns a tuple with the WindowsMachineDomain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWindowsMachineDomain
+
+`func (o *DTCWindows) SetWindowsMachineDomain(v string)`
+
+SetWindowsMachineDomain sets WindowsMachineDomain field to given value.
+
+### HasWindowsMachineDomain
+
+`func (o *DTCWindows) HasWindowsMachineDomain() bool`
+
+HasWindowsMachineDomain returns a boolean if a field has been set.
+
+### GetWindowsUserDomain
+
+`func (o *DTCWindows) GetWindowsUserDomain() string`
+
+GetWindowsUserDomain returns the WindowsUserDomain field if non-nil, zero value otherwise.
+
+### GetWindowsUserDomainOk
+
+`func (o *DTCWindows) GetWindowsUserDomainOk() (*string, bool)`
+
+GetWindowsUserDomainOk returns a tuple with the WindowsUserDomain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWindowsUserDomain
+
+`func (o *DTCWindows) SetWindowsUserDomain(v string)`
+
+SetWindowsUserDomain sets WindowsUserDomain field to given value.
+
+### HasWindowsUserDomain
+
+`func (o *DTCWindows) HasWindowsUserDomain() bool`
+
+HasWindowsUserDomain returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Device.md b/okta/docs/Device.md
new file mode 100644
index 000000000..8da34271b
--- /dev/null
+++ b/okta/docs/Device.md
@@ -0,0 +1,290 @@
+# Device
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the device was created | [optional] [readonly] 
+**Id** | Pointer to **string** | Unique key for the device | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the device was last updated | [optional] [readonly] 
+**Profile** | Pointer to [**DeviceProfile**](DeviceProfile.md) |  | [optional] 
+**ResourceAlternateId** | Pointer to **string** |  | [optional] [readonly] 
+**ResourceDisplayName** | Pointer to [**DeviceDisplayName**](DeviceDisplayName.md) |  | [optional] 
+**ResourceId** | Pointer to **string** | Alternate key for the &#x60;id&#x60; | [optional] [readonly] 
+**ResourceType** | Pointer to **string** |  | [optional] [readonly] [default to "UDDevice"]
+**Status** | Pointer to [**DeviceStatus**](DeviceStatus.md) |  | [optional] 
+**Links** | Pointer to [**DeviceLinks**](DeviceLinks.md) |  | [optional] 
+
+## Methods
+
+### NewDevice
+
+`func NewDevice() *Device`
+
+NewDevice instantiates a new Device object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceWithDefaults
+
+`func NewDeviceWithDefaults() *Device`
+
+NewDeviceWithDefaults instantiates a new Device object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *Device) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Device) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Device) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Device) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Device) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Device) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Device) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Device) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *Device) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *Device) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *Device) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *Device) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *Device) GetProfile() DeviceProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *Device) GetProfileOk() (*DeviceProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *Device) SetProfile(v DeviceProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *Device) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetResourceAlternateId
+
+`func (o *Device) GetResourceAlternateId() string`
+
+GetResourceAlternateId returns the ResourceAlternateId field if non-nil, zero value otherwise.
+
+### GetResourceAlternateIdOk
+
+`func (o *Device) GetResourceAlternateIdOk() (*string, bool)`
+
+GetResourceAlternateIdOk returns a tuple with the ResourceAlternateId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResourceAlternateId
+
+`func (o *Device) SetResourceAlternateId(v string)`
+
+SetResourceAlternateId sets ResourceAlternateId field to given value.
+
+### HasResourceAlternateId
+
+`func (o *Device) HasResourceAlternateId() bool`
+
+HasResourceAlternateId returns a boolean if a field has been set.
+
+### GetResourceDisplayName
+
+`func (o *Device) GetResourceDisplayName() DeviceDisplayName`
+
+GetResourceDisplayName returns the ResourceDisplayName field if non-nil, zero value otherwise.
+
+### GetResourceDisplayNameOk
+
+`func (o *Device) GetResourceDisplayNameOk() (*DeviceDisplayName, bool)`
+
+GetResourceDisplayNameOk returns a tuple with the ResourceDisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResourceDisplayName
+
+`func (o *Device) SetResourceDisplayName(v DeviceDisplayName)`
+
+SetResourceDisplayName sets ResourceDisplayName field to given value.
+
+### HasResourceDisplayName
+
+`func (o *Device) HasResourceDisplayName() bool`
+
+HasResourceDisplayName returns a boolean if a field has been set.
+
+### GetResourceId
+
+`func (o *Device) GetResourceId() string`
+
+GetResourceId returns the ResourceId field if non-nil, zero value otherwise.
+
+### GetResourceIdOk
+
+`func (o *Device) GetResourceIdOk() (*string, bool)`
+
+GetResourceIdOk returns a tuple with the ResourceId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResourceId
+
+`func (o *Device) SetResourceId(v string)`
+
+SetResourceId sets ResourceId field to given value.
+
+### HasResourceId
+
+`func (o *Device) HasResourceId() bool`
+
+HasResourceId returns a boolean if a field has been set.
+
+### GetResourceType
+
+`func (o *Device) GetResourceType() string`
+
+GetResourceType returns the ResourceType field if non-nil, zero value otherwise.
+
+### GetResourceTypeOk
+
+`func (o *Device) GetResourceTypeOk() (*string, bool)`
+
+GetResourceTypeOk returns a tuple with the ResourceType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResourceType
+
+`func (o *Device) SetResourceType(v string)`
+
+SetResourceType sets ResourceType field to given value.
+
+### HasResourceType
+
+`func (o *Device) HasResourceType() bool`
+
+HasResourceType returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Device) GetStatus() DeviceStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Device) GetStatusOk() (*DeviceStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Device) SetStatus(v DeviceStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Device) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Device) GetLinks() DeviceLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Device) GetLinksOk() (*DeviceLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Device) SetLinks(v DeviceLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Device) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAccessPolicyRuleCondition.md b/okta/docs/DeviceAccessPolicyRuleCondition.md
new file mode 100644
index 000000000..d41ec43d3
--- /dev/null
+++ b/okta/docs/DeviceAccessPolicyRuleCondition.md
@@ -0,0 +1,186 @@
+# DeviceAccessPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Migrated** | Pointer to **bool** |  | [optional] 
+**Platform** | Pointer to [**DevicePolicyRuleConditionPlatform**](DevicePolicyRuleConditionPlatform.md) |  | [optional] 
+**Rooted** | Pointer to **bool** |  | [optional] 
+**TrustLevel** | Pointer to [**DevicePolicyTrustLevel**](DevicePolicyTrustLevel.md) |  | [optional] 
+**Managed** | Pointer to **bool** |  | [optional] 
+**Registered** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewDeviceAccessPolicyRuleCondition
+
+`func NewDeviceAccessPolicyRuleCondition() *DeviceAccessPolicyRuleCondition`
+
+NewDeviceAccessPolicyRuleCondition instantiates a new DeviceAccessPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAccessPolicyRuleConditionWithDefaults
+
+`func NewDeviceAccessPolicyRuleConditionWithDefaults() *DeviceAccessPolicyRuleCondition`
+
+NewDeviceAccessPolicyRuleConditionWithDefaults instantiates a new DeviceAccessPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMigrated
+
+`func (o *DeviceAccessPolicyRuleCondition) GetMigrated() bool`
+
+GetMigrated returns the Migrated field if non-nil, zero value otherwise.
+
+### GetMigratedOk
+
+`func (o *DeviceAccessPolicyRuleCondition) GetMigratedOk() (*bool, bool)`
+
+GetMigratedOk returns a tuple with the Migrated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMigrated
+
+`func (o *DeviceAccessPolicyRuleCondition) SetMigrated(v bool)`
+
+SetMigrated sets Migrated field to given value.
+
+### HasMigrated
+
+`func (o *DeviceAccessPolicyRuleCondition) HasMigrated() bool`
+
+HasMigrated returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *DeviceAccessPolicyRuleCondition) GetPlatform() DevicePolicyRuleConditionPlatform`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *DeviceAccessPolicyRuleCondition) GetPlatformOk() (*DevicePolicyRuleConditionPlatform, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *DeviceAccessPolicyRuleCondition) SetPlatform(v DevicePolicyRuleConditionPlatform)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *DeviceAccessPolicyRuleCondition) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRooted
+
+`func (o *DeviceAccessPolicyRuleCondition) GetRooted() bool`
+
+GetRooted returns the Rooted field if non-nil, zero value otherwise.
+
+### GetRootedOk
+
+`func (o *DeviceAccessPolicyRuleCondition) GetRootedOk() (*bool, bool)`
+
+GetRootedOk returns a tuple with the Rooted field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRooted
+
+`func (o *DeviceAccessPolicyRuleCondition) SetRooted(v bool)`
+
+SetRooted sets Rooted field to given value.
+
+### HasRooted
+
+`func (o *DeviceAccessPolicyRuleCondition) HasRooted() bool`
+
+HasRooted returns a boolean if a field has been set.
+
+### GetTrustLevel
+
+`func (o *DeviceAccessPolicyRuleCondition) GetTrustLevel() DevicePolicyTrustLevel`
+
+GetTrustLevel returns the TrustLevel field if non-nil, zero value otherwise.
+
+### GetTrustLevelOk
+
+`func (o *DeviceAccessPolicyRuleCondition) GetTrustLevelOk() (*DevicePolicyTrustLevel, bool)`
+
+GetTrustLevelOk returns a tuple with the TrustLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTrustLevel
+
+`func (o *DeviceAccessPolicyRuleCondition) SetTrustLevel(v DevicePolicyTrustLevel)`
+
+SetTrustLevel sets TrustLevel field to given value.
+
+### HasTrustLevel
+
+`func (o *DeviceAccessPolicyRuleCondition) HasTrustLevel() bool`
+
+HasTrustLevel returns a boolean if a field has been set.
+
+### GetManaged
+
+`func (o *DeviceAccessPolicyRuleCondition) GetManaged() bool`
+
+GetManaged returns the Managed field if non-nil, zero value otherwise.
+
+### GetManagedOk
+
+`func (o *DeviceAccessPolicyRuleCondition) GetManagedOk() (*bool, bool)`
+
+GetManagedOk returns a tuple with the Managed field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetManaged
+
+`func (o *DeviceAccessPolicyRuleCondition) SetManaged(v bool)`
+
+SetManaged sets Managed field to given value.
+
+### HasManaged
+
+`func (o *DeviceAccessPolicyRuleCondition) HasManaged() bool`
+
+HasManaged returns a boolean if a field has been set.
+
+### GetRegistered
+
+`func (o *DeviceAccessPolicyRuleCondition) GetRegistered() bool`
+
+GetRegistered returns the Registered field if non-nil, zero value otherwise.
+
+### GetRegisteredOk
+
+`func (o *DeviceAccessPolicyRuleCondition) GetRegisteredOk() (*bool, bool)`
+
+GetRegisteredOk returns a tuple with the Registered field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegistered
+
+`func (o *DeviceAccessPolicyRuleCondition) SetRegistered(v bool)`
+
+SetRegistered sets Registered field to given value.
+
+### HasRegistered
+
+`func (o *DeviceAccessPolicyRuleCondition) HasRegistered() bool`
+
+HasRegistered returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAccessPolicyRuleConditionAllOf.md b/okta/docs/DeviceAccessPolicyRuleConditionAllOf.md
new file mode 100644
index 000000000..c9bb765fc
--- /dev/null
+++ b/okta/docs/DeviceAccessPolicyRuleConditionAllOf.md
@@ -0,0 +1,82 @@
+# DeviceAccessPolicyRuleConditionAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Managed** | Pointer to **bool** |  | [optional] 
+**Registered** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewDeviceAccessPolicyRuleConditionAllOf
+
+`func NewDeviceAccessPolicyRuleConditionAllOf() *DeviceAccessPolicyRuleConditionAllOf`
+
+NewDeviceAccessPolicyRuleConditionAllOf instantiates a new DeviceAccessPolicyRuleConditionAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAccessPolicyRuleConditionAllOfWithDefaults
+
+`func NewDeviceAccessPolicyRuleConditionAllOfWithDefaults() *DeviceAccessPolicyRuleConditionAllOf`
+
+NewDeviceAccessPolicyRuleConditionAllOfWithDefaults instantiates a new DeviceAccessPolicyRuleConditionAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetManaged
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) GetManaged() bool`
+
+GetManaged returns the Managed field if non-nil, zero value otherwise.
+
+### GetManagedOk
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) GetManagedOk() (*bool, bool)`
+
+GetManagedOk returns a tuple with the Managed field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetManaged
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) SetManaged(v bool)`
+
+SetManaged sets Managed field to given value.
+
+### HasManaged
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) HasManaged() bool`
+
+HasManaged returns a boolean if a field has been set.
+
+### GetRegistered
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) GetRegistered() bool`
+
+GetRegistered returns the Registered field if non-nil, zero value otherwise.
+
+### GetRegisteredOk
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) GetRegisteredOk() (*bool, bool)`
+
+GetRegisteredOk returns a tuple with the Registered field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegistered
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) SetRegistered(v bool)`
+
+SetRegistered sets Registered field to given value.
+
+### HasRegistered
+
+`func (o *DeviceAccessPolicyRuleConditionAllOf) HasRegistered() bool`
+
+HasRegistered returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceApi.md b/okta/docs/DeviceApi.md
new file mode 100644
index 000000000..62a3e16d3
--- /dev/null
+++ b/okta/docs/DeviceApi.md
@@ -0,0 +1,495 @@
+# \DeviceApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateDevice**](DeviceApi.md#ActivateDevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/activate | Activate a Device
+[**DeactivateDevice**](DeviceApi.md#DeactivateDevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/deactivate | Deactivate a Device
+[**DeleteDevice**](DeviceApi.md#DeleteDevice) | **Delete** /api/v1/devices/{deviceId} | Delete a Device
+[**GetDevice**](DeviceApi.md#GetDevice) | **Get** /api/v1/devices/{deviceId} | Retrieve a Device
+[**ListDevices**](DeviceApi.md#ListDevices) | **Get** /api/v1/devices | List all Devices
+[**SuspendDevice**](DeviceApi.md#SuspendDevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/suspend | Suspend a Device
+[**UnsuspendDevice**](DeviceApi.md#UnsuspendDevice) | **Post** /api/v1/devices/{deviceId}/lifecycle/unsuspend | Unsuspend a Device
+
+
+
+## ActivateDevice
+
+> ActivateDevice(ctx, deviceId).Execute()
+
+Activate a Device
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceId := "guo4a5u7JHHhjXrMK0g4" // string | `id` of the device
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceApi.ActivateDevice(context.Background(), deviceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceApi.ActivateDevice``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceId** | **string** | &#x60;id&#x60; of the device | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateDeviceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateDevice
+
+> DeactivateDevice(ctx, deviceId).Execute()
+
+Deactivate a Device
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceId := "guo4a5u7JHHhjXrMK0g4" // string | `id` of the device
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceApi.DeactivateDevice(context.Background(), deviceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceApi.DeactivateDevice``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceId** | **string** | &#x60;id&#x60; of the device | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateDeviceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteDevice
+
+> DeleteDevice(ctx, deviceId).Execute()
+
+Delete a Device
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceId := "guo4a5u7JHHhjXrMK0g4" // string | `id` of the device
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceApi.DeleteDevice(context.Background(), deviceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceApi.DeleteDevice``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceId** | **string** | &#x60;id&#x60; of the device | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteDeviceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetDevice
+
+> Device GetDevice(ctx, deviceId).Execute()
+
+Retrieve a Device
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceId := "guo4a5u7JHHhjXrMK0g4" // string | `id` of the device
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceApi.GetDevice(context.Background(), deviceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceApi.GetDevice``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetDevice`: Device
+    fmt.Fprintf(os.Stdout, "Response from `DeviceApi.GetDevice`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceId** | **string** | &#x60;id&#x60; of the device | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetDeviceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Device**](Device.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListDevices
+
+> []Device ListDevices(ctx).After(after).Limit(limit).Search(search).Execute()
+
+List all Devices
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+    limit := int32(56) // int32 | A limit on the number of objects to return. (optional) (default to 20)
+    search := "status eq "ACTIVE"" // string | SCIM filter expression that filters the results. Searches include all Device `profile` properties, as well as the Device `id`, `status` and `lastUpdated` properties. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceApi.ListDevices(context.Background()).After(after).Limit(limit).Search(search).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceApi.ListDevices``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListDevices`: []Device
+    fmt.Fprintf(os.Stdout, "Response from `DeviceApi.ListDevices`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListDevicesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+ **limit** | **int32** | A limit on the number of objects to return. | [default to 20]
+ **search** | **string** | SCIM filter expression that filters the results. Searches include all Device &#x60;profile&#x60; properties, as well as the Device &#x60;id&#x60;, &#x60;status&#x60; and &#x60;lastUpdated&#x60; properties. | 
+
+### Return type
+
+[**[]Device**](Device.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## SuspendDevice
+
+> SuspendDevice(ctx, deviceId).Execute()
+
+Suspend a Device
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceId := "guo4a5u7JHHhjXrMK0g4" // string | `id` of the device
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceApi.SuspendDevice(context.Background(), deviceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceApi.SuspendDevice``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceId** | **string** | &#x60;id&#x60; of the device | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiSuspendDeviceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnsuspendDevice
+
+> UnsuspendDevice(ctx, deviceId).Execute()
+
+Unsuspend a Device
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceId := "guo4a5u7JHHhjXrMK0g4" // string | `id` of the device
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceApi.UnsuspendDevice(context.Background(), deviceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceApi.UnsuspendDevice``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceId** | **string** | &#x60;id&#x60; of the device | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnsuspendDeviceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/DeviceAssurance.md b/okta/docs/DeviceAssurance.md
new file mode 100644
index 000000000..441a6a5f8
--- /dev/null
+++ b/okta/docs/DeviceAssurance.md
@@ -0,0 +1,238 @@
+# DeviceAssurance
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CreatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**CreatedDate** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdatedDate** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** | Display name of the Device Assurance Policy | [optional] 
+**Platform** | Pointer to [**Platform**](Platform.md) |  | [optional] 
+**Links** | Pointer to [**LinksSelf**](LinksSelf.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssurance
+
+`func NewDeviceAssurance() *DeviceAssurance`
+
+NewDeviceAssurance instantiates a new DeviceAssurance object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceWithDefaults
+
+`func NewDeviceAssuranceWithDefaults() *DeviceAssurance`
+
+NewDeviceAssuranceWithDefaults instantiates a new DeviceAssurance object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreatedBy
+
+`func (o *DeviceAssurance) GetCreatedBy() string`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *DeviceAssurance) GetCreatedByOk() (*string, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *DeviceAssurance) SetCreatedBy(v string)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *DeviceAssurance) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetCreatedDate
+
+`func (o *DeviceAssurance) GetCreatedDate() string`
+
+GetCreatedDate returns the CreatedDate field if non-nil, zero value otherwise.
+
+### GetCreatedDateOk
+
+`func (o *DeviceAssurance) GetCreatedDateOk() (*string, bool)`
+
+GetCreatedDateOk returns a tuple with the CreatedDate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedDate
+
+`func (o *DeviceAssurance) SetCreatedDate(v string)`
+
+SetCreatedDate sets CreatedDate field to given value.
+
+### HasCreatedDate
+
+`func (o *DeviceAssurance) HasCreatedDate() bool`
+
+HasCreatedDate returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *DeviceAssurance) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *DeviceAssurance) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *DeviceAssurance) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *DeviceAssurance) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdatedBy
+
+`func (o *DeviceAssurance) GetLastUpdatedBy() string`
+
+GetLastUpdatedBy returns the LastUpdatedBy field if non-nil, zero value otherwise.
+
+### GetLastUpdatedByOk
+
+`func (o *DeviceAssurance) GetLastUpdatedByOk() (*string, bool)`
+
+GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedBy
+
+`func (o *DeviceAssurance) SetLastUpdatedBy(v string)`
+
+SetLastUpdatedBy sets LastUpdatedBy field to given value.
+
+### HasLastUpdatedBy
+
+`func (o *DeviceAssurance) HasLastUpdatedBy() bool`
+
+HasLastUpdatedBy returns a boolean if a field has been set.
+
+### GetLastUpdatedDate
+
+`func (o *DeviceAssurance) GetLastUpdatedDate() string`
+
+GetLastUpdatedDate returns the LastUpdatedDate field if non-nil, zero value otherwise.
+
+### GetLastUpdatedDateOk
+
+`func (o *DeviceAssurance) GetLastUpdatedDateOk() (*string, bool)`
+
+GetLastUpdatedDateOk returns a tuple with the LastUpdatedDate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedDate
+
+`func (o *DeviceAssurance) SetLastUpdatedDate(v string)`
+
+SetLastUpdatedDate sets LastUpdatedDate field to given value.
+
+### HasLastUpdatedDate
+
+`func (o *DeviceAssurance) HasLastUpdatedDate() bool`
+
+HasLastUpdatedDate returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *DeviceAssurance) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *DeviceAssurance) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *DeviceAssurance) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *DeviceAssurance) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *DeviceAssurance) GetPlatform() Platform`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *DeviceAssurance) GetPlatformOk() (*Platform, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *DeviceAssurance) SetPlatform(v Platform)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *DeviceAssurance) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *DeviceAssurance) GetLinks() LinksSelf`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *DeviceAssurance) GetLinksOk() (*LinksSelf, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *DeviceAssurance) SetLinks(v LinksSelf)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *DeviceAssurance) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceAndroidPlatform.md b/okta/docs/DeviceAssuranceAndroidPlatform.md
new file mode 100644
index 000000000..b68a1ada5
--- /dev/null
+++ b/okta/docs/DeviceAssuranceAndroidPlatform.md
@@ -0,0 +1,160 @@
+# DeviceAssuranceAndroidPlatform
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceAndroidPlatform
+
+`func NewDeviceAssuranceAndroidPlatform() *DeviceAssuranceAndroidPlatform`
+
+NewDeviceAssuranceAndroidPlatform instantiates a new DeviceAssuranceAndroidPlatform object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceAndroidPlatformWithDefaults
+
+`func NewDeviceAssuranceAndroidPlatformWithDefaults() *DeviceAssuranceAndroidPlatform`
+
+NewDeviceAssuranceAndroidPlatformWithDefaults instantiates a new DeviceAssuranceAndroidPlatform object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDiskEncryptionType
+
+`func (o *DeviceAssuranceAndroidPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *DeviceAssuranceAndroidPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *DeviceAssuranceAndroidPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *DeviceAssuranceAndroidPlatform) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *DeviceAssuranceAndroidPlatform) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *DeviceAssuranceAndroidPlatform) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *DeviceAssuranceAndroidPlatform) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *DeviceAssuranceAndroidPlatform) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceAssuranceAndroidPlatform) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceAssuranceAndroidPlatform) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceAssuranceAndroidPlatform) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceAssuranceAndroidPlatform) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *DeviceAssuranceAndroidPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *DeviceAssuranceAndroidPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *DeviceAssuranceAndroidPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *DeviceAssuranceAndroidPlatform) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceAssuranceAndroidPlatform) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceAssuranceAndroidPlatform) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceAssuranceAndroidPlatform) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceAssuranceAndroidPlatform) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceAndroidPlatformAllOf.md b/okta/docs/DeviceAssuranceAndroidPlatformAllOf.md
new file mode 100644
index 000000000..ff73fcbdf
--- /dev/null
+++ b/okta/docs/DeviceAssuranceAndroidPlatformAllOf.md
@@ -0,0 +1,160 @@
+# DeviceAssuranceAndroidPlatformAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceAndroidPlatformAllOf
+
+`func NewDeviceAssuranceAndroidPlatformAllOf() *DeviceAssuranceAndroidPlatformAllOf`
+
+NewDeviceAssuranceAndroidPlatformAllOf instantiates a new DeviceAssuranceAndroidPlatformAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceAndroidPlatformAllOfWithDefaults
+
+`func NewDeviceAssuranceAndroidPlatformAllOfWithDefaults() *DeviceAssuranceAndroidPlatformAllOf`
+
+NewDeviceAssuranceAndroidPlatformAllOfWithDefaults instantiates a new DeviceAssuranceAndroidPlatformAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDiskEncryptionType
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceAssuranceAndroidPlatformAllOf) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md b/okta/docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md
new file mode 100644
index 000000000..271c9b741
--- /dev/null
+++ b/okta/docs/DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md
@@ -0,0 +1,56 @@
+# DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | Pointer to [**[]DiskEncryptionType**](DiskEncryptionType.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+
+`func NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType() *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType instantiates a new DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionTypeWithDefaults
+
+`func NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionTypeWithDefaults() *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionTypeWithDefaults instantiates a new DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInclude
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) GetInclude() []DiskEncryptionType`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) GetIncludeOk() (*[]DiskEncryptionType, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) SetInclude(v []DiskEncryptionType)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceAndroidPlatformAllOfScreenLockType.md b/okta/docs/DeviceAssuranceAndroidPlatformAllOfScreenLockType.md
new file mode 100644
index 000000000..b9871d510
--- /dev/null
+++ b/okta/docs/DeviceAssuranceAndroidPlatformAllOfScreenLockType.md
@@ -0,0 +1,56 @@
+# DeviceAssuranceAndroidPlatformAllOfScreenLockType
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | Pointer to [**[]ScreenLockType**](ScreenLockType.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceAndroidPlatformAllOfScreenLockType
+
+`func NewDeviceAssuranceAndroidPlatformAllOfScreenLockType() *DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+NewDeviceAssuranceAndroidPlatformAllOfScreenLockType instantiates a new DeviceAssuranceAndroidPlatformAllOfScreenLockType object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceAndroidPlatformAllOfScreenLockTypeWithDefaults
+
+`func NewDeviceAssuranceAndroidPlatformAllOfScreenLockTypeWithDefaults() *DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+NewDeviceAssuranceAndroidPlatformAllOfScreenLockTypeWithDefaults instantiates a new DeviceAssuranceAndroidPlatformAllOfScreenLockType object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInclude
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) GetInclude() []ScreenLockType`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) GetIncludeOk() (*[]ScreenLockType, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) SetInclude(v []ScreenLockType)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceApi.md b/okta/docs/DeviceAssuranceApi.md
new file mode 100644
index 000000000..770ed438a
--- /dev/null
+++ b/okta/docs/DeviceAssuranceApi.md
@@ -0,0 +1,350 @@
+# \DeviceAssuranceApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateDeviceAssurancePolicy**](DeviceAssuranceApi.md#CreateDeviceAssurancePolicy) | **Post** /api/v1/device-assurances | Create a Device Assurance Policy
+[**DeleteDeviceAssurancePolicy**](DeviceAssuranceApi.md#DeleteDeviceAssurancePolicy) | **Delete** /api/v1/device-assurances/{deviceAssuranceId} | Delete a Device Assurance Policy
+[**GetDeviceAssurancePolicy**](DeviceAssuranceApi.md#GetDeviceAssurancePolicy) | **Get** /api/v1/device-assurances/{deviceAssuranceId} | Retrieve a Device Assurance Policy
+[**ListDeviceAssurancePolicies**](DeviceAssuranceApi.md#ListDeviceAssurancePolicies) | **Get** /api/v1/device-assurances | List all Device Assurance Policies
+[**ReplaceDeviceAssurancePolicy**](DeviceAssuranceApi.md#ReplaceDeviceAssurancePolicy) | **Put** /api/v1/device-assurances/{deviceAssuranceId} | Replace a Device Assurance Policy
+
+
+
+## CreateDeviceAssurancePolicy
+
+> ListDeviceAssurancePolicies200ResponseInner CreateDeviceAssurancePolicy(ctx).DeviceAssurance(deviceAssurance).Execute()
+
+Create a Device Assurance Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceAssurance := openapiclient.listDeviceAssurancePolicies_200_response_inner{DeviceAssuranceAndroidPlatform: openapiclient.NewDeviceAssuranceAndroidPlatform()} // ListDeviceAssurancePolicies200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceAssuranceApi.CreateDeviceAssurancePolicy(context.Background()).DeviceAssurance(deviceAssurance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceAssuranceApi.CreateDeviceAssurancePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateDeviceAssurancePolicy`: ListDeviceAssurancePolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `DeviceAssuranceApi.CreateDeviceAssurancePolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateDeviceAssurancePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **deviceAssurance** | [**ListDeviceAssurancePolicies200ResponseInner**](ListDeviceAssurancePolicies200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListDeviceAssurancePolicies200ResponseInner**](ListDeviceAssurancePolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteDeviceAssurancePolicy
+
+> DeleteDeviceAssurancePolicy(ctx, deviceAssuranceId).Execute()
+
+Delete a Device Assurance Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceAssuranceId := "deviceAssuranceId_example" // string | Id of the Device Assurance Policy
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(context.Background(), deviceAssuranceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceAssuranceApi.DeleteDeviceAssurancePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceAssuranceId** | **string** | Id of the Device Assurance Policy | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteDeviceAssurancePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetDeviceAssurancePolicy
+
+> ListDeviceAssurancePolicies200ResponseInner GetDeviceAssurancePolicy(ctx, deviceAssuranceId).Execute()
+
+Retrieve a Device Assurance Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceAssuranceId := "deviceAssuranceId_example" // string | Id of the Device Assurance Policy
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceAssuranceApi.GetDeviceAssurancePolicy(context.Background(), deviceAssuranceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceAssuranceApi.GetDeviceAssurancePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetDeviceAssurancePolicy`: ListDeviceAssurancePolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `DeviceAssuranceApi.GetDeviceAssurancePolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceAssuranceId** | **string** | Id of the Device Assurance Policy | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetDeviceAssurancePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListDeviceAssurancePolicies200ResponseInner**](ListDeviceAssurancePolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListDeviceAssurancePolicies
+
+> []ListDeviceAssurancePolicies200ResponseInner ListDeviceAssurancePolicies(ctx).Execute()
+
+List all Device Assurance Policies
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceAssuranceApi.ListDeviceAssurancePolicies(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceAssuranceApi.ListDeviceAssurancePolicies``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListDeviceAssurancePolicies`: []ListDeviceAssurancePolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `DeviceAssuranceApi.ListDeviceAssurancePolicies`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListDeviceAssurancePoliciesRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]ListDeviceAssurancePolicies200ResponseInner**](ListDeviceAssurancePolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceDeviceAssurancePolicy
+
+> ListDeviceAssurancePolicies200ResponseInner ReplaceDeviceAssurancePolicy(ctx, deviceAssuranceId).DeviceAssurance(deviceAssurance).Execute()
+
+Replace a Device Assurance Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    deviceAssuranceId := "deviceAssuranceId_example" // string | Id of the Device Assurance Policy
+    deviceAssurance := openapiclient.listDeviceAssurancePolicies_200_response_inner{DeviceAssuranceAndroidPlatform: openapiclient.NewDeviceAssuranceAndroidPlatform()} // ListDeviceAssurancePolicies200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(context.Background(), deviceAssuranceId).DeviceAssurance(deviceAssurance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DeviceAssuranceApi.ReplaceDeviceAssurancePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceDeviceAssurancePolicy`: ListDeviceAssurancePolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `DeviceAssuranceApi.ReplaceDeviceAssurancePolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**deviceAssuranceId** | **string** | Id of the Device Assurance Policy | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceDeviceAssurancePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **deviceAssurance** | [**ListDeviceAssurancePolicies200ResponseInner**](ListDeviceAssurancePolicies200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListDeviceAssurancePolicies200ResponseInner**](ListDeviceAssurancePolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/DeviceAssuranceChromeOSPlatform.md b/okta/docs/DeviceAssuranceChromeOSPlatform.md
new file mode 100644
index 000000000..5bb590962
--- /dev/null
+++ b/okta/docs/DeviceAssuranceChromeOSPlatform.md
@@ -0,0 +1,56 @@
+# DeviceAssuranceChromeOSPlatform
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ThirdPartySignalProviders** | Pointer to [**DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceChromeOSPlatform
+
+`func NewDeviceAssuranceChromeOSPlatform() *DeviceAssuranceChromeOSPlatform`
+
+NewDeviceAssuranceChromeOSPlatform instantiates a new DeviceAssuranceChromeOSPlatform object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceChromeOSPlatformWithDefaults
+
+`func NewDeviceAssuranceChromeOSPlatformWithDefaults() *DeviceAssuranceChromeOSPlatform`
+
+NewDeviceAssuranceChromeOSPlatformWithDefaults instantiates a new DeviceAssuranceChromeOSPlatform object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceChromeOSPlatform) GetThirdPartySignalProviders() DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders`
+
+GetThirdPartySignalProviders returns the ThirdPartySignalProviders field if non-nil, zero value otherwise.
+
+### GetThirdPartySignalProvidersOk
+
+`func (o *DeviceAssuranceChromeOSPlatform) GetThirdPartySignalProvidersOk() (*DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders, bool)`
+
+GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceChromeOSPlatform) SetThirdPartySignalProviders(v DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders)`
+
+SetThirdPartySignalProviders sets ThirdPartySignalProviders field to given value.
+
+### HasThirdPartySignalProviders
+
+`func (o *DeviceAssuranceChromeOSPlatform) HasThirdPartySignalProviders() bool`
+
+HasThirdPartySignalProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceChromeOSPlatformAllOf.md b/okta/docs/DeviceAssuranceChromeOSPlatformAllOf.md
new file mode 100644
index 000000000..eb7e2c04b
--- /dev/null
+++ b/okta/docs/DeviceAssuranceChromeOSPlatformAllOf.md
@@ -0,0 +1,56 @@
+# DeviceAssuranceChromeOSPlatformAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ThirdPartySignalProviders** | Pointer to [**DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceChromeOSPlatformAllOf
+
+`func NewDeviceAssuranceChromeOSPlatformAllOf() *DeviceAssuranceChromeOSPlatformAllOf`
+
+NewDeviceAssuranceChromeOSPlatformAllOf instantiates a new DeviceAssuranceChromeOSPlatformAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceChromeOSPlatformAllOfWithDefaults
+
+`func NewDeviceAssuranceChromeOSPlatformAllOfWithDefaults() *DeviceAssuranceChromeOSPlatformAllOf`
+
+NewDeviceAssuranceChromeOSPlatformAllOfWithDefaults instantiates a new DeviceAssuranceChromeOSPlatformAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOf) GetThirdPartySignalProviders() DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders`
+
+GetThirdPartySignalProviders returns the ThirdPartySignalProviders field if non-nil, zero value otherwise.
+
+### GetThirdPartySignalProvidersOk
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOf) GetThirdPartySignalProvidersOk() (*DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders, bool)`
+
+GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOf) SetThirdPartySignalProviders(v DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders)`
+
+SetThirdPartySignalProviders sets ThirdPartySignalProviders field to given value.
+
+### HasThirdPartySignalProviders
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOf) HasThirdPartySignalProviders() bool`
+
+HasThirdPartySignalProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.md b/okta/docs/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.md
new file mode 100644
index 000000000..7fe4d4990
--- /dev/null
+++ b/okta/docs/DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.md
@@ -0,0 +1,56 @@
+# DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Dtc** | Pointer to [**DTCChromeOS**](DTCChromeOS.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders
+
+`func NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders() *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders`
+
+NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders instantiates a new DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProvidersWithDefaults
+
+`func NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProvidersWithDefaults() *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders`
+
+NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProvidersWithDefaults instantiates a new DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDtc
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) GetDtc() DTCChromeOS`
+
+GetDtc returns the Dtc field if non-nil, zero value otherwise.
+
+### GetDtcOk
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) GetDtcOk() (*DTCChromeOS, bool)`
+
+GetDtcOk returns a tuple with the Dtc field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDtc
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) SetDtc(v DTCChromeOS)`
+
+SetDtc sets Dtc field to given value.
+
+### HasDtc
+
+`func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) HasDtc() bool`
+
+HasDtc returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceIOSPlatform.md b/okta/docs/DeviceAssuranceIOSPlatform.md
new file mode 100644
index 000000000..61d3aa83d
--- /dev/null
+++ b/okta/docs/DeviceAssuranceIOSPlatform.md
@@ -0,0 +1,160 @@
+# DeviceAssuranceIOSPlatform
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceIOSPlatform
+
+`func NewDeviceAssuranceIOSPlatform() *DeviceAssuranceIOSPlatform`
+
+NewDeviceAssuranceIOSPlatform instantiates a new DeviceAssuranceIOSPlatform object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceIOSPlatformWithDefaults
+
+`func NewDeviceAssuranceIOSPlatformWithDefaults() *DeviceAssuranceIOSPlatform`
+
+NewDeviceAssuranceIOSPlatformWithDefaults instantiates a new DeviceAssuranceIOSPlatform object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDiskEncryptionType
+
+`func (o *DeviceAssuranceIOSPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *DeviceAssuranceIOSPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *DeviceAssuranceIOSPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *DeviceAssuranceIOSPlatform) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *DeviceAssuranceIOSPlatform) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *DeviceAssuranceIOSPlatform) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *DeviceAssuranceIOSPlatform) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *DeviceAssuranceIOSPlatform) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceAssuranceIOSPlatform) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceAssuranceIOSPlatform) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceAssuranceIOSPlatform) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceAssuranceIOSPlatform) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *DeviceAssuranceIOSPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *DeviceAssuranceIOSPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *DeviceAssuranceIOSPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *DeviceAssuranceIOSPlatform) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceAssuranceIOSPlatform) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceAssuranceIOSPlatform) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceAssuranceIOSPlatform) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceAssuranceIOSPlatform) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceMacOSPlatform.md b/okta/docs/DeviceAssuranceMacOSPlatform.md
new file mode 100644
index 000000000..c957de0f7
--- /dev/null
+++ b/okta/docs/DeviceAssuranceMacOSPlatform.md
@@ -0,0 +1,186 @@
+# DeviceAssuranceMacOSPlatform
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+**ThirdPartySignalProviders** | Pointer to [**DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceMacOSPlatform
+
+`func NewDeviceAssuranceMacOSPlatform() *DeviceAssuranceMacOSPlatform`
+
+NewDeviceAssuranceMacOSPlatform instantiates a new DeviceAssuranceMacOSPlatform object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceMacOSPlatformWithDefaults
+
+`func NewDeviceAssuranceMacOSPlatformWithDefaults() *DeviceAssuranceMacOSPlatform`
+
+NewDeviceAssuranceMacOSPlatformWithDefaults instantiates a new DeviceAssuranceMacOSPlatform object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDiskEncryptionType
+
+`func (o *DeviceAssuranceMacOSPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *DeviceAssuranceMacOSPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *DeviceAssuranceMacOSPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *DeviceAssuranceMacOSPlatform) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *DeviceAssuranceMacOSPlatform) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *DeviceAssuranceMacOSPlatform) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *DeviceAssuranceMacOSPlatform) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *DeviceAssuranceMacOSPlatform) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceAssuranceMacOSPlatform) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceAssuranceMacOSPlatform) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceAssuranceMacOSPlatform) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceAssuranceMacOSPlatform) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *DeviceAssuranceMacOSPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *DeviceAssuranceMacOSPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *DeviceAssuranceMacOSPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *DeviceAssuranceMacOSPlatform) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceAssuranceMacOSPlatform) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceAssuranceMacOSPlatform) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceAssuranceMacOSPlatform) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceAssuranceMacOSPlatform) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+### GetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceMacOSPlatform) GetThirdPartySignalProviders() DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders`
+
+GetThirdPartySignalProviders returns the ThirdPartySignalProviders field if non-nil, zero value otherwise.
+
+### GetThirdPartySignalProvidersOk
+
+`func (o *DeviceAssuranceMacOSPlatform) GetThirdPartySignalProvidersOk() (*DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders, bool)`
+
+GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceMacOSPlatform) SetThirdPartySignalProviders(v DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders)`
+
+SetThirdPartySignalProviders sets ThirdPartySignalProviders field to given value.
+
+### HasThirdPartySignalProviders
+
+`func (o *DeviceAssuranceMacOSPlatform) HasThirdPartySignalProviders() bool`
+
+HasThirdPartySignalProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceMacOSPlatformAllOf.md b/okta/docs/DeviceAssuranceMacOSPlatformAllOf.md
new file mode 100644
index 000000000..65b3f3daf
--- /dev/null
+++ b/okta/docs/DeviceAssuranceMacOSPlatformAllOf.md
@@ -0,0 +1,186 @@
+# DeviceAssuranceMacOSPlatformAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+**ThirdPartySignalProviders** | Pointer to [**DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceMacOSPlatformAllOf
+
+`func NewDeviceAssuranceMacOSPlatformAllOf() *DeviceAssuranceMacOSPlatformAllOf`
+
+NewDeviceAssuranceMacOSPlatformAllOf instantiates a new DeviceAssuranceMacOSPlatformAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceMacOSPlatformAllOfWithDefaults
+
+`func NewDeviceAssuranceMacOSPlatformAllOfWithDefaults() *DeviceAssuranceMacOSPlatformAllOf`
+
+NewDeviceAssuranceMacOSPlatformAllOfWithDefaults instantiates a new DeviceAssuranceMacOSPlatformAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDiskEncryptionType
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+### GetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetThirdPartySignalProviders() DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders`
+
+GetThirdPartySignalProviders returns the ThirdPartySignalProviders field if non-nil, zero value otherwise.
+
+### GetThirdPartySignalProvidersOk
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) GetThirdPartySignalProvidersOk() (*DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders, bool)`
+
+GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) SetThirdPartySignalProviders(v DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders)`
+
+SetThirdPartySignalProviders sets ThirdPartySignalProviders field to given value.
+
+### HasThirdPartySignalProviders
+
+`func (o *DeviceAssuranceMacOSPlatformAllOf) HasThirdPartySignalProviders() bool`
+
+HasThirdPartySignalProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.md b/okta/docs/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.md
new file mode 100644
index 000000000..592a52985
--- /dev/null
+++ b/okta/docs/DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders.md
@@ -0,0 +1,56 @@
+# DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Dtc** | Pointer to [**DTCMacOS**](DTCMacOS.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders
+
+`func NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders() *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders`
+
+NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders instantiates a new DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProvidersWithDefaults
+
+`func NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProvidersWithDefaults() *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders`
+
+NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProvidersWithDefaults instantiates a new DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDtc
+
+`func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) GetDtc() DTCMacOS`
+
+GetDtc returns the Dtc field if non-nil, zero value otherwise.
+
+### GetDtcOk
+
+`func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) GetDtcOk() (*DTCMacOS, bool)`
+
+GetDtcOk returns a tuple with the Dtc field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDtc
+
+`func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) SetDtc(v DTCMacOS)`
+
+SetDtc sets Dtc field to given value.
+
+### HasDtc
+
+`func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) HasDtc() bool`
+
+HasDtc returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceWindowsPlatform.md b/okta/docs/DeviceAssuranceWindowsPlatform.md
new file mode 100644
index 000000000..4beb30c1c
--- /dev/null
+++ b/okta/docs/DeviceAssuranceWindowsPlatform.md
@@ -0,0 +1,186 @@
+# DeviceAssuranceWindowsPlatform
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+**ThirdPartySignalProviders** | Pointer to [**DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceWindowsPlatform
+
+`func NewDeviceAssuranceWindowsPlatform() *DeviceAssuranceWindowsPlatform`
+
+NewDeviceAssuranceWindowsPlatform instantiates a new DeviceAssuranceWindowsPlatform object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceWindowsPlatformWithDefaults
+
+`func NewDeviceAssuranceWindowsPlatformWithDefaults() *DeviceAssuranceWindowsPlatform`
+
+NewDeviceAssuranceWindowsPlatformWithDefaults instantiates a new DeviceAssuranceWindowsPlatform object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDiskEncryptionType
+
+`func (o *DeviceAssuranceWindowsPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *DeviceAssuranceWindowsPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *DeviceAssuranceWindowsPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *DeviceAssuranceWindowsPlatform) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *DeviceAssuranceWindowsPlatform) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *DeviceAssuranceWindowsPlatform) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *DeviceAssuranceWindowsPlatform) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *DeviceAssuranceWindowsPlatform) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceAssuranceWindowsPlatform) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceAssuranceWindowsPlatform) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceAssuranceWindowsPlatform) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceAssuranceWindowsPlatform) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *DeviceAssuranceWindowsPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *DeviceAssuranceWindowsPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *DeviceAssuranceWindowsPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *DeviceAssuranceWindowsPlatform) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceAssuranceWindowsPlatform) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceAssuranceWindowsPlatform) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceAssuranceWindowsPlatform) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceAssuranceWindowsPlatform) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+### GetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceWindowsPlatform) GetThirdPartySignalProviders() DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders`
+
+GetThirdPartySignalProviders returns the ThirdPartySignalProviders field if non-nil, zero value otherwise.
+
+### GetThirdPartySignalProvidersOk
+
+`func (o *DeviceAssuranceWindowsPlatform) GetThirdPartySignalProvidersOk() (*DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders, bool)`
+
+GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceWindowsPlatform) SetThirdPartySignalProviders(v DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders)`
+
+SetThirdPartySignalProviders sets ThirdPartySignalProviders field to given value.
+
+### HasThirdPartySignalProviders
+
+`func (o *DeviceAssuranceWindowsPlatform) HasThirdPartySignalProviders() bool`
+
+HasThirdPartySignalProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceWindowsPlatformAllOf.md b/okta/docs/DeviceAssuranceWindowsPlatformAllOf.md
new file mode 100644
index 000000000..00e3b5292
--- /dev/null
+++ b/okta/docs/DeviceAssuranceWindowsPlatformAllOf.md
@@ -0,0 +1,186 @@
+# DeviceAssuranceWindowsPlatformAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+**ThirdPartySignalProviders** | Pointer to [**DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceWindowsPlatformAllOf
+
+`func NewDeviceAssuranceWindowsPlatformAllOf() *DeviceAssuranceWindowsPlatformAllOf`
+
+NewDeviceAssuranceWindowsPlatformAllOf instantiates a new DeviceAssuranceWindowsPlatformAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceWindowsPlatformAllOfWithDefaults
+
+`func NewDeviceAssuranceWindowsPlatformAllOfWithDefaults() *DeviceAssuranceWindowsPlatformAllOf`
+
+NewDeviceAssuranceWindowsPlatformAllOfWithDefaults instantiates a new DeviceAssuranceWindowsPlatformAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDiskEncryptionType
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+### GetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetThirdPartySignalProviders() DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders`
+
+GetThirdPartySignalProviders returns the ThirdPartySignalProviders field if non-nil, zero value otherwise.
+
+### GetThirdPartySignalProvidersOk
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) GetThirdPartySignalProvidersOk() (*DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders, bool)`
+
+GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartySignalProviders
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) SetThirdPartySignalProviders(v DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders)`
+
+SetThirdPartySignalProviders sets ThirdPartySignalProviders field to given value.
+
+### HasThirdPartySignalProviders
+
+`func (o *DeviceAssuranceWindowsPlatformAllOf) HasThirdPartySignalProviders() bool`
+
+HasThirdPartySignalProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.md b/okta/docs/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.md
new file mode 100644
index 000000000..265061aa9
--- /dev/null
+++ b/okta/docs/DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders.md
@@ -0,0 +1,56 @@
+# DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Dtc** | Pointer to [**DTCWindows**](DTCWindows.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders
+
+`func NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders() *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders`
+
+NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders instantiates a new DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProvidersWithDefaults
+
+`func NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProvidersWithDefaults() *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders`
+
+NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProvidersWithDefaults instantiates a new DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDtc
+
+`func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) GetDtc() DTCWindows`
+
+GetDtc returns the Dtc field if non-nil, zero value otherwise.
+
+### GetDtcOk
+
+`func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) GetDtcOk() (*DTCWindows, bool)`
+
+GetDtcOk returns a tuple with the Dtc field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDtc
+
+`func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) SetDtc(v DTCWindows)`
+
+SetDtc sets Dtc field to given value.
+
+### HasDtc
+
+`func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) HasDtc() bool`
+
+HasDtc returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceDisplayName.md b/okta/docs/DeviceDisplayName.md
new file mode 100644
index 000000000..1cdb7884d
--- /dev/null
+++ b/okta/docs/DeviceDisplayName.md
@@ -0,0 +1,82 @@
+# DeviceDisplayName
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Sensitive** | Pointer to **bool** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewDeviceDisplayName
+
+`func NewDeviceDisplayName() *DeviceDisplayName`
+
+NewDeviceDisplayName instantiates a new DeviceDisplayName object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceDisplayNameWithDefaults
+
+`func NewDeviceDisplayNameWithDefaults() *DeviceDisplayName`
+
+NewDeviceDisplayNameWithDefaults instantiates a new DeviceDisplayName object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSensitive
+
+`func (o *DeviceDisplayName) GetSensitive() bool`
+
+GetSensitive returns the Sensitive field if non-nil, zero value otherwise.
+
+### GetSensitiveOk
+
+`func (o *DeviceDisplayName) GetSensitiveOk() (*bool, bool)`
+
+GetSensitiveOk returns a tuple with the Sensitive field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSensitive
+
+`func (o *DeviceDisplayName) SetSensitive(v bool)`
+
+SetSensitive sets Sensitive field to given value.
+
+### HasSensitive
+
+`func (o *DeviceDisplayName) HasSensitive() bool`
+
+HasSensitive returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *DeviceDisplayName) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *DeviceDisplayName) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *DeviceDisplayName) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *DeviceDisplayName) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceLinks.md b/okta/docs/DeviceLinks.md
new file mode 100644
index 000000000..3833995dc
--- /dev/null
+++ b/okta/docs/DeviceLinks.md
@@ -0,0 +1,186 @@
+# DeviceLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Users** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Activate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Deactivate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Suspend** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Unsuspend** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewDeviceLinks
+
+`func NewDeviceLinks() *DeviceLinks`
+
+NewDeviceLinks instantiates a new DeviceLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceLinksWithDefaults
+
+`func NewDeviceLinksWithDefaults() *DeviceLinks`
+
+NewDeviceLinksWithDefaults instantiates a new DeviceLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *DeviceLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *DeviceLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *DeviceLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *DeviceLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *DeviceLinks) GetUsers() HrefObject`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *DeviceLinks) GetUsersOk() (*HrefObject, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *DeviceLinks) SetUsers(v HrefObject)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *DeviceLinks) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetActivate
+
+`func (o *DeviceLinks) GetActivate() HrefObject`
+
+GetActivate returns the Activate field if non-nil, zero value otherwise.
+
+### GetActivateOk
+
+`func (o *DeviceLinks) GetActivateOk() (*HrefObject, bool)`
+
+GetActivateOk returns a tuple with the Activate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivate
+
+`func (o *DeviceLinks) SetActivate(v HrefObject)`
+
+SetActivate sets Activate field to given value.
+
+### HasActivate
+
+`func (o *DeviceLinks) HasActivate() bool`
+
+HasActivate returns a boolean if a field has been set.
+
+### GetDeactivate
+
+`func (o *DeviceLinks) GetDeactivate() HrefObject`
+
+GetDeactivate returns the Deactivate field if non-nil, zero value otherwise.
+
+### GetDeactivateOk
+
+`func (o *DeviceLinks) GetDeactivateOk() (*HrefObject, bool)`
+
+GetDeactivateOk returns a tuple with the Deactivate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeactivate
+
+`func (o *DeviceLinks) SetDeactivate(v HrefObject)`
+
+SetDeactivate sets Deactivate field to given value.
+
+### HasDeactivate
+
+`func (o *DeviceLinks) HasDeactivate() bool`
+
+HasDeactivate returns a boolean if a field has been set.
+
+### GetSuspend
+
+`func (o *DeviceLinks) GetSuspend() HrefObject`
+
+GetSuspend returns the Suspend field if non-nil, zero value otherwise.
+
+### GetSuspendOk
+
+`func (o *DeviceLinks) GetSuspendOk() (*HrefObject, bool)`
+
+GetSuspendOk returns a tuple with the Suspend field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSuspend
+
+`func (o *DeviceLinks) SetSuspend(v HrefObject)`
+
+SetSuspend sets Suspend field to given value.
+
+### HasSuspend
+
+`func (o *DeviceLinks) HasSuspend() bool`
+
+HasSuspend returns a boolean if a field has been set.
+
+### GetUnsuspend
+
+`func (o *DeviceLinks) GetUnsuspend() HrefObject`
+
+GetUnsuspend returns the Unsuspend field if non-nil, zero value otherwise.
+
+### GetUnsuspendOk
+
+`func (o *DeviceLinks) GetUnsuspendOk() (*HrefObject, bool)`
+
+GetUnsuspendOk returns a tuple with the Unsuspend field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnsuspend
+
+`func (o *DeviceLinks) SetUnsuspend(v HrefObject)`
+
+SetUnsuspend sets Unsuspend field to given value.
+
+### HasUnsuspend
+
+`func (o *DeviceLinks) HasUnsuspend() bool`
+
+HasUnsuspend returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DevicePlatform.md b/okta/docs/DevicePlatform.md
new file mode 100644
index 000000000..c85902546
--- /dev/null
+++ b/okta/docs/DevicePlatform.md
@@ -0,0 +1,17 @@
+# DevicePlatform
+
+## Enum
+
+
+* `ANDROID` (value: `"ANDROID"`)
+
+* `IOS` (value: `"IOS"`)
+
+* `MACOS` (value: `"MACOS"`)
+
+* `WINDOWS` (value: `"WINDOWS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DevicePolicyMDMFramework.md b/okta/docs/DevicePolicyMDMFramework.md
new file mode 100644
index 000000000..96c8e528b
--- /dev/null
+++ b/okta/docs/DevicePolicyMDMFramework.md
@@ -0,0 +1,15 @@
+# DevicePolicyMDMFramework
+
+## Enum
+
+
+* `AFW` (value: `"AFW"`)
+
+* `NATIVE` (value: `"NATIVE"`)
+
+* `SAFE` (value: `"SAFE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DevicePolicyPlatformType.md b/okta/docs/DevicePolicyPlatformType.md
new file mode 100644
index 000000000..4cbb82109
--- /dev/null
+++ b/okta/docs/DevicePolicyPlatformType.md
@@ -0,0 +1,17 @@
+# DevicePolicyPlatformType
+
+## Enum
+
+
+* `ANDROID` (value: `"ANDROID"`)
+
+* `IOS` (value: `"IOS"`)
+
+* `OSX` (value: `"OSX"`)
+
+* `WINDOWS` (value: `"WINDOWS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DevicePolicyRuleCondition.md b/okta/docs/DevicePolicyRuleCondition.md
new file mode 100644
index 000000000..8f61f3ba6
--- /dev/null
+++ b/okta/docs/DevicePolicyRuleCondition.md
@@ -0,0 +1,134 @@
+# DevicePolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Migrated** | Pointer to **bool** |  | [optional] 
+**Platform** | Pointer to [**DevicePolicyRuleConditionPlatform**](DevicePolicyRuleConditionPlatform.md) |  | [optional] 
+**Rooted** | Pointer to **bool** |  | [optional] 
+**TrustLevel** | Pointer to [**DevicePolicyTrustLevel**](DevicePolicyTrustLevel.md) |  | [optional] 
+
+## Methods
+
+### NewDevicePolicyRuleCondition
+
+`func NewDevicePolicyRuleCondition() *DevicePolicyRuleCondition`
+
+NewDevicePolicyRuleCondition instantiates a new DevicePolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDevicePolicyRuleConditionWithDefaults
+
+`func NewDevicePolicyRuleConditionWithDefaults() *DevicePolicyRuleCondition`
+
+NewDevicePolicyRuleConditionWithDefaults instantiates a new DevicePolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMigrated
+
+`func (o *DevicePolicyRuleCondition) GetMigrated() bool`
+
+GetMigrated returns the Migrated field if non-nil, zero value otherwise.
+
+### GetMigratedOk
+
+`func (o *DevicePolicyRuleCondition) GetMigratedOk() (*bool, bool)`
+
+GetMigratedOk returns a tuple with the Migrated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMigrated
+
+`func (o *DevicePolicyRuleCondition) SetMigrated(v bool)`
+
+SetMigrated sets Migrated field to given value.
+
+### HasMigrated
+
+`func (o *DevicePolicyRuleCondition) HasMigrated() bool`
+
+HasMigrated returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *DevicePolicyRuleCondition) GetPlatform() DevicePolicyRuleConditionPlatform`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *DevicePolicyRuleCondition) GetPlatformOk() (*DevicePolicyRuleConditionPlatform, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *DevicePolicyRuleCondition) SetPlatform(v DevicePolicyRuleConditionPlatform)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *DevicePolicyRuleCondition) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRooted
+
+`func (o *DevicePolicyRuleCondition) GetRooted() bool`
+
+GetRooted returns the Rooted field if non-nil, zero value otherwise.
+
+### GetRootedOk
+
+`func (o *DevicePolicyRuleCondition) GetRootedOk() (*bool, bool)`
+
+GetRootedOk returns a tuple with the Rooted field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRooted
+
+`func (o *DevicePolicyRuleCondition) SetRooted(v bool)`
+
+SetRooted sets Rooted field to given value.
+
+### HasRooted
+
+`func (o *DevicePolicyRuleCondition) HasRooted() bool`
+
+HasRooted returns a boolean if a field has been set.
+
+### GetTrustLevel
+
+`func (o *DevicePolicyRuleCondition) GetTrustLevel() DevicePolicyTrustLevel`
+
+GetTrustLevel returns the TrustLevel field if non-nil, zero value otherwise.
+
+### GetTrustLevelOk
+
+`func (o *DevicePolicyRuleCondition) GetTrustLevelOk() (*DevicePolicyTrustLevel, bool)`
+
+GetTrustLevelOk returns a tuple with the TrustLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTrustLevel
+
+`func (o *DevicePolicyRuleCondition) SetTrustLevel(v DevicePolicyTrustLevel)`
+
+SetTrustLevel sets TrustLevel field to given value.
+
+### HasTrustLevel
+
+`func (o *DevicePolicyRuleCondition) HasTrustLevel() bool`
+
+HasTrustLevel returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DevicePolicyRuleConditionPlatform.md b/okta/docs/DevicePolicyRuleConditionPlatform.md
new file mode 100644
index 000000000..20e0a9969
--- /dev/null
+++ b/okta/docs/DevicePolicyRuleConditionPlatform.md
@@ -0,0 +1,82 @@
+# DevicePolicyRuleConditionPlatform
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SupportedMDMFrameworks** | Pointer to [**[]DevicePolicyMDMFramework**](DevicePolicyMDMFramework.md) |  | [optional] 
+**Types** | Pointer to [**[]DevicePolicyPlatformType**](DevicePolicyPlatformType.md) |  | [optional] 
+
+## Methods
+
+### NewDevicePolicyRuleConditionPlatform
+
+`func NewDevicePolicyRuleConditionPlatform() *DevicePolicyRuleConditionPlatform`
+
+NewDevicePolicyRuleConditionPlatform instantiates a new DevicePolicyRuleConditionPlatform object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDevicePolicyRuleConditionPlatformWithDefaults
+
+`func NewDevicePolicyRuleConditionPlatformWithDefaults() *DevicePolicyRuleConditionPlatform`
+
+NewDevicePolicyRuleConditionPlatformWithDefaults instantiates a new DevicePolicyRuleConditionPlatform object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSupportedMDMFrameworks
+
+`func (o *DevicePolicyRuleConditionPlatform) GetSupportedMDMFrameworks() []DevicePolicyMDMFramework`
+
+GetSupportedMDMFrameworks returns the SupportedMDMFrameworks field if non-nil, zero value otherwise.
+
+### GetSupportedMDMFrameworksOk
+
+`func (o *DevicePolicyRuleConditionPlatform) GetSupportedMDMFrameworksOk() (*[]DevicePolicyMDMFramework, bool)`
+
+GetSupportedMDMFrameworksOk returns a tuple with the SupportedMDMFrameworks field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSupportedMDMFrameworks
+
+`func (o *DevicePolicyRuleConditionPlatform) SetSupportedMDMFrameworks(v []DevicePolicyMDMFramework)`
+
+SetSupportedMDMFrameworks sets SupportedMDMFrameworks field to given value.
+
+### HasSupportedMDMFrameworks
+
+`func (o *DevicePolicyRuleConditionPlatform) HasSupportedMDMFrameworks() bool`
+
+HasSupportedMDMFrameworks returns a boolean if a field has been set.
+
+### GetTypes
+
+`func (o *DevicePolicyRuleConditionPlatform) GetTypes() []DevicePolicyPlatformType`
+
+GetTypes returns the Types field if non-nil, zero value otherwise.
+
+### GetTypesOk
+
+`func (o *DevicePolicyRuleConditionPlatform) GetTypesOk() (*[]DevicePolicyPlatformType, bool)`
+
+GetTypesOk returns a tuple with the Types field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTypes
+
+`func (o *DevicePolicyRuleConditionPlatform) SetTypes(v []DevicePolicyPlatformType)`
+
+SetTypes sets Types field to given value.
+
+### HasTypes
+
+`func (o *DevicePolicyRuleConditionPlatform) HasTypes() bool`
+
+HasTypes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DevicePolicyTrustLevel.md b/okta/docs/DevicePolicyTrustLevel.md
new file mode 100644
index 000000000..d5347b9d7
--- /dev/null
+++ b/okta/docs/DevicePolicyTrustLevel.md
@@ -0,0 +1,13 @@
+# DevicePolicyTrustLevel
+
+## Enum
+
+
+* `ANY` (value: `"ANY"`)
+
+* `TRUSTED` (value: `"TRUSTED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceProfile.md b/okta/docs/DeviceProfile.md
new file mode 100644
index 000000000..8d82568dd
--- /dev/null
+++ b/okta/docs/DeviceProfile.md
@@ -0,0 +1,353 @@
+# DeviceProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DisplayName** | **string** | Display name of the device | 
+**Imei** | Pointer to **string** | International Mobile Equipment Identity of the device | [optional] 
+**Manufacturer** | Pointer to **string** | Name of the manufacturer of the device | [optional] 
+**Meid** | Pointer to **string** | Mobile equipment identifier of the device | [optional] 
+**Model** | Pointer to **string** | Model of the device | [optional] 
+**OsVersion** | Pointer to **string** | Version of the device OS | [optional] 
+**Platform** | [**DevicePlatform**](DevicePlatform.md) |  | 
+**Registered** | **bool** | Indicates if the device is registered at Okta | 
+**SecureHardwarePresent** | Pointer to **bool** | Indicates if the device constains a secure hardware functionality | [optional] 
+**SerialNumber** | Pointer to **string** | Serial number of the device | [optional] 
+**Sid** | Pointer to **string** | Windows Security identifier of the device | [optional] 
+**TpmPublicKeyHash** | Pointer to **string** | Windows Trsted Platform Module hash value | [optional] 
+**Udid** | Pointer to **string** | macOS Unique Device identifier of the device | [optional] 
+
+## Methods
+
+### NewDeviceProfile
+
+`func NewDeviceProfile(displayName string, platform DevicePlatform, registered bool, ) *DeviceProfile`
+
+NewDeviceProfile instantiates a new DeviceProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceProfileWithDefaults
+
+`func NewDeviceProfileWithDefaults() *DeviceProfile`
+
+NewDeviceProfileWithDefaults instantiates a new DeviceProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDisplayName
+
+`func (o *DeviceProfile) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *DeviceProfile) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *DeviceProfile) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+
+### GetImei
+
+`func (o *DeviceProfile) GetImei() string`
+
+GetImei returns the Imei field if non-nil, zero value otherwise.
+
+### GetImeiOk
+
+`func (o *DeviceProfile) GetImeiOk() (*string, bool)`
+
+GetImeiOk returns a tuple with the Imei field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImei
+
+`func (o *DeviceProfile) SetImei(v string)`
+
+SetImei sets Imei field to given value.
+
+### HasImei
+
+`func (o *DeviceProfile) HasImei() bool`
+
+HasImei returns a boolean if a field has been set.
+
+### GetManufacturer
+
+`func (o *DeviceProfile) GetManufacturer() string`
+
+GetManufacturer returns the Manufacturer field if non-nil, zero value otherwise.
+
+### GetManufacturerOk
+
+`func (o *DeviceProfile) GetManufacturerOk() (*string, bool)`
+
+GetManufacturerOk returns a tuple with the Manufacturer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetManufacturer
+
+`func (o *DeviceProfile) SetManufacturer(v string)`
+
+SetManufacturer sets Manufacturer field to given value.
+
+### HasManufacturer
+
+`func (o *DeviceProfile) HasManufacturer() bool`
+
+HasManufacturer returns a boolean if a field has been set.
+
+### GetMeid
+
+`func (o *DeviceProfile) GetMeid() string`
+
+GetMeid returns the Meid field if non-nil, zero value otherwise.
+
+### GetMeidOk
+
+`func (o *DeviceProfile) GetMeidOk() (*string, bool)`
+
+GetMeidOk returns a tuple with the Meid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMeid
+
+`func (o *DeviceProfile) SetMeid(v string)`
+
+SetMeid sets Meid field to given value.
+
+### HasMeid
+
+`func (o *DeviceProfile) HasMeid() bool`
+
+HasMeid returns a boolean if a field has been set.
+
+### GetModel
+
+`func (o *DeviceProfile) GetModel() string`
+
+GetModel returns the Model field if non-nil, zero value otherwise.
+
+### GetModelOk
+
+`func (o *DeviceProfile) GetModelOk() (*string, bool)`
+
+GetModelOk returns a tuple with the Model field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetModel
+
+`func (o *DeviceProfile) SetModel(v string)`
+
+SetModel sets Model field to given value.
+
+### HasModel
+
+`func (o *DeviceProfile) HasModel() bool`
+
+HasModel returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *DeviceProfile) GetOsVersion() string`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *DeviceProfile) GetOsVersionOk() (*string, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *DeviceProfile) SetOsVersion(v string)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *DeviceProfile) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *DeviceProfile) GetPlatform() DevicePlatform`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *DeviceProfile) GetPlatformOk() (*DevicePlatform, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *DeviceProfile) SetPlatform(v DevicePlatform)`
+
+SetPlatform sets Platform field to given value.
+
+
+### GetRegistered
+
+`func (o *DeviceProfile) GetRegistered() bool`
+
+GetRegistered returns the Registered field if non-nil, zero value otherwise.
+
+### GetRegisteredOk
+
+`func (o *DeviceProfile) GetRegisteredOk() (*bool, bool)`
+
+GetRegisteredOk returns a tuple with the Registered field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegistered
+
+`func (o *DeviceProfile) SetRegistered(v bool)`
+
+SetRegistered sets Registered field to given value.
+
+
+### GetSecureHardwarePresent
+
+`func (o *DeviceProfile) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *DeviceProfile) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *DeviceProfile) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *DeviceProfile) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+### GetSerialNumber
+
+`func (o *DeviceProfile) GetSerialNumber() string`
+
+GetSerialNumber returns the SerialNumber field if non-nil, zero value otherwise.
+
+### GetSerialNumberOk
+
+`func (o *DeviceProfile) GetSerialNumberOk() (*string, bool)`
+
+GetSerialNumberOk returns a tuple with the SerialNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSerialNumber
+
+`func (o *DeviceProfile) SetSerialNumber(v string)`
+
+SetSerialNumber sets SerialNumber field to given value.
+
+### HasSerialNumber
+
+`func (o *DeviceProfile) HasSerialNumber() bool`
+
+HasSerialNumber returns a boolean if a field has been set.
+
+### GetSid
+
+`func (o *DeviceProfile) GetSid() string`
+
+GetSid returns the Sid field if non-nil, zero value otherwise.
+
+### GetSidOk
+
+`func (o *DeviceProfile) GetSidOk() (*string, bool)`
+
+GetSidOk returns a tuple with the Sid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSid
+
+`func (o *DeviceProfile) SetSid(v string)`
+
+SetSid sets Sid field to given value.
+
+### HasSid
+
+`func (o *DeviceProfile) HasSid() bool`
+
+HasSid returns a boolean if a field has been set.
+
+### GetTpmPublicKeyHash
+
+`func (o *DeviceProfile) GetTpmPublicKeyHash() string`
+
+GetTpmPublicKeyHash returns the TpmPublicKeyHash field if non-nil, zero value otherwise.
+
+### GetTpmPublicKeyHashOk
+
+`func (o *DeviceProfile) GetTpmPublicKeyHashOk() (*string, bool)`
+
+GetTpmPublicKeyHashOk returns a tuple with the TpmPublicKeyHash field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTpmPublicKeyHash
+
+`func (o *DeviceProfile) SetTpmPublicKeyHash(v string)`
+
+SetTpmPublicKeyHash sets TpmPublicKeyHash field to given value.
+
+### HasTpmPublicKeyHash
+
+`func (o *DeviceProfile) HasTpmPublicKeyHash() bool`
+
+HasTpmPublicKeyHash returns a boolean if a field has been set.
+
+### GetUdid
+
+`func (o *DeviceProfile) GetUdid() string`
+
+GetUdid returns the Udid field if non-nil, zero value otherwise.
+
+### GetUdidOk
+
+`func (o *DeviceProfile) GetUdidOk() (*string, bool)`
+
+GetUdidOk returns a tuple with the Udid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUdid
+
+`func (o *DeviceProfile) SetUdid(v string)`
+
+SetUdid sets Udid field to given value.
+
+### HasUdid
+
+`func (o *DeviceProfile) HasUdid() bool`
+
+HasUdid returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DeviceStatus.md b/okta/docs/DeviceStatus.md
new file mode 100644
index 000000000..7c5d5e77b
--- /dev/null
+++ b/okta/docs/DeviceStatus.md
@@ -0,0 +1,17 @@
+# DeviceStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `CREATED` (value: `"CREATED"`)
+
+* `DEACTIVATED` (value: `"DEACTIVATED"`)
+
+* `SUSPENDED` (value: `"SUSPENDED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DiskEncryptionType.md b/okta/docs/DiskEncryptionType.md
new file mode 100644
index 000000000..f3abc437e
--- /dev/null
+++ b/okta/docs/DiskEncryptionType.md
@@ -0,0 +1,15 @@
+# DiskEncryptionType
+
+## Enum
+
+
+* `ALL_INTERNAL_VOLUMES` (value: `"ALL_INTERNAL_VOLUMES"`)
+
+* `FULL` (value: `"FULL"`)
+
+* `USER` (value: `"USER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Domain.md b/okta/docs/Domain.md
new file mode 100644
index 000000000..2a9bd3f0d
--- /dev/null
+++ b/okta/docs/Domain.md
@@ -0,0 +1,212 @@
+# Domain
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BrandId** | Pointer to **string** |  | [optional] 
+**CertificateSourceType** | Pointer to [**DomainCertificateSourceType**](DomainCertificateSourceType.md) |  | [optional] 
+**DnsRecords** | Pointer to [**[]DNSRecord**](DNSRecord.md) |  | [optional] 
+**Domain** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] 
+**PublicCertificate** | Pointer to [**DomainCertificateMetadata**](DomainCertificateMetadata.md) |  | [optional] 
+**ValidationStatus** | Pointer to [**DomainValidationStatus**](DomainValidationStatus.md) |  | [optional] 
+
+## Methods
+
+### NewDomain
+
+`func NewDomain() *Domain`
+
+NewDomain instantiates a new Domain object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDomainWithDefaults
+
+`func NewDomainWithDefaults() *Domain`
+
+NewDomainWithDefaults instantiates a new Domain object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrandId
+
+`func (o *Domain) GetBrandId() string`
+
+GetBrandId returns the BrandId field if non-nil, zero value otherwise.
+
+### GetBrandIdOk
+
+`func (o *Domain) GetBrandIdOk() (*string, bool)`
+
+GetBrandIdOk returns a tuple with the BrandId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrandId
+
+`func (o *Domain) SetBrandId(v string)`
+
+SetBrandId sets BrandId field to given value.
+
+### HasBrandId
+
+`func (o *Domain) HasBrandId() bool`
+
+HasBrandId returns a boolean if a field has been set.
+
+### GetCertificateSourceType
+
+`func (o *Domain) GetCertificateSourceType() DomainCertificateSourceType`
+
+GetCertificateSourceType returns the CertificateSourceType field if non-nil, zero value otherwise.
+
+### GetCertificateSourceTypeOk
+
+`func (o *Domain) GetCertificateSourceTypeOk() (*DomainCertificateSourceType, bool)`
+
+GetCertificateSourceTypeOk returns a tuple with the CertificateSourceType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCertificateSourceType
+
+`func (o *Domain) SetCertificateSourceType(v DomainCertificateSourceType)`
+
+SetCertificateSourceType sets CertificateSourceType field to given value.
+
+### HasCertificateSourceType
+
+`func (o *Domain) HasCertificateSourceType() bool`
+
+HasCertificateSourceType returns a boolean if a field has been set.
+
+### GetDnsRecords
+
+`func (o *Domain) GetDnsRecords() []DNSRecord`
+
+GetDnsRecords returns the DnsRecords field if non-nil, zero value otherwise.
+
+### GetDnsRecordsOk
+
+`func (o *Domain) GetDnsRecordsOk() (*[]DNSRecord, bool)`
+
+GetDnsRecordsOk returns a tuple with the DnsRecords field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDnsRecords
+
+`func (o *Domain) SetDnsRecords(v []DNSRecord)`
+
+SetDnsRecords sets DnsRecords field to given value.
+
+### HasDnsRecords
+
+`func (o *Domain) HasDnsRecords() bool`
+
+HasDnsRecords returns a boolean if a field has been set.
+
+### GetDomain
+
+`func (o *Domain) GetDomain() string`
+
+GetDomain returns the Domain field if non-nil, zero value otherwise.
+
+### GetDomainOk
+
+`func (o *Domain) GetDomainOk() (*string, bool)`
+
+GetDomainOk returns a tuple with the Domain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomain
+
+`func (o *Domain) SetDomain(v string)`
+
+SetDomain sets Domain field to given value.
+
+### HasDomain
+
+`func (o *Domain) HasDomain() bool`
+
+HasDomain returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Domain) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Domain) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Domain) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Domain) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetPublicCertificate
+
+`func (o *Domain) GetPublicCertificate() DomainCertificateMetadata`
+
+GetPublicCertificate returns the PublicCertificate field if non-nil, zero value otherwise.
+
+### GetPublicCertificateOk
+
+`func (o *Domain) GetPublicCertificateOk() (*DomainCertificateMetadata, bool)`
+
+GetPublicCertificateOk returns a tuple with the PublicCertificate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPublicCertificate
+
+`func (o *Domain) SetPublicCertificate(v DomainCertificateMetadata)`
+
+SetPublicCertificate sets PublicCertificate field to given value.
+
+### HasPublicCertificate
+
+`func (o *Domain) HasPublicCertificate() bool`
+
+HasPublicCertificate returns a boolean if a field has been set.
+
+### GetValidationStatus
+
+`func (o *Domain) GetValidationStatus() DomainValidationStatus`
+
+GetValidationStatus returns the ValidationStatus field if non-nil, zero value otherwise.
+
+### GetValidationStatusOk
+
+`func (o *Domain) GetValidationStatusOk() (*DomainValidationStatus, bool)`
+
+GetValidationStatusOk returns a tuple with the ValidationStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValidationStatus
+
+`func (o *Domain) SetValidationStatus(v DomainValidationStatus)`
+
+SetValidationStatus sets ValidationStatus field to given value.
+
+### HasValidationStatus
+
+`func (o *Domain) HasValidationStatus() bool`
+
+HasValidationStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainApi.md b/okta/docs/DomainApi.md
new file mode 100644
index 000000000..a667bd130
--- /dev/null
+++ b/okta/docs/DomainApi.md
@@ -0,0 +1,492 @@
+# \DomainApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateDomain**](DomainApi.md#CreateDomain) | **Post** /api/v1/domains | Create a Domain
+[**DeleteDomain**](DomainApi.md#DeleteDomain) | **Delete** /api/v1/domains/{domainId} | Delete a Domain
+[**GetDomain**](DomainApi.md#GetDomain) | **Get** /api/v1/domains/{domainId} | Retrieve a Domain
+[**ListDomains**](DomainApi.md#ListDomains) | **Get** /api/v1/domains | List all Domains
+[**ReplaceDomain**](DomainApi.md#ReplaceDomain) | **Put** /api/v1/domains/{domainId} | Replace a Domain&#39;s brandId
+[**UpsertCertificate**](DomainApi.md#UpsertCertificate) | **Put** /api/v1/domains/{domainId}/certificate | Upsert the Certificate
+[**VerifyDomain**](DomainApi.md#VerifyDomain) | **Post** /api/v1/domains/{domainId}/verify | Verify a Domain
+
+
+
+## CreateDomain
+
+> DomainResponse CreateDomain(ctx).Domain(domain).Execute()
+
+Create a Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    domain := *openapiclient.NewDomain() // Domain | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DomainApi.CreateDomain(context.Background()).Domain(domain).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DomainApi.CreateDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateDomain`: DomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `DomainApi.CreateDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **domain** | [**Domain**](Domain.md) |  | 
+
+### Return type
+
+[**DomainResponse**](DomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteDomain
+
+> DeleteDomain(ctx, domainId).Execute()
+
+Delete a Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    domainId := "domainId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DomainApi.DeleteDomain(context.Background(), domainId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DomainApi.DeleteDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**domainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetDomain
+
+> DomainResponse GetDomain(ctx, domainId).Execute()
+
+Retrieve a Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    domainId := "domainId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DomainApi.GetDomain(context.Background(), domainId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DomainApi.GetDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetDomain`: DomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `DomainApi.GetDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**domainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**DomainResponse**](DomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListDomains
+
+> DomainListResponse ListDomains(ctx).Execute()
+
+List all Domains
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DomainApi.ListDomains(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DomainApi.ListDomains``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListDomains`: DomainListResponse
+    fmt.Fprintf(os.Stdout, "Response from `DomainApi.ListDomains`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListDomainsRequest struct via the builder pattern
+
+
+### Return type
+
+[**DomainListResponse**](DomainListResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceDomain
+
+> DomainResponse ReplaceDomain(ctx, domainId).UpdateDomain(updateDomain).Execute()
+
+Replace a Domain's brandId
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    domainId := "domainId_example" // string | 
+    updateDomain := *openapiclient.NewUpdateDomain() // UpdateDomain | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DomainApi.ReplaceDomain(context.Background(), domainId).UpdateDomain(updateDomain).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DomainApi.ReplaceDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceDomain`: DomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `DomainApi.ReplaceDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**domainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **updateDomain** | [**UpdateDomain**](UpdateDomain.md) |  | 
+
+### Return type
+
+[**DomainResponse**](DomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpsertCertificate
+
+> UpsertCertificate(ctx, domainId).Certificate(certificate).Execute()
+
+Upsert the Certificate
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    domainId := "domainId_example" // string | 
+    certificate := *openapiclient.NewDomainCertificate() // DomainCertificate | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DomainApi.UpsertCertificate(context.Background(), domainId).Certificate(certificate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DomainApi.UpsertCertificate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**domainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpsertCertificateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **certificate** | [**DomainCertificate**](DomainCertificate.md) |  | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## VerifyDomain
+
+> DomainResponse VerifyDomain(ctx, domainId).Execute()
+
+Verify a Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    domainId := "domainId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.DomainApi.VerifyDomain(context.Background(), domainId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `DomainApi.VerifyDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `VerifyDomain`: DomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `DomainApi.VerifyDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**domainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiVerifyDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**DomainResponse**](DomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/DomainCertificate.md b/okta/docs/DomainCertificate.md
new file mode 100644
index 000000000..488a1c195
--- /dev/null
+++ b/okta/docs/DomainCertificate.md
@@ -0,0 +1,134 @@
+# DomainCertificate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Certificate** | Pointer to **string** |  | [optional] 
+**CertificateChain** | Pointer to **string** |  | [optional] 
+**PrivateKey** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**DomainCertificateType**](DomainCertificateType.md) |  | [optional] 
+
+## Methods
+
+### NewDomainCertificate
+
+`func NewDomainCertificate() *DomainCertificate`
+
+NewDomainCertificate instantiates a new DomainCertificate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDomainCertificateWithDefaults
+
+`func NewDomainCertificateWithDefaults() *DomainCertificate`
+
+NewDomainCertificateWithDefaults instantiates a new DomainCertificate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCertificate
+
+`func (o *DomainCertificate) GetCertificate() string`
+
+GetCertificate returns the Certificate field if non-nil, zero value otherwise.
+
+### GetCertificateOk
+
+`func (o *DomainCertificate) GetCertificateOk() (*string, bool)`
+
+GetCertificateOk returns a tuple with the Certificate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCertificate
+
+`func (o *DomainCertificate) SetCertificate(v string)`
+
+SetCertificate sets Certificate field to given value.
+
+### HasCertificate
+
+`func (o *DomainCertificate) HasCertificate() bool`
+
+HasCertificate returns a boolean if a field has been set.
+
+### GetCertificateChain
+
+`func (o *DomainCertificate) GetCertificateChain() string`
+
+GetCertificateChain returns the CertificateChain field if non-nil, zero value otherwise.
+
+### GetCertificateChainOk
+
+`func (o *DomainCertificate) GetCertificateChainOk() (*string, bool)`
+
+GetCertificateChainOk returns a tuple with the CertificateChain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCertificateChain
+
+`func (o *DomainCertificate) SetCertificateChain(v string)`
+
+SetCertificateChain sets CertificateChain field to given value.
+
+### HasCertificateChain
+
+`func (o *DomainCertificate) HasCertificateChain() bool`
+
+HasCertificateChain returns a boolean if a field has been set.
+
+### GetPrivateKey
+
+`func (o *DomainCertificate) GetPrivateKey() string`
+
+GetPrivateKey returns the PrivateKey field if non-nil, zero value otherwise.
+
+### GetPrivateKeyOk
+
+`func (o *DomainCertificate) GetPrivateKeyOk() (*string, bool)`
+
+GetPrivateKeyOk returns a tuple with the PrivateKey field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrivateKey
+
+`func (o *DomainCertificate) SetPrivateKey(v string)`
+
+SetPrivateKey sets PrivateKey field to given value.
+
+### HasPrivateKey
+
+`func (o *DomainCertificate) HasPrivateKey() bool`
+
+HasPrivateKey returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *DomainCertificate) GetType() DomainCertificateType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *DomainCertificate) GetTypeOk() (*DomainCertificateType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *DomainCertificate) SetType(v DomainCertificateType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *DomainCertificate) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainCertificateMetadata.md b/okta/docs/DomainCertificateMetadata.md
new file mode 100644
index 000000000..17a64ad9a
--- /dev/null
+++ b/okta/docs/DomainCertificateMetadata.md
@@ -0,0 +1,108 @@
+# DomainCertificateMetadata
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expiration** | Pointer to **string** |  | [optional] 
+**Fingerprint** | Pointer to **string** |  | [optional] 
+**Subject** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewDomainCertificateMetadata
+
+`func NewDomainCertificateMetadata() *DomainCertificateMetadata`
+
+NewDomainCertificateMetadata instantiates a new DomainCertificateMetadata object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDomainCertificateMetadataWithDefaults
+
+`func NewDomainCertificateMetadataWithDefaults() *DomainCertificateMetadata`
+
+NewDomainCertificateMetadataWithDefaults instantiates a new DomainCertificateMetadata object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiration
+
+`func (o *DomainCertificateMetadata) GetExpiration() string`
+
+GetExpiration returns the Expiration field if non-nil, zero value otherwise.
+
+### GetExpirationOk
+
+`func (o *DomainCertificateMetadata) GetExpirationOk() (*string, bool)`
+
+GetExpirationOk returns a tuple with the Expiration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiration
+
+`func (o *DomainCertificateMetadata) SetExpiration(v string)`
+
+SetExpiration sets Expiration field to given value.
+
+### HasExpiration
+
+`func (o *DomainCertificateMetadata) HasExpiration() bool`
+
+HasExpiration returns a boolean if a field has been set.
+
+### GetFingerprint
+
+`func (o *DomainCertificateMetadata) GetFingerprint() string`
+
+GetFingerprint returns the Fingerprint field if non-nil, zero value otherwise.
+
+### GetFingerprintOk
+
+`func (o *DomainCertificateMetadata) GetFingerprintOk() (*string, bool)`
+
+GetFingerprintOk returns a tuple with the Fingerprint field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFingerprint
+
+`func (o *DomainCertificateMetadata) SetFingerprint(v string)`
+
+SetFingerprint sets Fingerprint field to given value.
+
+### HasFingerprint
+
+`func (o *DomainCertificateMetadata) HasFingerprint() bool`
+
+HasFingerprint returns a boolean if a field has been set.
+
+### GetSubject
+
+`func (o *DomainCertificateMetadata) GetSubject() string`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *DomainCertificateMetadata) GetSubjectOk() (*string, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *DomainCertificateMetadata) SetSubject(v string)`
+
+SetSubject sets Subject field to given value.
+
+### HasSubject
+
+`func (o *DomainCertificateMetadata) HasSubject() bool`
+
+HasSubject returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainCertificateSourceType.md b/okta/docs/DomainCertificateSourceType.md
new file mode 100644
index 000000000..48d62eb8e
--- /dev/null
+++ b/okta/docs/DomainCertificateSourceType.md
@@ -0,0 +1,13 @@
+# DomainCertificateSourceType
+
+## Enum
+
+
+* `MANUAL` (value: `"MANUAL"`)
+
+* `OKTA_MANAGED` (value: `"OKTA_MANAGED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainCertificateType.md b/okta/docs/DomainCertificateType.md
new file mode 100644
index 000000000..25c84e0e2
--- /dev/null
+++ b/okta/docs/DomainCertificateType.md
@@ -0,0 +1,11 @@
+# DomainCertificateType
+
+## Enum
+
+
+* `PEM` (value: `"PEM"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainLinks.md b/okta/docs/DomainLinks.md
new file mode 100644
index 000000000..96ff17f0b
--- /dev/null
+++ b/okta/docs/DomainLinks.md
@@ -0,0 +1,134 @@
+# DomainLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Brand** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Certificate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Verify** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewDomainLinks
+
+`func NewDomainLinks() *DomainLinks`
+
+NewDomainLinks instantiates a new DomainLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDomainLinksWithDefaults
+
+`func NewDomainLinksWithDefaults() *DomainLinks`
+
+NewDomainLinksWithDefaults instantiates a new DomainLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrand
+
+`func (o *DomainLinks) GetBrand() HrefObject`
+
+GetBrand returns the Brand field if non-nil, zero value otherwise.
+
+### GetBrandOk
+
+`func (o *DomainLinks) GetBrandOk() (*HrefObject, bool)`
+
+GetBrandOk returns a tuple with the Brand field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrand
+
+`func (o *DomainLinks) SetBrand(v HrefObject)`
+
+SetBrand sets Brand field to given value.
+
+### HasBrand
+
+`func (o *DomainLinks) HasBrand() bool`
+
+HasBrand returns a boolean if a field has been set.
+
+### GetCertificate
+
+`func (o *DomainLinks) GetCertificate() HrefObject`
+
+GetCertificate returns the Certificate field if non-nil, zero value otherwise.
+
+### GetCertificateOk
+
+`func (o *DomainLinks) GetCertificateOk() (*HrefObject, bool)`
+
+GetCertificateOk returns a tuple with the Certificate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCertificate
+
+`func (o *DomainLinks) SetCertificate(v HrefObject)`
+
+SetCertificate sets Certificate field to given value.
+
+### HasCertificate
+
+`func (o *DomainLinks) HasCertificate() bool`
+
+HasCertificate returns a boolean if a field has been set.
+
+### GetSelf
+
+`func (o *DomainLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *DomainLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *DomainLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *DomainLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetVerify
+
+`func (o *DomainLinks) GetVerify() HrefObject`
+
+GetVerify returns the Verify field if non-nil, zero value otherwise.
+
+### GetVerifyOk
+
+`func (o *DomainLinks) GetVerifyOk() (*HrefObject, bool)`
+
+GetVerifyOk returns a tuple with the Verify field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerify
+
+`func (o *DomainLinks) SetVerify(v HrefObject)`
+
+SetVerify sets Verify field to given value.
+
+### HasVerify
+
+`func (o *DomainLinks) HasVerify() bool`
+
+HasVerify returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainListResponse.md b/okta/docs/DomainListResponse.md
new file mode 100644
index 000000000..69f05c347
--- /dev/null
+++ b/okta/docs/DomainListResponse.md
@@ -0,0 +1,56 @@
+# DomainListResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Domains** | Pointer to [**[]DomainResponse**](DomainResponse.md) |  | [optional] 
+
+## Methods
+
+### NewDomainListResponse
+
+`func NewDomainListResponse() *DomainListResponse`
+
+NewDomainListResponse instantiates a new DomainListResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDomainListResponseWithDefaults
+
+`func NewDomainListResponseWithDefaults() *DomainListResponse`
+
+NewDomainListResponseWithDefaults instantiates a new DomainListResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDomains
+
+`func (o *DomainListResponse) GetDomains() []DomainResponse`
+
+GetDomains returns the Domains field if non-nil, zero value otherwise.
+
+### GetDomainsOk
+
+`func (o *DomainListResponse) GetDomainsOk() (*[]DomainResponse, bool)`
+
+GetDomainsOk returns a tuple with the Domains field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomains
+
+`func (o *DomainListResponse) SetDomains(v []DomainResponse)`
+
+SetDomains sets Domains field to given value.
+
+### HasDomains
+
+`func (o *DomainListResponse) HasDomains() bool`
+
+HasDomains returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainResponse.md b/okta/docs/DomainResponse.md
new file mode 100644
index 000000000..8f2e4a13a
--- /dev/null
+++ b/okta/docs/DomainResponse.md
@@ -0,0 +1,238 @@
+# DomainResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BrandId** | Pointer to **string** |  | [optional] 
+**CertificateSourceType** | Pointer to [**DomainCertificateSourceType**](DomainCertificateSourceType.md) |  | [optional] 
+**DnsRecords** | Pointer to [**[]DNSRecord**](DNSRecord.md) |  | [optional] 
+**Domain** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] 
+**PublicCertificate** | Pointer to [**DomainCertificateMetadata**](DomainCertificateMetadata.md) |  | [optional] 
+**ValidationStatus** | Pointer to [**DomainValidationStatus**](DomainValidationStatus.md) |  | [optional] 
+**Links** | Pointer to [**DomainLinks**](DomainLinks.md) |  | [optional] 
+
+## Methods
+
+### NewDomainResponse
+
+`func NewDomainResponse() *DomainResponse`
+
+NewDomainResponse instantiates a new DomainResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDomainResponseWithDefaults
+
+`func NewDomainResponseWithDefaults() *DomainResponse`
+
+NewDomainResponseWithDefaults instantiates a new DomainResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrandId
+
+`func (o *DomainResponse) GetBrandId() string`
+
+GetBrandId returns the BrandId field if non-nil, zero value otherwise.
+
+### GetBrandIdOk
+
+`func (o *DomainResponse) GetBrandIdOk() (*string, bool)`
+
+GetBrandIdOk returns a tuple with the BrandId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrandId
+
+`func (o *DomainResponse) SetBrandId(v string)`
+
+SetBrandId sets BrandId field to given value.
+
+### HasBrandId
+
+`func (o *DomainResponse) HasBrandId() bool`
+
+HasBrandId returns a boolean if a field has been set.
+
+### GetCertificateSourceType
+
+`func (o *DomainResponse) GetCertificateSourceType() DomainCertificateSourceType`
+
+GetCertificateSourceType returns the CertificateSourceType field if non-nil, zero value otherwise.
+
+### GetCertificateSourceTypeOk
+
+`func (o *DomainResponse) GetCertificateSourceTypeOk() (*DomainCertificateSourceType, bool)`
+
+GetCertificateSourceTypeOk returns a tuple with the CertificateSourceType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCertificateSourceType
+
+`func (o *DomainResponse) SetCertificateSourceType(v DomainCertificateSourceType)`
+
+SetCertificateSourceType sets CertificateSourceType field to given value.
+
+### HasCertificateSourceType
+
+`func (o *DomainResponse) HasCertificateSourceType() bool`
+
+HasCertificateSourceType returns a boolean if a field has been set.
+
+### GetDnsRecords
+
+`func (o *DomainResponse) GetDnsRecords() []DNSRecord`
+
+GetDnsRecords returns the DnsRecords field if non-nil, zero value otherwise.
+
+### GetDnsRecordsOk
+
+`func (o *DomainResponse) GetDnsRecordsOk() (*[]DNSRecord, bool)`
+
+GetDnsRecordsOk returns a tuple with the DnsRecords field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDnsRecords
+
+`func (o *DomainResponse) SetDnsRecords(v []DNSRecord)`
+
+SetDnsRecords sets DnsRecords field to given value.
+
+### HasDnsRecords
+
+`func (o *DomainResponse) HasDnsRecords() bool`
+
+HasDnsRecords returns a boolean if a field has been set.
+
+### GetDomain
+
+`func (o *DomainResponse) GetDomain() string`
+
+GetDomain returns the Domain field if non-nil, zero value otherwise.
+
+### GetDomainOk
+
+`func (o *DomainResponse) GetDomainOk() (*string, bool)`
+
+GetDomainOk returns a tuple with the Domain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomain
+
+`func (o *DomainResponse) SetDomain(v string)`
+
+SetDomain sets Domain field to given value.
+
+### HasDomain
+
+`func (o *DomainResponse) HasDomain() bool`
+
+HasDomain returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *DomainResponse) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *DomainResponse) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *DomainResponse) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *DomainResponse) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetPublicCertificate
+
+`func (o *DomainResponse) GetPublicCertificate() DomainCertificateMetadata`
+
+GetPublicCertificate returns the PublicCertificate field if non-nil, zero value otherwise.
+
+### GetPublicCertificateOk
+
+`func (o *DomainResponse) GetPublicCertificateOk() (*DomainCertificateMetadata, bool)`
+
+GetPublicCertificateOk returns a tuple with the PublicCertificate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPublicCertificate
+
+`func (o *DomainResponse) SetPublicCertificate(v DomainCertificateMetadata)`
+
+SetPublicCertificate sets PublicCertificate field to given value.
+
+### HasPublicCertificate
+
+`func (o *DomainResponse) HasPublicCertificate() bool`
+
+HasPublicCertificate returns a boolean if a field has been set.
+
+### GetValidationStatus
+
+`func (o *DomainResponse) GetValidationStatus() DomainValidationStatus`
+
+GetValidationStatus returns the ValidationStatus field if non-nil, zero value otherwise.
+
+### GetValidationStatusOk
+
+`func (o *DomainResponse) GetValidationStatusOk() (*DomainValidationStatus, bool)`
+
+GetValidationStatusOk returns a tuple with the ValidationStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValidationStatus
+
+`func (o *DomainResponse) SetValidationStatus(v DomainValidationStatus)`
+
+SetValidationStatus sets ValidationStatus field to given value.
+
+### HasValidationStatus
+
+`func (o *DomainResponse) HasValidationStatus() bool`
+
+HasValidationStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *DomainResponse) GetLinks() DomainLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *DomainResponse) GetLinksOk() (*DomainLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *DomainResponse) SetLinks(v DomainLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *DomainResponse) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/DomainValidationStatus.md b/okta/docs/DomainValidationStatus.md
new file mode 100644
index 000000000..56b435a4b
--- /dev/null
+++ b/okta/docs/DomainValidationStatus.md
@@ -0,0 +1,17 @@
+# DomainValidationStatus
+
+## Enum
+
+
+* `COMPLETED` (value: `"COMPLETED"`)
+
+* `IN_PROGRESS` (value: `"IN_PROGRESS"`)
+
+* `NOT_STARTED` (value: `"NOT_STARTED"`)
+
+* `VERIFIED` (value: `"VERIFIED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Duration.md b/okta/docs/Duration.md
new file mode 100644
index 000000000..92ef09772
--- /dev/null
+++ b/okta/docs/Duration.md
@@ -0,0 +1,82 @@
+# Duration
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Number** | Pointer to **int32** |  | [optional] 
+**Unit** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewDuration
+
+`func NewDuration() *Duration`
+
+NewDuration instantiates a new Duration object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDurationWithDefaults
+
+`func NewDurationWithDefaults() *Duration`
+
+NewDurationWithDefaults instantiates a new Duration object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNumber
+
+`func (o *Duration) GetNumber() int32`
+
+GetNumber returns the Number field if non-nil, zero value otherwise.
+
+### GetNumberOk
+
+`func (o *Duration) GetNumberOk() (*int32, bool)`
+
+GetNumberOk returns a tuple with the Number field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNumber
+
+`func (o *Duration) SetNumber(v int32)`
+
+SetNumber sets Number field to given value.
+
+### HasNumber
+
+`func (o *Duration) HasNumber() bool`
+
+HasNumber returns a boolean if a field has been set.
+
+### GetUnit
+
+`func (o *Duration) GetUnit() string`
+
+GetUnit returns the Unit field if non-nil, zero value otherwise.
+
+### GetUnitOk
+
+`func (o *Duration) GetUnitOk() (*string, bool)`
+
+GetUnitOk returns a tuple with the Unit field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnit
+
+`func (o *Duration) SetUnit(v string)`
+
+SetUnit sets Unit field to given value.
+
+### HasUnit
+
+`func (o *Duration) HasUnit() bool`
+
+HasUnit returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailContent.md b/okta/docs/EmailContent.md
new file mode 100644
index 000000000..1e0ecef0c
--- /dev/null
+++ b/okta/docs/EmailContent.md
@@ -0,0 +1,72 @@
+# EmailContent
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Body** | **string** | The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Subject** | **string** | The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+
+## Methods
+
+### NewEmailContent
+
+`func NewEmailContent(body string, subject string, ) *EmailContent`
+
+NewEmailContent instantiates a new EmailContent object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailContentWithDefaults
+
+`func NewEmailContentWithDefaults() *EmailContent`
+
+NewEmailContentWithDefaults instantiates a new EmailContent object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBody
+
+`func (o *EmailContent) GetBody() string`
+
+GetBody returns the Body field if non-nil, zero value otherwise.
+
+### GetBodyOk
+
+`func (o *EmailContent) GetBodyOk() (*string, bool)`
+
+GetBodyOk returns a tuple with the Body field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBody
+
+`func (o *EmailContent) SetBody(v string)`
+
+SetBody sets Body field to given value.
+
+
+### GetSubject
+
+`func (o *EmailContent) GetSubject() string`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *EmailContent) GetSubjectOk() (*string, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *EmailContent) SetSubject(v string)`
+
+SetSubject sets Subject field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailCustomization.md b/okta/docs/EmailCustomization.md
new file mode 100644
index 000000000..5bfed8adc
--- /dev/null
+++ b/okta/docs/EmailCustomization.md
@@ -0,0 +1,223 @@
+# EmailCustomization
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Body** | **string** | The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Subject** | **string** | The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Created** | Pointer to **time.Time** | The UTC time at which this email customization was created. | [optional] [readonly] 
+**Id** | Pointer to **string** | A unique identifier for this email customization. | [optional] [readonly] 
+**IsDefault** | Pointer to **bool** | Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to &#x60;true&#x60; for the first customization and &#x60;false&#x60; thereafter. | [optional] 
+**Language** | **string** | The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646). | 
+**LastUpdated** | Pointer to **time.Time** | The UTC time at which this email customization was last updated. | [optional] [readonly] 
+**Links** | Pointer to [**EmailCustomizationAllOfLinks**](EmailCustomizationAllOfLinks.md) |  | [optional] 
+
+## Methods
+
+### NewEmailCustomization
+
+`func NewEmailCustomization(body string, subject string, language string, ) *EmailCustomization`
+
+NewEmailCustomization instantiates a new EmailCustomization object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailCustomizationWithDefaults
+
+`func NewEmailCustomizationWithDefaults() *EmailCustomization`
+
+NewEmailCustomizationWithDefaults instantiates a new EmailCustomization object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBody
+
+`func (o *EmailCustomization) GetBody() string`
+
+GetBody returns the Body field if non-nil, zero value otherwise.
+
+### GetBodyOk
+
+`func (o *EmailCustomization) GetBodyOk() (*string, bool)`
+
+GetBodyOk returns a tuple with the Body field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBody
+
+`func (o *EmailCustomization) SetBody(v string)`
+
+SetBody sets Body field to given value.
+
+
+### GetSubject
+
+`func (o *EmailCustomization) GetSubject() string`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *EmailCustomization) GetSubjectOk() (*string, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *EmailCustomization) SetSubject(v string)`
+
+SetSubject sets Subject field to given value.
+
+
+### GetCreated
+
+`func (o *EmailCustomization) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *EmailCustomization) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *EmailCustomization) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *EmailCustomization) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *EmailCustomization) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *EmailCustomization) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *EmailCustomization) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *EmailCustomization) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIsDefault
+
+`func (o *EmailCustomization) GetIsDefault() bool`
+
+GetIsDefault returns the IsDefault field if non-nil, zero value otherwise.
+
+### GetIsDefaultOk
+
+`func (o *EmailCustomization) GetIsDefaultOk() (*bool, bool)`
+
+GetIsDefaultOk returns a tuple with the IsDefault field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsDefault
+
+`func (o *EmailCustomization) SetIsDefault(v bool)`
+
+SetIsDefault sets IsDefault field to given value.
+
+### HasIsDefault
+
+`func (o *EmailCustomization) HasIsDefault() bool`
+
+HasIsDefault returns a boolean if a field has been set.
+
+### GetLanguage
+
+`func (o *EmailCustomization) GetLanguage() string`
+
+GetLanguage returns the Language field if non-nil, zero value otherwise.
+
+### GetLanguageOk
+
+`func (o *EmailCustomization) GetLanguageOk() (*string, bool)`
+
+GetLanguageOk returns a tuple with the Language field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLanguage
+
+`func (o *EmailCustomization) SetLanguage(v string)`
+
+SetLanguage sets Language field to given value.
+
+
+### GetLastUpdated
+
+`func (o *EmailCustomization) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *EmailCustomization) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *EmailCustomization) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *EmailCustomization) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *EmailCustomization) GetLinks() EmailCustomizationAllOfLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *EmailCustomization) GetLinksOk() (*EmailCustomizationAllOfLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *EmailCustomization) SetLinks(v EmailCustomizationAllOfLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *EmailCustomization) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailCustomizationAllOf.md b/okta/docs/EmailCustomizationAllOf.md
new file mode 100644
index 000000000..5fcef5b83
--- /dev/null
+++ b/okta/docs/EmailCustomizationAllOf.md
@@ -0,0 +1,181 @@
+# EmailCustomizationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | The UTC time at which this email customization was created. | [optional] [readonly] 
+**Id** | Pointer to **string** | A unique identifier for this email customization. | [optional] [readonly] 
+**IsDefault** | Pointer to **bool** | Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to &#x60;true&#x60; for the first customization and &#x60;false&#x60; thereafter. | [optional] 
+**Language** | **string** | The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646). | 
+**LastUpdated** | Pointer to **time.Time** | The UTC time at which this email customization was last updated. | [optional] [readonly] 
+**Links** | Pointer to [**EmailCustomizationAllOfLinks**](EmailCustomizationAllOfLinks.md) |  | [optional] 
+
+## Methods
+
+### NewEmailCustomizationAllOf
+
+`func NewEmailCustomizationAllOf(language string, ) *EmailCustomizationAllOf`
+
+NewEmailCustomizationAllOf instantiates a new EmailCustomizationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailCustomizationAllOfWithDefaults
+
+`func NewEmailCustomizationAllOfWithDefaults() *EmailCustomizationAllOf`
+
+NewEmailCustomizationAllOfWithDefaults instantiates a new EmailCustomizationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *EmailCustomizationAllOf) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *EmailCustomizationAllOf) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *EmailCustomizationAllOf) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *EmailCustomizationAllOf) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *EmailCustomizationAllOf) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *EmailCustomizationAllOf) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *EmailCustomizationAllOf) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *EmailCustomizationAllOf) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIsDefault
+
+`func (o *EmailCustomizationAllOf) GetIsDefault() bool`
+
+GetIsDefault returns the IsDefault field if non-nil, zero value otherwise.
+
+### GetIsDefaultOk
+
+`func (o *EmailCustomizationAllOf) GetIsDefaultOk() (*bool, bool)`
+
+GetIsDefaultOk returns a tuple with the IsDefault field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsDefault
+
+`func (o *EmailCustomizationAllOf) SetIsDefault(v bool)`
+
+SetIsDefault sets IsDefault field to given value.
+
+### HasIsDefault
+
+`func (o *EmailCustomizationAllOf) HasIsDefault() bool`
+
+HasIsDefault returns a boolean if a field has been set.
+
+### GetLanguage
+
+`func (o *EmailCustomizationAllOf) GetLanguage() string`
+
+GetLanguage returns the Language field if non-nil, zero value otherwise.
+
+### GetLanguageOk
+
+`func (o *EmailCustomizationAllOf) GetLanguageOk() (*string, bool)`
+
+GetLanguageOk returns a tuple with the Language field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLanguage
+
+`func (o *EmailCustomizationAllOf) SetLanguage(v string)`
+
+SetLanguage sets Language field to given value.
+
+
+### GetLastUpdated
+
+`func (o *EmailCustomizationAllOf) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *EmailCustomizationAllOf) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *EmailCustomizationAllOf) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *EmailCustomizationAllOf) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *EmailCustomizationAllOf) GetLinks() EmailCustomizationAllOfLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *EmailCustomizationAllOf) GetLinksOk() (*EmailCustomizationAllOfLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *EmailCustomizationAllOf) SetLinks(v EmailCustomizationAllOfLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *EmailCustomizationAllOf) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailCustomizationAllOfLinks.md b/okta/docs/EmailCustomizationAllOfLinks.md
new file mode 100644
index 000000000..42c0c07fb
--- /dev/null
+++ b/okta/docs/EmailCustomizationAllOfLinks.md
@@ -0,0 +1,134 @@
+# EmailCustomizationAllOfLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Template** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Preview** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Test** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewEmailCustomizationAllOfLinks
+
+`func NewEmailCustomizationAllOfLinks() *EmailCustomizationAllOfLinks`
+
+NewEmailCustomizationAllOfLinks instantiates a new EmailCustomizationAllOfLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailCustomizationAllOfLinksWithDefaults
+
+`func NewEmailCustomizationAllOfLinksWithDefaults() *EmailCustomizationAllOfLinks`
+
+NewEmailCustomizationAllOfLinksWithDefaults instantiates a new EmailCustomizationAllOfLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *EmailCustomizationAllOfLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *EmailCustomizationAllOfLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *EmailCustomizationAllOfLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *EmailCustomizationAllOfLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetTemplate
+
+`func (o *EmailCustomizationAllOfLinks) GetTemplate() HrefObject`
+
+GetTemplate returns the Template field if non-nil, zero value otherwise.
+
+### GetTemplateOk
+
+`func (o *EmailCustomizationAllOfLinks) GetTemplateOk() (*HrefObject, bool)`
+
+GetTemplateOk returns a tuple with the Template field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTemplate
+
+`func (o *EmailCustomizationAllOfLinks) SetTemplate(v HrefObject)`
+
+SetTemplate sets Template field to given value.
+
+### HasTemplate
+
+`func (o *EmailCustomizationAllOfLinks) HasTemplate() bool`
+
+HasTemplate returns a boolean if a field has been set.
+
+### GetPreview
+
+`func (o *EmailCustomizationAllOfLinks) GetPreview() HrefObject`
+
+GetPreview returns the Preview field if non-nil, zero value otherwise.
+
+### GetPreviewOk
+
+`func (o *EmailCustomizationAllOfLinks) GetPreviewOk() (*HrefObject, bool)`
+
+GetPreviewOk returns a tuple with the Preview field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreview
+
+`func (o *EmailCustomizationAllOfLinks) SetPreview(v HrefObject)`
+
+SetPreview sets Preview field to given value.
+
+### HasPreview
+
+`func (o *EmailCustomizationAllOfLinks) HasPreview() bool`
+
+HasPreview returns a boolean if a field has been set.
+
+### GetTest
+
+`func (o *EmailCustomizationAllOfLinks) GetTest() HrefObject`
+
+GetTest returns the Test field if non-nil, zero value otherwise.
+
+### GetTestOk
+
+`func (o *EmailCustomizationAllOfLinks) GetTestOk() (*HrefObject, bool)`
+
+GetTestOk returns a tuple with the Test field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTest
+
+`func (o *EmailCustomizationAllOfLinks) SetTest(v HrefObject)`
+
+SetTest sets Test field to given value.
+
+### HasTest
+
+`func (o *EmailCustomizationAllOfLinks) HasTest() bool`
+
+HasTest returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDefaultContent.md b/okta/docs/EmailDefaultContent.md
new file mode 100644
index 000000000..20f4c48f2
--- /dev/null
+++ b/okta/docs/EmailDefaultContent.md
@@ -0,0 +1,98 @@
+# EmailDefaultContent
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Body** | **string** | The email&#39;s HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Subject** | **string** | The email&#39;s subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references). | 
+**Links** | Pointer to [**EmailDefaultContentAllOfLinks**](EmailDefaultContentAllOfLinks.md) |  | [optional] 
+
+## Methods
+
+### NewEmailDefaultContent
+
+`func NewEmailDefaultContent(body string, subject string, ) *EmailDefaultContent`
+
+NewEmailDefaultContent instantiates a new EmailDefaultContent object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailDefaultContentWithDefaults
+
+`func NewEmailDefaultContentWithDefaults() *EmailDefaultContent`
+
+NewEmailDefaultContentWithDefaults instantiates a new EmailDefaultContent object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBody
+
+`func (o *EmailDefaultContent) GetBody() string`
+
+GetBody returns the Body field if non-nil, zero value otherwise.
+
+### GetBodyOk
+
+`func (o *EmailDefaultContent) GetBodyOk() (*string, bool)`
+
+GetBodyOk returns a tuple with the Body field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBody
+
+`func (o *EmailDefaultContent) SetBody(v string)`
+
+SetBody sets Body field to given value.
+
+
+### GetSubject
+
+`func (o *EmailDefaultContent) GetSubject() string`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *EmailDefaultContent) GetSubjectOk() (*string, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *EmailDefaultContent) SetSubject(v string)`
+
+SetSubject sets Subject field to given value.
+
+
+### GetLinks
+
+`func (o *EmailDefaultContent) GetLinks() EmailDefaultContentAllOfLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *EmailDefaultContent) GetLinksOk() (*EmailDefaultContentAllOfLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *EmailDefaultContent) SetLinks(v EmailDefaultContentAllOfLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *EmailDefaultContent) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDefaultContentAllOf.md b/okta/docs/EmailDefaultContentAllOf.md
new file mode 100644
index 000000000..266a4af76
--- /dev/null
+++ b/okta/docs/EmailDefaultContentAllOf.md
@@ -0,0 +1,56 @@
+# EmailDefaultContentAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Links** | Pointer to [**EmailDefaultContentAllOfLinks**](EmailDefaultContentAllOfLinks.md) |  | [optional] 
+
+## Methods
+
+### NewEmailDefaultContentAllOf
+
+`func NewEmailDefaultContentAllOf() *EmailDefaultContentAllOf`
+
+NewEmailDefaultContentAllOf instantiates a new EmailDefaultContentAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailDefaultContentAllOfWithDefaults
+
+`func NewEmailDefaultContentAllOfWithDefaults() *EmailDefaultContentAllOf`
+
+NewEmailDefaultContentAllOfWithDefaults instantiates a new EmailDefaultContentAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLinks
+
+`func (o *EmailDefaultContentAllOf) GetLinks() EmailDefaultContentAllOfLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *EmailDefaultContentAllOf) GetLinksOk() (*EmailDefaultContentAllOfLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *EmailDefaultContentAllOf) SetLinks(v EmailDefaultContentAllOfLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *EmailDefaultContentAllOf) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDefaultContentAllOfLinks.md b/okta/docs/EmailDefaultContentAllOfLinks.md
new file mode 100644
index 000000000..e4d4f811d
--- /dev/null
+++ b/okta/docs/EmailDefaultContentAllOfLinks.md
@@ -0,0 +1,134 @@
+# EmailDefaultContentAllOfLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Template** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Preview** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Test** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewEmailDefaultContentAllOfLinks
+
+`func NewEmailDefaultContentAllOfLinks() *EmailDefaultContentAllOfLinks`
+
+NewEmailDefaultContentAllOfLinks instantiates a new EmailDefaultContentAllOfLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailDefaultContentAllOfLinksWithDefaults
+
+`func NewEmailDefaultContentAllOfLinksWithDefaults() *EmailDefaultContentAllOfLinks`
+
+NewEmailDefaultContentAllOfLinksWithDefaults instantiates a new EmailDefaultContentAllOfLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *EmailDefaultContentAllOfLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *EmailDefaultContentAllOfLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *EmailDefaultContentAllOfLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *EmailDefaultContentAllOfLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetTemplate
+
+`func (o *EmailDefaultContentAllOfLinks) GetTemplate() HrefObject`
+
+GetTemplate returns the Template field if non-nil, zero value otherwise.
+
+### GetTemplateOk
+
+`func (o *EmailDefaultContentAllOfLinks) GetTemplateOk() (*HrefObject, bool)`
+
+GetTemplateOk returns a tuple with the Template field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTemplate
+
+`func (o *EmailDefaultContentAllOfLinks) SetTemplate(v HrefObject)`
+
+SetTemplate sets Template field to given value.
+
+### HasTemplate
+
+`func (o *EmailDefaultContentAllOfLinks) HasTemplate() bool`
+
+HasTemplate returns a boolean if a field has been set.
+
+### GetPreview
+
+`func (o *EmailDefaultContentAllOfLinks) GetPreview() HrefObject`
+
+GetPreview returns the Preview field if non-nil, zero value otherwise.
+
+### GetPreviewOk
+
+`func (o *EmailDefaultContentAllOfLinks) GetPreviewOk() (*HrefObject, bool)`
+
+GetPreviewOk returns a tuple with the Preview field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreview
+
+`func (o *EmailDefaultContentAllOfLinks) SetPreview(v HrefObject)`
+
+SetPreview sets Preview field to given value.
+
+### HasPreview
+
+`func (o *EmailDefaultContentAllOfLinks) HasPreview() bool`
+
+HasPreview returns a boolean if a field has been set.
+
+### GetTest
+
+`func (o *EmailDefaultContentAllOfLinks) GetTest() HrefObject`
+
+GetTest returns the Test field if non-nil, zero value otherwise.
+
+### GetTestOk
+
+`func (o *EmailDefaultContentAllOfLinks) GetTestOk() (*HrefObject, bool)`
+
+GetTestOk returns a tuple with the Test field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTest
+
+`func (o *EmailDefaultContentAllOfLinks) SetTest(v HrefObject)`
+
+SetTest sets Test field to given value.
+
+### HasTest
+
+`func (o *EmailDefaultContentAllOfLinks) HasTest() bool`
+
+HasTest returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDomain.md b/okta/docs/EmailDomain.md
new file mode 100644
index 000000000..018ce7846
--- /dev/null
+++ b/okta/docs/EmailDomain.md
@@ -0,0 +1,114 @@
+# EmailDomain
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BrandId** | **string** |  | 
+**Domain** | **string** |  | 
+**DisplayName** | **string** |  | 
+**UserName** | **string** |  | 
+
+## Methods
+
+### NewEmailDomain
+
+`func NewEmailDomain(brandId string, domain string, displayName string, userName string, ) *EmailDomain`
+
+NewEmailDomain instantiates a new EmailDomain object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailDomainWithDefaults
+
+`func NewEmailDomainWithDefaults() *EmailDomain`
+
+NewEmailDomainWithDefaults instantiates a new EmailDomain object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrandId
+
+`func (o *EmailDomain) GetBrandId() string`
+
+GetBrandId returns the BrandId field if non-nil, zero value otherwise.
+
+### GetBrandIdOk
+
+`func (o *EmailDomain) GetBrandIdOk() (*string, bool)`
+
+GetBrandIdOk returns a tuple with the BrandId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrandId
+
+`func (o *EmailDomain) SetBrandId(v string)`
+
+SetBrandId sets BrandId field to given value.
+
+
+### GetDomain
+
+`func (o *EmailDomain) GetDomain() string`
+
+GetDomain returns the Domain field if non-nil, zero value otherwise.
+
+### GetDomainOk
+
+`func (o *EmailDomain) GetDomainOk() (*string, bool)`
+
+GetDomainOk returns a tuple with the Domain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomain
+
+`func (o *EmailDomain) SetDomain(v string)`
+
+SetDomain sets Domain field to given value.
+
+
+### GetDisplayName
+
+`func (o *EmailDomain) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *EmailDomain) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *EmailDomain) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+
+### GetUserName
+
+`func (o *EmailDomain) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *EmailDomain) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *EmailDomain) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDomainApi.md b/okta/docs/EmailDomainApi.md
new file mode 100644
index 000000000..9db28a518
--- /dev/null
+++ b/okta/docs/EmailDomainApi.md
@@ -0,0 +1,434 @@
+# \EmailDomainApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateEmailDomain**](EmailDomainApi.md#CreateEmailDomain) | **Post** /api/v1/email-domains | Create an Email Domain
+[**DeleteEmailDomain**](EmailDomainApi.md#DeleteEmailDomain) | **Delete** /api/v1/email-domains/{emailDomainId} | Delete an Email Domain
+[**GetEmailDomain**](EmailDomainApi.md#GetEmailDomain) | **Get** /api/v1/email-domains/{emailDomainId} | Retrieve an Email Domain
+[**ListEmailDomains**](EmailDomainApi.md#ListEmailDomains) | **Get** /api/v1/email-domains | List all Email Domains
+[**ReplaceEmailDomain**](EmailDomainApi.md#ReplaceEmailDomain) | **Put** /api/v1/email-domains/{emailDomainId} | Replace an Email Domain
+[**VerifyEmailDomain**](EmailDomainApi.md#VerifyEmailDomain) | **Post** /api/v1/email-domains/{emailDomainId}/verify | Verify an Email Domain
+
+
+
+## CreateEmailDomain
+
+> EmailDomainResponse CreateEmailDomain(ctx).EmailDomain(emailDomain).Expand(expand).Execute()
+
+Create an Email Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    emailDomain := *openapiclient.NewEmailDomain("BrandId_example", "Domain_example", "DisplayName_example", "UserName_example") // EmailDomain | 
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EmailDomainApi.CreateEmailDomain(context.Background()).EmailDomain(emailDomain).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EmailDomainApi.CreateEmailDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateEmailDomain`: EmailDomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `EmailDomainApi.CreateEmailDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateEmailDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **emailDomain** | [**EmailDomain**](EmailDomain.md) |  | 
+ **expand** | **[]string** | Specifies additional metadata to be included in the response | 
+
+### Return type
+
+[**EmailDomainResponse**](EmailDomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteEmailDomain
+
+> DeleteEmailDomain(ctx, emailDomainId).Expand(expand).Execute()
+
+Delete an Email Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    emailDomainId := "emailDomainId_example" // string | 
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EmailDomainApi.DeleteEmailDomain(context.Background(), emailDomainId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EmailDomainApi.DeleteEmailDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**emailDomainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteEmailDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **[]string** | Specifies additional metadata to be included in the response | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetEmailDomain
+
+> EmailDomainResponseWithEmbedded GetEmailDomain(ctx, emailDomainId).Expand(expand).Execute()
+
+Retrieve an Email Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    emailDomainId := "emailDomainId_example" // string | 
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EmailDomainApi.GetEmailDomain(context.Background(), emailDomainId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EmailDomainApi.GetEmailDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetEmailDomain`: EmailDomainResponseWithEmbedded
+    fmt.Fprintf(os.Stdout, "Response from `EmailDomainApi.GetEmailDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**emailDomainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetEmailDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **[]string** | Specifies additional metadata to be included in the response | 
+
+### Return type
+
+[**EmailDomainResponseWithEmbedded**](EmailDomainResponseWithEmbedded.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListEmailDomains
+
+> []EmailDomainResponseWithEmbedded ListEmailDomains(ctx).Expand(expand).Execute()
+
+List all Email Domains
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EmailDomainApi.ListEmailDomains(context.Background()).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EmailDomainApi.ListEmailDomains``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListEmailDomains`: []EmailDomainResponseWithEmbedded
+    fmt.Fprintf(os.Stdout, "Response from `EmailDomainApi.ListEmailDomains`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListEmailDomainsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **expand** | **[]string** | Specifies additional metadata to be included in the response | 
+
+### Return type
+
+[**[]EmailDomainResponseWithEmbedded**](EmailDomainResponseWithEmbedded.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceEmailDomain
+
+> EmailDomainResponse ReplaceEmailDomain(ctx, emailDomainId).UpdateEmailDomain(updateEmailDomain).Expand(expand).Execute()
+
+Replace an Email Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    emailDomainId := "emailDomainId_example" // string | 
+    updateEmailDomain := *openapiclient.NewUpdateEmailDomain("DisplayName_example", "UserName_example") // UpdateEmailDomain | 
+    expand := []string{"Expand_example"} // []string | Specifies additional metadata to be included in the response (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EmailDomainApi.ReplaceEmailDomain(context.Background(), emailDomainId).UpdateEmailDomain(updateEmailDomain).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EmailDomainApi.ReplaceEmailDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceEmailDomain`: EmailDomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `EmailDomainApi.ReplaceEmailDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**emailDomainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceEmailDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **updateEmailDomain** | [**UpdateEmailDomain**](UpdateEmailDomain.md) |  | 
+ **expand** | **[]string** | Specifies additional metadata to be included in the response | 
+
+### Return type
+
+[**EmailDomainResponse**](EmailDomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## VerifyEmailDomain
+
+> EmailDomainResponse VerifyEmailDomain(ctx, emailDomainId).Execute()
+
+Verify an Email Domain
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    emailDomainId := "emailDomainId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EmailDomainApi.VerifyEmailDomain(context.Background(), emailDomainId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EmailDomainApi.VerifyEmailDomain``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `VerifyEmailDomain`: EmailDomainResponse
+    fmt.Fprintf(os.Stdout, "Response from `EmailDomainApi.VerifyEmailDomain`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**emailDomainId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiVerifyEmailDomainRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**EmailDomainResponse**](EmailDomainResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/EmailDomainResponse.md b/okta/docs/EmailDomainResponse.md
new file mode 100644
index 000000000..565c20842
--- /dev/null
+++ b/okta/docs/EmailDomainResponse.md
@@ -0,0 +1,176 @@
+# EmailDomainResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DnsValidationRecords** | Pointer to [**[]DNSRecord**](DNSRecord.md) |  | [optional] 
+**Domain** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] 
+**ValidationStatus** | Pointer to [**EmailDomainStatus**](EmailDomainStatus.md) |  | [optional] 
+**DisplayName** | **string** |  | 
+**UserName** | **string** |  | 
+
+## Methods
+
+### NewEmailDomainResponse
+
+`func NewEmailDomainResponse(displayName string, userName string, ) *EmailDomainResponse`
+
+NewEmailDomainResponse instantiates a new EmailDomainResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailDomainResponseWithDefaults
+
+`func NewEmailDomainResponseWithDefaults() *EmailDomainResponse`
+
+NewEmailDomainResponseWithDefaults instantiates a new EmailDomainResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDnsValidationRecords
+
+`func (o *EmailDomainResponse) GetDnsValidationRecords() []DNSRecord`
+
+GetDnsValidationRecords returns the DnsValidationRecords field if non-nil, zero value otherwise.
+
+### GetDnsValidationRecordsOk
+
+`func (o *EmailDomainResponse) GetDnsValidationRecordsOk() (*[]DNSRecord, bool)`
+
+GetDnsValidationRecordsOk returns a tuple with the DnsValidationRecords field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDnsValidationRecords
+
+`func (o *EmailDomainResponse) SetDnsValidationRecords(v []DNSRecord)`
+
+SetDnsValidationRecords sets DnsValidationRecords field to given value.
+
+### HasDnsValidationRecords
+
+`func (o *EmailDomainResponse) HasDnsValidationRecords() bool`
+
+HasDnsValidationRecords returns a boolean if a field has been set.
+
+### GetDomain
+
+`func (o *EmailDomainResponse) GetDomain() string`
+
+GetDomain returns the Domain field if non-nil, zero value otherwise.
+
+### GetDomainOk
+
+`func (o *EmailDomainResponse) GetDomainOk() (*string, bool)`
+
+GetDomainOk returns a tuple with the Domain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomain
+
+`func (o *EmailDomainResponse) SetDomain(v string)`
+
+SetDomain sets Domain field to given value.
+
+### HasDomain
+
+`func (o *EmailDomainResponse) HasDomain() bool`
+
+HasDomain returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *EmailDomainResponse) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *EmailDomainResponse) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *EmailDomainResponse) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *EmailDomainResponse) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetValidationStatus
+
+`func (o *EmailDomainResponse) GetValidationStatus() EmailDomainStatus`
+
+GetValidationStatus returns the ValidationStatus field if non-nil, zero value otherwise.
+
+### GetValidationStatusOk
+
+`func (o *EmailDomainResponse) GetValidationStatusOk() (*EmailDomainStatus, bool)`
+
+GetValidationStatusOk returns a tuple with the ValidationStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValidationStatus
+
+`func (o *EmailDomainResponse) SetValidationStatus(v EmailDomainStatus)`
+
+SetValidationStatus sets ValidationStatus field to given value.
+
+### HasValidationStatus
+
+`func (o *EmailDomainResponse) HasValidationStatus() bool`
+
+HasValidationStatus returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *EmailDomainResponse) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *EmailDomainResponse) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *EmailDomainResponse) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+
+### GetUserName
+
+`func (o *EmailDomainResponse) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *EmailDomainResponse) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *EmailDomainResponse) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDomainResponseWithEmbedded.md b/okta/docs/EmailDomainResponseWithEmbedded.md
new file mode 100644
index 000000000..44d345329
--- /dev/null
+++ b/okta/docs/EmailDomainResponseWithEmbedded.md
@@ -0,0 +1,212 @@
+# EmailDomainResponseWithEmbedded
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DisplayName** | Pointer to **string** |  | [optional] 
+**UserName** | Pointer to **string** |  | [optional] 
+**DnsValidationRecords** | Pointer to [**[]DNSRecord**](DNSRecord.md) |  | [optional] 
+**Domain** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] 
+**ValidationStatus** | Pointer to [**EmailDomainStatus**](EmailDomainStatus.md) |  | [optional] 
+**Embedded** | Pointer to [**EmailDomainResponseWithEmbeddedEmbedded**](EmailDomainResponseWithEmbeddedEmbedded.md) |  | [optional] 
+
+## Methods
+
+### NewEmailDomainResponseWithEmbedded
+
+`func NewEmailDomainResponseWithEmbedded() *EmailDomainResponseWithEmbedded`
+
+NewEmailDomainResponseWithEmbedded instantiates a new EmailDomainResponseWithEmbedded object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailDomainResponseWithEmbeddedWithDefaults
+
+`func NewEmailDomainResponseWithEmbeddedWithDefaults() *EmailDomainResponseWithEmbedded`
+
+NewEmailDomainResponseWithEmbeddedWithDefaults instantiates a new EmailDomainResponseWithEmbedded object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDisplayName
+
+`func (o *EmailDomainResponseWithEmbedded) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *EmailDomainResponseWithEmbedded) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *EmailDomainResponseWithEmbedded) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *EmailDomainResponseWithEmbedded) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetUserName
+
+`func (o *EmailDomainResponseWithEmbedded) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *EmailDomainResponseWithEmbedded) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *EmailDomainResponseWithEmbedded) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+### HasUserName
+
+`func (o *EmailDomainResponseWithEmbedded) HasUserName() bool`
+
+HasUserName returns a boolean if a field has been set.
+
+### GetDnsValidationRecords
+
+`func (o *EmailDomainResponseWithEmbedded) GetDnsValidationRecords() []DNSRecord`
+
+GetDnsValidationRecords returns the DnsValidationRecords field if non-nil, zero value otherwise.
+
+### GetDnsValidationRecordsOk
+
+`func (o *EmailDomainResponseWithEmbedded) GetDnsValidationRecordsOk() (*[]DNSRecord, bool)`
+
+GetDnsValidationRecordsOk returns a tuple with the DnsValidationRecords field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDnsValidationRecords
+
+`func (o *EmailDomainResponseWithEmbedded) SetDnsValidationRecords(v []DNSRecord)`
+
+SetDnsValidationRecords sets DnsValidationRecords field to given value.
+
+### HasDnsValidationRecords
+
+`func (o *EmailDomainResponseWithEmbedded) HasDnsValidationRecords() bool`
+
+HasDnsValidationRecords returns a boolean if a field has been set.
+
+### GetDomain
+
+`func (o *EmailDomainResponseWithEmbedded) GetDomain() string`
+
+GetDomain returns the Domain field if non-nil, zero value otherwise.
+
+### GetDomainOk
+
+`func (o *EmailDomainResponseWithEmbedded) GetDomainOk() (*string, bool)`
+
+GetDomainOk returns a tuple with the Domain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomain
+
+`func (o *EmailDomainResponseWithEmbedded) SetDomain(v string)`
+
+SetDomain sets Domain field to given value.
+
+### HasDomain
+
+`func (o *EmailDomainResponseWithEmbedded) HasDomain() bool`
+
+HasDomain returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *EmailDomainResponseWithEmbedded) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *EmailDomainResponseWithEmbedded) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *EmailDomainResponseWithEmbedded) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *EmailDomainResponseWithEmbedded) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetValidationStatus
+
+`func (o *EmailDomainResponseWithEmbedded) GetValidationStatus() EmailDomainStatus`
+
+GetValidationStatus returns the ValidationStatus field if non-nil, zero value otherwise.
+
+### GetValidationStatusOk
+
+`func (o *EmailDomainResponseWithEmbedded) GetValidationStatusOk() (*EmailDomainStatus, bool)`
+
+GetValidationStatusOk returns a tuple with the ValidationStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValidationStatus
+
+`func (o *EmailDomainResponseWithEmbedded) SetValidationStatus(v EmailDomainStatus)`
+
+SetValidationStatus sets ValidationStatus field to given value.
+
+### HasValidationStatus
+
+`func (o *EmailDomainResponseWithEmbedded) HasValidationStatus() bool`
+
+HasValidationStatus returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *EmailDomainResponseWithEmbedded) GetEmbedded() EmailDomainResponseWithEmbeddedEmbedded`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *EmailDomainResponseWithEmbedded) GetEmbeddedOk() (*EmailDomainResponseWithEmbeddedEmbedded, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *EmailDomainResponseWithEmbedded) SetEmbedded(v EmailDomainResponseWithEmbeddedEmbedded)`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *EmailDomainResponseWithEmbedded) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDomainResponseWithEmbeddedEmbedded.md b/okta/docs/EmailDomainResponseWithEmbeddedEmbedded.md
new file mode 100644
index 000000000..8b2d0e81f
--- /dev/null
+++ b/okta/docs/EmailDomainResponseWithEmbeddedEmbedded.md
@@ -0,0 +1,56 @@
+# EmailDomainResponseWithEmbeddedEmbedded
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Brands** | Pointer to [**[]Brand**](Brand.md) |  | [optional] 
+
+## Methods
+
+### NewEmailDomainResponseWithEmbeddedEmbedded
+
+`func NewEmailDomainResponseWithEmbeddedEmbedded() *EmailDomainResponseWithEmbeddedEmbedded`
+
+NewEmailDomainResponseWithEmbeddedEmbedded instantiates a new EmailDomainResponseWithEmbeddedEmbedded object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailDomainResponseWithEmbeddedEmbeddedWithDefaults
+
+`func NewEmailDomainResponseWithEmbeddedEmbeddedWithDefaults() *EmailDomainResponseWithEmbeddedEmbedded`
+
+NewEmailDomainResponseWithEmbeddedEmbeddedWithDefaults instantiates a new EmailDomainResponseWithEmbeddedEmbedded object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrands
+
+`func (o *EmailDomainResponseWithEmbeddedEmbedded) GetBrands() []Brand`
+
+GetBrands returns the Brands field if non-nil, zero value otherwise.
+
+### GetBrandsOk
+
+`func (o *EmailDomainResponseWithEmbeddedEmbedded) GetBrandsOk() (*[]Brand, bool)`
+
+GetBrandsOk returns a tuple with the Brands field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrands
+
+`func (o *EmailDomainResponseWithEmbeddedEmbedded) SetBrands(v []Brand)`
+
+SetBrands sets Brands field to given value.
+
+### HasBrands
+
+`func (o *EmailDomainResponseWithEmbeddedEmbedded) HasBrands() bool`
+
+HasBrands returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailDomainStatus.md b/okta/docs/EmailDomainStatus.md
new file mode 100644
index 000000000..a4ba43143
--- /dev/null
+++ b/okta/docs/EmailDomainStatus.md
@@ -0,0 +1,19 @@
+# EmailDomainStatus
+
+## Enum
+
+
+* `DELETED` (value: `"DELETED"`)
+
+* `ERROR` (value: `"ERROR"`)
+
+* `NOT_STARTED` (value: `"NOT_STARTED"`)
+
+* `POLLING` (value: `"POLLING"`)
+
+* `VERIFIED` (value: `"VERIFIED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailPreview.md b/okta/docs/EmailPreview.md
new file mode 100644
index 000000000..70735ed37
--- /dev/null
+++ b/okta/docs/EmailPreview.md
@@ -0,0 +1,108 @@
+# EmailPreview
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Body** | Pointer to **string** | The email&#39;s HTML body. | [optional] [readonly] 
+**Subject** | Pointer to **string** | The email&#39;s subject. | [optional] [readonly] 
+**Links** | Pointer to [**EmailPreviewLinks**](EmailPreviewLinks.md) |  | [optional] 
+
+## Methods
+
+### NewEmailPreview
+
+`func NewEmailPreview() *EmailPreview`
+
+NewEmailPreview instantiates a new EmailPreview object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailPreviewWithDefaults
+
+`func NewEmailPreviewWithDefaults() *EmailPreview`
+
+NewEmailPreviewWithDefaults instantiates a new EmailPreview object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBody
+
+`func (o *EmailPreview) GetBody() string`
+
+GetBody returns the Body field if non-nil, zero value otherwise.
+
+### GetBodyOk
+
+`func (o *EmailPreview) GetBodyOk() (*string, bool)`
+
+GetBodyOk returns a tuple with the Body field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBody
+
+`func (o *EmailPreview) SetBody(v string)`
+
+SetBody sets Body field to given value.
+
+### HasBody
+
+`func (o *EmailPreview) HasBody() bool`
+
+HasBody returns a boolean if a field has been set.
+
+### GetSubject
+
+`func (o *EmailPreview) GetSubject() string`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *EmailPreview) GetSubjectOk() (*string, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *EmailPreview) SetSubject(v string)`
+
+SetSubject sets Subject field to given value.
+
+### HasSubject
+
+`func (o *EmailPreview) HasSubject() bool`
+
+HasSubject returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *EmailPreview) GetLinks() EmailPreviewLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *EmailPreview) GetLinksOk() (*EmailPreviewLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *EmailPreview) SetLinks(v EmailPreviewLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *EmailPreview) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailPreviewLinks.md b/okta/docs/EmailPreviewLinks.md
new file mode 100644
index 000000000..e21971839
--- /dev/null
+++ b/okta/docs/EmailPreviewLinks.md
@@ -0,0 +1,160 @@
+# EmailPreviewLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**ContentSource** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Template** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Test** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**DefaultContent** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewEmailPreviewLinks
+
+`func NewEmailPreviewLinks() *EmailPreviewLinks`
+
+NewEmailPreviewLinks instantiates a new EmailPreviewLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailPreviewLinksWithDefaults
+
+`func NewEmailPreviewLinksWithDefaults() *EmailPreviewLinks`
+
+NewEmailPreviewLinksWithDefaults instantiates a new EmailPreviewLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *EmailPreviewLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *EmailPreviewLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *EmailPreviewLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *EmailPreviewLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetContentSource
+
+`func (o *EmailPreviewLinks) GetContentSource() HrefObject`
+
+GetContentSource returns the ContentSource field if non-nil, zero value otherwise.
+
+### GetContentSourceOk
+
+`func (o *EmailPreviewLinks) GetContentSourceOk() (*HrefObject, bool)`
+
+GetContentSourceOk returns a tuple with the ContentSource field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContentSource
+
+`func (o *EmailPreviewLinks) SetContentSource(v HrefObject)`
+
+SetContentSource sets ContentSource field to given value.
+
+### HasContentSource
+
+`func (o *EmailPreviewLinks) HasContentSource() bool`
+
+HasContentSource returns a boolean if a field has been set.
+
+### GetTemplate
+
+`func (o *EmailPreviewLinks) GetTemplate() HrefObject`
+
+GetTemplate returns the Template field if non-nil, zero value otherwise.
+
+### GetTemplateOk
+
+`func (o *EmailPreviewLinks) GetTemplateOk() (*HrefObject, bool)`
+
+GetTemplateOk returns a tuple with the Template field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTemplate
+
+`func (o *EmailPreviewLinks) SetTemplate(v HrefObject)`
+
+SetTemplate sets Template field to given value.
+
+### HasTemplate
+
+`func (o *EmailPreviewLinks) HasTemplate() bool`
+
+HasTemplate returns a boolean if a field has been set.
+
+### GetTest
+
+`func (o *EmailPreviewLinks) GetTest() HrefObject`
+
+GetTest returns the Test field if non-nil, zero value otherwise.
+
+### GetTestOk
+
+`func (o *EmailPreviewLinks) GetTestOk() (*HrefObject, bool)`
+
+GetTestOk returns a tuple with the Test field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTest
+
+`func (o *EmailPreviewLinks) SetTest(v HrefObject)`
+
+SetTest sets Test field to given value.
+
+### HasTest
+
+`func (o *EmailPreviewLinks) HasTest() bool`
+
+HasTest returns a boolean if a field has been set.
+
+### GetDefaultContent
+
+`func (o *EmailPreviewLinks) GetDefaultContent() HrefObject`
+
+GetDefaultContent returns the DefaultContent field if non-nil, zero value otherwise.
+
+### GetDefaultContentOk
+
+`func (o *EmailPreviewLinks) GetDefaultContentOk() (*HrefObject, bool)`
+
+GetDefaultContentOk returns a tuple with the DefaultContent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultContent
+
+`func (o *EmailPreviewLinks) SetDefaultContent(v HrefObject)`
+
+SetDefaultContent sets DefaultContent field to given value.
+
+### HasDefaultContent
+
+`func (o *EmailPreviewLinks) HasDefaultContent() bool`
+
+HasDefaultContent returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailSettings.md b/okta/docs/EmailSettings.md
new file mode 100644
index 000000000..5e090255e
--- /dev/null
+++ b/okta/docs/EmailSettings.md
@@ -0,0 +1,51 @@
+# EmailSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Recipients** | **string** |  | 
+
+## Methods
+
+### NewEmailSettings
+
+`func NewEmailSettings(recipients string, ) *EmailSettings`
+
+NewEmailSettings instantiates a new EmailSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailSettingsWithDefaults
+
+`func NewEmailSettingsWithDefaults() *EmailSettings`
+
+NewEmailSettingsWithDefaults instantiates a new EmailSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRecipients
+
+`func (o *EmailSettings) GetRecipients() string`
+
+GetRecipients returns the Recipients field if non-nil, zero value otherwise.
+
+### GetRecipientsOk
+
+`func (o *EmailSettings) GetRecipientsOk() (*string, bool)`
+
+GetRecipientsOk returns a tuple with the Recipients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecipients
+
+`func (o *EmailSettings) SetRecipients(v string)`
+
+SetRecipients sets Recipients field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailTemplate.md b/okta/docs/EmailTemplate.md
new file mode 100644
index 000000000..63cd522e4
--- /dev/null
+++ b/okta/docs/EmailTemplate.md
@@ -0,0 +1,108 @@
+# EmailTemplate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Name** | Pointer to **string** | The name of this email template. | [optional] [readonly] 
+**Embedded** | Pointer to [**EmailTemplateEmbedded**](EmailTemplateEmbedded.md) |  | [optional] 
+**Links** | Pointer to [**EmailTemplateLinks**](EmailTemplateLinks.md) |  | [optional] 
+
+## Methods
+
+### NewEmailTemplate
+
+`func NewEmailTemplate() *EmailTemplate`
+
+NewEmailTemplate instantiates a new EmailTemplate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailTemplateWithDefaults
+
+`func NewEmailTemplateWithDefaults() *EmailTemplate`
+
+NewEmailTemplateWithDefaults instantiates a new EmailTemplate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetName
+
+`func (o *EmailTemplate) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *EmailTemplate) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *EmailTemplate) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *EmailTemplate) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *EmailTemplate) GetEmbedded() EmailTemplateEmbedded`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *EmailTemplate) GetEmbeddedOk() (*EmailTemplateEmbedded, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *EmailTemplate) SetEmbedded(v EmailTemplateEmbedded)`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *EmailTemplate) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *EmailTemplate) GetLinks() EmailTemplateLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *EmailTemplate) GetLinksOk() (*EmailTemplateLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *EmailTemplate) SetLinks(v EmailTemplateLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *EmailTemplate) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailTemplateEmbedded.md b/okta/docs/EmailTemplateEmbedded.md
new file mode 100644
index 000000000..14e311e22
--- /dev/null
+++ b/okta/docs/EmailTemplateEmbedded.md
@@ -0,0 +1,82 @@
+# EmailTemplateEmbedded
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**EmailSettings**](EmailSettings.md) |  | [optional] 
+**CustomizationCount** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewEmailTemplateEmbedded
+
+`func NewEmailTemplateEmbedded() *EmailTemplateEmbedded`
+
+NewEmailTemplateEmbedded instantiates a new EmailTemplateEmbedded object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailTemplateEmbeddedWithDefaults
+
+`func NewEmailTemplateEmbeddedWithDefaults() *EmailTemplateEmbedded`
+
+NewEmailTemplateEmbeddedWithDefaults instantiates a new EmailTemplateEmbedded object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *EmailTemplateEmbedded) GetSettings() EmailSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *EmailTemplateEmbedded) GetSettingsOk() (*EmailSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *EmailTemplateEmbedded) SetSettings(v EmailSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *EmailTemplateEmbedded) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+### GetCustomizationCount
+
+`func (o *EmailTemplateEmbedded) GetCustomizationCount() int32`
+
+GetCustomizationCount returns the CustomizationCount field if non-nil, zero value otherwise.
+
+### GetCustomizationCountOk
+
+`func (o *EmailTemplateEmbedded) GetCustomizationCountOk() (*int32, bool)`
+
+GetCustomizationCountOk returns a tuple with the CustomizationCount field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomizationCount
+
+`func (o *EmailTemplateEmbedded) SetCustomizationCount(v int32)`
+
+SetCustomizationCount sets CustomizationCount field to given value.
+
+### HasCustomizationCount
+
+`func (o *EmailTemplateEmbedded) HasCustomizationCount() bool`
+
+HasCustomizationCount returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailTemplateLinks.md b/okta/docs/EmailTemplateLinks.md
new file mode 100644
index 000000000..bb71bdda8
--- /dev/null
+++ b/okta/docs/EmailTemplateLinks.md
@@ -0,0 +1,160 @@
+# EmailTemplateLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Settings** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**DefaultContent** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Customizations** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Test** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewEmailTemplateLinks
+
+`func NewEmailTemplateLinks() *EmailTemplateLinks`
+
+NewEmailTemplateLinks instantiates a new EmailTemplateLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailTemplateLinksWithDefaults
+
+`func NewEmailTemplateLinksWithDefaults() *EmailTemplateLinks`
+
+NewEmailTemplateLinksWithDefaults instantiates a new EmailTemplateLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *EmailTemplateLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *EmailTemplateLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *EmailTemplateLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *EmailTemplateLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *EmailTemplateLinks) GetSettings() HrefObject`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *EmailTemplateLinks) GetSettingsOk() (*HrefObject, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *EmailTemplateLinks) SetSettings(v HrefObject)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *EmailTemplateLinks) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+### GetDefaultContent
+
+`func (o *EmailTemplateLinks) GetDefaultContent() HrefObject`
+
+GetDefaultContent returns the DefaultContent field if non-nil, zero value otherwise.
+
+### GetDefaultContentOk
+
+`func (o *EmailTemplateLinks) GetDefaultContentOk() (*HrefObject, bool)`
+
+GetDefaultContentOk returns a tuple with the DefaultContent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultContent
+
+`func (o *EmailTemplateLinks) SetDefaultContent(v HrefObject)`
+
+SetDefaultContent sets DefaultContent field to given value.
+
+### HasDefaultContent
+
+`func (o *EmailTemplateLinks) HasDefaultContent() bool`
+
+HasDefaultContent returns a boolean if a field has been set.
+
+### GetCustomizations
+
+`func (o *EmailTemplateLinks) GetCustomizations() HrefObject`
+
+GetCustomizations returns the Customizations field if non-nil, zero value otherwise.
+
+### GetCustomizationsOk
+
+`func (o *EmailTemplateLinks) GetCustomizationsOk() (*HrefObject, bool)`
+
+GetCustomizationsOk returns a tuple with the Customizations field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomizations
+
+`func (o *EmailTemplateLinks) SetCustomizations(v HrefObject)`
+
+SetCustomizations sets Customizations field to given value.
+
+### HasCustomizations
+
+`func (o *EmailTemplateLinks) HasCustomizations() bool`
+
+HasCustomizations returns a boolean if a field has been set.
+
+### GetTest
+
+`func (o *EmailTemplateLinks) GetTest() HrefObject`
+
+GetTest returns the Test field if non-nil, zero value otherwise.
+
+### GetTestOk
+
+`func (o *EmailTemplateLinks) GetTestOk() (*HrefObject, bool)`
+
+GetTestOk returns a tuple with the Test field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTest
+
+`func (o *EmailTemplateLinks) SetTest(v HrefObject)`
+
+SetTest sets Test field to given value.
+
+### HasTest
+
+`func (o *EmailTemplateLinks) HasTest() bool`
+
+HasTest returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailTemplateTouchPointVariant.md b/okta/docs/EmailTemplateTouchPointVariant.md
new file mode 100644
index 000000000..74821a6bc
--- /dev/null
+++ b/okta/docs/EmailTemplateTouchPointVariant.md
@@ -0,0 +1,13 @@
+# EmailTemplateTouchPointVariant
+
+## Enum
+
+
+* `FULL_THEME` (value: `"FULL_THEME"`)
+
+* `OKTA_DEFAULT` (value: `"OKTA_DEFAULT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailUserFactor.md b/okta/docs/EmailUserFactor.md
new file mode 100644
index 000000000..0ef1e6665
--- /dev/null
+++ b/okta/docs/EmailUserFactor.md
@@ -0,0 +1,56 @@
+# EmailUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**EmailUserFactorProfile**](EmailUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewEmailUserFactor
+
+`func NewEmailUserFactor() *EmailUserFactor`
+
+NewEmailUserFactor instantiates a new EmailUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailUserFactorWithDefaults
+
+`func NewEmailUserFactorWithDefaults() *EmailUserFactor`
+
+NewEmailUserFactorWithDefaults instantiates a new EmailUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *EmailUserFactor) GetProfile() EmailUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *EmailUserFactor) GetProfileOk() (*EmailUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *EmailUserFactor) SetProfile(v EmailUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *EmailUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailUserFactorAllOf.md b/okta/docs/EmailUserFactorAllOf.md
new file mode 100644
index 000000000..566357ea3
--- /dev/null
+++ b/okta/docs/EmailUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# EmailUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**EmailUserFactorProfile**](EmailUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewEmailUserFactorAllOf
+
+`func NewEmailUserFactorAllOf() *EmailUserFactorAllOf`
+
+NewEmailUserFactorAllOf instantiates a new EmailUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailUserFactorAllOfWithDefaults
+
+`func NewEmailUserFactorAllOfWithDefaults() *EmailUserFactorAllOf`
+
+NewEmailUserFactorAllOfWithDefaults instantiates a new EmailUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *EmailUserFactorAllOf) GetProfile() EmailUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *EmailUserFactorAllOf) GetProfileOk() (*EmailUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *EmailUserFactorAllOf) SetProfile(v EmailUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *EmailUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EmailUserFactorProfile.md b/okta/docs/EmailUserFactorProfile.md
new file mode 100644
index 000000000..42efa666d
--- /dev/null
+++ b/okta/docs/EmailUserFactorProfile.md
@@ -0,0 +1,56 @@
+# EmailUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Email** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewEmailUserFactorProfile
+
+`func NewEmailUserFactorProfile() *EmailUserFactorProfile`
+
+NewEmailUserFactorProfile instantiates a new EmailUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEmailUserFactorProfileWithDefaults
+
+`func NewEmailUserFactorProfileWithDefaults() *EmailUserFactorProfile`
+
+NewEmailUserFactorProfileWithDefaults instantiates a new EmailUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEmail
+
+`func (o *EmailUserFactorProfile) GetEmail() string`
+
+GetEmail returns the Email field if non-nil, zero value otherwise.
+
+### GetEmailOk
+
+`func (o *EmailUserFactorProfile) GetEmailOk() (*string, bool)`
+
+GetEmailOk returns a tuple with the Email field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmail
+
+`func (o *EmailUserFactorProfile) SetEmail(v string)`
+
+SetEmail sets Email field to given value.
+
+### HasEmail
+
+`func (o *EmailUserFactorProfile) HasEmail() bool`
+
+HasEmail returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EnabledStatus.md b/okta/docs/EnabledStatus.md
new file mode 100644
index 000000000..48c64c3aa
--- /dev/null
+++ b/okta/docs/EnabledStatus.md
@@ -0,0 +1,13 @@
+# EnabledStatus
+
+## Enum
+
+
+* `DISABLED` (value: `"DISABLED"`)
+
+* `ENABLED` (value: `"ENABLED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EndUserDashboardTouchPointVariant.md b/okta/docs/EndUserDashboardTouchPointVariant.md
new file mode 100644
index 000000000..ab6e07e6c
--- /dev/null
+++ b/okta/docs/EndUserDashboardTouchPointVariant.md
@@ -0,0 +1,17 @@
+# EndUserDashboardTouchPointVariant
+
+## Enum
+
+
+* `FULL_THEME` (value: `"FULL_THEME"`)
+
+* `LOGO_ON_FULL_WHITE_BACKGROUND` (value: `"LOGO_ON_FULL_WHITE_BACKGROUND"`)
+
+* `OKTA_DEFAULT` (value: `"OKTA_DEFAULT"`)
+
+* `WHITE_LOGO_BACKGROUND` (value: `"WHITE_LOGO_BACKGROUND"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Error.md b/okta/docs/Error.md
new file mode 100644
index 000000000..38ccbf757
--- /dev/null
+++ b/okta/docs/Error.md
@@ -0,0 +1,160 @@
+# Error
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ErrorCauses** | Pointer to [**[]ErrorErrorCausesInner**](ErrorErrorCausesInner.md) |  | [optional] 
+**ErrorCode** | Pointer to **string** | An Okta code for this type of error | [optional] 
+**ErrorId** | Pointer to **string** | A unique identifier for this error. This can be used by Okta Support to help with troubleshooting. | [optional] 
+**ErrorLink** | Pointer to **string** | An Okta code for this type of error | [optional] 
+**ErrorSummary** | Pointer to **string** | A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error. | [optional] 
+
+## Methods
+
+### NewError
+
+`func NewError() *Error`
+
+NewError instantiates a new Error object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewErrorWithDefaults
+
+`func NewErrorWithDefaults() *Error`
+
+NewErrorWithDefaults instantiates a new Error object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetErrorCauses
+
+`func (o *Error) GetErrorCauses() []ErrorErrorCausesInner`
+
+GetErrorCauses returns the ErrorCauses field if non-nil, zero value otherwise.
+
+### GetErrorCausesOk
+
+`func (o *Error) GetErrorCausesOk() (*[]ErrorErrorCausesInner, bool)`
+
+GetErrorCausesOk returns a tuple with the ErrorCauses field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorCauses
+
+`func (o *Error) SetErrorCauses(v []ErrorErrorCausesInner)`
+
+SetErrorCauses sets ErrorCauses field to given value.
+
+### HasErrorCauses
+
+`func (o *Error) HasErrorCauses() bool`
+
+HasErrorCauses returns a boolean if a field has been set.
+
+### GetErrorCode
+
+`func (o *Error) GetErrorCode() string`
+
+GetErrorCode returns the ErrorCode field if non-nil, zero value otherwise.
+
+### GetErrorCodeOk
+
+`func (o *Error) GetErrorCodeOk() (*string, bool)`
+
+GetErrorCodeOk returns a tuple with the ErrorCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorCode
+
+`func (o *Error) SetErrorCode(v string)`
+
+SetErrorCode sets ErrorCode field to given value.
+
+### HasErrorCode
+
+`func (o *Error) HasErrorCode() bool`
+
+HasErrorCode returns a boolean if a field has been set.
+
+### GetErrorId
+
+`func (o *Error) GetErrorId() string`
+
+GetErrorId returns the ErrorId field if non-nil, zero value otherwise.
+
+### GetErrorIdOk
+
+`func (o *Error) GetErrorIdOk() (*string, bool)`
+
+GetErrorIdOk returns a tuple with the ErrorId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorId
+
+`func (o *Error) SetErrorId(v string)`
+
+SetErrorId sets ErrorId field to given value.
+
+### HasErrorId
+
+`func (o *Error) HasErrorId() bool`
+
+HasErrorId returns a boolean if a field has been set.
+
+### GetErrorLink
+
+`func (o *Error) GetErrorLink() string`
+
+GetErrorLink returns the ErrorLink field if non-nil, zero value otherwise.
+
+### GetErrorLinkOk
+
+`func (o *Error) GetErrorLinkOk() (*string, bool)`
+
+GetErrorLinkOk returns a tuple with the ErrorLink field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorLink
+
+`func (o *Error) SetErrorLink(v string)`
+
+SetErrorLink sets ErrorLink field to given value.
+
+### HasErrorLink
+
+`func (o *Error) HasErrorLink() bool`
+
+HasErrorLink returns a boolean if a field has been set.
+
+### GetErrorSummary
+
+`func (o *Error) GetErrorSummary() string`
+
+GetErrorSummary returns the ErrorSummary field if non-nil, zero value otherwise.
+
+### GetErrorSummaryOk
+
+`func (o *Error) GetErrorSummaryOk() (*string, bool)`
+
+GetErrorSummaryOk returns a tuple with the ErrorSummary field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorSummary
+
+`func (o *Error) SetErrorSummary(v string)`
+
+SetErrorSummary sets ErrorSummary field to given value.
+
+### HasErrorSummary
+
+`func (o *Error) HasErrorSummary() bool`
+
+HasErrorSummary returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ErrorErrorCausesInner.md b/okta/docs/ErrorErrorCausesInner.md
new file mode 100644
index 000000000..7cb2e64ed
--- /dev/null
+++ b/okta/docs/ErrorErrorCausesInner.md
@@ -0,0 +1,56 @@
+# ErrorErrorCausesInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ErrorSummary** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewErrorErrorCausesInner
+
+`func NewErrorErrorCausesInner() *ErrorErrorCausesInner`
+
+NewErrorErrorCausesInner instantiates a new ErrorErrorCausesInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewErrorErrorCausesInnerWithDefaults
+
+`func NewErrorErrorCausesInnerWithDefaults() *ErrorErrorCausesInner`
+
+NewErrorErrorCausesInnerWithDefaults instantiates a new ErrorErrorCausesInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetErrorSummary
+
+`func (o *ErrorErrorCausesInner) GetErrorSummary() string`
+
+GetErrorSummary returns the ErrorSummary field if non-nil, zero value otherwise.
+
+### GetErrorSummaryOk
+
+`func (o *ErrorErrorCausesInner) GetErrorSummaryOk() (*string, bool)`
+
+GetErrorSummaryOk returns a tuple with the ErrorSummary field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorSummary
+
+`func (o *ErrorErrorCausesInner) SetErrorSummary(v string)`
+
+SetErrorSummary sets ErrorSummary field to given value.
+
+### HasErrorSummary
+
+`func (o *ErrorErrorCausesInner) HasErrorSummary() bool`
+
+HasErrorSummary returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ErrorPageTouchPointVariant.md b/okta/docs/ErrorPageTouchPointVariant.md
new file mode 100644
index 000000000..8b277f046
--- /dev/null
+++ b/okta/docs/ErrorPageTouchPointVariant.md
@@ -0,0 +1,15 @@
+# ErrorPageTouchPointVariant
+
+## Enum
+
+
+* `BACKGROUND_IMAGE` (value: `"BACKGROUND_IMAGE"`)
+
+* `BACKGROUND_SECONDARY_COLOR` (value: `"BACKGROUND_SECONDARY_COLOR"`)
+
+* `OKTA_DEFAULT` (value: `"OKTA_DEFAULT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHook.md b/okta/docs/EventHook.md
new file mode 100644
index 000000000..ff6624699
--- /dev/null
+++ b/okta/docs/EventHook.md
@@ -0,0 +1,290 @@
+# EventHook
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Channel** | Pointer to [**EventHookChannel**](EventHookChannel.md) |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**CreatedBy** | Pointer to **string** |  | [optional] 
+**Events** | Pointer to [**EventSubscriptions**](EventSubscriptions.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**VerificationStatus** | Pointer to [**EventHookVerificationStatus**](EventHookVerificationStatus.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewEventHook
+
+`func NewEventHook() *EventHook`
+
+NewEventHook instantiates a new EventHook object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEventHookWithDefaults
+
+`func NewEventHookWithDefaults() *EventHook`
+
+NewEventHookWithDefaults instantiates a new EventHook object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetChannel
+
+`func (o *EventHook) GetChannel() EventHookChannel`
+
+GetChannel returns the Channel field if non-nil, zero value otherwise.
+
+### GetChannelOk
+
+`func (o *EventHook) GetChannelOk() (*EventHookChannel, bool)`
+
+GetChannelOk returns a tuple with the Channel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChannel
+
+`func (o *EventHook) SetChannel(v EventHookChannel)`
+
+SetChannel sets Channel field to given value.
+
+### HasChannel
+
+`func (o *EventHook) HasChannel() bool`
+
+HasChannel returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *EventHook) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *EventHook) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *EventHook) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *EventHook) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCreatedBy
+
+`func (o *EventHook) GetCreatedBy() string`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *EventHook) GetCreatedByOk() (*string, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *EventHook) SetCreatedBy(v string)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *EventHook) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetEvents
+
+`func (o *EventHook) GetEvents() EventSubscriptions`
+
+GetEvents returns the Events field if non-nil, zero value otherwise.
+
+### GetEventsOk
+
+`func (o *EventHook) GetEventsOk() (*EventSubscriptions, bool)`
+
+GetEventsOk returns a tuple with the Events field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEvents
+
+`func (o *EventHook) SetEvents(v EventSubscriptions)`
+
+SetEvents sets Events field to given value.
+
+### HasEvents
+
+`func (o *EventHook) HasEvents() bool`
+
+HasEvents returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *EventHook) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *EventHook) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *EventHook) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *EventHook) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *EventHook) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *EventHook) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *EventHook) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *EventHook) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *EventHook) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *EventHook) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *EventHook) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *EventHook) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *EventHook) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *EventHook) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *EventHook) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *EventHook) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetVerificationStatus
+
+`func (o *EventHook) GetVerificationStatus() EventHookVerificationStatus`
+
+GetVerificationStatus returns the VerificationStatus field if non-nil, zero value otherwise.
+
+### GetVerificationStatusOk
+
+`func (o *EventHook) GetVerificationStatusOk() (*EventHookVerificationStatus, bool)`
+
+GetVerificationStatusOk returns a tuple with the VerificationStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerificationStatus
+
+`func (o *EventHook) SetVerificationStatus(v EventHookVerificationStatus)`
+
+SetVerificationStatus sets VerificationStatus field to given value.
+
+### HasVerificationStatus
+
+`func (o *EventHook) HasVerificationStatus() bool`
+
+HasVerificationStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *EventHook) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *EventHook) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *EventHook) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *EventHook) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHookApi.md b/okta/docs/EventHookApi.md
new file mode 100644
index 000000000..755e75410
--- /dev/null
+++ b/okta/docs/EventHookApi.md
@@ -0,0 +1,563 @@
+# \EventHookApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateEventHook**](EventHookApi.md#ActivateEventHook) | **Post** /api/v1/eventHooks/{eventHookId}/lifecycle/activate | Activate an Event Hook
+[**CreateEventHook**](EventHookApi.md#CreateEventHook) | **Post** /api/v1/eventHooks | Create an Event Hook
+[**DeactivateEventHook**](EventHookApi.md#DeactivateEventHook) | **Post** /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate | Deactivate an Event Hook
+[**DeleteEventHook**](EventHookApi.md#DeleteEventHook) | **Delete** /api/v1/eventHooks/{eventHookId} | Delete an Event Hook
+[**GetEventHook**](EventHookApi.md#GetEventHook) | **Get** /api/v1/eventHooks/{eventHookId} | Retrieve an Event Hook
+[**ListEventHooks**](EventHookApi.md#ListEventHooks) | **Get** /api/v1/eventHooks | List all Event Hooks
+[**ReplaceEventHook**](EventHookApi.md#ReplaceEventHook) | **Put** /api/v1/eventHooks/{eventHookId} | Replace an Event Hook
+[**VerifyEventHook**](EventHookApi.md#VerifyEventHook) | **Post** /api/v1/eventHooks/{eventHookId}/lifecycle/verify | Verify an Event Hook
+
+
+
+## ActivateEventHook
+
+> EventHook ActivateEventHook(ctx, eventHookId).Execute()
+
+Activate an Event Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    eventHookId := "eventHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.ActivateEventHook(context.Background(), eventHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.ActivateEventHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateEventHook`: EventHook
+    fmt.Fprintf(os.Stdout, "Response from `EventHookApi.ActivateEventHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**eventHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateEventHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**EventHook**](EventHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateEventHook
+
+> EventHook CreateEventHook(ctx).EventHook(eventHook).Execute()
+
+Create an Event Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    eventHook := *openapiclient.NewEventHook() // EventHook | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.CreateEventHook(context.Background()).EventHook(eventHook).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.CreateEventHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateEventHook`: EventHook
+    fmt.Fprintf(os.Stdout, "Response from `EventHookApi.CreateEventHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateEventHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **eventHook** | [**EventHook**](EventHook.md) |  | 
+
+### Return type
+
+[**EventHook**](EventHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateEventHook
+
+> EventHook DeactivateEventHook(ctx, eventHookId).Execute()
+
+Deactivate an Event Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    eventHookId := "eventHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.DeactivateEventHook(context.Background(), eventHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.DeactivateEventHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateEventHook`: EventHook
+    fmt.Fprintf(os.Stdout, "Response from `EventHookApi.DeactivateEventHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**eventHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateEventHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**EventHook**](EventHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteEventHook
+
+> DeleteEventHook(ctx, eventHookId).Execute()
+
+Delete an Event Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    eventHookId := "eventHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.DeleteEventHook(context.Background(), eventHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.DeleteEventHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**eventHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteEventHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetEventHook
+
+> EventHook GetEventHook(ctx, eventHookId).Execute()
+
+Retrieve an Event Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    eventHookId := "eventHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.GetEventHook(context.Background(), eventHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.GetEventHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetEventHook`: EventHook
+    fmt.Fprintf(os.Stdout, "Response from `EventHookApi.GetEventHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**eventHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetEventHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**EventHook**](EventHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListEventHooks
+
+> []EventHook ListEventHooks(ctx).Execute()
+
+List all Event Hooks
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.ListEventHooks(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.ListEventHooks``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListEventHooks`: []EventHook
+    fmt.Fprintf(os.Stdout, "Response from `EventHookApi.ListEventHooks`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListEventHooksRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]EventHook**](EventHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceEventHook
+
+> EventHook ReplaceEventHook(ctx, eventHookId).EventHook(eventHook).Execute()
+
+Replace an Event Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    eventHookId := "eventHookId_example" // string | 
+    eventHook := *openapiclient.NewEventHook() // EventHook | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.ReplaceEventHook(context.Background(), eventHookId).EventHook(eventHook).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.ReplaceEventHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceEventHook`: EventHook
+    fmt.Fprintf(os.Stdout, "Response from `EventHookApi.ReplaceEventHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**eventHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceEventHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **eventHook** | [**EventHook**](EventHook.md) |  | 
+
+### Return type
+
+[**EventHook**](EventHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## VerifyEventHook
+
+> EventHook VerifyEventHook(ctx, eventHookId).Execute()
+
+Verify an Event Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    eventHookId := "eventHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.EventHookApi.VerifyEventHook(context.Background(), eventHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `EventHookApi.VerifyEventHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `VerifyEventHook`: EventHook
+    fmt.Fprintf(os.Stdout, "Response from `EventHookApi.VerifyEventHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**eventHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiVerifyEventHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**EventHook**](EventHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/EventHookChannel.md b/okta/docs/EventHookChannel.md
new file mode 100644
index 000000000..e1dbbc2f3
--- /dev/null
+++ b/okta/docs/EventHookChannel.md
@@ -0,0 +1,108 @@
+# EventHookChannel
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Config** | Pointer to [**EventHookChannelConfig**](EventHookChannelConfig.md) |  | [optional] 
+**Type** | Pointer to [**EventHookChannelType**](EventHookChannelType.md) |  | [optional] 
+**Version** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewEventHookChannel
+
+`func NewEventHookChannel() *EventHookChannel`
+
+NewEventHookChannel instantiates a new EventHookChannel object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEventHookChannelWithDefaults
+
+`func NewEventHookChannelWithDefaults() *EventHookChannel`
+
+NewEventHookChannelWithDefaults instantiates a new EventHookChannel object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfig
+
+`func (o *EventHookChannel) GetConfig() EventHookChannelConfig`
+
+GetConfig returns the Config field if non-nil, zero value otherwise.
+
+### GetConfigOk
+
+`func (o *EventHookChannel) GetConfigOk() (*EventHookChannelConfig, bool)`
+
+GetConfigOk returns a tuple with the Config field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfig
+
+`func (o *EventHookChannel) SetConfig(v EventHookChannelConfig)`
+
+SetConfig sets Config field to given value.
+
+### HasConfig
+
+`func (o *EventHookChannel) HasConfig() bool`
+
+HasConfig returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *EventHookChannel) GetType() EventHookChannelType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *EventHookChannel) GetTypeOk() (*EventHookChannelType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *EventHookChannel) SetType(v EventHookChannelType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *EventHookChannel) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *EventHookChannel) GetVersion() string`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *EventHookChannel) GetVersionOk() (*string, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *EventHookChannel) SetVersion(v string)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *EventHookChannel) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHookChannelConfig.md b/okta/docs/EventHookChannelConfig.md
new file mode 100644
index 000000000..17f0ddab0
--- /dev/null
+++ b/okta/docs/EventHookChannelConfig.md
@@ -0,0 +1,108 @@
+# EventHookChannelConfig
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthScheme** | Pointer to [**EventHookChannelConfigAuthScheme**](EventHookChannelConfigAuthScheme.md) |  | [optional] 
+**Headers** | Pointer to [**[]EventHookChannelConfigHeader**](EventHookChannelConfigHeader.md) |  | [optional] 
+**Uri** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewEventHookChannelConfig
+
+`func NewEventHookChannelConfig() *EventHookChannelConfig`
+
+NewEventHookChannelConfig instantiates a new EventHookChannelConfig object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEventHookChannelConfigWithDefaults
+
+`func NewEventHookChannelConfigWithDefaults() *EventHookChannelConfig`
+
+NewEventHookChannelConfigWithDefaults instantiates a new EventHookChannelConfig object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthScheme
+
+`func (o *EventHookChannelConfig) GetAuthScheme() EventHookChannelConfigAuthScheme`
+
+GetAuthScheme returns the AuthScheme field if non-nil, zero value otherwise.
+
+### GetAuthSchemeOk
+
+`func (o *EventHookChannelConfig) GetAuthSchemeOk() (*EventHookChannelConfigAuthScheme, bool)`
+
+GetAuthSchemeOk returns a tuple with the AuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthScheme
+
+`func (o *EventHookChannelConfig) SetAuthScheme(v EventHookChannelConfigAuthScheme)`
+
+SetAuthScheme sets AuthScheme field to given value.
+
+### HasAuthScheme
+
+`func (o *EventHookChannelConfig) HasAuthScheme() bool`
+
+HasAuthScheme returns a boolean if a field has been set.
+
+### GetHeaders
+
+`func (o *EventHookChannelConfig) GetHeaders() []EventHookChannelConfigHeader`
+
+GetHeaders returns the Headers field if non-nil, zero value otherwise.
+
+### GetHeadersOk
+
+`func (o *EventHookChannelConfig) GetHeadersOk() (*[]EventHookChannelConfigHeader, bool)`
+
+GetHeadersOk returns a tuple with the Headers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHeaders
+
+`func (o *EventHookChannelConfig) SetHeaders(v []EventHookChannelConfigHeader)`
+
+SetHeaders sets Headers field to given value.
+
+### HasHeaders
+
+`func (o *EventHookChannelConfig) HasHeaders() bool`
+
+HasHeaders returns a boolean if a field has been set.
+
+### GetUri
+
+`func (o *EventHookChannelConfig) GetUri() string`
+
+GetUri returns the Uri field if non-nil, zero value otherwise.
+
+### GetUriOk
+
+`func (o *EventHookChannelConfig) GetUriOk() (*string, bool)`
+
+GetUriOk returns a tuple with the Uri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUri
+
+`func (o *EventHookChannelConfig) SetUri(v string)`
+
+SetUri sets Uri field to given value.
+
+### HasUri
+
+`func (o *EventHookChannelConfig) HasUri() bool`
+
+HasUri returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHookChannelConfigAuthScheme.md b/okta/docs/EventHookChannelConfigAuthScheme.md
new file mode 100644
index 000000000..d297282c6
--- /dev/null
+++ b/okta/docs/EventHookChannelConfigAuthScheme.md
@@ -0,0 +1,108 @@
+# EventHookChannelConfigAuthScheme
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Key** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**EventHookChannelConfigAuthSchemeType**](EventHookChannelConfigAuthSchemeType.md) |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewEventHookChannelConfigAuthScheme
+
+`func NewEventHookChannelConfigAuthScheme() *EventHookChannelConfigAuthScheme`
+
+NewEventHookChannelConfigAuthScheme instantiates a new EventHookChannelConfigAuthScheme object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEventHookChannelConfigAuthSchemeWithDefaults
+
+`func NewEventHookChannelConfigAuthSchemeWithDefaults() *EventHookChannelConfigAuthScheme`
+
+NewEventHookChannelConfigAuthSchemeWithDefaults instantiates a new EventHookChannelConfigAuthScheme object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKey
+
+`func (o *EventHookChannelConfigAuthScheme) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *EventHookChannelConfigAuthScheme) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *EventHookChannelConfigAuthScheme) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *EventHookChannelConfigAuthScheme) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *EventHookChannelConfigAuthScheme) GetType() EventHookChannelConfigAuthSchemeType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *EventHookChannelConfigAuthScheme) GetTypeOk() (*EventHookChannelConfigAuthSchemeType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *EventHookChannelConfigAuthScheme) SetType(v EventHookChannelConfigAuthSchemeType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *EventHookChannelConfigAuthScheme) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *EventHookChannelConfigAuthScheme) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *EventHookChannelConfigAuthScheme) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *EventHookChannelConfigAuthScheme) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *EventHookChannelConfigAuthScheme) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHookChannelConfigAuthSchemeType.md b/okta/docs/EventHookChannelConfigAuthSchemeType.md
new file mode 100644
index 000000000..a184c6075
--- /dev/null
+++ b/okta/docs/EventHookChannelConfigAuthSchemeType.md
@@ -0,0 +1,11 @@
+# EventHookChannelConfigAuthSchemeType
+
+## Enum
+
+
+* `HEADER` (value: `"HEADER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHookChannelConfigHeader.md b/okta/docs/EventHookChannelConfigHeader.md
new file mode 100644
index 000000000..494946859
--- /dev/null
+++ b/okta/docs/EventHookChannelConfigHeader.md
@@ -0,0 +1,82 @@
+# EventHookChannelConfigHeader
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Key** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewEventHookChannelConfigHeader
+
+`func NewEventHookChannelConfigHeader() *EventHookChannelConfigHeader`
+
+NewEventHookChannelConfigHeader instantiates a new EventHookChannelConfigHeader object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEventHookChannelConfigHeaderWithDefaults
+
+`func NewEventHookChannelConfigHeaderWithDefaults() *EventHookChannelConfigHeader`
+
+NewEventHookChannelConfigHeaderWithDefaults instantiates a new EventHookChannelConfigHeader object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKey
+
+`func (o *EventHookChannelConfigHeader) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *EventHookChannelConfigHeader) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *EventHookChannelConfigHeader) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *EventHookChannelConfigHeader) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *EventHookChannelConfigHeader) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *EventHookChannelConfigHeader) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *EventHookChannelConfigHeader) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *EventHookChannelConfigHeader) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHookChannelType.md b/okta/docs/EventHookChannelType.md
new file mode 100644
index 000000000..578f8a8d0
--- /dev/null
+++ b/okta/docs/EventHookChannelType.md
@@ -0,0 +1,11 @@
+# EventHookChannelType
+
+## Enum
+
+
+* `HTTP` (value: `"HTTP"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventHookVerificationStatus.md b/okta/docs/EventHookVerificationStatus.md
new file mode 100644
index 000000000..56377e589
--- /dev/null
+++ b/okta/docs/EventHookVerificationStatus.md
@@ -0,0 +1,13 @@
+# EventHookVerificationStatus
+
+## Enum
+
+
+* `UNVERIFIED` (value: `"UNVERIFIED"`)
+
+* `VERIFIED` (value: `"VERIFIED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventSubscriptionType.md b/okta/docs/EventSubscriptionType.md
new file mode 100644
index 000000000..601b39c9b
--- /dev/null
+++ b/okta/docs/EventSubscriptionType.md
@@ -0,0 +1,13 @@
+# EventSubscriptionType
+
+## Enum
+
+
+* `EVENT_TYPE` (value: `"EVENT_TYPE"`)
+
+* `FLOW_EVENT` (value: `"FLOW_EVENT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/EventSubscriptions.md b/okta/docs/EventSubscriptions.md
new file mode 100644
index 000000000..00512c3e2
--- /dev/null
+++ b/okta/docs/EventSubscriptions.md
@@ -0,0 +1,82 @@
+# EventSubscriptions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Items** | Pointer to **[]string** |  | [optional] 
+**Type** | Pointer to [**EventSubscriptionType**](EventSubscriptionType.md) |  | [optional] 
+
+## Methods
+
+### NewEventSubscriptions
+
+`func NewEventSubscriptions() *EventSubscriptions`
+
+NewEventSubscriptions instantiates a new EventSubscriptions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewEventSubscriptionsWithDefaults
+
+`func NewEventSubscriptionsWithDefaults() *EventSubscriptions`
+
+NewEventSubscriptionsWithDefaults instantiates a new EventSubscriptions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetItems
+
+`func (o *EventSubscriptions) GetItems() []string`
+
+GetItems returns the Items field if non-nil, zero value otherwise.
+
+### GetItemsOk
+
+`func (o *EventSubscriptions) GetItemsOk() (*[]string, bool)`
+
+GetItemsOk returns a tuple with the Items field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetItems
+
+`func (o *EventSubscriptions) SetItems(v []string)`
+
+SetItems sets Items field to given value.
+
+### HasItems
+
+`func (o *EventSubscriptions) HasItems() bool`
+
+HasItems returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *EventSubscriptions) GetType() EventSubscriptionType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *EventSubscriptions) GetTypeOk() (*EventSubscriptionType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *EventSubscriptions) SetType(v EventSubscriptionType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *EventSubscriptions) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FCMConfiguration.md b/okta/docs/FCMConfiguration.md
new file mode 100644
index 000000000..718308e21
--- /dev/null
+++ b/okta/docs/FCMConfiguration.md
@@ -0,0 +1,108 @@
+# FCMConfiguration
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**FileName** | Pointer to **string** | (Optional) File name for Admin Console display | [optional] 
+**ProjectId** | Pointer to **string** | Project ID of FCM configuration | [optional] [readonly] 
+**ServiceAccountJson** | Pointer to **map[string]interface{}** | JSON containing the private service account key and service account details. See [Creating and managing service account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) for more information on creating service account keys in JSON. | [optional] 
+
+## Methods
+
+### NewFCMConfiguration
+
+`func NewFCMConfiguration() *FCMConfiguration`
+
+NewFCMConfiguration instantiates a new FCMConfiguration object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewFCMConfigurationWithDefaults
+
+`func NewFCMConfigurationWithDefaults() *FCMConfiguration`
+
+NewFCMConfigurationWithDefaults instantiates a new FCMConfiguration object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFileName
+
+`func (o *FCMConfiguration) GetFileName() string`
+
+GetFileName returns the FileName field if non-nil, zero value otherwise.
+
+### GetFileNameOk
+
+`func (o *FCMConfiguration) GetFileNameOk() (*string, bool)`
+
+GetFileNameOk returns a tuple with the FileName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFileName
+
+`func (o *FCMConfiguration) SetFileName(v string)`
+
+SetFileName sets FileName field to given value.
+
+### HasFileName
+
+`func (o *FCMConfiguration) HasFileName() bool`
+
+HasFileName returns a boolean if a field has been set.
+
+### GetProjectId
+
+`func (o *FCMConfiguration) GetProjectId() string`
+
+GetProjectId returns the ProjectId field if non-nil, zero value otherwise.
+
+### GetProjectIdOk
+
+`func (o *FCMConfiguration) GetProjectIdOk() (*string, bool)`
+
+GetProjectIdOk returns a tuple with the ProjectId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProjectId
+
+`func (o *FCMConfiguration) SetProjectId(v string)`
+
+SetProjectId sets ProjectId field to given value.
+
+### HasProjectId
+
+`func (o *FCMConfiguration) HasProjectId() bool`
+
+HasProjectId returns a boolean if a field has been set.
+
+### GetServiceAccountJson
+
+`func (o *FCMConfiguration) GetServiceAccountJson() map[string]interface{}`
+
+GetServiceAccountJson returns the ServiceAccountJson field if non-nil, zero value otherwise.
+
+### GetServiceAccountJsonOk
+
+`func (o *FCMConfiguration) GetServiceAccountJsonOk() (*map[string]interface{}, bool)`
+
+GetServiceAccountJsonOk returns a tuple with the ServiceAccountJson field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetServiceAccountJson
+
+`func (o *FCMConfiguration) SetServiceAccountJson(v map[string]interface{})`
+
+SetServiceAccountJson sets ServiceAccountJson field to given value.
+
+### HasServiceAccountJson
+
+`func (o *FCMConfiguration) HasServiceAccountJson() bool`
+
+HasServiceAccountJson returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FCMPushProvider.md b/okta/docs/FCMPushProvider.md
new file mode 100644
index 000000000..1b386c8a9
--- /dev/null
+++ b/okta/docs/FCMPushProvider.md
@@ -0,0 +1,56 @@
+# FCMPushProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Configuration** | Pointer to [**FCMConfiguration**](FCMConfiguration.md) |  | [optional] 
+
+## Methods
+
+### NewFCMPushProvider
+
+`func NewFCMPushProvider() *FCMPushProvider`
+
+NewFCMPushProvider instantiates a new FCMPushProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewFCMPushProviderWithDefaults
+
+`func NewFCMPushProviderWithDefaults() *FCMPushProvider`
+
+NewFCMPushProviderWithDefaults instantiates a new FCMPushProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfiguration
+
+`func (o *FCMPushProvider) GetConfiguration() FCMConfiguration`
+
+GetConfiguration returns the Configuration field if non-nil, zero value otherwise.
+
+### GetConfigurationOk
+
+`func (o *FCMPushProvider) GetConfigurationOk() (*FCMConfiguration, bool)`
+
+GetConfigurationOk returns a tuple with the Configuration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfiguration
+
+`func (o *FCMPushProvider) SetConfiguration(v FCMConfiguration)`
+
+SetConfiguration sets Configuration field to given value.
+
+### HasConfiguration
+
+`func (o *FCMPushProvider) HasConfiguration() bool`
+
+HasConfiguration returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FCMPushProviderAllOf.md b/okta/docs/FCMPushProviderAllOf.md
new file mode 100644
index 000000000..afa6afea2
--- /dev/null
+++ b/okta/docs/FCMPushProviderAllOf.md
@@ -0,0 +1,56 @@
+# FCMPushProviderAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Configuration** | Pointer to [**FCMConfiguration**](FCMConfiguration.md) |  | [optional] 
+
+## Methods
+
+### NewFCMPushProviderAllOf
+
+`func NewFCMPushProviderAllOf() *FCMPushProviderAllOf`
+
+NewFCMPushProviderAllOf instantiates a new FCMPushProviderAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewFCMPushProviderAllOfWithDefaults
+
+`func NewFCMPushProviderAllOfWithDefaults() *FCMPushProviderAllOf`
+
+NewFCMPushProviderAllOfWithDefaults instantiates a new FCMPushProviderAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfiguration
+
+`func (o *FCMPushProviderAllOf) GetConfiguration() FCMConfiguration`
+
+GetConfiguration returns the Configuration field if non-nil, zero value otherwise.
+
+### GetConfigurationOk
+
+`func (o *FCMPushProviderAllOf) GetConfigurationOk() (*FCMConfiguration, bool)`
+
+GetConfigurationOk returns a tuple with the Configuration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfiguration
+
+`func (o *FCMPushProviderAllOf) SetConfiguration(v FCMConfiguration)`
+
+SetConfiguration sets Configuration field to given value.
+
+### HasConfiguration
+
+`func (o *FCMPushProviderAllOf) HasConfiguration() bool`
+
+HasConfiguration returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FactorProvider.md b/okta/docs/FactorProvider.md
new file mode 100644
index 000000000..8330e76bb
--- /dev/null
+++ b/okta/docs/FactorProvider.md
@@ -0,0 +1,25 @@
+# FactorProvider
+
+## Enum
+
+
+* `CUSTOM` (value: `"CUSTOM"`)
+
+* `DUO` (value: `"DUO"`)
+
+* `FIDO` (value: `"FIDO"`)
+
+* `GOOGLE` (value: `"GOOGLE"`)
+
+* `OKTA` (value: `"OKTA"`)
+
+* `RSA` (value: `"RSA"`)
+
+* `SYMANTEC` (value: `"SYMANTEC"`)
+
+* `YUBICO` (value: `"YUBICO"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FactorResultType.md b/okta/docs/FactorResultType.md
new file mode 100644
index 000000000..5b02c0b3a
--- /dev/null
+++ b/okta/docs/FactorResultType.md
@@ -0,0 +1,29 @@
+# FactorResultType
+
+## Enum
+
+
+* `CANCELLED` (value: `"CANCELLED"`)
+
+* `CHALLENGE` (value: `"CHALLENGE"`)
+
+* `ERROR` (value: `"ERROR"`)
+
+* `FAILED` (value: `"FAILED"`)
+
+* `PASSCODE_REPLAYED` (value: `"PASSCODE_REPLAYED"`)
+
+* `REJECTED` (value: `"REJECTED"`)
+
+* `SUCCESS` (value: `"SUCCESS"`)
+
+* `TIMEOUT` (value: `"TIMEOUT"`)
+
+* `TIME_WINDOW_EXCEEDED` (value: `"TIME_WINDOW_EXCEEDED"`)
+
+* `WAITING` (value: `"WAITING"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FactorStatus.md b/okta/docs/FactorStatus.md
new file mode 100644
index 000000000..430416661
--- /dev/null
+++ b/okta/docs/FactorStatus.md
@@ -0,0 +1,23 @@
+# FactorStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `DISABLED` (value: `"DISABLED"`)
+
+* `ENROLLED` (value: `"ENROLLED"`)
+
+* `EXPIRED` (value: `"EXPIRED"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+* `NOT_SETUP` (value: `"NOT_SETUP"`)
+
+* `PENDING_ACTIVATION` (value: `"PENDING_ACTIVATION"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FactorType.md b/okta/docs/FactorType.md
new file mode 100644
index 000000000..4b6bd50a1
--- /dev/null
+++ b/okta/docs/FactorType.md
@@ -0,0 +1,35 @@
+# FactorType
+
+## Enum
+
+
+* `CALL` (value: `"call"`)
+
+* `EMAIL` (value: `"email"`)
+
+* `HOTP` (value: `"hotp"`)
+
+* `PUSH` (value: `"push"`)
+
+* `QUESTION` (value: `"question"`)
+
+* `SMS` (value: `"sms"`)
+
+* `TOKEN` (value: `"token"`)
+
+* `TOKENHARDWARE` (value: `"token:hardware"`)
+
+* `TOKENHOTP` (value: `"token:hotp"`)
+
+* `TOKENSOFTWARETOTP` (value: `"token:software:totp"`)
+
+* `U2F` (value: `"u2f"`)
+
+* `WEB` (value: `"web"`)
+
+* `WEBAUTHN` (value: `"webauthn"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Feature.md b/okta/docs/Feature.md
new file mode 100644
index 000000000..1300d9c78
--- /dev/null
+++ b/okta/docs/Feature.md
@@ -0,0 +1,212 @@
+# Feature
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Description** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Stage** | Pointer to [**FeatureStage**](FeatureStage.md) |  | [optional] 
+**Status** | Pointer to [**EnabledStatus**](EnabledStatus.md) |  | [optional] 
+**Type** | Pointer to [**FeatureType**](FeatureType.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewFeature
+
+`func NewFeature() *Feature`
+
+NewFeature instantiates a new Feature object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewFeatureWithDefaults
+
+`func NewFeatureWithDefaults() *Feature`
+
+NewFeatureWithDefaults instantiates a new Feature object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDescription
+
+`func (o *Feature) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *Feature) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *Feature) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *Feature) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Feature) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Feature) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Feature) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Feature) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *Feature) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *Feature) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *Feature) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *Feature) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStage
+
+`func (o *Feature) GetStage() FeatureStage`
+
+GetStage returns the Stage field if non-nil, zero value otherwise.
+
+### GetStageOk
+
+`func (o *Feature) GetStageOk() (*FeatureStage, bool)`
+
+GetStageOk returns a tuple with the Stage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStage
+
+`func (o *Feature) SetStage(v FeatureStage)`
+
+SetStage sets Stage field to given value.
+
+### HasStage
+
+`func (o *Feature) HasStage() bool`
+
+HasStage returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Feature) GetStatus() EnabledStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Feature) GetStatusOk() (*EnabledStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Feature) SetStatus(v EnabledStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Feature) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *Feature) GetType() FeatureType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *Feature) GetTypeOk() (*FeatureType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *Feature) SetType(v FeatureType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *Feature) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Feature) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Feature) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Feature) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Feature) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FeatureApi.md b/okta/docs/FeatureApi.md
new file mode 100644
index 000000000..821d7fad7
--- /dev/null
+++ b/okta/docs/FeatureApi.md
@@ -0,0 +1,359 @@
+# \FeatureApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetFeature**](FeatureApi.md#GetFeature) | **Get** /api/v1/features/{featureId} | Retrieve a Feature
+[**ListFeatureDependencies**](FeatureApi.md#ListFeatureDependencies) | **Get** /api/v1/features/{featureId}/dependencies | List all Dependencies
+[**ListFeatureDependents**](FeatureApi.md#ListFeatureDependents) | **Get** /api/v1/features/{featureId}/dependents | List all Dependents
+[**ListFeatures**](FeatureApi.md#ListFeatures) | **Get** /api/v1/features | List all Features
+[**UpdateFeatureLifecycle**](FeatureApi.md#UpdateFeatureLifecycle) | **Post** /api/v1/features/{featureId}/{lifecycle} | Update a Feature Lifecycle
+
+
+
+## GetFeature
+
+> Feature GetFeature(ctx, featureId).Execute()
+
+Retrieve a Feature
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    featureId := "featureId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.FeatureApi.GetFeature(context.Background(), featureId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `FeatureApi.GetFeature``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetFeature`: Feature
+    fmt.Fprintf(os.Stdout, "Response from `FeatureApi.GetFeature`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**featureId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetFeatureRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Feature**](Feature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListFeatureDependencies
+
+> []Feature ListFeatureDependencies(ctx, featureId).Execute()
+
+List all Dependencies
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    featureId := "featureId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.FeatureApi.ListFeatureDependencies(context.Background(), featureId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `FeatureApi.ListFeatureDependencies``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListFeatureDependencies`: []Feature
+    fmt.Fprintf(os.Stdout, "Response from `FeatureApi.ListFeatureDependencies`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**featureId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListFeatureDependenciesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]Feature**](Feature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListFeatureDependents
+
+> []Feature ListFeatureDependents(ctx, featureId).Execute()
+
+List all Dependents
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    featureId := "featureId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.FeatureApi.ListFeatureDependents(context.Background(), featureId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `FeatureApi.ListFeatureDependents``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListFeatureDependents`: []Feature
+    fmt.Fprintf(os.Stdout, "Response from `FeatureApi.ListFeatureDependents`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**featureId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListFeatureDependentsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]Feature**](Feature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListFeatures
+
+> []Feature ListFeatures(ctx).Execute()
+
+List all Features
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.FeatureApi.ListFeatures(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `FeatureApi.ListFeatures``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListFeatures`: []Feature
+    fmt.Fprintf(os.Stdout, "Response from `FeatureApi.ListFeatures`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListFeaturesRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]Feature**](Feature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateFeatureLifecycle
+
+> Feature UpdateFeatureLifecycle(ctx, featureId, lifecycle).Mode(mode).Execute()
+
+Update a Feature Lifecycle
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    featureId := "featureId_example" // string | 
+    lifecycle := "lifecycle_example" // string | 
+    mode := "mode_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.FeatureApi.UpdateFeatureLifecycle(context.Background(), featureId, lifecycle).Mode(mode).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `FeatureApi.UpdateFeatureLifecycle``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateFeatureLifecycle`: Feature
+    fmt.Fprintf(os.Stdout, "Response from `FeatureApi.UpdateFeatureLifecycle`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**featureId** | **string** |  | 
+**lifecycle** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateFeatureLifecycleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **mode** | **string** |  | 
+
+### Return type
+
+[**Feature**](Feature.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/FeatureStage.md b/okta/docs/FeatureStage.md
new file mode 100644
index 000000000..b19b3a7a9
--- /dev/null
+++ b/okta/docs/FeatureStage.md
@@ -0,0 +1,82 @@
+# FeatureStage
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**State** | Pointer to [**FeatureStageState**](FeatureStageState.md) |  | [optional] 
+**Value** | Pointer to [**FeatureStageValue**](FeatureStageValue.md) |  | [optional] 
+
+## Methods
+
+### NewFeatureStage
+
+`func NewFeatureStage() *FeatureStage`
+
+NewFeatureStage instantiates a new FeatureStage object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewFeatureStageWithDefaults
+
+`func NewFeatureStageWithDefaults() *FeatureStage`
+
+NewFeatureStageWithDefaults instantiates a new FeatureStage object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetState
+
+`func (o *FeatureStage) GetState() FeatureStageState`
+
+GetState returns the State field if non-nil, zero value otherwise.
+
+### GetStateOk
+
+`func (o *FeatureStage) GetStateOk() (*FeatureStageState, bool)`
+
+GetStateOk returns a tuple with the State field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetState
+
+`func (o *FeatureStage) SetState(v FeatureStageState)`
+
+SetState sets State field to given value.
+
+### HasState
+
+`func (o *FeatureStage) HasState() bool`
+
+HasState returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *FeatureStage) GetValue() FeatureStageValue`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *FeatureStage) GetValueOk() (*FeatureStageValue, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *FeatureStage) SetValue(v FeatureStageValue)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *FeatureStage) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FeatureStageState.md b/okta/docs/FeatureStageState.md
new file mode 100644
index 000000000..324f72526
--- /dev/null
+++ b/okta/docs/FeatureStageState.md
@@ -0,0 +1,13 @@
+# FeatureStageState
+
+## Enum
+
+
+* `CLOSED` (value: `"CLOSED"`)
+
+* `OPEN` (value: `"OPEN"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FeatureStageValue.md b/okta/docs/FeatureStageValue.md
new file mode 100644
index 000000000..c2c59c599
--- /dev/null
+++ b/okta/docs/FeatureStageValue.md
@@ -0,0 +1,13 @@
+# FeatureStageValue
+
+## Enum
+
+
+* `BETA` (value: `"BETA"`)
+
+* `EA` (value: `"EA"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FeatureType.md b/okta/docs/FeatureType.md
new file mode 100644
index 000000000..d1c228c0a
--- /dev/null
+++ b/okta/docs/FeatureType.md
@@ -0,0 +1,11 @@
+# FeatureType
+
+## Enum
+
+
+* `SELF_SERVICE` (value: `"self-service"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/FipsEnum.md b/okta/docs/FipsEnum.md
new file mode 100644
index 000000000..935e89724
--- /dev/null
+++ b/okta/docs/FipsEnum.md
@@ -0,0 +1,13 @@
+# FipsEnum
+
+## Enum
+
+
+* `OPTIONAL` (value: `"OPTIONAL"`)
+
+* `REQUIRED` (value: `"REQUIRED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ForgotPasswordResponse.md b/okta/docs/ForgotPasswordResponse.md
new file mode 100644
index 000000000..f73e7f364
--- /dev/null
+++ b/okta/docs/ForgotPasswordResponse.md
@@ -0,0 +1,56 @@
+# ForgotPasswordResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ResetPasswordUrl** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewForgotPasswordResponse
+
+`func NewForgotPasswordResponse() *ForgotPasswordResponse`
+
+NewForgotPasswordResponse instantiates a new ForgotPasswordResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewForgotPasswordResponseWithDefaults
+
+`func NewForgotPasswordResponseWithDefaults() *ForgotPasswordResponse`
+
+NewForgotPasswordResponseWithDefaults instantiates a new ForgotPasswordResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetResetPasswordUrl
+
+`func (o *ForgotPasswordResponse) GetResetPasswordUrl() string`
+
+GetResetPasswordUrl returns the ResetPasswordUrl field if non-nil, zero value otherwise.
+
+### GetResetPasswordUrlOk
+
+`func (o *ForgotPasswordResponse) GetResetPasswordUrlOk() (*string, bool)`
+
+GetResetPasswordUrlOk returns a tuple with the ResetPasswordUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResetPasswordUrl
+
+`func (o *ForgotPasswordResponse) SetResetPasswordUrl(v string)`
+
+SetResetPasswordUrl sets ResetPasswordUrl field to given value.
+
+### HasResetPasswordUrl
+
+`func (o *ForgotPasswordResponse) HasResetPasswordUrl() bool`
+
+HasResetPasswordUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GrantOrTokenStatus.md b/okta/docs/GrantOrTokenStatus.md
new file mode 100644
index 000000000..554edd842
--- /dev/null
+++ b/okta/docs/GrantOrTokenStatus.md
@@ -0,0 +1,13 @@
+# GrantOrTokenStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `REVOKED` (value: `"REVOKED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GrantTypePolicyRuleCondition.md b/okta/docs/GrantTypePolicyRuleCondition.md
new file mode 100644
index 000000000..c575b2fac
--- /dev/null
+++ b/okta/docs/GrantTypePolicyRuleCondition.md
@@ -0,0 +1,56 @@
+# GrantTypePolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewGrantTypePolicyRuleCondition
+
+`func NewGrantTypePolicyRuleCondition() *GrantTypePolicyRuleCondition`
+
+NewGrantTypePolicyRuleCondition instantiates a new GrantTypePolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGrantTypePolicyRuleConditionWithDefaults
+
+`func NewGrantTypePolicyRuleConditionWithDefaults() *GrantTypePolicyRuleCondition`
+
+NewGrantTypePolicyRuleConditionWithDefaults instantiates a new GrantTypePolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInclude
+
+`func (o *GrantTypePolicyRuleCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *GrantTypePolicyRuleCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *GrantTypePolicyRuleCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *GrantTypePolicyRuleCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Group.md b/okta/docs/Group.md
new file mode 100644
index 000000000..adb9f30f3
--- /dev/null
+++ b/okta/docs/Group.md
@@ -0,0 +1,264 @@
+# Group
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastMembershipUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**ObjectClass** | Pointer to **[]string** |  | [optional] [readonly] 
+**Profile** | Pointer to [**GroupProfile**](GroupProfile.md) |  | [optional] 
+**Type** | Pointer to [**GroupType**](GroupType.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to [**GroupLinks**](GroupLinks.md) |  | [optional] 
+
+## Methods
+
+### NewGroup
+
+`func NewGroup() *Group`
+
+NewGroup instantiates a new Group object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupWithDefaults
+
+`func NewGroupWithDefaults() *Group`
+
+NewGroupWithDefaults instantiates a new Group object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *Group) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Group) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Group) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Group) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Group) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Group) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Group) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Group) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastMembershipUpdated
+
+`func (o *Group) GetLastMembershipUpdated() time.Time`
+
+GetLastMembershipUpdated returns the LastMembershipUpdated field if non-nil, zero value otherwise.
+
+### GetLastMembershipUpdatedOk
+
+`func (o *Group) GetLastMembershipUpdatedOk() (*time.Time, bool)`
+
+GetLastMembershipUpdatedOk returns a tuple with the LastMembershipUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastMembershipUpdated
+
+`func (o *Group) SetLastMembershipUpdated(v time.Time)`
+
+SetLastMembershipUpdated sets LastMembershipUpdated field to given value.
+
+### HasLastMembershipUpdated
+
+`func (o *Group) HasLastMembershipUpdated() bool`
+
+HasLastMembershipUpdated returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *Group) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *Group) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *Group) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *Group) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetObjectClass
+
+`func (o *Group) GetObjectClass() []string`
+
+GetObjectClass returns the ObjectClass field if non-nil, zero value otherwise.
+
+### GetObjectClassOk
+
+`func (o *Group) GetObjectClassOk() (*[]string, bool)`
+
+GetObjectClassOk returns a tuple with the ObjectClass field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetObjectClass
+
+`func (o *Group) SetObjectClass(v []string)`
+
+SetObjectClass sets ObjectClass field to given value.
+
+### HasObjectClass
+
+`func (o *Group) HasObjectClass() bool`
+
+HasObjectClass returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *Group) GetProfile() GroupProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *Group) GetProfileOk() (*GroupProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *Group) SetProfile(v GroupProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *Group) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *Group) GetType() GroupType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *Group) GetTypeOk() (*GroupType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *Group) SetType(v GroupType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *Group) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *Group) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *Group) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *Group) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *Group) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Group) GetLinks() GroupLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Group) GetLinksOk() (*GroupLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Group) SetLinks(v GroupLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Group) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupApi.md b/okta/docs/GroupApi.md
new file mode 100644
index 000000000..0ca510f17
--- /dev/null
+++ b/okta/docs/GroupApi.md
@@ -0,0 +1,1376 @@
+# \GroupApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateGroupRule**](GroupApi.md#ActivateGroupRule) | **Post** /api/v1/groups/rules/{ruleId}/lifecycle/activate | Activate a Group Rule
+[**AssignGroupOwner**](GroupApi.md#AssignGroupOwner) | **Post** /api/v1/groups/{groupId}/owners | Assign a Group Owner
+[**AssignUserToGroup**](GroupApi.md#AssignUserToGroup) | **Put** /api/v1/groups/{groupId}/users/{userId} | Assign a User
+[**CreateGroup**](GroupApi.md#CreateGroup) | **Post** /api/v1/groups | Create a Group
+[**CreateGroupRule**](GroupApi.md#CreateGroupRule) | **Post** /api/v1/groups/rules | Create a Group Rule
+[**DeactivateGroupRule**](GroupApi.md#DeactivateGroupRule) | **Post** /api/v1/groups/rules/{ruleId}/lifecycle/deactivate | Deactivate a Group Rule
+[**DeleteGroup**](GroupApi.md#DeleteGroup) | **Delete** /api/v1/groups/{groupId} | Delete a Group
+[**DeleteGroupOwner**](GroupApi.md#DeleteGroupOwner) | **Delete** /api/v1/groups/{groupId}/owners/{ownerId} | Delete a Group Owner
+[**DeleteGroupRule**](GroupApi.md#DeleteGroupRule) | **Delete** /api/v1/groups/rules/{ruleId} | Delete a group Rule
+[**GetGroup**](GroupApi.md#GetGroup) | **Get** /api/v1/groups/{groupId} | Retrieve a Group
+[**GetGroupRule**](GroupApi.md#GetGroupRule) | **Get** /api/v1/groups/rules/{ruleId} | Retrieve a Group Rule
+[**ListAssignedApplicationsForGroup**](GroupApi.md#ListAssignedApplicationsForGroup) | **Get** /api/v1/groups/{groupId}/apps | List all Assigned Applications
+[**ListGroupOwners**](GroupApi.md#ListGroupOwners) | **Get** /api/v1/groups/{groupId}/owners | List all Group Owners
+[**ListGroupRules**](GroupApi.md#ListGroupRules) | **Get** /api/v1/groups/rules | List all Group Rules
+[**ListGroupUsers**](GroupApi.md#ListGroupUsers) | **Get** /api/v1/groups/{groupId}/users | List all Member Users
+[**ListGroups**](GroupApi.md#ListGroups) | **Get** /api/v1/groups | List all Groups
+[**ReplaceGroup**](GroupApi.md#ReplaceGroup) | **Put** /api/v1/groups/{groupId} | Replace a Group
+[**ReplaceGroupRule**](GroupApi.md#ReplaceGroupRule) | **Put** /api/v1/groups/rules/{ruleId} | Replace a Group Rule
+[**UnassignUserFromGroup**](GroupApi.md#UnassignUserFromGroup) | **Delete** /api/v1/groups/{groupId}/users/{userId} | Unassign a User
+
+
+
+## ActivateGroupRule
+
+> ActivateGroupRule(ctx, ruleId).Execute()
+
+Activate a Group Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ActivateGroupRule(context.Background(), ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ActivateGroupRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateGroupRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignGroupOwner
+
+> GroupOwner AssignGroupOwner(ctx, groupId).GroupOwner(groupOwner).Execute()
+
+Assign a Group Owner
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    groupOwner := *openapiclient.NewGroupOwner() // GroupOwner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.AssignGroupOwner(context.Background(), groupId).GroupOwner(groupOwner).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.AssignGroupOwner``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AssignGroupOwner`: GroupOwner
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.AssignGroupOwner`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignGroupOwnerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **groupOwner** | [**GroupOwner**](GroupOwner.md) |  | 
+
+### Return type
+
+[**GroupOwner**](GroupOwner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignUserToGroup
+
+> AssignUserToGroup(ctx, groupId, userId).Execute()
+
+Assign a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.AssignUserToGroup(context.Background(), groupId, userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.AssignUserToGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignUserToGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateGroup
+
+> Group CreateGroup(ctx).Group(group).Execute()
+
+Create a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    group := *openapiclient.NewGroup() // Group | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.CreateGroup(context.Background()).Group(group).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.CreateGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateGroup`: Group
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.CreateGroup`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **group** | [**Group**](Group.md) |  | 
+
+### Return type
+
+[**Group**](Group.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateGroupRule
+
+> GroupRule CreateGroupRule(ctx).GroupRule(groupRule).Execute()
+
+Create a Group Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupRule := *openapiclient.NewGroupRule() // GroupRule | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.CreateGroupRule(context.Background()).GroupRule(groupRule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.CreateGroupRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateGroupRule`: GroupRule
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.CreateGroupRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateGroupRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **groupRule** | [**GroupRule**](GroupRule.md) |  | 
+
+### Return type
+
+[**GroupRule**](GroupRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateGroupRule
+
+> DeactivateGroupRule(ctx, ruleId).Execute()
+
+Deactivate a Group Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.DeactivateGroupRule(context.Background(), ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.DeactivateGroupRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateGroupRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteGroup
+
+> DeleteGroup(ctx, groupId).Execute()
+
+Delete a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.DeleteGroup(context.Background(), groupId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.DeleteGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteGroupOwner
+
+> DeleteGroupOwner(ctx, groupId, ownerId).Execute()
+
+Delete a Group Owner
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    ownerId := "ownerId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.DeleteGroupOwner(context.Background(), groupId, ownerId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.DeleteGroupOwner``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**ownerId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteGroupOwnerRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteGroupRule
+
+> DeleteGroupRule(ctx, ruleId).RemoveUsers(removeUsers).Execute()
+
+Delete a group Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    ruleId := "ruleId_example" // string | 
+    removeUsers := true // bool | Indicates whether to keep or remove users from groups assigned by this rule. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.DeleteGroupRule(context.Background(), ruleId).RemoveUsers(removeUsers).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.DeleteGroupRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteGroupRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **removeUsers** | **bool** | Indicates whether to keep or remove users from groups assigned by this rule. | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetGroup
+
+> Group GetGroup(ctx, groupId).Execute()
+
+Retrieve a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.GetGroup(context.Background(), groupId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.GetGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetGroup`: Group
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.GetGroup`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Group**](Group.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetGroupRule
+
+> GroupRule GetGroupRule(ctx, ruleId).Expand(expand).Execute()
+
+Retrieve a Group Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    ruleId := "ruleId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.GetGroupRule(context.Background(), ruleId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.GetGroupRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetGroupRule`: GroupRule
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.GetGroupRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetGroupRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**GroupRule**](GroupRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAssignedApplicationsForGroup
+
+> []ListApplications200ResponseInner ListAssignedApplicationsForGroup(ctx, groupId).After(after).Limit(limit).Execute()
+
+List all Assigned Applications
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    after := "after_example" // string | Specifies the pagination cursor for the next page of apps (optional)
+    limit := int32(56) // int32 | Specifies the number of app results for a page (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ListAssignedApplicationsForGroup(context.Background(), groupId).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ListAssignedApplicationsForGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAssignedApplicationsForGroup`: []ListApplications200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.ListAssignedApplicationsForGroup`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAssignedApplicationsForGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **after** | **string** | Specifies the pagination cursor for the next page of apps | 
+ **limit** | **int32** | Specifies the number of app results for a page | [default to 20]
+
+### Return type
+
+[**[]ListApplications200ResponseInner**](ListApplications200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGroupOwners
+
+> []GroupOwner ListGroupOwners(ctx, groupId).Filter(filter).After(after).Limit(limit).Execute()
+
+List all Group Owners
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    filter := "filter_example" // string | SCIM Filter expression for group owners. Allows to filter owners by type. (optional)
+    after := "after_example" // string | Specifies the pagination cursor for the next page of owners (optional)
+    limit := int32(56) // int32 | Specifies the number of owner results in a page (optional) (default to 1000)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ListGroupOwners(context.Background(), groupId).Filter(filter).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ListGroupOwners``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGroupOwners`: []GroupOwner
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.ListGroupOwners`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGroupOwnersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **filter** | **string** | SCIM Filter expression for group owners. Allows to filter owners by type. | 
+ **after** | **string** | Specifies the pagination cursor for the next page of owners | 
+ **limit** | **int32** | Specifies the number of owner results in a page | [default to 1000]
+
+### Return type
+
+[**[]GroupOwner**](GroupOwner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGroupRules
+
+> []GroupRule ListGroupRules(ctx).Limit(limit).After(after).Search(search).Expand(expand).Execute()
+
+List all Group Rules
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    limit := int32(56) // int32 | Specifies the number of rule results in a page (optional) (default to 50)
+    after := "after_example" // string | Specifies the pagination cursor for the next page of rules (optional)
+    search := "search_example" // string | Specifies the keyword to search fules for (optional)
+    expand := "expand_example" // string | If specified as `groupIdToGroupNameMap`, then show group names (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ListGroupRules(context.Background()).Limit(limit).After(after).Search(search).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ListGroupRules``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGroupRules`: []GroupRule
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.ListGroupRules`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGroupRulesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **limit** | **int32** | Specifies the number of rule results in a page | [default to 50]
+ **after** | **string** | Specifies the pagination cursor for the next page of rules | 
+ **search** | **string** | Specifies the keyword to search fules for | 
+ **expand** | **string** | If specified as &#x60;groupIdToGroupNameMap&#x60;, then show group names | 
+
+### Return type
+
+[**[]GroupRule**](GroupRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGroupUsers
+
+> []User ListGroupUsers(ctx, groupId).After(after).Limit(limit).Execute()
+
+List all Member Users
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    after := "after_example" // string | Specifies the pagination cursor for the next page of users (optional)
+    limit := int32(56) // int32 | Specifies the number of user results in a page (optional) (default to 1000)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ListGroupUsers(context.Background(), groupId).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ListGroupUsers``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGroupUsers`: []User
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.ListGroupUsers`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGroupUsersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **after** | **string** | Specifies the pagination cursor for the next page of users | 
+ **limit** | **int32** | Specifies the number of user results in a page | [default to 1000]
+
+### Return type
+
+[**[]User**](User.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGroups
+
+> []Group ListGroups(ctx).Q(q).Filter(filter).After(after).Limit(limit).Expand(expand).Search(search).Execute()
+
+List all Groups
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    q := "q_example" // string | Searches the name property of groups for matching value (optional)
+    filter := "filter_example" // string | Filter expression for groups (optional)
+    after := "after_example" // string | Specifies the pagination cursor for the next page of groups (optional)
+    limit := int32(56) // int32 | Specifies the number of group results in a page (optional) (default to 10000)
+    expand := "expand_example" // string | If specified, it causes additional metadata to be included in the response. (optional)
+    search := "search_example" // string | Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ListGroups(context.Background()).Q(q).Filter(filter).After(after).Limit(limit).Expand(expand).Search(search).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ListGroups``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGroups`: []Group
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.ListGroups`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGroupsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **q** | **string** | Searches the name property of groups for matching value | 
+ **filter** | **string** | Filter expression for groups | 
+ **after** | **string** | Specifies the pagination cursor for the next page of groups | 
+ **limit** | **int32** | Specifies the number of group results in a page | [default to 10000]
+ **expand** | **string** | If specified, it causes additional metadata to be included in the response. | 
+ **search** | **string** | Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass | 
+
+### Return type
+
+[**[]Group**](Group.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceGroup
+
+> Group ReplaceGroup(ctx, groupId).Group(group).Execute()
+
+Replace a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    group := *openapiclient.NewGroup() // Group | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ReplaceGroup(context.Background(), groupId).Group(group).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ReplaceGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceGroup`: Group
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.ReplaceGroup`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **group** | [**Group**](Group.md) |  | 
+
+### Return type
+
+[**Group**](Group.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceGroupRule
+
+> GroupRule ReplaceGroupRule(ctx, ruleId).GroupRule(groupRule).Execute()
+
+Replace a Group Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    ruleId := "ruleId_example" // string | 
+    groupRule := *openapiclient.NewGroupRule() // GroupRule | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.ReplaceGroupRule(context.Background(), ruleId).GroupRule(groupRule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.ReplaceGroupRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceGroupRule`: GroupRule
+    fmt.Fprintf(os.Stdout, "Response from `GroupApi.ReplaceGroupRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceGroupRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **groupRule** | [**GroupRule**](GroupRule.md) |  | 
+
+### Return type
+
+[**GroupRule**](GroupRule.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignUserFromGroup
+
+> UnassignUserFromGroup(ctx, groupId, userId).Execute()
+
+Unassign a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.GroupApi.UnassignUserFromGroup(context.Background(), groupId, userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `GroupApi.UnassignUserFromGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignUserFromGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/GroupCondition.md b/okta/docs/GroupCondition.md
new file mode 100644
index 000000000..4f9962ba0
--- /dev/null
+++ b/okta/docs/GroupCondition.md
@@ -0,0 +1,82 @@
+# GroupCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewGroupCondition
+
+`func NewGroupCondition() *GroupCondition`
+
+NewGroupCondition instantiates a new GroupCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupConditionWithDefaults
+
+`func NewGroupConditionWithDefaults() *GroupCondition`
+
+NewGroupConditionWithDefaults instantiates a new GroupCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *GroupCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *GroupCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *GroupCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *GroupCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *GroupCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *GroupCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *GroupCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *GroupCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupLinks.md b/okta/docs/GroupLinks.md
new file mode 100644
index 000000000..1bc295cc1
--- /dev/null
+++ b/okta/docs/GroupLinks.md
@@ -0,0 +1,160 @@
+# GroupLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Apps** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Logo** | Pointer to [**[]HrefObject**](HrefObject.md) |  | [optional] 
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Source** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Users** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewGroupLinks
+
+`func NewGroupLinks() *GroupLinks`
+
+NewGroupLinks instantiates a new GroupLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupLinksWithDefaults
+
+`func NewGroupLinksWithDefaults() *GroupLinks`
+
+NewGroupLinksWithDefaults instantiates a new GroupLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApps
+
+`func (o *GroupLinks) GetApps() HrefObject`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *GroupLinks) GetAppsOk() (*HrefObject, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *GroupLinks) SetApps(v HrefObject)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *GroupLinks) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetLogo
+
+`func (o *GroupLinks) GetLogo() []HrefObject`
+
+GetLogo returns the Logo field if non-nil, zero value otherwise.
+
+### GetLogoOk
+
+`func (o *GroupLinks) GetLogoOk() (*[]HrefObject, bool)`
+
+GetLogoOk returns a tuple with the Logo field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogo
+
+`func (o *GroupLinks) SetLogo(v []HrefObject)`
+
+SetLogo sets Logo field to given value.
+
+### HasLogo
+
+`func (o *GroupLinks) HasLogo() bool`
+
+HasLogo returns a boolean if a field has been set.
+
+### GetSelf
+
+`func (o *GroupLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *GroupLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *GroupLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *GroupLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetSource
+
+`func (o *GroupLinks) GetSource() HrefObject`
+
+GetSource returns the Source field if non-nil, zero value otherwise.
+
+### GetSourceOk
+
+`func (o *GroupLinks) GetSourceOk() (*HrefObject, bool)`
+
+GetSourceOk returns a tuple with the Source field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSource
+
+`func (o *GroupLinks) SetSource(v HrefObject)`
+
+SetSource sets Source field to given value.
+
+### HasSource
+
+`func (o *GroupLinks) HasSource() bool`
+
+HasSource returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *GroupLinks) GetUsers() HrefObject`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *GroupLinks) GetUsersOk() (*HrefObject, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *GroupLinks) SetUsers(v HrefObject)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *GroupLinks) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupOwner.md b/okta/docs/GroupOwner.md
new file mode 100644
index 000000000..7ff1136e6
--- /dev/null
+++ b/okta/docs/GroupOwner.md
@@ -0,0 +1,212 @@
+# GroupOwner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DisplayName** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**OriginId** | Pointer to **string** |  | [optional] 
+**OriginType** | Pointer to [**GroupOwnerOriginType**](GroupOwnerOriginType.md) |  | [optional] 
+**Resolved** | Pointer to **bool** |  | [optional] 
+**Type** | Pointer to [**GroupOwnerType**](GroupOwnerType.md) |  | [optional] 
+
+## Methods
+
+### NewGroupOwner
+
+`func NewGroupOwner() *GroupOwner`
+
+NewGroupOwner instantiates a new GroupOwner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupOwnerWithDefaults
+
+`func NewGroupOwnerWithDefaults() *GroupOwner`
+
+NewGroupOwnerWithDefaults instantiates a new GroupOwner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDisplayName
+
+`func (o *GroupOwner) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *GroupOwner) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *GroupOwner) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *GroupOwner) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *GroupOwner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *GroupOwner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *GroupOwner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *GroupOwner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *GroupOwner) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *GroupOwner) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *GroupOwner) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *GroupOwner) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetOriginId
+
+`func (o *GroupOwner) GetOriginId() string`
+
+GetOriginId returns the OriginId field if non-nil, zero value otherwise.
+
+### GetOriginIdOk
+
+`func (o *GroupOwner) GetOriginIdOk() (*string, bool)`
+
+GetOriginIdOk returns a tuple with the OriginId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOriginId
+
+`func (o *GroupOwner) SetOriginId(v string)`
+
+SetOriginId sets OriginId field to given value.
+
+### HasOriginId
+
+`func (o *GroupOwner) HasOriginId() bool`
+
+HasOriginId returns a boolean if a field has been set.
+
+### GetOriginType
+
+`func (o *GroupOwner) GetOriginType() GroupOwnerOriginType`
+
+GetOriginType returns the OriginType field if non-nil, zero value otherwise.
+
+### GetOriginTypeOk
+
+`func (o *GroupOwner) GetOriginTypeOk() (*GroupOwnerOriginType, bool)`
+
+GetOriginTypeOk returns a tuple with the OriginType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOriginType
+
+`func (o *GroupOwner) SetOriginType(v GroupOwnerOriginType)`
+
+SetOriginType sets OriginType field to given value.
+
+### HasOriginType
+
+`func (o *GroupOwner) HasOriginType() bool`
+
+HasOriginType returns a boolean if a field has been set.
+
+### GetResolved
+
+`func (o *GroupOwner) GetResolved() bool`
+
+GetResolved returns the Resolved field if non-nil, zero value otherwise.
+
+### GetResolvedOk
+
+`func (o *GroupOwner) GetResolvedOk() (*bool, bool)`
+
+GetResolvedOk returns a tuple with the Resolved field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResolved
+
+`func (o *GroupOwner) SetResolved(v bool)`
+
+SetResolved sets Resolved field to given value.
+
+### HasResolved
+
+`func (o *GroupOwner) HasResolved() bool`
+
+HasResolved returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *GroupOwner) GetType() GroupOwnerType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *GroupOwner) GetTypeOk() (*GroupOwnerType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *GroupOwner) SetType(v GroupOwnerType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *GroupOwner) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupOwnerOriginType.md b/okta/docs/GroupOwnerOriginType.md
new file mode 100644
index 000000000..5f27b8154
--- /dev/null
+++ b/okta/docs/GroupOwnerOriginType.md
@@ -0,0 +1,13 @@
+# GroupOwnerOriginType
+
+## Enum
+
+
+* `APPLICATION` (value: `"APPLICATION"`)
+
+* `OKTA_DIRECTORY` (value: `"OKTA_DIRECTORY"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupOwnerType.md b/okta/docs/GroupOwnerType.md
new file mode 100644
index 000000000..364c756b8
--- /dev/null
+++ b/okta/docs/GroupOwnerType.md
@@ -0,0 +1,15 @@
+# GroupOwnerType
+
+## Enum
+
+
+* `GROUP` (value: `"GROUP"`)
+
+* `UNKNOWN` (value: `"UNKNOWN"`)
+
+* `USER` (value: `"USER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupPolicyRuleCondition.md b/okta/docs/GroupPolicyRuleCondition.md
new file mode 100644
index 000000000..3d98dc734
--- /dev/null
+++ b/okta/docs/GroupPolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# GroupPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewGroupPolicyRuleCondition
+
+`func NewGroupPolicyRuleCondition() *GroupPolicyRuleCondition`
+
+NewGroupPolicyRuleCondition instantiates a new GroupPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupPolicyRuleConditionWithDefaults
+
+`func NewGroupPolicyRuleConditionWithDefaults() *GroupPolicyRuleCondition`
+
+NewGroupPolicyRuleConditionWithDefaults instantiates a new GroupPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *GroupPolicyRuleCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *GroupPolicyRuleCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *GroupPolicyRuleCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *GroupPolicyRuleCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *GroupPolicyRuleCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *GroupPolicyRuleCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *GroupPolicyRuleCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *GroupPolicyRuleCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupProfile.md b/okta/docs/GroupProfile.md
new file mode 100644
index 000000000..04e3e3b79
--- /dev/null
+++ b/okta/docs/GroupProfile.md
@@ -0,0 +1,82 @@
+# GroupProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Description** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewGroupProfile
+
+`func NewGroupProfile() *GroupProfile`
+
+NewGroupProfile instantiates a new GroupProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupProfileWithDefaults
+
+`func NewGroupProfileWithDefaults() *GroupProfile`
+
+NewGroupProfileWithDefaults instantiates a new GroupProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDescription
+
+`func (o *GroupProfile) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *GroupProfile) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *GroupProfile) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *GroupProfile) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *GroupProfile) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *GroupProfile) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *GroupProfile) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *GroupProfile) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRule.md b/okta/docs/GroupRule.md
new file mode 100644
index 000000000..1eb15567a
--- /dev/null
+++ b/okta/docs/GroupRule.md
@@ -0,0 +1,238 @@
+# GroupRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**GroupRuleAction**](GroupRuleAction.md) |  | [optional] 
+**Conditions** | Pointer to [**GroupRuleConditions**](GroupRuleConditions.md) |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to [**GroupRuleStatus**](GroupRuleStatus.md) |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewGroupRule
+
+`func NewGroupRule() *GroupRule`
+
+NewGroupRule instantiates a new GroupRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRuleWithDefaults
+
+`func NewGroupRuleWithDefaults() *GroupRule`
+
+NewGroupRuleWithDefaults instantiates a new GroupRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *GroupRule) GetActions() GroupRuleAction`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *GroupRule) GetActionsOk() (*GroupRuleAction, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *GroupRule) SetActions(v GroupRuleAction)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *GroupRule) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *GroupRule) GetConditions() GroupRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *GroupRule) GetConditionsOk() (*GroupRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *GroupRule) SetConditions(v GroupRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *GroupRule) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *GroupRule) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *GroupRule) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *GroupRule) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *GroupRule) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *GroupRule) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *GroupRule) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *GroupRule) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *GroupRule) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *GroupRule) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *GroupRule) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *GroupRule) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *GroupRule) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *GroupRule) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *GroupRule) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *GroupRule) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *GroupRule) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *GroupRule) GetStatus() GroupRuleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *GroupRule) GetStatusOk() (*GroupRuleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *GroupRule) SetStatus(v GroupRuleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *GroupRule) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *GroupRule) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *GroupRule) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *GroupRule) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *GroupRule) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRuleAction.md b/okta/docs/GroupRuleAction.md
new file mode 100644
index 000000000..2ae22da12
--- /dev/null
+++ b/okta/docs/GroupRuleAction.md
@@ -0,0 +1,56 @@
+# GroupRuleAction
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AssignUserToGroups** | Pointer to [**GroupRuleGroupAssignment**](GroupRuleGroupAssignment.md) |  | [optional] 
+
+## Methods
+
+### NewGroupRuleAction
+
+`func NewGroupRuleAction() *GroupRuleAction`
+
+NewGroupRuleAction instantiates a new GroupRuleAction object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRuleActionWithDefaults
+
+`func NewGroupRuleActionWithDefaults() *GroupRuleAction`
+
+NewGroupRuleActionWithDefaults instantiates a new GroupRuleAction object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAssignUserToGroups
+
+`func (o *GroupRuleAction) GetAssignUserToGroups() GroupRuleGroupAssignment`
+
+GetAssignUserToGroups returns the AssignUserToGroups field if non-nil, zero value otherwise.
+
+### GetAssignUserToGroupsOk
+
+`func (o *GroupRuleAction) GetAssignUserToGroupsOk() (*GroupRuleGroupAssignment, bool)`
+
+GetAssignUserToGroupsOk returns a tuple with the AssignUserToGroups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAssignUserToGroups
+
+`func (o *GroupRuleAction) SetAssignUserToGroups(v GroupRuleGroupAssignment)`
+
+SetAssignUserToGroups sets AssignUserToGroups field to given value.
+
+### HasAssignUserToGroups
+
+`func (o *GroupRuleAction) HasAssignUserToGroups() bool`
+
+HasAssignUserToGroups returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRuleConditions.md b/okta/docs/GroupRuleConditions.md
new file mode 100644
index 000000000..303eb26c5
--- /dev/null
+++ b/okta/docs/GroupRuleConditions.md
@@ -0,0 +1,82 @@
+# GroupRuleConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expression** | Pointer to [**GroupRuleExpression**](GroupRuleExpression.md) |  | [optional] 
+**People** | Pointer to [**GroupRulePeopleCondition**](GroupRulePeopleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewGroupRuleConditions
+
+`func NewGroupRuleConditions() *GroupRuleConditions`
+
+NewGroupRuleConditions instantiates a new GroupRuleConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRuleConditionsWithDefaults
+
+`func NewGroupRuleConditionsWithDefaults() *GroupRuleConditions`
+
+NewGroupRuleConditionsWithDefaults instantiates a new GroupRuleConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpression
+
+`func (o *GroupRuleConditions) GetExpression() GroupRuleExpression`
+
+GetExpression returns the Expression field if non-nil, zero value otherwise.
+
+### GetExpressionOk
+
+`func (o *GroupRuleConditions) GetExpressionOk() (*GroupRuleExpression, bool)`
+
+GetExpressionOk returns a tuple with the Expression field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpression
+
+`func (o *GroupRuleConditions) SetExpression(v GroupRuleExpression)`
+
+SetExpression sets Expression field to given value.
+
+### HasExpression
+
+`func (o *GroupRuleConditions) HasExpression() bool`
+
+HasExpression returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *GroupRuleConditions) GetPeople() GroupRulePeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *GroupRuleConditions) GetPeopleOk() (*GroupRulePeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *GroupRuleConditions) SetPeople(v GroupRulePeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *GroupRuleConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRuleExpression.md b/okta/docs/GroupRuleExpression.md
new file mode 100644
index 000000000..334a92ec6
--- /dev/null
+++ b/okta/docs/GroupRuleExpression.md
@@ -0,0 +1,82 @@
+# GroupRuleExpression
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewGroupRuleExpression
+
+`func NewGroupRuleExpression() *GroupRuleExpression`
+
+NewGroupRuleExpression instantiates a new GroupRuleExpression object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRuleExpressionWithDefaults
+
+`func NewGroupRuleExpressionWithDefaults() *GroupRuleExpression`
+
+NewGroupRuleExpressionWithDefaults instantiates a new GroupRuleExpression object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *GroupRuleExpression) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *GroupRuleExpression) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *GroupRuleExpression) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *GroupRuleExpression) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *GroupRuleExpression) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *GroupRuleExpression) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *GroupRuleExpression) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *GroupRuleExpression) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRuleGroupAssignment.md b/okta/docs/GroupRuleGroupAssignment.md
new file mode 100644
index 000000000..2767efa57
--- /dev/null
+++ b/okta/docs/GroupRuleGroupAssignment.md
@@ -0,0 +1,56 @@
+# GroupRuleGroupAssignment
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**GroupIds** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewGroupRuleGroupAssignment
+
+`func NewGroupRuleGroupAssignment() *GroupRuleGroupAssignment`
+
+NewGroupRuleGroupAssignment instantiates a new GroupRuleGroupAssignment object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRuleGroupAssignmentWithDefaults
+
+`func NewGroupRuleGroupAssignmentWithDefaults() *GroupRuleGroupAssignment`
+
+NewGroupRuleGroupAssignmentWithDefaults instantiates a new GroupRuleGroupAssignment object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetGroupIds
+
+`func (o *GroupRuleGroupAssignment) GetGroupIds() []string`
+
+GetGroupIds returns the GroupIds field if non-nil, zero value otherwise.
+
+### GetGroupIdsOk
+
+`func (o *GroupRuleGroupAssignment) GetGroupIdsOk() (*[]string, bool)`
+
+GetGroupIdsOk returns a tuple with the GroupIds field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroupIds
+
+`func (o *GroupRuleGroupAssignment) SetGroupIds(v []string)`
+
+SetGroupIds sets GroupIds field to given value.
+
+### HasGroupIds
+
+`func (o *GroupRuleGroupAssignment) HasGroupIds() bool`
+
+HasGroupIds returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRuleGroupCondition.md b/okta/docs/GroupRuleGroupCondition.md
new file mode 100644
index 000000000..31607251b
--- /dev/null
+++ b/okta/docs/GroupRuleGroupCondition.md
@@ -0,0 +1,82 @@
+# GroupRuleGroupCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewGroupRuleGroupCondition
+
+`func NewGroupRuleGroupCondition() *GroupRuleGroupCondition`
+
+NewGroupRuleGroupCondition instantiates a new GroupRuleGroupCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRuleGroupConditionWithDefaults
+
+`func NewGroupRuleGroupConditionWithDefaults() *GroupRuleGroupCondition`
+
+NewGroupRuleGroupConditionWithDefaults instantiates a new GroupRuleGroupCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *GroupRuleGroupCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *GroupRuleGroupCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *GroupRuleGroupCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *GroupRuleGroupCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *GroupRuleGroupCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *GroupRuleGroupCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *GroupRuleGroupCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *GroupRuleGroupCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRulePeopleCondition.md b/okta/docs/GroupRulePeopleCondition.md
new file mode 100644
index 000000000..f465b5b10
--- /dev/null
+++ b/okta/docs/GroupRulePeopleCondition.md
@@ -0,0 +1,82 @@
+# GroupRulePeopleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Groups** | Pointer to [**GroupRuleGroupCondition**](GroupRuleGroupCondition.md) |  | [optional] 
+**Users** | Pointer to [**GroupRuleUserCondition**](GroupRuleUserCondition.md) |  | [optional] 
+
+## Methods
+
+### NewGroupRulePeopleCondition
+
+`func NewGroupRulePeopleCondition() *GroupRulePeopleCondition`
+
+NewGroupRulePeopleCondition instantiates a new GroupRulePeopleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRulePeopleConditionWithDefaults
+
+`func NewGroupRulePeopleConditionWithDefaults() *GroupRulePeopleCondition`
+
+NewGroupRulePeopleConditionWithDefaults instantiates a new GroupRulePeopleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetGroups
+
+`func (o *GroupRulePeopleCondition) GetGroups() GroupRuleGroupCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *GroupRulePeopleCondition) GetGroupsOk() (*GroupRuleGroupCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *GroupRulePeopleCondition) SetGroups(v GroupRuleGroupCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *GroupRulePeopleCondition) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *GroupRulePeopleCondition) GetUsers() GroupRuleUserCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *GroupRulePeopleCondition) GetUsersOk() (*GroupRuleUserCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *GroupRulePeopleCondition) SetUsers(v GroupRuleUserCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *GroupRulePeopleCondition) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRuleStatus.md b/okta/docs/GroupRuleStatus.md
new file mode 100644
index 000000000..c08470f18
--- /dev/null
+++ b/okta/docs/GroupRuleStatus.md
@@ -0,0 +1,15 @@
+# GroupRuleStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+* `INVALID` (value: `"INVALID"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupRuleUserCondition.md b/okta/docs/GroupRuleUserCondition.md
new file mode 100644
index 000000000..931bb6ec5
--- /dev/null
+++ b/okta/docs/GroupRuleUserCondition.md
@@ -0,0 +1,82 @@
+# GroupRuleUserCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewGroupRuleUserCondition
+
+`func NewGroupRuleUserCondition() *GroupRuleUserCondition`
+
+NewGroupRuleUserCondition instantiates a new GroupRuleUserCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupRuleUserConditionWithDefaults
+
+`func NewGroupRuleUserConditionWithDefaults() *GroupRuleUserCondition`
+
+NewGroupRuleUserConditionWithDefaults instantiates a new GroupRuleUserCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *GroupRuleUserCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *GroupRuleUserCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *GroupRuleUserCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *GroupRuleUserCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *GroupRuleUserCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *GroupRuleUserCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *GroupRuleUserCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *GroupRuleUserCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupSchema.md b/okta/docs/GroupSchema.md
new file mode 100644
index 000000000..4bbe0f3aa
--- /dev/null
+++ b/okta/docs/GroupSchema.md
@@ -0,0 +1,316 @@
+# GroupSchema
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Schema** | Pointer to **string** |  | [optional] [readonly] 
+**Created** | Pointer to **string** |  | [optional] [readonly] 
+**Definitions** | Pointer to [**GroupSchemaDefinitions**](GroupSchemaDefinitions.md) |  | [optional] 
+**Description** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] [readonly] 
+**Properties** | Pointer to [**UserSchemaProperties**](UserSchemaProperties.md) |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewGroupSchema
+
+`func NewGroupSchema() *GroupSchema`
+
+NewGroupSchema instantiates a new GroupSchema object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupSchemaWithDefaults
+
+`func NewGroupSchemaWithDefaults() *GroupSchema`
+
+NewGroupSchemaWithDefaults instantiates a new GroupSchema object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSchema
+
+`func (o *GroupSchema) GetSchema() string`
+
+GetSchema returns the Schema field if non-nil, zero value otherwise.
+
+### GetSchemaOk
+
+`func (o *GroupSchema) GetSchemaOk() (*string, bool)`
+
+GetSchemaOk returns a tuple with the Schema field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSchema
+
+`func (o *GroupSchema) SetSchema(v string)`
+
+SetSchema sets Schema field to given value.
+
+### HasSchema
+
+`func (o *GroupSchema) HasSchema() bool`
+
+HasSchema returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *GroupSchema) GetCreated() string`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *GroupSchema) GetCreatedOk() (*string, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *GroupSchema) SetCreated(v string)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *GroupSchema) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDefinitions
+
+`func (o *GroupSchema) GetDefinitions() GroupSchemaDefinitions`
+
+GetDefinitions returns the Definitions field if non-nil, zero value otherwise.
+
+### GetDefinitionsOk
+
+`func (o *GroupSchema) GetDefinitionsOk() (*GroupSchemaDefinitions, bool)`
+
+GetDefinitionsOk returns a tuple with the Definitions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefinitions
+
+`func (o *GroupSchema) SetDefinitions(v GroupSchemaDefinitions)`
+
+SetDefinitions sets Definitions field to given value.
+
+### HasDefinitions
+
+`func (o *GroupSchema) HasDefinitions() bool`
+
+HasDefinitions returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *GroupSchema) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *GroupSchema) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *GroupSchema) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *GroupSchema) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *GroupSchema) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *GroupSchema) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *GroupSchema) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *GroupSchema) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *GroupSchema) GetLastUpdated() string`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *GroupSchema) GetLastUpdatedOk() (*string, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *GroupSchema) SetLastUpdated(v string)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *GroupSchema) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *GroupSchema) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *GroupSchema) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *GroupSchema) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *GroupSchema) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *GroupSchema) GetProperties() UserSchemaProperties`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *GroupSchema) GetPropertiesOk() (*UserSchemaProperties, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *GroupSchema) SetProperties(v UserSchemaProperties)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *GroupSchema) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *GroupSchema) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *GroupSchema) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *GroupSchema) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *GroupSchema) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *GroupSchema) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *GroupSchema) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *GroupSchema) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *GroupSchema) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *GroupSchema) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *GroupSchema) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *GroupSchema) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *GroupSchema) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupSchemaAttribute.md b/okta/docs/GroupSchemaAttribute.md
new file mode 100644
index 000000000..2f073e944
--- /dev/null
+++ b/okta/docs/GroupSchemaAttribute.md
@@ -0,0 +1,472 @@
+# GroupSchemaAttribute
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Description** | Pointer to **string** |  | [optional] 
+**Enum** | Pointer to **[]string** |  | [optional] 
+**ExternalName** | Pointer to **string** |  | [optional] 
+**ExternalNamespace** | Pointer to **string** |  | [optional] 
+**Items** | Pointer to [**UserSchemaAttributeItems**](UserSchemaAttributeItems.md) |  | [optional] 
+**Master** | Pointer to [**UserSchemaAttributeMaster**](UserSchemaAttributeMaster.md) |  | [optional] 
+**MaxLength** | Pointer to **int32** |  | [optional] 
+**MinLength** | Pointer to **int32** |  | [optional] 
+**Mutability** | Pointer to **string** |  | [optional] 
+**OneOf** | Pointer to [**[]UserSchemaAttributeEnum**](UserSchemaAttributeEnum.md) |  | [optional] 
+**Permissions** | Pointer to [**[]UserSchemaAttributePermission**](UserSchemaAttributePermission.md) |  | [optional] 
+**Required** | Pointer to **bool** |  | [optional] 
+**Scope** | Pointer to [**UserSchemaAttributeScope**](UserSchemaAttributeScope.md) |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**UserSchemaAttributeType**](UserSchemaAttributeType.md) |  | [optional] 
+**Union** | Pointer to [**UserSchemaAttributeUnion**](UserSchemaAttributeUnion.md) |  | [optional] 
+**Unique** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewGroupSchemaAttribute
+
+`func NewGroupSchemaAttribute() *GroupSchemaAttribute`
+
+NewGroupSchemaAttribute instantiates a new GroupSchemaAttribute object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupSchemaAttributeWithDefaults
+
+`func NewGroupSchemaAttributeWithDefaults() *GroupSchemaAttribute`
+
+NewGroupSchemaAttributeWithDefaults instantiates a new GroupSchemaAttribute object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDescription
+
+`func (o *GroupSchemaAttribute) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *GroupSchemaAttribute) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *GroupSchemaAttribute) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *GroupSchemaAttribute) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetEnum
+
+`func (o *GroupSchemaAttribute) GetEnum() []string`
+
+GetEnum returns the Enum field if non-nil, zero value otherwise.
+
+### GetEnumOk
+
+`func (o *GroupSchemaAttribute) GetEnumOk() (*[]string, bool)`
+
+GetEnumOk returns a tuple with the Enum field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnum
+
+`func (o *GroupSchemaAttribute) SetEnum(v []string)`
+
+SetEnum sets Enum field to given value.
+
+### HasEnum
+
+`func (o *GroupSchemaAttribute) HasEnum() bool`
+
+HasEnum returns a boolean if a field has been set.
+
+### GetExternalName
+
+`func (o *GroupSchemaAttribute) GetExternalName() string`
+
+GetExternalName returns the ExternalName field if non-nil, zero value otherwise.
+
+### GetExternalNameOk
+
+`func (o *GroupSchemaAttribute) GetExternalNameOk() (*string, bool)`
+
+GetExternalNameOk returns a tuple with the ExternalName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalName
+
+`func (o *GroupSchemaAttribute) SetExternalName(v string)`
+
+SetExternalName sets ExternalName field to given value.
+
+### HasExternalName
+
+`func (o *GroupSchemaAttribute) HasExternalName() bool`
+
+HasExternalName returns a boolean if a field has been set.
+
+### GetExternalNamespace
+
+`func (o *GroupSchemaAttribute) GetExternalNamespace() string`
+
+GetExternalNamespace returns the ExternalNamespace field if non-nil, zero value otherwise.
+
+### GetExternalNamespaceOk
+
+`func (o *GroupSchemaAttribute) GetExternalNamespaceOk() (*string, bool)`
+
+GetExternalNamespaceOk returns a tuple with the ExternalNamespace field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalNamespace
+
+`func (o *GroupSchemaAttribute) SetExternalNamespace(v string)`
+
+SetExternalNamespace sets ExternalNamespace field to given value.
+
+### HasExternalNamespace
+
+`func (o *GroupSchemaAttribute) HasExternalNamespace() bool`
+
+HasExternalNamespace returns a boolean if a field has been set.
+
+### GetItems
+
+`func (o *GroupSchemaAttribute) GetItems() UserSchemaAttributeItems`
+
+GetItems returns the Items field if non-nil, zero value otherwise.
+
+### GetItemsOk
+
+`func (o *GroupSchemaAttribute) GetItemsOk() (*UserSchemaAttributeItems, bool)`
+
+GetItemsOk returns a tuple with the Items field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetItems
+
+`func (o *GroupSchemaAttribute) SetItems(v UserSchemaAttributeItems)`
+
+SetItems sets Items field to given value.
+
+### HasItems
+
+`func (o *GroupSchemaAttribute) HasItems() bool`
+
+HasItems returns a boolean if a field has been set.
+
+### GetMaster
+
+`func (o *GroupSchemaAttribute) GetMaster() UserSchemaAttributeMaster`
+
+GetMaster returns the Master field if non-nil, zero value otherwise.
+
+### GetMasterOk
+
+`func (o *GroupSchemaAttribute) GetMasterOk() (*UserSchemaAttributeMaster, bool)`
+
+GetMasterOk returns a tuple with the Master field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaster
+
+`func (o *GroupSchemaAttribute) SetMaster(v UserSchemaAttributeMaster)`
+
+SetMaster sets Master field to given value.
+
+### HasMaster
+
+`func (o *GroupSchemaAttribute) HasMaster() bool`
+
+HasMaster returns a boolean if a field has been set.
+
+### GetMaxLength
+
+`func (o *GroupSchemaAttribute) GetMaxLength() int32`
+
+GetMaxLength returns the MaxLength field if non-nil, zero value otherwise.
+
+### GetMaxLengthOk
+
+`func (o *GroupSchemaAttribute) GetMaxLengthOk() (*int32, bool)`
+
+GetMaxLengthOk returns a tuple with the MaxLength field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxLength
+
+`func (o *GroupSchemaAttribute) SetMaxLength(v int32)`
+
+SetMaxLength sets MaxLength field to given value.
+
+### HasMaxLength
+
+`func (o *GroupSchemaAttribute) HasMaxLength() bool`
+
+HasMaxLength returns a boolean if a field has been set.
+
+### GetMinLength
+
+`func (o *GroupSchemaAttribute) GetMinLength() int32`
+
+GetMinLength returns the MinLength field if non-nil, zero value otherwise.
+
+### GetMinLengthOk
+
+`func (o *GroupSchemaAttribute) GetMinLengthOk() (*int32, bool)`
+
+GetMinLengthOk returns a tuple with the MinLength field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinLength
+
+`func (o *GroupSchemaAttribute) SetMinLength(v int32)`
+
+SetMinLength sets MinLength field to given value.
+
+### HasMinLength
+
+`func (o *GroupSchemaAttribute) HasMinLength() bool`
+
+HasMinLength returns a boolean if a field has been set.
+
+### GetMutability
+
+`func (o *GroupSchemaAttribute) GetMutability() string`
+
+GetMutability returns the Mutability field if non-nil, zero value otherwise.
+
+### GetMutabilityOk
+
+`func (o *GroupSchemaAttribute) GetMutabilityOk() (*string, bool)`
+
+GetMutabilityOk returns a tuple with the Mutability field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMutability
+
+`func (o *GroupSchemaAttribute) SetMutability(v string)`
+
+SetMutability sets Mutability field to given value.
+
+### HasMutability
+
+`func (o *GroupSchemaAttribute) HasMutability() bool`
+
+HasMutability returns a boolean if a field has been set.
+
+### GetOneOf
+
+`func (o *GroupSchemaAttribute) GetOneOf() []UserSchemaAttributeEnum`
+
+GetOneOf returns the OneOf field if non-nil, zero value otherwise.
+
+### GetOneOfOk
+
+`func (o *GroupSchemaAttribute) GetOneOfOk() (*[]UserSchemaAttributeEnum, bool)`
+
+GetOneOfOk returns a tuple with the OneOf field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOneOf
+
+`func (o *GroupSchemaAttribute) SetOneOf(v []UserSchemaAttributeEnum)`
+
+SetOneOf sets OneOf field to given value.
+
+### HasOneOf
+
+`func (o *GroupSchemaAttribute) HasOneOf() bool`
+
+HasOneOf returns a boolean if a field has been set.
+
+### GetPermissions
+
+`func (o *GroupSchemaAttribute) GetPermissions() []UserSchemaAttributePermission`
+
+GetPermissions returns the Permissions field if non-nil, zero value otherwise.
+
+### GetPermissionsOk
+
+`func (o *GroupSchemaAttribute) GetPermissionsOk() (*[]UserSchemaAttributePermission, bool)`
+
+GetPermissionsOk returns a tuple with the Permissions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPermissions
+
+`func (o *GroupSchemaAttribute) SetPermissions(v []UserSchemaAttributePermission)`
+
+SetPermissions sets Permissions field to given value.
+
+### HasPermissions
+
+`func (o *GroupSchemaAttribute) HasPermissions() bool`
+
+HasPermissions returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *GroupSchemaAttribute) GetRequired() bool`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *GroupSchemaAttribute) GetRequiredOk() (*bool, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *GroupSchemaAttribute) SetRequired(v bool)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *GroupSchemaAttribute) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *GroupSchemaAttribute) GetScope() UserSchemaAttributeScope`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *GroupSchemaAttribute) GetScopeOk() (*UserSchemaAttributeScope, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *GroupSchemaAttribute) SetScope(v UserSchemaAttributeScope)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *GroupSchemaAttribute) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *GroupSchemaAttribute) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *GroupSchemaAttribute) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *GroupSchemaAttribute) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *GroupSchemaAttribute) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *GroupSchemaAttribute) GetType() UserSchemaAttributeType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *GroupSchemaAttribute) GetTypeOk() (*UserSchemaAttributeType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *GroupSchemaAttribute) SetType(v UserSchemaAttributeType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *GroupSchemaAttribute) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetUnion
+
+`func (o *GroupSchemaAttribute) GetUnion() UserSchemaAttributeUnion`
+
+GetUnion returns the Union field if non-nil, zero value otherwise.
+
+### GetUnionOk
+
+`func (o *GroupSchemaAttribute) GetUnionOk() (*UserSchemaAttributeUnion, bool)`
+
+GetUnionOk returns a tuple with the Union field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnion
+
+`func (o *GroupSchemaAttribute) SetUnion(v UserSchemaAttributeUnion)`
+
+SetUnion sets Union field to given value.
+
+### HasUnion
+
+`func (o *GroupSchemaAttribute) HasUnion() bool`
+
+HasUnion returns a boolean if a field has been set.
+
+### GetUnique
+
+`func (o *GroupSchemaAttribute) GetUnique() string`
+
+GetUnique returns the Unique field if non-nil, zero value otherwise.
+
+### GetUniqueOk
+
+`func (o *GroupSchemaAttribute) GetUniqueOk() (*string, bool)`
+
+GetUniqueOk returns a tuple with the Unique field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnique
+
+`func (o *GroupSchemaAttribute) SetUnique(v string)`
+
+SetUnique sets Unique field to given value.
+
+### HasUnique
+
+`func (o *GroupSchemaAttribute) HasUnique() bool`
+
+HasUnique returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupSchemaBase.md b/okta/docs/GroupSchemaBase.md
new file mode 100644
index 000000000..7a2d097e4
--- /dev/null
+++ b/okta/docs/GroupSchemaBase.md
@@ -0,0 +1,134 @@
+# GroupSchemaBase
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Properties** | Pointer to [**GroupSchemaBaseProperties**](GroupSchemaBaseProperties.md) |  | [optional] 
+**Required** | Pointer to **[]string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewGroupSchemaBase
+
+`func NewGroupSchemaBase() *GroupSchemaBase`
+
+NewGroupSchemaBase instantiates a new GroupSchemaBase object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupSchemaBaseWithDefaults
+
+`func NewGroupSchemaBaseWithDefaults() *GroupSchemaBase`
+
+NewGroupSchemaBaseWithDefaults instantiates a new GroupSchemaBase object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *GroupSchemaBase) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *GroupSchemaBase) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *GroupSchemaBase) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *GroupSchemaBase) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *GroupSchemaBase) GetProperties() GroupSchemaBaseProperties`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *GroupSchemaBase) GetPropertiesOk() (*GroupSchemaBaseProperties, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *GroupSchemaBase) SetProperties(v GroupSchemaBaseProperties)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *GroupSchemaBase) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *GroupSchemaBase) GetRequired() []string`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *GroupSchemaBase) GetRequiredOk() (*[]string, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *GroupSchemaBase) SetRequired(v []string)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *GroupSchemaBase) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *GroupSchemaBase) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *GroupSchemaBase) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *GroupSchemaBase) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *GroupSchemaBase) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupSchemaBaseProperties.md b/okta/docs/GroupSchemaBaseProperties.md
new file mode 100644
index 000000000..1891cbc40
--- /dev/null
+++ b/okta/docs/GroupSchemaBaseProperties.md
@@ -0,0 +1,82 @@
+# GroupSchemaBaseProperties
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Description** | Pointer to [**GroupSchemaAttribute**](GroupSchemaAttribute.md) |  | [optional] 
+**Name** | Pointer to [**GroupSchemaAttribute**](GroupSchemaAttribute.md) |  | [optional] 
+
+## Methods
+
+### NewGroupSchemaBaseProperties
+
+`func NewGroupSchemaBaseProperties() *GroupSchemaBaseProperties`
+
+NewGroupSchemaBaseProperties instantiates a new GroupSchemaBaseProperties object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupSchemaBasePropertiesWithDefaults
+
+`func NewGroupSchemaBasePropertiesWithDefaults() *GroupSchemaBaseProperties`
+
+NewGroupSchemaBasePropertiesWithDefaults instantiates a new GroupSchemaBaseProperties object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDescription
+
+`func (o *GroupSchemaBaseProperties) GetDescription() GroupSchemaAttribute`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *GroupSchemaBaseProperties) GetDescriptionOk() (*GroupSchemaAttribute, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *GroupSchemaBaseProperties) SetDescription(v GroupSchemaAttribute)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *GroupSchemaBaseProperties) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *GroupSchemaBaseProperties) GetName() GroupSchemaAttribute`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *GroupSchemaBaseProperties) GetNameOk() (*GroupSchemaAttribute, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *GroupSchemaBaseProperties) SetName(v GroupSchemaAttribute)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *GroupSchemaBaseProperties) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupSchemaCustom.md b/okta/docs/GroupSchemaCustom.md
new file mode 100644
index 000000000..554e0c5ef
--- /dev/null
+++ b/okta/docs/GroupSchemaCustom.md
@@ -0,0 +1,134 @@
+# GroupSchemaCustom
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Properties** | Pointer to [**map[string]GroupSchemaAttribute**](GroupSchemaAttribute.md) |  | [optional] 
+**Required** | Pointer to **[]string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewGroupSchemaCustom
+
+`func NewGroupSchemaCustom() *GroupSchemaCustom`
+
+NewGroupSchemaCustom instantiates a new GroupSchemaCustom object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupSchemaCustomWithDefaults
+
+`func NewGroupSchemaCustomWithDefaults() *GroupSchemaCustom`
+
+NewGroupSchemaCustomWithDefaults instantiates a new GroupSchemaCustom object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *GroupSchemaCustom) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *GroupSchemaCustom) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *GroupSchemaCustom) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *GroupSchemaCustom) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *GroupSchemaCustom) GetProperties() map[string]GroupSchemaAttribute`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *GroupSchemaCustom) GetPropertiesOk() (*map[string]GroupSchemaAttribute, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *GroupSchemaCustom) SetProperties(v map[string]GroupSchemaAttribute)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *GroupSchemaCustom) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *GroupSchemaCustom) GetRequired() []string`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *GroupSchemaCustom) GetRequiredOk() (*[]string, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *GroupSchemaCustom) SetRequired(v []string)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *GroupSchemaCustom) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *GroupSchemaCustom) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *GroupSchemaCustom) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *GroupSchemaCustom) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *GroupSchemaCustom) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupSchemaDefinitions.md b/okta/docs/GroupSchemaDefinitions.md
new file mode 100644
index 000000000..2609b7603
--- /dev/null
+++ b/okta/docs/GroupSchemaDefinitions.md
@@ -0,0 +1,82 @@
+# GroupSchemaDefinitions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Base** | Pointer to [**GroupSchemaBase**](GroupSchemaBase.md) |  | [optional] 
+**Custom** | Pointer to [**GroupSchemaCustom**](GroupSchemaCustom.md) |  | [optional] 
+
+## Methods
+
+### NewGroupSchemaDefinitions
+
+`func NewGroupSchemaDefinitions() *GroupSchemaDefinitions`
+
+NewGroupSchemaDefinitions instantiates a new GroupSchemaDefinitions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewGroupSchemaDefinitionsWithDefaults
+
+`func NewGroupSchemaDefinitionsWithDefaults() *GroupSchemaDefinitions`
+
+NewGroupSchemaDefinitionsWithDefaults instantiates a new GroupSchemaDefinitions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBase
+
+`func (o *GroupSchemaDefinitions) GetBase() GroupSchemaBase`
+
+GetBase returns the Base field if non-nil, zero value otherwise.
+
+### GetBaseOk
+
+`func (o *GroupSchemaDefinitions) GetBaseOk() (*GroupSchemaBase, bool)`
+
+GetBaseOk returns a tuple with the Base field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBase
+
+`func (o *GroupSchemaDefinitions) SetBase(v GroupSchemaBase)`
+
+SetBase sets Base field to given value.
+
+### HasBase
+
+`func (o *GroupSchemaDefinitions) HasBase() bool`
+
+HasBase returns a boolean if a field has been set.
+
+### GetCustom
+
+`func (o *GroupSchemaDefinitions) GetCustom() GroupSchemaCustom`
+
+GetCustom returns the Custom field if non-nil, zero value otherwise.
+
+### GetCustomOk
+
+`func (o *GroupSchemaDefinitions) GetCustomOk() (*GroupSchemaCustom, bool)`
+
+GetCustomOk returns a tuple with the Custom field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustom
+
+`func (o *GroupSchemaDefinitions) SetCustom(v GroupSchemaCustom)`
+
+SetCustom sets Custom field to given value.
+
+### HasCustom
+
+`func (o *GroupSchemaDefinitions) HasCustom() bool`
+
+HasCustom returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/GroupType.md b/okta/docs/GroupType.md
new file mode 100644
index 000000000..7a1143568
--- /dev/null
+++ b/okta/docs/GroupType.md
@@ -0,0 +1,15 @@
+# GroupType
+
+## Enum
+
+
+* `APP_GROUP` (value: `"APP_GROUP"`)
+
+* `BUILT_IN` (value: `"BUILT_IN"`)
+
+* `OKTA_GROUP` (value: `"OKTA_GROUP"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HardwareUserFactor.md b/okta/docs/HardwareUserFactor.md
new file mode 100644
index 000000000..90f37e3e3
--- /dev/null
+++ b/okta/docs/HardwareUserFactor.md
@@ -0,0 +1,56 @@
+# HardwareUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**HardwareUserFactorProfile**](HardwareUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewHardwareUserFactor
+
+`func NewHardwareUserFactor() *HardwareUserFactor`
+
+NewHardwareUserFactor instantiates a new HardwareUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHardwareUserFactorWithDefaults
+
+`func NewHardwareUserFactorWithDefaults() *HardwareUserFactor`
+
+NewHardwareUserFactorWithDefaults instantiates a new HardwareUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *HardwareUserFactor) GetProfile() HardwareUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *HardwareUserFactor) GetProfileOk() (*HardwareUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *HardwareUserFactor) SetProfile(v HardwareUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *HardwareUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HardwareUserFactorAllOf.md b/okta/docs/HardwareUserFactorAllOf.md
new file mode 100644
index 000000000..19d16d11b
--- /dev/null
+++ b/okta/docs/HardwareUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# HardwareUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**HardwareUserFactorProfile**](HardwareUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewHardwareUserFactorAllOf
+
+`func NewHardwareUserFactorAllOf() *HardwareUserFactorAllOf`
+
+NewHardwareUserFactorAllOf instantiates a new HardwareUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHardwareUserFactorAllOfWithDefaults
+
+`func NewHardwareUserFactorAllOfWithDefaults() *HardwareUserFactorAllOf`
+
+NewHardwareUserFactorAllOfWithDefaults instantiates a new HardwareUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *HardwareUserFactorAllOf) GetProfile() HardwareUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *HardwareUserFactorAllOf) GetProfileOk() (*HardwareUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *HardwareUserFactorAllOf) SetProfile(v HardwareUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *HardwareUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HardwareUserFactorProfile.md b/okta/docs/HardwareUserFactorProfile.md
new file mode 100644
index 000000000..0b8430e9a
--- /dev/null
+++ b/okta/docs/HardwareUserFactorProfile.md
@@ -0,0 +1,56 @@
+# HardwareUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredentialId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewHardwareUserFactorProfile
+
+`func NewHardwareUserFactorProfile() *HardwareUserFactorProfile`
+
+NewHardwareUserFactorProfile instantiates a new HardwareUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHardwareUserFactorProfileWithDefaults
+
+`func NewHardwareUserFactorProfileWithDefaults() *HardwareUserFactorProfile`
+
+NewHardwareUserFactorProfileWithDefaults instantiates a new HardwareUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentialId
+
+`func (o *HardwareUserFactorProfile) GetCredentialId() string`
+
+GetCredentialId returns the CredentialId field if non-nil, zero value otherwise.
+
+### GetCredentialIdOk
+
+`func (o *HardwareUserFactorProfile) GetCredentialIdOk() (*string, bool)`
+
+GetCredentialIdOk returns a tuple with the CredentialId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialId
+
+`func (o *HardwareUserFactorProfile) SetCredentialId(v string)`
+
+SetCredentialId sets CredentialId field to given value.
+
+### HasCredentialId
+
+`func (o *HardwareUserFactorProfile) HasCredentialId() bool`
+
+HasCredentialId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HookKey.md b/okta/docs/HookKey.md
new file mode 100644
index 000000000..732693cdd
--- /dev/null
+++ b/okta/docs/HookKey.md
@@ -0,0 +1,212 @@
+# HookKey
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**IsUsed** | Pointer to **bool** |  | [optional] 
+**KeyId** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Embedded** | Pointer to [**JsonWebKey**](JsonWebKey.md) |  | [optional] 
+
+## Methods
+
+### NewHookKey
+
+`func NewHookKey() *HookKey`
+
+NewHookKey instantiates a new HookKey object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHookKeyWithDefaults
+
+`func NewHookKeyWithDefaults() *HookKey`
+
+NewHookKeyWithDefaults instantiates a new HookKey object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *HookKey) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *HookKey) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *HookKey) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *HookKey) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *HookKey) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *HookKey) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *HookKey) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *HookKey) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIsUsed
+
+`func (o *HookKey) GetIsUsed() bool`
+
+GetIsUsed returns the IsUsed field if non-nil, zero value otherwise.
+
+### GetIsUsedOk
+
+`func (o *HookKey) GetIsUsedOk() (*bool, bool)`
+
+GetIsUsedOk returns a tuple with the IsUsed field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsUsed
+
+`func (o *HookKey) SetIsUsed(v bool)`
+
+SetIsUsed sets IsUsed field to given value.
+
+### HasIsUsed
+
+`func (o *HookKey) HasIsUsed() bool`
+
+HasIsUsed returns a boolean if a field has been set.
+
+### GetKeyId
+
+`func (o *HookKey) GetKeyId() string`
+
+GetKeyId returns the KeyId field if non-nil, zero value otherwise.
+
+### GetKeyIdOk
+
+`func (o *HookKey) GetKeyIdOk() (*string, bool)`
+
+GetKeyIdOk returns a tuple with the KeyId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKeyId
+
+`func (o *HookKey) SetKeyId(v string)`
+
+SetKeyId sets KeyId field to given value.
+
+### HasKeyId
+
+`func (o *HookKey) HasKeyId() bool`
+
+HasKeyId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *HookKey) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *HookKey) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *HookKey) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *HookKey) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *HookKey) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *HookKey) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *HookKey) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *HookKey) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *HookKey) GetEmbedded() JsonWebKey`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *HookKey) GetEmbeddedOk() (*JsonWebKey, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *HookKey) SetEmbedded(v JsonWebKey)`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *HookKey) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HookKeyApi.md b/okta/docs/HookKeyApi.md
new file mode 100644
index 000000000..7251cd7c4
--- /dev/null
+++ b/okta/docs/HookKeyApi.md
@@ -0,0 +1,421 @@
+# \HookKeyApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateHookKey**](HookKeyApi.md#CreateHookKey) | **Post** /api/v1/hook-keys | Create a key
+[**DeleteHookKey**](HookKeyApi.md#DeleteHookKey) | **Delete** /api/v1/hook-keys/{hookKeyId} | Delete a key
+[**GetHookKey**](HookKeyApi.md#GetHookKey) | **Get** /api/v1/hook-keys/{hookKeyId} | Retrieve a key
+[**GetPublicKey**](HookKeyApi.md#GetPublicKey) | **Get** /api/v1/hook-keys/public/{keyId} | Retrieve a public key
+[**ListHookKeys**](HookKeyApi.md#ListHookKeys) | **Get** /api/v1/hook-keys | List all keys
+[**ReplaceHookKey**](HookKeyApi.md#ReplaceHookKey) | **Put** /api/v1/hook-keys/{hookKeyId} | Replace a key
+
+
+
+## CreateHookKey
+
+> HookKey CreateHookKey(ctx).KeyRequest(keyRequest).Execute()
+
+Create a key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    keyRequest := *openapiclient.NewKeyRequest() // KeyRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.HookKeyApi.CreateHookKey(context.Background()).KeyRequest(keyRequest).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `HookKeyApi.CreateHookKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateHookKey`: HookKey
+    fmt.Fprintf(os.Stdout, "Response from `HookKeyApi.CreateHookKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateHookKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **keyRequest** | [**KeyRequest**](KeyRequest.md) |  | 
+
+### Return type
+
+[**HookKey**](HookKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteHookKey
+
+> DeleteHookKey(ctx, hookKeyId).Execute()
+
+Delete a key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    hookKeyId := "hookKeyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.HookKeyApi.DeleteHookKey(context.Background(), hookKeyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `HookKeyApi.DeleteHookKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**hookKeyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteHookKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetHookKey
+
+> HookKey GetHookKey(ctx, hookKeyId).Execute()
+
+Retrieve a key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    hookKeyId := "hookKeyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.HookKeyApi.GetHookKey(context.Background(), hookKeyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `HookKeyApi.GetHookKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetHookKey`: HookKey
+    fmt.Fprintf(os.Stdout, "Response from `HookKeyApi.GetHookKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**hookKeyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetHookKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**HookKey**](HookKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetPublicKey
+
+> JsonWebKey GetPublicKey(ctx, keyId).Execute()
+
+Retrieve a public key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    keyId := "keyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.HookKeyApi.GetPublicKey(context.Background(), keyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `HookKeyApi.GetPublicKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetPublicKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `HookKeyApi.GetPublicKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**keyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetPublicKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListHookKeys
+
+> []HookKey ListHookKeys(ctx).Execute()
+
+List all keys
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.HookKeyApi.ListHookKeys(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `HookKeyApi.ListHookKeys``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListHookKeys`: []HookKey
+    fmt.Fprintf(os.Stdout, "Response from `HookKeyApi.ListHookKeys`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListHookKeysRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]HookKey**](HookKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceHookKey
+
+> HookKey ReplaceHookKey(ctx, hookKeyId).KeyRequest(keyRequest).Execute()
+
+Replace a key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    hookKeyId := "hookKeyId_example" // string | 
+    keyRequest := *openapiclient.NewKeyRequest() // KeyRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.HookKeyApi.ReplaceHookKey(context.Background(), hookKeyId).KeyRequest(keyRequest).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `HookKeyApi.ReplaceHookKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceHookKey`: HookKey
+    fmt.Fprintf(os.Stdout, "Response from `HookKeyApi.ReplaceHookKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**hookKeyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceHookKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **keyRequest** | [**KeyRequest**](KeyRequest.md) |  | 
+
+### Return type
+
+[**HookKey**](HookKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/HostedPage.md b/okta/docs/HostedPage.md
new file mode 100644
index 000000000..15ae723f5
--- /dev/null
+++ b/okta/docs/HostedPage.md
@@ -0,0 +1,77 @@
+# HostedPage
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | [**HostedPageType**](HostedPageType.md) |  | 
+**Url** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewHostedPage
+
+`func NewHostedPage(type_ HostedPageType, ) *HostedPage`
+
+NewHostedPage instantiates a new HostedPage object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHostedPageWithDefaults
+
+`func NewHostedPageWithDefaults() *HostedPage`
+
+NewHostedPageWithDefaults instantiates a new HostedPage object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *HostedPage) GetType() HostedPageType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *HostedPage) GetTypeOk() (*HostedPageType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *HostedPage) SetType(v HostedPageType)`
+
+SetType sets Type field to given value.
+
+
+### GetUrl
+
+`func (o *HostedPage) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *HostedPage) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *HostedPage) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *HostedPage) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HostedPageType.md b/okta/docs/HostedPageType.md
new file mode 100644
index 000000000..350217fdc
--- /dev/null
+++ b/okta/docs/HostedPageType.md
@@ -0,0 +1,13 @@
+# HostedPageType
+
+## Enum
+
+
+* `EXTERNALLY_HOSTED` (value: `"EXTERNALLY_HOSTED"`)
+
+* `OKTA_DEFAULT` (value: `"OKTA_DEFAULT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HrefObject.md b/okta/docs/HrefObject.md
new file mode 100644
index 000000000..259a2135f
--- /dev/null
+++ b/okta/docs/HrefObject.md
@@ -0,0 +1,129 @@
+# HrefObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Hints** | Pointer to [**HrefObjectHints**](HrefObjectHints.md) |  | [optional] 
+**Href** | **string** |  | 
+**Name** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** | The media type of the link. If omitted, it is implicitly &#x60;application/json&#x60;. | [optional] 
+
+## Methods
+
+### NewHrefObject
+
+`func NewHrefObject(href string, ) *HrefObject`
+
+NewHrefObject instantiates a new HrefObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHrefObjectWithDefaults
+
+`func NewHrefObjectWithDefaults() *HrefObject`
+
+NewHrefObjectWithDefaults instantiates a new HrefObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetHints
+
+`func (o *HrefObject) GetHints() HrefObjectHints`
+
+GetHints returns the Hints field if non-nil, zero value otherwise.
+
+### GetHintsOk
+
+`func (o *HrefObject) GetHintsOk() (*HrefObjectHints, bool)`
+
+GetHintsOk returns a tuple with the Hints field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHints
+
+`func (o *HrefObject) SetHints(v HrefObjectHints)`
+
+SetHints sets Hints field to given value.
+
+### HasHints
+
+`func (o *HrefObject) HasHints() bool`
+
+HasHints returns a boolean if a field has been set.
+
+### GetHref
+
+`func (o *HrefObject) GetHref() string`
+
+GetHref returns the Href field if non-nil, zero value otherwise.
+
+### GetHrefOk
+
+`func (o *HrefObject) GetHrefOk() (*string, bool)`
+
+GetHrefOk returns a tuple with the Href field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHref
+
+`func (o *HrefObject) SetHref(v string)`
+
+SetHref sets Href field to given value.
+
+
+### GetName
+
+`func (o *HrefObject) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *HrefObject) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *HrefObject) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *HrefObject) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *HrefObject) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *HrefObject) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *HrefObject) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *HrefObject) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HrefObjectHints.md b/okta/docs/HrefObjectHints.md
new file mode 100644
index 000000000..61a9f339e
--- /dev/null
+++ b/okta/docs/HrefObjectHints.md
@@ -0,0 +1,56 @@
+# HrefObjectHints
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Allow** | Pointer to [**[]HttpMethod**](HttpMethod.md) |  | [optional] 
+
+## Methods
+
+### NewHrefObjectHints
+
+`func NewHrefObjectHints() *HrefObjectHints`
+
+NewHrefObjectHints instantiates a new HrefObjectHints object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHrefObjectHintsWithDefaults
+
+`func NewHrefObjectHintsWithDefaults() *HrefObjectHints`
+
+NewHrefObjectHintsWithDefaults instantiates a new HrefObjectHints object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAllow
+
+`func (o *HrefObjectHints) GetAllow() []HttpMethod`
+
+GetAllow returns the Allow field if non-nil, zero value otherwise.
+
+### GetAllowOk
+
+`func (o *HrefObjectHints) GetAllowOk() (*[]HttpMethod, bool)`
+
+GetAllowOk returns a tuple with the Allow field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllow
+
+`func (o *HrefObjectHints) SetAllow(v []HttpMethod)`
+
+SetAllow sets Allow field to given value.
+
+### HasAllow
+
+`func (o *HrefObjectHints) HasAllow() bool`
+
+HasAllow returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HrefObjectSelfLink.md b/okta/docs/HrefObjectSelfLink.md
new file mode 100644
index 000000000..b8e066644
--- /dev/null
+++ b/okta/docs/HrefObjectSelfLink.md
@@ -0,0 +1,129 @@
+# HrefObjectSelfLink
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Hints** | Pointer to [**HrefObjectHints**](HrefObjectHints.md) |  | [optional] 
+**Href** | **string** |  | 
+**Name** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** | The media type of the link. If omitted, it is implicitly &#x60;application/json&#x60;. | [optional] 
+
+## Methods
+
+### NewHrefObjectSelfLink
+
+`func NewHrefObjectSelfLink(href string, ) *HrefObjectSelfLink`
+
+NewHrefObjectSelfLink instantiates a new HrefObjectSelfLink object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewHrefObjectSelfLinkWithDefaults
+
+`func NewHrefObjectSelfLinkWithDefaults() *HrefObjectSelfLink`
+
+NewHrefObjectSelfLinkWithDefaults instantiates a new HrefObjectSelfLink object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetHints
+
+`func (o *HrefObjectSelfLink) GetHints() HrefObjectHints`
+
+GetHints returns the Hints field if non-nil, zero value otherwise.
+
+### GetHintsOk
+
+`func (o *HrefObjectSelfLink) GetHintsOk() (*HrefObjectHints, bool)`
+
+GetHintsOk returns a tuple with the Hints field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHints
+
+`func (o *HrefObjectSelfLink) SetHints(v HrefObjectHints)`
+
+SetHints sets Hints field to given value.
+
+### HasHints
+
+`func (o *HrefObjectSelfLink) HasHints() bool`
+
+HasHints returns a boolean if a field has been set.
+
+### GetHref
+
+`func (o *HrefObjectSelfLink) GetHref() string`
+
+GetHref returns the Href field if non-nil, zero value otherwise.
+
+### GetHrefOk
+
+`func (o *HrefObjectSelfLink) GetHrefOk() (*string, bool)`
+
+GetHrefOk returns a tuple with the Href field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHref
+
+`func (o *HrefObjectSelfLink) SetHref(v string)`
+
+SetHref sets Href field to given value.
+
+
+### GetName
+
+`func (o *HrefObjectSelfLink) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *HrefObjectSelfLink) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *HrefObjectSelfLink) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *HrefObjectSelfLink) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *HrefObjectSelfLink) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *HrefObjectSelfLink) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *HrefObjectSelfLink) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *HrefObjectSelfLink) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/HttpMethod.md b/okta/docs/HttpMethod.md
new file mode 100644
index 000000000..e6c9abb63
--- /dev/null
+++ b/okta/docs/HttpMethod.md
@@ -0,0 +1,17 @@
+# HttpMethod
+
+## Enum
+
+
+* `DELETE` (value: `"DELETE"`)
+
+* `GET` (value: `"GET"`)
+
+* `POST` (value: `"POST"`)
+
+* `PUT` (value: `"PUT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IamRole.md b/okta/docs/IamRole.md
new file mode 100644
index 000000000..c7b231781
--- /dev/null
+++ b/okta/docs/IamRole.md
@@ -0,0 +1,197 @@
+# IamRole
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the role was created | [optional] [readonly] 
+**Description** | **string** | Description of the role | 
+**Id** | Pointer to **string** | Unique key for the role | [optional] [readonly] 
+**Label** | **string** | Unique label for the role | 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the role was last updated | [optional] [readonly] 
+**Permissions** | [**[]RolePermissionType**](RolePermissionType.md) | Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types). | 
+**Links** | Pointer to [**IamRoleLinks**](IamRoleLinks.md) |  | [optional] 
+
+## Methods
+
+### NewIamRole
+
+`func NewIamRole(description string, label string, permissions []RolePermissionType, ) *IamRole`
+
+NewIamRole instantiates a new IamRole object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIamRoleWithDefaults
+
+`func NewIamRoleWithDefaults() *IamRole`
+
+NewIamRoleWithDefaults instantiates a new IamRole object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *IamRole) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *IamRole) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *IamRole) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *IamRole) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *IamRole) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *IamRole) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *IamRole) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+
+### GetId
+
+`func (o *IamRole) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *IamRole) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *IamRole) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *IamRole) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *IamRole) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *IamRole) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *IamRole) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+
+### GetLastUpdated
+
+`func (o *IamRole) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *IamRole) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *IamRole) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *IamRole) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetPermissions
+
+`func (o *IamRole) GetPermissions() []RolePermissionType`
+
+GetPermissions returns the Permissions field if non-nil, zero value otherwise.
+
+### GetPermissionsOk
+
+`func (o *IamRole) GetPermissionsOk() (*[]RolePermissionType, bool)`
+
+GetPermissionsOk returns a tuple with the Permissions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPermissions
+
+`func (o *IamRole) SetPermissions(v []RolePermissionType)`
+
+SetPermissions sets Permissions field to given value.
+
+
+### GetLinks
+
+`func (o *IamRole) GetLinks() IamRoleLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *IamRole) GetLinksOk() (*IamRoleLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *IamRole) SetLinks(v IamRoleLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *IamRole) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IamRoleLinks.md b/okta/docs/IamRoleLinks.md
new file mode 100644
index 000000000..d4faf4701
--- /dev/null
+++ b/okta/docs/IamRoleLinks.md
@@ -0,0 +1,82 @@
+# IamRoleLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Permissions** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewIamRoleLinks
+
+`func NewIamRoleLinks() *IamRoleLinks`
+
+NewIamRoleLinks instantiates a new IamRoleLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIamRoleLinksWithDefaults
+
+`func NewIamRoleLinksWithDefaults() *IamRoleLinks`
+
+NewIamRoleLinksWithDefaults instantiates a new IamRoleLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *IamRoleLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *IamRoleLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *IamRoleLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *IamRoleLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetPermissions
+
+`func (o *IamRoleLinks) GetPermissions() HrefObject`
+
+GetPermissions returns the Permissions field if non-nil, zero value otherwise.
+
+### GetPermissionsOk
+
+`func (o *IamRoleLinks) GetPermissionsOk() (*HrefObject, bool)`
+
+GetPermissionsOk returns a tuple with the Permissions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPermissions
+
+`func (o *IamRoleLinks) SetPermissions(v HrefObject)`
+
+SetPermissions sets Permissions field to given value.
+
+### HasPermissions
+
+`func (o *IamRoleLinks) HasPermissions() bool`
+
+HasPermissions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IamRoles.md b/okta/docs/IamRoles.md
new file mode 100644
index 000000000..993f675fb
--- /dev/null
+++ b/okta/docs/IamRoles.md
@@ -0,0 +1,82 @@
+# IamRoles
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Roles** | Pointer to [**[]IamRole**](IamRole.md) |  | [optional] 
+**Links** | Pointer to [**IamRolesLinks**](IamRolesLinks.md) |  | [optional] 
+
+## Methods
+
+### NewIamRoles
+
+`func NewIamRoles() *IamRoles`
+
+NewIamRoles instantiates a new IamRoles object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIamRolesWithDefaults
+
+`func NewIamRolesWithDefaults() *IamRoles`
+
+NewIamRolesWithDefaults instantiates a new IamRoles object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRoles
+
+`func (o *IamRoles) GetRoles() []IamRole`
+
+GetRoles returns the Roles field if non-nil, zero value otherwise.
+
+### GetRolesOk
+
+`func (o *IamRoles) GetRolesOk() (*[]IamRole, bool)`
+
+GetRolesOk returns a tuple with the Roles field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRoles
+
+`func (o *IamRoles) SetRoles(v []IamRole)`
+
+SetRoles sets Roles field to given value.
+
+### HasRoles
+
+`func (o *IamRoles) HasRoles() bool`
+
+HasRoles returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *IamRoles) GetLinks() IamRolesLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *IamRoles) GetLinksOk() (*IamRolesLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *IamRoles) SetLinks(v IamRolesLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *IamRoles) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IamRolesLinks.md b/okta/docs/IamRolesLinks.md
new file mode 100644
index 000000000..486ed5e7f
--- /dev/null
+++ b/okta/docs/IamRolesLinks.md
@@ -0,0 +1,56 @@
+# IamRolesLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Next** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewIamRolesLinks
+
+`func NewIamRolesLinks() *IamRolesLinks`
+
+NewIamRolesLinks instantiates a new IamRolesLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIamRolesLinksWithDefaults
+
+`func NewIamRolesLinksWithDefaults() *IamRolesLinks`
+
+NewIamRolesLinksWithDefaults instantiates a new IamRolesLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNext
+
+`func (o *IamRolesLinks) GetNext() HrefObject`
+
+GetNext returns the Next field if non-nil, zero value otherwise.
+
+### GetNextOk
+
+`func (o *IamRolesLinks) GetNextOk() (*HrefObject, bool)`
+
+GetNextOk returns a tuple with the Next field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNext
+
+`func (o *IamRolesLinks) SetNext(v HrefObject)`
+
+SetNext sets Next field to given value.
+
+### HasNext
+
+`func (o *IamRolesLinks) HasNext() bool`
+
+HasNext returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProvider.md b/okta/docs/IdentityProvider.md
new file mode 100644
index 000000000..2dc10987d
--- /dev/null
+++ b/okta/docs/IdentityProvider.md
@@ -0,0 +1,300 @@
+# IdentityProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**IssuerMode** | Pointer to [**IssuerMode**](IssuerMode.md) |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Policy** | Pointer to [**IdentityProviderPolicy**](IdentityProviderPolicy.md) |  | [optional] 
+**Protocol** | Pointer to [**Protocol**](Protocol.md) |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Type** | Pointer to [**IdentityProviderType**](IdentityProviderType.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewIdentityProvider
+
+`func NewIdentityProvider() *IdentityProvider`
+
+NewIdentityProvider instantiates a new IdentityProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderWithDefaults
+
+`func NewIdentityProviderWithDefaults() *IdentityProvider`
+
+NewIdentityProviderWithDefaults instantiates a new IdentityProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *IdentityProvider) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *IdentityProvider) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *IdentityProvider) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *IdentityProvider) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### SetCreatedNil
+
+`func (o *IdentityProvider) SetCreatedNil(b bool)`
+
+ SetCreatedNil sets the value for Created to be an explicit nil
+
+### UnsetCreated
+`func (o *IdentityProvider) UnsetCreated()`
+
+UnsetCreated ensures that no value is present for Created, not even an explicit nil
+### GetId
+
+`func (o *IdentityProvider) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *IdentityProvider) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *IdentityProvider) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *IdentityProvider) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIssuerMode
+
+`func (o *IdentityProvider) GetIssuerMode() IssuerMode`
+
+GetIssuerMode returns the IssuerMode field if non-nil, zero value otherwise.
+
+### GetIssuerModeOk
+
+`func (o *IdentityProvider) GetIssuerModeOk() (*IssuerMode, bool)`
+
+GetIssuerModeOk returns a tuple with the IssuerMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuerMode
+
+`func (o *IdentityProvider) SetIssuerMode(v IssuerMode)`
+
+SetIssuerMode sets IssuerMode field to given value.
+
+### HasIssuerMode
+
+`func (o *IdentityProvider) HasIssuerMode() bool`
+
+HasIssuerMode returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *IdentityProvider) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *IdentityProvider) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *IdentityProvider) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *IdentityProvider) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *IdentityProvider) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *IdentityProvider) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *IdentityProvider) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *IdentityProvider) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPolicy
+
+`func (o *IdentityProvider) GetPolicy() IdentityProviderPolicy`
+
+GetPolicy returns the Policy field if non-nil, zero value otherwise.
+
+### GetPolicyOk
+
+`func (o *IdentityProvider) GetPolicyOk() (*IdentityProviderPolicy, bool)`
+
+GetPolicyOk returns a tuple with the Policy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPolicy
+
+`func (o *IdentityProvider) SetPolicy(v IdentityProviderPolicy)`
+
+SetPolicy sets Policy field to given value.
+
+### HasPolicy
+
+`func (o *IdentityProvider) HasPolicy() bool`
+
+HasPolicy returns a boolean if a field has been set.
+
+### GetProtocol
+
+`func (o *IdentityProvider) GetProtocol() Protocol`
+
+GetProtocol returns the Protocol field if non-nil, zero value otherwise.
+
+### GetProtocolOk
+
+`func (o *IdentityProvider) GetProtocolOk() (*Protocol, bool)`
+
+GetProtocolOk returns a tuple with the Protocol field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProtocol
+
+`func (o *IdentityProvider) SetProtocol(v Protocol)`
+
+SetProtocol sets Protocol field to given value.
+
+### HasProtocol
+
+`func (o *IdentityProvider) HasProtocol() bool`
+
+HasProtocol returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *IdentityProvider) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *IdentityProvider) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *IdentityProvider) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *IdentityProvider) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *IdentityProvider) GetType() IdentityProviderType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *IdentityProvider) GetTypeOk() (*IdentityProviderType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *IdentityProvider) SetType(v IdentityProviderType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *IdentityProvider) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *IdentityProvider) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *IdentityProvider) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *IdentityProvider) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *IdentityProvider) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderApi.md b/okta/docs/IdentityProviderApi.md
new file mode 100644
index 000000000..6e3bad9cd
--- /dev/null
+++ b/okta/docs/IdentityProviderApi.md
@@ -0,0 +1,1806 @@
+# \IdentityProviderApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateIdentityProvider**](IdentityProviderApi.md#ActivateIdentityProvider) | **Post** /api/v1/idps/{idpId}/lifecycle/activate | Activate an Identity Provider
+[**CloneIdentityProviderKey**](IdentityProviderApi.md#CloneIdentityProviderKey) | **Post** /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone | Clone a Signing Credential Key
+[**CreateIdentityProvider**](IdentityProviderApi.md#CreateIdentityProvider) | **Post** /api/v1/idps | Create an Identity Provider
+[**CreateIdentityProviderKey**](IdentityProviderApi.md#CreateIdentityProviderKey) | **Post** /api/v1/idps/credentials/keys | Create an X.509 Certificate Public Key
+[**DeactivateIdentityProvider**](IdentityProviderApi.md#DeactivateIdentityProvider) | **Post** /api/v1/idps/{idpId}/lifecycle/deactivate | Deactivate an Identity Provider
+[**DeleteIdentityProvider**](IdentityProviderApi.md#DeleteIdentityProvider) | **Delete** /api/v1/idps/{idpId} | Delete an Identity Provider
+[**DeleteIdentityProviderKey**](IdentityProviderApi.md#DeleteIdentityProviderKey) | **Delete** /api/v1/idps/credentials/keys/{keyId} | Delete a Signing Credential Key
+[**GenerateCsrForIdentityProvider**](IdentityProviderApi.md#GenerateCsrForIdentityProvider) | **Post** /api/v1/idps/{idpId}/credentials/csrs | Generate a Certificate Signing Request
+[**GenerateIdentityProviderSigningKey**](IdentityProviderApi.md#GenerateIdentityProviderSigningKey) | **Post** /api/v1/idps/{idpId}/credentials/keys/generate | Generate a new Signing Credential Key
+[**GetCsrForIdentityProvider**](IdentityProviderApi.md#GetCsrForIdentityProvider) | **Get** /api/v1/idps/{idpId}/credentials/csrs/{csrId} | Retrieve a Certificate Signing Request
+[**GetIdentityProvider**](IdentityProviderApi.md#GetIdentityProvider) | **Get** /api/v1/idps/{idpId} | Retrieve an Identity Provider
+[**GetIdentityProviderApplicationUser**](IdentityProviderApi.md#GetIdentityProviderApplicationUser) | **Get** /api/v1/idps/{idpId}/users/{userId} | Retrieve a User
+[**GetIdentityProviderKey**](IdentityProviderApi.md#GetIdentityProviderKey) | **Get** /api/v1/idps/credentials/keys/{keyId} | Retrieve an Credential Key
+[**GetIdentityProviderSigningKey**](IdentityProviderApi.md#GetIdentityProviderSigningKey) | **Get** /api/v1/idps/{idpId}/credentials/keys/{keyId} | Retrieve a Signing Credential Key
+[**LinkUserToIdentityProvider**](IdentityProviderApi.md#LinkUserToIdentityProvider) | **Post** /api/v1/idps/{idpId}/users/{userId} | Link a User to a Social IdP
+[**ListCsrsForIdentityProvider**](IdentityProviderApi.md#ListCsrsForIdentityProvider) | **Get** /api/v1/idps/{idpId}/credentials/csrs | List all Certificate Signing Requests
+[**ListIdentityProviderApplicationUsers**](IdentityProviderApi.md#ListIdentityProviderApplicationUsers) | **Get** /api/v1/idps/{idpId}/users | List all Users
+[**ListIdentityProviderKeys**](IdentityProviderApi.md#ListIdentityProviderKeys) | **Get** /api/v1/idps/credentials/keys | List all Credential Keys
+[**ListIdentityProviderSigningKeys**](IdentityProviderApi.md#ListIdentityProviderSigningKeys) | **Get** /api/v1/idps/{idpId}/credentials/keys | List all Signing Credential Keys
+[**ListIdentityProviders**](IdentityProviderApi.md#ListIdentityProviders) | **Get** /api/v1/idps | List all Identity Providers
+[**ListSocialAuthTokens**](IdentityProviderApi.md#ListSocialAuthTokens) | **Get** /api/v1/idps/{idpId}/users/{userId}/credentials/tokens | List all Tokens from a OIDC Identity Provider
+[**PublishCsrForIdentityProvider**](IdentityProviderApi.md#PublishCsrForIdentityProvider) | **Post** /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish | Publish a Certificate Signing Request
+[**ReplaceIdentityProvider**](IdentityProviderApi.md#ReplaceIdentityProvider) | **Put** /api/v1/idps/{idpId} | Replace an Identity Provider
+[**RevokeCsrForIdentityProvider**](IdentityProviderApi.md#RevokeCsrForIdentityProvider) | **Delete** /api/v1/idps/{idpId}/credentials/csrs/{csrId} | Revoke a Certificate Signing Request
+[**UnlinkUserFromIdentityProvider**](IdentityProviderApi.md#UnlinkUserFromIdentityProvider) | **Delete** /api/v1/idps/{idpId}/users/{userId} | Unlink a User from IdP
+
+
+
+## ActivateIdentityProvider
+
+> IdentityProvider ActivateIdentityProvider(ctx, idpId).Execute()
+
+Activate an Identity Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ActivateIdentityProvider(context.Background(), idpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ActivateIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateIdentityProvider`: IdentityProvider
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ActivateIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**IdentityProvider**](IdentityProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CloneIdentityProviderKey
+
+> JsonWebKey CloneIdentityProviderKey(ctx, idpId, keyId).TargetIdpId(targetIdpId).Execute()
+
+Clone a Signing Credential Key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    keyId := "keyId_example" // string | 
+    targetIdpId := "targetIdpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.CloneIdentityProviderKey(context.Background(), idpId, keyId).TargetIdpId(targetIdpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.CloneIdentityProviderKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CloneIdentityProviderKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.CloneIdentityProviderKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**keyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCloneIdentityProviderKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **targetIdpId** | **string** |  | 
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateIdentityProvider
+
+> IdentityProvider CreateIdentityProvider(ctx).IdentityProvider(identityProvider).Execute()
+
+Create an Identity Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identityProvider := *openapiclient.NewIdentityProvider() // IdentityProvider | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.CreateIdentityProvider(context.Background()).IdentityProvider(identityProvider).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.CreateIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateIdentityProvider`: IdentityProvider
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.CreateIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **identityProvider** | [**IdentityProvider**](IdentityProvider.md) |  | 
+
+### Return type
+
+[**IdentityProvider**](IdentityProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateIdentityProviderKey
+
+> JsonWebKey CreateIdentityProviderKey(ctx).JsonWebKey(jsonWebKey).Execute()
+
+Create an X.509 Certificate Public Key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    jsonWebKey := *openapiclient.NewJsonWebKey() // JsonWebKey | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.CreateIdentityProviderKey(context.Background()).JsonWebKey(jsonWebKey).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.CreateIdentityProviderKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateIdentityProviderKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.CreateIdentityProviderKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateIdentityProviderKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **jsonWebKey** | [**JsonWebKey**](JsonWebKey.md) |  | 
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateIdentityProvider
+
+> IdentityProvider DeactivateIdentityProvider(ctx, idpId).Execute()
+
+Deactivate an Identity Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.DeactivateIdentityProvider(context.Background(), idpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.DeactivateIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateIdentityProvider`: IdentityProvider
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.DeactivateIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**IdentityProvider**](IdentityProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteIdentityProvider
+
+> DeleteIdentityProvider(ctx, idpId).Execute()
+
+Delete an Identity Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.DeleteIdentityProvider(context.Background(), idpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.DeleteIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteIdentityProviderKey
+
+> DeleteIdentityProviderKey(ctx, keyId).Execute()
+
+Delete a Signing Credential Key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    keyId := "keyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.DeleteIdentityProviderKey(context.Background(), keyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.DeleteIdentityProviderKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**keyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteIdentityProviderKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GenerateCsrForIdentityProvider
+
+> Csr GenerateCsrForIdentityProvider(ctx, idpId).Metadata(metadata).Execute()
+
+Generate a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    metadata := *openapiclient.NewCsrMetadata() // CsrMetadata | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.GenerateCsrForIdentityProvider(context.Background(), idpId).Metadata(metadata).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.GenerateCsrForIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GenerateCsrForIdentityProvider`: Csr
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.GenerateCsrForIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGenerateCsrForIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **metadata** | [**CsrMetadata**](CsrMetadata.md) |  | 
+
+### Return type
+
+[**Csr**](Csr.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GenerateIdentityProviderSigningKey
+
+> JsonWebKey GenerateIdentityProviderSigningKey(ctx, idpId).ValidityYears(validityYears).Execute()
+
+Generate a new Signing Credential Key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    validityYears := int32(56) // int32 | expiry of the IdP Key Credential
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.GenerateIdentityProviderSigningKey(context.Background(), idpId).ValidityYears(validityYears).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.GenerateIdentityProviderSigningKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GenerateIdentityProviderSigningKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.GenerateIdentityProviderSigningKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGenerateIdentityProviderSigningKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **validityYears** | **int32** | expiry of the IdP Key Credential | 
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetCsrForIdentityProvider
+
+> Csr GetCsrForIdentityProvider(ctx, idpId, csrId).Execute()
+
+Retrieve a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    csrId := "csrId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.GetCsrForIdentityProvider(context.Background(), idpId, csrId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.GetCsrForIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetCsrForIdentityProvider`: Csr
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.GetCsrForIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**csrId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetCsrForIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**Csr**](Csr.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetIdentityProvider
+
+> IdentityProvider GetIdentityProvider(ctx, idpId).Execute()
+
+Retrieve an Identity Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.GetIdentityProvider(context.Background(), idpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.GetIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetIdentityProvider`: IdentityProvider
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.GetIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**IdentityProvider**](IdentityProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetIdentityProviderApplicationUser
+
+> IdentityProviderApplicationUser GetIdentityProviderApplicationUser(ctx, idpId, userId).Execute()
+
+Retrieve a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.GetIdentityProviderApplicationUser(context.Background(), idpId, userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.GetIdentityProviderApplicationUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetIdentityProviderApplicationUser`: IdentityProviderApplicationUser
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.GetIdentityProviderApplicationUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetIdentityProviderApplicationUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**IdentityProviderApplicationUser**](IdentityProviderApplicationUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetIdentityProviderKey
+
+> JsonWebKey GetIdentityProviderKey(ctx, keyId).Execute()
+
+Retrieve an Credential Key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    keyId := "keyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.GetIdentityProviderKey(context.Background(), keyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.GetIdentityProviderKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetIdentityProviderKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.GetIdentityProviderKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**keyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetIdentityProviderKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetIdentityProviderSigningKey
+
+> JsonWebKey GetIdentityProviderSigningKey(ctx, idpId, keyId).Execute()
+
+Retrieve a Signing Credential Key
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    keyId := "keyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.GetIdentityProviderSigningKey(context.Background(), idpId, keyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.GetIdentityProviderSigningKey``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetIdentityProviderSigningKey`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.GetIdentityProviderSigningKey`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**keyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetIdentityProviderSigningKeyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## LinkUserToIdentityProvider
+
+> IdentityProviderApplicationUser LinkUserToIdentityProvider(ctx, idpId, userId).UserIdentityProviderLinkRequest(userIdentityProviderLinkRequest).Execute()
+
+Link a User to a Social IdP
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    userId := "userId_example" // string | 
+    userIdentityProviderLinkRequest := *openapiclient.NewUserIdentityProviderLinkRequest() // UserIdentityProviderLinkRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.LinkUserToIdentityProvider(context.Background(), idpId, userId).UserIdentityProviderLinkRequest(userIdentityProviderLinkRequest).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.LinkUserToIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `LinkUserToIdentityProvider`: IdentityProviderApplicationUser
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.LinkUserToIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiLinkUserToIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **userIdentityProviderLinkRequest** | [**UserIdentityProviderLinkRequest**](UserIdentityProviderLinkRequest.md) |  | 
+
+### Return type
+
+[**IdentityProviderApplicationUser**](IdentityProviderApplicationUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListCsrsForIdentityProvider
+
+> []Csr ListCsrsForIdentityProvider(ctx, idpId).Execute()
+
+List all Certificate Signing Requests
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ListCsrsForIdentityProvider(context.Background(), idpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ListCsrsForIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListCsrsForIdentityProvider`: []Csr
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ListCsrsForIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListCsrsForIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]Csr**](Csr.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListIdentityProviderApplicationUsers
+
+> []IdentityProviderApplicationUser ListIdentityProviderApplicationUsers(ctx, idpId).Execute()
+
+List all Users
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ListIdentityProviderApplicationUsers(context.Background(), idpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ListIdentityProviderApplicationUsers``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListIdentityProviderApplicationUsers`: []IdentityProviderApplicationUser
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ListIdentityProviderApplicationUsers`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListIdentityProviderApplicationUsersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]IdentityProviderApplicationUser**](IdentityProviderApplicationUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListIdentityProviderKeys
+
+> []JsonWebKey ListIdentityProviderKeys(ctx).After(after).Limit(limit).Execute()
+
+List all Credential Keys
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string | Specifies the pagination cursor for the next page of keys (optional)
+    limit := int32(56) // int32 | Specifies the number of key results in a page (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ListIdentityProviderKeys(context.Background()).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ListIdentityProviderKeys``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListIdentityProviderKeys`: []JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ListIdentityProviderKeys`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListIdentityProviderKeysRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** | Specifies the pagination cursor for the next page of keys | 
+ **limit** | **int32** | Specifies the number of key results in a page | [default to 20]
+
+### Return type
+
+[**[]JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListIdentityProviderSigningKeys
+
+> []JsonWebKey ListIdentityProviderSigningKeys(ctx, idpId).Execute()
+
+List all Signing Credential Keys
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ListIdentityProviderSigningKeys(context.Background(), idpId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ListIdentityProviderSigningKeys``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListIdentityProviderSigningKeys`: []JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ListIdentityProviderSigningKeys`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListIdentityProviderSigningKeysRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListIdentityProviders
+
+> []IdentityProvider ListIdentityProviders(ctx).Q(q).After(after).Limit(limit).Type_(type_).Execute()
+
+List all Identity Providers
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    q := "q_example" // string | Searches the name property of IdPs for matching value (optional)
+    after := "after_example" // string | Specifies the pagination cursor for the next page of IdPs (optional)
+    limit := int32(56) // int32 | Specifies the number of IdP results in a page (optional) (default to 20)
+    type_ := "type__example" // string | Filters IdPs by type (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ListIdentityProviders(context.Background()).Q(q).After(after).Limit(limit).Type_(type_).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ListIdentityProviders``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListIdentityProviders`: []IdentityProvider
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ListIdentityProviders`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListIdentityProvidersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **q** | **string** | Searches the name property of IdPs for matching value | 
+ **after** | **string** | Specifies the pagination cursor for the next page of IdPs | 
+ **limit** | **int32** | Specifies the number of IdP results in a page | [default to 20]
+ **type_** | **string** | Filters IdPs by type | 
+
+### Return type
+
+[**[]IdentityProvider**](IdentityProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListSocialAuthTokens
+
+> []SocialAuthToken ListSocialAuthTokens(ctx, idpId, userId).Execute()
+
+List all Tokens from a OIDC Identity Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ListSocialAuthTokens(context.Background(), idpId, userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ListSocialAuthTokens``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListSocialAuthTokens`: []SocialAuthToken
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ListSocialAuthTokens`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListSocialAuthTokensRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**[]SocialAuthToken**](SocialAuthToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## PublishCsrForIdentityProvider
+
+> JsonWebKey PublishCsrForIdentityProvider(ctx, idpId, csrId).Body(body).Execute()
+
+Publish a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    csrId := "csrId_example" // string | 
+    body := os.NewFile(1234, "some_file") // *os.File | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.PublishCsrForIdentityProvider(context.Background(), idpId, csrId).Body(body).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.PublishCsrForIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `PublishCsrForIdentityProvider`: JsonWebKey
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.PublishCsrForIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**csrId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiPublishCsrForIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **body** | ***os.File** |  | 
+
+### Return type
+
+[**JsonWebKey**](JsonWebKey.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/x-x509-ca-cert, application/pkix-cert, application/x-pem-file
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceIdentityProvider
+
+> IdentityProvider ReplaceIdentityProvider(ctx, idpId).IdentityProvider(identityProvider).Execute()
+
+Replace an Identity Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    identityProvider := *openapiclient.NewIdentityProvider() // IdentityProvider | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.ReplaceIdentityProvider(context.Background(), idpId).IdentityProvider(identityProvider).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.ReplaceIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceIdentityProvider`: IdentityProvider
+    fmt.Fprintf(os.Stdout, "Response from `IdentityProviderApi.ReplaceIdentityProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **identityProvider** | [**IdentityProvider**](IdentityProvider.md) |  | 
+
+### Return type
+
+[**IdentityProvider**](IdentityProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeCsrForIdentityProvider
+
+> RevokeCsrForIdentityProvider(ctx, idpId, csrId).Execute()
+
+Revoke a Certificate Signing Request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    csrId := "csrId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.RevokeCsrForIdentityProvider(context.Background(), idpId, csrId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.RevokeCsrForIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**csrId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeCsrForIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnlinkUserFromIdentityProvider
+
+> UnlinkUserFromIdentityProvider(ctx, idpId, userId).Execute()
+
+Unlink a User from IdP
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    idpId := "idpId_example" // string | 
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentityProviderApi.UnlinkUserFromIdentityProvider(context.Background(), idpId, userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentityProviderApi.UnlinkUserFromIdentityProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**idpId** | **string** |  | 
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnlinkUserFromIdentityProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/IdentityProviderApplicationUser.md b/okta/docs/IdentityProviderApplicationUser.md
new file mode 100644
index 000000000..14ecfeec7
--- /dev/null
+++ b/okta/docs/IdentityProviderApplicationUser.md
@@ -0,0 +1,212 @@
+# IdentityProviderApplicationUser
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **string** |  | [optional] 
+**ExternalId** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **string** |  | [optional] 
+**Profile** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewIdentityProviderApplicationUser
+
+`func NewIdentityProviderApplicationUser() *IdentityProviderApplicationUser`
+
+NewIdentityProviderApplicationUser instantiates a new IdentityProviderApplicationUser object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderApplicationUserWithDefaults
+
+`func NewIdentityProviderApplicationUserWithDefaults() *IdentityProviderApplicationUser`
+
+NewIdentityProviderApplicationUserWithDefaults instantiates a new IdentityProviderApplicationUser object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *IdentityProviderApplicationUser) GetCreated() string`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *IdentityProviderApplicationUser) GetCreatedOk() (*string, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *IdentityProviderApplicationUser) SetCreated(v string)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *IdentityProviderApplicationUser) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetExternalId
+
+`func (o *IdentityProviderApplicationUser) GetExternalId() string`
+
+GetExternalId returns the ExternalId field if non-nil, zero value otherwise.
+
+### GetExternalIdOk
+
+`func (o *IdentityProviderApplicationUser) GetExternalIdOk() (*string, bool)`
+
+GetExternalIdOk returns a tuple with the ExternalId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalId
+
+`func (o *IdentityProviderApplicationUser) SetExternalId(v string)`
+
+SetExternalId sets ExternalId field to given value.
+
+### HasExternalId
+
+`func (o *IdentityProviderApplicationUser) HasExternalId() bool`
+
+HasExternalId returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *IdentityProviderApplicationUser) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *IdentityProviderApplicationUser) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *IdentityProviderApplicationUser) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *IdentityProviderApplicationUser) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *IdentityProviderApplicationUser) GetLastUpdated() string`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *IdentityProviderApplicationUser) GetLastUpdatedOk() (*string, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *IdentityProviderApplicationUser) SetLastUpdated(v string)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *IdentityProviderApplicationUser) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *IdentityProviderApplicationUser) GetProfile() map[string]map[string]interface{}`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *IdentityProviderApplicationUser) GetProfileOk() (*map[string]map[string]interface{}, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *IdentityProviderApplicationUser) SetProfile(v map[string]map[string]interface{})`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *IdentityProviderApplicationUser) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *IdentityProviderApplicationUser) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *IdentityProviderApplicationUser) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *IdentityProviderApplicationUser) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *IdentityProviderApplicationUser) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *IdentityProviderApplicationUser) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *IdentityProviderApplicationUser) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *IdentityProviderApplicationUser) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *IdentityProviderApplicationUser) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderCredentials.md b/okta/docs/IdentityProviderCredentials.md
new file mode 100644
index 000000000..75483b8a4
--- /dev/null
+++ b/okta/docs/IdentityProviderCredentials.md
@@ -0,0 +1,108 @@
+# IdentityProviderCredentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Client** | Pointer to [**IdentityProviderCredentialsClient**](IdentityProviderCredentialsClient.md) |  | [optional] 
+**Signing** | Pointer to [**IdentityProviderCredentialsSigning**](IdentityProviderCredentialsSigning.md) |  | [optional] 
+**Trust** | Pointer to [**IdentityProviderCredentialsTrust**](IdentityProviderCredentialsTrust.md) |  | [optional] 
+
+## Methods
+
+### NewIdentityProviderCredentials
+
+`func NewIdentityProviderCredentials() *IdentityProviderCredentials`
+
+NewIdentityProviderCredentials instantiates a new IdentityProviderCredentials object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderCredentialsWithDefaults
+
+`func NewIdentityProviderCredentialsWithDefaults() *IdentityProviderCredentials`
+
+NewIdentityProviderCredentialsWithDefaults instantiates a new IdentityProviderCredentials object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClient
+
+`func (o *IdentityProviderCredentials) GetClient() IdentityProviderCredentialsClient`
+
+GetClient returns the Client field if non-nil, zero value otherwise.
+
+### GetClientOk
+
+`func (o *IdentityProviderCredentials) GetClientOk() (*IdentityProviderCredentialsClient, bool)`
+
+GetClientOk returns a tuple with the Client field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClient
+
+`func (o *IdentityProviderCredentials) SetClient(v IdentityProviderCredentialsClient)`
+
+SetClient sets Client field to given value.
+
+### HasClient
+
+`func (o *IdentityProviderCredentials) HasClient() bool`
+
+HasClient returns a boolean if a field has been set.
+
+### GetSigning
+
+`func (o *IdentityProviderCredentials) GetSigning() IdentityProviderCredentialsSigning`
+
+GetSigning returns the Signing field if non-nil, zero value otherwise.
+
+### GetSigningOk
+
+`func (o *IdentityProviderCredentials) GetSigningOk() (*IdentityProviderCredentialsSigning, bool)`
+
+GetSigningOk returns a tuple with the Signing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSigning
+
+`func (o *IdentityProviderCredentials) SetSigning(v IdentityProviderCredentialsSigning)`
+
+SetSigning sets Signing field to given value.
+
+### HasSigning
+
+`func (o *IdentityProviderCredentials) HasSigning() bool`
+
+HasSigning returns a boolean if a field has been set.
+
+### GetTrust
+
+`func (o *IdentityProviderCredentials) GetTrust() IdentityProviderCredentialsTrust`
+
+GetTrust returns the Trust field if non-nil, zero value otherwise.
+
+### GetTrustOk
+
+`func (o *IdentityProviderCredentials) GetTrustOk() (*IdentityProviderCredentialsTrust, bool)`
+
+GetTrustOk returns a tuple with the Trust field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTrust
+
+`func (o *IdentityProviderCredentials) SetTrust(v IdentityProviderCredentialsTrust)`
+
+SetTrust sets Trust field to given value.
+
+### HasTrust
+
+`func (o *IdentityProviderCredentials) HasTrust() bool`
+
+HasTrust returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderCredentialsClient.md b/okta/docs/IdentityProviderCredentialsClient.md
new file mode 100644
index 000000000..1a59094fe
--- /dev/null
+++ b/okta/docs/IdentityProviderCredentialsClient.md
@@ -0,0 +1,82 @@
+# IdentityProviderCredentialsClient
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientId** | Pointer to **string** |  | [optional] 
+**ClientSecret** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewIdentityProviderCredentialsClient
+
+`func NewIdentityProviderCredentialsClient() *IdentityProviderCredentialsClient`
+
+NewIdentityProviderCredentialsClient instantiates a new IdentityProviderCredentialsClient object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderCredentialsClientWithDefaults
+
+`func NewIdentityProviderCredentialsClientWithDefaults() *IdentityProviderCredentialsClient`
+
+NewIdentityProviderCredentialsClientWithDefaults instantiates a new IdentityProviderCredentialsClient object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClientId
+
+`func (o *IdentityProviderCredentialsClient) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *IdentityProviderCredentialsClient) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *IdentityProviderCredentialsClient) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *IdentityProviderCredentialsClient) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetClientSecret
+
+`func (o *IdentityProviderCredentialsClient) GetClientSecret() string`
+
+GetClientSecret returns the ClientSecret field if non-nil, zero value otherwise.
+
+### GetClientSecretOk
+
+`func (o *IdentityProviderCredentialsClient) GetClientSecretOk() (*string, bool)`
+
+GetClientSecretOk returns a tuple with the ClientSecret field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientSecret
+
+`func (o *IdentityProviderCredentialsClient) SetClientSecret(v string)`
+
+SetClientSecret sets ClientSecret field to given value.
+
+### HasClientSecret
+
+`func (o *IdentityProviderCredentialsClient) HasClientSecret() bool`
+
+HasClientSecret returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderCredentialsSigning.md b/okta/docs/IdentityProviderCredentialsSigning.md
new file mode 100644
index 000000000..1928b1ae0
--- /dev/null
+++ b/okta/docs/IdentityProviderCredentialsSigning.md
@@ -0,0 +1,56 @@
+# IdentityProviderCredentialsSigning
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Kid** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewIdentityProviderCredentialsSigning
+
+`func NewIdentityProviderCredentialsSigning() *IdentityProviderCredentialsSigning`
+
+NewIdentityProviderCredentialsSigning instantiates a new IdentityProviderCredentialsSigning object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderCredentialsSigningWithDefaults
+
+`func NewIdentityProviderCredentialsSigningWithDefaults() *IdentityProviderCredentialsSigning`
+
+NewIdentityProviderCredentialsSigningWithDefaults instantiates a new IdentityProviderCredentialsSigning object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKid
+
+`func (o *IdentityProviderCredentialsSigning) GetKid() string`
+
+GetKid returns the Kid field if non-nil, zero value otherwise.
+
+### GetKidOk
+
+`func (o *IdentityProviderCredentialsSigning) GetKidOk() (*string, bool)`
+
+GetKidOk returns a tuple with the Kid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKid
+
+`func (o *IdentityProviderCredentialsSigning) SetKid(v string)`
+
+SetKid sets Kid field to given value.
+
+### HasKid
+
+`func (o *IdentityProviderCredentialsSigning) HasKid() bool`
+
+HasKid returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderCredentialsTrust.md b/okta/docs/IdentityProviderCredentialsTrust.md
new file mode 100644
index 000000000..3f9d64342
--- /dev/null
+++ b/okta/docs/IdentityProviderCredentialsTrust.md
@@ -0,0 +1,160 @@
+# IdentityProviderCredentialsTrust
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Audience** | Pointer to **string** |  | [optional] 
+**Issuer** | Pointer to **string** |  | [optional] 
+**Kid** | Pointer to **string** |  | [optional] 
+**Revocation** | Pointer to [**IdentityProviderCredentialsTrustRevocation**](IdentityProviderCredentialsTrustRevocation.md) |  | [optional] 
+**RevocationCacheLifetime** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewIdentityProviderCredentialsTrust
+
+`func NewIdentityProviderCredentialsTrust() *IdentityProviderCredentialsTrust`
+
+NewIdentityProviderCredentialsTrust instantiates a new IdentityProviderCredentialsTrust object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderCredentialsTrustWithDefaults
+
+`func NewIdentityProviderCredentialsTrustWithDefaults() *IdentityProviderCredentialsTrust`
+
+NewIdentityProviderCredentialsTrustWithDefaults instantiates a new IdentityProviderCredentialsTrust object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAudience
+
+`func (o *IdentityProviderCredentialsTrust) GetAudience() string`
+
+GetAudience returns the Audience field if non-nil, zero value otherwise.
+
+### GetAudienceOk
+
+`func (o *IdentityProviderCredentialsTrust) GetAudienceOk() (*string, bool)`
+
+GetAudienceOk returns a tuple with the Audience field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAudience
+
+`func (o *IdentityProviderCredentialsTrust) SetAudience(v string)`
+
+SetAudience sets Audience field to given value.
+
+### HasAudience
+
+`func (o *IdentityProviderCredentialsTrust) HasAudience() bool`
+
+HasAudience returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *IdentityProviderCredentialsTrust) GetIssuer() string`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *IdentityProviderCredentialsTrust) GetIssuerOk() (*string, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *IdentityProviderCredentialsTrust) SetIssuer(v string)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *IdentityProviderCredentialsTrust) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+### GetKid
+
+`func (o *IdentityProviderCredentialsTrust) GetKid() string`
+
+GetKid returns the Kid field if non-nil, zero value otherwise.
+
+### GetKidOk
+
+`func (o *IdentityProviderCredentialsTrust) GetKidOk() (*string, bool)`
+
+GetKidOk returns a tuple with the Kid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKid
+
+`func (o *IdentityProviderCredentialsTrust) SetKid(v string)`
+
+SetKid sets Kid field to given value.
+
+### HasKid
+
+`func (o *IdentityProviderCredentialsTrust) HasKid() bool`
+
+HasKid returns a boolean if a field has been set.
+
+### GetRevocation
+
+`func (o *IdentityProviderCredentialsTrust) GetRevocation() IdentityProviderCredentialsTrustRevocation`
+
+GetRevocation returns the Revocation field if non-nil, zero value otherwise.
+
+### GetRevocationOk
+
+`func (o *IdentityProviderCredentialsTrust) GetRevocationOk() (*IdentityProviderCredentialsTrustRevocation, bool)`
+
+GetRevocationOk returns a tuple with the Revocation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRevocation
+
+`func (o *IdentityProviderCredentialsTrust) SetRevocation(v IdentityProviderCredentialsTrustRevocation)`
+
+SetRevocation sets Revocation field to given value.
+
+### HasRevocation
+
+`func (o *IdentityProviderCredentialsTrust) HasRevocation() bool`
+
+HasRevocation returns a boolean if a field has been set.
+
+### GetRevocationCacheLifetime
+
+`func (o *IdentityProviderCredentialsTrust) GetRevocationCacheLifetime() int32`
+
+GetRevocationCacheLifetime returns the RevocationCacheLifetime field if non-nil, zero value otherwise.
+
+### GetRevocationCacheLifetimeOk
+
+`func (o *IdentityProviderCredentialsTrust) GetRevocationCacheLifetimeOk() (*int32, bool)`
+
+GetRevocationCacheLifetimeOk returns a tuple with the RevocationCacheLifetime field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRevocationCacheLifetime
+
+`func (o *IdentityProviderCredentialsTrust) SetRevocationCacheLifetime(v int32)`
+
+SetRevocationCacheLifetime sets RevocationCacheLifetime field to given value.
+
+### HasRevocationCacheLifetime
+
+`func (o *IdentityProviderCredentialsTrust) HasRevocationCacheLifetime() bool`
+
+HasRevocationCacheLifetime returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderCredentialsTrustRevocation.md b/okta/docs/IdentityProviderCredentialsTrustRevocation.md
new file mode 100644
index 000000000..50fcf98ca
--- /dev/null
+++ b/okta/docs/IdentityProviderCredentialsTrustRevocation.md
@@ -0,0 +1,15 @@
+# IdentityProviderCredentialsTrustRevocation
+
+## Enum
+
+
+* `CRL` (value: `"CRL"`)
+
+* `DELTA_CRL` (value: `"DELTA_CRL"`)
+
+* `OCSP` (value: `"OCSP"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderPolicy.md b/okta/docs/IdentityProviderPolicy.md
new file mode 100644
index 000000000..ac4e0cb92
--- /dev/null
+++ b/okta/docs/IdentityProviderPolicy.md
@@ -0,0 +1,160 @@
+# IdentityProviderPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AccountLink** | Pointer to [**PolicyAccountLink**](PolicyAccountLink.md) |  | [optional] 
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+**MaxClockSkew** | Pointer to **int32** |  | [optional] 
+**Provisioning** | Pointer to [**Provisioning**](Provisioning.md) |  | [optional] 
+**Subject** | Pointer to [**PolicySubject**](PolicySubject.md) |  | [optional] 
+
+## Methods
+
+### NewIdentityProviderPolicy
+
+`func NewIdentityProviderPolicy() *IdentityProviderPolicy`
+
+NewIdentityProviderPolicy instantiates a new IdentityProviderPolicy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderPolicyWithDefaults
+
+`func NewIdentityProviderPolicyWithDefaults() *IdentityProviderPolicy`
+
+NewIdentityProviderPolicyWithDefaults instantiates a new IdentityProviderPolicy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccountLink
+
+`func (o *IdentityProviderPolicy) GetAccountLink() PolicyAccountLink`
+
+GetAccountLink returns the AccountLink field if non-nil, zero value otherwise.
+
+### GetAccountLinkOk
+
+`func (o *IdentityProviderPolicy) GetAccountLinkOk() (*PolicyAccountLink, bool)`
+
+GetAccountLinkOk returns a tuple with the AccountLink field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccountLink
+
+`func (o *IdentityProviderPolicy) SetAccountLink(v PolicyAccountLink)`
+
+SetAccountLink sets AccountLink field to given value.
+
+### HasAccountLink
+
+`func (o *IdentityProviderPolicy) HasAccountLink() bool`
+
+HasAccountLink returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *IdentityProviderPolicy) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *IdentityProviderPolicy) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *IdentityProviderPolicy) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *IdentityProviderPolicy) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetMaxClockSkew
+
+`func (o *IdentityProviderPolicy) GetMaxClockSkew() int32`
+
+GetMaxClockSkew returns the MaxClockSkew field if non-nil, zero value otherwise.
+
+### GetMaxClockSkewOk
+
+`func (o *IdentityProviderPolicy) GetMaxClockSkewOk() (*int32, bool)`
+
+GetMaxClockSkewOk returns a tuple with the MaxClockSkew field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxClockSkew
+
+`func (o *IdentityProviderPolicy) SetMaxClockSkew(v int32)`
+
+SetMaxClockSkew sets MaxClockSkew field to given value.
+
+### HasMaxClockSkew
+
+`func (o *IdentityProviderPolicy) HasMaxClockSkew() bool`
+
+HasMaxClockSkew returns a boolean if a field has been set.
+
+### GetProvisioning
+
+`func (o *IdentityProviderPolicy) GetProvisioning() Provisioning`
+
+GetProvisioning returns the Provisioning field if non-nil, zero value otherwise.
+
+### GetProvisioningOk
+
+`func (o *IdentityProviderPolicy) GetProvisioningOk() (*Provisioning, bool)`
+
+GetProvisioningOk returns a tuple with the Provisioning field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvisioning
+
+`func (o *IdentityProviderPolicy) SetProvisioning(v Provisioning)`
+
+SetProvisioning sets Provisioning field to given value.
+
+### HasProvisioning
+
+`func (o *IdentityProviderPolicy) HasProvisioning() bool`
+
+HasProvisioning returns a boolean if a field has been set.
+
+### GetSubject
+
+`func (o *IdentityProviderPolicy) GetSubject() PolicySubject`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *IdentityProviderPolicy) GetSubjectOk() (*PolicySubject, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *IdentityProviderPolicy) SetSubject(v PolicySubject)`
+
+SetSubject sets Subject field to given value.
+
+### HasSubject
+
+`func (o *IdentityProviderPolicy) HasSubject() bool`
+
+HasSubject returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderPolicyAllOf.md b/okta/docs/IdentityProviderPolicyAllOf.md
new file mode 100644
index 000000000..2d3f60ca1
--- /dev/null
+++ b/okta/docs/IdentityProviderPolicyAllOf.md
@@ -0,0 +1,160 @@
+# IdentityProviderPolicyAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AccountLink** | Pointer to [**PolicyAccountLink**](PolicyAccountLink.md) |  | [optional] 
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+**MaxClockSkew** | Pointer to **int32** |  | [optional] 
+**Provisioning** | Pointer to [**Provisioning**](Provisioning.md) |  | [optional] 
+**Subject** | Pointer to [**PolicySubject**](PolicySubject.md) |  | [optional] 
+
+## Methods
+
+### NewIdentityProviderPolicyAllOf
+
+`func NewIdentityProviderPolicyAllOf() *IdentityProviderPolicyAllOf`
+
+NewIdentityProviderPolicyAllOf instantiates a new IdentityProviderPolicyAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderPolicyAllOfWithDefaults
+
+`func NewIdentityProviderPolicyAllOfWithDefaults() *IdentityProviderPolicyAllOf`
+
+NewIdentityProviderPolicyAllOfWithDefaults instantiates a new IdentityProviderPolicyAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccountLink
+
+`func (o *IdentityProviderPolicyAllOf) GetAccountLink() PolicyAccountLink`
+
+GetAccountLink returns the AccountLink field if non-nil, zero value otherwise.
+
+### GetAccountLinkOk
+
+`func (o *IdentityProviderPolicyAllOf) GetAccountLinkOk() (*PolicyAccountLink, bool)`
+
+GetAccountLinkOk returns a tuple with the AccountLink field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccountLink
+
+`func (o *IdentityProviderPolicyAllOf) SetAccountLink(v PolicyAccountLink)`
+
+SetAccountLink sets AccountLink field to given value.
+
+### HasAccountLink
+
+`func (o *IdentityProviderPolicyAllOf) HasAccountLink() bool`
+
+HasAccountLink returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *IdentityProviderPolicyAllOf) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *IdentityProviderPolicyAllOf) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *IdentityProviderPolicyAllOf) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *IdentityProviderPolicyAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetMaxClockSkew
+
+`func (o *IdentityProviderPolicyAllOf) GetMaxClockSkew() int32`
+
+GetMaxClockSkew returns the MaxClockSkew field if non-nil, zero value otherwise.
+
+### GetMaxClockSkewOk
+
+`func (o *IdentityProviderPolicyAllOf) GetMaxClockSkewOk() (*int32, bool)`
+
+GetMaxClockSkewOk returns a tuple with the MaxClockSkew field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxClockSkew
+
+`func (o *IdentityProviderPolicyAllOf) SetMaxClockSkew(v int32)`
+
+SetMaxClockSkew sets MaxClockSkew field to given value.
+
+### HasMaxClockSkew
+
+`func (o *IdentityProviderPolicyAllOf) HasMaxClockSkew() bool`
+
+HasMaxClockSkew returns a boolean if a field has been set.
+
+### GetProvisioning
+
+`func (o *IdentityProviderPolicyAllOf) GetProvisioning() Provisioning`
+
+GetProvisioning returns the Provisioning field if non-nil, zero value otherwise.
+
+### GetProvisioningOk
+
+`func (o *IdentityProviderPolicyAllOf) GetProvisioningOk() (*Provisioning, bool)`
+
+GetProvisioningOk returns a tuple with the Provisioning field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvisioning
+
+`func (o *IdentityProviderPolicyAllOf) SetProvisioning(v Provisioning)`
+
+SetProvisioning sets Provisioning field to given value.
+
+### HasProvisioning
+
+`func (o *IdentityProviderPolicyAllOf) HasProvisioning() bool`
+
+HasProvisioning returns a boolean if a field has been set.
+
+### GetSubject
+
+`func (o *IdentityProviderPolicyAllOf) GetSubject() PolicySubject`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *IdentityProviderPolicyAllOf) GetSubjectOk() (*PolicySubject, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *IdentityProviderPolicyAllOf) SetSubject(v PolicySubject)`
+
+SetSubject sets Subject field to given value.
+
+### HasSubject
+
+`func (o *IdentityProviderPolicyAllOf) HasSubject() bool`
+
+HasSubject returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderPolicyProvider.md b/okta/docs/IdentityProviderPolicyProvider.md
new file mode 100644
index 000000000..2160590f2
--- /dev/null
+++ b/okta/docs/IdentityProviderPolicyProvider.md
@@ -0,0 +1,15 @@
+# IdentityProviderPolicyProvider
+
+## Enum
+
+
+* `ANY` (value: `"ANY"`)
+
+* `OKTA` (value: `"OKTA"`)
+
+* `SPECIFIC_IDP` (value: `"SPECIFIC_IDP"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderPolicyRuleCondition.md b/okta/docs/IdentityProviderPolicyRuleCondition.md
new file mode 100644
index 000000000..2f04d7ca3
--- /dev/null
+++ b/okta/docs/IdentityProviderPolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# IdentityProviderPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdpIds** | Pointer to **[]string** |  | [optional] 
+**Provider** | Pointer to [**IdentityProviderPolicyProvider**](IdentityProviderPolicyProvider.md) |  | [optional] 
+
+## Methods
+
+### NewIdentityProviderPolicyRuleCondition
+
+`func NewIdentityProviderPolicyRuleCondition() *IdentityProviderPolicyRuleCondition`
+
+NewIdentityProviderPolicyRuleCondition instantiates a new IdentityProviderPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentityProviderPolicyRuleConditionWithDefaults
+
+`func NewIdentityProviderPolicyRuleConditionWithDefaults() *IdentityProviderPolicyRuleCondition`
+
+NewIdentityProviderPolicyRuleConditionWithDefaults instantiates a new IdentityProviderPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdpIds
+
+`func (o *IdentityProviderPolicyRuleCondition) GetIdpIds() []string`
+
+GetIdpIds returns the IdpIds field if non-nil, zero value otherwise.
+
+### GetIdpIdsOk
+
+`func (o *IdentityProviderPolicyRuleCondition) GetIdpIdsOk() (*[]string, bool)`
+
+GetIdpIdsOk returns a tuple with the IdpIds field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdpIds
+
+`func (o *IdentityProviderPolicyRuleCondition) SetIdpIds(v []string)`
+
+SetIdpIds sets IdpIds field to given value.
+
+### HasIdpIds
+
+`func (o *IdentityProviderPolicyRuleCondition) HasIdpIds() bool`
+
+HasIdpIds returns a boolean if a field has been set.
+
+### GetProvider
+
+`func (o *IdentityProviderPolicyRuleCondition) GetProvider() IdentityProviderPolicyProvider`
+
+GetProvider returns the Provider field if non-nil, zero value otherwise.
+
+### GetProviderOk
+
+`func (o *IdentityProviderPolicyRuleCondition) GetProviderOk() (*IdentityProviderPolicyProvider, bool)`
+
+GetProviderOk returns a tuple with the Provider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvider
+
+`func (o *IdentityProviderPolicyRuleCondition) SetProvider(v IdentityProviderPolicyProvider)`
+
+SetProvider sets Provider field to given value.
+
+### HasProvider
+
+`func (o *IdentityProviderPolicyRuleCondition) HasProvider() bool`
+
+HasProvider returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentityProviderType.md b/okta/docs/IdentityProviderType.md
new file mode 100644
index 000000000..13f63681e
--- /dev/null
+++ b/okta/docs/IdentityProviderType.md
@@ -0,0 +1,29 @@
+# IdentityProviderType
+
+## Enum
+
+
+* `AGENTLESS_DSSO` (value: `"AgentlessDSSO"`)
+
+* `FACEBOOK` (value: `"FACEBOOK"`)
+
+* `GOOGLE` (value: `"GOOGLE"`)
+
+* `IWA` (value: `"IWA"`)
+
+* `LINKEDIN` (value: `"LINKEDIN"`)
+
+* `MICROSOFT` (value: `"MICROSOFT"`)
+
+* `OIDC` (value: `"OIDC"`)
+
+* `OKTA` (value: `"OKTA"`)
+
+* `SAML2` (value: `"SAML2"`)
+
+* `X509` (value: `"X509"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentitySourceApi.md b/okta/docs/IdentitySourceApi.md
new file mode 100644
index 000000000..376377179
--- /dev/null
+++ b/okta/docs/IdentitySourceApi.md
@@ -0,0 +1,518 @@
+# \IdentitySourceApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateIdentitySourceSession**](IdentitySourceApi.md#CreateIdentitySourceSession) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions | Create an Identity Source Session
+[**DeleteIdentitySourceSession**](IdentitySourceApi.md#DeleteIdentitySourceSession) | **Delete** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId} | Delete an Identity Source Session
+[**GetIdentitySourceSession**](IdentitySourceApi.md#GetIdentitySourceSession) | **Get** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId} | Retrieve an Identity Source Session
+[**ListIdentitySourceSessions**](IdentitySourceApi.md#ListIdentitySourceSessions) | **Get** /api/v1/identity-sources/{identitySourceId}/sessions | List all Identity Source Sessions
+[**StartImportFromIdentitySource**](IdentitySourceApi.md#StartImportFromIdentitySource) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import | Start the import from the Identity Source
+[**UploadIdentitySourceDataForDelete**](IdentitySourceApi.md#UploadIdentitySourceDataForDelete) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete | Upload the data to be deleted in Okta
+[**UploadIdentitySourceDataForUpsert**](IdentitySourceApi.md#UploadIdentitySourceDataForUpsert) | **Post** /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert | Upload the data to be upserted in Okta
+
+
+
+## CreateIdentitySourceSession
+
+> []IdentitySourceSession CreateIdentitySourceSession(ctx, identitySourceId).Execute()
+
+Create an Identity Source Session
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identitySourceId := "identitySourceId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentitySourceApi.CreateIdentitySourceSession(context.Background(), identitySourceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentitySourceApi.CreateIdentitySourceSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateIdentitySourceSession`: []IdentitySourceSession
+    fmt.Fprintf(os.Stdout, "Response from `IdentitySourceApi.CreateIdentitySourceSession`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**identitySourceId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateIdentitySourceSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]IdentitySourceSession**](IdentitySourceSession.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteIdentitySourceSession
+
+> DeleteIdentitySourceSession(ctx, identitySourceId, sessionId).Execute()
+
+Delete an Identity Source Session
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identitySourceId := "identitySourceId_example" // string | 
+    sessionId := "sessionId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentitySourceApi.DeleteIdentitySourceSession(context.Background(), identitySourceId, sessionId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentitySourceApi.DeleteIdentitySourceSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**identitySourceId** | **string** |  | 
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteIdentitySourceSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetIdentitySourceSession
+
+> IdentitySourceSession GetIdentitySourceSession(ctx, identitySourceId, sessionId).Execute()
+
+Retrieve an Identity Source Session
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identitySourceId := "identitySourceId_example" // string | 
+    sessionId := "sessionId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentitySourceApi.GetIdentitySourceSession(context.Background(), identitySourceId, sessionId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentitySourceApi.GetIdentitySourceSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetIdentitySourceSession`: IdentitySourceSession
+    fmt.Fprintf(os.Stdout, "Response from `IdentitySourceApi.GetIdentitySourceSession`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**identitySourceId** | **string** |  | 
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetIdentitySourceSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**IdentitySourceSession**](IdentitySourceSession.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListIdentitySourceSessions
+
+> []IdentitySourceSession ListIdentitySourceSessions(ctx, identitySourceId).Execute()
+
+List all Identity Source Sessions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identitySourceId := "identitySourceId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentitySourceApi.ListIdentitySourceSessions(context.Background(), identitySourceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentitySourceApi.ListIdentitySourceSessions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListIdentitySourceSessions`: []IdentitySourceSession
+    fmt.Fprintf(os.Stdout, "Response from `IdentitySourceApi.ListIdentitySourceSessions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**identitySourceId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListIdentitySourceSessionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]IdentitySourceSession**](IdentitySourceSession.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## StartImportFromIdentitySource
+
+> []IdentitySourceSession StartImportFromIdentitySource(ctx, identitySourceId, sessionId).Execute()
+
+Start the import from the Identity Source
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identitySourceId := "identitySourceId_example" // string | 
+    sessionId := "sessionId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentitySourceApi.StartImportFromIdentitySource(context.Background(), identitySourceId, sessionId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentitySourceApi.StartImportFromIdentitySource``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `StartImportFromIdentitySource`: []IdentitySourceSession
+    fmt.Fprintf(os.Stdout, "Response from `IdentitySourceApi.StartImportFromIdentitySource`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**identitySourceId** | **string** |  | 
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiStartImportFromIdentitySourceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**[]IdentitySourceSession**](IdentitySourceSession.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UploadIdentitySourceDataForDelete
+
+> UploadIdentitySourceDataForDelete(ctx, identitySourceId, sessionId).BulkDeleteRequestBody(bulkDeleteRequestBody).Execute()
+
+Upload the data to be deleted in Okta
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identitySourceId := "identitySourceId_example" // string | 
+    sessionId := "sessionId_example" // string | 
+    bulkDeleteRequestBody := *openapiclient.NewBulkDeleteRequestBody() // BulkDeleteRequestBody |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentitySourceApi.UploadIdentitySourceDataForDelete(context.Background(), identitySourceId, sessionId).BulkDeleteRequestBody(bulkDeleteRequestBody).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentitySourceApi.UploadIdentitySourceDataForDelete``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**identitySourceId** | **string** |  | 
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUploadIdentitySourceDataForDeleteRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **bulkDeleteRequestBody** | [**BulkDeleteRequestBody**](BulkDeleteRequestBody.md) |  | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UploadIdentitySourceDataForUpsert
+
+> UploadIdentitySourceDataForUpsert(ctx, identitySourceId, sessionId).BulkUpsertRequestBody(bulkUpsertRequestBody).Execute()
+
+Upload the data to be upserted in Okta
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    identitySourceId := "identitySourceId_example" // string | 
+    sessionId := "sessionId_example" // string | 
+    bulkUpsertRequestBody := *openapiclient.NewBulkUpsertRequestBody() // BulkUpsertRequestBody |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.IdentitySourceApi.UploadIdentitySourceDataForUpsert(context.Background(), identitySourceId, sessionId).BulkUpsertRequestBody(bulkUpsertRequestBody).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `IdentitySourceApi.UploadIdentitySourceDataForUpsert``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**identitySourceId** | **string** |  | 
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUploadIdentitySourceDataForUpsertRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **bulkUpsertRequestBody** | [**BulkUpsertRequestBody**](BulkUpsertRequestBody.md) |  | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/IdentitySourceSession.md b/okta/docs/IdentitySourceSession.md
new file mode 100644
index 000000000..9a50c743f
--- /dev/null
+++ b/okta/docs/IdentitySourceSession.md
@@ -0,0 +1,134 @@
+# IdentitySourceSession
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**IdentitySourceId** | Pointer to **string** |  | [optional] [readonly] 
+**ImportType** | Pointer to **string** |  | [optional] [readonly] 
+**Status** | Pointer to [**IdentitySourceSessionStatus**](IdentitySourceSessionStatus.md) |  | [optional] 
+
+## Methods
+
+### NewIdentitySourceSession
+
+`func NewIdentitySourceSession() *IdentitySourceSession`
+
+NewIdentitySourceSession instantiates a new IdentitySourceSession object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentitySourceSessionWithDefaults
+
+`func NewIdentitySourceSessionWithDefaults() *IdentitySourceSession`
+
+NewIdentitySourceSessionWithDefaults instantiates a new IdentitySourceSession object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *IdentitySourceSession) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *IdentitySourceSession) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *IdentitySourceSession) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *IdentitySourceSession) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIdentitySourceId
+
+`func (o *IdentitySourceSession) GetIdentitySourceId() string`
+
+GetIdentitySourceId returns the IdentitySourceId field if non-nil, zero value otherwise.
+
+### GetIdentitySourceIdOk
+
+`func (o *IdentitySourceSession) GetIdentitySourceIdOk() (*string, bool)`
+
+GetIdentitySourceIdOk returns a tuple with the IdentitySourceId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentitySourceId
+
+`func (o *IdentitySourceSession) SetIdentitySourceId(v string)`
+
+SetIdentitySourceId sets IdentitySourceId field to given value.
+
+### HasIdentitySourceId
+
+`func (o *IdentitySourceSession) HasIdentitySourceId() bool`
+
+HasIdentitySourceId returns a boolean if a field has been set.
+
+### GetImportType
+
+`func (o *IdentitySourceSession) GetImportType() string`
+
+GetImportType returns the ImportType field if non-nil, zero value otherwise.
+
+### GetImportTypeOk
+
+`func (o *IdentitySourceSession) GetImportTypeOk() (*string, bool)`
+
+GetImportTypeOk returns a tuple with the ImportType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImportType
+
+`func (o *IdentitySourceSession) SetImportType(v string)`
+
+SetImportType sets ImportType field to given value.
+
+### HasImportType
+
+`func (o *IdentitySourceSession) HasImportType() bool`
+
+HasImportType returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *IdentitySourceSession) GetStatus() IdentitySourceSessionStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *IdentitySourceSession) GetStatusOk() (*IdentitySourceSessionStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *IdentitySourceSession) SetStatus(v IdentitySourceSessionStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *IdentitySourceSession) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentitySourceSessionStatus.md b/okta/docs/IdentitySourceSessionStatus.md
new file mode 100644
index 000000000..ee3125d3e
--- /dev/null
+++ b/okta/docs/IdentitySourceSessionStatus.md
@@ -0,0 +1,21 @@
+# IdentitySourceSessionStatus
+
+## Enum
+
+
+* `CLOSED` (value: `"CLOSED"`)
+
+* `COMPLETED` (value: `"COMPLETED"`)
+
+* `CREATED` (value: `"CREATED"`)
+
+* `ERROR` (value: `"ERROR"`)
+
+* `EXPIRED` (value: `"EXPIRED"`)
+
+* `TRIGGERED` (value: `"TRIGGERED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentitySourceUserProfileForDelete.md b/okta/docs/IdentitySourceUserProfileForDelete.md
new file mode 100644
index 000000000..4e9e42340
--- /dev/null
+++ b/okta/docs/IdentitySourceUserProfileForDelete.md
@@ -0,0 +1,56 @@
+# IdentitySourceUserProfileForDelete
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExternalId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewIdentitySourceUserProfileForDelete
+
+`func NewIdentitySourceUserProfileForDelete() *IdentitySourceUserProfileForDelete`
+
+NewIdentitySourceUserProfileForDelete instantiates a new IdentitySourceUserProfileForDelete object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentitySourceUserProfileForDeleteWithDefaults
+
+`func NewIdentitySourceUserProfileForDeleteWithDefaults() *IdentitySourceUserProfileForDelete`
+
+NewIdentitySourceUserProfileForDeleteWithDefaults instantiates a new IdentitySourceUserProfileForDelete object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExternalId
+
+`func (o *IdentitySourceUserProfileForDelete) GetExternalId() string`
+
+GetExternalId returns the ExternalId field if non-nil, zero value otherwise.
+
+### GetExternalIdOk
+
+`func (o *IdentitySourceUserProfileForDelete) GetExternalIdOk() (*string, bool)`
+
+GetExternalIdOk returns a tuple with the ExternalId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalId
+
+`func (o *IdentitySourceUserProfileForDelete) SetExternalId(v string)`
+
+SetExternalId sets ExternalId field to given value.
+
+### HasExternalId
+
+`func (o *IdentitySourceUserProfileForDelete) HasExternalId() bool`
+
+HasExternalId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdentitySourceUserProfileForUpsert.md b/okta/docs/IdentitySourceUserProfileForUpsert.md
new file mode 100644
index 000000000..4ce17eede
--- /dev/null
+++ b/okta/docs/IdentitySourceUserProfileForUpsert.md
@@ -0,0 +1,252 @@
+# IdentitySourceUserProfileForUpsert
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Email** | Pointer to **string** |  | [optional] 
+**FirstName** | Pointer to **NullableString** |  | [optional] 
+**HomeAddress** | Pointer to **NullableString** |  | [optional] 
+**LastName** | Pointer to **NullableString** |  | [optional] 
+**MobilePhone** | Pointer to **NullableString** |  | [optional] 
+**SecondEmail** | Pointer to **string** |  | [optional] 
+**UserName** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewIdentitySourceUserProfileForUpsert
+
+`func NewIdentitySourceUserProfileForUpsert() *IdentitySourceUserProfileForUpsert`
+
+NewIdentitySourceUserProfileForUpsert instantiates a new IdentitySourceUserProfileForUpsert object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdentitySourceUserProfileForUpsertWithDefaults
+
+`func NewIdentitySourceUserProfileForUpsertWithDefaults() *IdentitySourceUserProfileForUpsert`
+
+NewIdentitySourceUserProfileForUpsertWithDefaults instantiates a new IdentitySourceUserProfileForUpsert object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEmail
+
+`func (o *IdentitySourceUserProfileForUpsert) GetEmail() string`
+
+GetEmail returns the Email field if non-nil, zero value otherwise.
+
+### GetEmailOk
+
+`func (o *IdentitySourceUserProfileForUpsert) GetEmailOk() (*string, bool)`
+
+GetEmailOk returns a tuple with the Email field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmail
+
+`func (o *IdentitySourceUserProfileForUpsert) SetEmail(v string)`
+
+SetEmail sets Email field to given value.
+
+### HasEmail
+
+`func (o *IdentitySourceUserProfileForUpsert) HasEmail() bool`
+
+HasEmail returns a boolean if a field has been set.
+
+### GetFirstName
+
+`func (o *IdentitySourceUserProfileForUpsert) GetFirstName() string`
+
+GetFirstName returns the FirstName field if non-nil, zero value otherwise.
+
+### GetFirstNameOk
+
+`func (o *IdentitySourceUserProfileForUpsert) GetFirstNameOk() (*string, bool)`
+
+GetFirstNameOk returns a tuple with the FirstName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFirstName
+
+`func (o *IdentitySourceUserProfileForUpsert) SetFirstName(v string)`
+
+SetFirstName sets FirstName field to given value.
+
+### HasFirstName
+
+`func (o *IdentitySourceUserProfileForUpsert) HasFirstName() bool`
+
+HasFirstName returns a boolean if a field has been set.
+
+### SetFirstNameNil
+
+`func (o *IdentitySourceUserProfileForUpsert) SetFirstNameNil(b bool)`
+
+ SetFirstNameNil sets the value for FirstName to be an explicit nil
+
+### UnsetFirstName
+`func (o *IdentitySourceUserProfileForUpsert) UnsetFirstName()`
+
+UnsetFirstName ensures that no value is present for FirstName, not even an explicit nil
+### GetHomeAddress
+
+`func (o *IdentitySourceUserProfileForUpsert) GetHomeAddress() string`
+
+GetHomeAddress returns the HomeAddress field if non-nil, zero value otherwise.
+
+### GetHomeAddressOk
+
+`func (o *IdentitySourceUserProfileForUpsert) GetHomeAddressOk() (*string, bool)`
+
+GetHomeAddressOk returns a tuple with the HomeAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHomeAddress
+
+`func (o *IdentitySourceUserProfileForUpsert) SetHomeAddress(v string)`
+
+SetHomeAddress sets HomeAddress field to given value.
+
+### HasHomeAddress
+
+`func (o *IdentitySourceUserProfileForUpsert) HasHomeAddress() bool`
+
+HasHomeAddress returns a boolean if a field has been set.
+
+### SetHomeAddressNil
+
+`func (o *IdentitySourceUserProfileForUpsert) SetHomeAddressNil(b bool)`
+
+ SetHomeAddressNil sets the value for HomeAddress to be an explicit nil
+
+### UnsetHomeAddress
+`func (o *IdentitySourceUserProfileForUpsert) UnsetHomeAddress()`
+
+UnsetHomeAddress ensures that no value is present for HomeAddress, not even an explicit nil
+### GetLastName
+
+`func (o *IdentitySourceUserProfileForUpsert) GetLastName() string`
+
+GetLastName returns the LastName field if non-nil, zero value otherwise.
+
+### GetLastNameOk
+
+`func (o *IdentitySourceUserProfileForUpsert) GetLastNameOk() (*string, bool)`
+
+GetLastNameOk returns a tuple with the LastName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastName
+
+`func (o *IdentitySourceUserProfileForUpsert) SetLastName(v string)`
+
+SetLastName sets LastName field to given value.
+
+### HasLastName
+
+`func (o *IdentitySourceUserProfileForUpsert) HasLastName() bool`
+
+HasLastName returns a boolean if a field has been set.
+
+### SetLastNameNil
+
+`func (o *IdentitySourceUserProfileForUpsert) SetLastNameNil(b bool)`
+
+ SetLastNameNil sets the value for LastName to be an explicit nil
+
+### UnsetLastName
+`func (o *IdentitySourceUserProfileForUpsert) UnsetLastName()`
+
+UnsetLastName ensures that no value is present for LastName, not even an explicit nil
+### GetMobilePhone
+
+`func (o *IdentitySourceUserProfileForUpsert) GetMobilePhone() string`
+
+GetMobilePhone returns the MobilePhone field if non-nil, zero value otherwise.
+
+### GetMobilePhoneOk
+
+`func (o *IdentitySourceUserProfileForUpsert) GetMobilePhoneOk() (*string, bool)`
+
+GetMobilePhoneOk returns a tuple with the MobilePhone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMobilePhone
+
+`func (o *IdentitySourceUserProfileForUpsert) SetMobilePhone(v string)`
+
+SetMobilePhone sets MobilePhone field to given value.
+
+### HasMobilePhone
+
+`func (o *IdentitySourceUserProfileForUpsert) HasMobilePhone() bool`
+
+HasMobilePhone returns a boolean if a field has been set.
+
+### SetMobilePhoneNil
+
+`func (o *IdentitySourceUserProfileForUpsert) SetMobilePhoneNil(b bool)`
+
+ SetMobilePhoneNil sets the value for MobilePhone to be an explicit nil
+
+### UnsetMobilePhone
+`func (o *IdentitySourceUserProfileForUpsert) UnsetMobilePhone()`
+
+UnsetMobilePhone ensures that no value is present for MobilePhone, not even an explicit nil
+### GetSecondEmail
+
+`func (o *IdentitySourceUserProfileForUpsert) GetSecondEmail() string`
+
+GetSecondEmail returns the SecondEmail field if non-nil, zero value otherwise.
+
+### GetSecondEmailOk
+
+`func (o *IdentitySourceUserProfileForUpsert) GetSecondEmailOk() (*string, bool)`
+
+GetSecondEmailOk returns a tuple with the SecondEmail field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecondEmail
+
+`func (o *IdentitySourceUserProfileForUpsert) SetSecondEmail(v string)`
+
+SetSecondEmail sets SecondEmail field to given value.
+
+### HasSecondEmail
+
+`func (o *IdentitySourceUserProfileForUpsert) HasSecondEmail() bool`
+
+HasSecondEmail returns a boolean if a field has been set.
+
+### GetUserName
+
+`func (o *IdentitySourceUserProfileForUpsert) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *IdentitySourceUserProfileForUpsert) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *IdentitySourceUserProfileForUpsert) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+### HasUserName
+
+`func (o *IdentitySourceUserProfileForUpsert) HasUserName() bool`
+
+HasUserName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdpPolicyRuleAction.md b/okta/docs/IdpPolicyRuleAction.md
new file mode 100644
index 000000000..3b0034447
--- /dev/null
+++ b/okta/docs/IdpPolicyRuleAction.md
@@ -0,0 +1,56 @@
+# IdpPolicyRuleAction
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Providers** | Pointer to [**[]IdpPolicyRuleActionProvider**](IdpPolicyRuleActionProvider.md) |  | [optional] 
+
+## Methods
+
+### NewIdpPolicyRuleAction
+
+`func NewIdpPolicyRuleAction() *IdpPolicyRuleAction`
+
+NewIdpPolicyRuleAction instantiates a new IdpPolicyRuleAction object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdpPolicyRuleActionWithDefaults
+
+`func NewIdpPolicyRuleActionWithDefaults() *IdpPolicyRuleAction`
+
+NewIdpPolicyRuleActionWithDefaults instantiates a new IdpPolicyRuleAction object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProviders
+
+`func (o *IdpPolicyRuleAction) GetProviders() []IdpPolicyRuleActionProvider`
+
+GetProviders returns the Providers field if non-nil, zero value otherwise.
+
+### GetProvidersOk
+
+`func (o *IdpPolicyRuleAction) GetProvidersOk() (*[]IdpPolicyRuleActionProvider, bool)`
+
+GetProvidersOk returns a tuple with the Providers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProviders
+
+`func (o *IdpPolicyRuleAction) SetProviders(v []IdpPolicyRuleActionProvider)`
+
+SetProviders sets Providers field to given value.
+
+### HasProviders
+
+`func (o *IdpPolicyRuleAction) HasProviders() bool`
+
+HasProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IdpPolicyRuleActionProvider.md b/okta/docs/IdpPolicyRuleActionProvider.md
new file mode 100644
index 000000000..4d7fd7796
--- /dev/null
+++ b/okta/docs/IdpPolicyRuleActionProvider.md
@@ -0,0 +1,82 @@
+# IdpPolicyRuleActionProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewIdpPolicyRuleActionProvider
+
+`func NewIdpPolicyRuleActionProvider() *IdpPolicyRuleActionProvider`
+
+NewIdpPolicyRuleActionProvider instantiates a new IdpPolicyRuleActionProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewIdpPolicyRuleActionProviderWithDefaults
+
+`func NewIdpPolicyRuleActionProviderWithDefaults() *IdpPolicyRuleActionProvider`
+
+NewIdpPolicyRuleActionProviderWithDefaults instantiates a new IdpPolicyRuleActionProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *IdpPolicyRuleActionProvider) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *IdpPolicyRuleActionProvider) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *IdpPolicyRuleActionProvider) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *IdpPolicyRuleActionProvider) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *IdpPolicyRuleActionProvider) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *IdpPolicyRuleActionProvider) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *IdpPolicyRuleActionProvider) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *IdpPolicyRuleActionProvider) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IframeEmbedScopeAllowedApps.md b/okta/docs/IframeEmbedScopeAllowedApps.md
new file mode 100644
index 000000000..48d885b24
--- /dev/null
+++ b/okta/docs/IframeEmbedScopeAllowedApps.md
@@ -0,0 +1,11 @@
+# IframeEmbedScopeAllowedApps
+
+## Enum
+
+
+* `OKTA_ENDUSER` (value: `"OKTA_ENDUSER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ImageUploadResponse.md b/okta/docs/ImageUploadResponse.md
new file mode 100644
index 000000000..c1d43c02f
--- /dev/null
+++ b/okta/docs/ImageUploadResponse.md
@@ -0,0 +1,56 @@
+# ImageUploadResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Url** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewImageUploadResponse
+
+`func NewImageUploadResponse() *ImageUploadResponse`
+
+NewImageUploadResponse instantiates a new ImageUploadResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewImageUploadResponseWithDefaults
+
+`func NewImageUploadResponseWithDefaults() *ImageUploadResponse`
+
+NewImageUploadResponseWithDefaults instantiates a new ImageUploadResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetUrl
+
+`func (o *ImageUploadResponse) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *ImageUploadResponse) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *ImageUploadResponse) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *ImageUploadResponse) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InactivityPolicyRuleCondition.md b/okta/docs/InactivityPolicyRuleCondition.md
new file mode 100644
index 000000000..85a94da7f
--- /dev/null
+++ b/okta/docs/InactivityPolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# InactivityPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Number** | Pointer to **int32** |  | [optional] 
+**Unit** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInactivityPolicyRuleCondition
+
+`func NewInactivityPolicyRuleCondition() *InactivityPolicyRuleCondition`
+
+NewInactivityPolicyRuleCondition instantiates a new InactivityPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInactivityPolicyRuleConditionWithDefaults
+
+`func NewInactivityPolicyRuleConditionWithDefaults() *InactivityPolicyRuleCondition`
+
+NewInactivityPolicyRuleConditionWithDefaults instantiates a new InactivityPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNumber
+
+`func (o *InactivityPolicyRuleCondition) GetNumber() int32`
+
+GetNumber returns the Number field if non-nil, zero value otherwise.
+
+### GetNumberOk
+
+`func (o *InactivityPolicyRuleCondition) GetNumberOk() (*int32, bool)`
+
+GetNumberOk returns a tuple with the Number field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNumber
+
+`func (o *InactivityPolicyRuleCondition) SetNumber(v int32)`
+
+SetNumber sets Number field to given value.
+
+### HasNumber
+
+`func (o *InactivityPolicyRuleCondition) HasNumber() bool`
+
+HasNumber returns a boolean if a field has been set.
+
+### GetUnit
+
+`func (o *InactivityPolicyRuleCondition) GetUnit() string`
+
+GetUnit returns the Unit field if non-nil, zero value otherwise.
+
+### GetUnitOk
+
+`func (o *InactivityPolicyRuleCondition) GetUnitOk() (*string, bool)`
+
+GetUnitOk returns a tuple with the Unit field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnit
+
+`func (o *InactivityPolicyRuleCondition) SetUnit(v string)`
+
+SetUnit sets Unit field to given value.
+
+### HasUnit
+
+`func (o *InactivityPolicyRuleCondition) HasUnit() bool`
+
+HasUnit returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHook.md b/okta/docs/InlineHook.md
new file mode 100644
index 000000000..eb64a3a0d
--- /dev/null
+++ b/okta/docs/InlineHook.md
@@ -0,0 +1,264 @@
+# InlineHook
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Channel** | Pointer to [**InlineHookChannel**](InlineHookChannel.md) |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to [**InlineHookStatus**](InlineHookStatus.md) |  | [optional] 
+**Type** | Pointer to [**InlineHookType**](InlineHookType.md) |  | [optional] 
+**Version** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewInlineHook
+
+`func NewInlineHook() *InlineHook`
+
+NewInlineHook instantiates a new InlineHook object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookWithDefaults
+
+`func NewInlineHookWithDefaults() *InlineHook`
+
+NewInlineHookWithDefaults instantiates a new InlineHook object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetChannel
+
+`func (o *InlineHook) GetChannel() InlineHookChannel`
+
+GetChannel returns the Channel field if non-nil, zero value otherwise.
+
+### GetChannelOk
+
+`func (o *InlineHook) GetChannelOk() (*InlineHookChannel, bool)`
+
+GetChannelOk returns a tuple with the Channel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChannel
+
+`func (o *InlineHook) SetChannel(v InlineHookChannel)`
+
+SetChannel sets Channel field to given value.
+
+### HasChannel
+
+`func (o *InlineHook) HasChannel() bool`
+
+HasChannel returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *InlineHook) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *InlineHook) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *InlineHook) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *InlineHook) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *InlineHook) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *InlineHook) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *InlineHook) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *InlineHook) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *InlineHook) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *InlineHook) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *InlineHook) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *InlineHook) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *InlineHook) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *InlineHook) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *InlineHook) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *InlineHook) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *InlineHook) GetStatus() InlineHookStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *InlineHook) GetStatusOk() (*InlineHookStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *InlineHook) SetStatus(v InlineHookStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *InlineHook) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *InlineHook) GetType() InlineHookType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *InlineHook) GetTypeOk() (*InlineHookType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *InlineHook) SetType(v InlineHookType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *InlineHook) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *InlineHook) GetVersion() string`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *InlineHook) GetVersionOk() (*string, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *InlineHook) SetVersion(v string)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *InlineHook) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *InlineHook) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *InlineHook) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *InlineHook) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *InlineHook) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookApi.md b/okta/docs/InlineHookApi.md
new file mode 100644
index 000000000..ad4f5bc6a
--- /dev/null
+++ b/okta/docs/InlineHookApi.md
@@ -0,0 +1,570 @@
+# \InlineHookApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateInlineHook**](InlineHookApi.md#ActivateInlineHook) | **Post** /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate | Activate an Inline Hook
+[**CreateInlineHook**](InlineHookApi.md#CreateInlineHook) | **Post** /api/v1/inlineHooks | Create an Inline Hook
+[**DeactivateInlineHook**](InlineHookApi.md#DeactivateInlineHook) | **Post** /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate | Deactivate an Inline Hook
+[**DeleteInlineHook**](InlineHookApi.md#DeleteInlineHook) | **Delete** /api/v1/inlineHooks/{inlineHookId} | Delete an Inline Hook
+[**ExecuteInlineHook**](InlineHookApi.md#ExecuteInlineHook) | **Post** /api/v1/inlineHooks/{inlineHookId}/execute | Execute an Inline Hook
+[**GetInlineHook**](InlineHookApi.md#GetInlineHook) | **Get** /api/v1/inlineHooks/{inlineHookId} | Retrieve an Inline Hook
+[**ListInlineHooks**](InlineHookApi.md#ListInlineHooks) | **Get** /api/v1/inlineHooks | List all Inline Hooks
+[**ReplaceInlineHook**](InlineHookApi.md#ReplaceInlineHook) | **Put** /api/v1/inlineHooks/{inlineHookId} | Replace an Inline Hook
+
+
+
+## ActivateInlineHook
+
+> InlineHook ActivateInlineHook(ctx, inlineHookId).Execute()
+
+Activate an Inline Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    inlineHookId := "inlineHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.ActivateInlineHook(context.Background(), inlineHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.ActivateInlineHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateInlineHook`: InlineHook
+    fmt.Fprintf(os.Stdout, "Response from `InlineHookApi.ActivateInlineHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**inlineHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateInlineHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**InlineHook**](InlineHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateInlineHook
+
+> InlineHook CreateInlineHook(ctx).InlineHook(inlineHook).Execute()
+
+Create an Inline Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    inlineHook := *openapiclient.NewInlineHook() // InlineHook | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.CreateInlineHook(context.Background()).InlineHook(inlineHook).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.CreateInlineHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateInlineHook`: InlineHook
+    fmt.Fprintf(os.Stdout, "Response from `InlineHookApi.CreateInlineHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateInlineHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **inlineHook** | [**InlineHook**](InlineHook.md) |  | 
+
+### Return type
+
+[**InlineHook**](InlineHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateInlineHook
+
+> InlineHook DeactivateInlineHook(ctx, inlineHookId).Execute()
+
+Deactivate an Inline Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    inlineHookId := "inlineHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.DeactivateInlineHook(context.Background(), inlineHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.DeactivateInlineHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateInlineHook`: InlineHook
+    fmt.Fprintf(os.Stdout, "Response from `InlineHookApi.DeactivateInlineHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**inlineHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateInlineHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**InlineHook**](InlineHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteInlineHook
+
+> DeleteInlineHook(ctx, inlineHookId).Execute()
+
+Delete an Inline Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    inlineHookId := "inlineHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.DeleteInlineHook(context.Background(), inlineHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.DeleteInlineHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**inlineHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteInlineHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ExecuteInlineHook
+
+> InlineHookResponse ExecuteInlineHook(ctx, inlineHookId).PayloadData(payloadData).Execute()
+
+Execute an Inline Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    inlineHookId := "inlineHookId_example" // string | 
+    payloadData := map[string]interface{}{ ... } // map[string]interface{} | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.ExecuteInlineHook(context.Background(), inlineHookId).PayloadData(payloadData).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.ExecuteInlineHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ExecuteInlineHook`: InlineHookResponse
+    fmt.Fprintf(os.Stdout, "Response from `InlineHookApi.ExecuteInlineHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**inlineHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiExecuteInlineHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **payloadData** | **map[string]interface{}** |  | 
+
+### Return type
+
+[**InlineHookResponse**](InlineHookResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetInlineHook
+
+> InlineHook GetInlineHook(ctx, inlineHookId).Execute()
+
+Retrieve an Inline Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    inlineHookId := "inlineHookId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.GetInlineHook(context.Background(), inlineHookId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.GetInlineHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetInlineHook`: InlineHook
+    fmt.Fprintf(os.Stdout, "Response from `InlineHookApi.GetInlineHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**inlineHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetInlineHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**InlineHook**](InlineHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListInlineHooks
+
+> []InlineHook ListInlineHooks(ctx).Type_(type_).Execute()
+
+List all Inline Hooks
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    type_ := "type__example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.ListInlineHooks(context.Background()).Type_(type_).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.ListInlineHooks``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListInlineHooks`: []InlineHook
+    fmt.Fprintf(os.Stdout, "Response from `InlineHookApi.ListInlineHooks`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListInlineHooksRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **type_** | **string** |  | 
+
+### Return type
+
+[**[]InlineHook**](InlineHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceInlineHook
+
+> InlineHook ReplaceInlineHook(ctx, inlineHookId).InlineHook(inlineHook).Execute()
+
+Replace an Inline Hook
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    inlineHookId := "inlineHookId_example" // string | 
+    inlineHook := *openapiclient.NewInlineHook() // InlineHook | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.InlineHookApi.ReplaceInlineHook(context.Background(), inlineHookId).InlineHook(inlineHook).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `InlineHookApi.ReplaceInlineHook``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceInlineHook`: InlineHook
+    fmt.Fprintf(os.Stdout, "Response from `InlineHookApi.ReplaceInlineHook`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**inlineHookId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceInlineHookRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **inlineHook** | [**InlineHook**](InlineHook.md) |  | 
+
+### Return type
+
+[**InlineHook**](InlineHook.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/InlineHookChannel.md b/okta/docs/InlineHookChannel.md
new file mode 100644
index 000000000..9dd35fe55
--- /dev/null
+++ b/okta/docs/InlineHookChannel.md
@@ -0,0 +1,82 @@
+# InlineHookChannel
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | Pointer to [**InlineHookChannelType**](InlineHookChannelType.md) |  | [optional] 
+**Version** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannel
+
+`func NewInlineHookChannel() *InlineHookChannel`
+
+NewInlineHookChannel instantiates a new InlineHookChannel object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelWithDefaults
+
+`func NewInlineHookChannelWithDefaults() *InlineHookChannel`
+
+NewInlineHookChannelWithDefaults instantiates a new InlineHookChannel object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *InlineHookChannel) GetType() InlineHookChannelType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *InlineHookChannel) GetTypeOk() (*InlineHookChannelType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *InlineHookChannel) SetType(v InlineHookChannelType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *InlineHookChannel) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *InlineHookChannel) GetVersion() string`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *InlineHookChannel) GetVersionOk() (*string, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *InlineHookChannel) SetVersion(v string)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *InlineHookChannel) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelConfig.md b/okta/docs/InlineHookChannelConfig.md
new file mode 100644
index 000000000..464c8db2a
--- /dev/null
+++ b/okta/docs/InlineHookChannelConfig.md
@@ -0,0 +1,134 @@
+# InlineHookChannelConfig
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthScheme** | Pointer to [**InlineHookChannelConfigAuthScheme**](InlineHookChannelConfigAuthScheme.md) |  | [optional] 
+**Headers** | Pointer to [**[]InlineHookChannelConfigHeaders**](InlineHookChannelConfigHeaders.md) |  | [optional] 
+**Method** | Pointer to **string** |  | [optional] 
+**Uri** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannelConfig
+
+`func NewInlineHookChannelConfig() *InlineHookChannelConfig`
+
+NewInlineHookChannelConfig instantiates a new InlineHookChannelConfig object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelConfigWithDefaults
+
+`func NewInlineHookChannelConfigWithDefaults() *InlineHookChannelConfig`
+
+NewInlineHookChannelConfigWithDefaults instantiates a new InlineHookChannelConfig object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthScheme
+
+`func (o *InlineHookChannelConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme`
+
+GetAuthScheme returns the AuthScheme field if non-nil, zero value otherwise.
+
+### GetAuthSchemeOk
+
+`func (o *InlineHookChannelConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool)`
+
+GetAuthSchemeOk returns a tuple with the AuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthScheme
+
+`func (o *InlineHookChannelConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme)`
+
+SetAuthScheme sets AuthScheme field to given value.
+
+### HasAuthScheme
+
+`func (o *InlineHookChannelConfig) HasAuthScheme() bool`
+
+HasAuthScheme returns a boolean if a field has been set.
+
+### GetHeaders
+
+`func (o *InlineHookChannelConfig) GetHeaders() []InlineHookChannelConfigHeaders`
+
+GetHeaders returns the Headers field if non-nil, zero value otherwise.
+
+### GetHeadersOk
+
+`func (o *InlineHookChannelConfig) GetHeadersOk() (*[]InlineHookChannelConfigHeaders, bool)`
+
+GetHeadersOk returns a tuple with the Headers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHeaders
+
+`func (o *InlineHookChannelConfig) SetHeaders(v []InlineHookChannelConfigHeaders)`
+
+SetHeaders sets Headers field to given value.
+
+### HasHeaders
+
+`func (o *InlineHookChannelConfig) HasHeaders() bool`
+
+HasHeaders returns a boolean if a field has been set.
+
+### GetMethod
+
+`func (o *InlineHookChannelConfig) GetMethod() string`
+
+GetMethod returns the Method field if non-nil, zero value otherwise.
+
+### GetMethodOk
+
+`func (o *InlineHookChannelConfig) GetMethodOk() (*string, bool)`
+
+GetMethodOk returns a tuple with the Method field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethod
+
+`func (o *InlineHookChannelConfig) SetMethod(v string)`
+
+SetMethod sets Method field to given value.
+
+### HasMethod
+
+`func (o *InlineHookChannelConfig) HasMethod() bool`
+
+HasMethod returns a boolean if a field has been set.
+
+### GetUri
+
+`func (o *InlineHookChannelConfig) GetUri() string`
+
+GetUri returns the Uri field if non-nil, zero value otherwise.
+
+### GetUriOk
+
+`func (o *InlineHookChannelConfig) GetUriOk() (*string, bool)`
+
+GetUriOk returns a tuple with the Uri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUri
+
+`func (o *InlineHookChannelConfig) SetUri(v string)`
+
+SetUri sets Uri field to given value.
+
+### HasUri
+
+`func (o *InlineHookChannelConfig) HasUri() bool`
+
+HasUri returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelConfigAuthScheme.md b/okta/docs/InlineHookChannelConfigAuthScheme.md
new file mode 100644
index 000000000..95781f28e
--- /dev/null
+++ b/okta/docs/InlineHookChannelConfigAuthScheme.md
@@ -0,0 +1,108 @@
+# InlineHookChannelConfigAuthScheme
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Key** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannelConfigAuthScheme
+
+`func NewInlineHookChannelConfigAuthScheme() *InlineHookChannelConfigAuthScheme`
+
+NewInlineHookChannelConfigAuthScheme instantiates a new InlineHookChannelConfigAuthScheme object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelConfigAuthSchemeWithDefaults
+
+`func NewInlineHookChannelConfigAuthSchemeWithDefaults() *InlineHookChannelConfigAuthScheme`
+
+NewInlineHookChannelConfigAuthSchemeWithDefaults instantiates a new InlineHookChannelConfigAuthScheme object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKey
+
+`func (o *InlineHookChannelConfigAuthScheme) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *InlineHookChannelConfigAuthScheme) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *InlineHookChannelConfigAuthScheme) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *InlineHookChannelConfigAuthScheme) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *InlineHookChannelConfigAuthScheme) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *InlineHookChannelConfigAuthScheme) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *InlineHookChannelConfigAuthScheme) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *InlineHookChannelConfigAuthScheme) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *InlineHookChannelConfigAuthScheme) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *InlineHookChannelConfigAuthScheme) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *InlineHookChannelConfigAuthScheme) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *InlineHookChannelConfigAuthScheme) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelConfigHeaders.md b/okta/docs/InlineHookChannelConfigHeaders.md
new file mode 100644
index 000000000..43d37ed82
--- /dev/null
+++ b/okta/docs/InlineHookChannelConfigHeaders.md
@@ -0,0 +1,82 @@
+# InlineHookChannelConfigHeaders
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Key** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannelConfigHeaders
+
+`func NewInlineHookChannelConfigHeaders() *InlineHookChannelConfigHeaders`
+
+NewInlineHookChannelConfigHeaders instantiates a new InlineHookChannelConfigHeaders object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelConfigHeadersWithDefaults
+
+`func NewInlineHookChannelConfigHeadersWithDefaults() *InlineHookChannelConfigHeaders`
+
+NewInlineHookChannelConfigHeadersWithDefaults instantiates a new InlineHookChannelConfigHeaders object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKey
+
+`func (o *InlineHookChannelConfigHeaders) GetKey() string`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *InlineHookChannelConfigHeaders) GetKeyOk() (*string, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *InlineHookChannelConfigHeaders) SetKey(v string)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *InlineHookChannelConfigHeaders) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *InlineHookChannelConfigHeaders) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *InlineHookChannelConfigHeaders) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *InlineHookChannelConfigHeaders) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *InlineHookChannelConfigHeaders) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelHttp.md b/okta/docs/InlineHookChannelHttp.md
new file mode 100644
index 000000000..013e5104c
--- /dev/null
+++ b/okta/docs/InlineHookChannelHttp.md
@@ -0,0 +1,56 @@
+# InlineHookChannelHttp
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Config** | Pointer to [**InlineHookChannelConfig**](InlineHookChannelConfig.md) |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannelHttp
+
+`func NewInlineHookChannelHttp() *InlineHookChannelHttp`
+
+NewInlineHookChannelHttp instantiates a new InlineHookChannelHttp object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelHttpWithDefaults
+
+`func NewInlineHookChannelHttpWithDefaults() *InlineHookChannelHttp`
+
+NewInlineHookChannelHttpWithDefaults instantiates a new InlineHookChannelHttp object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfig
+
+`func (o *InlineHookChannelHttp) GetConfig() InlineHookChannelConfig`
+
+GetConfig returns the Config field if non-nil, zero value otherwise.
+
+### GetConfigOk
+
+`func (o *InlineHookChannelHttp) GetConfigOk() (*InlineHookChannelConfig, bool)`
+
+GetConfigOk returns a tuple with the Config field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfig
+
+`func (o *InlineHookChannelHttp) SetConfig(v InlineHookChannelConfig)`
+
+SetConfig sets Config field to given value.
+
+### HasConfig
+
+`func (o *InlineHookChannelHttp) HasConfig() bool`
+
+HasConfig returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelHttpAllOf.md b/okta/docs/InlineHookChannelHttpAllOf.md
new file mode 100644
index 000000000..536c75a52
--- /dev/null
+++ b/okta/docs/InlineHookChannelHttpAllOf.md
@@ -0,0 +1,56 @@
+# InlineHookChannelHttpAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Config** | Pointer to [**InlineHookChannelConfig**](InlineHookChannelConfig.md) |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannelHttpAllOf
+
+`func NewInlineHookChannelHttpAllOf() *InlineHookChannelHttpAllOf`
+
+NewInlineHookChannelHttpAllOf instantiates a new InlineHookChannelHttpAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelHttpAllOfWithDefaults
+
+`func NewInlineHookChannelHttpAllOfWithDefaults() *InlineHookChannelHttpAllOf`
+
+NewInlineHookChannelHttpAllOfWithDefaults instantiates a new InlineHookChannelHttpAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfig
+
+`func (o *InlineHookChannelHttpAllOf) GetConfig() InlineHookChannelConfig`
+
+GetConfig returns the Config field if non-nil, zero value otherwise.
+
+### GetConfigOk
+
+`func (o *InlineHookChannelHttpAllOf) GetConfigOk() (*InlineHookChannelConfig, bool)`
+
+GetConfigOk returns a tuple with the Config field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfig
+
+`func (o *InlineHookChannelHttpAllOf) SetConfig(v InlineHookChannelConfig)`
+
+SetConfig sets Config field to given value.
+
+### HasConfig
+
+`func (o *InlineHookChannelHttpAllOf) HasConfig() bool`
+
+HasConfig returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelOAuth.md b/okta/docs/InlineHookChannelOAuth.md
new file mode 100644
index 000000000..fb63341f1
--- /dev/null
+++ b/okta/docs/InlineHookChannelOAuth.md
@@ -0,0 +1,56 @@
+# InlineHookChannelOAuth
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Config** | Pointer to [**InlineHookOAuthChannelConfig**](InlineHookOAuthChannelConfig.md) |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannelOAuth
+
+`func NewInlineHookChannelOAuth() *InlineHookChannelOAuth`
+
+NewInlineHookChannelOAuth instantiates a new InlineHookChannelOAuth object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelOAuthWithDefaults
+
+`func NewInlineHookChannelOAuthWithDefaults() *InlineHookChannelOAuth`
+
+NewInlineHookChannelOAuthWithDefaults instantiates a new InlineHookChannelOAuth object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfig
+
+`func (o *InlineHookChannelOAuth) GetConfig() InlineHookOAuthChannelConfig`
+
+GetConfig returns the Config field if non-nil, zero value otherwise.
+
+### GetConfigOk
+
+`func (o *InlineHookChannelOAuth) GetConfigOk() (*InlineHookOAuthChannelConfig, bool)`
+
+GetConfigOk returns a tuple with the Config field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfig
+
+`func (o *InlineHookChannelOAuth) SetConfig(v InlineHookOAuthChannelConfig)`
+
+SetConfig sets Config field to given value.
+
+### HasConfig
+
+`func (o *InlineHookChannelOAuth) HasConfig() bool`
+
+HasConfig returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelOAuthAllOf.md b/okta/docs/InlineHookChannelOAuthAllOf.md
new file mode 100644
index 000000000..552050e44
--- /dev/null
+++ b/okta/docs/InlineHookChannelOAuthAllOf.md
@@ -0,0 +1,56 @@
+# InlineHookChannelOAuthAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Config** | Pointer to [**InlineHookOAuthChannelConfig**](InlineHookOAuthChannelConfig.md) |  | [optional] 
+
+## Methods
+
+### NewInlineHookChannelOAuthAllOf
+
+`func NewInlineHookChannelOAuthAllOf() *InlineHookChannelOAuthAllOf`
+
+NewInlineHookChannelOAuthAllOf instantiates a new InlineHookChannelOAuthAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookChannelOAuthAllOfWithDefaults
+
+`func NewInlineHookChannelOAuthAllOfWithDefaults() *InlineHookChannelOAuthAllOf`
+
+NewInlineHookChannelOAuthAllOfWithDefaults instantiates a new InlineHookChannelOAuthAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConfig
+
+`func (o *InlineHookChannelOAuthAllOf) GetConfig() InlineHookOAuthChannelConfig`
+
+GetConfig returns the Config field if non-nil, zero value otherwise.
+
+### GetConfigOk
+
+`func (o *InlineHookChannelOAuthAllOf) GetConfigOk() (*InlineHookOAuthChannelConfig, bool)`
+
+GetConfigOk returns a tuple with the Config field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfig
+
+`func (o *InlineHookChannelOAuthAllOf) SetConfig(v InlineHookOAuthChannelConfig)`
+
+SetConfig sets Config field to given value.
+
+### HasConfig
+
+`func (o *InlineHookChannelOAuthAllOf) HasConfig() bool`
+
+HasConfig returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookChannelType.md b/okta/docs/InlineHookChannelType.md
new file mode 100644
index 000000000..b19ccbfd6
--- /dev/null
+++ b/okta/docs/InlineHookChannelType.md
@@ -0,0 +1,13 @@
+# InlineHookChannelType
+
+## Enum
+
+
+* `HTTP` (value: `"HTTP"`)
+
+* `OAUTH` (value: `"OAUTH"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookOAuthBasicConfig.md b/okta/docs/InlineHookOAuthBasicConfig.md
new file mode 100644
index 000000000..647670b76
--- /dev/null
+++ b/okta/docs/InlineHookOAuthBasicConfig.md
@@ -0,0 +1,238 @@
+# InlineHookOAuthBasicConfig
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthType** | Pointer to **string** |  | [optional] 
+**ClientId** | Pointer to **string** |  | [optional] 
+**Scope** | Pointer to **string** |  | [optional] 
+**TokenUrl** | Pointer to **string** |  | [optional] 
+**AuthScheme** | Pointer to [**InlineHookChannelConfigAuthScheme**](InlineHookChannelConfigAuthScheme.md) |  | [optional] 
+**Headers** | Pointer to [**[]InlineHookChannelConfigHeaders**](InlineHookChannelConfigHeaders.md) |  | [optional] 
+**Method** | Pointer to **string** |  | [optional] 
+**Uri** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookOAuthBasicConfig
+
+`func NewInlineHookOAuthBasicConfig() *InlineHookOAuthBasicConfig`
+
+NewInlineHookOAuthBasicConfig instantiates a new InlineHookOAuthBasicConfig object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookOAuthBasicConfigWithDefaults
+
+`func NewInlineHookOAuthBasicConfigWithDefaults() *InlineHookOAuthBasicConfig`
+
+NewInlineHookOAuthBasicConfigWithDefaults instantiates a new InlineHookOAuthBasicConfig object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthType
+
+`func (o *InlineHookOAuthBasicConfig) GetAuthType() string`
+
+GetAuthType returns the AuthType field if non-nil, zero value otherwise.
+
+### GetAuthTypeOk
+
+`func (o *InlineHookOAuthBasicConfig) GetAuthTypeOk() (*string, bool)`
+
+GetAuthTypeOk returns a tuple with the AuthType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthType
+
+`func (o *InlineHookOAuthBasicConfig) SetAuthType(v string)`
+
+SetAuthType sets AuthType field to given value.
+
+### HasAuthType
+
+`func (o *InlineHookOAuthBasicConfig) HasAuthType() bool`
+
+HasAuthType returns a boolean if a field has been set.
+
+### GetClientId
+
+`func (o *InlineHookOAuthBasicConfig) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *InlineHookOAuthBasicConfig) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *InlineHookOAuthBasicConfig) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *InlineHookOAuthBasicConfig) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *InlineHookOAuthBasicConfig) GetScope() string`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *InlineHookOAuthBasicConfig) GetScopeOk() (*string, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *InlineHookOAuthBasicConfig) SetScope(v string)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *InlineHookOAuthBasicConfig) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+### GetTokenUrl
+
+`func (o *InlineHookOAuthBasicConfig) GetTokenUrl() string`
+
+GetTokenUrl returns the TokenUrl field if non-nil, zero value otherwise.
+
+### GetTokenUrlOk
+
+`func (o *InlineHookOAuthBasicConfig) GetTokenUrlOk() (*string, bool)`
+
+GetTokenUrlOk returns a tuple with the TokenUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenUrl
+
+`func (o *InlineHookOAuthBasicConfig) SetTokenUrl(v string)`
+
+SetTokenUrl sets TokenUrl field to given value.
+
+### HasTokenUrl
+
+`func (o *InlineHookOAuthBasicConfig) HasTokenUrl() bool`
+
+HasTokenUrl returns a boolean if a field has been set.
+
+### GetAuthScheme
+
+`func (o *InlineHookOAuthBasicConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme`
+
+GetAuthScheme returns the AuthScheme field if non-nil, zero value otherwise.
+
+### GetAuthSchemeOk
+
+`func (o *InlineHookOAuthBasicConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool)`
+
+GetAuthSchemeOk returns a tuple with the AuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthScheme
+
+`func (o *InlineHookOAuthBasicConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme)`
+
+SetAuthScheme sets AuthScheme field to given value.
+
+### HasAuthScheme
+
+`func (o *InlineHookOAuthBasicConfig) HasAuthScheme() bool`
+
+HasAuthScheme returns a boolean if a field has been set.
+
+### GetHeaders
+
+`func (o *InlineHookOAuthBasicConfig) GetHeaders() []InlineHookChannelConfigHeaders`
+
+GetHeaders returns the Headers field if non-nil, zero value otherwise.
+
+### GetHeadersOk
+
+`func (o *InlineHookOAuthBasicConfig) GetHeadersOk() (*[]InlineHookChannelConfigHeaders, bool)`
+
+GetHeadersOk returns a tuple with the Headers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHeaders
+
+`func (o *InlineHookOAuthBasicConfig) SetHeaders(v []InlineHookChannelConfigHeaders)`
+
+SetHeaders sets Headers field to given value.
+
+### HasHeaders
+
+`func (o *InlineHookOAuthBasicConfig) HasHeaders() bool`
+
+HasHeaders returns a boolean if a field has been set.
+
+### GetMethod
+
+`func (o *InlineHookOAuthBasicConfig) GetMethod() string`
+
+GetMethod returns the Method field if non-nil, zero value otherwise.
+
+### GetMethodOk
+
+`func (o *InlineHookOAuthBasicConfig) GetMethodOk() (*string, bool)`
+
+GetMethodOk returns a tuple with the Method field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethod
+
+`func (o *InlineHookOAuthBasicConfig) SetMethod(v string)`
+
+SetMethod sets Method field to given value.
+
+### HasMethod
+
+`func (o *InlineHookOAuthBasicConfig) HasMethod() bool`
+
+HasMethod returns a boolean if a field has been set.
+
+### GetUri
+
+`func (o *InlineHookOAuthBasicConfig) GetUri() string`
+
+GetUri returns the Uri field if non-nil, zero value otherwise.
+
+### GetUriOk
+
+`func (o *InlineHookOAuthBasicConfig) GetUriOk() (*string, bool)`
+
+GetUriOk returns a tuple with the Uri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUri
+
+`func (o *InlineHookOAuthBasicConfig) SetUri(v string)`
+
+SetUri sets Uri field to given value.
+
+### HasUri
+
+`func (o *InlineHookOAuthBasicConfig) HasUri() bool`
+
+HasUri returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookOAuthChannelConfig.md b/okta/docs/InlineHookOAuthChannelConfig.md
new file mode 100644
index 000000000..41a02fca6
--- /dev/null
+++ b/okta/docs/InlineHookOAuthChannelConfig.md
@@ -0,0 +1,56 @@
+# InlineHookOAuthChannelConfig
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthType** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookOAuthChannelConfig
+
+`func NewInlineHookOAuthChannelConfig() *InlineHookOAuthChannelConfig`
+
+NewInlineHookOAuthChannelConfig instantiates a new InlineHookOAuthChannelConfig object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookOAuthChannelConfigWithDefaults
+
+`func NewInlineHookOAuthChannelConfigWithDefaults() *InlineHookOAuthChannelConfig`
+
+NewInlineHookOAuthChannelConfigWithDefaults instantiates a new InlineHookOAuthChannelConfig object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthType
+
+`func (o *InlineHookOAuthChannelConfig) GetAuthType() string`
+
+GetAuthType returns the AuthType field if non-nil, zero value otherwise.
+
+### GetAuthTypeOk
+
+`func (o *InlineHookOAuthChannelConfig) GetAuthTypeOk() (*string, bool)`
+
+GetAuthTypeOk returns a tuple with the AuthType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthType
+
+`func (o *InlineHookOAuthChannelConfig) SetAuthType(v string)`
+
+SetAuthType sets AuthType field to given value.
+
+### HasAuthType
+
+`func (o *InlineHookOAuthChannelConfig) HasAuthType() bool`
+
+HasAuthType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookOAuthClientSecretConfig.md b/okta/docs/InlineHookOAuthClientSecretConfig.md
new file mode 100644
index 000000000..cfc4b8ce8
--- /dev/null
+++ b/okta/docs/InlineHookOAuthClientSecretConfig.md
@@ -0,0 +1,160 @@
+# InlineHookOAuthClientSecretConfig
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientSecret** | Pointer to **string** |  | [optional] 
+**AuthScheme** | Pointer to [**InlineHookChannelConfigAuthScheme**](InlineHookChannelConfigAuthScheme.md) |  | [optional] 
+**Headers** | Pointer to [**[]InlineHookChannelConfigHeaders**](InlineHookChannelConfigHeaders.md) |  | [optional] 
+**Method** | Pointer to **string** |  | [optional] 
+**Uri** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookOAuthClientSecretConfig
+
+`func NewInlineHookOAuthClientSecretConfig() *InlineHookOAuthClientSecretConfig`
+
+NewInlineHookOAuthClientSecretConfig instantiates a new InlineHookOAuthClientSecretConfig object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookOAuthClientSecretConfigWithDefaults
+
+`func NewInlineHookOAuthClientSecretConfigWithDefaults() *InlineHookOAuthClientSecretConfig`
+
+NewInlineHookOAuthClientSecretConfigWithDefaults instantiates a new InlineHookOAuthClientSecretConfig object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClientSecret
+
+`func (o *InlineHookOAuthClientSecretConfig) GetClientSecret() string`
+
+GetClientSecret returns the ClientSecret field if non-nil, zero value otherwise.
+
+### GetClientSecretOk
+
+`func (o *InlineHookOAuthClientSecretConfig) GetClientSecretOk() (*string, bool)`
+
+GetClientSecretOk returns a tuple with the ClientSecret field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientSecret
+
+`func (o *InlineHookOAuthClientSecretConfig) SetClientSecret(v string)`
+
+SetClientSecret sets ClientSecret field to given value.
+
+### HasClientSecret
+
+`func (o *InlineHookOAuthClientSecretConfig) HasClientSecret() bool`
+
+HasClientSecret returns a boolean if a field has been set.
+
+### GetAuthScheme
+
+`func (o *InlineHookOAuthClientSecretConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme`
+
+GetAuthScheme returns the AuthScheme field if non-nil, zero value otherwise.
+
+### GetAuthSchemeOk
+
+`func (o *InlineHookOAuthClientSecretConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool)`
+
+GetAuthSchemeOk returns a tuple with the AuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthScheme
+
+`func (o *InlineHookOAuthClientSecretConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme)`
+
+SetAuthScheme sets AuthScheme field to given value.
+
+### HasAuthScheme
+
+`func (o *InlineHookOAuthClientSecretConfig) HasAuthScheme() bool`
+
+HasAuthScheme returns a boolean if a field has been set.
+
+### GetHeaders
+
+`func (o *InlineHookOAuthClientSecretConfig) GetHeaders() []InlineHookChannelConfigHeaders`
+
+GetHeaders returns the Headers field if non-nil, zero value otherwise.
+
+### GetHeadersOk
+
+`func (o *InlineHookOAuthClientSecretConfig) GetHeadersOk() (*[]InlineHookChannelConfigHeaders, bool)`
+
+GetHeadersOk returns a tuple with the Headers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHeaders
+
+`func (o *InlineHookOAuthClientSecretConfig) SetHeaders(v []InlineHookChannelConfigHeaders)`
+
+SetHeaders sets Headers field to given value.
+
+### HasHeaders
+
+`func (o *InlineHookOAuthClientSecretConfig) HasHeaders() bool`
+
+HasHeaders returns a boolean if a field has been set.
+
+### GetMethod
+
+`func (o *InlineHookOAuthClientSecretConfig) GetMethod() string`
+
+GetMethod returns the Method field if non-nil, zero value otherwise.
+
+### GetMethodOk
+
+`func (o *InlineHookOAuthClientSecretConfig) GetMethodOk() (*string, bool)`
+
+GetMethodOk returns a tuple with the Method field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethod
+
+`func (o *InlineHookOAuthClientSecretConfig) SetMethod(v string)`
+
+SetMethod sets Method field to given value.
+
+### HasMethod
+
+`func (o *InlineHookOAuthClientSecretConfig) HasMethod() bool`
+
+HasMethod returns a boolean if a field has been set.
+
+### GetUri
+
+`func (o *InlineHookOAuthClientSecretConfig) GetUri() string`
+
+GetUri returns the Uri field if non-nil, zero value otherwise.
+
+### GetUriOk
+
+`func (o *InlineHookOAuthClientSecretConfig) GetUriOk() (*string, bool)`
+
+GetUriOk returns a tuple with the Uri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUri
+
+`func (o *InlineHookOAuthClientSecretConfig) SetUri(v string)`
+
+SetUri sets Uri field to given value.
+
+### HasUri
+
+`func (o *InlineHookOAuthClientSecretConfig) HasUri() bool`
+
+HasUri returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookOAuthPrivateKeyJwtConfig.md b/okta/docs/InlineHookOAuthPrivateKeyJwtConfig.md
new file mode 100644
index 000000000..5edb301d9
--- /dev/null
+++ b/okta/docs/InlineHookOAuthPrivateKeyJwtConfig.md
@@ -0,0 +1,160 @@
+# InlineHookOAuthPrivateKeyJwtConfig
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**HookKeyId** | Pointer to **string** |  | [optional] 
+**AuthScheme** | Pointer to [**InlineHookChannelConfigAuthScheme**](InlineHookChannelConfigAuthScheme.md) |  | [optional] 
+**Headers** | Pointer to [**[]InlineHookChannelConfigHeaders**](InlineHookChannelConfigHeaders.md) |  | [optional] 
+**Method** | Pointer to **string** |  | [optional] 
+**Uri** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookOAuthPrivateKeyJwtConfig
+
+`func NewInlineHookOAuthPrivateKeyJwtConfig() *InlineHookOAuthPrivateKeyJwtConfig`
+
+NewInlineHookOAuthPrivateKeyJwtConfig instantiates a new InlineHookOAuthPrivateKeyJwtConfig object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookOAuthPrivateKeyJwtConfigWithDefaults
+
+`func NewInlineHookOAuthPrivateKeyJwtConfigWithDefaults() *InlineHookOAuthPrivateKeyJwtConfig`
+
+NewInlineHookOAuthPrivateKeyJwtConfigWithDefaults instantiates a new InlineHookOAuthPrivateKeyJwtConfig object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetHookKeyId
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHookKeyId() string`
+
+GetHookKeyId returns the HookKeyId field if non-nil, zero value otherwise.
+
+### GetHookKeyIdOk
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHookKeyIdOk() (*string, bool)`
+
+GetHookKeyIdOk returns a tuple with the HookKeyId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHookKeyId
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) SetHookKeyId(v string)`
+
+SetHookKeyId sets HookKeyId field to given value.
+
+### HasHookKeyId
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) HasHookKeyId() bool`
+
+HasHookKeyId returns a boolean if a field has been set.
+
+### GetAuthScheme
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme`
+
+GetAuthScheme returns the AuthScheme field if non-nil, zero value otherwise.
+
+### GetAuthSchemeOk
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool)`
+
+GetAuthSchemeOk returns a tuple with the AuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthScheme
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme)`
+
+SetAuthScheme sets AuthScheme field to given value.
+
+### HasAuthScheme
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) HasAuthScheme() bool`
+
+HasAuthScheme returns a boolean if a field has been set.
+
+### GetHeaders
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHeaders() []InlineHookChannelConfigHeaders`
+
+GetHeaders returns the Headers field if non-nil, zero value otherwise.
+
+### GetHeadersOk
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHeadersOk() (*[]InlineHookChannelConfigHeaders, bool)`
+
+GetHeadersOk returns a tuple with the Headers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHeaders
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) SetHeaders(v []InlineHookChannelConfigHeaders)`
+
+SetHeaders sets Headers field to given value.
+
+### HasHeaders
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) HasHeaders() bool`
+
+HasHeaders returns a boolean if a field has been set.
+
+### GetMethod
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetMethod() string`
+
+GetMethod returns the Method field if non-nil, zero value otherwise.
+
+### GetMethodOk
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetMethodOk() (*string, bool)`
+
+GetMethodOk returns a tuple with the Method field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethod
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) SetMethod(v string)`
+
+SetMethod sets Method field to given value.
+
+### HasMethod
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) HasMethod() bool`
+
+HasMethod returns a boolean if a field has been set.
+
+### GetUri
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetUri() string`
+
+GetUri returns the Uri field if non-nil, zero value otherwise.
+
+### GetUriOk
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) GetUriOk() (*string, bool)`
+
+GetUriOk returns a tuple with the Uri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUri
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) SetUri(v string)`
+
+SetUri sets Uri field to given value.
+
+### HasUri
+
+`func (o *InlineHookOAuthPrivateKeyJwtConfig) HasUri() bool`
+
+HasUri returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookResponse.md b/okta/docs/InlineHookResponse.md
new file mode 100644
index 000000000..666d2ba4f
--- /dev/null
+++ b/okta/docs/InlineHookResponse.md
@@ -0,0 +1,56 @@
+# InlineHookResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Commands** | Pointer to [**[]InlineHookResponseCommands**](InlineHookResponseCommands.md) |  | [optional] 
+
+## Methods
+
+### NewInlineHookResponse
+
+`func NewInlineHookResponse() *InlineHookResponse`
+
+NewInlineHookResponse instantiates a new InlineHookResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookResponseWithDefaults
+
+`func NewInlineHookResponseWithDefaults() *InlineHookResponse`
+
+NewInlineHookResponseWithDefaults instantiates a new InlineHookResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCommands
+
+`func (o *InlineHookResponse) GetCommands() []InlineHookResponseCommands`
+
+GetCommands returns the Commands field if non-nil, zero value otherwise.
+
+### GetCommandsOk
+
+`func (o *InlineHookResponse) GetCommandsOk() (*[]InlineHookResponseCommands, bool)`
+
+GetCommandsOk returns a tuple with the Commands field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCommands
+
+`func (o *InlineHookResponse) SetCommands(v []InlineHookResponseCommands)`
+
+SetCommands sets Commands field to given value.
+
+### HasCommands
+
+`func (o *InlineHookResponse) HasCommands() bool`
+
+HasCommands returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookResponseCommandValue.md b/okta/docs/InlineHookResponseCommandValue.md
new file mode 100644
index 000000000..7ca014fa7
--- /dev/null
+++ b/okta/docs/InlineHookResponseCommandValue.md
@@ -0,0 +1,108 @@
+# InlineHookResponseCommandValue
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Op** | Pointer to **string** |  | [optional] 
+**Path** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewInlineHookResponseCommandValue
+
+`func NewInlineHookResponseCommandValue() *InlineHookResponseCommandValue`
+
+NewInlineHookResponseCommandValue instantiates a new InlineHookResponseCommandValue object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookResponseCommandValueWithDefaults
+
+`func NewInlineHookResponseCommandValueWithDefaults() *InlineHookResponseCommandValue`
+
+NewInlineHookResponseCommandValueWithDefaults instantiates a new InlineHookResponseCommandValue object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOp
+
+`func (o *InlineHookResponseCommandValue) GetOp() string`
+
+GetOp returns the Op field if non-nil, zero value otherwise.
+
+### GetOpOk
+
+`func (o *InlineHookResponseCommandValue) GetOpOk() (*string, bool)`
+
+GetOpOk returns a tuple with the Op field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOp
+
+`func (o *InlineHookResponseCommandValue) SetOp(v string)`
+
+SetOp sets Op field to given value.
+
+### HasOp
+
+`func (o *InlineHookResponseCommandValue) HasOp() bool`
+
+HasOp returns a boolean if a field has been set.
+
+### GetPath
+
+`func (o *InlineHookResponseCommandValue) GetPath() string`
+
+GetPath returns the Path field if non-nil, zero value otherwise.
+
+### GetPathOk
+
+`func (o *InlineHookResponseCommandValue) GetPathOk() (*string, bool)`
+
+GetPathOk returns a tuple with the Path field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPath
+
+`func (o *InlineHookResponseCommandValue) SetPath(v string)`
+
+SetPath sets Path field to given value.
+
+### HasPath
+
+`func (o *InlineHookResponseCommandValue) HasPath() bool`
+
+HasPath returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *InlineHookResponseCommandValue) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *InlineHookResponseCommandValue) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *InlineHookResponseCommandValue) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *InlineHookResponseCommandValue) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookResponseCommands.md b/okta/docs/InlineHookResponseCommands.md
new file mode 100644
index 000000000..d99ea9c18
--- /dev/null
+++ b/okta/docs/InlineHookResponseCommands.md
@@ -0,0 +1,82 @@
+# InlineHookResponseCommands
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to [**[]InlineHookResponseCommandValue**](InlineHookResponseCommandValue.md) |  | [optional] 
+
+## Methods
+
+### NewInlineHookResponseCommands
+
+`func NewInlineHookResponseCommands() *InlineHookResponseCommands`
+
+NewInlineHookResponseCommands instantiates a new InlineHookResponseCommands object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewInlineHookResponseCommandsWithDefaults
+
+`func NewInlineHookResponseCommandsWithDefaults() *InlineHookResponseCommands`
+
+NewInlineHookResponseCommandsWithDefaults instantiates a new InlineHookResponseCommands object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *InlineHookResponseCommands) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *InlineHookResponseCommands) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *InlineHookResponseCommands) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *InlineHookResponseCommands) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *InlineHookResponseCommands) GetValue() []InlineHookResponseCommandValue`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *InlineHookResponseCommands) GetValueOk() (*[]InlineHookResponseCommandValue, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *InlineHookResponseCommands) SetValue(v []InlineHookResponseCommandValue)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *InlineHookResponseCommands) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookStatus.md b/okta/docs/InlineHookStatus.md
new file mode 100644
index 000000000..6541227a0
--- /dev/null
+++ b/okta/docs/InlineHookStatus.md
@@ -0,0 +1,13 @@
+# InlineHookStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/InlineHookType.md b/okta/docs/InlineHookType.md
new file mode 100644
index 000000000..eb2862e10
--- /dev/null
+++ b/okta/docs/InlineHookType.md
@@ -0,0 +1,19 @@
+# InlineHookType
+
+## Enum
+
+
+* `IMPORT_TRANSFORM` (value: `"com.okta.import.transform"`)
+
+* `OAUTH2_TOKENS_TRANSFORM` (value: `"com.okta.oauth2.tokens.transform"`)
+
+* `SAML_TOKENS_TRANSFORM` (value: `"com.okta.saml.tokens.transform"`)
+
+* `USER_CREDENTIAL_PASSWORD_IMPORT` (value: `"com.okta.user.credential.password.import"`)
+
+* `USER_PRE_REGISTRATION` (value: `"com.okta.user.pre-registration"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/IssuerMode.md b/okta/docs/IssuerMode.md
new file mode 100644
index 000000000..debe4a349
--- /dev/null
+++ b/okta/docs/IssuerMode.md
@@ -0,0 +1,15 @@
+# IssuerMode
+
+## Enum
+
+
+* `CUSTOM_URL` (value: `"CUSTOM_URL"`)
+
+* `DYNAMIC` (value: `"DYNAMIC"`)
+
+* `ORG_URL` (value: `"ORG_URL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/JsonWebKey.md b/okta/docs/JsonWebKey.md
new file mode 100644
index 000000000..d15487d9b
--- /dev/null
+++ b/okta/docs/JsonWebKey.md
@@ -0,0 +1,446 @@
+# JsonWebKey
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Alg** | Pointer to **string** |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] 
+**E** | Pointer to **string** |  | [optional] 
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] 
+**KeyOps** | Pointer to **[]string** |  | [optional] 
+**Kid** | Pointer to **string** |  | [optional] 
+**Kty** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] 
+**N** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to **string** |  | [optional] 
+**Use** | Pointer to **string** |  | [optional] 
+**X5c** | Pointer to **[]string** |  | [optional] 
+**X5t** | Pointer to **string** |  | [optional] 
+**X5tS256** | Pointer to **string** |  | [optional] 
+**X5u** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewJsonWebKey
+
+`func NewJsonWebKey() *JsonWebKey`
+
+NewJsonWebKey instantiates a new JsonWebKey object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewJsonWebKeyWithDefaults
+
+`func NewJsonWebKeyWithDefaults() *JsonWebKey`
+
+NewJsonWebKeyWithDefaults instantiates a new JsonWebKey object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlg
+
+`func (o *JsonWebKey) GetAlg() string`
+
+GetAlg returns the Alg field if non-nil, zero value otherwise.
+
+### GetAlgOk
+
+`func (o *JsonWebKey) GetAlgOk() (*string, bool)`
+
+GetAlgOk returns a tuple with the Alg field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlg
+
+`func (o *JsonWebKey) SetAlg(v string)`
+
+SetAlg sets Alg field to given value.
+
+### HasAlg
+
+`func (o *JsonWebKey) HasAlg() bool`
+
+HasAlg returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *JsonWebKey) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *JsonWebKey) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *JsonWebKey) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *JsonWebKey) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetE
+
+`func (o *JsonWebKey) GetE() string`
+
+GetE returns the E field if non-nil, zero value otherwise.
+
+### GetEOk
+
+`func (o *JsonWebKey) GetEOk() (*string, bool)`
+
+GetEOk returns a tuple with the E field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetE
+
+`func (o *JsonWebKey) SetE(v string)`
+
+SetE sets E field to given value.
+
+### HasE
+
+`func (o *JsonWebKey) HasE() bool`
+
+HasE returns a boolean if a field has been set.
+
+### GetExpiresAt
+
+`func (o *JsonWebKey) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *JsonWebKey) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *JsonWebKey) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *JsonWebKey) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetKeyOps
+
+`func (o *JsonWebKey) GetKeyOps() []string`
+
+GetKeyOps returns the KeyOps field if non-nil, zero value otherwise.
+
+### GetKeyOpsOk
+
+`func (o *JsonWebKey) GetKeyOpsOk() (*[]string, bool)`
+
+GetKeyOpsOk returns a tuple with the KeyOps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKeyOps
+
+`func (o *JsonWebKey) SetKeyOps(v []string)`
+
+SetKeyOps sets KeyOps field to given value.
+
+### HasKeyOps
+
+`func (o *JsonWebKey) HasKeyOps() bool`
+
+HasKeyOps returns a boolean if a field has been set.
+
+### GetKid
+
+`func (o *JsonWebKey) GetKid() string`
+
+GetKid returns the Kid field if non-nil, zero value otherwise.
+
+### GetKidOk
+
+`func (o *JsonWebKey) GetKidOk() (*string, bool)`
+
+GetKidOk returns a tuple with the Kid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKid
+
+`func (o *JsonWebKey) SetKid(v string)`
+
+SetKid sets Kid field to given value.
+
+### HasKid
+
+`func (o *JsonWebKey) HasKid() bool`
+
+HasKid returns a boolean if a field has been set.
+
+### GetKty
+
+`func (o *JsonWebKey) GetKty() string`
+
+GetKty returns the Kty field if non-nil, zero value otherwise.
+
+### GetKtyOk
+
+`func (o *JsonWebKey) GetKtyOk() (*string, bool)`
+
+GetKtyOk returns a tuple with the Kty field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKty
+
+`func (o *JsonWebKey) SetKty(v string)`
+
+SetKty sets Kty field to given value.
+
+### HasKty
+
+`func (o *JsonWebKey) HasKty() bool`
+
+HasKty returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *JsonWebKey) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *JsonWebKey) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *JsonWebKey) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *JsonWebKey) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetN
+
+`func (o *JsonWebKey) GetN() string`
+
+GetN returns the N field if non-nil, zero value otherwise.
+
+### GetNOk
+
+`func (o *JsonWebKey) GetNOk() (*string, bool)`
+
+GetNOk returns a tuple with the N field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetN
+
+`func (o *JsonWebKey) SetN(v string)`
+
+SetN sets N field to given value.
+
+### HasN
+
+`func (o *JsonWebKey) HasN() bool`
+
+HasN returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *JsonWebKey) GetStatus() string`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *JsonWebKey) GetStatusOk() (*string, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *JsonWebKey) SetStatus(v string)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *JsonWebKey) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetUse
+
+`func (o *JsonWebKey) GetUse() string`
+
+GetUse returns the Use field if non-nil, zero value otherwise.
+
+### GetUseOk
+
+`func (o *JsonWebKey) GetUseOk() (*string, bool)`
+
+GetUseOk returns a tuple with the Use field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUse
+
+`func (o *JsonWebKey) SetUse(v string)`
+
+SetUse sets Use field to given value.
+
+### HasUse
+
+`func (o *JsonWebKey) HasUse() bool`
+
+HasUse returns a boolean if a field has been set.
+
+### GetX5c
+
+`func (o *JsonWebKey) GetX5c() []string`
+
+GetX5c returns the X5c field if non-nil, zero value otherwise.
+
+### GetX5cOk
+
+`func (o *JsonWebKey) GetX5cOk() (*[]string, bool)`
+
+GetX5cOk returns a tuple with the X5c field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetX5c
+
+`func (o *JsonWebKey) SetX5c(v []string)`
+
+SetX5c sets X5c field to given value.
+
+### HasX5c
+
+`func (o *JsonWebKey) HasX5c() bool`
+
+HasX5c returns a boolean if a field has been set.
+
+### GetX5t
+
+`func (o *JsonWebKey) GetX5t() string`
+
+GetX5t returns the X5t field if non-nil, zero value otherwise.
+
+### GetX5tOk
+
+`func (o *JsonWebKey) GetX5tOk() (*string, bool)`
+
+GetX5tOk returns a tuple with the X5t field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetX5t
+
+`func (o *JsonWebKey) SetX5t(v string)`
+
+SetX5t sets X5t field to given value.
+
+### HasX5t
+
+`func (o *JsonWebKey) HasX5t() bool`
+
+HasX5t returns a boolean if a field has been set.
+
+### GetX5tS256
+
+`func (o *JsonWebKey) GetX5tS256() string`
+
+GetX5tS256 returns the X5tS256 field if non-nil, zero value otherwise.
+
+### GetX5tS256Ok
+
+`func (o *JsonWebKey) GetX5tS256Ok() (*string, bool)`
+
+GetX5tS256Ok returns a tuple with the X5tS256 field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetX5tS256
+
+`func (o *JsonWebKey) SetX5tS256(v string)`
+
+SetX5tS256 sets X5tS256 field to given value.
+
+### HasX5tS256
+
+`func (o *JsonWebKey) HasX5tS256() bool`
+
+HasX5tS256 returns a boolean if a field has been set.
+
+### GetX5u
+
+`func (o *JsonWebKey) GetX5u() string`
+
+GetX5u returns the X5u field if non-nil, zero value otherwise.
+
+### GetX5uOk
+
+`func (o *JsonWebKey) GetX5uOk() (*string, bool)`
+
+GetX5uOk returns a tuple with the X5u field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetX5u
+
+`func (o *JsonWebKey) SetX5u(v string)`
+
+SetX5u sets X5u field to given value.
+
+### HasX5u
+
+`func (o *JsonWebKey) HasX5u() bool`
+
+HasX5u returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *JsonWebKey) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *JsonWebKey) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *JsonWebKey) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *JsonWebKey) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/JwkUse.md b/okta/docs/JwkUse.md
new file mode 100644
index 000000000..f543fcdf5
--- /dev/null
+++ b/okta/docs/JwkUse.md
@@ -0,0 +1,56 @@
+# JwkUse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Use** | Pointer to [**JwkUseType**](JwkUseType.md) |  | [optional] 
+
+## Methods
+
+### NewJwkUse
+
+`func NewJwkUse() *JwkUse`
+
+NewJwkUse instantiates a new JwkUse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewJwkUseWithDefaults
+
+`func NewJwkUseWithDefaults() *JwkUse`
+
+NewJwkUseWithDefaults instantiates a new JwkUse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetUse
+
+`func (o *JwkUse) GetUse() JwkUseType`
+
+GetUse returns the Use field if non-nil, zero value otherwise.
+
+### GetUseOk
+
+`func (o *JwkUse) GetUseOk() (*JwkUseType, bool)`
+
+GetUseOk returns a tuple with the Use field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUse
+
+`func (o *JwkUse) SetUse(v JwkUseType)`
+
+SetUse sets Use field to given value.
+
+### HasUse
+
+`func (o *JwkUse) HasUse() bool`
+
+HasUse returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/JwkUseType.md b/okta/docs/JwkUseType.md
new file mode 100644
index 000000000..24acf25b6
--- /dev/null
+++ b/okta/docs/JwkUseType.md
@@ -0,0 +1,11 @@
+# JwkUseType
+
+## Enum
+
+
+* `SIG` (value: `"sig"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/KeyRequest.md b/okta/docs/KeyRequest.md
new file mode 100644
index 000000000..caa3d556d
--- /dev/null
+++ b/okta/docs/KeyRequest.md
@@ -0,0 +1,56 @@
+# KeyRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Name** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewKeyRequest
+
+`func NewKeyRequest() *KeyRequest`
+
+NewKeyRequest instantiates a new KeyRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewKeyRequestWithDefaults
+
+`func NewKeyRequestWithDefaults() *KeyRequest`
+
+NewKeyRequestWithDefaults instantiates a new KeyRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetName
+
+`func (o *KeyRequest) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *KeyRequest) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *KeyRequest) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *KeyRequest) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/KeyTrustLevelBrowserKey.md b/okta/docs/KeyTrustLevelBrowserKey.md
new file mode 100644
index 000000000..43806f7e2
--- /dev/null
+++ b/okta/docs/KeyTrustLevelBrowserKey.md
@@ -0,0 +1,13 @@
+# KeyTrustLevelBrowserKey
+
+## Enum
+
+
+* `HW_KEY` (value: `"CHROME_BROWSER_HW_KEY"`)
+
+* `OS_KEY` (value: `"CHROME_BROWSER_OS_KEY"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/KeyTrustLevelOSMode.md b/okta/docs/KeyTrustLevelOSMode.md
new file mode 100644
index 000000000..cf569a500
--- /dev/null
+++ b/okta/docs/KeyTrustLevelOSMode.md
@@ -0,0 +1,13 @@
+# KeyTrustLevelOSMode
+
+## Enum
+
+
+* `VERIFIED_MODE` (value: `"CHROME_OS_VERIFIED_MODE"`)
+
+* `DEVELOPER_MODE` (value: `"CHROME_OS_DEVELOPER_MODE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/KnowledgeConstraint.md b/okta/docs/KnowledgeConstraint.md
new file mode 100644
index 000000000..1043adb2f
--- /dev/null
+++ b/okta/docs/KnowledgeConstraint.md
@@ -0,0 +1,108 @@
+# KnowledgeConstraint
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Methods** | Pointer to **[]string** |  | [optional] 
+**ReauthenticateIn** | Pointer to **string** |  | [optional] 
+**Types** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewKnowledgeConstraint
+
+`func NewKnowledgeConstraint() *KnowledgeConstraint`
+
+NewKnowledgeConstraint instantiates a new KnowledgeConstraint object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewKnowledgeConstraintWithDefaults
+
+`func NewKnowledgeConstraintWithDefaults() *KnowledgeConstraint`
+
+NewKnowledgeConstraintWithDefaults instantiates a new KnowledgeConstraint object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMethods
+
+`func (o *KnowledgeConstraint) GetMethods() []string`
+
+GetMethods returns the Methods field if non-nil, zero value otherwise.
+
+### GetMethodsOk
+
+`func (o *KnowledgeConstraint) GetMethodsOk() (*[]string, bool)`
+
+GetMethodsOk returns a tuple with the Methods field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethods
+
+`func (o *KnowledgeConstraint) SetMethods(v []string)`
+
+SetMethods sets Methods field to given value.
+
+### HasMethods
+
+`func (o *KnowledgeConstraint) HasMethods() bool`
+
+HasMethods returns a boolean if a field has been set.
+
+### GetReauthenticateIn
+
+`func (o *KnowledgeConstraint) GetReauthenticateIn() string`
+
+GetReauthenticateIn returns the ReauthenticateIn field if non-nil, zero value otherwise.
+
+### GetReauthenticateInOk
+
+`func (o *KnowledgeConstraint) GetReauthenticateInOk() (*string, bool)`
+
+GetReauthenticateInOk returns a tuple with the ReauthenticateIn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReauthenticateIn
+
+`func (o *KnowledgeConstraint) SetReauthenticateIn(v string)`
+
+SetReauthenticateIn sets ReauthenticateIn field to given value.
+
+### HasReauthenticateIn
+
+`func (o *KnowledgeConstraint) HasReauthenticateIn() bool`
+
+HasReauthenticateIn returns a boolean if a field has been set.
+
+### GetTypes
+
+`func (o *KnowledgeConstraint) GetTypes() []string`
+
+GetTypes returns the Types field if non-nil, zero value otherwise.
+
+### GetTypesOk
+
+`func (o *KnowledgeConstraint) GetTypesOk() (*[]string, bool)`
+
+GetTypesOk returns a tuple with the Types field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTypes
+
+`func (o *KnowledgeConstraint) SetTypes(v []string)`
+
+SetTypes sets Types field to given value.
+
+### HasTypes
+
+`func (o *KnowledgeConstraint) HasTypes() bool`
+
+HasTypes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LifecycleCreateSettingObject.md b/okta/docs/LifecycleCreateSettingObject.md
new file mode 100644
index 000000000..da904abca
--- /dev/null
+++ b/okta/docs/LifecycleCreateSettingObject.md
@@ -0,0 +1,56 @@
+# LifecycleCreateSettingObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Status** | Pointer to [**EnabledStatus**](EnabledStatus.md) |  | [optional] 
+
+## Methods
+
+### NewLifecycleCreateSettingObject
+
+`func NewLifecycleCreateSettingObject() *LifecycleCreateSettingObject`
+
+NewLifecycleCreateSettingObject instantiates a new LifecycleCreateSettingObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLifecycleCreateSettingObjectWithDefaults
+
+`func NewLifecycleCreateSettingObjectWithDefaults() *LifecycleCreateSettingObject`
+
+NewLifecycleCreateSettingObjectWithDefaults instantiates a new LifecycleCreateSettingObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetStatus
+
+`func (o *LifecycleCreateSettingObject) GetStatus() EnabledStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *LifecycleCreateSettingObject) GetStatusOk() (*EnabledStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *LifecycleCreateSettingObject) SetStatus(v EnabledStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *LifecycleCreateSettingObject) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LifecycleDeactivateSettingObject.md b/okta/docs/LifecycleDeactivateSettingObject.md
new file mode 100644
index 000000000..b4928530e
--- /dev/null
+++ b/okta/docs/LifecycleDeactivateSettingObject.md
@@ -0,0 +1,56 @@
+# LifecycleDeactivateSettingObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Status** | Pointer to [**EnabledStatus**](EnabledStatus.md) |  | [optional] 
+
+## Methods
+
+### NewLifecycleDeactivateSettingObject
+
+`func NewLifecycleDeactivateSettingObject() *LifecycleDeactivateSettingObject`
+
+NewLifecycleDeactivateSettingObject instantiates a new LifecycleDeactivateSettingObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLifecycleDeactivateSettingObjectWithDefaults
+
+`func NewLifecycleDeactivateSettingObjectWithDefaults() *LifecycleDeactivateSettingObject`
+
+NewLifecycleDeactivateSettingObjectWithDefaults instantiates a new LifecycleDeactivateSettingObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetStatus
+
+`func (o *LifecycleDeactivateSettingObject) GetStatus() EnabledStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *LifecycleDeactivateSettingObject) GetStatusOk() (*EnabledStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *LifecycleDeactivateSettingObject) SetStatus(v EnabledStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *LifecycleDeactivateSettingObject) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LifecycleExpirationPolicyRuleCondition.md b/okta/docs/LifecycleExpirationPolicyRuleCondition.md
new file mode 100644
index 000000000..b2235ff72
--- /dev/null
+++ b/okta/docs/LifecycleExpirationPolicyRuleCondition.md
@@ -0,0 +1,108 @@
+# LifecycleExpirationPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**LifecycleStatus** | Pointer to **string** |  | [optional] 
+**Number** | Pointer to **int32** |  | [optional] 
+**Unit** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewLifecycleExpirationPolicyRuleCondition
+
+`func NewLifecycleExpirationPolicyRuleCondition() *LifecycleExpirationPolicyRuleCondition`
+
+NewLifecycleExpirationPolicyRuleCondition instantiates a new LifecycleExpirationPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLifecycleExpirationPolicyRuleConditionWithDefaults
+
+`func NewLifecycleExpirationPolicyRuleConditionWithDefaults() *LifecycleExpirationPolicyRuleCondition`
+
+NewLifecycleExpirationPolicyRuleConditionWithDefaults instantiates a new LifecycleExpirationPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLifecycleStatus
+
+`func (o *LifecycleExpirationPolicyRuleCondition) GetLifecycleStatus() string`
+
+GetLifecycleStatus returns the LifecycleStatus field if non-nil, zero value otherwise.
+
+### GetLifecycleStatusOk
+
+`func (o *LifecycleExpirationPolicyRuleCondition) GetLifecycleStatusOk() (*string, bool)`
+
+GetLifecycleStatusOk returns a tuple with the LifecycleStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLifecycleStatus
+
+`func (o *LifecycleExpirationPolicyRuleCondition) SetLifecycleStatus(v string)`
+
+SetLifecycleStatus sets LifecycleStatus field to given value.
+
+### HasLifecycleStatus
+
+`func (o *LifecycleExpirationPolicyRuleCondition) HasLifecycleStatus() bool`
+
+HasLifecycleStatus returns a boolean if a field has been set.
+
+### GetNumber
+
+`func (o *LifecycleExpirationPolicyRuleCondition) GetNumber() int32`
+
+GetNumber returns the Number field if non-nil, zero value otherwise.
+
+### GetNumberOk
+
+`func (o *LifecycleExpirationPolicyRuleCondition) GetNumberOk() (*int32, bool)`
+
+GetNumberOk returns a tuple with the Number field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNumber
+
+`func (o *LifecycleExpirationPolicyRuleCondition) SetNumber(v int32)`
+
+SetNumber sets Number field to given value.
+
+### HasNumber
+
+`func (o *LifecycleExpirationPolicyRuleCondition) HasNumber() bool`
+
+HasNumber returns a boolean if a field has been set.
+
+### GetUnit
+
+`func (o *LifecycleExpirationPolicyRuleCondition) GetUnit() string`
+
+GetUnit returns the Unit field if non-nil, zero value otherwise.
+
+### GetUnitOk
+
+`func (o *LifecycleExpirationPolicyRuleCondition) GetUnitOk() (*string, bool)`
+
+GetUnitOk returns a tuple with the Unit field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnit
+
+`func (o *LifecycleExpirationPolicyRuleCondition) SetUnit(v string)`
+
+SetUnit sets Unit field to given value.
+
+### HasUnit
+
+`func (o *LifecycleExpirationPolicyRuleCondition) HasUnit() bool`
+
+HasUnit returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LifecycleStatus.md b/okta/docs/LifecycleStatus.md
new file mode 100644
index 000000000..8af8b7557
--- /dev/null
+++ b/okta/docs/LifecycleStatus.md
@@ -0,0 +1,13 @@
+# LifecycleStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LinkedObject.md b/okta/docs/LinkedObject.md
new file mode 100644
index 000000000..1446d6781
--- /dev/null
+++ b/okta/docs/LinkedObject.md
@@ -0,0 +1,108 @@
+# LinkedObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Associated** | Pointer to [**LinkedObjectDetails**](LinkedObjectDetails.md) |  | [optional] 
+**Primary** | Pointer to [**LinkedObjectDetails**](LinkedObjectDetails.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLinkedObject
+
+`func NewLinkedObject() *LinkedObject`
+
+NewLinkedObject instantiates a new LinkedObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLinkedObjectWithDefaults
+
+`func NewLinkedObjectWithDefaults() *LinkedObject`
+
+NewLinkedObjectWithDefaults instantiates a new LinkedObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAssociated
+
+`func (o *LinkedObject) GetAssociated() LinkedObjectDetails`
+
+GetAssociated returns the Associated field if non-nil, zero value otherwise.
+
+### GetAssociatedOk
+
+`func (o *LinkedObject) GetAssociatedOk() (*LinkedObjectDetails, bool)`
+
+GetAssociatedOk returns a tuple with the Associated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAssociated
+
+`func (o *LinkedObject) SetAssociated(v LinkedObjectDetails)`
+
+SetAssociated sets Associated field to given value.
+
+### HasAssociated
+
+`func (o *LinkedObject) HasAssociated() bool`
+
+HasAssociated returns a boolean if a field has been set.
+
+### GetPrimary
+
+`func (o *LinkedObject) GetPrimary() LinkedObjectDetails`
+
+GetPrimary returns the Primary field if non-nil, zero value otherwise.
+
+### GetPrimaryOk
+
+`func (o *LinkedObject) GetPrimaryOk() (*LinkedObjectDetails, bool)`
+
+GetPrimaryOk returns a tuple with the Primary field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrimary
+
+`func (o *LinkedObject) SetPrimary(v LinkedObjectDetails)`
+
+SetPrimary sets Primary field to given value.
+
+### HasPrimary
+
+`func (o *LinkedObject) HasPrimary() bool`
+
+HasPrimary returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *LinkedObject) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *LinkedObject) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *LinkedObject) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *LinkedObject) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LinkedObjectApi.md b/okta/docs/LinkedObjectApi.md
new file mode 100644
index 000000000..9656e8be3
--- /dev/null
+++ b/okta/docs/LinkedObjectApi.md
@@ -0,0 +1,277 @@
+# \LinkedObjectApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateLinkedObjectDefinition**](LinkedObjectApi.md#CreateLinkedObjectDefinition) | **Post** /api/v1/meta/schemas/user/linkedObjects | Create a Linked Object Definition
+[**DeleteLinkedObjectDefinition**](LinkedObjectApi.md#DeleteLinkedObjectDefinition) | **Delete** /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName} | Delete a Linked Object Definition
+[**GetLinkedObjectDefinition**](LinkedObjectApi.md#GetLinkedObjectDefinition) | **Get** /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName} | Retrieve a Linked Object Definition
+[**ListLinkedObjectDefinitions**](LinkedObjectApi.md#ListLinkedObjectDefinitions) | **Get** /api/v1/meta/schemas/user/linkedObjects | List all Linked Object Definitions
+
+
+
+## CreateLinkedObjectDefinition
+
+> LinkedObject CreateLinkedObjectDefinition(ctx).LinkedObject(linkedObject).Execute()
+
+Create a Linked Object Definition
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    linkedObject := *openapiclient.NewLinkedObject() // LinkedObject | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LinkedObjectApi.CreateLinkedObjectDefinition(context.Background()).LinkedObject(linkedObject).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LinkedObjectApi.CreateLinkedObjectDefinition``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateLinkedObjectDefinition`: LinkedObject
+    fmt.Fprintf(os.Stdout, "Response from `LinkedObjectApi.CreateLinkedObjectDefinition`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateLinkedObjectDefinitionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **linkedObject** | [**LinkedObject**](LinkedObject.md) |  | 
+
+### Return type
+
+[**LinkedObject**](LinkedObject.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteLinkedObjectDefinition
+
+> DeleteLinkedObjectDefinition(ctx, linkedObjectName).Execute()
+
+Delete a Linked Object Definition
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    linkedObjectName := "linkedObjectName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LinkedObjectApi.DeleteLinkedObjectDefinition(context.Background(), linkedObjectName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LinkedObjectApi.DeleteLinkedObjectDefinition``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**linkedObjectName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteLinkedObjectDefinitionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetLinkedObjectDefinition
+
+> LinkedObject GetLinkedObjectDefinition(ctx, linkedObjectName).Execute()
+
+Retrieve a Linked Object Definition
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    linkedObjectName := "linkedObjectName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LinkedObjectApi.GetLinkedObjectDefinition(context.Background(), linkedObjectName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LinkedObjectApi.GetLinkedObjectDefinition``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetLinkedObjectDefinition`: LinkedObject
+    fmt.Fprintf(os.Stdout, "Response from `LinkedObjectApi.GetLinkedObjectDefinition`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**linkedObjectName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetLinkedObjectDefinitionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**LinkedObject**](LinkedObject.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListLinkedObjectDefinitions
+
+> []LinkedObject ListLinkedObjectDefinitions(ctx).Execute()
+
+List all Linked Object Definitions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LinkedObjectApi.ListLinkedObjectDefinitions(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LinkedObjectApi.ListLinkedObjectDefinitions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListLinkedObjectDefinitions`: []LinkedObject
+    fmt.Fprintf(os.Stdout, "Response from `LinkedObjectApi.ListLinkedObjectDefinitions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListLinkedObjectDefinitionsRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]LinkedObject**](LinkedObject.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/LinkedObjectDetails.md b/okta/docs/LinkedObjectDetails.md
new file mode 100644
index 000000000..ed32a8862
--- /dev/null
+++ b/okta/docs/LinkedObjectDetails.md
@@ -0,0 +1,134 @@
+# LinkedObjectDetails
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Description** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**LinkedObjectDetailsType**](LinkedObjectDetailsType.md) |  | [optional] 
+
+## Methods
+
+### NewLinkedObjectDetails
+
+`func NewLinkedObjectDetails() *LinkedObjectDetails`
+
+NewLinkedObjectDetails instantiates a new LinkedObjectDetails object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLinkedObjectDetailsWithDefaults
+
+`func NewLinkedObjectDetailsWithDefaults() *LinkedObjectDetails`
+
+NewLinkedObjectDetailsWithDefaults instantiates a new LinkedObjectDetails object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDescription
+
+`func (o *LinkedObjectDetails) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *LinkedObjectDetails) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *LinkedObjectDetails) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *LinkedObjectDetails) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *LinkedObjectDetails) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *LinkedObjectDetails) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *LinkedObjectDetails) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *LinkedObjectDetails) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *LinkedObjectDetails) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *LinkedObjectDetails) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *LinkedObjectDetails) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *LinkedObjectDetails) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *LinkedObjectDetails) GetType() LinkedObjectDetailsType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *LinkedObjectDetails) GetTypeOk() (*LinkedObjectDetailsType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *LinkedObjectDetails) SetType(v LinkedObjectDetailsType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *LinkedObjectDetails) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LinkedObjectDetailsType.md b/okta/docs/LinkedObjectDetailsType.md
new file mode 100644
index 000000000..df3de8f37
--- /dev/null
+++ b/okta/docs/LinkedObjectDetailsType.md
@@ -0,0 +1,11 @@
+# LinkedObjectDetailsType
+
+## Enum
+
+
+* `USER` (value: `"USER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LinksSelf.md b/okta/docs/LinksSelf.md
new file mode 100644
index 000000000..4b58dd4f6
--- /dev/null
+++ b/okta/docs/LinksSelf.md
@@ -0,0 +1,56 @@
+# LinksSelf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObjectSelfLink**](HrefObjectSelfLink.md) |  | [optional] 
+
+## Methods
+
+### NewLinksSelf
+
+`func NewLinksSelf() *LinksSelf`
+
+NewLinksSelf instantiates a new LinksSelf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLinksSelfWithDefaults
+
+`func NewLinksSelfWithDefaults() *LinksSelf`
+
+NewLinksSelfWithDefaults instantiates a new LinksSelf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *LinksSelf) GetSelf() HrefObjectSelfLink`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *LinksSelf) GetSelfOk() (*HrefObjectSelfLink, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *LinksSelf) SetSelf(v HrefObjectSelfLink)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *LinksSelf) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListApplications200ResponseInner.md b/okta/docs/ListApplications200ResponseInner.md
new file mode 100644
index 000000000..3bd545a16
--- /dev/null
+++ b/okta/docs/ListApplications200ResponseInner.md
@@ -0,0 +1,446 @@
+# ListApplications200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Accessibility** | Pointer to [**ApplicationAccessibility**](ApplicationAccessibility.md) |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Features** | Pointer to **[]string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Label** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Licensing** | Pointer to [**ApplicationLicensing**](ApplicationLicensing.md) |  | [optional] 
+**Profile** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+**SignOnMode** | Pointer to [**ApplicationSignOnMode**](ApplicationSignOnMode.md) |  | [optional] 
+**Status** | Pointer to [**ApplicationLifecycleStatus**](ApplicationLifecycleStatus.md) |  | [optional] 
+**Visibility** | Pointer to [**ApplicationVisibility**](ApplicationVisibility.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to [**ApplicationLinks**](ApplicationLinks.md) |  | [optional] 
+**Credentials** | Pointer to [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "template_wsfed"]
+**Settings** | Pointer to [**WsFederationApplicationSettings**](WsFederationApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewListApplications200ResponseInner
+
+`func NewListApplications200ResponseInner() *ListApplications200ResponseInner`
+
+NewListApplications200ResponseInner instantiates a new ListApplications200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListApplications200ResponseInnerWithDefaults
+
+`func NewListApplications200ResponseInnerWithDefaults() *ListApplications200ResponseInner`
+
+NewListApplications200ResponseInnerWithDefaults instantiates a new ListApplications200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccessibility
+
+`func (o *ListApplications200ResponseInner) GetAccessibility() ApplicationAccessibility`
+
+GetAccessibility returns the Accessibility field if non-nil, zero value otherwise.
+
+### GetAccessibilityOk
+
+`func (o *ListApplications200ResponseInner) GetAccessibilityOk() (*ApplicationAccessibility, bool)`
+
+GetAccessibilityOk returns a tuple with the Accessibility field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccessibility
+
+`func (o *ListApplications200ResponseInner) SetAccessibility(v ApplicationAccessibility)`
+
+SetAccessibility sets Accessibility field to given value.
+
+### HasAccessibility
+
+`func (o *ListApplications200ResponseInner) HasAccessibility() bool`
+
+HasAccessibility returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *ListApplications200ResponseInner) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ListApplications200ResponseInner) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ListApplications200ResponseInner) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ListApplications200ResponseInner) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetFeatures
+
+`func (o *ListApplications200ResponseInner) GetFeatures() []string`
+
+GetFeatures returns the Features field if non-nil, zero value otherwise.
+
+### GetFeaturesOk
+
+`func (o *ListApplications200ResponseInner) GetFeaturesOk() (*[]string, bool)`
+
+GetFeaturesOk returns a tuple with the Features field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFeatures
+
+`func (o *ListApplications200ResponseInner) SetFeatures(v []string)`
+
+SetFeatures sets Features field to given value.
+
+### HasFeatures
+
+`func (o *ListApplications200ResponseInner) HasFeatures() bool`
+
+HasFeatures returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ListApplications200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListApplications200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListApplications200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListApplications200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *ListApplications200ResponseInner) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *ListApplications200ResponseInner) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *ListApplications200ResponseInner) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *ListApplications200ResponseInner) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ListApplications200ResponseInner) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ListApplications200ResponseInner) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ListApplications200ResponseInner) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ListApplications200ResponseInner) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLicensing
+
+`func (o *ListApplications200ResponseInner) GetLicensing() ApplicationLicensing`
+
+GetLicensing returns the Licensing field if non-nil, zero value otherwise.
+
+### GetLicensingOk
+
+`func (o *ListApplications200ResponseInner) GetLicensingOk() (*ApplicationLicensing, bool)`
+
+GetLicensingOk returns a tuple with the Licensing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLicensing
+
+`func (o *ListApplications200ResponseInner) SetLicensing(v ApplicationLicensing)`
+
+SetLicensing sets Licensing field to given value.
+
+### HasLicensing
+
+`func (o *ListApplications200ResponseInner) HasLicensing() bool`
+
+HasLicensing returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *ListApplications200ResponseInner) GetProfile() map[string]map[string]interface{}`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *ListApplications200ResponseInner) GetProfileOk() (*map[string]map[string]interface{}, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *ListApplications200ResponseInner) SetProfile(v map[string]map[string]interface{})`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *ListApplications200ResponseInner) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetSignOnMode
+
+`func (o *ListApplications200ResponseInner) GetSignOnMode() ApplicationSignOnMode`
+
+GetSignOnMode returns the SignOnMode field if non-nil, zero value otherwise.
+
+### GetSignOnModeOk
+
+`func (o *ListApplications200ResponseInner) GetSignOnModeOk() (*ApplicationSignOnMode, bool)`
+
+GetSignOnModeOk returns a tuple with the SignOnMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignOnMode
+
+`func (o *ListApplications200ResponseInner) SetSignOnMode(v ApplicationSignOnMode)`
+
+SetSignOnMode sets SignOnMode field to given value.
+
+### HasSignOnMode
+
+`func (o *ListApplications200ResponseInner) HasSignOnMode() bool`
+
+HasSignOnMode returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *ListApplications200ResponseInner) GetStatus() ApplicationLifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ListApplications200ResponseInner) GetStatusOk() (*ApplicationLifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ListApplications200ResponseInner) SetStatus(v ApplicationLifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ListApplications200ResponseInner) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetVisibility
+
+`func (o *ListApplications200ResponseInner) GetVisibility() ApplicationVisibility`
+
+GetVisibility returns the Visibility field if non-nil, zero value otherwise.
+
+### GetVisibilityOk
+
+`func (o *ListApplications200ResponseInner) GetVisibilityOk() (*ApplicationVisibility, bool)`
+
+GetVisibilityOk returns a tuple with the Visibility field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVisibility
+
+`func (o *ListApplications200ResponseInner) SetVisibility(v ApplicationVisibility)`
+
+SetVisibility sets Visibility field to given value.
+
+### HasVisibility
+
+`func (o *ListApplications200ResponseInner) HasVisibility() bool`
+
+HasVisibility returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *ListApplications200ResponseInner) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *ListApplications200ResponseInner) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *ListApplications200ResponseInner) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *ListApplications200ResponseInner) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ListApplications200ResponseInner) GetLinks() ApplicationLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ListApplications200ResponseInner) GetLinksOk() (*ApplicationLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ListApplications200ResponseInner) SetLinks(v ApplicationLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ListApplications200ResponseInner) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+### GetCredentials
+
+`func (o *ListApplications200ResponseInner) GetCredentials() ApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *ListApplications200ResponseInner) GetCredentialsOk() (*ApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *ListApplications200ResponseInner) SetCredentials(v ApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *ListApplications200ResponseInner) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ListApplications200ResponseInner) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ListApplications200ResponseInner) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ListApplications200ResponseInner) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ListApplications200ResponseInner) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *ListApplications200ResponseInner) GetSettings() WsFederationApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *ListApplications200ResponseInner) GetSettingsOk() (*WsFederationApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *ListApplications200ResponseInner) SetSettings(v WsFederationApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *ListApplications200ResponseInner) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListBehaviorDetectionRules200ResponseInner.md b/okta/docs/ListBehaviorDetectionRules200ResponseInner.md
new file mode 100644
index 000000000..9f8e1e2da
--- /dev/null
+++ b/okta/docs/ListBehaviorDetectionRules200ResponseInner.md
@@ -0,0 +1,228 @@
+# ListBehaviorDetectionRules200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | **string** |  | 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Type** | [**BehaviorRuleType**](BehaviorRuleType.md) |  | 
+**Link** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+**Settings** | Pointer to [**BehaviorRuleSettingsVelocity**](BehaviorRuleSettingsVelocity.md) |  | [optional] 
+
+## Methods
+
+### NewListBehaviorDetectionRules200ResponseInner
+
+`func NewListBehaviorDetectionRules200ResponseInner(name string, type_ BehaviorRuleType, ) *ListBehaviorDetectionRules200ResponseInner`
+
+NewListBehaviorDetectionRules200ResponseInner instantiates a new ListBehaviorDetectionRules200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListBehaviorDetectionRules200ResponseInnerWithDefaults
+
+`func NewListBehaviorDetectionRules200ResponseInnerWithDefaults() *ListBehaviorDetectionRules200ResponseInner`
+
+NewListBehaviorDetectionRules200ResponseInnerWithDefaults instantiates a new ListBehaviorDetectionRules200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetName(v string)`
+
+SetName sets Name field to given value.
+
+
+### GetStatus
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetType() BehaviorRuleType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetTypeOk() (*BehaviorRuleType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetType(v BehaviorRuleType)`
+
+SetType sets Type field to given value.
+
+
+### GetLink
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetLink() ApiTokenLink`
+
+GetLink returns the Link field if non-nil, zero value otherwise.
+
+### GetLinkOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetLinkOk() (*ApiTokenLink, bool)`
+
+GetLinkOk returns a tuple with the Link field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLink
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetLink(v ApiTokenLink)`
+
+SetLink sets Link field to given value.
+
+### HasLink
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) HasLink() bool`
+
+HasLink returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetSettings() BehaviorRuleSettingsVelocity`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) GetSettingsOk() (*BehaviorRuleSettingsVelocity, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) SetSettings(v BehaviorRuleSettingsVelocity)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *ListBehaviorDetectionRules200ResponseInner) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListDeviceAssurancePolicies200ResponseInner.md b/okta/docs/ListDeviceAssurancePolicies200ResponseInner.md
new file mode 100644
index 000000000..d1d716df6
--- /dev/null
+++ b/okta/docs/ListDeviceAssurancePolicies200ResponseInner.md
@@ -0,0 +1,394 @@
+# ListDeviceAssurancePolicies200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CreatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**CreatedDate** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdatedDate** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** | Display name of the Device Assurance Policy | [optional] 
+**Platform** | Pointer to [**Platform**](Platform.md) |  | [optional] 
+**Links** | Pointer to [**LinksSelf**](LinksSelf.md) |  | [optional] 
+**DiskEncryptionType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType**](DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType.md) |  | [optional] 
+**Jailbreak** | Pointer to **bool** |  | [optional] 
+**OsVersion** | Pointer to [**OSVersion**](OSVersion.md) |  | [optional] 
+**ScreenLockType** | Pointer to [**DeviceAssuranceAndroidPlatformAllOfScreenLockType**](DeviceAssuranceAndroidPlatformAllOfScreenLockType.md) |  | [optional] 
+**SecureHardwarePresent** | Pointer to **bool** |  | [optional] 
+**ThirdPartySignalProviders** | Pointer to [**DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders**](DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders.md) |  | [optional] 
+
+## Methods
+
+### NewListDeviceAssurancePolicies200ResponseInner
+
+`func NewListDeviceAssurancePolicies200ResponseInner() *ListDeviceAssurancePolicies200ResponseInner`
+
+NewListDeviceAssurancePolicies200ResponseInner instantiates a new ListDeviceAssurancePolicies200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListDeviceAssurancePolicies200ResponseInnerWithDefaults
+
+`func NewListDeviceAssurancePolicies200ResponseInnerWithDefaults() *ListDeviceAssurancePolicies200ResponseInner`
+
+NewListDeviceAssurancePolicies200ResponseInnerWithDefaults instantiates a new ListDeviceAssurancePolicies200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreatedBy
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetCreatedBy() string`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetCreatedByOk() (*string, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetCreatedBy(v string)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetCreatedDate
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetCreatedDate() string`
+
+GetCreatedDate returns the CreatedDate field if non-nil, zero value otherwise.
+
+### GetCreatedDateOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetCreatedDateOk() (*string, bool)`
+
+GetCreatedDateOk returns a tuple with the CreatedDate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedDate
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetCreatedDate(v string)`
+
+SetCreatedDate sets CreatedDate field to given value.
+
+### HasCreatedDate
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasCreatedDate() bool`
+
+HasCreatedDate returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdatedBy
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetLastUpdatedBy() string`
+
+GetLastUpdatedBy returns the LastUpdatedBy field if non-nil, zero value otherwise.
+
+### GetLastUpdatedByOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetLastUpdatedByOk() (*string, bool)`
+
+GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedBy
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetLastUpdatedBy(v string)`
+
+SetLastUpdatedBy sets LastUpdatedBy field to given value.
+
+### HasLastUpdatedBy
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasLastUpdatedBy() bool`
+
+HasLastUpdatedBy returns a boolean if a field has been set.
+
+### GetLastUpdatedDate
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetLastUpdatedDate() string`
+
+GetLastUpdatedDate returns the LastUpdatedDate field if non-nil, zero value otherwise.
+
+### GetLastUpdatedDateOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetLastUpdatedDateOk() (*string, bool)`
+
+GetLastUpdatedDateOk returns a tuple with the LastUpdatedDate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedDate
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetLastUpdatedDate(v string)`
+
+SetLastUpdatedDate sets LastUpdatedDate field to given value.
+
+### HasLastUpdatedDate
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasLastUpdatedDate() bool`
+
+HasLastUpdatedDate returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetPlatform() Platform`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetPlatformOk() (*Platform, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetPlatform(v Platform)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetLinks() LinksSelf`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetLinksOk() (*LinksSelf, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetLinks(v LinksSelf)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+### GetDiskEncryptionType
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType`
+
+GetDiskEncryptionType returns the DiskEncryptionType field if non-nil, zero value otherwise.
+
+### GetDiskEncryptionTypeOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool)`
+
+GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDiskEncryptionType
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)`
+
+SetDiskEncryptionType sets DiskEncryptionType field to given value.
+
+### HasDiskEncryptionType
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasDiskEncryptionType() bool`
+
+HasDiskEncryptionType returns a boolean if a field has been set.
+
+### GetJailbreak
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetJailbreak() bool`
+
+GetJailbreak returns the Jailbreak field if non-nil, zero value otherwise.
+
+### GetJailbreakOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetJailbreakOk() (*bool, bool)`
+
+GetJailbreakOk returns a tuple with the Jailbreak field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJailbreak
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetJailbreak(v bool)`
+
+SetJailbreak sets Jailbreak field to given value.
+
+### HasJailbreak
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasJailbreak() bool`
+
+HasJailbreak returns a boolean if a field has been set.
+
+### GetOsVersion
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetOsVersion() OSVersion`
+
+GetOsVersion returns the OsVersion field if non-nil, zero value otherwise.
+
+### GetOsVersionOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetOsVersionOk() (*OSVersion, bool)`
+
+GetOsVersionOk returns a tuple with the OsVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOsVersion
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetOsVersion(v OSVersion)`
+
+SetOsVersion sets OsVersion field to given value.
+
+### HasOsVersion
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasOsVersion() bool`
+
+HasOsVersion returns a boolean if a field has been set.
+
+### GetScreenLockType
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType`
+
+GetScreenLockType returns the ScreenLockType field if non-nil, zero value otherwise.
+
+### GetScreenLockTypeOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool)`
+
+GetScreenLockTypeOk returns a tuple with the ScreenLockType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScreenLockType
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType)`
+
+SetScreenLockType sets ScreenLockType field to given value.
+
+### HasScreenLockType
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasScreenLockType() bool`
+
+HasScreenLockType returns a boolean if a field has been set.
+
+### GetSecureHardwarePresent
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetSecureHardwarePresent() bool`
+
+GetSecureHardwarePresent returns the SecureHardwarePresent field if non-nil, zero value otherwise.
+
+### GetSecureHardwarePresentOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetSecureHardwarePresentOk() (*bool, bool)`
+
+GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecureHardwarePresent
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetSecureHardwarePresent(v bool)`
+
+SetSecureHardwarePresent sets SecureHardwarePresent field to given value.
+
+### HasSecureHardwarePresent
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasSecureHardwarePresent() bool`
+
+HasSecureHardwarePresent returns a boolean if a field has been set.
+
+### GetThirdPartySignalProviders
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetThirdPartySignalProviders() DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders`
+
+GetThirdPartySignalProviders returns the ThirdPartySignalProviders field if non-nil, zero value otherwise.
+
+### GetThirdPartySignalProvidersOk
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) GetThirdPartySignalProvidersOk() (*DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders, bool)`
+
+GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetThirdPartySignalProviders
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) SetThirdPartySignalProviders(v DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders)`
+
+SetThirdPartySignalProviders sets ThirdPartySignalProviders field to given value.
+
+### HasThirdPartySignalProviders
+
+`func (o *ListDeviceAssurancePolicies200ResponseInner) HasThirdPartySignalProviders() bool`
+
+HasThirdPartySignalProviders returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListFactors200ResponseInner.md b/okta/docs/ListFactors200ResponseInner.md
new file mode 100644
index 000000000..37a26b321
--- /dev/null
+++ b/okta/docs/ListFactors200ResponseInner.md
@@ -0,0 +1,368 @@
+# ListFactors200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**FactorType** | Pointer to [**FactorType**](FactorType.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Provider** | Pointer to [**FactorProvider**](FactorProvider.md) |  | [optional] 
+**Status** | Pointer to [**FactorStatus**](FactorStatus.md) |  | [optional] 
+**Verify** | Pointer to [**VerifyFactorRequest**](VerifyFactorRequest.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Profile** | Pointer to [**WebAuthnUserFactorProfile**](WebAuthnUserFactorProfile.md) |  | [optional] 
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] 
+**FactorResult** | Pointer to [**FactorResultType**](FactorResultType.md) |  | [optional] 
+**FactorProfileId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewListFactors200ResponseInner
+
+`func NewListFactors200ResponseInner() *ListFactors200ResponseInner`
+
+NewListFactors200ResponseInner instantiates a new ListFactors200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListFactors200ResponseInnerWithDefaults
+
+`func NewListFactors200ResponseInnerWithDefaults() *ListFactors200ResponseInner`
+
+NewListFactors200ResponseInnerWithDefaults instantiates a new ListFactors200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ListFactors200ResponseInner) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ListFactors200ResponseInner) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ListFactors200ResponseInner) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ListFactors200ResponseInner) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetFactorType
+
+`func (o *ListFactors200ResponseInner) GetFactorType() FactorType`
+
+GetFactorType returns the FactorType field if non-nil, zero value otherwise.
+
+### GetFactorTypeOk
+
+`func (o *ListFactors200ResponseInner) GetFactorTypeOk() (*FactorType, bool)`
+
+GetFactorTypeOk returns a tuple with the FactorType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorType
+
+`func (o *ListFactors200ResponseInner) SetFactorType(v FactorType)`
+
+SetFactorType sets FactorType field to given value.
+
+### HasFactorType
+
+`func (o *ListFactors200ResponseInner) HasFactorType() bool`
+
+HasFactorType returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ListFactors200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListFactors200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListFactors200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListFactors200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ListFactors200ResponseInner) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ListFactors200ResponseInner) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ListFactors200ResponseInner) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ListFactors200ResponseInner) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetProvider
+
+`func (o *ListFactors200ResponseInner) GetProvider() FactorProvider`
+
+GetProvider returns the Provider field if non-nil, zero value otherwise.
+
+### GetProviderOk
+
+`func (o *ListFactors200ResponseInner) GetProviderOk() (*FactorProvider, bool)`
+
+GetProviderOk returns a tuple with the Provider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvider
+
+`func (o *ListFactors200ResponseInner) SetProvider(v FactorProvider)`
+
+SetProvider sets Provider field to given value.
+
+### HasProvider
+
+`func (o *ListFactors200ResponseInner) HasProvider() bool`
+
+HasProvider returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *ListFactors200ResponseInner) GetStatus() FactorStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ListFactors200ResponseInner) GetStatusOk() (*FactorStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ListFactors200ResponseInner) SetStatus(v FactorStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ListFactors200ResponseInner) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetVerify
+
+`func (o *ListFactors200ResponseInner) GetVerify() VerifyFactorRequest`
+
+GetVerify returns the Verify field if non-nil, zero value otherwise.
+
+### GetVerifyOk
+
+`func (o *ListFactors200ResponseInner) GetVerifyOk() (*VerifyFactorRequest, bool)`
+
+GetVerifyOk returns a tuple with the Verify field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerify
+
+`func (o *ListFactors200ResponseInner) SetVerify(v VerifyFactorRequest)`
+
+SetVerify sets Verify field to given value.
+
+### HasVerify
+
+`func (o *ListFactors200ResponseInner) HasVerify() bool`
+
+HasVerify returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *ListFactors200ResponseInner) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *ListFactors200ResponseInner) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *ListFactors200ResponseInner) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *ListFactors200ResponseInner) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ListFactors200ResponseInner) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ListFactors200ResponseInner) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ListFactors200ResponseInner) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ListFactors200ResponseInner) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *ListFactors200ResponseInner) GetProfile() WebAuthnUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *ListFactors200ResponseInner) GetProfileOk() (*WebAuthnUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *ListFactors200ResponseInner) SetProfile(v WebAuthnUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *ListFactors200ResponseInner) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetExpiresAt
+
+`func (o *ListFactors200ResponseInner) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *ListFactors200ResponseInner) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *ListFactors200ResponseInner) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *ListFactors200ResponseInner) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetFactorResult
+
+`func (o *ListFactors200ResponseInner) GetFactorResult() FactorResultType`
+
+GetFactorResult returns the FactorResult field if non-nil, zero value otherwise.
+
+### GetFactorResultOk
+
+`func (o *ListFactors200ResponseInner) GetFactorResultOk() (*FactorResultType, bool)`
+
+GetFactorResultOk returns a tuple with the FactorResult field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorResult
+
+`func (o *ListFactors200ResponseInner) SetFactorResult(v FactorResultType)`
+
+SetFactorResult sets FactorResult field to given value.
+
+### HasFactorResult
+
+`func (o *ListFactors200ResponseInner) HasFactorResult() bool`
+
+HasFactorResult returns a boolean if a field has been set.
+
+### GetFactorProfileId
+
+`func (o *ListFactors200ResponseInner) GetFactorProfileId() string`
+
+GetFactorProfileId returns the FactorProfileId field if non-nil, zero value otherwise.
+
+### GetFactorProfileIdOk
+
+`func (o *ListFactors200ResponseInner) GetFactorProfileIdOk() (*string, bool)`
+
+GetFactorProfileIdOk returns a tuple with the FactorProfileId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorProfileId
+
+`func (o *ListFactors200ResponseInner) SetFactorProfileId(v string)`
+
+SetFactorProfileId sets FactorProfileId field to given value.
+
+### HasFactorProfileId
+
+`func (o *ListFactors200ResponseInner) HasFactorProfileId() bool`
+
+HasFactorProfileId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListLogStreams200ResponseInner.md b/okta/docs/ListLogStreams200ResponseInner.md
new file mode 100644
index 000000000..8bb185911
--- /dev/null
+++ b/okta/docs/ListLogStreams200ResponseInner.md
@@ -0,0 +1,238 @@
+# ListLogStreams200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the Log Stream was created | [optional] [readonly] 
+**Id** | Pointer to **string** | Unique key for the Log Stream | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the Log Stream was last updated | [optional] [readonly] 
+**Name** | Pointer to **string** | Unique name for the Log Stream | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Type** | Pointer to [**LogStreamType**](LogStreamType.md) |  | [optional] 
+**Links** | Pointer to [**LogStreamLinks**](LogStreamLinks.md) |  | [optional] 
+**Settings** | Pointer to [**LogStreamSettingsSplunk**](LogStreamSettingsSplunk.md) |  | [optional] 
+
+## Methods
+
+### NewListLogStreams200ResponseInner
+
+`func NewListLogStreams200ResponseInner() *ListLogStreams200ResponseInner`
+
+NewListLogStreams200ResponseInner instantiates a new ListLogStreams200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListLogStreams200ResponseInnerWithDefaults
+
+`func NewListLogStreams200ResponseInnerWithDefaults() *ListLogStreams200ResponseInner`
+
+NewListLogStreams200ResponseInnerWithDefaults instantiates a new ListLogStreams200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ListLogStreams200ResponseInner) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ListLogStreams200ResponseInner) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ListLogStreams200ResponseInner) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ListLogStreams200ResponseInner) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ListLogStreams200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListLogStreams200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListLogStreams200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListLogStreams200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ListLogStreams200ResponseInner) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ListLogStreams200ResponseInner) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ListLogStreams200ResponseInner) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ListLogStreams200ResponseInner) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ListLogStreams200ResponseInner) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ListLogStreams200ResponseInner) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ListLogStreams200ResponseInner) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ListLogStreams200ResponseInner) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *ListLogStreams200ResponseInner) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ListLogStreams200ResponseInner) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ListLogStreams200ResponseInner) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ListLogStreams200ResponseInner) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ListLogStreams200ResponseInner) GetType() LogStreamType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ListLogStreams200ResponseInner) GetTypeOk() (*LogStreamType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ListLogStreams200ResponseInner) SetType(v LogStreamType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *ListLogStreams200ResponseInner) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ListLogStreams200ResponseInner) GetLinks() LogStreamLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ListLogStreams200ResponseInner) GetLinksOk() (*LogStreamLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ListLogStreams200ResponseInner) SetLinks(v LogStreamLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ListLogStreams200ResponseInner) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *ListLogStreams200ResponseInner) GetSettings() LogStreamSettingsSplunk`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *ListLogStreams200ResponseInner) GetSettingsOk() (*LogStreamSettingsSplunk, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *ListLogStreams200ResponseInner) SetSettings(v LogStreamSettingsSplunk)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *ListLogStreams200ResponseInner) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListPolicies200ResponseInner.md b/okta/docs/ListPolicies200ResponseInner.md
new file mode 100644
index 000000000..1826d8f2e
--- /dev/null
+++ b/okta/docs/ListPolicies200ResponseInner.md
@@ -0,0 +1,472 @@
+# ListPolicies200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Description** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Priority** | Pointer to **int32** |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | Pointer to **bool** |  | [optional] 
+**Type** | Pointer to [**PolicyType**](PolicyType.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**AccountLink** | Pointer to [**PolicyAccountLink**](PolicyAccountLink.md) |  | [optional] 
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+**MaxClockSkew** | Pointer to **int32** |  | [optional] 
+**Provisioning** | Pointer to [**Provisioning**](Provisioning.md) |  | [optional] 
+**Subject** | Pointer to [**PolicySubject**](PolicySubject.md) |  | [optional] 
+**Settings** | Pointer to [**PasswordPolicySettings**](PasswordPolicySettings.md) |  | [optional] 
+
+## Methods
+
+### NewListPolicies200ResponseInner
+
+`func NewListPolicies200ResponseInner() *ListPolicies200ResponseInner`
+
+NewListPolicies200ResponseInner instantiates a new ListPolicies200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListPolicies200ResponseInnerWithDefaults
+
+`func NewListPolicies200ResponseInnerWithDefaults() *ListPolicies200ResponseInner`
+
+NewListPolicies200ResponseInnerWithDefaults instantiates a new ListPolicies200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ListPolicies200ResponseInner) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ListPolicies200ResponseInner) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ListPolicies200ResponseInner) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ListPolicies200ResponseInner) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *ListPolicies200ResponseInner) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *ListPolicies200ResponseInner) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *ListPolicies200ResponseInner) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *ListPolicies200ResponseInner) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ListPolicies200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListPolicies200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListPolicies200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListPolicies200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ListPolicies200ResponseInner) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ListPolicies200ResponseInner) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ListPolicies200ResponseInner) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ListPolicies200ResponseInner) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ListPolicies200ResponseInner) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ListPolicies200ResponseInner) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ListPolicies200ResponseInner) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ListPolicies200ResponseInner) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPriority
+
+`func (o *ListPolicies200ResponseInner) GetPriority() int32`
+
+GetPriority returns the Priority field if non-nil, zero value otherwise.
+
+### GetPriorityOk
+
+`func (o *ListPolicies200ResponseInner) GetPriorityOk() (*int32, bool)`
+
+GetPriorityOk returns a tuple with the Priority field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPriority
+
+`func (o *ListPolicies200ResponseInner) SetPriority(v int32)`
+
+SetPriority sets Priority field to given value.
+
+### HasPriority
+
+`func (o *ListPolicies200ResponseInner) HasPriority() bool`
+
+HasPriority returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *ListPolicies200ResponseInner) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ListPolicies200ResponseInner) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ListPolicies200ResponseInner) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ListPolicies200ResponseInner) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetSystem
+
+`func (o *ListPolicies200ResponseInner) GetSystem() bool`
+
+GetSystem returns the System field if non-nil, zero value otherwise.
+
+### GetSystemOk
+
+`func (o *ListPolicies200ResponseInner) GetSystemOk() (*bool, bool)`
+
+GetSystemOk returns a tuple with the System field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSystem
+
+`func (o *ListPolicies200ResponseInner) SetSystem(v bool)`
+
+SetSystem sets System field to given value.
+
+### HasSystem
+
+`func (o *ListPolicies200ResponseInner) HasSystem() bool`
+
+HasSystem returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ListPolicies200ResponseInner) GetType() PolicyType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ListPolicies200ResponseInner) GetTypeOk() (*PolicyType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ListPolicies200ResponseInner) SetType(v PolicyType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *ListPolicies200ResponseInner) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *ListPolicies200ResponseInner) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *ListPolicies200ResponseInner) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *ListPolicies200ResponseInner) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *ListPolicies200ResponseInner) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ListPolicies200ResponseInner) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ListPolicies200ResponseInner) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ListPolicies200ResponseInner) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ListPolicies200ResponseInner) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+### GetAccountLink
+
+`func (o *ListPolicies200ResponseInner) GetAccountLink() PolicyAccountLink`
+
+GetAccountLink returns the AccountLink field if non-nil, zero value otherwise.
+
+### GetAccountLinkOk
+
+`func (o *ListPolicies200ResponseInner) GetAccountLinkOk() (*PolicyAccountLink, bool)`
+
+GetAccountLinkOk returns a tuple with the AccountLink field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccountLink
+
+`func (o *ListPolicies200ResponseInner) SetAccountLink(v PolicyAccountLink)`
+
+SetAccountLink sets AccountLink field to given value.
+
+### HasAccountLink
+
+`func (o *ListPolicies200ResponseInner) HasAccountLink() bool`
+
+HasAccountLink returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *ListPolicies200ResponseInner) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *ListPolicies200ResponseInner) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *ListPolicies200ResponseInner) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *ListPolicies200ResponseInner) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetMaxClockSkew
+
+`func (o *ListPolicies200ResponseInner) GetMaxClockSkew() int32`
+
+GetMaxClockSkew returns the MaxClockSkew field if non-nil, zero value otherwise.
+
+### GetMaxClockSkewOk
+
+`func (o *ListPolicies200ResponseInner) GetMaxClockSkewOk() (*int32, bool)`
+
+GetMaxClockSkewOk returns a tuple with the MaxClockSkew field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxClockSkew
+
+`func (o *ListPolicies200ResponseInner) SetMaxClockSkew(v int32)`
+
+SetMaxClockSkew sets MaxClockSkew field to given value.
+
+### HasMaxClockSkew
+
+`func (o *ListPolicies200ResponseInner) HasMaxClockSkew() bool`
+
+HasMaxClockSkew returns a boolean if a field has been set.
+
+### GetProvisioning
+
+`func (o *ListPolicies200ResponseInner) GetProvisioning() Provisioning`
+
+GetProvisioning returns the Provisioning field if non-nil, zero value otherwise.
+
+### GetProvisioningOk
+
+`func (o *ListPolicies200ResponseInner) GetProvisioningOk() (*Provisioning, bool)`
+
+GetProvisioningOk returns a tuple with the Provisioning field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvisioning
+
+`func (o *ListPolicies200ResponseInner) SetProvisioning(v Provisioning)`
+
+SetProvisioning sets Provisioning field to given value.
+
+### HasProvisioning
+
+`func (o *ListPolicies200ResponseInner) HasProvisioning() bool`
+
+HasProvisioning returns a boolean if a field has been set.
+
+### GetSubject
+
+`func (o *ListPolicies200ResponseInner) GetSubject() PolicySubject`
+
+GetSubject returns the Subject field if non-nil, zero value otherwise.
+
+### GetSubjectOk
+
+`func (o *ListPolicies200ResponseInner) GetSubjectOk() (*PolicySubject, bool)`
+
+GetSubjectOk returns a tuple with the Subject field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubject
+
+`func (o *ListPolicies200ResponseInner) SetSubject(v PolicySubject)`
+
+SetSubject sets Subject field to given value.
+
+### HasSubject
+
+`func (o *ListPolicies200ResponseInner) HasSubject() bool`
+
+HasSubject returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *ListPolicies200ResponseInner) GetSettings() PasswordPolicySettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *ListPolicies200ResponseInner) GetSettingsOk() (*PasswordPolicySettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *ListPolicies200ResponseInner) SetSettings(v PasswordPolicySettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *ListPolicies200ResponseInner) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListPolicyRules200ResponseInner.md b/okta/docs/ListPolicyRules200ResponseInner.md
new file mode 100644
index 000000000..1bec4f6c7
--- /dev/null
+++ b/okta/docs/ListPolicyRules200ResponseInner.md
@@ -0,0 +1,310 @@
+# ListPolicyRules200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Priority** | Pointer to **int32** |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | Pointer to **bool** |  | [optional] [default to false]
+**Type** | Pointer to [**PolicyRuleType**](PolicyRuleType.md) |  | [optional] 
+**Actions** | Pointer to [**OktaSignOnPolicyRuleActions**](OktaSignOnPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**OktaSignOnPolicyRuleConditions**](OktaSignOnPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewListPolicyRules200ResponseInner
+
+`func NewListPolicyRules200ResponseInner() *ListPolicyRules200ResponseInner`
+
+NewListPolicyRules200ResponseInner instantiates a new ListPolicyRules200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListPolicyRules200ResponseInnerWithDefaults
+
+`func NewListPolicyRules200ResponseInnerWithDefaults() *ListPolicyRules200ResponseInner`
+
+NewListPolicyRules200ResponseInnerWithDefaults instantiates a new ListPolicyRules200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ListPolicyRules200ResponseInner) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ListPolicyRules200ResponseInner) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ListPolicyRules200ResponseInner) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ListPolicyRules200ResponseInner) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### SetCreatedNil
+
+`func (o *ListPolicyRules200ResponseInner) SetCreatedNil(b bool)`
+
+ SetCreatedNil sets the value for Created to be an explicit nil
+
+### UnsetCreated
+`func (o *ListPolicyRules200ResponseInner) UnsetCreated()`
+
+UnsetCreated ensures that no value is present for Created, not even an explicit nil
+### GetId
+
+`func (o *ListPolicyRules200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListPolicyRules200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListPolicyRules200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListPolicyRules200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ListPolicyRules200ResponseInner) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ListPolicyRules200ResponseInner) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ListPolicyRules200ResponseInner) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ListPolicyRules200ResponseInner) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### SetLastUpdatedNil
+
+`func (o *ListPolicyRules200ResponseInner) SetLastUpdatedNil(b bool)`
+
+ SetLastUpdatedNil sets the value for LastUpdated to be an explicit nil
+
+### UnsetLastUpdated
+`func (o *ListPolicyRules200ResponseInner) UnsetLastUpdated()`
+
+UnsetLastUpdated ensures that no value is present for LastUpdated, not even an explicit nil
+### GetName
+
+`func (o *ListPolicyRules200ResponseInner) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ListPolicyRules200ResponseInner) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ListPolicyRules200ResponseInner) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ListPolicyRules200ResponseInner) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPriority
+
+`func (o *ListPolicyRules200ResponseInner) GetPriority() int32`
+
+GetPriority returns the Priority field if non-nil, zero value otherwise.
+
+### GetPriorityOk
+
+`func (o *ListPolicyRules200ResponseInner) GetPriorityOk() (*int32, bool)`
+
+GetPriorityOk returns a tuple with the Priority field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPriority
+
+`func (o *ListPolicyRules200ResponseInner) SetPriority(v int32)`
+
+SetPriority sets Priority field to given value.
+
+### HasPriority
+
+`func (o *ListPolicyRules200ResponseInner) HasPriority() bool`
+
+HasPriority returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *ListPolicyRules200ResponseInner) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ListPolicyRules200ResponseInner) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ListPolicyRules200ResponseInner) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ListPolicyRules200ResponseInner) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetSystem
+
+`func (o *ListPolicyRules200ResponseInner) GetSystem() bool`
+
+GetSystem returns the System field if non-nil, zero value otherwise.
+
+### GetSystemOk
+
+`func (o *ListPolicyRules200ResponseInner) GetSystemOk() (*bool, bool)`
+
+GetSystemOk returns a tuple with the System field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSystem
+
+`func (o *ListPolicyRules200ResponseInner) SetSystem(v bool)`
+
+SetSystem sets System field to given value.
+
+### HasSystem
+
+`func (o *ListPolicyRules200ResponseInner) HasSystem() bool`
+
+HasSystem returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ListPolicyRules200ResponseInner) GetType() PolicyRuleType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ListPolicyRules200ResponseInner) GetTypeOk() (*PolicyRuleType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ListPolicyRules200ResponseInner) SetType(v PolicyRuleType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *ListPolicyRules200ResponseInner) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetActions
+
+`func (o *ListPolicyRules200ResponseInner) GetActions() OktaSignOnPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *ListPolicyRules200ResponseInner) GetActionsOk() (*OktaSignOnPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *ListPolicyRules200ResponseInner) SetActions(v OktaSignOnPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *ListPolicyRules200ResponseInner) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *ListPolicyRules200ResponseInner) GetConditions() OktaSignOnPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *ListPolicyRules200ResponseInner) GetConditionsOk() (*OktaSignOnPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *ListPolicyRules200ResponseInner) SetConditions(v OktaSignOnPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *ListPolicyRules200ResponseInner) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ListPushProviders200ResponseInner.md b/okta/docs/ListPushProviders200ResponseInner.md
new file mode 100644
index 000000000..8485f39a1
--- /dev/null
+++ b/okta/docs/ListPushProviders200ResponseInner.md
@@ -0,0 +1,186 @@
+# ListPushProviders200ResponseInner
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdatedDate** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** | Display name of the push provider | [optional] 
+**ProviderType** | Pointer to [**ProviderType**](ProviderType.md) |  | [optional] 
+**Links** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+**Configuration** | Pointer to [**FCMConfiguration**](FCMConfiguration.md) |  | [optional] 
+
+## Methods
+
+### NewListPushProviders200ResponseInner
+
+`func NewListPushProviders200ResponseInner() *ListPushProviders200ResponseInner`
+
+NewListPushProviders200ResponseInner instantiates a new ListPushProviders200ResponseInner object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewListPushProviders200ResponseInnerWithDefaults
+
+`func NewListPushProviders200ResponseInnerWithDefaults() *ListPushProviders200ResponseInner`
+
+NewListPushProviders200ResponseInnerWithDefaults instantiates a new ListPushProviders200ResponseInner object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *ListPushProviders200ResponseInner) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ListPushProviders200ResponseInner) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ListPushProviders200ResponseInner) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ListPushProviders200ResponseInner) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdatedDate
+
+`func (o *ListPushProviders200ResponseInner) GetLastUpdatedDate() string`
+
+GetLastUpdatedDate returns the LastUpdatedDate field if non-nil, zero value otherwise.
+
+### GetLastUpdatedDateOk
+
+`func (o *ListPushProviders200ResponseInner) GetLastUpdatedDateOk() (*string, bool)`
+
+GetLastUpdatedDateOk returns a tuple with the LastUpdatedDate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedDate
+
+`func (o *ListPushProviders200ResponseInner) SetLastUpdatedDate(v string)`
+
+SetLastUpdatedDate sets LastUpdatedDate field to given value.
+
+### HasLastUpdatedDate
+
+`func (o *ListPushProviders200ResponseInner) HasLastUpdatedDate() bool`
+
+HasLastUpdatedDate returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ListPushProviders200ResponseInner) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ListPushProviders200ResponseInner) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ListPushProviders200ResponseInner) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ListPushProviders200ResponseInner) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetProviderType
+
+`func (o *ListPushProviders200ResponseInner) GetProviderType() ProviderType`
+
+GetProviderType returns the ProviderType field if non-nil, zero value otherwise.
+
+### GetProviderTypeOk
+
+`func (o *ListPushProviders200ResponseInner) GetProviderTypeOk() (*ProviderType, bool)`
+
+GetProviderTypeOk returns a tuple with the ProviderType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProviderType
+
+`func (o *ListPushProviders200ResponseInner) SetProviderType(v ProviderType)`
+
+SetProviderType sets ProviderType field to given value.
+
+### HasProviderType
+
+`func (o *ListPushProviders200ResponseInner) HasProviderType() bool`
+
+HasProviderType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ListPushProviders200ResponseInner) GetLinks() ApiTokenLink`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ListPushProviders200ResponseInner) GetLinksOk() (*ApiTokenLink, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ListPushProviders200ResponseInner) SetLinks(v ApiTokenLink)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ListPushProviders200ResponseInner) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+### GetConfiguration
+
+`func (o *ListPushProviders200ResponseInner) GetConfiguration() FCMConfiguration`
+
+GetConfiguration returns the Configuration field if non-nil, zero value otherwise.
+
+### GetConfigurationOk
+
+`func (o *ListPushProviders200ResponseInner) GetConfigurationOk() (*FCMConfiguration, bool)`
+
+GetConfigurationOk returns a tuple with the Configuration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConfiguration
+
+`func (o *ListPushProviders200ResponseInner) SetConfiguration(v FCMConfiguration)`
+
+SetConfiguration sets Configuration field to given value.
+
+### HasConfiguration
+
+`func (o *ListPushProviders200ResponseInner) HasConfiguration() bool`
+
+HasConfiguration returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LoadingPageTouchPointVariant.md b/okta/docs/LoadingPageTouchPointVariant.md
new file mode 100644
index 000000000..796157a88
--- /dev/null
+++ b/okta/docs/LoadingPageTouchPointVariant.md
@@ -0,0 +1,13 @@
+# LoadingPageTouchPointVariant
+
+## Enum
+
+
+* `NONE` (value: `"NONE"`)
+
+* `OKTA_DEFAULT` (value: `"OKTA_DEFAULT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LocationGranularity.md b/okta/docs/LocationGranularity.md
new file mode 100644
index 000000000..d787eb665
--- /dev/null
+++ b/okta/docs/LocationGranularity.md
@@ -0,0 +1,17 @@
+# LocationGranularity
+
+## Enum
+
+
+* `CITY` (value: `"CITY"`)
+
+* `COUNTRY` (value: `"COUNTRY"`)
+
+* `LAT_LONG` (value: `"LAT_LONG"`)
+
+* `SUBDIVISION` (value: `"SUBDIVISION"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogActor.md b/okta/docs/LogActor.md
new file mode 100644
index 000000000..dc7e762b3
--- /dev/null
+++ b/okta/docs/LogActor.md
@@ -0,0 +1,160 @@
+# LogActor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AlternateId** | Pointer to **string** |  | [optional] [readonly] 
+**Detail** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**DisplayName** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogActor
+
+`func NewLogActor() *LogActor`
+
+NewLogActor instantiates a new LogActor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogActorWithDefaults
+
+`func NewLogActorWithDefaults() *LogActor`
+
+NewLogActorWithDefaults instantiates a new LogActor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlternateId
+
+`func (o *LogActor) GetAlternateId() string`
+
+GetAlternateId returns the AlternateId field if non-nil, zero value otherwise.
+
+### GetAlternateIdOk
+
+`func (o *LogActor) GetAlternateIdOk() (*string, bool)`
+
+GetAlternateIdOk returns a tuple with the AlternateId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlternateId
+
+`func (o *LogActor) SetAlternateId(v string)`
+
+SetAlternateId sets AlternateId field to given value.
+
+### HasAlternateId
+
+`func (o *LogActor) HasAlternateId() bool`
+
+HasAlternateId returns a boolean if a field has been set.
+
+### GetDetail
+
+`func (o *LogActor) GetDetail() map[string]map[string]interface{}`
+
+GetDetail returns the Detail field if non-nil, zero value otherwise.
+
+### GetDetailOk
+
+`func (o *LogActor) GetDetailOk() (*map[string]map[string]interface{}, bool)`
+
+GetDetailOk returns a tuple with the Detail field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDetail
+
+`func (o *LogActor) SetDetail(v map[string]map[string]interface{})`
+
+SetDetail sets Detail field to given value.
+
+### HasDetail
+
+`func (o *LogActor) HasDetail() bool`
+
+HasDetail returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *LogActor) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *LogActor) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *LogActor) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *LogActor) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *LogActor) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *LogActor) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *LogActor) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *LogActor) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *LogActor) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *LogActor) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *LogActor) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *LogActor) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogAuthenticationContext.md b/okta/docs/LogAuthenticationContext.md
new file mode 100644
index 000000000..367332448
--- /dev/null
+++ b/okta/docs/LogAuthenticationContext.md
@@ -0,0 +1,212 @@
+# LogAuthenticationContext
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthenticationProvider** | Pointer to [**LogAuthenticationProvider**](LogAuthenticationProvider.md) |  | [optional] 
+**AuthenticationStep** | Pointer to **int32** |  | [optional] [readonly] 
+**CredentialProvider** | Pointer to [**LogCredentialProvider**](LogCredentialProvider.md) |  | [optional] 
+**CredentialType** | Pointer to [**LogCredentialType**](LogCredentialType.md) |  | [optional] 
+**ExternalSessionId** | Pointer to **string** |  | [optional] [readonly] 
+**Interface** | Pointer to **string** |  | [optional] [readonly] 
+**Issuer** | Pointer to [**LogIssuer**](LogIssuer.md) |  | [optional] 
+
+## Methods
+
+### NewLogAuthenticationContext
+
+`func NewLogAuthenticationContext() *LogAuthenticationContext`
+
+NewLogAuthenticationContext instantiates a new LogAuthenticationContext object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogAuthenticationContextWithDefaults
+
+`func NewLogAuthenticationContextWithDefaults() *LogAuthenticationContext`
+
+NewLogAuthenticationContextWithDefaults instantiates a new LogAuthenticationContext object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthenticationProvider
+
+`func (o *LogAuthenticationContext) GetAuthenticationProvider() LogAuthenticationProvider`
+
+GetAuthenticationProvider returns the AuthenticationProvider field if non-nil, zero value otherwise.
+
+### GetAuthenticationProviderOk
+
+`func (o *LogAuthenticationContext) GetAuthenticationProviderOk() (*LogAuthenticationProvider, bool)`
+
+GetAuthenticationProviderOk returns a tuple with the AuthenticationProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthenticationProvider
+
+`func (o *LogAuthenticationContext) SetAuthenticationProvider(v LogAuthenticationProvider)`
+
+SetAuthenticationProvider sets AuthenticationProvider field to given value.
+
+### HasAuthenticationProvider
+
+`func (o *LogAuthenticationContext) HasAuthenticationProvider() bool`
+
+HasAuthenticationProvider returns a boolean if a field has been set.
+
+### GetAuthenticationStep
+
+`func (o *LogAuthenticationContext) GetAuthenticationStep() int32`
+
+GetAuthenticationStep returns the AuthenticationStep field if non-nil, zero value otherwise.
+
+### GetAuthenticationStepOk
+
+`func (o *LogAuthenticationContext) GetAuthenticationStepOk() (*int32, bool)`
+
+GetAuthenticationStepOk returns a tuple with the AuthenticationStep field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthenticationStep
+
+`func (o *LogAuthenticationContext) SetAuthenticationStep(v int32)`
+
+SetAuthenticationStep sets AuthenticationStep field to given value.
+
+### HasAuthenticationStep
+
+`func (o *LogAuthenticationContext) HasAuthenticationStep() bool`
+
+HasAuthenticationStep returns a boolean if a field has been set.
+
+### GetCredentialProvider
+
+`func (o *LogAuthenticationContext) GetCredentialProvider() LogCredentialProvider`
+
+GetCredentialProvider returns the CredentialProvider field if non-nil, zero value otherwise.
+
+### GetCredentialProviderOk
+
+`func (o *LogAuthenticationContext) GetCredentialProviderOk() (*LogCredentialProvider, bool)`
+
+GetCredentialProviderOk returns a tuple with the CredentialProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialProvider
+
+`func (o *LogAuthenticationContext) SetCredentialProvider(v LogCredentialProvider)`
+
+SetCredentialProvider sets CredentialProvider field to given value.
+
+### HasCredentialProvider
+
+`func (o *LogAuthenticationContext) HasCredentialProvider() bool`
+
+HasCredentialProvider returns a boolean if a field has been set.
+
+### GetCredentialType
+
+`func (o *LogAuthenticationContext) GetCredentialType() LogCredentialType`
+
+GetCredentialType returns the CredentialType field if non-nil, zero value otherwise.
+
+### GetCredentialTypeOk
+
+`func (o *LogAuthenticationContext) GetCredentialTypeOk() (*LogCredentialType, bool)`
+
+GetCredentialTypeOk returns a tuple with the CredentialType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialType
+
+`func (o *LogAuthenticationContext) SetCredentialType(v LogCredentialType)`
+
+SetCredentialType sets CredentialType field to given value.
+
+### HasCredentialType
+
+`func (o *LogAuthenticationContext) HasCredentialType() bool`
+
+HasCredentialType returns a boolean if a field has been set.
+
+### GetExternalSessionId
+
+`func (o *LogAuthenticationContext) GetExternalSessionId() string`
+
+GetExternalSessionId returns the ExternalSessionId field if non-nil, zero value otherwise.
+
+### GetExternalSessionIdOk
+
+`func (o *LogAuthenticationContext) GetExternalSessionIdOk() (*string, bool)`
+
+GetExternalSessionIdOk returns a tuple with the ExternalSessionId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalSessionId
+
+`func (o *LogAuthenticationContext) SetExternalSessionId(v string)`
+
+SetExternalSessionId sets ExternalSessionId field to given value.
+
+### HasExternalSessionId
+
+`func (o *LogAuthenticationContext) HasExternalSessionId() bool`
+
+HasExternalSessionId returns a boolean if a field has been set.
+
+### GetInterface
+
+`func (o *LogAuthenticationContext) GetInterface() string`
+
+GetInterface returns the Interface field if non-nil, zero value otherwise.
+
+### GetInterfaceOk
+
+`func (o *LogAuthenticationContext) GetInterfaceOk() (*string, bool)`
+
+GetInterfaceOk returns a tuple with the Interface field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInterface
+
+`func (o *LogAuthenticationContext) SetInterface(v string)`
+
+SetInterface sets Interface field to given value.
+
+### HasInterface
+
+`func (o *LogAuthenticationContext) HasInterface() bool`
+
+HasInterface returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *LogAuthenticationContext) GetIssuer() LogIssuer`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *LogAuthenticationContext) GetIssuerOk() (*LogIssuer, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *LogAuthenticationContext) SetIssuer(v LogIssuer)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *LogAuthenticationContext) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogAuthenticationProvider.md b/okta/docs/LogAuthenticationProvider.md
new file mode 100644
index 000000000..d32cfba11
--- /dev/null
+++ b/okta/docs/LogAuthenticationProvider.md
@@ -0,0 +1,21 @@
+# LogAuthenticationProvider
+
+## Enum
+
+
+* `ACTIVE_DIRECTORY` (value: `"ACTIVE_DIRECTORY"`)
+
+* `FACTOR_PROVIDER` (value: `"FACTOR_PROVIDER"`)
+
+* `FEDERATION` (value: `"FEDERATION"`)
+
+* `LDAP` (value: `"LDAP"`)
+
+* `OKTA_AUTHENTICATION_PROVIDER` (value: `"OKTA_AUTHENTICATION_PROVIDER"`)
+
+* `SOCIAL` (value: `"SOCIAL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogClient.md b/okta/docs/LogClient.md
new file mode 100644
index 000000000..a1ae43ea2
--- /dev/null
+++ b/okta/docs/LogClient.md
@@ -0,0 +1,186 @@
+# LogClient
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Device** | Pointer to **string** |  | [optional] [readonly] 
+**GeographicalContext** | Pointer to [**LogGeographicalContext**](LogGeographicalContext.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**IpAddress** | Pointer to **string** |  | [optional] [readonly] 
+**UserAgent** | Pointer to [**LogUserAgent**](LogUserAgent.md) |  | [optional] 
+**Zone** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogClient
+
+`func NewLogClient() *LogClient`
+
+NewLogClient instantiates a new LogClient object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogClientWithDefaults
+
+`func NewLogClientWithDefaults() *LogClient`
+
+NewLogClientWithDefaults instantiates a new LogClient object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDevice
+
+`func (o *LogClient) GetDevice() string`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *LogClient) GetDeviceOk() (*string, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *LogClient) SetDevice(v string)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *LogClient) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGeographicalContext
+
+`func (o *LogClient) GetGeographicalContext() LogGeographicalContext`
+
+GetGeographicalContext returns the GeographicalContext field if non-nil, zero value otherwise.
+
+### GetGeographicalContextOk
+
+`func (o *LogClient) GetGeographicalContextOk() (*LogGeographicalContext, bool)`
+
+GetGeographicalContextOk returns a tuple with the GeographicalContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGeographicalContext
+
+`func (o *LogClient) SetGeographicalContext(v LogGeographicalContext)`
+
+SetGeographicalContext sets GeographicalContext field to given value.
+
+### HasGeographicalContext
+
+`func (o *LogClient) HasGeographicalContext() bool`
+
+HasGeographicalContext returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *LogClient) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *LogClient) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *LogClient) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *LogClient) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIpAddress
+
+`func (o *LogClient) GetIpAddress() string`
+
+GetIpAddress returns the IpAddress field if non-nil, zero value otherwise.
+
+### GetIpAddressOk
+
+`func (o *LogClient) GetIpAddressOk() (*string, bool)`
+
+GetIpAddressOk returns a tuple with the IpAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIpAddress
+
+`func (o *LogClient) SetIpAddress(v string)`
+
+SetIpAddress sets IpAddress field to given value.
+
+### HasIpAddress
+
+`func (o *LogClient) HasIpAddress() bool`
+
+HasIpAddress returns a boolean if a field has been set.
+
+### GetUserAgent
+
+`func (o *LogClient) GetUserAgent() LogUserAgent`
+
+GetUserAgent returns the UserAgent field if non-nil, zero value otherwise.
+
+### GetUserAgentOk
+
+`func (o *LogClient) GetUserAgentOk() (*LogUserAgent, bool)`
+
+GetUserAgentOk returns a tuple with the UserAgent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserAgent
+
+`func (o *LogClient) SetUserAgent(v LogUserAgent)`
+
+SetUserAgent sets UserAgent field to given value.
+
+### HasUserAgent
+
+`func (o *LogClient) HasUserAgent() bool`
+
+HasUserAgent returns a boolean if a field has been set.
+
+### GetZone
+
+`func (o *LogClient) GetZone() string`
+
+GetZone returns the Zone field if non-nil, zero value otherwise.
+
+### GetZoneOk
+
+`func (o *LogClient) GetZoneOk() (*string, bool)`
+
+GetZoneOk returns a tuple with the Zone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetZone
+
+`func (o *LogClient) SetZone(v string)`
+
+SetZone sets Zone field to given value.
+
+### HasZone
+
+`func (o *LogClient) HasZone() bool`
+
+HasZone returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogCredentialProvider.md b/okta/docs/LogCredentialProvider.md
new file mode 100644
index 000000000..a952f79a8
--- /dev/null
+++ b/okta/docs/LogCredentialProvider.md
@@ -0,0 +1,23 @@
+# LogCredentialProvider
+
+## Enum
+
+
+* `DUO` (value: `"DUO"`)
+
+* `GOOGLE` (value: `"GOOGLE"`)
+
+* `OKTA_AUTHENTICATION_PROVIDER` (value: `"OKTA_AUTHENTICATION_PROVIDER"`)
+
+* `OKTA_CREDENTIAL_PROVIDER` (value: `"OKTA_CREDENTIAL_PROVIDER"`)
+
+* `RSA` (value: `"RSA"`)
+
+* `SYMANTEC` (value: `"SYMANTEC"`)
+
+* `YUBIKEY` (value: `"YUBIKEY"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogCredentialType.md b/okta/docs/LogCredentialType.md
new file mode 100644
index 000000000..776993840
--- /dev/null
+++ b/okta/docs/LogCredentialType.md
@@ -0,0 +1,25 @@
+# LogCredentialType
+
+## Enum
+
+
+* `ASSERTION` (value: `"ASSERTION"`)
+
+* `EMAIL` (value: `"EMAIL"`)
+
+* `IWA` (value: `"IWA"`)
+
+* `JWT` (value: `"JWT"`)
+
+* `O_AUTH_2_0` (value: `"OAuth 2.0"`)
+
+* `OTP` (value: `"OTP"`)
+
+* `PASSWORD` (value: `"PASSWORD"`)
+
+* `SMS` (value: `"SMS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogDebugContext.md b/okta/docs/LogDebugContext.md
new file mode 100644
index 000000000..c7f806943
--- /dev/null
+++ b/okta/docs/LogDebugContext.md
@@ -0,0 +1,56 @@
+# LogDebugContext
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DebugData** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogDebugContext
+
+`func NewLogDebugContext() *LogDebugContext`
+
+NewLogDebugContext instantiates a new LogDebugContext object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogDebugContextWithDefaults
+
+`func NewLogDebugContextWithDefaults() *LogDebugContext`
+
+NewLogDebugContextWithDefaults instantiates a new LogDebugContext object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDebugData
+
+`func (o *LogDebugContext) GetDebugData() map[string]map[string]interface{}`
+
+GetDebugData returns the DebugData field if non-nil, zero value otherwise.
+
+### GetDebugDataOk
+
+`func (o *LogDebugContext) GetDebugDataOk() (*map[string]map[string]interface{}, bool)`
+
+GetDebugDataOk returns a tuple with the DebugData field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDebugData
+
+`func (o *LogDebugContext) SetDebugData(v map[string]map[string]interface{})`
+
+SetDebugData sets DebugData field to given value.
+
+### HasDebugData
+
+`func (o *LogDebugContext) HasDebugData() bool`
+
+HasDebugData returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogEvent.md b/okta/docs/LogEvent.md
new file mode 100644
index 000000000..2e7425fee
--- /dev/null
+++ b/okta/docs/LogEvent.md
@@ -0,0 +1,446 @@
+# LogEvent
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actor** | Pointer to [**LogActor**](LogActor.md) |  | [optional] 
+**AuthenticationContext** | Pointer to [**LogAuthenticationContext**](LogAuthenticationContext.md) |  | [optional] 
+**Client** | Pointer to [**LogClient**](LogClient.md) |  | [optional] 
+**DebugContext** | Pointer to [**LogDebugContext**](LogDebugContext.md) |  | [optional] 
+**DisplayMessage** | Pointer to **string** |  | [optional] [readonly] 
+**EventType** | Pointer to **string** |  | [optional] [readonly] 
+**LegacyEventType** | Pointer to **string** |  | [optional] [readonly] 
+**Outcome** | Pointer to [**LogOutcome**](LogOutcome.md) |  | [optional] 
+**Published** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Request** | Pointer to [**LogRequest**](LogRequest.md) |  | [optional] 
+**SecurityContext** | Pointer to [**LogSecurityContext**](LogSecurityContext.md) |  | [optional] 
+**Severity** | Pointer to [**LogSeverity**](LogSeverity.md) |  | [optional] 
+**Target** | Pointer to [**[]LogTarget**](LogTarget.md) |  | [optional] [readonly] 
+**Transaction** | Pointer to [**LogTransaction**](LogTransaction.md) |  | [optional] 
+**Uuid** | Pointer to **string** |  | [optional] [readonly] 
+**Version** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogEvent
+
+`func NewLogEvent() *LogEvent`
+
+NewLogEvent instantiates a new LogEvent object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogEventWithDefaults
+
+`func NewLogEventWithDefaults() *LogEvent`
+
+NewLogEventWithDefaults instantiates a new LogEvent object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActor
+
+`func (o *LogEvent) GetActor() LogActor`
+
+GetActor returns the Actor field if non-nil, zero value otherwise.
+
+### GetActorOk
+
+`func (o *LogEvent) GetActorOk() (*LogActor, bool)`
+
+GetActorOk returns a tuple with the Actor field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActor
+
+`func (o *LogEvent) SetActor(v LogActor)`
+
+SetActor sets Actor field to given value.
+
+### HasActor
+
+`func (o *LogEvent) HasActor() bool`
+
+HasActor returns a boolean if a field has been set.
+
+### GetAuthenticationContext
+
+`func (o *LogEvent) GetAuthenticationContext() LogAuthenticationContext`
+
+GetAuthenticationContext returns the AuthenticationContext field if non-nil, zero value otherwise.
+
+### GetAuthenticationContextOk
+
+`func (o *LogEvent) GetAuthenticationContextOk() (*LogAuthenticationContext, bool)`
+
+GetAuthenticationContextOk returns a tuple with the AuthenticationContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthenticationContext
+
+`func (o *LogEvent) SetAuthenticationContext(v LogAuthenticationContext)`
+
+SetAuthenticationContext sets AuthenticationContext field to given value.
+
+### HasAuthenticationContext
+
+`func (o *LogEvent) HasAuthenticationContext() bool`
+
+HasAuthenticationContext returns a boolean if a field has been set.
+
+### GetClient
+
+`func (o *LogEvent) GetClient() LogClient`
+
+GetClient returns the Client field if non-nil, zero value otherwise.
+
+### GetClientOk
+
+`func (o *LogEvent) GetClientOk() (*LogClient, bool)`
+
+GetClientOk returns a tuple with the Client field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClient
+
+`func (o *LogEvent) SetClient(v LogClient)`
+
+SetClient sets Client field to given value.
+
+### HasClient
+
+`func (o *LogEvent) HasClient() bool`
+
+HasClient returns a boolean if a field has been set.
+
+### GetDebugContext
+
+`func (o *LogEvent) GetDebugContext() LogDebugContext`
+
+GetDebugContext returns the DebugContext field if non-nil, zero value otherwise.
+
+### GetDebugContextOk
+
+`func (o *LogEvent) GetDebugContextOk() (*LogDebugContext, bool)`
+
+GetDebugContextOk returns a tuple with the DebugContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDebugContext
+
+`func (o *LogEvent) SetDebugContext(v LogDebugContext)`
+
+SetDebugContext sets DebugContext field to given value.
+
+### HasDebugContext
+
+`func (o *LogEvent) HasDebugContext() bool`
+
+HasDebugContext returns a boolean if a field has been set.
+
+### GetDisplayMessage
+
+`func (o *LogEvent) GetDisplayMessage() string`
+
+GetDisplayMessage returns the DisplayMessage field if non-nil, zero value otherwise.
+
+### GetDisplayMessageOk
+
+`func (o *LogEvent) GetDisplayMessageOk() (*string, bool)`
+
+GetDisplayMessageOk returns a tuple with the DisplayMessage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayMessage
+
+`func (o *LogEvent) SetDisplayMessage(v string)`
+
+SetDisplayMessage sets DisplayMessage field to given value.
+
+### HasDisplayMessage
+
+`func (o *LogEvent) HasDisplayMessage() bool`
+
+HasDisplayMessage returns a boolean if a field has been set.
+
+### GetEventType
+
+`func (o *LogEvent) GetEventType() string`
+
+GetEventType returns the EventType field if non-nil, zero value otherwise.
+
+### GetEventTypeOk
+
+`func (o *LogEvent) GetEventTypeOk() (*string, bool)`
+
+GetEventTypeOk returns a tuple with the EventType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEventType
+
+`func (o *LogEvent) SetEventType(v string)`
+
+SetEventType sets EventType field to given value.
+
+### HasEventType
+
+`func (o *LogEvent) HasEventType() bool`
+
+HasEventType returns a boolean if a field has been set.
+
+### GetLegacyEventType
+
+`func (o *LogEvent) GetLegacyEventType() string`
+
+GetLegacyEventType returns the LegacyEventType field if non-nil, zero value otherwise.
+
+### GetLegacyEventTypeOk
+
+`func (o *LogEvent) GetLegacyEventTypeOk() (*string, bool)`
+
+GetLegacyEventTypeOk returns a tuple with the LegacyEventType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLegacyEventType
+
+`func (o *LogEvent) SetLegacyEventType(v string)`
+
+SetLegacyEventType sets LegacyEventType field to given value.
+
+### HasLegacyEventType
+
+`func (o *LogEvent) HasLegacyEventType() bool`
+
+HasLegacyEventType returns a boolean if a field has been set.
+
+### GetOutcome
+
+`func (o *LogEvent) GetOutcome() LogOutcome`
+
+GetOutcome returns the Outcome field if non-nil, zero value otherwise.
+
+### GetOutcomeOk
+
+`func (o *LogEvent) GetOutcomeOk() (*LogOutcome, bool)`
+
+GetOutcomeOk returns a tuple with the Outcome field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOutcome
+
+`func (o *LogEvent) SetOutcome(v LogOutcome)`
+
+SetOutcome sets Outcome field to given value.
+
+### HasOutcome
+
+`func (o *LogEvent) HasOutcome() bool`
+
+HasOutcome returns a boolean if a field has been set.
+
+### GetPublished
+
+`func (o *LogEvent) GetPublished() time.Time`
+
+GetPublished returns the Published field if non-nil, zero value otherwise.
+
+### GetPublishedOk
+
+`func (o *LogEvent) GetPublishedOk() (*time.Time, bool)`
+
+GetPublishedOk returns a tuple with the Published field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPublished
+
+`func (o *LogEvent) SetPublished(v time.Time)`
+
+SetPublished sets Published field to given value.
+
+### HasPublished
+
+`func (o *LogEvent) HasPublished() bool`
+
+HasPublished returns a boolean if a field has been set.
+
+### GetRequest
+
+`func (o *LogEvent) GetRequest() LogRequest`
+
+GetRequest returns the Request field if non-nil, zero value otherwise.
+
+### GetRequestOk
+
+`func (o *LogEvent) GetRequestOk() (*LogRequest, bool)`
+
+GetRequestOk returns a tuple with the Request field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequest
+
+`func (o *LogEvent) SetRequest(v LogRequest)`
+
+SetRequest sets Request field to given value.
+
+### HasRequest
+
+`func (o *LogEvent) HasRequest() bool`
+
+HasRequest returns a boolean if a field has been set.
+
+### GetSecurityContext
+
+`func (o *LogEvent) GetSecurityContext() LogSecurityContext`
+
+GetSecurityContext returns the SecurityContext field if non-nil, zero value otherwise.
+
+### GetSecurityContextOk
+
+`func (o *LogEvent) GetSecurityContextOk() (*LogSecurityContext, bool)`
+
+GetSecurityContextOk returns a tuple with the SecurityContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecurityContext
+
+`func (o *LogEvent) SetSecurityContext(v LogSecurityContext)`
+
+SetSecurityContext sets SecurityContext field to given value.
+
+### HasSecurityContext
+
+`func (o *LogEvent) HasSecurityContext() bool`
+
+HasSecurityContext returns a boolean if a field has been set.
+
+### GetSeverity
+
+`func (o *LogEvent) GetSeverity() LogSeverity`
+
+GetSeverity returns the Severity field if non-nil, zero value otherwise.
+
+### GetSeverityOk
+
+`func (o *LogEvent) GetSeverityOk() (*LogSeverity, bool)`
+
+GetSeverityOk returns a tuple with the Severity field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSeverity
+
+`func (o *LogEvent) SetSeverity(v LogSeverity)`
+
+SetSeverity sets Severity field to given value.
+
+### HasSeverity
+
+`func (o *LogEvent) HasSeverity() bool`
+
+HasSeverity returns a boolean if a field has been set.
+
+### GetTarget
+
+`func (o *LogEvent) GetTarget() []LogTarget`
+
+GetTarget returns the Target field if non-nil, zero value otherwise.
+
+### GetTargetOk
+
+`func (o *LogEvent) GetTargetOk() (*[]LogTarget, bool)`
+
+GetTargetOk returns a tuple with the Target field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTarget
+
+`func (o *LogEvent) SetTarget(v []LogTarget)`
+
+SetTarget sets Target field to given value.
+
+### HasTarget
+
+`func (o *LogEvent) HasTarget() bool`
+
+HasTarget returns a boolean if a field has been set.
+
+### GetTransaction
+
+`func (o *LogEvent) GetTransaction() LogTransaction`
+
+GetTransaction returns the Transaction field if non-nil, zero value otherwise.
+
+### GetTransactionOk
+
+`func (o *LogEvent) GetTransactionOk() (*LogTransaction, bool)`
+
+GetTransactionOk returns a tuple with the Transaction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTransaction
+
+`func (o *LogEvent) SetTransaction(v LogTransaction)`
+
+SetTransaction sets Transaction field to given value.
+
+### HasTransaction
+
+`func (o *LogEvent) HasTransaction() bool`
+
+HasTransaction returns a boolean if a field has been set.
+
+### GetUuid
+
+`func (o *LogEvent) GetUuid() string`
+
+GetUuid returns the Uuid field if non-nil, zero value otherwise.
+
+### GetUuidOk
+
+`func (o *LogEvent) GetUuidOk() (*string, bool)`
+
+GetUuidOk returns a tuple with the Uuid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUuid
+
+`func (o *LogEvent) SetUuid(v string)`
+
+SetUuid sets Uuid field to given value.
+
+### HasUuid
+
+`func (o *LogEvent) HasUuid() bool`
+
+HasUuid returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *LogEvent) GetVersion() string`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *LogEvent) GetVersionOk() (*string, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *LogEvent) SetVersion(v string)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *LogEvent) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogGeographicalContext.md b/okta/docs/LogGeographicalContext.md
new file mode 100644
index 000000000..34c658527
--- /dev/null
+++ b/okta/docs/LogGeographicalContext.md
@@ -0,0 +1,160 @@
+# LogGeographicalContext
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**City** | Pointer to **string** |  | [optional] [readonly] 
+**Country** | Pointer to **string** |  | [optional] [readonly] 
+**Geolocation** | Pointer to [**LogGeolocation**](LogGeolocation.md) |  | [optional] 
+**PostalCode** | Pointer to **string** |  | [optional] [readonly] 
+**State** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogGeographicalContext
+
+`func NewLogGeographicalContext() *LogGeographicalContext`
+
+NewLogGeographicalContext instantiates a new LogGeographicalContext object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogGeographicalContextWithDefaults
+
+`func NewLogGeographicalContextWithDefaults() *LogGeographicalContext`
+
+NewLogGeographicalContextWithDefaults instantiates a new LogGeographicalContext object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCity
+
+`func (o *LogGeographicalContext) GetCity() string`
+
+GetCity returns the City field if non-nil, zero value otherwise.
+
+### GetCityOk
+
+`func (o *LogGeographicalContext) GetCityOk() (*string, bool)`
+
+GetCityOk returns a tuple with the City field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCity
+
+`func (o *LogGeographicalContext) SetCity(v string)`
+
+SetCity sets City field to given value.
+
+### HasCity
+
+`func (o *LogGeographicalContext) HasCity() bool`
+
+HasCity returns a boolean if a field has been set.
+
+### GetCountry
+
+`func (o *LogGeographicalContext) GetCountry() string`
+
+GetCountry returns the Country field if non-nil, zero value otherwise.
+
+### GetCountryOk
+
+`func (o *LogGeographicalContext) GetCountryOk() (*string, bool)`
+
+GetCountryOk returns a tuple with the Country field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCountry
+
+`func (o *LogGeographicalContext) SetCountry(v string)`
+
+SetCountry sets Country field to given value.
+
+### HasCountry
+
+`func (o *LogGeographicalContext) HasCountry() bool`
+
+HasCountry returns a boolean if a field has been set.
+
+### GetGeolocation
+
+`func (o *LogGeographicalContext) GetGeolocation() LogGeolocation`
+
+GetGeolocation returns the Geolocation field if non-nil, zero value otherwise.
+
+### GetGeolocationOk
+
+`func (o *LogGeographicalContext) GetGeolocationOk() (*LogGeolocation, bool)`
+
+GetGeolocationOk returns a tuple with the Geolocation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGeolocation
+
+`func (o *LogGeographicalContext) SetGeolocation(v LogGeolocation)`
+
+SetGeolocation sets Geolocation field to given value.
+
+### HasGeolocation
+
+`func (o *LogGeographicalContext) HasGeolocation() bool`
+
+HasGeolocation returns a boolean if a field has been set.
+
+### GetPostalCode
+
+`func (o *LogGeographicalContext) GetPostalCode() string`
+
+GetPostalCode returns the PostalCode field if non-nil, zero value otherwise.
+
+### GetPostalCodeOk
+
+`func (o *LogGeographicalContext) GetPostalCodeOk() (*string, bool)`
+
+GetPostalCodeOk returns a tuple with the PostalCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPostalCode
+
+`func (o *LogGeographicalContext) SetPostalCode(v string)`
+
+SetPostalCode sets PostalCode field to given value.
+
+### HasPostalCode
+
+`func (o *LogGeographicalContext) HasPostalCode() bool`
+
+HasPostalCode returns a boolean if a field has been set.
+
+### GetState
+
+`func (o *LogGeographicalContext) GetState() string`
+
+GetState returns the State field if non-nil, zero value otherwise.
+
+### GetStateOk
+
+`func (o *LogGeographicalContext) GetStateOk() (*string, bool)`
+
+GetStateOk returns a tuple with the State field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetState
+
+`func (o *LogGeographicalContext) SetState(v string)`
+
+SetState sets State field to given value.
+
+### HasState
+
+`func (o *LogGeographicalContext) HasState() bool`
+
+HasState returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogGeolocation.md b/okta/docs/LogGeolocation.md
new file mode 100644
index 000000000..0b1bea20b
--- /dev/null
+++ b/okta/docs/LogGeolocation.md
@@ -0,0 +1,82 @@
+# LogGeolocation
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Lat** | Pointer to **float64** |  | [optional] [readonly] 
+**Lon** | Pointer to **float64** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogGeolocation
+
+`func NewLogGeolocation() *LogGeolocation`
+
+NewLogGeolocation instantiates a new LogGeolocation object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogGeolocationWithDefaults
+
+`func NewLogGeolocationWithDefaults() *LogGeolocation`
+
+NewLogGeolocationWithDefaults instantiates a new LogGeolocation object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLat
+
+`func (o *LogGeolocation) GetLat() float64`
+
+GetLat returns the Lat field if non-nil, zero value otherwise.
+
+### GetLatOk
+
+`func (o *LogGeolocation) GetLatOk() (*float64, bool)`
+
+GetLatOk returns a tuple with the Lat field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLat
+
+`func (o *LogGeolocation) SetLat(v float64)`
+
+SetLat sets Lat field to given value.
+
+### HasLat
+
+`func (o *LogGeolocation) HasLat() bool`
+
+HasLat returns a boolean if a field has been set.
+
+### GetLon
+
+`func (o *LogGeolocation) GetLon() float64`
+
+GetLon returns the Lon field if non-nil, zero value otherwise.
+
+### GetLonOk
+
+`func (o *LogGeolocation) GetLonOk() (*float64, bool)`
+
+GetLonOk returns a tuple with the Lon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLon
+
+`func (o *LogGeolocation) SetLon(v float64)`
+
+SetLon sets Lon field to given value.
+
+### HasLon
+
+`func (o *LogGeolocation) HasLon() bool`
+
+HasLon returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogIpAddress.md b/okta/docs/LogIpAddress.md
new file mode 100644
index 000000000..4fd16c2ec
--- /dev/null
+++ b/okta/docs/LogIpAddress.md
@@ -0,0 +1,134 @@
+# LogIpAddress
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**GeographicalContext** | Pointer to [**LogGeographicalContext**](LogGeographicalContext.md) |  | [optional] 
+**Ip** | Pointer to **string** |  | [optional] [readonly] 
+**Source** | Pointer to **string** |  | [optional] [readonly] 
+**Version** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogIpAddress
+
+`func NewLogIpAddress() *LogIpAddress`
+
+NewLogIpAddress instantiates a new LogIpAddress object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogIpAddressWithDefaults
+
+`func NewLogIpAddressWithDefaults() *LogIpAddress`
+
+NewLogIpAddressWithDefaults instantiates a new LogIpAddress object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetGeographicalContext
+
+`func (o *LogIpAddress) GetGeographicalContext() LogGeographicalContext`
+
+GetGeographicalContext returns the GeographicalContext field if non-nil, zero value otherwise.
+
+### GetGeographicalContextOk
+
+`func (o *LogIpAddress) GetGeographicalContextOk() (*LogGeographicalContext, bool)`
+
+GetGeographicalContextOk returns a tuple with the GeographicalContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGeographicalContext
+
+`func (o *LogIpAddress) SetGeographicalContext(v LogGeographicalContext)`
+
+SetGeographicalContext sets GeographicalContext field to given value.
+
+### HasGeographicalContext
+
+`func (o *LogIpAddress) HasGeographicalContext() bool`
+
+HasGeographicalContext returns a boolean if a field has been set.
+
+### GetIp
+
+`func (o *LogIpAddress) GetIp() string`
+
+GetIp returns the Ip field if non-nil, zero value otherwise.
+
+### GetIpOk
+
+`func (o *LogIpAddress) GetIpOk() (*string, bool)`
+
+GetIpOk returns a tuple with the Ip field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIp
+
+`func (o *LogIpAddress) SetIp(v string)`
+
+SetIp sets Ip field to given value.
+
+### HasIp
+
+`func (o *LogIpAddress) HasIp() bool`
+
+HasIp returns a boolean if a field has been set.
+
+### GetSource
+
+`func (o *LogIpAddress) GetSource() string`
+
+GetSource returns the Source field if non-nil, zero value otherwise.
+
+### GetSourceOk
+
+`func (o *LogIpAddress) GetSourceOk() (*string, bool)`
+
+GetSourceOk returns a tuple with the Source field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSource
+
+`func (o *LogIpAddress) SetSource(v string)`
+
+SetSource sets Source field to given value.
+
+### HasSource
+
+`func (o *LogIpAddress) HasSource() bool`
+
+HasSource returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *LogIpAddress) GetVersion() string`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *LogIpAddress) GetVersionOk() (*string, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *LogIpAddress) SetVersion(v string)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *LogIpAddress) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogIssuer.md b/okta/docs/LogIssuer.md
new file mode 100644
index 000000000..28811f44d
--- /dev/null
+++ b/okta/docs/LogIssuer.md
@@ -0,0 +1,82 @@
+# LogIssuer
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogIssuer
+
+`func NewLogIssuer() *LogIssuer`
+
+NewLogIssuer instantiates a new LogIssuer object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogIssuerWithDefaults
+
+`func NewLogIssuerWithDefaults() *LogIssuer`
+
+NewLogIssuerWithDefaults instantiates a new LogIssuer object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *LogIssuer) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *LogIssuer) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *LogIssuer) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *LogIssuer) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *LogIssuer) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *LogIssuer) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *LogIssuer) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *LogIssuer) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogOutcome.md b/okta/docs/LogOutcome.md
new file mode 100644
index 000000000..ce8b6e98c
--- /dev/null
+++ b/okta/docs/LogOutcome.md
@@ -0,0 +1,82 @@
+# LogOutcome
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Reason** | Pointer to **string** |  | [optional] [readonly] 
+**Result** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogOutcome
+
+`func NewLogOutcome() *LogOutcome`
+
+NewLogOutcome instantiates a new LogOutcome object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogOutcomeWithDefaults
+
+`func NewLogOutcomeWithDefaults() *LogOutcome`
+
+NewLogOutcomeWithDefaults instantiates a new LogOutcome object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetReason
+
+`func (o *LogOutcome) GetReason() string`
+
+GetReason returns the Reason field if non-nil, zero value otherwise.
+
+### GetReasonOk
+
+`func (o *LogOutcome) GetReasonOk() (*string, bool)`
+
+GetReasonOk returns a tuple with the Reason field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReason
+
+`func (o *LogOutcome) SetReason(v string)`
+
+SetReason sets Reason field to given value.
+
+### HasReason
+
+`func (o *LogOutcome) HasReason() bool`
+
+HasReason returns a boolean if a field has been set.
+
+### GetResult
+
+`func (o *LogOutcome) GetResult() string`
+
+GetResult returns the Result field if non-nil, zero value otherwise.
+
+### GetResultOk
+
+`func (o *LogOutcome) GetResultOk() (*string, bool)`
+
+GetResultOk returns a tuple with the Result field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResult
+
+`func (o *LogOutcome) SetResult(v string)`
+
+SetResult sets Result field to given value.
+
+### HasResult
+
+`func (o *LogOutcome) HasResult() bool`
+
+HasResult returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogRequest.md b/okta/docs/LogRequest.md
new file mode 100644
index 000000000..dbc9a302c
--- /dev/null
+++ b/okta/docs/LogRequest.md
@@ -0,0 +1,56 @@
+# LogRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IpChain** | Pointer to [**[]LogIpAddress**](LogIpAddress.md) |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogRequest
+
+`func NewLogRequest() *LogRequest`
+
+NewLogRequest instantiates a new LogRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogRequestWithDefaults
+
+`func NewLogRequestWithDefaults() *LogRequest`
+
+NewLogRequestWithDefaults instantiates a new LogRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIpChain
+
+`func (o *LogRequest) GetIpChain() []LogIpAddress`
+
+GetIpChain returns the IpChain field if non-nil, zero value otherwise.
+
+### GetIpChainOk
+
+`func (o *LogRequest) GetIpChainOk() (*[]LogIpAddress, bool)`
+
+GetIpChainOk returns a tuple with the IpChain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIpChain
+
+`func (o *LogRequest) SetIpChain(v []LogIpAddress)`
+
+SetIpChain sets IpChain field to given value.
+
+### HasIpChain
+
+`func (o *LogRequest) HasIpChain() bool`
+
+HasIpChain returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogSecurityContext.md b/okta/docs/LogSecurityContext.md
new file mode 100644
index 000000000..72fb5ccdf
--- /dev/null
+++ b/okta/docs/LogSecurityContext.md
@@ -0,0 +1,160 @@
+# LogSecurityContext
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AsNumber** | Pointer to **int32** |  | [optional] [readonly] 
+**AsOrg** | Pointer to **string** |  | [optional] [readonly] 
+**Domain** | Pointer to **string** |  | [optional] [readonly] 
+**Isp** | Pointer to **string** |  | [optional] [readonly] 
+**IsProxy** | Pointer to **bool** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogSecurityContext
+
+`func NewLogSecurityContext() *LogSecurityContext`
+
+NewLogSecurityContext instantiates a new LogSecurityContext object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogSecurityContextWithDefaults
+
+`func NewLogSecurityContextWithDefaults() *LogSecurityContext`
+
+NewLogSecurityContextWithDefaults instantiates a new LogSecurityContext object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAsNumber
+
+`func (o *LogSecurityContext) GetAsNumber() int32`
+
+GetAsNumber returns the AsNumber field if non-nil, zero value otherwise.
+
+### GetAsNumberOk
+
+`func (o *LogSecurityContext) GetAsNumberOk() (*int32, bool)`
+
+GetAsNumberOk returns a tuple with the AsNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAsNumber
+
+`func (o *LogSecurityContext) SetAsNumber(v int32)`
+
+SetAsNumber sets AsNumber field to given value.
+
+### HasAsNumber
+
+`func (o *LogSecurityContext) HasAsNumber() bool`
+
+HasAsNumber returns a boolean if a field has been set.
+
+### GetAsOrg
+
+`func (o *LogSecurityContext) GetAsOrg() string`
+
+GetAsOrg returns the AsOrg field if non-nil, zero value otherwise.
+
+### GetAsOrgOk
+
+`func (o *LogSecurityContext) GetAsOrgOk() (*string, bool)`
+
+GetAsOrgOk returns a tuple with the AsOrg field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAsOrg
+
+`func (o *LogSecurityContext) SetAsOrg(v string)`
+
+SetAsOrg sets AsOrg field to given value.
+
+### HasAsOrg
+
+`func (o *LogSecurityContext) HasAsOrg() bool`
+
+HasAsOrg returns a boolean if a field has been set.
+
+### GetDomain
+
+`func (o *LogSecurityContext) GetDomain() string`
+
+GetDomain returns the Domain field if non-nil, zero value otherwise.
+
+### GetDomainOk
+
+`func (o *LogSecurityContext) GetDomainOk() (*string, bool)`
+
+GetDomainOk returns a tuple with the Domain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDomain
+
+`func (o *LogSecurityContext) SetDomain(v string)`
+
+SetDomain sets Domain field to given value.
+
+### HasDomain
+
+`func (o *LogSecurityContext) HasDomain() bool`
+
+HasDomain returns a boolean if a field has been set.
+
+### GetIsp
+
+`func (o *LogSecurityContext) GetIsp() string`
+
+GetIsp returns the Isp field if non-nil, zero value otherwise.
+
+### GetIspOk
+
+`func (o *LogSecurityContext) GetIspOk() (*string, bool)`
+
+GetIspOk returns a tuple with the Isp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsp
+
+`func (o *LogSecurityContext) SetIsp(v string)`
+
+SetIsp sets Isp field to given value.
+
+### HasIsp
+
+`func (o *LogSecurityContext) HasIsp() bool`
+
+HasIsp returns a boolean if a field has been set.
+
+### GetIsProxy
+
+`func (o *LogSecurityContext) GetIsProxy() bool`
+
+GetIsProxy returns the IsProxy field if non-nil, zero value otherwise.
+
+### GetIsProxyOk
+
+`func (o *LogSecurityContext) GetIsProxyOk() (*bool, bool)`
+
+GetIsProxyOk returns a tuple with the IsProxy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIsProxy
+
+`func (o *LogSecurityContext) SetIsProxy(v bool)`
+
+SetIsProxy sets IsProxy field to given value.
+
+### HasIsProxy
+
+`func (o *LogSecurityContext) HasIsProxy() bool`
+
+HasIsProxy returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogSeverity.md b/okta/docs/LogSeverity.md
new file mode 100644
index 000000000..f0290f509
--- /dev/null
+++ b/okta/docs/LogSeverity.md
@@ -0,0 +1,17 @@
+# LogSeverity
+
+## Enum
+
+
+* `DEBUG` (value: `"DEBUG"`)
+
+* `ERROR` (value: `"ERROR"`)
+
+* `INFO` (value: `"INFO"`)
+
+* `WARN` (value: `"WARN"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStream.md b/okta/docs/LogStream.md
new file mode 100644
index 000000000..39cbf9274
--- /dev/null
+++ b/okta/docs/LogStream.md
@@ -0,0 +1,212 @@
+# LogStream
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the Log Stream was created | [optional] [readonly] 
+**Id** | Pointer to **string** | Unique key for the Log Stream | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the Log Stream was last updated | [optional] [readonly] 
+**Name** | Pointer to **string** | Unique name for the Log Stream | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Type** | Pointer to [**LogStreamType**](LogStreamType.md) |  | [optional] 
+**Links** | Pointer to [**LogStreamLinks**](LogStreamLinks.md) |  | [optional] 
+
+## Methods
+
+### NewLogStream
+
+`func NewLogStream() *LogStream`
+
+NewLogStream instantiates a new LogStream object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamWithDefaults
+
+`func NewLogStreamWithDefaults() *LogStream`
+
+NewLogStreamWithDefaults instantiates a new LogStream object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *LogStream) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *LogStream) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *LogStream) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *LogStream) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *LogStream) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *LogStream) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *LogStream) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *LogStream) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *LogStream) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *LogStream) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *LogStream) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *LogStream) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *LogStream) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *LogStream) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *LogStream) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *LogStream) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *LogStream) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *LogStream) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *LogStream) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *LogStream) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *LogStream) GetType() LogStreamType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *LogStream) GetTypeOk() (*LogStreamType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *LogStream) SetType(v LogStreamType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *LogStream) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *LogStream) GetLinks() LogStreamLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *LogStream) GetLinksOk() (*LogStreamLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *LogStream) SetLinks(v LogStreamLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *LogStream) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamApi.md b/okta/docs/LogStreamApi.md
new file mode 100644
index 000000000..1a4e78350
--- /dev/null
+++ b/okta/docs/LogStreamApi.md
@@ -0,0 +1,501 @@
+# \LogStreamApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateLogStream**](LogStreamApi.md#ActivateLogStream) | **Post** /api/v1/logStreams/{logStreamId}/lifecycle/activate | Activate a Log Stream
+[**CreateLogStream**](LogStreamApi.md#CreateLogStream) | **Post** /api/v1/logStreams | Create a Log Stream
+[**DeactivateLogStream**](LogStreamApi.md#DeactivateLogStream) | **Post** /api/v1/logStreams/{logStreamId}/lifecycle/deactivate | Deactivate a Log Stream
+[**DeleteLogStream**](LogStreamApi.md#DeleteLogStream) | **Delete** /api/v1/logStreams/{logStreamId} | Delete a Log Stream
+[**GetLogStream**](LogStreamApi.md#GetLogStream) | **Get** /api/v1/logStreams/{logStreamId} | Retrieve a Log Stream
+[**ListLogStreams**](LogStreamApi.md#ListLogStreams) | **Get** /api/v1/logStreams | List all Log Streams
+[**ReplaceLogStream**](LogStreamApi.md#ReplaceLogStream) | **Put** /api/v1/logStreams/{logStreamId} | Replace a Log Stream
+
+
+
+## ActivateLogStream
+
+> ListLogStreams200ResponseInner ActivateLogStream(ctx, logStreamId).Execute()
+
+Activate a Log Stream
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    logStreamId := "abcd1234" // string | id of the log stream
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LogStreamApi.ActivateLogStream(context.Background(), logStreamId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LogStreamApi.ActivateLogStream``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateLogStream`: ListLogStreams200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `LogStreamApi.ActivateLogStream`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**logStreamId** | **string** | id of the log stream | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateLogStreamRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateLogStream
+
+> ListLogStreams200ResponseInner CreateLogStream(ctx).Instance(instance).Execute()
+
+Create a Log Stream
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    instance := openapiclient.listLogStreams_200_response_inner{LogStreamAws: openapiclient.NewLogStreamAws()} // ListLogStreams200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LogStreamApi.CreateLogStream(context.Background()).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LogStreamApi.CreateLogStream``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateLogStream`: ListLogStreams200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `LogStreamApi.CreateLogStream`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateLogStreamRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **instance** | [**ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateLogStream
+
+> ListLogStreams200ResponseInner DeactivateLogStream(ctx, logStreamId).Execute()
+
+Deactivate a Log Stream
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    logStreamId := "abcd1234" // string | id of the log stream
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LogStreamApi.DeactivateLogStream(context.Background(), logStreamId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LogStreamApi.DeactivateLogStream``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateLogStream`: ListLogStreams200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `LogStreamApi.DeactivateLogStream`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**logStreamId** | **string** | id of the log stream | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateLogStreamRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteLogStream
+
+> DeleteLogStream(ctx, logStreamId).Execute()
+
+Delete a Log Stream
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    logStreamId := "abcd1234" // string | id of the log stream
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LogStreamApi.DeleteLogStream(context.Background(), logStreamId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LogStreamApi.DeleteLogStream``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**logStreamId** | **string** | id of the log stream | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteLogStreamRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetLogStream
+
+> ListLogStreams200ResponseInner GetLogStream(ctx, logStreamId).Execute()
+
+Retrieve a Log Stream
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    logStreamId := "abcd1234" // string | id of the log stream
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LogStreamApi.GetLogStream(context.Background(), logStreamId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LogStreamApi.GetLogStream``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetLogStream`: ListLogStreams200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `LogStreamApi.GetLogStream`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**logStreamId** | **string** | id of the log stream | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetLogStreamRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListLogStreams
+
+> []ListLogStreams200ResponseInner ListLogStreams(ctx).After(after).Limit(limit).Filter(filter).Execute()
+
+List all Log Streams
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+    limit := int32(56) // int32 | A limit on the number of objects to return. (optional) (default to 20)
+    filter := "type eq "aws_eventbridge"" // string | SCIM filter expression that filters the results. This expression only supports the `eq` operator on either the `status` or `type`. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LogStreamApi.ListLogStreams(context.Background()).After(after).Limit(limit).Filter(filter).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LogStreamApi.ListLogStreams``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListLogStreams`: []ListLogStreams200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `LogStreamApi.ListLogStreams`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListLogStreamsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+ **limit** | **int32** | A limit on the number of objects to return. | [default to 20]
+ **filter** | **string** | SCIM filter expression that filters the results. This expression only supports the &#x60;eq&#x60; operator on either the &#x60;status&#x60; or &#x60;type&#x60;. | 
+
+### Return type
+
+[**[]ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceLogStream
+
+> ListLogStreams200ResponseInner ReplaceLogStream(ctx, logStreamId).Instance(instance).Execute()
+
+Replace a Log Stream
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    logStreamId := "abcd1234" // string | id of the log stream
+    instance := openapiclient.listLogStreams_200_response_inner{LogStreamAws: openapiclient.NewLogStreamAws()} // ListLogStreams200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.LogStreamApi.ReplaceLogStream(context.Background(), logStreamId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `LogStreamApi.ReplaceLogStream``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceLogStream`: ListLogStreams200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `LogStreamApi.ReplaceLogStream`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**logStreamId** | **string** | id of the log stream | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceLogStreamRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListLogStreams200ResponseInner**](ListLogStreams200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/LogStreamAws.md b/okta/docs/LogStreamAws.md
new file mode 100644
index 000000000..8865e65f5
--- /dev/null
+++ b/okta/docs/LogStreamAws.md
@@ -0,0 +1,56 @@
+# LogStreamAws
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**LogStreamSettingsAws**](LogStreamSettingsAws.md) |  | [optional] 
+
+## Methods
+
+### NewLogStreamAws
+
+`func NewLogStreamAws() *LogStreamAws`
+
+NewLogStreamAws instantiates a new LogStreamAws object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamAwsWithDefaults
+
+`func NewLogStreamAwsWithDefaults() *LogStreamAws`
+
+NewLogStreamAwsWithDefaults instantiates a new LogStreamAws object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *LogStreamAws) GetSettings() LogStreamSettingsAws`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *LogStreamAws) GetSettingsOk() (*LogStreamSettingsAws, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *LogStreamAws) SetSettings(v LogStreamSettingsAws)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *LogStreamAws) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamAwsAllOf.md b/okta/docs/LogStreamAwsAllOf.md
new file mode 100644
index 000000000..26a43b6e4
--- /dev/null
+++ b/okta/docs/LogStreamAwsAllOf.md
@@ -0,0 +1,56 @@
+# LogStreamAwsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**LogStreamSettingsAws**](LogStreamSettingsAws.md) |  | [optional] 
+
+## Methods
+
+### NewLogStreamAwsAllOf
+
+`func NewLogStreamAwsAllOf() *LogStreamAwsAllOf`
+
+NewLogStreamAwsAllOf instantiates a new LogStreamAwsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamAwsAllOfWithDefaults
+
+`func NewLogStreamAwsAllOfWithDefaults() *LogStreamAwsAllOf`
+
+NewLogStreamAwsAllOfWithDefaults instantiates a new LogStreamAwsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *LogStreamAwsAllOf) GetSettings() LogStreamSettingsAws`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *LogStreamAwsAllOf) GetSettingsOk() (*LogStreamSettingsAws, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *LogStreamAwsAllOf) SetSettings(v LogStreamSettingsAws)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *LogStreamAwsAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamLinks.md b/okta/docs/LogStreamLinks.md
new file mode 100644
index 000000000..769b5ba68
--- /dev/null
+++ b/okta/docs/LogStreamLinks.md
@@ -0,0 +1,108 @@
+# LogStreamLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Activate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Deactivate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewLogStreamLinks
+
+`func NewLogStreamLinks() *LogStreamLinks`
+
+NewLogStreamLinks instantiates a new LogStreamLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamLinksWithDefaults
+
+`func NewLogStreamLinksWithDefaults() *LogStreamLinks`
+
+NewLogStreamLinksWithDefaults instantiates a new LogStreamLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *LogStreamLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *LogStreamLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *LogStreamLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *LogStreamLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetActivate
+
+`func (o *LogStreamLinks) GetActivate() HrefObject`
+
+GetActivate returns the Activate field if non-nil, zero value otherwise.
+
+### GetActivateOk
+
+`func (o *LogStreamLinks) GetActivateOk() (*HrefObject, bool)`
+
+GetActivateOk returns a tuple with the Activate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivate
+
+`func (o *LogStreamLinks) SetActivate(v HrefObject)`
+
+SetActivate sets Activate field to given value.
+
+### HasActivate
+
+`func (o *LogStreamLinks) HasActivate() bool`
+
+HasActivate returns a boolean if a field has been set.
+
+### GetDeactivate
+
+`func (o *LogStreamLinks) GetDeactivate() HrefObject`
+
+GetDeactivate returns the Deactivate field if non-nil, zero value otherwise.
+
+### GetDeactivateOk
+
+`func (o *LogStreamLinks) GetDeactivateOk() (*HrefObject, bool)`
+
+GetDeactivateOk returns a tuple with the Deactivate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeactivate
+
+`func (o *LogStreamLinks) SetDeactivate(v HrefObject)`
+
+SetDeactivate sets Deactivate field to given value.
+
+### HasDeactivate
+
+`func (o *LogStreamLinks) HasDeactivate() bool`
+
+HasDeactivate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamSchema.md b/okta/docs/LogStreamSchema.md
new file mode 100644
index 000000000..9aa6cb680
--- /dev/null
+++ b/okta/docs/LogStreamSchema.md
@@ -0,0 +1,316 @@
+# LogStreamSchema
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Schema** | Pointer to **string** |  | [optional] [readonly] 
+**Created** | Pointer to **string** |  | [optional] [readonly] 
+**ErrorMessage** | Pointer to **map[string]interface{}** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] [readonly] 
+**Properties** | Pointer to **map[string]interface{}** |  | [optional] 
+**Required** | Pointer to **[]string** |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogStreamSchema
+
+`func NewLogStreamSchema() *LogStreamSchema`
+
+NewLogStreamSchema instantiates a new LogStreamSchema object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamSchemaWithDefaults
+
+`func NewLogStreamSchemaWithDefaults() *LogStreamSchema`
+
+NewLogStreamSchemaWithDefaults instantiates a new LogStreamSchema object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSchema
+
+`func (o *LogStreamSchema) GetSchema() string`
+
+GetSchema returns the Schema field if non-nil, zero value otherwise.
+
+### GetSchemaOk
+
+`func (o *LogStreamSchema) GetSchemaOk() (*string, bool)`
+
+GetSchemaOk returns a tuple with the Schema field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSchema
+
+`func (o *LogStreamSchema) SetSchema(v string)`
+
+SetSchema sets Schema field to given value.
+
+### HasSchema
+
+`func (o *LogStreamSchema) HasSchema() bool`
+
+HasSchema returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *LogStreamSchema) GetCreated() string`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *LogStreamSchema) GetCreatedOk() (*string, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *LogStreamSchema) SetCreated(v string)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *LogStreamSchema) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetErrorMessage
+
+`func (o *LogStreamSchema) GetErrorMessage() map[string]interface{}`
+
+GetErrorMessage returns the ErrorMessage field if non-nil, zero value otherwise.
+
+### GetErrorMessageOk
+
+`func (o *LogStreamSchema) GetErrorMessageOk() (*map[string]interface{}, bool)`
+
+GetErrorMessageOk returns a tuple with the ErrorMessage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorMessage
+
+`func (o *LogStreamSchema) SetErrorMessage(v map[string]interface{})`
+
+SetErrorMessage sets ErrorMessage field to given value.
+
+### HasErrorMessage
+
+`func (o *LogStreamSchema) HasErrorMessage() bool`
+
+HasErrorMessage returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *LogStreamSchema) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *LogStreamSchema) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *LogStreamSchema) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *LogStreamSchema) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *LogStreamSchema) GetLastUpdated() string`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *LogStreamSchema) GetLastUpdatedOk() (*string, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *LogStreamSchema) SetLastUpdated(v string)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *LogStreamSchema) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *LogStreamSchema) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *LogStreamSchema) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *LogStreamSchema) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *LogStreamSchema) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *LogStreamSchema) GetProperties() map[string]interface{}`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *LogStreamSchema) GetPropertiesOk() (*map[string]interface{}, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *LogStreamSchema) SetProperties(v map[string]interface{})`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *LogStreamSchema) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *LogStreamSchema) GetRequired() []string`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *LogStreamSchema) GetRequiredOk() (*[]string, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *LogStreamSchema) SetRequired(v []string)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *LogStreamSchema) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *LogStreamSchema) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *LogStreamSchema) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *LogStreamSchema) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *LogStreamSchema) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *LogStreamSchema) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *LogStreamSchema) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *LogStreamSchema) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *LogStreamSchema) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *LogStreamSchema) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *LogStreamSchema) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *LogStreamSchema) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *LogStreamSchema) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamSettingsAws.md b/okta/docs/LogStreamSettingsAws.md
new file mode 100644
index 000000000..d05b14bbf
--- /dev/null
+++ b/okta/docs/LogStreamSettingsAws.md
@@ -0,0 +1,108 @@
+# LogStreamSettingsAws
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AccountId** | Pointer to **string** | Your AWS account ID | [optional] 
+**EventSourceName** | Pointer to **string** | An alphanumeric name (no spaces) to identify this event source in AWS EventBridge | [optional] 
+**Region** | Pointer to [**AwsRegion**](AwsRegion.md) |  | [optional] 
+
+## Methods
+
+### NewLogStreamSettingsAws
+
+`func NewLogStreamSettingsAws() *LogStreamSettingsAws`
+
+NewLogStreamSettingsAws instantiates a new LogStreamSettingsAws object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamSettingsAwsWithDefaults
+
+`func NewLogStreamSettingsAwsWithDefaults() *LogStreamSettingsAws`
+
+NewLogStreamSettingsAwsWithDefaults instantiates a new LogStreamSettingsAws object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccountId
+
+`func (o *LogStreamSettingsAws) GetAccountId() string`
+
+GetAccountId returns the AccountId field if non-nil, zero value otherwise.
+
+### GetAccountIdOk
+
+`func (o *LogStreamSettingsAws) GetAccountIdOk() (*string, bool)`
+
+GetAccountIdOk returns a tuple with the AccountId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccountId
+
+`func (o *LogStreamSettingsAws) SetAccountId(v string)`
+
+SetAccountId sets AccountId field to given value.
+
+### HasAccountId
+
+`func (o *LogStreamSettingsAws) HasAccountId() bool`
+
+HasAccountId returns a boolean if a field has been set.
+
+### GetEventSourceName
+
+`func (o *LogStreamSettingsAws) GetEventSourceName() string`
+
+GetEventSourceName returns the EventSourceName field if non-nil, zero value otherwise.
+
+### GetEventSourceNameOk
+
+`func (o *LogStreamSettingsAws) GetEventSourceNameOk() (*string, bool)`
+
+GetEventSourceNameOk returns a tuple with the EventSourceName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEventSourceName
+
+`func (o *LogStreamSettingsAws) SetEventSourceName(v string)`
+
+SetEventSourceName sets EventSourceName field to given value.
+
+### HasEventSourceName
+
+`func (o *LogStreamSettingsAws) HasEventSourceName() bool`
+
+HasEventSourceName returns a boolean if a field has been set.
+
+### GetRegion
+
+`func (o *LogStreamSettingsAws) GetRegion() AwsRegion`
+
+GetRegion returns the Region field if non-nil, zero value otherwise.
+
+### GetRegionOk
+
+`func (o *LogStreamSettingsAws) GetRegionOk() (*AwsRegion, bool)`
+
+GetRegionOk returns a tuple with the Region field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegion
+
+`func (o *LogStreamSettingsAws) SetRegion(v AwsRegion)`
+
+SetRegion sets Region field to given value.
+
+### HasRegion
+
+`func (o *LogStreamSettingsAws) HasRegion() bool`
+
+HasRegion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamSettingsAwsAllOf.md b/okta/docs/LogStreamSettingsAwsAllOf.md
new file mode 100644
index 000000000..21b05b7a1
--- /dev/null
+++ b/okta/docs/LogStreamSettingsAwsAllOf.md
@@ -0,0 +1,108 @@
+# LogStreamSettingsAwsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AccountId** | Pointer to **string** | Your AWS account ID | [optional] 
+**EventSourceName** | Pointer to **string** | An alphanumeric name (no spaces) to identify this event source in AWS EventBridge | [optional] 
+**Region** | Pointer to [**AwsRegion**](AwsRegion.md) |  | [optional] 
+
+## Methods
+
+### NewLogStreamSettingsAwsAllOf
+
+`func NewLogStreamSettingsAwsAllOf() *LogStreamSettingsAwsAllOf`
+
+NewLogStreamSettingsAwsAllOf instantiates a new LogStreamSettingsAwsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamSettingsAwsAllOfWithDefaults
+
+`func NewLogStreamSettingsAwsAllOfWithDefaults() *LogStreamSettingsAwsAllOf`
+
+NewLogStreamSettingsAwsAllOfWithDefaults instantiates a new LogStreamSettingsAwsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccountId
+
+`func (o *LogStreamSettingsAwsAllOf) GetAccountId() string`
+
+GetAccountId returns the AccountId field if non-nil, zero value otherwise.
+
+### GetAccountIdOk
+
+`func (o *LogStreamSettingsAwsAllOf) GetAccountIdOk() (*string, bool)`
+
+GetAccountIdOk returns a tuple with the AccountId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccountId
+
+`func (o *LogStreamSettingsAwsAllOf) SetAccountId(v string)`
+
+SetAccountId sets AccountId field to given value.
+
+### HasAccountId
+
+`func (o *LogStreamSettingsAwsAllOf) HasAccountId() bool`
+
+HasAccountId returns a boolean if a field has been set.
+
+### GetEventSourceName
+
+`func (o *LogStreamSettingsAwsAllOf) GetEventSourceName() string`
+
+GetEventSourceName returns the EventSourceName field if non-nil, zero value otherwise.
+
+### GetEventSourceNameOk
+
+`func (o *LogStreamSettingsAwsAllOf) GetEventSourceNameOk() (*string, bool)`
+
+GetEventSourceNameOk returns a tuple with the EventSourceName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEventSourceName
+
+`func (o *LogStreamSettingsAwsAllOf) SetEventSourceName(v string)`
+
+SetEventSourceName sets EventSourceName field to given value.
+
+### HasEventSourceName
+
+`func (o *LogStreamSettingsAwsAllOf) HasEventSourceName() bool`
+
+HasEventSourceName returns a boolean if a field has been set.
+
+### GetRegion
+
+`func (o *LogStreamSettingsAwsAllOf) GetRegion() AwsRegion`
+
+GetRegion returns the Region field if non-nil, zero value otherwise.
+
+### GetRegionOk
+
+`func (o *LogStreamSettingsAwsAllOf) GetRegionOk() (*AwsRegion, bool)`
+
+GetRegionOk returns a tuple with the Region field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegion
+
+`func (o *LogStreamSettingsAwsAllOf) SetRegion(v AwsRegion)`
+
+SetRegion sets Region field to given value.
+
+### HasRegion
+
+`func (o *LogStreamSettingsAwsAllOf) HasRegion() bool`
+
+HasRegion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamSettingsSplunk.md b/okta/docs/LogStreamSettingsSplunk.md
new file mode 100644
index 000000000..16cfb9b2c
--- /dev/null
+++ b/okta/docs/LogStreamSettingsSplunk.md
@@ -0,0 +1,82 @@
+# LogStreamSettingsSplunk
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Host** | Pointer to **string** | The domain name for your Splunk Cloud instance. Don&#39;t include &#x60;http&#x60; or &#x60;https&#x60; in the string. For example: &#x60;acme.splunkcloud.com&#x60; | [optional] 
+**Token** | Pointer to **string** | The HEC token for your Splunk Cloud HTTP Event Collector | [optional] 
+
+## Methods
+
+### NewLogStreamSettingsSplunk
+
+`func NewLogStreamSettingsSplunk() *LogStreamSettingsSplunk`
+
+NewLogStreamSettingsSplunk instantiates a new LogStreamSettingsSplunk object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamSettingsSplunkWithDefaults
+
+`func NewLogStreamSettingsSplunkWithDefaults() *LogStreamSettingsSplunk`
+
+NewLogStreamSettingsSplunkWithDefaults instantiates a new LogStreamSettingsSplunk object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetHost
+
+`func (o *LogStreamSettingsSplunk) GetHost() string`
+
+GetHost returns the Host field if non-nil, zero value otherwise.
+
+### GetHostOk
+
+`func (o *LogStreamSettingsSplunk) GetHostOk() (*string, bool)`
+
+GetHostOk returns a tuple with the Host field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHost
+
+`func (o *LogStreamSettingsSplunk) SetHost(v string)`
+
+SetHost sets Host field to given value.
+
+### HasHost
+
+`func (o *LogStreamSettingsSplunk) HasHost() bool`
+
+HasHost returns a boolean if a field has been set.
+
+### GetToken
+
+`func (o *LogStreamSettingsSplunk) GetToken() string`
+
+GetToken returns the Token field if non-nil, zero value otherwise.
+
+### GetTokenOk
+
+`func (o *LogStreamSettingsSplunk) GetTokenOk() (*string, bool)`
+
+GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetToken
+
+`func (o *LogStreamSettingsSplunk) SetToken(v string)`
+
+SetToken sets Token field to given value.
+
+### HasToken
+
+`func (o *LogStreamSettingsSplunk) HasToken() bool`
+
+HasToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamSettingsSplunkAllOf.md b/okta/docs/LogStreamSettingsSplunkAllOf.md
new file mode 100644
index 000000000..da5e31ce7
--- /dev/null
+++ b/okta/docs/LogStreamSettingsSplunkAllOf.md
@@ -0,0 +1,82 @@
+# LogStreamSettingsSplunkAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Host** | Pointer to **string** | The domain name for your Splunk Cloud instance. Don&#39;t include &#x60;http&#x60; or &#x60;https&#x60; in the string. For example: &#x60;acme.splunkcloud.com&#x60; | [optional] 
+**Token** | Pointer to **string** | The HEC token for your Splunk Cloud HTTP Event Collector | [optional] 
+
+## Methods
+
+### NewLogStreamSettingsSplunkAllOf
+
+`func NewLogStreamSettingsSplunkAllOf() *LogStreamSettingsSplunkAllOf`
+
+NewLogStreamSettingsSplunkAllOf instantiates a new LogStreamSettingsSplunkAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamSettingsSplunkAllOfWithDefaults
+
+`func NewLogStreamSettingsSplunkAllOfWithDefaults() *LogStreamSettingsSplunkAllOf`
+
+NewLogStreamSettingsSplunkAllOfWithDefaults instantiates a new LogStreamSettingsSplunkAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetHost
+
+`func (o *LogStreamSettingsSplunkAllOf) GetHost() string`
+
+GetHost returns the Host field if non-nil, zero value otherwise.
+
+### GetHostOk
+
+`func (o *LogStreamSettingsSplunkAllOf) GetHostOk() (*string, bool)`
+
+GetHostOk returns a tuple with the Host field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHost
+
+`func (o *LogStreamSettingsSplunkAllOf) SetHost(v string)`
+
+SetHost sets Host field to given value.
+
+### HasHost
+
+`func (o *LogStreamSettingsSplunkAllOf) HasHost() bool`
+
+HasHost returns a boolean if a field has been set.
+
+### GetToken
+
+`func (o *LogStreamSettingsSplunkAllOf) GetToken() string`
+
+GetToken returns the Token field if non-nil, zero value otherwise.
+
+### GetTokenOk
+
+`func (o *LogStreamSettingsSplunkAllOf) GetTokenOk() (*string, bool)`
+
+GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetToken
+
+`func (o *LogStreamSettingsSplunkAllOf) SetToken(v string)`
+
+SetToken sets Token field to given value.
+
+### HasToken
+
+`func (o *LogStreamSettingsSplunkAllOf) HasToken() bool`
+
+HasToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamSplunk.md b/okta/docs/LogStreamSplunk.md
new file mode 100644
index 000000000..2db771eb3
--- /dev/null
+++ b/okta/docs/LogStreamSplunk.md
@@ -0,0 +1,56 @@
+# LogStreamSplunk
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**LogStreamSettingsSplunk**](LogStreamSettingsSplunk.md) |  | [optional] 
+
+## Methods
+
+### NewLogStreamSplunk
+
+`func NewLogStreamSplunk() *LogStreamSplunk`
+
+NewLogStreamSplunk instantiates a new LogStreamSplunk object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamSplunkWithDefaults
+
+`func NewLogStreamSplunkWithDefaults() *LogStreamSplunk`
+
+NewLogStreamSplunkWithDefaults instantiates a new LogStreamSplunk object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *LogStreamSplunk) GetSettings() LogStreamSettingsSplunk`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *LogStreamSplunk) GetSettingsOk() (*LogStreamSettingsSplunk, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *LogStreamSplunk) SetSettings(v LogStreamSettingsSplunk)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *LogStreamSplunk) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamSplunkAllOf.md b/okta/docs/LogStreamSplunkAllOf.md
new file mode 100644
index 000000000..823534dc0
--- /dev/null
+++ b/okta/docs/LogStreamSplunkAllOf.md
@@ -0,0 +1,56 @@
+# LogStreamSplunkAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Settings** | Pointer to [**LogStreamSettingsSplunk**](LogStreamSettingsSplunk.md) |  | [optional] 
+
+## Methods
+
+### NewLogStreamSplunkAllOf
+
+`func NewLogStreamSplunkAllOf() *LogStreamSplunkAllOf`
+
+NewLogStreamSplunkAllOf instantiates a new LogStreamSplunkAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogStreamSplunkAllOfWithDefaults
+
+`func NewLogStreamSplunkAllOfWithDefaults() *LogStreamSplunkAllOf`
+
+NewLogStreamSplunkAllOfWithDefaults instantiates a new LogStreamSplunkAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSettings
+
+`func (o *LogStreamSplunkAllOf) GetSettings() LogStreamSettingsSplunk`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *LogStreamSplunkAllOf) GetSettingsOk() (*LogStreamSettingsSplunk, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *LogStreamSplunkAllOf) SetSettings(v LogStreamSettingsSplunk)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *LogStreamSplunkAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogStreamType.md b/okta/docs/LogStreamType.md
new file mode 100644
index 000000000..15a69389b
--- /dev/null
+++ b/okta/docs/LogStreamType.md
@@ -0,0 +1,13 @@
+# LogStreamType
+
+## Enum
+
+
+* `AWS_EVENTBRIDGE` (value: `"aws_eventbridge"`)
+
+* `SPLUNK_CLOUD_LOGSTREAMING` (value: `"splunk_cloud_logstreaming"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogTarget.md b/okta/docs/LogTarget.md
new file mode 100644
index 000000000..a3c55c9fa
--- /dev/null
+++ b/okta/docs/LogTarget.md
@@ -0,0 +1,160 @@
+# LogTarget
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AlternateId** | Pointer to **string** |  | [optional] [readonly] 
+**DetailEntry** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**DisplayName** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogTarget
+
+`func NewLogTarget() *LogTarget`
+
+NewLogTarget instantiates a new LogTarget object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogTargetWithDefaults
+
+`func NewLogTargetWithDefaults() *LogTarget`
+
+NewLogTargetWithDefaults instantiates a new LogTarget object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlternateId
+
+`func (o *LogTarget) GetAlternateId() string`
+
+GetAlternateId returns the AlternateId field if non-nil, zero value otherwise.
+
+### GetAlternateIdOk
+
+`func (o *LogTarget) GetAlternateIdOk() (*string, bool)`
+
+GetAlternateIdOk returns a tuple with the AlternateId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlternateId
+
+`func (o *LogTarget) SetAlternateId(v string)`
+
+SetAlternateId sets AlternateId field to given value.
+
+### HasAlternateId
+
+`func (o *LogTarget) HasAlternateId() bool`
+
+HasAlternateId returns a boolean if a field has been set.
+
+### GetDetailEntry
+
+`func (o *LogTarget) GetDetailEntry() map[string]map[string]interface{}`
+
+GetDetailEntry returns the DetailEntry field if non-nil, zero value otherwise.
+
+### GetDetailEntryOk
+
+`func (o *LogTarget) GetDetailEntryOk() (*map[string]map[string]interface{}, bool)`
+
+GetDetailEntryOk returns a tuple with the DetailEntry field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDetailEntry
+
+`func (o *LogTarget) SetDetailEntry(v map[string]map[string]interface{})`
+
+SetDetailEntry sets DetailEntry field to given value.
+
+### HasDetailEntry
+
+`func (o *LogTarget) HasDetailEntry() bool`
+
+HasDetailEntry returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *LogTarget) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *LogTarget) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *LogTarget) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *LogTarget) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *LogTarget) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *LogTarget) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *LogTarget) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *LogTarget) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *LogTarget) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *LogTarget) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *LogTarget) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *LogTarget) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogTransaction.md b/okta/docs/LogTransaction.md
new file mode 100644
index 000000000..3a6c70dbe
--- /dev/null
+++ b/okta/docs/LogTransaction.md
@@ -0,0 +1,108 @@
+# LogTransaction
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Detail** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogTransaction
+
+`func NewLogTransaction() *LogTransaction`
+
+NewLogTransaction instantiates a new LogTransaction object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogTransactionWithDefaults
+
+`func NewLogTransactionWithDefaults() *LogTransaction`
+
+NewLogTransactionWithDefaults instantiates a new LogTransaction object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDetail
+
+`func (o *LogTransaction) GetDetail() map[string]map[string]interface{}`
+
+GetDetail returns the Detail field if non-nil, zero value otherwise.
+
+### GetDetailOk
+
+`func (o *LogTransaction) GetDetailOk() (*map[string]map[string]interface{}, bool)`
+
+GetDetailOk returns a tuple with the Detail field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDetail
+
+`func (o *LogTransaction) SetDetail(v map[string]map[string]interface{})`
+
+SetDetail sets Detail field to given value.
+
+### HasDetail
+
+`func (o *LogTransaction) HasDetail() bool`
+
+HasDetail returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *LogTransaction) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *LogTransaction) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *LogTransaction) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *LogTransaction) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *LogTransaction) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *LogTransaction) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *LogTransaction) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *LogTransaction) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/LogUserAgent.md b/okta/docs/LogUserAgent.md
new file mode 100644
index 000000000..b522e6132
--- /dev/null
+++ b/okta/docs/LogUserAgent.md
@@ -0,0 +1,108 @@
+# LogUserAgent
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Browser** | Pointer to **string** |  | [optional] [readonly] 
+**Os** | Pointer to **string** |  | [optional] [readonly] 
+**RawUserAgent** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewLogUserAgent
+
+`func NewLogUserAgent() *LogUserAgent`
+
+NewLogUserAgent instantiates a new LogUserAgent object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewLogUserAgentWithDefaults
+
+`func NewLogUserAgentWithDefaults() *LogUserAgent`
+
+NewLogUserAgentWithDefaults instantiates a new LogUserAgent object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrowser
+
+`func (o *LogUserAgent) GetBrowser() string`
+
+GetBrowser returns the Browser field if non-nil, zero value otherwise.
+
+### GetBrowserOk
+
+`func (o *LogUserAgent) GetBrowserOk() (*string, bool)`
+
+GetBrowserOk returns a tuple with the Browser field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrowser
+
+`func (o *LogUserAgent) SetBrowser(v string)`
+
+SetBrowser sets Browser field to given value.
+
+### HasBrowser
+
+`func (o *LogUserAgent) HasBrowser() bool`
+
+HasBrowser returns a boolean if a field has been set.
+
+### GetOs
+
+`func (o *LogUserAgent) GetOs() string`
+
+GetOs returns the Os field if non-nil, zero value otherwise.
+
+### GetOsOk
+
+`func (o *LogUserAgent) GetOsOk() (*string, bool)`
+
+GetOsOk returns a tuple with the Os field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOs
+
+`func (o *LogUserAgent) SetOs(v string)`
+
+SetOs sets Os field to given value.
+
+### HasOs
+
+`func (o *LogUserAgent) HasOs() bool`
+
+HasOs returns a boolean if a field has been set.
+
+### GetRawUserAgent
+
+`func (o *LogUserAgent) GetRawUserAgent() string`
+
+GetRawUserAgent returns the RawUserAgent field if non-nil, zero value otherwise.
+
+### GetRawUserAgentOk
+
+`func (o *LogUserAgent) GetRawUserAgentOk() (*string, bool)`
+
+GetRawUserAgentOk returns a tuple with the RawUserAgent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRawUserAgent
+
+`func (o *LogUserAgent) SetRawUserAgent(v string)`
+
+SetRawUserAgent sets RawUserAgent field to given value.
+
+### HasRawUserAgent
+
+`func (o *LogUserAgent) HasRawUserAgent() bool`
+
+HasRawUserAgent returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MDMEnrollmentPolicyEnrollment.md b/okta/docs/MDMEnrollmentPolicyEnrollment.md
new file mode 100644
index 000000000..523b04bfe
--- /dev/null
+++ b/okta/docs/MDMEnrollmentPolicyEnrollment.md
@@ -0,0 +1,13 @@
+# MDMEnrollmentPolicyEnrollment
+
+## Enum
+
+
+* `ANY_OR_NONE` (value: `"ANY_OR_NONE"`)
+
+* `OMM` (value: `"OMM"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MDMEnrollmentPolicyRuleCondition.md b/okta/docs/MDMEnrollmentPolicyRuleCondition.md
new file mode 100644
index 000000000..0519759fc
--- /dev/null
+++ b/okta/docs/MDMEnrollmentPolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# MDMEnrollmentPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BlockNonSafeAndroid** | Pointer to **bool** |  | [optional] 
+**Enrollment** | Pointer to [**MDMEnrollmentPolicyEnrollment**](MDMEnrollmentPolicyEnrollment.md) |  | [optional] 
+
+## Methods
+
+### NewMDMEnrollmentPolicyRuleCondition
+
+`func NewMDMEnrollmentPolicyRuleCondition() *MDMEnrollmentPolicyRuleCondition`
+
+NewMDMEnrollmentPolicyRuleCondition instantiates a new MDMEnrollmentPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewMDMEnrollmentPolicyRuleConditionWithDefaults
+
+`func NewMDMEnrollmentPolicyRuleConditionWithDefaults() *MDMEnrollmentPolicyRuleCondition`
+
+NewMDMEnrollmentPolicyRuleConditionWithDefaults instantiates a new MDMEnrollmentPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBlockNonSafeAndroid
+
+`func (o *MDMEnrollmentPolicyRuleCondition) GetBlockNonSafeAndroid() bool`
+
+GetBlockNonSafeAndroid returns the BlockNonSafeAndroid field if non-nil, zero value otherwise.
+
+### GetBlockNonSafeAndroidOk
+
+`func (o *MDMEnrollmentPolicyRuleCondition) GetBlockNonSafeAndroidOk() (*bool, bool)`
+
+GetBlockNonSafeAndroidOk returns a tuple with the BlockNonSafeAndroid field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBlockNonSafeAndroid
+
+`func (o *MDMEnrollmentPolicyRuleCondition) SetBlockNonSafeAndroid(v bool)`
+
+SetBlockNonSafeAndroid sets BlockNonSafeAndroid field to given value.
+
+### HasBlockNonSafeAndroid
+
+`func (o *MDMEnrollmentPolicyRuleCondition) HasBlockNonSafeAndroid() bool`
+
+HasBlockNonSafeAndroid returns a boolean if a field has been set.
+
+### GetEnrollment
+
+`func (o *MDMEnrollmentPolicyRuleCondition) GetEnrollment() MDMEnrollmentPolicyEnrollment`
+
+GetEnrollment returns the Enrollment field if non-nil, zero value otherwise.
+
+### GetEnrollmentOk
+
+`func (o *MDMEnrollmentPolicyRuleCondition) GetEnrollmentOk() (*MDMEnrollmentPolicyEnrollment, bool)`
+
+GetEnrollmentOk returns a tuple with the Enrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnrollment
+
+`func (o *MDMEnrollmentPolicyRuleCondition) SetEnrollment(v MDMEnrollmentPolicyEnrollment)`
+
+SetEnrollment sets Enrollment field to given value.
+
+### HasEnrollment
+
+`func (o *MDMEnrollmentPolicyRuleCondition) HasEnrollment() bool`
+
+HasEnrollment returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicy.md b/okta/docs/MultifactorEnrollmentPolicy.md
new file mode 100644
index 000000000..cdd0812aa
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicy.md
@@ -0,0 +1,82 @@
+# MultifactorEnrollmentPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+**Settings** | Pointer to [**MultifactorEnrollmentPolicySettings**](MultifactorEnrollmentPolicySettings.md) |  | [optional] 
+
+## Methods
+
+### NewMultifactorEnrollmentPolicy
+
+`func NewMultifactorEnrollmentPolicy() *MultifactorEnrollmentPolicy`
+
+NewMultifactorEnrollmentPolicy instantiates a new MultifactorEnrollmentPolicy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewMultifactorEnrollmentPolicyWithDefaults
+
+`func NewMultifactorEnrollmentPolicyWithDefaults() *MultifactorEnrollmentPolicy`
+
+NewMultifactorEnrollmentPolicyWithDefaults instantiates a new MultifactorEnrollmentPolicy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *MultifactorEnrollmentPolicy) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *MultifactorEnrollmentPolicy) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *MultifactorEnrollmentPolicy) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *MultifactorEnrollmentPolicy) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *MultifactorEnrollmentPolicy) GetSettings() MultifactorEnrollmentPolicySettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *MultifactorEnrollmentPolicy) GetSettingsOk() (*MultifactorEnrollmentPolicySettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *MultifactorEnrollmentPolicy) SetSettings(v MultifactorEnrollmentPolicySettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *MultifactorEnrollmentPolicy) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicyAllOf.md b/okta/docs/MultifactorEnrollmentPolicyAllOf.md
new file mode 100644
index 000000000..909f0333f
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicyAllOf.md
@@ -0,0 +1,82 @@
+# MultifactorEnrollmentPolicyAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+**Settings** | Pointer to [**MultifactorEnrollmentPolicySettings**](MultifactorEnrollmentPolicySettings.md) |  | [optional] 
+
+## Methods
+
+### NewMultifactorEnrollmentPolicyAllOf
+
+`func NewMultifactorEnrollmentPolicyAllOf() *MultifactorEnrollmentPolicyAllOf`
+
+NewMultifactorEnrollmentPolicyAllOf instantiates a new MultifactorEnrollmentPolicyAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewMultifactorEnrollmentPolicyAllOfWithDefaults
+
+`func NewMultifactorEnrollmentPolicyAllOfWithDefaults() *MultifactorEnrollmentPolicyAllOf`
+
+NewMultifactorEnrollmentPolicyAllOfWithDefaults instantiates a new MultifactorEnrollmentPolicyAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *MultifactorEnrollmentPolicyAllOf) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *MultifactorEnrollmentPolicyAllOf) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *MultifactorEnrollmentPolicyAllOf) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *MultifactorEnrollmentPolicyAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *MultifactorEnrollmentPolicyAllOf) GetSettings() MultifactorEnrollmentPolicySettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *MultifactorEnrollmentPolicyAllOf) GetSettingsOk() (*MultifactorEnrollmentPolicySettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *MultifactorEnrollmentPolicyAllOf) SetSettings(v MultifactorEnrollmentPolicySettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *MultifactorEnrollmentPolicyAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicyAuthenticatorSettings.md b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorSettings.md
new file mode 100644
index 000000000..f3a5b75d1
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorSettings.md
@@ -0,0 +1,82 @@
+# MultifactorEnrollmentPolicyAuthenticatorSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enroll** | Pointer to [**MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll**](MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll.md) |  | [optional] 
+**Key** | Pointer to [**MultifactorEnrollmentPolicyAuthenticatorType**](MultifactorEnrollmentPolicyAuthenticatorType.md) |  | [optional] 
+
+## Methods
+
+### NewMultifactorEnrollmentPolicyAuthenticatorSettings
+
+`func NewMultifactorEnrollmentPolicyAuthenticatorSettings() *MultifactorEnrollmentPolicyAuthenticatorSettings`
+
+NewMultifactorEnrollmentPolicyAuthenticatorSettings instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewMultifactorEnrollmentPolicyAuthenticatorSettingsWithDefaults
+
+`func NewMultifactorEnrollmentPolicyAuthenticatorSettingsWithDefaults() *MultifactorEnrollmentPolicyAuthenticatorSettings`
+
+NewMultifactorEnrollmentPolicyAuthenticatorSettingsWithDefaults instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnroll
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetEnroll() MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll`
+
+GetEnroll returns the Enroll field if non-nil, zero value otherwise.
+
+### GetEnrollOk
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetEnrollOk() (*MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll, bool)`
+
+GetEnrollOk returns a tuple with the Enroll field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnroll
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) SetEnroll(v MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll)`
+
+SetEnroll sets Enroll field to given value.
+
+### HasEnroll
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) HasEnroll() bool`
+
+HasEnroll returns a boolean if a field has been set.
+
+### GetKey
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetKey() MultifactorEnrollmentPolicyAuthenticatorType`
+
+GetKey returns the Key field if non-nil, zero value otherwise.
+
+### GetKeyOk
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetKeyOk() (*MultifactorEnrollmentPolicyAuthenticatorType, bool)`
+
+GetKeyOk returns a tuple with the Key field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKey
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) SetKey(v MultifactorEnrollmentPolicyAuthenticatorType)`
+
+SetKey sets Key field to given value.
+
+### HasKey
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) HasKey() bool`
+
+HasKey returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll.md b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll.md
new file mode 100644
index 000000000..e315c435a
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll.md
@@ -0,0 +1,56 @@
+# MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**MultifactorEnrollmentPolicyAuthenticatorStatus**](MultifactorEnrollmentPolicyAuthenticatorStatus.md) |  | [optional] 
+
+## Methods
+
+### NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll
+
+`func NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll() *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll`
+
+NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnrollWithDefaults
+
+`func NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnrollWithDefaults() *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll`
+
+NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnrollWithDefaults instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) GetSelf() MultifactorEnrollmentPolicyAuthenticatorStatus`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) GetSelfOk() (*MultifactorEnrollmentPolicyAuthenticatorStatus, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) SetSelf(v MultifactorEnrollmentPolicyAuthenticatorStatus)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicyAuthenticatorStatus.md b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorStatus.md
new file mode 100644
index 000000000..266372413
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorStatus.md
@@ -0,0 +1,15 @@
+# MultifactorEnrollmentPolicyAuthenticatorStatus
+
+## Enum
+
+
+* `NOT_ALLOWED` (value: `"NOT_ALLOWED"`)
+
+* `OPTIONAL` (value: `"OPTIONAL"`)
+
+* `REQUIRED` (value: `"REQUIRED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicyAuthenticatorType.md b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorType.md
new file mode 100644
index 000000000..2e511c300
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicyAuthenticatorType.md
@@ -0,0 +1,39 @@
+# MultifactorEnrollmentPolicyAuthenticatorType
+
+## Enum
+
+
+* `CUSTOM_APP` (value: `"custom_app"`)
+
+* `CUSTOM_OTP` (value: `"custom_otp"`)
+
+* `DUO` (value: `"duo"`)
+
+* `EXTERNAL_IDP` (value: `"external_idp"`)
+
+* `GOOGLE_OTP` (value: `"google_otp"`)
+
+* `OKTA_EMAIL` (value: `"okta_email"`)
+
+* `OKTA_PASSWORD` (value: `"okta_password"`)
+
+* `OKTA_VERIFY` (value: `"okta_verify"`)
+
+* `ONPREM_MFA` (value: `"onprem_mfa"`)
+
+* `PHONE_NUMBER` (value: `"phone_number"`)
+
+* `RSA_TOKEN` (value: `"rsa_token"`)
+
+* `SECURITY_QUESTION` (value: `"security_question"`)
+
+* `SYMANTEC_VIP` (value: `"symantec_vip"`)
+
+* `WEBAUTHN` (value: `"webauthn"`)
+
+* `YUBIKEY_TOKEN` (value: `"yubikey_token"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicySettings.md b/okta/docs/MultifactorEnrollmentPolicySettings.md
new file mode 100644
index 000000000..1863fe715
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicySettings.md
@@ -0,0 +1,82 @@
+# MultifactorEnrollmentPolicySettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Authenticators** | Pointer to [**[]MultifactorEnrollmentPolicyAuthenticatorSettings**](MultifactorEnrollmentPolicyAuthenticatorSettings.md) |  | [optional] 
+**Type** | Pointer to [**MultifactorEnrollmentPolicySettingsType**](MultifactorEnrollmentPolicySettingsType.md) |  | [optional] 
+
+## Methods
+
+### NewMultifactorEnrollmentPolicySettings
+
+`func NewMultifactorEnrollmentPolicySettings() *MultifactorEnrollmentPolicySettings`
+
+NewMultifactorEnrollmentPolicySettings instantiates a new MultifactorEnrollmentPolicySettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewMultifactorEnrollmentPolicySettingsWithDefaults
+
+`func NewMultifactorEnrollmentPolicySettingsWithDefaults() *MultifactorEnrollmentPolicySettings`
+
+NewMultifactorEnrollmentPolicySettingsWithDefaults instantiates a new MultifactorEnrollmentPolicySettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthenticators
+
+`func (o *MultifactorEnrollmentPolicySettings) GetAuthenticators() []MultifactorEnrollmentPolicyAuthenticatorSettings`
+
+GetAuthenticators returns the Authenticators field if non-nil, zero value otherwise.
+
+### GetAuthenticatorsOk
+
+`func (o *MultifactorEnrollmentPolicySettings) GetAuthenticatorsOk() (*[]MultifactorEnrollmentPolicyAuthenticatorSettings, bool)`
+
+GetAuthenticatorsOk returns a tuple with the Authenticators field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthenticators
+
+`func (o *MultifactorEnrollmentPolicySettings) SetAuthenticators(v []MultifactorEnrollmentPolicyAuthenticatorSettings)`
+
+SetAuthenticators sets Authenticators field to given value.
+
+### HasAuthenticators
+
+`func (o *MultifactorEnrollmentPolicySettings) HasAuthenticators() bool`
+
+HasAuthenticators returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *MultifactorEnrollmentPolicySettings) GetType() MultifactorEnrollmentPolicySettingsType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *MultifactorEnrollmentPolicySettings) GetTypeOk() (*MultifactorEnrollmentPolicySettingsType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *MultifactorEnrollmentPolicySettings) SetType(v MultifactorEnrollmentPolicySettingsType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *MultifactorEnrollmentPolicySettings) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/MultifactorEnrollmentPolicySettingsType.md b/okta/docs/MultifactorEnrollmentPolicySettingsType.md
new file mode 100644
index 000000000..f73d93c3e
--- /dev/null
+++ b/okta/docs/MultifactorEnrollmentPolicySettingsType.md
@@ -0,0 +1,11 @@
+# MultifactorEnrollmentPolicySettingsType
+
+## Enum
+
+
+* `AUTHENTICATORS` (value: `"AUTHENTICATORS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NetworkZone.md b/okta/docs/NetworkZone.md
new file mode 100644
index 000000000..033c24af7
--- /dev/null
+++ b/okta/docs/NetworkZone.md
@@ -0,0 +1,394 @@
+# NetworkZone
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Asns** | Pointer to **[]string** | Format of each array value: a string representation of an ASN numeric value | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Gateways** | Pointer to [**[]NetworkZoneAddress**](NetworkZoneAddress.md) | IP addresses (range or CIDR form) of this Zone. The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone. | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Locations** | Pointer to [**[]NetworkZoneLocation**](NetworkZoneLocation.md) | The geolocations of this Zone | [optional] 
+**Name** | Pointer to **string** | Unique name for this Zone. Maximum of 128 characters. | [optional] 
+**Proxies** | Pointer to [**[]NetworkZoneAddress**](NetworkZoneAddress.md) | IP address (range or CIDR form) that are allowed to forward a request from gateway addresses. These proxies are automatically trusted by Threat Insights, and used to identify the client IP of a request. The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone. | [optional] 
+**ProxyType** | Pointer to **string** | One of: &#x60;\&quot;\&quot;&#x60; or &#x60;null&#x60; (when not specified), &#x60;Any&#x60; (meaning any proxy), &#x60;Tor&#x60;, or &#x60;NotTorAnonymizer&#x60; | [optional] 
+**Status** | Pointer to [**NetworkZoneStatus**](NetworkZoneStatus.md) |  | [optional] 
+**System** | Pointer to **bool** | Indicates if this is a system Network Zone. For admin-created zones, this is always &#x60;false&#x60;. The system IP Policy Network Zone (&#x60;LegacyIpZone&#x60;) is included by default in your Okta org. Notice that &#x60;system&#x3D;true&#x60; for the &#x60;LegacyIpZone&#x60; object. Admin users can modify the name of this default system Zone and can add up to 5000 gateway or proxy IP entries. | [optional] 
+**Type** | Pointer to [**NetworkZoneType**](NetworkZoneType.md) |  | [optional] 
+**Usage** | Pointer to [**NetworkZoneUsage**](NetworkZoneUsage.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewNetworkZone
+
+`func NewNetworkZone() *NetworkZone`
+
+NewNetworkZone instantiates a new NetworkZone object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewNetworkZoneWithDefaults
+
+`func NewNetworkZoneWithDefaults() *NetworkZone`
+
+NewNetworkZoneWithDefaults instantiates a new NetworkZone object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAsns
+
+`func (o *NetworkZone) GetAsns() []string`
+
+GetAsns returns the Asns field if non-nil, zero value otherwise.
+
+### GetAsnsOk
+
+`func (o *NetworkZone) GetAsnsOk() (*[]string, bool)`
+
+GetAsnsOk returns a tuple with the Asns field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAsns
+
+`func (o *NetworkZone) SetAsns(v []string)`
+
+SetAsns sets Asns field to given value.
+
+### HasAsns
+
+`func (o *NetworkZone) HasAsns() bool`
+
+HasAsns returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *NetworkZone) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *NetworkZone) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *NetworkZone) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *NetworkZone) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetGateways
+
+`func (o *NetworkZone) GetGateways() []NetworkZoneAddress`
+
+GetGateways returns the Gateways field if non-nil, zero value otherwise.
+
+### GetGatewaysOk
+
+`func (o *NetworkZone) GetGatewaysOk() (*[]NetworkZoneAddress, bool)`
+
+GetGatewaysOk returns a tuple with the Gateways field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGateways
+
+`func (o *NetworkZone) SetGateways(v []NetworkZoneAddress)`
+
+SetGateways sets Gateways field to given value.
+
+### HasGateways
+
+`func (o *NetworkZone) HasGateways() bool`
+
+HasGateways returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *NetworkZone) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *NetworkZone) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *NetworkZone) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *NetworkZone) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *NetworkZone) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *NetworkZone) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *NetworkZone) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *NetworkZone) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLocations
+
+`func (o *NetworkZone) GetLocations() []NetworkZoneLocation`
+
+GetLocations returns the Locations field if non-nil, zero value otherwise.
+
+### GetLocationsOk
+
+`func (o *NetworkZone) GetLocationsOk() (*[]NetworkZoneLocation, bool)`
+
+GetLocationsOk returns a tuple with the Locations field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLocations
+
+`func (o *NetworkZone) SetLocations(v []NetworkZoneLocation)`
+
+SetLocations sets Locations field to given value.
+
+### HasLocations
+
+`func (o *NetworkZone) HasLocations() bool`
+
+HasLocations returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *NetworkZone) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *NetworkZone) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *NetworkZone) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *NetworkZone) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetProxies
+
+`func (o *NetworkZone) GetProxies() []NetworkZoneAddress`
+
+GetProxies returns the Proxies field if non-nil, zero value otherwise.
+
+### GetProxiesOk
+
+`func (o *NetworkZone) GetProxiesOk() (*[]NetworkZoneAddress, bool)`
+
+GetProxiesOk returns a tuple with the Proxies field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProxies
+
+`func (o *NetworkZone) SetProxies(v []NetworkZoneAddress)`
+
+SetProxies sets Proxies field to given value.
+
+### HasProxies
+
+`func (o *NetworkZone) HasProxies() bool`
+
+HasProxies returns a boolean if a field has been set.
+
+### GetProxyType
+
+`func (o *NetworkZone) GetProxyType() string`
+
+GetProxyType returns the ProxyType field if non-nil, zero value otherwise.
+
+### GetProxyTypeOk
+
+`func (o *NetworkZone) GetProxyTypeOk() (*string, bool)`
+
+GetProxyTypeOk returns a tuple with the ProxyType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProxyType
+
+`func (o *NetworkZone) SetProxyType(v string)`
+
+SetProxyType sets ProxyType field to given value.
+
+### HasProxyType
+
+`func (o *NetworkZone) HasProxyType() bool`
+
+HasProxyType returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *NetworkZone) GetStatus() NetworkZoneStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *NetworkZone) GetStatusOk() (*NetworkZoneStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *NetworkZone) SetStatus(v NetworkZoneStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *NetworkZone) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetSystem
+
+`func (o *NetworkZone) GetSystem() bool`
+
+GetSystem returns the System field if non-nil, zero value otherwise.
+
+### GetSystemOk
+
+`func (o *NetworkZone) GetSystemOk() (*bool, bool)`
+
+GetSystemOk returns a tuple with the System field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSystem
+
+`func (o *NetworkZone) SetSystem(v bool)`
+
+SetSystem sets System field to given value.
+
+### HasSystem
+
+`func (o *NetworkZone) HasSystem() bool`
+
+HasSystem returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *NetworkZone) GetType() NetworkZoneType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *NetworkZone) GetTypeOk() (*NetworkZoneType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *NetworkZone) SetType(v NetworkZoneType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *NetworkZone) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetUsage
+
+`func (o *NetworkZone) GetUsage() NetworkZoneUsage`
+
+GetUsage returns the Usage field if non-nil, zero value otherwise.
+
+### GetUsageOk
+
+`func (o *NetworkZone) GetUsageOk() (*NetworkZoneUsage, bool)`
+
+GetUsageOk returns a tuple with the Usage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsage
+
+`func (o *NetworkZone) SetUsage(v NetworkZoneUsage)`
+
+SetUsage sets Usage field to given value.
+
+### HasUsage
+
+`func (o *NetworkZone) HasUsage() bool`
+
+HasUsage returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *NetworkZone) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *NetworkZone) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *NetworkZone) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *NetworkZone) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NetworkZoneAddress.md b/okta/docs/NetworkZoneAddress.md
new file mode 100644
index 000000000..f67ae822b
--- /dev/null
+++ b/okta/docs/NetworkZoneAddress.md
@@ -0,0 +1,82 @@
+# NetworkZoneAddress
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | Pointer to [**NetworkZoneAddressType**](NetworkZoneAddressType.md) |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewNetworkZoneAddress
+
+`func NewNetworkZoneAddress() *NetworkZoneAddress`
+
+NewNetworkZoneAddress instantiates a new NetworkZoneAddress object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewNetworkZoneAddressWithDefaults
+
+`func NewNetworkZoneAddressWithDefaults() *NetworkZoneAddress`
+
+NewNetworkZoneAddressWithDefaults instantiates a new NetworkZoneAddress object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *NetworkZoneAddress) GetType() NetworkZoneAddressType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *NetworkZoneAddress) GetTypeOk() (*NetworkZoneAddressType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *NetworkZoneAddress) SetType(v NetworkZoneAddressType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *NetworkZoneAddress) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *NetworkZoneAddress) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *NetworkZoneAddress) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *NetworkZoneAddress) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *NetworkZoneAddress) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NetworkZoneAddressType.md b/okta/docs/NetworkZoneAddressType.md
new file mode 100644
index 000000000..512fff8a7
--- /dev/null
+++ b/okta/docs/NetworkZoneAddressType.md
@@ -0,0 +1,13 @@
+# NetworkZoneAddressType
+
+## Enum
+
+
+* `CIDR` (value: `"CIDR"`)
+
+* `RANGE` (value: `"RANGE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NetworkZoneApi.md b/okta/docs/NetworkZoneApi.md
new file mode 100644
index 000000000..e90896eb8
--- /dev/null
+++ b/okta/docs/NetworkZoneApi.md
@@ -0,0 +1,501 @@
+# \NetworkZoneApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateNetworkZone**](NetworkZoneApi.md#ActivateNetworkZone) | **Post** /api/v1/zones/{zoneId}/lifecycle/activate | Activate a Network Zone
+[**CreateNetworkZone**](NetworkZoneApi.md#CreateNetworkZone) | **Post** /api/v1/zones | Create a Network Zone
+[**DeactivateNetworkZone**](NetworkZoneApi.md#DeactivateNetworkZone) | **Post** /api/v1/zones/{zoneId}/lifecycle/deactivate | Deactivate a Network Zone
+[**DeleteNetworkZone**](NetworkZoneApi.md#DeleteNetworkZone) | **Delete** /api/v1/zones/{zoneId} | Delete a Network Zone
+[**GetNetworkZone**](NetworkZoneApi.md#GetNetworkZone) | **Get** /api/v1/zones/{zoneId} | Retrieve a Network Zone
+[**ListNetworkZones**](NetworkZoneApi.md#ListNetworkZones) | **Get** /api/v1/zones | List all Network Zones
+[**ReplaceNetworkZone**](NetworkZoneApi.md#ReplaceNetworkZone) | **Put** /api/v1/zones/{zoneId} | Replace a Network Zone
+
+
+
+## ActivateNetworkZone
+
+> NetworkZone ActivateNetworkZone(ctx, zoneId).Execute()
+
+Activate a Network Zone
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    zoneId := "zoneId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.NetworkZoneApi.ActivateNetworkZone(context.Background(), zoneId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `NetworkZoneApi.ActivateNetworkZone``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateNetworkZone`: NetworkZone
+    fmt.Fprintf(os.Stdout, "Response from `NetworkZoneApi.ActivateNetworkZone`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**zoneId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateNetworkZoneRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**NetworkZone**](NetworkZone.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateNetworkZone
+
+> NetworkZone CreateNetworkZone(ctx).Zone(zone).Execute()
+
+Create a Network Zone
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    zone := *openapiclient.NewNetworkZone() // NetworkZone | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.NetworkZoneApi.CreateNetworkZone(context.Background()).Zone(zone).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `NetworkZoneApi.CreateNetworkZone``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateNetworkZone`: NetworkZone
+    fmt.Fprintf(os.Stdout, "Response from `NetworkZoneApi.CreateNetworkZone`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateNetworkZoneRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **zone** | [**NetworkZone**](NetworkZone.md) |  | 
+
+### Return type
+
+[**NetworkZone**](NetworkZone.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateNetworkZone
+
+> NetworkZone DeactivateNetworkZone(ctx, zoneId).Execute()
+
+Deactivate a Network Zone
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    zoneId := "zoneId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.NetworkZoneApi.DeactivateNetworkZone(context.Background(), zoneId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `NetworkZoneApi.DeactivateNetworkZone``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateNetworkZone`: NetworkZone
+    fmt.Fprintf(os.Stdout, "Response from `NetworkZoneApi.DeactivateNetworkZone`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**zoneId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateNetworkZoneRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**NetworkZone**](NetworkZone.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteNetworkZone
+
+> DeleteNetworkZone(ctx, zoneId).Execute()
+
+Delete a Network Zone
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    zoneId := "zoneId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.NetworkZoneApi.DeleteNetworkZone(context.Background(), zoneId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `NetworkZoneApi.DeleteNetworkZone``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**zoneId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteNetworkZoneRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetNetworkZone
+
+> NetworkZone GetNetworkZone(ctx, zoneId).Execute()
+
+Retrieve a Network Zone
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    zoneId := "zoneId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.NetworkZoneApi.GetNetworkZone(context.Background(), zoneId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `NetworkZoneApi.GetNetworkZone``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetNetworkZone`: NetworkZone
+    fmt.Fprintf(os.Stdout, "Response from `NetworkZoneApi.GetNetworkZone`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**zoneId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetNetworkZoneRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**NetworkZone**](NetworkZone.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListNetworkZones
+
+> []NetworkZone ListNetworkZones(ctx).After(after).Limit(limit).Filter(filter).Execute()
+
+List all Network Zones
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string | Specifies the pagination cursor for the next page of network zones (optional)
+    limit := int32(56) // int32 | Specifies the number of results for a page (optional) (default to -1)
+    filter := "filter_example" // string | Filters zones by usage or id expression (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.NetworkZoneApi.ListNetworkZones(context.Background()).After(after).Limit(limit).Filter(filter).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `NetworkZoneApi.ListNetworkZones``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListNetworkZones`: []NetworkZone
+    fmt.Fprintf(os.Stdout, "Response from `NetworkZoneApi.ListNetworkZones`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListNetworkZonesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** | Specifies the pagination cursor for the next page of network zones | 
+ **limit** | **int32** | Specifies the number of results for a page | [default to -1]
+ **filter** | **string** | Filters zones by usage or id expression | 
+
+### Return type
+
+[**[]NetworkZone**](NetworkZone.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceNetworkZone
+
+> NetworkZone ReplaceNetworkZone(ctx, zoneId).Zone(zone).Execute()
+
+Replace a Network Zone
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    zoneId := "zoneId_example" // string | 
+    zone := *openapiclient.NewNetworkZone() // NetworkZone | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.NetworkZoneApi.ReplaceNetworkZone(context.Background(), zoneId).Zone(zone).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `NetworkZoneApi.ReplaceNetworkZone``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceNetworkZone`: NetworkZone
+    fmt.Fprintf(os.Stdout, "Response from `NetworkZoneApi.ReplaceNetworkZone`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**zoneId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceNetworkZoneRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **zone** | [**NetworkZone**](NetworkZone.md) |  | 
+
+### Return type
+
+[**NetworkZone**](NetworkZone.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/NetworkZoneLocation.md b/okta/docs/NetworkZoneLocation.md
new file mode 100644
index 000000000..dc6085a66
--- /dev/null
+++ b/okta/docs/NetworkZoneLocation.md
@@ -0,0 +1,82 @@
+# NetworkZoneLocation
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Country** | Pointer to **string** | Format of the country value: length 2 [ISO-3166-1](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) country code. Do not use continent codes as they are treated as generic codes for undesignated countries. | [optional] 
+**Region** | Pointer to **string** | Format of the region value (optional): region code [ISO-3166-2](https://en.wikipedia.org/wiki/ISO_3166-2) appended to country code (&#x60;countryCode-regionCode&#x60;), or &#x60;null&#x60; if empty. Do not use continent codes as they are treated as generic codes for undesignated regions. | [optional] 
+
+## Methods
+
+### NewNetworkZoneLocation
+
+`func NewNetworkZoneLocation() *NetworkZoneLocation`
+
+NewNetworkZoneLocation instantiates a new NetworkZoneLocation object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewNetworkZoneLocationWithDefaults
+
+`func NewNetworkZoneLocationWithDefaults() *NetworkZoneLocation`
+
+NewNetworkZoneLocationWithDefaults instantiates a new NetworkZoneLocation object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCountry
+
+`func (o *NetworkZoneLocation) GetCountry() string`
+
+GetCountry returns the Country field if non-nil, zero value otherwise.
+
+### GetCountryOk
+
+`func (o *NetworkZoneLocation) GetCountryOk() (*string, bool)`
+
+GetCountryOk returns a tuple with the Country field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCountry
+
+`func (o *NetworkZoneLocation) SetCountry(v string)`
+
+SetCountry sets Country field to given value.
+
+### HasCountry
+
+`func (o *NetworkZoneLocation) HasCountry() bool`
+
+HasCountry returns a boolean if a field has been set.
+
+### GetRegion
+
+`func (o *NetworkZoneLocation) GetRegion() string`
+
+GetRegion returns the Region field if non-nil, zero value otherwise.
+
+### GetRegionOk
+
+`func (o *NetworkZoneLocation) GetRegionOk() (*string, bool)`
+
+GetRegionOk returns a tuple with the Region field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegion
+
+`func (o *NetworkZoneLocation) SetRegion(v string)`
+
+SetRegion sets Region field to given value.
+
+### HasRegion
+
+`func (o *NetworkZoneLocation) HasRegion() bool`
+
+HasRegion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NetworkZoneStatus.md b/okta/docs/NetworkZoneStatus.md
new file mode 100644
index 000000000..97d82ee17
--- /dev/null
+++ b/okta/docs/NetworkZoneStatus.md
@@ -0,0 +1,13 @@
+# NetworkZoneStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NetworkZoneType.md b/okta/docs/NetworkZoneType.md
new file mode 100644
index 000000000..04116370f
--- /dev/null
+++ b/okta/docs/NetworkZoneType.md
@@ -0,0 +1,13 @@
+# NetworkZoneType
+
+## Enum
+
+
+* `DYNAMIC` (value: `"DYNAMIC"`)
+
+* `IP` (value: `"IP"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NetworkZoneUsage.md b/okta/docs/NetworkZoneUsage.md
new file mode 100644
index 000000000..093f6046f
--- /dev/null
+++ b/okta/docs/NetworkZoneUsage.md
@@ -0,0 +1,13 @@
+# NetworkZoneUsage
+
+## Enum
+
+
+* `BLOCKLIST` (value: `"BLOCKLIST"`)
+
+* `POLICY` (value: `"POLICY"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/NotificationType.md b/okta/docs/NotificationType.md
new file mode 100644
index 000000000..bc61d4951
--- /dev/null
+++ b/okta/docs/NotificationType.md
@@ -0,0 +1,35 @@
+# NotificationType
+
+## Enum
+
+
+* `AD_AGENT` (value: `"AD_AGENT"`)
+
+* `APP_IMPORT` (value: `"APP_IMPORT"`)
+
+* `CONNECTOR_AGENT` (value: `"CONNECTOR_AGENT"`)
+
+* `IWA_AGENT` (value: `"IWA_AGENT"`)
+
+* `LDAP_AGENT` (value: `"LDAP_AGENT"`)
+
+* `OKTA_ANNOUNCEMENT` (value: `"OKTA_ANNOUNCEMENT"`)
+
+* `OKTA_ISSUE` (value: `"OKTA_ISSUE"`)
+
+* `OKTA_UPDATE` (value: `"OKTA_UPDATE"`)
+
+* `RATELIMIT_NOTIFICATION` (value: `"RATELIMIT_NOTIFICATION"`)
+
+* `REPORT_SUSPICIOUS_ACTIVITY` (value: `"REPORT_SUSPICIOUS_ACTIVITY"`)
+
+* `USER_DEPROVISION` (value: `"USER_DEPROVISION"`)
+
+* `USER_LOCKED_OUT` (value: `"USER_LOCKED_OUT"`)
+
+* `AGENT_AUTO_UPDATE_NOTIFICATION` (value: `"AGENT_AUTO_UPDATE_NOTIFICATION"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2Actor.md b/okta/docs/OAuth2Actor.md
new file mode 100644
index 000000000..d6b764421
--- /dev/null
+++ b/okta/docs/OAuth2Actor.md
@@ -0,0 +1,82 @@
+# OAuth2Actor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewOAuth2Actor
+
+`func NewOAuth2Actor() *OAuth2Actor`
+
+NewOAuth2Actor instantiates a new OAuth2Actor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ActorWithDefaults
+
+`func NewOAuth2ActorWithDefaults() *OAuth2Actor`
+
+NewOAuth2ActorWithDefaults instantiates a new OAuth2Actor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *OAuth2Actor) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *OAuth2Actor) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *OAuth2Actor) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *OAuth2Actor) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *OAuth2Actor) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *OAuth2Actor) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *OAuth2Actor) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *OAuth2Actor) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2Claim.md b/okta/docs/OAuth2Claim.md
new file mode 100644
index 000000000..aa9cc0526
--- /dev/null
+++ b/okta/docs/OAuth2Claim.md
@@ -0,0 +1,316 @@
+# OAuth2Claim
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AlwaysIncludeInToken** | Pointer to **bool** |  | [optional] 
+**ClaimType** | Pointer to [**OAuth2ClaimType**](OAuth2ClaimType.md) |  | [optional] 
+**Conditions** | Pointer to [**OAuth2ClaimConditions**](OAuth2ClaimConditions.md) |  | [optional] 
+**GroupFilterType** | Pointer to [**OAuth2ClaimGroupFilterType**](OAuth2ClaimGroupFilterType.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | Pointer to **bool** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+**ValueType** | Pointer to [**OAuth2ClaimValueType**](OAuth2ClaimValueType.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewOAuth2Claim
+
+`func NewOAuth2Claim() *OAuth2Claim`
+
+NewOAuth2Claim instantiates a new OAuth2Claim object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ClaimWithDefaults
+
+`func NewOAuth2ClaimWithDefaults() *OAuth2Claim`
+
+NewOAuth2ClaimWithDefaults instantiates a new OAuth2Claim object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlwaysIncludeInToken
+
+`func (o *OAuth2Claim) GetAlwaysIncludeInToken() bool`
+
+GetAlwaysIncludeInToken returns the AlwaysIncludeInToken field if non-nil, zero value otherwise.
+
+### GetAlwaysIncludeInTokenOk
+
+`func (o *OAuth2Claim) GetAlwaysIncludeInTokenOk() (*bool, bool)`
+
+GetAlwaysIncludeInTokenOk returns a tuple with the AlwaysIncludeInToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlwaysIncludeInToken
+
+`func (o *OAuth2Claim) SetAlwaysIncludeInToken(v bool)`
+
+SetAlwaysIncludeInToken sets AlwaysIncludeInToken field to given value.
+
+### HasAlwaysIncludeInToken
+
+`func (o *OAuth2Claim) HasAlwaysIncludeInToken() bool`
+
+HasAlwaysIncludeInToken returns a boolean if a field has been set.
+
+### GetClaimType
+
+`func (o *OAuth2Claim) GetClaimType() OAuth2ClaimType`
+
+GetClaimType returns the ClaimType field if non-nil, zero value otherwise.
+
+### GetClaimTypeOk
+
+`func (o *OAuth2Claim) GetClaimTypeOk() (*OAuth2ClaimType, bool)`
+
+GetClaimTypeOk returns a tuple with the ClaimType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClaimType
+
+`func (o *OAuth2Claim) SetClaimType(v OAuth2ClaimType)`
+
+SetClaimType sets ClaimType field to given value.
+
+### HasClaimType
+
+`func (o *OAuth2Claim) HasClaimType() bool`
+
+HasClaimType returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *OAuth2Claim) GetConditions() OAuth2ClaimConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *OAuth2Claim) GetConditionsOk() (*OAuth2ClaimConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *OAuth2Claim) SetConditions(v OAuth2ClaimConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *OAuth2Claim) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetGroupFilterType
+
+`func (o *OAuth2Claim) GetGroupFilterType() OAuth2ClaimGroupFilterType`
+
+GetGroupFilterType returns the GroupFilterType field if non-nil, zero value otherwise.
+
+### GetGroupFilterTypeOk
+
+`func (o *OAuth2Claim) GetGroupFilterTypeOk() (*OAuth2ClaimGroupFilterType, bool)`
+
+GetGroupFilterTypeOk returns a tuple with the GroupFilterType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroupFilterType
+
+`func (o *OAuth2Claim) SetGroupFilterType(v OAuth2ClaimGroupFilterType)`
+
+SetGroupFilterType sets GroupFilterType field to given value.
+
+### HasGroupFilterType
+
+`func (o *OAuth2Claim) HasGroupFilterType() bool`
+
+HasGroupFilterType returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *OAuth2Claim) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *OAuth2Claim) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *OAuth2Claim) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *OAuth2Claim) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *OAuth2Claim) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *OAuth2Claim) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *OAuth2Claim) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *OAuth2Claim) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *OAuth2Claim) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *OAuth2Claim) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *OAuth2Claim) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *OAuth2Claim) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetSystem
+
+`func (o *OAuth2Claim) GetSystem() bool`
+
+GetSystem returns the System field if non-nil, zero value otherwise.
+
+### GetSystemOk
+
+`func (o *OAuth2Claim) GetSystemOk() (*bool, bool)`
+
+GetSystemOk returns a tuple with the System field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSystem
+
+`func (o *OAuth2Claim) SetSystem(v bool)`
+
+SetSystem sets System field to given value.
+
+### HasSystem
+
+`func (o *OAuth2Claim) HasSystem() bool`
+
+HasSystem returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *OAuth2Claim) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *OAuth2Claim) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *OAuth2Claim) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *OAuth2Claim) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+### GetValueType
+
+`func (o *OAuth2Claim) GetValueType() OAuth2ClaimValueType`
+
+GetValueType returns the ValueType field if non-nil, zero value otherwise.
+
+### GetValueTypeOk
+
+`func (o *OAuth2Claim) GetValueTypeOk() (*OAuth2ClaimValueType, bool)`
+
+GetValueTypeOk returns a tuple with the ValueType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValueType
+
+`func (o *OAuth2Claim) SetValueType(v OAuth2ClaimValueType)`
+
+SetValueType sets ValueType field to given value.
+
+### HasValueType
+
+`func (o *OAuth2Claim) HasValueType() bool`
+
+HasValueType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OAuth2Claim) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OAuth2Claim) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OAuth2Claim) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OAuth2Claim) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ClaimConditions.md b/okta/docs/OAuth2ClaimConditions.md
new file mode 100644
index 000000000..b94f53944
--- /dev/null
+++ b/okta/docs/OAuth2ClaimConditions.md
@@ -0,0 +1,56 @@
+# OAuth2ClaimConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Scopes** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewOAuth2ClaimConditions
+
+`func NewOAuth2ClaimConditions() *OAuth2ClaimConditions`
+
+NewOAuth2ClaimConditions instantiates a new OAuth2ClaimConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ClaimConditionsWithDefaults
+
+`func NewOAuth2ClaimConditionsWithDefaults() *OAuth2ClaimConditions`
+
+NewOAuth2ClaimConditionsWithDefaults instantiates a new OAuth2ClaimConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetScopes
+
+`func (o *OAuth2ClaimConditions) GetScopes() []string`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *OAuth2ClaimConditions) GetScopesOk() (*[]string, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *OAuth2ClaimConditions) SetScopes(v []string)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *OAuth2ClaimConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ClaimGroupFilterType.md b/okta/docs/OAuth2ClaimGroupFilterType.md
new file mode 100644
index 000000000..ff003ca3b
--- /dev/null
+++ b/okta/docs/OAuth2ClaimGroupFilterType.md
@@ -0,0 +1,17 @@
+# OAuth2ClaimGroupFilterType
+
+## Enum
+
+
+* `CONTAINS` (value: `"CONTAINS"`)
+
+* `EQUALS` (value: `"EQUALS"`)
+
+* `REGEX` (value: `"REGEX"`)
+
+* `STARTS_WITH` (value: `"STARTS_WITH"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ClaimType.md b/okta/docs/OAuth2ClaimType.md
new file mode 100644
index 000000000..8eca84ff8
--- /dev/null
+++ b/okta/docs/OAuth2ClaimType.md
@@ -0,0 +1,13 @@
+# OAuth2ClaimType
+
+## Enum
+
+
+* `IDENTITY` (value: `"IDENTITY"`)
+
+* `RESOURCE` (value: `"RESOURCE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ClaimValueType.md b/okta/docs/OAuth2ClaimValueType.md
new file mode 100644
index 000000000..d5b79900e
--- /dev/null
+++ b/okta/docs/OAuth2ClaimValueType.md
@@ -0,0 +1,15 @@
+# OAuth2ClaimValueType
+
+## Enum
+
+
+* `EXPRESSION` (value: `"EXPRESSION"`)
+
+* `GROUPS` (value: `"GROUPS"`)
+
+* `SYSTEM` (value: `"SYSTEM"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2Client.md b/okta/docs/OAuth2Client.md
new file mode 100644
index 000000000..a378105f4
--- /dev/null
+++ b/okta/docs/OAuth2Client.md
@@ -0,0 +1,160 @@
+# OAuth2Client
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientId** | Pointer to **string** |  | [optional] [readonly] 
+**ClientName** | Pointer to **string** |  | [optional] [readonly] 
+**ClientUri** | Pointer to **string** |  | [optional] [readonly] 
+**LogoUri** | Pointer to **string** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewOAuth2Client
+
+`func NewOAuth2Client() *OAuth2Client`
+
+NewOAuth2Client instantiates a new OAuth2Client object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ClientWithDefaults
+
+`func NewOAuth2ClientWithDefaults() *OAuth2Client`
+
+NewOAuth2ClientWithDefaults instantiates a new OAuth2Client object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClientId
+
+`func (o *OAuth2Client) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *OAuth2Client) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *OAuth2Client) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *OAuth2Client) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetClientName
+
+`func (o *OAuth2Client) GetClientName() string`
+
+GetClientName returns the ClientName field if non-nil, zero value otherwise.
+
+### GetClientNameOk
+
+`func (o *OAuth2Client) GetClientNameOk() (*string, bool)`
+
+GetClientNameOk returns a tuple with the ClientName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientName
+
+`func (o *OAuth2Client) SetClientName(v string)`
+
+SetClientName sets ClientName field to given value.
+
+### HasClientName
+
+`func (o *OAuth2Client) HasClientName() bool`
+
+HasClientName returns a boolean if a field has been set.
+
+### GetClientUri
+
+`func (o *OAuth2Client) GetClientUri() string`
+
+GetClientUri returns the ClientUri field if non-nil, zero value otherwise.
+
+### GetClientUriOk
+
+`func (o *OAuth2Client) GetClientUriOk() (*string, bool)`
+
+GetClientUriOk returns a tuple with the ClientUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientUri
+
+`func (o *OAuth2Client) SetClientUri(v string)`
+
+SetClientUri sets ClientUri field to given value.
+
+### HasClientUri
+
+`func (o *OAuth2Client) HasClientUri() bool`
+
+HasClientUri returns a boolean if a field has been set.
+
+### GetLogoUri
+
+`func (o *OAuth2Client) GetLogoUri() string`
+
+GetLogoUri returns the LogoUri field if non-nil, zero value otherwise.
+
+### GetLogoUriOk
+
+`func (o *OAuth2Client) GetLogoUriOk() (*string, bool)`
+
+GetLogoUriOk returns a tuple with the LogoUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogoUri
+
+`func (o *OAuth2Client) SetLogoUri(v string)`
+
+SetLogoUri sets LogoUri field to given value.
+
+### HasLogoUri
+
+`func (o *OAuth2Client) HasLogoUri() bool`
+
+HasLogoUri returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OAuth2Client) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OAuth2Client) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OAuth2Client) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OAuth2Client) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2RefreshToken.md b/okta/docs/OAuth2RefreshToken.md
new file mode 100644
index 000000000..326ac2fb8
--- /dev/null
+++ b/okta/docs/OAuth2RefreshToken.md
@@ -0,0 +1,342 @@
+# OAuth2RefreshToken
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientId** | Pointer to **string** |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**CreatedBy** | Pointer to [**OAuth2Actor**](OAuth2Actor.md) |  | [optional] 
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Issuer** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Scopes** | Pointer to **[]string** |  | [optional] 
+**Status** | Pointer to [**GrantOrTokenStatus**](GrantOrTokenStatus.md) |  | [optional] 
+**UserId** | Pointer to **string** |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewOAuth2RefreshToken
+
+`func NewOAuth2RefreshToken() *OAuth2RefreshToken`
+
+NewOAuth2RefreshToken instantiates a new OAuth2RefreshToken object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2RefreshTokenWithDefaults
+
+`func NewOAuth2RefreshTokenWithDefaults() *OAuth2RefreshToken`
+
+NewOAuth2RefreshTokenWithDefaults instantiates a new OAuth2RefreshToken object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClientId
+
+`func (o *OAuth2RefreshToken) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *OAuth2RefreshToken) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *OAuth2RefreshToken) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *OAuth2RefreshToken) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *OAuth2RefreshToken) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *OAuth2RefreshToken) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *OAuth2RefreshToken) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *OAuth2RefreshToken) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCreatedBy
+
+`func (o *OAuth2RefreshToken) GetCreatedBy() OAuth2Actor`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *OAuth2RefreshToken) GetCreatedByOk() (*OAuth2Actor, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *OAuth2RefreshToken) SetCreatedBy(v OAuth2Actor)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *OAuth2RefreshToken) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetExpiresAt
+
+`func (o *OAuth2RefreshToken) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *OAuth2RefreshToken) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *OAuth2RefreshToken) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *OAuth2RefreshToken) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *OAuth2RefreshToken) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *OAuth2RefreshToken) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *OAuth2RefreshToken) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *OAuth2RefreshToken) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *OAuth2RefreshToken) GetIssuer() string`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *OAuth2RefreshToken) GetIssuerOk() (*string, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *OAuth2RefreshToken) SetIssuer(v string)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *OAuth2RefreshToken) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *OAuth2RefreshToken) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *OAuth2RefreshToken) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *OAuth2RefreshToken) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *OAuth2RefreshToken) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *OAuth2RefreshToken) GetScopes() []string`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *OAuth2RefreshToken) GetScopesOk() (*[]string, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *OAuth2RefreshToken) SetScopes(v []string)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *OAuth2RefreshToken) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *OAuth2RefreshToken) GetStatus() GrantOrTokenStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *OAuth2RefreshToken) GetStatusOk() (*GrantOrTokenStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *OAuth2RefreshToken) SetStatus(v GrantOrTokenStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *OAuth2RefreshToken) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetUserId
+
+`func (o *OAuth2RefreshToken) GetUserId() string`
+
+GetUserId returns the UserId field if non-nil, zero value otherwise.
+
+### GetUserIdOk
+
+`func (o *OAuth2RefreshToken) GetUserIdOk() (*string, bool)`
+
+GetUserIdOk returns a tuple with the UserId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserId
+
+`func (o *OAuth2RefreshToken) SetUserId(v string)`
+
+SetUserId sets UserId field to given value.
+
+### HasUserId
+
+`func (o *OAuth2RefreshToken) HasUserId() bool`
+
+HasUserId returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *OAuth2RefreshToken) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *OAuth2RefreshToken) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *OAuth2RefreshToken) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *OAuth2RefreshToken) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OAuth2RefreshToken) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OAuth2RefreshToken) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OAuth2RefreshToken) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OAuth2RefreshToken) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2Scope.md b/okta/docs/OAuth2Scope.md
new file mode 100644
index 000000000..ce2a310b6
--- /dev/null
+++ b/okta/docs/OAuth2Scope.md
@@ -0,0 +1,238 @@
+# OAuth2Scope
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Consent** | Pointer to [**OAuth2ScopeConsentType**](OAuth2ScopeConsentType.md) |  | [optional] 
+**Default** | Pointer to **bool** |  | [optional] 
+**Description** | Pointer to **string** |  | [optional] 
+**DisplayName** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**MetadataPublish** | Pointer to [**OAuth2ScopeMetadataPublish**](OAuth2ScopeMetadataPublish.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**System** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewOAuth2Scope
+
+`func NewOAuth2Scope() *OAuth2Scope`
+
+NewOAuth2Scope instantiates a new OAuth2Scope object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ScopeWithDefaults
+
+`func NewOAuth2ScopeWithDefaults() *OAuth2Scope`
+
+NewOAuth2ScopeWithDefaults instantiates a new OAuth2Scope object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConsent
+
+`func (o *OAuth2Scope) GetConsent() OAuth2ScopeConsentType`
+
+GetConsent returns the Consent field if non-nil, zero value otherwise.
+
+### GetConsentOk
+
+`func (o *OAuth2Scope) GetConsentOk() (*OAuth2ScopeConsentType, bool)`
+
+GetConsentOk returns a tuple with the Consent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConsent
+
+`func (o *OAuth2Scope) SetConsent(v OAuth2ScopeConsentType)`
+
+SetConsent sets Consent field to given value.
+
+### HasConsent
+
+`func (o *OAuth2Scope) HasConsent() bool`
+
+HasConsent returns a boolean if a field has been set.
+
+### GetDefault
+
+`func (o *OAuth2Scope) GetDefault() bool`
+
+GetDefault returns the Default field if non-nil, zero value otherwise.
+
+### GetDefaultOk
+
+`func (o *OAuth2Scope) GetDefaultOk() (*bool, bool)`
+
+GetDefaultOk returns a tuple with the Default field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefault
+
+`func (o *OAuth2Scope) SetDefault(v bool)`
+
+SetDefault sets Default field to given value.
+
+### HasDefault
+
+`func (o *OAuth2Scope) HasDefault() bool`
+
+HasDefault returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *OAuth2Scope) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *OAuth2Scope) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *OAuth2Scope) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *OAuth2Scope) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *OAuth2Scope) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *OAuth2Scope) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *OAuth2Scope) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *OAuth2Scope) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *OAuth2Scope) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *OAuth2Scope) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *OAuth2Scope) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *OAuth2Scope) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetMetadataPublish
+
+`func (o *OAuth2Scope) GetMetadataPublish() OAuth2ScopeMetadataPublish`
+
+GetMetadataPublish returns the MetadataPublish field if non-nil, zero value otherwise.
+
+### GetMetadataPublishOk
+
+`func (o *OAuth2Scope) GetMetadataPublishOk() (*OAuth2ScopeMetadataPublish, bool)`
+
+GetMetadataPublishOk returns a tuple with the MetadataPublish field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMetadataPublish
+
+`func (o *OAuth2Scope) SetMetadataPublish(v OAuth2ScopeMetadataPublish)`
+
+SetMetadataPublish sets MetadataPublish field to given value.
+
+### HasMetadataPublish
+
+`func (o *OAuth2Scope) HasMetadataPublish() bool`
+
+HasMetadataPublish returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *OAuth2Scope) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *OAuth2Scope) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *OAuth2Scope) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *OAuth2Scope) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSystem
+
+`func (o *OAuth2Scope) GetSystem() bool`
+
+GetSystem returns the System field if non-nil, zero value otherwise.
+
+### GetSystemOk
+
+`func (o *OAuth2Scope) GetSystemOk() (*bool, bool)`
+
+GetSystemOk returns a tuple with the System field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSystem
+
+`func (o *OAuth2Scope) SetSystem(v bool)`
+
+SetSystem sets System field to given value.
+
+### HasSystem
+
+`func (o *OAuth2Scope) HasSystem() bool`
+
+HasSystem returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ScopeConsentGrant.md b/okta/docs/OAuth2ScopeConsentGrant.md
new file mode 100644
index 000000000..de2ab6cf6
--- /dev/null
+++ b/okta/docs/OAuth2ScopeConsentGrant.md
@@ -0,0 +1,342 @@
+# OAuth2ScopeConsentGrant
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientId** | Pointer to **string** |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**CreatedBy** | Pointer to [**OAuth2Actor**](OAuth2Actor.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Issuer** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**ScopeId** | Pointer to **string** |  | [optional] 
+**Source** | Pointer to [**OAuth2ScopeConsentGrantSource**](OAuth2ScopeConsentGrantSource.md) |  | [optional] 
+**Status** | Pointer to [**GrantOrTokenStatus**](GrantOrTokenStatus.md) |  | [optional] 
+**UserId** | Pointer to **string** |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewOAuth2ScopeConsentGrant
+
+`func NewOAuth2ScopeConsentGrant() *OAuth2ScopeConsentGrant`
+
+NewOAuth2ScopeConsentGrant instantiates a new OAuth2ScopeConsentGrant object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ScopeConsentGrantWithDefaults
+
+`func NewOAuth2ScopeConsentGrantWithDefaults() *OAuth2ScopeConsentGrant`
+
+NewOAuth2ScopeConsentGrantWithDefaults instantiates a new OAuth2ScopeConsentGrant object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClientId
+
+`func (o *OAuth2ScopeConsentGrant) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *OAuth2ScopeConsentGrant) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *OAuth2ScopeConsentGrant) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *OAuth2ScopeConsentGrant) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *OAuth2ScopeConsentGrant) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *OAuth2ScopeConsentGrant) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *OAuth2ScopeConsentGrant) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *OAuth2ScopeConsentGrant) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCreatedBy
+
+`func (o *OAuth2ScopeConsentGrant) GetCreatedBy() OAuth2Actor`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *OAuth2ScopeConsentGrant) GetCreatedByOk() (*OAuth2Actor, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *OAuth2ScopeConsentGrant) SetCreatedBy(v OAuth2Actor)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *OAuth2ScopeConsentGrant) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *OAuth2ScopeConsentGrant) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *OAuth2ScopeConsentGrant) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *OAuth2ScopeConsentGrant) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *OAuth2ScopeConsentGrant) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *OAuth2ScopeConsentGrant) GetIssuer() string`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *OAuth2ScopeConsentGrant) GetIssuerOk() (*string, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *OAuth2ScopeConsentGrant) SetIssuer(v string)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *OAuth2ScopeConsentGrant) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *OAuth2ScopeConsentGrant) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *OAuth2ScopeConsentGrant) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *OAuth2ScopeConsentGrant) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *OAuth2ScopeConsentGrant) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetScopeId
+
+`func (o *OAuth2ScopeConsentGrant) GetScopeId() string`
+
+GetScopeId returns the ScopeId field if non-nil, zero value otherwise.
+
+### GetScopeIdOk
+
+`func (o *OAuth2ScopeConsentGrant) GetScopeIdOk() (*string, bool)`
+
+GetScopeIdOk returns a tuple with the ScopeId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopeId
+
+`func (o *OAuth2ScopeConsentGrant) SetScopeId(v string)`
+
+SetScopeId sets ScopeId field to given value.
+
+### HasScopeId
+
+`func (o *OAuth2ScopeConsentGrant) HasScopeId() bool`
+
+HasScopeId returns a boolean if a field has been set.
+
+### GetSource
+
+`func (o *OAuth2ScopeConsentGrant) GetSource() OAuth2ScopeConsentGrantSource`
+
+GetSource returns the Source field if non-nil, zero value otherwise.
+
+### GetSourceOk
+
+`func (o *OAuth2ScopeConsentGrant) GetSourceOk() (*OAuth2ScopeConsentGrantSource, bool)`
+
+GetSourceOk returns a tuple with the Source field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSource
+
+`func (o *OAuth2ScopeConsentGrant) SetSource(v OAuth2ScopeConsentGrantSource)`
+
+SetSource sets Source field to given value.
+
+### HasSource
+
+`func (o *OAuth2ScopeConsentGrant) HasSource() bool`
+
+HasSource returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *OAuth2ScopeConsentGrant) GetStatus() GrantOrTokenStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *OAuth2ScopeConsentGrant) GetStatusOk() (*GrantOrTokenStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *OAuth2ScopeConsentGrant) SetStatus(v GrantOrTokenStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *OAuth2ScopeConsentGrant) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetUserId
+
+`func (o *OAuth2ScopeConsentGrant) GetUserId() string`
+
+GetUserId returns the UserId field if non-nil, zero value otherwise.
+
+### GetUserIdOk
+
+`func (o *OAuth2ScopeConsentGrant) GetUserIdOk() (*string, bool)`
+
+GetUserIdOk returns a tuple with the UserId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserId
+
+`func (o *OAuth2ScopeConsentGrant) SetUserId(v string)`
+
+SetUserId sets UserId field to given value.
+
+### HasUserId
+
+`func (o *OAuth2ScopeConsentGrant) HasUserId() bool`
+
+HasUserId returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *OAuth2ScopeConsentGrant) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *OAuth2ScopeConsentGrant) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *OAuth2ScopeConsentGrant) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *OAuth2ScopeConsentGrant) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OAuth2ScopeConsentGrant) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OAuth2ScopeConsentGrant) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OAuth2ScopeConsentGrant) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OAuth2ScopeConsentGrant) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ScopeConsentGrantSource.md b/okta/docs/OAuth2ScopeConsentGrantSource.md
new file mode 100644
index 000000000..91dfcbded
--- /dev/null
+++ b/okta/docs/OAuth2ScopeConsentGrantSource.md
@@ -0,0 +1,13 @@
+# OAuth2ScopeConsentGrantSource
+
+## Enum
+
+
+* `ADMIN` (value: `"ADMIN"`)
+
+* `END_USER` (value: `"END_USER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ScopeConsentType.md b/okta/docs/OAuth2ScopeConsentType.md
new file mode 100644
index 000000000..1bb321541
--- /dev/null
+++ b/okta/docs/OAuth2ScopeConsentType.md
@@ -0,0 +1,15 @@
+# OAuth2ScopeConsentType
+
+## Enum
+
+
+* `ADMIN` (value: `"ADMIN"`)
+
+* `IMPLICIT` (value: `"IMPLICIT"`)
+
+* `REQUIRED` (value: `"REQUIRED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ScopeMetadataPublish.md b/okta/docs/OAuth2ScopeMetadataPublish.md
new file mode 100644
index 000000000..a7099d59d
--- /dev/null
+++ b/okta/docs/OAuth2ScopeMetadataPublish.md
@@ -0,0 +1,13 @@
+# OAuth2ScopeMetadataPublish
+
+## Enum
+
+
+* `ALL_CLIENTS` (value: `"ALL_CLIENTS"`)
+
+* `NO_CLIENTS` (value: `"NO_CLIENTS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2ScopesMediationPolicyRuleCondition.md b/okta/docs/OAuth2ScopesMediationPolicyRuleCondition.md
new file mode 100644
index 000000000..51051167d
--- /dev/null
+++ b/okta/docs/OAuth2ScopesMediationPolicyRuleCondition.md
@@ -0,0 +1,56 @@
+# OAuth2ScopesMediationPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewOAuth2ScopesMediationPolicyRuleCondition
+
+`func NewOAuth2ScopesMediationPolicyRuleCondition() *OAuth2ScopesMediationPolicyRuleCondition`
+
+NewOAuth2ScopesMediationPolicyRuleCondition instantiates a new OAuth2ScopesMediationPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2ScopesMediationPolicyRuleConditionWithDefaults
+
+`func NewOAuth2ScopesMediationPolicyRuleConditionWithDefaults() *OAuth2ScopesMediationPolicyRuleCondition`
+
+NewOAuth2ScopesMediationPolicyRuleConditionWithDefaults instantiates a new OAuth2ScopesMediationPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInclude
+
+`func (o *OAuth2ScopesMediationPolicyRuleCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *OAuth2ScopesMediationPolicyRuleCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *OAuth2ScopesMediationPolicyRuleCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *OAuth2ScopesMediationPolicyRuleCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuth2Token.md b/okta/docs/OAuth2Token.md
new file mode 100644
index 000000000..8318ad518
--- /dev/null
+++ b/okta/docs/OAuth2Token.md
@@ -0,0 +1,316 @@
+# OAuth2Token
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ClientId** | Pointer to **string** |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Issuer** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Scopes** | Pointer to **[]string** |  | [optional] 
+**Status** | Pointer to [**GrantOrTokenStatus**](GrantOrTokenStatus.md) |  | [optional] 
+**UserId** | Pointer to **string** |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewOAuth2Token
+
+`func NewOAuth2Token() *OAuth2Token`
+
+NewOAuth2Token instantiates a new OAuth2Token object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuth2TokenWithDefaults
+
+`func NewOAuth2TokenWithDefaults() *OAuth2Token`
+
+NewOAuth2TokenWithDefaults instantiates a new OAuth2Token object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetClientId
+
+`func (o *OAuth2Token) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *OAuth2Token) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *OAuth2Token) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+### HasClientId
+
+`func (o *OAuth2Token) HasClientId() bool`
+
+HasClientId returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *OAuth2Token) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *OAuth2Token) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *OAuth2Token) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *OAuth2Token) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetExpiresAt
+
+`func (o *OAuth2Token) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *OAuth2Token) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *OAuth2Token) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *OAuth2Token) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *OAuth2Token) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *OAuth2Token) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *OAuth2Token) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *OAuth2Token) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *OAuth2Token) GetIssuer() string`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *OAuth2Token) GetIssuerOk() (*string, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *OAuth2Token) SetIssuer(v string)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *OAuth2Token) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *OAuth2Token) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *OAuth2Token) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *OAuth2Token) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *OAuth2Token) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *OAuth2Token) GetScopes() []string`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *OAuth2Token) GetScopesOk() (*[]string, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *OAuth2Token) SetScopes(v []string)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *OAuth2Token) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *OAuth2Token) GetStatus() GrantOrTokenStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *OAuth2Token) GetStatusOk() (*GrantOrTokenStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *OAuth2Token) SetStatus(v GrantOrTokenStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *OAuth2Token) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetUserId
+
+`func (o *OAuth2Token) GetUserId() string`
+
+GetUserId returns the UserId field if non-nil, zero value otherwise.
+
+### GetUserIdOk
+
+`func (o *OAuth2Token) GetUserIdOk() (*string, bool)`
+
+GetUserIdOk returns a tuple with the UserId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserId
+
+`func (o *OAuth2Token) SetUserId(v string)`
+
+SetUserId sets UserId field to given value.
+
+### HasUserId
+
+`func (o *OAuth2Token) HasUserId() bool`
+
+HasUserId returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *OAuth2Token) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *OAuth2Token) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *OAuth2Token) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *OAuth2Token) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OAuth2Token) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OAuth2Token) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OAuth2Token) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OAuth2Token) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuthApplicationCredentials.md b/okta/docs/OAuthApplicationCredentials.md
new file mode 100644
index 000000000..0a5073ea1
--- /dev/null
+++ b/okta/docs/OAuthApplicationCredentials.md
@@ -0,0 +1,108 @@
+# OAuthApplicationCredentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Signing** | Pointer to [**ApplicationCredentialsSigning**](ApplicationCredentialsSigning.md) |  | [optional] 
+**UserNameTemplate** | Pointer to [**ApplicationCredentialsUsernameTemplate**](ApplicationCredentialsUsernameTemplate.md) |  | [optional] 
+**OauthClient** | Pointer to [**ApplicationCredentialsOAuthClient**](ApplicationCredentialsOAuthClient.md) |  | [optional] 
+
+## Methods
+
+### NewOAuthApplicationCredentials
+
+`func NewOAuthApplicationCredentials() *OAuthApplicationCredentials`
+
+NewOAuthApplicationCredentials instantiates a new OAuthApplicationCredentials object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuthApplicationCredentialsWithDefaults
+
+`func NewOAuthApplicationCredentialsWithDefaults() *OAuthApplicationCredentials`
+
+NewOAuthApplicationCredentialsWithDefaults instantiates a new OAuthApplicationCredentials object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSigning
+
+`func (o *OAuthApplicationCredentials) GetSigning() ApplicationCredentialsSigning`
+
+GetSigning returns the Signing field if non-nil, zero value otherwise.
+
+### GetSigningOk
+
+`func (o *OAuthApplicationCredentials) GetSigningOk() (*ApplicationCredentialsSigning, bool)`
+
+GetSigningOk returns a tuple with the Signing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSigning
+
+`func (o *OAuthApplicationCredentials) SetSigning(v ApplicationCredentialsSigning)`
+
+SetSigning sets Signing field to given value.
+
+### HasSigning
+
+`func (o *OAuthApplicationCredentials) HasSigning() bool`
+
+HasSigning returns a boolean if a field has been set.
+
+### GetUserNameTemplate
+
+`func (o *OAuthApplicationCredentials) GetUserNameTemplate() ApplicationCredentialsUsernameTemplate`
+
+GetUserNameTemplate returns the UserNameTemplate field if non-nil, zero value otherwise.
+
+### GetUserNameTemplateOk
+
+`func (o *OAuthApplicationCredentials) GetUserNameTemplateOk() (*ApplicationCredentialsUsernameTemplate, bool)`
+
+GetUserNameTemplateOk returns a tuple with the UserNameTemplate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserNameTemplate
+
+`func (o *OAuthApplicationCredentials) SetUserNameTemplate(v ApplicationCredentialsUsernameTemplate)`
+
+SetUserNameTemplate sets UserNameTemplate field to given value.
+
+### HasUserNameTemplate
+
+`func (o *OAuthApplicationCredentials) HasUserNameTemplate() bool`
+
+HasUserNameTemplate returns a boolean if a field has been set.
+
+### GetOauthClient
+
+`func (o *OAuthApplicationCredentials) GetOauthClient() ApplicationCredentialsOAuthClient`
+
+GetOauthClient returns the OauthClient field if non-nil, zero value otherwise.
+
+### GetOauthClientOk
+
+`func (o *OAuthApplicationCredentials) GetOauthClientOk() (*ApplicationCredentialsOAuthClient, bool)`
+
+GetOauthClientOk returns a tuple with the OauthClient field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauthClient
+
+`func (o *OAuthApplicationCredentials) SetOauthClient(v ApplicationCredentialsOAuthClient)`
+
+SetOauthClient sets OauthClient field to given value.
+
+### HasOauthClient
+
+`func (o *OAuthApplicationCredentials) HasOauthClient() bool`
+
+HasOauthClient returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuthApplicationCredentialsAllOf.md b/okta/docs/OAuthApplicationCredentialsAllOf.md
new file mode 100644
index 000000000..af52c65d2
--- /dev/null
+++ b/okta/docs/OAuthApplicationCredentialsAllOf.md
@@ -0,0 +1,56 @@
+# OAuthApplicationCredentialsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**OauthClient** | Pointer to [**ApplicationCredentialsOAuthClient**](ApplicationCredentialsOAuthClient.md) |  | [optional] 
+
+## Methods
+
+### NewOAuthApplicationCredentialsAllOf
+
+`func NewOAuthApplicationCredentialsAllOf() *OAuthApplicationCredentialsAllOf`
+
+NewOAuthApplicationCredentialsAllOf instantiates a new OAuthApplicationCredentialsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOAuthApplicationCredentialsAllOfWithDefaults
+
+`func NewOAuthApplicationCredentialsAllOfWithDefaults() *OAuthApplicationCredentialsAllOf`
+
+NewOAuthApplicationCredentialsAllOfWithDefaults instantiates a new OAuthApplicationCredentialsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOauthClient
+
+`func (o *OAuthApplicationCredentialsAllOf) GetOauthClient() ApplicationCredentialsOAuthClient`
+
+GetOauthClient returns the OauthClient field if non-nil, zero value otherwise.
+
+### GetOauthClientOk
+
+`func (o *OAuthApplicationCredentialsAllOf) GetOauthClientOk() (*ApplicationCredentialsOAuthClient, bool)`
+
+GetOauthClientOk returns a tuple with the OauthClient field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauthClient
+
+`func (o *OAuthApplicationCredentialsAllOf) SetOauthClient(v ApplicationCredentialsOAuthClient)`
+
+SetOauthClient sets OauthClient field to given value.
+
+### HasOauthClient
+
+`func (o *OAuthApplicationCredentialsAllOf) HasOauthClient() bool`
+
+HasOauthClient returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuthEndpointAuthenticationMethod.md b/okta/docs/OAuthEndpointAuthenticationMethod.md
new file mode 100644
index 000000000..03ce049ce
--- /dev/null
+++ b/okta/docs/OAuthEndpointAuthenticationMethod.md
@@ -0,0 +1,19 @@
+# OAuthEndpointAuthenticationMethod
+
+## Enum
+
+
+* `CLIENT_SECRET_BASIC` (value: `"client_secret_basic"`)
+
+* `CLIENT_SECRET_JWT` (value: `"client_secret_jwt"`)
+
+* `CLIENT_SECRET_POST` (value: `"client_secret_post"`)
+
+* `NONE` (value: `"none"`)
+
+* `PRIVATE_KEY_JWT` (value: `"private_key_jwt"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuthGrantType.md b/okta/docs/OAuthGrantType.md
new file mode 100644
index 000000000..580243e8a
--- /dev/null
+++ b/okta/docs/OAuthGrantType.md
@@ -0,0 +1,27 @@
+# OAuthGrantType
+
+## Enum
+
+
+* `AUTHORIZATION_CODE` (value: `"authorization_code"`)
+
+* `CLIENT_CREDENTIALS` (value: `"client_credentials"`)
+
+* `IMPLICIT` (value: `"implicit"`)
+
+* `INTERACTION_CODE` (value: `"interaction_code"`)
+
+* `PASSWORD` (value: `"password"`)
+
+* `REFRESH_TOKEN` (value: `"refresh_token"`)
+
+* `URNIETFPARAMSOAUTHGRANT_TYPEDEVICE_CODE` (value: `"urn:ietf:params:oauth:grant-type:device_code"`)
+
+* `URNIETFPARAMSOAUTHGRANT_TYPESAML2_BEARER` (value: `"urn:ietf:params:oauth:grant-type:saml2-bearer"`)
+
+* `URNIETFPARAMSOAUTHGRANT_TYPETOKEN_EXCHANGE` (value: `"urn:ietf:params:oauth:grant-type:token-exchange"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OAuthResponseType.md b/okta/docs/OAuthResponseType.md
new file mode 100644
index 000000000..49f4c24ea
--- /dev/null
+++ b/okta/docs/OAuthResponseType.md
@@ -0,0 +1,15 @@
+# OAuthResponseType
+
+## Enum
+
+
+* `CODE` (value: `"code"`)
+
+* `ID_TOKEN` (value: `"id_token"`)
+
+* `TOKEN` (value: `"token"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OSVersion.md b/okta/docs/OSVersion.md
new file mode 100644
index 000000000..0f9fea436
--- /dev/null
+++ b/okta/docs/OSVersion.md
@@ -0,0 +1,56 @@
+# OSVersion
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Minimum** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewOSVersion
+
+`func NewOSVersion() *OSVersion`
+
+NewOSVersion instantiates a new OSVersion object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOSVersionWithDefaults
+
+`func NewOSVersionWithDefaults() *OSVersion`
+
+NewOSVersionWithDefaults instantiates a new OSVersion object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMinimum
+
+`func (o *OSVersion) GetMinimum() string`
+
+GetMinimum returns the Minimum field if non-nil, zero value otherwise.
+
+### GetMinimumOk
+
+`func (o *OSVersion) GetMinimumOk() (*string, bool)`
+
+GetMinimumOk returns a tuple with the Minimum field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinimum
+
+`func (o *OSVersion) SetMinimum(v string)`
+
+SetMinimum sets Minimum field to given value.
+
+### HasMinimum
+
+`func (o *OSVersion) HasMinimum() bool`
+
+HasMinimum returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicy.md b/okta/docs/OktaSignOnPolicy.md
new file mode 100644
index 000000000..78734ac67
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicy.md
@@ -0,0 +1,56 @@
+# OktaSignOnPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**OktaSignOnPolicyConditions**](OktaSignOnPolicyConditions.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicy
+
+`func NewOktaSignOnPolicy() *OktaSignOnPolicy`
+
+NewOktaSignOnPolicy instantiates a new OktaSignOnPolicy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyWithDefaults
+
+`func NewOktaSignOnPolicyWithDefaults() *OktaSignOnPolicy`
+
+NewOktaSignOnPolicyWithDefaults instantiates a new OktaSignOnPolicy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *OktaSignOnPolicy) GetConditions() OktaSignOnPolicyConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *OktaSignOnPolicy) GetConditionsOk() (*OktaSignOnPolicyConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *OktaSignOnPolicy) SetConditions(v OktaSignOnPolicyConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *OktaSignOnPolicy) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyAllOf.md b/okta/docs/OktaSignOnPolicyAllOf.md
new file mode 100644
index 000000000..e00c0d877
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyAllOf.md
@@ -0,0 +1,56 @@
+# OktaSignOnPolicyAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**OktaSignOnPolicyConditions**](OktaSignOnPolicyConditions.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyAllOf
+
+`func NewOktaSignOnPolicyAllOf() *OktaSignOnPolicyAllOf`
+
+NewOktaSignOnPolicyAllOf instantiates a new OktaSignOnPolicyAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyAllOfWithDefaults
+
+`func NewOktaSignOnPolicyAllOfWithDefaults() *OktaSignOnPolicyAllOf`
+
+NewOktaSignOnPolicyAllOfWithDefaults instantiates a new OktaSignOnPolicyAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *OktaSignOnPolicyAllOf) GetConditions() OktaSignOnPolicyConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *OktaSignOnPolicyAllOf) GetConditionsOk() (*OktaSignOnPolicyConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *OktaSignOnPolicyAllOf) SetConditions(v OktaSignOnPolicyConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *OktaSignOnPolicyAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyConditions.md b/okta/docs/OktaSignOnPolicyConditions.md
new file mode 100644
index 000000000..c79f3af96
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyConditions.md
@@ -0,0 +1,576 @@
+# OktaSignOnPolicyConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
+**Apps** | Pointer to [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**BeforeScheduledAction** | Pointer to [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**Context** | Pointer to [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
+**Device** | Pointer to [**DevicePolicyRuleCondition**](DevicePolicyRuleCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**Groups** | Pointer to [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
+**IdentityProvider** | Pointer to [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
+**MdmEnrollment** | Pointer to [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Platform** | Pointer to [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
+**Risk** | Pointer to [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
+**RiskScore** | Pointer to [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+**UserIdentifier** | Pointer to [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
+**UserStatus** | Pointer to [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyConditions
+
+`func NewOktaSignOnPolicyConditions() *OktaSignOnPolicyConditions`
+
+NewOktaSignOnPolicyConditions instantiates a new OktaSignOnPolicyConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyConditionsWithDefaults
+
+`func NewOktaSignOnPolicyConditionsWithDefaults() *OktaSignOnPolicyConditions`
+
+NewOktaSignOnPolicyConditionsWithDefaults instantiates a new OktaSignOnPolicyConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *OktaSignOnPolicyConditions) GetApp() AppAndInstancePolicyRuleCondition`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *OktaSignOnPolicyConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *OktaSignOnPolicyConditions) SetApp(v AppAndInstancePolicyRuleCondition)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *OktaSignOnPolicyConditions) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetApps
+
+`func (o *OktaSignOnPolicyConditions) GetApps() AppInstancePolicyRuleCondition`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *OktaSignOnPolicyConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *OktaSignOnPolicyConditions) SetApps(v AppInstancePolicyRuleCondition)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *OktaSignOnPolicyConditions) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetAuthContext
+
+`func (o *OktaSignOnPolicyConditions) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *OktaSignOnPolicyConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *OktaSignOnPolicyConditions) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *OktaSignOnPolicyConditions) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetAuthProvider
+
+`func (o *OktaSignOnPolicyConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *OktaSignOnPolicyConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *OktaSignOnPolicyConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *OktaSignOnPolicyConditions) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetBeforeScheduledAction
+
+`func (o *OktaSignOnPolicyConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition`
+
+GetBeforeScheduledAction returns the BeforeScheduledAction field if non-nil, zero value otherwise.
+
+### GetBeforeScheduledActionOk
+
+`func (o *OktaSignOnPolicyConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool)`
+
+GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBeforeScheduledAction
+
+`func (o *OktaSignOnPolicyConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition)`
+
+SetBeforeScheduledAction sets BeforeScheduledAction field to given value.
+
+### HasBeforeScheduledAction
+
+`func (o *OktaSignOnPolicyConditions) HasBeforeScheduledAction() bool`
+
+HasBeforeScheduledAction returns a boolean if a field has been set.
+
+### GetClients
+
+`func (o *OktaSignOnPolicyConditions) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *OktaSignOnPolicyConditions) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *OktaSignOnPolicyConditions) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *OktaSignOnPolicyConditions) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetContext
+
+`func (o *OktaSignOnPolicyConditions) GetContext() ContextPolicyRuleCondition`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *OktaSignOnPolicyConditions) GetContextOk() (*ContextPolicyRuleCondition, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *OktaSignOnPolicyConditions) SetContext(v ContextPolicyRuleCondition)`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *OktaSignOnPolicyConditions) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### GetDevice
+
+`func (o *OktaSignOnPolicyConditions) GetDevice() DevicePolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *OktaSignOnPolicyConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *OktaSignOnPolicyConditions) SetDevice(v DevicePolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *OktaSignOnPolicyConditions) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *OktaSignOnPolicyConditions) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *OktaSignOnPolicyConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *OktaSignOnPolicyConditions) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *OktaSignOnPolicyConditions) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *OktaSignOnPolicyConditions) GetGroups() GroupPolicyRuleCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *OktaSignOnPolicyConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *OktaSignOnPolicyConditions) SetGroups(v GroupPolicyRuleCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *OktaSignOnPolicyConditions) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetIdentityProvider
+
+`func (o *OktaSignOnPolicyConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition`
+
+GetIdentityProvider returns the IdentityProvider field if non-nil, zero value otherwise.
+
+### GetIdentityProviderOk
+
+`func (o *OktaSignOnPolicyConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool)`
+
+GetIdentityProviderOk returns a tuple with the IdentityProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityProvider
+
+`func (o *OktaSignOnPolicyConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition)`
+
+SetIdentityProvider sets IdentityProvider field to given value.
+
+### HasIdentityProvider
+
+`func (o *OktaSignOnPolicyConditions) HasIdentityProvider() bool`
+
+HasIdentityProvider returns a boolean if a field has been set.
+
+### GetMdmEnrollment
+
+`func (o *OktaSignOnPolicyConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition`
+
+GetMdmEnrollment returns the MdmEnrollment field if non-nil, zero value otherwise.
+
+### GetMdmEnrollmentOk
+
+`func (o *OktaSignOnPolicyConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool)`
+
+GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMdmEnrollment
+
+`func (o *OktaSignOnPolicyConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition)`
+
+SetMdmEnrollment sets MdmEnrollment field to given value.
+
+### HasMdmEnrollment
+
+`func (o *OktaSignOnPolicyConditions) HasMdmEnrollment() bool`
+
+HasMdmEnrollment returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *OktaSignOnPolicyConditions) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *OktaSignOnPolicyConditions) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *OktaSignOnPolicyConditions) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *OktaSignOnPolicyConditions) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *OktaSignOnPolicyConditions) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *OktaSignOnPolicyConditions) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *OktaSignOnPolicyConditions) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *OktaSignOnPolicyConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *OktaSignOnPolicyConditions) GetPlatform() PlatformPolicyRuleCondition`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *OktaSignOnPolicyConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *OktaSignOnPolicyConditions) SetPlatform(v PlatformPolicyRuleCondition)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *OktaSignOnPolicyConditions) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRisk
+
+`func (o *OktaSignOnPolicyConditions) GetRisk() RiskPolicyRuleCondition`
+
+GetRisk returns the Risk field if non-nil, zero value otherwise.
+
+### GetRiskOk
+
+`func (o *OktaSignOnPolicyConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool)`
+
+GetRiskOk returns a tuple with the Risk field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRisk
+
+`func (o *OktaSignOnPolicyConditions) SetRisk(v RiskPolicyRuleCondition)`
+
+SetRisk sets Risk field to given value.
+
+### HasRisk
+
+`func (o *OktaSignOnPolicyConditions) HasRisk() bool`
+
+HasRisk returns a boolean if a field has been set.
+
+### GetRiskScore
+
+`func (o *OktaSignOnPolicyConditions) GetRiskScore() RiskScorePolicyRuleCondition`
+
+GetRiskScore returns the RiskScore field if non-nil, zero value otherwise.
+
+### GetRiskScoreOk
+
+`func (o *OktaSignOnPolicyConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool)`
+
+GetRiskScoreOk returns a tuple with the RiskScore field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskScore
+
+`func (o *OktaSignOnPolicyConditions) SetRiskScore(v RiskScorePolicyRuleCondition)`
+
+SetRiskScore sets RiskScore field to given value.
+
+### HasRiskScore
+
+`func (o *OktaSignOnPolicyConditions) HasRiskScore() bool`
+
+HasRiskScore returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *OktaSignOnPolicyConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *OktaSignOnPolicyConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *OktaSignOnPolicyConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *OktaSignOnPolicyConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetUserIdentifier
+
+`func (o *OktaSignOnPolicyConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition`
+
+GetUserIdentifier returns the UserIdentifier field if non-nil, zero value otherwise.
+
+### GetUserIdentifierOk
+
+`func (o *OktaSignOnPolicyConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool)`
+
+GetUserIdentifierOk returns a tuple with the UserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserIdentifier
+
+`func (o *OktaSignOnPolicyConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition)`
+
+SetUserIdentifier sets UserIdentifier field to given value.
+
+### HasUserIdentifier
+
+`func (o *OktaSignOnPolicyConditions) HasUserIdentifier() bool`
+
+HasUserIdentifier returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *OktaSignOnPolicyConditions) GetUsers() UserPolicyRuleCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *OktaSignOnPolicyConditions) GetUsersOk() (*UserPolicyRuleCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *OktaSignOnPolicyConditions) SetUsers(v UserPolicyRuleCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *OktaSignOnPolicyConditions) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetUserStatus
+
+`func (o *OktaSignOnPolicyConditions) GetUserStatus() UserStatusPolicyRuleCondition`
+
+GetUserStatus returns the UserStatus field if non-nil, zero value otherwise.
+
+### GetUserStatusOk
+
+`func (o *OktaSignOnPolicyConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool)`
+
+GetUserStatusOk returns a tuple with the UserStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserStatus
+
+`func (o *OktaSignOnPolicyConditions) SetUserStatus(v UserStatusPolicyRuleCondition)`
+
+SetUserStatus sets UserStatus field to given value.
+
+### HasUserStatus
+
+`func (o *OktaSignOnPolicyConditions) HasUserStatus() bool`
+
+HasUserStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyConditionsAllOf.md b/okta/docs/OktaSignOnPolicyConditionsAllOf.md
new file mode 100644
index 000000000..5a15c83d4
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyConditionsAllOf.md
@@ -0,0 +1,56 @@
+# OktaSignOnPolicyConditionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyConditionsAllOf
+
+`func NewOktaSignOnPolicyConditionsAllOf() *OktaSignOnPolicyConditionsAllOf`
+
+NewOktaSignOnPolicyConditionsAllOf instantiates a new OktaSignOnPolicyConditionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyConditionsAllOfWithDefaults
+
+`func NewOktaSignOnPolicyConditionsAllOfWithDefaults() *OktaSignOnPolicyConditionsAllOf`
+
+NewOktaSignOnPolicyConditionsAllOfWithDefaults instantiates a new OktaSignOnPolicyConditionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPeople
+
+`func (o *OktaSignOnPolicyConditionsAllOf) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *OktaSignOnPolicyConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *OktaSignOnPolicyConditionsAllOf) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *OktaSignOnPolicyConditionsAllOf) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyFactorPromptMode.md b/okta/docs/OktaSignOnPolicyFactorPromptMode.md
new file mode 100644
index 000000000..942e7c701
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyFactorPromptMode.md
@@ -0,0 +1,15 @@
+# OktaSignOnPolicyFactorPromptMode
+
+## Enum
+
+
+* `ALWAYS` (value: `"ALWAYS"`)
+
+* `DEVICE` (value: `"DEVICE"`)
+
+* `SESSION` (value: `"SESSION"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRule.md b/okta/docs/OktaSignOnPolicyRule.md
new file mode 100644
index 000000000..e23a2e83d
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRule.md
@@ -0,0 +1,82 @@
+# OktaSignOnPolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**OktaSignOnPolicyRuleActions**](OktaSignOnPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**OktaSignOnPolicyRuleConditions**](OktaSignOnPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyRule
+
+`func NewOktaSignOnPolicyRule() *OktaSignOnPolicyRule`
+
+NewOktaSignOnPolicyRule instantiates a new OktaSignOnPolicyRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleWithDefaults
+
+`func NewOktaSignOnPolicyRuleWithDefaults() *OktaSignOnPolicyRule`
+
+NewOktaSignOnPolicyRuleWithDefaults instantiates a new OktaSignOnPolicyRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *OktaSignOnPolicyRule) GetActions() OktaSignOnPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *OktaSignOnPolicyRule) GetActionsOk() (*OktaSignOnPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *OktaSignOnPolicyRule) SetActions(v OktaSignOnPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *OktaSignOnPolicyRule) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *OktaSignOnPolicyRule) GetConditions() OktaSignOnPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *OktaSignOnPolicyRule) GetConditionsOk() (*OktaSignOnPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *OktaSignOnPolicyRule) SetConditions(v OktaSignOnPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *OktaSignOnPolicyRule) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRuleActions.md b/okta/docs/OktaSignOnPolicyRuleActions.md
new file mode 100644
index 000000000..384564cb5
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRuleActions.md
@@ -0,0 +1,186 @@
+# OktaSignOnPolicyRuleActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enroll** | Pointer to [**PolicyRuleActionsEnroll**](PolicyRuleActionsEnroll.md) |  | [optional] 
+**Idp** | Pointer to [**IdpPolicyRuleAction**](IdpPolicyRuleAction.md) |  | [optional] 
+**PasswordChange** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServicePasswordReset** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServiceUnlock** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**Signon** | Pointer to [**OktaSignOnPolicyRuleSignonActions**](OktaSignOnPolicyRuleSignonActions.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyRuleActions
+
+`func NewOktaSignOnPolicyRuleActions() *OktaSignOnPolicyRuleActions`
+
+NewOktaSignOnPolicyRuleActions instantiates a new OktaSignOnPolicyRuleActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleActionsWithDefaults
+
+`func NewOktaSignOnPolicyRuleActionsWithDefaults() *OktaSignOnPolicyRuleActions`
+
+NewOktaSignOnPolicyRuleActionsWithDefaults instantiates a new OktaSignOnPolicyRuleActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnroll
+
+`func (o *OktaSignOnPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll`
+
+GetEnroll returns the Enroll field if non-nil, zero value otherwise.
+
+### GetEnrollOk
+
+`func (o *OktaSignOnPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool)`
+
+GetEnrollOk returns a tuple with the Enroll field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnroll
+
+`func (o *OktaSignOnPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll)`
+
+SetEnroll sets Enroll field to given value.
+
+### HasEnroll
+
+`func (o *OktaSignOnPolicyRuleActions) HasEnroll() bool`
+
+HasEnroll returns a boolean if a field has been set.
+
+### GetIdp
+
+`func (o *OktaSignOnPolicyRuleActions) GetIdp() IdpPolicyRuleAction`
+
+GetIdp returns the Idp field if non-nil, zero value otherwise.
+
+### GetIdpOk
+
+`func (o *OktaSignOnPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool)`
+
+GetIdpOk returns a tuple with the Idp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdp
+
+`func (o *OktaSignOnPolicyRuleActions) SetIdp(v IdpPolicyRuleAction)`
+
+SetIdp sets Idp field to given value.
+
+### HasIdp
+
+`func (o *OktaSignOnPolicyRuleActions) HasIdp() bool`
+
+HasIdp returns a boolean if a field has been set.
+
+### GetPasswordChange
+
+`func (o *OktaSignOnPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction`
+
+GetPasswordChange returns the PasswordChange field if non-nil, zero value otherwise.
+
+### GetPasswordChangeOk
+
+`func (o *OktaSignOnPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool)`
+
+GetPasswordChangeOk returns a tuple with the PasswordChange field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChange
+
+`func (o *OktaSignOnPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction)`
+
+SetPasswordChange sets PasswordChange field to given value.
+
+### HasPasswordChange
+
+`func (o *OktaSignOnPolicyRuleActions) HasPasswordChange() bool`
+
+HasPasswordChange returns a boolean if a field has been set.
+
+### GetSelfServicePasswordReset
+
+`func (o *OktaSignOnPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction`
+
+GetSelfServicePasswordReset returns the SelfServicePasswordReset field if non-nil, zero value otherwise.
+
+### GetSelfServicePasswordResetOk
+
+`func (o *OktaSignOnPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServicePasswordReset
+
+`func (o *OktaSignOnPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction)`
+
+SetSelfServicePasswordReset sets SelfServicePasswordReset field to given value.
+
+### HasSelfServicePasswordReset
+
+`func (o *OktaSignOnPolicyRuleActions) HasSelfServicePasswordReset() bool`
+
+HasSelfServicePasswordReset returns a boolean if a field has been set.
+
+### GetSelfServiceUnlock
+
+`func (o *OktaSignOnPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction`
+
+GetSelfServiceUnlock returns the SelfServiceUnlock field if non-nil, zero value otherwise.
+
+### GetSelfServiceUnlockOk
+
+`func (o *OktaSignOnPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServiceUnlock
+
+`func (o *OktaSignOnPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction)`
+
+SetSelfServiceUnlock sets SelfServiceUnlock field to given value.
+
+### HasSelfServiceUnlock
+
+`func (o *OktaSignOnPolicyRuleActions) HasSelfServiceUnlock() bool`
+
+HasSelfServiceUnlock returns a boolean if a field has been set.
+
+### GetSignon
+
+`func (o *OktaSignOnPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions`
+
+GetSignon returns the Signon field if non-nil, zero value otherwise.
+
+### GetSignonOk
+
+`func (o *OktaSignOnPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool)`
+
+GetSignonOk returns a tuple with the Signon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignon
+
+`func (o *OktaSignOnPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions)`
+
+SetSignon sets Signon field to given value.
+
+### HasSignon
+
+`func (o *OktaSignOnPolicyRuleActions) HasSignon() bool`
+
+HasSignon returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRuleActionsAllOf.md b/okta/docs/OktaSignOnPolicyRuleActionsAllOf.md
new file mode 100644
index 000000000..d42a79b90
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRuleActionsAllOf.md
@@ -0,0 +1,56 @@
+# OktaSignOnPolicyRuleActionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Signon** | Pointer to [**OktaSignOnPolicyRuleSignonActions**](OktaSignOnPolicyRuleSignonActions.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyRuleActionsAllOf
+
+`func NewOktaSignOnPolicyRuleActionsAllOf() *OktaSignOnPolicyRuleActionsAllOf`
+
+NewOktaSignOnPolicyRuleActionsAllOf instantiates a new OktaSignOnPolicyRuleActionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleActionsAllOfWithDefaults
+
+`func NewOktaSignOnPolicyRuleActionsAllOfWithDefaults() *OktaSignOnPolicyRuleActionsAllOf`
+
+NewOktaSignOnPolicyRuleActionsAllOfWithDefaults instantiates a new OktaSignOnPolicyRuleActionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSignon
+
+`func (o *OktaSignOnPolicyRuleActionsAllOf) GetSignon() OktaSignOnPolicyRuleSignonActions`
+
+GetSignon returns the Signon field if non-nil, zero value otherwise.
+
+### GetSignonOk
+
+`func (o *OktaSignOnPolicyRuleActionsAllOf) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool)`
+
+GetSignonOk returns a tuple with the Signon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignon
+
+`func (o *OktaSignOnPolicyRuleActionsAllOf) SetSignon(v OktaSignOnPolicyRuleSignonActions)`
+
+SetSignon sets Signon field to given value.
+
+### HasSignon
+
+`func (o *OktaSignOnPolicyRuleActionsAllOf) HasSignon() bool`
+
+HasSignon returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRuleAllOf.md b/okta/docs/OktaSignOnPolicyRuleAllOf.md
new file mode 100644
index 000000000..690b50ff9
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRuleAllOf.md
@@ -0,0 +1,82 @@
+# OktaSignOnPolicyRuleAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**OktaSignOnPolicyRuleActions**](OktaSignOnPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**OktaSignOnPolicyRuleConditions**](OktaSignOnPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyRuleAllOf
+
+`func NewOktaSignOnPolicyRuleAllOf() *OktaSignOnPolicyRuleAllOf`
+
+NewOktaSignOnPolicyRuleAllOf instantiates a new OktaSignOnPolicyRuleAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleAllOfWithDefaults
+
+`func NewOktaSignOnPolicyRuleAllOfWithDefaults() *OktaSignOnPolicyRuleAllOf`
+
+NewOktaSignOnPolicyRuleAllOfWithDefaults instantiates a new OktaSignOnPolicyRuleAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *OktaSignOnPolicyRuleAllOf) GetActions() OktaSignOnPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *OktaSignOnPolicyRuleAllOf) GetActionsOk() (*OktaSignOnPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *OktaSignOnPolicyRuleAllOf) SetActions(v OktaSignOnPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *OktaSignOnPolicyRuleAllOf) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *OktaSignOnPolicyRuleAllOf) GetConditions() OktaSignOnPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *OktaSignOnPolicyRuleAllOf) GetConditionsOk() (*OktaSignOnPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *OktaSignOnPolicyRuleAllOf) SetConditions(v OktaSignOnPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *OktaSignOnPolicyRuleAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRuleConditions.md b/okta/docs/OktaSignOnPolicyRuleConditions.md
new file mode 100644
index 000000000..f51ee7b8f
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRuleConditions.md
@@ -0,0 +1,576 @@
+# OktaSignOnPolicyRuleConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
+**Apps** | Pointer to [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**BeforeScheduledAction** | Pointer to [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**Context** | Pointer to [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
+**Device** | Pointer to [**DevicePolicyRuleCondition**](DevicePolicyRuleCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**Groups** | Pointer to [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
+**IdentityProvider** | Pointer to [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
+**MdmEnrollment** | Pointer to [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Platform** | Pointer to [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
+**Risk** | Pointer to [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
+**RiskScore** | Pointer to [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+**UserIdentifier** | Pointer to [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
+**UserStatus** | Pointer to [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyRuleConditions
+
+`func NewOktaSignOnPolicyRuleConditions() *OktaSignOnPolicyRuleConditions`
+
+NewOktaSignOnPolicyRuleConditions instantiates a new OktaSignOnPolicyRuleConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleConditionsWithDefaults
+
+`func NewOktaSignOnPolicyRuleConditionsWithDefaults() *OktaSignOnPolicyRuleConditions`
+
+NewOktaSignOnPolicyRuleConditionsWithDefaults instantiates a new OktaSignOnPolicyRuleConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *OktaSignOnPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *OktaSignOnPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *OktaSignOnPolicyRuleConditions) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetApps
+
+`func (o *OktaSignOnPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *OktaSignOnPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *OktaSignOnPolicyRuleConditions) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetAuthContext
+
+`func (o *OktaSignOnPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *OktaSignOnPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *OktaSignOnPolicyRuleConditions) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetAuthProvider
+
+`func (o *OktaSignOnPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *OktaSignOnPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *OktaSignOnPolicyRuleConditions) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetBeforeScheduledAction
+
+`func (o *OktaSignOnPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition`
+
+GetBeforeScheduledAction returns the BeforeScheduledAction field if non-nil, zero value otherwise.
+
+### GetBeforeScheduledActionOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool)`
+
+GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBeforeScheduledAction
+
+`func (o *OktaSignOnPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition)`
+
+SetBeforeScheduledAction sets BeforeScheduledAction field to given value.
+
+### HasBeforeScheduledAction
+
+`func (o *OktaSignOnPolicyRuleConditions) HasBeforeScheduledAction() bool`
+
+HasBeforeScheduledAction returns a boolean if a field has been set.
+
+### GetClients
+
+`func (o *OktaSignOnPolicyRuleConditions) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *OktaSignOnPolicyRuleConditions) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *OktaSignOnPolicyRuleConditions) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetContext
+
+`func (o *OktaSignOnPolicyRuleConditions) GetContext() ContextPolicyRuleCondition`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *OktaSignOnPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition)`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *OktaSignOnPolicyRuleConditions) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### GetDevice
+
+`func (o *OktaSignOnPolicyRuleConditions) GetDevice() DevicePolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *OktaSignOnPolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *OktaSignOnPolicyRuleConditions) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *OktaSignOnPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *OktaSignOnPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *OktaSignOnPolicyRuleConditions) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *OktaSignOnPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *OktaSignOnPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *OktaSignOnPolicyRuleConditions) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetIdentityProvider
+
+`func (o *OktaSignOnPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition`
+
+GetIdentityProvider returns the IdentityProvider field if non-nil, zero value otherwise.
+
+### GetIdentityProviderOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool)`
+
+GetIdentityProviderOk returns a tuple with the IdentityProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityProvider
+
+`func (o *OktaSignOnPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition)`
+
+SetIdentityProvider sets IdentityProvider field to given value.
+
+### HasIdentityProvider
+
+`func (o *OktaSignOnPolicyRuleConditions) HasIdentityProvider() bool`
+
+HasIdentityProvider returns a boolean if a field has been set.
+
+### GetMdmEnrollment
+
+`func (o *OktaSignOnPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition`
+
+GetMdmEnrollment returns the MdmEnrollment field if non-nil, zero value otherwise.
+
+### GetMdmEnrollmentOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool)`
+
+GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMdmEnrollment
+
+`func (o *OktaSignOnPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition)`
+
+SetMdmEnrollment sets MdmEnrollment field to given value.
+
+### HasMdmEnrollment
+
+`func (o *OktaSignOnPolicyRuleConditions) HasMdmEnrollment() bool`
+
+HasMdmEnrollment returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *OktaSignOnPolicyRuleConditions) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *OktaSignOnPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *OktaSignOnPolicyRuleConditions) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *OktaSignOnPolicyRuleConditions) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *OktaSignOnPolicyRuleConditions) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *OktaSignOnPolicyRuleConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *OktaSignOnPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *OktaSignOnPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *OktaSignOnPolicyRuleConditions) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRisk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition`
+
+GetRisk returns the Risk field if non-nil, zero value otherwise.
+
+### GetRiskOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool)`
+
+GetRiskOk returns a tuple with the Risk field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRisk
+
+`func (o *OktaSignOnPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition)`
+
+SetRisk sets Risk field to given value.
+
+### HasRisk
+
+`func (o *OktaSignOnPolicyRuleConditions) HasRisk() bool`
+
+HasRisk returns a boolean if a field has been set.
+
+### GetRiskScore
+
+`func (o *OktaSignOnPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition`
+
+GetRiskScore returns the RiskScore field if non-nil, zero value otherwise.
+
+### GetRiskScoreOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool)`
+
+GetRiskScoreOk returns a tuple with the RiskScore field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskScore
+
+`func (o *OktaSignOnPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition)`
+
+SetRiskScore sets RiskScore field to given value.
+
+### HasRiskScore
+
+`func (o *OktaSignOnPolicyRuleConditions) HasRiskScore() bool`
+
+HasRiskScore returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *OktaSignOnPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *OktaSignOnPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *OktaSignOnPolicyRuleConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetUserIdentifier
+
+`func (o *OktaSignOnPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition`
+
+GetUserIdentifier returns the UserIdentifier field if non-nil, zero value otherwise.
+
+### GetUserIdentifierOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool)`
+
+GetUserIdentifierOk returns a tuple with the UserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserIdentifier
+
+`func (o *OktaSignOnPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition)`
+
+SetUserIdentifier sets UserIdentifier field to given value.
+
+### HasUserIdentifier
+
+`func (o *OktaSignOnPolicyRuleConditions) HasUserIdentifier() bool`
+
+HasUserIdentifier returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *OktaSignOnPolicyRuleConditions) GetUsers() UserPolicyRuleCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *OktaSignOnPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *OktaSignOnPolicyRuleConditions) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetUserStatus
+
+`func (o *OktaSignOnPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition`
+
+GetUserStatus returns the UserStatus field if non-nil, zero value otherwise.
+
+### GetUserStatusOk
+
+`func (o *OktaSignOnPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool)`
+
+GetUserStatusOk returns a tuple with the UserStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserStatus
+
+`func (o *OktaSignOnPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition)`
+
+SetUserStatus sets UserStatus field to given value.
+
+### HasUserStatus
+
+`func (o *OktaSignOnPolicyRuleConditions) HasUserStatus() bool`
+
+HasUserStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRuleConditionsAllOf.md b/okta/docs/OktaSignOnPolicyRuleConditionsAllOf.md
new file mode 100644
index 000000000..3769de708
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRuleConditionsAllOf.md
@@ -0,0 +1,108 @@
+# OktaSignOnPolicyRuleConditionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyRuleConditionsAllOf
+
+`func NewOktaSignOnPolicyRuleConditionsAllOf() *OktaSignOnPolicyRuleConditionsAllOf`
+
+NewOktaSignOnPolicyRuleConditionsAllOf instantiates a new OktaSignOnPolicyRuleConditionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleConditionsAllOfWithDefaults
+
+`func NewOktaSignOnPolicyRuleConditionsAllOfWithDefaults() *OktaSignOnPolicyRuleConditionsAllOf`
+
+NewOktaSignOnPolicyRuleConditionsAllOfWithDefaults instantiates a new OktaSignOnPolicyRuleConditionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthContext
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *OktaSignOnPolicyRuleConditionsAllOf) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRuleSignonActions.md b/okta/docs/OktaSignOnPolicyRuleSignonActions.md
new file mode 100644
index 000000000..aaa871be8
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRuleSignonActions.md
@@ -0,0 +1,186 @@
+# OktaSignOnPolicyRuleSignonActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Access** | Pointer to [**PolicyAccess**](PolicyAccess.md) |  | [optional] 
+**FactorLifetime** | Pointer to **int32** |  | [optional] 
+**FactorPromptMode** | Pointer to [**OktaSignOnPolicyFactorPromptMode**](OktaSignOnPolicyFactorPromptMode.md) |  | [optional] 
+**RememberDeviceByDefault** | Pointer to **bool** |  | [optional] [default to false]
+**RequireFactor** | Pointer to **bool** |  | [optional] [default to false]
+**Session** | Pointer to [**OktaSignOnPolicyRuleSignonSessionActions**](OktaSignOnPolicyRuleSignonSessionActions.md) |  | [optional] 
+
+## Methods
+
+### NewOktaSignOnPolicyRuleSignonActions
+
+`func NewOktaSignOnPolicyRuleSignonActions() *OktaSignOnPolicyRuleSignonActions`
+
+NewOktaSignOnPolicyRuleSignonActions instantiates a new OktaSignOnPolicyRuleSignonActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleSignonActionsWithDefaults
+
+`func NewOktaSignOnPolicyRuleSignonActionsWithDefaults() *OktaSignOnPolicyRuleSignonActions`
+
+NewOktaSignOnPolicyRuleSignonActionsWithDefaults instantiates a new OktaSignOnPolicyRuleSignonActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccess
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetAccess() PolicyAccess`
+
+GetAccess returns the Access field if non-nil, zero value otherwise.
+
+### GetAccessOk
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetAccessOk() (*PolicyAccess, bool)`
+
+GetAccessOk returns a tuple with the Access field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccess
+
+`func (o *OktaSignOnPolicyRuleSignonActions) SetAccess(v PolicyAccess)`
+
+SetAccess sets Access field to given value.
+
+### HasAccess
+
+`func (o *OktaSignOnPolicyRuleSignonActions) HasAccess() bool`
+
+HasAccess returns a boolean if a field has been set.
+
+### GetFactorLifetime
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetFactorLifetime() int32`
+
+GetFactorLifetime returns the FactorLifetime field if non-nil, zero value otherwise.
+
+### GetFactorLifetimeOk
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetFactorLifetimeOk() (*int32, bool)`
+
+GetFactorLifetimeOk returns a tuple with the FactorLifetime field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorLifetime
+
+`func (o *OktaSignOnPolicyRuleSignonActions) SetFactorLifetime(v int32)`
+
+SetFactorLifetime sets FactorLifetime field to given value.
+
+### HasFactorLifetime
+
+`func (o *OktaSignOnPolicyRuleSignonActions) HasFactorLifetime() bool`
+
+HasFactorLifetime returns a boolean if a field has been set.
+
+### GetFactorPromptMode
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetFactorPromptMode() OktaSignOnPolicyFactorPromptMode`
+
+GetFactorPromptMode returns the FactorPromptMode field if non-nil, zero value otherwise.
+
+### GetFactorPromptModeOk
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetFactorPromptModeOk() (*OktaSignOnPolicyFactorPromptMode, bool)`
+
+GetFactorPromptModeOk returns a tuple with the FactorPromptMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorPromptMode
+
+`func (o *OktaSignOnPolicyRuleSignonActions) SetFactorPromptMode(v OktaSignOnPolicyFactorPromptMode)`
+
+SetFactorPromptMode sets FactorPromptMode field to given value.
+
+### HasFactorPromptMode
+
+`func (o *OktaSignOnPolicyRuleSignonActions) HasFactorPromptMode() bool`
+
+HasFactorPromptMode returns a boolean if a field has been set.
+
+### GetRememberDeviceByDefault
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetRememberDeviceByDefault() bool`
+
+GetRememberDeviceByDefault returns the RememberDeviceByDefault field if non-nil, zero value otherwise.
+
+### GetRememberDeviceByDefaultOk
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetRememberDeviceByDefaultOk() (*bool, bool)`
+
+GetRememberDeviceByDefaultOk returns a tuple with the RememberDeviceByDefault field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRememberDeviceByDefault
+
+`func (o *OktaSignOnPolicyRuleSignonActions) SetRememberDeviceByDefault(v bool)`
+
+SetRememberDeviceByDefault sets RememberDeviceByDefault field to given value.
+
+### HasRememberDeviceByDefault
+
+`func (o *OktaSignOnPolicyRuleSignonActions) HasRememberDeviceByDefault() bool`
+
+HasRememberDeviceByDefault returns a boolean if a field has been set.
+
+### GetRequireFactor
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetRequireFactor() bool`
+
+GetRequireFactor returns the RequireFactor field if non-nil, zero value otherwise.
+
+### GetRequireFactorOk
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetRequireFactorOk() (*bool, bool)`
+
+GetRequireFactorOk returns a tuple with the RequireFactor field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequireFactor
+
+`func (o *OktaSignOnPolicyRuleSignonActions) SetRequireFactor(v bool)`
+
+SetRequireFactor sets RequireFactor field to given value.
+
+### HasRequireFactor
+
+`func (o *OktaSignOnPolicyRuleSignonActions) HasRequireFactor() bool`
+
+HasRequireFactor returns a boolean if a field has been set.
+
+### GetSession
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetSession() OktaSignOnPolicyRuleSignonSessionActions`
+
+GetSession returns the Session field if non-nil, zero value otherwise.
+
+### GetSessionOk
+
+`func (o *OktaSignOnPolicyRuleSignonActions) GetSessionOk() (*OktaSignOnPolicyRuleSignonSessionActions, bool)`
+
+GetSessionOk returns a tuple with the Session field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSession
+
+`func (o *OktaSignOnPolicyRuleSignonActions) SetSession(v OktaSignOnPolicyRuleSignonSessionActions)`
+
+SetSession sets Session field to given value.
+
+### HasSession
+
+`func (o *OktaSignOnPolicyRuleSignonActions) HasSession() bool`
+
+HasSession returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OktaSignOnPolicyRuleSignonSessionActions.md b/okta/docs/OktaSignOnPolicyRuleSignonSessionActions.md
new file mode 100644
index 000000000..16bb1eed3
--- /dev/null
+++ b/okta/docs/OktaSignOnPolicyRuleSignonSessionActions.md
@@ -0,0 +1,108 @@
+# OktaSignOnPolicyRuleSignonSessionActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MaxSessionIdleMinutes** | Pointer to **int32** |  | [optional] 
+**MaxSessionLifetimeMinutes** | Pointer to **int32** |  | [optional] 
+**UsePersistentCookie** | Pointer to **bool** |  | [optional] [default to false]
+
+## Methods
+
+### NewOktaSignOnPolicyRuleSignonSessionActions
+
+`func NewOktaSignOnPolicyRuleSignonSessionActions() *OktaSignOnPolicyRuleSignonSessionActions`
+
+NewOktaSignOnPolicyRuleSignonSessionActions instantiates a new OktaSignOnPolicyRuleSignonSessionActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOktaSignOnPolicyRuleSignonSessionActionsWithDefaults
+
+`func NewOktaSignOnPolicyRuleSignonSessionActionsWithDefaults() *OktaSignOnPolicyRuleSignonSessionActions`
+
+NewOktaSignOnPolicyRuleSignonSessionActionsWithDefaults instantiates a new OktaSignOnPolicyRuleSignonSessionActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMaxSessionIdleMinutes
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionIdleMinutes() int32`
+
+GetMaxSessionIdleMinutes returns the MaxSessionIdleMinutes field if non-nil, zero value otherwise.
+
+### GetMaxSessionIdleMinutesOk
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionIdleMinutesOk() (*int32, bool)`
+
+GetMaxSessionIdleMinutesOk returns a tuple with the MaxSessionIdleMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxSessionIdleMinutes
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) SetMaxSessionIdleMinutes(v int32)`
+
+SetMaxSessionIdleMinutes sets MaxSessionIdleMinutes field to given value.
+
+### HasMaxSessionIdleMinutes
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) HasMaxSessionIdleMinutes() bool`
+
+HasMaxSessionIdleMinutes returns a boolean if a field has been set.
+
+### GetMaxSessionLifetimeMinutes
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionLifetimeMinutes() int32`
+
+GetMaxSessionLifetimeMinutes returns the MaxSessionLifetimeMinutes field if non-nil, zero value otherwise.
+
+### GetMaxSessionLifetimeMinutesOk
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionLifetimeMinutesOk() (*int32, bool)`
+
+GetMaxSessionLifetimeMinutesOk returns a tuple with the MaxSessionLifetimeMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxSessionLifetimeMinutes
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) SetMaxSessionLifetimeMinutes(v int32)`
+
+SetMaxSessionLifetimeMinutes sets MaxSessionLifetimeMinutes field to given value.
+
+### HasMaxSessionLifetimeMinutes
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) HasMaxSessionLifetimeMinutes() bool`
+
+HasMaxSessionLifetimeMinutes returns a boolean if a field has been set.
+
+### GetUsePersistentCookie
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) GetUsePersistentCookie() bool`
+
+GetUsePersistentCookie returns the UsePersistentCookie field if non-nil, zero value otherwise.
+
+### GetUsePersistentCookieOk
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) GetUsePersistentCookieOk() (*bool, bool)`
+
+GetUsePersistentCookieOk returns a tuple with the UsePersistentCookie field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsePersistentCookie
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) SetUsePersistentCookie(v bool)`
+
+SetUsePersistentCookie sets UsePersistentCookie field to given value.
+
+### HasUsePersistentCookie
+
+`func (o *OktaSignOnPolicyRuleSignonSessionActions) HasUsePersistentCookie() bool`
+
+HasUsePersistentCookie returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplication.md b/okta/docs/OpenIdConnectApplication.md
new file mode 100644
index 000000000..06a41a0c6
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplication.md
@@ -0,0 +1,108 @@
+# OpenIdConnectApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**OAuthApplicationCredentials**](OAuthApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "oidc_client"]
+**Settings** | Pointer to [**OpenIdConnectApplicationSettings**](OpenIdConnectApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplication
+
+`func NewOpenIdConnectApplication() *OpenIdConnectApplication`
+
+NewOpenIdConnectApplication instantiates a new OpenIdConnectApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationWithDefaults
+
+`func NewOpenIdConnectApplicationWithDefaults() *OpenIdConnectApplication`
+
+NewOpenIdConnectApplicationWithDefaults instantiates a new OpenIdConnectApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *OpenIdConnectApplication) GetCredentials() OAuthApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *OpenIdConnectApplication) GetCredentialsOk() (*OAuthApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *OpenIdConnectApplication) SetCredentials(v OAuthApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *OpenIdConnectApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *OpenIdConnectApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *OpenIdConnectApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *OpenIdConnectApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *OpenIdConnectApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *OpenIdConnectApplication) GetSettings() OpenIdConnectApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *OpenIdConnectApplication) GetSettingsOk() (*OpenIdConnectApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *OpenIdConnectApplication) SetSettings(v OpenIdConnectApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *OpenIdConnectApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationAllOf.md b/okta/docs/OpenIdConnectApplicationAllOf.md
new file mode 100644
index 000000000..69802a261
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationAllOf.md
@@ -0,0 +1,108 @@
+# OpenIdConnectApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**OAuthApplicationCredentials**](OAuthApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "oidc_client"]
+**Settings** | Pointer to [**OpenIdConnectApplicationSettings**](OpenIdConnectApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplicationAllOf
+
+`func NewOpenIdConnectApplicationAllOf() *OpenIdConnectApplicationAllOf`
+
+NewOpenIdConnectApplicationAllOf instantiates a new OpenIdConnectApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationAllOfWithDefaults
+
+`func NewOpenIdConnectApplicationAllOfWithDefaults() *OpenIdConnectApplicationAllOf`
+
+NewOpenIdConnectApplicationAllOfWithDefaults instantiates a new OpenIdConnectApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *OpenIdConnectApplicationAllOf) GetCredentials() OAuthApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *OpenIdConnectApplicationAllOf) GetCredentialsOk() (*OAuthApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *OpenIdConnectApplicationAllOf) SetCredentials(v OAuthApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *OpenIdConnectApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *OpenIdConnectApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *OpenIdConnectApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *OpenIdConnectApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *OpenIdConnectApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *OpenIdConnectApplicationAllOf) GetSettings() OpenIdConnectApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *OpenIdConnectApplicationAllOf) GetSettingsOk() (*OpenIdConnectApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *OpenIdConnectApplicationAllOf) SetSettings(v OpenIdConnectApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *OpenIdConnectApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationConsentMethod.md b/okta/docs/OpenIdConnectApplicationConsentMethod.md
new file mode 100644
index 000000000..4c65325b0
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationConsentMethod.md
@@ -0,0 +1,13 @@
+# OpenIdConnectApplicationConsentMethod
+
+## Enum
+
+
+* `REQUIRED` (value: `"REQUIRED"`)
+
+* `TRUSTED` (value: `"TRUSTED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationIdpInitiatedLogin.md b/okta/docs/OpenIdConnectApplicationIdpInitiatedLogin.md
new file mode 100644
index 000000000..804b9ccb4
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationIdpInitiatedLogin.md
@@ -0,0 +1,82 @@
+# OpenIdConnectApplicationIdpInitiatedLogin
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DefaultScope** | Pointer to **[]string** |  | [optional] 
+**Mode** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplicationIdpInitiatedLogin
+
+`func NewOpenIdConnectApplicationIdpInitiatedLogin() *OpenIdConnectApplicationIdpInitiatedLogin`
+
+NewOpenIdConnectApplicationIdpInitiatedLogin instantiates a new OpenIdConnectApplicationIdpInitiatedLogin object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationIdpInitiatedLoginWithDefaults
+
+`func NewOpenIdConnectApplicationIdpInitiatedLoginWithDefaults() *OpenIdConnectApplicationIdpInitiatedLogin`
+
+NewOpenIdConnectApplicationIdpInitiatedLoginWithDefaults instantiates a new OpenIdConnectApplicationIdpInitiatedLogin object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDefaultScope
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetDefaultScope() []string`
+
+GetDefaultScope returns the DefaultScope field if non-nil, zero value otherwise.
+
+### GetDefaultScopeOk
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetDefaultScopeOk() (*[]string, bool)`
+
+GetDefaultScopeOk returns a tuple with the DefaultScope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultScope
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) SetDefaultScope(v []string)`
+
+SetDefaultScope sets DefaultScope field to given value.
+
+### HasDefaultScope
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) HasDefaultScope() bool`
+
+HasDefaultScope returns a boolean if a field has been set.
+
+### GetMode
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetMode() string`
+
+GetMode returns the Mode field if non-nil, zero value otherwise.
+
+### GetModeOk
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetModeOk() (*string, bool)`
+
+GetModeOk returns a tuple with the Mode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMode
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) SetMode(v string)`
+
+SetMode sets Mode field to given value.
+
+### HasMode
+
+`func (o *OpenIdConnectApplicationIdpInitiatedLogin) HasMode() bool`
+
+HasMode returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationIssuerMode.md b/okta/docs/OpenIdConnectApplicationIssuerMode.md
new file mode 100644
index 000000000..eb5033198
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationIssuerMode.md
@@ -0,0 +1,15 @@
+# OpenIdConnectApplicationIssuerMode
+
+## Enum
+
+
+* `CUSTOM_URL` (value: `"CUSTOM_URL"`)
+
+* `DYNAMIC` (value: `"DYNAMIC"`)
+
+* `ORG_URL` (value: `"ORG_URL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationSettings.md b/okta/docs/OpenIdConnectApplicationSettings.md
new file mode 100644
index 000000000..73468521f
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationSettings.md
@@ -0,0 +1,186 @@
+# OpenIdConnectApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**OauthClient** | Pointer to [**OpenIdConnectApplicationSettingsClient**](OpenIdConnectApplicationSettingsClient.md) |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplicationSettings
+
+`func NewOpenIdConnectApplicationSettings() *OpenIdConnectApplicationSettings`
+
+NewOpenIdConnectApplicationSettings instantiates a new OpenIdConnectApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationSettingsWithDefaults
+
+`func NewOpenIdConnectApplicationSettingsWithDefaults() *OpenIdConnectApplicationSettings`
+
+NewOpenIdConnectApplicationSettingsWithDefaults instantiates a new OpenIdConnectApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *OpenIdConnectApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *OpenIdConnectApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *OpenIdConnectApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *OpenIdConnectApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *OpenIdConnectApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *OpenIdConnectApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *OpenIdConnectApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *OpenIdConnectApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *OpenIdConnectApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *OpenIdConnectApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *OpenIdConnectApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *OpenIdConnectApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *OpenIdConnectApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *OpenIdConnectApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *OpenIdConnectApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *OpenIdConnectApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *OpenIdConnectApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *OpenIdConnectApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *OpenIdConnectApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *OpenIdConnectApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetOauthClient
+
+`func (o *OpenIdConnectApplicationSettings) GetOauthClient() OpenIdConnectApplicationSettingsClient`
+
+GetOauthClient returns the OauthClient field if non-nil, zero value otherwise.
+
+### GetOauthClientOk
+
+`func (o *OpenIdConnectApplicationSettings) GetOauthClientOk() (*OpenIdConnectApplicationSettingsClient, bool)`
+
+GetOauthClientOk returns a tuple with the OauthClient field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauthClient
+
+`func (o *OpenIdConnectApplicationSettings) SetOauthClient(v OpenIdConnectApplicationSettingsClient)`
+
+SetOauthClient sets OauthClient field to given value.
+
+### HasOauthClient
+
+`func (o *OpenIdConnectApplicationSettings) HasOauthClient() bool`
+
+HasOauthClient returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationSettingsAllOf.md b/okta/docs/OpenIdConnectApplicationSettingsAllOf.md
new file mode 100644
index 000000000..25ab9d52c
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationSettingsAllOf.md
@@ -0,0 +1,56 @@
+# OpenIdConnectApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**OauthClient** | Pointer to [**OpenIdConnectApplicationSettingsClient**](OpenIdConnectApplicationSettingsClient.md) |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplicationSettingsAllOf
+
+`func NewOpenIdConnectApplicationSettingsAllOf() *OpenIdConnectApplicationSettingsAllOf`
+
+NewOpenIdConnectApplicationSettingsAllOf instantiates a new OpenIdConnectApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationSettingsAllOfWithDefaults
+
+`func NewOpenIdConnectApplicationSettingsAllOfWithDefaults() *OpenIdConnectApplicationSettingsAllOf`
+
+NewOpenIdConnectApplicationSettingsAllOfWithDefaults instantiates a new OpenIdConnectApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOauthClient
+
+`func (o *OpenIdConnectApplicationSettingsAllOf) GetOauthClient() OpenIdConnectApplicationSettingsClient`
+
+GetOauthClient returns the OauthClient field if non-nil, zero value otherwise.
+
+### GetOauthClientOk
+
+`func (o *OpenIdConnectApplicationSettingsAllOf) GetOauthClientOk() (*OpenIdConnectApplicationSettingsClient, bool)`
+
+GetOauthClientOk returns a tuple with the OauthClient field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOauthClient
+
+`func (o *OpenIdConnectApplicationSettingsAllOf) SetOauthClient(v OpenIdConnectApplicationSettingsClient)`
+
+SetOauthClient sets OauthClient field to given value.
+
+### HasOauthClient
+
+`func (o *OpenIdConnectApplicationSettingsAllOf) HasOauthClient() bool`
+
+HasOauthClient returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationSettingsClient.md b/okta/docs/OpenIdConnectApplicationSettingsClient.md
new file mode 100644
index 000000000..b04461976
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationSettingsClient.md
@@ -0,0 +1,472 @@
+# OpenIdConnectApplicationSettingsClient
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ApplicationType** | Pointer to [**OpenIdConnectApplicationType**](OpenIdConnectApplicationType.md) |  | [optional] 
+**ClientUri** | Pointer to **string** |  | [optional] 
+**ConsentMethod** | Pointer to [**OpenIdConnectApplicationConsentMethod**](OpenIdConnectApplicationConsentMethod.md) |  | [optional] 
+**GrantTypes** | Pointer to [**[]OAuthGrantType**](OAuthGrantType.md) |  | [optional] 
+**IdpInitiatedLogin** | Pointer to [**OpenIdConnectApplicationIdpInitiatedLogin**](OpenIdConnectApplicationIdpInitiatedLogin.md) |  | [optional] 
+**InitiateLoginUri** | Pointer to **string** |  | [optional] 
+**IssuerMode** | Pointer to [**OpenIdConnectApplicationIssuerMode**](OpenIdConnectApplicationIssuerMode.md) |  | [optional] 
+**Jwks** | Pointer to [**OpenIdConnectApplicationSettingsClientKeys**](OpenIdConnectApplicationSettingsClientKeys.md) |  | [optional] 
+**LogoUri** | Pointer to **string** |  | [optional] 
+**PolicyUri** | Pointer to **string** |  | [optional] 
+**PostLogoutRedirectUris** | Pointer to **[]string** |  | [optional] 
+**RedirectUris** | Pointer to **[]string** |  | [optional] 
+**RefreshToken** | Pointer to [**OpenIdConnectApplicationSettingsRefreshToken**](OpenIdConnectApplicationSettingsRefreshToken.md) |  | [optional] 
+**ResponseTypes** | Pointer to [**[]OAuthResponseType**](OAuthResponseType.md) |  | [optional] 
+**TosUri** | Pointer to **string** |  | [optional] 
+**WildcardRedirect** | Pointer to **string** |  | [optional] 
+**JwksUri** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplicationSettingsClient
+
+`func NewOpenIdConnectApplicationSettingsClient() *OpenIdConnectApplicationSettingsClient`
+
+NewOpenIdConnectApplicationSettingsClient instantiates a new OpenIdConnectApplicationSettingsClient object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationSettingsClientWithDefaults
+
+`func NewOpenIdConnectApplicationSettingsClientWithDefaults() *OpenIdConnectApplicationSettingsClient`
+
+NewOpenIdConnectApplicationSettingsClientWithDefaults instantiates a new OpenIdConnectApplicationSettingsClient object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApplicationType
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetApplicationType() OpenIdConnectApplicationType`
+
+GetApplicationType returns the ApplicationType field if non-nil, zero value otherwise.
+
+### GetApplicationTypeOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetApplicationTypeOk() (*OpenIdConnectApplicationType, bool)`
+
+GetApplicationTypeOk returns a tuple with the ApplicationType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApplicationType
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetApplicationType(v OpenIdConnectApplicationType)`
+
+SetApplicationType sets ApplicationType field to given value.
+
+### HasApplicationType
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasApplicationType() bool`
+
+HasApplicationType returns a boolean if a field has been set.
+
+### GetClientUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetClientUri() string`
+
+GetClientUri returns the ClientUri field if non-nil, zero value otherwise.
+
+### GetClientUriOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetClientUriOk() (*string, bool)`
+
+GetClientUriOk returns a tuple with the ClientUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetClientUri(v string)`
+
+SetClientUri sets ClientUri field to given value.
+
+### HasClientUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasClientUri() bool`
+
+HasClientUri returns a boolean if a field has been set.
+
+### GetConsentMethod
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetConsentMethod() OpenIdConnectApplicationConsentMethod`
+
+GetConsentMethod returns the ConsentMethod field if non-nil, zero value otherwise.
+
+### GetConsentMethodOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetConsentMethodOk() (*OpenIdConnectApplicationConsentMethod, bool)`
+
+GetConsentMethodOk returns a tuple with the ConsentMethod field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConsentMethod
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetConsentMethod(v OpenIdConnectApplicationConsentMethod)`
+
+SetConsentMethod sets ConsentMethod field to given value.
+
+### HasConsentMethod
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasConsentMethod() bool`
+
+HasConsentMethod returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypes() []OAuthGrantType`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypesOk() (*[]OAuthGrantType, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetGrantTypes(v []OAuthGrantType)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetIdpInitiatedLogin
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetIdpInitiatedLogin() OpenIdConnectApplicationIdpInitiatedLogin`
+
+GetIdpInitiatedLogin returns the IdpInitiatedLogin field if non-nil, zero value otherwise.
+
+### GetIdpInitiatedLoginOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetIdpInitiatedLoginOk() (*OpenIdConnectApplicationIdpInitiatedLogin, bool)`
+
+GetIdpInitiatedLoginOk returns a tuple with the IdpInitiatedLogin field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdpInitiatedLogin
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetIdpInitiatedLogin(v OpenIdConnectApplicationIdpInitiatedLogin)`
+
+SetIdpInitiatedLogin sets IdpInitiatedLogin field to given value.
+
+### HasIdpInitiatedLogin
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasIdpInitiatedLogin() bool`
+
+HasIdpInitiatedLogin returns a boolean if a field has been set.
+
+### GetInitiateLoginUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetInitiateLoginUri() string`
+
+GetInitiateLoginUri returns the InitiateLoginUri field if non-nil, zero value otherwise.
+
+### GetInitiateLoginUriOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetInitiateLoginUriOk() (*string, bool)`
+
+GetInitiateLoginUriOk returns a tuple with the InitiateLoginUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInitiateLoginUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetInitiateLoginUri(v string)`
+
+SetInitiateLoginUri sets InitiateLoginUri field to given value.
+
+### HasInitiateLoginUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasInitiateLoginUri() bool`
+
+HasInitiateLoginUri returns a boolean if a field has been set.
+
+### GetIssuerMode
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetIssuerMode() OpenIdConnectApplicationIssuerMode`
+
+GetIssuerMode returns the IssuerMode field if non-nil, zero value otherwise.
+
+### GetIssuerModeOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetIssuerModeOk() (*OpenIdConnectApplicationIssuerMode, bool)`
+
+GetIssuerModeOk returns a tuple with the IssuerMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuerMode
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetIssuerMode(v OpenIdConnectApplicationIssuerMode)`
+
+SetIssuerMode sets IssuerMode field to given value.
+
+### HasIssuerMode
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasIssuerMode() bool`
+
+HasIssuerMode returns a boolean if a field has been set.
+
+### GetJwks
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetJwks() OpenIdConnectApplicationSettingsClientKeys`
+
+GetJwks returns the Jwks field if non-nil, zero value otherwise.
+
+### GetJwksOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetJwksOk() (*OpenIdConnectApplicationSettingsClientKeys, bool)`
+
+GetJwksOk returns a tuple with the Jwks field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJwks
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetJwks(v OpenIdConnectApplicationSettingsClientKeys)`
+
+SetJwks sets Jwks field to given value.
+
+### HasJwks
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasJwks() bool`
+
+HasJwks returns a boolean if a field has been set.
+
+### GetLogoUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetLogoUri() string`
+
+GetLogoUri returns the LogoUri field if non-nil, zero value otherwise.
+
+### GetLogoUriOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetLogoUriOk() (*string, bool)`
+
+GetLogoUriOk returns a tuple with the LogoUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogoUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetLogoUri(v string)`
+
+SetLogoUri sets LogoUri field to given value.
+
+### HasLogoUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasLogoUri() bool`
+
+HasLogoUri returns a boolean if a field has been set.
+
+### GetPolicyUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetPolicyUri() string`
+
+GetPolicyUri returns the PolicyUri field if non-nil, zero value otherwise.
+
+### GetPolicyUriOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetPolicyUriOk() (*string, bool)`
+
+GetPolicyUriOk returns a tuple with the PolicyUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPolicyUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetPolicyUri(v string)`
+
+SetPolicyUri sets PolicyUri field to given value.
+
+### HasPolicyUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasPolicyUri() bool`
+
+HasPolicyUri returns a boolean if a field has been set.
+
+### GetPostLogoutRedirectUris
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetPostLogoutRedirectUris() []string`
+
+GetPostLogoutRedirectUris returns the PostLogoutRedirectUris field if non-nil, zero value otherwise.
+
+### GetPostLogoutRedirectUrisOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetPostLogoutRedirectUrisOk() (*[]string, bool)`
+
+GetPostLogoutRedirectUrisOk returns a tuple with the PostLogoutRedirectUris field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPostLogoutRedirectUris
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetPostLogoutRedirectUris(v []string)`
+
+SetPostLogoutRedirectUris sets PostLogoutRedirectUris field to given value.
+
+### HasPostLogoutRedirectUris
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasPostLogoutRedirectUris() bool`
+
+HasPostLogoutRedirectUris returns a boolean if a field has been set.
+
+### GetRedirectUris
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetRedirectUris() []string`
+
+GetRedirectUris returns the RedirectUris field if non-nil, zero value otherwise.
+
+### GetRedirectUrisOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetRedirectUrisOk() (*[]string, bool)`
+
+GetRedirectUrisOk returns a tuple with the RedirectUris field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRedirectUris
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetRedirectUris(v []string)`
+
+SetRedirectUris sets RedirectUris field to given value.
+
+### HasRedirectUris
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasRedirectUris() bool`
+
+HasRedirectUris returns a boolean if a field has been set.
+
+### GetRefreshToken
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetRefreshToken() OpenIdConnectApplicationSettingsRefreshToken`
+
+GetRefreshToken returns the RefreshToken field if non-nil, zero value otherwise.
+
+### GetRefreshTokenOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetRefreshTokenOk() (*OpenIdConnectApplicationSettingsRefreshToken, bool)`
+
+GetRefreshTokenOk returns a tuple with the RefreshToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRefreshToken
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetRefreshToken(v OpenIdConnectApplicationSettingsRefreshToken)`
+
+SetRefreshToken sets RefreshToken field to given value.
+
+### HasRefreshToken
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasRefreshToken() bool`
+
+HasRefreshToken returns a boolean if a field has been set.
+
+### GetResponseTypes
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetResponseTypes() []OAuthResponseType`
+
+GetResponseTypes returns the ResponseTypes field if non-nil, zero value otherwise.
+
+### GetResponseTypesOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetResponseTypesOk() (*[]OAuthResponseType, bool)`
+
+GetResponseTypesOk returns a tuple with the ResponseTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResponseTypes
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetResponseTypes(v []OAuthResponseType)`
+
+SetResponseTypes sets ResponseTypes field to given value.
+
+### HasResponseTypes
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasResponseTypes() bool`
+
+HasResponseTypes returns a boolean if a field has been set.
+
+### GetTosUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetTosUri() string`
+
+GetTosUri returns the TosUri field if non-nil, zero value otherwise.
+
+### GetTosUriOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetTosUriOk() (*string, bool)`
+
+GetTosUriOk returns a tuple with the TosUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTosUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetTosUri(v string)`
+
+SetTosUri sets TosUri field to given value.
+
+### HasTosUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasTosUri() bool`
+
+HasTosUri returns a boolean if a field has been set.
+
+### GetWildcardRedirect
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetWildcardRedirect() string`
+
+GetWildcardRedirect returns the WildcardRedirect field if non-nil, zero value otherwise.
+
+### GetWildcardRedirectOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetWildcardRedirectOk() (*string, bool)`
+
+GetWildcardRedirectOk returns a tuple with the WildcardRedirect field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWildcardRedirect
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetWildcardRedirect(v string)`
+
+SetWildcardRedirect sets WildcardRedirect field to given value.
+
+### HasWildcardRedirect
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasWildcardRedirect() bool`
+
+HasWildcardRedirect returns a boolean if a field has been set.
+
+### GetJwksUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetJwksUri() string`
+
+GetJwksUri returns the JwksUri field if non-nil, zero value otherwise.
+
+### GetJwksUriOk
+
+`func (o *OpenIdConnectApplicationSettingsClient) GetJwksUriOk() (*string, bool)`
+
+GetJwksUriOk returns a tuple with the JwksUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJwksUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) SetJwksUri(v string)`
+
+SetJwksUri sets JwksUri field to given value.
+
+### HasJwksUri
+
+`func (o *OpenIdConnectApplicationSettingsClient) HasJwksUri() bool`
+
+HasJwksUri returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationSettingsClientKeys.md b/okta/docs/OpenIdConnectApplicationSettingsClientKeys.md
new file mode 100644
index 000000000..17c960837
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationSettingsClientKeys.md
@@ -0,0 +1,56 @@
+# OpenIdConnectApplicationSettingsClientKeys
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Keys** | Pointer to [**[]JsonWebKey**](JsonWebKey.md) |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplicationSettingsClientKeys
+
+`func NewOpenIdConnectApplicationSettingsClientKeys() *OpenIdConnectApplicationSettingsClientKeys`
+
+NewOpenIdConnectApplicationSettingsClientKeys instantiates a new OpenIdConnectApplicationSettingsClientKeys object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationSettingsClientKeysWithDefaults
+
+`func NewOpenIdConnectApplicationSettingsClientKeysWithDefaults() *OpenIdConnectApplicationSettingsClientKeys`
+
+NewOpenIdConnectApplicationSettingsClientKeysWithDefaults instantiates a new OpenIdConnectApplicationSettingsClientKeys object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetKeys
+
+`func (o *OpenIdConnectApplicationSettingsClientKeys) GetKeys() []JsonWebKey`
+
+GetKeys returns the Keys field if non-nil, zero value otherwise.
+
+### GetKeysOk
+
+`func (o *OpenIdConnectApplicationSettingsClientKeys) GetKeysOk() (*[]JsonWebKey, bool)`
+
+GetKeysOk returns a tuple with the Keys field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetKeys
+
+`func (o *OpenIdConnectApplicationSettingsClientKeys) SetKeys(v []JsonWebKey)`
+
+SetKeys sets Keys field to given value.
+
+### HasKeys
+
+`func (o *OpenIdConnectApplicationSettingsClientKeys) HasKeys() bool`
+
+HasKeys returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationSettingsRefreshToken.md b/okta/docs/OpenIdConnectApplicationSettingsRefreshToken.md
new file mode 100644
index 000000000..d99657c38
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationSettingsRefreshToken.md
@@ -0,0 +1,82 @@
+# OpenIdConnectApplicationSettingsRefreshToken
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Leeway** | Pointer to **int32** |  | [optional] 
+**RotationType** | Pointer to [**OpenIdConnectRefreshTokenRotationType**](OpenIdConnectRefreshTokenRotationType.md) |  | [optional] 
+
+## Methods
+
+### NewOpenIdConnectApplicationSettingsRefreshToken
+
+`func NewOpenIdConnectApplicationSettingsRefreshToken() *OpenIdConnectApplicationSettingsRefreshToken`
+
+NewOpenIdConnectApplicationSettingsRefreshToken instantiates a new OpenIdConnectApplicationSettingsRefreshToken object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOpenIdConnectApplicationSettingsRefreshTokenWithDefaults
+
+`func NewOpenIdConnectApplicationSettingsRefreshTokenWithDefaults() *OpenIdConnectApplicationSettingsRefreshToken`
+
+NewOpenIdConnectApplicationSettingsRefreshTokenWithDefaults instantiates a new OpenIdConnectApplicationSettingsRefreshToken object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLeeway
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) GetLeeway() int32`
+
+GetLeeway returns the Leeway field if non-nil, zero value otherwise.
+
+### GetLeewayOk
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) GetLeewayOk() (*int32, bool)`
+
+GetLeewayOk returns a tuple with the Leeway field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLeeway
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) SetLeeway(v int32)`
+
+SetLeeway sets Leeway field to given value.
+
+### HasLeeway
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) HasLeeway() bool`
+
+HasLeeway returns a boolean if a field has been set.
+
+### GetRotationType
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) GetRotationType() OpenIdConnectRefreshTokenRotationType`
+
+GetRotationType returns the RotationType field if non-nil, zero value otherwise.
+
+### GetRotationTypeOk
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) GetRotationTypeOk() (*OpenIdConnectRefreshTokenRotationType, bool)`
+
+GetRotationTypeOk returns a tuple with the RotationType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRotationType
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) SetRotationType(v OpenIdConnectRefreshTokenRotationType)`
+
+SetRotationType sets RotationType field to given value.
+
+### HasRotationType
+
+`func (o *OpenIdConnectApplicationSettingsRefreshToken) HasRotationType() bool`
+
+HasRotationType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectApplicationType.md b/okta/docs/OpenIdConnectApplicationType.md
new file mode 100644
index 000000000..607be6635
--- /dev/null
+++ b/okta/docs/OpenIdConnectApplicationType.md
@@ -0,0 +1,17 @@
+# OpenIdConnectApplicationType
+
+## Enum
+
+
+* `BROWSER` (value: `"browser"`)
+
+* `NATIVE` (value: `"native"`)
+
+* `SERVICE` (value: `"service"`)
+
+* `WEB` (value: `"web"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OpenIdConnectRefreshTokenRotationType.md b/okta/docs/OpenIdConnectRefreshTokenRotationType.md
new file mode 100644
index 000000000..ca6bb6a88
--- /dev/null
+++ b/okta/docs/OpenIdConnectRefreshTokenRotationType.md
@@ -0,0 +1,13 @@
+# OpenIdConnectRefreshTokenRotationType
+
+## Enum
+
+
+* `ROTATE` (value: `"ROTATE"`)
+
+* `STATIC` (value: `"STATIC"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OperationalStatus.md b/okta/docs/OperationalStatus.md
new file mode 100644
index 000000000..8a313be9a
--- /dev/null
+++ b/okta/docs/OperationalStatus.md
@@ -0,0 +1,17 @@
+# OperationalStatus
+
+## Enum
+
+
+* `DEGRADED` (value: `"DEGRADED"`)
+
+* `DISRUPTED` (value: `"DISRUPTED"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+* `OPERATIONAL` (value: `"OPERATIONAL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgContactType.md b/okta/docs/OrgContactType.md
new file mode 100644
index 000000000..b2c485cc3
--- /dev/null
+++ b/okta/docs/OrgContactType.md
@@ -0,0 +1,13 @@
+# OrgContactType
+
+## Enum
+
+
+* `BILLING` (value: `"BILLING"`)
+
+* `TECHNICAL` (value: `"TECHNICAL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgContactTypeObj.md b/okta/docs/OrgContactTypeObj.md
new file mode 100644
index 000000000..e0145b606
--- /dev/null
+++ b/okta/docs/OrgContactTypeObj.md
@@ -0,0 +1,82 @@
+# OrgContactTypeObj
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ContactType** | Pointer to [**OrgContactType**](OrgContactType.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+
+## Methods
+
+### NewOrgContactTypeObj
+
+`func NewOrgContactTypeObj() *OrgContactTypeObj`
+
+NewOrgContactTypeObj instantiates a new OrgContactTypeObj object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOrgContactTypeObjWithDefaults
+
+`func NewOrgContactTypeObjWithDefaults() *OrgContactTypeObj`
+
+NewOrgContactTypeObjWithDefaults instantiates a new OrgContactTypeObj object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetContactType
+
+`func (o *OrgContactTypeObj) GetContactType() OrgContactType`
+
+GetContactType returns the ContactType field if non-nil, zero value otherwise.
+
+### GetContactTypeOk
+
+`func (o *OrgContactTypeObj) GetContactTypeOk() (*OrgContactType, bool)`
+
+GetContactTypeOk returns a tuple with the ContactType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContactType
+
+`func (o *OrgContactTypeObj) SetContactType(v OrgContactType)`
+
+SetContactType sets ContactType field to given value.
+
+### HasContactType
+
+`func (o *OrgContactTypeObj) HasContactType() bool`
+
+HasContactType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OrgContactTypeObj) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OrgContactTypeObj) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OrgContactTypeObj) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OrgContactTypeObj) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgContactUser.md b/okta/docs/OrgContactUser.md
new file mode 100644
index 000000000..5ed8cec0d
--- /dev/null
+++ b/okta/docs/OrgContactUser.md
@@ -0,0 +1,82 @@
+# OrgContactUser
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**UserId** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewOrgContactUser
+
+`func NewOrgContactUser() *OrgContactUser`
+
+NewOrgContactUser instantiates a new OrgContactUser object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOrgContactUserWithDefaults
+
+`func NewOrgContactUserWithDefaults() *OrgContactUser`
+
+NewOrgContactUserWithDefaults instantiates a new OrgContactUser object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetUserId
+
+`func (o *OrgContactUser) GetUserId() string`
+
+GetUserId returns the UserId field if non-nil, zero value otherwise.
+
+### GetUserIdOk
+
+`func (o *OrgContactUser) GetUserIdOk() (*string, bool)`
+
+GetUserIdOk returns a tuple with the UserId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserId
+
+`func (o *OrgContactUser) SetUserId(v string)`
+
+SetUserId sets UserId field to given value.
+
+### HasUserId
+
+`func (o *OrgContactUser) HasUserId() bool`
+
+HasUserId returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OrgContactUser) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OrgContactUser) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OrgContactUser) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OrgContactUser) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgOktaCommunicationSetting.md b/okta/docs/OrgOktaCommunicationSetting.md
new file mode 100644
index 000000000..b532b2473
--- /dev/null
+++ b/okta/docs/OrgOktaCommunicationSetting.md
@@ -0,0 +1,82 @@
+# OrgOktaCommunicationSetting
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**OptOutEmailUsers** | Pointer to **bool** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+
+## Methods
+
+### NewOrgOktaCommunicationSetting
+
+`func NewOrgOktaCommunicationSetting() *OrgOktaCommunicationSetting`
+
+NewOrgOktaCommunicationSetting instantiates a new OrgOktaCommunicationSetting object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOrgOktaCommunicationSettingWithDefaults
+
+`func NewOrgOktaCommunicationSettingWithDefaults() *OrgOktaCommunicationSetting`
+
+NewOrgOktaCommunicationSettingWithDefaults instantiates a new OrgOktaCommunicationSetting object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOptOutEmailUsers
+
+`func (o *OrgOktaCommunicationSetting) GetOptOutEmailUsers() bool`
+
+GetOptOutEmailUsers returns the OptOutEmailUsers field if non-nil, zero value otherwise.
+
+### GetOptOutEmailUsersOk
+
+`func (o *OrgOktaCommunicationSetting) GetOptOutEmailUsersOk() (*bool, bool)`
+
+GetOptOutEmailUsersOk returns a tuple with the OptOutEmailUsers field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptOutEmailUsers
+
+`func (o *OrgOktaCommunicationSetting) SetOptOutEmailUsers(v bool)`
+
+SetOptOutEmailUsers sets OptOutEmailUsers field to given value.
+
+### HasOptOutEmailUsers
+
+`func (o *OrgOktaCommunicationSetting) HasOptOutEmailUsers() bool`
+
+HasOptOutEmailUsers returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OrgOktaCommunicationSetting) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OrgOktaCommunicationSetting) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OrgOktaCommunicationSetting) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OrgOktaCommunicationSetting) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgOktaSupportSetting.md b/okta/docs/OrgOktaSupportSetting.md
new file mode 100644
index 000000000..66aa7d30b
--- /dev/null
+++ b/okta/docs/OrgOktaSupportSetting.md
@@ -0,0 +1,13 @@
+# OrgOktaSupportSetting
+
+## Enum
+
+
+* `DISABLED` (value: `"DISABLED"`)
+
+* `ENABLED` (value: `"ENABLED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgOktaSupportSettingsObj.md b/okta/docs/OrgOktaSupportSettingsObj.md
new file mode 100644
index 000000000..ec4748376
--- /dev/null
+++ b/okta/docs/OrgOktaSupportSettingsObj.md
@@ -0,0 +1,108 @@
+# OrgOktaSupportSettingsObj
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expiration** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Support** | Pointer to [**OrgOktaSupportSetting**](OrgOktaSupportSetting.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+
+## Methods
+
+### NewOrgOktaSupportSettingsObj
+
+`func NewOrgOktaSupportSettingsObj() *OrgOktaSupportSettingsObj`
+
+NewOrgOktaSupportSettingsObj instantiates a new OrgOktaSupportSettingsObj object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOrgOktaSupportSettingsObjWithDefaults
+
+`func NewOrgOktaSupportSettingsObjWithDefaults() *OrgOktaSupportSettingsObj`
+
+NewOrgOktaSupportSettingsObjWithDefaults instantiates a new OrgOktaSupportSettingsObj object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiration
+
+`func (o *OrgOktaSupportSettingsObj) GetExpiration() time.Time`
+
+GetExpiration returns the Expiration field if non-nil, zero value otherwise.
+
+### GetExpirationOk
+
+`func (o *OrgOktaSupportSettingsObj) GetExpirationOk() (*time.Time, bool)`
+
+GetExpirationOk returns a tuple with the Expiration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiration
+
+`func (o *OrgOktaSupportSettingsObj) SetExpiration(v time.Time)`
+
+SetExpiration sets Expiration field to given value.
+
+### HasExpiration
+
+`func (o *OrgOktaSupportSettingsObj) HasExpiration() bool`
+
+HasExpiration returns a boolean if a field has been set.
+
+### GetSupport
+
+`func (o *OrgOktaSupportSettingsObj) GetSupport() OrgOktaSupportSetting`
+
+GetSupport returns the Support field if non-nil, zero value otherwise.
+
+### GetSupportOk
+
+`func (o *OrgOktaSupportSettingsObj) GetSupportOk() (*OrgOktaSupportSetting, bool)`
+
+GetSupportOk returns a tuple with the Support field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSupport
+
+`func (o *OrgOktaSupportSettingsObj) SetSupport(v OrgOktaSupportSetting)`
+
+SetSupport sets Support field to given value.
+
+### HasSupport
+
+`func (o *OrgOktaSupportSettingsObj) HasSupport() bool`
+
+HasSupport returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OrgOktaSupportSettingsObj) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OrgOktaSupportSettingsObj) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OrgOktaSupportSettingsObj) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OrgOktaSupportSettingsObj) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgPreferences.md b/okta/docs/OrgPreferences.md
new file mode 100644
index 000000000..3cfa48be0
--- /dev/null
+++ b/okta/docs/OrgPreferences.md
@@ -0,0 +1,82 @@
+# OrgPreferences
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ShowEndUserFooter** | Pointer to **bool** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+
+## Methods
+
+### NewOrgPreferences
+
+`func NewOrgPreferences() *OrgPreferences`
+
+NewOrgPreferences instantiates a new OrgPreferences object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOrgPreferencesWithDefaults
+
+`func NewOrgPreferencesWithDefaults() *OrgPreferences`
+
+NewOrgPreferencesWithDefaults instantiates a new OrgPreferences object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetShowEndUserFooter
+
+`func (o *OrgPreferences) GetShowEndUserFooter() bool`
+
+GetShowEndUserFooter returns the ShowEndUserFooter field if non-nil, zero value otherwise.
+
+### GetShowEndUserFooterOk
+
+`func (o *OrgPreferences) GetShowEndUserFooterOk() (*bool, bool)`
+
+GetShowEndUserFooterOk returns a tuple with the ShowEndUserFooter field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetShowEndUserFooter
+
+`func (o *OrgPreferences) SetShowEndUserFooter(v bool)`
+
+SetShowEndUserFooter sets ShowEndUserFooter field to given value.
+
+### HasShowEndUserFooter
+
+`func (o *OrgPreferences) HasShowEndUserFooter() bool`
+
+HasShowEndUserFooter returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OrgPreferences) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OrgPreferences) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OrgPreferences) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OrgPreferences) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgSetting.md b/okta/docs/OrgSetting.md
new file mode 100644
index 000000000..2892c656a
--- /dev/null
+++ b/okta/docs/OrgSetting.md
@@ -0,0 +1,498 @@
+# OrgSetting
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Address1** | Pointer to **string** |  | [optional] 
+**Address2** | Pointer to **string** |  | [optional] 
+**City** | Pointer to **string** |  | [optional] 
+**CompanyName** | Pointer to **string** |  | [optional] 
+**Country** | Pointer to **string** |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**EndUserSupportHelpURL** | Pointer to **string** |  | [optional] 
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**PhoneNumber** | Pointer to **string** |  | [optional] 
+**PostalCode** | Pointer to **string** |  | [optional] 
+**State** | Pointer to **string** |  | [optional] 
+**Status** | Pointer to **string** |  | [optional] [readonly] 
+**Subdomain** | Pointer to **string** |  | [optional] [readonly] 
+**SupportPhoneNumber** | Pointer to **string** |  | [optional] 
+**Website** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] 
+
+## Methods
+
+### NewOrgSetting
+
+`func NewOrgSetting() *OrgSetting`
+
+NewOrgSetting instantiates a new OrgSetting object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewOrgSettingWithDefaults
+
+`func NewOrgSettingWithDefaults() *OrgSetting`
+
+NewOrgSettingWithDefaults instantiates a new OrgSetting object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAddress1
+
+`func (o *OrgSetting) GetAddress1() string`
+
+GetAddress1 returns the Address1 field if non-nil, zero value otherwise.
+
+### GetAddress1Ok
+
+`func (o *OrgSetting) GetAddress1Ok() (*string, bool)`
+
+GetAddress1Ok returns a tuple with the Address1 field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAddress1
+
+`func (o *OrgSetting) SetAddress1(v string)`
+
+SetAddress1 sets Address1 field to given value.
+
+### HasAddress1
+
+`func (o *OrgSetting) HasAddress1() bool`
+
+HasAddress1 returns a boolean if a field has been set.
+
+### GetAddress2
+
+`func (o *OrgSetting) GetAddress2() string`
+
+GetAddress2 returns the Address2 field if non-nil, zero value otherwise.
+
+### GetAddress2Ok
+
+`func (o *OrgSetting) GetAddress2Ok() (*string, bool)`
+
+GetAddress2Ok returns a tuple with the Address2 field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAddress2
+
+`func (o *OrgSetting) SetAddress2(v string)`
+
+SetAddress2 sets Address2 field to given value.
+
+### HasAddress2
+
+`func (o *OrgSetting) HasAddress2() bool`
+
+HasAddress2 returns a boolean if a field has been set.
+
+### GetCity
+
+`func (o *OrgSetting) GetCity() string`
+
+GetCity returns the City field if non-nil, zero value otherwise.
+
+### GetCityOk
+
+`func (o *OrgSetting) GetCityOk() (*string, bool)`
+
+GetCityOk returns a tuple with the City field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCity
+
+`func (o *OrgSetting) SetCity(v string)`
+
+SetCity sets City field to given value.
+
+### HasCity
+
+`func (o *OrgSetting) HasCity() bool`
+
+HasCity returns a boolean if a field has been set.
+
+### GetCompanyName
+
+`func (o *OrgSetting) GetCompanyName() string`
+
+GetCompanyName returns the CompanyName field if non-nil, zero value otherwise.
+
+### GetCompanyNameOk
+
+`func (o *OrgSetting) GetCompanyNameOk() (*string, bool)`
+
+GetCompanyNameOk returns a tuple with the CompanyName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCompanyName
+
+`func (o *OrgSetting) SetCompanyName(v string)`
+
+SetCompanyName sets CompanyName field to given value.
+
+### HasCompanyName
+
+`func (o *OrgSetting) HasCompanyName() bool`
+
+HasCompanyName returns a boolean if a field has been set.
+
+### GetCountry
+
+`func (o *OrgSetting) GetCountry() string`
+
+GetCountry returns the Country field if non-nil, zero value otherwise.
+
+### GetCountryOk
+
+`func (o *OrgSetting) GetCountryOk() (*string, bool)`
+
+GetCountryOk returns a tuple with the Country field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCountry
+
+`func (o *OrgSetting) SetCountry(v string)`
+
+SetCountry sets Country field to given value.
+
+### HasCountry
+
+`func (o *OrgSetting) HasCountry() bool`
+
+HasCountry returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *OrgSetting) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *OrgSetting) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *OrgSetting) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *OrgSetting) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetEndUserSupportHelpURL
+
+`func (o *OrgSetting) GetEndUserSupportHelpURL() string`
+
+GetEndUserSupportHelpURL returns the EndUserSupportHelpURL field if non-nil, zero value otherwise.
+
+### GetEndUserSupportHelpURLOk
+
+`func (o *OrgSetting) GetEndUserSupportHelpURLOk() (*string, bool)`
+
+GetEndUserSupportHelpURLOk returns a tuple with the EndUserSupportHelpURL field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEndUserSupportHelpURL
+
+`func (o *OrgSetting) SetEndUserSupportHelpURL(v string)`
+
+SetEndUserSupportHelpURL sets EndUserSupportHelpURL field to given value.
+
+### HasEndUserSupportHelpURL
+
+`func (o *OrgSetting) HasEndUserSupportHelpURL() bool`
+
+HasEndUserSupportHelpURL returns a boolean if a field has been set.
+
+### GetExpiresAt
+
+`func (o *OrgSetting) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *OrgSetting) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *OrgSetting) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *OrgSetting) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *OrgSetting) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *OrgSetting) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *OrgSetting) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *OrgSetting) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *OrgSetting) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *OrgSetting) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *OrgSetting) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *OrgSetting) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetPhoneNumber
+
+`func (o *OrgSetting) GetPhoneNumber() string`
+
+GetPhoneNumber returns the PhoneNumber field if non-nil, zero value otherwise.
+
+### GetPhoneNumberOk
+
+`func (o *OrgSetting) GetPhoneNumberOk() (*string, bool)`
+
+GetPhoneNumberOk returns a tuple with the PhoneNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPhoneNumber
+
+`func (o *OrgSetting) SetPhoneNumber(v string)`
+
+SetPhoneNumber sets PhoneNumber field to given value.
+
+### HasPhoneNumber
+
+`func (o *OrgSetting) HasPhoneNumber() bool`
+
+HasPhoneNumber returns a boolean if a field has been set.
+
+### GetPostalCode
+
+`func (o *OrgSetting) GetPostalCode() string`
+
+GetPostalCode returns the PostalCode field if non-nil, zero value otherwise.
+
+### GetPostalCodeOk
+
+`func (o *OrgSetting) GetPostalCodeOk() (*string, bool)`
+
+GetPostalCodeOk returns a tuple with the PostalCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPostalCode
+
+`func (o *OrgSetting) SetPostalCode(v string)`
+
+SetPostalCode sets PostalCode field to given value.
+
+### HasPostalCode
+
+`func (o *OrgSetting) HasPostalCode() bool`
+
+HasPostalCode returns a boolean if a field has been set.
+
+### GetState
+
+`func (o *OrgSetting) GetState() string`
+
+GetState returns the State field if non-nil, zero value otherwise.
+
+### GetStateOk
+
+`func (o *OrgSetting) GetStateOk() (*string, bool)`
+
+GetStateOk returns a tuple with the State field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetState
+
+`func (o *OrgSetting) SetState(v string)`
+
+SetState sets State field to given value.
+
+### HasState
+
+`func (o *OrgSetting) HasState() bool`
+
+HasState returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *OrgSetting) GetStatus() string`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *OrgSetting) GetStatusOk() (*string, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *OrgSetting) SetStatus(v string)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *OrgSetting) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetSubdomain
+
+`func (o *OrgSetting) GetSubdomain() string`
+
+GetSubdomain returns the Subdomain field if non-nil, zero value otherwise.
+
+### GetSubdomainOk
+
+`func (o *OrgSetting) GetSubdomainOk() (*string, bool)`
+
+GetSubdomainOk returns a tuple with the Subdomain field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubdomain
+
+`func (o *OrgSetting) SetSubdomain(v string)`
+
+SetSubdomain sets Subdomain field to given value.
+
+### HasSubdomain
+
+`func (o *OrgSetting) HasSubdomain() bool`
+
+HasSubdomain returns a boolean if a field has been set.
+
+### GetSupportPhoneNumber
+
+`func (o *OrgSetting) GetSupportPhoneNumber() string`
+
+GetSupportPhoneNumber returns the SupportPhoneNumber field if non-nil, zero value otherwise.
+
+### GetSupportPhoneNumberOk
+
+`func (o *OrgSetting) GetSupportPhoneNumberOk() (*string, bool)`
+
+GetSupportPhoneNumberOk returns a tuple with the SupportPhoneNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSupportPhoneNumber
+
+`func (o *OrgSetting) SetSupportPhoneNumber(v string)`
+
+SetSupportPhoneNumber sets SupportPhoneNumber field to given value.
+
+### HasSupportPhoneNumber
+
+`func (o *OrgSetting) HasSupportPhoneNumber() bool`
+
+HasSupportPhoneNumber returns a boolean if a field has been set.
+
+### GetWebsite
+
+`func (o *OrgSetting) GetWebsite() string`
+
+GetWebsite returns the Website field if non-nil, zero value otherwise.
+
+### GetWebsiteOk
+
+`func (o *OrgSetting) GetWebsiteOk() (*string, bool)`
+
+GetWebsiteOk returns a tuple with the Website field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWebsite
+
+`func (o *OrgSetting) SetWebsite(v string)`
+
+SetWebsite sets Website field to given value.
+
+### HasWebsite
+
+`func (o *OrgSetting) HasWebsite() bool`
+
+HasWebsite returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *OrgSetting) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *OrgSetting) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *OrgSetting) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *OrgSetting) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/OrgSettingApi.md b/okta/docs/OrgSettingApi.md
new file mode 100644
index 000000000..a95bd7f51
--- /dev/null
+++ b/okta/docs/OrgSettingApi.md
@@ -0,0 +1,1224 @@
+# \OrgSettingApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**BulkRemoveEmailAddressBounces**](OrgSettingApi.md#BulkRemoveEmailAddressBounces) | **Post** /api/v1/org/email/bounces/remove-list | Remove Emails from Email Provider Bounce List
+[**ExtendOktaSupport**](OrgSettingApi.md#ExtendOktaSupport) | **Post** /api/v1/org/privacy/oktaSupport/extend | Extend Okta Support Access
+[**GetOktaCommunicationSettings**](OrgSettingApi.md#GetOktaCommunicationSettings) | **Get** /api/v1/org/privacy/oktaCommunication | Retrieve the Okta Communication Settings
+[**GetOrgContactTypes**](OrgSettingApi.md#GetOrgContactTypes) | **Get** /api/v1/org/contacts | Retrieve the Org Contact Types
+[**GetOrgContactUser**](OrgSettingApi.md#GetOrgContactUser) | **Get** /api/v1/org/contacts/{contactType} | Retrieve the User of the Contact Type
+[**GetOrgOktaSupportSettings**](OrgSettingApi.md#GetOrgOktaSupportSettings) | **Get** /api/v1/org/privacy/oktaSupport | Retrieve the Okta Support Settings
+[**GetOrgPreferences**](OrgSettingApi.md#GetOrgPreferences) | **Get** /api/v1/org/preferences | Retrieve the Org Preferences
+[**GetOrgSettings**](OrgSettingApi.md#GetOrgSettings) | **Get** /api/v1/org | Retrieve the Org Settings
+[**GetWellknownOrgMetadata**](OrgSettingApi.md#GetWellknownOrgMetadata) | **Get** /.well-known/okta-organization | Retrieve the Well-Known Org Metadata
+[**GrantOktaSupport**](OrgSettingApi.md#GrantOktaSupport) | **Post** /api/v1/org/privacy/oktaSupport/grant | Grant Okta Support Access to your Org
+[**OptInUsersToOktaCommunicationEmails**](OrgSettingApi.md#OptInUsersToOktaCommunicationEmails) | **Post** /api/v1/org/privacy/oktaCommunication/optIn | Opt in all Users to Okta Communication emails
+[**OptOutUsersFromOktaCommunicationEmails**](OrgSettingApi.md#OptOutUsersFromOktaCommunicationEmails) | **Post** /api/v1/org/privacy/oktaCommunication/optOut | Opt out all Users from Okta Communication emails
+[**ReplaceOrgContactUser**](OrgSettingApi.md#ReplaceOrgContactUser) | **Put** /api/v1/org/contacts/{contactType} | Replace the User of the Contact Type
+[**ReplaceOrgSettings**](OrgSettingApi.md#ReplaceOrgSettings) | **Put** /api/v1/org | Replace the Org Settings
+[**RevokeOktaSupport**](OrgSettingApi.md#RevokeOktaSupport) | **Post** /api/v1/org/privacy/oktaSupport/revoke | Revoke Okta Support Access
+[**UpdateOrgHideOktaUIFooter**](OrgSettingApi.md#UpdateOrgHideOktaUIFooter) | **Post** /api/v1/org/preferences/hideEndUserFooter | Update the Preference to Hide the Okta Dashboard Footer
+[**UpdateOrgSettings**](OrgSettingApi.md#UpdateOrgSettings) | **Post** /api/v1/org | Update the Org Settings
+[**UpdateOrgShowOktaUIFooter**](OrgSettingApi.md#UpdateOrgShowOktaUIFooter) | **Post** /api/v1/org/preferences/showEndUserFooter | Update the Preference to Show the Okta Dashboard Footer
+[**UploadOrgLogo**](OrgSettingApi.md#UploadOrgLogo) | **Post** /api/v1/org/logo | Upload the Org Logo
+
+
+
+## BulkRemoveEmailAddressBounces
+
+> BouncesRemoveListResult BulkRemoveEmailAddressBounces(ctx).BouncesRemoveListObj(bouncesRemoveListObj).Execute()
+
+Remove Emails from Email Provider Bounce List
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    bouncesRemoveListObj := *openapiclient.NewBouncesRemoveListObj() // BouncesRemoveListObj |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.BulkRemoveEmailAddressBounces(context.Background()).BouncesRemoveListObj(bouncesRemoveListObj).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.BulkRemoveEmailAddressBounces``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `BulkRemoveEmailAddressBounces`: BouncesRemoveListResult
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.BulkRemoveEmailAddressBounces`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiBulkRemoveEmailAddressBouncesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **bouncesRemoveListObj** | [**BouncesRemoveListObj**](BouncesRemoveListObj.md) |  | 
+
+### Return type
+
+[**BouncesRemoveListResult**](BouncesRemoveListResult.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ExtendOktaSupport
+
+> OrgOktaSupportSettingsObj ExtendOktaSupport(ctx).Execute()
+
+Extend Okta Support Access
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.ExtendOktaSupport(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.ExtendOktaSupport``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ExtendOktaSupport`: OrgOktaSupportSettingsObj
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.ExtendOktaSupport`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiExtendOktaSupportRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgOktaSupportSettingsObj**](OrgOktaSupportSettingsObj.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOktaCommunicationSettings
+
+> OrgOktaCommunicationSetting GetOktaCommunicationSettings(ctx).Execute()
+
+Retrieve the Okta Communication Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GetOktaCommunicationSettings(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GetOktaCommunicationSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOktaCommunicationSettings`: OrgOktaCommunicationSetting
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GetOktaCommunicationSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOktaCommunicationSettingsRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgOktaCommunicationSetting**](OrgOktaCommunicationSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOrgContactTypes
+
+> []OrgContactTypeObj GetOrgContactTypes(ctx).Execute()
+
+Retrieve the Org Contact Types
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GetOrgContactTypes(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GetOrgContactTypes``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOrgContactTypes`: []OrgContactTypeObj
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GetOrgContactTypes`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOrgContactTypesRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]OrgContactTypeObj**](OrgContactTypeObj.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOrgContactUser
+
+> OrgContactUser GetOrgContactUser(ctx, contactType).Execute()
+
+Retrieve the User of the Contact Type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    contactType := "contactType_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GetOrgContactUser(context.Background(), contactType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GetOrgContactUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOrgContactUser`: OrgContactUser
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GetOrgContactUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**contactType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOrgContactUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**OrgContactUser**](OrgContactUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOrgOktaSupportSettings
+
+> OrgOktaSupportSettingsObj GetOrgOktaSupportSettings(ctx).Execute()
+
+Retrieve the Okta Support Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GetOrgOktaSupportSettings(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GetOrgOktaSupportSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOrgOktaSupportSettings`: OrgOktaSupportSettingsObj
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GetOrgOktaSupportSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOrgOktaSupportSettingsRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgOktaSupportSettingsObj**](OrgOktaSupportSettingsObj.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOrgPreferences
+
+> OrgPreferences GetOrgPreferences(ctx).Execute()
+
+Retrieve the Org Preferences
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GetOrgPreferences(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GetOrgPreferences``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOrgPreferences`: OrgPreferences
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GetOrgPreferences`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOrgPreferencesRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgPreferences**](OrgPreferences.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetOrgSettings
+
+> OrgSetting GetOrgSettings(ctx).Execute()
+
+Retrieve the Org Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GetOrgSettings(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GetOrgSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetOrgSettings`: OrgSetting
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GetOrgSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetOrgSettingsRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgSetting**](OrgSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetWellknownOrgMetadata
+
+> WellKnownOrgMetadata GetWellknownOrgMetadata(ctx).Execute()
+
+Retrieve the Well-Known Org Metadata
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GetWellknownOrgMetadata(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GetWellknownOrgMetadata``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetWellknownOrgMetadata`: WellKnownOrgMetadata
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GetWellknownOrgMetadata`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetWellknownOrgMetadataRequest struct via the builder pattern
+
+
+### Return type
+
+[**WellKnownOrgMetadata**](WellKnownOrgMetadata.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GrantOktaSupport
+
+> OrgOktaSupportSettingsObj GrantOktaSupport(ctx).Execute()
+
+Grant Okta Support Access to your Org
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.GrantOktaSupport(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.GrantOktaSupport``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GrantOktaSupport`: OrgOktaSupportSettingsObj
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.GrantOktaSupport`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGrantOktaSupportRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgOktaSupportSettingsObj**](OrgOktaSupportSettingsObj.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## OptInUsersToOktaCommunicationEmails
+
+> OrgOktaCommunicationSetting OptInUsersToOktaCommunicationEmails(ctx).Execute()
+
+Opt in all Users to Okta Communication emails
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.OptInUsersToOktaCommunicationEmails(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.OptInUsersToOktaCommunicationEmails``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `OptInUsersToOktaCommunicationEmails`: OrgOktaCommunicationSetting
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.OptInUsersToOktaCommunicationEmails`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiOptInUsersToOktaCommunicationEmailsRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgOktaCommunicationSetting**](OrgOktaCommunicationSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## OptOutUsersFromOktaCommunicationEmails
+
+> OrgOktaCommunicationSetting OptOutUsersFromOktaCommunicationEmails(ctx).Execute()
+
+Opt out all Users from Okta Communication emails
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.OptOutUsersFromOktaCommunicationEmails(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.OptOutUsersFromOktaCommunicationEmails``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `OptOutUsersFromOktaCommunicationEmails`: OrgOktaCommunicationSetting
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.OptOutUsersFromOktaCommunicationEmails`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiOptOutUsersFromOktaCommunicationEmailsRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgOktaCommunicationSetting**](OrgOktaCommunicationSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceOrgContactUser
+
+> OrgContactUser ReplaceOrgContactUser(ctx, contactType).OrgContactUser(orgContactUser).Execute()
+
+Replace the User of the Contact Type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    contactType := "contactType_example" // string | 
+    orgContactUser := *openapiclient.NewOrgContactUser() // OrgContactUser | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.ReplaceOrgContactUser(context.Background(), contactType).OrgContactUser(orgContactUser).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.ReplaceOrgContactUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceOrgContactUser`: OrgContactUser
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.ReplaceOrgContactUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**contactType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceOrgContactUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **orgContactUser** | [**OrgContactUser**](OrgContactUser.md) |  | 
+
+### Return type
+
+[**OrgContactUser**](OrgContactUser.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceOrgSettings
+
+> OrgSetting ReplaceOrgSettings(ctx).OrgSetting(orgSetting).Execute()
+
+Replace the Org Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    orgSetting := *openapiclient.NewOrgSetting() // OrgSetting | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.ReplaceOrgSettings(context.Background()).OrgSetting(orgSetting).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.ReplaceOrgSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceOrgSettings`: OrgSetting
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.ReplaceOrgSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceOrgSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **orgSetting** | [**OrgSetting**](OrgSetting.md) |  | 
+
+### Return type
+
+[**OrgSetting**](OrgSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeOktaSupport
+
+> OrgOktaSupportSettingsObj RevokeOktaSupport(ctx).Execute()
+
+Revoke Okta Support Access
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.RevokeOktaSupport(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.RevokeOktaSupport``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `RevokeOktaSupport`: OrgOktaSupportSettingsObj
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.RevokeOktaSupport`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeOktaSupportRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgOktaSupportSettingsObj**](OrgOktaSupportSettingsObj.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateOrgHideOktaUIFooter
+
+> OrgPreferences UpdateOrgHideOktaUIFooter(ctx).Execute()
+
+Update the Preference to Hide the Okta Dashboard Footer
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.UpdateOrgHideOktaUIFooter(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.UpdateOrgHideOktaUIFooter``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateOrgHideOktaUIFooter`: OrgPreferences
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.UpdateOrgHideOktaUIFooter`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateOrgHideOktaUIFooterRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgPreferences**](OrgPreferences.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateOrgSettings
+
+> OrgSetting UpdateOrgSettings(ctx).OrgSetting(orgSetting).Execute()
+
+Update the Org Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    orgSetting := *openapiclient.NewOrgSetting() // OrgSetting |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.UpdateOrgSettings(context.Background()).OrgSetting(orgSetting).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.UpdateOrgSettings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateOrgSettings`: OrgSetting
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.UpdateOrgSettings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateOrgSettingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **orgSetting** | [**OrgSetting**](OrgSetting.md) |  | 
+
+### Return type
+
+[**OrgSetting**](OrgSetting.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateOrgShowOktaUIFooter
+
+> OrgPreferences UpdateOrgShowOktaUIFooter(ctx).Execute()
+
+Update the Preference to Show the Okta Dashboard Footer
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.UpdateOrgShowOktaUIFooter(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.UpdateOrgShowOktaUIFooter``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateOrgShowOktaUIFooter`: OrgPreferences
+    fmt.Fprintf(os.Stdout, "Response from `OrgSettingApi.UpdateOrgShowOktaUIFooter`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateOrgShowOktaUIFooterRequest struct via the builder pattern
+
+
+### Return type
+
+[**OrgPreferences**](OrgPreferences.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UploadOrgLogo
+
+> UploadOrgLogo(ctx).File(file).Execute()
+
+Upload the Org Logo
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    file := os.NewFile(1234, "some_file") // *os.File | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.OrgSettingApi.UploadOrgLogo(context.Background()).File(file).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `OrgSettingApi.UploadOrgLogo``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUploadOrgLogoRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **file** | ***os.File** |  | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: multipart/form-data
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/PageRoot.md b/okta/docs/PageRoot.md
new file mode 100644
index 000000000..2e55fe3e0
--- /dev/null
+++ b/okta/docs/PageRoot.md
@@ -0,0 +1,82 @@
+# PageRoot
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Embedded** | Pointer to [**PageRootEmbedded**](PageRootEmbedded.md) |  | [optional] 
+**Links** | Pointer to [**PageRootLinks**](PageRootLinks.md) |  | [optional] 
+
+## Methods
+
+### NewPageRoot
+
+`func NewPageRoot() *PageRoot`
+
+NewPageRoot instantiates a new PageRoot object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPageRootWithDefaults
+
+`func NewPageRootWithDefaults() *PageRoot`
+
+NewPageRootWithDefaults instantiates a new PageRoot object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEmbedded
+
+`func (o *PageRoot) GetEmbedded() PageRootEmbedded`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *PageRoot) GetEmbeddedOk() (*PageRootEmbedded, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *PageRoot) SetEmbedded(v PageRootEmbedded)`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *PageRoot) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *PageRoot) GetLinks() PageRootLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *PageRoot) GetLinksOk() (*PageRootLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *PageRoot) SetLinks(v PageRootLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *PageRoot) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PageRootEmbedded.md b/okta/docs/PageRootEmbedded.md
new file mode 100644
index 000000000..bded081c1
--- /dev/null
+++ b/okta/docs/PageRootEmbedded.md
@@ -0,0 +1,160 @@
+# PageRootEmbedded
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Default** | Pointer to [**CustomizablePage**](CustomizablePage.md) |  | [optional] 
+**Customized** | Pointer to [**CustomizablePage**](CustomizablePage.md) |  | [optional] 
+**CustomizedUrl** | Pointer to **string** |  | [optional] 
+**Preview** | Pointer to [**CustomizablePage**](CustomizablePage.md) |  | [optional] 
+**PreviewUrl** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPageRootEmbedded
+
+`func NewPageRootEmbedded() *PageRootEmbedded`
+
+NewPageRootEmbedded instantiates a new PageRootEmbedded object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPageRootEmbeddedWithDefaults
+
+`func NewPageRootEmbeddedWithDefaults() *PageRootEmbedded`
+
+NewPageRootEmbeddedWithDefaults instantiates a new PageRootEmbedded object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDefault
+
+`func (o *PageRootEmbedded) GetDefault() CustomizablePage`
+
+GetDefault returns the Default field if non-nil, zero value otherwise.
+
+### GetDefaultOk
+
+`func (o *PageRootEmbedded) GetDefaultOk() (*CustomizablePage, bool)`
+
+GetDefaultOk returns a tuple with the Default field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefault
+
+`func (o *PageRootEmbedded) SetDefault(v CustomizablePage)`
+
+SetDefault sets Default field to given value.
+
+### HasDefault
+
+`func (o *PageRootEmbedded) HasDefault() bool`
+
+HasDefault returns a boolean if a field has been set.
+
+### GetCustomized
+
+`func (o *PageRootEmbedded) GetCustomized() CustomizablePage`
+
+GetCustomized returns the Customized field if non-nil, zero value otherwise.
+
+### GetCustomizedOk
+
+`func (o *PageRootEmbedded) GetCustomizedOk() (*CustomizablePage, bool)`
+
+GetCustomizedOk returns a tuple with the Customized field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomized
+
+`func (o *PageRootEmbedded) SetCustomized(v CustomizablePage)`
+
+SetCustomized sets Customized field to given value.
+
+### HasCustomized
+
+`func (o *PageRootEmbedded) HasCustomized() bool`
+
+HasCustomized returns a boolean if a field has been set.
+
+### GetCustomizedUrl
+
+`func (o *PageRootEmbedded) GetCustomizedUrl() string`
+
+GetCustomizedUrl returns the CustomizedUrl field if non-nil, zero value otherwise.
+
+### GetCustomizedUrlOk
+
+`func (o *PageRootEmbedded) GetCustomizedUrlOk() (*string, bool)`
+
+GetCustomizedUrlOk returns a tuple with the CustomizedUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomizedUrl
+
+`func (o *PageRootEmbedded) SetCustomizedUrl(v string)`
+
+SetCustomizedUrl sets CustomizedUrl field to given value.
+
+### HasCustomizedUrl
+
+`func (o *PageRootEmbedded) HasCustomizedUrl() bool`
+
+HasCustomizedUrl returns a boolean if a field has been set.
+
+### GetPreview
+
+`func (o *PageRootEmbedded) GetPreview() CustomizablePage`
+
+GetPreview returns the Preview field if non-nil, zero value otherwise.
+
+### GetPreviewOk
+
+`func (o *PageRootEmbedded) GetPreviewOk() (*CustomizablePage, bool)`
+
+GetPreviewOk returns a tuple with the Preview field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreview
+
+`func (o *PageRootEmbedded) SetPreview(v CustomizablePage)`
+
+SetPreview sets Preview field to given value.
+
+### HasPreview
+
+`func (o *PageRootEmbedded) HasPreview() bool`
+
+HasPreview returns a boolean if a field has been set.
+
+### GetPreviewUrl
+
+`func (o *PageRootEmbedded) GetPreviewUrl() string`
+
+GetPreviewUrl returns the PreviewUrl field if non-nil, zero value otherwise.
+
+### GetPreviewUrlOk
+
+`func (o *PageRootEmbedded) GetPreviewUrlOk() (*string, bool)`
+
+GetPreviewUrlOk returns a tuple with the PreviewUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreviewUrl
+
+`func (o *PageRootEmbedded) SetPreviewUrl(v string)`
+
+SetPreviewUrl sets PreviewUrl field to given value.
+
+### HasPreviewUrl
+
+`func (o *PageRootEmbedded) HasPreviewUrl() bool`
+
+HasPreviewUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PageRootLinks.md b/okta/docs/PageRootLinks.md
new file mode 100644
index 000000000..d669ae9ef
--- /dev/null
+++ b/okta/docs/PageRootLinks.md
@@ -0,0 +1,134 @@
+# PageRootLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Default** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Customized** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Preview** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewPageRootLinks
+
+`func NewPageRootLinks() *PageRootLinks`
+
+NewPageRootLinks instantiates a new PageRootLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPageRootLinksWithDefaults
+
+`func NewPageRootLinksWithDefaults() *PageRootLinks`
+
+NewPageRootLinksWithDefaults instantiates a new PageRootLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *PageRootLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *PageRootLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *PageRootLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *PageRootLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetDefault
+
+`func (o *PageRootLinks) GetDefault() HrefObject`
+
+GetDefault returns the Default field if non-nil, zero value otherwise.
+
+### GetDefaultOk
+
+`func (o *PageRootLinks) GetDefaultOk() (*HrefObject, bool)`
+
+GetDefaultOk returns a tuple with the Default field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefault
+
+`func (o *PageRootLinks) SetDefault(v HrefObject)`
+
+SetDefault sets Default field to given value.
+
+### HasDefault
+
+`func (o *PageRootLinks) HasDefault() bool`
+
+HasDefault returns a boolean if a field has been set.
+
+### GetCustomized
+
+`func (o *PageRootLinks) GetCustomized() HrefObject`
+
+GetCustomized returns the Customized field if non-nil, zero value otherwise.
+
+### GetCustomizedOk
+
+`func (o *PageRootLinks) GetCustomizedOk() (*HrefObject, bool)`
+
+GetCustomizedOk returns a tuple with the Customized field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomized
+
+`func (o *PageRootLinks) SetCustomized(v HrefObject)`
+
+SetCustomized sets Customized field to given value.
+
+### HasCustomized
+
+`func (o *PageRootLinks) HasCustomized() bool`
+
+HasCustomized returns a boolean if a field has been set.
+
+### GetPreview
+
+`func (o *PageRootLinks) GetPreview() HrefObject`
+
+GetPreview returns the Preview field if non-nil, zero value otherwise.
+
+### GetPreviewOk
+
+`func (o *PageRootLinks) GetPreviewOk() (*HrefObject, bool)`
+
+GetPreviewOk returns a tuple with the Preview field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreview
+
+`func (o *PageRootLinks) SetPreview(v HrefObject)`
+
+SetPreview sets Preview field to given value.
+
+### HasPreview
+
+`func (o *PageRootLinks) HasPreview() bool`
+
+HasPreview returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordCredential.md b/okta/docs/PasswordCredential.md
new file mode 100644
index 000000000..14e71934c
--- /dev/null
+++ b/okta/docs/PasswordCredential.md
@@ -0,0 +1,108 @@
+# PasswordCredential
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Hash** | Pointer to [**PasswordCredentialHash**](PasswordCredentialHash.md) |  | [optional] 
+**Hook** | Pointer to [**PasswordCredentialHook**](PasswordCredentialHook.md) |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPasswordCredential
+
+`func NewPasswordCredential() *PasswordCredential`
+
+NewPasswordCredential instantiates a new PasswordCredential object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordCredentialWithDefaults
+
+`func NewPasswordCredentialWithDefaults() *PasswordCredential`
+
+NewPasswordCredentialWithDefaults instantiates a new PasswordCredential object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetHash
+
+`func (o *PasswordCredential) GetHash() PasswordCredentialHash`
+
+GetHash returns the Hash field if non-nil, zero value otherwise.
+
+### GetHashOk
+
+`func (o *PasswordCredential) GetHashOk() (*PasswordCredentialHash, bool)`
+
+GetHashOk returns a tuple with the Hash field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHash
+
+`func (o *PasswordCredential) SetHash(v PasswordCredentialHash)`
+
+SetHash sets Hash field to given value.
+
+### HasHash
+
+`func (o *PasswordCredential) HasHash() bool`
+
+HasHash returns a boolean if a field has been set.
+
+### GetHook
+
+`func (o *PasswordCredential) GetHook() PasswordCredentialHook`
+
+GetHook returns the Hook field if non-nil, zero value otherwise.
+
+### GetHookOk
+
+`func (o *PasswordCredential) GetHookOk() (*PasswordCredentialHook, bool)`
+
+GetHookOk returns a tuple with the Hook field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHook
+
+`func (o *PasswordCredential) SetHook(v PasswordCredentialHook)`
+
+SetHook sets Hook field to given value.
+
+### HasHook
+
+`func (o *PasswordCredential) HasHook() bool`
+
+HasHook returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *PasswordCredential) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *PasswordCredential) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *PasswordCredential) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *PasswordCredential) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordCredentialHash.md b/okta/docs/PasswordCredentialHash.md
new file mode 100644
index 000000000..a8cf000fa
--- /dev/null
+++ b/okta/docs/PasswordCredentialHash.md
@@ -0,0 +1,160 @@
+# PasswordCredentialHash
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Algorithm** | Pointer to [**PasswordCredentialHashAlgorithm**](PasswordCredentialHashAlgorithm.md) |  | [optional] 
+**Salt** | Pointer to **string** |  | [optional] 
+**SaltOrder** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+**WorkFactor** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewPasswordCredentialHash
+
+`func NewPasswordCredentialHash() *PasswordCredentialHash`
+
+NewPasswordCredentialHash instantiates a new PasswordCredentialHash object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordCredentialHashWithDefaults
+
+`func NewPasswordCredentialHashWithDefaults() *PasswordCredentialHash`
+
+NewPasswordCredentialHashWithDefaults instantiates a new PasswordCredentialHash object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlgorithm
+
+`func (o *PasswordCredentialHash) GetAlgorithm() PasswordCredentialHashAlgorithm`
+
+GetAlgorithm returns the Algorithm field if non-nil, zero value otherwise.
+
+### GetAlgorithmOk
+
+`func (o *PasswordCredentialHash) GetAlgorithmOk() (*PasswordCredentialHashAlgorithm, bool)`
+
+GetAlgorithmOk returns a tuple with the Algorithm field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlgorithm
+
+`func (o *PasswordCredentialHash) SetAlgorithm(v PasswordCredentialHashAlgorithm)`
+
+SetAlgorithm sets Algorithm field to given value.
+
+### HasAlgorithm
+
+`func (o *PasswordCredentialHash) HasAlgorithm() bool`
+
+HasAlgorithm returns a boolean if a field has been set.
+
+### GetSalt
+
+`func (o *PasswordCredentialHash) GetSalt() string`
+
+GetSalt returns the Salt field if non-nil, zero value otherwise.
+
+### GetSaltOk
+
+`func (o *PasswordCredentialHash) GetSaltOk() (*string, bool)`
+
+GetSaltOk returns a tuple with the Salt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSalt
+
+`func (o *PasswordCredentialHash) SetSalt(v string)`
+
+SetSalt sets Salt field to given value.
+
+### HasSalt
+
+`func (o *PasswordCredentialHash) HasSalt() bool`
+
+HasSalt returns a boolean if a field has been set.
+
+### GetSaltOrder
+
+`func (o *PasswordCredentialHash) GetSaltOrder() string`
+
+GetSaltOrder returns the SaltOrder field if non-nil, zero value otherwise.
+
+### GetSaltOrderOk
+
+`func (o *PasswordCredentialHash) GetSaltOrderOk() (*string, bool)`
+
+GetSaltOrderOk returns a tuple with the SaltOrder field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSaltOrder
+
+`func (o *PasswordCredentialHash) SetSaltOrder(v string)`
+
+SetSaltOrder sets SaltOrder field to given value.
+
+### HasSaltOrder
+
+`func (o *PasswordCredentialHash) HasSaltOrder() bool`
+
+HasSaltOrder returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *PasswordCredentialHash) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *PasswordCredentialHash) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *PasswordCredentialHash) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *PasswordCredentialHash) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+### GetWorkFactor
+
+`func (o *PasswordCredentialHash) GetWorkFactor() int32`
+
+GetWorkFactor returns the WorkFactor field if non-nil, zero value otherwise.
+
+### GetWorkFactorOk
+
+`func (o *PasswordCredentialHash) GetWorkFactorOk() (*int32, bool)`
+
+GetWorkFactorOk returns a tuple with the WorkFactor field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWorkFactor
+
+`func (o *PasswordCredentialHash) SetWorkFactor(v int32)`
+
+SetWorkFactor sets WorkFactor field to given value.
+
+### HasWorkFactor
+
+`func (o *PasswordCredentialHash) HasWorkFactor() bool`
+
+HasWorkFactor returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordCredentialHashAlgorithm.md b/okta/docs/PasswordCredentialHashAlgorithm.md
new file mode 100644
index 000000000..41f27edaa
--- /dev/null
+++ b/okta/docs/PasswordCredentialHashAlgorithm.md
@@ -0,0 +1,19 @@
+# PasswordCredentialHashAlgorithm
+
+## Enum
+
+
+* `BCRYPT` (value: `"BCRYPT"`)
+
+* `MD5` (value: `"MD5"`)
+
+* `SHA_1` (value: `"SHA-1"`)
+
+* `SHA_256` (value: `"SHA-256"`)
+
+* `SHA_512` (value: `"SHA-512"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordCredentialHook.md b/okta/docs/PasswordCredentialHook.md
new file mode 100644
index 000000000..197f0a73c
--- /dev/null
+++ b/okta/docs/PasswordCredentialHook.md
@@ -0,0 +1,56 @@
+# PasswordCredentialHook
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPasswordCredentialHook
+
+`func NewPasswordCredentialHook() *PasswordCredentialHook`
+
+NewPasswordCredentialHook instantiates a new PasswordCredentialHook object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordCredentialHookWithDefaults
+
+`func NewPasswordCredentialHookWithDefaults() *PasswordCredentialHook`
+
+NewPasswordCredentialHookWithDefaults instantiates a new PasswordCredentialHook object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *PasswordCredentialHook) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *PasswordCredentialHook) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *PasswordCredentialHook) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *PasswordCredentialHook) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordDictionary.md b/okta/docs/PasswordDictionary.md
new file mode 100644
index 000000000..23026c6ba
--- /dev/null
+++ b/okta/docs/PasswordDictionary.md
@@ -0,0 +1,56 @@
+# PasswordDictionary
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Common** | Pointer to [**PasswordDictionaryCommon**](PasswordDictionaryCommon.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordDictionary
+
+`func NewPasswordDictionary() *PasswordDictionary`
+
+NewPasswordDictionary instantiates a new PasswordDictionary object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordDictionaryWithDefaults
+
+`func NewPasswordDictionaryWithDefaults() *PasswordDictionary`
+
+NewPasswordDictionaryWithDefaults instantiates a new PasswordDictionary object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCommon
+
+`func (o *PasswordDictionary) GetCommon() PasswordDictionaryCommon`
+
+GetCommon returns the Common field if non-nil, zero value otherwise.
+
+### GetCommonOk
+
+`func (o *PasswordDictionary) GetCommonOk() (*PasswordDictionaryCommon, bool)`
+
+GetCommonOk returns a tuple with the Common field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCommon
+
+`func (o *PasswordDictionary) SetCommon(v PasswordDictionaryCommon)`
+
+SetCommon sets Common field to given value.
+
+### HasCommon
+
+`func (o *PasswordDictionary) HasCommon() bool`
+
+HasCommon returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordDictionaryCommon.md b/okta/docs/PasswordDictionaryCommon.md
new file mode 100644
index 000000000..adb4107c8
--- /dev/null
+++ b/okta/docs/PasswordDictionaryCommon.md
@@ -0,0 +1,56 @@
+# PasswordDictionaryCommon
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **bool** |  | [optional] [default to false]
+
+## Methods
+
+### NewPasswordDictionaryCommon
+
+`func NewPasswordDictionaryCommon() *PasswordDictionaryCommon`
+
+NewPasswordDictionaryCommon instantiates a new PasswordDictionaryCommon object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordDictionaryCommonWithDefaults
+
+`func NewPasswordDictionaryCommonWithDefaults() *PasswordDictionaryCommon`
+
+NewPasswordDictionaryCommonWithDefaults instantiates a new PasswordDictionaryCommon object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *PasswordDictionaryCommon) GetExclude() bool`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *PasswordDictionaryCommon) GetExcludeOk() (*bool, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *PasswordDictionaryCommon) SetExclude(v bool)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *PasswordDictionaryCommon) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordExpirationPolicyRuleCondition.md b/okta/docs/PasswordExpirationPolicyRuleCondition.md
new file mode 100644
index 000000000..6cae43d7f
--- /dev/null
+++ b/okta/docs/PasswordExpirationPolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# PasswordExpirationPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Number** | Pointer to **int32** |  | [optional] 
+**Unit** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPasswordExpirationPolicyRuleCondition
+
+`func NewPasswordExpirationPolicyRuleCondition() *PasswordExpirationPolicyRuleCondition`
+
+NewPasswordExpirationPolicyRuleCondition instantiates a new PasswordExpirationPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordExpirationPolicyRuleConditionWithDefaults
+
+`func NewPasswordExpirationPolicyRuleConditionWithDefaults() *PasswordExpirationPolicyRuleCondition`
+
+NewPasswordExpirationPolicyRuleConditionWithDefaults instantiates a new PasswordExpirationPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNumber
+
+`func (o *PasswordExpirationPolicyRuleCondition) GetNumber() int32`
+
+GetNumber returns the Number field if non-nil, zero value otherwise.
+
+### GetNumberOk
+
+`func (o *PasswordExpirationPolicyRuleCondition) GetNumberOk() (*int32, bool)`
+
+GetNumberOk returns a tuple with the Number field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNumber
+
+`func (o *PasswordExpirationPolicyRuleCondition) SetNumber(v int32)`
+
+SetNumber sets Number field to given value.
+
+### HasNumber
+
+`func (o *PasswordExpirationPolicyRuleCondition) HasNumber() bool`
+
+HasNumber returns a boolean if a field has been set.
+
+### GetUnit
+
+`func (o *PasswordExpirationPolicyRuleCondition) GetUnit() string`
+
+GetUnit returns the Unit field if non-nil, zero value otherwise.
+
+### GetUnitOk
+
+`func (o *PasswordExpirationPolicyRuleCondition) GetUnitOk() (*string, bool)`
+
+GetUnitOk returns a tuple with the Unit field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnit
+
+`func (o *PasswordExpirationPolicyRuleCondition) SetUnit(v string)`
+
+SetUnit sets Unit field to given value.
+
+### HasUnit
+
+`func (o *PasswordExpirationPolicyRuleCondition) HasUnit() bool`
+
+HasUnit returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicy.md b/okta/docs/PasswordPolicy.md
new file mode 100644
index 000000000..40b8a5b59
--- /dev/null
+++ b/okta/docs/PasswordPolicy.md
@@ -0,0 +1,82 @@
+# PasswordPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PasswordPolicyConditions**](PasswordPolicyConditions.md) |  | [optional] 
+**Settings** | Pointer to [**PasswordPolicySettings**](PasswordPolicySettings.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicy
+
+`func NewPasswordPolicy() *PasswordPolicy`
+
+NewPasswordPolicy instantiates a new PasswordPolicy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyWithDefaults
+
+`func NewPasswordPolicyWithDefaults() *PasswordPolicy`
+
+NewPasswordPolicyWithDefaults instantiates a new PasswordPolicy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *PasswordPolicy) GetConditions() PasswordPolicyConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *PasswordPolicy) GetConditionsOk() (*PasswordPolicyConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *PasswordPolicy) SetConditions(v PasswordPolicyConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *PasswordPolicy) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *PasswordPolicy) GetSettings() PasswordPolicySettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *PasswordPolicy) GetSettingsOk() (*PasswordPolicySettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *PasswordPolicy) SetSettings(v PasswordPolicySettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *PasswordPolicy) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyAllOf.md b/okta/docs/PasswordPolicyAllOf.md
new file mode 100644
index 000000000..deef0b46c
--- /dev/null
+++ b/okta/docs/PasswordPolicyAllOf.md
@@ -0,0 +1,82 @@
+# PasswordPolicyAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PasswordPolicyConditions**](PasswordPolicyConditions.md) |  | [optional] 
+**Settings** | Pointer to [**PasswordPolicySettings**](PasswordPolicySettings.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyAllOf
+
+`func NewPasswordPolicyAllOf() *PasswordPolicyAllOf`
+
+NewPasswordPolicyAllOf instantiates a new PasswordPolicyAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyAllOfWithDefaults
+
+`func NewPasswordPolicyAllOfWithDefaults() *PasswordPolicyAllOf`
+
+NewPasswordPolicyAllOfWithDefaults instantiates a new PasswordPolicyAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *PasswordPolicyAllOf) GetConditions() PasswordPolicyConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *PasswordPolicyAllOf) GetConditionsOk() (*PasswordPolicyConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *PasswordPolicyAllOf) SetConditions(v PasswordPolicyConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *PasswordPolicyAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *PasswordPolicyAllOf) GetSettings() PasswordPolicySettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *PasswordPolicyAllOf) GetSettingsOk() (*PasswordPolicySettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *PasswordPolicyAllOf) SetSettings(v PasswordPolicySettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *PasswordPolicyAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyAuthenticationProviderCondition.md b/okta/docs/PasswordPolicyAuthenticationProviderCondition.md
new file mode 100644
index 000000000..22ed697a2
--- /dev/null
+++ b/okta/docs/PasswordPolicyAuthenticationProviderCondition.md
@@ -0,0 +1,82 @@
+# PasswordPolicyAuthenticationProviderCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | Pointer to **[]string** |  | [optional] 
+**Provider** | Pointer to [**PasswordPolicyAuthenticationProviderType**](PasswordPolicyAuthenticationProviderType.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyAuthenticationProviderCondition
+
+`func NewPasswordPolicyAuthenticationProviderCondition() *PasswordPolicyAuthenticationProviderCondition`
+
+NewPasswordPolicyAuthenticationProviderCondition instantiates a new PasswordPolicyAuthenticationProviderCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyAuthenticationProviderConditionWithDefaults
+
+`func NewPasswordPolicyAuthenticationProviderConditionWithDefaults() *PasswordPolicyAuthenticationProviderCondition`
+
+NewPasswordPolicyAuthenticationProviderConditionWithDefaults instantiates a new PasswordPolicyAuthenticationProviderCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInclude
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+### GetProvider
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) GetProvider() PasswordPolicyAuthenticationProviderType`
+
+GetProvider returns the Provider field if non-nil, zero value otherwise.
+
+### GetProviderOk
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) GetProviderOk() (*PasswordPolicyAuthenticationProviderType, bool)`
+
+GetProviderOk returns a tuple with the Provider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvider
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) SetProvider(v PasswordPolicyAuthenticationProviderType)`
+
+SetProvider sets Provider field to given value.
+
+### HasProvider
+
+`func (o *PasswordPolicyAuthenticationProviderCondition) HasProvider() bool`
+
+HasProvider returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyAuthenticationProviderType.md b/okta/docs/PasswordPolicyAuthenticationProviderType.md
new file mode 100644
index 000000000..aff0831e9
--- /dev/null
+++ b/okta/docs/PasswordPolicyAuthenticationProviderType.md
@@ -0,0 +1,17 @@
+# PasswordPolicyAuthenticationProviderType
+
+## Enum
+
+
+* `ACTIVE_DIRECTORY` (value: `"ACTIVE_DIRECTORY"`)
+
+* `ANY` (value: `"ANY"`)
+
+* `LDAP` (value: `"LDAP"`)
+
+* `OKTA` (value: `"OKTA"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyConditions.md b/okta/docs/PasswordPolicyConditions.md
new file mode 100644
index 000000000..e81fe5452
--- /dev/null
+++ b/okta/docs/PasswordPolicyConditions.md
@@ -0,0 +1,576 @@
+# PasswordPolicyConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
+**Apps** | Pointer to [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**BeforeScheduledAction** | Pointer to [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**Context** | Pointer to [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
+**Device** | Pointer to [**DevicePolicyRuleCondition**](DevicePolicyRuleCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**Groups** | Pointer to [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
+**IdentityProvider** | Pointer to [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
+**MdmEnrollment** | Pointer to [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Platform** | Pointer to [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
+**Risk** | Pointer to [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
+**RiskScore** | Pointer to [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+**UserIdentifier** | Pointer to [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
+**UserStatus** | Pointer to [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyConditions
+
+`func NewPasswordPolicyConditions() *PasswordPolicyConditions`
+
+NewPasswordPolicyConditions instantiates a new PasswordPolicyConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyConditionsWithDefaults
+
+`func NewPasswordPolicyConditionsWithDefaults() *PasswordPolicyConditions`
+
+NewPasswordPolicyConditionsWithDefaults instantiates a new PasswordPolicyConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *PasswordPolicyConditions) GetApp() AppAndInstancePolicyRuleCondition`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *PasswordPolicyConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *PasswordPolicyConditions) SetApp(v AppAndInstancePolicyRuleCondition)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *PasswordPolicyConditions) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetApps
+
+`func (o *PasswordPolicyConditions) GetApps() AppInstancePolicyRuleCondition`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *PasswordPolicyConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *PasswordPolicyConditions) SetApps(v AppInstancePolicyRuleCondition)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *PasswordPolicyConditions) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetAuthContext
+
+`func (o *PasswordPolicyConditions) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *PasswordPolicyConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *PasswordPolicyConditions) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *PasswordPolicyConditions) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetAuthProvider
+
+`func (o *PasswordPolicyConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *PasswordPolicyConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *PasswordPolicyConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *PasswordPolicyConditions) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetBeforeScheduledAction
+
+`func (o *PasswordPolicyConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition`
+
+GetBeforeScheduledAction returns the BeforeScheduledAction field if non-nil, zero value otherwise.
+
+### GetBeforeScheduledActionOk
+
+`func (o *PasswordPolicyConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool)`
+
+GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBeforeScheduledAction
+
+`func (o *PasswordPolicyConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition)`
+
+SetBeforeScheduledAction sets BeforeScheduledAction field to given value.
+
+### HasBeforeScheduledAction
+
+`func (o *PasswordPolicyConditions) HasBeforeScheduledAction() bool`
+
+HasBeforeScheduledAction returns a boolean if a field has been set.
+
+### GetClients
+
+`func (o *PasswordPolicyConditions) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *PasswordPolicyConditions) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *PasswordPolicyConditions) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *PasswordPolicyConditions) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetContext
+
+`func (o *PasswordPolicyConditions) GetContext() ContextPolicyRuleCondition`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *PasswordPolicyConditions) GetContextOk() (*ContextPolicyRuleCondition, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *PasswordPolicyConditions) SetContext(v ContextPolicyRuleCondition)`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *PasswordPolicyConditions) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### GetDevice
+
+`func (o *PasswordPolicyConditions) GetDevice() DevicePolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *PasswordPolicyConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *PasswordPolicyConditions) SetDevice(v DevicePolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *PasswordPolicyConditions) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *PasswordPolicyConditions) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *PasswordPolicyConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *PasswordPolicyConditions) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *PasswordPolicyConditions) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *PasswordPolicyConditions) GetGroups() GroupPolicyRuleCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *PasswordPolicyConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *PasswordPolicyConditions) SetGroups(v GroupPolicyRuleCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *PasswordPolicyConditions) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetIdentityProvider
+
+`func (o *PasswordPolicyConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition`
+
+GetIdentityProvider returns the IdentityProvider field if non-nil, zero value otherwise.
+
+### GetIdentityProviderOk
+
+`func (o *PasswordPolicyConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool)`
+
+GetIdentityProviderOk returns a tuple with the IdentityProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityProvider
+
+`func (o *PasswordPolicyConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition)`
+
+SetIdentityProvider sets IdentityProvider field to given value.
+
+### HasIdentityProvider
+
+`func (o *PasswordPolicyConditions) HasIdentityProvider() bool`
+
+HasIdentityProvider returns a boolean if a field has been set.
+
+### GetMdmEnrollment
+
+`func (o *PasswordPolicyConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition`
+
+GetMdmEnrollment returns the MdmEnrollment field if non-nil, zero value otherwise.
+
+### GetMdmEnrollmentOk
+
+`func (o *PasswordPolicyConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool)`
+
+GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMdmEnrollment
+
+`func (o *PasswordPolicyConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition)`
+
+SetMdmEnrollment sets MdmEnrollment field to given value.
+
+### HasMdmEnrollment
+
+`func (o *PasswordPolicyConditions) HasMdmEnrollment() bool`
+
+HasMdmEnrollment returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *PasswordPolicyConditions) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *PasswordPolicyConditions) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *PasswordPolicyConditions) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *PasswordPolicyConditions) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *PasswordPolicyConditions) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *PasswordPolicyConditions) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *PasswordPolicyConditions) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *PasswordPolicyConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *PasswordPolicyConditions) GetPlatform() PlatformPolicyRuleCondition`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *PasswordPolicyConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *PasswordPolicyConditions) SetPlatform(v PlatformPolicyRuleCondition)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *PasswordPolicyConditions) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRisk
+
+`func (o *PasswordPolicyConditions) GetRisk() RiskPolicyRuleCondition`
+
+GetRisk returns the Risk field if non-nil, zero value otherwise.
+
+### GetRiskOk
+
+`func (o *PasswordPolicyConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool)`
+
+GetRiskOk returns a tuple with the Risk field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRisk
+
+`func (o *PasswordPolicyConditions) SetRisk(v RiskPolicyRuleCondition)`
+
+SetRisk sets Risk field to given value.
+
+### HasRisk
+
+`func (o *PasswordPolicyConditions) HasRisk() bool`
+
+HasRisk returns a boolean if a field has been set.
+
+### GetRiskScore
+
+`func (o *PasswordPolicyConditions) GetRiskScore() RiskScorePolicyRuleCondition`
+
+GetRiskScore returns the RiskScore field if non-nil, zero value otherwise.
+
+### GetRiskScoreOk
+
+`func (o *PasswordPolicyConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool)`
+
+GetRiskScoreOk returns a tuple with the RiskScore field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskScore
+
+`func (o *PasswordPolicyConditions) SetRiskScore(v RiskScorePolicyRuleCondition)`
+
+SetRiskScore sets RiskScore field to given value.
+
+### HasRiskScore
+
+`func (o *PasswordPolicyConditions) HasRiskScore() bool`
+
+HasRiskScore returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *PasswordPolicyConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *PasswordPolicyConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *PasswordPolicyConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *PasswordPolicyConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetUserIdentifier
+
+`func (o *PasswordPolicyConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition`
+
+GetUserIdentifier returns the UserIdentifier field if non-nil, zero value otherwise.
+
+### GetUserIdentifierOk
+
+`func (o *PasswordPolicyConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool)`
+
+GetUserIdentifierOk returns a tuple with the UserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserIdentifier
+
+`func (o *PasswordPolicyConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition)`
+
+SetUserIdentifier sets UserIdentifier field to given value.
+
+### HasUserIdentifier
+
+`func (o *PasswordPolicyConditions) HasUserIdentifier() bool`
+
+HasUserIdentifier returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *PasswordPolicyConditions) GetUsers() UserPolicyRuleCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *PasswordPolicyConditions) GetUsersOk() (*UserPolicyRuleCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *PasswordPolicyConditions) SetUsers(v UserPolicyRuleCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *PasswordPolicyConditions) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetUserStatus
+
+`func (o *PasswordPolicyConditions) GetUserStatus() UserStatusPolicyRuleCondition`
+
+GetUserStatus returns the UserStatus field if non-nil, zero value otherwise.
+
+### GetUserStatusOk
+
+`func (o *PasswordPolicyConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool)`
+
+GetUserStatusOk returns a tuple with the UserStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserStatus
+
+`func (o *PasswordPolicyConditions) SetUserStatus(v UserStatusPolicyRuleCondition)`
+
+SetUserStatus sets UserStatus field to given value.
+
+### HasUserStatus
+
+`func (o *PasswordPolicyConditions) HasUserStatus() bool`
+
+HasUserStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyConditionsAllOf.md b/okta/docs/PasswordPolicyConditionsAllOf.md
new file mode 100644
index 000000000..c4cb4e70c
--- /dev/null
+++ b/okta/docs/PasswordPolicyConditionsAllOf.md
@@ -0,0 +1,82 @@
+# PasswordPolicyConditionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyConditionsAllOf
+
+`func NewPasswordPolicyConditionsAllOf() *PasswordPolicyConditionsAllOf`
+
+NewPasswordPolicyConditionsAllOf instantiates a new PasswordPolicyConditionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyConditionsAllOfWithDefaults
+
+`func NewPasswordPolicyConditionsAllOfWithDefaults() *PasswordPolicyConditionsAllOf`
+
+NewPasswordPolicyConditionsAllOfWithDefaults instantiates a new PasswordPolicyConditionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthProvider
+
+`func (o *PasswordPolicyConditionsAllOf) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *PasswordPolicyConditionsAllOf) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *PasswordPolicyConditionsAllOf) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *PasswordPolicyConditionsAllOf) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *PasswordPolicyConditionsAllOf) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *PasswordPolicyConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *PasswordPolicyConditionsAllOf) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *PasswordPolicyConditionsAllOf) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyDelegationSettings.md b/okta/docs/PasswordPolicyDelegationSettings.md
new file mode 100644
index 000000000..c660a8ba6
--- /dev/null
+++ b/okta/docs/PasswordPolicyDelegationSettings.md
@@ -0,0 +1,56 @@
+# PasswordPolicyDelegationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Options** | Pointer to [**PasswordPolicyDelegationSettingsOptions**](PasswordPolicyDelegationSettingsOptions.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyDelegationSettings
+
+`func NewPasswordPolicyDelegationSettings() *PasswordPolicyDelegationSettings`
+
+NewPasswordPolicyDelegationSettings instantiates a new PasswordPolicyDelegationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyDelegationSettingsWithDefaults
+
+`func NewPasswordPolicyDelegationSettingsWithDefaults() *PasswordPolicyDelegationSettings`
+
+NewPasswordPolicyDelegationSettingsWithDefaults instantiates a new PasswordPolicyDelegationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOptions
+
+`func (o *PasswordPolicyDelegationSettings) GetOptions() PasswordPolicyDelegationSettingsOptions`
+
+GetOptions returns the Options field if non-nil, zero value otherwise.
+
+### GetOptionsOk
+
+`func (o *PasswordPolicyDelegationSettings) GetOptionsOk() (*PasswordPolicyDelegationSettingsOptions, bool)`
+
+GetOptionsOk returns a tuple with the Options field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptions
+
+`func (o *PasswordPolicyDelegationSettings) SetOptions(v PasswordPolicyDelegationSettingsOptions)`
+
+SetOptions sets Options field to given value.
+
+### HasOptions
+
+`func (o *PasswordPolicyDelegationSettings) HasOptions() bool`
+
+HasOptions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyDelegationSettingsOptions.md b/okta/docs/PasswordPolicyDelegationSettingsOptions.md
new file mode 100644
index 000000000..899230440
--- /dev/null
+++ b/okta/docs/PasswordPolicyDelegationSettingsOptions.md
@@ -0,0 +1,56 @@
+# PasswordPolicyDelegationSettingsOptions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SkipUnlock** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyDelegationSettingsOptions
+
+`func NewPasswordPolicyDelegationSettingsOptions() *PasswordPolicyDelegationSettingsOptions`
+
+NewPasswordPolicyDelegationSettingsOptions instantiates a new PasswordPolicyDelegationSettingsOptions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyDelegationSettingsOptionsWithDefaults
+
+`func NewPasswordPolicyDelegationSettingsOptionsWithDefaults() *PasswordPolicyDelegationSettingsOptions`
+
+NewPasswordPolicyDelegationSettingsOptionsWithDefaults instantiates a new PasswordPolicyDelegationSettingsOptions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSkipUnlock
+
+`func (o *PasswordPolicyDelegationSettingsOptions) GetSkipUnlock() bool`
+
+GetSkipUnlock returns the SkipUnlock field if non-nil, zero value otherwise.
+
+### GetSkipUnlockOk
+
+`func (o *PasswordPolicyDelegationSettingsOptions) GetSkipUnlockOk() (*bool, bool)`
+
+GetSkipUnlockOk returns a tuple with the SkipUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSkipUnlock
+
+`func (o *PasswordPolicyDelegationSettingsOptions) SetSkipUnlock(v bool)`
+
+SetSkipUnlock sets SkipUnlock field to given value.
+
+### HasSkipUnlock
+
+`func (o *PasswordPolicyDelegationSettingsOptions) HasSkipUnlock() bool`
+
+HasSkipUnlock returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyPasswordSettings.md b/okta/docs/PasswordPolicyPasswordSettings.md
new file mode 100644
index 000000000..88dd53b6a
--- /dev/null
+++ b/okta/docs/PasswordPolicyPasswordSettings.md
@@ -0,0 +1,108 @@
+# PasswordPolicyPasswordSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Age** | Pointer to [**PasswordPolicyPasswordSettingsAge**](PasswordPolicyPasswordSettingsAge.md) |  | [optional] 
+**Complexity** | Pointer to [**PasswordPolicyPasswordSettingsComplexity**](PasswordPolicyPasswordSettingsComplexity.md) |  | [optional] 
+**Lockout** | Pointer to [**PasswordPolicyPasswordSettingsLockout**](PasswordPolicyPasswordSettingsLockout.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyPasswordSettings
+
+`func NewPasswordPolicyPasswordSettings() *PasswordPolicyPasswordSettings`
+
+NewPasswordPolicyPasswordSettings instantiates a new PasswordPolicyPasswordSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyPasswordSettingsWithDefaults
+
+`func NewPasswordPolicyPasswordSettingsWithDefaults() *PasswordPolicyPasswordSettings`
+
+NewPasswordPolicyPasswordSettingsWithDefaults instantiates a new PasswordPolicyPasswordSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAge
+
+`func (o *PasswordPolicyPasswordSettings) GetAge() PasswordPolicyPasswordSettingsAge`
+
+GetAge returns the Age field if non-nil, zero value otherwise.
+
+### GetAgeOk
+
+`func (o *PasswordPolicyPasswordSettings) GetAgeOk() (*PasswordPolicyPasswordSettingsAge, bool)`
+
+GetAgeOk returns a tuple with the Age field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAge
+
+`func (o *PasswordPolicyPasswordSettings) SetAge(v PasswordPolicyPasswordSettingsAge)`
+
+SetAge sets Age field to given value.
+
+### HasAge
+
+`func (o *PasswordPolicyPasswordSettings) HasAge() bool`
+
+HasAge returns a boolean if a field has been set.
+
+### GetComplexity
+
+`func (o *PasswordPolicyPasswordSettings) GetComplexity() PasswordPolicyPasswordSettingsComplexity`
+
+GetComplexity returns the Complexity field if non-nil, zero value otherwise.
+
+### GetComplexityOk
+
+`func (o *PasswordPolicyPasswordSettings) GetComplexityOk() (*PasswordPolicyPasswordSettingsComplexity, bool)`
+
+GetComplexityOk returns a tuple with the Complexity field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetComplexity
+
+`func (o *PasswordPolicyPasswordSettings) SetComplexity(v PasswordPolicyPasswordSettingsComplexity)`
+
+SetComplexity sets Complexity field to given value.
+
+### HasComplexity
+
+`func (o *PasswordPolicyPasswordSettings) HasComplexity() bool`
+
+HasComplexity returns a boolean if a field has been set.
+
+### GetLockout
+
+`func (o *PasswordPolicyPasswordSettings) GetLockout() PasswordPolicyPasswordSettingsLockout`
+
+GetLockout returns the Lockout field if non-nil, zero value otherwise.
+
+### GetLockoutOk
+
+`func (o *PasswordPolicyPasswordSettings) GetLockoutOk() (*PasswordPolicyPasswordSettingsLockout, bool)`
+
+GetLockoutOk returns a tuple with the Lockout field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLockout
+
+`func (o *PasswordPolicyPasswordSettings) SetLockout(v PasswordPolicyPasswordSettingsLockout)`
+
+SetLockout sets Lockout field to given value.
+
+### HasLockout
+
+`func (o *PasswordPolicyPasswordSettings) HasLockout() bool`
+
+HasLockout returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyPasswordSettingsAge.md b/okta/docs/PasswordPolicyPasswordSettingsAge.md
new file mode 100644
index 000000000..4f5c785b6
--- /dev/null
+++ b/okta/docs/PasswordPolicyPasswordSettingsAge.md
@@ -0,0 +1,134 @@
+# PasswordPolicyPasswordSettingsAge
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpireWarnDays** | Pointer to **int32** |  | [optional] 
+**HistoryCount** | Pointer to **int32** |  | [optional] 
+**MaxAgeDays** | Pointer to **int32** |  | [optional] 
+**MinAgeMinutes** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyPasswordSettingsAge
+
+`func NewPasswordPolicyPasswordSettingsAge() *PasswordPolicyPasswordSettingsAge`
+
+NewPasswordPolicyPasswordSettingsAge instantiates a new PasswordPolicyPasswordSettingsAge object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyPasswordSettingsAgeWithDefaults
+
+`func NewPasswordPolicyPasswordSettingsAgeWithDefaults() *PasswordPolicyPasswordSettingsAge`
+
+NewPasswordPolicyPasswordSettingsAgeWithDefaults instantiates a new PasswordPolicyPasswordSettingsAge object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpireWarnDays
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetExpireWarnDays() int32`
+
+GetExpireWarnDays returns the ExpireWarnDays field if non-nil, zero value otherwise.
+
+### GetExpireWarnDaysOk
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetExpireWarnDaysOk() (*int32, bool)`
+
+GetExpireWarnDaysOk returns a tuple with the ExpireWarnDays field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpireWarnDays
+
+`func (o *PasswordPolicyPasswordSettingsAge) SetExpireWarnDays(v int32)`
+
+SetExpireWarnDays sets ExpireWarnDays field to given value.
+
+### HasExpireWarnDays
+
+`func (o *PasswordPolicyPasswordSettingsAge) HasExpireWarnDays() bool`
+
+HasExpireWarnDays returns a boolean if a field has been set.
+
+### GetHistoryCount
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetHistoryCount() int32`
+
+GetHistoryCount returns the HistoryCount field if non-nil, zero value otherwise.
+
+### GetHistoryCountOk
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetHistoryCountOk() (*int32, bool)`
+
+GetHistoryCountOk returns a tuple with the HistoryCount field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHistoryCount
+
+`func (o *PasswordPolicyPasswordSettingsAge) SetHistoryCount(v int32)`
+
+SetHistoryCount sets HistoryCount field to given value.
+
+### HasHistoryCount
+
+`func (o *PasswordPolicyPasswordSettingsAge) HasHistoryCount() bool`
+
+HasHistoryCount returns a boolean if a field has been set.
+
+### GetMaxAgeDays
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetMaxAgeDays() int32`
+
+GetMaxAgeDays returns the MaxAgeDays field if non-nil, zero value otherwise.
+
+### GetMaxAgeDaysOk
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetMaxAgeDaysOk() (*int32, bool)`
+
+GetMaxAgeDaysOk returns a tuple with the MaxAgeDays field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxAgeDays
+
+`func (o *PasswordPolicyPasswordSettingsAge) SetMaxAgeDays(v int32)`
+
+SetMaxAgeDays sets MaxAgeDays field to given value.
+
+### HasMaxAgeDays
+
+`func (o *PasswordPolicyPasswordSettingsAge) HasMaxAgeDays() bool`
+
+HasMaxAgeDays returns a boolean if a field has been set.
+
+### GetMinAgeMinutes
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetMinAgeMinutes() int32`
+
+GetMinAgeMinutes returns the MinAgeMinutes field if non-nil, zero value otherwise.
+
+### GetMinAgeMinutesOk
+
+`func (o *PasswordPolicyPasswordSettingsAge) GetMinAgeMinutesOk() (*int32, bool)`
+
+GetMinAgeMinutesOk returns a tuple with the MinAgeMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinAgeMinutes
+
+`func (o *PasswordPolicyPasswordSettingsAge) SetMinAgeMinutes(v int32)`
+
+SetMinAgeMinutes sets MinAgeMinutes field to given value.
+
+### HasMinAgeMinutes
+
+`func (o *PasswordPolicyPasswordSettingsAge) HasMinAgeMinutes() bool`
+
+HasMinAgeMinutes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyPasswordSettingsComplexity.md b/okta/docs/PasswordPolicyPasswordSettingsComplexity.md
new file mode 100644
index 000000000..580e16d90
--- /dev/null
+++ b/okta/docs/PasswordPolicyPasswordSettingsComplexity.md
@@ -0,0 +1,238 @@
+# PasswordPolicyPasswordSettingsComplexity
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Dictionary** | Pointer to [**PasswordDictionary**](PasswordDictionary.md) |  | [optional] 
+**ExcludeAttributes** | Pointer to **[]string** |  | [optional] 
+**ExcludeUsername** | Pointer to **bool** |  | [optional] [default to true]
+**MinLength** | Pointer to **int32** |  | [optional] 
+**MinLowerCase** | Pointer to **int32** |  | [optional] 
+**MinNumber** | Pointer to **int32** |  | [optional] 
+**MinSymbol** | Pointer to **int32** |  | [optional] 
+**MinUpperCase** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyPasswordSettingsComplexity
+
+`func NewPasswordPolicyPasswordSettingsComplexity() *PasswordPolicyPasswordSettingsComplexity`
+
+NewPasswordPolicyPasswordSettingsComplexity instantiates a new PasswordPolicyPasswordSettingsComplexity object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyPasswordSettingsComplexityWithDefaults
+
+`func NewPasswordPolicyPasswordSettingsComplexityWithDefaults() *PasswordPolicyPasswordSettingsComplexity`
+
+NewPasswordPolicyPasswordSettingsComplexityWithDefaults instantiates a new PasswordPolicyPasswordSettingsComplexity object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDictionary
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetDictionary() PasswordDictionary`
+
+GetDictionary returns the Dictionary field if non-nil, zero value otherwise.
+
+### GetDictionaryOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetDictionaryOk() (*PasswordDictionary, bool)`
+
+GetDictionaryOk returns a tuple with the Dictionary field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDictionary
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetDictionary(v PasswordDictionary)`
+
+SetDictionary sets Dictionary field to given value.
+
+### HasDictionary
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasDictionary() bool`
+
+HasDictionary returns a boolean if a field has been set.
+
+### GetExcludeAttributes
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeAttributes() []string`
+
+GetExcludeAttributes returns the ExcludeAttributes field if non-nil, zero value otherwise.
+
+### GetExcludeAttributesOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeAttributesOk() (*[]string, bool)`
+
+GetExcludeAttributesOk returns a tuple with the ExcludeAttributes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExcludeAttributes
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetExcludeAttributes(v []string)`
+
+SetExcludeAttributes sets ExcludeAttributes field to given value.
+
+### HasExcludeAttributes
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasExcludeAttributes() bool`
+
+HasExcludeAttributes returns a boolean if a field has been set.
+
+### GetExcludeUsername
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeUsername() bool`
+
+GetExcludeUsername returns the ExcludeUsername field if non-nil, zero value otherwise.
+
+### GetExcludeUsernameOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeUsernameOk() (*bool, bool)`
+
+GetExcludeUsernameOk returns a tuple with the ExcludeUsername field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExcludeUsername
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetExcludeUsername(v bool)`
+
+SetExcludeUsername sets ExcludeUsername field to given value.
+
+### HasExcludeUsername
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasExcludeUsername() bool`
+
+HasExcludeUsername returns a boolean if a field has been set.
+
+### GetMinLength
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLength() int32`
+
+GetMinLength returns the MinLength field if non-nil, zero value otherwise.
+
+### GetMinLengthOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLengthOk() (*int32, bool)`
+
+GetMinLengthOk returns a tuple with the MinLength field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinLength
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetMinLength(v int32)`
+
+SetMinLength sets MinLength field to given value.
+
+### HasMinLength
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasMinLength() bool`
+
+HasMinLength returns a boolean if a field has been set.
+
+### GetMinLowerCase
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLowerCase() int32`
+
+GetMinLowerCase returns the MinLowerCase field if non-nil, zero value otherwise.
+
+### GetMinLowerCaseOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLowerCaseOk() (*int32, bool)`
+
+GetMinLowerCaseOk returns a tuple with the MinLowerCase field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinLowerCase
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetMinLowerCase(v int32)`
+
+SetMinLowerCase sets MinLowerCase field to given value.
+
+### HasMinLowerCase
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasMinLowerCase() bool`
+
+HasMinLowerCase returns a boolean if a field has been set.
+
+### GetMinNumber
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinNumber() int32`
+
+GetMinNumber returns the MinNumber field if non-nil, zero value otherwise.
+
+### GetMinNumberOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinNumberOk() (*int32, bool)`
+
+GetMinNumberOk returns a tuple with the MinNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinNumber
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetMinNumber(v int32)`
+
+SetMinNumber sets MinNumber field to given value.
+
+### HasMinNumber
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasMinNumber() bool`
+
+HasMinNumber returns a boolean if a field has been set.
+
+### GetMinSymbol
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinSymbol() int32`
+
+GetMinSymbol returns the MinSymbol field if non-nil, zero value otherwise.
+
+### GetMinSymbolOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinSymbolOk() (*int32, bool)`
+
+GetMinSymbolOk returns a tuple with the MinSymbol field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinSymbol
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetMinSymbol(v int32)`
+
+SetMinSymbol sets MinSymbol field to given value.
+
+### HasMinSymbol
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasMinSymbol() bool`
+
+HasMinSymbol returns a boolean if a field has been set.
+
+### GetMinUpperCase
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinUpperCase() int32`
+
+GetMinUpperCase returns the MinUpperCase field if non-nil, zero value otherwise.
+
+### GetMinUpperCaseOk
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) GetMinUpperCaseOk() (*int32, bool)`
+
+GetMinUpperCaseOk returns a tuple with the MinUpperCase field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinUpperCase
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) SetMinUpperCase(v int32)`
+
+SetMinUpperCase sets MinUpperCase field to given value.
+
+### HasMinUpperCase
+
+`func (o *PasswordPolicyPasswordSettingsComplexity) HasMinUpperCase() bool`
+
+HasMinUpperCase returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyPasswordSettingsLockout.md b/okta/docs/PasswordPolicyPasswordSettingsLockout.md
new file mode 100644
index 000000000..2a73ec31c
--- /dev/null
+++ b/okta/docs/PasswordPolicyPasswordSettingsLockout.md
@@ -0,0 +1,134 @@
+# PasswordPolicyPasswordSettingsLockout
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AutoUnlockMinutes** | Pointer to **int32** |  | [optional] 
+**MaxAttempts** | Pointer to **int32** |  | [optional] 
+**ShowLockoutFailures** | Pointer to **bool** |  | [optional] 
+**UserLockoutNotificationChannels** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyPasswordSettingsLockout
+
+`func NewPasswordPolicyPasswordSettingsLockout() *PasswordPolicyPasswordSettingsLockout`
+
+NewPasswordPolicyPasswordSettingsLockout instantiates a new PasswordPolicyPasswordSettingsLockout object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyPasswordSettingsLockoutWithDefaults
+
+`func NewPasswordPolicyPasswordSettingsLockoutWithDefaults() *PasswordPolicyPasswordSettingsLockout`
+
+NewPasswordPolicyPasswordSettingsLockoutWithDefaults instantiates a new PasswordPolicyPasswordSettingsLockout object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAutoUnlockMinutes
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetAutoUnlockMinutes() int32`
+
+GetAutoUnlockMinutes returns the AutoUnlockMinutes field if non-nil, zero value otherwise.
+
+### GetAutoUnlockMinutesOk
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetAutoUnlockMinutesOk() (*int32, bool)`
+
+GetAutoUnlockMinutesOk returns a tuple with the AutoUnlockMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAutoUnlockMinutes
+
+`func (o *PasswordPolicyPasswordSettingsLockout) SetAutoUnlockMinutes(v int32)`
+
+SetAutoUnlockMinutes sets AutoUnlockMinutes field to given value.
+
+### HasAutoUnlockMinutes
+
+`func (o *PasswordPolicyPasswordSettingsLockout) HasAutoUnlockMinutes() bool`
+
+HasAutoUnlockMinutes returns a boolean if a field has been set.
+
+### GetMaxAttempts
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetMaxAttempts() int32`
+
+GetMaxAttempts returns the MaxAttempts field if non-nil, zero value otherwise.
+
+### GetMaxAttemptsOk
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetMaxAttemptsOk() (*int32, bool)`
+
+GetMaxAttemptsOk returns a tuple with the MaxAttempts field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxAttempts
+
+`func (o *PasswordPolicyPasswordSettingsLockout) SetMaxAttempts(v int32)`
+
+SetMaxAttempts sets MaxAttempts field to given value.
+
+### HasMaxAttempts
+
+`func (o *PasswordPolicyPasswordSettingsLockout) HasMaxAttempts() bool`
+
+HasMaxAttempts returns a boolean if a field has been set.
+
+### GetShowLockoutFailures
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetShowLockoutFailures() bool`
+
+GetShowLockoutFailures returns the ShowLockoutFailures field if non-nil, zero value otherwise.
+
+### GetShowLockoutFailuresOk
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetShowLockoutFailuresOk() (*bool, bool)`
+
+GetShowLockoutFailuresOk returns a tuple with the ShowLockoutFailures field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetShowLockoutFailures
+
+`func (o *PasswordPolicyPasswordSettingsLockout) SetShowLockoutFailures(v bool)`
+
+SetShowLockoutFailures sets ShowLockoutFailures field to given value.
+
+### HasShowLockoutFailures
+
+`func (o *PasswordPolicyPasswordSettingsLockout) HasShowLockoutFailures() bool`
+
+HasShowLockoutFailures returns a boolean if a field has been set.
+
+### GetUserLockoutNotificationChannels
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetUserLockoutNotificationChannels() []string`
+
+GetUserLockoutNotificationChannels returns the UserLockoutNotificationChannels field if non-nil, zero value otherwise.
+
+### GetUserLockoutNotificationChannelsOk
+
+`func (o *PasswordPolicyPasswordSettingsLockout) GetUserLockoutNotificationChannelsOk() (*[]string, bool)`
+
+GetUserLockoutNotificationChannelsOk returns a tuple with the UserLockoutNotificationChannels field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserLockoutNotificationChannels
+
+`func (o *PasswordPolicyPasswordSettingsLockout) SetUserLockoutNotificationChannels(v []string)`
+
+SetUserLockoutNotificationChannels sets UserLockoutNotificationChannels field to given value.
+
+### HasUserLockoutNotificationChannels
+
+`func (o *PasswordPolicyPasswordSettingsLockout) HasUserLockoutNotificationChannels() bool`
+
+HasUserLockoutNotificationChannels returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryEmail.md b/okta/docs/PasswordPolicyRecoveryEmail.md
new file mode 100644
index 000000000..41d4f1c5f
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryEmail.md
@@ -0,0 +1,82 @@
+# PasswordPolicyRecoveryEmail
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Properties** | Pointer to [**PasswordPolicyRecoveryEmailProperties**](PasswordPolicyRecoveryEmailProperties.md) |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryEmail
+
+`func NewPasswordPolicyRecoveryEmail() *PasswordPolicyRecoveryEmail`
+
+NewPasswordPolicyRecoveryEmail instantiates a new PasswordPolicyRecoveryEmail object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryEmailWithDefaults
+
+`func NewPasswordPolicyRecoveryEmailWithDefaults() *PasswordPolicyRecoveryEmail`
+
+NewPasswordPolicyRecoveryEmailWithDefaults instantiates a new PasswordPolicyRecoveryEmail object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProperties
+
+`func (o *PasswordPolicyRecoveryEmail) GetProperties() PasswordPolicyRecoveryEmailProperties`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *PasswordPolicyRecoveryEmail) GetPropertiesOk() (*PasswordPolicyRecoveryEmailProperties, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *PasswordPolicyRecoveryEmail) SetProperties(v PasswordPolicyRecoveryEmailProperties)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *PasswordPolicyRecoveryEmail) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *PasswordPolicyRecoveryEmail) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *PasswordPolicyRecoveryEmail) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *PasswordPolicyRecoveryEmail) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *PasswordPolicyRecoveryEmail) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryEmailProperties.md b/okta/docs/PasswordPolicyRecoveryEmailProperties.md
new file mode 100644
index 000000000..746288d62
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryEmailProperties.md
@@ -0,0 +1,56 @@
+# PasswordPolicyRecoveryEmailProperties
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**RecoveryToken** | Pointer to [**PasswordPolicyRecoveryEmailRecoveryToken**](PasswordPolicyRecoveryEmailRecoveryToken.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryEmailProperties
+
+`func NewPasswordPolicyRecoveryEmailProperties() *PasswordPolicyRecoveryEmailProperties`
+
+NewPasswordPolicyRecoveryEmailProperties instantiates a new PasswordPolicyRecoveryEmailProperties object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryEmailPropertiesWithDefaults
+
+`func NewPasswordPolicyRecoveryEmailPropertiesWithDefaults() *PasswordPolicyRecoveryEmailProperties`
+
+NewPasswordPolicyRecoveryEmailPropertiesWithDefaults instantiates a new PasswordPolicyRecoveryEmailProperties object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRecoveryToken
+
+`func (o *PasswordPolicyRecoveryEmailProperties) GetRecoveryToken() PasswordPolicyRecoveryEmailRecoveryToken`
+
+GetRecoveryToken returns the RecoveryToken field if non-nil, zero value otherwise.
+
+### GetRecoveryTokenOk
+
+`func (o *PasswordPolicyRecoveryEmailProperties) GetRecoveryTokenOk() (*PasswordPolicyRecoveryEmailRecoveryToken, bool)`
+
+GetRecoveryTokenOk returns a tuple with the RecoveryToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecoveryToken
+
+`func (o *PasswordPolicyRecoveryEmailProperties) SetRecoveryToken(v PasswordPolicyRecoveryEmailRecoveryToken)`
+
+SetRecoveryToken sets RecoveryToken field to given value.
+
+### HasRecoveryToken
+
+`func (o *PasswordPolicyRecoveryEmailProperties) HasRecoveryToken() bool`
+
+HasRecoveryToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryEmailRecoveryToken.md b/okta/docs/PasswordPolicyRecoveryEmailRecoveryToken.md
new file mode 100644
index 000000000..900ed2696
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryEmailRecoveryToken.md
@@ -0,0 +1,56 @@
+# PasswordPolicyRecoveryEmailRecoveryToken
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**TokenLifetimeMinutes** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryEmailRecoveryToken
+
+`func NewPasswordPolicyRecoveryEmailRecoveryToken() *PasswordPolicyRecoveryEmailRecoveryToken`
+
+NewPasswordPolicyRecoveryEmailRecoveryToken instantiates a new PasswordPolicyRecoveryEmailRecoveryToken object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryEmailRecoveryTokenWithDefaults
+
+`func NewPasswordPolicyRecoveryEmailRecoveryTokenWithDefaults() *PasswordPolicyRecoveryEmailRecoveryToken`
+
+NewPasswordPolicyRecoveryEmailRecoveryTokenWithDefaults instantiates a new PasswordPolicyRecoveryEmailRecoveryToken object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetTokenLifetimeMinutes
+
+`func (o *PasswordPolicyRecoveryEmailRecoveryToken) GetTokenLifetimeMinutes() int32`
+
+GetTokenLifetimeMinutes returns the TokenLifetimeMinutes field if non-nil, zero value otherwise.
+
+### GetTokenLifetimeMinutesOk
+
+`func (o *PasswordPolicyRecoveryEmailRecoveryToken) GetTokenLifetimeMinutesOk() (*int32, bool)`
+
+GetTokenLifetimeMinutesOk returns a tuple with the TokenLifetimeMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenLifetimeMinutes
+
+`func (o *PasswordPolicyRecoveryEmailRecoveryToken) SetTokenLifetimeMinutes(v int32)`
+
+SetTokenLifetimeMinutes sets TokenLifetimeMinutes field to given value.
+
+### HasTokenLifetimeMinutes
+
+`func (o *PasswordPolicyRecoveryEmailRecoveryToken) HasTokenLifetimeMinutes() bool`
+
+HasTokenLifetimeMinutes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryFactorSettings.md b/okta/docs/PasswordPolicyRecoveryFactorSettings.md
new file mode 100644
index 000000000..b6cfd4f49
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryFactorSettings.md
@@ -0,0 +1,56 @@
+# PasswordPolicyRecoveryFactorSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryFactorSettings
+
+`func NewPasswordPolicyRecoveryFactorSettings() *PasswordPolicyRecoveryFactorSettings`
+
+NewPasswordPolicyRecoveryFactorSettings instantiates a new PasswordPolicyRecoveryFactorSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryFactorSettingsWithDefaults
+
+`func NewPasswordPolicyRecoveryFactorSettingsWithDefaults() *PasswordPolicyRecoveryFactorSettings`
+
+NewPasswordPolicyRecoveryFactorSettingsWithDefaults instantiates a new PasswordPolicyRecoveryFactorSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetStatus
+
+`func (o *PasswordPolicyRecoveryFactorSettings) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *PasswordPolicyRecoveryFactorSettings) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *PasswordPolicyRecoveryFactorSettings) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *PasswordPolicyRecoveryFactorSettings) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryFactors.md b/okta/docs/PasswordPolicyRecoveryFactors.md
new file mode 100644
index 000000000..fc8c7140e
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryFactors.md
@@ -0,0 +1,134 @@
+# PasswordPolicyRecoveryFactors
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**OktaCall** | Pointer to [**PasswordPolicyRecoveryFactorSettings**](PasswordPolicyRecoveryFactorSettings.md) |  | [optional] 
+**OktaEmail** | Pointer to [**PasswordPolicyRecoveryEmail**](PasswordPolicyRecoveryEmail.md) |  | [optional] 
+**OktaSms** | Pointer to [**PasswordPolicyRecoveryFactorSettings**](PasswordPolicyRecoveryFactorSettings.md) |  | [optional] 
+**RecoveryQuestion** | Pointer to [**PasswordPolicyRecoveryQuestion**](PasswordPolicyRecoveryQuestion.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryFactors
+
+`func NewPasswordPolicyRecoveryFactors() *PasswordPolicyRecoveryFactors`
+
+NewPasswordPolicyRecoveryFactors instantiates a new PasswordPolicyRecoveryFactors object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryFactorsWithDefaults
+
+`func NewPasswordPolicyRecoveryFactorsWithDefaults() *PasswordPolicyRecoveryFactors`
+
+NewPasswordPolicyRecoveryFactorsWithDefaults instantiates a new PasswordPolicyRecoveryFactors object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOktaCall
+
+`func (o *PasswordPolicyRecoveryFactors) GetOktaCall() PasswordPolicyRecoveryFactorSettings`
+
+GetOktaCall returns the OktaCall field if non-nil, zero value otherwise.
+
+### GetOktaCallOk
+
+`func (o *PasswordPolicyRecoveryFactors) GetOktaCallOk() (*PasswordPolicyRecoveryFactorSettings, bool)`
+
+GetOktaCallOk returns a tuple with the OktaCall field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOktaCall
+
+`func (o *PasswordPolicyRecoveryFactors) SetOktaCall(v PasswordPolicyRecoveryFactorSettings)`
+
+SetOktaCall sets OktaCall field to given value.
+
+### HasOktaCall
+
+`func (o *PasswordPolicyRecoveryFactors) HasOktaCall() bool`
+
+HasOktaCall returns a boolean if a field has been set.
+
+### GetOktaEmail
+
+`func (o *PasswordPolicyRecoveryFactors) GetOktaEmail() PasswordPolicyRecoveryEmail`
+
+GetOktaEmail returns the OktaEmail field if non-nil, zero value otherwise.
+
+### GetOktaEmailOk
+
+`func (o *PasswordPolicyRecoveryFactors) GetOktaEmailOk() (*PasswordPolicyRecoveryEmail, bool)`
+
+GetOktaEmailOk returns a tuple with the OktaEmail field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOktaEmail
+
+`func (o *PasswordPolicyRecoveryFactors) SetOktaEmail(v PasswordPolicyRecoveryEmail)`
+
+SetOktaEmail sets OktaEmail field to given value.
+
+### HasOktaEmail
+
+`func (o *PasswordPolicyRecoveryFactors) HasOktaEmail() bool`
+
+HasOktaEmail returns a boolean if a field has been set.
+
+### GetOktaSms
+
+`func (o *PasswordPolicyRecoveryFactors) GetOktaSms() PasswordPolicyRecoveryFactorSettings`
+
+GetOktaSms returns the OktaSms field if non-nil, zero value otherwise.
+
+### GetOktaSmsOk
+
+`func (o *PasswordPolicyRecoveryFactors) GetOktaSmsOk() (*PasswordPolicyRecoveryFactorSettings, bool)`
+
+GetOktaSmsOk returns a tuple with the OktaSms field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOktaSms
+
+`func (o *PasswordPolicyRecoveryFactors) SetOktaSms(v PasswordPolicyRecoveryFactorSettings)`
+
+SetOktaSms sets OktaSms field to given value.
+
+### HasOktaSms
+
+`func (o *PasswordPolicyRecoveryFactors) HasOktaSms() bool`
+
+HasOktaSms returns a boolean if a field has been set.
+
+### GetRecoveryQuestion
+
+`func (o *PasswordPolicyRecoveryFactors) GetRecoveryQuestion() PasswordPolicyRecoveryQuestion`
+
+GetRecoveryQuestion returns the RecoveryQuestion field if non-nil, zero value otherwise.
+
+### GetRecoveryQuestionOk
+
+`func (o *PasswordPolicyRecoveryFactors) GetRecoveryQuestionOk() (*PasswordPolicyRecoveryQuestion, bool)`
+
+GetRecoveryQuestionOk returns a tuple with the RecoveryQuestion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecoveryQuestion
+
+`func (o *PasswordPolicyRecoveryFactors) SetRecoveryQuestion(v PasswordPolicyRecoveryQuestion)`
+
+SetRecoveryQuestion sets RecoveryQuestion field to given value.
+
+### HasRecoveryQuestion
+
+`func (o *PasswordPolicyRecoveryFactors) HasRecoveryQuestion() bool`
+
+HasRecoveryQuestion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryQuestion.md b/okta/docs/PasswordPolicyRecoveryQuestion.md
new file mode 100644
index 000000000..986e97a1c
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryQuestion.md
@@ -0,0 +1,82 @@
+# PasswordPolicyRecoveryQuestion
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Properties** | Pointer to [**PasswordPolicyRecoveryQuestionProperties**](PasswordPolicyRecoveryQuestionProperties.md) |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryQuestion
+
+`func NewPasswordPolicyRecoveryQuestion() *PasswordPolicyRecoveryQuestion`
+
+NewPasswordPolicyRecoveryQuestion instantiates a new PasswordPolicyRecoveryQuestion object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryQuestionWithDefaults
+
+`func NewPasswordPolicyRecoveryQuestionWithDefaults() *PasswordPolicyRecoveryQuestion`
+
+NewPasswordPolicyRecoveryQuestionWithDefaults instantiates a new PasswordPolicyRecoveryQuestion object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProperties
+
+`func (o *PasswordPolicyRecoveryQuestion) GetProperties() PasswordPolicyRecoveryQuestionProperties`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *PasswordPolicyRecoveryQuestion) GetPropertiesOk() (*PasswordPolicyRecoveryQuestionProperties, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *PasswordPolicyRecoveryQuestion) SetProperties(v PasswordPolicyRecoveryQuestionProperties)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *PasswordPolicyRecoveryQuestion) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *PasswordPolicyRecoveryQuestion) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *PasswordPolicyRecoveryQuestion) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *PasswordPolicyRecoveryQuestion) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *PasswordPolicyRecoveryQuestion) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryQuestionComplexity.md b/okta/docs/PasswordPolicyRecoveryQuestionComplexity.md
new file mode 100644
index 000000000..f87b7c6ce
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryQuestionComplexity.md
@@ -0,0 +1,56 @@
+# PasswordPolicyRecoveryQuestionComplexity
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MinLength** | Pointer to **int32** |  | [optional] [readonly] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryQuestionComplexity
+
+`func NewPasswordPolicyRecoveryQuestionComplexity() *PasswordPolicyRecoveryQuestionComplexity`
+
+NewPasswordPolicyRecoveryQuestionComplexity instantiates a new PasswordPolicyRecoveryQuestionComplexity object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryQuestionComplexityWithDefaults
+
+`func NewPasswordPolicyRecoveryQuestionComplexityWithDefaults() *PasswordPolicyRecoveryQuestionComplexity`
+
+NewPasswordPolicyRecoveryQuestionComplexityWithDefaults instantiates a new PasswordPolicyRecoveryQuestionComplexity object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMinLength
+
+`func (o *PasswordPolicyRecoveryQuestionComplexity) GetMinLength() int32`
+
+GetMinLength returns the MinLength field if non-nil, zero value otherwise.
+
+### GetMinLengthOk
+
+`func (o *PasswordPolicyRecoveryQuestionComplexity) GetMinLengthOk() (*int32, bool)`
+
+GetMinLengthOk returns a tuple with the MinLength field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinLength
+
+`func (o *PasswordPolicyRecoveryQuestionComplexity) SetMinLength(v int32)`
+
+SetMinLength sets MinLength field to given value.
+
+### HasMinLength
+
+`func (o *PasswordPolicyRecoveryQuestionComplexity) HasMinLength() bool`
+
+HasMinLength returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoveryQuestionProperties.md b/okta/docs/PasswordPolicyRecoveryQuestionProperties.md
new file mode 100644
index 000000000..ae0761715
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoveryQuestionProperties.md
@@ -0,0 +1,56 @@
+# PasswordPolicyRecoveryQuestionProperties
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Complexity** | Pointer to [**PasswordPolicyRecoveryQuestionComplexity**](PasswordPolicyRecoveryQuestionComplexity.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoveryQuestionProperties
+
+`func NewPasswordPolicyRecoveryQuestionProperties() *PasswordPolicyRecoveryQuestionProperties`
+
+NewPasswordPolicyRecoveryQuestionProperties instantiates a new PasswordPolicyRecoveryQuestionProperties object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoveryQuestionPropertiesWithDefaults
+
+`func NewPasswordPolicyRecoveryQuestionPropertiesWithDefaults() *PasswordPolicyRecoveryQuestionProperties`
+
+NewPasswordPolicyRecoveryQuestionPropertiesWithDefaults instantiates a new PasswordPolicyRecoveryQuestionProperties object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetComplexity
+
+`func (o *PasswordPolicyRecoveryQuestionProperties) GetComplexity() PasswordPolicyRecoveryQuestionComplexity`
+
+GetComplexity returns the Complexity field if non-nil, zero value otherwise.
+
+### GetComplexityOk
+
+`func (o *PasswordPolicyRecoveryQuestionProperties) GetComplexityOk() (*PasswordPolicyRecoveryQuestionComplexity, bool)`
+
+GetComplexityOk returns a tuple with the Complexity field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetComplexity
+
+`func (o *PasswordPolicyRecoveryQuestionProperties) SetComplexity(v PasswordPolicyRecoveryQuestionComplexity)`
+
+SetComplexity sets Complexity field to given value.
+
+### HasComplexity
+
+`func (o *PasswordPolicyRecoveryQuestionProperties) HasComplexity() bool`
+
+HasComplexity returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRecoverySettings.md b/okta/docs/PasswordPolicyRecoverySettings.md
new file mode 100644
index 000000000..545f5addb
--- /dev/null
+++ b/okta/docs/PasswordPolicyRecoverySettings.md
@@ -0,0 +1,56 @@
+# PasswordPolicyRecoverySettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Factors** | Pointer to [**PasswordPolicyRecoveryFactors**](PasswordPolicyRecoveryFactors.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRecoverySettings
+
+`func NewPasswordPolicyRecoverySettings() *PasswordPolicyRecoverySettings`
+
+NewPasswordPolicyRecoverySettings instantiates a new PasswordPolicyRecoverySettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRecoverySettingsWithDefaults
+
+`func NewPasswordPolicyRecoverySettingsWithDefaults() *PasswordPolicyRecoverySettings`
+
+NewPasswordPolicyRecoverySettingsWithDefaults instantiates a new PasswordPolicyRecoverySettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFactors
+
+`func (o *PasswordPolicyRecoverySettings) GetFactors() PasswordPolicyRecoveryFactors`
+
+GetFactors returns the Factors field if non-nil, zero value otherwise.
+
+### GetFactorsOk
+
+`func (o *PasswordPolicyRecoverySettings) GetFactorsOk() (*PasswordPolicyRecoveryFactors, bool)`
+
+GetFactorsOk returns a tuple with the Factors field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactors
+
+`func (o *PasswordPolicyRecoverySettings) SetFactors(v PasswordPolicyRecoveryFactors)`
+
+SetFactors sets Factors field to given value.
+
+### HasFactors
+
+`func (o *PasswordPolicyRecoverySettings) HasFactors() bool`
+
+HasFactors returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRule.md b/okta/docs/PasswordPolicyRule.md
new file mode 100644
index 000000000..edb7574da
--- /dev/null
+++ b/okta/docs/PasswordPolicyRule.md
@@ -0,0 +1,82 @@
+# PasswordPolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**PasswordPolicyRuleActions**](PasswordPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**PasswordPolicyRuleConditions**](PasswordPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRule
+
+`func NewPasswordPolicyRule() *PasswordPolicyRule`
+
+NewPasswordPolicyRule instantiates a new PasswordPolicyRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRuleWithDefaults
+
+`func NewPasswordPolicyRuleWithDefaults() *PasswordPolicyRule`
+
+NewPasswordPolicyRuleWithDefaults instantiates a new PasswordPolicyRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *PasswordPolicyRule) GetActions() PasswordPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *PasswordPolicyRule) GetActionsOk() (*PasswordPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *PasswordPolicyRule) SetActions(v PasswordPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *PasswordPolicyRule) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *PasswordPolicyRule) GetConditions() PasswordPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *PasswordPolicyRule) GetConditionsOk() (*PasswordPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *PasswordPolicyRule) SetConditions(v PasswordPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *PasswordPolicyRule) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRuleAction.md b/okta/docs/PasswordPolicyRuleAction.md
new file mode 100644
index 000000000..08248f794
--- /dev/null
+++ b/okta/docs/PasswordPolicyRuleAction.md
@@ -0,0 +1,56 @@
+# PasswordPolicyRuleAction
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Access** | Pointer to [**PolicyAccess**](PolicyAccess.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRuleAction
+
+`func NewPasswordPolicyRuleAction() *PasswordPolicyRuleAction`
+
+NewPasswordPolicyRuleAction instantiates a new PasswordPolicyRuleAction object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRuleActionWithDefaults
+
+`func NewPasswordPolicyRuleActionWithDefaults() *PasswordPolicyRuleAction`
+
+NewPasswordPolicyRuleActionWithDefaults instantiates a new PasswordPolicyRuleAction object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccess
+
+`func (o *PasswordPolicyRuleAction) GetAccess() PolicyAccess`
+
+GetAccess returns the Access field if non-nil, zero value otherwise.
+
+### GetAccessOk
+
+`func (o *PasswordPolicyRuleAction) GetAccessOk() (*PolicyAccess, bool)`
+
+GetAccessOk returns a tuple with the Access field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccess
+
+`func (o *PasswordPolicyRuleAction) SetAccess(v PolicyAccess)`
+
+SetAccess sets Access field to given value.
+
+### HasAccess
+
+`func (o *PasswordPolicyRuleAction) HasAccess() bool`
+
+HasAccess returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRuleActions.md b/okta/docs/PasswordPolicyRuleActions.md
new file mode 100644
index 000000000..f24406d21
--- /dev/null
+++ b/okta/docs/PasswordPolicyRuleActions.md
@@ -0,0 +1,186 @@
+# PasswordPolicyRuleActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enroll** | Pointer to [**PolicyRuleActionsEnroll**](PolicyRuleActionsEnroll.md) |  | [optional] 
+**Idp** | Pointer to [**IdpPolicyRuleAction**](IdpPolicyRuleAction.md) |  | [optional] 
+**PasswordChange** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServicePasswordReset** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServiceUnlock** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**Signon** | Pointer to [**OktaSignOnPolicyRuleSignonActions**](OktaSignOnPolicyRuleSignonActions.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRuleActions
+
+`func NewPasswordPolicyRuleActions() *PasswordPolicyRuleActions`
+
+NewPasswordPolicyRuleActions instantiates a new PasswordPolicyRuleActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRuleActionsWithDefaults
+
+`func NewPasswordPolicyRuleActionsWithDefaults() *PasswordPolicyRuleActions`
+
+NewPasswordPolicyRuleActionsWithDefaults instantiates a new PasswordPolicyRuleActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnroll
+
+`func (o *PasswordPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll`
+
+GetEnroll returns the Enroll field if non-nil, zero value otherwise.
+
+### GetEnrollOk
+
+`func (o *PasswordPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool)`
+
+GetEnrollOk returns a tuple with the Enroll field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnroll
+
+`func (o *PasswordPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll)`
+
+SetEnroll sets Enroll field to given value.
+
+### HasEnroll
+
+`func (o *PasswordPolicyRuleActions) HasEnroll() bool`
+
+HasEnroll returns a boolean if a field has been set.
+
+### GetIdp
+
+`func (o *PasswordPolicyRuleActions) GetIdp() IdpPolicyRuleAction`
+
+GetIdp returns the Idp field if non-nil, zero value otherwise.
+
+### GetIdpOk
+
+`func (o *PasswordPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool)`
+
+GetIdpOk returns a tuple with the Idp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdp
+
+`func (o *PasswordPolicyRuleActions) SetIdp(v IdpPolicyRuleAction)`
+
+SetIdp sets Idp field to given value.
+
+### HasIdp
+
+`func (o *PasswordPolicyRuleActions) HasIdp() bool`
+
+HasIdp returns a boolean if a field has been set.
+
+### GetPasswordChange
+
+`func (o *PasswordPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction`
+
+GetPasswordChange returns the PasswordChange field if non-nil, zero value otherwise.
+
+### GetPasswordChangeOk
+
+`func (o *PasswordPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool)`
+
+GetPasswordChangeOk returns a tuple with the PasswordChange field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChange
+
+`func (o *PasswordPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction)`
+
+SetPasswordChange sets PasswordChange field to given value.
+
+### HasPasswordChange
+
+`func (o *PasswordPolicyRuleActions) HasPasswordChange() bool`
+
+HasPasswordChange returns a boolean if a field has been set.
+
+### GetSelfServicePasswordReset
+
+`func (o *PasswordPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction`
+
+GetSelfServicePasswordReset returns the SelfServicePasswordReset field if non-nil, zero value otherwise.
+
+### GetSelfServicePasswordResetOk
+
+`func (o *PasswordPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServicePasswordReset
+
+`func (o *PasswordPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction)`
+
+SetSelfServicePasswordReset sets SelfServicePasswordReset field to given value.
+
+### HasSelfServicePasswordReset
+
+`func (o *PasswordPolicyRuleActions) HasSelfServicePasswordReset() bool`
+
+HasSelfServicePasswordReset returns a boolean if a field has been set.
+
+### GetSelfServiceUnlock
+
+`func (o *PasswordPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction`
+
+GetSelfServiceUnlock returns the SelfServiceUnlock field if non-nil, zero value otherwise.
+
+### GetSelfServiceUnlockOk
+
+`func (o *PasswordPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServiceUnlock
+
+`func (o *PasswordPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction)`
+
+SetSelfServiceUnlock sets SelfServiceUnlock field to given value.
+
+### HasSelfServiceUnlock
+
+`func (o *PasswordPolicyRuleActions) HasSelfServiceUnlock() bool`
+
+HasSelfServiceUnlock returns a boolean if a field has been set.
+
+### GetSignon
+
+`func (o *PasswordPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions`
+
+GetSignon returns the Signon field if non-nil, zero value otherwise.
+
+### GetSignonOk
+
+`func (o *PasswordPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool)`
+
+GetSignonOk returns a tuple with the Signon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignon
+
+`func (o *PasswordPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions)`
+
+SetSignon sets Signon field to given value.
+
+### HasSignon
+
+`func (o *PasswordPolicyRuleActions) HasSignon() bool`
+
+HasSignon returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRuleActionsAllOf.md b/okta/docs/PasswordPolicyRuleActionsAllOf.md
new file mode 100644
index 000000000..c9f2fc6d9
--- /dev/null
+++ b/okta/docs/PasswordPolicyRuleActionsAllOf.md
@@ -0,0 +1,108 @@
+# PasswordPolicyRuleActionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PasswordChange** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServicePasswordReset** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServiceUnlock** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRuleActionsAllOf
+
+`func NewPasswordPolicyRuleActionsAllOf() *PasswordPolicyRuleActionsAllOf`
+
+NewPasswordPolicyRuleActionsAllOf instantiates a new PasswordPolicyRuleActionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRuleActionsAllOfWithDefaults
+
+`func NewPasswordPolicyRuleActionsAllOfWithDefaults() *PasswordPolicyRuleActionsAllOf`
+
+NewPasswordPolicyRuleActionsAllOfWithDefaults instantiates a new PasswordPolicyRuleActionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPasswordChange
+
+`func (o *PasswordPolicyRuleActionsAllOf) GetPasswordChange() PasswordPolicyRuleAction`
+
+GetPasswordChange returns the PasswordChange field if non-nil, zero value otherwise.
+
+### GetPasswordChangeOk
+
+`func (o *PasswordPolicyRuleActionsAllOf) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool)`
+
+GetPasswordChangeOk returns a tuple with the PasswordChange field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChange
+
+`func (o *PasswordPolicyRuleActionsAllOf) SetPasswordChange(v PasswordPolicyRuleAction)`
+
+SetPasswordChange sets PasswordChange field to given value.
+
+### HasPasswordChange
+
+`func (o *PasswordPolicyRuleActionsAllOf) HasPasswordChange() bool`
+
+HasPasswordChange returns a boolean if a field has been set.
+
+### GetSelfServicePasswordReset
+
+`func (o *PasswordPolicyRuleActionsAllOf) GetSelfServicePasswordReset() PasswordPolicyRuleAction`
+
+GetSelfServicePasswordReset returns the SelfServicePasswordReset field if non-nil, zero value otherwise.
+
+### GetSelfServicePasswordResetOk
+
+`func (o *PasswordPolicyRuleActionsAllOf) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServicePasswordReset
+
+`func (o *PasswordPolicyRuleActionsAllOf) SetSelfServicePasswordReset(v PasswordPolicyRuleAction)`
+
+SetSelfServicePasswordReset sets SelfServicePasswordReset field to given value.
+
+### HasSelfServicePasswordReset
+
+`func (o *PasswordPolicyRuleActionsAllOf) HasSelfServicePasswordReset() bool`
+
+HasSelfServicePasswordReset returns a boolean if a field has been set.
+
+### GetSelfServiceUnlock
+
+`func (o *PasswordPolicyRuleActionsAllOf) GetSelfServiceUnlock() PasswordPolicyRuleAction`
+
+GetSelfServiceUnlock returns the SelfServiceUnlock field if non-nil, zero value otherwise.
+
+### GetSelfServiceUnlockOk
+
+`func (o *PasswordPolicyRuleActionsAllOf) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServiceUnlock
+
+`func (o *PasswordPolicyRuleActionsAllOf) SetSelfServiceUnlock(v PasswordPolicyRuleAction)`
+
+SetSelfServiceUnlock sets SelfServiceUnlock field to given value.
+
+### HasSelfServiceUnlock
+
+`func (o *PasswordPolicyRuleActionsAllOf) HasSelfServiceUnlock() bool`
+
+HasSelfServiceUnlock returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRuleAllOf.md b/okta/docs/PasswordPolicyRuleAllOf.md
new file mode 100644
index 000000000..2ab61f135
--- /dev/null
+++ b/okta/docs/PasswordPolicyRuleAllOf.md
@@ -0,0 +1,82 @@
+# PasswordPolicyRuleAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**PasswordPolicyRuleActions**](PasswordPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**PasswordPolicyRuleConditions**](PasswordPolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRuleAllOf
+
+`func NewPasswordPolicyRuleAllOf() *PasswordPolicyRuleAllOf`
+
+NewPasswordPolicyRuleAllOf instantiates a new PasswordPolicyRuleAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRuleAllOfWithDefaults
+
+`func NewPasswordPolicyRuleAllOfWithDefaults() *PasswordPolicyRuleAllOf`
+
+NewPasswordPolicyRuleAllOfWithDefaults instantiates a new PasswordPolicyRuleAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *PasswordPolicyRuleAllOf) GetActions() PasswordPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *PasswordPolicyRuleAllOf) GetActionsOk() (*PasswordPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *PasswordPolicyRuleAllOf) SetActions(v PasswordPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *PasswordPolicyRuleAllOf) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *PasswordPolicyRuleAllOf) GetConditions() PasswordPolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *PasswordPolicyRuleAllOf) GetConditionsOk() (*PasswordPolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *PasswordPolicyRuleAllOf) SetConditions(v PasswordPolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *PasswordPolicyRuleAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRuleConditions.md b/okta/docs/PasswordPolicyRuleConditions.md
new file mode 100644
index 000000000..49e9a16bf
--- /dev/null
+++ b/okta/docs/PasswordPolicyRuleConditions.md
@@ -0,0 +1,576 @@
+# PasswordPolicyRuleConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
+**Apps** | Pointer to [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**BeforeScheduledAction** | Pointer to [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**Context** | Pointer to [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
+**Device** | Pointer to [**DevicePolicyRuleCondition**](DevicePolicyRuleCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**Groups** | Pointer to [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
+**IdentityProvider** | Pointer to [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
+**MdmEnrollment** | Pointer to [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Platform** | Pointer to [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
+**Risk** | Pointer to [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
+**RiskScore** | Pointer to [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+**UserIdentifier** | Pointer to [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
+**UserStatus** | Pointer to [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRuleConditions
+
+`func NewPasswordPolicyRuleConditions() *PasswordPolicyRuleConditions`
+
+NewPasswordPolicyRuleConditions instantiates a new PasswordPolicyRuleConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRuleConditionsWithDefaults
+
+`func NewPasswordPolicyRuleConditionsWithDefaults() *PasswordPolicyRuleConditions`
+
+NewPasswordPolicyRuleConditionsWithDefaults instantiates a new PasswordPolicyRuleConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *PasswordPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *PasswordPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *PasswordPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *PasswordPolicyRuleConditions) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetApps
+
+`func (o *PasswordPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *PasswordPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *PasswordPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *PasswordPolicyRuleConditions) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetAuthContext
+
+`func (o *PasswordPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *PasswordPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *PasswordPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *PasswordPolicyRuleConditions) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetAuthProvider
+
+`func (o *PasswordPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *PasswordPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *PasswordPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *PasswordPolicyRuleConditions) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetBeforeScheduledAction
+
+`func (o *PasswordPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition`
+
+GetBeforeScheduledAction returns the BeforeScheduledAction field if non-nil, zero value otherwise.
+
+### GetBeforeScheduledActionOk
+
+`func (o *PasswordPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool)`
+
+GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBeforeScheduledAction
+
+`func (o *PasswordPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition)`
+
+SetBeforeScheduledAction sets BeforeScheduledAction field to given value.
+
+### HasBeforeScheduledAction
+
+`func (o *PasswordPolicyRuleConditions) HasBeforeScheduledAction() bool`
+
+HasBeforeScheduledAction returns a boolean if a field has been set.
+
+### GetClients
+
+`func (o *PasswordPolicyRuleConditions) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *PasswordPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *PasswordPolicyRuleConditions) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *PasswordPolicyRuleConditions) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetContext
+
+`func (o *PasswordPolicyRuleConditions) GetContext() ContextPolicyRuleCondition`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *PasswordPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *PasswordPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition)`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *PasswordPolicyRuleConditions) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### GetDevice
+
+`func (o *PasswordPolicyRuleConditions) GetDevice() DevicePolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *PasswordPolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *PasswordPolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *PasswordPolicyRuleConditions) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *PasswordPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *PasswordPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *PasswordPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *PasswordPolicyRuleConditions) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *PasswordPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *PasswordPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *PasswordPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *PasswordPolicyRuleConditions) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetIdentityProvider
+
+`func (o *PasswordPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition`
+
+GetIdentityProvider returns the IdentityProvider field if non-nil, zero value otherwise.
+
+### GetIdentityProviderOk
+
+`func (o *PasswordPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool)`
+
+GetIdentityProviderOk returns a tuple with the IdentityProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityProvider
+
+`func (o *PasswordPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition)`
+
+SetIdentityProvider sets IdentityProvider field to given value.
+
+### HasIdentityProvider
+
+`func (o *PasswordPolicyRuleConditions) HasIdentityProvider() bool`
+
+HasIdentityProvider returns a boolean if a field has been set.
+
+### GetMdmEnrollment
+
+`func (o *PasswordPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition`
+
+GetMdmEnrollment returns the MdmEnrollment field if non-nil, zero value otherwise.
+
+### GetMdmEnrollmentOk
+
+`func (o *PasswordPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool)`
+
+GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMdmEnrollment
+
+`func (o *PasswordPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition)`
+
+SetMdmEnrollment sets MdmEnrollment field to given value.
+
+### HasMdmEnrollment
+
+`func (o *PasswordPolicyRuleConditions) HasMdmEnrollment() bool`
+
+HasMdmEnrollment returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *PasswordPolicyRuleConditions) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *PasswordPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *PasswordPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *PasswordPolicyRuleConditions) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *PasswordPolicyRuleConditions) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *PasswordPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *PasswordPolicyRuleConditions) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *PasswordPolicyRuleConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *PasswordPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *PasswordPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *PasswordPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *PasswordPolicyRuleConditions) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRisk
+
+`func (o *PasswordPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition`
+
+GetRisk returns the Risk field if non-nil, zero value otherwise.
+
+### GetRiskOk
+
+`func (o *PasswordPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool)`
+
+GetRiskOk returns a tuple with the Risk field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRisk
+
+`func (o *PasswordPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition)`
+
+SetRisk sets Risk field to given value.
+
+### HasRisk
+
+`func (o *PasswordPolicyRuleConditions) HasRisk() bool`
+
+HasRisk returns a boolean if a field has been set.
+
+### GetRiskScore
+
+`func (o *PasswordPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition`
+
+GetRiskScore returns the RiskScore field if non-nil, zero value otherwise.
+
+### GetRiskScoreOk
+
+`func (o *PasswordPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool)`
+
+GetRiskScoreOk returns a tuple with the RiskScore field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskScore
+
+`func (o *PasswordPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition)`
+
+SetRiskScore sets RiskScore field to given value.
+
+### HasRiskScore
+
+`func (o *PasswordPolicyRuleConditions) HasRiskScore() bool`
+
+HasRiskScore returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *PasswordPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *PasswordPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *PasswordPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *PasswordPolicyRuleConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetUserIdentifier
+
+`func (o *PasswordPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition`
+
+GetUserIdentifier returns the UserIdentifier field if non-nil, zero value otherwise.
+
+### GetUserIdentifierOk
+
+`func (o *PasswordPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool)`
+
+GetUserIdentifierOk returns a tuple with the UserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserIdentifier
+
+`func (o *PasswordPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition)`
+
+SetUserIdentifier sets UserIdentifier field to given value.
+
+### HasUserIdentifier
+
+`func (o *PasswordPolicyRuleConditions) HasUserIdentifier() bool`
+
+HasUserIdentifier returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *PasswordPolicyRuleConditions) GetUsers() UserPolicyRuleCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *PasswordPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *PasswordPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *PasswordPolicyRuleConditions) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetUserStatus
+
+`func (o *PasswordPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition`
+
+GetUserStatus returns the UserStatus field if non-nil, zero value otherwise.
+
+### GetUserStatusOk
+
+`func (o *PasswordPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool)`
+
+GetUserStatusOk returns a tuple with the UserStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserStatus
+
+`func (o *PasswordPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition)`
+
+SetUserStatus sets UserStatus field to given value.
+
+### HasUserStatus
+
+`func (o *PasswordPolicyRuleConditions) HasUserStatus() bool`
+
+HasUserStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicyRuleConditionsAllOf.md b/okta/docs/PasswordPolicyRuleConditionsAllOf.md
new file mode 100644
index 000000000..e5c5f1e1b
--- /dev/null
+++ b/okta/docs/PasswordPolicyRuleConditionsAllOf.md
@@ -0,0 +1,82 @@
+# PasswordPolicyRuleConditionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicyRuleConditionsAllOf
+
+`func NewPasswordPolicyRuleConditionsAllOf() *PasswordPolicyRuleConditionsAllOf`
+
+NewPasswordPolicyRuleConditionsAllOf instantiates a new PasswordPolicyRuleConditionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicyRuleConditionsAllOfWithDefaults
+
+`func NewPasswordPolicyRuleConditionsAllOfWithDefaults() *PasswordPolicyRuleConditionsAllOf`
+
+NewPasswordPolicyRuleConditionsAllOfWithDefaults instantiates a new PasswordPolicyRuleConditionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNetwork
+
+`func (o *PasswordPolicyRuleConditionsAllOf) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *PasswordPolicyRuleConditionsAllOf) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *PasswordPolicyRuleConditionsAllOf) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *PasswordPolicyRuleConditionsAllOf) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *PasswordPolicyRuleConditionsAllOf) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *PasswordPolicyRuleConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *PasswordPolicyRuleConditionsAllOf) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *PasswordPolicyRuleConditionsAllOf) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordPolicySettings.md b/okta/docs/PasswordPolicySettings.md
new file mode 100644
index 000000000..22bd569a8
--- /dev/null
+++ b/okta/docs/PasswordPolicySettings.md
@@ -0,0 +1,108 @@
+# PasswordPolicySettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Delegation** | Pointer to [**PasswordPolicyDelegationSettings**](PasswordPolicyDelegationSettings.md) |  | [optional] 
+**Password** | Pointer to [**PasswordPolicyPasswordSettings**](PasswordPolicyPasswordSettings.md) |  | [optional] 
+**Recovery** | Pointer to [**PasswordPolicyRecoverySettings**](PasswordPolicyRecoverySettings.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordPolicySettings
+
+`func NewPasswordPolicySettings() *PasswordPolicySettings`
+
+NewPasswordPolicySettings instantiates a new PasswordPolicySettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordPolicySettingsWithDefaults
+
+`func NewPasswordPolicySettingsWithDefaults() *PasswordPolicySettings`
+
+NewPasswordPolicySettingsWithDefaults instantiates a new PasswordPolicySettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDelegation
+
+`func (o *PasswordPolicySettings) GetDelegation() PasswordPolicyDelegationSettings`
+
+GetDelegation returns the Delegation field if non-nil, zero value otherwise.
+
+### GetDelegationOk
+
+`func (o *PasswordPolicySettings) GetDelegationOk() (*PasswordPolicyDelegationSettings, bool)`
+
+GetDelegationOk returns a tuple with the Delegation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDelegation
+
+`func (o *PasswordPolicySettings) SetDelegation(v PasswordPolicyDelegationSettings)`
+
+SetDelegation sets Delegation field to given value.
+
+### HasDelegation
+
+`func (o *PasswordPolicySettings) HasDelegation() bool`
+
+HasDelegation returns a boolean if a field has been set.
+
+### GetPassword
+
+`func (o *PasswordPolicySettings) GetPassword() PasswordPolicyPasswordSettings`
+
+GetPassword returns the Password field if non-nil, zero value otherwise.
+
+### GetPasswordOk
+
+`func (o *PasswordPolicySettings) GetPasswordOk() (*PasswordPolicyPasswordSettings, bool)`
+
+GetPasswordOk returns a tuple with the Password field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassword
+
+`func (o *PasswordPolicySettings) SetPassword(v PasswordPolicyPasswordSettings)`
+
+SetPassword sets Password field to given value.
+
+### HasPassword
+
+`func (o *PasswordPolicySettings) HasPassword() bool`
+
+HasPassword returns a boolean if a field has been set.
+
+### GetRecovery
+
+`func (o *PasswordPolicySettings) GetRecovery() PasswordPolicyRecoverySettings`
+
+GetRecovery returns the Recovery field if non-nil, zero value otherwise.
+
+### GetRecoveryOk
+
+`func (o *PasswordPolicySettings) GetRecoveryOk() (*PasswordPolicyRecoverySettings, bool)`
+
+GetRecoveryOk returns a tuple with the Recovery field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecovery
+
+`func (o *PasswordPolicySettings) SetRecovery(v PasswordPolicyRecoverySettings)`
+
+SetRecovery sets Recovery field to given value.
+
+### HasRecovery
+
+`func (o *PasswordPolicySettings) HasRecovery() bool`
+
+HasRecovery returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordProtectionWarningTrigger.md b/okta/docs/PasswordProtectionWarningTrigger.md
new file mode 100644
index 000000000..cef5a6a29
--- /dev/null
+++ b/okta/docs/PasswordProtectionWarningTrigger.md
@@ -0,0 +1,15 @@
+# PasswordProtectionWarningTrigger
+
+## Enum
+
+
+* `PASSWORD_PROTECTION_OFF` (value: `"PASSWORD_PROTECTION_OFF"`)
+
+* `PASSWORD_REUSE` (value: `"PASSWORD_REUSE"`)
+
+* `PHISHING_REUSE` (value: `"PHISHING_REUSE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PasswordSettingObject.md b/okta/docs/PasswordSettingObject.md
new file mode 100644
index 000000000..2d0b57696
--- /dev/null
+++ b/okta/docs/PasswordSettingObject.md
@@ -0,0 +1,108 @@
+# PasswordSettingObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Change** | Pointer to [**ChangeEnum**](ChangeEnum.md) |  | [optional] 
+**Seed** | Pointer to [**SeedEnum**](SeedEnum.md) |  | [optional] 
+**Status** | Pointer to [**EnabledStatus**](EnabledStatus.md) |  | [optional] 
+
+## Methods
+
+### NewPasswordSettingObject
+
+`func NewPasswordSettingObject() *PasswordSettingObject`
+
+NewPasswordSettingObject instantiates a new PasswordSettingObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPasswordSettingObjectWithDefaults
+
+`func NewPasswordSettingObjectWithDefaults() *PasswordSettingObject`
+
+NewPasswordSettingObjectWithDefaults instantiates a new PasswordSettingObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetChange
+
+`func (o *PasswordSettingObject) GetChange() ChangeEnum`
+
+GetChange returns the Change field if non-nil, zero value otherwise.
+
+### GetChangeOk
+
+`func (o *PasswordSettingObject) GetChangeOk() (*ChangeEnum, bool)`
+
+GetChangeOk returns a tuple with the Change field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChange
+
+`func (o *PasswordSettingObject) SetChange(v ChangeEnum)`
+
+SetChange sets Change field to given value.
+
+### HasChange
+
+`func (o *PasswordSettingObject) HasChange() bool`
+
+HasChange returns a boolean if a field has been set.
+
+### GetSeed
+
+`func (o *PasswordSettingObject) GetSeed() SeedEnum`
+
+GetSeed returns the Seed field if non-nil, zero value otherwise.
+
+### GetSeedOk
+
+`func (o *PasswordSettingObject) GetSeedOk() (*SeedEnum, bool)`
+
+GetSeedOk returns a tuple with the Seed field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSeed
+
+`func (o *PasswordSettingObject) SetSeed(v SeedEnum)`
+
+SetSeed sets Seed field to given value.
+
+### HasSeed
+
+`func (o *PasswordSettingObject) HasSeed() bool`
+
+HasSeed returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *PasswordSettingObject) GetStatus() EnabledStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *PasswordSettingObject) GetStatusOk() (*EnabledStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *PasswordSettingObject) SetStatus(v EnabledStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *PasswordSettingObject) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PerClientRateLimitMode.md b/okta/docs/PerClientRateLimitMode.md
new file mode 100644
index 000000000..5b5432816
--- /dev/null
+++ b/okta/docs/PerClientRateLimitMode.md
@@ -0,0 +1,15 @@
+# PerClientRateLimitMode
+
+## Enum
+
+
+* `DISABLE` (value: `"DISABLE"`)
+
+* `ENFORCE` (value: `"ENFORCE"`)
+
+* `PREVIEW` (value: `"PREVIEW"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PerClientRateLimitSettings.md b/okta/docs/PerClientRateLimitSettings.md
new file mode 100644
index 000000000..1e7a2f65e
--- /dev/null
+++ b/okta/docs/PerClientRateLimitSettings.md
@@ -0,0 +1,77 @@
+# PerClientRateLimitSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DefaultMode** | [**PerClientRateLimitMode**](PerClientRateLimitMode.md) |  | 
+**UseCaseModeOverrides** | Pointer to [**PerClientRateLimitSettingsUseCaseModeOverrides**](PerClientRateLimitSettingsUseCaseModeOverrides.md) |  | [optional] 
+
+## Methods
+
+### NewPerClientRateLimitSettings
+
+`func NewPerClientRateLimitSettings(defaultMode PerClientRateLimitMode, ) *PerClientRateLimitSettings`
+
+NewPerClientRateLimitSettings instantiates a new PerClientRateLimitSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPerClientRateLimitSettingsWithDefaults
+
+`func NewPerClientRateLimitSettingsWithDefaults() *PerClientRateLimitSettings`
+
+NewPerClientRateLimitSettingsWithDefaults instantiates a new PerClientRateLimitSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDefaultMode
+
+`func (o *PerClientRateLimitSettings) GetDefaultMode() PerClientRateLimitMode`
+
+GetDefaultMode returns the DefaultMode field if non-nil, zero value otherwise.
+
+### GetDefaultModeOk
+
+`func (o *PerClientRateLimitSettings) GetDefaultModeOk() (*PerClientRateLimitMode, bool)`
+
+GetDefaultModeOk returns a tuple with the DefaultMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultMode
+
+`func (o *PerClientRateLimitSettings) SetDefaultMode(v PerClientRateLimitMode)`
+
+SetDefaultMode sets DefaultMode field to given value.
+
+
+### GetUseCaseModeOverrides
+
+`func (o *PerClientRateLimitSettings) GetUseCaseModeOverrides() PerClientRateLimitSettingsUseCaseModeOverrides`
+
+GetUseCaseModeOverrides returns the UseCaseModeOverrides field if non-nil, zero value otherwise.
+
+### GetUseCaseModeOverridesOk
+
+`func (o *PerClientRateLimitSettings) GetUseCaseModeOverridesOk() (*PerClientRateLimitSettingsUseCaseModeOverrides, bool)`
+
+GetUseCaseModeOverridesOk returns a tuple with the UseCaseModeOverrides field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUseCaseModeOverrides
+
+`func (o *PerClientRateLimitSettings) SetUseCaseModeOverrides(v PerClientRateLimitSettingsUseCaseModeOverrides)`
+
+SetUseCaseModeOverrides sets UseCaseModeOverrides field to given value.
+
+### HasUseCaseModeOverrides
+
+`func (o *PerClientRateLimitSettings) HasUseCaseModeOverrides() bool`
+
+HasUseCaseModeOverrides returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PerClientRateLimitSettingsUseCaseModeOverrides.md b/okta/docs/PerClientRateLimitSettingsUseCaseModeOverrides.md
new file mode 100644
index 000000000..c3999f774
--- /dev/null
+++ b/okta/docs/PerClientRateLimitSettingsUseCaseModeOverrides.md
@@ -0,0 +1,108 @@
+# PerClientRateLimitSettingsUseCaseModeOverrides
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**LOGIN_PAGE** | Pointer to [**PerClientRateLimitMode**](PerClientRateLimitMode.md) |  | [optional] 
+**OAUTH2AUTHORIZE** | Pointer to [**PerClientRateLimitMode**](PerClientRateLimitMode.md) |  | [optional] 
+**OIE_APP_INTENT** | Pointer to [**PerClientRateLimitMode**](PerClientRateLimitMode.md) |  | [optional] 
+
+## Methods
+
+### NewPerClientRateLimitSettingsUseCaseModeOverrides
+
+`func NewPerClientRateLimitSettingsUseCaseModeOverrides() *PerClientRateLimitSettingsUseCaseModeOverrides`
+
+NewPerClientRateLimitSettingsUseCaseModeOverrides instantiates a new PerClientRateLimitSettingsUseCaseModeOverrides object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPerClientRateLimitSettingsUseCaseModeOverridesWithDefaults
+
+`func NewPerClientRateLimitSettingsUseCaseModeOverridesWithDefaults() *PerClientRateLimitSettingsUseCaseModeOverrides`
+
+NewPerClientRateLimitSettingsUseCaseModeOverridesWithDefaults instantiates a new PerClientRateLimitSettingsUseCaseModeOverrides object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLOGIN_PAGE
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetLOGIN_PAGE() PerClientRateLimitMode`
+
+GetLOGIN_PAGE returns the LOGIN_PAGE field if non-nil, zero value otherwise.
+
+### GetLOGIN_PAGEOk
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetLOGIN_PAGEOk() (*PerClientRateLimitMode, bool)`
+
+GetLOGIN_PAGEOk returns a tuple with the LOGIN_PAGE field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLOGIN_PAGE
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) SetLOGIN_PAGE(v PerClientRateLimitMode)`
+
+SetLOGIN_PAGE sets LOGIN_PAGE field to given value.
+
+### HasLOGIN_PAGE
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) HasLOGIN_PAGE() bool`
+
+HasLOGIN_PAGE returns a boolean if a field has been set.
+
+### GetOAUTH2AUTHORIZE
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOAUTH2AUTHORIZE() PerClientRateLimitMode`
+
+GetOAUTH2AUTHORIZE returns the OAUTH2AUTHORIZE field if non-nil, zero value otherwise.
+
+### GetOAUTH2AUTHORIZEOk
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOAUTH2AUTHORIZEOk() (*PerClientRateLimitMode, bool)`
+
+GetOAUTH2AUTHORIZEOk returns a tuple with the OAUTH2AUTHORIZE field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOAUTH2AUTHORIZE
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) SetOAUTH2AUTHORIZE(v PerClientRateLimitMode)`
+
+SetOAUTH2AUTHORIZE sets OAUTH2AUTHORIZE field to given value.
+
+### HasOAUTH2AUTHORIZE
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) HasOAUTH2AUTHORIZE() bool`
+
+HasOAUTH2AUTHORIZE returns a boolean if a field has been set.
+
+### GetOIE_APP_INTENT
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOIE_APP_INTENT() PerClientRateLimitMode`
+
+GetOIE_APP_INTENT returns the OIE_APP_INTENT field if non-nil, zero value otherwise.
+
+### GetOIE_APP_INTENTOk
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOIE_APP_INTENTOk() (*PerClientRateLimitMode, bool)`
+
+GetOIE_APP_INTENTOk returns a tuple with the OIE_APP_INTENT field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOIE_APP_INTENT
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) SetOIE_APP_INTENT(v PerClientRateLimitMode)`
+
+SetOIE_APP_INTENT sets OIE_APP_INTENT field to given value.
+
+### HasOIE_APP_INTENT
+
+`func (o *PerClientRateLimitSettingsUseCaseModeOverrides) HasOIE_APP_INTENT() bool`
+
+HasOIE_APP_INTENT returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Permission.md b/okta/docs/Permission.md
new file mode 100644
index 000000000..a2f4ea603
--- /dev/null
+++ b/okta/docs/Permission.md
@@ -0,0 +1,134 @@
+# Permission
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the role was created | [optional] [readonly] 
+**Label** | Pointer to **string** | The permission type | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the role was last updated | [optional] [readonly] 
+**Links** | Pointer to [**PermissionLinks**](PermissionLinks.md) |  | [optional] 
+
+## Methods
+
+### NewPermission
+
+`func NewPermission() *Permission`
+
+NewPermission instantiates a new Permission object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPermissionWithDefaults
+
+`func NewPermissionWithDefaults() *Permission`
+
+NewPermissionWithDefaults instantiates a new Permission object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *Permission) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Permission) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Permission) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Permission) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *Permission) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *Permission) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *Permission) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *Permission) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *Permission) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *Permission) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *Permission) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *Permission) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Permission) GetLinks() PermissionLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Permission) GetLinksOk() (*PermissionLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Permission) SetLinks(v PermissionLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Permission) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PermissionLinks.md b/okta/docs/PermissionLinks.md
new file mode 100644
index 000000000..7f8285a63
--- /dev/null
+++ b/okta/docs/PermissionLinks.md
@@ -0,0 +1,82 @@
+# PermissionLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Role** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewPermissionLinks
+
+`func NewPermissionLinks() *PermissionLinks`
+
+NewPermissionLinks instantiates a new PermissionLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPermissionLinksWithDefaults
+
+`func NewPermissionLinksWithDefaults() *PermissionLinks`
+
+NewPermissionLinksWithDefaults instantiates a new PermissionLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *PermissionLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *PermissionLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *PermissionLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *PermissionLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetRole
+
+`func (o *PermissionLinks) GetRole() HrefObject`
+
+GetRole returns the Role field if non-nil, zero value otherwise.
+
+### GetRoleOk
+
+`func (o *PermissionLinks) GetRoleOk() (*HrefObject, bool)`
+
+GetRoleOk returns a tuple with the Role field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRole
+
+`func (o *PermissionLinks) SetRole(v HrefObject)`
+
+SetRole sets Role field to given value.
+
+### HasRole
+
+`func (o *PermissionLinks) HasRole() bool`
+
+HasRole returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Permissions.md b/okta/docs/Permissions.md
new file mode 100644
index 000000000..cd34e4530
--- /dev/null
+++ b/okta/docs/Permissions.md
@@ -0,0 +1,56 @@
+# Permissions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Permissions** | Pointer to [**[]Permission**](Permission.md) |  | [optional] 
+
+## Methods
+
+### NewPermissions
+
+`func NewPermissions() *Permissions`
+
+NewPermissions instantiates a new Permissions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPermissionsWithDefaults
+
+`func NewPermissionsWithDefaults() *Permissions`
+
+NewPermissionsWithDefaults instantiates a new Permissions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPermissions
+
+`func (o *Permissions) GetPermissions() []Permission`
+
+GetPermissions returns the Permissions field if non-nil, zero value otherwise.
+
+### GetPermissionsOk
+
+`func (o *Permissions) GetPermissionsOk() (*[]Permission, bool)`
+
+GetPermissionsOk returns a tuple with the Permissions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPermissions
+
+`func (o *Permissions) SetPermissions(v []Permission)`
+
+SetPermissions sets Permissions field to given value.
+
+### HasPermissions
+
+`func (o *Permissions) HasPermissions() bool`
+
+HasPermissions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PipelineType.md b/okta/docs/PipelineType.md
new file mode 100644
index 000000000..ff346cb50
--- /dev/null
+++ b/okta/docs/PipelineType.md
@@ -0,0 +1,13 @@
+# PipelineType
+
+## Enum
+
+
+* `IDX` (value: `"idx"`)
+
+* `V1` (value: `"v1"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Platform.md b/okta/docs/Platform.md
new file mode 100644
index 000000000..d3ab87f30
--- /dev/null
+++ b/okta/docs/Platform.md
@@ -0,0 +1,17 @@
+# Platform
+
+## Enum
+
+
+* `ANDROID` (value: `"ANDROID"`)
+
+* `IOS` (value: `"IOS"`)
+
+* `MACOS` (value: `"MACOS"`)
+
+* `WINDOWS` (value: `"WINDOWS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PlatformConditionEvaluatorPlatform.md b/okta/docs/PlatformConditionEvaluatorPlatform.md
new file mode 100644
index 000000000..d355236f0
--- /dev/null
+++ b/okta/docs/PlatformConditionEvaluatorPlatform.md
@@ -0,0 +1,82 @@
+# PlatformConditionEvaluatorPlatform
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Os** | Pointer to [**PlatformConditionEvaluatorPlatformOperatingSystem**](PlatformConditionEvaluatorPlatformOperatingSystem.md) |  | [optional] 
+**Type** | Pointer to [**PolicyPlatformType**](PolicyPlatformType.md) |  | [optional] 
+
+## Methods
+
+### NewPlatformConditionEvaluatorPlatform
+
+`func NewPlatformConditionEvaluatorPlatform() *PlatformConditionEvaluatorPlatform`
+
+NewPlatformConditionEvaluatorPlatform instantiates a new PlatformConditionEvaluatorPlatform object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPlatformConditionEvaluatorPlatformWithDefaults
+
+`func NewPlatformConditionEvaluatorPlatformWithDefaults() *PlatformConditionEvaluatorPlatform`
+
+NewPlatformConditionEvaluatorPlatformWithDefaults instantiates a new PlatformConditionEvaluatorPlatform object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOs
+
+`func (o *PlatformConditionEvaluatorPlatform) GetOs() PlatformConditionEvaluatorPlatformOperatingSystem`
+
+GetOs returns the Os field if non-nil, zero value otherwise.
+
+### GetOsOk
+
+`func (o *PlatformConditionEvaluatorPlatform) GetOsOk() (*PlatformConditionEvaluatorPlatformOperatingSystem, bool)`
+
+GetOsOk returns a tuple with the Os field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOs
+
+`func (o *PlatformConditionEvaluatorPlatform) SetOs(v PlatformConditionEvaluatorPlatformOperatingSystem)`
+
+SetOs sets Os field to given value.
+
+### HasOs
+
+`func (o *PlatformConditionEvaluatorPlatform) HasOs() bool`
+
+HasOs returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *PlatformConditionEvaluatorPlatform) GetType() PolicyPlatformType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *PlatformConditionEvaluatorPlatform) GetTypeOk() (*PolicyPlatformType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *PlatformConditionEvaluatorPlatform) SetType(v PolicyPlatformType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *PlatformConditionEvaluatorPlatform) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PlatformConditionEvaluatorPlatformOperatingSystem.md b/okta/docs/PlatformConditionEvaluatorPlatformOperatingSystem.md
new file mode 100644
index 000000000..cee04464c
--- /dev/null
+++ b/okta/docs/PlatformConditionEvaluatorPlatformOperatingSystem.md
@@ -0,0 +1,108 @@
+# PlatformConditionEvaluatorPlatformOperatingSystem
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expression** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**PolicyPlatformOperatingSystemType**](PolicyPlatformOperatingSystemType.md) |  | [optional] 
+**Version** | Pointer to [**PlatformConditionEvaluatorPlatformOperatingSystemVersion**](PlatformConditionEvaluatorPlatformOperatingSystemVersion.md) |  | [optional] 
+
+## Methods
+
+### NewPlatformConditionEvaluatorPlatformOperatingSystem
+
+`func NewPlatformConditionEvaluatorPlatformOperatingSystem() *PlatformConditionEvaluatorPlatformOperatingSystem`
+
+NewPlatformConditionEvaluatorPlatformOperatingSystem instantiates a new PlatformConditionEvaluatorPlatformOperatingSystem object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPlatformConditionEvaluatorPlatformOperatingSystemWithDefaults
+
+`func NewPlatformConditionEvaluatorPlatformOperatingSystemWithDefaults() *PlatformConditionEvaluatorPlatformOperatingSystem`
+
+NewPlatformConditionEvaluatorPlatformOperatingSystemWithDefaults instantiates a new PlatformConditionEvaluatorPlatformOperatingSystem object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpression
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetExpression() string`
+
+GetExpression returns the Expression field if non-nil, zero value otherwise.
+
+### GetExpressionOk
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetExpressionOk() (*string, bool)`
+
+GetExpressionOk returns a tuple with the Expression field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpression
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) SetExpression(v string)`
+
+SetExpression sets Expression field to given value.
+
+### HasExpression
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) HasExpression() bool`
+
+HasExpression returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetType() PolicyPlatformOperatingSystemType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetTypeOk() (*PolicyPlatformOperatingSystemType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) SetType(v PolicyPlatformOperatingSystemType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetVersion() PlatformConditionEvaluatorPlatformOperatingSystemVersion`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetVersionOk() (*PlatformConditionEvaluatorPlatformOperatingSystemVersion, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) SetVersion(v PlatformConditionEvaluatorPlatformOperatingSystemVersion)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystem) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PlatformConditionEvaluatorPlatformOperatingSystemVersion.md b/okta/docs/PlatformConditionEvaluatorPlatformOperatingSystemVersion.md
new file mode 100644
index 000000000..b36b49fcb
--- /dev/null
+++ b/okta/docs/PlatformConditionEvaluatorPlatformOperatingSystemVersion.md
@@ -0,0 +1,82 @@
+# PlatformConditionEvaluatorPlatformOperatingSystemVersion
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MatchType** | Pointer to [**PlatformConditionOperatingSystemVersionMatchType**](PlatformConditionOperatingSystemVersionMatchType.md) |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPlatformConditionEvaluatorPlatformOperatingSystemVersion
+
+`func NewPlatformConditionEvaluatorPlatformOperatingSystemVersion() *PlatformConditionEvaluatorPlatformOperatingSystemVersion`
+
+NewPlatformConditionEvaluatorPlatformOperatingSystemVersion instantiates a new PlatformConditionEvaluatorPlatformOperatingSystemVersion object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPlatformConditionEvaluatorPlatformOperatingSystemVersionWithDefaults
+
+`func NewPlatformConditionEvaluatorPlatformOperatingSystemVersionWithDefaults() *PlatformConditionEvaluatorPlatformOperatingSystemVersion`
+
+NewPlatformConditionEvaluatorPlatformOperatingSystemVersionWithDefaults instantiates a new PlatformConditionEvaluatorPlatformOperatingSystemVersion object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMatchType
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetMatchType() PlatformConditionOperatingSystemVersionMatchType`
+
+GetMatchType returns the MatchType field if non-nil, zero value otherwise.
+
+### GetMatchTypeOk
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetMatchTypeOk() (*PlatformConditionOperatingSystemVersionMatchType, bool)`
+
+GetMatchTypeOk returns a tuple with the MatchType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMatchType
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) SetMatchType(v PlatformConditionOperatingSystemVersionMatchType)`
+
+SetMatchType sets MatchType field to given value.
+
+### HasMatchType
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) HasMatchType() bool`
+
+HasMatchType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PlatformConditionOperatingSystemVersionMatchType.md b/okta/docs/PlatformConditionOperatingSystemVersionMatchType.md
new file mode 100644
index 000000000..e69032b12
--- /dev/null
+++ b/okta/docs/PlatformConditionOperatingSystemVersionMatchType.md
@@ -0,0 +1,13 @@
+# PlatformConditionOperatingSystemVersionMatchType
+
+## Enum
+
+
+* `EXPRESSION` (value: `"EXPRESSION"`)
+
+* `SEMVER` (value: `"SEMVER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PlatformPolicyRuleCondition.md b/okta/docs/PlatformPolicyRuleCondition.md
new file mode 100644
index 000000000..f415619a2
--- /dev/null
+++ b/okta/docs/PlatformPolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# PlatformPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to [**[]PlatformConditionEvaluatorPlatform**](PlatformConditionEvaluatorPlatform.md) |  | [optional] 
+**Include** | Pointer to [**[]PlatformConditionEvaluatorPlatform**](PlatformConditionEvaluatorPlatform.md) |  | [optional] 
+
+## Methods
+
+### NewPlatformPolicyRuleCondition
+
+`func NewPlatformPolicyRuleCondition() *PlatformPolicyRuleCondition`
+
+NewPlatformPolicyRuleCondition instantiates a new PlatformPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPlatformPolicyRuleConditionWithDefaults
+
+`func NewPlatformPolicyRuleConditionWithDefaults() *PlatformPolicyRuleCondition`
+
+NewPlatformPolicyRuleConditionWithDefaults instantiates a new PlatformPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *PlatformPolicyRuleCondition) GetExclude() []PlatformConditionEvaluatorPlatform`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *PlatformPolicyRuleCondition) GetExcludeOk() (*[]PlatformConditionEvaluatorPlatform, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *PlatformPolicyRuleCondition) SetExclude(v []PlatformConditionEvaluatorPlatform)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *PlatformPolicyRuleCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *PlatformPolicyRuleCondition) GetInclude() []PlatformConditionEvaluatorPlatform`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *PlatformPolicyRuleCondition) GetIncludeOk() (*[]PlatformConditionEvaluatorPlatform, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *PlatformPolicyRuleCondition) SetInclude(v []PlatformConditionEvaluatorPlatform)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *PlatformPolicyRuleCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Policy.md b/okta/docs/Policy.md
new file mode 100644
index 000000000..e6b053dda
--- /dev/null
+++ b/okta/docs/Policy.md
@@ -0,0 +1,316 @@
+# Policy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Description** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Priority** | Pointer to **int32** |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | Pointer to **bool** |  | [optional] 
+**Type** | Pointer to [**PolicyType**](PolicyType.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewPolicy
+
+`func NewPolicy() *Policy`
+
+NewPolicy instantiates a new Policy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyWithDefaults
+
+`func NewPolicyWithDefaults() *Policy`
+
+NewPolicyWithDefaults instantiates a new Policy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *Policy) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Policy) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Policy) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Policy) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *Policy) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *Policy) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *Policy) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *Policy) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Policy) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Policy) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Policy) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Policy) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *Policy) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *Policy) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *Policy) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *Policy) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *Policy) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *Policy) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *Policy) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *Policy) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPriority
+
+`func (o *Policy) GetPriority() int32`
+
+GetPriority returns the Priority field if non-nil, zero value otherwise.
+
+### GetPriorityOk
+
+`func (o *Policy) GetPriorityOk() (*int32, bool)`
+
+GetPriorityOk returns a tuple with the Priority field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPriority
+
+`func (o *Policy) SetPriority(v int32)`
+
+SetPriority sets Priority field to given value.
+
+### HasPriority
+
+`func (o *Policy) HasPriority() bool`
+
+HasPriority returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Policy) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Policy) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Policy) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Policy) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetSystem
+
+`func (o *Policy) GetSystem() bool`
+
+GetSystem returns the System field if non-nil, zero value otherwise.
+
+### GetSystemOk
+
+`func (o *Policy) GetSystemOk() (*bool, bool)`
+
+GetSystemOk returns a tuple with the System field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSystem
+
+`func (o *Policy) SetSystem(v bool)`
+
+SetSystem sets System field to given value.
+
+### HasSystem
+
+`func (o *Policy) HasSystem() bool`
+
+HasSystem returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *Policy) GetType() PolicyType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *Policy) GetTypeOk() (*PolicyType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *Policy) SetType(v PolicyType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *Policy) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *Policy) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *Policy) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *Policy) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *Policy) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Policy) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Policy) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Policy) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Policy) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyAccess.md b/okta/docs/PolicyAccess.md
new file mode 100644
index 000000000..ea490148b
--- /dev/null
+++ b/okta/docs/PolicyAccess.md
@@ -0,0 +1,13 @@
+# PolicyAccess
+
+## Enum
+
+
+* `ALLOW` (value: `"ALLOW"`)
+
+* `DENY` (value: `"DENY"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyAccountLink.md b/okta/docs/PolicyAccountLink.md
new file mode 100644
index 000000000..37e9b3aef
--- /dev/null
+++ b/okta/docs/PolicyAccountLink.md
@@ -0,0 +1,82 @@
+# PolicyAccountLink
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to [**PolicyAccountLinkAction**](PolicyAccountLinkAction.md) |  | [optional] 
+**Filter** | Pointer to [**PolicyAccountLinkFilter**](PolicyAccountLinkFilter.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyAccountLink
+
+`func NewPolicyAccountLink() *PolicyAccountLink`
+
+NewPolicyAccountLink instantiates a new PolicyAccountLink object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyAccountLinkWithDefaults
+
+`func NewPolicyAccountLinkWithDefaults() *PolicyAccountLink`
+
+NewPolicyAccountLinkWithDefaults instantiates a new PolicyAccountLink object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *PolicyAccountLink) GetAction() PolicyAccountLinkAction`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *PolicyAccountLink) GetActionOk() (*PolicyAccountLinkAction, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *PolicyAccountLink) SetAction(v PolicyAccountLinkAction)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *PolicyAccountLink) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+### GetFilter
+
+`func (o *PolicyAccountLink) GetFilter() PolicyAccountLinkFilter`
+
+GetFilter returns the Filter field if non-nil, zero value otherwise.
+
+### GetFilterOk
+
+`func (o *PolicyAccountLink) GetFilterOk() (*PolicyAccountLinkFilter, bool)`
+
+GetFilterOk returns a tuple with the Filter field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFilter
+
+`func (o *PolicyAccountLink) SetFilter(v PolicyAccountLinkFilter)`
+
+SetFilter sets Filter field to given value.
+
+### HasFilter
+
+`func (o *PolicyAccountLink) HasFilter() bool`
+
+HasFilter returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyAccountLinkAction.md b/okta/docs/PolicyAccountLinkAction.md
new file mode 100644
index 000000000..e71ff2eed
--- /dev/null
+++ b/okta/docs/PolicyAccountLinkAction.md
@@ -0,0 +1,13 @@
+# PolicyAccountLinkAction
+
+## Enum
+
+
+* `AUTO` (value: `"AUTO"`)
+
+* `DISABLED` (value: `"DISABLED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyAccountLinkFilter.md b/okta/docs/PolicyAccountLinkFilter.md
new file mode 100644
index 000000000..6029be933
--- /dev/null
+++ b/okta/docs/PolicyAccountLinkFilter.md
@@ -0,0 +1,56 @@
+# PolicyAccountLinkFilter
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Groups** | Pointer to [**PolicyAccountLinkFilterGroups**](PolicyAccountLinkFilterGroups.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyAccountLinkFilter
+
+`func NewPolicyAccountLinkFilter() *PolicyAccountLinkFilter`
+
+NewPolicyAccountLinkFilter instantiates a new PolicyAccountLinkFilter object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyAccountLinkFilterWithDefaults
+
+`func NewPolicyAccountLinkFilterWithDefaults() *PolicyAccountLinkFilter`
+
+NewPolicyAccountLinkFilterWithDefaults instantiates a new PolicyAccountLinkFilter object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetGroups
+
+`func (o *PolicyAccountLinkFilter) GetGroups() PolicyAccountLinkFilterGroups`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *PolicyAccountLinkFilter) GetGroupsOk() (*PolicyAccountLinkFilterGroups, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *PolicyAccountLinkFilter) SetGroups(v PolicyAccountLinkFilterGroups)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *PolicyAccountLinkFilter) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyAccountLinkFilterGroups.md b/okta/docs/PolicyAccountLinkFilterGroups.md
new file mode 100644
index 000000000..2158911a8
--- /dev/null
+++ b/okta/docs/PolicyAccountLinkFilterGroups.md
@@ -0,0 +1,56 @@
+# PolicyAccountLinkFilterGroups
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewPolicyAccountLinkFilterGroups
+
+`func NewPolicyAccountLinkFilterGroups() *PolicyAccountLinkFilterGroups`
+
+NewPolicyAccountLinkFilterGroups instantiates a new PolicyAccountLinkFilterGroups object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyAccountLinkFilterGroupsWithDefaults
+
+`func NewPolicyAccountLinkFilterGroupsWithDefaults() *PolicyAccountLinkFilterGroups`
+
+NewPolicyAccountLinkFilterGroupsWithDefaults instantiates a new PolicyAccountLinkFilterGroups object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInclude
+
+`func (o *PolicyAccountLinkFilterGroups) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *PolicyAccountLinkFilterGroups) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *PolicyAccountLinkFilterGroups) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *PolicyAccountLinkFilterGroups) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyApi.md b/okta/docs/PolicyApi.md
new file mode 100644
index 000000000..ba091aa95
--- /dev/null
+++ b/okta/docs/PolicyApi.md
@@ -0,0 +1,1082 @@
+# \PolicyApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivatePolicy**](PolicyApi.md#ActivatePolicy) | **Post** /api/v1/policies/{policyId}/lifecycle/activate | Activate a Policy
+[**ActivatePolicyRule**](PolicyApi.md#ActivatePolicyRule) | **Post** /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate | Activate a Policy Rule
+[**ClonePolicy**](PolicyApi.md#ClonePolicy) | **Post** /api/v1/policies/{policyId}/clone | Clone an existing policy
+[**CreatePolicy**](PolicyApi.md#CreatePolicy) | **Post** /api/v1/policies | Create a Policy
+[**CreatePolicyRule**](PolicyApi.md#CreatePolicyRule) | **Post** /api/v1/policies/{policyId}/rules | Create a Policy Rule
+[**DeactivatePolicy**](PolicyApi.md#DeactivatePolicy) | **Post** /api/v1/policies/{policyId}/lifecycle/deactivate | Deactivate a Policy
+[**DeactivatePolicyRule**](PolicyApi.md#DeactivatePolicyRule) | **Post** /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate | Deactivate a Policy Rule
+[**DeletePolicy**](PolicyApi.md#DeletePolicy) | **Delete** /api/v1/policies/{policyId} | Delete a Policy
+[**DeletePolicyRule**](PolicyApi.md#DeletePolicyRule) | **Delete** /api/v1/policies/{policyId}/rules/{ruleId} | Delete a Policy Rule
+[**GetPolicy**](PolicyApi.md#GetPolicy) | **Get** /api/v1/policies/{policyId} | Retrieve a Policy
+[**GetPolicyRule**](PolicyApi.md#GetPolicyRule) | **Get** /api/v1/policies/{policyId}/rules/{ruleId} | Retrieve a Policy Rule
+[**ListPolicies**](PolicyApi.md#ListPolicies) | **Get** /api/v1/policies | List all Policies
+[**ListPolicyRules**](PolicyApi.md#ListPolicyRules) | **Get** /api/v1/policies/{policyId}/rules | List all Policy Rules
+[**ReplacePolicy**](PolicyApi.md#ReplacePolicy) | **Put** /api/v1/policies/{policyId} | Replace a Policy
+[**ReplacePolicyRule**](PolicyApi.md#ReplacePolicyRule) | **Put** /api/v1/policies/{policyId}/rules/{ruleId} | Replace a Policy Rule
+
+
+
+## ActivatePolicy
+
+> ActivatePolicy(ctx, policyId).Execute()
+
+Activate a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.ActivatePolicy(context.Background(), policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.ActivatePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivatePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ActivatePolicyRule
+
+> ActivatePolicyRule(ctx, policyId, ruleId).Execute()
+
+Activate a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.ActivatePolicyRule(context.Background(), policyId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.ActivatePolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivatePolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ClonePolicy
+
+> ListPolicies200ResponseInner ClonePolicy(ctx, policyId).Execute()
+
+Clone an existing policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.ClonePolicy(context.Background(), policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.ClonePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ClonePolicy`: ListPolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.ClonePolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiClonePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListPolicies200ResponseInner**](ListPolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreatePolicy
+
+> ListPolicies200ResponseInner CreatePolicy(ctx).Policy(policy).Activate(activate).Execute()
+
+Create a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policy := openapiclient.listPolicies_200_response_inner{AccessPolicy: openapiclient.NewAccessPolicy()} // ListPolicies200ResponseInner | 
+    activate := true // bool |  (optional) (default to true)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.CreatePolicy(context.Background()).Policy(policy).Activate(activate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.CreatePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreatePolicy`: ListPolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.CreatePolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreatePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **policy** | [**ListPolicies200ResponseInner**](ListPolicies200ResponseInner.md) |  | 
+ **activate** | **bool** |  | [default to true]
+
+### Return type
+
+[**ListPolicies200ResponseInner**](ListPolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreatePolicyRule
+
+> ListPolicyRules200ResponseInner CreatePolicyRule(ctx, policyId).PolicyRule(policyRule).Execute()
+
+Create a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    policyRule := openapiclient.listPolicyRules_200_response_inner{AccessPolicyRule: openapiclient.NewAccessPolicyRule()} // ListPolicyRules200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.CreatePolicyRule(context.Background(), policyId).PolicyRule(policyRule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.CreatePolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreatePolicyRule`: ListPolicyRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.CreatePolicyRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreatePolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **policyRule** | [**ListPolicyRules200ResponseInner**](ListPolicyRules200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListPolicyRules200ResponseInner**](ListPolicyRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivatePolicy
+
+> DeactivatePolicy(ctx, policyId).Execute()
+
+Deactivate a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.DeactivatePolicy(context.Background(), policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.DeactivatePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivatePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivatePolicyRule
+
+> DeactivatePolicyRule(ctx, policyId, ruleId).Execute()
+
+Deactivate a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.DeactivatePolicyRule(context.Background(), policyId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.DeactivatePolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivatePolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeletePolicy
+
+> DeletePolicy(ctx, policyId).Execute()
+
+Delete a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.DeletePolicy(context.Background(), policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.DeletePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeletePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeletePolicyRule
+
+> DeletePolicyRule(ctx, policyId, ruleId).Execute()
+
+Delete a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.DeletePolicyRule(context.Background(), policyId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.DeletePolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeletePolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetPolicy
+
+> ListPolicies200ResponseInner GetPolicy(ctx, policyId).Expand(expand).Execute()
+
+Retrieve a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    expand := "expand_example" // string |  (optional) (default to "")
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.GetPolicy(context.Background(), policyId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.GetPolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetPolicy`: ListPolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.GetPolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetPolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** |  | [default to &quot;&quot;]
+
+### Return type
+
+[**ListPolicies200ResponseInner**](ListPolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetPolicyRule
+
+> ListPolicyRules200ResponseInner GetPolicyRule(ctx, policyId, ruleId).Execute()
+
+Retrieve a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.GetPolicyRule(context.Background(), policyId, ruleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.GetPolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetPolicyRule`: ListPolicyRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.GetPolicyRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetPolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**ListPolicyRules200ResponseInner**](ListPolicyRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListPolicies
+
+> []ListPolicies200ResponseInner ListPolicies(ctx).Type_(type_).Status(status).Expand(expand).Execute()
+
+List all Policies
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    type_ := "type__example" // string | 
+    status := "status_example" // string |  (optional)
+    expand := "expand_example" // string |  (optional) (default to "")
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.ListPolicies(context.Background()).Type_(type_).Status(status).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.ListPolicies``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListPolicies`: []ListPolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.ListPolicies`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListPoliciesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **type_** | **string** |  | 
+ **status** | **string** |  | 
+ **expand** | **string** |  | [default to &quot;&quot;]
+
+### Return type
+
+[**[]ListPolicies200ResponseInner**](ListPolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListPolicyRules
+
+> []ListPolicyRules200ResponseInner ListPolicyRules(ctx, policyId).Execute()
+
+List all Policy Rules
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.ListPolicyRules(context.Background(), policyId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.ListPolicyRules``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListPolicyRules`: []ListPolicyRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.ListPolicyRules`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListPolicyRulesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]ListPolicyRules200ResponseInner**](ListPolicyRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplacePolicy
+
+> ListPolicies200ResponseInner ReplacePolicy(ctx, policyId).Policy(policy).Execute()
+
+Replace a Policy
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    policy := openapiclient.listPolicies_200_response_inner{AccessPolicy: openapiclient.NewAccessPolicy()} // ListPolicies200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.ReplacePolicy(context.Background(), policyId).Policy(policy).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.ReplacePolicy``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplacePolicy`: ListPolicies200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.ReplacePolicy`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplacePolicyRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **policy** | [**ListPolicies200ResponseInner**](ListPolicies200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListPolicies200ResponseInner**](ListPolicies200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplacePolicyRule
+
+> ListPolicyRules200ResponseInner ReplacePolicyRule(ctx, policyId, ruleId).PolicyRule(policyRule).Execute()
+
+Replace a Policy Rule
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    policyId := "policyId_example" // string | 
+    ruleId := "ruleId_example" // string | 
+    policyRule := openapiclient.listPolicyRules_200_response_inner{AccessPolicyRule: openapiclient.NewAccessPolicyRule()} // ListPolicyRules200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PolicyApi.ReplacePolicyRule(context.Background(), policyId, ruleId).PolicyRule(policyRule).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PolicyApi.ReplacePolicyRule``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplacePolicyRule`: ListPolicyRules200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PolicyApi.ReplacePolicyRule`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**policyId** | **string** |  | 
+**ruleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplacePolicyRuleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **policyRule** | [**ListPolicyRules200ResponseInner**](ListPolicyRules200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListPolicyRules200ResponseInner**](ListPolicyRules200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/PolicyNetworkCondition.md b/okta/docs/PolicyNetworkCondition.md
new file mode 100644
index 000000000..a5a7f7fc7
--- /dev/null
+++ b/okta/docs/PolicyNetworkCondition.md
@@ -0,0 +1,108 @@
+# PolicyNetworkCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Connection** | Pointer to [**PolicyNetworkConnection**](PolicyNetworkConnection.md) |  | [optional] 
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewPolicyNetworkCondition
+
+`func NewPolicyNetworkCondition() *PolicyNetworkCondition`
+
+NewPolicyNetworkCondition instantiates a new PolicyNetworkCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyNetworkConditionWithDefaults
+
+`func NewPolicyNetworkConditionWithDefaults() *PolicyNetworkCondition`
+
+NewPolicyNetworkConditionWithDefaults instantiates a new PolicyNetworkCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConnection
+
+`func (o *PolicyNetworkCondition) GetConnection() PolicyNetworkConnection`
+
+GetConnection returns the Connection field if non-nil, zero value otherwise.
+
+### GetConnectionOk
+
+`func (o *PolicyNetworkCondition) GetConnectionOk() (*PolicyNetworkConnection, bool)`
+
+GetConnectionOk returns a tuple with the Connection field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConnection
+
+`func (o *PolicyNetworkCondition) SetConnection(v PolicyNetworkConnection)`
+
+SetConnection sets Connection field to given value.
+
+### HasConnection
+
+`func (o *PolicyNetworkCondition) HasConnection() bool`
+
+HasConnection returns a boolean if a field has been set.
+
+### GetExclude
+
+`func (o *PolicyNetworkCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *PolicyNetworkCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *PolicyNetworkCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *PolicyNetworkCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *PolicyNetworkCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *PolicyNetworkCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *PolicyNetworkCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *PolicyNetworkCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyNetworkConnection.md b/okta/docs/PolicyNetworkConnection.md
new file mode 100644
index 000000000..e14dfec5e
--- /dev/null
+++ b/okta/docs/PolicyNetworkConnection.md
@@ -0,0 +1,13 @@
+# PolicyNetworkConnection
+
+## Enum
+
+
+* `ANYWHERE` (value: `"ANYWHERE"`)
+
+* `ZONE` (value: `"ZONE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyPeopleCondition.md b/okta/docs/PolicyPeopleCondition.md
new file mode 100644
index 000000000..9c98c8ff7
--- /dev/null
+++ b/okta/docs/PolicyPeopleCondition.md
@@ -0,0 +1,82 @@
+# PolicyPeopleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Groups** | Pointer to [**GroupCondition**](GroupCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserCondition**](UserCondition.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyPeopleCondition
+
+`func NewPolicyPeopleCondition() *PolicyPeopleCondition`
+
+NewPolicyPeopleCondition instantiates a new PolicyPeopleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyPeopleConditionWithDefaults
+
+`func NewPolicyPeopleConditionWithDefaults() *PolicyPeopleCondition`
+
+NewPolicyPeopleConditionWithDefaults instantiates a new PolicyPeopleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetGroups
+
+`func (o *PolicyPeopleCondition) GetGroups() GroupCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *PolicyPeopleCondition) GetGroupsOk() (*GroupCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *PolicyPeopleCondition) SetGroups(v GroupCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *PolicyPeopleCondition) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *PolicyPeopleCondition) GetUsers() UserCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *PolicyPeopleCondition) GetUsersOk() (*UserCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *PolicyPeopleCondition) SetUsers(v UserCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *PolicyPeopleCondition) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyPlatformOperatingSystemType.md b/okta/docs/PolicyPlatformOperatingSystemType.md
new file mode 100644
index 000000000..2b1b58c77
--- /dev/null
+++ b/okta/docs/PolicyPlatformOperatingSystemType.md
@@ -0,0 +1,21 @@
+# PolicyPlatformOperatingSystemType
+
+## Enum
+
+
+* `ANDROID` (value: `"ANDROID"`)
+
+* `ANY` (value: `"ANY"`)
+
+* `IOS` (value: `"IOS"`)
+
+* `OSX` (value: `"OSX"`)
+
+* `OTHER` (value: `"OTHER"`)
+
+* `WINDOWS` (value: `"WINDOWS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyPlatformType.md b/okta/docs/PolicyPlatformType.md
new file mode 100644
index 000000000..bf720eff1
--- /dev/null
+++ b/okta/docs/PolicyPlatformType.md
@@ -0,0 +1,17 @@
+# PolicyPlatformType
+
+## Enum
+
+
+* `ANY` (value: `"ANY"`)
+
+* `DESKTOP` (value: `"DESKTOP"`)
+
+* `MOBILE` (value: `"MOBILE"`)
+
+* `OTHER` (value: `"OTHER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRule.md b/okta/docs/PolicyRule.md
new file mode 100644
index 000000000..f12cc749e
--- /dev/null
+++ b/okta/docs/PolicyRule.md
@@ -0,0 +1,258 @@
+# PolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Priority** | Pointer to **int32** |  | [optional] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**System** | Pointer to **bool** |  | [optional] [default to false]
+**Type** | Pointer to [**PolicyRuleType**](PolicyRuleType.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyRule
+
+`func NewPolicyRule() *PolicyRule`
+
+NewPolicyRule instantiates a new PolicyRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyRuleWithDefaults
+
+`func NewPolicyRuleWithDefaults() *PolicyRule`
+
+NewPolicyRuleWithDefaults instantiates a new PolicyRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *PolicyRule) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *PolicyRule) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *PolicyRule) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *PolicyRule) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### SetCreatedNil
+
+`func (o *PolicyRule) SetCreatedNil(b bool)`
+
+ SetCreatedNil sets the value for Created to be an explicit nil
+
+### UnsetCreated
+`func (o *PolicyRule) UnsetCreated()`
+
+UnsetCreated ensures that no value is present for Created, not even an explicit nil
+### GetId
+
+`func (o *PolicyRule) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *PolicyRule) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *PolicyRule) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *PolicyRule) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *PolicyRule) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *PolicyRule) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *PolicyRule) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *PolicyRule) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### SetLastUpdatedNil
+
+`func (o *PolicyRule) SetLastUpdatedNil(b bool)`
+
+ SetLastUpdatedNil sets the value for LastUpdated to be an explicit nil
+
+### UnsetLastUpdated
+`func (o *PolicyRule) UnsetLastUpdated()`
+
+UnsetLastUpdated ensures that no value is present for LastUpdated, not even an explicit nil
+### GetName
+
+`func (o *PolicyRule) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *PolicyRule) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *PolicyRule) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *PolicyRule) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPriority
+
+`func (o *PolicyRule) GetPriority() int32`
+
+GetPriority returns the Priority field if non-nil, zero value otherwise.
+
+### GetPriorityOk
+
+`func (o *PolicyRule) GetPriorityOk() (*int32, bool)`
+
+GetPriorityOk returns a tuple with the Priority field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPriority
+
+`func (o *PolicyRule) SetPriority(v int32)`
+
+SetPriority sets Priority field to given value.
+
+### HasPriority
+
+`func (o *PolicyRule) HasPriority() bool`
+
+HasPriority returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *PolicyRule) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *PolicyRule) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *PolicyRule) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *PolicyRule) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetSystem
+
+`func (o *PolicyRule) GetSystem() bool`
+
+GetSystem returns the System field if non-nil, zero value otherwise.
+
+### GetSystemOk
+
+`func (o *PolicyRule) GetSystemOk() (*bool, bool)`
+
+GetSystemOk returns a tuple with the System field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSystem
+
+`func (o *PolicyRule) SetSystem(v bool)`
+
+SetSystem sets System field to given value.
+
+### HasSystem
+
+`func (o *PolicyRule) HasSystem() bool`
+
+HasSystem returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *PolicyRule) GetType() PolicyRuleType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *PolicyRule) GetTypeOk() (*PolicyRuleType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *PolicyRule) SetType(v PolicyRuleType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *PolicyRule) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRuleActions.md b/okta/docs/PolicyRuleActions.md
new file mode 100644
index 000000000..f4ad3d834
--- /dev/null
+++ b/okta/docs/PolicyRuleActions.md
@@ -0,0 +1,186 @@
+# PolicyRuleActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enroll** | Pointer to [**PolicyRuleActionsEnroll**](PolicyRuleActionsEnroll.md) |  | [optional] 
+**Idp** | Pointer to [**IdpPolicyRuleAction**](IdpPolicyRuleAction.md) |  | [optional] 
+**PasswordChange** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServicePasswordReset** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServiceUnlock** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**Signon** | Pointer to [**OktaSignOnPolicyRuleSignonActions**](OktaSignOnPolicyRuleSignonActions.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyRuleActions
+
+`func NewPolicyRuleActions() *PolicyRuleActions`
+
+NewPolicyRuleActions instantiates a new PolicyRuleActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyRuleActionsWithDefaults
+
+`func NewPolicyRuleActionsWithDefaults() *PolicyRuleActions`
+
+NewPolicyRuleActionsWithDefaults instantiates a new PolicyRuleActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnroll
+
+`func (o *PolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll`
+
+GetEnroll returns the Enroll field if non-nil, zero value otherwise.
+
+### GetEnrollOk
+
+`func (o *PolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool)`
+
+GetEnrollOk returns a tuple with the Enroll field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnroll
+
+`func (o *PolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll)`
+
+SetEnroll sets Enroll field to given value.
+
+### HasEnroll
+
+`func (o *PolicyRuleActions) HasEnroll() bool`
+
+HasEnroll returns a boolean if a field has been set.
+
+### GetIdp
+
+`func (o *PolicyRuleActions) GetIdp() IdpPolicyRuleAction`
+
+GetIdp returns the Idp field if non-nil, zero value otherwise.
+
+### GetIdpOk
+
+`func (o *PolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool)`
+
+GetIdpOk returns a tuple with the Idp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdp
+
+`func (o *PolicyRuleActions) SetIdp(v IdpPolicyRuleAction)`
+
+SetIdp sets Idp field to given value.
+
+### HasIdp
+
+`func (o *PolicyRuleActions) HasIdp() bool`
+
+HasIdp returns a boolean if a field has been set.
+
+### GetPasswordChange
+
+`func (o *PolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction`
+
+GetPasswordChange returns the PasswordChange field if non-nil, zero value otherwise.
+
+### GetPasswordChangeOk
+
+`func (o *PolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool)`
+
+GetPasswordChangeOk returns a tuple with the PasswordChange field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChange
+
+`func (o *PolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction)`
+
+SetPasswordChange sets PasswordChange field to given value.
+
+### HasPasswordChange
+
+`func (o *PolicyRuleActions) HasPasswordChange() bool`
+
+HasPasswordChange returns a boolean if a field has been set.
+
+### GetSelfServicePasswordReset
+
+`func (o *PolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction`
+
+GetSelfServicePasswordReset returns the SelfServicePasswordReset field if non-nil, zero value otherwise.
+
+### GetSelfServicePasswordResetOk
+
+`func (o *PolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServicePasswordReset
+
+`func (o *PolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction)`
+
+SetSelfServicePasswordReset sets SelfServicePasswordReset field to given value.
+
+### HasSelfServicePasswordReset
+
+`func (o *PolicyRuleActions) HasSelfServicePasswordReset() bool`
+
+HasSelfServicePasswordReset returns a boolean if a field has been set.
+
+### GetSelfServiceUnlock
+
+`func (o *PolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction`
+
+GetSelfServiceUnlock returns the SelfServiceUnlock field if non-nil, zero value otherwise.
+
+### GetSelfServiceUnlockOk
+
+`func (o *PolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServiceUnlock
+
+`func (o *PolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction)`
+
+SetSelfServiceUnlock sets SelfServiceUnlock field to given value.
+
+### HasSelfServiceUnlock
+
+`func (o *PolicyRuleActions) HasSelfServiceUnlock() bool`
+
+HasSelfServiceUnlock returns a boolean if a field has been set.
+
+### GetSignon
+
+`func (o *PolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions`
+
+GetSignon returns the Signon field if non-nil, zero value otherwise.
+
+### GetSignonOk
+
+`func (o *PolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool)`
+
+GetSignonOk returns a tuple with the Signon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignon
+
+`func (o *PolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions)`
+
+SetSignon sets Signon field to given value.
+
+### HasSignon
+
+`func (o *PolicyRuleActions) HasSignon() bool`
+
+HasSignon returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRuleActionsEnroll.md b/okta/docs/PolicyRuleActionsEnroll.md
new file mode 100644
index 000000000..383181de5
--- /dev/null
+++ b/okta/docs/PolicyRuleActionsEnroll.md
@@ -0,0 +1,56 @@
+# PolicyRuleActionsEnroll
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**PolicyRuleActionsEnrollSelf**](PolicyRuleActionsEnrollSelf.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyRuleActionsEnroll
+
+`func NewPolicyRuleActionsEnroll() *PolicyRuleActionsEnroll`
+
+NewPolicyRuleActionsEnroll instantiates a new PolicyRuleActionsEnroll object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyRuleActionsEnrollWithDefaults
+
+`func NewPolicyRuleActionsEnrollWithDefaults() *PolicyRuleActionsEnroll`
+
+NewPolicyRuleActionsEnrollWithDefaults instantiates a new PolicyRuleActionsEnroll object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *PolicyRuleActionsEnroll) GetSelf() PolicyRuleActionsEnrollSelf`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *PolicyRuleActionsEnroll) GetSelfOk() (*PolicyRuleActionsEnrollSelf, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *PolicyRuleActionsEnroll) SetSelf(v PolicyRuleActionsEnrollSelf)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *PolicyRuleActionsEnroll) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRuleActionsEnrollSelf.md b/okta/docs/PolicyRuleActionsEnrollSelf.md
new file mode 100644
index 000000000..28d221044
--- /dev/null
+++ b/okta/docs/PolicyRuleActionsEnrollSelf.md
@@ -0,0 +1,15 @@
+# PolicyRuleActionsEnrollSelf
+
+## Enum
+
+
+* `CHALLENGE` (value: `"CHALLENGE"`)
+
+* `LOGIN` (value: `"LOGIN"`)
+
+* `NEVER` (value: `"NEVER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRuleAuthContextCondition.md b/okta/docs/PolicyRuleAuthContextCondition.md
new file mode 100644
index 000000000..9d7a6ce99
--- /dev/null
+++ b/okta/docs/PolicyRuleAuthContextCondition.md
@@ -0,0 +1,56 @@
+# PolicyRuleAuthContextCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthType** | Pointer to [**PolicyRuleAuthContextType**](PolicyRuleAuthContextType.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyRuleAuthContextCondition
+
+`func NewPolicyRuleAuthContextCondition() *PolicyRuleAuthContextCondition`
+
+NewPolicyRuleAuthContextCondition instantiates a new PolicyRuleAuthContextCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyRuleAuthContextConditionWithDefaults
+
+`func NewPolicyRuleAuthContextConditionWithDefaults() *PolicyRuleAuthContextCondition`
+
+NewPolicyRuleAuthContextConditionWithDefaults instantiates a new PolicyRuleAuthContextCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthType
+
+`func (o *PolicyRuleAuthContextCondition) GetAuthType() PolicyRuleAuthContextType`
+
+GetAuthType returns the AuthType field if non-nil, zero value otherwise.
+
+### GetAuthTypeOk
+
+`func (o *PolicyRuleAuthContextCondition) GetAuthTypeOk() (*PolicyRuleAuthContextType, bool)`
+
+GetAuthTypeOk returns a tuple with the AuthType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthType
+
+`func (o *PolicyRuleAuthContextCondition) SetAuthType(v PolicyRuleAuthContextType)`
+
+SetAuthType sets AuthType field to given value.
+
+### HasAuthType
+
+`func (o *PolicyRuleAuthContextCondition) HasAuthType() bool`
+
+HasAuthType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRuleAuthContextType.md b/okta/docs/PolicyRuleAuthContextType.md
new file mode 100644
index 000000000..3874edc24
--- /dev/null
+++ b/okta/docs/PolicyRuleAuthContextType.md
@@ -0,0 +1,13 @@
+# PolicyRuleAuthContextType
+
+## Enum
+
+
+* `ANY` (value: `"ANY"`)
+
+* `RADIUS` (value: `"RADIUS"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRuleConditions.md b/okta/docs/PolicyRuleConditions.md
new file mode 100644
index 000000000..9a72854e3
--- /dev/null
+++ b/okta/docs/PolicyRuleConditions.md
@@ -0,0 +1,576 @@
+# PolicyRuleConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**AppAndInstancePolicyRuleCondition**](AppAndInstancePolicyRuleCondition.md) |  | [optional] 
+**Apps** | Pointer to [**AppInstancePolicyRuleCondition**](AppInstancePolicyRuleCondition.md) |  | [optional] 
+**AuthContext** | Pointer to [**PolicyRuleAuthContextCondition**](PolicyRuleAuthContextCondition.md) |  | [optional] 
+**AuthProvider** | Pointer to [**PasswordPolicyAuthenticationProviderCondition**](PasswordPolicyAuthenticationProviderCondition.md) |  | [optional] 
+**BeforeScheduledAction** | Pointer to [**BeforeScheduledActionPolicyRuleCondition**](BeforeScheduledActionPolicyRuleCondition.md) |  | [optional] 
+**Clients** | Pointer to [**ClientPolicyCondition**](ClientPolicyCondition.md) |  | [optional] 
+**Context** | Pointer to [**ContextPolicyRuleCondition**](ContextPolicyRuleCondition.md) |  | [optional] 
+**Device** | Pointer to [**DevicePolicyRuleCondition**](DevicePolicyRuleCondition.md) |  | [optional] 
+**GrantTypes** | Pointer to [**GrantTypePolicyRuleCondition**](GrantTypePolicyRuleCondition.md) |  | [optional] 
+**Groups** | Pointer to [**GroupPolicyRuleCondition**](GroupPolicyRuleCondition.md) |  | [optional] 
+**IdentityProvider** | Pointer to [**IdentityProviderPolicyRuleCondition**](IdentityProviderPolicyRuleCondition.md) |  | [optional] 
+**MdmEnrollment** | Pointer to [**MDMEnrollmentPolicyRuleCondition**](MDMEnrollmentPolicyRuleCondition.md) |  | [optional] 
+**Network** | Pointer to [**PolicyNetworkCondition**](PolicyNetworkCondition.md) |  | [optional] 
+**People** | Pointer to [**PolicyPeopleCondition**](PolicyPeopleCondition.md) |  | [optional] 
+**Platform** | Pointer to [**PlatformPolicyRuleCondition**](PlatformPolicyRuleCondition.md) |  | [optional] 
+**Risk** | Pointer to [**RiskPolicyRuleCondition**](RiskPolicyRuleCondition.md) |  | [optional] 
+**RiskScore** | Pointer to [**RiskScorePolicyRuleCondition**](RiskScorePolicyRuleCondition.md) |  | [optional] 
+**Scopes** | Pointer to [**OAuth2ScopesMediationPolicyRuleCondition**](OAuth2ScopesMediationPolicyRuleCondition.md) |  | [optional] 
+**UserIdentifier** | Pointer to [**UserIdentifierPolicyRuleCondition**](UserIdentifierPolicyRuleCondition.md) |  | [optional] 
+**Users** | Pointer to [**UserPolicyRuleCondition**](UserPolicyRuleCondition.md) |  | [optional] 
+**UserStatus** | Pointer to [**UserStatusPolicyRuleCondition**](UserStatusPolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewPolicyRuleConditions
+
+`func NewPolicyRuleConditions() *PolicyRuleConditions`
+
+NewPolicyRuleConditions instantiates a new PolicyRuleConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyRuleConditionsWithDefaults
+
+`func NewPolicyRuleConditionsWithDefaults() *PolicyRuleConditions`
+
+NewPolicyRuleConditionsWithDefaults instantiates a new PolicyRuleConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *PolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *PolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *PolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *PolicyRuleConditions) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetApps
+
+`func (o *PolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition`
+
+GetApps returns the Apps field if non-nil, zero value otherwise.
+
+### GetAppsOk
+
+`func (o *PolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool)`
+
+GetAppsOk returns a tuple with the Apps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApps
+
+`func (o *PolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition)`
+
+SetApps sets Apps field to given value.
+
+### HasApps
+
+`func (o *PolicyRuleConditions) HasApps() bool`
+
+HasApps returns a boolean if a field has been set.
+
+### GetAuthContext
+
+`func (o *PolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition`
+
+GetAuthContext returns the AuthContext field if non-nil, zero value otherwise.
+
+### GetAuthContextOk
+
+`func (o *PolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool)`
+
+GetAuthContextOk returns a tuple with the AuthContext field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthContext
+
+`func (o *PolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition)`
+
+SetAuthContext sets AuthContext field to given value.
+
+### HasAuthContext
+
+`func (o *PolicyRuleConditions) HasAuthContext() bool`
+
+HasAuthContext returns a boolean if a field has been set.
+
+### GetAuthProvider
+
+`func (o *PolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition`
+
+GetAuthProvider returns the AuthProvider field if non-nil, zero value otherwise.
+
+### GetAuthProviderOk
+
+`func (o *PolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool)`
+
+GetAuthProviderOk returns a tuple with the AuthProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthProvider
+
+`func (o *PolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition)`
+
+SetAuthProvider sets AuthProvider field to given value.
+
+### HasAuthProvider
+
+`func (o *PolicyRuleConditions) HasAuthProvider() bool`
+
+HasAuthProvider returns a boolean if a field has been set.
+
+### GetBeforeScheduledAction
+
+`func (o *PolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition`
+
+GetBeforeScheduledAction returns the BeforeScheduledAction field if non-nil, zero value otherwise.
+
+### GetBeforeScheduledActionOk
+
+`func (o *PolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool)`
+
+GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBeforeScheduledAction
+
+`func (o *PolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition)`
+
+SetBeforeScheduledAction sets BeforeScheduledAction field to given value.
+
+### HasBeforeScheduledAction
+
+`func (o *PolicyRuleConditions) HasBeforeScheduledAction() bool`
+
+HasBeforeScheduledAction returns a boolean if a field has been set.
+
+### GetClients
+
+`func (o *PolicyRuleConditions) GetClients() ClientPolicyCondition`
+
+GetClients returns the Clients field if non-nil, zero value otherwise.
+
+### GetClientsOk
+
+`func (o *PolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool)`
+
+GetClientsOk returns a tuple with the Clients field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClients
+
+`func (o *PolicyRuleConditions) SetClients(v ClientPolicyCondition)`
+
+SetClients sets Clients field to given value.
+
+### HasClients
+
+`func (o *PolicyRuleConditions) HasClients() bool`
+
+HasClients returns a boolean if a field has been set.
+
+### GetContext
+
+`func (o *PolicyRuleConditions) GetContext() ContextPolicyRuleCondition`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *PolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *PolicyRuleConditions) SetContext(v ContextPolicyRuleCondition)`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *PolicyRuleConditions) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### GetDevice
+
+`func (o *PolicyRuleConditions) GetDevice() DevicePolicyRuleCondition`
+
+GetDevice returns the Device field if non-nil, zero value otherwise.
+
+### GetDeviceOk
+
+`func (o *PolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool)`
+
+GetDeviceOk returns a tuple with the Device field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDevice
+
+`func (o *PolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition)`
+
+SetDevice sets Device field to given value.
+
+### HasDevice
+
+`func (o *PolicyRuleConditions) HasDevice() bool`
+
+HasDevice returns a boolean if a field has been set.
+
+### GetGrantTypes
+
+`func (o *PolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition`
+
+GetGrantTypes returns the GrantTypes field if non-nil, zero value otherwise.
+
+### GetGrantTypesOk
+
+`func (o *PolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool)`
+
+GetGrantTypesOk returns a tuple with the GrantTypes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGrantTypes
+
+`func (o *PolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition)`
+
+SetGrantTypes sets GrantTypes field to given value.
+
+### HasGrantTypes
+
+`func (o *PolicyRuleConditions) HasGrantTypes() bool`
+
+HasGrantTypes returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *PolicyRuleConditions) GetGroups() GroupPolicyRuleCondition`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *PolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *PolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *PolicyRuleConditions) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetIdentityProvider
+
+`func (o *PolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition`
+
+GetIdentityProvider returns the IdentityProvider field if non-nil, zero value otherwise.
+
+### GetIdentityProviderOk
+
+`func (o *PolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool)`
+
+GetIdentityProviderOk returns a tuple with the IdentityProvider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityProvider
+
+`func (o *PolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition)`
+
+SetIdentityProvider sets IdentityProvider field to given value.
+
+### HasIdentityProvider
+
+`func (o *PolicyRuleConditions) HasIdentityProvider() bool`
+
+HasIdentityProvider returns a boolean if a field has been set.
+
+### GetMdmEnrollment
+
+`func (o *PolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition`
+
+GetMdmEnrollment returns the MdmEnrollment field if non-nil, zero value otherwise.
+
+### GetMdmEnrollmentOk
+
+`func (o *PolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool)`
+
+GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMdmEnrollment
+
+`func (o *PolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition)`
+
+SetMdmEnrollment sets MdmEnrollment field to given value.
+
+### HasMdmEnrollment
+
+`func (o *PolicyRuleConditions) HasMdmEnrollment() bool`
+
+HasMdmEnrollment returns a boolean if a field has been set.
+
+### GetNetwork
+
+`func (o *PolicyRuleConditions) GetNetwork() PolicyNetworkCondition`
+
+GetNetwork returns the Network field if non-nil, zero value otherwise.
+
+### GetNetworkOk
+
+`func (o *PolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool)`
+
+GetNetworkOk returns a tuple with the Network field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNetwork
+
+`func (o *PolicyRuleConditions) SetNetwork(v PolicyNetworkCondition)`
+
+SetNetwork sets Network field to given value.
+
+### HasNetwork
+
+`func (o *PolicyRuleConditions) HasNetwork() bool`
+
+HasNetwork returns a boolean if a field has been set.
+
+### GetPeople
+
+`func (o *PolicyRuleConditions) GetPeople() PolicyPeopleCondition`
+
+GetPeople returns the People field if non-nil, zero value otherwise.
+
+### GetPeopleOk
+
+`func (o *PolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool)`
+
+GetPeopleOk returns a tuple with the People field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPeople
+
+`func (o *PolicyRuleConditions) SetPeople(v PolicyPeopleCondition)`
+
+SetPeople sets People field to given value.
+
+### HasPeople
+
+`func (o *PolicyRuleConditions) HasPeople() bool`
+
+HasPeople returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *PolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *PolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *PolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *PolicyRuleConditions) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetRisk
+
+`func (o *PolicyRuleConditions) GetRisk() RiskPolicyRuleCondition`
+
+GetRisk returns the Risk field if non-nil, zero value otherwise.
+
+### GetRiskOk
+
+`func (o *PolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool)`
+
+GetRiskOk returns a tuple with the Risk field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRisk
+
+`func (o *PolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition)`
+
+SetRisk sets Risk field to given value.
+
+### HasRisk
+
+`func (o *PolicyRuleConditions) HasRisk() bool`
+
+HasRisk returns a boolean if a field has been set.
+
+### GetRiskScore
+
+`func (o *PolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition`
+
+GetRiskScore returns the RiskScore field if non-nil, zero value otherwise.
+
+### GetRiskScoreOk
+
+`func (o *PolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool)`
+
+GetRiskScoreOk returns a tuple with the RiskScore field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskScore
+
+`func (o *PolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition)`
+
+SetRiskScore sets RiskScore field to given value.
+
+### HasRiskScore
+
+`func (o *PolicyRuleConditions) HasRiskScore() bool`
+
+HasRiskScore returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *PolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *PolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *PolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *PolicyRuleConditions) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetUserIdentifier
+
+`func (o *PolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition`
+
+GetUserIdentifier returns the UserIdentifier field if non-nil, zero value otherwise.
+
+### GetUserIdentifierOk
+
+`func (o *PolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool)`
+
+GetUserIdentifierOk returns a tuple with the UserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserIdentifier
+
+`func (o *PolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition)`
+
+SetUserIdentifier sets UserIdentifier field to given value.
+
+### HasUserIdentifier
+
+`func (o *PolicyRuleConditions) HasUserIdentifier() bool`
+
+HasUserIdentifier returns a boolean if a field has been set.
+
+### GetUsers
+
+`func (o *PolicyRuleConditions) GetUsers() UserPolicyRuleCondition`
+
+GetUsers returns the Users field if non-nil, zero value otherwise.
+
+### GetUsersOk
+
+`func (o *PolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool)`
+
+GetUsersOk returns a tuple with the Users field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsers
+
+`func (o *PolicyRuleConditions) SetUsers(v UserPolicyRuleCondition)`
+
+SetUsers sets Users field to given value.
+
+### HasUsers
+
+`func (o *PolicyRuleConditions) HasUsers() bool`
+
+HasUsers returns a boolean if a field has been set.
+
+### GetUserStatus
+
+`func (o *PolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition`
+
+GetUserStatus returns the UserStatus field if non-nil, zero value otherwise.
+
+### GetUserStatusOk
+
+`func (o *PolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool)`
+
+GetUserStatusOk returns a tuple with the UserStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserStatus
+
+`func (o *PolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition)`
+
+SetUserStatus sets UserStatus field to given value.
+
+### HasUserStatus
+
+`func (o *PolicyRuleConditions) HasUserStatus() bool`
+
+HasUserStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyRuleType.md b/okta/docs/PolicyRuleType.md
new file mode 100644
index 000000000..c571013c2
--- /dev/null
+++ b/okta/docs/PolicyRuleType.md
@@ -0,0 +1,23 @@
+# PolicyRuleType
+
+## Enum
+
+
+* `ACCESS_POLICY` (value: `"ACCESS_POLICY"`)
+
+* `IDP_DISCOVERY` (value: `"IDP_DISCOVERY"`)
+
+* `MFA_ENROLL` (value: `"MFA_ENROLL"`)
+
+* `PASSWORD` (value: `"PASSWORD"`)
+
+* `PROFILE_ENROLLMENT` (value: `"PROFILE_ENROLLMENT"`)
+
+* `RESOURCE_ACCESS` (value: `"RESOURCE_ACCESS"`)
+
+* `SIGN_ON` (value: `"SIGN_ON"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicySubject.md b/okta/docs/PolicySubject.md
new file mode 100644
index 000000000..2ab94d10b
--- /dev/null
+++ b/okta/docs/PolicySubject.md
@@ -0,0 +1,160 @@
+# PolicySubject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Filter** | Pointer to **string** |  | [optional] 
+**Format** | Pointer to **[]string** |  | [optional] 
+**MatchAttribute** | Pointer to **string** |  | [optional] 
+**MatchType** | Pointer to [**PolicySubjectMatchType**](PolicySubjectMatchType.md) |  | [optional] 
+**UserNameTemplate** | Pointer to [**PolicyUserNameTemplate**](PolicyUserNameTemplate.md) |  | [optional] 
+
+## Methods
+
+### NewPolicySubject
+
+`func NewPolicySubject() *PolicySubject`
+
+NewPolicySubject instantiates a new PolicySubject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicySubjectWithDefaults
+
+`func NewPolicySubjectWithDefaults() *PolicySubject`
+
+NewPolicySubjectWithDefaults instantiates a new PolicySubject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFilter
+
+`func (o *PolicySubject) GetFilter() string`
+
+GetFilter returns the Filter field if non-nil, zero value otherwise.
+
+### GetFilterOk
+
+`func (o *PolicySubject) GetFilterOk() (*string, bool)`
+
+GetFilterOk returns a tuple with the Filter field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFilter
+
+`func (o *PolicySubject) SetFilter(v string)`
+
+SetFilter sets Filter field to given value.
+
+### HasFilter
+
+`func (o *PolicySubject) HasFilter() bool`
+
+HasFilter returns a boolean if a field has been set.
+
+### GetFormat
+
+`func (o *PolicySubject) GetFormat() []string`
+
+GetFormat returns the Format field if non-nil, zero value otherwise.
+
+### GetFormatOk
+
+`func (o *PolicySubject) GetFormatOk() (*[]string, bool)`
+
+GetFormatOk returns a tuple with the Format field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFormat
+
+`func (o *PolicySubject) SetFormat(v []string)`
+
+SetFormat sets Format field to given value.
+
+### HasFormat
+
+`func (o *PolicySubject) HasFormat() bool`
+
+HasFormat returns a boolean if a field has been set.
+
+### GetMatchAttribute
+
+`func (o *PolicySubject) GetMatchAttribute() string`
+
+GetMatchAttribute returns the MatchAttribute field if non-nil, zero value otherwise.
+
+### GetMatchAttributeOk
+
+`func (o *PolicySubject) GetMatchAttributeOk() (*string, bool)`
+
+GetMatchAttributeOk returns a tuple with the MatchAttribute field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMatchAttribute
+
+`func (o *PolicySubject) SetMatchAttribute(v string)`
+
+SetMatchAttribute sets MatchAttribute field to given value.
+
+### HasMatchAttribute
+
+`func (o *PolicySubject) HasMatchAttribute() bool`
+
+HasMatchAttribute returns a boolean if a field has been set.
+
+### GetMatchType
+
+`func (o *PolicySubject) GetMatchType() PolicySubjectMatchType`
+
+GetMatchType returns the MatchType field if non-nil, zero value otherwise.
+
+### GetMatchTypeOk
+
+`func (o *PolicySubject) GetMatchTypeOk() (*PolicySubjectMatchType, bool)`
+
+GetMatchTypeOk returns a tuple with the MatchType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMatchType
+
+`func (o *PolicySubject) SetMatchType(v PolicySubjectMatchType)`
+
+SetMatchType sets MatchType field to given value.
+
+### HasMatchType
+
+`func (o *PolicySubject) HasMatchType() bool`
+
+HasMatchType returns a boolean if a field has been set.
+
+### GetUserNameTemplate
+
+`func (o *PolicySubject) GetUserNameTemplate() PolicyUserNameTemplate`
+
+GetUserNameTemplate returns the UserNameTemplate field if non-nil, zero value otherwise.
+
+### GetUserNameTemplateOk
+
+`func (o *PolicySubject) GetUserNameTemplateOk() (*PolicyUserNameTemplate, bool)`
+
+GetUserNameTemplateOk returns a tuple with the UserNameTemplate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserNameTemplate
+
+`func (o *PolicySubject) SetUserNameTemplate(v PolicyUserNameTemplate)`
+
+SetUserNameTemplate sets UserNameTemplate field to given value.
+
+### HasUserNameTemplate
+
+`func (o *PolicySubject) HasUserNameTemplate() bool`
+
+HasUserNameTemplate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicySubjectMatchType.md b/okta/docs/PolicySubjectMatchType.md
new file mode 100644
index 000000000..c1c698fb3
--- /dev/null
+++ b/okta/docs/PolicySubjectMatchType.md
@@ -0,0 +1,17 @@
+# PolicySubjectMatchType
+
+## Enum
+
+
+* `CUSTOM_ATTRIBUTE` (value: `"CUSTOM_ATTRIBUTE"`)
+
+* `EMAIL` (value: `"EMAIL"`)
+
+* `USERNAME` (value: `"USERNAME"`)
+
+* `USERNAME_OR_EMAIL` (value: `"USERNAME_OR_EMAIL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyType.md b/okta/docs/PolicyType.md
new file mode 100644
index 000000000..e189cab12
--- /dev/null
+++ b/okta/docs/PolicyType.md
@@ -0,0 +1,23 @@
+# PolicyType
+
+## Enum
+
+
+* `ACCESS_POLICY` (value: `"ACCESS_POLICY"`)
+
+* `IDP_DISCOVERY` (value: `"IDP_DISCOVERY"`)
+
+* `MFA_ENROLL` (value: `"MFA_ENROLL"`)
+
+* `OAUTH_AUTHORIZATION_POLICY` (value: `"OAUTH_AUTHORIZATION_POLICY"`)
+
+* `OKTA_SIGN_ON` (value: `"OKTA_SIGN_ON"`)
+
+* `PASSWORD` (value: `"PASSWORD"`)
+
+* `PROFILE_ENROLLMENT` (value: `"PROFILE_ENROLLMENT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyUserNameTemplate.md b/okta/docs/PolicyUserNameTemplate.md
new file mode 100644
index 000000000..8dd6b03be
--- /dev/null
+++ b/okta/docs/PolicyUserNameTemplate.md
@@ -0,0 +1,56 @@
+# PolicyUserNameTemplate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Template** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPolicyUserNameTemplate
+
+`func NewPolicyUserNameTemplate() *PolicyUserNameTemplate`
+
+NewPolicyUserNameTemplate instantiates a new PolicyUserNameTemplate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPolicyUserNameTemplateWithDefaults
+
+`func NewPolicyUserNameTemplateWithDefaults() *PolicyUserNameTemplate`
+
+NewPolicyUserNameTemplateWithDefaults instantiates a new PolicyUserNameTemplate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetTemplate
+
+`func (o *PolicyUserNameTemplate) GetTemplate() string`
+
+GetTemplate returns the Template field if non-nil, zero value otherwise.
+
+### GetTemplateOk
+
+`func (o *PolicyUserNameTemplate) GetTemplateOk() (*string, bool)`
+
+GetTemplateOk returns a tuple with the Template field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTemplate
+
+`func (o *PolicyUserNameTemplate) SetTemplate(v string)`
+
+SetTemplate sets Template field to given value.
+
+### HasTemplate
+
+`func (o *PolicyUserNameTemplate) HasTemplate() bool`
+
+HasTemplate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PolicyUserStatus.md b/okta/docs/PolicyUserStatus.md
new file mode 100644
index 000000000..4e4b2d1a2
--- /dev/null
+++ b/okta/docs/PolicyUserStatus.md
@@ -0,0 +1,25 @@
+# PolicyUserStatus
+
+## Enum
+
+
+* `ACTIVATING` (value: `"ACTIVATING"`)
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `DELETED` (value: `"DELETED"`)
+
+* `DELETING` (value: `"DELETING"`)
+
+* `EXPIRED_PASSWORD` (value: `"EXPIRED_PASSWORD"`)
+
+* `INACTIVE` (value: `"INACTIVE"`)
+
+* `PENDING` (value: `"PENDING"`)
+
+* `SUSPENDED` (value: `"SUSPENDED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PossessionConstraint.md b/okta/docs/PossessionConstraint.md
new file mode 100644
index 000000000..7112ab8d9
--- /dev/null
+++ b/okta/docs/PossessionConstraint.md
@@ -0,0 +1,212 @@
+# PossessionConstraint
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Methods** | Pointer to **[]string** |  | [optional] 
+**ReauthenticateIn** | Pointer to **string** |  | [optional] 
+**Types** | Pointer to **[]string** |  | [optional] 
+**DeviceBound** | Pointer to **string** |  | [optional] 
+**HardwareProtection** | Pointer to **string** |  | [optional] 
+**PhishingResistant** | Pointer to **string** |  | [optional] 
+**UserPresence** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPossessionConstraint
+
+`func NewPossessionConstraint() *PossessionConstraint`
+
+NewPossessionConstraint instantiates a new PossessionConstraint object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPossessionConstraintWithDefaults
+
+`func NewPossessionConstraintWithDefaults() *PossessionConstraint`
+
+NewPossessionConstraintWithDefaults instantiates a new PossessionConstraint object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMethods
+
+`func (o *PossessionConstraint) GetMethods() []string`
+
+GetMethods returns the Methods field if non-nil, zero value otherwise.
+
+### GetMethodsOk
+
+`func (o *PossessionConstraint) GetMethodsOk() (*[]string, bool)`
+
+GetMethodsOk returns a tuple with the Methods field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMethods
+
+`func (o *PossessionConstraint) SetMethods(v []string)`
+
+SetMethods sets Methods field to given value.
+
+### HasMethods
+
+`func (o *PossessionConstraint) HasMethods() bool`
+
+HasMethods returns a boolean if a field has been set.
+
+### GetReauthenticateIn
+
+`func (o *PossessionConstraint) GetReauthenticateIn() string`
+
+GetReauthenticateIn returns the ReauthenticateIn field if non-nil, zero value otherwise.
+
+### GetReauthenticateInOk
+
+`func (o *PossessionConstraint) GetReauthenticateInOk() (*string, bool)`
+
+GetReauthenticateInOk returns a tuple with the ReauthenticateIn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReauthenticateIn
+
+`func (o *PossessionConstraint) SetReauthenticateIn(v string)`
+
+SetReauthenticateIn sets ReauthenticateIn field to given value.
+
+### HasReauthenticateIn
+
+`func (o *PossessionConstraint) HasReauthenticateIn() bool`
+
+HasReauthenticateIn returns a boolean if a field has been set.
+
+### GetTypes
+
+`func (o *PossessionConstraint) GetTypes() []string`
+
+GetTypes returns the Types field if non-nil, zero value otherwise.
+
+### GetTypesOk
+
+`func (o *PossessionConstraint) GetTypesOk() (*[]string, bool)`
+
+GetTypesOk returns a tuple with the Types field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTypes
+
+`func (o *PossessionConstraint) SetTypes(v []string)`
+
+SetTypes sets Types field to given value.
+
+### HasTypes
+
+`func (o *PossessionConstraint) HasTypes() bool`
+
+HasTypes returns a boolean if a field has been set.
+
+### GetDeviceBound
+
+`func (o *PossessionConstraint) GetDeviceBound() string`
+
+GetDeviceBound returns the DeviceBound field if non-nil, zero value otherwise.
+
+### GetDeviceBoundOk
+
+`func (o *PossessionConstraint) GetDeviceBoundOk() (*string, bool)`
+
+GetDeviceBoundOk returns a tuple with the DeviceBound field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceBound
+
+`func (o *PossessionConstraint) SetDeviceBound(v string)`
+
+SetDeviceBound sets DeviceBound field to given value.
+
+### HasDeviceBound
+
+`func (o *PossessionConstraint) HasDeviceBound() bool`
+
+HasDeviceBound returns a boolean if a field has been set.
+
+### GetHardwareProtection
+
+`func (o *PossessionConstraint) GetHardwareProtection() string`
+
+GetHardwareProtection returns the HardwareProtection field if non-nil, zero value otherwise.
+
+### GetHardwareProtectionOk
+
+`func (o *PossessionConstraint) GetHardwareProtectionOk() (*string, bool)`
+
+GetHardwareProtectionOk returns a tuple with the HardwareProtection field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHardwareProtection
+
+`func (o *PossessionConstraint) SetHardwareProtection(v string)`
+
+SetHardwareProtection sets HardwareProtection field to given value.
+
+### HasHardwareProtection
+
+`func (o *PossessionConstraint) HasHardwareProtection() bool`
+
+HasHardwareProtection returns a boolean if a field has been set.
+
+### GetPhishingResistant
+
+`func (o *PossessionConstraint) GetPhishingResistant() string`
+
+GetPhishingResistant returns the PhishingResistant field if non-nil, zero value otherwise.
+
+### GetPhishingResistantOk
+
+`func (o *PossessionConstraint) GetPhishingResistantOk() (*string, bool)`
+
+GetPhishingResistantOk returns a tuple with the PhishingResistant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPhishingResistant
+
+`func (o *PossessionConstraint) SetPhishingResistant(v string)`
+
+SetPhishingResistant sets PhishingResistant field to given value.
+
+### HasPhishingResistant
+
+`func (o *PossessionConstraint) HasPhishingResistant() bool`
+
+HasPhishingResistant returns a boolean if a field has been set.
+
+### GetUserPresence
+
+`func (o *PossessionConstraint) GetUserPresence() string`
+
+GetUserPresence returns the UserPresence field if non-nil, zero value otherwise.
+
+### GetUserPresenceOk
+
+`func (o *PossessionConstraint) GetUserPresenceOk() (*string, bool)`
+
+GetUserPresenceOk returns a tuple with the UserPresence field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserPresence
+
+`func (o *PossessionConstraint) SetUserPresence(v string)`
+
+SetUserPresence sets UserPresence field to given value.
+
+### HasUserPresence
+
+`func (o *PossessionConstraint) HasUserPresence() bool`
+
+HasUserPresence returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PossessionConstraintAllOf.md b/okta/docs/PossessionConstraintAllOf.md
new file mode 100644
index 000000000..5954f640b
--- /dev/null
+++ b/okta/docs/PossessionConstraintAllOf.md
@@ -0,0 +1,134 @@
+# PossessionConstraintAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DeviceBound** | Pointer to **string** |  | [optional] 
+**HardwareProtection** | Pointer to **string** |  | [optional] 
+**PhishingResistant** | Pointer to **string** |  | [optional] 
+**UserPresence** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPossessionConstraintAllOf
+
+`func NewPossessionConstraintAllOf() *PossessionConstraintAllOf`
+
+NewPossessionConstraintAllOf instantiates a new PossessionConstraintAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPossessionConstraintAllOfWithDefaults
+
+`func NewPossessionConstraintAllOfWithDefaults() *PossessionConstraintAllOf`
+
+NewPossessionConstraintAllOfWithDefaults instantiates a new PossessionConstraintAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDeviceBound
+
+`func (o *PossessionConstraintAllOf) GetDeviceBound() string`
+
+GetDeviceBound returns the DeviceBound field if non-nil, zero value otherwise.
+
+### GetDeviceBoundOk
+
+`func (o *PossessionConstraintAllOf) GetDeviceBoundOk() (*string, bool)`
+
+GetDeviceBoundOk returns a tuple with the DeviceBound field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceBound
+
+`func (o *PossessionConstraintAllOf) SetDeviceBound(v string)`
+
+SetDeviceBound sets DeviceBound field to given value.
+
+### HasDeviceBound
+
+`func (o *PossessionConstraintAllOf) HasDeviceBound() bool`
+
+HasDeviceBound returns a boolean if a field has been set.
+
+### GetHardwareProtection
+
+`func (o *PossessionConstraintAllOf) GetHardwareProtection() string`
+
+GetHardwareProtection returns the HardwareProtection field if non-nil, zero value otherwise.
+
+### GetHardwareProtectionOk
+
+`func (o *PossessionConstraintAllOf) GetHardwareProtectionOk() (*string, bool)`
+
+GetHardwareProtectionOk returns a tuple with the HardwareProtection field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHardwareProtection
+
+`func (o *PossessionConstraintAllOf) SetHardwareProtection(v string)`
+
+SetHardwareProtection sets HardwareProtection field to given value.
+
+### HasHardwareProtection
+
+`func (o *PossessionConstraintAllOf) HasHardwareProtection() bool`
+
+HasHardwareProtection returns a boolean if a field has been set.
+
+### GetPhishingResistant
+
+`func (o *PossessionConstraintAllOf) GetPhishingResistant() string`
+
+GetPhishingResistant returns the PhishingResistant field if non-nil, zero value otherwise.
+
+### GetPhishingResistantOk
+
+`func (o *PossessionConstraintAllOf) GetPhishingResistantOk() (*string, bool)`
+
+GetPhishingResistantOk returns a tuple with the PhishingResistant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPhishingResistant
+
+`func (o *PossessionConstraintAllOf) SetPhishingResistant(v string)`
+
+SetPhishingResistant sets PhishingResistant field to given value.
+
+### HasPhishingResistant
+
+`func (o *PossessionConstraintAllOf) HasPhishingResistant() bool`
+
+HasPhishingResistant returns a boolean if a field has been set.
+
+### GetUserPresence
+
+`func (o *PossessionConstraintAllOf) GetUserPresence() string`
+
+GetUserPresence returns the UserPresence field if non-nil, zero value otherwise.
+
+### GetUserPresenceOk
+
+`func (o *PossessionConstraintAllOf) GetUserPresenceOk() (*string, bool)`
+
+GetUserPresenceOk returns a tuple with the UserPresence field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserPresence
+
+`func (o *PossessionConstraintAllOf) SetUserPresence(v string)`
+
+SetUserPresence sets UserPresence field to given value.
+
+### HasUserPresence
+
+`func (o *PossessionConstraintAllOf) HasUserPresence() bool`
+
+HasUserPresence returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PreRegistrationInlineHook.md b/okta/docs/PreRegistrationInlineHook.md
new file mode 100644
index 000000000..bceb75fe2
--- /dev/null
+++ b/okta/docs/PreRegistrationInlineHook.md
@@ -0,0 +1,56 @@
+# PreRegistrationInlineHook
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**InlineHookId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPreRegistrationInlineHook
+
+`func NewPreRegistrationInlineHook() *PreRegistrationInlineHook`
+
+NewPreRegistrationInlineHook instantiates a new PreRegistrationInlineHook object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPreRegistrationInlineHookWithDefaults
+
+`func NewPreRegistrationInlineHookWithDefaults() *PreRegistrationInlineHook`
+
+NewPreRegistrationInlineHookWithDefaults instantiates a new PreRegistrationInlineHook object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetInlineHookId
+
+`func (o *PreRegistrationInlineHook) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *PreRegistrationInlineHook) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *PreRegistrationInlineHook) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *PreRegistrationInlineHook) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PrincipalRateLimitApi.md b/okta/docs/PrincipalRateLimitApi.md
new file mode 100644
index 000000000..67e6dd703
--- /dev/null
+++ b/okta/docs/PrincipalRateLimitApi.md
@@ -0,0 +1,290 @@
+# \PrincipalRateLimitApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreatePrincipalRateLimitEntity**](PrincipalRateLimitApi.md#CreatePrincipalRateLimitEntity) | **Post** /api/v1/principal-rate-limits | Create a Principal Rate Limit
+[**GetPrincipalRateLimitEntity**](PrincipalRateLimitApi.md#GetPrincipalRateLimitEntity) | **Get** /api/v1/principal-rate-limits/{principalRateLimitId} | Retrieve a Principal Rate Limit
+[**ListPrincipalRateLimitEntities**](PrincipalRateLimitApi.md#ListPrincipalRateLimitEntities) | **Get** /api/v1/principal-rate-limits | List all Principal Rate Limits
+[**ReplacePrincipalRateLimitEntity**](PrincipalRateLimitApi.md#ReplacePrincipalRateLimitEntity) | **Put** /api/v1/principal-rate-limits/{principalRateLimitId} | Replace a Principal Rate Limit
+
+
+
+## CreatePrincipalRateLimitEntity
+
+> PrincipalRateLimitEntity CreatePrincipalRateLimitEntity(ctx).Entity(entity).Execute()
+
+Create a Principal Rate Limit
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    entity := *openapiclient.NewPrincipalRateLimitEntity("PrincipalId_example", openapiclient.PrincipalType("SSWS_TOKEN")) // PrincipalRateLimitEntity | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PrincipalRateLimitApi.CreatePrincipalRateLimitEntity(context.Background()).Entity(entity).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PrincipalRateLimitApi.CreatePrincipalRateLimitEntity``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreatePrincipalRateLimitEntity`: PrincipalRateLimitEntity
+    fmt.Fprintf(os.Stdout, "Response from `PrincipalRateLimitApi.CreatePrincipalRateLimitEntity`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreatePrincipalRateLimitEntityRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **entity** | [**PrincipalRateLimitEntity**](PrincipalRateLimitEntity.md) |  | 
+
+### Return type
+
+[**PrincipalRateLimitEntity**](PrincipalRateLimitEntity.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetPrincipalRateLimitEntity
+
+> PrincipalRateLimitEntity GetPrincipalRateLimitEntity(ctx, principalRateLimitId).Execute()
+
+Retrieve a Principal Rate Limit
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    principalRateLimitId := "abcd1234" // string | id of the Principal Rate Limit
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PrincipalRateLimitApi.GetPrincipalRateLimitEntity(context.Background(), principalRateLimitId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PrincipalRateLimitApi.GetPrincipalRateLimitEntity``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetPrincipalRateLimitEntity`: PrincipalRateLimitEntity
+    fmt.Fprintf(os.Stdout, "Response from `PrincipalRateLimitApi.GetPrincipalRateLimitEntity`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**principalRateLimitId** | **string** | id of the Principal Rate Limit | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetPrincipalRateLimitEntityRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**PrincipalRateLimitEntity**](PrincipalRateLimitEntity.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListPrincipalRateLimitEntities
+
+> []PrincipalRateLimitEntity ListPrincipalRateLimitEntities(ctx).Filter(filter).After(after).Limit(limit).Execute()
+
+List all Principal Rate Limits
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    filter := "filter_example" // string |  (optional)
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PrincipalRateLimitApi.ListPrincipalRateLimitEntities(context.Background()).Filter(filter).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PrincipalRateLimitApi.ListPrincipalRateLimitEntities``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListPrincipalRateLimitEntities`: []PrincipalRateLimitEntity
+    fmt.Fprintf(os.Stdout, "Response from `PrincipalRateLimitApi.ListPrincipalRateLimitEntities`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListPrincipalRateLimitEntitiesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **filter** | **string** |  | 
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]PrincipalRateLimitEntity**](PrincipalRateLimitEntity.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplacePrincipalRateLimitEntity
+
+> PrincipalRateLimitEntity ReplacePrincipalRateLimitEntity(ctx, principalRateLimitId).Entity(entity).Execute()
+
+Replace a Principal Rate Limit
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    principalRateLimitId := "abcd1234" // string | id of the Principal Rate Limit
+    entity := *openapiclient.NewPrincipalRateLimitEntity("PrincipalId_example", openapiclient.PrincipalType("SSWS_TOKEN")) // PrincipalRateLimitEntity | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PrincipalRateLimitApi.ReplacePrincipalRateLimitEntity(context.Background(), principalRateLimitId).Entity(entity).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PrincipalRateLimitApi.ReplacePrincipalRateLimitEntity``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplacePrincipalRateLimitEntity`: PrincipalRateLimitEntity
+    fmt.Fprintf(os.Stdout, "Response from `PrincipalRateLimitApi.ReplacePrincipalRateLimitEntity`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**principalRateLimitId** | **string** | id of the Principal Rate Limit | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplacePrincipalRateLimitEntityRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **entity** | [**PrincipalRateLimitEntity**](PrincipalRateLimitEntity.md) |  | 
+
+### Return type
+
+[**PrincipalRateLimitEntity**](PrincipalRateLimitEntity.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/PrincipalRateLimitEntity.md b/okta/docs/PrincipalRateLimitEntity.md
new file mode 100644
index 000000000..81c4d7b0c
--- /dev/null
+++ b/okta/docs/PrincipalRateLimitEntity.md
@@ -0,0 +1,280 @@
+# PrincipalRateLimitEntity
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CreatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**CreatedDate** | Pointer to **time.Time** |  | [optional] [readonly] 
+**DefaultConcurrencyPercentage** | Pointer to **int32** |  | [optional] [readonly] 
+**DefaultPercentage** | Pointer to **int32** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdate** | Pointer to **time.Time** |  | [optional] [readonly] 
+**LastUpdatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**OrgId** | Pointer to **string** |  | [optional] [readonly] 
+**PrincipalId** | **string** |  | 
+**PrincipalType** | [**PrincipalType**](PrincipalType.md) |  | 
+
+## Methods
+
+### NewPrincipalRateLimitEntity
+
+`func NewPrincipalRateLimitEntity(principalId string, principalType PrincipalType, ) *PrincipalRateLimitEntity`
+
+NewPrincipalRateLimitEntity instantiates a new PrincipalRateLimitEntity object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPrincipalRateLimitEntityWithDefaults
+
+`func NewPrincipalRateLimitEntityWithDefaults() *PrincipalRateLimitEntity`
+
+NewPrincipalRateLimitEntityWithDefaults instantiates a new PrincipalRateLimitEntity object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreatedBy
+
+`func (o *PrincipalRateLimitEntity) GetCreatedBy() string`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *PrincipalRateLimitEntity) GetCreatedByOk() (*string, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *PrincipalRateLimitEntity) SetCreatedBy(v string)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *PrincipalRateLimitEntity) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetCreatedDate
+
+`func (o *PrincipalRateLimitEntity) GetCreatedDate() time.Time`
+
+GetCreatedDate returns the CreatedDate field if non-nil, zero value otherwise.
+
+### GetCreatedDateOk
+
+`func (o *PrincipalRateLimitEntity) GetCreatedDateOk() (*time.Time, bool)`
+
+GetCreatedDateOk returns a tuple with the CreatedDate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedDate
+
+`func (o *PrincipalRateLimitEntity) SetCreatedDate(v time.Time)`
+
+SetCreatedDate sets CreatedDate field to given value.
+
+### HasCreatedDate
+
+`func (o *PrincipalRateLimitEntity) HasCreatedDate() bool`
+
+HasCreatedDate returns a boolean if a field has been set.
+
+### GetDefaultConcurrencyPercentage
+
+`func (o *PrincipalRateLimitEntity) GetDefaultConcurrencyPercentage() int32`
+
+GetDefaultConcurrencyPercentage returns the DefaultConcurrencyPercentage field if non-nil, zero value otherwise.
+
+### GetDefaultConcurrencyPercentageOk
+
+`func (o *PrincipalRateLimitEntity) GetDefaultConcurrencyPercentageOk() (*int32, bool)`
+
+GetDefaultConcurrencyPercentageOk returns a tuple with the DefaultConcurrencyPercentage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultConcurrencyPercentage
+
+`func (o *PrincipalRateLimitEntity) SetDefaultConcurrencyPercentage(v int32)`
+
+SetDefaultConcurrencyPercentage sets DefaultConcurrencyPercentage field to given value.
+
+### HasDefaultConcurrencyPercentage
+
+`func (o *PrincipalRateLimitEntity) HasDefaultConcurrencyPercentage() bool`
+
+HasDefaultConcurrencyPercentage returns a boolean if a field has been set.
+
+### GetDefaultPercentage
+
+`func (o *PrincipalRateLimitEntity) GetDefaultPercentage() int32`
+
+GetDefaultPercentage returns the DefaultPercentage field if non-nil, zero value otherwise.
+
+### GetDefaultPercentageOk
+
+`func (o *PrincipalRateLimitEntity) GetDefaultPercentageOk() (*int32, bool)`
+
+GetDefaultPercentageOk returns a tuple with the DefaultPercentage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultPercentage
+
+`func (o *PrincipalRateLimitEntity) SetDefaultPercentage(v int32)`
+
+SetDefaultPercentage sets DefaultPercentage field to given value.
+
+### HasDefaultPercentage
+
+`func (o *PrincipalRateLimitEntity) HasDefaultPercentage() bool`
+
+HasDefaultPercentage returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *PrincipalRateLimitEntity) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *PrincipalRateLimitEntity) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *PrincipalRateLimitEntity) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *PrincipalRateLimitEntity) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdate
+
+`func (o *PrincipalRateLimitEntity) GetLastUpdate() time.Time`
+
+GetLastUpdate returns the LastUpdate field if non-nil, zero value otherwise.
+
+### GetLastUpdateOk
+
+`func (o *PrincipalRateLimitEntity) GetLastUpdateOk() (*time.Time, bool)`
+
+GetLastUpdateOk returns a tuple with the LastUpdate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdate
+
+`func (o *PrincipalRateLimitEntity) SetLastUpdate(v time.Time)`
+
+SetLastUpdate sets LastUpdate field to given value.
+
+### HasLastUpdate
+
+`func (o *PrincipalRateLimitEntity) HasLastUpdate() bool`
+
+HasLastUpdate returns a boolean if a field has been set.
+
+### GetLastUpdatedBy
+
+`func (o *PrincipalRateLimitEntity) GetLastUpdatedBy() string`
+
+GetLastUpdatedBy returns the LastUpdatedBy field if non-nil, zero value otherwise.
+
+### GetLastUpdatedByOk
+
+`func (o *PrincipalRateLimitEntity) GetLastUpdatedByOk() (*string, bool)`
+
+GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedBy
+
+`func (o *PrincipalRateLimitEntity) SetLastUpdatedBy(v string)`
+
+SetLastUpdatedBy sets LastUpdatedBy field to given value.
+
+### HasLastUpdatedBy
+
+`func (o *PrincipalRateLimitEntity) HasLastUpdatedBy() bool`
+
+HasLastUpdatedBy returns a boolean if a field has been set.
+
+### GetOrgId
+
+`func (o *PrincipalRateLimitEntity) GetOrgId() string`
+
+GetOrgId returns the OrgId field if non-nil, zero value otherwise.
+
+### GetOrgIdOk
+
+`func (o *PrincipalRateLimitEntity) GetOrgIdOk() (*string, bool)`
+
+GetOrgIdOk returns a tuple with the OrgId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOrgId
+
+`func (o *PrincipalRateLimitEntity) SetOrgId(v string)`
+
+SetOrgId sets OrgId field to given value.
+
+### HasOrgId
+
+`func (o *PrincipalRateLimitEntity) HasOrgId() bool`
+
+HasOrgId returns a boolean if a field has been set.
+
+### GetPrincipalId
+
+`func (o *PrincipalRateLimitEntity) GetPrincipalId() string`
+
+GetPrincipalId returns the PrincipalId field if non-nil, zero value otherwise.
+
+### GetPrincipalIdOk
+
+`func (o *PrincipalRateLimitEntity) GetPrincipalIdOk() (*string, bool)`
+
+GetPrincipalIdOk returns a tuple with the PrincipalId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrincipalId
+
+`func (o *PrincipalRateLimitEntity) SetPrincipalId(v string)`
+
+SetPrincipalId sets PrincipalId field to given value.
+
+
+### GetPrincipalType
+
+`func (o *PrincipalRateLimitEntity) GetPrincipalType() PrincipalType`
+
+GetPrincipalType returns the PrincipalType field if non-nil, zero value otherwise.
+
+### GetPrincipalTypeOk
+
+`func (o *PrincipalRateLimitEntity) GetPrincipalTypeOk() (*PrincipalType, bool)`
+
+GetPrincipalTypeOk returns a tuple with the PrincipalType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrincipalType
+
+`func (o *PrincipalRateLimitEntity) SetPrincipalType(v PrincipalType)`
+
+SetPrincipalType sets PrincipalType field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PrincipalType.md b/okta/docs/PrincipalType.md
new file mode 100644
index 000000000..b069c4bb4
--- /dev/null
+++ b/okta/docs/PrincipalType.md
@@ -0,0 +1,11 @@
+# PrincipalType
+
+## Enum
+
+
+* `SSWS_TOKEN` (value: `"SSWS_TOKEN"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicy.md b/okta/docs/ProfileEnrollmentPolicy.md
new file mode 100644
index 000000000..076f0c5e7
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicy.md
@@ -0,0 +1,56 @@
+# ProfileEnrollmentPolicy
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicy
+
+`func NewProfileEnrollmentPolicy() *ProfileEnrollmentPolicy`
+
+NewProfileEnrollmentPolicy instantiates a new ProfileEnrollmentPolicy object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyWithDefaults
+
+`func NewProfileEnrollmentPolicyWithDefaults() *ProfileEnrollmentPolicy`
+
+NewProfileEnrollmentPolicyWithDefaults instantiates a new ProfileEnrollmentPolicy object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConditions
+
+`func (o *ProfileEnrollmentPolicy) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *ProfileEnrollmentPolicy) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *ProfileEnrollmentPolicy) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *ProfileEnrollmentPolicy) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicyRule.md b/okta/docs/ProfileEnrollmentPolicyRule.md
new file mode 100644
index 000000000..3932ebb38
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicyRule.md
@@ -0,0 +1,82 @@
+# ProfileEnrollmentPolicyRule
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**ProfileEnrollmentPolicyRuleActions**](ProfileEnrollmentPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicyRule
+
+`func NewProfileEnrollmentPolicyRule() *ProfileEnrollmentPolicyRule`
+
+NewProfileEnrollmentPolicyRule instantiates a new ProfileEnrollmentPolicyRule object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyRuleWithDefaults
+
+`func NewProfileEnrollmentPolicyRuleWithDefaults() *ProfileEnrollmentPolicyRule`
+
+NewProfileEnrollmentPolicyRuleWithDefaults instantiates a new ProfileEnrollmentPolicyRule object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *ProfileEnrollmentPolicyRule) GetActions() ProfileEnrollmentPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *ProfileEnrollmentPolicyRule) GetActionsOk() (*ProfileEnrollmentPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *ProfileEnrollmentPolicyRule) SetActions(v ProfileEnrollmentPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *ProfileEnrollmentPolicyRule) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *ProfileEnrollmentPolicyRule) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *ProfileEnrollmentPolicyRule) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *ProfileEnrollmentPolicyRule) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *ProfileEnrollmentPolicyRule) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicyRuleAction.md b/okta/docs/ProfileEnrollmentPolicyRuleAction.md
new file mode 100644
index 000000000..eabcbffc4
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicyRuleAction.md
@@ -0,0 +1,186 @@
+# ProfileEnrollmentPolicyRuleAction
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Access** | Pointer to **string** |  | [optional] 
+**ActivationRequirements** | Pointer to [**ProfileEnrollmentPolicyRuleActivationRequirement**](ProfileEnrollmentPolicyRuleActivationRequirement.md) |  | [optional] 
+**PreRegistrationInlineHooks** | Pointer to [**[]PreRegistrationInlineHook**](PreRegistrationInlineHook.md) |  | [optional] 
+**ProfileAttributes** | Pointer to [**[]ProfileEnrollmentPolicyRuleProfileAttribute**](ProfileEnrollmentPolicyRuleProfileAttribute.md) |  | [optional] 
+**TargetGroupIds** | Pointer to **[]string** |  | [optional] 
+**UnknownUserAction** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicyRuleAction
+
+`func NewProfileEnrollmentPolicyRuleAction() *ProfileEnrollmentPolicyRuleAction`
+
+NewProfileEnrollmentPolicyRuleAction instantiates a new ProfileEnrollmentPolicyRuleAction object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyRuleActionWithDefaults
+
+`func NewProfileEnrollmentPolicyRuleActionWithDefaults() *ProfileEnrollmentPolicyRuleAction`
+
+NewProfileEnrollmentPolicyRuleActionWithDefaults instantiates a new ProfileEnrollmentPolicyRuleAction object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccess
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetAccess() string`
+
+GetAccess returns the Access field if non-nil, zero value otherwise.
+
+### GetAccessOk
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetAccessOk() (*string, bool)`
+
+GetAccessOk returns a tuple with the Access field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccess
+
+`func (o *ProfileEnrollmentPolicyRuleAction) SetAccess(v string)`
+
+SetAccess sets Access field to given value.
+
+### HasAccess
+
+`func (o *ProfileEnrollmentPolicyRuleAction) HasAccess() bool`
+
+HasAccess returns a boolean if a field has been set.
+
+### GetActivationRequirements
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetActivationRequirements() ProfileEnrollmentPolicyRuleActivationRequirement`
+
+GetActivationRequirements returns the ActivationRequirements field if non-nil, zero value otherwise.
+
+### GetActivationRequirementsOk
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetActivationRequirementsOk() (*ProfileEnrollmentPolicyRuleActivationRequirement, bool)`
+
+GetActivationRequirementsOk returns a tuple with the ActivationRequirements field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivationRequirements
+
+`func (o *ProfileEnrollmentPolicyRuleAction) SetActivationRequirements(v ProfileEnrollmentPolicyRuleActivationRequirement)`
+
+SetActivationRequirements sets ActivationRequirements field to given value.
+
+### HasActivationRequirements
+
+`func (o *ProfileEnrollmentPolicyRuleAction) HasActivationRequirements() bool`
+
+HasActivationRequirements returns a boolean if a field has been set.
+
+### GetPreRegistrationInlineHooks
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetPreRegistrationInlineHooks() []PreRegistrationInlineHook`
+
+GetPreRegistrationInlineHooks returns the PreRegistrationInlineHooks field if non-nil, zero value otherwise.
+
+### GetPreRegistrationInlineHooksOk
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetPreRegistrationInlineHooksOk() (*[]PreRegistrationInlineHook, bool)`
+
+GetPreRegistrationInlineHooksOk returns a tuple with the PreRegistrationInlineHooks field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreRegistrationInlineHooks
+
+`func (o *ProfileEnrollmentPolicyRuleAction) SetPreRegistrationInlineHooks(v []PreRegistrationInlineHook)`
+
+SetPreRegistrationInlineHooks sets PreRegistrationInlineHooks field to given value.
+
+### HasPreRegistrationInlineHooks
+
+`func (o *ProfileEnrollmentPolicyRuleAction) HasPreRegistrationInlineHooks() bool`
+
+HasPreRegistrationInlineHooks returns a boolean if a field has been set.
+
+### GetProfileAttributes
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetProfileAttributes() []ProfileEnrollmentPolicyRuleProfileAttribute`
+
+GetProfileAttributes returns the ProfileAttributes field if non-nil, zero value otherwise.
+
+### GetProfileAttributesOk
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetProfileAttributesOk() (*[]ProfileEnrollmentPolicyRuleProfileAttribute, bool)`
+
+GetProfileAttributesOk returns a tuple with the ProfileAttributes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfileAttributes
+
+`func (o *ProfileEnrollmentPolicyRuleAction) SetProfileAttributes(v []ProfileEnrollmentPolicyRuleProfileAttribute)`
+
+SetProfileAttributes sets ProfileAttributes field to given value.
+
+### HasProfileAttributes
+
+`func (o *ProfileEnrollmentPolicyRuleAction) HasProfileAttributes() bool`
+
+HasProfileAttributes returns a boolean if a field has been set.
+
+### GetTargetGroupIds
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetTargetGroupIds() []string`
+
+GetTargetGroupIds returns the TargetGroupIds field if non-nil, zero value otherwise.
+
+### GetTargetGroupIdsOk
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetTargetGroupIdsOk() (*[]string, bool)`
+
+GetTargetGroupIdsOk returns a tuple with the TargetGroupIds field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTargetGroupIds
+
+`func (o *ProfileEnrollmentPolicyRuleAction) SetTargetGroupIds(v []string)`
+
+SetTargetGroupIds sets TargetGroupIds field to given value.
+
+### HasTargetGroupIds
+
+`func (o *ProfileEnrollmentPolicyRuleAction) HasTargetGroupIds() bool`
+
+HasTargetGroupIds returns a boolean if a field has been set.
+
+### GetUnknownUserAction
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetUnknownUserAction() string`
+
+GetUnknownUserAction returns the UnknownUserAction field if non-nil, zero value otherwise.
+
+### GetUnknownUserActionOk
+
+`func (o *ProfileEnrollmentPolicyRuleAction) GetUnknownUserActionOk() (*string, bool)`
+
+GetUnknownUserActionOk returns a tuple with the UnknownUserAction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnknownUserAction
+
+`func (o *ProfileEnrollmentPolicyRuleAction) SetUnknownUserAction(v string)`
+
+SetUnknownUserAction sets UnknownUserAction field to given value.
+
+### HasUnknownUserAction
+
+`func (o *ProfileEnrollmentPolicyRuleAction) HasUnknownUserAction() bool`
+
+HasUnknownUserAction returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicyRuleActions.md b/okta/docs/ProfileEnrollmentPolicyRuleActions.md
new file mode 100644
index 000000000..45d17c721
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicyRuleActions.md
@@ -0,0 +1,212 @@
+# ProfileEnrollmentPolicyRuleActions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enroll** | Pointer to [**PolicyRuleActionsEnroll**](PolicyRuleActionsEnroll.md) |  | [optional] 
+**Idp** | Pointer to [**IdpPolicyRuleAction**](IdpPolicyRuleAction.md) |  | [optional] 
+**PasswordChange** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServicePasswordReset** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**SelfServiceUnlock** | Pointer to [**PasswordPolicyRuleAction**](PasswordPolicyRuleAction.md) |  | [optional] 
+**Signon** | Pointer to [**OktaSignOnPolicyRuleSignonActions**](OktaSignOnPolicyRuleSignonActions.md) |  | [optional] 
+**ProfileEnrollment** | Pointer to [**ProfileEnrollmentPolicyRuleAction**](ProfileEnrollmentPolicyRuleAction.md) |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicyRuleActions
+
+`func NewProfileEnrollmentPolicyRuleActions() *ProfileEnrollmentPolicyRuleActions`
+
+NewProfileEnrollmentPolicyRuleActions instantiates a new ProfileEnrollmentPolicyRuleActions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyRuleActionsWithDefaults
+
+`func NewProfileEnrollmentPolicyRuleActionsWithDefaults() *ProfileEnrollmentPolicyRuleActions`
+
+NewProfileEnrollmentPolicyRuleActionsWithDefaults instantiates a new ProfileEnrollmentPolicyRuleActions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnroll
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll`
+
+GetEnroll returns the Enroll field if non-nil, zero value otherwise.
+
+### GetEnrollOk
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool)`
+
+GetEnrollOk returns a tuple with the Enroll field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnroll
+
+`func (o *ProfileEnrollmentPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll)`
+
+SetEnroll sets Enroll field to given value.
+
+### HasEnroll
+
+`func (o *ProfileEnrollmentPolicyRuleActions) HasEnroll() bool`
+
+HasEnroll returns a boolean if a field has been set.
+
+### GetIdp
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetIdp() IdpPolicyRuleAction`
+
+GetIdp returns the Idp field if non-nil, zero value otherwise.
+
+### GetIdpOk
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool)`
+
+GetIdpOk returns a tuple with the Idp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdp
+
+`func (o *ProfileEnrollmentPolicyRuleActions) SetIdp(v IdpPolicyRuleAction)`
+
+SetIdp sets Idp field to given value.
+
+### HasIdp
+
+`func (o *ProfileEnrollmentPolicyRuleActions) HasIdp() bool`
+
+HasIdp returns a boolean if a field has been set.
+
+### GetPasswordChange
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction`
+
+GetPasswordChange returns the PasswordChange field if non-nil, zero value otherwise.
+
+### GetPasswordChangeOk
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool)`
+
+GetPasswordChangeOk returns a tuple with the PasswordChange field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChange
+
+`func (o *ProfileEnrollmentPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction)`
+
+SetPasswordChange sets PasswordChange field to given value.
+
+### HasPasswordChange
+
+`func (o *ProfileEnrollmentPolicyRuleActions) HasPasswordChange() bool`
+
+HasPasswordChange returns a boolean if a field has been set.
+
+### GetSelfServicePasswordReset
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction`
+
+GetSelfServicePasswordReset returns the SelfServicePasswordReset field if non-nil, zero value otherwise.
+
+### GetSelfServicePasswordResetOk
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServicePasswordReset
+
+`func (o *ProfileEnrollmentPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction)`
+
+SetSelfServicePasswordReset sets SelfServicePasswordReset field to given value.
+
+### HasSelfServicePasswordReset
+
+`func (o *ProfileEnrollmentPolicyRuleActions) HasSelfServicePasswordReset() bool`
+
+HasSelfServicePasswordReset returns a boolean if a field has been set.
+
+### GetSelfServiceUnlock
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction`
+
+GetSelfServiceUnlock returns the SelfServiceUnlock field if non-nil, zero value otherwise.
+
+### GetSelfServiceUnlockOk
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool)`
+
+GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelfServiceUnlock
+
+`func (o *ProfileEnrollmentPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction)`
+
+SetSelfServiceUnlock sets SelfServiceUnlock field to given value.
+
+### HasSelfServiceUnlock
+
+`func (o *ProfileEnrollmentPolicyRuleActions) HasSelfServiceUnlock() bool`
+
+HasSelfServiceUnlock returns a boolean if a field has been set.
+
+### GetSignon
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions`
+
+GetSignon returns the Signon field if non-nil, zero value otherwise.
+
+### GetSignonOk
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool)`
+
+GetSignonOk returns a tuple with the Signon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignon
+
+`func (o *ProfileEnrollmentPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions)`
+
+SetSignon sets Signon field to given value.
+
+### HasSignon
+
+`func (o *ProfileEnrollmentPolicyRuleActions) HasSignon() bool`
+
+HasSignon returns a boolean if a field has been set.
+
+### GetProfileEnrollment
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetProfileEnrollment() ProfileEnrollmentPolicyRuleAction`
+
+GetProfileEnrollment returns the ProfileEnrollment field if non-nil, zero value otherwise.
+
+### GetProfileEnrollmentOk
+
+`func (o *ProfileEnrollmentPolicyRuleActions) GetProfileEnrollmentOk() (*ProfileEnrollmentPolicyRuleAction, bool)`
+
+GetProfileEnrollmentOk returns a tuple with the ProfileEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfileEnrollment
+
+`func (o *ProfileEnrollmentPolicyRuleActions) SetProfileEnrollment(v ProfileEnrollmentPolicyRuleAction)`
+
+SetProfileEnrollment sets ProfileEnrollment field to given value.
+
+### HasProfileEnrollment
+
+`func (o *ProfileEnrollmentPolicyRuleActions) HasProfileEnrollment() bool`
+
+HasProfileEnrollment returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicyRuleActionsAllOf.md b/okta/docs/ProfileEnrollmentPolicyRuleActionsAllOf.md
new file mode 100644
index 000000000..80b03bfc4
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicyRuleActionsAllOf.md
@@ -0,0 +1,56 @@
+# ProfileEnrollmentPolicyRuleActionsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ProfileEnrollment** | Pointer to [**ProfileEnrollmentPolicyRuleAction**](ProfileEnrollmentPolicyRuleAction.md) |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicyRuleActionsAllOf
+
+`func NewProfileEnrollmentPolicyRuleActionsAllOf() *ProfileEnrollmentPolicyRuleActionsAllOf`
+
+NewProfileEnrollmentPolicyRuleActionsAllOf instantiates a new ProfileEnrollmentPolicyRuleActionsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyRuleActionsAllOfWithDefaults
+
+`func NewProfileEnrollmentPolicyRuleActionsAllOfWithDefaults() *ProfileEnrollmentPolicyRuleActionsAllOf`
+
+NewProfileEnrollmentPolicyRuleActionsAllOfWithDefaults instantiates a new ProfileEnrollmentPolicyRuleActionsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfileEnrollment
+
+`func (o *ProfileEnrollmentPolicyRuleActionsAllOf) GetProfileEnrollment() ProfileEnrollmentPolicyRuleAction`
+
+GetProfileEnrollment returns the ProfileEnrollment field if non-nil, zero value otherwise.
+
+### GetProfileEnrollmentOk
+
+`func (o *ProfileEnrollmentPolicyRuleActionsAllOf) GetProfileEnrollmentOk() (*ProfileEnrollmentPolicyRuleAction, bool)`
+
+GetProfileEnrollmentOk returns a tuple with the ProfileEnrollment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfileEnrollment
+
+`func (o *ProfileEnrollmentPolicyRuleActionsAllOf) SetProfileEnrollment(v ProfileEnrollmentPolicyRuleAction)`
+
+SetProfileEnrollment sets ProfileEnrollment field to given value.
+
+### HasProfileEnrollment
+
+`func (o *ProfileEnrollmentPolicyRuleActionsAllOf) HasProfileEnrollment() bool`
+
+HasProfileEnrollment returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicyRuleActivationRequirement.md b/okta/docs/ProfileEnrollmentPolicyRuleActivationRequirement.md
new file mode 100644
index 000000000..61c9f79d5
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicyRuleActivationRequirement.md
@@ -0,0 +1,56 @@
+# ProfileEnrollmentPolicyRuleActivationRequirement
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**EmailVerification** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicyRuleActivationRequirement
+
+`func NewProfileEnrollmentPolicyRuleActivationRequirement() *ProfileEnrollmentPolicyRuleActivationRequirement`
+
+NewProfileEnrollmentPolicyRuleActivationRequirement instantiates a new ProfileEnrollmentPolicyRuleActivationRequirement object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyRuleActivationRequirementWithDefaults
+
+`func NewProfileEnrollmentPolicyRuleActivationRequirementWithDefaults() *ProfileEnrollmentPolicyRuleActivationRequirement`
+
+NewProfileEnrollmentPolicyRuleActivationRequirementWithDefaults instantiates a new ProfileEnrollmentPolicyRuleActivationRequirement object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEmailVerification
+
+`func (o *ProfileEnrollmentPolicyRuleActivationRequirement) GetEmailVerification() bool`
+
+GetEmailVerification returns the EmailVerification field if non-nil, zero value otherwise.
+
+### GetEmailVerificationOk
+
+`func (o *ProfileEnrollmentPolicyRuleActivationRequirement) GetEmailVerificationOk() (*bool, bool)`
+
+GetEmailVerificationOk returns a tuple with the EmailVerification field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmailVerification
+
+`func (o *ProfileEnrollmentPolicyRuleActivationRequirement) SetEmailVerification(v bool)`
+
+SetEmailVerification sets EmailVerification field to given value.
+
+### HasEmailVerification
+
+`func (o *ProfileEnrollmentPolicyRuleActivationRequirement) HasEmailVerification() bool`
+
+HasEmailVerification returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicyRuleAllOf.md b/okta/docs/ProfileEnrollmentPolicyRuleAllOf.md
new file mode 100644
index 000000000..1be4ca366
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicyRuleAllOf.md
@@ -0,0 +1,82 @@
+# ProfileEnrollmentPolicyRuleAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Actions** | Pointer to [**ProfileEnrollmentPolicyRuleActions**](ProfileEnrollmentPolicyRuleActions.md) |  | [optional] 
+**Conditions** | Pointer to [**PolicyRuleConditions**](PolicyRuleConditions.md) |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicyRuleAllOf
+
+`func NewProfileEnrollmentPolicyRuleAllOf() *ProfileEnrollmentPolicyRuleAllOf`
+
+NewProfileEnrollmentPolicyRuleAllOf instantiates a new ProfileEnrollmentPolicyRuleAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyRuleAllOfWithDefaults
+
+`func NewProfileEnrollmentPolicyRuleAllOfWithDefaults() *ProfileEnrollmentPolicyRuleAllOf`
+
+NewProfileEnrollmentPolicyRuleAllOfWithDefaults instantiates a new ProfileEnrollmentPolicyRuleAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActions
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) GetActions() ProfileEnrollmentPolicyRuleActions`
+
+GetActions returns the Actions field if non-nil, zero value otherwise.
+
+### GetActionsOk
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) GetActionsOk() (*ProfileEnrollmentPolicyRuleActions, bool)`
+
+GetActionsOk returns a tuple with the Actions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActions
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) SetActions(v ProfileEnrollmentPolicyRuleActions)`
+
+SetActions sets Actions field to given value.
+
+### HasActions
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) HasActions() bool`
+
+HasActions returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) GetConditions() PolicyRuleConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) GetConditionsOk() (*PolicyRuleConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) SetConditions(v PolicyRuleConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *ProfileEnrollmentPolicyRuleAllOf) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileEnrollmentPolicyRuleProfileAttribute.md b/okta/docs/ProfileEnrollmentPolicyRuleProfileAttribute.md
new file mode 100644
index 000000000..028a02b73
--- /dev/null
+++ b/okta/docs/ProfileEnrollmentPolicyRuleProfileAttribute.md
@@ -0,0 +1,108 @@
+# ProfileEnrollmentPolicyRuleProfileAttribute
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Label** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Required** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewProfileEnrollmentPolicyRuleProfileAttribute
+
+`func NewProfileEnrollmentPolicyRuleProfileAttribute() *ProfileEnrollmentPolicyRuleProfileAttribute`
+
+NewProfileEnrollmentPolicyRuleProfileAttribute instantiates a new ProfileEnrollmentPolicyRuleProfileAttribute object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileEnrollmentPolicyRuleProfileAttributeWithDefaults
+
+`func NewProfileEnrollmentPolicyRuleProfileAttributeWithDefaults() *ProfileEnrollmentPolicyRuleProfileAttribute`
+
+NewProfileEnrollmentPolicyRuleProfileAttributeWithDefaults instantiates a new ProfileEnrollmentPolicyRuleProfileAttribute object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLabel
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetRequired() bool`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetRequiredOk() (*bool, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) SetRequired(v bool)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *ProfileEnrollmentPolicyRuleProfileAttribute) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileMapping.md b/okta/docs/ProfileMapping.md
new file mode 100644
index 000000000..ccc393565
--- /dev/null
+++ b/okta/docs/ProfileMapping.md
@@ -0,0 +1,160 @@
+# ProfileMapping
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Properties** | Pointer to [**map[string]ProfileMappingProperty**](ProfileMappingProperty.md) |  | [optional] [readonly] 
+**Source** | Pointer to [**ProfileMappingSource**](ProfileMappingSource.md) |  | [optional] 
+**Target** | Pointer to [**ProfileMappingSource**](ProfileMappingSource.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewProfileMapping
+
+`func NewProfileMapping() *ProfileMapping`
+
+NewProfileMapping instantiates a new ProfileMapping object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileMappingWithDefaults
+
+`func NewProfileMappingWithDefaults() *ProfileMapping`
+
+NewProfileMappingWithDefaults instantiates a new ProfileMapping object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *ProfileMapping) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ProfileMapping) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ProfileMapping) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ProfileMapping) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *ProfileMapping) GetProperties() map[string]ProfileMappingProperty`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *ProfileMapping) GetPropertiesOk() (*map[string]ProfileMappingProperty, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *ProfileMapping) SetProperties(v map[string]ProfileMappingProperty)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *ProfileMapping) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetSource
+
+`func (o *ProfileMapping) GetSource() ProfileMappingSource`
+
+GetSource returns the Source field if non-nil, zero value otherwise.
+
+### GetSourceOk
+
+`func (o *ProfileMapping) GetSourceOk() (*ProfileMappingSource, bool)`
+
+GetSourceOk returns a tuple with the Source field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSource
+
+`func (o *ProfileMapping) SetSource(v ProfileMappingSource)`
+
+SetSource sets Source field to given value.
+
+### HasSource
+
+`func (o *ProfileMapping) HasSource() bool`
+
+HasSource returns a boolean if a field has been set.
+
+### GetTarget
+
+`func (o *ProfileMapping) GetTarget() ProfileMappingSource`
+
+GetTarget returns the Target field if non-nil, zero value otherwise.
+
+### GetTargetOk
+
+`func (o *ProfileMapping) GetTargetOk() (*ProfileMappingSource, bool)`
+
+GetTargetOk returns a tuple with the Target field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTarget
+
+`func (o *ProfileMapping) SetTarget(v ProfileMappingSource)`
+
+SetTarget sets Target field to given value.
+
+### HasTarget
+
+`func (o *ProfileMapping) HasTarget() bool`
+
+HasTarget returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ProfileMapping) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ProfileMapping) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ProfileMapping) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ProfileMapping) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileMappingApi.md b/okta/docs/ProfileMappingApi.md
new file mode 100644
index 000000000..0f9197a3a
--- /dev/null
+++ b/okta/docs/ProfileMappingApi.md
@@ -0,0 +1,225 @@
+# \ProfileMappingApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetProfileMapping**](ProfileMappingApi.md#GetProfileMapping) | **Get** /api/v1/mappings/{mappingId} | Retrieve a Profile Mapping
+[**ListProfileMappings**](ProfileMappingApi.md#ListProfileMappings) | **Get** /api/v1/mappings | List all Profile Mappings
+[**UpdateProfileMapping**](ProfileMappingApi.md#UpdateProfileMapping) | **Post** /api/v1/mappings/{mappingId} | Update a Profile Mapping
+
+
+
+## GetProfileMapping
+
+> ProfileMapping GetProfileMapping(ctx, mappingId).Execute()
+
+Retrieve a Profile Mapping
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    mappingId := "mappingId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ProfileMappingApi.GetProfileMapping(context.Background(), mappingId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ProfileMappingApi.GetProfileMapping``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetProfileMapping`: ProfileMapping
+    fmt.Fprintf(os.Stdout, "Response from `ProfileMappingApi.GetProfileMapping`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**mappingId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetProfileMappingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ProfileMapping**](ProfileMapping.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListProfileMappings
+
+> []ProfileMapping ListProfileMappings(ctx).After(after).Limit(limit).SourceId(sourceId).TargetId(targetId).Execute()
+
+List all Profile Mappings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to -1)
+    sourceId := "sourceId_example" // string |  (optional)
+    targetId := "targetId_example" // string |  (optional) (default to "")
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ProfileMappingApi.ListProfileMappings(context.Background()).After(after).Limit(limit).SourceId(sourceId).TargetId(targetId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ProfileMappingApi.ListProfileMappings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListProfileMappings`: []ProfileMapping
+    fmt.Fprintf(os.Stdout, "Response from `ProfileMappingApi.ListProfileMappings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListProfileMappingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to -1]
+ **sourceId** | **string** |  | 
+ **targetId** | **string** |  | [default to &quot;&quot;]
+
+### Return type
+
+[**[]ProfileMapping**](ProfileMapping.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateProfileMapping
+
+> ProfileMapping UpdateProfileMapping(ctx, mappingId).ProfileMapping(profileMapping).Execute()
+
+Update a Profile Mapping
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    mappingId := "mappingId_example" // string | 
+    profileMapping := *openapiclient.NewProfileMapping() // ProfileMapping | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ProfileMappingApi.UpdateProfileMapping(context.Background(), mappingId).ProfileMapping(profileMapping).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ProfileMappingApi.UpdateProfileMapping``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateProfileMapping`: ProfileMapping
+    fmt.Fprintf(os.Stdout, "Response from `ProfileMappingApi.UpdateProfileMapping`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**mappingId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateProfileMappingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **profileMapping** | [**ProfileMapping**](ProfileMapping.md) |  | 
+
+### Return type
+
+[**ProfileMapping**](ProfileMapping.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/ProfileMappingProperty.md b/okta/docs/ProfileMappingProperty.md
new file mode 100644
index 000000000..2bd75287b
--- /dev/null
+++ b/okta/docs/ProfileMappingProperty.md
@@ -0,0 +1,82 @@
+# ProfileMappingProperty
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Expression** | Pointer to **string** |  | [optional] 
+**PushStatus** | Pointer to [**ProfileMappingPropertyPushStatus**](ProfileMappingPropertyPushStatus.md) |  | [optional] 
+
+## Methods
+
+### NewProfileMappingProperty
+
+`func NewProfileMappingProperty() *ProfileMappingProperty`
+
+NewProfileMappingProperty instantiates a new ProfileMappingProperty object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileMappingPropertyWithDefaults
+
+`func NewProfileMappingPropertyWithDefaults() *ProfileMappingProperty`
+
+NewProfileMappingPropertyWithDefaults instantiates a new ProfileMappingProperty object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpression
+
+`func (o *ProfileMappingProperty) GetExpression() string`
+
+GetExpression returns the Expression field if non-nil, zero value otherwise.
+
+### GetExpressionOk
+
+`func (o *ProfileMappingProperty) GetExpressionOk() (*string, bool)`
+
+GetExpressionOk returns a tuple with the Expression field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpression
+
+`func (o *ProfileMappingProperty) SetExpression(v string)`
+
+SetExpression sets Expression field to given value.
+
+### HasExpression
+
+`func (o *ProfileMappingProperty) HasExpression() bool`
+
+HasExpression returns a boolean if a field has been set.
+
+### GetPushStatus
+
+`func (o *ProfileMappingProperty) GetPushStatus() ProfileMappingPropertyPushStatus`
+
+GetPushStatus returns the PushStatus field if non-nil, zero value otherwise.
+
+### GetPushStatusOk
+
+`func (o *ProfileMappingProperty) GetPushStatusOk() (*ProfileMappingPropertyPushStatus, bool)`
+
+GetPushStatusOk returns a tuple with the PushStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPushStatus
+
+`func (o *ProfileMappingProperty) SetPushStatus(v ProfileMappingPropertyPushStatus)`
+
+SetPushStatus sets PushStatus field to given value.
+
+### HasPushStatus
+
+`func (o *ProfileMappingProperty) HasPushStatus() bool`
+
+HasPushStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileMappingPropertyPushStatus.md b/okta/docs/ProfileMappingPropertyPushStatus.md
new file mode 100644
index 000000000..9ae14de39
--- /dev/null
+++ b/okta/docs/ProfileMappingPropertyPushStatus.md
@@ -0,0 +1,13 @@
+# ProfileMappingPropertyPushStatus
+
+## Enum
+
+
+* `DONT_PUSH` (value: `"DONT_PUSH"`)
+
+* `PUSH` (value: `"PUSH"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileMappingSource.md b/okta/docs/ProfileMappingSource.md
new file mode 100644
index 000000000..00632b578
--- /dev/null
+++ b/okta/docs/ProfileMappingSource.md
@@ -0,0 +1,134 @@
+# ProfileMappingSource
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewProfileMappingSource
+
+`func NewProfileMappingSource() *ProfileMappingSource`
+
+NewProfileMappingSource instantiates a new ProfileMappingSource object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileMappingSourceWithDefaults
+
+`func NewProfileMappingSourceWithDefaults() *ProfileMappingSource`
+
+NewProfileMappingSourceWithDefaults instantiates a new ProfileMappingSource object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *ProfileMappingSource) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ProfileMappingSource) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ProfileMappingSource) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ProfileMappingSource) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *ProfileMappingSource) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *ProfileMappingSource) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *ProfileMappingSource) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *ProfileMappingSource) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ProfileMappingSource) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ProfileMappingSource) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ProfileMappingSource) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *ProfileMappingSource) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ProfileMappingSource) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ProfileMappingSource) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ProfileMappingSource) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ProfileMappingSource) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProfileSettingObject.md b/okta/docs/ProfileSettingObject.md
new file mode 100644
index 000000000..d4ad6fe90
--- /dev/null
+++ b/okta/docs/ProfileSettingObject.md
@@ -0,0 +1,56 @@
+# ProfileSettingObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Status** | Pointer to [**EnabledStatus**](EnabledStatus.md) |  | [optional] 
+
+## Methods
+
+### NewProfileSettingObject
+
+`func NewProfileSettingObject() *ProfileSettingObject`
+
+NewProfileSettingObject instantiates a new ProfileSettingObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProfileSettingObjectWithDefaults
+
+`func NewProfileSettingObjectWithDefaults() *ProfileSettingObject`
+
+NewProfileSettingObjectWithDefaults instantiates a new ProfileSettingObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetStatus
+
+`func (o *ProfileSettingObject) GetStatus() EnabledStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ProfileSettingObject) GetStatusOk() (*EnabledStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ProfileSettingObject) SetStatus(v EnabledStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ProfileSettingObject) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Protocol.md b/okta/docs/Protocol.md
new file mode 100644
index 000000000..2cac28e10
--- /dev/null
+++ b/okta/docs/Protocol.md
@@ -0,0 +1,238 @@
+# Protocol
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Algorithms** | Pointer to [**ProtocolAlgorithms**](ProtocolAlgorithms.md) |  | [optional] 
+**Credentials** | Pointer to [**IdentityProviderCredentials**](IdentityProviderCredentials.md) |  | [optional] 
+**Endpoints** | Pointer to [**ProtocolEndpoints**](ProtocolEndpoints.md) |  | [optional] 
+**Issuer** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**RelayState** | Pointer to [**ProtocolRelayState**](ProtocolRelayState.md) |  | [optional] 
+**Scopes** | Pointer to **[]string** |  | [optional] 
+**Settings** | Pointer to [**ProtocolSettings**](ProtocolSettings.md) |  | [optional] 
+**Type** | Pointer to [**ProtocolType**](ProtocolType.md) |  | [optional] 
+
+## Methods
+
+### NewProtocol
+
+`func NewProtocol() *Protocol`
+
+NewProtocol instantiates a new Protocol object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolWithDefaults
+
+`func NewProtocolWithDefaults() *Protocol`
+
+NewProtocolWithDefaults instantiates a new Protocol object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlgorithms
+
+`func (o *Protocol) GetAlgorithms() ProtocolAlgorithms`
+
+GetAlgorithms returns the Algorithms field if non-nil, zero value otherwise.
+
+### GetAlgorithmsOk
+
+`func (o *Protocol) GetAlgorithmsOk() (*ProtocolAlgorithms, bool)`
+
+GetAlgorithmsOk returns a tuple with the Algorithms field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlgorithms
+
+`func (o *Protocol) SetAlgorithms(v ProtocolAlgorithms)`
+
+SetAlgorithms sets Algorithms field to given value.
+
+### HasAlgorithms
+
+`func (o *Protocol) HasAlgorithms() bool`
+
+HasAlgorithms returns a boolean if a field has been set.
+
+### GetCredentials
+
+`func (o *Protocol) GetCredentials() IdentityProviderCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *Protocol) GetCredentialsOk() (*IdentityProviderCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *Protocol) SetCredentials(v IdentityProviderCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *Protocol) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetEndpoints
+
+`func (o *Protocol) GetEndpoints() ProtocolEndpoints`
+
+GetEndpoints returns the Endpoints field if non-nil, zero value otherwise.
+
+### GetEndpointsOk
+
+`func (o *Protocol) GetEndpointsOk() (*ProtocolEndpoints, bool)`
+
+GetEndpointsOk returns a tuple with the Endpoints field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEndpoints
+
+`func (o *Protocol) SetEndpoints(v ProtocolEndpoints)`
+
+SetEndpoints sets Endpoints field to given value.
+
+### HasEndpoints
+
+`func (o *Protocol) HasEndpoints() bool`
+
+HasEndpoints returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *Protocol) GetIssuer() ProtocolEndpoint`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *Protocol) GetIssuerOk() (*ProtocolEndpoint, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *Protocol) SetIssuer(v ProtocolEndpoint)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *Protocol) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+### GetRelayState
+
+`func (o *Protocol) GetRelayState() ProtocolRelayState`
+
+GetRelayState returns the RelayState field if non-nil, zero value otherwise.
+
+### GetRelayStateOk
+
+`func (o *Protocol) GetRelayStateOk() (*ProtocolRelayState, bool)`
+
+GetRelayStateOk returns a tuple with the RelayState field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRelayState
+
+`func (o *Protocol) SetRelayState(v ProtocolRelayState)`
+
+SetRelayState sets RelayState field to given value.
+
+### HasRelayState
+
+`func (o *Protocol) HasRelayState() bool`
+
+HasRelayState returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *Protocol) GetScopes() []string`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *Protocol) GetScopesOk() (*[]string, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *Protocol) SetScopes(v []string)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *Protocol) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *Protocol) GetSettings() ProtocolSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *Protocol) GetSettingsOk() (*ProtocolSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *Protocol) SetSettings(v ProtocolSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *Protocol) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *Protocol) GetType() ProtocolType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *Protocol) GetTypeOk() (*ProtocolType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *Protocol) SetType(v ProtocolType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *Protocol) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolAlgorithmType.md b/okta/docs/ProtocolAlgorithmType.md
new file mode 100644
index 000000000..c5bf01a66
--- /dev/null
+++ b/okta/docs/ProtocolAlgorithmType.md
@@ -0,0 +1,56 @@
+# ProtocolAlgorithmType
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Signature** | Pointer to [**ProtocolAlgorithmTypeSignature**](ProtocolAlgorithmTypeSignature.md) |  | [optional] 
+
+## Methods
+
+### NewProtocolAlgorithmType
+
+`func NewProtocolAlgorithmType() *ProtocolAlgorithmType`
+
+NewProtocolAlgorithmType instantiates a new ProtocolAlgorithmType object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolAlgorithmTypeWithDefaults
+
+`func NewProtocolAlgorithmTypeWithDefaults() *ProtocolAlgorithmType`
+
+NewProtocolAlgorithmTypeWithDefaults instantiates a new ProtocolAlgorithmType object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSignature
+
+`func (o *ProtocolAlgorithmType) GetSignature() ProtocolAlgorithmTypeSignature`
+
+GetSignature returns the Signature field if non-nil, zero value otherwise.
+
+### GetSignatureOk
+
+`func (o *ProtocolAlgorithmType) GetSignatureOk() (*ProtocolAlgorithmTypeSignature, bool)`
+
+GetSignatureOk returns a tuple with the Signature field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignature
+
+`func (o *ProtocolAlgorithmType) SetSignature(v ProtocolAlgorithmTypeSignature)`
+
+SetSignature sets Signature field to given value.
+
+### HasSignature
+
+`func (o *ProtocolAlgorithmType) HasSignature() bool`
+
+HasSignature returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolAlgorithmTypeSignature.md b/okta/docs/ProtocolAlgorithmTypeSignature.md
new file mode 100644
index 000000000..18df4a149
--- /dev/null
+++ b/okta/docs/ProtocolAlgorithmTypeSignature.md
@@ -0,0 +1,82 @@
+# ProtocolAlgorithmTypeSignature
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Algorithm** | Pointer to **string** |  | [optional] 
+**Scope** | Pointer to [**ProtocolAlgorithmTypeSignatureScope**](ProtocolAlgorithmTypeSignatureScope.md) |  | [optional] 
+
+## Methods
+
+### NewProtocolAlgorithmTypeSignature
+
+`func NewProtocolAlgorithmTypeSignature() *ProtocolAlgorithmTypeSignature`
+
+NewProtocolAlgorithmTypeSignature instantiates a new ProtocolAlgorithmTypeSignature object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolAlgorithmTypeSignatureWithDefaults
+
+`func NewProtocolAlgorithmTypeSignatureWithDefaults() *ProtocolAlgorithmTypeSignature`
+
+NewProtocolAlgorithmTypeSignatureWithDefaults instantiates a new ProtocolAlgorithmTypeSignature object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlgorithm
+
+`func (o *ProtocolAlgorithmTypeSignature) GetAlgorithm() string`
+
+GetAlgorithm returns the Algorithm field if non-nil, zero value otherwise.
+
+### GetAlgorithmOk
+
+`func (o *ProtocolAlgorithmTypeSignature) GetAlgorithmOk() (*string, bool)`
+
+GetAlgorithmOk returns a tuple with the Algorithm field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlgorithm
+
+`func (o *ProtocolAlgorithmTypeSignature) SetAlgorithm(v string)`
+
+SetAlgorithm sets Algorithm field to given value.
+
+### HasAlgorithm
+
+`func (o *ProtocolAlgorithmTypeSignature) HasAlgorithm() bool`
+
+HasAlgorithm returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *ProtocolAlgorithmTypeSignature) GetScope() ProtocolAlgorithmTypeSignatureScope`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *ProtocolAlgorithmTypeSignature) GetScopeOk() (*ProtocolAlgorithmTypeSignatureScope, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *ProtocolAlgorithmTypeSignature) SetScope(v ProtocolAlgorithmTypeSignatureScope)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *ProtocolAlgorithmTypeSignature) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolAlgorithmTypeSignatureScope.md b/okta/docs/ProtocolAlgorithmTypeSignatureScope.md
new file mode 100644
index 000000000..396e4e233
--- /dev/null
+++ b/okta/docs/ProtocolAlgorithmTypeSignatureScope.md
@@ -0,0 +1,19 @@
+# ProtocolAlgorithmTypeSignatureScope
+
+## Enum
+
+
+* `ANY` (value: `"ANY"`)
+
+* `NONE` (value: `"NONE"`)
+
+* `REQUEST` (value: `"REQUEST"`)
+
+* `RESPONSE` (value: `"RESPONSE"`)
+
+* `TOKEN` (value: `"TOKEN"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolAlgorithms.md b/okta/docs/ProtocolAlgorithms.md
new file mode 100644
index 000000000..0afa63b44
--- /dev/null
+++ b/okta/docs/ProtocolAlgorithms.md
@@ -0,0 +1,82 @@
+# ProtocolAlgorithms
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Request** | Pointer to [**ProtocolAlgorithmType**](ProtocolAlgorithmType.md) |  | [optional] 
+**Response** | Pointer to [**ProtocolAlgorithmType**](ProtocolAlgorithmType.md) |  | [optional] 
+
+## Methods
+
+### NewProtocolAlgorithms
+
+`func NewProtocolAlgorithms() *ProtocolAlgorithms`
+
+NewProtocolAlgorithms instantiates a new ProtocolAlgorithms object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolAlgorithmsWithDefaults
+
+`func NewProtocolAlgorithmsWithDefaults() *ProtocolAlgorithms`
+
+NewProtocolAlgorithmsWithDefaults instantiates a new ProtocolAlgorithms object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRequest
+
+`func (o *ProtocolAlgorithms) GetRequest() ProtocolAlgorithmType`
+
+GetRequest returns the Request field if non-nil, zero value otherwise.
+
+### GetRequestOk
+
+`func (o *ProtocolAlgorithms) GetRequestOk() (*ProtocolAlgorithmType, bool)`
+
+GetRequestOk returns a tuple with the Request field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequest
+
+`func (o *ProtocolAlgorithms) SetRequest(v ProtocolAlgorithmType)`
+
+SetRequest sets Request field to given value.
+
+### HasRequest
+
+`func (o *ProtocolAlgorithms) HasRequest() bool`
+
+HasRequest returns a boolean if a field has been set.
+
+### GetResponse
+
+`func (o *ProtocolAlgorithms) GetResponse() ProtocolAlgorithmType`
+
+GetResponse returns the Response field if non-nil, zero value otherwise.
+
+### GetResponseOk
+
+`func (o *ProtocolAlgorithms) GetResponseOk() (*ProtocolAlgorithmType, bool)`
+
+GetResponseOk returns a tuple with the Response field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResponse
+
+`func (o *ProtocolAlgorithms) SetResponse(v ProtocolAlgorithmType)`
+
+SetResponse sets Response field to given value.
+
+### HasResponse
+
+`func (o *ProtocolAlgorithms) HasResponse() bool`
+
+HasResponse returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolEndpoint.md b/okta/docs/ProtocolEndpoint.md
new file mode 100644
index 000000000..ce27f8536
--- /dev/null
+++ b/okta/docs/ProtocolEndpoint.md
@@ -0,0 +1,134 @@
+# ProtocolEndpoint
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Binding** | Pointer to [**ProtocolEndpointBinding**](ProtocolEndpointBinding.md) |  | [optional] 
+**Destination** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**ProtocolEndpointType**](ProtocolEndpointType.md) |  | [optional] 
+**Url** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewProtocolEndpoint
+
+`func NewProtocolEndpoint() *ProtocolEndpoint`
+
+NewProtocolEndpoint instantiates a new ProtocolEndpoint object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolEndpointWithDefaults
+
+`func NewProtocolEndpointWithDefaults() *ProtocolEndpoint`
+
+NewProtocolEndpointWithDefaults instantiates a new ProtocolEndpoint object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBinding
+
+`func (o *ProtocolEndpoint) GetBinding() ProtocolEndpointBinding`
+
+GetBinding returns the Binding field if non-nil, zero value otherwise.
+
+### GetBindingOk
+
+`func (o *ProtocolEndpoint) GetBindingOk() (*ProtocolEndpointBinding, bool)`
+
+GetBindingOk returns a tuple with the Binding field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBinding
+
+`func (o *ProtocolEndpoint) SetBinding(v ProtocolEndpointBinding)`
+
+SetBinding sets Binding field to given value.
+
+### HasBinding
+
+`func (o *ProtocolEndpoint) HasBinding() bool`
+
+HasBinding returns a boolean if a field has been set.
+
+### GetDestination
+
+`func (o *ProtocolEndpoint) GetDestination() string`
+
+GetDestination returns the Destination field if non-nil, zero value otherwise.
+
+### GetDestinationOk
+
+`func (o *ProtocolEndpoint) GetDestinationOk() (*string, bool)`
+
+GetDestinationOk returns a tuple with the Destination field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDestination
+
+`func (o *ProtocolEndpoint) SetDestination(v string)`
+
+SetDestination sets Destination field to given value.
+
+### HasDestination
+
+`func (o *ProtocolEndpoint) HasDestination() bool`
+
+HasDestination returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *ProtocolEndpoint) GetType() ProtocolEndpointType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *ProtocolEndpoint) GetTypeOk() (*ProtocolEndpointType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *ProtocolEndpoint) SetType(v ProtocolEndpointType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *ProtocolEndpoint) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetUrl
+
+`func (o *ProtocolEndpoint) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *ProtocolEndpoint) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *ProtocolEndpoint) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *ProtocolEndpoint) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolEndpointBinding.md b/okta/docs/ProtocolEndpointBinding.md
new file mode 100644
index 000000000..805ae8bbe
--- /dev/null
+++ b/okta/docs/ProtocolEndpointBinding.md
@@ -0,0 +1,13 @@
+# ProtocolEndpointBinding
+
+## Enum
+
+
+* `POST` (value: `"HTTP-POST"`)
+
+* `REDIRECT` (value: `"HTTP-REDIRECT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolEndpointType.md b/okta/docs/ProtocolEndpointType.md
new file mode 100644
index 000000000..9220ccdc7
--- /dev/null
+++ b/okta/docs/ProtocolEndpointType.md
@@ -0,0 +1,13 @@
+# ProtocolEndpointType
+
+## Enum
+
+
+* `INSTANCE` (value: `"INSTANCE"`)
+
+* `ORG` (value: `"ORG"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolEndpoints.md b/okta/docs/ProtocolEndpoints.md
new file mode 100644
index 000000000..718db520e
--- /dev/null
+++ b/okta/docs/ProtocolEndpoints.md
@@ -0,0 +1,238 @@
+# ProtocolEndpoints
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Acs** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**Authorization** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**Jwks** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**Metadata** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**Slo** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**Sso** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**Token** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+**UserInfo** | Pointer to [**ProtocolEndpoint**](ProtocolEndpoint.md) |  | [optional] 
+
+## Methods
+
+### NewProtocolEndpoints
+
+`func NewProtocolEndpoints() *ProtocolEndpoints`
+
+NewProtocolEndpoints instantiates a new ProtocolEndpoints object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolEndpointsWithDefaults
+
+`func NewProtocolEndpointsWithDefaults() *ProtocolEndpoints`
+
+NewProtocolEndpointsWithDefaults instantiates a new ProtocolEndpoints object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAcs
+
+`func (o *ProtocolEndpoints) GetAcs() ProtocolEndpoint`
+
+GetAcs returns the Acs field if non-nil, zero value otherwise.
+
+### GetAcsOk
+
+`func (o *ProtocolEndpoints) GetAcsOk() (*ProtocolEndpoint, bool)`
+
+GetAcsOk returns a tuple with the Acs field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAcs
+
+`func (o *ProtocolEndpoints) SetAcs(v ProtocolEndpoint)`
+
+SetAcs sets Acs field to given value.
+
+### HasAcs
+
+`func (o *ProtocolEndpoints) HasAcs() bool`
+
+HasAcs returns a boolean if a field has been set.
+
+### GetAuthorization
+
+`func (o *ProtocolEndpoints) GetAuthorization() ProtocolEndpoint`
+
+GetAuthorization returns the Authorization field if non-nil, zero value otherwise.
+
+### GetAuthorizationOk
+
+`func (o *ProtocolEndpoints) GetAuthorizationOk() (*ProtocolEndpoint, bool)`
+
+GetAuthorizationOk returns a tuple with the Authorization field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthorization
+
+`func (o *ProtocolEndpoints) SetAuthorization(v ProtocolEndpoint)`
+
+SetAuthorization sets Authorization field to given value.
+
+### HasAuthorization
+
+`func (o *ProtocolEndpoints) HasAuthorization() bool`
+
+HasAuthorization returns a boolean if a field has been set.
+
+### GetJwks
+
+`func (o *ProtocolEndpoints) GetJwks() ProtocolEndpoint`
+
+GetJwks returns the Jwks field if non-nil, zero value otherwise.
+
+### GetJwksOk
+
+`func (o *ProtocolEndpoints) GetJwksOk() (*ProtocolEndpoint, bool)`
+
+GetJwksOk returns a tuple with the Jwks field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetJwks
+
+`func (o *ProtocolEndpoints) SetJwks(v ProtocolEndpoint)`
+
+SetJwks sets Jwks field to given value.
+
+### HasJwks
+
+`func (o *ProtocolEndpoints) HasJwks() bool`
+
+HasJwks returns a boolean if a field has been set.
+
+### GetMetadata
+
+`func (o *ProtocolEndpoints) GetMetadata() ProtocolEndpoint`
+
+GetMetadata returns the Metadata field if non-nil, zero value otherwise.
+
+### GetMetadataOk
+
+`func (o *ProtocolEndpoints) GetMetadataOk() (*ProtocolEndpoint, bool)`
+
+GetMetadataOk returns a tuple with the Metadata field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMetadata
+
+`func (o *ProtocolEndpoints) SetMetadata(v ProtocolEndpoint)`
+
+SetMetadata sets Metadata field to given value.
+
+### HasMetadata
+
+`func (o *ProtocolEndpoints) HasMetadata() bool`
+
+HasMetadata returns a boolean if a field has been set.
+
+### GetSlo
+
+`func (o *ProtocolEndpoints) GetSlo() ProtocolEndpoint`
+
+GetSlo returns the Slo field if non-nil, zero value otherwise.
+
+### GetSloOk
+
+`func (o *ProtocolEndpoints) GetSloOk() (*ProtocolEndpoint, bool)`
+
+GetSloOk returns a tuple with the Slo field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSlo
+
+`func (o *ProtocolEndpoints) SetSlo(v ProtocolEndpoint)`
+
+SetSlo sets Slo field to given value.
+
+### HasSlo
+
+`func (o *ProtocolEndpoints) HasSlo() bool`
+
+HasSlo returns a boolean if a field has been set.
+
+### GetSso
+
+`func (o *ProtocolEndpoints) GetSso() ProtocolEndpoint`
+
+GetSso returns the Sso field if non-nil, zero value otherwise.
+
+### GetSsoOk
+
+`func (o *ProtocolEndpoints) GetSsoOk() (*ProtocolEndpoint, bool)`
+
+GetSsoOk returns a tuple with the Sso field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSso
+
+`func (o *ProtocolEndpoints) SetSso(v ProtocolEndpoint)`
+
+SetSso sets Sso field to given value.
+
+### HasSso
+
+`func (o *ProtocolEndpoints) HasSso() bool`
+
+HasSso returns a boolean if a field has been set.
+
+### GetToken
+
+`func (o *ProtocolEndpoints) GetToken() ProtocolEndpoint`
+
+GetToken returns the Token field if non-nil, zero value otherwise.
+
+### GetTokenOk
+
+`func (o *ProtocolEndpoints) GetTokenOk() (*ProtocolEndpoint, bool)`
+
+GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetToken
+
+`func (o *ProtocolEndpoints) SetToken(v ProtocolEndpoint)`
+
+SetToken sets Token field to given value.
+
+### HasToken
+
+`func (o *ProtocolEndpoints) HasToken() bool`
+
+HasToken returns a boolean if a field has been set.
+
+### GetUserInfo
+
+`func (o *ProtocolEndpoints) GetUserInfo() ProtocolEndpoint`
+
+GetUserInfo returns the UserInfo field if non-nil, zero value otherwise.
+
+### GetUserInfoOk
+
+`func (o *ProtocolEndpoints) GetUserInfoOk() (*ProtocolEndpoint, bool)`
+
+GetUserInfoOk returns a tuple with the UserInfo field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserInfo
+
+`func (o *ProtocolEndpoints) SetUserInfo(v ProtocolEndpoint)`
+
+SetUserInfo sets UserInfo field to given value.
+
+### HasUserInfo
+
+`func (o *ProtocolEndpoints) HasUserInfo() bool`
+
+HasUserInfo returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolRelayState.md b/okta/docs/ProtocolRelayState.md
new file mode 100644
index 000000000..95f473d74
--- /dev/null
+++ b/okta/docs/ProtocolRelayState.md
@@ -0,0 +1,56 @@
+# ProtocolRelayState
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Format** | Pointer to [**ProtocolRelayStateFormat**](ProtocolRelayStateFormat.md) |  | [optional] 
+
+## Methods
+
+### NewProtocolRelayState
+
+`func NewProtocolRelayState() *ProtocolRelayState`
+
+NewProtocolRelayState instantiates a new ProtocolRelayState object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolRelayStateWithDefaults
+
+`func NewProtocolRelayStateWithDefaults() *ProtocolRelayState`
+
+NewProtocolRelayStateWithDefaults instantiates a new ProtocolRelayState object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFormat
+
+`func (o *ProtocolRelayState) GetFormat() ProtocolRelayStateFormat`
+
+GetFormat returns the Format field if non-nil, zero value otherwise.
+
+### GetFormatOk
+
+`func (o *ProtocolRelayState) GetFormatOk() (*ProtocolRelayStateFormat, bool)`
+
+GetFormatOk returns a tuple with the Format field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFormat
+
+`func (o *ProtocolRelayState) SetFormat(v ProtocolRelayStateFormat)`
+
+SetFormat sets Format field to given value.
+
+### HasFormat
+
+`func (o *ProtocolRelayState) HasFormat() bool`
+
+HasFormat returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolRelayStateFormat.md b/okta/docs/ProtocolRelayStateFormat.md
new file mode 100644
index 000000000..c4c06fd46
--- /dev/null
+++ b/okta/docs/ProtocolRelayStateFormat.md
@@ -0,0 +1,13 @@
+# ProtocolRelayStateFormat
+
+## Enum
+
+
+* `FROM_URL` (value: `"FROM_URL"`)
+
+* `OPAQUE` (value: `"OPAQUE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolSettings.md b/okta/docs/ProtocolSettings.md
new file mode 100644
index 000000000..12b6c1d33
--- /dev/null
+++ b/okta/docs/ProtocolSettings.md
@@ -0,0 +1,56 @@
+# ProtocolSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**NameFormat** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewProtocolSettings
+
+`func NewProtocolSettings() *ProtocolSettings`
+
+NewProtocolSettings instantiates a new ProtocolSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProtocolSettingsWithDefaults
+
+`func NewProtocolSettingsWithDefaults() *ProtocolSettings`
+
+NewProtocolSettingsWithDefaults instantiates a new ProtocolSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNameFormat
+
+`func (o *ProtocolSettings) GetNameFormat() string`
+
+GetNameFormat returns the NameFormat field if non-nil, zero value otherwise.
+
+### GetNameFormatOk
+
+`func (o *ProtocolSettings) GetNameFormatOk() (*string, bool)`
+
+GetNameFormatOk returns a tuple with the NameFormat field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNameFormat
+
+`func (o *ProtocolSettings) SetNameFormat(v string)`
+
+SetNameFormat sets NameFormat field to given value.
+
+### HasNameFormat
+
+`func (o *ProtocolSettings) HasNameFormat() bool`
+
+HasNameFormat returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProtocolType.md b/okta/docs/ProtocolType.md
new file mode 100644
index 000000000..d3952800c
--- /dev/null
+++ b/okta/docs/ProtocolType.md
@@ -0,0 +1,17 @@
+# ProtocolType
+
+## Enum
+
+
+* `MTLS` (value: `"MTLS"`)
+
+* `OAUTH2` (value: `"OAUTH2"`)
+
+* `OIDC` (value: `"OIDC"`)
+
+* `SAML2` (value: `"SAML2"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProviderType.md b/okta/docs/ProviderType.md
new file mode 100644
index 000000000..6dd9f5182
--- /dev/null
+++ b/okta/docs/ProviderType.md
@@ -0,0 +1,13 @@
+# ProviderType
+
+## Enum
+
+
+* `APNS` (value: `"APNS"`)
+
+* `FCM` (value: `"FCM"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Provisioning.md b/okta/docs/Provisioning.md
new file mode 100644
index 000000000..bc89f77e7
--- /dev/null
+++ b/okta/docs/Provisioning.md
@@ -0,0 +1,134 @@
+# Provisioning
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to [**ProvisioningAction**](ProvisioningAction.md) |  | [optional] 
+**Conditions** | Pointer to [**ProvisioningConditions**](ProvisioningConditions.md) |  | [optional] 
+**Groups** | Pointer to [**ProvisioningGroups**](ProvisioningGroups.md) |  | [optional] 
+**ProfileMaster** | Pointer to **bool** |  | [optional] 
+
+## Methods
+
+### NewProvisioning
+
+`func NewProvisioning() *Provisioning`
+
+NewProvisioning instantiates a new Provisioning object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningWithDefaults
+
+`func NewProvisioningWithDefaults() *Provisioning`
+
+NewProvisioningWithDefaults instantiates a new Provisioning object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *Provisioning) GetAction() ProvisioningAction`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *Provisioning) GetActionOk() (*ProvisioningAction, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *Provisioning) SetAction(v ProvisioningAction)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *Provisioning) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+### GetConditions
+
+`func (o *Provisioning) GetConditions() ProvisioningConditions`
+
+GetConditions returns the Conditions field if non-nil, zero value otherwise.
+
+### GetConditionsOk
+
+`func (o *Provisioning) GetConditionsOk() (*ProvisioningConditions, bool)`
+
+GetConditionsOk returns a tuple with the Conditions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConditions
+
+`func (o *Provisioning) SetConditions(v ProvisioningConditions)`
+
+SetConditions sets Conditions field to given value.
+
+### HasConditions
+
+`func (o *Provisioning) HasConditions() bool`
+
+HasConditions returns a boolean if a field has been set.
+
+### GetGroups
+
+`func (o *Provisioning) GetGroups() ProvisioningGroups`
+
+GetGroups returns the Groups field if non-nil, zero value otherwise.
+
+### GetGroupsOk
+
+`func (o *Provisioning) GetGroupsOk() (*ProvisioningGroups, bool)`
+
+GetGroupsOk returns a tuple with the Groups field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroups
+
+`func (o *Provisioning) SetGroups(v ProvisioningGroups)`
+
+SetGroups sets Groups field to given value.
+
+### HasGroups
+
+`func (o *Provisioning) HasGroups() bool`
+
+HasGroups returns a boolean if a field has been set.
+
+### GetProfileMaster
+
+`func (o *Provisioning) GetProfileMaster() bool`
+
+GetProfileMaster returns the ProfileMaster field if non-nil, zero value otherwise.
+
+### GetProfileMasterOk
+
+`func (o *Provisioning) GetProfileMasterOk() (*bool, bool)`
+
+GetProfileMasterOk returns a tuple with the ProfileMaster field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfileMaster
+
+`func (o *Provisioning) SetProfileMaster(v bool)`
+
+SetProfileMaster sets ProfileMaster field to given value.
+
+### HasProfileMaster
+
+`func (o *Provisioning) HasProfileMaster() bool`
+
+HasProfileMaster returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningAction.md b/okta/docs/ProvisioningAction.md
new file mode 100644
index 000000000..a0f9820d6
--- /dev/null
+++ b/okta/docs/ProvisioningAction.md
@@ -0,0 +1,15 @@
+# ProvisioningAction
+
+## Enum
+
+
+* `AUTO` (value: `"AUTO"`)
+
+* `CALLOUT` (value: `"CALLOUT"`)
+
+* `DISABLED` (value: `"DISABLED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningConditions.md b/okta/docs/ProvisioningConditions.md
new file mode 100644
index 000000000..1a2b79be2
--- /dev/null
+++ b/okta/docs/ProvisioningConditions.md
@@ -0,0 +1,82 @@
+# ProvisioningConditions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Deprovisioned** | Pointer to [**ProvisioningDeprovisionedCondition**](ProvisioningDeprovisionedCondition.md) |  | [optional] 
+**Suspended** | Pointer to [**ProvisioningSuspendedCondition**](ProvisioningSuspendedCondition.md) |  | [optional] 
+
+## Methods
+
+### NewProvisioningConditions
+
+`func NewProvisioningConditions() *ProvisioningConditions`
+
+NewProvisioningConditions instantiates a new ProvisioningConditions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningConditionsWithDefaults
+
+`func NewProvisioningConditionsWithDefaults() *ProvisioningConditions`
+
+NewProvisioningConditionsWithDefaults instantiates a new ProvisioningConditions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDeprovisioned
+
+`func (o *ProvisioningConditions) GetDeprovisioned() ProvisioningDeprovisionedCondition`
+
+GetDeprovisioned returns the Deprovisioned field if non-nil, zero value otherwise.
+
+### GetDeprovisionedOk
+
+`func (o *ProvisioningConditions) GetDeprovisionedOk() (*ProvisioningDeprovisionedCondition, bool)`
+
+GetDeprovisionedOk returns a tuple with the Deprovisioned field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeprovisioned
+
+`func (o *ProvisioningConditions) SetDeprovisioned(v ProvisioningDeprovisionedCondition)`
+
+SetDeprovisioned sets Deprovisioned field to given value.
+
+### HasDeprovisioned
+
+`func (o *ProvisioningConditions) HasDeprovisioned() bool`
+
+HasDeprovisioned returns a boolean if a field has been set.
+
+### GetSuspended
+
+`func (o *ProvisioningConditions) GetSuspended() ProvisioningSuspendedCondition`
+
+GetSuspended returns the Suspended field if non-nil, zero value otherwise.
+
+### GetSuspendedOk
+
+`func (o *ProvisioningConditions) GetSuspendedOk() (*ProvisioningSuspendedCondition, bool)`
+
+GetSuspendedOk returns a tuple with the Suspended field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSuspended
+
+`func (o *ProvisioningConditions) SetSuspended(v ProvisioningSuspendedCondition)`
+
+SetSuspended sets Suspended field to given value.
+
+### HasSuspended
+
+`func (o *ProvisioningConditions) HasSuspended() bool`
+
+HasSuspended returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningConnection.md b/okta/docs/ProvisioningConnection.md
new file mode 100644
index 000000000..1ff2f21f5
--- /dev/null
+++ b/okta/docs/ProvisioningConnection.md
@@ -0,0 +1,108 @@
+# ProvisioningConnection
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthScheme** | Pointer to [**ProvisioningConnectionAuthScheme**](ProvisioningConnectionAuthScheme.md) |  | [optional] 
+**Status** | Pointer to [**ProvisioningConnectionStatus**](ProvisioningConnectionStatus.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewProvisioningConnection
+
+`func NewProvisioningConnection() *ProvisioningConnection`
+
+NewProvisioningConnection instantiates a new ProvisioningConnection object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningConnectionWithDefaults
+
+`func NewProvisioningConnectionWithDefaults() *ProvisioningConnection`
+
+NewProvisioningConnectionWithDefaults instantiates a new ProvisioningConnection object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthScheme
+
+`func (o *ProvisioningConnection) GetAuthScheme() ProvisioningConnectionAuthScheme`
+
+GetAuthScheme returns the AuthScheme field if non-nil, zero value otherwise.
+
+### GetAuthSchemeOk
+
+`func (o *ProvisioningConnection) GetAuthSchemeOk() (*ProvisioningConnectionAuthScheme, bool)`
+
+GetAuthSchemeOk returns a tuple with the AuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthScheme
+
+`func (o *ProvisioningConnection) SetAuthScheme(v ProvisioningConnectionAuthScheme)`
+
+SetAuthScheme sets AuthScheme field to given value.
+
+### HasAuthScheme
+
+`func (o *ProvisioningConnection) HasAuthScheme() bool`
+
+HasAuthScheme returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *ProvisioningConnection) GetStatus() ProvisioningConnectionStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ProvisioningConnection) GetStatusOk() (*ProvisioningConnectionStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ProvisioningConnection) SetStatus(v ProvisioningConnectionStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ProvisioningConnection) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ProvisioningConnection) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ProvisioningConnection) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ProvisioningConnection) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ProvisioningConnection) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningConnectionAuthScheme.md b/okta/docs/ProvisioningConnectionAuthScheme.md
new file mode 100644
index 000000000..1474e6820
--- /dev/null
+++ b/okta/docs/ProvisioningConnectionAuthScheme.md
@@ -0,0 +1,13 @@
+# ProvisioningConnectionAuthScheme
+
+## Enum
+
+
+* `TOKEN` (value: `"TOKEN"`)
+
+* `UNKNOWN` (value: `"UNKNOWN"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningConnectionProfile.md b/okta/docs/ProvisioningConnectionProfile.md
new file mode 100644
index 000000000..0c7c11931
--- /dev/null
+++ b/okta/docs/ProvisioningConnectionProfile.md
@@ -0,0 +1,82 @@
+# ProvisioningConnectionProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthScheme** | Pointer to [**ProvisioningConnectionAuthScheme**](ProvisioningConnectionAuthScheme.md) |  | [optional] 
+**Token** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewProvisioningConnectionProfile
+
+`func NewProvisioningConnectionProfile() *ProvisioningConnectionProfile`
+
+NewProvisioningConnectionProfile instantiates a new ProvisioningConnectionProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningConnectionProfileWithDefaults
+
+`func NewProvisioningConnectionProfileWithDefaults() *ProvisioningConnectionProfile`
+
+NewProvisioningConnectionProfileWithDefaults instantiates a new ProvisioningConnectionProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthScheme
+
+`func (o *ProvisioningConnectionProfile) GetAuthScheme() ProvisioningConnectionAuthScheme`
+
+GetAuthScheme returns the AuthScheme field if non-nil, zero value otherwise.
+
+### GetAuthSchemeOk
+
+`func (o *ProvisioningConnectionProfile) GetAuthSchemeOk() (*ProvisioningConnectionAuthScheme, bool)`
+
+GetAuthSchemeOk returns a tuple with the AuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthScheme
+
+`func (o *ProvisioningConnectionProfile) SetAuthScheme(v ProvisioningConnectionAuthScheme)`
+
+SetAuthScheme sets AuthScheme field to given value.
+
+### HasAuthScheme
+
+`func (o *ProvisioningConnectionProfile) HasAuthScheme() bool`
+
+HasAuthScheme returns a boolean if a field has been set.
+
+### GetToken
+
+`func (o *ProvisioningConnectionProfile) GetToken() string`
+
+GetToken returns the Token field if non-nil, zero value otherwise.
+
+### GetTokenOk
+
+`func (o *ProvisioningConnectionProfile) GetTokenOk() (*string, bool)`
+
+GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetToken
+
+`func (o *ProvisioningConnectionProfile) SetToken(v string)`
+
+SetToken sets Token field to given value.
+
+### HasToken
+
+`func (o *ProvisioningConnectionProfile) HasToken() bool`
+
+HasToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningConnectionRequest.md b/okta/docs/ProvisioningConnectionRequest.md
new file mode 100644
index 000000000..e6cc2ae37
--- /dev/null
+++ b/okta/docs/ProvisioningConnectionRequest.md
@@ -0,0 +1,56 @@
+# ProvisioningConnectionRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**ProvisioningConnectionProfile**](ProvisioningConnectionProfile.md) |  | [optional] 
+
+## Methods
+
+### NewProvisioningConnectionRequest
+
+`func NewProvisioningConnectionRequest() *ProvisioningConnectionRequest`
+
+NewProvisioningConnectionRequest instantiates a new ProvisioningConnectionRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningConnectionRequestWithDefaults
+
+`func NewProvisioningConnectionRequestWithDefaults() *ProvisioningConnectionRequest`
+
+NewProvisioningConnectionRequestWithDefaults instantiates a new ProvisioningConnectionRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *ProvisioningConnectionRequest) GetProfile() ProvisioningConnectionProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *ProvisioningConnectionRequest) GetProfileOk() (*ProvisioningConnectionProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *ProvisioningConnectionRequest) SetProfile(v ProvisioningConnectionProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *ProvisioningConnectionRequest) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningConnectionStatus.md b/okta/docs/ProvisioningConnectionStatus.md
new file mode 100644
index 000000000..0d9f28a2a
--- /dev/null
+++ b/okta/docs/ProvisioningConnectionStatus.md
@@ -0,0 +1,15 @@
+# ProvisioningConnectionStatus
+
+## Enum
+
+
+* `DISABLED` (value: `"DISABLED"`)
+
+* `ENABLED` (value: `"ENABLED"`)
+
+* `UNKNOWN` (value: `"UNKNOWN"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningDeprovisionedAction.md b/okta/docs/ProvisioningDeprovisionedAction.md
new file mode 100644
index 000000000..b741ab0ec
--- /dev/null
+++ b/okta/docs/ProvisioningDeprovisionedAction.md
@@ -0,0 +1,13 @@
+# ProvisioningDeprovisionedAction
+
+## Enum
+
+
+* `NONE` (value: `"NONE"`)
+
+* `REACTIVATE` (value: `"REACTIVATE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningDeprovisionedCondition.md b/okta/docs/ProvisioningDeprovisionedCondition.md
new file mode 100644
index 000000000..2a1cd3e92
--- /dev/null
+++ b/okta/docs/ProvisioningDeprovisionedCondition.md
@@ -0,0 +1,56 @@
+# ProvisioningDeprovisionedCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to [**ProvisioningDeprovisionedAction**](ProvisioningDeprovisionedAction.md) |  | [optional] 
+
+## Methods
+
+### NewProvisioningDeprovisionedCondition
+
+`func NewProvisioningDeprovisionedCondition() *ProvisioningDeprovisionedCondition`
+
+NewProvisioningDeprovisionedCondition instantiates a new ProvisioningDeprovisionedCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningDeprovisionedConditionWithDefaults
+
+`func NewProvisioningDeprovisionedConditionWithDefaults() *ProvisioningDeprovisionedCondition`
+
+NewProvisioningDeprovisionedConditionWithDefaults instantiates a new ProvisioningDeprovisionedCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *ProvisioningDeprovisionedCondition) GetAction() ProvisioningDeprovisionedAction`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *ProvisioningDeprovisionedCondition) GetActionOk() (*ProvisioningDeprovisionedAction, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *ProvisioningDeprovisionedCondition) SetAction(v ProvisioningDeprovisionedAction)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *ProvisioningDeprovisionedCondition) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningGroups.md b/okta/docs/ProvisioningGroups.md
new file mode 100644
index 000000000..75b18516c
--- /dev/null
+++ b/okta/docs/ProvisioningGroups.md
@@ -0,0 +1,134 @@
+# ProvisioningGroups
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to [**ProvisioningGroupsAction**](ProvisioningGroupsAction.md) |  | [optional] 
+**Assignments** | Pointer to **[]string** |  | [optional] 
+**Filter** | Pointer to **[]string** |  | [optional] 
+**SourceAttributeName** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewProvisioningGroups
+
+`func NewProvisioningGroups() *ProvisioningGroups`
+
+NewProvisioningGroups instantiates a new ProvisioningGroups object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningGroupsWithDefaults
+
+`func NewProvisioningGroupsWithDefaults() *ProvisioningGroups`
+
+NewProvisioningGroupsWithDefaults instantiates a new ProvisioningGroups object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *ProvisioningGroups) GetAction() ProvisioningGroupsAction`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *ProvisioningGroups) GetActionOk() (*ProvisioningGroupsAction, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *ProvisioningGroups) SetAction(v ProvisioningGroupsAction)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *ProvisioningGroups) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+### GetAssignments
+
+`func (o *ProvisioningGroups) GetAssignments() []string`
+
+GetAssignments returns the Assignments field if non-nil, zero value otherwise.
+
+### GetAssignmentsOk
+
+`func (o *ProvisioningGroups) GetAssignmentsOk() (*[]string, bool)`
+
+GetAssignmentsOk returns a tuple with the Assignments field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAssignments
+
+`func (o *ProvisioningGroups) SetAssignments(v []string)`
+
+SetAssignments sets Assignments field to given value.
+
+### HasAssignments
+
+`func (o *ProvisioningGroups) HasAssignments() bool`
+
+HasAssignments returns a boolean if a field has been set.
+
+### GetFilter
+
+`func (o *ProvisioningGroups) GetFilter() []string`
+
+GetFilter returns the Filter field if non-nil, zero value otherwise.
+
+### GetFilterOk
+
+`func (o *ProvisioningGroups) GetFilterOk() (*[]string, bool)`
+
+GetFilterOk returns a tuple with the Filter field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFilter
+
+`func (o *ProvisioningGroups) SetFilter(v []string)`
+
+SetFilter sets Filter field to given value.
+
+### HasFilter
+
+`func (o *ProvisioningGroups) HasFilter() bool`
+
+HasFilter returns a boolean if a field has been set.
+
+### GetSourceAttributeName
+
+`func (o *ProvisioningGroups) GetSourceAttributeName() string`
+
+GetSourceAttributeName returns the SourceAttributeName field if non-nil, zero value otherwise.
+
+### GetSourceAttributeNameOk
+
+`func (o *ProvisioningGroups) GetSourceAttributeNameOk() (*string, bool)`
+
+GetSourceAttributeNameOk returns a tuple with the SourceAttributeName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSourceAttributeName
+
+`func (o *ProvisioningGroups) SetSourceAttributeName(v string)`
+
+SetSourceAttributeName sets SourceAttributeName field to given value.
+
+### HasSourceAttributeName
+
+`func (o *ProvisioningGroups) HasSourceAttributeName() bool`
+
+HasSourceAttributeName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningGroupsAction.md b/okta/docs/ProvisioningGroupsAction.md
new file mode 100644
index 000000000..b9f0c32b2
--- /dev/null
+++ b/okta/docs/ProvisioningGroupsAction.md
@@ -0,0 +1,17 @@
+# ProvisioningGroupsAction
+
+## Enum
+
+
+* `APPEND` (value: `"APPEND"`)
+
+* `ASSIGN` (value: `"ASSIGN"`)
+
+* `NONE` (value: `"NONE"`)
+
+* `SYNC` (value: `"SYNC"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningSuspendedAction.md b/okta/docs/ProvisioningSuspendedAction.md
new file mode 100644
index 000000000..eebf3f04c
--- /dev/null
+++ b/okta/docs/ProvisioningSuspendedAction.md
@@ -0,0 +1,13 @@
+# ProvisioningSuspendedAction
+
+## Enum
+
+
+* `NONE` (value: `"NONE"`)
+
+* `UNSUSPEND` (value: `"UNSUSPEND"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ProvisioningSuspendedCondition.md b/okta/docs/ProvisioningSuspendedCondition.md
new file mode 100644
index 000000000..c0ec47432
--- /dev/null
+++ b/okta/docs/ProvisioningSuspendedCondition.md
@@ -0,0 +1,56 @@
+# ProvisioningSuspendedCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to [**ProvisioningSuspendedAction**](ProvisioningSuspendedAction.md) |  | [optional] 
+
+## Methods
+
+### NewProvisioningSuspendedCondition
+
+`func NewProvisioningSuspendedCondition() *ProvisioningSuspendedCondition`
+
+NewProvisioningSuspendedCondition instantiates a new ProvisioningSuspendedCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewProvisioningSuspendedConditionWithDefaults
+
+`func NewProvisioningSuspendedConditionWithDefaults() *ProvisioningSuspendedCondition`
+
+NewProvisioningSuspendedConditionWithDefaults instantiates a new ProvisioningSuspendedCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *ProvisioningSuspendedCondition) GetAction() ProvisioningSuspendedAction`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *ProvisioningSuspendedCondition) GetActionOk() (*ProvisioningSuspendedAction, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *ProvisioningSuspendedCondition) SetAction(v ProvisioningSuspendedAction)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *ProvisioningSuspendedCondition) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PushProvider.md b/okta/docs/PushProvider.md
new file mode 100644
index 000000000..05c254402
--- /dev/null
+++ b/okta/docs/PushProvider.md
@@ -0,0 +1,160 @@
+# PushProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdatedDate** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** | Display name of the push provider | [optional] 
+**ProviderType** | Pointer to [**ProviderType**](ProviderType.md) |  | [optional] 
+**Links** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+
+## Methods
+
+### NewPushProvider
+
+`func NewPushProvider() *PushProvider`
+
+NewPushProvider instantiates a new PushProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPushProviderWithDefaults
+
+`func NewPushProviderWithDefaults() *PushProvider`
+
+NewPushProviderWithDefaults instantiates a new PushProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *PushProvider) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *PushProvider) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *PushProvider) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *PushProvider) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdatedDate
+
+`func (o *PushProvider) GetLastUpdatedDate() string`
+
+GetLastUpdatedDate returns the LastUpdatedDate field if non-nil, zero value otherwise.
+
+### GetLastUpdatedDateOk
+
+`func (o *PushProvider) GetLastUpdatedDateOk() (*string, bool)`
+
+GetLastUpdatedDateOk returns a tuple with the LastUpdatedDate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedDate
+
+`func (o *PushProvider) SetLastUpdatedDate(v string)`
+
+SetLastUpdatedDate sets LastUpdatedDate field to given value.
+
+### HasLastUpdatedDate
+
+`func (o *PushProvider) HasLastUpdatedDate() bool`
+
+HasLastUpdatedDate returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *PushProvider) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *PushProvider) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *PushProvider) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *PushProvider) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetProviderType
+
+`func (o *PushProvider) GetProviderType() ProviderType`
+
+GetProviderType returns the ProviderType field if non-nil, zero value otherwise.
+
+### GetProviderTypeOk
+
+`func (o *PushProvider) GetProviderTypeOk() (*ProviderType, bool)`
+
+GetProviderTypeOk returns a tuple with the ProviderType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProviderType
+
+`func (o *PushProvider) SetProviderType(v ProviderType)`
+
+SetProviderType sets ProviderType field to given value.
+
+### HasProviderType
+
+`func (o *PushProvider) HasProviderType() bool`
+
+HasProviderType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *PushProvider) GetLinks() ApiTokenLink`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *PushProvider) GetLinksOk() (*ApiTokenLink, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *PushProvider) SetLinks(v ApiTokenLink)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *PushProvider) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PushProviderApi.md b/okta/docs/PushProviderApi.md
new file mode 100644
index 000000000..75806ece3
--- /dev/null
+++ b/okta/docs/PushProviderApi.md
@@ -0,0 +1,355 @@
+# \PushProviderApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreatePushProvider**](PushProviderApi.md#CreatePushProvider) | **Post** /api/v1/push-providers | Create a Push Provider
+[**DeletePushProvider**](PushProviderApi.md#DeletePushProvider) | **Delete** /api/v1/push-providers/{pushProviderId} | Delete a Push Provider
+[**GetPushProvider**](PushProviderApi.md#GetPushProvider) | **Get** /api/v1/push-providers/{pushProviderId} | Retrieve a Push Provider
+[**ListPushProviders**](PushProviderApi.md#ListPushProviders) | **Get** /api/v1/push-providers | List all Push Providers
+[**ReplacePushProvider**](PushProviderApi.md#ReplacePushProvider) | **Put** /api/v1/push-providers/{pushProviderId} | Replace a Push Provider
+
+
+
+## CreatePushProvider
+
+> ListPushProviders200ResponseInner CreatePushProvider(ctx).PushProvider(pushProvider).Execute()
+
+Create a Push Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    pushProvider := openapiclient.listPushProviders_200_response_inner{APNSPushProvider: openapiclient.NewAPNSPushProvider()} // ListPushProviders200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PushProviderApi.CreatePushProvider(context.Background()).PushProvider(pushProvider).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PushProviderApi.CreatePushProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreatePushProvider`: ListPushProviders200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PushProviderApi.CreatePushProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreatePushProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **pushProvider** | [**ListPushProviders200ResponseInner**](ListPushProviders200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListPushProviders200ResponseInner**](ListPushProviders200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeletePushProvider
+
+> DeletePushProvider(ctx, pushProviderId).Execute()
+
+Delete a Push Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    pushProviderId := "pushProviderId_example" // string | Id of the push provider
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PushProviderApi.DeletePushProvider(context.Background(), pushProviderId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PushProviderApi.DeletePushProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**pushProviderId** | **string** | Id of the push provider | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeletePushProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetPushProvider
+
+> ListPushProviders200ResponseInner GetPushProvider(ctx, pushProviderId).Execute()
+
+Retrieve a Push Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    pushProviderId := "pushProviderId_example" // string | Id of the push provider
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PushProviderApi.GetPushProvider(context.Background(), pushProviderId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PushProviderApi.GetPushProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetPushProvider`: ListPushProviders200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PushProviderApi.GetPushProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**pushProviderId** | **string** | Id of the push provider | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetPushProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ListPushProviders200ResponseInner**](ListPushProviders200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListPushProviders
+
+> []ListPushProviders200ResponseInner ListPushProviders(ctx).Type_(type_).Execute()
+
+List all Push Providers
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    type_ := openapiclient.ProviderType("APNS") // ProviderType | Filters push providers by `providerType` (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PushProviderApi.ListPushProviders(context.Background()).Type_(type_).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PushProviderApi.ListPushProviders``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListPushProviders`: []ListPushProviders200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PushProviderApi.ListPushProviders`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListPushProvidersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **type_** | [**ProviderType**](ProviderType.md) | Filters push providers by &#x60;providerType&#x60; | 
+
+### Return type
+
+[**[]ListPushProviders200ResponseInner**](ListPushProviders200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplacePushProvider
+
+> ListPushProviders200ResponseInner ReplacePushProvider(ctx, pushProviderId).PushProvider(pushProvider).Execute()
+
+Replace a Push Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    pushProviderId := "pushProviderId_example" // string | Id of the push provider
+    pushProvider := openapiclient.listPushProviders_200_response_inner{APNSPushProvider: openapiclient.NewAPNSPushProvider()} // ListPushProviders200ResponseInner | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.PushProviderApi.ReplacePushProvider(context.Background(), pushProviderId).PushProvider(pushProvider).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `PushProviderApi.ReplacePushProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplacePushProvider`: ListPushProviders200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `PushProviderApi.ReplacePushProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**pushProviderId** | **string** | Id of the push provider | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplacePushProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **pushProvider** | [**ListPushProviders200ResponseInner**](ListPushProviders200ResponseInner.md) |  | 
+
+### Return type
+
+[**ListPushProviders200ResponseInner**](ListPushProviders200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/PushUserFactor.md b/okta/docs/PushUserFactor.md
new file mode 100644
index 000000000..00a9825e8
--- /dev/null
+++ b/okta/docs/PushUserFactor.md
@@ -0,0 +1,108 @@
+# PushUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] 
+**FactorResult** | Pointer to [**FactorResultType**](FactorResultType.md) |  | [optional] 
+**Profile** | Pointer to [**PushUserFactorProfile**](PushUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewPushUserFactor
+
+`func NewPushUserFactor() *PushUserFactor`
+
+NewPushUserFactor instantiates a new PushUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPushUserFactorWithDefaults
+
+`func NewPushUserFactorWithDefaults() *PushUserFactor`
+
+NewPushUserFactorWithDefaults instantiates a new PushUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiresAt
+
+`func (o *PushUserFactor) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *PushUserFactor) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *PushUserFactor) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *PushUserFactor) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetFactorResult
+
+`func (o *PushUserFactor) GetFactorResult() FactorResultType`
+
+GetFactorResult returns the FactorResult field if non-nil, zero value otherwise.
+
+### GetFactorResultOk
+
+`func (o *PushUserFactor) GetFactorResultOk() (*FactorResultType, bool)`
+
+GetFactorResultOk returns a tuple with the FactorResult field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorResult
+
+`func (o *PushUserFactor) SetFactorResult(v FactorResultType)`
+
+SetFactorResult sets FactorResult field to given value.
+
+### HasFactorResult
+
+`func (o *PushUserFactor) HasFactorResult() bool`
+
+HasFactorResult returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *PushUserFactor) GetProfile() PushUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *PushUserFactor) GetProfileOk() (*PushUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *PushUserFactor) SetProfile(v PushUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *PushUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PushUserFactorAllOf.md b/okta/docs/PushUserFactorAllOf.md
new file mode 100644
index 000000000..18de19926
--- /dev/null
+++ b/okta/docs/PushUserFactorAllOf.md
@@ -0,0 +1,108 @@
+# PushUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] 
+**FactorResult** | Pointer to [**FactorResultType**](FactorResultType.md) |  | [optional] 
+**Profile** | Pointer to [**PushUserFactorProfile**](PushUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewPushUserFactorAllOf
+
+`func NewPushUserFactorAllOf() *PushUserFactorAllOf`
+
+NewPushUserFactorAllOf instantiates a new PushUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPushUserFactorAllOfWithDefaults
+
+`func NewPushUserFactorAllOfWithDefaults() *PushUserFactorAllOf`
+
+NewPushUserFactorAllOfWithDefaults instantiates a new PushUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiresAt
+
+`func (o *PushUserFactorAllOf) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *PushUserFactorAllOf) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *PushUserFactorAllOf) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *PushUserFactorAllOf) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetFactorResult
+
+`func (o *PushUserFactorAllOf) GetFactorResult() FactorResultType`
+
+GetFactorResult returns the FactorResult field if non-nil, zero value otherwise.
+
+### GetFactorResultOk
+
+`func (o *PushUserFactorAllOf) GetFactorResultOk() (*FactorResultType, bool)`
+
+GetFactorResultOk returns a tuple with the FactorResult field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorResult
+
+`func (o *PushUserFactorAllOf) SetFactorResult(v FactorResultType)`
+
+SetFactorResult sets FactorResult field to given value.
+
+### HasFactorResult
+
+`func (o *PushUserFactorAllOf) HasFactorResult() bool`
+
+HasFactorResult returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *PushUserFactorAllOf) GetProfile() PushUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *PushUserFactorAllOf) GetProfileOk() (*PushUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *PushUserFactorAllOf) SetProfile(v PushUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *PushUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/PushUserFactorProfile.md b/okta/docs/PushUserFactorProfile.md
new file mode 100644
index 000000000..d72e872ca
--- /dev/null
+++ b/okta/docs/PushUserFactorProfile.md
@@ -0,0 +1,186 @@
+# PushUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredentialId** | Pointer to **string** |  | [optional] 
+**DeviceToken** | Pointer to **string** |  | [optional] 
+**DeviceType** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Platform** | Pointer to **string** |  | [optional] 
+**Version** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewPushUserFactorProfile
+
+`func NewPushUserFactorProfile() *PushUserFactorProfile`
+
+NewPushUserFactorProfile instantiates a new PushUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewPushUserFactorProfileWithDefaults
+
+`func NewPushUserFactorProfileWithDefaults() *PushUserFactorProfile`
+
+NewPushUserFactorProfileWithDefaults instantiates a new PushUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentialId
+
+`func (o *PushUserFactorProfile) GetCredentialId() string`
+
+GetCredentialId returns the CredentialId field if non-nil, zero value otherwise.
+
+### GetCredentialIdOk
+
+`func (o *PushUserFactorProfile) GetCredentialIdOk() (*string, bool)`
+
+GetCredentialIdOk returns a tuple with the CredentialId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialId
+
+`func (o *PushUserFactorProfile) SetCredentialId(v string)`
+
+SetCredentialId sets CredentialId field to given value.
+
+### HasCredentialId
+
+`func (o *PushUserFactorProfile) HasCredentialId() bool`
+
+HasCredentialId returns a boolean if a field has been set.
+
+### GetDeviceToken
+
+`func (o *PushUserFactorProfile) GetDeviceToken() string`
+
+GetDeviceToken returns the DeviceToken field if non-nil, zero value otherwise.
+
+### GetDeviceTokenOk
+
+`func (o *PushUserFactorProfile) GetDeviceTokenOk() (*string, bool)`
+
+GetDeviceTokenOk returns a tuple with the DeviceToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceToken
+
+`func (o *PushUserFactorProfile) SetDeviceToken(v string)`
+
+SetDeviceToken sets DeviceToken field to given value.
+
+### HasDeviceToken
+
+`func (o *PushUserFactorProfile) HasDeviceToken() bool`
+
+HasDeviceToken returns a boolean if a field has been set.
+
+### GetDeviceType
+
+`func (o *PushUserFactorProfile) GetDeviceType() string`
+
+GetDeviceType returns the DeviceType field if non-nil, zero value otherwise.
+
+### GetDeviceTypeOk
+
+`func (o *PushUserFactorProfile) GetDeviceTypeOk() (*string, bool)`
+
+GetDeviceTypeOk returns a tuple with the DeviceType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceType
+
+`func (o *PushUserFactorProfile) SetDeviceType(v string)`
+
+SetDeviceType sets DeviceType field to given value.
+
+### HasDeviceType
+
+`func (o *PushUserFactorProfile) HasDeviceType() bool`
+
+HasDeviceType returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *PushUserFactorProfile) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *PushUserFactorProfile) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *PushUserFactorProfile) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *PushUserFactorProfile) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetPlatform
+
+`func (o *PushUserFactorProfile) GetPlatform() string`
+
+GetPlatform returns the Platform field if non-nil, zero value otherwise.
+
+### GetPlatformOk
+
+`func (o *PushUserFactorProfile) GetPlatformOk() (*string, bool)`
+
+GetPlatformOk returns a tuple with the Platform field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPlatform
+
+`func (o *PushUserFactorProfile) SetPlatform(v string)`
+
+SetPlatform sets Platform field to given value.
+
+### HasPlatform
+
+`func (o *PushUserFactorProfile) HasPlatform() bool`
+
+HasPlatform returns a boolean if a field has been set.
+
+### GetVersion
+
+`func (o *PushUserFactorProfile) GetVersion() string`
+
+GetVersion returns the Version field if non-nil, zero value otherwise.
+
+### GetVersionOk
+
+`func (o *PushUserFactorProfile) GetVersionOk() (*string, bool)`
+
+GetVersionOk returns a tuple with the Version field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVersion
+
+`func (o *PushUserFactorProfile) SetVersion(v string)`
+
+SetVersion sets Version field to given value.
+
+### HasVersion
+
+`func (o *PushUserFactorProfile) HasVersion() bool`
+
+HasVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RateLimitAdminNotifications.md b/okta/docs/RateLimitAdminNotifications.md
new file mode 100644
index 000000000..a25d98277
--- /dev/null
+++ b/okta/docs/RateLimitAdminNotifications.md
@@ -0,0 +1,51 @@
+# RateLimitAdminNotifications
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**NotificationsEnabled** | **bool** |  | 
+
+## Methods
+
+### NewRateLimitAdminNotifications
+
+`func NewRateLimitAdminNotifications(notificationsEnabled bool, ) *RateLimitAdminNotifications`
+
+NewRateLimitAdminNotifications instantiates a new RateLimitAdminNotifications object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRateLimitAdminNotificationsWithDefaults
+
+`func NewRateLimitAdminNotificationsWithDefaults() *RateLimitAdminNotifications`
+
+NewRateLimitAdminNotificationsWithDefaults instantiates a new RateLimitAdminNotifications object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNotificationsEnabled
+
+`func (o *RateLimitAdminNotifications) GetNotificationsEnabled() bool`
+
+GetNotificationsEnabled returns the NotificationsEnabled field if non-nil, zero value otherwise.
+
+### GetNotificationsEnabledOk
+
+`func (o *RateLimitAdminNotifications) GetNotificationsEnabledOk() (*bool, bool)`
+
+GetNotificationsEnabledOk returns a tuple with the NotificationsEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotificationsEnabled
+
+`func (o *RateLimitAdminNotifications) SetNotificationsEnabled(v bool)`
+
+SetNotificationsEnabled sets NotificationsEnabled field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RateLimitSettingsApi.md b/okta/docs/RateLimitSettingsApi.md
new file mode 100644
index 000000000..da0466886
--- /dev/null
+++ b/okta/docs/RateLimitSettingsApi.md
@@ -0,0 +1,266 @@
+# \RateLimitSettingsApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetRateLimitSettingsAdminNotifications**](RateLimitSettingsApi.md#GetRateLimitSettingsAdminNotifications) | **Get** /api/v1/rate-limit-settings/admin-notifications | Retrieve the Rate Limit Admin Notification Settings
+[**GetRateLimitSettingsPerClient**](RateLimitSettingsApi.md#GetRateLimitSettingsPerClient) | **Get** /api/v1/rate-limit-settings/per-client | Retrieve the Per-Client Rate Limit Settings
+[**ReplaceRateLimitSettingsAdminNotifications**](RateLimitSettingsApi.md#ReplaceRateLimitSettingsAdminNotifications) | **Put** /api/v1/rate-limit-settings/admin-notifications | Replace the Rate Limit Admin Notification Settings
+[**ReplaceRateLimitSettingsPerClient**](RateLimitSettingsApi.md#ReplaceRateLimitSettingsPerClient) | **Put** /api/v1/rate-limit-settings/per-client | Replace the Per-Client Rate Limit Settings
+
+
+
+## GetRateLimitSettingsAdminNotifications
+
+> RateLimitAdminNotifications GetRateLimitSettingsAdminNotifications(ctx).Execute()
+
+Retrieve the Rate Limit Admin Notification Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RateLimitSettingsApi.GetRateLimitSettingsAdminNotifications(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RateLimitSettingsApi.GetRateLimitSettingsAdminNotifications``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetRateLimitSettingsAdminNotifications`: RateLimitAdminNotifications
+    fmt.Fprintf(os.Stdout, "Response from `RateLimitSettingsApi.GetRateLimitSettingsAdminNotifications`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetRateLimitSettingsAdminNotificationsRequest struct via the builder pattern
+
+
+### Return type
+
+[**RateLimitAdminNotifications**](RateLimitAdminNotifications.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetRateLimitSettingsPerClient
+
+> PerClientRateLimitSettings GetRateLimitSettingsPerClient(ctx).Execute()
+
+Retrieve the Per-Client Rate Limit Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RateLimitSettingsApi.GetRateLimitSettingsPerClient(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RateLimitSettingsApi.GetRateLimitSettingsPerClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetRateLimitSettingsPerClient`: PerClientRateLimitSettings
+    fmt.Fprintf(os.Stdout, "Response from `RateLimitSettingsApi.GetRateLimitSettingsPerClient`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetRateLimitSettingsPerClientRequest struct via the builder pattern
+
+
+### Return type
+
+[**PerClientRateLimitSettings**](PerClientRateLimitSettings.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceRateLimitSettingsAdminNotifications
+
+> RateLimitAdminNotifications ReplaceRateLimitSettingsAdminNotifications(ctx).RateLimitAdminNotifications(rateLimitAdminNotifications).Execute()
+
+Replace the Rate Limit Admin Notification Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    rateLimitAdminNotifications := *openapiclient.NewRateLimitAdminNotifications(false) // RateLimitAdminNotifications | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RateLimitSettingsApi.ReplaceRateLimitSettingsAdminNotifications(context.Background()).RateLimitAdminNotifications(rateLimitAdminNotifications).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RateLimitSettingsApi.ReplaceRateLimitSettingsAdminNotifications``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceRateLimitSettingsAdminNotifications`: RateLimitAdminNotifications
+    fmt.Fprintf(os.Stdout, "Response from `RateLimitSettingsApi.ReplaceRateLimitSettingsAdminNotifications`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceRateLimitSettingsAdminNotificationsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **rateLimitAdminNotifications** | [**RateLimitAdminNotifications**](RateLimitAdminNotifications.md) |  | 
+
+### Return type
+
+[**RateLimitAdminNotifications**](RateLimitAdminNotifications.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceRateLimitSettingsPerClient
+
+> PerClientRateLimitSettings ReplaceRateLimitSettingsPerClient(ctx).PerClientRateLimitSettings(perClientRateLimitSettings).Execute()
+
+Replace the Per-Client Rate Limit Settings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    perClientRateLimitSettings := *openapiclient.NewPerClientRateLimitSettings(openapiclient.PerClientRateLimitMode("DISABLE")) // PerClientRateLimitSettings | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RateLimitSettingsApi.ReplaceRateLimitSettingsPerClient(context.Background()).PerClientRateLimitSettings(perClientRateLimitSettings).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RateLimitSettingsApi.ReplaceRateLimitSettingsPerClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceRateLimitSettingsPerClient`: PerClientRateLimitSettings
+    fmt.Fprintf(os.Stdout, "Response from `RateLimitSettingsApi.ReplaceRateLimitSettingsPerClient`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceRateLimitSettingsPerClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **perClientRateLimitSettings** | [**PerClientRateLimitSettings**](PerClientRateLimitSettings.md) |  | 
+
+### Return type
+
+[**PerClientRateLimitSettings**](PerClientRateLimitSettings.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/RecoveryQuestionCredential.md b/okta/docs/RecoveryQuestionCredential.md
new file mode 100644
index 000000000..91ad3b869
--- /dev/null
+++ b/okta/docs/RecoveryQuestionCredential.md
@@ -0,0 +1,82 @@
+# RecoveryQuestionCredential
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Answer** | Pointer to **string** |  | [optional] 
+**Question** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewRecoveryQuestionCredential
+
+`func NewRecoveryQuestionCredential() *RecoveryQuestionCredential`
+
+NewRecoveryQuestionCredential instantiates a new RecoveryQuestionCredential object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRecoveryQuestionCredentialWithDefaults
+
+`func NewRecoveryQuestionCredentialWithDefaults() *RecoveryQuestionCredential`
+
+NewRecoveryQuestionCredentialWithDefaults instantiates a new RecoveryQuestionCredential object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAnswer
+
+`func (o *RecoveryQuestionCredential) GetAnswer() string`
+
+GetAnswer returns the Answer field if non-nil, zero value otherwise.
+
+### GetAnswerOk
+
+`func (o *RecoveryQuestionCredential) GetAnswerOk() (*string, bool)`
+
+GetAnswerOk returns a tuple with the Answer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAnswer
+
+`func (o *RecoveryQuestionCredential) SetAnswer(v string)`
+
+SetAnswer sets Answer field to given value.
+
+### HasAnswer
+
+`func (o *RecoveryQuestionCredential) HasAnswer() bool`
+
+HasAnswer returns a boolean if a field has been set.
+
+### GetQuestion
+
+`func (o *RecoveryQuestionCredential) GetQuestion() string`
+
+GetQuestion returns the Question field if non-nil, zero value otherwise.
+
+### GetQuestionOk
+
+`func (o *RecoveryQuestionCredential) GetQuestionOk() (*string, bool)`
+
+GetQuestionOk returns a tuple with the Question field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetQuestion
+
+`func (o *RecoveryQuestionCredential) SetQuestion(v string)`
+
+SetQuestion sets Question field to given value.
+
+### HasQuestion
+
+`func (o *RecoveryQuestionCredential) HasQuestion() bool`
+
+HasQuestion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ReleaseChannel.md b/okta/docs/ReleaseChannel.md
new file mode 100644
index 000000000..7ff7a5261
--- /dev/null
+++ b/okta/docs/ReleaseChannel.md
@@ -0,0 +1,17 @@
+# ReleaseChannel
+
+## Enum
+
+
+* `BETA` (value: `"BETA"`)
+
+* `EA` (value: `"EA"`)
+
+* `GA` (value: `"GA"`)
+
+* `TEST` (value: `"TEST"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RequiredEnum.md b/okta/docs/RequiredEnum.md
new file mode 100644
index 000000000..867bb90b2
--- /dev/null
+++ b/okta/docs/RequiredEnum.md
@@ -0,0 +1,15 @@
+# RequiredEnum
+
+## Enum
+
+
+* `ALWAYS` (value: `"ALWAYS"`)
+
+* `HIGH_RISK_ONLY` (value: `"HIGH_RISK_ONLY"`)
+
+* `NEVER` (value: `"NEVER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResetPasswordToken.md b/okta/docs/ResetPasswordToken.md
new file mode 100644
index 000000000..859d6fc3f
--- /dev/null
+++ b/okta/docs/ResetPasswordToken.md
@@ -0,0 +1,56 @@
+# ResetPasswordToken
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ResetPasswordUrl** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewResetPasswordToken
+
+`func NewResetPasswordToken() *ResetPasswordToken`
+
+NewResetPasswordToken instantiates a new ResetPasswordToken object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResetPasswordTokenWithDefaults
+
+`func NewResetPasswordTokenWithDefaults() *ResetPasswordToken`
+
+NewResetPasswordTokenWithDefaults instantiates a new ResetPasswordToken object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetResetPasswordUrl
+
+`func (o *ResetPasswordToken) GetResetPasswordUrl() string`
+
+GetResetPasswordUrl returns the ResetPasswordUrl field if non-nil, zero value otherwise.
+
+### GetResetPasswordUrlOk
+
+`func (o *ResetPasswordToken) GetResetPasswordUrlOk() (*string, bool)`
+
+GetResetPasswordUrlOk returns a tuple with the ResetPasswordUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResetPasswordUrl
+
+`func (o *ResetPasswordToken) SetResetPasswordUrl(v string)`
+
+SetResetPasswordUrl sets ResetPasswordUrl field to given value.
+
+### HasResetPasswordUrl
+
+`func (o *ResetPasswordToken) HasResetPasswordUrl() bool`
+
+HasResetPasswordUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSet.md b/okta/docs/ResourceSet.md
new file mode 100644
index 000000000..54070b58d
--- /dev/null
+++ b/okta/docs/ResourceSet.md
@@ -0,0 +1,186 @@
+# ResourceSet
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the role was created | [optional] [readonly] 
+**Description** | Pointer to **string** | Description of the resource set | [optional] 
+**Id** | Pointer to **string** | Unique key for the role | [optional] [readonly] 
+**Label** | Pointer to **string** | Unique label for the resource set | [optional] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the role was last updated | [optional] [readonly] 
+**Links** | Pointer to [**ResourceSetLinks**](ResourceSetLinks.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSet
+
+`func NewResourceSet() *ResourceSet`
+
+NewResourceSet instantiates a new ResourceSet object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetWithDefaults
+
+`func NewResourceSetWithDefaults() *ResourceSet`
+
+NewResourceSetWithDefaults instantiates a new ResourceSet object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ResourceSet) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ResourceSet) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ResourceSet) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ResourceSet) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *ResourceSet) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *ResourceSet) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *ResourceSet) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *ResourceSet) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ResourceSet) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ResourceSet) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ResourceSet) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ResourceSet) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *ResourceSet) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *ResourceSet) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *ResourceSet) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *ResourceSet) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ResourceSet) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ResourceSet) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ResourceSet) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ResourceSet) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSet) GetLinks() ResourceSetLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSet) GetLinksOk() (*ResourceSetLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSet) SetLinks(v ResourceSetLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSet) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetApi.md b/okta/docs/ResourceSetApi.md
new file mode 100644
index 000000000..8734d2495
--- /dev/null
+++ b/okta/docs/ResourceSetApi.md
@@ -0,0 +1,1167 @@
+# \ResourceSetApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**AddMembersToBinding**](ResourceSetApi.md#AddMembersToBinding) | **Patch** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members | Add more Members to a binding
+[**AddResourceSetResource**](ResourceSetApi.md#AddResourceSetResource) | **Patch** /api/v1/iam/resource-sets/{resourceSetId}/resources | Add more Resource to a resource set
+[**CreateResourceSet**](ResourceSetApi.md#CreateResourceSet) | **Post** /api/v1/iam/resource-sets | Create a Resource Set
+[**CreateResourceSetBinding**](ResourceSetApi.md#CreateResourceSetBinding) | **Post** /api/v1/iam/resource-sets/{resourceSetId}/bindings | Create a Resource Set Binding
+[**DeleteBinding**](ResourceSetApi.md#DeleteBinding) | **Delete** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel} | Delete a Binding
+[**DeleteResourceSet**](ResourceSetApi.md#DeleteResourceSet) | **Delete** /api/v1/iam/resource-sets/{resourceSetId} | Delete a Resource Set
+[**DeleteResourceSetResource**](ResourceSetApi.md#DeleteResourceSetResource) | **Delete** /api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId} | Delete a Resource from a resource set
+[**GetBinding**](ResourceSetApi.md#GetBinding) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel} | Retrieve a Binding
+[**GetMemberOfBinding**](ResourceSetApi.md#GetMemberOfBinding) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId} | Retrieve a Member of a binding
+[**GetResourceSet**](ResourceSetApi.md#GetResourceSet) | **Get** /api/v1/iam/resource-sets/{resourceSetId} | Retrieve a Resource Set
+[**ListBindings**](ResourceSetApi.md#ListBindings) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings | List all Bindings
+[**ListMembersOfBinding**](ResourceSetApi.md#ListMembersOfBinding) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members | List all Members of a binding
+[**ListResourceSetResources**](ResourceSetApi.md#ListResourceSetResources) | **Get** /api/v1/iam/resource-sets/{resourceSetId}/resources | List all Resources of a resource set
+[**ListResourceSets**](ResourceSetApi.md#ListResourceSets) | **Get** /api/v1/iam/resource-sets | List all Resource Sets
+[**ReplaceResourceSet**](ResourceSetApi.md#ReplaceResourceSet) | **Put** /api/v1/iam/resource-sets/{resourceSetId} | Replace a Resource Set
+[**UnassignMemberFromBinding**](ResourceSetApi.md#UnassignMemberFromBinding) | **Delete** /api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId} | Unassign a Member from a binding
+
+
+
+## AddMembersToBinding
+
+> ResourceSetBindingResponse AddMembersToBinding(ctx, resourceSetId, roleIdOrLabel).Instance(instance).Execute()
+
+Add more Members to a binding
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    instance := *openapiclient.NewResourceSetBindingAddMembersRequest() // ResourceSetBindingAddMembersRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.AddMembersToBinding(context.Background(), resourceSetId, roleIdOrLabel).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.AddMembersToBinding``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AddMembersToBinding`: ResourceSetBindingResponse
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.AddMembersToBinding`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAddMembersToBindingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **instance** | [**ResourceSetBindingAddMembersRequest**](ResourceSetBindingAddMembersRequest.md) |  | 
+
+### Return type
+
+[**ResourceSetBindingResponse**](ResourceSetBindingResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AddResourceSetResource
+
+> ResourceSet AddResourceSetResource(ctx, resourceSetId).Instance(instance).Execute()
+
+Add more Resource to a resource set
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    instance := *openapiclient.NewResourceSetResourcePatchRequest() // ResourceSetResourcePatchRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.AddResourceSetResource(context.Background(), resourceSetId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.AddResourceSetResource``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AddResourceSetResource`: ResourceSet
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.AddResourceSetResource`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAddResourceSetResourceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**ResourceSetResourcePatchRequest**](ResourceSetResourcePatchRequest.md) |  | 
+
+### Return type
+
+[**ResourceSet**](ResourceSet.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateResourceSet
+
+> ResourceSet CreateResourceSet(ctx).Instance(instance).Execute()
+
+Create a Resource Set
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    instance := *openapiclient.NewResourceSet() // ResourceSet | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.CreateResourceSet(context.Background()).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.CreateResourceSet``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateResourceSet`: ResourceSet
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.CreateResourceSet`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateResourceSetRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **instance** | [**ResourceSet**](ResourceSet.md) |  | 
+
+### Return type
+
+[**ResourceSet**](ResourceSet.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateResourceSetBinding
+
+> ResourceSetBindingResponse CreateResourceSetBinding(ctx, resourceSetId).Instance(instance).Execute()
+
+Create a Resource Set Binding
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    instance := *openapiclient.NewResourceSetBindingCreateRequest() // ResourceSetBindingCreateRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.CreateResourceSetBinding(context.Background(), resourceSetId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.CreateResourceSetBinding``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateResourceSetBinding`: ResourceSetBindingResponse
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.CreateResourceSetBinding`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateResourceSetBindingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**ResourceSetBindingCreateRequest**](ResourceSetBindingCreateRequest.md) |  | 
+
+### Return type
+
+[**ResourceSetBindingResponse**](ResourceSetBindingResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteBinding
+
+> DeleteBinding(ctx, resourceSetId, roleIdOrLabel).Execute()
+
+Delete a Binding
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.DeleteBinding(context.Background(), resourceSetId, roleIdOrLabel).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.DeleteBinding``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteBindingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteResourceSet
+
+> DeleteResourceSet(ctx, resourceSetId).Execute()
+
+Delete a Resource Set
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.DeleteResourceSet(context.Background(), resourceSetId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.DeleteResourceSet``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteResourceSetRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteResourceSetResource
+
+> DeleteResourceSetResource(ctx, resourceSetId, resourceId).Execute()
+
+Delete a Resource from a resource set
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    resourceId := "ire106sQKoHoXXsAe0g4" // string | `id` of a resource
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.DeleteResourceSetResource(context.Background(), resourceSetId, resourceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.DeleteResourceSetResource``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+**resourceId** | **string** | &#x60;id&#x60; of a resource | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteResourceSetResourceRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetBinding
+
+> ResourceSetBindingResponse GetBinding(ctx, resourceSetId, roleIdOrLabel).Execute()
+
+Retrieve a Binding
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.GetBinding(context.Background(), resourceSetId, roleIdOrLabel).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.GetBinding``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetBinding`: ResourceSetBindingResponse
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.GetBinding`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetBindingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**ResourceSetBindingResponse**](ResourceSetBindingResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetMemberOfBinding
+
+> ResourceSetBindingMember GetMemberOfBinding(ctx, resourceSetId, roleIdOrLabel, memberId).Execute()
+
+Retrieve a Member of a binding
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    memberId := "irb1qe6PGuMc7Oh8N0g4" // string | `id` of a member
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.GetMemberOfBinding(context.Background(), resourceSetId, roleIdOrLabel, memberId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.GetMemberOfBinding``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetMemberOfBinding`: ResourceSetBindingMember
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.GetMemberOfBinding`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+**memberId** | **string** | &#x60;id&#x60; of a member | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetMemberOfBindingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+[**ResourceSetBindingMember**](ResourceSetBindingMember.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetResourceSet
+
+> ResourceSet GetResourceSet(ctx, resourceSetId).Execute()
+
+Retrieve a Resource Set
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.GetResourceSet(context.Background(), resourceSetId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.GetResourceSet``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetResourceSet`: ResourceSet
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.GetResourceSet`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetResourceSetRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ResourceSet**](ResourceSet.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListBindings
+
+> ResourceSetBindings ListBindings(ctx, resourceSetId).After(after).Execute()
+
+List all Bindings
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.ListBindings(context.Background(), resourceSetId).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.ListBindings``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListBindings`: ResourceSetBindings
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.ListBindings`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListBindingsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+
+### Return type
+
+[**ResourceSetBindings**](ResourceSetBindings.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListMembersOfBinding
+
+> ResourceSetBindingMembers ListMembersOfBinding(ctx, resourceSetId, roleIdOrLabel).After(after).Execute()
+
+List all Members of a binding
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.ListMembersOfBinding(context.Background(), resourceSetId, roleIdOrLabel).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.ListMembersOfBinding``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListMembersOfBinding`: ResourceSetBindingMembers
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.ListMembersOfBinding`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListMembersOfBindingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+
+### Return type
+
+[**ResourceSetBindingMembers**](ResourceSetBindingMembers.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListResourceSetResources
+
+> ResourceSetResources ListResourceSetResources(ctx, resourceSetId).Execute()
+
+List all Resources of a resource set
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.ListResourceSetResources(context.Background(), resourceSetId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.ListResourceSetResources``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListResourceSetResources`: ResourceSetResources
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.ListResourceSetResources`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListResourceSetResourcesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ResourceSetResources**](ResourceSetResources.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListResourceSets
+
+> ResourceSets ListResourceSets(ctx).After(after).Execute()
+
+List all Resource Sets
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.ListResourceSets(context.Background()).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.ListResourceSets``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListResourceSets`: ResourceSets
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.ListResourceSets`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListResourceSetsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+
+### Return type
+
+[**ResourceSets**](ResourceSets.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceResourceSet
+
+> ResourceSet ReplaceResourceSet(ctx, resourceSetId).Instance(instance).Execute()
+
+Replace a Resource Set
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    instance := *openapiclient.NewResourceSet() // ResourceSet | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.ReplaceResourceSet(context.Background(), resourceSetId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.ReplaceResourceSet``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceResourceSet`: ResourceSet
+    fmt.Fprintf(os.Stdout, "Response from `ResourceSetApi.ReplaceResourceSet`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceResourceSetRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**ResourceSet**](ResourceSet.md) |  | 
+
+### Return type
+
+[**ResourceSet**](ResourceSet.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignMemberFromBinding
+
+> UnassignMemberFromBinding(ctx, resourceSetId, roleIdOrLabel, memberId).Execute()
+
+Unassign a Member from a binding
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    resourceSetId := "iamoJDFKaJxGIr0oamd9g" // string | `id` of a resource set
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    memberId := "irb1qe6PGuMc7Oh8N0g4" // string | `id` of a member
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ResourceSetApi.UnassignMemberFromBinding(context.Background(), resourceSetId, roleIdOrLabel, memberId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ResourceSetApi.UnassignMemberFromBinding``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**resourceSetId** | **string** | &#x60;id&#x60; of a resource set | 
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+**memberId** | **string** | &#x60;id&#x60; of a member | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignMemberFromBindingRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/ResourceSetBindingAddMembersRequest.md b/okta/docs/ResourceSetBindingAddMembersRequest.md
new file mode 100644
index 000000000..63fde74b3
--- /dev/null
+++ b/okta/docs/ResourceSetBindingAddMembersRequest.md
@@ -0,0 +1,56 @@
+# ResourceSetBindingAddMembersRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Additions** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingAddMembersRequest
+
+`func NewResourceSetBindingAddMembersRequest() *ResourceSetBindingAddMembersRequest`
+
+NewResourceSetBindingAddMembersRequest instantiates a new ResourceSetBindingAddMembersRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingAddMembersRequestWithDefaults
+
+`func NewResourceSetBindingAddMembersRequestWithDefaults() *ResourceSetBindingAddMembersRequest`
+
+NewResourceSetBindingAddMembersRequestWithDefaults instantiates a new ResourceSetBindingAddMembersRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAdditions
+
+`func (o *ResourceSetBindingAddMembersRequest) GetAdditions() []string`
+
+GetAdditions returns the Additions field if non-nil, zero value otherwise.
+
+### GetAdditionsOk
+
+`func (o *ResourceSetBindingAddMembersRequest) GetAdditionsOk() (*[]string, bool)`
+
+GetAdditionsOk returns a tuple with the Additions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAdditions
+
+`func (o *ResourceSetBindingAddMembersRequest) SetAdditions(v []string)`
+
+SetAdditions sets Additions field to given value.
+
+### HasAdditions
+
+`func (o *ResourceSetBindingAddMembersRequest) HasAdditions() bool`
+
+HasAdditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingCreateRequest.md b/okta/docs/ResourceSetBindingCreateRequest.md
new file mode 100644
index 000000000..f4c324bc8
--- /dev/null
+++ b/okta/docs/ResourceSetBindingCreateRequest.md
@@ -0,0 +1,82 @@
+# ResourceSetBindingCreateRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Members** | Pointer to **[]string** |  | [optional] 
+**Role** | Pointer to **string** | Unique key for the role | [optional] 
+
+## Methods
+
+### NewResourceSetBindingCreateRequest
+
+`func NewResourceSetBindingCreateRequest() *ResourceSetBindingCreateRequest`
+
+NewResourceSetBindingCreateRequest instantiates a new ResourceSetBindingCreateRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingCreateRequestWithDefaults
+
+`func NewResourceSetBindingCreateRequestWithDefaults() *ResourceSetBindingCreateRequest`
+
+NewResourceSetBindingCreateRequestWithDefaults instantiates a new ResourceSetBindingCreateRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMembers
+
+`func (o *ResourceSetBindingCreateRequest) GetMembers() []string`
+
+GetMembers returns the Members field if non-nil, zero value otherwise.
+
+### GetMembersOk
+
+`func (o *ResourceSetBindingCreateRequest) GetMembersOk() (*[]string, bool)`
+
+GetMembersOk returns a tuple with the Members field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMembers
+
+`func (o *ResourceSetBindingCreateRequest) SetMembers(v []string)`
+
+SetMembers sets Members field to given value.
+
+### HasMembers
+
+`func (o *ResourceSetBindingCreateRequest) HasMembers() bool`
+
+HasMembers returns a boolean if a field has been set.
+
+### GetRole
+
+`func (o *ResourceSetBindingCreateRequest) GetRole() string`
+
+GetRole returns the Role field if non-nil, zero value otherwise.
+
+### GetRoleOk
+
+`func (o *ResourceSetBindingCreateRequest) GetRoleOk() (*string, bool)`
+
+GetRoleOk returns a tuple with the Role field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRole
+
+`func (o *ResourceSetBindingCreateRequest) SetRole(v string)`
+
+SetRole sets Role field to given value.
+
+### HasRole
+
+`func (o *ResourceSetBindingCreateRequest) HasRole() bool`
+
+HasRole returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingMember.md b/okta/docs/ResourceSetBindingMember.md
new file mode 100644
index 000000000..c6e2bfb4f
--- /dev/null
+++ b/okta/docs/ResourceSetBindingMember.md
@@ -0,0 +1,134 @@
+# ResourceSetBindingMember
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the role was created | [optional] [readonly] 
+**Id** | Pointer to **string** | Unique key for the role | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the role was last updated | [optional] [readonly] 
+**Links** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingMember
+
+`func NewResourceSetBindingMember() *ResourceSetBindingMember`
+
+NewResourceSetBindingMember instantiates a new ResourceSetBindingMember object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingMemberWithDefaults
+
+`func NewResourceSetBindingMemberWithDefaults() *ResourceSetBindingMember`
+
+NewResourceSetBindingMemberWithDefaults instantiates a new ResourceSetBindingMember object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ResourceSetBindingMember) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ResourceSetBindingMember) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ResourceSetBindingMember) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ResourceSetBindingMember) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ResourceSetBindingMember) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ResourceSetBindingMember) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ResourceSetBindingMember) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ResourceSetBindingMember) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ResourceSetBindingMember) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ResourceSetBindingMember) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ResourceSetBindingMember) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ResourceSetBindingMember) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSetBindingMember) GetLinks() ApiTokenLink`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSetBindingMember) GetLinksOk() (*ApiTokenLink, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSetBindingMember) SetLinks(v ApiTokenLink)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSetBindingMember) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingMembers.md b/okta/docs/ResourceSetBindingMembers.md
new file mode 100644
index 000000000..90d2c0a6c
--- /dev/null
+++ b/okta/docs/ResourceSetBindingMembers.md
@@ -0,0 +1,82 @@
+# ResourceSetBindingMembers
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Members** | Pointer to [**[]ResourceSetBindingMember**](ResourceSetBindingMember.md) |  | [optional] 
+**Links** | Pointer to [**ResourceSetBindingMembersLinks**](ResourceSetBindingMembersLinks.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingMembers
+
+`func NewResourceSetBindingMembers() *ResourceSetBindingMembers`
+
+NewResourceSetBindingMembers instantiates a new ResourceSetBindingMembers object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingMembersWithDefaults
+
+`func NewResourceSetBindingMembersWithDefaults() *ResourceSetBindingMembers`
+
+NewResourceSetBindingMembersWithDefaults instantiates a new ResourceSetBindingMembers object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMembers
+
+`func (o *ResourceSetBindingMembers) GetMembers() []ResourceSetBindingMember`
+
+GetMembers returns the Members field if non-nil, zero value otherwise.
+
+### GetMembersOk
+
+`func (o *ResourceSetBindingMembers) GetMembersOk() (*[]ResourceSetBindingMember, bool)`
+
+GetMembersOk returns a tuple with the Members field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMembers
+
+`func (o *ResourceSetBindingMembers) SetMembers(v []ResourceSetBindingMember)`
+
+SetMembers sets Members field to given value.
+
+### HasMembers
+
+`func (o *ResourceSetBindingMembers) HasMembers() bool`
+
+HasMembers returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSetBindingMembers) GetLinks() ResourceSetBindingMembersLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSetBindingMembers) GetLinksOk() (*ResourceSetBindingMembersLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSetBindingMembers) SetLinks(v ResourceSetBindingMembersLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSetBindingMembers) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingMembersLinks.md b/okta/docs/ResourceSetBindingMembersLinks.md
new file mode 100644
index 000000000..930eff84c
--- /dev/null
+++ b/okta/docs/ResourceSetBindingMembersLinks.md
@@ -0,0 +1,82 @@
+# ResourceSetBindingMembersLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Binding** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Next** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingMembersLinks
+
+`func NewResourceSetBindingMembersLinks() *ResourceSetBindingMembersLinks`
+
+NewResourceSetBindingMembersLinks instantiates a new ResourceSetBindingMembersLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingMembersLinksWithDefaults
+
+`func NewResourceSetBindingMembersLinksWithDefaults() *ResourceSetBindingMembersLinks`
+
+NewResourceSetBindingMembersLinksWithDefaults instantiates a new ResourceSetBindingMembersLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBinding
+
+`func (o *ResourceSetBindingMembersLinks) GetBinding() HrefObject`
+
+GetBinding returns the Binding field if non-nil, zero value otherwise.
+
+### GetBindingOk
+
+`func (o *ResourceSetBindingMembersLinks) GetBindingOk() (*HrefObject, bool)`
+
+GetBindingOk returns a tuple with the Binding field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBinding
+
+`func (o *ResourceSetBindingMembersLinks) SetBinding(v HrefObject)`
+
+SetBinding sets Binding field to given value.
+
+### HasBinding
+
+`func (o *ResourceSetBindingMembersLinks) HasBinding() bool`
+
+HasBinding returns a boolean if a field has been set.
+
+### GetNext
+
+`func (o *ResourceSetBindingMembersLinks) GetNext() HrefObject`
+
+GetNext returns the Next field if non-nil, zero value otherwise.
+
+### GetNextOk
+
+`func (o *ResourceSetBindingMembersLinks) GetNextOk() (*HrefObject, bool)`
+
+GetNextOk returns a tuple with the Next field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNext
+
+`func (o *ResourceSetBindingMembersLinks) SetNext(v HrefObject)`
+
+SetNext sets Next field to given value.
+
+### HasNext
+
+`func (o *ResourceSetBindingMembersLinks) HasNext() bool`
+
+HasNext returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingResponse.md b/okta/docs/ResourceSetBindingResponse.md
new file mode 100644
index 000000000..e552e2577
--- /dev/null
+++ b/okta/docs/ResourceSetBindingResponse.md
@@ -0,0 +1,82 @@
+# ResourceSetBindingResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** | &#x60;id&#x60; of the role | [optional] 
+**Links** | Pointer to [**ResourceSetBindingResponseLinks**](ResourceSetBindingResponseLinks.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingResponse
+
+`func NewResourceSetBindingResponse() *ResourceSetBindingResponse`
+
+NewResourceSetBindingResponse instantiates a new ResourceSetBindingResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingResponseWithDefaults
+
+`func NewResourceSetBindingResponseWithDefaults() *ResourceSetBindingResponse`
+
+NewResourceSetBindingResponseWithDefaults instantiates a new ResourceSetBindingResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *ResourceSetBindingResponse) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ResourceSetBindingResponse) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ResourceSetBindingResponse) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ResourceSetBindingResponse) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSetBindingResponse) GetLinks() ResourceSetBindingResponseLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSetBindingResponse) GetLinksOk() (*ResourceSetBindingResponseLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSetBindingResponse) SetLinks(v ResourceSetBindingResponseLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSetBindingResponse) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingResponseLinks.md b/okta/docs/ResourceSetBindingResponseLinks.md
new file mode 100644
index 000000000..031c3760b
--- /dev/null
+++ b/okta/docs/ResourceSetBindingResponseLinks.md
@@ -0,0 +1,108 @@
+# ResourceSetBindingResponseLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Bindings** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**ResourceSet** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingResponseLinks
+
+`func NewResourceSetBindingResponseLinks() *ResourceSetBindingResponseLinks`
+
+NewResourceSetBindingResponseLinks instantiates a new ResourceSetBindingResponseLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingResponseLinksWithDefaults
+
+`func NewResourceSetBindingResponseLinksWithDefaults() *ResourceSetBindingResponseLinks`
+
+NewResourceSetBindingResponseLinksWithDefaults instantiates a new ResourceSetBindingResponseLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *ResourceSetBindingResponseLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *ResourceSetBindingResponseLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *ResourceSetBindingResponseLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *ResourceSetBindingResponseLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetBindings
+
+`func (o *ResourceSetBindingResponseLinks) GetBindings() HrefObject`
+
+GetBindings returns the Bindings field if non-nil, zero value otherwise.
+
+### GetBindingsOk
+
+`func (o *ResourceSetBindingResponseLinks) GetBindingsOk() (*HrefObject, bool)`
+
+GetBindingsOk returns a tuple with the Bindings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBindings
+
+`func (o *ResourceSetBindingResponseLinks) SetBindings(v HrefObject)`
+
+SetBindings sets Bindings field to given value.
+
+### HasBindings
+
+`func (o *ResourceSetBindingResponseLinks) HasBindings() bool`
+
+HasBindings returns a boolean if a field has been set.
+
+### GetResourceSet
+
+`func (o *ResourceSetBindingResponseLinks) GetResourceSet() HrefObject`
+
+GetResourceSet returns the ResourceSet field if non-nil, zero value otherwise.
+
+### GetResourceSetOk
+
+`func (o *ResourceSetBindingResponseLinks) GetResourceSetOk() (*HrefObject, bool)`
+
+GetResourceSetOk returns a tuple with the ResourceSet field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResourceSet
+
+`func (o *ResourceSetBindingResponseLinks) SetResourceSet(v HrefObject)`
+
+SetResourceSet sets ResourceSet field to given value.
+
+### HasResourceSet
+
+`func (o *ResourceSetBindingResponseLinks) HasResourceSet() bool`
+
+HasResourceSet returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingRole.md b/okta/docs/ResourceSetBindingRole.md
new file mode 100644
index 000000000..85a89ced5
--- /dev/null
+++ b/okta/docs/ResourceSetBindingRole.md
@@ -0,0 +1,82 @@
+# ResourceSetBindingRole
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to [**ResourceSetBindingRoleLinks**](ResourceSetBindingRoleLinks.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingRole
+
+`func NewResourceSetBindingRole() *ResourceSetBindingRole`
+
+NewResourceSetBindingRole instantiates a new ResourceSetBindingRole object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingRoleWithDefaults
+
+`func NewResourceSetBindingRoleWithDefaults() *ResourceSetBindingRole`
+
+NewResourceSetBindingRoleWithDefaults instantiates a new ResourceSetBindingRole object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *ResourceSetBindingRole) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ResourceSetBindingRole) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ResourceSetBindingRole) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ResourceSetBindingRole) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSetBindingRole) GetLinks() ResourceSetBindingRoleLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSetBindingRole) GetLinksOk() (*ResourceSetBindingRoleLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSetBindingRole) SetLinks(v ResourceSetBindingRoleLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSetBindingRole) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindingRoleLinks.md b/okta/docs/ResourceSetBindingRoleLinks.md
new file mode 100644
index 000000000..c8900e65d
--- /dev/null
+++ b/okta/docs/ResourceSetBindingRoleLinks.md
@@ -0,0 +1,82 @@
+# ResourceSetBindingRoleLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Members** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindingRoleLinks
+
+`func NewResourceSetBindingRoleLinks() *ResourceSetBindingRoleLinks`
+
+NewResourceSetBindingRoleLinks instantiates a new ResourceSetBindingRoleLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingRoleLinksWithDefaults
+
+`func NewResourceSetBindingRoleLinksWithDefaults() *ResourceSetBindingRoleLinks`
+
+NewResourceSetBindingRoleLinksWithDefaults instantiates a new ResourceSetBindingRoleLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *ResourceSetBindingRoleLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *ResourceSetBindingRoleLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *ResourceSetBindingRoleLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *ResourceSetBindingRoleLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetMembers
+
+`func (o *ResourceSetBindingRoleLinks) GetMembers() HrefObject`
+
+GetMembers returns the Members field if non-nil, zero value otherwise.
+
+### GetMembersOk
+
+`func (o *ResourceSetBindingRoleLinks) GetMembersOk() (*HrefObject, bool)`
+
+GetMembersOk returns a tuple with the Members field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMembers
+
+`func (o *ResourceSetBindingRoleLinks) SetMembers(v HrefObject)`
+
+SetMembers sets Members field to given value.
+
+### HasMembers
+
+`func (o *ResourceSetBindingRoleLinks) HasMembers() bool`
+
+HasMembers returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetBindings.md b/okta/docs/ResourceSetBindings.md
new file mode 100644
index 000000000..2f0e29872
--- /dev/null
+++ b/okta/docs/ResourceSetBindings.md
@@ -0,0 +1,82 @@
+# ResourceSetBindings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Roles** | Pointer to [**[]ResourceSetBindingRole**](ResourceSetBindingRole.md) |  | [optional] 
+**Links** | Pointer to [**ResourceSetBindingResponseLinks**](ResourceSetBindingResponseLinks.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetBindings
+
+`func NewResourceSetBindings() *ResourceSetBindings`
+
+NewResourceSetBindings instantiates a new ResourceSetBindings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetBindingsWithDefaults
+
+`func NewResourceSetBindingsWithDefaults() *ResourceSetBindings`
+
+NewResourceSetBindingsWithDefaults instantiates a new ResourceSetBindings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRoles
+
+`func (o *ResourceSetBindings) GetRoles() []ResourceSetBindingRole`
+
+GetRoles returns the Roles field if non-nil, zero value otherwise.
+
+### GetRolesOk
+
+`func (o *ResourceSetBindings) GetRolesOk() (*[]ResourceSetBindingRole, bool)`
+
+GetRolesOk returns a tuple with the Roles field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRoles
+
+`func (o *ResourceSetBindings) SetRoles(v []ResourceSetBindingRole)`
+
+SetRoles sets Roles field to given value.
+
+### HasRoles
+
+`func (o *ResourceSetBindings) HasRoles() bool`
+
+HasRoles returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSetBindings) GetLinks() ResourceSetBindingResponseLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSetBindings) GetLinksOk() (*ResourceSetBindingResponseLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSetBindings) SetLinks(v ResourceSetBindingResponseLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSetBindings) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetLinks.md b/okta/docs/ResourceSetLinks.md
new file mode 100644
index 000000000..26136b866
--- /dev/null
+++ b/okta/docs/ResourceSetLinks.md
@@ -0,0 +1,108 @@
+# ResourceSetLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Self** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Resources** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Bindings** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetLinks
+
+`func NewResourceSetLinks() *ResourceSetLinks`
+
+NewResourceSetLinks instantiates a new ResourceSetLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetLinksWithDefaults
+
+`func NewResourceSetLinksWithDefaults() *ResourceSetLinks`
+
+NewResourceSetLinksWithDefaults instantiates a new ResourceSetLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSelf
+
+`func (o *ResourceSetLinks) GetSelf() HrefObject`
+
+GetSelf returns the Self field if non-nil, zero value otherwise.
+
+### GetSelfOk
+
+`func (o *ResourceSetLinks) GetSelfOk() (*HrefObject, bool)`
+
+GetSelfOk returns a tuple with the Self field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSelf
+
+`func (o *ResourceSetLinks) SetSelf(v HrefObject)`
+
+SetSelf sets Self field to given value.
+
+### HasSelf
+
+`func (o *ResourceSetLinks) HasSelf() bool`
+
+HasSelf returns a boolean if a field has been set.
+
+### GetResources
+
+`func (o *ResourceSetLinks) GetResources() HrefObject`
+
+GetResources returns the Resources field if non-nil, zero value otherwise.
+
+### GetResourcesOk
+
+`func (o *ResourceSetLinks) GetResourcesOk() (*HrefObject, bool)`
+
+GetResourcesOk returns a tuple with the Resources field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResources
+
+`func (o *ResourceSetLinks) SetResources(v HrefObject)`
+
+SetResources sets Resources field to given value.
+
+### HasResources
+
+`func (o *ResourceSetLinks) HasResources() bool`
+
+HasResources returns a boolean if a field has been set.
+
+### GetBindings
+
+`func (o *ResourceSetLinks) GetBindings() HrefObject`
+
+GetBindings returns the Bindings field if non-nil, zero value otherwise.
+
+### GetBindingsOk
+
+`func (o *ResourceSetLinks) GetBindingsOk() (*HrefObject, bool)`
+
+GetBindingsOk returns a tuple with the Bindings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBindings
+
+`func (o *ResourceSetLinks) SetBindings(v HrefObject)`
+
+SetBindings sets Bindings field to given value.
+
+### HasBindings
+
+`func (o *ResourceSetLinks) HasBindings() bool`
+
+HasBindings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetResource.md b/okta/docs/ResourceSetResource.md
new file mode 100644
index 000000000..73d8dbb8e
--- /dev/null
+++ b/okta/docs/ResourceSetResource.md
@@ -0,0 +1,160 @@
+# ResourceSetResource
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** | Timestamp when the role was created | [optional] [readonly] 
+**Description** | Pointer to **string** | Description of the resource set | [optional] 
+**Id** | Pointer to **string** | Unique key for the role | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the role was last updated | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewResourceSetResource
+
+`func NewResourceSetResource() *ResourceSetResource`
+
+NewResourceSetResource instantiates a new ResourceSetResource object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetResourceWithDefaults
+
+`func NewResourceSetResourceWithDefaults() *ResourceSetResource`
+
+NewResourceSetResourceWithDefaults instantiates a new ResourceSetResource object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *ResourceSetResource) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ResourceSetResource) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ResourceSetResource) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ResourceSetResource) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *ResourceSetResource) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *ResourceSetResource) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *ResourceSetResource) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *ResourceSetResource) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ResourceSetResource) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ResourceSetResource) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ResourceSetResource) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ResourceSetResource) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ResourceSetResource) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ResourceSetResource) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ResourceSetResource) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ResourceSetResource) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSetResource) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSetResource) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSetResource) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSetResource) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetResourcePatchRequest.md b/okta/docs/ResourceSetResourcePatchRequest.md
new file mode 100644
index 000000000..a319a80a1
--- /dev/null
+++ b/okta/docs/ResourceSetResourcePatchRequest.md
@@ -0,0 +1,56 @@
+# ResourceSetResourcePatchRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Additions** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewResourceSetResourcePatchRequest
+
+`func NewResourceSetResourcePatchRequest() *ResourceSetResourcePatchRequest`
+
+NewResourceSetResourcePatchRequest instantiates a new ResourceSetResourcePatchRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetResourcePatchRequestWithDefaults
+
+`func NewResourceSetResourcePatchRequestWithDefaults() *ResourceSetResourcePatchRequest`
+
+NewResourceSetResourcePatchRequestWithDefaults instantiates a new ResourceSetResourcePatchRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAdditions
+
+`func (o *ResourceSetResourcePatchRequest) GetAdditions() []string`
+
+GetAdditions returns the Additions field if non-nil, zero value otherwise.
+
+### GetAdditionsOk
+
+`func (o *ResourceSetResourcePatchRequest) GetAdditionsOk() (*[]string, bool)`
+
+GetAdditionsOk returns a tuple with the Additions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAdditions
+
+`func (o *ResourceSetResourcePatchRequest) SetAdditions(v []string)`
+
+SetAdditions sets Additions field to given value.
+
+### HasAdditions
+
+`func (o *ResourceSetResourcePatchRequest) HasAdditions() bool`
+
+HasAdditions returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetResources.md b/okta/docs/ResourceSetResources.md
new file mode 100644
index 000000000..69f21f886
--- /dev/null
+++ b/okta/docs/ResourceSetResources.md
@@ -0,0 +1,82 @@
+# ResourceSetResources
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Resources** | Pointer to [**[]ResourceSetResource**](ResourceSetResource.md) |  | [optional] 
+**Links** | Pointer to [**ResourceSetResourcesLinks**](ResourceSetResourcesLinks.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetResources
+
+`func NewResourceSetResources() *ResourceSetResources`
+
+NewResourceSetResources instantiates a new ResourceSetResources object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetResourcesWithDefaults
+
+`func NewResourceSetResourcesWithDefaults() *ResourceSetResources`
+
+NewResourceSetResourcesWithDefaults instantiates a new ResourceSetResources object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetResources
+
+`func (o *ResourceSetResources) GetResources() []ResourceSetResource`
+
+GetResources returns the Resources field if non-nil, zero value otherwise.
+
+### GetResourcesOk
+
+`func (o *ResourceSetResources) GetResourcesOk() (*[]ResourceSetResource, bool)`
+
+GetResourcesOk returns a tuple with the Resources field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResources
+
+`func (o *ResourceSetResources) SetResources(v []ResourceSetResource)`
+
+SetResources sets Resources field to given value.
+
+### HasResources
+
+`func (o *ResourceSetResources) HasResources() bool`
+
+HasResources returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSetResources) GetLinks() ResourceSetResourcesLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSetResources) GetLinksOk() (*ResourceSetResourcesLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSetResources) SetLinks(v ResourceSetResourcesLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSetResources) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSetResourcesLinks.md b/okta/docs/ResourceSetResourcesLinks.md
new file mode 100644
index 000000000..5ac4b655c
--- /dev/null
+++ b/okta/docs/ResourceSetResourcesLinks.md
@@ -0,0 +1,82 @@
+# ResourceSetResourcesLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Next** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**ResourceSet** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSetResourcesLinks
+
+`func NewResourceSetResourcesLinks() *ResourceSetResourcesLinks`
+
+NewResourceSetResourcesLinks instantiates a new ResourceSetResourcesLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetResourcesLinksWithDefaults
+
+`func NewResourceSetResourcesLinksWithDefaults() *ResourceSetResourcesLinks`
+
+NewResourceSetResourcesLinksWithDefaults instantiates a new ResourceSetResourcesLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetNext
+
+`func (o *ResourceSetResourcesLinks) GetNext() HrefObject`
+
+GetNext returns the Next field if non-nil, zero value otherwise.
+
+### GetNextOk
+
+`func (o *ResourceSetResourcesLinks) GetNextOk() (*HrefObject, bool)`
+
+GetNextOk returns a tuple with the Next field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNext
+
+`func (o *ResourceSetResourcesLinks) SetNext(v HrefObject)`
+
+SetNext sets Next field to given value.
+
+### HasNext
+
+`func (o *ResourceSetResourcesLinks) HasNext() bool`
+
+HasNext returns a boolean if a field has been set.
+
+### GetResourceSet
+
+`func (o *ResourceSetResourcesLinks) GetResourceSet() HrefObject`
+
+GetResourceSet returns the ResourceSet field if non-nil, zero value otherwise.
+
+### GetResourceSetOk
+
+`func (o *ResourceSetResourcesLinks) GetResourceSetOk() (*HrefObject, bool)`
+
+GetResourceSetOk returns a tuple with the ResourceSet field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResourceSet
+
+`func (o *ResourceSetResourcesLinks) SetResourceSet(v HrefObject)`
+
+SetResourceSet sets ResourceSet field to given value.
+
+### HasResourceSet
+
+`func (o *ResourceSetResourcesLinks) HasResourceSet() bool`
+
+HasResourceSet returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ResourceSets.md b/okta/docs/ResourceSets.md
new file mode 100644
index 000000000..1f2017ef4
--- /dev/null
+++ b/okta/docs/ResourceSets.md
@@ -0,0 +1,82 @@
+# ResourceSets
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ResourceSets** | Pointer to [**[]ResourceSet**](ResourceSet.md) |  | [optional] 
+**Links** | Pointer to [**IamRolesLinks**](IamRolesLinks.md) |  | [optional] 
+
+## Methods
+
+### NewResourceSets
+
+`func NewResourceSets() *ResourceSets`
+
+NewResourceSets instantiates a new ResourceSets object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewResourceSetsWithDefaults
+
+`func NewResourceSetsWithDefaults() *ResourceSets`
+
+NewResourceSetsWithDefaults instantiates a new ResourceSets object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetResourceSets
+
+`func (o *ResourceSets) GetResourceSets() []ResourceSet`
+
+GetResourceSets returns the ResourceSets field if non-nil, zero value otherwise.
+
+### GetResourceSetsOk
+
+`func (o *ResourceSets) GetResourceSetsOk() (*[]ResourceSet, bool)`
+
+GetResourceSetsOk returns a tuple with the ResourceSets field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResourceSets
+
+`func (o *ResourceSets) SetResourceSets(v []ResourceSet)`
+
+SetResourceSets sets ResourceSets field to given value.
+
+### HasResourceSets
+
+`func (o *ResourceSets) HasResourceSets() bool`
+
+HasResourceSets returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ResourceSets) GetLinks() IamRolesLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ResourceSets) GetLinksOk() (*IamRolesLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ResourceSets) SetLinks(v IamRolesLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ResourceSets) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RiskEvent.md b/okta/docs/RiskEvent.md
new file mode 100644
index 000000000..451f9e344
--- /dev/null
+++ b/okta/docs/RiskEvent.md
@@ -0,0 +1,103 @@
+# RiskEvent
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpiresAt** | Pointer to **time.Time** | Time stamp at which the event expires (Expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd&#39;T&#39;HH:mm:ss.SSS&#39;Z&#39;). If this optional field is not included, Okta automatically expires the event 24 hours after the event is consumed. | [optional] 
+**Subjects** | [**[]RiskEventSubject**](RiskEventSubject.md) |  | 
+**Timestamp** | Pointer to **time.Time** | Time stamp at which the event is produced (Expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd&#39;T&#39;HH:mm:ss.SSS&#39;Z&#39;). | [optional] 
+
+## Methods
+
+### NewRiskEvent
+
+`func NewRiskEvent(subjects []RiskEventSubject, ) *RiskEvent`
+
+NewRiskEvent instantiates a new RiskEvent object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRiskEventWithDefaults
+
+`func NewRiskEventWithDefaults() *RiskEvent`
+
+NewRiskEventWithDefaults instantiates a new RiskEvent object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiresAt
+
+`func (o *RiskEvent) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *RiskEvent) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *RiskEvent) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *RiskEvent) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetSubjects
+
+`func (o *RiskEvent) GetSubjects() []RiskEventSubject`
+
+GetSubjects returns the Subjects field if non-nil, zero value otherwise.
+
+### GetSubjectsOk
+
+`func (o *RiskEvent) GetSubjectsOk() (*[]RiskEventSubject, bool)`
+
+GetSubjectsOk returns a tuple with the Subjects field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubjects
+
+`func (o *RiskEvent) SetSubjects(v []RiskEventSubject)`
+
+SetSubjects sets Subjects field to given value.
+
+
+### GetTimestamp
+
+`func (o *RiskEvent) GetTimestamp() time.Time`
+
+GetTimestamp returns the Timestamp field if non-nil, zero value otherwise.
+
+### GetTimestampOk
+
+`func (o *RiskEvent) GetTimestampOk() (*time.Time, bool)`
+
+GetTimestampOk returns a tuple with the Timestamp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTimestamp
+
+`func (o *RiskEvent) SetTimestamp(v time.Time)`
+
+SetTimestamp sets Timestamp field to given value.
+
+### HasTimestamp
+
+`func (o *RiskEvent) HasTimestamp() bool`
+
+HasTimestamp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RiskEventApi.md b/okta/docs/RiskEventApi.md
new file mode 100644
index 000000000..c5ed2790e
--- /dev/null
+++ b/okta/docs/RiskEventApi.md
@@ -0,0 +1,73 @@
+# \RiskEventApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**SendRiskEvents**](RiskEventApi.md#SendRiskEvents) | **Post** /api/v1/risk/events/ip | Send multiple Risk Events
+
+
+
+## SendRiskEvents
+
+> SendRiskEvents(ctx).Instance(instance).Execute()
+
+Send multiple Risk Events
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    instance := []openapiclient.RiskEvent{*openapiclient.NewRiskEvent([]openapiclient.RiskEventSubject{*openapiclient.NewRiskEventSubject("Ip_example")})} // []RiskEvent | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RiskEventApi.SendRiskEvents(context.Background()).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RiskEventApi.SendRiskEvents``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiSendRiskEventsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **instance** | [**[]RiskEvent**](RiskEvent.md) |  | 
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/RiskEventSubject.md b/okta/docs/RiskEventSubject.md
new file mode 100644
index 000000000..eae601a83
--- /dev/null
+++ b/okta/docs/RiskEventSubject.md
@@ -0,0 +1,103 @@
+# RiskEventSubject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Ip** | **string** | Either an IpV4 or IpV6 address. | 
+**Message** | Pointer to **string** | Any additional message that the provider can send specifying the reason for the risk level of the IP. | [optional] 
+**RiskLevel** | Pointer to [**RiskEventSubjectRiskLevel**](RiskEventSubjectRiskLevel.md) |  | [optional] 
+
+## Methods
+
+### NewRiskEventSubject
+
+`func NewRiskEventSubject(ip string, ) *RiskEventSubject`
+
+NewRiskEventSubject instantiates a new RiskEventSubject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRiskEventSubjectWithDefaults
+
+`func NewRiskEventSubjectWithDefaults() *RiskEventSubject`
+
+NewRiskEventSubjectWithDefaults instantiates a new RiskEventSubject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIp
+
+`func (o *RiskEventSubject) GetIp() string`
+
+GetIp returns the Ip field if non-nil, zero value otherwise.
+
+### GetIpOk
+
+`func (o *RiskEventSubject) GetIpOk() (*string, bool)`
+
+GetIpOk returns a tuple with the Ip field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIp
+
+`func (o *RiskEventSubject) SetIp(v string)`
+
+SetIp sets Ip field to given value.
+
+
+### GetMessage
+
+`func (o *RiskEventSubject) GetMessage() string`
+
+GetMessage returns the Message field if non-nil, zero value otherwise.
+
+### GetMessageOk
+
+`func (o *RiskEventSubject) GetMessageOk() (*string, bool)`
+
+GetMessageOk returns a tuple with the Message field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMessage
+
+`func (o *RiskEventSubject) SetMessage(v string)`
+
+SetMessage sets Message field to given value.
+
+### HasMessage
+
+`func (o *RiskEventSubject) HasMessage() bool`
+
+HasMessage returns a boolean if a field has been set.
+
+### GetRiskLevel
+
+`func (o *RiskEventSubject) GetRiskLevel() RiskEventSubjectRiskLevel`
+
+GetRiskLevel returns the RiskLevel field if non-nil, zero value otherwise.
+
+### GetRiskLevelOk
+
+`func (o *RiskEventSubject) GetRiskLevelOk() (*RiskEventSubjectRiskLevel, bool)`
+
+GetRiskLevelOk returns a tuple with the RiskLevel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRiskLevel
+
+`func (o *RiskEventSubject) SetRiskLevel(v RiskEventSubjectRiskLevel)`
+
+SetRiskLevel sets RiskLevel field to given value.
+
+### HasRiskLevel
+
+`func (o *RiskEventSubject) HasRiskLevel() bool`
+
+HasRiskLevel returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RiskEventSubjectRiskLevel.md b/okta/docs/RiskEventSubjectRiskLevel.md
new file mode 100644
index 000000000..d8d5a16bb
--- /dev/null
+++ b/okta/docs/RiskEventSubjectRiskLevel.md
@@ -0,0 +1,15 @@
+# RiskEventSubjectRiskLevel
+
+## Enum
+
+
+* `HIGH` (value: `"HIGH"`)
+
+* `LOW` (value: `"LOW"`)
+
+* `MEDIUM` (value: `"MEDIUM"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RiskPolicyRuleCondition.md b/okta/docs/RiskPolicyRuleCondition.md
new file mode 100644
index 000000000..cbaa28875
--- /dev/null
+++ b/okta/docs/RiskPolicyRuleCondition.md
@@ -0,0 +1,56 @@
+# RiskPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Behaviors** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewRiskPolicyRuleCondition
+
+`func NewRiskPolicyRuleCondition() *RiskPolicyRuleCondition`
+
+NewRiskPolicyRuleCondition instantiates a new RiskPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRiskPolicyRuleConditionWithDefaults
+
+`func NewRiskPolicyRuleConditionWithDefaults() *RiskPolicyRuleCondition`
+
+NewRiskPolicyRuleConditionWithDefaults instantiates a new RiskPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBehaviors
+
+`func (o *RiskPolicyRuleCondition) GetBehaviors() []string`
+
+GetBehaviors returns the Behaviors field if non-nil, zero value otherwise.
+
+### GetBehaviorsOk
+
+`func (o *RiskPolicyRuleCondition) GetBehaviorsOk() (*[]string, bool)`
+
+GetBehaviorsOk returns a tuple with the Behaviors field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBehaviors
+
+`func (o *RiskPolicyRuleCondition) SetBehaviors(v []string)`
+
+SetBehaviors sets Behaviors field to given value.
+
+### HasBehaviors
+
+`func (o *RiskPolicyRuleCondition) HasBehaviors() bool`
+
+HasBehaviors returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RiskProvider.md b/okta/docs/RiskProvider.md
new file mode 100644
index 000000000..59c8e07bf
--- /dev/null
+++ b/okta/docs/RiskProvider.md
@@ -0,0 +1,202 @@
+# RiskProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to [**RiskProviderAction**](RiskProviderAction.md) |  | [optional] [default to RISKPROVIDERACTION_LOG_ONLY]
+**ClientId** | **string** | The ID of the [OAuth service app](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/#create-a-service-app-and-grant-scopes) that is used to send risk events to Okta | 
+**Created** | Pointer to **time.Time** | Timestamp when the risk provider was created | [optional] [readonly] 
+**Id** | Pointer to **string** | The ID of the risk provider | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** | Timestamp when the risk provider was last updated | [optional] [readonly] 
+**Name** | **string** | Name of the risk provider | 
+**Links** | Pointer to [**ApiTokenLink**](ApiTokenLink.md) |  | [optional] 
+
+## Methods
+
+### NewRiskProvider
+
+`func NewRiskProvider(clientId string, name string, ) *RiskProvider`
+
+NewRiskProvider instantiates a new RiskProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRiskProviderWithDefaults
+
+`func NewRiskProviderWithDefaults() *RiskProvider`
+
+NewRiskProviderWithDefaults instantiates a new RiskProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *RiskProvider) GetAction() RiskProviderAction`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *RiskProvider) GetActionOk() (*RiskProviderAction, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *RiskProvider) SetAction(v RiskProviderAction)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *RiskProvider) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+### GetClientId
+
+`func (o *RiskProvider) GetClientId() string`
+
+GetClientId returns the ClientId field if non-nil, zero value otherwise.
+
+### GetClientIdOk
+
+`func (o *RiskProvider) GetClientIdOk() (*string, bool)`
+
+GetClientIdOk returns a tuple with the ClientId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientId
+
+`func (o *RiskProvider) SetClientId(v string)`
+
+SetClientId sets ClientId field to given value.
+
+
+### GetCreated
+
+`func (o *RiskProvider) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *RiskProvider) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *RiskProvider) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *RiskProvider) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *RiskProvider) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *RiskProvider) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *RiskProvider) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *RiskProvider) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *RiskProvider) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *RiskProvider) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *RiskProvider) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *RiskProvider) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *RiskProvider) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *RiskProvider) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *RiskProvider) SetName(v string)`
+
+SetName sets Name field to given value.
+
+
+### GetLinks
+
+`func (o *RiskProvider) GetLinks() ApiTokenLink`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *RiskProvider) GetLinksOk() (*ApiTokenLink, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *RiskProvider) SetLinks(v ApiTokenLink)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *RiskProvider) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RiskProviderAction.md b/okta/docs/RiskProviderAction.md
new file mode 100644
index 000000000..1bec783e2
--- /dev/null
+++ b/okta/docs/RiskProviderAction.md
@@ -0,0 +1,15 @@
+# RiskProviderAction
+
+## Enum
+
+
+* `ENFORCE_AND_LOG` (value: `"enforce_and_log"`)
+
+* `LOG_ONLY` (value: `"log_only"`)
+
+* `NONE` (value: `"none"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RiskProviderApi.md b/okta/docs/RiskProviderApi.md
new file mode 100644
index 000000000..cb43dba17
--- /dev/null
+++ b/okta/docs/RiskProviderApi.md
@@ -0,0 +1,350 @@
+# \RiskProviderApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateRiskProvider**](RiskProviderApi.md#CreateRiskProvider) | **Post** /api/v1/risk/providers | Create a Risk Provider
+[**DeleteRiskProvider**](RiskProviderApi.md#DeleteRiskProvider) | **Delete** /api/v1/risk/providers/{riskProviderId} | Delete a Risk Provider
+[**GetRiskProvider**](RiskProviderApi.md#GetRiskProvider) | **Get** /api/v1/risk/providers/{riskProviderId} | Retrieve a Risk Provider
+[**ListRiskProviders**](RiskProviderApi.md#ListRiskProviders) | **Get** /api/v1/risk/providers | List all Risk Providers
+[**ReplaceRiskProvider**](RiskProviderApi.md#ReplaceRiskProvider) | **Put** /api/v1/risk/providers/{riskProviderId} | Replace a Risk Provider
+
+
+
+## CreateRiskProvider
+
+> RiskProvider CreateRiskProvider(ctx).Instance(instance).Execute()
+
+Create a Risk Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    instance := *openapiclient.NewRiskProvider("ClientId_example", "Name_example") // RiskProvider | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RiskProviderApi.CreateRiskProvider(context.Background()).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RiskProviderApi.CreateRiskProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateRiskProvider`: RiskProvider
+    fmt.Fprintf(os.Stdout, "Response from `RiskProviderApi.CreateRiskProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateRiskProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **instance** | [**RiskProvider**](RiskProvider.md) |  | 
+
+### Return type
+
+[**RiskProvider**](RiskProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteRiskProvider
+
+> DeleteRiskProvider(ctx, riskProviderId).Execute()
+
+Delete a Risk Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    riskProviderId := "00rp12r4skkjkjgsn" // string | `id` of the risk provider
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RiskProviderApi.DeleteRiskProvider(context.Background(), riskProviderId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RiskProviderApi.DeleteRiskProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**riskProviderId** | **string** | &#x60;id&#x60; of the risk provider | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteRiskProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetRiskProvider
+
+> RiskProvider GetRiskProvider(ctx, riskProviderId).Execute()
+
+Retrieve a Risk Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    riskProviderId := "00rp12r4skkjkjgsn" // string | `id` of the risk provider
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RiskProviderApi.GetRiskProvider(context.Background(), riskProviderId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RiskProviderApi.GetRiskProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetRiskProvider`: RiskProvider
+    fmt.Fprintf(os.Stdout, "Response from `RiskProviderApi.GetRiskProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**riskProviderId** | **string** | &#x60;id&#x60; of the risk provider | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetRiskProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**RiskProvider**](RiskProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListRiskProviders
+
+> []RiskProvider ListRiskProviders(ctx).Execute()
+
+List all Risk Providers
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RiskProviderApi.ListRiskProviders(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RiskProviderApi.ListRiskProviders``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListRiskProviders`: []RiskProvider
+    fmt.Fprintf(os.Stdout, "Response from `RiskProviderApi.ListRiskProviders`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListRiskProvidersRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]RiskProvider**](RiskProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceRiskProvider
+
+> RiskProvider ReplaceRiskProvider(ctx, riskProviderId).Instance(instance).Execute()
+
+Replace a Risk Provider
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    riskProviderId := "00rp12r4skkjkjgsn" // string | `id` of the risk provider
+    instance := *openapiclient.NewRiskProvider("ClientId_example", "Name_example") // RiskProvider | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RiskProviderApi.ReplaceRiskProvider(context.Background(), riskProviderId).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RiskProviderApi.ReplaceRiskProvider``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceRiskProvider`: RiskProvider
+    fmt.Fprintf(os.Stdout, "Response from `RiskProviderApi.ReplaceRiskProvider`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**riskProviderId** | **string** | &#x60;id&#x60; of the risk provider | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceRiskProviderRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**RiskProvider**](RiskProvider.md) |  | 
+
+### Return type
+
+[**RiskProvider**](RiskProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/RiskScorePolicyRuleCondition.md b/okta/docs/RiskScorePolicyRuleCondition.md
new file mode 100644
index 000000000..3c55df0ef
--- /dev/null
+++ b/okta/docs/RiskScorePolicyRuleCondition.md
@@ -0,0 +1,56 @@
+# RiskScorePolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Level** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewRiskScorePolicyRuleCondition
+
+`func NewRiskScorePolicyRuleCondition() *RiskScorePolicyRuleCondition`
+
+NewRiskScorePolicyRuleCondition instantiates a new RiskScorePolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRiskScorePolicyRuleConditionWithDefaults
+
+`func NewRiskScorePolicyRuleConditionWithDefaults() *RiskScorePolicyRuleCondition`
+
+NewRiskScorePolicyRuleConditionWithDefaults instantiates a new RiskScorePolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetLevel
+
+`func (o *RiskScorePolicyRuleCondition) GetLevel() string`
+
+GetLevel returns the Level field if non-nil, zero value otherwise.
+
+### GetLevelOk
+
+`func (o *RiskScorePolicyRuleCondition) GetLevelOk() (*string, bool)`
+
+GetLevelOk returns a tuple with the Level field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLevel
+
+`func (o *RiskScorePolicyRuleCondition) SetLevel(v string)`
+
+SetLevel sets Level field to given value.
+
+### HasLevel
+
+`func (o *RiskScorePolicyRuleCondition) HasLevel() bool`
+
+HasLevel returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Role.md b/okta/docs/Role.md
new file mode 100644
index 000000000..b6034c4ad
--- /dev/null
+++ b/okta/docs/Role.md
@@ -0,0 +1,290 @@
+# Role
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AssignmentType** | Pointer to [**RoleAssignmentType**](RoleAssignmentType.md) |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Description** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Label** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Status** | Pointer to [**LifecycleStatus**](LifecycleStatus.md) |  | [optional] 
+**Type** | Pointer to [**RoleType**](RoleType.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewRole
+
+`func NewRole() *Role`
+
+NewRole instantiates a new Role object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewRoleWithDefaults
+
+`func NewRoleWithDefaults() *Role`
+
+NewRoleWithDefaults instantiates a new Role object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAssignmentType
+
+`func (o *Role) GetAssignmentType() RoleAssignmentType`
+
+GetAssignmentType returns the AssignmentType field if non-nil, zero value otherwise.
+
+### GetAssignmentTypeOk
+
+`func (o *Role) GetAssignmentTypeOk() (*RoleAssignmentType, bool)`
+
+GetAssignmentTypeOk returns a tuple with the AssignmentType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAssignmentType
+
+`func (o *Role) SetAssignmentType(v RoleAssignmentType)`
+
+SetAssignmentType sets AssignmentType field to given value.
+
+### HasAssignmentType
+
+`func (o *Role) HasAssignmentType() bool`
+
+HasAssignmentType returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *Role) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *Role) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *Role) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *Role) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *Role) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *Role) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *Role) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *Role) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Role) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Role) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Role) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Role) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLabel
+
+`func (o *Role) GetLabel() string`
+
+GetLabel returns the Label field if non-nil, zero value otherwise.
+
+### GetLabelOk
+
+`func (o *Role) GetLabelOk() (*string, bool)`
+
+GetLabelOk returns a tuple with the Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLabel
+
+`func (o *Role) SetLabel(v string)`
+
+SetLabel sets Label field to given value.
+
+### HasLabel
+
+`func (o *Role) HasLabel() bool`
+
+HasLabel returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *Role) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *Role) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *Role) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *Role) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Role) GetStatus() LifecycleStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Role) GetStatusOk() (*LifecycleStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Role) SetStatus(v LifecycleStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Role) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *Role) GetType() RoleType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *Role) GetTypeOk() (*RoleType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *Role) SetType(v RoleType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *Role) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *Role) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *Role) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *Role) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *Role) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Role) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Role) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Role) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Role) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RoleApi.md b/okta/docs/RoleApi.md
new file mode 100644
index 000000000..e32c86722
--- /dev/null
+++ b/okta/docs/RoleApi.md
@@ -0,0 +1,644 @@
+# \RoleApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateRole**](RoleApi.md#CreateRole) | **Post** /api/v1/iam/roles | Create a Role
+[**CreateRolePermission**](RoleApi.md#CreateRolePermission) | **Post** /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType} | Create a Permission
+[**DeleteRole**](RoleApi.md#DeleteRole) | **Delete** /api/v1/iam/roles/{roleIdOrLabel} | Delete a Role
+[**DeleteRolePermission**](RoleApi.md#DeleteRolePermission) | **Delete** /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType} | Delete a Permission
+[**GetRole**](RoleApi.md#GetRole) | **Get** /api/v1/iam/roles/{roleIdOrLabel} | Retrieve a Role
+[**GetRolePermission**](RoleApi.md#GetRolePermission) | **Get** /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType} | Retrieve a Permission
+[**ListRolePermissions**](RoleApi.md#ListRolePermissions) | **Get** /api/v1/iam/roles/{roleIdOrLabel}/permissions | List all Permissions
+[**ListRoles**](RoleApi.md#ListRoles) | **Get** /api/v1/iam/roles | List all Roles
+[**ReplaceRole**](RoleApi.md#ReplaceRole) | **Put** /api/v1/iam/roles/{roleIdOrLabel} | Replace a Role
+
+
+
+## CreateRole
+
+> IamRole CreateRole(ctx).Instance(instance).Execute()
+
+Create a Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    instance := *openapiclient.NewIamRole("Description_example", "Label_example", []openapiclient.RolePermissionType{openapiclient.RolePermissionType("okta.apps.assignment.manage")}) // IamRole | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.CreateRole(context.Background()).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.CreateRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateRole`: IamRole
+    fmt.Fprintf(os.Stdout, "Response from `RoleApi.CreateRole`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **instance** | [**IamRole**](IamRole.md) |  | 
+
+### Return type
+
+[**IamRole**](IamRole.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateRolePermission
+
+> CreateRolePermission(ctx, roleIdOrLabel, permissionType).Execute()
+
+Create a Permission
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    permissionType := "okta.users.manage" // string | An okta permission type
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.CreateRolePermission(context.Background(), roleIdOrLabel, permissionType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.CreateRolePermission``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+**permissionType** | **string** | An okta permission type | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateRolePermissionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteRole
+
+> DeleteRole(ctx, roleIdOrLabel).Execute()
+
+Delete a Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.DeleteRole(context.Background(), roleIdOrLabel).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.DeleteRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteRolePermission
+
+> DeleteRolePermission(ctx, roleIdOrLabel, permissionType).Execute()
+
+Delete a Permission
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    permissionType := "okta.users.manage" // string | An okta permission type
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.DeleteRolePermission(context.Background(), roleIdOrLabel, permissionType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.DeleteRolePermission``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+**permissionType** | **string** | An okta permission type | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteRolePermissionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetRole
+
+> IamRole GetRole(ctx, roleIdOrLabel).Execute()
+
+Retrieve a Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.GetRole(context.Background(), roleIdOrLabel).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.GetRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetRole`: IamRole
+    fmt.Fprintf(os.Stdout, "Response from `RoleApi.GetRole`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**IamRole**](IamRole.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetRolePermission
+
+> Permission GetRolePermission(ctx, roleIdOrLabel, permissionType).Execute()
+
+Retrieve a Permission
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    permissionType := "okta.users.manage" // string | An okta permission type
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.GetRolePermission(context.Background(), roleIdOrLabel, permissionType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.GetRolePermission``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetRolePermission`: Permission
+    fmt.Fprintf(os.Stdout, "Response from `RoleApi.GetRolePermission`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+**permissionType** | **string** | An okta permission type | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetRolePermissionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**Permission**](Permission.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListRolePermissions
+
+> Permissions ListRolePermissions(ctx, roleIdOrLabel).Execute()
+
+List all Permissions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.ListRolePermissions(context.Background(), roleIdOrLabel).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.ListRolePermissions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListRolePermissions`: Permissions
+    fmt.Fprintf(os.Stdout, "Response from `RoleApi.ListRolePermissions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListRolePermissionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Permissions**](Permissions.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListRoles
+
+> IamRoles ListRoles(ctx).After(after).Execute()
+
+List all Roles
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.ListRoles(context.Background()).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.ListRoles``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListRoles`: IamRoles
+    fmt.Fprintf(os.Stdout, "Response from `RoleApi.ListRoles`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListRolesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+
+### Return type
+
+[**IamRoles**](IamRoles.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceRole
+
+> IamRole ReplaceRole(ctx, roleIdOrLabel).Instance(instance).Execute()
+
+Replace a Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleIdOrLabel := "cr0Yq6IJxGIr0ouum0g3" // string | `id` or `label` of the role
+    instance := *openapiclient.NewIamRole("Description_example", "Label_example", []openapiclient.RolePermissionType{openapiclient.RolePermissionType("okta.apps.assignment.manage")}) // IamRole | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleApi.ReplaceRole(context.Background(), roleIdOrLabel).Instance(instance).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleApi.ReplaceRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceRole`: IamRole
+    fmt.Fprintf(os.Stdout, "Response from `RoleApi.ReplaceRole`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleIdOrLabel** | **string** | &#x60;id&#x60; or &#x60;label&#x60; of the role | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **instance** | [**IamRole**](IamRole.md) |  | 
+
+### Return type
+
+[**IamRole**](IamRole.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/RoleAssignmentApi.md b/okta/docs/RoleAssignmentApi.md
new file mode 100644
index 000000000..7dde44a7b
--- /dev/null
+++ b/okta/docs/RoleAssignmentApi.md
@@ -0,0 +1,596 @@
+# \RoleAssignmentApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**AssignRoleToGroup**](RoleAssignmentApi.md#AssignRoleToGroup) | **Post** /api/v1/groups/{groupId}/roles | Assign a Role to a Group
+[**AssignRoleToUser**](RoleAssignmentApi.md#AssignRoleToUser) | **Post** /api/v1/users/{userId}/roles | Assign a Role to a User
+[**GetGroupAssignedRole**](RoleAssignmentApi.md#GetGroupAssignedRole) | **Get** /api/v1/groups/{groupId}/roles/{roleId} | Retrieve a Role assigned to Group
+[**GetUserAssignedRole**](RoleAssignmentApi.md#GetUserAssignedRole) | **Get** /api/v1/users/{userId}/roles/{roleId} | Retrieve a Role assigned to a User
+[**ListAssignedRolesForUser**](RoleAssignmentApi.md#ListAssignedRolesForUser) | **Get** /api/v1/users/{userId}/roles | List all Roles assigned to a User
+[**ListGroupAssignedRoles**](RoleAssignmentApi.md#ListGroupAssignedRoles) | **Get** /api/v1/groups/{groupId}/roles | List all Assigned Roles of Group
+[**UnassignRoleFromGroup**](RoleAssignmentApi.md#UnassignRoleFromGroup) | **Delete** /api/v1/groups/{groupId}/roles/{roleId} | Unassign a Role from a Group
+[**UnassignRoleFromUser**](RoleAssignmentApi.md#UnassignRoleFromUser) | **Delete** /api/v1/users/{userId}/roles/{roleId} | Unassign a Role from a User
+
+
+
+## AssignRoleToGroup
+
+> Role AssignRoleToGroup(ctx, groupId).AssignRoleRequest(assignRoleRequest).DisableNotifications(disableNotifications).Execute()
+
+Assign a Role to a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    assignRoleRequest := *openapiclient.NewAssignRoleRequest() // AssignRoleRequest | 
+    disableNotifications := true // bool | Setting this to `true` grants the group third-party admin status (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.AssignRoleToGroup(context.Background(), groupId).AssignRoleRequest(assignRoleRequest).DisableNotifications(disableNotifications).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.AssignRoleToGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AssignRoleToGroup`: Role
+    fmt.Fprintf(os.Stdout, "Response from `RoleAssignmentApi.AssignRoleToGroup`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignRoleToGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **assignRoleRequest** | [**AssignRoleRequest**](AssignRoleRequest.md) |  | 
+ **disableNotifications** | **bool** | Setting this to &#x60;true&#x60; grants the group third-party admin status | 
+
+### Return type
+
+[**Role**](Role.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignRoleToUser
+
+> Role AssignRoleToUser(ctx, userId).AssignRoleRequest(assignRoleRequest).DisableNotifications(disableNotifications).Execute()
+
+Assign a Role to a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    assignRoleRequest := *openapiclient.NewAssignRoleRequest() // AssignRoleRequest | 
+    disableNotifications := true // bool | Setting this to `true` grants the user third-party admin status (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.AssignRoleToUser(context.Background(), userId).AssignRoleRequest(assignRoleRequest).DisableNotifications(disableNotifications).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.AssignRoleToUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `AssignRoleToUser`: Role
+    fmt.Fprintf(os.Stdout, "Response from `RoleAssignmentApi.AssignRoleToUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignRoleToUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **assignRoleRequest** | [**AssignRoleRequest**](AssignRoleRequest.md) |  | 
+ **disableNotifications** | **bool** | Setting this to &#x60;true&#x60; grants the user third-party admin status | 
+
+### Return type
+
+[**Role**](Role.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetGroupAssignedRole
+
+> Role GetGroupAssignedRole(ctx, groupId, roleId).Execute()
+
+Retrieve a Role assigned to Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.GetGroupAssignedRole(context.Background(), groupId, roleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.GetGroupAssignedRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetGroupAssignedRole`: Role
+    fmt.Fprintf(os.Stdout, "Response from `RoleAssignmentApi.GetGroupAssignedRole`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetGroupAssignedRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**Role**](Role.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetUserAssignedRole
+
+> Role GetUserAssignedRole(ctx, userId, roleId).Execute()
+
+Retrieve a Role assigned to a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.GetUserAssignedRole(context.Background(), userId, roleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.GetUserAssignedRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetUserAssignedRole`: Role
+    fmt.Fprintf(os.Stdout, "Response from `RoleAssignmentApi.GetUserAssignedRole`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetUserAssignedRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**Role**](Role.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAssignedRolesForUser
+
+> []Role ListAssignedRolesForUser(ctx, userId).Expand(expand).Execute()
+
+List all Roles assigned to a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.ListAssignedRolesForUser(context.Background(), userId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.ListAssignedRolesForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAssignedRolesForUser`: []Role
+    fmt.Fprintf(os.Stdout, "Response from `RoleAssignmentApi.ListAssignedRolesForUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAssignedRolesForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**[]Role**](Role.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGroupAssignedRoles
+
+> []Role ListGroupAssignedRoles(ctx, groupId).Expand(expand).Execute()
+
+List all Assigned Roles of Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.ListGroupAssignedRoles(context.Background(), groupId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.ListGroupAssignedRoles``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGroupAssignedRoles`: []Role
+    fmt.Fprintf(os.Stdout, "Response from `RoleAssignmentApi.ListGroupAssignedRoles`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGroupAssignedRolesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**[]Role**](Role.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignRoleFromGroup
+
+> UnassignRoleFromGroup(ctx, groupId, roleId).Execute()
+
+Unassign a Role from a Group
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.UnassignRoleFromGroup(context.Background(), groupId, roleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.UnassignRoleFromGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignRoleFromGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignRoleFromUser
+
+> UnassignRoleFromUser(ctx, userId, roleId).Execute()
+
+Unassign a Role from a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleAssignmentApi.UnassignRoleFromUser(context.Background(), userId, roleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleAssignmentApi.UnassignRoleFromUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignRoleFromUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/RoleAssignmentType.md b/okta/docs/RoleAssignmentType.md
new file mode 100644
index 000000000..d2bf64c2d
--- /dev/null
+++ b/okta/docs/RoleAssignmentType.md
@@ -0,0 +1,13 @@
+# RoleAssignmentType
+
+## Enum
+
+
+* `GROUP` (value: `"GROUP"`)
+
+* `USER` (value: `"USER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RolePermissionType.md b/okta/docs/RolePermissionType.md
new file mode 100644
index 000000000..d3c7d6410
--- /dev/null
+++ b/okta/docs/RolePermissionType.md
@@ -0,0 +1,77 @@
+# RolePermissionType
+
+## Enum
+
+
+* `APPS_ASSIGNMENT_MANAGE` (value: `"okta.apps.assignment.manage"`)
+
+* `APPS_MANAGE` (value: `"okta.apps.manage"`)
+
+* `APPS_MANAGE_FIRST_PARTY_APPS` (value: `"okta.apps.manageFirstPartyApps"`)
+
+* `APPS_READ` (value: `"okta.apps.read"`)
+
+* `AUTHZ_SERVERS_MANAGE` (value: `"okta.authzServers.manage"`)
+
+* `AUTHZ_SERVERS_READ` (value: `"okta.authzServers.read"`)
+
+* `CUSTOMIZATIONS_MANAGE` (value: `"okta.customizations.manage"`)
+
+* `CUSTOMIZATIONS_READ` (value: `"okta.customizations.read"`)
+
+* `GOVERNANCE_ACCESS_CERTIFICATIONS_MANAGE` (value: `"okta.governance.accessCertifications.manage"`)
+
+* `GOVERNANCE_ACCESS_REQUESTS_MANAGE` (value: `"okta.governance.accessRequests.manage"`)
+
+* `GROUPS_APP_ASSIGNMENT_MANAGE` (value: `"okta.groups.appAssignment.manage"`)
+
+* `GROUPS_CREATE` (value: `"okta.groups.create"`)
+
+* `GROUPS_MANAGE` (value: `"okta.groups.manage"`)
+
+* `GROUPS_MEMBERS_MANAGE` (value: `"okta.groups.members.manage"`)
+
+* `GROUPS_READ` (value: `"okta.groups.read"`)
+
+* `PROFILESOURCES_IMPORT_RUN` (value: `"okta.profilesources.import.run"`)
+
+* `USERS_APP_ASSIGNMENT_MANAGE` (value: `"okta.users.appAssignment.manage"`)
+
+* `USERS_CREATE` (value: `"okta.users.create"`)
+
+* `USERS_CREDENTIALS_EXPIRE_PASSWORD` (value: `"okta.users.credentials.expirePassword"`)
+
+* `USERS_CREDENTIALS_MANAGE` (value: `"okta.users.credentials.manage"`)
+
+* `USERS_CREDENTIALS_RESET_FACTORS` (value: `"okta.users.credentials.resetFactors"`)
+
+* `USERS_CREDENTIALS_RESET_PASSWORD` (value: `"okta.users.credentials.resetPassword"`)
+
+* `USERS_GROUP_MEMBERSHIP_MANAGE` (value: `"okta.users.groupMembership.manage"`)
+
+* `USERS_LIFECYCLE_ACTIVATE` (value: `"okta.users.lifecycle.activate"`)
+
+* `USERS_LIFECYCLE_CLEAR_SESSIONS` (value: `"okta.users.lifecycle.clearSessions"`)
+
+* `USERS_LIFECYCLE_DEACTIVATE` (value: `"okta.users.lifecycle.deactivate"`)
+
+* `USERS_LIFECYCLE_DELETE` (value: `"okta.users.lifecycle.delete"`)
+
+* `USERS_LIFECYCLE_MANAGE` (value: `"okta.users.lifecycle.manage"`)
+
+* `USERS_LIFECYCLE_SUSPEND` (value: `"okta.users.lifecycle.suspend"`)
+
+* `USERS_LIFECYCLE_UNLOCK` (value: `"okta.users.lifecycle.unlock"`)
+
+* `USERS_LIFECYCLE_UNSUSPEND` (value: `"okta.users.lifecycle.unsuspend"`)
+
+* `USERS_MANAGE` (value: `"okta.users.manage"`)
+
+* `USERS_READ` (value: `"okta.users.read"`)
+
+* `USERS_USERPROFILE_MANAGE` (value: `"okta.users.userprofile.manage"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/RoleTargetApi.md b/okta/docs/RoleTargetApi.md
new file mode 100644
index 000000000..ddd78acf1
--- /dev/null
+++ b/okta/docs/RoleTargetApi.md
@@ -0,0 +1,1304 @@
+# \RoleTargetApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**AssignAllAppsAsTargetToRoleForUser**](RoleTargetApi.md#AssignAllAppsAsTargetToRoleForUser) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps | Assign all Apps as Target to Role
+[**AssignAppInstanceTargetToAppAdminRoleForGroup**](RoleTargetApi.md#AssignAppInstanceTargetToAppAdminRoleForGroup) | **Put** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Assign an Application Instance Target to Application Administrator Role
+[**AssignAppInstanceTargetToAppAdminRoleForUser**](RoleTargetApi.md#AssignAppInstanceTargetToAppAdminRoleForUser) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Assign an Application Instance Target to an Application Administrator Role
+[**AssignAppTargetToAdminRoleForGroup**](RoleTargetApi.md#AssignAppTargetToAdminRoleForGroup) | **Put** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName} | Assign an Application Target to Administrator Role
+[**AssignAppTargetToAdminRoleForUser**](RoleTargetApi.md#AssignAppTargetToAdminRoleForUser) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName} | Assign an Application Target to Administrator Role
+[**AssignGroupTargetToGroupAdminRole**](RoleTargetApi.md#AssignGroupTargetToGroupAdminRole) | **Put** /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId} | Assign a Group Target to a Group Role
+[**AssignGroupTargetToUserRole**](RoleTargetApi.md#AssignGroupTargetToUserRole) | **Put** /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId} | Assign a Group Target to Role
+[**ListApplicationTargetsForApplicationAdministratorRoleForGroup**](RoleTargetApi.md#ListApplicationTargetsForApplicationAdministratorRoleForGroup) | **Get** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps | List all Application Targets for an Application Administrator Role
+[**ListApplicationTargetsForApplicationAdministratorRoleForUser**](RoleTargetApi.md#ListApplicationTargetsForApplicationAdministratorRoleForUser) | **Get** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps | List all Application Targets for Application Administrator Role
+[**ListGroupTargetsForGroupRole**](RoleTargetApi.md#ListGroupTargetsForGroupRole) | **Get** /api/v1/groups/{groupId}/roles/{roleId}/targets/groups | List all Group Targets for a Group Role
+[**ListGroupTargetsForRole**](RoleTargetApi.md#ListGroupTargetsForRole) | **Get** /api/v1/users/{userId}/roles/{roleId}/targets/groups | List all Group Targets for Role
+[**UnassignAppInstanceTargetFromAdminRoleForUser**](RoleTargetApi.md#UnassignAppInstanceTargetFromAdminRoleForUser) | **Delete** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Unassign an Application Instance Target from an Application Administrator Role
+[**UnassignAppInstanceTargetToAppAdminRoleForGroup**](RoleTargetApi.md#UnassignAppInstanceTargetToAppAdminRoleForGroup) | **Delete** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId} | Unassign an Application Instance Target from an Application Administrator Role
+[**UnassignAppTargetFromAppAdminRoleForUser**](RoleTargetApi.md#UnassignAppTargetFromAppAdminRoleForUser) | **Delete** /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName} | Unassign an Application Target from an Application Administrator Role
+[**UnassignAppTargetToAdminRoleForGroup**](RoleTargetApi.md#UnassignAppTargetToAdminRoleForGroup) | **Delete** /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName} | Unassign an Application Target from Application Administrator Role
+[**UnassignGroupTargetFromGroupAdminRole**](RoleTargetApi.md#UnassignGroupTargetFromGroupAdminRole) | **Delete** /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId} | Unassign a Group Target from a Group Role
+[**UnassignGroupTargetFromUserAdminRole**](RoleTargetApi.md#UnassignGroupTargetFromUserAdminRole) | **Delete** /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId} | Unassign a Group Target from Role
+
+
+
+## AssignAllAppsAsTargetToRoleForUser
+
+> AssignAllAppsAsTargetToRoleForUser(ctx, userId, roleId).Execute()
+
+Assign all Apps as Target to Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.AssignAllAppsAsTargetToRoleForUser(context.Background(), userId, roleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.AssignAllAppsAsTargetToRoleForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignAllAppsAsTargetToRoleForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignAppInstanceTargetToAppAdminRoleForGroup
+
+> AssignAppInstanceTargetToAppAdminRoleForGroup(ctx, groupId, roleId, appName, applicationId).Execute()
+
+Assign an Application Instance Target to Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+    applicationId := "applicationId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.AssignAppInstanceTargetToAppAdminRoleForGroup(context.Background(), groupId, roleId, appName, applicationId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.AssignAppInstanceTargetToAppAdminRoleForGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+**applicationId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignAppInstanceTargetToAppAdminRoleForGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignAppInstanceTargetToAppAdminRoleForUser
+
+> AssignAppInstanceTargetToAppAdminRoleForUser(ctx, userId, roleId, appName, applicationId).Execute()
+
+Assign an Application Instance Target to an Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+    applicationId := "applicationId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.AssignAppInstanceTargetToAppAdminRoleForUser(context.Background(), userId, roleId, appName, applicationId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.AssignAppInstanceTargetToAppAdminRoleForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+**applicationId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignAppInstanceTargetToAppAdminRoleForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignAppTargetToAdminRoleForGroup
+
+> AssignAppTargetToAdminRoleForGroup(ctx, groupId, roleId, appName).Execute()
+
+Assign an Application Target to Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.AssignAppTargetToAdminRoleForGroup(context.Background(), groupId, roleId, appName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.AssignAppTargetToAdminRoleForGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignAppTargetToAdminRoleForGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignAppTargetToAdminRoleForUser
+
+> AssignAppTargetToAdminRoleForUser(ctx, userId, roleId, appName).Execute()
+
+Assign an Application Target to Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.AssignAppTargetToAdminRoleForUser(context.Background(), userId, roleId, appName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.AssignAppTargetToAdminRoleForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignAppTargetToAdminRoleForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignGroupTargetToGroupAdminRole
+
+> AssignGroupTargetToGroupAdminRole(ctx, groupId, roleId, targetGroupId).Execute()
+
+Assign a Group Target to a Group Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    targetGroupId := "targetGroupId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.AssignGroupTargetToGroupAdminRole(context.Background(), groupId, roleId, targetGroupId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.AssignGroupTargetToGroupAdminRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+**targetGroupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignGroupTargetToGroupAdminRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## AssignGroupTargetToUserRole
+
+> AssignGroupTargetToUserRole(ctx, userId, roleId, groupId).Execute()
+
+Assign a Group Target to Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    groupId := "groupId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.AssignGroupTargetToUserRole(context.Background(), userId, roleId, groupId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.AssignGroupTargetToUserRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAssignGroupTargetToUserRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListApplicationTargetsForApplicationAdministratorRoleForGroup
+
+> []CatalogApplication ListApplicationTargetsForApplicationAdministratorRoleForGroup(ctx, groupId, roleId).After(after).Limit(limit).Execute()
+
+List all Application Targets for an Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.ListApplicationTargetsForApplicationAdministratorRoleForGroup(context.Background(), groupId, roleId).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.ListApplicationTargetsForApplicationAdministratorRoleForGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListApplicationTargetsForApplicationAdministratorRoleForGroup`: []CatalogApplication
+    fmt.Fprintf(os.Stdout, "Response from `RoleTargetApi.ListApplicationTargetsForApplicationAdministratorRoleForGroup`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListApplicationTargetsForApplicationAdministratorRoleForGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]CatalogApplication**](CatalogApplication.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListApplicationTargetsForApplicationAdministratorRoleForUser
+
+> []CatalogApplication ListApplicationTargetsForApplicationAdministratorRoleForUser(ctx, userId, roleId).After(after).Limit(limit).Execute()
+
+List all Application Targets for Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.ListApplicationTargetsForApplicationAdministratorRoleForUser(context.Background(), userId, roleId).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.ListApplicationTargetsForApplicationAdministratorRoleForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListApplicationTargetsForApplicationAdministratorRoleForUser`: []CatalogApplication
+    fmt.Fprintf(os.Stdout, "Response from `RoleTargetApi.ListApplicationTargetsForApplicationAdministratorRoleForUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListApplicationTargetsForApplicationAdministratorRoleForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]CatalogApplication**](CatalogApplication.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGroupTargetsForGroupRole
+
+> []Group ListGroupTargetsForGroupRole(ctx, groupId, roleId).After(after).Limit(limit).Execute()
+
+List all Group Targets for a Group Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.ListGroupTargetsForGroupRole(context.Background(), groupId, roleId).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.ListGroupTargetsForGroupRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGroupTargetsForGroupRole`: []Group
+    fmt.Fprintf(os.Stdout, "Response from `RoleTargetApi.ListGroupTargetsForGroupRole`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGroupTargetsForGroupRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]Group**](Group.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGroupTargetsForRole
+
+> []Group ListGroupTargetsForRole(ctx, userId, roleId).After(after).Limit(limit).Execute()
+
+List all Group Targets for Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.ListGroupTargetsForRole(context.Background(), userId, roleId).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.ListGroupTargetsForRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGroupTargetsForRole`: []Group
+    fmt.Fprintf(os.Stdout, "Response from `RoleTargetApi.ListGroupTargetsForRole`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGroupTargetsForRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]Group**](Group.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignAppInstanceTargetFromAdminRoleForUser
+
+> UnassignAppInstanceTargetFromAdminRoleForUser(ctx, userId, roleId, appName, applicationId).Execute()
+
+Unassign an Application Instance Target from an Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+    applicationId := "applicationId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.UnassignAppInstanceTargetFromAdminRoleForUser(context.Background(), userId, roleId, appName, applicationId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.UnassignAppInstanceTargetFromAdminRoleForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+**applicationId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignAppInstanceTargetFromAdminRoleForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignAppInstanceTargetToAppAdminRoleForGroup
+
+> UnassignAppInstanceTargetToAppAdminRoleForGroup(ctx, groupId, roleId, appName, applicationId).Execute()
+
+Unassign an Application Instance Target from an Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+    applicationId := "applicationId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.UnassignAppInstanceTargetToAppAdminRoleForGroup(context.Background(), groupId, roleId, appName, applicationId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.UnassignAppInstanceTargetToAppAdminRoleForGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+**applicationId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignAppInstanceTargetToAppAdminRoleForGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignAppTargetFromAppAdminRoleForUser
+
+> UnassignAppTargetFromAppAdminRoleForUser(ctx, userId, roleId, appName).Execute()
+
+Unassign an Application Target from an Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.UnassignAppTargetFromAppAdminRoleForUser(context.Background(), userId, roleId, appName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.UnassignAppTargetFromAppAdminRoleForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignAppTargetFromAppAdminRoleForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignAppTargetToAdminRoleForGroup
+
+> UnassignAppTargetToAdminRoleForGroup(ctx, groupId, roleId, appName).Execute()
+
+Unassign an Application Target from Application Administrator Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    appName := "appName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.UnassignAppTargetToAdminRoleForGroup(context.Background(), groupId, roleId, appName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.UnassignAppTargetToAdminRoleForGroup``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+**appName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignAppTargetToAdminRoleForGroupRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignGroupTargetFromGroupAdminRole
+
+> UnassignGroupTargetFromGroupAdminRole(ctx, groupId, roleId, targetGroupId).Execute()
+
+Unassign a Group Target from a Group Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupId := "groupId_example" // string | 
+    roleId := "roleId_example" // string | 
+    targetGroupId := "targetGroupId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.UnassignGroupTargetFromGroupAdminRole(context.Background(), groupId, roleId, targetGroupId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.UnassignGroupTargetFromGroupAdminRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**groupId** | **string** |  | 
+**roleId** | **string** |  | 
+**targetGroupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignGroupTargetFromGroupAdminRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnassignGroupTargetFromUserAdminRole
+
+> UnassignGroupTargetFromUserAdminRole(ctx, userId, roleId, groupId).Execute()
+
+Unassign a Group Target from Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    roleId := "roleId_example" // string | 
+    groupId := "groupId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.RoleTargetApi.UnassignGroupTargetFromUserAdminRole(context.Background(), userId, roleId, groupId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `RoleTargetApi.UnassignGroupTargetFromUserAdminRole``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**roleId** | **string** |  | 
+**groupId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnassignGroupTargetFromUserAdminRoleRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/RoleType.md b/okta/docs/RoleType.md
new file mode 100644
index 000000000..6e0b49695
--- /dev/null
+++ b/okta/docs/RoleType.md
@@ -0,0 +1,29 @@
+# RoleType
+
+## Enum
+
+
+* `API_ACCESS_MANAGEMENT_ADMIN` (value: `"API_ACCESS_MANAGEMENT_ADMIN"`)
+
+* `APP_ADMIN` (value: `"APP_ADMIN"`)
+
+* `GROUP_MEMBERSHIP_ADMIN` (value: `"GROUP_MEMBERSHIP_ADMIN"`)
+
+* `HELP_DESK_ADMIN` (value: `"HELP_DESK_ADMIN"`)
+
+* `MOBILE_ADMIN` (value: `"MOBILE_ADMIN"`)
+
+* `ORG_ADMIN` (value: `"ORG_ADMIN"`)
+
+* `READ_ONLY_ADMIN` (value: `"READ_ONLY_ADMIN"`)
+
+* `REPORT_ADMIN` (value: `"REPORT_ADMIN"`)
+
+* `SUPER_ADMIN` (value: `"SUPER_ADMIN"`)
+
+* `USER_ADMIN` (value: `"USER_ADMIN"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SafeBrowsingProtectionLevel.md b/okta/docs/SafeBrowsingProtectionLevel.md
new file mode 100644
index 000000000..82d563928
--- /dev/null
+++ b/okta/docs/SafeBrowsingProtectionLevel.md
@@ -0,0 +1,15 @@
+# SafeBrowsingProtectionLevel
+
+## Enum
+
+
+* `ENHANCED_PROTECTION` (value: `"ENHANCED_PROTECTION"`)
+
+* `NO_SAFE_BROWSING` (value: `"NO_SAFE_BROWSING"`)
+
+* `STANDARD_PROTECTION` (value: `"STANDARD_PROTECTION"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SamlApplication.md b/okta/docs/SamlApplication.md
new file mode 100644
index 000000000..6ab4b104c
--- /dev/null
+++ b/okta/docs/SamlApplication.md
@@ -0,0 +1,108 @@
+# SamlApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Settings** | Pointer to [**SamlApplicationSettings**](SamlApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewSamlApplication
+
+`func NewSamlApplication() *SamlApplication`
+
+NewSamlApplication instantiates a new SamlApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSamlApplicationWithDefaults
+
+`func NewSamlApplicationWithDefaults() *SamlApplication`
+
+NewSamlApplicationWithDefaults instantiates a new SamlApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *SamlApplication) GetCredentials() ApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *SamlApplication) GetCredentialsOk() (*ApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *SamlApplication) SetCredentials(v ApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *SamlApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *SamlApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *SamlApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *SamlApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *SamlApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *SamlApplication) GetSettings() SamlApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *SamlApplication) GetSettingsOk() (*SamlApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *SamlApplication) SetSettings(v SamlApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *SamlApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SamlApplicationAllOf.md b/okta/docs/SamlApplicationAllOf.md
new file mode 100644
index 000000000..4bdf8c61c
--- /dev/null
+++ b/okta/docs/SamlApplicationAllOf.md
@@ -0,0 +1,108 @@
+# SamlApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Settings** | Pointer to [**SamlApplicationSettings**](SamlApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewSamlApplicationAllOf
+
+`func NewSamlApplicationAllOf() *SamlApplicationAllOf`
+
+NewSamlApplicationAllOf instantiates a new SamlApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSamlApplicationAllOfWithDefaults
+
+`func NewSamlApplicationAllOfWithDefaults() *SamlApplicationAllOf`
+
+NewSamlApplicationAllOfWithDefaults instantiates a new SamlApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *SamlApplicationAllOf) GetCredentials() ApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *SamlApplicationAllOf) GetCredentialsOk() (*ApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *SamlApplicationAllOf) SetCredentials(v ApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *SamlApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *SamlApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *SamlApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *SamlApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *SamlApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *SamlApplicationAllOf) GetSettings() SamlApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *SamlApplicationAllOf) GetSettingsOk() (*SamlApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *SamlApplicationAllOf) SetSettings(v SamlApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *SamlApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SamlApplicationSettings.md b/okta/docs/SamlApplicationSettings.md
new file mode 100644
index 000000000..5583de257
--- /dev/null
+++ b/okta/docs/SamlApplicationSettings.md
@@ -0,0 +1,212 @@
+# SamlApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**App** | Pointer to [**SamlApplicationSettingsApplication**](SamlApplicationSettingsApplication.md) |  | [optional] 
+**SignOn** | Pointer to [**SamlApplicationSettingsSignOn**](SamlApplicationSettingsSignOn.md) |  | [optional] 
+
+## Methods
+
+### NewSamlApplicationSettings
+
+`func NewSamlApplicationSettings() *SamlApplicationSettings`
+
+NewSamlApplicationSettings instantiates a new SamlApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSamlApplicationSettingsWithDefaults
+
+`func NewSamlApplicationSettingsWithDefaults() *SamlApplicationSettings`
+
+NewSamlApplicationSettingsWithDefaults instantiates a new SamlApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *SamlApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *SamlApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *SamlApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *SamlApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *SamlApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *SamlApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *SamlApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *SamlApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *SamlApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *SamlApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *SamlApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *SamlApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *SamlApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *SamlApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *SamlApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *SamlApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *SamlApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *SamlApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *SamlApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *SamlApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetApp
+
+`func (o *SamlApplicationSettings) GetApp() SamlApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *SamlApplicationSettings) GetAppOk() (*SamlApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *SamlApplicationSettings) SetApp(v SamlApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *SamlApplicationSettings) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetSignOn
+
+`func (o *SamlApplicationSettings) GetSignOn() SamlApplicationSettingsSignOn`
+
+GetSignOn returns the SignOn field if non-nil, zero value otherwise.
+
+### GetSignOnOk
+
+`func (o *SamlApplicationSettings) GetSignOnOk() (*SamlApplicationSettingsSignOn, bool)`
+
+GetSignOnOk returns a tuple with the SignOn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignOn
+
+`func (o *SamlApplicationSettings) SetSignOn(v SamlApplicationSettingsSignOn)`
+
+SetSignOn sets SignOn field to given value.
+
+### HasSignOn
+
+`func (o *SamlApplicationSettings) HasSignOn() bool`
+
+HasSignOn returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SamlApplicationSettingsAllOf.md b/okta/docs/SamlApplicationSettingsAllOf.md
new file mode 100644
index 000000000..32c61d857
--- /dev/null
+++ b/okta/docs/SamlApplicationSettingsAllOf.md
@@ -0,0 +1,82 @@
+# SamlApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**SamlApplicationSettingsApplication**](SamlApplicationSettingsApplication.md) |  | [optional] 
+**SignOn** | Pointer to [**SamlApplicationSettingsSignOn**](SamlApplicationSettingsSignOn.md) |  | [optional] 
+
+## Methods
+
+### NewSamlApplicationSettingsAllOf
+
+`func NewSamlApplicationSettingsAllOf() *SamlApplicationSettingsAllOf`
+
+NewSamlApplicationSettingsAllOf instantiates a new SamlApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSamlApplicationSettingsAllOfWithDefaults
+
+`func NewSamlApplicationSettingsAllOfWithDefaults() *SamlApplicationSettingsAllOf`
+
+NewSamlApplicationSettingsAllOfWithDefaults instantiates a new SamlApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *SamlApplicationSettingsAllOf) GetApp() SamlApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *SamlApplicationSettingsAllOf) GetAppOk() (*SamlApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *SamlApplicationSettingsAllOf) SetApp(v SamlApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *SamlApplicationSettingsAllOf) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+### GetSignOn
+
+`func (o *SamlApplicationSettingsAllOf) GetSignOn() SamlApplicationSettingsSignOn`
+
+GetSignOn returns the SignOn field if non-nil, zero value otherwise.
+
+### GetSignOnOk
+
+`func (o *SamlApplicationSettingsAllOf) GetSignOnOk() (*SamlApplicationSettingsSignOn, bool)`
+
+GetSignOnOk returns a tuple with the SignOn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignOn
+
+`func (o *SamlApplicationSettingsAllOf) SetSignOn(v SamlApplicationSettingsSignOn)`
+
+SetSignOn sets SignOn field to given value.
+
+### HasSignOn
+
+`func (o *SamlApplicationSettingsAllOf) HasSignOn() bool`
+
+HasSignOn returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SamlApplicationSettingsApplication.md b/okta/docs/SamlApplicationSettingsApplication.md
new file mode 100644
index 000000000..59a8e6d9f
--- /dev/null
+++ b/okta/docs/SamlApplicationSettingsApplication.md
@@ -0,0 +1,108 @@
+# SamlApplicationSettingsApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AcsUrl** | Pointer to **string** |  | [optional] 
+**AudRestriction** | Pointer to **string** |  | [optional] 
+**BaseUrl** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSamlApplicationSettingsApplication
+
+`func NewSamlApplicationSettingsApplication() *SamlApplicationSettingsApplication`
+
+NewSamlApplicationSettingsApplication instantiates a new SamlApplicationSettingsApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSamlApplicationSettingsApplicationWithDefaults
+
+`func NewSamlApplicationSettingsApplicationWithDefaults() *SamlApplicationSettingsApplication`
+
+NewSamlApplicationSettingsApplicationWithDefaults instantiates a new SamlApplicationSettingsApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAcsUrl
+
+`func (o *SamlApplicationSettingsApplication) GetAcsUrl() string`
+
+GetAcsUrl returns the AcsUrl field if non-nil, zero value otherwise.
+
+### GetAcsUrlOk
+
+`func (o *SamlApplicationSettingsApplication) GetAcsUrlOk() (*string, bool)`
+
+GetAcsUrlOk returns a tuple with the AcsUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAcsUrl
+
+`func (o *SamlApplicationSettingsApplication) SetAcsUrl(v string)`
+
+SetAcsUrl sets AcsUrl field to given value.
+
+### HasAcsUrl
+
+`func (o *SamlApplicationSettingsApplication) HasAcsUrl() bool`
+
+HasAcsUrl returns a boolean if a field has been set.
+
+### GetAudRestriction
+
+`func (o *SamlApplicationSettingsApplication) GetAudRestriction() string`
+
+GetAudRestriction returns the AudRestriction field if non-nil, zero value otherwise.
+
+### GetAudRestrictionOk
+
+`func (o *SamlApplicationSettingsApplication) GetAudRestrictionOk() (*string, bool)`
+
+GetAudRestrictionOk returns a tuple with the AudRestriction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAudRestriction
+
+`func (o *SamlApplicationSettingsApplication) SetAudRestriction(v string)`
+
+SetAudRestriction sets AudRestriction field to given value.
+
+### HasAudRestriction
+
+`func (o *SamlApplicationSettingsApplication) HasAudRestriction() bool`
+
+HasAudRestriction returns a boolean if a field has been set.
+
+### GetBaseUrl
+
+`func (o *SamlApplicationSettingsApplication) GetBaseUrl() string`
+
+GetBaseUrl returns the BaseUrl field if non-nil, zero value otherwise.
+
+### GetBaseUrlOk
+
+`func (o *SamlApplicationSettingsApplication) GetBaseUrlOk() (*string, bool)`
+
+GetBaseUrlOk returns a tuple with the BaseUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBaseUrl
+
+`func (o *SamlApplicationSettingsApplication) SetBaseUrl(v string)`
+
+SetBaseUrl sets BaseUrl field to given value.
+
+### HasBaseUrl
+
+`func (o *SamlApplicationSettingsApplication) HasBaseUrl() bool`
+
+HasBaseUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SamlApplicationSettingsSignOn.md b/okta/docs/SamlApplicationSettingsSignOn.md
new file mode 100644
index 000000000..419230b8c
--- /dev/null
+++ b/okta/docs/SamlApplicationSettingsSignOn.md
@@ -0,0 +1,706 @@
+# SamlApplicationSettingsSignOn
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AcsEndpoints** | Pointer to [**[]AcsEndpoint**](AcsEndpoint.md) |  | [optional] 
+**AllowMultipleAcsEndpoints** | Pointer to **bool** |  | [optional] 
+**AssertionSigned** | Pointer to **bool** |  | [optional] 
+**AttributeStatements** | Pointer to [**[]SamlAttributeStatement**](SamlAttributeStatement.md) |  | [optional] 
+**Audience** | Pointer to **string** |  | [optional] 
+**AudienceOverride** | Pointer to **string** |  | [optional] 
+**AuthnContextClassRef** | Pointer to **string** |  | [optional] 
+**DefaultRelayState** | Pointer to **string** |  | [optional] 
+**Destination** | Pointer to **string** |  | [optional] 
+**DestinationOverride** | Pointer to **string** |  | [optional] 
+**DigestAlgorithm** | Pointer to **string** |  | [optional] 
+**HonorForceAuthn** | Pointer to **bool** |  | [optional] 
+**IdpIssuer** | Pointer to **string** |  | [optional] 
+**InlineHooks** | Pointer to [**[]SignOnInlineHook**](SignOnInlineHook.md) |  | [optional] 
+**Recipient** | Pointer to **string** |  | [optional] 
+**RecipientOverride** | Pointer to **string** |  | [optional] 
+**RequestCompressed** | Pointer to **bool** |  | [optional] 
+**ResponseSigned** | Pointer to **bool** |  | [optional] 
+**SignatureAlgorithm** | Pointer to **string** |  | [optional] 
+**Slo** | Pointer to [**SingleLogout**](SingleLogout.md) |  | [optional] 
+**SpCertificate** | Pointer to [**SpCertificate**](SpCertificate.md) |  | [optional] 
+**SpIssuer** | Pointer to **string** |  | [optional] 
+**SsoAcsUrl** | Pointer to **string** |  | [optional] 
+**SsoAcsUrlOverride** | Pointer to **string** |  | [optional] 
+**SubjectNameIdFormat** | Pointer to **string** |  | [optional] 
+**SubjectNameIdTemplate** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSamlApplicationSettingsSignOn
+
+`func NewSamlApplicationSettingsSignOn() *SamlApplicationSettingsSignOn`
+
+NewSamlApplicationSettingsSignOn instantiates a new SamlApplicationSettingsSignOn object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSamlApplicationSettingsSignOnWithDefaults
+
+`func NewSamlApplicationSettingsSignOnWithDefaults() *SamlApplicationSettingsSignOn`
+
+NewSamlApplicationSettingsSignOnWithDefaults instantiates a new SamlApplicationSettingsSignOn object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAcsEndpoints
+
+`func (o *SamlApplicationSettingsSignOn) GetAcsEndpoints() []AcsEndpoint`
+
+GetAcsEndpoints returns the AcsEndpoints field if non-nil, zero value otherwise.
+
+### GetAcsEndpointsOk
+
+`func (o *SamlApplicationSettingsSignOn) GetAcsEndpointsOk() (*[]AcsEndpoint, bool)`
+
+GetAcsEndpointsOk returns a tuple with the AcsEndpoints field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAcsEndpoints
+
+`func (o *SamlApplicationSettingsSignOn) SetAcsEndpoints(v []AcsEndpoint)`
+
+SetAcsEndpoints sets AcsEndpoints field to given value.
+
+### HasAcsEndpoints
+
+`func (o *SamlApplicationSettingsSignOn) HasAcsEndpoints() bool`
+
+HasAcsEndpoints returns a boolean if a field has been set.
+
+### GetAllowMultipleAcsEndpoints
+
+`func (o *SamlApplicationSettingsSignOn) GetAllowMultipleAcsEndpoints() bool`
+
+GetAllowMultipleAcsEndpoints returns the AllowMultipleAcsEndpoints field if non-nil, zero value otherwise.
+
+### GetAllowMultipleAcsEndpointsOk
+
+`func (o *SamlApplicationSettingsSignOn) GetAllowMultipleAcsEndpointsOk() (*bool, bool)`
+
+GetAllowMultipleAcsEndpointsOk returns a tuple with the AllowMultipleAcsEndpoints field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllowMultipleAcsEndpoints
+
+`func (o *SamlApplicationSettingsSignOn) SetAllowMultipleAcsEndpoints(v bool)`
+
+SetAllowMultipleAcsEndpoints sets AllowMultipleAcsEndpoints field to given value.
+
+### HasAllowMultipleAcsEndpoints
+
+`func (o *SamlApplicationSettingsSignOn) HasAllowMultipleAcsEndpoints() bool`
+
+HasAllowMultipleAcsEndpoints returns a boolean if a field has been set.
+
+### GetAssertionSigned
+
+`func (o *SamlApplicationSettingsSignOn) GetAssertionSigned() bool`
+
+GetAssertionSigned returns the AssertionSigned field if non-nil, zero value otherwise.
+
+### GetAssertionSignedOk
+
+`func (o *SamlApplicationSettingsSignOn) GetAssertionSignedOk() (*bool, bool)`
+
+GetAssertionSignedOk returns a tuple with the AssertionSigned field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAssertionSigned
+
+`func (o *SamlApplicationSettingsSignOn) SetAssertionSigned(v bool)`
+
+SetAssertionSigned sets AssertionSigned field to given value.
+
+### HasAssertionSigned
+
+`func (o *SamlApplicationSettingsSignOn) HasAssertionSigned() bool`
+
+HasAssertionSigned returns a boolean if a field has been set.
+
+### GetAttributeStatements
+
+`func (o *SamlApplicationSettingsSignOn) GetAttributeStatements() []SamlAttributeStatement`
+
+GetAttributeStatements returns the AttributeStatements field if non-nil, zero value otherwise.
+
+### GetAttributeStatementsOk
+
+`func (o *SamlApplicationSettingsSignOn) GetAttributeStatementsOk() (*[]SamlAttributeStatement, bool)`
+
+GetAttributeStatementsOk returns a tuple with the AttributeStatements field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAttributeStatements
+
+`func (o *SamlApplicationSettingsSignOn) SetAttributeStatements(v []SamlAttributeStatement)`
+
+SetAttributeStatements sets AttributeStatements field to given value.
+
+### HasAttributeStatements
+
+`func (o *SamlApplicationSettingsSignOn) HasAttributeStatements() bool`
+
+HasAttributeStatements returns a boolean if a field has been set.
+
+### GetAudience
+
+`func (o *SamlApplicationSettingsSignOn) GetAudience() string`
+
+GetAudience returns the Audience field if non-nil, zero value otherwise.
+
+### GetAudienceOk
+
+`func (o *SamlApplicationSettingsSignOn) GetAudienceOk() (*string, bool)`
+
+GetAudienceOk returns a tuple with the Audience field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAudience
+
+`func (o *SamlApplicationSettingsSignOn) SetAudience(v string)`
+
+SetAudience sets Audience field to given value.
+
+### HasAudience
+
+`func (o *SamlApplicationSettingsSignOn) HasAudience() bool`
+
+HasAudience returns a boolean if a field has been set.
+
+### GetAudienceOverride
+
+`func (o *SamlApplicationSettingsSignOn) GetAudienceOverride() string`
+
+GetAudienceOverride returns the AudienceOverride field if non-nil, zero value otherwise.
+
+### GetAudienceOverrideOk
+
+`func (o *SamlApplicationSettingsSignOn) GetAudienceOverrideOk() (*string, bool)`
+
+GetAudienceOverrideOk returns a tuple with the AudienceOverride field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAudienceOverride
+
+`func (o *SamlApplicationSettingsSignOn) SetAudienceOverride(v string)`
+
+SetAudienceOverride sets AudienceOverride field to given value.
+
+### HasAudienceOverride
+
+`func (o *SamlApplicationSettingsSignOn) HasAudienceOverride() bool`
+
+HasAudienceOverride returns a boolean if a field has been set.
+
+### GetAuthnContextClassRef
+
+`func (o *SamlApplicationSettingsSignOn) GetAuthnContextClassRef() string`
+
+GetAuthnContextClassRef returns the AuthnContextClassRef field if non-nil, zero value otherwise.
+
+### GetAuthnContextClassRefOk
+
+`func (o *SamlApplicationSettingsSignOn) GetAuthnContextClassRefOk() (*string, bool)`
+
+GetAuthnContextClassRefOk returns a tuple with the AuthnContextClassRef field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthnContextClassRef
+
+`func (o *SamlApplicationSettingsSignOn) SetAuthnContextClassRef(v string)`
+
+SetAuthnContextClassRef sets AuthnContextClassRef field to given value.
+
+### HasAuthnContextClassRef
+
+`func (o *SamlApplicationSettingsSignOn) HasAuthnContextClassRef() bool`
+
+HasAuthnContextClassRef returns a boolean if a field has been set.
+
+### GetDefaultRelayState
+
+`func (o *SamlApplicationSettingsSignOn) GetDefaultRelayState() string`
+
+GetDefaultRelayState returns the DefaultRelayState field if non-nil, zero value otherwise.
+
+### GetDefaultRelayStateOk
+
+`func (o *SamlApplicationSettingsSignOn) GetDefaultRelayStateOk() (*string, bool)`
+
+GetDefaultRelayStateOk returns a tuple with the DefaultRelayState field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefaultRelayState
+
+`func (o *SamlApplicationSettingsSignOn) SetDefaultRelayState(v string)`
+
+SetDefaultRelayState sets DefaultRelayState field to given value.
+
+### HasDefaultRelayState
+
+`func (o *SamlApplicationSettingsSignOn) HasDefaultRelayState() bool`
+
+HasDefaultRelayState returns a boolean if a field has been set.
+
+### GetDestination
+
+`func (o *SamlApplicationSettingsSignOn) GetDestination() string`
+
+GetDestination returns the Destination field if non-nil, zero value otherwise.
+
+### GetDestinationOk
+
+`func (o *SamlApplicationSettingsSignOn) GetDestinationOk() (*string, bool)`
+
+GetDestinationOk returns a tuple with the Destination field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDestination
+
+`func (o *SamlApplicationSettingsSignOn) SetDestination(v string)`
+
+SetDestination sets Destination field to given value.
+
+### HasDestination
+
+`func (o *SamlApplicationSettingsSignOn) HasDestination() bool`
+
+HasDestination returns a boolean if a field has been set.
+
+### GetDestinationOverride
+
+`func (o *SamlApplicationSettingsSignOn) GetDestinationOverride() string`
+
+GetDestinationOverride returns the DestinationOverride field if non-nil, zero value otherwise.
+
+### GetDestinationOverrideOk
+
+`func (o *SamlApplicationSettingsSignOn) GetDestinationOverrideOk() (*string, bool)`
+
+GetDestinationOverrideOk returns a tuple with the DestinationOverride field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDestinationOverride
+
+`func (o *SamlApplicationSettingsSignOn) SetDestinationOverride(v string)`
+
+SetDestinationOverride sets DestinationOverride field to given value.
+
+### HasDestinationOverride
+
+`func (o *SamlApplicationSettingsSignOn) HasDestinationOverride() bool`
+
+HasDestinationOverride returns a boolean if a field has been set.
+
+### GetDigestAlgorithm
+
+`func (o *SamlApplicationSettingsSignOn) GetDigestAlgorithm() string`
+
+GetDigestAlgorithm returns the DigestAlgorithm field if non-nil, zero value otherwise.
+
+### GetDigestAlgorithmOk
+
+`func (o *SamlApplicationSettingsSignOn) GetDigestAlgorithmOk() (*string, bool)`
+
+GetDigestAlgorithmOk returns a tuple with the DigestAlgorithm field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDigestAlgorithm
+
+`func (o *SamlApplicationSettingsSignOn) SetDigestAlgorithm(v string)`
+
+SetDigestAlgorithm sets DigestAlgorithm field to given value.
+
+### HasDigestAlgorithm
+
+`func (o *SamlApplicationSettingsSignOn) HasDigestAlgorithm() bool`
+
+HasDigestAlgorithm returns a boolean if a field has been set.
+
+### GetHonorForceAuthn
+
+`func (o *SamlApplicationSettingsSignOn) GetHonorForceAuthn() bool`
+
+GetHonorForceAuthn returns the HonorForceAuthn field if non-nil, zero value otherwise.
+
+### GetHonorForceAuthnOk
+
+`func (o *SamlApplicationSettingsSignOn) GetHonorForceAuthnOk() (*bool, bool)`
+
+GetHonorForceAuthnOk returns a tuple with the HonorForceAuthn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHonorForceAuthn
+
+`func (o *SamlApplicationSettingsSignOn) SetHonorForceAuthn(v bool)`
+
+SetHonorForceAuthn sets HonorForceAuthn field to given value.
+
+### HasHonorForceAuthn
+
+`func (o *SamlApplicationSettingsSignOn) HasHonorForceAuthn() bool`
+
+HasHonorForceAuthn returns a boolean if a field has been set.
+
+### GetIdpIssuer
+
+`func (o *SamlApplicationSettingsSignOn) GetIdpIssuer() string`
+
+GetIdpIssuer returns the IdpIssuer field if non-nil, zero value otherwise.
+
+### GetIdpIssuerOk
+
+`func (o *SamlApplicationSettingsSignOn) GetIdpIssuerOk() (*string, bool)`
+
+GetIdpIssuerOk returns a tuple with the IdpIssuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdpIssuer
+
+`func (o *SamlApplicationSettingsSignOn) SetIdpIssuer(v string)`
+
+SetIdpIssuer sets IdpIssuer field to given value.
+
+### HasIdpIssuer
+
+`func (o *SamlApplicationSettingsSignOn) HasIdpIssuer() bool`
+
+HasIdpIssuer returns a boolean if a field has been set.
+
+### GetInlineHooks
+
+`func (o *SamlApplicationSettingsSignOn) GetInlineHooks() []SignOnInlineHook`
+
+GetInlineHooks returns the InlineHooks field if non-nil, zero value otherwise.
+
+### GetInlineHooksOk
+
+`func (o *SamlApplicationSettingsSignOn) GetInlineHooksOk() (*[]SignOnInlineHook, bool)`
+
+GetInlineHooksOk returns a tuple with the InlineHooks field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHooks
+
+`func (o *SamlApplicationSettingsSignOn) SetInlineHooks(v []SignOnInlineHook)`
+
+SetInlineHooks sets InlineHooks field to given value.
+
+### HasInlineHooks
+
+`func (o *SamlApplicationSettingsSignOn) HasInlineHooks() bool`
+
+HasInlineHooks returns a boolean if a field has been set.
+
+### GetRecipient
+
+`func (o *SamlApplicationSettingsSignOn) GetRecipient() string`
+
+GetRecipient returns the Recipient field if non-nil, zero value otherwise.
+
+### GetRecipientOk
+
+`func (o *SamlApplicationSettingsSignOn) GetRecipientOk() (*string, bool)`
+
+GetRecipientOk returns a tuple with the Recipient field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecipient
+
+`func (o *SamlApplicationSettingsSignOn) SetRecipient(v string)`
+
+SetRecipient sets Recipient field to given value.
+
+### HasRecipient
+
+`func (o *SamlApplicationSettingsSignOn) HasRecipient() bool`
+
+HasRecipient returns a boolean if a field has been set.
+
+### GetRecipientOverride
+
+`func (o *SamlApplicationSettingsSignOn) GetRecipientOverride() string`
+
+GetRecipientOverride returns the RecipientOverride field if non-nil, zero value otherwise.
+
+### GetRecipientOverrideOk
+
+`func (o *SamlApplicationSettingsSignOn) GetRecipientOverrideOk() (*string, bool)`
+
+GetRecipientOverrideOk returns a tuple with the RecipientOverride field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecipientOverride
+
+`func (o *SamlApplicationSettingsSignOn) SetRecipientOverride(v string)`
+
+SetRecipientOverride sets RecipientOverride field to given value.
+
+### HasRecipientOverride
+
+`func (o *SamlApplicationSettingsSignOn) HasRecipientOverride() bool`
+
+HasRecipientOverride returns a boolean if a field has been set.
+
+### GetRequestCompressed
+
+`func (o *SamlApplicationSettingsSignOn) GetRequestCompressed() bool`
+
+GetRequestCompressed returns the RequestCompressed field if non-nil, zero value otherwise.
+
+### GetRequestCompressedOk
+
+`func (o *SamlApplicationSettingsSignOn) GetRequestCompressedOk() (*bool, bool)`
+
+GetRequestCompressedOk returns a tuple with the RequestCompressed field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestCompressed
+
+`func (o *SamlApplicationSettingsSignOn) SetRequestCompressed(v bool)`
+
+SetRequestCompressed sets RequestCompressed field to given value.
+
+### HasRequestCompressed
+
+`func (o *SamlApplicationSettingsSignOn) HasRequestCompressed() bool`
+
+HasRequestCompressed returns a boolean if a field has been set.
+
+### GetResponseSigned
+
+`func (o *SamlApplicationSettingsSignOn) GetResponseSigned() bool`
+
+GetResponseSigned returns the ResponseSigned field if non-nil, zero value otherwise.
+
+### GetResponseSignedOk
+
+`func (o *SamlApplicationSettingsSignOn) GetResponseSignedOk() (*bool, bool)`
+
+GetResponseSignedOk returns a tuple with the ResponseSigned field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResponseSigned
+
+`func (o *SamlApplicationSettingsSignOn) SetResponseSigned(v bool)`
+
+SetResponseSigned sets ResponseSigned field to given value.
+
+### HasResponseSigned
+
+`func (o *SamlApplicationSettingsSignOn) HasResponseSigned() bool`
+
+HasResponseSigned returns a boolean if a field has been set.
+
+### GetSignatureAlgorithm
+
+`func (o *SamlApplicationSettingsSignOn) GetSignatureAlgorithm() string`
+
+GetSignatureAlgorithm returns the SignatureAlgorithm field if non-nil, zero value otherwise.
+
+### GetSignatureAlgorithmOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSignatureAlgorithmOk() (*string, bool)`
+
+GetSignatureAlgorithmOk returns a tuple with the SignatureAlgorithm field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignatureAlgorithm
+
+`func (o *SamlApplicationSettingsSignOn) SetSignatureAlgorithm(v string)`
+
+SetSignatureAlgorithm sets SignatureAlgorithm field to given value.
+
+### HasSignatureAlgorithm
+
+`func (o *SamlApplicationSettingsSignOn) HasSignatureAlgorithm() bool`
+
+HasSignatureAlgorithm returns a boolean if a field has been set.
+
+### GetSlo
+
+`func (o *SamlApplicationSettingsSignOn) GetSlo() SingleLogout`
+
+GetSlo returns the Slo field if non-nil, zero value otherwise.
+
+### GetSloOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSloOk() (*SingleLogout, bool)`
+
+GetSloOk returns a tuple with the Slo field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSlo
+
+`func (o *SamlApplicationSettingsSignOn) SetSlo(v SingleLogout)`
+
+SetSlo sets Slo field to given value.
+
+### HasSlo
+
+`func (o *SamlApplicationSettingsSignOn) HasSlo() bool`
+
+HasSlo returns a boolean if a field has been set.
+
+### GetSpCertificate
+
+`func (o *SamlApplicationSettingsSignOn) GetSpCertificate() SpCertificate`
+
+GetSpCertificate returns the SpCertificate field if non-nil, zero value otherwise.
+
+### GetSpCertificateOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSpCertificateOk() (*SpCertificate, bool)`
+
+GetSpCertificateOk returns a tuple with the SpCertificate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSpCertificate
+
+`func (o *SamlApplicationSettingsSignOn) SetSpCertificate(v SpCertificate)`
+
+SetSpCertificate sets SpCertificate field to given value.
+
+### HasSpCertificate
+
+`func (o *SamlApplicationSettingsSignOn) HasSpCertificate() bool`
+
+HasSpCertificate returns a boolean if a field has been set.
+
+### GetSpIssuer
+
+`func (o *SamlApplicationSettingsSignOn) GetSpIssuer() string`
+
+GetSpIssuer returns the SpIssuer field if non-nil, zero value otherwise.
+
+### GetSpIssuerOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSpIssuerOk() (*string, bool)`
+
+GetSpIssuerOk returns a tuple with the SpIssuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSpIssuer
+
+`func (o *SamlApplicationSettingsSignOn) SetSpIssuer(v string)`
+
+SetSpIssuer sets SpIssuer field to given value.
+
+### HasSpIssuer
+
+`func (o *SamlApplicationSettingsSignOn) HasSpIssuer() bool`
+
+HasSpIssuer returns a boolean if a field has been set.
+
+### GetSsoAcsUrl
+
+`func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrl() string`
+
+GetSsoAcsUrl returns the SsoAcsUrl field if non-nil, zero value otherwise.
+
+### GetSsoAcsUrlOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrlOk() (*string, bool)`
+
+GetSsoAcsUrlOk returns a tuple with the SsoAcsUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSsoAcsUrl
+
+`func (o *SamlApplicationSettingsSignOn) SetSsoAcsUrl(v string)`
+
+SetSsoAcsUrl sets SsoAcsUrl field to given value.
+
+### HasSsoAcsUrl
+
+`func (o *SamlApplicationSettingsSignOn) HasSsoAcsUrl() bool`
+
+HasSsoAcsUrl returns a boolean if a field has been set.
+
+### GetSsoAcsUrlOverride
+
+`func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrlOverride() string`
+
+GetSsoAcsUrlOverride returns the SsoAcsUrlOverride field if non-nil, zero value otherwise.
+
+### GetSsoAcsUrlOverrideOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrlOverrideOk() (*string, bool)`
+
+GetSsoAcsUrlOverrideOk returns a tuple with the SsoAcsUrlOverride field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSsoAcsUrlOverride
+
+`func (o *SamlApplicationSettingsSignOn) SetSsoAcsUrlOverride(v string)`
+
+SetSsoAcsUrlOverride sets SsoAcsUrlOverride field to given value.
+
+### HasSsoAcsUrlOverride
+
+`func (o *SamlApplicationSettingsSignOn) HasSsoAcsUrlOverride() bool`
+
+HasSsoAcsUrlOverride returns a boolean if a field has been set.
+
+### GetSubjectNameIdFormat
+
+`func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdFormat() string`
+
+GetSubjectNameIdFormat returns the SubjectNameIdFormat field if non-nil, zero value otherwise.
+
+### GetSubjectNameIdFormatOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdFormatOk() (*string, bool)`
+
+GetSubjectNameIdFormatOk returns a tuple with the SubjectNameIdFormat field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubjectNameIdFormat
+
+`func (o *SamlApplicationSettingsSignOn) SetSubjectNameIdFormat(v string)`
+
+SetSubjectNameIdFormat sets SubjectNameIdFormat field to given value.
+
+### HasSubjectNameIdFormat
+
+`func (o *SamlApplicationSettingsSignOn) HasSubjectNameIdFormat() bool`
+
+HasSubjectNameIdFormat returns a boolean if a field has been set.
+
+### GetSubjectNameIdTemplate
+
+`func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdTemplate() string`
+
+GetSubjectNameIdTemplate returns the SubjectNameIdTemplate field if non-nil, zero value otherwise.
+
+### GetSubjectNameIdTemplateOk
+
+`func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdTemplateOk() (*string, bool)`
+
+GetSubjectNameIdTemplateOk returns a tuple with the SubjectNameIdTemplate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSubjectNameIdTemplate
+
+`func (o *SamlApplicationSettingsSignOn) SetSubjectNameIdTemplate(v string)`
+
+SetSubjectNameIdTemplate sets SubjectNameIdTemplate field to given value.
+
+### HasSubjectNameIdTemplate
+
+`func (o *SamlApplicationSettingsSignOn) HasSubjectNameIdTemplate() bool`
+
+HasSubjectNameIdTemplate returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SamlAttributeStatement.md b/okta/docs/SamlAttributeStatement.md
new file mode 100644
index 000000000..fda3cdc02
--- /dev/null
+++ b/okta/docs/SamlAttributeStatement.md
@@ -0,0 +1,186 @@
+# SamlAttributeStatement
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**FilterType** | Pointer to **string** |  | [optional] 
+**FilterValue** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Namespace** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+**Values** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewSamlAttributeStatement
+
+`func NewSamlAttributeStatement() *SamlAttributeStatement`
+
+NewSamlAttributeStatement instantiates a new SamlAttributeStatement object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSamlAttributeStatementWithDefaults
+
+`func NewSamlAttributeStatementWithDefaults() *SamlAttributeStatement`
+
+NewSamlAttributeStatementWithDefaults instantiates a new SamlAttributeStatement object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetFilterType
+
+`func (o *SamlAttributeStatement) GetFilterType() string`
+
+GetFilterType returns the FilterType field if non-nil, zero value otherwise.
+
+### GetFilterTypeOk
+
+`func (o *SamlAttributeStatement) GetFilterTypeOk() (*string, bool)`
+
+GetFilterTypeOk returns a tuple with the FilterType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFilterType
+
+`func (o *SamlAttributeStatement) SetFilterType(v string)`
+
+SetFilterType sets FilterType field to given value.
+
+### HasFilterType
+
+`func (o *SamlAttributeStatement) HasFilterType() bool`
+
+HasFilterType returns a boolean if a field has been set.
+
+### GetFilterValue
+
+`func (o *SamlAttributeStatement) GetFilterValue() string`
+
+GetFilterValue returns the FilterValue field if non-nil, zero value otherwise.
+
+### GetFilterValueOk
+
+`func (o *SamlAttributeStatement) GetFilterValueOk() (*string, bool)`
+
+GetFilterValueOk returns a tuple with the FilterValue field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFilterValue
+
+`func (o *SamlAttributeStatement) SetFilterValue(v string)`
+
+SetFilterValue sets FilterValue field to given value.
+
+### HasFilterValue
+
+`func (o *SamlAttributeStatement) HasFilterValue() bool`
+
+HasFilterValue returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *SamlAttributeStatement) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *SamlAttributeStatement) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *SamlAttributeStatement) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *SamlAttributeStatement) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetNamespace
+
+`func (o *SamlAttributeStatement) GetNamespace() string`
+
+GetNamespace returns the Namespace field if non-nil, zero value otherwise.
+
+### GetNamespaceOk
+
+`func (o *SamlAttributeStatement) GetNamespaceOk() (*string, bool)`
+
+GetNamespaceOk returns a tuple with the Namespace field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNamespace
+
+`func (o *SamlAttributeStatement) SetNamespace(v string)`
+
+SetNamespace sets Namespace field to given value.
+
+### HasNamespace
+
+`func (o *SamlAttributeStatement) HasNamespace() bool`
+
+HasNamespace returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *SamlAttributeStatement) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *SamlAttributeStatement) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *SamlAttributeStatement) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *SamlAttributeStatement) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetValues
+
+`func (o *SamlAttributeStatement) GetValues() []string`
+
+GetValues returns the Values field if non-nil, zero value otherwise.
+
+### GetValuesOk
+
+`func (o *SamlAttributeStatement) GetValuesOk() (*[]string, bool)`
+
+GetValuesOk returns a tuple with the Values field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValues
+
+`func (o *SamlAttributeStatement) SetValues(v []string)`
+
+SetValues sets Values field to given value.
+
+### HasValues
+
+`func (o *SamlAttributeStatement) HasValues() bool`
+
+HasValues returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ScheduledUserLifecycleAction.md b/okta/docs/ScheduledUserLifecycleAction.md
new file mode 100644
index 000000000..25bd35535
--- /dev/null
+++ b/okta/docs/ScheduledUserLifecycleAction.md
@@ -0,0 +1,56 @@
+# ScheduledUserLifecycleAction
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Status** | Pointer to [**PolicyUserStatus**](PolicyUserStatus.md) |  | [optional] 
+
+## Methods
+
+### NewScheduledUserLifecycleAction
+
+`func NewScheduledUserLifecycleAction() *ScheduledUserLifecycleAction`
+
+NewScheduledUserLifecycleAction instantiates a new ScheduledUserLifecycleAction object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewScheduledUserLifecycleActionWithDefaults
+
+`func NewScheduledUserLifecycleActionWithDefaults() *ScheduledUserLifecycleAction`
+
+NewScheduledUserLifecycleActionWithDefaults instantiates a new ScheduledUserLifecycleAction object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetStatus
+
+`func (o *ScheduledUserLifecycleAction) GetStatus() PolicyUserStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *ScheduledUserLifecycleAction) GetStatusOk() (*PolicyUserStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *ScheduledUserLifecycleAction) SetStatus(v PolicyUserStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *ScheduledUserLifecycleAction) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SchemaApi.md b/okta/docs/SchemaApi.md
new file mode 100644
index 000000000..9e00cb24c
--- /dev/null
+++ b/okta/docs/SchemaApi.md
@@ -0,0 +1,629 @@
+# \SchemaApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetApplicationLayout**](SchemaApi.md#GetApplicationLayout) | **Get** /api/v1/meta/layouts/apps/{appName} | Retrieve the UI Layout for an Application
+[**GetApplicationUserSchema**](SchemaApi.md#GetApplicationUserSchema) | **Get** /api/v1/meta/schemas/apps/{appInstanceId}/default | Retrieve the default Application User Schema for an Application
+[**GetGroupSchema**](SchemaApi.md#GetGroupSchema) | **Get** /api/v1/meta/schemas/group/default | Retrieve the default Group Schema
+[**GetLogStreamSchema**](SchemaApi.md#GetLogStreamSchema) | **Get** /api/v1/meta/schemas/logStream/{logStreamType} | Retrieve the Log Stream Schema for the schema type
+[**GetUserSchema**](SchemaApi.md#GetUserSchema) | **Get** /api/v1/meta/schemas/user/{schemaId} | Retrieve a User Schema
+[**ListLogStreamSchemas**](SchemaApi.md#ListLogStreamSchemas) | **Get** /api/v1/meta/schemas/logStream | List the Log Stream Schemas
+[**UpdateApplicationUserProfile**](SchemaApi.md#UpdateApplicationUserProfile) | **Post** /api/v1/meta/schemas/apps/{appInstanceId}/default | Update the default Application User Schema for an Application
+[**UpdateGroupSchema**](SchemaApi.md#UpdateGroupSchema) | **Post** /api/v1/meta/schemas/group/default | Update the default Group Schema
+[**UpdateUserProfile**](SchemaApi.md#UpdateUserProfile) | **Post** /api/v1/meta/schemas/user/{schemaId} | Update a User Schema
+
+
+
+## GetApplicationLayout
+
+> ApplicationLayout GetApplicationLayout(ctx, appName).Execute()
+
+Retrieve the UI Layout for an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appName := "appName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.GetApplicationLayout(context.Background(), appName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.GetApplicationLayout``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetApplicationLayout`: ApplicationLayout
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.GetApplicationLayout`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetApplicationLayoutRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**ApplicationLayout**](ApplicationLayout.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetApplicationUserSchema
+
+> UserSchema GetApplicationUserSchema(ctx, appInstanceId).Execute()
+
+Retrieve the default Application User Schema for an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appInstanceId := "appInstanceId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.GetApplicationUserSchema(context.Background(), appInstanceId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.GetApplicationUserSchema``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetApplicationUserSchema`: UserSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.GetApplicationUserSchema`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appInstanceId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetApplicationUserSchemaRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**UserSchema**](UserSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetGroupSchema
+
+> GroupSchema GetGroupSchema(ctx).Execute()
+
+Retrieve the default Group Schema
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.GetGroupSchema(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.GetGroupSchema``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetGroupSchema`: GroupSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.GetGroupSchema`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetGroupSchemaRequest struct via the builder pattern
+
+
+### Return type
+
+[**GroupSchema**](GroupSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetLogStreamSchema
+
+> LogStreamSchema GetLogStreamSchema(ctx, logStreamType).Execute()
+
+Retrieve the Log Stream Schema for the schema type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    logStreamType := openapiclient.LogStreamType("aws_eventbridge") // LogStreamType | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.GetLogStreamSchema(context.Background(), logStreamType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.GetLogStreamSchema``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetLogStreamSchema`: LogStreamSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.GetLogStreamSchema`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**logStreamType** | [**LogStreamType**](.md) |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetLogStreamSchemaRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**LogStreamSchema**](LogStreamSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetUserSchema
+
+> UserSchema GetUserSchema(ctx, schemaId).Execute()
+
+Retrieve a User Schema
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    schemaId := "schemaId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.GetUserSchema(context.Background(), schemaId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.GetUserSchema``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetUserSchema`: UserSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.GetUserSchema`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**schemaId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetUserSchemaRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**UserSchema**](UserSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListLogStreamSchemas
+
+> []LogStreamSchema ListLogStreamSchemas(ctx).Execute()
+
+List the Log Stream Schemas
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.ListLogStreamSchemas(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.ListLogStreamSchemas``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListLogStreamSchemas`: []LogStreamSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.ListLogStreamSchemas`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListLogStreamSchemasRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]LogStreamSchema**](LogStreamSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateApplicationUserProfile
+
+> UserSchema UpdateApplicationUserProfile(ctx, appInstanceId).Body(body).Execute()
+
+Update the default Application User Schema for an Application
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    appInstanceId := "appInstanceId_example" // string | 
+    body := *openapiclient.NewUserSchema() // UserSchema |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.UpdateApplicationUserProfile(context.Background(), appInstanceId).Body(body).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.UpdateApplicationUserProfile``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateApplicationUserProfile`: UserSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.UpdateApplicationUserProfile`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**appInstanceId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateApplicationUserProfileRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **body** | [**UserSchema**](UserSchema.md) |  | 
+
+### Return type
+
+[**UserSchema**](UserSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateGroupSchema
+
+> GroupSchema UpdateGroupSchema(ctx).GroupSchema(groupSchema).Execute()
+
+Update the default Group Schema
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    groupSchema := *openapiclient.NewGroupSchema() // GroupSchema |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.UpdateGroupSchema(context.Background()).GroupSchema(groupSchema).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.UpdateGroupSchema``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateGroupSchema`: GroupSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.UpdateGroupSchema`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateGroupSchemaRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **groupSchema** | [**GroupSchema**](GroupSchema.md) |  | 
+
+### Return type
+
+[**GroupSchema**](GroupSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateUserProfile
+
+> UserSchema UpdateUserProfile(ctx, schemaId).UserSchema(userSchema).Execute()
+
+Update a User Schema
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    schemaId := "schemaId_example" // string | 
+    userSchema := *openapiclient.NewUserSchema() // UserSchema | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SchemaApi.UpdateUserProfile(context.Background(), schemaId).UserSchema(userSchema).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SchemaApi.UpdateUserProfile``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateUserProfile`: UserSchema
+    fmt.Fprintf(os.Stdout, "Response from `SchemaApi.UpdateUserProfile`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**schemaId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateUserProfileRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **userSchema** | [**UserSchema**](UserSchema.md) |  | 
+
+### Return type
+
+[**UserSchema**](UserSchema.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/SchemeApplicationCredentials.md b/okta/docs/SchemeApplicationCredentials.md
new file mode 100644
index 000000000..232ab913f
--- /dev/null
+++ b/okta/docs/SchemeApplicationCredentials.md
@@ -0,0 +1,186 @@
+# SchemeApplicationCredentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Signing** | Pointer to [**ApplicationCredentialsSigning**](ApplicationCredentialsSigning.md) |  | [optional] 
+**UserNameTemplate** | Pointer to [**ApplicationCredentialsUsernameTemplate**](ApplicationCredentialsUsernameTemplate.md) |  | [optional] 
+**Password** | Pointer to [**PasswordCredential**](PasswordCredential.md) |  | [optional] 
+**RevealPassword** | Pointer to **bool** |  | [optional] 
+**Scheme** | Pointer to [**ApplicationCredentialsScheme**](ApplicationCredentialsScheme.md) |  | [optional] 
+**UserName** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSchemeApplicationCredentials
+
+`func NewSchemeApplicationCredentials() *SchemeApplicationCredentials`
+
+NewSchemeApplicationCredentials instantiates a new SchemeApplicationCredentials object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSchemeApplicationCredentialsWithDefaults
+
+`func NewSchemeApplicationCredentialsWithDefaults() *SchemeApplicationCredentials`
+
+NewSchemeApplicationCredentialsWithDefaults instantiates a new SchemeApplicationCredentials object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSigning
+
+`func (o *SchemeApplicationCredentials) GetSigning() ApplicationCredentialsSigning`
+
+GetSigning returns the Signing field if non-nil, zero value otherwise.
+
+### GetSigningOk
+
+`func (o *SchemeApplicationCredentials) GetSigningOk() (*ApplicationCredentialsSigning, bool)`
+
+GetSigningOk returns a tuple with the Signing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSigning
+
+`func (o *SchemeApplicationCredentials) SetSigning(v ApplicationCredentialsSigning)`
+
+SetSigning sets Signing field to given value.
+
+### HasSigning
+
+`func (o *SchemeApplicationCredentials) HasSigning() bool`
+
+HasSigning returns a boolean if a field has been set.
+
+### GetUserNameTemplate
+
+`func (o *SchemeApplicationCredentials) GetUserNameTemplate() ApplicationCredentialsUsernameTemplate`
+
+GetUserNameTemplate returns the UserNameTemplate field if non-nil, zero value otherwise.
+
+### GetUserNameTemplateOk
+
+`func (o *SchemeApplicationCredentials) GetUserNameTemplateOk() (*ApplicationCredentialsUsernameTemplate, bool)`
+
+GetUserNameTemplateOk returns a tuple with the UserNameTemplate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserNameTemplate
+
+`func (o *SchemeApplicationCredentials) SetUserNameTemplate(v ApplicationCredentialsUsernameTemplate)`
+
+SetUserNameTemplate sets UserNameTemplate field to given value.
+
+### HasUserNameTemplate
+
+`func (o *SchemeApplicationCredentials) HasUserNameTemplate() bool`
+
+HasUserNameTemplate returns a boolean if a field has been set.
+
+### GetPassword
+
+`func (o *SchemeApplicationCredentials) GetPassword() PasswordCredential`
+
+GetPassword returns the Password field if non-nil, zero value otherwise.
+
+### GetPasswordOk
+
+`func (o *SchemeApplicationCredentials) GetPasswordOk() (*PasswordCredential, bool)`
+
+GetPasswordOk returns a tuple with the Password field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassword
+
+`func (o *SchemeApplicationCredentials) SetPassword(v PasswordCredential)`
+
+SetPassword sets Password field to given value.
+
+### HasPassword
+
+`func (o *SchemeApplicationCredentials) HasPassword() bool`
+
+HasPassword returns a boolean if a field has been set.
+
+### GetRevealPassword
+
+`func (o *SchemeApplicationCredentials) GetRevealPassword() bool`
+
+GetRevealPassword returns the RevealPassword field if non-nil, zero value otherwise.
+
+### GetRevealPasswordOk
+
+`func (o *SchemeApplicationCredentials) GetRevealPasswordOk() (*bool, bool)`
+
+GetRevealPasswordOk returns a tuple with the RevealPassword field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRevealPassword
+
+`func (o *SchemeApplicationCredentials) SetRevealPassword(v bool)`
+
+SetRevealPassword sets RevealPassword field to given value.
+
+### HasRevealPassword
+
+`func (o *SchemeApplicationCredentials) HasRevealPassword() bool`
+
+HasRevealPassword returns a boolean if a field has been set.
+
+### GetScheme
+
+`func (o *SchemeApplicationCredentials) GetScheme() ApplicationCredentialsScheme`
+
+GetScheme returns the Scheme field if non-nil, zero value otherwise.
+
+### GetSchemeOk
+
+`func (o *SchemeApplicationCredentials) GetSchemeOk() (*ApplicationCredentialsScheme, bool)`
+
+GetSchemeOk returns a tuple with the Scheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScheme
+
+`func (o *SchemeApplicationCredentials) SetScheme(v ApplicationCredentialsScheme)`
+
+SetScheme sets Scheme field to given value.
+
+### HasScheme
+
+`func (o *SchemeApplicationCredentials) HasScheme() bool`
+
+HasScheme returns a boolean if a field has been set.
+
+### GetUserName
+
+`func (o *SchemeApplicationCredentials) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *SchemeApplicationCredentials) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *SchemeApplicationCredentials) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+### HasUserName
+
+`func (o *SchemeApplicationCredentials) HasUserName() bool`
+
+HasUserName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SchemeApplicationCredentialsAllOf.md b/okta/docs/SchemeApplicationCredentialsAllOf.md
new file mode 100644
index 000000000..ab723a2eb
--- /dev/null
+++ b/okta/docs/SchemeApplicationCredentialsAllOf.md
@@ -0,0 +1,160 @@
+# SchemeApplicationCredentialsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Password** | Pointer to [**PasswordCredential**](PasswordCredential.md) |  | [optional] 
+**RevealPassword** | Pointer to **bool** |  | [optional] 
+**Scheme** | Pointer to [**ApplicationCredentialsScheme**](ApplicationCredentialsScheme.md) |  | [optional] 
+**Signing** | Pointer to [**ApplicationCredentialsSigning**](ApplicationCredentialsSigning.md) |  | [optional] 
+**UserName** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSchemeApplicationCredentialsAllOf
+
+`func NewSchemeApplicationCredentialsAllOf() *SchemeApplicationCredentialsAllOf`
+
+NewSchemeApplicationCredentialsAllOf instantiates a new SchemeApplicationCredentialsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSchemeApplicationCredentialsAllOfWithDefaults
+
+`func NewSchemeApplicationCredentialsAllOfWithDefaults() *SchemeApplicationCredentialsAllOf`
+
+NewSchemeApplicationCredentialsAllOfWithDefaults instantiates a new SchemeApplicationCredentialsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPassword
+
+`func (o *SchemeApplicationCredentialsAllOf) GetPassword() PasswordCredential`
+
+GetPassword returns the Password field if non-nil, zero value otherwise.
+
+### GetPasswordOk
+
+`func (o *SchemeApplicationCredentialsAllOf) GetPasswordOk() (*PasswordCredential, bool)`
+
+GetPasswordOk returns a tuple with the Password field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassword
+
+`func (o *SchemeApplicationCredentialsAllOf) SetPassword(v PasswordCredential)`
+
+SetPassword sets Password field to given value.
+
+### HasPassword
+
+`func (o *SchemeApplicationCredentialsAllOf) HasPassword() bool`
+
+HasPassword returns a boolean if a field has been set.
+
+### GetRevealPassword
+
+`func (o *SchemeApplicationCredentialsAllOf) GetRevealPassword() bool`
+
+GetRevealPassword returns the RevealPassword field if non-nil, zero value otherwise.
+
+### GetRevealPasswordOk
+
+`func (o *SchemeApplicationCredentialsAllOf) GetRevealPasswordOk() (*bool, bool)`
+
+GetRevealPasswordOk returns a tuple with the RevealPassword field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRevealPassword
+
+`func (o *SchemeApplicationCredentialsAllOf) SetRevealPassword(v bool)`
+
+SetRevealPassword sets RevealPassword field to given value.
+
+### HasRevealPassword
+
+`func (o *SchemeApplicationCredentialsAllOf) HasRevealPassword() bool`
+
+HasRevealPassword returns a boolean if a field has been set.
+
+### GetScheme
+
+`func (o *SchemeApplicationCredentialsAllOf) GetScheme() ApplicationCredentialsScheme`
+
+GetScheme returns the Scheme field if non-nil, zero value otherwise.
+
+### GetSchemeOk
+
+`func (o *SchemeApplicationCredentialsAllOf) GetSchemeOk() (*ApplicationCredentialsScheme, bool)`
+
+GetSchemeOk returns a tuple with the Scheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScheme
+
+`func (o *SchemeApplicationCredentialsAllOf) SetScheme(v ApplicationCredentialsScheme)`
+
+SetScheme sets Scheme field to given value.
+
+### HasScheme
+
+`func (o *SchemeApplicationCredentialsAllOf) HasScheme() bool`
+
+HasScheme returns a boolean if a field has been set.
+
+### GetSigning
+
+`func (o *SchemeApplicationCredentialsAllOf) GetSigning() ApplicationCredentialsSigning`
+
+GetSigning returns the Signing field if non-nil, zero value otherwise.
+
+### GetSigningOk
+
+`func (o *SchemeApplicationCredentialsAllOf) GetSigningOk() (*ApplicationCredentialsSigning, bool)`
+
+GetSigningOk returns a tuple with the Signing field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSigning
+
+`func (o *SchemeApplicationCredentialsAllOf) SetSigning(v ApplicationCredentialsSigning)`
+
+SetSigning sets Signing field to given value.
+
+### HasSigning
+
+`func (o *SchemeApplicationCredentialsAllOf) HasSigning() bool`
+
+HasSigning returns a boolean if a field has been set.
+
+### GetUserName
+
+`func (o *SchemeApplicationCredentialsAllOf) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *SchemeApplicationCredentialsAllOf) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *SchemeApplicationCredentialsAllOf) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+### HasUserName
+
+`func (o *SchemeApplicationCredentialsAllOf) HasUserName() bool`
+
+HasUserName returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ScreenLockType.md b/okta/docs/ScreenLockType.md
new file mode 100644
index 000000000..09b252f08
--- /dev/null
+++ b/okta/docs/ScreenLockType.md
@@ -0,0 +1,13 @@
+# ScreenLockType
+
+## Enum
+
+
+* `BIOMETRIC` (value: `"BIOMETRIC"`)
+
+* `PASSCODE` (value: `"PASSCODE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurePasswordStoreApplication.md b/okta/docs/SecurePasswordStoreApplication.md
new file mode 100644
index 000000000..4aad7b257
--- /dev/null
+++ b/okta/docs/SecurePasswordStoreApplication.md
@@ -0,0 +1,108 @@
+# SecurePasswordStoreApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "template_sps"]
+**Settings** | Pointer to [**SecurePasswordStoreApplicationSettings**](SecurePasswordStoreApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewSecurePasswordStoreApplication
+
+`func NewSecurePasswordStoreApplication() *SecurePasswordStoreApplication`
+
+NewSecurePasswordStoreApplication instantiates a new SecurePasswordStoreApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurePasswordStoreApplicationWithDefaults
+
+`func NewSecurePasswordStoreApplicationWithDefaults() *SecurePasswordStoreApplication`
+
+NewSecurePasswordStoreApplicationWithDefaults instantiates a new SecurePasswordStoreApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *SecurePasswordStoreApplication) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *SecurePasswordStoreApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *SecurePasswordStoreApplication) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *SecurePasswordStoreApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *SecurePasswordStoreApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *SecurePasswordStoreApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *SecurePasswordStoreApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *SecurePasswordStoreApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *SecurePasswordStoreApplication) GetSettings() SecurePasswordStoreApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *SecurePasswordStoreApplication) GetSettingsOk() (*SecurePasswordStoreApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *SecurePasswordStoreApplication) SetSettings(v SecurePasswordStoreApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *SecurePasswordStoreApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurePasswordStoreApplicationAllOf.md b/okta/docs/SecurePasswordStoreApplicationAllOf.md
new file mode 100644
index 000000000..99e1c35e5
--- /dev/null
+++ b/okta/docs/SecurePasswordStoreApplicationAllOf.md
@@ -0,0 +1,108 @@
+# SecurePasswordStoreApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**SchemeApplicationCredentials**](SchemeApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "template_sps"]
+**Settings** | Pointer to [**SecurePasswordStoreApplicationSettings**](SecurePasswordStoreApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewSecurePasswordStoreApplicationAllOf
+
+`func NewSecurePasswordStoreApplicationAllOf() *SecurePasswordStoreApplicationAllOf`
+
+NewSecurePasswordStoreApplicationAllOf instantiates a new SecurePasswordStoreApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurePasswordStoreApplicationAllOfWithDefaults
+
+`func NewSecurePasswordStoreApplicationAllOfWithDefaults() *SecurePasswordStoreApplicationAllOf`
+
+NewSecurePasswordStoreApplicationAllOfWithDefaults instantiates a new SecurePasswordStoreApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *SecurePasswordStoreApplicationAllOf) GetCredentials() SchemeApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *SecurePasswordStoreApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *SecurePasswordStoreApplicationAllOf) SetCredentials(v SchemeApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *SecurePasswordStoreApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *SecurePasswordStoreApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *SecurePasswordStoreApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *SecurePasswordStoreApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *SecurePasswordStoreApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *SecurePasswordStoreApplicationAllOf) GetSettings() SecurePasswordStoreApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *SecurePasswordStoreApplicationAllOf) GetSettingsOk() (*SecurePasswordStoreApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *SecurePasswordStoreApplicationAllOf) SetSettings(v SecurePasswordStoreApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *SecurePasswordStoreApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurePasswordStoreApplicationSettings.md b/okta/docs/SecurePasswordStoreApplicationSettings.md
new file mode 100644
index 000000000..c33784850
--- /dev/null
+++ b/okta/docs/SecurePasswordStoreApplicationSettings.md
@@ -0,0 +1,186 @@
+# SecurePasswordStoreApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**App** | Pointer to [**SecurePasswordStoreApplicationSettingsApplication**](SecurePasswordStoreApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewSecurePasswordStoreApplicationSettings
+
+`func NewSecurePasswordStoreApplicationSettings() *SecurePasswordStoreApplicationSettings`
+
+NewSecurePasswordStoreApplicationSettings instantiates a new SecurePasswordStoreApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurePasswordStoreApplicationSettingsWithDefaults
+
+`func NewSecurePasswordStoreApplicationSettingsWithDefaults() *SecurePasswordStoreApplicationSettings`
+
+NewSecurePasswordStoreApplicationSettingsWithDefaults instantiates a new SecurePasswordStoreApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *SecurePasswordStoreApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *SecurePasswordStoreApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *SecurePasswordStoreApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *SecurePasswordStoreApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *SecurePasswordStoreApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *SecurePasswordStoreApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *SecurePasswordStoreApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *SecurePasswordStoreApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *SecurePasswordStoreApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *SecurePasswordStoreApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *SecurePasswordStoreApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *SecurePasswordStoreApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *SecurePasswordStoreApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *SecurePasswordStoreApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *SecurePasswordStoreApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *SecurePasswordStoreApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *SecurePasswordStoreApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *SecurePasswordStoreApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *SecurePasswordStoreApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *SecurePasswordStoreApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetApp
+
+`func (o *SecurePasswordStoreApplicationSettings) GetApp() SecurePasswordStoreApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *SecurePasswordStoreApplicationSettings) GetAppOk() (*SecurePasswordStoreApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *SecurePasswordStoreApplicationSettings) SetApp(v SecurePasswordStoreApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *SecurePasswordStoreApplicationSettings) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurePasswordStoreApplicationSettingsAllOf.md b/okta/docs/SecurePasswordStoreApplicationSettingsAllOf.md
new file mode 100644
index 000000000..6b203b874
--- /dev/null
+++ b/okta/docs/SecurePasswordStoreApplicationSettingsAllOf.md
@@ -0,0 +1,56 @@
+# SecurePasswordStoreApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**SecurePasswordStoreApplicationSettingsApplication**](SecurePasswordStoreApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewSecurePasswordStoreApplicationSettingsAllOf
+
+`func NewSecurePasswordStoreApplicationSettingsAllOf() *SecurePasswordStoreApplicationSettingsAllOf`
+
+NewSecurePasswordStoreApplicationSettingsAllOf instantiates a new SecurePasswordStoreApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurePasswordStoreApplicationSettingsAllOfWithDefaults
+
+`func NewSecurePasswordStoreApplicationSettingsAllOfWithDefaults() *SecurePasswordStoreApplicationSettingsAllOf`
+
+NewSecurePasswordStoreApplicationSettingsAllOfWithDefaults instantiates a new SecurePasswordStoreApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *SecurePasswordStoreApplicationSettingsAllOf) GetApp() SecurePasswordStoreApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *SecurePasswordStoreApplicationSettingsAllOf) GetAppOk() (*SecurePasswordStoreApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *SecurePasswordStoreApplicationSettingsAllOf) SetApp(v SecurePasswordStoreApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *SecurePasswordStoreApplicationSettingsAllOf) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurePasswordStoreApplicationSettingsApplication.md b/okta/docs/SecurePasswordStoreApplicationSettingsApplication.md
new file mode 100644
index 000000000..7202d21a5
--- /dev/null
+++ b/okta/docs/SecurePasswordStoreApplicationSettingsApplication.md
@@ -0,0 +1,264 @@
+# SecurePasswordStoreApplicationSettingsApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**OptionalField1** | Pointer to **string** |  | [optional] 
+**OptionalField1Value** | Pointer to **string** |  | [optional] 
+**OptionalField2** | Pointer to **string** |  | [optional] 
+**OptionalField2Value** | Pointer to **string** |  | [optional] 
+**OptionalField3** | Pointer to **string** |  | [optional] 
+**OptionalField3Value** | Pointer to **string** |  | [optional] 
+**PasswordField** | Pointer to **string** |  | [optional] 
+**Url** | Pointer to **string** |  | [optional] 
+**UsernameField** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSecurePasswordStoreApplicationSettingsApplication
+
+`func NewSecurePasswordStoreApplicationSettingsApplication() *SecurePasswordStoreApplicationSettingsApplication`
+
+NewSecurePasswordStoreApplicationSettingsApplication instantiates a new SecurePasswordStoreApplicationSettingsApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurePasswordStoreApplicationSettingsApplicationWithDefaults
+
+`func NewSecurePasswordStoreApplicationSettingsApplicationWithDefaults() *SecurePasswordStoreApplicationSettingsApplication`
+
+NewSecurePasswordStoreApplicationSettingsApplicationWithDefaults instantiates a new SecurePasswordStoreApplicationSettingsApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetOptionalField1
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1() string`
+
+GetOptionalField1 returns the OptionalField1 field if non-nil, zero value otherwise.
+
+### GetOptionalField1Ok
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1Ok() (*string, bool)`
+
+GetOptionalField1Ok returns a tuple with the OptionalField1 field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptionalField1
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField1(v string)`
+
+SetOptionalField1 sets OptionalField1 field to given value.
+
+### HasOptionalField1
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField1() bool`
+
+HasOptionalField1 returns a boolean if a field has been set.
+
+### GetOptionalField1Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1Value() string`
+
+GetOptionalField1Value returns the OptionalField1Value field if non-nil, zero value otherwise.
+
+### GetOptionalField1ValueOk
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1ValueOk() (*string, bool)`
+
+GetOptionalField1ValueOk returns a tuple with the OptionalField1Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptionalField1Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField1Value(v string)`
+
+SetOptionalField1Value sets OptionalField1Value field to given value.
+
+### HasOptionalField1Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField1Value() bool`
+
+HasOptionalField1Value returns a boolean if a field has been set.
+
+### GetOptionalField2
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2() string`
+
+GetOptionalField2 returns the OptionalField2 field if non-nil, zero value otherwise.
+
+### GetOptionalField2Ok
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2Ok() (*string, bool)`
+
+GetOptionalField2Ok returns a tuple with the OptionalField2 field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptionalField2
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField2(v string)`
+
+SetOptionalField2 sets OptionalField2 field to given value.
+
+### HasOptionalField2
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField2() bool`
+
+HasOptionalField2 returns a boolean if a field has been set.
+
+### GetOptionalField2Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2Value() string`
+
+GetOptionalField2Value returns the OptionalField2Value field if non-nil, zero value otherwise.
+
+### GetOptionalField2ValueOk
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2ValueOk() (*string, bool)`
+
+GetOptionalField2ValueOk returns a tuple with the OptionalField2Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptionalField2Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField2Value(v string)`
+
+SetOptionalField2Value sets OptionalField2Value field to given value.
+
+### HasOptionalField2Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField2Value() bool`
+
+HasOptionalField2Value returns a boolean if a field has been set.
+
+### GetOptionalField3
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3() string`
+
+GetOptionalField3 returns the OptionalField3 field if non-nil, zero value otherwise.
+
+### GetOptionalField3Ok
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3Ok() (*string, bool)`
+
+GetOptionalField3Ok returns a tuple with the OptionalField3 field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptionalField3
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField3(v string)`
+
+SetOptionalField3 sets OptionalField3 field to given value.
+
+### HasOptionalField3
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField3() bool`
+
+HasOptionalField3 returns a boolean if a field has been set.
+
+### GetOptionalField3Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3Value() string`
+
+GetOptionalField3Value returns the OptionalField3Value field if non-nil, zero value otherwise.
+
+### GetOptionalField3ValueOk
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3ValueOk() (*string, bool)`
+
+GetOptionalField3ValueOk returns a tuple with the OptionalField3Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOptionalField3Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField3Value(v string)`
+
+SetOptionalField3Value sets OptionalField3Value field to given value.
+
+### HasOptionalField3Value
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField3Value() bool`
+
+HasOptionalField3Value returns a boolean if a field has been set.
+
+### GetPasswordField
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetPasswordField() string`
+
+GetPasswordField returns the PasswordField field if non-nil, zero value otherwise.
+
+### GetPasswordFieldOk
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetPasswordFieldOk() (*string, bool)`
+
+GetPasswordFieldOk returns a tuple with the PasswordField field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordField
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetPasswordField(v string)`
+
+SetPasswordField sets PasswordField field to given value.
+
+### HasPasswordField
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasPasswordField() bool`
+
+HasPasswordField returns a boolean if a field has been set.
+
+### GetUrl
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+### GetUsernameField
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetUsernameField() string`
+
+GetUsernameField returns the UsernameField field if non-nil, zero value otherwise.
+
+### GetUsernameFieldOk
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) GetUsernameFieldOk() (*string, bool)`
+
+GetUsernameFieldOk returns a tuple with the UsernameField field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsernameField
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) SetUsernameField(v string)`
+
+SetUsernameField sets UsernameField field to given value.
+
+### HasUsernameField
+
+`func (o *SecurePasswordStoreApplicationSettingsApplication) HasUsernameField() bool`
+
+HasUsernameField returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurityQuestion.md b/okta/docs/SecurityQuestion.md
new file mode 100644
index 000000000..3946377df
--- /dev/null
+++ b/okta/docs/SecurityQuestion.md
@@ -0,0 +1,108 @@
+# SecurityQuestion
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Answer** | Pointer to **string** |  | [optional] 
+**Question** | Pointer to **string** |  | [optional] 
+**QuestionText** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSecurityQuestion
+
+`func NewSecurityQuestion() *SecurityQuestion`
+
+NewSecurityQuestion instantiates a new SecurityQuestion object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurityQuestionWithDefaults
+
+`func NewSecurityQuestionWithDefaults() *SecurityQuestion`
+
+NewSecurityQuestionWithDefaults instantiates a new SecurityQuestion object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAnswer
+
+`func (o *SecurityQuestion) GetAnswer() string`
+
+GetAnswer returns the Answer field if non-nil, zero value otherwise.
+
+### GetAnswerOk
+
+`func (o *SecurityQuestion) GetAnswerOk() (*string, bool)`
+
+GetAnswerOk returns a tuple with the Answer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAnswer
+
+`func (o *SecurityQuestion) SetAnswer(v string)`
+
+SetAnswer sets Answer field to given value.
+
+### HasAnswer
+
+`func (o *SecurityQuestion) HasAnswer() bool`
+
+HasAnswer returns a boolean if a field has been set.
+
+### GetQuestion
+
+`func (o *SecurityQuestion) GetQuestion() string`
+
+GetQuestion returns the Question field if non-nil, zero value otherwise.
+
+### GetQuestionOk
+
+`func (o *SecurityQuestion) GetQuestionOk() (*string, bool)`
+
+GetQuestionOk returns a tuple with the Question field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetQuestion
+
+`func (o *SecurityQuestion) SetQuestion(v string)`
+
+SetQuestion sets Question field to given value.
+
+### HasQuestion
+
+`func (o *SecurityQuestion) HasQuestion() bool`
+
+HasQuestion returns a boolean if a field has been set.
+
+### GetQuestionText
+
+`func (o *SecurityQuestion) GetQuestionText() string`
+
+GetQuestionText returns the QuestionText field if non-nil, zero value otherwise.
+
+### GetQuestionTextOk
+
+`func (o *SecurityQuestion) GetQuestionTextOk() (*string, bool)`
+
+GetQuestionTextOk returns a tuple with the QuestionText field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetQuestionText
+
+`func (o *SecurityQuestion) SetQuestionText(v string)`
+
+SetQuestionText sets QuestionText field to given value.
+
+### HasQuestionText
+
+`func (o *SecurityQuestion) HasQuestionText() bool`
+
+HasQuestionText returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurityQuestionUserFactor.md b/okta/docs/SecurityQuestionUserFactor.md
new file mode 100644
index 000000000..a6797206e
--- /dev/null
+++ b/okta/docs/SecurityQuestionUserFactor.md
@@ -0,0 +1,56 @@
+# SecurityQuestionUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**SecurityQuestionUserFactorProfile**](SecurityQuestionUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewSecurityQuestionUserFactor
+
+`func NewSecurityQuestionUserFactor() *SecurityQuestionUserFactor`
+
+NewSecurityQuestionUserFactor instantiates a new SecurityQuestionUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurityQuestionUserFactorWithDefaults
+
+`func NewSecurityQuestionUserFactorWithDefaults() *SecurityQuestionUserFactor`
+
+NewSecurityQuestionUserFactorWithDefaults instantiates a new SecurityQuestionUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *SecurityQuestionUserFactor) GetProfile() SecurityQuestionUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *SecurityQuestionUserFactor) GetProfileOk() (*SecurityQuestionUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *SecurityQuestionUserFactor) SetProfile(v SecurityQuestionUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *SecurityQuestionUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurityQuestionUserFactorAllOf.md b/okta/docs/SecurityQuestionUserFactorAllOf.md
new file mode 100644
index 000000000..d6714eea8
--- /dev/null
+++ b/okta/docs/SecurityQuestionUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# SecurityQuestionUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**SecurityQuestionUserFactorProfile**](SecurityQuestionUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewSecurityQuestionUserFactorAllOf
+
+`func NewSecurityQuestionUserFactorAllOf() *SecurityQuestionUserFactorAllOf`
+
+NewSecurityQuestionUserFactorAllOf instantiates a new SecurityQuestionUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurityQuestionUserFactorAllOfWithDefaults
+
+`func NewSecurityQuestionUserFactorAllOfWithDefaults() *SecurityQuestionUserFactorAllOf`
+
+NewSecurityQuestionUserFactorAllOfWithDefaults instantiates a new SecurityQuestionUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *SecurityQuestionUserFactorAllOf) GetProfile() SecurityQuestionUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *SecurityQuestionUserFactorAllOf) GetProfileOk() (*SecurityQuestionUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *SecurityQuestionUserFactorAllOf) SetProfile(v SecurityQuestionUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *SecurityQuestionUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SecurityQuestionUserFactorProfile.md b/okta/docs/SecurityQuestionUserFactorProfile.md
new file mode 100644
index 000000000..abb12f7f8
--- /dev/null
+++ b/okta/docs/SecurityQuestionUserFactorProfile.md
@@ -0,0 +1,108 @@
+# SecurityQuestionUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Answer** | Pointer to **string** |  | [optional] 
+**Question** | Pointer to **string** |  | [optional] 
+**QuestionText** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSecurityQuestionUserFactorProfile
+
+`func NewSecurityQuestionUserFactorProfile() *SecurityQuestionUserFactorProfile`
+
+NewSecurityQuestionUserFactorProfile instantiates a new SecurityQuestionUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSecurityQuestionUserFactorProfileWithDefaults
+
+`func NewSecurityQuestionUserFactorProfileWithDefaults() *SecurityQuestionUserFactorProfile`
+
+NewSecurityQuestionUserFactorProfileWithDefaults instantiates a new SecurityQuestionUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAnswer
+
+`func (o *SecurityQuestionUserFactorProfile) GetAnswer() string`
+
+GetAnswer returns the Answer field if non-nil, zero value otherwise.
+
+### GetAnswerOk
+
+`func (o *SecurityQuestionUserFactorProfile) GetAnswerOk() (*string, bool)`
+
+GetAnswerOk returns a tuple with the Answer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAnswer
+
+`func (o *SecurityQuestionUserFactorProfile) SetAnswer(v string)`
+
+SetAnswer sets Answer field to given value.
+
+### HasAnswer
+
+`func (o *SecurityQuestionUserFactorProfile) HasAnswer() bool`
+
+HasAnswer returns a boolean if a field has been set.
+
+### GetQuestion
+
+`func (o *SecurityQuestionUserFactorProfile) GetQuestion() string`
+
+GetQuestion returns the Question field if non-nil, zero value otherwise.
+
+### GetQuestionOk
+
+`func (o *SecurityQuestionUserFactorProfile) GetQuestionOk() (*string, bool)`
+
+GetQuestionOk returns a tuple with the Question field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetQuestion
+
+`func (o *SecurityQuestionUserFactorProfile) SetQuestion(v string)`
+
+SetQuestion sets Question field to given value.
+
+### HasQuestion
+
+`func (o *SecurityQuestionUserFactorProfile) HasQuestion() bool`
+
+HasQuestion returns a boolean if a field has been set.
+
+### GetQuestionText
+
+`func (o *SecurityQuestionUserFactorProfile) GetQuestionText() string`
+
+GetQuestionText returns the QuestionText field if non-nil, zero value otherwise.
+
+### GetQuestionTextOk
+
+`func (o *SecurityQuestionUserFactorProfile) GetQuestionTextOk() (*string, bool)`
+
+GetQuestionTextOk returns a tuple with the QuestionText field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetQuestionText
+
+`func (o *SecurityQuestionUserFactorProfile) SetQuestionText(v string)`
+
+SetQuestionText sets QuestionText field to given value.
+
+### HasQuestionText
+
+`func (o *SecurityQuestionUserFactorProfile) HasQuestionText() bool`
+
+HasQuestionText returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SeedEnum.md b/okta/docs/SeedEnum.md
new file mode 100644
index 000000000..d269bbe1c
--- /dev/null
+++ b/okta/docs/SeedEnum.md
@@ -0,0 +1,13 @@
+# SeedEnum
+
+## Enum
+
+
+* `OKTA` (value: `"OKTA"`)
+
+* `RANDOM` (value: `"RANDOM"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Session.md b/okta/docs/Session.md
new file mode 100644
index 000000000..4cdd6f7b3
--- /dev/null
+++ b/okta/docs/Session.md
@@ -0,0 +1,316 @@
+# Session
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Amr** | Pointer to [**[]SessionAuthenticationMethod**](SessionAuthenticationMethod.md) |  | [optional] [readonly] 
+**CreatedAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Idp** | Pointer to [**SessionIdentityProvider**](SessionIdentityProvider.md) |  | [optional] 
+**LastFactorVerification** | Pointer to **time.Time** |  | [optional] [readonly] 
+**LastPasswordVerification** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Login** | Pointer to **string** |  | [optional] [readonly] 
+**Status** | Pointer to [**SessionStatus**](SessionStatus.md) |  | [optional] 
+**UserId** | Pointer to **string** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewSession
+
+`func NewSession() *Session`
+
+NewSession instantiates a new Session object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSessionWithDefaults
+
+`func NewSessionWithDefaults() *Session`
+
+NewSessionWithDefaults instantiates a new Session object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAmr
+
+`func (o *Session) GetAmr() []SessionAuthenticationMethod`
+
+GetAmr returns the Amr field if non-nil, zero value otherwise.
+
+### GetAmrOk
+
+`func (o *Session) GetAmrOk() (*[]SessionAuthenticationMethod, bool)`
+
+GetAmrOk returns a tuple with the Amr field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAmr
+
+`func (o *Session) SetAmr(v []SessionAuthenticationMethod)`
+
+SetAmr sets Amr field to given value.
+
+### HasAmr
+
+`func (o *Session) HasAmr() bool`
+
+HasAmr returns a boolean if a field has been set.
+
+### GetCreatedAt
+
+`func (o *Session) GetCreatedAt() time.Time`
+
+GetCreatedAt returns the CreatedAt field if non-nil, zero value otherwise.
+
+### GetCreatedAtOk
+
+`func (o *Session) GetCreatedAtOk() (*time.Time, bool)`
+
+GetCreatedAtOk returns a tuple with the CreatedAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedAt
+
+`func (o *Session) SetCreatedAt(v time.Time)`
+
+SetCreatedAt sets CreatedAt field to given value.
+
+### HasCreatedAt
+
+`func (o *Session) HasCreatedAt() bool`
+
+HasCreatedAt returns a boolean if a field has been set.
+
+### GetExpiresAt
+
+`func (o *Session) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *Session) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *Session) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *Session) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *Session) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *Session) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *Session) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *Session) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetIdp
+
+`func (o *Session) GetIdp() SessionIdentityProvider`
+
+GetIdp returns the Idp field if non-nil, zero value otherwise.
+
+### GetIdpOk
+
+`func (o *Session) GetIdpOk() (*SessionIdentityProvider, bool)`
+
+GetIdpOk returns a tuple with the Idp field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdp
+
+`func (o *Session) SetIdp(v SessionIdentityProvider)`
+
+SetIdp sets Idp field to given value.
+
+### HasIdp
+
+`func (o *Session) HasIdp() bool`
+
+HasIdp returns a boolean if a field has been set.
+
+### GetLastFactorVerification
+
+`func (o *Session) GetLastFactorVerification() time.Time`
+
+GetLastFactorVerification returns the LastFactorVerification field if non-nil, zero value otherwise.
+
+### GetLastFactorVerificationOk
+
+`func (o *Session) GetLastFactorVerificationOk() (*time.Time, bool)`
+
+GetLastFactorVerificationOk returns a tuple with the LastFactorVerification field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastFactorVerification
+
+`func (o *Session) SetLastFactorVerification(v time.Time)`
+
+SetLastFactorVerification sets LastFactorVerification field to given value.
+
+### HasLastFactorVerification
+
+`func (o *Session) HasLastFactorVerification() bool`
+
+HasLastFactorVerification returns a boolean if a field has been set.
+
+### GetLastPasswordVerification
+
+`func (o *Session) GetLastPasswordVerification() time.Time`
+
+GetLastPasswordVerification returns the LastPasswordVerification field if non-nil, zero value otherwise.
+
+### GetLastPasswordVerificationOk
+
+`func (o *Session) GetLastPasswordVerificationOk() (*time.Time, bool)`
+
+GetLastPasswordVerificationOk returns a tuple with the LastPasswordVerification field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastPasswordVerification
+
+`func (o *Session) SetLastPasswordVerification(v time.Time)`
+
+SetLastPasswordVerification sets LastPasswordVerification field to given value.
+
+### HasLastPasswordVerification
+
+`func (o *Session) HasLastPasswordVerification() bool`
+
+HasLastPasswordVerification returns a boolean if a field has been set.
+
+### GetLogin
+
+`func (o *Session) GetLogin() string`
+
+GetLogin returns the Login field if non-nil, zero value otherwise.
+
+### GetLoginOk
+
+`func (o *Session) GetLoginOk() (*string, bool)`
+
+GetLoginOk returns a tuple with the Login field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogin
+
+`func (o *Session) SetLogin(v string)`
+
+SetLogin sets Login field to given value.
+
+### HasLogin
+
+`func (o *Session) HasLogin() bool`
+
+HasLogin returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Session) GetStatus() SessionStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Session) GetStatusOk() (*SessionStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Session) SetStatus(v SessionStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Session) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetUserId
+
+`func (o *Session) GetUserId() string`
+
+GetUserId returns the UserId field if non-nil, zero value otherwise.
+
+### GetUserIdOk
+
+`func (o *Session) GetUserIdOk() (*string, bool)`
+
+GetUserIdOk returns a tuple with the UserId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserId
+
+`func (o *Session) SetUserId(v string)`
+
+SetUserId sets UserId field to given value.
+
+### HasUserId
+
+`func (o *Session) HasUserId() bool`
+
+HasUserId returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Session) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Session) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Session) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Session) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SessionApi.md b/okta/docs/SessionApi.md
new file mode 100644
index 000000000..29c1dd799
--- /dev/null
+++ b/okta/docs/SessionApi.md
@@ -0,0 +1,286 @@
+# \SessionApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateSession**](SessionApi.md#CreateSession) | **Post** /api/v1/sessions | Create a Session with Session Token
+[**GetSession**](SessionApi.md#GetSession) | **Get** /api/v1/sessions/{sessionId} | Retrieve a Session
+[**RefreshSession**](SessionApi.md#RefreshSession) | **Post** /api/v1/sessions/{sessionId}/lifecycle/refresh | Refresh a Session
+[**RevokeSession**](SessionApi.md#RevokeSession) | **Delete** /api/v1/sessions/{sessionId} | Revoke a Session
+
+
+
+## CreateSession
+
+> Session CreateSession(ctx).CreateSessionRequest(createSessionRequest).Execute()
+
+Create a Session with Session Token
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    createSessionRequest := *openapiclient.NewCreateSessionRequest() // CreateSessionRequest | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SessionApi.CreateSession(context.Background()).CreateSessionRequest(createSessionRequest).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SessionApi.CreateSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateSession`: Session
+    fmt.Fprintf(os.Stdout, "Response from `SessionApi.CreateSession`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **createSessionRequest** | [**CreateSessionRequest**](CreateSessionRequest.md) |  | 
+
+### Return type
+
+[**Session**](Session.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetSession
+
+> Session GetSession(ctx, sessionId).Execute()
+
+Retrieve a Session
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    sessionId := "sessionId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SessionApi.GetSession(context.Background(), sessionId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SessionApi.GetSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSession`: Session
+    fmt.Fprintf(os.Stdout, "Response from `SessionApi.GetSession`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Session**](Session.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RefreshSession
+
+> Session RefreshSession(ctx, sessionId).Execute()
+
+Refresh a Session
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    sessionId := "sessionId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SessionApi.RefreshSession(context.Background(), sessionId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SessionApi.RefreshSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `RefreshSession`: Session
+    fmt.Fprintf(os.Stdout, "Response from `SessionApi.RefreshSession`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRefreshSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**Session**](Session.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeSession
+
+> RevokeSession(ctx, sessionId).Execute()
+
+Revoke a Session
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    sessionId := "sessionId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SessionApi.RevokeSession(context.Background(), sessionId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SessionApi.RevokeSession``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**sessionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeSessionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/SessionAuthenticationMethod.md b/okta/docs/SessionAuthenticationMethod.md
new file mode 100644
index 000000000..00e5a0205
--- /dev/null
+++ b/okta/docs/SessionAuthenticationMethod.md
@@ -0,0 +1,33 @@
+# SessionAuthenticationMethod
+
+## Enum
+
+
+* `FPT` (value: `"fpt"`)
+
+* `GEO` (value: `"geo"`)
+
+* `HWK` (value: `"hwk"`)
+
+* `KBA` (value: `"kba"`)
+
+* `MCA` (value: `"mca"`)
+
+* `MFA` (value: `"mfa"`)
+
+* `OTP` (value: `"otp"`)
+
+* `PWD` (value: `"pwd"`)
+
+* `SC` (value: `"sc"`)
+
+* `SMS` (value: `"sms"`)
+
+* `SWK` (value: `"swk"`)
+
+* `TEL` (value: `"tel"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SessionIdentityProvider.md b/okta/docs/SessionIdentityProvider.md
new file mode 100644
index 000000000..c6ccd3203
--- /dev/null
+++ b/okta/docs/SessionIdentityProvider.md
@@ -0,0 +1,82 @@
+# SessionIdentityProvider
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to [**SessionIdentityProviderType**](SessionIdentityProviderType.md) |  | [optional] 
+
+## Methods
+
+### NewSessionIdentityProvider
+
+`func NewSessionIdentityProvider() *SessionIdentityProvider`
+
+NewSessionIdentityProvider instantiates a new SessionIdentityProvider object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSessionIdentityProviderWithDefaults
+
+`func NewSessionIdentityProviderWithDefaults() *SessionIdentityProvider`
+
+NewSessionIdentityProviderWithDefaults instantiates a new SessionIdentityProvider object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *SessionIdentityProvider) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *SessionIdentityProvider) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *SessionIdentityProvider) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *SessionIdentityProvider) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *SessionIdentityProvider) GetType() SessionIdentityProviderType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *SessionIdentityProvider) GetTypeOk() (*SessionIdentityProviderType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *SessionIdentityProvider) SetType(v SessionIdentityProviderType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *SessionIdentityProvider) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SessionIdentityProviderType.md b/okta/docs/SessionIdentityProviderType.md
new file mode 100644
index 000000000..4b3522e03
--- /dev/null
+++ b/okta/docs/SessionIdentityProviderType.md
@@ -0,0 +1,19 @@
+# SessionIdentityProviderType
+
+## Enum
+
+
+* `ACTIVE_DIRECTORY` (value: `"ACTIVE_DIRECTORY"`)
+
+* `FEDERATION` (value: `"FEDERATION"`)
+
+* `LDAP` (value: `"LDAP"`)
+
+* `OKTA` (value: `"OKTA"`)
+
+* `SOCIAL` (value: `"SOCIAL"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SessionStatus.md b/okta/docs/SessionStatus.md
new file mode 100644
index 000000000..81b9d3cac
--- /dev/null
+++ b/okta/docs/SessionStatus.md
@@ -0,0 +1,15 @@
+# SessionStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `MFA_ENROLL` (value: `"MFA_ENROLL"`)
+
+* `MFA_REQUIRED` (value: `"MFA_REQUIRED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SignInPage.md b/okta/docs/SignInPage.md
new file mode 100644
index 000000000..75fbf0e9f
--- /dev/null
+++ b/okta/docs/SignInPage.md
@@ -0,0 +1,108 @@
+# SignInPage
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PageContent** | Pointer to **string** |  | [optional] 
+**WidgetCustomizations** | Pointer to [**SignInPageAllOfWidgetCustomizations**](SignInPageAllOfWidgetCustomizations.md) |  | [optional] 
+**WidgetVersion** | Pointer to **string** | The version specified as a [Semantic Version](https://semver.org/). | [optional] 
+
+## Methods
+
+### NewSignInPage
+
+`func NewSignInPage() *SignInPage`
+
+NewSignInPage instantiates a new SignInPage object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSignInPageWithDefaults
+
+`func NewSignInPageWithDefaults() *SignInPage`
+
+NewSignInPageWithDefaults instantiates a new SignInPage object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPageContent
+
+`func (o *SignInPage) GetPageContent() string`
+
+GetPageContent returns the PageContent field if non-nil, zero value otherwise.
+
+### GetPageContentOk
+
+`func (o *SignInPage) GetPageContentOk() (*string, bool)`
+
+GetPageContentOk returns a tuple with the PageContent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPageContent
+
+`func (o *SignInPage) SetPageContent(v string)`
+
+SetPageContent sets PageContent field to given value.
+
+### HasPageContent
+
+`func (o *SignInPage) HasPageContent() bool`
+
+HasPageContent returns a boolean if a field has been set.
+
+### GetWidgetCustomizations
+
+`func (o *SignInPage) GetWidgetCustomizations() SignInPageAllOfWidgetCustomizations`
+
+GetWidgetCustomizations returns the WidgetCustomizations field if non-nil, zero value otherwise.
+
+### GetWidgetCustomizationsOk
+
+`func (o *SignInPage) GetWidgetCustomizationsOk() (*SignInPageAllOfWidgetCustomizations, bool)`
+
+GetWidgetCustomizationsOk returns a tuple with the WidgetCustomizations field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWidgetCustomizations
+
+`func (o *SignInPage) SetWidgetCustomizations(v SignInPageAllOfWidgetCustomizations)`
+
+SetWidgetCustomizations sets WidgetCustomizations field to given value.
+
+### HasWidgetCustomizations
+
+`func (o *SignInPage) HasWidgetCustomizations() bool`
+
+HasWidgetCustomizations returns a boolean if a field has been set.
+
+### GetWidgetVersion
+
+`func (o *SignInPage) GetWidgetVersion() string`
+
+GetWidgetVersion returns the WidgetVersion field if non-nil, zero value otherwise.
+
+### GetWidgetVersionOk
+
+`func (o *SignInPage) GetWidgetVersionOk() (*string, bool)`
+
+GetWidgetVersionOk returns a tuple with the WidgetVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWidgetVersion
+
+`func (o *SignInPage) SetWidgetVersion(v string)`
+
+SetWidgetVersion sets WidgetVersion field to given value.
+
+### HasWidgetVersion
+
+`func (o *SignInPage) HasWidgetVersion() bool`
+
+HasWidgetVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SignInPageAllOf.md b/okta/docs/SignInPageAllOf.md
new file mode 100644
index 000000000..240c4f4e2
--- /dev/null
+++ b/okta/docs/SignInPageAllOf.md
@@ -0,0 +1,82 @@
+# SignInPageAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**WidgetCustomizations** | Pointer to [**SignInPageAllOfWidgetCustomizations**](SignInPageAllOfWidgetCustomizations.md) |  | [optional] 
+**WidgetVersion** | Pointer to **string** | The version specified as a [Semantic Version](https://semver.org/). | [optional] 
+
+## Methods
+
+### NewSignInPageAllOf
+
+`func NewSignInPageAllOf() *SignInPageAllOf`
+
+NewSignInPageAllOf instantiates a new SignInPageAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSignInPageAllOfWithDefaults
+
+`func NewSignInPageAllOfWithDefaults() *SignInPageAllOf`
+
+NewSignInPageAllOfWithDefaults instantiates a new SignInPageAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetWidgetCustomizations
+
+`func (o *SignInPageAllOf) GetWidgetCustomizations() SignInPageAllOfWidgetCustomizations`
+
+GetWidgetCustomizations returns the WidgetCustomizations field if non-nil, zero value otherwise.
+
+### GetWidgetCustomizationsOk
+
+`func (o *SignInPageAllOf) GetWidgetCustomizationsOk() (*SignInPageAllOfWidgetCustomizations, bool)`
+
+GetWidgetCustomizationsOk returns a tuple with the WidgetCustomizations field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWidgetCustomizations
+
+`func (o *SignInPageAllOf) SetWidgetCustomizations(v SignInPageAllOfWidgetCustomizations)`
+
+SetWidgetCustomizations sets WidgetCustomizations field to given value.
+
+### HasWidgetCustomizations
+
+`func (o *SignInPageAllOf) HasWidgetCustomizations() bool`
+
+HasWidgetCustomizations returns a boolean if a field has been set.
+
+### GetWidgetVersion
+
+`func (o *SignInPageAllOf) GetWidgetVersion() string`
+
+GetWidgetVersion returns the WidgetVersion field if non-nil, zero value otherwise.
+
+### GetWidgetVersionOk
+
+`func (o *SignInPageAllOf) GetWidgetVersionOk() (*string, bool)`
+
+GetWidgetVersionOk returns a tuple with the WidgetVersion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWidgetVersion
+
+`func (o *SignInPageAllOf) SetWidgetVersion(v string)`
+
+SetWidgetVersion sets WidgetVersion field to given value.
+
+### HasWidgetVersion
+
+`func (o *SignInPageAllOf) HasWidgetVersion() bool`
+
+HasWidgetVersion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SignInPageAllOfWidgetCustomizations.md b/okta/docs/SignInPageAllOfWidgetCustomizations.md
new file mode 100644
index 000000000..74a71f755
--- /dev/null
+++ b/okta/docs/SignInPageAllOfWidgetCustomizations.md
@@ -0,0 +1,550 @@
+# SignInPageAllOfWidgetCustomizations
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**SignInLabel** | Pointer to **string** |  | [optional] 
+**UsernameLabel** | Pointer to **string** |  | [optional] 
+**UsernameInfoTip** | Pointer to **string** |  | [optional] 
+**PasswordLabel** | Pointer to **string** |  | [optional] 
+**PasswordInfoTip** | Pointer to **string** |  | [optional] 
+**ShowPasswordVisibilityToggle** | Pointer to **bool** |  | [optional] 
+**ShowUserIdentifier** | Pointer to **bool** |  | [optional] 
+**ForgotPasswordLabel** | Pointer to **string** |  | [optional] 
+**ForgotPasswordUrl** | Pointer to **string** |  | [optional] 
+**UnlockAccountLabel** | Pointer to **string** |  | [optional] 
+**UnlockAccountUrl** | Pointer to **string** |  | [optional] 
+**HelpLabel** | Pointer to **string** |  | [optional] 
+**HelpUrl** | Pointer to **string** |  | [optional] 
+**CustomLink1Label** | Pointer to **string** |  | [optional] 
+**CustomLink1Url** | Pointer to **string** |  | [optional] 
+**CustomLink2Label** | Pointer to **string** |  | [optional] 
+**CustomLink2Url** | Pointer to **string** |  | [optional] 
+**AuthenticatorPageCustomLinkLabel** | Pointer to **string** |  | [optional] 
+**AuthenticatorPageCustomLinkUrl** | Pointer to **string** |  | [optional] 
+**ClassicRecoveryFlowEmailOrUsernameLabel** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSignInPageAllOfWidgetCustomizations
+
+`func NewSignInPageAllOfWidgetCustomizations() *SignInPageAllOfWidgetCustomizations`
+
+NewSignInPageAllOfWidgetCustomizations instantiates a new SignInPageAllOfWidgetCustomizations object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSignInPageAllOfWidgetCustomizationsWithDefaults
+
+`func NewSignInPageAllOfWidgetCustomizationsWithDefaults() *SignInPageAllOfWidgetCustomizations`
+
+NewSignInPageAllOfWidgetCustomizationsWithDefaults instantiates a new SignInPageAllOfWidgetCustomizations object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSignInLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetSignInLabel() string`
+
+GetSignInLabel returns the SignInLabel field if non-nil, zero value otherwise.
+
+### GetSignInLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetSignInLabelOk() (*string, bool)`
+
+GetSignInLabelOk returns a tuple with the SignInLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignInLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetSignInLabel(v string)`
+
+SetSignInLabel sets SignInLabel field to given value.
+
+### HasSignInLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasSignInLabel() bool`
+
+HasSignInLabel returns a boolean if a field has been set.
+
+### GetUsernameLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUsernameLabel() string`
+
+GetUsernameLabel returns the UsernameLabel field if non-nil, zero value otherwise.
+
+### GetUsernameLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUsernameLabelOk() (*string, bool)`
+
+GetUsernameLabelOk returns a tuple with the UsernameLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsernameLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetUsernameLabel(v string)`
+
+SetUsernameLabel sets UsernameLabel field to given value.
+
+### HasUsernameLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasUsernameLabel() bool`
+
+HasUsernameLabel returns a boolean if a field has been set.
+
+### GetUsernameInfoTip
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUsernameInfoTip() string`
+
+GetUsernameInfoTip returns the UsernameInfoTip field if non-nil, zero value otherwise.
+
+### GetUsernameInfoTipOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUsernameInfoTipOk() (*string, bool)`
+
+GetUsernameInfoTipOk returns a tuple with the UsernameInfoTip field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsernameInfoTip
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetUsernameInfoTip(v string)`
+
+SetUsernameInfoTip sets UsernameInfoTip field to given value.
+
+### HasUsernameInfoTip
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasUsernameInfoTip() bool`
+
+HasUsernameInfoTip returns a boolean if a field has been set.
+
+### GetPasswordLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetPasswordLabel() string`
+
+GetPasswordLabel returns the PasswordLabel field if non-nil, zero value otherwise.
+
+### GetPasswordLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetPasswordLabelOk() (*string, bool)`
+
+GetPasswordLabelOk returns a tuple with the PasswordLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetPasswordLabel(v string)`
+
+SetPasswordLabel sets PasswordLabel field to given value.
+
+### HasPasswordLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasPasswordLabel() bool`
+
+HasPasswordLabel returns a boolean if a field has been set.
+
+### GetPasswordInfoTip
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetPasswordInfoTip() string`
+
+GetPasswordInfoTip returns the PasswordInfoTip field if non-nil, zero value otherwise.
+
+### GetPasswordInfoTipOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetPasswordInfoTipOk() (*string, bool)`
+
+GetPasswordInfoTipOk returns a tuple with the PasswordInfoTip field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordInfoTip
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetPasswordInfoTip(v string)`
+
+SetPasswordInfoTip sets PasswordInfoTip field to given value.
+
+### HasPasswordInfoTip
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasPasswordInfoTip() bool`
+
+HasPasswordInfoTip returns a boolean if a field has been set.
+
+### GetShowPasswordVisibilityToggle
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetShowPasswordVisibilityToggle() bool`
+
+GetShowPasswordVisibilityToggle returns the ShowPasswordVisibilityToggle field if non-nil, zero value otherwise.
+
+### GetShowPasswordVisibilityToggleOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetShowPasswordVisibilityToggleOk() (*bool, bool)`
+
+GetShowPasswordVisibilityToggleOk returns a tuple with the ShowPasswordVisibilityToggle field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetShowPasswordVisibilityToggle
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetShowPasswordVisibilityToggle(v bool)`
+
+SetShowPasswordVisibilityToggle sets ShowPasswordVisibilityToggle field to given value.
+
+### HasShowPasswordVisibilityToggle
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasShowPasswordVisibilityToggle() bool`
+
+HasShowPasswordVisibilityToggle returns a boolean if a field has been set.
+
+### GetShowUserIdentifier
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetShowUserIdentifier() bool`
+
+GetShowUserIdentifier returns the ShowUserIdentifier field if non-nil, zero value otherwise.
+
+### GetShowUserIdentifierOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetShowUserIdentifierOk() (*bool, bool)`
+
+GetShowUserIdentifierOk returns a tuple with the ShowUserIdentifier field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetShowUserIdentifier
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetShowUserIdentifier(v bool)`
+
+SetShowUserIdentifier sets ShowUserIdentifier field to given value.
+
+### HasShowUserIdentifier
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasShowUserIdentifier() bool`
+
+HasShowUserIdentifier returns a boolean if a field has been set.
+
+### GetForgotPasswordLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordLabel() string`
+
+GetForgotPasswordLabel returns the ForgotPasswordLabel field if non-nil, zero value otherwise.
+
+### GetForgotPasswordLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordLabelOk() (*string, bool)`
+
+GetForgotPasswordLabelOk returns a tuple with the ForgotPasswordLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetForgotPasswordLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetForgotPasswordLabel(v string)`
+
+SetForgotPasswordLabel sets ForgotPasswordLabel field to given value.
+
+### HasForgotPasswordLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasForgotPasswordLabel() bool`
+
+HasForgotPasswordLabel returns a boolean if a field has been set.
+
+### GetForgotPasswordUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordUrl() string`
+
+GetForgotPasswordUrl returns the ForgotPasswordUrl field if non-nil, zero value otherwise.
+
+### GetForgotPasswordUrlOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordUrlOk() (*string, bool)`
+
+GetForgotPasswordUrlOk returns a tuple with the ForgotPasswordUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetForgotPasswordUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetForgotPasswordUrl(v string)`
+
+SetForgotPasswordUrl sets ForgotPasswordUrl field to given value.
+
+### HasForgotPasswordUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasForgotPasswordUrl() bool`
+
+HasForgotPasswordUrl returns a boolean if a field has been set.
+
+### GetUnlockAccountLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountLabel() string`
+
+GetUnlockAccountLabel returns the UnlockAccountLabel field if non-nil, zero value otherwise.
+
+### GetUnlockAccountLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountLabelOk() (*string, bool)`
+
+GetUnlockAccountLabelOk returns a tuple with the UnlockAccountLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnlockAccountLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetUnlockAccountLabel(v string)`
+
+SetUnlockAccountLabel sets UnlockAccountLabel field to given value.
+
+### HasUnlockAccountLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasUnlockAccountLabel() bool`
+
+HasUnlockAccountLabel returns a boolean if a field has been set.
+
+### GetUnlockAccountUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountUrl() string`
+
+GetUnlockAccountUrl returns the UnlockAccountUrl field if non-nil, zero value otherwise.
+
+### GetUnlockAccountUrlOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountUrlOk() (*string, bool)`
+
+GetUnlockAccountUrlOk returns a tuple with the UnlockAccountUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnlockAccountUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetUnlockAccountUrl(v string)`
+
+SetUnlockAccountUrl sets UnlockAccountUrl field to given value.
+
+### HasUnlockAccountUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasUnlockAccountUrl() bool`
+
+HasUnlockAccountUrl returns a boolean if a field has been set.
+
+### GetHelpLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetHelpLabel() string`
+
+GetHelpLabel returns the HelpLabel field if non-nil, zero value otherwise.
+
+### GetHelpLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetHelpLabelOk() (*string, bool)`
+
+GetHelpLabelOk returns a tuple with the HelpLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHelpLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetHelpLabel(v string)`
+
+SetHelpLabel sets HelpLabel field to given value.
+
+### HasHelpLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasHelpLabel() bool`
+
+HasHelpLabel returns a boolean if a field has been set.
+
+### GetHelpUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetHelpUrl() string`
+
+GetHelpUrl returns the HelpUrl field if non-nil, zero value otherwise.
+
+### GetHelpUrlOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetHelpUrlOk() (*string, bool)`
+
+GetHelpUrlOk returns a tuple with the HelpUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHelpUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetHelpUrl(v string)`
+
+SetHelpUrl sets HelpUrl field to given value.
+
+### HasHelpUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasHelpUrl() bool`
+
+HasHelpUrl returns a boolean if a field has been set.
+
+### GetCustomLink1Label
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1Label() string`
+
+GetCustomLink1Label returns the CustomLink1Label field if non-nil, zero value otherwise.
+
+### GetCustomLink1LabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1LabelOk() (*string, bool)`
+
+GetCustomLink1LabelOk returns a tuple with the CustomLink1Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomLink1Label
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink1Label(v string)`
+
+SetCustomLink1Label sets CustomLink1Label field to given value.
+
+### HasCustomLink1Label
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink1Label() bool`
+
+HasCustomLink1Label returns a boolean if a field has been set.
+
+### GetCustomLink1Url
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1Url() string`
+
+GetCustomLink1Url returns the CustomLink1Url field if non-nil, zero value otherwise.
+
+### GetCustomLink1UrlOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1UrlOk() (*string, bool)`
+
+GetCustomLink1UrlOk returns a tuple with the CustomLink1Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomLink1Url
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink1Url(v string)`
+
+SetCustomLink1Url sets CustomLink1Url field to given value.
+
+### HasCustomLink1Url
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink1Url() bool`
+
+HasCustomLink1Url returns a boolean if a field has been set.
+
+### GetCustomLink2Label
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2Label() string`
+
+GetCustomLink2Label returns the CustomLink2Label field if non-nil, zero value otherwise.
+
+### GetCustomLink2LabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2LabelOk() (*string, bool)`
+
+GetCustomLink2LabelOk returns a tuple with the CustomLink2Label field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomLink2Label
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink2Label(v string)`
+
+SetCustomLink2Label sets CustomLink2Label field to given value.
+
+### HasCustomLink2Label
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink2Label() bool`
+
+HasCustomLink2Label returns a boolean if a field has been set.
+
+### GetCustomLink2Url
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2Url() string`
+
+GetCustomLink2Url returns the CustomLink2Url field if non-nil, zero value otherwise.
+
+### GetCustomLink2UrlOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2UrlOk() (*string, bool)`
+
+GetCustomLink2UrlOk returns a tuple with the CustomLink2Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustomLink2Url
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink2Url(v string)`
+
+SetCustomLink2Url sets CustomLink2Url field to given value.
+
+### HasCustomLink2Url
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink2Url() bool`
+
+HasCustomLink2Url returns a boolean if a field has been set.
+
+### GetAuthenticatorPageCustomLinkLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkLabel() string`
+
+GetAuthenticatorPageCustomLinkLabel returns the AuthenticatorPageCustomLinkLabel field if non-nil, zero value otherwise.
+
+### GetAuthenticatorPageCustomLinkLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkLabelOk() (*string, bool)`
+
+GetAuthenticatorPageCustomLinkLabelOk returns a tuple with the AuthenticatorPageCustomLinkLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthenticatorPageCustomLinkLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetAuthenticatorPageCustomLinkLabel(v string)`
+
+SetAuthenticatorPageCustomLinkLabel sets AuthenticatorPageCustomLinkLabel field to given value.
+
+### HasAuthenticatorPageCustomLinkLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasAuthenticatorPageCustomLinkLabel() bool`
+
+HasAuthenticatorPageCustomLinkLabel returns a boolean if a field has been set.
+
+### GetAuthenticatorPageCustomLinkUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkUrl() string`
+
+GetAuthenticatorPageCustomLinkUrl returns the AuthenticatorPageCustomLinkUrl field if non-nil, zero value otherwise.
+
+### GetAuthenticatorPageCustomLinkUrlOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkUrlOk() (*string, bool)`
+
+GetAuthenticatorPageCustomLinkUrlOk returns a tuple with the AuthenticatorPageCustomLinkUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthenticatorPageCustomLinkUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetAuthenticatorPageCustomLinkUrl(v string)`
+
+SetAuthenticatorPageCustomLinkUrl sets AuthenticatorPageCustomLinkUrl field to given value.
+
+### HasAuthenticatorPageCustomLinkUrl
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasAuthenticatorPageCustomLinkUrl() bool`
+
+HasAuthenticatorPageCustomLinkUrl returns a boolean if a field has been set.
+
+### GetClassicRecoveryFlowEmailOrUsernameLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetClassicRecoveryFlowEmailOrUsernameLabel() string`
+
+GetClassicRecoveryFlowEmailOrUsernameLabel returns the ClassicRecoveryFlowEmailOrUsernameLabel field if non-nil, zero value otherwise.
+
+### GetClassicRecoveryFlowEmailOrUsernameLabelOk
+
+`func (o *SignInPageAllOfWidgetCustomizations) GetClassicRecoveryFlowEmailOrUsernameLabelOk() (*string, bool)`
+
+GetClassicRecoveryFlowEmailOrUsernameLabelOk returns a tuple with the ClassicRecoveryFlowEmailOrUsernameLabel field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClassicRecoveryFlowEmailOrUsernameLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) SetClassicRecoveryFlowEmailOrUsernameLabel(v string)`
+
+SetClassicRecoveryFlowEmailOrUsernameLabel sets ClassicRecoveryFlowEmailOrUsernameLabel field to given value.
+
+### HasClassicRecoveryFlowEmailOrUsernameLabel
+
+`func (o *SignInPageAllOfWidgetCustomizations) HasClassicRecoveryFlowEmailOrUsernameLabel() bool`
+
+HasClassicRecoveryFlowEmailOrUsernameLabel returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SignInPageTouchPointVariant.md b/okta/docs/SignInPageTouchPointVariant.md
new file mode 100644
index 000000000..28ac20ad9
--- /dev/null
+++ b/okta/docs/SignInPageTouchPointVariant.md
@@ -0,0 +1,15 @@
+# SignInPageTouchPointVariant
+
+## Enum
+
+
+* `BACKGROUND_IMAGE` (value: `"BACKGROUND_IMAGE"`)
+
+* `BACKGROUND_SECONDARY_COLOR` (value: `"BACKGROUND_SECONDARY_COLOR"`)
+
+* `OKTA_DEFAULT` (value: `"OKTA_DEFAULT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SignOnInlineHook.md b/okta/docs/SignOnInlineHook.md
new file mode 100644
index 000000000..271228316
--- /dev/null
+++ b/okta/docs/SignOnInlineHook.md
@@ -0,0 +1,56 @@
+# SignOnInlineHook
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSignOnInlineHook
+
+`func NewSignOnInlineHook() *SignOnInlineHook`
+
+NewSignOnInlineHook instantiates a new SignOnInlineHook object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSignOnInlineHookWithDefaults
+
+`func NewSignOnInlineHookWithDefaults() *SignOnInlineHook`
+
+NewSignOnInlineHookWithDefaults instantiates a new SignOnInlineHook object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *SignOnInlineHook) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *SignOnInlineHook) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *SignOnInlineHook) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *SignOnInlineHook) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SingleLogout.md b/okta/docs/SingleLogout.md
new file mode 100644
index 000000000..b48e1b20f
--- /dev/null
+++ b/okta/docs/SingleLogout.md
@@ -0,0 +1,108 @@
+# SingleLogout
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enabled** | Pointer to **bool** |  | [optional] 
+**Issuer** | Pointer to **string** |  | [optional] 
+**LogoutUrl** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSingleLogout
+
+`func NewSingleLogout() *SingleLogout`
+
+NewSingleLogout instantiates a new SingleLogout object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSingleLogoutWithDefaults
+
+`func NewSingleLogoutWithDefaults() *SingleLogout`
+
+NewSingleLogoutWithDefaults instantiates a new SingleLogout object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnabled
+
+`func (o *SingleLogout) GetEnabled() bool`
+
+GetEnabled returns the Enabled field if non-nil, zero value otherwise.
+
+### GetEnabledOk
+
+`func (o *SingleLogout) GetEnabledOk() (*bool, bool)`
+
+GetEnabledOk returns a tuple with the Enabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnabled
+
+`func (o *SingleLogout) SetEnabled(v bool)`
+
+SetEnabled sets Enabled field to given value.
+
+### HasEnabled
+
+`func (o *SingleLogout) HasEnabled() bool`
+
+HasEnabled returns a boolean if a field has been set.
+
+### GetIssuer
+
+`func (o *SingleLogout) GetIssuer() string`
+
+GetIssuer returns the Issuer field if non-nil, zero value otherwise.
+
+### GetIssuerOk
+
+`func (o *SingleLogout) GetIssuerOk() (*string, bool)`
+
+GetIssuerOk returns a tuple with the Issuer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIssuer
+
+`func (o *SingleLogout) SetIssuer(v string)`
+
+SetIssuer sets Issuer field to given value.
+
+### HasIssuer
+
+`func (o *SingleLogout) HasIssuer() bool`
+
+HasIssuer returns a boolean if a field has been set.
+
+### GetLogoutUrl
+
+`func (o *SingleLogout) GetLogoutUrl() string`
+
+GetLogoutUrl returns the LogoutUrl field if non-nil, zero value otherwise.
+
+### GetLogoutUrlOk
+
+`func (o *SingleLogout) GetLogoutUrlOk() (*string, bool)`
+
+GetLogoutUrlOk returns a tuple with the LogoutUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogoutUrl
+
+`func (o *SingleLogout) SetLogoutUrl(v string)`
+
+SetLogoutUrl sets LogoutUrl field to given value.
+
+### HasLogoutUrl
+
+`func (o *SingleLogout) HasLogoutUrl() bool`
+
+HasLogoutUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SmsTemplate.md b/okta/docs/SmsTemplate.md
new file mode 100644
index 000000000..964d33e23
--- /dev/null
+++ b/okta/docs/SmsTemplate.md
@@ -0,0 +1,212 @@
+# SmsTemplate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Template** | Pointer to **string** |  | [optional] 
+**Translations** | Pointer to **map[string]interface{}** |  | [optional] 
+**Type** | Pointer to [**SmsTemplateType**](SmsTemplateType.md) |  | [optional] 
+
+## Methods
+
+### NewSmsTemplate
+
+`func NewSmsTemplate() *SmsTemplate`
+
+NewSmsTemplate instantiates a new SmsTemplate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSmsTemplateWithDefaults
+
+`func NewSmsTemplateWithDefaults() *SmsTemplate`
+
+NewSmsTemplateWithDefaults instantiates a new SmsTemplate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *SmsTemplate) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *SmsTemplate) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *SmsTemplate) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *SmsTemplate) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *SmsTemplate) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *SmsTemplate) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *SmsTemplate) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *SmsTemplate) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *SmsTemplate) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *SmsTemplate) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *SmsTemplate) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *SmsTemplate) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *SmsTemplate) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *SmsTemplate) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *SmsTemplate) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *SmsTemplate) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetTemplate
+
+`func (o *SmsTemplate) GetTemplate() string`
+
+GetTemplate returns the Template field if non-nil, zero value otherwise.
+
+### GetTemplateOk
+
+`func (o *SmsTemplate) GetTemplateOk() (*string, bool)`
+
+GetTemplateOk returns a tuple with the Template field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTemplate
+
+`func (o *SmsTemplate) SetTemplate(v string)`
+
+SetTemplate sets Template field to given value.
+
+### HasTemplate
+
+`func (o *SmsTemplate) HasTemplate() bool`
+
+HasTemplate returns a boolean if a field has been set.
+
+### GetTranslations
+
+`func (o *SmsTemplate) GetTranslations() map[string]interface{}`
+
+GetTranslations returns the Translations field if non-nil, zero value otherwise.
+
+### GetTranslationsOk
+
+`func (o *SmsTemplate) GetTranslationsOk() (*map[string]interface{}, bool)`
+
+GetTranslationsOk returns a tuple with the Translations field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTranslations
+
+`func (o *SmsTemplate) SetTranslations(v map[string]interface{})`
+
+SetTranslations sets Translations field to given value.
+
+### HasTranslations
+
+`func (o *SmsTemplate) HasTranslations() bool`
+
+HasTranslations returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *SmsTemplate) GetType() SmsTemplateType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *SmsTemplate) GetTypeOk() (*SmsTemplateType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *SmsTemplate) SetType(v SmsTemplateType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *SmsTemplate) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SmsTemplateType.md b/okta/docs/SmsTemplateType.md
new file mode 100644
index 000000000..082735b7a
--- /dev/null
+++ b/okta/docs/SmsTemplateType.md
@@ -0,0 +1,11 @@
+# SmsTemplateType
+
+## Enum
+
+
+* `SMS_VERIFY_CODE` (value: `"SMS_VERIFY_CODE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SmsUserFactor.md b/okta/docs/SmsUserFactor.md
new file mode 100644
index 000000000..05b7ae3c8
--- /dev/null
+++ b/okta/docs/SmsUserFactor.md
@@ -0,0 +1,56 @@
+# SmsUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**SmsUserFactorProfile**](SmsUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewSmsUserFactor
+
+`func NewSmsUserFactor() *SmsUserFactor`
+
+NewSmsUserFactor instantiates a new SmsUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSmsUserFactorWithDefaults
+
+`func NewSmsUserFactorWithDefaults() *SmsUserFactor`
+
+NewSmsUserFactorWithDefaults instantiates a new SmsUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *SmsUserFactor) GetProfile() SmsUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *SmsUserFactor) GetProfileOk() (*SmsUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *SmsUserFactor) SetProfile(v SmsUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *SmsUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SmsUserFactorAllOf.md b/okta/docs/SmsUserFactorAllOf.md
new file mode 100644
index 000000000..e305c4a4b
--- /dev/null
+++ b/okta/docs/SmsUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# SmsUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**SmsUserFactorProfile**](SmsUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewSmsUserFactorAllOf
+
+`func NewSmsUserFactorAllOf() *SmsUserFactorAllOf`
+
+NewSmsUserFactorAllOf instantiates a new SmsUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSmsUserFactorAllOfWithDefaults
+
+`func NewSmsUserFactorAllOfWithDefaults() *SmsUserFactorAllOf`
+
+NewSmsUserFactorAllOfWithDefaults instantiates a new SmsUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *SmsUserFactorAllOf) GetProfile() SmsUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *SmsUserFactorAllOf) GetProfileOk() (*SmsUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *SmsUserFactorAllOf) SetProfile(v SmsUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *SmsUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SmsUserFactorProfile.md b/okta/docs/SmsUserFactorProfile.md
new file mode 100644
index 000000000..cb0c6e656
--- /dev/null
+++ b/okta/docs/SmsUserFactorProfile.md
@@ -0,0 +1,56 @@
+# SmsUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PhoneNumber** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSmsUserFactorProfile
+
+`func NewSmsUserFactorProfile() *SmsUserFactorProfile`
+
+NewSmsUserFactorProfile instantiates a new SmsUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSmsUserFactorProfileWithDefaults
+
+`func NewSmsUserFactorProfileWithDefaults() *SmsUserFactorProfile`
+
+NewSmsUserFactorProfileWithDefaults instantiates a new SmsUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPhoneNumber
+
+`func (o *SmsUserFactorProfile) GetPhoneNumber() string`
+
+GetPhoneNumber returns the PhoneNumber field if non-nil, zero value otherwise.
+
+### GetPhoneNumberOk
+
+`func (o *SmsUserFactorProfile) GetPhoneNumberOk() (*string, bool)`
+
+GetPhoneNumberOk returns a tuple with the PhoneNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPhoneNumber
+
+`func (o *SmsUserFactorProfile) SetPhoneNumber(v string)`
+
+SetPhoneNumber sets PhoneNumber field to given value.
+
+### HasPhoneNumber
+
+`func (o *SmsUserFactorProfile) HasPhoneNumber() bool`
+
+HasPhoneNumber returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SocialAuthToken.md b/okta/docs/SocialAuthToken.md
new file mode 100644
index 000000000..9e7491120
--- /dev/null
+++ b/okta/docs/SocialAuthToken.md
@@ -0,0 +1,186 @@
+# SocialAuthToken
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**Scopes** | Pointer to **[]string** |  | [optional] 
+**Token** | Pointer to **string** |  | [optional] 
+**TokenAuthScheme** | Pointer to **string** |  | [optional] 
+**TokenType** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSocialAuthToken
+
+`func NewSocialAuthToken() *SocialAuthToken`
+
+NewSocialAuthToken instantiates a new SocialAuthToken object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSocialAuthTokenWithDefaults
+
+`func NewSocialAuthTokenWithDefaults() *SocialAuthToken`
+
+NewSocialAuthTokenWithDefaults instantiates a new SocialAuthToken object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiresAt
+
+`func (o *SocialAuthToken) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *SocialAuthToken) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *SocialAuthToken) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *SocialAuthToken) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *SocialAuthToken) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *SocialAuthToken) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *SocialAuthToken) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *SocialAuthToken) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *SocialAuthToken) GetScopes() []string`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *SocialAuthToken) GetScopesOk() (*[]string, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *SocialAuthToken) SetScopes(v []string)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *SocialAuthToken) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetToken
+
+`func (o *SocialAuthToken) GetToken() string`
+
+GetToken returns the Token field if non-nil, zero value otherwise.
+
+### GetTokenOk
+
+`func (o *SocialAuthToken) GetTokenOk() (*string, bool)`
+
+GetTokenOk returns a tuple with the Token field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetToken
+
+`func (o *SocialAuthToken) SetToken(v string)`
+
+SetToken sets Token field to given value.
+
+### HasToken
+
+`func (o *SocialAuthToken) HasToken() bool`
+
+HasToken returns a boolean if a field has been set.
+
+### GetTokenAuthScheme
+
+`func (o *SocialAuthToken) GetTokenAuthScheme() string`
+
+GetTokenAuthScheme returns the TokenAuthScheme field if non-nil, zero value otherwise.
+
+### GetTokenAuthSchemeOk
+
+`func (o *SocialAuthToken) GetTokenAuthSchemeOk() (*string, bool)`
+
+GetTokenAuthSchemeOk returns a tuple with the TokenAuthScheme field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenAuthScheme
+
+`func (o *SocialAuthToken) SetTokenAuthScheme(v string)`
+
+SetTokenAuthScheme sets TokenAuthScheme field to given value.
+
+### HasTokenAuthScheme
+
+`func (o *SocialAuthToken) HasTokenAuthScheme() bool`
+
+HasTokenAuthScheme returns a boolean if a field has been set.
+
+### GetTokenType
+
+`func (o *SocialAuthToken) GetTokenType() string`
+
+GetTokenType returns the TokenType field if non-nil, zero value otherwise.
+
+### GetTokenTypeOk
+
+`func (o *SocialAuthToken) GetTokenTypeOk() (*string, bool)`
+
+GetTokenTypeOk returns a tuple with the TokenType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTokenType
+
+`func (o *SocialAuthToken) SetTokenType(v string)`
+
+SetTokenType sets TokenType field to given value.
+
+### HasTokenType
+
+`func (o *SocialAuthToken) HasTokenType() bool`
+
+HasTokenType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SpCertificate.md b/okta/docs/SpCertificate.md
new file mode 100644
index 000000000..6bea2df7e
--- /dev/null
+++ b/okta/docs/SpCertificate.md
@@ -0,0 +1,56 @@
+# SpCertificate
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**X5c** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewSpCertificate
+
+`func NewSpCertificate() *SpCertificate`
+
+NewSpCertificate instantiates a new SpCertificate object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSpCertificateWithDefaults
+
+`func NewSpCertificateWithDefaults() *SpCertificate`
+
+NewSpCertificateWithDefaults instantiates a new SpCertificate object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetX5c
+
+`func (o *SpCertificate) GetX5c() []string`
+
+GetX5c returns the X5c field if non-nil, zero value otherwise.
+
+### GetX5cOk
+
+`func (o *SpCertificate) GetX5cOk() (*[]string, bool)`
+
+GetX5cOk returns a tuple with the X5c field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetX5c
+
+`func (o *SpCertificate) SetX5c(v []string)`
+
+SetX5c sets X5c field to given value.
+
+### HasX5c
+
+`func (o *SpCertificate) HasX5c() bool`
+
+HasX5c returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/Subscription.md b/okta/docs/Subscription.md
new file mode 100644
index 000000000..bbb60d7dd
--- /dev/null
+++ b/okta/docs/Subscription.md
@@ -0,0 +1,134 @@
+# Subscription
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Channels** | Pointer to **[]string** |  | [optional] 
+**NotificationType** | Pointer to [**NotificationType**](NotificationType.md) |  | [optional] 
+**Status** | Pointer to [**SubscriptionStatus**](SubscriptionStatus.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewSubscription
+
+`func NewSubscription() *Subscription`
+
+NewSubscription instantiates a new Subscription object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSubscriptionWithDefaults
+
+`func NewSubscriptionWithDefaults() *Subscription`
+
+NewSubscriptionWithDefaults instantiates a new Subscription object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetChannels
+
+`func (o *Subscription) GetChannels() []string`
+
+GetChannels returns the Channels field if non-nil, zero value otherwise.
+
+### GetChannelsOk
+
+`func (o *Subscription) GetChannelsOk() (*[]string, bool)`
+
+GetChannelsOk returns a tuple with the Channels field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChannels
+
+`func (o *Subscription) SetChannels(v []string)`
+
+SetChannels sets Channels field to given value.
+
+### HasChannels
+
+`func (o *Subscription) HasChannels() bool`
+
+HasChannels returns a boolean if a field has been set.
+
+### GetNotificationType
+
+`func (o *Subscription) GetNotificationType() NotificationType`
+
+GetNotificationType returns the NotificationType field if non-nil, zero value otherwise.
+
+### GetNotificationTypeOk
+
+`func (o *Subscription) GetNotificationTypeOk() (*NotificationType, bool)`
+
+GetNotificationTypeOk returns a tuple with the NotificationType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotificationType
+
+`func (o *Subscription) SetNotificationType(v NotificationType)`
+
+SetNotificationType sets NotificationType field to given value.
+
+### HasNotificationType
+
+`func (o *Subscription) HasNotificationType() bool`
+
+HasNotificationType returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *Subscription) GetStatus() SubscriptionStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *Subscription) GetStatusOk() (*SubscriptionStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *Subscription) SetStatus(v SubscriptionStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *Subscription) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Subscription) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Subscription) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Subscription) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Subscription) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SubscriptionApi.md b/okta/docs/SubscriptionApi.md
new file mode 100644
index 000000000..ed4eeab17
--- /dev/null
+++ b/okta/docs/SubscriptionApi.md
@@ -0,0 +1,586 @@
+# \SubscriptionApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ListRoleSubscriptions**](SubscriptionApi.md#ListRoleSubscriptions) | **Get** /api/v1/roles/{roleTypeOrRoleId}/subscriptions | List all Subscriptions of a Custom Role
+[**ListRoleSubscriptionsByNotificationType**](SubscriptionApi.md#ListRoleSubscriptionsByNotificationType) | **Get** /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType} | List all Subscriptions of a Custom Role with a specific notification type
+[**ListUserSubscriptions**](SubscriptionApi.md#ListUserSubscriptions) | **Get** /api/v1/users/{userId}/subscriptions | List all Subscriptions
+[**ListUserSubscriptionsByNotificationType**](SubscriptionApi.md#ListUserSubscriptionsByNotificationType) | **Get** /api/v1/users/{userId}/subscriptions/{notificationType} | List all Subscriptions by type
+[**SubscribeRoleSubscriptionByNotificationType**](SubscriptionApi.md#SubscribeRoleSubscriptionByNotificationType) | **Post** /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe | Subscribe a Custom Role to a specific notification type
+[**SubscribeUserSubscriptionByNotificationType**](SubscriptionApi.md#SubscribeUserSubscriptionByNotificationType) | **Post** /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe | Subscribe to a specific notification type
+[**UnsubscribeRoleSubscriptionByNotificationType**](SubscriptionApi.md#UnsubscribeRoleSubscriptionByNotificationType) | **Post** /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe | Unsubscribe a Custom Role from a specific notification type
+[**UnsubscribeUserSubscriptionByNotificationType**](SubscriptionApi.md#UnsubscribeUserSubscriptionByNotificationType) | **Post** /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe | Unsubscribe from a specific notification type
+
+
+
+## ListRoleSubscriptions
+
+> []Subscription ListRoleSubscriptions(ctx, roleTypeOrRoleId).Execute()
+
+List all Subscriptions of a Custom Role
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleTypeOrRoleId := "roleTypeOrRoleId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.ListRoleSubscriptions(context.Background(), roleTypeOrRoleId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.ListRoleSubscriptions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListRoleSubscriptions`: []Subscription
+    fmt.Fprintf(os.Stdout, "Response from `SubscriptionApi.ListRoleSubscriptions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleTypeOrRoleId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListRoleSubscriptionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]Subscription**](Subscription.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListRoleSubscriptionsByNotificationType
+
+> Subscription ListRoleSubscriptionsByNotificationType(ctx, roleTypeOrRoleId, notificationType).Execute()
+
+List all Subscriptions of a Custom Role with a specific notification type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleTypeOrRoleId := "roleTypeOrRoleId_example" // string | 
+    notificationType := "notificationType_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.ListRoleSubscriptionsByNotificationType(context.Background(), roleTypeOrRoleId, notificationType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.ListRoleSubscriptionsByNotificationType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListRoleSubscriptionsByNotificationType`: Subscription
+    fmt.Fprintf(os.Stdout, "Response from `SubscriptionApi.ListRoleSubscriptionsByNotificationType`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleTypeOrRoleId** | **string** |  | 
+**notificationType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListRoleSubscriptionsByNotificationTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**Subscription**](Subscription.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserSubscriptions
+
+> []Subscription ListUserSubscriptions(ctx, userId).Execute()
+
+List all Subscriptions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.ListUserSubscriptions(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.ListUserSubscriptions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserSubscriptions`: []Subscription
+    fmt.Fprintf(os.Stdout, "Response from `SubscriptionApi.ListUserSubscriptions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserSubscriptionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]Subscription**](Subscription.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserSubscriptionsByNotificationType
+
+> Subscription ListUserSubscriptionsByNotificationType(ctx, userId, notificationType).Execute()
+
+List all Subscriptions by type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    notificationType := "notificationType_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.ListUserSubscriptionsByNotificationType(context.Background(), userId, notificationType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.ListUserSubscriptionsByNotificationType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserSubscriptionsByNotificationType`: Subscription
+    fmt.Fprintf(os.Stdout, "Response from `SubscriptionApi.ListUserSubscriptionsByNotificationType`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**notificationType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserSubscriptionsByNotificationTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**Subscription**](Subscription.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## SubscribeRoleSubscriptionByNotificationType
+
+> SubscribeRoleSubscriptionByNotificationType(ctx, roleTypeOrRoleId, notificationType).Execute()
+
+Subscribe a Custom Role to a specific notification type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleTypeOrRoleId := "roleTypeOrRoleId_example" // string | 
+    notificationType := "notificationType_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.SubscribeRoleSubscriptionByNotificationType(context.Background(), roleTypeOrRoleId, notificationType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.SubscribeRoleSubscriptionByNotificationType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleTypeOrRoleId** | **string** |  | 
+**notificationType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiSubscribeRoleSubscriptionByNotificationTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## SubscribeUserSubscriptionByNotificationType
+
+> SubscribeUserSubscriptionByNotificationType(ctx, userId, notificationType).Execute()
+
+Subscribe to a specific notification type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    notificationType := "notificationType_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.SubscribeUserSubscriptionByNotificationType(context.Background(), userId, notificationType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.SubscribeUserSubscriptionByNotificationType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**notificationType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiSubscribeUserSubscriptionByNotificationTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnsubscribeRoleSubscriptionByNotificationType
+
+> UnsubscribeRoleSubscriptionByNotificationType(ctx, roleTypeOrRoleId, notificationType).Execute()
+
+Unsubscribe a Custom Role from a specific notification type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    roleTypeOrRoleId := "roleTypeOrRoleId_example" // string | 
+    notificationType := "notificationType_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.UnsubscribeRoleSubscriptionByNotificationType(context.Background(), roleTypeOrRoleId, notificationType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.UnsubscribeRoleSubscriptionByNotificationType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**roleTypeOrRoleId** | **string** |  | 
+**notificationType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnsubscribeRoleSubscriptionByNotificationTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnsubscribeUserSubscriptionByNotificationType
+
+> UnsubscribeUserSubscriptionByNotificationType(ctx, userId, notificationType).Execute()
+
+Unsubscribe from a specific notification type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    notificationType := "notificationType_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SubscriptionApi.UnsubscribeUserSubscriptionByNotificationType(context.Background(), userId, notificationType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SubscriptionApi.UnsubscribeUserSubscriptionByNotificationType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**notificationType** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnsubscribeUserSubscriptionByNotificationTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/SubscriptionStatus.md b/okta/docs/SubscriptionStatus.md
new file mode 100644
index 000000000..506fe6888
--- /dev/null
+++ b/okta/docs/SubscriptionStatus.md
@@ -0,0 +1,13 @@
+# SubscriptionStatus
+
+## Enum
+
+
+* `SUBSCRIBED` (value: `"subscribed"`)
+
+* `UNSUBSCRIBED` (value: `"unsubscribed"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SwaApplicationSettings.md b/okta/docs/SwaApplicationSettings.md
new file mode 100644
index 000000000..6681e1ddb
--- /dev/null
+++ b/okta/docs/SwaApplicationSettings.md
@@ -0,0 +1,186 @@
+# SwaApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**App** | Pointer to [**SwaApplicationSettingsApplication**](SwaApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewSwaApplicationSettings
+
+`func NewSwaApplicationSettings() *SwaApplicationSettings`
+
+NewSwaApplicationSettings instantiates a new SwaApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSwaApplicationSettingsWithDefaults
+
+`func NewSwaApplicationSettingsWithDefaults() *SwaApplicationSettings`
+
+NewSwaApplicationSettingsWithDefaults instantiates a new SwaApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *SwaApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *SwaApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *SwaApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *SwaApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *SwaApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *SwaApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *SwaApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *SwaApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *SwaApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *SwaApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *SwaApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *SwaApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *SwaApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *SwaApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *SwaApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *SwaApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *SwaApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *SwaApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *SwaApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *SwaApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetApp
+
+`func (o *SwaApplicationSettings) GetApp() SwaApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *SwaApplicationSettings) GetAppOk() (*SwaApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *SwaApplicationSettings) SetApp(v SwaApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *SwaApplicationSettings) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SwaApplicationSettingsAllOf.md b/okta/docs/SwaApplicationSettingsAllOf.md
new file mode 100644
index 000000000..d3cf6e29c
--- /dev/null
+++ b/okta/docs/SwaApplicationSettingsAllOf.md
@@ -0,0 +1,56 @@
+# SwaApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**SwaApplicationSettingsApplication**](SwaApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewSwaApplicationSettingsAllOf
+
+`func NewSwaApplicationSettingsAllOf() *SwaApplicationSettingsAllOf`
+
+NewSwaApplicationSettingsAllOf instantiates a new SwaApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSwaApplicationSettingsAllOfWithDefaults
+
+`func NewSwaApplicationSettingsAllOfWithDefaults() *SwaApplicationSettingsAllOf`
+
+NewSwaApplicationSettingsAllOfWithDefaults instantiates a new SwaApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *SwaApplicationSettingsAllOf) GetApp() SwaApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *SwaApplicationSettingsAllOf) GetAppOk() (*SwaApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *SwaApplicationSettingsAllOf) SetApp(v SwaApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *SwaApplicationSettingsAllOf) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SwaApplicationSettingsApplication.md b/okta/docs/SwaApplicationSettingsApplication.md
new file mode 100644
index 000000000..b08e04cc8
--- /dev/null
+++ b/okta/docs/SwaApplicationSettingsApplication.md
@@ -0,0 +1,368 @@
+# SwaApplicationSettingsApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ButtonField** | Pointer to **string** |  | [optional] 
+**ButtonSelector** | Pointer to **string** |  | [optional] 
+**Checkbox** | Pointer to **string** |  | [optional] 
+**ExtraFieldSelector** | Pointer to **string** |  | [optional] 
+**ExtraFieldValue** | Pointer to **string** |  | [optional] 
+**LoginUrlRegex** | Pointer to **string** |  | [optional] 
+**PasswordField** | Pointer to **string** |  | [optional] 
+**PasswordSelector** | Pointer to **string** |  | [optional] 
+**RedirectUrl** | Pointer to **string** |  | [optional] 
+**TargetURL** | Pointer to **string** |  | [optional] 
+**Url** | Pointer to **string** |  | [optional] 
+**UsernameField** | Pointer to **string** |  | [optional] 
+**UserNameSelector** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewSwaApplicationSettingsApplication
+
+`func NewSwaApplicationSettingsApplication() *SwaApplicationSettingsApplication`
+
+NewSwaApplicationSettingsApplication instantiates a new SwaApplicationSettingsApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewSwaApplicationSettingsApplicationWithDefaults
+
+`func NewSwaApplicationSettingsApplicationWithDefaults() *SwaApplicationSettingsApplication`
+
+NewSwaApplicationSettingsApplicationWithDefaults instantiates a new SwaApplicationSettingsApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetButtonField
+
+`func (o *SwaApplicationSettingsApplication) GetButtonField() string`
+
+GetButtonField returns the ButtonField field if non-nil, zero value otherwise.
+
+### GetButtonFieldOk
+
+`func (o *SwaApplicationSettingsApplication) GetButtonFieldOk() (*string, bool)`
+
+GetButtonFieldOk returns a tuple with the ButtonField field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetButtonField
+
+`func (o *SwaApplicationSettingsApplication) SetButtonField(v string)`
+
+SetButtonField sets ButtonField field to given value.
+
+### HasButtonField
+
+`func (o *SwaApplicationSettingsApplication) HasButtonField() bool`
+
+HasButtonField returns a boolean if a field has been set.
+
+### GetButtonSelector
+
+`func (o *SwaApplicationSettingsApplication) GetButtonSelector() string`
+
+GetButtonSelector returns the ButtonSelector field if non-nil, zero value otherwise.
+
+### GetButtonSelectorOk
+
+`func (o *SwaApplicationSettingsApplication) GetButtonSelectorOk() (*string, bool)`
+
+GetButtonSelectorOk returns a tuple with the ButtonSelector field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetButtonSelector
+
+`func (o *SwaApplicationSettingsApplication) SetButtonSelector(v string)`
+
+SetButtonSelector sets ButtonSelector field to given value.
+
+### HasButtonSelector
+
+`func (o *SwaApplicationSettingsApplication) HasButtonSelector() bool`
+
+HasButtonSelector returns a boolean if a field has been set.
+
+### GetCheckbox
+
+`func (o *SwaApplicationSettingsApplication) GetCheckbox() string`
+
+GetCheckbox returns the Checkbox field if non-nil, zero value otherwise.
+
+### GetCheckboxOk
+
+`func (o *SwaApplicationSettingsApplication) GetCheckboxOk() (*string, bool)`
+
+GetCheckboxOk returns a tuple with the Checkbox field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCheckbox
+
+`func (o *SwaApplicationSettingsApplication) SetCheckbox(v string)`
+
+SetCheckbox sets Checkbox field to given value.
+
+### HasCheckbox
+
+`func (o *SwaApplicationSettingsApplication) HasCheckbox() bool`
+
+HasCheckbox returns a boolean if a field has been set.
+
+### GetExtraFieldSelector
+
+`func (o *SwaApplicationSettingsApplication) GetExtraFieldSelector() string`
+
+GetExtraFieldSelector returns the ExtraFieldSelector field if non-nil, zero value otherwise.
+
+### GetExtraFieldSelectorOk
+
+`func (o *SwaApplicationSettingsApplication) GetExtraFieldSelectorOk() (*string, bool)`
+
+GetExtraFieldSelectorOk returns a tuple with the ExtraFieldSelector field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExtraFieldSelector
+
+`func (o *SwaApplicationSettingsApplication) SetExtraFieldSelector(v string)`
+
+SetExtraFieldSelector sets ExtraFieldSelector field to given value.
+
+### HasExtraFieldSelector
+
+`func (o *SwaApplicationSettingsApplication) HasExtraFieldSelector() bool`
+
+HasExtraFieldSelector returns a boolean if a field has been set.
+
+### GetExtraFieldValue
+
+`func (o *SwaApplicationSettingsApplication) GetExtraFieldValue() string`
+
+GetExtraFieldValue returns the ExtraFieldValue field if non-nil, zero value otherwise.
+
+### GetExtraFieldValueOk
+
+`func (o *SwaApplicationSettingsApplication) GetExtraFieldValueOk() (*string, bool)`
+
+GetExtraFieldValueOk returns a tuple with the ExtraFieldValue field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExtraFieldValue
+
+`func (o *SwaApplicationSettingsApplication) SetExtraFieldValue(v string)`
+
+SetExtraFieldValue sets ExtraFieldValue field to given value.
+
+### HasExtraFieldValue
+
+`func (o *SwaApplicationSettingsApplication) HasExtraFieldValue() bool`
+
+HasExtraFieldValue returns a boolean if a field has been set.
+
+### GetLoginUrlRegex
+
+`func (o *SwaApplicationSettingsApplication) GetLoginUrlRegex() string`
+
+GetLoginUrlRegex returns the LoginUrlRegex field if non-nil, zero value otherwise.
+
+### GetLoginUrlRegexOk
+
+`func (o *SwaApplicationSettingsApplication) GetLoginUrlRegexOk() (*string, bool)`
+
+GetLoginUrlRegexOk returns a tuple with the LoginUrlRegex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLoginUrlRegex
+
+`func (o *SwaApplicationSettingsApplication) SetLoginUrlRegex(v string)`
+
+SetLoginUrlRegex sets LoginUrlRegex field to given value.
+
+### HasLoginUrlRegex
+
+`func (o *SwaApplicationSettingsApplication) HasLoginUrlRegex() bool`
+
+HasLoginUrlRegex returns a boolean if a field has been set.
+
+### GetPasswordField
+
+`func (o *SwaApplicationSettingsApplication) GetPasswordField() string`
+
+GetPasswordField returns the PasswordField field if non-nil, zero value otherwise.
+
+### GetPasswordFieldOk
+
+`func (o *SwaApplicationSettingsApplication) GetPasswordFieldOk() (*string, bool)`
+
+GetPasswordFieldOk returns a tuple with the PasswordField field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordField
+
+`func (o *SwaApplicationSettingsApplication) SetPasswordField(v string)`
+
+SetPasswordField sets PasswordField field to given value.
+
+### HasPasswordField
+
+`func (o *SwaApplicationSettingsApplication) HasPasswordField() bool`
+
+HasPasswordField returns a boolean if a field has been set.
+
+### GetPasswordSelector
+
+`func (o *SwaApplicationSettingsApplication) GetPasswordSelector() string`
+
+GetPasswordSelector returns the PasswordSelector field if non-nil, zero value otherwise.
+
+### GetPasswordSelectorOk
+
+`func (o *SwaApplicationSettingsApplication) GetPasswordSelectorOk() (*string, bool)`
+
+GetPasswordSelectorOk returns a tuple with the PasswordSelector field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordSelector
+
+`func (o *SwaApplicationSettingsApplication) SetPasswordSelector(v string)`
+
+SetPasswordSelector sets PasswordSelector field to given value.
+
+### HasPasswordSelector
+
+`func (o *SwaApplicationSettingsApplication) HasPasswordSelector() bool`
+
+HasPasswordSelector returns a boolean if a field has been set.
+
+### GetRedirectUrl
+
+`func (o *SwaApplicationSettingsApplication) GetRedirectUrl() string`
+
+GetRedirectUrl returns the RedirectUrl field if non-nil, zero value otherwise.
+
+### GetRedirectUrlOk
+
+`func (o *SwaApplicationSettingsApplication) GetRedirectUrlOk() (*string, bool)`
+
+GetRedirectUrlOk returns a tuple with the RedirectUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRedirectUrl
+
+`func (o *SwaApplicationSettingsApplication) SetRedirectUrl(v string)`
+
+SetRedirectUrl sets RedirectUrl field to given value.
+
+### HasRedirectUrl
+
+`func (o *SwaApplicationSettingsApplication) HasRedirectUrl() bool`
+
+HasRedirectUrl returns a boolean if a field has been set.
+
+### GetTargetURL
+
+`func (o *SwaApplicationSettingsApplication) GetTargetURL() string`
+
+GetTargetURL returns the TargetURL field if non-nil, zero value otherwise.
+
+### GetTargetURLOk
+
+`func (o *SwaApplicationSettingsApplication) GetTargetURLOk() (*string, bool)`
+
+GetTargetURLOk returns a tuple with the TargetURL field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTargetURL
+
+`func (o *SwaApplicationSettingsApplication) SetTargetURL(v string)`
+
+SetTargetURL sets TargetURL field to given value.
+
+### HasTargetURL
+
+`func (o *SwaApplicationSettingsApplication) HasTargetURL() bool`
+
+HasTargetURL returns a boolean if a field has been set.
+
+### GetUrl
+
+`func (o *SwaApplicationSettingsApplication) GetUrl() string`
+
+GetUrl returns the Url field if non-nil, zero value otherwise.
+
+### GetUrlOk
+
+`func (o *SwaApplicationSettingsApplication) GetUrlOk() (*string, bool)`
+
+GetUrlOk returns a tuple with the Url field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUrl
+
+`func (o *SwaApplicationSettingsApplication) SetUrl(v string)`
+
+SetUrl sets Url field to given value.
+
+### HasUrl
+
+`func (o *SwaApplicationSettingsApplication) HasUrl() bool`
+
+HasUrl returns a boolean if a field has been set.
+
+### GetUsernameField
+
+`func (o *SwaApplicationSettingsApplication) GetUsernameField() string`
+
+GetUsernameField returns the UsernameField field if non-nil, zero value otherwise.
+
+### GetUsernameFieldOk
+
+`func (o *SwaApplicationSettingsApplication) GetUsernameFieldOk() (*string, bool)`
+
+GetUsernameFieldOk returns a tuple with the UsernameField field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsernameField
+
+`func (o *SwaApplicationSettingsApplication) SetUsernameField(v string)`
+
+SetUsernameField sets UsernameField field to given value.
+
+### HasUsernameField
+
+`func (o *SwaApplicationSettingsApplication) HasUsernameField() bool`
+
+HasUsernameField returns a boolean if a field has been set.
+
+### GetUserNameSelector
+
+`func (o *SwaApplicationSettingsApplication) GetUserNameSelector() string`
+
+GetUserNameSelector returns the UserNameSelector field if non-nil, zero value otherwise.
+
+### GetUserNameSelectorOk
+
+`func (o *SwaApplicationSettingsApplication) GetUserNameSelectorOk() (*string, bool)`
+
+GetUserNameSelectorOk returns a tuple with the UserNameSelector field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserNameSelector
+
+`func (o *SwaApplicationSettingsApplication) SetUserNameSelector(v string)`
+
+SetUserNameSelector sets UserNameSelector field to given value.
+
+### HasUserNameSelector
+
+`func (o *SwaApplicationSettingsApplication) HasUserNameSelector() bool`
+
+HasUserNameSelector returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/SystemLogApi.md b/okta/docs/SystemLogApi.md
new file mode 100644
index 000000000..b47a2cc16
--- /dev/null
+++ b/okta/docs/SystemLogApi.md
@@ -0,0 +1,88 @@
+# \SystemLogApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ListLogEvents**](SystemLogApi.md#ListLogEvents) | **Get** /api/v1/logs | List all System Log Events
+
+
+
+## ListLogEvents
+
+> []LogEvent ListLogEvents(ctx).Since(since).Until(until).Filter(filter).Q(q).Limit(limit).SortOrder(sortOrder).After(after).Execute()
+
+List all System Log Events
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    "time"
+    openapiclient "./openapi"
+)
+
+func main() {
+    since := time.Now() // time.Time |  (optional)
+    until := time.Now() // time.Time |  (optional)
+    filter := "filter_example" // string |  (optional)
+    q := "q_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 100)
+    sortOrder := "sortOrder_example" // string |  (optional) (default to "ASCENDING")
+    after := "after_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.SystemLogApi.ListLogEvents(context.Background()).Since(since).Until(until).Filter(filter).Q(q).Limit(limit).SortOrder(sortOrder).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `SystemLogApi.ListLogEvents``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListLogEvents`: []LogEvent
+    fmt.Fprintf(os.Stdout, "Response from `SystemLogApi.ListLogEvents`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListLogEventsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **since** | **time.Time** |  | 
+ **until** | **time.Time** |  | 
+ **filter** | **string** |  | 
+ **q** | **string** |  | 
+ **limit** | **int32** |  | [default to 100]
+ **sortOrder** | **string** |  | [default to &quot;ASCENDING&quot;]
+ **after** | **string** |  | 
+
+### Return type
+
+[**[]LogEvent**](LogEvent.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/TempPassword.md b/okta/docs/TempPassword.md
new file mode 100644
index 000000000..3c8467bf2
--- /dev/null
+++ b/okta/docs/TempPassword.md
@@ -0,0 +1,56 @@
+# TempPassword
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**TempPassword** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewTempPassword
+
+`func NewTempPassword() *TempPassword`
+
+NewTempPassword instantiates a new TempPassword object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTempPasswordWithDefaults
+
+`func NewTempPasswordWithDefaults() *TempPassword`
+
+NewTempPasswordWithDefaults instantiates a new TempPassword object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetTempPassword
+
+`func (o *TempPassword) GetTempPassword() string`
+
+GetTempPassword returns the TempPassword field if non-nil, zero value otherwise.
+
+### GetTempPasswordOk
+
+`func (o *TempPassword) GetTempPasswordOk() (*string, bool)`
+
+GetTempPasswordOk returns a tuple with the TempPassword field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTempPassword
+
+`func (o *TempPassword) SetTempPassword(v string)`
+
+SetTempPassword sets TempPassword field to given value.
+
+### HasTempPassword
+
+`func (o *TempPassword) HasTempPassword() bool`
+
+HasTempPassword returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TemplateApi.md b/okta/docs/TemplateApi.md
new file mode 100644
index 000000000..9b0968b5d
--- /dev/null
+++ b/okta/docs/TemplateApi.md
@@ -0,0 +1,428 @@
+# \TemplateApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateSmsTemplate**](TemplateApi.md#CreateSmsTemplate) | **Post** /api/v1/templates/sms | Create an SMS Template
+[**DeleteSmsTemplate**](TemplateApi.md#DeleteSmsTemplate) | **Delete** /api/v1/templates/sms/{templateId} | Delete an SMS Template
+[**GetSmsTemplate**](TemplateApi.md#GetSmsTemplate) | **Get** /api/v1/templates/sms/{templateId} | Retrieve an SMS Template
+[**ListSmsTemplates**](TemplateApi.md#ListSmsTemplates) | **Get** /api/v1/templates/sms | List all SMS Templates
+[**ReplaceSmsTemplate**](TemplateApi.md#ReplaceSmsTemplate) | **Put** /api/v1/templates/sms/{templateId} | Replace an SMS Template
+[**UpdateSmsTemplate**](TemplateApi.md#UpdateSmsTemplate) | **Post** /api/v1/templates/sms/{templateId} | Update an SMS Template
+
+
+
+## CreateSmsTemplate
+
+> SmsTemplate CreateSmsTemplate(ctx).SmsTemplate(smsTemplate).Execute()
+
+Create an SMS Template
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    smsTemplate := *openapiclient.NewSmsTemplate() // SmsTemplate | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TemplateApi.CreateSmsTemplate(context.Background()).SmsTemplate(smsTemplate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TemplateApi.CreateSmsTemplate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateSmsTemplate`: SmsTemplate
+    fmt.Fprintf(os.Stdout, "Response from `TemplateApi.CreateSmsTemplate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateSmsTemplateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **smsTemplate** | [**SmsTemplate**](SmsTemplate.md) |  | 
+
+### Return type
+
+[**SmsTemplate**](SmsTemplate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteSmsTemplate
+
+> DeleteSmsTemplate(ctx, templateId).Execute()
+
+Delete an SMS Template
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    templateId := "templateId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TemplateApi.DeleteSmsTemplate(context.Background(), templateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TemplateApi.DeleteSmsTemplate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**templateId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteSmsTemplateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetSmsTemplate
+
+> SmsTemplate GetSmsTemplate(ctx, templateId).Execute()
+
+Retrieve an SMS Template
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    templateId := "templateId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TemplateApi.GetSmsTemplate(context.Background(), templateId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TemplateApi.GetSmsTemplate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetSmsTemplate`: SmsTemplate
+    fmt.Fprintf(os.Stdout, "Response from `TemplateApi.GetSmsTemplate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**templateId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetSmsTemplateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**SmsTemplate**](SmsTemplate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListSmsTemplates
+
+> []SmsTemplate ListSmsTemplates(ctx).TemplateType(templateType).Execute()
+
+List all SMS Templates
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    templateType := openapiclient.SmsTemplateType("SMS_VERIFY_CODE") // SmsTemplateType |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TemplateApi.ListSmsTemplates(context.Background()).TemplateType(templateType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TemplateApi.ListSmsTemplates``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListSmsTemplates`: []SmsTemplate
+    fmt.Fprintf(os.Stdout, "Response from `TemplateApi.ListSmsTemplates`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListSmsTemplatesRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **templateType** | [**SmsTemplateType**](SmsTemplateType.md) |  | 
+
+### Return type
+
+[**[]SmsTemplate**](SmsTemplate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceSmsTemplate
+
+> SmsTemplate ReplaceSmsTemplate(ctx, templateId).SmsTemplate(smsTemplate).Execute()
+
+Replace an SMS Template
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    templateId := "templateId_example" // string | 
+    smsTemplate := *openapiclient.NewSmsTemplate() // SmsTemplate | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TemplateApi.ReplaceSmsTemplate(context.Background(), templateId).SmsTemplate(smsTemplate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TemplateApi.ReplaceSmsTemplate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceSmsTemplate`: SmsTemplate
+    fmt.Fprintf(os.Stdout, "Response from `TemplateApi.ReplaceSmsTemplate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**templateId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceSmsTemplateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **smsTemplate** | [**SmsTemplate**](SmsTemplate.md) |  | 
+
+### Return type
+
+[**SmsTemplate**](SmsTemplate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateSmsTemplate
+
+> SmsTemplate UpdateSmsTemplate(ctx, templateId).SmsTemplate(smsTemplate).Execute()
+
+Update an SMS Template
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    templateId := "templateId_example" // string | 
+    smsTemplate := *openapiclient.NewSmsTemplate() // SmsTemplate | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TemplateApi.UpdateSmsTemplate(context.Background(), templateId).SmsTemplate(smsTemplate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TemplateApi.UpdateSmsTemplate``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateSmsTemplate`: SmsTemplate
+    fmt.Fprintf(os.Stdout, "Response from `TemplateApi.UpdateSmsTemplate`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**templateId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateSmsTemplateRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **smsTemplate** | [**SmsTemplate**](SmsTemplate.md) |  | 
+
+### Return type
+
+[**SmsTemplate**](SmsTemplate.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/Theme.md b/okta/docs/Theme.md
new file mode 100644
index 000000000..0bb081ff0
--- /dev/null
+++ b/okta/docs/Theme.md
@@ -0,0 +1,316 @@
+# Theme
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BackgroundImage** | Pointer to **string** |  | [optional] [readonly] 
+**EmailTemplateTouchPointVariant** | Pointer to [**EmailTemplateTouchPointVariant**](EmailTemplateTouchPointVariant.md) |  | [optional] 
+**EndUserDashboardTouchPointVariant** | Pointer to [**EndUserDashboardTouchPointVariant**](EndUserDashboardTouchPointVariant.md) |  | [optional] 
+**ErrorPageTouchPointVariant** | Pointer to [**ErrorPageTouchPointVariant**](ErrorPageTouchPointVariant.md) |  | [optional] 
+**LoadingPageTouchPointVariant** | Pointer to [**LoadingPageTouchPointVariant**](LoadingPageTouchPointVariant.md) |  | [optional] 
+**PrimaryColorContrastHex** | Pointer to **string** |  | [optional] 
+**PrimaryColorHex** | Pointer to **string** |  | [optional] 
+**SecondaryColorContrastHex** | Pointer to **string** |  | [optional] 
+**SecondaryColorHex** | Pointer to **string** |  | [optional] 
+**SignInPageTouchPointVariant** | Pointer to [**SignInPageTouchPointVariant**](SignInPageTouchPointVariant.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewTheme
+
+`func NewTheme() *Theme`
+
+NewTheme instantiates a new Theme object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewThemeWithDefaults
+
+`func NewThemeWithDefaults() *Theme`
+
+NewThemeWithDefaults instantiates a new Theme object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBackgroundImage
+
+`func (o *Theme) GetBackgroundImage() string`
+
+GetBackgroundImage returns the BackgroundImage field if non-nil, zero value otherwise.
+
+### GetBackgroundImageOk
+
+`func (o *Theme) GetBackgroundImageOk() (*string, bool)`
+
+GetBackgroundImageOk returns a tuple with the BackgroundImage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBackgroundImage
+
+`func (o *Theme) SetBackgroundImage(v string)`
+
+SetBackgroundImage sets BackgroundImage field to given value.
+
+### HasBackgroundImage
+
+`func (o *Theme) HasBackgroundImage() bool`
+
+HasBackgroundImage returns a boolean if a field has been set.
+
+### GetEmailTemplateTouchPointVariant
+
+`func (o *Theme) GetEmailTemplateTouchPointVariant() EmailTemplateTouchPointVariant`
+
+GetEmailTemplateTouchPointVariant returns the EmailTemplateTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetEmailTemplateTouchPointVariantOk
+
+`func (o *Theme) GetEmailTemplateTouchPointVariantOk() (*EmailTemplateTouchPointVariant, bool)`
+
+GetEmailTemplateTouchPointVariantOk returns a tuple with the EmailTemplateTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmailTemplateTouchPointVariant
+
+`func (o *Theme) SetEmailTemplateTouchPointVariant(v EmailTemplateTouchPointVariant)`
+
+SetEmailTemplateTouchPointVariant sets EmailTemplateTouchPointVariant field to given value.
+
+### HasEmailTemplateTouchPointVariant
+
+`func (o *Theme) HasEmailTemplateTouchPointVariant() bool`
+
+HasEmailTemplateTouchPointVariant returns a boolean if a field has been set.
+
+### GetEndUserDashboardTouchPointVariant
+
+`func (o *Theme) GetEndUserDashboardTouchPointVariant() EndUserDashboardTouchPointVariant`
+
+GetEndUserDashboardTouchPointVariant returns the EndUserDashboardTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetEndUserDashboardTouchPointVariantOk
+
+`func (o *Theme) GetEndUserDashboardTouchPointVariantOk() (*EndUserDashboardTouchPointVariant, bool)`
+
+GetEndUserDashboardTouchPointVariantOk returns a tuple with the EndUserDashboardTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEndUserDashboardTouchPointVariant
+
+`func (o *Theme) SetEndUserDashboardTouchPointVariant(v EndUserDashboardTouchPointVariant)`
+
+SetEndUserDashboardTouchPointVariant sets EndUserDashboardTouchPointVariant field to given value.
+
+### HasEndUserDashboardTouchPointVariant
+
+`func (o *Theme) HasEndUserDashboardTouchPointVariant() bool`
+
+HasEndUserDashboardTouchPointVariant returns a boolean if a field has been set.
+
+### GetErrorPageTouchPointVariant
+
+`func (o *Theme) GetErrorPageTouchPointVariant() ErrorPageTouchPointVariant`
+
+GetErrorPageTouchPointVariant returns the ErrorPageTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetErrorPageTouchPointVariantOk
+
+`func (o *Theme) GetErrorPageTouchPointVariantOk() (*ErrorPageTouchPointVariant, bool)`
+
+GetErrorPageTouchPointVariantOk returns a tuple with the ErrorPageTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorPageTouchPointVariant
+
+`func (o *Theme) SetErrorPageTouchPointVariant(v ErrorPageTouchPointVariant)`
+
+SetErrorPageTouchPointVariant sets ErrorPageTouchPointVariant field to given value.
+
+### HasErrorPageTouchPointVariant
+
+`func (o *Theme) HasErrorPageTouchPointVariant() bool`
+
+HasErrorPageTouchPointVariant returns a boolean if a field has been set.
+
+### GetLoadingPageTouchPointVariant
+
+`func (o *Theme) GetLoadingPageTouchPointVariant() LoadingPageTouchPointVariant`
+
+GetLoadingPageTouchPointVariant returns the LoadingPageTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetLoadingPageTouchPointVariantOk
+
+`func (o *Theme) GetLoadingPageTouchPointVariantOk() (*LoadingPageTouchPointVariant, bool)`
+
+GetLoadingPageTouchPointVariantOk returns a tuple with the LoadingPageTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLoadingPageTouchPointVariant
+
+`func (o *Theme) SetLoadingPageTouchPointVariant(v LoadingPageTouchPointVariant)`
+
+SetLoadingPageTouchPointVariant sets LoadingPageTouchPointVariant field to given value.
+
+### HasLoadingPageTouchPointVariant
+
+`func (o *Theme) HasLoadingPageTouchPointVariant() bool`
+
+HasLoadingPageTouchPointVariant returns a boolean if a field has been set.
+
+### GetPrimaryColorContrastHex
+
+`func (o *Theme) GetPrimaryColorContrastHex() string`
+
+GetPrimaryColorContrastHex returns the PrimaryColorContrastHex field if non-nil, zero value otherwise.
+
+### GetPrimaryColorContrastHexOk
+
+`func (o *Theme) GetPrimaryColorContrastHexOk() (*string, bool)`
+
+GetPrimaryColorContrastHexOk returns a tuple with the PrimaryColorContrastHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrimaryColorContrastHex
+
+`func (o *Theme) SetPrimaryColorContrastHex(v string)`
+
+SetPrimaryColorContrastHex sets PrimaryColorContrastHex field to given value.
+
+### HasPrimaryColorContrastHex
+
+`func (o *Theme) HasPrimaryColorContrastHex() bool`
+
+HasPrimaryColorContrastHex returns a boolean if a field has been set.
+
+### GetPrimaryColorHex
+
+`func (o *Theme) GetPrimaryColorHex() string`
+
+GetPrimaryColorHex returns the PrimaryColorHex field if non-nil, zero value otherwise.
+
+### GetPrimaryColorHexOk
+
+`func (o *Theme) GetPrimaryColorHexOk() (*string, bool)`
+
+GetPrimaryColorHexOk returns a tuple with the PrimaryColorHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrimaryColorHex
+
+`func (o *Theme) SetPrimaryColorHex(v string)`
+
+SetPrimaryColorHex sets PrimaryColorHex field to given value.
+
+### HasPrimaryColorHex
+
+`func (o *Theme) HasPrimaryColorHex() bool`
+
+HasPrimaryColorHex returns a boolean if a field has been set.
+
+### GetSecondaryColorContrastHex
+
+`func (o *Theme) GetSecondaryColorContrastHex() string`
+
+GetSecondaryColorContrastHex returns the SecondaryColorContrastHex field if non-nil, zero value otherwise.
+
+### GetSecondaryColorContrastHexOk
+
+`func (o *Theme) GetSecondaryColorContrastHexOk() (*string, bool)`
+
+GetSecondaryColorContrastHexOk returns a tuple with the SecondaryColorContrastHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecondaryColorContrastHex
+
+`func (o *Theme) SetSecondaryColorContrastHex(v string)`
+
+SetSecondaryColorContrastHex sets SecondaryColorContrastHex field to given value.
+
+### HasSecondaryColorContrastHex
+
+`func (o *Theme) HasSecondaryColorContrastHex() bool`
+
+HasSecondaryColorContrastHex returns a boolean if a field has been set.
+
+### GetSecondaryColorHex
+
+`func (o *Theme) GetSecondaryColorHex() string`
+
+GetSecondaryColorHex returns the SecondaryColorHex field if non-nil, zero value otherwise.
+
+### GetSecondaryColorHexOk
+
+`func (o *Theme) GetSecondaryColorHexOk() (*string, bool)`
+
+GetSecondaryColorHexOk returns a tuple with the SecondaryColorHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecondaryColorHex
+
+`func (o *Theme) SetSecondaryColorHex(v string)`
+
+SetSecondaryColorHex sets SecondaryColorHex field to given value.
+
+### HasSecondaryColorHex
+
+`func (o *Theme) HasSecondaryColorHex() bool`
+
+HasSecondaryColorHex returns a boolean if a field has been set.
+
+### GetSignInPageTouchPointVariant
+
+`func (o *Theme) GetSignInPageTouchPointVariant() SignInPageTouchPointVariant`
+
+GetSignInPageTouchPointVariant returns the SignInPageTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetSignInPageTouchPointVariantOk
+
+`func (o *Theme) GetSignInPageTouchPointVariantOk() (*SignInPageTouchPointVariant, bool)`
+
+GetSignInPageTouchPointVariantOk returns a tuple with the SignInPageTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignInPageTouchPointVariant
+
+`func (o *Theme) SetSignInPageTouchPointVariant(v SignInPageTouchPointVariant)`
+
+SetSignInPageTouchPointVariant sets SignInPageTouchPointVariant field to given value.
+
+### HasSignInPageTouchPointVariant
+
+`func (o *Theme) HasSignInPageTouchPointVariant() bool`
+
+HasSignInPageTouchPointVariant returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *Theme) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *Theme) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *Theme) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *Theme) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ThemeResponse.md b/okta/docs/ThemeResponse.md
new file mode 100644
index 000000000..67da8fa7e
--- /dev/null
+++ b/okta/docs/ThemeResponse.md
@@ -0,0 +1,394 @@
+# ThemeResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BackgroundImage** | Pointer to **string** |  | [optional] [readonly] 
+**EmailTemplateTouchPointVariant** | Pointer to [**EmailTemplateTouchPointVariant**](EmailTemplateTouchPointVariant.md) |  | [optional] 
+**EndUserDashboardTouchPointVariant** | Pointer to [**EndUserDashboardTouchPointVariant**](EndUserDashboardTouchPointVariant.md) |  | [optional] 
+**ErrorPageTouchPointVariant** | Pointer to [**ErrorPageTouchPointVariant**](ErrorPageTouchPointVariant.md) |  | [optional] 
+**Favicon** | Pointer to **string** |  | [optional] [readonly] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LoadingPageTouchPointVariant** | Pointer to [**LoadingPageTouchPointVariant**](LoadingPageTouchPointVariant.md) |  | [optional] 
+**Logo** | Pointer to **string** |  | [optional] [readonly] 
+**PrimaryColorContrastHex** | Pointer to **string** |  | [optional] 
+**PrimaryColorHex** | Pointer to **string** |  | [optional] 
+**SecondaryColorContrastHex** | Pointer to **string** |  | [optional] 
+**SecondaryColorHex** | Pointer to **string** |  | [optional] 
+**SignInPageTouchPointVariant** | Pointer to [**SignInPageTouchPointVariant**](SignInPageTouchPointVariant.md) |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewThemeResponse
+
+`func NewThemeResponse() *ThemeResponse`
+
+NewThemeResponse instantiates a new ThemeResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewThemeResponseWithDefaults
+
+`func NewThemeResponseWithDefaults() *ThemeResponse`
+
+NewThemeResponseWithDefaults instantiates a new ThemeResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBackgroundImage
+
+`func (o *ThemeResponse) GetBackgroundImage() string`
+
+GetBackgroundImage returns the BackgroundImage field if non-nil, zero value otherwise.
+
+### GetBackgroundImageOk
+
+`func (o *ThemeResponse) GetBackgroundImageOk() (*string, bool)`
+
+GetBackgroundImageOk returns a tuple with the BackgroundImage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBackgroundImage
+
+`func (o *ThemeResponse) SetBackgroundImage(v string)`
+
+SetBackgroundImage sets BackgroundImage field to given value.
+
+### HasBackgroundImage
+
+`func (o *ThemeResponse) HasBackgroundImage() bool`
+
+HasBackgroundImage returns a boolean if a field has been set.
+
+### GetEmailTemplateTouchPointVariant
+
+`func (o *ThemeResponse) GetEmailTemplateTouchPointVariant() EmailTemplateTouchPointVariant`
+
+GetEmailTemplateTouchPointVariant returns the EmailTemplateTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetEmailTemplateTouchPointVariantOk
+
+`func (o *ThemeResponse) GetEmailTemplateTouchPointVariantOk() (*EmailTemplateTouchPointVariant, bool)`
+
+GetEmailTemplateTouchPointVariantOk returns a tuple with the EmailTemplateTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmailTemplateTouchPointVariant
+
+`func (o *ThemeResponse) SetEmailTemplateTouchPointVariant(v EmailTemplateTouchPointVariant)`
+
+SetEmailTemplateTouchPointVariant sets EmailTemplateTouchPointVariant field to given value.
+
+### HasEmailTemplateTouchPointVariant
+
+`func (o *ThemeResponse) HasEmailTemplateTouchPointVariant() bool`
+
+HasEmailTemplateTouchPointVariant returns a boolean if a field has been set.
+
+### GetEndUserDashboardTouchPointVariant
+
+`func (o *ThemeResponse) GetEndUserDashboardTouchPointVariant() EndUserDashboardTouchPointVariant`
+
+GetEndUserDashboardTouchPointVariant returns the EndUserDashboardTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetEndUserDashboardTouchPointVariantOk
+
+`func (o *ThemeResponse) GetEndUserDashboardTouchPointVariantOk() (*EndUserDashboardTouchPointVariant, bool)`
+
+GetEndUserDashboardTouchPointVariantOk returns a tuple with the EndUserDashboardTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEndUserDashboardTouchPointVariant
+
+`func (o *ThemeResponse) SetEndUserDashboardTouchPointVariant(v EndUserDashboardTouchPointVariant)`
+
+SetEndUserDashboardTouchPointVariant sets EndUserDashboardTouchPointVariant field to given value.
+
+### HasEndUserDashboardTouchPointVariant
+
+`func (o *ThemeResponse) HasEndUserDashboardTouchPointVariant() bool`
+
+HasEndUserDashboardTouchPointVariant returns a boolean if a field has been set.
+
+### GetErrorPageTouchPointVariant
+
+`func (o *ThemeResponse) GetErrorPageTouchPointVariant() ErrorPageTouchPointVariant`
+
+GetErrorPageTouchPointVariant returns the ErrorPageTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetErrorPageTouchPointVariantOk
+
+`func (o *ThemeResponse) GetErrorPageTouchPointVariantOk() (*ErrorPageTouchPointVariant, bool)`
+
+GetErrorPageTouchPointVariantOk returns a tuple with the ErrorPageTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetErrorPageTouchPointVariant
+
+`func (o *ThemeResponse) SetErrorPageTouchPointVariant(v ErrorPageTouchPointVariant)`
+
+SetErrorPageTouchPointVariant sets ErrorPageTouchPointVariant field to given value.
+
+### HasErrorPageTouchPointVariant
+
+`func (o *ThemeResponse) HasErrorPageTouchPointVariant() bool`
+
+HasErrorPageTouchPointVariant returns a boolean if a field has been set.
+
+### GetFavicon
+
+`func (o *ThemeResponse) GetFavicon() string`
+
+GetFavicon returns the Favicon field if non-nil, zero value otherwise.
+
+### GetFaviconOk
+
+`func (o *ThemeResponse) GetFaviconOk() (*string, bool)`
+
+GetFaviconOk returns a tuple with the Favicon field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFavicon
+
+`func (o *ThemeResponse) SetFavicon(v string)`
+
+SetFavicon sets Favicon field to given value.
+
+### HasFavicon
+
+`func (o *ThemeResponse) HasFavicon() bool`
+
+HasFavicon returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *ThemeResponse) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *ThemeResponse) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *ThemeResponse) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *ThemeResponse) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLoadingPageTouchPointVariant
+
+`func (o *ThemeResponse) GetLoadingPageTouchPointVariant() LoadingPageTouchPointVariant`
+
+GetLoadingPageTouchPointVariant returns the LoadingPageTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetLoadingPageTouchPointVariantOk
+
+`func (o *ThemeResponse) GetLoadingPageTouchPointVariantOk() (*LoadingPageTouchPointVariant, bool)`
+
+GetLoadingPageTouchPointVariantOk returns a tuple with the LoadingPageTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLoadingPageTouchPointVariant
+
+`func (o *ThemeResponse) SetLoadingPageTouchPointVariant(v LoadingPageTouchPointVariant)`
+
+SetLoadingPageTouchPointVariant sets LoadingPageTouchPointVariant field to given value.
+
+### HasLoadingPageTouchPointVariant
+
+`func (o *ThemeResponse) HasLoadingPageTouchPointVariant() bool`
+
+HasLoadingPageTouchPointVariant returns a boolean if a field has been set.
+
+### GetLogo
+
+`func (o *ThemeResponse) GetLogo() string`
+
+GetLogo returns the Logo field if non-nil, zero value otherwise.
+
+### GetLogoOk
+
+`func (o *ThemeResponse) GetLogoOk() (*string, bool)`
+
+GetLogoOk returns a tuple with the Logo field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogo
+
+`func (o *ThemeResponse) SetLogo(v string)`
+
+SetLogo sets Logo field to given value.
+
+### HasLogo
+
+`func (o *ThemeResponse) HasLogo() bool`
+
+HasLogo returns a boolean if a field has been set.
+
+### GetPrimaryColorContrastHex
+
+`func (o *ThemeResponse) GetPrimaryColorContrastHex() string`
+
+GetPrimaryColorContrastHex returns the PrimaryColorContrastHex field if non-nil, zero value otherwise.
+
+### GetPrimaryColorContrastHexOk
+
+`func (o *ThemeResponse) GetPrimaryColorContrastHexOk() (*string, bool)`
+
+GetPrimaryColorContrastHexOk returns a tuple with the PrimaryColorContrastHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrimaryColorContrastHex
+
+`func (o *ThemeResponse) SetPrimaryColorContrastHex(v string)`
+
+SetPrimaryColorContrastHex sets PrimaryColorContrastHex field to given value.
+
+### HasPrimaryColorContrastHex
+
+`func (o *ThemeResponse) HasPrimaryColorContrastHex() bool`
+
+HasPrimaryColorContrastHex returns a boolean if a field has been set.
+
+### GetPrimaryColorHex
+
+`func (o *ThemeResponse) GetPrimaryColorHex() string`
+
+GetPrimaryColorHex returns the PrimaryColorHex field if non-nil, zero value otherwise.
+
+### GetPrimaryColorHexOk
+
+`func (o *ThemeResponse) GetPrimaryColorHexOk() (*string, bool)`
+
+GetPrimaryColorHexOk returns a tuple with the PrimaryColorHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrimaryColorHex
+
+`func (o *ThemeResponse) SetPrimaryColorHex(v string)`
+
+SetPrimaryColorHex sets PrimaryColorHex field to given value.
+
+### HasPrimaryColorHex
+
+`func (o *ThemeResponse) HasPrimaryColorHex() bool`
+
+HasPrimaryColorHex returns a boolean if a field has been set.
+
+### GetSecondaryColorContrastHex
+
+`func (o *ThemeResponse) GetSecondaryColorContrastHex() string`
+
+GetSecondaryColorContrastHex returns the SecondaryColorContrastHex field if non-nil, zero value otherwise.
+
+### GetSecondaryColorContrastHexOk
+
+`func (o *ThemeResponse) GetSecondaryColorContrastHexOk() (*string, bool)`
+
+GetSecondaryColorContrastHexOk returns a tuple with the SecondaryColorContrastHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecondaryColorContrastHex
+
+`func (o *ThemeResponse) SetSecondaryColorContrastHex(v string)`
+
+SetSecondaryColorContrastHex sets SecondaryColorContrastHex field to given value.
+
+### HasSecondaryColorContrastHex
+
+`func (o *ThemeResponse) HasSecondaryColorContrastHex() bool`
+
+HasSecondaryColorContrastHex returns a boolean if a field has been set.
+
+### GetSecondaryColorHex
+
+`func (o *ThemeResponse) GetSecondaryColorHex() string`
+
+GetSecondaryColorHex returns the SecondaryColorHex field if non-nil, zero value otherwise.
+
+### GetSecondaryColorHexOk
+
+`func (o *ThemeResponse) GetSecondaryColorHexOk() (*string, bool)`
+
+GetSecondaryColorHexOk returns a tuple with the SecondaryColorHex field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecondaryColorHex
+
+`func (o *ThemeResponse) SetSecondaryColorHex(v string)`
+
+SetSecondaryColorHex sets SecondaryColorHex field to given value.
+
+### HasSecondaryColorHex
+
+`func (o *ThemeResponse) HasSecondaryColorHex() bool`
+
+HasSecondaryColorHex returns a boolean if a field has been set.
+
+### GetSignInPageTouchPointVariant
+
+`func (o *ThemeResponse) GetSignInPageTouchPointVariant() SignInPageTouchPointVariant`
+
+GetSignInPageTouchPointVariant returns the SignInPageTouchPointVariant field if non-nil, zero value otherwise.
+
+### GetSignInPageTouchPointVariantOk
+
+`func (o *ThemeResponse) GetSignInPageTouchPointVariantOk() (*SignInPageTouchPointVariant, bool)`
+
+GetSignInPageTouchPointVariantOk returns a tuple with the SignInPageTouchPointVariant field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSignInPageTouchPointVariant
+
+`func (o *ThemeResponse) SetSignInPageTouchPointVariant(v SignInPageTouchPointVariant)`
+
+SetSignInPageTouchPointVariant sets SignInPageTouchPointVariant field to given value.
+
+### HasSignInPageTouchPointVariant
+
+`func (o *ThemeResponse) HasSignInPageTouchPointVariant() bool`
+
+HasSignInPageTouchPointVariant returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ThemeResponse) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ThemeResponse) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ThemeResponse) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ThemeResponse) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/ThreatInsightApi.md b/okta/docs/ThreatInsightApi.md
new file mode 100644
index 000000000..9e2323b81
--- /dev/null
+++ b/okta/docs/ThreatInsightApi.md
@@ -0,0 +1,137 @@
+# \ThreatInsightApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**GetCurrentConfiguration**](ThreatInsightApi.md#GetCurrentConfiguration) | **Get** /api/v1/threats/configuration | Retrieve the ThreatInsight Configuration
+[**UpdateConfiguration**](ThreatInsightApi.md#UpdateConfiguration) | **Post** /api/v1/threats/configuration | Update the ThreatInsight Configuration
+
+
+
+## GetCurrentConfiguration
+
+> ThreatInsightConfiguration GetCurrentConfiguration(ctx).Execute()
+
+Retrieve the ThreatInsight Configuration
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ThreatInsightApi.GetCurrentConfiguration(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ThreatInsightApi.GetCurrentConfiguration``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetCurrentConfiguration`: ThreatInsightConfiguration
+    fmt.Fprintf(os.Stdout, "Response from `ThreatInsightApi.GetCurrentConfiguration`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetCurrentConfigurationRequest struct via the builder pattern
+
+
+### Return type
+
+[**ThreatInsightConfiguration**](ThreatInsightConfiguration.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateConfiguration
+
+> ThreatInsightConfiguration UpdateConfiguration(ctx).ThreatInsightConfiguration(threatInsightConfiguration).Execute()
+
+Update the ThreatInsight Configuration
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    threatInsightConfiguration := *openapiclient.NewThreatInsightConfiguration() // ThreatInsightConfiguration | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.ThreatInsightApi.UpdateConfiguration(context.Background()).ThreatInsightConfiguration(threatInsightConfiguration).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `ThreatInsightApi.UpdateConfiguration``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateConfiguration`: ThreatInsightConfiguration
+    fmt.Fprintf(os.Stdout, "Response from `ThreatInsightApi.UpdateConfiguration`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateConfigurationRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **threatInsightConfiguration** | [**ThreatInsightConfiguration**](ThreatInsightConfiguration.md) |  | 
+
+### Return type
+
+[**ThreatInsightConfiguration**](ThreatInsightConfiguration.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/ThreatInsightConfiguration.md b/okta/docs/ThreatInsightConfiguration.md
new file mode 100644
index 000000000..d8d195c8c
--- /dev/null
+++ b/okta/docs/ThreatInsightConfiguration.md
@@ -0,0 +1,160 @@
+# ThreatInsightConfiguration
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to **string** |  | [optional] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**ExcludeZones** | Pointer to **[]string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewThreatInsightConfiguration
+
+`func NewThreatInsightConfiguration() *ThreatInsightConfiguration`
+
+NewThreatInsightConfiguration instantiates a new ThreatInsightConfiguration object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewThreatInsightConfigurationWithDefaults
+
+`func NewThreatInsightConfigurationWithDefaults() *ThreatInsightConfiguration`
+
+NewThreatInsightConfigurationWithDefaults instantiates a new ThreatInsightConfiguration object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *ThreatInsightConfiguration) GetAction() string`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *ThreatInsightConfiguration) GetActionOk() (*string, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *ThreatInsightConfiguration) SetAction(v string)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *ThreatInsightConfiguration) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *ThreatInsightConfiguration) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *ThreatInsightConfiguration) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *ThreatInsightConfiguration) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *ThreatInsightConfiguration) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetExcludeZones
+
+`func (o *ThreatInsightConfiguration) GetExcludeZones() []string`
+
+GetExcludeZones returns the ExcludeZones field if non-nil, zero value otherwise.
+
+### GetExcludeZonesOk
+
+`func (o *ThreatInsightConfiguration) GetExcludeZonesOk() (*[]string, bool)`
+
+GetExcludeZonesOk returns a tuple with the ExcludeZones field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExcludeZones
+
+`func (o *ThreatInsightConfiguration) SetExcludeZones(v []string)`
+
+SetExcludeZones sets ExcludeZones field to given value.
+
+### HasExcludeZones
+
+`func (o *ThreatInsightConfiguration) HasExcludeZones() bool`
+
+HasExcludeZones returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *ThreatInsightConfiguration) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *ThreatInsightConfiguration) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *ThreatInsightConfiguration) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *ThreatInsightConfiguration) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *ThreatInsightConfiguration) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *ThreatInsightConfiguration) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *ThreatInsightConfiguration) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *ThreatInsightConfiguration) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TokenAuthorizationServerPolicyRuleAction.md b/okta/docs/TokenAuthorizationServerPolicyRuleAction.md
new file mode 100644
index 000000000..399fbbdcc
--- /dev/null
+++ b/okta/docs/TokenAuthorizationServerPolicyRuleAction.md
@@ -0,0 +1,134 @@
+# TokenAuthorizationServerPolicyRuleAction
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AccessTokenLifetimeMinutes** | Pointer to **int32** |  | [optional] 
+**InlineHook** | Pointer to [**TokenAuthorizationServerPolicyRuleActionInlineHook**](TokenAuthorizationServerPolicyRuleActionInlineHook.md) |  | [optional] 
+**RefreshTokenLifetimeMinutes** | Pointer to **int32** |  | [optional] 
+**RefreshTokenWindowMinutes** | Pointer to **int32** |  | [optional] 
+
+## Methods
+
+### NewTokenAuthorizationServerPolicyRuleAction
+
+`func NewTokenAuthorizationServerPolicyRuleAction() *TokenAuthorizationServerPolicyRuleAction`
+
+NewTokenAuthorizationServerPolicyRuleAction instantiates a new TokenAuthorizationServerPolicyRuleAction object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTokenAuthorizationServerPolicyRuleActionWithDefaults
+
+`func NewTokenAuthorizationServerPolicyRuleActionWithDefaults() *TokenAuthorizationServerPolicyRuleAction`
+
+NewTokenAuthorizationServerPolicyRuleActionWithDefaults instantiates a new TokenAuthorizationServerPolicyRuleAction object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAccessTokenLifetimeMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetAccessTokenLifetimeMinutes() int32`
+
+GetAccessTokenLifetimeMinutes returns the AccessTokenLifetimeMinutes field if non-nil, zero value otherwise.
+
+### GetAccessTokenLifetimeMinutesOk
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetAccessTokenLifetimeMinutesOk() (*int32, bool)`
+
+GetAccessTokenLifetimeMinutesOk returns a tuple with the AccessTokenLifetimeMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAccessTokenLifetimeMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) SetAccessTokenLifetimeMinutes(v int32)`
+
+SetAccessTokenLifetimeMinutes sets AccessTokenLifetimeMinutes field to given value.
+
+### HasAccessTokenLifetimeMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) HasAccessTokenLifetimeMinutes() bool`
+
+HasAccessTokenLifetimeMinutes returns a boolean if a field has been set.
+
+### GetInlineHook
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetInlineHook() TokenAuthorizationServerPolicyRuleActionInlineHook`
+
+GetInlineHook returns the InlineHook field if non-nil, zero value otherwise.
+
+### GetInlineHookOk
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetInlineHookOk() (*TokenAuthorizationServerPolicyRuleActionInlineHook, bool)`
+
+GetInlineHookOk returns a tuple with the InlineHook field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHook
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) SetInlineHook(v TokenAuthorizationServerPolicyRuleActionInlineHook)`
+
+SetInlineHook sets InlineHook field to given value.
+
+### HasInlineHook
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) HasInlineHook() bool`
+
+HasInlineHook returns a boolean if a field has been set.
+
+### GetRefreshTokenLifetimeMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenLifetimeMinutes() int32`
+
+GetRefreshTokenLifetimeMinutes returns the RefreshTokenLifetimeMinutes field if non-nil, zero value otherwise.
+
+### GetRefreshTokenLifetimeMinutesOk
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenLifetimeMinutesOk() (*int32, bool)`
+
+GetRefreshTokenLifetimeMinutesOk returns a tuple with the RefreshTokenLifetimeMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRefreshTokenLifetimeMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) SetRefreshTokenLifetimeMinutes(v int32)`
+
+SetRefreshTokenLifetimeMinutes sets RefreshTokenLifetimeMinutes field to given value.
+
+### HasRefreshTokenLifetimeMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) HasRefreshTokenLifetimeMinutes() bool`
+
+HasRefreshTokenLifetimeMinutes returns a boolean if a field has been set.
+
+### GetRefreshTokenWindowMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenWindowMinutes() int32`
+
+GetRefreshTokenWindowMinutes returns the RefreshTokenWindowMinutes field if non-nil, zero value otherwise.
+
+### GetRefreshTokenWindowMinutesOk
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenWindowMinutesOk() (*int32, bool)`
+
+GetRefreshTokenWindowMinutesOk returns a tuple with the RefreshTokenWindowMinutes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRefreshTokenWindowMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) SetRefreshTokenWindowMinutes(v int32)`
+
+SetRefreshTokenWindowMinutes sets RefreshTokenWindowMinutes field to given value.
+
+### HasRefreshTokenWindowMinutes
+
+`func (o *TokenAuthorizationServerPolicyRuleAction) HasRefreshTokenWindowMinutes() bool`
+
+HasRefreshTokenWindowMinutes returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TokenAuthorizationServerPolicyRuleActionInlineHook.md b/okta/docs/TokenAuthorizationServerPolicyRuleActionInlineHook.md
new file mode 100644
index 000000000..8242226bf
--- /dev/null
+++ b/okta/docs/TokenAuthorizationServerPolicyRuleActionInlineHook.md
@@ -0,0 +1,56 @@
+# TokenAuthorizationServerPolicyRuleActionInlineHook
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewTokenAuthorizationServerPolicyRuleActionInlineHook
+
+`func NewTokenAuthorizationServerPolicyRuleActionInlineHook() *TokenAuthorizationServerPolicyRuleActionInlineHook`
+
+NewTokenAuthorizationServerPolicyRuleActionInlineHook instantiates a new TokenAuthorizationServerPolicyRuleActionInlineHook object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTokenAuthorizationServerPolicyRuleActionInlineHookWithDefaults
+
+`func NewTokenAuthorizationServerPolicyRuleActionInlineHookWithDefaults() *TokenAuthorizationServerPolicyRuleActionInlineHook`
+
+NewTokenAuthorizationServerPolicyRuleActionInlineHookWithDefaults instantiates a new TokenAuthorizationServerPolicyRuleActionInlineHook object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TokenUserFactor.md b/okta/docs/TokenUserFactor.md
new file mode 100644
index 000000000..085eebb42
--- /dev/null
+++ b/okta/docs/TokenUserFactor.md
@@ -0,0 +1,56 @@
+# TokenUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**TokenUserFactorProfile**](TokenUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewTokenUserFactor
+
+`func NewTokenUserFactor() *TokenUserFactor`
+
+NewTokenUserFactor instantiates a new TokenUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTokenUserFactorWithDefaults
+
+`func NewTokenUserFactorWithDefaults() *TokenUserFactor`
+
+NewTokenUserFactorWithDefaults instantiates a new TokenUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *TokenUserFactor) GetProfile() TokenUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *TokenUserFactor) GetProfileOk() (*TokenUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *TokenUserFactor) SetProfile(v TokenUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *TokenUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TokenUserFactorAllOf.md b/okta/docs/TokenUserFactorAllOf.md
new file mode 100644
index 000000000..d6a36c695
--- /dev/null
+++ b/okta/docs/TokenUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# TokenUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**TokenUserFactorProfile**](TokenUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewTokenUserFactorAllOf
+
+`func NewTokenUserFactorAllOf() *TokenUserFactorAllOf`
+
+NewTokenUserFactorAllOf instantiates a new TokenUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTokenUserFactorAllOfWithDefaults
+
+`func NewTokenUserFactorAllOfWithDefaults() *TokenUserFactorAllOf`
+
+NewTokenUserFactorAllOfWithDefaults instantiates a new TokenUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *TokenUserFactorAllOf) GetProfile() TokenUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *TokenUserFactorAllOf) GetProfileOk() (*TokenUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *TokenUserFactorAllOf) SetProfile(v TokenUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *TokenUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TokenUserFactorProfile.md b/okta/docs/TokenUserFactorProfile.md
new file mode 100644
index 000000000..a93ce9af6
--- /dev/null
+++ b/okta/docs/TokenUserFactorProfile.md
@@ -0,0 +1,56 @@
+# TokenUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredentialId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewTokenUserFactorProfile
+
+`func NewTokenUserFactorProfile() *TokenUserFactorProfile`
+
+NewTokenUserFactorProfile instantiates a new TokenUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTokenUserFactorProfileWithDefaults
+
+`func NewTokenUserFactorProfileWithDefaults() *TokenUserFactorProfile`
+
+NewTokenUserFactorProfileWithDefaults instantiates a new TokenUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentialId
+
+`func (o *TokenUserFactorProfile) GetCredentialId() string`
+
+GetCredentialId returns the CredentialId field if non-nil, zero value otherwise.
+
+### GetCredentialIdOk
+
+`func (o *TokenUserFactorProfile) GetCredentialIdOk() (*string, bool)`
+
+GetCredentialIdOk returns a tuple with the CredentialId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialId
+
+`func (o *TokenUserFactorProfile) SetCredentialId(v string)`
+
+SetCredentialId sets CredentialId field to given value.
+
+### HasCredentialId
+
+`func (o *TokenUserFactorProfile) HasCredentialId() bool`
+
+HasCredentialId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TotpUserFactor.md b/okta/docs/TotpUserFactor.md
new file mode 100644
index 000000000..e684946d0
--- /dev/null
+++ b/okta/docs/TotpUserFactor.md
@@ -0,0 +1,56 @@
+# TotpUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**TotpUserFactorProfile**](TotpUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewTotpUserFactor
+
+`func NewTotpUserFactor() *TotpUserFactor`
+
+NewTotpUserFactor instantiates a new TotpUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTotpUserFactorWithDefaults
+
+`func NewTotpUserFactorWithDefaults() *TotpUserFactor`
+
+NewTotpUserFactorWithDefaults instantiates a new TotpUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *TotpUserFactor) GetProfile() TotpUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *TotpUserFactor) GetProfileOk() (*TotpUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *TotpUserFactor) SetProfile(v TotpUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *TotpUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TotpUserFactorAllOf.md b/okta/docs/TotpUserFactorAllOf.md
new file mode 100644
index 000000000..261f439ed
--- /dev/null
+++ b/okta/docs/TotpUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# TotpUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**TotpUserFactorProfile**](TotpUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewTotpUserFactorAllOf
+
+`func NewTotpUserFactorAllOf() *TotpUserFactorAllOf`
+
+NewTotpUserFactorAllOf instantiates a new TotpUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTotpUserFactorAllOfWithDefaults
+
+`func NewTotpUserFactorAllOfWithDefaults() *TotpUserFactorAllOf`
+
+NewTotpUserFactorAllOfWithDefaults instantiates a new TotpUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *TotpUserFactorAllOf) GetProfile() TotpUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *TotpUserFactorAllOf) GetProfileOk() (*TotpUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *TotpUserFactorAllOf) SetProfile(v TotpUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *TotpUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TotpUserFactorProfile.md b/okta/docs/TotpUserFactorProfile.md
new file mode 100644
index 000000000..8cb047519
--- /dev/null
+++ b/okta/docs/TotpUserFactorProfile.md
@@ -0,0 +1,56 @@
+# TotpUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredentialId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewTotpUserFactorProfile
+
+`func NewTotpUserFactorProfile() *TotpUserFactorProfile`
+
+NewTotpUserFactorProfile instantiates a new TotpUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTotpUserFactorProfileWithDefaults
+
+`func NewTotpUserFactorProfileWithDefaults() *TotpUserFactorProfile`
+
+NewTotpUserFactorProfileWithDefaults instantiates a new TotpUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentialId
+
+`func (o *TotpUserFactorProfile) GetCredentialId() string`
+
+GetCredentialId returns the CredentialId field if non-nil, zero value otherwise.
+
+### GetCredentialIdOk
+
+`func (o *TotpUserFactorProfile) GetCredentialIdOk() (*string, bool)`
+
+GetCredentialIdOk returns a tuple with the CredentialId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialId
+
+`func (o *TotpUserFactorProfile) SetCredentialId(v string)`
+
+SetCredentialId sets CredentialId field to given value.
+
+### HasCredentialId
+
+`func (o *TotpUserFactorProfile) HasCredentialId() bool`
+
+HasCredentialId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TrustedOrigin.md b/okta/docs/TrustedOrigin.md
new file mode 100644
index 000000000..9bafbc8d2
--- /dev/null
+++ b/okta/docs/TrustedOrigin.md
@@ -0,0 +1,290 @@
+# TrustedOrigin
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**CreatedBy** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**LastUpdatedBy** | Pointer to **string** |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] 
+**Origin** | Pointer to **string** |  | [optional] 
+**Scopes** | Pointer to [**[]TrustedOriginScope**](TrustedOriginScope.md) |  | [optional] 
+**Status** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewTrustedOrigin
+
+`func NewTrustedOrigin() *TrustedOrigin`
+
+NewTrustedOrigin instantiates a new TrustedOrigin object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTrustedOriginWithDefaults
+
+`func NewTrustedOriginWithDefaults() *TrustedOrigin`
+
+NewTrustedOriginWithDefaults instantiates a new TrustedOrigin object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *TrustedOrigin) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *TrustedOrigin) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *TrustedOrigin) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *TrustedOrigin) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCreatedBy
+
+`func (o *TrustedOrigin) GetCreatedBy() string`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *TrustedOrigin) GetCreatedByOk() (*string, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *TrustedOrigin) SetCreatedBy(v string)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *TrustedOrigin) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *TrustedOrigin) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *TrustedOrigin) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *TrustedOrigin) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *TrustedOrigin) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *TrustedOrigin) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *TrustedOrigin) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *TrustedOrigin) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *TrustedOrigin) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLastUpdatedBy
+
+`func (o *TrustedOrigin) GetLastUpdatedBy() string`
+
+GetLastUpdatedBy returns the LastUpdatedBy field if non-nil, zero value otherwise.
+
+### GetLastUpdatedByOk
+
+`func (o *TrustedOrigin) GetLastUpdatedByOk() (*string, bool)`
+
+GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedBy
+
+`func (o *TrustedOrigin) SetLastUpdatedBy(v string)`
+
+SetLastUpdatedBy sets LastUpdatedBy field to given value.
+
+### HasLastUpdatedBy
+
+`func (o *TrustedOrigin) HasLastUpdatedBy() bool`
+
+HasLastUpdatedBy returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *TrustedOrigin) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *TrustedOrigin) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *TrustedOrigin) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *TrustedOrigin) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetOrigin
+
+`func (o *TrustedOrigin) GetOrigin() string`
+
+GetOrigin returns the Origin field if non-nil, zero value otherwise.
+
+### GetOriginOk
+
+`func (o *TrustedOrigin) GetOriginOk() (*string, bool)`
+
+GetOriginOk returns a tuple with the Origin field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOrigin
+
+`func (o *TrustedOrigin) SetOrigin(v string)`
+
+SetOrigin sets Origin field to given value.
+
+### HasOrigin
+
+`func (o *TrustedOrigin) HasOrigin() bool`
+
+HasOrigin returns a boolean if a field has been set.
+
+### GetScopes
+
+`func (o *TrustedOrigin) GetScopes() []TrustedOriginScope`
+
+GetScopes returns the Scopes field if non-nil, zero value otherwise.
+
+### GetScopesOk
+
+`func (o *TrustedOrigin) GetScopesOk() (*[]TrustedOriginScope, bool)`
+
+GetScopesOk returns a tuple with the Scopes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScopes
+
+`func (o *TrustedOrigin) SetScopes(v []TrustedOriginScope)`
+
+SetScopes sets Scopes field to given value.
+
+### HasScopes
+
+`func (o *TrustedOrigin) HasScopes() bool`
+
+HasScopes returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *TrustedOrigin) GetStatus() string`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *TrustedOrigin) GetStatusOk() (*string, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *TrustedOrigin) SetStatus(v string)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *TrustedOrigin) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *TrustedOrigin) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *TrustedOrigin) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *TrustedOrigin) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *TrustedOrigin) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TrustedOriginApi.md b/okta/docs/TrustedOriginApi.md
new file mode 100644
index 000000000..b6b5a98e0
--- /dev/null
+++ b/okta/docs/TrustedOriginApi.md
@@ -0,0 +1,503 @@
+# \TrustedOriginApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateTrustedOrigin**](TrustedOriginApi.md#ActivateTrustedOrigin) | **Post** /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate | Activate a Trusted Origin
+[**CreateTrustedOrigin**](TrustedOriginApi.md#CreateTrustedOrigin) | **Post** /api/v1/trustedOrigins | Create a Trusted Origin
+[**DeactivateTrustedOrigin**](TrustedOriginApi.md#DeactivateTrustedOrigin) | **Post** /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate | Deactivate a Trusted Origin
+[**DeleteTrustedOrigin**](TrustedOriginApi.md#DeleteTrustedOrigin) | **Delete** /api/v1/trustedOrigins/{trustedOriginId} | Delete a Trusted Origin
+[**GetTrustedOrigin**](TrustedOriginApi.md#GetTrustedOrigin) | **Get** /api/v1/trustedOrigins/{trustedOriginId} | Retrieve a Trusted Origin
+[**ListTrustedOrigins**](TrustedOriginApi.md#ListTrustedOrigins) | **Get** /api/v1/trustedOrigins | List all Trusted Origins
+[**ReplaceTrustedOrigin**](TrustedOriginApi.md#ReplaceTrustedOrigin) | **Put** /api/v1/trustedOrigins/{trustedOriginId} | Replace a Trusted Origin
+
+
+
+## ActivateTrustedOrigin
+
+> TrustedOrigin ActivateTrustedOrigin(ctx, trustedOriginId).Execute()
+
+Activate a Trusted Origin
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    trustedOriginId := "trustedOriginId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TrustedOriginApi.ActivateTrustedOrigin(context.Background(), trustedOriginId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TrustedOriginApi.ActivateTrustedOrigin``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateTrustedOrigin`: TrustedOrigin
+    fmt.Fprintf(os.Stdout, "Response from `TrustedOriginApi.ActivateTrustedOrigin`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**trustedOriginId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateTrustedOriginRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**TrustedOrigin**](TrustedOrigin.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateTrustedOrigin
+
+> TrustedOrigin CreateTrustedOrigin(ctx).TrustedOrigin(trustedOrigin).Execute()
+
+Create a Trusted Origin
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    trustedOrigin := *openapiclient.NewTrustedOrigin() // TrustedOrigin | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TrustedOriginApi.CreateTrustedOrigin(context.Background()).TrustedOrigin(trustedOrigin).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TrustedOriginApi.CreateTrustedOrigin``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateTrustedOrigin`: TrustedOrigin
+    fmt.Fprintf(os.Stdout, "Response from `TrustedOriginApi.CreateTrustedOrigin`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateTrustedOriginRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **trustedOrigin** | [**TrustedOrigin**](TrustedOrigin.md) |  | 
+
+### Return type
+
+[**TrustedOrigin**](TrustedOrigin.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateTrustedOrigin
+
+> TrustedOrigin DeactivateTrustedOrigin(ctx, trustedOriginId).Execute()
+
+Deactivate a Trusted Origin
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    trustedOriginId := "trustedOriginId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TrustedOriginApi.DeactivateTrustedOrigin(context.Background(), trustedOriginId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TrustedOriginApi.DeactivateTrustedOrigin``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `DeactivateTrustedOrigin`: TrustedOrigin
+    fmt.Fprintf(os.Stdout, "Response from `TrustedOriginApi.DeactivateTrustedOrigin`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**trustedOriginId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateTrustedOriginRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**TrustedOrigin**](TrustedOrigin.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteTrustedOrigin
+
+> DeleteTrustedOrigin(ctx, trustedOriginId).Execute()
+
+Delete a Trusted Origin
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    trustedOriginId := "trustedOriginId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TrustedOriginApi.DeleteTrustedOrigin(context.Background(), trustedOriginId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TrustedOriginApi.DeleteTrustedOrigin``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**trustedOriginId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteTrustedOriginRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetTrustedOrigin
+
+> TrustedOrigin GetTrustedOrigin(ctx, trustedOriginId).Execute()
+
+Retrieve a Trusted Origin
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    trustedOriginId := "trustedOriginId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TrustedOriginApi.GetTrustedOrigin(context.Background(), trustedOriginId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TrustedOriginApi.GetTrustedOrigin``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetTrustedOrigin`: TrustedOrigin
+    fmt.Fprintf(os.Stdout, "Response from `TrustedOriginApi.GetTrustedOrigin`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**trustedOriginId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetTrustedOriginRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**TrustedOrigin**](TrustedOrigin.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListTrustedOrigins
+
+> []TrustedOrigin ListTrustedOrigins(ctx).Q(q).Filter(filter).After(after).Limit(limit).Execute()
+
+List all Trusted Origins
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    q := "q_example" // string |  (optional)
+    filter := "filter_example" // string |  (optional)
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to -1)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TrustedOriginApi.ListTrustedOrigins(context.Background()).Q(q).Filter(filter).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TrustedOriginApi.ListTrustedOrigins``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListTrustedOrigins`: []TrustedOrigin
+    fmt.Fprintf(os.Stdout, "Response from `TrustedOriginApi.ListTrustedOrigins`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListTrustedOriginsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **q** | **string** |  | 
+ **filter** | **string** |  | 
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to -1]
+
+### Return type
+
+[**[]TrustedOrigin**](TrustedOrigin.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceTrustedOrigin
+
+> TrustedOrigin ReplaceTrustedOrigin(ctx, trustedOriginId).TrustedOrigin(trustedOrigin).Execute()
+
+Replace a Trusted Origin
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    trustedOriginId := "trustedOriginId_example" // string | 
+    trustedOrigin := *openapiclient.NewTrustedOrigin() // TrustedOrigin | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.TrustedOriginApi.ReplaceTrustedOrigin(context.Background(), trustedOriginId).TrustedOrigin(trustedOrigin).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `TrustedOriginApi.ReplaceTrustedOrigin``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceTrustedOrigin`: TrustedOrigin
+    fmt.Fprintf(os.Stdout, "Response from `TrustedOriginApi.ReplaceTrustedOrigin`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**trustedOriginId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceTrustedOriginRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **trustedOrigin** | [**TrustedOrigin**](TrustedOrigin.md) |  | 
+
+### Return type
+
+[**TrustedOrigin**](TrustedOrigin.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/TrustedOriginScope.md b/okta/docs/TrustedOriginScope.md
new file mode 100644
index 000000000..b935ba7d1
--- /dev/null
+++ b/okta/docs/TrustedOriginScope.md
@@ -0,0 +1,82 @@
+# TrustedOriginScope
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllowedOktaApps** | Pointer to [**[]IframeEmbedScopeAllowedApps**](IframeEmbedScopeAllowedApps.md) |  | [optional] 
+**Type** | Pointer to [**TrustedOriginScopeType**](TrustedOriginScopeType.md) |  | [optional] 
+
+## Methods
+
+### NewTrustedOriginScope
+
+`func NewTrustedOriginScope() *TrustedOriginScope`
+
+NewTrustedOriginScope instantiates a new TrustedOriginScope object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewTrustedOriginScopeWithDefaults
+
+`func NewTrustedOriginScopeWithDefaults() *TrustedOriginScope`
+
+NewTrustedOriginScopeWithDefaults instantiates a new TrustedOriginScope object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAllowedOktaApps
+
+`func (o *TrustedOriginScope) GetAllowedOktaApps() []IframeEmbedScopeAllowedApps`
+
+GetAllowedOktaApps returns the AllowedOktaApps field if non-nil, zero value otherwise.
+
+### GetAllowedOktaAppsOk
+
+`func (o *TrustedOriginScope) GetAllowedOktaAppsOk() (*[]IframeEmbedScopeAllowedApps, bool)`
+
+GetAllowedOktaAppsOk returns a tuple with the AllowedOktaApps field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllowedOktaApps
+
+`func (o *TrustedOriginScope) SetAllowedOktaApps(v []IframeEmbedScopeAllowedApps)`
+
+SetAllowedOktaApps sets AllowedOktaApps field to given value.
+
+### HasAllowedOktaApps
+
+`func (o *TrustedOriginScope) HasAllowedOktaApps() bool`
+
+HasAllowedOktaApps returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *TrustedOriginScope) GetType() TrustedOriginScopeType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *TrustedOriginScope) GetTypeOk() (*TrustedOriginScopeType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *TrustedOriginScope) SetType(v TrustedOriginScopeType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *TrustedOriginScope) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/TrustedOriginScopeType.md b/okta/docs/TrustedOriginScopeType.md
new file mode 100644
index 000000000..bcc0d2933
--- /dev/null
+++ b/okta/docs/TrustedOriginScopeType.md
@@ -0,0 +1,15 @@
+# TrustedOriginScopeType
+
+## Enum
+
+
+* `CORS` (value: `"CORS"`)
+
+* `IFRAME_EMBED` (value: `"IFRAME_EMBED"`)
+
+* `REDIRECT` (value: `"REDIRECT"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/U2fUserFactor.md b/okta/docs/U2fUserFactor.md
new file mode 100644
index 000000000..32c81e81f
--- /dev/null
+++ b/okta/docs/U2fUserFactor.md
@@ -0,0 +1,56 @@
+# U2fUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**U2fUserFactorProfile**](U2fUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewU2fUserFactor
+
+`func NewU2fUserFactor() *U2fUserFactor`
+
+NewU2fUserFactor instantiates a new U2fUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewU2fUserFactorWithDefaults
+
+`func NewU2fUserFactorWithDefaults() *U2fUserFactor`
+
+NewU2fUserFactorWithDefaults instantiates a new U2fUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *U2fUserFactor) GetProfile() U2fUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *U2fUserFactor) GetProfileOk() (*U2fUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *U2fUserFactor) SetProfile(v U2fUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *U2fUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/U2fUserFactorAllOf.md b/okta/docs/U2fUserFactorAllOf.md
new file mode 100644
index 000000000..24c572817
--- /dev/null
+++ b/okta/docs/U2fUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# U2fUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**U2fUserFactorProfile**](U2fUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewU2fUserFactorAllOf
+
+`func NewU2fUserFactorAllOf() *U2fUserFactorAllOf`
+
+NewU2fUserFactorAllOf instantiates a new U2fUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewU2fUserFactorAllOfWithDefaults
+
+`func NewU2fUserFactorAllOfWithDefaults() *U2fUserFactorAllOf`
+
+NewU2fUserFactorAllOfWithDefaults instantiates a new U2fUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *U2fUserFactorAllOf) GetProfile() U2fUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *U2fUserFactorAllOf) GetProfileOk() (*U2fUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *U2fUserFactorAllOf) SetProfile(v U2fUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *U2fUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/U2fUserFactorProfile.md b/okta/docs/U2fUserFactorProfile.md
new file mode 100644
index 000000000..93c2534e4
--- /dev/null
+++ b/okta/docs/U2fUserFactorProfile.md
@@ -0,0 +1,56 @@
+# U2fUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredentialId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewU2fUserFactorProfile
+
+`func NewU2fUserFactorProfile() *U2fUserFactorProfile`
+
+NewU2fUserFactorProfile instantiates a new U2fUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewU2fUserFactorProfileWithDefaults
+
+`func NewU2fUserFactorProfileWithDefaults() *U2fUserFactorProfile`
+
+NewU2fUserFactorProfileWithDefaults instantiates a new U2fUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentialId
+
+`func (o *U2fUserFactorProfile) GetCredentialId() string`
+
+GetCredentialId returns the CredentialId field if non-nil, zero value otherwise.
+
+### GetCredentialIdOk
+
+`func (o *U2fUserFactorProfile) GetCredentialIdOk() (*string, bool)`
+
+GetCredentialIdOk returns a tuple with the CredentialId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialId
+
+`func (o *U2fUserFactorProfile) SetCredentialId(v string)`
+
+SetCredentialId sets CredentialId field to given value.
+
+### HasCredentialId
+
+`func (o *U2fUserFactorProfile) HasCredentialId() bool`
+
+HasCredentialId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UpdateDomain.md b/okta/docs/UpdateDomain.md
new file mode 100644
index 000000000..859675bde
--- /dev/null
+++ b/okta/docs/UpdateDomain.md
@@ -0,0 +1,56 @@
+# UpdateDomain
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**BrandId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUpdateDomain
+
+`func NewUpdateDomain() *UpdateDomain`
+
+NewUpdateDomain instantiates a new UpdateDomain object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUpdateDomainWithDefaults
+
+`func NewUpdateDomainWithDefaults() *UpdateDomain`
+
+NewUpdateDomainWithDefaults instantiates a new UpdateDomain object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBrandId
+
+`func (o *UpdateDomain) GetBrandId() string`
+
+GetBrandId returns the BrandId field if non-nil, zero value otherwise.
+
+### GetBrandIdOk
+
+`func (o *UpdateDomain) GetBrandIdOk() (*string, bool)`
+
+GetBrandIdOk returns a tuple with the BrandId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBrandId
+
+`func (o *UpdateDomain) SetBrandId(v string)`
+
+SetBrandId sets BrandId field to given value.
+
+### HasBrandId
+
+`func (o *UpdateDomain) HasBrandId() bool`
+
+HasBrandId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UpdateEmailDomain.md b/okta/docs/UpdateEmailDomain.md
new file mode 100644
index 000000000..bbf2a760c
--- /dev/null
+++ b/okta/docs/UpdateEmailDomain.md
@@ -0,0 +1,72 @@
+# UpdateEmailDomain
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DisplayName** | **string** |  | 
+**UserName** | **string** |  | 
+
+## Methods
+
+### NewUpdateEmailDomain
+
+`func NewUpdateEmailDomain(displayName string, userName string, ) *UpdateEmailDomain`
+
+NewUpdateEmailDomain instantiates a new UpdateEmailDomain object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUpdateEmailDomainWithDefaults
+
+`func NewUpdateEmailDomainWithDefaults() *UpdateEmailDomain`
+
+NewUpdateEmailDomainWithDefaults instantiates a new UpdateEmailDomain object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDisplayName
+
+`func (o *UpdateEmailDomain) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *UpdateEmailDomain) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *UpdateEmailDomain) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+
+### GetUserName
+
+`func (o *UpdateEmailDomain) GetUserName() string`
+
+GetUserName returns the UserName field if non-nil, zero value otherwise.
+
+### GetUserNameOk
+
+`func (o *UpdateEmailDomain) GetUserNameOk() (*string, bool)`
+
+GetUserNameOk returns a tuple with the UserName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserName
+
+`func (o *UpdateEmailDomain) SetUserName(v string)`
+
+SetUserName sets UserName field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UpdateUserRequest.md b/okta/docs/UpdateUserRequest.md
new file mode 100644
index 000000000..30655054f
--- /dev/null
+++ b/okta/docs/UpdateUserRequest.md
@@ -0,0 +1,82 @@
+# UpdateUserRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**UserCredentials**](UserCredentials.md) |  | [optional] 
+**Profile** | Pointer to [**UserProfile**](UserProfile.md) |  | [optional] 
+
+## Methods
+
+### NewUpdateUserRequest
+
+`func NewUpdateUserRequest() *UpdateUserRequest`
+
+NewUpdateUserRequest instantiates a new UpdateUserRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUpdateUserRequestWithDefaults
+
+`func NewUpdateUserRequestWithDefaults() *UpdateUserRequest`
+
+NewUpdateUserRequestWithDefaults instantiates a new UpdateUserRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *UpdateUserRequest) GetCredentials() UserCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *UpdateUserRequest) GetCredentialsOk() (*UserCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *UpdateUserRequest) SetCredentials(v UserCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *UpdateUserRequest) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetProfile
+
+`func (o *UpdateUserRequest) GetProfile() UserProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *UpdateUserRequest) GetProfileOk() (*UserProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *UpdateUserRequest) SetProfile(v UserProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *UpdateUserRequest) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/User.md b/okta/docs/User.md
new file mode 100644
index 000000000..944133c19
--- /dev/null
+++ b/okta/docs/User.md
@@ -0,0 +1,434 @@
+# User
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Activated** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Credentials** | Pointer to [**UserCredentials**](UserCredentials.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastLogin** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**PasswordChanged** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**Profile** | Pointer to [**UserProfile**](UserProfile.md) |  | [optional] 
+**Status** | Pointer to [**UserStatus**](UserStatus.md) |  | [optional] 
+**StatusChanged** | Pointer to **NullableTime** |  | [optional] [readonly] 
+**TransitioningToStatus** | Pointer to [**UserStatus**](UserStatus.md) |  | [optional] 
+**Type** | Pointer to [**UserType**](UserType.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewUser
+
+`func NewUser() *User`
+
+NewUser instantiates a new User object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserWithDefaults
+
+`func NewUserWithDefaults() *User`
+
+NewUserWithDefaults instantiates a new User object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActivated
+
+`func (o *User) GetActivated() time.Time`
+
+GetActivated returns the Activated field if non-nil, zero value otherwise.
+
+### GetActivatedOk
+
+`func (o *User) GetActivatedOk() (*time.Time, bool)`
+
+GetActivatedOk returns a tuple with the Activated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivated
+
+`func (o *User) SetActivated(v time.Time)`
+
+SetActivated sets Activated field to given value.
+
+### HasActivated
+
+`func (o *User) HasActivated() bool`
+
+HasActivated returns a boolean if a field has been set.
+
+### SetActivatedNil
+
+`func (o *User) SetActivatedNil(b bool)`
+
+ SetActivatedNil sets the value for Activated to be an explicit nil
+
+### UnsetActivated
+`func (o *User) UnsetActivated()`
+
+UnsetActivated ensures that no value is present for Activated, not even an explicit nil
+### GetCreated
+
+`func (o *User) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *User) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *User) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *User) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCredentials
+
+`func (o *User) GetCredentials() UserCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *User) GetCredentialsOk() (*UserCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *User) SetCredentials(v UserCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *User) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *User) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *User) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *User) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *User) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastLogin
+
+`func (o *User) GetLastLogin() time.Time`
+
+GetLastLogin returns the LastLogin field if non-nil, zero value otherwise.
+
+### GetLastLoginOk
+
+`func (o *User) GetLastLoginOk() (*time.Time, bool)`
+
+GetLastLoginOk returns a tuple with the LastLogin field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastLogin
+
+`func (o *User) SetLastLogin(v time.Time)`
+
+SetLastLogin sets LastLogin field to given value.
+
+### HasLastLogin
+
+`func (o *User) HasLastLogin() bool`
+
+HasLastLogin returns a boolean if a field has been set.
+
+### SetLastLoginNil
+
+`func (o *User) SetLastLoginNil(b bool)`
+
+ SetLastLoginNil sets the value for LastLogin to be an explicit nil
+
+### UnsetLastLogin
+`func (o *User) UnsetLastLogin()`
+
+UnsetLastLogin ensures that no value is present for LastLogin, not even an explicit nil
+### GetLastUpdated
+
+`func (o *User) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *User) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *User) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *User) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetPasswordChanged
+
+`func (o *User) GetPasswordChanged() time.Time`
+
+GetPasswordChanged returns the PasswordChanged field if non-nil, zero value otherwise.
+
+### GetPasswordChangedOk
+
+`func (o *User) GetPasswordChangedOk() (*time.Time, bool)`
+
+GetPasswordChangedOk returns a tuple with the PasswordChanged field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordChanged
+
+`func (o *User) SetPasswordChanged(v time.Time)`
+
+SetPasswordChanged sets PasswordChanged field to given value.
+
+### HasPasswordChanged
+
+`func (o *User) HasPasswordChanged() bool`
+
+HasPasswordChanged returns a boolean if a field has been set.
+
+### SetPasswordChangedNil
+
+`func (o *User) SetPasswordChangedNil(b bool)`
+
+ SetPasswordChangedNil sets the value for PasswordChanged to be an explicit nil
+
+### UnsetPasswordChanged
+`func (o *User) UnsetPasswordChanged()`
+
+UnsetPasswordChanged ensures that no value is present for PasswordChanged, not even an explicit nil
+### GetProfile
+
+`func (o *User) GetProfile() UserProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *User) GetProfileOk() (*UserProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *User) SetProfile(v UserProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *User) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *User) GetStatus() UserStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *User) GetStatusOk() (*UserStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *User) SetStatus(v UserStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *User) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetStatusChanged
+
+`func (o *User) GetStatusChanged() time.Time`
+
+GetStatusChanged returns the StatusChanged field if non-nil, zero value otherwise.
+
+### GetStatusChangedOk
+
+`func (o *User) GetStatusChangedOk() (*time.Time, bool)`
+
+GetStatusChangedOk returns a tuple with the StatusChanged field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatusChanged
+
+`func (o *User) SetStatusChanged(v time.Time)`
+
+SetStatusChanged sets StatusChanged field to given value.
+
+### HasStatusChanged
+
+`func (o *User) HasStatusChanged() bool`
+
+HasStatusChanged returns a boolean if a field has been set.
+
+### SetStatusChangedNil
+
+`func (o *User) SetStatusChangedNil(b bool)`
+
+ SetStatusChangedNil sets the value for StatusChanged to be an explicit nil
+
+### UnsetStatusChanged
+`func (o *User) UnsetStatusChanged()`
+
+UnsetStatusChanged ensures that no value is present for StatusChanged, not even an explicit nil
+### GetTransitioningToStatus
+
+`func (o *User) GetTransitioningToStatus() UserStatus`
+
+GetTransitioningToStatus returns the TransitioningToStatus field if non-nil, zero value otherwise.
+
+### GetTransitioningToStatusOk
+
+`func (o *User) GetTransitioningToStatusOk() (*UserStatus, bool)`
+
+GetTransitioningToStatusOk returns a tuple with the TransitioningToStatus field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTransitioningToStatus
+
+`func (o *User) SetTransitioningToStatus(v UserStatus)`
+
+SetTransitioningToStatus sets TransitioningToStatus field to given value.
+
+### HasTransitioningToStatus
+
+`func (o *User) HasTransitioningToStatus() bool`
+
+HasTransitioningToStatus returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *User) GetType() UserType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *User) GetTypeOk() (*UserType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *User) SetType(v UserType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *User) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *User) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *User) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *User) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *User) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *User) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *User) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *User) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *User) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserActivationToken.md b/okta/docs/UserActivationToken.md
new file mode 100644
index 000000000..8ad2faef1
--- /dev/null
+++ b/okta/docs/UserActivationToken.md
@@ -0,0 +1,82 @@
+# UserActivationToken
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ActivationToken** | Pointer to **string** |  | [optional] [readonly] 
+**ActivationUrl** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewUserActivationToken
+
+`func NewUserActivationToken() *UserActivationToken`
+
+NewUserActivationToken instantiates a new UserActivationToken object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserActivationTokenWithDefaults
+
+`func NewUserActivationTokenWithDefaults() *UserActivationToken`
+
+NewUserActivationTokenWithDefaults instantiates a new UserActivationToken object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActivationToken
+
+`func (o *UserActivationToken) GetActivationToken() string`
+
+GetActivationToken returns the ActivationToken field if non-nil, zero value otherwise.
+
+### GetActivationTokenOk
+
+`func (o *UserActivationToken) GetActivationTokenOk() (*string, bool)`
+
+GetActivationTokenOk returns a tuple with the ActivationToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivationToken
+
+`func (o *UserActivationToken) SetActivationToken(v string)`
+
+SetActivationToken sets ActivationToken field to given value.
+
+### HasActivationToken
+
+`func (o *UserActivationToken) HasActivationToken() bool`
+
+HasActivationToken returns a boolean if a field has been set.
+
+### GetActivationUrl
+
+`func (o *UserActivationToken) GetActivationUrl() string`
+
+GetActivationUrl returns the ActivationUrl field if non-nil, zero value otherwise.
+
+### GetActivationUrlOk
+
+`func (o *UserActivationToken) GetActivationUrlOk() (*string, bool)`
+
+GetActivationUrlOk returns a tuple with the ActivationUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivationUrl
+
+`func (o *UserActivationToken) SetActivationUrl(v string)`
+
+SetActivationUrl sets ActivationUrl field to given value.
+
+### HasActivationUrl
+
+`func (o *UserActivationToken) HasActivationUrl() bool`
+
+HasActivationUrl returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserApi.md b/okta/docs/UserApi.md
new file mode 100644
index 000000000..cdacf2f8c
--- /dev/null
+++ b/okta/docs/UserApi.md
@@ -0,0 +1,2867 @@
+# \UserApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateUser**](UserApi.md#ActivateUser) | **Post** /api/v1/users/{userId}/lifecycle/activate | Activate a User
+[**ChangePassword**](UserApi.md#ChangePassword) | **Post** /api/v1/users/{userId}/credentials/change_password | Change Password
+[**ChangeRecoveryQuestion**](UserApi.md#ChangeRecoveryQuestion) | **Post** /api/v1/users/{userId}/credentials/change_recovery_question | Change Recovery Question
+[**CreateUser**](UserApi.md#CreateUser) | **Post** /api/v1/users | Create a User
+[**DeactivateUser**](UserApi.md#DeactivateUser) | **Post** /api/v1/users/{userId}/lifecycle/deactivate | Deactivate a User
+[**DeleteLinkedObjectForUser**](UserApi.md#DeleteLinkedObjectForUser) | **Delete** /api/v1/users/{userId}/linkedObjects/{relationshipName} | Delete a Linked Object
+[**DeleteUser**](UserApi.md#DeleteUser) | **Delete** /api/v1/users/{userId} | Delete a User
+[**ExpirePassword**](UserApi.md#ExpirePassword) | **Post** /api/v1/users/{userId}/lifecycle/expire_password | Expire Password
+[**ExpirePasswordAndGetTemporaryPassword**](UserApi.md#ExpirePasswordAndGetTemporaryPassword) | **Post** /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password | Expire Password and Set Temporary Password
+[**ForgotPassword**](UserApi.md#ForgotPassword) | **Post** /api/v1/users/{userId}/credentials/forgot_password | Initiate Forgot Password
+[**ForgotPasswordSetNewPassword**](UserApi.md#ForgotPasswordSetNewPassword) | **Post** /api/v1/users/{userId}/credentials/forgot_password_recovery_question | Reset Password with Recovery Question
+[**GenerateResetPasswordToken**](UserApi.md#GenerateResetPasswordToken) | **Post** /api/v1/users/{userId}/lifecycle/reset_password | Generate a Reset Password Token
+[**GetRefreshTokenForUserAndClient**](UserApi.md#GetRefreshTokenForUserAndClient) | **Get** /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId} | Retrieve a Refresh Token for a Client
+[**GetUser**](UserApi.md#GetUser) | **Get** /api/v1/users/{userId} | Retrieve a User
+[**GetUserGrant**](UserApi.md#GetUserGrant) | **Get** /api/v1/users/{userId}/grants/{grantId} | Retrieve a User Grant
+[**ListAppLinks**](UserApi.md#ListAppLinks) | **Get** /api/v1/users/{userId}/appLinks | List all Assigned Application Links
+[**ListGrantsForUserAndClient**](UserApi.md#ListGrantsForUserAndClient) | **Get** /api/v1/users/{userId}/clients/{clientId}/grants | List all Grants for a Client
+[**ListLinkedObjectsForUser**](UserApi.md#ListLinkedObjectsForUser) | **Get** /api/v1/users/{userId}/linkedObjects/{relationshipName} | List all Linked Objects
+[**ListRefreshTokensForUserAndClient**](UserApi.md#ListRefreshTokensForUserAndClient) | **Get** /api/v1/users/{userId}/clients/{clientId}/tokens | List all Refresh Tokens for a Client
+[**ListUserBlocks**](UserApi.md#ListUserBlocks) | **Get** /api/v1/users/{userId}/blocks | List all User Blocks
+[**ListUserClients**](UserApi.md#ListUserClients) | **Get** /api/v1/users/{userId}/clients | List all Clients
+[**ListUserGrants**](UserApi.md#ListUserGrants) | **Get** /api/v1/users/{userId}/grants | List all User Grants
+[**ListUserGroups**](UserApi.md#ListUserGroups) | **Get** /api/v1/users/{userId}/groups | List all Groups
+[**ListUserIdentityProviders**](UserApi.md#ListUserIdentityProviders) | **Get** /api/v1/users/{userId}/idps | List all Identity Providers
+[**ListUsers**](UserApi.md#ListUsers) | **Get** /api/v1/users | List all Users
+[**ReactivateUser**](UserApi.md#ReactivateUser) | **Post** /api/v1/users/{userId}/lifecycle/reactivate | Reactivate a User
+[**ReplaceUser**](UserApi.md#ReplaceUser) | **Put** /api/v1/users/{userId} | Replace a User
+[**ResetFactors**](UserApi.md#ResetFactors) | **Post** /api/v1/users/{userId}/lifecycle/reset_factors | Reset all Factors
+[**RevokeGrantsForUserAndClient**](UserApi.md#RevokeGrantsForUserAndClient) | **Delete** /api/v1/users/{userId}/clients/{clientId}/grants | Revoke all Grants for a Client
+[**RevokeTokenForUserAndClient**](UserApi.md#RevokeTokenForUserAndClient) | **Delete** /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId} | Revoke a Token for a Client
+[**RevokeTokensForUserAndClient**](UserApi.md#RevokeTokensForUserAndClient) | **Delete** /api/v1/users/{userId}/clients/{clientId}/tokens | Revoke all Refresh Tokens for a Client
+[**RevokeUserGrant**](UserApi.md#RevokeUserGrant) | **Delete** /api/v1/users/{userId}/grants/{grantId} | Revoke a User Grant
+[**RevokeUserGrants**](UserApi.md#RevokeUserGrants) | **Delete** /api/v1/users/{userId}/grants | Revoke all User Grants
+[**RevokeUserSessions**](UserApi.md#RevokeUserSessions) | **Delete** /api/v1/users/{userId}/sessions | Revoke all User Sessions
+[**SetLinkedObjectForUser**](UserApi.md#SetLinkedObjectForUser) | **Put** /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId} | Create a Linked Object for two User
+[**SuspendUser**](UserApi.md#SuspendUser) | **Post** /api/v1/users/{userId}/lifecycle/suspend | Suspend a User
+[**UnlockUser**](UserApi.md#UnlockUser) | **Post** /api/v1/users/{userId}/lifecycle/unlock | Unlock a User
+[**UnsuspendUser**](UserApi.md#UnsuspendUser) | **Post** /api/v1/users/{userId}/lifecycle/unsuspend | Unsuspend a User
+[**UpdateUser**](UserApi.md#UpdateUser) | **Post** /api/v1/users/{userId} | Update a User
+
+
+
+## ActivateUser
+
+> UserActivationToken ActivateUser(ctx, userId).SendEmail(sendEmail).Execute()
+
+Activate a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    sendEmail := true // bool | Sends an activation email to the user if true (default to true)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ActivateUser(context.Background(), userId).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ActivateUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateUser`: UserActivationToken
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ActivateUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **sendEmail** | **bool** | Sends an activation email to the user if true | [default to true]
+
+### Return type
+
+[**UserActivationToken**](UserActivationToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ChangePassword
+
+> UserCredentials ChangePassword(ctx, userId).ChangePasswordRequest(changePasswordRequest).Strict(strict).Execute()
+
+Change Password
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    changePasswordRequest := *openapiclient.NewChangePasswordRequest() // ChangePasswordRequest | 
+    strict := true // bool |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ChangePassword(context.Background(), userId).ChangePasswordRequest(changePasswordRequest).Strict(strict).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ChangePassword``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ChangePassword`: UserCredentials
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ChangePassword`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiChangePasswordRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **changePasswordRequest** | [**ChangePasswordRequest**](ChangePasswordRequest.md) |  | 
+ **strict** | **bool** |  | 
+
+### Return type
+
+[**UserCredentials**](UserCredentials.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ChangeRecoveryQuestion
+
+> UserCredentials ChangeRecoveryQuestion(ctx, userId).UserCredentials(userCredentials).Execute()
+
+Change Recovery Question
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    userCredentials := *openapiclient.NewUserCredentials() // UserCredentials | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ChangeRecoveryQuestion(context.Background(), userId).UserCredentials(userCredentials).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ChangeRecoveryQuestion``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ChangeRecoveryQuestion`: UserCredentials
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ChangeRecoveryQuestion`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiChangeRecoveryQuestionRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **userCredentials** | [**UserCredentials**](UserCredentials.md) |  | 
+
+### Return type
+
+[**UserCredentials**](UserCredentials.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## CreateUser
+
+> User CreateUser(ctx).Body(body).Activate(activate).Provider(provider).NextLogin(nextLogin).Execute()
+
+Create a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    body := *openapiclient.NewCreateUserRequest(*openapiclient.NewUserProfile()) // CreateUserRequest | 
+    activate := true // bool | Executes activation lifecycle operation when creating the user (optional) (default to true)
+    provider := true // bool | Indicates whether to create a user with a specified authentication provider (optional) (default to false)
+    nextLogin := openapiclient.UserNextLogin("changePassword") // UserNextLogin | With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in. (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.CreateUser(context.Background()).Body(body).Activate(activate).Provider(provider).NextLogin(nextLogin).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.CreateUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateUser`: User
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.CreateUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **body** | [**CreateUserRequest**](CreateUserRequest.md) |  | 
+ **activate** | **bool** | Executes activation lifecycle operation when creating the user | [default to true]
+ **provider** | **bool** | Indicates whether to create a user with a specified authentication provider | [default to false]
+ **nextLogin** | [**UserNextLogin**](UserNextLogin.md) | With activate&#x3D;true, set nextLogin to \&quot;changePassword\&quot; to have the password be EXPIRED, so user must change it the next time they log in. | 
+
+### Return type
+
+[**User**](User.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeactivateUser
+
+> DeactivateUser(ctx, userId).SendEmail(sendEmail).Execute()
+
+Deactivate a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    sendEmail := true // bool |  (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.DeactivateUser(context.Background(), userId).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.DeactivateUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeactivateUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **sendEmail** | **bool** |  | [default to false]
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteLinkedObjectForUser
+
+> DeleteLinkedObjectForUser(ctx, userId, relationshipName).Execute()
+
+Delete a Linked Object
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    relationshipName := "relationshipName_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.DeleteLinkedObjectForUser(context.Background(), userId, relationshipName).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.DeleteLinkedObjectForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**relationshipName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteLinkedObjectForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteUser
+
+> DeleteUser(ctx, userId).SendEmail(sendEmail).Execute()
+
+Delete a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    sendEmail := true // bool |  (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.DeleteUser(context.Background(), userId).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.DeleteUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **sendEmail** | **bool** |  | [default to false]
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ExpirePassword
+
+> User ExpirePassword(ctx, userId).Execute()
+
+Expire Password
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ExpirePassword(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ExpirePassword``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ExpirePassword`: User
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ExpirePassword`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiExpirePasswordRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**User**](User.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ExpirePasswordAndGetTemporaryPassword
+
+> TempPassword ExpirePasswordAndGetTemporaryPassword(ctx, userId).Execute()
+
+Expire Password and Set Temporary Password
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ExpirePasswordAndGetTemporaryPassword(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ExpirePasswordAndGetTemporaryPassword``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ExpirePasswordAndGetTemporaryPassword`: TempPassword
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ExpirePasswordAndGetTemporaryPassword`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiExpirePasswordAndGetTemporaryPasswordRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**TempPassword**](TempPassword.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ForgotPassword
+
+> ForgotPasswordResponse ForgotPassword(ctx, userId).SendEmail(sendEmail).Execute()
+
+Initiate Forgot Password
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    sendEmail := true // bool |  (optional) (default to true)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ForgotPassword(context.Background(), userId).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ForgotPassword``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ForgotPassword`: ForgotPasswordResponse
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ForgotPassword`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiForgotPasswordRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **sendEmail** | **bool** |  | [default to true]
+
+### Return type
+
+[**ForgotPasswordResponse**](ForgotPasswordResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ForgotPasswordSetNewPassword
+
+> UserCredentials ForgotPasswordSetNewPassword(ctx, userId).UserCredentials(userCredentials).SendEmail(sendEmail).Execute()
+
+Reset Password with Recovery Question
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    userCredentials := *openapiclient.NewUserCredentials() // UserCredentials | 
+    sendEmail := true // bool |  (optional) (default to true)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ForgotPasswordSetNewPassword(context.Background(), userId).UserCredentials(userCredentials).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ForgotPasswordSetNewPassword``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ForgotPasswordSetNewPassword`: UserCredentials
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ForgotPasswordSetNewPassword`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiForgotPasswordSetNewPasswordRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **userCredentials** | [**UserCredentials**](UserCredentials.md) |  | 
+ **sendEmail** | **bool** |  | [default to true]
+
+### Return type
+
+[**UserCredentials**](UserCredentials.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GenerateResetPasswordToken
+
+> ResetPasswordToken GenerateResetPasswordToken(ctx, userId).SendEmail(sendEmail).Execute()
+
+Generate a Reset Password Token
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    sendEmail := true // bool | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.GenerateResetPasswordToken(context.Background(), userId).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.GenerateResetPasswordToken``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GenerateResetPasswordToken`: ResetPasswordToken
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.GenerateResetPasswordToken`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGenerateResetPasswordTokenRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **sendEmail** | **bool** |  | 
+
+### Return type
+
+[**ResetPasswordToken**](ResetPasswordToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetRefreshTokenForUserAndClient
+
+> OAuth2RefreshToken GetRefreshTokenForUserAndClient(ctx, userId, clientId, tokenId).Expand(expand).Limit(limit).After(after).Execute()
+
+Retrieve a Refresh Token for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    clientId := "clientId_example" // string | 
+    tokenId := "tokenId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+    after := "after_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.GetRefreshTokenForUserAndClient(context.Background(), userId, clientId, tokenId).Expand(expand).Limit(limit).After(after).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.GetRefreshTokenForUserAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetRefreshTokenForUserAndClient`: OAuth2RefreshToken
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.GetRefreshTokenForUserAndClient`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**clientId** | **string** |  | 
+**tokenId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetRefreshTokenForUserAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+ **expand** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+ **after** | **string** |  | 
+
+### Return type
+
+[**OAuth2RefreshToken**](OAuth2RefreshToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetUser
+
+> User GetUser(ctx, userId).Expand(expand).Execute()
+
+Retrieve a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    expand := "expand_example" // string | Specifies additional metadata to include in the response. Possible value: `blocks` (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.GetUser(context.Background(), userId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.GetUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetUser`: User
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.GetUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **expand** | **string** | Specifies additional metadata to include in the response. Possible value: &#x60;blocks&#x60; | 
+
+### Return type
+
+[**User**](User.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetUserGrant
+
+> OAuth2ScopeConsentGrant GetUserGrant(ctx, userId, grantId).Expand(expand).Execute()
+
+Retrieve a User Grant
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    grantId := "grantId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.GetUserGrant(context.Background(), userId, grantId).Expand(expand).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.GetUserGrant``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetUserGrant`: OAuth2ScopeConsentGrant
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.GetUserGrant`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**grantId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetUserGrantRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+
+### Return type
+
+[**OAuth2ScopeConsentGrant**](OAuth2ScopeConsentGrant.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListAppLinks
+
+> []AppLink ListAppLinks(ctx, userId).Execute()
+
+List all Assigned Application Links
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListAppLinks(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListAppLinks``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListAppLinks`: []AppLink
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListAppLinks`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListAppLinksRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]AppLink**](AppLink.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListGrantsForUserAndClient
+
+> []OAuth2ScopeConsentGrant ListGrantsForUserAndClient(ctx, userId, clientId).Expand(expand).After(after).Limit(limit).Execute()
+
+List all Grants for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    clientId := "clientId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListGrantsForUserAndClient(context.Background(), userId, clientId).Expand(expand).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListGrantsForUserAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListGrantsForUserAndClient`: []OAuth2ScopeConsentGrant
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListGrantsForUserAndClient`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**clientId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListGrantsForUserAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]OAuth2ScopeConsentGrant**](OAuth2ScopeConsentGrant.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListLinkedObjectsForUser
+
+> []map[string]interface{} ListLinkedObjectsForUser(ctx, userId, relationshipName).After(after).Limit(limit).Execute()
+
+List all Linked Objects
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    relationshipName := "relationshipName_example" // string | 
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to -1)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListLinkedObjectsForUser(context.Background(), userId, relationshipName).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListLinkedObjectsForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListLinkedObjectsForUser`: []map[string]interface{}
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListLinkedObjectsForUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**relationshipName** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListLinkedObjectsForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to -1]
+
+### Return type
+
+**[]map[string]interface{}**
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListRefreshTokensForUserAndClient
+
+> []OAuth2RefreshToken ListRefreshTokensForUserAndClient(ctx, userId, clientId).Expand(expand).After(after).Limit(limit).Execute()
+
+List all Refresh Tokens for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    clientId := "clientId_example" // string | 
+    expand := "expand_example" // string |  (optional)
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListRefreshTokensForUserAndClient(context.Background(), userId, clientId).Expand(expand).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListRefreshTokensForUserAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListRefreshTokensForUserAndClient`: []OAuth2RefreshToken
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListRefreshTokensForUserAndClient`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**clientId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListRefreshTokensForUserAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **expand** | **string** |  | 
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]OAuth2RefreshToken**](OAuth2RefreshToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserBlocks
+
+> []UserBlock ListUserBlocks(ctx, userId).Execute()
+
+List all User Blocks
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListUserBlocks(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListUserBlocks``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserBlocks`: []UserBlock
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListUserBlocks`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserBlocksRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]UserBlock**](UserBlock.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserClients
+
+> []OAuth2Client ListUserClients(ctx, userId).Execute()
+
+List all Clients
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListUserClients(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListUserClients``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserClients`: []OAuth2Client
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListUserClients`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserClientsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]OAuth2Client**](OAuth2Client.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserGrants
+
+> []OAuth2ScopeConsentGrant ListUserGrants(ctx, userId).ScopeId(scopeId).Expand(expand).After(after).Limit(limit).Execute()
+
+List all User Grants
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    scopeId := "scopeId_example" // string |  (optional)
+    expand := "expand_example" // string |  (optional)
+    after := "after_example" // string |  (optional)
+    limit := int32(56) // int32 |  (optional) (default to 20)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListUserGrants(context.Background(), userId).ScopeId(scopeId).Expand(expand).After(after).Limit(limit).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListUserGrants``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserGrants`: []OAuth2ScopeConsentGrant
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListUserGrants`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserGrantsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **scopeId** | **string** |  | 
+ **expand** | **string** |  | 
+ **after** | **string** |  | 
+ **limit** | **int32** |  | [default to 20]
+
+### Return type
+
+[**[]OAuth2ScopeConsentGrant**](OAuth2ScopeConsentGrant.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserGroups
+
+> []Group ListUserGroups(ctx, userId).Execute()
+
+List all Groups
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListUserGroups(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListUserGroups``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserGroups`: []Group
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListUserGroups`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserGroupsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]Group**](Group.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserIdentityProviders
+
+> []IdentityProvider ListUserIdentityProviders(ctx, userId).Execute()
+
+List all Identity Providers
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListUserIdentityProviders(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListUserIdentityProviders``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserIdentityProviders`: []IdentityProvider
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListUserIdentityProviders`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserIdentityProvidersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]IdentityProvider**](IdentityProvider.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUsers
+
+> []User ListUsers(ctx).Q(q).After(after).Limit(limit).Filter(filter).Search(search).SortBy(sortBy).SortOrder(sortOrder).Execute()
+
+List all Users
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    q := "q_example" // string | Finds a user that matches firstName, lastName, and email properties (optional)
+    after := "after_example" // string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information. (optional)
+    limit := int32(56) // int32 | Specifies the number of results returned. Defaults to 10 if `q` is provided. (optional) (default to 200)
+    filter := "filter_example" // string | Filters users with a supported expression for a subset of properties (optional)
+    search := "search_example" // string | Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance. (optional)
+    sortBy := "sortBy_example" // string |  (optional)
+    sortOrder := "sortOrder_example" // string |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ListUsers(context.Background()).Q(q).After(after).Limit(limit).Filter(filter).Search(search).SortBy(sortBy).SortOrder(sortOrder).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ListUsers``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUsers`: []User
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ListUsers`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUsersRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **q** | **string** | Finds a user that matches firstName, lastName, and email properties | 
+ **after** | **string** | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the &#x60;Link&#x60; response header. See [Pagination](/#pagination) for more information. | 
+ **limit** | **int32** | Specifies the number of results returned. Defaults to 10 if &#x60;q&#x60; is provided. | [default to 200]
+ **filter** | **string** | Filters users with a supported expression for a subset of properties | 
+ **search** | **string** | Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance. | 
+ **sortBy** | **string** |  | 
+ **sortOrder** | **string** |  | 
+
+### Return type
+
+[**[]User**](User.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReactivateUser
+
+> UserActivationToken ReactivateUser(ctx, userId).SendEmail(sendEmail).Execute()
+
+Reactivate a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    sendEmail := true // bool | Sends an activation email to the user if true (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ReactivateUser(context.Background(), userId).SendEmail(sendEmail).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ReactivateUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReactivateUser`: UserActivationToken
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ReactivateUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReactivateUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **sendEmail** | **bool** | Sends an activation email to the user if true | [default to false]
+
+### Return type
+
+[**UserActivationToken**](UserActivationToken.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceUser
+
+> User ReplaceUser(ctx, userId).User(user).Strict(strict).Execute()
+
+Replace a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    user := *openapiclient.NewUpdateUserRequest() // UpdateUserRequest | 
+    strict := true // bool |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ReplaceUser(context.Background(), userId).User(user).Strict(strict).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ReplaceUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceUser`: User
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.ReplaceUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **user** | [**UpdateUserRequest**](UpdateUserRequest.md) |  | 
+ **strict** | **bool** |  | 
+
+### Return type
+
+[**User**](User.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ResetFactors
+
+> ResetFactors(ctx, userId).Execute()
+
+Reset all Factors
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.ResetFactors(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.ResetFactors``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiResetFactorsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeGrantsForUserAndClient
+
+> RevokeGrantsForUserAndClient(ctx, userId, clientId).Execute()
+
+Revoke all Grants for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    clientId := "clientId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.RevokeGrantsForUserAndClient(context.Background(), userId, clientId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.RevokeGrantsForUserAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**clientId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeGrantsForUserAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeTokenForUserAndClient
+
+> RevokeTokenForUserAndClient(ctx, userId, clientId, tokenId).Execute()
+
+Revoke a Token for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    clientId := "clientId_example" // string | 
+    tokenId := "tokenId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.RevokeTokenForUserAndClient(context.Background(), userId, clientId, tokenId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.RevokeTokenForUserAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**clientId** | **string** |  | 
+**tokenId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeTokenForUserAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeTokensForUserAndClient
+
+> RevokeTokensForUserAndClient(ctx, userId, clientId).Execute()
+
+Revoke all Refresh Tokens for a Client
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    clientId := "clientId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.RevokeTokensForUserAndClient(context.Background(), userId, clientId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.RevokeTokensForUserAndClient``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**clientId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeTokensForUserAndClientRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeUserGrant
+
+> RevokeUserGrant(ctx, userId, grantId).Execute()
+
+Revoke a User Grant
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    grantId := "grantId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.RevokeUserGrant(context.Background(), userId, grantId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.RevokeUserGrant``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**grantId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeUserGrantRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeUserGrants
+
+> RevokeUserGrants(ctx, userId).Execute()
+
+Revoke all User Grants
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.RevokeUserGrants(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.RevokeUserGrants``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeUserGrantsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## RevokeUserSessions
+
+> RevokeUserSessions(ctx, userId).OauthTokens(oauthTokens).Execute()
+
+Revoke all User Sessions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    oauthTokens := true // bool | Revoke issued OpenID Connect and OAuth refresh and access tokens (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.RevokeUserSessions(context.Background(), userId).OauthTokens(oauthTokens).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.RevokeUserSessions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiRevokeUserSessionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **oauthTokens** | **bool** | Revoke issued OpenID Connect and OAuth refresh and access tokens | [default to false]
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## SetLinkedObjectForUser
+
+> SetLinkedObjectForUser(ctx, associatedUserId, primaryRelationshipName, primaryUserId).Execute()
+
+Create a Linked Object for two User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    associatedUserId := "associatedUserId_example" // string | 
+    primaryRelationshipName := "primaryRelationshipName_example" // string | 
+    primaryUserId := "primaryUserId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.SetLinkedObjectForUser(context.Background(), associatedUserId, primaryRelationshipName, primaryUserId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.SetLinkedObjectForUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**associatedUserId** | **string** |  | 
+**primaryRelationshipName** | **string** |  | 
+**primaryUserId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiSetLinkedObjectForUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## SuspendUser
+
+> SuspendUser(ctx, userId).Execute()
+
+Suspend a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.SuspendUser(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.SuspendUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiSuspendUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnlockUser
+
+> UnlockUser(ctx, userId).Execute()
+
+Unlock a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.UnlockUser(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.UnlockUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnlockUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnsuspendUser
+
+> UnsuspendUser(ctx, userId).Execute()
+
+Unsuspend a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.UnsuspendUser(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.UnsuspendUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnsuspendUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateUser
+
+> User UpdateUser(ctx, userId).User(user).Strict(strict).Execute()
+
+Update a User
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    user := *openapiclient.NewUpdateUserRequest() // UpdateUserRequest | 
+    strict := true // bool |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserApi.UpdateUser(context.Background(), userId).User(user).Strict(strict).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserApi.UpdateUser``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateUser`: User
+    fmt.Fprintf(os.Stdout, "Response from `UserApi.UpdateUser`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateUserRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **user** | [**UpdateUserRequest**](UpdateUserRequest.md) |  | 
+ **strict** | **bool** |  | 
+
+### Return type
+
+[**User**](User.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/UserBlock.md b/okta/docs/UserBlock.md
new file mode 100644
index 000000000..b9a3722d9
--- /dev/null
+++ b/okta/docs/UserBlock.md
@@ -0,0 +1,82 @@
+# UserBlock
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AppliesTo** | Pointer to **string** |  | [optional] [readonly] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+
+## Methods
+
+### NewUserBlock
+
+`func NewUserBlock() *UserBlock`
+
+NewUserBlock instantiates a new UserBlock object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserBlockWithDefaults
+
+`func NewUserBlockWithDefaults() *UserBlock`
+
+NewUserBlockWithDefaults instantiates a new UserBlock object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAppliesTo
+
+`func (o *UserBlock) GetAppliesTo() string`
+
+GetAppliesTo returns the AppliesTo field if non-nil, zero value otherwise.
+
+### GetAppliesToOk
+
+`func (o *UserBlock) GetAppliesToOk() (*string, bool)`
+
+GetAppliesToOk returns a tuple with the AppliesTo field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAppliesTo
+
+`func (o *UserBlock) SetAppliesTo(v string)`
+
+SetAppliesTo sets AppliesTo field to given value.
+
+### HasAppliesTo
+
+`func (o *UserBlock) HasAppliesTo() bool`
+
+HasAppliesTo returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserBlock) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserBlock) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserBlock) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserBlock) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserCondition.md b/okta/docs/UserCondition.md
new file mode 100644
index 000000000..e4b55887c
--- /dev/null
+++ b/okta/docs/UserCondition.md
@@ -0,0 +1,82 @@
+# UserCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewUserCondition
+
+`func NewUserCondition() *UserCondition`
+
+NewUserCondition instantiates a new UserCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserConditionWithDefaults
+
+`func NewUserConditionWithDefaults() *UserCondition`
+
+NewUserConditionWithDefaults instantiates a new UserCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *UserCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *UserCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *UserCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *UserCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *UserCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *UserCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *UserCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *UserCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserCredentials.md b/okta/docs/UserCredentials.md
new file mode 100644
index 000000000..8ce4456b8
--- /dev/null
+++ b/okta/docs/UserCredentials.md
@@ -0,0 +1,108 @@
+# UserCredentials
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Password** | Pointer to [**PasswordCredential**](PasswordCredential.md) |  | [optional] 
+**Provider** | Pointer to [**AuthenticationProvider**](AuthenticationProvider.md) |  | [optional] 
+**RecoveryQuestion** | Pointer to [**RecoveryQuestionCredential**](RecoveryQuestionCredential.md) |  | [optional] 
+
+## Methods
+
+### NewUserCredentials
+
+`func NewUserCredentials() *UserCredentials`
+
+NewUserCredentials instantiates a new UserCredentials object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserCredentialsWithDefaults
+
+`func NewUserCredentialsWithDefaults() *UserCredentials`
+
+NewUserCredentialsWithDefaults instantiates a new UserCredentials object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPassword
+
+`func (o *UserCredentials) GetPassword() PasswordCredential`
+
+GetPassword returns the Password field if non-nil, zero value otherwise.
+
+### GetPasswordOk
+
+`func (o *UserCredentials) GetPasswordOk() (*PasswordCredential, bool)`
+
+GetPasswordOk returns a tuple with the Password field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassword
+
+`func (o *UserCredentials) SetPassword(v PasswordCredential)`
+
+SetPassword sets Password field to given value.
+
+### HasPassword
+
+`func (o *UserCredentials) HasPassword() bool`
+
+HasPassword returns a boolean if a field has been set.
+
+### GetProvider
+
+`func (o *UserCredentials) GetProvider() AuthenticationProvider`
+
+GetProvider returns the Provider field if non-nil, zero value otherwise.
+
+### GetProviderOk
+
+`func (o *UserCredentials) GetProviderOk() (*AuthenticationProvider, bool)`
+
+GetProviderOk returns a tuple with the Provider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvider
+
+`func (o *UserCredentials) SetProvider(v AuthenticationProvider)`
+
+SetProvider sets Provider field to given value.
+
+### HasProvider
+
+`func (o *UserCredentials) HasProvider() bool`
+
+HasProvider returns a boolean if a field has been set.
+
+### GetRecoveryQuestion
+
+`func (o *UserCredentials) GetRecoveryQuestion() RecoveryQuestionCredential`
+
+GetRecoveryQuestion returns the RecoveryQuestion field if non-nil, zero value otherwise.
+
+### GetRecoveryQuestionOk
+
+`func (o *UserCredentials) GetRecoveryQuestionOk() (*RecoveryQuestionCredential, bool)`
+
+GetRecoveryQuestionOk returns a tuple with the RecoveryQuestion field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRecoveryQuestion
+
+`func (o *UserCredentials) SetRecoveryQuestion(v RecoveryQuestionCredential)`
+
+SetRecoveryQuestion sets RecoveryQuestion field to given value.
+
+### HasRecoveryQuestion
+
+`func (o *UserCredentials) HasRecoveryQuestion() bool`
+
+HasRecoveryQuestion returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserFactor.md b/okta/docs/UserFactor.md
new file mode 100644
index 000000000..01df1596d
--- /dev/null
+++ b/okta/docs/UserFactor.md
@@ -0,0 +1,264 @@
+# UserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**FactorType** | Pointer to [**FactorType**](FactorType.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**Provider** | Pointer to [**FactorProvider**](FactorProvider.md) |  | [optional] 
+**Status** | Pointer to [**FactorStatus**](FactorStatus.md) |  | [optional] 
+**Verify** | Pointer to [**VerifyFactorRequest**](VerifyFactorRequest.md) |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewUserFactor
+
+`func NewUserFactor() *UserFactor`
+
+NewUserFactor instantiates a new UserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserFactorWithDefaults
+
+`func NewUserFactorWithDefaults() *UserFactor`
+
+NewUserFactorWithDefaults instantiates a new UserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *UserFactor) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *UserFactor) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *UserFactor) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *UserFactor) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetFactorType
+
+`func (o *UserFactor) GetFactorType() FactorType`
+
+GetFactorType returns the FactorType field if non-nil, zero value otherwise.
+
+### GetFactorTypeOk
+
+`func (o *UserFactor) GetFactorTypeOk() (*FactorType, bool)`
+
+GetFactorTypeOk returns a tuple with the FactorType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorType
+
+`func (o *UserFactor) SetFactorType(v FactorType)`
+
+SetFactorType sets FactorType field to given value.
+
+### HasFactorType
+
+`func (o *UserFactor) HasFactorType() bool`
+
+HasFactorType returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *UserFactor) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *UserFactor) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *UserFactor) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *UserFactor) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *UserFactor) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *UserFactor) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *UserFactor) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *UserFactor) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetProvider
+
+`func (o *UserFactor) GetProvider() FactorProvider`
+
+GetProvider returns the Provider field if non-nil, zero value otherwise.
+
+### GetProviderOk
+
+`func (o *UserFactor) GetProviderOk() (*FactorProvider, bool)`
+
+GetProviderOk returns a tuple with the Provider field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProvider
+
+`func (o *UserFactor) SetProvider(v FactorProvider)`
+
+SetProvider sets Provider field to given value.
+
+### HasProvider
+
+`func (o *UserFactor) HasProvider() bool`
+
+HasProvider returns a boolean if a field has been set.
+
+### GetStatus
+
+`func (o *UserFactor) GetStatus() FactorStatus`
+
+GetStatus returns the Status field if non-nil, zero value otherwise.
+
+### GetStatusOk
+
+`func (o *UserFactor) GetStatusOk() (*FactorStatus, bool)`
+
+GetStatusOk returns a tuple with the Status field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStatus
+
+`func (o *UserFactor) SetStatus(v FactorStatus)`
+
+SetStatus sets Status field to given value.
+
+### HasStatus
+
+`func (o *UserFactor) HasStatus() bool`
+
+HasStatus returns a boolean if a field has been set.
+
+### GetVerify
+
+`func (o *UserFactor) GetVerify() VerifyFactorRequest`
+
+GetVerify returns the Verify field if non-nil, zero value otherwise.
+
+### GetVerifyOk
+
+`func (o *UserFactor) GetVerifyOk() (*VerifyFactorRequest, bool)`
+
+GetVerifyOk returns a tuple with the Verify field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerify
+
+`func (o *UserFactor) SetVerify(v VerifyFactorRequest)`
+
+SetVerify sets Verify field to given value.
+
+### HasVerify
+
+`func (o *UserFactor) HasVerify() bool`
+
+HasVerify returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *UserFactor) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *UserFactor) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *UserFactor) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *UserFactor) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *UserFactor) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *UserFactor) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *UserFactor) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *UserFactor) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserFactorApi.md b/okta/docs/UserFactorApi.md
new file mode 100644
index 000000000..ea8890e20
--- /dev/null
+++ b/okta/docs/UserFactorApi.md
@@ -0,0 +1,689 @@
+# \UserFactorApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**ActivateFactor**](UserFactorApi.md#ActivateFactor) | **Post** /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate | Activate a Factor
+[**EnrollFactor**](UserFactorApi.md#EnrollFactor) | **Post** /api/v1/users/{userId}/factors | Enroll a Factor
+[**GetFactor**](UserFactorApi.md#GetFactor) | **Get** /api/v1/users/{userId}/factors/{factorId} | Retrieve a Factor
+[**GetFactorTransactionStatus**](UserFactorApi.md#GetFactorTransactionStatus) | **Get** /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId} | Retrieve a Factor Transaction Status
+[**ListFactors**](UserFactorApi.md#ListFactors) | **Get** /api/v1/users/{userId}/factors | List all Factors
+[**ListSupportedFactors**](UserFactorApi.md#ListSupportedFactors) | **Get** /api/v1/users/{userId}/factors/catalog | List all Supported Factors
+[**ListSupportedSecurityQuestions**](UserFactorApi.md#ListSupportedSecurityQuestions) | **Get** /api/v1/users/{userId}/factors/questions | List all Supported Security Questions
+[**UnenrollFactor**](UserFactorApi.md#UnenrollFactor) | **Delete** /api/v1/users/{userId}/factors/{factorId} | Unenroll a Factor
+[**VerifyFactor**](UserFactorApi.md#VerifyFactor) | **Post** /api/v1/users/{userId}/factors/{factorId}/verify | Verify an MFA Factor
+
+
+
+## ActivateFactor
+
+> ListFactors200ResponseInner ActivateFactor(ctx, userId, factorId).Body(body).Execute()
+
+Activate a Factor
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    factorId := "factorId_example" // string | 
+    body := *openapiclient.NewActivateFactorRequest() // ActivateFactorRequest |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.ActivateFactor(context.Background(), userId, factorId).Body(body).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.ActivateFactor``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ActivateFactor`: ListFactors200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.ActivateFactor`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**factorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiActivateFactorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **body** | [**ActivateFactorRequest**](ActivateFactorRequest.md) |  | 
+
+### Return type
+
+[**ListFactors200ResponseInner**](ListFactors200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## EnrollFactor
+
+> ListFactors200ResponseInner EnrollFactor(ctx, userId).Body(body).UpdatePhone(updatePhone).TemplateId(templateId).TokenLifetimeSeconds(tokenLifetimeSeconds).Activate(activate).Execute()
+
+Enroll a Factor
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    body := openapiclient.listFactors_200_response_inner{CallUserFactor: openapiclient.NewCallUserFactor()} // ListFactors200ResponseInner | Factor
+    updatePhone := true // bool |  (optional) (default to false)
+    templateId := "templateId_example" // string | id of SMS template (only for SMS factor) (optional)
+    tokenLifetimeSeconds := int32(56) // int32 |  (optional) (default to 300)
+    activate := true // bool |  (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.EnrollFactor(context.Background(), userId).Body(body).UpdatePhone(updatePhone).TemplateId(templateId).TokenLifetimeSeconds(tokenLifetimeSeconds).Activate(activate).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.EnrollFactor``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `EnrollFactor`: ListFactors200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.EnrollFactor`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiEnrollFactorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **body** | [**ListFactors200ResponseInner**](ListFactors200ResponseInner.md) | Factor | 
+ **updatePhone** | **bool** |  | [default to false]
+ **templateId** | **string** | id of SMS template (only for SMS factor) | 
+ **tokenLifetimeSeconds** | **int32** |  | [default to 300]
+ **activate** | **bool** |  | [default to false]
+
+### Return type
+
+[**ListFactors200ResponseInner**](ListFactors200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetFactor
+
+> ListFactors200ResponseInner GetFactor(ctx, userId, factorId).Execute()
+
+Retrieve a Factor
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    factorId := "factorId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.GetFactor(context.Background(), userId, factorId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.GetFactor``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetFactor`: ListFactors200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.GetFactor`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**factorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetFactorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+### Return type
+
+[**ListFactors200ResponseInner**](ListFactors200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetFactorTransactionStatus
+
+> VerifyUserFactorResponse GetFactorTransactionStatus(ctx, userId, factorId, transactionId).Execute()
+
+Retrieve a Factor Transaction Status
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    factorId := "factorId_example" // string | 
+    transactionId := "transactionId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.GetFactorTransactionStatus(context.Background(), userId, factorId, transactionId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.GetFactorTransactionStatus``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetFactorTransactionStatus`: VerifyUserFactorResponse
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.GetFactorTransactionStatus`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**factorId** | **string** |  | 
+**transactionId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetFactorTransactionStatusRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+
+
+### Return type
+
+[**VerifyUserFactorResponse**](VerifyUserFactorResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListFactors
+
+> []ListFactors200ResponseInner ListFactors(ctx, userId).Execute()
+
+List all Factors
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.ListFactors(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.ListFactors``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListFactors`: []ListFactors200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.ListFactors`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListFactorsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]ListFactors200ResponseInner**](ListFactors200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListSupportedFactors
+
+> []ListFactors200ResponseInner ListSupportedFactors(ctx, userId).Execute()
+
+List all Supported Factors
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.ListSupportedFactors(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.ListSupportedFactors``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListSupportedFactors`: []ListFactors200ResponseInner
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.ListSupportedFactors`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListSupportedFactorsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]ListFactors200ResponseInner**](ListFactors200ResponseInner.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListSupportedSecurityQuestions
+
+> []SecurityQuestion ListSupportedSecurityQuestions(ctx, userId).Execute()
+
+List all Supported Security Questions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.ListSupportedSecurityQuestions(context.Background(), userId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.ListSupportedSecurityQuestions``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListSupportedSecurityQuestions`: []SecurityQuestion
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.ListSupportedSecurityQuestions`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListSupportedSecurityQuestionsRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**[]SecurityQuestion**](SecurityQuestion.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UnenrollFactor
+
+> UnenrollFactor(ctx, userId, factorId).RemoveEnrollmentRecovery(removeEnrollmentRecovery).Execute()
+
+Unenroll a Factor
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    factorId := "factorId_example" // string | 
+    removeEnrollmentRecovery := true // bool |  (optional) (default to false)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.UnenrollFactor(context.Background(), userId, factorId).RemoveEnrollmentRecovery(removeEnrollmentRecovery).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.UnenrollFactor``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**factorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUnenrollFactorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **removeEnrollmentRecovery** | **bool** |  | [default to false]
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## VerifyFactor
+
+> VerifyUserFactorResponse VerifyFactor(ctx, userId, factorId).TemplateId(templateId).TokenLifetimeSeconds(tokenLifetimeSeconds).XForwardedFor(xForwardedFor).UserAgent(userAgent).AcceptLanguage(acceptLanguage).Body(body).Execute()
+
+Verify an MFA Factor
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userId := "userId_example" // string | 
+    factorId := "factorId_example" // string | 
+    templateId := "templateId_example" // string |  (optional)
+    tokenLifetimeSeconds := int32(56) // int32 |  (optional) (default to 300)
+    xForwardedFor := "xForwardedFor_example" // string |  (optional)
+    userAgent := "userAgent_example" // string |  (optional)
+    acceptLanguage := "acceptLanguage_example" // string |  (optional)
+    body := *openapiclient.NewVerifyFactorRequest() // VerifyFactorRequest |  (optional)
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserFactorApi.VerifyFactor(context.Background(), userId, factorId).TemplateId(templateId).TokenLifetimeSeconds(tokenLifetimeSeconds).XForwardedFor(xForwardedFor).UserAgent(userAgent).AcceptLanguage(acceptLanguage).Body(body).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserFactorApi.VerifyFactor``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `VerifyFactor`: VerifyUserFactorResponse
+    fmt.Fprintf(os.Stdout, "Response from `UserFactorApi.VerifyFactor`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**userId** | **string** |  | 
+**factorId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiVerifyFactorRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+ **templateId** | **string** |  | 
+ **tokenLifetimeSeconds** | **int32** |  | [default to 300]
+ **xForwardedFor** | **string** |  | 
+ **userAgent** | **string** |  | 
+ **acceptLanguage** | **string** |  | 
+ **body** | [**VerifyFactorRequest**](VerifyFactorRequest.md) |  | 
+
+### Return type
+
+[**VerifyUserFactorResponse**](VerifyUserFactorResponse.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/UserIdentifierConditionEvaluatorPattern.md b/okta/docs/UserIdentifierConditionEvaluatorPattern.md
new file mode 100644
index 000000000..5e93b7029
--- /dev/null
+++ b/okta/docs/UserIdentifierConditionEvaluatorPattern.md
@@ -0,0 +1,82 @@
+# UserIdentifierConditionEvaluatorPattern
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**MatchType** | Pointer to [**UserIdentifierMatchType**](UserIdentifierMatchType.md) |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserIdentifierConditionEvaluatorPattern
+
+`func NewUserIdentifierConditionEvaluatorPattern() *UserIdentifierConditionEvaluatorPattern`
+
+NewUserIdentifierConditionEvaluatorPattern instantiates a new UserIdentifierConditionEvaluatorPattern object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserIdentifierConditionEvaluatorPatternWithDefaults
+
+`func NewUserIdentifierConditionEvaluatorPatternWithDefaults() *UserIdentifierConditionEvaluatorPattern`
+
+NewUserIdentifierConditionEvaluatorPatternWithDefaults instantiates a new UserIdentifierConditionEvaluatorPattern object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMatchType
+
+`func (o *UserIdentifierConditionEvaluatorPattern) GetMatchType() UserIdentifierMatchType`
+
+GetMatchType returns the MatchType field if non-nil, zero value otherwise.
+
+### GetMatchTypeOk
+
+`func (o *UserIdentifierConditionEvaluatorPattern) GetMatchTypeOk() (*UserIdentifierMatchType, bool)`
+
+GetMatchTypeOk returns a tuple with the MatchType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMatchType
+
+`func (o *UserIdentifierConditionEvaluatorPattern) SetMatchType(v UserIdentifierMatchType)`
+
+SetMatchType sets MatchType field to given value.
+
+### HasMatchType
+
+`func (o *UserIdentifierConditionEvaluatorPattern) HasMatchType() bool`
+
+HasMatchType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *UserIdentifierConditionEvaluatorPattern) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *UserIdentifierConditionEvaluatorPattern) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *UserIdentifierConditionEvaluatorPattern) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *UserIdentifierConditionEvaluatorPattern) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserIdentifierMatchType.md b/okta/docs/UserIdentifierMatchType.md
new file mode 100644
index 000000000..9737b1a1a
--- /dev/null
+++ b/okta/docs/UserIdentifierMatchType.md
@@ -0,0 +1,19 @@
+# UserIdentifierMatchType
+
+## Enum
+
+
+* `CONTAINS` (value: `"CONTAINS"`)
+
+* `EQUALS` (value: `"EQUALS"`)
+
+* `EXPRESSION` (value: `"EXPRESSION"`)
+
+* `STARTS_WITH` (value: `"STARTS_WITH"`)
+
+* `SUFFIX` (value: `"SUFFIX"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserIdentifierPolicyRuleCondition.md b/okta/docs/UserIdentifierPolicyRuleCondition.md
new file mode 100644
index 000000000..007640197
--- /dev/null
+++ b/okta/docs/UserIdentifierPolicyRuleCondition.md
@@ -0,0 +1,108 @@
+# UserIdentifierPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Attribute** | Pointer to **string** |  | [optional] 
+**Patterns** | Pointer to [**[]UserIdentifierConditionEvaluatorPattern**](UserIdentifierConditionEvaluatorPattern.md) |  | [optional] 
+**Type** | Pointer to [**UserIdentifierType**](UserIdentifierType.md) |  | [optional] 
+
+## Methods
+
+### NewUserIdentifierPolicyRuleCondition
+
+`func NewUserIdentifierPolicyRuleCondition() *UserIdentifierPolicyRuleCondition`
+
+NewUserIdentifierPolicyRuleCondition instantiates a new UserIdentifierPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserIdentifierPolicyRuleConditionWithDefaults
+
+`func NewUserIdentifierPolicyRuleConditionWithDefaults() *UserIdentifierPolicyRuleCondition`
+
+NewUserIdentifierPolicyRuleConditionWithDefaults instantiates a new UserIdentifierPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAttribute
+
+`func (o *UserIdentifierPolicyRuleCondition) GetAttribute() string`
+
+GetAttribute returns the Attribute field if non-nil, zero value otherwise.
+
+### GetAttributeOk
+
+`func (o *UserIdentifierPolicyRuleCondition) GetAttributeOk() (*string, bool)`
+
+GetAttributeOk returns a tuple with the Attribute field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAttribute
+
+`func (o *UserIdentifierPolicyRuleCondition) SetAttribute(v string)`
+
+SetAttribute sets Attribute field to given value.
+
+### HasAttribute
+
+`func (o *UserIdentifierPolicyRuleCondition) HasAttribute() bool`
+
+HasAttribute returns a boolean if a field has been set.
+
+### GetPatterns
+
+`func (o *UserIdentifierPolicyRuleCondition) GetPatterns() []UserIdentifierConditionEvaluatorPattern`
+
+GetPatterns returns the Patterns field if non-nil, zero value otherwise.
+
+### GetPatternsOk
+
+`func (o *UserIdentifierPolicyRuleCondition) GetPatternsOk() (*[]UserIdentifierConditionEvaluatorPattern, bool)`
+
+GetPatternsOk returns a tuple with the Patterns field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPatterns
+
+`func (o *UserIdentifierPolicyRuleCondition) SetPatterns(v []UserIdentifierConditionEvaluatorPattern)`
+
+SetPatterns sets Patterns field to given value.
+
+### HasPatterns
+
+`func (o *UserIdentifierPolicyRuleCondition) HasPatterns() bool`
+
+HasPatterns returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserIdentifierPolicyRuleCondition) GetType() UserIdentifierType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserIdentifierPolicyRuleCondition) GetTypeOk() (*UserIdentifierType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserIdentifierPolicyRuleCondition) SetType(v UserIdentifierType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserIdentifierPolicyRuleCondition) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserIdentifierType.md b/okta/docs/UserIdentifierType.md
new file mode 100644
index 000000000..44c2cfbf3
--- /dev/null
+++ b/okta/docs/UserIdentifierType.md
@@ -0,0 +1,13 @@
+# UserIdentifierType
+
+## Enum
+
+
+* `ATTRIBUTE` (value: `"ATTRIBUTE"`)
+
+* `IDENTIFIER` (value: `"IDENTIFIER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserIdentityProviderLinkRequest.md b/okta/docs/UserIdentityProviderLinkRequest.md
new file mode 100644
index 000000000..6480a73ed
--- /dev/null
+++ b/okta/docs/UserIdentityProviderLinkRequest.md
@@ -0,0 +1,56 @@
+# UserIdentityProviderLinkRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExternalId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserIdentityProviderLinkRequest
+
+`func NewUserIdentityProviderLinkRequest() *UserIdentityProviderLinkRequest`
+
+NewUserIdentityProviderLinkRequest instantiates a new UserIdentityProviderLinkRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserIdentityProviderLinkRequestWithDefaults
+
+`func NewUserIdentityProviderLinkRequestWithDefaults() *UserIdentityProviderLinkRequest`
+
+NewUserIdentityProviderLinkRequestWithDefaults instantiates a new UserIdentityProviderLinkRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExternalId
+
+`func (o *UserIdentityProviderLinkRequest) GetExternalId() string`
+
+GetExternalId returns the ExternalId field if non-nil, zero value otherwise.
+
+### GetExternalIdOk
+
+`func (o *UserIdentityProviderLinkRequest) GetExternalIdOk() (*string, bool)`
+
+GetExternalIdOk returns a tuple with the ExternalId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalId
+
+`func (o *UserIdentityProviderLinkRequest) SetExternalId(v string)`
+
+SetExternalId sets ExternalId field to given value.
+
+### HasExternalId
+
+`func (o *UserIdentityProviderLinkRequest) HasExternalId() bool`
+
+HasExternalId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserLifecycleAttributePolicyRuleCondition.md b/okta/docs/UserLifecycleAttributePolicyRuleCondition.md
new file mode 100644
index 000000000..08e04aa9c
--- /dev/null
+++ b/okta/docs/UserLifecycleAttributePolicyRuleCondition.md
@@ -0,0 +1,82 @@
+# UserLifecycleAttributePolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AttributeName** | Pointer to **string** |  | [optional] 
+**MatchingValue** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserLifecycleAttributePolicyRuleCondition
+
+`func NewUserLifecycleAttributePolicyRuleCondition() *UserLifecycleAttributePolicyRuleCondition`
+
+NewUserLifecycleAttributePolicyRuleCondition instantiates a new UserLifecycleAttributePolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserLifecycleAttributePolicyRuleConditionWithDefaults
+
+`func NewUserLifecycleAttributePolicyRuleConditionWithDefaults() *UserLifecycleAttributePolicyRuleCondition`
+
+NewUserLifecycleAttributePolicyRuleConditionWithDefaults instantiates a new UserLifecycleAttributePolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAttributeName
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) GetAttributeName() string`
+
+GetAttributeName returns the AttributeName field if non-nil, zero value otherwise.
+
+### GetAttributeNameOk
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) GetAttributeNameOk() (*string, bool)`
+
+GetAttributeNameOk returns a tuple with the AttributeName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAttributeName
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) SetAttributeName(v string)`
+
+SetAttributeName sets AttributeName field to given value.
+
+### HasAttributeName
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) HasAttributeName() bool`
+
+HasAttributeName returns a boolean if a field has been set.
+
+### GetMatchingValue
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) GetMatchingValue() string`
+
+GetMatchingValue returns the MatchingValue field if non-nil, zero value otherwise.
+
+### GetMatchingValueOk
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) GetMatchingValueOk() (*string, bool)`
+
+GetMatchingValueOk returns a tuple with the MatchingValue field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMatchingValue
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) SetMatchingValue(v string)`
+
+SetMatchingValue sets MatchingValue field to given value.
+
+### HasMatchingValue
+
+`func (o *UserLifecycleAttributePolicyRuleCondition) HasMatchingValue() bool`
+
+HasMatchingValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserLockoutSettings.md b/okta/docs/UserLockoutSettings.md
new file mode 100644
index 000000000..62cee4cb3
--- /dev/null
+++ b/okta/docs/UserLockoutSettings.md
@@ -0,0 +1,56 @@
+# UserLockoutSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**PreventBruteForceLockoutFromUnknownDevices** | Pointer to **bool** | Prevents brute-force lockout from unknown devices for the password authenticator. | [optional] 
+
+## Methods
+
+### NewUserLockoutSettings
+
+`func NewUserLockoutSettings() *UserLockoutSettings`
+
+NewUserLockoutSettings instantiates a new UserLockoutSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserLockoutSettingsWithDefaults
+
+`func NewUserLockoutSettingsWithDefaults() *UserLockoutSettings`
+
+NewUserLockoutSettingsWithDefaults instantiates a new UserLockoutSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPreventBruteForceLockoutFromUnknownDevices
+
+`func (o *UserLockoutSettings) GetPreventBruteForceLockoutFromUnknownDevices() bool`
+
+GetPreventBruteForceLockoutFromUnknownDevices returns the PreventBruteForceLockoutFromUnknownDevices field if non-nil, zero value otherwise.
+
+### GetPreventBruteForceLockoutFromUnknownDevicesOk
+
+`func (o *UserLockoutSettings) GetPreventBruteForceLockoutFromUnknownDevicesOk() (*bool, bool)`
+
+GetPreventBruteForceLockoutFromUnknownDevicesOk returns a tuple with the PreventBruteForceLockoutFromUnknownDevices field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreventBruteForceLockoutFromUnknownDevices
+
+`func (o *UserLockoutSettings) SetPreventBruteForceLockoutFromUnknownDevices(v bool)`
+
+SetPreventBruteForceLockoutFromUnknownDevices sets PreventBruteForceLockoutFromUnknownDevices field to given value.
+
+### HasPreventBruteForceLockoutFromUnknownDevices
+
+`func (o *UserLockoutSettings) HasPreventBruteForceLockoutFromUnknownDevices() bool`
+
+HasPreventBruteForceLockoutFromUnknownDevices returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserNextLogin.md b/okta/docs/UserNextLogin.md
new file mode 100644
index 000000000..9b2a78ad0
--- /dev/null
+++ b/okta/docs/UserNextLogin.md
@@ -0,0 +1,11 @@
+# UserNextLogin
+
+## Enum
+
+
+* `CHANGE_PASSWORD` (value: `"changePassword"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserPolicyRuleCondition.md b/okta/docs/UserPolicyRuleCondition.md
new file mode 100644
index 000000000..ed3382e52
--- /dev/null
+++ b/okta/docs/UserPolicyRuleCondition.md
@@ -0,0 +1,186 @@
+# UserPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Inactivity** | Pointer to [**InactivityPolicyRuleCondition**](InactivityPolicyRuleCondition.md) |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+**LifecycleExpiration** | Pointer to [**LifecycleExpirationPolicyRuleCondition**](LifecycleExpirationPolicyRuleCondition.md) |  | [optional] 
+**PasswordExpiration** | Pointer to [**PasswordExpirationPolicyRuleCondition**](PasswordExpirationPolicyRuleCondition.md) |  | [optional] 
+**UserLifecycleAttribute** | Pointer to [**UserLifecycleAttributePolicyRuleCondition**](UserLifecycleAttributePolicyRuleCondition.md) |  | [optional] 
+
+## Methods
+
+### NewUserPolicyRuleCondition
+
+`func NewUserPolicyRuleCondition() *UserPolicyRuleCondition`
+
+NewUserPolicyRuleCondition instantiates a new UserPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserPolicyRuleConditionWithDefaults
+
+`func NewUserPolicyRuleConditionWithDefaults() *UserPolicyRuleCondition`
+
+NewUserPolicyRuleConditionWithDefaults instantiates a new UserPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *UserPolicyRuleCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *UserPolicyRuleCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *UserPolicyRuleCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *UserPolicyRuleCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInactivity
+
+`func (o *UserPolicyRuleCondition) GetInactivity() InactivityPolicyRuleCondition`
+
+GetInactivity returns the Inactivity field if non-nil, zero value otherwise.
+
+### GetInactivityOk
+
+`func (o *UserPolicyRuleCondition) GetInactivityOk() (*InactivityPolicyRuleCondition, bool)`
+
+GetInactivityOk returns a tuple with the Inactivity field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInactivity
+
+`func (o *UserPolicyRuleCondition) SetInactivity(v InactivityPolicyRuleCondition)`
+
+SetInactivity sets Inactivity field to given value.
+
+### HasInactivity
+
+`func (o *UserPolicyRuleCondition) HasInactivity() bool`
+
+HasInactivity returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *UserPolicyRuleCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *UserPolicyRuleCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *UserPolicyRuleCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *UserPolicyRuleCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+### GetLifecycleExpiration
+
+`func (o *UserPolicyRuleCondition) GetLifecycleExpiration() LifecycleExpirationPolicyRuleCondition`
+
+GetLifecycleExpiration returns the LifecycleExpiration field if non-nil, zero value otherwise.
+
+### GetLifecycleExpirationOk
+
+`func (o *UserPolicyRuleCondition) GetLifecycleExpirationOk() (*LifecycleExpirationPolicyRuleCondition, bool)`
+
+GetLifecycleExpirationOk returns a tuple with the LifecycleExpiration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLifecycleExpiration
+
+`func (o *UserPolicyRuleCondition) SetLifecycleExpiration(v LifecycleExpirationPolicyRuleCondition)`
+
+SetLifecycleExpiration sets LifecycleExpiration field to given value.
+
+### HasLifecycleExpiration
+
+`func (o *UserPolicyRuleCondition) HasLifecycleExpiration() bool`
+
+HasLifecycleExpiration returns a boolean if a field has been set.
+
+### GetPasswordExpiration
+
+`func (o *UserPolicyRuleCondition) GetPasswordExpiration() PasswordExpirationPolicyRuleCondition`
+
+GetPasswordExpiration returns the PasswordExpiration field if non-nil, zero value otherwise.
+
+### GetPasswordExpirationOk
+
+`func (o *UserPolicyRuleCondition) GetPasswordExpirationOk() (*PasswordExpirationPolicyRuleCondition, bool)`
+
+GetPasswordExpirationOk returns a tuple with the PasswordExpiration field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPasswordExpiration
+
+`func (o *UserPolicyRuleCondition) SetPasswordExpiration(v PasswordExpirationPolicyRuleCondition)`
+
+SetPasswordExpiration sets PasswordExpiration field to given value.
+
+### HasPasswordExpiration
+
+`func (o *UserPolicyRuleCondition) HasPasswordExpiration() bool`
+
+HasPasswordExpiration returns a boolean if a field has been set.
+
+### GetUserLifecycleAttribute
+
+`func (o *UserPolicyRuleCondition) GetUserLifecycleAttribute() UserLifecycleAttributePolicyRuleCondition`
+
+GetUserLifecycleAttribute returns the UserLifecycleAttribute field if non-nil, zero value otherwise.
+
+### GetUserLifecycleAttributeOk
+
+`func (o *UserPolicyRuleCondition) GetUserLifecycleAttributeOk() (*UserLifecycleAttributePolicyRuleCondition, bool)`
+
+GetUserLifecycleAttributeOk returns a tuple with the UserLifecycleAttribute field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserLifecycleAttribute
+
+`func (o *UserPolicyRuleCondition) SetUserLifecycleAttribute(v UserLifecycleAttributePolicyRuleCondition)`
+
+SetUserLifecycleAttribute sets UserLifecycleAttribute field to given value.
+
+### HasUserLifecycleAttribute
+
+`func (o *UserPolicyRuleCondition) HasUserLifecycleAttribute() bool`
+
+HasUserLifecycleAttribute returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserProfile.md b/okta/docs/UserProfile.md
new file mode 100644
index 000000000..f4ee26c0d
--- /dev/null
+++ b/okta/docs/UserProfile.md
@@ -0,0 +1,946 @@
+# UserProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**City** | Pointer to **NullableString** |  | [optional] 
+**CostCenter** | Pointer to **string** |  | [optional] 
+**CountryCode** | Pointer to **NullableString** |  | [optional] 
+**Department** | Pointer to **string** |  | [optional] 
+**DisplayName** | Pointer to **string** |  | [optional] 
+**Division** | Pointer to **string** |  | [optional] 
+**Email** | Pointer to **string** |  | [optional] 
+**EmployeeNumber** | Pointer to **string** |  | [optional] 
+**FirstName** | Pointer to **NullableString** |  | [optional] 
+**HonorificPrefix** | Pointer to **string** |  | [optional] 
+**HonorificSuffix** | Pointer to **string** |  | [optional] 
+**LastName** | Pointer to **NullableString** |  | [optional] 
+**Locale** | Pointer to **string** | The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646). | [optional] 
+**Login** | Pointer to **string** |  | [optional] 
+**Manager** | Pointer to **string** |  | [optional] 
+**ManagerId** | Pointer to **string** |  | [optional] 
+**MiddleName** | Pointer to **string** |  | [optional] 
+**MobilePhone** | Pointer to **NullableString** |  | [optional] 
+**NickName** | Pointer to **string** |  | [optional] 
+**Organization** | Pointer to **string** |  | [optional] 
+**PostalAddress** | Pointer to **NullableString** |  | [optional] 
+**PreferredLanguage** | Pointer to **string** |  | [optional] 
+**PrimaryPhone** | Pointer to **NullableString** |  | [optional] 
+**ProfileUrl** | Pointer to **string** |  | [optional] 
+**SecondEmail** | Pointer to **NullableString** |  | [optional] 
+**State** | Pointer to **NullableString** |  | [optional] 
+**StreetAddress** | Pointer to **NullableString** |  | [optional] 
+**Timezone** | Pointer to **string** |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+**UserType** | Pointer to **string** |  | [optional] 
+**ZipCode** | Pointer to **NullableString** |  | [optional] 
+
+## Methods
+
+### NewUserProfile
+
+`func NewUserProfile() *UserProfile`
+
+NewUserProfile instantiates a new UserProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserProfileWithDefaults
+
+`func NewUserProfileWithDefaults() *UserProfile`
+
+NewUserProfileWithDefaults instantiates a new UserProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCity
+
+`func (o *UserProfile) GetCity() string`
+
+GetCity returns the City field if non-nil, zero value otherwise.
+
+### GetCityOk
+
+`func (o *UserProfile) GetCityOk() (*string, bool)`
+
+GetCityOk returns a tuple with the City field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCity
+
+`func (o *UserProfile) SetCity(v string)`
+
+SetCity sets City field to given value.
+
+### HasCity
+
+`func (o *UserProfile) HasCity() bool`
+
+HasCity returns a boolean if a field has been set.
+
+### SetCityNil
+
+`func (o *UserProfile) SetCityNil(b bool)`
+
+ SetCityNil sets the value for City to be an explicit nil
+
+### UnsetCity
+`func (o *UserProfile) UnsetCity()`
+
+UnsetCity ensures that no value is present for City, not even an explicit nil
+### GetCostCenter
+
+`func (o *UserProfile) GetCostCenter() string`
+
+GetCostCenter returns the CostCenter field if non-nil, zero value otherwise.
+
+### GetCostCenterOk
+
+`func (o *UserProfile) GetCostCenterOk() (*string, bool)`
+
+GetCostCenterOk returns a tuple with the CostCenter field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCostCenter
+
+`func (o *UserProfile) SetCostCenter(v string)`
+
+SetCostCenter sets CostCenter field to given value.
+
+### HasCostCenter
+
+`func (o *UserProfile) HasCostCenter() bool`
+
+HasCostCenter returns a boolean if a field has been set.
+
+### GetCountryCode
+
+`func (o *UserProfile) GetCountryCode() string`
+
+GetCountryCode returns the CountryCode field if non-nil, zero value otherwise.
+
+### GetCountryCodeOk
+
+`func (o *UserProfile) GetCountryCodeOk() (*string, bool)`
+
+GetCountryCodeOk returns a tuple with the CountryCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCountryCode
+
+`func (o *UserProfile) SetCountryCode(v string)`
+
+SetCountryCode sets CountryCode field to given value.
+
+### HasCountryCode
+
+`func (o *UserProfile) HasCountryCode() bool`
+
+HasCountryCode returns a boolean if a field has been set.
+
+### SetCountryCodeNil
+
+`func (o *UserProfile) SetCountryCodeNil(b bool)`
+
+ SetCountryCodeNil sets the value for CountryCode to be an explicit nil
+
+### UnsetCountryCode
+`func (o *UserProfile) UnsetCountryCode()`
+
+UnsetCountryCode ensures that no value is present for CountryCode, not even an explicit nil
+### GetDepartment
+
+`func (o *UserProfile) GetDepartment() string`
+
+GetDepartment returns the Department field if non-nil, zero value otherwise.
+
+### GetDepartmentOk
+
+`func (o *UserProfile) GetDepartmentOk() (*string, bool)`
+
+GetDepartmentOk returns a tuple with the Department field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDepartment
+
+`func (o *UserProfile) SetDepartment(v string)`
+
+SetDepartment sets Department field to given value.
+
+### HasDepartment
+
+`func (o *UserProfile) HasDepartment() bool`
+
+HasDepartment returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *UserProfile) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *UserProfile) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *UserProfile) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *UserProfile) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetDivision
+
+`func (o *UserProfile) GetDivision() string`
+
+GetDivision returns the Division field if non-nil, zero value otherwise.
+
+### GetDivisionOk
+
+`func (o *UserProfile) GetDivisionOk() (*string, bool)`
+
+GetDivisionOk returns a tuple with the Division field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDivision
+
+`func (o *UserProfile) SetDivision(v string)`
+
+SetDivision sets Division field to given value.
+
+### HasDivision
+
+`func (o *UserProfile) HasDivision() bool`
+
+HasDivision returns a boolean if a field has been set.
+
+### GetEmail
+
+`func (o *UserProfile) GetEmail() string`
+
+GetEmail returns the Email field if non-nil, zero value otherwise.
+
+### GetEmailOk
+
+`func (o *UserProfile) GetEmailOk() (*string, bool)`
+
+GetEmailOk returns a tuple with the Email field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmail
+
+`func (o *UserProfile) SetEmail(v string)`
+
+SetEmail sets Email field to given value.
+
+### HasEmail
+
+`func (o *UserProfile) HasEmail() bool`
+
+HasEmail returns a boolean if a field has been set.
+
+### GetEmployeeNumber
+
+`func (o *UserProfile) GetEmployeeNumber() string`
+
+GetEmployeeNumber returns the EmployeeNumber field if non-nil, zero value otherwise.
+
+### GetEmployeeNumberOk
+
+`func (o *UserProfile) GetEmployeeNumberOk() (*string, bool)`
+
+GetEmployeeNumberOk returns a tuple with the EmployeeNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmployeeNumber
+
+`func (o *UserProfile) SetEmployeeNumber(v string)`
+
+SetEmployeeNumber sets EmployeeNumber field to given value.
+
+### HasEmployeeNumber
+
+`func (o *UserProfile) HasEmployeeNumber() bool`
+
+HasEmployeeNumber returns a boolean if a field has been set.
+
+### GetFirstName
+
+`func (o *UserProfile) GetFirstName() string`
+
+GetFirstName returns the FirstName field if non-nil, zero value otherwise.
+
+### GetFirstNameOk
+
+`func (o *UserProfile) GetFirstNameOk() (*string, bool)`
+
+GetFirstNameOk returns a tuple with the FirstName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFirstName
+
+`func (o *UserProfile) SetFirstName(v string)`
+
+SetFirstName sets FirstName field to given value.
+
+### HasFirstName
+
+`func (o *UserProfile) HasFirstName() bool`
+
+HasFirstName returns a boolean if a field has been set.
+
+### SetFirstNameNil
+
+`func (o *UserProfile) SetFirstNameNil(b bool)`
+
+ SetFirstNameNil sets the value for FirstName to be an explicit nil
+
+### UnsetFirstName
+`func (o *UserProfile) UnsetFirstName()`
+
+UnsetFirstName ensures that no value is present for FirstName, not even an explicit nil
+### GetHonorificPrefix
+
+`func (o *UserProfile) GetHonorificPrefix() string`
+
+GetHonorificPrefix returns the HonorificPrefix field if non-nil, zero value otherwise.
+
+### GetHonorificPrefixOk
+
+`func (o *UserProfile) GetHonorificPrefixOk() (*string, bool)`
+
+GetHonorificPrefixOk returns a tuple with the HonorificPrefix field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHonorificPrefix
+
+`func (o *UserProfile) SetHonorificPrefix(v string)`
+
+SetHonorificPrefix sets HonorificPrefix field to given value.
+
+### HasHonorificPrefix
+
+`func (o *UserProfile) HasHonorificPrefix() bool`
+
+HasHonorificPrefix returns a boolean if a field has been set.
+
+### GetHonorificSuffix
+
+`func (o *UserProfile) GetHonorificSuffix() string`
+
+GetHonorificSuffix returns the HonorificSuffix field if non-nil, zero value otherwise.
+
+### GetHonorificSuffixOk
+
+`func (o *UserProfile) GetHonorificSuffixOk() (*string, bool)`
+
+GetHonorificSuffixOk returns a tuple with the HonorificSuffix field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHonorificSuffix
+
+`func (o *UserProfile) SetHonorificSuffix(v string)`
+
+SetHonorificSuffix sets HonorificSuffix field to given value.
+
+### HasHonorificSuffix
+
+`func (o *UserProfile) HasHonorificSuffix() bool`
+
+HasHonorificSuffix returns a boolean if a field has been set.
+
+### GetLastName
+
+`func (o *UserProfile) GetLastName() string`
+
+GetLastName returns the LastName field if non-nil, zero value otherwise.
+
+### GetLastNameOk
+
+`func (o *UserProfile) GetLastNameOk() (*string, bool)`
+
+GetLastNameOk returns a tuple with the LastName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastName
+
+`func (o *UserProfile) SetLastName(v string)`
+
+SetLastName sets LastName field to given value.
+
+### HasLastName
+
+`func (o *UserProfile) HasLastName() bool`
+
+HasLastName returns a boolean if a field has been set.
+
+### SetLastNameNil
+
+`func (o *UserProfile) SetLastNameNil(b bool)`
+
+ SetLastNameNil sets the value for LastName to be an explicit nil
+
+### UnsetLastName
+`func (o *UserProfile) UnsetLastName()`
+
+UnsetLastName ensures that no value is present for LastName, not even an explicit nil
+### GetLocale
+
+`func (o *UserProfile) GetLocale() string`
+
+GetLocale returns the Locale field if non-nil, zero value otherwise.
+
+### GetLocaleOk
+
+`func (o *UserProfile) GetLocaleOk() (*string, bool)`
+
+GetLocaleOk returns a tuple with the Locale field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLocale
+
+`func (o *UserProfile) SetLocale(v string)`
+
+SetLocale sets Locale field to given value.
+
+### HasLocale
+
+`func (o *UserProfile) HasLocale() bool`
+
+HasLocale returns a boolean if a field has been set.
+
+### GetLogin
+
+`func (o *UserProfile) GetLogin() string`
+
+GetLogin returns the Login field if non-nil, zero value otherwise.
+
+### GetLoginOk
+
+`func (o *UserProfile) GetLoginOk() (*string, bool)`
+
+GetLoginOk returns a tuple with the Login field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogin
+
+`func (o *UserProfile) SetLogin(v string)`
+
+SetLogin sets Login field to given value.
+
+### HasLogin
+
+`func (o *UserProfile) HasLogin() bool`
+
+HasLogin returns a boolean if a field has been set.
+
+### GetManager
+
+`func (o *UserProfile) GetManager() string`
+
+GetManager returns the Manager field if non-nil, zero value otherwise.
+
+### GetManagerOk
+
+`func (o *UserProfile) GetManagerOk() (*string, bool)`
+
+GetManagerOk returns a tuple with the Manager field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetManager
+
+`func (o *UserProfile) SetManager(v string)`
+
+SetManager sets Manager field to given value.
+
+### HasManager
+
+`func (o *UserProfile) HasManager() bool`
+
+HasManager returns a boolean if a field has been set.
+
+### GetManagerId
+
+`func (o *UserProfile) GetManagerId() string`
+
+GetManagerId returns the ManagerId field if non-nil, zero value otherwise.
+
+### GetManagerIdOk
+
+`func (o *UserProfile) GetManagerIdOk() (*string, bool)`
+
+GetManagerIdOk returns a tuple with the ManagerId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetManagerId
+
+`func (o *UserProfile) SetManagerId(v string)`
+
+SetManagerId sets ManagerId field to given value.
+
+### HasManagerId
+
+`func (o *UserProfile) HasManagerId() bool`
+
+HasManagerId returns a boolean if a field has been set.
+
+### GetMiddleName
+
+`func (o *UserProfile) GetMiddleName() string`
+
+GetMiddleName returns the MiddleName field if non-nil, zero value otherwise.
+
+### GetMiddleNameOk
+
+`func (o *UserProfile) GetMiddleNameOk() (*string, bool)`
+
+GetMiddleNameOk returns a tuple with the MiddleName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMiddleName
+
+`func (o *UserProfile) SetMiddleName(v string)`
+
+SetMiddleName sets MiddleName field to given value.
+
+### HasMiddleName
+
+`func (o *UserProfile) HasMiddleName() bool`
+
+HasMiddleName returns a boolean if a field has been set.
+
+### GetMobilePhone
+
+`func (o *UserProfile) GetMobilePhone() string`
+
+GetMobilePhone returns the MobilePhone field if non-nil, zero value otherwise.
+
+### GetMobilePhoneOk
+
+`func (o *UserProfile) GetMobilePhoneOk() (*string, bool)`
+
+GetMobilePhoneOk returns a tuple with the MobilePhone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMobilePhone
+
+`func (o *UserProfile) SetMobilePhone(v string)`
+
+SetMobilePhone sets MobilePhone field to given value.
+
+### HasMobilePhone
+
+`func (o *UserProfile) HasMobilePhone() bool`
+
+HasMobilePhone returns a boolean if a field has been set.
+
+### SetMobilePhoneNil
+
+`func (o *UserProfile) SetMobilePhoneNil(b bool)`
+
+ SetMobilePhoneNil sets the value for MobilePhone to be an explicit nil
+
+### UnsetMobilePhone
+`func (o *UserProfile) UnsetMobilePhone()`
+
+UnsetMobilePhone ensures that no value is present for MobilePhone, not even an explicit nil
+### GetNickName
+
+`func (o *UserProfile) GetNickName() string`
+
+GetNickName returns the NickName field if non-nil, zero value otherwise.
+
+### GetNickNameOk
+
+`func (o *UserProfile) GetNickNameOk() (*string, bool)`
+
+GetNickNameOk returns a tuple with the NickName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNickName
+
+`func (o *UserProfile) SetNickName(v string)`
+
+SetNickName sets NickName field to given value.
+
+### HasNickName
+
+`func (o *UserProfile) HasNickName() bool`
+
+HasNickName returns a boolean if a field has been set.
+
+### GetOrganization
+
+`func (o *UserProfile) GetOrganization() string`
+
+GetOrganization returns the Organization field if non-nil, zero value otherwise.
+
+### GetOrganizationOk
+
+`func (o *UserProfile) GetOrganizationOk() (*string, bool)`
+
+GetOrganizationOk returns a tuple with the Organization field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOrganization
+
+`func (o *UserProfile) SetOrganization(v string)`
+
+SetOrganization sets Organization field to given value.
+
+### HasOrganization
+
+`func (o *UserProfile) HasOrganization() bool`
+
+HasOrganization returns a boolean if a field has been set.
+
+### GetPostalAddress
+
+`func (o *UserProfile) GetPostalAddress() string`
+
+GetPostalAddress returns the PostalAddress field if non-nil, zero value otherwise.
+
+### GetPostalAddressOk
+
+`func (o *UserProfile) GetPostalAddressOk() (*string, bool)`
+
+GetPostalAddressOk returns a tuple with the PostalAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPostalAddress
+
+`func (o *UserProfile) SetPostalAddress(v string)`
+
+SetPostalAddress sets PostalAddress field to given value.
+
+### HasPostalAddress
+
+`func (o *UserProfile) HasPostalAddress() bool`
+
+HasPostalAddress returns a boolean if a field has been set.
+
+### SetPostalAddressNil
+
+`func (o *UserProfile) SetPostalAddressNil(b bool)`
+
+ SetPostalAddressNil sets the value for PostalAddress to be an explicit nil
+
+### UnsetPostalAddress
+`func (o *UserProfile) UnsetPostalAddress()`
+
+UnsetPostalAddress ensures that no value is present for PostalAddress, not even an explicit nil
+### GetPreferredLanguage
+
+`func (o *UserProfile) GetPreferredLanguage() string`
+
+GetPreferredLanguage returns the PreferredLanguage field if non-nil, zero value otherwise.
+
+### GetPreferredLanguageOk
+
+`func (o *UserProfile) GetPreferredLanguageOk() (*string, bool)`
+
+GetPreferredLanguageOk returns a tuple with the PreferredLanguage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreferredLanguage
+
+`func (o *UserProfile) SetPreferredLanguage(v string)`
+
+SetPreferredLanguage sets PreferredLanguage field to given value.
+
+### HasPreferredLanguage
+
+`func (o *UserProfile) HasPreferredLanguage() bool`
+
+HasPreferredLanguage returns a boolean if a field has been set.
+
+### GetPrimaryPhone
+
+`func (o *UserProfile) GetPrimaryPhone() string`
+
+GetPrimaryPhone returns the PrimaryPhone field if non-nil, zero value otherwise.
+
+### GetPrimaryPhoneOk
+
+`func (o *UserProfile) GetPrimaryPhoneOk() (*string, bool)`
+
+GetPrimaryPhoneOk returns a tuple with the PrimaryPhone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrimaryPhone
+
+`func (o *UserProfile) SetPrimaryPhone(v string)`
+
+SetPrimaryPhone sets PrimaryPhone field to given value.
+
+### HasPrimaryPhone
+
+`func (o *UserProfile) HasPrimaryPhone() bool`
+
+HasPrimaryPhone returns a boolean if a field has been set.
+
+### SetPrimaryPhoneNil
+
+`func (o *UserProfile) SetPrimaryPhoneNil(b bool)`
+
+ SetPrimaryPhoneNil sets the value for PrimaryPhone to be an explicit nil
+
+### UnsetPrimaryPhone
+`func (o *UserProfile) UnsetPrimaryPhone()`
+
+UnsetPrimaryPhone ensures that no value is present for PrimaryPhone, not even an explicit nil
+### GetProfileUrl
+
+`func (o *UserProfile) GetProfileUrl() string`
+
+GetProfileUrl returns the ProfileUrl field if non-nil, zero value otherwise.
+
+### GetProfileUrlOk
+
+`func (o *UserProfile) GetProfileUrlOk() (*string, bool)`
+
+GetProfileUrlOk returns a tuple with the ProfileUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfileUrl
+
+`func (o *UserProfile) SetProfileUrl(v string)`
+
+SetProfileUrl sets ProfileUrl field to given value.
+
+### HasProfileUrl
+
+`func (o *UserProfile) HasProfileUrl() bool`
+
+HasProfileUrl returns a boolean if a field has been set.
+
+### GetSecondEmail
+
+`func (o *UserProfile) GetSecondEmail() string`
+
+GetSecondEmail returns the SecondEmail field if non-nil, zero value otherwise.
+
+### GetSecondEmailOk
+
+`func (o *UserProfile) GetSecondEmailOk() (*string, bool)`
+
+GetSecondEmailOk returns a tuple with the SecondEmail field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecondEmail
+
+`func (o *UserProfile) SetSecondEmail(v string)`
+
+SetSecondEmail sets SecondEmail field to given value.
+
+### HasSecondEmail
+
+`func (o *UserProfile) HasSecondEmail() bool`
+
+HasSecondEmail returns a boolean if a field has been set.
+
+### SetSecondEmailNil
+
+`func (o *UserProfile) SetSecondEmailNil(b bool)`
+
+ SetSecondEmailNil sets the value for SecondEmail to be an explicit nil
+
+### UnsetSecondEmail
+`func (o *UserProfile) UnsetSecondEmail()`
+
+UnsetSecondEmail ensures that no value is present for SecondEmail, not even an explicit nil
+### GetState
+
+`func (o *UserProfile) GetState() string`
+
+GetState returns the State field if non-nil, zero value otherwise.
+
+### GetStateOk
+
+`func (o *UserProfile) GetStateOk() (*string, bool)`
+
+GetStateOk returns a tuple with the State field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetState
+
+`func (o *UserProfile) SetState(v string)`
+
+SetState sets State field to given value.
+
+### HasState
+
+`func (o *UserProfile) HasState() bool`
+
+HasState returns a boolean if a field has been set.
+
+### SetStateNil
+
+`func (o *UserProfile) SetStateNil(b bool)`
+
+ SetStateNil sets the value for State to be an explicit nil
+
+### UnsetState
+`func (o *UserProfile) UnsetState()`
+
+UnsetState ensures that no value is present for State, not even an explicit nil
+### GetStreetAddress
+
+`func (o *UserProfile) GetStreetAddress() string`
+
+GetStreetAddress returns the StreetAddress field if non-nil, zero value otherwise.
+
+### GetStreetAddressOk
+
+`func (o *UserProfile) GetStreetAddressOk() (*string, bool)`
+
+GetStreetAddressOk returns a tuple with the StreetAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStreetAddress
+
+`func (o *UserProfile) SetStreetAddress(v string)`
+
+SetStreetAddress sets StreetAddress field to given value.
+
+### HasStreetAddress
+
+`func (o *UserProfile) HasStreetAddress() bool`
+
+HasStreetAddress returns a boolean if a field has been set.
+
+### SetStreetAddressNil
+
+`func (o *UserProfile) SetStreetAddressNil(b bool)`
+
+ SetStreetAddressNil sets the value for StreetAddress to be an explicit nil
+
+### UnsetStreetAddress
+`func (o *UserProfile) UnsetStreetAddress()`
+
+UnsetStreetAddress ensures that no value is present for StreetAddress, not even an explicit nil
+### GetTimezone
+
+`func (o *UserProfile) GetTimezone() string`
+
+GetTimezone returns the Timezone field if non-nil, zero value otherwise.
+
+### GetTimezoneOk
+
+`func (o *UserProfile) GetTimezoneOk() (*string, bool)`
+
+GetTimezoneOk returns a tuple with the Timezone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTimezone
+
+`func (o *UserProfile) SetTimezone(v string)`
+
+SetTimezone sets Timezone field to given value.
+
+### HasTimezone
+
+`func (o *UserProfile) HasTimezone() bool`
+
+HasTimezone returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *UserProfile) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *UserProfile) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *UserProfile) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *UserProfile) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetUserType
+
+`func (o *UserProfile) GetUserType() string`
+
+GetUserType returns the UserType field if non-nil, zero value otherwise.
+
+### GetUserTypeOk
+
+`func (o *UserProfile) GetUserTypeOk() (*string, bool)`
+
+GetUserTypeOk returns a tuple with the UserType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserType
+
+`func (o *UserProfile) SetUserType(v string)`
+
+SetUserType sets UserType field to given value.
+
+### HasUserType
+
+`func (o *UserProfile) HasUserType() bool`
+
+HasUserType returns a boolean if a field has been set.
+
+### GetZipCode
+
+`func (o *UserProfile) GetZipCode() string`
+
+GetZipCode returns the ZipCode field if non-nil, zero value otherwise.
+
+### GetZipCodeOk
+
+`func (o *UserProfile) GetZipCodeOk() (*string, bool)`
+
+GetZipCodeOk returns a tuple with the ZipCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetZipCode
+
+`func (o *UserProfile) SetZipCode(v string)`
+
+SetZipCode sets ZipCode field to given value.
+
+### HasZipCode
+
+`func (o *UserProfile) HasZipCode() bool`
+
+HasZipCode returns a boolean if a field has been set.
+
+### SetZipCodeNil
+
+`func (o *UserProfile) SetZipCodeNil(b bool)`
+
+ SetZipCodeNil sets the value for ZipCode to be an explicit nil
+
+### UnsetZipCode
+`func (o *UserProfile) UnsetZipCode()`
+
+UnsetZipCode ensures that no value is present for ZipCode, not even an explicit nil
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchema.md b/okta/docs/UserSchema.md
new file mode 100644
index 000000000..3b7485ab2
--- /dev/null
+++ b/okta/docs/UserSchema.md
@@ -0,0 +1,290 @@
+# UserSchema
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Schema** | Pointer to **string** |  | [optional] [readonly] 
+**Created** | Pointer to **string** |  | [optional] [readonly] 
+**Definitions** | Pointer to [**UserSchemaDefinitions**](UserSchemaDefinitions.md) |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] [readonly] 
+**LastUpdated** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] [readonly] 
+**Properties** | Pointer to [**UserSchemaProperties**](UserSchemaProperties.md) |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewUserSchema
+
+`func NewUserSchema() *UserSchema`
+
+NewUserSchema instantiates a new UserSchema object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaWithDefaults
+
+`func NewUserSchemaWithDefaults() *UserSchema`
+
+NewUserSchemaWithDefaults instantiates a new UserSchema object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetSchema
+
+`func (o *UserSchema) GetSchema() string`
+
+GetSchema returns the Schema field if non-nil, zero value otherwise.
+
+### GetSchemaOk
+
+`func (o *UserSchema) GetSchemaOk() (*string, bool)`
+
+GetSchemaOk returns a tuple with the Schema field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSchema
+
+`func (o *UserSchema) SetSchema(v string)`
+
+SetSchema sets Schema field to given value.
+
+### HasSchema
+
+`func (o *UserSchema) HasSchema() bool`
+
+HasSchema returns a boolean if a field has been set.
+
+### GetCreated
+
+`func (o *UserSchema) GetCreated() string`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *UserSchema) GetCreatedOk() (*string, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *UserSchema) SetCreated(v string)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *UserSchema) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetDefinitions
+
+`func (o *UserSchema) GetDefinitions() UserSchemaDefinitions`
+
+GetDefinitions returns the Definitions field if non-nil, zero value otherwise.
+
+### GetDefinitionsOk
+
+`func (o *UserSchema) GetDefinitionsOk() (*UserSchemaDefinitions, bool)`
+
+GetDefinitionsOk returns a tuple with the Definitions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefinitions
+
+`func (o *UserSchema) SetDefinitions(v UserSchemaDefinitions)`
+
+SetDefinitions sets Definitions field to given value.
+
+### HasDefinitions
+
+`func (o *UserSchema) HasDefinitions() bool`
+
+HasDefinitions returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *UserSchema) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *UserSchema) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *UserSchema) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *UserSchema) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *UserSchema) GetLastUpdated() string`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *UserSchema) GetLastUpdatedOk() (*string, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *UserSchema) SetLastUpdated(v string)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *UserSchema) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *UserSchema) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *UserSchema) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *UserSchema) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *UserSchema) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *UserSchema) GetProperties() UserSchemaProperties`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *UserSchema) GetPropertiesOk() (*UserSchemaProperties, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *UserSchema) SetProperties(v UserSchemaProperties)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *UserSchema) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *UserSchema) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *UserSchema) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *UserSchema) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *UserSchema) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserSchema) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserSchema) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserSchema) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserSchema) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *UserSchema) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *UserSchema) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *UserSchema) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *UserSchema) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttribute.md b/okta/docs/UserSchemaAttribute.md
new file mode 100644
index 000000000..9db8ffef8
--- /dev/null
+++ b/okta/docs/UserSchemaAttribute.md
@@ -0,0 +1,498 @@
+# UserSchemaAttribute
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Description** | Pointer to **string** |  | [optional] 
+**Enum** | Pointer to **[]string** |  | [optional] 
+**ExternalName** | Pointer to **string** |  | [optional] 
+**ExternalNamespace** | Pointer to **string** |  | [optional] 
+**Items** | Pointer to [**UserSchemaAttributeItems**](UserSchemaAttributeItems.md) |  | [optional] 
+**Master** | Pointer to [**UserSchemaAttributeMaster**](UserSchemaAttributeMaster.md) |  | [optional] 
+**MaxLength** | Pointer to **int32** |  | [optional] 
+**MinLength** | Pointer to **int32** |  | [optional] 
+**Mutability** | Pointer to **string** |  | [optional] 
+**OneOf** | Pointer to [**[]UserSchemaAttributeEnum**](UserSchemaAttributeEnum.md) |  | [optional] 
+**Pattern** | Pointer to **string** |  | [optional] 
+**Permissions** | Pointer to [**[]UserSchemaAttributePermission**](UserSchemaAttributePermission.md) |  | [optional] 
+**Required** | Pointer to **bool** |  | [optional] 
+**Scope** | Pointer to [**UserSchemaAttributeScope**](UserSchemaAttributeScope.md) |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to [**UserSchemaAttributeType**](UserSchemaAttributeType.md) |  | [optional] 
+**Union** | Pointer to [**UserSchemaAttributeUnion**](UserSchemaAttributeUnion.md) |  | [optional] 
+**Unique** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaAttribute
+
+`func NewUserSchemaAttribute() *UserSchemaAttribute`
+
+NewUserSchemaAttribute instantiates a new UserSchemaAttribute object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaAttributeWithDefaults
+
+`func NewUserSchemaAttributeWithDefaults() *UserSchemaAttribute`
+
+NewUserSchemaAttributeWithDefaults instantiates a new UserSchemaAttribute object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDescription
+
+`func (o *UserSchemaAttribute) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *UserSchemaAttribute) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *UserSchemaAttribute) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *UserSchemaAttribute) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetEnum
+
+`func (o *UserSchemaAttribute) GetEnum() []string`
+
+GetEnum returns the Enum field if non-nil, zero value otherwise.
+
+### GetEnumOk
+
+`func (o *UserSchemaAttribute) GetEnumOk() (*[]string, bool)`
+
+GetEnumOk returns a tuple with the Enum field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnum
+
+`func (o *UserSchemaAttribute) SetEnum(v []string)`
+
+SetEnum sets Enum field to given value.
+
+### HasEnum
+
+`func (o *UserSchemaAttribute) HasEnum() bool`
+
+HasEnum returns a boolean if a field has been set.
+
+### GetExternalName
+
+`func (o *UserSchemaAttribute) GetExternalName() string`
+
+GetExternalName returns the ExternalName field if non-nil, zero value otherwise.
+
+### GetExternalNameOk
+
+`func (o *UserSchemaAttribute) GetExternalNameOk() (*string, bool)`
+
+GetExternalNameOk returns a tuple with the ExternalName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalName
+
+`func (o *UserSchemaAttribute) SetExternalName(v string)`
+
+SetExternalName sets ExternalName field to given value.
+
+### HasExternalName
+
+`func (o *UserSchemaAttribute) HasExternalName() bool`
+
+HasExternalName returns a boolean if a field has been set.
+
+### GetExternalNamespace
+
+`func (o *UserSchemaAttribute) GetExternalNamespace() string`
+
+GetExternalNamespace returns the ExternalNamespace field if non-nil, zero value otherwise.
+
+### GetExternalNamespaceOk
+
+`func (o *UserSchemaAttribute) GetExternalNamespaceOk() (*string, bool)`
+
+GetExternalNamespaceOk returns a tuple with the ExternalNamespace field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExternalNamespace
+
+`func (o *UserSchemaAttribute) SetExternalNamespace(v string)`
+
+SetExternalNamespace sets ExternalNamespace field to given value.
+
+### HasExternalNamespace
+
+`func (o *UserSchemaAttribute) HasExternalNamespace() bool`
+
+HasExternalNamespace returns a boolean if a field has been set.
+
+### GetItems
+
+`func (o *UserSchemaAttribute) GetItems() UserSchemaAttributeItems`
+
+GetItems returns the Items field if non-nil, zero value otherwise.
+
+### GetItemsOk
+
+`func (o *UserSchemaAttribute) GetItemsOk() (*UserSchemaAttributeItems, bool)`
+
+GetItemsOk returns a tuple with the Items field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetItems
+
+`func (o *UserSchemaAttribute) SetItems(v UserSchemaAttributeItems)`
+
+SetItems sets Items field to given value.
+
+### HasItems
+
+`func (o *UserSchemaAttribute) HasItems() bool`
+
+HasItems returns a boolean if a field has been set.
+
+### GetMaster
+
+`func (o *UserSchemaAttribute) GetMaster() UserSchemaAttributeMaster`
+
+GetMaster returns the Master field if non-nil, zero value otherwise.
+
+### GetMasterOk
+
+`func (o *UserSchemaAttribute) GetMasterOk() (*UserSchemaAttributeMaster, bool)`
+
+GetMasterOk returns a tuple with the Master field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaster
+
+`func (o *UserSchemaAttribute) SetMaster(v UserSchemaAttributeMaster)`
+
+SetMaster sets Master field to given value.
+
+### HasMaster
+
+`func (o *UserSchemaAttribute) HasMaster() bool`
+
+HasMaster returns a boolean if a field has been set.
+
+### GetMaxLength
+
+`func (o *UserSchemaAttribute) GetMaxLength() int32`
+
+GetMaxLength returns the MaxLength field if non-nil, zero value otherwise.
+
+### GetMaxLengthOk
+
+`func (o *UserSchemaAttribute) GetMaxLengthOk() (*int32, bool)`
+
+GetMaxLengthOk returns a tuple with the MaxLength field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMaxLength
+
+`func (o *UserSchemaAttribute) SetMaxLength(v int32)`
+
+SetMaxLength sets MaxLength field to given value.
+
+### HasMaxLength
+
+`func (o *UserSchemaAttribute) HasMaxLength() bool`
+
+HasMaxLength returns a boolean if a field has been set.
+
+### GetMinLength
+
+`func (o *UserSchemaAttribute) GetMinLength() int32`
+
+GetMinLength returns the MinLength field if non-nil, zero value otherwise.
+
+### GetMinLengthOk
+
+`func (o *UserSchemaAttribute) GetMinLengthOk() (*int32, bool)`
+
+GetMinLengthOk returns a tuple with the MinLength field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinLength
+
+`func (o *UserSchemaAttribute) SetMinLength(v int32)`
+
+SetMinLength sets MinLength field to given value.
+
+### HasMinLength
+
+`func (o *UserSchemaAttribute) HasMinLength() bool`
+
+HasMinLength returns a boolean if a field has been set.
+
+### GetMutability
+
+`func (o *UserSchemaAttribute) GetMutability() string`
+
+GetMutability returns the Mutability field if non-nil, zero value otherwise.
+
+### GetMutabilityOk
+
+`func (o *UserSchemaAttribute) GetMutabilityOk() (*string, bool)`
+
+GetMutabilityOk returns a tuple with the Mutability field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMutability
+
+`func (o *UserSchemaAttribute) SetMutability(v string)`
+
+SetMutability sets Mutability field to given value.
+
+### HasMutability
+
+`func (o *UserSchemaAttribute) HasMutability() bool`
+
+HasMutability returns a boolean if a field has been set.
+
+### GetOneOf
+
+`func (o *UserSchemaAttribute) GetOneOf() []UserSchemaAttributeEnum`
+
+GetOneOf returns the OneOf field if non-nil, zero value otherwise.
+
+### GetOneOfOk
+
+`func (o *UserSchemaAttribute) GetOneOfOk() (*[]UserSchemaAttributeEnum, bool)`
+
+GetOneOfOk returns a tuple with the OneOf field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOneOf
+
+`func (o *UserSchemaAttribute) SetOneOf(v []UserSchemaAttributeEnum)`
+
+SetOneOf sets OneOf field to given value.
+
+### HasOneOf
+
+`func (o *UserSchemaAttribute) HasOneOf() bool`
+
+HasOneOf returns a boolean if a field has been set.
+
+### GetPattern
+
+`func (o *UserSchemaAttribute) GetPattern() string`
+
+GetPattern returns the Pattern field if non-nil, zero value otherwise.
+
+### GetPatternOk
+
+`func (o *UserSchemaAttribute) GetPatternOk() (*string, bool)`
+
+GetPatternOk returns a tuple with the Pattern field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPattern
+
+`func (o *UserSchemaAttribute) SetPattern(v string)`
+
+SetPattern sets Pattern field to given value.
+
+### HasPattern
+
+`func (o *UserSchemaAttribute) HasPattern() bool`
+
+HasPattern returns a boolean if a field has been set.
+
+### GetPermissions
+
+`func (o *UserSchemaAttribute) GetPermissions() []UserSchemaAttributePermission`
+
+GetPermissions returns the Permissions field if non-nil, zero value otherwise.
+
+### GetPermissionsOk
+
+`func (o *UserSchemaAttribute) GetPermissionsOk() (*[]UserSchemaAttributePermission, bool)`
+
+GetPermissionsOk returns a tuple with the Permissions field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPermissions
+
+`func (o *UserSchemaAttribute) SetPermissions(v []UserSchemaAttributePermission)`
+
+SetPermissions sets Permissions field to given value.
+
+### HasPermissions
+
+`func (o *UserSchemaAttribute) HasPermissions() bool`
+
+HasPermissions returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *UserSchemaAttribute) GetRequired() bool`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *UserSchemaAttribute) GetRequiredOk() (*bool, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *UserSchemaAttribute) SetRequired(v bool)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *UserSchemaAttribute) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetScope
+
+`func (o *UserSchemaAttribute) GetScope() UserSchemaAttributeScope`
+
+GetScope returns the Scope field if non-nil, zero value otherwise.
+
+### GetScopeOk
+
+`func (o *UserSchemaAttribute) GetScopeOk() (*UserSchemaAttributeScope, bool)`
+
+GetScopeOk returns a tuple with the Scope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetScope
+
+`func (o *UserSchemaAttribute) SetScope(v UserSchemaAttributeScope)`
+
+SetScope sets Scope field to given value.
+
+### HasScope
+
+`func (o *UserSchemaAttribute) HasScope() bool`
+
+HasScope returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *UserSchemaAttribute) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *UserSchemaAttribute) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *UserSchemaAttribute) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *UserSchemaAttribute) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserSchemaAttribute) GetType() UserSchemaAttributeType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserSchemaAttribute) GetTypeOk() (*UserSchemaAttributeType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserSchemaAttribute) SetType(v UserSchemaAttributeType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserSchemaAttribute) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetUnion
+
+`func (o *UserSchemaAttribute) GetUnion() UserSchemaAttributeUnion`
+
+GetUnion returns the Union field if non-nil, zero value otherwise.
+
+### GetUnionOk
+
+`func (o *UserSchemaAttribute) GetUnionOk() (*UserSchemaAttributeUnion, bool)`
+
+GetUnionOk returns a tuple with the Union field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnion
+
+`func (o *UserSchemaAttribute) SetUnion(v UserSchemaAttributeUnion)`
+
+SetUnion sets Union field to given value.
+
+### HasUnion
+
+`func (o *UserSchemaAttribute) HasUnion() bool`
+
+HasUnion returns a boolean if a field has been set.
+
+### GetUnique
+
+`func (o *UserSchemaAttribute) GetUnique() string`
+
+GetUnique returns the Unique field if non-nil, zero value otherwise.
+
+### GetUniqueOk
+
+`func (o *UserSchemaAttribute) GetUniqueOk() (*string, bool)`
+
+GetUniqueOk returns a tuple with the Unique field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUnique
+
+`func (o *UserSchemaAttribute) SetUnique(v string)`
+
+SetUnique sets Unique field to given value.
+
+### HasUnique
+
+`func (o *UserSchemaAttribute) HasUnique() bool`
+
+HasUnique returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeEnum.md b/okta/docs/UserSchemaAttributeEnum.md
new file mode 100644
index 000000000..8bc7d80c7
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeEnum.md
@@ -0,0 +1,82 @@
+# UserSchemaAttributeEnum
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Const** | Pointer to **string** |  | [optional] 
+**Title** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaAttributeEnum
+
+`func NewUserSchemaAttributeEnum() *UserSchemaAttributeEnum`
+
+NewUserSchemaAttributeEnum instantiates a new UserSchemaAttributeEnum object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaAttributeEnumWithDefaults
+
+`func NewUserSchemaAttributeEnumWithDefaults() *UserSchemaAttributeEnum`
+
+NewUserSchemaAttributeEnumWithDefaults instantiates a new UserSchemaAttributeEnum object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConst
+
+`func (o *UserSchemaAttributeEnum) GetConst() string`
+
+GetConst returns the Const field if non-nil, zero value otherwise.
+
+### GetConstOk
+
+`func (o *UserSchemaAttributeEnum) GetConstOk() (*string, bool)`
+
+GetConstOk returns a tuple with the Const field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConst
+
+`func (o *UserSchemaAttributeEnum) SetConst(v string)`
+
+SetConst sets Const field to given value.
+
+### HasConst
+
+`func (o *UserSchemaAttributeEnum) HasConst() bool`
+
+HasConst returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *UserSchemaAttributeEnum) GetTitle() string`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *UserSchemaAttributeEnum) GetTitleOk() (*string, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *UserSchemaAttributeEnum) SetTitle(v string)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *UserSchemaAttributeEnum) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeItems.md b/okta/docs/UserSchemaAttributeItems.md
new file mode 100644
index 000000000..e8ebae074
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeItems.md
@@ -0,0 +1,108 @@
+# UserSchemaAttributeItems
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Enum** | Pointer to **[]string** |  | [optional] 
+**OneOf** | Pointer to [**[]UserSchemaAttributeEnum**](UserSchemaAttributeEnum.md) |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaAttributeItems
+
+`func NewUserSchemaAttributeItems() *UserSchemaAttributeItems`
+
+NewUserSchemaAttributeItems instantiates a new UserSchemaAttributeItems object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaAttributeItemsWithDefaults
+
+`func NewUserSchemaAttributeItemsWithDefaults() *UserSchemaAttributeItems`
+
+NewUserSchemaAttributeItemsWithDefaults instantiates a new UserSchemaAttributeItems object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetEnum
+
+`func (o *UserSchemaAttributeItems) GetEnum() []string`
+
+GetEnum returns the Enum field if non-nil, zero value otherwise.
+
+### GetEnumOk
+
+`func (o *UserSchemaAttributeItems) GetEnumOk() (*[]string, bool)`
+
+GetEnumOk returns a tuple with the Enum field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEnum
+
+`func (o *UserSchemaAttributeItems) SetEnum(v []string)`
+
+SetEnum sets Enum field to given value.
+
+### HasEnum
+
+`func (o *UserSchemaAttributeItems) HasEnum() bool`
+
+HasEnum returns a boolean if a field has been set.
+
+### GetOneOf
+
+`func (o *UserSchemaAttributeItems) GetOneOf() []UserSchemaAttributeEnum`
+
+GetOneOf returns the OneOf field if non-nil, zero value otherwise.
+
+### GetOneOfOk
+
+`func (o *UserSchemaAttributeItems) GetOneOfOk() (*[]UserSchemaAttributeEnum, bool)`
+
+GetOneOfOk returns a tuple with the OneOf field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOneOf
+
+`func (o *UserSchemaAttributeItems) SetOneOf(v []UserSchemaAttributeEnum)`
+
+SetOneOf sets OneOf field to given value.
+
+### HasOneOf
+
+`func (o *UserSchemaAttributeItems) HasOneOf() bool`
+
+HasOneOf returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserSchemaAttributeItems) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserSchemaAttributeItems) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserSchemaAttributeItems) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserSchemaAttributeItems) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeMaster.md b/okta/docs/UserSchemaAttributeMaster.md
new file mode 100644
index 000000000..d22c026f6
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeMaster.md
@@ -0,0 +1,82 @@
+# UserSchemaAttributeMaster
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Priority** | Pointer to [**[]UserSchemaAttributeMasterPriority**](UserSchemaAttributeMasterPriority.md) |  | [optional] 
+**Type** | Pointer to [**UserSchemaAttributeMasterType**](UserSchemaAttributeMasterType.md) |  | [optional] 
+
+## Methods
+
+### NewUserSchemaAttributeMaster
+
+`func NewUserSchemaAttributeMaster() *UserSchemaAttributeMaster`
+
+NewUserSchemaAttributeMaster instantiates a new UserSchemaAttributeMaster object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaAttributeMasterWithDefaults
+
+`func NewUserSchemaAttributeMasterWithDefaults() *UserSchemaAttributeMaster`
+
+NewUserSchemaAttributeMasterWithDefaults instantiates a new UserSchemaAttributeMaster object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetPriority
+
+`func (o *UserSchemaAttributeMaster) GetPriority() []UserSchemaAttributeMasterPriority`
+
+GetPriority returns the Priority field if non-nil, zero value otherwise.
+
+### GetPriorityOk
+
+`func (o *UserSchemaAttributeMaster) GetPriorityOk() (*[]UserSchemaAttributeMasterPriority, bool)`
+
+GetPriorityOk returns a tuple with the Priority field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPriority
+
+`func (o *UserSchemaAttributeMaster) SetPriority(v []UserSchemaAttributeMasterPriority)`
+
+SetPriority sets Priority field to given value.
+
+### HasPriority
+
+`func (o *UserSchemaAttributeMaster) HasPriority() bool`
+
+HasPriority returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserSchemaAttributeMaster) GetType() UserSchemaAttributeMasterType`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserSchemaAttributeMaster) GetTypeOk() (*UserSchemaAttributeMasterType, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserSchemaAttributeMaster) SetType(v UserSchemaAttributeMasterType)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserSchemaAttributeMaster) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeMasterPriority.md b/okta/docs/UserSchemaAttributeMasterPriority.md
new file mode 100644
index 000000000..846df94a7
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeMasterPriority.md
@@ -0,0 +1,82 @@
+# UserSchemaAttributeMasterPriority
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Type** | Pointer to **string** |  | [optional] 
+**Value** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaAttributeMasterPriority
+
+`func NewUserSchemaAttributeMasterPriority() *UserSchemaAttributeMasterPriority`
+
+NewUserSchemaAttributeMasterPriority instantiates a new UserSchemaAttributeMasterPriority object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaAttributeMasterPriorityWithDefaults
+
+`func NewUserSchemaAttributeMasterPriorityWithDefaults() *UserSchemaAttributeMasterPriority`
+
+NewUserSchemaAttributeMasterPriorityWithDefaults instantiates a new UserSchemaAttributeMasterPriority object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetType
+
+`func (o *UserSchemaAttributeMasterPriority) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserSchemaAttributeMasterPriority) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserSchemaAttributeMasterPriority) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserSchemaAttributeMasterPriority) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+### GetValue
+
+`func (o *UserSchemaAttributeMasterPriority) GetValue() string`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *UserSchemaAttributeMasterPriority) GetValueOk() (*string, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *UserSchemaAttributeMasterPriority) SetValue(v string)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *UserSchemaAttributeMasterPriority) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeMasterType.md b/okta/docs/UserSchemaAttributeMasterType.md
new file mode 100644
index 000000000..2f44fc174
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeMasterType.md
@@ -0,0 +1,15 @@
+# UserSchemaAttributeMasterType
+
+## Enum
+
+
+* `OKTA` (value: `"OKTA"`)
+
+* `OVERRIDE` (value: `"OVERRIDE"`)
+
+* `PROFILE_MASTER` (value: `"PROFILE_MASTER"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributePermission.md b/okta/docs/UserSchemaAttributePermission.md
new file mode 100644
index 000000000..a0b95c853
--- /dev/null
+++ b/okta/docs/UserSchemaAttributePermission.md
@@ -0,0 +1,82 @@
+# UserSchemaAttributePermission
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Action** | Pointer to **string** |  | [optional] 
+**Principal** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaAttributePermission
+
+`func NewUserSchemaAttributePermission() *UserSchemaAttributePermission`
+
+NewUserSchemaAttributePermission instantiates a new UserSchemaAttributePermission object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaAttributePermissionWithDefaults
+
+`func NewUserSchemaAttributePermissionWithDefaults() *UserSchemaAttributePermission`
+
+NewUserSchemaAttributePermissionWithDefaults instantiates a new UserSchemaAttributePermission object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAction
+
+`func (o *UserSchemaAttributePermission) GetAction() string`
+
+GetAction returns the Action field if non-nil, zero value otherwise.
+
+### GetActionOk
+
+`func (o *UserSchemaAttributePermission) GetActionOk() (*string, bool)`
+
+GetActionOk returns a tuple with the Action field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAction
+
+`func (o *UserSchemaAttributePermission) SetAction(v string)`
+
+SetAction sets Action field to given value.
+
+### HasAction
+
+`func (o *UserSchemaAttributePermission) HasAction() bool`
+
+HasAction returns a boolean if a field has been set.
+
+### GetPrincipal
+
+`func (o *UserSchemaAttributePermission) GetPrincipal() string`
+
+GetPrincipal returns the Principal field if non-nil, zero value otherwise.
+
+### GetPrincipalOk
+
+`func (o *UserSchemaAttributePermission) GetPrincipalOk() (*string, bool)`
+
+GetPrincipalOk returns a tuple with the Principal field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrincipal
+
+`func (o *UserSchemaAttributePermission) SetPrincipal(v string)`
+
+SetPrincipal sets Principal field to given value.
+
+### HasPrincipal
+
+`func (o *UserSchemaAttributePermission) HasPrincipal() bool`
+
+HasPrincipal returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeScope.md b/okta/docs/UserSchemaAttributeScope.md
new file mode 100644
index 000000000..d62300c3e
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeScope.md
@@ -0,0 +1,13 @@
+# UserSchemaAttributeScope
+
+## Enum
+
+
+* `NONE` (value: `"NONE"`)
+
+* `SELF` (value: `"SELF"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeType.md b/okta/docs/UserSchemaAttributeType.md
new file mode 100644
index 000000000..aecfce1ee
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeType.md
@@ -0,0 +1,19 @@
+# UserSchemaAttributeType
+
+## Enum
+
+
+* `ARRAY` (value: `"array"`)
+
+* `BOOLEAN` (value: `"boolean"`)
+
+* `INTEGER` (value: `"integer"`)
+
+* `NUMBER` (value: `"number"`)
+
+* `STRING` (value: `"string"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaAttributeUnion.md b/okta/docs/UserSchemaAttributeUnion.md
new file mode 100644
index 000000000..034fec5fa
--- /dev/null
+++ b/okta/docs/UserSchemaAttributeUnion.md
@@ -0,0 +1,13 @@
+# UserSchemaAttributeUnion
+
+## Enum
+
+
+* `DISABLE` (value: `"DISABLE"`)
+
+* `ENABLE` (value: `"ENABLE"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaBase.md b/okta/docs/UserSchemaBase.md
new file mode 100644
index 000000000..43da9dc44
--- /dev/null
+++ b/okta/docs/UserSchemaBase.md
@@ -0,0 +1,134 @@
+# UserSchemaBase
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] 
+**Properties** | Pointer to [**UserSchemaBaseProperties**](UserSchemaBaseProperties.md) |  | [optional] 
+**Required** | Pointer to **[]string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaBase
+
+`func NewUserSchemaBase() *UserSchemaBase`
+
+NewUserSchemaBase instantiates a new UserSchemaBase object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaBaseWithDefaults
+
+`func NewUserSchemaBaseWithDefaults() *UserSchemaBase`
+
+NewUserSchemaBaseWithDefaults instantiates a new UserSchemaBase object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *UserSchemaBase) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *UserSchemaBase) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *UserSchemaBase) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *UserSchemaBase) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *UserSchemaBase) GetProperties() UserSchemaBaseProperties`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *UserSchemaBase) GetPropertiesOk() (*UserSchemaBaseProperties, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *UserSchemaBase) SetProperties(v UserSchemaBaseProperties)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *UserSchemaBase) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *UserSchemaBase) GetRequired() []string`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *UserSchemaBase) GetRequiredOk() (*[]string, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *UserSchemaBase) SetRequired(v []string)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *UserSchemaBase) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserSchemaBase) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserSchemaBase) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserSchemaBase) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserSchemaBase) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaBaseProperties.md b/okta/docs/UserSchemaBaseProperties.md
new file mode 100644
index 000000000..d95b80891
--- /dev/null
+++ b/okta/docs/UserSchemaBaseProperties.md
@@ -0,0 +1,836 @@
+# UserSchemaBaseProperties
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**City** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**CostCenter** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**CountryCode** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Department** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**DisplayName** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Division** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Email** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**EmployeeNumber** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**FirstName** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**HonorificPrefix** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**HonorificSuffix** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**LastName** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Locale** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Login** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Manager** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**ManagerId** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**MiddleName** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**MobilePhone** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**NickName** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Organization** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**PostalAddress** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**PreferredLanguage** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**PrimaryPhone** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**ProfileUrl** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**SecondEmail** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**State** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**StreetAddress** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Timezone** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Title** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**UserType** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**ZipCode** | Pointer to [**UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+
+## Methods
+
+### NewUserSchemaBaseProperties
+
+`func NewUserSchemaBaseProperties() *UserSchemaBaseProperties`
+
+NewUserSchemaBaseProperties instantiates a new UserSchemaBaseProperties object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaBasePropertiesWithDefaults
+
+`func NewUserSchemaBasePropertiesWithDefaults() *UserSchemaBaseProperties`
+
+NewUserSchemaBasePropertiesWithDefaults instantiates a new UserSchemaBaseProperties object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCity
+
+`func (o *UserSchemaBaseProperties) GetCity() UserSchemaAttribute`
+
+GetCity returns the City field if non-nil, zero value otherwise.
+
+### GetCityOk
+
+`func (o *UserSchemaBaseProperties) GetCityOk() (*UserSchemaAttribute, bool)`
+
+GetCityOk returns a tuple with the City field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCity
+
+`func (o *UserSchemaBaseProperties) SetCity(v UserSchemaAttribute)`
+
+SetCity sets City field to given value.
+
+### HasCity
+
+`func (o *UserSchemaBaseProperties) HasCity() bool`
+
+HasCity returns a boolean if a field has been set.
+
+### GetCostCenter
+
+`func (o *UserSchemaBaseProperties) GetCostCenter() UserSchemaAttribute`
+
+GetCostCenter returns the CostCenter field if non-nil, zero value otherwise.
+
+### GetCostCenterOk
+
+`func (o *UserSchemaBaseProperties) GetCostCenterOk() (*UserSchemaAttribute, bool)`
+
+GetCostCenterOk returns a tuple with the CostCenter field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCostCenter
+
+`func (o *UserSchemaBaseProperties) SetCostCenter(v UserSchemaAttribute)`
+
+SetCostCenter sets CostCenter field to given value.
+
+### HasCostCenter
+
+`func (o *UserSchemaBaseProperties) HasCostCenter() bool`
+
+HasCostCenter returns a boolean if a field has been set.
+
+### GetCountryCode
+
+`func (o *UserSchemaBaseProperties) GetCountryCode() UserSchemaAttribute`
+
+GetCountryCode returns the CountryCode field if non-nil, zero value otherwise.
+
+### GetCountryCodeOk
+
+`func (o *UserSchemaBaseProperties) GetCountryCodeOk() (*UserSchemaAttribute, bool)`
+
+GetCountryCodeOk returns a tuple with the CountryCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCountryCode
+
+`func (o *UserSchemaBaseProperties) SetCountryCode(v UserSchemaAttribute)`
+
+SetCountryCode sets CountryCode field to given value.
+
+### HasCountryCode
+
+`func (o *UserSchemaBaseProperties) HasCountryCode() bool`
+
+HasCountryCode returns a boolean if a field has been set.
+
+### GetDepartment
+
+`func (o *UserSchemaBaseProperties) GetDepartment() UserSchemaAttribute`
+
+GetDepartment returns the Department field if non-nil, zero value otherwise.
+
+### GetDepartmentOk
+
+`func (o *UserSchemaBaseProperties) GetDepartmentOk() (*UserSchemaAttribute, bool)`
+
+GetDepartmentOk returns a tuple with the Department field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDepartment
+
+`func (o *UserSchemaBaseProperties) SetDepartment(v UserSchemaAttribute)`
+
+SetDepartment sets Department field to given value.
+
+### HasDepartment
+
+`func (o *UserSchemaBaseProperties) HasDepartment() bool`
+
+HasDepartment returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *UserSchemaBaseProperties) GetDisplayName() UserSchemaAttribute`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *UserSchemaBaseProperties) GetDisplayNameOk() (*UserSchemaAttribute, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *UserSchemaBaseProperties) SetDisplayName(v UserSchemaAttribute)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *UserSchemaBaseProperties) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetDivision
+
+`func (o *UserSchemaBaseProperties) GetDivision() UserSchemaAttribute`
+
+GetDivision returns the Division field if non-nil, zero value otherwise.
+
+### GetDivisionOk
+
+`func (o *UserSchemaBaseProperties) GetDivisionOk() (*UserSchemaAttribute, bool)`
+
+GetDivisionOk returns a tuple with the Division field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDivision
+
+`func (o *UserSchemaBaseProperties) SetDivision(v UserSchemaAttribute)`
+
+SetDivision sets Division field to given value.
+
+### HasDivision
+
+`func (o *UserSchemaBaseProperties) HasDivision() bool`
+
+HasDivision returns a boolean if a field has been set.
+
+### GetEmail
+
+`func (o *UserSchemaBaseProperties) GetEmail() UserSchemaAttribute`
+
+GetEmail returns the Email field if non-nil, zero value otherwise.
+
+### GetEmailOk
+
+`func (o *UserSchemaBaseProperties) GetEmailOk() (*UserSchemaAttribute, bool)`
+
+GetEmailOk returns a tuple with the Email field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmail
+
+`func (o *UserSchemaBaseProperties) SetEmail(v UserSchemaAttribute)`
+
+SetEmail sets Email field to given value.
+
+### HasEmail
+
+`func (o *UserSchemaBaseProperties) HasEmail() bool`
+
+HasEmail returns a boolean if a field has been set.
+
+### GetEmployeeNumber
+
+`func (o *UserSchemaBaseProperties) GetEmployeeNumber() UserSchemaAttribute`
+
+GetEmployeeNumber returns the EmployeeNumber field if non-nil, zero value otherwise.
+
+### GetEmployeeNumberOk
+
+`func (o *UserSchemaBaseProperties) GetEmployeeNumberOk() (*UserSchemaAttribute, bool)`
+
+GetEmployeeNumberOk returns a tuple with the EmployeeNumber field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmployeeNumber
+
+`func (o *UserSchemaBaseProperties) SetEmployeeNumber(v UserSchemaAttribute)`
+
+SetEmployeeNumber sets EmployeeNumber field to given value.
+
+### HasEmployeeNumber
+
+`func (o *UserSchemaBaseProperties) HasEmployeeNumber() bool`
+
+HasEmployeeNumber returns a boolean if a field has been set.
+
+### GetFirstName
+
+`func (o *UserSchemaBaseProperties) GetFirstName() UserSchemaAttribute`
+
+GetFirstName returns the FirstName field if non-nil, zero value otherwise.
+
+### GetFirstNameOk
+
+`func (o *UserSchemaBaseProperties) GetFirstNameOk() (*UserSchemaAttribute, bool)`
+
+GetFirstNameOk returns a tuple with the FirstName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFirstName
+
+`func (o *UserSchemaBaseProperties) SetFirstName(v UserSchemaAttribute)`
+
+SetFirstName sets FirstName field to given value.
+
+### HasFirstName
+
+`func (o *UserSchemaBaseProperties) HasFirstName() bool`
+
+HasFirstName returns a boolean if a field has been set.
+
+### GetHonorificPrefix
+
+`func (o *UserSchemaBaseProperties) GetHonorificPrefix() UserSchemaAttribute`
+
+GetHonorificPrefix returns the HonorificPrefix field if non-nil, zero value otherwise.
+
+### GetHonorificPrefixOk
+
+`func (o *UserSchemaBaseProperties) GetHonorificPrefixOk() (*UserSchemaAttribute, bool)`
+
+GetHonorificPrefixOk returns a tuple with the HonorificPrefix field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHonorificPrefix
+
+`func (o *UserSchemaBaseProperties) SetHonorificPrefix(v UserSchemaAttribute)`
+
+SetHonorificPrefix sets HonorificPrefix field to given value.
+
+### HasHonorificPrefix
+
+`func (o *UserSchemaBaseProperties) HasHonorificPrefix() bool`
+
+HasHonorificPrefix returns a boolean if a field has been set.
+
+### GetHonorificSuffix
+
+`func (o *UserSchemaBaseProperties) GetHonorificSuffix() UserSchemaAttribute`
+
+GetHonorificSuffix returns the HonorificSuffix field if non-nil, zero value otherwise.
+
+### GetHonorificSuffixOk
+
+`func (o *UserSchemaBaseProperties) GetHonorificSuffixOk() (*UserSchemaAttribute, bool)`
+
+GetHonorificSuffixOk returns a tuple with the HonorificSuffix field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHonorificSuffix
+
+`func (o *UserSchemaBaseProperties) SetHonorificSuffix(v UserSchemaAttribute)`
+
+SetHonorificSuffix sets HonorificSuffix field to given value.
+
+### HasHonorificSuffix
+
+`func (o *UserSchemaBaseProperties) HasHonorificSuffix() bool`
+
+HasHonorificSuffix returns a boolean if a field has been set.
+
+### GetLastName
+
+`func (o *UserSchemaBaseProperties) GetLastName() UserSchemaAttribute`
+
+GetLastName returns the LastName field if non-nil, zero value otherwise.
+
+### GetLastNameOk
+
+`func (o *UserSchemaBaseProperties) GetLastNameOk() (*UserSchemaAttribute, bool)`
+
+GetLastNameOk returns a tuple with the LastName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastName
+
+`func (o *UserSchemaBaseProperties) SetLastName(v UserSchemaAttribute)`
+
+SetLastName sets LastName field to given value.
+
+### HasLastName
+
+`func (o *UserSchemaBaseProperties) HasLastName() bool`
+
+HasLastName returns a boolean if a field has been set.
+
+### GetLocale
+
+`func (o *UserSchemaBaseProperties) GetLocale() UserSchemaAttribute`
+
+GetLocale returns the Locale field if non-nil, zero value otherwise.
+
+### GetLocaleOk
+
+`func (o *UserSchemaBaseProperties) GetLocaleOk() (*UserSchemaAttribute, bool)`
+
+GetLocaleOk returns a tuple with the Locale field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLocale
+
+`func (o *UserSchemaBaseProperties) SetLocale(v UserSchemaAttribute)`
+
+SetLocale sets Locale field to given value.
+
+### HasLocale
+
+`func (o *UserSchemaBaseProperties) HasLocale() bool`
+
+HasLocale returns a boolean if a field has been set.
+
+### GetLogin
+
+`func (o *UserSchemaBaseProperties) GetLogin() UserSchemaAttribute`
+
+GetLogin returns the Login field if non-nil, zero value otherwise.
+
+### GetLoginOk
+
+`func (o *UserSchemaBaseProperties) GetLoginOk() (*UserSchemaAttribute, bool)`
+
+GetLoginOk returns a tuple with the Login field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLogin
+
+`func (o *UserSchemaBaseProperties) SetLogin(v UserSchemaAttribute)`
+
+SetLogin sets Login field to given value.
+
+### HasLogin
+
+`func (o *UserSchemaBaseProperties) HasLogin() bool`
+
+HasLogin returns a boolean if a field has been set.
+
+### GetManager
+
+`func (o *UserSchemaBaseProperties) GetManager() UserSchemaAttribute`
+
+GetManager returns the Manager field if non-nil, zero value otherwise.
+
+### GetManagerOk
+
+`func (o *UserSchemaBaseProperties) GetManagerOk() (*UserSchemaAttribute, bool)`
+
+GetManagerOk returns a tuple with the Manager field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetManager
+
+`func (o *UserSchemaBaseProperties) SetManager(v UserSchemaAttribute)`
+
+SetManager sets Manager field to given value.
+
+### HasManager
+
+`func (o *UserSchemaBaseProperties) HasManager() bool`
+
+HasManager returns a boolean if a field has been set.
+
+### GetManagerId
+
+`func (o *UserSchemaBaseProperties) GetManagerId() UserSchemaAttribute`
+
+GetManagerId returns the ManagerId field if non-nil, zero value otherwise.
+
+### GetManagerIdOk
+
+`func (o *UserSchemaBaseProperties) GetManagerIdOk() (*UserSchemaAttribute, bool)`
+
+GetManagerIdOk returns a tuple with the ManagerId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetManagerId
+
+`func (o *UserSchemaBaseProperties) SetManagerId(v UserSchemaAttribute)`
+
+SetManagerId sets ManagerId field to given value.
+
+### HasManagerId
+
+`func (o *UserSchemaBaseProperties) HasManagerId() bool`
+
+HasManagerId returns a boolean if a field has been set.
+
+### GetMiddleName
+
+`func (o *UserSchemaBaseProperties) GetMiddleName() UserSchemaAttribute`
+
+GetMiddleName returns the MiddleName field if non-nil, zero value otherwise.
+
+### GetMiddleNameOk
+
+`func (o *UserSchemaBaseProperties) GetMiddleNameOk() (*UserSchemaAttribute, bool)`
+
+GetMiddleNameOk returns a tuple with the MiddleName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMiddleName
+
+`func (o *UserSchemaBaseProperties) SetMiddleName(v UserSchemaAttribute)`
+
+SetMiddleName sets MiddleName field to given value.
+
+### HasMiddleName
+
+`func (o *UserSchemaBaseProperties) HasMiddleName() bool`
+
+HasMiddleName returns a boolean if a field has been set.
+
+### GetMobilePhone
+
+`func (o *UserSchemaBaseProperties) GetMobilePhone() UserSchemaAttribute`
+
+GetMobilePhone returns the MobilePhone field if non-nil, zero value otherwise.
+
+### GetMobilePhoneOk
+
+`func (o *UserSchemaBaseProperties) GetMobilePhoneOk() (*UserSchemaAttribute, bool)`
+
+GetMobilePhoneOk returns a tuple with the MobilePhone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMobilePhone
+
+`func (o *UserSchemaBaseProperties) SetMobilePhone(v UserSchemaAttribute)`
+
+SetMobilePhone sets MobilePhone field to given value.
+
+### HasMobilePhone
+
+`func (o *UserSchemaBaseProperties) HasMobilePhone() bool`
+
+HasMobilePhone returns a boolean if a field has been set.
+
+### GetNickName
+
+`func (o *UserSchemaBaseProperties) GetNickName() UserSchemaAttribute`
+
+GetNickName returns the NickName field if non-nil, zero value otherwise.
+
+### GetNickNameOk
+
+`func (o *UserSchemaBaseProperties) GetNickNameOk() (*UserSchemaAttribute, bool)`
+
+GetNickNameOk returns a tuple with the NickName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNickName
+
+`func (o *UserSchemaBaseProperties) SetNickName(v UserSchemaAttribute)`
+
+SetNickName sets NickName field to given value.
+
+### HasNickName
+
+`func (o *UserSchemaBaseProperties) HasNickName() bool`
+
+HasNickName returns a boolean if a field has been set.
+
+### GetOrganization
+
+`func (o *UserSchemaBaseProperties) GetOrganization() UserSchemaAttribute`
+
+GetOrganization returns the Organization field if non-nil, zero value otherwise.
+
+### GetOrganizationOk
+
+`func (o *UserSchemaBaseProperties) GetOrganizationOk() (*UserSchemaAttribute, bool)`
+
+GetOrganizationOk returns a tuple with the Organization field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOrganization
+
+`func (o *UserSchemaBaseProperties) SetOrganization(v UserSchemaAttribute)`
+
+SetOrganization sets Organization field to given value.
+
+### HasOrganization
+
+`func (o *UserSchemaBaseProperties) HasOrganization() bool`
+
+HasOrganization returns a boolean if a field has been set.
+
+### GetPostalAddress
+
+`func (o *UserSchemaBaseProperties) GetPostalAddress() UserSchemaAttribute`
+
+GetPostalAddress returns the PostalAddress field if non-nil, zero value otherwise.
+
+### GetPostalAddressOk
+
+`func (o *UserSchemaBaseProperties) GetPostalAddressOk() (*UserSchemaAttribute, bool)`
+
+GetPostalAddressOk returns a tuple with the PostalAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPostalAddress
+
+`func (o *UserSchemaBaseProperties) SetPostalAddress(v UserSchemaAttribute)`
+
+SetPostalAddress sets PostalAddress field to given value.
+
+### HasPostalAddress
+
+`func (o *UserSchemaBaseProperties) HasPostalAddress() bool`
+
+HasPostalAddress returns a boolean if a field has been set.
+
+### GetPreferredLanguage
+
+`func (o *UserSchemaBaseProperties) GetPreferredLanguage() UserSchemaAttribute`
+
+GetPreferredLanguage returns the PreferredLanguage field if non-nil, zero value otherwise.
+
+### GetPreferredLanguageOk
+
+`func (o *UserSchemaBaseProperties) GetPreferredLanguageOk() (*UserSchemaAttribute, bool)`
+
+GetPreferredLanguageOk returns a tuple with the PreferredLanguage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPreferredLanguage
+
+`func (o *UserSchemaBaseProperties) SetPreferredLanguage(v UserSchemaAttribute)`
+
+SetPreferredLanguage sets PreferredLanguage field to given value.
+
+### HasPreferredLanguage
+
+`func (o *UserSchemaBaseProperties) HasPreferredLanguage() bool`
+
+HasPreferredLanguage returns a boolean if a field has been set.
+
+### GetPrimaryPhone
+
+`func (o *UserSchemaBaseProperties) GetPrimaryPhone() UserSchemaAttribute`
+
+GetPrimaryPhone returns the PrimaryPhone field if non-nil, zero value otherwise.
+
+### GetPrimaryPhoneOk
+
+`func (o *UserSchemaBaseProperties) GetPrimaryPhoneOk() (*UserSchemaAttribute, bool)`
+
+GetPrimaryPhoneOk returns a tuple with the PrimaryPhone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPrimaryPhone
+
+`func (o *UserSchemaBaseProperties) SetPrimaryPhone(v UserSchemaAttribute)`
+
+SetPrimaryPhone sets PrimaryPhone field to given value.
+
+### HasPrimaryPhone
+
+`func (o *UserSchemaBaseProperties) HasPrimaryPhone() bool`
+
+HasPrimaryPhone returns a boolean if a field has been set.
+
+### GetProfileUrl
+
+`func (o *UserSchemaBaseProperties) GetProfileUrl() UserSchemaAttribute`
+
+GetProfileUrl returns the ProfileUrl field if non-nil, zero value otherwise.
+
+### GetProfileUrlOk
+
+`func (o *UserSchemaBaseProperties) GetProfileUrlOk() (*UserSchemaAttribute, bool)`
+
+GetProfileUrlOk returns a tuple with the ProfileUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfileUrl
+
+`func (o *UserSchemaBaseProperties) SetProfileUrl(v UserSchemaAttribute)`
+
+SetProfileUrl sets ProfileUrl field to given value.
+
+### HasProfileUrl
+
+`func (o *UserSchemaBaseProperties) HasProfileUrl() bool`
+
+HasProfileUrl returns a boolean if a field has been set.
+
+### GetSecondEmail
+
+`func (o *UserSchemaBaseProperties) GetSecondEmail() UserSchemaAttribute`
+
+GetSecondEmail returns the SecondEmail field if non-nil, zero value otherwise.
+
+### GetSecondEmailOk
+
+`func (o *UserSchemaBaseProperties) GetSecondEmailOk() (*UserSchemaAttribute, bool)`
+
+GetSecondEmailOk returns a tuple with the SecondEmail field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSecondEmail
+
+`func (o *UserSchemaBaseProperties) SetSecondEmail(v UserSchemaAttribute)`
+
+SetSecondEmail sets SecondEmail field to given value.
+
+### HasSecondEmail
+
+`func (o *UserSchemaBaseProperties) HasSecondEmail() bool`
+
+HasSecondEmail returns a boolean if a field has been set.
+
+### GetState
+
+`func (o *UserSchemaBaseProperties) GetState() UserSchemaAttribute`
+
+GetState returns the State field if non-nil, zero value otherwise.
+
+### GetStateOk
+
+`func (o *UserSchemaBaseProperties) GetStateOk() (*UserSchemaAttribute, bool)`
+
+GetStateOk returns a tuple with the State field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetState
+
+`func (o *UserSchemaBaseProperties) SetState(v UserSchemaAttribute)`
+
+SetState sets State field to given value.
+
+### HasState
+
+`func (o *UserSchemaBaseProperties) HasState() bool`
+
+HasState returns a boolean if a field has been set.
+
+### GetStreetAddress
+
+`func (o *UserSchemaBaseProperties) GetStreetAddress() UserSchemaAttribute`
+
+GetStreetAddress returns the StreetAddress field if non-nil, zero value otherwise.
+
+### GetStreetAddressOk
+
+`func (o *UserSchemaBaseProperties) GetStreetAddressOk() (*UserSchemaAttribute, bool)`
+
+GetStreetAddressOk returns a tuple with the StreetAddress field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStreetAddress
+
+`func (o *UserSchemaBaseProperties) SetStreetAddress(v UserSchemaAttribute)`
+
+SetStreetAddress sets StreetAddress field to given value.
+
+### HasStreetAddress
+
+`func (o *UserSchemaBaseProperties) HasStreetAddress() bool`
+
+HasStreetAddress returns a boolean if a field has been set.
+
+### GetTimezone
+
+`func (o *UserSchemaBaseProperties) GetTimezone() UserSchemaAttribute`
+
+GetTimezone returns the Timezone field if non-nil, zero value otherwise.
+
+### GetTimezoneOk
+
+`func (o *UserSchemaBaseProperties) GetTimezoneOk() (*UserSchemaAttribute, bool)`
+
+GetTimezoneOk returns a tuple with the Timezone field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTimezone
+
+`func (o *UserSchemaBaseProperties) SetTimezone(v UserSchemaAttribute)`
+
+SetTimezone sets Timezone field to given value.
+
+### HasTimezone
+
+`func (o *UserSchemaBaseProperties) HasTimezone() bool`
+
+HasTimezone returns a boolean if a field has been set.
+
+### GetTitle
+
+`func (o *UserSchemaBaseProperties) GetTitle() UserSchemaAttribute`
+
+GetTitle returns the Title field if non-nil, zero value otherwise.
+
+### GetTitleOk
+
+`func (o *UserSchemaBaseProperties) GetTitleOk() (*UserSchemaAttribute, bool)`
+
+GetTitleOk returns a tuple with the Title field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTitle
+
+`func (o *UserSchemaBaseProperties) SetTitle(v UserSchemaAttribute)`
+
+SetTitle sets Title field to given value.
+
+### HasTitle
+
+`func (o *UserSchemaBaseProperties) HasTitle() bool`
+
+HasTitle returns a boolean if a field has been set.
+
+### GetUserType
+
+`func (o *UserSchemaBaseProperties) GetUserType() UserSchemaAttribute`
+
+GetUserType returns the UserType field if non-nil, zero value otherwise.
+
+### GetUserTypeOk
+
+`func (o *UserSchemaBaseProperties) GetUserTypeOk() (*UserSchemaAttribute, bool)`
+
+GetUserTypeOk returns a tuple with the UserType field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserType
+
+`func (o *UserSchemaBaseProperties) SetUserType(v UserSchemaAttribute)`
+
+SetUserType sets UserType field to given value.
+
+### HasUserType
+
+`func (o *UserSchemaBaseProperties) HasUserType() bool`
+
+HasUserType returns a boolean if a field has been set.
+
+### GetZipCode
+
+`func (o *UserSchemaBaseProperties) GetZipCode() UserSchemaAttribute`
+
+GetZipCode returns the ZipCode field if non-nil, zero value otherwise.
+
+### GetZipCodeOk
+
+`func (o *UserSchemaBaseProperties) GetZipCodeOk() (*UserSchemaAttribute, bool)`
+
+GetZipCodeOk returns a tuple with the ZipCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetZipCode
+
+`func (o *UserSchemaBaseProperties) SetZipCode(v UserSchemaAttribute)`
+
+SetZipCode sets ZipCode field to given value.
+
+### HasZipCode
+
+`func (o *UserSchemaBaseProperties) HasZipCode() bool`
+
+HasZipCode returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaDefinitions.md b/okta/docs/UserSchemaDefinitions.md
new file mode 100644
index 000000000..91fccedad
--- /dev/null
+++ b/okta/docs/UserSchemaDefinitions.md
@@ -0,0 +1,82 @@
+# UserSchemaDefinitions
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Base** | Pointer to [**UserSchemaBase**](UserSchemaBase.md) |  | [optional] 
+**Custom** | Pointer to [**UserSchemaPublic**](UserSchemaPublic.md) |  | [optional] 
+
+## Methods
+
+### NewUserSchemaDefinitions
+
+`func NewUserSchemaDefinitions() *UserSchemaDefinitions`
+
+NewUserSchemaDefinitions instantiates a new UserSchemaDefinitions object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaDefinitionsWithDefaults
+
+`func NewUserSchemaDefinitionsWithDefaults() *UserSchemaDefinitions`
+
+NewUserSchemaDefinitionsWithDefaults instantiates a new UserSchemaDefinitions object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetBase
+
+`func (o *UserSchemaDefinitions) GetBase() UserSchemaBase`
+
+GetBase returns the Base field if non-nil, zero value otherwise.
+
+### GetBaseOk
+
+`func (o *UserSchemaDefinitions) GetBaseOk() (*UserSchemaBase, bool)`
+
+GetBaseOk returns a tuple with the Base field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBase
+
+`func (o *UserSchemaDefinitions) SetBase(v UserSchemaBase)`
+
+SetBase sets Base field to given value.
+
+### HasBase
+
+`func (o *UserSchemaDefinitions) HasBase() bool`
+
+HasBase returns a boolean if a field has been set.
+
+### GetCustom
+
+`func (o *UserSchemaDefinitions) GetCustom() UserSchemaPublic`
+
+GetCustom returns the Custom field if non-nil, zero value otherwise.
+
+### GetCustomOk
+
+`func (o *UserSchemaDefinitions) GetCustomOk() (*UserSchemaPublic, bool)`
+
+GetCustomOk returns a tuple with the Custom field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCustom
+
+`func (o *UserSchemaDefinitions) SetCustom(v UserSchemaPublic)`
+
+SetCustom sets Custom field to given value.
+
+### HasCustom
+
+`func (o *UserSchemaDefinitions) HasCustom() bool`
+
+HasCustom returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaProperties.md b/okta/docs/UserSchemaProperties.md
new file mode 100644
index 000000000..80fc1d9ec
--- /dev/null
+++ b/okta/docs/UserSchemaProperties.md
@@ -0,0 +1,56 @@
+# UserSchemaProperties
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**UserSchemaPropertiesProfile**](UserSchemaPropertiesProfile.md) |  | [optional] 
+
+## Methods
+
+### NewUserSchemaProperties
+
+`func NewUserSchemaProperties() *UserSchemaProperties`
+
+NewUserSchemaProperties instantiates a new UserSchemaProperties object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaPropertiesWithDefaults
+
+`func NewUserSchemaPropertiesWithDefaults() *UserSchemaProperties`
+
+NewUserSchemaPropertiesWithDefaults instantiates a new UserSchemaProperties object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *UserSchemaProperties) GetProfile() UserSchemaPropertiesProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *UserSchemaProperties) GetProfileOk() (*UserSchemaPropertiesProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *UserSchemaProperties) SetProfile(v UserSchemaPropertiesProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *UserSchemaProperties) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaPropertiesProfile.md b/okta/docs/UserSchemaPropertiesProfile.md
new file mode 100644
index 000000000..7a4986761
--- /dev/null
+++ b/okta/docs/UserSchemaPropertiesProfile.md
@@ -0,0 +1,56 @@
+# UserSchemaPropertiesProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AllOf** | Pointer to [**[]UserSchemaPropertiesProfileItem**](UserSchemaPropertiesProfileItem.md) |  | [optional] 
+
+## Methods
+
+### NewUserSchemaPropertiesProfile
+
+`func NewUserSchemaPropertiesProfile() *UserSchemaPropertiesProfile`
+
+NewUserSchemaPropertiesProfile instantiates a new UserSchemaPropertiesProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaPropertiesProfileWithDefaults
+
+`func NewUserSchemaPropertiesProfileWithDefaults() *UserSchemaPropertiesProfile`
+
+NewUserSchemaPropertiesProfileWithDefaults instantiates a new UserSchemaPropertiesProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAllOf
+
+`func (o *UserSchemaPropertiesProfile) GetAllOf() []UserSchemaPropertiesProfileItem`
+
+GetAllOf returns the AllOf field if non-nil, zero value otherwise.
+
+### GetAllOfOk
+
+`func (o *UserSchemaPropertiesProfile) GetAllOfOk() (*[]UserSchemaPropertiesProfileItem, bool)`
+
+GetAllOfOk returns a tuple with the AllOf field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllOf
+
+`func (o *UserSchemaPropertiesProfile) SetAllOf(v []UserSchemaPropertiesProfileItem)`
+
+SetAllOf sets AllOf field to given value.
+
+### HasAllOf
+
+`func (o *UserSchemaPropertiesProfile) HasAllOf() bool`
+
+HasAllOf returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaPropertiesProfileItem.md b/okta/docs/UserSchemaPropertiesProfileItem.md
new file mode 100644
index 000000000..2657576df
--- /dev/null
+++ b/okta/docs/UserSchemaPropertiesProfileItem.md
@@ -0,0 +1,56 @@
+# UserSchemaPropertiesProfileItem
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Ref** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaPropertiesProfileItem
+
+`func NewUserSchemaPropertiesProfileItem() *UserSchemaPropertiesProfileItem`
+
+NewUserSchemaPropertiesProfileItem instantiates a new UserSchemaPropertiesProfileItem object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaPropertiesProfileItemWithDefaults
+
+`func NewUserSchemaPropertiesProfileItemWithDefaults() *UserSchemaPropertiesProfileItem`
+
+NewUserSchemaPropertiesProfileItemWithDefaults instantiates a new UserSchemaPropertiesProfileItem object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetRef
+
+`func (o *UserSchemaPropertiesProfileItem) GetRef() string`
+
+GetRef returns the Ref field if non-nil, zero value otherwise.
+
+### GetRefOk
+
+`func (o *UserSchemaPropertiesProfileItem) GetRefOk() (*string, bool)`
+
+GetRefOk returns a tuple with the Ref field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRef
+
+`func (o *UserSchemaPropertiesProfileItem) SetRef(v string)`
+
+SetRef sets Ref field to given value.
+
+### HasRef
+
+`func (o *UserSchemaPropertiesProfileItem) HasRef() bool`
+
+HasRef returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserSchemaPublic.md b/okta/docs/UserSchemaPublic.md
new file mode 100644
index 000000000..0f1a39d20
--- /dev/null
+++ b/okta/docs/UserSchemaPublic.md
@@ -0,0 +1,134 @@
+# UserSchemaPublic
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** |  | [optional] 
+**Properties** | Pointer to [**map[string]UserSchemaAttribute**](UserSchemaAttribute.md) |  | [optional] 
+**Required** | Pointer to **[]string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewUserSchemaPublic
+
+`func NewUserSchemaPublic() *UserSchemaPublic`
+
+NewUserSchemaPublic instantiates a new UserSchemaPublic object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserSchemaPublicWithDefaults
+
+`func NewUserSchemaPublicWithDefaults() *UserSchemaPublic`
+
+NewUserSchemaPublicWithDefaults instantiates a new UserSchemaPublic object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *UserSchemaPublic) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *UserSchemaPublic) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *UserSchemaPublic) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *UserSchemaPublic) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetProperties
+
+`func (o *UserSchemaPublic) GetProperties() map[string]UserSchemaAttribute`
+
+GetProperties returns the Properties field if non-nil, zero value otherwise.
+
+### GetPropertiesOk
+
+`func (o *UserSchemaPublic) GetPropertiesOk() (*map[string]UserSchemaAttribute, bool)`
+
+GetPropertiesOk returns a tuple with the Properties field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProperties
+
+`func (o *UserSchemaPublic) SetProperties(v map[string]UserSchemaAttribute)`
+
+SetProperties sets Properties field to given value.
+
+### HasProperties
+
+`func (o *UserSchemaPublic) HasProperties() bool`
+
+HasProperties returns a boolean if a field has been set.
+
+### GetRequired
+
+`func (o *UserSchemaPublic) GetRequired() []string`
+
+GetRequired returns the Required field if non-nil, zero value otherwise.
+
+### GetRequiredOk
+
+`func (o *UserSchemaPublic) GetRequiredOk() (*[]string, bool)`
+
+GetRequiredOk returns a tuple with the Required field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequired
+
+`func (o *UserSchemaPublic) SetRequired(v []string)`
+
+SetRequired sets Required field to given value.
+
+### HasRequired
+
+`func (o *UserSchemaPublic) HasRequired() bool`
+
+HasRequired returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *UserSchemaPublic) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *UserSchemaPublic) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *UserSchemaPublic) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *UserSchemaPublic) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserStatus.md b/okta/docs/UserStatus.md
new file mode 100644
index 000000000..b4cd29d2c
--- /dev/null
+++ b/okta/docs/UserStatus.md
@@ -0,0 +1,25 @@
+# UserStatus
+
+## Enum
+
+
+* `ACTIVE` (value: `"ACTIVE"`)
+
+* `DEPROVISIONED` (value: `"DEPROVISIONED"`)
+
+* `LOCKED_OUT` (value: `"LOCKED_OUT"`)
+
+* `PASSWORD_EXPIRED` (value: `"PASSWORD_EXPIRED"`)
+
+* `PROVISIONED` (value: `"PROVISIONED"`)
+
+* `RECOVERY` (value: `"RECOVERY"`)
+
+* `STAGED` (value: `"STAGED"`)
+
+* `SUSPENDED` (value: `"SUSPENDED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserStatusPolicyRuleCondition.md b/okta/docs/UserStatusPolicyRuleCondition.md
new file mode 100644
index 000000000..be9f0cd20
--- /dev/null
+++ b/okta/docs/UserStatusPolicyRuleCondition.md
@@ -0,0 +1,56 @@
+# UserStatusPolicyRuleCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Value** | Pointer to [**PolicyUserStatus**](PolicyUserStatus.md) |  | [optional] 
+
+## Methods
+
+### NewUserStatusPolicyRuleCondition
+
+`func NewUserStatusPolicyRuleCondition() *UserStatusPolicyRuleCondition`
+
+NewUserStatusPolicyRuleCondition instantiates a new UserStatusPolicyRuleCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserStatusPolicyRuleConditionWithDefaults
+
+`func NewUserStatusPolicyRuleConditionWithDefaults() *UserStatusPolicyRuleCondition`
+
+NewUserStatusPolicyRuleConditionWithDefaults instantiates a new UserStatusPolicyRuleCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetValue
+
+`func (o *UserStatusPolicyRuleCondition) GetValue() PolicyUserStatus`
+
+GetValue returns the Value field if non-nil, zero value otherwise.
+
+### GetValueOk
+
+`func (o *UserStatusPolicyRuleCondition) GetValueOk() (*PolicyUserStatus, bool)`
+
+GetValueOk returns a tuple with the Value field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetValue
+
+`func (o *UserStatusPolicyRuleCondition) SetValue(v PolicyUserStatus)`
+
+SetValue sets Value field to given value.
+
+### HasValue
+
+`func (o *UserStatusPolicyRuleCondition) HasValue() bool`
+
+HasValue returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserType.md b/okta/docs/UserType.md
new file mode 100644
index 000000000..8ce06a0e6
--- /dev/null
+++ b/okta/docs/UserType.md
@@ -0,0 +1,290 @@
+# UserType
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Created** | Pointer to **time.Time** |  | [optional] [readonly] 
+**CreatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**Default** | Pointer to **bool** |  | [optional] [readonly] 
+**Description** | Pointer to **string** |  | [optional] 
+**DisplayName** | Pointer to **string** |  | [optional] 
+**Id** | Pointer to **string** |  | [optional] 
+**LastUpdated** | Pointer to **time.Time** |  | [optional] [readonly] 
+**LastUpdatedBy** | Pointer to **string** |  | [optional] [readonly] 
+**Name** | Pointer to **string** |  | [optional] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewUserType
+
+`func NewUserType() *UserType`
+
+NewUserType instantiates a new UserType object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserTypeWithDefaults
+
+`func NewUserTypeWithDefaults() *UserType`
+
+NewUserTypeWithDefaults instantiates a new UserType object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCreated
+
+`func (o *UserType) GetCreated() time.Time`
+
+GetCreated returns the Created field if non-nil, zero value otherwise.
+
+### GetCreatedOk
+
+`func (o *UserType) GetCreatedOk() (*time.Time, bool)`
+
+GetCreatedOk returns a tuple with the Created field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreated
+
+`func (o *UserType) SetCreated(v time.Time)`
+
+SetCreated sets Created field to given value.
+
+### HasCreated
+
+`func (o *UserType) HasCreated() bool`
+
+HasCreated returns a boolean if a field has been set.
+
+### GetCreatedBy
+
+`func (o *UserType) GetCreatedBy() string`
+
+GetCreatedBy returns the CreatedBy field if non-nil, zero value otherwise.
+
+### GetCreatedByOk
+
+`func (o *UserType) GetCreatedByOk() (*string, bool)`
+
+GetCreatedByOk returns a tuple with the CreatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCreatedBy
+
+`func (o *UserType) SetCreatedBy(v string)`
+
+SetCreatedBy sets CreatedBy field to given value.
+
+### HasCreatedBy
+
+`func (o *UserType) HasCreatedBy() bool`
+
+HasCreatedBy returns a boolean if a field has been set.
+
+### GetDefault
+
+`func (o *UserType) GetDefault() bool`
+
+GetDefault returns the Default field if non-nil, zero value otherwise.
+
+### GetDefaultOk
+
+`func (o *UserType) GetDefaultOk() (*bool, bool)`
+
+GetDefaultOk returns a tuple with the Default field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDefault
+
+`func (o *UserType) SetDefault(v bool)`
+
+SetDefault sets Default field to given value.
+
+### HasDefault
+
+`func (o *UserType) HasDefault() bool`
+
+HasDefault returns a boolean if a field has been set.
+
+### GetDescription
+
+`func (o *UserType) GetDescription() string`
+
+GetDescription returns the Description field if non-nil, zero value otherwise.
+
+### GetDescriptionOk
+
+`func (o *UserType) GetDescriptionOk() (*string, bool)`
+
+GetDescriptionOk returns a tuple with the Description field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDescription
+
+`func (o *UserType) SetDescription(v string)`
+
+SetDescription sets Description field to given value.
+
+### HasDescription
+
+`func (o *UserType) HasDescription() bool`
+
+HasDescription returns a boolean if a field has been set.
+
+### GetDisplayName
+
+`func (o *UserType) GetDisplayName() string`
+
+GetDisplayName returns the DisplayName field if non-nil, zero value otherwise.
+
+### GetDisplayNameOk
+
+`func (o *UserType) GetDisplayNameOk() (*string, bool)`
+
+GetDisplayNameOk returns a tuple with the DisplayName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDisplayName
+
+`func (o *UserType) SetDisplayName(v string)`
+
+SetDisplayName sets DisplayName field to given value.
+
+### HasDisplayName
+
+`func (o *UserType) HasDisplayName() bool`
+
+HasDisplayName returns a boolean if a field has been set.
+
+### GetId
+
+`func (o *UserType) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *UserType) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *UserType) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *UserType) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetLastUpdated
+
+`func (o *UserType) GetLastUpdated() time.Time`
+
+GetLastUpdated returns the LastUpdated field if non-nil, zero value otherwise.
+
+### GetLastUpdatedOk
+
+`func (o *UserType) GetLastUpdatedOk() (*time.Time, bool)`
+
+GetLastUpdatedOk returns a tuple with the LastUpdated field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdated
+
+`func (o *UserType) SetLastUpdated(v time.Time)`
+
+SetLastUpdated sets LastUpdated field to given value.
+
+### HasLastUpdated
+
+`func (o *UserType) HasLastUpdated() bool`
+
+HasLastUpdated returns a boolean if a field has been set.
+
+### GetLastUpdatedBy
+
+`func (o *UserType) GetLastUpdatedBy() string`
+
+GetLastUpdatedBy returns the LastUpdatedBy field if non-nil, zero value otherwise.
+
+### GetLastUpdatedByOk
+
+`func (o *UserType) GetLastUpdatedByOk() (*string, bool)`
+
+GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLastUpdatedBy
+
+`func (o *UserType) SetLastUpdatedBy(v string)`
+
+SetLastUpdatedBy sets LastUpdatedBy field to given value.
+
+### HasLastUpdatedBy
+
+`func (o *UserType) HasLastUpdatedBy() bool`
+
+HasLastUpdatedBy returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *UserType) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *UserType) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *UserType) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *UserType) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *UserType) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *UserType) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *UserType) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *UserType) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserTypeApi.md b/okta/docs/UserTypeApi.md
new file mode 100644
index 000000000..34ba892b2
--- /dev/null
+++ b/okta/docs/UserTypeApi.md
@@ -0,0 +1,423 @@
+# \UserTypeApi
+
+All URIs are relative to *https://subdomain.okta.com*
+
+Method | HTTP request | Description
+------------- | ------------- | -------------
+[**CreateUserType**](UserTypeApi.md#CreateUserType) | **Post** /api/v1/meta/types/user | Create a User Type
+[**DeleteUserType**](UserTypeApi.md#DeleteUserType) | **Delete** /api/v1/meta/types/user/{typeId} | Delete a User Type
+[**GetUserType**](UserTypeApi.md#GetUserType) | **Get** /api/v1/meta/types/user/{typeId} | Retrieve a User Type
+[**ListUserTypes**](UserTypeApi.md#ListUserTypes) | **Get** /api/v1/meta/types/user | List all User Types
+[**ReplaceUserType**](UserTypeApi.md#ReplaceUserType) | **Put** /api/v1/meta/types/user/{typeId} | Replace a User Type
+[**UpdateUserType**](UserTypeApi.md#UpdateUserType) | **Post** /api/v1/meta/types/user/{typeId} | Update a User Type
+
+
+
+## CreateUserType
+
+> UserType CreateUserType(ctx).UserType(userType).Execute()
+
+Create a User Type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    userType := *openapiclient.NewUserType() // UserType | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserTypeApi.CreateUserType(context.Background()).UserType(userType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserTypeApi.CreateUserType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `CreateUserType`: UserType
+    fmt.Fprintf(os.Stdout, "Response from `UserTypeApi.CreateUserType`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiCreateUserTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **userType** | [**UserType**](UserType.md) |  | 
+
+### Return type
+
+[**UserType**](UserType.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## DeleteUserType
+
+> DeleteUserType(ctx, typeId).Execute()
+
+Delete a User Type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    typeId := "typeId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserTypeApi.DeleteUserType(context.Background(), typeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserTypeApi.DeleteUserType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**typeId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiDeleteUserTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+ (empty response body)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## GetUserType
+
+> UserType GetUserType(ctx, typeId).Execute()
+
+Retrieve a User Type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    typeId := "typeId_example" // string | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserTypeApi.GetUserType(context.Background(), typeId).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserTypeApi.GetUserType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `GetUserType`: UserType
+    fmt.Fprintf(os.Stdout, "Response from `UserTypeApi.GetUserType`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**typeId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiGetUserTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+
+### Return type
+
+[**UserType**](UserType.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ListUserTypes
+
+> []UserType ListUserTypes(ctx).Execute()
+
+List all User Types
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserTypeApi.ListUserTypes(context.Background()).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserTypeApi.ListUserTypes``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ListUserTypes`: []UserType
+    fmt.Fprintf(os.Stdout, "Response from `UserTypeApi.ListUserTypes`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiListUserTypesRequest struct via the builder pattern
+
+
+### Return type
+
+[**[]UserType**](UserType.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## ReplaceUserType
+
+> UserType ReplaceUserType(ctx, typeId).UserType(userType).Execute()
+
+Replace a User Type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    typeId := "typeId_example" // string | 
+    userType := *openapiclient.NewUserType() // UserType | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserTypeApi.ReplaceUserType(context.Background(), typeId).UserType(userType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserTypeApi.ReplaceUserType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `ReplaceUserType`: UserType
+    fmt.Fprintf(os.Stdout, "Response from `UserTypeApi.ReplaceUserType`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**typeId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiReplaceUserTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **userType** | [**UserType**](UserType.md) |  | 
+
+### Return type
+
+[**UserType**](UserType.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
+## UpdateUserType
+
+> UserType UpdateUserType(ctx, typeId).UserType(userType).Execute()
+
+Update a User Type
+
+
+
+### Example
+
+```go
+package main
+
+import (
+    "context"
+    "fmt"
+    "os"
+    openapiclient "./openapi"
+)
+
+func main() {
+    typeId := "typeId_example" // string | 
+    userType := *openapiclient.NewUserType() // UserType | 
+
+    configuration := openapiclient.NewConfiguration()
+    apiClient := openapiclient.NewAPIClient(configuration)
+    resp, r, err := apiClient.UserTypeApi.UpdateUserType(context.Background(), typeId).UserType(userType).Execute()
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "Error when calling `UserTypeApi.UpdateUserType``: %v\n", err)
+        fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+    }
+    // response from `UpdateUserType`: UserType
+    fmt.Fprintf(os.Stdout, "Response from `UserTypeApi.UpdateUserType`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
+**typeId** | **string** |  | 
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiUpdateUserTypeRequest struct via the builder pattern
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+
+ **userType** | [**UserType**](UserType.md) |  | 
+
+### Return type
+
+[**UserType**](UserType.md)
+
+### Authorization
+
+[apiToken](../README.md#apiToken), [oauth2](../README.md#oauth2)
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
diff --git a/okta/docs/UserTypeCondition.md b/okta/docs/UserTypeCondition.md
new file mode 100644
index 000000000..ec8135283
--- /dev/null
+++ b/okta/docs/UserTypeCondition.md
@@ -0,0 +1,82 @@
+# UserTypeCondition
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Exclude** | Pointer to **[]string** |  | [optional] 
+**Include** | Pointer to **[]string** |  | [optional] 
+
+## Methods
+
+### NewUserTypeCondition
+
+`func NewUserTypeCondition() *UserTypeCondition`
+
+NewUserTypeCondition instantiates a new UserTypeCondition object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewUserTypeConditionWithDefaults
+
+`func NewUserTypeConditionWithDefaults() *UserTypeCondition`
+
+NewUserTypeConditionWithDefaults instantiates a new UserTypeCondition object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExclude
+
+`func (o *UserTypeCondition) GetExclude() []string`
+
+GetExclude returns the Exclude field if non-nil, zero value otherwise.
+
+### GetExcludeOk
+
+`func (o *UserTypeCondition) GetExcludeOk() (*[]string, bool)`
+
+GetExcludeOk returns a tuple with the Exclude field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExclude
+
+`func (o *UserTypeCondition) SetExclude(v []string)`
+
+SetExclude sets Exclude field to given value.
+
+### HasExclude
+
+`func (o *UserTypeCondition) HasExclude() bool`
+
+HasExclude returns a boolean if a field has been set.
+
+### GetInclude
+
+`func (o *UserTypeCondition) GetInclude() []string`
+
+GetInclude returns the Include field if non-nil, zero value otherwise.
+
+### GetIncludeOk
+
+`func (o *UserTypeCondition) GetIncludeOk() (*[]string, bool)`
+
+GetIncludeOk returns a tuple with the Include field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInclude
+
+`func (o *UserTypeCondition) SetInclude(v []string)`
+
+SetInclude sets Include field to given value.
+
+### HasInclude
+
+`func (o *UserTypeCondition) HasInclude() bool`
+
+HasInclude returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/UserVerificationEnum.md b/okta/docs/UserVerificationEnum.md
new file mode 100644
index 000000000..92d23c098
--- /dev/null
+++ b/okta/docs/UserVerificationEnum.md
@@ -0,0 +1,13 @@
+# UserVerificationEnum
+
+## Enum
+
+
+* `PREFERRED` (value: `"PREFERRED"`)
+
+* `REQUIRED` (value: `"REQUIRED"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/VerificationMethod.md b/okta/docs/VerificationMethod.md
new file mode 100644
index 000000000..6350b9969
--- /dev/null
+++ b/okta/docs/VerificationMethod.md
@@ -0,0 +1,134 @@
+# VerificationMethod
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Constraints** | Pointer to [**[]AccessPolicyConstraints**](AccessPolicyConstraints.md) |  | [optional] 
+**FactorMode** | Pointer to **string** |  | [optional] 
+**ReauthenticateIn** | Pointer to **string** |  | [optional] 
+**Type** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewVerificationMethod
+
+`func NewVerificationMethod() *VerificationMethod`
+
+NewVerificationMethod instantiates a new VerificationMethod object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewVerificationMethodWithDefaults
+
+`func NewVerificationMethodWithDefaults() *VerificationMethod`
+
+NewVerificationMethodWithDefaults instantiates a new VerificationMethod object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetConstraints
+
+`func (o *VerificationMethod) GetConstraints() []AccessPolicyConstraints`
+
+GetConstraints returns the Constraints field if non-nil, zero value otherwise.
+
+### GetConstraintsOk
+
+`func (o *VerificationMethod) GetConstraintsOk() (*[]AccessPolicyConstraints, bool)`
+
+GetConstraintsOk returns a tuple with the Constraints field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetConstraints
+
+`func (o *VerificationMethod) SetConstraints(v []AccessPolicyConstraints)`
+
+SetConstraints sets Constraints field to given value.
+
+### HasConstraints
+
+`func (o *VerificationMethod) HasConstraints() bool`
+
+HasConstraints returns a boolean if a field has been set.
+
+### GetFactorMode
+
+`func (o *VerificationMethod) GetFactorMode() string`
+
+GetFactorMode returns the FactorMode field if non-nil, zero value otherwise.
+
+### GetFactorModeOk
+
+`func (o *VerificationMethod) GetFactorModeOk() (*string, bool)`
+
+GetFactorModeOk returns a tuple with the FactorMode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorMode
+
+`func (o *VerificationMethod) SetFactorMode(v string)`
+
+SetFactorMode sets FactorMode field to given value.
+
+### HasFactorMode
+
+`func (o *VerificationMethod) HasFactorMode() bool`
+
+HasFactorMode returns a boolean if a field has been set.
+
+### GetReauthenticateIn
+
+`func (o *VerificationMethod) GetReauthenticateIn() string`
+
+GetReauthenticateIn returns the ReauthenticateIn field if non-nil, zero value otherwise.
+
+### GetReauthenticateInOk
+
+`func (o *VerificationMethod) GetReauthenticateInOk() (*string, bool)`
+
+GetReauthenticateInOk returns a tuple with the ReauthenticateIn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetReauthenticateIn
+
+`func (o *VerificationMethod) SetReauthenticateIn(v string)`
+
+SetReauthenticateIn sets ReauthenticateIn field to given value.
+
+### HasReauthenticateIn
+
+`func (o *VerificationMethod) HasReauthenticateIn() bool`
+
+HasReauthenticateIn returns a boolean if a field has been set.
+
+### GetType
+
+`func (o *VerificationMethod) GetType() string`
+
+GetType returns the Type field if non-nil, zero value otherwise.
+
+### GetTypeOk
+
+`func (o *VerificationMethod) GetTypeOk() (*string, bool)`
+
+GetTypeOk returns a tuple with the Type field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetType
+
+`func (o *VerificationMethod) SetType(v string)`
+
+SetType sets Type field to given value.
+
+### HasType
+
+`func (o *VerificationMethod) HasType() bool`
+
+HasType returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/VerifyFactorRequest.md b/okta/docs/VerifyFactorRequest.md
new file mode 100644
index 000000000..e57462b0c
--- /dev/null
+++ b/okta/docs/VerifyFactorRequest.md
@@ -0,0 +1,238 @@
+# VerifyFactorRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ActivationToken** | Pointer to **string** |  | [optional] 
+**Answer** | Pointer to **string** |  | [optional] 
+**Attestation** | Pointer to **string** |  | [optional] 
+**ClientData** | Pointer to **string** |  | [optional] 
+**NextPassCode** | Pointer to **string** |  | [optional] 
+**PassCode** | Pointer to **string** |  | [optional] 
+**RegistrationData** | Pointer to **string** |  | [optional] 
+**StateToken** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewVerifyFactorRequest
+
+`func NewVerifyFactorRequest() *VerifyFactorRequest`
+
+NewVerifyFactorRequest instantiates a new VerifyFactorRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewVerifyFactorRequestWithDefaults
+
+`func NewVerifyFactorRequestWithDefaults() *VerifyFactorRequest`
+
+NewVerifyFactorRequestWithDefaults instantiates a new VerifyFactorRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetActivationToken
+
+`func (o *VerifyFactorRequest) GetActivationToken() string`
+
+GetActivationToken returns the ActivationToken field if non-nil, zero value otherwise.
+
+### GetActivationTokenOk
+
+`func (o *VerifyFactorRequest) GetActivationTokenOk() (*string, bool)`
+
+GetActivationTokenOk returns a tuple with the ActivationToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetActivationToken
+
+`func (o *VerifyFactorRequest) SetActivationToken(v string)`
+
+SetActivationToken sets ActivationToken field to given value.
+
+### HasActivationToken
+
+`func (o *VerifyFactorRequest) HasActivationToken() bool`
+
+HasActivationToken returns a boolean if a field has been set.
+
+### GetAnswer
+
+`func (o *VerifyFactorRequest) GetAnswer() string`
+
+GetAnswer returns the Answer field if non-nil, zero value otherwise.
+
+### GetAnswerOk
+
+`func (o *VerifyFactorRequest) GetAnswerOk() (*string, bool)`
+
+GetAnswerOk returns a tuple with the Answer field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAnswer
+
+`func (o *VerifyFactorRequest) SetAnswer(v string)`
+
+SetAnswer sets Answer field to given value.
+
+### HasAnswer
+
+`func (o *VerifyFactorRequest) HasAnswer() bool`
+
+HasAnswer returns a boolean if a field has been set.
+
+### GetAttestation
+
+`func (o *VerifyFactorRequest) GetAttestation() string`
+
+GetAttestation returns the Attestation field if non-nil, zero value otherwise.
+
+### GetAttestationOk
+
+`func (o *VerifyFactorRequest) GetAttestationOk() (*string, bool)`
+
+GetAttestationOk returns a tuple with the Attestation field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAttestation
+
+`func (o *VerifyFactorRequest) SetAttestation(v string)`
+
+SetAttestation sets Attestation field to given value.
+
+### HasAttestation
+
+`func (o *VerifyFactorRequest) HasAttestation() bool`
+
+HasAttestation returns a boolean if a field has been set.
+
+### GetClientData
+
+`func (o *VerifyFactorRequest) GetClientData() string`
+
+GetClientData returns the ClientData field if non-nil, zero value otherwise.
+
+### GetClientDataOk
+
+`func (o *VerifyFactorRequest) GetClientDataOk() (*string, bool)`
+
+GetClientDataOk returns a tuple with the ClientData field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClientData
+
+`func (o *VerifyFactorRequest) SetClientData(v string)`
+
+SetClientData sets ClientData field to given value.
+
+### HasClientData
+
+`func (o *VerifyFactorRequest) HasClientData() bool`
+
+HasClientData returns a boolean if a field has been set.
+
+### GetNextPassCode
+
+`func (o *VerifyFactorRequest) GetNextPassCode() string`
+
+GetNextPassCode returns the NextPassCode field if non-nil, zero value otherwise.
+
+### GetNextPassCodeOk
+
+`func (o *VerifyFactorRequest) GetNextPassCodeOk() (*string, bool)`
+
+GetNextPassCodeOk returns a tuple with the NextPassCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNextPassCode
+
+`func (o *VerifyFactorRequest) SetNextPassCode(v string)`
+
+SetNextPassCode sets NextPassCode field to given value.
+
+### HasNextPassCode
+
+`func (o *VerifyFactorRequest) HasNextPassCode() bool`
+
+HasNextPassCode returns a boolean if a field has been set.
+
+### GetPassCode
+
+`func (o *VerifyFactorRequest) GetPassCode() string`
+
+GetPassCode returns the PassCode field if non-nil, zero value otherwise.
+
+### GetPassCodeOk
+
+`func (o *VerifyFactorRequest) GetPassCodeOk() (*string, bool)`
+
+GetPassCodeOk returns a tuple with the PassCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPassCode
+
+`func (o *VerifyFactorRequest) SetPassCode(v string)`
+
+SetPassCode sets PassCode field to given value.
+
+### HasPassCode
+
+`func (o *VerifyFactorRequest) HasPassCode() bool`
+
+HasPassCode returns a boolean if a field has been set.
+
+### GetRegistrationData
+
+`func (o *VerifyFactorRequest) GetRegistrationData() string`
+
+GetRegistrationData returns the RegistrationData field if non-nil, zero value otherwise.
+
+### GetRegistrationDataOk
+
+`func (o *VerifyFactorRequest) GetRegistrationDataOk() (*string, bool)`
+
+GetRegistrationDataOk returns a tuple with the RegistrationData field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRegistrationData
+
+`func (o *VerifyFactorRequest) SetRegistrationData(v string)`
+
+SetRegistrationData sets RegistrationData field to given value.
+
+### HasRegistrationData
+
+`func (o *VerifyFactorRequest) HasRegistrationData() bool`
+
+HasRegistrationData returns a boolean if a field has been set.
+
+### GetStateToken
+
+`func (o *VerifyFactorRequest) GetStateToken() string`
+
+GetStateToken returns the StateToken field if non-nil, zero value otherwise.
+
+### GetStateTokenOk
+
+`func (o *VerifyFactorRequest) GetStateTokenOk() (*string, bool)`
+
+GetStateTokenOk returns a tuple with the StateToken field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetStateToken
+
+`func (o *VerifyFactorRequest) SetStateToken(v string)`
+
+SetStateToken sets StateToken field to given value.
+
+### HasStateToken
+
+`func (o *VerifyFactorRequest) HasStateToken() bool`
+
+HasStateToken returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/VerifyUserFactorResponse.md b/okta/docs/VerifyUserFactorResponse.md
new file mode 100644
index 000000000..3983073f4
--- /dev/null
+++ b/okta/docs/VerifyUserFactorResponse.md
@@ -0,0 +1,160 @@
+# VerifyUserFactorResponse
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**ExpiresAt** | Pointer to **time.Time** |  | [optional] [readonly] 
+**FactorResult** | Pointer to [**VerifyUserFactorResult**](VerifyUserFactorResult.md) |  | [optional] 
+**FactorResultMessage** | Pointer to **string** |  | [optional] 
+**Embedded** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+**Links** | Pointer to **map[string]map[string]interface{}** |  | [optional] [readonly] 
+
+## Methods
+
+### NewVerifyUserFactorResponse
+
+`func NewVerifyUserFactorResponse() *VerifyUserFactorResponse`
+
+NewVerifyUserFactorResponse instantiates a new VerifyUserFactorResponse object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewVerifyUserFactorResponseWithDefaults
+
+`func NewVerifyUserFactorResponseWithDefaults() *VerifyUserFactorResponse`
+
+NewVerifyUserFactorResponseWithDefaults instantiates a new VerifyUserFactorResponse object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetExpiresAt
+
+`func (o *VerifyUserFactorResponse) GetExpiresAt() time.Time`
+
+GetExpiresAt returns the ExpiresAt field if non-nil, zero value otherwise.
+
+### GetExpiresAtOk
+
+`func (o *VerifyUserFactorResponse) GetExpiresAtOk() (*time.Time, bool)`
+
+GetExpiresAtOk returns a tuple with the ExpiresAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresAt
+
+`func (o *VerifyUserFactorResponse) SetExpiresAt(v time.Time)`
+
+SetExpiresAt sets ExpiresAt field to given value.
+
+### HasExpiresAt
+
+`func (o *VerifyUserFactorResponse) HasExpiresAt() bool`
+
+HasExpiresAt returns a boolean if a field has been set.
+
+### GetFactorResult
+
+`func (o *VerifyUserFactorResponse) GetFactorResult() VerifyUserFactorResult`
+
+GetFactorResult returns the FactorResult field if non-nil, zero value otherwise.
+
+### GetFactorResultOk
+
+`func (o *VerifyUserFactorResponse) GetFactorResultOk() (*VerifyUserFactorResult, bool)`
+
+GetFactorResultOk returns a tuple with the FactorResult field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorResult
+
+`func (o *VerifyUserFactorResponse) SetFactorResult(v VerifyUserFactorResult)`
+
+SetFactorResult sets FactorResult field to given value.
+
+### HasFactorResult
+
+`func (o *VerifyUserFactorResponse) HasFactorResult() bool`
+
+HasFactorResult returns a boolean if a field has been set.
+
+### GetFactorResultMessage
+
+`func (o *VerifyUserFactorResponse) GetFactorResultMessage() string`
+
+GetFactorResultMessage returns the FactorResultMessage field if non-nil, zero value otherwise.
+
+### GetFactorResultMessageOk
+
+`func (o *VerifyUserFactorResponse) GetFactorResultMessageOk() (*string, bool)`
+
+GetFactorResultMessageOk returns a tuple with the FactorResultMessage field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetFactorResultMessage
+
+`func (o *VerifyUserFactorResponse) SetFactorResultMessage(v string)`
+
+SetFactorResultMessage sets FactorResultMessage field to given value.
+
+### HasFactorResultMessage
+
+`func (o *VerifyUserFactorResponse) HasFactorResultMessage() bool`
+
+HasFactorResultMessage returns a boolean if a field has been set.
+
+### GetEmbedded
+
+`func (o *VerifyUserFactorResponse) GetEmbedded() map[string]map[string]interface{}`
+
+GetEmbedded returns the Embedded field if non-nil, zero value otherwise.
+
+### GetEmbeddedOk
+
+`func (o *VerifyUserFactorResponse) GetEmbeddedOk() (*map[string]map[string]interface{}, bool)`
+
+GetEmbeddedOk returns a tuple with the Embedded field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetEmbedded
+
+`func (o *VerifyUserFactorResponse) SetEmbedded(v map[string]map[string]interface{})`
+
+SetEmbedded sets Embedded field to given value.
+
+### HasEmbedded
+
+`func (o *VerifyUserFactorResponse) HasEmbedded() bool`
+
+HasEmbedded returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *VerifyUserFactorResponse) GetLinks() map[string]map[string]interface{}`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *VerifyUserFactorResponse) GetLinksOk() (*map[string]map[string]interface{}, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *VerifyUserFactorResponse) SetLinks(v map[string]map[string]interface{})`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *VerifyUserFactorResponse) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/VerifyUserFactorResult.md b/okta/docs/VerifyUserFactorResult.md
new file mode 100644
index 000000000..c1d5a66f6
--- /dev/null
+++ b/okta/docs/VerifyUserFactorResult.md
@@ -0,0 +1,29 @@
+# VerifyUserFactorResult
+
+## Enum
+
+
+* `CHALLENGE` (value: `"CHALLENGE"`)
+
+* `ERROR` (value: `"ERROR"`)
+
+* `EXPIRED` (value: `"EXPIRED"`)
+
+* `FAILED` (value: `"FAILED"`)
+
+* `PASSCODE_REPLAYED` (value: `"PASSCODE_REPLAYED"`)
+
+* `REJECTED` (value: `"REJECTED"`)
+
+* `SUCCESS` (value: `"SUCCESS"`)
+
+* `TIMEOUT` (value: `"TIMEOUT"`)
+
+* `TIME_WINDOW_EXCEEDED` (value: `"TIME_WINDOW_EXCEEDED"`)
+
+* `WAITING` (value: `"WAITING"`)
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/VersionObject.md b/okta/docs/VersionObject.md
new file mode 100644
index 000000000..9f4790499
--- /dev/null
+++ b/okta/docs/VersionObject.md
@@ -0,0 +1,56 @@
+# VersionObject
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Minimum** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewVersionObject
+
+`func NewVersionObject() *VersionObject`
+
+NewVersionObject instantiates a new VersionObject object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewVersionObjectWithDefaults
+
+`func NewVersionObjectWithDefaults() *VersionObject`
+
+NewVersionObjectWithDefaults instantiates a new VersionObject object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetMinimum
+
+`func (o *VersionObject) GetMinimum() string`
+
+GetMinimum returns the Minimum field if non-nil, zero value otherwise.
+
+### GetMinimumOk
+
+`func (o *VersionObject) GetMinimumOk() (*string, bool)`
+
+GetMinimumOk returns a tuple with the Minimum field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetMinimum
+
+`func (o *VersionObject) SetMinimum(v string)`
+
+SetMinimum sets Minimum field to given value.
+
+### HasMinimum
+
+`func (o *VersionObject) HasMinimum() bool`
+
+HasMinimum returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WebAuthnUserFactor.md b/okta/docs/WebAuthnUserFactor.md
new file mode 100644
index 000000000..cf6483cc7
--- /dev/null
+++ b/okta/docs/WebAuthnUserFactor.md
@@ -0,0 +1,56 @@
+# WebAuthnUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**WebAuthnUserFactorProfile**](WebAuthnUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewWebAuthnUserFactor
+
+`func NewWebAuthnUserFactor() *WebAuthnUserFactor`
+
+NewWebAuthnUserFactor instantiates a new WebAuthnUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWebAuthnUserFactorWithDefaults
+
+`func NewWebAuthnUserFactorWithDefaults() *WebAuthnUserFactor`
+
+NewWebAuthnUserFactorWithDefaults instantiates a new WebAuthnUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *WebAuthnUserFactor) GetProfile() WebAuthnUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *WebAuthnUserFactor) GetProfileOk() (*WebAuthnUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *WebAuthnUserFactor) SetProfile(v WebAuthnUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *WebAuthnUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WebAuthnUserFactorAllOf.md b/okta/docs/WebAuthnUserFactorAllOf.md
new file mode 100644
index 000000000..07807bada
--- /dev/null
+++ b/okta/docs/WebAuthnUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# WebAuthnUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**WebAuthnUserFactorProfile**](WebAuthnUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewWebAuthnUserFactorAllOf
+
+`func NewWebAuthnUserFactorAllOf() *WebAuthnUserFactorAllOf`
+
+NewWebAuthnUserFactorAllOf instantiates a new WebAuthnUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWebAuthnUserFactorAllOfWithDefaults
+
+`func NewWebAuthnUserFactorAllOfWithDefaults() *WebAuthnUserFactorAllOf`
+
+NewWebAuthnUserFactorAllOfWithDefaults instantiates a new WebAuthnUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *WebAuthnUserFactorAllOf) GetProfile() WebAuthnUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *WebAuthnUserFactorAllOf) GetProfileOk() (*WebAuthnUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *WebAuthnUserFactorAllOf) SetProfile(v WebAuthnUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *WebAuthnUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WebAuthnUserFactorProfile.md b/okta/docs/WebAuthnUserFactorProfile.md
new file mode 100644
index 000000000..6399bd44f
--- /dev/null
+++ b/okta/docs/WebAuthnUserFactorProfile.md
@@ -0,0 +1,82 @@
+# WebAuthnUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AuthenticatorName** | Pointer to **string** |  | [optional] 
+**CredentialId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewWebAuthnUserFactorProfile
+
+`func NewWebAuthnUserFactorProfile() *WebAuthnUserFactorProfile`
+
+NewWebAuthnUserFactorProfile instantiates a new WebAuthnUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWebAuthnUserFactorProfileWithDefaults
+
+`func NewWebAuthnUserFactorProfileWithDefaults() *WebAuthnUserFactorProfile`
+
+NewWebAuthnUserFactorProfileWithDefaults instantiates a new WebAuthnUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAuthenticatorName
+
+`func (o *WebAuthnUserFactorProfile) GetAuthenticatorName() string`
+
+GetAuthenticatorName returns the AuthenticatorName field if non-nil, zero value otherwise.
+
+### GetAuthenticatorNameOk
+
+`func (o *WebAuthnUserFactorProfile) GetAuthenticatorNameOk() (*string, bool)`
+
+GetAuthenticatorNameOk returns a tuple with the AuthenticatorName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthenticatorName
+
+`func (o *WebAuthnUserFactorProfile) SetAuthenticatorName(v string)`
+
+SetAuthenticatorName sets AuthenticatorName field to given value.
+
+### HasAuthenticatorName
+
+`func (o *WebAuthnUserFactorProfile) HasAuthenticatorName() bool`
+
+HasAuthenticatorName returns a boolean if a field has been set.
+
+### GetCredentialId
+
+`func (o *WebAuthnUserFactorProfile) GetCredentialId() string`
+
+GetCredentialId returns the CredentialId field if non-nil, zero value otherwise.
+
+### GetCredentialIdOk
+
+`func (o *WebAuthnUserFactorProfile) GetCredentialIdOk() (*string, bool)`
+
+GetCredentialIdOk returns a tuple with the CredentialId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialId
+
+`func (o *WebAuthnUserFactorProfile) SetCredentialId(v string)`
+
+SetCredentialId sets CredentialId field to given value.
+
+### HasCredentialId
+
+`func (o *WebAuthnUserFactorProfile) HasCredentialId() bool`
+
+HasCredentialId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WebUserFactor.md b/okta/docs/WebUserFactor.md
new file mode 100644
index 000000000..59e9e32fa
--- /dev/null
+++ b/okta/docs/WebUserFactor.md
@@ -0,0 +1,56 @@
+# WebUserFactor
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**WebUserFactorProfile**](WebUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewWebUserFactor
+
+`func NewWebUserFactor() *WebUserFactor`
+
+NewWebUserFactor instantiates a new WebUserFactor object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWebUserFactorWithDefaults
+
+`func NewWebUserFactorWithDefaults() *WebUserFactor`
+
+NewWebUserFactorWithDefaults instantiates a new WebUserFactor object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *WebUserFactor) GetProfile() WebUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *WebUserFactor) GetProfileOk() (*WebUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *WebUserFactor) SetProfile(v WebUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *WebUserFactor) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WebUserFactorAllOf.md b/okta/docs/WebUserFactorAllOf.md
new file mode 100644
index 000000000..2de3e70ad
--- /dev/null
+++ b/okta/docs/WebUserFactorAllOf.md
@@ -0,0 +1,56 @@
+# WebUserFactorAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Profile** | Pointer to [**WebUserFactorProfile**](WebUserFactorProfile.md) |  | [optional] 
+
+## Methods
+
+### NewWebUserFactorAllOf
+
+`func NewWebUserFactorAllOf() *WebUserFactorAllOf`
+
+NewWebUserFactorAllOf instantiates a new WebUserFactorAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWebUserFactorAllOfWithDefaults
+
+`func NewWebUserFactorAllOfWithDefaults() *WebUserFactorAllOf`
+
+NewWebUserFactorAllOfWithDefaults instantiates a new WebUserFactorAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetProfile
+
+`func (o *WebUserFactorAllOf) GetProfile() WebUserFactorProfile`
+
+GetProfile returns the Profile field if non-nil, zero value otherwise.
+
+### GetProfileOk
+
+`func (o *WebUserFactorAllOf) GetProfileOk() (*WebUserFactorProfile, bool)`
+
+GetProfileOk returns a tuple with the Profile field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetProfile
+
+`func (o *WebUserFactorAllOf) SetProfile(v WebUserFactorProfile)`
+
+SetProfile sets Profile field to given value.
+
+### HasProfile
+
+`func (o *WebUserFactorAllOf) HasProfile() bool`
+
+HasProfile returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WebUserFactorProfile.md b/okta/docs/WebUserFactorProfile.md
new file mode 100644
index 000000000..3256a2575
--- /dev/null
+++ b/okta/docs/WebUserFactorProfile.md
@@ -0,0 +1,56 @@
+# WebUserFactorProfile
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**CredentialId** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewWebUserFactorProfile
+
+`func NewWebUserFactorProfile() *WebUserFactorProfile`
+
+NewWebUserFactorProfile instantiates a new WebUserFactorProfile object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWebUserFactorProfileWithDefaults
+
+`func NewWebUserFactorProfileWithDefaults() *WebUserFactorProfile`
+
+NewWebUserFactorProfileWithDefaults instantiates a new WebUserFactorProfile object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentialId
+
+`func (o *WebUserFactorProfile) GetCredentialId() string`
+
+GetCredentialId returns the CredentialId field if non-nil, zero value otherwise.
+
+### GetCredentialIdOk
+
+`func (o *WebUserFactorProfile) GetCredentialIdOk() (*string, bool)`
+
+GetCredentialIdOk returns a tuple with the CredentialId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentialId
+
+`func (o *WebUserFactorProfile) SetCredentialId(v string)`
+
+SetCredentialId sets CredentialId field to given value.
+
+### HasCredentialId
+
+`func (o *WebUserFactorProfile) HasCredentialId() bool`
+
+HasCredentialId returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WellKnownOrgMetadata.md b/okta/docs/WellKnownOrgMetadata.md
new file mode 100644
index 000000000..2cbaf1e70
--- /dev/null
+++ b/okta/docs/WellKnownOrgMetadata.md
@@ -0,0 +1,134 @@
+# WellKnownOrgMetadata
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Id** | Pointer to **string** | The unique identifier of the Org | [optional] 
+**Pipeline** | Pointer to [**PipelineType**](PipelineType.md) |  | [optional] 
+**Settings** | Pointer to [**WellKnownOrgMetadataSettings**](WellKnownOrgMetadataSettings.md) |  | [optional] 
+**Links** | Pointer to [**WellKnownOrgMetadataLinks**](WellKnownOrgMetadataLinks.md) |  | [optional] 
+
+## Methods
+
+### NewWellKnownOrgMetadata
+
+`func NewWellKnownOrgMetadata() *WellKnownOrgMetadata`
+
+NewWellKnownOrgMetadata instantiates a new WellKnownOrgMetadata object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWellKnownOrgMetadataWithDefaults
+
+`func NewWellKnownOrgMetadataWithDefaults() *WellKnownOrgMetadata`
+
+NewWellKnownOrgMetadataWithDefaults instantiates a new WellKnownOrgMetadata object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetId
+
+`func (o *WellKnownOrgMetadata) GetId() string`
+
+GetId returns the Id field if non-nil, zero value otherwise.
+
+### GetIdOk
+
+`func (o *WellKnownOrgMetadata) GetIdOk() (*string, bool)`
+
+GetIdOk returns a tuple with the Id field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetId
+
+`func (o *WellKnownOrgMetadata) SetId(v string)`
+
+SetId sets Id field to given value.
+
+### HasId
+
+`func (o *WellKnownOrgMetadata) HasId() bool`
+
+HasId returns a boolean if a field has been set.
+
+### GetPipeline
+
+`func (o *WellKnownOrgMetadata) GetPipeline() PipelineType`
+
+GetPipeline returns the Pipeline field if non-nil, zero value otherwise.
+
+### GetPipelineOk
+
+`func (o *WellKnownOrgMetadata) GetPipelineOk() (*PipelineType, bool)`
+
+GetPipelineOk returns a tuple with the Pipeline field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetPipeline
+
+`func (o *WellKnownOrgMetadata) SetPipeline(v PipelineType)`
+
+SetPipeline sets Pipeline field to given value.
+
+### HasPipeline
+
+`func (o *WellKnownOrgMetadata) HasPipeline() bool`
+
+HasPipeline returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *WellKnownOrgMetadata) GetSettings() WellKnownOrgMetadataSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *WellKnownOrgMetadata) GetSettingsOk() (*WellKnownOrgMetadataSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *WellKnownOrgMetadata) SetSettings(v WellKnownOrgMetadataSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *WellKnownOrgMetadata) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+### GetLinks
+
+`func (o *WellKnownOrgMetadata) GetLinks() WellKnownOrgMetadataLinks`
+
+GetLinks returns the Links field if non-nil, zero value otherwise.
+
+### GetLinksOk
+
+`func (o *WellKnownOrgMetadata) GetLinksOk() (*WellKnownOrgMetadataLinks, bool)`
+
+GetLinksOk returns a tuple with the Links field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetLinks
+
+`func (o *WellKnownOrgMetadata) SetLinks(v WellKnownOrgMetadataLinks)`
+
+SetLinks sets Links field to given value.
+
+### HasLinks
+
+`func (o *WellKnownOrgMetadata) HasLinks() bool`
+
+HasLinks returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WellKnownOrgMetadataLinks.md b/okta/docs/WellKnownOrgMetadataLinks.md
new file mode 100644
index 000000000..5739f45f7
--- /dev/null
+++ b/okta/docs/WellKnownOrgMetadataLinks.md
@@ -0,0 +1,82 @@
+# WellKnownOrgMetadataLinks
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Alternate** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+**Organization** | Pointer to [**HrefObject**](HrefObject.md) |  | [optional] 
+
+## Methods
+
+### NewWellKnownOrgMetadataLinks
+
+`func NewWellKnownOrgMetadataLinks() *WellKnownOrgMetadataLinks`
+
+NewWellKnownOrgMetadataLinks instantiates a new WellKnownOrgMetadataLinks object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWellKnownOrgMetadataLinksWithDefaults
+
+`func NewWellKnownOrgMetadataLinksWithDefaults() *WellKnownOrgMetadataLinks`
+
+NewWellKnownOrgMetadataLinksWithDefaults instantiates a new WellKnownOrgMetadataLinks object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAlternate
+
+`func (o *WellKnownOrgMetadataLinks) GetAlternate() HrefObject`
+
+GetAlternate returns the Alternate field if non-nil, zero value otherwise.
+
+### GetAlternateOk
+
+`func (o *WellKnownOrgMetadataLinks) GetAlternateOk() (*HrefObject, bool)`
+
+GetAlternateOk returns a tuple with the Alternate field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAlternate
+
+`func (o *WellKnownOrgMetadataLinks) SetAlternate(v HrefObject)`
+
+SetAlternate sets Alternate field to given value.
+
+### HasAlternate
+
+`func (o *WellKnownOrgMetadataLinks) HasAlternate() bool`
+
+HasAlternate returns a boolean if a field has been set.
+
+### GetOrganization
+
+`func (o *WellKnownOrgMetadataLinks) GetOrganization() HrefObject`
+
+GetOrganization returns the Organization field if non-nil, zero value otherwise.
+
+### GetOrganizationOk
+
+`func (o *WellKnownOrgMetadataLinks) GetOrganizationOk() (*HrefObject, bool)`
+
+GetOrganizationOk returns a tuple with the Organization field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOrganization
+
+`func (o *WellKnownOrgMetadataLinks) SetOrganization(v HrefObject)`
+
+SetOrganization sets Organization field to given value.
+
+### HasOrganization
+
+`func (o *WellKnownOrgMetadataLinks) HasOrganization() bool`
+
+HasOrganization returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WellKnownOrgMetadataSettings.md b/okta/docs/WellKnownOrgMetadataSettings.md
new file mode 100644
index 000000000..2068aeb25
--- /dev/null
+++ b/okta/docs/WellKnownOrgMetadataSettings.md
@@ -0,0 +1,108 @@
+# WellKnownOrgMetadataSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AnalyticsCollectionEnabled** | Pointer to **bool** |  | [optional] 
+**BugReportingEnabled** | Pointer to **bool** |  | [optional] 
+**OmEnabled** | Pointer to **bool** | Whether the legacy Okta Mobile application is enabled for the org | [optional] 
+
+## Methods
+
+### NewWellKnownOrgMetadataSettings
+
+`func NewWellKnownOrgMetadataSettings() *WellKnownOrgMetadataSettings`
+
+NewWellKnownOrgMetadataSettings instantiates a new WellKnownOrgMetadataSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWellKnownOrgMetadataSettingsWithDefaults
+
+`func NewWellKnownOrgMetadataSettingsWithDefaults() *WellKnownOrgMetadataSettings`
+
+NewWellKnownOrgMetadataSettingsWithDefaults instantiates a new WellKnownOrgMetadataSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAnalyticsCollectionEnabled
+
+`func (o *WellKnownOrgMetadataSettings) GetAnalyticsCollectionEnabled() bool`
+
+GetAnalyticsCollectionEnabled returns the AnalyticsCollectionEnabled field if non-nil, zero value otherwise.
+
+### GetAnalyticsCollectionEnabledOk
+
+`func (o *WellKnownOrgMetadataSettings) GetAnalyticsCollectionEnabledOk() (*bool, bool)`
+
+GetAnalyticsCollectionEnabledOk returns a tuple with the AnalyticsCollectionEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAnalyticsCollectionEnabled
+
+`func (o *WellKnownOrgMetadataSettings) SetAnalyticsCollectionEnabled(v bool)`
+
+SetAnalyticsCollectionEnabled sets AnalyticsCollectionEnabled field to given value.
+
+### HasAnalyticsCollectionEnabled
+
+`func (o *WellKnownOrgMetadataSettings) HasAnalyticsCollectionEnabled() bool`
+
+HasAnalyticsCollectionEnabled returns a boolean if a field has been set.
+
+### GetBugReportingEnabled
+
+`func (o *WellKnownOrgMetadataSettings) GetBugReportingEnabled() bool`
+
+GetBugReportingEnabled returns the BugReportingEnabled field if non-nil, zero value otherwise.
+
+### GetBugReportingEnabledOk
+
+`func (o *WellKnownOrgMetadataSettings) GetBugReportingEnabledOk() (*bool, bool)`
+
+GetBugReportingEnabledOk returns a tuple with the BugReportingEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetBugReportingEnabled
+
+`func (o *WellKnownOrgMetadataSettings) SetBugReportingEnabled(v bool)`
+
+SetBugReportingEnabled sets BugReportingEnabled field to given value.
+
+### HasBugReportingEnabled
+
+`func (o *WellKnownOrgMetadataSettings) HasBugReportingEnabled() bool`
+
+HasBugReportingEnabled returns a boolean if a field has been set.
+
+### GetOmEnabled
+
+`func (o *WellKnownOrgMetadataSettings) GetOmEnabled() bool`
+
+GetOmEnabled returns the OmEnabled field if non-nil, zero value otherwise.
+
+### GetOmEnabledOk
+
+`func (o *WellKnownOrgMetadataSettings) GetOmEnabledOk() (*bool, bool)`
+
+GetOmEnabledOk returns a tuple with the OmEnabled field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetOmEnabled
+
+`func (o *WellKnownOrgMetadataSettings) SetOmEnabled(v bool)`
+
+SetOmEnabled sets OmEnabled field to given value.
+
+### HasOmEnabled
+
+`func (o *WellKnownOrgMetadataSettings) HasOmEnabled() bool`
+
+HasOmEnabled returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WsFederationApplication.md b/okta/docs/WsFederationApplication.md
new file mode 100644
index 000000000..c36c66026
--- /dev/null
+++ b/okta/docs/WsFederationApplication.md
@@ -0,0 +1,108 @@
+# WsFederationApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "template_wsfed"]
+**Settings** | Pointer to [**WsFederationApplicationSettings**](WsFederationApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewWsFederationApplication
+
+`func NewWsFederationApplication() *WsFederationApplication`
+
+NewWsFederationApplication instantiates a new WsFederationApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWsFederationApplicationWithDefaults
+
+`func NewWsFederationApplicationWithDefaults() *WsFederationApplication`
+
+NewWsFederationApplicationWithDefaults instantiates a new WsFederationApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *WsFederationApplication) GetCredentials() ApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *WsFederationApplication) GetCredentialsOk() (*ApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *WsFederationApplication) SetCredentials(v ApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *WsFederationApplication) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *WsFederationApplication) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *WsFederationApplication) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *WsFederationApplication) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *WsFederationApplication) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *WsFederationApplication) GetSettings() WsFederationApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *WsFederationApplication) GetSettingsOk() (*WsFederationApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *WsFederationApplication) SetSettings(v WsFederationApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *WsFederationApplication) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WsFederationApplicationAllOf.md b/okta/docs/WsFederationApplicationAllOf.md
new file mode 100644
index 000000000..7ddba39e6
--- /dev/null
+++ b/okta/docs/WsFederationApplicationAllOf.md
@@ -0,0 +1,108 @@
+# WsFederationApplicationAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Credentials** | Pointer to [**ApplicationCredentials**](ApplicationCredentials.md) |  | [optional] 
+**Name** | Pointer to **string** |  | [optional] [default to "template_wsfed"]
+**Settings** | Pointer to [**WsFederationApplicationSettings**](WsFederationApplicationSettings.md) |  | [optional] 
+
+## Methods
+
+### NewWsFederationApplicationAllOf
+
+`func NewWsFederationApplicationAllOf() *WsFederationApplicationAllOf`
+
+NewWsFederationApplicationAllOf instantiates a new WsFederationApplicationAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWsFederationApplicationAllOfWithDefaults
+
+`func NewWsFederationApplicationAllOfWithDefaults() *WsFederationApplicationAllOf`
+
+NewWsFederationApplicationAllOfWithDefaults instantiates a new WsFederationApplicationAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetCredentials
+
+`func (o *WsFederationApplicationAllOf) GetCredentials() ApplicationCredentials`
+
+GetCredentials returns the Credentials field if non-nil, zero value otherwise.
+
+### GetCredentialsOk
+
+`func (o *WsFederationApplicationAllOf) GetCredentialsOk() (*ApplicationCredentials, bool)`
+
+GetCredentialsOk returns a tuple with the Credentials field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetCredentials
+
+`func (o *WsFederationApplicationAllOf) SetCredentials(v ApplicationCredentials)`
+
+SetCredentials sets Credentials field to given value.
+
+### HasCredentials
+
+`func (o *WsFederationApplicationAllOf) HasCredentials() bool`
+
+HasCredentials returns a boolean if a field has been set.
+
+### GetName
+
+`func (o *WsFederationApplicationAllOf) GetName() string`
+
+GetName returns the Name field if non-nil, zero value otherwise.
+
+### GetNameOk
+
+`func (o *WsFederationApplicationAllOf) GetNameOk() (*string, bool)`
+
+GetNameOk returns a tuple with the Name field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetName
+
+`func (o *WsFederationApplicationAllOf) SetName(v string)`
+
+SetName sets Name field to given value.
+
+### HasName
+
+`func (o *WsFederationApplicationAllOf) HasName() bool`
+
+HasName returns a boolean if a field has been set.
+
+### GetSettings
+
+`func (o *WsFederationApplicationAllOf) GetSettings() WsFederationApplicationSettings`
+
+GetSettings returns the Settings field if non-nil, zero value otherwise.
+
+### GetSettingsOk
+
+`func (o *WsFederationApplicationAllOf) GetSettingsOk() (*WsFederationApplicationSettings, bool)`
+
+GetSettingsOk returns a tuple with the Settings field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSettings
+
+`func (o *WsFederationApplicationAllOf) SetSettings(v WsFederationApplicationSettings)`
+
+SetSettings sets Settings field to given value.
+
+### HasSettings
+
+`func (o *WsFederationApplicationAllOf) HasSettings() bool`
+
+HasSettings returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WsFederationApplicationSettings.md b/okta/docs/WsFederationApplicationSettings.md
new file mode 100644
index 000000000..0e2ab2e47
--- /dev/null
+++ b/okta/docs/WsFederationApplicationSettings.md
@@ -0,0 +1,186 @@
+# WsFederationApplicationSettings
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**IdentityStoreId** | Pointer to **string** |  | [optional] 
+**ImplicitAssignment** | Pointer to **bool** |  | [optional] 
+**InlineHookId** | Pointer to **string** |  | [optional] 
+**Notes** | Pointer to [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) |  | [optional] 
+**Notifications** | Pointer to [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) |  | [optional] 
+**App** | Pointer to [**WsFederationApplicationSettingsApplication**](WsFederationApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewWsFederationApplicationSettings
+
+`func NewWsFederationApplicationSettings() *WsFederationApplicationSettings`
+
+NewWsFederationApplicationSettings instantiates a new WsFederationApplicationSettings object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWsFederationApplicationSettingsWithDefaults
+
+`func NewWsFederationApplicationSettingsWithDefaults() *WsFederationApplicationSettings`
+
+NewWsFederationApplicationSettingsWithDefaults instantiates a new WsFederationApplicationSettings object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetIdentityStoreId
+
+`func (o *WsFederationApplicationSettings) GetIdentityStoreId() string`
+
+GetIdentityStoreId returns the IdentityStoreId field if non-nil, zero value otherwise.
+
+### GetIdentityStoreIdOk
+
+`func (o *WsFederationApplicationSettings) GetIdentityStoreIdOk() (*string, bool)`
+
+GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetIdentityStoreId
+
+`func (o *WsFederationApplicationSettings) SetIdentityStoreId(v string)`
+
+SetIdentityStoreId sets IdentityStoreId field to given value.
+
+### HasIdentityStoreId
+
+`func (o *WsFederationApplicationSettings) HasIdentityStoreId() bool`
+
+HasIdentityStoreId returns a boolean if a field has been set.
+
+### GetImplicitAssignment
+
+`func (o *WsFederationApplicationSettings) GetImplicitAssignment() bool`
+
+GetImplicitAssignment returns the ImplicitAssignment field if non-nil, zero value otherwise.
+
+### GetImplicitAssignmentOk
+
+`func (o *WsFederationApplicationSettings) GetImplicitAssignmentOk() (*bool, bool)`
+
+GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetImplicitAssignment
+
+`func (o *WsFederationApplicationSettings) SetImplicitAssignment(v bool)`
+
+SetImplicitAssignment sets ImplicitAssignment field to given value.
+
+### HasImplicitAssignment
+
+`func (o *WsFederationApplicationSettings) HasImplicitAssignment() bool`
+
+HasImplicitAssignment returns a boolean if a field has been set.
+
+### GetInlineHookId
+
+`func (o *WsFederationApplicationSettings) GetInlineHookId() string`
+
+GetInlineHookId returns the InlineHookId field if non-nil, zero value otherwise.
+
+### GetInlineHookIdOk
+
+`func (o *WsFederationApplicationSettings) GetInlineHookIdOk() (*string, bool)`
+
+GetInlineHookIdOk returns a tuple with the InlineHookId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInlineHookId
+
+`func (o *WsFederationApplicationSettings) SetInlineHookId(v string)`
+
+SetInlineHookId sets InlineHookId field to given value.
+
+### HasInlineHookId
+
+`func (o *WsFederationApplicationSettings) HasInlineHookId() bool`
+
+HasInlineHookId returns a boolean if a field has been set.
+
+### GetNotes
+
+`func (o *WsFederationApplicationSettings) GetNotes() ApplicationSettingsNotes`
+
+GetNotes returns the Notes field if non-nil, zero value otherwise.
+
+### GetNotesOk
+
+`func (o *WsFederationApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool)`
+
+GetNotesOk returns a tuple with the Notes field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotes
+
+`func (o *WsFederationApplicationSettings) SetNotes(v ApplicationSettingsNotes)`
+
+SetNotes sets Notes field to given value.
+
+### HasNotes
+
+`func (o *WsFederationApplicationSettings) HasNotes() bool`
+
+HasNotes returns a boolean if a field has been set.
+
+### GetNotifications
+
+`func (o *WsFederationApplicationSettings) GetNotifications() ApplicationSettingsNotifications`
+
+GetNotifications returns the Notifications field if non-nil, zero value otherwise.
+
+### GetNotificationsOk
+
+`func (o *WsFederationApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool)`
+
+GetNotificationsOk returns a tuple with the Notifications field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNotifications
+
+`func (o *WsFederationApplicationSettings) SetNotifications(v ApplicationSettingsNotifications)`
+
+SetNotifications sets Notifications field to given value.
+
+### HasNotifications
+
+`func (o *WsFederationApplicationSettings) HasNotifications() bool`
+
+HasNotifications returns a boolean if a field has been set.
+
+### GetApp
+
+`func (o *WsFederationApplicationSettings) GetApp() WsFederationApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *WsFederationApplicationSettings) GetAppOk() (*WsFederationApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *WsFederationApplicationSettings) SetApp(v WsFederationApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *WsFederationApplicationSettings) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WsFederationApplicationSettingsAllOf.md b/okta/docs/WsFederationApplicationSettingsAllOf.md
new file mode 100644
index 000000000..0353a5fdb
--- /dev/null
+++ b/okta/docs/WsFederationApplicationSettingsAllOf.md
@@ -0,0 +1,56 @@
+# WsFederationApplicationSettingsAllOf
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**App** | Pointer to [**WsFederationApplicationSettingsApplication**](WsFederationApplicationSettingsApplication.md) |  | [optional] 
+
+## Methods
+
+### NewWsFederationApplicationSettingsAllOf
+
+`func NewWsFederationApplicationSettingsAllOf() *WsFederationApplicationSettingsAllOf`
+
+NewWsFederationApplicationSettingsAllOf instantiates a new WsFederationApplicationSettingsAllOf object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWsFederationApplicationSettingsAllOfWithDefaults
+
+`func NewWsFederationApplicationSettingsAllOfWithDefaults() *WsFederationApplicationSettingsAllOf`
+
+NewWsFederationApplicationSettingsAllOfWithDefaults instantiates a new WsFederationApplicationSettingsAllOf object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetApp
+
+`func (o *WsFederationApplicationSettingsAllOf) GetApp() WsFederationApplicationSettingsApplication`
+
+GetApp returns the App field if non-nil, zero value otherwise.
+
+### GetAppOk
+
+`func (o *WsFederationApplicationSettingsAllOf) GetAppOk() (*WsFederationApplicationSettingsApplication, bool)`
+
+GetAppOk returns a tuple with the App field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetApp
+
+`func (o *WsFederationApplicationSettingsAllOf) SetApp(v WsFederationApplicationSettingsApplication)`
+
+SetApp sets App field to given value.
+
+### HasApp
+
+`func (o *WsFederationApplicationSettingsAllOf) HasApp() bool`
+
+HasApp returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/docs/WsFederationApplicationSettingsApplication.md b/okta/docs/WsFederationApplicationSettingsApplication.md
new file mode 100644
index 000000000..327c2ea6f
--- /dev/null
+++ b/okta/docs/WsFederationApplicationSettingsApplication.md
@@ -0,0 +1,342 @@
+# WsFederationApplicationSettingsApplication
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**AttributeStatements** | Pointer to **string** |  | [optional] 
+**AudienceRestriction** | Pointer to **string** |  | [optional] 
+**AuthnContextClassRef** | Pointer to **string** |  | [optional] 
+**GroupFilter** | Pointer to **string** |  | [optional] 
+**GroupName** | Pointer to **string** |  | [optional] 
+**GroupValueFormat** | Pointer to **string** |  | [optional] 
+**NameIDFormat** | Pointer to **string** |  | [optional] 
+**Realm** | Pointer to **string** |  | [optional] 
+**SiteURL** | Pointer to **string** |  | [optional] 
+**UsernameAttribute** | Pointer to **string** |  | [optional] 
+**WReplyOverride** | Pointer to **bool** |  | [optional] 
+**WReplyURL** | Pointer to **string** |  | [optional] 
+
+## Methods
+
+### NewWsFederationApplicationSettingsApplication
+
+`func NewWsFederationApplicationSettingsApplication() *WsFederationApplicationSettingsApplication`
+
+NewWsFederationApplicationSettingsApplication instantiates a new WsFederationApplicationSettingsApplication object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewWsFederationApplicationSettingsApplicationWithDefaults
+
+`func NewWsFederationApplicationSettingsApplicationWithDefaults() *WsFederationApplicationSettingsApplication`
+
+NewWsFederationApplicationSettingsApplicationWithDefaults instantiates a new WsFederationApplicationSettingsApplication object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAttributeStatements
+
+`func (o *WsFederationApplicationSettingsApplication) GetAttributeStatements() string`
+
+GetAttributeStatements returns the AttributeStatements field if non-nil, zero value otherwise.
+
+### GetAttributeStatementsOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetAttributeStatementsOk() (*string, bool)`
+
+GetAttributeStatementsOk returns a tuple with the AttributeStatements field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAttributeStatements
+
+`func (o *WsFederationApplicationSettingsApplication) SetAttributeStatements(v string)`
+
+SetAttributeStatements sets AttributeStatements field to given value.
+
+### HasAttributeStatements
+
+`func (o *WsFederationApplicationSettingsApplication) HasAttributeStatements() bool`
+
+HasAttributeStatements returns a boolean if a field has been set.
+
+### GetAudienceRestriction
+
+`func (o *WsFederationApplicationSettingsApplication) GetAudienceRestriction() string`
+
+GetAudienceRestriction returns the AudienceRestriction field if non-nil, zero value otherwise.
+
+### GetAudienceRestrictionOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetAudienceRestrictionOk() (*string, bool)`
+
+GetAudienceRestrictionOk returns a tuple with the AudienceRestriction field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAudienceRestriction
+
+`func (o *WsFederationApplicationSettingsApplication) SetAudienceRestriction(v string)`
+
+SetAudienceRestriction sets AudienceRestriction field to given value.
+
+### HasAudienceRestriction
+
+`func (o *WsFederationApplicationSettingsApplication) HasAudienceRestriction() bool`
+
+HasAudienceRestriction returns a boolean if a field has been set.
+
+### GetAuthnContextClassRef
+
+`func (o *WsFederationApplicationSettingsApplication) GetAuthnContextClassRef() string`
+
+GetAuthnContextClassRef returns the AuthnContextClassRef field if non-nil, zero value otherwise.
+
+### GetAuthnContextClassRefOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetAuthnContextClassRefOk() (*string, bool)`
+
+GetAuthnContextClassRefOk returns a tuple with the AuthnContextClassRef field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAuthnContextClassRef
+
+`func (o *WsFederationApplicationSettingsApplication) SetAuthnContextClassRef(v string)`
+
+SetAuthnContextClassRef sets AuthnContextClassRef field to given value.
+
+### HasAuthnContextClassRef
+
+`func (o *WsFederationApplicationSettingsApplication) HasAuthnContextClassRef() bool`
+
+HasAuthnContextClassRef returns a boolean if a field has been set.
+
+### GetGroupFilter
+
+`func (o *WsFederationApplicationSettingsApplication) GetGroupFilter() string`
+
+GetGroupFilter returns the GroupFilter field if non-nil, zero value otherwise.
+
+### GetGroupFilterOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetGroupFilterOk() (*string, bool)`
+
+GetGroupFilterOk returns a tuple with the GroupFilter field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroupFilter
+
+`func (o *WsFederationApplicationSettingsApplication) SetGroupFilter(v string)`
+
+SetGroupFilter sets GroupFilter field to given value.
+
+### HasGroupFilter
+
+`func (o *WsFederationApplicationSettingsApplication) HasGroupFilter() bool`
+
+HasGroupFilter returns a boolean if a field has been set.
+
+### GetGroupName
+
+`func (o *WsFederationApplicationSettingsApplication) GetGroupName() string`
+
+GetGroupName returns the GroupName field if non-nil, zero value otherwise.
+
+### GetGroupNameOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetGroupNameOk() (*string, bool)`
+
+GetGroupNameOk returns a tuple with the GroupName field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroupName
+
+`func (o *WsFederationApplicationSettingsApplication) SetGroupName(v string)`
+
+SetGroupName sets GroupName field to given value.
+
+### HasGroupName
+
+`func (o *WsFederationApplicationSettingsApplication) HasGroupName() bool`
+
+HasGroupName returns a boolean if a field has been set.
+
+### GetGroupValueFormat
+
+`func (o *WsFederationApplicationSettingsApplication) GetGroupValueFormat() string`
+
+GetGroupValueFormat returns the GroupValueFormat field if non-nil, zero value otherwise.
+
+### GetGroupValueFormatOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetGroupValueFormatOk() (*string, bool)`
+
+GetGroupValueFormatOk returns a tuple with the GroupValueFormat field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetGroupValueFormat
+
+`func (o *WsFederationApplicationSettingsApplication) SetGroupValueFormat(v string)`
+
+SetGroupValueFormat sets GroupValueFormat field to given value.
+
+### HasGroupValueFormat
+
+`func (o *WsFederationApplicationSettingsApplication) HasGroupValueFormat() bool`
+
+HasGroupValueFormat returns a boolean if a field has been set.
+
+### GetNameIDFormat
+
+`func (o *WsFederationApplicationSettingsApplication) GetNameIDFormat() string`
+
+GetNameIDFormat returns the NameIDFormat field if non-nil, zero value otherwise.
+
+### GetNameIDFormatOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetNameIDFormatOk() (*string, bool)`
+
+GetNameIDFormatOk returns a tuple with the NameIDFormat field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetNameIDFormat
+
+`func (o *WsFederationApplicationSettingsApplication) SetNameIDFormat(v string)`
+
+SetNameIDFormat sets NameIDFormat field to given value.
+
+### HasNameIDFormat
+
+`func (o *WsFederationApplicationSettingsApplication) HasNameIDFormat() bool`
+
+HasNameIDFormat returns a boolean if a field has been set.
+
+### GetRealm
+
+`func (o *WsFederationApplicationSettingsApplication) GetRealm() string`
+
+GetRealm returns the Realm field if non-nil, zero value otherwise.
+
+### GetRealmOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetRealmOk() (*string, bool)`
+
+GetRealmOk returns a tuple with the Realm field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRealm
+
+`func (o *WsFederationApplicationSettingsApplication) SetRealm(v string)`
+
+SetRealm sets Realm field to given value.
+
+### HasRealm
+
+`func (o *WsFederationApplicationSettingsApplication) HasRealm() bool`
+
+HasRealm returns a boolean if a field has been set.
+
+### GetSiteURL
+
+`func (o *WsFederationApplicationSettingsApplication) GetSiteURL() string`
+
+GetSiteURL returns the SiteURL field if non-nil, zero value otherwise.
+
+### GetSiteURLOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetSiteURLOk() (*string, bool)`
+
+GetSiteURLOk returns a tuple with the SiteURL field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSiteURL
+
+`func (o *WsFederationApplicationSettingsApplication) SetSiteURL(v string)`
+
+SetSiteURL sets SiteURL field to given value.
+
+### HasSiteURL
+
+`func (o *WsFederationApplicationSettingsApplication) HasSiteURL() bool`
+
+HasSiteURL returns a boolean if a field has been set.
+
+### GetUsernameAttribute
+
+`func (o *WsFederationApplicationSettingsApplication) GetUsernameAttribute() string`
+
+GetUsernameAttribute returns the UsernameAttribute field if non-nil, zero value otherwise.
+
+### GetUsernameAttributeOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetUsernameAttributeOk() (*string, bool)`
+
+GetUsernameAttributeOk returns a tuple with the UsernameAttribute field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUsernameAttribute
+
+`func (o *WsFederationApplicationSettingsApplication) SetUsernameAttribute(v string)`
+
+SetUsernameAttribute sets UsernameAttribute field to given value.
+
+### HasUsernameAttribute
+
+`func (o *WsFederationApplicationSettingsApplication) HasUsernameAttribute() bool`
+
+HasUsernameAttribute returns a boolean if a field has been set.
+
+### GetWReplyOverride
+
+`func (o *WsFederationApplicationSettingsApplication) GetWReplyOverride() bool`
+
+GetWReplyOverride returns the WReplyOverride field if non-nil, zero value otherwise.
+
+### GetWReplyOverrideOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetWReplyOverrideOk() (*bool, bool)`
+
+GetWReplyOverrideOk returns a tuple with the WReplyOverride field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWReplyOverride
+
+`func (o *WsFederationApplicationSettingsApplication) SetWReplyOverride(v bool)`
+
+SetWReplyOverride sets WReplyOverride field to given value.
+
+### HasWReplyOverride
+
+`func (o *WsFederationApplicationSettingsApplication) HasWReplyOverride() bool`
+
+HasWReplyOverride returns a boolean if a field has been set.
+
+### GetWReplyURL
+
+`func (o *WsFederationApplicationSettingsApplication) GetWReplyURL() string`
+
+GetWReplyURL returns the WReplyURL field if non-nil, zero value otherwise.
+
+### GetWReplyURLOk
+
+`func (o *WsFederationApplicationSettingsApplication) GetWReplyURLOk() (*string, bool)`
+
+GetWReplyURLOk returns a tuple with the WReplyURL field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetWReplyURL
+
+`func (o *WsFederationApplicationSettingsApplication) SetWReplyURL(v string)`
+
+SetWReplyURL sets WReplyURL field to given value.
+
+### HasWReplyURL
+
+`func (o *WsFederationApplicationSettingsApplication) HasWReplyURL() bool`
+
+HasWReplyURL returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/okta/domain.go b/okta/domain.go
deleted file mode 100644
index 292b2d766..000000000
--- a/okta/domain.go
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-)
-
-type DomainResource resource
-
-type Domain struct {
-	CertificateSourceType string                     `json:"certificateSourceType,omitempty"`
-	DnsRecords            []*DNSRecord               `json:"dnsRecords,omitempty"`
-	Domain                string                     `json:"domain,omitempty"`
-	Id                    string                     `json:"id,omitempty"`
-	PublicCertificate     *DomainCertificateMetadata `json:"publicCertificate,omitempty"`
-	ValidationStatus      string                     `json:"validationStatus,omitempty"`
-}
-
-// List all verified custom Domains for the org.
-func (m *DomainResource) ListDomains(ctx context.Context) (*DomainListResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/domains")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var domainListResponse *DomainListResponse
-
-	resp, err := rq.Do(ctx, req, &domainListResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return domainListResponse, resp, nil
-}
-
-// Creates your domain.
-func (m *DomainResource) CreateDomain(ctx context.Context, body Domain) (*Domain, *Response, error) {
-	url := fmt.Sprintf("/api/v1/domains")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var domain *Domain
-
-	resp, err := rq.Do(ctx, req, &domain)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return domain, resp, nil
-}
-
-// Deletes a Domain by &#x60;id&#x60;.
-func (m *DomainResource) DeleteDomain(ctx context.Context, domainId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/domains/%v", domainId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches a Domain by &#x60;id&#x60;.
-func (m *DomainResource) GetDomain(ctx context.Context, domainId string) (*Domain, *Response, error) {
-	url := fmt.Sprintf("/api/v1/domains/%v", domainId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var domain *Domain
-
-	resp, err := rq.Do(ctx, req, &domain)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return domain, resp, nil
-}
-
-// Creates the Certificate for the Domain.
-func (m *DomainResource) CreateCertificate(ctx context.Context, domainId string, body DomainCertificate) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/domains/%v/certificate", domainId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Verifies the Domain by &#x60;id&#x60;.
-func (m *DomainResource) VerifyDomain(ctx context.Context, domainId string) (*Domain, *Response, error) {
-	url := fmt.Sprintf("/api/v1/domains/%v/verify", domainId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var domain *Domain
-
-	resp, err := rq.Do(ctx, req, &domain)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return domain, resp, nil
-}
diff --git a/okta/domainCertificate.go b/okta/domainCertificate.go
deleted file mode 100644
index 3dec7e42d..000000000
--- a/okta/domainCertificate.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DomainCertificateResource resource
-
-type DomainCertificate struct {
-	Certificate      string `json:"certificate,omitempty"`
-	CertificateChain string `json:"certificateChain,omitempty"`
-	PrivateKey       string `json:"privateKey,omitempty"`
-	Type             string `json:"type,omitempty"`
-}
diff --git a/okta/domainCertificateMetadata.go b/okta/domainCertificateMetadata.go
deleted file mode 100644
index 9f5f19706..000000000
--- a/okta/domainCertificateMetadata.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DomainCertificateMetadata struct {
-	Expiration  string `json:"expiration,omitempty"`
-	Fingerprint string `json:"fingerprint,omitempty"`
-	Subject     string `json:"subject,omitempty"`
-}
diff --git a/okta/domainCertificateSourceType.go b/okta/domainCertificateSourceType.go
deleted file mode 100644
index 2dd40197b..000000000
--- a/okta/domainCertificateSourceType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DomainCertificateSourceType string
diff --git a/okta/domainCertificateType.go b/okta/domainCertificateType.go
deleted file mode 100644
index 4801b6688..000000000
--- a/okta/domainCertificateType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DomainCertificateType string
diff --git a/okta/domainListResponse.go b/okta/domainListResponse.go
deleted file mode 100644
index 09ad11d16..000000000
--- a/okta/domainListResponse.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DomainListResponse struct {
-	Domains []*Domain `json:"domains,omitempty"`
-}
diff --git a/okta/domainValidationStatus.go b/okta/domainValidationStatus.go
deleted file mode 100644
index d83ccf63b..000000000
--- a/okta/domainValidationStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type DomainValidationStatus string
diff --git a/okta/duration.go b/okta/duration.go
deleted file mode 100644
index 79ed12460..000000000
--- a/okta/duration.go
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type Duration struct {
-	Number    int64  `json:"-"`
-	NumberPtr *int64 `json:"number,omitempty"`
-	Unit      string `json:"unit,omitempty"`
-}
-
-func NewDuration() *Duration {
-	return &Duration{}
-}
-
-func (a *Duration) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *Duration) MarshalJSON() ([]byte, error) {
-	type Alias Duration
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Number != 0 {
-		result.NumberPtr = Int64Ptr(a.Number)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *Duration) UnmarshalJSON(data []byte) error {
-	type Alias Duration
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.NumberPtr != nil {
-		a.Number = *result.NumberPtr
-		a.NumberPtr = result.NumberPtr
-	}
-	return nil
-}
diff --git a/okta/emailTemplate.go b/okta/emailTemplate.go
deleted file mode 100644
index b4cea04fe..000000000
--- a/okta/emailTemplate.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-)
-
-type EmailTemplateResource resource
-
-type EmailTemplate struct {
-	Links interface{} `json:"_links,omitempty"`
-	Name  string      `json:"name,omitempty"`
-}
-
-// Fetch an email template by templateName
-func (m *EmailTemplateResource) GetEmailTemplate(ctx context.Context, brandId string, templateName string) (*EmailTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/templates/email/%v", brandId, templateName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var emailTemplate *EmailTemplate
-
-	resp, err := rq.Do(ctx, req, &emailTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return emailTemplate, resp, nil
-}
diff --git a/okta/emailTemplateContent.go b/okta/emailTemplateContent.go
deleted file mode 100644
index fb89d505e..000000000
--- a/okta/emailTemplateContent.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EmailTemplateContent struct {
-	Links       interface{} `json:"_links,omitempty"`
-	Body        string      `json:"body,omitempty"`
-	FromAddress string      `json:"fromAddress,omitempty"`
-	FromName    string      `json:"fromName,omitempty"`
-	Subject     string      `json:"subject,omitempty"`
-}
diff --git a/okta/emailTemplateCustomization.go b/okta/emailTemplateCustomization.go
deleted file mode 100644
index 9b69f7ba4..000000000
--- a/okta/emailTemplateCustomization.go
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type EmailTemplateCustomization struct {
-	Links       interface{} `json:"_links,omitempty"`
-	Body        string      `json:"body,omitempty"`
-	Created     *time.Time  `json:"created,omitempty"`
-	Id          string      `json:"id,omitempty"`
-	IsDefault   *bool       `json:"isDefault,omitempty"`
-	Language    string      `json:"language,omitempty"`
-	LastUpdated *time.Time  `json:"lastUpdated,omitempty"`
-	Subject     string      `json:"subject,omitempty"`
-}
diff --git a/okta/emailTemplateCustomizationRequest.go b/okta/emailTemplateCustomizationRequest.go
deleted file mode 100644
index c38a24011..000000000
--- a/okta/emailTemplateCustomizationRequest.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EmailTemplateCustomizationRequest struct {
-	Body      string `json:"body,omitempty"`
-	IsDefault *bool  `json:"isDefault,omitempty"`
-	Language  string `json:"language,omitempty"`
-	Subject   string `json:"subject,omitempty"`
-}
diff --git a/okta/emailTemplateTestRequest.go b/okta/emailTemplateTestRequest.go
deleted file mode 100644
index 18226ca53..000000000
--- a/okta/emailTemplateTestRequest.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EmailTemplateTestRequest struct {
-	CustomizationId string `json:"customizationId,omitempty"`
-}
diff --git a/okta/emailTemplateTouchPointVariant.go b/okta/emailTemplateTouchPointVariant.go
deleted file mode 100644
index 76f44b4f0..000000000
--- a/okta/emailTemplateTouchPointVariant.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EmailTemplateTouchPointVariant string
diff --git a/okta/emailUserFactor.go b/okta/emailUserFactor.go
deleted file mode 100644
index 580d07394..000000000
--- a/okta/emailUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type EmailUserFactor struct {
-	Embedded    interface{}             `json:"_embedded,omitempty"`
-	Links       interface{}             `json:"_links,omitempty"`
-	Created     *time.Time              `json:"created,omitempty"`
-	FactorType  string                  `json:"factorType,omitempty"`
-	Id          string                  `json:"id,omitempty"`
-	LastUpdated *time.Time              `json:"lastUpdated,omitempty"`
-	Provider    string                  `json:"provider,omitempty"`
-	Status      string                  `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest    `json:"verify,omitempty"`
-	Profile     *EmailUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewEmailUserFactor() *EmailUserFactor {
-	return &EmailUserFactor{
-		FactorType: "email",
-	}
-}
-
-func (a *EmailUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/emailUserFactorProfile.go b/okta/emailUserFactorProfile.go
deleted file mode 100644
index 8b8b455e3..000000000
--- a/okta/emailUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EmailUserFactorProfile struct {
-	Email string `json:"email,omitempty"`
-}
-
-func NewEmailUserFactorProfile() *EmailUserFactorProfile {
-	return &EmailUserFactorProfile{}
-}
-
-func (a *EmailUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/enabledStatus.go b/okta/enabledStatus.go
deleted file mode 100644
index 6253be8fb..000000000
--- a/okta/enabledStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EnabledStatus string
diff --git a/okta/endUserDashboardTouchPointVariant.go b/okta/endUserDashboardTouchPointVariant.go
deleted file mode 100644
index c6597da33..000000000
--- a/okta/endUserDashboardTouchPointVariant.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EndUserDashboardTouchPointVariant string
diff --git a/okta/error.go b/okta/error.go
deleted file mode 100644
index c14cc1c5e..000000000
--- a/okta/error.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package okta
-
-import (
-	"fmt"
-	"strings"
-)
-
-type Error struct {
-	ErrorMessage     string                   `json:"error"`
-	ErrorDescription string                   `json:"error_description"`
-	ErrorCode        string                   `json:"errorCode,omitempty"`
-	ErrorSummary     string                   `json:"errorSummary,omitempty" toml:"error_description"`
-	ErrorLink        string                   `json:"errorLink,omitempty"`
-	ErrorId          string                   `json:"errorId,omitempty"`
-	ErrorCauses      []map[string]interface{} `json:"errorCauses,omitempty"`
-}
-
-func (e *Error) Error() string {
-	formattedErr := "the API returned an unknown error"
-	if e.ErrorDescription != "" {
-		formattedErr = fmt.Sprintf("the API returned an error: %s", e.ErrorDescription)
-	} else if e.ErrorSummary != "" {
-		formattedErr = fmt.Sprintf("the API returned an error: %s", e.ErrorSummary)
-	}
-	if len(e.ErrorCauses) > 0 {
-		var causes []string
-		for _, cause := range e.ErrorCauses {
-			for key, val := range cause {
-				causes = append(causes, fmt.Sprintf("%s: %v", key, val))
-			}
-		}
-		formattedErr = fmt.Sprintf("%s. Causes: %s", formattedErr, strings.Join(causes, ", "))
-	}
-	return formattedErr
-}
diff --git a/okta/errorPageTouchPointVariant.go b/okta/errorPageTouchPointVariant.go
deleted file mode 100644
index 4c3eda87d..000000000
--- a/okta/errorPageTouchPointVariant.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ErrorPageTouchPointVariant string
diff --git a/okta/eventHook.go b/okta/eventHook.go
deleted file mode 100644
index 0185afb3e..000000000
--- a/okta/eventHook.go
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-)
-
-type EventHookResource resource
-
-type EventHook struct {
-	Links              interface{}         `json:"_links,omitempty"`
-	Channel            *EventHookChannel   `json:"channel,omitempty"`
-	Created            *time.Time          `json:"created,omitempty"`
-	CreatedBy          string              `json:"createdBy,omitempty"`
-	Events             *EventSubscriptions `json:"events,omitempty"`
-	Id                 string              `json:"id,omitempty"`
-	LastUpdated        *time.Time          `json:"lastUpdated,omitempty"`
-	Name               string              `json:"name,omitempty"`
-	Status             string              `json:"status,omitempty"`
-	VerificationStatus string              `json:"verificationStatus,omitempty"`
-}
-
-func (m *EventHookResource) CreateEventHook(ctx context.Context, body EventHook) (*EventHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var eventHook *EventHook
-
-	resp, err := rq.Do(ctx, req, &eventHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return eventHook, resp, nil
-}
-
-func (m *EventHookResource) GetEventHook(ctx context.Context, eventHookId string) (*EventHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks/%v", eventHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var eventHook *EventHook
-
-	resp, err := rq.Do(ctx, req, &eventHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return eventHook, resp, nil
-}
-
-func (m *EventHookResource) UpdateEventHook(ctx context.Context, eventHookId string, body EventHook) (*EventHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks/%v", eventHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var eventHook *EventHook
-
-	resp, err := rq.Do(ctx, req, &eventHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return eventHook, resp, nil
-}
-
-func (m *EventHookResource) DeleteEventHook(ctx context.Context, eventHookId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks/%v", eventHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *EventHookResource) ListEventHooks(ctx context.Context) ([]*EventHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var eventHook []*EventHook
-
-	resp, err := rq.Do(ctx, req, &eventHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return eventHook, resp, nil
-}
-
-func (m *EventHookResource) ActivateEventHook(ctx context.Context, eventHookId string) (*EventHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks/%v/lifecycle/activate", eventHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var eventHook *EventHook
-
-	resp, err := rq.Do(ctx, req, &eventHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return eventHook, resp, nil
-}
-
-func (m *EventHookResource) DeactivateEventHook(ctx context.Context, eventHookId string) (*EventHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks/%v/lifecycle/deactivate", eventHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var eventHook *EventHook
-
-	resp, err := rq.Do(ctx, req, &eventHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return eventHook, resp, nil
-}
-
-func (m *EventHookResource) VerifyEventHook(ctx context.Context, eventHookId string) (*EventHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/eventHooks/%v/lifecycle/verify", eventHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var eventHook *EventHook
-
-	resp, err := rq.Do(ctx, req, &eventHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return eventHook, resp, nil
-}
diff --git a/okta/eventHookChannel.go b/okta/eventHookChannel.go
deleted file mode 100644
index 84a240cc2..000000000
--- a/okta/eventHookChannel.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EventHookChannel struct {
-	Config  *EventHookChannelConfig `json:"config,omitempty"`
-	Type    string                  `json:"type,omitempty"`
-	Version string                  `json:"version,omitempty"`
-}
diff --git a/okta/eventHookChannelConfig.go b/okta/eventHookChannelConfig.go
deleted file mode 100644
index 2a08470a2..000000000
--- a/okta/eventHookChannelConfig.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EventHookChannelConfig struct {
-	AuthScheme *EventHookChannelConfigAuthScheme `json:"authScheme,omitempty"`
-	Headers    []*EventHookChannelConfigHeader   `json:"headers,omitempty"`
-	Uri        string                            `json:"uri,omitempty"`
-}
diff --git a/okta/eventHookChannelConfigAuthScheme.go b/okta/eventHookChannelConfigAuthScheme.go
deleted file mode 100644
index 64dabe533..000000000
--- a/okta/eventHookChannelConfigAuthScheme.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EventHookChannelConfigAuthScheme struct {
-	Key   string `json:"key,omitempty"`
-	Type  string `json:"type,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/eventHookChannelConfigAuthSchemeType.go b/okta/eventHookChannelConfigAuthSchemeType.go
deleted file mode 100644
index b5c22f8a9..000000000
--- a/okta/eventHookChannelConfigAuthSchemeType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EventHookChannelConfigAuthSchemeType string
diff --git a/okta/eventHookChannelConfigHeader.go b/okta/eventHookChannelConfigHeader.go
deleted file mode 100644
index 5f55f3556..000000000
--- a/okta/eventHookChannelConfigHeader.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EventHookChannelConfigHeader struct {
-	Key   string `json:"key,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/eventSubscriptions.go b/okta/eventSubscriptions.go
deleted file mode 100644
index 552648e0c..000000000
--- a/okta/eventSubscriptions.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type EventSubscriptions struct {
-	Items []string `json:"items,omitempty"`
-	Type  string   `json:"type,omitempty"`
-}
diff --git a/okta/factorProvider.go b/okta/factorProvider.go
deleted file mode 100644
index 51775721a..000000000
--- a/okta/factorProvider.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FactorProvider string
diff --git a/okta/factorResultType.go b/okta/factorResultType.go
deleted file mode 100644
index 2df511fd8..000000000
--- a/okta/factorResultType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FactorResultType string
diff --git a/okta/factorStatus.go b/okta/factorStatus.go
deleted file mode 100644
index 1e2f18806..000000000
--- a/okta/factorStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FactorStatus string
diff --git a/okta/factorType.go b/okta/factorType.go
deleted file mode 100644
index 1874ef1f2..000000000
--- a/okta/factorType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FactorType string
diff --git a/okta/feature.go b/okta/feature.go
deleted file mode 100644
index 843c83e23..000000000
--- a/okta/feature.go
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type FeatureResource resource
-
-type Feature struct {
-	Links       interface{}   `json:"_links,omitempty"`
-	Description string        `json:"description,omitempty"`
-	Id          string        `json:"id,omitempty"`
-	Name        string        `json:"name,omitempty"`
-	Stage       *FeatureStage `json:"stage,omitempty"`
-	Status      string        `json:"status,omitempty"`
-	Type        string        `json:"type,omitempty"`
-}
-
-func (m *FeatureResource) GetFeature(ctx context.Context, featureId string) (*Feature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/features/%v", featureId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var feature *Feature
-
-	resp, err := rq.Do(ctx, req, &feature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return feature, resp, nil
-}
-
-func (m *FeatureResource) ListFeatures(ctx context.Context) ([]*Feature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/features")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var feature []*Feature
-
-	resp, err := rq.Do(ctx, req, &feature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return feature, resp, nil
-}
-
-func (m *FeatureResource) ListFeatureDependencies(ctx context.Context, featureId string) ([]*Feature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/features/%v/dependencies", featureId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var feature []*Feature
-
-	resp, err := rq.Do(ctx, req, &feature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return feature, resp, nil
-}
-
-func (m *FeatureResource) ListFeatureDependents(ctx context.Context, featureId string) ([]*Feature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/features/%v/dependents", featureId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var feature []*Feature
-
-	resp, err := rq.Do(ctx, req, &feature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return feature, resp, nil
-}
-
-func (m *FeatureResource) UpdateFeatureLifecycle(ctx context.Context, featureId string, lifecycle string, qp *query.Params) (*Feature, *Response, error) {
-	url := fmt.Sprintf("/api/v1/features/%v/%v", featureId, lifecycle)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var feature *Feature
-
-	resp, err := rq.Do(ctx, req, &feature)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return feature, resp, nil
-}
diff --git a/okta/featureStage.go b/okta/featureStage.go
deleted file mode 100644
index 114ad1504..000000000
--- a/okta/featureStage.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FeatureStage struct {
-	State string `json:"state,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/featureStageState.go b/okta/featureStageState.go
deleted file mode 100644
index 3595363ac..000000000
--- a/okta/featureStageState.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FeatureStageState string
diff --git a/okta/featureStageValue.go b/okta/featureStageValue.go
deleted file mode 100644
index 23dd98bb9..000000000
--- a/okta/featureStageValue.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FeatureStageValue string
diff --git a/okta/featureType.go b/okta/featureType.go
deleted file mode 100644
index 8cbd4e320..000000000
--- a/okta/featureType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FeatureType string
diff --git a/okta/fipsEnum.go b/okta/fipsEnum.go
deleted file mode 100644
index c123ca616..000000000
--- a/okta/fipsEnum.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type FipsEnum string
diff --git a/okta/forgotPasswordResponse.go b/okta/forgotPasswordResponse.go
deleted file mode 100644
index 80ac34f41..000000000
--- a/okta/forgotPasswordResponse.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ForgotPasswordResponse struct {
-	ResetPasswordUrl string `json:"resetPasswordUrl,omitempty"`
-}
diff --git a/okta/git_push.sh b/okta/git_push.sh
new file mode 100644
index 000000000..b8e0a76e6
--- /dev/null
+++ b/okta/git_push.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+# ref: https://help.github.com/articles/adding-an-existing-project-to-github-using-the-command-line/
+#
+# Usage example: /bin/sh ./git_push.sh wing328 openapi-petstore-perl "minor update" "gitlab.com"
+
+git_user_id=$1
+git_repo_id=$2
+release_note=$3
+git_host=$4
+
+if [ "$git_host" = "" ]; then
+    git_host="github.com"
+    echo "[INFO] No command line input provided. Set \$git_host to $git_host"
+fi
+
+if [ "$git_user_id" = "" ]; then
+    git_user_id="okta"
+    echo "[INFO] No command line input provided. Set \$git_user_id to $git_user_id"
+fi
+
+if [ "$git_repo_id" = "" ]; then
+    git_repo_id="okta-sdk-golang"
+    echo "[INFO] No command line input provided. Set \$git_repo_id to $git_repo_id"
+fi
+
+if [ "$release_note" = "" ]; then
+    release_note="Minor update"
+    echo "[INFO] No command line input provided. Set \$release_note to $release_note"
+fi
+
+# Initialize the local directory as a Git repository
+git init
+
+# Adds the files in the local repository and stages them for commit.
+git add .
+
+# Commits the tracked changes and prepares them to be pushed to a remote repository.
+git commit -m "$release_note"
+
+# Sets the new remote
+git_remote=$(git remote)
+if [ "$git_remote" = "" ]; then # git remote not defined
+
+    if [ "$GIT_TOKEN" = "" ]; then
+        echo "[INFO] \$GIT_TOKEN (environment variable) is not set. Using the git credential in your environment."
+        git remote add origin https://${git_host}/${git_user_id}/${git_repo_id}.git
+    else
+        git remote add origin https://${git_user_id}:"${GIT_TOKEN}"@${git_host}/${git_user_id}/${git_repo_id}.git
+    fi
+
+fi
+
+git pull origin master
+
+# Pushes (Forces) the changes in the local repository up to the remote repository
+echo "Git pushing to https://${git_host}/${git_user_id}/${git_repo_id}.git"
+git push origin master 2>&1 | grep -v 'To https'
diff --git a/okta/gocache.go b/okta/gocache.go
new file mode 100644
index 000000000..f49d3e984
--- /dev/null
+++ b/okta/gocache.go
@@ -0,0 +1,72 @@
+package okta
+
+import (
+	"bufio"
+	"bytes"
+	"net/http"
+	"net/http/httputil"
+	"time"
+
+	patrickmnGoCache "github.com/patrickmn/go-cache"
+)
+
+type GoCache struct {
+	ttl         time.Duration
+	tti         time.Duration
+	rootLibrary *patrickmnGoCache.Cache
+}
+
+func NewGoCache(ttl int32, tti int32) GoCache {
+	c := patrickmnGoCache.New(time.Duration(ttl)*time.Second, time.Duration(tti)*time.Second)
+
+	gc := GoCache{
+		ttl:         time.Duration(ttl) * time.Second,
+		tti:         time.Duration(tti) * time.Second,
+		rootLibrary: c,
+	}
+
+	return gc
+}
+
+func (c GoCache) Get(key string) *http.Response {
+	item, found := c.rootLibrary.Get(key)
+	if found {
+		r := bufio.NewReader(bytes.NewReader(item.([]byte)))
+		resp, _ := http.ReadResponse(r, nil)
+		return resp
+	}
+
+	return nil
+}
+
+func (c GoCache) Set(key string, value *http.Response) {
+	cacheableResponse, _ := httputil.DumpResponse(value, true)
+
+	c.rootLibrary.Set(key, cacheableResponse, c.ttl)
+}
+
+func (c GoCache) GetString(key string) string {
+	item, found := c.rootLibrary.Get(key)
+	if found {
+		return item.(string)
+	}
+
+	return ""
+}
+
+func (c GoCache) SetString(key string, value string) {
+	c.rootLibrary.Set(key, value, c.ttl)
+}
+
+func (c GoCache) Delete(key string) {
+	c.rootLibrary.Delete(key)
+}
+
+func (c GoCache) Clear() {
+	c.rootLibrary.Flush()
+}
+
+func (c GoCache) Has(key string) bool {
+	_, found := c.rootLibrary.Get(key)
+	return found
+}
diff --git a/okta/grantTypePolicyRuleCondition.go b/okta/grantTypePolicyRuleCondition.go
deleted file mode 100644
index efac33e37..000000000
--- a/okta/grantTypePolicyRuleCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GrantTypePolicyRuleCondition struct {
-	Include []string `json:"include,omitempty"`
-}
-
-func NewGrantTypePolicyRuleCondition() *GrantTypePolicyRuleCondition {
-	return &GrantTypePolicyRuleCondition{}
-}
-
-func (a *GrantTypePolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/group.go b/okta/group.go
deleted file mode 100644
index b43cf2575..000000000
--- a/okta/group.go
+++ /dev/null
@@ -1,630 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type GroupResource resource
-
-type Group struct {
-	Embedded              interface{}   `json:"_embedded,omitempty"`
-	Links                 interface{}   `json:"_links,omitempty"`
-	Created               *time.Time    `json:"created,omitempty"`
-	Id                    string        `json:"id,omitempty"`
-	LastMembershipUpdated *time.Time    `json:"lastMembershipUpdated,omitempty"`
-	LastUpdated           *time.Time    `json:"lastUpdated,omitempty"`
-	ObjectClass           []string      `json:"objectClass,omitempty"`
-	Profile               *GroupProfile `json:"profile,omitempty"`
-	Type                  string        `json:"type,omitempty"`
-}
-
-// Updates the profile for a group with &#x60;OKTA_GROUP&#x60; type from your organization.
-func (m *GroupResource) UpdateGroup(ctx context.Context, groupId string, body Group) (*Group, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v", groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var group *Group
-
-	resp, err := rq.Do(ctx, req, &group)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return group, resp, nil
-}
-
-// Removes a group with &#x60;OKTA_GROUP&#x60; type from your organization.
-func (m *GroupResource) DeleteGroup(ctx context.Context, groupId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v", groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.
-func (m *GroupResource) ListGroups(ctx context.Context, qp *query.Params) ([]*Group, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var group []*Group
-
-	resp, err := rq.Do(ctx, req, &group)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return group, resp, nil
-}
-
-// Adds a new group with &#x60;OKTA_GROUP&#x60; type to your organization.
-func (m *GroupResource) CreateGroup(ctx context.Context, body Group) (*Group, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var group *Group
-
-	resp, err := rq.Do(ctx, req, &group)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return group, resp, nil
-}
-
-// Lists all group rules for your organization.
-func (m *GroupResource) ListGroupRules(ctx context.Context, qp *query.Params) ([]*GroupRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var groupRule []*GroupRule
-
-	resp, err := rq.Do(ctx, req, &groupRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return groupRule, resp, nil
-}
-
-// Creates a group rule to dynamically add users to the specified group if they match the condition
-func (m *GroupResource) CreateGroupRule(ctx context.Context, body GroupRule) (*GroupRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var groupRule *GroupRule
-
-	resp, err := rq.Do(ctx, req, &groupRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return groupRule, resp, nil
-}
-
-// Removes a specific group rule by id from your organization
-func (m *GroupResource) DeleteGroupRule(ctx context.Context, ruleId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules/%v", ruleId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches a specific group rule by id from your organization
-func (m *GroupResource) GetGroupRule(ctx context.Context, ruleId string, qp *query.Params) (*GroupRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules/%v", ruleId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var groupRule *GroupRule
-
-	resp, err := rq.Do(ctx, req, &groupRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return groupRule, resp, nil
-}
-
-// Updates a group rule. Only &#x60;INACTIVE&#x60; rules can be updated.
-func (m *GroupResource) UpdateGroupRule(ctx context.Context, ruleId string, body GroupRule) (*GroupRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules/%v", ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var groupRule *GroupRule
-
-	resp, err := rq.Do(ctx, req, &groupRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return groupRule, resp, nil
-}
-
-// Activates a specific group rule by id from your organization
-func (m *GroupResource) ActivateGroupRule(ctx context.Context, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules/%v/lifecycle/activate", ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Deactivates a specific group rule by id from your organization
-func (m *GroupResource) DeactivateGroupRule(ctx context.Context, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules/%v/lifecycle/deactivate", ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches a group from your organization.
-func (m *GroupResource) GetGroup(ctx context.Context, groupId string) (*Group, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v", groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var group *Group
-
-	resp, err := rq.Do(ctx, req, &group)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return group, resp, nil
-}
-
-// Enumerates all applications that are assigned to a group.
-func (m *GroupResource) ListAssignedApplicationsForGroup(ctx context.Context, groupId string, qp *query.Params) ([]App, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/apps", groupId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var application []Application
-
-	resp, err := rq.Do(ctx, req, &application)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	apps := make([]App, len(application))
-	for i := range application {
-		apps[i] = &application[i]
-	}
-	return apps, resp, nil
-}
-
-func (m *GroupResource) ListGroupAssignedRoles(ctx context.Context, groupId string, qp *query.Params) ([]*Role, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles", groupId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var role []*Role
-
-	resp, err := rq.Do(ctx, req, &role)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return role, resp, nil
-}
-
-// Assigns a Role to a Group
-func (m *GroupResource) AssignRoleToGroup(ctx context.Context, groupId string, body AssignRoleRequest, qp *query.Params) (*Role, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles", groupId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var role *Role
-
-	resp, err := rq.Do(ctx, req, &role)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return role, resp, nil
-}
-
-// Unassigns a Role from a Group
-func (m *GroupResource) RemoveRoleFromGroup(ctx context.Context, groupId string, roleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v", groupId, roleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *GroupResource) GetRole(ctx context.Context, groupId string, roleId string) (*Role, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v", groupId, roleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var role *Role
-
-	resp, err := rq.Do(ctx, req, &role)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return role, resp, nil
-}
-
-// Lists all App targets for an &#x60;APP_ADMIN&#x60; Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an &#x60;ID&#x60; value, while Application will not have an ID.
-func (m *GroupResource) ListApplicationTargetsForApplicationAdministratorRoleForGroup(ctx context.Context, groupId string, roleId string, qp *query.Params) ([]*CatalogApplication, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/catalog/apps", groupId, roleId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var catalogApplication []*CatalogApplication
-
-	resp, err := rq.Do(ctx, req, &catalogApplication)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return catalogApplication, resp, nil
-}
-
-func (m *GroupResource) RemoveApplicationTargetFromApplicationAdministratorRoleGivenToGroup(ctx context.Context, groupId string, roleId string, appName string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/catalog/apps/%v", groupId, roleId, appName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *GroupResource) AddApplicationTargetToAdminRoleGivenToGroup(ctx context.Context, groupId string, roleId string, appName string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/catalog/apps/%v", groupId, roleId, appName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Remove App Instance Target to App Administrator Role given to a Group
-func (m *GroupResource) RemoveApplicationTargetFromAdministratorRoleGivenToGroup(ctx context.Context, groupId string, roleId string, appName string, applicationId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/catalog/apps/%v/%v", groupId, roleId, appName, applicationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Add App Instance Target to App Administrator Role given to a Group
-func (m *GroupResource) AddApplicationInstanceTargetToAppAdminRoleGivenToGroup(ctx context.Context, groupId string, roleId string, appName string, applicationId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/catalog/apps/%v/%v", groupId, roleId, appName, applicationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *GroupResource) ListGroupTargetsForGroupRole(ctx context.Context, groupId string, roleId string, qp *query.Params) ([]*Group, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/groups", groupId, roleId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var group []*Group
-
-	resp, err := rq.Do(ctx, req, &group)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return group, resp, nil
-}
-
-func (m *GroupResource) RemoveGroupTargetFromGroupAdministratorRoleGivenToGroup(ctx context.Context, groupId string, roleId string, targetGroupId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/groups/%v", groupId, roleId, targetGroupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *GroupResource) AddGroupTargetToGroupAdministratorRoleForGroup(ctx context.Context, groupId string, roleId string, targetGroupId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/roles/%v/targets/groups/%v", groupId, roleId, targetGroupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates all users that are a member of a group.
-func (m *GroupResource) ListGroupUsers(ctx context.Context, groupId string, qp *query.Params) ([]*User, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/users", groupId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var user []*User
-
-	resp, err := rq.Do(ctx, req, &user)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return user, resp, nil
-}
-
-// Removes a user from a group with &#x27;OKTA_GROUP&#x27; type.
-func (m *GroupResource) RemoveUserFromGroup(ctx context.Context, groupId string, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/users/%v", groupId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Adds a user to a group with &#x27;OKTA_GROUP&#x27; type.
-func (m *GroupResource) AddUserToGroup(ctx context.Context, groupId string, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/%v/users/%v", groupId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
diff --git a/okta/groupCondition.go b/okta/groupCondition.go
deleted file mode 100644
index e32f200f5..000000000
--- a/okta/groupCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupCondition struct {
-	Exclude []string `json:"exclude,omitempty"`
-	Include []string `json:"include,omitempty"`
-}
-
-func NewGroupCondition() *GroupCondition {
-	return &GroupCondition{}
-}
-
-func (a *GroupCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/groupPolicyRuleCondition.go b/okta/groupPolicyRuleCondition.go
deleted file mode 100644
index 9181a0d2d..000000000
--- a/okta/groupPolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupPolicyRuleCondition struct {
-	Exclude []string `json:"exclude,omitempty"`
-	Include []string `json:"include,omitempty"`
-}
-
-func NewGroupPolicyRuleCondition() *GroupPolicyRuleCondition {
-	return &GroupPolicyRuleCondition{}
-}
-
-func (a *GroupPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/groupProfile.go b/okta/groupProfile.go
deleted file mode 100644
index d6f1fa1b6..000000000
--- a/okta/groupProfile.go
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-)
-
-type GroupProfileMap map[string]interface{}
-
-type GroupProfile struct {
-	Description string `json:"description,omitempty"`
-	Name        string `json:"name,omitempty"`
-	GroupProfileMap
-}
-
-func (a *GroupProfile) UnmarshalJSON(data []byte) error {
-	if string(data) == "null" || string(data) == `""` {
-		return nil
-	}
-	var profile map[string]interface{}
-	err := json.Unmarshal(data, &profile)
-	if err != nil {
-		return err
-	}
-	a.Name, _ = profile["name"].(string)
-	a.Description, _ = profile["description"].(string)
-	delete(profile, "name")
-	delete(profile, "description")
-	a.GroupProfileMap = profile
-	return nil
-}
-
-func (a GroupProfile) MarshalJSON() ([]byte, error) {
-	if len(a.GroupProfileMap) == 0 {
-		return json.Marshal(&struct {
-			Name        string `json:"name"`
-			Description string `json:"description"`
-		}{
-			Name:        a.Name,
-			Description: a.Description,
-		})
-	}
-	if a.Name != "" {
-		a.GroupProfileMap["name"] = a.Name
-	}
-	if a.Description != "" {
-		a.GroupProfileMap["description"] = a.Description
-	}
-	return json.Marshal(a.GroupProfileMap)
-}
diff --git a/okta/groupRule.go b/okta/groupRule.go
deleted file mode 100644
index 53c266533..000000000
--- a/okta/groupRule.go
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type GroupRuleResource resource
-
-type GroupRule struct {
-	Actions     *GroupRuleAction     `json:"actions,omitempty"`
-	Conditions  *GroupRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time           `json:"created,omitempty"`
-	Id          string               `json:"id,omitempty"`
-	LastUpdated *time.Time           `json:"lastUpdated,omitempty"`
-	Name        string               `json:"name,omitempty"`
-	Status      string               `json:"status,omitempty"`
-	Type        string               `json:"type,omitempty"`
-}
-
-// Updates a group rule. Only &#x60;INACTIVE&#x60; rules can be updated.
-func (m *GroupRuleResource) UpdateGroupRule(ctx context.Context, ruleId string, body GroupRule) (*GroupRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules/%v", ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var groupRule *GroupRule
-
-	resp, err := rq.Do(ctx, req, &groupRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return groupRule, resp, nil
-}
-
-// Removes a specific group rule by id from your organization
-func (m *GroupRuleResource) DeleteGroupRule(ctx context.Context, ruleId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/groups/rules/%v", ruleId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
diff --git a/okta/groupRuleAction.go b/okta/groupRuleAction.go
deleted file mode 100644
index 157d67aa9..000000000
--- a/okta/groupRuleAction.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRuleAction struct {
-	AssignUserToGroups *GroupRuleGroupAssignment `json:"assignUserToGroups,omitempty"`
-}
diff --git a/okta/groupRuleConditions.go b/okta/groupRuleConditions.go
deleted file mode 100644
index 28848e871..000000000
--- a/okta/groupRuleConditions.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRuleConditions struct {
-	Expression *GroupRuleExpression      `json:"expression,omitempty"`
-	People     *GroupRulePeopleCondition `json:"people,omitempty"`
-}
diff --git a/okta/groupRuleExpression.go b/okta/groupRuleExpression.go
deleted file mode 100644
index 95bbda71e..000000000
--- a/okta/groupRuleExpression.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRuleExpression struct {
-	Type  string `json:"type,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/groupRuleGroupAssignment.go b/okta/groupRuleGroupAssignment.go
deleted file mode 100644
index a6acd3eeb..000000000
--- a/okta/groupRuleGroupAssignment.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRuleGroupAssignment struct {
-	GroupIds []string `json:"groupIds,omitempty"`
-}
diff --git a/okta/groupRuleGroupCondition.go b/okta/groupRuleGroupCondition.go
deleted file mode 100644
index c92743ff1..000000000
--- a/okta/groupRuleGroupCondition.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRuleGroupCondition struct {
-	Exclude []string `json:"exclude,omitempty"`
-	Include []string `json:"include,omitempty"`
-}
diff --git a/okta/groupRulePeopleCondition.go b/okta/groupRulePeopleCondition.go
deleted file mode 100644
index 2685f28a3..000000000
--- a/okta/groupRulePeopleCondition.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRulePeopleCondition struct {
-	Groups *GroupRuleGroupCondition `json:"groups,omitempty"`
-	Users  *GroupRuleUserCondition  `json:"users,omitempty"`
-}
diff --git a/okta/groupRuleStatus.go b/okta/groupRuleStatus.go
deleted file mode 100644
index 49d61c5c5..000000000
--- a/okta/groupRuleStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRuleStatus string
diff --git a/okta/groupRuleUserCondition.go b/okta/groupRuleUserCondition.go
deleted file mode 100644
index 546b6d8b3..000000000
--- a/okta/groupRuleUserCondition.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupRuleUserCondition struct {
-	Exclude []string `json:"exclude,omitempty"`
-	Include []string `json:"include,omitempty"`
-}
diff --git a/okta/groupSchema.go b/okta/groupSchema.go
deleted file mode 100644
index 8bcac395b..000000000
--- a/okta/groupSchema.go
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-)
-
-type GroupSchemaResource resource
-
-type GroupSchema struct {
-	Schema      string                  `json:"$schema,omitempty"`
-	Links       interface{}             `json:"_links,omitempty"`
-	Created     string                  `json:"created,omitempty"`
-	Definitions *GroupSchemaDefinitions `json:"definitions,omitempty"`
-	Description string                  `json:"description,omitempty"`
-	Id          string                  `json:"id,omitempty"`
-	LastUpdated string                  `json:"lastUpdated,omitempty"`
-	Name        string                  `json:"name,omitempty"`
-	Properties  *UserSchemaProperties   `json:"properties,omitempty"`
-	Title       string                  `json:"title,omitempty"`
-	Type        string                  `json:"type,omitempty"`
-}
-
-// Fetches the group schema
-func (m *GroupSchemaResource) GetGroupSchema(ctx context.Context) (*GroupSchema, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/group/default")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var groupSchema *GroupSchema
-
-	resp, err := rq.Do(ctx, req, &groupSchema)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return groupSchema, resp, nil
-}
-
-// Updates, adds ore removes one or more custom Group Profile properties in the schema
-func (m *GroupSchemaResource) UpdateGroupSchema(ctx context.Context, body GroupSchema) (*GroupSchema, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/group/default")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var groupSchema *GroupSchema
-
-	resp, err := rq.Do(ctx, req, &groupSchema)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return groupSchema, resp, nil
-}
diff --git a/okta/groupSchemaAttribute.go b/okta/groupSchemaAttribute.go
deleted file mode 100644
index 16a687eed..000000000
--- a/okta/groupSchemaAttribute.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type GroupSchemaAttribute struct {
-	Description       string                           `json:"description,omitempty"`
-	Enum              []interface{}                    `json:"enum,omitempty"`
-	ExternalName      string                           `json:"externalName,omitempty"`
-	ExternalNamespace string                           `json:"externalNamespace,omitempty"`
-	Items             *UserSchemaAttributeItems        `json:"items,omitempty"`
-	Master            *UserSchemaAttributeMaster       `json:"master,omitempty"`
-	MaxLength         int64                            `json:"-"`
-	MaxLengthPtr      *int64                           `json:"maxLength,omitempty"`
-	MinLength         int64                            `json:"-"`
-	MinLengthPtr      *int64                           `json:"minLength,omitempty"`
-	Mutability        string                           `json:"mutability,omitempty"`
-	OneOf             []*UserSchemaAttributeEnum       `json:"oneOf,omitempty"`
-	Permissions       []*UserSchemaAttributePermission `json:"permissions,omitempty"`
-	Required          *bool                            `json:"required,omitempty"`
-	Scope             string                           `json:"scope,omitempty"`
-	Title             string                           `json:"title,omitempty"`
-	Type              string                           `json:"type,omitempty"`
-	Union             string                           `json:"union,omitempty"`
-	Unique            string                           `json:"unique,omitempty"`
-}
-
-func (a *GroupSchemaAttribute) MarshalJSON() ([]byte, error) {
-	type Alias GroupSchemaAttribute
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.MaxLength != 0 {
-		result.MaxLengthPtr = Int64Ptr(a.MaxLength)
-	}
-	if a.MinLength != 0 {
-		result.MinLengthPtr = Int64Ptr(a.MinLength)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *GroupSchemaAttribute) UnmarshalJSON(data []byte) error {
-	type Alias GroupSchemaAttribute
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.MaxLengthPtr != nil {
-		a.MaxLength = *result.MaxLengthPtr
-		a.MaxLengthPtr = result.MaxLengthPtr
-	}
-	if result.MinLengthPtr != nil {
-		a.MinLength = *result.MinLengthPtr
-		a.MinLengthPtr = result.MinLengthPtr
-	}
-	return nil
-}
diff --git a/okta/groupSchemaBase.go b/okta/groupSchemaBase.go
deleted file mode 100644
index 21830103d..000000000
--- a/okta/groupSchemaBase.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupSchemaBase struct {
-	Id         string                           `json:"id,omitempty"`
-	Properties map[string]*GroupSchemaAttribute `json:"properties,omitempty"`
-	Required   []string                         `json:"required,omitempty"`
-	Type       string                           `json:"type,omitempty"`
-}
diff --git a/okta/groupSchemaBaseProperties.go b/okta/groupSchemaBaseProperties.go
deleted file mode 100644
index d04acff7b..000000000
--- a/okta/groupSchemaBaseProperties.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupSchemaBaseProperties struct {
-	Description *GroupSchemaAttribute `json:"description,omitempty"`
-	Name        *GroupSchemaAttribute `json:"name,omitempty"`
-}
diff --git a/okta/groupSchemaCustom.go b/okta/groupSchemaCustom.go
deleted file mode 100644
index 33fa99899..000000000
--- a/okta/groupSchemaCustom.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupSchemaCustom struct {
-	Id         string                           `json:"id,omitempty"`
-	Properties map[string]*GroupSchemaAttribute `json:"properties,omitempty"`
-	Required   []string                         `json:"required,omitempty"`
-	Type       string                           `json:"type,omitempty"`
-}
diff --git a/okta/groupSchemaDefinitions.go b/okta/groupSchemaDefinitions.go
deleted file mode 100644
index 82bbcdde9..000000000
--- a/okta/groupSchemaDefinitions.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupSchemaDefinitions struct {
-	Base   *GroupSchemaBase   `json:"base,omitempty"`
-	Custom *GroupSchemaCustom `json:"custom,omitempty"`
-}
diff --git a/okta/groupType.go b/okta/groupType.go
deleted file mode 100644
index 572ca2c97..000000000
--- a/okta/groupType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type GroupType string
diff --git a/okta/hardwareUserFactor.go b/okta/hardwareUserFactor.go
deleted file mode 100644
index 65cb7d252..000000000
--- a/okta/hardwareUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type HardwareUserFactor struct {
-	Embedded    interface{}                `json:"_embedded,omitempty"`
-	Links       interface{}                `json:"_links,omitempty"`
-	Created     *time.Time                 `json:"created,omitempty"`
-	FactorType  string                     `json:"factorType,omitempty"`
-	Id          string                     `json:"id,omitempty"`
-	LastUpdated *time.Time                 `json:"lastUpdated,omitempty"`
-	Provider    string                     `json:"provider,omitempty"`
-	Status      string                     `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest       `json:"verify,omitempty"`
-	Profile     *HardwareUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewHardwareUserFactor() *HardwareUserFactor {
-	return &HardwareUserFactor{
-		FactorType: "token:hardware",
-	}
-}
-
-func (a *HardwareUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/hardwareUserFactorProfile.go b/okta/hardwareUserFactorProfile.go
deleted file mode 100644
index b44ee968a..000000000
--- a/okta/hardwareUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type HardwareUserFactorProfile struct {
-	CredentialId string `json:"credentialId,omitempty"`
-}
-
-func NewHardwareUserFactorProfile() *HardwareUserFactorProfile {
-	return &HardwareUserFactorProfile{}
-}
-
-func (a *HardwareUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/identityProvider.go b/okta/identityProvider.go
deleted file mode 100644
index 90d7dab50..000000000
--- a/okta/identityProvider.go
+++ /dev/null
@@ -1,655 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type IdentityProviderResource resource
-
-type IdentityProvider struct {
-	Links       interface{}             `json:"_links,omitempty"`
-	Created     *time.Time              `json:"created,omitempty"`
-	Id          string                  `json:"id,omitempty"`
-	IssuerMode  string                  `json:"issuerMode,omitempty"`
-	LastUpdated *time.Time              `json:"lastUpdated,omitempty"`
-	Name        string                  `json:"name,omitempty"`
-	Policy      *IdentityProviderPolicy `json:"policy,omitempty"`
-	Protocol    *Protocol               `json:"protocol,omitempty"`
-	Status      string                  `json:"status,omitempty"`
-	Type        string                  `json:"type,omitempty"`
-}
-
-// Adds a new IdP to your organization.
-func (m *IdentityProviderResource) CreateIdentityProvider(ctx context.Context, body IdentityProvider) (*IdentityProvider, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProvider *IdentityProvider
-
-	resp, err := rq.Do(ctx, req, &identityProvider)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProvider, resp, nil
-}
-
-// Fetches an IdP by &#x60;id&#x60;.
-func (m *IdentityProviderResource) GetIdentityProvider(ctx context.Context, idpId string) (*IdentityProvider, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProvider *IdentityProvider
-
-	resp, err := rq.Do(ctx, req, &identityProvider)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProvider, resp, nil
-}
-
-// Updates the configuration for an IdP.
-func (m *IdentityProviderResource) UpdateIdentityProvider(ctx context.Context, idpId string, body IdentityProvider) (*IdentityProvider, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProvider *IdentityProvider
-
-	resp, err := rq.Do(ctx, req, &identityProvider)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProvider, resp, nil
-}
-
-// Removes an IdP from your organization.
-func (m *IdentityProviderResource) DeleteIdentityProvider(ctx context.Context, idpId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
-func (m *IdentityProviderResource) ListIdentityProviders(ctx context.Context, qp *query.Params) ([]*IdentityProvider, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProvider []*IdentityProvider
-
-	resp, err := rq.Do(ctx, req, &identityProvider)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProvider, resp, nil
-}
-
-// Enumerates IdP key credentials.
-func (m *IdentityProviderResource) ListIdentityProviderKeys(ctx context.Context, qp *query.Params) ([]*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/credentials/keys")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey []*JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Adds a new X.509 certificate credential to the IdP key store.
-func (m *IdentityProviderResource) CreateIdentityProviderKey(ctx context.Context, body JsonWebKey) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/credentials/keys")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Deletes a specific IdP Key Credential by &#x60;kid&#x60; if it is not currently being used by an Active or Inactive IdP.
-func (m *IdentityProviderResource) DeleteIdentityProviderKey(ctx context.Context, keyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/credentials/keys/%v", keyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets a specific IdP Key Credential by &#x60;kid&#x60;
-func (m *IdentityProviderResource) GetIdentityProviderKey(ctx context.Context, keyId string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/credentials/keys/%v", keyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Enumerates Certificate Signing Requests for an IdP
-func (m *IdentityProviderResource) ListCsrsForIdentityProvider(ctx context.Context, idpId string) ([]*Csr, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var csr []*Csr
-
-	resp, err := rq.Do(ctx, req, &csr)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return csr, resp, nil
-}
-
-// Generates a new key pair and returns a Certificate Signing Request for it.
-func (m *IdentityProviderResource) GenerateCsrForIdentityProvider(ctx context.Context, idpId string, body CsrMetadata) (*Csr, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var csr *Csr
-
-	resp, err := rq.Do(ctx, req, &csr)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return csr, resp, nil
-}
-
-// Revoke a Certificate Signing Request and delete the key pair from the IdP
-func (m *IdentityProviderResource) RevokeCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs/%v", idpId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets a specific Certificate Signing Request model by id
-func (m *IdentityProviderResource) GetCsrForIdentityProvider(ctx context.Context, idpId string, csrId string) (*Csr, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs/%v", idpId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var csr *Csr
-
-	resp, err := rq.Do(ctx, req, &csr)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return csr, resp, nil
-}
-
-// Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
-func (m *IdentityProviderResource) PublishCerCertForIdentityProvider(ctx context.Context, idpId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs/%v/lifecycle/publish", idpId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/x-x509-ca-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
-func (m *IdentityProviderResource) PublishBinaryCerCertForIdentityProvider(ctx context.Context, idpId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs/%v/lifecycle/publish", idpId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.AsBinary().WithAccept("application/json").WithContentType("application/x-x509-ca-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
-func (m *IdentityProviderResource) PublishDerCertForIdentityProvider(ctx context.Context, idpId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs/%v/lifecycle/publish", idpId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/pkix-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
-func (m *IdentityProviderResource) PublishBinaryDerCertForIdentityProvider(ctx context.Context, idpId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs/%v/lifecycle/publish", idpId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.AsBinary().WithAccept("application/json").WithContentType("application/pkix-cert").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
-func (m *IdentityProviderResource) PublishBinaryPemCertForIdentityProvider(ctx context.Context, idpId string, csrId string, body string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/csrs/%v/lifecycle/publish", idpId, csrId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.AsBinary().WithAccept("application/json").WithContentType("application/x-pem-file").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Enumerates signing key credentials for an IdP
-func (m *IdentityProviderResource) ListIdentityProviderSigningKeys(ctx context.Context, idpId string) ([]*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/keys", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey []*JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
-func (m *IdentityProviderResource) GenerateIdentityProviderSigningKey(ctx context.Context, idpId string, qp *query.Params) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/keys/generate", idpId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Gets a specific IdP Key Credential by &#x60;kid&#x60;
-func (m *IdentityProviderResource) GetIdentityProviderSigningKey(ctx context.Context, idpId string, keyId string) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/keys/%v", idpId, keyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
-func (m *IdentityProviderResource) CloneIdentityProviderKey(ctx context.Context, idpId string, keyId string, qp *query.Params) (*JsonWebKey, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/credentials/keys/%v/clone", idpId, keyId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var jsonWebKey *JsonWebKey
-
-	resp, err := rq.Do(ctx, req, &jsonWebKey)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return jsonWebKey, resp, nil
-}
-
-// Activates an inactive IdP.
-func (m *IdentityProviderResource) ActivateIdentityProvider(ctx context.Context, idpId string) (*IdentityProvider, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/lifecycle/activate", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProvider *IdentityProvider
-
-	resp, err := rq.Do(ctx, req, &identityProvider)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProvider, resp, nil
-}
-
-// Deactivates an active IdP.
-func (m *IdentityProviderResource) DeactivateIdentityProvider(ctx context.Context, idpId string) (*IdentityProvider, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/lifecycle/deactivate", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProvider *IdentityProvider
-
-	resp, err := rq.Do(ctx, req, &identityProvider)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProvider, resp, nil
-}
-
-// Find all the users linked to an identity provider
-func (m *IdentityProviderResource) ListIdentityProviderApplicationUsers(ctx context.Context, idpId string) ([]*IdentityProviderApplicationUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/users", idpId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProviderApplicationUser []*IdentityProviderApplicationUser
-
-	resp, err := rq.Do(ctx, req, &identityProviderApplicationUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProviderApplicationUser, resp, nil
-}
-
-// Removes the link between the Okta user and the IdP user.
-func (m *IdentityProviderResource) UnlinkUserFromIdentityProvider(ctx context.Context, idpId string, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/users/%v", idpId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches a linked IdP user by ID
-func (m *IdentityProviderResource) GetIdentityProviderApplicationUser(ctx context.Context, idpId string, userId string) (*IdentityProviderApplicationUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/users/%v", idpId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProviderApplicationUser *IdentityProviderApplicationUser
-
-	resp, err := rq.Do(ctx, req, &identityProviderApplicationUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProviderApplicationUser, resp, nil
-}
-
-// Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
-func (m *IdentityProviderResource) LinkUserToIdentityProvider(ctx context.Context, idpId string, userId string, body UserIdentityProviderLinkRequest) (*IdentityProviderApplicationUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/users/%v", idpId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProviderApplicationUser *IdentityProviderApplicationUser
-
-	resp, err := rq.Do(ctx, req, &identityProviderApplicationUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProviderApplicationUser, resp, nil
-}
-
-// Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.
-func (m *IdentityProviderResource) ListSocialAuthTokens(ctx context.Context, idpId string, userId string) ([]*SocialAuthToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/idps/%v/users/%v/credentials/tokens", idpId, userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var socialAuthToken []*SocialAuthToken
-
-	resp, err := rq.Do(ctx, req, &socialAuthToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return socialAuthToken, resp, nil
-}
diff --git a/okta/identityProviderApplicationUser.go b/okta/identityProviderApplicationUser.go
deleted file mode 100644
index 400d3e9ec..000000000
--- a/okta/identityProviderApplicationUser.go
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IdentityProviderApplicationUser struct {
-	Embedded    interface{} `json:"_embedded,omitempty"`
-	Links       interface{} `json:"_links,omitempty"`
-	Created     string      `json:"created,omitempty"`
-	ExternalId  string      `json:"externalId,omitempty"`
-	Id          string      `json:"id,omitempty"`
-	LastUpdated string      `json:"lastUpdated,omitempty"`
-	Profile     interface{} `json:"profile,omitempty"`
-}
diff --git a/okta/identityProviderCredentials.go b/okta/identityProviderCredentials.go
deleted file mode 100644
index 9aaaf4f4f..000000000
--- a/okta/identityProviderCredentials.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IdentityProviderCredentials struct {
-	Client  *IdentityProviderCredentialsClient  `json:"client,omitempty"`
-	Signing *IdentityProviderCredentialsSigning `json:"signing,omitempty"`
-	Trust   *IdentityProviderCredentialsTrust   `json:"trust,omitempty"`
-}
diff --git a/okta/identityProviderCredentialsClient.go b/okta/identityProviderCredentialsClient.go
deleted file mode 100644
index 0cc3feed7..000000000
--- a/okta/identityProviderCredentialsClient.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IdentityProviderCredentialsClient struct {
-	ClientId     string `json:"client_id,omitempty"`
-	ClientSecret string `json:"client_secret,omitempty"`
-}
diff --git a/okta/identityProviderCredentialsSigning.go b/okta/identityProviderCredentialsSigning.go
deleted file mode 100644
index 7ada8debf..000000000
--- a/okta/identityProviderCredentialsSigning.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IdentityProviderCredentialsSigning struct {
-	Kid        string `json:"kid,omitempty"`
-	PrivateKey string `json:"privateKey,omitempty"`
-	TeamId     string `json:"teamId,omitempty"`
-}
diff --git a/okta/identityProviderCredentialsTrust.go b/okta/identityProviderCredentialsTrust.go
deleted file mode 100644
index af0be3f41..000000000
--- a/okta/identityProviderCredentialsTrust.go
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type IdentityProviderCredentialsTrust struct {
-	Audience                   string `json:"audience,omitempty"`
-	Issuer                     string `json:"issuer,omitempty"`
-	Kid                        string `json:"kid,omitempty"`
-	Revocation                 string `json:"revocation,omitempty"`
-	RevocationCacheLifetime    int64  `json:"-"`
-	RevocationCacheLifetimePtr *int64 `json:"revocationCacheLifetime,omitempty"`
-}
-
-func (a *IdentityProviderCredentialsTrust) MarshalJSON() ([]byte, error) {
-	type Alias IdentityProviderCredentialsTrust
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.RevocationCacheLifetime != 0 {
-		result.RevocationCacheLifetimePtr = Int64Ptr(a.RevocationCacheLifetime)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *IdentityProviderCredentialsTrust) UnmarshalJSON(data []byte) error {
-	type Alias IdentityProviderCredentialsTrust
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.RevocationCacheLifetimePtr != nil {
-		a.RevocationCacheLifetime = *result.RevocationCacheLifetimePtr
-		a.RevocationCacheLifetimePtr = result.RevocationCacheLifetimePtr
-	}
-	return nil
-}
diff --git a/okta/identityProviderPolicy.go b/okta/identityProviderPolicy.go
deleted file mode 100644
index afeb356eb..000000000
--- a/okta/identityProviderPolicy.go
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type IdentityProviderPolicy struct {
-	Embedded        interface{}           `json:"_embedded,omitempty"`
-	Links           interface{}           `json:"_links,omitempty"`
-	Conditions      *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created         *time.Time            `json:"created,omitempty"`
-	Description     string                `json:"description,omitempty"`
-	Id              string                `json:"id,omitempty"`
-	LastUpdated     *time.Time            `json:"lastUpdated,omitempty"`
-	Name            string                `json:"name,omitempty"`
-	Priority        int64                 `json:"-"`
-	PriorityPtr     *int64                `json:"priority,omitempty"`
-	Status          string                `json:"status,omitempty"`
-	System          *bool                 `json:"system,omitempty"`
-	Type            string                `json:"type,omitempty"`
-	AccountLink     *PolicyAccountLink    `json:"accountLink,omitempty"`
-	MaxClockSkew    int64                 `json:"-"`
-	MaxClockSkewPtr *int64                `json:"maxClockSkew,omitempty"`
-	Provisioning    *Provisioning         `json:"provisioning,omitempty"`
-	Subject         *PolicySubject        `json:"subject,omitempty"`
-}
-
-func NewIdentityProviderPolicy() *IdentityProviderPolicy {
-	return &IdentityProviderPolicy{
-		Type: "IDP_DISCOVERY",
-	}
-}
-
-func (a *IdentityProviderPolicy) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *IdentityProviderPolicy) MarshalJSON() ([]byte, error) {
-	type Alias IdentityProviderPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	if a.MaxClockSkew != 0 {
-		result.MaxClockSkewPtr = Int64Ptr(a.MaxClockSkew)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *IdentityProviderPolicy) UnmarshalJSON(data []byte) error {
-	type Alias IdentityProviderPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	if result.MaxClockSkewPtr != nil {
-		a.MaxClockSkew = *result.MaxClockSkewPtr
-		a.MaxClockSkewPtr = result.MaxClockSkewPtr
-	}
-	return nil
-}
diff --git a/okta/identityProviderPolicyRuleCondition.go b/okta/identityProviderPolicyRuleCondition.go
deleted file mode 100644
index 2c55b06df..000000000
--- a/okta/identityProviderPolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IdentityProviderPolicyRuleCondition struct {
-	IdpIds   []string `json:"idpIds,omitempty"`
-	Provider string   `json:"provider,omitempty"`
-}
-
-func NewIdentityProviderPolicyRuleCondition() *IdentityProviderPolicyRuleCondition {
-	return &IdentityProviderPolicyRuleCondition{}
-}
-
-func (a *IdentityProviderPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/idpPolicyRuleAction.go b/okta/idpPolicyRuleAction.go
deleted file mode 100644
index 6b4679751..000000000
--- a/okta/idpPolicyRuleAction.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IdpPolicyRuleAction struct {
-	Providers []*IdpPolicyRuleActionProvider `json:"providers,omitempty"`
-}
-
-func NewIdpPolicyRuleAction() *IdpPolicyRuleAction {
-	return &IdpPolicyRuleAction{}
-}
-
-func (a *IdpPolicyRuleAction) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/idpPolicyRuleActionProvider.go b/okta/idpPolicyRuleActionProvider.go
deleted file mode 100644
index 283e33fa9..000000000
--- a/okta/idpPolicyRuleActionProvider.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IdpPolicyRuleActionProvider struct {
-	Id   string `json:"id,omitempty"`
-	Type string `json:"type,omitempty"`
-}
-
-func NewIdpPolicyRuleActionProvider() *IdpPolicyRuleActionProvider {
-	return &IdpPolicyRuleActionProvider{}
-}
-
-func (a *IdpPolicyRuleActionProvider) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/iframeEmbedScopeAllowedApps.go b/okta/iframeEmbedScopeAllowedApps.go
deleted file mode 100644
index 8a51790dc..000000000
--- a/okta/iframeEmbedScopeAllowedApps.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IframeEmbedScopeAllowedApps string
diff --git a/okta/imageUploadResponse.go b/okta/imageUploadResponse.go
deleted file mode 100644
index 49807d6ea..000000000
--- a/okta/imageUploadResponse.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ImageUploadResponse struct {
-	Url string `json:"url,omitempty"`
-}
diff --git a/okta/inactivityPolicyRuleCondition.go b/okta/inactivityPolicyRuleCondition.go
deleted file mode 100644
index 2ea7ec103..000000000
--- a/okta/inactivityPolicyRuleCondition.go
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type InactivityPolicyRuleCondition struct {
-	Number    int64  `json:"-"`
-	NumberPtr *int64 `json:"number,omitempty"`
-	Unit      string `json:"unit,omitempty"`
-}
-
-func NewInactivityPolicyRuleCondition() *InactivityPolicyRuleCondition {
-	return &InactivityPolicyRuleCondition{}
-}
-
-func (a *InactivityPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *InactivityPolicyRuleCondition) MarshalJSON() ([]byte, error) {
-	type Alias InactivityPolicyRuleCondition
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Number != 0 {
-		result.NumberPtr = Int64Ptr(a.Number)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *InactivityPolicyRuleCondition) UnmarshalJSON(data []byte) error {
-	type Alias InactivityPolicyRuleCondition
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.NumberPtr != nil {
-		a.Number = *result.NumberPtr
-		a.NumberPtr = result.NumberPtr
-	}
-	return nil
-}
diff --git a/okta/inlineHook.go b/okta/inlineHook.go
deleted file mode 100644
index 6e0441bc9..000000000
--- a/okta/inlineHook.go
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type InlineHookResource resource
-
-type InlineHook struct {
-	Links       interface{}        `json:"_links,omitempty"`
-	Channel     *InlineHookChannel `json:"channel,omitempty"`
-	Created     *time.Time         `json:"created,omitempty"`
-	Id          string             `json:"id,omitempty"`
-	LastUpdated *time.Time         `json:"lastUpdated,omitempty"`
-	Name        string             `json:"name,omitempty"`
-	Status      string             `json:"status,omitempty"`
-	Type        string             `json:"type,omitempty"`
-	Version     string             `json:"version,omitempty"`
-}
-
-func (m *InlineHookResource) CreateInlineHook(ctx context.Context, body InlineHook) (*InlineHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var inlineHook *InlineHook
-
-	resp, err := rq.Do(ctx, req, &inlineHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return inlineHook, resp, nil
-}
-
-// Gets an inline hook by ID
-func (m *InlineHookResource) GetInlineHook(ctx context.Context, inlineHookId string) (*InlineHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks/%v", inlineHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var inlineHook *InlineHook
-
-	resp, err := rq.Do(ctx, req, &inlineHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return inlineHook, resp, nil
-}
-
-// Updates an inline hook by ID
-func (m *InlineHookResource) UpdateInlineHook(ctx context.Context, inlineHookId string, body InlineHook) (*InlineHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks/%v", inlineHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var inlineHook *InlineHook
-
-	resp, err := rq.Do(ctx, req, &inlineHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return inlineHook, resp, nil
-}
-
-// Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
-func (m *InlineHookResource) DeleteInlineHook(ctx context.Context, inlineHookId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks/%v", inlineHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *InlineHookResource) ListInlineHooks(ctx context.Context, qp *query.Params) ([]*InlineHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var inlineHook []*InlineHook
-
-	resp, err := rq.Do(ctx, req, &inlineHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return inlineHook, resp, nil
-}
-
-// Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
-func (m *InlineHookResource) ExecuteInlineHook(ctx context.Context, inlineHookId string, body InlineHookPayload) (*InlineHookResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks/%v/execute", inlineHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var inlineHookResponse *InlineHookResponse
-
-	resp, err := rq.Do(ctx, req, &inlineHookResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return inlineHookResponse, resp, nil
-}
-
-// Activates the Inline Hook matching the provided id
-func (m *InlineHookResource) ActivateInlineHook(ctx context.Context, inlineHookId string) (*InlineHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks/%v/lifecycle/activate", inlineHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var inlineHook *InlineHook
-
-	resp, err := rq.Do(ctx, req, &inlineHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return inlineHook, resp, nil
-}
-
-// Deactivates the Inline Hook matching the provided id
-func (m *InlineHookResource) DeactivateInlineHook(ctx context.Context, inlineHookId string) (*InlineHook, *Response, error) {
-	url := fmt.Sprintf("/api/v1/inlineHooks/%v/lifecycle/deactivate", inlineHookId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var inlineHook *InlineHook
-
-	resp, err := rq.Do(ctx, req, &inlineHook)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return inlineHook, resp, nil
-}
diff --git a/okta/inlineHookChannel.go b/okta/inlineHookChannel.go
deleted file mode 100644
index 0177b1c1f..000000000
--- a/okta/inlineHookChannel.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookChannel struct {
-	Config  *InlineHookChannelConfig `json:"config,omitempty"`
-	Type    string                   `json:"type,omitempty"`
-	Version string                   `json:"version,omitempty"`
-}
diff --git a/okta/inlineHookChannelConfig.go b/okta/inlineHookChannelConfig.go
deleted file mode 100644
index 3eb5e69d7..000000000
--- a/okta/inlineHookChannelConfig.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookChannelConfig struct {
-	AuthScheme *InlineHookChannelConfigAuthScheme `json:"authScheme,omitempty"`
-	Headers    []*InlineHookChannelConfigHeaders  `json:"headers,omitempty"`
-	Method     string                             `json:"method,omitempty"`
-	Uri        string                             `json:"uri,omitempty"`
-}
diff --git a/okta/inlineHookChannelConfigAuthScheme.go b/okta/inlineHookChannelConfigAuthScheme.go
deleted file mode 100644
index 8a5235a93..000000000
--- a/okta/inlineHookChannelConfigAuthScheme.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookChannelConfigAuthScheme struct {
-	Key   string `json:"key,omitempty"`
-	Type  string `json:"type,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/inlineHookChannelConfigHeaders.go b/okta/inlineHookChannelConfigHeaders.go
deleted file mode 100644
index e251f4ee3..000000000
--- a/okta/inlineHookChannelConfigHeaders.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookChannelConfigHeaders struct {
-	Key   string `json:"key,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/inlineHookPayload.go b/okta/inlineHookPayload.go
deleted file mode 100644
index 5a309795c..000000000
--- a/okta/inlineHookPayload.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookPayload struct{}
diff --git a/okta/inlineHookResponse.go b/okta/inlineHookResponse.go
deleted file mode 100644
index 056c565b9..000000000
--- a/okta/inlineHookResponse.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookResponse struct {
-	Commands []*InlineHookResponseCommands `json:"commands,omitempty"`
-}
diff --git a/okta/inlineHookResponseCommandValue.go b/okta/inlineHookResponseCommandValue.go
deleted file mode 100644
index d3c971ac0..000000000
--- a/okta/inlineHookResponseCommandValue.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookResponseCommandValue struct {
-	Op    string `json:"op,omitempty"`
-	Path  string `json:"path,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/inlineHookResponseCommands.go b/okta/inlineHookResponseCommands.go
deleted file mode 100644
index e4bdb875b..000000000
--- a/okta/inlineHookResponseCommands.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookResponseCommands struct {
-	Type  string                            `json:"type,omitempty"`
-	Value []*InlineHookResponseCommandValue `json:"value,omitempty"`
-}
diff --git a/okta/inlineHookStatus.go b/okta/inlineHookStatus.go
deleted file mode 100644
index 458b4e280..000000000
--- a/okta/inlineHookStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookStatus string
diff --git a/okta/inlineHookType.go b/okta/inlineHookType.go
deleted file mode 100644
index 0bff9ae7d..000000000
--- a/okta/inlineHookType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type InlineHookType string
diff --git a/okta/ionField.go b/okta/ionField.go
deleted file mode 100644
index ba0b964a4..000000000
--- a/okta/ionField.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type IonField struct {
-	Form     *IonForm    `json:"form,omitempty"`
-	Label    string      `json:"label,omitempty"`
-	Mutable  *bool       `json:"mutable,omitempty"`
-	Name     string      `json:"name,omitempty"`
-	Required *bool       `json:"required,omitempty"`
-	Secret   *bool       `json:"secret,omitempty"`
-	Type     string      `json:"type,omitempty"`
-	Value    interface{} `json:"value,omitempty"`
-	Visible  *bool       `json:"visible,omitempty"`
-}
diff --git a/okta/ionForm.go b/okta/ionForm.go
deleted file mode 100644
index 8998906f7..000000000
--- a/okta/ionForm.go
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type IonForm struct {
-	Accepts    string      `json:"accepts,omitempty"`
-	Href       string      `json:"href,omitempty"`
-	Method     string      `json:"method,omitempty"`
-	Name       string      `json:"name,omitempty"`
-	Produces   string      `json:"produces,omitempty"`
-	Refresh    int64       `json:"-"`
-	RefreshPtr *int64      `json:"refresh,omitempty"`
-	Rel        []string    `json:"rel,omitempty"`
-	RelatesTo  []string    `json:"relatesTo,omitempty"`
-	Value      []*IonField `json:"value,omitempty"`
-}
-
-func (a *IonForm) MarshalJSON() ([]byte, error) {
-	type Alias IonForm
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Refresh != 0 {
-		result.RefreshPtr = Int64Ptr(a.Refresh)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *IonForm) UnmarshalJSON(data []byte) error {
-	type Alias IonForm
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.RefreshPtr != nil {
-		a.Refresh = *result.RefreshPtr
-		a.RefreshPtr = result.RefreshPtr
-	}
-	return nil
-}
diff --git a/okta/jsonWebKey.go b/okta/jsonWebKey.go
deleted file mode 100644
index cc7a29634..000000000
--- a/okta/jsonWebKey.go
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type JsonWebKey struct {
-	Links       interface{} `json:"_links,omitempty"`
-	Alg         string      `json:"alg,omitempty"`
-	Created     *time.Time  `json:"created,omitempty"`
-	E           string      `json:"e,omitempty"`
-	ExpiresAt   *time.Time  `json:"expiresAt,omitempty"`
-	KeyOps      []string    `json:"key_ops,omitempty"`
-	Kid         string      `json:"kid,omitempty"`
-	Kty         string      `json:"kty,omitempty"`
-	LastUpdated *time.Time  `json:"lastUpdated,omitempty"`
-	N           string      `json:"n,omitempty"`
-	Status      string      `json:"status,omitempty"`
-	Use         string      `json:"use,omitempty"`
-	X5c         []string    `json:"x5c,omitempty"`
-	X5t         string      `json:"x5t,omitempty"`
-	X5tS256     string      `json:"x5t#S256,omitempty"`
-	X5u         string      `json:"x5u,omitempty"`
-}
diff --git a/okta/jwkUse.go b/okta/jwkUse.go
deleted file mode 100644
index 7ab1becc9..000000000
--- a/okta/jwkUse.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type JwkUse struct {
-	Use string `json:"use,omitempty"`
-}
diff --git a/okta/knowledgeConstraint.go b/okta/knowledgeConstraint.go
deleted file mode 100644
index a34d5bab1..000000000
--- a/okta/knowledgeConstraint.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type KnowledgeConstraint struct {
-	Methods          []string `json:"methods,omitempty"`
-	ReauthenticateIn string   `json:"reauthenticateIn,omitempty"`
-	Types            []string `json:"types,omitempty"`
-}
-
-func NewKnowledgeConstraint() *KnowledgeConstraint {
-	return &KnowledgeConstraint{}
-}
-
-func (a *KnowledgeConstraint) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/lifecycleCreateSettingObject.go b/okta/lifecycleCreateSettingObject.go
deleted file mode 100644
index ef660d573..000000000
--- a/okta/lifecycleCreateSettingObject.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LifecycleCreateSettingObject struct {
-	Status string `json:"status,omitempty"`
-}
-
-func NewLifecycleCreateSettingObject() *LifecycleCreateSettingObject {
-	return &LifecycleCreateSettingObject{}
-}
-
-func (a *LifecycleCreateSettingObject) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/lifecycleDeactivateSettingObject.go b/okta/lifecycleDeactivateSettingObject.go
deleted file mode 100644
index 5ba1aa8f8..000000000
--- a/okta/lifecycleDeactivateSettingObject.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LifecycleDeactivateSettingObject struct {
-	Status string `json:"status,omitempty"`
-}
-
-func NewLifecycleDeactivateSettingObject() *LifecycleDeactivateSettingObject {
-	return &LifecycleDeactivateSettingObject{}
-}
-
-func (a *LifecycleDeactivateSettingObject) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/lifecycleExpirationPolicyRuleCondition.go b/okta/lifecycleExpirationPolicyRuleCondition.go
deleted file mode 100644
index c2070ccbd..000000000
--- a/okta/lifecycleExpirationPolicyRuleCondition.go
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type LifecycleExpirationPolicyRuleCondition struct {
-	LifecycleStatus string `json:"lifecycleStatus,omitempty"`
-	Number          int64  `json:"-"`
-	NumberPtr       *int64 `json:"number,omitempty"`
-	Unit            string `json:"unit,omitempty"`
-}
-
-func NewLifecycleExpirationPolicyRuleCondition() *LifecycleExpirationPolicyRuleCondition {
-	return &LifecycleExpirationPolicyRuleCondition{}
-}
-
-func (a *LifecycleExpirationPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *LifecycleExpirationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
-	type Alias LifecycleExpirationPolicyRuleCondition
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Number != 0 {
-		result.NumberPtr = Int64Ptr(a.Number)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *LifecycleExpirationPolicyRuleCondition) UnmarshalJSON(data []byte) error {
-	type Alias LifecycleExpirationPolicyRuleCondition
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.NumberPtr != nil {
-		a.Number = *result.NumberPtr
-		a.NumberPtr = result.NumberPtr
-	}
-	return nil
-}
diff --git a/okta/linkedObject.go b/okta/linkedObject.go
deleted file mode 100644
index 2d79defb7..000000000
--- a/okta/linkedObject.go
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-)
-
-type LinkedObjectResource resource
-
-type LinkedObject struct {
-	Links      interface{}          `json:"_links,omitempty"`
-	Associated *LinkedObjectDetails `json:"associated,omitempty"`
-	Primary    *LinkedObjectDetails `json:"primary,omitempty"`
-}
-
-func (m *LinkedObjectResource) AddLinkedObjectDefinition(ctx context.Context, body LinkedObject) (*LinkedObject, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/user/linkedObjects")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var linkedObject *LinkedObject
-
-	resp, err := rq.Do(ctx, req, &linkedObject)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return linkedObject, resp, nil
-}
-
-func (m *LinkedObjectResource) GetLinkedObjectDefinition(ctx context.Context, linkedObjectName string) (*LinkedObject, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/user/linkedObjects/%v", linkedObjectName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var linkedObject *LinkedObject
-
-	resp, err := rq.Do(ctx, req, &linkedObject)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return linkedObject, resp, nil
-}
-
-func (m *LinkedObjectResource) DeleteLinkedObjectDefinition(ctx context.Context, linkedObjectName string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/user/linkedObjects/%v", linkedObjectName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *LinkedObjectResource) ListLinkedObjectDefinitions(ctx context.Context) ([]*LinkedObject, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/user/linkedObjects")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var linkedObject []*LinkedObject
-
-	resp, err := rq.Do(ctx, req, &linkedObject)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return linkedObject, resp, nil
-}
diff --git a/okta/linkedObjectDetails.go b/okta/linkedObjectDetails.go
deleted file mode 100644
index 88fac691a..000000000
--- a/okta/linkedObjectDetails.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LinkedObjectDetails struct {
-	Description string `json:"description,omitempty"`
-	Name        string `json:"name,omitempty"`
-	Title       string `json:"title,omitempty"`
-	Type        string `json:"type,omitempty"`
-}
diff --git a/okta/linkedObjectDetailsType.go b/okta/linkedObjectDetailsType.go
deleted file mode 100644
index 3895d5e10..000000000
--- a/okta/linkedObjectDetailsType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LinkedObjectDetailsType string
diff --git a/okta/logActor.go b/okta/logActor.go
deleted file mode 100644
index ec9b5dc22..000000000
--- a/okta/logActor.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogActor struct {
-	AlternateId string      `json:"alternateId,omitempty"`
-	Detail      interface{} `json:"detail,omitempty"`
-	DisplayName string      `json:"displayName,omitempty"`
-	Id          string      `json:"id,omitempty"`
-	Type        string      `json:"type,omitempty"`
-}
diff --git a/okta/logAuthenticationContext.go b/okta/logAuthenticationContext.go
deleted file mode 100644
index 9e841832c..000000000
--- a/okta/logAuthenticationContext.go
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type LogAuthenticationContext struct {
-	AuthenticationProvider string     `json:"authenticationProvider,omitempty"`
-	AuthenticationStep     int64      `json:"-"`
-	AuthenticationStepPtr  *int64     `json:"authenticationStep,omitempty"`
-	CredentialProvider     string     `json:"credentialProvider,omitempty"`
-	CredentialType         string     `json:"credentialType,omitempty"`
-	ExternalSessionId      string     `json:"externalSessionId,omitempty"`
-	Interface              string     `json:"interface,omitempty"`
-	Issuer                 *LogIssuer `json:"issuer,omitempty"`
-}
-
-func (a *LogAuthenticationContext) MarshalJSON() ([]byte, error) {
-	type Alias LogAuthenticationContext
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.AuthenticationStep != 0 {
-		result.AuthenticationStepPtr = Int64Ptr(a.AuthenticationStep)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *LogAuthenticationContext) UnmarshalJSON(data []byte) error {
-	type Alias LogAuthenticationContext
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.AuthenticationStepPtr != nil {
-		a.AuthenticationStep = *result.AuthenticationStepPtr
-		a.AuthenticationStepPtr = result.AuthenticationStepPtr
-	}
-	return nil
-}
diff --git a/okta/logAuthenticationProvider.go b/okta/logAuthenticationProvider.go
deleted file mode 100644
index 6a1716c87..000000000
--- a/okta/logAuthenticationProvider.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogAuthenticationProvider string
diff --git a/okta/logClient.go b/okta/logClient.go
deleted file mode 100644
index ca408fa51..000000000
--- a/okta/logClient.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogClient struct {
-	Device              string                  `json:"device,omitempty"`
-	GeographicalContext *LogGeographicalContext `json:"geographicalContext,omitempty"`
-	Id                  string                  `json:"id,omitempty"`
-	IpAddress           string                  `json:"ipAddress,omitempty"`
-	UserAgent           *LogUserAgent           `json:"userAgent,omitempty"`
-	Zone                string                  `json:"zone,omitempty"`
-}
diff --git a/okta/logCredentialProvider.go b/okta/logCredentialProvider.go
deleted file mode 100644
index 0c06135b8..000000000
--- a/okta/logCredentialProvider.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogCredentialProvider string
diff --git a/okta/logCredentialType.go b/okta/logCredentialType.go
deleted file mode 100644
index d0281a766..000000000
--- a/okta/logCredentialType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogCredentialType string
diff --git a/okta/logDebugContext.go b/okta/logDebugContext.go
deleted file mode 100644
index 09e77f9bb..000000000
--- a/okta/logDebugContext.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogDebugContext struct {
-	DebugData interface{} `json:"debugData,omitempty"`
-}
diff --git a/okta/logEvent.go b/okta/logEvent.go
deleted file mode 100644
index 1c9161da2..000000000
--- a/okta/logEvent.go
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type LogEventResource resource
-
-type LogEvent struct {
-	Actor                 *LogActor                 `json:"actor,omitempty"`
-	AuthenticationContext *LogAuthenticationContext `json:"authenticationContext,omitempty"`
-	Client                *LogClient                `json:"client,omitempty"`
-	DebugContext          *LogDebugContext          `json:"debugContext,omitempty"`
-	DisplayMessage        string                    `json:"displayMessage,omitempty"`
-	EventType             string                    `json:"eventType,omitempty"`
-	LegacyEventType       string                    `json:"legacyEventType,omitempty"`
-	Outcome               *LogOutcome               `json:"outcome,omitempty"`
-	Published             *time.Time                `json:"published,omitempty"`
-	Request               *LogRequest               `json:"request,omitempty"`
-	SecurityContext       *LogSecurityContext       `json:"securityContext,omitempty"`
-	Severity              string                    `json:"severity,omitempty"`
-	Target                []*LogTarget              `json:"target,omitempty"`
-	Transaction           *LogTransaction           `json:"transaction,omitempty"`
-	Uuid                  string                    `json:"uuid,omitempty"`
-	Version               string                    `json:"version,omitempty"`
-}
-
-// The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API
-func (m *LogEventResource) GetLogs(ctx context.Context, qp *query.Params) ([]*LogEvent, *Response, error) {
-	url := fmt.Sprintf("/api/v1/logs")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var logEvent []*LogEvent
-
-	resp, err := rq.Do(ctx, req, &logEvent)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return logEvent, resp, nil
-}
diff --git a/okta/logGeographicalContext.go b/okta/logGeographicalContext.go
deleted file mode 100644
index 47e0a0c99..000000000
--- a/okta/logGeographicalContext.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogGeographicalContext struct {
-	City        string          `json:"city,omitempty"`
-	Country     string          `json:"country,omitempty"`
-	Geolocation *LogGeolocation `json:"geolocation,omitempty"`
-	PostalCode  string          `json:"postalCode,omitempty"`
-	State       string          `json:"state,omitempty"`
-}
diff --git a/okta/logGeolocation.go b/okta/logGeolocation.go
deleted file mode 100644
index 6df69b2d7..000000000
--- a/okta/logGeolocation.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogGeolocation struct {
-	Lat float64 `json:"lat,omitempty"`
-	Lon float64 `json:"lon,omitempty"`
-}
diff --git a/okta/logIpAddress.go b/okta/logIpAddress.go
deleted file mode 100644
index 961051e37..000000000
--- a/okta/logIpAddress.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogIpAddress struct {
-	GeographicalContext *LogGeographicalContext `json:"geographicalContext,omitempty"`
-	Ip                  string                  `json:"ip,omitempty"`
-	Source              string                  `json:"source,omitempty"`
-	Version             string                  `json:"version,omitempty"`
-}
diff --git a/okta/logIssuer.go b/okta/logIssuer.go
deleted file mode 100644
index a9214497c..000000000
--- a/okta/logIssuer.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogIssuer struct {
-	Id   string `json:"id,omitempty"`
-	Type string `json:"type,omitempty"`
-}
diff --git a/okta/logOutcome.go b/okta/logOutcome.go
deleted file mode 100644
index f18cfd87f..000000000
--- a/okta/logOutcome.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogOutcome struct {
-	Reason string `json:"reason,omitempty"`
-	Result string `json:"result,omitempty"`
-}
diff --git a/okta/logRequest.go b/okta/logRequest.go
deleted file mode 100644
index 0cfcba9bb..000000000
--- a/okta/logRequest.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogRequest struct {
-	IpChain []*LogIpAddress `json:"ipChain,omitempty"`
-}
diff --git a/okta/logSecurityContext.go b/okta/logSecurityContext.go
deleted file mode 100644
index 1773b2e88..000000000
--- a/okta/logSecurityContext.go
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type LogSecurityContext struct {
-	AsNumber    int64  `json:"-"`
-	AsNumberPtr *int64 `json:"asNumber,omitempty"`
-	AsOrg       string `json:"asOrg,omitempty"`
-	Domain      string `json:"domain,omitempty"`
-	IsProxy     *bool  `json:"isProxy,omitempty"`
-	Isp         string `json:"isp,omitempty"`
-}
-
-func (a *LogSecurityContext) MarshalJSON() ([]byte, error) {
-	type Alias LogSecurityContext
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.AsNumber != 0 {
-		result.AsNumberPtr = Int64Ptr(a.AsNumber)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *LogSecurityContext) UnmarshalJSON(data []byte) error {
-	type Alias LogSecurityContext
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.AsNumberPtr != nil {
-		a.AsNumber = *result.AsNumberPtr
-		a.AsNumberPtr = result.AsNumberPtr
-	}
-	return nil
-}
diff --git a/okta/logSeverity.go b/okta/logSeverity.go
deleted file mode 100644
index 52aad0927..000000000
--- a/okta/logSeverity.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogSeverity string
diff --git a/okta/logTarget.go b/okta/logTarget.go
deleted file mode 100644
index eb5145819..000000000
--- a/okta/logTarget.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogTarget struct {
-	AlternateId string      `json:"alternateId,omitempty"`
-	DetailEntry interface{} `json:"detailEntry,omitempty"`
-	DisplayName string      `json:"displayName,omitempty"`
-	Id          string      `json:"id,omitempty"`
-	Type        string      `json:"type,omitempty"`
-}
diff --git a/okta/logTransaction.go b/okta/logTransaction.go
deleted file mode 100644
index 89696cf58..000000000
--- a/okta/logTransaction.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogTransaction struct {
-	Detail interface{} `json:"detail,omitempty"`
-	Id     string      `json:"id,omitempty"`
-	Type   string      `json:"type,omitempty"`
-}
diff --git a/okta/logUserAgent.go b/okta/logUserAgent.go
deleted file mode 100644
index 7307266fc..000000000
--- a/okta/logUserAgent.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type LogUserAgent struct {
-	Browser      string `json:"browser,omitempty"`
-	Os           string `json:"os,omitempty"`
-	RawUserAgent string `json:"rawUserAgent,omitempty"`
-}
diff --git a/okta/main_test.go b/okta/main_test.go
new file mode 100644
index 000000000..e5fd26de4
--- /dev/null
+++ b/okta/main_test.go
@@ -0,0 +1,214 @@
+package okta
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"os"
+	"testing"
+)
+
+var apiClient *APIClient
+
+func init() {
+	configuration := NewConfiguration(WithCache(false))
+	configuration.Debug = false
+
+	apiClient = NewAPIClient(configuration)
+}
+
+func TestMain(m *testing.M) {
+	err := sweep()
+	if err != nil {
+		fmt.Printf("failed to clean up organization before integration tests: %v", err)
+	}
+	exitVal := m.Run()
+	apiClient = apiClient.RefreshNext()
+	err = sweep()
+	if err != nil {
+		fmt.Printf("failed to clean up organization after integration tests: %v", err)
+	}
+	os.Exit(exitVal)
+}
+
+func sweep() (err error) {
+	log.Println("[INFO] sweeping test users, groups, idps")
+	err = sweepUsers()
+	if err != nil {
+		return
+	}
+	err = sweepGroups()
+	if err != nil {
+		return
+	}
+	err = sweepGroupRules()
+	if err != nil {
+		return
+	}
+	// err = sweepApps()
+	// if err != nil {
+	// 	return
+	// }
+	return sweepIdps()
+}
+
+func sweepUsers() error {
+	req := apiClient.UserApi.ListUsers(apiClient.cfg.Context).Limit(200)
+	req = req.Q("SDK_TEST_")
+	users, resp, err := req.Execute()
+	if err != nil {
+		return err
+	}
+	for _, u := range users {
+		if err := cleanUpUser(u.GetId()); err != nil {
+			return err
+		}
+	}
+	for resp.HasNextPage() {
+		var users []*User
+		resp, err = resp.Next(&users)
+		if err != nil {
+			return err
+		}
+		for _, u := range users {
+			if err := cleanUpUser(u.GetId()); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func sweepGroups() error {
+	req := apiClient.GroupApi.ListGroups(apiClient.cfg.Context).Limit(200)
+	req = req.Q("SDK_TEST")
+	groups, resp, err := req.Execute()
+	if err != nil {
+		return err
+	}
+	for _, g := range groups {
+		if err := cleanUpGroup(g.GetId()); err != nil {
+			return err
+		}
+	}
+	for resp.HasNextPage() {
+		var groups []*Group
+		resp, err = resp.Next(&groups)
+		if err != nil {
+			return err
+		}
+		for _, g := range groups {
+			if err := cleanUpGroup(g.GetId()); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func sweepIdps() error {
+	req := apiClient.IdentityProviderApi.ListIdentityProviders(apiClient.cfg.Context).Limit(200)
+	req = req.Q("SDK_TEST")
+	idps, resp, err := req.Execute()
+	if err != nil {
+		return err
+	}
+	for _, idp := range idps {
+		if err := cleanUpIdp(idp.GetId()); err != nil {
+			return err
+		}
+	}
+	for resp.HasNextPage() {
+		var idps []*IdentityProvider
+		resp, err = resp.Next(&idps)
+		if err != nil {
+			return err
+		}
+		for _, idp := range idps {
+			if err := cleanUpIdp(idp.GetId()); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func sweepGroupRules() error {
+	req := apiClient.GroupApi.ListGroupRules(apiClient.cfg.Context).Limit(200)
+	req = req.Search("SDK_TEST")
+	groupRules, resp, err := req.Execute()
+	if err != nil {
+		return err
+	}
+	for _, gr := range groupRules {
+		if gr.GetStatus() == "ACTIVE" {
+			_, err = apiClient.GroupApi.DeactivateGroupRule(apiClient.cfg.Context, gr.GetId()).Execute()
+			if err != nil {
+				return err
+			}
+		}
+		if err := cleanUpGroupRule(gr.GetId()); err != nil {
+			return err
+		}
+	}
+	for resp.HasNextPage() {
+		var groupRules []*GroupRule
+		resp, err = resp.Next(&groupRules)
+		if err != nil {
+			return err
+		}
+		for _, gr := range groupRules {
+			if gr.GetStatus() == "ACTIVE" {
+				_, err = apiClient.GroupApi.DeactivateGroupRule(apiClient.cfg.Context, gr.GetId()).Execute()
+				if err != nil {
+					return err
+				}
+			}
+			if err := cleanUpGroupRule(gr.GetId()); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func sweepApps() error {
+	req := apiClient.ApplicationApi.ListApplications(apiClient.cfg.Context).Limit(200)
+	req = req.Q("SDK_TEST")
+	apps, _, err := req.Execute()
+	if err != nil {
+		return err
+	}
+	for _, a := range apps {
+		id, err := getAppId(a)
+		if err != nil {
+			fmt.Printf("unknown app type %v", a)
+			continue
+		}
+		if err := cleanUpApplication(id); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func getAppId(app ListApplications200ResponseInner) (string, error) {
+	if app.AutoLoginApplication != nil {
+		return app.AutoLoginApplication.GetId(), nil
+	} else if app.BasicAuthApplication != nil {
+		return app.BasicAuthApplication.GetId(), nil
+	} else if app.BookmarkApplication != nil {
+		return app.BookmarkApplication.GetId(), nil
+	} else if app.BrowserPluginApplication != nil {
+		return app.BrowserPluginApplication.GetId(), nil
+	} else if app.OpenIdConnectApplication != nil {
+		return app.OpenIdConnectApplication.GetId(), nil
+	} else if app.SamlApplication != nil {
+		return app.SamlApplication.GetId(), nil
+	} else if app.SecurePasswordStoreApplication != nil {
+		return app.SecurePasswordStoreApplication.GetId(), nil
+	} else if app.WsFederationApplication != nil {
+		return app.WsFederationApplication.GetId(), nil
+	}
+	return "", errors.New("unknown app type")
+}
diff --git a/okta/mdmEnrollmentPolicyRuleCondition.go b/okta/mdmEnrollmentPolicyRuleCondition.go
deleted file mode 100644
index 73a178ebd..000000000
--- a/okta/mdmEnrollmentPolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type MDMEnrollmentPolicyRuleCondition struct {
-	BlockNonSafeAndroid *bool  `json:"blockNonSafeAndroid,omitempty"`
-	Enrollment          string `json:"enrollment,omitempty"`
-}
-
-func NewMDMEnrollmentPolicyRuleCondition() *MDMEnrollmentPolicyRuleCondition {
-	return &MDMEnrollmentPolicyRuleCondition{}
-}
-
-func (a *MDMEnrollmentPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/model_access_policy.go b/okta/model_access_policy.go
new file mode 100644
index 000000000..c7d5272a8
--- /dev/null
+++ b/okta/model_access_policy.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// AccessPolicy struct for AccessPolicy
+type AccessPolicy struct {
+	Policy
+	Conditions           *PolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicy AccessPolicy
+
+// NewAccessPolicy instantiates a new AccessPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicy() *AccessPolicy {
+	this := AccessPolicy{}
+	return &this
+}
+
+// NewAccessPolicyWithDefaults instantiates a new AccessPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyWithDefaults() *AccessPolicy {
+	this := AccessPolicy{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *AccessPolicy) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicy) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *AccessPolicy) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *AccessPolicy) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o AccessPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicy, errPolicy := json.Marshal(o.Policy)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	errPolicy = json.Unmarshal([]byte(serializedPolicy), &toSerialize)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicy) UnmarshalJSON(bytes []byte) (err error) {
+	type AccessPolicyWithoutEmbeddedStruct struct {
+		Conditions *PolicyRuleConditions `json:"conditions,omitempty"`
+	}
+
+	varAccessPolicyWithoutEmbeddedStruct := AccessPolicyWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyWithoutEmbeddedStruct)
+	if err == nil {
+		varAccessPolicy := _AccessPolicy{}
+		varAccessPolicy.Conditions = varAccessPolicyWithoutEmbeddedStruct.Conditions
+		*o = AccessPolicy(varAccessPolicy)
+	} else {
+		return err
+	}
+
+	varAccessPolicy := _AccessPolicy{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicy)
+	if err == nil {
+		o.Policy = varAccessPolicy.Policy
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicy := reflect.ValueOf(o.Policy)
+		for i := 0; i < reflectPolicy.Type().NumField(); i++ {
+			t := reflectPolicy.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicy struct {
+	value *AccessPolicy
+	isSet bool
+}
+
+func (v NullableAccessPolicy) Get() *AccessPolicy {
+	return v.value
+}
+
+func (v *NullableAccessPolicy) Set(val *AccessPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicy(val *AccessPolicy) *NullableAccessPolicy {
+	return &NullableAccessPolicy{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_all_of.go b/okta/model_access_policy_all_of.go
new file mode 100644
index 000000000..05d9e364f
--- /dev/null
+++ b/okta/model_access_policy_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyAllOf struct for AccessPolicyAllOf
+type AccessPolicyAllOf struct {
+	Conditions           *PolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyAllOf AccessPolicyAllOf
+
+// NewAccessPolicyAllOf instantiates a new AccessPolicyAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyAllOf() *AccessPolicyAllOf {
+	this := AccessPolicyAllOf{}
+	return &this
+}
+
+// NewAccessPolicyAllOfWithDefaults instantiates a new AccessPolicyAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyAllOfWithDefaults() *AccessPolicyAllOf {
+	this := AccessPolicyAllOf{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *AccessPolicyAllOf) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyAllOf) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *AccessPolicyAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *AccessPolicyAllOf) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o AccessPolicyAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyAllOf := _AccessPolicyAllOf{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyAllOf)
+	if err == nil {
+		*o = AccessPolicyAllOf(varAccessPolicyAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyAllOf struct {
+	value *AccessPolicyAllOf
+	isSet bool
+}
+
+func (v NullableAccessPolicyAllOf) Get() *AccessPolicyAllOf {
+	return v.value
+}
+
+func (v *NullableAccessPolicyAllOf) Set(val *AccessPolicyAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyAllOf(val *AccessPolicyAllOf) *NullableAccessPolicyAllOf {
+	return &NullableAccessPolicyAllOf{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_constraint.go b/okta/model_access_policy_constraint.go
new file mode 100644
index 000000000..ad2418259
--- /dev/null
+++ b/okta/model_access_policy_constraint.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyConstraint struct for AccessPolicyConstraint
+type AccessPolicyConstraint struct {
+	Methods              []string `json:"methods,omitempty"`
+	ReauthenticateIn     *string  `json:"reauthenticateIn,omitempty"`
+	Types                []string `json:"types,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyConstraint AccessPolicyConstraint
+
+// NewAccessPolicyConstraint instantiates a new AccessPolicyConstraint object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyConstraint() *AccessPolicyConstraint {
+	this := AccessPolicyConstraint{}
+	return &this
+}
+
+// NewAccessPolicyConstraintWithDefaults instantiates a new AccessPolicyConstraint object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyConstraintWithDefaults() *AccessPolicyConstraint {
+	this := AccessPolicyConstraint{}
+	return &this
+}
+
+// GetMethods returns the Methods field value if set, zero value otherwise.
+func (o *AccessPolicyConstraint) GetMethods() []string {
+	if o == nil || o.Methods == nil {
+		var ret []string
+		return ret
+	}
+	return o.Methods
+}
+
+// GetMethodsOk returns a tuple with the Methods field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyConstraint) GetMethodsOk() ([]string, bool) {
+	if o == nil || o.Methods == nil {
+		return nil, false
+	}
+	return o.Methods, true
+}
+
+// HasMethods returns a boolean if a field has been set.
+func (o *AccessPolicyConstraint) HasMethods() bool {
+	if o != nil && o.Methods != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMethods gets a reference to the given []string and assigns it to the Methods field.
+func (o *AccessPolicyConstraint) SetMethods(v []string) {
+	o.Methods = v
+}
+
+// GetReauthenticateIn returns the ReauthenticateIn field value if set, zero value otherwise.
+func (o *AccessPolicyConstraint) GetReauthenticateIn() string {
+	if o == nil || o.ReauthenticateIn == nil {
+		var ret string
+		return ret
+	}
+	return *o.ReauthenticateIn
+}
+
+// GetReauthenticateInOk returns a tuple with the ReauthenticateIn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyConstraint) GetReauthenticateInOk() (*string, bool) {
+	if o == nil || o.ReauthenticateIn == nil {
+		return nil, false
+	}
+	return o.ReauthenticateIn, true
+}
+
+// HasReauthenticateIn returns a boolean if a field has been set.
+func (o *AccessPolicyConstraint) HasReauthenticateIn() bool {
+	if o != nil && o.ReauthenticateIn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReauthenticateIn gets a reference to the given string and assigns it to the ReauthenticateIn field.
+func (o *AccessPolicyConstraint) SetReauthenticateIn(v string) {
+	o.ReauthenticateIn = &v
+}
+
+// GetTypes returns the Types field value if set, zero value otherwise.
+func (o *AccessPolicyConstraint) GetTypes() []string {
+	if o == nil || o.Types == nil {
+		var ret []string
+		return ret
+	}
+	return o.Types
+}
+
+// GetTypesOk returns a tuple with the Types field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyConstraint) GetTypesOk() ([]string, bool) {
+	if o == nil || o.Types == nil {
+		return nil, false
+	}
+	return o.Types, true
+}
+
+// HasTypes returns a boolean if a field has been set.
+func (o *AccessPolicyConstraint) HasTypes() bool {
+	if o != nil && o.Types != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTypes gets a reference to the given []string and assigns it to the Types field.
+func (o *AccessPolicyConstraint) SetTypes(v []string) {
+	o.Types = v
+}
+
+func (o AccessPolicyConstraint) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Methods != nil {
+		toSerialize["methods"] = o.Methods
+	}
+	if o.ReauthenticateIn != nil {
+		toSerialize["reauthenticateIn"] = o.ReauthenticateIn
+	}
+	if o.Types != nil {
+		toSerialize["types"] = o.Types
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyConstraint) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyConstraint := _AccessPolicyConstraint{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyConstraint)
+	if err == nil {
+		*o = AccessPolicyConstraint(varAccessPolicyConstraint)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "methods")
+		delete(additionalProperties, "reauthenticateIn")
+		delete(additionalProperties, "types")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyConstraint struct {
+	value *AccessPolicyConstraint
+	isSet bool
+}
+
+func (v NullableAccessPolicyConstraint) Get() *AccessPolicyConstraint {
+	return v.value
+}
+
+func (v *NullableAccessPolicyConstraint) Set(val *AccessPolicyConstraint) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyConstraint) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyConstraint) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyConstraint(val *AccessPolicyConstraint) *NullableAccessPolicyConstraint {
+	return &NullableAccessPolicyConstraint{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyConstraint) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyConstraint) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_constraints.go b/okta/model_access_policy_constraints.go
new file mode 100644
index 000000000..84fb769d4
--- /dev/null
+++ b/okta/model_access_policy_constraints.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyConstraints struct for AccessPolicyConstraints
+type AccessPolicyConstraints struct {
+	Knowledge            *KnowledgeConstraint  `json:"knowledge,omitempty"`
+	Possession           *PossessionConstraint `json:"possession,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyConstraints AccessPolicyConstraints
+
+// NewAccessPolicyConstraints instantiates a new AccessPolicyConstraints object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyConstraints() *AccessPolicyConstraints {
+	this := AccessPolicyConstraints{}
+	return &this
+}
+
+// NewAccessPolicyConstraintsWithDefaults instantiates a new AccessPolicyConstraints object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyConstraintsWithDefaults() *AccessPolicyConstraints {
+	this := AccessPolicyConstraints{}
+	return &this
+}
+
+// GetKnowledge returns the Knowledge field value if set, zero value otherwise.
+func (o *AccessPolicyConstraints) GetKnowledge() KnowledgeConstraint {
+	if o == nil || o.Knowledge == nil {
+		var ret KnowledgeConstraint
+		return ret
+	}
+	return *o.Knowledge
+}
+
+// GetKnowledgeOk returns a tuple with the Knowledge field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyConstraints) GetKnowledgeOk() (*KnowledgeConstraint, bool) {
+	if o == nil || o.Knowledge == nil {
+		return nil, false
+	}
+	return o.Knowledge, true
+}
+
+// HasKnowledge returns a boolean if a field has been set.
+func (o *AccessPolicyConstraints) HasKnowledge() bool {
+	if o != nil && o.Knowledge != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKnowledge gets a reference to the given KnowledgeConstraint and assigns it to the Knowledge field.
+func (o *AccessPolicyConstraints) SetKnowledge(v KnowledgeConstraint) {
+	o.Knowledge = &v
+}
+
+// GetPossession returns the Possession field value if set, zero value otherwise.
+func (o *AccessPolicyConstraints) GetPossession() PossessionConstraint {
+	if o == nil || o.Possession == nil {
+		var ret PossessionConstraint
+		return ret
+	}
+	return *o.Possession
+}
+
+// GetPossessionOk returns a tuple with the Possession field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyConstraints) GetPossessionOk() (*PossessionConstraint, bool) {
+	if o == nil || o.Possession == nil {
+		return nil, false
+	}
+	return o.Possession, true
+}
+
+// HasPossession returns a boolean if a field has been set.
+func (o *AccessPolicyConstraints) HasPossession() bool {
+	if o != nil && o.Possession != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPossession gets a reference to the given PossessionConstraint and assigns it to the Possession field.
+func (o *AccessPolicyConstraints) SetPossession(v PossessionConstraint) {
+	o.Possession = &v
+}
+
+func (o AccessPolicyConstraints) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Knowledge != nil {
+		toSerialize["knowledge"] = o.Knowledge
+	}
+	if o.Possession != nil {
+		toSerialize["possession"] = o.Possession
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyConstraints) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyConstraints := _AccessPolicyConstraints{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyConstraints)
+	if err == nil {
+		*o = AccessPolicyConstraints(varAccessPolicyConstraints)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "knowledge")
+		delete(additionalProperties, "possession")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyConstraints struct {
+	value *AccessPolicyConstraints
+	isSet bool
+}
+
+func (v NullableAccessPolicyConstraints) Get() *AccessPolicyConstraints {
+	return v.value
+}
+
+func (v *NullableAccessPolicyConstraints) Set(val *AccessPolicyConstraints) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyConstraints) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyConstraints) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyConstraints(val *AccessPolicyConstraints) *NullableAccessPolicyConstraints {
+	return &NullableAccessPolicyConstraints{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyConstraints) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyConstraints) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule.go b/okta/model_access_policy_rule.go
new file mode 100644
index 000000000..005402afd
--- /dev/null
+++ b/okta/model_access_policy_rule.go
@@ -0,0 +1,244 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// AccessPolicyRule struct for AccessPolicyRule
+type AccessPolicyRule struct {
+	PolicyRule
+	Actions              *AccessPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *AccessPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyRule AccessPolicyRule
+
+// NewAccessPolicyRule instantiates a new AccessPolicyRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRule() *AccessPolicyRule {
+	this := AccessPolicyRule{}
+	var system bool = false
+	this.System = &system
+	return &this
+}
+
+// NewAccessPolicyRuleWithDefaults instantiates a new AccessPolicyRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleWithDefaults() *AccessPolicyRule {
+	this := AccessPolicyRule{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *AccessPolicyRule) GetActions() AccessPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret AccessPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRule) GetActionsOk() (*AccessPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *AccessPolicyRule) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given AccessPolicyRuleActions and assigns it to the Actions field.
+func (o *AccessPolicyRule) SetActions(v AccessPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *AccessPolicyRule) GetConditions() AccessPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret AccessPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRule) GetConditionsOk() (*AccessPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *AccessPolicyRule) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given AccessPolicyRuleConditions and assigns it to the Conditions field.
+func (o *AccessPolicyRule) SetConditions(v AccessPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o AccessPolicyRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicyRule, errPolicyRule := json.Marshal(o.PolicyRule)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	errPolicyRule = json.Unmarshal([]byte(serializedPolicyRule), &toSerialize)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRule) UnmarshalJSON(bytes []byte) (err error) {
+	type AccessPolicyRuleWithoutEmbeddedStruct struct {
+		Actions    *AccessPolicyRuleActions    `json:"actions,omitempty"`
+		Conditions *AccessPolicyRuleConditions `json:"conditions,omitempty"`
+	}
+
+	varAccessPolicyRuleWithoutEmbeddedStruct := AccessPolicyRuleWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleWithoutEmbeddedStruct)
+	if err == nil {
+		varAccessPolicyRule := _AccessPolicyRule{}
+		varAccessPolicyRule.Actions = varAccessPolicyRuleWithoutEmbeddedStruct.Actions
+		varAccessPolicyRule.Conditions = varAccessPolicyRuleWithoutEmbeddedStruct.Conditions
+		*o = AccessPolicyRule(varAccessPolicyRule)
+	} else {
+		return err
+	}
+
+	varAccessPolicyRule := _AccessPolicyRule{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRule)
+	if err == nil {
+		o.PolicyRule = varAccessPolicyRule.PolicyRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicyRule := reflect.ValueOf(o.PolicyRule)
+		for i := 0; i < reflectPolicyRule.Type().NumField(); i++ {
+			t := reflectPolicyRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRule struct {
+	value *AccessPolicyRule
+	isSet bool
+}
+
+func (v NullableAccessPolicyRule) Get() *AccessPolicyRule {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRule) Set(val *AccessPolicyRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRule(val *AccessPolicyRule) *NullableAccessPolicyRule {
+	return &NullableAccessPolicyRule{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule_actions.go b/okta/model_access_policy_rule_actions.go
new file mode 100644
index 000000000..54614e6ec
--- /dev/null
+++ b/okta/model_access_policy_rule_actions.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyRuleActions struct for AccessPolicyRuleActions
+type AccessPolicyRuleActions struct {
+	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
+	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
+	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
+	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
+	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
+	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
+	AppSignOn                *AccessPolicyRuleApplicationSignOn `json:"appSignOn,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _AccessPolicyRuleActions AccessPolicyRuleActions
+
+// NewAccessPolicyRuleActions instantiates a new AccessPolicyRuleActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRuleActions() *AccessPolicyRuleActions {
+	this := AccessPolicyRuleActions{}
+	return &this
+}
+
+// NewAccessPolicyRuleActionsWithDefaults instantiates a new AccessPolicyRuleActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleActionsWithDefaults() *AccessPolicyRuleActions {
+	this := AccessPolicyRuleActions{}
+	return &this
+}
+
+// GetEnroll returns the Enroll field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll {
+	if o == nil || o.Enroll == nil {
+		var ret PolicyRuleActionsEnroll
+		return ret
+	}
+	return *o.Enroll
+}
+
+// GetEnrollOk returns a tuple with the Enroll field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool) {
+	if o == nil || o.Enroll == nil {
+		return nil, false
+	}
+	return o.Enroll, true
+}
+
+// HasEnroll returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActions) HasEnroll() bool {
+	if o != nil && o.Enroll != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnroll gets a reference to the given PolicyRuleActionsEnroll and assigns it to the Enroll field.
+func (o *AccessPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll) {
+	o.Enroll = &v
+}
+
+// GetIdp returns the Idp field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActions) GetIdp() IdpPolicyRuleAction {
+	if o == nil || o.Idp == nil {
+		var ret IdpPolicyRuleAction
+		return ret
+	}
+	return *o.Idp
+}
+
+// GetIdpOk returns a tuple with the Idp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool) {
+	if o == nil || o.Idp == nil {
+		return nil, false
+	}
+	return o.Idp, true
+}
+
+// HasIdp returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActions) HasIdp() bool {
+	if o != nil && o.Idp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdp gets a reference to the given IdpPolicyRuleAction and assigns it to the Idp field.
+func (o *AccessPolicyRuleActions) SetIdp(v IdpPolicyRuleAction) {
+	o.Idp = &v
+}
+
+// GetPasswordChange returns the PasswordChange field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction {
+	if o == nil || o.PasswordChange == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.PasswordChange
+}
+
+// GetPasswordChangeOk returns a tuple with the PasswordChange field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.PasswordChange == nil {
+		return nil, false
+	}
+	return o.PasswordChange, true
+}
+
+// HasPasswordChange returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActions) HasPasswordChange() bool {
+	if o != nil && o.PasswordChange != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChange gets a reference to the given PasswordPolicyRuleAction and assigns it to the PasswordChange field.
+func (o *AccessPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction) {
+	o.PasswordChange = &v
+}
+
+// GetSelfServicePasswordReset returns the SelfServicePasswordReset field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServicePasswordReset
+}
+
+// GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		return nil, false
+	}
+	return o.SelfServicePasswordReset, true
+}
+
+// HasSelfServicePasswordReset returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActions) HasSelfServicePasswordReset() bool {
+	if o != nil && o.SelfServicePasswordReset != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServicePasswordReset gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServicePasswordReset field.
+func (o *AccessPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction) {
+	o.SelfServicePasswordReset = &v
+}
+
+// GetSelfServiceUnlock returns the SelfServiceUnlock field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServiceUnlock == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServiceUnlock
+}
+
+// GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServiceUnlock == nil {
+		return nil, false
+	}
+	return o.SelfServiceUnlock, true
+}
+
+// HasSelfServiceUnlock returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActions) HasSelfServiceUnlock() bool {
+	if o != nil && o.SelfServiceUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServiceUnlock gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServiceUnlock field.
+func (o *AccessPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction) {
+	o.SelfServiceUnlock = &v
+}
+
+// GetSignon returns the Signon field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions {
+	if o == nil || o.Signon == nil {
+		var ret OktaSignOnPolicyRuleSignonActions
+		return ret
+	}
+	return *o.Signon
+}
+
+// GetSignonOk returns a tuple with the Signon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool) {
+	if o == nil || o.Signon == nil {
+		return nil, false
+	}
+	return o.Signon, true
+}
+
+// HasSignon returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActions) HasSignon() bool {
+	if o != nil && o.Signon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignon gets a reference to the given OktaSignOnPolicyRuleSignonActions and assigns it to the Signon field.
+func (o *AccessPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions) {
+	o.Signon = &v
+}
+
+// GetAppSignOn returns the AppSignOn field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActions) GetAppSignOn() AccessPolicyRuleApplicationSignOn {
+	if o == nil || o.AppSignOn == nil {
+		var ret AccessPolicyRuleApplicationSignOn
+		return ret
+	}
+	return *o.AppSignOn
+}
+
+// GetAppSignOnOk returns a tuple with the AppSignOn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActions) GetAppSignOnOk() (*AccessPolicyRuleApplicationSignOn, bool) {
+	if o == nil || o.AppSignOn == nil {
+		return nil, false
+	}
+	return o.AppSignOn, true
+}
+
+// HasAppSignOn returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActions) HasAppSignOn() bool {
+	if o != nil && o.AppSignOn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppSignOn gets a reference to the given AccessPolicyRuleApplicationSignOn and assigns it to the AppSignOn field.
+func (o *AccessPolicyRuleActions) SetAppSignOn(v AccessPolicyRuleApplicationSignOn) {
+	o.AppSignOn = &v
+}
+
+func (o AccessPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enroll != nil {
+		toSerialize["enroll"] = o.Enroll
+	}
+	if o.Idp != nil {
+		toSerialize["idp"] = o.Idp
+	}
+	if o.PasswordChange != nil {
+		toSerialize["passwordChange"] = o.PasswordChange
+	}
+	if o.SelfServicePasswordReset != nil {
+		toSerialize["selfServicePasswordReset"] = o.SelfServicePasswordReset
+	}
+	if o.SelfServiceUnlock != nil {
+		toSerialize["selfServiceUnlock"] = o.SelfServiceUnlock
+	}
+	if o.Signon != nil {
+		toSerialize["signon"] = o.Signon
+	}
+	if o.AppSignOn != nil {
+		toSerialize["appSignOn"] = o.AppSignOn
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRuleActions) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyRuleActions := _AccessPolicyRuleActions{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleActions)
+	if err == nil {
+		*o = AccessPolicyRuleActions(varAccessPolicyRuleActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enroll")
+		delete(additionalProperties, "idp")
+		delete(additionalProperties, "passwordChange")
+		delete(additionalProperties, "selfServicePasswordReset")
+		delete(additionalProperties, "selfServiceUnlock")
+		delete(additionalProperties, "signon")
+		delete(additionalProperties, "appSignOn")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRuleActions struct {
+	value *AccessPolicyRuleActions
+	isSet bool
+}
+
+func (v NullableAccessPolicyRuleActions) Get() *AccessPolicyRuleActions {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRuleActions) Set(val *AccessPolicyRuleActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRuleActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRuleActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRuleActions(val *AccessPolicyRuleActions) *NullableAccessPolicyRuleActions {
+	return &NullableAccessPolicyRuleActions{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRuleActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule_actions_all_of.go b/okta/model_access_policy_rule_actions_all_of.go
new file mode 100644
index 000000000..53a16af6e
--- /dev/null
+++ b/okta/model_access_policy_rule_actions_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyRuleActionsAllOf struct for AccessPolicyRuleActionsAllOf
+type AccessPolicyRuleActionsAllOf struct {
+	AppSignOn            *AccessPolicyRuleApplicationSignOn `json:"appSignOn,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyRuleActionsAllOf AccessPolicyRuleActionsAllOf
+
+// NewAccessPolicyRuleActionsAllOf instantiates a new AccessPolicyRuleActionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRuleActionsAllOf() *AccessPolicyRuleActionsAllOf {
+	this := AccessPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// NewAccessPolicyRuleActionsAllOfWithDefaults instantiates a new AccessPolicyRuleActionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleActionsAllOfWithDefaults() *AccessPolicyRuleActionsAllOf {
+	this := AccessPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// GetAppSignOn returns the AppSignOn field value if set, zero value otherwise.
+func (o *AccessPolicyRuleActionsAllOf) GetAppSignOn() AccessPolicyRuleApplicationSignOn {
+	if o == nil || o.AppSignOn == nil {
+		var ret AccessPolicyRuleApplicationSignOn
+		return ret
+	}
+	return *o.AppSignOn
+}
+
+// GetAppSignOnOk returns a tuple with the AppSignOn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleActionsAllOf) GetAppSignOnOk() (*AccessPolicyRuleApplicationSignOn, bool) {
+	if o == nil || o.AppSignOn == nil {
+		return nil, false
+	}
+	return o.AppSignOn, true
+}
+
+// HasAppSignOn returns a boolean if a field has been set.
+func (o *AccessPolicyRuleActionsAllOf) HasAppSignOn() bool {
+	if o != nil && o.AppSignOn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppSignOn gets a reference to the given AccessPolicyRuleApplicationSignOn and assigns it to the AppSignOn field.
+func (o *AccessPolicyRuleActionsAllOf) SetAppSignOn(v AccessPolicyRuleApplicationSignOn) {
+	o.AppSignOn = &v
+}
+
+func (o AccessPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AppSignOn != nil {
+		toSerialize["appSignOn"] = o.AppSignOn
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRuleActionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyRuleActionsAllOf := _AccessPolicyRuleActionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleActionsAllOf)
+	if err == nil {
+		*o = AccessPolicyRuleActionsAllOf(varAccessPolicyRuleActionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "appSignOn")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRuleActionsAllOf struct {
+	value *AccessPolicyRuleActionsAllOf
+	isSet bool
+}
+
+func (v NullableAccessPolicyRuleActionsAllOf) Get() *AccessPolicyRuleActionsAllOf {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRuleActionsAllOf) Set(val *AccessPolicyRuleActionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRuleActionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRuleActionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRuleActionsAllOf(val *AccessPolicyRuleActionsAllOf) *NullableAccessPolicyRuleActionsAllOf {
+	return &NullableAccessPolicyRuleActionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRuleActionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule_all_of.go b/okta/model_access_policy_rule_all_of.go
new file mode 100644
index 000000000..9c902cf72
--- /dev/null
+++ b/okta/model_access_policy_rule_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyRuleAllOf struct for AccessPolicyRuleAllOf
+type AccessPolicyRuleAllOf struct {
+	Actions              *AccessPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *AccessPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyRuleAllOf AccessPolicyRuleAllOf
+
+// NewAccessPolicyRuleAllOf instantiates a new AccessPolicyRuleAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRuleAllOf() *AccessPolicyRuleAllOf {
+	this := AccessPolicyRuleAllOf{}
+	return &this
+}
+
+// NewAccessPolicyRuleAllOfWithDefaults instantiates a new AccessPolicyRuleAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleAllOfWithDefaults() *AccessPolicyRuleAllOf {
+	this := AccessPolicyRuleAllOf{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *AccessPolicyRuleAllOf) GetActions() AccessPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret AccessPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleAllOf) GetActionsOk() (*AccessPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *AccessPolicyRuleAllOf) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given AccessPolicyRuleActions and assigns it to the Actions field.
+func (o *AccessPolicyRuleAllOf) SetActions(v AccessPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *AccessPolicyRuleAllOf) GetConditions() AccessPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret AccessPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleAllOf) GetConditionsOk() (*AccessPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *AccessPolicyRuleAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given AccessPolicyRuleConditions and assigns it to the Conditions field.
+func (o *AccessPolicyRuleAllOf) SetConditions(v AccessPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o AccessPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRuleAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyRuleAllOf := _AccessPolicyRuleAllOf{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleAllOf)
+	if err == nil {
+		*o = AccessPolicyRuleAllOf(varAccessPolicyRuleAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRuleAllOf struct {
+	value *AccessPolicyRuleAllOf
+	isSet bool
+}
+
+func (v NullableAccessPolicyRuleAllOf) Get() *AccessPolicyRuleAllOf {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRuleAllOf) Set(val *AccessPolicyRuleAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRuleAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRuleAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRuleAllOf(val *AccessPolicyRuleAllOf) *NullableAccessPolicyRuleAllOf {
+	return &NullableAccessPolicyRuleAllOf{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRuleAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule_application_sign_on.go b/okta/model_access_policy_rule_application_sign_on.go
new file mode 100644
index 000000000..346d2cab7
--- /dev/null
+++ b/okta/model_access_policy_rule_application_sign_on.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyRuleApplicationSignOn struct for AccessPolicyRuleApplicationSignOn
+type AccessPolicyRuleApplicationSignOn struct {
+	Access               *string             `json:"access,omitempty"`
+	VerificationMethod   *VerificationMethod `json:"verificationMethod,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyRuleApplicationSignOn AccessPolicyRuleApplicationSignOn
+
+// NewAccessPolicyRuleApplicationSignOn instantiates a new AccessPolicyRuleApplicationSignOn object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRuleApplicationSignOn() *AccessPolicyRuleApplicationSignOn {
+	this := AccessPolicyRuleApplicationSignOn{}
+	return &this
+}
+
+// NewAccessPolicyRuleApplicationSignOnWithDefaults instantiates a new AccessPolicyRuleApplicationSignOn object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleApplicationSignOnWithDefaults() *AccessPolicyRuleApplicationSignOn {
+	this := AccessPolicyRuleApplicationSignOn{}
+	return &this
+}
+
+// GetAccess returns the Access field value if set, zero value otherwise.
+func (o *AccessPolicyRuleApplicationSignOn) GetAccess() string {
+	if o == nil || o.Access == nil {
+		var ret string
+		return ret
+	}
+	return *o.Access
+}
+
+// GetAccessOk returns a tuple with the Access field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleApplicationSignOn) GetAccessOk() (*string, bool) {
+	if o == nil || o.Access == nil {
+		return nil, false
+	}
+	return o.Access, true
+}
+
+// HasAccess returns a boolean if a field has been set.
+func (o *AccessPolicyRuleApplicationSignOn) HasAccess() bool {
+	if o != nil && o.Access != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccess gets a reference to the given string and assigns it to the Access field.
+func (o *AccessPolicyRuleApplicationSignOn) SetAccess(v string) {
+	o.Access = &v
+}
+
+// GetVerificationMethod returns the VerificationMethod field value if set, zero value otherwise.
+func (o *AccessPolicyRuleApplicationSignOn) GetVerificationMethod() VerificationMethod {
+	if o == nil || o.VerificationMethod == nil {
+		var ret VerificationMethod
+		return ret
+	}
+	return *o.VerificationMethod
+}
+
+// GetVerificationMethodOk returns a tuple with the VerificationMethod field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleApplicationSignOn) GetVerificationMethodOk() (*VerificationMethod, bool) {
+	if o == nil || o.VerificationMethod == nil {
+		return nil, false
+	}
+	return o.VerificationMethod, true
+}
+
+// HasVerificationMethod returns a boolean if a field has been set.
+func (o *AccessPolicyRuleApplicationSignOn) HasVerificationMethod() bool {
+	if o != nil && o.VerificationMethod != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVerificationMethod gets a reference to the given VerificationMethod and assigns it to the VerificationMethod field.
+func (o *AccessPolicyRuleApplicationSignOn) SetVerificationMethod(v VerificationMethod) {
+	o.VerificationMethod = &v
+}
+
+func (o AccessPolicyRuleApplicationSignOn) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Access != nil {
+		toSerialize["access"] = o.Access
+	}
+	if o.VerificationMethod != nil {
+		toSerialize["verificationMethod"] = o.VerificationMethod
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRuleApplicationSignOn) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyRuleApplicationSignOn := _AccessPolicyRuleApplicationSignOn{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleApplicationSignOn)
+	if err == nil {
+		*o = AccessPolicyRuleApplicationSignOn(varAccessPolicyRuleApplicationSignOn)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "access")
+		delete(additionalProperties, "verificationMethod")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRuleApplicationSignOn struct {
+	value *AccessPolicyRuleApplicationSignOn
+	isSet bool
+}
+
+func (v NullableAccessPolicyRuleApplicationSignOn) Get() *AccessPolicyRuleApplicationSignOn {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRuleApplicationSignOn) Set(val *AccessPolicyRuleApplicationSignOn) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRuleApplicationSignOn) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRuleApplicationSignOn) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRuleApplicationSignOn(val *AccessPolicyRuleApplicationSignOn) *NullableAccessPolicyRuleApplicationSignOn {
+	return &NullableAccessPolicyRuleApplicationSignOn{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRuleApplicationSignOn) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRuleApplicationSignOn) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule_conditions.go b/okta/model_access_policy_rule_conditions.go
new file mode 100644
index 000000000..914f12b64
--- /dev/null
+++ b/okta/model_access_policy_rule_conditions.go
@@ -0,0 +1,972 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyRuleConditions struct for AccessPolicyRuleConditions
+type AccessPolicyRuleConditions struct {
+	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
+	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
+	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
+	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
+	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
+	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
+	Device                *DeviceAccessPolicyRuleCondition               `json:"device,omitempty"`
+	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
+	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
+	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
+	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
+	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
+	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
+	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
+	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
+	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
+	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
+	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
+	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
+	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
+	ElCondition           *AccessPolicyRuleCustomCondition               `json:"elCondition,omitempty"`
+	UserType              *UserTypeCondition                             `json:"userType,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _AccessPolicyRuleConditions AccessPolicyRuleConditions
+
+// NewAccessPolicyRuleConditions instantiates a new AccessPolicyRuleConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRuleConditions() *AccessPolicyRuleConditions {
+	this := AccessPolicyRuleConditions{}
+	return &this
+}
+
+// NewAccessPolicyRuleConditionsWithDefaults instantiates a new AccessPolicyRuleConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleConditionsWithDefaults() *AccessPolicyRuleConditions {
+	this := AccessPolicyRuleConditions{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition {
+	if o == nil || o.App == nil {
+		var ret AppAndInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given AppAndInstancePolicyRuleCondition and assigns it to the App field.
+func (o *AccessPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition) {
+	o.App = &v
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition {
+	if o == nil || o.Apps == nil {
+		var ret AppInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given AppInstancePolicyRuleCondition and assigns it to the Apps field.
+func (o *AccessPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition) {
+	o.Apps = &v
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *AccessPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *AccessPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetBeforeScheduledAction returns the BeforeScheduledAction field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition {
+	if o == nil || o.BeforeScheduledAction == nil {
+		var ret BeforeScheduledActionPolicyRuleCondition
+		return ret
+	}
+	return *o.BeforeScheduledAction
+}
+
+// GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool) {
+	if o == nil || o.BeforeScheduledAction == nil {
+		return nil, false
+	}
+	return o.BeforeScheduledAction, true
+}
+
+// HasBeforeScheduledAction returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasBeforeScheduledAction() bool {
+	if o != nil && o.BeforeScheduledAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBeforeScheduledAction gets a reference to the given BeforeScheduledActionPolicyRuleCondition and assigns it to the BeforeScheduledAction field.
+func (o *AccessPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition) {
+	o.BeforeScheduledAction = &v
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *AccessPolicyRuleConditions) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetContext returns the Context field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetContext() ContextPolicyRuleCondition {
+	if o == nil || o.Context == nil {
+		var ret ContextPolicyRuleCondition
+		return ret
+	}
+	return *o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool) {
+	if o == nil || o.Context == nil {
+		return nil, false
+	}
+	return o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasContext() bool {
+	if o != nil && o.Context != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContext gets a reference to the given ContextPolicyRuleCondition and assigns it to the Context field.
+func (o *AccessPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition) {
+	o.Context = &v
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetDevice() DeviceAccessPolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DeviceAccessPolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetDeviceOk() (*DeviceAccessPolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DeviceAccessPolicyRuleCondition and assigns it to the Device field.
+func (o *AccessPolicyRuleConditions) SetDevice(v DeviceAccessPolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *AccessPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupPolicyRuleCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupPolicyRuleCondition and assigns it to the Groups field.
+func (o *AccessPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition) {
+	o.Groups = &v
+}
+
+// GetIdentityProvider returns the IdentityProvider field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition {
+	if o == nil || o.IdentityProvider == nil {
+		var ret IdentityProviderPolicyRuleCondition
+		return ret
+	}
+	return *o.IdentityProvider
+}
+
+// GetIdentityProviderOk returns a tuple with the IdentityProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool) {
+	if o == nil || o.IdentityProvider == nil {
+		return nil, false
+	}
+	return o.IdentityProvider, true
+}
+
+// HasIdentityProvider returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasIdentityProvider() bool {
+	if o != nil && o.IdentityProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityProvider gets a reference to the given IdentityProviderPolicyRuleCondition and assigns it to the IdentityProvider field.
+func (o *AccessPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition) {
+	o.IdentityProvider = &v
+}
+
+// GetMdmEnrollment returns the MdmEnrollment field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition {
+	if o == nil || o.MdmEnrollment == nil {
+		var ret MDMEnrollmentPolicyRuleCondition
+		return ret
+	}
+	return *o.MdmEnrollment
+}
+
+// GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool) {
+	if o == nil || o.MdmEnrollment == nil {
+		return nil, false
+	}
+	return o.MdmEnrollment, true
+}
+
+// HasMdmEnrollment returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasMdmEnrollment() bool {
+	if o != nil && o.MdmEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMdmEnrollment gets a reference to the given MDMEnrollmentPolicyRuleCondition and assigns it to the MdmEnrollment field.
+func (o *AccessPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition) {
+	o.MdmEnrollment = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *AccessPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *AccessPolicyRuleConditions) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition {
+	if o == nil || o.Platform == nil {
+		var ret PlatformPolicyRuleCondition
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given PlatformPolicyRuleCondition and assigns it to the Platform field.
+func (o *AccessPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition) {
+	o.Platform = &v
+}
+
+// GetRisk returns the Risk field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition {
+	if o == nil || o.Risk == nil {
+		var ret RiskPolicyRuleCondition
+		return ret
+	}
+	return *o.Risk
+}
+
+// GetRiskOk returns a tuple with the Risk field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool) {
+	if o == nil || o.Risk == nil {
+		return nil, false
+	}
+	return o.Risk, true
+}
+
+// HasRisk returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasRisk() bool {
+	if o != nil && o.Risk != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRisk gets a reference to the given RiskPolicyRuleCondition and assigns it to the Risk field.
+func (o *AccessPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition) {
+	o.Risk = &v
+}
+
+// GetRiskScore returns the RiskScore field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition {
+	if o == nil || o.RiskScore == nil {
+		var ret RiskScorePolicyRuleCondition
+		return ret
+	}
+	return *o.RiskScore
+}
+
+// GetRiskScoreOk returns a tuple with the RiskScore field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool) {
+	if o == nil || o.RiskScore == nil {
+		return nil, false
+	}
+	return o.RiskScore, true
+}
+
+// HasRiskScore returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasRiskScore() bool {
+	if o != nil && o.RiskScore != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskScore gets a reference to the given RiskScorePolicyRuleCondition and assigns it to the RiskScore field.
+func (o *AccessPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition) {
+	o.RiskScore = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *AccessPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+// GetUserIdentifier returns the UserIdentifier field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition {
+	if o == nil || o.UserIdentifier == nil {
+		var ret UserIdentifierPolicyRuleCondition
+		return ret
+	}
+	return *o.UserIdentifier
+}
+
+// GetUserIdentifierOk returns a tuple with the UserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool) {
+	if o == nil || o.UserIdentifier == nil {
+		return nil, false
+	}
+	return o.UserIdentifier, true
+}
+
+// HasUserIdentifier returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasUserIdentifier() bool {
+	if o != nil && o.UserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserIdentifier gets a reference to the given UserIdentifierPolicyRuleCondition and assigns it to the UserIdentifier field.
+func (o *AccessPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition) {
+	o.UserIdentifier = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetUsers() UserPolicyRuleCondition {
+	if o == nil || o.Users == nil {
+		var ret UserPolicyRuleCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserPolicyRuleCondition and assigns it to the Users field.
+func (o *AccessPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition) {
+	o.Users = &v
+}
+
+// GetUserStatus returns the UserStatus field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition {
+	if o == nil || o.UserStatus == nil {
+		var ret UserStatusPolicyRuleCondition
+		return ret
+	}
+	return *o.UserStatus
+}
+
+// GetUserStatusOk returns a tuple with the UserStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool) {
+	if o == nil || o.UserStatus == nil {
+		return nil, false
+	}
+	return o.UserStatus, true
+}
+
+// HasUserStatus returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasUserStatus() bool {
+	if o != nil && o.UserStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserStatus gets a reference to the given UserStatusPolicyRuleCondition and assigns it to the UserStatus field.
+func (o *AccessPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition) {
+	o.UserStatus = &v
+}
+
+// GetElCondition returns the ElCondition field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetElCondition() AccessPolicyRuleCustomCondition {
+	if o == nil || o.ElCondition == nil {
+		var ret AccessPolicyRuleCustomCondition
+		return ret
+	}
+	return *o.ElCondition
+}
+
+// GetElConditionOk returns a tuple with the ElCondition field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetElConditionOk() (*AccessPolicyRuleCustomCondition, bool) {
+	if o == nil || o.ElCondition == nil {
+		return nil, false
+	}
+	return o.ElCondition, true
+}
+
+// HasElCondition returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasElCondition() bool {
+	if o != nil && o.ElCondition != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetElCondition gets a reference to the given AccessPolicyRuleCustomCondition and assigns it to the ElCondition field.
+func (o *AccessPolicyRuleConditions) SetElCondition(v AccessPolicyRuleCustomCondition) {
+	o.ElCondition = &v
+}
+
+// GetUserType returns the UserType field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditions) GetUserType() UserTypeCondition {
+	if o == nil || o.UserType == nil {
+		var ret UserTypeCondition
+		return ret
+	}
+	return *o.UserType
+}
+
+// GetUserTypeOk returns a tuple with the UserType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditions) GetUserTypeOk() (*UserTypeCondition, bool) {
+	if o == nil || o.UserType == nil {
+		return nil, false
+	}
+	return o.UserType, true
+}
+
+// HasUserType returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditions) HasUserType() bool {
+	if o != nil && o.UserType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserType gets a reference to the given UserTypeCondition and assigns it to the UserType field.
+func (o *AccessPolicyRuleConditions) SetUserType(v UserTypeCondition) {
+	o.UserType = &v
+}
+
+func (o AccessPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.BeforeScheduledAction != nil {
+		toSerialize["beforeScheduledAction"] = o.BeforeScheduledAction
+	}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.Context != nil {
+		toSerialize["context"] = o.Context
+	}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.IdentityProvider != nil {
+		toSerialize["identityProvider"] = o.IdentityProvider
+	}
+	if o.MdmEnrollment != nil {
+		toSerialize["mdmEnrollment"] = o.MdmEnrollment
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Risk != nil {
+		toSerialize["risk"] = o.Risk
+	}
+	if o.RiskScore != nil {
+		toSerialize["riskScore"] = o.RiskScore
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.UserIdentifier != nil {
+		toSerialize["userIdentifier"] = o.UserIdentifier
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.UserStatus != nil {
+		toSerialize["userStatus"] = o.UserStatus
+	}
+	if o.ElCondition != nil {
+		toSerialize["elCondition"] = o.ElCondition
+	}
+	if o.UserType != nil {
+		toSerialize["userType"] = o.UserType
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRuleConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyRuleConditions := _AccessPolicyRuleConditions{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleConditions)
+	if err == nil {
+		*o = AccessPolicyRuleConditions(varAccessPolicyRuleConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "beforeScheduledAction")
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "context")
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "identityProvider")
+		delete(additionalProperties, "mdmEnrollment")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "risk")
+		delete(additionalProperties, "riskScore")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "userIdentifier")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "userStatus")
+		delete(additionalProperties, "elCondition")
+		delete(additionalProperties, "userType")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRuleConditions struct {
+	value *AccessPolicyRuleConditions
+	isSet bool
+}
+
+func (v NullableAccessPolicyRuleConditions) Get() *AccessPolicyRuleConditions {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRuleConditions) Set(val *AccessPolicyRuleConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRuleConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRuleConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRuleConditions(val *AccessPolicyRuleConditions) *NullableAccessPolicyRuleConditions {
+	return &NullableAccessPolicyRuleConditions{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRuleConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule_conditions_all_of.go b/okta/model_access_policy_rule_conditions_all_of.go
new file mode 100644
index 000000000..af873d82e
--- /dev/null
+++ b/okta/model_access_policy_rule_conditions_all_of.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyRuleConditionsAllOf struct for AccessPolicyRuleConditionsAllOf
+type AccessPolicyRuleConditionsAllOf struct {
+	Device               *DeviceAccessPolicyRuleCondition `json:"device,omitempty"`
+	ElCondition          *AccessPolicyRuleCustomCondition `json:"elCondition,omitempty"`
+	UserType             *UserTypeCondition               `json:"userType,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyRuleConditionsAllOf AccessPolicyRuleConditionsAllOf
+
+// NewAccessPolicyRuleConditionsAllOf instantiates a new AccessPolicyRuleConditionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRuleConditionsAllOf() *AccessPolicyRuleConditionsAllOf {
+	this := AccessPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// NewAccessPolicyRuleConditionsAllOfWithDefaults instantiates a new AccessPolicyRuleConditionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleConditionsAllOfWithDefaults() *AccessPolicyRuleConditionsAllOf {
+	this := AccessPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditionsAllOf) GetDevice() DeviceAccessPolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DeviceAccessPolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditionsAllOf) GetDeviceOk() (*DeviceAccessPolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditionsAllOf) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DeviceAccessPolicyRuleCondition and assigns it to the Device field.
+func (o *AccessPolicyRuleConditionsAllOf) SetDevice(v DeviceAccessPolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetElCondition returns the ElCondition field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditionsAllOf) GetElCondition() AccessPolicyRuleCustomCondition {
+	if o == nil || o.ElCondition == nil {
+		var ret AccessPolicyRuleCustomCondition
+		return ret
+	}
+	return *o.ElCondition
+}
+
+// GetElConditionOk returns a tuple with the ElCondition field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditionsAllOf) GetElConditionOk() (*AccessPolicyRuleCustomCondition, bool) {
+	if o == nil || o.ElCondition == nil {
+		return nil, false
+	}
+	return o.ElCondition, true
+}
+
+// HasElCondition returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditionsAllOf) HasElCondition() bool {
+	if o != nil && o.ElCondition != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetElCondition gets a reference to the given AccessPolicyRuleCustomCondition and assigns it to the ElCondition field.
+func (o *AccessPolicyRuleConditionsAllOf) SetElCondition(v AccessPolicyRuleCustomCondition) {
+	o.ElCondition = &v
+}
+
+// GetUserType returns the UserType field value if set, zero value otherwise.
+func (o *AccessPolicyRuleConditionsAllOf) GetUserType() UserTypeCondition {
+	if o == nil || o.UserType == nil {
+		var ret UserTypeCondition
+		return ret
+	}
+	return *o.UserType
+}
+
+// GetUserTypeOk returns a tuple with the UserType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleConditionsAllOf) GetUserTypeOk() (*UserTypeCondition, bool) {
+	if o == nil || o.UserType == nil {
+		return nil, false
+	}
+	return o.UserType, true
+}
+
+// HasUserType returns a boolean if a field has been set.
+func (o *AccessPolicyRuleConditionsAllOf) HasUserType() bool {
+	if o != nil && o.UserType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserType gets a reference to the given UserTypeCondition and assigns it to the UserType field.
+func (o *AccessPolicyRuleConditionsAllOf) SetUserType(v UserTypeCondition) {
+	o.UserType = &v
+}
+
+func (o AccessPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.ElCondition != nil {
+		toSerialize["elCondition"] = o.ElCondition
+	}
+	if o.UserType != nil {
+		toSerialize["userType"] = o.UserType
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRuleConditionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyRuleConditionsAllOf := _AccessPolicyRuleConditionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleConditionsAllOf)
+	if err == nil {
+		*o = AccessPolicyRuleConditionsAllOf(varAccessPolicyRuleConditionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "elCondition")
+		delete(additionalProperties, "userType")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRuleConditionsAllOf struct {
+	value *AccessPolicyRuleConditionsAllOf
+	isSet bool
+}
+
+func (v NullableAccessPolicyRuleConditionsAllOf) Get() *AccessPolicyRuleConditionsAllOf {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRuleConditionsAllOf) Set(val *AccessPolicyRuleConditionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRuleConditionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRuleConditionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRuleConditionsAllOf(val *AccessPolicyRuleConditionsAllOf) *NullableAccessPolicyRuleConditionsAllOf {
+	return &NullableAccessPolicyRuleConditionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRuleConditionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_access_policy_rule_custom_condition.go b/okta/model_access_policy_rule_custom_condition.go
new file mode 100644
index 000000000..d27e0e231
--- /dev/null
+++ b/okta/model_access_policy_rule_custom_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AccessPolicyRuleCustomCondition struct for AccessPolicyRuleCustomCondition
+type AccessPolicyRuleCustomCondition struct {
+	Condition            *string `json:"condition,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AccessPolicyRuleCustomCondition AccessPolicyRuleCustomCondition
+
+// NewAccessPolicyRuleCustomCondition instantiates a new AccessPolicyRuleCustomCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAccessPolicyRuleCustomCondition() *AccessPolicyRuleCustomCondition {
+	this := AccessPolicyRuleCustomCondition{}
+	return &this
+}
+
+// NewAccessPolicyRuleCustomConditionWithDefaults instantiates a new AccessPolicyRuleCustomCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAccessPolicyRuleCustomConditionWithDefaults() *AccessPolicyRuleCustomCondition {
+	this := AccessPolicyRuleCustomCondition{}
+	return &this
+}
+
+// GetCondition returns the Condition field value if set, zero value otherwise.
+func (o *AccessPolicyRuleCustomCondition) GetCondition() string {
+	if o == nil || o.Condition == nil {
+		var ret string
+		return ret
+	}
+	return *o.Condition
+}
+
+// GetConditionOk returns a tuple with the Condition field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AccessPolicyRuleCustomCondition) GetConditionOk() (*string, bool) {
+	if o == nil || o.Condition == nil {
+		return nil, false
+	}
+	return o.Condition, true
+}
+
+// HasCondition returns a boolean if a field has been set.
+func (o *AccessPolicyRuleCustomCondition) HasCondition() bool {
+	if o != nil && o.Condition != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCondition gets a reference to the given string and assigns it to the Condition field.
+func (o *AccessPolicyRuleCustomCondition) SetCondition(v string) {
+	o.Condition = &v
+}
+
+func (o AccessPolicyRuleCustomCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Condition != nil {
+		toSerialize["condition"] = o.Condition
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AccessPolicyRuleCustomCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varAccessPolicyRuleCustomCondition := _AccessPolicyRuleCustomCondition{}
+
+	err = json.Unmarshal(bytes, &varAccessPolicyRuleCustomCondition)
+	if err == nil {
+		*o = AccessPolicyRuleCustomCondition(varAccessPolicyRuleCustomCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "condition")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAccessPolicyRuleCustomCondition struct {
+	value *AccessPolicyRuleCustomCondition
+	isSet bool
+}
+
+func (v NullableAccessPolicyRuleCustomCondition) Get() *AccessPolicyRuleCustomCondition {
+	return v.value
+}
+
+func (v *NullableAccessPolicyRuleCustomCondition) Set(val *AccessPolicyRuleCustomCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAccessPolicyRuleCustomCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAccessPolicyRuleCustomCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAccessPolicyRuleCustomCondition(val *AccessPolicyRuleCustomCondition) *NullableAccessPolicyRuleCustomCondition {
+	return &NullableAccessPolicyRuleCustomCondition{value: val, isSet: true}
+}
+
+func (v NullableAccessPolicyRuleCustomCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAccessPolicyRuleCustomCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_acs_endpoint.go b/okta/model_acs_endpoint.go
new file mode 100644
index 000000000..320e6a24d
--- /dev/null
+++ b/okta/model_acs_endpoint.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AcsEndpoint struct for AcsEndpoint
+type AcsEndpoint struct {
+	Index                *int32  `json:"index,omitempty"`
+	Url                  *string `json:"url,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AcsEndpoint AcsEndpoint
+
+// NewAcsEndpoint instantiates a new AcsEndpoint object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAcsEndpoint() *AcsEndpoint {
+	this := AcsEndpoint{}
+	return &this
+}
+
+// NewAcsEndpointWithDefaults instantiates a new AcsEndpoint object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAcsEndpointWithDefaults() *AcsEndpoint {
+	this := AcsEndpoint{}
+	return &this
+}
+
+// GetIndex returns the Index field value if set, zero value otherwise.
+func (o *AcsEndpoint) GetIndex() int32 {
+	if o == nil || o.Index == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Index
+}
+
+// GetIndexOk returns a tuple with the Index field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AcsEndpoint) GetIndexOk() (*int32, bool) {
+	if o == nil || o.Index == nil {
+		return nil, false
+	}
+	return o.Index, true
+}
+
+// HasIndex returns a boolean if a field has been set.
+func (o *AcsEndpoint) HasIndex() bool {
+	if o != nil && o.Index != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIndex gets a reference to the given int32 and assigns it to the Index field.
+func (o *AcsEndpoint) SetIndex(v int32) {
+	o.Index = &v
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *AcsEndpoint) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AcsEndpoint) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *AcsEndpoint) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *AcsEndpoint) SetUrl(v string) {
+	o.Url = &v
+}
+
+func (o AcsEndpoint) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Index != nil {
+		toSerialize["index"] = o.Index
+	}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AcsEndpoint) UnmarshalJSON(bytes []byte) (err error) {
+	varAcsEndpoint := _AcsEndpoint{}
+
+	err = json.Unmarshal(bytes, &varAcsEndpoint)
+	if err == nil {
+		*o = AcsEndpoint(varAcsEndpoint)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "index")
+		delete(additionalProperties, "url")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAcsEndpoint struct {
+	value *AcsEndpoint
+	isSet bool
+}
+
+func (v NullableAcsEndpoint) Get() *AcsEndpoint {
+	return v.value
+}
+
+func (v *NullableAcsEndpoint) Set(val *AcsEndpoint) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAcsEndpoint) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAcsEndpoint) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAcsEndpoint(val *AcsEndpoint) *NullableAcsEndpoint {
+	return &NullableAcsEndpoint{value: val, isSet: true}
+}
+
+func (v NullableAcsEndpoint) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAcsEndpoint) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_activate_factor_request.go b/okta/model_activate_factor_request.go
new file mode 100644
index 000000000..588f438d4
--- /dev/null
+++ b/okta/model_activate_factor_request.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ActivateFactorRequest struct for ActivateFactorRequest
+type ActivateFactorRequest struct {
+	Attestation          *string `json:"attestation,omitempty"`
+	ClientData           *string `json:"clientData,omitempty"`
+	PassCode             *string `json:"passCode,omitempty"`
+	RegistrationData     *string `json:"registrationData,omitempty"`
+	StateToken           *string `json:"stateToken,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ActivateFactorRequest ActivateFactorRequest
+
+// NewActivateFactorRequest instantiates a new ActivateFactorRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewActivateFactorRequest() *ActivateFactorRequest {
+	this := ActivateFactorRequest{}
+	return &this
+}
+
+// NewActivateFactorRequestWithDefaults instantiates a new ActivateFactorRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewActivateFactorRequestWithDefaults() *ActivateFactorRequest {
+	this := ActivateFactorRequest{}
+	return &this
+}
+
+// GetAttestation returns the Attestation field value if set, zero value otherwise.
+func (o *ActivateFactorRequest) GetAttestation() string {
+	if o == nil || o.Attestation == nil {
+		var ret string
+		return ret
+	}
+	return *o.Attestation
+}
+
+// GetAttestationOk returns a tuple with the Attestation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ActivateFactorRequest) GetAttestationOk() (*string, bool) {
+	if o == nil || o.Attestation == nil {
+		return nil, false
+	}
+	return o.Attestation, true
+}
+
+// HasAttestation returns a boolean if a field has been set.
+func (o *ActivateFactorRequest) HasAttestation() bool {
+	if o != nil && o.Attestation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAttestation gets a reference to the given string and assigns it to the Attestation field.
+func (o *ActivateFactorRequest) SetAttestation(v string) {
+	o.Attestation = &v
+}
+
+// GetClientData returns the ClientData field value if set, zero value otherwise.
+func (o *ActivateFactorRequest) GetClientData() string {
+	if o == nil || o.ClientData == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientData
+}
+
+// GetClientDataOk returns a tuple with the ClientData field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ActivateFactorRequest) GetClientDataOk() (*string, bool) {
+	if o == nil || o.ClientData == nil {
+		return nil, false
+	}
+	return o.ClientData, true
+}
+
+// HasClientData returns a boolean if a field has been set.
+func (o *ActivateFactorRequest) HasClientData() bool {
+	if o != nil && o.ClientData != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientData gets a reference to the given string and assigns it to the ClientData field.
+func (o *ActivateFactorRequest) SetClientData(v string) {
+	o.ClientData = &v
+}
+
+// GetPassCode returns the PassCode field value if set, zero value otherwise.
+func (o *ActivateFactorRequest) GetPassCode() string {
+	if o == nil || o.PassCode == nil {
+		var ret string
+		return ret
+	}
+	return *o.PassCode
+}
+
+// GetPassCodeOk returns a tuple with the PassCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ActivateFactorRequest) GetPassCodeOk() (*string, bool) {
+	if o == nil || o.PassCode == nil {
+		return nil, false
+	}
+	return o.PassCode, true
+}
+
+// HasPassCode returns a boolean if a field has been set.
+func (o *ActivateFactorRequest) HasPassCode() bool {
+	if o != nil && o.PassCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassCode gets a reference to the given string and assigns it to the PassCode field.
+func (o *ActivateFactorRequest) SetPassCode(v string) {
+	o.PassCode = &v
+}
+
+// GetRegistrationData returns the RegistrationData field value if set, zero value otherwise.
+func (o *ActivateFactorRequest) GetRegistrationData() string {
+	if o == nil || o.RegistrationData == nil {
+		var ret string
+		return ret
+	}
+	return *o.RegistrationData
+}
+
+// GetRegistrationDataOk returns a tuple with the RegistrationData field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ActivateFactorRequest) GetRegistrationDataOk() (*string, bool) {
+	if o == nil || o.RegistrationData == nil {
+		return nil, false
+	}
+	return o.RegistrationData, true
+}
+
+// HasRegistrationData returns a boolean if a field has been set.
+func (o *ActivateFactorRequest) HasRegistrationData() bool {
+	if o != nil && o.RegistrationData != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegistrationData gets a reference to the given string and assigns it to the RegistrationData field.
+func (o *ActivateFactorRequest) SetRegistrationData(v string) {
+	o.RegistrationData = &v
+}
+
+// GetStateToken returns the StateToken field value if set, zero value otherwise.
+func (o *ActivateFactorRequest) GetStateToken() string {
+	if o == nil || o.StateToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.StateToken
+}
+
+// GetStateTokenOk returns a tuple with the StateToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ActivateFactorRequest) GetStateTokenOk() (*string, bool) {
+	if o == nil || o.StateToken == nil {
+		return nil, false
+	}
+	return o.StateToken, true
+}
+
+// HasStateToken returns a boolean if a field has been set.
+func (o *ActivateFactorRequest) HasStateToken() bool {
+	if o != nil && o.StateToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStateToken gets a reference to the given string and assigns it to the StateToken field.
+func (o *ActivateFactorRequest) SetStateToken(v string) {
+	o.StateToken = &v
+}
+
+func (o ActivateFactorRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Attestation != nil {
+		toSerialize["attestation"] = o.Attestation
+	}
+	if o.ClientData != nil {
+		toSerialize["clientData"] = o.ClientData
+	}
+	if o.PassCode != nil {
+		toSerialize["passCode"] = o.PassCode
+	}
+	if o.RegistrationData != nil {
+		toSerialize["registrationData"] = o.RegistrationData
+	}
+	if o.StateToken != nil {
+		toSerialize["stateToken"] = o.StateToken
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ActivateFactorRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varActivateFactorRequest := _ActivateFactorRequest{}
+
+	err = json.Unmarshal(bytes, &varActivateFactorRequest)
+	if err == nil {
+		*o = ActivateFactorRequest(varActivateFactorRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "attestation")
+		delete(additionalProperties, "clientData")
+		delete(additionalProperties, "passCode")
+		delete(additionalProperties, "registrationData")
+		delete(additionalProperties, "stateToken")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableActivateFactorRequest struct {
+	value *ActivateFactorRequest
+	isSet bool
+}
+
+func (v NullableActivateFactorRequest) Get() *ActivateFactorRequest {
+	return v.value
+}
+
+func (v *NullableActivateFactorRequest) Set(val *ActivateFactorRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableActivateFactorRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableActivateFactorRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableActivateFactorRequest(val *ActivateFactorRequest) *NullableActivateFactorRequest {
+	return &NullableActivateFactorRequest{value: val, isSet: true}
+}
+
+func (v NullableActivateFactorRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableActivateFactorRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_agent.go b/okta/model_agent.go
new file mode 100644
index 000000000..34b481a1f
--- /dev/null
+++ b/okta/model_agent.go
@@ -0,0 +1,566 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Agent Agent details
+type Agent struct {
+	Id                   *string                    `json:"id,omitempty"`
+	IsHidden             *bool                      `json:"isHidden,omitempty"`
+	IsLatestGAedVersion  *bool                      `json:"isLatestGAedVersion,omitempty"`
+	LastConnection       *time.Time                 `json:"lastConnection,omitempty"`
+	Name                 *string                    `json:"name,omitempty"`
+	OperationalStatus    *OperationalStatus         `json:"operationalStatus,omitempty"`
+	PoolId               *string                    `json:"poolId,omitempty"`
+	Type                 *AgentType                 `json:"type,omitempty"`
+	UpdateMessage        *string                    `json:"updateMessage,omitempty"`
+	UpdateStatus         *AgentUpdateInstanceStatus `json:"updateStatus,omitempty"`
+	Version              *string                    `json:"version,omitempty"`
+	Links                *HrefObject                `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Agent Agent
+
+// NewAgent instantiates a new Agent object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAgent() *Agent {
+	this := Agent{}
+	return &this
+}
+
+// NewAgentWithDefaults instantiates a new Agent object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAgentWithDefaults() *Agent {
+	this := Agent{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Agent) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Agent) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Agent) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIsHidden returns the IsHidden field value if set, zero value otherwise.
+func (o *Agent) GetIsHidden() bool {
+	if o == nil || o.IsHidden == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IsHidden
+}
+
+// GetIsHiddenOk returns a tuple with the IsHidden field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetIsHiddenOk() (*bool, bool) {
+	if o == nil || o.IsHidden == nil {
+		return nil, false
+	}
+	return o.IsHidden, true
+}
+
+// HasIsHidden returns a boolean if a field has been set.
+func (o *Agent) HasIsHidden() bool {
+	if o != nil && o.IsHidden != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsHidden gets a reference to the given bool and assigns it to the IsHidden field.
+func (o *Agent) SetIsHidden(v bool) {
+	o.IsHidden = &v
+}
+
+// GetIsLatestGAedVersion returns the IsLatestGAedVersion field value if set, zero value otherwise.
+func (o *Agent) GetIsLatestGAedVersion() bool {
+	if o == nil || o.IsLatestGAedVersion == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IsLatestGAedVersion
+}
+
+// GetIsLatestGAedVersionOk returns a tuple with the IsLatestGAedVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetIsLatestGAedVersionOk() (*bool, bool) {
+	if o == nil || o.IsLatestGAedVersion == nil {
+		return nil, false
+	}
+	return o.IsLatestGAedVersion, true
+}
+
+// HasIsLatestGAedVersion returns a boolean if a field has been set.
+func (o *Agent) HasIsLatestGAedVersion() bool {
+	if o != nil && o.IsLatestGAedVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsLatestGAedVersion gets a reference to the given bool and assigns it to the IsLatestGAedVersion field.
+func (o *Agent) SetIsLatestGAedVersion(v bool) {
+	o.IsLatestGAedVersion = &v
+}
+
+// GetLastConnection returns the LastConnection field value if set, zero value otherwise.
+func (o *Agent) GetLastConnection() time.Time {
+	if o == nil || o.LastConnection == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastConnection
+}
+
+// GetLastConnectionOk returns a tuple with the LastConnection field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetLastConnectionOk() (*time.Time, bool) {
+	if o == nil || o.LastConnection == nil {
+		return nil, false
+	}
+	return o.LastConnection, true
+}
+
+// HasLastConnection returns a boolean if a field has been set.
+func (o *Agent) HasLastConnection() bool {
+	if o != nil && o.LastConnection != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastConnection gets a reference to the given time.Time and assigns it to the LastConnection field.
+func (o *Agent) SetLastConnection(v time.Time) {
+	o.LastConnection = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *Agent) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *Agent) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *Agent) SetName(v string) {
+	o.Name = &v
+}
+
+// GetOperationalStatus returns the OperationalStatus field value if set, zero value otherwise.
+func (o *Agent) GetOperationalStatus() OperationalStatus {
+	if o == nil || o.OperationalStatus == nil {
+		var ret OperationalStatus
+		return ret
+	}
+	return *o.OperationalStatus
+}
+
+// GetOperationalStatusOk returns a tuple with the OperationalStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetOperationalStatusOk() (*OperationalStatus, bool) {
+	if o == nil || o.OperationalStatus == nil {
+		return nil, false
+	}
+	return o.OperationalStatus, true
+}
+
+// HasOperationalStatus returns a boolean if a field has been set.
+func (o *Agent) HasOperationalStatus() bool {
+	if o != nil && o.OperationalStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOperationalStatus gets a reference to the given OperationalStatus and assigns it to the OperationalStatus field.
+func (o *Agent) SetOperationalStatus(v OperationalStatus) {
+	o.OperationalStatus = &v
+}
+
+// GetPoolId returns the PoolId field value if set, zero value otherwise.
+func (o *Agent) GetPoolId() string {
+	if o == nil || o.PoolId == nil {
+		var ret string
+		return ret
+	}
+	return *o.PoolId
+}
+
+// GetPoolIdOk returns a tuple with the PoolId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetPoolIdOk() (*string, bool) {
+	if o == nil || o.PoolId == nil {
+		return nil, false
+	}
+	return o.PoolId, true
+}
+
+// HasPoolId returns a boolean if a field has been set.
+func (o *Agent) HasPoolId() bool {
+	if o != nil && o.PoolId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPoolId gets a reference to the given string and assigns it to the PoolId field.
+func (o *Agent) SetPoolId(v string) {
+	o.PoolId = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *Agent) GetType() AgentType {
+	if o == nil || o.Type == nil {
+		var ret AgentType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetTypeOk() (*AgentType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *Agent) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given AgentType and assigns it to the Type field.
+func (o *Agent) SetType(v AgentType) {
+	o.Type = &v
+}
+
+// GetUpdateMessage returns the UpdateMessage field value if set, zero value otherwise.
+func (o *Agent) GetUpdateMessage() string {
+	if o == nil || o.UpdateMessage == nil {
+		var ret string
+		return ret
+	}
+	return *o.UpdateMessage
+}
+
+// GetUpdateMessageOk returns a tuple with the UpdateMessage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetUpdateMessageOk() (*string, bool) {
+	if o == nil || o.UpdateMessage == nil {
+		return nil, false
+	}
+	return o.UpdateMessage, true
+}
+
+// HasUpdateMessage returns a boolean if a field has been set.
+func (o *Agent) HasUpdateMessage() bool {
+	if o != nil && o.UpdateMessage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUpdateMessage gets a reference to the given string and assigns it to the UpdateMessage field.
+func (o *Agent) SetUpdateMessage(v string) {
+	o.UpdateMessage = &v
+}
+
+// GetUpdateStatus returns the UpdateStatus field value if set, zero value otherwise.
+func (o *Agent) GetUpdateStatus() AgentUpdateInstanceStatus {
+	if o == nil || o.UpdateStatus == nil {
+		var ret AgentUpdateInstanceStatus
+		return ret
+	}
+	return *o.UpdateStatus
+}
+
+// GetUpdateStatusOk returns a tuple with the UpdateStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetUpdateStatusOk() (*AgentUpdateInstanceStatus, bool) {
+	if o == nil || o.UpdateStatus == nil {
+		return nil, false
+	}
+	return o.UpdateStatus, true
+}
+
+// HasUpdateStatus returns a boolean if a field has been set.
+func (o *Agent) HasUpdateStatus() bool {
+	if o != nil && o.UpdateStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUpdateStatus gets a reference to the given AgentUpdateInstanceStatus and assigns it to the UpdateStatus field.
+func (o *Agent) SetUpdateStatus(v AgentUpdateInstanceStatus) {
+	o.UpdateStatus = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *Agent) GetVersion() string {
+	if o == nil || o.Version == nil {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetVersionOk() (*string, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *Agent) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *Agent) SetVersion(v string) {
+	o.Version = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Agent) GetLinks() HrefObject {
+	if o == nil || o.Links == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Agent) GetLinksOk() (*HrefObject, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Agent) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given HrefObject and assigns it to the Links field.
+func (o *Agent) SetLinks(v HrefObject) {
+	o.Links = &v
+}
+
+func (o Agent) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IsHidden != nil {
+		toSerialize["isHidden"] = o.IsHidden
+	}
+	if o.IsLatestGAedVersion != nil {
+		toSerialize["isLatestGAedVersion"] = o.IsLatestGAedVersion
+	}
+	if o.LastConnection != nil {
+		toSerialize["lastConnection"] = o.LastConnection
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.OperationalStatus != nil {
+		toSerialize["operationalStatus"] = o.OperationalStatus
+	}
+	if o.PoolId != nil {
+		toSerialize["poolId"] = o.PoolId
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.UpdateMessage != nil {
+		toSerialize["updateMessage"] = o.UpdateMessage
+	}
+	if o.UpdateStatus != nil {
+		toSerialize["updateStatus"] = o.UpdateStatus
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Agent) UnmarshalJSON(bytes []byte) (err error) {
+	varAgent := _Agent{}
+
+	err = json.Unmarshal(bytes, &varAgent)
+	if err == nil {
+		*o = Agent(varAgent)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "isHidden")
+		delete(additionalProperties, "isLatestGAedVersion")
+		delete(additionalProperties, "lastConnection")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "operationalStatus")
+		delete(additionalProperties, "poolId")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "updateMessage")
+		delete(additionalProperties, "updateStatus")
+		delete(additionalProperties, "version")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAgent struct {
+	value *Agent
+	isSet bool
+}
+
+func (v NullableAgent) Get() *Agent {
+	return v.value
+}
+
+func (v *NullableAgent) Set(val *Agent) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAgent) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAgent) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAgent(val *Agent) *NullableAgent {
+	return &NullableAgent{value: val, isSet: true}
+}
+
+func (v NullableAgent) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAgent) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_agent_pool.go b/okta/model_agent_pool.go
new file mode 100644
index 000000000..d1f8852d7
--- /dev/null
+++ b/okta/model_agent_pool.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AgentPool An AgentPool is a collection of agents that serve a common purpose. An AgentPool has a unique ID within an org, and contains a collection of agents disjoint to every other AgentPool (i.e. no two AgentPools share an Agent).
+type AgentPool struct {
+	Agents               []Agent            `json:"agents,omitempty"`
+	Id                   *string            `json:"id,omitempty"`
+	Name                 *string            `json:"name,omitempty"`
+	OperationalStatus    *OperationalStatus `json:"operationalStatus,omitempty"`
+	Type                 *AgentType         `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AgentPool AgentPool
+
+// NewAgentPool instantiates a new AgentPool object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAgentPool() *AgentPool {
+	this := AgentPool{}
+	return &this
+}
+
+// NewAgentPoolWithDefaults instantiates a new AgentPool object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAgentPoolWithDefaults() *AgentPool {
+	this := AgentPool{}
+	return &this
+}
+
+// GetAgents returns the Agents field value if set, zero value otherwise.
+func (o *AgentPool) GetAgents() []Agent {
+	if o == nil || o.Agents == nil {
+		var ret []Agent
+		return ret
+	}
+	return o.Agents
+}
+
+// GetAgentsOk returns a tuple with the Agents field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPool) GetAgentsOk() ([]Agent, bool) {
+	if o == nil || o.Agents == nil {
+		return nil, false
+	}
+	return o.Agents, true
+}
+
+// HasAgents returns a boolean if a field has been set.
+func (o *AgentPool) HasAgents() bool {
+	if o != nil && o.Agents != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAgents gets a reference to the given []Agent and assigns it to the Agents field.
+func (o *AgentPool) SetAgents(v []Agent) {
+	o.Agents = v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *AgentPool) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPool) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *AgentPool) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *AgentPool) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *AgentPool) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPool) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *AgentPool) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *AgentPool) SetName(v string) {
+	o.Name = &v
+}
+
+// GetOperationalStatus returns the OperationalStatus field value if set, zero value otherwise.
+func (o *AgentPool) GetOperationalStatus() OperationalStatus {
+	if o == nil || o.OperationalStatus == nil {
+		var ret OperationalStatus
+		return ret
+	}
+	return *o.OperationalStatus
+}
+
+// GetOperationalStatusOk returns a tuple with the OperationalStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPool) GetOperationalStatusOk() (*OperationalStatus, bool) {
+	if o == nil || o.OperationalStatus == nil {
+		return nil, false
+	}
+	return o.OperationalStatus, true
+}
+
+// HasOperationalStatus returns a boolean if a field has been set.
+func (o *AgentPool) HasOperationalStatus() bool {
+	if o != nil && o.OperationalStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOperationalStatus gets a reference to the given OperationalStatus and assigns it to the OperationalStatus field.
+func (o *AgentPool) SetOperationalStatus(v OperationalStatus) {
+	o.OperationalStatus = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *AgentPool) GetType() AgentType {
+	if o == nil || o.Type == nil {
+		var ret AgentType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPool) GetTypeOk() (*AgentType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *AgentPool) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given AgentType and assigns it to the Type field.
+func (o *AgentPool) SetType(v AgentType) {
+	o.Type = &v
+}
+
+func (o AgentPool) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Agents != nil {
+		toSerialize["agents"] = o.Agents
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.OperationalStatus != nil {
+		toSerialize["operationalStatus"] = o.OperationalStatus
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AgentPool) UnmarshalJSON(bytes []byte) (err error) {
+	varAgentPool := _AgentPool{}
+
+	err = json.Unmarshal(bytes, &varAgentPool)
+	if err == nil {
+		*o = AgentPool(varAgentPool)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "agents")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "operationalStatus")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAgentPool struct {
+	value *AgentPool
+	isSet bool
+}
+
+func (v NullableAgentPool) Get() *AgentPool {
+	return v.value
+}
+
+func (v *NullableAgentPool) Set(val *AgentPool) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAgentPool) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAgentPool) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAgentPool(val *AgentPool) *NullableAgentPool {
+	return &NullableAgentPool{value: val, isSet: true}
+}
+
+func (v NullableAgentPool) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAgentPool) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_agent_pool_update.go b/okta/model_agent_pool_update.go
new file mode 100644
index 000000000..a470cec69
--- /dev/null
+++ b/okta/model_agent_pool_update.go
@@ -0,0 +1,565 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AgentPoolUpdate Various information about agent auto update configuration
+type AgentPoolUpdate struct {
+	Agents               []Agent               `json:"agents,omitempty"`
+	AgentType            *AgentType            `json:"agentType,omitempty"`
+	Enabled              *bool                 `json:"enabled,omitempty"`
+	Id                   *string               `json:"id,omitempty"`
+	Name                 *string               `json:"name,omitempty"`
+	NotifyAdmin          *bool                 `json:"notifyAdmin,omitempty"`
+	Reason               *string               `json:"reason,omitempty"`
+	Schedule             *AutoUpdateSchedule   `json:"schedule,omitempty"`
+	SortOrder            *int32                `json:"sortOrder,omitempty"`
+	Status               *AgentUpdateJobStatus `json:"status,omitempty"`
+	TargetVersion        *string               `json:"targetVersion,omitempty"`
+	Links                *HrefObject           `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AgentPoolUpdate AgentPoolUpdate
+
+// NewAgentPoolUpdate instantiates a new AgentPoolUpdate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAgentPoolUpdate() *AgentPoolUpdate {
+	this := AgentPoolUpdate{}
+	return &this
+}
+
+// NewAgentPoolUpdateWithDefaults instantiates a new AgentPoolUpdate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAgentPoolUpdateWithDefaults() *AgentPoolUpdate {
+	this := AgentPoolUpdate{}
+	return &this
+}
+
+// GetAgents returns the Agents field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetAgents() []Agent {
+	if o == nil || o.Agents == nil {
+		var ret []Agent
+		return ret
+	}
+	return o.Agents
+}
+
+// GetAgentsOk returns a tuple with the Agents field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetAgentsOk() ([]Agent, bool) {
+	if o == nil || o.Agents == nil {
+		return nil, false
+	}
+	return o.Agents, true
+}
+
+// HasAgents returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasAgents() bool {
+	if o != nil && o.Agents != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAgents gets a reference to the given []Agent and assigns it to the Agents field.
+func (o *AgentPoolUpdate) SetAgents(v []Agent) {
+	o.Agents = v
+}
+
+// GetAgentType returns the AgentType field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetAgentType() AgentType {
+	if o == nil || o.AgentType == nil {
+		var ret AgentType
+		return ret
+	}
+	return *o.AgentType
+}
+
+// GetAgentTypeOk returns a tuple with the AgentType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetAgentTypeOk() (*AgentType, bool) {
+	if o == nil || o.AgentType == nil {
+		return nil, false
+	}
+	return o.AgentType, true
+}
+
+// HasAgentType returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasAgentType() bool {
+	if o != nil && o.AgentType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAgentType gets a reference to the given AgentType and assigns it to the AgentType field.
+func (o *AgentPoolUpdate) SetAgentType(v AgentType) {
+	o.AgentType = &v
+}
+
+// GetEnabled returns the Enabled field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetEnabled() bool {
+	if o == nil || o.Enabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Enabled
+}
+
+// GetEnabledOk returns a tuple with the Enabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetEnabledOk() (*bool, bool) {
+	if o == nil || o.Enabled == nil {
+		return nil, false
+	}
+	return o.Enabled, true
+}
+
+// HasEnabled returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasEnabled() bool {
+	if o != nil && o.Enabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnabled gets a reference to the given bool and assigns it to the Enabled field.
+func (o *AgentPoolUpdate) SetEnabled(v bool) {
+	o.Enabled = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *AgentPoolUpdate) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *AgentPoolUpdate) SetName(v string) {
+	o.Name = &v
+}
+
+// GetNotifyAdmin returns the NotifyAdmin field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetNotifyAdmin() bool {
+	if o == nil || o.NotifyAdmin == nil {
+		var ret bool
+		return ret
+	}
+	return *o.NotifyAdmin
+}
+
+// GetNotifyAdminOk returns a tuple with the NotifyAdmin field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetNotifyAdminOk() (*bool, bool) {
+	if o == nil || o.NotifyAdmin == nil {
+		return nil, false
+	}
+	return o.NotifyAdmin, true
+}
+
+// HasNotifyAdmin returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasNotifyAdmin() bool {
+	if o != nil && o.NotifyAdmin != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifyAdmin gets a reference to the given bool and assigns it to the NotifyAdmin field.
+func (o *AgentPoolUpdate) SetNotifyAdmin(v bool) {
+	o.NotifyAdmin = &v
+}
+
+// GetReason returns the Reason field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetReason() string {
+	if o == nil || o.Reason == nil {
+		var ret string
+		return ret
+	}
+	return *o.Reason
+}
+
+// GetReasonOk returns a tuple with the Reason field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetReasonOk() (*string, bool) {
+	if o == nil || o.Reason == nil {
+		return nil, false
+	}
+	return o.Reason, true
+}
+
+// HasReason returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasReason() bool {
+	if o != nil && o.Reason != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReason gets a reference to the given string and assigns it to the Reason field.
+func (o *AgentPoolUpdate) SetReason(v string) {
+	o.Reason = &v
+}
+
+// GetSchedule returns the Schedule field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetSchedule() AutoUpdateSchedule {
+	if o == nil || o.Schedule == nil {
+		var ret AutoUpdateSchedule
+		return ret
+	}
+	return *o.Schedule
+}
+
+// GetScheduleOk returns a tuple with the Schedule field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetScheduleOk() (*AutoUpdateSchedule, bool) {
+	if o == nil || o.Schedule == nil {
+		return nil, false
+	}
+	return o.Schedule, true
+}
+
+// HasSchedule returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasSchedule() bool {
+	if o != nil && o.Schedule != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSchedule gets a reference to the given AutoUpdateSchedule and assigns it to the Schedule field.
+func (o *AgentPoolUpdate) SetSchedule(v AutoUpdateSchedule) {
+	o.Schedule = &v
+}
+
+// GetSortOrder returns the SortOrder field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetSortOrder() int32 {
+	if o == nil || o.SortOrder == nil {
+		var ret int32
+		return ret
+	}
+	return *o.SortOrder
+}
+
+// GetSortOrderOk returns a tuple with the SortOrder field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetSortOrderOk() (*int32, bool) {
+	if o == nil || o.SortOrder == nil {
+		return nil, false
+	}
+	return o.SortOrder, true
+}
+
+// HasSortOrder returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasSortOrder() bool {
+	if o != nil && o.SortOrder != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSortOrder gets a reference to the given int32 and assigns it to the SortOrder field.
+func (o *AgentPoolUpdate) SetSortOrder(v int32) {
+	o.SortOrder = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetStatus() AgentUpdateJobStatus {
+	if o == nil || o.Status == nil {
+		var ret AgentUpdateJobStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetStatusOk() (*AgentUpdateJobStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given AgentUpdateJobStatus and assigns it to the Status field.
+func (o *AgentPoolUpdate) SetStatus(v AgentUpdateJobStatus) {
+	o.Status = &v
+}
+
+// GetTargetVersion returns the TargetVersion field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetTargetVersion() string {
+	if o == nil || o.TargetVersion == nil {
+		var ret string
+		return ret
+	}
+	return *o.TargetVersion
+}
+
+// GetTargetVersionOk returns a tuple with the TargetVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetTargetVersionOk() (*string, bool) {
+	if o == nil || o.TargetVersion == nil {
+		return nil, false
+	}
+	return o.TargetVersion, true
+}
+
+// HasTargetVersion returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasTargetVersion() bool {
+	if o != nil && o.TargetVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTargetVersion gets a reference to the given string and assigns it to the TargetVersion field.
+func (o *AgentPoolUpdate) SetTargetVersion(v string) {
+	o.TargetVersion = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *AgentPoolUpdate) GetLinks() HrefObject {
+	if o == nil || o.Links == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdate) GetLinksOk() (*HrefObject, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *AgentPoolUpdate) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given HrefObject and assigns it to the Links field.
+func (o *AgentPoolUpdate) SetLinks(v HrefObject) {
+	o.Links = &v
+}
+
+func (o AgentPoolUpdate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Agents != nil {
+		toSerialize["agents"] = o.Agents
+	}
+	if o.AgentType != nil {
+		toSerialize["agentType"] = o.AgentType
+	}
+	if o.Enabled != nil {
+		toSerialize["enabled"] = o.Enabled
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.NotifyAdmin != nil {
+		toSerialize["notifyAdmin"] = o.NotifyAdmin
+	}
+	if o.Reason != nil {
+		toSerialize["reason"] = o.Reason
+	}
+	if o.Schedule != nil {
+		toSerialize["schedule"] = o.Schedule
+	}
+	if o.SortOrder != nil {
+		toSerialize["sortOrder"] = o.SortOrder
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.TargetVersion != nil {
+		toSerialize["targetVersion"] = o.TargetVersion
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AgentPoolUpdate) UnmarshalJSON(bytes []byte) (err error) {
+	varAgentPoolUpdate := _AgentPoolUpdate{}
+
+	err = json.Unmarshal(bytes, &varAgentPoolUpdate)
+	if err == nil {
+		*o = AgentPoolUpdate(varAgentPoolUpdate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "agents")
+		delete(additionalProperties, "agentType")
+		delete(additionalProperties, "enabled")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "notifyAdmin")
+		delete(additionalProperties, "reason")
+		delete(additionalProperties, "schedule")
+		delete(additionalProperties, "sortOrder")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "targetVersion")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAgentPoolUpdate struct {
+	value *AgentPoolUpdate
+	isSet bool
+}
+
+func (v NullableAgentPoolUpdate) Get() *AgentPoolUpdate {
+	return v.value
+}
+
+func (v *NullableAgentPoolUpdate) Set(val *AgentPoolUpdate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAgentPoolUpdate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAgentPoolUpdate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAgentPoolUpdate(val *AgentPoolUpdate) *NullableAgentPoolUpdate {
+	return &NullableAgentPoolUpdate{value: val, isSet: true}
+}
+
+func (v NullableAgentPoolUpdate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAgentPoolUpdate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_agent_pool_update_setting.go b/okta/model_agent_pool_update_setting.go
new file mode 100644
index 000000000..c1705f97a
--- /dev/null
+++ b/okta/model_agent_pool_update_setting.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AgentPoolUpdateSetting Setting for auto-update
+type AgentPoolUpdateSetting struct {
+	AgentType               *AgentType      `json:"agentType,omitempty"`
+	ContinueOnError         *bool           `json:"continueOnError,omitempty"`
+	LatestVersion           *string         `json:"latestVersion,omitempty"`
+	MinimalSupportedVersion *string         `json:"minimalSupportedVersion,omitempty"`
+	PoolId                  *string         `json:"poolId,omitempty"`
+	PoolName                *string         `json:"poolName,omitempty"`
+	ReleaseChannel          *ReleaseChannel `json:"releaseChannel,omitempty"`
+	AdditionalProperties    map[string]interface{}
+}
+
+type _AgentPoolUpdateSetting AgentPoolUpdateSetting
+
+// NewAgentPoolUpdateSetting instantiates a new AgentPoolUpdateSetting object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAgentPoolUpdateSetting() *AgentPoolUpdateSetting {
+	this := AgentPoolUpdateSetting{}
+	return &this
+}
+
+// NewAgentPoolUpdateSettingWithDefaults instantiates a new AgentPoolUpdateSetting object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAgentPoolUpdateSettingWithDefaults() *AgentPoolUpdateSetting {
+	this := AgentPoolUpdateSetting{}
+	return &this
+}
+
+// GetAgentType returns the AgentType field value if set, zero value otherwise.
+func (o *AgentPoolUpdateSetting) GetAgentType() AgentType {
+	if o == nil || o.AgentType == nil {
+		var ret AgentType
+		return ret
+	}
+	return *o.AgentType
+}
+
+// GetAgentTypeOk returns a tuple with the AgentType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdateSetting) GetAgentTypeOk() (*AgentType, bool) {
+	if o == nil || o.AgentType == nil {
+		return nil, false
+	}
+	return o.AgentType, true
+}
+
+// HasAgentType returns a boolean if a field has been set.
+func (o *AgentPoolUpdateSetting) HasAgentType() bool {
+	if o != nil && o.AgentType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAgentType gets a reference to the given AgentType and assigns it to the AgentType field.
+func (o *AgentPoolUpdateSetting) SetAgentType(v AgentType) {
+	o.AgentType = &v
+}
+
+// GetContinueOnError returns the ContinueOnError field value if set, zero value otherwise.
+func (o *AgentPoolUpdateSetting) GetContinueOnError() bool {
+	if o == nil || o.ContinueOnError == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ContinueOnError
+}
+
+// GetContinueOnErrorOk returns a tuple with the ContinueOnError field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdateSetting) GetContinueOnErrorOk() (*bool, bool) {
+	if o == nil || o.ContinueOnError == nil {
+		return nil, false
+	}
+	return o.ContinueOnError, true
+}
+
+// HasContinueOnError returns a boolean if a field has been set.
+func (o *AgentPoolUpdateSetting) HasContinueOnError() bool {
+	if o != nil && o.ContinueOnError != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContinueOnError gets a reference to the given bool and assigns it to the ContinueOnError field.
+func (o *AgentPoolUpdateSetting) SetContinueOnError(v bool) {
+	o.ContinueOnError = &v
+}
+
+// GetLatestVersion returns the LatestVersion field value if set, zero value otherwise.
+func (o *AgentPoolUpdateSetting) GetLatestVersion() string {
+	if o == nil || o.LatestVersion == nil {
+		var ret string
+		return ret
+	}
+	return *o.LatestVersion
+}
+
+// GetLatestVersionOk returns a tuple with the LatestVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdateSetting) GetLatestVersionOk() (*string, bool) {
+	if o == nil || o.LatestVersion == nil {
+		return nil, false
+	}
+	return o.LatestVersion, true
+}
+
+// HasLatestVersion returns a boolean if a field has been set.
+func (o *AgentPoolUpdateSetting) HasLatestVersion() bool {
+	if o != nil && o.LatestVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLatestVersion gets a reference to the given string and assigns it to the LatestVersion field.
+func (o *AgentPoolUpdateSetting) SetLatestVersion(v string) {
+	o.LatestVersion = &v
+}
+
+// GetMinimalSupportedVersion returns the MinimalSupportedVersion field value if set, zero value otherwise.
+func (o *AgentPoolUpdateSetting) GetMinimalSupportedVersion() string {
+	if o == nil || o.MinimalSupportedVersion == nil {
+		var ret string
+		return ret
+	}
+	return *o.MinimalSupportedVersion
+}
+
+// GetMinimalSupportedVersionOk returns a tuple with the MinimalSupportedVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdateSetting) GetMinimalSupportedVersionOk() (*string, bool) {
+	if o == nil || o.MinimalSupportedVersion == nil {
+		return nil, false
+	}
+	return o.MinimalSupportedVersion, true
+}
+
+// HasMinimalSupportedVersion returns a boolean if a field has been set.
+func (o *AgentPoolUpdateSetting) HasMinimalSupportedVersion() bool {
+	if o != nil && o.MinimalSupportedVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinimalSupportedVersion gets a reference to the given string and assigns it to the MinimalSupportedVersion field.
+func (o *AgentPoolUpdateSetting) SetMinimalSupportedVersion(v string) {
+	o.MinimalSupportedVersion = &v
+}
+
+// GetPoolId returns the PoolId field value if set, zero value otherwise.
+func (o *AgentPoolUpdateSetting) GetPoolId() string {
+	if o == nil || o.PoolId == nil {
+		var ret string
+		return ret
+	}
+	return *o.PoolId
+}
+
+// GetPoolIdOk returns a tuple with the PoolId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdateSetting) GetPoolIdOk() (*string, bool) {
+	if o == nil || o.PoolId == nil {
+		return nil, false
+	}
+	return o.PoolId, true
+}
+
+// HasPoolId returns a boolean if a field has been set.
+func (o *AgentPoolUpdateSetting) HasPoolId() bool {
+	if o != nil && o.PoolId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPoolId gets a reference to the given string and assigns it to the PoolId field.
+func (o *AgentPoolUpdateSetting) SetPoolId(v string) {
+	o.PoolId = &v
+}
+
+// GetPoolName returns the PoolName field value if set, zero value otherwise.
+func (o *AgentPoolUpdateSetting) GetPoolName() string {
+	if o == nil || o.PoolName == nil {
+		var ret string
+		return ret
+	}
+	return *o.PoolName
+}
+
+// GetPoolNameOk returns a tuple with the PoolName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdateSetting) GetPoolNameOk() (*string, bool) {
+	if o == nil || o.PoolName == nil {
+		return nil, false
+	}
+	return o.PoolName, true
+}
+
+// HasPoolName returns a boolean if a field has been set.
+func (o *AgentPoolUpdateSetting) HasPoolName() bool {
+	if o != nil && o.PoolName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPoolName gets a reference to the given string and assigns it to the PoolName field.
+func (o *AgentPoolUpdateSetting) SetPoolName(v string) {
+	o.PoolName = &v
+}
+
+// GetReleaseChannel returns the ReleaseChannel field value if set, zero value otherwise.
+func (o *AgentPoolUpdateSetting) GetReleaseChannel() ReleaseChannel {
+	if o == nil || o.ReleaseChannel == nil {
+		var ret ReleaseChannel
+		return ret
+	}
+	return *o.ReleaseChannel
+}
+
+// GetReleaseChannelOk returns a tuple with the ReleaseChannel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AgentPoolUpdateSetting) GetReleaseChannelOk() (*ReleaseChannel, bool) {
+	if o == nil || o.ReleaseChannel == nil {
+		return nil, false
+	}
+	return o.ReleaseChannel, true
+}
+
+// HasReleaseChannel returns a boolean if a field has been set.
+func (o *AgentPoolUpdateSetting) HasReleaseChannel() bool {
+	if o != nil && o.ReleaseChannel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReleaseChannel gets a reference to the given ReleaseChannel and assigns it to the ReleaseChannel field.
+func (o *AgentPoolUpdateSetting) SetReleaseChannel(v ReleaseChannel) {
+	o.ReleaseChannel = &v
+}
+
+func (o AgentPoolUpdateSetting) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AgentType != nil {
+		toSerialize["agentType"] = o.AgentType
+	}
+	if o.ContinueOnError != nil {
+		toSerialize["continueOnError"] = o.ContinueOnError
+	}
+	if o.LatestVersion != nil {
+		toSerialize["latestVersion"] = o.LatestVersion
+	}
+	if o.MinimalSupportedVersion != nil {
+		toSerialize["minimalSupportedVersion"] = o.MinimalSupportedVersion
+	}
+	if o.PoolId != nil {
+		toSerialize["poolId"] = o.PoolId
+	}
+	if o.PoolName != nil {
+		toSerialize["poolName"] = o.PoolName
+	}
+	if o.ReleaseChannel != nil {
+		toSerialize["releaseChannel"] = o.ReleaseChannel
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AgentPoolUpdateSetting) UnmarshalJSON(bytes []byte) (err error) {
+	varAgentPoolUpdateSetting := _AgentPoolUpdateSetting{}
+
+	err = json.Unmarshal(bytes, &varAgentPoolUpdateSetting)
+	if err == nil {
+		*o = AgentPoolUpdateSetting(varAgentPoolUpdateSetting)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "agentType")
+		delete(additionalProperties, "continueOnError")
+		delete(additionalProperties, "latestVersion")
+		delete(additionalProperties, "minimalSupportedVersion")
+		delete(additionalProperties, "poolId")
+		delete(additionalProperties, "poolName")
+		delete(additionalProperties, "releaseChannel")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAgentPoolUpdateSetting struct {
+	value *AgentPoolUpdateSetting
+	isSet bool
+}
+
+func (v NullableAgentPoolUpdateSetting) Get() *AgentPoolUpdateSetting {
+	return v.value
+}
+
+func (v *NullableAgentPoolUpdateSetting) Set(val *AgentPoolUpdateSetting) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAgentPoolUpdateSetting) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAgentPoolUpdateSetting) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAgentPoolUpdateSetting(val *AgentPoolUpdateSetting) *NullableAgentPoolUpdateSetting {
+	return &NullableAgentPoolUpdateSetting{value: val, isSet: true}
+}
+
+func (v NullableAgentPoolUpdateSetting) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAgentPoolUpdateSetting) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_agent_type.go b/okta/model_agent_type.go
new file mode 100644
index 000000000..fc16678c8
--- /dev/null
+++ b/okta/model_agent_type.go
@@ -0,0 +1,134 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AgentType Agent types that are being monitored
+type AgentType string
+
+// List of AgentType
+const (
+	AGENTTYPE_AD     AgentType = "AD"
+	AGENTTYPE_IWA    AgentType = "IWA"
+	AGENTTYPE_LDAP   AgentType = "LDAP"
+	AGENTTYPE_MFA    AgentType = "MFA"
+	AGENTTYPE_OPP    AgentType = "OPP"
+	AGENTTYPE_RUM    AgentType = "RUM"
+	AGENTTYPE_RADIUS AgentType = "Radius"
+)
+
+// All allowed values of AgentType enum
+var AllowedAgentTypeEnumValues = []AgentType{
+	"AD",
+	"IWA",
+	"LDAP",
+	"MFA",
+	"OPP",
+	"RUM",
+	"Radius",
+}
+
+func (v *AgentType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AgentType(value)
+	for _, existing := range AllowedAgentTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AgentType", value)
+}
+
+// NewAgentTypeFromValue returns a pointer to a valid AgentType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAgentTypeFromValue(v string) (*AgentType, error) {
+	ev := AgentType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AgentType: valid values are %v", v, AllowedAgentTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AgentType) IsValid() bool {
+	for _, existing := range AllowedAgentTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AgentType value
+func (v AgentType) Ptr() *AgentType {
+	return &v
+}
+
+type NullableAgentType struct {
+	value *AgentType
+	isSet bool
+}
+
+func (v NullableAgentType) Get() *AgentType {
+	return v.value
+}
+
+func (v *NullableAgentType) Set(val *AgentType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAgentType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAgentType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAgentType(val *AgentType) *NullableAgentType {
+	return &NullableAgentType{value: val, isSet: true}
+}
+
+func (v NullableAgentType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAgentType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_agent_update_instance_status.go b/okta/model_agent_update_instance_status.go
new file mode 100644
index 000000000..7281bc899
--- /dev/null
+++ b/okta/model_agent_update_instance_status.go
@@ -0,0 +1,132 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AgentUpdateInstanceStatus Status for one agent regarding the status to auto-update that agent
+type AgentUpdateInstanceStatus string
+
+// List of AgentUpdateInstanceStatus
+const (
+	AGENTUPDATEINSTANCESTATUS_CANCELLED          AgentUpdateInstanceStatus = "Cancelled"
+	AGENTUPDATEINSTANCESTATUS_FAILED             AgentUpdateInstanceStatus = "Failed"
+	AGENTUPDATEINSTANCESTATUS_IN_PROGRESS        AgentUpdateInstanceStatus = "InProgress"
+	AGENTUPDATEINSTANCESTATUS_PENDING_COMPLETION AgentUpdateInstanceStatus = "PendingCompletion"
+	AGENTUPDATEINSTANCESTATUS_SCHEDULED          AgentUpdateInstanceStatus = "Scheduled"
+	AGENTUPDATEINSTANCESTATUS_SUCCESS            AgentUpdateInstanceStatus = "Success"
+)
+
+// All allowed values of AgentUpdateInstanceStatus enum
+var AllowedAgentUpdateInstanceStatusEnumValues = []AgentUpdateInstanceStatus{
+	"Cancelled",
+	"Failed",
+	"InProgress",
+	"PendingCompletion",
+	"Scheduled",
+	"Success",
+}
+
+func (v *AgentUpdateInstanceStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AgentUpdateInstanceStatus(value)
+	for _, existing := range AllowedAgentUpdateInstanceStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AgentUpdateInstanceStatus", value)
+}
+
+// NewAgentUpdateInstanceStatusFromValue returns a pointer to a valid AgentUpdateInstanceStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAgentUpdateInstanceStatusFromValue(v string) (*AgentUpdateInstanceStatus, error) {
+	ev := AgentUpdateInstanceStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AgentUpdateInstanceStatus: valid values are %v", v, AllowedAgentUpdateInstanceStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AgentUpdateInstanceStatus) IsValid() bool {
+	for _, existing := range AllowedAgentUpdateInstanceStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AgentUpdateInstanceStatus value
+func (v AgentUpdateInstanceStatus) Ptr() *AgentUpdateInstanceStatus {
+	return &v
+}
+
+type NullableAgentUpdateInstanceStatus struct {
+	value *AgentUpdateInstanceStatus
+	isSet bool
+}
+
+func (v NullableAgentUpdateInstanceStatus) Get() *AgentUpdateInstanceStatus {
+	return v.value
+}
+
+func (v *NullableAgentUpdateInstanceStatus) Set(val *AgentUpdateInstanceStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAgentUpdateInstanceStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAgentUpdateInstanceStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAgentUpdateInstanceStatus(val *AgentUpdateInstanceStatus) *NullableAgentUpdateInstanceStatus {
+	return &NullableAgentUpdateInstanceStatus{value: val, isSet: true}
+}
+
+func (v NullableAgentUpdateInstanceStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAgentUpdateInstanceStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_agent_update_job_status.go b/okta/model_agent_update_job_status.go
new file mode 100644
index 000000000..2589213ad
--- /dev/null
+++ b/okta/model_agent_update_job_status.go
@@ -0,0 +1,132 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AgentUpdateJobStatus Overall state for the auto-update job from admin perspective
+type AgentUpdateJobStatus string
+
+// List of AgentUpdateJobStatus
+const (
+	AGENTUPDATEJOBSTATUS_CANCELLED   AgentUpdateJobStatus = "Cancelled"
+	AGENTUPDATEJOBSTATUS_FAILED      AgentUpdateJobStatus = "Failed"
+	AGENTUPDATEJOBSTATUS_IN_PROGRESS AgentUpdateJobStatus = "InProgress"
+	AGENTUPDATEJOBSTATUS_PAUSED      AgentUpdateJobStatus = "Paused"
+	AGENTUPDATEJOBSTATUS_SCHEDULED   AgentUpdateJobStatus = "Scheduled"
+	AGENTUPDATEJOBSTATUS_SUCCESS     AgentUpdateJobStatus = "Success"
+)
+
+// All allowed values of AgentUpdateJobStatus enum
+var AllowedAgentUpdateJobStatusEnumValues = []AgentUpdateJobStatus{
+	"Cancelled",
+	"Failed",
+	"InProgress",
+	"Paused",
+	"Scheduled",
+	"Success",
+}
+
+func (v *AgentUpdateJobStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AgentUpdateJobStatus(value)
+	for _, existing := range AllowedAgentUpdateJobStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AgentUpdateJobStatus", value)
+}
+
+// NewAgentUpdateJobStatusFromValue returns a pointer to a valid AgentUpdateJobStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAgentUpdateJobStatusFromValue(v string) (*AgentUpdateJobStatus, error) {
+	ev := AgentUpdateJobStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AgentUpdateJobStatus: valid values are %v", v, AllowedAgentUpdateJobStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AgentUpdateJobStatus) IsValid() bool {
+	for _, existing := range AllowedAgentUpdateJobStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AgentUpdateJobStatus value
+func (v AgentUpdateJobStatus) Ptr() *AgentUpdateJobStatus {
+	return &v
+}
+
+type NullableAgentUpdateJobStatus struct {
+	value *AgentUpdateJobStatus
+	isSet bool
+}
+
+func (v NullableAgentUpdateJobStatus) Get() *AgentUpdateJobStatus {
+	return v.value
+}
+
+func (v *NullableAgentUpdateJobStatus) Set(val *AgentUpdateJobStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAgentUpdateJobStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAgentUpdateJobStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAgentUpdateJobStatus(val *AgentUpdateJobStatus) *NullableAgentUpdateJobStatus {
+	return &NullableAgentUpdateJobStatus{value: val, isSet: true}
+}
+
+func (v NullableAgentUpdateJobStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAgentUpdateJobStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_allowed_for_enum.go b/okta/model_allowed_for_enum.go
new file mode 100644
index 000000000..14619c683
--- /dev/null
+++ b/okta/model_allowed_for_enum.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AllowedForEnum the model 'AllowedForEnum'
+type AllowedForEnum string
+
+// List of AllowedForEnum
+const (
+	ALLOWEDFORENUM_ANY      AllowedForEnum = "any"
+	ALLOWEDFORENUM_NONE     AllowedForEnum = "none"
+	ALLOWEDFORENUM_RECOVERY AllowedForEnum = "recovery"
+	ALLOWEDFORENUM_SSO      AllowedForEnum = "sso"
+)
+
+// All allowed values of AllowedForEnum enum
+var AllowedAllowedForEnumEnumValues = []AllowedForEnum{
+	"any",
+	"none",
+	"recovery",
+	"sso",
+}
+
+func (v *AllowedForEnum) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AllowedForEnum(value)
+	for _, existing := range AllowedAllowedForEnumEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AllowedForEnum", value)
+}
+
+// NewAllowedForEnumFromValue returns a pointer to a valid AllowedForEnum
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAllowedForEnumFromValue(v string) (*AllowedForEnum, error) {
+	ev := AllowedForEnum(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AllowedForEnum: valid values are %v", v, AllowedAllowedForEnumEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AllowedForEnum) IsValid() bool {
+	for _, existing := range AllowedAllowedForEnumEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AllowedForEnum value
+func (v AllowedForEnum) Ptr() *AllowedForEnum {
+	return &v
+}
+
+type NullableAllowedForEnum struct {
+	value *AllowedForEnum
+	isSet bool
+}
+
+func (v NullableAllowedForEnum) Get() *AllowedForEnum {
+	return v.value
+}
+
+func (v *NullableAllowedForEnum) Set(val *AllowedForEnum) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAllowedForEnum) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAllowedForEnum) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAllowedForEnum(val *AllowedForEnum) *NullableAllowedForEnum {
+	return &NullableAllowedForEnum{value: val, isSet: true}
+}
+
+func (v NullableAllowedForEnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAllowedForEnum) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_api_token.go b/okta/model_api_token.go
new file mode 100644
index 000000000..8f1125b08
--- /dev/null
+++ b/okta/model_api_token.go
@@ -0,0 +1,449 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ApiToken An API token for an Okta User. This token is NOT scoped any further and can be used for any API the user has permissions to call.
+type ApiToken struct {
+	ClientName  *string    `json:"clientName,omitempty"`
+	Created     *time.Time `json:"created,omitempty"`
+	ExpiresAt   *time.Time `json:"expiresAt,omitempty"`
+	Id          *string    `json:"id,omitempty"`
+	LastUpdated *time.Time `json:"lastUpdated,omitempty"`
+	Name        string     `json:"name"`
+	// A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
+	TokenWindow          *string       `json:"tokenWindow,omitempty"`
+	UserId               *string       `json:"userId,omitempty"`
+	Link                 *ApiTokenLink `json:"_link,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApiToken ApiToken
+
+// NewApiToken instantiates a new ApiToken object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApiToken(name string) *ApiToken {
+	this := ApiToken{}
+	this.Name = name
+	return &this
+}
+
+// NewApiTokenWithDefaults instantiates a new ApiToken object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApiTokenWithDefaults() *ApiToken {
+	this := ApiToken{}
+	return &this
+}
+
+// GetClientName returns the ClientName field value if set, zero value otherwise.
+func (o *ApiToken) GetClientName() string {
+	if o == nil || o.ClientName == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientName
+}
+
+// GetClientNameOk returns a tuple with the ClientName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetClientNameOk() (*string, bool) {
+	if o == nil || o.ClientName == nil {
+		return nil, false
+	}
+	return o.ClientName, true
+}
+
+// HasClientName returns a boolean if a field has been set.
+func (o *ApiToken) HasClientName() bool {
+	if o != nil && o.ClientName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientName gets a reference to the given string and assigns it to the ClientName field.
+func (o *ApiToken) SetClientName(v string) {
+	o.ClientName = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *ApiToken) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *ApiToken) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *ApiToken) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *ApiToken) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *ApiToken) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *ApiToken) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ApiToken) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ApiToken) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ApiToken) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *ApiToken) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *ApiToken) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *ApiToken) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value
+func (o *ApiToken) GetName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Name, true
+}
+
+// SetName sets field value
+func (o *ApiToken) SetName(v string) {
+	o.Name = v
+}
+
+// GetTokenWindow returns the TokenWindow field value if set, zero value otherwise.
+func (o *ApiToken) GetTokenWindow() string {
+	if o == nil || o.TokenWindow == nil {
+		var ret string
+		return ret
+	}
+	return *o.TokenWindow
+}
+
+// GetTokenWindowOk returns a tuple with the TokenWindow field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetTokenWindowOk() (*string, bool) {
+	if o == nil || o.TokenWindow == nil {
+		return nil, false
+	}
+	return o.TokenWindow, true
+}
+
+// HasTokenWindow returns a boolean if a field has been set.
+func (o *ApiToken) HasTokenWindow() bool {
+	if o != nil && o.TokenWindow != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenWindow gets a reference to the given string and assigns it to the TokenWindow field.
+func (o *ApiToken) SetTokenWindow(v string) {
+	o.TokenWindow = &v
+}
+
+// GetUserId returns the UserId field value if set, zero value otherwise.
+func (o *ApiToken) GetUserId() string {
+	if o == nil || o.UserId == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserId
+}
+
+// GetUserIdOk returns a tuple with the UserId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetUserIdOk() (*string, bool) {
+	if o == nil || o.UserId == nil {
+		return nil, false
+	}
+	return o.UserId, true
+}
+
+// HasUserId returns a boolean if a field has been set.
+func (o *ApiToken) HasUserId() bool {
+	if o != nil && o.UserId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserId gets a reference to the given string and assigns it to the UserId field.
+func (o *ApiToken) SetUserId(v string) {
+	o.UserId = &v
+}
+
+// GetLink returns the Link field value if set, zero value otherwise.
+func (o *ApiToken) GetLink() ApiTokenLink {
+	if o == nil || o.Link == nil {
+		var ret ApiTokenLink
+		return ret
+	}
+	return *o.Link
+}
+
+// GetLinkOk returns a tuple with the Link field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiToken) GetLinkOk() (*ApiTokenLink, bool) {
+	if o == nil || o.Link == nil {
+		return nil, false
+	}
+	return o.Link, true
+}
+
+// HasLink returns a boolean if a field has been set.
+func (o *ApiToken) HasLink() bool {
+	if o != nil && o.Link != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLink gets a reference to the given ApiTokenLink and assigns it to the Link field.
+func (o *ApiToken) SetLink(v ApiTokenLink) {
+	o.Link = &v
+}
+
+func (o ApiToken) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ClientName != nil {
+		toSerialize["clientName"] = o.ClientName
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if true {
+		toSerialize["name"] = o.Name
+	}
+	if o.TokenWindow != nil {
+		toSerialize["tokenWindow"] = o.TokenWindow
+	}
+	if o.UserId != nil {
+		toSerialize["userId"] = o.UserId
+	}
+	if o.Link != nil {
+		toSerialize["_link"] = o.Link
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApiToken) UnmarshalJSON(bytes []byte) (err error) {
+	varApiToken := _ApiToken{}
+
+	err = json.Unmarshal(bytes, &varApiToken)
+	if err == nil {
+		*o = ApiToken(varApiToken)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "clientName")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "tokenWindow")
+		delete(additionalProperties, "userId")
+		delete(additionalProperties, "_link")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApiToken struct {
+	value *ApiToken
+	isSet bool
+}
+
+func (v NullableApiToken) Get() *ApiToken {
+	return v.value
+}
+
+func (v *NullableApiToken) Set(val *ApiToken) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApiToken) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApiToken) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApiToken(val *ApiToken) *NullableApiToken {
+	return &NullableApiToken{value: val, isSet: true}
+}
+
+func (v NullableApiToken) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApiToken) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_api_token__link.go b/okta/model_api_token__link.go
new file mode 100644
index 000000000..e55b02893
--- /dev/null
+++ b/okta/model_api_token__link.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApiTokenLink struct for ApiTokenLink
+type ApiTokenLink struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApiTokenLink ApiTokenLink
+
+// NewApiTokenLink instantiates a new ApiTokenLink object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApiTokenLink() *ApiTokenLink {
+	this := ApiTokenLink{}
+	return &this
+}
+
+// NewApiTokenLinkWithDefaults instantiates a new ApiTokenLink object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApiTokenLinkWithDefaults() *ApiTokenLink {
+	this := ApiTokenLink{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *ApiTokenLink) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApiTokenLink) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *ApiTokenLink) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *ApiTokenLink) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+func (o ApiTokenLink) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApiTokenLink) UnmarshalJSON(bytes []byte) (err error) {
+	varApiTokenLink := _ApiTokenLink{}
+
+	err = json.Unmarshal(bytes, &varApiTokenLink)
+	if err == nil {
+		*o = ApiTokenLink(varApiTokenLink)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApiTokenLink struct {
+	value *ApiTokenLink
+	isSet bool
+}
+
+func (v NullableApiTokenLink) Get() *ApiTokenLink {
+	return v.value
+}
+
+func (v *NullableApiTokenLink) Set(val *ApiTokenLink) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApiTokenLink) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApiTokenLink) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApiTokenLink(val *ApiTokenLink) *NullableApiTokenLink {
+	return &NullableApiTokenLink{value: val, isSet: true}
+}
+
+func (v NullableApiTokenLink) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApiTokenLink) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_apns_configuration.go b/okta/model_apns_configuration.go
new file mode 100644
index 000000000..6dce01777
--- /dev/null
+++ b/okta/model_apns_configuration.go
@@ -0,0 +1,273 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// APNSConfiguration struct for APNSConfiguration
+type APNSConfiguration struct {
+	// (Optional) File name for Admin Console display
+	FileName *string `json:"fileName,omitempty"`
+	// 10-character Key ID obtained from the Apple developer account
+	KeyId *string `json:"keyId,omitempty"`
+	// 10-character Team ID used to develop the iOS app
+	TeamId *string `json:"teamId,omitempty"`
+	// APNs private authentication token signing key
+	TokenSigningKey      *string `json:"tokenSigningKey,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _APNSConfiguration APNSConfiguration
+
+// NewAPNSConfiguration instantiates a new APNSConfiguration object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAPNSConfiguration() *APNSConfiguration {
+	this := APNSConfiguration{}
+	return &this
+}
+
+// NewAPNSConfigurationWithDefaults instantiates a new APNSConfiguration object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAPNSConfigurationWithDefaults() *APNSConfiguration {
+	this := APNSConfiguration{}
+	return &this
+}
+
+// GetFileName returns the FileName field value if set, zero value otherwise.
+func (o *APNSConfiguration) GetFileName() string {
+	if o == nil || o.FileName == nil {
+		var ret string
+		return ret
+	}
+	return *o.FileName
+}
+
+// GetFileNameOk returns a tuple with the FileName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *APNSConfiguration) GetFileNameOk() (*string, bool) {
+	if o == nil || o.FileName == nil {
+		return nil, false
+	}
+	return o.FileName, true
+}
+
+// HasFileName returns a boolean if a field has been set.
+func (o *APNSConfiguration) HasFileName() bool {
+	if o != nil && o.FileName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFileName gets a reference to the given string and assigns it to the FileName field.
+func (o *APNSConfiguration) SetFileName(v string) {
+	o.FileName = &v
+}
+
+// GetKeyId returns the KeyId field value if set, zero value otherwise.
+func (o *APNSConfiguration) GetKeyId() string {
+	if o == nil || o.KeyId == nil {
+		var ret string
+		return ret
+	}
+	return *o.KeyId
+}
+
+// GetKeyIdOk returns a tuple with the KeyId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *APNSConfiguration) GetKeyIdOk() (*string, bool) {
+	if o == nil || o.KeyId == nil {
+		return nil, false
+	}
+	return o.KeyId, true
+}
+
+// HasKeyId returns a boolean if a field has been set.
+func (o *APNSConfiguration) HasKeyId() bool {
+	if o != nil && o.KeyId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKeyId gets a reference to the given string and assigns it to the KeyId field.
+func (o *APNSConfiguration) SetKeyId(v string) {
+	o.KeyId = &v
+}
+
+// GetTeamId returns the TeamId field value if set, zero value otherwise.
+func (o *APNSConfiguration) GetTeamId() string {
+	if o == nil || o.TeamId == nil {
+		var ret string
+		return ret
+	}
+	return *o.TeamId
+}
+
+// GetTeamIdOk returns a tuple with the TeamId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *APNSConfiguration) GetTeamIdOk() (*string, bool) {
+	if o == nil || o.TeamId == nil {
+		return nil, false
+	}
+	return o.TeamId, true
+}
+
+// HasTeamId returns a boolean if a field has been set.
+func (o *APNSConfiguration) HasTeamId() bool {
+	if o != nil && o.TeamId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTeamId gets a reference to the given string and assigns it to the TeamId field.
+func (o *APNSConfiguration) SetTeamId(v string) {
+	o.TeamId = &v
+}
+
+// GetTokenSigningKey returns the TokenSigningKey field value if set, zero value otherwise.
+func (o *APNSConfiguration) GetTokenSigningKey() string {
+	if o == nil || o.TokenSigningKey == nil {
+		var ret string
+		return ret
+	}
+	return *o.TokenSigningKey
+}
+
+// GetTokenSigningKeyOk returns a tuple with the TokenSigningKey field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *APNSConfiguration) GetTokenSigningKeyOk() (*string, bool) {
+	if o == nil || o.TokenSigningKey == nil {
+		return nil, false
+	}
+	return o.TokenSigningKey, true
+}
+
+// HasTokenSigningKey returns a boolean if a field has been set.
+func (o *APNSConfiguration) HasTokenSigningKey() bool {
+	if o != nil && o.TokenSigningKey != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenSigningKey gets a reference to the given string and assigns it to the TokenSigningKey field.
+func (o *APNSConfiguration) SetTokenSigningKey(v string) {
+	o.TokenSigningKey = &v
+}
+
+func (o APNSConfiguration) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.FileName != nil {
+		toSerialize["fileName"] = o.FileName
+	}
+	if o.KeyId != nil {
+		toSerialize["keyId"] = o.KeyId
+	}
+	if o.TeamId != nil {
+		toSerialize["teamId"] = o.TeamId
+	}
+	if o.TokenSigningKey != nil {
+		toSerialize["tokenSigningKey"] = o.TokenSigningKey
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *APNSConfiguration) UnmarshalJSON(bytes []byte) (err error) {
+	varAPNSConfiguration := _APNSConfiguration{}
+
+	err = json.Unmarshal(bytes, &varAPNSConfiguration)
+	if err == nil {
+		*o = APNSConfiguration(varAPNSConfiguration)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "fileName")
+		delete(additionalProperties, "keyId")
+		delete(additionalProperties, "teamId")
+		delete(additionalProperties, "tokenSigningKey")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAPNSConfiguration struct {
+	value *APNSConfiguration
+	isSet bool
+}
+
+func (v NullableAPNSConfiguration) Get() *APNSConfiguration {
+	return v.value
+}
+
+func (v *NullableAPNSConfiguration) Set(val *APNSConfiguration) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAPNSConfiguration) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAPNSConfiguration) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAPNSConfiguration(val *APNSConfiguration) *NullableAPNSConfiguration {
+	return &NullableAPNSConfiguration{value: val, isSet: true}
+}
+
+func (v NullableAPNSConfiguration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAPNSConfiguration) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_apns_push_provider.go b/okta/model_apns_push_provider.go
new file mode 100644
index 000000000..f120871d6
--- /dev/null
+++ b/okta/model_apns_push_provider.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// APNSPushProvider struct for APNSPushProvider
+type APNSPushProvider struct {
+	PushProvider
+	Configuration        *APNSConfiguration `json:"configuration,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _APNSPushProvider APNSPushProvider
+
+// NewAPNSPushProvider instantiates a new APNSPushProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAPNSPushProvider() *APNSPushProvider {
+	this := APNSPushProvider{}
+	return &this
+}
+
+// NewAPNSPushProviderWithDefaults instantiates a new APNSPushProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAPNSPushProviderWithDefaults() *APNSPushProvider {
+	this := APNSPushProvider{}
+	return &this
+}
+
+// GetConfiguration returns the Configuration field value if set, zero value otherwise.
+func (o *APNSPushProvider) GetConfiguration() APNSConfiguration {
+	if o == nil || o.Configuration == nil {
+		var ret APNSConfiguration
+		return ret
+	}
+	return *o.Configuration
+}
+
+// GetConfigurationOk returns a tuple with the Configuration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *APNSPushProvider) GetConfigurationOk() (*APNSConfiguration, bool) {
+	if o == nil || o.Configuration == nil {
+		return nil, false
+	}
+	return o.Configuration, true
+}
+
+// HasConfiguration returns a boolean if a field has been set.
+func (o *APNSPushProvider) HasConfiguration() bool {
+	if o != nil && o.Configuration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfiguration gets a reference to the given APNSConfiguration and assigns it to the Configuration field.
+func (o *APNSPushProvider) SetConfiguration(v APNSConfiguration) {
+	o.Configuration = &v
+}
+
+func (o APNSPushProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPushProvider, errPushProvider := json.Marshal(o.PushProvider)
+	if errPushProvider != nil {
+		return []byte{}, errPushProvider
+	}
+	errPushProvider = json.Unmarshal([]byte(serializedPushProvider), &toSerialize)
+	if errPushProvider != nil {
+		return []byte{}, errPushProvider
+	}
+	if o.Configuration != nil {
+		toSerialize["configuration"] = o.Configuration
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *APNSPushProvider) UnmarshalJSON(bytes []byte) (err error) {
+	type APNSPushProviderWithoutEmbeddedStruct struct {
+		Configuration *APNSConfiguration `json:"configuration,omitempty"`
+	}
+
+	varAPNSPushProviderWithoutEmbeddedStruct := APNSPushProviderWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varAPNSPushProviderWithoutEmbeddedStruct)
+	if err == nil {
+		varAPNSPushProvider := _APNSPushProvider{}
+		varAPNSPushProvider.Configuration = varAPNSPushProviderWithoutEmbeddedStruct.Configuration
+		*o = APNSPushProvider(varAPNSPushProvider)
+	} else {
+		return err
+	}
+
+	varAPNSPushProvider := _APNSPushProvider{}
+
+	err = json.Unmarshal(bytes, &varAPNSPushProvider)
+	if err == nil {
+		o.PushProvider = varAPNSPushProvider.PushProvider
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "configuration")
+
+		// remove fields from embedded structs
+		reflectPushProvider := reflect.ValueOf(o.PushProvider)
+		for i := 0; i < reflectPushProvider.Type().NumField(); i++ {
+			t := reflectPushProvider.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAPNSPushProvider struct {
+	value *APNSPushProvider
+	isSet bool
+}
+
+func (v NullableAPNSPushProvider) Get() *APNSPushProvider {
+	return v.value
+}
+
+func (v *NullableAPNSPushProvider) Set(val *APNSPushProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAPNSPushProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAPNSPushProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAPNSPushProvider(val *APNSPushProvider) *NullableAPNSPushProvider {
+	return &NullableAPNSPushProvider{value: val, isSet: true}
+}
+
+func (v NullableAPNSPushProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAPNSPushProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_apns_push_provider_all_of.go b/okta/model_apns_push_provider_all_of.go
new file mode 100644
index 000000000..3dd8da551
--- /dev/null
+++ b/okta/model_apns_push_provider_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// APNSPushProviderAllOf struct for APNSPushProviderAllOf
+type APNSPushProviderAllOf struct {
+	Configuration        *APNSConfiguration `json:"configuration,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _APNSPushProviderAllOf APNSPushProviderAllOf
+
+// NewAPNSPushProviderAllOf instantiates a new APNSPushProviderAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAPNSPushProviderAllOf() *APNSPushProviderAllOf {
+	this := APNSPushProviderAllOf{}
+	return &this
+}
+
+// NewAPNSPushProviderAllOfWithDefaults instantiates a new APNSPushProviderAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAPNSPushProviderAllOfWithDefaults() *APNSPushProviderAllOf {
+	this := APNSPushProviderAllOf{}
+	return &this
+}
+
+// GetConfiguration returns the Configuration field value if set, zero value otherwise.
+func (o *APNSPushProviderAllOf) GetConfiguration() APNSConfiguration {
+	if o == nil || o.Configuration == nil {
+		var ret APNSConfiguration
+		return ret
+	}
+	return *o.Configuration
+}
+
+// GetConfigurationOk returns a tuple with the Configuration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *APNSPushProviderAllOf) GetConfigurationOk() (*APNSConfiguration, bool) {
+	if o == nil || o.Configuration == nil {
+		return nil, false
+	}
+	return o.Configuration, true
+}
+
+// HasConfiguration returns a boolean if a field has been set.
+func (o *APNSPushProviderAllOf) HasConfiguration() bool {
+	if o != nil && o.Configuration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfiguration gets a reference to the given APNSConfiguration and assigns it to the Configuration field.
+func (o *APNSPushProviderAllOf) SetConfiguration(v APNSConfiguration) {
+	o.Configuration = &v
+}
+
+func (o APNSPushProviderAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Configuration != nil {
+		toSerialize["configuration"] = o.Configuration
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *APNSPushProviderAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAPNSPushProviderAllOf := _APNSPushProviderAllOf{}
+
+	err = json.Unmarshal(bytes, &varAPNSPushProviderAllOf)
+	if err == nil {
+		*o = APNSPushProviderAllOf(varAPNSPushProviderAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "configuration")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAPNSPushProviderAllOf struct {
+	value *APNSPushProviderAllOf
+	isSet bool
+}
+
+func (v NullableAPNSPushProviderAllOf) Get() *APNSPushProviderAllOf {
+	return v.value
+}
+
+func (v *NullableAPNSPushProviderAllOf) Set(val *APNSPushProviderAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAPNSPushProviderAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAPNSPushProviderAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAPNSPushProviderAllOf(val *APNSPushProviderAllOf) *NullableAPNSPushProviderAllOf {
+	return &NullableAPNSPushProviderAllOf{value: val, isSet: true}
+}
+
+func (v NullableAPNSPushProviderAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAPNSPushProviderAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_and_instance_condition_evaluator_app_or_instance.go b/okta/model_app_and_instance_condition_evaluator_app_or_instance.go
new file mode 100644
index 000000000..d678a7956
--- /dev/null
+++ b/okta/model_app_and_instance_condition_evaluator_app_or_instance.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AppAndInstanceConditionEvaluatorAppOrInstance struct for AppAndInstanceConditionEvaluatorAppOrInstance
+type AppAndInstanceConditionEvaluatorAppOrInstance struct {
+	Id                   *string             `json:"id,omitempty"`
+	Name                 *string             `json:"name,omitempty"`
+	Type                 *AppAndInstanceType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AppAndInstanceConditionEvaluatorAppOrInstance AppAndInstanceConditionEvaluatorAppOrInstance
+
+// NewAppAndInstanceConditionEvaluatorAppOrInstance instantiates a new AppAndInstanceConditionEvaluatorAppOrInstance object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAppAndInstanceConditionEvaluatorAppOrInstance() *AppAndInstanceConditionEvaluatorAppOrInstance {
+	this := AppAndInstanceConditionEvaluatorAppOrInstance{}
+	return &this
+}
+
+// NewAppAndInstanceConditionEvaluatorAppOrInstanceWithDefaults instantiates a new AppAndInstanceConditionEvaluatorAppOrInstance object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAppAndInstanceConditionEvaluatorAppOrInstanceWithDefaults() *AppAndInstanceConditionEvaluatorAppOrInstance {
+	this := AppAndInstanceConditionEvaluatorAppOrInstance{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) SetName(v string) {
+	o.Name = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetType() AppAndInstanceType {
+	if o == nil || o.Type == nil {
+		var ret AppAndInstanceType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) GetTypeOk() (*AppAndInstanceType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given AppAndInstanceType and assigns it to the Type field.
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) SetType(v AppAndInstanceType) {
+	o.Type = &v
+}
+
+func (o AppAndInstanceConditionEvaluatorAppOrInstance) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AppAndInstanceConditionEvaluatorAppOrInstance) UnmarshalJSON(bytes []byte) (err error) {
+	varAppAndInstanceConditionEvaluatorAppOrInstance := _AppAndInstanceConditionEvaluatorAppOrInstance{}
+
+	err = json.Unmarshal(bytes, &varAppAndInstanceConditionEvaluatorAppOrInstance)
+	if err == nil {
+		*o = AppAndInstanceConditionEvaluatorAppOrInstance(varAppAndInstanceConditionEvaluatorAppOrInstance)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAppAndInstanceConditionEvaluatorAppOrInstance struct {
+	value *AppAndInstanceConditionEvaluatorAppOrInstance
+	isSet bool
+}
+
+func (v NullableAppAndInstanceConditionEvaluatorAppOrInstance) Get() *AppAndInstanceConditionEvaluatorAppOrInstance {
+	return v.value
+}
+
+func (v *NullableAppAndInstanceConditionEvaluatorAppOrInstance) Set(val *AppAndInstanceConditionEvaluatorAppOrInstance) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppAndInstanceConditionEvaluatorAppOrInstance) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppAndInstanceConditionEvaluatorAppOrInstance) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppAndInstanceConditionEvaluatorAppOrInstance(val *AppAndInstanceConditionEvaluatorAppOrInstance) *NullableAppAndInstanceConditionEvaluatorAppOrInstance {
+	return &NullableAppAndInstanceConditionEvaluatorAppOrInstance{value: val, isSet: true}
+}
+
+func (v NullableAppAndInstanceConditionEvaluatorAppOrInstance) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppAndInstanceConditionEvaluatorAppOrInstance) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_and_instance_policy_rule_condition.go b/okta/model_app_and_instance_policy_rule_condition.go
new file mode 100644
index 000000000..9ad979af6
--- /dev/null
+++ b/okta/model_app_and_instance_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AppAndInstancePolicyRuleCondition struct for AppAndInstancePolicyRuleCondition
+type AppAndInstancePolicyRuleCondition struct {
+	Exclude              []AppAndInstanceConditionEvaluatorAppOrInstance `json:"exclude,omitempty"`
+	Include              []AppAndInstanceConditionEvaluatorAppOrInstance `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AppAndInstancePolicyRuleCondition AppAndInstancePolicyRuleCondition
+
+// NewAppAndInstancePolicyRuleCondition instantiates a new AppAndInstancePolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAppAndInstancePolicyRuleCondition() *AppAndInstancePolicyRuleCondition {
+	this := AppAndInstancePolicyRuleCondition{}
+	return &this
+}
+
+// NewAppAndInstancePolicyRuleConditionWithDefaults instantiates a new AppAndInstancePolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAppAndInstancePolicyRuleConditionWithDefaults() *AppAndInstancePolicyRuleCondition {
+	this := AppAndInstancePolicyRuleCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *AppAndInstancePolicyRuleCondition) GetExclude() []AppAndInstanceConditionEvaluatorAppOrInstance {
+	if o == nil || o.Exclude == nil {
+		var ret []AppAndInstanceConditionEvaluatorAppOrInstance
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppAndInstancePolicyRuleCondition) GetExcludeOk() ([]AppAndInstanceConditionEvaluatorAppOrInstance, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *AppAndInstancePolicyRuleCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []AppAndInstanceConditionEvaluatorAppOrInstance and assigns it to the Exclude field.
+func (o *AppAndInstancePolicyRuleCondition) SetExclude(v []AppAndInstanceConditionEvaluatorAppOrInstance) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *AppAndInstancePolicyRuleCondition) GetInclude() []AppAndInstanceConditionEvaluatorAppOrInstance {
+	if o == nil || o.Include == nil {
+		var ret []AppAndInstanceConditionEvaluatorAppOrInstance
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppAndInstancePolicyRuleCondition) GetIncludeOk() ([]AppAndInstanceConditionEvaluatorAppOrInstance, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *AppAndInstancePolicyRuleCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []AppAndInstanceConditionEvaluatorAppOrInstance and assigns it to the Include field.
+func (o *AppAndInstancePolicyRuleCondition) SetInclude(v []AppAndInstanceConditionEvaluatorAppOrInstance) {
+	o.Include = v
+}
+
+func (o AppAndInstancePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AppAndInstancePolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varAppAndInstancePolicyRuleCondition := _AppAndInstancePolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varAppAndInstancePolicyRuleCondition)
+	if err == nil {
+		*o = AppAndInstancePolicyRuleCondition(varAppAndInstancePolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAppAndInstancePolicyRuleCondition struct {
+	value *AppAndInstancePolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableAppAndInstancePolicyRuleCondition) Get() *AppAndInstancePolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableAppAndInstancePolicyRuleCondition) Set(val *AppAndInstancePolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppAndInstancePolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppAndInstancePolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppAndInstancePolicyRuleCondition(val *AppAndInstancePolicyRuleCondition) *NullableAppAndInstancePolicyRuleCondition {
+	return &NullableAppAndInstancePolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableAppAndInstancePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppAndInstancePolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_and_instance_type.go b/okta/model_app_and_instance_type.go
new file mode 100644
index 000000000..06ac3b149
--- /dev/null
+++ b/okta/model_app_and_instance_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AppAndInstanceType the model 'AppAndInstanceType'
+type AppAndInstanceType string
+
+// List of AppAndInstanceType
+const (
+	APPANDINSTANCETYPE_APP      AppAndInstanceType = "APP"
+	APPANDINSTANCETYPE_APP_TYPE AppAndInstanceType = "APP_TYPE"
+)
+
+// All allowed values of AppAndInstanceType enum
+var AllowedAppAndInstanceTypeEnumValues = []AppAndInstanceType{
+	"APP",
+	"APP_TYPE",
+}
+
+func (v *AppAndInstanceType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AppAndInstanceType(value)
+	for _, existing := range AllowedAppAndInstanceTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AppAndInstanceType", value)
+}
+
+// NewAppAndInstanceTypeFromValue returns a pointer to a valid AppAndInstanceType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAppAndInstanceTypeFromValue(v string) (*AppAndInstanceType, error) {
+	ev := AppAndInstanceType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AppAndInstanceType: valid values are %v", v, AllowedAppAndInstanceTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AppAndInstanceType) IsValid() bool {
+	for _, existing := range AllowedAppAndInstanceTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AppAndInstanceType value
+func (v AppAndInstanceType) Ptr() *AppAndInstanceType {
+	return &v
+}
+
+type NullableAppAndInstanceType struct {
+	value *AppAndInstanceType
+	isSet bool
+}
+
+func (v NullableAppAndInstanceType) Get() *AppAndInstanceType {
+	return v.value
+}
+
+func (v *NullableAppAndInstanceType) Set(val *AppAndInstanceType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppAndInstanceType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppAndInstanceType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppAndInstanceType(val *AppAndInstanceType) *NullableAppAndInstanceType {
+	return &NullableAppAndInstanceType{value: val, isSet: true}
+}
+
+func (v NullableAppAndInstanceType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppAndInstanceType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_instance_policy_rule_condition.go b/okta/model_app_instance_policy_rule_condition.go
new file mode 100644
index 000000000..dbcdd5844
--- /dev/null
+++ b/okta/model_app_instance_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AppInstancePolicyRuleCondition struct for AppInstancePolicyRuleCondition
+type AppInstancePolicyRuleCondition struct {
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AppInstancePolicyRuleCondition AppInstancePolicyRuleCondition
+
+// NewAppInstancePolicyRuleCondition instantiates a new AppInstancePolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAppInstancePolicyRuleCondition() *AppInstancePolicyRuleCondition {
+	this := AppInstancePolicyRuleCondition{}
+	return &this
+}
+
+// NewAppInstancePolicyRuleConditionWithDefaults instantiates a new AppInstancePolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAppInstancePolicyRuleConditionWithDefaults() *AppInstancePolicyRuleCondition {
+	this := AppInstancePolicyRuleCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *AppInstancePolicyRuleCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppInstancePolicyRuleCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *AppInstancePolicyRuleCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *AppInstancePolicyRuleCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *AppInstancePolicyRuleCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppInstancePolicyRuleCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *AppInstancePolicyRuleCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *AppInstancePolicyRuleCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o AppInstancePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AppInstancePolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varAppInstancePolicyRuleCondition := _AppInstancePolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varAppInstancePolicyRuleCondition)
+	if err == nil {
+		*o = AppInstancePolicyRuleCondition(varAppInstancePolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAppInstancePolicyRuleCondition struct {
+	value *AppInstancePolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableAppInstancePolicyRuleCondition) Get() *AppInstancePolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableAppInstancePolicyRuleCondition) Set(val *AppInstancePolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppInstancePolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppInstancePolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppInstancePolicyRuleCondition(val *AppInstancePolicyRuleCondition) *NullableAppInstancePolicyRuleCondition {
+	return &NullableAppInstancePolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableAppInstancePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppInstancePolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_link.go b/okta/model_app_link.go
new file mode 100644
index 000000000..0cebe2c8e
--- /dev/null
+++ b/okta/model_app_link.go
@@ -0,0 +1,491 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AppLink struct for AppLink
+type AppLink struct {
+	AppAssignmentId      *string `json:"appAssignmentId,omitempty"`
+	AppInstanceId        *string `json:"appInstanceId,omitempty"`
+	AppName              *string `json:"appName,omitempty"`
+	CredentialsSetup     *bool   `json:"credentialsSetup,omitempty"`
+	Hidden               *bool   `json:"hidden,omitempty"`
+	Id                   *string `json:"id,omitempty"`
+	Label                *string `json:"label,omitempty"`
+	LinkUrl              *string `json:"linkUrl,omitempty"`
+	LogoUrl              *string `json:"logoUrl,omitempty"`
+	SortOrder            *int32  `json:"sortOrder,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AppLink AppLink
+
+// NewAppLink instantiates a new AppLink object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAppLink() *AppLink {
+	this := AppLink{}
+	return &this
+}
+
+// NewAppLinkWithDefaults instantiates a new AppLink object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAppLinkWithDefaults() *AppLink {
+	this := AppLink{}
+	return &this
+}
+
+// GetAppAssignmentId returns the AppAssignmentId field value if set, zero value otherwise.
+func (o *AppLink) GetAppAssignmentId() string {
+	if o == nil || o.AppAssignmentId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AppAssignmentId
+}
+
+// GetAppAssignmentIdOk returns a tuple with the AppAssignmentId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetAppAssignmentIdOk() (*string, bool) {
+	if o == nil || o.AppAssignmentId == nil {
+		return nil, false
+	}
+	return o.AppAssignmentId, true
+}
+
+// HasAppAssignmentId returns a boolean if a field has been set.
+func (o *AppLink) HasAppAssignmentId() bool {
+	if o != nil && o.AppAssignmentId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppAssignmentId gets a reference to the given string and assigns it to the AppAssignmentId field.
+func (o *AppLink) SetAppAssignmentId(v string) {
+	o.AppAssignmentId = &v
+}
+
+// GetAppInstanceId returns the AppInstanceId field value if set, zero value otherwise.
+func (o *AppLink) GetAppInstanceId() string {
+	if o == nil || o.AppInstanceId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AppInstanceId
+}
+
+// GetAppInstanceIdOk returns a tuple with the AppInstanceId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetAppInstanceIdOk() (*string, bool) {
+	if o == nil || o.AppInstanceId == nil {
+		return nil, false
+	}
+	return o.AppInstanceId, true
+}
+
+// HasAppInstanceId returns a boolean if a field has been set.
+func (o *AppLink) HasAppInstanceId() bool {
+	if o != nil && o.AppInstanceId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppInstanceId gets a reference to the given string and assigns it to the AppInstanceId field.
+func (o *AppLink) SetAppInstanceId(v string) {
+	o.AppInstanceId = &v
+}
+
+// GetAppName returns the AppName field value if set, zero value otherwise.
+func (o *AppLink) GetAppName() string {
+	if o == nil || o.AppName == nil {
+		var ret string
+		return ret
+	}
+	return *o.AppName
+}
+
+// GetAppNameOk returns a tuple with the AppName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetAppNameOk() (*string, bool) {
+	if o == nil || o.AppName == nil {
+		return nil, false
+	}
+	return o.AppName, true
+}
+
+// HasAppName returns a boolean if a field has been set.
+func (o *AppLink) HasAppName() bool {
+	if o != nil && o.AppName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppName gets a reference to the given string and assigns it to the AppName field.
+func (o *AppLink) SetAppName(v string) {
+	o.AppName = &v
+}
+
+// GetCredentialsSetup returns the CredentialsSetup field value if set, zero value otherwise.
+func (o *AppLink) GetCredentialsSetup() bool {
+	if o == nil || o.CredentialsSetup == nil {
+		var ret bool
+		return ret
+	}
+	return *o.CredentialsSetup
+}
+
+// GetCredentialsSetupOk returns a tuple with the CredentialsSetup field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetCredentialsSetupOk() (*bool, bool) {
+	if o == nil || o.CredentialsSetup == nil {
+		return nil, false
+	}
+	return o.CredentialsSetup, true
+}
+
+// HasCredentialsSetup returns a boolean if a field has been set.
+func (o *AppLink) HasCredentialsSetup() bool {
+	if o != nil && o.CredentialsSetup != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialsSetup gets a reference to the given bool and assigns it to the CredentialsSetup field.
+func (o *AppLink) SetCredentialsSetup(v bool) {
+	o.CredentialsSetup = &v
+}
+
+// GetHidden returns the Hidden field value if set, zero value otherwise.
+func (o *AppLink) GetHidden() bool {
+	if o == nil || o.Hidden == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Hidden
+}
+
+// GetHiddenOk returns a tuple with the Hidden field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetHiddenOk() (*bool, bool) {
+	if o == nil || o.Hidden == nil {
+		return nil, false
+	}
+	return o.Hidden, true
+}
+
+// HasHidden returns a boolean if a field has been set.
+func (o *AppLink) HasHidden() bool {
+	if o != nil && o.Hidden != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHidden gets a reference to the given bool and assigns it to the Hidden field.
+func (o *AppLink) SetHidden(v bool) {
+	o.Hidden = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *AppLink) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *AppLink) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *AppLink) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLabel returns the Label field value if set, zero value otherwise.
+func (o *AppLink) GetLabel() string {
+	if o == nil || o.Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetLabelOk() (*string, bool) {
+	if o == nil || o.Label == nil {
+		return nil, false
+	}
+	return o.Label, true
+}
+
+// HasLabel returns a boolean if a field has been set.
+func (o *AppLink) HasLabel() bool {
+	if o != nil && o.Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLabel gets a reference to the given string and assigns it to the Label field.
+func (o *AppLink) SetLabel(v string) {
+	o.Label = &v
+}
+
+// GetLinkUrl returns the LinkUrl field value if set, zero value otherwise.
+func (o *AppLink) GetLinkUrl() string {
+	if o == nil || o.LinkUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.LinkUrl
+}
+
+// GetLinkUrlOk returns a tuple with the LinkUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetLinkUrlOk() (*string, bool) {
+	if o == nil || o.LinkUrl == nil {
+		return nil, false
+	}
+	return o.LinkUrl, true
+}
+
+// HasLinkUrl returns a boolean if a field has been set.
+func (o *AppLink) HasLinkUrl() bool {
+	if o != nil && o.LinkUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinkUrl gets a reference to the given string and assigns it to the LinkUrl field.
+func (o *AppLink) SetLinkUrl(v string) {
+	o.LinkUrl = &v
+}
+
+// GetLogoUrl returns the LogoUrl field value if set, zero value otherwise.
+func (o *AppLink) GetLogoUrl() string {
+	if o == nil || o.LogoUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.LogoUrl
+}
+
+// GetLogoUrlOk returns a tuple with the LogoUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetLogoUrlOk() (*string, bool) {
+	if o == nil || o.LogoUrl == nil {
+		return nil, false
+	}
+	return o.LogoUrl, true
+}
+
+// HasLogoUrl returns a boolean if a field has been set.
+func (o *AppLink) HasLogoUrl() bool {
+	if o != nil && o.LogoUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogoUrl gets a reference to the given string and assigns it to the LogoUrl field.
+func (o *AppLink) SetLogoUrl(v string) {
+	o.LogoUrl = &v
+}
+
+// GetSortOrder returns the SortOrder field value if set, zero value otherwise.
+func (o *AppLink) GetSortOrder() int32 {
+	if o == nil || o.SortOrder == nil {
+		var ret int32
+		return ret
+	}
+	return *o.SortOrder
+}
+
+// GetSortOrderOk returns a tuple with the SortOrder field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppLink) GetSortOrderOk() (*int32, bool) {
+	if o == nil || o.SortOrder == nil {
+		return nil, false
+	}
+	return o.SortOrder, true
+}
+
+// HasSortOrder returns a boolean if a field has been set.
+func (o *AppLink) HasSortOrder() bool {
+	if o != nil && o.SortOrder != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSortOrder gets a reference to the given int32 and assigns it to the SortOrder field.
+func (o *AppLink) SetSortOrder(v int32) {
+	o.SortOrder = &v
+}
+
+func (o AppLink) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AppAssignmentId != nil {
+		toSerialize["appAssignmentId"] = o.AppAssignmentId
+	}
+	if o.AppInstanceId != nil {
+		toSerialize["appInstanceId"] = o.AppInstanceId
+	}
+	if o.AppName != nil {
+		toSerialize["appName"] = o.AppName
+	}
+	if o.CredentialsSetup != nil {
+		toSerialize["credentialsSetup"] = o.CredentialsSetup
+	}
+	if o.Hidden != nil {
+		toSerialize["hidden"] = o.Hidden
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Label != nil {
+		toSerialize["label"] = o.Label
+	}
+	if o.LinkUrl != nil {
+		toSerialize["linkUrl"] = o.LinkUrl
+	}
+	if o.LogoUrl != nil {
+		toSerialize["logoUrl"] = o.LogoUrl
+	}
+	if o.SortOrder != nil {
+		toSerialize["sortOrder"] = o.SortOrder
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AppLink) UnmarshalJSON(bytes []byte) (err error) {
+	varAppLink := _AppLink{}
+
+	err = json.Unmarshal(bytes, &varAppLink)
+	if err == nil {
+		*o = AppLink(varAppLink)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "appAssignmentId")
+		delete(additionalProperties, "appInstanceId")
+		delete(additionalProperties, "appName")
+		delete(additionalProperties, "credentialsSetup")
+		delete(additionalProperties, "hidden")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "linkUrl")
+		delete(additionalProperties, "logoUrl")
+		delete(additionalProperties, "sortOrder")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAppLink struct {
+	value *AppLink
+	isSet bool
+}
+
+func (v NullableAppLink) Get() *AppLink {
+	return v.value
+}
+
+func (v *NullableAppLink) Set(val *AppLink) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppLink) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppLink) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppLink(val *AppLink) *NullableAppLink {
+	return &NullableAppLink{value: val, isSet: true}
+}
+
+func (v NullableAppLink) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppLink) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_user.go b/okta/model_app_user.go
new file mode 100644
index 000000000..5780d058b
--- /dev/null
+++ b/okta/model_app_user.go
@@ -0,0 +1,640 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// AppUser struct for AppUser
+type AppUser struct {
+	Created              *time.Time                        `json:"created,omitempty"`
+	Credentials          *AppUserCredentials               `json:"credentials,omitempty"`
+	ExternalId           *string                           `json:"externalId,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastSync             *time.Time                        `json:"lastSync,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	PasswordChanged      *time.Time                        `json:"passwordChanged,omitempty"`
+	Profile              map[string]map[string]interface{} `json:"profile,omitempty"`
+	Scope                *string                           `json:"scope,omitempty"`
+	Status               *string                           `json:"status,omitempty"`
+	StatusChanged        *time.Time                        `json:"statusChanged,omitempty"`
+	SyncState            *string                           `json:"syncState,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AppUser AppUser
+
+// NewAppUser instantiates a new AppUser object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAppUser() *AppUser {
+	this := AppUser{}
+	return &this
+}
+
+// NewAppUserWithDefaults instantiates a new AppUser object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAppUserWithDefaults() *AppUser {
+	this := AppUser{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *AppUser) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *AppUser) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *AppUser) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *AppUser) GetCredentials() AppUserCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret AppUserCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetCredentialsOk() (*AppUserCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *AppUser) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given AppUserCredentials and assigns it to the Credentials field.
+func (o *AppUser) SetCredentials(v AppUserCredentials) {
+	o.Credentials = &v
+}
+
+// GetExternalId returns the ExternalId field value if set, zero value otherwise.
+func (o *AppUser) GetExternalId() string {
+	if o == nil || o.ExternalId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalId
+}
+
+// GetExternalIdOk returns a tuple with the ExternalId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetExternalIdOk() (*string, bool) {
+	if o == nil || o.ExternalId == nil {
+		return nil, false
+	}
+	return o.ExternalId, true
+}
+
+// HasExternalId returns a boolean if a field has been set.
+func (o *AppUser) HasExternalId() bool {
+	if o != nil && o.ExternalId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalId gets a reference to the given string and assigns it to the ExternalId field.
+func (o *AppUser) SetExternalId(v string) {
+	o.ExternalId = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *AppUser) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *AppUser) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *AppUser) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastSync returns the LastSync field value if set, zero value otherwise.
+func (o *AppUser) GetLastSync() time.Time {
+	if o == nil || o.LastSync == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastSync
+}
+
+// GetLastSyncOk returns a tuple with the LastSync field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetLastSyncOk() (*time.Time, bool) {
+	if o == nil || o.LastSync == nil {
+		return nil, false
+	}
+	return o.LastSync, true
+}
+
+// HasLastSync returns a boolean if a field has been set.
+func (o *AppUser) HasLastSync() bool {
+	if o != nil && o.LastSync != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastSync gets a reference to the given time.Time and assigns it to the LastSync field.
+func (o *AppUser) SetLastSync(v time.Time) {
+	o.LastSync = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *AppUser) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *AppUser) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *AppUser) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetPasswordChanged returns the PasswordChanged field value if set, zero value otherwise.
+func (o *AppUser) GetPasswordChanged() time.Time {
+	if o == nil || o.PasswordChanged == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.PasswordChanged
+}
+
+// GetPasswordChangedOk returns a tuple with the PasswordChanged field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetPasswordChangedOk() (*time.Time, bool) {
+	if o == nil || o.PasswordChanged == nil {
+		return nil, false
+	}
+	return o.PasswordChanged, true
+}
+
+// HasPasswordChanged returns a boolean if a field has been set.
+func (o *AppUser) HasPasswordChanged() bool {
+	if o != nil && o.PasswordChanged != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChanged gets a reference to the given time.Time and assigns it to the PasswordChanged field.
+func (o *AppUser) SetPasswordChanged(v time.Time) {
+	o.PasswordChanged = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *AppUser) GetProfile() map[string]map[string]interface{} {
+	if o == nil || o.Profile == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetProfileOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *AppUser) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given map[string]map[string]interface{} and assigns it to the Profile field.
+func (o *AppUser) SetProfile(v map[string]map[string]interface{}) {
+	o.Profile = v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *AppUser) GetScope() string {
+	if o == nil || o.Scope == nil {
+		var ret string
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetScopeOk() (*string, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *AppUser) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given string and assigns it to the Scope field.
+func (o *AppUser) SetScope(v string) {
+	o.Scope = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *AppUser) GetStatus() string {
+	if o == nil || o.Status == nil {
+		var ret string
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetStatusOk() (*string, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *AppUser) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given string and assigns it to the Status field.
+func (o *AppUser) SetStatus(v string) {
+	o.Status = &v
+}
+
+// GetStatusChanged returns the StatusChanged field value if set, zero value otherwise.
+func (o *AppUser) GetStatusChanged() time.Time {
+	if o == nil || o.StatusChanged == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.StatusChanged
+}
+
+// GetStatusChangedOk returns a tuple with the StatusChanged field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetStatusChangedOk() (*time.Time, bool) {
+	if o == nil || o.StatusChanged == nil {
+		return nil, false
+	}
+	return o.StatusChanged, true
+}
+
+// HasStatusChanged returns a boolean if a field has been set.
+func (o *AppUser) HasStatusChanged() bool {
+	if o != nil && o.StatusChanged != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatusChanged gets a reference to the given time.Time and assigns it to the StatusChanged field.
+func (o *AppUser) SetStatusChanged(v time.Time) {
+	o.StatusChanged = &v
+}
+
+// GetSyncState returns the SyncState field value if set, zero value otherwise.
+func (o *AppUser) GetSyncState() string {
+	if o == nil || o.SyncState == nil {
+		var ret string
+		return ret
+	}
+	return *o.SyncState
+}
+
+// GetSyncStateOk returns a tuple with the SyncState field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetSyncStateOk() (*string, bool) {
+	if o == nil || o.SyncState == nil {
+		return nil, false
+	}
+	return o.SyncState, true
+}
+
+// HasSyncState returns a boolean if a field has been set.
+func (o *AppUser) HasSyncState() bool {
+	if o != nil && o.SyncState != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSyncState gets a reference to the given string and assigns it to the SyncState field.
+func (o *AppUser) SetSyncState(v string) {
+	o.SyncState = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *AppUser) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *AppUser) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *AppUser) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *AppUser) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUser) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *AppUser) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *AppUser) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o AppUser) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.ExternalId != nil {
+		toSerialize["externalId"] = o.ExternalId
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastSync != nil {
+		toSerialize["lastSync"] = o.LastSync
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.PasswordChanged != nil {
+		toSerialize["passwordChanged"] = o.PasswordChanged
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.StatusChanged != nil {
+		toSerialize["statusChanged"] = o.StatusChanged
+	}
+	if o.SyncState != nil {
+		toSerialize["syncState"] = o.SyncState
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AppUser) UnmarshalJSON(bytes []byte) (err error) {
+	varAppUser := _AppUser{}
+
+	err = json.Unmarshal(bytes, &varAppUser)
+	if err == nil {
+		*o = AppUser(varAppUser)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "externalId")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastSync")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "passwordChanged")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "scope")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "statusChanged")
+		delete(additionalProperties, "syncState")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAppUser struct {
+	value *AppUser
+	isSet bool
+}
+
+func (v NullableAppUser) Get() *AppUser {
+	return v.value
+}
+
+func (v *NullableAppUser) Set(val *AppUser) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppUser) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppUser) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppUser(val *AppUser) *NullableAppUser {
+	return &NullableAppUser{value: val, isSet: true}
+}
+
+func (v NullableAppUser) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppUser) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_user_credentials.go b/okta/model_app_user_credentials.go
new file mode 100644
index 000000000..7354327fd
--- /dev/null
+++ b/okta/model_app_user_credentials.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AppUserCredentials struct for AppUserCredentials
+type AppUserCredentials struct {
+	Password             *AppUserPasswordCredential `json:"password,omitempty"`
+	UserName             *string                    `json:"userName,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AppUserCredentials AppUserCredentials
+
+// NewAppUserCredentials instantiates a new AppUserCredentials object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAppUserCredentials() *AppUserCredentials {
+	this := AppUserCredentials{}
+	return &this
+}
+
+// NewAppUserCredentialsWithDefaults instantiates a new AppUserCredentials object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAppUserCredentialsWithDefaults() *AppUserCredentials {
+	this := AppUserCredentials{}
+	return &this
+}
+
+// GetPassword returns the Password field value if set, zero value otherwise.
+func (o *AppUserCredentials) GetPassword() AppUserPasswordCredential {
+	if o == nil || o.Password == nil {
+		var ret AppUserPasswordCredential
+		return ret
+	}
+	return *o.Password
+}
+
+// GetPasswordOk returns a tuple with the Password field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUserCredentials) GetPasswordOk() (*AppUserPasswordCredential, bool) {
+	if o == nil || o.Password == nil {
+		return nil, false
+	}
+	return o.Password, true
+}
+
+// HasPassword returns a boolean if a field has been set.
+func (o *AppUserCredentials) HasPassword() bool {
+	if o != nil && o.Password != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassword gets a reference to the given AppUserPasswordCredential and assigns it to the Password field.
+func (o *AppUserCredentials) SetPassword(v AppUserPasswordCredential) {
+	o.Password = &v
+}
+
+// GetUserName returns the UserName field value if set, zero value otherwise.
+func (o *AppUserCredentials) GetUserName() string {
+	if o == nil || o.UserName == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUserCredentials) GetUserNameOk() (*string, bool) {
+	if o == nil || o.UserName == nil {
+		return nil, false
+	}
+	return o.UserName, true
+}
+
+// HasUserName returns a boolean if a field has been set.
+func (o *AppUserCredentials) HasUserName() bool {
+	if o != nil && o.UserName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserName gets a reference to the given string and assigns it to the UserName field.
+func (o *AppUserCredentials) SetUserName(v string) {
+	o.UserName = &v
+}
+
+func (o AppUserCredentials) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Password != nil {
+		toSerialize["password"] = o.Password
+	}
+	if o.UserName != nil {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AppUserCredentials) UnmarshalJSON(bytes []byte) (err error) {
+	varAppUserCredentials := _AppUserCredentials{}
+
+	err = json.Unmarshal(bytes, &varAppUserCredentials)
+	if err == nil {
+		*o = AppUserCredentials(varAppUserCredentials)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "password")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAppUserCredentials struct {
+	value *AppUserCredentials
+	isSet bool
+}
+
+func (v NullableAppUserCredentials) Get() *AppUserCredentials {
+	return v.value
+}
+
+func (v *NullableAppUserCredentials) Set(val *AppUserCredentials) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppUserCredentials) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppUserCredentials) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppUserCredentials(val *AppUserCredentials) *NullableAppUserCredentials {
+	return &NullableAppUserCredentials{value: val, isSet: true}
+}
+
+func (v NullableAppUserCredentials) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppUserCredentials) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_app_user_password_credential.go b/okta/model_app_user_password_credential.go
new file mode 100644
index 000000000..4b1aece55
--- /dev/null
+++ b/okta/model_app_user_password_credential.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AppUserPasswordCredential struct for AppUserPasswordCredential
+type AppUserPasswordCredential struct {
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AppUserPasswordCredential AppUserPasswordCredential
+
+// NewAppUserPasswordCredential instantiates a new AppUserPasswordCredential object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAppUserPasswordCredential() *AppUserPasswordCredential {
+	this := AppUserPasswordCredential{}
+	return &this
+}
+
+// NewAppUserPasswordCredentialWithDefaults instantiates a new AppUserPasswordCredential object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAppUserPasswordCredentialWithDefaults() *AppUserPasswordCredential {
+	this := AppUserPasswordCredential{}
+	return &this
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *AppUserPasswordCredential) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AppUserPasswordCredential) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *AppUserPasswordCredential) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *AppUserPasswordCredential) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o AppUserPasswordCredential) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AppUserPasswordCredential) UnmarshalJSON(bytes []byte) (err error) {
+	varAppUserPasswordCredential := _AppUserPasswordCredential{}
+
+	err = json.Unmarshal(bytes, &varAppUserPasswordCredential)
+	if err == nil {
+		*o = AppUserPasswordCredential(varAppUserPasswordCredential)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAppUserPasswordCredential struct {
+	value *AppUserPasswordCredential
+	isSet bool
+}
+
+func (v NullableAppUserPasswordCredential) Get() *AppUserPasswordCredential {
+	return v.value
+}
+
+func (v *NullableAppUserPasswordCredential) Set(val *AppUserPasswordCredential) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAppUserPasswordCredential) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAppUserPasswordCredential) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAppUserPasswordCredential(val *AppUserPasswordCredential) *NullableAppUserPasswordCredential {
+	return &NullableAppUserPasswordCredential{value: val, isSet: true}
+}
+
+func (v NullableAppUserPasswordCredential) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAppUserPasswordCredential) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application.go b/okta/model_application.go
new file mode 100644
index 000000000..ca1ada439
--- /dev/null
+++ b/okta/model_application.go
@@ -0,0 +1,603 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Application struct for Application
+type Application struct {
+	Accessibility        *ApplicationAccessibility         `json:"accessibility,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	Features             []string                          `json:"features,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Label                *string                           `json:"label,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Licensing            *ApplicationLicensing             `json:"licensing,omitempty"`
+	Profile              map[string]map[string]interface{} `json:"profile,omitempty"`
+	SignOnMode           *ApplicationSignOnMode            `json:"signOnMode,omitempty"`
+	Status               *ApplicationLifecycleStatus       `json:"status,omitempty"`
+	Visibility           *ApplicationVisibility            `json:"visibility,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                *ApplicationLinks                 `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Application Application
+
+// NewApplication instantiates a new Application object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplication() *Application {
+	this := Application{}
+	return &this
+}
+
+// NewApplicationWithDefaults instantiates a new Application object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationWithDefaults() *Application {
+	this := Application{}
+	return &this
+}
+
+// GetAccessibility returns the Accessibility field value if set, zero value otherwise.
+func (o *Application) GetAccessibility() ApplicationAccessibility {
+	if o == nil || o.Accessibility == nil {
+		var ret ApplicationAccessibility
+		return ret
+	}
+	return *o.Accessibility
+}
+
+// GetAccessibilityOk returns a tuple with the Accessibility field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetAccessibilityOk() (*ApplicationAccessibility, bool) {
+	if o == nil || o.Accessibility == nil {
+		return nil, false
+	}
+	return o.Accessibility, true
+}
+
+// HasAccessibility returns a boolean if a field has been set.
+func (o *Application) HasAccessibility() bool {
+	if o != nil && o.Accessibility != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccessibility gets a reference to the given ApplicationAccessibility and assigns it to the Accessibility field.
+func (o *Application) SetAccessibility(v ApplicationAccessibility) {
+	o.Accessibility = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Application) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Application) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Application) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetFeatures returns the Features field value if set, zero value otherwise.
+func (o *Application) GetFeatures() []string {
+	if o == nil || o.Features == nil {
+		var ret []string
+		return ret
+	}
+	return o.Features
+}
+
+// GetFeaturesOk returns a tuple with the Features field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetFeaturesOk() ([]string, bool) {
+	if o == nil || o.Features == nil {
+		return nil, false
+	}
+	return o.Features, true
+}
+
+// HasFeatures returns a boolean if a field has been set.
+func (o *Application) HasFeatures() bool {
+	if o != nil && o.Features != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFeatures gets a reference to the given []string and assigns it to the Features field.
+func (o *Application) SetFeatures(v []string) {
+	o.Features = v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Application) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Application) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Application) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLabel returns the Label field value if set, zero value otherwise.
+func (o *Application) GetLabel() string {
+	if o == nil || o.Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetLabelOk() (*string, bool) {
+	if o == nil || o.Label == nil {
+		return nil, false
+	}
+	return o.Label, true
+}
+
+// HasLabel returns a boolean if a field has been set.
+func (o *Application) HasLabel() bool {
+	if o != nil && o.Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLabel gets a reference to the given string and assigns it to the Label field.
+func (o *Application) SetLabel(v string) {
+	o.Label = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *Application) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *Application) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *Application) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLicensing returns the Licensing field value if set, zero value otherwise.
+func (o *Application) GetLicensing() ApplicationLicensing {
+	if o == nil || o.Licensing == nil {
+		var ret ApplicationLicensing
+		return ret
+	}
+	return *o.Licensing
+}
+
+// GetLicensingOk returns a tuple with the Licensing field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetLicensingOk() (*ApplicationLicensing, bool) {
+	if o == nil || o.Licensing == nil {
+		return nil, false
+	}
+	return o.Licensing, true
+}
+
+// HasLicensing returns a boolean if a field has been set.
+func (o *Application) HasLicensing() bool {
+	if o != nil && o.Licensing != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLicensing gets a reference to the given ApplicationLicensing and assigns it to the Licensing field.
+func (o *Application) SetLicensing(v ApplicationLicensing) {
+	o.Licensing = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *Application) GetProfile() map[string]map[string]interface{} {
+	if o == nil || o.Profile == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetProfileOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *Application) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given map[string]map[string]interface{} and assigns it to the Profile field.
+func (o *Application) SetProfile(v map[string]map[string]interface{}) {
+	o.Profile = v
+}
+
+// GetSignOnMode returns the SignOnMode field value if set, zero value otherwise.
+func (o *Application) GetSignOnMode() ApplicationSignOnMode {
+	if o == nil || o.SignOnMode == nil {
+		var ret ApplicationSignOnMode
+		return ret
+	}
+	return *o.SignOnMode
+}
+
+// GetSignOnModeOk returns a tuple with the SignOnMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetSignOnModeOk() (*ApplicationSignOnMode, bool) {
+	if o == nil || o.SignOnMode == nil {
+		return nil, false
+	}
+	return o.SignOnMode, true
+}
+
+// HasSignOnMode returns a boolean if a field has been set.
+func (o *Application) HasSignOnMode() bool {
+	if o != nil && o.SignOnMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignOnMode gets a reference to the given ApplicationSignOnMode and assigns it to the SignOnMode field.
+func (o *Application) SetSignOnMode(v ApplicationSignOnMode) {
+	o.SignOnMode = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Application) GetStatus() ApplicationLifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret ApplicationLifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetStatusOk() (*ApplicationLifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Application) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given ApplicationLifecycleStatus and assigns it to the Status field.
+func (o *Application) SetStatus(v ApplicationLifecycleStatus) {
+	o.Status = &v
+}
+
+// GetVisibility returns the Visibility field value if set, zero value otherwise.
+func (o *Application) GetVisibility() ApplicationVisibility {
+	if o == nil || o.Visibility == nil {
+		var ret ApplicationVisibility
+		return ret
+	}
+	return *o.Visibility
+}
+
+// GetVisibilityOk returns a tuple with the Visibility field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetVisibilityOk() (*ApplicationVisibility, bool) {
+	if o == nil || o.Visibility == nil {
+		return nil, false
+	}
+	return o.Visibility, true
+}
+
+// HasVisibility returns a boolean if a field has been set.
+func (o *Application) HasVisibility() bool {
+	if o != nil && o.Visibility != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVisibility gets a reference to the given ApplicationVisibility and assigns it to the Visibility field.
+func (o *Application) SetVisibility(v ApplicationVisibility) {
+	o.Visibility = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *Application) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *Application) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *Application) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Application) GetLinks() ApplicationLinks {
+	if o == nil || o.Links == nil {
+		var ret ApplicationLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Application) GetLinksOk() (*ApplicationLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Application) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ApplicationLinks and assigns it to the Links field.
+func (o *Application) SetLinks(v ApplicationLinks) {
+	o.Links = &v
+}
+
+func (o Application) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Accessibility != nil {
+		toSerialize["accessibility"] = o.Accessibility
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Features != nil {
+		toSerialize["features"] = o.Features
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Label != nil {
+		toSerialize["label"] = o.Label
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Licensing != nil {
+		toSerialize["licensing"] = o.Licensing
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.SignOnMode != nil {
+		toSerialize["signOnMode"] = o.SignOnMode
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Visibility != nil {
+		toSerialize["visibility"] = o.Visibility
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Application) UnmarshalJSON(bytes []byte) (err error) {
+	varApplication := _Application{}
+
+	err = json.Unmarshal(bytes, &varApplication)
+	if err == nil {
+		*o = Application(varApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "accessibility")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "features")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "licensing")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "signOnMode")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "visibility")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplication struct {
+	value *Application
+	isSet bool
+}
+
+func (v NullableApplication) Get() *Application {
+	return v.value
+}
+
+func (v *NullableApplication) Set(val *Application) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplication(val *Application) *NullableApplication {
+	return &NullableApplication{value: val, isSet: true}
+}
+
+func (v NullableApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_accessibility.go b/okta/model_application_accessibility.go
new file mode 100644
index 000000000..3e7dbc525
--- /dev/null
+++ b/okta/model_application_accessibility.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationAccessibility struct for ApplicationAccessibility
+type ApplicationAccessibility struct {
+	ErrorRedirectUrl     *string `json:"errorRedirectUrl,omitempty"`
+	LoginRedirectUrl     *string `json:"loginRedirectUrl,omitempty"`
+	SelfService          *bool   `json:"selfService,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationAccessibility ApplicationAccessibility
+
+// NewApplicationAccessibility instantiates a new ApplicationAccessibility object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationAccessibility() *ApplicationAccessibility {
+	this := ApplicationAccessibility{}
+	return &this
+}
+
+// NewApplicationAccessibilityWithDefaults instantiates a new ApplicationAccessibility object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationAccessibilityWithDefaults() *ApplicationAccessibility {
+	this := ApplicationAccessibility{}
+	return &this
+}
+
+// GetErrorRedirectUrl returns the ErrorRedirectUrl field value if set, zero value otherwise.
+func (o *ApplicationAccessibility) GetErrorRedirectUrl() string {
+	if o == nil || o.ErrorRedirectUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.ErrorRedirectUrl
+}
+
+// GetErrorRedirectUrlOk returns a tuple with the ErrorRedirectUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationAccessibility) GetErrorRedirectUrlOk() (*string, bool) {
+	if o == nil || o.ErrorRedirectUrl == nil {
+		return nil, false
+	}
+	return o.ErrorRedirectUrl, true
+}
+
+// HasErrorRedirectUrl returns a boolean if a field has been set.
+func (o *ApplicationAccessibility) HasErrorRedirectUrl() bool {
+	if o != nil && o.ErrorRedirectUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorRedirectUrl gets a reference to the given string and assigns it to the ErrorRedirectUrl field.
+func (o *ApplicationAccessibility) SetErrorRedirectUrl(v string) {
+	o.ErrorRedirectUrl = &v
+}
+
+// GetLoginRedirectUrl returns the LoginRedirectUrl field value if set, zero value otherwise.
+func (o *ApplicationAccessibility) GetLoginRedirectUrl() string {
+	if o == nil || o.LoginRedirectUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.LoginRedirectUrl
+}
+
+// GetLoginRedirectUrlOk returns a tuple with the LoginRedirectUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationAccessibility) GetLoginRedirectUrlOk() (*string, bool) {
+	if o == nil || o.LoginRedirectUrl == nil {
+		return nil, false
+	}
+	return o.LoginRedirectUrl, true
+}
+
+// HasLoginRedirectUrl returns a boolean if a field has been set.
+func (o *ApplicationAccessibility) HasLoginRedirectUrl() bool {
+	if o != nil && o.LoginRedirectUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLoginRedirectUrl gets a reference to the given string and assigns it to the LoginRedirectUrl field.
+func (o *ApplicationAccessibility) SetLoginRedirectUrl(v string) {
+	o.LoginRedirectUrl = &v
+}
+
+// GetSelfService returns the SelfService field value if set, zero value otherwise.
+func (o *ApplicationAccessibility) GetSelfService() bool {
+	if o == nil || o.SelfService == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SelfService
+}
+
+// GetSelfServiceOk returns a tuple with the SelfService field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationAccessibility) GetSelfServiceOk() (*bool, bool) {
+	if o == nil || o.SelfService == nil {
+		return nil, false
+	}
+	return o.SelfService, true
+}
+
+// HasSelfService returns a boolean if a field has been set.
+func (o *ApplicationAccessibility) HasSelfService() bool {
+	if o != nil && o.SelfService != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfService gets a reference to the given bool and assigns it to the SelfService field.
+func (o *ApplicationAccessibility) SetSelfService(v bool) {
+	o.SelfService = &v
+}
+
+func (o ApplicationAccessibility) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ErrorRedirectUrl != nil {
+		toSerialize["errorRedirectUrl"] = o.ErrorRedirectUrl
+	}
+	if o.LoginRedirectUrl != nil {
+		toSerialize["loginRedirectUrl"] = o.LoginRedirectUrl
+	}
+	if o.SelfService != nil {
+		toSerialize["selfService"] = o.SelfService
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationAccessibility) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationAccessibility := _ApplicationAccessibility{}
+
+	err = json.Unmarshal(bytes, &varApplicationAccessibility)
+	if err == nil {
+		*o = ApplicationAccessibility(varApplicationAccessibility)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "errorRedirectUrl")
+		delete(additionalProperties, "loginRedirectUrl")
+		delete(additionalProperties, "selfService")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationAccessibility struct {
+	value *ApplicationAccessibility
+	isSet bool
+}
+
+func (v NullableApplicationAccessibility) Get() *ApplicationAccessibility {
+	return v.value
+}
+
+func (v *NullableApplicationAccessibility) Set(val *ApplicationAccessibility) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationAccessibility) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationAccessibility) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationAccessibility(val *ApplicationAccessibility) *NullableApplicationAccessibility {
+	return &NullableApplicationAccessibility{value: val, isSet: true}
+}
+
+func (v NullableApplicationAccessibility) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationAccessibility) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_credentials.go b/okta/model_application_credentials.go
new file mode 100644
index 000000000..86223efe4
--- /dev/null
+++ b/okta/model_application_credentials.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationCredentials struct for ApplicationCredentials
+type ApplicationCredentials struct {
+	Signing              *ApplicationCredentialsSigning          `json:"signing,omitempty"`
+	UserNameTemplate     *ApplicationCredentialsUsernameTemplate `json:"userNameTemplate,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationCredentials ApplicationCredentials
+
+// NewApplicationCredentials instantiates a new ApplicationCredentials object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationCredentials() *ApplicationCredentials {
+	this := ApplicationCredentials{}
+	return &this
+}
+
+// NewApplicationCredentialsWithDefaults instantiates a new ApplicationCredentials object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationCredentialsWithDefaults() *ApplicationCredentials {
+	this := ApplicationCredentials{}
+	return &this
+}
+
+// GetSigning returns the Signing field value if set, zero value otherwise.
+func (o *ApplicationCredentials) GetSigning() ApplicationCredentialsSigning {
+	if o == nil || o.Signing == nil {
+		var ret ApplicationCredentialsSigning
+		return ret
+	}
+	return *o.Signing
+}
+
+// GetSigningOk returns a tuple with the Signing field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentials) GetSigningOk() (*ApplicationCredentialsSigning, bool) {
+	if o == nil || o.Signing == nil {
+		return nil, false
+	}
+	return o.Signing, true
+}
+
+// HasSigning returns a boolean if a field has been set.
+func (o *ApplicationCredentials) HasSigning() bool {
+	if o != nil && o.Signing != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSigning gets a reference to the given ApplicationCredentialsSigning and assigns it to the Signing field.
+func (o *ApplicationCredentials) SetSigning(v ApplicationCredentialsSigning) {
+	o.Signing = &v
+}
+
+// GetUserNameTemplate returns the UserNameTemplate field value if set, zero value otherwise.
+func (o *ApplicationCredentials) GetUserNameTemplate() ApplicationCredentialsUsernameTemplate {
+	if o == nil || o.UserNameTemplate == nil {
+		var ret ApplicationCredentialsUsernameTemplate
+		return ret
+	}
+	return *o.UserNameTemplate
+}
+
+// GetUserNameTemplateOk returns a tuple with the UserNameTemplate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentials) GetUserNameTemplateOk() (*ApplicationCredentialsUsernameTemplate, bool) {
+	if o == nil || o.UserNameTemplate == nil {
+		return nil, false
+	}
+	return o.UserNameTemplate, true
+}
+
+// HasUserNameTemplate returns a boolean if a field has been set.
+func (o *ApplicationCredentials) HasUserNameTemplate() bool {
+	if o != nil && o.UserNameTemplate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserNameTemplate gets a reference to the given ApplicationCredentialsUsernameTemplate and assigns it to the UserNameTemplate field.
+func (o *ApplicationCredentials) SetUserNameTemplate(v ApplicationCredentialsUsernameTemplate) {
+	o.UserNameTemplate = &v
+}
+
+func (o ApplicationCredentials) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Signing != nil {
+		toSerialize["signing"] = o.Signing
+	}
+	if o.UserNameTemplate != nil {
+		toSerialize["userNameTemplate"] = o.UserNameTemplate
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationCredentials) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationCredentials := _ApplicationCredentials{}
+
+	err = json.Unmarshal(bytes, &varApplicationCredentials)
+	if err == nil {
+		*o = ApplicationCredentials(varApplicationCredentials)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signing")
+		delete(additionalProperties, "userNameTemplate")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationCredentials struct {
+	value *ApplicationCredentials
+	isSet bool
+}
+
+func (v NullableApplicationCredentials) Get() *ApplicationCredentials {
+	return v.value
+}
+
+func (v *NullableApplicationCredentials) Set(val *ApplicationCredentials) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationCredentials) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationCredentials) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationCredentials(val *ApplicationCredentials) *NullableApplicationCredentials {
+	return &NullableApplicationCredentials{value: val, isSet: true}
+}
+
+func (v NullableApplicationCredentials) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationCredentials) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_credentials_o_auth_client.go b/okta/model_application_credentials_o_auth_client.go
new file mode 100644
index 000000000..eca06f51b
--- /dev/null
+++ b/okta/model_application_credentials_o_auth_client.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationCredentialsOAuthClient struct for ApplicationCredentialsOAuthClient
+type ApplicationCredentialsOAuthClient struct {
+	AutoKeyRotation         *bool                              `json:"autoKeyRotation,omitempty"`
+	ClientId                *string                            `json:"client_id,omitempty"`
+	ClientSecret            *string                            `json:"client_secret,omitempty"`
+	TokenEndpointAuthMethod *OAuthEndpointAuthenticationMethod `json:"token_endpoint_auth_method,omitempty"`
+	AdditionalProperties    map[string]interface{}
+}
+
+type _ApplicationCredentialsOAuthClient ApplicationCredentialsOAuthClient
+
+// NewApplicationCredentialsOAuthClient instantiates a new ApplicationCredentialsOAuthClient object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationCredentialsOAuthClient() *ApplicationCredentialsOAuthClient {
+	this := ApplicationCredentialsOAuthClient{}
+	return &this
+}
+
+// NewApplicationCredentialsOAuthClientWithDefaults instantiates a new ApplicationCredentialsOAuthClient object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationCredentialsOAuthClientWithDefaults() *ApplicationCredentialsOAuthClient {
+	this := ApplicationCredentialsOAuthClient{}
+	return &this
+}
+
+// GetAutoKeyRotation returns the AutoKeyRotation field value if set, zero value otherwise.
+func (o *ApplicationCredentialsOAuthClient) GetAutoKeyRotation() bool {
+	if o == nil || o.AutoKeyRotation == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AutoKeyRotation
+}
+
+// GetAutoKeyRotationOk returns a tuple with the AutoKeyRotation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsOAuthClient) GetAutoKeyRotationOk() (*bool, bool) {
+	if o == nil || o.AutoKeyRotation == nil {
+		return nil, false
+	}
+	return o.AutoKeyRotation, true
+}
+
+// HasAutoKeyRotation returns a boolean if a field has been set.
+func (o *ApplicationCredentialsOAuthClient) HasAutoKeyRotation() bool {
+	if o != nil && o.AutoKeyRotation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAutoKeyRotation gets a reference to the given bool and assigns it to the AutoKeyRotation field.
+func (o *ApplicationCredentialsOAuthClient) SetAutoKeyRotation(v bool) {
+	o.AutoKeyRotation = &v
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *ApplicationCredentialsOAuthClient) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsOAuthClient) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *ApplicationCredentialsOAuthClient) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *ApplicationCredentialsOAuthClient) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetClientSecret returns the ClientSecret field value if set, zero value otherwise.
+func (o *ApplicationCredentialsOAuthClient) GetClientSecret() string {
+	if o == nil || o.ClientSecret == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientSecret
+}
+
+// GetClientSecretOk returns a tuple with the ClientSecret field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsOAuthClient) GetClientSecretOk() (*string, bool) {
+	if o == nil || o.ClientSecret == nil {
+		return nil, false
+	}
+	return o.ClientSecret, true
+}
+
+// HasClientSecret returns a boolean if a field has been set.
+func (o *ApplicationCredentialsOAuthClient) HasClientSecret() bool {
+	if o != nil && o.ClientSecret != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientSecret gets a reference to the given string and assigns it to the ClientSecret field.
+func (o *ApplicationCredentialsOAuthClient) SetClientSecret(v string) {
+	o.ClientSecret = &v
+}
+
+// GetTokenEndpointAuthMethod returns the TokenEndpointAuthMethod field value if set, zero value otherwise.
+func (o *ApplicationCredentialsOAuthClient) GetTokenEndpointAuthMethod() OAuthEndpointAuthenticationMethod {
+	if o == nil || o.TokenEndpointAuthMethod == nil {
+		var ret OAuthEndpointAuthenticationMethod
+		return ret
+	}
+	return *o.TokenEndpointAuthMethod
+}
+
+// GetTokenEndpointAuthMethodOk returns a tuple with the TokenEndpointAuthMethod field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsOAuthClient) GetTokenEndpointAuthMethodOk() (*OAuthEndpointAuthenticationMethod, bool) {
+	if o == nil || o.TokenEndpointAuthMethod == nil {
+		return nil, false
+	}
+	return o.TokenEndpointAuthMethod, true
+}
+
+// HasTokenEndpointAuthMethod returns a boolean if a field has been set.
+func (o *ApplicationCredentialsOAuthClient) HasTokenEndpointAuthMethod() bool {
+	if o != nil && o.TokenEndpointAuthMethod != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenEndpointAuthMethod gets a reference to the given OAuthEndpointAuthenticationMethod and assigns it to the TokenEndpointAuthMethod field.
+func (o *ApplicationCredentialsOAuthClient) SetTokenEndpointAuthMethod(v OAuthEndpointAuthenticationMethod) {
+	o.TokenEndpointAuthMethod = &v
+}
+
+func (o ApplicationCredentialsOAuthClient) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AutoKeyRotation != nil {
+		toSerialize["autoKeyRotation"] = o.AutoKeyRotation
+	}
+	if o.ClientId != nil {
+		toSerialize["client_id"] = o.ClientId
+	}
+	if o.ClientSecret != nil {
+		toSerialize["client_secret"] = o.ClientSecret
+	}
+	if o.TokenEndpointAuthMethod != nil {
+		toSerialize["token_endpoint_auth_method"] = o.TokenEndpointAuthMethod
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationCredentialsOAuthClient) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationCredentialsOAuthClient := _ApplicationCredentialsOAuthClient{}
+
+	err = json.Unmarshal(bytes, &varApplicationCredentialsOAuthClient)
+	if err == nil {
+		*o = ApplicationCredentialsOAuthClient(varApplicationCredentialsOAuthClient)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "autoKeyRotation")
+		delete(additionalProperties, "client_id")
+		delete(additionalProperties, "client_secret")
+		delete(additionalProperties, "token_endpoint_auth_method")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationCredentialsOAuthClient struct {
+	value *ApplicationCredentialsOAuthClient
+	isSet bool
+}
+
+func (v NullableApplicationCredentialsOAuthClient) Get() *ApplicationCredentialsOAuthClient {
+	return v.value
+}
+
+func (v *NullableApplicationCredentialsOAuthClient) Set(val *ApplicationCredentialsOAuthClient) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationCredentialsOAuthClient) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationCredentialsOAuthClient) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationCredentialsOAuthClient(val *ApplicationCredentialsOAuthClient) *NullableApplicationCredentialsOAuthClient {
+	return &NullableApplicationCredentialsOAuthClient{value: val, isSet: true}
+}
+
+func (v NullableApplicationCredentialsOAuthClient) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationCredentialsOAuthClient) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_credentials_scheme.go b/okta/model_application_credentials_scheme.go
new file mode 100644
index 000000000..bf7171e4b
--- /dev/null
+++ b/okta/model_application_credentials_scheme.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ApplicationCredentialsScheme the model 'ApplicationCredentialsScheme'
+type ApplicationCredentialsScheme string
+
+// List of ApplicationCredentialsScheme
+const (
+	APPLICATIONCREDENTIALSSCHEME_ADMIN_SETS_CREDENTIALS       ApplicationCredentialsScheme = "ADMIN_SETS_CREDENTIALS"
+	APPLICATIONCREDENTIALSSCHEME_EDIT_PASSWORD_ONLY           ApplicationCredentialsScheme = "EDIT_PASSWORD_ONLY"
+	APPLICATIONCREDENTIALSSCHEME_EDIT_USERNAME_AND_PASSWORD   ApplicationCredentialsScheme = "EDIT_USERNAME_AND_PASSWORD"
+	APPLICATIONCREDENTIALSSCHEME_EXTERNAL_PASSWORD_SYNC       ApplicationCredentialsScheme = "EXTERNAL_PASSWORD_SYNC"
+	APPLICATIONCREDENTIALSSCHEME_SHARED_USERNAME_AND_PASSWORD ApplicationCredentialsScheme = "SHARED_USERNAME_AND_PASSWORD"
+)
+
+// All allowed values of ApplicationCredentialsScheme enum
+var AllowedApplicationCredentialsSchemeEnumValues = []ApplicationCredentialsScheme{
+	"ADMIN_SETS_CREDENTIALS",
+	"EDIT_PASSWORD_ONLY",
+	"EDIT_USERNAME_AND_PASSWORD",
+	"EXTERNAL_PASSWORD_SYNC",
+	"SHARED_USERNAME_AND_PASSWORD",
+}
+
+func (v *ApplicationCredentialsScheme) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ApplicationCredentialsScheme(value)
+	for _, existing := range AllowedApplicationCredentialsSchemeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ApplicationCredentialsScheme", value)
+}
+
+// NewApplicationCredentialsSchemeFromValue returns a pointer to a valid ApplicationCredentialsScheme
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewApplicationCredentialsSchemeFromValue(v string) (*ApplicationCredentialsScheme, error) {
+	ev := ApplicationCredentialsScheme(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ApplicationCredentialsScheme: valid values are %v", v, AllowedApplicationCredentialsSchemeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ApplicationCredentialsScheme) IsValid() bool {
+	for _, existing := range AllowedApplicationCredentialsSchemeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ApplicationCredentialsScheme value
+func (v ApplicationCredentialsScheme) Ptr() *ApplicationCredentialsScheme {
+	return &v
+}
+
+type NullableApplicationCredentialsScheme struct {
+	value *ApplicationCredentialsScheme
+	isSet bool
+}
+
+func (v NullableApplicationCredentialsScheme) Get() *ApplicationCredentialsScheme {
+	return v.value
+}
+
+func (v *NullableApplicationCredentialsScheme) Set(val *ApplicationCredentialsScheme) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationCredentialsScheme) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationCredentialsScheme) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationCredentialsScheme(val *ApplicationCredentialsScheme) *NullableApplicationCredentialsScheme {
+	return &NullableApplicationCredentialsScheme{value: val, isSet: true}
+}
+
+func (v NullableApplicationCredentialsScheme) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationCredentialsScheme) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_credentials_signing.go b/okta/model_application_credentials_signing.go
new file mode 100644
index 000000000..fb173c276
--- /dev/null
+++ b/okta/model_application_credentials_signing.go
@@ -0,0 +1,307 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ApplicationCredentialsSigning struct for ApplicationCredentialsSigning
+type ApplicationCredentialsSigning struct {
+	Kid                  *string                           `json:"kid,omitempty"`
+	LastRotated          *time.Time                        `json:"lastRotated,omitempty"`
+	NextRotation         *time.Time                        `json:"nextRotation,omitempty"`
+	RotationMode         *string                           `json:"rotationMode,omitempty"`
+	Use                  *ApplicationCredentialsSigningUse `json:"use,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationCredentialsSigning ApplicationCredentialsSigning
+
+// NewApplicationCredentialsSigning instantiates a new ApplicationCredentialsSigning object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationCredentialsSigning() *ApplicationCredentialsSigning {
+	this := ApplicationCredentialsSigning{}
+	return &this
+}
+
+// NewApplicationCredentialsSigningWithDefaults instantiates a new ApplicationCredentialsSigning object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationCredentialsSigningWithDefaults() *ApplicationCredentialsSigning {
+	this := ApplicationCredentialsSigning{}
+	return &this
+}
+
+// GetKid returns the Kid field value if set, zero value otherwise.
+func (o *ApplicationCredentialsSigning) GetKid() string {
+	if o == nil || o.Kid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Kid
+}
+
+// GetKidOk returns a tuple with the Kid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsSigning) GetKidOk() (*string, bool) {
+	if o == nil || o.Kid == nil {
+		return nil, false
+	}
+	return o.Kid, true
+}
+
+// HasKid returns a boolean if a field has been set.
+func (o *ApplicationCredentialsSigning) HasKid() bool {
+	if o != nil && o.Kid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKid gets a reference to the given string and assigns it to the Kid field.
+func (o *ApplicationCredentialsSigning) SetKid(v string) {
+	o.Kid = &v
+}
+
+// GetLastRotated returns the LastRotated field value if set, zero value otherwise.
+func (o *ApplicationCredentialsSigning) GetLastRotated() time.Time {
+	if o == nil || o.LastRotated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastRotated
+}
+
+// GetLastRotatedOk returns a tuple with the LastRotated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsSigning) GetLastRotatedOk() (*time.Time, bool) {
+	if o == nil || o.LastRotated == nil {
+		return nil, false
+	}
+	return o.LastRotated, true
+}
+
+// HasLastRotated returns a boolean if a field has been set.
+func (o *ApplicationCredentialsSigning) HasLastRotated() bool {
+	if o != nil && o.LastRotated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastRotated gets a reference to the given time.Time and assigns it to the LastRotated field.
+func (o *ApplicationCredentialsSigning) SetLastRotated(v time.Time) {
+	o.LastRotated = &v
+}
+
+// GetNextRotation returns the NextRotation field value if set, zero value otherwise.
+func (o *ApplicationCredentialsSigning) GetNextRotation() time.Time {
+	if o == nil || o.NextRotation == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.NextRotation
+}
+
+// GetNextRotationOk returns a tuple with the NextRotation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsSigning) GetNextRotationOk() (*time.Time, bool) {
+	if o == nil || o.NextRotation == nil {
+		return nil, false
+	}
+	return o.NextRotation, true
+}
+
+// HasNextRotation returns a boolean if a field has been set.
+func (o *ApplicationCredentialsSigning) HasNextRotation() bool {
+	if o != nil && o.NextRotation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNextRotation gets a reference to the given time.Time and assigns it to the NextRotation field.
+func (o *ApplicationCredentialsSigning) SetNextRotation(v time.Time) {
+	o.NextRotation = &v
+}
+
+// GetRotationMode returns the RotationMode field value if set, zero value otherwise.
+func (o *ApplicationCredentialsSigning) GetRotationMode() string {
+	if o == nil || o.RotationMode == nil {
+		var ret string
+		return ret
+	}
+	return *o.RotationMode
+}
+
+// GetRotationModeOk returns a tuple with the RotationMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsSigning) GetRotationModeOk() (*string, bool) {
+	if o == nil || o.RotationMode == nil {
+		return nil, false
+	}
+	return o.RotationMode, true
+}
+
+// HasRotationMode returns a boolean if a field has been set.
+func (o *ApplicationCredentialsSigning) HasRotationMode() bool {
+	if o != nil && o.RotationMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRotationMode gets a reference to the given string and assigns it to the RotationMode field.
+func (o *ApplicationCredentialsSigning) SetRotationMode(v string) {
+	o.RotationMode = &v
+}
+
+// GetUse returns the Use field value if set, zero value otherwise.
+func (o *ApplicationCredentialsSigning) GetUse() ApplicationCredentialsSigningUse {
+	if o == nil || o.Use == nil {
+		var ret ApplicationCredentialsSigningUse
+		return ret
+	}
+	return *o.Use
+}
+
+// GetUseOk returns a tuple with the Use field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsSigning) GetUseOk() (*ApplicationCredentialsSigningUse, bool) {
+	if o == nil || o.Use == nil {
+		return nil, false
+	}
+	return o.Use, true
+}
+
+// HasUse returns a boolean if a field has been set.
+func (o *ApplicationCredentialsSigning) HasUse() bool {
+	if o != nil && o.Use != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUse gets a reference to the given ApplicationCredentialsSigningUse and assigns it to the Use field.
+func (o *ApplicationCredentialsSigning) SetUse(v ApplicationCredentialsSigningUse) {
+	o.Use = &v
+}
+
+func (o ApplicationCredentialsSigning) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Kid != nil {
+		toSerialize["kid"] = o.Kid
+	}
+	if o.LastRotated != nil {
+		toSerialize["lastRotated"] = o.LastRotated
+	}
+	if o.NextRotation != nil {
+		toSerialize["nextRotation"] = o.NextRotation
+	}
+	if o.RotationMode != nil {
+		toSerialize["rotationMode"] = o.RotationMode
+	}
+	if o.Use != nil {
+		toSerialize["use"] = o.Use
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationCredentialsSigning) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationCredentialsSigning := _ApplicationCredentialsSigning{}
+
+	err = json.Unmarshal(bytes, &varApplicationCredentialsSigning)
+	if err == nil {
+		*o = ApplicationCredentialsSigning(varApplicationCredentialsSigning)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "kid")
+		delete(additionalProperties, "lastRotated")
+		delete(additionalProperties, "nextRotation")
+		delete(additionalProperties, "rotationMode")
+		delete(additionalProperties, "use")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationCredentialsSigning struct {
+	value *ApplicationCredentialsSigning
+	isSet bool
+}
+
+func (v NullableApplicationCredentialsSigning) Get() *ApplicationCredentialsSigning {
+	return v.value
+}
+
+func (v *NullableApplicationCredentialsSigning) Set(val *ApplicationCredentialsSigning) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationCredentialsSigning) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationCredentialsSigning) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationCredentialsSigning(val *ApplicationCredentialsSigning) *NullableApplicationCredentialsSigning {
+	return &NullableApplicationCredentialsSigning{value: val, isSet: true}
+}
+
+func (v NullableApplicationCredentialsSigning) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationCredentialsSigning) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_credentials_signing_use.go b/okta/model_application_credentials_signing_use.go
new file mode 100644
index 000000000..ada980c58
--- /dev/null
+++ b/okta/model_application_credentials_signing_use.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ApplicationCredentialsSigningUse the model 'ApplicationCredentialsSigningUse'
+type ApplicationCredentialsSigningUse string
+
+// List of ApplicationCredentialsSigningUse
+const (
+	APPLICATIONCREDENTIALSSIGNINGUSE_SIG ApplicationCredentialsSigningUse = "sig"
+)
+
+// All allowed values of ApplicationCredentialsSigningUse enum
+var AllowedApplicationCredentialsSigningUseEnumValues = []ApplicationCredentialsSigningUse{
+	"sig",
+}
+
+func (v *ApplicationCredentialsSigningUse) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ApplicationCredentialsSigningUse(value)
+	for _, existing := range AllowedApplicationCredentialsSigningUseEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ApplicationCredentialsSigningUse", value)
+}
+
+// NewApplicationCredentialsSigningUseFromValue returns a pointer to a valid ApplicationCredentialsSigningUse
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewApplicationCredentialsSigningUseFromValue(v string) (*ApplicationCredentialsSigningUse, error) {
+	ev := ApplicationCredentialsSigningUse(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ApplicationCredentialsSigningUse: valid values are %v", v, AllowedApplicationCredentialsSigningUseEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ApplicationCredentialsSigningUse) IsValid() bool {
+	for _, existing := range AllowedApplicationCredentialsSigningUseEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ApplicationCredentialsSigningUse value
+func (v ApplicationCredentialsSigningUse) Ptr() *ApplicationCredentialsSigningUse {
+	return &v
+}
+
+type NullableApplicationCredentialsSigningUse struct {
+	value *ApplicationCredentialsSigningUse
+	isSet bool
+}
+
+func (v NullableApplicationCredentialsSigningUse) Get() *ApplicationCredentialsSigningUse {
+	return v.value
+}
+
+func (v *NullableApplicationCredentialsSigningUse) Set(val *ApplicationCredentialsSigningUse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationCredentialsSigningUse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationCredentialsSigningUse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationCredentialsSigningUse(val *ApplicationCredentialsSigningUse) *NullableApplicationCredentialsSigningUse {
+	return &NullableApplicationCredentialsSigningUse{value: val, isSet: true}
+}
+
+func (v NullableApplicationCredentialsSigningUse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationCredentialsSigningUse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_credentials_username_template.go b/okta/model_application_credentials_username_template.go
new file mode 100644
index 000000000..de64ad08e
--- /dev/null
+++ b/okta/model_application_credentials_username_template.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationCredentialsUsernameTemplate struct for ApplicationCredentialsUsernameTemplate
+type ApplicationCredentialsUsernameTemplate struct {
+	PushStatus           *string `json:"pushStatus,omitempty"`
+	Template             *string `json:"template,omitempty"`
+	Type                 *string `json:"type,omitempty"`
+	UserSuffix           *string `json:"userSuffix,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationCredentialsUsernameTemplate ApplicationCredentialsUsernameTemplate
+
+// NewApplicationCredentialsUsernameTemplate instantiates a new ApplicationCredentialsUsernameTemplate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationCredentialsUsernameTemplate() *ApplicationCredentialsUsernameTemplate {
+	this := ApplicationCredentialsUsernameTemplate{}
+	return &this
+}
+
+// NewApplicationCredentialsUsernameTemplateWithDefaults instantiates a new ApplicationCredentialsUsernameTemplate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationCredentialsUsernameTemplateWithDefaults() *ApplicationCredentialsUsernameTemplate {
+	this := ApplicationCredentialsUsernameTemplate{}
+	return &this
+}
+
+// GetPushStatus returns the PushStatus field value if set, zero value otherwise.
+func (o *ApplicationCredentialsUsernameTemplate) GetPushStatus() string {
+	if o == nil || o.PushStatus == nil {
+		var ret string
+		return ret
+	}
+	return *o.PushStatus
+}
+
+// GetPushStatusOk returns a tuple with the PushStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsUsernameTemplate) GetPushStatusOk() (*string, bool) {
+	if o == nil || o.PushStatus == nil {
+		return nil, false
+	}
+	return o.PushStatus, true
+}
+
+// HasPushStatus returns a boolean if a field has been set.
+func (o *ApplicationCredentialsUsernameTemplate) HasPushStatus() bool {
+	if o != nil && o.PushStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPushStatus gets a reference to the given string and assigns it to the PushStatus field.
+func (o *ApplicationCredentialsUsernameTemplate) SetPushStatus(v string) {
+	o.PushStatus = &v
+}
+
+// GetTemplate returns the Template field value if set, zero value otherwise.
+func (o *ApplicationCredentialsUsernameTemplate) GetTemplate() string {
+	if o == nil || o.Template == nil {
+		var ret string
+		return ret
+	}
+	return *o.Template
+}
+
+// GetTemplateOk returns a tuple with the Template field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsUsernameTemplate) GetTemplateOk() (*string, bool) {
+	if o == nil || o.Template == nil {
+		return nil, false
+	}
+	return o.Template, true
+}
+
+// HasTemplate returns a boolean if a field has been set.
+func (o *ApplicationCredentialsUsernameTemplate) HasTemplate() bool {
+	if o != nil && o.Template != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTemplate gets a reference to the given string and assigns it to the Template field.
+func (o *ApplicationCredentialsUsernameTemplate) SetTemplate(v string) {
+	o.Template = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *ApplicationCredentialsUsernameTemplate) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsUsernameTemplate) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *ApplicationCredentialsUsernameTemplate) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *ApplicationCredentialsUsernameTemplate) SetType(v string) {
+	o.Type = &v
+}
+
+// GetUserSuffix returns the UserSuffix field value if set, zero value otherwise.
+func (o *ApplicationCredentialsUsernameTemplate) GetUserSuffix() string {
+	if o == nil || o.UserSuffix == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserSuffix
+}
+
+// GetUserSuffixOk returns a tuple with the UserSuffix field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationCredentialsUsernameTemplate) GetUserSuffixOk() (*string, bool) {
+	if o == nil || o.UserSuffix == nil {
+		return nil, false
+	}
+	return o.UserSuffix, true
+}
+
+// HasUserSuffix returns a boolean if a field has been set.
+func (o *ApplicationCredentialsUsernameTemplate) HasUserSuffix() bool {
+	if o != nil && o.UserSuffix != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserSuffix gets a reference to the given string and assigns it to the UserSuffix field.
+func (o *ApplicationCredentialsUsernameTemplate) SetUserSuffix(v string) {
+	o.UserSuffix = &v
+}
+
+func (o ApplicationCredentialsUsernameTemplate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.PushStatus != nil {
+		toSerialize["pushStatus"] = o.PushStatus
+	}
+	if o.Template != nil {
+		toSerialize["template"] = o.Template
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.UserSuffix != nil {
+		toSerialize["userSuffix"] = o.UserSuffix
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationCredentialsUsernameTemplate) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationCredentialsUsernameTemplate := _ApplicationCredentialsUsernameTemplate{}
+
+	err = json.Unmarshal(bytes, &varApplicationCredentialsUsernameTemplate)
+	if err == nil {
+		*o = ApplicationCredentialsUsernameTemplate(varApplicationCredentialsUsernameTemplate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "pushStatus")
+		delete(additionalProperties, "template")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "userSuffix")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationCredentialsUsernameTemplate struct {
+	value *ApplicationCredentialsUsernameTemplate
+	isSet bool
+}
+
+func (v NullableApplicationCredentialsUsernameTemplate) Get() *ApplicationCredentialsUsernameTemplate {
+	return v.value
+}
+
+func (v *NullableApplicationCredentialsUsernameTemplate) Set(val *ApplicationCredentialsUsernameTemplate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationCredentialsUsernameTemplate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationCredentialsUsernameTemplate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationCredentialsUsernameTemplate(val *ApplicationCredentialsUsernameTemplate) *NullableApplicationCredentialsUsernameTemplate {
+	return &NullableApplicationCredentialsUsernameTemplate{value: val, isSet: true}
+}
+
+func (v NullableApplicationCredentialsUsernameTemplate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationCredentialsUsernameTemplate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_feature.go b/okta/model_application_feature.go
new file mode 100644
index 000000000..3361fc22f
--- /dev/null
+++ b/okta/model_application_feature.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationFeature struct for ApplicationFeature
+type ApplicationFeature struct {
+	Capabilities         *CapabilitiesObject               `json:"capabilities,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Status               *EnabledStatus                    `json:"status,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationFeature ApplicationFeature
+
+// NewApplicationFeature instantiates a new ApplicationFeature object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationFeature() *ApplicationFeature {
+	this := ApplicationFeature{}
+	return &this
+}
+
+// NewApplicationFeatureWithDefaults instantiates a new ApplicationFeature object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationFeatureWithDefaults() *ApplicationFeature {
+	this := ApplicationFeature{}
+	return &this
+}
+
+// GetCapabilities returns the Capabilities field value if set, zero value otherwise.
+func (o *ApplicationFeature) GetCapabilities() CapabilitiesObject {
+	if o == nil || o.Capabilities == nil {
+		var ret CapabilitiesObject
+		return ret
+	}
+	return *o.Capabilities
+}
+
+// GetCapabilitiesOk returns a tuple with the Capabilities field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationFeature) GetCapabilitiesOk() (*CapabilitiesObject, bool) {
+	if o == nil || o.Capabilities == nil {
+		return nil, false
+	}
+	return o.Capabilities, true
+}
+
+// HasCapabilities returns a boolean if a field has been set.
+func (o *ApplicationFeature) HasCapabilities() bool {
+	if o != nil && o.Capabilities != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCapabilities gets a reference to the given CapabilitiesObject and assigns it to the Capabilities field.
+func (o *ApplicationFeature) SetCapabilities(v CapabilitiesObject) {
+	o.Capabilities = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *ApplicationFeature) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationFeature) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *ApplicationFeature) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *ApplicationFeature) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *ApplicationFeature) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationFeature) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *ApplicationFeature) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *ApplicationFeature) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *ApplicationFeature) GetStatus() EnabledStatus {
+	if o == nil || o.Status == nil {
+		var ret EnabledStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationFeature) GetStatusOk() (*EnabledStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *ApplicationFeature) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given EnabledStatus and assigns it to the Status field.
+func (o *ApplicationFeature) SetStatus(v EnabledStatus) {
+	o.Status = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ApplicationFeature) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationFeature) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ApplicationFeature) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ApplicationFeature) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ApplicationFeature) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Capabilities != nil {
+		toSerialize["capabilities"] = o.Capabilities
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationFeature) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationFeature := _ApplicationFeature{}
+
+	err = json.Unmarshal(bytes, &varApplicationFeature)
+	if err == nil {
+		*o = ApplicationFeature(varApplicationFeature)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "capabilities")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationFeature struct {
+	value *ApplicationFeature
+	isSet bool
+}
+
+func (v NullableApplicationFeature) Get() *ApplicationFeature {
+	return v.value
+}
+
+func (v *NullableApplicationFeature) Set(val *ApplicationFeature) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationFeature) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationFeature) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationFeature(val *ApplicationFeature) *NullableApplicationFeature {
+	return &NullableApplicationFeature{value: val, isSet: true}
+}
+
+func (v NullableApplicationFeature) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationFeature) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_group_assignment.go b/okta/model_application_group_assignment.go
new file mode 100644
index 000000000..4c0f1a106
--- /dev/null
+++ b/okta/model_application_group_assignment.go
@@ -0,0 +1,344 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ApplicationGroupAssignment struct for ApplicationGroupAssignment
+type ApplicationGroupAssignment struct {
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Priority             *int32                            `json:"priority,omitempty"`
+	Profile              map[string]map[string]interface{} `json:"profile,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationGroupAssignment ApplicationGroupAssignment
+
+// NewApplicationGroupAssignment instantiates a new ApplicationGroupAssignment object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationGroupAssignment() *ApplicationGroupAssignment {
+	this := ApplicationGroupAssignment{}
+	return &this
+}
+
+// NewApplicationGroupAssignmentWithDefaults instantiates a new ApplicationGroupAssignment object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationGroupAssignmentWithDefaults() *ApplicationGroupAssignment {
+	this := ApplicationGroupAssignment{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ApplicationGroupAssignment) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationGroupAssignment) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ApplicationGroupAssignment) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ApplicationGroupAssignment) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *ApplicationGroupAssignment) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationGroupAssignment) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *ApplicationGroupAssignment) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *ApplicationGroupAssignment) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetPriority returns the Priority field value if set, zero value otherwise.
+func (o *ApplicationGroupAssignment) GetPriority() int32 {
+	if o == nil || o.Priority == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Priority
+}
+
+// GetPriorityOk returns a tuple with the Priority field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationGroupAssignment) GetPriorityOk() (*int32, bool) {
+	if o == nil || o.Priority == nil {
+		return nil, false
+	}
+	return o.Priority, true
+}
+
+// HasPriority returns a boolean if a field has been set.
+func (o *ApplicationGroupAssignment) HasPriority() bool {
+	if o != nil && o.Priority != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPriority gets a reference to the given int32 and assigns it to the Priority field.
+func (o *ApplicationGroupAssignment) SetPriority(v int32) {
+	o.Priority = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *ApplicationGroupAssignment) GetProfile() map[string]map[string]interface{} {
+	if o == nil || o.Profile == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationGroupAssignment) GetProfileOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *ApplicationGroupAssignment) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given map[string]map[string]interface{} and assigns it to the Profile field.
+func (o *ApplicationGroupAssignment) SetProfile(v map[string]map[string]interface{}) {
+	o.Profile = v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *ApplicationGroupAssignment) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationGroupAssignment) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *ApplicationGroupAssignment) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *ApplicationGroupAssignment) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ApplicationGroupAssignment) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationGroupAssignment) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ApplicationGroupAssignment) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ApplicationGroupAssignment) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ApplicationGroupAssignment) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Priority != nil {
+		toSerialize["priority"] = o.Priority
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationGroupAssignment) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationGroupAssignment := _ApplicationGroupAssignment{}
+
+	err = json.Unmarshal(bytes, &varApplicationGroupAssignment)
+	if err == nil {
+		*o = ApplicationGroupAssignment(varApplicationGroupAssignment)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "priority")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationGroupAssignment struct {
+	value *ApplicationGroupAssignment
+	isSet bool
+}
+
+func (v NullableApplicationGroupAssignment) Get() *ApplicationGroupAssignment {
+	return v.value
+}
+
+func (v *NullableApplicationGroupAssignment) Set(val *ApplicationGroupAssignment) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationGroupAssignment) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationGroupAssignment) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationGroupAssignment(val *ApplicationGroupAssignment) *NullableApplicationGroupAssignment {
+	return &NullableApplicationGroupAssignment{value: val, isSet: true}
+}
+
+func (v NullableApplicationGroupAssignment) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationGroupAssignment) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_layout.go b/okta/model_application_layout.go
new file mode 100644
index 000000000..2bd8cb98a
--- /dev/null
+++ b/okta/model_application_layout.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationLayout struct for ApplicationLayout
+type ApplicationLayout struct {
+	Elements             []map[string]interface{} `json:"elements,omitempty"`
+	Label                *string                  `json:"label,omitempty"`
+	Options              map[string]interface{}   `json:"options,omitempty"`
+	Rule                 *ApplicationLayoutRule   `json:"rule,omitempty"`
+	Scope                *string                  `json:"scope,omitempty"`
+	Type                 *string                  `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationLayout ApplicationLayout
+
+// NewApplicationLayout instantiates a new ApplicationLayout object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationLayout() *ApplicationLayout {
+	this := ApplicationLayout{}
+	return &this
+}
+
+// NewApplicationLayoutWithDefaults instantiates a new ApplicationLayout object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationLayoutWithDefaults() *ApplicationLayout {
+	this := ApplicationLayout{}
+	return &this
+}
+
+// GetElements returns the Elements field value if set, zero value otherwise.
+func (o *ApplicationLayout) GetElements() []map[string]interface{} {
+	if o == nil || o.Elements == nil {
+		var ret []map[string]interface{}
+		return ret
+	}
+	return o.Elements
+}
+
+// GetElementsOk returns a tuple with the Elements field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayout) GetElementsOk() ([]map[string]interface{}, bool) {
+	if o == nil || o.Elements == nil {
+		return nil, false
+	}
+	return o.Elements, true
+}
+
+// HasElements returns a boolean if a field has been set.
+func (o *ApplicationLayout) HasElements() bool {
+	if o != nil && o.Elements != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetElements gets a reference to the given []map[string]interface{} and assigns it to the Elements field.
+func (o *ApplicationLayout) SetElements(v []map[string]interface{}) {
+	o.Elements = v
+}
+
+// GetLabel returns the Label field value if set, zero value otherwise.
+func (o *ApplicationLayout) GetLabel() string {
+	if o == nil || o.Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayout) GetLabelOk() (*string, bool) {
+	if o == nil || o.Label == nil {
+		return nil, false
+	}
+	return o.Label, true
+}
+
+// HasLabel returns a boolean if a field has been set.
+func (o *ApplicationLayout) HasLabel() bool {
+	if o != nil && o.Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLabel gets a reference to the given string and assigns it to the Label field.
+func (o *ApplicationLayout) SetLabel(v string) {
+	o.Label = &v
+}
+
+// GetOptions returns the Options field value if set, zero value otherwise.
+func (o *ApplicationLayout) GetOptions() map[string]interface{} {
+	if o == nil || o.Options == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.Options
+}
+
+// GetOptionsOk returns a tuple with the Options field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayout) GetOptionsOk() (map[string]interface{}, bool) {
+	if o == nil || o.Options == nil {
+		return nil, false
+	}
+	return o.Options, true
+}
+
+// HasOptions returns a boolean if a field has been set.
+func (o *ApplicationLayout) HasOptions() bool {
+	if o != nil && o.Options != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptions gets a reference to the given map[string]interface{} and assigns it to the Options field.
+func (o *ApplicationLayout) SetOptions(v map[string]interface{}) {
+	o.Options = v
+}
+
+// GetRule returns the Rule field value if set, zero value otherwise.
+func (o *ApplicationLayout) GetRule() ApplicationLayoutRule {
+	if o == nil || o.Rule == nil {
+		var ret ApplicationLayoutRule
+		return ret
+	}
+	return *o.Rule
+}
+
+// GetRuleOk returns a tuple with the Rule field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayout) GetRuleOk() (*ApplicationLayoutRule, bool) {
+	if o == nil || o.Rule == nil {
+		return nil, false
+	}
+	return o.Rule, true
+}
+
+// HasRule returns a boolean if a field has been set.
+func (o *ApplicationLayout) HasRule() bool {
+	if o != nil && o.Rule != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRule gets a reference to the given ApplicationLayoutRule and assigns it to the Rule field.
+func (o *ApplicationLayout) SetRule(v ApplicationLayoutRule) {
+	o.Rule = &v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *ApplicationLayout) GetScope() string {
+	if o == nil || o.Scope == nil {
+		var ret string
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayout) GetScopeOk() (*string, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *ApplicationLayout) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given string and assigns it to the Scope field.
+func (o *ApplicationLayout) SetScope(v string) {
+	o.Scope = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *ApplicationLayout) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayout) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *ApplicationLayout) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *ApplicationLayout) SetType(v string) {
+	o.Type = &v
+}
+
+func (o ApplicationLayout) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Elements != nil {
+		toSerialize["elements"] = o.Elements
+	}
+	if o.Label != nil {
+		toSerialize["label"] = o.Label
+	}
+	if o.Options != nil {
+		toSerialize["options"] = o.Options
+	}
+	if o.Rule != nil {
+		toSerialize["rule"] = o.Rule
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationLayout) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationLayout := _ApplicationLayout{}
+
+	err = json.Unmarshal(bytes, &varApplicationLayout)
+	if err == nil {
+		*o = ApplicationLayout(varApplicationLayout)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "elements")
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "options")
+		delete(additionalProperties, "rule")
+		delete(additionalProperties, "scope")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationLayout struct {
+	value *ApplicationLayout
+	isSet bool
+}
+
+func (v NullableApplicationLayout) Get() *ApplicationLayout {
+	return v.value
+}
+
+func (v *NullableApplicationLayout) Set(val *ApplicationLayout) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationLayout) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationLayout) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationLayout(val *ApplicationLayout) *NullableApplicationLayout {
+	return &NullableApplicationLayout{value: val, isSet: true}
+}
+
+func (v NullableApplicationLayout) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationLayout) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_layout_rule.go b/okta/model_application_layout_rule.go
new file mode 100644
index 000000000..f1f88dd02
--- /dev/null
+++ b/okta/model_application_layout_rule.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationLayoutRule struct for ApplicationLayoutRule
+type ApplicationLayoutRule struct {
+	Effect               *string                         `json:"effect,omitempty"`
+	Condition            *ApplicationLayoutRuleCondition `json:"condition,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationLayoutRule ApplicationLayoutRule
+
+// NewApplicationLayoutRule instantiates a new ApplicationLayoutRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationLayoutRule() *ApplicationLayoutRule {
+	this := ApplicationLayoutRule{}
+	return &this
+}
+
+// NewApplicationLayoutRuleWithDefaults instantiates a new ApplicationLayoutRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationLayoutRuleWithDefaults() *ApplicationLayoutRule {
+	this := ApplicationLayoutRule{}
+	return &this
+}
+
+// GetEffect returns the Effect field value if set, zero value otherwise.
+func (o *ApplicationLayoutRule) GetEffect() string {
+	if o == nil || o.Effect == nil {
+		var ret string
+		return ret
+	}
+	return *o.Effect
+}
+
+// GetEffectOk returns a tuple with the Effect field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayoutRule) GetEffectOk() (*string, bool) {
+	if o == nil || o.Effect == nil {
+		return nil, false
+	}
+	return o.Effect, true
+}
+
+// HasEffect returns a boolean if a field has been set.
+func (o *ApplicationLayoutRule) HasEffect() bool {
+	if o != nil && o.Effect != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEffect gets a reference to the given string and assigns it to the Effect field.
+func (o *ApplicationLayoutRule) SetEffect(v string) {
+	o.Effect = &v
+}
+
+// GetCondition returns the Condition field value if set, zero value otherwise.
+func (o *ApplicationLayoutRule) GetCondition() ApplicationLayoutRuleCondition {
+	if o == nil || o.Condition == nil {
+		var ret ApplicationLayoutRuleCondition
+		return ret
+	}
+	return *o.Condition
+}
+
+// GetConditionOk returns a tuple with the Condition field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayoutRule) GetConditionOk() (*ApplicationLayoutRuleCondition, bool) {
+	if o == nil || o.Condition == nil {
+		return nil, false
+	}
+	return o.Condition, true
+}
+
+// HasCondition returns a boolean if a field has been set.
+func (o *ApplicationLayoutRule) HasCondition() bool {
+	if o != nil && o.Condition != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCondition gets a reference to the given ApplicationLayoutRuleCondition and assigns it to the Condition field.
+func (o *ApplicationLayoutRule) SetCondition(v ApplicationLayoutRuleCondition) {
+	o.Condition = &v
+}
+
+func (o ApplicationLayoutRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Effect != nil {
+		toSerialize["effect"] = o.Effect
+	}
+	if o.Condition != nil {
+		toSerialize["condition"] = o.Condition
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationLayoutRule) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationLayoutRule := _ApplicationLayoutRule{}
+
+	err = json.Unmarshal(bytes, &varApplicationLayoutRule)
+	if err == nil {
+		*o = ApplicationLayoutRule(varApplicationLayoutRule)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "effect")
+		delete(additionalProperties, "condition")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationLayoutRule struct {
+	value *ApplicationLayoutRule
+	isSet bool
+}
+
+func (v NullableApplicationLayoutRule) Get() *ApplicationLayoutRule {
+	return v.value
+}
+
+func (v *NullableApplicationLayoutRule) Set(val *ApplicationLayoutRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationLayoutRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationLayoutRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationLayoutRule(val *ApplicationLayoutRule) *NullableApplicationLayoutRule {
+	return &NullableApplicationLayoutRule{value: val, isSet: true}
+}
+
+func (v NullableApplicationLayoutRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationLayoutRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_layout_rule_condition.go b/okta/model_application_layout_rule_condition.go
new file mode 100644
index 000000000..52cd428eb
--- /dev/null
+++ b/okta/model_application_layout_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationLayoutRuleCondition struct for ApplicationLayoutRuleCondition
+type ApplicationLayoutRuleCondition struct {
+	Schema               map[string]interface{} `json:"schema,omitempty"`
+	Scope                *string                `json:"scope,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationLayoutRuleCondition ApplicationLayoutRuleCondition
+
+// NewApplicationLayoutRuleCondition instantiates a new ApplicationLayoutRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationLayoutRuleCondition() *ApplicationLayoutRuleCondition {
+	this := ApplicationLayoutRuleCondition{}
+	return &this
+}
+
+// NewApplicationLayoutRuleConditionWithDefaults instantiates a new ApplicationLayoutRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationLayoutRuleConditionWithDefaults() *ApplicationLayoutRuleCondition {
+	this := ApplicationLayoutRuleCondition{}
+	return &this
+}
+
+// GetSchema returns the Schema field value if set, zero value otherwise.
+func (o *ApplicationLayoutRuleCondition) GetSchema() map[string]interface{} {
+	if o == nil || o.Schema == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.Schema
+}
+
+// GetSchemaOk returns a tuple with the Schema field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayoutRuleCondition) GetSchemaOk() (map[string]interface{}, bool) {
+	if o == nil || o.Schema == nil {
+		return nil, false
+	}
+	return o.Schema, true
+}
+
+// HasSchema returns a boolean if a field has been set.
+func (o *ApplicationLayoutRuleCondition) HasSchema() bool {
+	if o != nil && o.Schema != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSchema gets a reference to the given map[string]interface{} and assigns it to the Schema field.
+func (o *ApplicationLayoutRuleCondition) SetSchema(v map[string]interface{}) {
+	o.Schema = v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *ApplicationLayoutRuleCondition) GetScope() string {
+	if o == nil || o.Scope == nil {
+		var ret string
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLayoutRuleCondition) GetScopeOk() (*string, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *ApplicationLayoutRuleCondition) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given string and assigns it to the Scope field.
+func (o *ApplicationLayoutRuleCondition) SetScope(v string) {
+	o.Scope = &v
+}
+
+func (o ApplicationLayoutRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Schema != nil {
+		toSerialize["schema"] = o.Schema
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationLayoutRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationLayoutRuleCondition := _ApplicationLayoutRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varApplicationLayoutRuleCondition)
+	if err == nil {
+		*o = ApplicationLayoutRuleCondition(varApplicationLayoutRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "schema")
+		delete(additionalProperties, "scope")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationLayoutRuleCondition struct {
+	value *ApplicationLayoutRuleCondition
+	isSet bool
+}
+
+func (v NullableApplicationLayoutRuleCondition) Get() *ApplicationLayoutRuleCondition {
+	return v.value
+}
+
+func (v *NullableApplicationLayoutRuleCondition) Set(val *ApplicationLayoutRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationLayoutRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationLayoutRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationLayoutRuleCondition(val *ApplicationLayoutRuleCondition) *NullableApplicationLayoutRuleCondition {
+	return &NullableApplicationLayoutRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableApplicationLayoutRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationLayoutRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_licensing.go b/okta/model_application_licensing.go
new file mode 100644
index 000000000..499884348
--- /dev/null
+++ b/okta/model_application_licensing.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationLicensing struct for ApplicationLicensing
+type ApplicationLicensing struct {
+	SeatCount            *int32 `json:"seatCount,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationLicensing ApplicationLicensing
+
+// NewApplicationLicensing instantiates a new ApplicationLicensing object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationLicensing() *ApplicationLicensing {
+	this := ApplicationLicensing{}
+	return &this
+}
+
+// NewApplicationLicensingWithDefaults instantiates a new ApplicationLicensing object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationLicensingWithDefaults() *ApplicationLicensing {
+	this := ApplicationLicensing{}
+	return &this
+}
+
+// GetSeatCount returns the SeatCount field value if set, zero value otherwise.
+func (o *ApplicationLicensing) GetSeatCount() int32 {
+	if o == nil || o.SeatCount == nil {
+		var ret int32
+		return ret
+	}
+	return *o.SeatCount
+}
+
+// GetSeatCountOk returns a tuple with the SeatCount field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLicensing) GetSeatCountOk() (*int32, bool) {
+	if o == nil || o.SeatCount == nil {
+		return nil, false
+	}
+	return o.SeatCount, true
+}
+
+// HasSeatCount returns a boolean if a field has been set.
+func (o *ApplicationLicensing) HasSeatCount() bool {
+	if o != nil && o.SeatCount != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSeatCount gets a reference to the given int32 and assigns it to the SeatCount field.
+func (o *ApplicationLicensing) SetSeatCount(v int32) {
+	o.SeatCount = &v
+}
+
+func (o ApplicationLicensing) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.SeatCount != nil {
+		toSerialize["seatCount"] = o.SeatCount
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationLicensing) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationLicensing := _ApplicationLicensing{}
+
+	err = json.Unmarshal(bytes, &varApplicationLicensing)
+	if err == nil {
+		*o = ApplicationLicensing(varApplicationLicensing)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "seatCount")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationLicensing struct {
+	value *ApplicationLicensing
+	isSet bool
+}
+
+func (v NullableApplicationLicensing) Get() *ApplicationLicensing {
+	return v.value
+}
+
+func (v *NullableApplicationLicensing) Set(val *ApplicationLicensing) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationLicensing) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationLicensing) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationLicensing(val *ApplicationLicensing) *NullableApplicationLicensing {
+	return &NullableApplicationLicensing{value: val, isSet: true}
+}
+
+func (v NullableApplicationLicensing) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationLicensing) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_lifecycle_status.go b/okta/model_application_lifecycle_status.go
new file mode 100644
index 000000000..0a4c13140
--- /dev/null
+++ b/okta/model_application_lifecycle_status.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ApplicationLifecycleStatus the model 'ApplicationLifecycleStatus'
+type ApplicationLifecycleStatus string
+
+// List of ApplicationLifecycleStatus
+const (
+	APPLICATIONLIFECYCLESTATUS_ACTIVE   ApplicationLifecycleStatus = "ACTIVE"
+	APPLICATIONLIFECYCLESTATUS_DELETED  ApplicationLifecycleStatus = "DELETED"
+	APPLICATIONLIFECYCLESTATUS_INACTIVE ApplicationLifecycleStatus = "INACTIVE"
+)
+
+// All allowed values of ApplicationLifecycleStatus enum
+var AllowedApplicationLifecycleStatusEnumValues = []ApplicationLifecycleStatus{
+	"ACTIVE",
+	"DELETED",
+	"INACTIVE",
+}
+
+func (v *ApplicationLifecycleStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ApplicationLifecycleStatus(value)
+	for _, existing := range AllowedApplicationLifecycleStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ApplicationLifecycleStatus", value)
+}
+
+// NewApplicationLifecycleStatusFromValue returns a pointer to a valid ApplicationLifecycleStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewApplicationLifecycleStatusFromValue(v string) (*ApplicationLifecycleStatus, error) {
+	ev := ApplicationLifecycleStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ApplicationLifecycleStatus: valid values are %v", v, AllowedApplicationLifecycleStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ApplicationLifecycleStatus) IsValid() bool {
+	for _, existing := range AllowedApplicationLifecycleStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ApplicationLifecycleStatus value
+func (v ApplicationLifecycleStatus) Ptr() *ApplicationLifecycleStatus {
+	return &v
+}
+
+type NullableApplicationLifecycleStatus struct {
+	value *ApplicationLifecycleStatus
+	isSet bool
+}
+
+func (v NullableApplicationLifecycleStatus) Get() *ApplicationLifecycleStatus {
+	return v.value
+}
+
+func (v *NullableApplicationLifecycleStatus) Set(val *ApplicationLifecycleStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationLifecycleStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationLifecycleStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationLifecycleStatus(val *ApplicationLifecycleStatus) *NullableApplicationLifecycleStatus {
+	return &NullableApplicationLifecycleStatus{value: val, isSet: true}
+}
+
+func (v NullableApplicationLifecycleStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationLifecycleStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_links.go b/okta/model_application_links.go
new file mode 100644
index 000000000..cf6984c80
--- /dev/null
+++ b/okta/model_application_links.go
@@ -0,0 +1,417 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationLinks struct for ApplicationLinks
+type ApplicationLinks struct {
+	AccessPolicy         *HrefObject  `json:"accessPolicy,omitempty"`
+	Activate             *HrefObject  `json:"activate,omitempty"`
+	Deactivate           *HrefObject  `json:"deactivate,omitempty"`
+	Groups               *HrefObject  `json:"groups,omitempty"`
+	Logo                 []HrefObject `json:"logo,omitempty"`
+	Metadata             *HrefObject  `json:"metadata,omitempty"`
+	Self                 *HrefObject  `json:"self,omitempty"`
+	Users                *HrefObject  `json:"users,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationLinks ApplicationLinks
+
+// NewApplicationLinks instantiates a new ApplicationLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationLinks() *ApplicationLinks {
+	this := ApplicationLinks{}
+	return &this
+}
+
+// NewApplicationLinksWithDefaults instantiates a new ApplicationLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationLinksWithDefaults() *ApplicationLinks {
+	this := ApplicationLinks{}
+	return &this
+}
+
+// GetAccessPolicy returns the AccessPolicy field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetAccessPolicy() HrefObject {
+	if o == nil || o.AccessPolicy == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.AccessPolicy
+}
+
+// GetAccessPolicyOk returns a tuple with the AccessPolicy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetAccessPolicyOk() (*HrefObject, bool) {
+	if o == nil || o.AccessPolicy == nil {
+		return nil, false
+	}
+	return o.AccessPolicy, true
+}
+
+// HasAccessPolicy returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasAccessPolicy() bool {
+	if o != nil && o.AccessPolicy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccessPolicy gets a reference to the given HrefObject and assigns it to the AccessPolicy field.
+func (o *ApplicationLinks) SetAccessPolicy(v HrefObject) {
+	o.AccessPolicy = &v
+}
+
+// GetActivate returns the Activate field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetActivate() HrefObject {
+	if o == nil || o.Activate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Activate
+}
+
+// GetActivateOk returns a tuple with the Activate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetActivateOk() (*HrefObject, bool) {
+	if o == nil || o.Activate == nil {
+		return nil, false
+	}
+	return o.Activate, true
+}
+
+// HasActivate returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasActivate() bool {
+	if o != nil && o.Activate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActivate gets a reference to the given HrefObject and assigns it to the Activate field.
+func (o *ApplicationLinks) SetActivate(v HrefObject) {
+	o.Activate = &v
+}
+
+// GetDeactivate returns the Deactivate field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetDeactivate() HrefObject {
+	if o == nil || o.Deactivate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Deactivate
+}
+
+// GetDeactivateOk returns a tuple with the Deactivate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetDeactivateOk() (*HrefObject, bool) {
+	if o == nil || o.Deactivate == nil {
+		return nil, false
+	}
+	return o.Deactivate, true
+}
+
+// HasDeactivate returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasDeactivate() bool {
+	if o != nil && o.Deactivate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeactivate gets a reference to the given HrefObject and assigns it to the Deactivate field.
+func (o *ApplicationLinks) SetDeactivate(v HrefObject) {
+	o.Deactivate = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetGroups() HrefObject {
+	if o == nil || o.Groups == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetGroupsOk() (*HrefObject, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given HrefObject and assigns it to the Groups field.
+func (o *ApplicationLinks) SetGroups(v HrefObject) {
+	o.Groups = &v
+}
+
+// GetLogo returns the Logo field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetLogo() []HrefObject {
+	if o == nil || o.Logo == nil {
+		var ret []HrefObject
+		return ret
+	}
+	return o.Logo
+}
+
+// GetLogoOk returns a tuple with the Logo field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetLogoOk() ([]HrefObject, bool) {
+	if o == nil || o.Logo == nil {
+		return nil, false
+	}
+	return o.Logo, true
+}
+
+// HasLogo returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasLogo() bool {
+	if o != nil && o.Logo != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogo gets a reference to the given []HrefObject and assigns it to the Logo field.
+func (o *ApplicationLinks) SetLogo(v []HrefObject) {
+	o.Logo = v
+}
+
+// GetMetadata returns the Metadata field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetMetadata() HrefObject {
+	if o == nil || o.Metadata == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Metadata
+}
+
+// GetMetadataOk returns a tuple with the Metadata field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetMetadataOk() (*HrefObject, bool) {
+	if o == nil || o.Metadata == nil {
+		return nil, false
+	}
+	return o.Metadata, true
+}
+
+// HasMetadata returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasMetadata() bool {
+	if o != nil && o.Metadata != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMetadata gets a reference to the given HrefObject and assigns it to the Metadata field.
+func (o *ApplicationLinks) SetMetadata(v HrefObject) {
+	o.Metadata = &v
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *ApplicationLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *ApplicationLinks) GetUsers() HrefObject {
+	if o == nil || o.Users == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationLinks) GetUsersOk() (*HrefObject, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *ApplicationLinks) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given HrefObject and assigns it to the Users field.
+func (o *ApplicationLinks) SetUsers(v HrefObject) {
+	o.Users = &v
+}
+
+func (o ApplicationLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AccessPolicy != nil {
+		toSerialize["accessPolicy"] = o.AccessPolicy
+	}
+	if o.Activate != nil {
+		toSerialize["activate"] = o.Activate
+	}
+	if o.Deactivate != nil {
+		toSerialize["deactivate"] = o.Deactivate
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.Logo != nil {
+		toSerialize["logo"] = o.Logo
+	}
+	if o.Metadata != nil {
+		toSerialize["metadata"] = o.Metadata
+	}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationLinks := _ApplicationLinks{}
+
+	err = json.Unmarshal(bytes, &varApplicationLinks)
+	if err == nil {
+		*o = ApplicationLinks(varApplicationLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "accessPolicy")
+		delete(additionalProperties, "activate")
+		delete(additionalProperties, "deactivate")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "logo")
+		delete(additionalProperties, "metadata")
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "users")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationLinks struct {
+	value *ApplicationLinks
+	isSet bool
+}
+
+func (v NullableApplicationLinks) Get() *ApplicationLinks {
+	return v.value
+}
+
+func (v *NullableApplicationLinks) Set(val *ApplicationLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationLinks(val *ApplicationLinks) *NullableApplicationLinks {
+	return &NullableApplicationLinks{value: val, isSet: true}
+}
+
+func (v NullableApplicationLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_settings.go b/okta/model_application_settings.go
new file mode 100644
index 000000000..891819e59
--- /dev/null
+++ b/okta/model_application_settings.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationSettings struct for ApplicationSettings
+type ApplicationSettings struct {
+	IdentityStoreId      *string                           `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                             `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                           `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes         `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications `json:"notifications,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationSettings ApplicationSettings
+
+// NewApplicationSettings instantiates a new ApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationSettings() *ApplicationSettings {
+	this := ApplicationSettings{}
+	return &this
+}
+
+// NewApplicationSettingsWithDefaults instantiates a new ApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationSettingsWithDefaults() *ApplicationSettings {
+	this := ApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *ApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *ApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *ApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *ApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *ApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *ApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *ApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *ApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *ApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *ApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *ApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *ApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *ApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *ApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *ApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+func (o ApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationSettings := _ApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varApplicationSettings)
+	if err == nil {
+		*o = ApplicationSettings(varApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationSettings struct {
+	value *ApplicationSettings
+	isSet bool
+}
+
+func (v NullableApplicationSettings) Get() *ApplicationSettings {
+	return v.value
+}
+
+func (v *NullableApplicationSettings) Set(val *ApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationSettings(val *ApplicationSettings) *NullableApplicationSettings {
+	return &NullableApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_settings_notes.go b/okta/model_application_settings_notes.go
new file mode 100644
index 000000000..a9f791bcf
--- /dev/null
+++ b/okta/model_application_settings_notes.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationSettingsNotes struct for ApplicationSettingsNotes
+type ApplicationSettingsNotes struct {
+	Admin                *string `json:"admin,omitempty"`
+	Enduser              *string `json:"enduser,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationSettingsNotes ApplicationSettingsNotes
+
+// NewApplicationSettingsNotes instantiates a new ApplicationSettingsNotes object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationSettingsNotes() *ApplicationSettingsNotes {
+	this := ApplicationSettingsNotes{}
+	return &this
+}
+
+// NewApplicationSettingsNotesWithDefaults instantiates a new ApplicationSettingsNotes object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationSettingsNotesWithDefaults() *ApplicationSettingsNotes {
+	this := ApplicationSettingsNotes{}
+	return &this
+}
+
+// GetAdmin returns the Admin field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotes) GetAdmin() string {
+	if o == nil || o.Admin == nil {
+		var ret string
+		return ret
+	}
+	return *o.Admin
+}
+
+// GetAdminOk returns a tuple with the Admin field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotes) GetAdminOk() (*string, bool) {
+	if o == nil || o.Admin == nil {
+		return nil, false
+	}
+	return o.Admin, true
+}
+
+// HasAdmin returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotes) HasAdmin() bool {
+	if o != nil && o.Admin != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAdmin gets a reference to the given string and assigns it to the Admin field.
+func (o *ApplicationSettingsNotes) SetAdmin(v string) {
+	o.Admin = &v
+}
+
+// GetEnduser returns the Enduser field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotes) GetEnduser() string {
+	if o == nil || o.Enduser == nil {
+		var ret string
+		return ret
+	}
+	return *o.Enduser
+}
+
+// GetEnduserOk returns a tuple with the Enduser field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotes) GetEnduserOk() (*string, bool) {
+	if o == nil || o.Enduser == nil {
+		return nil, false
+	}
+	return o.Enduser, true
+}
+
+// HasEnduser returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotes) HasEnduser() bool {
+	if o != nil && o.Enduser != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnduser gets a reference to the given string and assigns it to the Enduser field.
+func (o *ApplicationSettingsNotes) SetEnduser(v string) {
+	o.Enduser = &v
+}
+
+func (o ApplicationSettingsNotes) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Admin != nil {
+		toSerialize["admin"] = o.Admin
+	}
+	if o.Enduser != nil {
+		toSerialize["enduser"] = o.Enduser
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationSettingsNotes) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationSettingsNotes := _ApplicationSettingsNotes{}
+
+	err = json.Unmarshal(bytes, &varApplicationSettingsNotes)
+	if err == nil {
+		*o = ApplicationSettingsNotes(varApplicationSettingsNotes)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "admin")
+		delete(additionalProperties, "enduser")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationSettingsNotes struct {
+	value *ApplicationSettingsNotes
+	isSet bool
+}
+
+func (v NullableApplicationSettingsNotes) Get() *ApplicationSettingsNotes {
+	return v.value
+}
+
+func (v *NullableApplicationSettingsNotes) Set(val *ApplicationSettingsNotes) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationSettingsNotes) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationSettingsNotes) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationSettingsNotes(val *ApplicationSettingsNotes) *NullableApplicationSettingsNotes {
+	return &NullableApplicationSettingsNotes{value: val, isSet: true}
+}
+
+func (v NullableApplicationSettingsNotes) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationSettingsNotes) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_settings_notifications.go b/okta/model_application_settings_notifications.go
new file mode 100644
index 000000000..45849c146
--- /dev/null
+++ b/okta/model_application_settings_notifications.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationSettingsNotifications struct for ApplicationSettingsNotifications
+type ApplicationSettingsNotifications struct {
+	Vpn                  *ApplicationSettingsNotificationsVpn `json:"vpn,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationSettingsNotifications ApplicationSettingsNotifications
+
+// NewApplicationSettingsNotifications instantiates a new ApplicationSettingsNotifications object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationSettingsNotifications() *ApplicationSettingsNotifications {
+	this := ApplicationSettingsNotifications{}
+	return &this
+}
+
+// NewApplicationSettingsNotificationsWithDefaults instantiates a new ApplicationSettingsNotifications object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationSettingsNotificationsWithDefaults() *ApplicationSettingsNotifications {
+	this := ApplicationSettingsNotifications{}
+	return &this
+}
+
+// GetVpn returns the Vpn field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotifications) GetVpn() ApplicationSettingsNotificationsVpn {
+	if o == nil || o.Vpn == nil {
+		var ret ApplicationSettingsNotificationsVpn
+		return ret
+	}
+	return *o.Vpn
+}
+
+// GetVpnOk returns a tuple with the Vpn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotifications) GetVpnOk() (*ApplicationSettingsNotificationsVpn, bool) {
+	if o == nil || o.Vpn == nil {
+		return nil, false
+	}
+	return o.Vpn, true
+}
+
+// HasVpn returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotifications) HasVpn() bool {
+	if o != nil && o.Vpn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVpn gets a reference to the given ApplicationSettingsNotificationsVpn and assigns it to the Vpn field.
+func (o *ApplicationSettingsNotifications) SetVpn(v ApplicationSettingsNotificationsVpn) {
+	o.Vpn = &v
+}
+
+func (o ApplicationSettingsNotifications) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Vpn != nil {
+		toSerialize["vpn"] = o.Vpn
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationSettingsNotifications) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationSettingsNotifications := _ApplicationSettingsNotifications{}
+
+	err = json.Unmarshal(bytes, &varApplicationSettingsNotifications)
+	if err == nil {
+		*o = ApplicationSettingsNotifications(varApplicationSettingsNotifications)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "vpn")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationSettingsNotifications struct {
+	value *ApplicationSettingsNotifications
+	isSet bool
+}
+
+func (v NullableApplicationSettingsNotifications) Get() *ApplicationSettingsNotifications {
+	return v.value
+}
+
+func (v *NullableApplicationSettingsNotifications) Set(val *ApplicationSettingsNotifications) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationSettingsNotifications) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationSettingsNotifications) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationSettingsNotifications(val *ApplicationSettingsNotifications) *NullableApplicationSettingsNotifications {
+	return &NullableApplicationSettingsNotifications{value: val, isSet: true}
+}
+
+func (v NullableApplicationSettingsNotifications) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationSettingsNotifications) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_settings_notifications_vpn.go b/okta/model_application_settings_notifications_vpn.go
new file mode 100644
index 000000000..1446859c8
--- /dev/null
+++ b/okta/model_application_settings_notifications_vpn.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationSettingsNotificationsVpn struct for ApplicationSettingsNotificationsVpn
+type ApplicationSettingsNotificationsVpn struct {
+	HelpUrl              *string                                     `json:"helpUrl,omitempty"`
+	Message              *string                                     `json:"message,omitempty"`
+	Network              *ApplicationSettingsNotificationsVpnNetwork `json:"network,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationSettingsNotificationsVpn ApplicationSettingsNotificationsVpn
+
+// NewApplicationSettingsNotificationsVpn instantiates a new ApplicationSettingsNotificationsVpn object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationSettingsNotificationsVpn() *ApplicationSettingsNotificationsVpn {
+	this := ApplicationSettingsNotificationsVpn{}
+	return &this
+}
+
+// NewApplicationSettingsNotificationsVpnWithDefaults instantiates a new ApplicationSettingsNotificationsVpn object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationSettingsNotificationsVpnWithDefaults() *ApplicationSettingsNotificationsVpn {
+	this := ApplicationSettingsNotificationsVpn{}
+	return &this
+}
+
+// GetHelpUrl returns the HelpUrl field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotificationsVpn) GetHelpUrl() string {
+	if o == nil || o.HelpUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.HelpUrl
+}
+
+// GetHelpUrlOk returns a tuple with the HelpUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotificationsVpn) GetHelpUrlOk() (*string, bool) {
+	if o == nil || o.HelpUrl == nil {
+		return nil, false
+	}
+	return o.HelpUrl, true
+}
+
+// HasHelpUrl returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotificationsVpn) HasHelpUrl() bool {
+	if o != nil && o.HelpUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHelpUrl gets a reference to the given string and assigns it to the HelpUrl field.
+func (o *ApplicationSettingsNotificationsVpn) SetHelpUrl(v string) {
+	o.HelpUrl = &v
+}
+
+// GetMessage returns the Message field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotificationsVpn) GetMessage() string {
+	if o == nil || o.Message == nil {
+		var ret string
+		return ret
+	}
+	return *o.Message
+}
+
+// GetMessageOk returns a tuple with the Message field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotificationsVpn) GetMessageOk() (*string, bool) {
+	if o == nil || o.Message == nil {
+		return nil, false
+	}
+	return o.Message, true
+}
+
+// HasMessage returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotificationsVpn) HasMessage() bool {
+	if o != nil && o.Message != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMessage gets a reference to the given string and assigns it to the Message field.
+func (o *ApplicationSettingsNotificationsVpn) SetMessage(v string) {
+	o.Message = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotificationsVpn) GetNetwork() ApplicationSettingsNotificationsVpnNetwork {
+	if o == nil || o.Network == nil {
+		var ret ApplicationSettingsNotificationsVpnNetwork
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotificationsVpn) GetNetworkOk() (*ApplicationSettingsNotificationsVpnNetwork, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotificationsVpn) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given ApplicationSettingsNotificationsVpnNetwork and assigns it to the Network field.
+func (o *ApplicationSettingsNotificationsVpn) SetNetwork(v ApplicationSettingsNotificationsVpnNetwork) {
+	o.Network = &v
+}
+
+func (o ApplicationSettingsNotificationsVpn) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.HelpUrl != nil {
+		toSerialize["helpUrl"] = o.HelpUrl
+	}
+	if o.Message != nil {
+		toSerialize["message"] = o.Message
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationSettingsNotificationsVpn) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationSettingsNotificationsVpn := _ApplicationSettingsNotificationsVpn{}
+
+	err = json.Unmarshal(bytes, &varApplicationSettingsNotificationsVpn)
+	if err == nil {
+		*o = ApplicationSettingsNotificationsVpn(varApplicationSettingsNotificationsVpn)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "helpUrl")
+		delete(additionalProperties, "message")
+		delete(additionalProperties, "network")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationSettingsNotificationsVpn struct {
+	value *ApplicationSettingsNotificationsVpn
+	isSet bool
+}
+
+func (v NullableApplicationSettingsNotificationsVpn) Get() *ApplicationSettingsNotificationsVpn {
+	return v.value
+}
+
+func (v *NullableApplicationSettingsNotificationsVpn) Set(val *ApplicationSettingsNotificationsVpn) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationSettingsNotificationsVpn) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationSettingsNotificationsVpn) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationSettingsNotificationsVpn(val *ApplicationSettingsNotificationsVpn) *NullableApplicationSettingsNotificationsVpn {
+	return &NullableApplicationSettingsNotificationsVpn{value: val, isSet: true}
+}
+
+func (v NullableApplicationSettingsNotificationsVpn) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationSettingsNotificationsVpn) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_settings_notifications_vpn_network.go b/okta/model_application_settings_notifications_vpn_network.go
new file mode 100644
index 000000000..4ce6a088c
--- /dev/null
+++ b/okta/model_application_settings_notifications_vpn_network.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationSettingsNotificationsVpnNetwork struct for ApplicationSettingsNotificationsVpnNetwork
+type ApplicationSettingsNotificationsVpnNetwork struct {
+	Connection           *string  `json:"connection,omitempty"`
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationSettingsNotificationsVpnNetwork ApplicationSettingsNotificationsVpnNetwork
+
+// NewApplicationSettingsNotificationsVpnNetwork instantiates a new ApplicationSettingsNotificationsVpnNetwork object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationSettingsNotificationsVpnNetwork() *ApplicationSettingsNotificationsVpnNetwork {
+	this := ApplicationSettingsNotificationsVpnNetwork{}
+	return &this
+}
+
+// NewApplicationSettingsNotificationsVpnNetworkWithDefaults instantiates a new ApplicationSettingsNotificationsVpnNetwork object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationSettingsNotificationsVpnNetworkWithDefaults() *ApplicationSettingsNotificationsVpnNetwork {
+	this := ApplicationSettingsNotificationsVpnNetwork{}
+	return &this
+}
+
+// GetConnection returns the Connection field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotificationsVpnNetwork) GetConnection() string {
+	if o == nil || o.Connection == nil {
+		var ret string
+		return ret
+	}
+	return *o.Connection
+}
+
+// GetConnectionOk returns a tuple with the Connection field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotificationsVpnNetwork) GetConnectionOk() (*string, bool) {
+	if o == nil || o.Connection == nil {
+		return nil, false
+	}
+	return o.Connection, true
+}
+
+// HasConnection returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotificationsVpnNetwork) HasConnection() bool {
+	if o != nil && o.Connection != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConnection gets a reference to the given string and assigns it to the Connection field.
+func (o *ApplicationSettingsNotificationsVpnNetwork) SetConnection(v string) {
+	o.Connection = &v
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotificationsVpnNetwork) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotificationsVpnNetwork) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotificationsVpnNetwork) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *ApplicationSettingsNotificationsVpnNetwork) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *ApplicationSettingsNotificationsVpnNetwork) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationSettingsNotificationsVpnNetwork) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *ApplicationSettingsNotificationsVpnNetwork) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *ApplicationSettingsNotificationsVpnNetwork) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o ApplicationSettingsNotificationsVpnNetwork) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Connection != nil {
+		toSerialize["connection"] = o.Connection
+	}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationSettingsNotificationsVpnNetwork) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationSettingsNotificationsVpnNetwork := _ApplicationSettingsNotificationsVpnNetwork{}
+
+	err = json.Unmarshal(bytes, &varApplicationSettingsNotificationsVpnNetwork)
+	if err == nil {
+		*o = ApplicationSettingsNotificationsVpnNetwork(varApplicationSettingsNotificationsVpnNetwork)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "connection")
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationSettingsNotificationsVpnNetwork struct {
+	value *ApplicationSettingsNotificationsVpnNetwork
+	isSet bool
+}
+
+func (v NullableApplicationSettingsNotificationsVpnNetwork) Get() *ApplicationSettingsNotificationsVpnNetwork {
+	return v.value
+}
+
+func (v *NullableApplicationSettingsNotificationsVpnNetwork) Set(val *ApplicationSettingsNotificationsVpnNetwork) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationSettingsNotificationsVpnNetwork) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationSettingsNotificationsVpnNetwork) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationSettingsNotificationsVpnNetwork(val *ApplicationSettingsNotificationsVpnNetwork) *NullableApplicationSettingsNotificationsVpnNetwork {
+	return &NullableApplicationSettingsNotificationsVpnNetwork{value: val, isSet: true}
+}
+
+func (v NullableApplicationSettingsNotificationsVpnNetwork) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationSettingsNotificationsVpnNetwork) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_sign_on_mode.go b/okta/model_application_sign_on_mode.go
new file mode 100644
index 000000000..3b0f2e489
--- /dev/null
+++ b/okta/model_application_sign_on_mode.go
@@ -0,0 +1,138 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ApplicationSignOnMode the model 'ApplicationSignOnMode'
+type ApplicationSignOnMode string
+
+// List of ApplicationSignOnMode
+const (
+	APPLICATIONSIGNONMODE_AUTO_LOGIN            ApplicationSignOnMode = "AUTO_LOGIN"
+	APPLICATIONSIGNONMODE_BASIC_AUTH            ApplicationSignOnMode = "BASIC_AUTH"
+	APPLICATIONSIGNONMODE_BOOKMARK              ApplicationSignOnMode = "BOOKMARK"
+	APPLICATIONSIGNONMODE_BROWSER_PLUGIN        ApplicationSignOnMode = "BROWSER_PLUGIN"
+	APPLICATIONSIGNONMODE_OPENID_CONNECT        ApplicationSignOnMode = "OPENID_CONNECT"
+	APPLICATIONSIGNONMODE_SAML_1_1              ApplicationSignOnMode = "SAML_1_1"
+	APPLICATIONSIGNONMODE_SAML_2_0              ApplicationSignOnMode = "SAML_2_0"
+	APPLICATIONSIGNONMODE_SECURE_PASSWORD_STORE ApplicationSignOnMode = "SECURE_PASSWORD_STORE"
+	APPLICATIONSIGNONMODE_WS_FEDERATION         ApplicationSignOnMode = "WS_FEDERATION"
+)
+
+// All allowed values of ApplicationSignOnMode enum
+var AllowedApplicationSignOnModeEnumValues = []ApplicationSignOnMode{
+	"AUTO_LOGIN",
+	"BASIC_AUTH",
+	"BOOKMARK",
+	"BROWSER_PLUGIN",
+	"OPENID_CONNECT",
+	"SAML_1_1",
+	"SAML_2_0",
+	"SECURE_PASSWORD_STORE",
+	"WS_FEDERATION",
+}
+
+func (v *ApplicationSignOnMode) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ApplicationSignOnMode(value)
+	for _, existing := range AllowedApplicationSignOnModeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ApplicationSignOnMode", value)
+}
+
+// NewApplicationSignOnModeFromValue returns a pointer to a valid ApplicationSignOnMode
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewApplicationSignOnModeFromValue(v string) (*ApplicationSignOnMode, error) {
+	ev := ApplicationSignOnMode(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ApplicationSignOnMode: valid values are %v", v, AllowedApplicationSignOnModeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ApplicationSignOnMode) IsValid() bool {
+	for _, existing := range AllowedApplicationSignOnModeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ApplicationSignOnMode value
+func (v ApplicationSignOnMode) Ptr() *ApplicationSignOnMode {
+	return &v
+}
+
+type NullableApplicationSignOnMode struct {
+	value *ApplicationSignOnMode
+	isSet bool
+}
+
+func (v NullableApplicationSignOnMode) Get() *ApplicationSignOnMode {
+	return v.value
+}
+
+func (v *NullableApplicationSignOnMode) Set(val *ApplicationSignOnMode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationSignOnMode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationSignOnMode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationSignOnMode(val *ApplicationSignOnMode) *NullableApplicationSignOnMode {
+	return &NullableApplicationSignOnMode{value: val, isSet: true}
+}
+
+func (v NullableApplicationSignOnMode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationSignOnMode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_visibility.go b/okta/model_application_visibility.go
new file mode 100644
index 000000000..6d19c8d00
--- /dev/null
+++ b/okta/model_application_visibility.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationVisibility struct for ApplicationVisibility
+type ApplicationVisibility struct {
+	AppLinks             *map[string]bool           `json:"appLinks,omitempty"`
+	AutoLaunch           *bool                      `json:"autoLaunch,omitempty"`
+	AutoSubmitToolbar    *bool                      `json:"autoSubmitToolbar,omitempty"`
+	Hide                 *ApplicationVisibilityHide `json:"hide,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationVisibility ApplicationVisibility
+
+// NewApplicationVisibility instantiates a new ApplicationVisibility object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationVisibility() *ApplicationVisibility {
+	this := ApplicationVisibility{}
+	return &this
+}
+
+// NewApplicationVisibilityWithDefaults instantiates a new ApplicationVisibility object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationVisibilityWithDefaults() *ApplicationVisibility {
+	this := ApplicationVisibility{}
+	return &this
+}
+
+// GetAppLinks returns the AppLinks field value if set, zero value otherwise.
+func (o *ApplicationVisibility) GetAppLinks() map[string]bool {
+	if o == nil || o.AppLinks == nil {
+		var ret map[string]bool
+		return ret
+	}
+	return *o.AppLinks
+}
+
+// GetAppLinksOk returns a tuple with the AppLinks field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationVisibility) GetAppLinksOk() (*map[string]bool, bool) {
+	if o == nil || o.AppLinks == nil {
+		return nil, false
+	}
+	return o.AppLinks, true
+}
+
+// HasAppLinks returns a boolean if a field has been set.
+func (o *ApplicationVisibility) HasAppLinks() bool {
+	if o != nil && o.AppLinks != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppLinks gets a reference to the given map[string]bool and assigns it to the AppLinks field.
+func (o *ApplicationVisibility) SetAppLinks(v map[string]bool) {
+	o.AppLinks = &v
+}
+
+// GetAutoLaunch returns the AutoLaunch field value if set, zero value otherwise.
+func (o *ApplicationVisibility) GetAutoLaunch() bool {
+	if o == nil || o.AutoLaunch == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AutoLaunch
+}
+
+// GetAutoLaunchOk returns a tuple with the AutoLaunch field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationVisibility) GetAutoLaunchOk() (*bool, bool) {
+	if o == nil || o.AutoLaunch == nil {
+		return nil, false
+	}
+	return o.AutoLaunch, true
+}
+
+// HasAutoLaunch returns a boolean if a field has been set.
+func (o *ApplicationVisibility) HasAutoLaunch() bool {
+	if o != nil && o.AutoLaunch != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAutoLaunch gets a reference to the given bool and assigns it to the AutoLaunch field.
+func (o *ApplicationVisibility) SetAutoLaunch(v bool) {
+	o.AutoLaunch = &v
+}
+
+// GetAutoSubmitToolbar returns the AutoSubmitToolbar field value if set, zero value otherwise.
+func (o *ApplicationVisibility) GetAutoSubmitToolbar() bool {
+	if o == nil || o.AutoSubmitToolbar == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AutoSubmitToolbar
+}
+
+// GetAutoSubmitToolbarOk returns a tuple with the AutoSubmitToolbar field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationVisibility) GetAutoSubmitToolbarOk() (*bool, bool) {
+	if o == nil || o.AutoSubmitToolbar == nil {
+		return nil, false
+	}
+	return o.AutoSubmitToolbar, true
+}
+
+// HasAutoSubmitToolbar returns a boolean if a field has been set.
+func (o *ApplicationVisibility) HasAutoSubmitToolbar() bool {
+	if o != nil && o.AutoSubmitToolbar != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAutoSubmitToolbar gets a reference to the given bool and assigns it to the AutoSubmitToolbar field.
+func (o *ApplicationVisibility) SetAutoSubmitToolbar(v bool) {
+	o.AutoSubmitToolbar = &v
+}
+
+// GetHide returns the Hide field value if set, zero value otherwise.
+func (o *ApplicationVisibility) GetHide() ApplicationVisibilityHide {
+	if o == nil || o.Hide == nil {
+		var ret ApplicationVisibilityHide
+		return ret
+	}
+	return *o.Hide
+}
+
+// GetHideOk returns a tuple with the Hide field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationVisibility) GetHideOk() (*ApplicationVisibilityHide, bool) {
+	if o == nil || o.Hide == nil {
+		return nil, false
+	}
+	return o.Hide, true
+}
+
+// HasHide returns a boolean if a field has been set.
+func (o *ApplicationVisibility) HasHide() bool {
+	if o != nil && o.Hide != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHide gets a reference to the given ApplicationVisibilityHide and assigns it to the Hide field.
+func (o *ApplicationVisibility) SetHide(v ApplicationVisibilityHide) {
+	o.Hide = &v
+}
+
+func (o ApplicationVisibility) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AppLinks != nil {
+		toSerialize["appLinks"] = o.AppLinks
+	}
+	if o.AutoLaunch != nil {
+		toSerialize["autoLaunch"] = o.AutoLaunch
+	}
+	if o.AutoSubmitToolbar != nil {
+		toSerialize["autoSubmitToolbar"] = o.AutoSubmitToolbar
+	}
+	if o.Hide != nil {
+		toSerialize["hide"] = o.Hide
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationVisibility) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationVisibility := _ApplicationVisibility{}
+
+	err = json.Unmarshal(bytes, &varApplicationVisibility)
+	if err == nil {
+		*o = ApplicationVisibility(varApplicationVisibility)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "appLinks")
+		delete(additionalProperties, "autoLaunch")
+		delete(additionalProperties, "autoSubmitToolbar")
+		delete(additionalProperties, "hide")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationVisibility struct {
+	value *ApplicationVisibility
+	isSet bool
+}
+
+func (v NullableApplicationVisibility) Get() *ApplicationVisibility {
+	return v.value
+}
+
+func (v *NullableApplicationVisibility) Set(val *ApplicationVisibility) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationVisibility) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationVisibility) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationVisibility(val *ApplicationVisibility) *NullableApplicationVisibility {
+	return &NullableApplicationVisibility{value: val, isSet: true}
+}
+
+func (v NullableApplicationVisibility) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationVisibility) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_application_visibility_hide.go b/okta/model_application_visibility_hide.go
new file mode 100644
index 000000000..2d634bb08
--- /dev/null
+++ b/okta/model_application_visibility_hide.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ApplicationVisibilityHide struct for ApplicationVisibilityHide
+type ApplicationVisibilityHide struct {
+	IOS                  *bool `json:"iOS,omitempty"`
+	Web                  *bool `json:"web,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ApplicationVisibilityHide ApplicationVisibilityHide
+
+// NewApplicationVisibilityHide instantiates a new ApplicationVisibilityHide object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewApplicationVisibilityHide() *ApplicationVisibilityHide {
+	this := ApplicationVisibilityHide{}
+	return &this
+}
+
+// NewApplicationVisibilityHideWithDefaults instantiates a new ApplicationVisibilityHide object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewApplicationVisibilityHideWithDefaults() *ApplicationVisibilityHide {
+	this := ApplicationVisibilityHide{}
+	return &this
+}
+
+// GetIOS returns the IOS field value if set, zero value otherwise.
+func (o *ApplicationVisibilityHide) GetIOS() bool {
+	if o == nil || o.IOS == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IOS
+}
+
+// GetIOSOk returns a tuple with the IOS field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationVisibilityHide) GetIOSOk() (*bool, bool) {
+	if o == nil || o.IOS == nil {
+		return nil, false
+	}
+	return o.IOS, true
+}
+
+// HasIOS returns a boolean if a field has been set.
+func (o *ApplicationVisibilityHide) HasIOS() bool {
+	if o != nil && o.IOS != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIOS gets a reference to the given bool and assigns it to the IOS field.
+func (o *ApplicationVisibilityHide) SetIOS(v bool) {
+	o.IOS = &v
+}
+
+// GetWeb returns the Web field value if set, zero value otherwise.
+func (o *ApplicationVisibilityHide) GetWeb() bool {
+	if o == nil || o.Web == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Web
+}
+
+// GetWebOk returns a tuple with the Web field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ApplicationVisibilityHide) GetWebOk() (*bool, bool) {
+	if o == nil || o.Web == nil {
+		return nil, false
+	}
+	return o.Web, true
+}
+
+// HasWeb returns a boolean if a field has been set.
+func (o *ApplicationVisibilityHide) HasWeb() bool {
+	if o != nil && o.Web != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWeb gets a reference to the given bool and assigns it to the Web field.
+func (o *ApplicationVisibilityHide) SetWeb(v bool) {
+	o.Web = &v
+}
+
+func (o ApplicationVisibilityHide) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IOS != nil {
+		toSerialize["iOS"] = o.IOS
+	}
+	if o.Web != nil {
+		toSerialize["web"] = o.Web
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ApplicationVisibilityHide) UnmarshalJSON(bytes []byte) (err error) {
+	varApplicationVisibilityHide := _ApplicationVisibilityHide{}
+
+	err = json.Unmarshal(bytes, &varApplicationVisibilityHide)
+	if err == nil {
+		*o = ApplicationVisibilityHide(varApplicationVisibilityHide)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "iOS")
+		delete(additionalProperties, "web")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableApplicationVisibilityHide struct {
+	value *ApplicationVisibilityHide
+	isSet bool
+}
+
+func (v NullableApplicationVisibilityHide) Get() *ApplicationVisibilityHide {
+	return v.value
+}
+
+func (v *NullableApplicationVisibilityHide) Set(val *ApplicationVisibilityHide) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableApplicationVisibilityHide) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableApplicationVisibilityHide) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableApplicationVisibilityHide(val *ApplicationVisibilityHide) *NullableApplicationVisibilityHide {
+	return &NullableApplicationVisibilityHide{value: val, isSet: true}
+}
+
+func (v NullableApplicationVisibilityHide) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableApplicationVisibilityHide) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_assign_role_request.go b/okta/model_assign_role_request.go
new file mode 100644
index 000000000..b14461bf0
--- /dev/null
+++ b/okta/model_assign_role_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AssignRoleRequest struct for AssignRoleRequest
+type AssignRoleRequest struct {
+	Type                 *RoleType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AssignRoleRequest AssignRoleRequest
+
+// NewAssignRoleRequest instantiates a new AssignRoleRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAssignRoleRequest() *AssignRoleRequest {
+	this := AssignRoleRequest{}
+	return &this
+}
+
+// NewAssignRoleRequestWithDefaults instantiates a new AssignRoleRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAssignRoleRequestWithDefaults() *AssignRoleRequest {
+	this := AssignRoleRequest{}
+	return &this
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *AssignRoleRequest) GetType() RoleType {
+	if o == nil || o.Type == nil {
+		var ret RoleType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AssignRoleRequest) GetTypeOk() (*RoleType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *AssignRoleRequest) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given RoleType and assigns it to the Type field.
+func (o *AssignRoleRequest) SetType(v RoleType) {
+	o.Type = &v
+}
+
+func (o AssignRoleRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AssignRoleRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varAssignRoleRequest := _AssignRoleRequest{}
+
+	err = json.Unmarshal(bytes, &varAssignRoleRequest)
+	if err == nil {
+		*o = AssignRoleRequest(varAssignRoleRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAssignRoleRequest struct {
+	value *AssignRoleRequest
+	isSet bool
+}
+
+func (v NullableAssignRoleRequest) Get() *AssignRoleRequest {
+	return v.value
+}
+
+func (v *NullableAssignRoleRequest) Set(val *AssignRoleRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAssignRoleRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAssignRoleRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAssignRoleRequest(val *AssignRoleRequest) *NullableAssignRoleRequest {
+	return &NullableAssignRoleRequest{value: val, isSet: true}
+}
+
+func (v NullableAssignRoleRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAssignRoleRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authentication_provider.go b/okta/model_authentication_provider.go
new file mode 100644
index 000000000..d2bb078f0
--- /dev/null
+++ b/okta/model_authentication_provider.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthenticationProvider struct for AuthenticationProvider
+type AuthenticationProvider struct {
+	Name                 *string                     `json:"name,omitempty"`
+	Type                 *AuthenticationProviderType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthenticationProvider AuthenticationProvider
+
+// NewAuthenticationProvider instantiates a new AuthenticationProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthenticationProvider() *AuthenticationProvider {
+	this := AuthenticationProvider{}
+	return &this
+}
+
+// NewAuthenticationProviderWithDefaults instantiates a new AuthenticationProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthenticationProviderWithDefaults() *AuthenticationProvider {
+	this := AuthenticationProvider{}
+	return &this
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *AuthenticationProvider) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticationProvider) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *AuthenticationProvider) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *AuthenticationProvider) SetName(v string) {
+	o.Name = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *AuthenticationProvider) GetType() AuthenticationProviderType {
+	if o == nil || o.Type == nil {
+		var ret AuthenticationProviderType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticationProvider) GetTypeOk() (*AuthenticationProviderType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *AuthenticationProvider) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given AuthenticationProviderType and assigns it to the Type field.
+func (o *AuthenticationProvider) SetType(v AuthenticationProviderType) {
+	o.Type = &v
+}
+
+func (o AuthenticationProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthenticationProvider) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthenticationProvider := _AuthenticationProvider{}
+
+	err = json.Unmarshal(bytes, &varAuthenticationProvider)
+	if err == nil {
+		*o = AuthenticationProvider(varAuthenticationProvider)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthenticationProvider struct {
+	value *AuthenticationProvider
+	isSet bool
+}
+
+func (v NullableAuthenticationProvider) Get() *AuthenticationProvider {
+	return v.value
+}
+
+func (v *NullableAuthenticationProvider) Set(val *AuthenticationProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticationProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticationProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticationProvider(val *AuthenticationProvider) *NullableAuthenticationProvider {
+	return &NullableAuthenticationProvider{value: val, isSet: true}
+}
+
+func (v NullableAuthenticationProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticationProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authentication_provider_type.go b/okta/model_authentication_provider_type.go
new file mode 100644
index 000000000..54e431bb6
--- /dev/null
+++ b/okta/model_authentication_provider_type.go
@@ -0,0 +1,132 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AuthenticationProviderType the model 'AuthenticationProviderType'
+type AuthenticationProviderType string
+
+// List of AuthenticationProviderType
+const (
+	AUTHENTICATIONPROVIDERTYPE_ACTIVE_DIRECTORY AuthenticationProviderType = "ACTIVE_DIRECTORY"
+	AUTHENTICATIONPROVIDERTYPE_FEDERATION       AuthenticationProviderType = "FEDERATION"
+	AUTHENTICATIONPROVIDERTYPE_IMPORT           AuthenticationProviderType = "IMPORT"
+	AUTHENTICATIONPROVIDERTYPE_LDAP             AuthenticationProviderType = "LDAP"
+	AUTHENTICATIONPROVIDERTYPE_OKTA             AuthenticationProviderType = "OKTA"
+	AUTHENTICATIONPROVIDERTYPE_SOCIAL           AuthenticationProviderType = "SOCIAL"
+)
+
+// All allowed values of AuthenticationProviderType enum
+var AllowedAuthenticationProviderTypeEnumValues = []AuthenticationProviderType{
+	"ACTIVE_DIRECTORY",
+	"FEDERATION",
+	"IMPORT",
+	"LDAP",
+	"OKTA",
+	"SOCIAL",
+}
+
+func (v *AuthenticationProviderType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AuthenticationProviderType(value)
+	for _, existing := range AllowedAuthenticationProviderTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AuthenticationProviderType", value)
+}
+
+// NewAuthenticationProviderTypeFromValue returns a pointer to a valid AuthenticationProviderType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAuthenticationProviderTypeFromValue(v string) (*AuthenticationProviderType, error) {
+	ev := AuthenticationProviderType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AuthenticationProviderType: valid values are %v", v, AllowedAuthenticationProviderTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AuthenticationProviderType) IsValid() bool {
+	for _, existing := range AllowedAuthenticationProviderTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AuthenticationProviderType value
+func (v AuthenticationProviderType) Ptr() *AuthenticationProviderType {
+	return &v
+}
+
+type NullableAuthenticationProviderType struct {
+	value *AuthenticationProviderType
+	isSet bool
+}
+
+func (v NullableAuthenticationProviderType) Get() *AuthenticationProviderType {
+	return v.value
+}
+
+func (v *NullableAuthenticationProviderType) Set(val *AuthenticationProviderType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticationProviderType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticationProviderType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticationProviderType(val *AuthenticationProviderType) *NullableAuthenticationProviderType {
+	return &NullableAuthenticationProviderType{value: val, isSet: true}
+}
+
+func (v NullableAuthenticationProviderType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticationProviderType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authenticator.go b/okta/model_authenticator.go
new file mode 100644
index 000000000..a87094c41
--- /dev/null
+++ b/okta/model_authenticator.go
@@ -0,0 +1,492 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Authenticator struct for Authenticator
+type Authenticator struct {
+	Created              *time.Time                        `json:"created,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Key                  *string                           `json:"key,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Provider             *AuthenticatorProvider            `json:"provider,omitempty"`
+	Settings             *AuthenticatorSettings            `json:"settings,omitempty"`
+	Status               *AuthenticatorStatus              `json:"status,omitempty"`
+	Type                 *AuthenticatorType                `json:"type,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Authenticator Authenticator
+
+// NewAuthenticator instantiates a new Authenticator object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthenticator() *Authenticator {
+	this := Authenticator{}
+	return &this
+}
+
+// NewAuthenticatorWithDefaults instantiates a new Authenticator object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthenticatorWithDefaults() *Authenticator {
+	this := Authenticator{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Authenticator) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Authenticator) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Authenticator) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Authenticator) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Authenticator) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Authenticator) SetId(v string) {
+	o.Id = &v
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *Authenticator) GetKey() string {
+	if o == nil || o.Key == nil {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetKeyOk() (*string, bool) {
+	if o == nil || o.Key == nil {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *Authenticator) HasKey() bool {
+	if o != nil && o.Key != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *Authenticator) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *Authenticator) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *Authenticator) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *Authenticator) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *Authenticator) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *Authenticator) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *Authenticator) SetName(v string) {
+	o.Name = &v
+}
+
+// GetProvider returns the Provider field value if set, zero value otherwise.
+func (o *Authenticator) GetProvider() AuthenticatorProvider {
+	if o == nil || o.Provider == nil {
+		var ret AuthenticatorProvider
+		return ret
+	}
+	return *o.Provider
+}
+
+// GetProviderOk returns a tuple with the Provider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetProviderOk() (*AuthenticatorProvider, bool) {
+	if o == nil || o.Provider == nil {
+		return nil, false
+	}
+	return o.Provider, true
+}
+
+// HasProvider returns a boolean if a field has been set.
+func (o *Authenticator) HasProvider() bool {
+	if o != nil && o.Provider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProvider gets a reference to the given AuthenticatorProvider and assigns it to the Provider field.
+func (o *Authenticator) SetProvider(v AuthenticatorProvider) {
+	o.Provider = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *Authenticator) GetSettings() AuthenticatorSettings {
+	if o == nil || o.Settings == nil {
+		var ret AuthenticatorSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetSettingsOk() (*AuthenticatorSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *Authenticator) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given AuthenticatorSettings and assigns it to the Settings field.
+func (o *Authenticator) SetSettings(v AuthenticatorSettings) {
+	o.Settings = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Authenticator) GetStatus() AuthenticatorStatus {
+	if o == nil || o.Status == nil {
+		var ret AuthenticatorStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetStatusOk() (*AuthenticatorStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Authenticator) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given AuthenticatorStatus and assigns it to the Status field.
+func (o *Authenticator) SetStatus(v AuthenticatorStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *Authenticator) GetType() AuthenticatorType {
+	if o == nil || o.Type == nil {
+		var ret AuthenticatorType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetTypeOk() (*AuthenticatorType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *Authenticator) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given AuthenticatorType and assigns it to the Type field.
+func (o *Authenticator) SetType(v AuthenticatorType) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Authenticator) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Authenticator) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Authenticator) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *Authenticator) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o Authenticator) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Key != nil {
+		toSerialize["key"] = o.Key
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Provider != nil {
+		toSerialize["provider"] = o.Provider
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Authenticator) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthenticator := _Authenticator{}
+
+	err = json.Unmarshal(bytes, &varAuthenticator)
+	if err == nil {
+		*o = Authenticator(varAuthenticator)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "key")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "provider")
+		delete(additionalProperties, "settings")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthenticator struct {
+	value *Authenticator
+	isSet bool
+}
+
+func (v NullableAuthenticator) Get() *Authenticator {
+	return v.value
+}
+
+func (v *NullableAuthenticator) Set(val *Authenticator) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticator) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticator) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticator(val *Authenticator) *NullableAuthenticator {
+	return &NullableAuthenticator{value: val, isSet: true}
+}
+
+func (v NullableAuthenticator) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticator) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authenticator_provider.go b/okta/model_authenticator_provider.go
new file mode 100644
index 000000000..5b54dcfab
--- /dev/null
+++ b/okta/model_authenticator_provider.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthenticatorProvider struct for AuthenticatorProvider
+type AuthenticatorProvider struct {
+	Configuration        *AuthenticatorProviderConfiguration `json:"configuration,omitempty"`
+	Type                 *string                             `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthenticatorProvider AuthenticatorProvider
+
+// NewAuthenticatorProvider instantiates a new AuthenticatorProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthenticatorProvider() *AuthenticatorProvider {
+	this := AuthenticatorProvider{}
+	return &this
+}
+
+// NewAuthenticatorProviderWithDefaults instantiates a new AuthenticatorProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthenticatorProviderWithDefaults() *AuthenticatorProvider {
+	this := AuthenticatorProvider{}
+	return &this
+}
+
+// GetConfiguration returns the Configuration field value if set, zero value otherwise.
+func (o *AuthenticatorProvider) GetConfiguration() AuthenticatorProviderConfiguration {
+	if o == nil || o.Configuration == nil {
+		var ret AuthenticatorProviderConfiguration
+		return ret
+	}
+	return *o.Configuration
+}
+
+// GetConfigurationOk returns a tuple with the Configuration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProvider) GetConfigurationOk() (*AuthenticatorProviderConfiguration, bool) {
+	if o == nil || o.Configuration == nil {
+		return nil, false
+	}
+	return o.Configuration, true
+}
+
+// HasConfiguration returns a boolean if a field has been set.
+func (o *AuthenticatorProvider) HasConfiguration() bool {
+	if o != nil && o.Configuration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfiguration gets a reference to the given AuthenticatorProviderConfiguration and assigns it to the Configuration field.
+func (o *AuthenticatorProvider) SetConfiguration(v AuthenticatorProviderConfiguration) {
+	o.Configuration = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *AuthenticatorProvider) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProvider) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *AuthenticatorProvider) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *AuthenticatorProvider) SetType(v string) {
+	o.Type = &v
+}
+
+func (o AuthenticatorProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Configuration != nil {
+		toSerialize["configuration"] = o.Configuration
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthenticatorProvider) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthenticatorProvider := _AuthenticatorProvider{}
+
+	err = json.Unmarshal(bytes, &varAuthenticatorProvider)
+	if err == nil {
+		*o = AuthenticatorProvider(varAuthenticatorProvider)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "configuration")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthenticatorProvider struct {
+	value *AuthenticatorProvider
+	isSet bool
+}
+
+func (v NullableAuthenticatorProvider) Get() *AuthenticatorProvider {
+	return v.value
+}
+
+func (v *NullableAuthenticatorProvider) Set(val *AuthenticatorProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticatorProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticatorProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticatorProvider(val *AuthenticatorProvider) *NullableAuthenticatorProvider {
+	return &NullableAuthenticatorProvider{value: val, isSet: true}
+}
+
+func (v NullableAuthenticatorProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticatorProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authenticator_provider_configuration.go b/okta/model_authenticator_provider_configuration.go
new file mode 100644
index 000000000..ca93421c6
--- /dev/null
+++ b/okta/model_authenticator_provider_configuration.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthenticatorProviderConfiguration struct for AuthenticatorProviderConfiguration
+type AuthenticatorProviderConfiguration struct {
+	AuthPort             *int32                                              `json:"authPort,omitempty"`
+	HostName             *string                                             `json:"hostName,omitempty"`
+	InstanceId           *string                                             `json:"instanceId,omitempty"`
+	SharedSecret         *string                                             `json:"sharedSecret,omitempty"`
+	UserNameTemplate     *AuthenticatorProviderConfigurationUserNameTemplate `json:"userNameTemplate,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthenticatorProviderConfiguration AuthenticatorProviderConfiguration
+
+// NewAuthenticatorProviderConfiguration instantiates a new AuthenticatorProviderConfiguration object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthenticatorProviderConfiguration() *AuthenticatorProviderConfiguration {
+	this := AuthenticatorProviderConfiguration{}
+	return &this
+}
+
+// NewAuthenticatorProviderConfigurationWithDefaults instantiates a new AuthenticatorProviderConfiguration object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthenticatorProviderConfigurationWithDefaults() *AuthenticatorProviderConfiguration {
+	this := AuthenticatorProviderConfiguration{}
+	return &this
+}
+
+// GetAuthPort returns the AuthPort field value if set, zero value otherwise.
+func (o *AuthenticatorProviderConfiguration) GetAuthPort() int32 {
+	if o == nil || o.AuthPort == nil {
+		var ret int32
+		return ret
+	}
+	return *o.AuthPort
+}
+
+// GetAuthPortOk returns a tuple with the AuthPort field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProviderConfiguration) GetAuthPortOk() (*int32, bool) {
+	if o == nil || o.AuthPort == nil {
+		return nil, false
+	}
+	return o.AuthPort, true
+}
+
+// HasAuthPort returns a boolean if a field has been set.
+func (o *AuthenticatorProviderConfiguration) HasAuthPort() bool {
+	if o != nil && o.AuthPort != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthPort gets a reference to the given int32 and assigns it to the AuthPort field.
+func (o *AuthenticatorProviderConfiguration) SetAuthPort(v int32) {
+	o.AuthPort = &v
+}
+
+// GetHostName returns the HostName field value if set, zero value otherwise.
+func (o *AuthenticatorProviderConfiguration) GetHostName() string {
+	if o == nil || o.HostName == nil {
+		var ret string
+		return ret
+	}
+	return *o.HostName
+}
+
+// GetHostNameOk returns a tuple with the HostName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProviderConfiguration) GetHostNameOk() (*string, bool) {
+	if o == nil || o.HostName == nil {
+		return nil, false
+	}
+	return o.HostName, true
+}
+
+// HasHostName returns a boolean if a field has been set.
+func (o *AuthenticatorProviderConfiguration) HasHostName() bool {
+	if o != nil && o.HostName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHostName gets a reference to the given string and assigns it to the HostName field.
+func (o *AuthenticatorProviderConfiguration) SetHostName(v string) {
+	o.HostName = &v
+}
+
+// GetInstanceId returns the InstanceId field value if set, zero value otherwise.
+func (o *AuthenticatorProviderConfiguration) GetInstanceId() string {
+	if o == nil || o.InstanceId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InstanceId
+}
+
+// GetInstanceIdOk returns a tuple with the InstanceId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProviderConfiguration) GetInstanceIdOk() (*string, bool) {
+	if o == nil || o.InstanceId == nil {
+		return nil, false
+	}
+	return o.InstanceId, true
+}
+
+// HasInstanceId returns a boolean if a field has been set.
+func (o *AuthenticatorProviderConfiguration) HasInstanceId() bool {
+	if o != nil && o.InstanceId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInstanceId gets a reference to the given string and assigns it to the InstanceId field.
+func (o *AuthenticatorProviderConfiguration) SetInstanceId(v string) {
+	o.InstanceId = &v
+}
+
+// GetSharedSecret returns the SharedSecret field value if set, zero value otherwise.
+func (o *AuthenticatorProviderConfiguration) GetSharedSecret() string {
+	if o == nil || o.SharedSecret == nil {
+		var ret string
+		return ret
+	}
+	return *o.SharedSecret
+}
+
+// GetSharedSecretOk returns a tuple with the SharedSecret field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProviderConfiguration) GetSharedSecretOk() (*string, bool) {
+	if o == nil || o.SharedSecret == nil {
+		return nil, false
+	}
+	return o.SharedSecret, true
+}
+
+// HasSharedSecret returns a boolean if a field has been set.
+func (o *AuthenticatorProviderConfiguration) HasSharedSecret() bool {
+	if o != nil && o.SharedSecret != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSharedSecret gets a reference to the given string and assigns it to the SharedSecret field.
+func (o *AuthenticatorProviderConfiguration) SetSharedSecret(v string) {
+	o.SharedSecret = &v
+}
+
+// GetUserNameTemplate returns the UserNameTemplate field value if set, zero value otherwise.
+func (o *AuthenticatorProviderConfiguration) GetUserNameTemplate() AuthenticatorProviderConfigurationUserNameTemplate {
+	if o == nil || o.UserNameTemplate == nil {
+		var ret AuthenticatorProviderConfigurationUserNameTemplate
+		return ret
+	}
+	return *o.UserNameTemplate
+}
+
+// GetUserNameTemplateOk returns a tuple with the UserNameTemplate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProviderConfiguration) GetUserNameTemplateOk() (*AuthenticatorProviderConfigurationUserNameTemplate, bool) {
+	if o == nil || o.UserNameTemplate == nil {
+		return nil, false
+	}
+	return o.UserNameTemplate, true
+}
+
+// HasUserNameTemplate returns a boolean if a field has been set.
+func (o *AuthenticatorProviderConfiguration) HasUserNameTemplate() bool {
+	if o != nil && o.UserNameTemplate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserNameTemplate gets a reference to the given AuthenticatorProviderConfigurationUserNameTemplate and assigns it to the UserNameTemplate field.
+func (o *AuthenticatorProviderConfiguration) SetUserNameTemplate(v AuthenticatorProviderConfigurationUserNameTemplate) {
+	o.UserNameTemplate = &v
+}
+
+func (o AuthenticatorProviderConfiguration) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthPort != nil {
+		toSerialize["authPort"] = o.AuthPort
+	}
+	if o.HostName != nil {
+		toSerialize["hostName"] = o.HostName
+	}
+	if o.InstanceId != nil {
+		toSerialize["instanceId"] = o.InstanceId
+	}
+	if o.SharedSecret != nil {
+		toSerialize["sharedSecret"] = o.SharedSecret
+	}
+	if o.UserNameTemplate != nil {
+		toSerialize["userNameTemplate"] = o.UserNameTemplate
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthenticatorProviderConfiguration) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthenticatorProviderConfiguration := _AuthenticatorProviderConfiguration{}
+
+	err = json.Unmarshal(bytes, &varAuthenticatorProviderConfiguration)
+	if err == nil {
+		*o = AuthenticatorProviderConfiguration(varAuthenticatorProviderConfiguration)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authPort")
+		delete(additionalProperties, "hostName")
+		delete(additionalProperties, "instanceId")
+		delete(additionalProperties, "sharedSecret")
+		delete(additionalProperties, "userNameTemplate")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthenticatorProviderConfiguration struct {
+	value *AuthenticatorProviderConfiguration
+	isSet bool
+}
+
+func (v NullableAuthenticatorProviderConfiguration) Get() *AuthenticatorProviderConfiguration {
+	return v.value
+}
+
+func (v *NullableAuthenticatorProviderConfiguration) Set(val *AuthenticatorProviderConfiguration) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticatorProviderConfiguration) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticatorProviderConfiguration) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticatorProviderConfiguration(val *AuthenticatorProviderConfiguration) *NullableAuthenticatorProviderConfiguration {
+	return &NullableAuthenticatorProviderConfiguration{value: val, isSet: true}
+}
+
+func (v NullableAuthenticatorProviderConfiguration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticatorProviderConfiguration) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authenticator_provider_configuration_user_name_template.go b/okta/model_authenticator_provider_configuration_user_name_template.go
new file mode 100644
index 000000000..93119152a
--- /dev/null
+++ b/okta/model_authenticator_provider_configuration_user_name_template.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthenticatorProviderConfigurationUserNameTemplate struct for AuthenticatorProviderConfigurationUserNameTemplate
+type AuthenticatorProviderConfigurationUserNameTemplate struct {
+	Template             *string `json:"template,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthenticatorProviderConfigurationUserNameTemplate AuthenticatorProviderConfigurationUserNameTemplate
+
+// NewAuthenticatorProviderConfigurationUserNameTemplate instantiates a new AuthenticatorProviderConfigurationUserNameTemplate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthenticatorProviderConfigurationUserNameTemplate() *AuthenticatorProviderConfigurationUserNameTemplate {
+	this := AuthenticatorProviderConfigurationUserNameTemplate{}
+	return &this
+}
+
+// NewAuthenticatorProviderConfigurationUserNameTemplateWithDefaults instantiates a new AuthenticatorProviderConfigurationUserNameTemplate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthenticatorProviderConfigurationUserNameTemplateWithDefaults() *AuthenticatorProviderConfigurationUserNameTemplate {
+	this := AuthenticatorProviderConfigurationUserNameTemplate{}
+	return &this
+}
+
+// GetTemplate returns the Template field value if set, zero value otherwise.
+func (o *AuthenticatorProviderConfigurationUserNameTemplate) GetTemplate() string {
+	if o == nil || o.Template == nil {
+		var ret string
+		return ret
+	}
+	return *o.Template
+}
+
+// GetTemplateOk returns a tuple with the Template field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorProviderConfigurationUserNameTemplate) GetTemplateOk() (*string, bool) {
+	if o == nil || o.Template == nil {
+		return nil, false
+	}
+	return o.Template, true
+}
+
+// HasTemplate returns a boolean if a field has been set.
+func (o *AuthenticatorProviderConfigurationUserNameTemplate) HasTemplate() bool {
+	if o != nil && o.Template != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTemplate gets a reference to the given string and assigns it to the Template field.
+func (o *AuthenticatorProviderConfigurationUserNameTemplate) SetTemplate(v string) {
+	o.Template = &v
+}
+
+func (o AuthenticatorProviderConfigurationUserNameTemplate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Template != nil {
+		toSerialize["template"] = o.Template
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthenticatorProviderConfigurationUserNameTemplate) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthenticatorProviderConfigurationUserNameTemplate := _AuthenticatorProviderConfigurationUserNameTemplate{}
+
+	err = json.Unmarshal(bytes, &varAuthenticatorProviderConfigurationUserNameTemplate)
+	if err == nil {
+		*o = AuthenticatorProviderConfigurationUserNameTemplate(varAuthenticatorProviderConfigurationUserNameTemplate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "template")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthenticatorProviderConfigurationUserNameTemplate struct {
+	value *AuthenticatorProviderConfigurationUserNameTemplate
+	isSet bool
+}
+
+func (v NullableAuthenticatorProviderConfigurationUserNameTemplate) Get() *AuthenticatorProviderConfigurationUserNameTemplate {
+	return v.value
+}
+
+func (v *NullableAuthenticatorProviderConfigurationUserNameTemplate) Set(val *AuthenticatorProviderConfigurationUserNameTemplate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticatorProviderConfigurationUserNameTemplate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticatorProviderConfigurationUserNameTemplate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticatorProviderConfigurationUserNameTemplate(val *AuthenticatorProviderConfigurationUserNameTemplate) *NullableAuthenticatorProviderConfigurationUserNameTemplate {
+	return &NullableAuthenticatorProviderConfigurationUserNameTemplate{value: val, isSet: true}
+}
+
+func (v NullableAuthenticatorProviderConfigurationUserNameTemplate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticatorProviderConfigurationUserNameTemplate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authenticator_settings.go b/okta/model_authenticator_settings.go
new file mode 100644
index 000000000..57674333c
--- /dev/null
+++ b/okta/model_authenticator_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthenticatorSettings struct for AuthenticatorSettings
+type AuthenticatorSettings struct {
+	AllowedFor             *AllowedForEnum       `json:"allowedFor,omitempty"`
+	AppInstanceId          *string               `json:"appInstanceId,omitempty"`
+	ChannelBinding         *ChannelBinding       `json:"channelBinding,omitempty"`
+	Compliance             *Compliance           `json:"compliance,omitempty"`
+	TokenLifetimeInMinutes *int32                `json:"tokenLifetimeInMinutes,omitempty"`
+	UserVerification       *UserVerificationEnum `json:"userVerification,omitempty"`
+	AdditionalProperties   map[string]interface{}
+}
+
+type _AuthenticatorSettings AuthenticatorSettings
+
+// NewAuthenticatorSettings instantiates a new AuthenticatorSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthenticatorSettings() *AuthenticatorSettings {
+	this := AuthenticatorSettings{}
+	return &this
+}
+
+// NewAuthenticatorSettingsWithDefaults instantiates a new AuthenticatorSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthenticatorSettingsWithDefaults() *AuthenticatorSettings {
+	this := AuthenticatorSettings{}
+	return &this
+}
+
+// GetAllowedFor returns the AllowedFor field value if set, zero value otherwise.
+func (o *AuthenticatorSettings) GetAllowedFor() AllowedForEnum {
+	if o == nil || o.AllowedFor == nil {
+		var ret AllowedForEnum
+		return ret
+	}
+	return *o.AllowedFor
+}
+
+// GetAllowedForOk returns a tuple with the AllowedFor field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorSettings) GetAllowedForOk() (*AllowedForEnum, bool) {
+	if o == nil || o.AllowedFor == nil {
+		return nil, false
+	}
+	return o.AllowedFor, true
+}
+
+// HasAllowedFor returns a boolean if a field has been set.
+func (o *AuthenticatorSettings) HasAllowedFor() bool {
+	if o != nil && o.AllowedFor != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAllowedFor gets a reference to the given AllowedForEnum and assigns it to the AllowedFor field.
+func (o *AuthenticatorSettings) SetAllowedFor(v AllowedForEnum) {
+	o.AllowedFor = &v
+}
+
+// GetAppInstanceId returns the AppInstanceId field value if set, zero value otherwise.
+func (o *AuthenticatorSettings) GetAppInstanceId() string {
+	if o == nil || o.AppInstanceId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AppInstanceId
+}
+
+// GetAppInstanceIdOk returns a tuple with the AppInstanceId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorSettings) GetAppInstanceIdOk() (*string, bool) {
+	if o == nil || o.AppInstanceId == nil {
+		return nil, false
+	}
+	return o.AppInstanceId, true
+}
+
+// HasAppInstanceId returns a boolean if a field has been set.
+func (o *AuthenticatorSettings) HasAppInstanceId() bool {
+	if o != nil && o.AppInstanceId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppInstanceId gets a reference to the given string and assigns it to the AppInstanceId field.
+func (o *AuthenticatorSettings) SetAppInstanceId(v string) {
+	o.AppInstanceId = &v
+}
+
+// GetChannelBinding returns the ChannelBinding field value if set, zero value otherwise.
+func (o *AuthenticatorSettings) GetChannelBinding() ChannelBinding {
+	if o == nil || o.ChannelBinding == nil {
+		var ret ChannelBinding
+		return ret
+	}
+	return *o.ChannelBinding
+}
+
+// GetChannelBindingOk returns a tuple with the ChannelBinding field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorSettings) GetChannelBindingOk() (*ChannelBinding, bool) {
+	if o == nil || o.ChannelBinding == nil {
+		return nil, false
+	}
+	return o.ChannelBinding, true
+}
+
+// HasChannelBinding returns a boolean if a field has been set.
+func (o *AuthenticatorSettings) HasChannelBinding() bool {
+	if o != nil && o.ChannelBinding != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChannelBinding gets a reference to the given ChannelBinding and assigns it to the ChannelBinding field.
+func (o *AuthenticatorSettings) SetChannelBinding(v ChannelBinding) {
+	o.ChannelBinding = &v
+}
+
+// GetCompliance returns the Compliance field value if set, zero value otherwise.
+func (o *AuthenticatorSettings) GetCompliance() Compliance {
+	if o == nil || o.Compliance == nil {
+		var ret Compliance
+		return ret
+	}
+	return *o.Compliance
+}
+
+// GetComplianceOk returns a tuple with the Compliance field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorSettings) GetComplianceOk() (*Compliance, bool) {
+	if o == nil || o.Compliance == nil {
+		return nil, false
+	}
+	return o.Compliance, true
+}
+
+// HasCompliance returns a boolean if a field has been set.
+func (o *AuthenticatorSettings) HasCompliance() bool {
+	if o != nil && o.Compliance != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCompliance gets a reference to the given Compliance and assigns it to the Compliance field.
+func (o *AuthenticatorSettings) SetCompliance(v Compliance) {
+	o.Compliance = &v
+}
+
+// GetTokenLifetimeInMinutes returns the TokenLifetimeInMinutes field value if set, zero value otherwise.
+func (o *AuthenticatorSettings) GetTokenLifetimeInMinutes() int32 {
+	if o == nil || o.TokenLifetimeInMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.TokenLifetimeInMinutes
+}
+
+// GetTokenLifetimeInMinutesOk returns a tuple with the TokenLifetimeInMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorSettings) GetTokenLifetimeInMinutesOk() (*int32, bool) {
+	if o == nil || o.TokenLifetimeInMinutes == nil {
+		return nil, false
+	}
+	return o.TokenLifetimeInMinutes, true
+}
+
+// HasTokenLifetimeInMinutes returns a boolean if a field has been set.
+func (o *AuthenticatorSettings) HasTokenLifetimeInMinutes() bool {
+	if o != nil && o.TokenLifetimeInMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenLifetimeInMinutes gets a reference to the given int32 and assigns it to the TokenLifetimeInMinutes field.
+func (o *AuthenticatorSettings) SetTokenLifetimeInMinutes(v int32) {
+	o.TokenLifetimeInMinutes = &v
+}
+
+// GetUserVerification returns the UserVerification field value if set, zero value otherwise.
+func (o *AuthenticatorSettings) GetUserVerification() UserVerificationEnum {
+	if o == nil || o.UserVerification == nil {
+		var ret UserVerificationEnum
+		return ret
+	}
+	return *o.UserVerification
+}
+
+// GetUserVerificationOk returns a tuple with the UserVerification field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthenticatorSettings) GetUserVerificationOk() (*UserVerificationEnum, bool) {
+	if o == nil || o.UserVerification == nil {
+		return nil, false
+	}
+	return o.UserVerification, true
+}
+
+// HasUserVerification returns a boolean if a field has been set.
+func (o *AuthenticatorSettings) HasUserVerification() bool {
+	if o != nil && o.UserVerification != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserVerification gets a reference to the given UserVerificationEnum and assigns it to the UserVerification field.
+func (o *AuthenticatorSettings) SetUserVerification(v UserVerificationEnum) {
+	o.UserVerification = &v
+}
+
+func (o AuthenticatorSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AllowedFor != nil {
+		toSerialize["allowedFor"] = o.AllowedFor
+	}
+	if o.AppInstanceId != nil {
+		toSerialize["appInstanceId"] = o.AppInstanceId
+	}
+	if o.ChannelBinding != nil {
+		toSerialize["channelBinding"] = o.ChannelBinding
+	}
+	if o.Compliance != nil {
+		toSerialize["compliance"] = o.Compliance
+	}
+	if o.TokenLifetimeInMinutes != nil {
+		toSerialize["tokenLifetimeInMinutes"] = o.TokenLifetimeInMinutes
+	}
+	if o.UserVerification != nil {
+		toSerialize["userVerification"] = o.UserVerification
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthenticatorSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthenticatorSettings := _AuthenticatorSettings{}
+
+	err = json.Unmarshal(bytes, &varAuthenticatorSettings)
+	if err == nil {
+		*o = AuthenticatorSettings(varAuthenticatorSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "allowedFor")
+		delete(additionalProperties, "appInstanceId")
+		delete(additionalProperties, "channelBinding")
+		delete(additionalProperties, "compliance")
+		delete(additionalProperties, "tokenLifetimeInMinutes")
+		delete(additionalProperties, "userVerification")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthenticatorSettings struct {
+	value *AuthenticatorSettings
+	isSet bool
+}
+
+func (v NullableAuthenticatorSettings) Get() *AuthenticatorSettings {
+	return v.value
+}
+
+func (v *NullableAuthenticatorSettings) Set(val *AuthenticatorSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticatorSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticatorSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticatorSettings(val *AuthenticatorSettings) *NullableAuthenticatorSettings {
+	return &NullableAuthenticatorSettings{value: val, isSet: true}
+}
+
+func (v NullableAuthenticatorSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticatorSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authenticator_status.go b/okta/model_authenticator_status.go
new file mode 100644
index 000000000..68662b472
--- /dev/null
+++ b/okta/model_authenticator_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AuthenticatorStatus the model 'AuthenticatorStatus'
+type AuthenticatorStatus string
+
+// List of AuthenticatorStatus
+const (
+	AUTHENTICATORSTATUS_ACTIVE   AuthenticatorStatus = "ACTIVE"
+	AUTHENTICATORSTATUS_INACTIVE AuthenticatorStatus = "INACTIVE"
+)
+
+// All allowed values of AuthenticatorStatus enum
+var AllowedAuthenticatorStatusEnumValues = []AuthenticatorStatus{
+	"ACTIVE",
+	"INACTIVE",
+}
+
+func (v *AuthenticatorStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AuthenticatorStatus(value)
+	for _, existing := range AllowedAuthenticatorStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AuthenticatorStatus", value)
+}
+
+// NewAuthenticatorStatusFromValue returns a pointer to a valid AuthenticatorStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAuthenticatorStatusFromValue(v string) (*AuthenticatorStatus, error) {
+	ev := AuthenticatorStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AuthenticatorStatus: valid values are %v", v, AllowedAuthenticatorStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AuthenticatorStatus) IsValid() bool {
+	for _, existing := range AllowedAuthenticatorStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AuthenticatorStatus value
+func (v AuthenticatorStatus) Ptr() *AuthenticatorStatus {
+	return &v
+}
+
+type NullableAuthenticatorStatus struct {
+	value *AuthenticatorStatus
+	isSet bool
+}
+
+func (v NullableAuthenticatorStatus) Get() *AuthenticatorStatus {
+	return v.value
+}
+
+func (v *NullableAuthenticatorStatus) Set(val *AuthenticatorStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticatorStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticatorStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticatorStatus(val *AuthenticatorStatus) *NullableAuthenticatorStatus {
+	return &NullableAuthenticatorStatus{value: val, isSet: true}
+}
+
+func (v NullableAuthenticatorStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticatorStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authenticator_type.go b/okta/model_authenticator_type.go
new file mode 100644
index 000000000..406807bbc
--- /dev/null
+++ b/okta/model_authenticator_type.go
@@ -0,0 +1,134 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AuthenticatorType the model 'AuthenticatorType'
+type AuthenticatorType string
+
+// List of AuthenticatorType
+const (
+	AUTHENTICATORTYPE_APP               AuthenticatorType = "app"
+	AUTHENTICATORTYPE_EMAIL             AuthenticatorType = "email"
+	AUTHENTICATORTYPE_FEDERATED         AuthenticatorType = "federated"
+	AUTHENTICATORTYPE_PASSWORD          AuthenticatorType = "password"
+	AUTHENTICATORTYPE_PHONE             AuthenticatorType = "phone"
+	AUTHENTICATORTYPE_SECURITY_KEY      AuthenticatorType = "security_key"
+	AUTHENTICATORTYPE_SECURITY_QUESTION AuthenticatorType = "security_question"
+)
+
+// All allowed values of AuthenticatorType enum
+var AllowedAuthenticatorTypeEnumValues = []AuthenticatorType{
+	"app",
+	"email",
+	"federated",
+	"password",
+	"phone",
+	"security_key",
+	"security_question",
+}
+
+func (v *AuthenticatorType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AuthenticatorType(value)
+	for _, existing := range AllowedAuthenticatorTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AuthenticatorType", value)
+}
+
+// NewAuthenticatorTypeFromValue returns a pointer to a valid AuthenticatorType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAuthenticatorTypeFromValue(v string) (*AuthenticatorType, error) {
+	ev := AuthenticatorType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AuthenticatorType: valid values are %v", v, AllowedAuthenticatorTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AuthenticatorType) IsValid() bool {
+	for _, existing := range AllowedAuthenticatorTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AuthenticatorType value
+func (v AuthenticatorType) Ptr() *AuthenticatorType {
+	return &v
+}
+
+type NullableAuthenticatorType struct {
+	value *AuthenticatorType
+	isSet bool
+}
+
+func (v NullableAuthenticatorType) Get() *AuthenticatorType {
+	return v.value
+}
+
+func (v *NullableAuthenticatorType) Set(val *AuthenticatorType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthenticatorType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthenticatorType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthenticatorType(val *AuthenticatorType) *NullableAuthenticatorType {
+	return &NullableAuthenticatorType{value: val, isSet: true}
+}
+
+func (v NullableAuthenticatorType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthenticatorType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server.go b/okta/model_authorization_server.go
new file mode 100644
index 000000000..6beecc2af
--- /dev/null
+++ b/okta/model_authorization_server.go
@@ -0,0 +1,529 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// AuthorizationServer struct for AuthorizationServer
+type AuthorizationServer struct {
+	Audiences            []string                          `json:"audiences,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	Credentials          *AuthorizationServerCredentials   `json:"credentials,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Issuer               *string                           `json:"issuer,omitempty"`
+	IssuerMode           *IssuerMode                       `json:"issuerMode,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Status               *LifecycleStatus                  `json:"status,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServer AuthorizationServer
+
+// NewAuthorizationServer instantiates a new AuthorizationServer object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServer() *AuthorizationServer {
+	this := AuthorizationServer{}
+	return &this
+}
+
+// NewAuthorizationServerWithDefaults instantiates a new AuthorizationServer object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerWithDefaults() *AuthorizationServer {
+	this := AuthorizationServer{}
+	return &this
+}
+
+// GetAudiences returns the Audiences field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetAudiences() []string {
+	if o == nil || o.Audiences == nil {
+		var ret []string
+		return ret
+	}
+	return o.Audiences
+}
+
+// GetAudiencesOk returns a tuple with the Audiences field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetAudiencesOk() ([]string, bool) {
+	if o == nil || o.Audiences == nil {
+		return nil, false
+	}
+	return o.Audiences, true
+}
+
+// HasAudiences returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasAudiences() bool {
+	if o != nil && o.Audiences != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAudiences gets a reference to the given []string and assigns it to the Audiences field.
+func (o *AuthorizationServer) SetAudiences(v []string) {
+	o.Audiences = v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *AuthorizationServer) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetCredentials() AuthorizationServerCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret AuthorizationServerCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetCredentialsOk() (*AuthorizationServerCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given AuthorizationServerCredentials and assigns it to the Credentials field.
+func (o *AuthorizationServer) SetCredentials(v AuthorizationServerCredentials) {
+	o.Credentials = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *AuthorizationServer) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *AuthorizationServer) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetIssuer() string {
+	if o == nil || o.Issuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetIssuerOk() (*string, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given string and assigns it to the Issuer field.
+func (o *AuthorizationServer) SetIssuer(v string) {
+	o.Issuer = &v
+}
+
+// GetIssuerMode returns the IssuerMode field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetIssuerMode() IssuerMode {
+	if o == nil || o.IssuerMode == nil {
+		var ret IssuerMode
+		return ret
+	}
+	return *o.IssuerMode
+}
+
+// GetIssuerModeOk returns a tuple with the IssuerMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetIssuerModeOk() (*IssuerMode, bool) {
+	if o == nil || o.IssuerMode == nil {
+		return nil, false
+	}
+	return o.IssuerMode, true
+}
+
+// HasIssuerMode returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasIssuerMode() bool {
+	if o != nil && o.IssuerMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuerMode gets a reference to the given IssuerMode and assigns it to the IssuerMode field.
+func (o *AuthorizationServer) SetIssuerMode(v IssuerMode) {
+	o.IssuerMode = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *AuthorizationServer) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *AuthorizationServer) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *AuthorizationServer) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *AuthorizationServer) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServer) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *AuthorizationServer) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *AuthorizationServer) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o AuthorizationServer) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Audiences != nil {
+		toSerialize["audiences"] = o.Audiences
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+	if o.IssuerMode != nil {
+		toSerialize["issuerMode"] = o.IssuerMode
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServer) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServer := _AuthorizationServer{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServer)
+	if err == nil {
+		*o = AuthorizationServer(varAuthorizationServer)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "audiences")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "issuer")
+		delete(additionalProperties, "issuerMode")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServer struct {
+	value *AuthorizationServer
+	isSet bool
+}
+
+func (v NullableAuthorizationServer) Get() *AuthorizationServer {
+	return v.value
+}
+
+func (v *NullableAuthorizationServer) Set(val *AuthorizationServer) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServer) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServer) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServer(val *AuthorizationServer) *NullableAuthorizationServer {
+	return &NullableAuthorizationServer{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServer) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServer) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_credentials.go b/okta/model_authorization_server_credentials.go
new file mode 100644
index 000000000..29ae8e987
--- /dev/null
+++ b/okta/model_authorization_server_credentials.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthorizationServerCredentials struct for AuthorizationServerCredentials
+type AuthorizationServerCredentials struct {
+	Signing              *AuthorizationServerCredentialsSigningConfig `json:"signing,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServerCredentials AuthorizationServerCredentials
+
+// NewAuthorizationServerCredentials instantiates a new AuthorizationServerCredentials object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerCredentials() *AuthorizationServerCredentials {
+	this := AuthorizationServerCredentials{}
+	return &this
+}
+
+// NewAuthorizationServerCredentialsWithDefaults instantiates a new AuthorizationServerCredentials object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerCredentialsWithDefaults() *AuthorizationServerCredentials {
+	this := AuthorizationServerCredentials{}
+	return &this
+}
+
+// GetSigning returns the Signing field value if set, zero value otherwise.
+func (o *AuthorizationServerCredentials) GetSigning() AuthorizationServerCredentialsSigningConfig {
+	if o == nil || o.Signing == nil {
+		var ret AuthorizationServerCredentialsSigningConfig
+		return ret
+	}
+	return *o.Signing
+}
+
+// GetSigningOk returns a tuple with the Signing field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerCredentials) GetSigningOk() (*AuthorizationServerCredentialsSigningConfig, bool) {
+	if o == nil || o.Signing == nil {
+		return nil, false
+	}
+	return o.Signing, true
+}
+
+// HasSigning returns a boolean if a field has been set.
+func (o *AuthorizationServerCredentials) HasSigning() bool {
+	if o != nil && o.Signing != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSigning gets a reference to the given AuthorizationServerCredentialsSigningConfig and assigns it to the Signing field.
+func (o *AuthorizationServerCredentials) SetSigning(v AuthorizationServerCredentialsSigningConfig) {
+	o.Signing = &v
+}
+
+func (o AuthorizationServerCredentials) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Signing != nil {
+		toSerialize["signing"] = o.Signing
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerCredentials) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServerCredentials := _AuthorizationServerCredentials{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerCredentials)
+	if err == nil {
+		*o = AuthorizationServerCredentials(varAuthorizationServerCredentials)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signing")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerCredentials struct {
+	value *AuthorizationServerCredentials
+	isSet bool
+}
+
+func (v NullableAuthorizationServerCredentials) Get() *AuthorizationServerCredentials {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerCredentials) Set(val *AuthorizationServerCredentials) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerCredentials) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerCredentials) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerCredentials(val *AuthorizationServerCredentials) *NullableAuthorizationServerCredentials {
+	return &NullableAuthorizationServerCredentials{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerCredentials) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerCredentials) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_credentials_rotation_mode.go b/okta/model_authorization_server_credentials_rotation_mode.go
new file mode 100644
index 000000000..6d3f48139
--- /dev/null
+++ b/okta/model_authorization_server_credentials_rotation_mode.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AuthorizationServerCredentialsRotationMode the model 'AuthorizationServerCredentialsRotationMode'
+type AuthorizationServerCredentialsRotationMode string
+
+// List of AuthorizationServerCredentialsRotationMode
+const (
+	AUTHORIZATIONSERVERCREDENTIALSROTATIONMODE_AUTO   AuthorizationServerCredentialsRotationMode = "AUTO"
+	AUTHORIZATIONSERVERCREDENTIALSROTATIONMODE_MANUAL AuthorizationServerCredentialsRotationMode = "MANUAL"
+)
+
+// All allowed values of AuthorizationServerCredentialsRotationMode enum
+var AllowedAuthorizationServerCredentialsRotationModeEnumValues = []AuthorizationServerCredentialsRotationMode{
+	"AUTO",
+	"MANUAL",
+}
+
+func (v *AuthorizationServerCredentialsRotationMode) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AuthorizationServerCredentialsRotationMode(value)
+	for _, existing := range AllowedAuthorizationServerCredentialsRotationModeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AuthorizationServerCredentialsRotationMode", value)
+}
+
+// NewAuthorizationServerCredentialsRotationModeFromValue returns a pointer to a valid AuthorizationServerCredentialsRotationMode
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAuthorizationServerCredentialsRotationModeFromValue(v string) (*AuthorizationServerCredentialsRotationMode, error) {
+	ev := AuthorizationServerCredentialsRotationMode(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AuthorizationServerCredentialsRotationMode: valid values are %v", v, AllowedAuthorizationServerCredentialsRotationModeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AuthorizationServerCredentialsRotationMode) IsValid() bool {
+	for _, existing := range AllowedAuthorizationServerCredentialsRotationModeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AuthorizationServerCredentialsRotationMode value
+func (v AuthorizationServerCredentialsRotationMode) Ptr() *AuthorizationServerCredentialsRotationMode {
+	return &v
+}
+
+type NullableAuthorizationServerCredentialsRotationMode struct {
+	value *AuthorizationServerCredentialsRotationMode
+	isSet bool
+}
+
+func (v NullableAuthorizationServerCredentialsRotationMode) Get() *AuthorizationServerCredentialsRotationMode {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerCredentialsRotationMode) Set(val *AuthorizationServerCredentialsRotationMode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerCredentialsRotationMode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerCredentialsRotationMode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerCredentialsRotationMode(val *AuthorizationServerCredentialsRotationMode) *NullableAuthorizationServerCredentialsRotationMode {
+	return &NullableAuthorizationServerCredentialsRotationMode{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerCredentialsRotationMode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerCredentialsRotationMode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_credentials_signing_config.go b/okta/model_authorization_server_credentials_signing_config.go
new file mode 100644
index 000000000..5eedb53bc
--- /dev/null
+++ b/okta/model_authorization_server_credentials_signing_config.go
@@ -0,0 +1,307 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// AuthorizationServerCredentialsSigningConfig struct for AuthorizationServerCredentialsSigningConfig
+type AuthorizationServerCredentialsSigningConfig struct {
+	Kid                  *string                                     `json:"kid,omitempty"`
+	LastRotated          *time.Time                                  `json:"lastRotated,omitempty"`
+	NextRotation         *time.Time                                  `json:"nextRotation,omitempty"`
+	RotationMode         *AuthorizationServerCredentialsRotationMode `json:"rotationMode,omitempty"`
+	Use                  *AuthorizationServerCredentialsUse          `json:"use,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServerCredentialsSigningConfig AuthorizationServerCredentialsSigningConfig
+
+// NewAuthorizationServerCredentialsSigningConfig instantiates a new AuthorizationServerCredentialsSigningConfig object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerCredentialsSigningConfig() *AuthorizationServerCredentialsSigningConfig {
+	this := AuthorizationServerCredentialsSigningConfig{}
+	return &this
+}
+
+// NewAuthorizationServerCredentialsSigningConfigWithDefaults instantiates a new AuthorizationServerCredentialsSigningConfig object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerCredentialsSigningConfigWithDefaults() *AuthorizationServerCredentialsSigningConfig {
+	this := AuthorizationServerCredentialsSigningConfig{}
+	return &this
+}
+
+// GetKid returns the Kid field value if set, zero value otherwise.
+func (o *AuthorizationServerCredentialsSigningConfig) GetKid() string {
+	if o == nil || o.Kid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Kid
+}
+
+// GetKidOk returns a tuple with the Kid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) GetKidOk() (*string, bool) {
+	if o == nil || o.Kid == nil {
+		return nil, false
+	}
+	return o.Kid, true
+}
+
+// HasKid returns a boolean if a field has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) HasKid() bool {
+	if o != nil && o.Kid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKid gets a reference to the given string and assigns it to the Kid field.
+func (o *AuthorizationServerCredentialsSigningConfig) SetKid(v string) {
+	o.Kid = &v
+}
+
+// GetLastRotated returns the LastRotated field value if set, zero value otherwise.
+func (o *AuthorizationServerCredentialsSigningConfig) GetLastRotated() time.Time {
+	if o == nil || o.LastRotated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastRotated
+}
+
+// GetLastRotatedOk returns a tuple with the LastRotated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) GetLastRotatedOk() (*time.Time, bool) {
+	if o == nil || o.LastRotated == nil {
+		return nil, false
+	}
+	return o.LastRotated, true
+}
+
+// HasLastRotated returns a boolean if a field has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) HasLastRotated() bool {
+	if o != nil && o.LastRotated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastRotated gets a reference to the given time.Time and assigns it to the LastRotated field.
+func (o *AuthorizationServerCredentialsSigningConfig) SetLastRotated(v time.Time) {
+	o.LastRotated = &v
+}
+
+// GetNextRotation returns the NextRotation field value if set, zero value otherwise.
+func (o *AuthorizationServerCredentialsSigningConfig) GetNextRotation() time.Time {
+	if o == nil || o.NextRotation == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.NextRotation
+}
+
+// GetNextRotationOk returns a tuple with the NextRotation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) GetNextRotationOk() (*time.Time, bool) {
+	if o == nil || o.NextRotation == nil {
+		return nil, false
+	}
+	return o.NextRotation, true
+}
+
+// HasNextRotation returns a boolean if a field has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) HasNextRotation() bool {
+	if o != nil && o.NextRotation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNextRotation gets a reference to the given time.Time and assigns it to the NextRotation field.
+func (o *AuthorizationServerCredentialsSigningConfig) SetNextRotation(v time.Time) {
+	o.NextRotation = &v
+}
+
+// GetRotationMode returns the RotationMode field value if set, zero value otherwise.
+func (o *AuthorizationServerCredentialsSigningConfig) GetRotationMode() AuthorizationServerCredentialsRotationMode {
+	if o == nil || o.RotationMode == nil {
+		var ret AuthorizationServerCredentialsRotationMode
+		return ret
+	}
+	return *o.RotationMode
+}
+
+// GetRotationModeOk returns a tuple with the RotationMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) GetRotationModeOk() (*AuthorizationServerCredentialsRotationMode, bool) {
+	if o == nil || o.RotationMode == nil {
+		return nil, false
+	}
+	return o.RotationMode, true
+}
+
+// HasRotationMode returns a boolean if a field has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) HasRotationMode() bool {
+	if o != nil && o.RotationMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRotationMode gets a reference to the given AuthorizationServerCredentialsRotationMode and assigns it to the RotationMode field.
+func (o *AuthorizationServerCredentialsSigningConfig) SetRotationMode(v AuthorizationServerCredentialsRotationMode) {
+	o.RotationMode = &v
+}
+
+// GetUse returns the Use field value if set, zero value otherwise.
+func (o *AuthorizationServerCredentialsSigningConfig) GetUse() AuthorizationServerCredentialsUse {
+	if o == nil || o.Use == nil {
+		var ret AuthorizationServerCredentialsUse
+		return ret
+	}
+	return *o.Use
+}
+
+// GetUseOk returns a tuple with the Use field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) GetUseOk() (*AuthorizationServerCredentialsUse, bool) {
+	if o == nil || o.Use == nil {
+		return nil, false
+	}
+	return o.Use, true
+}
+
+// HasUse returns a boolean if a field has been set.
+func (o *AuthorizationServerCredentialsSigningConfig) HasUse() bool {
+	if o != nil && o.Use != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUse gets a reference to the given AuthorizationServerCredentialsUse and assigns it to the Use field.
+func (o *AuthorizationServerCredentialsSigningConfig) SetUse(v AuthorizationServerCredentialsUse) {
+	o.Use = &v
+}
+
+func (o AuthorizationServerCredentialsSigningConfig) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Kid != nil {
+		toSerialize["kid"] = o.Kid
+	}
+	if o.LastRotated != nil {
+		toSerialize["lastRotated"] = o.LastRotated
+	}
+	if o.NextRotation != nil {
+		toSerialize["nextRotation"] = o.NextRotation
+	}
+	if o.RotationMode != nil {
+		toSerialize["rotationMode"] = o.RotationMode
+	}
+	if o.Use != nil {
+		toSerialize["use"] = o.Use
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerCredentialsSigningConfig) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServerCredentialsSigningConfig := _AuthorizationServerCredentialsSigningConfig{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerCredentialsSigningConfig)
+	if err == nil {
+		*o = AuthorizationServerCredentialsSigningConfig(varAuthorizationServerCredentialsSigningConfig)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "kid")
+		delete(additionalProperties, "lastRotated")
+		delete(additionalProperties, "nextRotation")
+		delete(additionalProperties, "rotationMode")
+		delete(additionalProperties, "use")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerCredentialsSigningConfig struct {
+	value *AuthorizationServerCredentialsSigningConfig
+	isSet bool
+}
+
+func (v NullableAuthorizationServerCredentialsSigningConfig) Get() *AuthorizationServerCredentialsSigningConfig {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerCredentialsSigningConfig) Set(val *AuthorizationServerCredentialsSigningConfig) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerCredentialsSigningConfig) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerCredentialsSigningConfig) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerCredentialsSigningConfig(val *AuthorizationServerCredentialsSigningConfig) *NullableAuthorizationServerCredentialsSigningConfig {
+	return &NullableAuthorizationServerCredentialsSigningConfig{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerCredentialsSigningConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerCredentialsSigningConfig) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_credentials_use.go b/okta/model_authorization_server_credentials_use.go
new file mode 100644
index 000000000..3c7199103
--- /dev/null
+++ b/okta/model_authorization_server_credentials_use.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AuthorizationServerCredentialsUse the model 'AuthorizationServerCredentialsUse'
+type AuthorizationServerCredentialsUse string
+
+// List of AuthorizationServerCredentialsUse
+const (
+	AUTHORIZATIONSERVERCREDENTIALSUSE_SIG AuthorizationServerCredentialsUse = "sig"
+)
+
+// All allowed values of AuthorizationServerCredentialsUse enum
+var AllowedAuthorizationServerCredentialsUseEnumValues = []AuthorizationServerCredentialsUse{
+	"sig",
+}
+
+func (v *AuthorizationServerCredentialsUse) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AuthorizationServerCredentialsUse(value)
+	for _, existing := range AllowedAuthorizationServerCredentialsUseEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AuthorizationServerCredentialsUse", value)
+}
+
+// NewAuthorizationServerCredentialsUseFromValue returns a pointer to a valid AuthorizationServerCredentialsUse
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAuthorizationServerCredentialsUseFromValue(v string) (*AuthorizationServerCredentialsUse, error) {
+	ev := AuthorizationServerCredentialsUse(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AuthorizationServerCredentialsUse: valid values are %v", v, AllowedAuthorizationServerCredentialsUseEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AuthorizationServerCredentialsUse) IsValid() bool {
+	for _, existing := range AllowedAuthorizationServerCredentialsUseEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AuthorizationServerCredentialsUse value
+func (v AuthorizationServerCredentialsUse) Ptr() *AuthorizationServerCredentialsUse {
+	return &v
+}
+
+type NullableAuthorizationServerCredentialsUse struct {
+	value *AuthorizationServerCredentialsUse
+	isSet bool
+}
+
+func (v NullableAuthorizationServerCredentialsUse) Get() *AuthorizationServerCredentialsUse {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerCredentialsUse) Set(val *AuthorizationServerCredentialsUse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerCredentialsUse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerCredentialsUse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerCredentialsUse(val *AuthorizationServerCredentialsUse) *NullableAuthorizationServerCredentialsUse {
+	return &NullableAuthorizationServerCredentialsUse{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerCredentialsUse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerCredentialsUse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_policy.go b/okta/model_authorization_server_policy.go
new file mode 100644
index 000000000..6cd7c792e
--- /dev/null
+++ b/okta/model_authorization_server_policy.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// AuthorizationServerPolicy struct for AuthorizationServerPolicy
+type AuthorizationServerPolicy struct {
+	Policy
+	Conditions           *PolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServerPolicy AuthorizationServerPolicy
+
+// NewAuthorizationServerPolicy instantiates a new AuthorizationServerPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerPolicy() *AuthorizationServerPolicy {
+	this := AuthorizationServerPolicy{}
+	return &this
+}
+
+// NewAuthorizationServerPolicyWithDefaults instantiates a new AuthorizationServerPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerPolicyWithDefaults() *AuthorizationServerPolicy {
+	this := AuthorizationServerPolicy{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicy) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicy) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicy) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *AuthorizationServerPolicy) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o AuthorizationServerPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicy, errPolicy := json.Marshal(o.Policy)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	errPolicy = json.Unmarshal([]byte(serializedPolicy), &toSerialize)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerPolicy) UnmarshalJSON(bytes []byte) (err error) {
+	type AuthorizationServerPolicyWithoutEmbeddedStruct struct {
+		Conditions *PolicyRuleConditions `json:"conditions,omitempty"`
+	}
+
+	varAuthorizationServerPolicyWithoutEmbeddedStruct := AuthorizationServerPolicyWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyWithoutEmbeddedStruct)
+	if err == nil {
+		varAuthorizationServerPolicy := _AuthorizationServerPolicy{}
+		varAuthorizationServerPolicy.Conditions = varAuthorizationServerPolicyWithoutEmbeddedStruct.Conditions
+		*o = AuthorizationServerPolicy(varAuthorizationServerPolicy)
+	} else {
+		return err
+	}
+
+	varAuthorizationServerPolicy := _AuthorizationServerPolicy{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicy)
+	if err == nil {
+		o.Policy = varAuthorizationServerPolicy.Policy
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicy := reflect.ValueOf(o.Policy)
+		for i := 0; i < reflectPolicy.Type().NumField(); i++ {
+			t := reflectPolicy.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerPolicy struct {
+	value *AuthorizationServerPolicy
+	isSet bool
+}
+
+func (v NullableAuthorizationServerPolicy) Get() *AuthorizationServerPolicy {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerPolicy) Set(val *AuthorizationServerPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerPolicy(val *AuthorizationServerPolicy) *NullableAuthorizationServerPolicy {
+	return &NullableAuthorizationServerPolicy{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_policy_rule.go b/okta/model_authorization_server_policy_rule.go
new file mode 100644
index 000000000..a1a50d60b
--- /dev/null
+++ b/okta/model_authorization_server_policy_rule.go
@@ -0,0 +1,244 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// AuthorizationServerPolicyRule struct for AuthorizationServerPolicyRule
+type AuthorizationServerPolicyRule struct {
+	PolicyRule
+	Actions              *AuthorizationServerPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *AuthorizationServerPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServerPolicyRule AuthorizationServerPolicyRule
+
+// NewAuthorizationServerPolicyRule instantiates a new AuthorizationServerPolicyRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerPolicyRule() *AuthorizationServerPolicyRule {
+	this := AuthorizationServerPolicyRule{}
+	var system bool = false
+	this.System = &system
+	return &this
+}
+
+// NewAuthorizationServerPolicyRuleWithDefaults instantiates a new AuthorizationServerPolicyRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerPolicyRuleWithDefaults() *AuthorizationServerPolicyRule {
+	this := AuthorizationServerPolicyRule{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRule) GetActions() AuthorizationServerPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret AuthorizationServerPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRule) GetActionsOk() (*AuthorizationServerPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRule) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given AuthorizationServerPolicyRuleActions and assigns it to the Actions field.
+func (o *AuthorizationServerPolicyRule) SetActions(v AuthorizationServerPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRule) GetConditions() AuthorizationServerPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret AuthorizationServerPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRule) GetConditionsOk() (*AuthorizationServerPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRule) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given AuthorizationServerPolicyRuleConditions and assigns it to the Conditions field.
+func (o *AuthorizationServerPolicyRule) SetConditions(v AuthorizationServerPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o AuthorizationServerPolicyRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicyRule, errPolicyRule := json.Marshal(o.PolicyRule)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	errPolicyRule = json.Unmarshal([]byte(serializedPolicyRule), &toSerialize)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerPolicyRule) UnmarshalJSON(bytes []byte) (err error) {
+	type AuthorizationServerPolicyRuleWithoutEmbeddedStruct struct {
+		Actions    *AuthorizationServerPolicyRuleActions    `json:"actions,omitempty"`
+		Conditions *AuthorizationServerPolicyRuleConditions `json:"conditions,omitempty"`
+	}
+
+	varAuthorizationServerPolicyRuleWithoutEmbeddedStruct := AuthorizationServerPolicyRuleWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyRuleWithoutEmbeddedStruct)
+	if err == nil {
+		varAuthorizationServerPolicyRule := _AuthorizationServerPolicyRule{}
+		varAuthorizationServerPolicyRule.Actions = varAuthorizationServerPolicyRuleWithoutEmbeddedStruct.Actions
+		varAuthorizationServerPolicyRule.Conditions = varAuthorizationServerPolicyRuleWithoutEmbeddedStruct.Conditions
+		*o = AuthorizationServerPolicyRule(varAuthorizationServerPolicyRule)
+	} else {
+		return err
+	}
+
+	varAuthorizationServerPolicyRule := _AuthorizationServerPolicyRule{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyRule)
+	if err == nil {
+		o.PolicyRule = varAuthorizationServerPolicyRule.PolicyRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicyRule := reflect.ValueOf(o.PolicyRule)
+		for i := 0; i < reflectPolicyRule.Type().NumField(); i++ {
+			t := reflectPolicyRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerPolicyRule struct {
+	value *AuthorizationServerPolicyRule
+	isSet bool
+}
+
+func (v NullableAuthorizationServerPolicyRule) Get() *AuthorizationServerPolicyRule {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerPolicyRule) Set(val *AuthorizationServerPolicyRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerPolicyRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerPolicyRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerPolicyRule(val *AuthorizationServerPolicyRule) *NullableAuthorizationServerPolicyRule {
+	return &NullableAuthorizationServerPolicyRule{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerPolicyRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerPolicyRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_policy_rule_actions.go b/okta/model_authorization_server_policy_rule_actions.go
new file mode 100644
index 000000000..4b2dfe111
--- /dev/null
+++ b/okta/model_authorization_server_policy_rule_actions.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthorizationServerPolicyRuleActions struct for AuthorizationServerPolicyRuleActions
+type AuthorizationServerPolicyRuleActions struct {
+	Enroll                   *PolicyRuleActionsEnroll                  `json:"enroll,omitempty"`
+	Idp                      *IdpPolicyRuleAction                      `json:"idp,omitempty"`
+	PasswordChange           *PasswordPolicyRuleAction                 `json:"passwordChange,omitempty"`
+	SelfServicePasswordReset *PasswordPolicyRuleAction                 `json:"selfServicePasswordReset,omitempty"`
+	SelfServiceUnlock        *PasswordPolicyRuleAction                 `json:"selfServiceUnlock,omitempty"`
+	Signon                   *OktaSignOnPolicyRuleSignonActions        `json:"signon,omitempty"`
+	Token                    *TokenAuthorizationServerPolicyRuleAction `json:"token,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _AuthorizationServerPolicyRuleActions AuthorizationServerPolicyRuleActions
+
+// NewAuthorizationServerPolicyRuleActions instantiates a new AuthorizationServerPolicyRuleActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerPolicyRuleActions() *AuthorizationServerPolicyRuleActions {
+	this := AuthorizationServerPolicyRuleActions{}
+	return &this
+}
+
+// NewAuthorizationServerPolicyRuleActionsWithDefaults instantiates a new AuthorizationServerPolicyRuleActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerPolicyRuleActionsWithDefaults() *AuthorizationServerPolicyRuleActions {
+	this := AuthorizationServerPolicyRuleActions{}
+	return &this
+}
+
+// GetEnroll returns the Enroll field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll {
+	if o == nil || o.Enroll == nil {
+		var ret PolicyRuleActionsEnroll
+		return ret
+	}
+	return *o.Enroll
+}
+
+// GetEnrollOk returns a tuple with the Enroll field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool) {
+	if o == nil || o.Enroll == nil {
+		return nil, false
+	}
+	return o.Enroll, true
+}
+
+// HasEnroll returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActions) HasEnroll() bool {
+	if o != nil && o.Enroll != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnroll gets a reference to the given PolicyRuleActionsEnroll and assigns it to the Enroll field.
+func (o *AuthorizationServerPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll) {
+	o.Enroll = &v
+}
+
+// GetIdp returns the Idp field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActions) GetIdp() IdpPolicyRuleAction {
+	if o == nil || o.Idp == nil {
+		var ret IdpPolicyRuleAction
+		return ret
+	}
+	return *o.Idp
+}
+
+// GetIdpOk returns a tuple with the Idp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool) {
+	if o == nil || o.Idp == nil {
+		return nil, false
+	}
+	return o.Idp, true
+}
+
+// HasIdp returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActions) HasIdp() bool {
+	if o != nil && o.Idp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdp gets a reference to the given IdpPolicyRuleAction and assigns it to the Idp field.
+func (o *AuthorizationServerPolicyRuleActions) SetIdp(v IdpPolicyRuleAction) {
+	o.Idp = &v
+}
+
+// GetPasswordChange returns the PasswordChange field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction {
+	if o == nil || o.PasswordChange == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.PasswordChange
+}
+
+// GetPasswordChangeOk returns a tuple with the PasswordChange field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.PasswordChange == nil {
+		return nil, false
+	}
+	return o.PasswordChange, true
+}
+
+// HasPasswordChange returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActions) HasPasswordChange() bool {
+	if o != nil && o.PasswordChange != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChange gets a reference to the given PasswordPolicyRuleAction and assigns it to the PasswordChange field.
+func (o *AuthorizationServerPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction) {
+	o.PasswordChange = &v
+}
+
+// GetSelfServicePasswordReset returns the SelfServicePasswordReset field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServicePasswordReset
+}
+
+// GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		return nil, false
+	}
+	return o.SelfServicePasswordReset, true
+}
+
+// HasSelfServicePasswordReset returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActions) HasSelfServicePasswordReset() bool {
+	if o != nil && o.SelfServicePasswordReset != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServicePasswordReset gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServicePasswordReset field.
+func (o *AuthorizationServerPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction) {
+	o.SelfServicePasswordReset = &v
+}
+
+// GetSelfServiceUnlock returns the SelfServiceUnlock field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServiceUnlock == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServiceUnlock
+}
+
+// GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServiceUnlock == nil {
+		return nil, false
+	}
+	return o.SelfServiceUnlock, true
+}
+
+// HasSelfServiceUnlock returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActions) HasSelfServiceUnlock() bool {
+	if o != nil && o.SelfServiceUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServiceUnlock gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServiceUnlock field.
+func (o *AuthorizationServerPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction) {
+	o.SelfServiceUnlock = &v
+}
+
+// GetSignon returns the Signon field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions {
+	if o == nil || o.Signon == nil {
+		var ret OktaSignOnPolicyRuleSignonActions
+		return ret
+	}
+	return *o.Signon
+}
+
+// GetSignonOk returns a tuple with the Signon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool) {
+	if o == nil || o.Signon == nil {
+		return nil, false
+	}
+	return o.Signon, true
+}
+
+// HasSignon returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActions) HasSignon() bool {
+	if o != nil && o.Signon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignon gets a reference to the given OktaSignOnPolicyRuleSignonActions and assigns it to the Signon field.
+func (o *AuthorizationServerPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions) {
+	o.Signon = &v
+}
+
+// GetToken returns the Token field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActions) GetToken() TokenAuthorizationServerPolicyRuleAction {
+	if o == nil || o.Token == nil {
+		var ret TokenAuthorizationServerPolicyRuleAction
+		return ret
+	}
+	return *o.Token
+}
+
+// GetTokenOk returns a tuple with the Token field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActions) GetTokenOk() (*TokenAuthorizationServerPolicyRuleAction, bool) {
+	if o == nil || o.Token == nil {
+		return nil, false
+	}
+	return o.Token, true
+}
+
+// HasToken returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActions) HasToken() bool {
+	if o != nil && o.Token != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetToken gets a reference to the given TokenAuthorizationServerPolicyRuleAction and assigns it to the Token field.
+func (o *AuthorizationServerPolicyRuleActions) SetToken(v TokenAuthorizationServerPolicyRuleAction) {
+	o.Token = &v
+}
+
+func (o AuthorizationServerPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enroll != nil {
+		toSerialize["enroll"] = o.Enroll
+	}
+	if o.Idp != nil {
+		toSerialize["idp"] = o.Idp
+	}
+	if o.PasswordChange != nil {
+		toSerialize["passwordChange"] = o.PasswordChange
+	}
+	if o.SelfServicePasswordReset != nil {
+		toSerialize["selfServicePasswordReset"] = o.SelfServicePasswordReset
+	}
+	if o.SelfServiceUnlock != nil {
+		toSerialize["selfServiceUnlock"] = o.SelfServiceUnlock
+	}
+	if o.Signon != nil {
+		toSerialize["signon"] = o.Signon
+	}
+	if o.Token != nil {
+		toSerialize["token"] = o.Token
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerPolicyRuleActions) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServerPolicyRuleActions := _AuthorizationServerPolicyRuleActions{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyRuleActions)
+	if err == nil {
+		*o = AuthorizationServerPolicyRuleActions(varAuthorizationServerPolicyRuleActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enroll")
+		delete(additionalProperties, "idp")
+		delete(additionalProperties, "passwordChange")
+		delete(additionalProperties, "selfServicePasswordReset")
+		delete(additionalProperties, "selfServiceUnlock")
+		delete(additionalProperties, "signon")
+		delete(additionalProperties, "token")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerPolicyRuleActions struct {
+	value *AuthorizationServerPolicyRuleActions
+	isSet bool
+}
+
+func (v NullableAuthorizationServerPolicyRuleActions) Get() *AuthorizationServerPolicyRuleActions {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerPolicyRuleActions) Set(val *AuthorizationServerPolicyRuleActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerPolicyRuleActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerPolicyRuleActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerPolicyRuleActions(val *AuthorizationServerPolicyRuleActions) *NullableAuthorizationServerPolicyRuleActions {
+	return &NullableAuthorizationServerPolicyRuleActions{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerPolicyRuleActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_policy_rule_actions_all_of.go b/okta/model_authorization_server_policy_rule_actions_all_of.go
new file mode 100644
index 000000000..5dca4ae66
--- /dev/null
+++ b/okta/model_authorization_server_policy_rule_actions_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthorizationServerPolicyRuleActionsAllOf struct for AuthorizationServerPolicyRuleActionsAllOf
+type AuthorizationServerPolicyRuleActionsAllOf struct {
+	Token                *TokenAuthorizationServerPolicyRuleAction `json:"token,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServerPolicyRuleActionsAllOf AuthorizationServerPolicyRuleActionsAllOf
+
+// NewAuthorizationServerPolicyRuleActionsAllOf instantiates a new AuthorizationServerPolicyRuleActionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerPolicyRuleActionsAllOf() *AuthorizationServerPolicyRuleActionsAllOf {
+	this := AuthorizationServerPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// NewAuthorizationServerPolicyRuleActionsAllOfWithDefaults instantiates a new AuthorizationServerPolicyRuleActionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerPolicyRuleActionsAllOfWithDefaults() *AuthorizationServerPolicyRuleActionsAllOf {
+	this := AuthorizationServerPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// GetToken returns the Token field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleActionsAllOf) GetToken() TokenAuthorizationServerPolicyRuleAction {
+	if o == nil || o.Token == nil {
+		var ret TokenAuthorizationServerPolicyRuleAction
+		return ret
+	}
+	return *o.Token
+}
+
+// GetTokenOk returns a tuple with the Token field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleActionsAllOf) GetTokenOk() (*TokenAuthorizationServerPolicyRuleAction, bool) {
+	if o == nil || o.Token == nil {
+		return nil, false
+	}
+	return o.Token, true
+}
+
+// HasToken returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleActionsAllOf) HasToken() bool {
+	if o != nil && o.Token != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetToken gets a reference to the given TokenAuthorizationServerPolicyRuleAction and assigns it to the Token field.
+func (o *AuthorizationServerPolicyRuleActionsAllOf) SetToken(v TokenAuthorizationServerPolicyRuleAction) {
+	o.Token = &v
+}
+
+func (o AuthorizationServerPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Token != nil {
+		toSerialize["token"] = o.Token
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerPolicyRuleActionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServerPolicyRuleActionsAllOf := _AuthorizationServerPolicyRuleActionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyRuleActionsAllOf)
+	if err == nil {
+		*o = AuthorizationServerPolicyRuleActionsAllOf(varAuthorizationServerPolicyRuleActionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "token")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerPolicyRuleActionsAllOf struct {
+	value *AuthorizationServerPolicyRuleActionsAllOf
+	isSet bool
+}
+
+func (v NullableAuthorizationServerPolicyRuleActionsAllOf) Get() *AuthorizationServerPolicyRuleActionsAllOf {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerPolicyRuleActionsAllOf) Set(val *AuthorizationServerPolicyRuleActionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerPolicyRuleActionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerPolicyRuleActionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerPolicyRuleActionsAllOf(val *AuthorizationServerPolicyRuleActionsAllOf) *NullableAuthorizationServerPolicyRuleActionsAllOf {
+	return &NullableAuthorizationServerPolicyRuleActionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerPolicyRuleActionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_policy_rule_all_of.go b/okta/model_authorization_server_policy_rule_all_of.go
new file mode 100644
index 000000000..023b11a48
--- /dev/null
+++ b/okta/model_authorization_server_policy_rule_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthorizationServerPolicyRuleAllOf struct for AuthorizationServerPolicyRuleAllOf
+type AuthorizationServerPolicyRuleAllOf struct {
+	Actions              *AuthorizationServerPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *AuthorizationServerPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServerPolicyRuleAllOf AuthorizationServerPolicyRuleAllOf
+
+// NewAuthorizationServerPolicyRuleAllOf instantiates a new AuthorizationServerPolicyRuleAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerPolicyRuleAllOf() *AuthorizationServerPolicyRuleAllOf {
+	this := AuthorizationServerPolicyRuleAllOf{}
+	return &this
+}
+
+// NewAuthorizationServerPolicyRuleAllOfWithDefaults instantiates a new AuthorizationServerPolicyRuleAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerPolicyRuleAllOfWithDefaults() *AuthorizationServerPolicyRuleAllOf {
+	this := AuthorizationServerPolicyRuleAllOf{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleAllOf) GetActions() AuthorizationServerPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret AuthorizationServerPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleAllOf) GetActionsOk() (*AuthorizationServerPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleAllOf) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given AuthorizationServerPolicyRuleActions and assigns it to the Actions field.
+func (o *AuthorizationServerPolicyRuleAllOf) SetActions(v AuthorizationServerPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleAllOf) GetConditions() AuthorizationServerPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret AuthorizationServerPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleAllOf) GetConditionsOk() (*AuthorizationServerPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given AuthorizationServerPolicyRuleConditions and assigns it to the Conditions field.
+func (o *AuthorizationServerPolicyRuleAllOf) SetConditions(v AuthorizationServerPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o AuthorizationServerPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerPolicyRuleAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServerPolicyRuleAllOf := _AuthorizationServerPolicyRuleAllOf{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyRuleAllOf)
+	if err == nil {
+		*o = AuthorizationServerPolicyRuleAllOf(varAuthorizationServerPolicyRuleAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerPolicyRuleAllOf struct {
+	value *AuthorizationServerPolicyRuleAllOf
+	isSet bool
+}
+
+func (v NullableAuthorizationServerPolicyRuleAllOf) Get() *AuthorizationServerPolicyRuleAllOf {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerPolicyRuleAllOf) Set(val *AuthorizationServerPolicyRuleAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerPolicyRuleAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerPolicyRuleAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerPolicyRuleAllOf(val *AuthorizationServerPolicyRuleAllOf) *NullableAuthorizationServerPolicyRuleAllOf {
+	return &NullableAuthorizationServerPolicyRuleAllOf{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerPolicyRuleAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_policy_rule_conditions.go b/okta/model_authorization_server_policy_rule_conditions.go
new file mode 100644
index 000000000..fc52fa580
--- /dev/null
+++ b/okta/model_authorization_server_policy_rule_conditions.go
@@ -0,0 +1,898 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthorizationServerPolicyRuleConditions struct for AuthorizationServerPolicyRuleConditions
+type AuthorizationServerPolicyRuleConditions struct {
+	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
+	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
+	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
+	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
+	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
+	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
+	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
+	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
+	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
+	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
+	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
+	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
+	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
+	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
+	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
+	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
+	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
+	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
+	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
+	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _AuthorizationServerPolicyRuleConditions AuthorizationServerPolicyRuleConditions
+
+// NewAuthorizationServerPolicyRuleConditions instantiates a new AuthorizationServerPolicyRuleConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerPolicyRuleConditions() *AuthorizationServerPolicyRuleConditions {
+	this := AuthorizationServerPolicyRuleConditions{}
+	return &this
+}
+
+// NewAuthorizationServerPolicyRuleConditionsWithDefaults instantiates a new AuthorizationServerPolicyRuleConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerPolicyRuleConditionsWithDefaults() *AuthorizationServerPolicyRuleConditions {
+	this := AuthorizationServerPolicyRuleConditions{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition {
+	if o == nil || o.App == nil {
+		var ret AppAndInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given AppAndInstancePolicyRuleCondition and assigns it to the App field.
+func (o *AuthorizationServerPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition) {
+	o.App = &v
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition {
+	if o == nil || o.Apps == nil {
+		var ret AppInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given AppInstancePolicyRuleCondition and assigns it to the Apps field.
+func (o *AuthorizationServerPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition) {
+	o.Apps = &v
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *AuthorizationServerPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *AuthorizationServerPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetBeforeScheduledAction returns the BeforeScheduledAction field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition {
+	if o == nil || o.BeforeScheduledAction == nil {
+		var ret BeforeScheduledActionPolicyRuleCondition
+		return ret
+	}
+	return *o.BeforeScheduledAction
+}
+
+// GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool) {
+	if o == nil || o.BeforeScheduledAction == nil {
+		return nil, false
+	}
+	return o.BeforeScheduledAction, true
+}
+
+// HasBeforeScheduledAction returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasBeforeScheduledAction() bool {
+	if o != nil && o.BeforeScheduledAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBeforeScheduledAction gets a reference to the given BeforeScheduledActionPolicyRuleCondition and assigns it to the BeforeScheduledAction field.
+func (o *AuthorizationServerPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition) {
+	o.BeforeScheduledAction = &v
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *AuthorizationServerPolicyRuleConditions) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetContext returns the Context field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetContext() ContextPolicyRuleCondition {
+	if o == nil || o.Context == nil {
+		var ret ContextPolicyRuleCondition
+		return ret
+	}
+	return *o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool) {
+	if o == nil || o.Context == nil {
+		return nil, false
+	}
+	return o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasContext() bool {
+	if o != nil && o.Context != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContext gets a reference to the given ContextPolicyRuleCondition and assigns it to the Context field.
+func (o *AuthorizationServerPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition) {
+	o.Context = &v
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetDevice() DevicePolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DevicePolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DevicePolicyRuleCondition and assigns it to the Device field.
+func (o *AuthorizationServerPolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *AuthorizationServerPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupPolicyRuleCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupPolicyRuleCondition and assigns it to the Groups field.
+func (o *AuthorizationServerPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition) {
+	o.Groups = &v
+}
+
+// GetIdentityProvider returns the IdentityProvider field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition {
+	if o == nil || o.IdentityProvider == nil {
+		var ret IdentityProviderPolicyRuleCondition
+		return ret
+	}
+	return *o.IdentityProvider
+}
+
+// GetIdentityProviderOk returns a tuple with the IdentityProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool) {
+	if o == nil || o.IdentityProvider == nil {
+		return nil, false
+	}
+	return o.IdentityProvider, true
+}
+
+// HasIdentityProvider returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasIdentityProvider() bool {
+	if o != nil && o.IdentityProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityProvider gets a reference to the given IdentityProviderPolicyRuleCondition and assigns it to the IdentityProvider field.
+func (o *AuthorizationServerPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition) {
+	o.IdentityProvider = &v
+}
+
+// GetMdmEnrollment returns the MdmEnrollment field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition {
+	if o == nil || o.MdmEnrollment == nil {
+		var ret MDMEnrollmentPolicyRuleCondition
+		return ret
+	}
+	return *o.MdmEnrollment
+}
+
+// GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool) {
+	if o == nil || o.MdmEnrollment == nil {
+		return nil, false
+	}
+	return o.MdmEnrollment, true
+}
+
+// HasMdmEnrollment returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasMdmEnrollment() bool {
+	if o != nil && o.MdmEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMdmEnrollment gets a reference to the given MDMEnrollmentPolicyRuleCondition and assigns it to the MdmEnrollment field.
+func (o *AuthorizationServerPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition) {
+	o.MdmEnrollment = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *AuthorizationServerPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *AuthorizationServerPolicyRuleConditions) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition {
+	if o == nil || o.Platform == nil {
+		var ret PlatformPolicyRuleCondition
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given PlatformPolicyRuleCondition and assigns it to the Platform field.
+func (o *AuthorizationServerPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition) {
+	o.Platform = &v
+}
+
+// GetRisk returns the Risk field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition {
+	if o == nil || o.Risk == nil {
+		var ret RiskPolicyRuleCondition
+		return ret
+	}
+	return *o.Risk
+}
+
+// GetRiskOk returns a tuple with the Risk field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool) {
+	if o == nil || o.Risk == nil {
+		return nil, false
+	}
+	return o.Risk, true
+}
+
+// HasRisk returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasRisk() bool {
+	if o != nil && o.Risk != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRisk gets a reference to the given RiskPolicyRuleCondition and assigns it to the Risk field.
+func (o *AuthorizationServerPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition) {
+	o.Risk = &v
+}
+
+// GetRiskScore returns the RiskScore field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition {
+	if o == nil || o.RiskScore == nil {
+		var ret RiskScorePolicyRuleCondition
+		return ret
+	}
+	return *o.RiskScore
+}
+
+// GetRiskScoreOk returns a tuple with the RiskScore field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool) {
+	if o == nil || o.RiskScore == nil {
+		return nil, false
+	}
+	return o.RiskScore, true
+}
+
+// HasRiskScore returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasRiskScore() bool {
+	if o != nil && o.RiskScore != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskScore gets a reference to the given RiskScorePolicyRuleCondition and assigns it to the RiskScore field.
+func (o *AuthorizationServerPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition) {
+	o.RiskScore = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *AuthorizationServerPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+// GetUserIdentifier returns the UserIdentifier field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition {
+	if o == nil || o.UserIdentifier == nil {
+		var ret UserIdentifierPolicyRuleCondition
+		return ret
+	}
+	return *o.UserIdentifier
+}
+
+// GetUserIdentifierOk returns a tuple with the UserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool) {
+	if o == nil || o.UserIdentifier == nil {
+		return nil, false
+	}
+	return o.UserIdentifier, true
+}
+
+// HasUserIdentifier returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasUserIdentifier() bool {
+	if o != nil && o.UserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserIdentifier gets a reference to the given UserIdentifierPolicyRuleCondition and assigns it to the UserIdentifier field.
+func (o *AuthorizationServerPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition) {
+	o.UserIdentifier = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetUsers() UserPolicyRuleCondition {
+	if o == nil || o.Users == nil {
+		var ret UserPolicyRuleCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserPolicyRuleCondition and assigns it to the Users field.
+func (o *AuthorizationServerPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition) {
+	o.Users = &v
+}
+
+// GetUserStatus returns the UserStatus field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition {
+	if o == nil || o.UserStatus == nil {
+		var ret UserStatusPolicyRuleCondition
+		return ret
+	}
+	return *o.UserStatus
+}
+
+// GetUserStatusOk returns a tuple with the UserStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool) {
+	if o == nil || o.UserStatus == nil {
+		return nil, false
+	}
+	return o.UserStatus, true
+}
+
+// HasUserStatus returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditions) HasUserStatus() bool {
+	if o != nil && o.UserStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserStatus gets a reference to the given UserStatusPolicyRuleCondition and assigns it to the UserStatus field.
+func (o *AuthorizationServerPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition) {
+	o.UserStatus = &v
+}
+
+func (o AuthorizationServerPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.BeforeScheduledAction != nil {
+		toSerialize["beforeScheduledAction"] = o.BeforeScheduledAction
+	}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.Context != nil {
+		toSerialize["context"] = o.Context
+	}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.IdentityProvider != nil {
+		toSerialize["identityProvider"] = o.IdentityProvider
+	}
+	if o.MdmEnrollment != nil {
+		toSerialize["mdmEnrollment"] = o.MdmEnrollment
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Risk != nil {
+		toSerialize["risk"] = o.Risk
+	}
+	if o.RiskScore != nil {
+		toSerialize["riskScore"] = o.RiskScore
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.UserIdentifier != nil {
+		toSerialize["userIdentifier"] = o.UserIdentifier
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.UserStatus != nil {
+		toSerialize["userStatus"] = o.UserStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerPolicyRuleConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServerPolicyRuleConditions := _AuthorizationServerPolicyRuleConditions{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyRuleConditions)
+	if err == nil {
+		*o = AuthorizationServerPolicyRuleConditions(varAuthorizationServerPolicyRuleConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "beforeScheduledAction")
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "context")
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "identityProvider")
+		delete(additionalProperties, "mdmEnrollment")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "risk")
+		delete(additionalProperties, "riskScore")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "userIdentifier")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "userStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerPolicyRuleConditions struct {
+	value *AuthorizationServerPolicyRuleConditions
+	isSet bool
+}
+
+func (v NullableAuthorizationServerPolicyRuleConditions) Get() *AuthorizationServerPolicyRuleConditions {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerPolicyRuleConditions) Set(val *AuthorizationServerPolicyRuleConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerPolicyRuleConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerPolicyRuleConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerPolicyRuleConditions(val *AuthorizationServerPolicyRuleConditions) *NullableAuthorizationServerPolicyRuleConditions {
+	return &NullableAuthorizationServerPolicyRuleConditions{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerPolicyRuleConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_authorization_server_policy_rule_conditions_all_of.go b/okta/model_authorization_server_policy_rule_conditions_all_of.go
new file mode 100644
index 000000000..afa4c7dfe
--- /dev/null
+++ b/okta/model_authorization_server_policy_rule_conditions_all_of.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AuthorizationServerPolicyRuleConditionsAllOf struct for AuthorizationServerPolicyRuleConditionsAllOf
+type AuthorizationServerPolicyRuleConditionsAllOf struct {
+	Clients              *ClientPolicyCondition                    `json:"clients,omitempty"`
+	GrantTypes           *GrantTypePolicyRuleCondition             `json:"grantTypes,omitempty"`
+	People               *PolicyPeopleCondition                    `json:"people,omitempty"`
+	Scopes               *OAuth2ScopesMediationPolicyRuleCondition `json:"scopes,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AuthorizationServerPolicyRuleConditionsAllOf AuthorizationServerPolicyRuleConditionsAllOf
+
+// NewAuthorizationServerPolicyRuleConditionsAllOf instantiates a new AuthorizationServerPolicyRuleConditionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAuthorizationServerPolicyRuleConditionsAllOf() *AuthorizationServerPolicyRuleConditionsAllOf {
+	this := AuthorizationServerPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// NewAuthorizationServerPolicyRuleConditionsAllOfWithDefaults instantiates a new AuthorizationServerPolicyRuleConditionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAuthorizationServerPolicyRuleConditionsAllOfWithDefaults() *AuthorizationServerPolicyRuleConditionsAllOf {
+	this := AuthorizationServerPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+func (o AuthorizationServerPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AuthorizationServerPolicyRuleConditionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAuthorizationServerPolicyRuleConditionsAllOf := _AuthorizationServerPolicyRuleConditionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varAuthorizationServerPolicyRuleConditionsAllOf)
+	if err == nil {
+		*o = AuthorizationServerPolicyRuleConditionsAllOf(varAuthorizationServerPolicyRuleConditionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "scopes")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAuthorizationServerPolicyRuleConditionsAllOf struct {
+	value *AuthorizationServerPolicyRuleConditionsAllOf
+	isSet bool
+}
+
+func (v NullableAuthorizationServerPolicyRuleConditionsAllOf) Get() *AuthorizationServerPolicyRuleConditionsAllOf {
+	return v.value
+}
+
+func (v *NullableAuthorizationServerPolicyRuleConditionsAllOf) Set(val *AuthorizationServerPolicyRuleConditionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAuthorizationServerPolicyRuleConditionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAuthorizationServerPolicyRuleConditionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAuthorizationServerPolicyRuleConditionsAllOf(val *AuthorizationServerPolicyRuleConditionsAllOf) *NullableAuthorizationServerPolicyRuleConditionsAllOf {
+	return &NullableAuthorizationServerPolicyRuleConditionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableAuthorizationServerPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAuthorizationServerPolicyRuleConditionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_auto_login_application.go b/okta/model_auto_login_application.go
new file mode 100644
index 000000000..88233da8f
--- /dev/null
+++ b/okta/model_auto_login_application.go
@@ -0,0 +1,281 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// AutoLoginApplication struct for AutoLoginApplication
+type AutoLoginApplication struct {
+	Application
+	Credentials          *SchemeApplicationCredentials `json:"credentials,omitempty"`
+	Name                 *string                       `json:"name,omitempty"`
+	Settings             *AutoLoginApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AutoLoginApplication AutoLoginApplication
+
+// NewAutoLoginApplication instantiates a new AutoLoginApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAutoLoginApplication() *AutoLoginApplication {
+	this := AutoLoginApplication{}
+	return &this
+}
+
+// NewAutoLoginApplicationWithDefaults instantiates a new AutoLoginApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAutoLoginApplicationWithDefaults() *AutoLoginApplication {
+	this := AutoLoginApplication{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *AutoLoginApplication) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *AutoLoginApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *AutoLoginApplication) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *AutoLoginApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *AutoLoginApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *AutoLoginApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *AutoLoginApplication) GetSettings() AutoLoginApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret AutoLoginApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplication) GetSettingsOk() (*AutoLoginApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *AutoLoginApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given AutoLoginApplicationSettings and assigns it to the Settings field.
+func (o *AutoLoginApplication) SetSettings(v AutoLoginApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o AutoLoginApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AutoLoginApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type AutoLoginApplicationWithoutEmbeddedStruct struct {
+		Credentials *SchemeApplicationCredentials `json:"credentials,omitempty"`
+		Name        *string                       `json:"name,omitempty"`
+		Settings    *AutoLoginApplicationSettings `json:"settings,omitempty"`
+	}
+
+	varAutoLoginApplicationWithoutEmbeddedStruct := AutoLoginApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varAutoLoginApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varAutoLoginApplication := _AutoLoginApplication{}
+		varAutoLoginApplication.Credentials = varAutoLoginApplicationWithoutEmbeddedStruct.Credentials
+		varAutoLoginApplication.Name = varAutoLoginApplicationWithoutEmbeddedStruct.Name
+		varAutoLoginApplication.Settings = varAutoLoginApplicationWithoutEmbeddedStruct.Settings
+		*o = AutoLoginApplication(varAutoLoginApplication)
+	} else {
+		return err
+	}
+
+	varAutoLoginApplication := _AutoLoginApplication{}
+
+	err = json.Unmarshal(bytes, &varAutoLoginApplication)
+	if err == nil {
+		o.Application = varAutoLoginApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAutoLoginApplication struct {
+	value *AutoLoginApplication
+	isSet bool
+}
+
+func (v NullableAutoLoginApplication) Get() *AutoLoginApplication {
+	return v.value
+}
+
+func (v *NullableAutoLoginApplication) Set(val *AutoLoginApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAutoLoginApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAutoLoginApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAutoLoginApplication(val *AutoLoginApplication) *NullableAutoLoginApplication {
+	return &NullableAutoLoginApplication{value: val, isSet: true}
+}
+
+func (v NullableAutoLoginApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAutoLoginApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_auto_login_application_all_of.go b/okta/model_auto_login_application_all_of.go
new file mode 100644
index 000000000..179f70dde
--- /dev/null
+++ b/okta/model_auto_login_application_all_of.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AutoLoginApplicationAllOf struct for AutoLoginApplicationAllOf
+type AutoLoginApplicationAllOf struct {
+	Credentials          *SchemeApplicationCredentials `json:"credentials,omitempty"`
+	Name                 *string                       `json:"name,omitempty"`
+	Settings             *AutoLoginApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AutoLoginApplicationAllOf AutoLoginApplicationAllOf
+
+// NewAutoLoginApplicationAllOf instantiates a new AutoLoginApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAutoLoginApplicationAllOf() *AutoLoginApplicationAllOf {
+	this := AutoLoginApplicationAllOf{}
+	return &this
+}
+
+// NewAutoLoginApplicationAllOfWithDefaults instantiates a new AutoLoginApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAutoLoginApplicationAllOfWithDefaults() *AutoLoginApplicationAllOf {
+	this := AutoLoginApplicationAllOf{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *AutoLoginApplicationAllOf) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *AutoLoginApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *AutoLoginApplicationAllOf) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *AutoLoginApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *AutoLoginApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *AutoLoginApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *AutoLoginApplicationAllOf) GetSettings() AutoLoginApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret AutoLoginApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationAllOf) GetSettingsOk() (*AutoLoginApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *AutoLoginApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given AutoLoginApplicationSettings and assigns it to the Settings field.
+func (o *AutoLoginApplicationAllOf) SetSettings(v AutoLoginApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o AutoLoginApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AutoLoginApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAutoLoginApplicationAllOf := _AutoLoginApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varAutoLoginApplicationAllOf)
+	if err == nil {
+		*o = AutoLoginApplicationAllOf(varAutoLoginApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAutoLoginApplicationAllOf struct {
+	value *AutoLoginApplicationAllOf
+	isSet bool
+}
+
+func (v NullableAutoLoginApplicationAllOf) Get() *AutoLoginApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableAutoLoginApplicationAllOf) Set(val *AutoLoginApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAutoLoginApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAutoLoginApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAutoLoginApplicationAllOf(val *AutoLoginApplicationAllOf) *NullableAutoLoginApplicationAllOf {
+	return &NullableAutoLoginApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableAutoLoginApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAutoLoginApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_auto_login_application_settings.go b/okta/model_auto_login_application_settings.go
new file mode 100644
index 000000000..801ee070a
--- /dev/null
+++ b/okta/model_auto_login_application_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AutoLoginApplicationSettings struct for AutoLoginApplicationSettings
+type AutoLoginApplicationSettings struct {
+	IdentityStoreId      *string                             `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                               `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                             `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes           `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications   `json:"notifications,omitempty"`
+	SignOn               *AutoLoginApplicationSettingsSignOn `json:"signOn,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AutoLoginApplicationSettings AutoLoginApplicationSettings
+
+// NewAutoLoginApplicationSettings instantiates a new AutoLoginApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAutoLoginApplicationSettings() *AutoLoginApplicationSettings {
+	this := AutoLoginApplicationSettings{}
+	return &this
+}
+
+// NewAutoLoginApplicationSettingsWithDefaults instantiates a new AutoLoginApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAutoLoginApplicationSettingsWithDefaults() *AutoLoginApplicationSettings {
+	this := AutoLoginApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *AutoLoginApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *AutoLoginApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *AutoLoginApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *AutoLoginApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *AutoLoginApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetSignOn returns the SignOn field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettings) GetSignOn() AutoLoginApplicationSettingsSignOn {
+	if o == nil || o.SignOn == nil {
+		var ret AutoLoginApplicationSettingsSignOn
+		return ret
+	}
+	return *o.SignOn
+}
+
+// GetSignOnOk returns a tuple with the SignOn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettings) GetSignOnOk() (*AutoLoginApplicationSettingsSignOn, bool) {
+	if o == nil || o.SignOn == nil {
+		return nil, false
+	}
+	return o.SignOn, true
+}
+
+// HasSignOn returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettings) HasSignOn() bool {
+	if o != nil && o.SignOn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignOn gets a reference to the given AutoLoginApplicationSettingsSignOn and assigns it to the SignOn field.
+func (o *AutoLoginApplicationSettings) SetSignOn(v AutoLoginApplicationSettingsSignOn) {
+	o.SignOn = &v
+}
+
+func (o AutoLoginApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.SignOn != nil {
+		toSerialize["signOn"] = o.SignOn
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AutoLoginApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varAutoLoginApplicationSettings := _AutoLoginApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varAutoLoginApplicationSettings)
+	if err == nil {
+		*o = AutoLoginApplicationSettings(varAutoLoginApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "signOn")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAutoLoginApplicationSettings struct {
+	value *AutoLoginApplicationSettings
+	isSet bool
+}
+
+func (v NullableAutoLoginApplicationSettings) Get() *AutoLoginApplicationSettings {
+	return v.value
+}
+
+func (v *NullableAutoLoginApplicationSettings) Set(val *AutoLoginApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAutoLoginApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAutoLoginApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAutoLoginApplicationSettings(val *AutoLoginApplicationSettings) *NullableAutoLoginApplicationSettings {
+	return &NullableAutoLoginApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableAutoLoginApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAutoLoginApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_auto_login_application_settings_all_of.go b/okta/model_auto_login_application_settings_all_of.go
new file mode 100644
index 000000000..ba4c6cc6c
--- /dev/null
+++ b/okta/model_auto_login_application_settings_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AutoLoginApplicationSettingsAllOf struct for AutoLoginApplicationSettingsAllOf
+type AutoLoginApplicationSettingsAllOf struct {
+	SignOn               *AutoLoginApplicationSettingsSignOn `json:"signOn,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AutoLoginApplicationSettingsAllOf AutoLoginApplicationSettingsAllOf
+
+// NewAutoLoginApplicationSettingsAllOf instantiates a new AutoLoginApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAutoLoginApplicationSettingsAllOf() *AutoLoginApplicationSettingsAllOf {
+	this := AutoLoginApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewAutoLoginApplicationSettingsAllOfWithDefaults instantiates a new AutoLoginApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAutoLoginApplicationSettingsAllOfWithDefaults() *AutoLoginApplicationSettingsAllOf {
+	this := AutoLoginApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetSignOn returns the SignOn field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettingsAllOf) GetSignOn() AutoLoginApplicationSettingsSignOn {
+	if o == nil || o.SignOn == nil {
+		var ret AutoLoginApplicationSettingsSignOn
+		return ret
+	}
+	return *o.SignOn
+}
+
+// GetSignOnOk returns a tuple with the SignOn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettingsAllOf) GetSignOnOk() (*AutoLoginApplicationSettingsSignOn, bool) {
+	if o == nil || o.SignOn == nil {
+		return nil, false
+	}
+	return o.SignOn, true
+}
+
+// HasSignOn returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettingsAllOf) HasSignOn() bool {
+	if o != nil && o.SignOn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignOn gets a reference to the given AutoLoginApplicationSettingsSignOn and assigns it to the SignOn field.
+func (o *AutoLoginApplicationSettingsAllOf) SetSignOn(v AutoLoginApplicationSettingsSignOn) {
+	o.SignOn = &v
+}
+
+func (o AutoLoginApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.SignOn != nil {
+		toSerialize["signOn"] = o.SignOn
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AutoLoginApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varAutoLoginApplicationSettingsAllOf := _AutoLoginApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varAutoLoginApplicationSettingsAllOf)
+	if err == nil {
+		*o = AutoLoginApplicationSettingsAllOf(varAutoLoginApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signOn")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAutoLoginApplicationSettingsAllOf struct {
+	value *AutoLoginApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableAutoLoginApplicationSettingsAllOf) Get() *AutoLoginApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableAutoLoginApplicationSettingsAllOf) Set(val *AutoLoginApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAutoLoginApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAutoLoginApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAutoLoginApplicationSettingsAllOf(val *AutoLoginApplicationSettingsAllOf) *NullableAutoLoginApplicationSettingsAllOf {
+	return &NullableAutoLoginApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableAutoLoginApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAutoLoginApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_auto_login_application_settings_sign_on.go b/okta/model_auto_login_application_settings_sign_on.go
new file mode 100644
index 000000000..22404867a
--- /dev/null
+++ b/okta/model_auto_login_application_settings_sign_on.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// AutoLoginApplicationSettingsSignOn struct for AutoLoginApplicationSettingsSignOn
+type AutoLoginApplicationSettingsSignOn struct {
+	LoginUrl             *string `json:"loginUrl,omitempty"`
+	RedirectUrl          *string `json:"redirectUrl,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AutoLoginApplicationSettingsSignOn AutoLoginApplicationSettingsSignOn
+
+// NewAutoLoginApplicationSettingsSignOn instantiates a new AutoLoginApplicationSettingsSignOn object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAutoLoginApplicationSettingsSignOn() *AutoLoginApplicationSettingsSignOn {
+	this := AutoLoginApplicationSettingsSignOn{}
+	return &this
+}
+
+// NewAutoLoginApplicationSettingsSignOnWithDefaults instantiates a new AutoLoginApplicationSettingsSignOn object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAutoLoginApplicationSettingsSignOnWithDefaults() *AutoLoginApplicationSettingsSignOn {
+	this := AutoLoginApplicationSettingsSignOn{}
+	return &this
+}
+
+// GetLoginUrl returns the LoginUrl field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettingsSignOn) GetLoginUrl() string {
+	if o == nil || o.LoginUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.LoginUrl
+}
+
+// GetLoginUrlOk returns a tuple with the LoginUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettingsSignOn) GetLoginUrlOk() (*string, bool) {
+	if o == nil || o.LoginUrl == nil {
+		return nil, false
+	}
+	return o.LoginUrl, true
+}
+
+// HasLoginUrl returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettingsSignOn) HasLoginUrl() bool {
+	if o != nil && o.LoginUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLoginUrl gets a reference to the given string and assigns it to the LoginUrl field.
+func (o *AutoLoginApplicationSettingsSignOn) SetLoginUrl(v string) {
+	o.LoginUrl = &v
+}
+
+// GetRedirectUrl returns the RedirectUrl field value if set, zero value otherwise.
+func (o *AutoLoginApplicationSettingsSignOn) GetRedirectUrl() string {
+	if o == nil || o.RedirectUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.RedirectUrl
+}
+
+// GetRedirectUrlOk returns a tuple with the RedirectUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoLoginApplicationSettingsSignOn) GetRedirectUrlOk() (*string, bool) {
+	if o == nil || o.RedirectUrl == nil {
+		return nil, false
+	}
+	return o.RedirectUrl, true
+}
+
+// HasRedirectUrl returns a boolean if a field has been set.
+func (o *AutoLoginApplicationSettingsSignOn) HasRedirectUrl() bool {
+	if o != nil && o.RedirectUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRedirectUrl gets a reference to the given string and assigns it to the RedirectUrl field.
+func (o *AutoLoginApplicationSettingsSignOn) SetRedirectUrl(v string) {
+	o.RedirectUrl = &v
+}
+
+func (o AutoLoginApplicationSettingsSignOn) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.LoginUrl != nil {
+		toSerialize["loginUrl"] = o.LoginUrl
+	}
+	if o.RedirectUrl != nil {
+		toSerialize["redirectUrl"] = o.RedirectUrl
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AutoLoginApplicationSettingsSignOn) UnmarshalJSON(bytes []byte) (err error) {
+	varAutoLoginApplicationSettingsSignOn := _AutoLoginApplicationSettingsSignOn{}
+
+	err = json.Unmarshal(bytes, &varAutoLoginApplicationSettingsSignOn)
+	if err == nil {
+		*o = AutoLoginApplicationSettingsSignOn(varAutoLoginApplicationSettingsSignOn)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "loginUrl")
+		delete(additionalProperties, "redirectUrl")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAutoLoginApplicationSettingsSignOn struct {
+	value *AutoLoginApplicationSettingsSignOn
+	isSet bool
+}
+
+func (v NullableAutoLoginApplicationSettingsSignOn) Get() *AutoLoginApplicationSettingsSignOn {
+	return v.value
+}
+
+func (v *NullableAutoLoginApplicationSettingsSignOn) Set(val *AutoLoginApplicationSettingsSignOn) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAutoLoginApplicationSettingsSignOn) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAutoLoginApplicationSettingsSignOn) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAutoLoginApplicationSettingsSignOn(val *AutoLoginApplicationSettingsSignOn) *NullableAutoLoginApplicationSettingsSignOn {
+	return &NullableAutoLoginApplicationSettingsSignOn{value: val, isSet: true}
+}
+
+func (v NullableAutoLoginApplicationSettingsSignOn) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAutoLoginApplicationSettingsSignOn) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_auto_update_schedule.go b/okta/model_auto_update_schedule.go
new file mode 100644
index 000000000..d117ed4ad
--- /dev/null
+++ b/okta/model_auto_update_schedule.go
@@ -0,0 +1,310 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// AutoUpdateSchedule The schedule of auto-update configured by admin.
+type AutoUpdateSchedule struct {
+	Cron *string `json:"cron,omitempty"`
+	// delay in days
+	Delay *int32 `json:"delay,omitempty"`
+	// duration in minutes
+	Duration *int32 `json:"duration,omitempty"`
+	// last time when the updated finished (success or failed, exclude cancelled), null if job haven't finished once yet.
+	LastUpdated          *time.Time `json:"lastUpdated,omitempty"`
+	Timezone             *string    `json:"timezone,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _AutoUpdateSchedule AutoUpdateSchedule
+
+// NewAutoUpdateSchedule instantiates a new AutoUpdateSchedule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAutoUpdateSchedule() *AutoUpdateSchedule {
+	this := AutoUpdateSchedule{}
+	return &this
+}
+
+// NewAutoUpdateScheduleWithDefaults instantiates a new AutoUpdateSchedule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAutoUpdateScheduleWithDefaults() *AutoUpdateSchedule {
+	this := AutoUpdateSchedule{}
+	return &this
+}
+
+// GetCron returns the Cron field value if set, zero value otherwise.
+func (o *AutoUpdateSchedule) GetCron() string {
+	if o == nil || o.Cron == nil {
+		var ret string
+		return ret
+	}
+	return *o.Cron
+}
+
+// GetCronOk returns a tuple with the Cron field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoUpdateSchedule) GetCronOk() (*string, bool) {
+	if o == nil || o.Cron == nil {
+		return nil, false
+	}
+	return o.Cron, true
+}
+
+// HasCron returns a boolean if a field has been set.
+func (o *AutoUpdateSchedule) HasCron() bool {
+	if o != nil && o.Cron != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCron gets a reference to the given string and assigns it to the Cron field.
+func (o *AutoUpdateSchedule) SetCron(v string) {
+	o.Cron = &v
+}
+
+// GetDelay returns the Delay field value if set, zero value otherwise.
+func (o *AutoUpdateSchedule) GetDelay() int32 {
+	if o == nil || o.Delay == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Delay
+}
+
+// GetDelayOk returns a tuple with the Delay field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoUpdateSchedule) GetDelayOk() (*int32, bool) {
+	if o == nil || o.Delay == nil {
+		return nil, false
+	}
+	return o.Delay, true
+}
+
+// HasDelay returns a boolean if a field has been set.
+func (o *AutoUpdateSchedule) HasDelay() bool {
+	if o != nil && o.Delay != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDelay gets a reference to the given int32 and assigns it to the Delay field.
+func (o *AutoUpdateSchedule) SetDelay(v int32) {
+	o.Delay = &v
+}
+
+// GetDuration returns the Duration field value if set, zero value otherwise.
+func (o *AutoUpdateSchedule) GetDuration() int32 {
+	if o == nil || o.Duration == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Duration
+}
+
+// GetDurationOk returns a tuple with the Duration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoUpdateSchedule) GetDurationOk() (*int32, bool) {
+	if o == nil || o.Duration == nil {
+		return nil, false
+	}
+	return o.Duration, true
+}
+
+// HasDuration returns a boolean if a field has been set.
+func (o *AutoUpdateSchedule) HasDuration() bool {
+	if o != nil && o.Duration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDuration gets a reference to the given int32 and assigns it to the Duration field.
+func (o *AutoUpdateSchedule) SetDuration(v int32) {
+	o.Duration = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *AutoUpdateSchedule) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoUpdateSchedule) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *AutoUpdateSchedule) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *AutoUpdateSchedule) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetTimezone returns the Timezone field value if set, zero value otherwise.
+func (o *AutoUpdateSchedule) GetTimezone() string {
+	if o == nil || o.Timezone == nil {
+		var ret string
+		return ret
+	}
+	return *o.Timezone
+}
+
+// GetTimezoneOk returns a tuple with the Timezone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AutoUpdateSchedule) GetTimezoneOk() (*string, bool) {
+	if o == nil || o.Timezone == nil {
+		return nil, false
+	}
+	return o.Timezone, true
+}
+
+// HasTimezone returns a boolean if a field has been set.
+func (o *AutoUpdateSchedule) HasTimezone() bool {
+	if o != nil && o.Timezone != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTimezone gets a reference to the given string and assigns it to the Timezone field.
+func (o *AutoUpdateSchedule) SetTimezone(v string) {
+	o.Timezone = &v
+}
+
+func (o AutoUpdateSchedule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Cron != nil {
+		toSerialize["cron"] = o.Cron
+	}
+	if o.Delay != nil {
+		toSerialize["delay"] = o.Delay
+	}
+	if o.Duration != nil {
+		toSerialize["duration"] = o.Duration
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Timezone != nil {
+		toSerialize["timezone"] = o.Timezone
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *AutoUpdateSchedule) UnmarshalJSON(bytes []byte) (err error) {
+	varAutoUpdateSchedule := _AutoUpdateSchedule{}
+
+	err = json.Unmarshal(bytes, &varAutoUpdateSchedule)
+	if err == nil {
+		*o = AutoUpdateSchedule(varAutoUpdateSchedule)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "cron")
+		delete(additionalProperties, "delay")
+		delete(additionalProperties, "duration")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "timezone")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableAutoUpdateSchedule struct {
+	value *AutoUpdateSchedule
+	isSet bool
+}
+
+func (v NullableAutoUpdateSchedule) Get() *AutoUpdateSchedule {
+	return v.value
+}
+
+func (v *NullableAutoUpdateSchedule) Set(val *AutoUpdateSchedule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAutoUpdateSchedule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAutoUpdateSchedule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAutoUpdateSchedule(val *AutoUpdateSchedule) *NullableAutoUpdateSchedule {
+	return &NullableAutoUpdateSchedule{value: val, isSet: true}
+}
+
+func (v NullableAutoUpdateSchedule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAutoUpdateSchedule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_aws_region.go b/okta/model_aws_region.go
new file mode 100644
index 000000000..7e96d6ef0
--- /dev/null
+++ b/okta/model_aws_region.go
@@ -0,0 +1,142 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AwsRegion An AWS region
+type AwsRegion string
+
+// List of AwsRegion
+const (
+	AWSREGION_CA_CENTRAL_1 AwsRegion = "ca-central-1"
+	AWSREGION_EU_CENTRAL_1 AwsRegion = "eu-central-1"
+	AWSREGION_EU_NORTH_1   AwsRegion = "eu-north-1"
+	AWSREGION_EU_SOUTH_1   AwsRegion = "eu-south-1"
+	AWSREGION_EU_WEST_1    AwsRegion = "eu-west-1"
+	AWSREGION_EU_WEST_2    AwsRegion = "eu-west-2"
+	AWSREGION_EU_WEST_3    AwsRegion = "eu-west-3"
+	AWSREGION_US_EAST_1    AwsRegion = "us-east-1"
+	AWSREGION_US_EAST_2    AwsRegion = "us-east-2"
+	AWSREGION_US_WEST_1    AwsRegion = "us-west-1"
+	AWSREGION_US_WEST_2    AwsRegion = "us-west-2"
+)
+
+// All allowed values of AwsRegion enum
+var AllowedAwsRegionEnumValues = []AwsRegion{
+	"ca-central-1",
+	"eu-central-1",
+	"eu-north-1",
+	"eu-south-1",
+	"eu-west-1",
+	"eu-west-2",
+	"eu-west-3",
+	"us-east-1",
+	"us-east-2",
+	"us-west-1",
+	"us-west-2",
+}
+
+func (v *AwsRegion) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := AwsRegion(value)
+	for _, existing := range AllowedAwsRegionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid AwsRegion", value)
+}
+
+// NewAwsRegionFromValue returns a pointer to a valid AwsRegion
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewAwsRegionFromValue(v string) (*AwsRegion, error) {
+	ev := AwsRegion(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for AwsRegion: valid values are %v", v, AllowedAwsRegionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v AwsRegion) IsValid() bool {
+	for _, existing := range AllowedAwsRegionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to AwsRegion value
+func (v AwsRegion) Ptr() *AwsRegion {
+	return &v
+}
+
+type NullableAwsRegion struct {
+	value *AwsRegion
+	isSet bool
+}
+
+func (v NullableAwsRegion) Get() *AwsRegion {
+	return v.value
+}
+
+func (v *NullableAwsRegion) Set(val *AwsRegion) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableAwsRegion) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableAwsRegion) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableAwsRegion(val *AwsRegion) *NullableAwsRegion {
+	return &NullableAwsRegion{value: val, isSet: true}
+}
+
+func (v NullableAwsRegion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableAwsRegion) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_base_email_domain.go b/okta/model_base_email_domain.go
new file mode 100644
index 000000000..5244f30c0
--- /dev/null
+++ b/okta/model_base_email_domain.go
@@ -0,0 +1,181 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BaseEmailDomain struct for BaseEmailDomain
+type BaseEmailDomain struct {
+	DisplayName          string `json:"displayName"`
+	UserName             string `json:"userName"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BaseEmailDomain BaseEmailDomain
+
+// NewBaseEmailDomain instantiates a new BaseEmailDomain object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBaseEmailDomain(displayName string, userName string) *BaseEmailDomain {
+	this := BaseEmailDomain{}
+	this.DisplayName = displayName
+	this.UserName = userName
+	return &this
+}
+
+// NewBaseEmailDomainWithDefaults instantiates a new BaseEmailDomain object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBaseEmailDomainWithDefaults() *BaseEmailDomain {
+	this := BaseEmailDomain{}
+	return &this
+}
+
+// GetDisplayName returns the DisplayName field value
+func (o *BaseEmailDomain) GetDisplayName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value
+// and a boolean to check if the value has been set.
+func (o *BaseEmailDomain) GetDisplayNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.DisplayName, true
+}
+
+// SetDisplayName sets field value
+func (o *BaseEmailDomain) SetDisplayName(v string) {
+	o.DisplayName = v
+}
+
+// GetUserName returns the UserName field value
+func (o *BaseEmailDomain) GetUserName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value
+// and a boolean to check if the value has been set.
+func (o *BaseEmailDomain) GetUserNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.UserName, true
+}
+
+// SetUserName sets field value
+func (o *BaseEmailDomain) SetUserName(v string) {
+	o.UserName = v
+}
+
+func (o BaseEmailDomain) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if true {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BaseEmailDomain) UnmarshalJSON(bytes []byte) (err error) {
+	varBaseEmailDomain := _BaseEmailDomain{}
+
+	err = json.Unmarshal(bytes, &varBaseEmailDomain)
+	if err == nil {
+		*o = BaseEmailDomain(varBaseEmailDomain)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBaseEmailDomain struct {
+	value *BaseEmailDomain
+	isSet bool
+}
+
+func (v NullableBaseEmailDomain) Get() *BaseEmailDomain {
+	return v.value
+}
+
+func (v *NullableBaseEmailDomain) Set(val *BaseEmailDomain) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBaseEmailDomain) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBaseEmailDomain) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBaseEmailDomain(val *BaseEmailDomain) *NullableBaseEmailDomain {
+	return &NullableBaseEmailDomain{value: val, isSet: true}
+}
+
+func (v NullableBaseEmailDomain) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBaseEmailDomain) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_basic_application_settings.go b/okta/model_basic_application_settings.go
new file mode 100644
index 000000000..4de66944b
--- /dev/null
+++ b/okta/model_basic_application_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BasicApplicationSettings struct for BasicApplicationSettings
+type BasicApplicationSettings struct {
+	IdentityStoreId      *string                              `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                                `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                              `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes            `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications    `json:"notifications,omitempty"`
+	App                  *BasicApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BasicApplicationSettings BasicApplicationSettings
+
+// NewBasicApplicationSettings instantiates a new BasicApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBasicApplicationSettings() *BasicApplicationSettings {
+	this := BasicApplicationSettings{}
+	return &this
+}
+
+// NewBasicApplicationSettingsWithDefaults instantiates a new BasicApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBasicApplicationSettingsWithDefaults() *BasicApplicationSettings {
+	this := BasicApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *BasicApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *BasicApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *BasicApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *BasicApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *BasicApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *BasicApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *BasicApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *BasicApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *BasicApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *BasicApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *BasicApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *BasicApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *BasicApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *BasicApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *BasicApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *BasicApplicationSettings) GetApp() BasicApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret BasicApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettings) GetAppOk() (*BasicApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *BasicApplicationSettings) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given BasicApplicationSettingsApplication and assigns it to the App field.
+func (o *BasicApplicationSettings) SetApp(v BasicApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o BasicApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BasicApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varBasicApplicationSettings := _BasicApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varBasicApplicationSettings)
+	if err == nil {
+		*o = BasicApplicationSettings(varBasicApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBasicApplicationSettings struct {
+	value *BasicApplicationSettings
+	isSet bool
+}
+
+func (v NullableBasicApplicationSettings) Get() *BasicApplicationSettings {
+	return v.value
+}
+
+func (v *NullableBasicApplicationSettings) Set(val *BasicApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBasicApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBasicApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBasicApplicationSettings(val *BasicApplicationSettings) *NullableBasicApplicationSettings {
+	return &NullableBasicApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableBasicApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBasicApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_basic_application_settings_all_of.go b/okta/model_basic_application_settings_all_of.go
new file mode 100644
index 000000000..9f503a884
--- /dev/null
+++ b/okta/model_basic_application_settings_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BasicApplicationSettingsAllOf struct for BasicApplicationSettingsAllOf
+type BasicApplicationSettingsAllOf struct {
+	App                  *BasicApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BasicApplicationSettingsAllOf BasicApplicationSettingsAllOf
+
+// NewBasicApplicationSettingsAllOf instantiates a new BasicApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBasicApplicationSettingsAllOf() *BasicApplicationSettingsAllOf {
+	this := BasicApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewBasicApplicationSettingsAllOfWithDefaults instantiates a new BasicApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBasicApplicationSettingsAllOfWithDefaults() *BasicApplicationSettingsAllOf {
+	this := BasicApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *BasicApplicationSettingsAllOf) GetApp() BasicApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret BasicApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettingsAllOf) GetAppOk() (*BasicApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *BasicApplicationSettingsAllOf) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given BasicApplicationSettingsApplication and assigns it to the App field.
+func (o *BasicApplicationSettingsAllOf) SetApp(v BasicApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o BasicApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BasicApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBasicApplicationSettingsAllOf := _BasicApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varBasicApplicationSettingsAllOf)
+	if err == nil {
+		*o = BasicApplicationSettingsAllOf(varBasicApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBasicApplicationSettingsAllOf struct {
+	value *BasicApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableBasicApplicationSettingsAllOf) Get() *BasicApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableBasicApplicationSettingsAllOf) Set(val *BasicApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBasicApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBasicApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBasicApplicationSettingsAllOf(val *BasicApplicationSettingsAllOf) *NullableBasicApplicationSettingsAllOf {
+	return &NullableBasicApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableBasicApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBasicApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_basic_application_settings_application.go b/okta/model_basic_application_settings_application.go
new file mode 100644
index 000000000..8fe471caf
--- /dev/null
+++ b/okta/model_basic_application_settings_application.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BasicApplicationSettingsApplication struct for BasicApplicationSettingsApplication
+type BasicApplicationSettingsApplication struct {
+	AuthURL              *string `json:"authURL,omitempty"`
+	Url                  *string `json:"url,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BasicApplicationSettingsApplication BasicApplicationSettingsApplication
+
+// NewBasicApplicationSettingsApplication instantiates a new BasicApplicationSettingsApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBasicApplicationSettingsApplication() *BasicApplicationSettingsApplication {
+	this := BasicApplicationSettingsApplication{}
+	return &this
+}
+
+// NewBasicApplicationSettingsApplicationWithDefaults instantiates a new BasicApplicationSettingsApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBasicApplicationSettingsApplicationWithDefaults() *BasicApplicationSettingsApplication {
+	this := BasicApplicationSettingsApplication{}
+	return &this
+}
+
+// GetAuthURL returns the AuthURL field value if set, zero value otherwise.
+func (o *BasicApplicationSettingsApplication) GetAuthURL() string {
+	if o == nil || o.AuthURL == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthURL
+}
+
+// GetAuthURLOk returns a tuple with the AuthURL field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettingsApplication) GetAuthURLOk() (*string, bool) {
+	if o == nil || o.AuthURL == nil {
+		return nil, false
+	}
+	return o.AuthURL, true
+}
+
+// HasAuthURL returns a boolean if a field has been set.
+func (o *BasicApplicationSettingsApplication) HasAuthURL() bool {
+	if o != nil && o.AuthURL != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthURL gets a reference to the given string and assigns it to the AuthURL field.
+func (o *BasicApplicationSettingsApplication) SetAuthURL(v string) {
+	o.AuthURL = &v
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *BasicApplicationSettingsApplication) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicApplicationSettingsApplication) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *BasicApplicationSettingsApplication) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *BasicApplicationSettingsApplication) SetUrl(v string) {
+	o.Url = &v
+}
+
+func (o BasicApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthURL != nil {
+		toSerialize["authURL"] = o.AuthURL
+	}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BasicApplicationSettingsApplication) UnmarshalJSON(bytes []byte) (err error) {
+	varBasicApplicationSettingsApplication := _BasicApplicationSettingsApplication{}
+
+	err = json.Unmarshal(bytes, &varBasicApplicationSettingsApplication)
+	if err == nil {
+		*o = BasicApplicationSettingsApplication(varBasicApplicationSettingsApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authURL")
+		delete(additionalProperties, "url")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBasicApplicationSettingsApplication struct {
+	value *BasicApplicationSettingsApplication
+	isSet bool
+}
+
+func (v NullableBasicApplicationSettingsApplication) Get() *BasicApplicationSettingsApplication {
+	return v.value
+}
+
+func (v *NullableBasicApplicationSettingsApplication) Set(val *BasicApplicationSettingsApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBasicApplicationSettingsApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBasicApplicationSettingsApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBasicApplicationSettingsApplication(val *BasicApplicationSettingsApplication) *NullableBasicApplicationSettingsApplication {
+	return &NullableBasicApplicationSettingsApplication{value: val, isSet: true}
+}
+
+func (v NullableBasicApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBasicApplicationSettingsApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_basic_auth_application.go b/okta/model_basic_auth_application.go
new file mode 100644
index 000000000..3f7d59695
--- /dev/null
+++ b/okta/model_basic_auth_application.go
@@ -0,0 +1,285 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// BasicAuthApplication struct for BasicAuthApplication
+type BasicAuthApplication struct {
+	Application
+	Credentials          *SchemeApplicationCredentials `json:"credentials,omitempty"`
+	Name                 *string                       `json:"name,omitempty"`
+	Settings             *BasicApplicationSettings     `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BasicAuthApplication BasicAuthApplication
+
+// NewBasicAuthApplication instantiates a new BasicAuthApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBasicAuthApplication() *BasicAuthApplication {
+	this := BasicAuthApplication{}
+	var name string = "template_basic_auth"
+	this.Name = &name
+	return &this
+}
+
+// NewBasicAuthApplicationWithDefaults instantiates a new BasicAuthApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBasicAuthApplicationWithDefaults() *BasicAuthApplication {
+	this := BasicAuthApplication{}
+	var name string = "template_basic_auth"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *BasicAuthApplication) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicAuthApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *BasicAuthApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *BasicAuthApplication) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *BasicAuthApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicAuthApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *BasicAuthApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *BasicAuthApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BasicAuthApplication) GetSettings() BasicApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret BasicApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicAuthApplication) GetSettingsOk() (*BasicApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BasicAuthApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BasicApplicationSettings and assigns it to the Settings field.
+func (o *BasicAuthApplication) SetSettings(v BasicApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o BasicAuthApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BasicAuthApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type BasicAuthApplicationWithoutEmbeddedStruct struct {
+		Credentials *SchemeApplicationCredentials `json:"credentials,omitempty"`
+		Name        *string                       `json:"name,omitempty"`
+		Settings    *BasicApplicationSettings     `json:"settings,omitempty"`
+	}
+
+	varBasicAuthApplicationWithoutEmbeddedStruct := BasicAuthApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varBasicAuthApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varBasicAuthApplication := _BasicAuthApplication{}
+		varBasicAuthApplication.Credentials = varBasicAuthApplicationWithoutEmbeddedStruct.Credentials
+		varBasicAuthApplication.Name = varBasicAuthApplicationWithoutEmbeddedStruct.Name
+		varBasicAuthApplication.Settings = varBasicAuthApplicationWithoutEmbeddedStruct.Settings
+		*o = BasicAuthApplication(varBasicAuthApplication)
+	} else {
+		return err
+	}
+
+	varBasicAuthApplication := _BasicAuthApplication{}
+
+	err = json.Unmarshal(bytes, &varBasicAuthApplication)
+	if err == nil {
+		o.Application = varBasicAuthApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBasicAuthApplication struct {
+	value *BasicAuthApplication
+	isSet bool
+}
+
+func (v NullableBasicAuthApplication) Get() *BasicAuthApplication {
+	return v.value
+}
+
+func (v *NullableBasicAuthApplication) Set(val *BasicAuthApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBasicAuthApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBasicAuthApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBasicAuthApplication(val *BasicAuthApplication) *NullableBasicAuthApplication {
+	return &NullableBasicAuthApplication{value: val, isSet: true}
+}
+
+func (v NullableBasicAuthApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBasicAuthApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_basic_auth_application_all_of.go b/okta/model_basic_auth_application_all_of.go
new file mode 100644
index 000000000..62138d19a
--- /dev/null
+++ b/okta/model_basic_auth_application_all_of.go
@@ -0,0 +1,236 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BasicAuthApplicationAllOf struct for BasicAuthApplicationAllOf
+type BasicAuthApplicationAllOf struct {
+	Credentials          *SchemeApplicationCredentials `json:"credentials,omitempty"`
+	Name                 *string                       `json:"name,omitempty"`
+	Settings             *BasicApplicationSettings     `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BasicAuthApplicationAllOf BasicAuthApplicationAllOf
+
+// NewBasicAuthApplicationAllOf instantiates a new BasicAuthApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBasicAuthApplicationAllOf() *BasicAuthApplicationAllOf {
+	this := BasicAuthApplicationAllOf{}
+	var name string = "template_basic_auth"
+	this.Name = &name
+	return &this
+}
+
+// NewBasicAuthApplicationAllOfWithDefaults instantiates a new BasicAuthApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBasicAuthApplicationAllOfWithDefaults() *BasicAuthApplicationAllOf {
+	this := BasicAuthApplicationAllOf{}
+	var name string = "template_basic_auth"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *BasicAuthApplicationAllOf) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicAuthApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *BasicAuthApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *BasicAuthApplicationAllOf) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *BasicAuthApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicAuthApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *BasicAuthApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *BasicAuthApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BasicAuthApplicationAllOf) GetSettings() BasicApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret BasicApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BasicAuthApplicationAllOf) GetSettingsOk() (*BasicApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BasicAuthApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BasicApplicationSettings and assigns it to the Settings field.
+func (o *BasicAuthApplicationAllOf) SetSettings(v BasicApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o BasicAuthApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BasicAuthApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBasicAuthApplicationAllOf := _BasicAuthApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varBasicAuthApplicationAllOf)
+	if err == nil {
+		*o = BasicAuthApplicationAllOf(varBasicAuthApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBasicAuthApplicationAllOf struct {
+	value *BasicAuthApplicationAllOf
+	isSet bool
+}
+
+func (v NullableBasicAuthApplicationAllOf) Get() *BasicAuthApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableBasicAuthApplicationAllOf) Set(val *BasicAuthApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBasicAuthApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBasicAuthApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBasicAuthApplicationAllOf(val *BasicAuthApplicationAllOf) *NullableBasicAuthApplicationAllOf {
+	return &NullableBasicAuthApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableBasicAuthApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBasicAuthApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_before_scheduled_action_policy_rule_condition.go b/okta/model_before_scheduled_action_policy_rule_condition.go
new file mode 100644
index 000000000..bd8e9b903
--- /dev/null
+++ b/okta/model_before_scheduled_action_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BeforeScheduledActionPolicyRuleCondition struct for BeforeScheduledActionPolicyRuleCondition
+type BeforeScheduledActionPolicyRuleCondition struct {
+	Duration             *Duration                     `json:"duration,omitempty"`
+	LifecycleAction      *ScheduledUserLifecycleAction `json:"lifecycleAction,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BeforeScheduledActionPolicyRuleCondition BeforeScheduledActionPolicyRuleCondition
+
+// NewBeforeScheduledActionPolicyRuleCondition instantiates a new BeforeScheduledActionPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBeforeScheduledActionPolicyRuleCondition() *BeforeScheduledActionPolicyRuleCondition {
+	this := BeforeScheduledActionPolicyRuleCondition{}
+	return &this
+}
+
+// NewBeforeScheduledActionPolicyRuleConditionWithDefaults instantiates a new BeforeScheduledActionPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBeforeScheduledActionPolicyRuleConditionWithDefaults() *BeforeScheduledActionPolicyRuleCondition {
+	this := BeforeScheduledActionPolicyRuleCondition{}
+	return &this
+}
+
+// GetDuration returns the Duration field value if set, zero value otherwise.
+func (o *BeforeScheduledActionPolicyRuleCondition) GetDuration() Duration {
+	if o == nil || o.Duration == nil {
+		var ret Duration
+		return ret
+	}
+	return *o.Duration
+}
+
+// GetDurationOk returns a tuple with the Duration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BeforeScheduledActionPolicyRuleCondition) GetDurationOk() (*Duration, bool) {
+	if o == nil || o.Duration == nil {
+		return nil, false
+	}
+	return o.Duration, true
+}
+
+// HasDuration returns a boolean if a field has been set.
+func (o *BeforeScheduledActionPolicyRuleCondition) HasDuration() bool {
+	if o != nil && o.Duration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDuration gets a reference to the given Duration and assigns it to the Duration field.
+func (o *BeforeScheduledActionPolicyRuleCondition) SetDuration(v Duration) {
+	o.Duration = &v
+}
+
+// GetLifecycleAction returns the LifecycleAction field value if set, zero value otherwise.
+func (o *BeforeScheduledActionPolicyRuleCondition) GetLifecycleAction() ScheduledUserLifecycleAction {
+	if o == nil || o.LifecycleAction == nil {
+		var ret ScheduledUserLifecycleAction
+		return ret
+	}
+	return *o.LifecycleAction
+}
+
+// GetLifecycleActionOk returns a tuple with the LifecycleAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BeforeScheduledActionPolicyRuleCondition) GetLifecycleActionOk() (*ScheduledUserLifecycleAction, bool) {
+	if o == nil || o.LifecycleAction == nil {
+		return nil, false
+	}
+	return o.LifecycleAction, true
+}
+
+// HasLifecycleAction returns a boolean if a field has been set.
+func (o *BeforeScheduledActionPolicyRuleCondition) HasLifecycleAction() bool {
+	if o != nil && o.LifecycleAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLifecycleAction gets a reference to the given ScheduledUserLifecycleAction and assigns it to the LifecycleAction field.
+func (o *BeforeScheduledActionPolicyRuleCondition) SetLifecycleAction(v ScheduledUserLifecycleAction) {
+	o.LifecycleAction = &v
+}
+
+func (o BeforeScheduledActionPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Duration != nil {
+		toSerialize["duration"] = o.Duration
+	}
+	if o.LifecycleAction != nil {
+		toSerialize["lifecycleAction"] = o.LifecycleAction
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BeforeScheduledActionPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varBeforeScheduledActionPolicyRuleCondition := _BeforeScheduledActionPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varBeforeScheduledActionPolicyRuleCondition)
+	if err == nil {
+		*o = BeforeScheduledActionPolicyRuleCondition(varBeforeScheduledActionPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "duration")
+		delete(additionalProperties, "lifecycleAction")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBeforeScheduledActionPolicyRuleCondition struct {
+	value *BeforeScheduledActionPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableBeforeScheduledActionPolicyRuleCondition) Get() *BeforeScheduledActionPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableBeforeScheduledActionPolicyRuleCondition) Set(val *BeforeScheduledActionPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBeforeScheduledActionPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBeforeScheduledActionPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBeforeScheduledActionPolicyRuleCondition(val *BeforeScheduledActionPolicyRuleCondition) *NullableBeforeScheduledActionPolicyRuleCondition {
+	return &NullableBeforeScheduledActionPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableBeforeScheduledActionPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBeforeScheduledActionPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_detection_rule_settings_based_on_device_velocity_in_kilometers_per_hour_.go b/okta/model_behavior_detection_rule_settings_based_on_device_velocity_in_kilometers_per_hour_.go
new file mode 100644
index 000000000..c22dea1dd
--- /dev/null
+++ b/okta/model_behavior_detection_rule_settings_based_on_device_velocity_in_kilometers_per_hour_.go
@@ -0,0 +1,153 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour struct for BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour
+type BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour struct {
+	VelocityKph          int32 `json:"velocityKph"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour
+
+// NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour instantiates a new BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour(velocityKph int32) *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour {
+	this := BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour{}
+	this.VelocityKph = velocityKph
+	return &this
+}
+
+// NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHourWithDefaults instantiates a new BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHourWithDefaults() *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour {
+	this := BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour{}
+	var velocityKph int32 = 805
+	this.VelocityKph = velocityKph
+	return &this
+}
+
+// GetVelocityKph returns the VelocityKph field value
+func (o *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) GetVelocityKph() int32 {
+	if o == nil {
+		var ret int32
+		return ret
+	}
+
+	return o.VelocityKph
+}
+
+// GetVelocityKphOk returns a tuple with the VelocityKph field value
+// and a boolean to check if the value has been set.
+func (o *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) GetVelocityKphOk() (*int32, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.VelocityKph, true
+}
+
+// SetVelocityKph sets field value
+func (o *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) SetVelocityKph(v int32) {
+	o.VelocityKph = v
+}
+
+func (o BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["velocityKph"] = o.VelocityKph
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour := _BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour{}
+
+	err = json.Unmarshal(bytes, &varBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour)
+	if err == nil {
+		*o = BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour(varBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "velocityKph")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour struct {
+	value *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour
+	isSet bool
+}
+
+func (v NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) Get() *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour {
+	return v.value
+}
+
+func (v *NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) Set(val *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour(val *BehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) *NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour {
+	return &NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour{value: val, isSet: true}
+}
+
+func (v NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorDetectionRuleSettingsBasedOnDeviceVelocityInKilometersPerHour) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_detection_rule_settings_based_on_event_history.go b/okta/model_behavior_detection_rule_settings_based_on_event_history.go
new file mode 100644
index 000000000..634d23500
--- /dev/null
+++ b/okta/model_behavior_detection_rule_settings_based_on_event_history.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorDetectionRuleSettingsBasedOnEventHistory struct for BehaviorDetectionRuleSettingsBasedOnEventHistory
+type BehaviorDetectionRuleSettingsBasedOnEventHistory struct {
+	MaxEventsUsedForEvaluation   *int32 `json:"maxEventsUsedForEvaluation,omitempty"`
+	MinEventsNeededForEvaluation *int32 `json:"minEventsNeededForEvaluation,omitempty"`
+	AdditionalProperties         map[string]interface{}
+}
+
+type _BehaviorDetectionRuleSettingsBasedOnEventHistory BehaviorDetectionRuleSettingsBasedOnEventHistory
+
+// NewBehaviorDetectionRuleSettingsBasedOnEventHistory instantiates a new BehaviorDetectionRuleSettingsBasedOnEventHistory object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorDetectionRuleSettingsBasedOnEventHistory() *BehaviorDetectionRuleSettingsBasedOnEventHistory {
+	this := BehaviorDetectionRuleSettingsBasedOnEventHistory{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// NewBehaviorDetectionRuleSettingsBasedOnEventHistoryWithDefaults instantiates a new BehaviorDetectionRuleSettingsBasedOnEventHistory object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorDetectionRuleSettingsBasedOnEventHistoryWithDefaults() *BehaviorDetectionRuleSettingsBasedOnEventHistory {
+	this := BehaviorDetectionRuleSettingsBasedOnEventHistory{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMaxEventsUsedForEvaluation() int32 {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxEventsUsedForEvaluation
+}
+
+// GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMaxEventsUsedForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		return nil, false
+	}
+	return o.MaxEventsUsedForEvaluation, true
+}
+
+// HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) HasMaxEventsUsedForEvaluation() bool {
+	if o != nil && o.MaxEventsUsedForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxEventsUsedForEvaluation gets a reference to the given int32 and assigns it to the MaxEventsUsedForEvaluation field.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) SetMaxEventsUsedForEvaluation(v int32) {
+	o.MaxEventsUsedForEvaluation = &v
+}
+
+// GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMinEventsNeededForEvaluation() int32 {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinEventsNeededForEvaluation
+}
+
+// GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) GetMinEventsNeededForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		return nil, false
+	}
+	return o.MinEventsNeededForEvaluation, true
+}
+
+// HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) HasMinEventsNeededForEvaluation() bool {
+	if o != nil && o.MinEventsNeededForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinEventsNeededForEvaluation gets a reference to the given int32 and assigns it to the MinEventsNeededForEvaluation field.
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) SetMinEventsNeededForEvaluation(v int32) {
+	o.MinEventsNeededForEvaluation = &v
+}
+
+func (o BehaviorDetectionRuleSettingsBasedOnEventHistory) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MaxEventsUsedForEvaluation != nil {
+		toSerialize["maxEventsUsedForEvaluation"] = o.MaxEventsUsedForEvaluation
+	}
+	if o.MinEventsNeededForEvaluation != nil {
+		toSerialize["minEventsNeededForEvaluation"] = o.MinEventsNeededForEvaluation
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorDetectionRuleSettingsBasedOnEventHistory) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorDetectionRuleSettingsBasedOnEventHistory := _BehaviorDetectionRuleSettingsBasedOnEventHistory{}
+
+	err = json.Unmarshal(bytes, &varBehaviorDetectionRuleSettingsBasedOnEventHistory)
+	if err == nil {
+		*o = BehaviorDetectionRuleSettingsBasedOnEventHistory(varBehaviorDetectionRuleSettingsBasedOnEventHistory)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "maxEventsUsedForEvaluation")
+		delete(additionalProperties, "minEventsNeededForEvaluation")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorDetectionRuleSettingsBasedOnEventHistory struct {
+	value *BehaviorDetectionRuleSettingsBasedOnEventHistory
+	isSet bool
+}
+
+func (v NullableBehaviorDetectionRuleSettingsBasedOnEventHistory) Get() *BehaviorDetectionRuleSettingsBasedOnEventHistory {
+	return v.value
+}
+
+func (v *NullableBehaviorDetectionRuleSettingsBasedOnEventHistory) Set(val *BehaviorDetectionRuleSettingsBasedOnEventHistory) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorDetectionRuleSettingsBasedOnEventHistory) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorDetectionRuleSettingsBasedOnEventHistory) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorDetectionRuleSettingsBasedOnEventHistory(val *BehaviorDetectionRuleSettingsBasedOnEventHistory) *NullableBehaviorDetectionRuleSettingsBasedOnEventHistory {
+	return &NullableBehaviorDetectionRuleSettingsBasedOnEventHistory{value: val, isSet: true}
+}
+
+func (v NullableBehaviorDetectionRuleSettingsBasedOnEventHistory) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorDetectionRuleSettingsBasedOnEventHistory) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule.go b/okta/model_behavior_rule.go
new file mode 100644
index 000000000..7f302f4da
--- /dev/null
+++ b/okta/model_behavior_rule.go
@@ -0,0 +1,367 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// BehaviorRule struct for BehaviorRule
+type BehaviorRule struct {
+	Created              *time.Time       `json:"created,omitempty"`
+	Id                   *string          `json:"id,omitempty"`
+	LastUpdated          *time.Time       `json:"lastUpdated,omitempty"`
+	Name                 string           `json:"name"`
+	Status               *LifecycleStatus `json:"status,omitempty"`
+	Type                 BehaviorRuleType `json:"type"`
+	Link                 *ApiTokenLink    `json:"_link,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRule BehaviorRule
+
+// NewBehaviorRule instantiates a new BehaviorRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRule(name string, type_ BehaviorRuleType) *BehaviorRule {
+	this := BehaviorRule{}
+	this.Name = name
+	this.Type = type_
+	return &this
+}
+
+// NewBehaviorRuleWithDefaults instantiates a new BehaviorRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleWithDefaults() *BehaviorRule {
+	this := BehaviorRule{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *BehaviorRule) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRule) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *BehaviorRule) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *BehaviorRule) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *BehaviorRule) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRule) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *BehaviorRule) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *BehaviorRule) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *BehaviorRule) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRule) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *BehaviorRule) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *BehaviorRule) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value
+func (o *BehaviorRule) GetName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value
+// and a boolean to check if the value has been set.
+func (o *BehaviorRule) GetNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Name, true
+}
+
+// SetName sets field value
+func (o *BehaviorRule) SetName(v string) {
+	o.Name = v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *BehaviorRule) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRule) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *BehaviorRule) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *BehaviorRule) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value
+func (o *BehaviorRule) GetType() BehaviorRuleType {
+	if o == nil {
+		var ret BehaviorRuleType
+		return ret
+	}
+
+	return o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value
+// and a boolean to check if the value has been set.
+func (o *BehaviorRule) GetTypeOk() (*BehaviorRuleType, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Type, true
+}
+
+// SetType sets field value
+func (o *BehaviorRule) SetType(v BehaviorRuleType) {
+	o.Type = v
+}
+
+// GetLink returns the Link field value if set, zero value otherwise.
+func (o *BehaviorRule) GetLink() ApiTokenLink {
+	if o == nil || o.Link == nil {
+		var ret ApiTokenLink
+		return ret
+	}
+	return *o.Link
+}
+
+// GetLinkOk returns a tuple with the Link field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRule) GetLinkOk() (*ApiTokenLink, bool) {
+	if o == nil || o.Link == nil {
+		return nil, false
+	}
+	return o.Link, true
+}
+
+// HasLink returns a boolean if a field has been set.
+func (o *BehaviorRule) HasLink() bool {
+	if o != nil && o.Link != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLink gets a reference to the given ApiTokenLink and assigns it to the Link field.
+func (o *BehaviorRule) SetLink(v ApiTokenLink) {
+	o.Link = &v
+}
+
+func (o BehaviorRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if true {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if true {
+		toSerialize["type"] = o.Type
+	}
+	if o.Link != nil {
+		toSerialize["_link"] = o.Link
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRule) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRule := _BehaviorRule{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRule)
+	if err == nil {
+		*o = BehaviorRule(varBehaviorRule)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_link")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRule struct {
+	value *BehaviorRule
+	isSet bool
+}
+
+func (v NullableBehaviorRule) Get() *BehaviorRule {
+	return v.value
+}
+
+func (v *NullableBehaviorRule) Set(val *BehaviorRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRule(val *BehaviorRule) *NullableBehaviorRule {
+	return &NullableBehaviorRule{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_anomalous_device.go b/okta/model_behavior_rule_anomalous_device.go
new file mode 100644
index 000000000..cca0156ef
--- /dev/null
+++ b/okta/model_behavior_rule_anomalous_device.go
@@ -0,0 +1,205 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// BehaviorRuleAnomalousDevice struct for BehaviorRuleAnomalousDevice
+type BehaviorRuleAnomalousDevice struct {
+	BehaviorRule
+	Settings             *BehaviorRuleSettingsAnomalousDevice `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleAnomalousDevice BehaviorRuleAnomalousDevice
+
+// NewBehaviorRuleAnomalousDevice instantiates a new BehaviorRuleAnomalousDevice object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleAnomalousDevice(name string, type_ BehaviorRuleType) *BehaviorRuleAnomalousDevice {
+	this := BehaviorRuleAnomalousDevice{}
+	this.Name = name
+	this.Type = type_
+	return &this
+}
+
+// NewBehaviorRuleAnomalousDeviceWithDefaults instantiates a new BehaviorRuleAnomalousDevice object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleAnomalousDeviceWithDefaults() *BehaviorRuleAnomalousDevice {
+	this := BehaviorRuleAnomalousDevice{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleAnomalousDevice) GetSettings() BehaviorRuleSettingsAnomalousDevice {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsAnomalousDevice
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleAnomalousDevice) GetSettingsOk() (*BehaviorRuleSettingsAnomalousDevice, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleAnomalousDevice) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsAnomalousDevice and assigns it to the Settings field.
+func (o *BehaviorRuleAnomalousDevice) SetSettings(v BehaviorRuleSettingsAnomalousDevice) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleAnomalousDevice) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedBehaviorRule, errBehaviorRule := json.Marshal(o.BehaviorRule)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	errBehaviorRule = json.Unmarshal([]byte(serializedBehaviorRule), &toSerialize)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleAnomalousDevice) UnmarshalJSON(bytes []byte) (err error) {
+	type BehaviorRuleAnomalousDeviceWithoutEmbeddedStruct struct {
+		Settings *BehaviorRuleSettingsAnomalousDevice `json:"settings,omitempty"`
+	}
+
+	varBehaviorRuleAnomalousDeviceWithoutEmbeddedStruct := BehaviorRuleAnomalousDeviceWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousDeviceWithoutEmbeddedStruct)
+	if err == nil {
+		varBehaviorRuleAnomalousDevice := _BehaviorRuleAnomalousDevice{}
+		varBehaviorRuleAnomalousDevice.Settings = varBehaviorRuleAnomalousDeviceWithoutEmbeddedStruct.Settings
+		*o = BehaviorRuleAnomalousDevice(varBehaviorRuleAnomalousDevice)
+	} else {
+		return err
+	}
+
+	varBehaviorRuleAnomalousDevice := _BehaviorRuleAnomalousDevice{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousDevice)
+	if err == nil {
+		o.BehaviorRule = varBehaviorRuleAnomalousDevice.BehaviorRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectBehaviorRule := reflect.ValueOf(o.BehaviorRule)
+		for i := 0; i < reflectBehaviorRule.Type().NumField(); i++ {
+			t := reflectBehaviorRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleAnomalousDevice struct {
+	value *BehaviorRuleAnomalousDevice
+	isSet bool
+}
+
+func (v NullableBehaviorRuleAnomalousDevice) Get() *BehaviorRuleAnomalousDevice {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleAnomalousDevice) Set(val *BehaviorRuleAnomalousDevice) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleAnomalousDevice) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleAnomalousDevice) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleAnomalousDevice(val *BehaviorRuleAnomalousDevice) *NullableBehaviorRuleAnomalousDevice {
+	return &NullableBehaviorRuleAnomalousDevice{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleAnomalousDevice) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleAnomalousDevice) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_anomalous_device_all_of.go b/okta/model_behavior_rule_anomalous_device_all_of.go
new file mode 100644
index 000000000..11972c593
--- /dev/null
+++ b/okta/model_behavior_rule_anomalous_device_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleAnomalousDeviceAllOf struct for BehaviorRuleAnomalousDeviceAllOf
+type BehaviorRuleAnomalousDeviceAllOf struct {
+	Settings             *BehaviorRuleSettingsAnomalousDevice `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleAnomalousDeviceAllOf BehaviorRuleAnomalousDeviceAllOf
+
+// NewBehaviorRuleAnomalousDeviceAllOf instantiates a new BehaviorRuleAnomalousDeviceAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleAnomalousDeviceAllOf() *BehaviorRuleAnomalousDeviceAllOf {
+	this := BehaviorRuleAnomalousDeviceAllOf{}
+	return &this
+}
+
+// NewBehaviorRuleAnomalousDeviceAllOfWithDefaults instantiates a new BehaviorRuleAnomalousDeviceAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleAnomalousDeviceAllOfWithDefaults() *BehaviorRuleAnomalousDeviceAllOf {
+	this := BehaviorRuleAnomalousDeviceAllOf{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleAnomalousDeviceAllOf) GetSettings() BehaviorRuleSettingsAnomalousDevice {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsAnomalousDevice
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleAnomalousDeviceAllOf) GetSettingsOk() (*BehaviorRuleSettingsAnomalousDevice, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleAnomalousDeviceAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsAnomalousDevice and assigns it to the Settings field.
+func (o *BehaviorRuleAnomalousDeviceAllOf) SetSettings(v BehaviorRuleSettingsAnomalousDevice) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleAnomalousDeviceAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleAnomalousDeviceAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleAnomalousDeviceAllOf := _BehaviorRuleAnomalousDeviceAllOf{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousDeviceAllOf)
+	if err == nil {
+		*o = BehaviorRuleAnomalousDeviceAllOf(varBehaviorRuleAnomalousDeviceAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleAnomalousDeviceAllOf struct {
+	value *BehaviorRuleAnomalousDeviceAllOf
+	isSet bool
+}
+
+func (v NullableBehaviorRuleAnomalousDeviceAllOf) Get() *BehaviorRuleAnomalousDeviceAllOf {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleAnomalousDeviceAllOf) Set(val *BehaviorRuleAnomalousDeviceAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleAnomalousDeviceAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleAnomalousDeviceAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleAnomalousDeviceAllOf(val *BehaviorRuleAnomalousDeviceAllOf) *NullableBehaviorRuleAnomalousDeviceAllOf {
+	return &NullableBehaviorRuleAnomalousDeviceAllOf{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleAnomalousDeviceAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleAnomalousDeviceAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_anomalous_ip.go b/okta/model_behavior_rule_anomalous_ip.go
new file mode 100644
index 000000000..59dfdac8c
--- /dev/null
+++ b/okta/model_behavior_rule_anomalous_ip.go
@@ -0,0 +1,205 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// BehaviorRuleAnomalousIP struct for BehaviorRuleAnomalousIP
+type BehaviorRuleAnomalousIP struct {
+	BehaviorRule
+	Settings             *BehaviorRuleSettingsAnomalousIP `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleAnomalousIP BehaviorRuleAnomalousIP
+
+// NewBehaviorRuleAnomalousIP instantiates a new BehaviorRuleAnomalousIP object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleAnomalousIP(name string, type_ BehaviorRuleType) *BehaviorRuleAnomalousIP {
+	this := BehaviorRuleAnomalousIP{}
+	this.Name = name
+	this.Type = type_
+	return &this
+}
+
+// NewBehaviorRuleAnomalousIPWithDefaults instantiates a new BehaviorRuleAnomalousIP object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleAnomalousIPWithDefaults() *BehaviorRuleAnomalousIP {
+	this := BehaviorRuleAnomalousIP{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleAnomalousIP) GetSettings() BehaviorRuleSettingsAnomalousIP {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsAnomalousIP
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleAnomalousIP) GetSettingsOk() (*BehaviorRuleSettingsAnomalousIP, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleAnomalousIP) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsAnomalousIP and assigns it to the Settings field.
+func (o *BehaviorRuleAnomalousIP) SetSettings(v BehaviorRuleSettingsAnomalousIP) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleAnomalousIP) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedBehaviorRule, errBehaviorRule := json.Marshal(o.BehaviorRule)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	errBehaviorRule = json.Unmarshal([]byte(serializedBehaviorRule), &toSerialize)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleAnomalousIP) UnmarshalJSON(bytes []byte) (err error) {
+	type BehaviorRuleAnomalousIPWithoutEmbeddedStruct struct {
+		Settings *BehaviorRuleSettingsAnomalousIP `json:"settings,omitempty"`
+	}
+
+	varBehaviorRuleAnomalousIPWithoutEmbeddedStruct := BehaviorRuleAnomalousIPWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousIPWithoutEmbeddedStruct)
+	if err == nil {
+		varBehaviorRuleAnomalousIP := _BehaviorRuleAnomalousIP{}
+		varBehaviorRuleAnomalousIP.Settings = varBehaviorRuleAnomalousIPWithoutEmbeddedStruct.Settings
+		*o = BehaviorRuleAnomalousIP(varBehaviorRuleAnomalousIP)
+	} else {
+		return err
+	}
+
+	varBehaviorRuleAnomalousIP := _BehaviorRuleAnomalousIP{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousIP)
+	if err == nil {
+		o.BehaviorRule = varBehaviorRuleAnomalousIP.BehaviorRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectBehaviorRule := reflect.ValueOf(o.BehaviorRule)
+		for i := 0; i < reflectBehaviorRule.Type().NumField(); i++ {
+			t := reflectBehaviorRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleAnomalousIP struct {
+	value *BehaviorRuleAnomalousIP
+	isSet bool
+}
+
+func (v NullableBehaviorRuleAnomalousIP) Get() *BehaviorRuleAnomalousIP {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleAnomalousIP) Set(val *BehaviorRuleAnomalousIP) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleAnomalousIP) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleAnomalousIP) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleAnomalousIP(val *BehaviorRuleAnomalousIP) *NullableBehaviorRuleAnomalousIP {
+	return &NullableBehaviorRuleAnomalousIP{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleAnomalousIP) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleAnomalousIP) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_anomalous_ip_all_of.go b/okta/model_behavior_rule_anomalous_ip_all_of.go
new file mode 100644
index 000000000..d691b99c2
--- /dev/null
+++ b/okta/model_behavior_rule_anomalous_ip_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleAnomalousIPAllOf struct for BehaviorRuleAnomalousIPAllOf
+type BehaviorRuleAnomalousIPAllOf struct {
+	Settings             *BehaviorRuleSettingsAnomalousIP `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleAnomalousIPAllOf BehaviorRuleAnomalousIPAllOf
+
+// NewBehaviorRuleAnomalousIPAllOf instantiates a new BehaviorRuleAnomalousIPAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleAnomalousIPAllOf() *BehaviorRuleAnomalousIPAllOf {
+	this := BehaviorRuleAnomalousIPAllOf{}
+	return &this
+}
+
+// NewBehaviorRuleAnomalousIPAllOfWithDefaults instantiates a new BehaviorRuleAnomalousIPAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleAnomalousIPAllOfWithDefaults() *BehaviorRuleAnomalousIPAllOf {
+	this := BehaviorRuleAnomalousIPAllOf{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleAnomalousIPAllOf) GetSettings() BehaviorRuleSettingsAnomalousIP {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsAnomalousIP
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleAnomalousIPAllOf) GetSettingsOk() (*BehaviorRuleSettingsAnomalousIP, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleAnomalousIPAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsAnomalousIP and assigns it to the Settings field.
+func (o *BehaviorRuleAnomalousIPAllOf) SetSettings(v BehaviorRuleSettingsAnomalousIP) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleAnomalousIPAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleAnomalousIPAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleAnomalousIPAllOf := _BehaviorRuleAnomalousIPAllOf{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousIPAllOf)
+	if err == nil {
+		*o = BehaviorRuleAnomalousIPAllOf(varBehaviorRuleAnomalousIPAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleAnomalousIPAllOf struct {
+	value *BehaviorRuleAnomalousIPAllOf
+	isSet bool
+}
+
+func (v NullableBehaviorRuleAnomalousIPAllOf) Get() *BehaviorRuleAnomalousIPAllOf {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleAnomalousIPAllOf) Set(val *BehaviorRuleAnomalousIPAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleAnomalousIPAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleAnomalousIPAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleAnomalousIPAllOf(val *BehaviorRuleAnomalousIPAllOf) *NullableBehaviorRuleAnomalousIPAllOf {
+	return &NullableBehaviorRuleAnomalousIPAllOf{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleAnomalousIPAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleAnomalousIPAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_anomalous_location.go b/okta/model_behavior_rule_anomalous_location.go
new file mode 100644
index 000000000..9cdefd75d
--- /dev/null
+++ b/okta/model_behavior_rule_anomalous_location.go
@@ -0,0 +1,205 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// BehaviorRuleAnomalousLocation struct for BehaviorRuleAnomalousLocation
+type BehaviorRuleAnomalousLocation struct {
+	BehaviorRule
+	Settings             *BehaviorRuleSettingsAnomalousLocation `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleAnomalousLocation BehaviorRuleAnomalousLocation
+
+// NewBehaviorRuleAnomalousLocation instantiates a new BehaviorRuleAnomalousLocation object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleAnomalousLocation(name string, type_ BehaviorRuleType) *BehaviorRuleAnomalousLocation {
+	this := BehaviorRuleAnomalousLocation{}
+	this.Name = name
+	this.Type = type_
+	return &this
+}
+
+// NewBehaviorRuleAnomalousLocationWithDefaults instantiates a new BehaviorRuleAnomalousLocation object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleAnomalousLocationWithDefaults() *BehaviorRuleAnomalousLocation {
+	this := BehaviorRuleAnomalousLocation{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleAnomalousLocation) GetSettings() BehaviorRuleSettingsAnomalousLocation {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsAnomalousLocation
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleAnomalousLocation) GetSettingsOk() (*BehaviorRuleSettingsAnomalousLocation, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleAnomalousLocation) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsAnomalousLocation and assigns it to the Settings field.
+func (o *BehaviorRuleAnomalousLocation) SetSettings(v BehaviorRuleSettingsAnomalousLocation) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleAnomalousLocation) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedBehaviorRule, errBehaviorRule := json.Marshal(o.BehaviorRule)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	errBehaviorRule = json.Unmarshal([]byte(serializedBehaviorRule), &toSerialize)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleAnomalousLocation) UnmarshalJSON(bytes []byte) (err error) {
+	type BehaviorRuleAnomalousLocationWithoutEmbeddedStruct struct {
+		Settings *BehaviorRuleSettingsAnomalousLocation `json:"settings,omitempty"`
+	}
+
+	varBehaviorRuleAnomalousLocationWithoutEmbeddedStruct := BehaviorRuleAnomalousLocationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousLocationWithoutEmbeddedStruct)
+	if err == nil {
+		varBehaviorRuleAnomalousLocation := _BehaviorRuleAnomalousLocation{}
+		varBehaviorRuleAnomalousLocation.Settings = varBehaviorRuleAnomalousLocationWithoutEmbeddedStruct.Settings
+		*o = BehaviorRuleAnomalousLocation(varBehaviorRuleAnomalousLocation)
+	} else {
+		return err
+	}
+
+	varBehaviorRuleAnomalousLocation := _BehaviorRuleAnomalousLocation{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousLocation)
+	if err == nil {
+		o.BehaviorRule = varBehaviorRuleAnomalousLocation.BehaviorRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectBehaviorRule := reflect.ValueOf(o.BehaviorRule)
+		for i := 0; i < reflectBehaviorRule.Type().NumField(); i++ {
+			t := reflectBehaviorRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleAnomalousLocation struct {
+	value *BehaviorRuleAnomalousLocation
+	isSet bool
+}
+
+func (v NullableBehaviorRuleAnomalousLocation) Get() *BehaviorRuleAnomalousLocation {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleAnomalousLocation) Set(val *BehaviorRuleAnomalousLocation) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleAnomalousLocation) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleAnomalousLocation) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleAnomalousLocation(val *BehaviorRuleAnomalousLocation) *NullableBehaviorRuleAnomalousLocation {
+	return &NullableBehaviorRuleAnomalousLocation{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleAnomalousLocation) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleAnomalousLocation) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_anomalous_location_all_of.go b/okta/model_behavior_rule_anomalous_location_all_of.go
new file mode 100644
index 000000000..b5d168a89
--- /dev/null
+++ b/okta/model_behavior_rule_anomalous_location_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleAnomalousLocationAllOf struct for BehaviorRuleAnomalousLocationAllOf
+type BehaviorRuleAnomalousLocationAllOf struct {
+	Settings             *BehaviorRuleSettingsAnomalousLocation `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleAnomalousLocationAllOf BehaviorRuleAnomalousLocationAllOf
+
+// NewBehaviorRuleAnomalousLocationAllOf instantiates a new BehaviorRuleAnomalousLocationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleAnomalousLocationAllOf() *BehaviorRuleAnomalousLocationAllOf {
+	this := BehaviorRuleAnomalousLocationAllOf{}
+	return &this
+}
+
+// NewBehaviorRuleAnomalousLocationAllOfWithDefaults instantiates a new BehaviorRuleAnomalousLocationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleAnomalousLocationAllOfWithDefaults() *BehaviorRuleAnomalousLocationAllOf {
+	this := BehaviorRuleAnomalousLocationAllOf{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleAnomalousLocationAllOf) GetSettings() BehaviorRuleSettingsAnomalousLocation {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsAnomalousLocation
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleAnomalousLocationAllOf) GetSettingsOk() (*BehaviorRuleSettingsAnomalousLocation, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleAnomalousLocationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsAnomalousLocation and assigns it to the Settings field.
+func (o *BehaviorRuleAnomalousLocationAllOf) SetSettings(v BehaviorRuleSettingsAnomalousLocation) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleAnomalousLocationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleAnomalousLocationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleAnomalousLocationAllOf := _BehaviorRuleAnomalousLocationAllOf{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleAnomalousLocationAllOf)
+	if err == nil {
+		*o = BehaviorRuleAnomalousLocationAllOf(varBehaviorRuleAnomalousLocationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleAnomalousLocationAllOf struct {
+	value *BehaviorRuleAnomalousLocationAllOf
+	isSet bool
+}
+
+func (v NullableBehaviorRuleAnomalousLocationAllOf) Get() *BehaviorRuleAnomalousLocationAllOf {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleAnomalousLocationAllOf) Set(val *BehaviorRuleAnomalousLocationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleAnomalousLocationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleAnomalousLocationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleAnomalousLocationAllOf(val *BehaviorRuleAnomalousLocationAllOf) *NullableBehaviorRuleAnomalousLocationAllOf {
+	return &NullableBehaviorRuleAnomalousLocationAllOf{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleAnomalousLocationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleAnomalousLocationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_settings_anomalous_device.go b/okta/model_behavior_rule_settings_anomalous_device.go
new file mode 100644
index 000000000..d871e43bb
--- /dev/null
+++ b/okta/model_behavior_rule_settings_anomalous_device.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleSettingsAnomalousDevice struct for BehaviorRuleSettingsAnomalousDevice
+type BehaviorRuleSettingsAnomalousDevice struct {
+	MaxEventsUsedForEvaluation   *int32 `json:"maxEventsUsedForEvaluation,omitempty"`
+	MinEventsNeededForEvaluation *int32 `json:"minEventsNeededForEvaluation,omitempty"`
+	AdditionalProperties         map[string]interface{}
+}
+
+type _BehaviorRuleSettingsAnomalousDevice BehaviorRuleSettingsAnomalousDevice
+
+// NewBehaviorRuleSettingsAnomalousDevice instantiates a new BehaviorRuleSettingsAnomalousDevice object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleSettingsAnomalousDevice() *BehaviorRuleSettingsAnomalousDevice {
+	this := BehaviorRuleSettingsAnomalousDevice{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// NewBehaviorRuleSettingsAnomalousDeviceWithDefaults instantiates a new BehaviorRuleSettingsAnomalousDevice object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleSettingsAnomalousDeviceWithDefaults() *BehaviorRuleSettingsAnomalousDevice {
+	this := BehaviorRuleSettingsAnomalousDevice{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousDevice) GetMaxEventsUsedForEvaluation() int32 {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxEventsUsedForEvaluation
+}
+
+// GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousDevice) GetMaxEventsUsedForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		return nil, false
+	}
+	return o.MaxEventsUsedForEvaluation, true
+}
+
+// HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousDevice) HasMaxEventsUsedForEvaluation() bool {
+	if o != nil && o.MaxEventsUsedForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxEventsUsedForEvaluation gets a reference to the given int32 and assigns it to the MaxEventsUsedForEvaluation field.
+func (o *BehaviorRuleSettingsAnomalousDevice) SetMaxEventsUsedForEvaluation(v int32) {
+	o.MaxEventsUsedForEvaluation = &v
+}
+
+// GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousDevice) GetMinEventsNeededForEvaluation() int32 {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinEventsNeededForEvaluation
+}
+
+// GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousDevice) GetMinEventsNeededForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		return nil, false
+	}
+	return o.MinEventsNeededForEvaluation, true
+}
+
+// HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousDevice) HasMinEventsNeededForEvaluation() bool {
+	if o != nil && o.MinEventsNeededForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinEventsNeededForEvaluation gets a reference to the given int32 and assigns it to the MinEventsNeededForEvaluation field.
+func (o *BehaviorRuleSettingsAnomalousDevice) SetMinEventsNeededForEvaluation(v int32) {
+	o.MinEventsNeededForEvaluation = &v
+}
+
+func (o BehaviorRuleSettingsAnomalousDevice) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MaxEventsUsedForEvaluation != nil {
+		toSerialize["maxEventsUsedForEvaluation"] = o.MaxEventsUsedForEvaluation
+	}
+	if o.MinEventsNeededForEvaluation != nil {
+		toSerialize["minEventsNeededForEvaluation"] = o.MinEventsNeededForEvaluation
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleSettingsAnomalousDevice) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleSettingsAnomalousDevice := _BehaviorRuleSettingsAnomalousDevice{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleSettingsAnomalousDevice)
+	if err == nil {
+		*o = BehaviorRuleSettingsAnomalousDevice(varBehaviorRuleSettingsAnomalousDevice)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "maxEventsUsedForEvaluation")
+		delete(additionalProperties, "minEventsNeededForEvaluation")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleSettingsAnomalousDevice struct {
+	value *BehaviorRuleSettingsAnomalousDevice
+	isSet bool
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousDevice) Get() *BehaviorRuleSettingsAnomalousDevice {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousDevice) Set(val *BehaviorRuleSettingsAnomalousDevice) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousDevice) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousDevice) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleSettingsAnomalousDevice(val *BehaviorRuleSettingsAnomalousDevice) *NullableBehaviorRuleSettingsAnomalousDevice {
+	return &NullableBehaviorRuleSettingsAnomalousDevice{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousDevice) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousDevice) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_settings_anomalous_ip.go b/okta/model_behavior_rule_settings_anomalous_ip.go
new file mode 100644
index 000000000..b5484b381
--- /dev/null
+++ b/okta/model_behavior_rule_settings_anomalous_ip.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleSettingsAnomalousIP struct for BehaviorRuleSettingsAnomalousIP
+type BehaviorRuleSettingsAnomalousIP struct {
+	MaxEventsUsedForEvaluation   *int32 `json:"maxEventsUsedForEvaluation,omitempty"`
+	MinEventsNeededForEvaluation *int32 `json:"minEventsNeededForEvaluation,omitempty"`
+	AdditionalProperties         map[string]interface{}
+}
+
+type _BehaviorRuleSettingsAnomalousIP BehaviorRuleSettingsAnomalousIP
+
+// NewBehaviorRuleSettingsAnomalousIP instantiates a new BehaviorRuleSettingsAnomalousIP object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleSettingsAnomalousIP() *BehaviorRuleSettingsAnomalousIP {
+	this := BehaviorRuleSettingsAnomalousIP{}
+	var maxEventsUsedForEvaluation int32 = 50
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// NewBehaviorRuleSettingsAnomalousIPWithDefaults instantiates a new BehaviorRuleSettingsAnomalousIP object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleSettingsAnomalousIPWithDefaults() *BehaviorRuleSettingsAnomalousIP {
+	this := BehaviorRuleSettingsAnomalousIP{}
+	var maxEventsUsedForEvaluation int32 = 50
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousIP) GetMaxEventsUsedForEvaluation() int32 {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxEventsUsedForEvaluation
+}
+
+// GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousIP) GetMaxEventsUsedForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		return nil, false
+	}
+	return o.MaxEventsUsedForEvaluation, true
+}
+
+// HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousIP) HasMaxEventsUsedForEvaluation() bool {
+	if o != nil && o.MaxEventsUsedForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxEventsUsedForEvaluation gets a reference to the given int32 and assigns it to the MaxEventsUsedForEvaluation field.
+func (o *BehaviorRuleSettingsAnomalousIP) SetMaxEventsUsedForEvaluation(v int32) {
+	o.MaxEventsUsedForEvaluation = &v
+}
+
+// GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousIP) GetMinEventsNeededForEvaluation() int32 {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinEventsNeededForEvaluation
+}
+
+// GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousIP) GetMinEventsNeededForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		return nil, false
+	}
+	return o.MinEventsNeededForEvaluation, true
+}
+
+// HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousIP) HasMinEventsNeededForEvaluation() bool {
+	if o != nil && o.MinEventsNeededForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinEventsNeededForEvaluation gets a reference to the given int32 and assigns it to the MinEventsNeededForEvaluation field.
+func (o *BehaviorRuleSettingsAnomalousIP) SetMinEventsNeededForEvaluation(v int32) {
+	o.MinEventsNeededForEvaluation = &v
+}
+
+func (o BehaviorRuleSettingsAnomalousIP) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MaxEventsUsedForEvaluation != nil {
+		toSerialize["maxEventsUsedForEvaluation"] = o.MaxEventsUsedForEvaluation
+	}
+	if o.MinEventsNeededForEvaluation != nil {
+		toSerialize["minEventsNeededForEvaluation"] = o.MinEventsNeededForEvaluation
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleSettingsAnomalousIP) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleSettingsAnomalousIP := _BehaviorRuleSettingsAnomalousIP{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleSettingsAnomalousIP)
+	if err == nil {
+		*o = BehaviorRuleSettingsAnomalousIP(varBehaviorRuleSettingsAnomalousIP)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "maxEventsUsedForEvaluation")
+		delete(additionalProperties, "minEventsNeededForEvaluation")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleSettingsAnomalousIP struct {
+	value *BehaviorRuleSettingsAnomalousIP
+	isSet bool
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousIP) Get() *BehaviorRuleSettingsAnomalousIP {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousIP) Set(val *BehaviorRuleSettingsAnomalousIP) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousIP) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousIP) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleSettingsAnomalousIP(val *BehaviorRuleSettingsAnomalousIP) *NullableBehaviorRuleSettingsAnomalousIP {
+	return &NullableBehaviorRuleSettingsAnomalousIP{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousIP) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousIP) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_settings_anomalous_ip_all_of.go b/okta/model_behavior_rule_settings_anomalous_ip_all_of.go
new file mode 100644
index 000000000..de9d8756d
--- /dev/null
+++ b/okta/model_behavior_rule_settings_anomalous_ip_all_of.go
@@ -0,0 +1,162 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleSettingsAnomalousIPAllOf struct for BehaviorRuleSettingsAnomalousIPAllOf
+type BehaviorRuleSettingsAnomalousIPAllOf struct {
+	MaxEventsUsedForEvaluation *int32 `json:"maxEventsUsedForEvaluation,omitempty"`
+	AdditionalProperties       map[string]interface{}
+}
+
+type _BehaviorRuleSettingsAnomalousIPAllOf BehaviorRuleSettingsAnomalousIPAllOf
+
+// NewBehaviorRuleSettingsAnomalousIPAllOf instantiates a new BehaviorRuleSettingsAnomalousIPAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleSettingsAnomalousIPAllOf() *BehaviorRuleSettingsAnomalousIPAllOf {
+	this := BehaviorRuleSettingsAnomalousIPAllOf{}
+	var maxEventsUsedForEvaluation int32 = 50
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	return &this
+}
+
+// NewBehaviorRuleSettingsAnomalousIPAllOfWithDefaults instantiates a new BehaviorRuleSettingsAnomalousIPAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleSettingsAnomalousIPAllOfWithDefaults() *BehaviorRuleSettingsAnomalousIPAllOf {
+	this := BehaviorRuleSettingsAnomalousIPAllOf{}
+	var maxEventsUsedForEvaluation int32 = 50
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	return &this
+}
+
+// GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousIPAllOf) GetMaxEventsUsedForEvaluation() int32 {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxEventsUsedForEvaluation
+}
+
+// GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousIPAllOf) GetMaxEventsUsedForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		return nil, false
+	}
+	return o.MaxEventsUsedForEvaluation, true
+}
+
+// HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousIPAllOf) HasMaxEventsUsedForEvaluation() bool {
+	if o != nil && o.MaxEventsUsedForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxEventsUsedForEvaluation gets a reference to the given int32 and assigns it to the MaxEventsUsedForEvaluation field.
+func (o *BehaviorRuleSettingsAnomalousIPAllOf) SetMaxEventsUsedForEvaluation(v int32) {
+	o.MaxEventsUsedForEvaluation = &v
+}
+
+func (o BehaviorRuleSettingsAnomalousIPAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MaxEventsUsedForEvaluation != nil {
+		toSerialize["maxEventsUsedForEvaluation"] = o.MaxEventsUsedForEvaluation
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleSettingsAnomalousIPAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleSettingsAnomalousIPAllOf := _BehaviorRuleSettingsAnomalousIPAllOf{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleSettingsAnomalousIPAllOf)
+	if err == nil {
+		*o = BehaviorRuleSettingsAnomalousIPAllOf(varBehaviorRuleSettingsAnomalousIPAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "maxEventsUsedForEvaluation")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleSettingsAnomalousIPAllOf struct {
+	value *BehaviorRuleSettingsAnomalousIPAllOf
+	isSet bool
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousIPAllOf) Get() *BehaviorRuleSettingsAnomalousIPAllOf {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousIPAllOf) Set(val *BehaviorRuleSettingsAnomalousIPAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousIPAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousIPAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleSettingsAnomalousIPAllOf(val *BehaviorRuleSettingsAnomalousIPAllOf) *NullableBehaviorRuleSettingsAnomalousIPAllOf {
+	return &NullableBehaviorRuleSettingsAnomalousIPAllOf{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousIPAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousIPAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_settings_anomalous_location.go b/okta/model_behavior_rule_settings_anomalous_location.go
new file mode 100644
index 000000000..6f2d610be
--- /dev/null
+++ b/okta/model_behavior_rule_settings_anomalous_location.go
@@ -0,0 +1,271 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleSettingsAnomalousLocation struct for BehaviorRuleSettingsAnomalousLocation
+type BehaviorRuleSettingsAnomalousLocation struct {
+	MaxEventsUsedForEvaluation   *int32              `json:"maxEventsUsedForEvaluation,omitempty"`
+	MinEventsNeededForEvaluation *int32              `json:"minEventsNeededForEvaluation,omitempty"`
+	Granularity                  LocationGranularity `json:"granularity"`
+	// Required when `granularity` is `LAT_LONG`. Radius from the provided coordinates in kilometers.
+	RadiusKilometers     *int32 `json:"radiusKilometers,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleSettingsAnomalousLocation BehaviorRuleSettingsAnomalousLocation
+
+// NewBehaviorRuleSettingsAnomalousLocation instantiates a new BehaviorRuleSettingsAnomalousLocation object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleSettingsAnomalousLocation(granularity LocationGranularity) *BehaviorRuleSettingsAnomalousLocation {
+	this := BehaviorRuleSettingsAnomalousLocation{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	this.Granularity = granularity
+	return &this
+}
+
+// NewBehaviorRuleSettingsAnomalousLocationWithDefaults instantiates a new BehaviorRuleSettingsAnomalousLocation object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleSettingsAnomalousLocationWithDefaults() *BehaviorRuleSettingsAnomalousLocation {
+	this := BehaviorRuleSettingsAnomalousLocation{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousLocation) GetMaxEventsUsedForEvaluation() int32 {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxEventsUsedForEvaluation
+}
+
+// GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousLocation) GetMaxEventsUsedForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		return nil, false
+	}
+	return o.MaxEventsUsedForEvaluation, true
+}
+
+// HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousLocation) HasMaxEventsUsedForEvaluation() bool {
+	if o != nil && o.MaxEventsUsedForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxEventsUsedForEvaluation gets a reference to the given int32 and assigns it to the MaxEventsUsedForEvaluation field.
+func (o *BehaviorRuleSettingsAnomalousLocation) SetMaxEventsUsedForEvaluation(v int32) {
+	o.MaxEventsUsedForEvaluation = &v
+}
+
+// GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousLocation) GetMinEventsNeededForEvaluation() int32 {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinEventsNeededForEvaluation
+}
+
+// GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousLocation) GetMinEventsNeededForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		return nil, false
+	}
+	return o.MinEventsNeededForEvaluation, true
+}
+
+// HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousLocation) HasMinEventsNeededForEvaluation() bool {
+	if o != nil && o.MinEventsNeededForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinEventsNeededForEvaluation gets a reference to the given int32 and assigns it to the MinEventsNeededForEvaluation field.
+func (o *BehaviorRuleSettingsAnomalousLocation) SetMinEventsNeededForEvaluation(v int32) {
+	o.MinEventsNeededForEvaluation = &v
+}
+
+// GetGranularity returns the Granularity field value
+func (o *BehaviorRuleSettingsAnomalousLocation) GetGranularity() LocationGranularity {
+	if o == nil {
+		var ret LocationGranularity
+		return ret
+	}
+
+	return o.Granularity
+}
+
+// GetGranularityOk returns a tuple with the Granularity field value
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousLocation) GetGranularityOk() (*LocationGranularity, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Granularity, true
+}
+
+// SetGranularity sets field value
+func (o *BehaviorRuleSettingsAnomalousLocation) SetGranularity(v LocationGranularity) {
+	o.Granularity = v
+}
+
+// GetRadiusKilometers returns the RadiusKilometers field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousLocation) GetRadiusKilometers() int32 {
+	if o == nil || o.RadiusKilometers == nil {
+		var ret int32
+		return ret
+	}
+	return *o.RadiusKilometers
+}
+
+// GetRadiusKilometersOk returns a tuple with the RadiusKilometers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousLocation) GetRadiusKilometersOk() (*int32, bool) {
+	if o == nil || o.RadiusKilometers == nil {
+		return nil, false
+	}
+	return o.RadiusKilometers, true
+}
+
+// HasRadiusKilometers returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousLocation) HasRadiusKilometers() bool {
+	if o != nil && o.RadiusKilometers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRadiusKilometers gets a reference to the given int32 and assigns it to the RadiusKilometers field.
+func (o *BehaviorRuleSettingsAnomalousLocation) SetRadiusKilometers(v int32) {
+	o.RadiusKilometers = &v
+}
+
+func (o BehaviorRuleSettingsAnomalousLocation) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MaxEventsUsedForEvaluation != nil {
+		toSerialize["maxEventsUsedForEvaluation"] = o.MaxEventsUsedForEvaluation
+	}
+	if o.MinEventsNeededForEvaluation != nil {
+		toSerialize["minEventsNeededForEvaluation"] = o.MinEventsNeededForEvaluation
+	}
+	if true {
+		toSerialize["granularity"] = o.Granularity
+	}
+	if o.RadiusKilometers != nil {
+		toSerialize["radiusKilometers"] = o.RadiusKilometers
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleSettingsAnomalousLocation) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleSettingsAnomalousLocation := _BehaviorRuleSettingsAnomalousLocation{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleSettingsAnomalousLocation)
+	if err == nil {
+		*o = BehaviorRuleSettingsAnomalousLocation(varBehaviorRuleSettingsAnomalousLocation)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "maxEventsUsedForEvaluation")
+		delete(additionalProperties, "minEventsNeededForEvaluation")
+		delete(additionalProperties, "granularity")
+		delete(additionalProperties, "radiusKilometers")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleSettingsAnomalousLocation struct {
+	value *BehaviorRuleSettingsAnomalousLocation
+	isSet bool
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousLocation) Get() *BehaviorRuleSettingsAnomalousLocation {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousLocation) Set(val *BehaviorRuleSettingsAnomalousLocation) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousLocation) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousLocation) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleSettingsAnomalousLocation(val *BehaviorRuleSettingsAnomalousLocation) *NullableBehaviorRuleSettingsAnomalousLocation {
+	return &NullableBehaviorRuleSettingsAnomalousLocation{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousLocation) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousLocation) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_settings_anomalous_location_all_of.go b/okta/model_behavior_rule_settings_anomalous_location_all_of.go
new file mode 100644
index 000000000..ad1448009
--- /dev/null
+++ b/okta/model_behavior_rule_settings_anomalous_location_all_of.go
@@ -0,0 +1,189 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleSettingsAnomalousLocationAllOf struct for BehaviorRuleSettingsAnomalousLocationAllOf
+type BehaviorRuleSettingsAnomalousLocationAllOf struct {
+	Granularity LocationGranularity `json:"granularity"`
+	// Required when `granularity` is `LAT_LONG`. Radius from the provided coordinates in kilometers.
+	RadiusKilometers     *int32 `json:"radiusKilometers,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleSettingsAnomalousLocationAllOf BehaviorRuleSettingsAnomalousLocationAllOf
+
+// NewBehaviorRuleSettingsAnomalousLocationAllOf instantiates a new BehaviorRuleSettingsAnomalousLocationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleSettingsAnomalousLocationAllOf(granularity LocationGranularity) *BehaviorRuleSettingsAnomalousLocationAllOf {
+	this := BehaviorRuleSettingsAnomalousLocationAllOf{}
+	this.Granularity = granularity
+	return &this
+}
+
+// NewBehaviorRuleSettingsAnomalousLocationAllOfWithDefaults instantiates a new BehaviorRuleSettingsAnomalousLocationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleSettingsAnomalousLocationAllOfWithDefaults() *BehaviorRuleSettingsAnomalousLocationAllOf {
+	this := BehaviorRuleSettingsAnomalousLocationAllOf{}
+	return &this
+}
+
+// GetGranularity returns the Granularity field value
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetGranularity() LocationGranularity {
+	if o == nil {
+		var ret LocationGranularity
+		return ret
+	}
+
+	return o.Granularity
+}
+
+// GetGranularityOk returns a tuple with the Granularity field value
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetGranularityOk() (*LocationGranularity, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Granularity, true
+}
+
+// SetGranularity sets field value
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) SetGranularity(v LocationGranularity) {
+	o.Granularity = v
+}
+
+// GetRadiusKilometers returns the RadiusKilometers field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetRadiusKilometers() int32 {
+	if o == nil || o.RadiusKilometers == nil {
+		var ret int32
+		return ret
+	}
+	return *o.RadiusKilometers
+}
+
+// GetRadiusKilometersOk returns a tuple with the RadiusKilometers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) GetRadiusKilometersOk() (*int32, bool) {
+	if o == nil || o.RadiusKilometers == nil {
+		return nil, false
+	}
+	return o.RadiusKilometers, true
+}
+
+// HasRadiusKilometers returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) HasRadiusKilometers() bool {
+	if o != nil && o.RadiusKilometers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRadiusKilometers gets a reference to the given int32 and assigns it to the RadiusKilometers field.
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) SetRadiusKilometers(v int32) {
+	o.RadiusKilometers = &v
+}
+
+func (o BehaviorRuleSettingsAnomalousLocationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["granularity"] = o.Granularity
+	}
+	if o.RadiusKilometers != nil {
+		toSerialize["radiusKilometers"] = o.RadiusKilometers
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleSettingsAnomalousLocationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleSettingsAnomalousLocationAllOf := _BehaviorRuleSettingsAnomalousLocationAllOf{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleSettingsAnomalousLocationAllOf)
+	if err == nil {
+		*o = BehaviorRuleSettingsAnomalousLocationAllOf(varBehaviorRuleSettingsAnomalousLocationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "granularity")
+		delete(additionalProperties, "radiusKilometers")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleSettingsAnomalousLocationAllOf struct {
+	value *BehaviorRuleSettingsAnomalousLocationAllOf
+	isSet bool
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousLocationAllOf) Get() *BehaviorRuleSettingsAnomalousLocationAllOf {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousLocationAllOf) Set(val *BehaviorRuleSettingsAnomalousLocationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousLocationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousLocationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleSettingsAnomalousLocationAllOf(val *BehaviorRuleSettingsAnomalousLocationAllOf) *NullableBehaviorRuleSettingsAnomalousLocationAllOf {
+	return &NullableBehaviorRuleSettingsAnomalousLocationAllOf{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleSettingsAnomalousLocationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleSettingsAnomalousLocationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_settings_history_based.go b/okta/model_behavior_rule_settings_history_based.go
new file mode 100644
index 000000000..df00d6dc7
--- /dev/null
+++ b/okta/model_behavior_rule_settings_history_based.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleSettingsHistoryBased struct for BehaviorRuleSettingsHistoryBased
+type BehaviorRuleSettingsHistoryBased struct {
+	MaxEventsUsedForEvaluation   *int32 `json:"maxEventsUsedForEvaluation,omitempty"`
+	MinEventsNeededForEvaluation *int32 `json:"minEventsNeededForEvaluation,omitempty"`
+	AdditionalProperties         map[string]interface{}
+}
+
+type _BehaviorRuleSettingsHistoryBased BehaviorRuleSettingsHistoryBased
+
+// NewBehaviorRuleSettingsHistoryBased instantiates a new BehaviorRuleSettingsHistoryBased object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleSettingsHistoryBased() *BehaviorRuleSettingsHistoryBased {
+	this := BehaviorRuleSettingsHistoryBased{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// NewBehaviorRuleSettingsHistoryBasedWithDefaults instantiates a new BehaviorRuleSettingsHistoryBased object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleSettingsHistoryBasedWithDefaults() *BehaviorRuleSettingsHistoryBased {
+	this := BehaviorRuleSettingsHistoryBased{}
+	var maxEventsUsedForEvaluation int32 = 20
+	this.MaxEventsUsedForEvaluation = &maxEventsUsedForEvaluation
+	var minEventsNeededForEvaluation int32 = 0
+	this.MinEventsNeededForEvaluation = &minEventsNeededForEvaluation
+	return &this
+}
+
+// GetMaxEventsUsedForEvaluation returns the MaxEventsUsedForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsHistoryBased) GetMaxEventsUsedForEvaluation() int32 {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxEventsUsedForEvaluation
+}
+
+// GetMaxEventsUsedForEvaluationOk returns a tuple with the MaxEventsUsedForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsHistoryBased) GetMaxEventsUsedForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MaxEventsUsedForEvaluation == nil {
+		return nil, false
+	}
+	return o.MaxEventsUsedForEvaluation, true
+}
+
+// HasMaxEventsUsedForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsHistoryBased) HasMaxEventsUsedForEvaluation() bool {
+	if o != nil && o.MaxEventsUsedForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxEventsUsedForEvaluation gets a reference to the given int32 and assigns it to the MaxEventsUsedForEvaluation field.
+func (o *BehaviorRuleSettingsHistoryBased) SetMaxEventsUsedForEvaluation(v int32) {
+	o.MaxEventsUsedForEvaluation = &v
+}
+
+// GetMinEventsNeededForEvaluation returns the MinEventsNeededForEvaluation field value if set, zero value otherwise.
+func (o *BehaviorRuleSettingsHistoryBased) GetMinEventsNeededForEvaluation() int32 {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinEventsNeededForEvaluation
+}
+
+// GetMinEventsNeededForEvaluationOk returns a tuple with the MinEventsNeededForEvaluation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsHistoryBased) GetMinEventsNeededForEvaluationOk() (*int32, bool) {
+	if o == nil || o.MinEventsNeededForEvaluation == nil {
+		return nil, false
+	}
+	return o.MinEventsNeededForEvaluation, true
+}
+
+// HasMinEventsNeededForEvaluation returns a boolean if a field has been set.
+func (o *BehaviorRuleSettingsHistoryBased) HasMinEventsNeededForEvaluation() bool {
+	if o != nil && o.MinEventsNeededForEvaluation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinEventsNeededForEvaluation gets a reference to the given int32 and assigns it to the MinEventsNeededForEvaluation field.
+func (o *BehaviorRuleSettingsHistoryBased) SetMinEventsNeededForEvaluation(v int32) {
+	o.MinEventsNeededForEvaluation = &v
+}
+
+func (o BehaviorRuleSettingsHistoryBased) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MaxEventsUsedForEvaluation != nil {
+		toSerialize["maxEventsUsedForEvaluation"] = o.MaxEventsUsedForEvaluation
+	}
+	if o.MinEventsNeededForEvaluation != nil {
+		toSerialize["minEventsNeededForEvaluation"] = o.MinEventsNeededForEvaluation
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleSettingsHistoryBased) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleSettingsHistoryBased := _BehaviorRuleSettingsHistoryBased{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleSettingsHistoryBased)
+	if err == nil {
+		*o = BehaviorRuleSettingsHistoryBased(varBehaviorRuleSettingsHistoryBased)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "maxEventsUsedForEvaluation")
+		delete(additionalProperties, "minEventsNeededForEvaluation")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleSettingsHistoryBased struct {
+	value *BehaviorRuleSettingsHistoryBased
+	isSet bool
+}
+
+func (v NullableBehaviorRuleSettingsHistoryBased) Get() *BehaviorRuleSettingsHistoryBased {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleSettingsHistoryBased) Set(val *BehaviorRuleSettingsHistoryBased) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleSettingsHistoryBased) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleSettingsHistoryBased) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleSettingsHistoryBased(val *BehaviorRuleSettingsHistoryBased) *NullableBehaviorRuleSettingsHistoryBased {
+	return &NullableBehaviorRuleSettingsHistoryBased{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleSettingsHistoryBased) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleSettingsHistoryBased) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_settings_velocity.go b/okta/model_behavior_rule_settings_velocity.go
new file mode 100644
index 000000000..56226df57
--- /dev/null
+++ b/okta/model_behavior_rule_settings_velocity.go
@@ -0,0 +1,153 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleSettingsVelocity struct for BehaviorRuleSettingsVelocity
+type BehaviorRuleSettingsVelocity struct {
+	VelocityKph          int32 `json:"velocityKph"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleSettingsVelocity BehaviorRuleSettingsVelocity
+
+// NewBehaviorRuleSettingsVelocity instantiates a new BehaviorRuleSettingsVelocity object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleSettingsVelocity(velocityKph int32) *BehaviorRuleSettingsVelocity {
+	this := BehaviorRuleSettingsVelocity{}
+	this.VelocityKph = velocityKph
+	return &this
+}
+
+// NewBehaviorRuleSettingsVelocityWithDefaults instantiates a new BehaviorRuleSettingsVelocity object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleSettingsVelocityWithDefaults() *BehaviorRuleSettingsVelocity {
+	this := BehaviorRuleSettingsVelocity{}
+	var velocityKph int32 = 805
+	this.VelocityKph = velocityKph
+	return &this
+}
+
+// GetVelocityKph returns the VelocityKph field value
+func (o *BehaviorRuleSettingsVelocity) GetVelocityKph() int32 {
+	if o == nil {
+		var ret int32
+		return ret
+	}
+
+	return o.VelocityKph
+}
+
+// GetVelocityKphOk returns a tuple with the VelocityKph field value
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleSettingsVelocity) GetVelocityKphOk() (*int32, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.VelocityKph, true
+}
+
+// SetVelocityKph sets field value
+func (o *BehaviorRuleSettingsVelocity) SetVelocityKph(v int32) {
+	o.VelocityKph = v
+}
+
+func (o BehaviorRuleSettingsVelocity) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["velocityKph"] = o.VelocityKph
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleSettingsVelocity) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleSettingsVelocity := _BehaviorRuleSettingsVelocity{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleSettingsVelocity)
+	if err == nil {
+		*o = BehaviorRuleSettingsVelocity(varBehaviorRuleSettingsVelocity)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "velocityKph")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleSettingsVelocity struct {
+	value *BehaviorRuleSettingsVelocity
+	isSet bool
+}
+
+func (v NullableBehaviorRuleSettingsVelocity) Get() *BehaviorRuleSettingsVelocity {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleSettingsVelocity) Set(val *BehaviorRuleSettingsVelocity) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleSettingsVelocity) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleSettingsVelocity) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleSettingsVelocity(val *BehaviorRuleSettingsVelocity) *NullableBehaviorRuleSettingsVelocity {
+	return &NullableBehaviorRuleSettingsVelocity{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleSettingsVelocity) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleSettingsVelocity) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_type.go b/okta/model_behavior_rule_type.go
new file mode 100644
index 000000000..99dff0a6f
--- /dev/null
+++ b/okta/model_behavior_rule_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// BehaviorRuleType the model 'BehaviorRuleType'
+type BehaviorRuleType string
+
+// List of BehaviorRuleType
+const (
+	BEHAVIORRULETYPE_ANOMALOUS_DEVICE   BehaviorRuleType = "ANOMALOUS_DEVICE"
+	BEHAVIORRULETYPE_ANOMALOUS_IP       BehaviorRuleType = "ANOMALOUS_IP"
+	BEHAVIORRULETYPE_ANOMALOUS_LOCATION BehaviorRuleType = "ANOMALOUS_LOCATION"
+	BEHAVIORRULETYPE_VELOCITY           BehaviorRuleType = "VELOCITY"
+)
+
+// All allowed values of BehaviorRuleType enum
+var AllowedBehaviorRuleTypeEnumValues = []BehaviorRuleType{
+	"ANOMALOUS_DEVICE",
+	"ANOMALOUS_IP",
+	"ANOMALOUS_LOCATION",
+	"VELOCITY",
+}
+
+func (v *BehaviorRuleType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := BehaviorRuleType(value)
+	for _, existing := range AllowedBehaviorRuleTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid BehaviorRuleType", value)
+}
+
+// NewBehaviorRuleTypeFromValue returns a pointer to a valid BehaviorRuleType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewBehaviorRuleTypeFromValue(v string) (*BehaviorRuleType, error) {
+	ev := BehaviorRuleType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for BehaviorRuleType: valid values are %v", v, AllowedBehaviorRuleTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v BehaviorRuleType) IsValid() bool {
+	for _, existing := range AllowedBehaviorRuleTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to BehaviorRuleType value
+func (v BehaviorRuleType) Ptr() *BehaviorRuleType {
+	return &v
+}
+
+type NullableBehaviorRuleType struct {
+	value *BehaviorRuleType
+	isSet bool
+}
+
+func (v NullableBehaviorRuleType) Get() *BehaviorRuleType {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleType) Set(val *BehaviorRuleType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleType(val *BehaviorRuleType) *NullableBehaviorRuleType {
+	return &NullableBehaviorRuleType{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_velocity.go b/okta/model_behavior_rule_velocity.go
new file mode 100644
index 000000000..8a5a0e42a
--- /dev/null
+++ b/okta/model_behavior_rule_velocity.go
@@ -0,0 +1,205 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// BehaviorRuleVelocity struct for BehaviorRuleVelocity
+type BehaviorRuleVelocity struct {
+	BehaviorRule
+	Settings             *BehaviorRuleSettingsVelocity `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleVelocity BehaviorRuleVelocity
+
+// NewBehaviorRuleVelocity instantiates a new BehaviorRuleVelocity object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleVelocity(name string, type_ BehaviorRuleType) *BehaviorRuleVelocity {
+	this := BehaviorRuleVelocity{}
+	this.Name = name
+	this.Type = type_
+	return &this
+}
+
+// NewBehaviorRuleVelocityWithDefaults instantiates a new BehaviorRuleVelocity object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleVelocityWithDefaults() *BehaviorRuleVelocity {
+	this := BehaviorRuleVelocity{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleVelocity) GetSettings() BehaviorRuleSettingsVelocity {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsVelocity
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleVelocity) GetSettingsOk() (*BehaviorRuleSettingsVelocity, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleVelocity) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsVelocity and assigns it to the Settings field.
+func (o *BehaviorRuleVelocity) SetSettings(v BehaviorRuleSettingsVelocity) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleVelocity) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedBehaviorRule, errBehaviorRule := json.Marshal(o.BehaviorRule)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	errBehaviorRule = json.Unmarshal([]byte(serializedBehaviorRule), &toSerialize)
+	if errBehaviorRule != nil {
+		return []byte{}, errBehaviorRule
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleVelocity) UnmarshalJSON(bytes []byte) (err error) {
+	type BehaviorRuleVelocityWithoutEmbeddedStruct struct {
+		Settings *BehaviorRuleSettingsVelocity `json:"settings,omitempty"`
+	}
+
+	varBehaviorRuleVelocityWithoutEmbeddedStruct := BehaviorRuleVelocityWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleVelocityWithoutEmbeddedStruct)
+	if err == nil {
+		varBehaviorRuleVelocity := _BehaviorRuleVelocity{}
+		varBehaviorRuleVelocity.Settings = varBehaviorRuleVelocityWithoutEmbeddedStruct.Settings
+		*o = BehaviorRuleVelocity(varBehaviorRuleVelocity)
+	} else {
+		return err
+	}
+
+	varBehaviorRuleVelocity := _BehaviorRuleVelocity{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleVelocity)
+	if err == nil {
+		o.BehaviorRule = varBehaviorRuleVelocity.BehaviorRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectBehaviorRule := reflect.ValueOf(o.BehaviorRule)
+		for i := 0; i < reflectBehaviorRule.Type().NumField(); i++ {
+			t := reflectBehaviorRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleVelocity struct {
+	value *BehaviorRuleVelocity
+	isSet bool
+}
+
+func (v NullableBehaviorRuleVelocity) Get() *BehaviorRuleVelocity {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleVelocity) Set(val *BehaviorRuleVelocity) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleVelocity) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleVelocity) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleVelocity(val *BehaviorRuleVelocity) *NullableBehaviorRuleVelocity {
+	return &NullableBehaviorRuleVelocity{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleVelocity) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleVelocity) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_behavior_rule_velocity_all_of.go b/okta/model_behavior_rule_velocity_all_of.go
new file mode 100644
index 000000000..9a32c7ead
--- /dev/null
+++ b/okta/model_behavior_rule_velocity_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BehaviorRuleVelocityAllOf struct for BehaviorRuleVelocityAllOf
+type BehaviorRuleVelocityAllOf struct {
+	Settings             *BehaviorRuleSettingsVelocity `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BehaviorRuleVelocityAllOf BehaviorRuleVelocityAllOf
+
+// NewBehaviorRuleVelocityAllOf instantiates a new BehaviorRuleVelocityAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBehaviorRuleVelocityAllOf() *BehaviorRuleVelocityAllOf {
+	this := BehaviorRuleVelocityAllOf{}
+	return &this
+}
+
+// NewBehaviorRuleVelocityAllOfWithDefaults instantiates a new BehaviorRuleVelocityAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBehaviorRuleVelocityAllOfWithDefaults() *BehaviorRuleVelocityAllOf {
+	this := BehaviorRuleVelocityAllOf{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BehaviorRuleVelocityAllOf) GetSettings() BehaviorRuleSettingsVelocity {
+	if o == nil || o.Settings == nil {
+		var ret BehaviorRuleSettingsVelocity
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BehaviorRuleVelocityAllOf) GetSettingsOk() (*BehaviorRuleSettingsVelocity, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BehaviorRuleVelocityAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BehaviorRuleSettingsVelocity and assigns it to the Settings field.
+func (o *BehaviorRuleVelocityAllOf) SetSettings(v BehaviorRuleSettingsVelocity) {
+	o.Settings = &v
+}
+
+func (o BehaviorRuleVelocityAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BehaviorRuleVelocityAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBehaviorRuleVelocityAllOf := _BehaviorRuleVelocityAllOf{}
+
+	err = json.Unmarshal(bytes, &varBehaviorRuleVelocityAllOf)
+	if err == nil {
+		*o = BehaviorRuleVelocityAllOf(varBehaviorRuleVelocityAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBehaviorRuleVelocityAllOf struct {
+	value *BehaviorRuleVelocityAllOf
+	isSet bool
+}
+
+func (v NullableBehaviorRuleVelocityAllOf) Get() *BehaviorRuleVelocityAllOf {
+	return v.value
+}
+
+func (v *NullableBehaviorRuleVelocityAllOf) Set(val *BehaviorRuleVelocityAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBehaviorRuleVelocityAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBehaviorRuleVelocityAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBehaviorRuleVelocityAllOf(val *BehaviorRuleVelocityAllOf) *NullableBehaviorRuleVelocityAllOf {
+	return &NullableBehaviorRuleVelocityAllOf{value: val, isSet: true}
+}
+
+func (v NullableBehaviorRuleVelocityAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBehaviorRuleVelocityAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bookmark_application.go b/okta/model_bookmark_application.go
new file mode 100644
index 000000000..11a604889
--- /dev/null
+++ b/okta/model_bookmark_application.go
@@ -0,0 +1,285 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// BookmarkApplication struct for BookmarkApplication
+type BookmarkApplication struct {
+	Application
+	Credentials          *ApplicationCredentials      `json:"credentials,omitempty"`
+	Name                 *string                      `json:"name,omitempty"`
+	Settings             *BookmarkApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BookmarkApplication BookmarkApplication
+
+// NewBookmarkApplication instantiates a new BookmarkApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBookmarkApplication() *BookmarkApplication {
+	this := BookmarkApplication{}
+	var name string = "bookmark"
+	this.Name = &name
+	return &this
+}
+
+// NewBookmarkApplicationWithDefaults instantiates a new BookmarkApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBookmarkApplicationWithDefaults() *BookmarkApplication {
+	this := BookmarkApplication{}
+	var name string = "bookmark"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *BookmarkApplication) GetCredentials() ApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret ApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplication) GetCredentialsOk() (*ApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *BookmarkApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given ApplicationCredentials and assigns it to the Credentials field.
+func (o *BookmarkApplication) SetCredentials(v ApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *BookmarkApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *BookmarkApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *BookmarkApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BookmarkApplication) GetSettings() BookmarkApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret BookmarkApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplication) GetSettingsOk() (*BookmarkApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BookmarkApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BookmarkApplicationSettings and assigns it to the Settings field.
+func (o *BookmarkApplication) SetSettings(v BookmarkApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o BookmarkApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BookmarkApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type BookmarkApplicationWithoutEmbeddedStruct struct {
+		Credentials *ApplicationCredentials      `json:"credentials,omitempty"`
+		Name        *string                      `json:"name,omitempty"`
+		Settings    *BookmarkApplicationSettings `json:"settings,omitempty"`
+	}
+
+	varBookmarkApplicationWithoutEmbeddedStruct := BookmarkApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varBookmarkApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varBookmarkApplication := _BookmarkApplication{}
+		varBookmarkApplication.Credentials = varBookmarkApplicationWithoutEmbeddedStruct.Credentials
+		varBookmarkApplication.Name = varBookmarkApplicationWithoutEmbeddedStruct.Name
+		varBookmarkApplication.Settings = varBookmarkApplicationWithoutEmbeddedStruct.Settings
+		*o = BookmarkApplication(varBookmarkApplication)
+	} else {
+		return err
+	}
+
+	varBookmarkApplication := _BookmarkApplication{}
+
+	err = json.Unmarshal(bytes, &varBookmarkApplication)
+	if err == nil {
+		o.Application = varBookmarkApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBookmarkApplication struct {
+	value *BookmarkApplication
+	isSet bool
+}
+
+func (v NullableBookmarkApplication) Get() *BookmarkApplication {
+	return v.value
+}
+
+func (v *NullableBookmarkApplication) Set(val *BookmarkApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBookmarkApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBookmarkApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBookmarkApplication(val *BookmarkApplication) *NullableBookmarkApplication {
+	return &NullableBookmarkApplication{value: val, isSet: true}
+}
+
+func (v NullableBookmarkApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBookmarkApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bookmark_application_all_of.go b/okta/model_bookmark_application_all_of.go
new file mode 100644
index 000000000..cb29ecec4
--- /dev/null
+++ b/okta/model_bookmark_application_all_of.go
@@ -0,0 +1,236 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BookmarkApplicationAllOf struct for BookmarkApplicationAllOf
+type BookmarkApplicationAllOf struct {
+	Credentials          *ApplicationCredentials      `json:"credentials,omitempty"`
+	Name                 *string                      `json:"name,omitempty"`
+	Settings             *BookmarkApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BookmarkApplicationAllOf BookmarkApplicationAllOf
+
+// NewBookmarkApplicationAllOf instantiates a new BookmarkApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBookmarkApplicationAllOf() *BookmarkApplicationAllOf {
+	this := BookmarkApplicationAllOf{}
+	var name string = "bookmark"
+	this.Name = &name
+	return &this
+}
+
+// NewBookmarkApplicationAllOfWithDefaults instantiates a new BookmarkApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBookmarkApplicationAllOfWithDefaults() *BookmarkApplicationAllOf {
+	this := BookmarkApplicationAllOf{}
+	var name string = "bookmark"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *BookmarkApplicationAllOf) GetCredentials() ApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret ApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationAllOf) GetCredentialsOk() (*ApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *BookmarkApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given ApplicationCredentials and assigns it to the Credentials field.
+func (o *BookmarkApplicationAllOf) SetCredentials(v ApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *BookmarkApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *BookmarkApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *BookmarkApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BookmarkApplicationAllOf) GetSettings() BookmarkApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret BookmarkApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationAllOf) GetSettingsOk() (*BookmarkApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BookmarkApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given BookmarkApplicationSettings and assigns it to the Settings field.
+func (o *BookmarkApplicationAllOf) SetSettings(v BookmarkApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o BookmarkApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BookmarkApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBookmarkApplicationAllOf := _BookmarkApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varBookmarkApplicationAllOf)
+	if err == nil {
+		*o = BookmarkApplicationAllOf(varBookmarkApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBookmarkApplicationAllOf struct {
+	value *BookmarkApplicationAllOf
+	isSet bool
+}
+
+func (v NullableBookmarkApplicationAllOf) Get() *BookmarkApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableBookmarkApplicationAllOf) Set(val *BookmarkApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBookmarkApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBookmarkApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBookmarkApplicationAllOf(val *BookmarkApplicationAllOf) *NullableBookmarkApplicationAllOf {
+	return &NullableBookmarkApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableBookmarkApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBookmarkApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bookmark_application_settings.go b/okta/model_bookmark_application_settings.go
new file mode 100644
index 000000000..4fc2c13d6
--- /dev/null
+++ b/okta/model_bookmark_application_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BookmarkApplicationSettings struct for BookmarkApplicationSettings
+type BookmarkApplicationSettings struct {
+	IdentityStoreId      *string                                 `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                                   `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                                 `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes               `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications       `json:"notifications,omitempty"`
+	App                  *BookmarkApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BookmarkApplicationSettings BookmarkApplicationSettings
+
+// NewBookmarkApplicationSettings instantiates a new BookmarkApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBookmarkApplicationSettings() *BookmarkApplicationSettings {
+	this := BookmarkApplicationSettings{}
+	return &this
+}
+
+// NewBookmarkApplicationSettingsWithDefaults instantiates a new BookmarkApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBookmarkApplicationSettingsWithDefaults() *BookmarkApplicationSettings {
+	this := BookmarkApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *BookmarkApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *BookmarkApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *BookmarkApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *BookmarkApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *BookmarkApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettings) GetApp() BookmarkApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret BookmarkApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettings) GetAppOk() (*BookmarkApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettings) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given BookmarkApplicationSettingsApplication and assigns it to the App field.
+func (o *BookmarkApplicationSettings) SetApp(v BookmarkApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o BookmarkApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BookmarkApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varBookmarkApplicationSettings := _BookmarkApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varBookmarkApplicationSettings)
+	if err == nil {
+		*o = BookmarkApplicationSettings(varBookmarkApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBookmarkApplicationSettings struct {
+	value *BookmarkApplicationSettings
+	isSet bool
+}
+
+func (v NullableBookmarkApplicationSettings) Get() *BookmarkApplicationSettings {
+	return v.value
+}
+
+func (v *NullableBookmarkApplicationSettings) Set(val *BookmarkApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBookmarkApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBookmarkApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBookmarkApplicationSettings(val *BookmarkApplicationSettings) *NullableBookmarkApplicationSettings {
+	return &NullableBookmarkApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableBookmarkApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBookmarkApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bookmark_application_settings_all_of.go b/okta/model_bookmark_application_settings_all_of.go
new file mode 100644
index 000000000..c7d53cc64
--- /dev/null
+++ b/okta/model_bookmark_application_settings_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BookmarkApplicationSettingsAllOf struct for BookmarkApplicationSettingsAllOf
+type BookmarkApplicationSettingsAllOf struct {
+	App                  *BookmarkApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BookmarkApplicationSettingsAllOf BookmarkApplicationSettingsAllOf
+
+// NewBookmarkApplicationSettingsAllOf instantiates a new BookmarkApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBookmarkApplicationSettingsAllOf() *BookmarkApplicationSettingsAllOf {
+	this := BookmarkApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewBookmarkApplicationSettingsAllOfWithDefaults instantiates a new BookmarkApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBookmarkApplicationSettingsAllOfWithDefaults() *BookmarkApplicationSettingsAllOf {
+	this := BookmarkApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettingsAllOf) GetApp() BookmarkApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret BookmarkApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettingsAllOf) GetAppOk() (*BookmarkApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettingsAllOf) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given BookmarkApplicationSettingsApplication and assigns it to the App field.
+func (o *BookmarkApplicationSettingsAllOf) SetApp(v BookmarkApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o BookmarkApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BookmarkApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBookmarkApplicationSettingsAllOf := _BookmarkApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varBookmarkApplicationSettingsAllOf)
+	if err == nil {
+		*o = BookmarkApplicationSettingsAllOf(varBookmarkApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBookmarkApplicationSettingsAllOf struct {
+	value *BookmarkApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableBookmarkApplicationSettingsAllOf) Get() *BookmarkApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableBookmarkApplicationSettingsAllOf) Set(val *BookmarkApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBookmarkApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBookmarkApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBookmarkApplicationSettingsAllOf(val *BookmarkApplicationSettingsAllOf) *NullableBookmarkApplicationSettingsAllOf {
+	return &NullableBookmarkApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableBookmarkApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBookmarkApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bookmark_application_settings_application.go b/okta/model_bookmark_application_settings_application.go
new file mode 100644
index 000000000..702cafdcc
--- /dev/null
+++ b/okta/model_bookmark_application_settings_application.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BookmarkApplicationSettingsApplication struct for BookmarkApplicationSettingsApplication
+type BookmarkApplicationSettingsApplication struct {
+	RequestIntegration   *bool   `json:"requestIntegration,omitempty"`
+	Url                  *string `json:"url,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BookmarkApplicationSettingsApplication BookmarkApplicationSettingsApplication
+
+// NewBookmarkApplicationSettingsApplication instantiates a new BookmarkApplicationSettingsApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBookmarkApplicationSettingsApplication() *BookmarkApplicationSettingsApplication {
+	this := BookmarkApplicationSettingsApplication{}
+	return &this
+}
+
+// NewBookmarkApplicationSettingsApplicationWithDefaults instantiates a new BookmarkApplicationSettingsApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBookmarkApplicationSettingsApplicationWithDefaults() *BookmarkApplicationSettingsApplication {
+	this := BookmarkApplicationSettingsApplication{}
+	return &this
+}
+
+// GetRequestIntegration returns the RequestIntegration field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettingsApplication) GetRequestIntegration() bool {
+	if o == nil || o.RequestIntegration == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RequestIntegration
+}
+
+// GetRequestIntegrationOk returns a tuple with the RequestIntegration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettingsApplication) GetRequestIntegrationOk() (*bool, bool) {
+	if o == nil || o.RequestIntegration == nil {
+		return nil, false
+	}
+	return o.RequestIntegration, true
+}
+
+// HasRequestIntegration returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettingsApplication) HasRequestIntegration() bool {
+	if o != nil && o.RequestIntegration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequestIntegration gets a reference to the given bool and assigns it to the RequestIntegration field.
+func (o *BookmarkApplicationSettingsApplication) SetRequestIntegration(v bool) {
+	o.RequestIntegration = &v
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *BookmarkApplicationSettingsApplication) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BookmarkApplicationSettingsApplication) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *BookmarkApplicationSettingsApplication) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *BookmarkApplicationSettingsApplication) SetUrl(v string) {
+	o.Url = &v
+}
+
+func (o BookmarkApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.RequestIntegration != nil {
+		toSerialize["requestIntegration"] = o.RequestIntegration
+	}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BookmarkApplicationSettingsApplication) UnmarshalJSON(bytes []byte) (err error) {
+	varBookmarkApplicationSettingsApplication := _BookmarkApplicationSettingsApplication{}
+
+	err = json.Unmarshal(bytes, &varBookmarkApplicationSettingsApplication)
+	if err == nil {
+		*o = BookmarkApplicationSettingsApplication(varBookmarkApplicationSettingsApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "requestIntegration")
+		delete(additionalProperties, "url")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBookmarkApplicationSettingsApplication struct {
+	value *BookmarkApplicationSettingsApplication
+	isSet bool
+}
+
+func (v NullableBookmarkApplicationSettingsApplication) Get() *BookmarkApplicationSettingsApplication {
+	return v.value
+}
+
+func (v *NullableBookmarkApplicationSettingsApplication) Set(val *BookmarkApplicationSettingsApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBookmarkApplicationSettingsApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBookmarkApplicationSettingsApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBookmarkApplicationSettingsApplication(val *BookmarkApplicationSettingsApplication) *NullableBookmarkApplicationSettingsApplication {
+	return &NullableBookmarkApplicationSettingsApplication{value: val, isSet: true}
+}
+
+func (v NullableBookmarkApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBookmarkApplicationSettingsApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bounces_remove_list_error.go b/okta/model_bounces_remove_list_error.go
new file mode 100644
index 000000000..781d098fa
--- /dev/null
+++ b/okta/model_bounces_remove_list_error.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BouncesRemoveListError struct for BouncesRemoveListError
+type BouncesRemoveListError struct {
+	EmailAddress         *string `json:"emailAddress,omitempty"`
+	Reason               *string `json:"reason,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BouncesRemoveListError BouncesRemoveListError
+
+// NewBouncesRemoveListError instantiates a new BouncesRemoveListError object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBouncesRemoveListError() *BouncesRemoveListError {
+	this := BouncesRemoveListError{}
+	return &this
+}
+
+// NewBouncesRemoveListErrorWithDefaults instantiates a new BouncesRemoveListError object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBouncesRemoveListErrorWithDefaults() *BouncesRemoveListError {
+	this := BouncesRemoveListError{}
+	return &this
+}
+
+// GetEmailAddress returns the EmailAddress field value if set, zero value otherwise.
+func (o *BouncesRemoveListError) GetEmailAddress() string {
+	if o == nil || o.EmailAddress == nil {
+		var ret string
+		return ret
+	}
+	return *o.EmailAddress
+}
+
+// GetEmailAddressOk returns a tuple with the EmailAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BouncesRemoveListError) GetEmailAddressOk() (*string, bool) {
+	if o == nil || o.EmailAddress == nil {
+		return nil, false
+	}
+	return o.EmailAddress, true
+}
+
+// HasEmailAddress returns a boolean if a field has been set.
+func (o *BouncesRemoveListError) HasEmailAddress() bool {
+	if o != nil && o.EmailAddress != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmailAddress gets a reference to the given string and assigns it to the EmailAddress field.
+func (o *BouncesRemoveListError) SetEmailAddress(v string) {
+	o.EmailAddress = &v
+}
+
+// GetReason returns the Reason field value if set, zero value otherwise.
+func (o *BouncesRemoveListError) GetReason() string {
+	if o == nil || o.Reason == nil {
+		var ret string
+		return ret
+	}
+	return *o.Reason
+}
+
+// GetReasonOk returns a tuple with the Reason field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BouncesRemoveListError) GetReasonOk() (*string, bool) {
+	if o == nil || o.Reason == nil {
+		return nil, false
+	}
+	return o.Reason, true
+}
+
+// HasReason returns a boolean if a field has been set.
+func (o *BouncesRemoveListError) HasReason() bool {
+	if o != nil && o.Reason != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReason gets a reference to the given string and assigns it to the Reason field.
+func (o *BouncesRemoveListError) SetReason(v string) {
+	o.Reason = &v
+}
+
+func (o BouncesRemoveListError) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.EmailAddress != nil {
+		toSerialize["emailAddress"] = o.EmailAddress
+	}
+	if o.Reason != nil {
+		toSerialize["reason"] = o.Reason
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BouncesRemoveListError) UnmarshalJSON(bytes []byte) (err error) {
+	varBouncesRemoveListError := _BouncesRemoveListError{}
+
+	err = json.Unmarshal(bytes, &varBouncesRemoveListError)
+	if err == nil {
+		*o = BouncesRemoveListError(varBouncesRemoveListError)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "emailAddress")
+		delete(additionalProperties, "reason")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBouncesRemoveListError struct {
+	value *BouncesRemoveListError
+	isSet bool
+}
+
+func (v NullableBouncesRemoveListError) Get() *BouncesRemoveListError {
+	return v.value
+}
+
+func (v *NullableBouncesRemoveListError) Set(val *BouncesRemoveListError) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBouncesRemoveListError) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBouncesRemoveListError) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBouncesRemoveListError(val *BouncesRemoveListError) *NullableBouncesRemoveListError {
+	return &NullableBouncesRemoveListError{value: val, isSet: true}
+}
+
+func (v NullableBouncesRemoveListError) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBouncesRemoveListError) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bounces_remove_list_obj.go b/okta/model_bounces_remove_list_obj.go
new file mode 100644
index 000000000..f6727b1e1
--- /dev/null
+++ b/okta/model_bounces_remove_list_obj.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BouncesRemoveListObj struct for BouncesRemoveListObj
+type BouncesRemoveListObj struct {
+	EmailAddresses       []string `json:"emailAddresses,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BouncesRemoveListObj BouncesRemoveListObj
+
+// NewBouncesRemoveListObj instantiates a new BouncesRemoveListObj object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBouncesRemoveListObj() *BouncesRemoveListObj {
+	this := BouncesRemoveListObj{}
+	return &this
+}
+
+// NewBouncesRemoveListObjWithDefaults instantiates a new BouncesRemoveListObj object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBouncesRemoveListObjWithDefaults() *BouncesRemoveListObj {
+	this := BouncesRemoveListObj{}
+	return &this
+}
+
+// GetEmailAddresses returns the EmailAddresses field value if set, zero value otherwise.
+func (o *BouncesRemoveListObj) GetEmailAddresses() []string {
+	if o == nil || o.EmailAddresses == nil {
+		var ret []string
+		return ret
+	}
+	return o.EmailAddresses
+}
+
+// GetEmailAddressesOk returns a tuple with the EmailAddresses field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BouncesRemoveListObj) GetEmailAddressesOk() ([]string, bool) {
+	if o == nil || o.EmailAddresses == nil {
+		return nil, false
+	}
+	return o.EmailAddresses, true
+}
+
+// HasEmailAddresses returns a boolean if a field has been set.
+func (o *BouncesRemoveListObj) HasEmailAddresses() bool {
+	if o != nil && o.EmailAddresses != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmailAddresses gets a reference to the given []string and assigns it to the EmailAddresses field.
+func (o *BouncesRemoveListObj) SetEmailAddresses(v []string) {
+	o.EmailAddresses = v
+}
+
+func (o BouncesRemoveListObj) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.EmailAddresses != nil {
+		toSerialize["emailAddresses"] = o.EmailAddresses
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BouncesRemoveListObj) UnmarshalJSON(bytes []byte) (err error) {
+	varBouncesRemoveListObj := _BouncesRemoveListObj{}
+
+	err = json.Unmarshal(bytes, &varBouncesRemoveListObj)
+	if err == nil {
+		*o = BouncesRemoveListObj(varBouncesRemoveListObj)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "emailAddresses")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBouncesRemoveListObj struct {
+	value *BouncesRemoveListObj
+	isSet bool
+}
+
+func (v NullableBouncesRemoveListObj) Get() *BouncesRemoveListObj {
+	return v.value
+}
+
+func (v *NullableBouncesRemoveListObj) Set(val *BouncesRemoveListObj) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBouncesRemoveListObj) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBouncesRemoveListObj) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBouncesRemoveListObj(val *BouncesRemoveListObj) *NullableBouncesRemoveListObj {
+	return &NullableBouncesRemoveListObj{value: val, isSet: true}
+}
+
+func (v NullableBouncesRemoveListObj) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBouncesRemoveListObj) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bounces_remove_list_result.go b/okta/model_bounces_remove_list_result.go
new file mode 100644
index 000000000..9903bbee5
--- /dev/null
+++ b/okta/model_bounces_remove_list_result.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BouncesRemoveListResult struct for BouncesRemoveListResult
+type BouncesRemoveListResult struct {
+	Errors               []BouncesRemoveListError `json:"errors,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BouncesRemoveListResult BouncesRemoveListResult
+
+// NewBouncesRemoveListResult instantiates a new BouncesRemoveListResult object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBouncesRemoveListResult() *BouncesRemoveListResult {
+	this := BouncesRemoveListResult{}
+	return &this
+}
+
+// NewBouncesRemoveListResultWithDefaults instantiates a new BouncesRemoveListResult object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBouncesRemoveListResultWithDefaults() *BouncesRemoveListResult {
+	this := BouncesRemoveListResult{}
+	return &this
+}
+
+// GetErrors returns the Errors field value if set, zero value otherwise.
+func (o *BouncesRemoveListResult) GetErrors() []BouncesRemoveListError {
+	if o == nil || o.Errors == nil {
+		var ret []BouncesRemoveListError
+		return ret
+	}
+	return o.Errors
+}
+
+// GetErrorsOk returns a tuple with the Errors field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BouncesRemoveListResult) GetErrorsOk() ([]BouncesRemoveListError, bool) {
+	if o == nil || o.Errors == nil {
+		return nil, false
+	}
+	return o.Errors, true
+}
+
+// HasErrors returns a boolean if a field has been set.
+func (o *BouncesRemoveListResult) HasErrors() bool {
+	if o != nil && o.Errors != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrors gets a reference to the given []BouncesRemoveListError and assigns it to the Errors field.
+func (o *BouncesRemoveListResult) SetErrors(v []BouncesRemoveListError) {
+	o.Errors = v
+}
+
+func (o BouncesRemoveListResult) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Errors != nil {
+		toSerialize["errors"] = o.Errors
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BouncesRemoveListResult) UnmarshalJSON(bytes []byte) (err error) {
+	varBouncesRemoveListResult := _BouncesRemoveListResult{}
+
+	err = json.Unmarshal(bytes, &varBouncesRemoveListResult)
+	if err == nil {
+		*o = BouncesRemoveListResult(varBouncesRemoveListResult)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "errors")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBouncesRemoveListResult struct {
+	value *BouncesRemoveListResult
+	isSet bool
+}
+
+func (v NullableBouncesRemoveListResult) Get() *BouncesRemoveListResult {
+	return v.value
+}
+
+func (v *NullableBouncesRemoveListResult) Set(val *BouncesRemoveListResult) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBouncesRemoveListResult) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBouncesRemoveListResult) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBouncesRemoveListResult(val *BouncesRemoveListResult) *NullableBouncesRemoveListResult {
+	return &NullableBouncesRemoveListResult{value: val, isSet: true}
+}
+
+func (v NullableBouncesRemoveListResult) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBouncesRemoveListResult) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_brand.go b/okta/model_brand.go
new file mode 100644
index 000000000..4e4e3508a
--- /dev/null
+++ b/okta/model_brand.go
@@ -0,0 +1,455 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Brand struct for Brand
+type Brand struct {
+	AgreeToCustomPrivacyPolicy *bool            `json:"agreeToCustomPrivacyPolicy,omitempty"`
+	CustomPrivacyPolicyUrl     *string          `json:"customPrivacyPolicyUrl,omitempty"`
+	DefaultApp                 *BrandDefaultApp `json:"defaultApp,omitempty"`
+	Id                         *string          `json:"id,omitempty"`
+	IsDefault                  *bool            `json:"isDefault,omitempty"`
+	// The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646).
+	Locale               *string     `json:"locale,omitempty"`
+	Name                 *string     `json:"name,omitempty"`
+	RemovePoweredByOkta  *bool       `json:"removePoweredByOkta,omitempty"`
+	Links                *BrandLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Brand Brand
+
+// NewBrand instantiates a new Brand object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrand() *Brand {
+	this := Brand{}
+	return &this
+}
+
+// NewBrandWithDefaults instantiates a new Brand object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrandWithDefaults() *Brand {
+	this := Brand{}
+	return &this
+}
+
+// GetAgreeToCustomPrivacyPolicy returns the AgreeToCustomPrivacyPolicy field value if set, zero value otherwise.
+func (o *Brand) GetAgreeToCustomPrivacyPolicy() bool {
+	if o == nil || o.AgreeToCustomPrivacyPolicy == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AgreeToCustomPrivacyPolicy
+}
+
+// GetAgreeToCustomPrivacyPolicyOk returns a tuple with the AgreeToCustomPrivacyPolicy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetAgreeToCustomPrivacyPolicyOk() (*bool, bool) {
+	if o == nil || o.AgreeToCustomPrivacyPolicy == nil {
+		return nil, false
+	}
+	return o.AgreeToCustomPrivacyPolicy, true
+}
+
+// HasAgreeToCustomPrivacyPolicy returns a boolean if a field has been set.
+func (o *Brand) HasAgreeToCustomPrivacyPolicy() bool {
+	if o != nil && o.AgreeToCustomPrivacyPolicy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAgreeToCustomPrivacyPolicy gets a reference to the given bool and assigns it to the AgreeToCustomPrivacyPolicy field.
+func (o *Brand) SetAgreeToCustomPrivacyPolicy(v bool) {
+	o.AgreeToCustomPrivacyPolicy = &v
+}
+
+// GetCustomPrivacyPolicyUrl returns the CustomPrivacyPolicyUrl field value if set, zero value otherwise.
+func (o *Brand) GetCustomPrivacyPolicyUrl() string {
+	if o == nil || o.CustomPrivacyPolicyUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.CustomPrivacyPolicyUrl
+}
+
+// GetCustomPrivacyPolicyUrlOk returns a tuple with the CustomPrivacyPolicyUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetCustomPrivacyPolicyUrlOk() (*string, bool) {
+	if o == nil || o.CustomPrivacyPolicyUrl == nil {
+		return nil, false
+	}
+	return o.CustomPrivacyPolicyUrl, true
+}
+
+// HasCustomPrivacyPolicyUrl returns a boolean if a field has been set.
+func (o *Brand) HasCustomPrivacyPolicyUrl() bool {
+	if o != nil && o.CustomPrivacyPolicyUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomPrivacyPolicyUrl gets a reference to the given string and assigns it to the CustomPrivacyPolicyUrl field.
+func (o *Brand) SetCustomPrivacyPolicyUrl(v string) {
+	o.CustomPrivacyPolicyUrl = &v
+}
+
+// GetDefaultApp returns the DefaultApp field value if set, zero value otherwise.
+func (o *Brand) GetDefaultApp() BrandDefaultApp {
+	if o == nil || o.DefaultApp == nil {
+		var ret BrandDefaultApp
+		return ret
+	}
+	return *o.DefaultApp
+}
+
+// GetDefaultAppOk returns a tuple with the DefaultApp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetDefaultAppOk() (*BrandDefaultApp, bool) {
+	if o == nil || o.DefaultApp == nil {
+		return nil, false
+	}
+	return o.DefaultApp, true
+}
+
+// HasDefaultApp returns a boolean if a field has been set.
+func (o *Brand) HasDefaultApp() bool {
+	if o != nil && o.DefaultApp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefaultApp gets a reference to the given BrandDefaultApp and assigns it to the DefaultApp field.
+func (o *Brand) SetDefaultApp(v BrandDefaultApp) {
+	o.DefaultApp = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Brand) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Brand) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Brand) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIsDefault returns the IsDefault field value if set, zero value otherwise.
+func (o *Brand) GetIsDefault() bool {
+	if o == nil || o.IsDefault == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IsDefault
+}
+
+// GetIsDefaultOk returns a tuple with the IsDefault field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetIsDefaultOk() (*bool, bool) {
+	if o == nil || o.IsDefault == nil {
+		return nil, false
+	}
+	return o.IsDefault, true
+}
+
+// HasIsDefault returns a boolean if a field has been set.
+func (o *Brand) HasIsDefault() bool {
+	if o != nil && o.IsDefault != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsDefault gets a reference to the given bool and assigns it to the IsDefault field.
+func (o *Brand) SetIsDefault(v bool) {
+	o.IsDefault = &v
+}
+
+// GetLocale returns the Locale field value if set, zero value otherwise.
+func (o *Brand) GetLocale() string {
+	if o == nil || o.Locale == nil {
+		var ret string
+		return ret
+	}
+	return *o.Locale
+}
+
+// GetLocaleOk returns a tuple with the Locale field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetLocaleOk() (*string, bool) {
+	if o == nil || o.Locale == nil {
+		return nil, false
+	}
+	return o.Locale, true
+}
+
+// HasLocale returns a boolean if a field has been set.
+func (o *Brand) HasLocale() bool {
+	if o != nil && o.Locale != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLocale gets a reference to the given string and assigns it to the Locale field.
+func (o *Brand) SetLocale(v string) {
+	o.Locale = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *Brand) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *Brand) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *Brand) SetName(v string) {
+	o.Name = &v
+}
+
+// GetRemovePoweredByOkta returns the RemovePoweredByOkta field value if set, zero value otherwise.
+func (o *Brand) GetRemovePoweredByOkta() bool {
+	if o == nil || o.RemovePoweredByOkta == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RemovePoweredByOkta
+}
+
+// GetRemovePoweredByOktaOk returns a tuple with the RemovePoweredByOkta field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetRemovePoweredByOktaOk() (*bool, bool) {
+	if o == nil || o.RemovePoweredByOkta == nil {
+		return nil, false
+	}
+	return o.RemovePoweredByOkta, true
+}
+
+// HasRemovePoweredByOkta returns a boolean if a field has been set.
+func (o *Brand) HasRemovePoweredByOkta() bool {
+	if o != nil && o.RemovePoweredByOkta != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRemovePoweredByOkta gets a reference to the given bool and assigns it to the RemovePoweredByOkta field.
+func (o *Brand) SetRemovePoweredByOkta(v bool) {
+	o.RemovePoweredByOkta = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Brand) GetLinks() BrandLinks {
+	if o == nil || o.Links == nil {
+		var ret BrandLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Brand) GetLinksOk() (*BrandLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Brand) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given BrandLinks and assigns it to the Links field.
+func (o *Brand) SetLinks(v BrandLinks) {
+	o.Links = &v
+}
+
+func (o Brand) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AgreeToCustomPrivacyPolicy != nil {
+		toSerialize["agreeToCustomPrivacyPolicy"] = o.AgreeToCustomPrivacyPolicy
+	}
+	if o.CustomPrivacyPolicyUrl != nil {
+		toSerialize["customPrivacyPolicyUrl"] = o.CustomPrivacyPolicyUrl
+	}
+	if o.DefaultApp != nil {
+		toSerialize["defaultApp"] = o.DefaultApp
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IsDefault != nil {
+		toSerialize["isDefault"] = o.IsDefault
+	}
+	if o.Locale != nil {
+		toSerialize["locale"] = o.Locale
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.RemovePoweredByOkta != nil {
+		toSerialize["removePoweredByOkta"] = o.RemovePoweredByOkta
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Brand) UnmarshalJSON(bytes []byte) (err error) {
+	varBrand := _Brand{}
+
+	err = json.Unmarshal(bytes, &varBrand)
+	if err == nil {
+		*o = Brand(varBrand)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "agreeToCustomPrivacyPolicy")
+		delete(additionalProperties, "customPrivacyPolicyUrl")
+		delete(additionalProperties, "defaultApp")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "isDefault")
+		delete(additionalProperties, "locale")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "removePoweredByOkta")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrand struct {
+	value *Brand
+	isSet bool
+}
+
+func (v NullableBrand) Get() *Brand {
+	return v.value
+}
+
+func (v *NullableBrand) Set(val *Brand) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrand) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrand) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrand(val *Brand) *NullableBrand {
+	return &NullableBrand{value: val, isSet: true}
+}
+
+func (v NullableBrand) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrand) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_brand__links.go b/okta/model_brand__links.go
new file mode 100644
index 000000000..9d77e9654
--- /dev/null
+++ b/okta/model_brand__links.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BrandLinks struct for BrandLinks
+type BrandLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Themes               *HrefObject `json:"themes,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BrandLinks BrandLinks
+
+// NewBrandLinks instantiates a new BrandLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrandLinks() *BrandLinks {
+	this := BrandLinks{}
+	return &this
+}
+
+// NewBrandLinksWithDefaults instantiates a new BrandLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrandLinksWithDefaults() *BrandLinks {
+	this := BrandLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *BrandLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *BrandLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *BrandLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetThemes returns the Themes field value if set, zero value otherwise.
+func (o *BrandLinks) GetThemes() HrefObject {
+	if o == nil || o.Themes == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Themes
+}
+
+// GetThemesOk returns a tuple with the Themes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandLinks) GetThemesOk() (*HrefObject, bool) {
+	if o == nil || o.Themes == nil {
+		return nil, false
+	}
+	return o.Themes, true
+}
+
+// HasThemes returns a boolean if a field has been set.
+func (o *BrandLinks) HasThemes() bool {
+	if o != nil && o.Themes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThemes gets a reference to the given HrefObject and assigns it to the Themes field.
+func (o *BrandLinks) SetThemes(v HrefObject) {
+	o.Themes = &v
+}
+
+func (o BrandLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Themes != nil {
+		toSerialize["themes"] = o.Themes
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BrandLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varBrandLinks := _BrandLinks{}
+
+	err = json.Unmarshal(bytes, &varBrandLinks)
+	if err == nil {
+		*o = BrandLinks(varBrandLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "themes")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrandLinks struct {
+	value *BrandLinks
+	isSet bool
+}
+
+func (v NullableBrandLinks) Get() *BrandLinks {
+	return v.value
+}
+
+func (v *NullableBrandLinks) Set(val *BrandLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrandLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrandLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrandLinks(val *BrandLinks) *NullableBrandLinks {
+	return &NullableBrandLinks{value: val, isSet: true}
+}
+
+func (v NullableBrandLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrandLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_brand_default_app.go b/okta/model_brand_default_app.go
new file mode 100644
index 000000000..f04d8b486
--- /dev/null
+++ b/okta/model_brand_default_app.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BrandDefaultApp struct for BrandDefaultApp
+type BrandDefaultApp struct {
+	AppInstanceId         *string `json:"appInstanceId,omitempty"`
+	AppLinkName           *string `json:"appLinkName,omitempty"`
+	ClassicApplicationUri *string `json:"classicApplicationUri,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _BrandDefaultApp BrandDefaultApp
+
+// NewBrandDefaultApp instantiates a new BrandDefaultApp object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrandDefaultApp() *BrandDefaultApp {
+	this := BrandDefaultApp{}
+	return &this
+}
+
+// NewBrandDefaultAppWithDefaults instantiates a new BrandDefaultApp object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrandDefaultAppWithDefaults() *BrandDefaultApp {
+	this := BrandDefaultApp{}
+	return &this
+}
+
+// GetAppInstanceId returns the AppInstanceId field value if set, zero value otherwise.
+func (o *BrandDefaultApp) GetAppInstanceId() string {
+	if o == nil || o.AppInstanceId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AppInstanceId
+}
+
+// GetAppInstanceIdOk returns a tuple with the AppInstanceId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDefaultApp) GetAppInstanceIdOk() (*string, bool) {
+	if o == nil || o.AppInstanceId == nil {
+		return nil, false
+	}
+	return o.AppInstanceId, true
+}
+
+// HasAppInstanceId returns a boolean if a field has been set.
+func (o *BrandDefaultApp) HasAppInstanceId() bool {
+	if o != nil && o.AppInstanceId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppInstanceId gets a reference to the given string and assigns it to the AppInstanceId field.
+func (o *BrandDefaultApp) SetAppInstanceId(v string) {
+	o.AppInstanceId = &v
+}
+
+// GetAppLinkName returns the AppLinkName field value if set, zero value otherwise.
+func (o *BrandDefaultApp) GetAppLinkName() string {
+	if o == nil || o.AppLinkName == nil {
+		var ret string
+		return ret
+	}
+	return *o.AppLinkName
+}
+
+// GetAppLinkNameOk returns a tuple with the AppLinkName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDefaultApp) GetAppLinkNameOk() (*string, bool) {
+	if o == nil || o.AppLinkName == nil {
+		return nil, false
+	}
+	return o.AppLinkName, true
+}
+
+// HasAppLinkName returns a boolean if a field has been set.
+func (o *BrandDefaultApp) HasAppLinkName() bool {
+	if o != nil && o.AppLinkName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppLinkName gets a reference to the given string and assigns it to the AppLinkName field.
+func (o *BrandDefaultApp) SetAppLinkName(v string) {
+	o.AppLinkName = &v
+}
+
+// GetClassicApplicationUri returns the ClassicApplicationUri field value if set, zero value otherwise.
+func (o *BrandDefaultApp) GetClassicApplicationUri() string {
+	if o == nil || o.ClassicApplicationUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClassicApplicationUri
+}
+
+// GetClassicApplicationUriOk returns a tuple with the ClassicApplicationUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDefaultApp) GetClassicApplicationUriOk() (*string, bool) {
+	if o == nil || o.ClassicApplicationUri == nil {
+		return nil, false
+	}
+	return o.ClassicApplicationUri, true
+}
+
+// HasClassicApplicationUri returns a boolean if a field has been set.
+func (o *BrandDefaultApp) HasClassicApplicationUri() bool {
+	if o != nil && o.ClassicApplicationUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClassicApplicationUri gets a reference to the given string and assigns it to the ClassicApplicationUri field.
+func (o *BrandDefaultApp) SetClassicApplicationUri(v string) {
+	o.ClassicApplicationUri = &v
+}
+
+func (o BrandDefaultApp) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AppInstanceId != nil {
+		toSerialize["appInstanceId"] = o.AppInstanceId
+	}
+	if o.AppLinkName != nil {
+		toSerialize["appLinkName"] = o.AppLinkName
+	}
+	if o.ClassicApplicationUri != nil {
+		toSerialize["classicApplicationUri"] = o.ClassicApplicationUri
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BrandDefaultApp) UnmarshalJSON(bytes []byte) (err error) {
+	varBrandDefaultApp := _BrandDefaultApp{}
+
+	err = json.Unmarshal(bytes, &varBrandDefaultApp)
+	if err == nil {
+		*o = BrandDefaultApp(varBrandDefaultApp)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "appInstanceId")
+		delete(additionalProperties, "appLinkName")
+		delete(additionalProperties, "classicApplicationUri")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrandDefaultApp struct {
+	value *BrandDefaultApp
+	isSet bool
+}
+
+func (v NullableBrandDefaultApp) Get() *BrandDefaultApp {
+	return v.value
+}
+
+func (v *NullableBrandDefaultApp) Set(val *BrandDefaultApp) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrandDefaultApp) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrandDefaultApp) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrandDefaultApp(val *BrandDefaultApp) *NullableBrandDefaultApp {
+	return &NullableBrandDefaultApp{value: val, isSet: true}
+}
+
+func (v NullableBrandDefaultApp) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrandDefaultApp) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_brand_domain.go b/okta/model_brand_domain.go
new file mode 100644
index 000000000..9c14a8f73
--- /dev/null
+++ b/okta/model_brand_domain.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BrandDomain struct for BrandDomain
+type BrandDomain struct {
+	DomainId             *string           `json:"domainId,omitempty"`
+	Links                *BrandDomainLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BrandDomain BrandDomain
+
+// NewBrandDomain instantiates a new BrandDomain object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrandDomain() *BrandDomain {
+	this := BrandDomain{}
+	return &this
+}
+
+// NewBrandDomainWithDefaults instantiates a new BrandDomain object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrandDomainWithDefaults() *BrandDomain {
+	this := BrandDomain{}
+	return &this
+}
+
+// GetDomainId returns the DomainId field value if set, zero value otherwise.
+func (o *BrandDomain) GetDomainId() string {
+	if o == nil || o.DomainId == nil {
+		var ret string
+		return ret
+	}
+	return *o.DomainId
+}
+
+// GetDomainIdOk returns a tuple with the DomainId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDomain) GetDomainIdOk() (*string, bool) {
+	if o == nil || o.DomainId == nil {
+		return nil, false
+	}
+	return o.DomainId, true
+}
+
+// HasDomainId returns a boolean if a field has been set.
+func (o *BrandDomain) HasDomainId() bool {
+	if o != nil && o.DomainId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomainId gets a reference to the given string and assigns it to the DomainId field.
+func (o *BrandDomain) SetDomainId(v string) {
+	o.DomainId = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *BrandDomain) GetLinks() BrandDomainLinks {
+	if o == nil || o.Links == nil {
+		var ret BrandDomainLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDomain) GetLinksOk() (*BrandDomainLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *BrandDomain) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given BrandDomainLinks and assigns it to the Links field.
+func (o *BrandDomain) SetLinks(v BrandDomainLinks) {
+	o.Links = &v
+}
+
+func (o BrandDomain) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DomainId != nil {
+		toSerialize["domainId"] = o.DomainId
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BrandDomain) UnmarshalJSON(bytes []byte) (err error) {
+	varBrandDomain := _BrandDomain{}
+
+	err = json.Unmarshal(bytes, &varBrandDomain)
+	if err == nil {
+		*o = BrandDomain(varBrandDomain)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "domainId")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrandDomain struct {
+	value *BrandDomain
+	isSet bool
+}
+
+func (v NullableBrandDomain) Get() *BrandDomain {
+	return v.value
+}
+
+func (v *NullableBrandDomain) Set(val *BrandDomain) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrandDomain) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrandDomain) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrandDomain(val *BrandDomain) *NullableBrandDomain {
+	return &NullableBrandDomain{value: val, isSet: true}
+}
+
+func (v NullableBrandDomain) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrandDomain) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_brand_domain__links.go b/okta/model_brand_domain__links.go
new file mode 100644
index 000000000..63b3f6703
--- /dev/null
+++ b/okta/model_brand_domain__links.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BrandDomainLinks Links to resources related to this brand domain
+type BrandDomainLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Brand                *HrefObject `json:"brand,omitempty"`
+	Domain               *HrefObject `json:"domain,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BrandDomainLinks BrandDomainLinks
+
+// NewBrandDomainLinks instantiates a new BrandDomainLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrandDomainLinks() *BrandDomainLinks {
+	this := BrandDomainLinks{}
+	return &this
+}
+
+// NewBrandDomainLinksWithDefaults instantiates a new BrandDomainLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrandDomainLinksWithDefaults() *BrandDomainLinks {
+	this := BrandDomainLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *BrandDomainLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDomainLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *BrandDomainLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *BrandDomainLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetBrand returns the Brand field value if set, zero value otherwise.
+func (o *BrandDomainLinks) GetBrand() HrefObject {
+	if o == nil || o.Brand == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Brand
+}
+
+// GetBrandOk returns a tuple with the Brand field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDomainLinks) GetBrandOk() (*HrefObject, bool) {
+	if o == nil || o.Brand == nil {
+		return nil, false
+	}
+	return o.Brand, true
+}
+
+// HasBrand returns a boolean if a field has been set.
+func (o *BrandDomainLinks) HasBrand() bool {
+	if o != nil && o.Brand != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrand gets a reference to the given HrefObject and assigns it to the Brand field.
+func (o *BrandDomainLinks) SetBrand(v HrefObject) {
+	o.Brand = &v
+}
+
+// GetDomain returns the Domain field value if set, zero value otherwise.
+func (o *BrandDomainLinks) GetDomain() HrefObject {
+	if o == nil || o.Domain == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Domain
+}
+
+// GetDomainOk returns a tuple with the Domain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandDomainLinks) GetDomainOk() (*HrefObject, bool) {
+	if o == nil || o.Domain == nil {
+		return nil, false
+	}
+	return o.Domain, true
+}
+
+// HasDomain returns a boolean if a field has been set.
+func (o *BrandDomainLinks) HasDomain() bool {
+	if o != nil && o.Domain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomain gets a reference to the given HrefObject and assigns it to the Domain field.
+func (o *BrandDomainLinks) SetDomain(v HrefObject) {
+	o.Domain = &v
+}
+
+func (o BrandDomainLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Brand != nil {
+		toSerialize["brand"] = o.Brand
+	}
+	if o.Domain != nil {
+		toSerialize["domain"] = o.Domain
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BrandDomainLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varBrandDomainLinks := _BrandDomainLinks{}
+
+	err = json.Unmarshal(bytes, &varBrandDomainLinks)
+	if err == nil {
+		*o = BrandDomainLinks(varBrandDomainLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "brand")
+		delete(additionalProperties, "domain")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrandDomainLinks struct {
+	value *BrandDomainLinks
+	isSet bool
+}
+
+func (v NullableBrandDomainLinks) Get() *BrandDomainLinks {
+	return v.value
+}
+
+func (v *NullableBrandDomainLinks) Set(val *BrandDomainLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrandDomainLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrandDomainLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrandDomainLinks(val *BrandDomainLinks) *NullableBrandDomainLinks {
+	return &NullableBrandDomainLinks{value: val, isSet: true}
+}
+
+func (v NullableBrandDomainLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrandDomainLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_brand_request.go b/okta/model_brand_request.go
new file mode 100644
index 000000000..7357c03f2
--- /dev/null
+++ b/okta/model_brand_request.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BrandRequest struct for BrandRequest
+type BrandRequest struct {
+	AgreeToCustomPrivacyPolicy *bool   `json:"agreeToCustomPrivacyPolicy,omitempty"`
+	CustomPrivacyPolicyUrl     *string `json:"customPrivacyPolicyUrl,omitempty"`
+	Name                       *string `json:"name,omitempty"`
+	RemovePoweredByOkta        *bool   `json:"removePoweredByOkta,omitempty"`
+	AdditionalProperties       map[string]interface{}
+}
+
+type _BrandRequest BrandRequest
+
+// NewBrandRequest instantiates a new BrandRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrandRequest() *BrandRequest {
+	this := BrandRequest{}
+	return &this
+}
+
+// NewBrandRequestWithDefaults instantiates a new BrandRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrandRequestWithDefaults() *BrandRequest {
+	this := BrandRequest{}
+	return &this
+}
+
+// GetAgreeToCustomPrivacyPolicy returns the AgreeToCustomPrivacyPolicy field value if set, zero value otherwise.
+func (o *BrandRequest) GetAgreeToCustomPrivacyPolicy() bool {
+	if o == nil || o.AgreeToCustomPrivacyPolicy == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AgreeToCustomPrivacyPolicy
+}
+
+// GetAgreeToCustomPrivacyPolicyOk returns a tuple with the AgreeToCustomPrivacyPolicy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandRequest) GetAgreeToCustomPrivacyPolicyOk() (*bool, bool) {
+	if o == nil || o.AgreeToCustomPrivacyPolicy == nil {
+		return nil, false
+	}
+	return o.AgreeToCustomPrivacyPolicy, true
+}
+
+// HasAgreeToCustomPrivacyPolicy returns a boolean if a field has been set.
+func (o *BrandRequest) HasAgreeToCustomPrivacyPolicy() bool {
+	if o != nil && o.AgreeToCustomPrivacyPolicy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAgreeToCustomPrivacyPolicy gets a reference to the given bool and assigns it to the AgreeToCustomPrivacyPolicy field.
+func (o *BrandRequest) SetAgreeToCustomPrivacyPolicy(v bool) {
+	o.AgreeToCustomPrivacyPolicy = &v
+}
+
+// GetCustomPrivacyPolicyUrl returns the CustomPrivacyPolicyUrl field value if set, zero value otherwise.
+func (o *BrandRequest) GetCustomPrivacyPolicyUrl() string {
+	if o == nil || o.CustomPrivacyPolicyUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.CustomPrivacyPolicyUrl
+}
+
+// GetCustomPrivacyPolicyUrlOk returns a tuple with the CustomPrivacyPolicyUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandRequest) GetCustomPrivacyPolicyUrlOk() (*string, bool) {
+	if o == nil || o.CustomPrivacyPolicyUrl == nil {
+		return nil, false
+	}
+	return o.CustomPrivacyPolicyUrl, true
+}
+
+// HasCustomPrivacyPolicyUrl returns a boolean if a field has been set.
+func (o *BrandRequest) HasCustomPrivacyPolicyUrl() bool {
+	if o != nil && o.CustomPrivacyPolicyUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomPrivacyPolicyUrl gets a reference to the given string and assigns it to the CustomPrivacyPolicyUrl field.
+func (o *BrandRequest) SetCustomPrivacyPolicyUrl(v string) {
+	o.CustomPrivacyPolicyUrl = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *BrandRequest) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandRequest) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *BrandRequest) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *BrandRequest) SetName(v string) {
+	o.Name = &v
+}
+
+// GetRemovePoweredByOkta returns the RemovePoweredByOkta field value if set, zero value otherwise.
+func (o *BrandRequest) GetRemovePoweredByOkta() bool {
+	if o == nil || o.RemovePoweredByOkta == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RemovePoweredByOkta
+}
+
+// GetRemovePoweredByOktaOk returns a tuple with the RemovePoweredByOkta field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrandRequest) GetRemovePoweredByOktaOk() (*bool, bool) {
+	if o == nil || o.RemovePoweredByOkta == nil {
+		return nil, false
+	}
+	return o.RemovePoweredByOkta, true
+}
+
+// HasRemovePoweredByOkta returns a boolean if a field has been set.
+func (o *BrandRequest) HasRemovePoweredByOkta() bool {
+	if o != nil && o.RemovePoweredByOkta != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRemovePoweredByOkta gets a reference to the given bool and assigns it to the RemovePoweredByOkta field.
+func (o *BrandRequest) SetRemovePoweredByOkta(v bool) {
+	o.RemovePoweredByOkta = &v
+}
+
+func (o BrandRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AgreeToCustomPrivacyPolicy != nil {
+		toSerialize["agreeToCustomPrivacyPolicy"] = o.AgreeToCustomPrivacyPolicy
+	}
+	if o.CustomPrivacyPolicyUrl != nil {
+		toSerialize["customPrivacyPolicyUrl"] = o.CustomPrivacyPolicyUrl
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.RemovePoweredByOkta != nil {
+		toSerialize["removePoweredByOkta"] = o.RemovePoweredByOkta
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BrandRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varBrandRequest := _BrandRequest{}
+
+	err = json.Unmarshal(bytes, &varBrandRequest)
+	if err == nil {
+		*o = BrandRequest(varBrandRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "agreeToCustomPrivacyPolicy")
+		delete(additionalProperties, "customPrivacyPolicyUrl")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "removePoweredByOkta")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrandRequest struct {
+	value *BrandRequest
+	isSet bool
+}
+
+func (v NullableBrandRequest) Get() *BrandRequest {
+	return v.value
+}
+
+func (v *NullableBrandRequest) Set(val *BrandRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrandRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrandRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrandRequest(val *BrandRequest) *NullableBrandRequest {
+	return &NullableBrandRequest{value: val, isSet: true}
+}
+
+func (v NullableBrandRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrandRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_browser_plugin_application.go b/okta/model_browser_plugin_application.go
new file mode 100644
index 000000000..e9263c858
--- /dev/null
+++ b/okta/model_browser_plugin_application.go
@@ -0,0 +1,281 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// BrowserPluginApplication struct for BrowserPluginApplication
+type BrowserPluginApplication struct {
+	Application
+	Credentials          *SchemeApplicationCredentials `json:"credentials,omitempty"`
+	Name                 *string                       `json:"name,omitempty"`
+	Settings             *SwaApplicationSettings       `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BrowserPluginApplication BrowserPluginApplication
+
+// NewBrowserPluginApplication instantiates a new BrowserPluginApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrowserPluginApplication() *BrowserPluginApplication {
+	this := BrowserPluginApplication{}
+	return &this
+}
+
+// NewBrowserPluginApplicationWithDefaults instantiates a new BrowserPluginApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrowserPluginApplicationWithDefaults() *BrowserPluginApplication {
+	this := BrowserPluginApplication{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *BrowserPluginApplication) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrowserPluginApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *BrowserPluginApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *BrowserPluginApplication) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *BrowserPluginApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrowserPluginApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *BrowserPluginApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *BrowserPluginApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BrowserPluginApplication) GetSettings() SwaApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret SwaApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrowserPluginApplication) GetSettingsOk() (*SwaApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BrowserPluginApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given SwaApplicationSettings and assigns it to the Settings field.
+func (o *BrowserPluginApplication) SetSettings(v SwaApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o BrowserPluginApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BrowserPluginApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type BrowserPluginApplicationWithoutEmbeddedStruct struct {
+		Credentials *SchemeApplicationCredentials `json:"credentials,omitempty"`
+		Name        *string                       `json:"name,omitempty"`
+		Settings    *SwaApplicationSettings       `json:"settings,omitempty"`
+	}
+
+	varBrowserPluginApplicationWithoutEmbeddedStruct := BrowserPluginApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varBrowserPluginApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varBrowserPluginApplication := _BrowserPluginApplication{}
+		varBrowserPluginApplication.Credentials = varBrowserPluginApplicationWithoutEmbeddedStruct.Credentials
+		varBrowserPluginApplication.Name = varBrowserPluginApplicationWithoutEmbeddedStruct.Name
+		varBrowserPluginApplication.Settings = varBrowserPluginApplicationWithoutEmbeddedStruct.Settings
+		*o = BrowserPluginApplication(varBrowserPluginApplication)
+	} else {
+		return err
+	}
+
+	varBrowserPluginApplication := _BrowserPluginApplication{}
+
+	err = json.Unmarshal(bytes, &varBrowserPluginApplication)
+	if err == nil {
+		o.Application = varBrowserPluginApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrowserPluginApplication struct {
+	value *BrowserPluginApplication
+	isSet bool
+}
+
+func (v NullableBrowserPluginApplication) Get() *BrowserPluginApplication {
+	return v.value
+}
+
+func (v *NullableBrowserPluginApplication) Set(val *BrowserPluginApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrowserPluginApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrowserPluginApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrowserPluginApplication(val *BrowserPluginApplication) *NullableBrowserPluginApplication {
+	return &NullableBrowserPluginApplication{value: val, isSet: true}
+}
+
+func (v NullableBrowserPluginApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrowserPluginApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_browser_plugin_application_all_of.go b/okta/model_browser_plugin_application_all_of.go
new file mode 100644
index 000000000..78bb70b78
--- /dev/null
+++ b/okta/model_browser_plugin_application_all_of.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BrowserPluginApplicationAllOf struct for BrowserPluginApplicationAllOf
+type BrowserPluginApplicationAllOf struct {
+	Credentials          *SchemeApplicationCredentials `json:"credentials,omitempty"`
+	Name                 *string                       `json:"name,omitempty"`
+	Settings             *SwaApplicationSettings       `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BrowserPluginApplicationAllOf BrowserPluginApplicationAllOf
+
+// NewBrowserPluginApplicationAllOf instantiates a new BrowserPluginApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBrowserPluginApplicationAllOf() *BrowserPluginApplicationAllOf {
+	this := BrowserPluginApplicationAllOf{}
+	return &this
+}
+
+// NewBrowserPluginApplicationAllOfWithDefaults instantiates a new BrowserPluginApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBrowserPluginApplicationAllOfWithDefaults() *BrowserPluginApplicationAllOf {
+	this := BrowserPluginApplicationAllOf{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *BrowserPluginApplicationAllOf) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrowserPluginApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *BrowserPluginApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *BrowserPluginApplicationAllOf) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *BrowserPluginApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrowserPluginApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *BrowserPluginApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *BrowserPluginApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *BrowserPluginApplicationAllOf) GetSettings() SwaApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret SwaApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BrowserPluginApplicationAllOf) GetSettingsOk() (*SwaApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *BrowserPluginApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given SwaApplicationSettings and assigns it to the Settings field.
+func (o *BrowserPluginApplicationAllOf) SetSettings(v SwaApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o BrowserPluginApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BrowserPluginApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varBrowserPluginApplicationAllOf := _BrowserPluginApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varBrowserPluginApplicationAllOf)
+	if err == nil {
+		*o = BrowserPluginApplicationAllOf(varBrowserPluginApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBrowserPluginApplicationAllOf struct {
+	value *BrowserPluginApplicationAllOf
+	isSet bool
+}
+
+func (v NullableBrowserPluginApplicationAllOf) Get() *BrowserPluginApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableBrowserPluginApplicationAllOf) Set(val *BrowserPluginApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBrowserPluginApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBrowserPluginApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBrowserPluginApplicationAllOf(val *BrowserPluginApplicationAllOf) *NullableBrowserPluginApplicationAllOf {
+	return &NullableBrowserPluginApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableBrowserPluginApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBrowserPluginApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bulk_delete_request_body.go b/okta/model_bulk_delete_request_body.go
new file mode 100644
index 000000000..7dd60e2ef
--- /dev/null
+++ b/okta/model_bulk_delete_request_body.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BulkDeleteRequestBody struct for BulkDeleteRequestBody
+type BulkDeleteRequestBody struct {
+	EntityType           *string                              `json:"entityType,omitempty"`
+	Profiles             []IdentitySourceUserProfileForDelete `json:"profiles,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BulkDeleteRequestBody BulkDeleteRequestBody
+
+// NewBulkDeleteRequestBody instantiates a new BulkDeleteRequestBody object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBulkDeleteRequestBody() *BulkDeleteRequestBody {
+	this := BulkDeleteRequestBody{}
+	return &this
+}
+
+// NewBulkDeleteRequestBodyWithDefaults instantiates a new BulkDeleteRequestBody object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBulkDeleteRequestBodyWithDefaults() *BulkDeleteRequestBody {
+	this := BulkDeleteRequestBody{}
+	return &this
+}
+
+// GetEntityType returns the EntityType field value if set, zero value otherwise.
+func (o *BulkDeleteRequestBody) GetEntityType() string {
+	if o == nil || o.EntityType == nil {
+		var ret string
+		return ret
+	}
+	return *o.EntityType
+}
+
+// GetEntityTypeOk returns a tuple with the EntityType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BulkDeleteRequestBody) GetEntityTypeOk() (*string, bool) {
+	if o == nil || o.EntityType == nil {
+		return nil, false
+	}
+	return o.EntityType, true
+}
+
+// HasEntityType returns a boolean if a field has been set.
+func (o *BulkDeleteRequestBody) HasEntityType() bool {
+	if o != nil && o.EntityType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEntityType gets a reference to the given string and assigns it to the EntityType field.
+func (o *BulkDeleteRequestBody) SetEntityType(v string) {
+	o.EntityType = &v
+}
+
+// GetProfiles returns the Profiles field value if set, zero value otherwise.
+func (o *BulkDeleteRequestBody) GetProfiles() []IdentitySourceUserProfileForDelete {
+	if o == nil || o.Profiles == nil {
+		var ret []IdentitySourceUserProfileForDelete
+		return ret
+	}
+	return o.Profiles
+}
+
+// GetProfilesOk returns a tuple with the Profiles field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BulkDeleteRequestBody) GetProfilesOk() ([]IdentitySourceUserProfileForDelete, bool) {
+	if o == nil || o.Profiles == nil {
+		return nil, false
+	}
+	return o.Profiles, true
+}
+
+// HasProfiles returns a boolean if a field has been set.
+func (o *BulkDeleteRequestBody) HasProfiles() bool {
+	if o != nil && o.Profiles != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfiles gets a reference to the given []IdentitySourceUserProfileForDelete and assigns it to the Profiles field.
+func (o *BulkDeleteRequestBody) SetProfiles(v []IdentitySourceUserProfileForDelete) {
+	o.Profiles = v
+}
+
+func (o BulkDeleteRequestBody) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.EntityType != nil {
+		toSerialize["entityType"] = o.EntityType
+	}
+	if o.Profiles != nil {
+		toSerialize["profiles"] = o.Profiles
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BulkDeleteRequestBody) UnmarshalJSON(bytes []byte) (err error) {
+	varBulkDeleteRequestBody := _BulkDeleteRequestBody{}
+
+	err = json.Unmarshal(bytes, &varBulkDeleteRequestBody)
+	if err == nil {
+		*o = BulkDeleteRequestBody(varBulkDeleteRequestBody)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "entityType")
+		delete(additionalProperties, "profiles")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBulkDeleteRequestBody struct {
+	value *BulkDeleteRequestBody
+	isSet bool
+}
+
+func (v NullableBulkDeleteRequestBody) Get() *BulkDeleteRequestBody {
+	return v.value
+}
+
+func (v *NullableBulkDeleteRequestBody) Set(val *BulkDeleteRequestBody) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBulkDeleteRequestBody) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBulkDeleteRequestBody) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBulkDeleteRequestBody(val *BulkDeleteRequestBody) *NullableBulkDeleteRequestBody {
+	return &NullableBulkDeleteRequestBody{value: val, isSet: true}
+}
+
+func (v NullableBulkDeleteRequestBody) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBulkDeleteRequestBody) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_bulk_upsert_request_body.go b/okta/model_bulk_upsert_request_body.go
new file mode 100644
index 000000000..8d69a14f8
--- /dev/null
+++ b/okta/model_bulk_upsert_request_body.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// BulkUpsertRequestBody struct for BulkUpsertRequestBody
+type BulkUpsertRequestBody struct {
+	EntityType           *string                              `json:"entityType,omitempty"`
+	Profiles             []IdentitySourceUserProfileForUpsert `json:"profiles,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _BulkUpsertRequestBody BulkUpsertRequestBody
+
+// NewBulkUpsertRequestBody instantiates a new BulkUpsertRequestBody object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBulkUpsertRequestBody() *BulkUpsertRequestBody {
+	this := BulkUpsertRequestBody{}
+	return &this
+}
+
+// NewBulkUpsertRequestBodyWithDefaults instantiates a new BulkUpsertRequestBody object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBulkUpsertRequestBodyWithDefaults() *BulkUpsertRequestBody {
+	this := BulkUpsertRequestBody{}
+	return &this
+}
+
+// GetEntityType returns the EntityType field value if set, zero value otherwise.
+func (o *BulkUpsertRequestBody) GetEntityType() string {
+	if o == nil || o.EntityType == nil {
+		var ret string
+		return ret
+	}
+	return *o.EntityType
+}
+
+// GetEntityTypeOk returns a tuple with the EntityType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BulkUpsertRequestBody) GetEntityTypeOk() (*string, bool) {
+	if o == nil || o.EntityType == nil {
+		return nil, false
+	}
+	return o.EntityType, true
+}
+
+// HasEntityType returns a boolean if a field has been set.
+func (o *BulkUpsertRequestBody) HasEntityType() bool {
+	if o != nil && o.EntityType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEntityType gets a reference to the given string and assigns it to the EntityType field.
+func (o *BulkUpsertRequestBody) SetEntityType(v string) {
+	o.EntityType = &v
+}
+
+// GetProfiles returns the Profiles field value if set, zero value otherwise.
+func (o *BulkUpsertRequestBody) GetProfiles() []IdentitySourceUserProfileForUpsert {
+	if o == nil || o.Profiles == nil {
+		var ret []IdentitySourceUserProfileForUpsert
+		return ret
+	}
+	return o.Profiles
+}
+
+// GetProfilesOk returns a tuple with the Profiles field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BulkUpsertRequestBody) GetProfilesOk() ([]IdentitySourceUserProfileForUpsert, bool) {
+	if o == nil || o.Profiles == nil {
+		return nil, false
+	}
+	return o.Profiles, true
+}
+
+// HasProfiles returns a boolean if a field has been set.
+func (o *BulkUpsertRequestBody) HasProfiles() bool {
+	if o != nil && o.Profiles != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfiles gets a reference to the given []IdentitySourceUserProfileForUpsert and assigns it to the Profiles field.
+func (o *BulkUpsertRequestBody) SetProfiles(v []IdentitySourceUserProfileForUpsert) {
+	o.Profiles = v
+}
+
+func (o BulkUpsertRequestBody) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.EntityType != nil {
+		toSerialize["entityType"] = o.EntityType
+	}
+	if o.Profiles != nil {
+		toSerialize["profiles"] = o.Profiles
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *BulkUpsertRequestBody) UnmarshalJSON(bytes []byte) (err error) {
+	varBulkUpsertRequestBody := _BulkUpsertRequestBody{}
+
+	err = json.Unmarshal(bytes, &varBulkUpsertRequestBody)
+	if err == nil {
+		*o = BulkUpsertRequestBody(varBulkUpsertRequestBody)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "entityType")
+		delete(additionalProperties, "profiles")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableBulkUpsertRequestBody struct {
+	value *BulkUpsertRequestBody
+	isSet bool
+}
+
+func (v NullableBulkUpsertRequestBody) Get() *BulkUpsertRequestBody {
+	return v.value
+}
+
+func (v *NullableBulkUpsertRequestBody) Set(val *BulkUpsertRequestBody) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBulkUpsertRequestBody) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBulkUpsertRequestBody) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBulkUpsertRequestBody(val *BulkUpsertRequestBody) *NullableBulkUpsertRequestBody {
+	return &NullableBulkUpsertRequestBody{value: val, isSet: true}
+}
+
+func (v NullableBulkUpsertRequestBody) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBulkUpsertRequestBody) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_call_user_factor.go b/okta/model_call_user_factor.go
new file mode 100644
index 000000000..5c58a4bf8
--- /dev/null
+++ b/okta/model_call_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// CallUserFactor struct for CallUserFactor
+type CallUserFactor struct {
+	UserFactor
+	Profile              *CallUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CallUserFactor CallUserFactor
+
+// NewCallUserFactor instantiates a new CallUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCallUserFactor() *CallUserFactor {
+	this := CallUserFactor{}
+	return &this
+}
+
+// NewCallUserFactorWithDefaults instantiates a new CallUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCallUserFactorWithDefaults() *CallUserFactor {
+	this := CallUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *CallUserFactor) GetProfile() CallUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret CallUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CallUserFactor) GetProfileOk() (*CallUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *CallUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given CallUserFactorProfile and assigns it to the Profile field.
+func (o *CallUserFactor) SetProfile(v CallUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o CallUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CallUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type CallUserFactorWithoutEmbeddedStruct struct {
+		Profile *CallUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varCallUserFactorWithoutEmbeddedStruct := CallUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varCallUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varCallUserFactor := _CallUserFactor{}
+		varCallUserFactor.Profile = varCallUserFactorWithoutEmbeddedStruct.Profile
+		*o = CallUserFactor(varCallUserFactor)
+	} else {
+		return err
+	}
+
+	varCallUserFactor := _CallUserFactor{}
+
+	err = json.Unmarshal(bytes, &varCallUserFactor)
+	if err == nil {
+		o.UserFactor = varCallUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCallUserFactor struct {
+	value *CallUserFactor
+	isSet bool
+}
+
+func (v NullableCallUserFactor) Get() *CallUserFactor {
+	return v.value
+}
+
+func (v *NullableCallUserFactor) Set(val *CallUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCallUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCallUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCallUserFactor(val *CallUserFactor) *NullableCallUserFactor {
+	return &NullableCallUserFactor{value: val, isSet: true}
+}
+
+func (v NullableCallUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCallUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_call_user_factor_all_of.go b/okta/model_call_user_factor_all_of.go
new file mode 100644
index 000000000..401e64376
--- /dev/null
+++ b/okta/model_call_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CallUserFactorAllOf struct for CallUserFactorAllOf
+type CallUserFactorAllOf struct {
+	Profile              *CallUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CallUserFactorAllOf CallUserFactorAllOf
+
+// NewCallUserFactorAllOf instantiates a new CallUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCallUserFactorAllOf() *CallUserFactorAllOf {
+	this := CallUserFactorAllOf{}
+	return &this
+}
+
+// NewCallUserFactorAllOfWithDefaults instantiates a new CallUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCallUserFactorAllOfWithDefaults() *CallUserFactorAllOf {
+	this := CallUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *CallUserFactorAllOf) GetProfile() CallUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret CallUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CallUserFactorAllOf) GetProfileOk() (*CallUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *CallUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given CallUserFactorProfile and assigns it to the Profile field.
+func (o *CallUserFactorAllOf) SetProfile(v CallUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o CallUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CallUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varCallUserFactorAllOf := _CallUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varCallUserFactorAllOf)
+	if err == nil {
+		*o = CallUserFactorAllOf(varCallUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCallUserFactorAllOf struct {
+	value *CallUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableCallUserFactorAllOf) Get() *CallUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableCallUserFactorAllOf) Set(val *CallUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCallUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCallUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCallUserFactorAllOf(val *CallUserFactorAllOf) *NullableCallUserFactorAllOf {
+	return &NullableCallUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableCallUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCallUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_call_user_factor_profile.go b/okta/model_call_user_factor_profile.go
new file mode 100644
index 000000000..04a5a9b43
--- /dev/null
+++ b/okta/model_call_user_factor_profile.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CallUserFactorProfile struct for CallUserFactorProfile
+type CallUserFactorProfile struct {
+	PhoneExtension       *string `json:"phoneExtension,omitempty"`
+	PhoneNumber          *string `json:"phoneNumber,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CallUserFactorProfile CallUserFactorProfile
+
+// NewCallUserFactorProfile instantiates a new CallUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCallUserFactorProfile() *CallUserFactorProfile {
+	this := CallUserFactorProfile{}
+	return &this
+}
+
+// NewCallUserFactorProfileWithDefaults instantiates a new CallUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCallUserFactorProfileWithDefaults() *CallUserFactorProfile {
+	this := CallUserFactorProfile{}
+	return &this
+}
+
+// GetPhoneExtension returns the PhoneExtension field value if set, zero value otherwise.
+func (o *CallUserFactorProfile) GetPhoneExtension() string {
+	if o == nil || o.PhoneExtension == nil {
+		var ret string
+		return ret
+	}
+	return *o.PhoneExtension
+}
+
+// GetPhoneExtensionOk returns a tuple with the PhoneExtension field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CallUserFactorProfile) GetPhoneExtensionOk() (*string, bool) {
+	if o == nil || o.PhoneExtension == nil {
+		return nil, false
+	}
+	return o.PhoneExtension, true
+}
+
+// HasPhoneExtension returns a boolean if a field has been set.
+func (o *CallUserFactorProfile) HasPhoneExtension() bool {
+	if o != nil && o.PhoneExtension != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPhoneExtension gets a reference to the given string and assigns it to the PhoneExtension field.
+func (o *CallUserFactorProfile) SetPhoneExtension(v string) {
+	o.PhoneExtension = &v
+}
+
+// GetPhoneNumber returns the PhoneNumber field value if set, zero value otherwise.
+func (o *CallUserFactorProfile) GetPhoneNumber() string {
+	if o == nil || o.PhoneNumber == nil {
+		var ret string
+		return ret
+	}
+	return *o.PhoneNumber
+}
+
+// GetPhoneNumberOk returns a tuple with the PhoneNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CallUserFactorProfile) GetPhoneNumberOk() (*string, bool) {
+	if o == nil || o.PhoneNumber == nil {
+		return nil, false
+	}
+	return o.PhoneNumber, true
+}
+
+// HasPhoneNumber returns a boolean if a field has been set.
+func (o *CallUserFactorProfile) HasPhoneNumber() bool {
+	if o != nil && o.PhoneNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPhoneNumber gets a reference to the given string and assigns it to the PhoneNumber field.
+func (o *CallUserFactorProfile) SetPhoneNumber(v string) {
+	o.PhoneNumber = &v
+}
+
+func (o CallUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.PhoneExtension != nil {
+		toSerialize["phoneExtension"] = o.PhoneExtension
+	}
+	if o.PhoneNumber != nil {
+		toSerialize["phoneNumber"] = o.PhoneNumber
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CallUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varCallUserFactorProfile := _CallUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varCallUserFactorProfile)
+	if err == nil {
+		*o = CallUserFactorProfile(varCallUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "phoneExtension")
+		delete(additionalProperties, "phoneNumber")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCallUserFactorProfile struct {
+	value *CallUserFactorProfile
+	isSet bool
+}
+
+func (v NullableCallUserFactorProfile) Get() *CallUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableCallUserFactorProfile) Set(val *CallUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCallUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCallUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCallUserFactorProfile(val *CallUserFactorProfile) *NullableCallUserFactorProfile {
+	return &NullableCallUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableCallUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCallUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_capabilities_create_object.go b/okta/model_capabilities_create_object.go
new file mode 100644
index 000000000..ac89125b3
--- /dev/null
+++ b/okta/model_capabilities_create_object.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CapabilitiesCreateObject struct for CapabilitiesCreateObject
+type CapabilitiesCreateObject struct {
+	LifecycleCreate      *LifecycleCreateSettingObject `json:"lifecycleCreate,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CapabilitiesCreateObject CapabilitiesCreateObject
+
+// NewCapabilitiesCreateObject instantiates a new CapabilitiesCreateObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCapabilitiesCreateObject() *CapabilitiesCreateObject {
+	this := CapabilitiesCreateObject{}
+	return &this
+}
+
+// NewCapabilitiesCreateObjectWithDefaults instantiates a new CapabilitiesCreateObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCapabilitiesCreateObjectWithDefaults() *CapabilitiesCreateObject {
+	this := CapabilitiesCreateObject{}
+	return &this
+}
+
+// GetLifecycleCreate returns the LifecycleCreate field value if set, zero value otherwise.
+func (o *CapabilitiesCreateObject) GetLifecycleCreate() LifecycleCreateSettingObject {
+	if o == nil || o.LifecycleCreate == nil {
+		var ret LifecycleCreateSettingObject
+		return ret
+	}
+	return *o.LifecycleCreate
+}
+
+// GetLifecycleCreateOk returns a tuple with the LifecycleCreate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CapabilitiesCreateObject) GetLifecycleCreateOk() (*LifecycleCreateSettingObject, bool) {
+	if o == nil || o.LifecycleCreate == nil {
+		return nil, false
+	}
+	return o.LifecycleCreate, true
+}
+
+// HasLifecycleCreate returns a boolean if a field has been set.
+func (o *CapabilitiesCreateObject) HasLifecycleCreate() bool {
+	if o != nil && o.LifecycleCreate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLifecycleCreate gets a reference to the given LifecycleCreateSettingObject and assigns it to the LifecycleCreate field.
+func (o *CapabilitiesCreateObject) SetLifecycleCreate(v LifecycleCreateSettingObject) {
+	o.LifecycleCreate = &v
+}
+
+func (o CapabilitiesCreateObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.LifecycleCreate != nil {
+		toSerialize["lifecycleCreate"] = o.LifecycleCreate
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CapabilitiesCreateObject) UnmarshalJSON(bytes []byte) (err error) {
+	varCapabilitiesCreateObject := _CapabilitiesCreateObject{}
+
+	err = json.Unmarshal(bytes, &varCapabilitiesCreateObject)
+	if err == nil {
+		*o = CapabilitiesCreateObject(varCapabilitiesCreateObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "lifecycleCreate")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCapabilitiesCreateObject struct {
+	value *CapabilitiesCreateObject
+	isSet bool
+}
+
+func (v NullableCapabilitiesCreateObject) Get() *CapabilitiesCreateObject {
+	return v.value
+}
+
+func (v *NullableCapabilitiesCreateObject) Set(val *CapabilitiesCreateObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCapabilitiesCreateObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCapabilitiesCreateObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCapabilitiesCreateObject(val *CapabilitiesCreateObject) *NullableCapabilitiesCreateObject {
+	return &NullableCapabilitiesCreateObject{value: val, isSet: true}
+}
+
+func (v NullableCapabilitiesCreateObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCapabilitiesCreateObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_capabilities_object.go b/okta/model_capabilities_object.go
new file mode 100644
index 000000000..c214a7b20
--- /dev/null
+++ b/okta/model_capabilities_object.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CapabilitiesObject struct for CapabilitiesObject
+type CapabilitiesObject struct {
+	Create               *CapabilitiesCreateObject `json:"create,omitempty"`
+	Update               *CapabilitiesUpdateObject `json:"update,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CapabilitiesObject CapabilitiesObject
+
+// NewCapabilitiesObject instantiates a new CapabilitiesObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCapabilitiesObject() *CapabilitiesObject {
+	this := CapabilitiesObject{}
+	return &this
+}
+
+// NewCapabilitiesObjectWithDefaults instantiates a new CapabilitiesObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCapabilitiesObjectWithDefaults() *CapabilitiesObject {
+	this := CapabilitiesObject{}
+	return &this
+}
+
+// GetCreate returns the Create field value if set, zero value otherwise.
+func (o *CapabilitiesObject) GetCreate() CapabilitiesCreateObject {
+	if o == nil || o.Create == nil {
+		var ret CapabilitiesCreateObject
+		return ret
+	}
+	return *o.Create
+}
+
+// GetCreateOk returns a tuple with the Create field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CapabilitiesObject) GetCreateOk() (*CapabilitiesCreateObject, bool) {
+	if o == nil || o.Create == nil {
+		return nil, false
+	}
+	return o.Create, true
+}
+
+// HasCreate returns a boolean if a field has been set.
+func (o *CapabilitiesObject) HasCreate() bool {
+	if o != nil && o.Create != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreate gets a reference to the given CapabilitiesCreateObject and assigns it to the Create field.
+func (o *CapabilitiesObject) SetCreate(v CapabilitiesCreateObject) {
+	o.Create = &v
+}
+
+// GetUpdate returns the Update field value if set, zero value otherwise.
+func (o *CapabilitiesObject) GetUpdate() CapabilitiesUpdateObject {
+	if o == nil || o.Update == nil {
+		var ret CapabilitiesUpdateObject
+		return ret
+	}
+	return *o.Update
+}
+
+// GetUpdateOk returns a tuple with the Update field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CapabilitiesObject) GetUpdateOk() (*CapabilitiesUpdateObject, bool) {
+	if o == nil || o.Update == nil {
+		return nil, false
+	}
+	return o.Update, true
+}
+
+// HasUpdate returns a boolean if a field has been set.
+func (o *CapabilitiesObject) HasUpdate() bool {
+	if o != nil && o.Update != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUpdate gets a reference to the given CapabilitiesUpdateObject and assigns it to the Update field.
+func (o *CapabilitiesObject) SetUpdate(v CapabilitiesUpdateObject) {
+	o.Update = &v
+}
+
+func (o CapabilitiesObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Create != nil {
+		toSerialize["create"] = o.Create
+	}
+	if o.Update != nil {
+		toSerialize["update"] = o.Update
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CapabilitiesObject) UnmarshalJSON(bytes []byte) (err error) {
+	varCapabilitiesObject := _CapabilitiesObject{}
+
+	err = json.Unmarshal(bytes, &varCapabilitiesObject)
+	if err == nil {
+		*o = CapabilitiesObject(varCapabilitiesObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "create")
+		delete(additionalProperties, "update")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCapabilitiesObject struct {
+	value *CapabilitiesObject
+	isSet bool
+}
+
+func (v NullableCapabilitiesObject) Get() *CapabilitiesObject {
+	return v.value
+}
+
+func (v *NullableCapabilitiesObject) Set(val *CapabilitiesObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCapabilitiesObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCapabilitiesObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCapabilitiesObject(val *CapabilitiesObject) *NullableCapabilitiesObject {
+	return &NullableCapabilitiesObject{value: val, isSet: true}
+}
+
+func (v NullableCapabilitiesObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCapabilitiesObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_capabilities_update_object.go b/okta/model_capabilities_update_object.go
new file mode 100644
index 000000000..ce5430e3a
--- /dev/null
+++ b/okta/model_capabilities_update_object.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CapabilitiesUpdateObject struct for CapabilitiesUpdateObject
+type CapabilitiesUpdateObject struct {
+	LifecycleDeactivate  *LifecycleDeactivateSettingObject `json:"lifecycleDeactivate,omitempty"`
+	Password             *PasswordSettingObject            `json:"password,omitempty"`
+	Profile              *ProfileSettingObject             `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CapabilitiesUpdateObject CapabilitiesUpdateObject
+
+// NewCapabilitiesUpdateObject instantiates a new CapabilitiesUpdateObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCapabilitiesUpdateObject() *CapabilitiesUpdateObject {
+	this := CapabilitiesUpdateObject{}
+	return &this
+}
+
+// NewCapabilitiesUpdateObjectWithDefaults instantiates a new CapabilitiesUpdateObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCapabilitiesUpdateObjectWithDefaults() *CapabilitiesUpdateObject {
+	this := CapabilitiesUpdateObject{}
+	return &this
+}
+
+// GetLifecycleDeactivate returns the LifecycleDeactivate field value if set, zero value otherwise.
+func (o *CapabilitiesUpdateObject) GetLifecycleDeactivate() LifecycleDeactivateSettingObject {
+	if o == nil || o.LifecycleDeactivate == nil {
+		var ret LifecycleDeactivateSettingObject
+		return ret
+	}
+	return *o.LifecycleDeactivate
+}
+
+// GetLifecycleDeactivateOk returns a tuple with the LifecycleDeactivate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CapabilitiesUpdateObject) GetLifecycleDeactivateOk() (*LifecycleDeactivateSettingObject, bool) {
+	if o == nil || o.LifecycleDeactivate == nil {
+		return nil, false
+	}
+	return o.LifecycleDeactivate, true
+}
+
+// HasLifecycleDeactivate returns a boolean if a field has been set.
+func (o *CapabilitiesUpdateObject) HasLifecycleDeactivate() bool {
+	if o != nil && o.LifecycleDeactivate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLifecycleDeactivate gets a reference to the given LifecycleDeactivateSettingObject and assigns it to the LifecycleDeactivate field.
+func (o *CapabilitiesUpdateObject) SetLifecycleDeactivate(v LifecycleDeactivateSettingObject) {
+	o.LifecycleDeactivate = &v
+}
+
+// GetPassword returns the Password field value if set, zero value otherwise.
+func (o *CapabilitiesUpdateObject) GetPassword() PasswordSettingObject {
+	if o == nil || o.Password == nil {
+		var ret PasswordSettingObject
+		return ret
+	}
+	return *o.Password
+}
+
+// GetPasswordOk returns a tuple with the Password field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CapabilitiesUpdateObject) GetPasswordOk() (*PasswordSettingObject, bool) {
+	if o == nil || o.Password == nil {
+		return nil, false
+	}
+	return o.Password, true
+}
+
+// HasPassword returns a boolean if a field has been set.
+func (o *CapabilitiesUpdateObject) HasPassword() bool {
+	if o != nil && o.Password != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassword gets a reference to the given PasswordSettingObject and assigns it to the Password field.
+func (o *CapabilitiesUpdateObject) SetPassword(v PasswordSettingObject) {
+	o.Password = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *CapabilitiesUpdateObject) GetProfile() ProfileSettingObject {
+	if o == nil || o.Profile == nil {
+		var ret ProfileSettingObject
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CapabilitiesUpdateObject) GetProfileOk() (*ProfileSettingObject, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *CapabilitiesUpdateObject) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given ProfileSettingObject and assigns it to the Profile field.
+func (o *CapabilitiesUpdateObject) SetProfile(v ProfileSettingObject) {
+	o.Profile = &v
+}
+
+func (o CapabilitiesUpdateObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.LifecycleDeactivate != nil {
+		toSerialize["lifecycleDeactivate"] = o.LifecycleDeactivate
+	}
+	if o.Password != nil {
+		toSerialize["password"] = o.Password
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CapabilitiesUpdateObject) UnmarshalJSON(bytes []byte) (err error) {
+	varCapabilitiesUpdateObject := _CapabilitiesUpdateObject{}
+
+	err = json.Unmarshal(bytes, &varCapabilitiesUpdateObject)
+	if err == nil {
+		*o = CapabilitiesUpdateObject(varCapabilitiesUpdateObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "lifecycleDeactivate")
+		delete(additionalProperties, "password")
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCapabilitiesUpdateObject struct {
+	value *CapabilitiesUpdateObject
+	isSet bool
+}
+
+func (v NullableCapabilitiesUpdateObject) Get() *CapabilitiesUpdateObject {
+	return v.value
+}
+
+func (v *NullableCapabilitiesUpdateObject) Set(val *CapabilitiesUpdateObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCapabilitiesUpdateObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCapabilitiesUpdateObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCapabilitiesUpdateObject(val *CapabilitiesUpdateObject) *NullableCapabilitiesUpdateObject {
+	return &NullableCapabilitiesUpdateObject{value: val, isSet: true}
+}
+
+func (v NullableCapabilitiesUpdateObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCapabilitiesUpdateObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_captcha_instance.go b/okta/model_captcha_instance.go
new file mode 100644
index 000000000..8c8ed9cee
--- /dev/null
+++ b/okta/model_captcha_instance.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CAPTCHAInstance
+type CAPTCHAInstance struct {
+	Id                   *string       `json:"id,omitempty"`
+	Name                 *string       `json:"name,omitempty"`
+	SecretKey            *string       `json:"secretKey,omitempty"`
+	SiteKey              *string       `json:"siteKey,omitempty"`
+	Type                 *CAPTCHAType  `json:"type,omitempty"`
+	Links                *ApiTokenLink `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CAPTCHAInstance CAPTCHAInstance
+
+// NewCAPTCHAInstance instantiates a new CAPTCHAInstance object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCAPTCHAInstance() *CAPTCHAInstance {
+	this := CAPTCHAInstance{}
+	return &this
+}
+
+// NewCAPTCHAInstanceWithDefaults instantiates a new CAPTCHAInstance object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCAPTCHAInstanceWithDefaults() *CAPTCHAInstance {
+	this := CAPTCHAInstance{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *CAPTCHAInstance) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CAPTCHAInstance) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *CAPTCHAInstance) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *CAPTCHAInstance) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *CAPTCHAInstance) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CAPTCHAInstance) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *CAPTCHAInstance) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *CAPTCHAInstance) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSecretKey returns the SecretKey field value if set, zero value otherwise.
+func (o *CAPTCHAInstance) GetSecretKey() string {
+	if o == nil || o.SecretKey == nil {
+		var ret string
+		return ret
+	}
+	return *o.SecretKey
+}
+
+// GetSecretKeyOk returns a tuple with the SecretKey field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CAPTCHAInstance) GetSecretKeyOk() (*string, bool) {
+	if o == nil || o.SecretKey == nil {
+		return nil, false
+	}
+	return o.SecretKey, true
+}
+
+// HasSecretKey returns a boolean if a field has been set.
+func (o *CAPTCHAInstance) HasSecretKey() bool {
+	if o != nil && o.SecretKey != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecretKey gets a reference to the given string and assigns it to the SecretKey field.
+func (o *CAPTCHAInstance) SetSecretKey(v string) {
+	o.SecretKey = &v
+}
+
+// GetSiteKey returns the SiteKey field value if set, zero value otherwise.
+func (o *CAPTCHAInstance) GetSiteKey() string {
+	if o == nil || o.SiteKey == nil {
+		var ret string
+		return ret
+	}
+	return *o.SiteKey
+}
+
+// GetSiteKeyOk returns a tuple with the SiteKey field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CAPTCHAInstance) GetSiteKeyOk() (*string, bool) {
+	if o == nil || o.SiteKey == nil {
+		return nil, false
+	}
+	return o.SiteKey, true
+}
+
+// HasSiteKey returns a boolean if a field has been set.
+func (o *CAPTCHAInstance) HasSiteKey() bool {
+	if o != nil && o.SiteKey != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSiteKey gets a reference to the given string and assigns it to the SiteKey field.
+func (o *CAPTCHAInstance) SetSiteKey(v string) {
+	o.SiteKey = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *CAPTCHAInstance) GetType() CAPTCHAType {
+	if o == nil || o.Type == nil {
+		var ret CAPTCHAType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CAPTCHAInstance) GetTypeOk() (*CAPTCHAType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *CAPTCHAInstance) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given CAPTCHAType and assigns it to the Type field.
+func (o *CAPTCHAInstance) SetType(v CAPTCHAType) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *CAPTCHAInstance) GetLinks() ApiTokenLink {
+	if o == nil || o.Links == nil {
+		var ret ApiTokenLink
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CAPTCHAInstance) GetLinksOk() (*ApiTokenLink, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *CAPTCHAInstance) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ApiTokenLink and assigns it to the Links field.
+func (o *CAPTCHAInstance) SetLinks(v ApiTokenLink) {
+	o.Links = &v
+}
+
+func (o CAPTCHAInstance) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.SecretKey != nil {
+		toSerialize["secretKey"] = o.SecretKey
+	}
+	if o.SiteKey != nil {
+		toSerialize["siteKey"] = o.SiteKey
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CAPTCHAInstance) UnmarshalJSON(bytes []byte) (err error) {
+	varCAPTCHAInstance := _CAPTCHAInstance{}
+
+	err = json.Unmarshal(bytes, &varCAPTCHAInstance)
+	if err == nil {
+		*o = CAPTCHAInstance(varCAPTCHAInstance)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "secretKey")
+		delete(additionalProperties, "siteKey")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCAPTCHAInstance struct {
+	value *CAPTCHAInstance
+	isSet bool
+}
+
+func (v NullableCAPTCHAInstance) Get() *CAPTCHAInstance {
+	return v.value
+}
+
+func (v *NullableCAPTCHAInstance) Set(val *CAPTCHAInstance) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCAPTCHAInstance) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCAPTCHAInstance) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCAPTCHAInstance(val *CAPTCHAInstance) *NullableCAPTCHAInstance {
+	return &NullableCAPTCHAInstance{value: val, isSet: true}
+}
+
+func (v NullableCAPTCHAInstance) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCAPTCHAInstance) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_captcha_type.go b/okta/model_captcha_type.go
new file mode 100644
index 000000000..d0970a89e
--- /dev/null
+++ b/okta/model_captcha_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// CAPTCHAType the model 'CAPTCHAType'
+type CAPTCHAType string
+
+// List of CAPTCHAType
+const (
+	CAPTCHATYPE_HCAPTCHA     CAPTCHAType = "HCAPTCHA"
+	CAPTCHATYPE_RECAPTCHA_V2 CAPTCHAType = "RECAPTCHA_V2"
+)
+
+// All allowed values of CAPTCHAType enum
+var AllowedCAPTCHATypeEnumValues = []CAPTCHAType{
+	"HCAPTCHA",
+	"RECAPTCHA_V2",
+}
+
+func (v *CAPTCHAType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := CAPTCHAType(value)
+	for _, existing := range AllowedCAPTCHATypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid CAPTCHAType", value)
+}
+
+// NewCAPTCHATypeFromValue returns a pointer to a valid CAPTCHAType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewCAPTCHATypeFromValue(v string) (*CAPTCHAType, error) {
+	ev := CAPTCHAType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for CAPTCHAType: valid values are %v", v, AllowedCAPTCHATypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v CAPTCHAType) IsValid() bool {
+	for _, existing := range AllowedCAPTCHATypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to CAPTCHAType value
+func (v CAPTCHAType) Ptr() *CAPTCHAType {
+	return &v
+}
+
+type NullableCAPTCHAType struct {
+	value *CAPTCHAType
+	isSet bool
+}
+
+func (v NullableCAPTCHAType) Get() *CAPTCHAType {
+	return v.value
+}
+
+func (v *NullableCAPTCHAType) Set(val *CAPTCHAType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCAPTCHAType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCAPTCHAType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCAPTCHAType(val *CAPTCHAType) *NullableCAPTCHAType {
+	return &NullableCAPTCHAType{value: val, isSet: true}
+}
+
+func (v NullableCAPTCHAType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCAPTCHAType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_catalog_application.go b/okta/model_catalog_application.go
new file mode 100644
index 000000000..cf79277ac
--- /dev/null
+++ b/okta/model_catalog_application.go
@@ -0,0 +1,566 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// CatalogApplication struct for CatalogApplication
+type CatalogApplication struct {
+	Category             *string                           `json:"category,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	DisplayName          *string                           `json:"displayName,omitempty"`
+	Features             []string                          `json:"features,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	SignOnModes          []string                          `json:"signOnModes,omitempty"`
+	Status               *CatalogApplicationStatus         `json:"status,omitempty"`
+	VerificationStatus   *string                           `json:"verificationStatus,omitempty"`
+	Website              *string                           `json:"website,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CatalogApplication CatalogApplication
+
+// NewCatalogApplication instantiates a new CatalogApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCatalogApplication() *CatalogApplication {
+	this := CatalogApplication{}
+	return &this
+}
+
+// NewCatalogApplicationWithDefaults instantiates a new CatalogApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCatalogApplicationWithDefaults() *CatalogApplication {
+	this := CatalogApplication{}
+	return &this
+}
+
+// GetCategory returns the Category field value if set, zero value otherwise.
+func (o *CatalogApplication) GetCategory() string {
+	if o == nil || o.Category == nil {
+		var ret string
+		return ret
+	}
+	return *o.Category
+}
+
+// GetCategoryOk returns a tuple with the Category field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetCategoryOk() (*string, bool) {
+	if o == nil || o.Category == nil {
+		return nil, false
+	}
+	return o.Category, true
+}
+
+// HasCategory returns a boolean if a field has been set.
+func (o *CatalogApplication) HasCategory() bool {
+	if o != nil && o.Category != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCategory gets a reference to the given string and assigns it to the Category field.
+func (o *CatalogApplication) SetCategory(v string) {
+	o.Category = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *CatalogApplication) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *CatalogApplication) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *CatalogApplication) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *CatalogApplication) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *CatalogApplication) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *CatalogApplication) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetFeatures returns the Features field value if set, zero value otherwise.
+func (o *CatalogApplication) GetFeatures() []string {
+	if o == nil || o.Features == nil {
+		var ret []string
+		return ret
+	}
+	return o.Features
+}
+
+// GetFeaturesOk returns a tuple with the Features field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetFeaturesOk() ([]string, bool) {
+	if o == nil || o.Features == nil {
+		return nil, false
+	}
+	return o.Features, true
+}
+
+// HasFeatures returns a boolean if a field has been set.
+func (o *CatalogApplication) HasFeatures() bool {
+	if o != nil && o.Features != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFeatures gets a reference to the given []string and assigns it to the Features field.
+func (o *CatalogApplication) SetFeatures(v []string) {
+	o.Features = v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *CatalogApplication) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *CatalogApplication) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *CatalogApplication) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *CatalogApplication) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *CatalogApplication) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *CatalogApplication) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *CatalogApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *CatalogApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *CatalogApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSignOnModes returns the SignOnModes field value if set, zero value otherwise.
+func (o *CatalogApplication) GetSignOnModes() []string {
+	if o == nil || o.SignOnModes == nil {
+		var ret []string
+		return ret
+	}
+	return o.SignOnModes
+}
+
+// GetSignOnModesOk returns a tuple with the SignOnModes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetSignOnModesOk() ([]string, bool) {
+	if o == nil || o.SignOnModes == nil {
+		return nil, false
+	}
+	return o.SignOnModes, true
+}
+
+// HasSignOnModes returns a boolean if a field has been set.
+func (o *CatalogApplication) HasSignOnModes() bool {
+	if o != nil && o.SignOnModes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignOnModes gets a reference to the given []string and assigns it to the SignOnModes field.
+func (o *CatalogApplication) SetSignOnModes(v []string) {
+	o.SignOnModes = v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *CatalogApplication) GetStatus() CatalogApplicationStatus {
+	if o == nil || o.Status == nil {
+		var ret CatalogApplicationStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetStatusOk() (*CatalogApplicationStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *CatalogApplication) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given CatalogApplicationStatus and assigns it to the Status field.
+func (o *CatalogApplication) SetStatus(v CatalogApplicationStatus) {
+	o.Status = &v
+}
+
+// GetVerificationStatus returns the VerificationStatus field value if set, zero value otherwise.
+func (o *CatalogApplication) GetVerificationStatus() string {
+	if o == nil || o.VerificationStatus == nil {
+		var ret string
+		return ret
+	}
+	return *o.VerificationStatus
+}
+
+// GetVerificationStatusOk returns a tuple with the VerificationStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetVerificationStatusOk() (*string, bool) {
+	if o == nil || o.VerificationStatus == nil {
+		return nil, false
+	}
+	return o.VerificationStatus, true
+}
+
+// HasVerificationStatus returns a boolean if a field has been set.
+func (o *CatalogApplication) HasVerificationStatus() bool {
+	if o != nil && o.VerificationStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVerificationStatus gets a reference to the given string and assigns it to the VerificationStatus field.
+func (o *CatalogApplication) SetVerificationStatus(v string) {
+	o.VerificationStatus = &v
+}
+
+// GetWebsite returns the Website field value if set, zero value otherwise.
+func (o *CatalogApplication) GetWebsite() string {
+	if o == nil || o.Website == nil {
+		var ret string
+		return ret
+	}
+	return *o.Website
+}
+
+// GetWebsiteOk returns a tuple with the Website field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetWebsiteOk() (*string, bool) {
+	if o == nil || o.Website == nil {
+		return nil, false
+	}
+	return o.Website, true
+}
+
+// HasWebsite returns a boolean if a field has been set.
+func (o *CatalogApplication) HasWebsite() bool {
+	if o != nil && o.Website != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWebsite gets a reference to the given string and assigns it to the Website field.
+func (o *CatalogApplication) SetWebsite(v string) {
+	o.Website = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *CatalogApplication) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CatalogApplication) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *CatalogApplication) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *CatalogApplication) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o CatalogApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Category != nil {
+		toSerialize["category"] = o.Category
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Features != nil {
+		toSerialize["features"] = o.Features
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.SignOnModes != nil {
+		toSerialize["signOnModes"] = o.SignOnModes
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.VerificationStatus != nil {
+		toSerialize["verificationStatus"] = o.VerificationStatus
+	}
+	if o.Website != nil {
+		toSerialize["website"] = o.Website
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CatalogApplication) UnmarshalJSON(bytes []byte) (err error) {
+	varCatalogApplication := _CatalogApplication{}
+
+	err = json.Unmarshal(bytes, &varCatalogApplication)
+	if err == nil {
+		*o = CatalogApplication(varCatalogApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "category")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "features")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "signOnModes")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "verificationStatus")
+		delete(additionalProperties, "website")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCatalogApplication struct {
+	value *CatalogApplication
+	isSet bool
+}
+
+func (v NullableCatalogApplication) Get() *CatalogApplication {
+	return v.value
+}
+
+func (v *NullableCatalogApplication) Set(val *CatalogApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCatalogApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCatalogApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCatalogApplication(val *CatalogApplication) *NullableCatalogApplication {
+	return &NullableCatalogApplication{value: val, isSet: true}
+}
+
+func (v NullableCatalogApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCatalogApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_catalog_application_status.go b/okta/model_catalog_application_status.go
new file mode 100644
index 000000000..63d1a89ca
--- /dev/null
+++ b/okta/model_catalog_application_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// CatalogApplicationStatus the model 'CatalogApplicationStatus'
+type CatalogApplicationStatus string
+
+// List of CatalogApplicationStatus
+const (
+	CATALOGAPPLICATIONSTATUS_ACTIVE   CatalogApplicationStatus = "ACTIVE"
+	CATALOGAPPLICATIONSTATUS_INACTIVE CatalogApplicationStatus = "INACTIVE"
+)
+
+// All allowed values of CatalogApplicationStatus enum
+var AllowedCatalogApplicationStatusEnumValues = []CatalogApplicationStatus{
+	"ACTIVE",
+	"INACTIVE",
+}
+
+func (v *CatalogApplicationStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := CatalogApplicationStatus(value)
+	for _, existing := range AllowedCatalogApplicationStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid CatalogApplicationStatus", value)
+}
+
+// NewCatalogApplicationStatusFromValue returns a pointer to a valid CatalogApplicationStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewCatalogApplicationStatusFromValue(v string) (*CatalogApplicationStatus, error) {
+	ev := CatalogApplicationStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for CatalogApplicationStatus: valid values are %v", v, AllowedCatalogApplicationStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v CatalogApplicationStatus) IsValid() bool {
+	for _, existing := range AllowedCatalogApplicationStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to CatalogApplicationStatus value
+func (v CatalogApplicationStatus) Ptr() *CatalogApplicationStatus {
+	return &v
+}
+
+type NullableCatalogApplicationStatus struct {
+	value *CatalogApplicationStatus
+	isSet bool
+}
+
+func (v NullableCatalogApplicationStatus) Get() *CatalogApplicationStatus {
+	return v.value
+}
+
+func (v *NullableCatalogApplicationStatus) Set(val *CatalogApplicationStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCatalogApplicationStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCatalogApplicationStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCatalogApplicationStatus(val *CatalogApplicationStatus) *NullableCatalogApplicationStatus {
+	return &NullableCatalogApplicationStatus{value: val, isSet: true}
+}
+
+func (v NullableCatalogApplicationStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCatalogApplicationStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_change_enum.go b/okta/model_change_enum.go
new file mode 100644
index 000000000..e6c2e14c2
--- /dev/null
+++ b/okta/model_change_enum.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ChangeEnum the model 'ChangeEnum'
+type ChangeEnum string
+
+// List of ChangeEnum
+const (
+	CHANGEENUM_CHANGE        ChangeEnum = "CHANGE"
+	CHANGEENUM_KEEP_EXISTING ChangeEnum = "KEEP_EXISTING"
+)
+
+// All allowed values of ChangeEnum enum
+var AllowedChangeEnumEnumValues = []ChangeEnum{
+	"CHANGE",
+	"KEEP_EXISTING",
+}
+
+func (v *ChangeEnum) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ChangeEnum(value)
+	for _, existing := range AllowedChangeEnumEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ChangeEnum", value)
+}
+
+// NewChangeEnumFromValue returns a pointer to a valid ChangeEnum
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewChangeEnumFromValue(v string) (*ChangeEnum, error) {
+	ev := ChangeEnum(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ChangeEnum: valid values are %v", v, AllowedChangeEnumEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ChangeEnum) IsValid() bool {
+	for _, existing := range AllowedChangeEnumEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ChangeEnum value
+func (v ChangeEnum) Ptr() *ChangeEnum {
+	return &v
+}
+
+type NullableChangeEnum struct {
+	value *ChangeEnum
+	isSet bool
+}
+
+func (v NullableChangeEnum) Get() *ChangeEnum {
+	return v.value
+}
+
+func (v *NullableChangeEnum) Set(val *ChangeEnum) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableChangeEnum) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableChangeEnum) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableChangeEnum(val *ChangeEnum) *NullableChangeEnum {
+	return &NullableChangeEnum{value: val, isSet: true}
+}
+
+func (v NullableChangeEnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableChangeEnum) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_change_password_request.go b/okta/model_change_password_request.go
new file mode 100644
index 000000000..b5003a5a1
--- /dev/null
+++ b/okta/model_change_password_request.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ChangePasswordRequest struct for ChangePasswordRequest
+type ChangePasswordRequest struct {
+	NewPassword          *PasswordCredential `json:"newPassword,omitempty"`
+	OldPassword          *PasswordCredential `json:"oldPassword,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ChangePasswordRequest ChangePasswordRequest
+
+// NewChangePasswordRequest instantiates a new ChangePasswordRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewChangePasswordRequest() *ChangePasswordRequest {
+	this := ChangePasswordRequest{}
+	return &this
+}
+
+// NewChangePasswordRequestWithDefaults instantiates a new ChangePasswordRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewChangePasswordRequestWithDefaults() *ChangePasswordRequest {
+	this := ChangePasswordRequest{}
+	return &this
+}
+
+// GetNewPassword returns the NewPassword field value if set, zero value otherwise.
+func (o *ChangePasswordRequest) GetNewPassword() PasswordCredential {
+	if o == nil || o.NewPassword == nil {
+		var ret PasswordCredential
+		return ret
+	}
+	return *o.NewPassword
+}
+
+// GetNewPasswordOk returns a tuple with the NewPassword field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ChangePasswordRequest) GetNewPasswordOk() (*PasswordCredential, bool) {
+	if o == nil || o.NewPassword == nil {
+		return nil, false
+	}
+	return o.NewPassword, true
+}
+
+// HasNewPassword returns a boolean if a field has been set.
+func (o *ChangePasswordRequest) HasNewPassword() bool {
+	if o != nil && o.NewPassword != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNewPassword gets a reference to the given PasswordCredential and assigns it to the NewPassword field.
+func (o *ChangePasswordRequest) SetNewPassword(v PasswordCredential) {
+	o.NewPassword = &v
+}
+
+// GetOldPassword returns the OldPassword field value if set, zero value otherwise.
+func (o *ChangePasswordRequest) GetOldPassword() PasswordCredential {
+	if o == nil || o.OldPassword == nil {
+		var ret PasswordCredential
+		return ret
+	}
+	return *o.OldPassword
+}
+
+// GetOldPasswordOk returns a tuple with the OldPassword field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ChangePasswordRequest) GetOldPasswordOk() (*PasswordCredential, bool) {
+	if o == nil || o.OldPassword == nil {
+		return nil, false
+	}
+	return o.OldPassword, true
+}
+
+// HasOldPassword returns a boolean if a field has been set.
+func (o *ChangePasswordRequest) HasOldPassword() bool {
+	if o != nil && o.OldPassword != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOldPassword gets a reference to the given PasswordCredential and assigns it to the OldPassword field.
+func (o *ChangePasswordRequest) SetOldPassword(v PasswordCredential) {
+	o.OldPassword = &v
+}
+
+func (o ChangePasswordRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.NewPassword != nil {
+		toSerialize["newPassword"] = o.NewPassword
+	}
+	if o.OldPassword != nil {
+		toSerialize["oldPassword"] = o.OldPassword
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ChangePasswordRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varChangePasswordRequest := _ChangePasswordRequest{}
+
+	err = json.Unmarshal(bytes, &varChangePasswordRequest)
+	if err == nil {
+		*o = ChangePasswordRequest(varChangePasswordRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "newPassword")
+		delete(additionalProperties, "oldPassword")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableChangePasswordRequest struct {
+	value *ChangePasswordRequest
+	isSet bool
+}
+
+func (v NullableChangePasswordRequest) Get() *ChangePasswordRequest {
+	return v.value
+}
+
+func (v *NullableChangePasswordRequest) Set(val *ChangePasswordRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableChangePasswordRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableChangePasswordRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableChangePasswordRequest(val *ChangePasswordRequest) *NullableChangePasswordRequest {
+	return &NullableChangePasswordRequest{value: val, isSet: true}
+}
+
+func (v NullableChangePasswordRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableChangePasswordRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_channel_binding.go b/okta/model_channel_binding.go
new file mode 100644
index 000000000..aaeb61cb1
--- /dev/null
+++ b/okta/model_channel_binding.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ChannelBinding struct for ChannelBinding
+type ChannelBinding struct {
+	Required             *RequiredEnum `json:"required,omitempty"`
+	Style                *string       `json:"style,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ChannelBinding ChannelBinding
+
+// NewChannelBinding instantiates a new ChannelBinding object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewChannelBinding() *ChannelBinding {
+	this := ChannelBinding{}
+	return &this
+}
+
+// NewChannelBindingWithDefaults instantiates a new ChannelBinding object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewChannelBindingWithDefaults() *ChannelBinding {
+	this := ChannelBinding{}
+	return &this
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *ChannelBinding) GetRequired() RequiredEnum {
+	if o == nil || o.Required == nil {
+		var ret RequiredEnum
+		return ret
+	}
+	return *o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ChannelBinding) GetRequiredOk() (*RequiredEnum, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *ChannelBinding) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given RequiredEnum and assigns it to the Required field.
+func (o *ChannelBinding) SetRequired(v RequiredEnum) {
+	o.Required = &v
+}
+
+// GetStyle returns the Style field value if set, zero value otherwise.
+func (o *ChannelBinding) GetStyle() string {
+	if o == nil || o.Style == nil {
+		var ret string
+		return ret
+	}
+	return *o.Style
+}
+
+// GetStyleOk returns a tuple with the Style field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ChannelBinding) GetStyleOk() (*string, bool) {
+	if o == nil || o.Style == nil {
+		return nil, false
+	}
+	return o.Style, true
+}
+
+// HasStyle returns a boolean if a field has been set.
+func (o *ChannelBinding) HasStyle() bool {
+	if o != nil && o.Style != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStyle gets a reference to the given string and assigns it to the Style field.
+func (o *ChannelBinding) SetStyle(v string) {
+	o.Style = &v
+}
+
+func (o ChannelBinding) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Style != nil {
+		toSerialize["style"] = o.Style
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ChannelBinding) UnmarshalJSON(bytes []byte) (err error) {
+	varChannelBinding := _ChannelBinding{}
+
+	err = json.Unmarshal(bytes, &varChannelBinding)
+	if err == nil {
+		*o = ChannelBinding(varChannelBinding)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "style")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableChannelBinding struct {
+	value *ChannelBinding
+	isSet bool
+}
+
+func (v NullableChannelBinding) Get() *ChannelBinding {
+	return v.value
+}
+
+func (v *NullableChannelBinding) Set(val *ChannelBinding) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableChannelBinding) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableChannelBinding) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableChannelBinding(val *ChannelBinding) *NullableChannelBinding {
+	return &NullableChannelBinding{value: val, isSet: true}
+}
+
+func (v NullableChannelBinding) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableChannelBinding) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_chrome_browser_version.go b/okta/model_chrome_browser_version.go
new file mode 100644
index 000000000..1e42835a0
--- /dev/null
+++ b/okta/model_chrome_browser_version.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ChromeBrowserVersion Current version of the Chrome Browser
+type ChromeBrowserVersion struct {
+	Minimum              *string `json:"minimum,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ChromeBrowserVersion ChromeBrowserVersion
+
+// NewChromeBrowserVersion instantiates a new ChromeBrowserVersion object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewChromeBrowserVersion() *ChromeBrowserVersion {
+	this := ChromeBrowserVersion{}
+	return &this
+}
+
+// NewChromeBrowserVersionWithDefaults instantiates a new ChromeBrowserVersion object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewChromeBrowserVersionWithDefaults() *ChromeBrowserVersion {
+	this := ChromeBrowserVersion{}
+	return &this
+}
+
+// GetMinimum returns the Minimum field value if set, zero value otherwise.
+func (o *ChromeBrowserVersion) GetMinimum() string {
+	if o == nil || o.Minimum == nil {
+		var ret string
+		return ret
+	}
+	return *o.Minimum
+}
+
+// GetMinimumOk returns a tuple with the Minimum field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ChromeBrowserVersion) GetMinimumOk() (*string, bool) {
+	if o == nil || o.Minimum == nil {
+		return nil, false
+	}
+	return o.Minimum, true
+}
+
+// HasMinimum returns a boolean if a field has been set.
+func (o *ChromeBrowserVersion) HasMinimum() bool {
+	if o != nil && o.Minimum != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinimum gets a reference to the given string and assigns it to the Minimum field.
+func (o *ChromeBrowserVersion) SetMinimum(v string) {
+	o.Minimum = &v
+}
+
+func (o ChromeBrowserVersion) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Minimum != nil {
+		toSerialize["minimum"] = o.Minimum
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ChromeBrowserVersion) UnmarshalJSON(bytes []byte) (err error) {
+	varChromeBrowserVersion := _ChromeBrowserVersion{}
+
+	err = json.Unmarshal(bytes, &varChromeBrowserVersion)
+	if err == nil {
+		*o = ChromeBrowserVersion(varChromeBrowserVersion)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "minimum")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableChromeBrowserVersion struct {
+	value *ChromeBrowserVersion
+	isSet bool
+}
+
+func (v NullableChromeBrowserVersion) Get() *ChromeBrowserVersion {
+	return v.value
+}
+
+func (v *NullableChromeBrowserVersion) Set(val *ChromeBrowserVersion) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableChromeBrowserVersion) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableChromeBrowserVersion) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableChromeBrowserVersion(val *ChromeBrowserVersion) *NullableChromeBrowserVersion {
+	return &NullableChromeBrowserVersion{value: val, isSet: true}
+}
+
+func (v NullableChromeBrowserVersion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableChromeBrowserVersion) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_client_policy_condition.go b/okta/model_client_policy_condition.go
new file mode 100644
index 000000000..896635207
--- /dev/null
+++ b/okta/model_client_policy_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ClientPolicyCondition struct for ClientPolicyCondition
+type ClientPolicyCondition struct {
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ClientPolicyCondition ClientPolicyCondition
+
+// NewClientPolicyCondition instantiates a new ClientPolicyCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewClientPolicyCondition() *ClientPolicyCondition {
+	this := ClientPolicyCondition{}
+	return &this
+}
+
+// NewClientPolicyConditionWithDefaults instantiates a new ClientPolicyCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewClientPolicyConditionWithDefaults() *ClientPolicyCondition {
+	this := ClientPolicyCondition{}
+	return &this
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *ClientPolicyCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ClientPolicyCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *ClientPolicyCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *ClientPolicyCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o ClientPolicyCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ClientPolicyCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varClientPolicyCondition := _ClientPolicyCondition{}
+
+	err = json.Unmarshal(bytes, &varClientPolicyCondition)
+	if err == nil {
+		*o = ClientPolicyCondition(varClientPolicyCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableClientPolicyCondition struct {
+	value *ClientPolicyCondition
+	isSet bool
+}
+
+func (v NullableClientPolicyCondition) Get() *ClientPolicyCondition {
+	return v.value
+}
+
+func (v *NullableClientPolicyCondition) Set(val *ClientPolicyCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableClientPolicyCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableClientPolicyCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableClientPolicyCondition(val *ClientPolicyCondition) *NullableClientPolicyCondition {
+	return &NullableClientPolicyCondition{value: val, isSet: true}
+}
+
+func (v NullableClientPolicyCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableClientPolicyCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_compliance.go b/okta/model_compliance.go
new file mode 100644
index 000000000..f8ad1f4c4
--- /dev/null
+++ b/okta/model_compliance.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Compliance struct for Compliance
+type Compliance struct {
+	Fips                 *FipsEnum `json:"fips,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Compliance Compliance
+
+// NewCompliance instantiates a new Compliance object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCompliance() *Compliance {
+	this := Compliance{}
+	return &this
+}
+
+// NewComplianceWithDefaults instantiates a new Compliance object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewComplianceWithDefaults() *Compliance {
+	this := Compliance{}
+	return &this
+}
+
+// GetFips returns the Fips field value if set, zero value otherwise.
+func (o *Compliance) GetFips() FipsEnum {
+	if o == nil || o.Fips == nil {
+		var ret FipsEnum
+		return ret
+	}
+	return *o.Fips
+}
+
+// GetFipsOk returns a tuple with the Fips field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Compliance) GetFipsOk() (*FipsEnum, bool) {
+	if o == nil || o.Fips == nil {
+		return nil, false
+	}
+	return o.Fips, true
+}
+
+// HasFips returns a boolean if a field has been set.
+func (o *Compliance) HasFips() bool {
+	if o != nil && o.Fips != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFips gets a reference to the given FipsEnum and assigns it to the Fips field.
+func (o *Compliance) SetFips(v FipsEnum) {
+	o.Fips = &v
+}
+
+func (o Compliance) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Fips != nil {
+		toSerialize["fips"] = o.Fips
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Compliance) UnmarshalJSON(bytes []byte) (err error) {
+	varCompliance := _Compliance{}
+
+	err = json.Unmarshal(bytes, &varCompliance)
+	if err == nil {
+		*o = Compliance(varCompliance)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "fips")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCompliance struct {
+	value *Compliance
+	isSet bool
+}
+
+func (v NullableCompliance) Get() *Compliance {
+	return v.value
+}
+
+func (v *NullableCompliance) Set(val *Compliance) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCompliance) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCompliance) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCompliance(val *Compliance) *NullableCompliance {
+	return &NullableCompliance{value: val, isSet: true}
+}
+
+func (v NullableCompliance) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCompliance) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_context_policy_rule_condition.go b/okta/model_context_policy_rule_condition.go
new file mode 100644
index 000000000..660d60b68
--- /dev/null
+++ b/okta/model_context_policy_rule_condition.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ContextPolicyRuleCondition struct for ContextPolicyRuleCondition
+type ContextPolicyRuleCondition struct {
+	Migrated             *bool                              `json:"migrated,omitempty"`
+	Platform             *DevicePolicyRuleConditionPlatform `json:"platform,omitempty"`
+	Rooted               *bool                              `json:"rooted,omitempty"`
+	TrustLevel           *DevicePolicyTrustLevel            `json:"trustLevel,omitempty"`
+	Expression           *string                            `json:"expression,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ContextPolicyRuleCondition ContextPolicyRuleCondition
+
+// NewContextPolicyRuleCondition instantiates a new ContextPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewContextPolicyRuleCondition() *ContextPolicyRuleCondition {
+	this := ContextPolicyRuleCondition{}
+	return &this
+}
+
+// NewContextPolicyRuleConditionWithDefaults instantiates a new ContextPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewContextPolicyRuleConditionWithDefaults() *ContextPolicyRuleCondition {
+	this := ContextPolicyRuleCondition{}
+	return &this
+}
+
+// GetMigrated returns the Migrated field value if set, zero value otherwise.
+func (o *ContextPolicyRuleCondition) GetMigrated() bool {
+	if o == nil || o.Migrated == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Migrated
+}
+
+// GetMigratedOk returns a tuple with the Migrated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ContextPolicyRuleCondition) GetMigratedOk() (*bool, bool) {
+	if o == nil || o.Migrated == nil {
+		return nil, false
+	}
+	return o.Migrated, true
+}
+
+// HasMigrated returns a boolean if a field has been set.
+func (o *ContextPolicyRuleCondition) HasMigrated() bool {
+	if o != nil && o.Migrated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMigrated gets a reference to the given bool and assigns it to the Migrated field.
+func (o *ContextPolicyRuleCondition) SetMigrated(v bool) {
+	o.Migrated = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *ContextPolicyRuleCondition) GetPlatform() DevicePolicyRuleConditionPlatform {
+	if o == nil || o.Platform == nil {
+		var ret DevicePolicyRuleConditionPlatform
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ContextPolicyRuleCondition) GetPlatformOk() (*DevicePolicyRuleConditionPlatform, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *ContextPolicyRuleCondition) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given DevicePolicyRuleConditionPlatform and assigns it to the Platform field.
+func (o *ContextPolicyRuleCondition) SetPlatform(v DevicePolicyRuleConditionPlatform) {
+	o.Platform = &v
+}
+
+// GetRooted returns the Rooted field value if set, zero value otherwise.
+func (o *ContextPolicyRuleCondition) GetRooted() bool {
+	if o == nil || o.Rooted == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Rooted
+}
+
+// GetRootedOk returns a tuple with the Rooted field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ContextPolicyRuleCondition) GetRootedOk() (*bool, bool) {
+	if o == nil || o.Rooted == nil {
+		return nil, false
+	}
+	return o.Rooted, true
+}
+
+// HasRooted returns a boolean if a field has been set.
+func (o *ContextPolicyRuleCondition) HasRooted() bool {
+	if o != nil && o.Rooted != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRooted gets a reference to the given bool and assigns it to the Rooted field.
+func (o *ContextPolicyRuleCondition) SetRooted(v bool) {
+	o.Rooted = &v
+}
+
+// GetTrustLevel returns the TrustLevel field value if set, zero value otherwise.
+func (o *ContextPolicyRuleCondition) GetTrustLevel() DevicePolicyTrustLevel {
+	if o == nil || o.TrustLevel == nil {
+		var ret DevicePolicyTrustLevel
+		return ret
+	}
+	return *o.TrustLevel
+}
+
+// GetTrustLevelOk returns a tuple with the TrustLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ContextPolicyRuleCondition) GetTrustLevelOk() (*DevicePolicyTrustLevel, bool) {
+	if o == nil || o.TrustLevel == nil {
+		return nil, false
+	}
+	return o.TrustLevel, true
+}
+
+// HasTrustLevel returns a boolean if a field has been set.
+func (o *ContextPolicyRuleCondition) HasTrustLevel() bool {
+	if o != nil && o.TrustLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTrustLevel gets a reference to the given DevicePolicyTrustLevel and assigns it to the TrustLevel field.
+func (o *ContextPolicyRuleCondition) SetTrustLevel(v DevicePolicyTrustLevel) {
+	o.TrustLevel = &v
+}
+
+// GetExpression returns the Expression field value if set, zero value otherwise.
+func (o *ContextPolicyRuleCondition) GetExpression() string {
+	if o == nil || o.Expression == nil {
+		var ret string
+		return ret
+	}
+	return *o.Expression
+}
+
+// GetExpressionOk returns a tuple with the Expression field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ContextPolicyRuleCondition) GetExpressionOk() (*string, bool) {
+	if o == nil || o.Expression == nil {
+		return nil, false
+	}
+	return o.Expression, true
+}
+
+// HasExpression returns a boolean if a field has been set.
+func (o *ContextPolicyRuleCondition) HasExpression() bool {
+	if o != nil && o.Expression != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpression gets a reference to the given string and assigns it to the Expression field.
+func (o *ContextPolicyRuleCondition) SetExpression(v string) {
+	o.Expression = &v
+}
+
+func (o ContextPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Migrated != nil {
+		toSerialize["migrated"] = o.Migrated
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Rooted != nil {
+		toSerialize["rooted"] = o.Rooted
+	}
+	if o.TrustLevel != nil {
+		toSerialize["trustLevel"] = o.TrustLevel
+	}
+	if o.Expression != nil {
+		toSerialize["expression"] = o.Expression
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ContextPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varContextPolicyRuleCondition := _ContextPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varContextPolicyRuleCondition)
+	if err == nil {
+		*o = ContextPolicyRuleCondition(varContextPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "migrated")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "rooted")
+		delete(additionalProperties, "trustLevel")
+		delete(additionalProperties, "expression")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableContextPolicyRuleCondition struct {
+	value *ContextPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableContextPolicyRuleCondition) Get() *ContextPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableContextPolicyRuleCondition) Set(val *ContextPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableContextPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableContextPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableContextPolicyRuleCondition(val *ContextPolicyRuleCondition) *NullableContextPolicyRuleCondition {
+	return &NullableContextPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableContextPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableContextPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_context_policy_rule_condition_all_of.go b/okta/model_context_policy_rule_condition_all_of.go
new file mode 100644
index 000000000..24fbc985a
--- /dev/null
+++ b/okta/model_context_policy_rule_condition_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ContextPolicyRuleConditionAllOf struct for ContextPolicyRuleConditionAllOf
+type ContextPolicyRuleConditionAllOf struct {
+	Expression           *string `json:"expression,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ContextPolicyRuleConditionAllOf ContextPolicyRuleConditionAllOf
+
+// NewContextPolicyRuleConditionAllOf instantiates a new ContextPolicyRuleConditionAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewContextPolicyRuleConditionAllOf() *ContextPolicyRuleConditionAllOf {
+	this := ContextPolicyRuleConditionAllOf{}
+	return &this
+}
+
+// NewContextPolicyRuleConditionAllOfWithDefaults instantiates a new ContextPolicyRuleConditionAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewContextPolicyRuleConditionAllOfWithDefaults() *ContextPolicyRuleConditionAllOf {
+	this := ContextPolicyRuleConditionAllOf{}
+	return &this
+}
+
+// GetExpression returns the Expression field value if set, zero value otherwise.
+func (o *ContextPolicyRuleConditionAllOf) GetExpression() string {
+	if o == nil || o.Expression == nil {
+		var ret string
+		return ret
+	}
+	return *o.Expression
+}
+
+// GetExpressionOk returns a tuple with the Expression field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ContextPolicyRuleConditionAllOf) GetExpressionOk() (*string, bool) {
+	if o == nil || o.Expression == nil {
+		return nil, false
+	}
+	return o.Expression, true
+}
+
+// HasExpression returns a boolean if a field has been set.
+func (o *ContextPolicyRuleConditionAllOf) HasExpression() bool {
+	if o != nil && o.Expression != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpression gets a reference to the given string and assigns it to the Expression field.
+func (o *ContextPolicyRuleConditionAllOf) SetExpression(v string) {
+	o.Expression = &v
+}
+
+func (o ContextPolicyRuleConditionAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Expression != nil {
+		toSerialize["expression"] = o.Expression
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ContextPolicyRuleConditionAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varContextPolicyRuleConditionAllOf := _ContextPolicyRuleConditionAllOf{}
+
+	err = json.Unmarshal(bytes, &varContextPolicyRuleConditionAllOf)
+	if err == nil {
+		*o = ContextPolicyRuleConditionAllOf(varContextPolicyRuleConditionAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expression")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableContextPolicyRuleConditionAllOf struct {
+	value *ContextPolicyRuleConditionAllOf
+	isSet bool
+}
+
+func (v NullableContextPolicyRuleConditionAllOf) Get() *ContextPolicyRuleConditionAllOf {
+	return v.value
+}
+
+func (v *NullableContextPolicyRuleConditionAllOf) Set(val *ContextPolicyRuleConditionAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableContextPolicyRuleConditionAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableContextPolicyRuleConditionAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableContextPolicyRuleConditionAllOf(val *ContextPolicyRuleConditionAllOf) *NullableContextPolicyRuleConditionAllOf {
+	return &NullableContextPolicyRuleConditionAllOf{value: val, isSet: true}
+}
+
+func (v NullableContextPolicyRuleConditionAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableContextPolicyRuleConditionAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_create_brand_domain_request.go b/okta/model_create_brand_domain_request.go
new file mode 100644
index 000000000..372350192
--- /dev/null
+++ b/okta/model_create_brand_domain_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CreateBrandDomainRequest struct for CreateBrandDomainRequest
+type CreateBrandDomainRequest struct {
+	DomainId             *string `json:"domainId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CreateBrandDomainRequest CreateBrandDomainRequest
+
+// NewCreateBrandDomainRequest instantiates a new CreateBrandDomainRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCreateBrandDomainRequest() *CreateBrandDomainRequest {
+	this := CreateBrandDomainRequest{}
+	return &this
+}
+
+// NewCreateBrandDomainRequestWithDefaults instantiates a new CreateBrandDomainRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCreateBrandDomainRequestWithDefaults() *CreateBrandDomainRequest {
+	this := CreateBrandDomainRequest{}
+	return &this
+}
+
+// GetDomainId returns the DomainId field value if set, zero value otherwise.
+func (o *CreateBrandDomainRequest) GetDomainId() string {
+	if o == nil || o.DomainId == nil {
+		var ret string
+		return ret
+	}
+	return *o.DomainId
+}
+
+// GetDomainIdOk returns a tuple with the DomainId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CreateBrandDomainRequest) GetDomainIdOk() (*string, bool) {
+	if o == nil || o.DomainId == nil {
+		return nil, false
+	}
+	return o.DomainId, true
+}
+
+// HasDomainId returns a boolean if a field has been set.
+func (o *CreateBrandDomainRequest) HasDomainId() bool {
+	if o != nil && o.DomainId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomainId gets a reference to the given string and assigns it to the DomainId field.
+func (o *CreateBrandDomainRequest) SetDomainId(v string) {
+	o.DomainId = &v
+}
+
+func (o CreateBrandDomainRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DomainId != nil {
+		toSerialize["domainId"] = o.DomainId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CreateBrandDomainRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varCreateBrandDomainRequest := _CreateBrandDomainRequest{}
+
+	err = json.Unmarshal(bytes, &varCreateBrandDomainRequest)
+	if err == nil {
+		*o = CreateBrandDomainRequest(varCreateBrandDomainRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "domainId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCreateBrandDomainRequest struct {
+	value *CreateBrandDomainRequest
+	isSet bool
+}
+
+func (v NullableCreateBrandDomainRequest) Get() *CreateBrandDomainRequest {
+	return v.value
+}
+
+func (v *NullableCreateBrandDomainRequest) Set(val *CreateBrandDomainRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCreateBrandDomainRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCreateBrandDomainRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCreateBrandDomainRequest(val *CreateBrandDomainRequest) *NullableCreateBrandDomainRequest {
+	return &NullableCreateBrandDomainRequest{value: val, isSet: true}
+}
+
+func (v NullableCreateBrandDomainRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCreateBrandDomainRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_create_brand_request.go b/okta/model_create_brand_request.go
new file mode 100644
index 000000000..450bda471
--- /dev/null
+++ b/okta/model_create_brand_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CreateBrandRequest struct for CreateBrandRequest
+type CreateBrandRequest struct {
+	Name                 *string `json:"name,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CreateBrandRequest CreateBrandRequest
+
+// NewCreateBrandRequest instantiates a new CreateBrandRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCreateBrandRequest() *CreateBrandRequest {
+	this := CreateBrandRequest{}
+	return &this
+}
+
+// NewCreateBrandRequestWithDefaults instantiates a new CreateBrandRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCreateBrandRequestWithDefaults() *CreateBrandRequest {
+	this := CreateBrandRequest{}
+	return &this
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *CreateBrandRequest) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CreateBrandRequest) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *CreateBrandRequest) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *CreateBrandRequest) SetName(v string) {
+	o.Name = &v
+}
+
+func (o CreateBrandRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CreateBrandRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varCreateBrandRequest := _CreateBrandRequest{}
+
+	err = json.Unmarshal(bytes, &varCreateBrandRequest)
+	if err == nil {
+		*o = CreateBrandRequest(varCreateBrandRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "name")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCreateBrandRequest struct {
+	value *CreateBrandRequest
+	isSet bool
+}
+
+func (v NullableCreateBrandRequest) Get() *CreateBrandRequest {
+	return v.value
+}
+
+func (v *NullableCreateBrandRequest) Set(val *CreateBrandRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCreateBrandRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCreateBrandRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCreateBrandRequest(val *CreateBrandRequest) *NullableCreateBrandRequest {
+	return &NullableCreateBrandRequest{value: val, isSet: true}
+}
+
+func (v NullableCreateBrandRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCreateBrandRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_create_session_request.go b/okta/model_create_session_request.go
new file mode 100644
index 000000000..7edf9eeec
--- /dev/null
+++ b/okta/model_create_session_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CreateSessionRequest struct for CreateSessionRequest
+type CreateSessionRequest struct {
+	SessionToken         *string `json:"sessionToken,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CreateSessionRequest CreateSessionRequest
+
+// NewCreateSessionRequest instantiates a new CreateSessionRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCreateSessionRequest() *CreateSessionRequest {
+	this := CreateSessionRequest{}
+	return &this
+}
+
+// NewCreateSessionRequestWithDefaults instantiates a new CreateSessionRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCreateSessionRequestWithDefaults() *CreateSessionRequest {
+	this := CreateSessionRequest{}
+	return &this
+}
+
+// GetSessionToken returns the SessionToken field value if set, zero value otherwise.
+func (o *CreateSessionRequest) GetSessionToken() string {
+	if o == nil || o.SessionToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.SessionToken
+}
+
+// GetSessionTokenOk returns a tuple with the SessionToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CreateSessionRequest) GetSessionTokenOk() (*string, bool) {
+	if o == nil || o.SessionToken == nil {
+		return nil, false
+	}
+	return o.SessionToken, true
+}
+
+// HasSessionToken returns a boolean if a field has been set.
+func (o *CreateSessionRequest) HasSessionToken() bool {
+	if o != nil && o.SessionToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSessionToken gets a reference to the given string and assigns it to the SessionToken field.
+func (o *CreateSessionRequest) SetSessionToken(v string) {
+	o.SessionToken = &v
+}
+
+func (o CreateSessionRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.SessionToken != nil {
+		toSerialize["sessionToken"] = o.SessionToken
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CreateSessionRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varCreateSessionRequest := _CreateSessionRequest{}
+
+	err = json.Unmarshal(bytes, &varCreateSessionRequest)
+	if err == nil {
+		*o = CreateSessionRequest(varCreateSessionRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "sessionToken")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCreateSessionRequest struct {
+	value *CreateSessionRequest
+	isSet bool
+}
+
+func (v NullableCreateSessionRequest) Get() *CreateSessionRequest {
+	return v.value
+}
+
+func (v *NullableCreateSessionRequest) Set(val *CreateSessionRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCreateSessionRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCreateSessionRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCreateSessionRequest(val *CreateSessionRequest) *NullableCreateSessionRequest {
+	return &NullableCreateSessionRequest{value: val, isSet: true}
+}
+
+func (v NullableCreateSessionRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCreateSessionRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_create_user_request.go b/okta/model_create_user_request.go
new file mode 100644
index 000000000..272d4ec76
--- /dev/null
+++ b/okta/model_create_user_request.go
@@ -0,0 +1,262 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CreateUserRequest struct for CreateUserRequest
+type CreateUserRequest struct {
+	Credentials          *UserCredentials `json:"credentials,omitempty"`
+	GroupIds             []string         `json:"groupIds,omitempty"`
+	Profile              UserProfile      `json:"profile"`
+	Type                 *UserType        `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CreateUserRequest CreateUserRequest
+
+// NewCreateUserRequest instantiates a new CreateUserRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCreateUserRequest(profile UserProfile) *CreateUserRequest {
+	this := CreateUserRequest{}
+	this.Profile = profile
+	return &this
+}
+
+// NewCreateUserRequestWithDefaults instantiates a new CreateUserRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCreateUserRequestWithDefaults() *CreateUserRequest {
+	this := CreateUserRequest{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *CreateUserRequest) GetCredentials() UserCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret UserCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CreateUserRequest) GetCredentialsOk() (*UserCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *CreateUserRequest) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given UserCredentials and assigns it to the Credentials field.
+func (o *CreateUserRequest) SetCredentials(v UserCredentials) {
+	o.Credentials = &v
+}
+
+// GetGroupIds returns the GroupIds field value if set, zero value otherwise.
+func (o *CreateUserRequest) GetGroupIds() []string {
+	if o == nil || o.GroupIds == nil {
+		var ret []string
+		return ret
+	}
+	return o.GroupIds
+}
+
+// GetGroupIdsOk returns a tuple with the GroupIds field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CreateUserRequest) GetGroupIdsOk() ([]string, bool) {
+	if o == nil || o.GroupIds == nil {
+		return nil, false
+	}
+	return o.GroupIds, true
+}
+
+// HasGroupIds returns a boolean if a field has been set.
+func (o *CreateUserRequest) HasGroupIds() bool {
+	if o != nil && o.GroupIds != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroupIds gets a reference to the given []string and assigns it to the GroupIds field.
+func (o *CreateUserRequest) SetGroupIds(v []string) {
+	o.GroupIds = v
+}
+
+// GetProfile returns the Profile field value
+func (o *CreateUserRequest) GetProfile() UserProfile {
+	if o == nil {
+		var ret UserProfile
+		return ret
+	}
+
+	return o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value
+// and a boolean to check if the value has been set.
+func (o *CreateUserRequest) GetProfileOk() (*UserProfile, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Profile, true
+}
+
+// SetProfile sets field value
+func (o *CreateUserRequest) SetProfile(v UserProfile) {
+	o.Profile = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *CreateUserRequest) GetType() UserType {
+	if o == nil || o.Type == nil {
+		var ret UserType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CreateUserRequest) GetTypeOk() (*UserType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *CreateUserRequest) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given UserType and assigns it to the Type field.
+func (o *CreateUserRequest) SetType(v UserType) {
+	o.Type = &v
+}
+
+func (o CreateUserRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.GroupIds != nil {
+		toSerialize["groupIds"] = o.GroupIds
+	}
+	if true {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CreateUserRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varCreateUserRequest := _CreateUserRequest{}
+
+	err = json.Unmarshal(bytes, &varCreateUserRequest)
+	if err == nil {
+		*o = CreateUserRequest(varCreateUserRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "groupIds")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCreateUserRequest struct {
+	value *CreateUserRequest
+	isSet bool
+}
+
+func (v NullableCreateUserRequest) Get() *CreateUserRequest {
+	return v.value
+}
+
+func (v *NullableCreateUserRequest) Set(val *CreateUserRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCreateUserRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCreateUserRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCreateUserRequest(val *CreateUserRequest) *NullableCreateUserRequest {
+	return &NullableCreateUserRequest{value: val, isSet: true}
+}
+
+func (v NullableCreateUserRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCreateUserRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_csr.go b/okta/model_csr.go
new file mode 100644
index 000000000..75d7fe7ee
--- /dev/null
+++ b/okta/model_csr.go
@@ -0,0 +1,270 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Csr struct for Csr
+type Csr struct {
+	Created              *time.Time `json:"created,omitempty"`
+	Csr                  *string    `json:"csr,omitempty"`
+	Id                   *string    `json:"id,omitempty"`
+	Kty                  *string    `json:"kty,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Csr Csr
+
+// NewCsr instantiates a new Csr object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCsr() *Csr {
+	this := Csr{}
+	return &this
+}
+
+// NewCsrWithDefaults instantiates a new Csr object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCsrWithDefaults() *Csr {
+	this := Csr{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Csr) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Csr) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Csr) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Csr) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCsr returns the Csr field value if set, zero value otherwise.
+func (o *Csr) GetCsr() string {
+	if o == nil || o.Csr == nil {
+		var ret string
+		return ret
+	}
+	return *o.Csr
+}
+
+// GetCsrOk returns a tuple with the Csr field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Csr) GetCsrOk() (*string, bool) {
+	if o == nil || o.Csr == nil {
+		return nil, false
+	}
+	return o.Csr, true
+}
+
+// HasCsr returns a boolean if a field has been set.
+func (o *Csr) HasCsr() bool {
+	if o != nil && o.Csr != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCsr gets a reference to the given string and assigns it to the Csr field.
+func (o *Csr) SetCsr(v string) {
+	o.Csr = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Csr) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Csr) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Csr) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Csr) SetId(v string) {
+	o.Id = &v
+}
+
+// GetKty returns the Kty field value if set, zero value otherwise.
+func (o *Csr) GetKty() string {
+	if o == nil || o.Kty == nil {
+		var ret string
+		return ret
+	}
+	return *o.Kty
+}
+
+// GetKtyOk returns a tuple with the Kty field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Csr) GetKtyOk() (*string, bool) {
+	if o == nil || o.Kty == nil {
+		return nil, false
+	}
+	return o.Kty, true
+}
+
+// HasKty returns a boolean if a field has been set.
+func (o *Csr) HasKty() bool {
+	if o != nil && o.Kty != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKty gets a reference to the given string and assigns it to the Kty field.
+func (o *Csr) SetKty(v string) {
+	o.Kty = &v
+}
+
+func (o Csr) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Csr != nil {
+		toSerialize["csr"] = o.Csr
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Kty != nil {
+		toSerialize["kty"] = o.Kty
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Csr) UnmarshalJSON(bytes []byte) (err error) {
+	varCsr := _Csr{}
+
+	err = json.Unmarshal(bytes, &varCsr)
+	if err == nil {
+		*o = Csr(varCsr)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "csr")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "kty")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCsr struct {
+	value *Csr
+	isSet bool
+}
+
+func (v NullableCsr) Get() *Csr {
+	return v.value
+}
+
+func (v *NullableCsr) Set(val *Csr) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCsr) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCsr) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCsr(val *Csr) *NullableCsr {
+	return &NullableCsr{value: val, isSet: true}
+}
+
+func (v NullableCsr) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCsr) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_csr_metadata.go b/okta/model_csr_metadata.go
new file mode 100644
index 000000000..4249da650
--- /dev/null
+++ b/okta/model_csr_metadata.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CsrMetadata struct for CsrMetadata
+type CsrMetadata struct {
+	Subject              *CsrMetadataSubject         `json:"subject,omitempty"`
+	SubjectAltNames      *CsrMetadataSubjectAltNames `json:"subjectAltNames,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CsrMetadata CsrMetadata
+
+// NewCsrMetadata instantiates a new CsrMetadata object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCsrMetadata() *CsrMetadata {
+	this := CsrMetadata{}
+	return &this
+}
+
+// NewCsrMetadataWithDefaults instantiates a new CsrMetadata object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCsrMetadataWithDefaults() *CsrMetadata {
+	this := CsrMetadata{}
+	return &this
+}
+
+// GetSubject returns the Subject field value if set, zero value otherwise.
+func (o *CsrMetadata) GetSubject() CsrMetadataSubject {
+	if o == nil || o.Subject == nil {
+		var ret CsrMetadataSubject
+		return ret
+	}
+	return *o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadata) GetSubjectOk() (*CsrMetadataSubject, bool) {
+	if o == nil || o.Subject == nil {
+		return nil, false
+	}
+	return o.Subject, true
+}
+
+// HasSubject returns a boolean if a field has been set.
+func (o *CsrMetadata) HasSubject() bool {
+	if o != nil && o.Subject != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubject gets a reference to the given CsrMetadataSubject and assigns it to the Subject field.
+func (o *CsrMetadata) SetSubject(v CsrMetadataSubject) {
+	o.Subject = &v
+}
+
+// GetSubjectAltNames returns the SubjectAltNames field value if set, zero value otherwise.
+func (o *CsrMetadata) GetSubjectAltNames() CsrMetadataSubjectAltNames {
+	if o == nil || o.SubjectAltNames == nil {
+		var ret CsrMetadataSubjectAltNames
+		return ret
+	}
+	return *o.SubjectAltNames
+}
+
+// GetSubjectAltNamesOk returns a tuple with the SubjectAltNames field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadata) GetSubjectAltNamesOk() (*CsrMetadataSubjectAltNames, bool) {
+	if o == nil || o.SubjectAltNames == nil {
+		return nil, false
+	}
+	return o.SubjectAltNames, true
+}
+
+// HasSubjectAltNames returns a boolean if a field has been set.
+func (o *CsrMetadata) HasSubjectAltNames() bool {
+	if o != nil && o.SubjectAltNames != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubjectAltNames gets a reference to the given CsrMetadataSubjectAltNames and assigns it to the SubjectAltNames field.
+func (o *CsrMetadata) SetSubjectAltNames(v CsrMetadataSubjectAltNames) {
+	o.SubjectAltNames = &v
+}
+
+func (o CsrMetadata) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Subject != nil {
+		toSerialize["subject"] = o.Subject
+	}
+	if o.SubjectAltNames != nil {
+		toSerialize["subjectAltNames"] = o.SubjectAltNames
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CsrMetadata) UnmarshalJSON(bytes []byte) (err error) {
+	varCsrMetadata := _CsrMetadata{}
+
+	err = json.Unmarshal(bytes, &varCsrMetadata)
+	if err == nil {
+		*o = CsrMetadata(varCsrMetadata)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "subject")
+		delete(additionalProperties, "subjectAltNames")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCsrMetadata struct {
+	value *CsrMetadata
+	isSet bool
+}
+
+func (v NullableCsrMetadata) Get() *CsrMetadata {
+	return v.value
+}
+
+func (v *NullableCsrMetadata) Set(val *CsrMetadata) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCsrMetadata) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCsrMetadata) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCsrMetadata(val *CsrMetadata) *NullableCsrMetadata {
+	return &NullableCsrMetadata{value: val, isSet: true}
+}
+
+func (v NullableCsrMetadata) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCsrMetadata) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_csr_metadata_subject.go b/okta/model_csr_metadata_subject.go
new file mode 100644
index 000000000..d6b7bad9c
--- /dev/null
+++ b/okta/model_csr_metadata_subject.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CsrMetadataSubject struct for CsrMetadataSubject
+type CsrMetadataSubject struct {
+	CommonName             *string `json:"commonName,omitempty"`
+	CountryName            *string `json:"countryName,omitempty"`
+	LocalityName           *string `json:"localityName,omitempty"`
+	OrganizationalUnitName *string `json:"organizationalUnitName,omitempty"`
+	OrganizationName       *string `json:"organizationName,omitempty"`
+	StateOrProvinceName    *string `json:"stateOrProvinceName,omitempty"`
+	AdditionalProperties   map[string]interface{}
+}
+
+type _CsrMetadataSubject CsrMetadataSubject
+
+// NewCsrMetadataSubject instantiates a new CsrMetadataSubject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCsrMetadataSubject() *CsrMetadataSubject {
+	this := CsrMetadataSubject{}
+	return &this
+}
+
+// NewCsrMetadataSubjectWithDefaults instantiates a new CsrMetadataSubject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCsrMetadataSubjectWithDefaults() *CsrMetadataSubject {
+	this := CsrMetadataSubject{}
+	return &this
+}
+
+// GetCommonName returns the CommonName field value if set, zero value otherwise.
+func (o *CsrMetadataSubject) GetCommonName() string {
+	if o == nil || o.CommonName == nil {
+		var ret string
+		return ret
+	}
+	return *o.CommonName
+}
+
+// GetCommonNameOk returns a tuple with the CommonName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadataSubject) GetCommonNameOk() (*string, bool) {
+	if o == nil || o.CommonName == nil {
+		return nil, false
+	}
+	return o.CommonName, true
+}
+
+// HasCommonName returns a boolean if a field has been set.
+func (o *CsrMetadataSubject) HasCommonName() bool {
+	if o != nil && o.CommonName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCommonName gets a reference to the given string and assigns it to the CommonName field.
+func (o *CsrMetadataSubject) SetCommonName(v string) {
+	o.CommonName = &v
+}
+
+// GetCountryName returns the CountryName field value if set, zero value otherwise.
+func (o *CsrMetadataSubject) GetCountryName() string {
+	if o == nil || o.CountryName == nil {
+		var ret string
+		return ret
+	}
+	return *o.CountryName
+}
+
+// GetCountryNameOk returns a tuple with the CountryName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadataSubject) GetCountryNameOk() (*string, bool) {
+	if o == nil || o.CountryName == nil {
+		return nil, false
+	}
+	return o.CountryName, true
+}
+
+// HasCountryName returns a boolean if a field has been set.
+func (o *CsrMetadataSubject) HasCountryName() bool {
+	if o != nil && o.CountryName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCountryName gets a reference to the given string and assigns it to the CountryName field.
+func (o *CsrMetadataSubject) SetCountryName(v string) {
+	o.CountryName = &v
+}
+
+// GetLocalityName returns the LocalityName field value if set, zero value otherwise.
+func (o *CsrMetadataSubject) GetLocalityName() string {
+	if o == nil || o.LocalityName == nil {
+		var ret string
+		return ret
+	}
+	return *o.LocalityName
+}
+
+// GetLocalityNameOk returns a tuple with the LocalityName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadataSubject) GetLocalityNameOk() (*string, bool) {
+	if o == nil || o.LocalityName == nil {
+		return nil, false
+	}
+	return o.LocalityName, true
+}
+
+// HasLocalityName returns a boolean if a field has been set.
+func (o *CsrMetadataSubject) HasLocalityName() bool {
+	if o != nil && o.LocalityName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLocalityName gets a reference to the given string and assigns it to the LocalityName field.
+func (o *CsrMetadataSubject) SetLocalityName(v string) {
+	o.LocalityName = &v
+}
+
+// GetOrganizationalUnitName returns the OrganizationalUnitName field value if set, zero value otherwise.
+func (o *CsrMetadataSubject) GetOrganizationalUnitName() string {
+	if o == nil || o.OrganizationalUnitName == nil {
+		var ret string
+		return ret
+	}
+	return *o.OrganizationalUnitName
+}
+
+// GetOrganizationalUnitNameOk returns a tuple with the OrganizationalUnitName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadataSubject) GetOrganizationalUnitNameOk() (*string, bool) {
+	if o == nil || o.OrganizationalUnitName == nil {
+		return nil, false
+	}
+	return o.OrganizationalUnitName, true
+}
+
+// HasOrganizationalUnitName returns a boolean if a field has been set.
+func (o *CsrMetadataSubject) HasOrganizationalUnitName() bool {
+	if o != nil && o.OrganizationalUnitName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOrganizationalUnitName gets a reference to the given string and assigns it to the OrganizationalUnitName field.
+func (o *CsrMetadataSubject) SetOrganizationalUnitName(v string) {
+	o.OrganizationalUnitName = &v
+}
+
+// GetOrganizationName returns the OrganizationName field value if set, zero value otherwise.
+func (o *CsrMetadataSubject) GetOrganizationName() string {
+	if o == nil || o.OrganizationName == nil {
+		var ret string
+		return ret
+	}
+	return *o.OrganizationName
+}
+
+// GetOrganizationNameOk returns a tuple with the OrganizationName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadataSubject) GetOrganizationNameOk() (*string, bool) {
+	if o == nil || o.OrganizationName == nil {
+		return nil, false
+	}
+	return o.OrganizationName, true
+}
+
+// HasOrganizationName returns a boolean if a field has been set.
+func (o *CsrMetadataSubject) HasOrganizationName() bool {
+	if o != nil && o.OrganizationName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOrganizationName gets a reference to the given string and assigns it to the OrganizationName field.
+func (o *CsrMetadataSubject) SetOrganizationName(v string) {
+	o.OrganizationName = &v
+}
+
+// GetStateOrProvinceName returns the StateOrProvinceName field value if set, zero value otherwise.
+func (o *CsrMetadataSubject) GetStateOrProvinceName() string {
+	if o == nil || o.StateOrProvinceName == nil {
+		var ret string
+		return ret
+	}
+	return *o.StateOrProvinceName
+}
+
+// GetStateOrProvinceNameOk returns a tuple with the StateOrProvinceName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadataSubject) GetStateOrProvinceNameOk() (*string, bool) {
+	if o == nil || o.StateOrProvinceName == nil {
+		return nil, false
+	}
+	return o.StateOrProvinceName, true
+}
+
+// HasStateOrProvinceName returns a boolean if a field has been set.
+func (o *CsrMetadataSubject) HasStateOrProvinceName() bool {
+	if o != nil && o.StateOrProvinceName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStateOrProvinceName gets a reference to the given string and assigns it to the StateOrProvinceName field.
+func (o *CsrMetadataSubject) SetStateOrProvinceName(v string) {
+	o.StateOrProvinceName = &v
+}
+
+func (o CsrMetadataSubject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CommonName != nil {
+		toSerialize["commonName"] = o.CommonName
+	}
+	if o.CountryName != nil {
+		toSerialize["countryName"] = o.CountryName
+	}
+	if o.LocalityName != nil {
+		toSerialize["localityName"] = o.LocalityName
+	}
+	if o.OrganizationalUnitName != nil {
+		toSerialize["organizationalUnitName"] = o.OrganizationalUnitName
+	}
+	if o.OrganizationName != nil {
+		toSerialize["organizationName"] = o.OrganizationName
+	}
+	if o.StateOrProvinceName != nil {
+		toSerialize["stateOrProvinceName"] = o.StateOrProvinceName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CsrMetadataSubject) UnmarshalJSON(bytes []byte) (err error) {
+	varCsrMetadataSubject := _CsrMetadataSubject{}
+
+	err = json.Unmarshal(bytes, &varCsrMetadataSubject)
+	if err == nil {
+		*o = CsrMetadataSubject(varCsrMetadataSubject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "commonName")
+		delete(additionalProperties, "countryName")
+		delete(additionalProperties, "localityName")
+		delete(additionalProperties, "organizationalUnitName")
+		delete(additionalProperties, "organizationName")
+		delete(additionalProperties, "stateOrProvinceName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCsrMetadataSubject struct {
+	value *CsrMetadataSubject
+	isSet bool
+}
+
+func (v NullableCsrMetadataSubject) Get() *CsrMetadataSubject {
+	return v.value
+}
+
+func (v *NullableCsrMetadataSubject) Set(val *CsrMetadataSubject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCsrMetadataSubject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCsrMetadataSubject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCsrMetadataSubject(val *CsrMetadataSubject) *NullableCsrMetadataSubject {
+	return &NullableCsrMetadataSubject{value: val, isSet: true}
+}
+
+func (v NullableCsrMetadataSubject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCsrMetadataSubject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_csr_metadata_subject_alt_names.go b/okta/model_csr_metadata_subject_alt_names.go
new file mode 100644
index 000000000..4e0ec3a12
--- /dev/null
+++ b/okta/model_csr_metadata_subject_alt_names.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CsrMetadataSubjectAltNames struct for CsrMetadataSubjectAltNames
+type CsrMetadataSubjectAltNames struct {
+	DnsNames             []string `json:"dnsNames,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CsrMetadataSubjectAltNames CsrMetadataSubjectAltNames
+
+// NewCsrMetadataSubjectAltNames instantiates a new CsrMetadataSubjectAltNames object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCsrMetadataSubjectAltNames() *CsrMetadataSubjectAltNames {
+	this := CsrMetadataSubjectAltNames{}
+	return &this
+}
+
+// NewCsrMetadataSubjectAltNamesWithDefaults instantiates a new CsrMetadataSubjectAltNames object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCsrMetadataSubjectAltNamesWithDefaults() *CsrMetadataSubjectAltNames {
+	this := CsrMetadataSubjectAltNames{}
+	return &this
+}
+
+// GetDnsNames returns the DnsNames field value if set, zero value otherwise.
+func (o *CsrMetadataSubjectAltNames) GetDnsNames() []string {
+	if o == nil || o.DnsNames == nil {
+		var ret []string
+		return ret
+	}
+	return o.DnsNames
+}
+
+// GetDnsNamesOk returns a tuple with the DnsNames field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CsrMetadataSubjectAltNames) GetDnsNamesOk() ([]string, bool) {
+	if o == nil || o.DnsNames == nil {
+		return nil, false
+	}
+	return o.DnsNames, true
+}
+
+// HasDnsNames returns a boolean if a field has been set.
+func (o *CsrMetadataSubjectAltNames) HasDnsNames() bool {
+	if o != nil && o.DnsNames != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDnsNames gets a reference to the given []string and assigns it to the DnsNames field.
+func (o *CsrMetadataSubjectAltNames) SetDnsNames(v []string) {
+	o.DnsNames = v
+}
+
+func (o CsrMetadataSubjectAltNames) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DnsNames != nil {
+		toSerialize["dnsNames"] = o.DnsNames
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CsrMetadataSubjectAltNames) UnmarshalJSON(bytes []byte) (err error) {
+	varCsrMetadataSubjectAltNames := _CsrMetadataSubjectAltNames{}
+
+	err = json.Unmarshal(bytes, &varCsrMetadataSubjectAltNames)
+	if err == nil {
+		*o = CsrMetadataSubjectAltNames(varCsrMetadataSubjectAltNames)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "dnsNames")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCsrMetadataSubjectAltNames struct {
+	value *CsrMetadataSubjectAltNames
+	isSet bool
+}
+
+func (v NullableCsrMetadataSubjectAltNames) Get() *CsrMetadataSubjectAltNames {
+	return v.value
+}
+
+func (v *NullableCsrMetadataSubjectAltNames) Set(val *CsrMetadataSubjectAltNames) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCsrMetadataSubjectAltNames) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCsrMetadataSubjectAltNames) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCsrMetadataSubjectAltNames(val *CsrMetadataSubjectAltNames) *NullableCsrMetadataSubjectAltNames {
+	return &NullableCsrMetadataSubjectAltNames{value: val, isSet: true}
+}
+
+func (v NullableCsrMetadataSubjectAltNames) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCsrMetadataSubjectAltNames) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_custom_hotp_user_factor.go b/okta/model_custom_hotp_user_factor.go
new file mode 100644
index 000000000..54dcf016e
--- /dev/null
+++ b/okta/model_custom_hotp_user_factor.go
@@ -0,0 +1,242 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// CustomHotpUserFactor struct for CustomHotpUserFactor
+type CustomHotpUserFactor struct {
+	UserFactor
+	FactorProfileId      *string                      `json:"factorProfileId,omitempty"`
+	Profile              *CustomHotpUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CustomHotpUserFactor CustomHotpUserFactor
+
+// NewCustomHotpUserFactor instantiates a new CustomHotpUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCustomHotpUserFactor() *CustomHotpUserFactor {
+	this := CustomHotpUserFactor{}
+	return &this
+}
+
+// NewCustomHotpUserFactorWithDefaults instantiates a new CustomHotpUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCustomHotpUserFactorWithDefaults() *CustomHotpUserFactor {
+	this := CustomHotpUserFactor{}
+	return &this
+}
+
+// GetFactorProfileId returns the FactorProfileId field value if set, zero value otherwise.
+func (o *CustomHotpUserFactor) GetFactorProfileId() string {
+	if o == nil || o.FactorProfileId == nil {
+		var ret string
+		return ret
+	}
+	return *o.FactorProfileId
+}
+
+// GetFactorProfileIdOk returns a tuple with the FactorProfileId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CustomHotpUserFactor) GetFactorProfileIdOk() (*string, bool) {
+	if o == nil || o.FactorProfileId == nil {
+		return nil, false
+	}
+	return o.FactorProfileId, true
+}
+
+// HasFactorProfileId returns a boolean if a field has been set.
+func (o *CustomHotpUserFactor) HasFactorProfileId() bool {
+	if o != nil && o.FactorProfileId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorProfileId gets a reference to the given string and assigns it to the FactorProfileId field.
+func (o *CustomHotpUserFactor) SetFactorProfileId(v string) {
+	o.FactorProfileId = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *CustomHotpUserFactor) GetProfile() CustomHotpUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret CustomHotpUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CustomHotpUserFactor) GetProfileOk() (*CustomHotpUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *CustomHotpUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given CustomHotpUserFactorProfile and assigns it to the Profile field.
+func (o *CustomHotpUserFactor) SetProfile(v CustomHotpUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o CustomHotpUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.FactorProfileId != nil {
+		toSerialize["factorProfileId"] = o.FactorProfileId
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CustomHotpUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type CustomHotpUserFactorWithoutEmbeddedStruct struct {
+		FactorProfileId *string                      `json:"factorProfileId,omitempty"`
+		Profile         *CustomHotpUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varCustomHotpUserFactorWithoutEmbeddedStruct := CustomHotpUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varCustomHotpUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varCustomHotpUserFactor := _CustomHotpUserFactor{}
+		varCustomHotpUserFactor.FactorProfileId = varCustomHotpUserFactorWithoutEmbeddedStruct.FactorProfileId
+		varCustomHotpUserFactor.Profile = varCustomHotpUserFactorWithoutEmbeddedStruct.Profile
+		*o = CustomHotpUserFactor(varCustomHotpUserFactor)
+	} else {
+		return err
+	}
+
+	varCustomHotpUserFactor := _CustomHotpUserFactor{}
+
+	err = json.Unmarshal(bytes, &varCustomHotpUserFactor)
+	if err == nil {
+		o.UserFactor = varCustomHotpUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "factorProfileId")
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCustomHotpUserFactor struct {
+	value *CustomHotpUserFactor
+	isSet bool
+}
+
+func (v NullableCustomHotpUserFactor) Get() *CustomHotpUserFactor {
+	return v.value
+}
+
+func (v *NullableCustomHotpUserFactor) Set(val *CustomHotpUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCustomHotpUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCustomHotpUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCustomHotpUserFactor(val *CustomHotpUserFactor) *NullableCustomHotpUserFactor {
+	return &NullableCustomHotpUserFactor{value: val, isSet: true}
+}
+
+func (v NullableCustomHotpUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCustomHotpUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_custom_hotp_user_factor_all_of.go b/okta/model_custom_hotp_user_factor_all_of.go
new file mode 100644
index 000000000..79e6f5962
--- /dev/null
+++ b/okta/model_custom_hotp_user_factor_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CustomHotpUserFactorAllOf struct for CustomHotpUserFactorAllOf
+type CustomHotpUserFactorAllOf struct {
+	FactorProfileId      *string                      `json:"factorProfileId,omitempty"`
+	Profile              *CustomHotpUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CustomHotpUserFactorAllOf CustomHotpUserFactorAllOf
+
+// NewCustomHotpUserFactorAllOf instantiates a new CustomHotpUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCustomHotpUserFactorAllOf() *CustomHotpUserFactorAllOf {
+	this := CustomHotpUserFactorAllOf{}
+	return &this
+}
+
+// NewCustomHotpUserFactorAllOfWithDefaults instantiates a new CustomHotpUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCustomHotpUserFactorAllOfWithDefaults() *CustomHotpUserFactorAllOf {
+	this := CustomHotpUserFactorAllOf{}
+	return &this
+}
+
+// GetFactorProfileId returns the FactorProfileId field value if set, zero value otherwise.
+func (o *CustomHotpUserFactorAllOf) GetFactorProfileId() string {
+	if o == nil || o.FactorProfileId == nil {
+		var ret string
+		return ret
+	}
+	return *o.FactorProfileId
+}
+
+// GetFactorProfileIdOk returns a tuple with the FactorProfileId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CustomHotpUserFactorAllOf) GetFactorProfileIdOk() (*string, bool) {
+	if o == nil || o.FactorProfileId == nil {
+		return nil, false
+	}
+	return o.FactorProfileId, true
+}
+
+// HasFactorProfileId returns a boolean if a field has been set.
+func (o *CustomHotpUserFactorAllOf) HasFactorProfileId() bool {
+	if o != nil && o.FactorProfileId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorProfileId gets a reference to the given string and assigns it to the FactorProfileId field.
+func (o *CustomHotpUserFactorAllOf) SetFactorProfileId(v string) {
+	o.FactorProfileId = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *CustomHotpUserFactorAllOf) GetProfile() CustomHotpUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret CustomHotpUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CustomHotpUserFactorAllOf) GetProfileOk() (*CustomHotpUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *CustomHotpUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given CustomHotpUserFactorProfile and assigns it to the Profile field.
+func (o *CustomHotpUserFactorAllOf) SetProfile(v CustomHotpUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o CustomHotpUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.FactorProfileId != nil {
+		toSerialize["factorProfileId"] = o.FactorProfileId
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CustomHotpUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varCustomHotpUserFactorAllOf := _CustomHotpUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varCustomHotpUserFactorAllOf)
+	if err == nil {
+		*o = CustomHotpUserFactorAllOf(varCustomHotpUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "factorProfileId")
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCustomHotpUserFactorAllOf struct {
+	value *CustomHotpUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableCustomHotpUserFactorAllOf) Get() *CustomHotpUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableCustomHotpUserFactorAllOf) Set(val *CustomHotpUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCustomHotpUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCustomHotpUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCustomHotpUserFactorAllOf(val *CustomHotpUserFactorAllOf) *NullableCustomHotpUserFactorAllOf {
+	return &NullableCustomHotpUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableCustomHotpUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCustomHotpUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_custom_hotp_user_factor_profile.go b/okta/model_custom_hotp_user_factor_profile.go
new file mode 100644
index 000000000..eeb01c819
--- /dev/null
+++ b/okta/model_custom_hotp_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CustomHotpUserFactorProfile struct for CustomHotpUserFactorProfile
+type CustomHotpUserFactorProfile struct {
+	SharedSecret         *string `json:"sharedSecret,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CustomHotpUserFactorProfile CustomHotpUserFactorProfile
+
+// NewCustomHotpUserFactorProfile instantiates a new CustomHotpUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCustomHotpUserFactorProfile() *CustomHotpUserFactorProfile {
+	this := CustomHotpUserFactorProfile{}
+	return &this
+}
+
+// NewCustomHotpUserFactorProfileWithDefaults instantiates a new CustomHotpUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCustomHotpUserFactorProfileWithDefaults() *CustomHotpUserFactorProfile {
+	this := CustomHotpUserFactorProfile{}
+	return &this
+}
+
+// GetSharedSecret returns the SharedSecret field value if set, zero value otherwise.
+func (o *CustomHotpUserFactorProfile) GetSharedSecret() string {
+	if o == nil || o.SharedSecret == nil {
+		var ret string
+		return ret
+	}
+	return *o.SharedSecret
+}
+
+// GetSharedSecretOk returns a tuple with the SharedSecret field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CustomHotpUserFactorProfile) GetSharedSecretOk() (*string, bool) {
+	if o == nil || o.SharedSecret == nil {
+		return nil, false
+	}
+	return o.SharedSecret, true
+}
+
+// HasSharedSecret returns a boolean if a field has been set.
+func (o *CustomHotpUserFactorProfile) HasSharedSecret() bool {
+	if o != nil && o.SharedSecret != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSharedSecret gets a reference to the given string and assigns it to the SharedSecret field.
+func (o *CustomHotpUserFactorProfile) SetSharedSecret(v string) {
+	o.SharedSecret = &v
+}
+
+func (o CustomHotpUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.SharedSecret != nil {
+		toSerialize["sharedSecret"] = o.SharedSecret
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CustomHotpUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varCustomHotpUserFactorProfile := _CustomHotpUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varCustomHotpUserFactorProfile)
+	if err == nil {
+		*o = CustomHotpUserFactorProfile(varCustomHotpUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "sharedSecret")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCustomHotpUserFactorProfile struct {
+	value *CustomHotpUserFactorProfile
+	isSet bool
+}
+
+func (v NullableCustomHotpUserFactorProfile) Get() *CustomHotpUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableCustomHotpUserFactorProfile) Set(val *CustomHotpUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCustomHotpUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCustomHotpUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCustomHotpUserFactorProfile(val *CustomHotpUserFactorProfile) *NullableCustomHotpUserFactorProfile {
+	return &NullableCustomHotpUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableCustomHotpUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCustomHotpUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_customizable_page.go b/okta/model_customizable_page.go
new file mode 100644
index 000000000..272547245
--- /dev/null
+++ b/okta/model_customizable_page.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// CustomizablePage struct for CustomizablePage
+type CustomizablePage struct {
+	PageContent          *string `json:"pageContent,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _CustomizablePage CustomizablePage
+
+// NewCustomizablePage instantiates a new CustomizablePage object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCustomizablePage() *CustomizablePage {
+	this := CustomizablePage{}
+	return &this
+}
+
+// NewCustomizablePageWithDefaults instantiates a new CustomizablePage object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCustomizablePageWithDefaults() *CustomizablePage {
+	this := CustomizablePage{}
+	return &this
+}
+
+// GetPageContent returns the PageContent field value if set, zero value otherwise.
+func (o *CustomizablePage) GetPageContent() string {
+	if o == nil || o.PageContent == nil {
+		var ret string
+		return ret
+	}
+	return *o.PageContent
+}
+
+// GetPageContentOk returns a tuple with the PageContent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CustomizablePage) GetPageContentOk() (*string, bool) {
+	if o == nil || o.PageContent == nil {
+		return nil, false
+	}
+	return o.PageContent, true
+}
+
+// HasPageContent returns a boolean if a field has been set.
+func (o *CustomizablePage) HasPageContent() bool {
+	if o != nil && o.PageContent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPageContent gets a reference to the given string and assigns it to the PageContent field.
+func (o *CustomizablePage) SetPageContent(v string) {
+	o.PageContent = &v
+}
+
+func (o CustomizablePage) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.PageContent != nil {
+		toSerialize["pageContent"] = o.PageContent
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *CustomizablePage) UnmarshalJSON(bytes []byte) (err error) {
+	varCustomizablePage := _CustomizablePage{}
+
+	err = json.Unmarshal(bytes, &varCustomizablePage)
+	if err == nil {
+		*o = CustomizablePage(varCustomizablePage)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "pageContent")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableCustomizablePage struct {
+	value *CustomizablePage
+	isSet bool
+}
+
+func (v NullableCustomizablePage) Get() *CustomizablePage {
+	return v.value
+}
+
+func (v *NullableCustomizablePage) Set(val *CustomizablePage) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableCustomizablePage) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableCustomizablePage) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableCustomizablePage(val *CustomizablePage) *NullableCustomizablePage {
+	return &NullableCustomizablePage{value: val, isSet: true}
+}
+
+func (v NullableCustomizablePage) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableCustomizablePage) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device.go b/okta/model_device.go
new file mode 100644
index 000000000..fe56201a0
--- /dev/null
+++ b/okta/model_device.go
@@ -0,0 +1,496 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Device struct for Device
+type Device struct {
+	// Timestamp when the device was created
+	Created *time.Time `json:"created,omitempty"`
+	// Unique key for the device
+	Id *string `json:"id,omitempty"`
+	// Timestamp when the device was last updated
+	LastUpdated         *time.Time         `json:"lastUpdated,omitempty"`
+	Profile             *DeviceProfile     `json:"profile,omitempty"`
+	ResourceAlternateId *string            `json:"resourceAlternateId,omitempty"`
+	ResourceDisplayName *DeviceDisplayName `json:"resourceDisplayName,omitempty"`
+	// Alternate key for the `id`
+	ResourceId           *string       `json:"resourceId,omitempty"`
+	ResourceType         *string       `json:"resourceType,omitempty"`
+	Status               *DeviceStatus `json:"status,omitempty"`
+	Links                *DeviceLinks  `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Device Device
+
+// NewDevice instantiates a new Device object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDevice() *Device {
+	this := Device{}
+	return &this
+}
+
+// NewDeviceWithDefaults instantiates a new Device object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceWithDefaults() *Device {
+	this := Device{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Device) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Device) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Device) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Device) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Device) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Device) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *Device) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *Device) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *Device) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *Device) GetProfile() DeviceProfile {
+	if o == nil || o.Profile == nil {
+		var ret DeviceProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetProfileOk() (*DeviceProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *Device) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given DeviceProfile and assigns it to the Profile field.
+func (o *Device) SetProfile(v DeviceProfile) {
+	o.Profile = &v
+}
+
+// GetResourceAlternateId returns the ResourceAlternateId field value if set, zero value otherwise.
+func (o *Device) GetResourceAlternateId() string {
+	if o == nil || o.ResourceAlternateId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ResourceAlternateId
+}
+
+// GetResourceAlternateIdOk returns a tuple with the ResourceAlternateId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetResourceAlternateIdOk() (*string, bool) {
+	if o == nil || o.ResourceAlternateId == nil {
+		return nil, false
+	}
+	return o.ResourceAlternateId, true
+}
+
+// HasResourceAlternateId returns a boolean if a field has been set.
+func (o *Device) HasResourceAlternateId() bool {
+	if o != nil && o.ResourceAlternateId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResourceAlternateId gets a reference to the given string and assigns it to the ResourceAlternateId field.
+func (o *Device) SetResourceAlternateId(v string) {
+	o.ResourceAlternateId = &v
+}
+
+// GetResourceDisplayName returns the ResourceDisplayName field value if set, zero value otherwise.
+func (o *Device) GetResourceDisplayName() DeviceDisplayName {
+	if o == nil || o.ResourceDisplayName == nil {
+		var ret DeviceDisplayName
+		return ret
+	}
+	return *o.ResourceDisplayName
+}
+
+// GetResourceDisplayNameOk returns a tuple with the ResourceDisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetResourceDisplayNameOk() (*DeviceDisplayName, bool) {
+	if o == nil || o.ResourceDisplayName == nil {
+		return nil, false
+	}
+	return o.ResourceDisplayName, true
+}
+
+// HasResourceDisplayName returns a boolean if a field has been set.
+func (o *Device) HasResourceDisplayName() bool {
+	if o != nil && o.ResourceDisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResourceDisplayName gets a reference to the given DeviceDisplayName and assigns it to the ResourceDisplayName field.
+func (o *Device) SetResourceDisplayName(v DeviceDisplayName) {
+	o.ResourceDisplayName = &v
+}
+
+// GetResourceId returns the ResourceId field value if set, zero value otherwise.
+func (o *Device) GetResourceId() string {
+	if o == nil || o.ResourceId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ResourceId
+}
+
+// GetResourceIdOk returns a tuple with the ResourceId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetResourceIdOk() (*string, bool) {
+	if o == nil || o.ResourceId == nil {
+		return nil, false
+	}
+	return o.ResourceId, true
+}
+
+// HasResourceId returns a boolean if a field has been set.
+func (o *Device) HasResourceId() bool {
+	if o != nil && o.ResourceId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResourceId gets a reference to the given string and assigns it to the ResourceId field.
+func (o *Device) SetResourceId(v string) {
+	o.ResourceId = &v
+}
+
+// GetResourceType returns the ResourceType field value if set, zero value otherwise.
+func (o *Device) GetResourceType() string {
+	if o == nil || o.ResourceType == nil {
+		var ret string
+		return ret
+	}
+	return *o.ResourceType
+}
+
+// GetResourceTypeOk returns a tuple with the ResourceType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetResourceTypeOk() (*string, bool) {
+	if o == nil || o.ResourceType == nil {
+		return nil, false
+	}
+	return o.ResourceType, true
+}
+
+// HasResourceType returns a boolean if a field has been set.
+func (o *Device) HasResourceType() bool {
+	if o != nil && o.ResourceType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResourceType gets a reference to the given string and assigns it to the ResourceType field.
+func (o *Device) SetResourceType(v string) {
+	o.ResourceType = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Device) GetStatus() DeviceStatus {
+	if o == nil || o.Status == nil {
+		var ret DeviceStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetStatusOk() (*DeviceStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Device) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given DeviceStatus and assigns it to the Status field.
+func (o *Device) SetStatus(v DeviceStatus) {
+	o.Status = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Device) GetLinks() DeviceLinks {
+	if o == nil || o.Links == nil {
+		var ret DeviceLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Device) GetLinksOk() (*DeviceLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Device) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given DeviceLinks and assigns it to the Links field.
+func (o *Device) SetLinks(v DeviceLinks) {
+	o.Links = &v
+}
+
+func (o Device) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.ResourceAlternateId != nil {
+		toSerialize["resourceAlternateId"] = o.ResourceAlternateId
+	}
+	if o.ResourceDisplayName != nil {
+		toSerialize["resourceDisplayName"] = o.ResourceDisplayName
+	}
+	if o.ResourceId != nil {
+		toSerialize["resourceId"] = o.ResourceId
+	}
+	if o.ResourceType != nil {
+		toSerialize["resourceType"] = o.ResourceType
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Device) UnmarshalJSON(bytes []byte) (err error) {
+	varDevice := _Device{}
+
+	err = json.Unmarshal(bytes, &varDevice)
+	if err == nil {
+		*o = Device(varDevice)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "resourceAlternateId")
+		delete(additionalProperties, "resourceDisplayName")
+		delete(additionalProperties, "resourceId")
+		delete(additionalProperties, "resourceType")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDevice struct {
+	value *Device
+	isSet bool
+}
+
+func (v NullableDevice) Get() *Device {
+	return v.value
+}
+
+func (v *NullableDevice) Set(val *Device) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDevice) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDevice) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDevice(val *Device) *NullableDevice {
+	return &NullableDevice{value: val, isSet: true}
+}
+
+func (v NullableDevice) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDevice) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device__links.go b/okta/model_device__links.go
new file mode 100644
index 000000000..7b67cda3b
--- /dev/null
+++ b/okta/model_device__links.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceLinks struct for DeviceLinks
+type DeviceLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Users                *HrefObject `json:"users,omitempty"`
+	Activate             *HrefObject `json:"activate,omitempty"`
+	Deactivate           *HrefObject `json:"deactivate,omitempty"`
+	Suspend              *HrefObject `json:"suspend,omitempty"`
+	Unsuspend            *HrefObject `json:"unsuspend,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceLinks DeviceLinks
+
+// NewDeviceLinks instantiates a new DeviceLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceLinks() *DeviceLinks {
+	this := DeviceLinks{}
+	return &this
+}
+
+// NewDeviceLinksWithDefaults instantiates a new DeviceLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceLinksWithDefaults() *DeviceLinks {
+	this := DeviceLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *DeviceLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *DeviceLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *DeviceLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *DeviceLinks) GetUsers() HrefObject {
+	if o == nil || o.Users == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceLinks) GetUsersOk() (*HrefObject, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *DeviceLinks) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given HrefObject and assigns it to the Users field.
+func (o *DeviceLinks) SetUsers(v HrefObject) {
+	o.Users = &v
+}
+
+// GetActivate returns the Activate field value if set, zero value otherwise.
+func (o *DeviceLinks) GetActivate() HrefObject {
+	if o == nil || o.Activate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Activate
+}
+
+// GetActivateOk returns a tuple with the Activate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceLinks) GetActivateOk() (*HrefObject, bool) {
+	if o == nil || o.Activate == nil {
+		return nil, false
+	}
+	return o.Activate, true
+}
+
+// HasActivate returns a boolean if a field has been set.
+func (o *DeviceLinks) HasActivate() bool {
+	if o != nil && o.Activate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActivate gets a reference to the given HrefObject and assigns it to the Activate field.
+func (o *DeviceLinks) SetActivate(v HrefObject) {
+	o.Activate = &v
+}
+
+// GetDeactivate returns the Deactivate field value if set, zero value otherwise.
+func (o *DeviceLinks) GetDeactivate() HrefObject {
+	if o == nil || o.Deactivate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Deactivate
+}
+
+// GetDeactivateOk returns a tuple with the Deactivate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceLinks) GetDeactivateOk() (*HrefObject, bool) {
+	if o == nil || o.Deactivate == nil {
+		return nil, false
+	}
+	return o.Deactivate, true
+}
+
+// HasDeactivate returns a boolean if a field has been set.
+func (o *DeviceLinks) HasDeactivate() bool {
+	if o != nil && o.Deactivate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeactivate gets a reference to the given HrefObject and assigns it to the Deactivate field.
+func (o *DeviceLinks) SetDeactivate(v HrefObject) {
+	o.Deactivate = &v
+}
+
+// GetSuspend returns the Suspend field value if set, zero value otherwise.
+func (o *DeviceLinks) GetSuspend() HrefObject {
+	if o == nil || o.Suspend == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Suspend
+}
+
+// GetSuspendOk returns a tuple with the Suspend field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceLinks) GetSuspendOk() (*HrefObject, bool) {
+	if o == nil || o.Suspend == nil {
+		return nil, false
+	}
+	return o.Suspend, true
+}
+
+// HasSuspend returns a boolean if a field has been set.
+func (o *DeviceLinks) HasSuspend() bool {
+	if o != nil && o.Suspend != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSuspend gets a reference to the given HrefObject and assigns it to the Suspend field.
+func (o *DeviceLinks) SetSuspend(v HrefObject) {
+	o.Suspend = &v
+}
+
+// GetUnsuspend returns the Unsuspend field value if set, zero value otherwise.
+func (o *DeviceLinks) GetUnsuspend() HrefObject {
+	if o == nil || o.Unsuspend == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Unsuspend
+}
+
+// GetUnsuspendOk returns a tuple with the Unsuspend field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceLinks) GetUnsuspendOk() (*HrefObject, bool) {
+	if o == nil || o.Unsuspend == nil {
+		return nil, false
+	}
+	return o.Unsuspend, true
+}
+
+// HasUnsuspend returns a boolean if a field has been set.
+func (o *DeviceLinks) HasUnsuspend() bool {
+	if o != nil && o.Unsuspend != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnsuspend gets a reference to the given HrefObject and assigns it to the Unsuspend field.
+func (o *DeviceLinks) SetUnsuspend(v HrefObject) {
+	o.Unsuspend = &v
+}
+
+func (o DeviceLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.Activate != nil {
+		toSerialize["activate"] = o.Activate
+	}
+	if o.Deactivate != nil {
+		toSerialize["deactivate"] = o.Deactivate
+	}
+	if o.Suspend != nil {
+		toSerialize["suspend"] = o.Suspend
+	}
+	if o.Unsuspend != nil {
+		toSerialize["unsuspend"] = o.Unsuspend
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceLinks := _DeviceLinks{}
+
+	err = json.Unmarshal(bytes, &varDeviceLinks)
+	if err == nil {
+		*o = DeviceLinks(varDeviceLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "activate")
+		delete(additionalProperties, "deactivate")
+		delete(additionalProperties, "suspend")
+		delete(additionalProperties, "unsuspend")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceLinks struct {
+	value *DeviceLinks
+	isSet bool
+}
+
+func (v NullableDeviceLinks) Get() *DeviceLinks {
+	return v.value
+}
+
+func (v *NullableDeviceLinks) Set(val *DeviceLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceLinks(val *DeviceLinks) *NullableDeviceLinks {
+	return &NullableDeviceLinks{value: val, isSet: true}
+}
+
+func (v NullableDeviceLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_access_policy_rule_condition.go b/okta/model_device_access_policy_rule_condition.go
new file mode 100644
index 000000000..d9debec0c
--- /dev/null
+++ b/okta/model_device_access_policy_rule_condition.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAccessPolicyRuleCondition struct for DeviceAccessPolicyRuleCondition
+type DeviceAccessPolicyRuleCondition struct {
+	Migrated             *bool                              `json:"migrated,omitempty"`
+	Platform             *DevicePolicyRuleConditionPlatform `json:"platform,omitempty"`
+	Rooted               *bool                              `json:"rooted,omitempty"`
+	TrustLevel           *DevicePolicyTrustLevel            `json:"trustLevel,omitempty"`
+	Managed              *bool                              `json:"managed,omitempty"`
+	Registered           *bool                              `json:"registered,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAccessPolicyRuleCondition DeviceAccessPolicyRuleCondition
+
+// NewDeviceAccessPolicyRuleCondition instantiates a new DeviceAccessPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAccessPolicyRuleCondition() *DeviceAccessPolicyRuleCondition {
+	this := DeviceAccessPolicyRuleCondition{}
+	return &this
+}
+
+// NewDeviceAccessPolicyRuleConditionWithDefaults instantiates a new DeviceAccessPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAccessPolicyRuleConditionWithDefaults() *DeviceAccessPolicyRuleCondition {
+	this := DeviceAccessPolicyRuleCondition{}
+	return &this
+}
+
+// GetMigrated returns the Migrated field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleCondition) GetMigrated() bool {
+	if o == nil || o.Migrated == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Migrated
+}
+
+// GetMigratedOk returns a tuple with the Migrated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleCondition) GetMigratedOk() (*bool, bool) {
+	if o == nil || o.Migrated == nil {
+		return nil, false
+	}
+	return o.Migrated, true
+}
+
+// HasMigrated returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleCondition) HasMigrated() bool {
+	if o != nil && o.Migrated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMigrated gets a reference to the given bool and assigns it to the Migrated field.
+func (o *DeviceAccessPolicyRuleCondition) SetMigrated(v bool) {
+	o.Migrated = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleCondition) GetPlatform() DevicePolicyRuleConditionPlatform {
+	if o == nil || o.Platform == nil {
+		var ret DevicePolicyRuleConditionPlatform
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleCondition) GetPlatformOk() (*DevicePolicyRuleConditionPlatform, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleCondition) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given DevicePolicyRuleConditionPlatform and assigns it to the Platform field.
+func (o *DeviceAccessPolicyRuleCondition) SetPlatform(v DevicePolicyRuleConditionPlatform) {
+	o.Platform = &v
+}
+
+// GetRooted returns the Rooted field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleCondition) GetRooted() bool {
+	if o == nil || o.Rooted == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Rooted
+}
+
+// GetRootedOk returns a tuple with the Rooted field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleCondition) GetRootedOk() (*bool, bool) {
+	if o == nil || o.Rooted == nil {
+		return nil, false
+	}
+	return o.Rooted, true
+}
+
+// HasRooted returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleCondition) HasRooted() bool {
+	if o != nil && o.Rooted != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRooted gets a reference to the given bool and assigns it to the Rooted field.
+func (o *DeviceAccessPolicyRuleCondition) SetRooted(v bool) {
+	o.Rooted = &v
+}
+
+// GetTrustLevel returns the TrustLevel field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleCondition) GetTrustLevel() DevicePolicyTrustLevel {
+	if o == nil || o.TrustLevel == nil {
+		var ret DevicePolicyTrustLevel
+		return ret
+	}
+	return *o.TrustLevel
+}
+
+// GetTrustLevelOk returns a tuple with the TrustLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleCondition) GetTrustLevelOk() (*DevicePolicyTrustLevel, bool) {
+	if o == nil || o.TrustLevel == nil {
+		return nil, false
+	}
+	return o.TrustLevel, true
+}
+
+// HasTrustLevel returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleCondition) HasTrustLevel() bool {
+	if o != nil && o.TrustLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTrustLevel gets a reference to the given DevicePolicyTrustLevel and assigns it to the TrustLevel field.
+func (o *DeviceAccessPolicyRuleCondition) SetTrustLevel(v DevicePolicyTrustLevel) {
+	o.TrustLevel = &v
+}
+
+// GetManaged returns the Managed field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleCondition) GetManaged() bool {
+	if o == nil || o.Managed == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Managed
+}
+
+// GetManagedOk returns a tuple with the Managed field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleCondition) GetManagedOk() (*bool, bool) {
+	if o == nil || o.Managed == nil {
+		return nil, false
+	}
+	return o.Managed, true
+}
+
+// HasManaged returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleCondition) HasManaged() bool {
+	if o != nil && o.Managed != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetManaged gets a reference to the given bool and assigns it to the Managed field.
+func (o *DeviceAccessPolicyRuleCondition) SetManaged(v bool) {
+	o.Managed = &v
+}
+
+// GetRegistered returns the Registered field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleCondition) GetRegistered() bool {
+	if o == nil || o.Registered == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Registered
+}
+
+// GetRegisteredOk returns a tuple with the Registered field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleCondition) GetRegisteredOk() (*bool, bool) {
+	if o == nil || o.Registered == nil {
+		return nil, false
+	}
+	return o.Registered, true
+}
+
+// HasRegistered returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleCondition) HasRegistered() bool {
+	if o != nil && o.Registered != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegistered gets a reference to the given bool and assigns it to the Registered field.
+func (o *DeviceAccessPolicyRuleCondition) SetRegistered(v bool) {
+	o.Registered = &v
+}
+
+func (o DeviceAccessPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Migrated != nil {
+		toSerialize["migrated"] = o.Migrated
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Rooted != nil {
+		toSerialize["rooted"] = o.Rooted
+	}
+	if o.TrustLevel != nil {
+		toSerialize["trustLevel"] = o.TrustLevel
+	}
+	if o.Managed != nil {
+		toSerialize["managed"] = o.Managed
+	}
+	if o.Registered != nil {
+		toSerialize["registered"] = o.Registered
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAccessPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAccessPolicyRuleCondition := _DeviceAccessPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varDeviceAccessPolicyRuleCondition)
+	if err == nil {
+		*o = DeviceAccessPolicyRuleCondition(varDeviceAccessPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "migrated")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "rooted")
+		delete(additionalProperties, "trustLevel")
+		delete(additionalProperties, "managed")
+		delete(additionalProperties, "registered")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAccessPolicyRuleCondition struct {
+	value *DeviceAccessPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableDeviceAccessPolicyRuleCondition) Get() *DeviceAccessPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableDeviceAccessPolicyRuleCondition) Set(val *DeviceAccessPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAccessPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAccessPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAccessPolicyRuleCondition(val *DeviceAccessPolicyRuleCondition) *NullableDeviceAccessPolicyRuleCondition {
+	return &NullableDeviceAccessPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableDeviceAccessPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAccessPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_access_policy_rule_condition_all_of.go b/okta/model_device_access_policy_rule_condition_all_of.go
new file mode 100644
index 000000000..1656a721a
--- /dev/null
+++ b/okta/model_device_access_policy_rule_condition_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAccessPolicyRuleConditionAllOf struct for DeviceAccessPolicyRuleConditionAllOf
+type DeviceAccessPolicyRuleConditionAllOf struct {
+	Managed              *bool `json:"managed,omitempty"`
+	Registered           *bool `json:"registered,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAccessPolicyRuleConditionAllOf DeviceAccessPolicyRuleConditionAllOf
+
+// NewDeviceAccessPolicyRuleConditionAllOf instantiates a new DeviceAccessPolicyRuleConditionAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAccessPolicyRuleConditionAllOf() *DeviceAccessPolicyRuleConditionAllOf {
+	this := DeviceAccessPolicyRuleConditionAllOf{}
+	return &this
+}
+
+// NewDeviceAccessPolicyRuleConditionAllOfWithDefaults instantiates a new DeviceAccessPolicyRuleConditionAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAccessPolicyRuleConditionAllOfWithDefaults() *DeviceAccessPolicyRuleConditionAllOf {
+	this := DeviceAccessPolicyRuleConditionAllOf{}
+	return &this
+}
+
+// GetManaged returns the Managed field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleConditionAllOf) GetManaged() bool {
+	if o == nil || o.Managed == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Managed
+}
+
+// GetManagedOk returns a tuple with the Managed field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleConditionAllOf) GetManagedOk() (*bool, bool) {
+	if o == nil || o.Managed == nil {
+		return nil, false
+	}
+	return o.Managed, true
+}
+
+// HasManaged returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleConditionAllOf) HasManaged() bool {
+	if o != nil && o.Managed != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetManaged gets a reference to the given bool and assigns it to the Managed field.
+func (o *DeviceAccessPolicyRuleConditionAllOf) SetManaged(v bool) {
+	o.Managed = &v
+}
+
+// GetRegistered returns the Registered field value if set, zero value otherwise.
+func (o *DeviceAccessPolicyRuleConditionAllOf) GetRegistered() bool {
+	if o == nil || o.Registered == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Registered
+}
+
+// GetRegisteredOk returns a tuple with the Registered field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAccessPolicyRuleConditionAllOf) GetRegisteredOk() (*bool, bool) {
+	if o == nil || o.Registered == nil {
+		return nil, false
+	}
+	return o.Registered, true
+}
+
+// HasRegistered returns a boolean if a field has been set.
+func (o *DeviceAccessPolicyRuleConditionAllOf) HasRegistered() bool {
+	if o != nil && o.Registered != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegistered gets a reference to the given bool and assigns it to the Registered field.
+func (o *DeviceAccessPolicyRuleConditionAllOf) SetRegistered(v bool) {
+	o.Registered = &v
+}
+
+func (o DeviceAccessPolicyRuleConditionAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Managed != nil {
+		toSerialize["managed"] = o.Managed
+	}
+	if o.Registered != nil {
+		toSerialize["registered"] = o.Registered
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAccessPolicyRuleConditionAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAccessPolicyRuleConditionAllOf := _DeviceAccessPolicyRuleConditionAllOf{}
+
+	err = json.Unmarshal(bytes, &varDeviceAccessPolicyRuleConditionAllOf)
+	if err == nil {
+		*o = DeviceAccessPolicyRuleConditionAllOf(varDeviceAccessPolicyRuleConditionAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "managed")
+		delete(additionalProperties, "registered")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAccessPolicyRuleConditionAllOf struct {
+	value *DeviceAccessPolicyRuleConditionAllOf
+	isSet bool
+}
+
+func (v NullableDeviceAccessPolicyRuleConditionAllOf) Get() *DeviceAccessPolicyRuleConditionAllOf {
+	return v.value
+}
+
+func (v *NullableDeviceAccessPolicyRuleConditionAllOf) Set(val *DeviceAccessPolicyRuleConditionAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAccessPolicyRuleConditionAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAccessPolicyRuleConditionAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAccessPolicyRuleConditionAllOf(val *DeviceAccessPolicyRuleConditionAllOf) *NullableDeviceAccessPolicyRuleConditionAllOf {
+	return &NullableDeviceAccessPolicyRuleConditionAllOf{value: val, isSet: true}
+}
+
+func (v NullableDeviceAccessPolicyRuleConditionAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAccessPolicyRuleConditionAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance.go b/okta/model_device_assurance.go
new file mode 100644
index 000000000..9b9b54a42
--- /dev/null
+++ b/okta/model_device_assurance.go
@@ -0,0 +1,418 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssurance struct for DeviceAssurance
+type DeviceAssurance struct {
+	CreatedBy       *string `json:"createdBy,omitempty"`
+	CreatedDate     *string `json:"createdDate,omitempty"`
+	Id              *string `json:"id,omitempty"`
+	LastUpdatedBy   *string `json:"lastUpdatedBy,omitempty"`
+	LastUpdatedDate *string `json:"lastUpdatedDate,omitempty"`
+	// Display name of the Device Assurance Policy
+	Name                 *string    `json:"name,omitempty"`
+	Platform             *Platform  `json:"platform,omitempty"`
+	Links                *LinksSelf `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAssurance DeviceAssurance
+
+// NewDeviceAssurance instantiates a new DeviceAssurance object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssurance() *DeviceAssurance {
+	this := DeviceAssurance{}
+	return &this
+}
+
+// NewDeviceAssuranceWithDefaults instantiates a new DeviceAssurance object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceWithDefaults() *DeviceAssurance {
+	this := DeviceAssurance{}
+	return &this
+}
+
+// GetCreatedBy returns the CreatedBy field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetCreatedBy() string {
+	if o == nil || o.CreatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.CreatedBy
+}
+
+// GetCreatedByOk returns a tuple with the CreatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetCreatedByOk() (*string, bool) {
+	if o == nil || o.CreatedBy == nil {
+		return nil, false
+	}
+	return o.CreatedBy, true
+}
+
+// HasCreatedBy returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasCreatedBy() bool {
+	if o != nil && o.CreatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedBy gets a reference to the given string and assigns it to the CreatedBy field.
+func (o *DeviceAssurance) SetCreatedBy(v string) {
+	o.CreatedBy = &v
+}
+
+// GetCreatedDate returns the CreatedDate field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetCreatedDate() string {
+	if o == nil || o.CreatedDate == nil {
+		var ret string
+		return ret
+	}
+	return *o.CreatedDate
+}
+
+// GetCreatedDateOk returns a tuple with the CreatedDate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetCreatedDateOk() (*string, bool) {
+	if o == nil || o.CreatedDate == nil {
+		return nil, false
+	}
+	return o.CreatedDate, true
+}
+
+// HasCreatedDate returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasCreatedDate() bool {
+	if o != nil && o.CreatedDate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedDate gets a reference to the given string and assigns it to the CreatedDate field.
+func (o *DeviceAssurance) SetCreatedDate(v string) {
+	o.CreatedDate = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *DeviceAssurance) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdatedBy returns the LastUpdatedBy field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetLastUpdatedBy() string {
+	if o == nil || o.LastUpdatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdatedBy
+}
+
+// GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetLastUpdatedByOk() (*string, bool) {
+	if o == nil || o.LastUpdatedBy == nil {
+		return nil, false
+	}
+	return o.LastUpdatedBy, true
+}
+
+// HasLastUpdatedBy returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasLastUpdatedBy() bool {
+	if o != nil && o.LastUpdatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdatedBy gets a reference to the given string and assigns it to the LastUpdatedBy field.
+func (o *DeviceAssurance) SetLastUpdatedBy(v string) {
+	o.LastUpdatedBy = &v
+}
+
+// GetLastUpdatedDate returns the LastUpdatedDate field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetLastUpdatedDate() string {
+	if o == nil || o.LastUpdatedDate == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdatedDate
+}
+
+// GetLastUpdatedDateOk returns a tuple with the LastUpdatedDate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetLastUpdatedDateOk() (*string, bool) {
+	if o == nil || o.LastUpdatedDate == nil {
+		return nil, false
+	}
+	return o.LastUpdatedDate, true
+}
+
+// HasLastUpdatedDate returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasLastUpdatedDate() bool {
+	if o != nil && o.LastUpdatedDate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdatedDate gets a reference to the given string and assigns it to the LastUpdatedDate field.
+func (o *DeviceAssurance) SetLastUpdatedDate(v string) {
+	o.LastUpdatedDate = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *DeviceAssurance) SetName(v string) {
+	o.Name = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetPlatform() Platform {
+	if o == nil || o.Platform == nil {
+		var ret Platform
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetPlatformOk() (*Platform, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given Platform and assigns it to the Platform field.
+func (o *DeviceAssurance) SetPlatform(v Platform) {
+	o.Platform = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *DeviceAssurance) GetLinks() LinksSelf {
+	if o == nil || o.Links == nil {
+		var ret LinksSelf
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssurance) GetLinksOk() (*LinksSelf, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *DeviceAssurance) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given LinksSelf and assigns it to the Links field.
+func (o *DeviceAssurance) SetLinks(v LinksSelf) {
+	o.Links = &v
+}
+
+func (o DeviceAssurance) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CreatedBy != nil {
+		toSerialize["createdBy"] = o.CreatedBy
+	}
+	if o.CreatedDate != nil {
+		toSerialize["createdDate"] = o.CreatedDate
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdatedBy != nil {
+		toSerialize["lastUpdatedBy"] = o.LastUpdatedBy
+	}
+	if o.LastUpdatedDate != nil {
+		toSerialize["lastUpdatedDate"] = o.LastUpdatedDate
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssurance) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssurance := _DeviceAssurance{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssurance)
+	if err == nil {
+		*o = DeviceAssurance(varDeviceAssurance)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "createdBy")
+		delete(additionalProperties, "createdDate")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdatedBy")
+		delete(additionalProperties, "lastUpdatedDate")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssurance struct {
+	value *DeviceAssurance
+	isSet bool
+}
+
+func (v NullableDeviceAssurance) Get() *DeviceAssurance {
+	return v.value
+}
+
+func (v *NullableDeviceAssurance) Set(val *DeviceAssurance) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssurance) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssurance) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssurance(val *DeviceAssurance) *NullableDeviceAssurance {
+	return &NullableDeviceAssurance{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssurance) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssurance) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_android_platform.go b/okta/model_device_assurance_android_platform.go
new file mode 100644
index 000000000..7c240d341
--- /dev/null
+++ b/okta/model_device_assurance_android_platform.go
@@ -0,0 +1,359 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// DeviceAssuranceAndroidPlatform struct for DeviceAssuranceAndroidPlatform
+type DeviceAssuranceAndroidPlatform struct {
+	DeviceAssurance
+	DiskEncryptionType    *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType `json:"diskEncryptionType,omitempty"`
+	Jailbreak             *bool                                                  `json:"jailbreak,omitempty"`
+	OsVersion             *OSVersion                                             `json:"osVersion,omitempty"`
+	ScreenLockType        *DeviceAssuranceAndroidPlatformAllOfScreenLockType     `json:"screenLockType,omitempty"`
+	SecureHardwarePresent *bool                                                  `json:"secureHardwarePresent,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _DeviceAssuranceAndroidPlatform DeviceAssuranceAndroidPlatform
+
+// NewDeviceAssuranceAndroidPlatform instantiates a new DeviceAssuranceAndroidPlatform object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceAndroidPlatform() *DeviceAssuranceAndroidPlatform {
+	this := DeviceAssuranceAndroidPlatform{}
+	return &this
+}
+
+// NewDeviceAssuranceAndroidPlatformWithDefaults instantiates a new DeviceAssuranceAndroidPlatform object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceAndroidPlatformWithDefaults() *DeviceAssuranceAndroidPlatform {
+	this := DeviceAssuranceAndroidPlatform{}
+	return &this
+}
+
+// GetDiskEncryptionType returns the DiskEncryptionType field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	if o == nil || o.DiskEncryptionType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+		return ret
+	}
+	return *o.DiskEncryptionType
+}
+
+// GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool) {
+	if o == nil || o.DiskEncryptionType == nil {
+		return nil, false
+	}
+	return o.DiskEncryptionType, true
+}
+
+// HasDiskEncryptionType returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatform) HasDiskEncryptionType() bool {
+	if o != nil && o.DiskEncryptionType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEncryptionType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType and assigns it to the DiskEncryptionType field.
+func (o *DeviceAssuranceAndroidPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	o.DiskEncryptionType = &v
+}
+
+// GetJailbreak returns the Jailbreak field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatform) GetJailbreak() bool {
+	if o == nil || o.Jailbreak == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Jailbreak
+}
+
+// GetJailbreakOk returns a tuple with the Jailbreak field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatform) GetJailbreakOk() (*bool, bool) {
+	if o == nil || o.Jailbreak == nil {
+		return nil, false
+	}
+	return o.Jailbreak, true
+}
+
+// HasJailbreak returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatform) HasJailbreak() bool {
+	if o != nil && o.Jailbreak != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJailbreak gets a reference to the given bool and assigns it to the Jailbreak field.
+func (o *DeviceAssuranceAndroidPlatform) SetJailbreak(v bool) {
+	o.Jailbreak = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatform) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatform) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatform) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DeviceAssuranceAndroidPlatform) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetScreenLockType returns the ScreenLockType field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	if o == nil || o.ScreenLockType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfScreenLockType
+		return ret
+	}
+	return *o.ScreenLockType
+}
+
+// GetScreenLockTypeOk returns a tuple with the ScreenLockType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool) {
+	if o == nil || o.ScreenLockType == nil {
+		return nil, false
+	}
+	return o.ScreenLockType, true
+}
+
+// HasScreenLockType returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatform) HasScreenLockType() bool {
+	if o != nil && o.ScreenLockType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfScreenLockType and assigns it to the ScreenLockType field.
+func (o *DeviceAssuranceAndroidPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	o.ScreenLockType = &v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatform) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatform) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatform) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceAssuranceAndroidPlatform) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+func (o DeviceAssuranceAndroidPlatform) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedDeviceAssurance, errDeviceAssurance := json.Marshal(o.DeviceAssurance)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	errDeviceAssurance = json.Unmarshal([]byte(serializedDeviceAssurance), &toSerialize)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	if o.DiskEncryptionType != nil {
+		toSerialize["diskEncryptionType"] = o.DiskEncryptionType
+	}
+	if o.Jailbreak != nil {
+		toSerialize["jailbreak"] = o.Jailbreak
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.ScreenLockType != nil {
+		toSerialize["screenLockType"] = o.ScreenLockType
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceAndroidPlatform) UnmarshalJSON(bytes []byte) (err error) {
+	type DeviceAssuranceAndroidPlatformWithoutEmbeddedStruct struct {
+		DiskEncryptionType    *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType `json:"diskEncryptionType,omitempty"`
+		Jailbreak             *bool                                                  `json:"jailbreak,omitempty"`
+		OsVersion             *OSVersion                                             `json:"osVersion,omitempty"`
+		ScreenLockType        *DeviceAssuranceAndroidPlatformAllOfScreenLockType     `json:"screenLockType,omitempty"`
+		SecureHardwarePresent *bool                                                  `json:"secureHardwarePresent,omitempty"`
+	}
+
+	varDeviceAssuranceAndroidPlatformWithoutEmbeddedStruct := DeviceAssuranceAndroidPlatformWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceAndroidPlatformWithoutEmbeddedStruct)
+	if err == nil {
+		varDeviceAssuranceAndroidPlatform := _DeviceAssuranceAndroidPlatform{}
+		varDeviceAssuranceAndroidPlatform.DiskEncryptionType = varDeviceAssuranceAndroidPlatformWithoutEmbeddedStruct.DiskEncryptionType
+		varDeviceAssuranceAndroidPlatform.Jailbreak = varDeviceAssuranceAndroidPlatformWithoutEmbeddedStruct.Jailbreak
+		varDeviceAssuranceAndroidPlatform.OsVersion = varDeviceAssuranceAndroidPlatformWithoutEmbeddedStruct.OsVersion
+		varDeviceAssuranceAndroidPlatform.ScreenLockType = varDeviceAssuranceAndroidPlatformWithoutEmbeddedStruct.ScreenLockType
+		varDeviceAssuranceAndroidPlatform.SecureHardwarePresent = varDeviceAssuranceAndroidPlatformWithoutEmbeddedStruct.SecureHardwarePresent
+		*o = DeviceAssuranceAndroidPlatform(varDeviceAssuranceAndroidPlatform)
+	} else {
+		return err
+	}
+
+	varDeviceAssuranceAndroidPlatform := _DeviceAssuranceAndroidPlatform{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceAndroidPlatform)
+	if err == nil {
+		o.DeviceAssurance = varDeviceAssuranceAndroidPlatform.DeviceAssurance
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "diskEncryptionType")
+		delete(additionalProperties, "jailbreak")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "screenLockType")
+		delete(additionalProperties, "secureHardwarePresent")
+
+		// remove fields from embedded structs
+		reflectDeviceAssurance := reflect.ValueOf(o.DeviceAssurance)
+		for i := 0; i < reflectDeviceAssurance.Type().NumField(); i++ {
+			t := reflectDeviceAssurance.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceAndroidPlatform struct {
+	value *DeviceAssuranceAndroidPlatform
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceAndroidPlatform) Get() *DeviceAssuranceAndroidPlatform {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatform) Set(val *DeviceAssuranceAndroidPlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceAndroidPlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceAndroidPlatform(val *DeviceAssuranceAndroidPlatform) *NullableDeviceAssuranceAndroidPlatform {
+	return &NullableDeviceAssuranceAndroidPlatform{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceAndroidPlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_android_platform_all_of.go b/okta/model_device_assurance_android_platform_all_of.go
new file mode 100644
index 000000000..d455c49dd
--- /dev/null
+++ b/okta/model_device_assurance_android_platform_all_of.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceAndroidPlatformAllOf struct for DeviceAssuranceAndroidPlatformAllOf
+type DeviceAssuranceAndroidPlatformAllOf struct {
+	DiskEncryptionType    *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType `json:"diskEncryptionType,omitempty"`
+	Jailbreak             *bool                                                  `json:"jailbreak,omitempty"`
+	OsVersion             *OSVersion                                             `json:"osVersion,omitempty"`
+	ScreenLockType        *DeviceAssuranceAndroidPlatformAllOfScreenLockType     `json:"screenLockType,omitempty"`
+	SecureHardwarePresent *bool                                                  `json:"secureHardwarePresent,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _DeviceAssuranceAndroidPlatformAllOf DeviceAssuranceAndroidPlatformAllOf
+
+// NewDeviceAssuranceAndroidPlatformAllOf instantiates a new DeviceAssuranceAndroidPlatformAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceAndroidPlatformAllOf() *DeviceAssuranceAndroidPlatformAllOf {
+	this := DeviceAssuranceAndroidPlatformAllOf{}
+	return &this
+}
+
+// NewDeviceAssuranceAndroidPlatformAllOfWithDefaults instantiates a new DeviceAssuranceAndroidPlatformAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceAndroidPlatformAllOfWithDefaults() *DeviceAssuranceAndroidPlatformAllOf {
+	this := DeviceAssuranceAndroidPlatformAllOf{}
+	return &this
+}
+
+// GetDiskEncryptionType returns the DiskEncryptionType field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	if o == nil || o.DiskEncryptionType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+		return ret
+	}
+	return *o.DiskEncryptionType
+}
+
+// GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool) {
+	if o == nil || o.DiskEncryptionType == nil {
+		return nil, false
+	}
+	return o.DiskEncryptionType, true
+}
+
+// HasDiskEncryptionType returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) HasDiskEncryptionType() bool {
+	if o != nil && o.DiskEncryptionType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEncryptionType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType and assigns it to the DiskEncryptionType field.
+func (o *DeviceAssuranceAndroidPlatformAllOf) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	o.DiskEncryptionType = &v
+}
+
+// GetJailbreak returns the Jailbreak field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetJailbreak() bool {
+	if o == nil || o.Jailbreak == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Jailbreak
+}
+
+// GetJailbreakOk returns a tuple with the Jailbreak field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetJailbreakOk() (*bool, bool) {
+	if o == nil || o.Jailbreak == nil {
+		return nil, false
+	}
+	return o.Jailbreak, true
+}
+
+// HasJailbreak returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) HasJailbreak() bool {
+	if o != nil && o.Jailbreak != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJailbreak gets a reference to the given bool and assigns it to the Jailbreak field.
+func (o *DeviceAssuranceAndroidPlatformAllOf) SetJailbreak(v bool) {
+	o.Jailbreak = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DeviceAssuranceAndroidPlatformAllOf) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetScreenLockType returns the ScreenLockType field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	if o == nil || o.ScreenLockType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfScreenLockType
+		return ret
+	}
+	return *o.ScreenLockType
+}
+
+// GetScreenLockTypeOk returns a tuple with the ScreenLockType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool) {
+	if o == nil || o.ScreenLockType == nil {
+		return nil, false
+	}
+	return o.ScreenLockType, true
+}
+
+// HasScreenLockType returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) HasScreenLockType() bool {
+	if o != nil && o.ScreenLockType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfScreenLockType and assigns it to the ScreenLockType field.
+func (o *DeviceAssuranceAndroidPlatformAllOf) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	o.ScreenLockType = &v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOf) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceAssuranceAndroidPlatformAllOf) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+func (o DeviceAssuranceAndroidPlatformAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DiskEncryptionType != nil {
+		toSerialize["diskEncryptionType"] = o.DiskEncryptionType
+	}
+	if o.Jailbreak != nil {
+		toSerialize["jailbreak"] = o.Jailbreak
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.ScreenLockType != nil {
+		toSerialize["screenLockType"] = o.ScreenLockType
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceAndroidPlatformAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceAndroidPlatformAllOf := _DeviceAssuranceAndroidPlatformAllOf{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceAndroidPlatformAllOf)
+	if err == nil {
+		*o = DeviceAssuranceAndroidPlatformAllOf(varDeviceAssuranceAndroidPlatformAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "diskEncryptionType")
+		delete(additionalProperties, "jailbreak")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "screenLockType")
+		delete(additionalProperties, "secureHardwarePresent")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceAndroidPlatformAllOf struct {
+	value *DeviceAssuranceAndroidPlatformAllOf
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOf) Get() *DeviceAssuranceAndroidPlatformAllOf {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOf) Set(val *DeviceAssuranceAndroidPlatformAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceAndroidPlatformAllOf(val *DeviceAssuranceAndroidPlatformAllOf) *NullableDeviceAssuranceAndroidPlatformAllOf {
+	return &NullableDeviceAssuranceAndroidPlatformAllOf{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_android_platform_all_of_disk_encryption_type.go b/okta/model_device_assurance_android_platform_all_of_disk_encryption_type.go
new file mode 100644
index 000000000..986be548f
--- /dev/null
+++ b/okta/model_device_assurance_android_platform_all_of_disk_encryption_type.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType struct for DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+type DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType struct {
+	Include              []DiskEncryptionType `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+
+// NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType instantiates a new DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType() *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	this := DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType{}
+	return &this
+}
+
+// NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionTypeWithDefaults instantiates a new DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceAndroidPlatformAllOfDiskEncryptionTypeWithDefaults() *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	this := DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType{}
+	return &this
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) GetInclude() []DiskEncryptionType {
+	if o == nil || o.Include == nil {
+		var ret []DiskEncryptionType
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) GetIncludeOk() ([]DiskEncryptionType, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []DiskEncryptionType and assigns it to the Include field.
+func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) SetInclude(v []DiskEncryptionType) {
+	o.Include = v
+}
+
+func (o DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType := _DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)
+	if err == nil {
+		*o = DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType(varDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType struct {
+	value *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) Get() *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) Set(val *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType(val *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) *NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	return &NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_android_platform_all_of_screen_lock_type.go b/okta/model_device_assurance_android_platform_all_of_screen_lock_type.go
new file mode 100644
index 000000000..a539c6b87
--- /dev/null
+++ b/okta/model_device_assurance_android_platform_all_of_screen_lock_type.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceAndroidPlatformAllOfScreenLockType struct for DeviceAssuranceAndroidPlatformAllOfScreenLockType
+type DeviceAssuranceAndroidPlatformAllOfScreenLockType struct {
+	Include              []ScreenLockType `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAssuranceAndroidPlatformAllOfScreenLockType DeviceAssuranceAndroidPlatformAllOfScreenLockType
+
+// NewDeviceAssuranceAndroidPlatformAllOfScreenLockType instantiates a new DeviceAssuranceAndroidPlatformAllOfScreenLockType object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceAndroidPlatformAllOfScreenLockType() *DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	this := DeviceAssuranceAndroidPlatformAllOfScreenLockType{}
+	return &this
+}
+
+// NewDeviceAssuranceAndroidPlatformAllOfScreenLockTypeWithDefaults instantiates a new DeviceAssuranceAndroidPlatformAllOfScreenLockType object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceAndroidPlatformAllOfScreenLockTypeWithDefaults() *DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	this := DeviceAssuranceAndroidPlatformAllOfScreenLockType{}
+	return &this
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) GetInclude() []ScreenLockType {
+	if o == nil || o.Include == nil {
+		var ret []ScreenLockType
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) GetIncludeOk() ([]ScreenLockType, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []ScreenLockType and assigns it to the Include field.
+func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) SetInclude(v []ScreenLockType) {
+	o.Include = v
+}
+
+func (o DeviceAssuranceAndroidPlatformAllOfScreenLockType) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceAndroidPlatformAllOfScreenLockType) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceAndroidPlatformAllOfScreenLockType := _DeviceAssuranceAndroidPlatformAllOfScreenLockType{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceAndroidPlatformAllOfScreenLockType)
+	if err == nil {
+		*o = DeviceAssuranceAndroidPlatformAllOfScreenLockType(varDeviceAssuranceAndroidPlatformAllOfScreenLockType)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType struct {
+	value *DeviceAssuranceAndroidPlatformAllOfScreenLockType
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType) Get() *DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType) Set(val *DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceAndroidPlatformAllOfScreenLockType(val *DeviceAssuranceAndroidPlatformAllOfScreenLockType) *NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	return &NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceAndroidPlatformAllOfScreenLockType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_chrome_os_platform.go b/okta/model_device_assurance_chrome_os_platform.go
new file mode 100644
index 000000000..9baf5e7f0
--- /dev/null
+++ b/okta/model_device_assurance_chrome_os_platform.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// DeviceAssuranceChromeOSPlatform struct for DeviceAssuranceChromeOSPlatform
+type DeviceAssuranceChromeOSPlatform struct {
+	DeviceAssurance
+	ThirdPartySignalProviders *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _DeviceAssuranceChromeOSPlatform DeviceAssuranceChromeOSPlatform
+
+// NewDeviceAssuranceChromeOSPlatform instantiates a new DeviceAssuranceChromeOSPlatform object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceChromeOSPlatform() *DeviceAssuranceChromeOSPlatform {
+	this := DeviceAssuranceChromeOSPlatform{}
+	return &this
+}
+
+// NewDeviceAssuranceChromeOSPlatformWithDefaults instantiates a new DeviceAssuranceChromeOSPlatform object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceChromeOSPlatformWithDefaults() *DeviceAssuranceChromeOSPlatform {
+	this := DeviceAssuranceChromeOSPlatform{}
+	return &this
+}
+
+// GetThirdPartySignalProviders returns the ThirdPartySignalProviders field value if set, zero value otherwise.
+func (o *DeviceAssuranceChromeOSPlatform) GetThirdPartySignalProviders() DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		var ret DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders
+		return ret
+	}
+	return *o.ThirdPartySignalProviders
+}
+
+// GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceChromeOSPlatform) GetThirdPartySignalProvidersOk() (*DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders, bool) {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		return nil, false
+	}
+	return o.ThirdPartySignalProviders, true
+}
+
+// HasThirdPartySignalProviders returns a boolean if a field has been set.
+func (o *DeviceAssuranceChromeOSPlatform) HasThirdPartySignalProviders() bool {
+	if o != nil && o.ThirdPartySignalProviders != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThirdPartySignalProviders gets a reference to the given DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders and assigns it to the ThirdPartySignalProviders field.
+func (o *DeviceAssuranceChromeOSPlatform) SetThirdPartySignalProviders(v DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) {
+	o.ThirdPartySignalProviders = &v
+}
+
+func (o DeviceAssuranceChromeOSPlatform) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedDeviceAssurance, errDeviceAssurance := json.Marshal(o.DeviceAssurance)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	errDeviceAssurance = json.Unmarshal([]byte(serializedDeviceAssurance), &toSerialize)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	if o.ThirdPartySignalProviders != nil {
+		toSerialize["thirdPartySignalProviders"] = o.ThirdPartySignalProviders
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceChromeOSPlatform) UnmarshalJSON(bytes []byte) (err error) {
+	type DeviceAssuranceChromeOSPlatformWithoutEmbeddedStruct struct {
+		ThirdPartySignalProviders *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	}
+
+	varDeviceAssuranceChromeOSPlatformWithoutEmbeddedStruct := DeviceAssuranceChromeOSPlatformWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceChromeOSPlatformWithoutEmbeddedStruct)
+	if err == nil {
+		varDeviceAssuranceChromeOSPlatform := _DeviceAssuranceChromeOSPlatform{}
+		varDeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders = varDeviceAssuranceChromeOSPlatformWithoutEmbeddedStruct.ThirdPartySignalProviders
+		*o = DeviceAssuranceChromeOSPlatform(varDeviceAssuranceChromeOSPlatform)
+	} else {
+		return err
+	}
+
+	varDeviceAssuranceChromeOSPlatform := _DeviceAssuranceChromeOSPlatform{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceChromeOSPlatform)
+	if err == nil {
+		o.DeviceAssurance = varDeviceAssuranceChromeOSPlatform.DeviceAssurance
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "thirdPartySignalProviders")
+
+		// remove fields from embedded structs
+		reflectDeviceAssurance := reflect.ValueOf(o.DeviceAssurance)
+		for i := 0; i < reflectDeviceAssurance.Type().NumField(); i++ {
+			t := reflectDeviceAssurance.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceChromeOSPlatform struct {
+	value *DeviceAssuranceChromeOSPlatform
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatform) Get() *DeviceAssuranceChromeOSPlatform {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatform) Set(val *DeviceAssuranceChromeOSPlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceChromeOSPlatform(val *DeviceAssuranceChromeOSPlatform) *NullableDeviceAssuranceChromeOSPlatform {
+	return &NullableDeviceAssuranceChromeOSPlatform{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_chrome_os_platform_all_of.go b/okta/model_device_assurance_chrome_os_platform_all_of.go
new file mode 100644
index 000000000..8be34c5a6
--- /dev/null
+++ b/okta/model_device_assurance_chrome_os_platform_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceChromeOSPlatformAllOf struct for DeviceAssuranceChromeOSPlatformAllOf
+type DeviceAssuranceChromeOSPlatformAllOf struct {
+	ThirdPartySignalProviders *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _DeviceAssuranceChromeOSPlatformAllOf DeviceAssuranceChromeOSPlatformAllOf
+
+// NewDeviceAssuranceChromeOSPlatformAllOf instantiates a new DeviceAssuranceChromeOSPlatformAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceChromeOSPlatformAllOf() *DeviceAssuranceChromeOSPlatformAllOf {
+	this := DeviceAssuranceChromeOSPlatformAllOf{}
+	return &this
+}
+
+// NewDeviceAssuranceChromeOSPlatformAllOfWithDefaults instantiates a new DeviceAssuranceChromeOSPlatformAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceChromeOSPlatformAllOfWithDefaults() *DeviceAssuranceChromeOSPlatformAllOf {
+	this := DeviceAssuranceChromeOSPlatformAllOf{}
+	return &this
+}
+
+// GetThirdPartySignalProviders returns the ThirdPartySignalProviders field value if set, zero value otherwise.
+func (o *DeviceAssuranceChromeOSPlatformAllOf) GetThirdPartySignalProviders() DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		var ret DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders
+		return ret
+	}
+	return *o.ThirdPartySignalProviders
+}
+
+// GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceChromeOSPlatformAllOf) GetThirdPartySignalProvidersOk() (*DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders, bool) {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		return nil, false
+	}
+	return o.ThirdPartySignalProviders, true
+}
+
+// HasThirdPartySignalProviders returns a boolean if a field has been set.
+func (o *DeviceAssuranceChromeOSPlatformAllOf) HasThirdPartySignalProviders() bool {
+	if o != nil && o.ThirdPartySignalProviders != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThirdPartySignalProviders gets a reference to the given DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders and assigns it to the ThirdPartySignalProviders field.
+func (o *DeviceAssuranceChromeOSPlatformAllOf) SetThirdPartySignalProviders(v DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) {
+	o.ThirdPartySignalProviders = &v
+}
+
+func (o DeviceAssuranceChromeOSPlatformAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ThirdPartySignalProviders != nil {
+		toSerialize["thirdPartySignalProviders"] = o.ThirdPartySignalProviders
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceChromeOSPlatformAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceChromeOSPlatformAllOf := _DeviceAssuranceChromeOSPlatformAllOf{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceChromeOSPlatformAllOf)
+	if err == nil {
+		*o = DeviceAssuranceChromeOSPlatformAllOf(varDeviceAssuranceChromeOSPlatformAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "thirdPartySignalProviders")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceChromeOSPlatformAllOf struct {
+	value *DeviceAssuranceChromeOSPlatformAllOf
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatformAllOf) Get() *DeviceAssuranceChromeOSPlatformAllOf {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatformAllOf) Set(val *DeviceAssuranceChromeOSPlatformAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatformAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatformAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceChromeOSPlatformAllOf(val *DeviceAssuranceChromeOSPlatformAllOf) *NullableDeviceAssuranceChromeOSPlatformAllOf {
+	return &NullableDeviceAssuranceChromeOSPlatformAllOf{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatformAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatformAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_chrome_os_platform_all_of_third_party_signal_providers.go b/okta/model_device_assurance_chrome_os_platform_all_of_third_party_signal_providers.go
new file mode 100644
index 000000000..dd6ec52be
--- /dev/null
+++ b/okta/model_device_assurance_chrome_os_platform_all_of_third_party_signal_providers.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders Settings for third-party signal providers (based on the `CHROMEOS` platform)
+type DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders struct {
+	Dtc                  *DTCChromeOS `json:"dtc,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders
+
+// NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders instantiates a new DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders() *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders {
+	this := DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{}
+	return &this
+}
+
+// NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProvidersWithDefaults instantiates a new DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProvidersWithDefaults() *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders {
+	this := DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{}
+	return &this
+}
+
+// GetDtc returns the Dtc field value if set, zero value otherwise.
+func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) GetDtc() DTCChromeOS {
+	if o == nil || o.Dtc == nil {
+		var ret DTCChromeOS
+		return ret
+	}
+	return *o.Dtc
+}
+
+// GetDtcOk returns a tuple with the Dtc field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) GetDtcOk() (*DTCChromeOS, bool) {
+	if o == nil || o.Dtc == nil {
+		return nil, false
+	}
+	return o.Dtc, true
+}
+
+// HasDtc returns a boolean if a field has been set.
+func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) HasDtc() bool {
+	if o != nil && o.Dtc != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDtc gets a reference to the given DTCChromeOS and assigns it to the Dtc field.
+func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) SetDtc(v DTCChromeOS) {
+	o.Dtc = &v
+}
+
+func (o DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Dtc != nil {
+		toSerialize["dtc"] = o.Dtc
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders := _DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders)
+	if err == nil {
+		*o = DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders(varDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "dtc")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders struct {
+	value *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) Get() *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) Set(val *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders(val *DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) *NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders {
+	return &NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_ios_platform.go b/okta/model_device_assurance_ios_platform.go
new file mode 100644
index 000000000..4cca485c3
--- /dev/null
+++ b/okta/model_device_assurance_ios_platform.go
@@ -0,0 +1,359 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// DeviceAssuranceIOSPlatform struct for DeviceAssuranceIOSPlatform
+type DeviceAssuranceIOSPlatform struct {
+	DeviceAssurance
+	DiskEncryptionType    *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType `json:"diskEncryptionType,omitempty"`
+	Jailbreak             *bool                                                  `json:"jailbreak,omitempty"`
+	OsVersion             *OSVersion                                             `json:"osVersion,omitempty"`
+	ScreenLockType        *DeviceAssuranceAndroidPlatformAllOfScreenLockType     `json:"screenLockType,omitempty"`
+	SecureHardwarePresent *bool                                                  `json:"secureHardwarePresent,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _DeviceAssuranceIOSPlatform DeviceAssuranceIOSPlatform
+
+// NewDeviceAssuranceIOSPlatform instantiates a new DeviceAssuranceIOSPlatform object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceIOSPlatform() *DeviceAssuranceIOSPlatform {
+	this := DeviceAssuranceIOSPlatform{}
+	return &this
+}
+
+// NewDeviceAssuranceIOSPlatformWithDefaults instantiates a new DeviceAssuranceIOSPlatform object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceIOSPlatformWithDefaults() *DeviceAssuranceIOSPlatform {
+	this := DeviceAssuranceIOSPlatform{}
+	return &this
+}
+
+// GetDiskEncryptionType returns the DiskEncryptionType field value if set, zero value otherwise.
+func (o *DeviceAssuranceIOSPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	if o == nil || o.DiskEncryptionType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+		return ret
+	}
+	return *o.DiskEncryptionType
+}
+
+// GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceIOSPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool) {
+	if o == nil || o.DiskEncryptionType == nil {
+		return nil, false
+	}
+	return o.DiskEncryptionType, true
+}
+
+// HasDiskEncryptionType returns a boolean if a field has been set.
+func (o *DeviceAssuranceIOSPlatform) HasDiskEncryptionType() bool {
+	if o != nil && o.DiskEncryptionType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEncryptionType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType and assigns it to the DiskEncryptionType field.
+func (o *DeviceAssuranceIOSPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	o.DiskEncryptionType = &v
+}
+
+// GetJailbreak returns the Jailbreak field value if set, zero value otherwise.
+func (o *DeviceAssuranceIOSPlatform) GetJailbreak() bool {
+	if o == nil || o.Jailbreak == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Jailbreak
+}
+
+// GetJailbreakOk returns a tuple with the Jailbreak field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceIOSPlatform) GetJailbreakOk() (*bool, bool) {
+	if o == nil || o.Jailbreak == nil {
+		return nil, false
+	}
+	return o.Jailbreak, true
+}
+
+// HasJailbreak returns a boolean if a field has been set.
+func (o *DeviceAssuranceIOSPlatform) HasJailbreak() bool {
+	if o != nil && o.Jailbreak != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJailbreak gets a reference to the given bool and assigns it to the Jailbreak field.
+func (o *DeviceAssuranceIOSPlatform) SetJailbreak(v bool) {
+	o.Jailbreak = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceAssuranceIOSPlatform) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceIOSPlatform) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceAssuranceIOSPlatform) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DeviceAssuranceIOSPlatform) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetScreenLockType returns the ScreenLockType field value if set, zero value otherwise.
+func (o *DeviceAssuranceIOSPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	if o == nil || o.ScreenLockType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfScreenLockType
+		return ret
+	}
+	return *o.ScreenLockType
+}
+
+// GetScreenLockTypeOk returns a tuple with the ScreenLockType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceIOSPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool) {
+	if o == nil || o.ScreenLockType == nil {
+		return nil, false
+	}
+	return o.ScreenLockType, true
+}
+
+// HasScreenLockType returns a boolean if a field has been set.
+func (o *DeviceAssuranceIOSPlatform) HasScreenLockType() bool {
+	if o != nil && o.ScreenLockType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfScreenLockType and assigns it to the ScreenLockType field.
+func (o *DeviceAssuranceIOSPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	o.ScreenLockType = &v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceAssuranceIOSPlatform) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceIOSPlatform) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceAssuranceIOSPlatform) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceAssuranceIOSPlatform) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+func (o DeviceAssuranceIOSPlatform) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedDeviceAssurance, errDeviceAssurance := json.Marshal(o.DeviceAssurance)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	errDeviceAssurance = json.Unmarshal([]byte(serializedDeviceAssurance), &toSerialize)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	if o.DiskEncryptionType != nil {
+		toSerialize["diskEncryptionType"] = o.DiskEncryptionType
+	}
+	if o.Jailbreak != nil {
+		toSerialize["jailbreak"] = o.Jailbreak
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.ScreenLockType != nil {
+		toSerialize["screenLockType"] = o.ScreenLockType
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceIOSPlatform) UnmarshalJSON(bytes []byte) (err error) {
+	type DeviceAssuranceIOSPlatformWithoutEmbeddedStruct struct {
+		DiskEncryptionType    *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType `json:"diskEncryptionType,omitempty"`
+		Jailbreak             *bool                                                  `json:"jailbreak,omitempty"`
+		OsVersion             *OSVersion                                             `json:"osVersion,omitempty"`
+		ScreenLockType        *DeviceAssuranceAndroidPlatformAllOfScreenLockType     `json:"screenLockType,omitempty"`
+		SecureHardwarePresent *bool                                                  `json:"secureHardwarePresent,omitempty"`
+	}
+
+	varDeviceAssuranceIOSPlatformWithoutEmbeddedStruct := DeviceAssuranceIOSPlatformWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceIOSPlatformWithoutEmbeddedStruct)
+	if err == nil {
+		varDeviceAssuranceIOSPlatform := _DeviceAssuranceIOSPlatform{}
+		varDeviceAssuranceIOSPlatform.DiskEncryptionType = varDeviceAssuranceIOSPlatformWithoutEmbeddedStruct.DiskEncryptionType
+		varDeviceAssuranceIOSPlatform.Jailbreak = varDeviceAssuranceIOSPlatformWithoutEmbeddedStruct.Jailbreak
+		varDeviceAssuranceIOSPlatform.OsVersion = varDeviceAssuranceIOSPlatformWithoutEmbeddedStruct.OsVersion
+		varDeviceAssuranceIOSPlatform.ScreenLockType = varDeviceAssuranceIOSPlatformWithoutEmbeddedStruct.ScreenLockType
+		varDeviceAssuranceIOSPlatform.SecureHardwarePresent = varDeviceAssuranceIOSPlatformWithoutEmbeddedStruct.SecureHardwarePresent
+		*o = DeviceAssuranceIOSPlatform(varDeviceAssuranceIOSPlatform)
+	} else {
+		return err
+	}
+
+	varDeviceAssuranceIOSPlatform := _DeviceAssuranceIOSPlatform{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceIOSPlatform)
+	if err == nil {
+		o.DeviceAssurance = varDeviceAssuranceIOSPlatform.DeviceAssurance
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "diskEncryptionType")
+		delete(additionalProperties, "jailbreak")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "screenLockType")
+		delete(additionalProperties, "secureHardwarePresent")
+
+		// remove fields from embedded structs
+		reflectDeviceAssurance := reflect.ValueOf(o.DeviceAssurance)
+		for i := 0; i < reflectDeviceAssurance.Type().NumField(); i++ {
+			t := reflectDeviceAssurance.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceIOSPlatform struct {
+	value *DeviceAssuranceIOSPlatform
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceIOSPlatform) Get() *DeviceAssuranceIOSPlatform {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceIOSPlatform) Set(val *DeviceAssuranceIOSPlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceIOSPlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceIOSPlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceIOSPlatform(val *DeviceAssuranceIOSPlatform) *NullableDeviceAssuranceIOSPlatform {
+	return &NullableDeviceAssuranceIOSPlatform{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceIOSPlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceIOSPlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_mac_os_platform.go b/okta/model_device_assurance_mac_os_platform.go
new file mode 100644
index 000000000..cde800ba4
--- /dev/null
+++ b/okta/model_device_assurance_mac_os_platform.go
@@ -0,0 +1,398 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// DeviceAssuranceMacOSPlatform struct for DeviceAssuranceMacOSPlatform
+type DeviceAssuranceMacOSPlatform struct {
+	DeviceAssurance
+	DiskEncryptionType        *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType      `json:"diskEncryptionType,omitempty"`
+	Jailbreak                 *bool                                                       `json:"jailbreak,omitempty"`
+	OsVersion                 *OSVersion                                                  `json:"osVersion,omitempty"`
+	ScreenLockType            *DeviceAssuranceAndroidPlatformAllOfScreenLockType          `json:"screenLockType,omitempty"`
+	SecureHardwarePresent     *bool                                                       `json:"secureHardwarePresent,omitempty"`
+	ThirdPartySignalProviders *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _DeviceAssuranceMacOSPlatform DeviceAssuranceMacOSPlatform
+
+// NewDeviceAssuranceMacOSPlatform instantiates a new DeviceAssuranceMacOSPlatform object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceMacOSPlatform() *DeviceAssuranceMacOSPlatform {
+	this := DeviceAssuranceMacOSPlatform{}
+	return &this
+}
+
+// NewDeviceAssuranceMacOSPlatformWithDefaults instantiates a new DeviceAssuranceMacOSPlatform object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceMacOSPlatformWithDefaults() *DeviceAssuranceMacOSPlatform {
+	this := DeviceAssuranceMacOSPlatform{}
+	return &this
+}
+
+// GetDiskEncryptionType returns the DiskEncryptionType field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	if o == nil || o.DiskEncryptionType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+		return ret
+	}
+	return *o.DiskEncryptionType
+}
+
+// GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool) {
+	if o == nil || o.DiskEncryptionType == nil {
+		return nil, false
+	}
+	return o.DiskEncryptionType, true
+}
+
+// HasDiskEncryptionType returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatform) HasDiskEncryptionType() bool {
+	if o != nil && o.DiskEncryptionType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEncryptionType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType and assigns it to the DiskEncryptionType field.
+func (o *DeviceAssuranceMacOSPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	o.DiskEncryptionType = &v
+}
+
+// GetJailbreak returns the Jailbreak field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatform) GetJailbreak() bool {
+	if o == nil || o.Jailbreak == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Jailbreak
+}
+
+// GetJailbreakOk returns a tuple with the Jailbreak field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatform) GetJailbreakOk() (*bool, bool) {
+	if o == nil || o.Jailbreak == nil {
+		return nil, false
+	}
+	return o.Jailbreak, true
+}
+
+// HasJailbreak returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatform) HasJailbreak() bool {
+	if o != nil && o.Jailbreak != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJailbreak gets a reference to the given bool and assigns it to the Jailbreak field.
+func (o *DeviceAssuranceMacOSPlatform) SetJailbreak(v bool) {
+	o.Jailbreak = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatform) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatform) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatform) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DeviceAssuranceMacOSPlatform) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetScreenLockType returns the ScreenLockType field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	if o == nil || o.ScreenLockType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfScreenLockType
+		return ret
+	}
+	return *o.ScreenLockType
+}
+
+// GetScreenLockTypeOk returns a tuple with the ScreenLockType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool) {
+	if o == nil || o.ScreenLockType == nil {
+		return nil, false
+	}
+	return o.ScreenLockType, true
+}
+
+// HasScreenLockType returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatform) HasScreenLockType() bool {
+	if o != nil && o.ScreenLockType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfScreenLockType and assigns it to the ScreenLockType field.
+func (o *DeviceAssuranceMacOSPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	o.ScreenLockType = &v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatform) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatform) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatform) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceAssuranceMacOSPlatform) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+// GetThirdPartySignalProviders returns the ThirdPartySignalProviders field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatform) GetThirdPartySignalProviders() DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		var ret DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders
+		return ret
+	}
+	return *o.ThirdPartySignalProviders
+}
+
+// GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatform) GetThirdPartySignalProvidersOk() (*DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders, bool) {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		return nil, false
+	}
+	return o.ThirdPartySignalProviders, true
+}
+
+// HasThirdPartySignalProviders returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatform) HasThirdPartySignalProviders() bool {
+	if o != nil && o.ThirdPartySignalProviders != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThirdPartySignalProviders gets a reference to the given DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders and assigns it to the ThirdPartySignalProviders field.
+func (o *DeviceAssuranceMacOSPlatform) SetThirdPartySignalProviders(v DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) {
+	o.ThirdPartySignalProviders = &v
+}
+
+func (o DeviceAssuranceMacOSPlatform) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedDeviceAssurance, errDeviceAssurance := json.Marshal(o.DeviceAssurance)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	errDeviceAssurance = json.Unmarshal([]byte(serializedDeviceAssurance), &toSerialize)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	if o.DiskEncryptionType != nil {
+		toSerialize["diskEncryptionType"] = o.DiskEncryptionType
+	}
+	if o.Jailbreak != nil {
+		toSerialize["jailbreak"] = o.Jailbreak
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.ScreenLockType != nil {
+		toSerialize["screenLockType"] = o.ScreenLockType
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+	if o.ThirdPartySignalProviders != nil {
+		toSerialize["thirdPartySignalProviders"] = o.ThirdPartySignalProviders
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceMacOSPlatform) UnmarshalJSON(bytes []byte) (err error) {
+	type DeviceAssuranceMacOSPlatformWithoutEmbeddedStruct struct {
+		DiskEncryptionType        *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType      `json:"diskEncryptionType,omitempty"`
+		Jailbreak                 *bool                                                       `json:"jailbreak,omitempty"`
+		OsVersion                 *OSVersion                                                  `json:"osVersion,omitempty"`
+		ScreenLockType            *DeviceAssuranceAndroidPlatformAllOfScreenLockType          `json:"screenLockType,omitempty"`
+		SecureHardwarePresent     *bool                                                       `json:"secureHardwarePresent,omitempty"`
+		ThirdPartySignalProviders *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	}
+
+	varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct := DeviceAssuranceMacOSPlatformWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct)
+	if err == nil {
+		varDeviceAssuranceMacOSPlatform := _DeviceAssuranceMacOSPlatform{}
+		varDeviceAssuranceMacOSPlatform.DiskEncryptionType = varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct.DiskEncryptionType
+		varDeviceAssuranceMacOSPlatform.Jailbreak = varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct.Jailbreak
+		varDeviceAssuranceMacOSPlatform.OsVersion = varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct.OsVersion
+		varDeviceAssuranceMacOSPlatform.ScreenLockType = varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct.ScreenLockType
+		varDeviceAssuranceMacOSPlatform.SecureHardwarePresent = varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct.SecureHardwarePresent
+		varDeviceAssuranceMacOSPlatform.ThirdPartySignalProviders = varDeviceAssuranceMacOSPlatformWithoutEmbeddedStruct.ThirdPartySignalProviders
+		*o = DeviceAssuranceMacOSPlatform(varDeviceAssuranceMacOSPlatform)
+	} else {
+		return err
+	}
+
+	varDeviceAssuranceMacOSPlatform := _DeviceAssuranceMacOSPlatform{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceMacOSPlatform)
+	if err == nil {
+		o.DeviceAssurance = varDeviceAssuranceMacOSPlatform.DeviceAssurance
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "diskEncryptionType")
+		delete(additionalProperties, "jailbreak")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "screenLockType")
+		delete(additionalProperties, "secureHardwarePresent")
+		delete(additionalProperties, "thirdPartySignalProviders")
+
+		// remove fields from embedded structs
+		reflectDeviceAssurance := reflect.ValueOf(o.DeviceAssurance)
+		for i := 0; i < reflectDeviceAssurance.Type().NumField(); i++ {
+			t := reflectDeviceAssurance.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceMacOSPlatform struct {
+	value *DeviceAssuranceMacOSPlatform
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceMacOSPlatform) Get() *DeviceAssuranceMacOSPlatform {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatform) Set(val *DeviceAssuranceMacOSPlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceMacOSPlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceMacOSPlatform(val *DeviceAssuranceMacOSPlatform) *NullableDeviceAssuranceMacOSPlatform {
+	return &NullableDeviceAssuranceMacOSPlatform{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceMacOSPlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_mac_os_platform_all_of.go b/okta/model_device_assurance_mac_os_platform_all_of.go
new file mode 100644
index 000000000..12a13683e
--- /dev/null
+++ b/okta/model_device_assurance_mac_os_platform_all_of.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceMacOSPlatformAllOf struct for DeviceAssuranceMacOSPlatformAllOf
+type DeviceAssuranceMacOSPlatformAllOf struct {
+	DiskEncryptionType        *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType      `json:"diskEncryptionType,omitempty"`
+	Jailbreak                 *bool                                                       `json:"jailbreak,omitempty"`
+	OsVersion                 *OSVersion                                                  `json:"osVersion,omitempty"`
+	ScreenLockType            *DeviceAssuranceAndroidPlatformAllOfScreenLockType          `json:"screenLockType,omitempty"`
+	SecureHardwarePresent     *bool                                                       `json:"secureHardwarePresent,omitempty"`
+	ThirdPartySignalProviders *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _DeviceAssuranceMacOSPlatformAllOf DeviceAssuranceMacOSPlatformAllOf
+
+// NewDeviceAssuranceMacOSPlatformAllOf instantiates a new DeviceAssuranceMacOSPlatformAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceMacOSPlatformAllOf() *DeviceAssuranceMacOSPlatformAllOf {
+	this := DeviceAssuranceMacOSPlatformAllOf{}
+	return &this
+}
+
+// NewDeviceAssuranceMacOSPlatformAllOfWithDefaults instantiates a new DeviceAssuranceMacOSPlatformAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceMacOSPlatformAllOfWithDefaults() *DeviceAssuranceMacOSPlatformAllOf {
+	this := DeviceAssuranceMacOSPlatformAllOf{}
+	return &this
+}
+
+// GetDiskEncryptionType returns the DiskEncryptionType field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	if o == nil || o.DiskEncryptionType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+		return ret
+	}
+	return *o.DiskEncryptionType
+}
+
+// GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool) {
+	if o == nil || o.DiskEncryptionType == nil {
+		return nil, false
+	}
+	return o.DiskEncryptionType, true
+}
+
+// HasDiskEncryptionType returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) HasDiskEncryptionType() bool {
+	if o != nil && o.DiskEncryptionType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEncryptionType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType and assigns it to the DiskEncryptionType field.
+func (o *DeviceAssuranceMacOSPlatformAllOf) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	o.DiskEncryptionType = &v
+}
+
+// GetJailbreak returns the Jailbreak field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetJailbreak() bool {
+	if o == nil || o.Jailbreak == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Jailbreak
+}
+
+// GetJailbreakOk returns a tuple with the Jailbreak field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetJailbreakOk() (*bool, bool) {
+	if o == nil || o.Jailbreak == nil {
+		return nil, false
+	}
+	return o.Jailbreak, true
+}
+
+// HasJailbreak returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) HasJailbreak() bool {
+	if o != nil && o.Jailbreak != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJailbreak gets a reference to the given bool and assigns it to the Jailbreak field.
+func (o *DeviceAssuranceMacOSPlatformAllOf) SetJailbreak(v bool) {
+	o.Jailbreak = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DeviceAssuranceMacOSPlatformAllOf) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetScreenLockType returns the ScreenLockType field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	if o == nil || o.ScreenLockType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfScreenLockType
+		return ret
+	}
+	return *o.ScreenLockType
+}
+
+// GetScreenLockTypeOk returns a tuple with the ScreenLockType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool) {
+	if o == nil || o.ScreenLockType == nil {
+		return nil, false
+	}
+	return o.ScreenLockType, true
+}
+
+// HasScreenLockType returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) HasScreenLockType() bool {
+	if o != nil && o.ScreenLockType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfScreenLockType and assigns it to the ScreenLockType field.
+func (o *DeviceAssuranceMacOSPlatformAllOf) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	o.ScreenLockType = &v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceAssuranceMacOSPlatformAllOf) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+// GetThirdPartySignalProviders returns the ThirdPartySignalProviders field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetThirdPartySignalProviders() DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		var ret DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders
+		return ret
+	}
+	return *o.ThirdPartySignalProviders
+}
+
+// GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) GetThirdPartySignalProvidersOk() (*DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders, bool) {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		return nil, false
+	}
+	return o.ThirdPartySignalProviders, true
+}
+
+// HasThirdPartySignalProviders returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOf) HasThirdPartySignalProviders() bool {
+	if o != nil && o.ThirdPartySignalProviders != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThirdPartySignalProviders gets a reference to the given DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders and assigns it to the ThirdPartySignalProviders field.
+func (o *DeviceAssuranceMacOSPlatformAllOf) SetThirdPartySignalProviders(v DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) {
+	o.ThirdPartySignalProviders = &v
+}
+
+func (o DeviceAssuranceMacOSPlatformAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DiskEncryptionType != nil {
+		toSerialize["diskEncryptionType"] = o.DiskEncryptionType
+	}
+	if o.Jailbreak != nil {
+		toSerialize["jailbreak"] = o.Jailbreak
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.ScreenLockType != nil {
+		toSerialize["screenLockType"] = o.ScreenLockType
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+	if o.ThirdPartySignalProviders != nil {
+		toSerialize["thirdPartySignalProviders"] = o.ThirdPartySignalProviders
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceMacOSPlatformAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceMacOSPlatformAllOf := _DeviceAssuranceMacOSPlatformAllOf{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceMacOSPlatformAllOf)
+	if err == nil {
+		*o = DeviceAssuranceMacOSPlatformAllOf(varDeviceAssuranceMacOSPlatformAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "diskEncryptionType")
+		delete(additionalProperties, "jailbreak")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "screenLockType")
+		delete(additionalProperties, "secureHardwarePresent")
+		delete(additionalProperties, "thirdPartySignalProviders")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceMacOSPlatformAllOf struct {
+	value *DeviceAssuranceMacOSPlatformAllOf
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceMacOSPlatformAllOf) Get() *DeviceAssuranceMacOSPlatformAllOf {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatformAllOf) Set(val *DeviceAssuranceMacOSPlatformAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceMacOSPlatformAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatformAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceMacOSPlatformAllOf(val *DeviceAssuranceMacOSPlatformAllOf) *NullableDeviceAssuranceMacOSPlatformAllOf {
+	return &NullableDeviceAssuranceMacOSPlatformAllOf{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceMacOSPlatformAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatformAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_mac_os_platform_all_of_third_party_signal_providers.go b/okta/model_device_assurance_mac_os_platform_all_of_third_party_signal_providers.go
new file mode 100644
index 000000000..e545e8d86
--- /dev/null
+++ b/okta/model_device_assurance_mac_os_platform_all_of_third_party_signal_providers.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders Settings for third-party signal providers (based on the `MACOS` platform)
+type DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders struct {
+	Dtc                  *DTCMacOS `json:"dtc,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders
+
+// NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders instantiates a new DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders() *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders {
+	this := DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders{}
+	return &this
+}
+
+// NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProvidersWithDefaults instantiates a new DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProvidersWithDefaults() *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders {
+	this := DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders{}
+	return &this
+}
+
+// GetDtc returns the Dtc field value if set, zero value otherwise.
+func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) GetDtc() DTCMacOS {
+	if o == nil || o.Dtc == nil {
+		var ret DTCMacOS
+		return ret
+	}
+	return *o.Dtc
+}
+
+// GetDtcOk returns a tuple with the Dtc field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) GetDtcOk() (*DTCMacOS, bool) {
+	if o == nil || o.Dtc == nil {
+		return nil, false
+	}
+	return o.Dtc, true
+}
+
+// HasDtc returns a boolean if a field has been set.
+func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) HasDtc() bool {
+	if o != nil && o.Dtc != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDtc gets a reference to the given DTCMacOS and assigns it to the Dtc field.
+func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) SetDtc(v DTCMacOS) {
+	o.Dtc = &v
+}
+
+func (o DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Dtc != nil {
+		toSerialize["dtc"] = o.Dtc
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders := _DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders)
+	if err == nil {
+		*o = DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders(varDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "dtc")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders struct {
+	value *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) Get() *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) Set(val *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders(val *DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) *NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders {
+	return &NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_windows_platform.go b/okta/model_device_assurance_windows_platform.go
new file mode 100644
index 000000000..f3f7853a9
--- /dev/null
+++ b/okta/model_device_assurance_windows_platform.go
@@ -0,0 +1,398 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// DeviceAssuranceWindowsPlatform struct for DeviceAssuranceWindowsPlatform
+type DeviceAssuranceWindowsPlatform struct {
+	DeviceAssurance
+	DiskEncryptionType        *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType        `json:"diskEncryptionType,omitempty"`
+	Jailbreak                 *bool                                                         `json:"jailbreak,omitempty"`
+	OsVersion                 *OSVersion                                                    `json:"osVersion,omitempty"`
+	ScreenLockType            *DeviceAssuranceAndroidPlatformAllOfScreenLockType            `json:"screenLockType,omitempty"`
+	SecureHardwarePresent     *bool                                                         `json:"secureHardwarePresent,omitempty"`
+	ThirdPartySignalProviders *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _DeviceAssuranceWindowsPlatform DeviceAssuranceWindowsPlatform
+
+// NewDeviceAssuranceWindowsPlatform instantiates a new DeviceAssuranceWindowsPlatform object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceWindowsPlatform() *DeviceAssuranceWindowsPlatform {
+	this := DeviceAssuranceWindowsPlatform{}
+	return &this
+}
+
+// NewDeviceAssuranceWindowsPlatformWithDefaults instantiates a new DeviceAssuranceWindowsPlatform object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceWindowsPlatformWithDefaults() *DeviceAssuranceWindowsPlatform {
+	this := DeviceAssuranceWindowsPlatform{}
+	return &this
+}
+
+// GetDiskEncryptionType returns the DiskEncryptionType field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatform) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	if o == nil || o.DiskEncryptionType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+		return ret
+	}
+	return *o.DiskEncryptionType
+}
+
+// GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatform) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool) {
+	if o == nil || o.DiskEncryptionType == nil {
+		return nil, false
+	}
+	return o.DiskEncryptionType, true
+}
+
+// HasDiskEncryptionType returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatform) HasDiskEncryptionType() bool {
+	if o != nil && o.DiskEncryptionType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEncryptionType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType and assigns it to the DiskEncryptionType field.
+func (o *DeviceAssuranceWindowsPlatform) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	o.DiskEncryptionType = &v
+}
+
+// GetJailbreak returns the Jailbreak field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatform) GetJailbreak() bool {
+	if o == nil || o.Jailbreak == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Jailbreak
+}
+
+// GetJailbreakOk returns a tuple with the Jailbreak field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatform) GetJailbreakOk() (*bool, bool) {
+	if o == nil || o.Jailbreak == nil {
+		return nil, false
+	}
+	return o.Jailbreak, true
+}
+
+// HasJailbreak returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatform) HasJailbreak() bool {
+	if o != nil && o.Jailbreak != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJailbreak gets a reference to the given bool and assigns it to the Jailbreak field.
+func (o *DeviceAssuranceWindowsPlatform) SetJailbreak(v bool) {
+	o.Jailbreak = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatform) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatform) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatform) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DeviceAssuranceWindowsPlatform) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetScreenLockType returns the ScreenLockType field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatform) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	if o == nil || o.ScreenLockType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfScreenLockType
+		return ret
+	}
+	return *o.ScreenLockType
+}
+
+// GetScreenLockTypeOk returns a tuple with the ScreenLockType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatform) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool) {
+	if o == nil || o.ScreenLockType == nil {
+		return nil, false
+	}
+	return o.ScreenLockType, true
+}
+
+// HasScreenLockType returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatform) HasScreenLockType() bool {
+	if o != nil && o.ScreenLockType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfScreenLockType and assigns it to the ScreenLockType field.
+func (o *DeviceAssuranceWindowsPlatform) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	o.ScreenLockType = &v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatform) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatform) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatform) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceAssuranceWindowsPlatform) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+// GetThirdPartySignalProviders returns the ThirdPartySignalProviders field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatform) GetThirdPartySignalProviders() DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		var ret DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders
+		return ret
+	}
+	return *o.ThirdPartySignalProviders
+}
+
+// GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatform) GetThirdPartySignalProvidersOk() (*DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders, bool) {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		return nil, false
+	}
+	return o.ThirdPartySignalProviders, true
+}
+
+// HasThirdPartySignalProviders returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatform) HasThirdPartySignalProviders() bool {
+	if o != nil && o.ThirdPartySignalProviders != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThirdPartySignalProviders gets a reference to the given DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders and assigns it to the ThirdPartySignalProviders field.
+func (o *DeviceAssuranceWindowsPlatform) SetThirdPartySignalProviders(v DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) {
+	o.ThirdPartySignalProviders = &v
+}
+
+func (o DeviceAssuranceWindowsPlatform) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedDeviceAssurance, errDeviceAssurance := json.Marshal(o.DeviceAssurance)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	errDeviceAssurance = json.Unmarshal([]byte(serializedDeviceAssurance), &toSerialize)
+	if errDeviceAssurance != nil {
+		return []byte{}, errDeviceAssurance
+	}
+	if o.DiskEncryptionType != nil {
+		toSerialize["diskEncryptionType"] = o.DiskEncryptionType
+	}
+	if o.Jailbreak != nil {
+		toSerialize["jailbreak"] = o.Jailbreak
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.ScreenLockType != nil {
+		toSerialize["screenLockType"] = o.ScreenLockType
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+	if o.ThirdPartySignalProviders != nil {
+		toSerialize["thirdPartySignalProviders"] = o.ThirdPartySignalProviders
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceWindowsPlatform) UnmarshalJSON(bytes []byte) (err error) {
+	type DeviceAssuranceWindowsPlatformWithoutEmbeddedStruct struct {
+		DiskEncryptionType        *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType        `json:"diskEncryptionType,omitempty"`
+		Jailbreak                 *bool                                                         `json:"jailbreak,omitempty"`
+		OsVersion                 *OSVersion                                                    `json:"osVersion,omitempty"`
+		ScreenLockType            *DeviceAssuranceAndroidPlatformAllOfScreenLockType            `json:"screenLockType,omitempty"`
+		SecureHardwarePresent     *bool                                                         `json:"secureHardwarePresent,omitempty"`
+		ThirdPartySignalProviders *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	}
+
+	varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct := DeviceAssuranceWindowsPlatformWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct)
+	if err == nil {
+		varDeviceAssuranceWindowsPlatform := _DeviceAssuranceWindowsPlatform{}
+		varDeviceAssuranceWindowsPlatform.DiskEncryptionType = varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct.DiskEncryptionType
+		varDeviceAssuranceWindowsPlatform.Jailbreak = varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct.Jailbreak
+		varDeviceAssuranceWindowsPlatform.OsVersion = varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct.OsVersion
+		varDeviceAssuranceWindowsPlatform.ScreenLockType = varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct.ScreenLockType
+		varDeviceAssuranceWindowsPlatform.SecureHardwarePresent = varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct.SecureHardwarePresent
+		varDeviceAssuranceWindowsPlatform.ThirdPartySignalProviders = varDeviceAssuranceWindowsPlatformWithoutEmbeddedStruct.ThirdPartySignalProviders
+		*o = DeviceAssuranceWindowsPlatform(varDeviceAssuranceWindowsPlatform)
+	} else {
+		return err
+	}
+
+	varDeviceAssuranceWindowsPlatform := _DeviceAssuranceWindowsPlatform{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceWindowsPlatform)
+	if err == nil {
+		o.DeviceAssurance = varDeviceAssuranceWindowsPlatform.DeviceAssurance
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "diskEncryptionType")
+		delete(additionalProperties, "jailbreak")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "screenLockType")
+		delete(additionalProperties, "secureHardwarePresent")
+		delete(additionalProperties, "thirdPartySignalProviders")
+
+		// remove fields from embedded structs
+		reflectDeviceAssurance := reflect.ValueOf(o.DeviceAssurance)
+		for i := 0; i < reflectDeviceAssurance.Type().NumField(); i++ {
+			t := reflectDeviceAssurance.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceWindowsPlatform struct {
+	value *DeviceAssuranceWindowsPlatform
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceWindowsPlatform) Get() *DeviceAssuranceWindowsPlatform {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatform) Set(val *DeviceAssuranceWindowsPlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceWindowsPlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceWindowsPlatform(val *DeviceAssuranceWindowsPlatform) *NullableDeviceAssuranceWindowsPlatform {
+	return &NullableDeviceAssuranceWindowsPlatform{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceWindowsPlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_windows_platform_all_of.go b/okta/model_device_assurance_windows_platform_all_of.go
new file mode 100644
index 000000000..0b554920e
--- /dev/null
+++ b/okta/model_device_assurance_windows_platform_all_of.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceWindowsPlatformAllOf struct for DeviceAssuranceWindowsPlatformAllOf
+type DeviceAssuranceWindowsPlatformAllOf struct {
+	DiskEncryptionType        *DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType        `json:"diskEncryptionType,omitempty"`
+	Jailbreak                 *bool                                                         `json:"jailbreak,omitempty"`
+	OsVersion                 *OSVersion                                                    `json:"osVersion,omitempty"`
+	ScreenLockType            *DeviceAssuranceAndroidPlatformAllOfScreenLockType            `json:"screenLockType,omitempty"`
+	SecureHardwarePresent     *bool                                                         `json:"secureHardwarePresent,omitempty"`
+	ThirdPartySignalProviders *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders `json:"thirdPartySignalProviders,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _DeviceAssuranceWindowsPlatformAllOf DeviceAssuranceWindowsPlatformAllOf
+
+// NewDeviceAssuranceWindowsPlatformAllOf instantiates a new DeviceAssuranceWindowsPlatformAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceWindowsPlatformAllOf() *DeviceAssuranceWindowsPlatformAllOf {
+	this := DeviceAssuranceWindowsPlatformAllOf{}
+	return &this
+}
+
+// NewDeviceAssuranceWindowsPlatformAllOfWithDefaults instantiates a new DeviceAssuranceWindowsPlatformAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceWindowsPlatformAllOfWithDefaults() *DeviceAssuranceWindowsPlatformAllOf {
+	this := DeviceAssuranceWindowsPlatformAllOf{}
+	return &this
+}
+
+// GetDiskEncryptionType returns the DiskEncryptionType field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetDiskEncryptionType() DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType {
+	if o == nil || o.DiskEncryptionType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
+		return ret
+	}
+	return *o.DiskEncryptionType
+}
+
+// GetDiskEncryptionTypeOk returns a tuple with the DiskEncryptionType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetDiskEncryptionTypeOk() (*DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType, bool) {
+	if o == nil || o.DiskEncryptionType == nil {
+		return nil, false
+	}
+	return o.DiskEncryptionType, true
+}
+
+// HasDiskEncryptionType returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) HasDiskEncryptionType() bool {
+	if o != nil && o.DiskEncryptionType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEncryptionType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType and assigns it to the DiskEncryptionType field.
+func (o *DeviceAssuranceWindowsPlatformAllOf) SetDiskEncryptionType(v DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType) {
+	o.DiskEncryptionType = &v
+}
+
+// GetJailbreak returns the Jailbreak field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetJailbreak() bool {
+	if o == nil || o.Jailbreak == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Jailbreak
+}
+
+// GetJailbreakOk returns a tuple with the Jailbreak field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetJailbreakOk() (*bool, bool) {
+	if o == nil || o.Jailbreak == nil {
+		return nil, false
+	}
+	return o.Jailbreak, true
+}
+
+// HasJailbreak returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) HasJailbreak() bool {
+	if o != nil && o.Jailbreak != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJailbreak gets a reference to the given bool and assigns it to the Jailbreak field.
+func (o *DeviceAssuranceWindowsPlatformAllOf) SetJailbreak(v bool) {
+	o.Jailbreak = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DeviceAssuranceWindowsPlatformAllOf) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetScreenLockType returns the ScreenLockType field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetScreenLockType() DeviceAssuranceAndroidPlatformAllOfScreenLockType {
+	if o == nil || o.ScreenLockType == nil {
+		var ret DeviceAssuranceAndroidPlatformAllOfScreenLockType
+		return ret
+	}
+	return *o.ScreenLockType
+}
+
+// GetScreenLockTypeOk returns a tuple with the ScreenLockType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetScreenLockTypeOk() (*DeviceAssuranceAndroidPlatformAllOfScreenLockType, bool) {
+	if o == nil || o.ScreenLockType == nil {
+		return nil, false
+	}
+	return o.ScreenLockType, true
+}
+
+// HasScreenLockType returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) HasScreenLockType() bool {
+	if o != nil && o.ScreenLockType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockType gets a reference to the given DeviceAssuranceAndroidPlatformAllOfScreenLockType and assigns it to the ScreenLockType field.
+func (o *DeviceAssuranceWindowsPlatformAllOf) SetScreenLockType(v DeviceAssuranceAndroidPlatformAllOfScreenLockType) {
+	o.ScreenLockType = &v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceAssuranceWindowsPlatformAllOf) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+// GetThirdPartySignalProviders returns the ThirdPartySignalProviders field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetThirdPartySignalProviders() DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		var ret DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders
+		return ret
+	}
+	return *o.ThirdPartySignalProviders
+}
+
+// GetThirdPartySignalProvidersOk returns a tuple with the ThirdPartySignalProviders field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) GetThirdPartySignalProvidersOk() (*DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders, bool) {
+	if o == nil || o.ThirdPartySignalProviders == nil {
+		return nil, false
+	}
+	return o.ThirdPartySignalProviders, true
+}
+
+// HasThirdPartySignalProviders returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOf) HasThirdPartySignalProviders() bool {
+	if o != nil && o.ThirdPartySignalProviders != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThirdPartySignalProviders gets a reference to the given DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders and assigns it to the ThirdPartySignalProviders field.
+func (o *DeviceAssuranceWindowsPlatformAllOf) SetThirdPartySignalProviders(v DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) {
+	o.ThirdPartySignalProviders = &v
+}
+
+func (o DeviceAssuranceWindowsPlatformAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DiskEncryptionType != nil {
+		toSerialize["diskEncryptionType"] = o.DiskEncryptionType
+	}
+	if o.Jailbreak != nil {
+		toSerialize["jailbreak"] = o.Jailbreak
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.ScreenLockType != nil {
+		toSerialize["screenLockType"] = o.ScreenLockType
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+	if o.ThirdPartySignalProviders != nil {
+		toSerialize["thirdPartySignalProviders"] = o.ThirdPartySignalProviders
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceWindowsPlatformAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceWindowsPlatformAllOf := _DeviceAssuranceWindowsPlatformAllOf{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceWindowsPlatformAllOf)
+	if err == nil {
+		*o = DeviceAssuranceWindowsPlatformAllOf(varDeviceAssuranceWindowsPlatformAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "diskEncryptionType")
+		delete(additionalProperties, "jailbreak")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "screenLockType")
+		delete(additionalProperties, "secureHardwarePresent")
+		delete(additionalProperties, "thirdPartySignalProviders")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceWindowsPlatformAllOf struct {
+	value *DeviceAssuranceWindowsPlatformAllOf
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceWindowsPlatformAllOf) Get() *DeviceAssuranceWindowsPlatformAllOf {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatformAllOf) Set(val *DeviceAssuranceWindowsPlatformAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceWindowsPlatformAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatformAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceWindowsPlatformAllOf(val *DeviceAssuranceWindowsPlatformAllOf) *NullableDeviceAssuranceWindowsPlatformAllOf {
+	return &NullableDeviceAssuranceWindowsPlatformAllOf{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceWindowsPlatformAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatformAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_assurance_windows_platform_all_of_third_party_signal_providers.go b/okta/model_device_assurance_windows_platform_all_of_third_party_signal_providers.go
new file mode 100644
index 000000000..5dfbf947e
--- /dev/null
+++ b/okta/model_device_assurance_windows_platform_all_of_third_party_signal_providers.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders Settings for third-party signal providers (based on the `WINDOWS` platform)
+type DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders struct {
+	Dtc                  *DTCWindows `json:"dtc,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders
+
+// NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders instantiates a new DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders() *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders {
+	this := DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders{}
+	return &this
+}
+
+// NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProvidersWithDefaults instantiates a new DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProvidersWithDefaults() *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders {
+	this := DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders{}
+	return &this
+}
+
+// GetDtc returns the Dtc field value if set, zero value otherwise.
+func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) GetDtc() DTCWindows {
+	if o == nil || o.Dtc == nil {
+		var ret DTCWindows
+		return ret
+	}
+	return *o.Dtc
+}
+
+// GetDtcOk returns a tuple with the Dtc field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) GetDtcOk() (*DTCWindows, bool) {
+	if o == nil || o.Dtc == nil {
+		return nil, false
+	}
+	return o.Dtc, true
+}
+
+// HasDtc returns a boolean if a field has been set.
+func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) HasDtc() bool {
+	if o != nil && o.Dtc != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDtc gets a reference to the given DTCWindows and assigns it to the Dtc field.
+func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) SetDtc(v DTCWindows) {
+	o.Dtc = &v
+}
+
+func (o DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Dtc != nil {
+		toSerialize["dtc"] = o.Dtc
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders := _DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders{}
+
+	err = json.Unmarshal(bytes, &varDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders)
+	if err == nil {
+		*o = DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders(varDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "dtc")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders struct {
+	value *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders
+	isSet bool
+}
+
+func (v NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) Get() *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders {
+	return v.value
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) Set(val *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders(val *DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) *NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders {
+	return &NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders{value: val, isSet: true}
+}
+
+func (v NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_display_name.go b/okta/model_device_display_name.go
new file mode 100644
index 000000000..85995cddf
--- /dev/null
+++ b/okta/model_device_display_name.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceDisplayName struct for DeviceDisplayName
+type DeviceDisplayName struct {
+	Sensitive            *bool   `json:"sensitive,omitempty"`
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceDisplayName DeviceDisplayName
+
+// NewDeviceDisplayName instantiates a new DeviceDisplayName object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceDisplayName() *DeviceDisplayName {
+	this := DeviceDisplayName{}
+	return &this
+}
+
+// NewDeviceDisplayNameWithDefaults instantiates a new DeviceDisplayName object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceDisplayNameWithDefaults() *DeviceDisplayName {
+	this := DeviceDisplayName{}
+	return &this
+}
+
+// GetSensitive returns the Sensitive field value if set, zero value otherwise.
+func (o *DeviceDisplayName) GetSensitive() bool {
+	if o == nil || o.Sensitive == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Sensitive
+}
+
+// GetSensitiveOk returns a tuple with the Sensitive field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceDisplayName) GetSensitiveOk() (*bool, bool) {
+	if o == nil || o.Sensitive == nil {
+		return nil, false
+	}
+	return o.Sensitive, true
+}
+
+// HasSensitive returns a boolean if a field has been set.
+func (o *DeviceDisplayName) HasSensitive() bool {
+	if o != nil && o.Sensitive != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSensitive gets a reference to the given bool and assigns it to the Sensitive field.
+func (o *DeviceDisplayName) SetSensitive(v bool) {
+	o.Sensitive = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *DeviceDisplayName) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceDisplayName) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *DeviceDisplayName) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *DeviceDisplayName) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o DeviceDisplayName) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Sensitive != nil {
+		toSerialize["sensitive"] = o.Sensitive
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceDisplayName) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceDisplayName := _DeviceDisplayName{}
+
+	err = json.Unmarshal(bytes, &varDeviceDisplayName)
+	if err == nil {
+		*o = DeviceDisplayName(varDeviceDisplayName)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "sensitive")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceDisplayName struct {
+	value *DeviceDisplayName
+	isSet bool
+}
+
+func (v NullableDeviceDisplayName) Get() *DeviceDisplayName {
+	return v.value
+}
+
+func (v *NullableDeviceDisplayName) Set(val *DeviceDisplayName) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceDisplayName) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceDisplayName) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceDisplayName(val *DeviceDisplayName) *NullableDeviceDisplayName {
+	return &NullableDeviceDisplayName{value: val, isSet: true}
+}
+
+func (v NullableDeviceDisplayName) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceDisplayName) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_platform.go b/okta/model_device_platform.go
new file mode 100644
index 000000000..70e70ca84
--- /dev/null
+++ b/okta/model_device_platform.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DevicePlatform OS platform of the device
+type DevicePlatform string
+
+// List of DevicePlatform
+const (
+	DEVICEPLATFORM_ANDROID DevicePlatform = "ANDROID"
+	DEVICEPLATFORM_IOS     DevicePlatform = "IOS"
+	DEVICEPLATFORM_MACOS   DevicePlatform = "MACOS"
+	DEVICEPLATFORM_WINDOWS DevicePlatform = "WINDOWS"
+)
+
+// All allowed values of DevicePlatform enum
+var AllowedDevicePlatformEnumValues = []DevicePlatform{
+	"ANDROID",
+	"IOS",
+	"MACOS",
+	"WINDOWS",
+}
+
+func (v *DevicePlatform) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DevicePlatform(value)
+	for _, existing := range AllowedDevicePlatformEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DevicePlatform", value)
+}
+
+// NewDevicePlatformFromValue returns a pointer to a valid DevicePlatform
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDevicePlatformFromValue(v string) (*DevicePlatform, error) {
+	ev := DevicePlatform(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DevicePlatform: valid values are %v", v, AllowedDevicePlatformEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DevicePlatform) IsValid() bool {
+	for _, existing := range AllowedDevicePlatformEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DevicePlatform value
+func (v DevicePlatform) Ptr() *DevicePlatform {
+	return &v
+}
+
+type NullableDevicePlatform struct {
+	value *DevicePlatform
+	isSet bool
+}
+
+func (v NullableDevicePlatform) Get() *DevicePlatform {
+	return v.value
+}
+
+func (v *NullableDevicePlatform) Set(val *DevicePlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDevicePlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDevicePlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDevicePlatform(val *DevicePlatform) *NullableDevicePlatform {
+	return &NullableDevicePlatform{value: val, isSet: true}
+}
+
+func (v NullableDevicePlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDevicePlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_policy_mdm_framework.go b/okta/model_device_policy_mdm_framework.go
new file mode 100644
index 000000000..61467ff1a
--- /dev/null
+++ b/okta/model_device_policy_mdm_framework.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DevicePolicyMDMFramework the model 'DevicePolicyMDMFramework'
+type DevicePolicyMDMFramework string
+
+// List of DevicePolicyMDMFramework
+const (
+	DEVICEPOLICYMDMFRAMEWORK_AFW    DevicePolicyMDMFramework = "AFW"
+	DEVICEPOLICYMDMFRAMEWORK_NATIVE DevicePolicyMDMFramework = "NATIVE"
+	DEVICEPOLICYMDMFRAMEWORK_SAFE   DevicePolicyMDMFramework = "SAFE"
+)
+
+// All allowed values of DevicePolicyMDMFramework enum
+var AllowedDevicePolicyMDMFrameworkEnumValues = []DevicePolicyMDMFramework{
+	"AFW",
+	"NATIVE",
+	"SAFE",
+}
+
+func (v *DevicePolicyMDMFramework) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DevicePolicyMDMFramework(value)
+	for _, existing := range AllowedDevicePolicyMDMFrameworkEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DevicePolicyMDMFramework", value)
+}
+
+// NewDevicePolicyMDMFrameworkFromValue returns a pointer to a valid DevicePolicyMDMFramework
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDevicePolicyMDMFrameworkFromValue(v string) (*DevicePolicyMDMFramework, error) {
+	ev := DevicePolicyMDMFramework(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DevicePolicyMDMFramework: valid values are %v", v, AllowedDevicePolicyMDMFrameworkEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DevicePolicyMDMFramework) IsValid() bool {
+	for _, existing := range AllowedDevicePolicyMDMFrameworkEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DevicePolicyMDMFramework value
+func (v DevicePolicyMDMFramework) Ptr() *DevicePolicyMDMFramework {
+	return &v
+}
+
+type NullableDevicePolicyMDMFramework struct {
+	value *DevicePolicyMDMFramework
+	isSet bool
+}
+
+func (v NullableDevicePolicyMDMFramework) Get() *DevicePolicyMDMFramework {
+	return v.value
+}
+
+func (v *NullableDevicePolicyMDMFramework) Set(val *DevicePolicyMDMFramework) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDevicePolicyMDMFramework) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDevicePolicyMDMFramework) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDevicePolicyMDMFramework(val *DevicePolicyMDMFramework) *NullableDevicePolicyMDMFramework {
+	return &NullableDevicePolicyMDMFramework{value: val, isSet: true}
+}
+
+func (v NullableDevicePolicyMDMFramework) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDevicePolicyMDMFramework) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_policy_platform_type.go b/okta/model_device_policy_platform_type.go
new file mode 100644
index 000000000..dba73e6dd
--- /dev/null
+++ b/okta/model_device_policy_platform_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DevicePolicyPlatformType the model 'DevicePolicyPlatformType'
+type DevicePolicyPlatformType string
+
+// List of DevicePolicyPlatformType
+const (
+	DEVICEPOLICYPLATFORMTYPE_ANDROID DevicePolicyPlatformType = "ANDROID"
+	DEVICEPOLICYPLATFORMTYPE_IOS     DevicePolicyPlatformType = "IOS"
+	DEVICEPOLICYPLATFORMTYPE_OSX     DevicePolicyPlatformType = "OSX"
+	DEVICEPOLICYPLATFORMTYPE_WINDOWS DevicePolicyPlatformType = "WINDOWS"
+)
+
+// All allowed values of DevicePolicyPlatformType enum
+var AllowedDevicePolicyPlatformTypeEnumValues = []DevicePolicyPlatformType{
+	"ANDROID",
+	"IOS",
+	"OSX",
+	"WINDOWS",
+}
+
+func (v *DevicePolicyPlatformType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DevicePolicyPlatformType(value)
+	for _, existing := range AllowedDevicePolicyPlatformTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DevicePolicyPlatformType", value)
+}
+
+// NewDevicePolicyPlatformTypeFromValue returns a pointer to a valid DevicePolicyPlatformType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDevicePolicyPlatformTypeFromValue(v string) (*DevicePolicyPlatformType, error) {
+	ev := DevicePolicyPlatformType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DevicePolicyPlatformType: valid values are %v", v, AllowedDevicePolicyPlatformTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DevicePolicyPlatformType) IsValid() bool {
+	for _, existing := range AllowedDevicePolicyPlatformTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DevicePolicyPlatformType value
+func (v DevicePolicyPlatformType) Ptr() *DevicePolicyPlatformType {
+	return &v
+}
+
+type NullableDevicePolicyPlatformType struct {
+	value *DevicePolicyPlatformType
+	isSet bool
+}
+
+func (v NullableDevicePolicyPlatformType) Get() *DevicePolicyPlatformType {
+	return v.value
+}
+
+func (v *NullableDevicePolicyPlatformType) Set(val *DevicePolicyPlatformType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDevicePolicyPlatformType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDevicePolicyPlatformType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDevicePolicyPlatformType(val *DevicePolicyPlatformType) *NullableDevicePolicyPlatformType {
+	return &NullableDevicePolicyPlatformType{value: val, isSet: true}
+}
+
+func (v NullableDevicePolicyPlatformType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDevicePolicyPlatformType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_policy_rule_condition.go b/okta/model_device_policy_rule_condition.go
new file mode 100644
index 000000000..605b67de6
--- /dev/null
+++ b/okta/model_device_policy_rule_condition.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DevicePolicyRuleCondition struct for DevicePolicyRuleCondition
+type DevicePolicyRuleCondition struct {
+	Migrated             *bool                              `json:"migrated,omitempty"`
+	Platform             *DevicePolicyRuleConditionPlatform `json:"platform,omitempty"`
+	Rooted               *bool                              `json:"rooted,omitempty"`
+	TrustLevel           *DevicePolicyTrustLevel            `json:"trustLevel,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DevicePolicyRuleCondition DevicePolicyRuleCondition
+
+// NewDevicePolicyRuleCondition instantiates a new DevicePolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDevicePolicyRuleCondition() *DevicePolicyRuleCondition {
+	this := DevicePolicyRuleCondition{}
+	return &this
+}
+
+// NewDevicePolicyRuleConditionWithDefaults instantiates a new DevicePolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDevicePolicyRuleConditionWithDefaults() *DevicePolicyRuleCondition {
+	this := DevicePolicyRuleCondition{}
+	return &this
+}
+
+// GetMigrated returns the Migrated field value if set, zero value otherwise.
+func (o *DevicePolicyRuleCondition) GetMigrated() bool {
+	if o == nil || o.Migrated == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Migrated
+}
+
+// GetMigratedOk returns a tuple with the Migrated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DevicePolicyRuleCondition) GetMigratedOk() (*bool, bool) {
+	if o == nil || o.Migrated == nil {
+		return nil, false
+	}
+	return o.Migrated, true
+}
+
+// HasMigrated returns a boolean if a field has been set.
+func (o *DevicePolicyRuleCondition) HasMigrated() bool {
+	if o != nil && o.Migrated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMigrated gets a reference to the given bool and assigns it to the Migrated field.
+func (o *DevicePolicyRuleCondition) SetMigrated(v bool) {
+	o.Migrated = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *DevicePolicyRuleCondition) GetPlatform() DevicePolicyRuleConditionPlatform {
+	if o == nil || o.Platform == nil {
+		var ret DevicePolicyRuleConditionPlatform
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DevicePolicyRuleCondition) GetPlatformOk() (*DevicePolicyRuleConditionPlatform, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *DevicePolicyRuleCondition) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given DevicePolicyRuleConditionPlatform and assigns it to the Platform field.
+func (o *DevicePolicyRuleCondition) SetPlatform(v DevicePolicyRuleConditionPlatform) {
+	o.Platform = &v
+}
+
+// GetRooted returns the Rooted field value if set, zero value otherwise.
+func (o *DevicePolicyRuleCondition) GetRooted() bool {
+	if o == nil || o.Rooted == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Rooted
+}
+
+// GetRootedOk returns a tuple with the Rooted field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DevicePolicyRuleCondition) GetRootedOk() (*bool, bool) {
+	if o == nil || o.Rooted == nil {
+		return nil, false
+	}
+	return o.Rooted, true
+}
+
+// HasRooted returns a boolean if a field has been set.
+func (o *DevicePolicyRuleCondition) HasRooted() bool {
+	if o != nil && o.Rooted != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRooted gets a reference to the given bool and assigns it to the Rooted field.
+func (o *DevicePolicyRuleCondition) SetRooted(v bool) {
+	o.Rooted = &v
+}
+
+// GetTrustLevel returns the TrustLevel field value if set, zero value otherwise.
+func (o *DevicePolicyRuleCondition) GetTrustLevel() DevicePolicyTrustLevel {
+	if o == nil || o.TrustLevel == nil {
+		var ret DevicePolicyTrustLevel
+		return ret
+	}
+	return *o.TrustLevel
+}
+
+// GetTrustLevelOk returns a tuple with the TrustLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DevicePolicyRuleCondition) GetTrustLevelOk() (*DevicePolicyTrustLevel, bool) {
+	if o == nil || o.TrustLevel == nil {
+		return nil, false
+	}
+	return o.TrustLevel, true
+}
+
+// HasTrustLevel returns a boolean if a field has been set.
+func (o *DevicePolicyRuleCondition) HasTrustLevel() bool {
+	if o != nil && o.TrustLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTrustLevel gets a reference to the given DevicePolicyTrustLevel and assigns it to the TrustLevel field.
+func (o *DevicePolicyRuleCondition) SetTrustLevel(v DevicePolicyTrustLevel) {
+	o.TrustLevel = &v
+}
+
+func (o DevicePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Migrated != nil {
+		toSerialize["migrated"] = o.Migrated
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Rooted != nil {
+		toSerialize["rooted"] = o.Rooted
+	}
+	if o.TrustLevel != nil {
+		toSerialize["trustLevel"] = o.TrustLevel
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DevicePolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varDevicePolicyRuleCondition := _DevicePolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varDevicePolicyRuleCondition)
+	if err == nil {
+		*o = DevicePolicyRuleCondition(varDevicePolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "migrated")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "rooted")
+		delete(additionalProperties, "trustLevel")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDevicePolicyRuleCondition struct {
+	value *DevicePolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableDevicePolicyRuleCondition) Get() *DevicePolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableDevicePolicyRuleCondition) Set(val *DevicePolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDevicePolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDevicePolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDevicePolicyRuleCondition(val *DevicePolicyRuleCondition) *NullableDevicePolicyRuleCondition {
+	return &NullableDevicePolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableDevicePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDevicePolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_policy_rule_condition_platform.go b/okta/model_device_policy_rule_condition_platform.go
new file mode 100644
index 000000000..687e2de5a
--- /dev/null
+++ b/okta/model_device_policy_rule_condition_platform.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DevicePolicyRuleConditionPlatform struct for DevicePolicyRuleConditionPlatform
+type DevicePolicyRuleConditionPlatform struct {
+	SupportedMDMFrameworks []DevicePolicyMDMFramework `json:"supportedMDMFrameworks,omitempty"`
+	Types                  []DevicePolicyPlatformType `json:"types,omitempty"`
+	AdditionalProperties   map[string]interface{}
+}
+
+type _DevicePolicyRuleConditionPlatform DevicePolicyRuleConditionPlatform
+
+// NewDevicePolicyRuleConditionPlatform instantiates a new DevicePolicyRuleConditionPlatform object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDevicePolicyRuleConditionPlatform() *DevicePolicyRuleConditionPlatform {
+	this := DevicePolicyRuleConditionPlatform{}
+	return &this
+}
+
+// NewDevicePolicyRuleConditionPlatformWithDefaults instantiates a new DevicePolicyRuleConditionPlatform object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDevicePolicyRuleConditionPlatformWithDefaults() *DevicePolicyRuleConditionPlatform {
+	this := DevicePolicyRuleConditionPlatform{}
+	return &this
+}
+
+// GetSupportedMDMFrameworks returns the SupportedMDMFrameworks field value if set, zero value otherwise.
+func (o *DevicePolicyRuleConditionPlatform) GetSupportedMDMFrameworks() []DevicePolicyMDMFramework {
+	if o == nil || o.SupportedMDMFrameworks == nil {
+		var ret []DevicePolicyMDMFramework
+		return ret
+	}
+	return o.SupportedMDMFrameworks
+}
+
+// GetSupportedMDMFrameworksOk returns a tuple with the SupportedMDMFrameworks field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DevicePolicyRuleConditionPlatform) GetSupportedMDMFrameworksOk() ([]DevicePolicyMDMFramework, bool) {
+	if o == nil || o.SupportedMDMFrameworks == nil {
+		return nil, false
+	}
+	return o.SupportedMDMFrameworks, true
+}
+
+// HasSupportedMDMFrameworks returns a boolean if a field has been set.
+func (o *DevicePolicyRuleConditionPlatform) HasSupportedMDMFrameworks() bool {
+	if o != nil && o.SupportedMDMFrameworks != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSupportedMDMFrameworks gets a reference to the given []DevicePolicyMDMFramework and assigns it to the SupportedMDMFrameworks field.
+func (o *DevicePolicyRuleConditionPlatform) SetSupportedMDMFrameworks(v []DevicePolicyMDMFramework) {
+	o.SupportedMDMFrameworks = v
+}
+
+// GetTypes returns the Types field value if set, zero value otherwise.
+func (o *DevicePolicyRuleConditionPlatform) GetTypes() []DevicePolicyPlatformType {
+	if o == nil || o.Types == nil {
+		var ret []DevicePolicyPlatformType
+		return ret
+	}
+	return o.Types
+}
+
+// GetTypesOk returns a tuple with the Types field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DevicePolicyRuleConditionPlatform) GetTypesOk() ([]DevicePolicyPlatformType, bool) {
+	if o == nil || o.Types == nil {
+		return nil, false
+	}
+	return o.Types, true
+}
+
+// HasTypes returns a boolean if a field has been set.
+func (o *DevicePolicyRuleConditionPlatform) HasTypes() bool {
+	if o != nil && o.Types != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTypes gets a reference to the given []DevicePolicyPlatformType and assigns it to the Types field.
+func (o *DevicePolicyRuleConditionPlatform) SetTypes(v []DevicePolicyPlatformType) {
+	o.Types = v
+}
+
+func (o DevicePolicyRuleConditionPlatform) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.SupportedMDMFrameworks != nil {
+		toSerialize["supportedMDMFrameworks"] = o.SupportedMDMFrameworks
+	}
+	if o.Types != nil {
+		toSerialize["types"] = o.Types
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DevicePolicyRuleConditionPlatform) UnmarshalJSON(bytes []byte) (err error) {
+	varDevicePolicyRuleConditionPlatform := _DevicePolicyRuleConditionPlatform{}
+
+	err = json.Unmarshal(bytes, &varDevicePolicyRuleConditionPlatform)
+	if err == nil {
+		*o = DevicePolicyRuleConditionPlatform(varDevicePolicyRuleConditionPlatform)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "supportedMDMFrameworks")
+		delete(additionalProperties, "types")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDevicePolicyRuleConditionPlatform struct {
+	value *DevicePolicyRuleConditionPlatform
+	isSet bool
+}
+
+func (v NullableDevicePolicyRuleConditionPlatform) Get() *DevicePolicyRuleConditionPlatform {
+	return v.value
+}
+
+func (v *NullableDevicePolicyRuleConditionPlatform) Set(val *DevicePolicyRuleConditionPlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDevicePolicyRuleConditionPlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDevicePolicyRuleConditionPlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDevicePolicyRuleConditionPlatform(val *DevicePolicyRuleConditionPlatform) *NullableDevicePolicyRuleConditionPlatform {
+	return &NullableDevicePolicyRuleConditionPlatform{value: val, isSet: true}
+}
+
+func (v NullableDevicePolicyRuleConditionPlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDevicePolicyRuleConditionPlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_policy_trust_level.go b/okta/model_device_policy_trust_level.go
new file mode 100644
index 000000000..01a2ccaec
--- /dev/null
+++ b/okta/model_device_policy_trust_level.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DevicePolicyTrustLevel the model 'DevicePolicyTrustLevel'
+type DevicePolicyTrustLevel string
+
+// List of DevicePolicyTrustLevel
+const (
+	DEVICEPOLICYTRUSTLEVEL_ANY     DevicePolicyTrustLevel = "ANY"
+	DEVICEPOLICYTRUSTLEVEL_TRUSTED DevicePolicyTrustLevel = "TRUSTED"
+)
+
+// All allowed values of DevicePolicyTrustLevel enum
+var AllowedDevicePolicyTrustLevelEnumValues = []DevicePolicyTrustLevel{
+	"ANY",
+	"TRUSTED",
+}
+
+func (v *DevicePolicyTrustLevel) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DevicePolicyTrustLevel(value)
+	for _, existing := range AllowedDevicePolicyTrustLevelEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DevicePolicyTrustLevel", value)
+}
+
+// NewDevicePolicyTrustLevelFromValue returns a pointer to a valid DevicePolicyTrustLevel
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDevicePolicyTrustLevelFromValue(v string) (*DevicePolicyTrustLevel, error) {
+	ev := DevicePolicyTrustLevel(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DevicePolicyTrustLevel: valid values are %v", v, AllowedDevicePolicyTrustLevelEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DevicePolicyTrustLevel) IsValid() bool {
+	for _, existing := range AllowedDevicePolicyTrustLevelEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DevicePolicyTrustLevel value
+func (v DevicePolicyTrustLevel) Ptr() *DevicePolicyTrustLevel {
+	return &v
+}
+
+type NullableDevicePolicyTrustLevel struct {
+	value *DevicePolicyTrustLevel
+	isSet bool
+}
+
+func (v NullableDevicePolicyTrustLevel) Get() *DevicePolicyTrustLevel {
+	return v.value
+}
+
+func (v *NullableDevicePolicyTrustLevel) Set(val *DevicePolicyTrustLevel) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDevicePolicyTrustLevel) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDevicePolicyTrustLevel) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDevicePolicyTrustLevel(val *DevicePolicyTrustLevel) *NullableDevicePolicyTrustLevel {
+	return &NullableDevicePolicyTrustLevel{value: val, isSet: true}
+}
+
+func (v NullableDevicePolicyTrustLevel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDevicePolicyTrustLevel) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_profile.go b/okta/model_device_profile.go
new file mode 100644
index 000000000..8120cf353
--- /dev/null
+++ b/okta/model_device_profile.go
@@ -0,0 +1,593 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DeviceProfile struct for DeviceProfile
+type DeviceProfile struct {
+	// Display name of the device
+	DisplayName string `json:"displayName"`
+	// International Mobile Equipment Identity of the device
+	Imei *string `json:"imei,omitempty"`
+	// Name of the manufacturer of the device
+	Manufacturer *string `json:"manufacturer,omitempty"`
+	// Mobile equipment identifier of the device
+	Meid *string `json:"meid,omitempty"`
+	// Model of the device
+	Model *string `json:"model,omitempty"`
+	// Version of the device OS
+	OsVersion *string        `json:"osVersion,omitempty"`
+	Platform  DevicePlatform `json:"platform"`
+	// Indicates if the device is registered at Okta
+	Registered bool `json:"registered"`
+	// Indicates if the device constains a secure hardware functionality
+	SecureHardwarePresent *bool `json:"secureHardwarePresent,omitempty"`
+	// Serial number of the device
+	SerialNumber *string `json:"serialNumber,omitempty"`
+	// Windows Security identifier of the device
+	Sid *string `json:"sid,omitempty"`
+	// Windows Trsted Platform Module hash value
+	TpmPublicKeyHash *string `json:"tpmPublicKeyHash,omitempty"`
+	// macOS Unique Device identifier of the device
+	Udid                 *string `json:"udid,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DeviceProfile DeviceProfile
+
+// NewDeviceProfile instantiates a new DeviceProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceProfile(displayName string, platform DevicePlatform, registered bool) *DeviceProfile {
+	this := DeviceProfile{}
+	this.DisplayName = displayName
+	this.Platform = platform
+	this.Registered = registered
+	return &this
+}
+
+// NewDeviceProfileWithDefaults instantiates a new DeviceProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceProfileWithDefaults() *DeviceProfile {
+	this := DeviceProfile{}
+	return &this
+}
+
+// GetDisplayName returns the DisplayName field value
+func (o *DeviceProfile) GetDisplayName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetDisplayNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.DisplayName, true
+}
+
+// SetDisplayName sets field value
+func (o *DeviceProfile) SetDisplayName(v string) {
+	o.DisplayName = v
+}
+
+// GetImei returns the Imei field value if set, zero value otherwise.
+func (o *DeviceProfile) GetImei() string {
+	if o == nil || o.Imei == nil {
+		var ret string
+		return ret
+	}
+	return *o.Imei
+}
+
+// GetImeiOk returns a tuple with the Imei field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetImeiOk() (*string, bool) {
+	if o == nil || o.Imei == nil {
+		return nil, false
+	}
+	return o.Imei, true
+}
+
+// HasImei returns a boolean if a field has been set.
+func (o *DeviceProfile) HasImei() bool {
+	if o != nil && o.Imei != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImei gets a reference to the given string and assigns it to the Imei field.
+func (o *DeviceProfile) SetImei(v string) {
+	o.Imei = &v
+}
+
+// GetManufacturer returns the Manufacturer field value if set, zero value otherwise.
+func (o *DeviceProfile) GetManufacturer() string {
+	if o == nil || o.Manufacturer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Manufacturer
+}
+
+// GetManufacturerOk returns a tuple with the Manufacturer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetManufacturerOk() (*string, bool) {
+	if o == nil || o.Manufacturer == nil {
+		return nil, false
+	}
+	return o.Manufacturer, true
+}
+
+// HasManufacturer returns a boolean if a field has been set.
+func (o *DeviceProfile) HasManufacturer() bool {
+	if o != nil && o.Manufacturer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetManufacturer gets a reference to the given string and assigns it to the Manufacturer field.
+func (o *DeviceProfile) SetManufacturer(v string) {
+	o.Manufacturer = &v
+}
+
+// GetMeid returns the Meid field value if set, zero value otherwise.
+func (o *DeviceProfile) GetMeid() string {
+	if o == nil || o.Meid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Meid
+}
+
+// GetMeidOk returns a tuple with the Meid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetMeidOk() (*string, bool) {
+	if o == nil || o.Meid == nil {
+		return nil, false
+	}
+	return o.Meid, true
+}
+
+// HasMeid returns a boolean if a field has been set.
+func (o *DeviceProfile) HasMeid() bool {
+	if o != nil && o.Meid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMeid gets a reference to the given string and assigns it to the Meid field.
+func (o *DeviceProfile) SetMeid(v string) {
+	o.Meid = &v
+}
+
+// GetModel returns the Model field value if set, zero value otherwise.
+func (o *DeviceProfile) GetModel() string {
+	if o == nil || o.Model == nil {
+		var ret string
+		return ret
+	}
+	return *o.Model
+}
+
+// GetModelOk returns a tuple with the Model field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetModelOk() (*string, bool) {
+	if o == nil || o.Model == nil {
+		return nil, false
+	}
+	return o.Model, true
+}
+
+// HasModel returns a boolean if a field has been set.
+func (o *DeviceProfile) HasModel() bool {
+	if o != nil && o.Model != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetModel gets a reference to the given string and assigns it to the Model field.
+func (o *DeviceProfile) SetModel(v string) {
+	o.Model = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DeviceProfile) GetOsVersion() string {
+	if o == nil || o.OsVersion == nil {
+		var ret string
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetOsVersionOk() (*string, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DeviceProfile) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given string and assigns it to the OsVersion field.
+func (o *DeviceProfile) SetOsVersion(v string) {
+	o.OsVersion = &v
+}
+
+// GetPlatform returns the Platform field value
+func (o *DeviceProfile) GetPlatform() DevicePlatform {
+	if o == nil {
+		var ret DevicePlatform
+		return ret
+	}
+
+	return o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetPlatformOk() (*DevicePlatform, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Platform, true
+}
+
+// SetPlatform sets field value
+func (o *DeviceProfile) SetPlatform(v DevicePlatform) {
+	o.Platform = v
+}
+
+// GetRegistered returns the Registered field value
+func (o *DeviceProfile) GetRegistered() bool {
+	if o == nil {
+		var ret bool
+		return ret
+	}
+
+	return o.Registered
+}
+
+// GetRegisteredOk returns a tuple with the Registered field value
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetRegisteredOk() (*bool, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Registered, true
+}
+
+// SetRegistered sets field value
+func (o *DeviceProfile) SetRegistered(v bool) {
+	o.Registered = v
+}
+
+// GetSecureHardwarePresent returns the SecureHardwarePresent field value if set, zero value otherwise.
+func (o *DeviceProfile) GetSecureHardwarePresent() bool {
+	if o == nil || o.SecureHardwarePresent == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureHardwarePresent
+}
+
+// GetSecureHardwarePresentOk returns a tuple with the SecureHardwarePresent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetSecureHardwarePresentOk() (*bool, bool) {
+	if o == nil || o.SecureHardwarePresent == nil {
+		return nil, false
+	}
+	return o.SecureHardwarePresent, true
+}
+
+// HasSecureHardwarePresent returns a boolean if a field has been set.
+func (o *DeviceProfile) HasSecureHardwarePresent() bool {
+	if o != nil && o.SecureHardwarePresent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureHardwarePresent gets a reference to the given bool and assigns it to the SecureHardwarePresent field.
+func (o *DeviceProfile) SetSecureHardwarePresent(v bool) {
+	o.SecureHardwarePresent = &v
+}
+
+// GetSerialNumber returns the SerialNumber field value if set, zero value otherwise.
+func (o *DeviceProfile) GetSerialNumber() string {
+	if o == nil || o.SerialNumber == nil {
+		var ret string
+		return ret
+	}
+	return *o.SerialNumber
+}
+
+// GetSerialNumberOk returns a tuple with the SerialNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetSerialNumberOk() (*string, bool) {
+	if o == nil || o.SerialNumber == nil {
+		return nil, false
+	}
+	return o.SerialNumber, true
+}
+
+// HasSerialNumber returns a boolean if a field has been set.
+func (o *DeviceProfile) HasSerialNumber() bool {
+	if o != nil && o.SerialNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSerialNumber gets a reference to the given string and assigns it to the SerialNumber field.
+func (o *DeviceProfile) SetSerialNumber(v string) {
+	o.SerialNumber = &v
+}
+
+// GetSid returns the Sid field value if set, zero value otherwise.
+func (o *DeviceProfile) GetSid() string {
+	if o == nil || o.Sid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Sid
+}
+
+// GetSidOk returns a tuple with the Sid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetSidOk() (*string, bool) {
+	if o == nil || o.Sid == nil {
+		return nil, false
+	}
+	return o.Sid, true
+}
+
+// HasSid returns a boolean if a field has been set.
+func (o *DeviceProfile) HasSid() bool {
+	if o != nil && o.Sid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSid gets a reference to the given string and assigns it to the Sid field.
+func (o *DeviceProfile) SetSid(v string) {
+	o.Sid = &v
+}
+
+// GetTpmPublicKeyHash returns the TpmPublicKeyHash field value if set, zero value otherwise.
+func (o *DeviceProfile) GetTpmPublicKeyHash() string {
+	if o == nil || o.TpmPublicKeyHash == nil {
+		var ret string
+		return ret
+	}
+	return *o.TpmPublicKeyHash
+}
+
+// GetTpmPublicKeyHashOk returns a tuple with the TpmPublicKeyHash field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetTpmPublicKeyHashOk() (*string, bool) {
+	if o == nil || o.TpmPublicKeyHash == nil {
+		return nil, false
+	}
+	return o.TpmPublicKeyHash, true
+}
+
+// HasTpmPublicKeyHash returns a boolean if a field has been set.
+func (o *DeviceProfile) HasTpmPublicKeyHash() bool {
+	if o != nil && o.TpmPublicKeyHash != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTpmPublicKeyHash gets a reference to the given string and assigns it to the TpmPublicKeyHash field.
+func (o *DeviceProfile) SetTpmPublicKeyHash(v string) {
+	o.TpmPublicKeyHash = &v
+}
+
+// GetUdid returns the Udid field value if set, zero value otherwise.
+func (o *DeviceProfile) GetUdid() string {
+	if o == nil || o.Udid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Udid
+}
+
+// GetUdidOk returns a tuple with the Udid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceProfile) GetUdidOk() (*string, bool) {
+	if o == nil || o.Udid == nil {
+		return nil, false
+	}
+	return o.Udid, true
+}
+
+// HasUdid returns a boolean if a field has been set.
+func (o *DeviceProfile) HasUdid() bool {
+	if o != nil && o.Udid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUdid gets a reference to the given string and assigns it to the Udid field.
+func (o *DeviceProfile) SetUdid(v string) {
+	o.Udid = &v
+}
+
+func (o DeviceProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Imei != nil {
+		toSerialize["imei"] = o.Imei
+	}
+	if o.Manufacturer != nil {
+		toSerialize["manufacturer"] = o.Manufacturer
+	}
+	if o.Meid != nil {
+		toSerialize["meid"] = o.Meid
+	}
+	if o.Model != nil {
+		toSerialize["model"] = o.Model
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if true {
+		toSerialize["platform"] = o.Platform
+	}
+	if true {
+		toSerialize["registered"] = o.Registered
+	}
+	if o.SecureHardwarePresent != nil {
+		toSerialize["secureHardwarePresent"] = o.SecureHardwarePresent
+	}
+	if o.SerialNumber != nil {
+		toSerialize["serialNumber"] = o.SerialNumber
+	}
+	if o.Sid != nil {
+		toSerialize["sid"] = o.Sid
+	}
+	if o.TpmPublicKeyHash != nil {
+		toSerialize["tpmPublicKeyHash"] = o.TpmPublicKeyHash
+	}
+	if o.Udid != nil {
+		toSerialize["udid"] = o.Udid
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DeviceProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varDeviceProfile := _DeviceProfile{}
+
+	err = json.Unmarshal(bytes, &varDeviceProfile)
+	if err == nil {
+		*o = DeviceProfile(varDeviceProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "imei")
+		delete(additionalProperties, "manufacturer")
+		delete(additionalProperties, "meid")
+		delete(additionalProperties, "model")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "registered")
+		delete(additionalProperties, "secureHardwarePresent")
+		delete(additionalProperties, "serialNumber")
+		delete(additionalProperties, "sid")
+		delete(additionalProperties, "tpmPublicKeyHash")
+		delete(additionalProperties, "udid")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDeviceProfile struct {
+	value *DeviceProfile
+	isSet bool
+}
+
+func (v NullableDeviceProfile) Get() *DeviceProfile {
+	return v.value
+}
+
+func (v *NullableDeviceProfile) Set(val *DeviceProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceProfile(val *DeviceProfile) *NullableDeviceProfile {
+	return &NullableDeviceProfile{value: val, isSet: true}
+}
+
+func (v NullableDeviceProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_device_status.go b/okta/model_device_status.go
new file mode 100644
index 000000000..ef4b0175d
--- /dev/null
+++ b/okta/model_device_status.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DeviceStatus the model 'DeviceStatus'
+type DeviceStatus string
+
+// List of DeviceStatus
+const (
+	DEVICESTATUS_ACTIVE      DeviceStatus = "ACTIVE"
+	DEVICESTATUS_CREATED     DeviceStatus = "CREATED"
+	DEVICESTATUS_DEACTIVATED DeviceStatus = "DEACTIVATED"
+	DEVICESTATUS_SUSPENDED   DeviceStatus = "SUSPENDED"
+)
+
+// All allowed values of DeviceStatus enum
+var AllowedDeviceStatusEnumValues = []DeviceStatus{
+	"ACTIVE",
+	"CREATED",
+	"DEACTIVATED",
+	"SUSPENDED",
+}
+
+func (v *DeviceStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DeviceStatus(value)
+	for _, existing := range AllowedDeviceStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DeviceStatus", value)
+}
+
+// NewDeviceStatusFromValue returns a pointer to a valid DeviceStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDeviceStatusFromValue(v string) (*DeviceStatus, error) {
+	ev := DeviceStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DeviceStatus: valid values are %v", v, AllowedDeviceStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DeviceStatus) IsValid() bool {
+	for _, existing := range AllowedDeviceStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DeviceStatus value
+func (v DeviceStatus) Ptr() *DeviceStatus {
+	return &v
+}
+
+type NullableDeviceStatus struct {
+	value *DeviceStatus
+	isSet bool
+}
+
+func (v NullableDeviceStatus) Get() *DeviceStatus {
+	return v.value
+}
+
+func (v *NullableDeviceStatus) Set(val *DeviceStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDeviceStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDeviceStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDeviceStatus(val *DeviceStatus) *NullableDeviceStatus {
+	return &NullableDeviceStatus{value: val, isSet: true}
+}
+
+func (v NullableDeviceStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_disk_encryption_type.go b/okta/model_disk_encryption_type.go
new file mode 100644
index 000000000..053a0bbbe
--- /dev/null
+++ b/okta/model_disk_encryption_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DiskEncryptionType the model 'DiskEncryptionType'
+type DiskEncryptionType string
+
+// List of DiskEncryptionType
+const (
+	DISKENCRYPTIONTYPE_ALL_INTERNAL_VOLUMES DiskEncryptionType = "ALL_INTERNAL_VOLUMES"
+	DISKENCRYPTIONTYPE_FULL                 DiskEncryptionType = "FULL"
+	DISKENCRYPTIONTYPE_USER                 DiskEncryptionType = "USER"
+)
+
+// All allowed values of DiskEncryptionType enum
+var AllowedDiskEncryptionTypeEnumValues = []DiskEncryptionType{
+	"ALL_INTERNAL_VOLUMES",
+	"FULL",
+	"USER",
+}
+
+func (v *DiskEncryptionType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DiskEncryptionType(value)
+	for _, existing := range AllowedDiskEncryptionTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DiskEncryptionType", value)
+}
+
+// NewDiskEncryptionTypeFromValue returns a pointer to a valid DiskEncryptionType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDiskEncryptionTypeFromValue(v string) (*DiskEncryptionType, error) {
+	ev := DiskEncryptionType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DiskEncryptionType: valid values are %v", v, AllowedDiskEncryptionTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DiskEncryptionType) IsValid() bool {
+	for _, existing := range AllowedDiskEncryptionTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DiskEncryptionType value
+func (v DiskEncryptionType) Ptr() *DiskEncryptionType {
+	return &v
+}
+
+type NullableDiskEncryptionType struct {
+	value *DiskEncryptionType
+	isSet bool
+}
+
+func (v NullableDiskEncryptionType) Get() *DiskEncryptionType {
+	return v.value
+}
+
+func (v *NullableDiskEncryptionType) Set(val *DiskEncryptionType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDiskEncryptionType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDiskEncryptionType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDiskEncryptionType(val *DiskEncryptionType) *NullableDiskEncryptionType {
+	return &NullableDiskEncryptionType{value: val, isSet: true}
+}
+
+func (v NullableDiskEncryptionType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDiskEncryptionType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_dns_record.go b/okta/model_dns_record.go
new file mode 100644
index 000000000..a85321bdb
--- /dev/null
+++ b/okta/model_dns_record.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DNSRecord struct for DNSRecord
+type DNSRecord struct {
+	Expiration           *string        `json:"expiration,omitempty"`
+	Fqdn                 *string        `json:"fqdn,omitempty"`
+	RecordType           *DNSRecordType `json:"recordType,omitempty"`
+	VerificationValue    *string        `json:"verificationValue,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DNSRecord DNSRecord
+
+// NewDNSRecord instantiates a new DNSRecord object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDNSRecord() *DNSRecord {
+	this := DNSRecord{}
+	return &this
+}
+
+// NewDNSRecordWithDefaults instantiates a new DNSRecord object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDNSRecordWithDefaults() *DNSRecord {
+	this := DNSRecord{}
+	return &this
+}
+
+// GetExpiration returns the Expiration field value if set, zero value otherwise.
+func (o *DNSRecord) GetExpiration() string {
+	if o == nil || o.Expiration == nil {
+		var ret string
+		return ret
+	}
+	return *o.Expiration
+}
+
+// GetExpirationOk returns a tuple with the Expiration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DNSRecord) GetExpirationOk() (*string, bool) {
+	if o == nil || o.Expiration == nil {
+		return nil, false
+	}
+	return o.Expiration, true
+}
+
+// HasExpiration returns a boolean if a field has been set.
+func (o *DNSRecord) HasExpiration() bool {
+	if o != nil && o.Expiration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiration gets a reference to the given string and assigns it to the Expiration field.
+func (o *DNSRecord) SetExpiration(v string) {
+	o.Expiration = &v
+}
+
+// GetFqdn returns the Fqdn field value if set, zero value otherwise.
+func (o *DNSRecord) GetFqdn() string {
+	if o == nil || o.Fqdn == nil {
+		var ret string
+		return ret
+	}
+	return *o.Fqdn
+}
+
+// GetFqdnOk returns a tuple with the Fqdn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DNSRecord) GetFqdnOk() (*string, bool) {
+	if o == nil || o.Fqdn == nil {
+		return nil, false
+	}
+	return o.Fqdn, true
+}
+
+// HasFqdn returns a boolean if a field has been set.
+func (o *DNSRecord) HasFqdn() bool {
+	if o != nil && o.Fqdn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFqdn gets a reference to the given string and assigns it to the Fqdn field.
+func (o *DNSRecord) SetFqdn(v string) {
+	o.Fqdn = &v
+}
+
+// GetRecordType returns the RecordType field value if set, zero value otherwise.
+func (o *DNSRecord) GetRecordType() DNSRecordType {
+	if o == nil || o.RecordType == nil {
+		var ret DNSRecordType
+		return ret
+	}
+	return *o.RecordType
+}
+
+// GetRecordTypeOk returns a tuple with the RecordType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DNSRecord) GetRecordTypeOk() (*DNSRecordType, bool) {
+	if o == nil || o.RecordType == nil {
+		return nil, false
+	}
+	return o.RecordType, true
+}
+
+// HasRecordType returns a boolean if a field has been set.
+func (o *DNSRecord) HasRecordType() bool {
+	if o != nil && o.RecordType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRecordType gets a reference to the given DNSRecordType and assigns it to the RecordType field.
+func (o *DNSRecord) SetRecordType(v DNSRecordType) {
+	o.RecordType = &v
+}
+
+// GetVerificationValue returns the VerificationValue field value if set, zero value otherwise.
+func (o *DNSRecord) GetVerificationValue() string {
+	if o == nil || o.VerificationValue == nil {
+		var ret string
+		return ret
+	}
+	return *o.VerificationValue
+}
+
+// GetVerificationValueOk returns a tuple with the VerificationValue field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DNSRecord) GetVerificationValueOk() (*string, bool) {
+	if o == nil || o.VerificationValue == nil {
+		return nil, false
+	}
+	return o.VerificationValue, true
+}
+
+// HasVerificationValue returns a boolean if a field has been set.
+func (o *DNSRecord) HasVerificationValue() bool {
+	if o != nil && o.VerificationValue != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVerificationValue gets a reference to the given string and assigns it to the VerificationValue field.
+func (o *DNSRecord) SetVerificationValue(v string) {
+	o.VerificationValue = &v
+}
+
+func (o DNSRecord) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Expiration != nil {
+		toSerialize["expiration"] = o.Expiration
+	}
+	if o.Fqdn != nil {
+		toSerialize["fqdn"] = o.Fqdn
+	}
+	if o.RecordType != nil {
+		toSerialize["recordType"] = o.RecordType
+	}
+	if o.VerificationValue != nil {
+		toSerialize["verificationValue"] = o.VerificationValue
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DNSRecord) UnmarshalJSON(bytes []byte) (err error) {
+	varDNSRecord := _DNSRecord{}
+
+	err = json.Unmarshal(bytes, &varDNSRecord)
+	if err == nil {
+		*o = DNSRecord(varDNSRecord)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiration")
+		delete(additionalProperties, "fqdn")
+		delete(additionalProperties, "recordType")
+		delete(additionalProperties, "verificationValue")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDNSRecord struct {
+	value *DNSRecord
+	isSet bool
+}
+
+func (v NullableDNSRecord) Get() *DNSRecord {
+	return v.value
+}
+
+func (v *NullableDNSRecord) Set(val *DNSRecord) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDNSRecord) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDNSRecord) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDNSRecord(val *DNSRecord) *NullableDNSRecord {
+	return &NullableDNSRecord{value: val, isSet: true}
+}
+
+func (v NullableDNSRecord) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDNSRecord) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_dns_record_type.go b/okta/model_dns_record_type.go
new file mode 100644
index 000000000..8a744be30
--- /dev/null
+++ b/okta/model_dns_record_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DNSRecordType the model 'DNSRecordType'
+type DNSRecordType string
+
+// List of DNSRecordType
+const (
+	DNSRECORDTYPE_CNAME DNSRecordType = "cname"
+	DNSRECORDTYPE_TXT   DNSRecordType = "TXT"
+)
+
+// All allowed values of DNSRecordType enum
+var AllowedDNSRecordTypeEnumValues = []DNSRecordType{
+	"cname",
+	"TXT",
+}
+
+func (v *DNSRecordType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DNSRecordType(value)
+	for _, existing := range AllowedDNSRecordTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DNSRecordType", value)
+}
+
+// NewDNSRecordTypeFromValue returns a pointer to a valid DNSRecordType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDNSRecordTypeFromValue(v string) (*DNSRecordType, error) {
+	ev := DNSRecordType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DNSRecordType: valid values are %v", v, AllowedDNSRecordTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DNSRecordType) IsValid() bool {
+	for _, existing := range AllowedDNSRecordTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DNSRecordType value
+func (v DNSRecordType) Ptr() *DNSRecordType {
+	return &v
+}
+
+type NullableDNSRecordType struct {
+	value *DNSRecordType
+	isSet bool
+}
+
+func (v NullableDNSRecordType) Get() *DNSRecordType {
+	return v.value
+}
+
+func (v *NullableDNSRecordType) Set(val *DNSRecordType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDNSRecordType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDNSRecordType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDNSRecordType(val *DNSRecordType) *NullableDNSRecordType {
+	return &NullableDNSRecordType{value: val, isSet: true}
+}
+
+func (v NullableDNSRecordType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDNSRecordType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain.go b/okta/model_domain.go
new file mode 100644
index 000000000..27bfc364a
--- /dev/null
+++ b/okta/model_domain.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Domain struct for Domain
+type Domain struct {
+	BrandId               *string                      `json:"brandId,omitempty"`
+	CertificateSourceType *DomainCertificateSourceType `json:"certificateSourceType,omitempty"`
+	DnsRecords            []DNSRecord                  `json:"dnsRecords,omitempty"`
+	Domain                *string                      `json:"domain,omitempty"`
+	Id                    *string                      `json:"id,omitempty"`
+	PublicCertificate     *DomainCertificateMetadata   `json:"publicCertificate,omitempty"`
+	ValidationStatus      *DomainValidationStatus      `json:"validationStatus,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _Domain Domain
+
+// NewDomain instantiates a new Domain object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDomain() *Domain {
+	this := Domain{}
+	return &this
+}
+
+// NewDomainWithDefaults instantiates a new Domain object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDomainWithDefaults() *Domain {
+	this := Domain{}
+	return &this
+}
+
+// GetBrandId returns the BrandId field value if set, zero value otherwise.
+func (o *Domain) GetBrandId() string {
+	if o == nil || o.BrandId == nil {
+		var ret string
+		return ret
+	}
+	return *o.BrandId
+}
+
+// GetBrandIdOk returns a tuple with the BrandId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Domain) GetBrandIdOk() (*string, bool) {
+	if o == nil || o.BrandId == nil {
+		return nil, false
+	}
+	return o.BrandId, true
+}
+
+// HasBrandId returns a boolean if a field has been set.
+func (o *Domain) HasBrandId() bool {
+	if o != nil && o.BrandId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrandId gets a reference to the given string and assigns it to the BrandId field.
+func (o *Domain) SetBrandId(v string) {
+	o.BrandId = &v
+}
+
+// GetCertificateSourceType returns the CertificateSourceType field value if set, zero value otherwise.
+func (o *Domain) GetCertificateSourceType() DomainCertificateSourceType {
+	if o == nil || o.CertificateSourceType == nil {
+		var ret DomainCertificateSourceType
+		return ret
+	}
+	return *o.CertificateSourceType
+}
+
+// GetCertificateSourceTypeOk returns a tuple with the CertificateSourceType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Domain) GetCertificateSourceTypeOk() (*DomainCertificateSourceType, bool) {
+	if o == nil || o.CertificateSourceType == nil {
+		return nil, false
+	}
+	return o.CertificateSourceType, true
+}
+
+// HasCertificateSourceType returns a boolean if a field has been set.
+func (o *Domain) HasCertificateSourceType() bool {
+	if o != nil && o.CertificateSourceType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCertificateSourceType gets a reference to the given DomainCertificateSourceType and assigns it to the CertificateSourceType field.
+func (o *Domain) SetCertificateSourceType(v DomainCertificateSourceType) {
+	o.CertificateSourceType = &v
+}
+
+// GetDnsRecords returns the DnsRecords field value if set, zero value otherwise.
+func (o *Domain) GetDnsRecords() []DNSRecord {
+	if o == nil || o.DnsRecords == nil {
+		var ret []DNSRecord
+		return ret
+	}
+	return o.DnsRecords
+}
+
+// GetDnsRecordsOk returns a tuple with the DnsRecords field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Domain) GetDnsRecordsOk() ([]DNSRecord, bool) {
+	if o == nil || o.DnsRecords == nil {
+		return nil, false
+	}
+	return o.DnsRecords, true
+}
+
+// HasDnsRecords returns a boolean if a field has been set.
+func (o *Domain) HasDnsRecords() bool {
+	if o != nil && o.DnsRecords != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDnsRecords gets a reference to the given []DNSRecord and assigns it to the DnsRecords field.
+func (o *Domain) SetDnsRecords(v []DNSRecord) {
+	o.DnsRecords = v
+}
+
+// GetDomain returns the Domain field value if set, zero value otherwise.
+func (o *Domain) GetDomain() string {
+	if o == nil || o.Domain == nil {
+		var ret string
+		return ret
+	}
+	return *o.Domain
+}
+
+// GetDomainOk returns a tuple with the Domain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Domain) GetDomainOk() (*string, bool) {
+	if o == nil || o.Domain == nil {
+		return nil, false
+	}
+	return o.Domain, true
+}
+
+// HasDomain returns a boolean if a field has been set.
+func (o *Domain) HasDomain() bool {
+	if o != nil && o.Domain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomain gets a reference to the given string and assigns it to the Domain field.
+func (o *Domain) SetDomain(v string) {
+	o.Domain = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Domain) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Domain) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Domain) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Domain) SetId(v string) {
+	o.Id = &v
+}
+
+// GetPublicCertificate returns the PublicCertificate field value if set, zero value otherwise.
+func (o *Domain) GetPublicCertificate() DomainCertificateMetadata {
+	if o == nil || o.PublicCertificate == nil {
+		var ret DomainCertificateMetadata
+		return ret
+	}
+	return *o.PublicCertificate
+}
+
+// GetPublicCertificateOk returns a tuple with the PublicCertificate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Domain) GetPublicCertificateOk() (*DomainCertificateMetadata, bool) {
+	if o == nil || o.PublicCertificate == nil {
+		return nil, false
+	}
+	return o.PublicCertificate, true
+}
+
+// HasPublicCertificate returns a boolean if a field has been set.
+func (o *Domain) HasPublicCertificate() bool {
+	if o != nil && o.PublicCertificate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPublicCertificate gets a reference to the given DomainCertificateMetadata and assigns it to the PublicCertificate field.
+func (o *Domain) SetPublicCertificate(v DomainCertificateMetadata) {
+	o.PublicCertificate = &v
+}
+
+// GetValidationStatus returns the ValidationStatus field value if set, zero value otherwise.
+func (o *Domain) GetValidationStatus() DomainValidationStatus {
+	if o == nil || o.ValidationStatus == nil {
+		var ret DomainValidationStatus
+		return ret
+	}
+	return *o.ValidationStatus
+}
+
+// GetValidationStatusOk returns a tuple with the ValidationStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Domain) GetValidationStatusOk() (*DomainValidationStatus, bool) {
+	if o == nil || o.ValidationStatus == nil {
+		return nil, false
+	}
+	return o.ValidationStatus, true
+}
+
+// HasValidationStatus returns a boolean if a field has been set.
+func (o *Domain) HasValidationStatus() bool {
+	if o != nil && o.ValidationStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValidationStatus gets a reference to the given DomainValidationStatus and assigns it to the ValidationStatus field.
+func (o *Domain) SetValidationStatus(v DomainValidationStatus) {
+	o.ValidationStatus = &v
+}
+
+func (o Domain) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BrandId != nil {
+		toSerialize["brandId"] = o.BrandId
+	}
+	if o.CertificateSourceType != nil {
+		toSerialize["certificateSourceType"] = o.CertificateSourceType
+	}
+	if o.DnsRecords != nil {
+		toSerialize["dnsRecords"] = o.DnsRecords
+	}
+	if o.Domain != nil {
+		toSerialize["domain"] = o.Domain
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.PublicCertificate != nil {
+		toSerialize["publicCertificate"] = o.PublicCertificate
+	}
+	if o.ValidationStatus != nil {
+		toSerialize["validationStatus"] = o.ValidationStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Domain) UnmarshalJSON(bytes []byte) (err error) {
+	varDomain := _Domain{}
+
+	err = json.Unmarshal(bytes, &varDomain)
+	if err == nil {
+		*o = Domain(varDomain)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "brandId")
+		delete(additionalProperties, "certificateSourceType")
+		delete(additionalProperties, "dnsRecords")
+		delete(additionalProperties, "domain")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "publicCertificate")
+		delete(additionalProperties, "validationStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDomain struct {
+	value *Domain
+	isSet bool
+}
+
+func (v NullableDomain) Get() *Domain {
+	return v.value
+}
+
+func (v *NullableDomain) Set(val *Domain) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomain) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomain) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomain(val *Domain) *NullableDomain {
+	return &NullableDomain{value: val, isSet: true}
+}
+
+func (v NullableDomain) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomain) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_certificate.go b/okta/model_domain_certificate.go
new file mode 100644
index 000000000..361d8956a
--- /dev/null
+++ b/okta/model_domain_certificate.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DomainCertificate struct for DomainCertificate
+type DomainCertificate struct {
+	Certificate          *string                `json:"certificate,omitempty"`
+	CertificateChain     *string                `json:"certificateChain,omitempty"`
+	PrivateKey           *string                `json:"privateKey,omitempty"`
+	Type                 *DomainCertificateType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DomainCertificate DomainCertificate
+
+// NewDomainCertificate instantiates a new DomainCertificate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDomainCertificate() *DomainCertificate {
+	this := DomainCertificate{}
+	return &this
+}
+
+// NewDomainCertificateWithDefaults instantiates a new DomainCertificate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDomainCertificateWithDefaults() *DomainCertificate {
+	this := DomainCertificate{}
+	return &this
+}
+
+// GetCertificate returns the Certificate field value if set, zero value otherwise.
+func (o *DomainCertificate) GetCertificate() string {
+	if o == nil || o.Certificate == nil {
+		var ret string
+		return ret
+	}
+	return *o.Certificate
+}
+
+// GetCertificateOk returns a tuple with the Certificate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainCertificate) GetCertificateOk() (*string, bool) {
+	if o == nil || o.Certificate == nil {
+		return nil, false
+	}
+	return o.Certificate, true
+}
+
+// HasCertificate returns a boolean if a field has been set.
+func (o *DomainCertificate) HasCertificate() bool {
+	if o != nil && o.Certificate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCertificate gets a reference to the given string and assigns it to the Certificate field.
+func (o *DomainCertificate) SetCertificate(v string) {
+	o.Certificate = &v
+}
+
+// GetCertificateChain returns the CertificateChain field value if set, zero value otherwise.
+func (o *DomainCertificate) GetCertificateChain() string {
+	if o == nil || o.CertificateChain == nil {
+		var ret string
+		return ret
+	}
+	return *o.CertificateChain
+}
+
+// GetCertificateChainOk returns a tuple with the CertificateChain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainCertificate) GetCertificateChainOk() (*string, bool) {
+	if o == nil || o.CertificateChain == nil {
+		return nil, false
+	}
+	return o.CertificateChain, true
+}
+
+// HasCertificateChain returns a boolean if a field has been set.
+func (o *DomainCertificate) HasCertificateChain() bool {
+	if o != nil && o.CertificateChain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCertificateChain gets a reference to the given string and assigns it to the CertificateChain field.
+func (o *DomainCertificate) SetCertificateChain(v string) {
+	o.CertificateChain = &v
+}
+
+// GetPrivateKey returns the PrivateKey field value if set, zero value otherwise.
+func (o *DomainCertificate) GetPrivateKey() string {
+	if o == nil || o.PrivateKey == nil {
+		var ret string
+		return ret
+	}
+	return *o.PrivateKey
+}
+
+// GetPrivateKeyOk returns a tuple with the PrivateKey field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainCertificate) GetPrivateKeyOk() (*string, bool) {
+	if o == nil || o.PrivateKey == nil {
+		return nil, false
+	}
+	return o.PrivateKey, true
+}
+
+// HasPrivateKey returns a boolean if a field has been set.
+func (o *DomainCertificate) HasPrivateKey() bool {
+	if o != nil && o.PrivateKey != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrivateKey gets a reference to the given string and assigns it to the PrivateKey field.
+func (o *DomainCertificate) SetPrivateKey(v string) {
+	o.PrivateKey = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *DomainCertificate) GetType() DomainCertificateType {
+	if o == nil || o.Type == nil {
+		var ret DomainCertificateType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainCertificate) GetTypeOk() (*DomainCertificateType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *DomainCertificate) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given DomainCertificateType and assigns it to the Type field.
+func (o *DomainCertificate) SetType(v DomainCertificateType) {
+	o.Type = &v
+}
+
+func (o DomainCertificate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Certificate != nil {
+		toSerialize["certificate"] = o.Certificate
+	}
+	if o.CertificateChain != nil {
+		toSerialize["certificateChain"] = o.CertificateChain
+	}
+	if o.PrivateKey != nil {
+		toSerialize["privateKey"] = o.PrivateKey
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DomainCertificate) UnmarshalJSON(bytes []byte) (err error) {
+	varDomainCertificate := _DomainCertificate{}
+
+	err = json.Unmarshal(bytes, &varDomainCertificate)
+	if err == nil {
+		*o = DomainCertificate(varDomainCertificate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "certificate")
+		delete(additionalProperties, "certificateChain")
+		delete(additionalProperties, "privateKey")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDomainCertificate struct {
+	value *DomainCertificate
+	isSet bool
+}
+
+func (v NullableDomainCertificate) Get() *DomainCertificate {
+	return v.value
+}
+
+func (v *NullableDomainCertificate) Set(val *DomainCertificate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainCertificate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainCertificate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainCertificate(val *DomainCertificate) *NullableDomainCertificate {
+	return &NullableDomainCertificate{value: val, isSet: true}
+}
+
+func (v NullableDomainCertificate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainCertificate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_certificate_metadata.go b/okta/model_domain_certificate_metadata.go
new file mode 100644
index 000000000..b5baa57be
--- /dev/null
+++ b/okta/model_domain_certificate_metadata.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DomainCertificateMetadata struct for DomainCertificateMetadata
+type DomainCertificateMetadata struct {
+	Expiration           *string `json:"expiration,omitempty"`
+	Fingerprint          *string `json:"fingerprint,omitempty"`
+	Subject              *string `json:"subject,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DomainCertificateMetadata DomainCertificateMetadata
+
+// NewDomainCertificateMetadata instantiates a new DomainCertificateMetadata object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDomainCertificateMetadata() *DomainCertificateMetadata {
+	this := DomainCertificateMetadata{}
+	return &this
+}
+
+// NewDomainCertificateMetadataWithDefaults instantiates a new DomainCertificateMetadata object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDomainCertificateMetadataWithDefaults() *DomainCertificateMetadata {
+	this := DomainCertificateMetadata{}
+	return &this
+}
+
+// GetExpiration returns the Expiration field value if set, zero value otherwise.
+func (o *DomainCertificateMetadata) GetExpiration() string {
+	if o == nil || o.Expiration == nil {
+		var ret string
+		return ret
+	}
+	return *o.Expiration
+}
+
+// GetExpirationOk returns a tuple with the Expiration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainCertificateMetadata) GetExpirationOk() (*string, bool) {
+	if o == nil || o.Expiration == nil {
+		return nil, false
+	}
+	return o.Expiration, true
+}
+
+// HasExpiration returns a boolean if a field has been set.
+func (o *DomainCertificateMetadata) HasExpiration() bool {
+	if o != nil && o.Expiration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiration gets a reference to the given string and assigns it to the Expiration field.
+func (o *DomainCertificateMetadata) SetExpiration(v string) {
+	o.Expiration = &v
+}
+
+// GetFingerprint returns the Fingerprint field value if set, zero value otherwise.
+func (o *DomainCertificateMetadata) GetFingerprint() string {
+	if o == nil || o.Fingerprint == nil {
+		var ret string
+		return ret
+	}
+	return *o.Fingerprint
+}
+
+// GetFingerprintOk returns a tuple with the Fingerprint field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainCertificateMetadata) GetFingerprintOk() (*string, bool) {
+	if o == nil || o.Fingerprint == nil {
+		return nil, false
+	}
+	return o.Fingerprint, true
+}
+
+// HasFingerprint returns a boolean if a field has been set.
+func (o *DomainCertificateMetadata) HasFingerprint() bool {
+	if o != nil && o.Fingerprint != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFingerprint gets a reference to the given string and assigns it to the Fingerprint field.
+func (o *DomainCertificateMetadata) SetFingerprint(v string) {
+	o.Fingerprint = &v
+}
+
+// GetSubject returns the Subject field value if set, zero value otherwise.
+func (o *DomainCertificateMetadata) GetSubject() string {
+	if o == nil || o.Subject == nil {
+		var ret string
+		return ret
+	}
+	return *o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainCertificateMetadata) GetSubjectOk() (*string, bool) {
+	if o == nil || o.Subject == nil {
+		return nil, false
+	}
+	return o.Subject, true
+}
+
+// HasSubject returns a boolean if a field has been set.
+func (o *DomainCertificateMetadata) HasSubject() bool {
+	if o != nil && o.Subject != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubject gets a reference to the given string and assigns it to the Subject field.
+func (o *DomainCertificateMetadata) SetSubject(v string) {
+	o.Subject = &v
+}
+
+func (o DomainCertificateMetadata) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Expiration != nil {
+		toSerialize["expiration"] = o.Expiration
+	}
+	if o.Fingerprint != nil {
+		toSerialize["fingerprint"] = o.Fingerprint
+	}
+	if o.Subject != nil {
+		toSerialize["subject"] = o.Subject
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DomainCertificateMetadata) UnmarshalJSON(bytes []byte) (err error) {
+	varDomainCertificateMetadata := _DomainCertificateMetadata{}
+
+	err = json.Unmarshal(bytes, &varDomainCertificateMetadata)
+	if err == nil {
+		*o = DomainCertificateMetadata(varDomainCertificateMetadata)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiration")
+		delete(additionalProperties, "fingerprint")
+		delete(additionalProperties, "subject")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDomainCertificateMetadata struct {
+	value *DomainCertificateMetadata
+	isSet bool
+}
+
+func (v NullableDomainCertificateMetadata) Get() *DomainCertificateMetadata {
+	return v.value
+}
+
+func (v *NullableDomainCertificateMetadata) Set(val *DomainCertificateMetadata) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainCertificateMetadata) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainCertificateMetadata) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainCertificateMetadata(val *DomainCertificateMetadata) *NullableDomainCertificateMetadata {
+	return &NullableDomainCertificateMetadata{value: val, isSet: true}
+}
+
+func (v NullableDomainCertificateMetadata) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainCertificateMetadata) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_certificate_source_type.go b/okta/model_domain_certificate_source_type.go
new file mode 100644
index 000000000..7ef775749
--- /dev/null
+++ b/okta/model_domain_certificate_source_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DomainCertificateSourceType the model 'DomainCertificateSourceType'
+type DomainCertificateSourceType string
+
+// List of DomainCertificateSourceType
+const (
+	DOMAINCERTIFICATESOURCETYPE_MANUAL       DomainCertificateSourceType = "MANUAL"
+	DOMAINCERTIFICATESOURCETYPE_OKTA_MANAGED DomainCertificateSourceType = "OKTA_MANAGED"
+)
+
+// All allowed values of DomainCertificateSourceType enum
+var AllowedDomainCertificateSourceTypeEnumValues = []DomainCertificateSourceType{
+	"MANUAL",
+	"OKTA_MANAGED",
+}
+
+func (v *DomainCertificateSourceType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DomainCertificateSourceType(value)
+	for _, existing := range AllowedDomainCertificateSourceTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DomainCertificateSourceType", value)
+}
+
+// NewDomainCertificateSourceTypeFromValue returns a pointer to a valid DomainCertificateSourceType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDomainCertificateSourceTypeFromValue(v string) (*DomainCertificateSourceType, error) {
+	ev := DomainCertificateSourceType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DomainCertificateSourceType: valid values are %v", v, AllowedDomainCertificateSourceTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DomainCertificateSourceType) IsValid() bool {
+	for _, existing := range AllowedDomainCertificateSourceTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DomainCertificateSourceType value
+func (v DomainCertificateSourceType) Ptr() *DomainCertificateSourceType {
+	return &v
+}
+
+type NullableDomainCertificateSourceType struct {
+	value *DomainCertificateSourceType
+	isSet bool
+}
+
+func (v NullableDomainCertificateSourceType) Get() *DomainCertificateSourceType {
+	return v.value
+}
+
+func (v *NullableDomainCertificateSourceType) Set(val *DomainCertificateSourceType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainCertificateSourceType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainCertificateSourceType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainCertificateSourceType(val *DomainCertificateSourceType) *NullableDomainCertificateSourceType {
+	return &NullableDomainCertificateSourceType{value: val, isSet: true}
+}
+
+func (v NullableDomainCertificateSourceType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainCertificateSourceType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_certificate_type.go b/okta/model_domain_certificate_type.go
new file mode 100644
index 000000000..1c8cf6be0
--- /dev/null
+++ b/okta/model_domain_certificate_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DomainCertificateType the model 'DomainCertificateType'
+type DomainCertificateType string
+
+// List of DomainCertificateType
+const (
+	DOMAINCERTIFICATETYPE_PEM DomainCertificateType = "PEM"
+)
+
+// All allowed values of DomainCertificateType enum
+var AllowedDomainCertificateTypeEnumValues = []DomainCertificateType{
+	"PEM",
+}
+
+func (v *DomainCertificateType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DomainCertificateType(value)
+	for _, existing := range AllowedDomainCertificateTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DomainCertificateType", value)
+}
+
+// NewDomainCertificateTypeFromValue returns a pointer to a valid DomainCertificateType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDomainCertificateTypeFromValue(v string) (*DomainCertificateType, error) {
+	ev := DomainCertificateType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DomainCertificateType: valid values are %v", v, AllowedDomainCertificateTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DomainCertificateType) IsValid() bool {
+	for _, existing := range AllowedDomainCertificateTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DomainCertificateType value
+func (v DomainCertificateType) Ptr() *DomainCertificateType {
+	return &v
+}
+
+type NullableDomainCertificateType struct {
+	value *DomainCertificateType
+	isSet bool
+}
+
+func (v NullableDomainCertificateType) Get() *DomainCertificateType {
+	return v.value
+}
+
+func (v *NullableDomainCertificateType) Set(val *DomainCertificateType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainCertificateType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainCertificateType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainCertificateType(val *DomainCertificateType) *NullableDomainCertificateType {
+	return &NullableDomainCertificateType{value: val, isSet: true}
+}
+
+func (v NullableDomainCertificateType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainCertificateType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_links.go b/okta/model_domain_links.go
new file mode 100644
index 000000000..039c18a15
--- /dev/null
+++ b/okta/model_domain_links.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DomainLinks struct for DomainLinks
+type DomainLinks struct {
+	Brand                *HrefObject `json:"brand,omitempty"`
+	Certificate          *HrefObject `json:"certificate,omitempty"`
+	Self                 *HrefObject `json:"self,omitempty"`
+	Verify               *HrefObject `json:"verify,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DomainLinks DomainLinks
+
+// NewDomainLinks instantiates a new DomainLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDomainLinks() *DomainLinks {
+	this := DomainLinks{}
+	return &this
+}
+
+// NewDomainLinksWithDefaults instantiates a new DomainLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDomainLinksWithDefaults() *DomainLinks {
+	this := DomainLinks{}
+	return &this
+}
+
+// GetBrand returns the Brand field value if set, zero value otherwise.
+func (o *DomainLinks) GetBrand() HrefObject {
+	if o == nil || o.Brand == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Brand
+}
+
+// GetBrandOk returns a tuple with the Brand field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainLinks) GetBrandOk() (*HrefObject, bool) {
+	if o == nil || o.Brand == nil {
+		return nil, false
+	}
+	return o.Brand, true
+}
+
+// HasBrand returns a boolean if a field has been set.
+func (o *DomainLinks) HasBrand() bool {
+	if o != nil && o.Brand != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrand gets a reference to the given HrefObject and assigns it to the Brand field.
+func (o *DomainLinks) SetBrand(v HrefObject) {
+	o.Brand = &v
+}
+
+// GetCertificate returns the Certificate field value if set, zero value otherwise.
+func (o *DomainLinks) GetCertificate() HrefObject {
+	if o == nil || o.Certificate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Certificate
+}
+
+// GetCertificateOk returns a tuple with the Certificate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainLinks) GetCertificateOk() (*HrefObject, bool) {
+	if o == nil || o.Certificate == nil {
+		return nil, false
+	}
+	return o.Certificate, true
+}
+
+// HasCertificate returns a boolean if a field has been set.
+func (o *DomainLinks) HasCertificate() bool {
+	if o != nil && o.Certificate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCertificate gets a reference to the given HrefObject and assigns it to the Certificate field.
+func (o *DomainLinks) SetCertificate(v HrefObject) {
+	o.Certificate = &v
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *DomainLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *DomainLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *DomainLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetVerify returns the Verify field value if set, zero value otherwise.
+func (o *DomainLinks) GetVerify() HrefObject {
+	if o == nil || o.Verify == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Verify
+}
+
+// GetVerifyOk returns a tuple with the Verify field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainLinks) GetVerifyOk() (*HrefObject, bool) {
+	if o == nil || o.Verify == nil {
+		return nil, false
+	}
+	return o.Verify, true
+}
+
+// HasVerify returns a boolean if a field has been set.
+func (o *DomainLinks) HasVerify() bool {
+	if o != nil && o.Verify != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVerify gets a reference to the given HrefObject and assigns it to the Verify field.
+func (o *DomainLinks) SetVerify(v HrefObject) {
+	o.Verify = &v
+}
+
+func (o DomainLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Brand != nil {
+		toSerialize["brand"] = o.Brand
+	}
+	if o.Certificate != nil {
+		toSerialize["certificate"] = o.Certificate
+	}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Verify != nil {
+		toSerialize["verify"] = o.Verify
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DomainLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varDomainLinks := _DomainLinks{}
+
+	err = json.Unmarshal(bytes, &varDomainLinks)
+	if err == nil {
+		*o = DomainLinks(varDomainLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "brand")
+		delete(additionalProperties, "certificate")
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "verify")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDomainLinks struct {
+	value *DomainLinks
+	isSet bool
+}
+
+func (v NullableDomainLinks) Get() *DomainLinks {
+	return v.value
+}
+
+func (v *NullableDomainLinks) Set(val *DomainLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainLinks(val *DomainLinks) *NullableDomainLinks {
+	return &NullableDomainLinks{value: val, isSet: true}
+}
+
+func (v NullableDomainLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_list_response.go b/okta/model_domain_list_response.go
new file mode 100644
index 000000000..2d1b98fc8
--- /dev/null
+++ b/okta/model_domain_list_response.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DomainListResponse struct for DomainListResponse
+type DomainListResponse struct {
+	Domains              []DomainResponse `json:"domains,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DomainListResponse DomainListResponse
+
+// NewDomainListResponse instantiates a new DomainListResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDomainListResponse() *DomainListResponse {
+	this := DomainListResponse{}
+	return &this
+}
+
+// NewDomainListResponseWithDefaults instantiates a new DomainListResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDomainListResponseWithDefaults() *DomainListResponse {
+	this := DomainListResponse{}
+	return &this
+}
+
+// GetDomains returns the Domains field value if set, zero value otherwise.
+func (o *DomainListResponse) GetDomains() []DomainResponse {
+	if o == nil || o.Domains == nil {
+		var ret []DomainResponse
+		return ret
+	}
+	return o.Domains
+}
+
+// GetDomainsOk returns a tuple with the Domains field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainListResponse) GetDomainsOk() ([]DomainResponse, bool) {
+	if o == nil || o.Domains == nil {
+		return nil, false
+	}
+	return o.Domains, true
+}
+
+// HasDomains returns a boolean if a field has been set.
+func (o *DomainListResponse) HasDomains() bool {
+	if o != nil && o.Domains != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomains gets a reference to the given []DomainResponse and assigns it to the Domains field.
+func (o *DomainListResponse) SetDomains(v []DomainResponse) {
+	o.Domains = v
+}
+
+func (o DomainListResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Domains != nil {
+		toSerialize["domains"] = o.Domains
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DomainListResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varDomainListResponse := _DomainListResponse{}
+
+	err = json.Unmarshal(bytes, &varDomainListResponse)
+	if err == nil {
+		*o = DomainListResponse(varDomainListResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "domains")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDomainListResponse struct {
+	value *DomainListResponse
+	isSet bool
+}
+
+func (v NullableDomainListResponse) Get() *DomainListResponse {
+	return v.value
+}
+
+func (v *NullableDomainListResponse) Set(val *DomainListResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainListResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainListResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainListResponse(val *DomainListResponse) *NullableDomainListResponse {
+	return &NullableDomainListResponse{value: val, isSet: true}
+}
+
+func (v NullableDomainListResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainListResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_response.go b/okta/model_domain_response.go
new file mode 100644
index 000000000..2c53945aa
--- /dev/null
+++ b/okta/model_domain_response.go
@@ -0,0 +1,417 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DomainResponse struct for DomainResponse
+type DomainResponse struct {
+	BrandId               *string                      `json:"brandId,omitempty"`
+	CertificateSourceType *DomainCertificateSourceType `json:"certificateSourceType,omitempty"`
+	DnsRecords            []DNSRecord                  `json:"dnsRecords,omitempty"`
+	Domain                *string                      `json:"domain,omitempty"`
+	Id                    *string                      `json:"id,omitempty"`
+	PublicCertificate     *DomainCertificateMetadata   `json:"publicCertificate,omitempty"`
+	ValidationStatus      *DomainValidationStatus      `json:"validationStatus,omitempty"`
+	Links                 *DomainLinks                 `json:"_links,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _DomainResponse DomainResponse
+
+// NewDomainResponse instantiates a new DomainResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDomainResponse() *DomainResponse {
+	this := DomainResponse{}
+	return &this
+}
+
+// NewDomainResponseWithDefaults instantiates a new DomainResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDomainResponseWithDefaults() *DomainResponse {
+	this := DomainResponse{}
+	return &this
+}
+
+// GetBrandId returns the BrandId field value if set, zero value otherwise.
+func (o *DomainResponse) GetBrandId() string {
+	if o == nil || o.BrandId == nil {
+		var ret string
+		return ret
+	}
+	return *o.BrandId
+}
+
+// GetBrandIdOk returns a tuple with the BrandId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetBrandIdOk() (*string, bool) {
+	if o == nil || o.BrandId == nil {
+		return nil, false
+	}
+	return o.BrandId, true
+}
+
+// HasBrandId returns a boolean if a field has been set.
+func (o *DomainResponse) HasBrandId() bool {
+	if o != nil && o.BrandId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrandId gets a reference to the given string and assigns it to the BrandId field.
+func (o *DomainResponse) SetBrandId(v string) {
+	o.BrandId = &v
+}
+
+// GetCertificateSourceType returns the CertificateSourceType field value if set, zero value otherwise.
+func (o *DomainResponse) GetCertificateSourceType() DomainCertificateSourceType {
+	if o == nil || o.CertificateSourceType == nil {
+		var ret DomainCertificateSourceType
+		return ret
+	}
+	return *o.CertificateSourceType
+}
+
+// GetCertificateSourceTypeOk returns a tuple with the CertificateSourceType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetCertificateSourceTypeOk() (*DomainCertificateSourceType, bool) {
+	if o == nil || o.CertificateSourceType == nil {
+		return nil, false
+	}
+	return o.CertificateSourceType, true
+}
+
+// HasCertificateSourceType returns a boolean if a field has been set.
+func (o *DomainResponse) HasCertificateSourceType() bool {
+	if o != nil && o.CertificateSourceType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCertificateSourceType gets a reference to the given DomainCertificateSourceType and assigns it to the CertificateSourceType field.
+func (o *DomainResponse) SetCertificateSourceType(v DomainCertificateSourceType) {
+	o.CertificateSourceType = &v
+}
+
+// GetDnsRecords returns the DnsRecords field value if set, zero value otherwise.
+func (o *DomainResponse) GetDnsRecords() []DNSRecord {
+	if o == nil || o.DnsRecords == nil {
+		var ret []DNSRecord
+		return ret
+	}
+	return o.DnsRecords
+}
+
+// GetDnsRecordsOk returns a tuple with the DnsRecords field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetDnsRecordsOk() ([]DNSRecord, bool) {
+	if o == nil || o.DnsRecords == nil {
+		return nil, false
+	}
+	return o.DnsRecords, true
+}
+
+// HasDnsRecords returns a boolean if a field has been set.
+func (o *DomainResponse) HasDnsRecords() bool {
+	if o != nil && o.DnsRecords != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDnsRecords gets a reference to the given []DNSRecord and assigns it to the DnsRecords field.
+func (o *DomainResponse) SetDnsRecords(v []DNSRecord) {
+	o.DnsRecords = v
+}
+
+// GetDomain returns the Domain field value if set, zero value otherwise.
+func (o *DomainResponse) GetDomain() string {
+	if o == nil || o.Domain == nil {
+		var ret string
+		return ret
+	}
+	return *o.Domain
+}
+
+// GetDomainOk returns a tuple with the Domain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetDomainOk() (*string, bool) {
+	if o == nil || o.Domain == nil {
+		return nil, false
+	}
+	return o.Domain, true
+}
+
+// HasDomain returns a boolean if a field has been set.
+func (o *DomainResponse) HasDomain() bool {
+	if o != nil && o.Domain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomain gets a reference to the given string and assigns it to the Domain field.
+func (o *DomainResponse) SetDomain(v string) {
+	o.Domain = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *DomainResponse) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *DomainResponse) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *DomainResponse) SetId(v string) {
+	o.Id = &v
+}
+
+// GetPublicCertificate returns the PublicCertificate field value if set, zero value otherwise.
+func (o *DomainResponse) GetPublicCertificate() DomainCertificateMetadata {
+	if o == nil || o.PublicCertificate == nil {
+		var ret DomainCertificateMetadata
+		return ret
+	}
+	return *o.PublicCertificate
+}
+
+// GetPublicCertificateOk returns a tuple with the PublicCertificate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetPublicCertificateOk() (*DomainCertificateMetadata, bool) {
+	if o == nil || o.PublicCertificate == nil {
+		return nil, false
+	}
+	return o.PublicCertificate, true
+}
+
+// HasPublicCertificate returns a boolean if a field has been set.
+func (o *DomainResponse) HasPublicCertificate() bool {
+	if o != nil && o.PublicCertificate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPublicCertificate gets a reference to the given DomainCertificateMetadata and assigns it to the PublicCertificate field.
+func (o *DomainResponse) SetPublicCertificate(v DomainCertificateMetadata) {
+	o.PublicCertificate = &v
+}
+
+// GetValidationStatus returns the ValidationStatus field value if set, zero value otherwise.
+func (o *DomainResponse) GetValidationStatus() DomainValidationStatus {
+	if o == nil || o.ValidationStatus == nil {
+		var ret DomainValidationStatus
+		return ret
+	}
+	return *o.ValidationStatus
+}
+
+// GetValidationStatusOk returns a tuple with the ValidationStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetValidationStatusOk() (*DomainValidationStatus, bool) {
+	if o == nil || o.ValidationStatus == nil {
+		return nil, false
+	}
+	return o.ValidationStatus, true
+}
+
+// HasValidationStatus returns a boolean if a field has been set.
+func (o *DomainResponse) HasValidationStatus() bool {
+	if o != nil && o.ValidationStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValidationStatus gets a reference to the given DomainValidationStatus and assigns it to the ValidationStatus field.
+func (o *DomainResponse) SetValidationStatus(v DomainValidationStatus) {
+	o.ValidationStatus = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *DomainResponse) GetLinks() DomainLinks {
+	if o == nil || o.Links == nil {
+		var ret DomainLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DomainResponse) GetLinksOk() (*DomainLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *DomainResponse) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given DomainLinks and assigns it to the Links field.
+func (o *DomainResponse) SetLinks(v DomainLinks) {
+	o.Links = &v
+}
+
+func (o DomainResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BrandId != nil {
+		toSerialize["brandId"] = o.BrandId
+	}
+	if o.CertificateSourceType != nil {
+		toSerialize["certificateSourceType"] = o.CertificateSourceType
+	}
+	if o.DnsRecords != nil {
+		toSerialize["dnsRecords"] = o.DnsRecords
+	}
+	if o.Domain != nil {
+		toSerialize["domain"] = o.Domain
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.PublicCertificate != nil {
+		toSerialize["publicCertificate"] = o.PublicCertificate
+	}
+	if o.ValidationStatus != nil {
+		toSerialize["validationStatus"] = o.ValidationStatus
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DomainResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varDomainResponse := _DomainResponse{}
+
+	err = json.Unmarshal(bytes, &varDomainResponse)
+	if err == nil {
+		*o = DomainResponse(varDomainResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "brandId")
+		delete(additionalProperties, "certificateSourceType")
+		delete(additionalProperties, "dnsRecords")
+		delete(additionalProperties, "domain")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "publicCertificate")
+		delete(additionalProperties, "validationStatus")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDomainResponse struct {
+	value *DomainResponse
+	isSet bool
+}
+
+func (v NullableDomainResponse) Get() *DomainResponse {
+	return v.value
+}
+
+func (v *NullableDomainResponse) Set(val *DomainResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainResponse(val *DomainResponse) *NullableDomainResponse {
+	return &NullableDomainResponse{value: val, isSet: true}
+}
+
+func (v NullableDomainResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_domain_validation_status.go b/okta/model_domain_validation_status.go
new file mode 100644
index 000000000..a9a456a7c
--- /dev/null
+++ b/okta/model_domain_validation_status.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// DomainValidationStatus the model 'DomainValidationStatus'
+type DomainValidationStatus string
+
+// List of DomainValidationStatus
+const (
+	DOMAINVALIDATIONSTATUS_COMPLETED   DomainValidationStatus = "COMPLETED"
+	DOMAINVALIDATIONSTATUS_IN_PROGRESS DomainValidationStatus = "IN_PROGRESS"
+	DOMAINVALIDATIONSTATUS_NOT_STARTED DomainValidationStatus = "NOT_STARTED"
+	DOMAINVALIDATIONSTATUS_VERIFIED    DomainValidationStatus = "VERIFIED"
+)
+
+// All allowed values of DomainValidationStatus enum
+var AllowedDomainValidationStatusEnumValues = []DomainValidationStatus{
+	"COMPLETED",
+	"IN_PROGRESS",
+	"NOT_STARTED",
+	"VERIFIED",
+}
+
+func (v *DomainValidationStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := DomainValidationStatus(value)
+	for _, existing := range AllowedDomainValidationStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid DomainValidationStatus", value)
+}
+
+// NewDomainValidationStatusFromValue returns a pointer to a valid DomainValidationStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewDomainValidationStatusFromValue(v string) (*DomainValidationStatus, error) {
+	ev := DomainValidationStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for DomainValidationStatus: valid values are %v", v, AllowedDomainValidationStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v DomainValidationStatus) IsValid() bool {
+	for _, existing := range AllowedDomainValidationStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to DomainValidationStatus value
+func (v DomainValidationStatus) Ptr() *DomainValidationStatus {
+	return &v
+}
+
+type NullableDomainValidationStatus struct {
+	value *DomainValidationStatus
+	isSet bool
+}
+
+func (v NullableDomainValidationStatus) Get() *DomainValidationStatus {
+	return v.value
+}
+
+func (v *NullableDomainValidationStatus) Set(val *DomainValidationStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDomainValidationStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDomainValidationStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDomainValidationStatus(val *DomainValidationStatus) *NullableDomainValidationStatus {
+	return &NullableDomainValidationStatus{value: val, isSet: true}
+}
+
+func (v NullableDomainValidationStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDomainValidationStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_dtc_chrome_os.go b/okta/model_dtc_chrome_os.go
new file mode 100644
index 000000000..af6130d07
--- /dev/null
+++ b/okta/model_dtc_chrome_os.go
@@ -0,0 +1,648 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DTCChromeOS Google Chrome Device Trust Connector provider
+type DTCChromeOS struct {
+	// Indicates whether the AllowScreenLock enterprise policy is enabled
+	AllowScreenLock *bool                 `json:"allowScreenLock,omitempty"`
+	BrowserVersion  *ChromeBrowserVersion `json:"browserVersion,omitempty"`
+	// Indicates if a software stack is used to communicate with the DNS server
+	BuiltInDnsClientEnabled *bool `json:"builtInDnsClientEnabled,omitempty"`
+	// Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+	ChromeRemoteDesktopAppBlocked *bool `json:"chromeRemoteDesktopAppBlocked,omitempty"`
+	// Enrollment domain of the customer that is currently managing the device
+	DeviceEnrollmentDomain *string `json:"deviceEnrollmentDomain,omitempty"`
+	// Indicates whether the main disk is encrypted
+	DiskEnrypted  *bool                `json:"diskEnrypted,omitempty"`
+	KeyTrustLevel *KeyTrustLevelOSMode `json:"keyTrustLevel,omitempty"`
+	// Indicates whether a firewall is enabled at the OS-level on the device
+	OsFirewall                       *bool                             `json:"osFirewall,omitempty"`
+	OsVersion                        *OSVersion                        `json:"osVersion,omitempty"`
+	PasswordProtectionWarningTrigger *PasswordProtectionWarningTrigger `json:"passwordProtectionWarningTrigger,omitempty"`
+	// Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+	RealtimeUrlCheckMode        *bool                        `json:"realtimeUrlCheckMode,omitempty"`
+	SafeBrowsingProtectionLevel *SafeBrowsingProtectionLevel `json:"safeBrowsingProtectionLevel,omitempty"`
+	// Indicates whether the device is password-protected
+	ScreenLockSecured *bool `json:"screenLockSecured,omitempty"`
+	// Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+	SiteIsolationEnabled *bool `json:"siteIsolationEnabled,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DTCChromeOS DTCChromeOS
+
+// NewDTCChromeOS instantiates a new DTCChromeOS object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDTCChromeOS() *DTCChromeOS {
+	this := DTCChromeOS{}
+	return &this
+}
+
+// NewDTCChromeOSWithDefaults instantiates a new DTCChromeOS object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDTCChromeOSWithDefaults() *DTCChromeOS {
+	this := DTCChromeOS{}
+	return &this
+}
+
+// GetAllowScreenLock returns the AllowScreenLock field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetAllowScreenLock() bool {
+	if o == nil || o.AllowScreenLock == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AllowScreenLock
+}
+
+// GetAllowScreenLockOk returns a tuple with the AllowScreenLock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetAllowScreenLockOk() (*bool, bool) {
+	if o == nil || o.AllowScreenLock == nil {
+		return nil, false
+	}
+	return o.AllowScreenLock, true
+}
+
+// HasAllowScreenLock returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasAllowScreenLock() bool {
+	if o != nil && o.AllowScreenLock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAllowScreenLock gets a reference to the given bool and assigns it to the AllowScreenLock field.
+func (o *DTCChromeOS) SetAllowScreenLock(v bool) {
+	o.AllowScreenLock = &v
+}
+
+// GetBrowserVersion returns the BrowserVersion field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetBrowserVersion() ChromeBrowserVersion {
+	if o == nil || o.BrowserVersion == nil {
+		var ret ChromeBrowserVersion
+		return ret
+	}
+	return *o.BrowserVersion
+}
+
+// GetBrowserVersionOk returns a tuple with the BrowserVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetBrowserVersionOk() (*ChromeBrowserVersion, bool) {
+	if o == nil || o.BrowserVersion == nil {
+		return nil, false
+	}
+	return o.BrowserVersion, true
+}
+
+// HasBrowserVersion returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasBrowserVersion() bool {
+	if o != nil && o.BrowserVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrowserVersion gets a reference to the given ChromeBrowserVersion and assigns it to the BrowserVersion field.
+func (o *DTCChromeOS) SetBrowserVersion(v ChromeBrowserVersion) {
+	o.BrowserVersion = &v
+}
+
+// GetBuiltInDnsClientEnabled returns the BuiltInDnsClientEnabled field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetBuiltInDnsClientEnabled() bool {
+	if o == nil || o.BuiltInDnsClientEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.BuiltInDnsClientEnabled
+}
+
+// GetBuiltInDnsClientEnabledOk returns a tuple with the BuiltInDnsClientEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetBuiltInDnsClientEnabledOk() (*bool, bool) {
+	if o == nil || o.BuiltInDnsClientEnabled == nil {
+		return nil, false
+	}
+	return o.BuiltInDnsClientEnabled, true
+}
+
+// HasBuiltInDnsClientEnabled returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasBuiltInDnsClientEnabled() bool {
+	if o != nil && o.BuiltInDnsClientEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBuiltInDnsClientEnabled gets a reference to the given bool and assigns it to the BuiltInDnsClientEnabled field.
+func (o *DTCChromeOS) SetBuiltInDnsClientEnabled(v bool) {
+	o.BuiltInDnsClientEnabled = &v
+}
+
+// GetChromeRemoteDesktopAppBlocked returns the ChromeRemoteDesktopAppBlocked field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetChromeRemoteDesktopAppBlocked() bool {
+	if o == nil || o.ChromeRemoteDesktopAppBlocked == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ChromeRemoteDesktopAppBlocked
+}
+
+// GetChromeRemoteDesktopAppBlockedOk returns a tuple with the ChromeRemoteDesktopAppBlocked field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetChromeRemoteDesktopAppBlockedOk() (*bool, bool) {
+	if o == nil || o.ChromeRemoteDesktopAppBlocked == nil {
+		return nil, false
+	}
+	return o.ChromeRemoteDesktopAppBlocked, true
+}
+
+// HasChromeRemoteDesktopAppBlocked returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasChromeRemoteDesktopAppBlocked() bool {
+	if o != nil && o.ChromeRemoteDesktopAppBlocked != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChromeRemoteDesktopAppBlocked gets a reference to the given bool and assigns it to the ChromeRemoteDesktopAppBlocked field.
+func (o *DTCChromeOS) SetChromeRemoteDesktopAppBlocked(v bool) {
+	o.ChromeRemoteDesktopAppBlocked = &v
+}
+
+// GetDeviceEnrollmentDomain returns the DeviceEnrollmentDomain field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetDeviceEnrollmentDomain() string {
+	if o == nil || o.DeviceEnrollmentDomain == nil {
+		var ret string
+		return ret
+	}
+	return *o.DeviceEnrollmentDomain
+}
+
+// GetDeviceEnrollmentDomainOk returns a tuple with the DeviceEnrollmentDomain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetDeviceEnrollmentDomainOk() (*string, bool) {
+	if o == nil || o.DeviceEnrollmentDomain == nil {
+		return nil, false
+	}
+	return o.DeviceEnrollmentDomain, true
+}
+
+// HasDeviceEnrollmentDomain returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasDeviceEnrollmentDomain() bool {
+	if o != nil && o.DeviceEnrollmentDomain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeviceEnrollmentDomain gets a reference to the given string and assigns it to the DeviceEnrollmentDomain field.
+func (o *DTCChromeOS) SetDeviceEnrollmentDomain(v string) {
+	o.DeviceEnrollmentDomain = &v
+}
+
+// GetDiskEnrypted returns the DiskEnrypted field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetDiskEnrypted() bool {
+	if o == nil || o.DiskEnrypted == nil {
+		var ret bool
+		return ret
+	}
+	return *o.DiskEnrypted
+}
+
+// GetDiskEnryptedOk returns a tuple with the DiskEnrypted field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetDiskEnryptedOk() (*bool, bool) {
+	if o == nil || o.DiskEnrypted == nil {
+		return nil, false
+	}
+	return o.DiskEnrypted, true
+}
+
+// HasDiskEnrypted returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasDiskEnrypted() bool {
+	if o != nil && o.DiskEnrypted != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEnrypted gets a reference to the given bool and assigns it to the DiskEnrypted field.
+func (o *DTCChromeOS) SetDiskEnrypted(v bool) {
+	o.DiskEnrypted = &v
+}
+
+// GetKeyTrustLevel returns the KeyTrustLevel field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetKeyTrustLevel() KeyTrustLevelOSMode {
+	if o == nil || o.KeyTrustLevel == nil {
+		var ret KeyTrustLevelOSMode
+		return ret
+	}
+	return *o.KeyTrustLevel
+}
+
+// GetKeyTrustLevelOk returns a tuple with the KeyTrustLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetKeyTrustLevelOk() (*KeyTrustLevelOSMode, bool) {
+	if o == nil || o.KeyTrustLevel == nil {
+		return nil, false
+	}
+	return o.KeyTrustLevel, true
+}
+
+// HasKeyTrustLevel returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasKeyTrustLevel() bool {
+	if o != nil && o.KeyTrustLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKeyTrustLevel gets a reference to the given KeyTrustLevelOSMode and assigns it to the KeyTrustLevel field.
+func (o *DTCChromeOS) SetKeyTrustLevel(v KeyTrustLevelOSMode) {
+	o.KeyTrustLevel = &v
+}
+
+// GetOsFirewall returns the OsFirewall field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetOsFirewall() bool {
+	if o == nil || o.OsFirewall == nil {
+		var ret bool
+		return ret
+	}
+	return *o.OsFirewall
+}
+
+// GetOsFirewallOk returns a tuple with the OsFirewall field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetOsFirewallOk() (*bool, bool) {
+	if o == nil || o.OsFirewall == nil {
+		return nil, false
+	}
+	return o.OsFirewall, true
+}
+
+// HasOsFirewall returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasOsFirewall() bool {
+	if o != nil && o.OsFirewall != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsFirewall gets a reference to the given bool and assigns it to the OsFirewall field.
+func (o *DTCChromeOS) SetOsFirewall(v bool) {
+	o.OsFirewall = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DTCChromeOS) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetPasswordProtectionWarningTrigger returns the PasswordProtectionWarningTrigger field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetPasswordProtectionWarningTrigger() PasswordProtectionWarningTrigger {
+	if o == nil || o.PasswordProtectionWarningTrigger == nil {
+		var ret PasswordProtectionWarningTrigger
+		return ret
+	}
+	return *o.PasswordProtectionWarningTrigger
+}
+
+// GetPasswordProtectionWarningTriggerOk returns a tuple with the PasswordProtectionWarningTrigger field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetPasswordProtectionWarningTriggerOk() (*PasswordProtectionWarningTrigger, bool) {
+	if o == nil || o.PasswordProtectionWarningTrigger == nil {
+		return nil, false
+	}
+	return o.PasswordProtectionWarningTrigger, true
+}
+
+// HasPasswordProtectionWarningTrigger returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasPasswordProtectionWarningTrigger() bool {
+	if o != nil && o.PasswordProtectionWarningTrigger != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordProtectionWarningTrigger gets a reference to the given PasswordProtectionWarningTrigger and assigns it to the PasswordProtectionWarningTrigger field.
+func (o *DTCChromeOS) SetPasswordProtectionWarningTrigger(v PasswordProtectionWarningTrigger) {
+	o.PasswordProtectionWarningTrigger = &v
+}
+
+// GetRealtimeUrlCheckMode returns the RealtimeUrlCheckMode field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetRealtimeUrlCheckMode() bool {
+	if o == nil || o.RealtimeUrlCheckMode == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RealtimeUrlCheckMode
+}
+
+// GetRealtimeUrlCheckModeOk returns a tuple with the RealtimeUrlCheckMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetRealtimeUrlCheckModeOk() (*bool, bool) {
+	if o == nil || o.RealtimeUrlCheckMode == nil {
+		return nil, false
+	}
+	return o.RealtimeUrlCheckMode, true
+}
+
+// HasRealtimeUrlCheckMode returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasRealtimeUrlCheckMode() bool {
+	if o != nil && o.RealtimeUrlCheckMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRealtimeUrlCheckMode gets a reference to the given bool and assigns it to the RealtimeUrlCheckMode field.
+func (o *DTCChromeOS) SetRealtimeUrlCheckMode(v bool) {
+	o.RealtimeUrlCheckMode = &v
+}
+
+// GetSafeBrowsingProtectionLevel returns the SafeBrowsingProtectionLevel field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetSafeBrowsingProtectionLevel() SafeBrowsingProtectionLevel {
+	if o == nil || o.SafeBrowsingProtectionLevel == nil {
+		var ret SafeBrowsingProtectionLevel
+		return ret
+	}
+	return *o.SafeBrowsingProtectionLevel
+}
+
+// GetSafeBrowsingProtectionLevelOk returns a tuple with the SafeBrowsingProtectionLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetSafeBrowsingProtectionLevelOk() (*SafeBrowsingProtectionLevel, bool) {
+	if o == nil || o.SafeBrowsingProtectionLevel == nil {
+		return nil, false
+	}
+	return o.SafeBrowsingProtectionLevel, true
+}
+
+// HasSafeBrowsingProtectionLevel returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasSafeBrowsingProtectionLevel() bool {
+	if o != nil && o.SafeBrowsingProtectionLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSafeBrowsingProtectionLevel gets a reference to the given SafeBrowsingProtectionLevel and assigns it to the SafeBrowsingProtectionLevel field.
+func (o *DTCChromeOS) SetSafeBrowsingProtectionLevel(v SafeBrowsingProtectionLevel) {
+	o.SafeBrowsingProtectionLevel = &v
+}
+
+// GetScreenLockSecured returns the ScreenLockSecured field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetScreenLockSecured() bool {
+	if o == nil || o.ScreenLockSecured == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ScreenLockSecured
+}
+
+// GetScreenLockSecuredOk returns a tuple with the ScreenLockSecured field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetScreenLockSecuredOk() (*bool, bool) {
+	if o == nil || o.ScreenLockSecured == nil {
+		return nil, false
+	}
+	return o.ScreenLockSecured, true
+}
+
+// HasScreenLockSecured returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasScreenLockSecured() bool {
+	if o != nil && o.ScreenLockSecured != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockSecured gets a reference to the given bool and assigns it to the ScreenLockSecured field.
+func (o *DTCChromeOS) SetScreenLockSecured(v bool) {
+	o.ScreenLockSecured = &v
+}
+
+// GetSiteIsolationEnabled returns the SiteIsolationEnabled field value if set, zero value otherwise.
+func (o *DTCChromeOS) GetSiteIsolationEnabled() bool {
+	if o == nil || o.SiteIsolationEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SiteIsolationEnabled
+}
+
+// GetSiteIsolationEnabledOk returns a tuple with the SiteIsolationEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCChromeOS) GetSiteIsolationEnabledOk() (*bool, bool) {
+	if o == nil || o.SiteIsolationEnabled == nil {
+		return nil, false
+	}
+	return o.SiteIsolationEnabled, true
+}
+
+// HasSiteIsolationEnabled returns a boolean if a field has been set.
+func (o *DTCChromeOS) HasSiteIsolationEnabled() bool {
+	if o != nil && o.SiteIsolationEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSiteIsolationEnabled gets a reference to the given bool and assigns it to the SiteIsolationEnabled field.
+func (o *DTCChromeOS) SetSiteIsolationEnabled(v bool) {
+	o.SiteIsolationEnabled = &v
+}
+
+func (o DTCChromeOS) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AllowScreenLock != nil {
+		toSerialize["allowScreenLock"] = o.AllowScreenLock
+	}
+	if o.BrowserVersion != nil {
+		toSerialize["browserVersion"] = o.BrowserVersion
+	}
+	if o.BuiltInDnsClientEnabled != nil {
+		toSerialize["builtInDnsClientEnabled"] = o.BuiltInDnsClientEnabled
+	}
+	if o.ChromeRemoteDesktopAppBlocked != nil {
+		toSerialize["chromeRemoteDesktopAppBlocked"] = o.ChromeRemoteDesktopAppBlocked
+	}
+	if o.DeviceEnrollmentDomain != nil {
+		toSerialize["deviceEnrollmentDomain"] = o.DeviceEnrollmentDomain
+	}
+	if o.DiskEnrypted != nil {
+		toSerialize["diskEnrypted"] = o.DiskEnrypted
+	}
+	if o.KeyTrustLevel != nil {
+		toSerialize["keyTrustLevel"] = o.KeyTrustLevel
+	}
+	if o.OsFirewall != nil {
+		toSerialize["osFirewall"] = o.OsFirewall
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.PasswordProtectionWarningTrigger != nil {
+		toSerialize["passwordProtectionWarningTrigger"] = o.PasswordProtectionWarningTrigger
+	}
+	if o.RealtimeUrlCheckMode != nil {
+		toSerialize["realtimeUrlCheckMode"] = o.RealtimeUrlCheckMode
+	}
+	if o.SafeBrowsingProtectionLevel != nil {
+		toSerialize["safeBrowsingProtectionLevel"] = o.SafeBrowsingProtectionLevel
+	}
+	if o.ScreenLockSecured != nil {
+		toSerialize["screenLockSecured"] = o.ScreenLockSecured
+	}
+	if o.SiteIsolationEnabled != nil {
+		toSerialize["siteIsolationEnabled"] = o.SiteIsolationEnabled
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DTCChromeOS) UnmarshalJSON(bytes []byte) (err error) {
+	varDTCChromeOS := _DTCChromeOS{}
+
+	err = json.Unmarshal(bytes, &varDTCChromeOS)
+	if err == nil {
+		*o = DTCChromeOS(varDTCChromeOS)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "allowScreenLock")
+		delete(additionalProperties, "browserVersion")
+		delete(additionalProperties, "builtInDnsClientEnabled")
+		delete(additionalProperties, "chromeRemoteDesktopAppBlocked")
+		delete(additionalProperties, "deviceEnrollmentDomain")
+		delete(additionalProperties, "diskEnrypted")
+		delete(additionalProperties, "keyTrustLevel")
+		delete(additionalProperties, "osFirewall")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "passwordProtectionWarningTrigger")
+		delete(additionalProperties, "realtimeUrlCheckMode")
+		delete(additionalProperties, "safeBrowsingProtectionLevel")
+		delete(additionalProperties, "screenLockSecured")
+		delete(additionalProperties, "siteIsolationEnabled")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDTCChromeOS struct {
+	value *DTCChromeOS
+	isSet bool
+}
+
+func (v NullableDTCChromeOS) Get() *DTCChromeOS {
+	return v.value
+}
+
+func (v *NullableDTCChromeOS) Set(val *DTCChromeOS) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDTCChromeOS) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDTCChromeOS) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDTCChromeOS(val *DTCChromeOS) *NullableDTCChromeOS {
+	return &NullableDTCChromeOS{value: val, isSet: true}
+}
+
+func (v NullableDTCChromeOS) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDTCChromeOS) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_dtc_mac_os.go b/okta/model_dtc_mac_os.go
new file mode 100644
index 000000000..28d978ee9
--- /dev/null
+++ b/okta/model_dtc_mac_os.go
@@ -0,0 +1,610 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DTCMacOS Google Chrome Device Trust Connector provider
+type DTCMacOS struct {
+	BrowserVersion *ChromeBrowserVersion `json:"browserVersion,omitempty"`
+	// Indicates if a software stack is used to communicate with the DNS server
+	BuiltInDnsClientEnabled *bool `json:"builtInDnsClientEnabled,omitempty"`
+	// Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+	ChromeRemoteDesktopAppBlocked *bool `json:"chromeRemoteDesktopAppBlocked,omitempty"`
+	// Enrollment domain of the customer that is currently managing the device
+	DeviceEnrollmentDomain *string `json:"deviceEnrollmentDomain,omitempty"`
+	// Indicates whether the main disk is encrypted
+	DiskEnrypted  *bool                    `json:"diskEnrypted,omitempty"`
+	KeyTrustLevel *KeyTrustLevelBrowserKey `json:"keyTrustLevel,omitempty"`
+	// Indicates whether a firewall is enabled at the OS-level on the device
+	OsFirewall                       *bool                             `json:"osFirewall,omitempty"`
+	OsVersion                        *OSVersion                        `json:"osVersion,omitempty"`
+	PasswordProtectionWarningTrigger *PasswordProtectionWarningTrigger `json:"passwordProtectionWarningTrigger,omitempty"`
+	// Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+	RealtimeUrlCheckMode        *bool                        `json:"realtimeUrlCheckMode,omitempty"`
+	SafeBrowsingProtectionLevel *SafeBrowsingProtectionLevel `json:"safeBrowsingProtectionLevel,omitempty"`
+	// Indicates whether the device is password-protected
+	ScreenLockSecured *bool `json:"screenLockSecured,omitempty"`
+	// Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+	SiteIsolationEnabled *bool `json:"siteIsolationEnabled,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DTCMacOS DTCMacOS
+
+// NewDTCMacOS instantiates a new DTCMacOS object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDTCMacOS() *DTCMacOS {
+	this := DTCMacOS{}
+	return &this
+}
+
+// NewDTCMacOSWithDefaults instantiates a new DTCMacOS object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDTCMacOSWithDefaults() *DTCMacOS {
+	this := DTCMacOS{}
+	return &this
+}
+
+// GetBrowserVersion returns the BrowserVersion field value if set, zero value otherwise.
+func (o *DTCMacOS) GetBrowserVersion() ChromeBrowserVersion {
+	if o == nil || o.BrowserVersion == nil {
+		var ret ChromeBrowserVersion
+		return ret
+	}
+	return *o.BrowserVersion
+}
+
+// GetBrowserVersionOk returns a tuple with the BrowserVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetBrowserVersionOk() (*ChromeBrowserVersion, bool) {
+	if o == nil || o.BrowserVersion == nil {
+		return nil, false
+	}
+	return o.BrowserVersion, true
+}
+
+// HasBrowserVersion returns a boolean if a field has been set.
+func (o *DTCMacOS) HasBrowserVersion() bool {
+	if o != nil && o.BrowserVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrowserVersion gets a reference to the given ChromeBrowserVersion and assigns it to the BrowserVersion field.
+func (o *DTCMacOS) SetBrowserVersion(v ChromeBrowserVersion) {
+	o.BrowserVersion = &v
+}
+
+// GetBuiltInDnsClientEnabled returns the BuiltInDnsClientEnabled field value if set, zero value otherwise.
+func (o *DTCMacOS) GetBuiltInDnsClientEnabled() bool {
+	if o == nil || o.BuiltInDnsClientEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.BuiltInDnsClientEnabled
+}
+
+// GetBuiltInDnsClientEnabledOk returns a tuple with the BuiltInDnsClientEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetBuiltInDnsClientEnabledOk() (*bool, bool) {
+	if o == nil || o.BuiltInDnsClientEnabled == nil {
+		return nil, false
+	}
+	return o.BuiltInDnsClientEnabled, true
+}
+
+// HasBuiltInDnsClientEnabled returns a boolean if a field has been set.
+func (o *DTCMacOS) HasBuiltInDnsClientEnabled() bool {
+	if o != nil && o.BuiltInDnsClientEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBuiltInDnsClientEnabled gets a reference to the given bool and assigns it to the BuiltInDnsClientEnabled field.
+func (o *DTCMacOS) SetBuiltInDnsClientEnabled(v bool) {
+	o.BuiltInDnsClientEnabled = &v
+}
+
+// GetChromeRemoteDesktopAppBlocked returns the ChromeRemoteDesktopAppBlocked field value if set, zero value otherwise.
+func (o *DTCMacOS) GetChromeRemoteDesktopAppBlocked() bool {
+	if o == nil || o.ChromeRemoteDesktopAppBlocked == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ChromeRemoteDesktopAppBlocked
+}
+
+// GetChromeRemoteDesktopAppBlockedOk returns a tuple with the ChromeRemoteDesktopAppBlocked field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetChromeRemoteDesktopAppBlockedOk() (*bool, bool) {
+	if o == nil || o.ChromeRemoteDesktopAppBlocked == nil {
+		return nil, false
+	}
+	return o.ChromeRemoteDesktopAppBlocked, true
+}
+
+// HasChromeRemoteDesktopAppBlocked returns a boolean if a field has been set.
+func (o *DTCMacOS) HasChromeRemoteDesktopAppBlocked() bool {
+	if o != nil && o.ChromeRemoteDesktopAppBlocked != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChromeRemoteDesktopAppBlocked gets a reference to the given bool and assigns it to the ChromeRemoteDesktopAppBlocked field.
+func (o *DTCMacOS) SetChromeRemoteDesktopAppBlocked(v bool) {
+	o.ChromeRemoteDesktopAppBlocked = &v
+}
+
+// GetDeviceEnrollmentDomain returns the DeviceEnrollmentDomain field value if set, zero value otherwise.
+func (o *DTCMacOS) GetDeviceEnrollmentDomain() string {
+	if o == nil || o.DeviceEnrollmentDomain == nil {
+		var ret string
+		return ret
+	}
+	return *o.DeviceEnrollmentDomain
+}
+
+// GetDeviceEnrollmentDomainOk returns a tuple with the DeviceEnrollmentDomain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetDeviceEnrollmentDomainOk() (*string, bool) {
+	if o == nil || o.DeviceEnrollmentDomain == nil {
+		return nil, false
+	}
+	return o.DeviceEnrollmentDomain, true
+}
+
+// HasDeviceEnrollmentDomain returns a boolean if a field has been set.
+func (o *DTCMacOS) HasDeviceEnrollmentDomain() bool {
+	if o != nil && o.DeviceEnrollmentDomain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeviceEnrollmentDomain gets a reference to the given string and assigns it to the DeviceEnrollmentDomain field.
+func (o *DTCMacOS) SetDeviceEnrollmentDomain(v string) {
+	o.DeviceEnrollmentDomain = &v
+}
+
+// GetDiskEnrypted returns the DiskEnrypted field value if set, zero value otherwise.
+func (o *DTCMacOS) GetDiskEnrypted() bool {
+	if o == nil || o.DiskEnrypted == nil {
+		var ret bool
+		return ret
+	}
+	return *o.DiskEnrypted
+}
+
+// GetDiskEnryptedOk returns a tuple with the DiskEnrypted field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetDiskEnryptedOk() (*bool, bool) {
+	if o == nil || o.DiskEnrypted == nil {
+		return nil, false
+	}
+	return o.DiskEnrypted, true
+}
+
+// HasDiskEnrypted returns a boolean if a field has been set.
+func (o *DTCMacOS) HasDiskEnrypted() bool {
+	if o != nil && o.DiskEnrypted != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEnrypted gets a reference to the given bool and assigns it to the DiskEnrypted field.
+func (o *DTCMacOS) SetDiskEnrypted(v bool) {
+	o.DiskEnrypted = &v
+}
+
+// GetKeyTrustLevel returns the KeyTrustLevel field value if set, zero value otherwise.
+func (o *DTCMacOS) GetKeyTrustLevel() KeyTrustLevelBrowserKey {
+	if o == nil || o.KeyTrustLevel == nil {
+		var ret KeyTrustLevelBrowserKey
+		return ret
+	}
+	return *o.KeyTrustLevel
+}
+
+// GetKeyTrustLevelOk returns a tuple with the KeyTrustLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetKeyTrustLevelOk() (*KeyTrustLevelBrowserKey, bool) {
+	if o == nil || o.KeyTrustLevel == nil {
+		return nil, false
+	}
+	return o.KeyTrustLevel, true
+}
+
+// HasKeyTrustLevel returns a boolean if a field has been set.
+func (o *DTCMacOS) HasKeyTrustLevel() bool {
+	if o != nil && o.KeyTrustLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKeyTrustLevel gets a reference to the given KeyTrustLevelBrowserKey and assigns it to the KeyTrustLevel field.
+func (o *DTCMacOS) SetKeyTrustLevel(v KeyTrustLevelBrowserKey) {
+	o.KeyTrustLevel = &v
+}
+
+// GetOsFirewall returns the OsFirewall field value if set, zero value otherwise.
+func (o *DTCMacOS) GetOsFirewall() bool {
+	if o == nil || o.OsFirewall == nil {
+		var ret bool
+		return ret
+	}
+	return *o.OsFirewall
+}
+
+// GetOsFirewallOk returns a tuple with the OsFirewall field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetOsFirewallOk() (*bool, bool) {
+	if o == nil || o.OsFirewall == nil {
+		return nil, false
+	}
+	return o.OsFirewall, true
+}
+
+// HasOsFirewall returns a boolean if a field has been set.
+func (o *DTCMacOS) HasOsFirewall() bool {
+	if o != nil && o.OsFirewall != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsFirewall gets a reference to the given bool and assigns it to the OsFirewall field.
+func (o *DTCMacOS) SetOsFirewall(v bool) {
+	o.OsFirewall = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DTCMacOS) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DTCMacOS) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DTCMacOS) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetPasswordProtectionWarningTrigger returns the PasswordProtectionWarningTrigger field value if set, zero value otherwise.
+func (o *DTCMacOS) GetPasswordProtectionWarningTrigger() PasswordProtectionWarningTrigger {
+	if o == nil || o.PasswordProtectionWarningTrigger == nil {
+		var ret PasswordProtectionWarningTrigger
+		return ret
+	}
+	return *o.PasswordProtectionWarningTrigger
+}
+
+// GetPasswordProtectionWarningTriggerOk returns a tuple with the PasswordProtectionWarningTrigger field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetPasswordProtectionWarningTriggerOk() (*PasswordProtectionWarningTrigger, bool) {
+	if o == nil || o.PasswordProtectionWarningTrigger == nil {
+		return nil, false
+	}
+	return o.PasswordProtectionWarningTrigger, true
+}
+
+// HasPasswordProtectionWarningTrigger returns a boolean if a field has been set.
+func (o *DTCMacOS) HasPasswordProtectionWarningTrigger() bool {
+	if o != nil && o.PasswordProtectionWarningTrigger != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordProtectionWarningTrigger gets a reference to the given PasswordProtectionWarningTrigger and assigns it to the PasswordProtectionWarningTrigger field.
+func (o *DTCMacOS) SetPasswordProtectionWarningTrigger(v PasswordProtectionWarningTrigger) {
+	o.PasswordProtectionWarningTrigger = &v
+}
+
+// GetRealtimeUrlCheckMode returns the RealtimeUrlCheckMode field value if set, zero value otherwise.
+func (o *DTCMacOS) GetRealtimeUrlCheckMode() bool {
+	if o == nil || o.RealtimeUrlCheckMode == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RealtimeUrlCheckMode
+}
+
+// GetRealtimeUrlCheckModeOk returns a tuple with the RealtimeUrlCheckMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetRealtimeUrlCheckModeOk() (*bool, bool) {
+	if o == nil || o.RealtimeUrlCheckMode == nil {
+		return nil, false
+	}
+	return o.RealtimeUrlCheckMode, true
+}
+
+// HasRealtimeUrlCheckMode returns a boolean if a field has been set.
+func (o *DTCMacOS) HasRealtimeUrlCheckMode() bool {
+	if o != nil && o.RealtimeUrlCheckMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRealtimeUrlCheckMode gets a reference to the given bool and assigns it to the RealtimeUrlCheckMode field.
+func (o *DTCMacOS) SetRealtimeUrlCheckMode(v bool) {
+	o.RealtimeUrlCheckMode = &v
+}
+
+// GetSafeBrowsingProtectionLevel returns the SafeBrowsingProtectionLevel field value if set, zero value otherwise.
+func (o *DTCMacOS) GetSafeBrowsingProtectionLevel() SafeBrowsingProtectionLevel {
+	if o == nil || o.SafeBrowsingProtectionLevel == nil {
+		var ret SafeBrowsingProtectionLevel
+		return ret
+	}
+	return *o.SafeBrowsingProtectionLevel
+}
+
+// GetSafeBrowsingProtectionLevelOk returns a tuple with the SafeBrowsingProtectionLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetSafeBrowsingProtectionLevelOk() (*SafeBrowsingProtectionLevel, bool) {
+	if o == nil || o.SafeBrowsingProtectionLevel == nil {
+		return nil, false
+	}
+	return o.SafeBrowsingProtectionLevel, true
+}
+
+// HasSafeBrowsingProtectionLevel returns a boolean if a field has been set.
+func (o *DTCMacOS) HasSafeBrowsingProtectionLevel() bool {
+	if o != nil && o.SafeBrowsingProtectionLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSafeBrowsingProtectionLevel gets a reference to the given SafeBrowsingProtectionLevel and assigns it to the SafeBrowsingProtectionLevel field.
+func (o *DTCMacOS) SetSafeBrowsingProtectionLevel(v SafeBrowsingProtectionLevel) {
+	o.SafeBrowsingProtectionLevel = &v
+}
+
+// GetScreenLockSecured returns the ScreenLockSecured field value if set, zero value otherwise.
+func (o *DTCMacOS) GetScreenLockSecured() bool {
+	if o == nil || o.ScreenLockSecured == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ScreenLockSecured
+}
+
+// GetScreenLockSecuredOk returns a tuple with the ScreenLockSecured field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetScreenLockSecuredOk() (*bool, bool) {
+	if o == nil || o.ScreenLockSecured == nil {
+		return nil, false
+	}
+	return o.ScreenLockSecured, true
+}
+
+// HasScreenLockSecured returns a boolean if a field has been set.
+func (o *DTCMacOS) HasScreenLockSecured() bool {
+	if o != nil && o.ScreenLockSecured != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockSecured gets a reference to the given bool and assigns it to the ScreenLockSecured field.
+func (o *DTCMacOS) SetScreenLockSecured(v bool) {
+	o.ScreenLockSecured = &v
+}
+
+// GetSiteIsolationEnabled returns the SiteIsolationEnabled field value if set, zero value otherwise.
+func (o *DTCMacOS) GetSiteIsolationEnabled() bool {
+	if o == nil || o.SiteIsolationEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SiteIsolationEnabled
+}
+
+// GetSiteIsolationEnabledOk returns a tuple with the SiteIsolationEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCMacOS) GetSiteIsolationEnabledOk() (*bool, bool) {
+	if o == nil || o.SiteIsolationEnabled == nil {
+		return nil, false
+	}
+	return o.SiteIsolationEnabled, true
+}
+
+// HasSiteIsolationEnabled returns a boolean if a field has been set.
+func (o *DTCMacOS) HasSiteIsolationEnabled() bool {
+	if o != nil && o.SiteIsolationEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSiteIsolationEnabled gets a reference to the given bool and assigns it to the SiteIsolationEnabled field.
+func (o *DTCMacOS) SetSiteIsolationEnabled(v bool) {
+	o.SiteIsolationEnabled = &v
+}
+
+func (o DTCMacOS) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BrowserVersion != nil {
+		toSerialize["browserVersion"] = o.BrowserVersion
+	}
+	if o.BuiltInDnsClientEnabled != nil {
+		toSerialize["builtInDnsClientEnabled"] = o.BuiltInDnsClientEnabled
+	}
+	if o.ChromeRemoteDesktopAppBlocked != nil {
+		toSerialize["chromeRemoteDesktopAppBlocked"] = o.ChromeRemoteDesktopAppBlocked
+	}
+	if o.DeviceEnrollmentDomain != nil {
+		toSerialize["deviceEnrollmentDomain"] = o.DeviceEnrollmentDomain
+	}
+	if o.DiskEnrypted != nil {
+		toSerialize["diskEnrypted"] = o.DiskEnrypted
+	}
+	if o.KeyTrustLevel != nil {
+		toSerialize["keyTrustLevel"] = o.KeyTrustLevel
+	}
+	if o.OsFirewall != nil {
+		toSerialize["osFirewall"] = o.OsFirewall
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.PasswordProtectionWarningTrigger != nil {
+		toSerialize["passwordProtectionWarningTrigger"] = o.PasswordProtectionWarningTrigger
+	}
+	if o.RealtimeUrlCheckMode != nil {
+		toSerialize["realtimeUrlCheckMode"] = o.RealtimeUrlCheckMode
+	}
+	if o.SafeBrowsingProtectionLevel != nil {
+		toSerialize["safeBrowsingProtectionLevel"] = o.SafeBrowsingProtectionLevel
+	}
+	if o.ScreenLockSecured != nil {
+		toSerialize["screenLockSecured"] = o.ScreenLockSecured
+	}
+	if o.SiteIsolationEnabled != nil {
+		toSerialize["siteIsolationEnabled"] = o.SiteIsolationEnabled
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DTCMacOS) UnmarshalJSON(bytes []byte) (err error) {
+	varDTCMacOS := _DTCMacOS{}
+
+	err = json.Unmarshal(bytes, &varDTCMacOS)
+	if err == nil {
+		*o = DTCMacOS(varDTCMacOS)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "browserVersion")
+		delete(additionalProperties, "builtInDnsClientEnabled")
+		delete(additionalProperties, "chromeRemoteDesktopAppBlocked")
+		delete(additionalProperties, "deviceEnrollmentDomain")
+		delete(additionalProperties, "diskEnrypted")
+		delete(additionalProperties, "keyTrustLevel")
+		delete(additionalProperties, "osFirewall")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "passwordProtectionWarningTrigger")
+		delete(additionalProperties, "realtimeUrlCheckMode")
+		delete(additionalProperties, "safeBrowsingProtectionLevel")
+		delete(additionalProperties, "screenLockSecured")
+		delete(additionalProperties, "siteIsolationEnabled")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDTCMacOS struct {
+	value *DTCMacOS
+	isSet bool
+}
+
+func (v NullableDTCMacOS) Get() *DTCMacOS {
+	return v.value
+}
+
+func (v *NullableDTCMacOS) Set(val *DTCMacOS) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDTCMacOS) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDTCMacOS) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDTCMacOS(val *DTCMacOS) *NullableDTCMacOS {
+	return &NullableDTCMacOS{value: val, isSet: true}
+}
+
+func (v NullableDTCMacOS) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDTCMacOS) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_dtc_windows_.go b/okta/model_dtc_windows_.go
new file mode 100644
index 000000000..d16dfacf8
--- /dev/null
+++ b/okta/model_dtc_windows_.go
@@ -0,0 +1,838 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// DTCWindows Google Chrome Device Trust Connector provider
+type DTCWindows struct {
+	BrowserVersion *ChromeBrowserVersion `json:"browserVersion,omitempty"`
+	// Indicates if a software stack is used to communicate with the DNS server
+	BuiltInDnsClientEnabled *bool `json:"builtInDnsClientEnabled,omitempty"`
+	// Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+	ChromeRemoteDesktopAppBlocked *bool `json:"chromeRemoteDesktopAppBlocked,omitempty"`
+	// Agent ID of an installed CrowdStrike agent
+	CrowdStrikeAgentId *string `json:"crowdStrikeAgentId,omitempty"`
+	// Customer ID of an installed CrowdStrike agent
+	CrowdStrikeCustomerId *string `json:"crowdStrikeCustomerId,omitempty"`
+	// Enrollment domain of the customer that is currently managing the device
+	DeviceEnrollmentDomain *string `json:"deviceEnrollmentDomain,omitempty"`
+	// Indicates whether the main disk is encrypted
+	DiskEnrypted  *bool                    `json:"diskEnrypted,omitempty"`
+	KeyTrustLevel *KeyTrustLevelBrowserKey `json:"keyTrustLevel,omitempty"`
+	// Indicates whether a firewall is enabled at the OS-level on the device
+	OsFirewall                       *bool                             `json:"osFirewall,omitempty"`
+	OsVersion                        *OSVersion                        `json:"osVersion,omitempty"`
+	PasswordProtectionWarningTrigger *PasswordProtectionWarningTrigger `json:"passwordProtectionWarningTrigger,omitempty"`
+	// Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+	RealtimeUrlCheckMode        *bool                        `json:"realtimeUrlCheckMode,omitempty"`
+	SafeBrowsingProtectionLevel *SafeBrowsingProtectionLevel `json:"safeBrowsingProtectionLevel,omitempty"`
+	// Indicates whether the device is password-protected
+	ScreenLockSecured *bool `json:"screenLockSecured,omitempty"`
+	// Indicates whether the device's startup software has its Secure Boot feature enabled
+	SecureBootEnabled *bool `json:"secureBootEnabled,omitempty"`
+	// Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+	SiteIsolationEnabled *bool `json:"siteIsolationEnabled,omitempty"`
+	// Indicates whether Chrome is blocking third-party software injection
+	ThirdPartyBlockingEnabled *bool `json:"thirdPartyBlockingEnabled,omitempty"`
+	// Windows domain that the current machine has joined
+	WindowsMachineDomain *string `json:"windowsMachineDomain,omitempty"`
+	// Windows domain for the current OS user
+	WindowsUserDomain    *string `json:"windowsUserDomain,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _DTCWindows DTCWindows
+
+// NewDTCWindows instantiates a new DTCWindows object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDTCWindows() *DTCWindows {
+	this := DTCWindows{}
+	return &this
+}
+
+// NewDTCWindowsWithDefaults instantiates a new DTCWindows object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDTCWindowsWithDefaults() *DTCWindows {
+	this := DTCWindows{}
+	return &this
+}
+
+// GetBrowserVersion returns the BrowserVersion field value if set, zero value otherwise.
+func (o *DTCWindows) GetBrowserVersion() ChromeBrowserVersion {
+	if o == nil || o.BrowserVersion == nil {
+		var ret ChromeBrowserVersion
+		return ret
+	}
+	return *o.BrowserVersion
+}
+
+// GetBrowserVersionOk returns a tuple with the BrowserVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetBrowserVersionOk() (*ChromeBrowserVersion, bool) {
+	if o == nil || o.BrowserVersion == nil {
+		return nil, false
+	}
+	return o.BrowserVersion, true
+}
+
+// HasBrowserVersion returns a boolean if a field has been set.
+func (o *DTCWindows) HasBrowserVersion() bool {
+	if o != nil && o.BrowserVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrowserVersion gets a reference to the given ChromeBrowserVersion and assigns it to the BrowserVersion field.
+func (o *DTCWindows) SetBrowserVersion(v ChromeBrowserVersion) {
+	o.BrowserVersion = &v
+}
+
+// GetBuiltInDnsClientEnabled returns the BuiltInDnsClientEnabled field value if set, zero value otherwise.
+func (o *DTCWindows) GetBuiltInDnsClientEnabled() bool {
+	if o == nil || o.BuiltInDnsClientEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.BuiltInDnsClientEnabled
+}
+
+// GetBuiltInDnsClientEnabledOk returns a tuple with the BuiltInDnsClientEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetBuiltInDnsClientEnabledOk() (*bool, bool) {
+	if o == nil || o.BuiltInDnsClientEnabled == nil {
+		return nil, false
+	}
+	return o.BuiltInDnsClientEnabled, true
+}
+
+// HasBuiltInDnsClientEnabled returns a boolean if a field has been set.
+func (o *DTCWindows) HasBuiltInDnsClientEnabled() bool {
+	if o != nil && o.BuiltInDnsClientEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBuiltInDnsClientEnabled gets a reference to the given bool and assigns it to the BuiltInDnsClientEnabled field.
+func (o *DTCWindows) SetBuiltInDnsClientEnabled(v bool) {
+	o.BuiltInDnsClientEnabled = &v
+}
+
+// GetChromeRemoteDesktopAppBlocked returns the ChromeRemoteDesktopAppBlocked field value if set, zero value otherwise.
+func (o *DTCWindows) GetChromeRemoteDesktopAppBlocked() bool {
+	if o == nil || o.ChromeRemoteDesktopAppBlocked == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ChromeRemoteDesktopAppBlocked
+}
+
+// GetChromeRemoteDesktopAppBlockedOk returns a tuple with the ChromeRemoteDesktopAppBlocked field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetChromeRemoteDesktopAppBlockedOk() (*bool, bool) {
+	if o == nil || o.ChromeRemoteDesktopAppBlocked == nil {
+		return nil, false
+	}
+	return o.ChromeRemoteDesktopAppBlocked, true
+}
+
+// HasChromeRemoteDesktopAppBlocked returns a boolean if a field has been set.
+func (o *DTCWindows) HasChromeRemoteDesktopAppBlocked() bool {
+	if o != nil && o.ChromeRemoteDesktopAppBlocked != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChromeRemoteDesktopAppBlocked gets a reference to the given bool and assigns it to the ChromeRemoteDesktopAppBlocked field.
+func (o *DTCWindows) SetChromeRemoteDesktopAppBlocked(v bool) {
+	o.ChromeRemoteDesktopAppBlocked = &v
+}
+
+// GetCrowdStrikeAgentId returns the CrowdStrikeAgentId field value if set, zero value otherwise.
+func (o *DTCWindows) GetCrowdStrikeAgentId() string {
+	if o == nil || o.CrowdStrikeAgentId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CrowdStrikeAgentId
+}
+
+// GetCrowdStrikeAgentIdOk returns a tuple with the CrowdStrikeAgentId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetCrowdStrikeAgentIdOk() (*string, bool) {
+	if o == nil || o.CrowdStrikeAgentId == nil {
+		return nil, false
+	}
+	return o.CrowdStrikeAgentId, true
+}
+
+// HasCrowdStrikeAgentId returns a boolean if a field has been set.
+func (o *DTCWindows) HasCrowdStrikeAgentId() bool {
+	if o != nil && o.CrowdStrikeAgentId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCrowdStrikeAgentId gets a reference to the given string and assigns it to the CrowdStrikeAgentId field.
+func (o *DTCWindows) SetCrowdStrikeAgentId(v string) {
+	o.CrowdStrikeAgentId = &v
+}
+
+// GetCrowdStrikeCustomerId returns the CrowdStrikeCustomerId field value if set, zero value otherwise.
+func (o *DTCWindows) GetCrowdStrikeCustomerId() string {
+	if o == nil || o.CrowdStrikeCustomerId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CrowdStrikeCustomerId
+}
+
+// GetCrowdStrikeCustomerIdOk returns a tuple with the CrowdStrikeCustomerId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetCrowdStrikeCustomerIdOk() (*string, bool) {
+	if o == nil || o.CrowdStrikeCustomerId == nil {
+		return nil, false
+	}
+	return o.CrowdStrikeCustomerId, true
+}
+
+// HasCrowdStrikeCustomerId returns a boolean if a field has been set.
+func (o *DTCWindows) HasCrowdStrikeCustomerId() bool {
+	if o != nil && o.CrowdStrikeCustomerId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCrowdStrikeCustomerId gets a reference to the given string and assigns it to the CrowdStrikeCustomerId field.
+func (o *DTCWindows) SetCrowdStrikeCustomerId(v string) {
+	o.CrowdStrikeCustomerId = &v
+}
+
+// GetDeviceEnrollmentDomain returns the DeviceEnrollmentDomain field value if set, zero value otherwise.
+func (o *DTCWindows) GetDeviceEnrollmentDomain() string {
+	if o == nil || o.DeviceEnrollmentDomain == nil {
+		var ret string
+		return ret
+	}
+	return *o.DeviceEnrollmentDomain
+}
+
+// GetDeviceEnrollmentDomainOk returns a tuple with the DeviceEnrollmentDomain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetDeviceEnrollmentDomainOk() (*string, bool) {
+	if o == nil || o.DeviceEnrollmentDomain == nil {
+		return nil, false
+	}
+	return o.DeviceEnrollmentDomain, true
+}
+
+// HasDeviceEnrollmentDomain returns a boolean if a field has been set.
+func (o *DTCWindows) HasDeviceEnrollmentDomain() bool {
+	if o != nil && o.DeviceEnrollmentDomain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeviceEnrollmentDomain gets a reference to the given string and assigns it to the DeviceEnrollmentDomain field.
+func (o *DTCWindows) SetDeviceEnrollmentDomain(v string) {
+	o.DeviceEnrollmentDomain = &v
+}
+
+// GetDiskEnrypted returns the DiskEnrypted field value if set, zero value otherwise.
+func (o *DTCWindows) GetDiskEnrypted() bool {
+	if o == nil || o.DiskEnrypted == nil {
+		var ret bool
+		return ret
+	}
+	return *o.DiskEnrypted
+}
+
+// GetDiskEnryptedOk returns a tuple with the DiskEnrypted field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetDiskEnryptedOk() (*bool, bool) {
+	if o == nil || o.DiskEnrypted == nil {
+		return nil, false
+	}
+	return o.DiskEnrypted, true
+}
+
+// HasDiskEnrypted returns a boolean if a field has been set.
+func (o *DTCWindows) HasDiskEnrypted() bool {
+	if o != nil && o.DiskEnrypted != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDiskEnrypted gets a reference to the given bool and assigns it to the DiskEnrypted field.
+func (o *DTCWindows) SetDiskEnrypted(v bool) {
+	o.DiskEnrypted = &v
+}
+
+// GetKeyTrustLevel returns the KeyTrustLevel field value if set, zero value otherwise.
+func (o *DTCWindows) GetKeyTrustLevel() KeyTrustLevelBrowserKey {
+	if o == nil || o.KeyTrustLevel == nil {
+		var ret KeyTrustLevelBrowserKey
+		return ret
+	}
+	return *o.KeyTrustLevel
+}
+
+// GetKeyTrustLevelOk returns a tuple with the KeyTrustLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetKeyTrustLevelOk() (*KeyTrustLevelBrowserKey, bool) {
+	if o == nil || o.KeyTrustLevel == nil {
+		return nil, false
+	}
+	return o.KeyTrustLevel, true
+}
+
+// HasKeyTrustLevel returns a boolean if a field has been set.
+func (o *DTCWindows) HasKeyTrustLevel() bool {
+	if o != nil && o.KeyTrustLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKeyTrustLevel gets a reference to the given KeyTrustLevelBrowserKey and assigns it to the KeyTrustLevel field.
+func (o *DTCWindows) SetKeyTrustLevel(v KeyTrustLevelBrowserKey) {
+	o.KeyTrustLevel = &v
+}
+
+// GetOsFirewall returns the OsFirewall field value if set, zero value otherwise.
+func (o *DTCWindows) GetOsFirewall() bool {
+	if o == nil || o.OsFirewall == nil {
+		var ret bool
+		return ret
+	}
+	return *o.OsFirewall
+}
+
+// GetOsFirewallOk returns a tuple with the OsFirewall field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetOsFirewallOk() (*bool, bool) {
+	if o == nil || o.OsFirewall == nil {
+		return nil, false
+	}
+	return o.OsFirewall, true
+}
+
+// HasOsFirewall returns a boolean if a field has been set.
+func (o *DTCWindows) HasOsFirewall() bool {
+	if o != nil && o.OsFirewall != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsFirewall gets a reference to the given bool and assigns it to the OsFirewall field.
+func (o *DTCWindows) SetOsFirewall(v bool) {
+	o.OsFirewall = &v
+}
+
+// GetOsVersion returns the OsVersion field value if set, zero value otherwise.
+func (o *DTCWindows) GetOsVersion() OSVersion {
+	if o == nil || o.OsVersion == nil {
+		var ret OSVersion
+		return ret
+	}
+	return *o.OsVersion
+}
+
+// GetOsVersionOk returns a tuple with the OsVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetOsVersionOk() (*OSVersion, bool) {
+	if o == nil || o.OsVersion == nil {
+		return nil, false
+	}
+	return o.OsVersion, true
+}
+
+// HasOsVersion returns a boolean if a field has been set.
+func (o *DTCWindows) HasOsVersion() bool {
+	if o != nil && o.OsVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOsVersion gets a reference to the given OSVersion and assigns it to the OsVersion field.
+func (o *DTCWindows) SetOsVersion(v OSVersion) {
+	o.OsVersion = &v
+}
+
+// GetPasswordProtectionWarningTrigger returns the PasswordProtectionWarningTrigger field value if set, zero value otherwise.
+func (o *DTCWindows) GetPasswordProtectionWarningTrigger() PasswordProtectionWarningTrigger {
+	if o == nil || o.PasswordProtectionWarningTrigger == nil {
+		var ret PasswordProtectionWarningTrigger
+		return ret
+	}
+	return *o.PasswordProtectionWarningTrigger
+}
+
+// GetPasswordProtectionWarningTriggerOk returns a tuple with the PasswordProtectionWarningTrigger field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetPasswordProtectionWarningTriggerOk() (*PasswordProtectionWarningTrigger, bool) {
+	if o == nil || o.PasswordProtectionWarningTrigger == nil {
+		return nil, false
+	}
+	return o.PasswordProtectionWarningTrigger, true
+}
+
+// HasPasswordProtectionWarningTrigger returns a boolean if a field has been set.
+func (o *DTCWindows) HasPasswordProtectionWarningTrigger() bool {
+	if o != nil && o.PasswordProtectionWarningTrigger != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordProtectionWarningTrigger gets a reference to the given PasswordProtectionWarningTrigger and assigns it to the PasswordProtectionWarningTrigger field.
+func (o *DTCWindows) SetPasswordProtectionWarningTrigger(v PasswordProtectionWarningTrigger) {
+	o.PasswordProtectionWarningTrigger = &v
+}
+
+// GetRealtimeUrlCheckMode returns the RealtimeUrlCheckMode field value if set, zero value otherwise.
+func (o *DTCWindows) GetRealtimeUrlCheckMode() bool {
+	if o == nil || o.RealtimeUrlCheckMode == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RealtimeUrlCheckMode
+}
+
+// GetRealtimeUrlCheckModeOk returns a tuple with the RealtimeUrlCheckMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetRealtimeUrlCheckModeOk() (*bool, bool) {
+	if o == nil || o.RealtimeUrlCheckMode == nil {
+		return nil, false
+	}
+	return o.RealtimeUrlCheckMode, true
+}
+
+// HasRealtimeUrlCheckMode returns a boolean if a field has been set.
+func (o *DTCWindows) HasRealtimeUrlCheckMode() bool {
+	if o != nil && o.RealtimeUrlCheckMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRealtimeUrlCheckMode gets a reference to the given bool and assigns it to the RealtimeUrlCheckMode field.
+func (o *DTCWindows) SetRealtimeUrlCheckMode(v bool) {
+	o.RealtimeUrlCheckMode = &v
+}
+
+// GetSafeBrowsingProtectionLevel returns the SafeBrowsingProtectionLevel field value if set, zero value otherwise.
+func (o *DTCWindows) GetSafeBrowsingProtectionLevel() SafeBrowsingProtectionLevel {
+	if o == nil || o.SafeBrowsingProtectionLevel == nil {
+		var ret SafeBrowsingProtectionLevel
+		return ret
+	}
+	return *o.SafeBrowsingProtectionLevel
+}
+
+// GetSafeBrowsingProtectionLevelOk returns a tuple with the SafeBrowsingProtectionLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetSafeBrowsingProtectionLevelOk() (*SafeBrowsingProtectionLevel, bool) {
+	if o == nil || o.SafeBrowsingProtectionLevel == nil {
+		return nil, false
+	}
+	return o.SafeBrowsingProtectionLevel, true
+}
+
+// HasSafeBrowsingProtectionLevel returns a boolean if a field has been set.
+func (o *DTCWindows) HasSafeBrowsingProtectionLevel() bool {
+	if o != nil && o.SafeBrowsingProtectionLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSafeBrowsingProtectionLevel gets a reference to the given SafeBrowsingProtectionLevel and assigns it to the SafeBrowsingProtectionLevel field.
+func (o *DTCWindows) SetSafeBrowsingProtectionLevel(v SafeBrowsingProtectionLevel) {
+	o.SafeBrowsingProtectionLevel = &v
+}
+
+// GetScreenLockSecured returns the ScreenLockSecured field value if set, zero value otherwise.
+func (o *DTCWindows) GetScreenLockSecured() bool {
+	if o == nil || o.ScreenLockSecured == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ScreenLockSecured
+}
+
+// GetScreenLockSecuredOk returns a tuple with the ScreenLockSecured field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetScreenLockSecuredOk() (*bool, bool) {
+	if o == nil || o.ScreenLockSecured == nil {
+		return nil, false
+	}
+	return o.ScreenLockSecured, true
+}
+
+// HasScreenLockSecured returns a boolean if a field has been set.
+func (o *DTCWindows) HasScreenLockSecured() bool {
+	if o != nil && o.ScreenLockSecured != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScreenLockSecured gets a reference to the given bool and assigns it to the ScreenLockSecured field.
+func (o *DTCWindows) SetScreenLockSecured(v bool) {
+	o.ScreenLockSecured = &v
+}
+
+// GetSecureBootEnabled returns the SecureBootEnabled field value if set, zero value otherwise.
+func (o *DTCWindows) GetSecureBootEnabled() bool {
+	if o == nil || o.SecureBootEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SecureBootEnabled
+}
+
+// GetSecureBootEnabledOk returns a tuple with the SecureBootEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetSecureBootEnabledOk() (*bool, bool) {
+	if o == nil || o.SecureBootEnabled == nil {
+		return nil, false
+	}
+	return o.SecureBootEnabled, true
+}
+
+// HasSecureBootEnabled returns a boolean if a field has been set.
+func (o *DTCWindows) HasSecureBootEnabled() bool {
+	if o != nil && o.SecureBootEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecureBootEnabled gets a reference to the given bool and assigns it to the SecureBootEnabled field.
+func (o *DTCWindows) SetSecureBootEnabled(v bool) {
+	o.SecureBootEnabled = &v
+}
+
+// GetSiteIsolationEnabled returns the SiteIsolationEnabled field value if set, zero value otherwise.
+func (o *DTCWindows) GetSiteIsolationEnabled() bool {
+	if o == nil || o.SiteIsolationEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SiteIsolationEnabled
+}
+
+// GetSiteIsolationEnabledOk returns a tuple with the SiteIsolationEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetSiteIsolationEnabledOk() (*bool, bool) {
+	if o == nil || o.SiteIsolationEnabled == nil {
+		return nil, false
+	}
+	return o.SiteIsolationEnabled, true
+}
+
+// HasSiteIsolationEnabled returns a boolean if a field has been set.
+func (o *DTCWindows) HasSiteIsolationEnabled() bool {
+	if o != nil && o.SiteIsolationEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSiteIsolationEnabled gets a reference to the given bool and assigns it to the SiteIsolationEnabled field.
+func (o *DTCWindows) SetSiteIsolationEnabled(v bool) {
+	o.SiteIsolationEnabled = &v
+}
+
+// GetThirdPartyBlockingEnabled returns the ThirdPartyBlockingEnabled field value if set, zero value otherwise.
+func (o *DTCWindows) GetThirdPartyBlockingEnabled() bool {
+	if o == nil || o.ThirdPartyBlockingEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ThirdPartyBlockingEnabled
+}
+
+// GetThirdPartyBlockingEnabledOk returns a tuple with the ThirdPartyBlockingEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetThirdPartyBlockingEnabledOk() (*bool, bool) {
+	if o == nil || o.ThirdPartyBlockingEnabled == nil {
+		return nil, false
+	}
+	return o.ThirdPartyBlockingEnabled, true
+}
+
+// HasThirdPartyBlockingEnabled returns a boolean if a field has been set.
+func (o *DTCWindows) HasThirdPartyBlockingEnabled() bool {
+	if o != nil && o.ThirdPartyBlockingEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetThirdPartyBlockingEnabled gets a reference to the given bool and assigns it to the ThirdPartyBlockingEnabled field.
+func (o *DTCWindows) SetThirdPartyBlockingEnabled(v bool) {
+	o.ThirdPartyBlockingEnabled = &v
+}
+
+// GetWindowsMachineDomain returns the WindowsMachineDomain field value if set, zero value otherwise.
+func (o *DTCWindows) GetWindowsMachineDomain() string {
+	if o == nil || o.WindowsMachineDomain == nil {
+		var ret string
+		return ret
+	}
+	return *o.WindowsMachineDomain
+}
+
+// GetWindowsMachineDomainOk returns a tuple with the WindowsMachineDomain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetWindowsMachineDomainOk() (*string, bool) {
+	if o == nil || o.WindowsMachineDomain == nil {
+		return nil, false
+	}
+	return o.WindowsMachineDomain, true
+}
+
+// HasWindowsMachineDomain returns a boolean if a field has been set.
+func (o *DTCWindows) HasWindowsMachineDomain() bool {
+	if o != nil && o.WindowsMachineDomain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWindowsMachineDomain gets a reference to the given string and assigns it to the WindowsMachineDomain field.
+func (o *DTCWindows) SetWindowsMachineDomain(v string) {
+	o.WindowsMachineDomain = &v
+}
+
+// GetWindowsUserDomain returns the WindowsUserDomain field value if set, zero value otherwise.
+func (o *DTCWindows) GetWindowsUserDomain() string {
+	if o == nil || o.WindowsUserDomain == nil {
+		var ret string
+		return ret
+	}
+	return *o.WindowsUserDomain
+}
+
+// GetWindowsUserDomainOk returns a tuple with the WindowsUserDomain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DTCWindows) GetWindowsUserDomainOk() (*string, bool) {
+	if o == nil || o.WindowsUserDomain == nil {
+		return nil, false
+	}
+	return o.WindowsUserDomain, true
+}
+
+// HasWindowsUserDomain returns a boolean if a field has been set.
+func (o *DTCWindows) HasWindowsUserDomain() bool {
+	if o != nil && o.WindowsUserDomain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWindowsUserDomain gets a reference to the given string and assigns it to the WindowsUserDomain field.
+func (o *DTCWindows) SetWindowsUserDomain(v string) {
+	o.WindowsUserDomain = &v
+}
+
+func (o DTCWindows) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BrowserVersion != nil {
+		toSerialize["browserVersion"] = o.BrowserVersion
+	}
+	if o.BuiltInDnsClientEnabled != nil {
+		toSerialize["builtInDnsClientEnabled"] = o.BuiltInDnsClientEnabled
+	}
+	if o.ChromeRemoteDesktopAppBlocked != nil {
+		toSerialize["chromeRemoteDesktopAppBlocked"] = o.ChromeRemoteDesktopAppBlocked
+	}
+	if o.CrowdStrikeAgentId != nil {
+		toSerialize["crowdStrikeAgentId"] = o.CrowdStrikeAgentId
+	}
+	if o.CrowdStrikeCustomerId != nil {
+		toSerialize["crowdStrikeCustomerId"] = o.CrowdStrikeCustomerId
+	}
+	if o.DeviceEnrollmentDomain != nil {
+		toSerialize["deviceEnrollmentDomain"] = o.DeviceEnrollmentDomain
+	}
+	if o.DiskEnrypted != nil {
+		toSerialize["diskEnrypted"] = o.DiskEnrypted
+	}
+	if o.KeyTrustLevel != nil {
+		toSerialize["keyTrustLevel"] = o.KeyTrustLevel
+	}
+	if o.OsFirewall != nil {
+		toSerialize["osFirewall"] = o.OsFirewall
+	}
+	if o.OsVersion != nil {
+		toSerialize["osVersion"] = o.OsVersion
+	}
+	if o.PasswordProtectionWarningTrigger != nil {
+		toSerialize["passwordProtectionWarningTrigger"] = o.PasswordProtectionWarningTrigger
+	}
+	if o.RealtimeUrlCheckMode != nil {
+		toSerialize["realtimeUrlCheckMode"] = o.RealtimeUrlCheckMode
+	}
+	if o.SafeBrowsingProtectionLevel != nil {
+		toSerialize["safeBrowsingProtectionLevel"] = o.SafeBrowsingProtectionLevel
+	}
+	if o.ScreenLockSecured != nil {
+		toSerialize["screenLockSecured"] = o.ScreenLockSecured
+	}
+	if o.SecureBootEnabled != nil {
+		toSerialize["secureBootEnabled"] = o.SecureBootEnabled
+	}
+	if o.SiteIsolationEnabled != nil {
+		toSerialize["siteIsolationEnabled"] = o.SiteIsolationEnabled
+	}
+	if o.ThirdPartyBlockingEnabled != nil {
+		toSerialize["thirdPartyBlockingEnabled"] = o.ThirdPartyBlockingEnabled
+	}
+	if o.WindowsMachineDomain != nil {
+		toSerialize["windowsMachineDomain"] = o.WindowsMachineDomain
+	}
+	if o.WindowsUserDomain != nil {
+		toSerialize["windowsUserDomain"] = o.WindowsUserDomain
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *DTCWindows) UnmarshalJSON(bytes []byte) (err error) {
+	varDTCWindows := _DTCWindows{}
+
+	err = json.Unmarshal(bytes, &varDTCWindows)
+	if err == nil {
+		*o = DTCWindows(varDTCWindows)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "browserVersion")
+		delete(additionalProperties, "builtInDnsClientEnabled")
+		delete(additionalProperties, "chromeRemoteDesktopAppBlocked")
+		delete(additionalProperties, "crowdStrikeAgentId")
+		delete(additionalProperties, "crowdStrikeCustomerId")
+		delete(additionalProperties, "deviceEnrollmentDomain")
+		delete(additionalProperties, "diskEnrypted")
+		delete(additionalProperties, "keyTrustLevel")
+		delete(additionalProperties, "osFirewall")
+		delete(additionalProperties, "osVersion")
+		delete(additionalProperties, "passwordProtectionWarningTrigger")
+		delete(additionalProperties, "realtimeUrlCheckMode")
+		delete(additionalProperties, "safeBrowsingProtectionLevel")
+		delete(additionalProperties, "screenLockSecured")
+		delete(additionalProperties, "secureBootEnabled")
+		delete(additionalProperties, "siteIsolationEnabled")
+		delete(additionalProperties, "thirdPartyBlockingEnabled")
+		delete(additionalProperties, "windowsMachineDomain")
+		delete(additionalProperties, "windowsUserDomain")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDTCWindows struct {
+	value *DTCWindows
+	isSet bool
+}
+
+func (v NullableDTCWindows) Get() *DTCWindows {
+	return v.value
+}
+
+func (v *NullableDTCWindows) Set(val *DTCWindows) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDTCWindows) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDTCWindows) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDTCWindows(val *DTCWindows) *NullableDTCWindows {
+	return &NullableDTCWindows{value: val, isSet: true}
+}
+
+func (v NullableDTCWindows) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDTCWindows) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_duration.go b/okta/model_duration.go
new file mode 100644
index 000000000..baf09f187
--- /dev/null
+++ b/okta/model_duration.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Duration struct for Duration
+type Duration struct {
+	Number               *int32  `json:"number,omitempty"`
+	Unit                 *string `json:"unit,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Duration Duration
+
+// NewDuration instantiates a new Duration object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDuration() *Duration {
+	this := Duration{}
+	return &this
+}
+
+// NewDurationWithDefaults instantiates a new Duration object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDurationWithDefaults() *Duration {
+	this := Duration{}
+	return &this
+}
+
+// GetNumber returns the Number field value if set, zero value otherwise.
+func (o *Duration) GetNumber() int32 {
+	if o == nil || o.Number == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Number
+}
+
+// GetNumberOk returns a tuple with the Number field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Duration) GetNumberOk() (*int32, bool) {
+	if o == nil || o.Number == nil {
+		return nil, false
+	}
+	return o.Number, true
+}
+
+// HasNumber returns a boolean if a field has been set.
+func (o *Duration) HasNumber() bool {
+	if o != nil && o.Number != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNumber gets a reference to the given int32 and assigns it to the Number field.
+func (o *Duration) SetNumber(v int32) {
+	o.Number = &v
+}
+
+// GetUnit returns the Unit field value if set, zero value otherwise.
+func (o *Duration) GetUnit() string {
+	if o == nil || o.Unit == nil {
+		var ret string
+		return ret
+	}
+	return *o.Unit
+}
+
+// GetUnitOk returns a tuple with the Unit field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Duration) GetUnitOk() (*string, bool) {
+	if o == nil || o.Unit == nil {
+		return nil, false
+	}
+	return o.Unit, true
+}
+
+// HasUnit returns a boolean if a field has been set.
+func (o *Duration) HasUnit() bool {
+	if o != nil && o.Unit != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnit gets a reference to the given string and assigns it to the Unit field.
+func (o *Duration) SetUnit(v string) {
+	o.Unit = &v
+}
+
+func (o Duration) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Number != nil {
+		toSerialize["number"] = o.Number
+	}
+	if o.Unit != nil {
+		toSerialize["unit"] = o.Unit
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Duration) UnmarshalJSON(bytes []byte) (err error) {
+	varDuration := _Duration{}
+
+	err = json.Unmarshal(bytes, &varDuration)
+	if err == nil {
+		*o = Duration(varDuration)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "number")
+		delete(additionalProperties, "unit")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableDuration struct {
+	value *Duration
+	isSet bool
+}
+
+func (v NullableDuration) Get() *Duration {
+	return v.value
+}
+
+func (v *NullableDuration) Set(val *Duration) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableDuration) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableDuration) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableDuration(val *Duration) *NullableDuration {
+	return &NullableDuration{value: val, isSet: true}
+}
+
+func (v NullableDuration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableDuration) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_content.go b/okta/model_email_content.go
new file mode 100644
index 000000000..e47a71cbe
--- /dev/null
+++ b/okta/model_email_content.go
@@ -0,0 +1,183 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailContent struct for EmailContent
+type EmailContent struct {
+	// The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+	Body string `json:"body"`
+	// The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+	Subject              string `json:"subject"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailContent EmailContent
+
+// NewEmailContent instantiates a new EmailContent object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailContent(body string, subject string) *EmailContent {
+	this := EmailContent{}
+	this.Body = body
+	this.Subject = subject
+	return &this
+}
+
+// NewEmailContentWithDefaults instantiates a new EmailContent object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailContentWithDefaults() *EmailContent {
+	this := EmailContent{}
+	return &this
+}
+
+// GetBody returns the Body field value
+func (o *EmailContent) GetBody() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Body
+}
+
+// GetBodyOk returns a tuple with the Body field value
+// and a boolean to check if the value has been set.
+func (o *EmailContent) GetBodyOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Body, true
+}
+
+// SetBody sets field value
+func (o *EmailContent) SetBody(v string) {
+	o.Body = v
+}
+
+// GetSubject returns the Subject field value
+func (o *EmailContent) GetSubject() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value
+// and a boolean to check if the value has been set.
+func (o *EmailContent) GetSubjectOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Subject, true
+}
+
+// SetSubject sets field value
+func (o *EmailContent) SetSubject(v string) {
+	o.Subject = v
+}
+
+func (o EmailContent) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["body"] = o.Body
+	}
+	if true {
+		toSerialize["subject"] = o.Subject
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailContent) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailContent := _EmailContent{}
+
+	err = json.Unmarshal(bytes, &varEmailContent)
+	if err == nil {
+		*o = EmailContent(varEmailContent)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "body")
+		delete(additionalProperties, "subject")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailContent struct {
+	value *EmailContent
+	isSet bool
+}
+
+func (v NullableEmailContent) Get() *EmailContent {
+	return v.value
+}
+
+func (v *NullableEmailContent) Set(val *EmailContent) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailContent) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailContent) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailContent(val *EmailContent) *NullableEmailContent {
+	return &NullableEmailContent{value: val, isSet: true}
+}
+
+func (v NullableEmailContent) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailContent) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_customization.go b/okta/model_email_customization.go
new file mode 100644
index 000000000..05cb58532
--- /dev/null
+++ b/okta/model_email_customization.go
@@ -0,0 +1,404 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// EmailCustomization struct for EmailCustomization
+type EmailCustomization struct {
+	// The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+	Body string `json:"body"`
+	// The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+	Subject string `json:"subject"`
+	// The UTC time at which this email customization was created.
+	Created *time.Time `json:"created,omitempty"`
+	// A unique identifier for this email customization.
+	Id *string `json:"id,omitempty"`
+	// Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to `true` for the first customization and `false` thereafter.
+	IsDefault *bool `json:"isDefault,omitempty"`
+	// The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646).
+	Language string `json:"language"`
+	// The UTC time at which this email customization was last updated.
+	LastUpdated          *time.Time                    `json:"lastUpdated,omitempty"`
+	Links                *EmailCustomizationAllOfLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailCustomization EmailCustomization
+
+// NewEmailCustomization instantiates a new EmailCustomization object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailCustomization(body string, subject string, language string) *EmailCustomization {
+	this := EmailCustomization{}
+	this.Body = body
+	this.Subject = subject
+	this.Language = language
+	return &this
+}
+
+// NewEmailCustomizationWithDefaults instantiates a new EmailCustomization object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailCustomizationWithDefaults() *EmailCustomization {
+	this := EmailCustomization{}
+	return &this
+}
+
+// GetBody returns the Body field value
+func (o *EmailCustomization) GetBody() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Body
+}
+
+// GetBodyOk returns a tuple with the Body field value
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetBodyOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Body, true
+}
+
+// SetBody sets field value
+func (o *EmailCustomization) SetBody(v string) {
+	o.Body = v
+}
+
+// GetSubject returns the Subject field value
+func (o *EmailCustomization) GetSubject() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetSubjectOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Subject, true
+}
+
+// SetSubject sets field value
+func (o *EmailCustomization) SetSubject(v string) {
+	o.Subject = v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *EmailCustomization) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *EmailCustomization) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *EmailCustomization) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *EmailCustomization) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *EmailCustomization) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *EmailCustomization) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIsDefault returns the IsDefault field value if set, zero value otherwise.
+func (o *EmailCustomization) GetIsDefault() bool {
+	if o == nil || o.IsDefault == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IsDefault
+}
+
+// GetIsDefaultOk returns a tuple with the IsDefault field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetIsDefaultOk() (*bool, bool) {
+	if o == nil || o.IsDefault == nil {
+		return nil, false
+	}
+	return o.IsDefault, true
+}
+
+// HasIsDefault returns a boolean if a field has been set.
+func (o *EmailCustomization) HasIsDefault() bool {
+	if o != nil && o.IsDefault != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsDefault gets a reference to the given bool and assigns it to the IsDefault field.
+func (o *EmailCustomization) SetIsDefault(v bool) {
+	o.IsDefault = &v
+}
+
+// GetLanguage returns the Language field value
+func (o *EmailCustomization) GetLanguage() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Language
+}
+
+// GetLanguageOk returns a tuple with the Language field value
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetLanguageOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Language, true
+}
+
+// SetLanguage sets field value
+func (o *EmailCustomization) SetLanguage(v string) {
+	o.Language = v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *EmailCustomization) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *EmailCustomization) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *EmailCustomization) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *EmailCustomization) GetLinks() EmailCustomizationAllOfLinks {
+	if o == nil || o.Links == nil {
+		var ret EmailCustomizationAllOfLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomization) GetLinksOk() (*EmailCustomizationAllOfLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *EmailCustomization) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given EmailCustomizationAllOfLinks and assigns it to the Links field.
+func (o *EmailCustomization) SetLinks(v EmailCustomizationAllOfLinks) {
+	o.Links = &v
+}
+
+func (o EmailCustomization) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["body"] = o.Body
+	}
+	if true {
+		toSerialize["subject"] = o.Subject
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IsDefault != nil {
+		toSerialize["isDefault"] = o.IsDefault
+	}
+	if true {
+		toSerialize["language"] = o.Language
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailCustomization) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailCustomization := _EmailCustomization{}
+
+	err = json.Unmarshal(bytes, &varEmailCustomization)
+	if err == nil {
+		*o = EmailCustomization(varEmailCustomization)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "body")
+		delete(additionalProperties, "subject")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "isDefault")
+		delete(additionalProperties, "language")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailCustomization struct {
+	value *EmailCustomization
+	isSet bool
+}
+
+func (v NullableEmailCustomization) Get() *EmailCustomization {
+	return v.value
+}
+
+func (v *NullableEmailCustomization) Set(val *EmailCustomization) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailCustomization) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailCustomization) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailCustomization(val *EmailCustomization) *NullableEmailCustomization {
+	return &NullableEmailCustomization{value: val, isSet: true}
+}
+
+func (v NullableEmailCustomization) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailCustomization) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_customization_all_of.go b/okta/model_email_customization_all_of.go
new file mode 100644
index 000000000..42ad34155
--- /dev/null
+++ b/okta/model_email_customization_all_of.go
@@ -0,0 +1,342 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// EmailCustomizationAllOf struct for EmailCustomizationAllOf
+type EmailCustomizationAllOf struct {
+	// The UTC time at which this email customization was created.
+	Created *time.Time `json:"created,omitempty"`
+	// A unique identifier for this email customization.
+	Id *string `json:"id,omitempty"`
+	// Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to `true` for the first customization and `false` thereafter.
+	IsDefault *bool `json:"isDefault,omitempty"`
+	// The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646).
+	Language string `json:"language"`
+	// The UTC time at which this email customization was last updated.
+	LastUpdated          *time.Time                    `json:"lastUpdated,omitempty"`
+	Links                *EmailCustomizationAllOfLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailCustomizationAllOf EmailCustomizationAllOf
+
+// NewEmailCustomizationAllOf instantiates a new EmailCustomizationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailCustomizationAllOf(language string) *EmailCustomizationAllOf {
+	this := EmailCustomizationAllOf{}
+	this.Language = language
+	return &this
+}
+
+// NewEmailCustomizationAllOfWithDefaults instantiates a new EmailCustomizationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailCustomizationAllOfWithDefaults() *EmailCustomizationAllOf {
+	this := EmailCustomizationAllOf{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOf) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOf) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOf) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *EmailCustomizationAllOf) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOf) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOf) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOf) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *EmailCustomizationAllOf) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIsDefault returns the IsDefault field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOf) GetIsDefault() bool {
+	if o == nil || o.IsDefault == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IsDefault
+}
+
+// GetIsDefaultOk returns a tuple with the IsDefault field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOf) GetIsDefaultOk() (*bool, bool) {
+	if o == nil || o.IsDefault == nil {
+		return nil, false
+	}
+	return o.IsDefault, true
+}
+
+// HasIsDefault returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOf) HasIsDefault() bool {
+	if o != nil && o.IsDefault != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsDefault gets a reference to the given bool and assigns it to the IsDefault field.
+func (o *EmailCustomizationAllOf) SetIsDefault(v bool) {
+	o.IsDefault = &v
+}
+
+// GetLanguage returns the Language field value
+func (o *EmailCustomizationAllOf) GetLanguage() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Language
+}
+
+// GetLanguageOk returns a tuple with the Language field value
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOf) GetLanguageOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Language, true
+}
+
+// SetLanguage sets field value
+func (o *EmailCustomizationAllOf) SetLanguage(v string) {
+	o.Language = v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOf) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOf) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOf) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *EmailCustomizationAllOf) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOf) GetLinks() EmailCustomizationAllOfLinks {
+	if o == nil || o.Links == nil {
+		var ret EmailCustomizationAllOfLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOf) GetLinksOk() (*EmailCustomizationAllOfLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOf) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given EmailCustomizationAllOfLinks and assigns it to the Links field.
+func (o *EmailCustomizationAllOf) SetLinks(v EmailCustomizationAllOfLinks) {
+	o.Links = &v
+}
+
+func (o EmailCustomizationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IsDefault != nil {
+		toSerialize["isDefault"] = o.IsDefault
+	}
+	if true {
+		toSerialize["language"] = o.Language
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailCustomizationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailCustomizationAllOf := _EmailCustomizationAllOf{}
+
+	err = json.Unmarshal(bytes, &varEmailCustomizationAllOf)
+	if err == nil {
+		*o = EmailCustomizationAllOf(varEmailCustomizationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "isDefault")
+		delete(additionalProperties, "language")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailCustomizationAllOf struct {
+	value *EmailCustomizationAllOf
+	isSet bool
+}
+
+func (v NullableEmailCustomizationAllOf) Get() *EmailCustomizationAllOf {
+	return v.value
+}
+
+func (v *NullableEmailCustomizationAllOf) Set(val *EmailCustomizationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailCustomizationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailCustomizationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailCustomizationAllOf(val *EmailCustomizationAllOf) *NullableEmailCustomizationAllOf {
+	return &NullableEmailCustomizationAllOf{value: val, isSet: true}
+}
+
+func (v NullableEmailCustomizationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailCustomizationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_customization_all_of__links.go b/okta/model_email_customization_all_of__links.go
new file mode 100644
index 000000000..4b0d75c26
--- /dev/null
+++ b/okta/model_email_customization_all_of__links.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailCustomizationAllOfLinks Links to resources related to this email customization.
+type EmailCustomizationAllOfLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Template             *HrefObject `json:"template,omitempty"`
+	Preview              *HrefObject `json:"preview,omitempty"`
+	Test                 *HrefObject `json:"test,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailCustomizationAllOfLinks EmailCustomizationAllOfLinks
+
+// NewEmailCustomizationAllOfLinks instantiates a new EmailCustomizationAllOfLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailCustomizationAllOfLinks() *EmailCustomizationAllOfLinks {
+	this := EmailCustomizationAllOfLinks{}
+	return &this
+}
+
+// NewEmailCustomizationAllOfLinksWithDefaults instantiates a new EmailCustomizationAllOfLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailCustomizationAllOfLinksWithDefaults() *EmailCustomizationAllOfLinks {
+	this := EmailCustomizationAllOfLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOfLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOfLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOfLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *EmailCustomizationAllOfLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetTemplate returns the Template field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOfLinks) GetTemplate() HrefObject {
+	if o == nil || o.Template == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Template
+}
+
+// GetTemplateOk returns a tuple with the Template field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOfLinks) GetTemplateOk() (*HrefObject, bool) {
+	if o == nil || o.Template == nil {
+		return nil, false
+	}
+	return o.Template, true
+}
+
+// HasTemplate returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOfLinks) HasTemplate() bool {
+	if o != nil && o.Template != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTemplate gets a reference to the given HrefObject and assigns it to the Template field.
+func (o *EmailCustomizationAllOfLinks) SetTemplate(v HrefObject) {
+	o.Template = &v
+}
+
+// GetPreview returns the Preview field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOfLinks) GetPreview() HrefObject {
+	if o == nil || o.Preview == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Preview
+}
+
+// GetPreviewOk returns a tuple with the Preview field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOfLinks) GetPreviewOk() (*HrefObject, bool) {
+	if o == nil || o.Preview == nil {
+		return nil, false
+	}
+	return o.Preview, true
+}
+
+// HasPreview returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOfLinks) HasPreview() bool {
+	if o != nil && o.Preview != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreview gets a reference to the given HrefObject and assigns it to the Preview field.
+func (o *EmailCustomizationAllOfLinks) SetPreview(v HrefObject) {
+	o.Preview = &v
+}
+
+// GetTest returns the Test field value if set, zero value otherwise.
+func (o *EmailCustomizationAllOfLinks) GetTest() HrefObject {
+	if o == nil || o.Test == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Test
+}
+
+// GetTestOk returns a tuple with the Test field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailCustomizationAllOfLinks) GetTestOk() (*HrefObject, bool) {
+	if o == nil || o.Test == nil {
+		return nil, false
+	}
+	return o.Test, true
+}
+
+// HasTest returns a boolean if a field has been set.
+func (o *EmailCustomizationAllOfLinks) HasTest() bool {
+	if o != nil && o.Test != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTest gets a reference to the given HrefObject and assigns it to the Test field.
+func (o *EmailCustomizationAllOfLinks) SetTest(v HrefObject) {
+	o.Test = &v
+}
+
+func (o EmailCustomizationAllOfLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Template != nil {
+		toSerialize["template"] = o.Template
+	}
+	if o.Preview != nil {
+		toSerialize["preview"] = o.Preview
+	}
+	if o.Test != nil {
+		toSerialize["test"] = o.Test
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailCustomizationAllOfLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailCustomizationAllOfLinks := _EmailCustomizationAllOfLinks{}
+
+	err = json.Unmarshal(bytes, &varEmailCustomizationAllOfLinks)
+	if err == nil {
+		*o = EmailCustomizationAllOfLinks(varEmailCustomizationAllOfLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "template")
+		delete(additionalProperties, "preview")
+		delete(additionalProperties, "test")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailCustomizationAllOfLinks struct {
+	value *EmailCustomizationAllOfLinks
+	isSet bool
+}
+
+func (v NullableEmailCustomizationAllOfLinks) Get() *EmailCustomizationAllOfLinks {
+	return v.value
+}
+
+func (v *NullableEmailCustomizationAllOfLinks) Set(val *EmailCustomizationAllOfLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailCustomizationAllOfLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailCustomizationAllOfLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailCustomizationAllOfLinks(val *EmailCustomizationAllOfLinks) *NullableEmailCustomizationAllOfLinks {
+	return &NullableEmailCustomizationAllOfLinks{value: val, isSet: true}
+}
+
+func (v NullableEmailCustomizationAllOfLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailCustomizationAllOfLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_default_content.go b/okta/model_email_default_content.go
new file mode 100644
index 000000000..6a2216ac6
--- /dev/null
+++ b/okta/model_email_default_content.go
@@ -0,0 +1,220 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailDefaultContent struct for EmailDefaultContent
+type EmailDefaultContent struct {
+	// The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+	Body string `json:"body"`
+	// The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+	Subject              string                         `json:"subject"`
+	Links                *EmailDefaultContentAllOfLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailDefaultContent EmailDefaultContent
+
+// NewEmailDefaultContent instantiates a new EmailDefaultContent object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailDefaultContent(body string, subject string) *EmailDefaultContent {
+	this := EmailDefaultContent{}
+	this.Body = body
+	this.Subject = subject
+	return &this
+}
+
+// NewEmailDefaultContentWithDefaults instantiates a new EmailDefaultContent object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailDefaultContentWithDefaults() *EmailDefaultContent {
+	this := EmailDefaultContent{}
+	return &this
+}
+
+// GetBody returns the Body field value
+func (o *EmailDefaultContent) GetBody() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Body
+}
+
+// GetBodyOk returns a tuple with the Body field value
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContent) GetBodyOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Body, true
+}
+
+// SetBody sets field value
+func (o *EmailDefaultContent) SetBody(v string) {
+	o.Body = v
+}
+
+// GetSubject returns the Subject field value
+func (o *EmailDefaultContent) GetSubject() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContent) GetSubjectOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Subject, true
+}
+
+// SetSubject sets field value
+func (o *EmailDefaultContent) SetSubject(v string) {
+	o.Subject = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *EmailDefaultContent) GetLinks() EmailDefaultContentAllOfLinks {
+	if o == nil || o.Links == nil {
+		var ret EmailDefaultContentAllOfLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContent) GetLinksOk() (*EmailDefaultContentAllOfLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *EmailDefaultContent) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given EmailDefaultContentAllOfLinks and assigns it to the Links field.
+func (o *EmailDefaultContent) SetLinks(v EmailDefaultContentAllOfLinks) {
+	o.Links = &v
+}
+
+func (o EmailDefaultContent) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["body"] = o.Body
+	}
+	if true {
+		toSerialize["subject"] = o.Subject
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailDefaultContent) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailDefaultContent := _EmailDefaultContent{}
+
+	err = json.Unmarshal(bytes, &varEmailDefaultContent)
+	if err == nil {
+		*o = EmailDefaultContent(varEmailDefaultContent)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "body")
+		delete(additionalProperties, "subject")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailDefaultContent struct {
+	value *EmailDefaultContent
+	isSet bool
+}
+
+func (v NullableEmailDefaultContent) Get() *EmailDefaultContent {
+	return v.value
+}
+
+func (v *NullableEmailDefaultContent) Set(val *EmailDefaultContent) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDefaultContent) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDefaultContent) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDefaultContent(val *EmailDefaultContent) *NullableEmailDefaultContent {
+	return &NullableEmailDefaultContent{value: val, isSet: true}
+}
+
+func (v NullableEmailDefaultContent) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDefaultContent) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_default_content_all_of.go b/okta/model_email_default_content_all_of.go
new file mode 100644
index 000000000..4fad9bbe2
--- /dev/null
+++ b/okta/model_email_default_content_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailDefaultContentAllOf struct for EmailDefaultContentAllOf
+type EmailDefaultContentAllOf struct {
+	Links                *EmailDefaultContentAllOfLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailDefaultContentAllOf EmailDefaultContentAllOf
+
+// NewEmailDefaultContentAllOf instantiates a new EmailDefaultContentAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailDefaultContentAllOf() *EmailDefaultContentAllOf {
+	this := EmailDefaultContentAllOf{}
+	return &this
+}
+
+// NewEmailDefaultContentAllOfWithDefaults instantiates a new EmailDefaultContentAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailDefaultContentAllOfWithDefaults() *EmailDefaultContentAllOf {
+	this := EmailDefaultContentAllOf{}
+	return &this
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *EmailDefaultContentAllOf) GetLinks() EmailDefaultContentAllOfLinks {
+	if o == nil || o.Links == nil {
+		var ret EmailDefaultContentAllOfLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContentAllOf) GetLinksOk() (*EmailDefaultContentAllOfLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *EmailDefaultContentAllOf) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given EmailDefaultContentAllOfLinks and assigns it to the Links field.
+func (o *EmailDefaultContentAllOf) SetLinks(v EmailDefaultContentAllOfLinks) {
+	o.Links = &v
+}
+
+func (o EmailDefaultContentAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailDefaultContentAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailDefaultContentAllOf := _EmailDefaultContentAllOf{}
+
+	err = json.Unmarshal(bytes, &varEmailDefaultContentAllOf)
+	if err == nil {
+		*o = EmailDefaultContentAllOf(varEmailDefaultContentAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailDefaultContentAllOf struct {
+	value *EmailDefaultContentAllOf
+	isSet bool
+}
+
+func (v NullableEmailDefaultContentAllOf) Get() *EmailDefaultContentAllOf {
+	return v.value
+}
+
+func (v *NullableEmailDefaultContentAllOf) Set(val *EmailDefaultContentAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDefaultContentAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDefaultContentAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDefaultContentAllOf(val *EmailDefaultContentAllOf) *NullableEmailDefaultContentAllOf {
+	return &NullableEmailDefaultContentAllOf{value: val, isSet: true}
+}
+
+func (v NullableEmailDefaultContentAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDefaultContentAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_default_content_all_of__links.go b/okta/model_email_default_content_all_of__links.go
new file mode 100644
index 000000000..7d32b6f20
--- /dev/null
+++ b/okta/model_email_default_content_all_of__links.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailDefaultContentAllOfLinks Links to resources related to this email template's default content.
+type EmailDefaultContentAllOfLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Template             *HrefObject `json:"template,omitempty"`
+	Preview              *HrefObject `json:"preview,omitempty"`
+	Test                 *HrefObject `json:"test,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailDefaultContentAllOfLinks EmailDefaultContentAllOfLinks
+
+// NewEmailDefaultContentAllOfLinks instantiates a new EmailDefaultContentAllOfLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailDefaultContentAllOfLinks() *EmailDefaultContentAllOfLinks {
+	this := EmailDefaultContentAllOfLinks{}
+	return &this
+}
+
+// NewEmailDefaultContentAllOfLinksWithDefaults instantiates a new EmailDefaultContentAllOfLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailDefaultContentAllOfLinksWithDefaults() *EmailDefaultContentAllOfLinks {
+	this := EmailDefaultContentAllOfLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *EmailDefaultContentAllOfLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContentAllOfLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *EmailDefaultContentAllOfLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *EmailDefaultContentAllOfLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetTemplate returns the Template field value if set, zero value otherwise.
+func (o *EmailDefaultContentAllOfLinks) GetTemplate() HrefObject {
+	if o == nil || o.Template == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Template
+}
+
+// GetTemplateOk returns a tuple with the Template field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContentAllOfLinks) GetTemplateOk() (*HrefObject, bool) {
+	if o == nil || o.Template == nil {
+		return nil, false
+	}
+	return o.Template, true
+}
+
+// HasTemplate returns a boolean if a field has been set.
+func (o *EmailDefaultContentAllOfLinks) HasTemplate() bool {
+	if o != nil && o.Template != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTemplate gets a reference to the given HrefObject and assigns it to the Template field.
+func (o *EmailDefaultContentAllOfLinks) SetTemplate(v HrefObject) {
+	o.Template = &v
+}
+
+// GetPreview returns the Preview field value if set, zero value otherwise.
+func (o *EmailDefaultContentAllOfLinks) GetPreview() HrefObject {
+	if o == nil || o.Preview == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Preview
+}
+
+// GetPreviewOk returns a tuple with the Preview field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContentAllOfLinks) GetPreviewOk() (*HrefObject, bool) {
+	if o == nil || o.Preview == nil {
+		return nil, false
+	}
+	return o.Preview, true
+}
+
+// HasPreview returns a boolean if a field has been set.
+func (o *EmailDefaultContentAllOfLinks) HasPreview() bool {
+	if o != nil && o.Preview != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreview gets a reference to the given HrefObject and assigns it to the Preview field.
+func (o *EmailDefaultContentAllOfLinks) SetPreview(v HrefObject) {
+	o.Preview = &v
+}
+
+// GetTest returns the Test field value if set, zero value otherwise.
+func (o *EmailDefaultContentAllOfLinks) GetTest() HrefObject {
+	if o == nil || o.Test == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Test
+}
+
+// GetTestOk returns a tuple with the Test field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDefaultContentAllOfLinks) GetTestOk() (*HrefObject, bool) {
+	if o == nil || o.Test == nil {
+		return nil, false
+	}
+	return o.Test, true
+}
+
+// HasTest returns a boolean if a field has been set.
+func (o *EmailDefaultContentAllOfLinks) HasTest() bool {
+	if o != nil && o.Test != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTest gets a reference to the given HrefObject and assigns it to the Test field.
+func (o *EmailDefaultContentAllOfLinks) SetTest(v HrefObject) {
+	o.Test = &v
+}
+
+func (o EmailDefaultContentAllOfLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Template != nil {
+		toSerialize["template"] = o.Template
+	}
+	if o.Preview != nil {
+		toSerialize["preview"] = o.Preview
+	}
+	if o.Test != nil {
+		toSerialize["test"] = o.Test
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailDefaultContentAllOfLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailDefaultContentAllOfLinks := _EmailDefaultContentAllOfLinks{}
+
+	err = json.Unmarshal(bytes, &varEmailDefaultContentAllOfLinks)
+	if err == nil {
+		*o = EmailDefaultContentAllOfLinks(varEmailDefaultContentAllOfLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "template")
+		delete(additionalProperties, "preview")
+		delete(additionalProperties, "test")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailDefaultContentAllOfLinks struct {
+	value *EmailDefaultContentAllOfLinks
+	isSet bool
+}
+
+func (v NullableEmailDefaultContentAllOfLinks) Get() *EmailDefaultContentAllOfLinks {
+	return v.value
+}
+
+func (v *NullableEmailDefaultContentAllOfLinks) Set(val *EmailDefaultContentAllOfLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDefaultContentAllOfLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDefaultContentAllOfLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDefaultContentAllOfLinks(val *EmailDefaultContentAllOfLinks) *NullableEmailDefaultContentAllOfLinks {
+	return &NullableEmailDefaultContentAllOfLinks{value: val, isSet: true}
+}
+
+func (v NullableEmailDefaultContentAllOfLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDefaultContentAllOfLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_domain.go b/okta/model_email_domain.go
new file mode 100644
index 000000000..4b5f0f979
--- /dev/null
+++ b/okta/model_email_domain.go
@@ -0,0 +1,239 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailDomain struct for EmailDomain
+type EmailDomain struct {
+	BrandId              string `json:"brandId"`
+	Domain               string `json:"domain"`
+	DisplayName          string `json:"displayName"`
+	UserName             string `json:"userName"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailDomain EmailDomain
+
+// NewEmailDomain instantiates a new EmailDomain object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailDomain(brandId string, domain string, displayName string, userName string) *EmailDomain {
+	this := EmailDomain{}
+	this.DisplayName = displayName
+	this.UserName = userName
+	return &this
+}
+
+// NewEmailDomainWithDefaults instantiates a new EmailDomain object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailDomainWithDefaults() *EmailDomain {
+	this := EmailDomain{}
+	return &this
+}
+
+// GetBrandId returns the BrandId field value
+func (o *EmailDomain) GetBrandId() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.BrandId
+}
+
+// GetBrandIdOk returns a tuple with the BrandId field value
+// and a boolean to check if the value has been set.
+func (o *EmailDomain) GetBrandIdOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.BrandId, true
+}
+
+// SetBrandId sets field value
+func (o *EmailDomain) SetBrandId(v string) {
+	o.BrandId = v
+}
+
+// GetDomain returns the Domain field value
+func (o *EmailDomain) GetDomain() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Domain
+}
+
+// GetDomainOk returns a tuple with the Domain field value
+// and a boolean to check if the value has been set.
+func (o *EmailDomain) GetDomainOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Domain, true
+}
+
+// SetDomain sets field value
+func (o *EmailDomain) SetDomain(v string) {
+	o.Domain = v
+}
+
+// GetDisplayName returns the DisplayName field value
+func (o *EmailDomain) GetDisplayName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value
+// and a boolean to check if the value has been set.
+func (o *EmailDomain) GetDisplayNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.DisplayName, true
+}
+
+// SetDisplayName sets field value
+func (o *EmailDomain) SetDisplayName(v string) {
+	o.DisplayName = v
+}
+
+// GetUserName returns the UserName field value
+func (o *EmailDomain) GetUserName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value
+// and a boolean to check if the value has been set.
+func (o *EmailDomain) GetUserNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.UserName, true
+}
+
+// SetUserName sets field value
+func (o *EmailDomain) SetUserName(v string) {
+	o.UserName = v
+}
+
+func (o EmailDomain) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["brandId"] = o.BrandId
+	}
+	if true {
+		toSerialize["domain"] = o.Domain
+	}
+	if true {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if true {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailDomain) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailDomain := _EmailDomain{}
+
+	err = json.Unmarshal(bytes, &varEmailDomain)
+	if err == nil {
+		*o = EmailDomain(varEmailDomain)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "brandId")
+		delete(additionalProperties, "domain")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailDomain struct {
+	value *EmailDomain
+	isSet bool
+}
+
+func (v NullableEmailDomain) Get() *EmailDomain {
+	return v.value
+}
+
+func (v *NullableEmailDomain) Set(val *EmailDomain) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDomain) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDomain) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDomain(val *EmailDomain) *NullableEmailDomain {
+	return &NullableEmailDomain{value: val, isSet: true}
+}
+
+func (v NullableEmailDomain) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDomain) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_domain_response.go b/okta/model_email_domain_response.go
new file mode 100644
index 000000000..d00a379e0
--- /dev/null
+++ b/okta/model_email_domain_response.go
@@ -0,0 +1,329 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailDomainResponse struct for EmailDomainResponse
+type EmailDomainResponse struct {
+	DnsValidationRecords []DNSRecord        `json:"dnsValidationRecords,omitempty"`
+	Domain               *string            `json:"domain,omitempty"`
+	Id                   *string            `json:"id,omitempty"`
+	ValidationStatus     *EmailDomainStatus `json:"validationStatus,omitempty"`
+	DisplayName          string             `json:"displayName"`
+	UserName             string             `json:"userName"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailDomainResponse EmailDomainResponse
+
+// NewEmailDomainResponse instantiates a new EmailDomainResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailDomainResponse(displayName string, userName string) *EmailDomainResponse {
+	this := EmailDomainResponse{}
+	this.DisplayName = displayName
+	this.UserName = userName
+	return &this
+}
+
+// NewEmailDomainResponseWithDefaults instantiates a new EmailDomainResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailDomainResponseWithDefaults() *EmailDomainResponse {
+	this := EmailDomainResponse{}
+	return &this
+}
+
+// GetDnsValidationRecords returns the DnsValidationRecords field value if set, zero value otherwise.
+func (o *EmailDomainResponse) GetDnsValidationRecords() []DNSRecord {
+	if o == nil || o.DnsValidationRecords == nil {
+		var ret []DNSRecord
+		return ret
+	}
+	return o.DnsValidationRecords
+}
+
+// GetDnsValidationRecordsOk returns a tuple with the DnsValidationRecords field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponse) GetDnsValidationRecordsOk() ([]DNSRecord, bool) {
+	if o == nil || o.DnsValidationRecords == nil {
+		return nil, false
+	}
+	return o.DnsValidationRecords, true
+}
+
+// HasDnsValidationRecords returns a boolean if a field has been set.
+func (o *EmailDomainResponse) HasDnsValidationRecords() bool {
+	if o != nil && o.DnsValidationRecords != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDnsValidationRecords gets a reference to the given []DNSRecord and assigns it to the DnsValidationRecords field.
+func (o *EmailDomainResponse) SetDnsValidationRecords(v []DNSRecord) {
+	o.DnsValidationRecords = v
+}
+
+// GetDomain returns the Domain field value if set, zero value otherwise.
+func (o *EmailDomainResponse) GetDomain() string {
+	if o == nil || o.Domain == nil {
+		var ret string
+		return ret
+	}
+	return *o.Domain
+}
+
+// GetDomainOk returns a tuple with the Domain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponse) GetDomainOk() (*string, bool) {
+	if o == nil || o.Domain == nil {
+		return nil, false
+	}
+	return o.Domain, true
+}
+
+// HasDomain returns a boolean if a field has been set.
+func (o *EmailDomainResponse) HasDomain() bool {
+	if o != nil && o.Domain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomain gets a reference to the given string and assigns it to the Domain field.
+func (o *EmailDomainResponse) SetDomain(v string) {
+	o.Domain = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *EmailDomainResponse) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponse) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *EmailDomainResponse) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *EmailDomainResponse) SetId(v string) {
+	o.Id = &v
+}
+
+// GetValidationStatus returns the ValidationStatus field value if set, zero value otherwise.
+func (o *EmailDomainResponse) GetValidationStatus() EmailDomainStatus {
+	if o == nil || o.ValidationStatus == nil {
+		var ret EmailDomainStatus
+		return ret
+	}
+	return *o.ValidationStatus
+}
+
+// GetValidationStatusOk returns a tuple with the ValidationStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponse) GetValidationStatusOk() (*EmailDomainStatus, bool) {
+	if o == nil || o.ValidationStatus == nil {
+		return nil, false
+	}
+	return o.ValidationStatus, true
+}
+
+// HasValidationStatus returns a boolean if a field has been set.
+func (o *EmailDomainResponse) HasValidationStatus() bool {
+	if o != nil && o.ValidationStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValidationStatus gets a reference to the given EmailDomainStatus and assigns it to the ValidationStatus field.
+func (o *EmailDomainResponse) SetValidationStatus(v EmailDomainStatus) {
+	o.ValidationStatus = &v
+}
+
+// GetDisplayName returns the DisplayName field value
+func (o *EmailDomainResponse) GetDisplayName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponse) GetDisplayNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.DisplayName, true
+}
+
+// SetDisplayName sets field value
+func (o *EmailDomainResponse) SetDisplayName(v string) {
+	o.DisplayName = v
+}
+
+// GetUserName returns the UserName field value
+func (o *EmailDomainResponse) GetUserName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponse) GetUserNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.UserName, true
+}
+
+// SetUserName sets field value
+func (o *EmailDomainResponse) SetUserName(v string) {
+	o.UserName = v
+}
+
+func (o EmailDomainResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DnsValidationRecords != nil {
+		toSerialize["dnsValidationRecords"] = o.DnsValidationRecords
+	}
+	if o.Domain != nil {
+		toSerialize["domain"] = o.Domain
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.ValidationStatus != nil {
+		toSerialize["validationStatus"] = o.ValidationStatus
+	}
+	if true {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if true {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailDomainResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailDomainResponse := _EmailDomainResponse{}
+
+	err = json.Unmarshal(bytes, &varEmailDomainResponse)
+	if err == nil {
+		*o = EmailDomainResponse(varEmailDomainResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "dnsValidationRecords")
+		delete(additionalProperties, "domain")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "validationStatus")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailDomainResponse struct {
+	value *EmailDomainResponse
+	isSet bool
+}
+
+func (v NullableEmailDomainResponse) Get() *EmailDomainResponse {
+	return v.value
+}
+
+func (v *NullableEmailDomainResponse) Set(val *EmailDomainResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDomainResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDomainResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDomainResponse(val *EmailDomainResponse) *NullableEmailDomainResponse {
+	return &NullableEmailDomainResponse{value: val, isSet: true}
+}
+
+func (v NullableEmailDomainResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDomainResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_domain_response_with_embedded.go b/okta/model_email_domain_response_with_embedded.go
new file mode 100644
index 000000000..7c3960d9b
--- /dev/null
+++ b/okta/model_email_domain_response_with_embedded.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailDomainResponseWithEmbedded struct for EmailDomainResponseWithEmbedded
+type EmailDomainResponseWithEmbedded struct {
+	DisplayName          *string                                  `json:"displayName,omitempty"`
+	UserName             *string                                  `json:"userName,omitempty"`
+	DnsValidationRecords []DNSRecord                              `json:"dnsValidationRecords,omitempty"`
+	Domain               *string                                  `json:"domain,omitempty"`
+	Id                   *string                                  `json:"id,omitempty"`
+	ValidationStatus     *EmailDomainStatus                       `json:"validationStatus,omitempty"`
+	Embedded             *EmailDomainResponseWithEmbeddedEmbedded `json:"_embedded,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailDomainResponseWithEmbedded EmailDomainResponseWithEmbedded
+
+// NewEmailDomainResponseWithEmbedded instantiates a new EmailDomainResponseWithEmbedded object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailDomainResponseWithEmbedded() *EmailDomainResponseWithEmbedded {
+	this := EmailDomainResponseWithEmbedded{}
+	return &this
+}
+
+// NewEmailDomainResponseWithEmbeddedWithDefaults instantiates a new EmailDomainResponseWithEmbedded object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailDomainResponseWithEmbeddedWithDefaults() *EmailDomainResponseWithEmbedded {
+	this := EmailDomainResponseWithEmbedded{}
+	return &this
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbedded) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbedded) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbedded) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *EmailDomainResponseWithEmbedded) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetUserName returns the UserName field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbedded) GetUserName() string {
+	if o == nil || o.UserName == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbedded) GetUserNameOk() (*string, bool) {
+	if o == nil || o.UserName == nil {
+		return nil, false
+	}
+	return o.UserName, true
+}
+
+// HasUserName returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbedded) HasUserName() bool {
+	if o != nil && o.UserName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserName gets a reference to the given string and assigns it to the UserName field.
+func (o *EmailDomainResponseWithEmbedded) SetUserName(v string) {
+	o.UserName = &v
+}
+
+// GetDnsValidationRecords returns the DnsValidationRecords field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbedded) GetDnsValidationRecords() []DNSRecord {
+	if o == nil || o.DnsValidationRecords == nil {
+		var ret []DNSRecord
+		return ret
+	}
+	return o.DnsValidationRecords
+}
+
+// GetDnsValidationRecordsOk returns a tuple with the DnsValidationRecords field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbedded) GetDnsValidationRecordsOk() ([]DNSRecord, bool) {
+	if o == nil || o.DnsValidationRecords == nil {
+		return nil, false
+	}
+	return o.DnsValidationRecords, true
+}
+
+// HasDnsValidationRecords returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbedded) HasDnsValidationRecords() bool {
+	if o != nil && o.DnsValidationRecords != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDnsValidationRecords gets a reference to the given []DNSRecord and assigns it to the DnsValidationRecords field.
+func (o *EmailDomainResponseWithEmbedded) SetDnsValidationRecords(v []DNSRecord) {
+	o.DnsValidationRecords = v
+}
+
+// GetDomain returns the Domain field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbedded) GetDomain() string {
+	if o == nil || o.Domain == nil {
+		var ret string
+		return ret
+	}
+	return *o.Domain
+}
+
+// GetDomainOk returns a tuple with the Domain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbedded) GetDomainOk() (*string, bool) {
+	if o == nil || o.Domain == nil {
+		return nil, false
+	}
+	return o.Domain, true
+}
+
+// HasDomain returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbedded) HasDomain() bool {
+	if o != nil && o.Domain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomain gets a reference to the given string and assigns it to the Domain field.
+func (o *EmailDomainResponseWithEmbedded) SetDomain(v string) {
+	o.Domain = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbedded) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbedded) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbedded) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *EmailDomainResponseWithEmbedded) SetId(v string) {
+	o.Id = &v
+}
+
+// GetValidationStatus returns the ValidationStatus field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbedded) GetValidationStatus() EmailDomainStatus {
+	if o == nil || o.ValidationStatus == nil {
+		var ret EmailDomainStatus
+		return ret
+	}
+	return *o.ValidationStatus
+}
+
+// GetValidationStatusOk returns a tuple with the ValidationStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbedded) GetValidationStatusOk() (*EmailDomainStatus, bool) {
+	if o == nil || o.ValidationStatus == nil {
+		return nil, false
+	}
+	return o.ValidationStatus, true
+}
+
+// HasValidationStatus returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbedded) HasValidationStatus() bool {
+	if o != nil && o.ValidationStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValidationStatus gets a reference to the given EmailDomainStatus and assigns it to the ValidationStatus field.
+func (o *EmailDomainResponseWithEmbedded) SetValidationStatus(v EmailDomainStatus) {
+	o.ValidationStatus = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbedded) GetEmbedded() EmailDomainResponseWithEmbeddedEmbedded {
+	if o == nil || o.Embedded == nil {
+		var ret EmailDomainResponseWithEmbeddedEmbedded
+		return ret
+	}
+	return *o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbedded) GetEmbeddedOk() (*EmailDomainResponseWithEmbeddedEmbedded, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbedded) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given EmailDomainResponseWithEmbeddedEmbedded and assigns it to the Embedded field.
+func (o *EmailDomainResponseWithEmbedded) SetEmbedded(v EmailDomainResponseWithEmbeddedEmbedded) {
+	o.Embedded = &v
+}
+
+func (o EmailDomainResponseWithEmbedded) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.UserName != nil {
+		toSerialize["userName"] = o.UserName
+	}
+	if o.DnsValidationRecords != nil {
+		toSerialize["dnsValidationRecords"] = o.DnsValidationRecords
+	}
+	if o.Domain != nil {
+		toSerialize["domain"] = o.Domain
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.ValidationStatus != nil {
+		toSerialize["validationStatus"] = o.ValidationStatus
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailDomainResponseWithEmbedded) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailDomainResponseWithEmbedded := _EmailDomainResponseWithEmbedded{}
+
+	err = json.Unmarshal(bytes, &varEmailDomainResponseWithEmbedded)
+	if err == nil {
+		*o = EmailDomainResponseWithEmbedded(varEmailDomainResponseWithEmbedded)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "userName")
+		delete(additionalProperties, "dnsValidationRecords")
+		delete(additionalProperties, "domain")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "validationStatus")
+		delete(additionalProperties, "_embedded")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailDomainResponseWithEmbedded struct {
+	value *EmailDomainResponseWithEmbedded
+	isSet bool
+}
+
+func (v NullableEmailDomainResponseWithEmbedded) Get() *EmailDomainResponseWithEmbedded {
+	return v.value
+}
+
+func (v *NullableEmailDomainResponseWithEmbedded) Set(val *EmailDomainResponseWithEmbedded) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDomainResponseWithEmbedded) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDomainResponseWithEmbedded) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDomainResponseWithEmbedded(val *EmailDomainResponseWithEmbedded) *NullableEmailDomainResponseWithEmbedded {
+	return &NullableEmailDomainResponseWithEmbedded{value: val, isSet: true}
+}
+
+func (v NullableEmailDomainResponseWithEmbedded) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDomainResponseWithEmbedded) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_domain_response_with_embedded__embedded.go b/okta/model_email_domain_response_with_embedded__embedded.go
new file mode 100644
index 000000000..455cd28ee
--- /dev/null
+++ b/okta/model_email_domain_response_with_embedded__embedded.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailDomainResponseWithEmbeddedEmbedded struct for EmailDomainResponseWithEmbeddedEmbedded
+type EmailDomainResponseWithEmbeddedEmbedded struct {
+	Brands               []Brand `json:"brands,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailDomainResponseWithEmbeddedEmbedded EmailDomainResponseWithEmbeddedEmbedded
+
+// NewEmailDomainResponseWithEmbeddedEmbedded instantiates a new EmailDomainResponseWithEmbeddedEmbedded object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailDomainResponseWithEmbeddedEmbedded() *EmailDomainResponseWithEmbeddedEmbedded {
+	this := EmailDomainResponseWithEmbeddedEmbedded{}
+	return &this
+}
+
+// NewEmailDomainResponseWithEmbeddedEmbeddedWithDefaults instantiates a new EmailDomainResponseWithEmbeddedEmbedded object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailDomainResponseWithEmbeddedEmbeddedWithDefaults() *EmailDomainResponseWithEmbeddedEmbedded {
+	this := EmailDomainResponseWithEmbeddedEmbedded{}
+	return &this
+}
+
+// GetBrands returns the Brands field value if set, zero value otherwise.
+func (o *EmailDomainResponseWithEmbeddedEmbedded) GetBrands() []Brand {
+	if o == nil || o.Brands == nil {
+		var ret []Brand
+		return ret
+	}
+	return o.Brands
+}
+
+// GetBrandsOk returns a tuple with the Brands field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailDomainResponseWithEmbeddedEmbedded) GetBrandsOk() ([]Brand, bool) {
+	if o == nil || o.Brands == nil {
+		return nil, false
+	}
+	return o.Brands, true
+}
+
+// HasBrands returns a boolean if a field has been set.
+func (o *EmailDomainResponseWithEmbeddedEmbedded) HasBrands() bool {
+	if o != nil && o.Brands != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrands gets a reference to the given []Brand and assigns it to the Brands field.
+func (o *EmailDomainResponseWithEmbeddedEmbedded) SetBrands(v []Brand) {
+	o.Brands = v
+}
+
+func (o EmailDomainResponseWithEmbeddedEmbedded) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Brands != nil {
+		toSerialize["brands"] = o.Brands
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailDomainResponseWithEmbeddedEmbedded) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailDomainResponseWithEmbeddedEmbedded := _EmailDomainResponseWithEmbeddedEmbedded{}
+
+	err = json.Unmarshal(bytes, &varEmailDomainResponseWithEmbeddedEmbedded)
+	if err == nil {
+		*o = EmailDomainResponseWithEmbeddedEmbedded(varEmailDomainResponseWithEmbeddedEmbedded)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "brands")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailDomainResponseWithEmbeddedEmbedded struct {
+	value *EmailDomainResponseWithEmbeddedEmbedded
+	isSet bool
+}
+
+func (v NullableEmailDomainResponseWithEmbeddedEmbedded) Get() *EmailDomainResponseWithEmbeddedEmbedded {
+	return v.value
+}
+
+func (v *NullableEmailDomainResponseWithEmbeddedEmbedded) Set(val *EmailDomainResponseWithEmbeddedEmbedded) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDomainResponseWithEmbeddedEmbedded) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDomainResponseWithEmbeddedEmbedded) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDomainResponseWithEmbeddedEmbedded(val *EmailDomainResponseWithEmbeddedEmbedded) *NullableEmailDomainResponseWithEmbeddedEmbedded {
+	return &NullableEmailDomainResponseWithEmbeddedEmbedded{value: val, isSet: true}
+}
+
+func (v NullableEmailDomainResponseWithEmbeddedEmbedded) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDomainResponseWithEmbeddedEmbedded) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_domain_status.go b/okta/model_email_domain_status.go
new file mode 100644
index 000000000..f9041181b
--- /dev/null
+++ b/okta/model_email_domain_status.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EmailDomainStatus the model 'EmailDomainStatus'
+type EmailDomainStatus string
+
+// List of EmailDomainStatus
+const (
+	EMAILDOMAINSTATUS_DELETED     EmailDomainStatus = "DELETED"
+	EMAILDOMAINSTATUS_ERROR       EmailDomainStatus = "ERROR"
+	EMAILDOMAINSTATUS_NOT_STARTED EmailDomainStatus = "NOT_STARTED"
+	EMAILDOMAINSTATUS_POLLING     EmailDomainStatus = "POLLING"
+	EMAILDOMAINSTATUS_VERIFIED    EmailDomainStatus = "VERIFIED"
+)
+
+// All allowed values of EmailDomainStatus enum
+var AllowedEmailDomainStatusEnumValues = []EmailDomainStatus{
+	"DELETED",
+	"ERROR",
+	"NOT_STARTED",
+	"POLLING",
+	"VERIFIED",
+}
+
+func (v *EmailDomainStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EmailDomainStatus(value)
+	for _, existing := range AllowedEmailDomainStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EmailDomainStatus", value)
+}
+
+// NewEmailDomainStatusFromValue returns a pointer to a valid EmailDomainStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEmailDomainStatusFromValue(v string) (*EmailDomainStatus, error) {
+	ev := EmailDomainStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EmailDomainStatus: valid values are %v", v, AllowedEmailDomainStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EmailDomainStatus) IsValid() bool {
+	for _, existing := range AllowedEmailDomainStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EmailDomainStatus value
+func (v EmailDomainStatus) Ptr() *EmailDomainStatus {
+	return &v
+}
+
+type NullableEmailDomainStatus struct {
+	value *EmailDomainStatus
+	isSet bool
+}
+
+func (v NullableEmailDomainStatus) Get() *EmailDomainStatus {
+	return v.value
+}
+
+func (v *NullableEmailDomainStatus) Set(val *EmailDomainStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailDomainStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailDomainStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailDomainStatus(val *EmailDomainStatus) *NullableEmailDomainStatus {
+	return &NullableEmailDomainStatus{value: val, isSet: true}
+}
+
+func (v NullableEmailDomainStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailDomainStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_preview.go b/okta/model_email_preview.go
new file mode 100644
index 000000000..91dfb53c9
--- /dev/null
+++ b/okta/model_email_preview.go
@@ -0,0 +1,234 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailPreview struct for EmailPreview
+type EmailPreview struct {
+	// The email's HTML body.
+	Body *string `json:"body,omitempty"`
+	// The email's subject.
+	Subject              *string            `json:"subject,omitempty"`
+	Links                *EmailPreviewLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailPreview EmailPreview
+
+// NewEmailPreview instantiates a new EmailPreview object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailPreview() *EmailPreview {
+	this := EmailPreview{}
+	return &this
+}
+
+// NewEmailPreviewWithDefaults instantiates a new EmailPreview object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailPreviewWithDefaults() *EmailPreview {
+	this := EmailPreview{}
+	return &this
+}
+
+// GetBody returns the Body field value if set, zero value otherwise.
+func (o *EmailPreview) GetBody() string {
+	if o == nil || o.Body == nil {
+		var ret string
+		return ret
+	}
+	return *o.Body
+}
+
+// GetBodyOk returns a tuple with the Body field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreview) GetBodyOk() (*string, bool) {
+	if o == nil || o.Body == nil {
+		return nil, false
+	}
+	return o.Body, true
+}
+
+// HasBody returns a boolean if a field has been set.
+func (o *EmailPreview) HasBody() bool {
+	if o != nil && o.Body != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBody gets a reference to the given string and assigns it to the Body field.
+func (o *EmailPreview) SetBody(v string) {
+	o.Body = &v
+}
+
+// GetSubject returns the Subject field value if set, zero value otherwise.
+func (o *EmailPreview) GetSubject() string {
+	if o == nil || o.Subject == nil {
+		var ret string
+		return ret
+	}
+	return *o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreview) GetSubjectOk() (*string, bool) {
+	if o == nil || o.Subject == nil {
+		return nil, false
+	}
+	return o.Subject, true
+}
+
+// HasSubject returns a boolean if a field has been set.
+func (o *EmailPreview) HasSubject() bool {
+	if o != nil && o.Subject != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubject gets a reference to the given string and assigns it to the Subject field.
+func (o *EmailPreview) SetSubject(v string) {
+	o.Subject = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *EmailPreview) GetLinks() EmailPreviewLinks {
+	if o == nil || o.Links == nil {
+		var ret EmailPreviewLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreview) GetLinksOk() (*EmailPreviewLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *EmailPreview) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given EmailPreviewLinks and assigns it to the Links field.
+func (o *EmailPreview) SetLinks(v EmailPreviewLinks) {
+	o.Links = &v
+}
+
+func (o EmailPreview) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Body != nil {
+		toSerialize["body"] = o.Body
+	}
+	if o.Subject != nil {
+		toSerialize["subject"] = o.Subject
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailPreview) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailPreview := _EmailPreview{}
+
+	err = json.Unmarshal(bytes, &varEmailPreview)
+	if err == nil {
+		*o = EmailPreview(varEmailPreview)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "body")
+		delete(additionalProperties, "subject")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailPreview struct {
+	value *EmailPreview
+	isSet bool
+}
+
+func (v NullableEmailPreview) Get() *EmailPreview {
+	return v.value
+}
+
+func (v *NullableEmailPreview) Set(val *EmailPreview) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailPreview) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailPreview) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailPreview(val *EmailPreview) *NullableEmailPreview {
+	return &NullableEmailPreview{value: val, isSet: true}
+}
+
+func (v NullableEmailPreview) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailPreview) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_preview__links.go b/okta/model_email_preview__links.go
new file mode 100644
index 000000000..930adcb4b
--- /dev/null
+++ b/okta/model_email_preview__links.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailPreviewLinks Links to resources related to this email preview.
+type EmailPreviewLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	ContentSource        *HrefObject `json:"contentSource,omitempty"`
+	Template             *HrefObject `json:"template,omitempty"`
+	Test                 *HrefObject `json:"test,omitempty"`
+	DefaultContent       *HrefObject `json:"defaultContent,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailPreviewLinks EmailPreviewLinks
+
+// NewEmailPreviewLinks instantiates a new EmailPreviewLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailPreviewLinks() *EmailPreviewLinks {
+	this := EmailPreviewLinks{}
+	return &this
+}
+
+// NewEmailPreviewLinksWithDefaults instantiates a new EmailPreviewLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailPreviewLinksWithDefaults() *EmailPreviewLinks {
+	this := EmailPreviewLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *EmailPreviewLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreviewLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *EmailPreviewLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *EmailPreviewLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetContentSource returns the ContentSource field value if set, zero value otherwise.
+func (o *EmailPreviewLinks) GetContentSource() HrefObject {
+	if o == nil || o.ContentSource == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.ContentSource
+}
+
+// GetContentSourceOk returns a tuple with the ContentSource field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreviewLinks) GetContentSourceOk() (*HrefObject, bool) {
+	if o == nil || o.ContentSource == nil {
+		return nil, false
+	}
+	return o.ContentSource, true
+}
+
+// HasContentSource returns a boolean if a field has been set.
+func (o *EmailPreviewLinks) HasContentSource() bool {
+	if o != nil && o.ContentSource != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContentSource gets a reference to the given HrefObject and assigns it to the ContentSource field.
+func (o *EmailPreviewLinks) SetContentSource(v HrefObject) {
+	o.ContentSource = &v
+}
+
+// GetTemplate returns the Template field value if set, zero value otherwise.
+func (o *EmailPreviewLinks) GetTemplate() HrefObject {
+	if o == nil || o.Template == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Template
+}
+
+// GetTemplateOk returns a tuple with the Template field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreviewLinks) GetTemplateOk() (*HrefObject, bool) {
+	if o == nil || o.Template == nil {
+		return nil, false
+	}
+	return o.Template, true
+}
+
+// HasTemplate returns a boolean if a field has been set.
+func (o *EmailPreviewLinks) HasTemplate() bool {
+	if o != nil && o.Template != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTemplate gets a reference to the given HrefObject and assigns it to the Template field.
+func (o *EmailPreviewLinks) SetTemplate(v HrefObject) {
+	o.Template = &v
+}
+
+// GetTest returns the Test field value if set, zero value otherwise.
+func (o *EmailPreviewLinks) GetTest() HrefObject {
+	if o == nil || o.Test == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Test
+}
+
+// GetTestOk returns a tuple with the Test field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreviewLinks) GetTestOk() (*HrefObject, bool) {
+	if o == nil || o.Test == nil {
+		return nil, false
+	}
+	return o.Test, true
+}
+
+// HasTest returns a boolean if a field has been set.
+func (o *EmailPreviewLinks) HasTest() bool {
+	if o != nil && o.Test != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTest gets a reference to the given HrefObject and assigns it to the Test field.
+func (o *EmailPreviewLinks) SetTest(v HrefObject) {
+	o.Test = &v
+}
+
+// GetDefaultContent returns the DefaultContent field value if set, zero value otherwise.
+func (o *EmailPreviewLinks) GetDefaultContent() HrefObject {
+	if o == nil || o.DefaultContent == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.DefaultContent
+}
+
+// GetDefaultContentOk returns a tuple with the DefaultContent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailPreviewLinks) GetDefaultContentOk() (*HrefObject, bool) {
+	if o == nil || o.DefaultContent == nil {
+		return nil, false
+	}
+	return o.DefaultContent, true
+}
+
+// HasDefaultContent returns a boolean if a field has been set.
+func (o *EmailPreviewLinks) HasDefaultContent() bool {
+	if o != nil && o.DefaultContent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefaultContent gets a reference to the given HrefObject and assigns it to the DefaultContent field.
+func (o *EmailPreviewLinks) SetDefaultContent(v HrefObject) {
+	o.DefaultContent = &v
+}
+
+func (o EmailPreviewLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.ContentSource != nil {
+		toSerialize["contentSource"] = o.ContentSource
+	}
+	if o.Template != nil {
+		toSerialize["template"] = o.Template
+	}
+	if o.Test != nil {
+		toSerialize["test"] = o.Test
+	}
+	if o.DefaultContent != nil {
+		toSerialize["defaultContent"] = o.DefaultContent
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailPreviewLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailPreviewLinks := _EmailPreviewLinks{}
+
+	err = json.Unmarshal(bytes, &varEmailPreviewLinks)
+	if err == nil {
+		*o = EmailPreviewLinks(varEmailPreviewLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "contentSource")
+		delete(additionalProperties, "template")
+		delete(additionalProperties, "test")
+		delete(additionalProperties, "defaultContent")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailPreviewLinks struct {
+	value *EmailPreviewLinks
+	isSet bool
+}
+
+func (v NullableEmailPreviewLinks) Get() *EmailPreviewLinks {
+	return v.value
+}
+
+func (v *NullableEmailPreviewLinks) Set(val *EmailPreviewLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailPreviewLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailPreviewLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailPreviewLinks(val *EmailPreviewLinks) *NullableEmailPreviewLinks {
+	return &NullableEmailPreviewLinks{value: val, isSet: true}
+}
+
+func (v NullableEmailPreviewLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailPreviewLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_settings.go b/okta/model_email_settings.go
new file mode 100644
index 000000000..d38e9b90a
--- /dev/null
+++ b/okta/model_email_settings.go
@@ -0,0 +1,151 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailSettings struct for EmailSettings
+type EmailSettings struct {
+	Recipients           string `json:"recipients"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailSettings EmailSettings
+
+// NewEmailSettings instantiates a new EmailSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailSettings(recipients string) *EmailSettings {
+	this := EmailSettings{}
+	this.Recipients = recipients
+	return &this
+}
+
+// NewEmailSettingsWithDefaults instantiates a new EmailSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailSettingsWithDefaults() *EmailSettings {
+	this := EmailSettings{}
+	return &this
+}
+
+// GetRecipients returns the Recipients field value
+func (o *EmailSettings) GetRecipients() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Recipients
+}
+
+// GetRecipientsOk returns a tuple with the Recipients field value
+// and a boolean to check if the value has been set.
+func (o *EmailSettings) GetRecipientsOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Recipients, true
+}
+
+// SetRecipients sets field value
+func (o *EmailSettings) SetRecipients(v string) {
+	o.Recipients = v
+}
+
+func (o EmailSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["recipients"] = o.Recipients
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailSettings := _EmailSettings{}
+
+	err = json.Unmarshal(bytes, &varEmailSettings)
+	if err == nil {
+		*o = EmailSettings(varEmailSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "recipients")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailSettings struct {
+	value *EmailSettings
+	isSet bool
+}
+
+func (v NullableEmailSettings) Get() *EmailSettings {
+	return v.value
+}
+
+func (v *NullableEmailSettings) Set(val *EmailSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailSettings(val *EmailSettings) *NullableEmailSettings {
+	return &NullableEmailSettings{value: val, isSet: true}
+}
+
+func (v NullableEmailSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_template.go b/okta/model_email_template.go
new file mode 100644
index 000000000..fae271f87
--- /dev/null
+++ b/okta/model_email_template.go
@@ -0,0 +1,233 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailTemplate struct for EmailTemplate
+type EmailTemplate struct {
+	// The name of this email template.
+	Name                 *string                `json:"name,omitempty"`
+	Embedded             *EmailTemplateEmbedded `json:"_embedded,omitempty"`
+	Links                *EmailTemplateLinks    `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailTemplate EmailTemplate
+
+// NewEmailTemplate instantiates a new EmailTemplate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailTemplate() *EmailTemplate {
+	this := EmailTemplate{}
+	return &this
+}
+
+// NewEmailTemplateWithDefaults instantiates a new EmailTemplate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailTemplateWithDefaults() *EmailTemplate {
+	this := EmailTemplate{}
+	return &this
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *EmailTemplate) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplate) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *EmailTemplate) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *EmailTemplate) SetName(v string) {
+	o.Name = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *EmailTemplate) GetEmbedded() EmailTemplateEmbedded {
+	if o == nil || o.Embedded == nil {
+		var ret EmailTemplateEmbedded
+		return ret
+	}
+	return *o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplate) GetEmbeddedOk() (*EmailTemplateEmbedded, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *EmailTemplate) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given EmailTemplateEmbedded and assigns it to the Embedded field.
+func (o *EmailTemplate) SetEmbedded(v EmailTemplateEmbedded) {
+	o.Embedded = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *EmailTemplate) GetLinks() EmailTemplateLinks {
+	if o == nil || o.Links == nil {
+		var ret EmailTemplateLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplate) GetLinksOk() (*EmailTemplateLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *EmailTemplate) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given EmailTemplateLinks and assigns it to the Links field.
+func (o *EmailTemplate) SetLinks(v EmailTemplateLinks) {
+	o.Links = &v
+}
+
+func (o EmailTemplate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailTemplate) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailTemplate := _EmailTemplate{}
+
+	err = json.Unmarshal(bytes, &varEmailTemplate)
+	if err == nil {
+		*o = EmailTemplate(varEmailTemplate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailTemplate struct {
+	value *EmailTemplate
+	isSet bool
+}
+
+func (v NullableEmailTemplate) Get() *EmailTemplate {
+	return v.value
+}
+
+func (v *NullableEmailTemplate) Set(val *EmailTemplate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailTemplate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailTemplate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailTemplate(val *EmailTemplate) *NullableEmailTemplate {
+	return &NullableEmailTemplate{value: val, isSet: true}
+}
+
+func (v NullableEmailTemplate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailTemplate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_template__embedded.go b/okta/model_email_template__embedded.go
new file mode 100644
index 000000000..a1c320560
--- /dev/null
+++ b/okta/model_email_template__embedded.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailTemplateEmbedded struct for EmailTemplateEmbedded
+type EmailTemplateEmbedded struct {
+	Settings             *EmailSettings `json:"settings,omitempty"`
+	CustomizationCount   *int32         `json:"customizationCount,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailTemplateEmbedded EmailTemplateEmbedded
+
+// NewEmailTemplateEmbedded instantiates a new EmailTemplateEmbedded object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailTemplateEmbedded() *EmailTemplateEmbedded {
+	this := EmailTemplateEmbedded{}
+	return &this
+}
+
+// NewEmailTemplateEmbeddedWithDefaults instantiates a new EmailTemplateEmbedded object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailTemplateEmbeddedWithDefaults() *EmailTemplateEmbedded {
+	this := EmailTemplateEmbedded{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *EmailTemplateEmbedded) GetSettings() EmailSettings {
+	if o == nil || o.Settings == nil {
+		var ret EmailSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplateEmbedded) GetSettingsOk() (*EmailSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *EmailTemplateEmbedded) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given EmailSettings and assigns it to the Settings field.
+func (o *EmailTemplateEmbedded) SetSettings(v EmailSettings) {
+	o.Settings = &v
+}
+
+// GetCustomizationCount returns the CustomizationCount field value if set, zero value otherwise.
+func (o *EmailTemplateEmbedded) GetCustomizationCount() int32 {
+	if o == nil || o.CustomizationCount == nil {
+		var ret int32
+		return ret
+	}
+	return *o.CustomizationCount
+}
+
+// GetCustomizationCountOk returns a tuple with the CustomizationCount field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplateEmbedded) GetCustomizationCountOk() (*int32, bool) {
+	if o == nil || o.CustomizationCount == nil {
+		return nil, false
+	}
+	return o.CustomizationCount, true
+}
+
+// HasCustomizationCount returns a boolean if a field has been set.
+func (o *EmailTemplateEmbedded) HasCustomizationCount() bool {
+	if o != nil && o.CustomizationCount != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomizationCount gets a reference to the given int32 and assigns it to the CustomizationCount field.
+func (o *EmailTemplateEmbedded) SetCustomizationCount(v int32) {
+	o.CustomizationCount = &v
+}
+
+func (o EmailTemplateEmbedded) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+	if o.CustomizationCount != nil {
+		toSerialize["customizationCount"] = o.CustomizationCount
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailTemplateEmbedded) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailTemplateEmbedded := _EmailTemplateEmbedded{}
+
+	err = json.Unmarshal(bytes, &varEmailTemplateEmbedded)
+	if err == nil {
+		*o = EmailTemplateEmbedded(varEmailTemplateEmbedded)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+		delete(additionalProperties, "customizationCount")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailTemplateEmbedded struct {
+	value *EmailTemplateEmbedded
+	isSet bool
+}
+
+func (v NullableEmailTemplateEmbedded) Get() *EmailTemplateEmbedded {
+	return v.value
+}
+
+func (v *NullableEmailTemplateEmbedded) Set(val *EmailTemplateEmbedded) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailTemplateEmbedded) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailTemplateEmbedded) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailTemplateEmbedded(val *EmailTemplateEmbedded) *NullableEmailTemplateEmbedded {
+	return &NullableEmailTemplateEmbedded{value: val, isSet: true}
+}
+
+func (v NullableEmailTemplateEmbedded) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailTemplateEmbedded) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_template__links.go b/okta/model_email_template__links.go
new file mode 100644
index 000000000..1e8ca1c6b
--- /dev/null
+++ b/okta/model_email_template__links.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailTemplateLinks Links to resources related to this email template.
+type EmailTemplateLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Settings             *HrefObject `json:"settings,omitempty"`
+	DefaultContent       *HrefObject `json:"defaultContent,omitempty"`
+	Customizations       *HrefObject `json:"customizations,omitempty"`
+	Test                 *HrefObject `json:"test,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailTemplateLinks EmailTemplateLinks
+
+// NewEmailTemplateLinks instantiates a new EmailTemplateLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailTemplateLinks() *EmailTemplateLinks {
+	this := EmailTemplateLinks{}
+	return &this
+}
+
+// NewEmailTemplateLinksWithDefaults instantiates a new EmailTemplateLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailTemplateLinksWithDefaults() *EmailTemplateLinks {
+	this := EmailTemplateLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *EmailTemplateLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplateLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *EmailTemplateLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *EmailTemplateLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *EmailTemplateLinks) GetSettings() HrefObject {
+	if o == nil || o.Settings == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplateLinks) GetSettingsOk() (*HrefObject, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *EmailTemplateLinks) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given HrefObject and assigns it to the Settings field.
+func (o *EmailTemplateLinks) SetSettings(v HrefObject) {
+	o.Settings = &v
+}
+
+// GetDefaultContent returns the DefaultContent field value if set, zero value otherwise.
+func (o *EmailTemplateLinks) GetDefaultContent() HrefObject {
+	if o == nil || o.DefaultContent == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.DefaultContent
+}
+
+// GetDefaultContentOk returns a tuple with the DefaultContent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplateLinks) GetDefaultContentOk() (*HrefObject, bool) {
+	if o == nil || o.DefaultContent == nil {
+		return nil, false
+	}
+	return o.DefaultContent, true
+}
+
+// HasDefaultContent returns a boolean if a field has been set.
+func (o *EmailTemplateLinks) HasDefaultContent() bool {
+	if o != nil && o.DefaultContent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefaultContent gets a reference to the given HrefObject and assigns it to the DefaultContent field.
+func (o *EmailTemplateLinks) SetDefaultContent(v HrefObject) {
+	o.DefaultContent = &v
+}
+
+// GetCustomizations returns the Customizations field value if set, zero value otherwise.
+func (o *EmailTemplateLinks) GetCustomizations() HrefObject {
+	if o == nil || o.Customizations == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Customizations
+}
+
+// GetCustomizationsOk returns a tuple with the Customizations field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplateLinks) GetCustomizationsOk() (*HrefObject, bool) {
+	if o == nil || o.Customizations == nil {
+		return nil, false
+	}
+	return o.Customizations, true
+}
+
+// HasCustomizations returns a boolean if a field has been set.
+func (o *EmailTemplateLinks) HasCustomizations() bool {
+	if o != nil && o.Customizations != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomizations gets a reference to the given HrefObject and assigns it to the Customizations field.
+func (o *EmailTemplateLinks) SetCustomizations(v HrefObject) {
+	o.Customizations = &v
+}
+
+// GetTest returns the Test field value if set, zero value otherwise.
+func (o *EmailTemplateLinks) GetTest() HrefObject {
+	if o == nil || o.Test == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Test
+}
+
+// GetTestOk returns a tuple with the Test field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailTemplateLinks) GetTestOk() (*HrefObject, bool) {
+	if o == nil || o.Test == nil {
+		return nil, false
+	}
+	return o.Test, true
+}
+
+// HasTest returns a boolean if a field has been set.
+func (o *EmailTemplateLinks) HasTest() bool {
+	if o != nil && o.Test != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTest gets a reference to the given HrefObject and assigns it to the Test field.
+func (o *EmailTemplateLinks) SetTest(v HrefObject) {
+	o.Test = &v
+}
+
+func (o EmailTemplateLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+	if o.DefaultContent != nil {
+		toSerialize["defaultContent"] = o.DefaultContent
+	}
+	if o.Customizations != nil {
+		toSerialize["customizations"] = o.Customizations
+	}
+	if o.Test != nil {
+		toSerialize["test"] = o.Test
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailTemplateLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailTemplateLinks := _EmailTemplateLinks{}
+
+	err = json.Unmarshal(bytes, &varEmailTemplateLinks)
+	if err == nil {
+		*o = EmailTemplateLinks(varEmailTemplateLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "settings")
+		delete(additionalProperties, "defaultContent")
+		delete(additionalProperties, "customizations")
+		delete(additionalProperties, "test")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailTemplateLinks struct {
+	value *EmailTemplateLinks
+	isSet bool
+}
+
+func (v NullableEmailTemplateLinks) Get() *EmailTemplateLinks {
+	return v.value
+}
+
+func (v *NullableEmailTemplateLinks) Set(val *EmailTemplateLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailTemplateLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailTemplateLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailTemplateLinks(val *EmailTemplateLinks) *NullableEmailTemplateLinks {
+	return &NullableEmailTemplateLinks{value: val, isSet: true}
+}
+
+func (v NullableEmailTemplateLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailTemplateLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_template_touch_point_variant.go b/okta/model_email_template_touch_point_variant.go
new file mode 100644
index 000000000..36cbc94a5
--- /dev/null
+++ b/okta/model_email_template_touch_point_variant.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EmailTemplateTouchPointVariant the model 'EmailTemplateTouchPointVariant'
+type EmailTemplateTouchPointVariant string
+
+// List of EmailTemplateTouchPointVariant
+const (
+	EMAILTEMPLATETOUCHPOINTVARIANT_FULL_THEME   EmailTemplateTouchPointVariant = "FULL_THEME"
+	EMAILTEMPLATETOUCHPOINTVARIANT_OKTA_DEFAULT EmailTemplateTouchPointVariant = "OKTA_DEFAULT"
+)
+
+// All allowed values of EmailTemplateTouchPointVariant enum
+var AllowedEmailTemplateTouchPointVariantEnumValues = []EmailTemplateTouchPointVariant{
+	"FULL_THEME",
+	"OKTA_DEFAULT",
+}
+
+func (v *EmailTemplateTouchPointVariant) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EmailTemplateTouchPointVariant(value)
+	for _, existing := range AllowedEmailTemplateTouchPointVariantEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EmailTemplateTouchPointVariant", value)
+}
+
+// NewEmailTemplateTouchPointVariantFromValue returns a pointer to a valid EmailTemplateTouchPointVariant
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEmailTemplateTouchPointVariantFromValue(v string) (*EmailTemplateTouchPointVariant, error) {
+	ev := EmailTemplateTouchPointVariant(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EmailTemplateTouchPointVariant: valid values are %v", v, AllowedEmailTemplateTouchPointVariantEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EmailTemplateTouchPointVariant) IsValid() bool {
+	for _, existing := range AllowedEmailTemplateTouchPointVariantEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EmailTemplateTouchPointVariant value
+func (v EmailTemplateTouchPointVariant) Ptr() *EmailTemplateTouchPointVariant {
+	return &v
+}
+
+type NullableEmailTemplateTouchPointVariant struct {
+	value *EmailTemplateTouchPointVariant
+	isSet bool
+}
+
+func (v NullableEmailTemplateTouchPointVariant) Get() *EmailTemplateTouchPointVariant {
+	return v.value
+}
+
+func (v *NullableEmailTemplateTouchPointVariant) Set(val *EmailTemplateTouchPointVariant) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailTemplateTouchPointVariant) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailTemplateTouchPointVariant) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailTemplateTouchPointVariant(val *EmailTemplateTouchPointVariant) *NullableEmailTemplateTouchPointVariant {
+	return &NullableEmailTemplateTouchPointVariant{value: val, isSet: true}
+}
+
+func (v NullableEmailTemplateTouchPointVariant) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailTemplateTouchPointVariant) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_user_factor.go b/okta/model_email_user_factor.go
new file mode 100644
index 000000000..9af143de1
--- /dev/null
+++ b/okta/model_email_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// EmailUserFactor struct for EmailUserFactor
+type EmailUserFactor struct {
+	UserFactor
+	Profile              *EmailUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailUserFactor EmailUserFactor
+
+// NewEmailUserFactor instantiates a new EmailUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailUserFactor() *EmailUserFactor {
+	this := EmailUserFactor{}
+	return &this
+}
+
+// NewEmailUserFactorWithDefaults instantiates a new EmailUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailUserFactorWithDefaults() *EmailUserFactor {
+	this := EmailUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *EmailUserFactor) GetProfile() EmailUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret EmailUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailUserFactor) GetProfileOk() (*EmailUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *EmailUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given EmailUserFactorProfile and assigns it to the Profile field.
+func (o *EmailUserFactor) SetProfile(v EmailUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o EmailUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type EmailUserFactorWithoutEmbeddedStruct struct {
+		Profile *EmailUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varEmailUserFactorWithoutEmbeddedStruct := EmailUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varEmailUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varEmailUserFactor := _EmailUserFactor{}
+		varEmailUserFactor.Profile = varEmailUserFactorWithoutEmbeddedStruct.Profile
+		*o = EmailUserFactor(varEmailUserFactor)
+	} else {
+		return err
+	}
+
+	varEmailUserFactor := _EmailUserFactor{}
+
+	err = json.Unmarshal(bytes, &varEmailUserFactor)
+	if err == nil {
+		o.UserFactor = varEmailUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailUserFactor struct {
+	value *EmailUserFactor
+	isSet bool
+}
+
+func (v NullableEmailUserFactor) Get() *EmailUserFactor {
+	return v.value
+}
+
+func (v *NullableEmailUserFactor) Set(val *EmailUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailUserFactor(val *EmailUserFactor) *NullableEmailUserFactor {
+	return &NullableEmailUserFactor{value: val, isSet: true}
+}
+
+func (v NullableEmailUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_user_factor_all_of.go b/okta/model_email_user_factor_all_of.go
new file mode 100644
index 000000000..59f63d0e2
--- /dev/null
+++ b/okta/model_email_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailUserFactorAllOf struct for EmailUserFactorAllOf
+type EmailUserFactorAllOf struct {
+	Profile              *EmailUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailUserFactorAllOf EmailUserFactorAllOf
+
+// NewEmailUserFactorAllOf instantiates a new EmailUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailUserFactorAllOf() *EmailUserFactorAllOf {
+	this := EmailUserFactorAllOf{}
+	return &this
+}
+
+// NewEmailUserFactorAllOfWithDefaults instantiates a new EmailUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailUserFactorAllOfWithDefaults() *EmailUserFactorAllOf {
+	this := EmailUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *EmailUserFactorAllOf) GetProfile() EmailUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret EmailUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailUserFactorAllOf) GetProfileOk() (*EmailUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *EmailUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given EmailUserFactorProfile and assigns it to the Profile field.
+func (o *EmailUserFactorAllOf) SetProfile(v EmailUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o EmailUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailUserFactorAllOf := _EmailUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varEmailUserFactorAllOf)
+	if err == nil {
+		*o = EmailUserFactorAllOf(varEmailUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailUserFactorAllOf struct {
+	value *EmailUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableEmailUserFactorAllOf) Get() *EmailUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableEmailUserFactorAllOf) Set(val *EmailUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailUserFactorAllOf(val *EmailUserFactorAllOf) *NullableEmailUserFactorAllOf {
+	return &NullableEmailUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableEmailUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_email_user_factor_profile.go b/okta/model_email_user_factor_profile.go
new file mode 100644
index 000000000..b7da7f8c3
--- /dev/null
+++ b/okta/model_email_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EmailUserFactorProfile struct for EmailUserFactorProfile
+type EmailUserFactorProfile struct {
+	Email                *string `json:"email,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EmailUserFactorProfile EmailUserFactorProfile
+
+// NewEmailUserFactorProfile instantiates a new EmailUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEmailUserFactorProfile() *EmailUserFactorProfile {
+	this := EmailUserFactorProfile{}
+	return &this
+}
+
+// NewEmailUserFactorProfileWithDefaults instantiates a new EmailUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEmailUserFactorProfileWithDefaults() *EmailUserFactorProfile {
+	this := EmailUserFactorProfile{}
+	return &this
+}
+
+// GetEmail returns the Email field value if set, zero value otherwise.
+func (o *EmailUserFactorProfile) GetEmail() string {
+	if o == nil || o.Email == nil {
+		var ret string
+		return ret
+	}
+	return *o.Email
+}
+
+// GetEmailOk returns a tuple with the Email field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EmailUserFactorProfile) GetEmailOk() (*string, bool) {
+	if o == nil || o.Email == nil {
+		return nil, false
+	}
+	return o.Email, true
+}
+
+// HasEmail returns a boolean if a field has been set.
+func (o *EmailUserFactorProfile) HasEmail() bool {
+	if o != nil && o.Email != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmail gets a reference to the given string and assigns it to the Email field.
+func (o *EmailUserFactorProfile) SetEmail(v string) {
+	o.Email = &v
+}
+
+func (o EmailUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Email != nil {
+		toSerialize["email"] = o.Email
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EmailUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varEmailUserFactorProfile := _EmailUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varEmailUserFactorProfile)
+	if err == nil {
+		*o = EmailUserFactorProfile(varEmailUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "email")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEmailUserFactorProfile struct {
+	value *EmailUserFactorProfile
+	isSet bool
+}
+
+func (v NullableEmailUserFactorProfile) Get() *EmailUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableEmailUserFactorProfile) Set(val *EmailUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEmailUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEmailUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEmailUserFactorProfile(val *EmailUserFactorProfile) *NullableEmailUserFactorProfile {
+	return &NullableEmailUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableEmailUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEmailUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_enabled_status.go b/okta/model_enabled_status.go
new file mode 100644
index 000000000..1c78a69c8
--- /dev/null
+++ b/okta/model_enabled_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EnabledStatus the model 'EnabledStatus'
+type EnabledStatus string
+
+// List of EnabledStatus
+const (
+	ENABLEDSTATUS_DISABLED EnabledStatus = "DISABLED"
+	ENABLEDSTATUS_ENABLED  EnabledStatus = "ENABLED"
+)
+
+// All allowed values of EnabledStatus enum
+var AllowedEnabledStatusEnumValues = []EnabledStatus{
+	"DISABLED",
+	"ENABLED",
+}
+
+func (v *EnabledStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EnabledStatus(value)
+	for _, existing := range AllowedEnabledStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EnabledStatus", value)
+}
+
+// NewEnabledStatusFromValue returns a pointer to a valid EnabledStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEnabledStatusFromValue(v string) (*EnabledStatus, error) {
+	ev := EnabledStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EnabledStatus: valid values are %v", v, AllowedEnabledStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EnabledStatus) IsValid() bool {
+	for _, existing := range AllowedEnabledStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EnabledStatus value
+func (v EnabledStatus) Ptr() *EnabledStatus {
+	return &v
+}
+
+type NullableEnabledStatus struct {
+	value *EnabledStatus
+	isSet bool
+}
+
+func (v NullableEnabledStatus) Get() *EnabledStatus {
+	return v.value
+}
+
+func (v *NullableEnabledStatus) Set(val *EnabledStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEnabledStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEnabledStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEnabledStatus(val *EnabledStatus) *NullableEnabledStatus {
+	return &NullableEnabledStatus{value: val, isSet: true}
+}
+
+func (v NullableEnabledStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEnabledStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_end_user_dashboard_touch_point_variant.go b/okta/model_end_user_dashboard_touch_point_variant.go
new file mode 100644
index 000000000..13839b84e
--- /dev/null
+++ b/okta/model_end_user_dashboard_touch_point_variant.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EndUserDashboardTouchPointVariant the model 'EndUserDashboardTouchPointVariant'
+type EndUserDashboardTouchPointVariant string
+
+// List of EndUserDashboardTouchPointVariant
+const (
+	ENDUSERDASHBOARDTOUCHPOINTVARIANT_FULL_THEME                    EndUserDashboardTouchPointVariant = "FULL_THEME"
+	ENDUSERDASHBOARDTOUCHPOINTVARIANT_LOGO_ON_FULL_WHITE_BACKGROUND EndUserDashboardTouchPointVariant = "LOGO_ON_FULL_WHITE_BACKGROUND"
+	ENDUSERDASHBOARDTOUCHPOINTVARIANT_OKTA_DEFAULT                  EndUserDashboardTouchPointVariant = "OKTA_DEFAULT"
+	ENDUSERDASHBOARDTOUCHPOINTVARIANT_WHITE_LOGO_BACKGROUND         EndUserDashboardTouchPointVariant = "WHITE_LOGO_BACKGROUND"
+)
+
+// All allowed values of EndUserDashboardTouchPointVariant enum
+var AllowedEndUserDashboardTouchPointVariantEnumValues = []EndUserDashboardTouchPointVariant{
+	"FULL_THEME",
+	"LOGO_ON_FULL_WHITE_BACKGROUND",
+	"OKTA_DEFAULT",
+	"WHITE_LOGO_BACKGROUND",
+}
+
+func (v *EndUserDashboardTouchPointVariant) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EndUserDashboardTouchPointVariant(value)
+	for _, existing := range AllowedEndUserDashboardTouchPointVariantEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EndUserDashboardTouchPointVariant", value)
+}
+
+// NewEndUserDashboardTouchPointVariantFromValue returns a pointer to a valid EndUserDashboardTouchPointVariant
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEndUserDashboardTouchPointVariantFromValue(v string) (*EndUserDashboardTouchPointVariant, error) {
+	ev := EndUserDashboardTouchPointVariant(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EndUserDashboardTouchPointVariant: valid values are %v", v, AllowedEndUserDashboardTouchPointVariantEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EndUserDashboardTouchPointVariant) IsValid() bool {
+	for _, existing := range AllowedEndUserDashboardTouchPointVariantEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EndUserDashboardTouchPointVariant value
+func (v EndUserDashboardTouchPointVariant) Ptr() *EndUserDashboardTouchPointVariant {
+	return &v
+}
+
+type NullableEndUserDashboardTouchPointVariant struct {
+	value *EndUserDashboardTouchPointVariant
+	isSet bool
+}
+
+func (v NullableEndUserDashboardTouchPointVariant) Get() *EndUserDashboardTouchPointVariant {
+	return v.value
+}
+
+func (v *NullableEndUserDashboardTouchPointVariant) Set(val *EndUserDashboardTouchPointVariant) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEndUserDashboardTouchPointVariant) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEndUserDashboardTouchPointVariant) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEndUserDashboardTouchPointVariant(val *EndUserDashboardTouchPointVariant) *NullableEndUserDashboardTouchPointVariant {
+	return &NullableEndUserDashboardTouchPointVariant{value: val, isSet: true}
+}
+
+func (v NullableEndUserDashboardTouchPointVariant) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEndUserDashboardTouchPointVariant) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_error.go b/okta/model_error.go
new file mode 100644
index 000000000..303129b48
--- /dev/null
+++ b/okta/model_error.go
@@ -0,0 +1,310 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Error struct for Error
+type Error struct {
+	ErrorCauses []ErrorErrorCausesInner `json:"errorCauses,omitempty"`
+	// An Okta code for this type of error
+	ErrorCode *string `json:"errorCode,omitempty"`
+	// A unique identifier for this error. This can be used by Okta Support to help with troubleshooting.
+	ErrorId *string `json:"errorId,omitempty"`
+	// An Okta code for this type of error
+	ErrorLink *string `json:"errorLink,omitempty"`
+	// A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error.
+	ErrorSummary         *string `json:"errorSummary,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Error Error
+
+// NewError instantiates a new Error object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewError() *Error {
+	this := Error{}
+	return &this
+}
+
+// NewErrorWithDefaults instantiates a new Error object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewErrorWithDefaults() *Error {
+	this := Error{}
+	return &this
+}
+
+// GetErrorCauses returns the ErrorCauses field value if set, zero value otherwise.
+func (o *Error) GetErrorCauses() []ErrorErrorCausesInner {
+	if o == nil || o.ErrorCauses == nil {
+		var ret []ErrorErrorCausesInner
+		return ret
+	}
+	return o.ErrorCauses
+}
+
+// GetErrorCausesOk returns a tuple with the ErrorCauses field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Error) GetErrorCausesOk() ([]ErrorErrorCausesInner, bool) {
+	if o == nil || o.ErrorCauses == nil {
+		return nil, false
+	}
+	return o.ErrorCauses, true
+}
+
+// HasErrorCauses returns a boolean if a field has been set.
+func (o *Error) HasErrorCauses() bool {
+	if o != nil && o.ErrorCauses != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorCauses gets a reference to the given []ErrorErrorCausesInner and assigns it to the ErrorCauses field.
+func (o *Error) SetErrorCauses(v []ErrorErrorCausesInner) {
+	o.ErrorCauses = v
+}
+
+// GetErrorCode returns the ErrorCode field value if set, zero value otherwise.
+func (o *Error) GetErrorCode() string {
+	if o == nil || o.ErrorCode == nil {
+		var ret string
+		return ret
+	}
+	return *o.ErrorCode
+}
+
+// GetErrorCodeOk returns a tuple with the ErrorCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Error) GetErrorCodeOk() (*string, bool) {
+	if o == nil || o.ErrorCode == nil {
+		return nil, false
+	}
+	return o.ErrorCode, true
+}
+
+// HasErrorCode returns a boolean if a field has been set.
+func (o *Error) HasErrorCode() bool {
+	if o != nil && o.ErrorCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorCode gets a reference to the given string and assigns it to the ErrorCode field.
+func (o *Error) SetErrorCode(v string) {
+	o.ErrorCode = &v
+}
+
+// GetErrorId returns the ErrorId field value if set, zero value otherwise.
+func (o *Error) GetErrorId() string {
+	if o == nil || o.ErrorId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ErrorId
+}
+
+// GetErrorIdOk returns a tuple with the ErrorId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Error) GetErrorIdOk() (*string, bool) {
+	if o == nil || o.ErrorId == nil {
+		return nil, false
+	}
+	return o.ErrorId, true
+}
+
+// HasErrorId returns a boolean if a field has been set.
+func (o *Error) HasErrorId() bool {
+	if o != nil && o.ErrorId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorId gets a reference to the given string and assigns it to the ErrorId field.
+func (o *Error) SetErrorId(v string) {
+	o.ErrorId = &v
+}
+
+// GetErrorLink returns the ErrorLink field value if set, zero value otherwise.
+func (o *Error) GetErrorLink() string {
+	if o == nil || o.ErrorLink == nil {
+		var ret string
+		return ret
+	}
+	return *o.ErrorLink
+}
+
+// GetErrorLinkOk returns a tuple with the ErrorLink field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Error) GetErrorLinkOk() (*string, bool) {
+	if o == nil || o.ErrorLink == nil {
+		return nil, false
+	}
+	return o.ErrorLink, true
+}
+
+// HasErrorLink returns a boolean if a field has been set.
+func (o *Error) HasErrorLink() bool {
+	if o != nil && o.ErrorLink != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorLink gets a reference to the given string and assigns it to the ErrorLink field.
+func (o *Error) SetErrorLink(v string) {
+	o.ErrorLink = &v
+}
+
+// GetErrorSummary returns the ErrorSummary field value if set, zero value otherwise.
+func (o *Error) GetErrorSummary() string {
+	if o == nil || o.ErrorSummary == nil {
+		var ret string
+		return ret
+	}
+	return *o.ErrorSummary
+}
+
+// GetErrorSummaryOk returns a tuple with the ErrorSummary field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Error) GetErrorSummaryOk() (*string, bool) {
+	if o == nil || o.ErrorSummary == nil {
+		return nil, false
+	}
+	return o.ErrorSummary, true
+}
+
+// HasErrorSummary returns a boolean if a field has been set.
+func (o *Error) HasErrorSummary() bool {
+	if o != nil && o.ErrorSummary != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorSummary gets a reference to the given string and assigns it to the ErrorSummary field.
+func (o *Error) SetErrorSummary(v string) {
+	o.ErrorSummary = &v
+}
+
+func (o Error) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ErrorCauses != nil {
+		toSerialize["errorCauses"] = o.ErrorCauses
+	}
+	if o.ErrorCode != nil {
+		toSerialize["errorCode"] = o.ErrorCode
+	}
+	if o.ErrorId != nil {
+		toSerialize["errorId"] = o.ErrorId
+	}
+	if o.ErrorLink != nil {
+		toSerialize["errorLink"] = o.ErrorLink
+	}
+	if o.ErrorSummary != nil {
+		toSerialize["errorSummary"] = o.ErrorSummary
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Error) UnmarshalJSON(bytes []byte) (err error) {
+	varError := _Error{}
+
+	err = json.Unmarshal(bytes, &varError)
+	if err == nil {
+		*o = Error(varError)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "errorCauses")
+		delete(additionalProperties, "errorCode")
+		delete(additionalProperties, "errorId")
+		delete(additionalProperties, "errorLink")
+		delete(additionalProperties, "errorSummary")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableError struct {
+	value *Error
+	isSet bool
+}
+
+func (v NullableError) Get() *Error {
+	return v.value
+}
+
+func (v *NullableError) Set(val *Error) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableError) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableError) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableError(val *Error) *NullableError {
+	return &NullableError{value: val, isSet: true}
+}
+
+func (v NullableError) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableError) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_error_error_causes_inner.go b/okta/model_error_error_causes_inner.go
new file mode 100644
index 000000000..b92271050
--- /dev/null
+++ b/okta/model_error_error_causes_inner.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ErrorErrorCausesInner struct for ErrorErrorCausesInner
+type ErrorErrorCausesInner struct {
+	ErrorSummary         *string `json:"errorSummary,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ErrorErrorCausesInner ErrorErrorCausesInner
+
+// NewErrorErrorCausesInner instantiates a new ErrorErrorCausesInner object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewErrorErrorCausesInner() *ErrorErrorCausesInner {
+	this := ErrorErrorCausesInner{}
+	return &this
+}
+
+// NewErrorErrorCausesInnerWithDefaults instantiates a new ErrorErrorCausesInner object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewErrorErrorCausesInnerWithDefaults() *ErrorErrorCausesInner {
+	this := ErrorErrorCausesInner{}
+	return &this
+}
+
+// GetErrorSummary returns the ErrorSummary field value if set, zero value otherwise.
+func (o *ErrorErrorCausesInner) GetErrorSummary() string {
+	if o == nil || o.ErrorSummary == nil {
+		var ret string
+		return ret
+	}
+	return *o.ErrorSummary
+}
+
+// GetErrorSummaryOk returns a tuple with the ErrorSummary field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ErrorErrorCausesInner) GetErrorSummaryOk() (*string, bool) {
+	if o == nil || o.ErrorSummary == nil {
+		return nil, false
+	}
+	return o.ErrorSummary, true
+}
+
+// HasErrorSummary returns a boolean if a field has been set.
+func (o *ErrorErrorCausesInner) HasErrorSummary() bool {
+	if o != nil && o.ErrorSummary != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorSummary gets a reference to the given string and assigns it to the ErrorSummary field.
+func (o *ErrorErrorCausesInner) SetErrorSummary(v string) {
+	o.ErrorSummary = &v
+}
+
+func (o ErrorErrorCausesInner) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ErrorSummary != nil {
+		toSerialize["errorSummary"] = o.ErrorSummary
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ErrorErrorCausesInner) UnmarshalJSON(bytes []byte) (err error) {
+	varErrorErrorCausesInner := _ErrorErrorCausesInner{}
+
+	err = json.Unmarshal(bytes, &varErrorErrorCausesInner)
+	if err == nil {
+		*o = ErrorErrorCausesInner(varErrorErrorCausesInner)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "errorSummary")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableErrorErrorCausesInner struct {
+	value *ErrorErrorCausesInner
+	isSet bool
+}
+
+func (v NullableErrorErrorCausesInner) Get() *ErrorErrorCausesInner {
+	return v.value
+}
+
+func (v *NullableErrorErrorCausesInner) Set(val *ErrorErrorCausesInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableErrorErrorCausesInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableErrorErrorCausesInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableErrorErrorCausesInner(val *ErrorErrorCausesInner) *NullableErrorErrorCausesInner {
+	return &NullableErrorErrorCausesInner{value: val, isSet: true}
+}
+
+func (v NullableErrorErrorCausesInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableErrorErrorCausesInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_error_page_touch_point_variant.go b/okta/model_error_page_touch_point_variant.go
new file mode 100644
index 000000000..31aae4444
--- /dev/null
+++ b/okta/model_error_page_touch_point_variant.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ErrorPageTouchPointVariant the model 'ErrorPageTouchPointVariant'
+type ErrorPageTouchPointVariant string
+
+// List of ErrorPageTouchPointVariant
+const (
+	ERRORPAGETOUCHPOINTVARIANT_BACKGROUND_IMAGE           ErrorPageTouchPointVariant = "BACKGROUND_IMAGE"
+	ERRORPAGETOUCHPOINTVARIANT_BACKGROUND_SECONDARY_COLOR ErrorPageTouchPointVariant = "BACKGROUND_SECONDARY_COLOR"
+	ERRORPAGETOUCHPOINTVARIANT_OKTA_DEFAULT               ErrorPageTouchPointVariant = "OKTA_DEFAULT"
+)
+
+// All allowed values of ErrorPageTouchPointVariant enum
+var AllowedErrorPageTouchPointVariantEnumValues = []ErrorPageTouchPointVariant{
+	"BACKGROUND_IMAGE",
+	"BACKGROUND_SECONDARY_COLOR",
+	"OKTA_DEFAULT",
+}
+
+func (v *ErrorPageTouchPointVariant) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ErrorPageTouchPointVariant(value)
+	for _, existing := range AllowedErrorPageTouchPointVariantEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ErrorPageTouchPointVariant", value)
+}
+
+// NewErrorPageTouchPointVariantFromValue returns a pointer to a valid ErrorPageTouchPointVariant
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewErrorPageTouchPointVariantFromValue(v string) (*ErrorPageTouchPointVariant, error) {
+	ev := ErrorPageTouchPointVariant(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ErrorPageTouchPointVariant: valid values are %v", v, AllowedErrorPageTouchPointVariantEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ErrorPageTouchPointVariant) IsValid() bool {
+	for _, existing := range AllowedErrorPageTouchPointVariantEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ErrorPageTouchPointVariant value
+func (v ErrorPageTouchPointVariant) Ptr() *ErrorPageTouchPointVariant {
+	return &v
+}
+
+type NullableErrorPageTouchPointVariant struct {
+	value *ErrorPageTouchPointVariant
+	isSet bool
+}
+
+func (v NullableErrorPageTouchPointVariant) Get() *ErrorPageTouchPointVariant {
+	return v.value
+}
+
+func (v *NullableErrorPageTouchPointVariant) Set(val *ErrorPageTouchPointVariant) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableErrorPageTouchPointVariant) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableErrorPageTouchPointVariant) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableErrorPageTouchPointVariant(val *ErrorPageTouchPointVariant) *NullableErrorPageTouchPointVariant {
+	return &NullableErrorPageTouchPointVariant{value: val, isSet: true}
+}
+
+func (v NullableErrorPageTouchPointVariant) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableErrorPageTouchPointVariant) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook.go b/okta/model_event_hook.go
new file mode 100644
index 000000000..a3e1781d1
--- /dev/null
+++ b/okta/model_event_hook.go
@@ -0,0 +1,492 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// EventHook struct for EventHook
+type EventHook struct {
+	Channel              *EventHookChannel                 `json:"channel,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	CreatedBy            *string                           `json:"createdBy,omitempty"`
+	Events               *EventSubscriptions               `json:"events,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Status               *LifecycleStatus                  `json:"status,omitempty"`
+	VerificationStatus   *EventHookVerificationStatus      `json:"verificationStatus,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EventHook EventHook
+
+// NewEventHook instantiates a new EventHook object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEventHook() *EventHook {
+	this := EventHook{}
+	return &this
+}
+
+// NewEventHookWithDefaults instantiates a new EventHook object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEventHookWithDefaults() *EventHook {
+	this := EventHook{}
+	return &this
+}
+
+// GetChannel returns the Channel field value if set, zero value otherwise.
+func (o *EventHook) GetChannel() EventHookChannel {
+	if o == nil || o.Channel == nil {
+		var ret EventHookChannel
+		return ret
+	}
+	return *o.Channel
+}
+
+// GetChannelOk returns a tuple with the Channel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetChannelOk() (*EventHookChannel, bool) {
+	if o == nil || o.Channel == nil {
+		return nil, false
+	}
+	return o.Channel, true
+}
+
+// HasChannel returns a boolean if a field has been set.
+func (o *EventHook) HasChannel() bool {
+	if o != nil && o.Channel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChannel gets a reference to the given EventHookChannel and assigns it to the Channel field.
+func (o *EventHook) SetChannel(v EventHookChannel) {
+	o.Channel = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *EventHook) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *EventHook) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *EventHook) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCreatedBy returns the CreatedBy field value if set, zero value otherwise.
+func (o *EventHook) GetCreatedBy() string {
+	if o == nil || o.CreatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.CreatedBy
+}
+
+// GetCreatedByOk returns a tuple with the CreatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetCreatedByOk() (*string, bool) {
+	if o == nil || o.CreatedBy == nil {
+		return nil, false
+	}
+	return o.CreatedBy, true
+}
+
+// HasCreatedBy returns a boolean if a field has been set.
+func (o *EventHook) HasCreatedBy() bool {
+	if o != nil && o.CreatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedBy gets a reference to the given string and assigns it to the CreatedBy field.
+func (o *EventHook) SetCreatedBy(v string) {
+	o.CreatedBy = &v
+}
+
+// GetEvents returns the Events field value if set, zero value otherwise.
+func (o *EventHook) GetEvents() EventSubscriptions {
+	if o == nil || o.Events == nil {
+		var ret EventSubscriptions
+		return ret
+	}
+	return *o.Events
+}
+
+// GetEventsOk returns a tuple with the Events field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetEventsOk() (*EventSubscriptions, bool) {
+	if o == nil || o.Events == nil {
+		return nil, false
+	}
+	return o.Events, true
+}
+
+// HasEvents returns a boolean if a field has been set.
+func (o *EventHook) HasEvents() bool {
+	if o != nil && o.Events != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEvents gets a reference to the given EventSubscriptions and assigns it to the Events field.
+func (o *EventHook) SetEvents(v EventSubscriptions) {
+	o.Events = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *EventHook) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *EventHook) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *EventHook) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *EventHook) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *EventHook) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *EventHook) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *EventHook) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *EventHook) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *EventHook) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *EventHook) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *EventHook) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *EventHook) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetVerificationStatus returns the VerificationStatus field value if set, zero value otherwise.
+func (o *EventHook) GetVerificationStatus() EventHookVerificationStatus {
+	if o == nil || o.VerificationStatus == nil {
+		var ret EventHookVerificationStatus
+		return ret
+	}
+	return *o.VerificationStatus
+}
+
+// GetVerificationStatusOk returns a tuple with the VerificationStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetVerificationStatusOk() (*EventHookVerificationStatus, bool) {
+	if o == nil || o.VerificationStatus == nil {
+		return nil, false
+	}
+	return o.VerificationStatus, true
+}
+
+// HasVerificationStatus returns a boolean if a field has been set.
+func (o *EventHook) HasVerificationStatus() bool {
+	if o != nil && o.VerificationStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVerificationStatus gets a reference to the given EventHookVerificationStatus and assigns it to the VerificationStatus field.
+func (o *EventHook) SetVerificationStatus(v EventHookVerificationStatus) {
+	o.VerificationStatus = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *EventHook) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHook) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *EventHook) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *EventHook) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o EventHook) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Channel != nil {
+		toSerialize["channel"] = o.Channel
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.CreatedBy != nil {
+		toSerialize["createdBy"] = o.CreatedBy
+	}
+	if o.Events != nil {
+		toSerialize["events"] = o.Events
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.VerificationStatus != nil {
+		toSerialize["verificationStatus"] = o.VerificationStatus
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EventHook) UnmarshalJSON(bytes []byte) (err error) {
+	varEventHook := _EventHook{}
+
+	err = json.Unmarshal(bytes, &varEventHook)
+	if err == nil {
+		*o = EventHook(varEventHook)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "channel")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "createdBy")
+		delete(additionalProperties, "events")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "verificationStatus")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEventHook struct {
+	value *EventHook
+	isSet bool
+}
+
+func (v NullableEventHook) Get() *EventHook {
+	return v.value
+}
+
+func (v *NullableEventHook) Set(val *EventHook) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHook) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHook) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHook(val *EventHook) *NullableEventHook {
+	return &NullableEventHook{value: val, isSet: true}
+}
+
+func (v NullableEventHook) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHook) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook_channel.go b/okta/model_event_hook_channel.go
new file mode 100644
index 000000000..50a966811
--- /dev/null
+++ b/okta/model_event_hook_channel.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EventHookChannel struct for EventHookChannel
+type EventHookChannel struct {
+	Config               *EventHookChannelConfig `json:"config,omitempty"`
+	Type                 *EventHookChannelType   `json:"type,omitempty"`
+	Version              *string                 `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EventHookChannel EventHookChannel
+
+// NewEventHookChannel instantiates a new EventHookChannel object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEventHookChannel() *EventHookChannel {
+	this := EventHookChannel{}
+	return &this
+}
+
+// NewEventHookChannelWithDefaults instantiates a new EventHookChannel object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEventHookChannelWithDefaults() *EventHookChannel {
+	this := EventHookChannel{}
+	return &this
+}
+
+// GetConfig returns the Config field value if set, zero value otherwise.
+func (o *EventHookChannel) GetConfig() EventHookChannelConfig {
+	if o == nil || o.Config == nil {
+		var ret EventHookChannelConfig
+		return ret
+	}
+	return *o.Config
+}
+
+// GetConfigOk returns a tuple with the Config field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannel) GetConfigOk() (*EventHookChannelConfig, bool) {
+	if o == nil || o.Config == nil {
+		return nil, false
+	}
+	return o.Config, true
+}
+
+// HasConfig returns a boolean if a field has been set.
+func (o *EventHookChannel) HasConfig() bool {
+	if o != nil && o.Config != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfig gets a reference to the given EventHookChannelConfig and assigns it to the Config field.
+func (o *EventHookChannel) SetConfig(v EventHookChannelConfig) {
+	o.Config = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *EventHookChannel) GetType() EventHookChannelType {
+	if o == nil || o.Type == nil {
+		var ret EventHookChannelType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannel) GetTypeOk() (*EventHookChannelType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *EventHookChannel) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given EventHookChannelType and assigns it to the Type field.
+func (o *EventHookChannel) SetType(v EventHookChannelType) {
+	o.Type = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *EventHookChannel) GetVersion() string {
+	if o == nil || o.Version == nil {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannel) GetVersionOk() (*string, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *EventHookChannel) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *EventHookChannel) SetVersion(v string) {
+	o.Version = &v
+}
+
+func (o EventHookChannel) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Config != nil {
+		toSerialize["config"] = o.Config
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EventHookChannel) UnmarshalJSON(bytes []byte) (err error) {
+	varEventHookChannel := _EventHookChannel{}
+
+	err = json.Unmarshal(bytes, &varEventHookChannel)
+	if err == nil {
+		*o = EventHookChannel(varEventHookChannel)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "config")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEventHookChannel struct {
+	value *EventHookChannel
+	isSet bool
+}
+
+func (v NullableEventHookChannel) Get() *EventHookChannel {
+	return v.value
+}
+
+func (v *NullableEventHookChannel) Set(val *EventHookChannel) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHookChannel) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHookChannel) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHookChannel(val *EventHookChannel) *NullableEventHookChannel {
+	return &NullableEventHookChannel{value: val, isSet: true}
+}
+
+func (v NullableEventHookChannel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHookChannel) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook_channel_config.go b/okta/model_event_hook_channel_config.go
new file mode 100644
index 000000000..12bccca57
--- /dev/null
+++ b/okta/model_event_hook_channel_config.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EventHookChannelConfig struct for EventHookChannelConfig
+type EventHookChannelConfig struct {
+	AuthScheme           *EventHookChannelConfigAuthScheme `json:"authScheme,omitempty"`
+	Headers              []EventHookChannelConfigHeader    `json:"headers,omitempty"`
+	Uri                  *string                           `json:"uri,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EventHookChannelConfig EventHookChannelConfig
+
+// NewEventHookChannelConfig instantiates a new EventHookChannelConfig object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEventHookChannelConfig() *EventHookChannelConfig {
+	this := EventHookChannelConfig{}
+	return &this
+}
+
+// NewEventHookChannelConfigWithDefaults instantiates a new EventHookChannelConfig object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEventHookChannelConfigWithDefaults() *EventHookChannelConfig {
+	this := EventHookChannelConfig{}
+	return &this
+}
+
+// GetAuthScheme returns the AuthScheme field value if set, zero value otherwise.
+func (o *EventHookChannelConfig) GetAuthScheme() EventHookChannelConfigAuthScheme {
+	if o == nil || o.AuthScheme == nil {
+		var ret EventHookChannelConfigAuthScheme
+		return ret
+	}
+	return *o.AuthScheme
+}
+
+// GetAuthSchemeOk returns a tuple with the AuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfig) GetAuthSchemeOk() (*EventHookChannelConfigAuthScheme, bool) {
+	if o == nil || o.AuthScheme == nil {
+		return nil, false
+	}
+	return o.AuthScheme, true
+}
+
+// HasAuthScheme returns a boolean if a field has been set.
+func (o *EventHookChannelConfig) HasAuthScheme() bool {
+	if o != nil && o.AuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthScheme gets a reference to the given EventHookChannelConfigAuthScheme and assigns it to the AuthScheme field.
+func (o *EventHookChannelConfig) SetAuthScheme(v EventHookChannelConfigAuthScheme) {
+	o.AuthScheme = &v
+}
+
+// GetHeaders returns the Headers field value if set, zero value otherwise.
+func (o *EventHookChannelConfig) GetHeaders() []EventHookChannelConfigHeader {
+	if o == nil || o.Headers == nil {
+		var ret []EventHookChannelConfigHeader
+		return ret
+	}
+	return o.Headers
+}
+
+// GetHeadersOk returns a tuple with the Headers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfig) GetHeadersOk() ([]EventHookChannelConfigHeader, bool) {
+	if o == nil || o.Headers == nil {
+		return nil, false
+	}
+	return o.Headers, true
+}
+
+// HasHeaders returns a boolean if a field has been set.
+func (o *EventHookChannelConfig) HasHeaders() bool {
+	if o != nil && o.Headers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHeaders gets a reference to the given []EventHookChannelConfigHeader and assigns it to the Headers field.
+func (o *EventHookChannelConfig) SetHeaders(v []EventHookChannelConfigHeader) {
+	o.Headers = v
+}
+
+// GetUri returns the Uri field value if set, zero value otherwise.
+func (o *EventHookChannelConfig) GetUri() string {
+	if o == nil || o.Uri == nil {
+		var ret string
+		return ret
+	}
+	return *o.Uri
+}
+
+// GetUriOk returns a tuple with the Uri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfig) GetUriOk() (*string, bool) {
+	if o == nil || o.Uri == nil {
+		return nil, false
+	}
+	return o.Uri, true
+}
+
+// HasUri returns a boolean if a field has been set.
+func (o *EventHookChannelConfig) HasUri() bool {
+	if o != nil && o.Uri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUri gets a reference to the given string and assigns it to the Uri field.
+func (o *EventHookChannelConfig) SetUri(v string) {
+	o.Uri = &v
+}
+
+func (o EventHookChannelConfig) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthScheme != nil {
+		toSerialize["authScheme"] = o.AuthScheme
+	}
+	if o.Headers != nil {
+		toSerialize["headers"] = o.Headers
+	}
+	if o.Uri != nil {
+		toSerialize["uri"] = o.Uri
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EventHookChannelConfig) UnmarshalJSON(bytes []byte) (err error) {
+	varEventHookChannelConfig := _EventHookChannelConfig{}
+
+	err = json.Unmarshal(bytes, &varEventHookChannelConfig)
+	if err == nil {
+		*o = EventHookChannelConfig(varEventHookChannelConfig)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authScheme")
+		delete(additionalProperties, "headers")
+		delete(additionalProperties, "uri")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEventHookChannelConfig struct {
+	value *EventHookChannelConfig
+	isSet bool
+}
+
+func (v NullableEventHookChannelConfig) Get() *EventHookChannelConfig {
+	return v.value
+}
+
+func (v *NullableEventHookChannelConfig) Set(val *EventHookChannelConfig) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHookChannelConfig) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHookChannelConfig) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHookChannelConfig(val *EventHookChannelConfig) *NullableEventHookChannelConfig {
+	return &NullableEventHookChannelConfig{value: val, isSet: true}
+}
+
+func (v NullableEventHookChannelConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHookChannelConfig) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook_channel_config_auth_scheme.go b/okta/model_event_hook_channel_config_auth_scheme.go
new file mode 100644
index 000000000..0d2a879bd
--- /dev/null
+++ b/okta/model_event_hook_channel_config_auth_scheme.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EventHookChannelConfigAuthScheme struct for EventHookChannelConfigAuthScheme
+type EventHookChannelConfigAuthScheme struct {
+	Key                  *string                               `json:"key,omitempty"`
+	Type                 *EventHookChannelConfigAuthSchemeType `json:"type,omitempty"`
+	Value                *string                               `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EventHookChannelConfigAuthScheme EventHookChannelConfigAuthScheme
+
+// NewEventHookChannelConfigAuthScheme instantiates a new EventHookChannelConfigAuthScheme object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEventHookChannelConfigAuthScheme() *EventHookChannelConfigAuthScheme {
+	this := EventHookChannelConfigAuthScheme{}
+	return &this
+}
+
+// NewEventHookChannelConfigAuthSchemeWithDefaults instantiates a new EventHookChannelConfigAuthScheme object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEventHookChannelConfigAuthSchemeWithDefaults() *EventHookChannelConfigAuthScheme {
+	this := EventHookChannelConfigAuthScheme{}
+	return &this
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *EventHookChannelConfigAuthScheme) GetKey() string {
+	if o == nil || o.Key == nil {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfigAuthScheme) GetKeyOk() (*string, bool) {
+	if o == nil || o.Key == nil {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *EventHookChannelConfigAuthScheme) HasKey() bool {
+	if o != nil && o.Key != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *EventHookChannelConfigAuthScheme) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *EventHookChannelConfigAuthScheme) GetType() EventHookChannelConfigAuthSchemeType {
+	if o == nil || o.Type == nil {
+		var ret EventHookChannelConfigAuthSchemeType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfigAuthScheme) GetTypeOk() (*EventHookChannelConfigAuthSchemeType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *EventHookChannelConfigAuthScheme) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given EventHookChannelConfigAuthSchemeType and assigns it to the Type field.
+func (o *EventHookChannelConfigAuthScheme) SetType(v EventHookChannelConfigAuthSchemeType) {
+	o.Type = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *EventHookChannelConfigAuthScheme) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfigAuthScheme) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *EventHookChannelConfigAuthScheme) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *EventHookChannelConfigAuthScheme) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o EventHookChannelConfigAuthScheme) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Key != nil {
+		toSerialize["key"] = o.Key
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EventHookChannelConfigAuthScheme) UnmarshalJSON(bytes []byte) (err error) {
+	varEventHookChannelConfigAuthScheme := _EventHookChannelConfigAuthScheme{}
+
+	err = json.Unmarshal(bytes, &varEventHookChannelConfigAuthScheme)
+	if err == nil {
+		*o = EventHookChannelConfigAuthScheme(varEventHookChannelConfigAuthScheme)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "key")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEventHookChannelConfigAuthScheme struct {
+	value *EventHookChannelConfigAuthScheme
+	isSet bool
+}
+
+func (v NullableEventHookChannelConfigAuthScheme) Get() *EventHookChannelConfigAuthScheme {
+	return v.value
+}
+
+func (v *NullableEventHookChannelConfigAuthScheme) Set(val *EventHookChannelConfigAuthScheme) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHookChannelConfigAuthScheme) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHookChannelConfigAuthScheme) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHookChannelConfigAuthScheme(val *EventHookChannelConfigAuthScheme) *NullableEventHookChannelConfigAuthScheme {
+	return &NullableEventHookChannelConfigAuthScheme{value: val, isSet: true}
+}
+
+func (v NullableEventHookChannelConfigAuthScheme) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHookChannelConfigAuthScheme) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook_channel_config_auth_scheme_type.go b/okta/model_event_hook_channel_config_auth_scheme_type.go
new file mode 100644
index 000000000..38d4ce963
--- /dev/null
+++ b/okta/model_event_hook_channel_config_auth_scheme_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EventHookChannelConfigAuthSchemeType the model 'EventHookChannelConfigAuthSchemeType'
+type EventHookChannelConfigAuthSchemeType string
+
+// List of EventHookChannelConfigAuthSchemeType
+const (
+	EVENTHOOKCHANNELCONFIGAUTHSCHEMETYPE_HEADER EventHookChannelConfigAuthSchemeType = "HEADER"
+)
+
+// All allowed values of EventHookChannelConfigAuthSchemeType enum
+var AllowedEventHookChannelConfigAuthSchemeTypeEnumValues = []EventHookChannelConfigAuthSchemeType{
+	"HEADER",
+}
+
+func (v *EventHookChannelConfigAuthSchemeType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EventHookChannelConfigAuthSchemeType(value)
+	for _, existing := range AllowedEventHookChannelConfigAuthSchemeTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EventHookChannelConfigAuthSchemeType", value)
+}
+
+// NewEventHookChannelConfigAuthSchemeTypeFromValue returns a pointer to a valid EventHookChannelConfigAuthSchemeType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEventHookChannelConfigAuthSchemeTypeFromValue(v string) (*EventHookChannelConfigAuthSchemeType, error) {
+	ev := EventHookChannelConfigAuthSchemeType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EventHookChannelConfigAuthSchemeType: valid values are %v", v, AllowedEventHookChannelConfigAuthSchemeTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EventHookChannelConfigAuthSchemeType) IsValid() bool {
+	for _, existing := range AllowedEventHookChannelConfigAuthSchemeTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EventHookChannelConfigAuthSchemeType value
+func (v EventHookChannelConfigAuthSchemeType) Ptr() *EventHookChannelConfigAuthSchemeType {
+	return &v
+}
+
+type NullableEventHookChannelConfigAuthSchemeType struct {
+	value *EventHookChannelConfigAuthSchemeType
+	isSet bool
+}
+
+func (v NullableEventHookChannelConfigAuthSchemeType) Get() *EventHookChannelConfigAuthSchemeType {
+	return v.value
+}
+
+func (v *NullableEventHookChannelConfigAuthSchemeType) Set(val *EventHookChannelConfigAuthSchemeType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHookChannelConfigAuthSchemeType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHookChannelConfigAuthSchemeType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHookChannelConfigAuthSchemeType(val *EventHookChannelConfigAuthSchemeType) *NullableEventHookChannelConfigAuthSchemeType {
+	return &NullableEventHookChannelConfigAuthSchemeType{value: val, isSet: true}
+}
+
+func (v NullableEventHookChannelConfigAuthSchemeType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHookChannelConfigAuthSchemeType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook_channel_config_header.go b/okta/model_event_hook_channel_config_header.go
new file mode 100644
index 000000000..748513a82
--- /dev/null
+++ b/okta/model_event_hook_channel_config_header.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EventHookChannelConfigHeader struct for EventHookChannelConfigHeader
+type EventHookChannelConfigHeader struct {
+	Key                  *string `json:"key,omitempty"`
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EventHookChannelConfigHeader EventHookChannelConfigHeader
+
+// NewEventHookChannelConfigHeader instantiates a new EventHookChannelConfigHeader object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEventHookChannelConfigHeader() *EventHookChannelConfigHeader {
+	this := EventHookChannelConfigHeader{}
+	return &this
+}
+
+// NewEventHookChannelConfigHeaderWithDefaults instantiates a new EventHookChannelConfigHeader object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEventHookChannelConfigHeaderWithDefaults() *EventHookChannelConfigHeader {
+	this := EventHookChannelConfigHeader{}
+	return &this
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *EventHookChannelConfigHeader) GetKey() string {
+	if o == nil || o.Key == nil {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfigHeader) GetKeyOk() (*string, bool) {
+	if o == nil || o.Key == nil {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *EventHookChannelConfigHeader) HasKey() bool {
+	if o != nil && o.Key != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *EventHookChannelConfigHeader) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *EventHookChannelConfigHeader) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventHookChannelConfigHeader) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *EventHookChannelConfigHeader) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *EventHookChannelConfigHeader) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o EventHookChannelConfigHeader) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Key != nil {
+		toSerialize["key"] = o.Key
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EventHookChannelConfigHeader) UnmarshalJSON(bytes []byte) (err error) {
+	varEventHookChannelConfigHeader := _EventHookChannelConfigHeader{}
+
+	err = json.Unmarshal(bytes, &varEventHookChannelConfigHeader)
+	if err == nil {
+		*o = EventHookChannelConfigHeader(varEventHookChannelConfigHeader)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "key")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEventHookChannelConfigHeader struct {
+	value *EventHookChannelConfigHeader
+	isSet bool
+}
+
+func (v NullableEventHookChannelConfigHeader) Get() *EventHookChannelConfigHeader {
+	return v.value
+}
+
+func (v *NullableEventHookChannelConfigHeader) Set(val *EventHookChannelConfigHeader) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHookChannelConfigHeader) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHookChannelConfigHeader) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHookChannelConfigHeader(val *EventHookChannelConfigHeader) *NullableEventHookChannelConfigHeader {
+	return &NullableEventHookChannelConfigHeader{value: val, isSet: true}
+}
+
+func (v NullableEventHookChannelConfigHeader) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHookChannelConfigHeader) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook_channel_type.go b/okta/model_event_hook_channel_type.go
new file mode 100644
index 000000000..84579e698
--- /dev/null
+++ b/okta/model_event_hook_channel_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EventHookChannelType the model 'EventHookChannelType'
+type EventHookChannelType string
+
+// List of EventHookChannelType
+const (
+	EVENTHOOKCHANNELTYPE_HTTP EventHookChannelType = "HTTP"
+)
+
+// All allowed values of EventHookChannelType enum
+var AllowedEventHookChannelTypeEnumValues = []EventHookChannelType{
+	"HTTP",
+}
+
+func (v *EventHookChannelType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EventHookChannelType(value)
+	for _, existing := range AllowedEventHookChannelTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EventHookChannelType", value)
+}
+
+// NewEventHookChannelTypeFromValue returns a pointer to a valid EventHookChannelType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEventHookChannelTypeFromValue(v string) (*EventHookChannelType, error) {
+	ev := EventHookChannelType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EventHookChannelType: valid values are %v", v, AllowedEventHookChannelTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EventHookChannelType) IsValid() bool {
+	for _, existing := range AllowedEventHookChannelTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EventHookChannelType value
+func (v EventHookChannelType) Ptr() *EventHookChannelType {
+	return &v
+}
+
+type NullableEventHookChannelType struct {
+	value *EventHookChannelType
+	isSet bool
+}
+
+func (v NullableEventHookChannelType) Get() *EventHookChannelType {
+	return v.value
+}
+
+func (v *NullableEventHookChannelType) Set(val *EventHookChannelType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHookChannelType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHookChannelType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHookChannelType(val *EventHookChannelType) *NullableEventHookChannelType {
+	return &NullableEventHookChannelType{value: val, isSet: true}
+}
+
+func (v NullableEventHookChannelType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHookChannelType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_hook_verification_status.go b/okta/model_event_hook_verification_status.go
new file mode 100644
index 000000000..68c583588
--- /dev/null
+++ b/okta/model_event_hook_verification_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EventHookVerificationStatus the model 'EventHookVerificationStatus'
+type EventHookVerificationStatus string
+
+// List of EventHookVerificationStatus
+const (
+	EVENTHOOKVERIFICATIONSTATUS_UNVERIFIED EventHookVerificationStatus = "UNVERIFIED"
+	EVENTHOOKVERIFICATIONSTATUS_VERIFIED   EventHookVerificationStatus = "VERIFIED"
+)
+
+// All allowed values of EventHookVerificationStatus enum
+var AllowedEventHookVerificationStatusEnumValues = []EventHookVerificationStatus{
+	"UNVERIFIED",
+	"VERIFIED",
+}
+
+func (v *EventHookVerificationStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EventHookVerificationStatus(value)
+	for _, existing := range AllowedEventHookVerificationStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EventHookVerificationStatus", value)
+}
+
+// NewEventHookVerificationStatusFromValue returns a pointer to a valid EventHookVerificationStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEventHookVerificationStatusFromValue(v string) (*EventHookVerificationStatus, error) {
+	ev := EventHookVerificationStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EventHookVerificationStatus: valid values are %v", v, AllowedEventHookVerificationStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EventHookVerificationStatus) IsValid() bool {
+	for _, existing := range AllowedEventHookVerificationStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EventHookVerificationStatus value
+func (v EventHookVerificationStatus) Ptr() *EventHookVerificationStatus {
+	return &v
+}
+
+type NullableEventHookVerificationStatus struct {
+	value *EventHookVerificationStatus
+	isSet bool
+}
+
+func (v NullableEventHookVerificationStatus) Get() *EventHookVerificationStatus {
+	return v.value
+}
+
+func (v *NullableEventHookVerificationStatus) Set(val *EventHookVerificationStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventHookVerificationStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventHookVerificationStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventHookVerificationStatus(val *EventHookVerificationStatus) *NullableEventHookVerificationStatus {
+	return &NullableEventHookVerificationStatus{value: val, isSet: true}
+}
+
+func (v NullableEventHookVerificationStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventHookVerificationStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_subscription_type.go b/okta/model_event_subscription_type.go
new file mode 100644
index 000000000..cee519d50
--- /dev/null
+++ b/okta/model_event_subscription_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// EventSubscriptionType the model 'EventSubscriptionType'
+type EventSubscriptionType string
+
+// List of EventSubscriptionType
+const (
+	EVENTSUBSCRIPTIONTYPE_EVENT_TYPE EventSubscriptionType = "EVENT_TYPE"
+	EVENTSUBSCRIPTIONTYPE_FLOW_EVENT EventSubscriptionType = "FLOW_EVENT"
+)
+
+// All allowed values of EventSubscriptionType enum
+var AllowedEventSubscriptionTypeEnumValues = []EventSubscriptionType{
+	"EVENT_TYPE",
+	"FLOW_EVENT",
+}
+
+func (v *EventSubscriptionType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := EventSubscriptionType(value)
+	for _, existing := range AllowedEventSubscriptionTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid EventSubscriptionType", value)
+}
+
+// NewEventSubscriptionTypeFromValue returns a pointer to a valid EventSubscriptionType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewEventSubscriptionTypeFromValue(v string) (*EventSubscriptionType, error) {
+	ev := EventSubscriptionType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for EventSubscriptionType: valid values are %v", v, AllowedEventSubscriptionTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v EventSubscriptionType) IsValid() bool {
+	for _, existing := range AllowedEventSubscriptionTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to EventSubscriptionType value
+func (v EventSubscriptionType) Ptr() *EventSubscriptionType {
+	return &v
+}
+
+type NullableEventSubscriptionType struct {
+	value *EventSubscriptionType
+	isSet bool
+}
+
+func (v NullableEventSubscriptionType) Get() *EventSubscriptionType {
+	return v.value
+}
+
+func (v *NullableEventSubscriptionType) Set(val *EventSubscriptionType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventSubscriptionType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventSubscriptionType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventSubscriptionType(val *EventSubscriptionType) *NullableEventSubscriptionType {
+	return &NullableEventSubscriptionType{value: val, isSet: true}
+}
+
+func (v NullableEventSubscriptionType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventSubscriptionType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_event_subscriptions.go b/okta/model_event_subscriptions.go
new file mode 100644
index 000000000..0b2159602
--- /dev/null
+++ b/okta/model_event_subscriptions.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// EventSubscriptions struct for EventSubscriptions
+type EventSubscriptions struct {
+	Items                []string               `json:"items,omitempty"`
+	Type                 *EventSubscriptionType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _EventSubscriptions EventSubscriptions
+
+// NewEventSubscriptions instantiates a new EventSubscriptions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEventSubscriptions() *EventSubscriptions {
+	this := EventSubscriptions{}
+	return &this
+}
+
+// NewEventSubscriptionsWithDefaults instantiates a new EventSubscriptions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEventSubscriptionsWithDefaults() *EventSubscriptions {
+	this := EventSubscriptions{}
+	return &this
+}
+
+// GetItems returns the Items field value if set, zero value otherwise.
+func (o *EventSubscriptions) GetItems() []string {
+	if o == nil || o.Items == nil {
+		var ret []string
+		return ret
+	}
+	return o.Items
+}
+
+// GetItemsOk returns a tuple with the Items field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventSubscriptions) GetItemsOk() ([]string, bool) {
+	if o == nil || o.Items == nil {
+		return nil, false
+	}
+	return o.Items, true
+}
+
+// HasItems returns a boolean if a field has been set.
+func (o *EventSubscriptions) HasItems() bool {
+	if o != nil && o.Items != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetItems gets a reference to the given []string and assigns it to the Items field.
+func (o *EventSubscriptions) SetItems(v []string) {
+	o.Items = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *EventSubscriptions) GetType() EventSubscriptionType {
+	if o == nil || o.Type == nil {
+		var ret EventSubscriptionType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EventSubscriptions) GetTypeOk() (*EventSubscriptionType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *EventSubscriptions) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given EventSubscriptionType and assigns it to the Type field.
+func (o *EventSubscriptions) SetType(v EventSubscriptionType) {
+	o.Type = &v
+}
+
+func (o EventSubscriptions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Items != nil {
+		toSerialize["items"] = o.Items
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *EventSubscriptions) UnmarshalJSON(bytes []byte) (err error) {
+	varEventSubscriptions := _EventSubscriptions{}
+
+	err = json.Unmarshal(bytes, &varEventSubscriptions)
+	if err == nil {
+		*o = EventSubscriptions(varEventSubscriptions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "items")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableEventSubscriptions struct {
+	value *EventSubscriptions
+	isSet bool
+}
+
+func (v NullableEventSubscriptions) Get() *EventSubscriptions {
+	return v.value
+}
+
+func (v *NullableEventSubscriptions) Set(val *EventSubscriptions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEventSubscriptions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEventSubscriptions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEventSubscriptions(val *EventSubscriptions) *NullableEventSubscriptions {
+	return &NullableEventSubscriptions{value: val, isSet: true}
+}
+
+func (v NullableEventSubscriptions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEventSubscriptions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_factor_provider.go b/okta/model_factor_provider.go
new file mode 100644
index 000000000..8eeb4271e
--- /dev/null
+++ b/okta/model_factor_provider.go
@@ -0,0 +1,136 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FactorProvider the model 'FactorProvider'
+type FactorProvider string
+
+// List of FactorProvider
+const (
+	FACTORPROVIDER_CUSTOM   FactorProvider = "CUSTOM"
+	FACTORPROVIDER_DUO      FactorProvider = "DUO"
+	FACTORPROVIDER_FIDO     FactorProvider = "FIDO"
+	FACTORPROVIDER_GOOGLE   FactorProvider = "GOOGLE"
+	FACTORPROVIDER_OKTA     FactorProvider = "OKTA"
+	FACTORPROVIDER_RSA      FactorProvider = "RSA"
+	FACTORPROVIDER_SYMANTEC FactorProvider = "SYMANTEC"
+	FACTORPROVIDER_YUBICO   FactorProvider = "YUBICO"
+)
+
+// All allowed values of FactorProvider enum
+var AllowedFactorProviderEnumValues = []FactorProvider{
+	"CUSTOM",
+	"DUO",
+	"FIDO",
+	"GOOGLE",
+	"OKTA",
+	"RSA",
+	"SYMANTEC",
+	"YUBICO",
+}
+
+func (v *FactorProvider) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FactorProvider(value)
+	for _, existing := range AllowedFactorProviderEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FactorProvider", value)
+}
+
+// NewFactorProviderFromValue returns a pointer to a valid FactorProvider
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFactorProviderFromValue(v string) (*FactorProvider, error) {
+	ev := FactorProvider(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FactorProvider: valid values are %v", v, AllowedFactorProviderEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FactorProvider) IsValid() bool {
+	for _, existing := range AllowedFactorProviderEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FactorProvider value
+func (v FactorProvider) Ptr() *FactorProvider {
+	return &v
+}
+
+type NullableFactorProvider struct {
+	value *FactorProvider
+	isSet bool
+}
+
+func (v NullableFactorProvider) Get() *FactorProvider {
+	return v.value
+}
+
+func (v *NullableFactorProvider) Set(val *FactorProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFactorProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFactorProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFactorProvider(val *FactorProvider) *NullableFactorProvider {
+	return &NullableFactorProvider{value: val, isSet: true}
+}
+
+func (v NullableFactorProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFactorProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_factor_result_type.go b/okta/model_factor_result_type.go
new file mode 100644
index 000000000..7d89d5f2c
--- /dev/null
+++ b/okta/model_factor_result_type.go
@@ -0,0 +1,140 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FactorResultType the model 'FactorResultType'
+type FactorResultType string
+
+// List of FactorResultType
+const (
+	FACTORRESULTTYPE_CANCELLED            FactorResultType = "CANCELLED"
+	FACTORRESULTTYPE_CHALLENGE            FactorResultType = "CHALLENGE"
+	FACTORRESULTTYPE_ERROR                FactorResultType = "ERROR"
+	FACTORRESULTTYPE_FAILED               FactorResultType = "FAILED"
+	FACTORRESULTTYPE_PASSCODE_REPLAYED    FactorResultType = "PASSCODE_REPLAYED"
+	FACTORRESULTTYPE_REJECTED             FactorResultType = "REJECTED"
+	FACTORRESULTTYPE_SUCCESS              FactorResultType = "SUCCESS"
+	FACTORRESULTTYPE_TIMEOUT              FactorResultType = "TIMEOUT"
+	FACTORRESULTTYPE_TIME_WINDOW_EXCEEDED FactorResultType = "TIME_WINDOW_EXCEEDED"
+	FACTORRESULTTYPE_WAITING              FactorResultType = "WAITING"
+)
+
+// All allowed values of FactorResultType enum
+var AllowedFactorResultTypeEnumValues = []FactorResultType{
+	"CANCELLED",
+	"CHALLENGE",
+	"ERROR",
+	"FAILED",
+	"PASSCODE_REPLAYED",
+	"REJECTED",
+	"SUCCESS",
+	"TIMEOUT",
+	"TIME_WINDOW_EXCEEDED",
+	"WAITING",
+}
+
+func (v *FactorResultType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FactorResultType(value)
+	for _, existing := range AllowedFactorResultTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FactorResultType", value)
+}
+
+// NewFactorResultTypeFromValue returns a pointer to a valid FactorResultType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFactorResultTypeFromValue(v string) (*FactorResultType, error) {
+	ev := FactorResultType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FactorResultType: valid values are %v", v, AllowedFactorResultTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FactorResultType) IsValid() bool {
+	for _, existing := range AllowedFactorResultTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FactorResultType value
+func (v FactorResultType) Ptr() *FactorResultType {
+	return &v
+}
+
+type NullableFactorResultType struct {
+	value *FactorResultType
+	isSet bool
+}
+
+func (v NullableFactorResultType) Get() *FactorResultType {
+	return v.value
+}
+
+func (v *NullableFactorResultType) Set(val *FactorResultType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFactorResultType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFactorResultType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFactorResultType(val *FactorResultType) *NullableFactorResultType {
+	return &NullableFactorResultType{value: val, isSet: true}
+}
+
+func (v NullableFactorResultType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFactorResultType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_factor_status.go b/okta/model_factor_status.go
new file mode 100644
index 000000000..427bb260a
--- /dev/null
+++ b/okta/model_factor_status.go
@@ -0,0 +1,134 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FactorStatus the model 'FactorStatus'
+type FactorStatus string
+
+// List of FactorStatus
+const (
+	FACTORSTATUS_ACTIVE             FactorStatus = "ACTIVE"
+	FACTORSTATUS_DISABLED           FactorStatus = "DISABLED"
+	FACTORSTATUS_ENROLLED           FactorStatus = "ENROLLED"
+	FACTORSTATUS_EXPIRED            FactorStatus = "EXPIRED"
+	FACTORSTATUS_INACTIVE           FactorStatus = "INACTIVE"
+	FACTORSTATUS_NOT_SETUP          FactorStatus = "NOT_SETUP"
+	FACTORSTATUS_PENDING_ACTIVATION FactorStatus = "PENDING_ACTIVATION"
+)
+
+// All allowed values of FactorStatus enum
+var AllowedFactorStatusEnumValues = []FactorStatus{
+	"ACTIVE",
+	"DISABLED",
+	"ENROLLED",
+	"EXPIRED",
+	"INACTIVE",
+	"NOT_SETUP",
+	"PENDING_ACTIVATION",
+}
+
+func (v *FactorStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FactorStatus(value)
+	for _, existing := range AllowedFactorStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FactorStatus", value)
+}
+
+// NewFactorStatusFromValue returns a pointer to a valid FactorStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFactorStatusFromValue(v string) (*FactorStatus, error) {
+	ev := FactorStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FactorStatus: valid values are %v", v, AllowedFactorStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FactorStatus) IsValid() bool {
+	for _, existing := range AllowedFactorStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FactorStatus value
+func (v FactorStatus) Ptr() *FactorStatus {
+	return &v
+}
+
+type NullableFactorStatus struct {
+	value *FactorStatus
+	isSet bool
+}
+
+func (v NullableFactorStatus) Get() *FactorStatus {
+	return v.value
+}
+
+func (v *NullableFactorStatus) Set(val *FactorStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFactorStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFactorStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFactorStatus(val *FactorStatus) *NullableFactorStatus {
+	return &NullableFactorStatus{value: val, isSet: true}
+}
+
+func (v NullableFactorStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFactorStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_factor_type.go b/okta/model_factor_type.go
new file mode 100644
index 000000000..fddbc4f59
--- /dev/null
+++ b/okta/model_factor_type.go
@@ -0,0 +1,146 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FactorType the model 'FactorType'
+type FactorType string
+
+// List of FactorType
+const (
+	FACTORTYPE_CALL              FactorType = "call"
+	FACTORTYPE_EMAIL             FactorType = "email"
+	FACTORTYPE_HOTP              FactorType = "hotp"
+	FACTORTYPE_PUSH              FactorType = "push"
+	FACTORTYPE_QUESTION          FactorType = "question"
+	FACTORTYPE_SMS               FactorType = "sms"
+	FACTORTYPE_TOKEN             FactorType = "token"
+	FACTORTYPE_TOKENHARDWARE     FactorType = "token:hardware"
+	FACTORTYPE_TOKENHOTP         FactorType = "token:hotp"
+	FACTORTYPE_TOKENSOFTWARETOTP FactorType = "token:software:totp"
+	FACTORTYPE_U2F               FactorType = "u2f"
+	FACTORTYPE_WEB               FactorType = "web"
+	FACTORTYPE_WEBAUTHN          FactorType = "webauthn"
+)
+
+// All allowed values of FactorType enum
+var AllowedFactorTypeEnumValues = []FactorType{
+	"call",
+	"email",
+	"hotp",
+	"push",
+	"question",
+	"sms",
+	"token",
+	"token:hardware",
+	"token:hotp",
+	"token:software:totp",
+	"u2f",
+	"web",
+	"webauthn",
+}
+
+func (v *FactorType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FactorType(value)
+	for _, existing := range AllowedFactorTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FactorType", value)
+}
+
+// NewFactorTypeFromValue returns a pointer to a valid FactorType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFactorTypeFromValue(v string) (*FactorType, error) {
+	ev := FactorType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FactorType: valid values are %v", v, AllowedFactorTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FactorType) IsValid() bool {
+	for _, existing := range AllowedFactorTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FactorType value
+func (v FactorType) Ptr() *FactorType {
+	return &v
+}
+
+type NullableFactorType struct {
+	value *FactorType
+	isSet bool
+}
+
+func (v NullableFactorType) Get() *FactorType {
+	return v.value
+}
+
+func (v *NullableFactorType) Set(val *FactorType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFactorType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFactorType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFactorType(val *FactorType) *NullableFactorType {
+	return &NullableFactorType{value: val, isSet: true}
+}
+
+func (v NullableFactorType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFactorType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_fcm_configuration.go b/okta/model_fcm_configuration.go
new file mode 100644
index 000000000..276580c28
--- /dev/null
+++ b/okta/model_fcm_configuration.go
@@ -0,0 +1,235 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// FCMConfiguration struct for FCMConfiguration
+type FCMConfiguration struct {
+	// (Optional) File name for Admin Console display
+	FileName *string `json:"fileName,omitempty"`
+	// Project ID of FCM configuration
+	ProjectId *string `json:"projectId,omitempty"`
+	// JSON containing the private service account key and service account details. See [Creating and managing service account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) for more information on creating service account keys in JSON.
+	ServiceAccountJson   map[string]interface{} `json:"serviceAccountJson,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _FCMConfiguration FCMConfiguration
+
+// NewFCMConfiguration instantiates a new FCMConfiguration object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewFCMConfiguration() *FCMConfiguration {
+	this := FCMConfiguration{}
+	return &this
+}
+
+// NewFCMConfigurationWithDefaults instantiates a new FCMConfiguration object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewFCMConfigurationWithDefaults() *FCMConfiguration {
+	this := FCMConfiguration{}
+	return &this
+}
+
+// GetFileName returns the FileName field value if set, zero value otherwise.
+func (o *FCMConfiguration) GetFileName() string {
+	if o == nil || o.FileName == nil {
+		var ret string
+		return ret
+	}
+	return *o.FileName
+}
+
+// GetFileNameOk returns a tuple with the FileName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *FCMConfiguration) GetFileNameOk() (*string, bool) {
+	if o == nil || o.FileName == nil {
+		return nil, false
+	}
+	return o.FileName, true
+}
+
+// HasFileName returns a boolean if a field has been set.
+func (o *FCMConfiguration) HasFileName() bool {
+	if o != nil && o.FileName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFileName gets a reference to the given string and assigns it to the FileName field.
+func (o *FCMConfiguration) SetFileName(v string) {
+	o.FileName = &v
+}
+
+// GetProjectId returns the ProjectId field value if set, zero value otherwise.
+func (o *FCMConfiguration) GetProjectId() string {
+	if o == nil || o.ProjectId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ProjectId
+}
+
+// GetProjectIdOk returns a tuple with the ProjectId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *FCMConfiguration) GetProjectIdOk() (*string, bool) {
+	if o == nil || o.ProjectId == nil {
+		return nil, false
+	}
+	return o.ProjectId, true
+}
+
+// HasProjectId returns a boolean if a field has been set.
+func (o *FCMConfiguration) HasProjectId() bool {
+	if o != nil && o.ProjectId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProjectId gets a reference to the given string and assigns it to the ProjectId field.
+func (o *FCMConfiguration) SetProjectId(v string) {
+	o.ProjectId = &v
+}
+
+// GetServiceAccountJson returns the ServiceAccountJson field value if set, zero value otherwise.
+func (o *FCMConfiguration) GetServiceAccountJson() map[string]interface{} {
+	if o == nil || o.ServiceAccountJson == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.ServiceAccountJson
+}
+
+// GetServiceAccountJsonOk returns a tuple with the ServiceAccountJson field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *FCMConfiguration) GetServiceAccountJsonOk() (map[string]interface{}, bool) {
+	if o == nil || o.ServiceAccountJson == nil {
+		return nil, false
+	}
+	return o.ServiceAccountJson, true
+}
+
+// HasServiceAccountJson returns a boolean if a field has been set.
+func (o *FCMConfiguration) HasServiceAccountJson() bool {
+	if o != nil && o.ServiceAccountJson != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetServiceAccountJson gets a reference to the given map[string]interface{} and assigns it to the ServiceAccountJson field.
+func (o *FCMConfiguration) SetServiceAccountJson(v map[string]interface{}) {
+	o.ServiceAccountJson = v
+}
+
+func (o FCMConfiguration) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.FileName != nil {
+		toSerialize["fileName"] = o.FileName
+	}
+	if o.ProjectId != nil {
+		toSerialize["projectId"] = o.ProjectId
+	}
+	if o.ServiceAccountJson != nil {
+		toSerialize["serviceAccountJson"] = o.ServiceAccountJson
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *FCMConfiguration) UnmarshalJSON(bytes []byte) (err error) {
+	varFCMConfiguration := _FCMConfiguration{}
+
+	err = json.Unmarshal(bytes, &varFCMConfiguration)
+	if err == nil {
+		*o = FCMConfiguration(varFCMConfiguration)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "fileName")
+		delete(additionalProperties, "projectId")
+		delete(additionalProperties, "serviceAccountJson")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableFCMConfiguration struct {
+	value *FCMConfiguration
+	isSet bool
+}
+
+func (v NullableFCMConfiguration) Get() *FCMConfiguration {
+	return v.value
+}
+
+func (v *NullableFCMConfiguration) Set(val *FCMConfiguration) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFCMConfiguration) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFCMConfiguration) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFCMConfiguration(val *FCMConfiguration) *NullableFCMConfiguration {
+	return &NullableFCMConfiguration{value: val, isSet: true}
+}
+
+func (v NullableFCMConfiguration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFCMConfiguration) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_fcm_push_provider.go b/okta/model_fcm_push_provider.go
new file mode 100644
index 000000000..d4c7a12e6
--- /dev/null
+++ b/okta/model_fcm_push_provider.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// FCMPushProvider struct for FCMPushProvider
+type FCMPushProvider struct {
+	PushProvider
+	Configuration        *FCMConfiguration `json:"configuration,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _FCMPushProvider FCMPushProvider
+
+// NewFCMPushProvider instantiates a new FCMPushProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewFCMPushProvider() *FCMPushProvider {
+	this := FCMPushProvider{}
+	return &this
+}
+
+// NewFCMPushProviderWithDefaults instantiates a new FCMPushProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewFCMPushProviderWithDefaults() *FCMPushProvider {
+	this := FCMPushProvider{}
+	return &this
+}
+
+// GetConfiguration returns the Configuration field value if set, zero value otherwise.
+func (o *FCMPushProvider) GetConfiguration() FCMConfiguration {
+	if o == nil || o.Configuration == nil {
+		var ret FCMConfiguration
+		return ret
+	}
+	return *o.Configuration
+}
+
+// GetConfigurationOk returns a tuple with the Configuration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *FCMPushProvider) GetConfigurationOk() (*FCMConfiguration, bool) {
+	if o == nil || o.Configuration == nil {
+		return nil, false
+	}
+	return o.Configuration, true
+}
+
+// HasConfiguration returns a boolean if a field has been set.
+func (o *FCMPushProvider) HasConfiguration() bool {
+	if o != nil && o.Configuration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfiguration gets a reference to the given FCMConfiguration and assigns it to the Configuration field.
+func (o *FCMPushProvider) SetConfiguration(v FCMConfiguration) {
+	o.Configuration = &v
+}
+
+func (o FCMPushProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPushProvider, errPushProvider := json.Marshal(o.PushProvider)
+	if errPushProvider != nil {
+		return []byte{}, errPushProvider
+	}
+	errPushProvider = json.Unmarshal([]byte(serializedPushProvider), &toSerialize)
+	if errPushProvider != nil {
+		return []byte{}, errPushProvider
+	}
+	if o.Configuration != nil {
+		toSerialize["configuration"] = o.Configuration
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *FCMPushProvider) UnmarshalJSON(bytes []byte) (err error) {
+	type FCMPushProviderWithoutEmbeddedStruct struct {
+		Configuration *FCMConfiguration `json:"configuration,omitempty"`
+	}
+
+	varFCMPushProviderWithoutEmbeddedStruct := FCMPushProviderWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varFCMPushProviderWithoutEmbeddedStruct)
+	if err == nil {
+		varFCMPushProvider := _FCMPushProvider{}
+		varFCMPushProvider.Configuration = varFCMPushProviderWithoutEmbeddedStruct.Configuration
+		*o = FCMPushProvider(varFCMPushProvider)
+	} else {
+		return err
+	}
+
+	varFCMPushProvider := _FCMPushProvider{}
+
+	err = json.Unmarshal(bytes, &varFCMPushProvider)
+	if err == nil {
+		o.PushProvider = varFCMPushProvider.PushProvider
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "configuration")
+
+		// remove fields from embedded structs
+		reflectPushProvider := reflect.ValueOf(o.PushProvider)
+		for i := 0; i < reflectPushProvider.Type().NumField(); i++ {
+			t := reflectPushProvider.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableFCMPushProvider struct {
+	value *FCMPushProvider
+	isSet bool
+}
+
+func (v NullableFCMPushProvider) Get() *FCMPushProvider {
+	return v.value
+}
+
+func (v *NullableFCMPushProvider) Set(val *FCMPushProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFCMPushProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFCMPushProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFCMPushProvider(val *FCMPushProvider) *NullableFCMPushProvider {
+	return &NullableFCMPushProvider{value: val, isSet: true}
+}
+
+func (v NullableFCMPushProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFCMPushProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_fcm_push_provider_all_of.go b/okta/model_fcm_push_provider_all_of.go
new file mode 100644
index 000000000..38cf4687e
--- /dev/null
+++ b/okta/model_fcm_push_provider_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// FCMPushProviderAllOf struct for FCMPushProviderAllOf
+type FCMPushProviderAllOf struct {
+	Configuration        *FCMConfiguration `json:"configuration,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _FCMPushProviderAllOf FCMPushProviderAllOf
+
+// NewFCMPushProviderAllOf instantiates a new FCMPushProviderAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewFCMPushProviderAllOf() *FCMPushProviderAllOf {
+	this := FCMPushProviderAllOf{}
+	return &this
+}
+
+// NewFCMPushProviderAllOfWithDefaults instantiates a new FCMPushProviderAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewFCMPushProviderAllOfWithDefaults() *FCMPushProviderAllOf {
+	this := FCMPushProviderAllOf{}
+	return &this
+}
+
+// GetConfiguration returns the Configuration field value if set, zero value otherwise.
+func (o *FCMPushProviderAllOf) GetConfiguration() FCMConfiguration {
+	if o == nil || o.Configuration == nil {
+		var ret FCMConfiguration
+		return ret
+	}
+	return *o.Configuration
+}
+
+// GetConfigurationOk returns a tuple with the Configuration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *FCMPushProviderAllOf) GetConfigurationOk() (*FCMConfiguration, bool) {
+	if o == nil || o.Configuration == nil {
+		return nil, false
+	}
+	return o.Configuration, true
+}
+
+// HasConfiguration returns a boolean if a field has been set.
+func (o *FCMPushProviderAllOf) HasConfiguration() bool {
+	if o != nil && o.Configuration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfiguration gets a reference to the given FCMConfiguration and assigns it to the Configuration field.
+func (o *FCMPushProviderAllOf) SetConfiguration(v FCMConfiguration) {
+	o.Configuration = &v
+}
+
+func (o FCMPushProviderAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Configuration != nil {
+		toSerialize["configuration"] = o.Configuration
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *FCMPushProviderAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varFCMPushProviderAllOf := _FCMPushProviderAllOf{}
+
+	err = json.Unmarshal(bytes, &varFCMPushProviderAllOf)
+	if err == nil {
+		*o = FCMPushProviderAllOf(varFCMPushProviderAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "configuration")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableFCMPushProviderAllOf struct {
+	value *FCMPushProviderAllOf
+	isSet bool
+}
+
+func (v NullableFCMPushProviderAllOf) Get() *FCMPushProviderAllOf {
+	return v.value
+}
+
+func (v *NullableFCMPushProviderAllOf) Set(val *FCMPushProviderAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFCMPushProviderAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFCMPushProviderAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFCMPushProviderAllOf(val *FCMPushProviderAllOf) *NullableFCMPushProviderAllOf {
+	return &NullableFCMPushProviderAllOf{value: val, isSet: true}
+}
+
+func (v NullableFCMPushProviderAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFCMPushProviderAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_feature.go b/okta/model_feature.go
new file mode 100644
index 000000000..16f609c2e
--- /dev/null
+++ b/okta/model_feature.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Feature struct for Feature
+type Feature struct {
+	Description          *string                           `json:"description,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Stage                *FeatureStage                     `json:"stage,omitempty"`
+	Status               *EnabledStatus                    `json:"status,omitempty"`
+	Type                 *FeatureType                      `json:"type,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Feature Feature
+
+// NewFeature instantiates a new Feature object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewFeature() *Feature {
+	this := Feature{}
+	return &this
+}
+
+// NewFeatureWithDefaults instantiates a new Feature object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewFeatureWithDefaults() *Feature {
+	this := Feature{}
+	return &this
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *Feature) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Feature) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *Feature) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *Feature) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Feature) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Feature) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Feature) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Feature) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *Feature) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Feature) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *Feature) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *Feature) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStage returns the Stage field value if set, zero value otherwise.
+func (o *Feature) GetStage() FeatureStage {
+	if o == nil || o.Stage == nil {
+		var ret FeatureStage
+		return ret
+	}
+	return *o.Stage
+}
+
+// GetStageOk returns a tuple with the Stage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Feature) GetStageOk() (*FeatureStage, bool) {
+	if o == nil || o.Stage == nil {
+		return nil, false
+	}
+	return o.Stage, true
+}
+
+// HasStage returns a boolean if a field has been set.
+func (o *Feature) HasStage() bool {
+	if o != nil && o.Stage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStage gets a reference to the given FeatureStage and assigns it to the Stage field.
+func (o *Feature) SetStage(v FeatureStage) {
+	o.Stage = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Feature) GetStatus() EnabledStatus {
+	if o == nil || o.Status == nil {
+		var ret EnabledStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Feature) GetStatusOk() (*EnabledStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Feature) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given EnabledStatus and assigns it to the Status field.
+func (o *Feature) SetStatus(v EnabledStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *Feature) GetType() FeatureType {
+	if o == nil || o.Type == nil {
+		var ret FeatureType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Feature) GetTypeOk() (*FeatureType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *Feature) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given FeatureType and assigns it to the Type field.
+func (o *Feature) SetType(v FeatureType) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Feature) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Feature) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Feature) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *Feature) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o Feature) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Stage != nil {
+		toSerialize["stage"] = o.Stage
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Feature) UnmarshalJSON(bytes []byte) (err error) {
+	varFeature := _Feature{}
+
+	err = json.Unmarshal(bytes, &varFeature)
+	if err == nil {
+		*o = Feature(varFeature)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "stage")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableFeature struct {
+	value *Feature
+	isSet bool
+}
+
+func (v NullableFeature) Get() *Feature {
+	return v.value
+}
+
+func (v *NullableFeature) Set(val *Feature) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFeature) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFeature) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFeature(val *Feature) *NullableFeature {
+	return &NullableFeature{value: val, isSet: true}
+}
+
+func (v NullableFeature) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFeature) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_feature_stage.go b/okta/model_feature_stage.go
new file mode 100644
index 000000000..16b2fa21c
--- /dev/null
+++ b/okta/model_feature_stage.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// FeatureStage struct for FeatureStage
+type FeatureStage struct {
+	State                *FeatureStageState `json:"state,omitempty"`
+	Value                *FeatureStageValue `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _FeatureStage FeatureStage
+
+// NewFeatureStage instantiates a new FeatureStage object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewFeatureStage() *FeatureStage {
+	this := FeatureStage{}
+	return &this
+}
+
+// NewFeatureStageWithDefaults instantiates a new FeatureStage object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewFeatureStageWithDefaults() *FeatureStage {
+	this := FeatureStage{}
+	return &this
+}
+
+// GetState returns the State field value if set, zero value otherwise.
+func (o *FeatureStage) GetState() FeatureStageState {
+	if o == nil || o.State == nil {
+		var ret FeatureStageState
+		return ret
+	}
+	return *o.State
+}
+
+// GetStateOk returns a tuple with the State field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *FeatureStage) GetStateOk() (*FeatureStageState, bool) {
+	if o == nil || o.State == nil {
+		return nil, false
+	}
+	return o.State, true
+}
+
+// HasState returns a boolean if a field has been set.
+func (o *FeatureStage) HasState() bool {
+	if o != nil && o.State != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetState gets a reference to the given FeatureStageState and assigns it to the State field.
+func (o *FeatureStage) SetState(v FeatureStageState) {
+	o.State = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *FeatureStage) GetValue() FeatureStageValue {
+	if o == nil || o.Value == nil {
+		var ret FeatureStageValue
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *FeatureStage) GetValueOk() (*FeatureStageValue, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *FeatureStage) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given FeatureStageValue and assigns it to the Value field.
+func (o *FeatureStage) SetValue(v FeatureStageValue) {
+	o.Value = &v
+}
+
+func (o FeatureStage) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.State != nil {
+		toSerialize["state"] = o.State
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *FeatureStage) UnmarshalJSON(bytes []byte) (err error) {
+	varFeatureStage := _FeatureStage{}
+
+	err = json.Unmarshal(bytes, &varFeatureStage)
+	if err == nil {
+		*o = FeatureStage(varFeatureStage)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "state")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableFeatureStage struct {
+	value *FeatureStage
+	isSet bool
+}
+
+func (v NullableFeatureStage) Get() *FeatureStage {
+	return v.value
+}
+
+func (v *NullableFeatureStage) Set(val *FeatureStage) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFeatureStage) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFeatureStage) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFeatureStage(val *FeatureStage) *NullableFeatureStage {
+	return &NullableFeatureStage{value: val, isSet: true}
+}
+
+func (v NullableFeatureStage) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFeatureStage) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_feature_stage_state.go b/okta/model_feature_stage_state.go
new file mode 100644
index 000000000..7781813e1
--- /dev/null
+++ b/okta/model_feature_stage_state.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FeatureStageState the model 'FeatureStageState'
+type FeatureStageState string
+
+// List of FeatureStageState
+const (
+	FEATURESTAGESTATE_CLOSED FeatureStageState = "CLOSED"
+	FEATURESTAGESTATE_OPEN   FeatureStageState = "OPEN"
+)
+
+// All allowed values of FeatureStageState enum
+var AllowedFeatureStageStateEnumValues = []FeatureStageState{
+	"CLOSED",
+	"OPEN",
+}
+
+func (v *FeatureStageState) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FeatureStageState(value)
+	for _, existing := range AllowedFeatureStageStateEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FeatureStageState", value)
+}
+
+// NewFeatureStageStateFromValue returns a pointer to a valid FeatureStageState
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFeatureStageStateFromValue(v string) (*FeatureStageState, error) {
+	ev := FeatureStageState(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FeatureStageState: valid values are %v", v, AllowedFeatureStageStateEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FeatureStageState) IsValid() bool {
+	for _, existing := range AllowedFeatureStageStateEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FeatureStageState value
+func (v FeatureStageState) Ptr() *FeatureStageState {
+	return &v
+}
+
+type NullableFeatureStageState struct {
+	value *FeatureStageState
+	isSet bool
+}
+
+func (v NullableFeatureStageState) Get() *FeatureStageState {
+	return v.value
+}
+
+func (v *NullableFeatureStageState) Set(val *FeatureStageState) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFeatureStageState) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFeatureStageState) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFeatureStageState(val *FeatureStageState) *NullableFeatureStageState {
+	return &NullableFeatureStageState{value: val, isSet: true}
+}
+
+func (v NullableFeatureStageState) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFeatureStageState) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_feature_stage_value.go b/okta/model_feature_stage_value.go
new file mode 100644
index 000000000..7aa7d48cc
--- /dev/null
+++ b/okta/model_feature_stage_value.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FeatureStageValue the model 'FeatureStageValue'
+type FeatureStageValue string
+
+// List of FeatureStageValue
+const (
+	FEATURESTAGEVALUE_BETA FeatureStageValue = "BETA"
+	FEATURESTAGEVALUE_EA   FeatureStageValue = "EA"
+)
+
+// All allowed values of FeatureStageValue enum
+var AllowedFeatureStageValueEnumValues = []FeatureStageValue{
+	"BETA",
+	"EA",
+}
+
+func (v *FeatureStageValue) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FeatureStageValue(value)
+	for _, existing := range AllowedFeatureStageValueEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FeatureStageValue", value)
+}
+
+// NewFeatureStageValueFromValue returns a pointer to a valid FeatureStageValue
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFeatureStageValueFromValue(v string) (*FeatureStageValue, error) {
+	ev := FeatureStageValue(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FeatureStageValue: valid values are %v", v, AllowedFeatureStageValueEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FeatureStageValue) IsValid() bool {
+	for _, existing := range AllowedFeatureStageValueEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FeatureStageValue value
+func (v FeatureStageValue) Ptr() *FeatureStageValue {
+	return &v
+}
+
+type NullableFeatureStageValue struct {
+	value *FeatureStageValue
+	isSet bool
+}
+
+func (v NullableFeatureStageValue) Get() *FeatureStageValue {
+	return v.value
+}
+
+func (v *NullableFeatureStageValue) Set(val *FeatureStageValue) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFeatureStageValue) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFeatureStageValue) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFeatureStageValue(val *FeatureStageValue) *NullableFeatureStageValue {
+	return &NullableFeatureStageValue{value: val, isSet: true}
+}
+
+func (v NullableFeatureStageValue) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFeatureStageValue) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_feature_type.go b/okta/model_feature_type.go
new file mode 100644
index 000000000..777a0787b
--- /dev/null
+++ b/okta/model_feature_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FeatureType the model 'FeatureType'
+type FeatureType string
+
+// List of FeatureType
+const (
+	FEATURETYPE_SELF_SERVICE FeatureType = "self-service"
+)
+
+// All allowed values of FeatureType enum
+var AllowedFeatureTypeEnumValues = []FeatureType{
+	"self-service",
+}
+
+func (v *FeatureType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FeatureType(value)
+	for _, existing := range AllowedFeatureTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FeatureType", value)
+}
+
+// NewFeatureTypeFromValue returns a pointer to a valid FeatureType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFeatureTypeFromValue(v string) (*FeatureType, error) {
+	ev := FeatureType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FeatureType: valid values are %v", v, AllowedFeatureTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FeatureType) IsValid() bool {
+	for _, existing := range AllowedFeatureTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FeatureType value
+func (v FeatureType) Ptr() *FeatureType {
+	return &v
+}
+
+type NullableFeatureType struct {
+	value *FeatureType
+	isSet bool
+}
+
+func (v NullableFeatureType) Get() *FeatureType {
+	return v.value
+}
+
+func (v *NullableFeatureType) Set(val *FeatureType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFeatureType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFeatureType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFeatureType(val *FeatureType) *NullableFeatureType {
+	return &NullableFeatureType{value: val, isSet: true}
+}
+
+func (v NullableFeatureType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFeatureType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_fips_enum.go b/okta/model_fips_enum.go
new file mode 100644
index 000000000..82e85ffd4
--- /dev/null
+++ b/okta/model_fips_enum.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// FipsEnum the model 'FipsEnum'
+type FipsEnum string
+
+// List of FipsEnum
+const (
+	FIPSENUM_OPTIONAL FipsEnum = "OPTIONAL"
+	FIPSENUM_REQUIRED FipsEnum = "REQUIRED"
+)
+
+// All allowed values of FipsEnum enum
+var AllowedFipsEnumEnumValues = []FipsEnum{
+	"OPTIONAL",
+	"REQUIRED",
+}
+
+func (v *FipsEnum) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := FipsEnum(value)
+	for _, existing := range AllowedFipsEnumEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid FipsEnum", value)
+}
+
+// NewFipsEnumFromValue returns a pointer to a valid FipsEnum
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewFipsEnumFromValue(v string) (*FipsEnum, error) {
+	ev := FipsEnum(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for FipsEnum: valid values are %v", v, AllowedFipsEnumEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v FipsEnum) IsValid() bool {
+	for _, existing := range AllowedFipsEnumEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to FipsEnum value
+func (v FipsEnum) Ptr() *FipsEnum {
+	return &v
+}
+
+type NullableFipsEnum struct {
+	value *FipsEnum
+	isSet bool
+}
+
+func (v NullableFipsEnum) Get() *FipsEnum {
+	return v.value
+}
+
+func (v *NullableFipsEnum) Set(val *FipsEnum) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFipsEnum) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFipsEnum) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFipsEnum(val *FipsEnum) *NullableFipsEnum {
+	return &NullableFipsEnum{value: val, isSet: true}
+}
+
+func (v NullableFipsEnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFipsEnum) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_forgot_password_response.go b/okta/model_forgot_password_response.go
new file mode 100644
index 000000000..6756eab7b
--- /dev/null
+++ b/okta/model_forgot_password_response.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ForgotPasswordResponse struct for ForgotPasswordResponse
+type ForgotPasswordResponse struct {
+	ResetPasswordUrl     *string `json:"resetPasswordUrl,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ForgotPasswordResponse ForgotPasswordResponse
+
+// NewForgotPasswordResponse instantiates a new ForgotPasswordResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewForgotPasswordResponse() *ForgotPasswordResponse {
+	this := ForgotPasswordResponse{}
+	return &this
+}
+
+// NewForgotPasswordResponseWithDefaults instantiates a new ForgotPasswordResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewForgotPasswordResponseWithDefaults() *ForgotPasswordResponse {
+	this := ForgotPasswordResponse{}
+	return &this
+}
+
+// GetResetPasswordUrl returns the ResetPasswordUrl field value if set, zero value otherwise.
+func (o *ForgotPasswordResponse) GetResetPasswordUrl() string {
+	if o == nil || o.ResetPasswordUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.ResetPasswordUrl
+}
+
+// GetResetPasswordUrlOk returns a tuple with the ResetPasswordUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ForgotPasswordResponse) GetResetPasswordUrlOk() (*string, bool) {
+	if o == nil || o.ResetPasswordUrl == nil {
+		return nil, false
+	}
+	return o.ResetPasswordUrl, true
+}
+
+// HasResetPasswordUrl returns a boolean if a field has been set.
+func (o *ForgotPasswordResponse) HasResetPasswordUrl() bool {
+	if o != nil && o.ResetPasswordUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResetPasswordUrl gets a reference to the given string and assigns it to the ResetPasswordUrl field.
+func (o *ForgotPasswordResponse) SetResetPasswordUrl(v string) {
+	o.ResetPasswordUrl = &v
+}
+
+func (o ForgotPasswordResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ResetPasswordUrl != nil {
+		toSerialize["resetPasswordUrl"] = o.ResetPasswordUrl
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ForgotPasswordResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varForgotPasswordResponse := _ForgotPasswordResponse{}
+
+	err = json.Unmarshal(bytes, &varForgotPasswordResponse)
+	if err == nil {
+		*o = ForgotPasswordResponse(varForgotPasswordResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "resetPasswordUrl")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableForgotPasswordResponse struct {
+	value *ForgotPasswordResponse
+	isSet bool
+}
+
+func (v NullableForgotPasswordResponse) Get() *ForgotPasswordResponse {
+	return v.value
+}
+
+func (v *NullableForgotPasswordResponse) Set(val *ForgotPasswordResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableForgotPasswordResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableForgotPasswordResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableForgotPasswordResponse(val *ForgotPasswordResponse) *NullableForgotPasswordResponse {
+	return &NullableForgotPasswordResponse{value: val, isSet: true}
+}
+
+func (v NullableForgotPasswordResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableForgotPasswordResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_grant_or_token_status.go b/okta/model_grant_or_token_status.go
new file mode 100644
index 000000000..81ccf8346
--- /dev/null
+++ b/okta/model_grant_or_token_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// GrantOrTokenStatus the model 'GrantOrTokenStatus'
+type GrantOrTokenStatus string
+
+// List of GrantOrTokenStatus
+const (
+	GRANTORTOKENSTATUS_ACTIVE  GrantOrTokenStatus = "ACTIVE"
+	GRANTORTOKENSTATUS_REVOKED GrantOrTokenStatus = "REVOKED"
+)
+
+// All allowed values of GrantOrTokenStatus enum
+var AllowedGrantOrTokenStatusEnumValues = []GrantOrTokenStatus{
+	"ACTIVE",
+	"REVOKED",
+}
+
+func (v *GrantOrTokenStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := GrantOrTokenStatus(value)
+	for _, existing := range AllowedGrantOrTokenStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid GrantOrTokenStatus", value)
+}
+
+// NewGrantOrTokenStatusFromValue returns a pointer to a valid GrantOrTokenStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewGrantOrTokenStatusFromValue(v string) (*GrantOrTokenStatus, error) {
+	ev := GrantOrTokenStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for GrantOrTokenStatus: valid values are %v", v, AllowedGrantOrTokenStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v GrantOrTokenStatus) IsValid() bool {
+	for _, existing := range AllowedGrantOrTokenStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to GrantOrTokenStatus value
+func (v GrantOrTokenStatus) Ptr() *GrantOrTokenStatus {
+	return &v
+}
+
+type NullableGrantOrTokenStatus struct {
+	value *GrantOrTokenStatus
+	isSet bool
+}
+
+func (v NullableGrantOrTokenStatus) Get() *GrantOrTokenStatus {
+	return v.value
+}
+
+func (v *NullableGrantOrTokenStatus) Set(val *GrantOrTokenStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGrantOrTokenStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGrantOrTokenStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGrantOrTokenStatus(val *GrantOrTokenStatus) *NullableGrantOrTokenStatus {
+	return &NullableGrantOrTokenStatus{value: val, isSet: true}
+}
+
+func (v NullableGrantOrTokenStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGrantOrTokenStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_grant_type_policy_rule_condition.go b/okta/model_grant_type_policy_rule_condition.go
new file mode 100644
index 000000000..502b8f1d3
--- /dev/null
+++ b/okta/model_grant_type_policy_rule_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GrantTypePolicyRuleCondition struct for GrantTypePolicyRuleCondition
+type GrantTypePolicyRuleCondition struct {
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GrantTypePolicyRuleCondition GrantTypePolicyRuleCondition
+
+// NewGrantTypePolicyRuleCondition instantiates a new GrantTypePolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGrantTypePolicyRuleCondition() *GrantTypePolicyRuleCondition {
+	this := GrantTypePolicyRuleCondition{}
+	return &this
+}
+
+// NewGrantTypePolicyRuleConditionWithDefaults instantiates a new GrantTypePolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGrantTypePolicyRuleConditionWithDefaults() *GrantTypePolicyRuleCondition {
+	this := GrantTypePolicyRuleCondition{}
+	return &this
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *GrantTypePolicyRuleCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GrantTypePolicyRuleCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *GrantTypePolicyRuleCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *GrantTypePolicyRuleCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o GrantTypePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GrantTypePolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varGrantTypePolicyRuleCondition := _GrantTypePolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varGrantTypePolicyRuleCondition)
+	if err == nil {
+		*o = GrantTypePolicyRuleCondition(varGrantTypePolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGrantTypePolicyRuleCondition struct {
+	value *GrantTypePolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableGrantTypePolicyRuleCondition) Get() *GrantTypePolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableGrantTypePolicyRuleCondition) Set(val *GrantTypePolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGrantTypePolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGrantTypePolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGrantTypePolicyRuleCondition(val *GrantTypePolicyRuleCondition) *NullableGrantTypePolicyRuleCondition {
+	return &NullableGrantTypePolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableGrantTypePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGrantTypePolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group.go b/okta/model_group.go
new file mode 100644
index 000000000..e8a27a9e6
--- /dev/null
+++ b/okta/model_group.go
@@ -0,0 +1,455 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Group struct for Group
+type Group struct {
+	Created               *time.Time                        `json:"created,omitempty"`
+	Id                    *string                           `json:"id,omitempty"`
+	LastMembershipUpdated *time.Time                        `json:"lastMembershipUpdated,omitempty"`
+	LastUpdated           *time.Time                        `json:"lastUpdated,omitempty"`
+	ObjectClass           []string                          `json:"objectClass,omitempty"`
+	Profile               *GroupProfile                     `json:"profile,omitempty"`
+	Type                  *GroupType                        `json:"type,omitempty"`
+	Embedded              map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                 *GroupLinks                       `json:"_links,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _Group Group
+
+// NewGroup instantiates a new Group object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroup() *Group {
+	this := Group{}
+	return &this
+}
+
+// NewGroupWithDefaults instantiates a new Group object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupWithDefaults() *Group {
+	this := Group{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Group) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Group) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Group) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Group) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Group) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Group) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastMembershipUpdated returns the LastMembershipUpdated field value if set, zero value otherwise.
+func (o *Group) GetLastMembershipUpdated() time.Time {
+	if o == nil || o.LastMembershipUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastMembershipUpdated
+}
+
+// GetLastMembershipUpdatedOk returns a tuple with the LastMembershipUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetLastMembershipUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastMembershipUpdated == nil {
+		return nil, false
+	}
+	return o.LastMembershipUpdated, true
+}
+
+// HasLastMembershipUpdated returns a boolean if a field has been set.
+func (o *Group) HasLastMembershipUpdated() bool {
+	if o != nil && o.LastMembershipUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastMembershipUpdated gets a reference to the given time.Time and assigns it to the LastMembershipUpdated field.
+func (o *Group) SetLastMembershipUpdated(v time.Time) {
+	o.LastMembershipUpdated = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *Group) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *Group) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *Group) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetObjectClass returns the ObjectClass field value if set, zero value otherwise.
+func (o *Group) GetObjectClass() []string {
+	if o == nil || o.ObjectClass == nil {
+		var ret []string
+		return ret
+	}
+	return o.ObjectClass
+}
+
+// GetObjectClassOk returns a tuple with the ObjectClass field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetObjectClassOk() ([]string, bool) {
+	if o == nil || o.ObjectClass == nil {
+		return nil, false
+	}
+	return o.ObjectClass, true
+}
+
+// HasObjectClass returns a boolean if a field has been set.
+func (o *Group) HasObjectClass() bool {
+	if o != nil && o.ObjectClass != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetObjectClass gets a reference to the given []string and assigns it to the ObjectClass field.
+func (o *Group) SetObjectClass(v []string) {
+	o.ObjectClass = v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *Group) GetProfile() GroupProfile {
+	if o == nil || o.Profile == nil {
+		var ret GroupProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetProfileOk() (*GroupProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *Group) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given GroupProfile and assigns it to the Profile field.
+func (o *Group) SetProfile(v GroupProfile) {
+	o.Profile = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *Group) GetType() GroupType {
+	if o == nil || o.Type == nil {
+		var ret GroupType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetTypeOk() (*GroupType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *Group) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given GroupType and assigns it to the Type field.
+func (o *Group) SetType(v GroupType) {
+	o.Type = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *Group) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *Group) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *Group) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Group) GetLinks() GroupLinks {
+	if o == nil || o.Links == nil {
+		var ret GroupLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Group) GetLinksOk() (*GroupLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Group) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given GroupLinks and assigns it to the Links field.
+func (o *Group) SetLinks(v GroupLinks) {
+	o.Links = &v
+}
+
+func (o Group) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastMembershipUpdated != nil {
+		toSerialize["lastMembershipUpdated"] = o.LastMembershipUpdated
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.ObjectClass != nil {
+		toSerialize["objectClass"] = o.ObjectClass
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Group) UnmarshalJSON(bytes []byte) (err error) {
+	varGroup := _Group{}
+
+	err = json.Unmarshal(bytes, &varGroup)
+	if err == nil {
+		*o = Group(varGroup)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastMembershipUpdated")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "objectClass")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroup struct {
+	value *Group
+	isSet bool
+}
+
+func (v NullableGroup) Get() *Group {
+	return v.value
+}
+
+func (v *NullableGroup) Set(val *Group) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroup) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroup) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroup(val *Group) *NullableGroup {
+	return &NullableGroup{value: val, isSet: true}
+}
+
+func (v NullableGroup) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroup) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group__links.go b/okta/model_group__links.go
new file mode 100644
index 000000000..c13e17e6a
--- /dev/null
+++ b/okta/model_group__links.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupLinks struct for GroupLinks
+type GroupLinks struct {
+	Apps                 *HrefObject  `json:"apps,omitempty"`
+	Logo                 []HrefObject `json:"logo,omitempty"`
+	Self                 *HrefObject  `json:"self,omitempty"`
+	Source               *HrefObject  `json:"source,omitempty"`
+	Users                *HrefObject  `json:"users,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupLinks GroupLinks
+
+// NewGroupLinks instantiates a new GroupLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupLinks() *GroupLinks {
+	this := GroupLinks{}
+	return &this
+}
+
+// NewGroupLinksWithDefaults instantiates a new GroupLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupLinksWithDefaults() *GroupLinks {
+	this := GroupLinks{}
+	return &this
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *GroupLinks) GetApps() HrefObject {
+	if o == nil || o.Apps == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupLinks) GetAppsOk() (*HrefObject, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *GroupLinks) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given HrefObject and assigns it to the Apps field.
+func (o *GroupLinks) SetApps(v HrefObject) {
+	o.Apps = &v
+}
+
+// GetLogo returns the Logo field value if set, zero value otherwise.
+func (o *GroupLinks) GetLogo() []HrefObject {
+	if o == nil || o.Logo == nil {
+		var ret []HrefObject
+		return ret
+	}
+	return o.Logo
+}
+
+// GetLogoOk returns a tuple with the Logo field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupLinks) GetLogoOk() ([]HrefObject, bool) {
+	if o == nil || o.Logo == nil {
+		return nil, false
+	}
+	return o.Logo, true
+}
+
+// HasLogo returns a boolean if a field has been set.
+func (o *GroupLinks) HasLogo() bool {
+	if o != nil && o.Logo != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogo gets a reference to the given []HrefObject and assigns it to the Logo field.
+func (o *GroupLinks) SetLogo(v []HrefObject) {
+	o.Logo = v
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *GroupLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *GroupLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *GroupLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetSource returns the Source field value if set, zero value otherwise.
+func (o *GroupLinks) GetSource() HrefObject {
+	if o == nil || o.Source == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Source
+}
+
+// GetSourceOk returns a tuple with the Source field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupLinks) GetSourceOk() (*HrefObject, bool) {
+	if o == nil || o.Source == nil {
+		return nil, false
+	}
+	return o.Source, true
+}
+
+// HasSource returns a boolean if a field has been set.
+func (o *GroupLinks) HasSource() bool {
+	if o != nil && o.Source != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSource gets a reference to the given HrefObject and assigns it to the Source field.
+func (o *GroupLinks) SetSource(v HrefObject) {
+	o.Source = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *GroupLinks) GetUsers() HrefObject {
+	if o == nil || o.Users == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupLinks) GetUsersOk() (*HrefObject, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *GroupLinks) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given HrefObject and assigns it to the Users field.
+func (o *GroupLinks) SetUsers(v HrefObject) {
+	o.Users = &v
+}
+
+func (o GroupLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.Logo != nil {
+		toSerialize["logo"] = o.Logo
+	}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Source != nil {
+		toSerialize["source"] = o.Source
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupLinks := _GroupLinks{}
+
+	err = json.Unmarshal(bytes, &varGroupLinks)
+	if err == nil {
+		*o = GroupLinks(varGroupLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "logo")
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "source")
+		delete(additionalProperties, "users")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupLinks struct {
+	value *GroupLinks
+	isSet bool
+}
+
+func (v NullableGroupLinks) Get() *GroupLinks {
+	return v.value
+}
+
+func (v *NullableGroupLinks) Set(val *GroupLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupLinks(val *GroupLinks) *NullableGroupLinks {
+	return &NullableGroupLinks{value: val, isSet: true}
+}
+
+func (v NullableGroupLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_condition.go b/okta/model_group_condition.go
new file mode 100644
index 000000000..a341696ae
--- /dev/null
+++ b/okta/model_group_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupCondition struct for GroupCondition
+type GroupCondition struct {
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupCondition GroupCondition
+
+// NewGroupCondition instantiates a new GroupCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupCondition() *GroupCondition {
+	this := GroupCondition{}
+	return &this
+}
+
+// NewGroupConditionWithDefaults instantiates a new GroupCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupConditionWithDefaults() *GroupCondition {
+	this := GroupCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *GroupCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *GroupCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *GroupCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *GroupCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *GroupCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *GroupCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o GroupCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupCondition := _GroupCondition{}
+
+	err = json.Unmarshal(bytes, &varGroupCondition)
+	if err == nil {
+		*o = GroupCondition(varGroupCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupCondition struct {
+	value *GroupCondition
+	isSet bool
+}
+
+func (v NullableGroupCondition) Get() *GroupCondition {
+	return v.value
+}
+
+func (v *NullableGroupCondition) Set(val *GroupCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupCondition(val *GroupCondition) *NullableGroupCondition {
+	return &NullableGroupCondition{value: val, isSet: true}
+}
+
+func (v NullableGroupCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_owner.go b/okta/model_group_owner.go
new file mode 100644
index 000000000..5f4533a51
--- /dev/null
+++ b/okta/model_group_owner.go
@@ -0,0 +1,381 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// GroupOwner struct for GroupOwner
+type GroupOwner struct {
+	DisplayName          *string               `json:"displayName,omitempty"`
+	Id                   *string               `json:"id,omitempty"`
+	LastUpdated          *time.Time            `json:"lastUpdated,omitempty"`
+	OriginId             *string               `json:"originId,omitempty"`
+	OriginType           *GroupOwnerOriginType `json:"originType,omitempty"`
+	Resolved             *bool                 `json:"resolved,omitempty"`
+	Type                 *GroupOwnerType       `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupOwner GroupOwner
+
+// NewGroupOwner instantiates a new GroupOwner object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupOwner() *GroupOwner {
+	this := GroupOwner{}
+	return &this
+}
+
+// NewGroupOwnerWithDefaults instantiates a new GroupOwner object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupOwnerWithDefaults() *GroupOwner {
+	this := GroupOwner{}
+	return &this
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *GroupOwner) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupOwner) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *GroupOwner) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *GroupOwner) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *GroupOwner) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupOwner) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *GroupOwner) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *GroupOwner) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *GroupOwner) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupOwner) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *GroupOwner) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *GroupOwner) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetOriginId returns the OriginId field value if set, zero value otherwise.
+func (o *GroupOwner) GetOriginId() string {
+	if o == nil || o.OriginId == nil {
+		var ret string
+		return ret
+	}
+	return *o.OriginId
+}
+
+// GetOriginIdOk returns a tuple with the OriginId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupOwner) GetOriginIdOk() (*string, bool) {
+	if o == nil || o.OriginId == nil {
+		return nil, false
+	}
+	return o.OriginId, true
+}
+
+// HasOriginId returns a boolean if a field has been set.
+func (o *GroupOwner) HasOriginId() bool {
+	if o != nil && o.OriginId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOriginId gets a reference to the given string and assigns it to the OriginId field.
+func (o *GroupOwner) SetOriginId(v string) {
+	o.OriginId = &v
+}
+
+// GetOriginType returns the OriginType field value if set, zero value otherwise.
+func (o *GroupOwner) GetOriginType() GroupOwnerOriginType {
+	if o == nil || o.OriginType == nil {
+		var ret GroupOwnerOriginType
+		return ret
+	}
+	return *o.OriginType
+}
+
+// GetOriginTypeOk returns a tuple with the OriginType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupOwner) GetOriginTypeOk() (*GroupOwnerOriginType, bool) {
+	if o == nil || o.OriginType == nil {
+		return nil, false
+	}
+	return o.OriginType, true
+}
+
+// HasOriginType returns a boolean if a field has been set.
+func (o *GroupOwner) HasOriginType() bool {
+	if o != nil && o.OriginType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOriginType gets a reference to the given GroupOwnerOriginType and assigns it to the OriginType field.
+func (o *GroupOwner) SetOriginType(v GroupOwnerOriginType) {
+	o.OriginType = &v
+}
+
+// GetResolved returns the Resolved field value if set, zero value otherwise.
+func (o *GroupOwner) GetResolved() bool {
+	if o == nil || o.Resolved == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Resolved
+}
+
+// GetResolvedOk returns a tuple with the Resolved field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupOwner) GetResolvedOk() (*bool, bool) {
+	if o == nil || o.Resolved == nil {
+		return nil, false
+	}
+	return o.Resolved, true
+}
+
+// HasResolved returns a boolean if a field has been set.
+func (o *GroupOwner) HasResolved() bool {
+	if o != nil && o.Resolved != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResolved gets a reference to the given bool and assigns it to the Resolved field.
+func (o *GroupOwner) SetResolved(v bool) {
+	o.Resolved = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *GroupOwner) GetType() GroupOwnerType {
+	if o == nil || o.Type == nil {
+		var ret GroupOwnerType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupOwner) GetTypeOk() (*GroupOwnerType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *GroupOwner) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given GroupOwnerType and assigns it to the Type field.
+func (o *GroupOwner) SetType(v GroupOwnerType) {
+	o.Type = &v
+}
+
+func (o GroupOwner) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.OriginId != nil {
+		toSerialize["originId"] = o.OriginId
+	}
+	if o.OriginType != nil {
+		toSerialize["originType"] = o.OriginType
+	}
+	if o.Resolved != nil {
+		toSerialize["resolved"] = o.Resolved
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupOwner) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupOwner := _GroupOwner{}
+
+	err = json.Unmarshal(bytes, &varGroupOwner)
+	if err == nil {
+		*o = GroupOwner(varGroupOwner)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "originId")
+		delete(additionalProperties, "originType")
+		delete(additionalProperties, "resolved")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupOwner struct {
+	value *GroupOwner
+	isSet bool
+}
+
+func (v NullableGroupOwner) Get() *GroupOwner {
+	return v.value
+}
+
+func (v *NullableGroupOwner) Set(val *GroupOwner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupOwner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupOwner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupOwner(val *GroupOwner) *NullableGroupOwner {
+	return &NullableGroupOwner{value: val, isSet: true}
+}
+
+func (v NullableGroupOwner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupOwner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_owner_origin_type.go b/okta/model_group_owner_origin_type.go
new file mode 100644
index 000000000..036fc6c09
--- /dev/null
+++ b/okta/model_group_owner_origin_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// GroupOwnerOriginType the model 'GroupOwnerOriginType'
+type GroupOwnerOriginType string
+
+// List of GroupOwnerOriginType
+const (
+	GROUPOWNERORIGINTYPE_APPLICATION    GroupOwnerOriginType = "APPLICATION"
+	GROUPOWNERORIGINTYPE_OKTA_DIRECTORY GroupOwnerOriginType = "OKTA_DIRECTORY"
+)
+
+// All allowed values of GroupOwnerOriginType enum
+var AllowedGroupOwnerOriginTypeEnumValues = []GroupOwnerOriginType{
+	"APPLICATION",
+	"OKTA_DIRECTORY",
+}
+
+func (v *GroupOwnerOriginType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := GroupOwnerOriginType(value)
+	for _, existing := range AllowedGroupOwnerOriginTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid GroupOwnerOriginType", value)
+}
+
+// NewGroupOwnerOriginTypeFromValue returns a pointer to a valid GroupOwnerOriginType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewGroupOwnerOriginTypeFromValue(v string) (*GroupOwnerOriginType, error) {
+	ev := GroupOwnerOriginType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for GroupOwnerOriginType: valid values are %v", v, AllowedGroupOwnerOriginTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v GroupOwnerOriginType) IsValid() bool {
+	for _, existing := range AllowedGroupOwnerOriginTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to GroupOwnerOriginType value
+func (v GroupOwnerOriginType) Ptr() *GroupOwnerOriginType {
+	return &v
+}
+
+type NullableGroupOwnerOriginType struct {
+	value *GroupOwnerOriginType
+	isSet bool
+}
+
+func (v NullableGroupOwnerOriginType) Get() *GroupOwnerOriginType {
+	return v.value
+}
+
+func (v *NullableGroupOwnerOriginType) Set(val *GroupOwnerOriginType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupOwnerOriginType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupOwnerOriginType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupOwnerOriginType(val *GroupOwnerOriginType) *NullableGroupOwnerOriginType {
+	return &NullableGroupOwnerOriginType{value: val, isSet: true}
+}
+
+func (v NullableGroupOwnerOriginType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupOwnerOriginType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_owner_type.go b/okta/model_group_owner_type.go
new file mode 100644
index 000000000..5fc0c462e
--- /dev/null
+++ b/okta/model_group_owner_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// GroupOwnerType the model 'GroupOwnerType'
+type GroupOwnerType string
+
+// List of GroupOwnerType
+const (
+	GROUPOWNERTYPE_GROUP   GroupOwnerType = "GROUP"
+	GROUPOWNERTYPE_UNKNOWN GroupOwnerType = "UNKNOWN"
+	GROUPOWNERTYPE_USER    GroupOwnerType = "USER"
+)
+
+// All allowed values of GroupOwnerType enum
+var AllowedGroupOwnerTypeEnumValues = []GroupOwnerType{
+	"GROUP",
+	"UNKNOWN",
+	"USER",
+}
+
+func (v *GroupOwnerType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := GroupOwnerType(value)
+	for _, existing := range AllowedGroupOwnerTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid GroupOwnerType", value)
+}
+
+// NewGroupOwnerTypeFromValue returns a pointer to a valid GroupOwnerType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewGroupOwnerTypeFromValue(v string) (*GroupOwnerType, error) {
+	ev := GroupOwnerType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for GroupOwnerType: valid values are %v", v, AllowedGroupOwnerTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v GroupOwnerType) IsValid() bool {
+	for _, existing := range AllowedGroupOwnerTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to GroupOwnerType value
+func (v GroupOwnerType) Ptr() *GroupOwnerType {
+	return &v
+}
+
+type NullableGroupOwnerType struct {
+	value *GroupOwnerType
+	isSet bool
+}
+
+func (v NullableGroupOwnerType) Get() *GroupOwnerType {
+	return v.value
+}
+
+func (v *NullableGroupOwnerType) Set(val *GroupOwnerType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupOwnerType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupOwnerType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupOwnerType(val *GroupOwnerType) *NullableGroupOwnerType {
+	return &NullableGroupOwnerType{value: val, isSet: true}
+}
+
+func (v NullableGroupOwnerType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupOwnerType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_policy_rule_condition.go b/okta/model_group_policy_rule_condition.go
new file mode 100644
index 000000000..5d6f8c98c
--- /dev/null
+++ b/okta/model_group_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupPolicyRuleCondition struct for GroupPolicyRuleCondition
+type GroupPolicyRuleCondition struct {
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupPolicyRuleCondition GroupPolicyRuleCondition
+
+// NewGroupPolicyRuleCondition instantiates a new GroupPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupPolicyRuleCondition() *GroupPolicyRuleCondition {
+	this := GroupPolicyRuleCondition{}
+	return &this
+}
+
+// NewGroupPolicyRuleConditionWithDefaults instantiates a new GroupPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupPolicyRuleConditionWithDefaults() *GroupPolicyRuleCondition {
+	this := GroupPolicyRuleCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *GroupPolicyRuleCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupPolicyRuleCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *GroupPolicyRuleCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *GroupPolicyRuleCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *GroupPolicyRuleCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupPolicyRuleCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *GroupPolicyRuleCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *GroupPolicyRuleCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o GroupPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupPolicyRuleCondition := _GroupPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varGroupPolicyRuleCondition)
+	if err == nil {
+		*o = GroupPolicyRuleCondition(varGroupPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupPolicyRuleCondition struct {
+	value *GroupPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableGroupPolicyRuleCondition) Get() *GroupPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableGroupPolicyRuleCondition) Set(val *GroupPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupPolicyRuleCondition(val *GroupPolicyRuleCondition) *NullableGroupPolicyRuleCondition {
+	return &NullableGroupPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableGroupPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_profile.go b/okta/model_group_profile.go
new file mode 100644
index 000000000..c39c71902
--- /dev/null
+++ b/okta/model_group_profile.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupProfile struct for GroupProfile
+type GroupProfile struct {
+	Description          *string `json:"description,omitempty"`
+	Name                 *string `json:"name,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupProfile GroupProfile
+
+// NewGroupProfile instantiates a new GroupProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupProfile() *GroupProfile {
+	this := GroupProfile{}
+	return &this
+}
+
+// NewGroupProfileWithDefaults instantiates a new GroupProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupProfileWithDefaults() *GroupProfile {
+	this := GroupProfile{}
+	return &this
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *GroupProfile) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupProfile) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *GroupProfile) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *GroupProfile) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *GroupProfile) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupProfile) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *GroupProfile) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *GroupProfile) SetName(v string) {
+	o.Name = &v
+}
+
+func (o GroupProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupProfile := _GroupProfile{}
+
+	err = json.Unmarshal(bytes, &varGroupProfile)
+	if err == nil {
+		*o = GroupProfile(varGroupProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "name")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupProfile struct {
+	value *GroupProfile
+	isSet bool
+}
+
+func (v NullableGroupProfile) Get() *GroupProfile {
+	return v.value
+}
+
+func (v *NullableGroupProfile) Set(val *GroupProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupProfile(val *GroupProfile) *NullableGroupProfile {
+	return &NullableGroupProfile{value: val, isSet: true}
+}
+
+func (v NullableGroupProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule.go b/okta/model_group_rule.go
new file mode 100644
index 000000000..d1aaafde5
--- /dev/null
+++ b/okta/model_group_rule.go
@@ -0,0 +1,418 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// GroupRule struct for GroupRule
+type GroupRule struct {
+	Actions              *GroupRuleAction     `json:"actions,omitempty"`
+	Conditions           *GroupRuleConditions `json:"conditions,omitempty"`
+	Created              *time.Time           `json:"created,omitempty"`
+	Id                   *string              `json:"id,omitempty"`
+	LastUpdated          *time.Time           `json:"lastUpdated,omitempty"`
+	Name                 *string              `json:"name,omitempty"`
+	Status               *GroupRuleStatus     `json:"status,omitempty"`
+	Type                 *string              `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRule GroupRule
+
+// NewGroupRule instantiates a new GroupRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRule() *GroupRule {
+	this := GroupRule{}
+	return &this
+}
+
+// NewGroupRuleWithDefaults instantiates a new GroupRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRuleWithDefaults() *GroupRule {
+	this := GroupRule{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *GroupRule) GetActions() GroupRuleAction {
+	if o == nil || o.Actions == nil {
+		var ret GroupRuleAction
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetActionsOk() (*GroupRuleAction, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *GroupRule) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given GroupRuleAction and assigns it to the Actions field.
+func (o *GroupRule) SetActions(v GroupRuleAction) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *GroupRule) GetConditions() GroupRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret GroupRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetConditionsOk() (*GroupRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *GroupRule) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given GroupRuleConditions and assigns it to the Conditions field.
+func (o *GroupRule) SetConditions(v GroupRuleConditions) {
+	o.Conditions = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *GroupRule) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *GroupRule) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *GroupRule) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *GroupRule) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *GroupRule) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *GroupRule) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *GroupRule) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *GroupRule) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *GroupRule) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *GroupRule) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *GroupRule) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *GroupRule) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *GroupRule) GetStatus() GroupRuleStatus {
+	if o == nil || o.Status == nil {
+		var ret GroupRuleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetStatusOk() (*GroupRuleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *GroupRule) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given GroupRuleStatus and assigns it to the Status field.
+func (o *GroupRule) SetStatus(v GroupRuleStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *GroupRule) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRule) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *GroupRule) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *GroupRule) SetType(v string) {
+	o.Type = &v
+}
+
+func (o GroupRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRule) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRule := _GroupRule{}
+
+	err = json.Unmarshal(bytes, &varGroupRule)
+	if err == nil {
+		*o = GroupRule(varGroupRule)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRule struct {
+	value *GroupRule
+	isSet bool
+}
+
+func (v NullableGroupRule) Get() *GroupRule {
+	return v.value
+}
+
+func (v *NullableGroupRule) Set(val *GroupRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRule(val *GroupRule) *NullableGroupRule {
+	return &NullableGroupRule{value: val, isSet: true}
+}
+
+func (v NullableGroupRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_action.go b/okta/model_group_rule_action.go
new file mode 100644
index 000000000..fea5bbf23
--- /dev/null
+++ b/okta/model_group_rule_action.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupRuleAction struct for GroupRuleAction
+type GroupRuleAction struct {
+	AssignUserToGroups   *GroupRuleGroupAssignment `json:"assignUserToGroups,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRuleAction GroupRuleAction
+
+// NewGroupRuleAction instantiates a new GroupRuleAction object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRuleAction() *GroupRuleAction {
+	this := GroupRuleAction{}
+	return &this
+}
+
+// NewGroupRuleActionWithDefaults instantiates a new GroupRuleAction object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRuleActionWithDefaults() *GroupRuleAction {
+	this := GroupRuleAction{}
+	return &this
+}
+
+// GetAssignUserToGroups returns the AssignUserToGroups field value if set, zero value otherwise.
+func (o *GroupRuleAction) GetAssignUserToGroups() GroupRuleGroupAssignment {
+	if o == nil || o.AssignUserToGroups == nil {
+		var ret GroupRuleGroupAssignment
+		return ret
+	}
+	return *o.AssignUserToGroups
+}
+
+// GetAssignUserToGroupsOk returns a tuple with the AssignUserToGroups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleAction) GetAssignUserToGroupsOk() (*GroupRuleGroupAssignment, bool) {
+	if o == nil || o.AssignUserToGroups == nil {
+		return nil, false
+	}
+	return o.AssignUserToGroups, true
+}
+
+// HasAssignUserToGroups returns a boolean if a field has been set.
+func (o *GroupRuleAction) HasAssignUserToGroups() bool {
+	if o != nil && o.AssignUserToGroups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAssignUserToGroups gets a reference to the given GroupRuleGroupAssignment and assigns it to the AssignUserToGroups field.
+func (o *GroupRuleAction) SetAssignUserToGroups(v GroupRuleGroupAssignment) {
+	o.AssignUserToGroups = &v
+}
+
+func (o GroupRuleAction) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AssignUserToGroups != nil {
+		toSerialize["assignUserToGroups"] = o.AssignUserToGroups
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRuleAction) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRuleAction := _GroupRuleAction{}
+
+	err = json.Unmarshal(bytes, &varGroupRuleAction)
+	if err == nil {
+		*o = GroupRuleAction(varGroupRuleAction)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "assignUserToGroups")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRuleAction struct {
+	value *GroupRuleAction
+	isSet bool
+}
+
+func (v NullableGroupRuleAction) Get() *GroupRuleAction {
+	return v.value
+}
+
+func (v *NullableGroupRuleAction) Set(val *GroupRuleAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRuleAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRuleAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRuleAction(val *GroupRuleAction) *NullableGroupRuleAction {
+	return &NullableGroupRuleAction{value: val, isSet: true}
+}
+
+func (v NullableGroupRuleAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRuleAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_conditions.go b/okta/model_group_rule_conditions.go
new file mode 100644
index 000000000..a44fd8080
--- /dev/null
+++ b/okta/model_group_rule_conditions.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupRuleConditions struct for GroupRuleConditions
+type GroupRuleConditions struct {
+	Expression           *GroupRuleExpression      `json:"expression,omitempty"`
+	People               *GroupRulePeopleCondition `json:"people,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRuleConditions GroupRuleConditions
+
+// NewGroupRuleConditions instantiates a new GroupRuleConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRuleConditions() *GroupRuleConditions {
+	this := GroupRuleConditions{}
+	return &this
+}
+
+// NewGroupRuleConditionsWithDefaults instantiates a new GroupRuleConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRuleConditionsWithDefaults() *GroupRuleConditions {
+	this := GroupRuleConditions{}
+	return &this
+}
+
+// GetExpression returns the Expression field value if set, zero value otherwise.
+func (o *GroupRuleConditions) GetExpression() GroupRuleExpression {
+	if o == nil || o.Expression == nil {
+		var ret GroupRuleExpression
+		return ret
+	}
+	return *o.Expression
+}
+
+// GetExpressionOk returns a tuple with the Expression field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleConditions) GetExpressionOk() (*GroupRuleExpression, bool) {
+	if o == nil || o.Expression == nil {
+		return nil, false
+	}
+	return o.Expression, true
+}
+
+// HasExpression returns a boolean if a field has been set.
+func (o *GroupRuleConditions) HasExpression() bool {
+	if o != nil && o.Expression != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpression gets a reference to the given GroupRuleExpression and assigns it to the Expression field.
+func (o *GroupRuleConditions) SetExpression(v GroupRuleExpression) {
+	o.Expression = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *GroupRuleConditions) GetPeople() GroupRulePeopleCondition {
+	if o == nil || o.People == nil {
+		var ret GroupRulePeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleConditions) GetPeopleOk() (*GroupRulePeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *GroupRuleConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given GroupRulePeopleCondition and assigns it to the People field.
+func (o *GroupRuleConditions) SetPeople(v GroupRulePeopleCondition) {
+	o.People = &v
+}
+
+func (o GroupRuleConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Expression != nil {
+		toSerialize["expression"] = o.Expression
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRuleConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRuleConditions := _GroupRuleConditions{}
+
+	err = json.Unmarshal(bytes, &varGroupRuleConditions)
+	if err == nil {
+		*o = GroupRuleConditions(varGroupRuleConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expression")
+		delete(additionalProperties, "people")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRuleConditions struct {
+	value *GroupRuleConditions
+	isSet bool
+}
+
+func (v NullableGroupRuleConditions) Get() *GroupRuleConditions {
+	return v.value
+}
+
+func (v *NullableGroupRuleConditions) Set(val *GroupRuleConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRuleConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRuleConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRuleConditions(val *GroupRuleConditions) *NullableGroupRuleConditions {
+	return &NullableGroupRuleConditions{value: val, isSet: true}
+}
+
+func (v NullableGroupRuleConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRuleConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_expression.go b/okta/model_group_rule_expression.go
new file mode 100644
index 000000000..448aa909f
--- /dev/null
+++ b/okta/model_group_rule_expression.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupRuleExpression struct for GroupRuleExpression
+type GroupRuleExpression struct {
+	Type                 *string `json:"type,omitempty"`
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRuleExpression GroupRuleExpression
+
+// NewGroupRuleExpression instantiates a new GroupRuleExpression object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRuleExpression() *GroupRuleExpression {
+	this := GroupRuleExpression{}
+	return &this
+}
+
+// NewGroupRuleExpressionWithDefaults instantiates a new GroupRuleExpression object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRuleExpressionWithDefaults() *GroupRuleExpression {
+	this := GroupRuleExpression{}
+	return &this
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *GroupRuleExpression) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleExpression) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *GroupRuleExpression) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *GroupRuleExpression) SetType(v string) {
+	o.Type = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *GroupRuleExpression) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleExpression) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *GroupRuleExpression) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *GroupRuleExpression) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o GroupRuleExpression) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRuleExpression) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRuleExpression := _GroupRuleExpression{}
+
+	err = json.Unmarshal(bytes, &varGroupRuleExpression)
+	if err == nil {
+		*o = GroupRuleExpression(varGroupRuleExpression)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRuleExpression struct {
+	value *GroupRuleExpression
+	isSet bool
+}
+
+func (v NullableGroupRuleExpression) Get() *GroupRuleExpression {
+	return v.value
+}
+
+func (v *NullableGroupRuleExpression) Set(val *GroupRuleExpression) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRuleExpression) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRuleExpression) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRuleExpression(val *GroupRuleExpression) *NullableGroupRuleExpression {
+	return &NullableGroupRuleExpression{value: val, isSet: true}
+}
+
+func (v NullableGroupRuleExpression) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRuleExpression) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_group_assignment.go b/okta/model_group_rule_group_assignment.go
new file mode 100644
index 000000000..cd08ec871
--- /dev/null
+++ b/okta/model_group_rule_group_assignment.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupRuleGroupAssignment struct for GroupRuleGroupAssignment
+type GroupRuleGroupAssignment struct {
+	GroupIds             []string `json:"groupIds,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRuleGroupAssignment GroupRuleGroupAssignment
+
+// NewGroupRuleGroupAssignment instantiates a new GroupRuleGroupAssignment object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRuleGroupAssignment() *GroupRuleGroupAssignment {
+	this := GroupRuleGroupAssignment{}
+	return &this
+}
+
+// NewGroupRuleGroupAssignmentWithDefaults instantiates a new GroupRuleGroupAssignment object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRuleGroupAssignmentWithDefaults() *GroupRuleGroupAssignment {
+	this := GroupRuleGroupAssignment{}
+	return &this
+}
+
+// GetGroupIds returns the GroupIds field value if set, zero value otherwise.
+func (o *GroupRuleGroupAssignment) GetGroupIds() []string {
+	if o == nil || o.GroupIds == nil {
+		var ret []string
+		return ret
+	}
+	return o.GroupIds
+}
+
+// GetGroupIdsOk returns a tuple with the GroupIds field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleGroupAssignment) GetGroupIdsOk() ([]string, bool) {
+	if o == nil || o.GroupIds == nil {
+		return nil, false
+	}
+	return o.GroupIds, true
+}
+
+// HasGroupIds returns a boolean if a field has been set.
+func (o *GroupRuleGroupAssignment) HasGroupIds() bool {
+	if o != nil && o.GroupIds != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroupIds gets a reference to the given []string and assigns it to the GroupIds field.
+func (o *GroupRuleGroupAssignment) SetGroupIds(v []string) {
+	o.GroupIds = v
+}
+
+func (o GroupRuleGroupAssignment) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.GroupIds != nil {
+		toSerialize["groupIds"] = o.GroupIds
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRuleGroupAssignment) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRuleGroupAssignment := _GroupRuleGroupAssignment{}
+
+	err = json.Unmarshal(bytes, &varGroupRuleGroupAssignment)
+	if err == nil {
+		*o = GroupRuleGroupAssignment(varGroupRuleGroupAssignment)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "groupIds")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRuleGroupAssignment struct {
+	value *GroupRuleGroupAssignment
+	isSet bool
+}
+
+func (v NullableGroupRuleGroupAssignment) Get() *GroupRuleGroupAssignment {
+	return v.value
+}
+
+func (v *NullableGroupRuleGroupAssignment) Set(val *GroupRuleGroupAssignment) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRuleGroupAssignment) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRuleGroupAssignment) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRuleGroupAssignment(val *GroupRuleGroupAssignment) *NullableGroupRuleGroupAssignment {
+	return &NullableGroupRuleGroupAssignment{value: val, isSet: true}
+}
+
+func (v NullableGroupRuleGroupAssignment) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRuleGroupAssignment) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_group_condition.go b/okta/model_group_rule_group_condition.go
new file mode 100644
index 000000000..225df4dfb
--- /dev/null
+++ b/okta/model_group_rule_group_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupRuleGroupCondition struct for GroupRuleGroupCondition
+type GroupRuleGroupCondition struct {
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRuleGroupCondition GroupRuleGroupCondition
+
+// NewGroupRuleGroupCondition instantiates a new GroupRuleGroupCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRuleGroupCondition() *GroupRuleGroupCondition {
+	this := GroupRuleGroupCondition{}
+	return &this
+}
+
+// NewGroupRuleGroupConditionWithDefaults instantiates a new GroupRuleGroupCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRuleGroupConditionWithDefaults() *GroupRuleGroupCondition {
+	this := GroupRuleGroupCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *GroupRuleGroupCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleGroupCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *GroupRuleGroupCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *GroupRuleGroupCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *GroupRuleGroupCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleGroupCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *GroupRuleGroupCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *GroupRuleGroupCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o GroupRuleGroupCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRuleGroupCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRuleGroupCondition := _GroupRuleGroupCondition{}
+
+	err = json.Unmarshal(bytes, &varGroupRuleGroupCondition)
+	if err == nil {
+		*o = GroupRuleGroupCondition(varGroupRuleGroupCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRuleGroupCondition struct {
+	value *GroupRuleGroupCondition
+	isSet bool
+}
+
+func (v NullableGroupRuleGroupCondition) Get() *GroupRuleGroupCondition {
+	return v.value
+}
+
+func (v *NullableGroupRuleGroupCondition) Set(val *GroupRuleGroupCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRuleGroupCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRuleGroupCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRuleGroupCondition(val *GroupRuleGroupCondition) *NullableGroupRuleGroupCondition {
+	return &NullableGroupRuleGroupCondition{value: val, isSet: true}
+}
+
+func (v NullableGroupRuleGroupCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRuleGroupCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_people_condition.go b/okta/model_group_rule_people_condition.go
new file mode 100644
index 000000000..f7094c1ab
--- /dev/null
+++ b/okta/model_group_rule_people_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupRulePeopleCondition struct for GroupRulePeopleCondition
+type GroupRulePeopleCondition struct {
+	Groups               *GroupRuleGroupCondition `json:"groups,omitempty"`
+	Users                *GroupRuleUserCondition  `json:"users,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRulePeopleCondition GroupRulePeopleCondition
+
+// NewGroupRulePeopleCondition instantiates a new GroupRulePeopleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRulePeopleCondition() *GroupRulePeopleCondition {
+	this := GroupRulePeopleCondition{}
+	return &this
+}
+
+// NewGroupRulePeopleConditionWithDefaults instantiates a new GroupRulePeopleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRulePeopleConditionWithDefaults() *GroupRulePeopleCondition {
+	this := GroupRulePeopleCondition{}
+	return &this
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *GroupRulePeopleCondition) GetGroups() GroupRuleGroupCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupRuleGroupCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRulePeopleCondition) GetGroupsOk() (*GroupRuleGroupCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *GroupRulePeopleCondition) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupRuleGroupCondition and assigns it to the Groups field.
+func (o *GroupRulePeopleCondition) SetGroups(v GroupRuleGroupCondition) {
+	o.Groups = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *GroupRulePeopleCondition) GetUsers() GroupRuleUserCondition {
+	if o == nil || o.Users == nil {
+		var ret GroupRuleUserCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRulePeopleCondition) GetUsersOk() (*GroupRuleUserCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *GroupRulePeopleCondition) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given GroupRuleUserCondition and assigns it to the Users field.
+func (o *GroupRulePeopleCondition) SetUsers(v GroupRuleUserCondition) {
+	o.Users = &v
+}
+
+func (o GroupRulePeopleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRulePeopleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRulePeopleCondition := _GroupRulePeopleCondition{}
+
+	err = json.Unmarshal(bytes, &varGroupRulePeopleCondition)
+	if err == nil {
+		*o = GroupRulePeopleCondition(varGroupRulePeopleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "users")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRulePeopleCondition struct {
+	value *GroupRulePeopleCondition
+	isSet bool
+}
+
+func (v NullableGroupRulePeopleCondition) Get() *GroupRulePeopleCondition {
+	return v.value
+}
+
+func (v *NullableGroupRulePeopleCondition) Set(val *GroupRulePeopleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRulePeopleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRulePeopleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRulePeopleCondition(val *GroupRulePeopleCondition) *NullableGroupRulePeopleCondition {
+	return &NullableGroupRulePeopleCondition{value: val, isSet: true}
+}
+
+func (v NullableGroupRulePeopleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRulePeopleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_status.go b/okta/model_group_rule_status.go
new file mode 100644
index 000000000..9b4462367
--- /dev/null
+++ b/okta/model_group_rule_status.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// GroupRuleStatus the model 'GroupRuleStatus'
+type GroupRuleStatus string
+
+// List of GroupRuleStatus
+const (
+	GROUPRULESTATUS_ACTIVE   GroupRuleStatus = "ACTIVE"
+	GROUPRULESTATUS_INACTIVE GroupRuleStatus = "INACTIVE"
+	GROUPRULESTATUS_INVALID  GroupRuleStatus = "INVALID"
+)
+
+// All allowed values of GroupRuleStatus enum
+var AllowedGroupRuleStatusEnumValues = []GroupRuleStatus{
+	"ACTIVE",
+	"INACTIVE",
+	"INVALID",
+}
+
+func (v *GroupRuleStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := GroupRuleStatus(value)
+	for _, existing := range AllowedGroupRuleStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid GroupRuleStatus", value)
+}
+
+// NewGroupRuleStatusFromValue returns a pointer to a valid GroupRuleStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewGroupRuleStatusFromValue(v string) (*GroupRuleStatus, error) {
+	ev := GroupRuleStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for GroupRuleStatus: valid values are %v", v, AllowedGroupRuleStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v GroupRuleStatus) IsValid() bool {
+	for _, existing := range AllowedGroupRuleStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to GroupRuleStatus value
+func (v GroupRuleStatus) Ptr() *GroupRuleStatus {
+	return &v
+}
+
+type NullableGroupRuleStatus struct {
+	value *GroupRuleStatus
+	isSet bool
+}
+
+func (v NullableGroupRuleStatus) Get() *GroupRuleStatus {
+	return v.value
+}
+
+func (v *NullableGroupRuleStatus) Set(val *GroupRuleStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRuleStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRuleStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRuleStatus(val *GroupRuleStatus) *NullableGroupRuleStatus {
+	return &NullableGroupRuleStatus{value: val, isSet: true}
+}
+
+func (v NullableGroupRuleStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRuleStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_rule_user_condition.go b/okta/model_group_rule_user_condition.go
new file mode 100644
index 000000000..c5770e492
--- /dev/null
+++ b/okta/model_group_rule_user_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupRuleUserCondition struct for GroupRuleUserCondition
+type GroupRuleUserCondition struct {
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupRuleUserCondition GroupRuleUserCondition
+
+// NewGroupRuleUserCondition instantiates a new GroupRuleUserCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupRuleUserCondition() *GroupRuleUserCondition {
+	this := GroupRuleUserCondition{}
+	return &this
+}
+
+// NewGroupRuleUserConditionWithDefaults instantiates a new GroupRuleUserCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupRuleUserConditionWithDefaults() *GroupRuleUserCondition {
+	this := GroupRuleUserCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *GroupRuleUserCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleUserCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *GroupRuleUserCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *GroupRuleUserCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *GroupRuleUserCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupRuleUserCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *GroupRuleUserCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *GroupRuleUserCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o GroupRuleUserCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupRuleUserCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupRuleUserCondition := _GroupRuleUserCondition{}
+
+	err = json.Unmarshal(bytes, &varGroupRuleUserCondition)
+	if err == nil {
+		*o = GroupRuleUserCondition(varGroupRuleUserCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupRuleUserCondition struct {
+	value *GroupRuleUserCondition
+	isSet bool
+}
+
+func (v NullableGroupRuleUserCondition) Get() *GroupRuleUserCondition {
+	return v.value
+}
+
+func (v *NullableGroupRuleUserCondition) Set(val *GroupRuleUserCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupRuleUserCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupRuleUserCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupRuleUserCondition(val *GroupRuleUserCondition) *NullableGroupRuleUserCondition {
+	return &NullableGroupRuleUserCondition{value: val, isSet: true}
+}
+
+func (v NullableGroupRuleUserCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupRuleUserCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_schema.go b/okta/model_group_schema.go
new file mode 100644
index 000000000..c645c39fd
--- /dev/null
+++ b/okta/model_group_schema.go
@@ -0,0 +1,528 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupSchema struct for GroupSchema
+type GroupSchema struct {
+	Schema               *string                           `json:"$schema,omitempty"`
+	Created              *string                           `json:"created,omitempty"`
+	Definitions          *GroupSchemaDefinitions           `json:"definitions,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *string                           `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Properties           *UserSchemaProperties             `json:"properties,omitempty"`
+	Title                *string                           `json:"title,omitempty"`
+	Type                 *string                           `json:"type,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupSchema GroupSchema
+
+// NewGroupSchema instantiates a new GroupSchema object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupSchema() *GroupSchema {
+	this := GroupSchema{}
+	return &this
+}
+
+// NewGroupSchemaWithDefaults instantiates a new GroupSchema object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupSchemaWithDefaults() *GroupSchema {
+	this := GroupSchema{}
+	return &this
+}
+
+// GetSchema returns the Schema field value if set, zero value otherwise.
+func (o *GroupSchema) GetSchema() string {
+	if o == nil || o.Schema == nil {
+		var ret string
+		return ret
+	}
+	return *o.Schema
+}
+
+// GetSchemaOk returns a tuple with the Schema field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetSchemaOk() (*string, bool) {
+	if o == nil || o.Schema == nil {
+		return nil, false
+	}
+	return o.Schema, true
+}
+
+// HasSchema returns a boolean if a field has been set.
+func (o *GroupSchema) HasSchema() bool {
+	if o != nil && o.Schema != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSchema gets a reference to the given string and assigns it to the Schema field.
+func (o *GroupSchema) SetSchema(v string) {
+	o.Schema = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *GroupSchema) GetCreated() string {
+	if o == nil || o.Created == nil {
+		var ret string
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetCreatedOk() (*string, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *GroupSchema) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given string and assigns it to the Created field.
+func (o *GroupSchema) SetCreated(v string) {
+	o.Created = &v
+}
+
+// GetDefinitions returns the Definitions field value if set, zero value otherwise.
+func (o *GroupSchema) GetDefinitions() GroupSchemaDefinitions {
+	if o == nil || o.Definitions == nil {
+		var ret GroupSchemaDefinitions
+		return ret
+	}
+	return *o.Definitions
+}
+
+// GetDefinitionsOk returns a tuple with the Definitions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetDefinitionsOk() (*GroupSchemaDefinitions, bool) {
+	if o == nil || o.Definitions == nil {
+		return nil, false
+	}
+	return o.Definitions, true
+}
+
+// HasDefinitions returns a boolean if a field has been set.
+func (o *GroupSchema) HasDefinitions() bool {
+	if o != nil && o.Definitions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefinitions gets a reference to the given GroupSchemaDefinitions and assigns it to the Definitions field.
+func (o *GroupSchema) SetDefinitions(v GroupSchemaDefinitions) {
+	o.Definitions = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *GroupSchema) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *GroupSchema) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *GroupSchema) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *GroupSchema) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *GroupSchema) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *GroupSchema) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *GroupSchema) GetLastUpdated() string {
+	if o == nil || o.LastUpdated == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetLastUpdatedOk() (*string, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *GroupSchema) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given string and assigns it to the LastUpdated field.
+func (o *GroupSchema) SetLastUpdated(v string) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *GroupSchema) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *GroupSchema) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *GroupSchema) SetName(v string) {
+	o.Name = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *GroupSchema) GetProperties() UserSchemaProperties {
+	if o == nil || o.Properties == nil {
+		var ret UserSchemaProperties
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetPropertiesOk() (*UserSchemaProperties, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *GroupSchema) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given UserSchemaProperties and assigns it to the Properties field.
+func (o *GroupSchema) SetProperties(v UserSchemaProperties) {
+	o.Properties = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *GroupSchema) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *GroupSchema) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *GroupSchema) SetTitle(v string) {
+	o.Title = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *GroupSchema) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *GroupSchema) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *GroupSchema) SetType(v string) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *GroupSchema) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchema) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *GroupSchema) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *GroupSchema) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o GroupSchema) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Schema != nil {
+		toSerialize["$schema"] = o.Schema
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Definitions != nil {
+		toSerialize["definitions"] = o.Definitions
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupSchema) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupSchema := _GroupSchema{}
+
+	err = json.Unmarshal(bytes, &varGroupSchema)
+	if err == nil {
+		*o = GroupSchema(varGroupSchema)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "$schema")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "definitions")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupSchema struct {
+	value *GroupSchema
+	isSet bool
+}
+
+func (v NullableGroupSchema) Get() *GroupSchema {
+	return v.value
+}
+
+func (v *NullableGroupSchema) Set(val *GroupSchema) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupSchema) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupSchema) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupSchema(val *GroupSchema) *NullableGroupSchema {
+	return &NullableGroupSchema{value: val, isSet: true}
+}
+
+func (v NullableGroupSchema) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupSchema) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_schema_attribute.go b/okta/model_group_schema_attribute.go
new file mode 100644
index 000000000..ba18f2373
--- /dev/null
+++ b/okta/model_group_schema_attribute.go
@@ -0,0 +1,750 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupSchemaAttribute struct for GroupSchemaAttribute
+type GroupSchemaAttribute struct {
+	Description          *string                         `json:"description,omitempty"`
+	Enum                 []string                        `json:"enum,omitempty"`
+	ExternalName         *string                         `json:"externalName,omitempty"`
+	ExternalNamespace    *string                         `json:"externalNamespace,omitempty"`
+	Items                *UserSchemaAttributeItems       `json:"items,omitempty"`
+	Master               *UserSchemaAttributeMaster      `json:"master,omitempty"`
+	MaxLength            *int32                          `json:"maxLength,omitempty"`
+	MinLength            *int32                          `json:"minLength,omitempty"`
+	Mutability           *string                         `json:"mutability,omitempty"`
+	OneOf                []UserSchemaAttributeEnum       `json:"oneOf,omitempty"`
+	Permissions          []UserSchemaAttributePermission `json:"permissions,omitempty"`
+	Required             *bool                           `json:"required,omitempty"`
+	Scope                *UserSchemaAttributeScope       `json:"scope,omitempty"`
+	Title                *string                         `json:"title,omitempty"`
+	Type                 *UserSchemaAttributeType        `json:"type,omitempty"`
+	Union                *UserSchemaAttributeUnion       `json:"union,omitempty"`
+	Unique               *string                         `json:"unique,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupSchemaAttribute GroupSchemaAttribute
+
+// NewGroupSchemaAttribute instantiates a new GroupSchemaAttribute object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupSchemaAttribute() *GroupSchemaAttribute {
+	this := GroupSchemaAttribute{}
+	return &this
+}
+
+// NewGroupSchemaAttributeWithDefaults instantiates a new GroupSchemaAttribute object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupSchemaAttributeWithDefaults() *GroupSchemaAttribute {
+	this := GroupSchemaAttribute{}
+	return &this
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *GroupSchemaAttribute) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetEnum returns the Enum field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetEnum() []string {
+	if o == nil || o.Enum == nil {
+		var ret []string
+		return ret
+	}
+	return o.Enum
+}
+
+// GetEnumOk returns a tuple with the Enum field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetEnumOk() ([]string, bool) {
+	if o == nil || o.Enum == nil {
+		return nil, false
+	}
+	return o.Enum, true
+}
+
+// HasEnum returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasEnum() bool {
+	if o != nil && o.Enum != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnum gets a reference to the given []string and assigns it to the Enum field.
+func (o *GroupSchemaAttribute) SetEnum(v []string) {
+	o.Enum = v
+}
+
+// GetExternalName returns the ExternalName field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetExternalName() string {
+	if o == nil || o.ExternalName == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalName
+}
+
+// GetExternalNameOk returns a tuple with the ExternalName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetExternalNameOk() (*string, bool) {
+	if o == nil || o.ExternalName == nil {
+		return nil, false
+	}
+	return o.ExternalName, true
+}
+
+// HasExternalName returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasExternalName() bool {
+	if o != nil && o.ExternalName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalName gets a reference to the given string and assigns it to the ExternalName field.
+func (o *GroupSchemaAttribute) SetExternalName(v string) {
+	o.ExternalName = &v
+}
+
+// GetExternalNamespace returns the ExternalNamespace field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetExternalNamespace() string {
+	if o == nil || o.ExternalNamespace == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalNamespace
+}
+
+// GetExternalNamespaceOk returns a tuple with the ExternalNamespace field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetExternalNamespaceOk() (*string, bool) {
+	if o == nil || o.ExternalNamespace == nil {
+		return nil, false
+	}
+	return o.ExternalNamespace, true
+}
+
+// HasExternalNamespace returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasExternalNamespace() bool {
+	if o != nil && o.ExternalNamespace != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalNamespace gets a reference to the given string and assigns it to the ExternalNamespace field.
+func (o *GroupSchemaAttribute) SetExternalNamespace(v string) {
+	o.ExternalNamespace = &v
+}
+
+// GetItems returns the Items field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetItems() UserSchemaAttributeItems {
+	if o == nil || o.Items == nil {
+		var ret UserSchemaAttributeItems
+		return ret
+	}
+	return *o.Items
+}
+
+// GetItemsOk returns a tuple with the Items field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetItemsOk() (*UserSchemaAttributeItems, bool) {
+	if o == nil || o.Items == nil {
+		return nil, false
+	}
+	return o.Items, true
+}
+
+// HasItems returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasItems() bool {
+	if o != nil && o.Items != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetItems gets a reference to the given UserSchemaAttributeItems and assigns it to the Items field.
+func (o *GroupSchemaAttribute) SetItems(v UserSchemaAttributeItems) {
+	o.Items = &v
+}
+
+// GetMaster returns the Master field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetMaster() UserSchemaAttributeMaster {
+	if o == nil || o.Master == nil {
+		var ret UserSchemaAttributeMaster
+		return ret
+	}
+	return *o.Master
+}
+
+// GetMasterOk returns a tuple with the Master field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetMasterOk() (*UserSchemaAttributeMaster, bool) {
+	if o == nil || o.Master == nil {
+		return nil, false
+	}
+	return o.Master, true
+}
+
+// HasMaster returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasMaster() bool {
+	if o != nil && o.Master != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaster gets a reference to the given UserSchemaAttributeMaster and assigns it to the Master field.
+func (o *GroupSchemaAttribute) SetMaster(v UserSchemaAttributeMaster) {
+	o.Master = &v
+}
+
+// GetMaxLength returns the MaxLength field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetMaxLength() int32 {
+	if o == nil || o.MaxLength == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxLength
+}
+
+// GetMaxLengthOk returns a tuple with the MaxLength field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetMaxLengthOk() (*int32, bool) {
+	if o == nil || o.MaxLength == nil {
+		return nil, false
+	}
+	return o.MaxLength, true
+}
+
+// HasMaxLength returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasMaxLength() bool {
+	if o != nil && o.MaxLength != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxLength gets a reference to the given int32 and assigns it to the MaxLength field.
+func (o *GroupSchemaAttribute) SetMaxLength(v int32) {
+	o.MaxLength = &v
+}
+
+// GetMinLength returns the MinLength field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetMinLength() int32 {
+	if o == nil || o.MinLength == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinLength
+}
+
+// GetMinLengthOk returns a tuple with the MinLength field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetMinLengthOk() (*int32, bool) {
+	if o == nil || o.MinLength == nil {
+		return nil, false
+	}
+	return o.MinLength, true
+}
+
+// HasMinLength returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasMinLength() bool {
+	if o != nil && o.MinLength != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinLength gets a reference to the given int32 and assigns it to the MinLength field.
+func (o *GroupSchemaAttribute) SetMinLength(v int32) {
+	o.MinLength = &v
+}
+
+// GetMutability returns the Mutability field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetMutability() string {
+	if o == nil || o.Mutability == nil {
+		var ret string
+		return ret
+	}
+	return *o.Mutability
+}
+
+// GetMutabilityOk returns a tuple with the Mutability field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetMutabilityOk() (*string, bool) {
+	if o == nil || o.Mutability == nil {
+		return nil, false
+	}
+	return o.Mutability, true
+}
+
+// HasMutability returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasMutability() bool {
+	if o != nil && o.Mutability != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMutability gets a reference to the given string and assigns it to the Mutability field.
+func (o *GroupSchemaAttribute) SetMutability(v string) {
+	o.Mutability = &v
+}
+
+// GetOneOf returns the OneOf field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetOneOf() []UserSchemaAttributeEnum {
+	if o == nil || o.OneOf == nil {
+		var ret []UserSchemaAttributeEnum
+		return ret
+	}
+	return o.OneOf
+}
+
+// GetOneOfOk returns a tuple with the OneOf field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetOneOfOk() ([]UserSchemaAttributeEnum, bool) {
+	if o == nil || o.OneOf == nil {
+		return nil, false
+	}
+	return o.OneOf, true
+}
+
+// HasOneOf returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasOneOf() bool {
+	if o != nil && o.OneOf != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOneOf gets a reference to the given []UserSchemaAttributeEnum and assigns it to the OneOf field.
+func (o *GroupSchemaAttribute) SetOneOf(v []UserSchemaAttributeEnum) {
+	o.OneOf = v
+}
+
+// GetPermissions returns the Permissions field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetPermissions() []UserSchemaAttributePermission {
+	if o == nil || o.Permissions == nil {
+		var ret []UserSchemaAttributePermission
+		return ret
+	}
+	return o.Permissions
+}
+
+// GetPermissionsOk returns a tuple with the Permissions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetPermissionsOk() ([]UserSchemaAttributePermission, bool) {
+	if o == nil || o.Permissions == nil {
+		return nil, false
+	}
+	return o.Permissions, true
+}
+
+// HasPermissions returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasPermissions() bool {
+	if o != nil && o.Permissions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPermissions gets a reference to the given []UserSchemaAttributePermission and assigns it to the Permissions field.
+func (o *GroupSchemaAttribute) SetPermissions(v []UserSchemaAttributePermission) {
+	o.Permissions = v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetRequired() bool {
+	if o == nil || o.Required == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetRequiredOk() (*bool, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given bool and assigns it to the Required field.
+func (o *GroupSchemaAttribute) SetRequired(v bool) {
+	o.Required = &v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetScope() UserSchemaAttributeScope {
+	if o == nil || o.Scope == nil {
+		var ret UserSchemaAttributeScope
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetScopeOk() (*UserSchemaAttributeScope, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given UserSchemaAttributeScope and assigns it to the Scope field.
+func (o *GroupSchemaAttribute) SetScope(v UserSchemaAttributeScope) {
+	o.Scope = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *GroupSchemaAttribute) SetTitle(v string) {
+	o.Title = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetType() UserSchemaAttributeType {
+	if o == nil || o.Type == nil {
+		var ret UserSchemaAttributeType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetTypeOk() (*UserSchemaAttributeType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given UserSchemaAttributeType and assigns it to the Type field.
+func (o *GroupSchemaAttribute) SetType(v UserSchemaAttributeType) {
+	o.Type = &v
+}
+
+// GetUnion returns the Union field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetUnion() UserSchemaAttributeUnion {
+	if o == nil || o.Union == nil {
+		var ret UserSchemaAttributeUnion
+		return ret
+	}
+	return *o.Union
+}
+
+// GetUnionOk returns a tuple with the Union field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetUnionOk() (*UserSchemaAttributeUnion, bool) {
+	if o == nil || o.Union == nil {
+		return nil, false
+	}
+	return o.Union, true
+}
+
+// HasUnion returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasUnion() bool {
+	if o != nil && o.Union != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnion gets a reference to the given UserSchemaAttributeUnion and assigns it to the Union field.
+func (o *GroupSchemaAttribute) SetUnion(v UserSchemaAttributeUnion) {
+	o.Union = &v
+}
+
+// GetUnique returns the Unique field value if set, zero value otherwise.
+func (o *GroupSchemaAttribute) GetUnique() string {
+	if o == nil || o.Unique == nil {
+		var ret string
+		return ret
+	}
+	return *o.Unique
+}
+
+// GetUniqueOk returns a tuple with the Unique field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaAttribute) GetUniqueOk() (*string, bool) {
+	if o == nil || o.Unique == nil {
+		return nil, false
+	}
+	return o.Unique, true
+}
+
+// HasUnique returns a boolean if a field has been set.
+func (o *GroupSchemaAttribute) HasUnique() bool {
+	if o != nil && o.Unique != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnique gets a reference to the given string and assigns it to the Unique field.
+func (o *GroupSchemaAttribute) SetUnique(v string) {
+	o.Unique = &v
+}
+
+func (o GroupSchemaAttribute) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Enum != nil {
+		toSerialize["enum"] = o.Enum
+	}
+	if o.ExternalName != nil {
+		toSerialize["externalName"] = o.ExternalName
+	}
+	if o.ExternalNamespace != nil {
+		toSerialize["externalNamespace"] = o.ExternalNamespace
+	}
+	if o.Items != nil {
+		toSerialize["items"] = o.Items
+	}
+	if o.Master != nil {
+		toSerialize["master"] = o.Master
+	}
+	if o.MaxLength != nil {
+		toSerialize["maxLength"] = o.MaxLength
+	}
+	if o.MinLength != nil {
+		toSerialize["minLength"] = o.MinLength
+	}
+	if o.Mutability != nil {
+		toSerialize["mutability"] = o.Mutability
+	}
+	if o.OneOf != nil {
+		toSerialize["oneOf"] = o.OneOf
+	}
+	if o.Permissions != nil {
+		toSerialize["permissions"] = o.Permissions
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Union != nil {
+		toSerialize["union"] = o.Union
+	}
+	if o.Unique != nil {
+		toSerialize["unique"] = o.Unique
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupSchemaAttribute) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupSchemaAttribute := _GroupSchemaAttribute{}
+
+	err = json.Unmarshal(bytes, &varGroupSchemaAttribute)
+	if err == nil {
+		*o = GroupSchemaAttribute(varGroupSchemaAttribute)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "enum")
+		delete(additionalProperties, "externalName")
+		delete(additionalProperties, "externalNamespace")
+		delete(additionalProperties, "items")
+		delete(additionalProperties, "master")
+		delete(additionalProperties, "maxLength")
+		delete(additionalProperties, "minLength")
+		delete(additionalProperties, "mutability")
+		delete(additionalProperties, "oneOf")
+		delete(additionalProperties, "permissions")
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "scope")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "union")
+		delete(additionalProperties, "unique")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupSchemaAttribute struct {
+	value *GroupSchemaAttribute
+	isSet bool
+}
+
+func (v NullableGroupSchemaAttribute) Get() *GroupSchemaAttribute {
+	return v.value
+}
+
+func (v *NullableGroupSchemaAttribute) Set(val *GroupSchemaAttribute) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupSchemaAttribute) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupSchemaAttribute) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupSchemaAttribute(val *GroupSchemaAttribute) *NullableGroupSchemaAttribute {
+	return &NullableGroupSchemaAttribute{value: val, isSet: true}
+}
+
+func (v NullableGroupSchemaAttribute) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupSchemaAttribute) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_schema_base.go b/okta/model_group_schema_base.go
new file mode 100644
index 000000000..58a7a7591
--- /dev/null
+++ b/okta/model_group_schema_base.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupSchemaBase struct for GroupSchemaBase
+type GroupSchemaBase struct {
+	Id                   *string                    `json:"id,omitempty"`
+	Properties           *GroupSchemaBaseProperties `json:"properties,omitempty"`
+	Required             []string                   `json:"required,omitempty"`
+	Type                 *string                    `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupSchemaBase GroupSchemaBase
+
+// NewGroupSchemaBase instantiates a new GroupSchemaBase object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupSchemaBase() *GroupSchemaBase {
+	this := GroupSchemaBase{}
+	return &this
+}
+
+// NewGroupSchemaBaseWithDefaults instantiates a new GroupSchemaBase object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupSchemaBaseWithDefaults() *GroupSchemaBase {
+	this := GroupSchemaBase{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *GroupSchemaBase) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaBase) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *GroupSchemaBase) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *GroupSchemaBase) SetId(v string) {
+	o.Id = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *GroupSchemaBase) GetProperties() GroupSchemaBaseProperties {
+	if o == nil || o.Properties == nil {
+		var ret GroupSchemaBaseProperties
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaBase) GetPropertiesOk() (*GroupSchemaBaseProperties, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *GroupSchemaBase) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given GroupSchemaBaseProperties and assigns it to the Properties field.
+func (o *GroupSchemaBase) SetProperties(v GroupSchemaBaseProperties) {
+	o.Properties = &v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *GroupSchemaBase) GetRequired() []string {
+	if o == nil || o.Required == nil {
+		var ret []string
+		return ret
+	}
+	return o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaBase) GetRequiredOk() ([]string, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *GroupSchemaBase) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given []string and assigns it to the Required field.
+func (o *GroupSchemaBase) SetRequired(v []string) {
+	o.Required = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *GroupSchemaBase) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaBase) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *GroupSchemaBase) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *GroupSchemaBase) SetType(v string) {
+	o.Type = &v
+}
+
+func (o GroupSchemaBase) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupSchemaBase) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupSchemaBase := _GroupSchemaBase{}
+
+	err = json.Unmarshal(bytes, &varGroupSchemaBase)
+	if err == nil {
+		*o = GroupSchemaBase(varGroupSchemaBase)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupSchemaBase struct {
+	value *GroupSchemaBase
+	isSet bool
+}
+
+func (v NullableGroupSchemaBase) Get() *GroupSchemaBase {
+	return v.value
+}
+
+func (v *NullableGroupSchemaBase) Set(val *GroupSchemaBase) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupSchemaBase) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupSchemaBase) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupSchemaBase(val *GroupSchemaBase) *NullableGroupSchemaBase {
+	return &NullableGroupSchemaBase{value: val, isSet: true}
+}
+
+func (v NullableGroupSchemaBase) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupSchemaBase) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_schema_base_properties.go b/okta/model_group_schema_base_properties.go
new file mode 100644
index 000000000..12eff6536
--- /dev/null
+++ b/okta/model_group_schema_base_properties.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupSchemaBaseProperties struct for GroupSchemaBaseProperties
+type GroupSchemaBaseProperties struct {
+	Description          *GroupSchemaAttribute `json:"description,omitempty"`
+	Name                 *GroupSchemaAttribute `json:"name,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupSchemaBaseProperties GroupSchemaBaseProperties
+
+// NewGroupSchemaBaseProperties instantiates a new GroupSchemaBaseProperties object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupSchemaBaseProperties() *GroupSchemaBaseProperties {
+	this := GroupSchemaBaseProperties{}
+	return &this
+}
+
+// NewGroupSchemaBasePropertiesWithDefaults instantiates a new GroupSchemaBaseProperties object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupSchemaBasePropertiesWithDefaults() *GroupSchemaBaseProperties {
+	this := GroupSchemaBaseProperties{}
+	return &this
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *GroupSchemaBaseProperties) GetDescription() GroupSchemaAttribute {
+	if o == nil || o.Description == nil {
+		var ret GroupSchemaAttribute
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaBaseProperties) GetDescriptionOk() (*GroupSchemaAttribute, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *GroupSchemaBaseProperties) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given GroupSchemaAttribute and assigns it to the Description field.
+func (o *GroupSchemaBaseProperties) SetDescription(v GroupSchemaAttribute) {
+	o.Description = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *GroupSchemaBaseProperties) GetName() GroupSchemaAttribute {
+	if o == nil || o.Name == nil {
+		var ret GroupSchemaAttribute
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaBaseProperties) GetNameOk() (*GroupSchemaAttribute, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *GroupSchemaBaseProperties) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given GroupSchemaAttribute and assigns it to the Name field.
+func (o *GroupSchemaBaseProperties) SetName(v GroupSchemaAttribute) {
+	o.Name = &v
+}
+
+func (o GroupSchemaBaseProperties) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupSchemaBaseProperties) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupSchemaBaseProperties := _GroupSchemaBaseProperties{}
+
+	err = json.Unmarshal(bytes, &varGroupSchemaBaseProperties)
+	if err == nil {
+		*o = GroupSchemaBaseProperties(varGroupSchemaBaseProperties)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "name")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupSchemaBaseProperties struct {
+	value *GroupSchemaBaseProperties
+	isSet bool
+}
+
+func (v NullableGroupSchemaBaseProperties) Get() *GroupSchemaBaseProperties {
+	return v.value
+}
+
+func (v *NullableGroupSchemaBaseProperties) Set(val *GroupSchemaBaseProperties) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupSchemaBaseProperties) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupSchemaBaseProperties) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupSchemaBaseProperties(val *GroupSchemaBaseProperties) *NullableGroupSchemaBaseProperties {
+	return &NullableGroupSchemaBaseProperties{value: val, isSet: true}
+}
+
+func (v NullableGroupSchemaBaseProperties) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupSchemaBaseProperties) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_schema_custom.go b/okta/model_group_schema_custom.go
new file mode 100644
index 000000000..dabfd03aa
--- /dev/null
+++ b/okta/model_group_schema_custom.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupSchemaCustom struct for GroupSchemaCustom
+type GroupSchemaCustom struct {
+	Id                   *string                          `json:"id,omitempty"`
+	Properties           *map[string]GroupSchemaAttribute `json:"properties,omitempty"`
+	Required             []string                         `json:"required,omitempty"`
+	Type                 *string                          `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupSchemaCustom GroupSchemaCustom
+
+// NewGroupSchemaCustom instantiates a new GroupSchemaCustom object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupSchemaCustom() *GroupSchemaCustom {
+	this := GroupSchemaCustom{}
+	return &this
+}
+
+// NewGroupSchemaCustomWithDefaults instantiates a new GroupSchemaCustom object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupSchemaCustomWithDefaults() *GroupSchemaCustom {
+	this := GroupSchemaCustom{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *GroupSchemaCustom) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaCustom) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *GroupSchemaCustom) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *GroupSchemaCustom) SetId(v string) {
+	o.Id = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *GroupSchemaCustom) GetProperties() map[string]GroupSchemaAttribute {
+	if o == nil || o.Properties == nil {
+		var ret map[string]GroupSchemaAttribute
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaCustom) GetPropertiesOk() (*map[string]GroupSchemaAttribute, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *GroupSchemaCustom) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given map[string]GroupSchemaAttribute and assigns it to the Properties field.
+func (o *GroupSchemaCustom) SetProperties(v map[string]GroupSchemaAttribute) {
+	o.Properties = &v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *GroupSchemaCustom) GetRequired() []string {
+	if o == nil || o.Required == nil {
+		var ret []string
+		return ret
+	}
+	return o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaCustom) GetRequiredOk() ([]string, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *GroupSchemaCustom) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given []string and assigns it to the Required field.
+func (o *GroupSchemaCustom) SetRequired(v []string) {
+	o.Required = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *GroupSchemaCustom) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaCustom) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *GroupSchemaCustom) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *GroupSchemaCustom) SetType(v string) {
+	o.Type = &v
+}
+
+func (o GroupSchemaCustom) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupSchemaCustom) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupSchemaCustom := _GroupSchemaCustom{}
+
+	err = json.Unmarshal(bytes, &varGroupSchemaCustom)
+	if err == nil {
+		*o = GroupSchemaCustom(varGroupSchemaCustom)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupSchemaCustom struct {
+	value *GroupSchemaCustom
+	isSet bool
+}
+
+func (v NullableGroupSchemaCustom) Get() *GroupSchemaCustom {
+	return v.value
+}
+
+func (v *NullableGroupSchemaCustom) Set(val *GroupSchemaCustom) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupSchemaCustom) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupSchemaCustom) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupSchemaCustom(val *GroupSchemaCustom) *NullableGroupSchemaCustom {
+	return &NullableGroupSchemaCustom{value: val, isSet: true}
+}
+
+func (v NullableGroupSchemaCustom) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupSchemaCustom) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_schema_definitions.go b/okta/model_group_schema_definitions.go
new file mode 100644
index 000000000..be9e1b4cf
--- /dev/null
+++ b/okta/model_group_schema_definitions.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// GroupSchemaDefinitions struct for GroupSchemaDefinitions
+type GroupSchemaDefinitions struct {
+	Base                 *GroupSchemaBase   `json:"base,omitempty"`
+	Custom               *GroupSchemaCustom `json:"custom,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _GroupSchemaDefinitions GroupSchemaDefinitions
+
+// NewGroupSchemaDefinitions instantiates a new GroupSchemaDefinitions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewGroupSchemaDefinitions() *GroupSchemaDefinitions {
+	this := GroupSchemaDefinitions{}
+	return &this
+}
+
+// NewGroupSchemaDefinitionsWithDefaults instantiates a new GroupSchemaDefinitions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewGroupSchemaDefinitionsWithDefaults() *GroupSchemaDefinitions {
+	this := GroupSchemaDefinitions{}
+	return &this
+}
+
+// GetBase returns the Base field value if set, zero value otherwise.
+func (o *GroupSchemaDefinitions) GetBase() GroupSchemaBase {
+	if o == nil || o.Base == nil {
+		var ret GroupSchemaBase
+		return ret
+	}
+	return *o.Base
+}
+
+// GetBaseOk returns a tuple with the Base field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaDefinitions) GetBaseOk() (*GroupSchemaBase, bool) {
+	if o == nil || o.Base == nil {
+		return nil, false
+	}
+	return o.Base, true
+}
+
+// HasBase returns a boolean if a field has been set.
+func (o *GroupSchemaDefinitions) HasBase() bool {
+	if o != nil && o.Base != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBase gets a reference to the given GroupSchemaBase and assigns it to the Base field.
+func (o *GroupSchemaDefinitions) SetBase(v GroupSchemaBase) {
+	o.Base = &v
+}
+
+// GetCustom returns the Custom field value if set, zero value otherwise.
+func (o *GroupSchemaDefinitions) GetCustom() GroupSchemaCustom {
+	if o == nil || o.Custom == nil {
+		var ret GroupSchemaCustom
+		return ret
+	}
+	return *o.Custom
+}
+
+// GetCustomOk returns a tuple with the Custom field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GroupSchemaDefinitions) GetCustomOk() (*GroupSchemaCustom, bool) {
+	if o == nil || o.Custom == nil {
+		return nil, false
+	}
+	return o.Custom, true
+}
+
+// HasCustom returns a boolean if a field has been set.
+func (o *GroupSchemaDefinitions) HasCustom() bool {
+	if o != nil && o.Custom != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustom gets a reference to the given GroupSchemaCustom and assigns it to the Custom field.
+func (o *GroupSchemaDefinitions) SetCustom(v GroupSchemaCustom) {
+	o.Custom = &v
+}
+
+func (o GroupSchemaDefinitions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Base != nil {
+		toSerialize["base"] = o.Base
+	}
+	if o.Custom != nil {
+		toSerialize["custom"] = o.Custom
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *GroupSchemaDefinitions) UnmarshalJSON(bytes []byte) (err error) {
+	varGroupSchemaDefinitions := _GroupSchemaDefinitions{}
+
+	err = json.Unmarshal(bytes, &varGroupSchemaDefinitions)
+	if err == nil {
+		*o = GroupSchemaDefinitions(varGroupSchemaDefinitions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "base")
+		delete(additionalProperties, "custom")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableGroupSchemaDefinitions struct {
+	value *GroupSchemaDefinitions
+	isSet bool
+}
+
+func (v NullableGroupSchemaDefinitions) Get() *GroupSchemaDefinitions {
+	return v.value
+}
+
+func (v *NullableGroupSchemaDefinitions) Set(val *GroupSchemaDefinitions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupSchemaDefinitions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupSchemaDefinitions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupSchemaDefinitions(val *GroupSchemaDefinitions) *NullableGroupSchemaDefinitions {
+	return &NullableGroupSchemaDefinitions{value: val, isSet: true}
+}
+
+func (v NullableGroupSchemaDefinitions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupSchemaDefinitions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_group_type.go b/okta/model_group_type.go
new file mode 100644
index 000000000..9656c2219
--- /dev/null
+++ b/okta/model_group_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// GroupType the model 'GroupType'
+type GroupType string
+
+// List of GroupType
+const (
+	GROUPTYPE_APP_GROUP  GroupType = "APP_GROUP"
+	GROUPTYPE_BUILT_IN   GroupType = "BUILT_IN"
+	GROUPTYPE_OKTA_GROUP GroupType = "OKTA_GROUP"
+)
+
+// All allowed values of GroupType enum
+var AllowedGroupTypeEnumValues = []GroupType{
+	"APP_GROUP",
+	"BUILT_IN",
+	"OKTA_GROUP",
+}
+
+func (v *GroupType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := GroupType(value)
+	for _, existing := range AllowedGroupTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid GroupType", value)
+}
+
+// NewGroupTypeFromValue returns a pointer to a valid GroupType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewGroupTypeFromValue(v string) (*GroupType, error) {
+	ev := GroupType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for GroupType: valid values are %v", v, AllowedGroupTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v GroupType) IsValid() bool {
+	for _, existing := range AllowedGroupTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to GroupType value
+func (v GroupType) Ptr() *GroupType {
+	return &v
+}
+
+type NullableGroupType struct {
+	value *GroupType
+	isSet bool
+}
+
+func (v NullableGroupType) Get() *GroupType {
+	return v.value
+}
+
+func (v *NullableGroupType) Set(val *GroupType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableGroupType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableGroupType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableGroupType(val *GroupType) *NullableGroupType {
+	return &NullableGroupType{value: val, isSet: true}
+}
+
+func (v NullableGroupType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableGroupType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_hardware_user_factor.go b/okta/model_hardware_user_factor.go
new file mode 100644
index 000000000..79f187e1a
--- /dev/null
+++ b/okta/model_hardware_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// HardwareUserFactor struct for HardwareUserFactor
+type HardwareUserFactor struct {
+	UserFactor
+	Profile              *HardwareUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HardwareUserFactor HardwareUserFactor
+
+// NewHardwareUserFactor instantiates a new HardwareUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHardwareUserFactor() *HardwareUserFactor {
+	this := HardwareUserFactor{}
+	return &this
+}
+
+// NewHardwareUserFactorWithDefaults instantiates a new HardwareUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHardwareUserFactorWithDefaults() *HardwareUserFactor {
+	this := HardwareUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *HardwareUserFactor) GetProfile() HardwareUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret HardwareUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HardwareUserFactor) GetProfileOk() (*HardwareUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *HardwareUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given HardwareUserFactorProfile and assigns it to the Profile field.
+func (o *HardwareUserFactor) SetProfile(v HardwareUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o HardwareUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HardwareUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type HardwareUserFactorWithoutEmbeddedStruct struct {
+		Profile *HardwareUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varHardwareUserFactorWithoutEmbeddedStruct := HardwareUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varHardwareUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varHardwareUserFactor := _HardwareUserFactor{}
+		varHardwareUserFactor.Profile = varHardwareUserFactorWithoutEmbeddedStruct.Profile
+		*o = HardwareUserFactor(varHardwareUserFactor)
+	} else {
+		return err
+	}
+
+	varHardwareUserFactor := _HardwareUserFactor{}
+
+	err = json.Unmarshal(bytes, &varHardwareUserFactor)
+	if err == nil {
+		o.UserFactor = varHardwareUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHardwareUserFactor struct {
+	value *HardwareUserFactor
+	isSet bool
+}
+
+func (v NullableHardwareUserFactor) Get() *HardwareUserFactor {
+	return v.value
+}
+
+func (v *NullableHardwareUserFactor) Set(val *HardwareUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHardwareUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHardwareUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHardwareUserFactor(val *HardwareUserFactor) *NullableHardwareUserFactor {
+	return &NullableHardwareUserFactor{value: val, isSet: true}
+}
+
+func (v NullableHardwareUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHardwareUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_hardware_user_factor_all_of.go b/okta/model_hardware_user_factor_all_of.go
new file mode 100644
index 000000000..a6c2410f0
--- /dev/null
+++ b/okta/model_hardware_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// HardwareUserFactorAllOf struct for HardwareUserFactorAllOf
+type HardwareUserFactorAllOf struct {
+	Profile              *HardwareUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HardwareUserFactorAllOf HardwareUserFactorAllOf
+
+// NewHardwareUserFactorAllOf instantiates a new HardwareUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHardwareUserFactorAllOf() *HardwareUserFactorAllOf {
+	this := HardwareUserFactorAllOf{}
+	return &this
+}
+
+// NewHardwareUserFactorAllOfWithDefaults instantiates a new HardwareUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHardwareUserFactorAllOfWithDefaults() *HardwareUserFactorAllOf {
+	this := HardwareUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *HardwareUserFactorAllOf) GetProfile() HardwareUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret HardwareUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HardwareUserFactorAllOf) GetProfileOk() (*HardwareUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *HardwareUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given HardwareUserFactorProfile and assigns it to the Profile field.
+func (o *HardwareUserFactorAllOf) SetProfile(v HardwareUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o HardwareUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HardwareUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varHardwareUserFactorAllOf := _HardwareUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varHardwareUserFactorAllOf)
+	if err == nil {
+		*o = HardwareUserFactorAllOf(varHardwareUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHardwareUserFactorAllOf struct {
+	value *HardwareUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableHardwareUserFactorAllOf) Get() *HardwareUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableHardwareUserFactorAllOf) Set(val *HardwareUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHardwareUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHardwareUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHardwareUserFactorAllOf(val *HardwareUserFactorAllOf) *NullableHardwareUserFactorAllOf {
+	return &NullableHardwareUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableHardwareUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHardwareUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_hardware_user_factor_profile.go b/okta/model_hardware_user_factor_profile.go
new file mode 100644
index 000000000..e4995c7c0
--- /dev/null
+++ b/okta/model_hardware_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// HardwareUserFactorProfile struct for HardwareUserFactorProfile
+type HardwareUserFactorProfile struct {
+	CredentialId         *string `json:"credentialId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HardwareUserFactorProfile HardwareUserFactorProfile
+
+// NewHardwareUserFactorProfile instantiates a new HardwareUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHardwareUserFactorProfile() *HardwareUserFactorProfile {
+	this := HardwareUserFactorProfile{}
+	return &this
+}
+
+// NewHardwareUserFactorProfileWithDefaults instantiates a new HardwareUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHardwareUserFactorProfileWithDefaults() *HardwareUserFactorProfile {
+	this := HardwareUserFactorProfile{}
+	return &this
+}
+
+// GetCredentialId returns the CredentialId field value if set, zero value otherwise.
+func (o *HardwareUserFactorProfile) GetCredentialId() string {
+	if o == nil || o.CredentialId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CredentialId
+}
+
+// GetCredentialIdOk returns a tuple with the CredentialId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HardwareUserFactorProfile) GetCredentialIdOk() (*string, bool) {
+	if o == nil || o.CredentialId == nil {
+		return nil, false
+	}
+	return o.CredentialId, true
+}
+
+// HasCredentialId returns a boolean if a field has been set.
+func (o *HardwareUserFactorProfile) HasCredentialId() bool {
+	if o != nil && o.CredentialId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialId gets a reference to the given string and assigns it to the CredentialId field.
+func (o *HardwareUserFactorProfile) SetCredentialId(v string) {
+	o.CredentialId = &v
+}
+
+func (o HardwareUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CredentialId != nil {
+		toSerialize["credentialId"] = o.CredentialId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HardwareUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varHardwareUserFactorProfile := _HardwareUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varHardwareUserFactorProfile)
+	if err == nil {
+		*o = HardwareUserFactorProfile(varHardwareUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentialId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHardwareUserFactorProfile struct {
+	value *HardwareUserFactorProfile
+	isSet bool
+}
+
+func (v NullableHardwareUserFactorProfile) Get() *HardwareUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableHardwareUserFactorProfile) Set(val *HardwareUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHardwareUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHardwareUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHardwareUserFactorProfile(val *HardwareUserFactorProfile) *NullableHardwareUserFactorProfile {
+	return &NullableHardwareUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableHardwareUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHardwareUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_hook_key.go b/okta/model_hook_key.go
new file mode 100644
index 000000000..c913e3ca9
--- /dev/null
+++ b/okta/model_hook_key.go
@@ -0,0 +1,381 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// HookKey struct for HookKey
+type HookKey struct {
+	Created              *time.Time  `json:"created,omitempty"`
+	Id                   *string     `json:"id,omitempty"`
+	IsUsed               *bool       `json:"isUsed,omitempty"`
+	KeyId                *string     `json:"keyId,omitempty"`
+	LastUpdated          *time.Time  `json:"lastUpdated,omitempty"`
+	Name                 *string     `json:"name,omitempty"`
+	Embedded             *JsonWebKey `json:"_embedded,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HookKey HookKey
+
+// NewHookKey instantiates a new HookKey object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHookKey() *HookKey {
+	this := HookKey{}
+	return &this
+}
+
+// NewHookKeyWithDefaults instantiates a new HookKey object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHookKeyWithDefaults() *HookKey {
+	this := HookKey{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *HookKey) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HookKey) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *HookKey) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *HookKey) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *HookKey) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HookKey) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *HookKey) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *HookKey) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIsUsed returns the IsUsed field value if set, zero value otherwise.
+func (o *HookKey) GetIsUsed() bool {
+	if o == nil || o.IsUsed == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IsUsed
+}
+
+// GetIsUsedOk returns a tuple with the IsUsed field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HookKey) GetIsUsedOk() (*bool, bool) {
+	if o == nil || o.IsUsed == nil {
+		return nil, false
+	}
+	return o.IsUsed, true
+}
+
+// HasIsUsed returns a boolean if a field has been set.
+func (o *HookKey) HasIsUsed() bool {
+	if o != nil && o.IsUsed != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsUsed gets a reference to the given bool and assigns it to the IsUsed field.
+func (o *HookKey) SetIsUsed(v bool) {
+	o.IsUsed = &v
+}
+
+// GetKeyId returns the KeyId field value if set, zero value otherwise.
+func (o *HookKey) GetKeyId() string {
+	if o == nil || o.KeyId == nil {
+		var ret string
+		return ret
+	}
+	return *o.KeyId
+}
+
+// GetKeyIdOk returns a tuple with the KeyId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HookKey) GetKeyIdOk() (*string, bool) {
+	if o == nil || o.KeyId == nil {
+		return nil, false
+	}
+	return o.KeyId, true
+}
+
+// HasKeyId returns a boolean if a field has been set.
+func (o *HookKey) HasKeyId() bool {
+	if o != nil && o.KeyId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKeyId gets a reference to the given string and assigns it to the KeyId field.
+func (o *HookKey) SetKeyId(v string) {
+	o.KeyId = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *HookKey) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HookKey) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *HookKey) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *HookKey) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *HookKey) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HookKey) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *HookKey) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *HookKey) SetName(v string) {
+	o.Name = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *HookKey) GetEmbedded() JsonWebKey {
+	if o == nil || o.Embedded == nil {
+		var ret JsonWebKey
+		return ret
+	}
+	return *o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HookKey) GetEmbeddedOk() (*JsonWebKey, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *HookKey) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given JsonWebKey and assigns it to the Embedded field.
+func (o *HookKey) SetEmbedded(v JsonWebKey) {
+	o.Embedded = &v
+}
+
+func (o HookKey) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IsUsed != nil {
+		toSerialize["isUsed"] = o.IsUsed
+	}
+	if o.KeyId != nil {
+		toSerialize["keyId"] = o.KeyId
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HookKey) UnmarshalJSON(bytes []byte) (err error) {
+	varHookKey := _HookKey{}
+
+	err = json.Unmarshal(bytes, &varHookKey)
+	if err == nil {
+		*o = HookKey(varHookKey)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "isUsed")
+		delete(additionalProperties, "keyId")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "_embedded")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHookKey struct {
+	value *HookKey
+	isSet bool
+}
+
+func (v NullableHookKey) Get() *HookKey {
+	return v.value
+}
+
+func (v *NullableHookKey) Set(val *HookKey) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHookKey) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHookKey) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHookKey(val *HookKey) *NullableHookKey {
+	return &NullableHookKey{value: val, isSet: true}
+}
+
+func (v NullableHookKey) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHookKey) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_hosted_page.go b/okta/model_hosted_page.go
new file mode 100644
index 000000000..3f9ee742e
--- /dev/null
+++ b/okta/model_hosted_page.go
@@ -0,0 +1,188 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// HostedPage struct for HostedPage
+type HostedPage struct {
+	Type                 HostedPageType `json:"type"`
+	Url                  *string        `json:"url,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HostedPage HostedPage
+
+// NewHostedPage instantiates a new HostedPage object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHostedPage(type_ HostedPageType) *HostedPage {
+	this := HostedPage{}
+	this.Type = type_
+	return &this
+}
+
+// NewHostedPageWithDefaults instantiates a new HostedPage object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHostedPageWithDefaults() *HostedPage {
+	this := HostedPage{}
+	return &this
+}
+
+// GetType returns the Type field value
+func (o *HostedPage) GetType() HostedPageType {
+	if o == nil {
+		var ret HostedPageType
+		return ret
+	}
+
+	return o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value
+// and a boolean to check if the value has been set.
+func (o *HostedPage) GetTypeOk() (*HostedPageType, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Type, true
+}
+
+// SetType sets field value
+func (o *HostedPage) SetType(v HostedPageType) {
+	o.Type = v
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *HostedPage) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HostedPage) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *HostedPage) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *HostedPage) SetUrl(v string) {
+	o.Url = &v
+}
+
+func (o HostedPage) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["type"] = o.Type
+	}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HostedPage) UnmarshalJSON(bytes []byte) (err error) {
+	varHostedPage := _HostedPage{}
+
+	err = json.Unmarshal(bytes, &varHostedPage)
+	if err == nil {
+		*o = HostedPage(varHostedPage)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "url")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHostedPage struct {
+	value *HostedPage
+	isSet bool
+}
+
+func (v NullableHostedPage) Get() *HostedPage {
+	return v.value
+}
+
+func (v *NullableHostedPage) Set(val *HostedPage) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHostedPage) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHostedPage) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHostedPage(val *HostedPage) *NullableHostedPage {
+	return &NullableHostedPage{value: val, isSet: true}
+}
+
+func (v NullableHostedPage) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHostedPage) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_hosted_page_type.go b/okta/model_hosted_page_type.go
new file mode 100644
index 000000000..dce61c6ff
--- /dev/null
+++ b/okta/model_hosted_page_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// HostedPageType the model 'HostedPageType'
+type HostedPageType string
+
+// List of HostedPageType
+const (
+	HOSTEDPAGETYPE_EXTERNALLY_HOSTED HostedPageType = "EXTERNALLY_HOSTED"
+	HOSTEDPAGETYPE_OKTA_DEFAULT      HostedPageType = "OKTA_DEFAULT"
+)
+
+// All allowed values of HostedPageType enum
+var AllowedHostedPageTypeEnumValues = []HostedPageType{
+	"EXTERNALLY_HOSTED",
+	"OKTA_DEFAULT",
+}
+
+func (v *HostedPageType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := HostedPageType(value)
+	for _, existing := range AllowedHostedPageTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid HostedPageType", value)
+}
+
+// NewHostedPageTypeFromValue returns a pointer to a valid HostedPageType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewHostedPageTypeFromValue(v string) (*HostedPageType, error) {
+	ev := HostedPageType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for HostedPageType: valid values are %v", v, AllowedHostedPageTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v HostedPageType) IsValid() bool {
+	for _, existing := range AllowedHostedPageTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to HostedPageType value
+func (v HostedPageType) Ptr() *HostedPageType {
+	return &v
+}
+
+type NullableHostedPageType struct {
+	value *HostedPageType
+	isSet bool
+}
+
+func (v NullableHostedPageType) Get() *HostedPageType {
+	return v.value
+}
+
+func (v *NullableHostedPageType) Set(val *HostedPageType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHostedPageType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHostedPageType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHostedPageType(val *HostedPageType) *NullableHostedPageType {
+	return &NullableHostedPageType{value: val, isSet: true}
+}
+
+func (v NullableHostedPageType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHostedPageType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_href_object.go b/okta/model_href_object.go
new file mode 100644
index 000000000..f1380842b
--- /dev/null
+++ b/okta/model_href_object.go
@@ -0,0 +1,263 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// HrefObject Singular link objected returned in HAL `_links` object.
+type HrefObject struct {
+	Hints *HrefObjectHints `json:"hints,omitempty"`
+	Href  string           `json:"href"`
+	Name  *string          `json:"name,omitempty"`
+	// The media type of the link. If omitted, it is implicitly `application/json`.
+	Type                 *string `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HrefObject HrefObject
+
+// NewHrefObject instantiates a new HrefObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHrefObject(href string) *HrefObject {
+	this := HrefObject{}
+	this.Href = href
+	return &this
+}
+
+// NewHrefObjectWithDefaults instantiates a new HrefObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHrefObjectWithDefaults() *HrefObject {
+	this := HrefObject{}
+	return &this
+}
+
+// GetHints returns the Hints field value if set, zero value otherwise.
+func (o *HrefObject) GetHints() HrefObjectHints {
+	if o == nil || o.Hints == nil {
+		var ret HrefObjectHints
+		return ret
+	}
+	return *o.Hints
+}
+
+// GetHintsOk returns a tuple with the Hints field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HrefObject) GetHintsOk() (*HrefObjectHints, bool) {
+	if o == nil || o.Hints == nil {
+		return nil, false
+	}
+	return o.Hints, true
+}
+
+// HasHints returns a boolean if a field has been set.
+func (o *HrefObject) HasHints() bool {
+	if o != nil && o.Hints != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHints gets a reference to the given HrefObjectHints and assigns it to the Hints field.
+func (o *HrefObject) SetHints(v HrefObjectHints) {
+	o.Hints = &v
+}
+
+// GetHref returns the Href field value
+func (o *HrefObject) GetHref() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Href
+}
+
+// GetHrefOk returns a tuple with the Href field value
+// and a boolean to check if the value has been set.
+func (o *HrefObject) GetHrefOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Href, true
+}
+
+// SetHref sets field value
+func (o *HrefObject) SetHref(v string) {
+	o.Href = v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *HrefObject) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HrefObject) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *HrefObject) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *HrefObject) SetName(v string) {
+	o.Name = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *HrefObject) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HrefObject) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *HrefObject) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *HrefObject) SetType(v string) {
+	o.Type = &v
+}
+
+func (o HrefObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Hints != nil {
+		toSerialize["hints"] = o.Hints
+	}
+	if true {
+		toSerialize["href"] = o.Href
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HrefObject) UnmarshalJSON(bytes []byte) (err error) {
+	varHrefObject := _HrefObject{}
+
+	err = json.Unmarshal(bytes, &varHrefObject)
+	if err == nil {
+		*o = HrefObject(varHrefObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "hints")
+		delete(additionalProperties, "href")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHrefObject struct {
+	value *HrefObject
+	isSet bool
+}
+
+func (v NullableHrefObject) Get() *HrefObject {
+	return v.value
+}
+
+func (v *NullableHrefObject) Set(val *HrefObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHrefObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHrefObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHrefObject(val *HrefObject) *NullableHrefObject {
+	return &NullableHrefObject{value: val, isSet: true}
+}
+
+func (v NullableHrefObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHrefObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_href_object_hints.go b/okta/model_href_object_hints.go
new file mode 100644
index 000000000..1e3e28216
--- /dev/null
+++ b/okta/model_href_object_hints.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// HrefObjectHints struct for HrefObjectHints
+type HrefObjectHints struct {
+	Allow                []HttpMethod `json:"allow,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HrefObjectHints HrefObjectHints
+
+// NewHrefObjectHints instantiates a new HrefObjectHints object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHrefObjectHints() *HrefObjectHints {
+	this := HrefObjectHints{}
+	return &this
+}
+
+// NewHrefObjectHintsWithDefaults instantiates a new HrefObjectHints object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHrefObjectHintsWithDefaults() *HrefObjectHints {
+	this := HrefObjectHints{}
+	return &this
+}
+
+// GetAllow returns the Allow field value if set, zero value otherwise.
+func (o *HrefObjectHints) GetAllow() []HttpMethod {
+	if o == nil || o.Allow == nil {
+		var ret []HttpMethod
+		return ret
+	}
+	return o.Allow
+}
+
+// GetAllowOk returns a tuple with the Allow field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HrefObjectHints) GetAllowOk() ([]HttpMethod, bool) {
+	if o == nil || o.Allow == nil {
+		return nil, false
+	}
+	return o.Allow, true
+}
+
+// HasAllow returns a boolean if a field has been set.
+func (o *HrefObjectHints) HasAllow() bool {
+	if o != nil && o.Allow != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAllow gets a reference to the given []HttpMethod and assigns it to the Allow field.
+func (o *HrefObjectHints) SetAllow(v []HttpMethod) {
+	o.Allow = v
+}
+
+func (o HrefObjectHints) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Allow != nil {
+		toSerialize["allow"] = o.Allow
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HrefObjectHints) UnmarshalJSON(bytes []byte) (err error) {
+	varHrefObjectHints := _HrefObjectHints{}
+
+	err = json.Unmarshal(bytes, &varHrefObjectHints)
+	if err == nil {
+		*o = HrefObjectHints(varHrefObjectHints)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "allow")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHrefObjectHints struct {
+	value *HrefObjectHints
+	isSet bool
+}
+
+func (v NullableHrefObjectHints) Get() *HrefObjectHints {
+	return v.value
+}
+
+func (v *NullableHrefObjectHints) Set(val *HrefObjectHints) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHrefObjectHints) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHrefObjectHints) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHrefObjectHints(val *HrefObjectHints) *NullableHrefObjectHints {
+	return &NullableHrefObjectHints{value: val, isSet: true}
+}
+
+func (v NullableHrefObjectHints) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHrefObjectHints) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_href_object_self_link.go b/okta/model_href_object_self_link.go
new file mode 100644
index 000000000..586e8995f
--- /dev/null
+++ b/okta/model_href_object_self_link.go
@@ -0,0 +1,263 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// HrefObjectSelfLink struct for HrefObjectSelfLink
+type HrefObjectSelfLink struct {
+	Hints *HrefObjectHints `json:"hints,omitempty"`
+	Href  string           `json:"href"`
+	Name  *string          `json:"name,omitempty"`
+	// The media type of the link. If omitted, it is implicitly `application/json`.
+	Type                 *string `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _HrefObjectSelfLink HrefObjectSelfLink
+
+// NewHrefObjectSelfLink instantiates a new HrefObjectSelfLink object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewHrefObjectSelfLink(href string) *HrefObjectSelfLink {
+	this := HrefObjectSelfLink{}
+	this.Href = href
+	return &this
+}
+
+// NewHrefObjectSelfLinkWithDefaults instantiates a new HrefObjectSelfLink object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewHrefObjectSelfLinkWithDefaults() *HrefObjectSelfLink {
+	this := HrefObjectSelfLink{}
+	return &this
+}
+
+// GetHints returns the Hints field value if set, zero value otherwise.
+func (o *HrefObjectSelfLink) GetHints() HrefObjectHints {
+	if o == nil || o.Hints == nil {
+		var ret HrefObjectHints
+		return ret
+	}
+	return *o.Hints
+}
+
+// GetHintsOk returns a tuple with the Hints field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HrefObjectSelfLink) GetHintsOk() (*HrefObjectHints, bool) {
+	if o == nil || o.Hints == nil {
+		return nil, false
+	}
+	return o.Hints, true
+}
+
+// HasHints returns a boolean if a field has been set.
+func (o *HrefObjectSelfLink) HasHints() bool {
+	if o != nil && o.Hints != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHints gets a reference to the given HrefObjectHints and assigns it to the Hints field.
+func (o *HrefObjectSelfLink) SetHints(v HrefObjectHints) {
+	o.Hints = &v
+}
+
+// GetHref returns the Href field value
+func (o *HrefObjectSelfLink) GetHref() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Href
+}
+
+// GetHrefOk returns a tuple with the Href field value
+// and a boolean to check if the value has been set.
+func (o *HrefObjectSelfLink) GetHrefOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Href, true
+}
+
+// SetHref sets field value
+func (o *HrefObjectSelfLink) SetHref(v string) {
+	o.Href = v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *HrefObjectSelfLink) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HrefObjectSelfLink) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *HrefObjectSelfLink) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *HrefObjectSelfLink) SetName(v string) {
+	o.Name = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *HrefObjectSelfLink) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *HrefObjectSelfLink) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *HrefObjectSelfLink) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *HrefObjectSelfLink) SetType(v string) {
+	o.Type = &v
+}
+
+func (o HrefObjectSelfLink) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Hints != nil {
+		toSerialize["hints"] = o.Hints
+	}
+	if true {
+		toSerialize["href"] = o.Href
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *HrefObjectSelfLink) UnmarshalJSON(bytes []byte) (err error) {
+	varHrefObjectSelfLink := _HrefObjectSelfLink{}
+
+	err = json.Unmarshal(bytes, &varHrefObjectSelfLink)
+	if err == nil {
+		*o = HrefObjectSelfLink(varHrefObjectSelfLink)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "hints")
+		delete(additionalProperties, "href")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableHrefObjectSelfLink struct {
+	value *HrefObjectSelfLink
+	isSet bool
+}
+
+func (v NullableHrefObjectSelfLink) Get() *HrefObjectSelfLink {
+	return v.value
+}
+
+func (v *NullableHrefObjectSelfLink) Set(val *HrefObjectSelfLink) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHrefObjectSelfLink) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHrefObjectSelfLink) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHrefObjectSelfLink(val *HrefObjectSelfLink) *NullableHrefObjectSelfLink {
+	return &NullableHrefObjectSelfLink{value: val, isSet: true}
+}
+
+func (v NullableHrefObjectSelfLink) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHrefObjectSelfLink) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_http_method.go b/okta/model_http_method.go
new file mode 100644
index 000000000..a1afe9b5a
--- /dev/null
+++ b/okta/model_http_method.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// HttpMethod the model 'HttpMethod'
+type HttpMethod string
+
+// List of HttpMethod
+const (
+	HTTPMETHOD_DELETE HttpMethod = "DELETE"
+	HTTPMETHOD_GET    HttpMethod = "GET"
+	HTTPMETHOD_POST   HttpMethod = "POST"
+	HTTPMETHOD_PUT    HttpMethod = "PUT"
+)
+
+// All allowed values of HttpMethod enum
+var AllowedHttpMethodEnumValues = []HttpMethod{
+	"DELETE",
+	"GET",
+	"POST",
+	"PUT",
+}
+
+func (v *HttpMethod) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := HttpMethod(value)
+	for _, existing := range AllowedHttpMethodEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid HttpMethod", value)
+}
+
+// NewHttpMethodFromValue returns a pointer to a valid HttpMethod
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewHttpMethodFromValue(v string) (*HttpMethod, error) {
+	ev := HttpMethod(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for HttpMethod: valid values are %v", v, AllowedHttpMethodEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v HttpMethod) IsValid() bool {
+	for _, existing := range AllowedHttpMethodEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to HttpMethod value
+func (v HttpMethod) Ptr() *HttpMethod {
+	return &v
+}
+
+type NullableHttpMethod struct {
+	value *HttpMethod
+	isSet bool
+}
+
+func (v NullableHttpMethod) Get() *HttpMethod {
+	return v.value
+}
+
+func (v *NullableHttpMethod) Set(val *HttpMethod) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableHttpMethod) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableHttpMethod) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableHttpMethod(val *HttpMethod) *NullableHttpMethod {
+	return &NullableHttpMethod{value: val, isSet: true}
+}
+
+func (v NullableHttpMethod) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableHttpMethod) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_iam_role.go b/okta/model_iam_role.go
new file mode 100644
index 000000000..c23b78fe8
--- /dev/null
+++ b/okta/model_iam_role.go
@@ -0,0 +1,366 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// IamRole struct for IamRole
+type IamRole struct {
+	// Timestamp when the role was created
+	Created *time.Time `json:"created,omitempty"`
+	// Description of the role
+	Description string `json:"description"`
+	// Unique key for the role
+	Id *string `json:"id,omitempty"`
+	// Unique label for the role
+	Label string `json:"label"`
+	// Timestamp when the role was last updated
+	LastUpdated *time.Time `json:"lastUpdated,omitempty"`
+	// Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types).
+	Permissions          []RolePermissionType `json:"permissions"`
+	Links                *IamRoleLinks        `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IamRole IamRole
+
+// NewIamRole instantiates a new IamRole object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIamRole(description string, label string, permissions []RolePermissionType) *IamRole {
+	this := IamRole{}
+	this.Description = description
+	this.Label = label
+	this.Permissions = permissions
+	return &this
+}
+
+// NewIamRoleWithDefaults instantiates a new IamRole object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIamRoleWithDefaults() *IamRole {
+	this := IamRole{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *IamRole) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRole) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *IamRole) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *IamRole) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetDescription returns the Description field value
+func (o *IamRole) GetDescription() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value
+// and a boolean to check if the value has been set.
+func (o *IamRole) GetDescriptionOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Description, true
+}
+
+// SetDescription sets field value
+func (o *IamRole) SetDescription(v string) {
+	o.Description = v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *IamRole) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRole) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *IamRole) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *IamRole) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLabel returns the Label field value
+func (o *IamRole) GetLabel() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value
+// and a boolean to check if the value has been set.
+func (o *IamRole) GetLabelOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Label, true
+}
+
+// SetLabel sets field value
+func (o *IamRole) SetLabel(v string) {
+	o.Label = v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *IamRole) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRole) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *IamRole) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *IamRole) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetPermissions returns the Permissions field value
+func (o *IamRole) GetPermissions() []RolePermissionType {
+	if o == nil {
+		var ret []RolePermissionType
+		return ret
+	}
+
+	return o.Permissions
+}
+
+// GetPermissionsOk returns a tuple with the Permissions field value
+// and a boolean to check if the value has been set.
+func (o *IamRole) GetPermissionsOk() ([]RolePermissionType, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.Permissions, true
+}
+
+// SetPermissions sets field value
+func (o *IamRole) SetPermissions(v []RolePermissionType) {
+	o.Permissions = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *IamRole) GetLinks() IamRoleLinks {
+	if o == nil || o.Links == nil {
+		var ret IamRoleLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRole) GetLinksOk() (*IamRoleLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *IamRole) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given IamRoleLinks and assigns it to the Links field.
+func (o *IamRole) SetLinks(v IamRoleLinks) {
+	o.Links = &v
+}
+
+func (o IamRole) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if true {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if true {
+		toSerialize["label"] = o.Label
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if true {
+		toSerialize["permissions"] = o.Permissions
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IamRole) UnmarshalJSON(bytes []byte) (err error) {
+	varIamRole := _IamRole{}
+
+	err = json.Unmarshal(bytes, &varIamRole)
+	if err == nil {
+		*o = IamRole(varIamRole)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "permissions")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIamRole struct {
+	value *IamRole
+	isSet bool
+}
+
+func (v NullableIamRole) Get() *IamRole {
+	return v.value
+}
+
+func (v *NullableIamRole) Set(val *IamRole) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIamRole) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIamRole) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIamRole(val *IamRole) *NullableIamRole {
+	return &NullableIamRole{value: val, isSet: true}
+}
+
+func (v NullableIamRole) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIamRole) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_iam_role__links.go b/okta/model_iam_role__links.go
new file mode 100644
index 000000000..db651fbd6
--- /dev/null
+++ b/okta/model_iam_role__links.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IamRoleLinks struct for IamRoleLinks
+type IamRoleLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Permissions          *HrefObject `json:"permissions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IamRoleLinks IamRoleLinks
+
+// NewIamRoleLinks instantiates a new IamRoleLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIamRoleLinks() *IamRoleLinks {
+	this := IamRoleLinks{}
+	return &this
+}
+
+// NewIamRoleLinksWithDefaults instantiates a new IamRoleLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIamRoleLinksWithDefaults() *IamRoleLinks {
+	this := IamRoleLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *IamRoleLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRoleLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *IamRoleLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *IamRoleLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetPermissions returns the Permissions field value if set, zero value otherwise.
+func (o *IamRoleLinks) GetPermissions() HrefObject {
+	if o == nil || o.Permissions == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Permissions
+}
+
+// GetPermissionsOk returns a tuple with the Permissions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRoleLinks) GetPermissionsOk() (*HrefObject, bool) {
+	if o == nil || o.Permissions == nil {
+		return nil, false
+	}
+	return o.Permissions, true
+}
+
+// HasPermissions returns a boolean if a field has been set.
+func (o *IamRoleLinks) HasPermissions() bool {
+	if o != nil && o.Permissions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPermissions gets a reference to the given HrefObject and assigns it to the Permissions field.
+func (o *IamRoleLinks) SetPermissions(v HrefObject) {
+	o.Permissions = &v
+}
+
+func (o IamRoleLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Permissions != nil {
+		toSerialize["permissions"] = o.Permissions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IamRoleLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varIamRoleLinks := _IamRoleLinks{}
+
+	err = json.Unmarshal(bytes, &varIamRoleLinks)
+	if err == nil {
+		*o = IamRoleLinks(varIamRoleLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "permissions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIamRoleLinks struct {
+	value *IamRoleLinks
+	isSet bool
+}
+
+func (v NullableIamRoleLinks) Get() *IamRoleLinks {
+	return v.value
+}
+
+func (v *NullableIamRoleLinks) Set(val *IamRoleLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIamRoleLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIamRoleLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIamRoleLinks(val *IamRoleLinks) *NullableIamRoleLinks {
+	return &NullableIamRoleLinks{value: val, isSet: true}
+}
+
+func (v NullableIamRoleLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIamRoleLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_iam_roles.go b/okta/model_iam_roles.go
new file mode 100644
index 000000000..666a57793
--- /dev/null
+++ b/okta/model_iam_roles.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IamRoles struct for IamRoles
+type IamRoles struct {
+	Roles                []IamRole      `json:"roles,omitempty"`
+	Links                *IamRolesLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IamRoles IamRoles
+
+// NewIamRoles instantiates a new IamRoles object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIamRoles() *IamRoles {
+	this := IamRoles{}
+	return &this
+}
+
+// NewIamRolesWithDefaults instantiates a new IamRoles object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIamRolesWithDefaults() *IamRoles {
+	this := IamRoles{}
+	return &this
+}
+
+// GetRoles returns the Roles field value if set, zero value otherwise.
+func (o *IamRoles) GetRoles() []IamRole {
+	if o == nil || o.Roles == nil {
+		var ret []IamRole
+		return ret
+	}
+	return o.Roles
+}
+
+// GetRolesOk returns a tuple with the Roles field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRoles) GetRolesOk() ([]IamRole, bool) {
+	if o == nil || o.Roles == nil {
+		return nil, false
+	}
+	return o.Roles, true
+}
+
+// HasRoles returns a boolean if a field has been set.
+func (o *IamRoles) HasRoles() bool {
+	if o != nil && o.Roles != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRoles gets a reference to the given []IamRole and assigns it to the Roles field.
+func (o *IamRoles) SetRoles(v []IamRole) {
+	o.Roles = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *IamRoles) GetLinks() IamRolesLinks {
+	if o == nil || o.Links == nil {
+		var ret IamRolesLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRoles) GetLinksOk() (*IamRolesLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *IamRoles) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given IamRolesLinks and assigns it to the Links field.
+func (o *IamRoles) SetLinks(v IamRolesLinks) {
+	o.Links = &v
+}
+
+func (o IamRoles) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Roles != nil {
+		toSerialize["roles"] = o.Roles
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IamRoles) UnmarshalJSON(bytes []byte) (err error) {
+	varIamRoles := _IamRoles{}
+
+	err = json.Unmarshal(bytes, &varIamRoles)
+	if err == nil {
+		*o = IamRoles(varIamRoles)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "roles")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIamRoles struct {
+	value *IamRoles
+	isSet bool
+}
+
+func (v NullableIamRoles) Get() *IamRoles {
+	return v.value
+}
+
+func (v *NullableIamRoles) Set(val *IamRoles) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIamRoles) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIamRoles) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIamRoles(val *IamRoles) *NullableIamRoles {
+	return &NullableIamRoles{value: val, isSet: true}
+}
+
+func (v NullableIamRoles) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIamRoles) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_iam_roles__links.go b/okta/model_iam_roles__links.go
new file mode 100644
index 000000000..18d687551
--- /dev/null
+++ b/okta/model_iam_roles__links.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IamRolesLinks struct for IamRolesLinks
+type IamRolesLinks struct {
+	Next                 *HrefObject `json:"next,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IamRolesLinks IamRolesLinks
+
+// NewIamRolesLinks instantiates a new IamRolesLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIamRolesLinks() *IamRolesLinks {
+	this := IamRolesLinks{}
+	return &this
+}
+
+// NewIamRolesLinksWithDefaults instantiates a new IamRolesLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIamRolesLinksWithDefaults() *IamRolesLinks {
+	this := IamRolesLinks{}
+	return &this
+}
+
+// GetNext returns the Next field value if set, zero value otherwise.
+func (o *IamRolesLinks) GetNext() HrefObject {
+	if o == nil || o.Next == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Next
+}
+
+// GetNextOk returns a tuple with the Next field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IamRolesLinks) GetNextOk() (*HrefObject, bool) {
+	if o == nil || o.Next == nil {
+		return nil, false
+	}
+	return o.Next, true
+}
+
+// HasNext returns a boolean if a field has been set.
+func (o *IamRolesLinks) HasNext() bool {
+	if o != nil && o.Next != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNext gets a reference to the given HrefObject and assigns it to the Next field.
+func (o *IamRolesLinks) SetNext(v HrefObject) {
+	o.Next = &v
+}
+
+func (o IamRolesLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Next != nil {
+		toSerialize["next"] = o.Next
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IamRolesLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varIamRolesLinks := _IamRolesLinks{}
+
+	err = json.Unmarshal(bytes, &varIamRolesLinks)
+	if err == nil {
+		*o = IamRolesLinks(varIamRolesLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "next")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIamRolesLinks struct {
+	value *IamRolesLinks
+	isSet bool
+}
+
+func (v NullableIamRolesLinks) Get() *IamRolesLinks {
+	return v.value
+}
+
+func (v *NullableIamRolesLinks) Set(val *IamRolesLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIamRolesLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIamRolesLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIamRolesLinks(val *IamRolesLinks) *NullableIamRolesLinks {
+	return &NullableIamRolesLinks{value: val, isSet: true}
+}
+
+func (v NullableIamRolesLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIamRolesLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider.go b/okta/model_identity_provider.go
new file mode 100644
index 000000000..a0ffce55d
--- /dev/null
+++ b/okta/model_identity_provider.go
@@ -0,0 +1,503 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// IdentityProvider struct for IdentityProvider
+type IdentityProvider struct {
+	Created              NullableTime                      `json:"created,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	IssuerMode           *IssuerMode                       `json:"issuerMode,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Policy               *IdentityProviderPolicy           `json:"policy,omitempty"`
+	Protocol             *Protocol                         `json:"protocol,omitempty"`
+	Status               *LifecycleStatus                  `json:"status,omitempty"`
+	Type                 *IdentityProviderType             `json:"type,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProvider IdentityProvider
+
+// NewIdentityProvider instantiates a new IdentityProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProvider() *IdentityProvider {
+	this := IdentityProvider{}
+	return &this
+}
+
+// NewIdentityProviderWithDefaults instantiates a new IdentityProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderWithDefaults() *IdentityProvider {
+	this := IdentityProvider{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *IdentityProvider) GetCreated() time.Time {
+	if o == nil || o.Created.Get() == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created.Get()
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *IdentityProvider) GetCreatedOk() (*time.Time, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.Created.Get(), o.Created.IsSet()
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *IdentityProvider) HasCreated() bool {
+	if o != nil && o.Created.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given NullableTime and assigns it to the Created field.
+func (o *IdentityProvider) SetCreated(v time.Time) {
+	o.Created.Set(&v)
+}
+
+// SetCreatedNil sets the value for Created to be an explicit nil
+func (o *IdentityProvider) SetCreatedNil() {
+	o.Created.Set(nil)
+}
+
+// UnsetCreated ensures that no value is present for Created, not even an explicit nil
+func (o *IdentityProvider) UnsetCreated() {
+	o.Created.Unset()
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *IdentityProvider) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *IdentityProvider) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *IdentityProvider) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIssuerMode returns the IssuerMode field value if set, zero value otherwise.
+func (o *IdentityProvider) GetIssuerMode() IssuerMode {
+	if o == nil || o.IssuerMode == nil {
+		var ret IssuerMode
+		return ret
+	}
+	return *o.IssuerMode
+}
+
+// GetIssuerModeOk returns a tuple with the IssuerMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetIssuerModeOk() (*IssuerMode, bool) {
+	if o == nil || o.IssuerMode == nil {
+		return nil, false
+	}
+	return o.IssuerMode, true
+}
+
+// HasIssuerMode returns a boolean if a field has been set.
+func (o *IdentityProvider) HasIssuerMode() bool {
+	if o != nil && o.IssuerMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuerMode gets a reference to the given IssuerMode and assigns it to the IssuerMode field.
+func (o *IdentityProvider) SetIssuerMode(v IssuerMode) {
+	o.IssuerMode = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *IdentityProvider) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *IdentityProvider) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *IdentityProvider) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *IdentityProvider) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *IdentityProvider) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *IdentityProvider) SetName(v string) {
+	o.Name = &v
+}
+
+// GetPolicy returns the Policy field value if set, zero value otherwise.
+func (o *IdentityProvider) GetPolicy() IdentityProviderPolicy {
+	if o == nil || o.Policy == nil {
+		var ret IdentityProviderPolicy
+		return ret
+	}
+	return *o.Policy
+}
+
+// GetPolicyOk returns a tuple with the Policy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetPolicyOk() (*IdentityProviderPolicy, bool) {
+	if o == nil || o.Policy == nil {
+		return nil, false
+	}
+	return o.Policy, true
+}
+
+// HasPolicy returns a boolean if a field has been set.
+func (o *IdentityProvider) HasPolicy() bool {
+	if o != nil && o.Policy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPolicy gets a reference to the given IdentityProviderPolicy and assigns it to the Policy field.
+func (o *IdentityProvider) SetPolicy(v IdentityProviderPolicy) {
+	o.Policy = &v
+}
+
+// GetProtocol returns the Protocol field value if set, zero value otherwise.
+func (o *IdentityProvider) GetProtocol() Protocol {
+	if o == nil || o.Protocol == nil {
+		var ret Protocol
+		return ret
+	}
+	return *o.Protocol
+}
+
+// GetProtocolOk returns a tuple with the Protocol field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetProtocolOk() (*Protocol, bool) {
+	if o == nil || o.Protocol == nil {
+		return nil, false
+	}
+	return o.Protocol, true
+}
+
+// HasProtocol returns a boolean if a field has been set.
+func (o *IdentityProvider) HasProtocol() bool {
+	if o != nil && o.Protocol != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProtocol gets a reference to the given Protocol and assigns it to the Protocol field.
+func (o *IdentityProvider) SetProtocol(v Protocol) {
+	o.Protocol = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *IdentityProvider) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *IdentityProvider) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *IdentityProvider) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *IdentityProvider) GetType() IdentityProviderType {
+	if o == nil || o.Type == nil {
+		var ret IdentityProviderType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetTypeOk() (*IdentityProviderType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *IdentityProvider) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given IdentityProviderType and assigns it to the Type field.
+func (o *IdentityProvider) SetType(v IdentityProviderType) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *IdentityProvider) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProvider) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *IdentityProvider) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *IdentityProvider) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o IdentityProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created.IsSet() {
+		toSerialize["created"] = o.Created.Get()
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IssuerMode != nil {
+		toSerialize["issuerMode"] = o.IssuerMode
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Policy != nil {
+		toSerialize["policy"] = o.Policy
+	}
+	if o.Protocol != nil {
+		toSerialize["protocol"] = o.Protocol
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProvider) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProvider := _IdentityProvider{}
+
+	err = json.Unmarshal(bytes, &varIdentityProvider)
+	if err == nil {
+		*o = IdentityProvider(varIdentityProvider)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "issuerMode")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "policy")
+		delete(additionalProperties, "protocol")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProvider struct {
+	value *IdentityProvider
+	isSet bool
+}
+
+func (v NullableIdentityProvider) Get() *IdentityProvider {
+	return v.value
+}
+
+func (v *NullableIdentityProvider) Set(val *IdentityProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProvider(val *IdentityProvider) *NullableIdentityProvider {
+	return &NullableIdentityProvider{value: val, isSet: true}
+}
+
+func (v NullableIdentityProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_application_user.go b/okta/model_identity_provider_application_user.go
new file mode 100644
index 000000000..1a8ec6e13
--- /dev/null
+++ b/okta/model_identity_provider_application_user.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentityProviderApplicationUser struct for IdentityProviderApplicationUser
+type IdentityProviderApplicationUser struct {
+	Created              *string                           `json:"created,omitempty"`
+	ExternalId           *string                           `json:"externalId,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *string                           `json:"lastUpdated,omitempty"`
+	Profile              map[string]map[string]interface{} `json:"profile,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProviderApplicationUser IdentityProviderApplicationUser
+
+// NewIdentityProviderApplicationUser instantiates a new IdentityProviderApplicationUser object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderApplicationUser() *IdentityProviderApplicationUser {
+	this := IdentityProviderApplicationUser{}
+	return &this
+}
+
+// NewIdentityProviderApplicationUserWithDefaults instantiates a new IdentityProviderApplicationUser object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderApplicationUserWithDefaults() *IdentityProviderApplicationUser {
+	this := IdentityProviderApplicationUser{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *IdentityProviderApplicationUser) GetCreated() string {
+	if o == nil || o.Created == nil {
+		var ret string
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderApplicationUser) GetCreatedOk() (*string, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *IdentityProviderApplicationUser) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given string and assigns it to the Created field.
+func (o *IdentityProviderApplicationUser) SetCreated(v string) {
+	o.Created = &v
+}
+
+// GetExternalId returns the ExternalId field value if set, zero value otherwise.
+func (o *IdentityProviderApplicationUser) GetExternalId() string {
+	if o == nil || o.ExternalId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalId
+}
+
+// GetExternalIdOk returns a tuple with the ExternalId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderApplicationUser) GetExternalIdOk() (*string, bool) {
+	if o == nil || o.ExternalId == nil {
+		return nil, false
+	}
+	return o.ExternalId, true
+}
+
+// HasExternalId returns a boolean if a field has been set.
+func (o *IdentityProviderApplicationUser) HasExternalId() bool {
+	if o != nil && o.ExternalId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalId gets a reference to the given string and assigns it to the ExternalId field.
+func (o *IdentityProviderApplicationUser) SetExternalId(v string) {
+	o.ExternalId = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *IdentityProviderApplicationUser) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderApplicationUser) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *IdentityProviderApplicationUser) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *IdentityProviderApplicationUser) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *IdentityProviderApplicationUser) GetLastUpdated() string {
+	if o == nil || o.LastUpdated == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderApplicationUser) GetLastUpdatedOk() (*string, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *IdentityProviderApplicationUser) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given string and assigns it to the LastUpdated field.
+func (o *IdentityProviderApplicationUser) SetLastUpdated(v string) {
+	o.LastUpdated = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *IdentityProviderApplicationUser) GetProfile() map[string]map[string]interface{} {
+	if o == nil || o.Profile == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderApplicationUser) GetProfileOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *IdentityProviderApplicationUser) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given map[string]map[string]interface{} and assigns it to the Profile field.
+func (o *IdentityProviderApplicationUser) SetProfile(v map[string]map[string]interface{}) {
+	o.Profile = v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *IdentityProviderApplicationUser) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderApplicationUser) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *IdentityProviderApplicationUser) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *IdentityProviderApplicationUser) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *IdentityProviderApplicationUser) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderApplicationUser) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *IdentityProviderApplicationUser) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *IdentityProviderApplicationUser) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o IdentityProviderApplicationUser) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.ExternalId != nil {
+		toSerialize["externalId"] = o.ExternalId
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderApplicationUser) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProviderApplicationUser := _IdentityProviderApplicationUser{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderApplicationUser)
+	if err == nil {
+		*o = IdentityProviderApplicationUser(varIdentityProviderApplicationUser)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "externalId")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderApplicationUser struct {
+	value *IdentityProviderApplicationUser
+	isSet bool
+}
+
+func (v NullableIdentityProviderApplicationUser) Get() *IdentityProviderApplicationUser {
+	return v.value
+}
+
+func (v *NullableIdentityProviderApplicationUser) Set(val *IdentityProviderApplicationUser) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderApplicationUser) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderApplicationUser) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderApplicationUser(val *IdentityProviderApplicationUser) *NullableIdentityProviderApplicationUser {
+	return &NullableIdentityProviderApplicationUser{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderApplicationUser) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderApplicationUser) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_credentials.go b/okta/model_identity_provider_credentials.go
new file mode 100644
index 000000000..abbbde475
--- /dev/null
+++ b/okta/model_identity_provider_credentials.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentityProviderCredentials struct for IdentityProviderCredentials
+type IdentityProviderCredentials struct {
+	Client               *IdentityProviderCredentialsClient  `json:"client,omitempty"`
+	Signing              *IdentityProviderCredentialsSigning `json:"signing,omitempty"`
+	Trust                *IdentityProviderCredentialsTrust   `json:"trust,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProviderCredentials IdentityProviderCredentials
+
+// NewIdentityProviderCredentials instantiates a new IdentityProviderCredentials object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderCredentials() *IdentityProviderCredentials {
+	this := IdentityProviderCredentials{}
+	return &this
+}
+
+// NewIdentityProviderCredentialsWithDefaults instantiates a new IdentityProviderCredentials object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderCredentialsWithDefaults() *IdentityProviderCredentials {
+	this := IdentityProviderCredentials{}
+	return &this
+}
+
+// GetClient returns the Client field value if set, zero value otherwise.
+func (o *IdentityProviderCredentials) GetClient() IdentityProviderCredentialsClient {
+	if o == nil || o.Client == nil {
+		var ret IdentityProviderCredentialsClient
+		return ret
+	}
+	return *o.Client
+}
+
+// GetClientOk returns a tuple with the Client field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentials) GetClientOk() (*IdentityProviderCredentialsClient, bool) {
+	if o == nil || o.Client == nil {
+		return nil, false
+	}
+	return o.Client, true
+}
+
+// HasClient returns a boolean if a field has been set.
+func (o *IdentityProviderCredentials) HasClient() bool {
+	if o != nil && o.Client != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClient gets a reference to the given IdentityProviderCredentialsClient and assigns it to the Client field.
+func (o *IdentityProviderCredentials) SetClient(v IdentityProviderCredentialsClient) {
+	o.Client = &v
+}
+
+// GetSigning returns the Signing field value if set, zero value otherwise.
+func (o *IdentityProviderCredentials) GetSigning() IdentityProviderCredentialsSigning {
+	if o == nil || o.Signing == nil {
+		var ret IdentityProviderCredentialsSigning
+		return ret
+	}
+	return *o.Signing
+}
+
+// GetSigningOk returns a tuple with the Signing field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentials) GetSigningOk() (*IdentityProviderCredentialsSigning, bool) {
+	if o == nil || o.Signing == nil {
+		return nil, false
+	}
+	return o.Signing, true
+}
+
+// HasSigning returns a boolean if a field has been set.
+func (o *IdentityProviderCredentials) HasSigning() bool {
+	if o != nil && o.Signing != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSigning gets a reference to the given IdentityProviderCredentialsSigning and assigns it to the Signing field.
+func (o *IdentityProviderCredentials) SetSigning(v IdentityProviderCredentialsSigning) {
+	o.Signing = &v
+}
+
+// GetTrust returns the Trust field value if set, zero value otherwise.
+func (o *IdentityProviderCredentials) GetTrust() IdentityProviderCredentialsTrust {
+	if o == nil || o.Trust == nil {
+		var ret IdentityProviderCredentialsTrust
+		return ret
+	}
+	return *o.Trust
+}
+
+// GetTrustOk returns a tuple with the Trust field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentials) GetTrustOk() (*IdentityProviderCredentialsTrust, bool) {
+	if o == nil || o.Trust == nil {
+		return nil, false
+	}
+	return o.Trust, true
+}
+
+// HasTrust returns a boolean if a field has been set.
+func (o *IdentityProviderCredentials) HasTrust() bool {
+	if o != nil && o.Trust != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTrust gets a reference to the given IdentityProviderCredentialsTrust and assigns it to the Trust field.
+func (o *IdentityProviderCredentials) SetTrust(v IdentityProviderCredentialsTrust) {
+	o.Trust = &v
+}
+
+func (o IdentityProviderCredentials) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Client != nil {
+		toSerialize["client"] = o.Client
+	}
+	if o.Signing != nil {
+		toSerialize["signing"] = o.Signing
+	}
+	if o.Trust != nil {
+		toSerialize["trust"] = o.Trust
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderCredentials) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProviderCredentials := _IdentityProviderCredentials{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderCredentials)
+	if err == nil {
+		*o = IdentityProviderCredentials(varIdentityProviderCredentials)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "client")
+		delete(additionalProperties, "signing")
+		delete(additionalProperties, "trust")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderCredentials struct {
+	value *IdentityProviderCredentials
+	isSet bool
+}
+
+func (v NullableIdentityProviderCredentials) Get() *IdentityProviderCredentials {
+	return v.value
+}
+
+func (v *NullableIdentityProviderCredentials) Set(val *IdentityProviderCredentials) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderCredentials) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderCredentials) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderCredentials(val *IdentityProviderCredentials) *NullableIdentityProviderCredentials {
+	return &NullableIdentityProviderCredentials{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderCredentials) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderCredentials) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_credentials_client.go b/okta/model_identity_provider_credentials_client.go
new file mode 100644
index 000000000..5e28df8bc
--- /dev/null
+++ b/okta/model_identity_provider_credentials_client.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentityProviderCredentialsClient struct for IdentityProviderCredentialsClient
+type IdentityProviderCredentialsClient struct {
+	ClientId             *string `json:"client_id,omitempty"`
+	ClientSecret         *string `json:"client_secret,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProviderCredentialsClient IdentityProviderCredentialsClient
+
+// NewIdentityProviderCredentialsClient instantiates a new IdentityProviderCredentialsClient object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderCredentialsClient() *IdentityProviderCredentialsClient {
+	this := IdentityProviderCredentialsClient{}
+	return &this
+}
+
+// NewIdentityProviderCredentialsClientWithDefaults instantiates a new IdentityProviderCredentialsClient object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderCredentialsClientWithDefaults() *IdentityProviderCredentialsClient {
+	this := IdentityProviderCredentialsClient{}
+	return &this
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsClient) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsClient) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsClient) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *IdentityProviderCredentialsClient) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetClientSecret returns the ClientSecret field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsClient) GetClientSecret() string {
+	if o == nil || o.ClientSecret == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientSecret
+}
+
+// GetClientSecretOk returns a tuple with the ClientSecret field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsClient) GetClientSecretOk() (*string, bool) {
+	if o == nil || o.ClientSecret == nil {
+		return nil, false
+	}
+	return o.ClientSecret, true
+}
+
+// HasClientSecret returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsClient) HasClientSecret() bool {
+	if o != nil && o.ClientSecret != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientSecret gets a reference to the given string and assigns it to the ClientSecret field.
+func (o *IdentityProviderCredentialsClient) SetClientSecret(v string) {
+	o.ClientSecret = &v
+}
+
+func (o IdentityProviderCredentialsClient) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ClientId != nil {
+		toSerialize["client_id"] = o.ClientId
+	}
+	if o.ClientSecret != nil {
+		toSerialize["client_secret"] = o.ClientSecret
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderCredentialsClient) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProviderCredentialsClient := _IdentityProviderCredentialsClient{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderCredentialsClient)
+	if err == nil {
+		*o = IdentityProviderCredentialsClient(varIdentityProviderCredentialsClient)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "client_id")
+		delete(additionalProperties, "client_secret")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderCredentialsClient struct {
+	value *IdentityProviderCredentialsClient
+	isSet bool
+}
+
+func (v NullableIdentityProviderCredentialsClient) Get() *IdentityProviderCredentialsClient {
+	return v.value
+}
+
+func (v *NullableIdentityProviderCredentialsClient) Set(val *IdentityProviderCredentialsClient) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderCredentialsClient) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderCredentialsClient) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderCredentialsClient(val *IdentityProviderCredentialsClient) *NullableIdentityProviderCredentialsClient {
+	return &NullableIdentityProviderCredentialsClient{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderCredentialsClient) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderCredentialsClient) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_credentials_signing.go b/okta/model_identity_provider_credentials_signing.go
new file mode 100644
index 000000000..c0bebcbcf
--- /dev/null
+++ b/okta/model_identity_provider_credentials_signing.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentityProviderCredentialsSigning struct for IdentityProviderCredentialsSigning
+type IdentityProviderCredentialsSigning struct {
+	Kid                  *string `json:"kid,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProviderCredentialsSigning IdentityProviderCredentialsSigning
+
+// NewIdentityProviderCredentialsSigning instantiates a new IdentityProviderCredentialsSigning object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderCredentialsSigning() *IdentityProviderCredentialsSigning {
+	this := IdentityProviderCredentialsSigning{}
+	return &this
+}
+
+// NewIdentityProviderCredentialsSigningWithDefaults instantiates a new IdentityProviderCredentialsSigning object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderCredentialsSigningWithDefaults() *IdentityProviderCredentialsSigning {
+	this := IdentityProviderCredentialsSigning{}
+	return &this
+}
+
+// GetKid returns the Kid field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsSigning) GetKid() string {
+	if o == nil || o.Kid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Kid
+}
+
+// GetKidOk returns a tuple with the Kid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsSigning) GetKidOk() (*string, bool) {
+	if o == nil || o.Kid == nil {
+		return nil, false
+	}
+	return o.Kid, true
+}
+
+// HasKid returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsSigning) HasKid() bool {
+	if o != nil && o.Kid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKid gets a reference to the given string and assigns it to the Kid field.
+func (o *IdentityProviderCredentialsSigning) SetKid(v string) {
+	o.Kid = &v
+}
+
+func (o IdentityProviderCredentialsSigning) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Kid != nil {
+		toSerialize["kid"] = o.Kid
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderCredentialsSigning) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProviderCredentialsSigning := _IdentityProviderCredentialsSigning{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderCredentialsSigning)
+	if err == nil {
+		*o = IdentityProviderCredentialsSigning(varIdentityProviderCredentialsSigning)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "kid")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderCredentialsSigning struct {
+	value *IdentityProviderCredentialsSigning
+	isSet bool
+}
+
+func (v NullableIdentityProviderCredentialsSigning) Get() *IdentityProviderCredentialsSigning {
+	return v.value
+}
+
+func (v *NullableIdentityProviderCredentialsSigning) Set(val *IdentityProviderCredentialsSigning) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderCredentialsSigning) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderCredentialsSigning) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderCredentialsSigning(val *IdentityProviderCredentialsSigning) *NullableIdentityProviderCredentialsSigning {
+	return &NullableIdentityProviderCredentialsSigning{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderCredentialsSigning) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderCredentialsSigning) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_credentials_trust.go b/okta/model_identity_provider_credentials_trust.go
new file mode 100644
index 000000000..ded817471
--- /dev/null
+++ b/okta/model_identity_provider_credentials_trust.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentityProviderCredentialsTrust struct for IdentityProviderCredentialsTrust
+type IdentityProviderCredentialsTrust struct {
+	Audience                *string                                     `json:"audience,omitempty"`
+	Issuer                  *string                                     `json:"issuer,omitempty"`
+	Kid                     *string                                     `json:"kid,omitempty"`
+	Revocation              *IdentityProviderCredentialsTrustRevocation `json:"revocation,omitempty"`
+	RevocationCacheLifetime *int32                                      `json:"revocationCacheLifetime,omitempty"`
+	AdditionalProperties    map[string]interface{}
+}
+
+type _IdentityProviderCredentialsTrust IdentityProviderCredentialsTrust
+
+// NewIdentityProviderCredentialsTrust instantiates a new IdentityProviderCredentialsTrust object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderCredentialsTrust() *IdentityProviderCredentialsTrust {
+	this := IdentityProviderCredentialsTrust{}
+	return &this
+}
+
+// NewIdentityProviderCredentialsTrustWithDefaults instantiates a new IdentityProviderCredentialsTrust object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderCredentialsTrustWithDefaults() *IdentityProviderCredentialsTrust {
+	this := IdentityProviderCredentialsTrust{}
+	return &this
+}
+
+// GetAudience returns the Audience field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsTrust) GetAudience() string {
+	if o == nil || o.Audience == nil {
+		var ret string
+		return ret
+	}
+	return *o.Audience
+}
+
+// GetAudienceOk returns a tuple with the Audience field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsTrust) GetAudienceOk() (*string, bool) {
+	if o == nil || o.Audience == nil {
+		return nil, false
+	}
+	return o.Audience, true
+}
+
+// HasAudience returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsTrust) HasAudience() bool {
+	if o != nil && o.Audience != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAudience gets a reference to the given string and assigns it to the Audience field.
+func (o *IdentityProviderCredentialsTrust) SetAudience(v string) {
+	o.Audience = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsTrust) GetIssuer() string {
+	if o == nil || o.Issuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsTrust) GetIssuerOk() (*string, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsTrust) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given string and assigns it to the Issuer field.
+func (o *IdentityProviderCredentialsTrust) SetIssuer(v string) {
+	o.Issuer = &v
+}
+
+// GetKid returns the Kid field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsTrust) GetKid() string {
+	if o == nil || o.Kid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Kid
+}
+
+// GetKidOk returns a tuple with the Kid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsTrust) GetKidOk() (*string, bool) {
+	if o == nil || o.Kid == nil {
+		return nil, false
+	}
+	return o.Kid, true
+}
+
+// HasKid returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsTrust) HasKid() bool {
+	if o != nil && o.Kid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKid gets a reference to the given string and assigns it to the Kid field.
+func (o *IdentityProviderCredentialsTrust) SetKid(v string) {
+	o.Kid = &v
+}
+
+// GetRevocation returns the Revocation field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsTrust) GetRevocation() IdentityProviderCredentialsTrustRevocation {
+	if o == nil || o.Revocation == nil {
+		var ret IdentityProviderCredentialsTrustRevocation
+		return ret
+	}
+	return *o.Revocation
+}
+
+// GetRevocationOk returns a tuple with the Revocation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsTrust) GetRevocationOk() (*IdentityProviderCredentialsTrustRevocation, bool) {
+	if o == nil || o.Revocation == nil {
+		return nil, false
+	}
+	return o.Revocation, true
+}
+
+// HasRevocation returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsTrust) HasRevocation() bool {
+	if o != nil && o.Revocation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRevocation gets a reference to the given IdentityProviderCredentialsTrustRevocation and assigns it to the Revocation field.
+func (o *IdentityProviderCredentialsTrust) SetRevocation(v IdentityProviderCredentialsTrustRevocation) {
+	o.Revocation = &v
+}
+
+// GetRevocationCacheLifetime returns the RevocationCacheLifetime field value if set, zero value otherwise.
+func (o *IdentityProviderCredentialsTrust) GetRevocationCacheLifetime() int32 {
+	if o == nil || o.RevocationCacheLifetime == nil {
+		var ret int32
+		return ret
+	}
+	return *o.RevocationCacheLifetime
+}
+
+// GetRevocationCacheLifetimeOk returns a tuple with the RevocationCacheLifetime field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderCredentialsTrust) GetRevocationCacheLifetimeOk() (*int32, bool) {
+	if o == nil || o.RevocationCacheLifetime == nil {
+		return nil, false
+	}
+	return o.RevocationCacheLifetime, true
+}
+
+// HasRevocationCacheLifetime returns a boolean if a field has been set.
+func (o *IdentityProviderCredentialsTrust) HasRevocationCacheLifetime() bool {
+	if o != nil && o.RevocationCacheLifetime != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRevocationCacheLifetime gets a reference to the given int32 and assigns it to the RevocationCacheLifetime field.
+func (o *IdentityProviderCredentialsTrust) SetRevocationCacheLifetime(v int32) {
+	o.RevocationCacheLifetime = &v
+}
+
+func (o IdentityProviderCredentialsTrust) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Audience != nil {
+		toSerialize["audience"] = o.Audience
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+	if o.Kid != nil {
+		toSerialize["kid"] = o.Kid
+	}
+	if o.Revocation != nil {
+		toSerialize["revocation"] = o.Revocation
+	}
+	if o.RevocationCacheLifetime != nil {
+		toSerialize["revocationCacheLifetime"] = o.RevocationCacheLifetime
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderCredentialsTrust) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProviderCredentialsTrust := _IdentityProviderCredentialsTrust{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderCredentialsTrust)
+	if err == nil {
+		*o = IdentityProviderCredentialsTrust(varIdentityProviderCredentialsTrust)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "audience")
+		delete(additionalProperties, "issuer")
+		delete(additionalProperties, "kid")
+		delete(additionalProperties, "revocation")
+		delete(additionalProperties, "revocationCacheLifetime")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderCredentialsTrust struct {
+	value *IdentityProviderCredentialsTrust
+	isSet bool
+}
+
+func (v NullableIdentityProviderCredentialsTrust) Get() *IdentityProviderCredentialsTrust {
+	return v.value
+}
+
+func (v *NullableIdentityProviderCredentialsTrust) Set(val *IdentityProviderCredentialsTrust) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderCredentialsTrust) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderCredentialsTrust) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderCredentialsTrust(val *IdentityProviderCredentialsTrust) *NullableIdentityProviderCredentialsTrust {
+	return &NullableIdentityProviderCredentialsTrust{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderCredentialsTrust) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderCredentialsTrust) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_credentials_trust_revocation.go b/okta/model_identity_provider_credentials_trust_revocation.go
new file mode 100644
index 000000000..8ee7c661b
--- /dev/null
+++ b/okta/model_identity_provider_credentials_trust_revocation.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// IdentityProviderCredentialsTrustRevocation the model 'IdentityProviderCredentialsTrustRevocation'
+type IdentityProviderCredentialsTrustRevocation string
+
+// List of IdentityProviderCredentialsTrustRevocation
+const (
+	IDENTITYPROVIDERCREDENTIALSTRUSTREVOCATION_CRL       IdentityProviderCredentialsTrustRevocation = "CRL"
+	IDENTITYPROVIDERCREDENTIALSTRUSTREVOCATION_DELTA_CRL IdentityProviderCredentialsTrustRevocation = "DELTA_CRL"
+	IDENTITYPROVIDERCREDENTIALSTRUSTREVOCATION_OCSP      IdentityProviderCredentialsTrustRevocation = "OCSP"
+)
+
+// All allowed values of IdentityProviderCredentialsTrustRevocation enum
+var AllowedIdentityProviderCredentialsTrustRevocationEnumValues = []IdentityProviderCredentialsTrustRevocation{
+	"CRL",
+	"DELTA_CRL",
+	"OCSP",
+}
+
+func (v *IdentityProviderCredentialsTrustRevocation) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := IdentityProviderCredentialsTrustRevocation(value)
+	for _, existing := range AllowedIdentityProviderCredentialsTrustRevocationEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid IdentityProviderCredentialsTrustRevocation", value)
+}
+
+// NewIdentityProviderCredentialsTrustRevocationFromValue returns a pointer to a valid IdentityProviderCredentialsTrustRevocation
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewIdentityProviderCredentialsTrustRevocationFromValue(v string) (*IdentityProviderCredentialsTrustRevocation, error) {
+	ev := IdentityProviderCredentialsTrustRevocation(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for IdentityProviderCredentialsTrustRevocation: valid values are %v", v, AllowedIdentityProviderCredentialsTrustRevocationEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v IdentityProviderCredentialsTrustRevocation) IsValid() bool {
+	for _, existing := range AllowedIdentityProviderCredentialsTrustRevocationEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to IdentityProviderCredentialsTrustRevocation value
+func (v IdentityProviderCredentialsTrustRevocation) Ptr() *IdentityProviderCredentialsTrustRevocation {
+	return &v
+}
+
+type NullableIdentityProviderCredentialsTrustRevocation struct {
+	value *IdentityProviderCredentialsTrustRevocation
+	isSet bool
+}
+
+func (v NullableIdentityProviderCredentialsTrustRevocation) Get() *IdentityProviderCredentialsTrustRevocation {
+	return v.value
+}
+
+func (v *NullableIdentityProviderCredentialsTrustRevocation) Set(val *IdentityProviderCredentialsTrustRevocation) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderCredentialsTrustRevocation) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderCredentialsTrustRevocation) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderCredentialsTrustRevocation(val *IdentityProviderCredentialsTrustRevocation) *NullableIdentityProviderCredentialsTrustRevocation {
+	return &NullableIdentityProviderCredentialsTrustRevocation{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderCredentialsTrustRevocation) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderCredentialsTrustRevocation) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_policy.go b/okta/model_identity_provider_policy.go
new file mode 100644
index 000000000..d473ebe52
--- /dev/null
+++ b/okta/model_identity_provider_policy.go
@@ -0,0 +1,359 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// IdentityProviderPolicy struct for IdentityProviderPolicy
+type IdentityProviderPolicy struct {
+	Policy
+	AccountLink          *PolicyAccountLink    `json:"accountLink,omitempty"`
+	Conditions           *PolicyRuleConditions `json:"conditions,omitempty"`
+	MaxClockSkew         *int32                `json:"maxClockSkew,omitempty"`
+	Provisioning         *Provisioning         `json:"provisioning,omitempty"`
+	Subject              *PolicySubject        `json:"subject,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProviderPolicy IdentityProviderPolicy
+
+// NewIdentityProviderPolicy instantiates a new IdentityProviderPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderPolicy() *IdentityProviderPolicy {
+	this := IdentityProviderPolicy{}
+	return &this
+}
+
+// NewIdentityProviderPolicyWithDefaults instantiates a new IdentityProviderPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderPolicyWithDefaults() *IdentityProviderPolicy {
+	this := IdentityProviderPolicy{}
+	return &this
+}
+
+// GetAccountLink returns the AccountLink field value if set, zero value otherwise.
+func (o *IdentityProviderPolicy) GetAccountLink() PolicyAccountLink {
+	if o == nil || o.AccountLink == nil {
+		var ret PolicyAccountLink
+		return ret
+	}
+	return *o.AccountLink
+}
+
+// GetAccountLinkOk returns a tuple with the AccountLink field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicy) GetAccountLinkOk() (*PolicyAccountLink, bool) {
+	if o == nil || o.AccountLink == nil {
+		return nil, false
+	}
+	return o.AccountLink, true
+}
+
+// HasAccountLink returns a boolean if a field has been set.
+func (o *IdentityProviderPolicy) HasAccountLink() bool {
+	if o != nil && o.AccountLink != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccountLink gets a reference to the given PolicyAccountLink and assigns it to the AccountLink field.
+func (o *IdentityProviderPolicy) SetAccountLink(v PolicyAccountLink) {
+	o.AccountLink = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *IdentityProviderPolicy) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicy) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *IdentityProviderPolicy) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *IdentityProviderPolicy) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+// GetMaxClockSkew returns the MaxClockSkew field value if set, zero value otherwise.
+func (o *IdentityProviderPolicy) GetMaxClockSkew() int32 {
+	if o == nil || o.MaxClockSkew == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxClockSkew
+}
+
+// GetMaxClockSkewOk returns a tuple with the MaxClockSkew field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicy) GetMaxClockSkewOk() (*int32, bool) {
+	if o == nil || o.MaxClockSkew == nil {
+		return nil, false
+	}
+	return o.MaxClockSkew, true
+}
+
+// HasMaxClockSkew returns a boolean if a field has been set.
+func (o *IdentityProviderPolicy) HasMaxClockSkew() bool {
+	if o != nil && o.MaxClockSkew != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxClockSkew gets a reference to the given int32 and assigns it to the MaxClockSkew field.
+func (o *IdentityProviderPolicy) SetMaxClockSkew(v int32) {
+	o.MaxClockSkew = &v
+}
+
+// GetProvisioning returns the Provisioning field value if set, zero value otherwise.
+func (o *IdentityProviderPolicy) GetProvisioning() Provisioning {
+	if o == nil || o.Provisioning == nil {
+		var ret Provisioning
+		return ret
+	}
+	return *o.Provisioning
+}
+
+// GetProvisioningOk returns a tuple with the Provisioning field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicy) GetProvisioningOk() (*Provisioning, bool) {
+	if o == nil || o.Provisioning == nil {
+		return nil, false
+	}
+	return o.Provisioning, true
+}
+
+// HasProvisioning returns a boolean if a field has been set.
+func (o *IdentityProviderPolicy) HasProvisioning() bool {
+	if o != nil && o.Provisioning != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProvisioning gets a reference to the given Provisioning and assigns it to the Provisioning field.
+func (o *IdentityProviderPolicy) SetProvisioning(v Provisioning) {
+	o.Provisioning = &v
+}
+
+// GetSubject returns the Subject field value if set, zero value otherwise.
+func (o *IdentityProviderPolicy) GetSubject() PolicySubject {
+	if o == nil || o.Subject == nil {
+		var ret PolicySubject
+		return ret
+	}
+	return *o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicy) GetSubjectOk() (*PolicySubject, bool) {
+	if o == nil || o.Subject == nil {
+		return nil, false
+	}
+	return o.Subject, true
+}
+
+// HasSubject returns a boolean if a field has been set.
+func (o *IdentityProviderPolicy) HasSubject() bool {
+	if o != nil && o.Subject != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubject gets a reference to the given PolicySubject and assigns it to the Subject field.
+func (o *IdentityProviderPolicy) SetSubject(v PolicySubject) {
+	o.Subject = &v
+}
+
+func (o IdentityProviderPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicy, errPolicy := json.Marshal(o.Policy)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	errPolicy = json.Unmarshal([]byte(serializedPolicy), &toSerialize)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	if o.AccountLink != nil {
+		toSerialize["accountLink"] = o.AccountLink
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.MaxClockSkew != nil {
+		toSerialize["maxClockSkew"] = o.MaxClockSkew
+	}
+	if o.Provisioning != nil {
+		toSerialize["provisioning"] = o.Provisioning
+	}
+	if o.Subject != nil {
+		toSerialize["subject"] = o.Subject
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderPolicy) UnmarshalJSON(bytes []byte) (err error) {
+	type IdentityProviderPolicyWithoutEmbeddedStruct struct {
+		AccountLink  *PolicyAccountLink    `json:"accountLink,omitempty"`
+		Conditions   *PolicyRuleConditions `json:"conditions,omitempty"`
+		MaxClockSkew *int32                `json:"maxClockSkew,omitempty"`
+		Provisioning *Provisioning         `json:"provisioning,omitempty"`
+		Subject      *PolicySubject        `json:"subject,omitempty"`
+	}
+
+	varIdentityProviderPolicyWithoutEmbeddedStruct := IdentityProviderPolicyWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderPolicyWithoutEmbeddedStruct)
+	if err == nil {
+		varIdentityProviderPolicy := _IdentityProviderPolicy{}
+		varIdentityProviderPolicy.AccountLink = varIdentityProviderPolicyWithoutEmbeddedStruct.AccountLink
+		varIdentityProviderPolicy.Conditions = varIdentityProviderPolicyWithoutEmbeddedStruct.Conditions
+		varIdentityProviderPolicy.MaxClockSkew = varIdentityProviderPolicyWithoutEmbeddedStruct.MaxClockSkew
+		varIdentityProviderPolicy.Provisioning = varIdentityProviderPolicyWithoutEmbeddedStruct.Provisioning
+		varIdentityProviderPolicy.Subject = varIdentityProviderPolicyWithoutEmbeddedStruct.Subject
+		*o = IdentityProviderPolicy(varIdentityProviderPolicy)
+	} else {
+		return err
+	}
+
+	varIdentityProviderPolicy := _IdentityProviderPolicy{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderPolicy)
+	if err == nil {
+		o.Policy = varIdentityProviderPolicy.Policy
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "accountLink")
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "maxClockSkew")
+		delete(additionalProperties, "provisioning")
+		delete(additionalProperties, "subject")
+
+		// remove fields from embedded structs
+		reflectPolicy := reflect.ValueOf(o.Policy)
+		for i := 0; i < reflectPolicy.Type().NumField(); i++ {
+			t := reflectPolicy.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderPolicy struct {
+	value *IdentityProviderPolicy
+	isSet bool
+}
+
+func (v NullableIdentityProviderPolicy) Get() *IdentityProviderPolicy {
+	return v.value
+}
+
+func (v *NullableIdentityProviderPolicy) Set(val *IdentityProviderPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderPolicy(val *IdentityProviderPolicy) *NullableIdentityProviderPolicy {
+	return &NullableIdentityProviderPolicy{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_policy_all_of.go b/okta/model_identity_provider_policy_all_of.go
new file mode 100644
index 000000000..9dbafb20a
--- /dev/null
+++ b/okta/model_identity_provider_policy_all_of.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentityProviderPolicyAllOf struct for IdentityProviderPolicyAllOf
+type IdentityProviderPolicyAllOf struct {
+	AccountLink          *PolicyAccountLink    `json:"accountLink,omitempty"`
+	Conditions           *PolicyRuleConditions `json:"conditions,omitempty"`
+	MaxClockSkew         *int32                `json:"maxClockSkew,omitempty"`
+	Provisioning         *Provisioning         `json:"provisioning,omitempty"`
+	Subject              *PolicySubject        `json:"subject,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProviderPolicyAllOf IdentityProviderPolicyAllOf
+
+// NewIdentityProviderPolicyAllOf instantiates a new IdentityProviderPolicyAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderPolicyAllOf() *IdentityProviderPolicyAllOf {
+	this := IdentityProviderPolicyAllOf{}
+	return &this
+}
+
+// NewIdentityProviderPolicyAllOfWithDefaults instantiates a new IdentityProviderPolicyAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderPolicyAllOfWithDefaults() *IdentityProviderPolicyAllOf {
+	this := IdentityProviderPolicyAllOf{}
+	return &this
+}
+
+// GetAccountLink returns the AccountLink field value if set, zero value otherwise.
+func (o *IdentityProviderPolicyAllOf) GetAccountLink() PolicyAccountLink {
+	if o == nil || o.AccountLink == nil {
+		var ret PolicyAccountLink
+		return ret
+	}
+	return *o.AccountLink
+}
+
+// GetAccountLinkOk returns a tuple with the AccountLink field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicyAllOf) GetAccountLinkOk() (*PolicyAccountLink, bool) {
+	if o == nil || o.AccountLink == nil {
+		return nil, false
+	}
+	return o.AccountLink, true
+}
+
+// HasAccountLink returns a boolean if a field has been set.
+func (o *IdentityProviderPolicyAllOf) HasAccountLink() bool {
+	if o != nil && o.AccountLink != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccountLink gets a reference to the given PolicyAccountLink and assigns it to the AccountLink field.
+func (o *IdentityProviderPolicyAllOf) SetAccountLink(v PolicyAccountLink) {
+	o.AccountLink = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *IdentityProviderPolicyAllOf) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicyAllOf) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *IdentityProviderPolicyAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *IdentityProviderPolicyAllOf) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+// GetMaxClockSkew returns the MaxClockSkew field value if set, zero value otherwise.
+func (o *IdentityProviderPolicyAllOf) GetMaxClockSkew() int32 {
+	if o == nil || o.MaxClockSkew == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxClockSkew
+}
+
+// GetMaxClockSkewOk returns a tuple with the MaxClockSkew field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicyAllOf) GetMaxClockSkewOk() (*int32, bool) {
+	if o == nil || o.MaxClockSkew == nil {
+		return nil, false
+	}
+	return o.MaxClockSkew, true
+}
+
+// HasMaxClockSkew returns a boolean if a field has been set.
+func (o *IdentityProviderPolicyAllOf) HasMaxClockSkew() bool {
+	if o != nil && o.MaxClockSkew != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxClockSkew gets a reference to the given int32 and assigns it to the MaxClockSkew field.
+func (o *IdentityProviderPolicyAllOf) SetMaxClockSkew(v int32) {
+	o.MaxClockSkew = &v
+}
+
+// GetProvisioning returns the Provisioning field value if set, zero value otherwise.
+func (o *IdentityProviderPolicyAllOf) GetProvisioning() Provisioning {
+	if o == nil || o.Provisioning == nil {
+		var ret Provisioning
+		return ret
+	}
+	return *o.Provisioning
+}
+
+// GetProvisioningOk returns a tuple with the Provisioning field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicyAllOf) GetProvisioningOk() (*Provisioning, bool) {
+	if o == nil || o.Provisioning == nil {
+		return nil, false
+	}
+	return o.Provisioning, true
+}
+
+// HasProvisioning returns a boolean if a field has been set.
+func (o *IdentityProviderPolicyAllOf) HasProvisioning() bool {
+	if o != nil && o.Provisioning != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProvisioning gets a reference to the given Provisioning and assigns it to the Provisioning field.
+func (o *IdentityProviderPolicyAllOf) SetProvisioning(v Provisioning) {
+	o.Provisioning = &v
+}
+
+// GetSubject returns the Subject field value if set, zero value otherwise.
+func (o *IdentityProviderPolicyAllOf) GetSubject() PolicySubject {
+	if o == nil || o.Subject == nil {
+		var ret PolicySubject
+		return ret
+	}
+	return *o.Subject
+}
+
+// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicyAllOf) GetSubjectOk() (*PolicySubject, bool) {
+	if o == nil || o.Subject == nil {
+		return nil, false
+	}
+	return o.Subject, true
+}
+
+// HasSubject returns a boolean if a field has been set.
+func (o *IdentityProviderPolicyAllOf) HasSubject() bool {
+	if o != nil && o.Subject != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubject gets a reference to the given PolicySubject and assigns it to the Subject field.
+func (o *IdentityProviderPolicyAllOf) SetSubject(v PolicySubject) {
+	o.Subject = &v
+}
+
+func (o IdentityProviderPolicyAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AccountLink != nil {
+		toSerialize["accountLink"] = o.AccountLink
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.MaxClockSkew != nil {
+		toSerialize["maxClockSkew"] = o.MaxClockSkew
+	}
+	if o.Provisioning != nil {
+		toSerialize["provisioning"] = o.Provisioning
+	}
+	if o.Subject != nil {
+		toSerialize["subject"] = o.Subject
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderPolicyAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProviderPolicyAllOf := _IdentityProviderPolicyAllOf{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderPolicyAllOf)
+	if err == nil {
+		*o = IdentityProviderPolicyAllOf(varIdentityProviderPolicyAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "accountLink")
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "maxClockSkew")
+		delete(additionalProperties, "provisioning")
+		delete(additionalProperties, "subject")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderPolicyAllOf struct {
+	value *IdentityProviderPolicyAllOf
+	isSet bool
+}
+
+func (v NullableIdentityProviderPolicyAllOf) Get() *IdentityProviderPolicyAllOf {
+	return v.value
+}
+
+func (v *NullableIdentityProviderPolicyAllOf) Set(val *IdentityProviderPolicyAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderPolicyAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderPolicyAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderPolicyAllOf(val *IdentityProviderPolicyAllOf) *NullableIdentityProviderPolicyAllOf {
+	return &NullableIdentityProviderPolicyAllOf{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderPolicyAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderPolicyAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_policy_provider.go b/okta/model_identity_provider_policy_provider.go
new file mode 100644
index 000000000..7fbf757b4
--- /dev/null
+++ b/okta/model_identity_provider_policy_provider.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// IdentityProviderPolicyProvider the model 'IdentityProviderPolicyProvider'
+type IdentityProviderPolicyProvider string
+
+// List of IdentityProviderPolicyProvider
+const (
+	IDENTITYPROVIDERPOLICYPROVIDER_ANY          IdentityProviderPolicyProvider = "ANY"
+	IDENTITYPROVIDERPOLICYPROVIDER_OKTA         IdentityProviderPolicyProvider = "OKTA"
+	IDENTITYPROVIDERPOLICYPROVIDER_SPECIFIC_IDP IdentityProviderPolicyProvider = "SPECIFIC_IDP"
+)
+
+// All allowed values of IdentityProviderPolicyProvider enum
+var AllowedIdentityProviderPolicyProviderEnumValues = []IdentityProviderPolicyProvider{
+	"ANY",
+	"OKTA",
+	"SPECIFIC_IDP",
+}
+
+func (v *IdentityProviderPolicyProvider) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := IdentityProviderPolicyProvider(value)
+	for _, existing := range AllowedIdentityProviderPolicyProviderEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid IdentityProviderPolicyProvider", value)
+}
+
+// NewIdentityProviderPolicyProviderFromValue returns a pointer to a valid IdentityProviderPolicyProvider
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewIdentityProviderPolicyProviderFromValue(v string) (*IdentityProviderPolicyProvider, error) {
+	ev := IdentityProviderPolicyProvider(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for IdentityProviderPolicyProvider: valid values are %v", v, AllowedIdentityProviderPolicyProviderEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v IdentityProviderPolicyProvider) IsValid() bool {
+	for _, existing := range AllowedIdentityProviderPolicyProviderEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to IdentityProviderPolicyProvider value
+func (v IdentityProviderPolicyProvider) Ptr() *IdentityProviderPolicyProvider {
+	return &v
+}
+
+type NullableIdentityProviderPolicyProvider struct {
+	value *IdentityProviderPolicyProvider
+	isSet bool
+}
+
+func (v NullableIdentityProviderPolicyProvider) Get() *IdentityProviderPolicyProvider {
+	return v.value
+}
+
+func (v *NullableIdentityProviderPolicyProvider) Set(val *IdentityProviderPolicyProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderPolicyProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderPolicyProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderPolicyProvider(val *IdentityProviderPolicyProvider) *NullableIdentityProviderPolicyProvider {
+	return &NullableIdentityProviderPolicyProvider{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderPolicyProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderPolicyProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_policy_rule_condition.go b/okta/model_identity_provider_policy_rule_condition.go
new file mode 100644
index 000000000..5bbea11bc
--- /dev/null
+++ b/okta/model_identity_provider_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentityProviderPolicyRuleCondition struct for IdentityProviderPolicyRuleCondition
+type IdentityProviderPolicyRuleCondition struct {
+	IdpIds               []string                        `json:"idpIds,omitempty"`
+	Provider             *IdentityProviderPolicyProvider `json:"provider,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentityProviderPolicyRuleCondition IdentityProviderPolicyRuleCondition
+
+// NewIdentityProviderPolicyRuleCondition instantiates a new IdentityProviderPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentityProviderPolicyRuleCondition() *IdentityProviderPolicyRuleCondition {
+	this := IdentityProviderPolicyRuleCondition{}
+	return &this
+}
+
+// NewIdentityProviderPolicyRuleConditionWithDefaults instantiates a new IdentityProviderPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentityProviderPolicyRuleConditionWithDefaults() *IdentityProviderPolicyRuleCondition {
+	this := IdentityProviderPolicyRuleCondition{}
+	return &this
+}
+
+// GetIdpIds returns the IdpIds field value if set, zero value otherwise.
+func (o *IdentityProviderPolicyRuleCondition) GetIdpIds() []string {
+	if o == nil || o.IdpIds == nil {
+		var ret []string
+		return ret
+	}
+	return o.IdpIds
+}
+
+// GetIdpIdsOk returns a tuple with the IdpIds field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicyRuleCondition) GetIdpIdsOk() ([]string, bool) {
+	if o == nil || o.IdpIds == nil {
+		return nil, false
+	}
+	return o.IdpIds, true
+}
+
+// HasIdpIds returns a boolean if a field has been set.
+func (o *IdentityProviderPolicyRuleCondition) HasIdpIds() bool {
+	if o != nil && o.IdpIds != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdpIds gets a reference to the given []string and assigns it to the IdpIds field.
+func (o *IdentityProviderPolicyRuleCondition) SetIdpIds(v []string) {
+	o.IdpIds = v
+}
+
+// GetProvider returns the Provider field value if set, zero value otherwise.
+func (o *IdentityProviderPolicyRuleCondition) GetProvider() IdentityProviderPolicyProvider {
+	if o == nil || o.Provider == nil {
+		var ret IdentityProviderPolicyProvider
+		return ret
+	}
+	return *o.Provider
+}
+
+// GetProviderOk returns a tuple with the Provider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentityProviderPolicyRuleCondition) GetProviderOk() (*IdentityProviderPolicyProvider, bool) {
+	if o == nil || o.Provider == nil {
+		return nil, false
+	}
+	return o.Provider, true
+}
+
+// HasProvider returns a boolean if a field has been set.
+func (o *IdentityProviderPolicyRuleCondition) HasProvider() bool {
+	if o != nil && o.Provider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProvider gets a reference to the given IdentityProviderPolicyProvider and assigns it to the Provider field.
+func (o *IdentityProviderPolicyRuleCondition) SetProvider(v IdentityProviderPolicyProvider) {
+	o.Provider = &v
+}
+
+func (o IdentityProviderPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdpIds != nil {
+		toSerialize["idpIds"] = o.IdpIds
+	}
+	if o.Provider != nil {
+		toSerialize["provider"] = o.Provider
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentityProviderPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentityProviderPolicyRuleCondition := _IdentityProviderPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varIdentityProviderPolicyRuleCondition)
+	if err == nil {
+		*o = IdentityProviderPolicyRuleCondition(varIdentityProviderPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "idpIds")
+		delete(additionalProperties, "provider")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentityProviderPolicyRuleCondition struct {
+	value *IdentityProviderPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableIdentityProviderPolicyRuleCondition) Get() *IdentityProviderPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableIdentityProviderPolicyRuleCondition) Set(val *IdentityProviderPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderPolicyRuleCondition(val *IdentityProviderPolicyRuleCondition) *NullableIdentityProviderPolicyRuleCondition {
+	return &NullableIdentityProviderPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_provider_type.go b/okta/model_identity_provider_type.go
new file mode 100644
index 000000000..483304ade
--- /dev/null
+++ b/okta/model_identity_provider_type.go
@@ -0,0 +1,140 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// IdentityProviderType the model 'IdentityProviderType'
+type IdentityProviderType string
+
+// List of IdentityProviderType
+const (
+	IDENTITYPROVIDERTYPE_AGENTLESS_DSSO IdentityProviderType = "AgentlessDSSO"
+	IDENTITYPROVIDERTYPE_FACEBOOK       IdentityProviderType = "FACEBOOK"
+	IDENTITYPROVIDERTYPE_GOOGLE         IdentityProviderType = "GOOGLE"
+	IDENTITYPROVIDERTYPE_IWA            IdentityProviderType = "IWA"
+	IDENTITYPROVIDERTYPE_LINKEDIN       IdentityProviderType = "LINKEDIN"
+	IDENTITYPROVIDERTYPE_MICROSOFT      IdentityProviderType = "MICROSOFT"
+	IDENTITYPROVIDERTYPE_OIDC           IdentityProviderType = "OIDC"
+	IDENTITYPROVIDERTYPE_OKTA           IdentityProviderType = "OKTA"
+	IDENTITYPROVIDERTYPE_SAML2          IdentityProviderType = "SAML2"
+	IDENTITYPROVIDERTYPE_X509           IdentityProviderType = "X509"
+)
+
+// All allowed values of IdentityProviderType enum
+var AllowedIdentityProviderTypeEnumValues = []IdentityProviderType{
+	"AgentlessDSSO",
+	"FACEBOOK",
+	"GOOGLE",
+	"IWA",
+	"LINKEDIN",
+	"MICROSOFT",
+	"OIDC",
+	"OKTA",
+	"SAML2",
+	"X509",
+}
+
+func (v *IdentityProviderType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := IdentityProviderType(value)
+	for _, existing := range AllowedIdentityProviderTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid IdentityProviderType", value)
+}
+
+// NewIdentityProviderTypeFromValue returns a pointer to a valid IdentityProviderType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewIdentityProviderTypeFromValue(v string) (*IdentityProviderType, error) {
+	ev := IdentityProviderType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for IdentityProviderType: valid values are %v", v, AllowedIdentityProviderTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v IdentityProviderType) IsValid() bool {
+	for _, existing := range AllowedIdentityProviderTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to IdentityProviderType value
+func (v IdentityProviderType) Ptr() *IdentityProviderType {
+	return &v
+}
+
+type NullableIdentityProviderType struct {
+	value *IdentityProviderType
+	isSet bool
+}
+
+func (v NullableIdentityProviderType) Get() *IdentityProviderType {
+	return v.value
+}
+
+func (v *NullableIdentityProviderType) Set(val *IdentityProviderType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentityProviderType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentityProviderType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentityProviderType(val *IdentityProviderType) *NullableIdentityProviderType {
+	return &NullableIdentityProviderType{value: val, isSet: true}
+}
+
+func (v NullableIdentityProviderType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentityProviderType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_source_session.go b/okta/model_identity_source_session.go
new file mode 100644
index 000000000..93a1a5ce4
--- /dev/null
+++ b/okta/model_identity_source_session.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentitySourceSession struct for IdentitySourceSession
+type IdentitySourceSession struct {
+	Id                   *string                      `json:"id,omitempty"`
+	IdentitySourceId     *string                      `json:"identitySourceId,omitempty"`
+	ImportType           *string                      `json:"importType,omitempty"`
+	Status               *IdentitySourceSessionStatus `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentitySourceSession IdentitySourceSession
+
+// NewIdentitySourceSession instantiates a new IdentitySourceSession object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentitySourceSession() *IdentitySourceSession {
+	this := IdentitySourceSession{}
+	return &this
+}
+
+// NewIdentitySourceSessionWithDefaults instantiates a new IdentitySourceSession object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentitySourceSessionWithDefaults() *IdentitySourceSession {
+	this := IdentitySourceSession{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *IdentitySourceSession) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceSession) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *IdentitySourceSession) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *IdentitySourceSession) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIdentitySourceId returns the IdentitySourceId field value if set, zero value otherwise.
+func (o *IdentitySourceSession) GetIdentitySourceId() string {
+	if o == nil || o.IdentitySourceId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentitySourceId
+}
+
+// GetIdentitySourceIdOk returns a tuple with the IdentitySourceId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceSession) GetIdentitySourceIdOk() (*string, bool) {
+	if o == nil || o.IdentitySourceId == nil {
+		return nil, false
+	}
+	return o.IdentitySourceId, true
+}
+
+// HasIdentitySourceId returns a boolean if a field has been set.
+func (o *IdentitySourceSession) HasIdentitySourceId() bool {
+	if o != nil && o.IdentitySourceId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentitySourceId gets a reference to the given string and assigns it to the IdentitySourceId field.
+func (o *IdentitySourceSession) SetIdentitySourceId(v string) {
+	o.IdentitySourceId = &v
+}
+
+// GetImportType returns the ImportType field value if set, zero value otherwise.
+func (o *IdentitySourceSession) GetImportType() string {
+	if o == nil || o.ImportType == nil {
+		var ret string
+		return ret
+	}
+	return *o.ImportType
+}
+
+// GetImportTypeOk returns a tuple with the ImportType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceSession) GetImportTypeOk() (*string, bool) {
+	if o == nil || o.ImportType == nil {
+		return nil, false
+	}
+	return o.ImportType, true
+}
+
+// HasImportType returns a boolean if a field has been set.
+func (o *IdentitySourceSession) HasImportType() bool {
+	if o != nil && o.ImportType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImportType gets a reference to the given string and assigns it to the ImportType field.
+func (o *IdentitySourceSession) SetImportType(v string) {
+	o.ImportType = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *IdentitySourceSession) GetStatus() IdentitySourceSessionStatus {
+	if o == nil || o.Status == nil {
+		var ret IdentitySourceSessionStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceSession) GetStatusOk() (*IdentitySourceSessionStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *IdentitySourceSession) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given IdentitySourceSessionStatus and assigns it to the Status field.
+func (o *IdentitySourceSession) SetStatus(v IdentitySourceSessionStatus) {
+	o.Status = &v
+}
+
+func (o IdentitySourceSession) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IdentitySourceId != nil {
+		toSerialize["identitySourceId"] = o.IdentitySourceId
+	}
+	if o.ImportType != nil {
+		toSerialize["importType"] = o.ImportType
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentitySourceSession) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentitySourceSession := _IdentitySourceSession{}
+
+	err = json.Unmarshal(bytes, &varIdentitySourceSession)
+	if err == nil {
+		*o = IdentitySourceSession(varIdentitySourceSession)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "identitySourceId")
+		delete(additionalProperties, "importType")
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentitySourceSession struct {
+	value *IdentitySourceSession
+	isSet bool
+}
+
+func (v NullableIdentitySourceSession) Get() *IdentitySourceSession {
+	return v.value
+}
+
+func (v *NullableIdentitySourceSession) Set(val *IdentitySourceSession) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentitySourceSession) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentitySourceSession) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentitySourceSession(val *IdentitySourceSession) *NullableIdentitySourceSession {
+	return &NullableIdentitySourceSession{value: val, isSet: true}
+}
+
+func (v NullableIdentitySourceSession) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentitySourceSession) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_source_session_status.go b/okta/model_identity_source_session_status.go
new file mode 100644
index 000000000..5ff543400
--- /dev/null
+++ b/okta/model_identity_source_session_status.go
@@ -0,0 +1,132 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// IdentitySourceSessionStatus the model 'IdentitySourceSessionStatus'
+type IdentitySourceSessionStatus string
+
+// List of IdentitySourceSessionStatus
+const (
+	IDENTITYSOURCESESSIONSTATUS_CLOSED    IdentitySourceSessionStatus = "CLOSED"
+	IDENTITYSOURCESESSIONSTATUS_COMPLETED IdentitySourceSessionStatus = "COMPLETED"
+	IDENTITYSOURCESESSIONSTATUS_CREATED   IdentitySourceSessionStatus = "CREATED"
+	IDENTITYSOURCESESSIONSTATUS_ERROR     IdentitySourceSessionStatus = "ERROR"
+	IDENTITYSOURCESESSIONSTATUS_EXPIRED   IdentitySourceSessionStatus = "EXPIRED"
+	IDENTITYSOURCESESSIONSTATUS_TRIGGERED IdentitySourceSessionStatus = "TRIGGERED"
+)
+
+// All allowed values of IdentitySourceSessionStatus enum
+var AllowedIdentitySourceSessionStatusEnumValues = []IdentitySourceSessionStatus{
+	"CLOSED",
+	"COMPLETED",
+	"CREATED",
+	"ERROR",
+	"EXPIRED",
+	"TRIGGERED",
+}
+
+func (v *IdentitySourceSessionStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := IdentitySourceSessionStatus(value)
+	for _, existing := range AllowedIdentitySourceSessionStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid IdentitySourceSessionStatus", value)
+}
+
+// NewIdentitySourceSessionStatusFromValue returns a pointer to a valid IdentitySourceSessionStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewIdentitySourceSessionStatusFromValue(v string) (*IdentitySourceSessionStatus, error) {
+	ev := IdentitySourceSessionStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for IdentitySourceSessionStatus: valid values are %v", v, AllowedIdentitySourceSessionStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v IdentitySourceSessionStatus) IsValid() bool {
+	for _, existing := range AllowedIdentitySourceSessionStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to IdentitySourceSessionStatus value
+func (v IdentitySourceSessionStatus) Ptr() *IdentitySourceSessionStatus {
+	return &v
+}
+
+type NullableIdentitySourceSessionStatus struct {
+	value *IdentitySourceSessionStatus
+	isSet bool
+}
+
+func (v NullableIdentitySourceSessionStatus) Get() *IdentitySourceSessionStatus {
+	return v.value
+}
+
+func (v *NullableIdentitySourceSessionStatus) Set(val *IdentitySourceSessionStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentitySourceSessionStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentitySourceSessionStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentitySourceSessionStatus(val *IdentitySourceSessionStatus) *NullableIdentitySourceSessionStatus {
+	return &NullableIdentitySourceSessionStatus{value: val, isSet: true}
+}
+
+func (v NullableIdentitySourceSessionStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentitySourceSessionStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_source_user_profile_for_delete.go b/okta/model_identity_source_user_profile_for_delete.go
new file mode 100644
index 000000000..50846dad9
--- /dev/null
+++ b/okta/model_identity_source_user_profile_for_delete.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentitySourceUserProfileForDelete struct for IdentitySourceUserProfileForDelete
+type IdentitySourceUserProfileForDelete struct {
+	ExternalId           *string `json:"externalId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentitySourceUserProfileForDelete IdentitySourceUserProfileForDelete
+
+// NewIdentitySourceUserProfileForDelete instantiates a new IdentitySourceUserProfileForDelete object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentitySourceUserProfileForDelete() *IdentitySourceUserProfileForDelete {
+	this := IdentitySourceUserProfileForDelete{}
+	return &this
+}
+
+// NewIdentitySourceUserProfileForDeleteWithDefaults instantiates a new IdentitySourceUserProfileForDelete object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentitySourceUserProfileForDeleteWithDefaults() *IdentitySourceUserProfileForDelete {
+	this := IdentitySourceUserProfileForDelete{}
+	return &this
+}
+
+// GetExternalId returns the ExternalId field value if set, zero value otherwise.
+func (o *IdentitySourceUserProfileForDelete) GetExternalId() string {
+	if o == nil || o.ExternalId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalId
+}
+
+// GetExternalIdOk returns a tuple with the ExternalId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceUserProfileForDelete) GetExternalIdOk() (*string, bool) {
+	if o == nil || o.ExternalId == nil {
+		return nil, false
+	}
+	return o.ExternalId, true
+}
+
+// HasExternalId returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForDelete) HasExternalId() bool {
+	if o != nil && o.ExternalId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalId gets a reference to the given string and assigns it to the ExternalId field.
+func (o *IdentitySourceUserProfileForDelete) SetExternalId(v string) {
+	o.ExternalId = &v
+}
+
+func (o IdentitySourceUserProfileForDelete) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExternalId != nil {
+		toSerialize["externalId"] = o.ExternalId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentitySourceUserProfileForDelete) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentitySourceUserProfileForDelete := _IdentitySourceUserProfileForDelete{}
+
+	err = json.Unmarshal(bytes, &varIdentitySourceUserProfileForDelete)
+	if err == nil {
+		*o = IdentitySourceUserProfileForDelete(varIdentitySourceUserProfileForDelete)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "externalId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentitySourceUserProfileForDelete struct {
+	value *IdentitySourceUserProfileForDelete
+	isSet bool
+}
+
+func (v NullableIdentitySourceUserProfileForDelete) Get() *IdentitySourceUserProfileForDelete {
+	return v.value
+}
+
+func (v *NullableIdentitySourceUserProfileForDelete) Set(val *IdentitySourceUserProfileForDelete) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentitySourceUserProfileForDelete) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentitySourceUserProfileForDelete) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentitySourceUserProfileForDelete(val *IdentitySourceUserProfileForDelete) *NullableIdentitySourceUserProfileForDelete {
+	return &NullableIdentitySourceUserProfileForDelete{value: val, isSet: true}
+}
+
+func (v NullableIdentitySourceUserProfileForDelete) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentitySourceUserProfileForDelete) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_identity_source_user_profile_for_upsert.go b/okta/model_identity_source_user_profile_for_upsert.go
new file mode 100644
index 000000000..6df915e93
--- /dev/null
+++ b/okta/model_identity_source_user_profile_for_upsert.go
@@ -0,0 +1,424 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdentitySourceUserProfileForUpsert struct for IdentitySourceUserProfileForUpsert
+type IdentitySourceUserProfileForUpsert struct {
+	Email                *string        `json:"email,omitempty"`
+	FirstName            NullableString `json:"firstName,omitempty"`
+	HomeAddress          NullableString `json:"homeAddress,omitempty"`
+	LastName             NullableString `json:"lastName,omitempty"`
+	MobilePhone          NullableString `json:"mobilePhone,omitempty"`
+	SecondEmail          *string        `json:"secondEmail,omitempty"`
+	UserName             *string        `json:"userName,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdentitySourceUserProfileForUpsert IdentitySourceUserProfileForUpsert
+
+// NewIdentitySourceUserProfileForUpsert instantiates a new IdentitySourceUserProfileForUpsert object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdentitySourceUserProfileForUpsert() *IdentitySourceUserProfileForUpsert {
+	this := IdentitySourceUserProfileForUpsert{}
+	return &this
+}
+
+// NewIdentitySourceUserProfileForUpsertWithDefaults instantiates a new IdentitySourceUserProfileForUpsert object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdentitySourceUserProfileForUpsertWithDefaults() *IdentitySourceUserProfileForUpsert {
+	this := IdentitySourceUserProfileForUpsert{}
+	return &this
+}
+
+// GetEmail returns the Email field value if set, zero value otherwise.
+func (o *IdentitySourceUserProfileForUpsert) GetEmail() string {
+	if o == nil || o.Email == nil {
+		var ret string
+		return ret
+	}
+	return *o.Email
+}
+
+// GetEmailOk returns a tuple with the Email field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceUserProfileForUpsert) GetEmailOk() (*string, bool) {
+	if o == nil || o.Email == nil {
+		return nil, false
+	}
+	return o.Email, true
+}
+
+// HasEmail returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForUpsert) HasEmail() bool {
+	if o != nil && o.Email != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmail gets a reference to the given string and assigns it to the Email field.
+func (o *IdentitySourceUserProfileForUpsert) SetEmail(v string) {
+	o.Email = &v
+}
+
+// GetFirstName returns the FirstName field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *IdentitySourceUserProfileForUpsert) GetFirstName() string {
+	if o == nil || o.FirstName.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.FirstName.Get()
+}
+
+// GetFirstNameOk returns a tuple with the FirstName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *IdentitySourceUserProfileForUpsert) GetFirstNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.FirstName.Get(), o.FirstName.IsSet()
+}
+
+// HasFirstName returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForUpsert) HasFirstName() bool {
+	if o != nil && o.FirstName.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetFirstName gets a reference to the given NullableString and assigns it to the FirstName field.
+func (o *IdentitySourceUserProfileForUpsert) SetFirstName(v string) {
+	o.FirstName.Set(&v)
+}
+
+// SetFirstNameNil sets the value for FirstName to be an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) SetFirstNameNil() {
+	o.FirstName.Set(nil)
+}
+
+// UnsetFirstName ensures that no value is present for FirstName, not even an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) UnsetFirstName() {
+	o.FirstName.Unset()
+}
+
+// GetHomeAddress returns the HomeAddress field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *IdentitySourceUserProfileForUpsert) GetHomeAddress() string {
+	if o == nil || o.HomeAddress.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.HomeAddress.Get()
+}
+
+// GetHomeAddressOk returns a tuple with the HomeAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *IdentitySourceUserProfileForUpsert) GetHomeAddressOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.HomeAddress.Get(), o.HomeAddress.IsSet()
+}
+
+// HasHomeAddress returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForUpsert) HasHomeAddress() bool {
+	if o != nil && o.HomeAddress.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetHomeAddress gets a reference to the given NullableString and assigns it to the HomeAddress field.
+func (o *IdentitySourceUserProfileForUpsert) SetHomeAddress(v string) {
+	o.HomeAddress.Set(&v)
+}
+
+// SetHomeAddressNil sets the value for HomeAddress to be an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) SetHomeAddressNil() {
+	o.HomeAddress.Set(nil)
+}
+
+// UnsetHomeAddress ensures that no value is present for HomeAddress, not even an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) UnsetHomeAddress() {
+	o.HomeAddress.Unset()
+}
+
+// GetLastName returns the LastName field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *IdentitySourceUserProfileForUpsert) GetLastName() string {
+	if o == nil || o.LastName.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastName.Get()
+}
+
+// GetLastNameOk returns a tuple with the LastName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *IdentitySourceUserProfileForUpsert) GetLastNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.LastName.Get(), o.LastName.IsSet()
+}
+
+// HasLastName returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForUpsert) HasLastName() bool {
+	if o != nil && o.LastName.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetLastName gets a reference to the given NullableString and assigns it to the LastName field.
+func (o *IdentitySourceUserProfileForUpsert) SetLastName(v string) {
+	o.LastName.Set(&v)
+}
+
+// SetLastNameNil sets the value for LastName to be an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) SetLastNameNil() {
+	o.LastName.Set(nil)
+}
+
+// UnsetLastName ensures that no value is present for LastName, not even an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) UnsetLastName() {
+	o.LastName.Unset()
+}
+
+// GetMobilePhone returns the MobilePhone field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *IdentitySourceUserProfileForUpsert) GetMobilePhone() string {
+	if o == nil || o.MobilePhone.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.MobilePhone.Get()
+}
+
+// GetMobilePhoneOk returns a tuple with the MobilePhone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *IdentitySourceUserProfileForUpsert) GetMobilePhoneOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.MobilePhone.Get(), o.MobilePhone.IsSet()
+}
+
+// HasMobilePhone returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForUpsert) HasMobilePhone() bool {
+	if o != nil && o.MobilePhone.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetMobilePhone gets a reference to the given NullableString and assigns it to the MobilePhone field.
+func (o *IdentitySourceUserProfileForUpsert) SetMobilePhone(v string) {
+	o.MobilePhone.Set(&v)
+}
+
+// SetMobilePhoneNil sets the value for MobilePhone to be an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) SetMobilePhoneNil() {
+	o.MobilePhone.Set(nil)
+}
+
+// UnsetMobilePhone ensures that no value is present for MobilePhone, not even an explicit nil
+func (o *IdentitySourceUserProfileForUpsert) UnsetMobilePhone() {
+	o.MobilePhone.Unset()
+}
+
+// GetSecondEmail returns the SecondEmail field value if set, zero value otherwise.
+func (o *IdentitySourceUserProfileForUpsert) GetSecondEmail() string {
+	if o == nil || o.SecondEmail == nil {
+		var ret string
+		return ret
+	}
+	return *o.SecondEmail
+}
+
+// GetSecondEmailOk returns a tuple with the SecondEmail field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceUserProfileForUpsert) GetSecondEmailOk() (*string, bool) {
+	if o == nil || o.SecondEmail == nil {
+		return nil, false
+	}
+	return o.SecondEmail, true
+}
+
+// HasSecondEmail returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForUpsert) HasSecondEmail() bool {
+	if o != nil && o.SecondEmail != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecondEmail gets a reference to the given string and assigns it to the SecondEmail field.
+func (o *IdentitySourceUserProfileForUpsert) SetSecondEmail(v string) {
+	o.SecondEmail = &v
+}
+
+// GetUserName returns the UserName field value if set, zero value otherwise.
+func (o *IdentitySourceUserProfileForUpsert) GetUserName() string {
+	if o == nil || o.UserName == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdentitySourceUserProfileForUpsert) GetUserNameOk() (*string, bool) {
+	if o == nil || o.UserName == nil {
+		return nil, false
+	}
+	return o.UserName, true
+}
+
+// HasUserName returns a boolean if a field has been set.
+func (o *IdentitySourceUserProfileForUpsert) HasUserName() bool {
+	if o != nil && o.UserName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserName gets a reference to the given string and assigns it to the UserName field.
+func (o *IdentitySourceUserProfileForUpsert) SetUserName(v string) {
+	o.UserName = &v
+}
+
+func (o IdentitySourceUserProfileForUpsert) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Email != nil {
+		toSerialize["email"] = o.Email
+	}
+	if o.FirstName.IsSet() {
+		toSerialize["firstName"] = o.FirstName.Get()
+	}
+	if o.HomeAddress.IsSet() {
+		toSerialize["homeAddress"] = o.HomeAddress.Get()
+	}
+	if o.LastName.IsSet() {
+		toSerialize["lastName"] = o.LastName.Get()
+	}
+	if o.MobilePhone.IsSet() {
+		toSerialize["mobilePhone"] = o.MobilePhone.Get()
+	}
+	if o.SecondEmail != nil {
+		toSerialize["secondEmail"] = o.SecondEmail
+	}
+	if o.UserName != nil {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdentitySourceUserProfileForUpsert) UnmarshalJSON(bytes []byte) (err error) {
+	varIdentitySourceUserProfileForUpsert := _IdentitySourceUserProfileForUpsert{}
+
+	err = json.Unmarshal(bytes, &varIdentitySourceUserProfileForUpsert)
+	if err == nil {
+		*o = IdentitySourceUserProfileForUpsert(varIdentitySourceUserProfileForUpsert)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "email")
+		delete(additionalProperties, "firstName")
+		delete(additionalProperties, "homeAddress")
+		delete(additionalProperties, "lastName")
+		delete(additionalProperties, "mobilePhone")
+		delete(additionalProperties, "secondEmail")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdentitySourceUserProfileForUpsert struct {
+	value *IdentitySourceUserProfileForUpsert
+	isSet bool
+}
+
+func (v NullableIdentitySourceUserProfileForUpsert) Get() *IdentitySourceUserProfileForUpsert {
+	return v.value
+}
+
+func (v *NullableIdentitySourceUserProfileForUpsert) Set(val *IdentitySourceUserProfileForUpsert) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdentitySourceUserProfileForUpsert) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdentitySourceUserProfileForUpsert) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdentitySourceUserProfileForUpsert(val *IdentitySourceUserProfileForUpsert) *NullableIdentitySourceUserProfileForUpsert {
+	return &NullableIdentitySourceUserProfileForUpsert{value: val, isSet: true}
+}
+
+func (v NullableIdentitySourceUserProfileForUpsert) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdentitySourceUserProfileForUpsert) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_idp_policy_rule_action.go b/okta/model_idp_policy_rule_action.go
new file mode 100644
index 000000000..6b5037ed1
--- /dev/null
+++ b/okta/model_idp_policy_rule_action.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdpPolicyRuleAction struct for IdpPolicyRuleAction
+type IdpPolicyRuleAction struct {
+	Providers            []IdpPolicyRuleActionProvider `json:"providers,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdpPolicyRuleAction IdpPolicyRuleAction
+
+// NewIdpPolicyRuleAction instantiates a new IdpPolicyRuleAction object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdpPolicyRuleAction() *IdpPolicyRuleAction {
+	this := IdpPolicyRuleAction{}
+	return &this
+}
+
+// NewIdpPolicyRuleActionWithDefaults instantiates a new IdpPolicyRuleAction object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdpPolicyRuleActionWithDefaults() *IdpPolicyRuleAction {
+	this := IdpPolicyRuleAction{}
+	return &this
+}
+
+// GetProviders returns the Providers field value if set, zero value otherwise.
+func (o *IdpPolicyRuleAction) GetProviders() []IdpPolicyRuleActionProvider {
+	if o == nil || o.Providers == nil {
+		var ret []IdpPolicyRuleActionProvider
+		return ret
+	}
+	return o.Providers
+}
+
+// GetProvidersOk returns a tuple with the Providers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdpPolicyRuleAction) GetProvidersOk() ([]IdpPolicyRuleActionProvider, bool) {
+	if o == nil || o.Providers == nil {
+		return nil, false
+	}
+	return o.Providers, true
+}
+
+// HasProviders returns a boolean if a field has been set.
+func (o *IdpPolicyRuleAction) HasProviders() bool {
+	if o != nil && o.Providers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProviders gets a reference to the given []IdpPolicyRuleActionProvider and assigns it to the Providers field.
+func (o *IdpPolicyRuleAction) SetProviders(v []IdpPolicyRuleActionProvider) {
+	o.Providers = v
+}
+
+func (o IdpPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Providers != nil {
+		toSerialize["providers"] = o.Providers
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdpPolicyRuleAction) UnmarshalJSON(bytes []byte) (err error) {
+	varIdpPolicyRuleAction := _IdpPolicyRuleAction{}
+
+	err = json.Unmarshal(bytes, &varIdpPolicyRuleAction)
+	if err == nil {
+		*o = IdpPolicyRuleAction(varIdpPolicyRuleAction)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "providers")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdpPolicyRuleAction struct {
+	value *IdpPolicyRuleAction
+	isSet bool
+}
+
+func (v NullableIdpPolicyRuleAction) Get() *IdpPolicyRuleAction {
+	return v.value
+}
+
+func (v *NullableIdpPolicyRuleAction) Set(val *IdpPolicyRuleAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdpPolicyRuleAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdpPolicyRuleAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdpPolicyRuleAction(val *IdpPolicyRuleAction) *NullableIdpPolicyRuleAction {
+	return &NullableIdpPolicyRuleAction{value: val, isSet: true}
+}
+
+func (v NullableIdpPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdpPolicyRuleAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_idp_policy_rule_action_provider.go b/okta/model_idp_policy_rule_action_provider.go
new file mode 100644
index 000000000..cbb207b40
--- /dev/null
+++ b/okta/model_idp_policy_rule_action_provider.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// IdpPolicyRuleActionProvider struct for IdpPolicyRuleActionProvider
+type IdpPolicyRuleActionProvider struct {
+	Id                   *string `json:"id,omitempty"`
+	Type                 *string `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _IdpPolicyRuleActionProvider IdpPolicyRuleActionProvider
+
+// NewIdpPolicyRuleActionProvider instantiates a new IdpPolicyRuleActionProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewIdpPolicyRuleActionProvider() *IdpPolicyRuleActionProvider {
+	this := IdpPolicyRuleActionProvider{}
+	return &this
+}
+
+// NewIdpPolicyRuleActionProviderWithDefaults instantiates a new IdpPolicyRuleActionProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewIdpPolicyRuleActionProviderWithDefaults() *IdpPolicyRuleActionProvider {
+	this := IdpPolicyRuleActionProvider{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *IdpPolicyRuleActionProvider) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdpPolicyRuleActionProvider) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *IdpPolicyRuleActionProvider) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *IdpPolicyRuleActionProvider) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *IdpPolicyRuleActionProvider) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *IdpPolicyRuleActionProvider) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *IdpPolicyRuleActionProvider) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *IdpPolicyRuleActionProvider) SetType(v string) {
+	o.Type = &v
+}
+
+func (o IdpPolicyRuleActionProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *IdpPolicyRuleActionProvider) UnmarshalJSON(bytes []byte) (err error) {
+	varIdpPolicyRuleActionProvider := _IdpPolicyRuleActionProvider{}
+
+	err = json.Unmarshal(bytes, &varIdpPolicyRuleActionProvider)
+	if err == nil {
+		*o = IdpPolicyRuleActionProvider(varIdpPolicyRuleActionProvider)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableIdpPolicyRuleActionProvider struct {
+	value *IdpPolicyRuleActionProvider
+	isSet bool
+}
+
+func (v NullableIdpPolicyRuleActionProvider) Get() *IdpPolicyRuleActionProvider {
+	return v.value
+}
+
+func (v *NullableIdpPolicyRuleActionProvider) Set(val *IdpPolicyRuleActionProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIdpPolicyRuleActionProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIdpPolicyRuleActionProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIdpPolicyRuleActionProvider(val *IdpPolicyRuleActionProvider) *NullableIdpPolicyRuleActionProvider {
+	return &NullableIdpPolicyRuleActionProvider{value: val, isSet: true}
+}
+
+func (v NullableIdpPolicyRuleActionProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIdpPolicyRuleActionProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_iframe_embed_scope_allowed_apps.go b/okta/model_iframe_embed_scope_allowed_apps.go
new file mode 100644
index 000000000..a8c8bb48f
--- /dev/null
+++ b/okta/model_iframe_embed_scope_allowed_apps.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// IframeEmbedScopeAllowedApps the model 'IframeEmbedScopeAllowedApps'
+type IframeEmbedScopeAllowedApps string
+
+// List of IframeEmbedScopeAllowedApps
+const (
+	IFRAMEEMBEDSCOPEALLOWEDAPPS_OKTA_ENDUSER IframeEmbedScopeAllowedApps = "OKTA_ENDUSER"
+)
+
+// All allowed values of IframeEmbedScopeAllowedApps enum
+var AllowedIframeEmbedScopeAllowedAppsEnumValues = []IframeEmbedScopeAllowedApps{
+	"OKTA_ENDUSER",
+}
+
+func (v *IframeEmbedScopeAllowedApps) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := IframeEmbedScopeAllowedApps(value)
+	for _, existing := range AllowedIframeEmbedScopeAllowedAppsEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid IframeEmbedScopeAllowedApps", value)
+}
+
+// NewIframeEmbedScopeAllowedAppsFromValue returns a pointer to a valid IframeEmbedScopeAllowedApps
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewIframeEmbedScopeAllowedAppsFromValue(v string) (*IframeEmbedScopeAllowedApps, error) {
+	ev := IframeEmbedScopeAllowedApps(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for IframeEmbedScopeAllowedApps: valid values are %v", v, AllowedIframeEmbedScopeAllowedAppsEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v IframeEmbedScopeAllowedApps) IsValid() bool {
+	for _, existing := range AllowedIframeEmbedScopeAllowedAppsEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to IframeEmbedScopeAllowedApps value
+func (v IframeEmbedScopeAllowedApps) Ptr() *IframeEmbedScopeAllowedApps {
+	return &v
+}
+
+type NullableIframeEmbedScopeAllowedApps struct {
+	value *IframeEmbedScopeAllowedApps
+	isSet bool
+}
+
+func (v NullableIframeEmbedScopeAllowedApps) Get() *IframeEmbedScopeAllowedApps {
+	return v.value
+}
+
+func (v *NullableIframeEmbedScopeAllowedApps) Set(val *IframeEmbedScopeAllowedApps) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIframeEmbedScopeAllowedApps) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIframeEmbedScopeAllowedApps) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIframeEmbedScopeAllowedApps(val *IframeEmbedScopeAllowedApps) *NullableIframeEmbedScopeAllowedApps {
+	return &NullableIframeEmbedScopeAllowedApps{value: val, isSet: true}
+}
+
+func (v NullableIframeEmbedScopeAllowedApps) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIframeEmbedScopeAllowedApps) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_image_upload_response.go b/okta/model_image_upload_response.go
new file mode 100644
index 000000000..08e339699
--- /dev/null
+++ b/okta/model_image_upload_response.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ImageUploadResponse struct for ImageUploadResponse
+type ImageUploadResponse struct {
+	Url                  *string `json:"url,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ImageUploadResponse ImageUploadResponse
+
+// NewImageUploadResponse instantiates a new ImageUploadResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewImageUploadResponse() *ImageUploadResponse {
+	this := ImageUploadResponse{}
+	return &this
+}
+
+// NewImageUploadResponseWithDefaults instantiates a new ImageUploadResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewImageUploadResponseWithDefaults() *ImageUploadResponse {
+	this := ImageUploadResponse{}
+	return &this
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *ImageUploadResponse) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ImageUploadResponse) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *ImageUploadResponse) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *ImageUploadResponse) SetUrl(v string) {
+	o.Url = &v
+}
+
+func (o ImageUploadResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ImageUploadResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varImageUploadResponse := _ImageUploadResponse{}
+
+	err = json.Unmarshal(bytes, &varImageUploadResponse)
+	if err == nil {
+		*o = ImageUploadResponse(varImageUploadResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "url")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableImageUploadResponse struct {
+	value *ImageUploadResponse
+	isSet bool
+}
+
+func (v NullableImageUploadResponse) Get() *ImageUploadResponse {
+	return v.value
+}
+
+func (v *NullableImageUploadResponse) Set(val *ImageUploadResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableImageUploadResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableImageUploadResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableImageUploadResponse(val *ImageUploadResponse) *NullableImageUploadResponse {
+	return &NullableImageUploadResponse{value: val, isSet: true}
+}
+
+func (v NullableImageUploadResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableImageUploadResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inactivity_policy_rule_condition.go b/okta/model_inactivity_policy_rule_condition.go
new file mode 100644
index 000000000..2934b2d99
--- /dev/null
+++ b/okta/model_inactivity_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InactivityPolicyRuleCondition struct for InactivityPolicyRuleCondition
+type InactivityPolicyRuleCondition struct {
+	Number               *int32  `json:"number,omitempty"`
+	Unit                 *string `json:"unit,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InactivityPolicyRuleCondition InactivityPolicyRuleCondition
+
+// NewInactivityPolicyRuleCondition instantiates a new InactivityPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInactivityPolicyRuleCondition() *InactivityPolicyRuleCondition {
+	this := InactivityPolicyRuleCondition{}
+	return &this
+}
+
+// NewInactivityPolicyRuleConditionWithDefaults instantiates a new InactivityPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInactivityPolicyRuleConditionWithDefaults() *InactivityPolicyRuleCondition {
+	this := InactivityPolicyRuleCondition{}
+	return &this
+}
+
+// GetNumber returns the Number field value if set, zero value otherwise.
+func (o *InactivityPolicyRuleCondition) GetNumber() int32 {
+	if o == nil || o.Number == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Number
+}
+
+// GetNumberOk returns a tuple with the Number field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InactivityPolicyRuleCondition) GetNumberOk() (*int32, bool) {
+	if o == nil || o.Number == nil {
+		return nil, false
+	}
+	return o.Number, true
+}
+
+// HasNumber returns a boolean if a field has been set.
+func (o *InactivityPolicyRuleCondition) HasNumber() bool {
+	if o != nil && o.Number != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNumber gets a reference to the given int32 and assigns it to the Number field.
+func (o *InactivityPolicyRuleCondition) SetNumber(v int32) {
+	o.Number = &v
+}
+
+// GetUnit returns the Unit field value if set, zero value otherwise.
+func (o *InactivityPolicyRuleCondition) GetUnit() string {
+	if o == nil || o.Unit == nil {
+		var ret string
+		return ret
+	}
+	return *o.Unit
+}
+
+// GetUnitOk returns a tuple with the Unit field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InactivityPolicyRuleCondition) GetUnitOk() (*string, bool) {
+	if o == nil || o.Unit == nil {
+		return nil, false
+	}
+	return o.Unit, true
+}
+
+// HasUnit returns a boolean if a field has been set.
+func (o *InactivityPolicyRuleCondition) HasUnit() bool {
+	if o != nil && o.Unit != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnit gets a reference to the given string and assigns it to the Unit field.
+func (o *InactivityPolicyRuleCondition) SetUnit(v string) {
+	o.Unit = &v
+}
+
+func (o InactivityPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Number != nil {
+		toSerialize["number"] = o.Number
+	}
+	if o.Unit != nil {
+		toSerialize["unit"] = o.Unit
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InactivityPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varInactivityPolicyRuleCondition := _InactivityPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varInactivityPolicyRuleCondition)
+	if err == nil {
+		*o = InactivityPolicyRuleCondition(varInactivityPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "number")
+		delete(additionalProperties, "unit")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInactivityPolicyRuleCondition struct {
+	value *InactivityPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableInactivityPolicyRuleCondition) Get() *InactivityPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableInactivityPolicyRuleCondition) Set(val *InactivityPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInactivityPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInactivityPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInactivityPolicyRuleCondition(val *InactivityPolicyRuleCondition) *NullableInactivityPolicyRuleCondition {
+	return &NullableInactivityPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableInactivityPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInactivityPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook.go b/okta/model_inline_hook.go
new file mode 100644
index 000000000..488f9d4d6
--- /dev/null
+++ b/okta/model_inline_hook.go
@@ -0,0 +1,455 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// InlineHook struct for InlineHook
+type InlineHook struct {
+	Channel              *InlineHookChannel                `json:"channel,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Status               *InlineHookStatus                 `json:"status,omitempty"`
+	Type                 *InlineHookType                   `json:"type,omitempty"`
+	Version              *string                           `json:"version,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHook InlineHook
+
+// NewInlineHook instantiates a new InlineHook object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHook() *InlineHook {
+	this := InlineHook{}
+	return &this
+}
+
+// NewInlineHookWithDefaults instantiates a new InlineHook object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookWithDefaults() *InlineHook {
+	this := InlineHook{}
+	return &this
+}
+
+// GetChannel returns the Channel field value if set, zero value otherwise.
+func (o *InlineHook) GetChannel() InlineHookChannel {
+	if o == nil || o.Channel == nil {
+		var ret InlineHookChannel
+		return ret
+	}
+	return *o.Channel
+}
+
+// GetChannelOk returns a tuple with the Channel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetChannelOk() (*InlineHookChannel, bool) {
+	if o == nil || o.Channel == nil {
+		return nil, false
+	}
+	return o.Channel, true
+}
+
+// HasChannel returns a boolean if a field has been set.
+func (o *InlineHook) HasChannel() bool {
+	if o != nil && o.Channel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChannel gets a reference to the given InlineHookChannel and assigns it to the Channel field.
+func (o *InlineHook) SetChannel(v InlineHookChannel) {
+	o.Channel = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *InlineHook) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *InlineHook) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *InlineHook) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *InlineHook) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *InlineHook) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *InlineHook) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *InlineHook) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *InlineHook) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *InlineHook) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *InlineHook) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *InlineHook) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *InlineHook) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *InlineHook) GetStatus() InlineHookStatus {
+	if o == nil || o.Status == nil {
+		var ret InlineHookStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetStatusOk() (*InlineHookStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *InlineHook) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given InlineHookStatus and assigns it to the Status field.
+func (o *InlineHook) SetStatus(v InlineHookStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *InlineHook) GetType() InlineHookType {
+	if o == nil || o.Type == nil {
+		var ret InlineHookType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetTypeOk() (*InlineHookType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *InlineHook) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given InlineHookType and assigns it to the Type field.
+func (o *InlineHook) SetType(v InlineHookType) {
+	o.Type = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *InlineHook) GetVersion() string {
+	if o == nil || o.Version == nil {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetVersionOk() (*string, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *InlineHook) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *InlineHook) SetVersion(v string) {
+	o.Version = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *InlineHook) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHook) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *InlineHook) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *InlineHook) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o InlineHook) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Channel != nil {
+		toSerialize["channel"] = o.Channel
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHook) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHook := _InlineHook{}
+
+	err = json.Unmarshal(bytes, &varInlineHook)
+	if err == nil {
+		*o = InlineHook(varInlineHook)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "channel")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "version")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHook struct {
+	value *InlineHook
+	isSet bool
+}
+
+func (v NullableInlineHook) Get() *InlineHook {
+	return v.value
+}
+
+func (v *NullableInlineHook) Set(val *InlineHook) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHook) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHook) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHook(val *InlineHook) *NullableInlineHook {
+	return &NullableInlineHook{value: val, isSet: true}
+}
+
+func (v NullableInlineHook) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHook) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel.go b/okta/model_inline_hook_channel.go
new file mode 100644
index 000000000..198dd27be
--- /dev/null
+++ b/okta/model_inline_hook_channel.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookChannel struct for InlineHookChannel
+type InlineHookChannel struct {
+	Type                 *InlineHookChannelType `json:"type,omitempty"`
+	Version              *string                `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannel InlineHookChannel
+
+// NewInlineHookChannel instantiates a new InlineHookChannel object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannel() *InlineHookChannel {
+	this := InlineHookChannel{}
+	return &this
+}
+
+// NewInlineHookChannelWithDefaults instantiates a new InlineHookChannel object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelWithDefaults() *InlineHookChannel {
+	this := InlineHookChannel{}
+	return &this
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *InlineHookChannel) GetType() InlineHookChannelType {
+	if o == nil || o.Type == nil {
+		var ret InlineHookChannelType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannel) GetTypeOk() (*InlineHookChannelType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *InlineHookChannel) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given InlineHookChannelType and assigns it to the Type field.
+func (o *InlineHookChannel) SetType(v InlineHookChannelType) {
+	o.Type = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *InlineHookChannel) GetVersion() string {
+	if o == nil || o.Version == nil {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannel) GetVersionOk() (*string, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *InlineHookChannel) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *InlineHookChannel) SetVersion(v string) {
+	o.Version = &v
+}
+
+func (o InlineHookChannel) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannel) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookChannel := _InlineHookChannel{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannel)
+	if err == nil {
+		*o = InlineHookChannel(varInlineHookChannel)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannel struct {
+	value *InlineHookChannel
+	isSet bool
+}
+
+func (v NullableInlineHookChannel) Get() *InlineHookChannel {
+	return v.value
+}
+
+func (v *NullableInlineHookChannel) Set(val *InlineHookChannel) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannel) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannel) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannel(val *InlineHookChannel) *NullableInlineHookChannel {
+	return &NullableInlineHookChannel{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannel) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_config.go b/okta/model_inline_hook_channel_config.go
new file mode 100644
index 000000000..a119b63cb
--- /dev/null
+++ b/okta/model_inline_hook_channel_config.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookChannelConfig struct for InlineHookChannelConfig
+type InlineHookChannelConfig struct {
+	AuthScheme           *InlineHookChannelConfigAuthScheme `json:"authScheme,omitempty"`
+	Headers              []InlineHookChannelConfigHeaders   `json:"headers,omitempty"`
+	Method               *string                            `json:"method,omitempty"`
+	Uri                  *string                            `json:"uri,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannelConfig InlineHookChannelConfig
+
+// NewInlineHookChannelConfig instantiates a new InlineHookChannelConfig object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannelConfig() *InlineHookChannelConfig {
+	this := InlineHookChannelConfig{}
+	return &this
+}
+
+// NewInlineHookChannelConfigWithDefaults instantiates a new InlineHookChannelConfig object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelConfigWithDefaults() *InlineHookChannelConfig {
+	this := InlineHookChannelConfig{}
+	return &this
+}
+
+// GetAuthScheme returns the AuthScheme field value if set, zero value otherwise.
+func (o *InlineHookChannelConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme {
+	if o == nil || o.AuthScheme == nil {
+		var ret InlineHookChannelConfigAuthScheme
+		return ret
+	}
+	return *o.AuthScheme
+}
+
+// GetAuthSchemeOk returns a tuple with the AuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool) {
+	if o == nil || o.AuthScheme == nil {
+		return nil, false
+	}
+	return o.AuthScheme, true
+}
+
+// HasAuthScheme returns a boolean if a field has been set.
+func (o *InlineHookChannelConfig) HasAuthScheme() bool {
+	if o != nil && o.AuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthScheme gets a reference to the given InlineHookChannelConfigAuthScheme and assigns it to the AuthScheme field.
+func (o *InlineHookChannelConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme) {
+	o.AuthScheme = &v
+}
+
+// GetHeaders returns the Headers field value if set, zero value otherwise.
+func (o *InlineHookChannelConfig) GetHeaders() []InlineHookChannelConfigHeaders {
+	if o == nil || o.Headers == nil {
+		var ret []InlineHookChannelConfigHeaders
+		return ret
+	}
+	return o.Headers
+}
+
+// GetHeadersOk returns a tuple with the Headers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfig) GetHeadersOk() ([]InlineHookChannelConfigHeaders, bool) {
+	if o == nil || o.Headers == nil {
+		return nil, false
+	}
+	return o.Headers, true
+}
+
+// HasHeaders returns a boolean if a field has been set.
+func (o *InlineHookChannelConfig) HasHeaders() bool {
+	if o != nil && o.Headers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHeaders gets a reference to the given []InlineHookChannelConfigHeaders and assigns it to the Headers field.
+func (o *InlineHookChannelConfig) SetHeaders(v []InlineHookChannelConfigHeaders) {
+	o.Headers = v
+}
+
+// GetMethod returns the Method field value if set, zero value otherwise.
+func (o *InlineHookChannelConfig) GetMethod() string {
+	if o == nil || o.Method == nil {
+		var ret string
+		return ret
+	}
+	return *o.Method
+}
+
+// GetMethodOk returns a tuple with the Method field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfig) GetMethodOk() (*string, bool) {
+	if o == nil || o.Method == nil {
+		return nil, false
+	}
+	return o.Method, true
+}
+
+// HasMethod returns a boolean if a field has been set.
+func (o *InlineHookChannelConfig) HasMethod() bool {
+	if o != nil && o.Method != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMethod gets a reference to the given string and assigns it to the Method field.
+func (o *InlineHookChannelConfig) SetMethod(v string) {
+	o.Method = &v
+}
+
+// GetUri returns the Uri field value if set, zero value otherwise.
+func (o *InlineHookChannelConfig) GetUri() string {
+	if o == nil || o.Uri == nil {
+		var ret string
+		return ret
+	}
+	return *o.Uri
+}
+
+// GetUriOk returns a tuple with the Uri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfig) GetUriOk() (*string, bool) {
+	if o == nil || o.Uri == nil {
+		return nil, false
+	}
+	return o.Uri, true
+}
+
+// HasUri returns a boolean if a field has been set.
+func (o *InlineHookChannelConfig) HasUri() bool {
+	if o != nil && o.Uri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUri gets a reference to the given string and assigns it to the Uri field.
+func (o *InlineHookChannelConfig) SetUri(v string) {
+	o.Uri = &v
+}
+
+func (o InlineHookChannelConfig) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthScheme != nil {
+		toSerialize["authScheme"] = o.AuthScheme
+	}
+	if o.Headers != nil {
+		toSerialize["headers"] = o.Headers
+	}
+	if o.Method != nil {
+		toSerialize["method"] = o.Method
+	}
+	if o.Uri != nil {
+		toSerialize["uri"] = o.Uri
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannelConfig) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookChannelConfig := _InlineHookChannelConfig{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelConfig)
+	if err == nil {
+		*o = InlineHookChannelConfig(varInlineHookChannelConfig)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authScheme")
+		delete(additionalProperties, "headers")
+		delete(additionalProperties, "method")
+		delete(additionalProperties, "uri")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannelConfig struct {
+	value *InlineHookChannelConfig
+	isSet bool
+}
+
+func (v NullableInlineHookChannelConfig) Get() *InlineHookChannelConfig {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelConfig) Set(val *InlineHookChannelConfig) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelConfig) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelConfig) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelConfig(val *InlineHookChannelConfig) *NullableInlineHookChannelConfig {
+	return &NullableInlineHookChannelConfig{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelConfig) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_config_auth_scheme.go b/okta/model_inline_hook_channel_config_auth_scheme.go
new file mode 100644
index 000000000..3a7af2a83
--- /dev/null
+++ b/okta/model_inline_hook_channel_config_auth_scheme.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookChannelConfigAuthScheme struct for InlineHookChannelConfigAuthScheme
+type InlineHookChannelConfigAuthScheme struct {
+	Key                  *string `json:"key,omitempty"`
+	Type                 *string `json:"type,omitempty"`
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannelConfigAuthScheme InlineHookChannelConfigAuthScheme
+
+// NewInlineHookChannelConfigAuthScheme instantiates a new InlineHookChannelConfigAuthScheme object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannelConfigAuthScheme() *InlineHookChannelConfigAuthScheme {
+	this := InlineHookChannelConfigAuthScheme{}
+	return &this
+}
+
+// NewInlineHookChannelConfigAuthSchemeWithDefaults instantiates a new InlineHookChannelConfigAuthScheme object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelConfigAuthSchemeWithDefaults() *InlineHookChannelConfigAuthScheme {
+	this := InlineHookChannelConfigAuthScheme{}
+	return &this
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *InlineHookChannelConfigAuthScheme) GetKey() string {
+	if o == nil || o.Key == nil {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfigAuthScheme) GetKeyOk() (*string, bool) {
+	if o == nil || o.Key == nil {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *InlineHookChannelConfigAuthScheme) HasKey() bool {
+	if o != nil && o.Key != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *InlineHookChannelConfigAuthScheme) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *InlineHookChannelConfigAuthScheme) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfigAuthScheme) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *InlineHookChannelConfigAuthScheme) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *InlineHookChannelConfigAuthScheme) SetType(v string) {
+	o.Type = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *InlineHookChannelConfigAuthScheme) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfigAuthScheme) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *InlineHookChannelConfigAuthScheme) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *InlineHookChannelConfigAuthScheme) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o InlineHookChannelConfigAuthScheme) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Key != nil {
+		toSerialize["key"] = o.Key
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannelConfigAuthScheme) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookChannelConfigAuthScheme := _InlineHookChannelConfigAuthScheme{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelConfigAuthScheme)
+	if err == nil {
+		*o = InlineHookChannelConfigAuthScheme(varInlineHookChannelConfigAuthScheme)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "key")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannelConfigAuthScheme struct {
+	value *InlineHookChannelConfigAuthScheme
+	isSet bool
+}
+
+func (v NullableInlineHookChannelConfigAuthScheme) Get() *InlineHookChannelConfigAuthScheme {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelConfigAuthScheme) Set(val *InlineHookChannelConfigAuthScheme) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelConfigAuthScheme) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelConfigAuthScheme) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelConfigAuthScheme(val *InlineHookChannelConfigAuthScheme) *NullableInlineHookChannelConfigAuthScheme {
+	return &NullableInlineHookChannelConfigAuthScheme{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelConfigAuthScheme) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelConfigAuthScheme) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_config_headers.go b/okta/model_inline_hook_channel_config_headers.go
new file mode 100644
index 000000000..a646be401
--- /dev/null
+++ b/okta/model_inline_hook_channel_config_headers.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookChannelConfigHeaders struct for InlineHookChannelConfigHeaders
+type InlineHookChannelConfigHeaders struct {
+	Key                  *string `json:"key,omitempty"`
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannelConfigHeaders InlineHookChannelConfigHeaders
+
+// NewInlineHookChannelConfigHeaders instantiates a new InlineHookChannelConfigHeaders object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannelConfigHeaders() *InlineHookChannelConfigHeaders {
+	this := InlineHookChannelConfigHeaders{}
+	return &this
+}
+
+// NewInlineHookChannelConfigHeadersWithDefaults instantiates a new InlineHookChannelConfigHeaders object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelConfigHeadersWithDefaults() *InlineHookChannelConfigHeaders {
+	this := InlineHookChannelConfigHeaders{}
+	return &this
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *InlineHookChannelConfigHeaders) GetKey() string {
+	if o == nil || o.Key == nil {
+		var ret string
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfigHeaders) GetKeyOk() (*string, bool) {
+	if o == nil || o.Key == nil {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *InlineHookChannelConfigHeaders) HasKey() bool {
+	if o != nil && o.Key != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given string and assigns it to the Key field.
+func (o *InlineHookChannelConfigHeaders) SetKey(v string) {
+	o.Key = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *InlineHookChannelConfigHeaders) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelConfigHeaders) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *InlineHookChannelConfigHeaders) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *InlineHookChannelConfigHeaders) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o InlineHookChannelConfigHeaders) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Key != nil {
+		toSerialize["key"] = o.Key
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannelConfigHeaders) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookChannelConfigHeaders := _InlineHookChannelConfigHeaders{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelConfigHeaders)
+	if err == nil {
+		*o = InlineHookChannelConfigHeaders(varInlineHookChannelConfigHeaders)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "key")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannelConfigHeaders struct {
+	value *InlineHookChannelConfigHeaders
+	isSet bool
+}
+
+func (v NullableInlineHookChannelConfigHeaders) Get() *InlineHookChannelConfigHeaders {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelConfigHeaders) Set(val *InlineHookChannelConfigHeaders) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelConfigHeaders) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelConfigHeaders) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelConfigHeaders(val *InlineHookChannelConfigHeaders) *NullableInlineHookChannelConfigHeaders {
+	return &NullableInlineHookChannelConfigHeaders{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelConfigHeaders) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelConfigHeaders) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_http.go b/okta/model_inline_hook_channel_http.go
new file mode 100644
index 000000000..62ee97284
--- /dev/null
+++ b/okta/model_inline_hook_channel_http.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// InlineHookChannelHttp struct for InlineHookChannelHttp
+type InlineHookChannelHttp struct {
+	InlineHookChannel
+	Config               *InlineHookChannelConfig `json:"config,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannelHttp InlineHookChannelHttp
+
+// NewInlineHookChannelHttp instantiates a new InlineHookChannelHttp object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannelHttp() *InlineHookChannelHttp {
+	this := InlineHookChannelHttp{}
+	return &this
+}
+
+// NewInlineHookChannelHttpWithDefaults instantiates a new InlineHookChannelHttp object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelHttpWithDefaults() *InlineHookChannelHttp {
+	this := InlineHookChannelHttp{}
+	return &this
+}
+
+// GetConfig returns the Config field value if set, zero value otherwise.
+func (o *InlineHookChannelHttp) GetConfig() InlineHookChannelConfig {
+	if o == nil || o.Config == nil {
+		var ret InlineHookChannelConfig
+		return ret
+	}
+	return *o.Config
+}
+
+// GetConfigOk returns a tuple with the Config field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelHttp) GetConfigOk() (*InlineHookChannelConfig, bool) {
+	if o == nil || o.Config == nil {
+		return nil, false
+	}
+	return o.Config, true
+}
+
+// HasConfig returns a boolean if a field has been set.
+func (o *InlineHookChannelHttp) HasConfig() bool {
+	if o != nil && o.Config != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfig gets a reference to the given InlineHookChannelConfig and assigns it to the Config field.
+func (o *InlineHookChannelHttp) SetConfig(v InlineHookChannelConfig) {
+	o.Config = &v
+}
+
+func (o InlineHookChannelHttp) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedInlineHookChannel, errInlineHookChannel := json.Marshal(o.InlineHookChannel)
+	if errInlineHookChannel != nil {
+		return []byte{}, errInlineHookChannel
+	}
+	errInlineHookChannel = json.Unmarshal([]byte(serializedInlineHookChannel), &toSerialize)
+	if errInlineHookChannel != nil {
+		return []byte{}, errInlineHookChannel
+	}
+	if o.Config != nil {
+		toSerialize["config"] = o.Config
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannelHttp) UnmarshalJSON(bytes []byte) (err error) {
+	type InlineHookChannelHttpWithoutEmbeddedStruct struct {
+		Config *InlineHookChannelConfig `json:"config,omitempty"`
+	}
+
+	varInlineHookChannelHttpWithoutEmbeddedStruct := InlineHookChannelHttpWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelHttpWithoutEmbeddedStruct)
+	if err == nil {
+		varInlineHookChannelHttp := _InlineHookChannelHttp{}
+		varInlineHookChannelHttp.Config = varInlineHookChannelHttpWithoutEmbeddedStruct.Config
+		*o = InlineHookChannelHttp(varInlineHookChannelHttp)
+	} else {
+		return err
+	}
+
+	varInlineHookChannelHttp := _InlineHookChannelHttp{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelHttp)
+	if err == nil {
+		o.InlineHookChannel = varInlineHookChannelHttp.InlineHookChannel
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "config")
+
+		// remove fields from embedded structs
+		reflectInlineHookChannel := reflect.ValueOf(o.InlineHookChannel)
+		for i := 0; i < reflectInlineHookChannel.Type().NumField(); i++ {
+			t := reflectInlineHookChannel.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannelHttp struct {
+	value *InlineHookChannelHttp
+	isSet bool
+}
+
+func (v NullableInlineHookChannelHttp) Get() *InlineHookChannelHttp {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelHttp) Set(val *InlineHookChannelHttp) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelHttp) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelHttp) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelHttp(val *InlineHookChannelHttp) *NullableInlineHookChannelHttp {
+	return &NullableInlineHookChannelHttp{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelHttp) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelHttp) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_http_all_of.go b/okta/model_inline_hook_channel_http_all_of.go
new file mode 100644
index 000000000..d2fa1654e
--- /dev/null
+++ b/okta/model_inline_hook_channel_http_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookChannelHttpAllOf struct for InlineHookChannelHttpAllOf
+type InlineHookChannelHttpAllOf struct {
+	Config               *InlineHookChannelConfig `json:"config,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannelHttpAllOf InlineHookChannelHttpAllOf
+
+// NewInlineHookChannelHttpAllOf instantiates a new InlineHookChannelHttpAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannelHttpAllOf() *InlineHookChannelHttpAllOf {
+	this := InlineHookChannelHttpAllOf{}
+	return &this
+}
+
+// NewInlineHookChannelHttpAllOfWithDefaults instantiates a new InlineHookChannelHttpAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelHttpAllOfWithDefaults() *InlineHookChannelHttpAllOf {
+	this := InlineHookChannelHttpAllOf{}
+	return &this
+}
+
+// GetConfig returns the Config field value if set, zero value otherwise.
+func (o *InlineHookChannelHttpAllOf) GetConfig() InlineHookChannelConfig {
+	if o == nil || o.Config == nil {
+		var ret InlineHookChannelConfig
+		return ret
+	}
+	return *o.Config
+}
+
+// GetConfigOk returns a tuple with the Config field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelHttpAllOf) GetConfigOk() (*InlineHookChannelConfig, bool) {
+	if o == nil || o.Config == nil {
+		return nil, false
+	}
+	return o.Config, true
+}
+
+// HasConfig returns a boolean if a field has been set.
+func (o *InlineHookChannelHttpAllOf) HasConfig() bool {
+	if o != nil && o.Config != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfig gets a reference to the given InlineHookChannelConfig and assigns it to the Config field.
+func (o *InlineHookChannelHttpAllOf) SetConfig(v InlineHookChannelConfig) {
+	o.Config = &v
+}
+
+func (o InlineHookChannelHttpAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Config != nil {
+		toSerialize["config"] = o.Config
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannelHttpAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookChannelHttpAllOf := _InlineHookChannelHttpAllOf{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelHttpAllOf)
+	if err == nil {
+		*o = InlineHookChannelHttpAllOf(varInlineHookChannelHttpAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "config")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannelHttpAllOf struct {
+	value *InlineHookChannelHttpAllOf
+	isSet bool
+}
+
+func (v NullableInlineHookChannelHttpAllOf) Get() *InlineHookChannelHttpAllOf {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelHttpAllOf) Set(val *InlineHookChannelHttpAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelHttpAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelHttpAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelHttpAllOf(val *InlineHookChannelHttpAllOf) *NullableInlineHookChannelHttpAllOf {
+	return &NullableInlineHookChannelHttpAllOf{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelHttpAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelHttpAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_o_auth.go b/okta/model_inline_hook_channel_o_auth.go
new file mode 100644
index 000000000..290d8bcd3
--- /dev/null
+++ b/okta/model_inline_hook_channel_o_auth.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// InlineHookChannelOAuth struct for InlineHookChannelOAuth
+type InlineHookChannelOAuth struct {
+	InlineHookChannel
+	Config               *InlineHookOAuthChannelConfig `json:"config,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannelOAuth InlineHookChannelOAuth
+
+// NewInlineHookChannelOAuth instantiates a new InlineHookChannelOAuth object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannelOAuth() *InlineHookChannelOAuth {
+	this := InlineHookChannelOAuth{}
+	return &this
+}
+
+// NewInlineHookChannelOAuthWithDefaults instantiates a new InlineHookChannelOAuth object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelOAuthWithDefaults() *InlineHookChannelOAuth {
+	this := InlineHookChannelOAuth{}
+	return &this
+}
+
+// GetConfig returns the Config field value if set, zero value otherwise.
+func (o *InlineHookChannelOAuth) GetConfig() InlineHookOAuthChannelConfig {
+	if o == nil || o.Config == nil {
+		var ret InlineHookOAuthChannelConfig
+		return ret
+	}
+	return *o.Config
+}
+
+// GetConfigOk returns a tuple with the Config field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelOAuth) GetConfigOk() (*InlineHookOAuthChannelConfig, bool) {
+	if o == nil || o.Config == nil {
+		return nil, false
+	}
+	return o.Config, true
+}
+
+// HasConfig returns a boolean if a field has been set.
+func (o *InlineHookChannelOAuth) HasConfig() bool {
+	if o != nil && o.Config != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfig gets a reference to the given InlineHookOAuthChannelConfig and assigns it to the Config field.
+func (o *InlineHookChannelOAuth) SetConfig(v InlineHookOAuthChannelConfig) {
+	o.Config = &v
+}
+
+func (o InlineHookChannelOAuth) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedInlineHookChannel, errInlineHookChannel := json.Marshal(o.InlineHookChannel)
+	if errInlineHookChannel != nil {
+		return []byte{}, errInlineHookChannel
+	}
+	errInlineHookChannel = json.Unmarshal([]byte(serializedInlineHookChannel), &toSerialize)
+	if errInlineHookChannel != nil {
+		return []byte{}, errInlineHookChannel
+	}
+	if o.Config != nil {
+		toSerialize["config"] = o.Config
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannelOAuth) UnmarshalJSON(bytes []byte) (err error) {
+	type InlineHookChannelOAuthWithoutEmbeddedStruct struct {
+		Config *InlineHookOAuthChannelConfig `json:"config,omitempty"`
+	}
+
+	varInlineHookChannelOAuthWithoutEmbeddedStruct := InlineHookChannelOAuthWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelOAuthWithoutEmbeddedStruct)
+	if err == nil {
+		varInlineHookChannelOAuth := _InlineHookChannelOAuth{}
+		varInlineHookChannelOAuth.Config = varInlineHookChannelOAuthWithoutEmbeddedStruct.Config
+		*o = InlineHookChannelOAuth(varInlineHookChannelOAuth)
+	} else {
+		return err
+	}
+
+	varInlineHookChannelOAuth := _InlineHookChannelOAuth{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelOAuth)
+	if err == nil {
+		o.InlineHookChannel = varInlineHookChannelOAuth.InlineHookChannel
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "config")
+
+		// remove fields from embedded structs
+		reflectInlineHookChannel := reflect.ValueOf(o.InlineHookChannel)
+		for i := 0; i < reflectInlineHookChannel.Type().NumField(); i++ {
+			t := reflectInlineHookChannel.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannelOAuth struct {
+	value *InlineHookChannelOAuth
+	isSet bool
+}
+
+func (v NullableInlineHookChannelOAuth) Get() *InlineHookChannelOAuth {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelOAuth) Set(val *InlineHookChannelOAuth) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelOAuth) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelOAuth) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelOAuth(val *InlineHookChannelOAuth) *NullableInlineHookChannelOAuth {
+	return &NullableInlineHookChannelOAuth{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelOAuth) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelOAuth) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_o_auth_all_of.go b/okta/model_inline_hook_channel_o_auth_all_of.go
new file mode 100644
index 000000000..dea9dcb40
--- /dev/null
+++ b/okta/model_inline_hook_channel_o_auth_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookChannelOAuthAllOf struct for InlineHookChannelOAuthAllOf
+type InlineHookChannelOAuthAllOf struct {
+	Config               *InlineHookOAuthChannelConfig `json:"config,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookChannelOAuthAllOf InlineHookChannelOAuthAllOf
+
+// NewInlineHookChannelOAuthAllOf instantiates a new InlineHookChannelOAuthAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookChannelOAuthAllOf() *InlineHookChannelOAuthAllOf {
+	this := InlineHookChannelOAuthAllOf{}
+	return &this
+}
+
+// NewInlineHookChannelOAuthAllOfWithDefaults instantiates a new InlineHookChannelOAuthAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookChannelOAuthAllOfWithDefaults() *InlineHookChannelOAuthAllOf {
+	this := InlineHookChannelOAuthAllOf{}
+	return &this
+}
+
+// GetConfig returns the Config field value if set, zero value otherwise.
+func (o *InlineHookChannelOAuthAllOf) GetConfig() InlineHookOAuthChannelConfig {
+	if o == nil || o.Config == nil {
+		var ret InlineHookOAuthChannelConfig
+		return ret
+	}
+	return *o.Config
+}
+
+// GetConfigOk returns a tuple with the Config field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookChannelOAuthAllOf) GetConfigOk() (*InlineHookOAuthChannelConfig, bool) {
+	if o == nil || o.Config == nil {
+		return nil, false
+	}
+	return o.Config, true
+}
+
+// HasConfig returns a boolean if a field has been set.
+func (o *InlineHookChannelOAuthAllOf) HasConfig() bool {
+	if o != nil && o.Config != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConfig gets a reference to the given InlineHookOAuthChannelConfig and assigns it to the Config field.
+func (o *InlineHookChannelOAuthAllOf) SetConfig(v InlineHookOAuthChannelConfig) {
+	o.Config = &v
+}
+
+func (o InlineHookChannelOAuthAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Config != nil {
+		toSerialize["config"] = o.Config
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookChannelOAuthAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookChannelOAuthAllOf := _InlineHookChannelOAuthAllOf{}
+
+	err = json.Unmarshal(bytes, &varInlineHookChannelOAuthAllOf)
+	if err == nil {
+		*o = InlineHookChannelOAuthAllOf(varInlineHookChannelOAuthAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "config")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookChannelOAuthAllOf struct {
+	value *InlineHookChannelOAuthAllOf
+	isSet bool
+}
+
+func (v NullableInlineHookChannelOAuthAllOf) Get() *InlineHookChannelOAuthAllOf {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelOAuthAllOf) Set(val *InlineHookChannelOAuthAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelOAuthAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelOAuthAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelOAuthAllOf(val *InlineHookChannelOAuthAllOf) *NullableInlineHookChannelOAuthAllOf {
+	return &NullableInlineHookChannelOAuthAllOf{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelOAuthAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelOAuthAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_channel_type.go b/okta/model_inline_hook_channel_type.go
new file mode 100644
index 000000000..7b1088687
--- /dev/null
+++ b/okta/model_inline_hook_channel_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// InlineHookChannelType the model 'InlineHookChannelType'
+type InlineHookChannelType string
+
+// List of InlineHookChannelType
+const (
+	INLINEHOOKCHANNELTYPE_HTTP  InlineHookChannelType = "HTTP"
+	INLINEHOOKCHANNELTYPE_OAUTH InlineHookChannelType = "OAUTH"
+)
+
+// All allowed values of InlineHookChannelType enum
+var AllowedInlineHookChannelTypeEnumValues = []InlineHookChannelType{
+	"HTTP",
+	"OAUTH",
+}
+
+func (v *InlineHookChannelType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := InlineHookChannelType(value)
+	for _, existing := range AllowedInlineHookChannelTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid InlineHookChannelType", value)
+}
+
+// NewInlineHookChannelTypeFromValue returns a pointer to a valid InlineHookChannelType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewInlineHookChannelTypeFromValue(v string) (*InlineHookChannelType, error) {
+	ev := InlineHookChannelType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for InlineHookChannelType: valid values are %v", v, AllowedInlineHookChannelTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v InlineHookChannelType) IsValid() bool {
+	for _, existing := range AllowedInlineHookChannelTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to InlineHookChannelType value
+func (v InlineHookChannelType) Ptr() *InlineHookChannelType {
+	return &v
+}
+
+type NullableInlineHookChannelType struct {
+	value *InlineHookChannelType
+	isSet bool
+}
+
+func (v NullableInlineHookChannelType) Get() *InlineHookChannelType {
+	return v.value
+}
+
+func (v *NullableInlineHookChannelType) Set(val *InlineHookChannelType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookChannelType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookChannelType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookChannelType(val *InlineHookChannelType) *NullableInlineHookChannelType {
+	return &NullableInlineHookChannelType{value: val, isSet: true}
+}
+
+func (v NullableInlineHookChannelType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookChannelType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_o_auth_basic_config.go b/okta/model_inline_hook_o_auth_basic_config.go
new file mode 100644
index 000000000..443c10bae
--- /dev/null
+++ b/okta/model_inline_hook_o_auth_basic_config.go
@@ -0,0 +1,417 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookOAuthBasicConfig struct for InlineHookOAuthBasicConfig
+type InlineHookOAuthBasicConfig struct {
+	AuthType             *string                            `json:"authType,omitempty"`
+	ClientId             *string                            `json:"clientId,omitempty"`
+	Scope                *string                            `json:"scope,omitempty"`
+	TokenUrl             *string                            `json:"tokenUrl,omitempty"`
+	AuthScheme           *InlineHookChannelConfigAuthScheme `json:"authScheme,omitempty"`
+	Headers              []InlineHookChannelConfigHeaders   `json:"headers,omitempty"`
+	Method               *string                            `json:"method,omitempty"`
+	Uri                  *string                            `json:"uri,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookOAuthBasicConfig InlineHookOAuthBasicConfig
+
+// NewInlineHookOAuthBasicConfig instantiates a new InlineHookOAuthBasicConfig object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookOAuthBasicConfig() *InlineHookOAuthBasicConfig {
+	this := InlineHookOAuthBasicConfig{}
+	return &this
+}
+
+// NewInlineHookOAuthBasicConfigWithDefaults instantiates a new InlineHookOAuthBasicConfig object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookOAuthBasicConfigWithDefaults() *InlineHookOAuthBasicConfig {
+	this := InlineHookOAuthBasicConfig{}
+	return &this
+}
+
+// GetAuthType returns the AuthType field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetAuthType() string {
+	if o == nil || o.AuthType == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthType
+}
+
+// GetAuthTypeOk returns a tuple with the AuthType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetAuthTypeOk() (*string, bool) {
+	if o == nil || o.AuthType == nil {
+		return nil, false
+	}
+	return o.AuthType, true
+}
+
+// HasAuthType returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasAuthType() bool {
+	if o != nil && o.AuthType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthType gets a reference to the given string and assigns it to the AuthType field.
+func (o *InlineHookOAuthBasicConfig) SetAuthType(v string) {
+	o.AuthType = &v
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *InlineHookOAuthBasicConfig) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetScope() string {
+	if o == nil || o.Scope == nil {
+		var ret string
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetScopeOk() (*string, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given string and assigns it to the Scope field.
+func (o *InlineHookOAuthBasicConfig) SetScope(v string) {
+	o.Scope = &v
+}
+
+// GetTokenUrl returns the TokenUrl field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetTokenUrl() string {
+	if o == nil || o.TokenUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.TokenUrl
+}
+
+// GetTokenUrlOk returns a tuple with the TokenUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetTokenUrlOk() (*string, bool) {
+	if o == nil || o.TokenUrl == nil {
+		return nil, false
+	}
+	return o.TokenUrl, true
+}
+
+// HasTokenUrl returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasTokenUrl() bool {
+	if o != nil && o.TokenUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenUrl gets a reference to the given string and assigns it to the TokenUrl field.
+func (o *InlineHookOAuthBasicConfig) SetTokenUrl(v string) {
+	o.TokenUrl = &v
+}
+
+// GetAuthScheme returns the AuthScheme field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme {
+	if o == nil || o.AuthScheme == nil {
+		var ret InlineHookChannelConfigAuthScheme
+		return ret
+	}
+	return *o.AuthScheme
+}
+
+// GetAuthSchemeOk returns a tuple with the AuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool) {
+	if o == nil || o.AuthScheme == nil {
+		return nil, false
+	}
+	return o.AuthScheme, true
+}
+
+// HasAuthScheme returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasAuthScheme() bool {
+	if o != nil && o.AuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthScheme gets a reference to the given InlineHookChannelConfigAuthScheme and assigns it to the AuthScheme field.
+func (o *InlineHookOAuthBasicConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme) {
+	o.AuthScheme = &v
+}
+
+// GetHeaders returns the Headers field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetHeaders() []InlineHookChannelConfigHeaders {
+	if o == nil || o.Headers == nil {
+		var ret []InlineHookChannelConfigHeaders
+		return ret
+	}
+	return o.Headers
+}
+
+// GetHeadersOk returns a tuple with the Headers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetHeadersOk() ([]InlineHookChannelConfigHeaders, bool) {
+	if o == nil || o.Headers == nil {
+		return nil, false
+	}
+	return o.Headers, true
+}
+
+// HasHeaders returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasHeaders() bool {
+	if o != nil && o.Headers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHeaders gets a reference to the given []InlineHookChannelConfigHeaders and assigns it to the Headers field.
+func (o *InlineHookOAuthBasicConfig) SetHeaders(v []InlineHookChannelConfigHeaders) {
+	o.Headers = v
+}
+
+// GetMethod returns the Method field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetMethod() string {
+	if o == nil || o.Method == nil {
+		var ret string
+		return ret
+	}
+	return *o.Method
+}
+
+// GetMethodOk returns a tuple with the Method field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetMethodOk() (*string, bool) {
+	if o == nil || o.Method == nil {
+		return nil, false
+	}
+	return o.Method, true
+}
+
+// HasMethod returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasMethod() bool {
+	if o != nil && o.Method != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMethod gets a reference to the given string and assigns it to the Method field.
+func (o *InlineHookOAuthBasicConfig) SetMethod(v string) {
+	o.Method = &v
+}
+
+// GetUri returns the Uri field value if set, zero value otherwise.
+func (o *InlineHookOAuthBasicConfig) GetUri() string {
+	if o == nil || o.Uri == nil {
+		var ret string
+		return ret
+	}
+	return *o.Uri
+}
+
+// GetUriOk returns a tuple with the Uri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthBasicConfig) GetUriOk() (*string, bool) {
+	if o == nil || o.Uri == nil {
+		return nil, false
+	}
+	return o.Uri, true
+}
+
+// HasUri returns a boolean if a field has been set.
+func (o *InlineHookOAuthBasicConfig) HasUri() bool {
+	if o != nil && o.Uri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUri gets a reference to the given string and assigns it to the Uri field.
+func (o *InlineHookOAuthBasicConfig) SetUri(v string) {
+	o.Uri = &v
+}
+
+func (o InlineHookOAuthBasicConfig) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthType != nil {
+		toSerialize["authType"] = o.AuthType
+	}
+	if o.ClientId != nil {
+		toSerialize["clientId"] = o.ClientId
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+	if o.TokenUrl != nil {
+		toSerialize["tokenUrl"] = o.TokenUrl
+	}
+	if o.AuthScheme != nil {
+		toSerialize["authScheme"] = o.AuthScheme
+	}
+	if o.Headers != nil {
+		toSerialize["headers"] = o.Headers
+	}
+	if o.Method != nil {
+		toSerialize["method"] = o.Method
+	}
+	if o.Uri != nil {
+		toSerialize["uri"] = o.Uri
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookOAuthBasicConfig) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookOAuthBasicConfig := _InlineHookOAuthBasicConfig{}
+
+	err = json.Unmarshal(bytes, &varInlineHookOAuthBasicConfig)
+	if err == nil {
+		*o = InlineHookOAuthBasicConfig(varInlineHookOAuthBasicConfig)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authType")
+		delete(additionalProperties, "clientId")
+		delete(additionalProperties, "scope")
+		delete(additionalProperties, "tokenUrl")
+		delete(additionalProperties, "authScheme")
+		delete(additionalProperties, "headers")
+		delete(additionalProperties, "method")
+		delete(additionalProperties, "uri")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookOAuthBasicConfig struct {
+	value *InlineHookOAuthBasicConfig
+	isSet bool
+}
+
+func (v NullableInlineHookOAuthBasicConfig) Get() *InlineHookOAuthBasicConfig {
+	return v.value
+}
+
+func (v *NullableInlineHookOAuthBasicConfig) Set(val *InlineHookOAuthBasicConfig) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookOAuthBasicConfig) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookOAuthBasicConfig) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookOAuthBasicConfig(val *InlineHookOAuthBasicConfig) *NullableInlineHookOAuthBasicConfig {
+	return &NullableInlineHookOAuthBasicConfig{value: val, isSet: true}
+}
+
+func (v NullableInlineHookOAuthBasicConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookOAuthBasicConfig) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_o_auth_channel_config.go b/okta/model_inline_hook_o_auth_channel_config.go
new file mode 100644
index 000000000..eb058d4b1
--- /dev/null
+++ b/okta/model_inline_hook_o_auth_channel_config.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookOAuthChannelConfig struct for InlineHookOAuthChannelConfig
+type InlineHookOAuthChannelConfig struct {
+	AuthType             *string `json:"authType,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookOAuthChannelConfig InlineHookOAuthChannelConfig
+
+// NewInlineHookOAuthChannelConfig instantiates a new InlineHookOAuthChannelConfig object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookOAuthChannelConfig() *InlineHookOAuthChannelConfig {
+	this := InlineHookOAuthChannelConfig{}
+	return &this
+}
+
+// NewInlineHookOAuthChannelConfigWithDefaults instantiates a new InlineHookOAuthChannelConfig object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookOAuthChannelConfigWithDefaults() *InlineHookOAuthChannelConfig {
+	this := InlineHookOAuthChannelConfig{}
+	return &this
+}
+
+// GetAuthType returns the AuthType field value if set, zero value otherwise.
+func (o *InlineHookOAuthChannelConfig) GetAuthType() string {
+	if o == nil || o.AuthType == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthType
+}
+
+// GetAuthTypeOk returns a tuple with the AuthType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthChannelConfig) GetAuthTypeOk() (*string, bool) {
+	if o == nil || o.AuthType == nil {
+		return nil, false
+	}
+	return o.AuthType, true
+}
+
+// HasAuthType returns a boolean if a field has been set.
+func (o *InlineHookOAuthChannelConfig) HasAuthType() bool {
+	if o != nil && o.AuthType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthType gets a reference to the given string and assigns it to the AuthType field.
+func (o *InlineHookOAuthChannelConfig) SetAuthType(v string) {
+	o.AuthType = &v
+}
+
+func (o InlineHookOAuthChannelConfig) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthType != nil {
+		toSerialize["authType"] = o.AuthType
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookOAuthChannelConfig) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookOAuthChannelConfig := _InlineHookOAuthChannelConfig{}
+
+	err = json.Unmarshal(bytes, &varInlineHookOAuthChannelConfig)
+	if err == nil {
+		*o = InlineHookOAuthChannelConfig(varInlineHookOAuthChannelConfig)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authType")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookOAuthChannelConfig struct {
+	value *InlineHookOAuthChannelConfig
+	isSet bool
+}
+
+func (v NullableInlineHookOAuthChannelConfig) Get() *InlineHookOAuthChannelConfig {
+	return v.value
+}
+
+func (v *NullableInlineHookOAuthChannelConfig) Set(val *InlineHookOAuthChannelConfig) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookOAuthChannelConfig) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookOAuthChannelConfig) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookOAuthChannelConfig(val *InlineHookOAuthChannelConfig) *NullableInlineHookOAuthChannelConfig {
+	return &NullableInlineHookOAuthChannelConfig{value: val, isSet: true}
+}
+
+func (v NullableInlineHookOAuthChannelConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookOAuthChannelConfig) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_o_auth_client_secret_config.go b/okta/model_inline_hook_o_auth_client_secret_config.go
new file mode 100644
index 000000000..3c5df7ccc
--- /dev/null
+++ b/okta/model_inline_hook_o_auth_client_secret_config.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookOAuthClientSecretConfig struct for InlineHookOAuthClientSecretConfig
+type InlineHookOAuthClientSecretConfig struct {
+	ClientSecret         *string                            `json:"clientSecret,omitempty"`
+	AuthScheme           *InlineHookChannelConfigAuthScheme `json:"authScheme,omitempty"`
+	Headers              []InlineHookChannelConfigHeaders   `json:"headers,omitempty"`
+	Method               *string                            `json:"method,omitempty"`
+	Uri                  *string                            `json:"uri,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookOAuthClientSecretConfig InlineHookOAuthClientSecretConfig
+
+// NewInlineHookOAuthClientSecretConfig instantiates a new InlineHookOAuthClientSecretConfig object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookOAuthClientSecretConfig() *InlineHookOAuthClientSecretConfig {
+	this := InlineHookOAuthClientSecretConfig{}
+	return &this
+}
+
+// NewInlineHookOAuthClientSecretConfigWithDefaults instantiates a new InlineHookOAuthClientSecretConfig object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookOAuthClientSecretConfigWithDefaults() *InlineHookOAuthClientSecretConfig {
+	this := InlineHookOAuthClientSecretConfig{}
+	return &this
+}
+
+// GetClientSecret returns the ClientSecret field value if set, zero value otherwise.
+func (o *InlineHookOAuthClientSecretConfig) GetClientSecret() string {
+	if o == nil || o.ClientSecret == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientSecret
+}
+
+// GetClientSecretOk returns a tuple with the ClientSecret field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthClientSecretConfig) GetClientSecretOk() (*string, bool) {
+	if o == nil || o.ClientSecret == nil {
+		return nil, false
+	}
+	return o.ClientSecret, true
+}
+
+// HasClientSecret returns a boolean if a field has been set.
+func (o *InlineHookOAuthClientSecretConfig) HasClientSecret() bool {
+	if o != nil && o.ClientSecret != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientSecret gets a reference to the given string and assigns it to the ClientSecret field.
+func (o *InlineHookOAuthClientSecretConfig) SetClientSecret(v string) {
+	o.ClientSecret = &v
+}
+
+// GetAuthScheme returns the AuthScheme field value if set, zero value otherwise.
+func (o *InlineHookOAuthClientSecretConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme {
+	if o == nil || o.AuthScheme == nil {
+		var ret InlineHookChannelConfigAuthScheme
+		return ret
+	}
+	return *o.AuthScheme
+}
+
+// GetAuthSchemeOk returns a tuple with the AuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthClientSecretConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool) {
+	if o == nil || o.AuthScheme == nil {
+		return nil, false
+	}
+	return o.AuthScheme, true
+}
+
+// HasAuthScheme returns a boolean if a field has been set.
+func (o *InlineHookOAuthClientSecretConfig) HasAuthScheme() bool {
+	if o != nil && o.AuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthScheme gets a reference to the given InlineHookChannelConfigAuthScheme and assigns it to the AuthScheme field.
+func (o *InlineHookOAuthClientSecretConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme) {
+	o.AuthScheme = &v
+}
+
+// GetHeaders returns the Headers field value if set, zero value otherwise.
+func (o *InlineHookOAuthClientSecretConfig) GetHeaders() []InlineHookChannelConfigHeaders {
+	if o == nil || o.Headers == nil {
+		var ret []InlineHookChannelConfigHeaders
+		return ret
+	}
+	return o.Headers
+}
+
+// GetHeadersOk returns a tuple with the Headers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthClientSecretConfig) GetHeadersOk() ([]InlineHookChannelConfigHeaders, bool) {
+	if o == nil || o.Headers == nil {
+		return nil, false
+	}
+	return o.Headers, true
+}
+
+// HasHeaders returns a boolean if a field has been set.
+func (o *InlineHookOAuthClientSecretConfig) HasHeaders() bool {
+	if o != nil && o.Headers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHeaders gets a reference to the given []InlineHookChannelConfigHeaders and assigns it to the Headers field.
+func (o *InlineHookOAuthClientSecretConfig) SetHeaders(v []InlineHookChannelConfigHeaders) {
+	o.Headers = v
+}
+
+// GetMethod returns the Method field value if set, zero value otherwise.
+func (o *InlineHookOAuthClientSecretConfig) GetMethod() string {
+	if o == nil || o.Method == nil {
+		var ret string
+		return ret
+	}
+	return *o.Method
+}
+
+// GetMethodOk returns a tuple with the Method field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthClientSecretConfig) GetMethodOk() (*string, bool) {
+	if o == nil || o.Method == nil {
+		return nil, false
+	}
+	return o.Method, true
+}
+
+// HasMethod returns a boolean if a field has been set.
+func (o *InlineHookOAuthClientSecretConfig) HasMethod() bool {
+	if o != nil && o.Method != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMethod gets a reference to the given string and assigns it to the Method field.
+func (o *InlineHookOAuthClientSecretConfig) SetMethod(v string) {
+	o.Method = &v
+}
+
+// GetUri returns the Uri field value if set, zero value otherwise.
+func (o *InlineHookOAuthClientSecretConfig) GetUri() string {
+	if o == nil || o.Uri == nil {
+		var ret string
+		return ret
+	}
+	return *o.Uri
+}
+
+// GetUriOk returns a tuple with the Uri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthClientSecretConfig) GetUriOk() (*string, bool) {
+	if o == nil || o.Uri == nil {
+		return nil, false
+	}
+	return o.Uri, true
+}
+
+// HasUri returns a boolean if a field has been set.
+func (o *InlineHookOAuthClientSecretConfig) HasUri() bool {
+	if o != nil && o.Uri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUri gets a reference to the given string and assigns it to the Uri field.
+func (o *InlineHookOAuthClientSecretConfig) SetUri(v string) {
+	o.Uri = &v
+}
+
+func (o InlineHookOAuthClientSecretConfig) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ClientSecret != nil {
+		toSerialize["clientSecret"] = o.ClientSecret
+	}
+	if o.AuthScheme != nil {
+		toSerialize["authScheme"] = o.AuthScheme
+	}
+	if o.Headers != nil {
+		toSerialize["headers"] = o.Headers
+	}
+	if o.Method != nil {
+		toSerialize["method"] = o.Method
+	}
+	if o.Uri != nil {
+		toSerialize["uri"] = o.Uri
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookOAuthClientSecretConfig) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookOAuthClientSecretConfig := _InlineHookOAuthClientSecretConfig{}
+
+	err = json.Unmarshal(bytes, &varInlineHookOAuthClientSecretConfig)
+	if err == nil {
+		*o = InlineHookOAuthClientSecretConfig(varInlineHookOAuthClientSecretConfig)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "clientSecret")
+		delete(additionalProperties, "authScheme")
+		delete(additionalProperties, "headers")
+		delete(additionalProperties, "method")
+		delete(additionalProperties, "uri")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookOAuthClientSecretConfig struct {
+	value *InlineHookOAuthClientSecretConfig
+	isSet bool
+}
+
+func (v NullableInlineHookOAuthClientSecretConfig) Get() *InlineHookOAuthClientSecretConfig {
+	return v.value
+}
+
+func (v *NullableInlineHookOAuthClientSecretConfig) Set(val *InlineHookOAuthClientSecretConfig) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookOAuthClientSecretConfig) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookOAuthClientSecretConfig) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookOAuthClientSecretConfig(val *InlineHookOAuthClientSecretConfig) *NullableInlineHookOAuthClientSecretConfig {
+	return &NullableInlineHookOAuthClientSecretConfig{value: val, isSet: true}
+}
+
+func (v NullableInlineHookOAuthClientSecretConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookOAuthClientSecretConfig) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_o_auth_private_key_jwt_config.go b/okta/model_inline_hook_o_auth_private_key_jwt_config.go
new file mode 100644
index 000000000..0d19085d9
--- /dev/null
+++ b/okta/model_inline_hook_o_auth_private_key_jwt_config.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookOAuthPrivateKeyJwtConfig struct for InlineHookOAuthPrivateKeyJwtConfig
+type InlineHookOAuthPrivateKeyJwtConfig struct {
+	HookKeyId            *string                            `json:"hookKeyId,omitempty"`
+	AuthScheme           *InlineHookChannelConfigAuthScheme `json:"authScheme,omitempty"`
+	Headers              []InlineHookChannelConfigHeaders   `json:"headers,omitempty"`
+	Method               *string                            `json:"method,omitempty"`
+	Uri                  *string                            `json:"uri,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookOAuthPrivateKeyJwtConfig InlineHookOAuthPrivateKeyJwtConfig
+
+// NewInlineHookOAuthPrivateKeyJwtConfig instantiates a new InlineHookOAuthPrivateKeyJwtConfig object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookOAuthPrivateKeyJwtConfig() *InlineHookOAuthPrivateKeyJwtConfig {
+	this := InlineHookOAuthPrivateKeyJwtConfig{}
+	return &this
+}
+
+// NewInlineHookOAuthPrivateKeyJwtConfigWithDefaults instantiates a new InlineHookOAuthPrivateKeyJwtConfig object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookOAuthPrivateKeyJwtConfigWithDefaults() *InlineHookOAuthPrivateKeyJwtConfig {
+	this := InlineHookOAuthPrivateKeyJwtConfig{}
+	return &this
+}
+
+// GetHookKeyId returns the HookKeyId field value if set, zero value otherwise.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHookKeyId() string {
+	if o == nil || o.HookKeyId == nil {
+		var ret string
+		return ret
+	}
+	return *o.HookKeyId
+}
+
+// GetHookKeyIdOk returns a tuple with the HookKeyId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHookKeyIdOk() (*string, bool) {
+	if o == nil || o.HookKeyId == nil {
+		return nil, false
+	}
+	return o.HookKeyId, true
+}
+
+// HasHookKeyId returns a boolean if a field has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) HasHookKeyId() bool {
+	if o != nil && o.HookKeyId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHookKeyId gets a reference to the given string and assigns it to the HookKeyId field.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) SetHookKeyId(v string) {
+	o.HookKeyId = &v
+}
+
+// GetAuthScheme returns the AuthScheme field value if set, zero value otherwise.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetAuthScheme() InlineHookChannelConfigAuthScheme {
+	if o == nil || o.AuthScheme == nil {
+		var ret InlineHookChannelConfigAuthScheme
+		return ret
+	}
+	return *o.AuthScheme
+}
+
+// GetAuthSchemeOk returns a tuple with the AuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetAuthSchemeOk() (*InlineHookChannelConfigAuthScheme, bool) {
+	if o == nil || o.AuthScheme == nil {
+		return nil, false
+	}
+	return o.AuthScheme, true
+}
+
+// HasAuthScheme returns a boolean if a field has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) HasAuthScheme() bool {
+	if o != nil && o.AuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthScheme gets a reference to the given InlineHookChannelConfigAuthScheme and assigns it to the AuthScheme field.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) SetAuthScheme(v InlineHookChannelConfigAuthScheme) {
+	o.AuthScheme = &v
+}
+
+// GetHeaders returns the Headers field value if set, zero value otherwise.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHeaders() []InlineHookChannelConfigHeaders {
+	if o == nil || o.Headers == nil {
+		var ret []InlineHookChannelConfigHeaders
+		return ret
+	}
+	return o.Headers
+}
+
+// GetHeadersOk returns a tuple with the Headers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetHeadersOk() ([]InlineHookChannelConfigHeaders, bool) {
+	if o == nil || o.Headers == nil {
+		return nil, false
+	}
+	return o.Headers, true
+}
+
+// HasHeaders returns a boolean if a field has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) HasHeaders() bool {
+	if o != nil && o.Headers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHeaders gets a reference to the given []InlineHookChannelConfigHeaders and assigns it to the Headers field.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) SetHeaders(v []InlineHookChannelConfigHeaders) {
+	o.Headers = v
+}
+
+// GetMethod returns the Method field value if set, zero value otherwise.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetMethod() string {
+	if o == nil || o.Method == nil {
+		var ret string
+		return ret
+	}
+	return *o.Method
+}
+
+// GetMethodOk returns a tuple with the Method field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetMethodOk() (*string, bool) {
+	if o == nil || o.Method == nil {
+		return nil, false
+	}
+	return o.Method, true
+}
+
+// HasMethod returns a boolean if a field has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) HasMethod() bool {
+	if o != nil && o.Method != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMethod gets a reference to the given string and assigns it to the Method field.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) SetMethod(v string) {
+	o.Method = &v
+}
+
+// GetUri returns the Uri field value if set, zero value otherwise.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetUri() string {
+	if o == nil || o.Uri == nil {
+		var ret string
+		return ret
+	}
+	return *o.Uri
+}
+
+// GetUriOk returns a tuple with the Uri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) GetUriOk() (*string, bool) {
+	if o == nil || o.Uri == nil {
+		return nil, false
+	}
+	return o.Uri, true
+}
+
+// HasUri returns a boolean if a field has been set.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) HasUri() bool {
+	if o != nil && o.Uri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUri gets a reference to the given string and assigns it to the Uri field.
+func (o *InlineHookOAuthPrivateKeyJwtConfig) SetUri(v string) {
+	o.Uri = &v
+}
+
+func (o InlineHookOAuthPrivateKeyJwtConfig) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.HookKeyId != nil {
+		toSerialize["hookKeyId"] = o.HookKeyId
+	}
+	if o.AuthScheme != nil {
+		toSerialize["authScheme"] = o.AuthScheme
+	}
+	if o.Headers != nil {
+		toSerialize["headers"] = o.Headers
+	}
+	if o.Method != nil {
+		toSerialize["method"] = o.Method
+	}
+	if o.Uri != nil {
+		toSerialize["uri"] = o.Uri
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookOAuthPrivateKeyJwtConfig) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookOAuthPrivateKeyJwtConfig := _InlineHookOAuthPrivateKeyJwtConfig{}
+
+	err = json.Unmarshal(bytes, &varInlineHookOAuthPrivateKeyJwtConfig)
+	if err == nil {
+		*o = InlineHookOAuthPrivateKeyJwtConfig(varInlineHookOAuthPrivateKeyJwtConfig)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "hookKeyId")
+		delete(additionalProperties, "authScheme")
+		delete(additionalProperties, "headers")
+		delete(additionalProperties, "method")
+		delete(additionalProperties, "uri")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookOAuthPrivateKeyJwtConfig struct {
+	value *InlineHookOAuthPrivateKeyJwtConfig
+	isSet bool
+}
+
+func (v NullableInlineHookOAuthPrivateKeyJwtConfig) Get() *InlineHookOAuthPrivateKeyJwtConfig {
+	return v.value
+}
+
+func (v *NullableInlineHookOAuthPrivateKeyJwtConfig) Set(val *InlineHookOAuthPrivateKeyJwtConfig) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookOAuthPrivateKeyJwtConfig) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookOAuthPrivateKeyJwtConfig) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookOAuthPrivateKeyJwtConfig(val *InlineHookOAuthPrivateKeyJwtConfig) *NullableInlineHookOAuthPrivateKeyJwtConfig {
+	return &NullableInlineHookOAuthPrivateKeyJwtConfig{value: val, isSet: true}
+}
+
+func (v NullableInlineHookOAuthPrivateKeyJwtConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookOAuthPrivateKeyJwtConfig) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_response.go b/okta/model_inline_hook_response.go
new file mode 100644
index 000000000..ab70ec7fc
--- /dev/null
+++ b/okta/model_inline_hook_response.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookResponse struct for InlineHookResponse
+type InlineHookResponse struct {
+	Commands             []InlineHookResponseCommands `json:"commands,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookResponse InlineHookResponse
+
+// NewInlineHookResponse instantiates a new InlineHookResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookResponse() *InlineHookResponse {
+	this := InlineHookResponse{}
+	return &this
+}
+
+// NewInlineHookResponseWithDefaults instantiates a new InlineHookResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookResponseWithDefaults() *InlineHookResponse {
+	this := InlineHookResponse{}
+	return &this
+}
+
+// GetCommands returns the Commands field value if set, zero value otherwise.
+func (o *InlineHookResponse) GetCommands() []InlineHookResponseCommands {
+	if o == nil || o.Commands == nil {
+		var ret []InlineHookResponseCommands
+		return ret
+	}
+	return o.Commands
+}
+
+// GetCommandsOk returns a tuple with the Commands field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookResponse) GetCommandsOk() ([]InlineHookResponseCommands, bool) {
+	if o == nil || o.Commands == nil {
+		return nil, false
+	}
+	return o.Commands, true
+}
+
+// HasCommands returns a boolean if a field has been set.
+func (o *InlineHookResponse) HasCommands() bool {
+	if o != nil && o.Commands != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCommands gets a reference to the given []InlineHookResponseCommands and assigns it to the Commands field.
+func (o *InlineHookResponse) SetCommands(v []InlineHookResponseCommands) {
+	o.Commands = v
+}
+
+func (o InlineHookResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Commands != nil {
+		toSerialize["commands"] = o.Commands
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookResponse := _InlineHookResponse{}
+
+	err = json.Unmarshal(bytes, &varInlineHookResponse)
+	if err == nil {
+		*o = InlineHookResponse(varInlineHookResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "commands")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookResponse struct {
+	value *InlineHookResponse
+	isSet bool
+}
+
+func (v NullableInlineHookResponse) Get() *InlineHookResponse {
+	return v.value
+}
+
+func (v *NullableInlineHookResponse) Set(val *InlineHookResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookResponse(val *InlineHookResponse) *NullableInlineHookResponse {
+	return &NullableInlineHookResponse{value: val, isSet: true}
+}
+
+func (v NullableInlineHookResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_response_command_value.go b/okta/model_inline_hook_response_command_value.go
new file mode 100644
index 000000000..a5ebe3a2e
--- /dev/null
+++ b/okta/model_inline_hook_response_command_value.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookResponseCommandValue struct for InlineHookResponseCommandValue
+type InlineHookResponseCommandValue struct {
+	Op                   *string `json:"op,omitempty"`
+	Path                 *string `json:"path,omitempty"`
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookResponseCommandValue InlineHookResponseCommandValue
+
+// NewInlineHookResponseCommandValue instantiates a new InlineHookResponseCommandValue object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookResponseCommandValue() *InlineHookResponseCommandValue {
+	this := InlineHookResponseCommandValue{}
+	return &this
+}
+
+// NewInlineHookResponseCommandValueWithDefaults instantiates a new InlineHookResponseCommandValue object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookResponseCommandValueWithDefaults() *InlineHookResponseCommandValue {
+	this := InlineHookResponseCommandValue{}
+	return &this
+}
+
+// GetOp returns the Op field value if set, zero value otherwise.
+func (o *InlineHookResponseCommandValue) GetOp() string {
+	if o == nil || o.Op == nil {
+		var ret string
+		return ret
+	}
+	return *o.Op
+}
+
+// GetOpOk returns a tuple with the Op field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookResponseCommandValue) GetOpOk() (*string, bool) {
+	if o == nil || o.Op == nil {
+		return nil, false
+	}
+	return o.Op, true
+}
+
+// HasOp returns a boolean if a field has been set.
+func (o *InlineHookResponseCommandValue) HasOp() bool {
+	if o != nil && o.Op != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOp gets a reference to the given string and assigns it to the Op field.
+func (o *InlineHookResponseCommandValue) SetOp(v string) {
+	o.Op = &v
+}
+
+// GetPath returns the Path field value if set, zero value otherwise.
+func (o *InlineHookResponseCommandValue) GetPath() string {
+	if o == nil || o.Path == nil {
+		var ret string
+		return ret
+	}
+	return *o.Path
+}
+
+// GetPathOk returns a tuple with the Path field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookResponseCommandValue) GetPathOk() (*string, bool) {
+	if o == nil || o.Path == nil {
+		return nil, false
+	}
+	return o.Path, true
+}
+
+// HasPath returns a boolean if a field has been set.
+func (o *InlineHookResponseCommandValue) HasPath() bool {
+	if o != nil && o.Path != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPath gets a reference to the given string and assigns it to the Path field.
+func (o *InlineHookResponseCommandValue) SetPath(v string) {
+	o.Path = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *InlineHookResponseCommandValue) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookResponseCommandValue) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *InlineHookResponseCommandValue) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *InlineHookResponseCommandValue) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o InlineHookResponseCommandValue) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Op != nil {
+		toSerialize["op"] = o.Op
+	}
+	if o.Path != nil {
+		toSerialize["path"] = o.Path
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookResponseCommandValue) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookResponseCommandValue := _InlineHookResponseCommandValue{}
+
+	err = json.Unmarshal(bytes, &varInlineHookResponseCommandValue)
+	if err == nil {
+		*o = InlineHookResponseCommandValue(varInlineHookResponseCommandValue)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "op")
+		delete(additionalProperties, "path")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookResponseCommandValue struct {
+	value *InlineHookResponseCommandValue
+	isSet bool
+}
+
+func (v NullableInlineHookResponseCommandValue) Get() *InlineHookResponseCommandValue {
+	return v.value
+}
+
+func (v *NullableInlineHookResponseCommandValue) Set(val *InlineHookResponseCommandValue) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookResponseCommandValue) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookResponseCommandValue) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookResponseCommandValue(val *InlineHookResponseCommandValue) *NullableInlineHookResponseCommandValue {
+	return &NullableInlineHookResponseCommandValue{value: val, isSet: true}
+}
+
+func (v NullableInlineHookResponseCommandValue) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookResponseCommandValue) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_response_commands.go b/okta/model_inline_hook_response_commands.go
new file mode 100644
index 000000000..bb846e0ea
--- /dev/null
+++ b/okta/model_inline_hook_response_commands.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// InlineHookResponseCommands struct for InlineHookResponseCommands
+type InlineHookResponseCommands struct {
+	Type                 *string                          `json:"type,omitempty"`
+	Value                []InlineHookResponseCommandValue `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _InlineHookResponseCommands InlineHookResponseCommands
+
+// NewInlineHookResponseCommands instantiates a new InlineHookResponseCommands object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewInlineHookResponseCommands() *InlineHookResponseCommands {
+	this := InlineHookResponseCommands{}
+	return &this
+}
+
+// NewInlineHookResponseCommandsWithDefaults instantiates a new InlineHookResponseCommands object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewInlineHookResponseCommandsWithDefaults() *InlineHookResponseCommands {
+	this := InlineHookResponseCommands{}
+	return &this
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *InlineHookResponseCommands) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookResponseCommands) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *InlineHookResponseCommands) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *InlineHookResponseCommands) SetType(v string) {
+	o.Type = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *InlineHookResponseCommands) GetValue() []InlineHookResponseCommandValue {
+	if o == nil || o.Value == nil {
+		var ret []InlineHookResponseCommandValue
+		return ret
+	}
+	return o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *InlineHookResponseCommands) GetValueOk() ([]InlineHookResponseCommandValue, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *InlineHookResponseCommands) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given []InlineHookResponseCommandValue and assigns it to the Value field.
+func (o *InlineHookResponseCommands) SetValue(v []InlineHookResponseCommandValue) {
+	o.Value = v
+}
+
+func (o InlineHookResponseCommands) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *InlineHookResponseCommands) UnmarshalJSON(bytes []byte) (err error) {
+	varInlineHookResponseCommands := _InlineHookResponseCommands{}
+
+	err = json.Unmarshal(bytes, &varInlineHookResponseCommands)
+	if err == nil {
+		*o = InlineHookResponseCommands(varInlineHookResponseCommands)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableInlineHookResponseCommands struct {
+	value *InlineHookResponseCommands
+	isSet bool
+}
+
+func (v NullableInlineHookResponseCommands) Get() *InlineHookResponseCommands {
+	return v.value
+}
+
+func (v *NullableInlineHookResponseCommands) Set(val *InlineHookResponseCommands) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookResponseCommands) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookResponseCommands) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookResponseCommands(val *InlineHookResponseCommands) *NullableInlineHookResponseCommands {
+	return &NullableInlineHookResponseCommands{value: val, isSet: true}
+}
+
+func (v NullableInlineHookResponseCommands) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookResponseCommands) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_status.go b/okta/model_inline_hook_status.go
new file mode 100644
index 000000000..d45ea3010
--- /dev/null
+++ b/okta/model_inline_hook_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// InlineHookStatus the model 'InlineHookStatus'
+type InlineHookStatus string
+
+// List of InlineHookStatus
+const (
+	INLINEHOOKSTATUS_ACTIVE   InlineHookStatus = "ACTIVE"
+	INLINEHOOKSTATUS_INACTIVE InlineHookStatus = "INACTIVE"
+)
+
+// All allowed values of InlineHookStatus enum
+var AllowedInlineHookStatusEnumValues = []InlineHookStatus{
+	"ACTIVE",
+	"INACTIVE",
+}
+
+func (v *InlineHookStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := InlineHookStatus(value)
+	for _, existing := range AllowedInlineHookStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid InlineHookStatus", value)
+}
+
+// NewInlineHookStatusFromValue returns a pointer to a valid InlineHookStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewInlineHookStatusFromValue(v string) (*InlineHookStatus, error) {
+	ev := InlineHookStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for InlineHookStatus: valid values are %v", v, AllowedInlineHookStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v InlineHookStatus) IsValid() bool {
+	for _, existing := range AllowedInlineHookStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to InlineHookStatus value
+func (v InlineHookStatus) Ptr() *InlineHookStatus {
+	return &v
+}
+
+type NullableInlineHookStatus struct {
+	value *InlineHookStatus
+	isSet bool
+}
+
+func (v NullableInlineHookStatus) Get() *InlineHookStatus {
+	return v.value
+}
+
+func (v *NullableInlineHookStatus) Set(val *InlineHookStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookStatus(val *InlineHookStatus) *NullableInlineHookStatus {
+	return &NullableInlineHookStatus{value: val, isSet: true}
+}
+
+func (v NullableInlineHookStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_inline_hook_type.go b/okta/model_inline_hook_type.go
new file mode 100644
index 000000000..aa2597b2f
--- /dev/null
+++ b/okta/model_inline_hook_type.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// InlineHookType the model 'InlineHookType'
+type InlineHookType string
+
+// List of InlineHookType
+const (
+	INLINEHOOKTYPE_IMPORT_TRANSFORM                InlineHookType = "com.okta.import.transform"
+	INLINEHOOKTYPE_OAUTH2_TOKENS_TRANSFORM         InlineHookType = "com.okta.oauth2.tokens.transform"
+	INLINEHOOKTYPE_SAML_TOKENS_TRANSFORM           InlineHookType = "com.okta.saml.tokens.transform"
+	INLINEHOOKTYPE_USER_CREDENTIAL_PASSWORD_IMPORT InlineHookType = "com.okta.user.credential.password.import"
+	INLINEHOOKTYPE_USER_PRE_REGISTRATION           InlineHookType = "com.okta.user.pre-registration"
+)
+
+// All allowed values of InlineHookType enum
+var AllowedInlineHookTypeEnumValues = []InlineHookType{
+	"com.okta.import.transform",
+	"com.okta.oauth2.tokens.transform",
+	"com.okta.saml.tokens.transform",
+	"com.okta.user.credential.password.import",
+	"com.okta.user.pre-registration",
+}
+
+func (v *InlineHookType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := InlineHookType(value)
+	for _, existing := range AllowedInlineHookTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid InlineHookType", value)
+}
+
+// NewInlineHookTypeFromValue returns a pointer to a valid InlineHookType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewInlineHookTypeFromValue(v string) (*InlineHookType, error) {
+	ev := InlineHookType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for InlineHookType: valid values are %v", v, AllowedInlineHookTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v InlineHookType) IsValid() bool {
+	for _, existing := range AllowedInlineHookTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to InlineHookType value
+func (v InlineHookType) Ptr() *InlineHookType {
+	return &v
+}
+
+type NullableInlineHookType struct {
+	value *InlineHookType
+	isSet bool
+}
+
+func (v NullableInlineHookType) Get() *InlineHookType {
+	return v.value
+}
+
+func (v *NullableInlineHookType) Set(val *InlineHookType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInlineHookType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInlineHookType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInlineHookType(val *InlineHookType) *NullableInlineHookType {
+	return &NullableInlineHookType{value: val, isSet: true}
+}
+
+func (v NullableInlineHookType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInlineHookType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_issuer_mode.go b/okta/model_issuer_mode.go
new file mode 100644
index 000000000..dcbc3dced
--- /dev/null
+++ b/okta/model_issuer_mode.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// IssuerMode the model 'IssuerMode'
+type IssuerMode string
+
+// List of IssuerMode
+const (
+	ISSUERMODE_CUSTOM_URL IssuerMode = "CUSTOM_URL"
+	ISSUERMODE_DYNAMIC    IssuerMode = "DYNAMIC"
+	ISSUERMODE_ORG_URL    IssuerMode = "ORG_URL"
+)
+
+// All allowed values of IssuerMode enum
+var AllowedIssuerModeEnumValues = []IssuerMode{
+	"CUSTOM_URL",
+	"DYNAMIC",
+	"ORG_URL",
+}
+
+func (v *IssuerMode) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := IssuerMode(value)
+	for _, existing := range AllowedIssuerModeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid IssuerMode", value)
+}
+
+// NewIssuerModeFromValue returns a pointer to a valid IssuerMode
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewIssuerModeFromValue(v string) (*IssuerMode, error) {
+	ev := IssuerMode(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for IssuerMode: valid values are %v", v, AllowedIssuerModeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v IssuerMode) IsValid() bool {
+	for _, existing := range AllowedIssuerModeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to IssuerMode value
+func (v IssuerMode) Ptr() *IssuerMode {
+	return &v
+}
+
+type NullableIssuerMode struct {
+	value *IssuerMode
+	isSet bool
+}
+
+func (v NullableIssuerMode) Get() *IssuerMode {
+	return v.value
+}
+
+func (v *NullableIssuerMode) Set(val *IssuerMode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableIssuerMode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableIssuerMode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableIssuerMode(val *IssuerMode) *NullableIssuerMode {
+	return &NullableIssuerMode{value: val, isSet: true}
+}
+
+func (v NullableIssuerMode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableIssuerMode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_json_web_key.go b/okta/model_json_web_key.go
new file mode 100644
index 000000000..4fe53f66f
--- /dev/null
+++ b/okta/model_json_web_key.go
@@ -0,0 +1,714 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// JsonWebKey struct for JsonWebKey
+type JsonWebKey struct {
+	Alg                  *string                           `json:"alg,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	E                    *string                           `json:"e,omitempty"`
+	ExpiresAt            *time.Time                        `json:"expiresAt,omitempty"`
+	KeyOps               []string                          `json:"key_ops,omitempty"`
+	Kid                  *string                           `json:"kid,omitempty"`
+	Kty                  *string                           `json:"kty,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	N                    *string                           `json:"n,omitempty"`
+	Status               *string                           `json:"status,omitempty"`
+	Use                  *string                           `json:"use,omitempty"`
+	X5c                  []string                          `json:"x5c,omitempty"`
+	X5t                  *string                           `json:"x5t,omitempty"`
+	X5tS256              *string                           `json:"x5t#S256,omitempty"`
+	X5u                  *string                           `json:"x5u,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _JsonWebKey JsonWebKey
+
+// NewJsonWebKey instantiates a new JsonWebKey object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewJsonWebKey() *JsonWebKey {
+	this := JsonWebKey{}
+	return &this
+}
+
+// NewJsonWebKeyWithDefaults instantiates a new JsonWebKey object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewJsonWebKeyWithDefaults() *JsonWebKey {
+	this := JsonWebKey{}
+	return &this
+}
+
+// GetAlg returns the Alg field value if set, zero value otherwise.
+func (o *JsonWebKey) GetAlg() string {
+	if o == nil || o.Alg == nil {
+		var ret string
+		return ret
+	}
+	return *o.Alg
+}
+
+// GetAlgOk returns a tuple with the Alg field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetAlgOk() (*string, bool) {
+	if o == nil || o.Alg == nil {
+		return nil, false
+	}
+	return o.Alg, true
+}
+
+// HasAlg returns a boolean if a field has been set.
+func (o *JsonWebKey) HasAlg() bool {
+	if o != nil && o.Alg != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlg gets a reference to the given string and assigns it to the Alg field.
+func (o *JsonWebKey) SetAlg(v string) {
+	o.Alg = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *JsonWebKey) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *JsonWebKey) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *JsonWebKey) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetE returns the E field value if set, zero value otherwise.
+func (o *JsonWebKey) GetE() string {
+	if o == nil || o.E == nil {
+		var ret string
+		return ret
+	}
+	return *o.E
+}
+
+// GetEOk returns a tuple with the E field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetEOk() (*string, bool) {
+	if o == nil || o.E == nil {
+		return nil, false
+	}
+	return o.E, true
+}
+
+// HasE returns a boolean if a field has been set.
+func (o *JsonWebKey) HasE() bool {
+	if o != nil && o.E != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetE gets a reference to the given string and assigns it to the E field.
+func (o *JsonWebKey) SetE(v string) {
+	o.E = &v
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *JsonWebKey) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *JsonWebKey) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *JsonWebKey) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetKeyOps returns the KeyOps field value if set, zero value otherwise.
+func (o *JsonWebKey) GetKeyOps() []string {
+	if o == nil || o.KeyOps == nil {
+		var ret []string
+		return ret
+	}
+	return o.KeyOps
+}
+
+// GetKeyOpsOk returns a tuple with the KeyOps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetKeyOpsOk() ([]string, bool) {
+	if o == nil || o.KeyOps == nil {
+		return nil, false
+	}
+	return o.KeyOps, true
+}
+
+// HasKeyOps returns a boolean if a field has been set.
+func (o *JsonWebKey) HasKeyOps() bool {
+	if o != nil && o.KeyOps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKeyOps gets a reference to the given []string and assigns it to the KeyOps field.
+func (o *JsonWebKey) SetKeyOps(v []string) {
+	o.KeyOps = v
+}
+
+// GetKid returns the Kid field value if set, zero value otherwise.
+func (o *JsonWebKey) GetKid() string {
+	if o == nil || o.Kid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Kid
+}
+
+// GetKidOk returns a tuple with the Kid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetKidOk() (*string, bool) {
+	if o == nil || o.Kid == nil {
+		return nil, false
+	}
+	return o.Kid, true
+}
+
+// HasKid returns a boolean if a field has been set.
+func (o *JsonWebKey) HasKid() bool {
+	if o != nil && o.Kid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKid gets a reference to the given string and assigns it to the Kid field.
+func (o *JsonWebKey) SetKid(v string) {
+	o.Kid = &v
+}
+
+// GetKty returns the Kty field value if set, zero value otherwise.
+func (o *JsonWebKey) GetKty() string {
+	if o == nil || o.Kty == nil {
+		var ret string
+		return ret
+	}
+	return *o.Kty
+}
+
+// GetKtyOk returns a tuple with the Kty field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetKtyOk() (*string, bool) {
+	if o == nil || o.Kty == nil {
+		return nil, false
+	}
+	return o.Kty, true
+}
+
+// HasKty returns a boolean if a field has been set.
+func (o *JsonWebKey) HasKty() bool {
+	if o != nil && o.Kty != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKty gets a reference to the given string and assigns it to the Kty field.
+func (o *JsonWebKey) SetKty(v string) {
+	o.Kty = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *JsonWebKey) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *JsonWebKey) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *JsonWebKey) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetN returns the N field value if set, zero value otherwise.
+func (o *JsonWebKey) GetN() string {
+	if o == nil || o.N == nil {
+		var ret string
+		return ret
+	}
+	return *o.N
+}
+
+// GetNOk returns a tuple with the N field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetNOk() (*string, bool) {
+	if o == nil || o.N == nil {
+		return nil, false
+	}
+	return o.N, true
+}
+
+// HasN returns a boolean if a field has been set.
+func (o *JsonWebKey) HasN() bool {
+	if o != nil && o.N != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetN gets a reference to the given string and assigns it to the N field.
+func (o *JsonWebKey) SetN(v string) {
+	o.N = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *JsonWebKey) GetStatus() string {
+	if o == nil || o.Status == nil {
+		var ret string
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetStatusOk() (*string, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *JsonWebKey) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given string and assigns it to the Status field.
+func (o *JsonWebKey) SetStatus(v string) {
+	o.Status = &v
+}
+
+// GetUse returns the Use field value if set, zero value otherwise.
+func (o *JsonWebKey) GetUse() string {
+	if o == nil || o.Use == nil {
+		var ret string
+		return ret
+	}
+	return *o.Use
+}
+
+// GetUseOk returns a tuple with the Use field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetUseOk() (*string, bool) {
+	if o == nil || o.Use == nil {
+		return nil, false
+	}
+	return o.Use, true
+}
+
+// HasUse returns a boolean if a field has been set.
+func (o *JsonWebKey) HasUse() bool {
+	if o != nil && o.Use != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUse gets a reference to the given string and assigns it to the Use field.
+func (o *JsonWebKey) SetUse(v string) {
+	o.Use = &v
+}
+
+// GetX5c returns the X5c field value if set, zero value otherwise.
+func (o *JsonWebKey) GetX5c() []string {
+	if o == nil || o.X5c == nil {
+		var ret []string
+		return ret
+	}
+	return o.X5c
+}
+
+// GetX5cOk returns a tuple with the X5c field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetX5cOk() ([]string, bool) {
+	if o == nil || o.X5c == nil {
+		return nil, false
+	}
+	return o.X5c, true
+}
+
+// HasX5c returns a boolean if a field has been set.
+func (o *JsonWebKey) HasX5c() bool {
+	if o != nil && o.X5c != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetX5c gets a reference to the given []string and assigns it to the X5c field.
+func (o *JsonWebKey) SetX5c(v []string) {
+	o.X5c = v
+}
+
+// GetX5t returns the X5t field value if set, zero value otherwise.
+func (o *JsonWebKey) GetX5t() string {
+	if o == nil || o.X5t == nil {
+		var ret string
+		return ret
+	}
+	return *o.X5t
+}
+
+// GetX5tOk returns a tuple with the X5t field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetX5tOk() (*string, bool) {
+	if o == nil || o.X5t == nil {
+		return nil, false
+	}
+	return o.X5t, true
+}
+
+// HasX5t returns a boolean if a field has been set.
+func (o *JsonWebKey) HasX5t() bool {
+	if o != nil && o.X5t != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetX5t gets a reference to the given string and assigns it to the X5t field.
+func (o *JsonWebKey) SetX5t(v string) {
+	o.X5t = &v
+}
+
+// GetX5tS256 returns the X5tS256 field value if set, zero value otherwise.
+func (o *JsonWebKey) GetX5tS256() string {
+	if o == nil || o.X5tS256 == nil {
+		var ret string
+		return ret
+	}
+	return *o.X5tS256
+}
+
+// GetX5tS256Ok returns a tuple with the X5tS256 field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetX5tS256Ok() (*string, bool) {
+	if o == nil || o.X5tS256 == nil {
+		return nil, false
+	}
+	return o.X5tS256, true
+}
+
+// HasX5tS256 returns a boolean if a field has been set.
+func (o *JsonWebKey) HasX5tS256() bool {
+	if o != nil && o.X5tS256 != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetX5tS256 gets a reference to the given string and assigns it to the X5tS256 field.
+func (o *JsonWebKey) SetX5tS256(v string) {
+	o.X5tS256 = &v
+}
+
+// GetX5u returns the X5u field value if set, zero value otherwise.
+func (o *JsonWebKey) GetX5u() string {
+	if o == nil || o.X5u == nil {
+		var ret string
+		return ret
+	}
+	return *o.X5u
+}
+
+// GetX5uOk returns a tuple with the X5u field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetX5uOk() (*string, bool) {
+	if o == nil || o.X5u == nil {
+		return nil, false
+	}
+	return o.X5u, true
+}
+
+// HasX5u returns a boolean if a field has been set.
+func (o *JsonWebKey) HasX5u() bool {
+	if o != nil && o.X5u != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetX5u gets a reference to the given string and assigns it to the X5u field.
+func (o *JsonWebKey) SetX5u(v string) {
+	o.X5u = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *JsonWebKey) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JsonWebKey) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *JsonWebKey) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *JsonWebKey) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o JsonWebKey) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Alg != nil {
+		toSerialize["alg"] = o.Alg
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.E != nil {
+		toSerialize["e"] = o.E
+	}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.KeyOps != nil {
+		toSerialize["key_ops"] = o.KeyOps
+	}
+	if o.Kid != nil {
+		toSerialize["kid"] = o.Kid
+	}
+	if o.Kty != nil {
+		toSerialize["kty"] = o.Kty
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.N != nil {
+		toSerialize["n"] = o.N
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Use != nil {
+		toSerialize["use"] = o.Use
+	}
+	if o.X5c != nil {
+		toSerialize["x5c"] = o.X5c
+	}
+	if o.X5t != nil {
+		toSerialize["x5t"] = o.X5t
+	}
+	if o.X5tS256 != nil {
+		toSerialize["x5t#S256"] = o.X5tS256
+	}
+	if o.X5u != nil {
+		toSerialize["x5u"] = o.X5u
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *JsonWebKey) UnmarshalJSON(bytes []byte) (err error) {
+	varJsonWebKey := _JsonWebKey{}
+
+	err = json.Unmarshal(bytes, &varJsonWebKey)
+	if err == nil {
+		*o = JsonWebKey(varJsonWebKey)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "alg")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "e")
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "key_ops")
+		delete(additionalProperties, "kid")
+		delete(additionalProperties, "kty")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "n")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "use")
+		delete(additionalProperties, "x5c")
+		delete(additionalProperties, "x5t")
+		delete(additionalProperties, "x5t#S256")
+		delete(additionalProperties, "x5u")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableJsonWebKey struct {
+	value *JsonWebKey
+	isSet bool
+}
+
+func (v NullableJsonWebKey) Get() *JsonWebKey {
+	return v.value
+}
+
+func (v *NullableJsonWebKey) Set(val *JsonWebKey) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableJsonWebKey) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableJsonWebKey) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableJsonWebKey(val *JsonWebKey) *NullableJsonWebKey {
+	return &NullableJsonWebKey{value: val, isSet: true}
+}
+
+func (v NullableJsonWebKey) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableJsonWebKey) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_jwk_use.go b/okta/model_jwk_use.go
new file mode 100644
index 000000000..de18809c8
--- /dev/null
+++ b/okta/model_jwk_use.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// JwkUse struct for JwkUse
+type JwkUse struct {
+	Use                  *JwkUseType `json:"use,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _JwkUse JwkUse
+
+// NewJwkUse instantiates a new JwkUse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewJwkUse() *JwkUse {
+	this := JwkUse{}
+	return &this
+}
+
+// NewJwkUseWithDefaults instantiates a new JwkUse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewJwkUseWithDefaults() *JwkUse {
+	this := JwkUse{}
+	return &this
+}
+
+// GetUse returns the Use field value if set, zero value otherwise.
+func (o *JwkUse) GetUse() JwkUseType {
+	if o == nil || o.Use == nil {
+		var ret JwkUseType
+		return ret
+	}
+	return *o.Use
+}
+
+// GetUseOk returns a tuple with the Use field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *JwkUse) GetUseOk() (*JwkUseType, bool) {
+	if o == nil || o.Use == nil {
+		return nil, false
+	}
+	return o.Use, true
+}
+
+// HasUse returns a boolean if a field has been set.
+func (o *JwkUse) HasUse() bool {
+	if o != nil && o.Use != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUse gets a reference to the given JwkUseType and assigns it to the Use field.
+func (o *JwkUse) SetUse(v JwkUseType) {
+	o.Use = &v
+}
+
+func (o JwkUse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Use != nil {
+		toSerialize["use"] = o.Use
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *JwkUse) UnmarshalJSON(bytes []byte) (err error) {
+	varJwkUse := _JwkUse{}
+
+	err = json.Unmarshal(bytes, &varJwkUse)
+	if err == nil {
+		*o = JwkUse(varJwkUse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "use")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableJwkUse struct {
+	value *JwkUse
+	isSet bool
+}
+
+func (v NullableJwkUse) Get() *JwkUse {
+	return v.value
+}
+
+func (v *NullableJwkUse) Set(val *JwkUse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableJwkUse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableJwkUse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableJwkUse(val *JwkUse) *NullableJwkUse {
+	return &NullableJwkUse{value: val, isSet: true}
+}
+
+func (v NullableJwkUse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableJwkUse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_jwk_use_type.go b/okta/model_jwk_use_type.go
new file mode 100644
index 000000000..8e25a86c5
--- /dev/null
+++ b/okta/model_jwk_use_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// JwkUseType the model 'JwkUseType'
+type JwkUseType string
+
+// List of JwkUseType
+const (
+	JWKUSETYPE_SIG JwkUseType = "sig"
+)
+
+// All allowed values of JwkUseType enum
+var AllowedJwkUseTypeEnumValues = []JwkUseType{
+	"sig",
+}
+
+func (v *JwkUseType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := JwkUseType(value)
+	for _, existing := range AllowedJwkUseTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid JwkUseType", value)
+}
+
+// NewJwkUseTypeFromValue returns a pointer to a valid JwkUseType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewJwkUseTypeFromValue(v string) (*JwkUseType, error) {
+	ev := JwkUseType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for JwkUseType: valid values are %v", v, AllowedJwkUseTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v JwkUseType) IsValid() bool {
+	for _, existing := range AllowedJwkUseTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to JwkUseType value
+func (v JwkUseType) Ptr() *JwkUseType {
+	return &v
+}
+
+type NullableJwkUseType struct {
+	value *JwkUseType
+	isSet bool
+}
+
+func (v NullableJwkUseType) Get() *JwkUseType {
+	return v.value
+}
+
+func (v *NullableJwkUseType) Set(val *JwkUseType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableJwkUseType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableJwkUseType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableJwkUseType(val *JwkUseType) *NullableJwkUseType {
+	return &NullableJwkUseType{value: val, isSet: true}
+}
+
+func (v NullableJwkUseType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableJwkUseType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_key_request.go b/okta/model_key_request.go
new file mode 100644
index 000000000..eff47595c
--- /dev/null
+++ b/okta/model_key_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// KeyRequest struct for KeyRequest
+type KeyRequest struct {
+	Name                 *string `json:"name,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _KeyRequest KeyRequest
+
+// NewKeyRequest instantiates a new KeyRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewKeyRequest() *KeyRequest {
+	this := KeyRequest{}
+	return &this
+}
+
+// NewKeyRequestWithDefaults instantiates a new KeyRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewKeyRequestWithDefaults() *KeyRequest {
+	this := KeyRequest{}
+	return &this
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *KeyRequest) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *KeyRequest) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *KeyRequest) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *KeyRequest) SetName(v string) {
+	o.Name = &v
+}
+
+func (o KeyRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *KeyRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varKeyRequest := _KeyRequest{}
+
+	err = json.Unmarshal(bytes, &varKeyRequest)
+	if err == nil {
+		*o = KeyRequest(varKeyRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "name")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableKeyRequest struct {
+	value *KeyRequest
+	isSet bool
+}
+
+func (v NullableKeyRequest) Get() *KeyRequest {
+	return v.value
+}
+
+func (v *NullableKeyRequest) Set(val *KeyRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableKeyRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableKeyRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableKeyRequest(val *KeyRequest) *NullableKeyRequest {
+	return &NullableKeyRequest{value: val, isSet: true}
+}
+
+func (v NullableKeyRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableKeyRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_key_trust_level_browser_key.go b/okta/model_key_trust_level_browser_key.go
new file mode 100644
index 000000000..4797c5336
--- /dev/null
+++ b/okta/model_key_trust_level_browser_key.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// KeyTrustLevelBrowserKey Represents the attestation strength used by the Chrome Verified Access API
+type KeyTrustLevelBrowserKey string
+
+// List of KeyTrustLevelBrowserKey
+const (
+	KEYTRUSTLEVELBROWSERKEY_HW_KEY KeyTrustLevelBrowserKey = "CHROME_BROWSER_HW_KEY"
+	KEYTRUSTLEVELBROWSERKEY_OS_KEY KeyTrustLevelBrowserKey = "CHROME_BROWSER_OS_KEY"
+)
+
+// All allowed values of KeyTrustLevelBrowserKey enum
+var AllowedKeyTrustLevelBrowserKeyEnumValues = []KeyTrustLevelBrowserKey{
+	"CHROME_BROWSER_HW_KEY",
+	"CHROME_BROWSER_OS_KEY",
+}
+
+func (v *KeyTrustLevelBrowserKey) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := KeyTrustLevelBrowserKey(value)
+	for _, existing := range AllowedKeyTrustLevelBrowserKeyEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid KeyTrustLevelBrowserKey", value)
+}
+
+// NewKeyTrustLevelBrowserKeyFromValue returns a pointer to a valid KeyTrustLevelBrowserKey
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewKeyTrustLevelBrowserKeyFromValue(v string) (*KeyTrustLevelBrowserKey, error) {
+	ev := KeyTrustLevelBrowserKey(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for KeyTrustLevelBrowserKey: valid values are %v", v, AllowedKeyTrustLevelBrowserKeyEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v KeyTrustLevelBrowserKey) IsValid() bool {
+	for _, existing := range AllowedKeyTrustLevelBrowserKeyEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to KeyTrustLevelBrowserKey value
+func (v KeyTrustLevelBrowserKey) Ptr() *KeyTrustLevelBrowserKey {
+	return &v
+}
+
+type NullableKeyTrustLevelBrowserKey struct {
+	value *KeyTrustLevelBrowserKey
+	isSet bool
+}
+
+func (v NullableKeyTrustLevelBrowserKey) Get() *KeyTrustLevelBrowserKey {
+	return v.value
+}
+
+func (v *NullableKeyTrustLevelBrowserKey) Set(val *KeyTrustLevelBrowserKey) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableKeyTrustLevelBrowserKey) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableKeyTrustLevelBrowserKey) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableKeyTrustLevelBrowserKey(val *KeyTrustLevelBrowserKey) *NullableKeyTrustLevelBrowserKey {
+	return &NullableKeyTrustLevelBrowserKey{value: val, isSet: true}
+}
+
+func (v NullableKeyTrustLevelBrowserKey) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableKeyTrustLevelBrowserKey) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_key_trust_level_os_mode.go b/okta/model_key_trust_level_os_mode.go
new file mode 100644
index 000000000..95db91485
--- /dev/null
+++ b/okta/model_key_trust_level_os_mode.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// KeyTrustLevelOSMode Represents the attestation strength used by the Chrome Verified Access API
+type KeyTrustLevelOSMode string
+
+// List of KeyTrustLevelOSMode
+const (
+	KEYTRUSTLEVELOSMODE_VERIFIED_MODE  KeyTrustLevelOSMode = "CHROME_OS_VERIFIED_MODE"
+	KEYTRUSTLEVELOSMODE_DEVELOPER_MODE KeyTrustLevelOSMode = "CHROME_OS_DEVELOPER_MODE"
+)
+
+// All allowed values of KeyTrustLevelOSMode enum
+var AllowedKeyTrustLevelOSModeEnumValues = []KeyTrustLevelOSMode{
+	"CHROME_OS_VERIFIED_MODE",
+	"CHROME_OS_DEVELOPER_MODE",
+}
+
+func (v *KeyTrustLevelOSMode) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := KeyTrustLevelOSMode(value)
+	for _, existing := range AllowedKeyTrustLevelOSModeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid KeyTrustLevelOSMode", value)
+}
+
+// NewKeyTrustLevelOSModeFromValue returns a pointer to a valid KeyTrustLevelOSMode
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewKeyTrustLevelOSModeFromValue(v string) (*KeyTrustLevelOSMode, error) {
+	ev := KeyTrustLevelOSMode(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for KeyTrustLevelOSMode: valid values are %v", v, AllowedKeyTrustLevelOSModeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v KeyTrustLevelOSMode) IsValid() bool {
+	for _, existing := range AllowedKeyTrustLevelOSModeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to KeyTrustLevelOSMode value
+func (v KeyTrustLevelOSMode) Ptr() *KeyTrustLevelOSMode {
+	return &v
+}
+
+type NullableKeyTrustLevelOSMode struct {
+	value *KeyTrustLevelOSMode
+	isSet bool
+}
+
+func (v NullableKeyTrustLevelOSMode) Get() *KeyTrustLevelOSMode {
+	return v.value
+}
+
+func (v *NullableKeyTrustLevelOSMode) Set(val *KeyTrustLevelOSMode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableKeyTrustLevelOSMode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableKeyTrustLevelOSMode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableKeyTrustLevelOSMode(val *KeyTrustLevelOSMode) *NullableKeyTrustLevelOSMode {
+	return &NullableKeyTrustLevelOSMode{value: val, isSet: true}
+}
+
+func (v NullableKeyTrustLevelOSMode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableKeyTrustLevelOSMode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_knowledge_constraint.go b/okta/model_knowledge_constraint.go
new file mode 100644
index 000000000..33955e8df
--- /dev/null
+++ b/okta/model_knowledge_constraint.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// KnowledgeConstraint struct for KnowledgeConstraint
+type KnowledgeConstraint struct {
+	Methods              []string `json:"methods,omitempty"`
+	ReauthenticateIn     *string  `json:"reauthenticateIn,omitempty"`
+	Types                []string `json:"types,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _KnowledgeConstraint KnowledgeConstraint
+
+// NewKnowledgeConstraint instantiates a new KnowledgeConstraint object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewKnowledgeConstraint() *KnowledgeConstraint {
+	this := KnowledgeConstraint{}
+	return &this
+}
+
+// NewKnowledgeConstraintWithDefaults instantiates a new KnowledgeConstraint object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewKnowledgeConstraintWithDefaults() *KnowledgeConstraint {
+	this := KnowledgeConstraint{}
+	return &this
+}
+
+// GetMethods returns the Methods field value if set, zero value otherwise.
+func (o *KnowledgeConstraint) GetMethods() []string {
+	if o == nil || o.Methods == nil {
+		var ret []string
+		return ret
+	}
+	return o.Methods
+}
+
+// GetMethodsOk returns a tuple with the Methods field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *KnowledgeConstraint) GetMethodsOk() ([]string, bool) {
+	if o == nil || o.Methods == nil {
+		return nil, false
+	}
+	return o.Methods, true
+}
+
+// HasMethods returns a boolean if a field has been set.
+func (o *KnowledgeConstraint) HasMethods() bool {
+	if o != nil && o.Methods != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMethods gets a reference to the given []string and assigns it to the Methods field.
+func (o *KnowledgeConstraint) SetMethods(v []string) {
+	o.Methods = v
+}
+
+// GetReauthenticateIn returns the ReauthenticateIn field value if set, zero value otherwise.
+func (o *KnowledgeConstraint) GetReauthenticateIn() string {
+	if o == nil || o.ReauthenticateIn == nil {
+		var ret string
+		return ret
+	}
+	return *o.ReauthenticateIn
+}
+
+// GetReauthenticateInOk returns a tuple with the ReauthenticateIn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *KnowledgeConstraint) GetReauthenticateInOk() (*string, bool) {
+	if o == nil || o.ReauthenticateIn == nil {
+		return nil, false
+	}
+	return o.ReauthenticateIn, true
+}
+
+// HasReauthenticateIn returns a boolean if a field has been set.
+func (o *KnowledgeConstraint) HasReauthenticateIn() bool {
+	if o != nil && o.ReauthenticateIn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReauthenticateIn gets a reference to the given string and assigns it to the ReauthenticateIn field.
+func (o *KnowledgeConstraint) SetReauthenticateIn(v string) {
+	o.ReauthenticateIn = &v
+}
+
+// GetTypes returns the Types field value if set, zero value otherwise.
+func (o *KnowledgeConstraint) GetTypes() []string {
+	if o == nil || o.Types == nil {
+		var ret []string
+		return ret
+	}
+	return o.Types
+}
+
+// GetTypesOk returns a tuple with the Types field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *KnowledgeConstraint) GetTypesOk() ([]string, bool) {
+	if o == nil || o.Types == nil {
+		return nil, false
+	}
+	return o.Types, true
+}
+
+// HasTypes returns a boolean if a field has been set.
+func (o *KnowledgeConstraint) HasTypes() bool {
+	if o != nil && o.Types != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTypes gets a reference to the given []string and assigns it to the Types field.
+func (o *KnowledgeConstraint) SetTypes(v []string) {
+	o.Types = v
+}
+
+func (o KnowledgeConstraint) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Methods != nil {
+		toSerialize["methods"] = o.Methods
+	}
+	if o.ReauthenticateIn != nil {
+		toSerialize["reauthenticateIn"] = o.ReauthenticateIn
+	}
+	if o.Types != nil {
+		toSerialize["types"] = o.Types
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *KnowledgeConstraint) UnmarshalJSON(bytes []byte) (err error) {
+	varKnowledgeConstraint := _KnowledgeConstraint{}
+
+	err = json.Unmarshal(bytes, &varKnowledgeConstraint)
+	if err == nil {
+		*o = KnowledgeConstraint(varKnowledgeConstraint)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "methods")
+		delete(additionalProperties, "reauthenticateIn")
+		delete(additionalProperties, "types")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableKnowledgeConstraint struct {
+	value *KnowledgeConstraint
+	isSet bool
+}
+
+func (v NullableKnowledgeConstraint) Get() *KnowledgeConstraint {
+	return v.value
+}
+
+func (v *NullableKnowledgeConstraint) Set(val *KnowledgeConstraint) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableKnowledgeConstraint) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableKnowledgeConstraint) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableKnowledgeConstraint(val *KnowledgeConstraint) *NullableKnowledgeConstraint {
+	return &NullableKnowledgeConstraint{value: val, isSet: true}
+}
+
+func (v NullableKnowledgeConstraint) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableKnowledgeConstraint) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_lifecycle_create_setting_object.go b/okta/model_lifecycle_create_setting_object.go
new file mode 100644
index 000000000..4d8193f93
--- /dev/null
+++ b/okta/model_lifecycle_create_setting_object.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LifecycleCreateSettingObject struct for LifecycleCreateSettingObject
+type LifecycleCreateSettingObject struct {
+	Status               *EnabledStatus `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LifecycleCreateSettingObject LifecycleCreateSettingObject
+
+// NewLifecycleCreateSettingObject instantiates a new LifecycleCreateSettingObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLifecycleCreateSettingObject() *LifecycleCreateSettingObject {
+	this := LifecycleCreateSettingObject{}
+	return &this
+}
+
+// NewLifecycleCreateSettingObjectWithDefaults instantiates a new LifecycleCreateSettingObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLifecycleCreateSettingObjectWithDefaults() *LifecycleCreateSettingObject {
+	this := LifecycleCreateSettingObject{}
+	return &this
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *LifecycleCreateSettingObject) GetStatus() EnabledStatus {
+	if o == nil || o.Status == nil {
+		var ret EnabledStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LifecycleCreateSettingObject) GetStatusOk() (*EnabledStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *LifecycleCreateSettingObject) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given EnabledStatus and assigns it to the Status field.
+func (o *LifecycleCreateSettingObject) SetStatus(v EnabledStatus) {
+	o.Status = &v
+}
+
+func (o LifecycleCreateSettingObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LifecycleCreateSettingObject) UnmarshalJSON(bytes []byte) (err error) {
+	varLifecycleCreateSettingObject := _LifecycleCreateSettingObject{}
+
+	err = json.Unmarshal(bytes, &varLifecycleCreateSettingObject)
+	if err == nil {
+		*o = LifecycleCreateSettingObject(varLifecycleCreateSettingObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLifecycleCreateSettingObject struct {
+	value *LifecycleCreateSettingObject
+	isSet bool
+}
+
+func (v NullableLifecycleCreateSettingObject) Get() *LifecycleCreateSettingObject {
+	return v.value
+}
+
+func (v *NullableLifecycleCreateSettingObject) Set(val *LifecycleCreateSettingObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLifecycleCreateSettingObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLifecycleCreateSettingObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLifecycleCreateSettingObject(val *LifecycleCreateSettingObject) *NullableLifecycleCreateSettingObject {
+	return &NullableLifecycleCreateSettingObject{value: val, isSet: true}
+}
+
+func (v NullableLifecycleCreateSettingObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLifecycleCreateSettingObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_lifecycle_deactivate_setting_object.go b/okta/model_lifecycle_deactivate_setting_object.go
new file mode 100644
index 000000000..b457918c5
--- /dev/null
+++ b/okta/model_lifecycle_deactivate_setting_object.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LifecycleDeactivateSettingObject struct for LifecycleDeactivateSettingObject
+type LifecycleDeactivateSettingObject struct {
+	Status               *EnabledStatus `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LifecycleDeactivateSettingObject LifecycleDeactivateSettingObject
+
+// NewLifecycleDeactivateSettingObject instantiates a new LifecycleDeactivateSettingObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLifecycleDeactivateSettingObject() *LifecycleDeactivateSettingObject {
+	this := LifecycleDeactivateSettingObject{}
+	return &this
+}
+
+// NewLifecycleDeactivateSettingObjectWithDefaults instantiates a new LifecycleDeactivateSettingObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLifecycleDeactivateSettingObjectWithDefaults() *LifecycleDeactivateSettingObject {
+	this := LifecycleDeactivateSettingObject{}
+	return &this
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *LifecycleDeactivateSettingObject) GetStatus() EnabledStatus {
+	if o == nil || o.Status == nil {
+		var ret EnabledStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LifecycleDeactivateSettingObject) GetStatusOk() (*EnabledStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *LifecycleDeactivateSettingObject) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given EnabledStatus and assigns it to the Status field.
+func (o *LifecycleDeactivateSettingObject) SetStatus(v EnabledStatus) {
+	o.Status = &v
+}
+
+func (o LifecycleDeactivateSettingObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LifecycleDeactivateSettingObject) UnmarshalJSON(bytes []byte) (err error) {
+	varLifecycleDeactivateSettingObject := _LifecycleDeactivateSettingObject{}
+
+	err = json.Unmarshal(bytes, &varLifecycleDeactivateSettingObject)
+	if err == nil {
+		*o = LifecycleDeactivateSettingObject(varLifecycleDeactivateSettingObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLifecycleDeactivateSettingObject struct {
+	value *LifecycleDeactivateSettingObject
+	isSet bool
+}
+
+func (v NullableLifecycleDeactivateSettingObject) Get() *LifecycleDeactivateSettingObject {
+	return v.value
+}
+
+func (v *NullableLifecycleDeactivateSettingObject) Set(val *LifecycleDeactivateSettingObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLifecycleDeactivateSettingObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLifecycleDeactivateSettingObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLifecycleDeactivateSettingObject(val *LifecycleDeactivateSettingObject) *NullableLifecycleDeactivateSettingObject {
+	return &NullableLifecycleDeactivateSettingObject{value: val, isSet: true}
+}
+
+func (v NullableLifecycleDeactivateSettingObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLifecycleDeactivateSettingObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_lifecycle_expiration_policy_rule_condition.go b/okta/model_lifecycle_expiration_policy_rule_condition.go
new file mode 100644
index 000000000..9a4ad9069
--- /dev/null
+++ b/okta/model_lifecycle_expiration_policy_rule_condition.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LifecycleExpirationPolicyRuleCondition struct for LifecycleExpirationPolicyRuleCondition
+type LifecycleExpirationPolicyRuleCondition struct {
+	LifecycleStatus      *string `json:"lifecycleStatus,omitempty"`
+	Number               *int32  `json:"number,omitempty"`
+	Unit                 *string `json:"unit,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LifecycleExpirationPolicyRuleCondition LifecycleExpirationPolicyRuleCondition
+
+// NewLifecycleExpirationPolicyRuleCondition instantiates a new LifecycleExpirationPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLifecycleExpirationPolicyRuleCondition() *LifecycleExpirationPolicyRuleCondition {
+	this := LifecycleExpirationPolicyRuleCondition{}
+	return &this
+}
+
+// NewLifecycleExpirationPolicyRuleConditionWithDefaults instantiates a new LifecycleExpirationPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLifecycleExpirationPolicyRuleConditionWithDefaults() *LifecycleExpirationPolicyRuleCondition {
+	this := LifecycleExpirationPolicyRuleCondition{}
+	return &this
+}
+
+// GetLifecycleStatus returns the LifecycleStatus field value if set, zero value otherwise.
+func (o *LifecycleExpirationPolicyRuleCondition) GetLifecycleStatus() string {
+	if o == nil || o.LifecycleStatus == nil {
+		var ret string
+		return ret
+	}
+	return *o.LifecycleStatus
+}
+
+// GetLifecycleStatusOk returns a tuple with the LifecycleStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LifecycleExpirationPolicyRuleCondition) GetLifecycleStatusOk() (*string, bool) {
+	if o == nil || o.LifecycleStatus == nil {
+		return nil, false
+	}
+	return o.LifecycleStatus, true
+}
+
+// HasLifecycleStatus returns a boolean if a field has been set.
+func (o *LifecycleExpirationPolicyRuleCondition) HasLifecycleStatus() bool {
+	if o != nil && o.LifecycleStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLifecycleStatus gets a reference to the given string and assigns it to the LifecycleStatus field.
+func (o *LifecycleExpirationPolicyRuleCondition) SetLifecycleStatus(v string) {
+	o.LifecycleStatus = &v
+}
+
+// GetNumber returns the Number field value if set, zero value otherwise.
+func (o *LifecycleExpirationPolicyRuleCondition) GetNumber() int32 {
+	if o == nil || o.Number == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Number
+}
+
+// GetNumberOk returns a tuple with the Number field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LifecycleExpirationPolicyRuleCondition) GetNumberOk() (*int32, bool) {
+	if o == nil || o.Number == nil {
+		return nil, false
+	}
+	return o.Number, true
+}
+
+// HasNumber returns a boolean if a field has been set.
+func (o *LifecycleExpirationPolicyRuleCondition) HasNumber() bool {
+	if o != nil && o.Number != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNumber gets a reference to the given int32 and assigns it to the Number field.
+func (o *LifecycleExpirationPolicyRuleCondition) SetNumber(v int32) {
+	o.Number = &v
+}
+
+// GetUnit returns the Unit field value if set, zero value otherwise.
+func (o *LifecycleExpirationPolicyRuleCondition) GetUnit() string {
+	if o == nil || o.Unit == nil {
+		var ret string
+		return ret
+	}
+	return *o.Unit
+}
+
+// GetUnitOk returns a tuple with the Unit field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LifecycleExpirationPolicyRuleCondition) GetUnitOk() (*string, bool) {
+	if o == nil || o.Unit == nil {
+		return nil, false
+	}
+	return o.Unit, true
+}
+
+// HasUnit returns a boolean if a field has been set.
+func (o *LifecycleExpirationPolicyRuleCondition) HasUnit() bool {
+	if o != nil && o.Unit != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnit gets a reference to the given string and assigns it to the Unit field.
+func (o *LifecycleExpirationPolicyRuleCondition) SetUnit(v string) {
+	o.Unit = &v
+}
+
+func (o LifecycleExpirationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.LifecycleStatus != nil {
+		toSerialize["lifecycleStatus"] = o.LifecycleStatus
+	}
+	if o.Number != nil {
+		toSerialize["number"] = o.Number
+	}
+	if o.Unit != nil {
+		toSerialize["unit"] = o.Unit
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LifecycleExpirationPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varLifecycleExpirationPolicyRuleCondition := _LifecycleExpirationPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varLifecycleExpirationPolicyRuleCondition)
+	if err == nil {
+		*o = LifecycleExpirationPolicyRuleCondition(varLifecycleExpirationPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "lifecycleStatus")
+		delete(additionalProperties, "number")
+		delete(additionalProperties, "unit")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLifecycleExpirationPolicyRuleCondition struct {
+	value *LifecycleExpirationPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableLifecycleExpirationPolicyRuleCondition) Get() *LifecycleExpirationPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableLifecycleExpirationPolicyRuleCondition) Set(val *LifecycleExpirationPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLifecycleExpirationPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLifecycleExpirationPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLifecycleExpirationPolicyRuleCondition(val *LifecycleExpirationPolicyRuleCondition) *NullableLifecycleExpirationPolicyRuleCondition {
+	return &NullableLifecycleExpirationPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableLifecycleExpirationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLifecycleExpirationPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_lifecycle_status.go b/okta/model_lifecycle_status.go
new file mode 100644
index 000000000..834c657be
--- /dev/null
+++ b/okta/model_lifecycle_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LifecycleStatus the model 'LifecycleStatus'
+type LifecycleStatus string
+
+// List of LifecycleStatus
+const (
+	LIFECYCLESTATUS_ACTIVE   LifecycleStatus = "ACTIVE"
+	LIFECYCLESTATUS_INACTIVE LifecycleStatus = "INACTIVE"
+)
+
+// All allowed values of LifecycleStatus enum
+var AllowedLifecycleStatusEnumValues = []LifecycleStatus{
+	"ACTIVE",
+	"INACTIVE",
+}
+
+func (v *LifecycleStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LifecycleStatus(value)
+	for _, existing := range AllowedLifecycleStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LifecycleStatus", value)
+}
+
+// NewLifecycleStatusFromValue returns a pointer to a valid LifecycleStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLifecycleStatusFromValue(v string) (*LifecycleStatus, error) {
+	ev := LifecycleStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LifecycleStatus: valid values are %v", v, AllowedLifecycleStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LifecycleStatus) IsValid() bool {
+	for _, existing := range AllowedLifecycleStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LifecycleStatus value
+func (v LifecycleStatus) Ptr() *LifecycleStatus {
+	return &v
+}
+
+type NullableLifecycleStatus struct {
+	value *LifecycleStatus
+	isSet bool
+}
+
+func (v NullableLifecycleStatus) Get() *LifecycleStatus {
+	return v.value
+}
+
+func (v *NullableLifecycleStatus) Set(val *LifecycleStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLifecycleStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLifecycleStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLifecycleStatus(val *LifecycleStatus) *NullableLifecycleStatus {
+	return &NullableLifecycleStatus{value: val, isSet: true}
+}
+
+func (v NullableLifecycleStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLifecycleStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_linked_object.go b/okta/model_linked_object.go
new file mode 100644
index 000000000..d8402cf53
--- /dev/null
+++ b/okta/model_linked_object.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LinkedObject struct for LinkedObject
+type LinkedObject struct {
+	Associated           *LinkedObjectDetails              `json:"associated,omitempty"`
+	Primary              *LinkedObjectDetails              `json:"primary,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LinkedObject LinkedObject
+
+// NewLinkedObject instantiates a new LinkedObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLinkedObject() *LinkedObject {
+	this := LinkedObject{}
+	return &this
+}
+
+// NewLinkedObjectWithDefaults instantiates a new LinkedObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLinkedObjectWithDefaults() *LinkedObject {
+	this := LinkedObject{}
+	return &this
+}
+
+// GetAssociated returns the Associated field value if set, zero value otherwise.
+func (o *LinkedObject) GetAssociated() LinkedObjectDetails {
+	if o == nil || o.Associated == nil {
+		var ret LinkedObjectDetails
+		return ret
+	}
+	return *o.Associated
+}
+
+// GetAssociatedOk returns a tuple with the Associated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinkedObject) GetAssociatedOk() (*LinkedObjectDetails, bool) {
+	if o == nil || o.Associated == nil {
+		return nil, false
+	}
+	return o.Associated, true
+}
+
+// HasAssociated returns a boolean if a field has been set.
+func (o *LinkedObject) HasAssociated() bool {
+	if o != nil && o.Associated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAssociated gets a reference to the given LinkedObjectDetails and assigns it to the Associated field.
+func (o *LinkedObject) SetAssociated(v LinkedObjectDetails) {
+	o.Associated = &v
+}
+
+// GetPrimary returns the Primary field value if set, zero value otherwise.
+func (o *LinkedObject) GetPrimary() LinkedObjectDetails {
+	if o == nil || o.Primary == nil {
+		var ret LinkedObjectDetails
+		return ret
+	}
+	return *o.Primary
+}
+
+// GetPrimaryOk returns a tuple with the Primary field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinkedObject) GetPrimaryOk() (*LinkedObjectDetails, bool) {
+	if o == nil || o.Primary == nil {
+		return nil, false
+	}
+	return o.Primary, true
+}
+
+// HasPrimary returns a boolean if a field has been set.
+func (o *LinkedObject) HasPrimary() bool {
+	if o != nil && o.Primary != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrimary gets a reference to the given LinkedObjectDetails and assigns it to the Primary field.
+func (o *LinkedObject) SetPrimary(v LinkedObjectDetails) {
+	o.Primary = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *LinkedObject) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinkedObject) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *LinkedObject) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *LinkedObject) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o LinkedObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Associated != nil {
+		toSerialize["associated"] = o.Associated
+	}
+	if o.Primary != nil {
+		toSerialize["primary"] = o.Primary
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LinkedObject) UnmarshalJSON(bytes []byte) (err error) {
+	varLinkedObject := _LinkedObject{}
+
+	err = json.Unmarshal(bytes, &varLinkedObject)
+	if err == nil {
+		*o = LinkedObject(varLinkedObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "associated")
+		delete(additionalProperties, "primary")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLinkedObject struct {
+	value *LinkedObject
+	isSet bool
+}
+
+func (v NullableLinkedObject) Get() *LinkedObject {
+	return v.value
+}
+
+func (v *NullableLinkedObject) Set(val *LinkedObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLinkedObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLinkedObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLinkedObject(val *LinkedObject) *NullableLinkedObject {
+	return &NullableLinkedObject{value: val, isSet: true}
+}
+
+func (v NullableLinkedObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLinkedObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_linked_object_details.go b/okta/model_linked_object_details.go
new file mode 100644
index 000000000..25cf85960
--- /dev/null
+++ b/okta/model_linked_object_details.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LinkedObjectDetails struct for LinkedObjectDetails
+type LinkedObjectDetails struct {
+	Description          *string                  `json:"description,omitempty"`
+	Name                 *string                  `json:"name,omitempty"`
+	Title                *string                  `json:"title,omitempty"`
+	Type                 *LinkedObjectDetailsType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LinkedObjectDetails LinkedObjectDetails
+
+// NewLinkedObjectDetails instantiates a new LinkedObjectDetails object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLinkedObjectDetails() *LinkedObjectDetails {
+	this := LinkedObjectDetails{}
+	return &this
+}
+
+// NewLinkedObjectDetailsWithDefaults instantiates a new LinkedObjectDetails object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLinkedObjectDetailsWithDefaults() *LinkedObjectDetails {
+	this := LinkedObjectDetails{}
+	return &this
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *LinkedObjectDetails) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinkedObjectDetails) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *LinkedObjectDetails) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *LinkedObjectDetails) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *LinkedObjectDetails) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinkedObjectDetails) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *LinkedObjectDetails) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *LinkedObjectDetails) SetName(v string) {
+	o.Name = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *LinkedObjectDetails) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinkedObjectDetails) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *LinkedObjectDetails) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *LinkedObjectDetails) SetTitle(v string) {
+	o.Title = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *LinkedObjectDetails) GetType() LinkedObjectDetailsType {
+	if o == nil || o.Type == nil {
+		var ret LinkedObjectDetailsType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinkedObjectDetails) GetTypeOk() (*LinkedObjectDetailsType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *LinkedObjectDetails) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given LinkedObjectDetailsType and assigns it to the Type field.
+func (o *LinkedObjectDetails) SetType(v LinkedObjectDetailsType) {
+	o.Type = &v
+}
+
+func (o LinkedObjectDetails) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LinkedObjectDetails) UnmarshalJSON(bytes []byte) (err error) {
+	varLinkedObjectDetails := _LinkedObjectDetails{}
+
+	err = json.Unmarshal(bytes, &varLinkedObjectDetails)
+	if err == nil {
+		*o = LinkedObjectDetails(varLinkedObjectDetails)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLinkedObjectDetails struct {
+	value *LinkedObjectDetails
+	isSet bool
+}
+
+func (v NullableLinkedObjectDetails) Get() *LinkedObjectDetails {
+	return v.value
+}
+
+func (v *NullableLinkedObjectDetails) Set(val *LinkedObjectDetails) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLinkedObjectDetails) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLinkedObjectDetails) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLinkedObjectDetails(val *LinkedObjectDetails) *NullableLinkedObjectDetails {
+	return &NullableLinkedObjectDetails{value: val, isSet: true}
+}
+
+func (v NullableLinkedObjectDetails) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLinkedObjectDetails) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_linked_object_details_type.go b/okta/model_linked_object_details_type.go
new file mode 100644
index 000000000..db91bfec4
--- /dev/null
+++ b/okta/model_linked_object_details_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LinkedObjectDetailsType the model 'LinkedObjectDetailsType'
+type LinkedObjectDetailsType string
+
+// List of LinkedObjectDetailsType
+const (
+	LINKEDOBJECTDETAILSTYPE_USER LinkedObjectDetailsType = "USER"
+)
+
+// All allowed values of LinkedObjectDetailsType enum
+var AllowedLinkedObjectDetailsTypeEnumValues = []LinkedObjectDetailsType{
+	"USER",
+}
+
+func (v *LinkedObjectDetailsType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LinkedObjectDetailsType(value)
+	for _, existing := range AllowedLinkedObjectDetailsTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LinkedObjectDetailsType", value)
+}
+
+// NewLinkedObjectDetailsTypeFromValue returns a pointer to a valid LinkedObjectDetailsType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLinkedObjectDetailsTypeFromValue(v string) (*LinkedObjectDetailsType, error) {
+	ev := LinkedObjectDetailsType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LinkedObjectDetailsType: valid values are %v", v, AllowedLinkedObjectDetailsTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LinkedObjectDetailsType) IsValid() bool {
+	for _, existing := range AllowedLinkedObjectDetailsTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LinkedObjectDetailsType value
+func (v LinkedObjectDetailsType) Ptr() *LinkedObjectDetailsType {
+	return &v
+}
+
+type NullableLinkedObjectDetailsType struct {
+	value *LinkedObjectDetailsType
+	isSet bool
+}
+
+func (v NullableLinkedObjectDetailsType) Get() *LinkedObjectDetailsType {
+	return v.value
+}
+
+func (v *NullableLinkedObjectDetailsType) Set(val *LinkedObjectDetailsType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLinkedObjectDetailsType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLinkedObjectDetailsType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLinkedObjectDetailsType(val *LinkedObjectDetailsType) *NullableLinkedObjectDetailsType {
+	return &NullableLinkedObjectDetailsType{value: val, isSet: true}
+}
+
+func (v NullableLinkedObjectDetailsType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLinkedObjectDetailsType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_links_self.go b/okta/model_links_self.go
new file mode 100644
index 000000000..39c63e9d9
--- /dev/null
+++ b/okta/model_links_self.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LinksSelf Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+type LinksSelf struct {
+	Self                 *HrefObjectSelfLink `json:"self,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LinksSelf LinksSelf
+
+// NewLinksSelf instantiates a new LinksSelf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLinksSelf() *LinksSelf {
+	this := LinksSelf{}
+	return &this
+}
+
+// NewLinksSelfWithDefaults instantiates a new LinksSelf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLinksSelfWithDefaults() *LinksSelf {
+	this := LinksSelf{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *LinksSelf) GetSelf() HrefObjectSelfLink {
+	if o == nil || o.Self == nil {
+		var ret HrefObjectSelfLink
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LinksSelf) GetSelfOk() (*HrefObjectSelfLink, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *LinksSelf) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObjectSelfLink and assigns it to the Self field.
+func (o *LinksSelf) SetSelf(v HrefObjectSelfLink) {
+	o.Self = &v
+}
+
+func (o LinksSelf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LinksSelf) UnmarshalJSON(bytes []byte) (err error) {
+	varLinksSelf := _LinksSelf{}
+
+	err = json.Unmarshal(bytes, &varLinksSelf)
+	if err == nil {
+		*o = LinksSelf(varLinksSelf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLinksSelf struct {
+	value *LinksSelf
+	isSet bool
+}
+
+func (v NullableLinksSelf) Get() *LinksSelf {
+	return v.value
+}
+
+func (v *NullableLinksSelf) Set(val *LinksSelf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLinksSelf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLinksSelf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLinksSelf(val *LinksSelf) *NullableLinksSelf {
+	return &NullableLinksSelf{value: val, isSet: true}
+}
+
+func (v NullableLinksSelf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLinksSelf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_applications_200_response_inner.go b/okta/model_list_applications_200_response_inner.go
new file mode 100644
index 000000000..7fa66711d
--- /dev/null
+++ b/okta/model_list_applications_200_response_inner.go
@@ -0,0 +1,430 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListApplications200ResponseInner - struct for ListApplications200ResponseInner
+type ListApplications200ResponseInner struct {
+	AutoLoginApplication           *AutoLoginApplication
+	BasicAuthApplication           *BasicAuthApplication
+	BookmarkApplication            *BookmarkApplication
+	BrowserPluginApplication       *BrowserPluginApplication
+	OpenIdConnectApplication       *OpenIdConnectApplication
+	SamlApplication                *SamlApplication
+	SecurePasswordStoreApplication *SecurePasswordStoreApplication
+	WsFederationApplication        *WsFederationApplication
+}
+
+// AutoLoginApplicationAsListApplications200ResponseInner is a convenience function that returns AutoLoginApplication wrapped in ListApplications200ResponseInner
+func AutoLoginApplicationAsListApplications200ResponseInner(v *AutoLoginApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		AutoLoginApplication: v,
+	}
+}
+
+// BasicAuthApplicationAsListApplications200ResponseInner is a convenience function that returns BasicAuthApplication wrapped in ListApplications200ResponseInner
+func BasicAuthApplicationAsListApplications200ResponseInner(v *BasicAuthApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		BasicAuthApplication: v,
+	}
+}
+
+// BookmarkApplicationAsListApplications200ResponseInner is a convenience function that returns BookmarkApplication wrapped in ListApplications200ResponseInner
+func BookmarkApplicationAsListApplications200ResponseInner(v *BookmarkApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		BookmarkApplication: v,
+	}
+}
+
+// BrowserPluginApplicationAsListApplications200ResponseInner is a convenience function that returns BrowserPluginApplication wrapped in ListApplications200ResponseInner
+func BrowserPluginApplicationAsListApplications200ResponseInner(v *BrowserPluginApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		BrowserPluginApplication: v,
+	}
+}
+
+// OpenIdConnectApplicationAsListApplications200ResponseInner is a convenience function that returns OpenIdConnectApplication wrapped in ListApplications200ResponseInner
+func OpenIdConnectApplicationAsListApplications200ResponseInner(v *OpenIdConnectApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		OpenIdConnectApplication: v,
+	}
+}
+
+// SamlApplicationAsListApplications200ResponseInner is a convenience function that returns SamlApplication wrapped in ListApplications200ResponseInner
+func SamlApplicationAsListApplications200ResponseInner(v *SamlApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		SamlApplication: v,
+	}
+}
+
+// SecurePasswordStoreApplicationAsListApplications200ResponseInner is a convenience function that returns SecurePasswordStoreApplication wrapped in ListApplications200ResponseInner
+func SecurePasswordStoreApplicationAsListApplications200ResponseInner(v *SecurePasswordStoreApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		SecurePasswordStoreApplication: v,
+	}
+}
+
+// WsFederationApplicationAsListApplications200ResponseInner is a convenience function that returns WsFederationApplication wrapped in ListApplications200ResponseInner
+func WsFederationApplicationAsListApplications200ResponseInner(v *WsFederationApplication) ListApplications200ResponseInner {
+	return ListApplications200ResponseInner{
+		WsFederationApplication: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListApplications200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'AUTO_LOGIN'
+	if jsonDict["signOnMode"] == "AUTO_LOGIN" {
+		// try to unmarshal JSON data into AutoLoginApplication
+		err = json.Unmarshal(data, &dst.AutoLoginApplication)
+		if err == nil {
+			return nil // data stored in dst.AutoLoginApplication, return on the first match
+		} else {
+			dst.AutoLoginApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as AutoLoginApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'AutoLoginApplication'
+	if jsonDict["signOnMode"] == "AutoLoginApplication" {
+		// try to unmarshal JSON data into AutoLoginApplication
+		err = json.Unmarshal(data, &dst.AutoLoginApplication)
+		if err == nil {
+			return nil // data stored in dst.AutoLoginApplication, return on the first match
+		} else {
+			dst.AutoLoginApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as AutoLoginApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BASIC_AUTH'
+	if jsonDict["signOnMode"] == "BASIC_AUTH" {
+		// try to unmarshal JSON data into BasicAuthApplication
+		err = json.Unmarshal(data, &dst.BasicAuthApplication)
+		if err == nil {
+			return nil // data stored in dst.BasicAuthApplication, return on the first match
+		} else {
+			dst.BasicAuthApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as BasicAuthApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BOOKMARK'
+	if jsonDict["signOnMode"] == "BOOKMARK" {
+		// try to unmarshal JSON data into BookmarkApplication
+		err = json.Unmarshal(data, &dst.BookmarkApplication)
+		if err == nil {
+			return nil // data stored in dst.BookmarkApplication, return on the first match
+		} else {
+			dst.BookmarkApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as BookmarkApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BROWSER_PLUGIN'
+	if jsonDict["signOnMode"] == "BROWSER_PLUGIN" {
+		// try to unmarshal JSON data into BrowserPluginApplication
+		err = json.Unmarshal(data, &dst.BrowserPluginApplication)
+		if err == nil {
+			return nil // data stored in dst.BrowserPluginApplication, return on the first match
+		} else {
+			dst.BrowserPluginApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as BrowserPluginApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BasicAuthApplication'
+	if jsonDict["signOnMode"] == "BasicAuthApplication" {
+		// try to unmarshal JSON data into BasicAuthApplication
+		err = json.Unmarshal(data, &dst.BasicAuthApplication)
+		if err == nil {
+			return nil // data stored in dst.BasicAuthApplication, return on the first match
+		} else {
+			dst.BasicAuthApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as BasicAuthApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BookmarkApplication'
+	if jsonDict["signOnMode"] == "BookmarkApplication" {
+		// try to unmarshal JSON data into BookmarkApplication
+		err = json.Unmarshal(data, &dst.BookmarkApplication)
+		if err == nil {
+			return nil // data stored in dst.BookmarkApplication, return on the first match
+		} else {
+			dst.BookmarkApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as BookmarkApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BrowserPluginApplication'
+	if jsonDict["signOnMode"] == "BrowserPluginApplication" {
+		// try to unmarshal JSON data into BrowserPluginApplication
+		err = json.Unmarshal(data, &dst.BrowserPluginApplication)
+		if err == nil {
+			return nil // data stored in dst.BrowserPluginApplication, return on the first match
+		} else {
+			dst.BrowserPluginApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as BrowserPluginApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'OPENID_CONNECT'
+	if jsonDict["signOnMode"] == "OPENID_CONNECT" {
+		// try to unmarshal JSON data into OpenIdConnectApplication
+		err = json.Unmarshal(data, &dst.OpenIdConnectApplication)
+		if err == nil {
+			return nil // data stored in dst.OpenIdConnectApplication, return on the first match
+		} else {
+			dst.OpenIdConnectApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as OpenIdConnectApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'OpenIdConnectApplication'
+	if jsonDict["signOnMode"] == "OpenIdConnectApplication" {
+		// try to unmarshal JSON data into OpenIdConnectApplication
+		err = json.Unmarshal(data, &dst.OpenIdConnectApplication)
+		if err == nil {
+			return nil // data stored in dst.OpenIdConnectApplication, return on the first match
+		} else {
+			dst.OpenIdConnectApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as OpenIdConnectApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SAML_1_1'
+	if jsonDict["signOnMode"] == "SAML_1_1" {
+		// try to unmarshal JSON data into SamlApplication
+		err = json.Unmarshal(data, &dst.SamlApplication)
+		if err == nil {
+			return nil // data stored in dst.SamlApplication, return on the first match
+		} else {
+			dst.SamlApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as SamlApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SAML_2_0'
+	if jsonDict["signOnMode"] == "SAML_2_0" {
+		// try to unmarshal JSON data into SamlApplication
+		err = json.Unmarshal(data, &dst.SamlApplication)
+		if err == nil {
+			return nil // data stored in dst.SamlApplication, return on the first match
+		} else {
+			dst.SamlApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as SamlApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SECURE_PASSWORD_STORE'
+	if jsonDict["signOnMode"] == "SECURE_PASSWORD_STORE" {
+		// try to unmarshal JSON data into SecurePasswordStoreApplication
+		err = json.Unmarshal(data, &dst.SecurePasswordStoreApplication)
+		if err == nil {
+			return nil // data stored in dst.SecurePasswordStoreApplication, return on the first match
+		} else {
+			dst.SecurePasswordStoreApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as SecurePasswordStoreApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SamlApplication'
+	if jsonDict["signOnMode"] == "SamlApplication" {
+		// try to unmarshal JSON data into SamlApplication
+		err = json.Unmarshal(data, &dst.SamlApplication)
+		if err == nil {
+			return nil // data stored in dst.SamlApplication, return on the first match
+		} else {
+			dst.SamlApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as SamlApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SecurePasswordStoreApplication'
+	if jsonDict["signOnMode"] == "SecurePasswordStoreApplication" {
+		// try to unmarshal JSON data into SecurePasswordStoreApplication
+		err = json.Unmarshal(data, &dst.SecurePasswordStoreApplication)
+		if err == nil {
+			return nil // data stored in dst.SecurePasswordStoreApplication, return on the first match
+		} else {
+			dst.SecurePasswordStoreApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as SecurePasswordStoreApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'WS_FEDERATION'
+	if jsonDict["signOnMode"] == "WS_FEDERATION" {
+		// try to unmarshal JSON data into WsFederationApplication
+		err = json.Unmarshal(data, &dst.WsFederationApplication)
+		if err == nil {
+			return nil // data stored in dst.WsFederationApplication, return on the first match
+		} else {
+			dst.WsFederationApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as WsFederationApplication: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'WsFederationApplication'
+	if jsonDict["signOnMode"] == "WsFederationApplication" {
+		// try to unmarshal JSON data into WsFederationApplication
+		err = json.Unmarshal(data, &dst.WsFederationApplication)
+		if err == nil {
+			return nil // data stored in dst.WsFederationApplication, return on the first match
+		} else {
+			dst.WsFederationApplication = nil
+			return fmt.Errorf("Failed to unmarshal ListApplications200ResponseInner as WsFederationApplication: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListApplications200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.AutoLoginApplication != nil {
+		return json.Marshal(&src.AutoLoginApplication)
+	}
+
+	if src.BasicAuthApplication != nil {
+		return json.Marshal(&src.BasicAuthApplication)
+	}
+
+	if src.BookmarkApplication != nil {
+		return json.Marshal(&src.BookmarkApplication)
+	}
+
+	if src.BrowserPluginApplication != nil {
+		return json.Marshal(&src.BrowserPluginApplication)
+	}
+
+	if src.OpenIdConnectApplication != nil {
+		return json.Marshal(&src.OpenIdConnectApplication)
+	}
+
+	if src.SamlApplication != nil {
+		return json.Marshal(&src.SamlApplication)
+	}
+
+	if src.SecurePasswordStoreApplication != nil {
+		return json.Marshal(&src.SecurePasswordStoreApplication)
+	}
+
+	if src.WsFederationApplication != nil {
+		return json.Marshal(&src.WsFederationApplication)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListApplications200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.AutoLoginApplication != nil {
+		return obj.AutoLoginApplication
+	}
+
+	if obj.BasicAuthApplication != nil {
+		return obj.BasicAuthApplication
+	}
+
+	if obj.BookmarkApplication != nil {
+		return obj.BookmarkApplication
+	}
+
+	if obj.BrowserPluginApplication != nil {
+		return obj.BrowserPluginApplication
+	}
+
+	if obj.OpenIdConnectApplication != nil {
+		return obj.OpenIdConnectApplication
+	}
+
+	if obj.SamlApplication != nil {
+		return obj.SamlApplication
+	}
+
+	if obj.SecurePasswordStoreApplication != nil {
+		return obj.SecurePasswordStoreApplication
+	}
+
+	if obj.WsFederationApplication != nil {
+		return obj.WsFederationApplication
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListApplications200ResponseInner struct {
+	value *ListApplications200ResponseInner
+	isSet bool
+}
+
+func (v NullableListApplications200ResponseInner) Get() *ListApplications200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListApplications200ResponseInner) Set(val *ListApplications200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListApplications200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListApplications200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListApplications200ResponseInner(val *ListApplications200ResponseInner) *NullableListApplications200ResponseInner {
+	return &NullableListApplications200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListApplications200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListApplications200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_behavior_detection_rules_200_response_inner.go b/okta/model_list_behavior_detection_rules_200_response_inner.go
new file mode 100644
index 000000000..9e51efda6
--- /dev/null
+++ b/okta/model_list_behavior_detection_rules_200_response_inner.go
@@ -0,0 +1,258 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListBehaviorDetectionRules200ResponseInner - struct for ListBehaviorDetectionRules200ResponseInner
+type ListBehaviorDetectionRules200ResponseInner struct {
+	BehaviorRuleAnomalousDevice   *BehaviorRuleAnomalousDevice
+	BehaviorRuleAnomalousIP       *BehaviorRuleAnomalousIP
+	BehaviorRuleAnomalousLocation *BehaviorRuleAnomalousLocation
+	BehaviorRuleVelocity          *BehaviorRuleVelocity
+}
+
+// BehaviorRuleAnomalousDeviceAsListBehaviorDetectionRules200ResponseInner is a convenience function that returns BehaviorRuleAnomalousDevice wrapped in ListBehaviorDetectionRules200ResponseInner
+func BehaviorRuleAnomalousDeviceAsListBehaviorDetectionRules200ResponseInner(v *BehaviorRuleAnomalousDevice) ListBehaviorDetectionRules200ResponseInner {
+	return ListBehaviorDetectionRules200ResponseInner{
+		BehaviorRuleAnomalousDevice: v,
+	}
+}
+
+// BehaviorRuleAnomalousIPAsListBehaviorDetectionRules200ResponseInner is a convenience function that returns BehaviorRuleAnomalousIP wrapped in ListBehaviorDetectionRules200ResponseInner
+func BehaviorRuleAnomalousIPAsListBehaviorDetectionRules200ResponseInner(v *BehaviorRuleAnomalousIP) ListBehaviorDetectionRules200ResponseInner {
+	return ListBehaviorDetectionRules200ResponseInner{
+		BehaviorRuleAnomalousIP: v,
+	}
+}
+
+// BehaviorRuleAnomalousLocationAsListBehaviorDetectionRules200ResponseInner is a convenience function that returns BehaviorRuleAnomalousLocation wrapped in ListBehaviorDetectionRules200ResponseInner
+func BehaviorRuleAnomalousLocationAsListBehaviorDetectionRules200ResponseInner(v *BehaviorRuleAnomalousLocation) ListBehaviorDetectionRules200ResponseInner {
+	return ListBehaviorDetectionRules200ResponseInner{
+		BehaviorRuleAnomalousLocation: v,
+	}
+}
+
+// BehaviorRuleVelocityAsListBehaviorDetectionRules200ResponseInner is a convenience function that returns BehaviorRuleVelocity wrapped in ListBehaviorDetectionRules200ResponseInner
+func BehaviorRuleVelocityAsListBehaviorDetectionRules200ResponseInner(v *BehaviorRuleVelocity) ListBehaviorDetectionRules200ResponseInner {
+	return ListBehaviorDetectionRules200ResponseInner{
+		BehaviorRuleVelocity: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListBehaviorDetectionRules200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'ANOMALOUS_DEVICE'
+	if jsonDict["type"] == "ANOMALOUS_DEVICE" {
+		// try to unmarshal JSON data into BehaviorRuleAnomalousDevice
+		err = json.Unmarshal(data, &dst.BehaviorRuleAnomalousDevice)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleAnomalousDevice, return on the first match
+		} else {
+			dst.BehaviorRuleAnomalousDevice = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleAnomalousDevice: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'ANOMALOUS_IP'
+	if jsonDict["type"] == "ANOMALOUS_IP" {
+		// try to unmarshal JSON data into BehaviorRuleAnomalousIP
+		err = json.Unmarshal(data, &dst.BehaviorRuleAnomalousIP)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleAnomalousIP, return on the first match
+		} else {
+			dst.BehaviorRuleAnomalousIP = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleAnomalousIP: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'ANOMALOUS_LOCATION'
+	if jsonDict["type"] == "ANOMALOUS_LOCATION" {
+		// try to unmarshal JSON data into BehaviorRuleAnomalousLocation
+		err = json.Unmarshal(data, &dst.BehaviorRuleAnomalousLocation)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleAnomalousLocation, return on the first match
+		} else {
+			dst.BehaviorRuleAnomalousLocation = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleAnomalousLocation: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BehaviorRuleAnomalousDevice'
+	if jsonDict["type"] == "BehaviorRuleAnomalousDevice" {
+		// try to unmarshal JSON data into BehaviorRuleAnomalousDevice
+		err = json.Unmarshal(data, &dst.BehaviorRuleAnomalousDevice)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleAnomalousDevice, return on the first match
+		} else {
+			dst.BehaviorRuleAnomalousDevice = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleAnomalousDevice: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BehaviorRuleAnomalousIP'
+	if jsonDict["type"] == "BehaviorRuleAnomalousIP" {
+		// try to unmarshal JSON data into BehaviorRuleAnomalousIP
+		err = json.Unmarshal(data, &dst.BehaviorRuleAnomalousIP)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleAnomalousIP, return on the first match
+		} else {
+			dst.BehaviorRuleAnomalousIP = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleAnomalousIP: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BehaviorRuleAnomalousLocation'
+	if jsonDict["type"] == "BehaviorRuleAnomalousLocation" {
+		// try to unmarshal JSON data into BehaviorRuleAnomalousLocation
+		err = json.Unmarshal(data, &dst.BehaviorRuleAnomalousLocation)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleAnomalousLocation, return on the first match
+		} else {
+			dst.BehaviorRuleAnomalousLocation = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleAnomalousLocation: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'BehaviorRuleVelocity'
+	if jsonDict["type"] == "BehaviorRuleVelocity" {
+		// try to unmarshal JSON data into BehaviorRuleVelocity
+		err = json.Unmarshal(data, &dst.BehaviorRuleVelocity)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleVelocity, return on the first match
+		} else {
+			dst.BehaviorRuleVelocity = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleVelocity: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'VELOCITY'
+	if jsonDict["type"] == "VELOCITY" {
+		// try to unmarshal JSON data into BehaviorRuleVelocity
+		err = json.Unmarshal(data, &dst.BehaviorRuleVelocity)
+		if err == nil {
+			return nil // data stored in dst.BehaviorRuleVelocity, return on the first match
+		} else {
+			dst.BehaviorRuleVelocity = nil
+			return fmt.Errorf("Failed to unmarshal ListBehaviorDetectionRules200ResponseInner as BehaviorRuleVelocity: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListBehaviorDetectionRules200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.BehaviorRuleAnomalousDevice != nil {
+		return json.Marshal(&src.BehaviorRuleAnomalousDevice)
+	}
+
+	if src.BehaviorRuleAnomalousIP != nil {
+		return json.Marshal(&src.BehaviorRuleAnomalousIP)
+	}
+
+	if src.BehaviorRuleAnomalousLocation != nil {
+		return json.Marshal(&src.BehaviorRuleAnomalousLocation)
+	}
+
+	if src.BehaviorRuleVelocity != nil {
+		return json.Marshal(&src.BehaviorRuleVelocity)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListBehaviorDetectionRules200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.BehaviorRuleAnomalousDevice != nil {
+		return obj.BehaviorRuleAnomalousDevice
+	}
+
+	if obj.BehaviorRuleAnomalousIP != nil {
+		return obj.BehaviorRuleAnomalousIP
+	}
+
+	if obj.BehaviorRuleAnomalousLocation != nil {
+		return obj.BehaviorRuleAnomalousLocation
+	}
+
+	if obj.BehaviorRuleVelocity != nil {
+		return obj.BehaviorRuleVelocity
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListBehaviorDetectionRules200ResponseInner struct {
+	value *ListBehaviorDetectionRules200ResponseInner
+	isSet bool
+}
+
+func (v NullableListBehaviorDetectionRules200ResponseInner) Get() *ListBehaviorDetectionRules200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListBehaviorDetectionRules200ResponseInner) Set(val *ListBehaviorDetectionRules200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListBehaviorDetectionRules200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListBehaviorDetectionRules200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListBehaviorDetectionRules200ResponseInner(val *ListBehaviorDetectionRules200ResponseInner) *NullableListBehaviorDetectionRules200ResponseInner {
+	return &NullableListBehaviorDetectionRules200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListBehaviorDetectionRules200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListBehaviorDetectionRules200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_device_assurance_policies_200_response_inner.go b/okta/model_list_device_assurance_policies_200_response_inner.go
new file mode 100644
index 000000000..b087cb749
--- /dev/null
+++ b/okta/model_list_device_assurance_policies_200_response_inner.go
@@ -0,0 +1,298 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListDeviceAssurancePolicies200ResponseInner - struct for ListDeviceAssurancePolicies200ResponseInner
+type ListDeviceAssurancePolicies200ResponseInner struct {
+	DeviceAssuranceAndroidPlatform  *DeviceAssuranceAndroidPlatform
+	DeviceAssuranceChromeOSPlatform *DeviceAssuranceChromeOSPlatform
+	DeviceAssuranceIOSPlatform      *DeviceAssuranceIOSPlatform
+	DeviceAssuranceMacOSPlatform    *DeviceAssuranceMacOSPlatform
+	DeviceAssuranceWindowsPlatform  *DeviceAssuranceWindowsPlatform
+}
+
+// DeviceAssuranceAndroidPlatformAsListDeviceAssurancePolicies200ResponseInner is a convenience function that returns DeviceAssuranceAndroidPlatform wrapped in ListDeviceAssurancePolicies200ResponseInner
+func DeviceAssuranceAndroidPlatformAsListDeviceAssurancePolicies200ResponseInner(v *DeviceAssuranceAndroidPlatform) ListDeviceAssurancePolicies200ResponseInner {
+	return ListDeviceAssurancePolicies200ResponseInner{
+		DeviceAssuranceAndroidPlatform: v,
+	}
+}
+
+// DeviceAssuranceChromeOSPlatformAsListDeviceAssurancePolicies200ResponseInner is a convenience function that returns DeviceAssuranceChromeOSPlatform wrapped in ListDeviceAssurancePolicies200ResponseInner
+func DeviceAssuranceChromeOSPlatformAsListDeviceAssurancePolicies200ResponseInner(v *DeviceAssuranceChromeOSPlatform) ListDeviceAssurancePolicies200ResponseInner {
+	return ListDeviceAssurancePolicies200ResponseInner{
+		DeviceAssuranceChromeOSPlatform: v,
+	}
+}
+
+// DeviceAssuranceIOSPlatformAsListDeviceAssurancePolicies200ResponseInner is a convenience function that returns DeviceAssuranceIOSPlatform wrapped in ListDeviceAssurancePolicies200ResponseInner
+func DeviceAssuranceIOSPlatformAsListDeviceAssurancePolicies200ResponseInner(v *DeviceAssuranceIOSPlatform) ListDeviceAssurancePolicies200ResponseInner {
+	return ListDeviceAssurancePolicies200ResponseInner{
+		DeviceAssuranceIOSPlatform: v,
+	}
+}
+
+// DeviceAssuranceMacOSPlatformAsListDeviceAssurancePolicies200ResponseInner is a convenience function that returns DeviceAssuranceMacOSPlatform wrapped in ListDeviceAssurancePolicies200ResponseInner
+func DeviceAssuranceMacOSPlatformAsListDeviceAssurancePolicies200ResponseInner(v *DeviceAssuranceMacOSPlatform) ListDeviceAssurancePolicies200ResponseInner {
+	return ListDeviceAssurancePolicies200ResponseInner{
+		DeviceAssuranceMacOSPlatform: v,
+	}
+}
+
+// DeviceAssuranceWindowsPlatformAsListDeviceAssurancePolicies200ResponseInner is a convenience function that returns DeviceAssuranceWindowsPlatform wrapped in ListDeviceAssurancePolicies200ResponseInner
+func DeviceAssuranceWindowsPlatformAsListDeviceAssurancePolicies200ResponseInner(v *DeviceAssuranceWindowsPlatform) ListDeviceAssurancePolicies200ResponseInner {
+	return ListDeviceAssurancePolicies200ResponseInner{
+		DeviceAssuranceWindowsPlatform: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListDeviceAssurancePolicies200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'ANDROID'
+	if jsonDict["platform"] == "ANDROID" {
+		// try to unmarshal JSON data into DeviceAssuranceAndroidPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceAndroidPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceAndroidPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceAndroidPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceAndroidPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'CHROMEOS'
+	if jsonDict["platform"] == "CHROMEOS" {
+		// try to unmarshal JSON data into DeviceAssuranceChromeOSPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceChromeOSPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceChromeOSPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceChromeOSPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceChromeOSPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'DeviceAssuranceAndroidPlatform'
+	if jsonDict["platform"] == "DeviceAssuranceAndroidPlatform" {
+		// try to unmarshal JSON data into DeviceAssuranceAndroidPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceAndroidPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceAndroidPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceAndroidPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceAndroidPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'DeviceAssuranceChromeOSPlatform'
+	if jsonDict["platform"] == "DeviceAssuranceChromeOSPlatform" {
+		// try to unmarshal JSON data into DeviceAssuranceChromeOSPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceChromeOSPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceChromeOSPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceChromeOSPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceChromeOSPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'DeviceAssuranceIOSPlatform'
+	if jsonDict["platform"] == "DeviceAssuranceIOSPlatform" {
+		// try to unmarshal JSON data into DeviceAssuranceIOSPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceIOSPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceIOSPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceIOSPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceIOSPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'DeviceAssuranceMacOSPlatform'
+	if jsonDict["platform"] == "DeviceAssuranceMacOSPlatform" {
+		// try to unmarshal JSON data into DeviceAssuranceMacOSPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceMacOSPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceMacOSPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceMacOSPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceMacOSPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'DeviceAssuranceWindowsPlatform'
+	if jsonDict["platform"] == "DeviceAssuranceWindowsPlatform" {
+		// try to unmarshal JSON data into DeviceAssuranceWindowsPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceWindowsPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceWindowsPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceWindowsPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceWindowsPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'IOS'
+	if jsonDict["platform"] == "IOS" {
+		// try to unmarshal JSON data into DeviceAssuranceIOSPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceIOSPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceIOSPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceIOSPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceIOSPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'MACOS'
+	if jsonDict["platform"] == "MACOS" {
+		// try to unmarshal JSON data into DeviceAssuranceMacOSPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceMacOSPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceMacOSPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceMacOSPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceMacOSPlatform: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'WINDOWS'
+	if jsonDict["platform"] == "WINDOWS" {
+		// try to unmarshal JSON data into DeviceAssuranceWindowsPlatform
+		err = json.Unmarshal(data, &dst.DeviceAssuranceWindowsPlatform)
+		if err == nil {
+			return nil // data stored in dst.DeviceAssuranceWindowsPlatform, return on the first match
+		} else {
+			dst.DeviceAssuranceWindowsPlatform = nil
+			return fmt.Errorf("Failed to unmarshal ListDeviceAssurancePolicies200ResponseInner as DeviceAssuranceWindowsPlatform: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListDeviceAssurancePolicies200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.DeviceAssuranceAndroidPlatform != nil {
+		return json.Marshal(&src.DeviceAssuranceAndroidPlatform)
+	}
+
+	if src.DeviceAssuranceChromeOSPlatform != nil {
+		return json.Marshal(&src.DeviceAssuranceChromeOSPlatform)
+	}
+
+	if src.DeviceAssuranceIOSPlatform != nil {
+		return json.Marshal(&src.DeviceAssuranceIOSPlatform)
+	}
+
+	if src.DeviceAssuranceMacOSPlatform != nil {
+		return json.Marshal(&src.DeviceAssuranceMacOSPlatform)
+	}
+
+	if src.DeviceAssuranceWindowsPlatform != nil {
+		return json.Marshal(&src.DeviceAssuranceWindowsPlatform)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListDeviceAssurancePolicies200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.DeviceAssuranceAndroidPlatform != nil {
+		return obj.DeviceAssuranceAndroidPlatform
+	}
+
+	if obj.DeviceAssuranceChromeOSPlatform != nil {
+		return obj.DeviceAssuranceChromeOSPlatform
+	}
+
+	if obj.DeviceAssuranceIOSPlatform != nil {
+		return obj.DeviceAssuranceIOSPlatform
+	}
+
+	if obj.DeviceAssuranceMacOSPlatform != nil {
+		return obj.DeviceAssuranceMacOSPlatform
+	}
+
+	if obj.DeviceAssuranceWindowsPlatform != nil {
+		return obj.DeviceAssuranceWindowsPlatform
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListDeviceAssurancePolicies200ResponseInner struct {
+	value *ListDeviceAssurancePolicies200ResponseInner
+	isSet bool
+}
+
+func (v NullableListDeviceAssurancePolicies200ResponseInner) Get() *ListDeviceAssurancePolicies200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListDeviceAssurancePolicies200ResponseInner) Set(val *ListDeviceAssurancePolicies200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListDeviceAssurancePolicies200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListDeviceAssurancePolicies200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListDeviceAssurancePolicies200ResponseInner(val *ListDeviceAssurancePolicies200ResponseInner) *NullableListDeviceAssurancePolicies200ResponseInner {
+	return &NullableListDeviceAssurancePolicies200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListDeviceAssurancePolicies200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListDeviceAssurancePolicies200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_factors_200_response_inner.go b/okta/model_list_factors_200_response_inner.go
new file mode 100644
index 000000000..1c1fa1b01
--- /dev/null
+++ b/okta/model_list_factors_200_response_inner.go
@@ -0,0 +1,590 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListFactors200ResponseInner - struct for ListFactors200ResponseInner
+type ListFactors200ResponseInner struct {
+	CallUserFactor             *CallUserFactor
+	CustomHotpUserFactor       *CustomHotpUserFactor
+	EmailUserFactor            *EmailUserFactor
+	HardwareUserFactor         *HardwareUserFactor
+	PushUserFactor             *PushUserFactor
+	SecurityQuestionUserFactor *SecurityQuestionUserFactor
+	SmsUserFactor              *SmsUserFactor
+	TokenUserFactor            *TokenUserFactor
+	TotpUserFactor             *TotpUserFactor
+	U2fUserFactor              *U2fUserFactor
+	WebAuthnUserFactor         *WebAuthnUserFactor
+	WebUserFactor              *WebUserFactor
+}
+
+// CallUserFactorAsListFactors200ResponseInner is a convenience function that returns CallUserFactor wrapped in ListFactors200ResponseInner
+func CallUserFactorAsListFactors200ResponseInner(v *CallUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		CallUserFactor: v,
+	}
+}
+
+// CustomHotpUserFactorAsListFactors200ResponseInner is a convenience function that returns CustomHotpUserFactor wrapped in ListFactors200ResponseInner
+func CustomHotpUserFactorAsListFactors200ResponseInner(v *CustomHotpUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		CustomHotpUserFactor: v,
+	}
+}
+
+// EmailUserFactorAsListFactors200ResponseInner is a convenience function that returns EmailUserFactor wrapped in ListFactors200ResponseInner
+func EmailUserFactorAsListFactors200ResponseInner(v *EmailUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		EmailUserFactor: v,
+	}
+}
+
+// HardwareUserFactorAsListFactors200ResponseInner is a convenience function that returns HardwareUserFactor wrapped in ListFactors200ResponseInner
+func HardwareUserFactorAsListFactors200ResponseInner(v *HardwareUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		HardwareUserFactor: v,
+	}
+}
+
+// PushUserFactorAsListFactors200ResponseInner is a convenience function that returns PushUserFactor wrapped in ListFactors200ResponseInner
+func PushUserFactorAsListFactors200ResponseInner(v *PushUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		PushUserFactor: v,
+	}
+}
+
+// SecurityQuestionUserFactorAsListFactors200ResponseInner is a convenience function that returns SecurityQuestionUserFactor wrapped in ListFactors200ResponseInner
+func SecurityQuestionUserFactorAsListFactors200ResponseInner(v *SecurityQuestionUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		SecurityQuestionUserFactor: v,
+	}
+}
+
+// SmsUserFactorAsListFactors200ResponseInner is a convenience function that returns SmsUserFactor wrapped in ListFactors200ResponseInner
+func SmsUserFactorAsListFactors200ResponseInner(v *SmsUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		SmsUserFactor: v,
+	}
+}
+
+// TokenUserFactorAsListFactors200ResponseInner is a convenience function that returns TokenUserFactor wrapped in ListFactors200ResponseInner
+func TokenUserFactorAsListFactors200ResponseInner(v *TokenUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		TokenUserFactor: v,
+	}
+}
+
+// TotpUserFactorAsListFactors200ResponseInner is a convenience function that returns TotpUserFactor wrapped in ListFactors200ResponseInner
+func TotpUserFactorAsListFactors200ResponseInner(v *TotpUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		TotpUserFactor: v,
+	}
+}
+
+// U2fUserFactorAsListFactors200ResponseInner is a convenience function that returns U2fUserFactor wrapped in ListFactors200ResponseInner
+func U2fUserFactorAsListFactors200ResponseInner(v *U2fUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		U2fUserFactor: v,
+	}
+}
+
+// WebAuthnUserFactorAsListFactors200ResponseInner is a convenience function that returns WebAuthnUserFactor wrapped in ListFactors200ResponseInner
+func WebAuthnUserFactorAsListFactors200ResponseInner(v *WebAuthnUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		WebAuthnUserFactor: v,
+	}
+}
+
+// WebUserFactorAsListFactors200ResponseInner is a convenience function that returns WebUserFactor wrapped in ListFactors200ResponseInner
+func WebUserFactorAsListFactors200ResponseInner(v *WebUserFactor) ListFactors200ResponseInner {
+	return ListFactors200ResponseInner{
+		WebUserFactor: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListFactors200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'CallUserFactor'
+	if jsonDict["factorType"] == "CallUserFactor" {
+		// try to unmarshal JSON data into CallUserFactor
+		err = json.Unmarshal(data, &dst.CallUserFactor)
+		if err == nil {
+			return nil // data stored in dst.CallUserFactor, return on the first match
+		} else {
+			dst.CallUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as CallUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'CustomHotpUserFactor'
+	if jsonDict["factorType"] == "CustomHotpUserFactor" {
+		// try to unmarshal JSON data into CustomHotpUserFactor
+		err = json.Unmarshal(data, &dst.CustomHotpUserFactor)
+		if err == nil {
+			return nil // data stored in dst.CustomHotpUserFactor, return on the first match
+		} else {
+			dst.CustomHotpUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as CustomHotpUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'EmailUserFactor'
+	if jsonDict["factorType"] == "EmailUserFactor" {
+		// try to unmarshal JSON data into EmailUserFactor
+		err = json.Unmarshal(data, &dst.EmailUserFactor)
+		if err == nil {
+			return nil // data stored in dst.EmailUserFactor, return on the first match
+		} else {
+			dst.EmailUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as EmailUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'HardwareUserFactor'
+	if jsonDict["factorType"] == "HardwareUserFactor" {
+		// try to unmarshal JSON data into HardwareUserFactor
+		err = json.Unmarshal(data, &dst.HardwareUserFactor)
+		if err == nil {
+			return nil // data stored in dst.HardwareUserFactor, return on the first match
+		} else {
+			dst.HardwareUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as HardwareUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'PushUserFactor'
+	if jsonDict["factorType"] == "PushUserFactor" {
+		// try to unmarshal JSON data into PushUserFactor
+		err = json.Unmarshal(data, &dst.PushUserFactor)
+		if err == nil {
+			return nil // data stored in dst.PushUserFactor, return on the first match
+		} else {
+			dst.PushUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as PushUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SecurityQuestionUserFactor'
+	if jsonDict["factorType"] == "SecurityQuestionUserFactor" {
+		// try to unmarshal JSON data into SecurityQuestionUserFactor
+		err = json.Unmarshal(data, &dst.SecurityQuestionUserFactor)
+		if err == nil {
+			return nil // data stored in dst.SecurityQuestionUserFactor, return on the first match
+		} else {
+			dst.SecurityQuestionUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as SecurityQuestionUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SmsUserFactor'
+	if jsonDict["factorType"] == "SmsUserFactor" {
+		// try to unmarshal JSON data into SmsUserFactor
+		err = json.Unmarshal(data, &dst.SmsUserFactor)
+		if err == nil {
+			return nil // data stored in dst.SmsUserFactor, return on the first match
+		} else {
+			dst.SmsUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as SmsUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'TokenUserFactor'
+	if jsonDict["factorType"] == "TokenUserFactor" {
+		// try to unmarshal JSON data into TokenUserFactor
+		err = json.Unmarshal(data, &dst.TokenUserFactor)
+		if err == nil {
+			return nil // data stored in dst.TokenUserFactor, return on the first match
+		} else {
+			dst.TokenUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as TokenUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'TotpUserFactor'
+	if jsonDict["factorType"] == "TotpUserFactor" {
+		// try to unmarshal JSON data into TotpUserFactor
+		err = json.Unmarshal(data, &dst.TotpUserFactor)
+		if err == nil {
+			return nil // data stored in dst.TotpUserFactor, return on the first match
+		} else {
+			dst.TotpUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as TotpUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'U2fUserFactor'
+	if jsonDict["factorType"] == "U2fUserFactor" {
+		// try to unmarshal JSON data into U2fUserFactor
+		err = json.Unmarshal(data, &dst.U2fUserFactor)
+		if err == nil {
+			return nil // data stored in dst.U2fUserFactor, return on the first match
+		} else {
+			dst.U2fUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as U2fUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'WebAuthnUserFactor'
+	if jsonDict["factorType"] == "WebAuthnUserFactor" {
+		// try to unmarshal JSON data into WebAuthnUserFactor
+		err = json.Unmarshal(data, &dst.WebAuthnUserFactor)
+		if err == nil {
+			return nil // data stored in dst.WebAuthnUserFactor, return on the first match
+		} else {
+			dst.WebAuthnUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as WebAuthnUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'WebUserFactor'
+	if jsonDict["factorType"] == "WebUserFactor" {
+		// try to unmarshal JSON data into WebUserFactor
+		err = json.Unmarshal(data, &dst.WebUserFactor)
+		if err == nil {
+			return nil // data stored in dst.WebUserFactor, return on the first match
+		} else {
+			dst.WebUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as WebUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'call'
+	if jsonDict["factorType"] == "call" {
+		// try to unmarshal JSON data into CallUserFactor
+		err = json.Unmarshal(data, &dst.CallUserFactor)
+		if err == nil {
+			return nil // data stored in dst.CallUserFactor, return on the first match
+		} else {
+			dst.CallUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as CallUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'email'
+	if jsonDict["factorType"] == "email" {
+		// try to unmarshal JSON data into EmailUserFactor
+		err = json.Unmarshal(data, &dst.EmailUserFactor)
+		if err == nil {
+			return nil // data stored in dst.EmailUserFactor, return on the first match
+		} else {
+			dst.EmailUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as EmailUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'hotp'
+	if jsonDict["factorType"] == "hotp" {
+		// try to unmarshal JSON data into CustomHotpUserFactor
+		err = json.Unmarshal(data, &dst.CustomHotpUserFactor)
+		if err == nil {
+			return nil // data stored in dst.CustomHotpUserFactor, return on the first match
+		} else {
+			dst.CustomHotpUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as CustomHotpUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'push'
+	if jsonDict["factorType"] == "push" {
+		// try to unmarshal JSON data into PushUserFactor
+		err = json.Unmarshal(data, &dst.PushUserFactor)
+		if err == nil {
+			return nil // data stored in dst.PushUserFactor, return on the first match
+		} else {
+			dst.PushUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as PushUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'question'
+	if jsonDict["factorType"] == "question" {
+		// try to unmarshal JSON data into SecurityQuestionUserFactor
+		err = json.Unmarshal(data, &dst.SecurityQuestionUserFactor)
+		if err == nil {
+			return nil // data stored in dst.SecurityQuestionUserFactor, return on the first match
+		} else {
+			dst.SecurityQuestionUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as SecurityQuestionUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'sms'
+	if jsonDict["factorType"] == "sms" {
+		// try to unmarshal JSON data into SmsUserFactor
+		err = json.Unmarshal(data, &dst.SmsUserFactor)
+		if err == nil {
+			return nil // data stored in dst.SmsUserFactor, return on the first match
+		} else {
+			dst.SmsUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as SmsUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'token'
+	if jsonDict["factorType"] == "token" {
+		// try to unmarshal JSON data into TokenUserFactor
+		err = json.Unmarshal(data, &dst.TokenUserFactor)
+		if err == nil {
+			return nil // data stored in dst.TokenUserFactor, return on the first match
+		} else {
+			dst.TokenUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as TokenUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'token:hardware'
+	if jsonDict["factorType"] == "token:hardware" {
+		// try to unmarshal JSON data into HardwareUserFactor
+		err = json.Unmarshal(data, &dst.HardwareUserFactor)
+		if err == nil {
+			return nil // data stored in dst.HardwareUserFactor, return on the first match
+		} else {
+			dst.HardwareUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as HardwareUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'token:hotp'
+	if jsonDict["factorType"] == "token:hotp" {
+		// try to unmarshal JSON data into CustomHotpUserFactor
+		err = json.Unmarshal(data, &dst.CustomHotpUserFactor)
+		if err == nil {
+			return nil // data stored in dst.CustomHotpUserFactor, return on the first match
+		} else {
+			dst.CustomHotpUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as CustomHotpUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'token:software:totp'
+	if jsonDict["factorType"] == "token:software:totp" {
+		// try to unmarshal JSON data into TotpUserFactor
+		err = json.Unmarshal(data, &dst.TotpUserFactor)
+		if err == nil {
+			return nil // data stored in dst.TotpUserFactor, return on the first match
+		} else {
+			dst.TotpUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as TotpUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'u2f'
+	if jsonDict["factorType"] == "u2f" {
+		// try to unmarshal JSON data into U2fUserFactor
+		err = json.Unmarshal(data, &dst.U2fUserFactor)
+		if err == nil {
+			return nil // data stored in dst.U2fUserFactor, return on the first match
+		} else {
+			dst.U2fUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as U2fUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'web'
+	if jsonDict["factorType"] == "web" {
+		// try to unmarshal JSON data into WebUserFactor
+		err = json.Unmarshal(data, &dst.WebUserFactor)
+		if err == nil {
+			return nil // data stored in dst.WebUserFactor, return on the first match
+		} else {
+			dst.WebUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as WebUserFactor: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'webauthn'
+	if jsonDict["factorType"] == "webauthn" {
+		// try to unmarshal JSON data into WebAuthnUserFactor
+		err = json.Unmarshal(data, &dst.WebAuthnUserFactor)
+		if err == nil {
+			return nil // data stored in dst.WebAuthnUserFactor, return on the first match
+		} else {
+			dst.WebAuthnUserFactor = nil
+			return fmt.Errorf("Failed to unmarshal ListFactors200ResponseInner as WebAuthnUserFactor: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListFactors200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.CallUserFactor != nil {
+		return json.Marshal(&src.CallUserFactor)
+	}
+
+	if src.CustomHotpUserFactor != nil {
+		return json.Marshal(&src.CustomHotpUserFactor)
+	}
+
+	if src.EmailUserFactor != nil {
+		return json.Marshal(&src.EmailUserFactor)
+	}
+
+	if src.HardwareUserFactor != nil {
+		return json.Marshal(&src.HardwareUserFactor)
+	}
+
+	if src.PushUserFactor != nil {
+		return json.Marshal(&src.PushUserFactor)
+	}
+
+	if src.SecurityQuestionUserFactor != nil {
+		return json.Marshal(&src.SecurityQuestionUserFactor)
+	}
+
+	if src.SmsUserFactor != nil {
+		return json.Marshal(&src.SmsUserFactor)
+	}
+
+	if src.TokenUserFactor != nil {
+		return json.Marshal(&src.TokenUserFactor)
+	}
+
+	if src.TotpUserFactor != nil {
+		return json.Marshal(&src.TotpUserFactor)
+	}
+
+	if src.U2fUserFactor != nil {
+		return json.Marshal(&src.U2fUserFactor)
+	}
+
+	if src.WebAuthnUserFactor != nil {
+		return json.Marshal(&src.WebAuthnUserFactor)
+	}
+
+	if src.WebUserFactor != nil {
+		return json.Marshal(&src.WebUserFactor)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListFactors200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.CallUserFactor != nil {
+		return obj.CallUserFactor
+	}
+
+	if obj.CustomHotpUserFactor != nil {
+		return obj.CustomHotpUserFactor
+	}
+
+	if obj.EmailUserFactor != nil {
+		return obj.EmailUserFactor
+	}
+
+	if obj.HardwareUserFactor != nil {
+		return obj.HardwareUserFactor
+	}
+
+	if obj.PushUserFactor != nil {
+		return obj.PushUserFactor
+	}
+
+	if obj.SecurityQuestionUserFactor != nil {
+		return obj.SecurityQuestionUserFactor
+	}
+
+	if obj.SmsUserFactor != nil {
+		return obj.SmsUserFactor
+	}
+
+	if obj.TokenUserFactor != nil {
+		return obj.TokenUserFactor
+	}
+
+	if obj.TotpUserFactor != nil {
+		return obj.TotpUserFactor
+	}
+
+	if obj.U2fUserFactor != nil {
+		return obj.U2fUserFactor
+	}
+
+	if obj.WebAuthnUserFactor != nil {
+		return obj.WebAuthnUserFactor
+	}
+
+	if obj.WebUserFactor != nil {
+		return obj.WebUserFactor
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListFactors200ResponseInner struct {
+	value *ListFactors200ResponseInner
+	isSet bool
+}
+
+func (v NullableListFactors200ResponseInner) Get() *ListFactors200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListFactors200ResponseInner) Set(val *ListFactors200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListFactors200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListFactors200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListFactors200ResponseInner(val *ListFactors200ResponseInner) *NullableListFactors200ResponseInner {
+	return &NullableListFactors200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListFactors200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListFactors200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_log_streams_200_response_inner.go b/okta/model_list_log_streams_200_response_inner.go
new file mode 100644
index 000000000..cc737ac80
--- /dev/null
+++ b/okta/model_list_log_streams_200_response_inner.go
@@ -0,0 +1,178 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListLogStreams200ResponseInner - struct for ListLogStreams200ResponseInner
+type ListLogStreams200ResponseInner struct {
+	LogStreamAws    *LogStreamAws
+	LogStreamSplunk *LogStreamSplunk
+}
+
+// LogStreamAwsAsListLogStreams200ResponseInner is a convenience function that returns LogStreamAws wrapped in ListLogStreams200ResponseInner
+func LogStreamAwsAsListLogStreams200ResponseInner(v *LogStreamAws) ListLogStreams200ResponseInner {
+	return ListLogStreams200ResponseInner{
+		LogStreamAws: v,
+	}
+}
+
+// LogStreamSplunkAsListLogStreams200ResponseInner is a convenience function that returns LogStreamSplunk wrapped in ListLogStreams200ResponseInner
+func LogStreamSplunkAsListLogStreams200ResponseInner(v *LogStreamSplunk) ListLogStreams200ResponseInner {
+	return ListLogStreams200ResponseInner{
+		LogStreamSplunk: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListLogStreams200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'LogStreamAws'
+	if jsonDict["type"] == "LogStreamAws" {
+		// try to unmarshal JSON data into LogStreamAws
+		err = json.Unmarshal(data, &dst.LogStreamAws)
+		if err == nil {
+			return nil // data stored in dst.LogStreamAws, return on the first match
+		} else {
+			dst.LogStreamAws = nil
+			return fmt.Errorf("Failed to unmarshal ListLogStreams200ResponseInner as LogStreamAws: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'LogStreamSplunk'
+	if jsonDict["type"] == "LogStreamSplunk" {
+		// try to unmarshal JSON data into LogStreamSplunk
+		err = json.Unmarshal(data, &dst.LogStreamSplunk)
+		if err == nil {
+			return nil // data stored in dst.LogStreamSplunk, return on the first match
+		} else {
+			dst.LogStreamSplunk = nil
+			return fmt.Errorf("Failed to unmarshal ListLogStreams200ResponseInner as LogStreamSplunk: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'aws_eventbridge'
+	if jsonDict["type"] == "aws_eventbridge" {
+		// try to unmarshal JSON data into LogStreamAws
+		err = json.Unmarshal(data, &dst.LogStreamAws)
+		if err == nil {
+			return nil // data stored in dst.LogStreamAws, return on the first match
+		} else {
+			dst.LogStreamAws = nil
+			return fmt.Errorf("Failed to unmarshal ListLogStreams200ResponseInner as LogStreamAws: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'splunk_cloud_logstreaming'
+	if jsonDict["type"] == "splunk_cloud_logstreaming" {
+		// try to unmarshal JSON data into LogStreamSplunk
+		err = json.Unmarshal(data, &dst.LogStreamSplunk)
+		if err == nil {
+			return nil // data stored in dst.LogStreamSplunk, return on the first match
+		} else {
+			dst.LogStreamSplunk = nil
+			return fmt.Errorf("Failed to unmarshal ListLogStreams200ResponseInner as LogStreamSplunk: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListLogStreams200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.LogStreamAws != nil {
+		return json.Marshal(&src.LogStreamAws)
+	}
+
+	if src.LogStreamSplunk != nil {
+		return json.Marshal(&src.LogStreamSplunk)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListLogStreams200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.LogStreamAws != nil {
+		return obj.LogStreamAws
+	}
+
+	if obj.LogStreamSplunk != nil {
+		return obj.LogStreamSplunk
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListLogStreams200ResponseInner struct {
+	value *ListLogStreams200ResponseInner
+	isSet bool
+}
+
+func (v NullableListLogStreams200ResponseInner) Get() *ListLogStreams200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListLogStreams200ResponseInner) Set(val *ListLogStreams200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListLogStreams200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListLogStreams200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListLogStreams200ResponseInner(val *ListLogStreams200ResponseInner) *NullableListLogStreams200ResponseInner {
+	return &NullableListLogStreams200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListLogStreams200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListLogStreams200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_policies_200_response_inner.go b/okta/model_list_policies_200_response_inner.go
new file mode 100644
index 000000000..e59ee7bed
--- /dev/null
+++ b/okta/model_list_policies_200_response_inner.go
@@ -0,0 +1,378 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListPolicies200ResponseInner - struct for ListPolicies200ResponseInner
+type ListPolicies200ResponseInner struct {
+	AccessPolicy                *AccessPolicy
+	AuthorizationServerPolicy   *AuthorizationServerPolicy
+	IdentityProviderPolicy      *IdentityProviderPolicy
+	MultifactorEnrollmentPolicy *MultifactorEnrollmentPolicy
+	OktaSignOnPolicy            *OktaSignOnPolicy
+	PasswordPolicy              *PasswordPolicy
+	ProfileEnrollmentPolicy     *ProfileEnrollmentPolicy
+}
+
+// AccessPolicyAsListPolicies200ResponseInner is a convenience function that returns AccessPolicy wrapped in ListPolicies200ResponseInner
+func AccessPolicyAsListPolicies200ResponseInner(v *AccessPolicy) ListPolicies200ResponseInner {
+	return ListPolicies200ResponseInner{
+		AccessPolicy: v,
+	}
+}
+
+// AuthorizationServerPolicyAsListPolicies200ResponseInner is a convenience function that returns AuthorizationServerPolicy wrapped in ListPolicies200ResponseInner
+func AuthorizationServerPolicyAsListPolicies200ResponseInner(v *AuthorizationServerPolicy) ListPolicies200ResponseInner {
+	return ListPolicies200ResponseInner{
+		AuthorizationServerPolicy: v,
+	}
+}
+
+// IdentityProviderPolicyAsListPolicies200ResponseInner is a convenience function that returns IdentityProviderPolicy wrapped in ListPolicies200ResponseInner
+func IdentityProviderPolicyAsListPolicies200ResponseInner(v *IdentityProviderPolicy) ListPolicies200ResponseInner {
+	return ListPolicies200ResponseInner{
+		IdentityProviderPolicy: v,
+	}
+}
+
+// MultifactorEnrollmentPolicyAsListPolicies200ResponseInner is a convenience function that returns MultifactorEnrollmentPolicy wrapped in ListPolicies200ResponseInner
+func MultifactorEnrollmentPolicyAsListPolicies200ResponseInner(v *MultifactorEnrollmentPolicy) ListPolicies200ResponseInner {
+	return ListPolicies200ResponseInner{
+		MultifactorEnrollmentPolicy: v,
+	}
+}
+
+// OktaSignOnPolicyAsListPolicies200ResponseInner is a convenience function that returns OktaSignOnPolicy wrapped in ListPolicies200ResponseInner
+func OktaSignOnPolicyAsListPolicies200ResponseInner(v *OktaSignOnPolicy) ListPolicies200ResponseInner {
+	return ListPolicies200ResponseInner{
+		OktaSignOnPolicy: v,
+	}
+}
+
+// PasswordPolicyAsListPolicies200ResponseInner is a convenience function that returns PasswordPolicy wrapped in ListPolicies200ResponseInner
+func PasswordPolicyAsListPolicies200ResponseInner(v *PasswordPolicy) ListPolicies200ResponseInner {
+	return ListPolicies200ResponseInner{
+		PasswordPolicy: v,
+	}
+}
+
+// ProfileEnrollmentPolicyAsListPolicies200ResponseInner is a convenience function that returns ProfileEnrollmentPolicy wrapped in ListPolicies200ResponseInner
+func ProfileEnrollmentPolicyAsListPolicies200ResponseInner(v *ProfileEnrollmentPolicy) ListPolicies200ResponseInner {
+	return ListPolicies200ResponseInner{
+		ProfileEnrollmentPolicy: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListPolicies200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'ACCESS_POLICY'
+	if jsonDict["type"] == "ACCESS_POLICY" {
+		// try to unmarshal JSON data into AccessPolicy
+		err = json.Unmarshal(data, &dst.AccessPolicy)
+		if err == nil {
+			return nil // data stored in dst.AccessPolicy, return on the first match
+		} else {
+			dst.AccessPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as AccessPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'AccessPolicy'
+	if jsonDict["type"] == "AccessPolicy" {
+		// try to unmarshal JSON data into AccessPolicy
+		err = json.Unmarshal(data, &dst.AccessPolicy)
+		if err == nil {
+			return nil // data stored in dst.AccessPolicy, return on the first match
+		} else {
+			dst.AccessPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as AccessPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'AuthorizationServerPolicy'
+	if jsonDict["type"] == "AuthorizationServerPolicy" {
+		// try to unmarshal JSON data into AuthorizationServerPolicy
+		err = json.Unmarshal(data, &dst.AuthorizationServerPolicy)
+		if err == nil {
+			return nil // data stored in dst.AuthorizationServerPolicy, return on the first match
+		} else {
+			dst.AuthorizationServerPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as AuthorizationServerPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'IDP_DISCOVERY'
+	if jsonDict["type"] == "IDP_DISCOVERY" {
+		// try to unmarshal JSON data into IdentityProviderPolicy
+		err = json.Unmarshal(data, &dst.IdentityProviderPolicy)
+		if err == nil {
+			return nil // data stored in dst.IdentityProviderPolicy, return on the first match
+		} else {
+			dst.IdentityProviderPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as IdentityProviderPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'IdentityProviderPolicy'
+	if jsonDict["type"] == "IdentityProviderPolicy" {
+		// try to unmarshal JSON data into IdentityProviderPolicy
+		err = json.Unmarshal(data, &dst.IdentityProviderPolicy)
+		if err == nil {
+			return nil // data stored in dst.IdentityProviderPolicy, return on the first match
+		} else {
+			dst.IdentityProviderPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as IdentityProviderPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'MFA_ENROLL'
+	if jsonDict["type"] == "MFA_ENROLL" {
+		// try to unmarshal JSON data into MultifactorEnrollmentPolicy
+		err = json.Unmarshal(data, &dst.MultifactorEnrollmentPolicy)
+		if err == nil {
+			return nil // data stored in dst.MultifactorEnrollmentPolicy, return on the first match
+		} else {
+			dst.MultifactorEnrollmentPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as MultifactorEnrollmentPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'MultifactorEnrollmentPolicy'
+	if jsonDict["type"] == "MultifactorEnrollmentPolicy" {
+		// try to unmarshal JSON data into MultifactorEnrollmentPolicy
+		err = json.Unmarshal(data, &dst.MultifactorEnrollmentPolicy)
+		if err == nil {
+			return nil // data stored in dst.MultifactorEnrollmentPolicy, return on the first match
+		} else {
+			dst.MultifactorEnrollmentPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as MultifactorEnrollmentPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'OAUTH_AUTHORIZATION_POLICY'
+	if jsonDict["type"] == "OAUTH_AUTHORIZATION_POLICY" {
+		// try to unmarshal JSON data into AuthorizationServerPolicy
+		err = json.Unmarshal(data, &dst.AuthorizationServerPolicy)
+		if err == nil {
+			return nil // data stored in dst.AuthorizationServerPolicy, return on the first match
+		} else {
+			dst.AuthorizationServerPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as AuthorizationServerPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'OKTA_SIGN_ON'
+	if jsonDict["type"] == "OKTA_SIGN_ON" {
+		// try to unmarshal JSON data into OktaSignOnPolicy
+		err = json.Unmarshal(data, &dst.OktaSignOnPolicy)
+		if err == nil {
+			return nil // data stored in dst.OktaSignOnPolicy, return on the first match
+		} else {
+			dst.OktaSignOnPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as OktaSignOnPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'OktaSignOnPolicy'
+	if jsonDict["type"] == "OktaSignOnPolicy" {
+		// try to unmarshal JSON data into OktaSignOnPolicy
+		err = json.Unmarshal(data, &dst.OktaSignOnPolicy)
+		if err == nil {
+			return nil // data stored in dst.OktaSignOnPolicy, return on the first match
+		} else {
+			dst.OktaSignOnPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as OktaSignOnPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'PASSWORD'
+	if jsonDict["type"] == "PASSWORD" {
+		// try to unmarshal JSON data into PasswordPolicy
+		err = json.Unmarshal(data, &dst.PasswordPolicy)
+		if err == nil {
+			return nil // data stored in dst.PasswordPolicy, return on the first match
+		} else {
+			dst.PasswordPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as PasswordPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'PROFILE_ENROLLMENT'
+	if jsonDict["type"] == "PROFILE_ENROLLMENT" {
+		// try to unmarshal JSON data into ProfileEnrollmentPolicy
+		err = json.Unmarshal(data, &dst.ProfileEnrollmentPolicy)
+		if err == nil {
+			return nil // data stored in dst.ProfileEnrollmentPolicy, return on the first match
+		} else {
+			dst.ProfileEnrollmentPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as ProfileEnrollmentPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'PasswordPolicy'
+	if jsonDict["type"] == "PasswordPolicy" {
+		// try to unmarshal JSON data into PasswordPolicy
+		err = json.Unmarshal(data, &dst.PasswordPolicy)
+		if err == nil {
+			return nil // data stored in dst.PasswordPolicy, return on the first match
+		} else {
+			dst.PasswordPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as PasswordPolicy: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'ProfileEnrollmentPolicy'
+	if jsonDict["type"] == "ProfileEnrollmentPolicy" {
+		// try to unmarshal JSON data into ProfileEnrollmentPolicy
+		err = json.Unmarshal(data, &dst.ProfileEnrollmentPolicy)
+		if err == nil {
+			return nil // data stored in dst.ProfileEnrollmentPolicy, return on the first match
+		} else {
+			dst.ProfileEnrollmentPolicy = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicies200ResponseInner as ProfileEnrollmentPolicy: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListPolicies200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.AccessPolicy != nil {
+		return json.Marshal(&src.AccessPolicy)
+	}
+
+	if src.AuthorizationServerPolicy != nil {
+		return json.Marshal(&src.AuthorizationServerPolicy)
+	}
+
+	if src.IdentityProviderPolicy != nil {
+		return json.Marshal(&src.IdentityProviderPolicy)
+	}
+
+	if src.MultifactorEnrollmentPolicy != nil {
+		return json.Marshal(&src.MultifactorEnrollmentPolicy)
+	}
+
+	if src.OktaSignOnPolicy != nil {
+		return json.Marshal(&src.OktaSignOnPolicy)
+	}
+
+	if src.PasswordPolicy != nil {
+		return json.Marshal(&src.PasswordPolicy)
+	}
+
+	if src.ProfileEnrollmentPolicy != nil {
+		return json.Marshal(&src.ProfileEnrollmentPolicy)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListPolicies200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.AccessPolicy != nil {
+		return obj.AccessPolicy
+	}
+
+	if obj.AuthorizationServerPolicy != nil {
+		return obj.AuthorizationServerPolicy
+	}
+
+	if obj.IdentityProviderPolicy != nil {
+		return obj.IdentityProviderPolicy
+	}
+
+	if obj.MultifactorEnrollmentPolicy != nil {
+		return obj.MultifactorEnrollmentPolicy
+	}
+
+	if obj.OktaSignOnPolicy != nil {
+		return obj.OktaSignOnPolicy
+	}
+
+	if obj.PasswordPolicy != nil {
+		return obj.PasswordPolicy
+	}
+
+	if obj.ProfileEnrollmentPolicy != nil {
+		return obj.ProfileEnrollmentPolicy
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListPolicies200ResponseInner struct {
+	value *ListPolicies200ResponseInner
+	isSet bool
+}
+
+func (v NullableListPolicies200ResponseInner) Get() *ListPolicies200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListPolicies200ResponseInner) Set(val *ListPolicies200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListPolicies200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListPolicies200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListPolicies200ResponseInner(val *ListPolicies200ResponseInner) *NullableListPolicies200ResponseInner {
+	return &NullableListPolicies200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListPolicies200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListPolicies200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_policy_rules_200_response_inner.go b/okta/model_list_policy_rules_200_response_inner.go
new file mode 100644
index 000000000..6fa673cc4
--- /dev/null
+++ b/okta/model_list_policy_rules_200_response_inner.go
@@ -0,0 +1,298 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListPolicyRules200ResponseInner - struct for ListPolicyRules200ResponseInner
+type ListPolicyRules200ResponseInner struct {
+	AccessPolicyRule              *AccessPolicyRule
+	AuthorizationServerPolicyRule *AuthorizationServerPolicyRule
+	OktaSignOnPolicyRule          *OktaSignOnPolicyRule
+	PasswordPolicyRule            *PasswordPolicyRule
+	ProfileEnrollmentPolicyRule   *ProfileEnrollmentPolicyRule
+}
+
+// AccessPolicyRuleAsListPolicyRules200ResponseInner is a convenience function that returns AccessPolicyRule wrapped in ListPolicyRules200ResponseInner
+func AccessPolicyRuleAsListPolicyRules200ResponseInner(v *AccessPolicyRule) ListPolicyRules200ResponseInner {
+	return ListPolicyRules200ResponseInner{
+		AccessPolicyRule: v,
+	}
+}
+
+// AuthorizationServerPolicyRuleAsListPolicyRules200ResponseInner is a convenience function that returns AuthorizationServerPolicyRule wrapped in ListPolicyRules200ResponseInner
+func AuthorizationServerPolicyRuleAsListPolicyRules200ResponseInner(v *AuthorizationServerPolicyRule) ListPolicyRules200ResponseInner {
+	return ListPolicyRules200ResponseInner{
+		AuthorizationServerPolicyRule: v,
+	}
+}
+
+// OktaSignOnPolicyRuleAsListPolicyRules200ResponseInner is a convenience function that returns OktaSignOnPolicyRule wrapped in ListPolicyRules200ResponseInner
+func OktaSignOnPolicyRuleAsListPolicyRules200ResponseInner(v *OktaSignOnPolicyRule) ListPolicyRules200ResponseInner {
+	return ListPolicyRules200ResponseInner{
+		OktaSignOnPolicyRule: v,
+	}
+}
+
+// PasswordPolicyRuleAsListPolicyRules200ResponseInner is a convenience function that returns PasswordPolicyRule wrapped in ListPolicyRules200ResponseInner
+func PasswordPolicyRuleAsListPolicyRules200ResponseInner(v *PasswordPolicyRule) ListPolicyRules200ResponseInner {
+	return ListPolicyRules200ResponseInner{
+		PasswordPolicyRule: v,
+	}
+}
+
+// ProfileEnrollmentPolicyRuleAsListPolicyRules200ResponseInner is a convenience function that returns ProfileEnrollmentPolicyRule wrapped in ListPolicyRules200ResponseInner
+func ProfileEnrollmentPolicyRuleAsListPolicyRules200ResponseInner(v *ProfileEnrollmentPolicyRule) ListPolicyRules200ResponseInner {
+	return ListPolicyRules200ResponseInner{
+		ProfileEnrollmentPolicyRule: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListPolicyRules200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'ACCESS_POLICY'
+	if jsonDict["type"] == "ACCESS_POLICY" {
+		// try to unmarshal JSON data into AccessPolicyRule
+		err = json.Unmarshal(data, &dst.AccessPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.AccessPolicyRule, return on the first match
+		} else {
+			dst.AccessPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as AccessPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'AccessPolicyRule'
+	if jsonDict["type"] == "AccessPolicyRule" {
+		// try to unmarshal JSON data into AccessPolicyRule
+		err = json.Unmarshal(data, &dst.AccessPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.AccessPolicyRule, return on the first match
+		} else {
+			dst.AccessPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as AccessPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'AuthorizationServerPolicyRule'
+	if jsonDict["type"] == "AuthorizationServerPolicyRule" {
+		// try to unmarshal JSON data into AuthorizationServerPolicyRule
+		err = json.Unmarshal(data, &dst.AuthorizationServerPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.AuthorizationServerPolicyRule, return on the first match
+		} else {
+			dst.AuthorizationServerPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as AuthorizationServerPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'OktaSignOnPolicyRule'
+	if jsonDict["type"] == "OktaSignOnPolicyRule" {
+		// try to unmarshal JSON data into OktaSignOnPolicyRule
+		err = json.Unmarshal(data, &dst.OktaSignOnPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.OktaSignOnPolicyRule, return on the first match
+		} else {
+			dst.OktaSignOnPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as OktaSignOnPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'PASSWORD'
+	if jsonDict["type"] == "PASSWORD" {
+		// try to unmarshal JSON data into PasswordPolicyRule
+		err = json.Unmarshal(data, &dst.PasswordPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.PasswordPolicyRule, return on the first match
+		} else {
+			dst.PasswordPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as PasswordPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'PROFILE_ENROLLMENT'
+	if jsonDict["type"] == "PROFILE_ENROLLMENT" {
+		// try to unmarshal JSON data into ProfileEnrollmentPolicyRule
+		err = json.Unmarshal(data, &dst.ProfileEnrollmentPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.ProfileEnrollmentPolicyRule, return on the first match
+		} else {
+			dst.ProfileEnrollmentPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as ProfileEnrollmentPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'PasswordPolicyRule'
+	if jsonDict["type"] == "PasswordPolicyRule" {
+		// try to unmarshal JSON data into PasswordPolicyRule
+		err = json.Unmarshal(data, &dst.PasswordPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.PasswordPolicyRule, return on the first match
+		} else {
+			dst.PasswordPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as PasswordPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'ProfileEnrollmentPolicyRule'
+	if jsonDict["type"] == "ProfileEnrollmentPolicyRule" {
+		// try to unmarshal JSON data into ProfileEnrollmentPolicyRule
+		err = json.Unmarshal(data, &dst.ProfileEnrollmentPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.ProfileEnrollmentPolicyRule, return on the first match
+		} else {
+			dst.ProfileEnrollmentPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as ProfileEnrollmentPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'RESOURCE_ACCESS'
+	if jsonDict["type"] == "RESOURCE_ACCESS" {
+		// try to unmarshal JSON data into AuthorizationServerPolicyRule
+		err = json.Unmarshal(data, &dst.AuthorizationServerPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.AuthorizationServerPolicyRule, return on the first match
+		} else {
+			dst.AuthorizationServerPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as AuthorizationServerPolicyRule: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'SIGN_ON'
+	if jsonDict["type"] == "SIGN_ON" {
+		// try to unmarshal JSON data into OktaSignOnPolicyRule
+		err = json.Unmarshal(data, &dst.OktaSignOnPolicyRule)
+		if err == nil {
+			return nil // data stored in dst.OktaSignOnPolicyRule, return on the first match
+		} else {
+			dst.OktaSignOnPolicyRule = nil
+			return fmt.Errorf("Failed to unmarshal ListPolicyRules200ResponseInner as OktaSignOnPolicyRule: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListPolicyRules200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.AccessPolicyRule != nil {
+		return json.Marshal(&src.AccessPolicyRule)
+	}
+
+	if src.AuthorizationServerPolicyRule != nil {
+		return json.Marshal(&src.AuthorizationServerPolicyRule)
+	}
+
+	if src.OktaSignOnPolicyRule != nil {
+		return json.Marshal(&src.OktaSignOnPolicyRule)
+	}
+
+	if src.PasswordPolicyRule != nil {
+		return json.Marshal(&src.PasswordPolicyRule)
+	}
+
+	if src.ProfileEnrollmentPolicyRule != nil {
+		return json.Marshal(&src.ProfileEnrollmentPolicyRule)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListPolicyRules200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.AccessPolicyRule != nil {
+		return obj.AccessPolicyRule
+	}
+
+	if obj.AuthorizationServerPolicyRule != nil {
+		return obj.AuthorizationServerPolicyRule
+	}
+
+	if obj.OktaSignOnPolicyRule != nil {
+		return obj.OktaSignOnPolicyRule
+	}
+
+	if obj.PasswordPolicyRule != nil {
+		return obj.PasswordPolicyRule
+	}
+
+	if obj.ProfileEnrollmentPolicyRule != nil {
+		return obj.ProfileEnrollmentPolicyRule
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListPolicyRules200ResponseInner struct {
+	value *ListPolicyRules200ResponseInner
+	isSet bool
+}
+
+func (v NullableListPolicyRules200ResponseInner) Get() *ListPolicyRules200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListPolicyRules200ResponseInner) Set(val *ListPolicyRules200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListPolicyRules200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListPolicyRules200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListPolicyRules200ResponseInner(val *ListPolicyRules200ResponseInner) *NullableListPolicyRules200ResponseInner {
+	return &NullableListPolicyRules200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListPolicyRules200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListPolicyRules200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_list_push_providers_200_response_inner.go b/okta/model_list_push_providers_200_response_inner.go
new file mode 100644
index 000000000..e37317bce
--- /dev/null
+++ b/okta/model_list_push_providers_200_response_inner.go
@@ -0,0 +1,178 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// model_oneof.mustache
+// ListPushProviders200ResponseInner - struct for ListPushProviders200ResponseInner
+type ListPushProviders200ResponseInner struct {
+	APNSPushProvider *APNSPushProvider
+	FCMPushProvider  *FCMPushProvider
+}
+
+// APNSPushProviderAsListPushProviders200ResponseInner is a convenience function that returns APNSPushProvider wrapped in ListPushProviders200ResponseInner
+func APNSPushProviderAsListPushProviders200ResponseInner(v *APNSPushProvider) ListPushProviders200ResponseInner {
+	return ListPushProviders200ResponseInner{
+		APNSPushProvider: v,
+	}
+}
+
+// FCMPushProviderAsListPushProviders200ResponseInner is a convenience function that returns FCMPushProvider wrapped in ListPushProviders200ResponseInner
+func FCMPushProviderAsListPushProviders200ResponseInner(v *FCMPushProvider) ListPushProviders200ResponseInner {
+	return ListPushProviders200ResponseInner{
+		FCMPushProvider: v,
+	}
+}
+
+// Unmarshal JSON data into one of the pointers in the struct  CUSTOM
+func (dst *ListPushProviders200ResponseInner) UnmarshalJSON(data []byte) error {
+	var err error
+	// use discriminator value to speed up the lookup
+	var jsonDict map[string]interface{}
+	err = newStrictDecoder(data).Decode(&jsonDict)
+	if err != nil {
+		return fmt.Errorf("Failed to unmarshal JSON into map for the discriminator lookup.")
+	}
+
+	// check if the discriminator value is 'APNS'
+	if jsonDict["providerType"] == "APNS" {
+		// try to unmarshal JSON data into APNSPushProvider
+		err = json.Unmarshal(data, &dst.APNSPushProvider)
+		if err == nil {
+			return nil // data stored in dst.APNSPushProvider, return on the first match
+		} else {
+			dst.APNSPushProvider = nil
+			return fmt.Errorf("Failed to unmarshal ListPushProviders200ResponseInner as APNSPushProvider: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'APNSPushProvider'
+	if jsonDict["providerType"] == "APNSPushProvider" {
+		// try to unmarshal JSON data into APNSPushProvider
+		err = json.Unmarshal(data, &dst.APNSPushProvider)
+		if err == nil {
+			return nil // data stored in dst.APNSPushProvider, return on the first match
+		} else {
+			dst.APNSPushProvider = nil
+			return fmt.Errorf("Failed to unmarshal ListPushProviders200ResponseInner as APNSPushProvider: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'FCM'
+	if jsonDict["providerType"] == "FCM" {
+		// try to unmarshal JSON data into FCMPushProvider
+		err = json.Unmarshal(data, &dst.FCMPushProvider)
+		if err == nil {
+			return nil // data stored in dst.FCMPushProvider, return on the first match
+		} else {
+			dst.FCMPushProvider = nil
+			return fmt.Errorf("Failed to unmarshal ListPushProviders200ResponseInner as FCMPushProvider: %s", err.Error())
+		}
+	}
+
+	// check if the discriminator value is 'FCMPushProvider'
+	if jsonDict["providerType"] == "FCMPushProvider" {
+		// try to unmarshal JSON data into FCMPushProvider
+		err = json.Unmarshal(data, &dst.FCMPushProvider)
+		if err == nil {
+			return nil // data stored in dst.FCMPushProvider, return on the first match
+		} else {
+			dst.FCMPushProvider = nil
+			return fmt.Errorf("Failed to unmarshal ListPushProviders200ResponseInner as FCMPushProvider: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+// Marshal data from the first non-nil pointers in the struct to JSON
+func (src ListPushProviders200ResponseInner) MarshalJSON() ([]byte, error) {
+	if src.APNSPushProvider != nil {
+		return json.Marshal(&src.APNSPushProvider)
+	}
+
+	if src.FCMPushProvider != nil {
+		return json.Marshal(&src.FCMPushProvider)
+	}
+
+	return nil, nil // no data in oneOf schemas
+}
+
+// Get the actual instance
+func (obj *ListPushProviders200ResponseInner) GetActualInstance() interface{} {
+	if obj == nil {
+		return nil
+	}
+	if obj.APNSPushProvider != nil {
+		return obj.APNSPushProvider
+	}
+
+	if obj.FCMPushProvider != nil {
+		return obj.FCMPushProvider
+	}
+
+	// all schemas are nil
+	return nil
+}
+
+type NullableListPushProviders200ResponseInner struct {
+	value *ListPushProviders200ResponseInner
+	isSet bool
+}
+
+func (v NullableListPushProviders200ResponseInner) Get() *ListPushProviders200ResponseInner {
+	return v.value
+}
+
+func (v *NullableListPushProviders200ResponseInner) Set(val *ListPushProviders200ResponseInner) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableListPushProviders200ResponseInner) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableListPushProviders200ResponseInner) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableListPushProviders200ResponseInner(val *ListPushProviders200ResponseInner) *NullableListPushProviders200ResponseInner {
+	return &NullableListPushProviders200ResponseInner{value: val, isSet: true}
+}
+
+func (v NullableListPushProviders200ResponseInner) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableListPushProviders200ResponseInner) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_loading_page_touch_point_variant.go b/okta/model_loading_page_touch_point_variant.go
new file mode 100644
index 000000000..7d09e18ff
--- /dev/null
+++ b/okta/model_loading_page_touch_point_variant.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LoadingPageTouchPointVariant the model 'LoadingPageTouchPointVariant'
+type LoadingPageTouchPointVariant string
+
+// List of LoadingPageTouchPointVariant
+const (
+	LOADINGPAGETOUCHPOINTVARIANT_NONE         LoadingPageTouchPointVariant = "NONE"
+	LOADINGPAGETOUCHPOINTVARIANT_OKTA_DEFAULT LoadingPageTouchPointVariant = "OKTA_DEFAULT"
+)
+
+// All allowed values of LoadingPageTouchPointVariant enum
+var AllowedLoadingPageTouchPointVariantEnumValues = []LoadingPageTouchPointVariant{
+	"NONE",
+	"OKTA_DEFAULT",
+}
+
+func (v *LoadingPageTouchPointVariant) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LoadingPageTouchPointVariant(value)
+	for _, existing := range AllowedLoadingPageTouchPointVariantEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LoadingPageTouchPointVariant", value)
+}
+
+// NewLoadingPageTouchPointVariantFromValue returns a pointer to a valid LoadingPageTouchPointVariant
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLoadingPageTouchPointVariantFromValue(v string) (*LoadingPageTouchPointVariant, error) {
+	ev := LoadingPageTouchPointVariant(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LoadingPageTouchPointVariant: valid values are %v", v, AllowedLoadingPageTouchPointVariantEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LoadingPageTouchPointVariant) IsValid() bool {
+	for _, existing := range AllowedLoadingPageTouchPointVariantEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LoadingPageTouchPointVariant value
+func (v LoadingPageTouchPointVariant) Ptr() *LoadingPageTouchPointVariant {
+	return &v
+}
+
+type NullableLoadingPageTouchPointVariant struct {
+	value *LoadingPageTouchPointVariant
+	isSet bool
+}
+
+func (v NullableLoadingPageTouchPointVariant) Get() *LoadingPageTouchPointVariant {
+	return v.value
+}
+
+func (v *NullableLoadingPageTouchPointVariant) Set(val *LoadingPageTouchPointVariant) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLoadingPageTouchPointVariant) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLoadingPageTouchPointVariant) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLoadingPageTouchPointVariant(val *LoadingPageTouchPointVariant) *NullableLoadingPageTouchPointVariant {
+	return &NullableLoadingPageTouchPointVariant{value: val, isSet: true}
+}
+
+func (v NullableLoadingPageTouchPointVariant) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLoadingPageTouchPointVariant) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_location_granularity.go b/okta/model_location_granularity.go
new file mode 100644
index 000000000..cb813b4f3
--- /dev/null
+++ b/okta/model_location_granularity.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LocationGranularity the model 'LocationGranularity'
+type LocationGranularity string
+
+// List of LocationGranularity
+const (
+	LOCATIONGRANULARITY_CITY        LocationGranularity = "CITY"
+	LOCATIONGRANULARITY_COUNTRY     LocationGranularity = "COUNTRY"
+	LOCATIONGRANULARITY_LAT_LONG    LocationGranularity = "LAT_LONG"
+	LOCATIONGRANULARITY_SUBDIVISION LocationGranularity = "SUBDIVISION"
+)
+
+// All allowed values of LocationGranularity enum
+var AllowedLocationGranularityEnumValues = []LocationGranularity{
+	"CITY",
+	"COUNTRY",
+	"LAT_LONG",
+	"SUBDIVISION",
+}
+
+func (v *LocationGranularity) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LocationGranularity(value)
+	for _, existing := range AllowedLocationGranularityEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LocationGranularity", value)
+}
+
+// NewLocationGranularityFromValue returns a pointer to a valid LocationGranularity
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLocationGranularityFromValue(v string) (*LocationGranularity, error) {
+	ev := LocationGranularity(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LocationGranularity: valid values are %v", v, AllowedLocationGranularityEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LocationGranularity) IsValid() bool {
+	for _, existing := range AllowedLocationGranularityEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LocationGranularity value
+func (v LocationGranularity) Ptr() *LocationGranularity {
+	return &v
+}
+
+type NullableLocationGranularity struct {
+	value *LocationGranularity
+	isSet bool
+}
+
+func (v NullableLocationGranularity) Get() *LocationGranularity {
+	return v.value
+}
+
+func (v *NullableLocationGranularity) Set(val *LocationGranularity) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLocationGranularity) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLocationGranularity) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLocationGranularity(val *LocationGranularity) *NullableLocationGranularity {
+	return &NullableLocationGranularity{value: val, isSet: true}
+}
+
+func (v NullableLocationGranularity) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLocationGranularity) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_actor.go b/okta/model_log_actor.go
new file mode 100644
index 000000000..78c45f924
--- /dev/null
+++ b/okta/model_log_actor.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogActor struct for LogActor
+type LogActor struct {
+	AlternateId          *string                           `json:"alternateId,omitempty"`
+	Detail               map[string]map[string]interface{} `json:"detail,omitempty"`
+	DisplayName          *string                           `json:"displayName,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Type                 *string                           `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogActor LogActor
+
+// NewLogActor instantiates a new LogActor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogActor() *LogActor {
+	this := LogActor{}
+	return &this
+}
+
+// NewLogActorWithDefaults instantiates a new LogActor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogActorWithDefaults() *LogActor {
+	this := LogActor{}
+	return &this
+}
+
+// GetAlternateId returns the AlternateId field value if set, zero value otherwise.
+func (o *LogActor) GetAlternateId() string {
+	if o == nil || o.AlternateId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AlternateId
+}
+
+// GetAlternateIdOk returns a tuple with the AlternateId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogActor) GetAlternateIdOk() (*string, bool) {
+	if o == nil || o.AlternateId == nil {
+		return nil, false
+	}
+	return o.AlternateId, true
+}
+
+// HasAlternateId returns a boolean if a field has been set.
+func (o *LogActor) HasAlternateId() bool {
+	if o != nil && o.AlternateId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlternateId gets a reference to the given string and assigns it to the AlternateId field.
+func (o *LogActor) SetAlternateId(v string) {
+	o.AlternateId = &v
+}
+
+// GetDetail returns the Detail field value if set, zero value otherwise.
+func (o *LogActor) GetDetail() map[string]map[string]interface{} {
+	if o == nil || o.Detail == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Detail
+}
+
+// GetDetailOk returns a tuple with the Detail field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogActor) GetDetailOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Detail == nil {
+		return nil, false
+	}
+	return o.Detail, true
+}
+
+// HasDetail returns a boolean if a field has been set.
+func (o *LogActor) HasDetail() bool {
+	if o != nil && o.Detail != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDetail gets a reference to the given map[string]map[string]interface{} and assigns it to the Detail field.
+func (o *LogActor) SetDetail(v map[string]map[string]interface{}) {
+	o.Detail = v
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *LogActor) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogActor) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *LogActor) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *LogActor) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *LogActor) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogActor) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *LogActor) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *LogActor) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *LogActor) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogActor) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *LogActor) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *LogActor) SetType(v string) {
+	o.Type = &v
+}
+
+func (o LogActor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AlternateId != nil {
+		toSerialize["alternateId"] = o.AlternateId
+	}
+	if o.Detail != nil {
+		toSerialize["detail"] = o.Detail
+	}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogActor) UnmarshalJSON(bytes []byte) (err error) {
+	varLogActor := _LogActor{}
+
+	err = json.Unmarshal(bytes, &varLogActor)
+	if err == nil {
+		*o = LogActor(varLogActor)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "alternateId")
+		delete(additionalProperties, "detail")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogActor struct {
+	value *LogActor
+	isSet bool
+}
+
+func (v NullableLogActor) Get() *LogActor {
+	return v.value
+}
+
+func (v *NullableLogActor) Set(val *LogActor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogActor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogActor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogActor(val *LogActor) *NullableLogActor {
+	return &NullableLogActor{value: val, isSet: true}
+}
+
+func (v NullableLogActor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogActor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_authentication_context.go b/okta/model_log_authentication_context.go
new file mode 100644
index 000000000..967115365
--- /dev/null
+++ b/okta/model_log_authentication_context.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogAuthenticationContext struct for LogAuthenticationContext
+type LogAuthenticationContext struct {
+	AuthenticationProvider *LogAuthenticationProvider `json:"authenticationProvider,omitempty"`
+	AuthenticationStep     *int32                     `json:"authenticationStep,omitempty"`
+	CredentialProvider     *LogCredentialProvider     `json:"credentialProvider,omitempty"`
+	CredentialType         *LogCredentialType         `json:"credentialType,omitempty"`
+	ExternalSessionId      *string                    `json:"externalSessionId,omitempty"`
+	Interface              *string                    `json:"interface,omitempty"`
+	Issuer                 *LogIssuer                 `json:"issuer,omitempty"`
+	AdditionalProperties   map[string]interface{}
+}
+
+type _LogAuthenticationContext LogAuthenticationContext
+
+// NewLogAuthenticationContext instantiates a new LogAuthenticationContext object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogAuthenticationContext() *LogAuthenticationContext {
+	this := LogAuthenticationContext{}
+	return &this
+}
+
+// NewLogAuthenticationContextWithDefaults instantiates a new LogAuthenticationContext object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogAuthenticationContextWithDefaults() *LogAuthenticationContext {
+	this := LogAuthenticationContext{}
+	return &this
+}
+
+// GetAuthenticationProvider returns the AuthenticationProvider field value if set, zero value otherwise.
+func (o *LogAuthenticationContext) GetAuthenticationProvider() LogAuthenticationProvider {
+	if o == nil || o.AuthenticationProvider == nil {
+		var ret LogAuthenticationProvider
+		return ret
+	}
+	return *o.AuthenticationProvider
+}
+
+// GetAuthenticationProviderOk returns a tuple with the AuthenticationProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogAuthenticationContext) GetAuthenticationProviderOk() (*LogAuthenticationProvider, bool) {
+	if o == nil || o.AuthenticationProvider == nil {
+		return nil, false
+	}
+	return o.AuthenticationProvider, true
+}
+
+// HasAuthenticationProvider returns a boolean if a field has been set.
+func (o *LogAuthenticationContext) HasAuthenticationProvider() bool {
+	if o != nil && o.AuthenticationProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthenticationProvider gets a reference to the given LogAuthenticationProvider and assigns it to the AuthenticationProvider field.
+func (o *LogAuthenticationContext) SetAuthenticationProvider(v LogAuthenticationProvider) {
+	o.AuthenticationProvider = &v
+}
+
+// GetAuthenticationStep returns the AuthenticationStep field value if set, zero value otherwise.
+func (o *LogAuthenticationContext) GetAuthenticationStep() int32 {
+	if o == nil || o.AuthenticationStep == nil {
+		var ret int32
+		return ret
+	}
+	return *o.AuthenticationStep
+}
+
+// GetAuthenticationStepOk returns a tuple with the AuthenticationStep field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogAuthenticationContext) GetAuthenticationStepOk() (*int32, bool) {
+	if o == nil || o.AuthenticationStep == nil {
+		return nil, false
+	}
+	return o.AuthenticationStep, true
+}
+
+// HasAuthenticationStep returns a boolean if a field has been set.
+func (o *LogAuthenticationContext) HasAuthenticationStep() bool {
+	if o != nil && o.AuthenticationStep != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthenticationStep gets a reference to the given int32 and assigns it to the AuthenticationStep field.
+func (o *LogAuthenticationContext) SetAuthenticationStep(v int32) {
+	o.AuthenticationStep = &v
+}
+
+// GetCredentialProvider returns the CredentialProvider field value if set, zero value otherwise.
+func (o *LogAuthenticationContext) GetCredentialProvider() LogCredentialProvider {
+	if o == nil || o.CredentialProvider == nil {
+		var ret LogCredentialProvider
+		return ret
+	}
+	return *o.CredentialProvider
+}
+
+// GetCredentialProviderOk returns a tuple with the CredentialProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogAuthenticationContext) GetCredentialProviderOk() (*LogCredentialProvider, bool) {
+	if o == nil || o.CredentialProvider == nil {
+		return nil, false
+	}
+	return o.CredentialProvider, true
+}
+
+// HasCredentialProvider returns a boolean if a field has been set.
+func (o *LogAuthenticationContext) HasCredentialProvider() bool {
+	if o != nil && o.CredentialProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialProvider gets a reference to the given LogCredentialProvider and assigns it to the CredentialProvider field.
+func (o *LogAuthenticationContext) SetCredentialProvider(v LogCredentialProvider) {
+	o.CredentialProvider = &v
+}
+
+// GetCredentialType returns the CredentialType field value if set, zero value otherwise.
+func (o *LogAuthenticationContext) GetCredentialType() LogCredentialType {
+	if o == nil || o.CredentialType == nil {
+		var ret LogCredentialType
+		return ret
+	}
+	return *o.CredentialType
+}
+
+// GetCredentialTypeOk returns a tuple with the CredentialType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogAuthenticationContext) GetCredentialTypeOk() (*LogCredentialType, bool) {
+	if o == nil || o.CredentialType == nil {
+		return nil, false
+	}
+	return o.CredentialType, true
+}
+
+// HasCredentialType returns a boolean if a field has been set.
+func (o *LogAuthenticationContext) HasCredentialType() bool {
+	if o != nil && o.CredentialType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialType gets a reference to the given LogCredentialType and assigns it to the CredentialType field.
+func (o *LogAuthenticationContext) SetCredentialType(v LogCredentialType) {
+	o.CredentialType = &v
+}
+
+// GetExternalSessionId returns the ExternalSessionId field value if set, zero value otherwise.
+func (o *LogAuthenticationContext) GetExternalSessionId() string {
+	if o == nil || o.ExternalSessionId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalSessionId
+}
+
+// GetExternalSessionIdOk returns a tuple with the ExternalSessionId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogAuthenticationContext) GetExternalSessionIdOk() (*string, bool) {
+	if o == nil || o.ExternalSessionId == nil {
+		return nil, false
+	}
+	return o.ExternalSessionId, true
+}
+
+// HasExternalSessionId returns a boolean if a field has been set.
+func (o *LogAuthenticationContext) HasExternalSessionId() bool {
+	if o != nil && o.ExternalSessionId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalSessionId gets a reference to the given string and assigns it to the ExternalSessionId field.
+func (o *LogAuthenticationContext) SetExternalSessionId(v string) {
+	o.ExternalSessionId = &v
+}
+
+// GetInterface returns the Interface field value if set, zero value otherwise.
+func (o *LogAuthenticationContext) GetInterface() string {
+	if o == nil || o.Interface == nil {
+		var ret string
+		return ret
+	}
+	return *o.Interface
+}
+
+// GetInterfaceOk returns a tuple with the Interface field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogAuthenticationContext) GetInterfaceOk() (*string, bool) {
+	if o == nil || o.Interface == nil {
+		return nil, false
+	}
+	return o.Interface, true
+}
+
+// HasInterface returns a boolean if a field has been set.
+func (o *LogAuthenticationContext) HasInterface() bool {
+	if o != nil && o.Interface != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInterface gets a reference to the given string and assigns it to the Interface field.
+func (o *LogAuthenticationContext) SetInterface(v string) {
+	o.Interface = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *LogAuthenticationContext) GetIssuer() LogIssuer {
+	if o == nil || o.Issuer == nil {
+		var ret LogIssuer
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogAuthenticationContext) GetIssuerOk() (*LogIssuer, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *LogAuthenticationContext) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given LogIssuer and assigns it to the Issuer field.
+func (o *LogAuthenticationContext) SetIssuer(v LogIssuer) {
+	o.Issuer = &v
+}
+
+func (o LogAuthenticationContext) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthenticationProvider != nil {
+		toSerialize["authenticationProvider"] = o.AuthenticationProvider
+	}
+	if o.AuthenticationStep != nil {
+		toSerialize["authenticationStep"] = o.AuthenticationStep
+	}
+	if o.CredentialProvider != nil {
+		toSerialize["credentialProvider"] = o.CredentialProvider
+	}
+	if o.CredentialType != nil {
+		toSerialize["credentialType"] = o.CredentialType
+	}
+	if o.ExternalSessionId != nil {
+		toSerialize["externalSessionId"] = o.ExternalSessionId
+	}
+	if o.Interface != nil {
+		toSerialize["interface"] = o.Interface
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogAuthenticationContext) UnmarshalJSON(bytes []byte) (err error) {
+	varLogAuthenticationContext := _LogAuthenticationContext{}
+
+	err = json.Unmarshal(bytes, &varLogAuthenticationContext)
+	if err == nil {
+		*o = LogAuthenticationContext(varLogAuthenticationContext)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authenticationProvider")
+		delete(additionalProperties, "authenticationStep")
+		delete(additionalProperties, "credentialProvider")
+		delete(additionalProperties, "credentialType")
+		delete(additionalProperties, "externalSessionId")
+		delete(additionalProperties, "interface")
+		delete(additionalProperties, "issuer")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogAuthenticationContext struct {
+	value *LogAuthenticationContext
+	isSet bool
+}
+
+func (v NullableLogAuthenticationContext) Get() *LogAuthenticationContext {
+	return v.value
+}
+
+func (v *NullableLogAuthenticationContext) Set(val *LogAuthenticationContext) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogAuthenticationContext) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogAuthenticationContext) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogAuthenticationContext(val *LogAuthenticationContext) *NullableLogAuthenticationContext {
+	return &NullableLogAuthenticationContext{value: val, isSet: true}
+}
+
+func (v NullableLogAuthenticationContext) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogAuthenticationContext) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_authentication_provider.go b/okta/model_log_authentication_provider.go
new file mode 100644
index 000000000..1c409b96b
--- /dev/null
+++ b/okta/model_log_authentication_provider.go
@@ -0,0 +1,132 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LogAuthenticationProvider the model 'LogAuthenticationProvider'
+type LogAuthenticationProvider string
+
+// List of LogAuthenticationProvider
+const (
+	LOGAUTHENTICATIONPROVIDER_ACTIVE_DIRECTORY             LogAuthenticationProvider = "ACTIVE_DIRECTORY"
+	LOGAUTHENTICATIONPROVIDER_FACTOR_PROVIDER              LogAuthenticationProvider = "FACTOR_PROVIDER"
+	LOGAUTHENTICATIONPROVIDER_FEDERATION                   LogAuthenticationProvider = "FEDERATION"
+	LOGAUTHENTICATIONPROVIDER_LDAP                         LogAuthenticationProvider = "LDAP"
+	LOGAUTHENTICATIONPROVIDER_OKTA_AUTHENTICATION_PROVIDER LogAuthenticationProvider = "OKTA_AUTHENTICATION_PROVIDER"
+	LOGAUTHENTICATIONPROVIDER_SOCIAL                       LogAuthenticationProvider = "SOCIAL"
+)
+
+// All allowed values of LogAuthenticationProvider enum
+var AllowedLogAuthenticationProviderEnumValues = []LogAuthenticationProvider{
+	"ACTIVE_DIRECTORY",
+	"FACTOR_PROVIDER",
+	"FEDERATION",
+	"LDAP",
+	"OKTA_AUTHENTICATION_PROVIDER",
+	"SOCIAL",
+}
+
+func (v *LogAuthenticationProvider) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LogAuthenticationProvider(value)
+	for _, existing := range AllowedLogAuthenticationProviderEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LogAuthenticationProvider", value)
+}
+
+// NewLogAuthenticationProviderFromValue returns a pointer to a valid LogAuthenticationProvider
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLogAuthenticationProviderFromValue(v string) (*LogAuthenticationProvider, error) {
+	ev := LogAuthenticationProvider(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LogAuthenticationProvider: valid values are %v", v, AllowedLogAuthenticationProviderEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LogAuthenticationProvider) IsValid() bool {
+	for _, existing := range AllowedLogAuthenticationProviderEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LogAuthenticationProvider value
+func (v LogAuthenticationProvider) Ptr() *LogAuthenticationProvider {
+	return &v
+}
+
+type NullableLogAuthenticationProvider struct {
+	value *LogAuthenticationProvider
+	isSet bool
+}
+
+func (v NullableLogAuthenticationProvider) Get() *LogAuthenticationProvider {
+	return v.value
+}
+
+func (v *NullableLogAuthenticationProvider) Set(val *LogAuthenticationProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogAuthenticationProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogAuthenticationProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogAuthenticationProvider(val *LogAuthenticationProvider) *NullableLogAuthenticationProvider {
+	return &NullableLogAuthenticationProvider{value: val, isSet: true}
+}
+
+func (v NullableLogAuthenticationProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogAuthenticationProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_client.go b/okta/model_log_client.go
new file mode 100644
index 000000000..2a59240de
--- /dev/null
+++ b/okta/model_log_client.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogClient struct for LogClient
+type LogClient struct {
+	Device               *string                 `json:"device,omitempty"`
+	GeographicalContext  *LogGeographicalContext `json:"geographicalContext,omitempty"`
+	Id                   *string                 `json:"id,omitempty"`
+	IpAddress            *string                 `json:"ipAddress,omitempty"`
+	UserAgent            *LogUserAgent           `json:"userAgent,omitempty"`
+	Zone                 *string                 `json:"zone,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogClient LogClient
+
+// NewLogClient instantiates a new LogClient object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogClient() *LogClient {
+	this := LogClient{}
+	return &this
+}
+
+// NewLogClientWithDefaults instantiates a new LogClient object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogClientWithDefaults() *LogClient {
+	this := LogClient{}
+	return &this
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *LogClient) GetDevice() string {
+	if o == nil || o.Device == nil {
+		var ret string
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogClient) GetDeviceOk() (*string, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *LogClient) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given string and assigns it to the Device field.
+func (o *LogClient) SetDevice(v string) {
+	o.Device = &v
+}
+
+// GetGeographicalContext returns the GeographicalContext field value if set, zero value otherwise.
+func (o *LogClient) GetGeographicalContext() LogGeographicalContext {
+	if o == nil || o.GeographicalContext == nil {
+		var ret LogGeographicalContext
+		return ret
+	}
+	return *o.GeographicalContext
+}
+
+// GetGeographicalContextOk returns a tuple with the GeographicalContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogClient) GetGeographicalContextOk() (*LogGeographicalContext, bool) {
+	if o == nil || o.GeographicalContext == nil {
+		return nil, false
+	}
+	return o.GeographicalContext, true
+}
+
+// HasGeographicalContext returns a boolean if a field has been set.
+func (o *LogClient) HasGeographicalContext() bool {
+	if o != nil && o.GeographicalContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGeographicalContext gets a reference to the given LogGeographicalContext and assigns it to the GeographicalContext field.
+func (o *LogClient) SetGeographicalContext(v LogGeographicalContext) {
+	o.GeographicalContext = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *LogClient) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogClient) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *LogClient) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *LogClient) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIpAddress returns the IpAddress field value if set, zero value otherwise.
+func (o *LogClient) GetIpAddress() string {
+	if o == nil || o.IpAddress == nil {
+		var ret string
+		return ret
+	}
+	return *o.IpAddress
+}
+
+// GetIpAddressOk returns a tuple with the IpAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogClient) GetIpAddressOk() (*string, bool) {
+	if o == nil || o.IpAddress == nil {
+		return nil, false
+	}
+	return o.IpAddress, true
+}
+
+// HasIpAddress returns a boolean if a field has been set.
+func (o *LogClient) HasIpAddress() bool {
+	if o != nil && o.IpAddress != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIpAddress gets a reference to the given string and assigns it to the IpAddress field.
+func (o *LogClient) SetIpAddress(v string) {
+	o.IpAddress = &v
+}
+
+// GetUserAgent returns the UserAgent field value if set, zero value otherwise.
+func (o *LogClient) GetUserAgent() LogUserAgent {
+	if o == nil || o.UserAgent == nil {
+		var ret LogUserAgent
+		return ret
+	}
+	return *o.UserAgent
+}
+
+// GetUserAgentOk returns a tuple with the UserAgent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogClient) GetUserAgentOk() (*LogUserAgent, bool) {
+	if o == nil || o.UserAgent == nil {
+		return nil, false
+	}
+	return o.UserAgent, true
+}
+
+// HasUserAgent returns a boolean if a field has been set.
+func (o *LogClient) HasUserAgent() bool {
+	if o != nil && o.UserAgent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserAgent gets a reference to the given LogUserAgent and assigns it to the UserAgent field.
+func (o *LogClient) SetUserAgent(v LogUserAgent) {
+	o.UserAgent = &v
+}
+
+// GetZone returns the Zone field value if set, zero value otherwise.
+func (o *LogClient) GetZone() string {
+	if o == nil || o.Zone == nil {
+		var ret string
+		return ret
+	}
+	return *o.Zone
+}
+
+// GetZoneOk returns a tuple with the Zone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogClient) GetZoneOk() (*string, bool) {
+	if o == nil || o.Zone == nil {
+		return nil, false
+	}
+	return o.Zone, true
+}
+
+// HasZone returns a boolean if a field has been set.
+func (o *LogClient) HasZone() bool {
+	if o != nil && o.Zone != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetZone gets a reference to the given string and assigns it to the Zone field.
+func (o *LogClient) SetZone(v string) {
+	o.Zone = &v
+}
+
+func (o LogClient) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GeographicalContext != nil {
+		toSerialize["geographicalContext"] = o.GeographicalContext
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.IpAddress != nil {
+		toSerialize["ipAddress"] = o.IpAddress
+	}
+	if o.UserAgent != nil {
+		toSerialize["userAgent"] = o.UserAgent
+	}
+	if o.Zone != nil {
+		toSerialize["zone"] = o.Zone
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogClient) UnmarshalJSON(bytes []byte) (err error) {
+	varLogClient := _LogClient{}
+
+	err = json.Unmarshal(bytes, &varLogClient)
+	if err == nil {
+		*o = LogClient(varLogClient)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "geographicalContext")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "ipAddress")
+		delete(additionalProperties, "userAgent")
+		delete(additionalProperties, "zone")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogClient struct {
+	value *LogClient
+	isSet bool
+}
+
+func (v NullableLogClient) Get() *LogClient {
+	return v.value
+}
+
+func (v *NullableLogClient) Set(val *LogClient) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogClient) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogClient) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogClient(val *LogClient) *NullableLogClient {
+	return &NullableLogClient{value: val, isSet: true}
+}
+
+func (v NullableLogClient) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogClient) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_credential_provider.go b/okta/model_log_credential_provider.go
new file mode 100644
index 000000000..1077b1459
--- /dev/null
+++ b/okta/model_log_credential_provider.go
@@ -0,0 +1,134 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LogCredentialProvider the model 'LogCredentialProvider'
+type LogCredentialProvider string
+
+// List of LogCredentialProvider
+const (
+	LOGCREDENTIALPROVIDER_DUO                          LogCredentialProvider = "DUO"
+	LOGCREDENTIALPROVIDER_GOOGLE                       LogCredentialProvider = "GOOGLE"
+	LOGCREDENTIALPROVIDER_OKTA_AUTHENTICATION_PROVIDER LogCredentialProvider = "OKTA_AUTHENTICATION_PROVIDER"
+	LOGCREDENTIALPROVIDER_OKTA_CREDENTIAL_PROVIDER     LogCredentialProvider = "OKTA_CREDENTIAL_PROVIDER"
+	LOGCREDENTIALPROVIDER_RSA                          LogCredentialProvider = "RSA"
+	LOGCREDENTIALPROVIDER_SYMANTEC                     LogCredentialProvider = "SYMANTEC"
+	LOGCREDENTIALPROVIDER_YUBIKEY                      LogCredentialProvider = "YUBIKEY"
+)
+
+// All allowed values of LogCredentialProvider enum
+var AllowedLogCredentialProviderEnumValues = []LogCredentialProvider{
+	"DUO",
+	"GOOGLE",
+	"OKTA_AUTHENTICATION_PROVIDER",
+	"OKTA_CREDENTIAL_PROVIDER",
+	"RSA",
+	"SYMANTEC",
+	"YUBIKEY",
+}
+
+func (v *LogCredentialProvider) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LogCredentialProvider(value)
+	for _, existing := range AllowedLogCredentialProviderEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LogCredentialProvider", value)
+}
+
+// NewLogCredentialProviderFromValue returns a pointer to a valid LogCredentialProvider
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLogCredentialProviderFromValue(v string) (*LogCredentialProvider, error) {
+	ev := LogCredentialProvider(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LogCredentialProvider: valid values are %v", v, AllowedLogCredentialProviderEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LogCredentialProvider) IsValid() bool {
+	for _, existing := range AllowedLogCredentialProviderEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LogCredentialProvider value
+func (v LogCredentialProvider) Ptr() *LogCredentialProvider {
+	return &v
+}
+
+type NullableLogCredentialProvider struct {
+	value *LogCredentialProvider
+	isSet bool
+}
+
+func (v NullableLogCredentialProvider) Get() *LogCredentialProvider {
+	return v.value
+}
+
+func (v *NullableLogCredentialProvider) Set(val *LogCredentialProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogCredentialProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogCredentialProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogCredentialProvider(val *LogCredentialProvider) *NullableLogCredentialProvider {
+	return &NullableLogCredentialProvider{value: val, isSet: true}
+}
+
+func (v NullableLogCredentialProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogCredentialProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_credential_type.go b/okta/model_log_credential_type.go
new file mode 100644
index 000000000..4a67eb5c7
--- /dev/null
+++ b/okta/model_log_credential_type.go
@@ -0,0 +1,136 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LogCredentialType the model 'LogCredentialType'
+type LogCredentialType string
+
+// List of LogCredentialType
+const (
+	LOGCREDENTIALTYPE_ASSERTION  LogCredentialType = "ASSERTION"
+	LOGCREDENTIALTYPE_EMAIL      LogCredentialType = "EMAIL"
+	LOGCREDENTIALTYPE_IWA        LogCredentialType = "IWA"
+	LOGCREDENTIALTYPE_JWT        LogCredentialType = "JWT"
+	LOGCREDENTIALTYPE_O_AUTH_2_0 LogCredentialType = "OAuth 2.0"
+	LOGCREDENTIALTYPE_OTP        LogCredentialType = "OTP"
+	LOGCREDENTIALTYPE_PASSWORD   LogCredentialType = "PASSWORD"
+	LOGCREDENTIALTYPE_SMS        LogCredentialType = "SMS"
+)
+
+// All allowed values of LogCredentialType enum
+var AllowedLogCredentialTypeEnumValues = []LogCredentialType{
+	"ASSERTION",
+	"EMAIL",
+	"IWA",
+	"JWT",
+	"OAuth 2.0",
+	"OTP",
+	"PASSWORD",
+	"SMS",
+}
+
+func (v *LogCredentialType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LogCredentialType(value)
+	for _, existing := range AllowedLogCredentialTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LogCredentialType", value)
+}
+
+// NewLogCredentialTypeFromValue returns a pointer to a valid LogCredentialType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLogCredentialTypeFromValue(v string) (*LogCredentialType, error) {
+	ev := LogCredentialType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LogCredentialType: valid values are %v", v, AllowedLogCredentialTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LogCredentialType) IsValid() bool {
+	for _, existing := range AllowedLogCredentialTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LogCredentialType value
+func (v LogCredentialType) Ptr() *LogCredentialType {
+	return &v
+}
+
+type NullableLogCredentialType struct {
+	value *LogCredentialType
+	isSet bool
+}
+
+func (v NullableLogCredentialType) Get() *LogCredentialType {
+	return v.value
+}
+
+func (v *NullableLogCredentialType) Set(val *LogCredentialType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogCredentialType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogCredentialType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogCredentialType(val *LogCredentialType) *NullableLogCredentialType {
+	return &NullableLogCredentialType{value: val, isSet: true}
+}
+
+func (v NullableLogCredentialType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogCredentialType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_debug_context.go b/okta/model_log_debug_context.go
new file mode 100644
index 000000000..299599e91
--- /dev/null
+++ b/okta/model_log_debug_context.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogDebugContext struct for LogDebugContext
+type LogDebugContext struct {
+	DebugData            map[string]map[string]interface{} `json:"debugData,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogDebugContext LogDebugContext
+
+// NewLogDebugContext instantiates a new LogDebugContext object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogDebugContext() *LogDebugContext {
+	this := LogDebugContext{}
+	return &this
+}
+
+// NewLogDebugContextWithDefaults instantiates a new LogDebugContext object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogDebugContextWithDefaults() *LogDebugContext {
+	this := LogDebugContext{}
+	return &this
+}
+
+// GetDebugData returns the DebugData field value if set, zero value otherwise.
+func (o *LogDebugContext) GetDebugData() map[string]map[string]interface{} {
+	if o == nil || o.DebugData == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.DebugData
+}
+
+// GetDebugDataOk returns a tuple with the DebugData field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogDebugContext) GetDebugDataOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.DebugData == nil {
+		return nil, false
+	}
+	return o.DebugData, true
+}
+
+// HasDebugData returns a boolean if a field has been set.
+func (o *LogDebugContext) HasDebugData() bool {
+	if o != nil && o.DebugData != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDebugData gets a reference to the given map[string]map[string]interface{} and assigns it to the DebugData field.
+func (o *LogDebugContext) SetDebugData(v map[string]map[string]interface{}) {
+	o.DebugData = v
+}
+
+func (o LogDebugContext) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DebugData != nil {
+		toSerialize["debugData"] = o.DebugData
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogDebugContext) UnmarshalJSON(bytes []byte) (err error) {
+	varLogDebugContext := _LogDebugContext{}
+
+	err = json.Unmarshal(bytes, &varLogDebugContext)
+	if err == nil {
+		*o = LogDebugContext(varLogDebugContext)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "debugData")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogDebugContext struct {
+	value *LogDebugContext
+	isSet bool
+}
+
+func (v NullableLogDebugContext) Get() *LogDebugContext {
+	return v.value
+}
+
+func (v *NullableLogDebugContext) Set(val *LogDebugContext) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogDebugContext) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogDebugContext) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogDebugContext(val *LogDebugContext) *NullableLogDebugContext {
+	return &NullableLogDebugContext{value: val, isSet: true}
+}
+
+func (v NullableLogDebugContext) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogDebugContext) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_event.go b/okta/model_log_event.go
new file mode 100644
index 000000000..050e14a9c
--- /dev/null
+++ b/okta/model_log_event.go
@@ -0,0 +1,714 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// LogEvent struct for LogEvent
+type LogEvent struct {
+	Actor                 *LogActor                 `json:"actor,omitempty"`
+	AuthenticationContext *LogAuthenticationContext `json:"authenticationContext,omitempty"`
+	Client                *LogClient                `json:"client,omitempty"`
+	DebugContext          *LogDebugContext          `json:"debugContext,omitempty"`
+	DisplayMessage        *string                   `json:"displayMessage,omitempty"`
+	EventType             *string                   `json:"eventType,omitempty"`
+	LegacyEventType       *string                   `json:"legacyEventType,omitempty"`
+	Outcome               *LogOutcome               `json:"outcome,omitempty"`
+	Published             *time.Time                `json:"published,omitempty"`
+	Request               *LogRequest               `json:"request,omitempty"`
+	SecurityContext       *LogSecurityContext       `json:"securityContext,omitempty"`
+	Severity              *LogSeverity              `json:"severity,omitempty"`
+	Target                []LogTarget               `json:"target,omitempty"`
+	Transaction           *LogTransaction           `json:"transaction,omitempty"`
+	Uuid                  *string                   `json:"uuid,omitempty"`
+	Version               *string                   `json:"version,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _LogEvent LogEvent
+
+// NewLogEvent instantiates a new LogEvent object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogEvent() *LogEvent {
+	this := LogEvent{}
+	return &this
+}
+
+// NewLogEventWithDefaults instantiates a new LogEvent object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogEventWithDefaults() *LogEvent {
+	this := LogEvent{}
+	return &this
+}
+
+// GetActor returns the Actor field value if set, zero value otherwise.
+func (o *LogEvent) GetActor() LogActor {
+	if o == nil || o.Actor == nil {
+		var ret LogActor
+		return ret
+	}
+	return *o.Actor
+}
+
+// GetActorOk returns a tuple with the Actor field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetActorOk() (*LogActor, bool) {
+	if o == nil || o.Actor == nil {
+		return nil, false
+	}
+	return o.Actor, true
+}
+
+// HasActor returns a boolean if a field has been set.
+func (o *LogEvent) HasActor() bool {
+	if o != nil && o.Actor != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActor gets a reference to the given LogActor and assigns it to the Actor field.
+func (o *LogEvent) SetActor(v LogActor) {
+	o.Actor = &v
+}
+
+// GetAuthenticationContext returns the AuthenticationContext field value if set, zero value otherwise.
+func (o *LogEvent) GetAuthenticationContext() LogAuthenticationContext {
+	if o == nil || o.AuthenticationContext == nil {
+		var ret LogAuthenticationContext
+		return ret
+	}
+	return *o.AuthenticationContext
+}
+
+// GetAuthenticationContextOk returns a tuple with the AuthenticationContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetAuthenticationContextOk() (*LogAuthenticationContext, bool) {
+	if o == nil || o.AuthenticationContext == nil {
+		return nil, false
+	}
+	return o.AuthenticationContext, true
+}
+
+// HasAuthenticationContext returns a boolean if a field has been set.
+func (o *LogEvent) HasAuthenticationContext() bool {
+	if o != nil && o.AuthenticationContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthenticationContext gets a reference to the given LogAuthenticationContext and assigns it to the AuthenticationContext field.
+func (o *LogEvent) SetAuthenticationContext(v LogAuthenticationContext) {
+	o.AuthenticationContext = &v
+}
+
+// GetClient returns the Client field value if set, zero value otherwise.
+func (o *LogEvent) GetClient() LogClient {
+	if o == nil || o.Client == nil {
+		var ret LogClient
+		return ret
+	}
+	return *o.Client
+}
+
+// GetClientOk returns a tuple with the Client field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetClientOk() (*LogClient, bool) {
+	if o == nil || o.Client == nil {
+		return nil, false
+	}
+	return o.Client, true
+}
+
+// HasClient returns a boolean if a field has been set.
+func (o *LogEvent) HasClient() bool {
+	if o != nil && o.Client != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClient gets a reference to the given LogClient and assigns it to the Client field.
+func (o *LogEvent) SetClient(v LogClient) {
+	o.Client = &v
+}
+
+// GetDebugContext returns the DebugContext field value if set, zero value otherwise.
+func (o *LogEvent) GetDebugContext() LogDebugContext {
+	if o == nil || o.DebugContext == nil {
+		var ret LogDebugContext
+		return ret
+	}
+	return *o.DebugContext
+}
+
+// GetDebugContextOk returns a tuple with the DebugContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetDebugContextOk() (*LogDebugContext, bool) {
+	if o == nil || o.DebugContext == nil {
+		return nil, false
+	}
+	return o.DebugContext, true
+}
+
+// HasDebugContext returns a boolean if a field has been set.
+func (o *LogEvent) HasDebugContext() bool {
+	if o != nil && o.DebugContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDebugContext gets a reference to the given LogDebugContext and assigns it to the DebugContext field.
+func (o *LogEvent) SetDebugContext(v LogDebugContext) {
+	o.DebugContext = &v
+}
+
+// GetDisplayMessage returns the DisplayMessage field value if set, zero value otherwise.
+func (o *LogEvent) GetDisplayMessage() string {
+	if o == nil || o.DisplayMessage == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayMessage
+}
+
+// GetDisplayMessageOk returns a tuple with the DisplayMessage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetDisplayMessageOk() (*string, bool) {
+	if o == nil || o.DisplayMessage == nil {
+		return nil, false
+	}
+	return o.DisplayMessage, true
+}
+
+// HasDisplayMessage returns a boolean if a field has been set.
+func (o *LogEvent) HasDisplayMessage() bool {
+	if o != nil && o.DisplayMessage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayMessage gets a reference to the given string and assigns it to the DisplayMessage field.
+func (o *LogEvent) SetDisplayMessage(v string) {
+	o.DisplayMessage = &v
+}
+
+// GetEventType returns the EventType field value if set, zero value otherwise.
+func (o *LogEvent) GetEventType() string {
+	if o == nil || o.EventType == nil {
+		var ret string
+		return ret
+	}
+	return *o.EventType
+}
+
+// GetEventTypeOk returns a tuple with the EventType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetEventTypeOk() (*string, bool) {
+	if o == nil || o.EventType == nil {
+		return nil, false
+	}
+	return o.EventType, true
+}
+
+// HasEventType returns a boolean if a field has been set.
+func (o *LogEvent) HasEventType() bool {
+	if o != nil && o.EventType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEventType gets a reference to the given string and assigns it to the EventType field.
+func (o *LogEvent) SetEventType(v string) {
+	o.EventType = &v
+}
+
+// GetLegacyEventType returns the LegacyEventType field value if set, zero value otherwise.
+func (o *LogEvent) GetLegacyEventType() string {
+	if o == nil || o.LegacyEventType == nil {
+		var ret string
+		return ret
+	}
+	return *o.LegacyEventType
+}
+
+// GetLegacyEventTypeOk returns a tuple with the LegacyEventType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetLegacyEventTypeOk() (*string, bool) {
+	if o == nil || o.LegacyEventType == nil {
+		return nil, false
+	}
+	return o.LegacyEventType, true
+}
+
+// HasLegacyEventType returns a boolean if a field has been set.
+func (o *LogEvent) HasLegacyEventType() bool {
+	if o != nil && o.LegacyEventType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLegacyEventType gets a reference to the given string and assigns it to the LegacyEventType field.
+func (o *LogEvent) SetLegacyEventType(v string) {
+	o.LegacyEventType = &v
+}
+
+// GetOutcome returns the Outcome field value if set, zero value otherwise.
+func (o *LogEvent) GetOutcome() LogOutcome {
+	if o == nil || o.Outcome == nil {
+		var ret LogOutcome
+		return ret
+	}
+	return *o.Outcome
+}
+
+// GetOutcomeOk returns a tuple with the Outcome field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetOutcomeOk() (*LogOutcome, bool) {
+	if o == nil || o.Outcome == nil {
+		return nil, false
+	}
+	return o.Outcome, true
+}
+
+// HasOutcome returns a boolean if a field has been set.
+func (o *LogEvent) HasOutcome() bool {
+	if o != nil && o.Outcome != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOutcome gets a reference to the given LogOutcome and assigns it to the Outcome field.
+func (o *LogEvent) SetOutcome(v LogOutcome) {
+	o.Outcome = &v
+}
+
+// GetPublished returns the Published field value if set, zero value otherwise.
+func (o *LogEvent) GetPublished() time.Time {
+	if o == nil || o.Published == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Published
+}
+
+// GetPublishedOk returns a tuple with the Published field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetPublishedOk() (*time.Time, bool) {
+	if o == nil || o.Published == nil {
+		return nil, false
+	}
+	return o.Published, true
+}
+
+// HasPublished returns a boolean if a field has been set.
+func (o *LogEvent) HasPublished() bool {
+	if o != nil && o.Published != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPublished gets a reference to the given time.Time and assigns it to the Published field.
+func (o *LogEvent) SetPublished(v time.Time) {
+	o.Published = &v
+}
+
+// GetRequest returns the Request field value if set, zero value otherwise.
+func (o *LogEvent) GetRequest() LogRequest {
+	if o == nil || o.Request == nil {
+		var ret LogRequest
+		return ret
+	}
+	return *o.Request
+}
+
+// GetRequestOk returns a tuple with the Request field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetRequestOk() (*LogRequest, bool) {
+	if o == nil || o.Request == nil {
+		return nil, false
+	}
+	return o.Request, true
+}
+
+// HasRequest returns a boolean if a field has been set.
+func (o *LogEvent) HasRequest() bool {
+	if o != nil && o.Request != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequest gets a reference to the given LogRequest and assigns it to the Request field.
+func (o *LogEvent) SetRequest(v LogRequest) {
+	o.Request = &v
+}
+
+// GetSecurityContext returns the SecurityContext field value if set, zero value otherwise.
+func (o *LogEvent) GetSecurityContext() LogSecurityContext {
+	if o == nil || o.SecurityContext == nil {
+		var ret LogSecurityContext
+		return ret
+	}
+	return *o.SecurityContext
+}
+
+// GetSecurityContextOk returns a tuple with the SecurityContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetSecurityContextOk() (*LogSecurityContext, bool) {
+	if o == nil || o.SecurityContext == nil {
+		return nil, false
+	}
+	return o.SecurityContext, true
+}
+
+// HasSecurityContext returns a boolean if a field has been set.
+func (o *LogEvent) HasSecurityContext() bool {
+	if o != nil && o.SecurityContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecurityContext gets a reference to the given LogSecurityContext and assigns it to the SecurityContext field.
+func (o *LogEvent) SetSecurityContext(v LogSecurityContext) {
+	o.SecurityContext = &v
+}
+
+// GetSeverity returns the Severity field value if set, zero value otherwise.
+func (o *LogEvent) GetSeverity() LogSeverity {
+	if o == nil || o.Severity == nil {
+		var ret LogSeverity
+		return ret
+	}
+	return *o.Severity
+}
+
+// GetSeverityOk returns a tuple with the Severity field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetSeverityOk() (*LogSeverity, bool) {
+	if o == nil || o.Severity == nil {
+		return nil, false
+	}
+	return o.Severity, true
+}
+
+// HasSeverity returns a boolean if a field has been set.
+func (o *LogEvent) HasSeverity() bool {
+	if o != nil && o.Severity != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSeverity gets a reference to the given LogSeverity and assigns it to the Severity field.
+func (o *LogEvent) SetSeverity(v LogSeverity) {
+	o.Severity = &v
+}
+
+// GetTarget returns the Target field value if set, zero value otherwise.
+func (o *LogEvent) GetTarget() []LogTarget {
+	if o == nil || o.Target == nil {
+		var ret []LogTarget
+		return ret
+	}
+	return o.Target
+}
+
+// GetTargetOk returns a tuple with the Target field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetTargetOk() ([]LogTarget, bool) {
+	if o == nil || o.Target == nil {
+		return nil, false
+	}
+	return o.Target, true
+}
+
+// HasTarget returns a boolean if a field has been set.
+func (o *LogEvent) HasTarget() bool {
+	if o != nil && o.Target != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTarget gets a reference to the given []LogTarget and assigns it to the Target field.
+func (o *LogEvent) SetTarget(v []LogTarget) {
+	o.Target = v
+}
+
+// GetTransaction returns the Transaction field value if set, zero value otherwise.
+func (o *LogEvent) GetTransaction() LogTransaction {
+	if o == nil || o.Transaction == nil {
+		var ret LogTransaction
+		return ret
+	}
+	return *o.Transaction
+}
+
+// GetTransactionOk returns a tuple with the Transaction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetTransactionOk() (*LogTransaction, bool) {
+	if o == nil || o.Transaction == nil {
+		return nil, false
+	}
+	return o.Transaction, true
+}
+
+// HasTransaction returns a boolean if a field has been set.
+func (o *LogEvent) HasTransaction() bool {
+	if o != nil && o.Transaction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTransaction gets a reference to the given LogTransaction and assigns it to the Transaction field.
+func (o *LogEvent) SetTransaction(v LogTransaction) {
+	o.Transaction = &v
+}
+
+// GetUuid returns the Uuid field value if set, zero value otherwise.
+func (o *LogEvent) GetUuid() string {
+	if o == nil || o.Uuid == nil {
+		var ret string
+		return ret
+	}
+	return *o.Uuid
+}
+
+// GetUuidOk returns a tuple with the Uuid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetUuidOk() (*string, bool) {
+	if o == nil || o.Uuid == nil {
+		return nil, false
+	}
+	return o.Uuid, true
+}
+
+// HasUuid returns a boolean if a field has been set.
+func (o *LogEvent) HasUuid() bool {
+	if o != nil && o.Uuid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUuid gets a reference to the given string and assigns it to the Uuid field.
+func (o *LogEvent) SetUuid(v string) {
+	o.Uuid = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *LogEvent) GetVersion() string {
+	if o == nil || o.Version == nil {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogEvent) GetVersionOk() (*string, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *LogEvent) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *LogEvent) SetVersion(v string) {
+	o.Version = &v
+}
+
+func (o LogEvent) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Actor != nil {
+		toSerialize["actor"] = o.Actor
+	}
+	if o.AuthenticationContext != nil {
+		toSerialize["authenticationContext"] = o.AuthenticationContext
+	}
+	if o.Client != nil {
+		toSerialize["client"] = o.Client
+	}
+	if o.DebugContext != nil {
+		toSerialize["debugContext"] = o.DebugContext
+	}
+	if o.DisplayMessage != nil {
+		toSerialize["displayMessage"] = o.DisplayMessage
+	}
+	if o.EventType != nil {
+		toSerialize["eventType"] = o.EventType
+	}
+	if o.LegacyEventType != nil {
+		toSerialize["legacyEventType"] = o.LegacyEventType
+	}
+	if o.Outcome != nil {
+		toSerialize["outcome"] = o.Outcome
+	}
+	if o.Published != nil {
+		toSerialize["published"] = o.Published
+	}
+	if o.Request != nil {
+		toSerialize["request"] = o.Request
+	}
+	if o.SecurityContext != nil {
+		toSerialize["securityContext"] = o.SecurityContext
+	}
+	if o.Severity != nil {
+		toSerialize["severity"] = o.Severity
+	}
+	if o.Target != nil {
+		toSerialize["target"] = o.Target
+	}
+	if o.Transaction != nil {
+		toSerialize["transaction"] = o.Transaction
+	}
+	if o.Uuid != nil {
+		toSerialize["uuid"] = o.Uuid
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogEvent) UnmarshalJSON(bytes []byte) (err error) {
+	varLogEvent := _LogEvent{}
+
+	err = json.Unmarshal(bytes, &varLogEvent)
+	if err == nil {
+		*o = LogEvent(varLogEvent)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actor")
+		delete(additionalProperties, "authenticationContext")
+		delete(additionalProperties, "client")
+		delete(additionalProperties, "debugContext")
+		delete(additionalProperties, "displayMessage")
+		delete(additionalProperties, "eventType")
+		delete(additionalProperties, "legacyEventType")
+		delete(additionalProperties, "outcome")
+		delete(additionalProperties, "published")
+		delete(additionalProperties, "request")
+		delete(additionalProperties, "securityContext")
+		delete(additionalProperties, "severity")
+		delete(additionalProperties, "target")
+		delete(additionalProperties, "transaction")
+		delete(additionalProperties, "uuid")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogEvent struct {
+	value *LogEvent
+	isSet bool
+}
+
+func (v NullableLogEvent) Get() *LogEvent {
+	return v.value
+}
+
+func (v *NullableLogEvent) Set(val *LogEvent) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogEvent) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogEvent) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogEvent(val *LogEvent) *NullableLogEvent {
+	return &NullableLogEvent{value: val, isSet: true}
+}
+
+func (v NullableLogEvent) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogEvent) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_geographical_context.go b/okta/model_log_geographical_context.go
new file mode 100644
index 000000000..a5d59feb2
--- /dev/null
+++ b/okta/model_log_geographical_context.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogGeographicalContext struct for LogGeographicalContext
+type LogGeographicalContext struct {
+	City                 *string         `json:"city,omitempty"`
+	Country              *string         `json:"country,omitempty"`
+	Geolocation          *LogGeolocation `json:"geolocation,omitempty"`
+	PostalCode           *string         `json:"postalCode,omitempty"`
+	State                *string         `json:"state,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogGeographicalContext LogGeographicalContext
+
+// NewLogGeographicalContext instantiates a new LogGeographicalContext object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogGeographicalContext() *LogGeographicalContext {
+	this := LogGeographicalContext{}
+	return &this
+}
+
+// NewLogGeographicalContextWithDefaults instantiates a new LogGeographicalContext object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogGeographicalContextWithDefaults() *LogGeographicalContext {
+	this := LogGeographicalContext{}
+	return &this
+}
+
+// GetCity returns the City field value if set, zero value otherwise.
+func (o *LogGeographicalContext) GetCity() string {
+	if o == nil || o.City == nil {
+		var ret string
+		return ret
+	}
+	return *o.City
+}
+
+// GetCityOk returns a tuple with the City field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogGeographicalContext) GetCityOk() (*string, bool) {
+	if o == nil || o.City == nil {
+		return nil, false
+	}
+	return o.City, true
+}
+
+// HasCity returns a boolean if a field has been set.
+func (o *LogGeographicalContext) HasCity() bool {
+	if o != nil && o.City != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCity gets a reference to the given string and assigns it to the City field.
+func (o *LogGeographicalContext) SetCity(v string) {
+	o.City = &v
+}
+
+// GetCountry returns the Country field value if set, zero value otherwise.
+func (o *LogGeographicalContext) GetCountry() string {
+	if o == nil || o.Country == nil {
+		var ret string
+		return ret
+	}
+	return *o.Country
+}
+
+// GetCountryOk returns a tuple with the Country field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogGeographicalContext) GetCountryOk() (*string, bool) {
+	if o == nil || o.Country == nil {
+		return nil, false
+	}
+	return o.Country, true
+}
+
+// HasCountry returns a boolean if a field has been set.
+func (o *LogGeographicalContext) HasCountry() bool {
+	if o != nil && o.Country != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCountry gets a reference to the given string and assigns it to the Country field.
+func (o *LogGeographicalContext) SetCountry(v string) {
+	o.Country = &v
+}
+
+// GetGeolocation returns the Geolocation field value if set, zero value otherwise.
+func (o *LogGeographicalContext) GetGeolocation() LogGeolocation {
+	if o == nil || o.Geolocation == nil {
+		var ret LogGeolocation
+		return ret
+	}
+	return *o.Geolocation
+}
+
+// GetGeolocationOk returns a tuple with the Geolocation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogGeographicalContext) GetGeolocationOk() (*LogGeolocation, bool) {
+	if o == nil || o.Geolocation == nil {
+		return nil, false
+	}
+	return o.Geolocation, true
+}
+
+// HasGeolocation returns a boolean if a field has been set.
+func (o *LogGeographicalContext) HasGeolocation() bool {
+	if o != nil && o.Geolocation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGeolocation gets a reference to the given LogGeolocation and assigns it to the Geolocation field.
+func (o *LogGeographicalContext) SetGeolocation(v LogGeolocation) {
+	o.Geolocation = &v
+}
+
+// GetPostalCode returns the PostalCode field value if set, zero value otherwise.
+func (o *LogGeographicalContext) GetPostalCode() string {
+	if o == nil || o.PostalCode == nil {
+		var ret string
+		return ret
+	}
+	return *o.PostalCode
+}
+
+// GetPostalCodeOk returns a tuple with the PostalCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogGeographicalContext) GetPostalCodeOk() (*string, bool) {
+	if o == nil || o.PostalCode == nil {
+		return nil, false
+	}
+	return o.PostalCode, true
+}
+
+// HasPostalCode returns a boolean if a field has been set.
+func (o *LogGeographicalContext) HasPostalCode() bool {
+	if o != nil && o.PostalCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPostalCode gets a reference to the given string and assigns it to the PostalCode field.
+func (o *LogGeographicalContext) SetPostalCode(v string) {
+	o.PostalCode = &v
+}
+
+// GetState returns the State field value if set, zero value otherwise.
+func (o *LogGeographicalContext) GetState() string {
+	if o == nil || o.State == nil {
+		var ret string
+		return ret
+	}
+	return *o.State
+}
+
+// GetStateOk returns a tuple with the State field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogGeographicalContext) GetStateOk() (*string, bool) {
+	if o == nil || o.State == nil {
+		return nil, false
+	}
+	return o.State, true
+}
+
+// HasState returns a boolean if a field has been set.
+func (o *LogGeographicalContext) HasState() bool {
+	if o != nil && o.State != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetState gets a reference to the given string and assigns it to the State field.
+func (o *LogGeographicalContext) SetState(v string) {
+	o.State = &v
+}
+
+func (o LogGeographicalContext) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.City != nil {
+		toSerialize["city"] = o.City
+	}
+	if o.Country != nil {
+		toSerialize["country"] = o.Country
+	}
+	if o.Geolocation != nil {
+		toSerialize["geolocation"] = o.Geolocation
+	}
+	if o.PostalCode != nil {
+		toSerialize["postalCode"] = o.PostalCode
+	}
+	if o.State != nil {
+		toSerialize["state"] = o.State
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogGeographicalContext) UnmarshalJSON(bytes []byte) (err error) {
+	varLogGeographicalContext := _LogGeographicalContext{}
+
+	err = json.Unmarshal(bytes, &varLogGeographicalContext)
+	if err == nil {
+		*o = LogGeographicalContext(varLogGeographicalContext)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "city")
+		delete(additionalProperties, "country")
+		delete(additionalProperties, "geolocation")
+		delete(additionalProperties, "postalCode")
+		delete(additionalProperties, "state")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogGeographicalContext struct {
+	value *LogGeographicalContext
+	isSet bool
+}
+
+func (v NullableLogGeographicalContext) Get() *LogGeographicalContext {
+	return v.value
+}
+
+func (v *NullableLogGeographicalContext) Set(val *LogGeographicalContext) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogGeographicalContext) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogGeographicalContext) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogGeographicalContext(val *LogGeographicalContext) *NullableLogGeographicalContext {
+	return &NullableLogGeographicalContext{value: val, isSet: true}
+}
+
+func (v NullableLogGeographicalContext) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogGeographicalContext) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_geolocation.go b/okta/model_log_geolocation.go
new file mode 100644
index 000000000..c3b8123ab
--- /dev/null
+++ b/okta/model_log_geolocation.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogGeolocation struct for LogGeolocation
+type LogGeolocation struct {
+	Lat                  *float64 `json:"lat,omitempty"`
+	Lon                  *float64 `json:"lon,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogGeolocation LogGeolocation
+
+// NewLogGeolocation instantiates a new LogGeolocation object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogGeolocation() *LogGeolocation {
+	this := LogGeolocation{}
+	return &this
+}
+
+// NewLogGeolocationWithDefaults instantiates a new LogGeolocation object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogGeolocationWithDefaults() *LogGeolocation {
+	this := LogGeolocation{}
+	return &this
+}
+
+// GetLat returns the Lat field value if set, zero value otherwise.
+func (o *LogGeolocation) GetLat() float64 {
+	if o == nil || o.Lat == nil {
+		var ret float64
+		return ret
+	}
+	return *o.Lat
+}
+
+// GetLatOk returns a tuple with the Lat field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogGeolocation) GetLatOk() (*float64, bool) {
+	if o == nil || o.Lat == nil {
+		return nil, false
+	}
+	return o.Lat, true
+}
+
+// HasLat returns a boolean if a field has been set.
+func (o *LogGeolocation) HasLat() bool {
+	if o != nil && o.Lat != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLat gets a reference to the given float64 and assigns it to the Lat field.
+func (o *LogGeolocation) SetLat(v float64) {
+	o.Lat = &v
+}
+
+// GetLon returns the Lon field value if set, zero value otherwise.
+func (o *LogGeolocation) GetLon() float64 {
+	if o == nil || o.Lon == nil {
+		var ret float64
+		return ret
+	}
+	return *o.Lon
+}
+
+// GetLonOk returns a tuple with the Lon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogGeolocation) GetLonOk() (*float64, bool) {
+	if o == nil || o.Lon == nil {
+		return nil, false
+	}
+	return o.Lon, true
+}
+
+// HasLon returns a boolean if a field has been set.
+func (o *LogGeolocation) HasLon() bool {
+	if o != nil && o.Lon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLon gets a reference to the given float64 and assigns it to the Lon field.
+func (o *LogGeolocation) SetLon(v float64) {
+	o.Lon = &v
+}
+
+func (o LogGeolocation) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Lat != nil {
+		toSerialize["lat"] = o.Lat
+	}
+	if o.Lon != nil {
+		toSerialize["lon"] = o.Lon
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogGeolocation) UnmarshalJSON(bytes []byte) (err error) {
+	varLogGeolocation := _LogGeolocation{}
+
+	err = json.Unmarshal(bytes, &varLogGeolocation)
+	if err == nil {
+		*o = LogGeolocation(varLogGeolocation)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "lat")
+		delete(additionalProperties, "lon")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogGeolocation struct {
+	value *LogGeolocation
+	isSet bool
+}
+
+func (v NullableLogGeolocation) Get() *LogGeolocation {
+	return v.value
+}
+
+func (v *NullableLogGeolocation) Set(val *LogGeolocation) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogGeolocation) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogGeolocation) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogGeolocation(val *LogGeolocation) *NullableLogGeolocation {
+	return &NullableLogGeolocation{value: val, isSet: true}
+}
+
+func (v NullableLogGeolocation) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogGeolocation) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_ip_address.go b/okta/model_log_ip_address.go
new file mode 100644
index 000000000..44b4ffa9b
--- /dev/null
+++ b/okta/model_log_ip_address.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogIpAddress struct for LogIpAddress
+type LogIpAddress struct {
+	GeographicalContext  *LogGeographicalContext `json:"geographicalContext,omitempty"`
+	Ip                   *string                 `json:"ip,omitempty"`
+	Source               *string                 `json:"source,omitempty"`
+	Version              *string                 `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogIpAddress LogIpAddress
+
+// NewLogIpAddress instantiates a new LogIpAddress object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogIpAddress() *LogIpAddress {
+	this := LogIpAddress{}
+	return &this
+}
+
+// NewLogIpAddressWithDefaults instantiates a new LogIpAddress object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogIpAddressWithDefaults() *LogIpAddress {
+	this := LogIpAddress{}
+	return &this
+}
+
+// GetGeographicalContext returns the GeographicalContext field value if set, zero value otherwise.
+func (o *LogIpAddress) GetGeographicalContext() LogGeographicalContext {
+	if o == nil || o.GeographicalContext == nil {
+		var ret LogGeographicalContext
+		return ret
+	}
+	return *o.GeographicalContext
+}
+
+// GetGeographicalContextOk returns a tuple with the GeographicalContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogIpAddress) GetGeographicalContextOk() (*LogGeographicalContext, bool) {
+	if o == nil || o.GeographicalContext == nil {
+		return nil, false
+	}
+	return o.GeographicalContext, true
+}
+
+// HasGeographicalContext returns a boolean if a field has been set.
+func (o *LogIpAddress) HasGeographicalContext() bool {
+	if o != nil && o.GeographicalContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGeographicalContext gets a reference to the given LogGeographicalContext and assigns it to the GeographicalContext field.
+func (o *LogIpAddress) SetGeographicalContext(v LogGeographicalContext) {
+	o.GeographicalContext = &v
+}
+
+// GetIp returns the Ip field value if set, zero value otherwise.
+func (o *LogIpAddress) GetIp() string {
+	if o == nil || o.Ip == nil {
+		var ret string
+		return ret
+	}
+	return *o.Ip
+}
+
+// GetIpOk returns a tuple with the Ip field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogIpAddress) GetIpOk() (*string, bool) {
+	if o == nil || o.Ip == nil {
+		return nil, false
+	}
+	return o.Ip, true
+}
+
+// HasIp returns a boolean if a field has been set.
+func (o *LogIpAddress) HasIp() bool {
+	if o != nil && o.Ip != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIp gets a reference to the given string and assigns it to the Ip field.
+func (o *LogIpAddress) SetIp(v string) {
+	o.Ip = &v
+}
+
+// GetSource returns the Source field value if set, zero value otherwise.
+func (o *LogIpAddress) GetSource() string {
+	if o == nil || o.Source == nil {
+		var ret string
+		return ret
+	}
+	return *o.Source
+}
+
+// GetSourceOk returns a tuple with the Source field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogIpAddress) GetSourceOk() (*string, bool) {
+	if o == nil || o.Source == nil {
+		return nil, false
+	}
+	return o.Source, true
+}
+
+// HasSource returns a boolean if a field has been set.
+func (o *LogIpAddress) HasSource() bool {
+	if o != nil && o.Source != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSource gets a reference to the given string and assigns it to the Source field.
+func (o *LogIpAddress) SetSource(v string) {
+	o.Source = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *LogIpAddress) GetVersion() string {
+	if o == nil || o.Version == nil {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogIpAddress) GetVersionOk() (*string, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *LogIpAddress) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *LogIpAddress) SetVersion(v string) {
+	o.Version = &v
+}
+
+func (o LogIpAddress) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.GeographicalContext != nil {
+		toSerialize["geographicalContext"] = o.GeographicalContext
+	}
+	if o.Ip != nil {
+		toSerialize["ip"] = o.Ip
+	}
+	if o.Source != nil {
+		toSerialize["source"] = o.Source
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogIpAddress) UnmarshalJSON(bytes []byte) (err error) {
+	varLogIpAddress := _LogIpAddress{}
+
+	err = json.Unmarshal(bytes, &varLogIpAddress)
+	if err == nil {
+		*o = LogIpAddress(varLogIpAddress)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "geographicalContext")
+		delete(additionalProperties, "ip")
+		delete(additionalProperties, "source")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogIpAddress struct {
+	value *LogIpAddress
+	isSet bool
+}
+
+func (v NullableLogIpAddress) Get() *LogIpAddress {
+	return v.value
+}
+
+func (v *NullableLogIpAddress) Set(val *LogIpAddress) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogIpAddress) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogIpAddress) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogIpAddress(val *LogIpAddress) *NullableLogIpAddress {
+	return &NullableLogIpAddress{value: val, isSet: true}
+}
+
+func (v NullableLogIpAddress) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogIpAddress) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_issuer.go b/okta/model_log_issuer.go
new file mode 100644
index 000000000..e2970b89a
--- /dev/null
+++ b/okta/model_log_issuer.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogIssuer struct for LogIssuer
+type LogIssuer struct {
+	Id                   *string `json:"id,omitempty"`
+	Type                 *string `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogIssuer LogIssuer
+
+// NewLogIssuer instantiates a new LogIssuer object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogIssuer() *LogIssuer {
+	this := LogIssuer{}
+	return &this
+}
+
+// NewLogIssuerWithDefaults instantiates a new LogIssuer object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogIssuerWithDefaults() *LogIssuer {
+	this := LogIssuer{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *LogIssuer) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogIssuer) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *LogIssuer) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *LogIssuer) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *LogIssuer) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogIssuer) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *LogIssuer) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *LogIssuer) SetType(v string) {
+	o.Type = &v
+}
+
+func (o LogIssuer) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogIssuer) UnmarshalJSON(bytes []byte) (err error) {
+	varLogIssuer := _LogIssuer{}
+
+	err = json.Unmarshal(bytes, &varLogIssuer)
+	if err == nil {
+		*o = LogIssuer(varLogIssuer)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogIssuer struct {
+	value *LogIssuer
+	isSet bool
+}
+
+func (v NullableLogIssuer) Get() *LogIssuer {
+	return v.value
+}
+
+func (v *NullableLogIssuer) Set(val *LogIssuer) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogIssuer) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogIssuer) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogIssuer(val *LogIssuer) *NullableLogIssuer {
+	return &NullableLogIssuer{value: val, isSet: true}
+}
+
+func (v NullableLogIssuer) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogIssuer) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_outcome.go b/okta/model_log_outcome.go
new file mode 100644
index 000000000..5690f88e6
--- /dev/null
+++ b/okta/model_log_outcome.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogOutcome struct for LogOutcome
+type LogOutcome struct {
+	Reason               *string `json:"reason,omitempty"`
+	Result               *string `json:"result,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogOutcome LogOutcome
+
+// NewLogOutcome instantiates a new LogOutcome object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogOutcome() *LogOutcome {
+	this := LogOutcome{}
+	return &this
+}
+
+// NewLogOutcomeWithDefaults instantiates a new LogOutcome object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogOutcomeWithDefaults() *LogOutcome {
+	this := LogOutcome{}
+	return &this
+}
+
+// GetReason returns the Reason field value if set, zero value otherwise.
+func (o *LogOutcome) GetReason() string {
+	if o == nil || o.Reason == nil {
+		var ret string
+		return ret
+	}
+	return *o.Reason
+}
+
+// GetReasonOk returns a tuple with the Reason field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogOutcome) GetReasonOk() (*string, bool) {
+	if o == nil || o.Reason == nil {
+		return nil, false
+	}
+	return o.Reason, true
+}
+
+// HasReason returns a boolean if a field has been set.
+func (o *LogOutcome) HasReason() bool {
+	if o != nil && o.Reason != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReason gets a reference to the given string and assigns it to the Reason field.
+func (o *LogOutcome) SetReason(v string) {
+	o.Reason = &v
+}
+
+// GetResult returns the Result field value if set, zero value otherwise.
+func (o *LogOutcome) GetResult() string {
+	if o == nil || o.Result == nil {
+		var ret string
+		return ret
+	}
+	return *o.Result
+}
+
+// GetResultOk returns a tuple with the Result field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogOutcome) GetResultOk() (*string, bool) {
+	if o == nil || o.Result == nil {
+		return nil, false
+	}
+	return o.Result, true
+}
+
+// HasResult returns a boolean if a field has been set.
+func (o *LogOutcome) HasResult() bool {
+	if o != nil && o.Result != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResult gets a reference to the given string and assigns it to the Result field.
+func (o *LogOutcome) SetResult(v string) {
+	o.Result = &v
+}
+
+func (o LogOutcome) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Reason != nil {
+		toSerialize["reason"] = o.Reason
+	}
+	if o.Result != nil {
+		toSerialize["result"] = o.Result
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogOutcome) UnmarshalJSON(bytes []byte) (err error) {
+	varLogOutcome := _LogOutcome{}
+
+	err = json.Unmarshal(bytes, &varLogOutcome)
+	if err == nil {
+		*o = LogOutcome(varLogOutcome)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "reason")
+		delete(additionalProperties, "result")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogOutcome struct {
+	value *LogOutcome
+	isSet bool
+}
+
+func (v NullableLogOutcome) Get() *LogOutcome {
+	return v.value
+}
+
+func (v *NullableLogOutcome) Set(val *LogOutcome) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogOutcome) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogOutcome) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogOutcome(val *LogOutcome) *NullableLogOutcome {
+	return &NullableLogOutcome{value: val, isSet: true}
+}
+
+func (v NullableLogOutcome) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogOutcome) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_request.go b/okta/model_log_request.go
new file mode 100644
index 000000000..17ad5c1e4
--- /dev/null
+++ b/okta/model_log_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogRequest struct for LogRequest
+type LogRequest struct {
+	IpChain              []LogIpAddress `json:"ipChain,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogRequest LogRequest
+
+// NewLogRequest instantiates a new LogRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogRequest() *LogRequest {
+	this := LogRequest{}
+	return &this
+}
+
+// NewLogRequestWithDefaults instantiates a new LogRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogRequestWithDefaults() *LogRequest {
+	this := LogRequest{}
+	return &this
+}
+
+// GetIpChain returns the IpChain field value if set, zero value otherwise.
+func (o *LogRequest) GetIpChain() []LogIpAddress {
+	if o == nil || o.IpChain == nil {
+		var ret []LogIpAddress
+		return ret
+	}
+	return o.IpChain
+}
+
+// GetIpChainOk returns a tuple with the IpChain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogRequest) GetIpChainOk() ([]LogIpAddress, bool) {
+	if o == nil || o.IpChain == nil {
+		return nil, false
+	}
+	return o.IpChain, true
+}
+
+// HasIpChain returns a boolean if a field has been set.
+func (o *LogRequest) HasIpChain() bool {
+	if o != nil && o.IpChain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIpChain gets a reference to the given []LogIpAddress and assigns it to the IpChain field.
+func (o *LogRequest) SetIpChain(v []LogIpAddress) {
+	o.IpChain = v
+}
+
+func (o LogRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IpChain != nil {
+		toSerialize["ipChain"] = o.IpChain
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varLogRequest := _LogRequest{}
+
+	err = json.Unmarshal(bytes, &varLogRequest)
+	if err == nil {
+		*o = LogRequest(varLogRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "ipChain")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogRequest struct {
+	value *LogRequest
+	isSet bool
+}
+
+func (v NullableLogRequest) Get() *LogRequest {
+	return v.value
+}
+
+func (v *NullableLogRequest) Set(val *LogRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogRequest(val *LogRequest) *NullableLogRequest {
+	return &NullableLogRequest{value: val, isSet: true}
+}
+
+func (v NullableLogRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_security_context.go b/okta/model_log_security_context.go
new file mode 100644
index 000000000..5d5b20a5d
--- /dev/null
+++ b/okta/model_log_security_context.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogSecurityContext struct for LogSecurityContext
+type LogSecurityContext struct {
+	AsNumber             *int32  `json:"asNumber,omitempty"`
+	AsOrg                *string `json:"asOrg,omitempty"`
+	Domain               *string `json:"domain,omitempty"`
+	Isp                  *string `json:"isp,omitempty"`
+	IsProxy              *bool   `json:"isProxy,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogSecurityContext LogSecurityContext
+
+// NewLogSecurityContext instantiates a new LogSecurityContext object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogSecurityContext() *LogSecurityContext {
+	this := LogSecurityContext{}
+	return &this
+}
+
+// NewLogSecurityContextWithDefaults instantiates a new LogSecurityContext object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogSecurityContextWithDefaults() *LogSecurityContext {
+	this := LogSecurityContext{}
+	return &this
+}
+
+// GetAsNumber returns the AsNumber field value if set, zero value otherwise.
+func (o *LogSecurityContext) GetAsNumber() int32 {
+	if o == nil || o.AsNumber == nil {
+		var ret int32
+		return ret
+	}
+	return *o.AsNumber
+}
+
+// GetAsNumberOk returns a tuple with the AsNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogSecurityContext) GetAsNumberOk() (*int32, bool) {
+	if o == nil || o.AsNumber == nil {
+		return nil, false
+	}
+	return o.AsNumber, true
+}
+
+// HasAsNumber returns a boolean if a field has been set.
+func (o *LogSecurityContext) HasAsNumber() bool {
+	if o != nil && o.AsNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAsNumber gets a reference to the given int32 and assigns it to the AsNumber field.
+func (o *LogSecurityContext) SetAsNumber(v int32) {
+	o.AsNumber = &v
+}
+
+// GetAsOrg returns the AsOrg field value if set, zero value otherwise.
+func (o *LogSecurityContext) GetAsOrg() string {
+	if o == nil || o.AsOrg == nil {
+		var ret string
+		return ret
+	}
+	return *o.AsOrg
+}
+
+// GetAsOrgOk returns a tuple with the AsOrg field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogSecurityContext) GetAsOrgOk() (*string, bool) {
+	if o == nil || o.AsOrg == nil {
+		return nil, false
+	}
+	return o.AsOrg, true
+}
+
+// HasAsOrg returns a boolean if a field has been set.
+func (o *LogSecurityContext) HasAsOrg() bool {
+	if o != nil && o.AsOrg != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAsOrg gets a reference to the given string and assigns it to the AsOrg field.
+func (o *LogSecurityContext) SetAsOrg(v string) {
+	o.AsOrg = &v
+}
+
+// GetDomain returns the Domain field value if set, zero value otherwise.
+func (o *LogSecurityContext) GetDomain() string {
+	if o == nil || o.Domain == nil {
+		var ret string
+		return ret
+	}
+	return *o.Domain
+}
+
+// GetDomainOk returns a tuple with the Domain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogSecurityContext) GetDomainOk() (*string, bool) {
+	if o == nil || o.Domain == nil {
+		return nil, false
+	}
+	return o.Domain, true
+}
+
+// HasDomain returns a boolean if a field has been set.
+func (o *LogSecurityContext) HasDomain() bool {
+	if o != nil && o.Domain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDomain gets a reference to the given string and assigns it to the Domain field.
+func (o *LogSecurityContext) SetDomain(v string) {
+	o.Domain = &v
+}
+
+// GetIsp returns the Isp field value if set, zero value otherwise.
+func (o *LogSecurityContext) GetIsp() string {
+	if o == nil || o.Isp == nil {
+		var ret string
+		return ret
+	}
+	return *o.Isp
+}
+
+// GetIspOk returns a tuple with the Isp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogSecurityContext) GetIspOk() (*string, bool) {
+	if o == nil || o.Isp == nil {
+		return nil, false
+	}
+	return o.Isp, true
+}
+
+// HasIsp returns a boolean if a field has been set.
+func (o *LogSecurityContext) HasIsp() bool {
+	if o != nil && o.Isp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsp gets a reference to the given string and assigns it to the Isp field.
+func (o *LogSecurityContext) SetIsp(v string) {
+	o.Isp = &v
+}
+
+// GetIsProxy returns the IsProxy field value if set, zero value otherwise.
+func (o *LogSecurityContext) GetIsProxy() bool {
+	if o == nil || o.IsProxy == nil {
+		var ret bool
+		return ret
+	}
+	return *o.IsProxy
+}
+
+// GetIsProxyOk returns a tuple with the IsProxy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogSecurityContext) GetIsProxyOk() (*bool, bool) {
+	if o == nil || o.IsProxy == nil {
+		return nil, false
+	}
+	return o.IsProxy, true
+}
+
+// HasIsProxy returns a boolean if a field has been set.
+func (o *LogSecurityContext) HasIsProxy() bool {
+	if o != nil && o.IsProxy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIsProxy gets a reference to the given bool and assigns it to the IsProxy field.
+func (o *LogSecurityContext) SetIsProxy(v bool) {
+	o.IsProxy = &v
+}
+
+func (o LogSecurityContext) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AsNumber != nil {
+		toSerialize["asNumber"] = o.AsNumber
+	}
+	if o.AsOrg != nil {
+		toSerialize["asOrg"] = o.AsOrg
+	}
+	if o.Domain != nil {
+		toSerialize["domain"] = o.Domain
+	}
+	if o.Isp != nil {
+		toSerialize["isp"] = o.Isp
+	}
+	if o.IsProxy != nil {
+		toSerialize["isProxy"] = o.IsProxy
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogSecurityContext) UnmarshalJSON(bytes []byte) (err error) {
+	varLogSecurityContext := _LogSecurityContext{}
+
+	err = json.Unmarshal(bytes, &varLogSecurityContext)
+	if err == nil {
+		*o = LogSecurityContext(varLogSecurityContext)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "asNumber")
+		delete(additionalProperties, "asOrg")
+		delete(additionalProperties, "domain")
+		delete(additionalProperties, "isp")
+		delete(additionalProperties, "isProxy")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogSecurityContext struct {
+	value *LogSecurityContext
+	isSet bool
+}
+
+func (v NullableLogSecurityContext) Get() *LogSecurityContext {
+	return v.value
+}
+
+func (v *NullableLogSecurityContext) Set(val *LogSecurityContext) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogSecurityContext) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogSecurityContext) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogSecurityContext(val *LogSecurityContext) *NullableLogSecurityContext {
+	return &NullableLogSecurityContext{value: val, isSet: true}
+}
+
+func (v NullableLogSecurityContext) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogSecurityContext) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_severity.go b/okta/model_log_severity.go
new file mode 100644
index 000000000..a4f7c0c86
--- /dev/null
+++ b/okta/model_log_severity.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LogSeverity the model 'LogSeverity'
+type LogSeverity string
+
+// List of LogSeverity
+const (
+	LOGSEVERITY_DEBUG LogSeverity = "DEBUG"
+	LOGSEVERITY_ERROR LogSeverity = "ERROR"
+	LOGSEVERITY_INFO  LogSeverity = "INFO"
+	LOGSEVERITY_WARN  LogSeverity = "WARN"
+)
+
+// All allowed values of LogSeverity enum
+var AllowedLogSeverityEnumValues = []LogSeverity{
+	"DEBUG",
+	"ERROR",
+	"INFO",
+	"WARN",
+}
+
+func (v *LogSeverity) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LogSeverity(value)
+	for _, existing := range AllowedLogSeverityEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LogSeverity", value)
+}
+
+// NewLogSeverityFromValue returns a pointer to a valid LogSeverity
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLogSeverityFromValue(v string) (*LogSeverity, error) {
+	ev := LogSeverity(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LogSeverity: valid values are %v", v, AllowedLogSeverityEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LogSeverity) IsValid() bool {
+	for _, existing := range AllowedLogSeverityEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LogSeverity value
+func (v LogSeverity) Ptr() *LogSeverity {
+	return &v
+}
+
+type NullableLogSeverity struct {
+	value *LogSeverity
+	isSet bool
+}
+
+func (v NullableLogSeverity) Get() *LogSeverity {
+	return v.value
+}
+
+func (v *NullableLogSeverity) Set(val *LogSeverity) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogSeverity) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogSeverity) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogSeverity(val *LogSeverity) *NullableLogSeverity {
+	return &NullableLogSeverity{value: val, isSet: true}
+}
+
+func (v NullableLogSeverity) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogSeverity) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream.go b/okta/model_log_stream.go
new file mode 100644
index 000000000..d6d688b5f
--- /dev/null
+++ b/okta/model_log_stream.go
@@ -0,0 +1,385 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// LogStream struct for LogStream
+type LogStream struct {
+	// Timestamp when the Log Stream was created
+	Created *time.Time `json:"created,omitempty"`
+	// Unique key for the Log Stream
+	Id *string `json:"id,omitempty"`
+	// Timestamp when the Log Stream was last updated
+	LastUpdated *time.Time `json:"lastUpdated,omitempty"`
+	// Unique name for the Log Stream
+	Name                 *string          `json:"name,omitempty"`
+	Status               *LifecycleStatus `json:"status,omitempty"`
+	Type                 *LogStreamType   `json:"type,omitempty"`
+	Links                *LogStreamLinks  `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStream LogStream
+
+// NewLogStream instantiates a new LogStream object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStream() *LogStream {
+	this := LogStream{}
+	return &this
+}
+
+// NewLogStreamWithDefaults instantiates a new LogStream object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamWithDefaults() *LogStream {
+	this := LogStream{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *LogStream) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStream) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *LogStream) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *LogStream) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *LogStream) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStream) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *LogStream) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *LogStream) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *LogStream) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStream) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *LogStream) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *LogStream) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *LogStream) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStream) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *LogStream) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *LogStream) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *LogStream) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStream) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *LogStream) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *LogStream) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *LogStream) GetType() LogStreamType {
+	if o == nil || o.Type == nil {
+		var ret LogStreamType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStream) GetTypeOk() (*LogStreamType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *LogStream) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given LogStreamType and assigns it to the Type field.
+func (o *LogStream) SetType(v LogStreamType) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *LogStream) GetLinks() LogStreamLinks {
+	if o == nil || o.Links == nil {
+		var ret LogStreamLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStream) GetLinksOk() (*LogStreamLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *LogStream) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given LogStreamLinks and assigns it to the Links field.
+func (o *LogStream) SetLinks(v LogStreamLinks) {
+	o.Links = &v
+}
+
+func (o LogStream) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStream) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStream := _LogStream{}
+
+	err = json.Unmarshal(bytes, &varLogStream)
+	if err == nil {
+		*o = LogStream(varLogStream)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStream struct {
+	value *LogStream
+	isSet bool
+}
+
+func (v NullableLogStream) Get() *LogStream {
+	return v.value
+}
+
+func (v *NullableLogStream) Set(val *LogStream) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStream) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStream) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStream(val *LogStream) *NullableLogStream {
+	return &NullableLogStream{value: val, isSet: true}
+}
+
+func (v NullableLogStream) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStream) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream__links.go b/okta/model_log_stream__links.go
new file mode 100644
index 000000000..34631b318
--- /dev/null
+++ b/okta/model_log_stream__links.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamLinks struct for LogStreamLinks
+type LogStreamLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Activate             *HrefObject `json:"activate,omitempty"`
+	Deactivate           *HrefObject `json:"deactivate,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamLinks LogStreamLinks
+
+// NewLogStreamLinks instantiates a new LogStreamLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamLinks() *LogStreamLinks {
+	this := LogStreamLinks{}
+	return &this
+}
+
+// NewLogStreamLinksWithDefaults instantiates a new LogStreamLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamLinksWithDefaults() *LogStreamLinks {
+	this := LogStreamLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *LogStreamLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *LogStreamLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *LogStreamLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetActivate returns the Activate field value if set, zero value otherwise.
+func (o *LogStreamLinks) GetActivate() HrefObject {
+	if o == nil || o.Activate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Activate
+}
+
+// GetActivateOk returns a tuple with the Activate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamLinks) GetActivateOk() (*HrefObject, bool) {
+	if o == nil || o.Activate == nil {
+		return nil, false
+	}
+	return o.Activate, true
+}
+
+// HasActivate returns a boolean if a field has been set.
+func (o *LogStreamLinks) HasActivate() bool {
+	if o != nil && o.Activate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActivate gets a reference to the given HrefObject and assigns it to the Activate field.
+func (o *LogStreamLinks) SetActivate(v HrefObject) {
+	o.Activate = &v
+}
+
+// GetDeactivate returns the Deactivate field value if set, zero value otherwise.
+func (o *LogStreamLinks) GetDeactivate() HrefObject {
+	if o == nil || o.Deactivate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Deactivate
+}
+
+// GetDeactivateOk returns a tuple with the Deactivate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamLinks) GetDeactivateOk() (*HrefObject, bool) {
+	if o == nil || o.Deactivate == nil {
+		return nil, false
+	}
+	return o.Deactivate, true
+}
+
+// HasDeactivate returns a boolean if a field has been set.
+func (o *LogStreamLinks) HasDeactivate() bool {
+	if o != nil && o.Deactivate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeactivate gets a reference to the given HrefObject and assigns it to the Deactivate field.
+func (o *LogStreamLinks) SetDeactivate(v HrefObject) {
+	o.Deactivate = &v
+}
+
+func (o LogStreamLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Activate != nil {
+		toSerialize["activate"] = o.Activate
+	}
+	if o.Deactivate != nil {
+		toSerialize["deactivate"] = o.Deactivate
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamLinks := _LogStreamLinks{}
+
+	err = json.Unmarshal(bytes, &varLogStreamLinks)
+	if err == nil {
+		*o = LogStreamLinks(varLogStreamLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "activate")
+		delete(additionalProperties, "deactivate")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamLinks struct {
+	value *LogStreamLinks
+	isSet bool
+}
+
+func (v NullableLogStreamLinks) Get() *LogStreamLinks {
+	return v.value
+}
+
+func (v *NullableLogStreamLinks) Set(val *LogStreamLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamLinks(val *LogStreamLinks) *NullableLogStreamLinks {
+	return &NullableLogStreamLinks{value: val, isSet: true}
+}
+
+func (v NullableLogStreamLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_aws.go b/okta/model_log_stream_aws.go
new file mode 100644
index 000000000..284061d54
--- /dev/null
+++ b/okta/model_log_stream_aws.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// LogStreamAws struct for LogStreamAws
+type LogStreamAws struct {
+	LogStream
+	Settings             *LogStreamSettingsAws `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamAws LogStreamAws
+
+// NewLogStreamAws instantiates a new LogStreamAws object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamAws() *LogStreamAws {
+	this := LogStreamAws{}
+	return &this
+}
+
+// NewLogStreamAwsWithDefaults instantiates a new LogStreamAws object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamAwsWithDefaults() *LogStreamAws {
+	this := LogStreamAws{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *LogStreamAws) GetSettings() LogStreamSettingsAws {
+	if o == nil || o.Settings == nil {
+		var ret LogStreamSettingsAws
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamAws) GetSettingsOk() (*LogStreamSettingsAws, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *LogStreamAws) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given LogStreamSettingsAws and assigns it to the Settings field.
+func (o *LogStreamAws) SetSettings(v LogStreamSettingsAws) {
+	o.Settings = &v
+}
+
+func (o LogStreamAws) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedLogStream, errLogStream := json.Marshal(o.LogStream)
+	if errLogStream != nil {
+		return []byte{}, errLogStream
+	}
+	errLogStream = json.Unmarshal([]byte(serializedLogStream), &toSerialize)
+	if errLogStream != nil {
+		return []byte{}, errLogStream
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamAws) UnmarshalJSON(bytes []byte) (err error) {
+	type LogStreamAwsWithoutEmbeddedStruct struct {
+		Settings *LogStreamSettingsAws `json:"settings,omitempty"`
+	}
+
+	varLogStreamAwsWithoutEmbeddedStruct := LogStreamAwsWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varLogStreamAwsWithoutEmbeddedStruct)
+	if err == nil {
+		varLogStreamAws := _LogStreamAws{}
+		varLogStreamAws.Settings = varLogStreamAwsWithoutEmbeddedStruct.Settings
+		*o = LogStreamAws(varLogStreamAws)
+	} else {
+		return err
+	}
+
+	varLogStreamAws := _LogStreamAws{}
+
+	err = json.Unmarshal(bytes, &varLogStreamAws)
+	if err == nil {
+		o.LogStream = varLogStreamAws.LogStream
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectLogStream := reflect.ValueOf(o.LogStream)
+		for i := 0; i < reflectLogStream.Type().NumField(); i++ {
+			t := reflectLogStream.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamAws struct {
+	value *LogStreamAws
+	isSet bool
+}
+
+func (v NullableLogStreamAws) Get() *LogStreamAws {
+	return v.value
+}
+
+func (v *NullableLogStreamAws) Set(val *LogStreamAws) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamAws) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamAws) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamAws(val *LogStreamAws) *NullableLogStreamAws {
+	return &NullableLogStreamAws{value: val, isSet: true}
+}
+
+func (v NullableLogStreamAws) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamAws) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_aws_all_of.go b/okta/model_log_stream_aws_all_of.go
new file mode 100644
index 000000000..50e955a57
--- /dev/null
+++ b/okta/model_log_stream_aws_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamAwsAllOf struct for LogStreamAwsAllOf
+type LogStreamAwsAllOf struct {
+	Settings             *LogStreamSettingsAws `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamAwsAllOf LogStreamAwsAllOf
+
+// NewLogStreamAwsAllOf instantiates a new LogStreamAwsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamAwsAllOf() *LogStreamAwsAllOf {
+	this := LogStreamAwsAllOf{}
+	return &this
+}
+
+// NewLogStreamAwsAllOfWithDefaults instantiates a new LogStreamAwsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamAwsAllOfWithDefaults() *LogStreamAwsAllOf {
+	this := LogStreamAwsAllOf{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *LogStreamAwsAllOf) GetSettings() LogStreamSettingsAws {
+	if o == nil || o.Settings == nil {
+		var ret LogStreamSettingsAws
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamAwsAllOf) GetSettingsOk() (*LogStreamSettingsAws, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *LogStreamAwsAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given LogStreamSettingsAws and assigns it to the Settings field.
+func (o *LogStreamAwsAllOf) SetSettings(v LogStreamSettingsAws) {
+	o.Settings = &v
+}
+
+func (o LogStreamAwsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamAwsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamAwsAllOf := _LogStreamAwsAllOf{}
+
+	err = json.Unmarshal(bytes, &varLogStreamAwsAllOf)
+	if err == nil {
+		*o = LogStreamAwsAllOf(varLogStreamAwsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamAwsAllOf struct {
+	value *LogStreamAwsAllOf
+	isSet bool
+}
+
+func (v NullableLogStreamAwsAllOf) Get() *LogStreamAwsAllOf {
+	return v.value
+}
+
+func (v *NullableLogStreamAwsAllOf) Set(val *LogStreamAwsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamAwsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamAwsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamAwsAllOf(val *LogStreamAwsAllOf) *NullableLogStreamAwsAllOf {
+	return &NullableLogStreamAwsAllOf{value: val, isSet: true}
+}
+
+func (v NullableLogStreamAwsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamAwsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_schema.go b/okta/model_log_stream_schema.go
new file mode 100644
index 000000000..e9bd0d7cb
--- /dev/null
+++ b/okta/model_log_stream_schema.go
@@ -0,0 +1,528 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamSchema struct for LogStreamSchema
+type LogStreamSchema struct {
+	Schema               *string                           `json:"$schema,omitempty"`
+	Created              *string                           `json:"created,omitempty"`
+	ErrorMessage         map[string]interface{}            `json:"errorMessage,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *string                           `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Properties           map[string]interface{}            `json:"properties,omitempty"`
+	Required             []string                          `json:"required,omitempty"`
+	Title                *string                           `json:"title,omitempty"`
+	Type                 *string                           `json:"type,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamSchema LogStreamSchema
+
+// NewLogStreamSchema instantiates a new LogStreamSchema object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamSchema() *LogStreamSchema {
+	this := LogStreamSchema{}
+	return &this
+}
+
+// NewLogStreamSchemaWithDefaults instantiates a new LogStreamSchema object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamSchemaWithDefaults() *LogStreamSchema {
+	this := LogStreamSchema{}
+	return &this
+}
+
+// GetSchema returns the Schema field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetSchema() string {
+	if o == nil || o.Schema == nil {
+		var ret string
+		return ret
+	}
+	return *o.Schema
+}
+
+// GetSchemaOk returns a tuple with the Schema field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetSchemaOk() (*string, bool) {
+	if o == nil || o.Schema == nil {
+		return nil, false
+	}
+	return o.Schema, true
+}
+
+// HasSchema returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasSchema() bool {
+	if o != nil && o.Schema != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSchema gets a reference to the given string and assigns it to the Schema field.
+func (o *LogStreamSchema) SetSchema(v string) {
+	o.Schema = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetCreated() string {
+	if o == nil || o.Created == nil {
+		var ret string
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetCreatedOk() (*string, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given string and assigns it to the Created field.
+func (o *LogStreamSchema) SetCreated(v string) {
+	o.Created = &v
+}
+
+// GetErrorMessage returns the ErrorMessage field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetErrorMessage() map[string]interface{} {
+	if o == nil || o.ErrorMessage == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.ErrorMessage
+}
+
+// GetErrorMessageOk returns a tuple with the ErrorMessage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetErrorMessageOk() (map[string]interface{}, bool) {
+	if o == nil || o.ErrorMessage == nil {
+		return nil, false
+	}
+	return o.ErrorMessage, true
+}
+
+// HasErrorMessage returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasErrorMessage() bool {
+	if o != nil && o.ErrorMessage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorMessage gets a reference to the given map[string]interface{} and assigns it to the ErrorMessage field.
+func (o *LogStreamSchema) SetErrorMessage(v map[string]interface{}) {
+	o.ErrorMessage = v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *LogStreamSchema) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetLastUpdated() string {
+	if o == nil || o.LastUpdated == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetLastUpdatedOk() (*string, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given string and assigns it to the LastUpdated field.
+func (o *LogStreamSchema) SetLastUpdated(v string) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *LogStreamSchema) SetName(v string) {
+	o.Name = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetProperties() map[string]interface{} {
+	if o == nil || o.Properties == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetPropertiesOk() (map[string]interface{}, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given map[string]interface{} and assigns it to the Properties field.
+func (o *LogStreamSchema) SetProperties(v map[string]interface{}) {
+	o.Properties = v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetRequired() []string {
+	if o == nil || o.Required == nil {
+		var ret []string
+		return ret
+	}
+	return o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetRequiredOk() ([]string, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given []string and assigns it to the Required field.
+func (o *LogStreamSchema) SetRequired(v []string) {
+	o.Required = v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *LogStreamSchema) SetTitle(v string) {
+	o.Title = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *LogStreamSchema) SetType(v string) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *LogStreamSchema) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSchema) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *LogStreamSchema) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *LogStreamSchema) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o LogStreamSchema) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Schema != nil {
+		toSerialize["$schema"] = o.Schema
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.ErrorMessage != nil {
+		toSerialize["errorMessage"] = o.ErrorMessage
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamSchema) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamSchema := _LogStreamSchema{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSchema)
+	if err == nil {
+		*o = LogStreamSchema(varLogStreamSchema)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "$schema")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "errorMessage")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamSchema struct {
+	value *LogStreamSchema
+	isSet bool
+}
+
+func (v NullableLogStreamSchema) Get() *LogStreamSchema {
+	return v.value
+}
+
+func (v *NullableLogStreamSchema) Set(val *LogStreamSchema) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamSchema) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamSchema) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamSchema(val *LogStreamSchema) *NullableLogStreamSchema {
+	return &NullableLogStreamSchema{value: val, isSet: true}
+}
+
+func (v NullableLogStreamSchema) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamSchema) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_settings_aws.go b/okta/model_log_stream_settings_aws.go
new file mode 100644
index 000000000..0b805b7a3
--- /dev/null
+++ b/okta/model_log_stream_settings_aws.go
@@ -0,0 +1,234 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamSettingsAws struct for LogStreamSettingsAws
+type LogStreamSettingsAws struct {
+	// Your AWS account ID
+	AccountId *string `json:"accountId,omitempty"`
+	// An alphanumeric name (no spaces) to identify this event source in AWS EventBridge
+	EventSourceName      *string    `json:"eventSourceName,omitempty"`
+	Region               *AwsRegion `json:"region,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamSettingsAws LogStreamSettingsAws
+
+// NewLogStreamSettingsAws instantiates a new LogStreamSettingsAws object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamSettingsAws() *LogStreamSettingsAws {
+	this := LogStreamSettingsAws{}
+	return &this
+}
+
+// NewLogStreamSettingsAwsWithDefaults instantiates a new LogStreamSettingsAws object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamSettingsAwsWithDefaults() *LogStreamSettingsAws {
+	this := LogStreamSettingsAws{}
+	return &this
+}
+
+// GetAccountId returns the AccountId field value if set, zero value otherwise.
+func (o *LogStreamSettingsAws) GetAccountId() string {
+	if o == nil || o.AccountId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AccountId
+}
+
+// GetAccountIdOk returns a tuple with the AccountId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsAws) GetAccountIdOk() (*string, bool) {
+	if o == nil || o.AccountId == nil {
+		return nil, false
+	}
+	return o.AccountId, true
+}
+
+// HasAccountId returns a boolean if a field has been set.
+func (o *LogStreamSettingsAws) HasAccountId() bool {
+	if o != nil && o.AccountId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccountId gets a reference to the given string and assigns it to the AccountId field.
+func (o *LogStreamSettingsAws) SetAccountId(v string) {
+	o.AccountId = &v
+}
+
+// GetEventSourceName returns the EventSourceName field value if set, zero value otherwise.
+func (o *LogStreamSettingsAws) GetEventSourceName() string {
+	if o == nil || o.EventSourceName == nil {
+		var ret string
+		return ret
+	}
+	return *o.EventSourceName
+}
+
+// GetEventSourceNameOk returns a tuple with the EventSourceName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsAws) GetEventSourceNameOk() (*string, bool) {
+	if o == nil || o.EventSourceName == nil {
+		return nil, false
+	}
+	return o.EventSourceName, true
+}
+
+// HasEventSourceName returns a boolean if a field has been set.
+func (o *LogStreamSettingsAws) HasEventSourceName() bool {
+	if o != nil && o.EventSourceName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEventSourceName gets a reference to the given string and assigns it to the EventSourceName field.
+func (o *LogStreamSettingsAws) SetEventSourceName(v string) {
+	o.EventSourceName = &v
+}
+
+// GetRegion returns the Region field value if set, zero value otherwise.
+func (o *LogStreamSettingsAws) GetRegion() AwsRegion {
+	if o == nil || o.Region == nil {
+		var ret AwsRegion
+		return ret
+	}
+	return *o.Region
+}
+
+// GetRegionOk returns a tuple with the Region field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsAws) GetRegionOk() (*AwsRegion, bool) {
+	if o == nil || o.Region == nil {
+		return nil, false
+	}
+	return o.Region, true
+}
+
+// HasRegion returns a boolean if a field has been set.
+func (o *LogStreamSettingsAws) HasRegion() bool {
+	if o != nil && o.Region != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegion gets a reference to the given AwsRegion and assigns it to the Region field.
+func (o *LogStreamSettingsAws) SetRegion(v AwsRegion) {
+	o.Region = &v
+}
+
+func (o LogStreamSettingsAws) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AccountId != nil {
+		toSerialize["accountId"] = o.AccountId
+	}
+	if o.EventSourceName != nil {
+		toSerialize["eventSourceName"] = o.EventSourceName
+	}
+	if o.Region != nil {
+		toSerialize["region"] = o.Region
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamSettingsAws) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamSettingsAws := _LogStreamSettingsAws{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSettingsAws)
+	if err == nil {
+		*o = LogStreamSettingsAws(varLogStreamSettingsAws)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "accountId")
+		delete(additionalProperties, "eventSourceName")
+		delete(additionalProperties, "region")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamSettingsAws struct {
+	value *LogStreamSettingsAws
+	isSet bool
+}
+
+func (v NullableLogStreamSettingsAws) Get() *LogStreamSettingsAws {
+	return v.value
+}
+
+func (v *NullableLogStreamSettingsAws) Set(val *LogStreamSettingsAws) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamSettingsAws) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamSettingsAws) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamSettingsAws(val *LogStreamSettingsAws) *NullableLogStreamSettingsAws {
+	return &NullableLogStreamSettingsAws{value: val, isSet: true}
+}
+
+func (v NullableLogStreamSettingsAws) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamSettingsAws) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_settings_aws_all_of.go b/okta/model_log_stream_settings_aws_all_of.go
new file mode 100644
index 000000000..f7b5f0f51
--- /dev/null
+++ b/okta/model_log_stream_settings_aws_all_of.go
@@ -0,0 +1,234 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamSettingsAwsAllOf The AWS EventBridge Settings object specifies the configuration for the `aws_eventbridge` Log Stream type. This can't be modified after creation.
+type LogStreamSettingsAwsAllOf struct {
+	// Your AWS account ID
+	AccountId *string `json:"accountId,omitempty"`
+	// An alphanumeric name (no spaces) to identify this event source in AWS EventBridge
+	EventSourceName      *string    `json:"eventSourceName,omitempty"`
+	Region               *AwsRegion `json:"region,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamSettingsAwsAllOf LogStreamSettingsAwsAllOf
+
+// NewLogStreamSettingsAwsAllOf instantiates a new LogStreamSettingsAwsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamSettingsAwsAllOf() *LogStreamSettingsAwsAllOf {
+	this := LogStreamSettingsAwsAllOf{}
+	return &this
+}
+
+// NewLogStreamSettingsAwsAllOfWithDefaults instantiates a new LogStreamSettingsAwsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamSettingsAwsAllOfWithDefaults() *LogStreamSettingsAwsAllOf {
+	this := LogStreamSettingsAwsAllOf{}
+	return &this
+}
+
+// GetAccountId returns the AccountId field value if set, zero value otherwise.
+func (o *LogStreamSettingsAwsAllOf) GetAccountId() string {
+	if o == nil || o.AccountId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AccountId
+}
+
+// GetAccountIdOk returns a tuple with the AccountId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsAwsAllOf) GetAccountIdOk() (*string, bool) {
+	if o == nil || o.AccountId == nil {
+		return nil, false
+	}
+	return o.AccountId, true
+}
+
+// HasAccountId returns a boolean if a field has been set.
+func (o *LogStreamSettingsAwsAllOf) HasAccountId() bool {
+	if o != nil && o.AccountId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccountId gets a reference to the given string and assigns it to the AccountId field.
+func (o *LogStreamSettingsAwsAllOf) SetAccountId(v string) {
+	o.AccountId = &v
+}
+
+// GetEventSourceName returns the EventSourceName field value if set, zero value otherwise.
+func (o *LogStreamSettingsAwsAllOf) GetEventSourceName() string {
+	if o == nil || o.EventSourceName == nil {
+		var ret string
+		return ret
+	}
+	return *o.EventSourceName
+}
+
+// GetEventSourceNameOk returns a tuple with the EventSourceName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsAwsAllOf) GetEventSourceNameOk() (*string, bool) {
+	if o == nil || o.EventSourceName == nil {
+		return nil, false
+	}
+	return o.EventSourceName, true
+}
+
+// HasEventSourceName returns a boolean if a field has been set.
+func (o *LogStreamSettingsAwsAllOf) HasEventSourceName() bool {
+	if o != nil && o.EventSourceName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEventSourceName gets a reference to the given string and assigns it to the EventSourceName field.
+func (o *LogStreamSettingsAwsAllOf) SetEventSourceName(v string) {
+	o.EventSourceName = &v
+}
+
+// GetRegion returns the Region field value if set, zero value otherwise.
+func (o *LogStreamSettingsAwsAllOf) GetRegion() AwsRegion {
+	if o == nil || o.Region == nil {
+		var ret AwsRegion
+		return ret
+	}
+	return *o.Region
+}
+
+// GetRegionOk returns a tuple with the Region field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsAwsAllOf) GetRegionOk() (*AwsRegion, bool) {
+	if o == nil || o.Region == nil {
+		return nil, false
+	}
+	return o.Region, true
+}
+
+// HasRegion returns a boolean if a field has been set.
+func (o *LogStreamSettingsAwsAllOf) HasRegion() bool {
+	if o != nil && o.Region != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegion gets a reference to the given AwsRegion and assigns it to the Region field.
+func (o *LogStreamSettingsAwsAllOf) SetRegion(v AwsRegion) {
+	o.Region = &v
+}
+
+func (o LogStreamSettingsAwsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AccountId != nil {
+		toSerialize["accountId"] = o.AccountId
+	}
+	if o.EventSourceName != nil {
+		toSerialize["eventSourceName"] = o.EventSourceName
+	}
+	if o.Region != nil {
+		toSerialize["region"] = o.Region
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamSettingsAwsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamSettingsAwsAllOf := _LogStreamSettingsAwsAllOf{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSettingsAwsAllOf)
+	if err == nil {
+		*o = LogStreamSettingsAwsAllOf(varLogStreamSettingsAwsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "accountId")
+		delete(additionalProperties, "eventSourceName")
+		delete(additionalProperties, "region")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamSettingsAwsAllOf struct {
+	value *LogStreamSettingsAwsAllOf
+	isSet bool
+}
+
+func (v NullableLogStreamSettingsAwsAllOf) Get() *LogStreamSettingsAwsAllOf {
+	return v.value
+}
+
+func (v *NullableLogStreamSettingsAwsAllOf) Set(val *LogStreamSettingsAwsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamSettingsAwsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamSettingsAwsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamSettingsAwsAllOf(val *LogStreamSettingsAwsAllOf) *NullableLogStreamSettingsAwsAllOf {
+	return &NullableLogStreamSettingsAwsAllOf{value: val, isSet: true}
+}
+
+func (v NullableLogStreamSettingsAwsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamSettingsAwsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_settings_splunk.go b/okta/model_log_stream_settings_splunk.go
new file mode 100644
index 000000000..6920ad5d9
--- /dev/null
+++ b/okta/model_log_stream_settings_splunk.go
@@ -0,0 +1,197 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamSettingsSplunk struct for LogStreamSettingsSplunk
+type LogStreamSettingsSplunk struct {
+	// The domain name for your Splunk Cloud instance. Don't include `http` or `https` in the string. For example: `acme.splunkcloud.com`
+	Host *string `json:"host,omitempty"`
+	// The HEC token for your Splunk Cloud HTTP Event Collector
+	Token                *string `json:"token,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamSettingsSplunk LogStreamSettingsSplunk
+
+// NewLogStreamSettingsSplunk instantiates a new LogStreamSettingsSplunk object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamSettingsSplunk() *LogStreamSettingsSplunk {
+	this := LogStreamSettingsSplunk{}
+	return &this
+}
+
+// NewLogStreamSettingsSplunkWithDefaults instantiates a new LogStreamSettingsSplunk object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamSettingsSplunkWithDefaults() *LogStreamSettingsSplunk {
+	this := LogStreamSettingsSplunk{}
+	return &this
+}
+
+// GetHost returns the Host field value if set, zero value otherwise.
+func (o *LogStreamSettingsSplunk) GetHost() string {
+	if o == nil || o.Host == nil {
+		var ret string
+		return ret
+	}
+	return *o.Host
+}
+
+// GetHostOk returns a tuple with the Host field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsSplunk) GetHostOk() (*string, bool) {
+	if o == nil || o.Host == nil {
+		return nil, false
+	}
+	return o.Host, true
+}
+
+// HasHost returns a boolean if a field has been set.
+func (o *LogStreamSettingsSplunk) HasHost() bool {
+	if o != nil && o.Host != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHost gets a reference to the given string and assigns it to the Host field.
+func (o *LogStreamSettingsSplunk) SetHost(v string) {
+	o.Host = &v
+}
+
+// GetToken returns the Token field value if set, zero value otherwise.
+func (o *LogStreamSettingsSplunk) GetToken() string {
+	if o == nil || o.Token == nil {
+		var ret string
+		return ret
+	}
+	return *o.Token
+}
+
+// GetTokenOk returns a tuple with the Token field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsSplunk) GetTokenOk() (*string, bool) {
+	if o == nil || o.Token == nil {
+		return nil, false
+	}
+	return o.Token, true
+}
+
+// HasToken returns a boolean if a field has been set.
+func (o *LogStreamSettingsSplunk) HasToken() bool {
+	if o != nil && o.Token != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetToken gets a reference to the given string and assigns it to the Token field.
+func (o *LogStreamSettingsSplunk) SetToken(v string) {
+	o.Token = &v
+}
+
+func (o LogStreamSettingsSplunk) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Host != nil {
+		toSerialize["host"] = o.Host
+	}
+	if o.Token != nil {
+		toSerialize["token"] = o.Token
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamSettingsSplunk) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamSettingsSplunk := _LogStreamSettingsSplunk{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSettingsSplunk)
+	if err == nil {
+		*o = LogStreamSettingsSplunk(varLogStreamSettingsSplunk)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "host")
+		delete(additionalProperties, "token")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamSettingsSplunk struct {
+	value *LogStreamSettingsSplunk
+	isSet bool
+}
+
+func (v NullableLogStreamSettingsSplunk) Get() *LogStreamSettingsSplunk {
+	return v.value
+}
+
+func (v *NullableLogStreamSettingsSplunk) Set(val *LogStreamSettingsSplunk) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamSettingsSplunk) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamSettingsSplunk) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamSettingsSplunk(val *LogStreamSettingsSplunk) *NullableLogStreamSettingsSplunk {
+	return &NullableLogStreamSettingsSplunk{value: val, isSet: true}
+}
+
+func (v NullableLogStreamSettingsSplunk) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamSettingsSplunk) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_settings_splunk_all_of.go b/okta/model_log_stream_settings_splunk_all_of.go
new file mode 100644
index 000000000..1bdf4c060
--- /dev/null
+++ b/okta/model_log_stream_settings_splunk_all_of.go
@@ -0,0 +1,197 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamSettingsSplunkAllOf The Splunk Cloud Settings object specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
+type LogStreamSettingsSplunkAllOf struct {
+	// The domain name for your Splunk Cloud instance. Don't include `http` or `https` in the string. For example: `acme.splunkcloud.com`
+	Host *string `json:"host,omitempty"`
+	// The HEC token for your Splunk Cloud HTTP Event Collector
+	Token                *string `json:"token,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamSettingsSplunkAllOf LogStreamSettingsSplunkAllOf
+
+// NewLogStreamSettingsSplunkAllOf instantiates a new LogStreamSettingsSplunkAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamSettingsSplunkAllOf() *LogStreamSettingsSplunkAllOf {
+	this := LogStreamSettingsSplunkAllOf{}
+	return &this
+}
+
+// NewLogStreamSettingsSplunkAllOfWithDefaults instantiates a new LogStreamSettingsSplunkAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamSettingsSplunkAllOfWithDefaults() *LogStreamSettingsSplunkAllOf {
+	this := LogStreamSettingsSplunkAllOf{}
+	return &this
+}
+
+// GetHost returns the Host field value if set, zero value otherwise.
+func (o *LogStreamSettingsSplunkAllOf) GetHost() string {
+	if o == nil || o.Host == nil {
+		var ret string
+		return ret
+	}
+	return *o.Host
+}
+
+// GetHostOk returns a tuple with the Host field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsSplunkAllOf) GetHostOk() (*string, bool) {
+	if o == nil || o.Host == nil {
+		return nil, false
+	}
+	return o.Host, true
+}
+
+// HasHost returns a boolean if a field has been set.
+func (o *LogStreamSettingsSplunkAllOf) HasHost() bool {
+	if o != nil && o.Host != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHost gets a reference to the given string and assigns it to the Host field.
+func (o *LogStreamSettingsSplunkAllOf) SetHost(v string) {
+	o.Host = &v
+}
+
+// GetToken returns the Token field value if set, zero value otherwise.
+func (o *LogStreamSettingsSplunkAllOf) GetToken() string {
+	if o == nil || o.Token == nil {
+		var ret string
+		return ret
+	}
+	return *o.Token
+}
+
+// GetTokenOk returns a tuple with the Token field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSettingsSplunkAllOf) GetTokenOk() (*string, bool) {
+	if o == nil || o.Token == nil {
+		return nil, false
+	}
+	return o.Token, true
+}
+
+// HasToken returns a boolean if a field has been set.
+func (o *LogStreamSettingsSplunkAllOf) HasToken() bool {
+	if o != nil && o.Token != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetToken gets a reference to the given string and assigns it to the Token field.
+func (o *LogStreamSettingsSplunkAllOf) SetToken(v string) {
+	o.Token = &v
+}
+
+func (o LogStreamSettingsSplunkAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Host != nil {
+		toSerialize["host"] = o.Host
+	}
+	if o.Token != nil {
+		toSerialize["token"] = o.Token
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamSettingsSplunkAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamSettingsSplunkAllOf := _LogStreamSettingsSplunkAllOf{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSettingsSplunkAllOf)
+	if err == nil {
+		*o = LogStreamSettingsSplunkAllOf(varLogStreamSettingsSplunkAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "host")
+		delete(additionalProperties, "token")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamSettingsSplunkAllOf struct {
+	value *LogStreamSettingsSplunkAllOf
+	isSet bool
+}
+
+func (v NullableLogStreamSettingsSplunkAllOf) Get() *LogStreamSettingsSplunkAllOf {
+	return v.value
+}
+
+func (v *NullableLogStreamSettingsSplunkAllOf) Set(val *LogStreamSettingsSplunkAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamSettingsSplunkAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamSettingsSplunkAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamSettingsSplunkAllOf(val *LogStreamSettingsSplunkAllOf) *NullableLogStreamSettingsSplunkAllOf {
+	return &NullableLogStreamSettingsSplunkAllOf{value: val, isSet: true}
+}
+
+func (v NullableLogStreamSettingsSplunkAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamSettingsSplunkAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_splunk.go b/okta/model_log_stream_splunk.go
new file mode 100644
index 000000000..e5cbdedc0
--- /dev/null
+++ b/okta/model_log_stream_splunk.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// LogStreamSplunk struct for LogStreamSplunk
+type LogStreamSplunk struct {
+	LogStream
+	Settings             *LogStreamSettingsSplunk `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamSplunk LogStreamSplunk
+
+// NewLogStreamSplunk instantiates a new LogStreamSplunk object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamSplunk() *LogStreamSplunk {
+	this := LogStreamSplunk{}
+	return &this
+}
+
+// NewLogStreamSplunkWithDefaults instantiates a new LogStreamSplunk object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamSplunkWithDefaults() *LogStreamSplunk {
+	this := LogStreamSplunk{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *LogStreamSplunk) GetSettings() LogStreamSettingsSplunk {
+	if o == nil || o.Settings == nil {
+		var ret LogStreamSettingsSplunk
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSplunk) GetSettingsOk() (*LogStreamSettingsSplunk, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *LogStreamSplunk) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given LogStreamSettingsSplunk and assigns it to the Settings field.
+func (o *LogStreamSplunk) SetSettings(v LogStreamSettingsSplunk) {
+	o.Settings = &v
+}
+
+func (o LogStreamSplunk) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedLogStream, errLogStream := json.Marshal(o.LogStream)
+	if errLogStream != nil {
+		return []byte{}, errLogStream
+	}
+	errLogStream = json.Unmarshal([]byte(serializedLogStream), &toSerialize)
+	if errLogStream != nil {
+		return []byte{}, errLogStream
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamSplunk) UnmarshalJSON(bytes []byte) (err error) {
+	type LogStreamSplunkWithoutEmbeddedStruct struct {
+		Settings *LogStreamSettingsSplunk `json:"settings,omitempty"`
+	}
+
+	varLogStreamSplunkWithoutEmbeddedStruct := LogStreamSplunkWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSplunkWithoutEmbeddedStruct)
+	if err == nil {
+		varLogStreamSplunk := _LogStreamSplunk{}
+		varLogStreamSplunk.Settings = varLogStreamSplunkWithoutEmbeddedStruct.Settings
+		*o = LogStreamSplunk(varLogStreamSplunk)
+	} else {
+		return err
+	}
+
+	varLogStreamSplunk := _LogStreamSplunk{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSplunk)
+	if err == nil {
+		o.LogStream = varLogStreamSplunk.LogStream
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectLogStream := reflect.ValueOf(o.LogStream)
+		for i := 0; i < reflectLogStream.Type().NumField(); i++ {
+			t := reflectLogStream.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamSplunk struct {
+	value *LogStreamSplunk
+	isSet bool
+}
+
+func (v NullableLogStreamSplunk) Get() *LogStreamSplunk {
+	return v.value
+}
+
+func (v *NullableLogStreamSplunk) Set(val *LogStreamSplunk) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamSplunk) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamSplunk) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamSplunk(val *LogStreamSplunk) *NullableLogStreamSplunk {
+	return &NullableLogStreamSplunk{value: val, isSet: true}
+}
+
+func (v NullableLogStreamSplunk) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamSplunk) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_splunk_all_of.go b/okta/model_log_stream_splunk_all_of.go
new file mode 100644
index 000000000..a8f10ecb5
--- /dev/null
+++ b/okta/model_log_stream_splunk_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogStreamSplunkAllOf struct for LogStreamSplunkAllOf
+type LogStreamSplunkAllOf struct {
+	Settings             *LogStreamSettingsSplunk `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogStreamSplunkAllOf LogStreamSplunkAllOf
+
+// NewLogStreamSplunkAllOf instantiates a new LogStreamSplunkAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogStreamSplunkAllOf() *LogStreamSplunkAllOf {
+	this := LogStreamSplunkAllOf{}
+	return &this
+}
+
+// NewLogStreamSplunkAllOfWithDefaults instantiates a new LogStreamSplunkAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogStreamSplunkAllOfWithDefaults() *LogStreamSplunkAllOf {
+	this := LogStreamSplunkAllOf{}
+	return &this
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *LogStreamSplunkAllOf) GetSettings() LogStreamSettingsSplunk {
+	if o == nil || o.Settings == nil {
+		var ret LogStreamSettingsSplunk
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogStreamSplunkAllOf) GetSettingsOk() (*LogStreamSettingsSplunk, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *LogStreamSplunkAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given LogStreamSettingsSplunk and assigns it to the Settings field.
+func (o *LogStreamSplunkAllOf) SetSettings(v LogStreamSettingsSplunk) {
+	o.Settings = &v
+}
+
+func (o LogStreamSplunkAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogStreamSplunkAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varLogStreamSplunkAllOf := _LogStreamSplunkAllOf{}
+
+	err = json.Unmarshal(bytes, &varLogStreamSplunkAllOf)
+	if err == nil {
+		*o = LogStreamSplunkAllOf(varLogStreamSplunkAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogStreamSplunkAllOf struct {
+	value *LogStreamSplunkAllOf
+	isSet bool
+}
+
+func (v NullableLogStreamSplunkAllOf) Get() *LogStreamSplunkAllOf {
+	return v.value
+}
+
+func (v *NullableLogStreamSplunkAllOf) Set(val *LogStreamSplunkAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamSplunkAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamSplunkAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamSplunkAllOf(val *LogStreamSplunkAllOf) *NullableLogStreamSplunkAllOf {
+	return &NullableLogStreamSplunkAllOf{value: val, isSet: true}
+}
+
+func (v NullableLogStreamSplunkAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamSplunkAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_stream_type.go b/okta/model_log_stream_type.go
new file mode 100644
index 000000000..d84def9a6
--- /dev/null
+++ b/okta/model_log_stream_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// LogStreamType The Log Stream type specifies the streaming provider used. Okta supports [AWS EventBridge](https://aws.amazon.com/eventbridge/) and [Splunk Cloud](https://www.splunk.com/en_us/software/splunk-cloud-platform.html).
+type LogStreamType string
+
+// List of LogStreamType
+const (
+	LOGSTREAMTYPE_AWS_EVENTBRIDGE           LogStreamType = "aws_eventbridge"
+	LOGSTREAMTYPE_SPLUNK_CLOUD_LOGSTREAMING LogStreamType = "splunk_cloud_logstreaming"
+)
+
+// All allowed values of LogStreamType enum
+var AllowedLogStreamTypeEnumValues = []LogStreamType{
+	"aws_eventbridge",
+	"splunk_cloud_logstreaming",
+}
+
+func (v *LogStreamType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := LogStreamType(value)
+	for _, existing := range AllowedLogStreamTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid LogStreamType", value)
+}
+
+// NewLogStreamTypeFromValue returns a pointer to a valid LogStreamType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewLogStreamTypeFromValue(v string) (*LogStreamType, error) {
+	ev := LogStreamType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for LogStreamType: valid values are %v", v, AllowedLogStreamTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v LogStreamType) IsValid() bool {
+	for _, existing := range AllowedLogStreamTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to LogStreamType value
+func (v LogStreamType) Ptr() *LogStreamType {
+	return &v
+}
+
+type NullableLogStreamType struct {
+	value *LogStreamType
+	isSet bool
+}
+
+func (v NullableLogStreamType) Get() *LogStreamType {
+	return v.value
+}
+
+func (v *NullableLogStreamType) Set(val *LogStreamType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogStreamType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogStreamType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogStreamType(val *LogStreamType) *NullableLogStreamType {
+	return &NullableLogStreamType{value: val, isSet: true}
+}
+
+func (v NullableLogStreamType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogStreamType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_target.go b/okta/model_log_target.go
new file mode 100644
index 000000000..1fee37cfa
--- /dev/null
+++ b/okta/model_log_target.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogTarget struct for LogTarget
+type LogTarget struct {
+	AlternateId          *string                           `json:"alternateId,omitempty"`
+	DetailEntry          map[string]map[string]interface{} `json:"detailEntry,omitempty"`
+	DisplayName          *string                           `json:"displayName,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Type                 *string                           `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogTarget LogTarget
+
+// NewLogTarget instantiates a new LogTarget object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogTarget() *LogTarget {
+	this := LogTarget{}
+	return &this
+}
+
+// NewLogTargetWithDefaults instantiates a new LogTarget object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogTargetWithDefaults() *LogTarget {
+	this := LogTarget{}
+	return &this
+}
+
+// GetAlternateId returns the AlternateId field value if set, zero value otherwise.
+func (o *LogTarget) GetAlternateId() string {
+	if o == nil || o.AlternateId == nil {
+		var ret string
+		return ret
+	}
+	return *o.AlternateId
+}
+
+// GetAlternateIdOk returns a tuple with the AlternateId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTarget) GetAlternateIdOk() (*string, bool) {
+	if o == nil || o.AlternateId == nil {
+		return nil, false
+	}
+	return o.AlternateId, true
+}
+
+// HasAlternateId returns a boolean if a field has been set.
+func (o *LogTarget) HasAlternateId() bool {
+	if o != nil && o.AlternateId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlternateId gets a reference to the given string and assigns it to the AlternateId field.
+func (o *LogTarget) SetAlternateId(v string) {
+	o.AlternateId = &v
+}
+
+// GetDetailEntry returns the DetailEntry field value if set, zero value otherwise.
+func (o *LogTarget) GetDetailEntry() map[string]map[string]interface{} {
+	if o == nil || o.DetailEntry == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.DetailEntry
+}
+
+// GetDetailEntryOk returns a tuple with the DetailEntry field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTarget) GetDetailEntryOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.DetailEntry == nil {
+		return nil, false
+	}
+	return o.DetailEntry, true
+}
+
+// HasDetailEntry returns a boolean if a field has been set.
+func (o *LogTarget) HasDetailEntry() bool {
+	if o != nil && o.DetailEntry != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDetailEntry gets a reference to the given map[string]map[string]interface{} and assigns it to the DetailEntry field.
+func (o *LogTarget) SetDetailEntry(v map[string]map[string]interface{}) {
+	o.DetailEntry = v
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *LogTarget) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTarget) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *LogTarget) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *LogTarget) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *LogTarget) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTarget) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *LogTarget) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *LogTarget) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *LogTarget) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTarget) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *LogTarget) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *LogTarget) SetType(v string) {
+	o.Type = &v
+}
+
+func (o LogTarget) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AlternateId != nil {
+		toSerialize["alternateId"] = o.AlternateId
+	}
+	if o.DetailEntry != nil {
+		toSerialize["detailEntry"] = o.DetailEntry
+	}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogTarget) UnmarshalJSON(bytes []byte) (err error) {
+	varLogTarget := _LogTarget{}
+
+	err = json.Unmarshal(bytes, &varLogTarget)
+	if err == nil {
+		*o = LogTarget(varLogTarget)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "alternateId")
+		delete(additionalProperties, "detailEntry")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogTarget struct {
+	value *LogTarget
+	isSet bool
+}
+
+func (v NullableLogTarget) Get() *LogTarget {
+	return v.value
+}
+
+func (v *NullableLogTarget) Set(val *LogTarget) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogTarget) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogTarget) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogTarget(val *LogTarget) *NullableLogTarget {
+	return &NullableLogTarget{value: val, isSet: true}
+}
+
+func (v NullableLogTarget) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogTarget) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_transaction.go b/okta/model_log_transaction.go
new file mode 100644
index 000000000..0ef3d80be
--- /dev/null
+++ b/okta/model_log_transaction.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogTransaction struct for LogTransaction
+type LogTransaction struct {
+	Detail               map[string]map[string]interface{} `json:"detail,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Type                 *string                           `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogTransaction LogTransaction
+
+// NewLogTransaction instantiates a new LogTransaction object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogTransaction() *LogTransaction {
+	this := LogTransaction{}
+	return &this
+}
+
+// NewLogTransactionWithDefaults instantiates a new LogTransaction object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogTransactionWithDefaults() *LogTransaction {
+	this := LogTransaction{}
+	return &this
+}
+
+// GetDetail returns the Detail field value if set, zero value otherwise.
+func (o *LogTransaction) GetDetail() map[string]map[string]interface{} {
+	if o == nil || o.Detail == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Detail
+}
+
+// GetDetailOk returns a tuple with the Detail field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTransaction) GetDetailOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Detail == nil {
+		return nil, false
+	}
+	return o.Detail, true
+}
+
+// HasDetail returns a boolean if a field has been set.
+func (o *LogTransaction) HasDetail() bool {
+	if o != nil && o.Detail != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDetail gets a reference to the given map[string]map[string]interface{} and assigns it to the Detail field.
+func (o *LogTransaction) SetDetail(v map[string]map[string]interface{}) {
+	o.Detail = v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *LogTransaction) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTransaction) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *LogTransaction) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *LogTransaction) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *LogTransaction) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogTransaction) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *LogTransaction) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *LogTransaction) SetType(v string) {
+	o.Type = &v
+}
+
+func (o LogTransaction) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Detail != nil {
+		toSerialize["detail"] = o.Detail
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogTransaction) UnmarshalJSON(bytes []byte) (err error) {
+	varLogTransaction := _LogTransaction{}
+
+	err = json.Unmarshal(bytes, &varLogTransaction)
+	if err == nil {
+		*o = LogTransaction(varLogTransaction)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "detail")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogTransaction struct {
+	value *LogTransaction
+	isSet bool
+}
+
+func (v NullableLogTransaction) Get() *LogTransaction {
+	return v.value
+}
+
+func (v *NullableLogTransaction) Set(val *LogTransaction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogTransaction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogTransaction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogTransaction(val *LogTransaction) *NullableLogTransaction {
+	return &NullableLogTransaction{value: val, isSet: true}
+}
+
+func (v NullableLogTransaction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogTransaction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_log_user_agent.go b/okta/model_log_user_agent.go
new file mode 100644
index 000000000..1dcf96c7d
--- /dev/null
+++ b/okta/model_log_user_agent.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// LogUserAgent struct for LogUserAgent
+type LogUserAgent struct {
+	Browser              *string `json:"browser,omitempty"`
+	Os                   *string `json:"os,omitempty"`
+	RawUserAgent         *string `json:"rawUserAgent,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _LogUserAgent LogUserAgent
+
+// NewLogUserAgent instantiates a new LogUserAgent object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewLogUserAgent() *LogUserAgent {
+	this := LogUserAgent{}
+	return &this
+}
+
+// NewLogUserAgentWithDefaults instantiates a new LogUserAgent object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewLogUserAgentWithDefaults() *LogUserAgent {
+	this := LogUserAgent{}
+	return &this
+}
+
+// GetBrowser returns the Browser field value if set, zero value otherwise.
+func (o *LogUserAgent) GetBrowser() string {
+	if o == nil || o.Browser == nil {
+		var ret string
+		return ret
+	}
+	return *o.Browser
+}
+
+// GetBrowserOk returns a tuple with the Browser field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogUserAgent) GetBrowserOk() (*string, bool) {
+	if o == nil || o.Browser == nil {
+		return nil, false
+	}
+	return o.Browser, true
+}
+
+// HasBrowser returns a boolean if a field has been set.
+func (o *LogUserAgent) HasBrowser() bool {
+	if o != nil && o.Browser != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrowser gets a reference to the given string and assigns it to the Browser field.
+func (o *LogUserAgent) SetBrowser(v string) {
+	o.Browser = &v
+}
+
+// GetOs returns the Os field value if set, zero value otherwise.
+func (o *LogUserAgent) GetOs() string {
+	if o == nil || o.Os == nil {
+		var ret string
+		return ret
+	}
+	return *o.Os
+}
+
+// GetOsOk returns a tuple with the Os field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogUserAgent) GetOsOk() (*string, bool) {
+	if o == nil || o.Os == nil {
+		return nil, false
+	}
+	return o.Os, true
+}
+
+// HasOs returns a boolean if a field has been set.
+func (o *LogUserAgent) HasOs() bool {
+	if o != nil && o.Os != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOs gets a reference to the given string and assigns it to the Os field.
+func (o *LogUserAgent) SetOs(v string) {
+	o.Os = &v
+}
+
+// GetRawUserAgent returns the RawUserAgent field value if set, zero value otherwise.
+func (o *LogUserAgent) GetRawUserAgent() string {
+	if o == nil || o.RawUserAgent == nil {
+		var ret string
+		return ret
+	}
+	return *o.RawUserAgent
+}
+
+// GetRawUserAgentOk returns a tuple with the RawUserAgent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *LogUserAgent) GetRawUserAgentOk() (*string, bool) {
+	if o == nil || o.RawUserAgent == nil {
+		return nil, false
+	}
+	return o.RawUserAgent, true
+}
+
+// HasRawUserAgent returns a boolean if a field has been set.
+func (o *LogUserAgent) HasRawUserAgent() bool {
+	if o != nil && o.RawUserAgent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRawUserAgent gets a reference to the given string and assigns it to the RawUserAgent field.
+func (o *LogUserAgent) SetRawUserAgent(v string) {
+	o.RawUserAgent = &v
+}
+
+func (o LogUserAgent) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Browser != nil {
+		toSerialize["browser"] = o.Browser
+	}
+	if o.Os != nil {
+		toSerialize["os"] = o.Os
+	}
+	if o.RawUserAgent != nil {
+		toSerialize["rawUserAgent"] = o.RawUserAgent
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *LogUserAgent) UnmarshalJSON(bytes []byte) (err error) {
+	varLogUserAgent := _LogUserAgent{}
+
+	err = json.Unmarshal(bytes, &varLogUserAgent)
+	if err == nil {
+		*o = LogUserAgent(varLogUserAgent)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "browser")
+		delete(additionalProperties, "os")
+		delete(additionalProperties, "rawUserAgent")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableLogUserAgent struct {
+	value *LogUserAgent
+	isSet bool
+}
+
+func (v NullableLogUserAgent) Get() *LogUserAgent {
+	return v.value
+}
+
+func (v *NullableLogUserAgent) Set(val *LogUserAgent) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableLogUserAgent) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableLogUserAgent) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableLogUserAgent(val *LogUserAgent) *NullableLogUserAgent {
+	return &NullableLogUserAgent{value: val, isSet: true}
+}
+
+func (v NullableLogUserAgent) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableLogUserAgent) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_mdm_enrollment_policy_enrollment.go b/okta/model_mdm_enrollment_policy_enrollment.go
new file mode 100644
index 000000000..a79a41351
--- /dev/null
+++ b/okta/model_mdm_enrollment_policy_enrollment.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// MDMEnrollmentPolicyEnrollment the model 'MDMEnrollmentPolicyEnrollment'
+type MDMEnrollmentPolicyEnrollment string
+
+// List of MDMEnrollmentPolicyEnrollment
+const (
+	MDMENROLLMENTPOLICYENROLLMENT_ANY_OR_NONE MDMEnrollmentPolicyEnrollment = "ANY_OR_NONE"
+	MDMENROLLMENTPOLICYENROLLMENT_OMM         MDMEnrollmentPolicyEnrollment = "OMM"
+)
+
+// All allowed values of MDMEnrollmentPolicyEnrollment enum
+var AllowedMDMEnrollmentPolicyEnrollmentEnumValues = []MDMEnrollmentPolicyEnrollment{
+	"ANY_OR_NONE",
+	"OMM",
+}
+
+func (v *MDMEnrollmentPolicyEnrollment) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := MDMEnrollmentPolicyEnrollment(value)
+	for _, existing := range AllowedMDMEnrollmentPolicyEnrollmentEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid MDMEnrollmentPolicyEnrollment", value)
+}
+
+// NewMDMEnrollmentPolicyEnrollmentFromValue returns a pointer to a valid MDMEnrollmentPolicyEnrollment
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewMDMEnrollmentPolicyEnrollmentFromValue(v string) (*MDMEnrollmentPolicyEnrollment, error) {
+	ev := MDMEnrollmentPolicyEnrollment(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for MDMEnrollmentPolicyEnrollment: valid values are %v", v, AllowedMDMEnrollmentPolicyEnrollmentEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v MDMEnrollmentPolicyEnrollment) IsValid() bool {
+	for _, existing := range AllowedMDMEnrollmentPolicyEnrollmentEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to MDMEnrollmentPolicyEnrollment value
+func (v MDMEnrollmentPolicyEnrollment) Ptr() *MDMEnrollmentPolicyEnrollment {
+	return &v
+}
+
+type NullableMDMEnrollmentPolicyEnrollment struct {
+	value *MDMEnrollmentPolicyEnrollment
+	isSet bool
+}
+
+func (v NullableMDMEnrollmentPolicyEnrollment) Get() *MDMEnrollmentPolicyEnrollment {
+	return v.value
+}
+
+func (v *NullableMDMEnrollmentPolicyEnrollment) Set(val *MDMEnrollmentPolicyEnrollment) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMDMEnrollmentPolicyEnrollment) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMDMEnrollmentPolicyEnrollment) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMDMEnrollmentPolicyEnrollment(val *MDMEnrollmentPolicyEnrollment) *NullableMDMEnrollmentPolicyEnrollment {
+	return &NullableMDMEnrollmentPolicyEnrollment{value: val, isSet: true}
+}
+
+func (v NullableMDMEnrollmentPolicyEnrollment) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMDMEnrollmentPolicyEnrollment) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_mdm_enrollment_policy_rule_condition.go b/okta/model_mdm_enrollment_policy_rule_condition.go
new file mode 100644
index 000000000..a464b1bbc
--- /dev/null
+++ b/okta/model_mdm_enrollment_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// MDMEnrollmentPolicyRuleCondition struct for MDMEnrollmentPolicyRuleCondition
+type MDMEnrollmentPolicyRuleCondition struct {
+	BlockNonSafeAndroid  *bool                          `json:"blockNonSafeAndroid,omitempty"`
+	Enrollment           *MDMEnrollmentPolicyEnrollment `json:"enrollment,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _MDMEnrollmentPolicyRuleCondition MDMEnrollmentPolicyRuleCondition
+
+// NewMDMEnrollmentPolicyRuleCondition instantiates a new MDMEnrollmentPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewMDMEnrollmentPolicyRuleCondition() *MDMEnrollmentPolicyRuleCondition {
+	this := MDMEnrollmentPolicyRuleCondition{}
+	return &this
+}
+
+// NewMDMEnrollmentPolicyRuleConditionWithDefaults instantiates a new MDMEnrollmentPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewMDMEnrollmentPolicyRuleConditionWithDefaults() *MDMEnrollmentPolicyRuleCondition {
+	this := MDMEnrollmentPolicyRuleCondition{}
+	return &this
+}
+
+// GetBlockNonSafeAndroid returns the BlockNonSafeAndroid field value if set, zero value otherwise.
+func (o *MDMEnrollmentPolicyRuleCondition) GetBlockNonSafeAndroid() bool {
+	if o == nil || o.BlockNonSafeAndroid == nil {
+		var ret bool
+		return ret
+	}
+	return *o.BlockNonSafeAndroid
+}
+
+// GetBlockNonSafeAndroidOk returns a tuple with the BlockNonSafeAndroid field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MDMEnrollmentPolicyRuleCondition) GetBlockNonSafeAndroidOk() (*bool, bool) {
+	if o == nil || o.BlockNonSafeAndroid == nil {
+		return nil, false
+	}
+	return o.BlockNonSafeAndroid, true
+}
+
+// HasBlockNonSafeAndroid returns a boolean if a field has been set.
+func (o *MDMEnrollmentPolicyRuleCondition) HasBlockNonSafeAndroid() bool {
+	if o != nil && o.BlockNonSafeAndroid != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBlockNonSafeAndroid gets a reference to the given bool and assigns it to the BlockNonSafeAndroid field.
+func (o *MDMEnrollmentPolicyRuleCondition) SetBlockNonSafeAndroid(v bool) {
+	o.BlockNonSafeAndroid = &v
+}
+
+// GetEnrollment returns the Enrollment field value if set, zero value otherwise.
+func (o *MDMEnrollmentPolicyRuleCondition) GetEnrollment() MDMEnrollmentPolicyEnrollment {
+	if o == nil || o.Enrollment == nil {
+		var ret MDMEnrollmentPolicyEnrollment
+		return ret
+	}
+	return *o.Enrollment
+}
+
+// GetEnrollmentOk returns a tuple with the Enrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MDMEnrollmentPolicyRuleCondition) GetEnrollmentOk() (*MDMEnrollmentPolicyEnrollment, bool) {
+	if o == nil || o.Enrollment == nil {
+		return nil, false
+	}
+	return o.Enrollment, true
+}
+
+// HasEnrollment returns a boolean if a field has been set.
+func (o *MDMEnrollmentPolicyRuleCondition) HasEnrollment() bool {
+	if o != nil && o.Enrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnrollment gets a reference to the given MDMEnrollmentPolicyEnrollment and assigns it to the Enrollment field.
+func (o *MDMEnrollmentPolicyRuleCondition) SetEnrollment(v MDMEnrollmentPolicyEnrollment) {
+	o.Enrollment = &v
+}
+
+func (o MDMEnrollmentPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BlockNonSafeAndroid != nil {
+		toSerialize["blockNonSafeAndroid"] = o.BlockNonSafeAndroid
+	}
+	if o.Enrollment != nil {
+		toSerialize["enrollment"] = o.Enrollment
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *MDMEnrollmentPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varMDMEnrollmentPolicyRuleCondition := _MDMEnrollmentPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varMDMEnrollmentPolicyRuleCondition)
+	if err == nil {
+		*o = MDMEnrollmentPolicyRuleCondition(varMDMEnrollmentPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "blockNonSafeAndroid")
+		delete(additionalProperties, "enrollment")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableMDMEnrollmentPolicyRuleCondition struct {
+	value *MDMEnrollmentPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableMDMEnrollmentPolicyRuleCondition) Get() *MDMEnrollmentPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableMDMEnrollmentPolicyRuleCondition) Set(val *MDMEnrollmentPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMDMEnrollmentPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMDMEnrollmentPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMDMEnrollmentPolicyRuleCondition(val *MDMEnrollmentPolicyRuleCondition) *NullableMDMEnrollmentPolicyRuleCondition {
+	return &NullableMDMEnrollmentPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableMDMEnrollmentPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMDMEnrollmentPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy.go b/okta/model_multifactor_enrollment_policy.go
new file mode 100644
index 000000000..0ea9fb10c
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy.go
@@ -0,0 +1,242 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// MultifactorEnrollmentPolicy struct for MultifactorEnrollmentPolicy
+type MultifactorEnrollmentPolicy struct {
+	Policy
+	Conditions           *PolicyRuleConditions                `json:"conditions,omitempty"`
+	Settings             *MultifactorEnrollmentPolicySettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _MultifactorEnrollmentPolicy MultifactorEnrollmentPolicy
+
+// NewMultifactorEnrollmentPolicy instantiates a new MultifactorEnrollmentPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewMultifactorEnrollmentPolicy() *MultifactorEnrollmentPolicy {
+	this := MultifactorEnrollmentPolicy{}
+	return &this
+}
+
+// NewMultifactorEnrollmentPolicyWithDefaults instantiates a new MultifactorEnrollmentPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewMultifactorEnrollmentPolicyWithDefaults() *MultifactorEnrollmentPolicy {
+	this := MultifactorEnrollmentPolicy{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicy) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicy) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicy) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *MultifactorEnrollmentPolicy) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicy) GetSettings() MultifactorEnrollmentPolicySettings {
+	if o == nil || o.Settings == nil {
+		var ret MultifactorEnrollmentPolicySettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicy) GetSettingsOk() (*MultifactorEnrollmentPolicySettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicy) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given MultifactorEnrollmentPolicySettings and assigns it to the Settings field.
+func (o *MultifactorEnrollmentPolicy) SetSettings(v MultifactorEnrollmentPolicySettings) {
+	o.Settings = &v
+}
+
+func (o MultifactorEnrollmentPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicy, errPolicy := json.Marshal(o.Policy)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	errPolicy = json.Unmarshal([]byte(serializedPolicy), &toSerialize)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *MultifactorEnrollmentPolicy) UnmarshalJSON(bytes []byte) (err error) {
+	type MultifactorEnrollmentPolicyWithoutEmbeddedStruct struct {
+		Conditions *PolicyRuleConditions                `json:"conditions,omitempty"`
+		Settings   *MultifactorEnrollmentPolicySettings `json:"settings,omitempty"`
+	}
+
+	varMultifactorEnrollmentPolicyWithoutEmbeddedStruct := MultifactorEnrollmentPolicyWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varMultifactorEnrollmentPolicyWithoutEmbeddedStruct)
+	if err == nil {
+		varMultifactorEnrollmentPolicy := _MultifactorEnrollmentPolicy{}
+		varMultifactorEnrollmentPolicy.Conditions = varMultifactorEnrollmentPolicyWithoutEmbeddedStruct.Conditions
+		varMultifactorEnrollmentPolicy.Settings = varMultifactorEnrollmentPolicyWithoutEmbeddedStruct.Settings
+		*o = MultifactorEnrollmentPolicy(varMultifactorEnrollmentPolicy)
+	} else {
+		return err
+	}
+
+	varMultifactorEnrollmentPolicy := _MultifactorEnrollmentPolicy{}
+
+	err = json.Unmarshal(bytes, &varMultifactorEnrollmentPolicy)
+	if err == nil {
+		o.Policy = varMultifactorEnrollmentPolicy.Policy
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectPolicy := reflect.ValueOf(o.Policy)
+		for i := 0; i < reflectPolicy.Type().NumField(); i++ {
+			t := reflectPolicy.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableMultifactorEnrollmentPolicy struct {
+	value *MultifactorEnrollmentPolicy
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicy) Get() *MultifactorEnrollmentPolicy {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicy) Set(val *MultifactorEnrollmentPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicy(val *MultifactorEnrollmentPolicy) *NullableMultifactorEnrollmentPolicy {
+	return &NullableMultifactorEnrollmentPolicy{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy_all_of.go b/okta/model_multifactor_enrollment_policy_all_of.go
new file mode 100644
index 000000000..f77a60d35
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// MultifactorEnrollmentPolicyAllOf struct for MultifactorEnrollmentPolicyAllOf
+type MultifactorEnrollmentPolicyAllOf struct {
+	Conditions           *PolicyRuleConditions                `json:"conditions,omitempty"`
+	Settings             *MultifactorEnrollmentPolicySettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _MultifactorEnrollmentPolicyAllOf MultifactorEnrollmentPolicyAllOf
+
+// NewMultifactorEnrollmentPolicyAllOf instantiates a new MultifactorEnrollmentPolicyAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewMultifactorEnrollmentPolicyAllOf() *MultifactorEnrollmentPolicyAllOf {
+	this := MultifactorEnrollmentPolicyAllOf{}
+	return &this
+}
+
+// NewMultifactorEnrollmentPolicyAllOfWithDefaults instantiates a new MultifactorEnrollmentPolicyAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewMultifactorEnrollmentPolicyAllOfWithDefaults() *MultifactorEnrollmentPolicyAllOf {
+	this := MultifactorEnrollmentPolicyAllOf{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicyAllOf) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicyAllOf) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicyAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *MultifactorEnrollmentPolicyAllOf) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicyAllOf) GetSettings() MultifactorEnrollmentPolicySettings {
+	if o == nil || o.Settings == nil {
+		var ret MultifactorEnrollmentPolicySettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicyAllOf) GetSettingsOk() (*MultifactorEnrollmentPolicySettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicyAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given MultifactorEnrollmentPolicySettings and assigns it to the Settings field.
+func (o *MultifactorEnrollmentPolicyAllOf) SetSettings(v MultifactorEnrollmentPolicySettings) {
+	o.Settings = &v
+}
+
+func (o MultifactorEnrollmentPolicyAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *MultifactorEnrollmentPolicyAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varMultifactorEnrollmentPolicyAllOf := _MultifactorEnrollmentPolicyAllOf{}
+
+	err = json.Unmarshal(bytes, &varMultifactorEnrollmentPolicyAllOf)
+	if err == nil {
+		*o = MultifactorEnrollmentPolicyAllOf(varMultifactorEnrollmentPolicyAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableMultifactorEnrollmentPolicyAllOf struct {
+	value *MultifactorEnrollmentPolicyAllOf
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicyAllOf) Get() *MultifactorEnrollmentPolicyAllOf {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAllOf) Set(val *MultifactorEnrollmentPolicyAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicyAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicyAllOf(val *MultifactorEnrollmentPolicyAllOf) *NullableMultifactorEnrollmentPolicyAllOf {
+	return &NullableMultifactorEnrollmentPolicyAllOf{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicyAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy_authenticator_settings.go b/okta/model_multifactor_enrollment_policy_authenticator_settings.go
new file mode 100644
index 000000000..6f035b6d3
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy_authenticator_settings.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// MultifactorEnrollmentPolicyAuthenticatorSettings struct for MultifactorEnrollmentPolicyAuthenticatorSettings
+type MultifactorEnrollmentPolicyAuthenticatorSettings struct {
+	Enroll               *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll `json:"enroll,omitempty"`
+	Key                  *MultifactorEnrollmentPolicyAuthenticatorType           `json:"key,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _MultifactorEnrollmentPolicyAuthenticatorSettings MultifactorEnrollmentPolicyAuthenticatorSettings
+
+// NewMultifactorEnrollmentPolicyAuthenticatorSettings instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewMultifactorEnrollmentPolicyAuthenticatorSettings() *MultifactorEnrollmentPolicyAuthenticatorSettings {
+	this := MultifactorEnrollmentPolicyAuthenticatorSettings{}
+	return &this
+}
+
+// NewMultifactorEnrollmentPolicyAuthenticatorSettingsWithDefaults instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewMultifactorEnrollmentPolicyAuthenticatorSettingsWithDefaults() *MultifactorEnrollmentPolicyAuthenticatorSettings {
+	this := MultifactorEnrollmentPolicyAuthenticatorSettings{}
+	return &this
+}
+
+// GetEnroll returns the Enroll field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetEnroll() MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll {
+	if o == nil || o.Enroll == nil {
+		var ret MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll
+		return ret
+	}
+	return *o.Enroll
+}
+
+// GetEnrollOk returns a tuple with the Enroll field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetEnrollOk() (*MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll, bool) {
+	if o == nil || o.Enroll == nil {
+		return nil, false
+	}
+	return o.Enroll, true
+}
+
+// HasEnroll returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) HasEnroll() bool {
+	if o != nil && o.Enroll != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnroll gets a reference to the given MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll and assigns it to the Enroll field.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) SetEnroll(v MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) {
+	o.Enroll = &v
+}
+
+// GetKey returns the Key field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetKey() MultifactorEnrollmentPolicyAuthenticatorType {
+	if o == nil || o.Key == nil {
+		var ret MultifactorEnrollmentPolicyAuthenticatorType
+		return ret
+	}
+	return *o.Key
+}
+
+// GetKeyOk returns a tuple with the Key field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) GetKeyOk() (*MultifactorEnrollmentPolicyAuthenticatorType, bool) {
+	if o == nil || o.Key == nil {
+		return nil, false
+	}
+	return o.Key, true
+}
+
+// HasKey returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) HasKey() bool {
+	if o != nil && o.Key != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKey gets a reference to the given MultifactorEnrollmentPolicyAuthenticatorType and assigns it to the Key field.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) SetKey(v MultifactorEnrollmentPolicyAuthenticatorType) {
+	o.Key = &v
+}
+
+func (o MultifactorEnrollmentPolicyAuthenticatorSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enroll != nil {
+		toSerialize["enroll"] = o.Enroll
+	}
+	if o.Key != nil {
+		toSerialize["key"] = o.Key
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varMultifactorEnrollmentPolicyAuthenticatorSettings := _MultifactorEnrollmentPolicyAuthenticatorSettings{}
+
+	err = json.Unmarshal(bytes, &varMultifactorEnrollmentPolicyAuthenticatorSettings)
+	if err == nil {
+		*o = MultifactorEnrollmentPolicyAuthenticatorSettings(varMultifactorEnrollmentPolicyAuthenticatorSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enroll")
+		delete(additionalProperties, "key")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableMultifactorEnrollmentPolicyAuthenticatorSettings struct {
+	value *MultifactorEnrollmentPolicyAuthenticatorSettings
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorSettings) Get() *MultifactorEnrollmentPolicyAuthenticatorSettings {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorSettings) Set(val *MultifactorEnrollmentPolicyAuthenticatorSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicyAuthenticatorSettings(val *MultifactorEnrollmentPolicyAuthenticatorSettings) *NullableMultifactorEnrollmentPolicyAuthenticatorSettings {
+	return &NullableMultifactorEnrollmentPolicyAuthenticatorSettings{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy_authenticator_settings_enroll.go b/okta/model_multifactor_enrollment_policy_authenticator_settings_enroll.go
new file mode 100644
index 000000000..a300a046e
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy_authenticator_settings_enroll.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll struct for MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll
+type MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll struct {
+	Self                 *MultifactorEnrollmentPolicyAuthenticatorStatus `json:"self,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll
+
+// NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll() *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll {
+	this := MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll{}
+	return &this
+}
+
+// NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnrollWithDefaults instantiates a new MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewMultifactorEnrollmentPolicyAuthenticatorSettingsEnrollWithDefaults() *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll {
+	this := MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) GetSelf() MultifactorEnrollmentPolicyAuthenticatorStatus {
+	if o == nil || o.Self == nil {
+		var ret MultifactorEnrollmentPolicyAuthenticatorStatus
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) GetSelfOk() (*MultifactorEnrollmentPolicyAuthenticatorStatus, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given MultifactorEnrollmentPolicyAuthenticatorStatus and assigns it to the Self field.
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) SetSelf(v MultifactorEnrollmentPolicyAuthenticatorStatus) {
+	o.Self = &v
+}
+
+func (o MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) UnmarshalJSON(bytes []byte) (err error) {
+	varMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll := _MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll{}
+
+	err = json.Unmarshal(bytes, &varMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll)
+	if err == nil {
+		*o = MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll(varMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll struct {
+	value *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) Get() *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) Set(val *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll(val *MultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) *NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll {
+	return &NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorSettingsEnroll) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy_authenticator_status.go b/okta/model_multifactor_enrollment_policy_authenticator_status.go
new file mode 100644
index 000000000..76e3304cc
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy_authenticator_status.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// MultifactorEnrollmentPolicyAuthenticatorStatus the model 'MultifactorEnrollmentPolicyAuthenticatorStatus'
+type MultifactorEnrollmentPolicyAuthenticatorStatus string
+
+// List of MultifactorEnrollmentPolicyAuthenticatorStatus
+const (
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORSTATUS_NOT_ALLOWED MultifactorEnrollmentPolicyAuthenticatorStatus = "NOT_ALLOWED"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORSTATUS_OPTIONAL    MultifactorEnrollmentPolicyAuthenticatorStatus = "OPTIONAL"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORSTATUS_REQUIRED    MultifactorEnrollmentPolicyAuthenticatorStatus = "REQUIRED"
+)
+
+// All allowed values of MultifactorEnrollmentPolicyAuthenticatorStatus enum
+var AllowedMultifactorEnrollmentPolicyAuthenticatorStatusEnumValues = []MultifactorEnrollmentPolicyAuthenticatorStatus{
+	"NOT_ALLOWED",
+	"OPTIONAL",
+	"REQUIRED",
+}
+
+func (v *MultifactorEnrollmentPolicyAuthenticatorStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := MultifactorEnrollmentPolicyAuthenticatorStatus(value)
+	for _, existing := range AllowedMultifactorEnrollmentPolicyAuthenticatorStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid MultifactorEnrollmentPolicyAuthenticatorStatus", value)
+}
+
+// NewMultifactorEnrollmentPolicyAuthenticatorStatusFromValue returns a pointer to a valid MultifactorEnrollmentPolicyAuthenticatorStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewMultifactorEnrollmentPolicyAuthenticatorStatusFromValue(v string) (*MultifactorEnrollmentPolicyAuthenticatorStatus, error) {
+	ev := MultifactorEnrollmentPolicyAuthenticatorStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for MultifactorEnrollmentPolicyAuthenticatorStatus: valid values are %v", v, AllowedMultifactorEnrollmentPolicyAuthenticatorStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v MultifactorEnrollmentPolicyAuthenticatorStatus) IsValid() bool {
+	for _, existing := range AllowedMultifactorEnrollmentPolicyAuthenticatorStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to MultifactorEnrollmentPolicyAuthenticatorStatus value
+func (v MultifactorEnrollmentPolicyAuthenticatorStatus) Ptr() *MultifactorEnrollmentPolicyAuthenticatorStatus {
+	return &v
+}
+
+type NullableMultifactorEnrollmentPolicyAuthenticatorStatus struct {
+	value *MultifactorEnrollmentPolicyAuthenticatorStatus
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorStatus) Get() *MultifactorEnrollmentPolicyAuthenticatorStatus {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorStatus) Set(val *MultifactorEnrollmentPolicyAuthenticatorStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicyAuthenticatorStatus(val *MultifactorEnrollmentPolicyAuthenticatorStatus) *NullableMultifactorEnrollmentPolicyAuthenticatorStatus {
+	return &NullableMultifactorEnrollmentPolicyAuthenticatorStatus{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy_authenticator_type.go b/okta/model_multifactor_enrollment_policy_authenticator_type.go
new file mode 100644
index 000000000..1e4eb1ac9
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy_authenticator_type.go
@@ -0,0 +1,150 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// MultifactorEnrollmentPolicyAuthenticatorType the model 'MultifactorEnrollmentPolicyAuthenticatorType'
+type MultifactorEnrollmentPolicyAuthenticatorType string
+
+// List of MultifactorEnrollmentPolicyAuthenticatorType
+const (
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_CUSTOM_APP        MultifactorEnrollmentPolicyAuthenticatorType = "custom_app"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_CUSTOM_OTP        MultifactorEnrollmentPolicyAuthenticatorType = "custom_otp"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_DUO               MultifactorEnrollmentPolicyAuthenticatorType = "duo"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_EXTERNAL_IDP      MultifactorEnrollmentPolicyAuthenticatorType = "external_idp"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_GOOGLE_OTP        MultifactorEnrollmentPolicyAuthenticatorType = "google_otp"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_OKTA_EMAIL        MultifactorEnrollmentPolicyAuthenticatorType = "okta_email"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_OKTA_PASSWORD     MultifactorEnrollmentPolicyAuthenticatorType = "okta_password"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_OKTA_VERIFY       MultifactorEnrollmentPolicyAuthenticatorType = "okta_verify"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_ONPREM_MFA        MultifactorEnrollmentPolicyAuthenticatorType = "onprem_mfa"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_PHONE_NUMBER      MultifactorEnrollmentPolicyAuthenticatorType = "phone_number"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_RSA_TOKEN         MultifactorEnrollmentPolicyAuthenticatorType = "rsa_token"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_SECURITY_QUESTION MultifactorEnrollmentPolicyAuthenticatorType = "security_question"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_SYMANTEC_VIP      MultifactorEnrollmentPolicyAuthenticatorType = "symantec_vip"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_WEBAUTHN          MultifactorEnrollmentPolicyAuthenticatorType = "webauthn"
+	MULTIFACTORENROLLMENTPOLICYAUTHENTICATORTYPE_YUBIKEY_TOKEN     MultifactorEnrollmentPolicyAuthenticatorType = "yubikey_token"
+)
+
+// All allowed values of MultifactorEnrollmentPolicyAuthenticatorType enum
+var AllowedMultifactorEnrollmentPolicyAuthenticatorTypeEnumValues = []MultifactorEnrollmentPolicyAuthenticatorType{
+	"custom_app",
+	"custom_otp",
+	"duo",
+	"external_idp",
+	"google_otp",
+	"okta_email",
+	"okta_password",
+	"okta_verify",
+	"onprem_mfa",
+	"phone_number",
+	"rsa_token",
+	"security_question",
+	"symantec_vip",
+	"webauthn",
+	"yubikey_token",
+}
+
+func (v *MultifactorEnrollmentPolicyAuthenticatorType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := MultifactorEnrollmentPolicyAuthenticatorType(value)
+	for _, existing := range AllowedMultifactorEnrollmentPolicyAuthenticatorTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid MultifactorEnrollmentPolicyAuthenticatorType", value)
+}
+
+// NewMultifactorEnrollmentPolicyAuthenticatorTypeFromValue returns a pointer to a valid MultifactorEnrollmentPolicyAuthenticatorType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewMultifactorEnrollmentPolicyAuthenticatorTypeFromValue(v string) (*MultifactorEnrollmentPolicyAuthenticatorType, error) {
+	ev := MultifactorEnrollmentPolicyAuthenticatorType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for MultifactorEnrollmentPolicyAuthenticatorType: valid values are %v", v, AllowedMultifactorEnrollmentPolicyAuthenticatorTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v MultifactorEnrollmentPolicyAuthenticatorType) IsValid() bool {
+	for _, existing := range AllowedMultifactorEnrollmentPolicyAuthenticatorTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to MultifactorEnrollmentPolicyAuthenticatorType value
+func (v MultifactorEnrollmentPolicyAuthenticatorType) Ptr() *MultifactorEnrollmentPolicyAuthenticatorType {
+	return &v
+}
+
+type NullableMultifactorEnrollmentPolicyAuthenticatorType struct {
+	value *MultifactorEnrollmentPolicyAuthenticatorType
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorType) Get() *MultifactorEnrollmentPolicyAuthenticatorType {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorType) Set(val *MultifactorEnrollmentPolicyAuthenticatorType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicyAuthenticatorType(val *MultifactorEnrollmentPolicyAuthenticatorType) *NullableMultifactorEnrollmentPolicyAuthenticatorType {
+	return &NullableMultifactorEnrollmentPolicyAuthenticatorType{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicyAuthenticatorType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicyAuthenticatorType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy_settings.go b/okta/model_multifactor_enrollment_policy_settings.go
new file mode 100644
index 000000000..64cf52bcb
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy_settings.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// MultifactorEnrollmentPolicySettings struct for MultifactorEnrollmentPolicySettings
+type MultifactorEnrollmentPolicySettings struct {
+	Authenticators       []MultifactorEnrollmentPolicyAuthenticatorSettings `json:"authenticators,omitempty"`
+	Type                 *MultifactorEnrollmentPolicySettingsType           `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _MultifactorEnrollmentPolicySettings MultifactorEnrollmentPolicySettings
+
+// NewMultifactorEnrollmentPolicySettings instantiates a new MultifactorEnrollmentPolicySettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewMultifactorEnrollmentPolicySettings() *MultifactorEnrollmentPolicySettings {
+	this := MultifactorEnrollmentPolicySettings{}
+	return &this
+}
+
+// NewMultifactorEnrollmentPolicySettingsWithDefaults instantiates a new MultifactorEnrollmentPolicySettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewMultifactorEnrollmentPolicySettingsWithDefaults() *MultifactorEnrollmentPolicySettings {
+	this := MultifactorEnrollmentPolicySettings{}
+	return &this
+}
+
+// GetAuthenticators returns the Authenticators field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicySettings) GetAuthenticators() []MultifactorEnrollmentPolicyAuthenticatorSettings {
+	if o == nil || o.Authenticators == nil {
+		var ret []MultifactorEnrollmentPolicyAuthenticatorSettings
+		return ret
+	}
+	return o.Authenticators
+}
+
+// GetAuthenticatorsOk returns a tuple with the Authenticators field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicySettings) GetAuthenticatorsOk() ([]MultifactorEnrollmentPolicyAuthenticatorSettings, bool) {
+	if o == nil || o.Authenticators == nil {
+		return nil, false
+	}
+	return o.Authenticators, true
+}
+
+// HasAuthenticators returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicySettings) HasAuthenticators() bool {
+	if o != nil && o.Authenticators != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthenticators gets a reference to the given []MultifactorEnrollmentPolicyAuthenticatorSettings and assigns it to the Authenticators field.
+func (o *MultifactorEnrollmentPolicySettings) SetAuthenticators(v []MultifactorEnrollmentPolicyAuthenticatorSettings) {
+	o.Authenticators = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *MultifactorEnrollmentPolicySettings) GetType() MultifactorEnrollmentPolicySettingsType {
+	if o == nil || o.Type == nil {
+		var ret MultifactorEnrollmentPolicySettingsType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *MultifactorEnrollmentPolicySettings) GetTypeOk() (*MultifactorEnrollmentPolicySettingsType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *MultifactorEnrollmentPolicySettings) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given MultifactorEnrollmentPolicySettingsType and assigns it to the Type field.
+func (o *MultifactorEnrollmentPolicySettings) SetType(v MultifactorEnrollmentPolicySettingsType) {
+	o.Type = &v
+}
+
+func (o MultifactorEnrollmentPolicySettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Authenticators != nil {
+		toSerialize["authenticators"] = o.Authenticators
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *MultifactorEnrollmentPolicySettings) UnmarshalJSON(bytes []byte) (err error) {
+	varMultifactorEnrollmentPolicySettings := _MultifactorEnrollmentPolicySettings{}
+
+	err = json.Unmarshal(bytes, &varMultifactorEnrollmentPolicySettings)
+	if err == nil {
+		*o = MultifactorEnrollmentPolicySettings(varMultifactorEnrollmentPolicySettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authenticators")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableMultifactorEnrollmentPolicySettings struct {
+	value *MultifactorEnrollmentPolicySettings
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicySettings) Get() *MultifactorEnrollmentPolicySettings {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicySettings) Set(val *MultifactorEnrollmentPolicySettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicySettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicySettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicySettings(val *MultifactorEnrollmentPolicySettings) *NullableMultifactorEnrollmentPolicySettings {
+	return &NullableMultifactorEnrollmentPolicySettings{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicySettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicySettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_multifactor_enrollment_policy_settings_type.go b/okta/model_multifactor_enrollment_policy_settings_type.go
new file mode 100644
index 000000000..f73090d6f
--- /dev/null
+++ b/okta/model_multifactor_enrollment_policy_settings_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// MultifactorEnrollmentPolicySettingsType the model 'MultifactorEnrollmentPolicySettingsType'
+type MultifactorEnrollmentPolicySettingsType string
+
+// List of MultifactorEnrollmentPolicySettingsType
+const (
+	MULTIFACTORENROLLMENTPOLICYSETTINGSTYPE_AUTHENTICATORS MultifactorEnrollmentPolicySettingsType = "AUTHENTICATORS"
+)
+
+// All allowed values of MultifactorEnrollmentPolicySettingsType enum
+var AllowedMultifactorEnrollmentPolicySettingsTypeEnumValues = []MultifactorEnrollmentPolicySettingsType{
+	"AUTHENTICATORS",
+}
+
+func (v *MultifactorEnrollmentPolicySettingsType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := MultifactorEnrollmentPolicySettingsType(value)
+	for _, existing := range AllowedMultifactorEnrollmentPolicySettingsTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid MultifactorEnrollmentPolicySettingsType", value)
+}
+
+// NewMultifactorEnrollmentPolicySettingsTypeFromValue returns a pointer to a valid MultifactorEnrollmentPolicySettingsType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewMultifactorEnrollmentPolicySettingsTypeFromValue(v string) (*MultifactorEnrollmentPolicySettingsType, error) {
+	ev := MultifactorEnrollmentPolicySettingsType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for MultifactorEnrollmentPolicySettingsType: valid values are %v", v, AllowedMultifactorEnrollmentPolicySettingsTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v MultifactorEnrollmentPolicySettingsType) IsValid() bool {
+	for _, existing := range AllowedMultifactorEnrollmentPolicySettingsTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to MultifactorEnrollmentPolicySettingsType value
+func (v MultifactorEnrollmentPolicySettingsType) Ptr() *MultifactorEnrollmentPolicySettingsType {
+	return &v
+}
+
+type NullableMultifactorEnrollmentPolicySettingsType struct {
+	value *MultifactorEnrollmentPolicySettingsType
+	isSet bool
+}
+
+func (v NullableMultifactorEnrollmentPolicySettingsType) Get() *MultifactorEnrollmentPolicySettingsType {
+	return v.value
+}
+
+func (v *NullableMultifactorEnrollmentPolicySettingsType) Set(val *MultifactorEnrollmentPolicySettingsType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableMultifactorEnrollmentPolicySettingsType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableMultifactorEnrollmentPolicySettingsType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableMultifactorEnrollmentPolicySettingsType(val *MultifactorEnrollmentPolicySettingsType) *NullableMultifactorEnrollmentPolicySettingsType {
+	return &NullableMultifactorEnrollmentPolicySettingsType{value: val, isSet: true}
+}
+
+func (v NullableMultifactorEnrollmentPolicySettingsType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableMultifactorEnrollmentPolicySettingsType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_network_zone.go b/okta/model_network_zone.go
new file mode 100644
index 000000000..0f640e133
--- /dev/null
+++ b/okta/model_network_zone.go
@@ -0,0 +1,647 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// NetworkZone struct for NetworkZone
+type NetworkZone struct {
+	// Format of each array value: a string representation of an ASN numeric value
+	Asns    []string   `json:"asns,omitempty"`
+	Created *time.Time `json:"created,omitempty"`
+	// IP addresses (range or CIDR form) of this Zone. The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone.
+	Gateways    []NetworkZoneAddress `json:"gateways,omitempty"`
+	Id          *string              `json:"id,omitempty"`
+	LastUpdated *time.Time           `json:"lastUpdated,omitempty"`
+	// The geolocations of this Zone
+	Locations []NetworkZoneLocation `json:"locations,omitempty"`
+	// Unique name for this Zone. Maximum of 128 characters.
+	Name *string `json:"name,omitempty"`
+	// IP address (range or CIDR form) that are allowed to forward a request from gateway addresses. These proxies are automatically trusted by Threat Insights, and used to identify the client IP of a request. The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone.
+	Proxies []NetworkZoneAddress `json:"proxies,omitempty"`
+	// One of: `\"\"` or `null` (when not specified), `Any` (meaning any proxy), `Tor`, or `NotTorAnonymizer`
+	ProxyType *string            `json:"proxyType,omitempty"`
+	Status    *NetworkZoneStatus `json:"status,omitempty"`
+	// Indicates if this is a system Network Zone. For admin-created zones, this is always `false`. The system IP Policy Network Zone (`LegacyIpZone`) is included by default in your Okta org. Notice that `system=true` for the `LegacyIpZone` object. Admin users can modify the name of this default system Zone and can add up to 5000 gateway or proxy IP entries.
+	System               *bool                             `json:"system,omitempty"`
+	Type                 *NetworkZoneType                  `json:"type,omitempty"`
+	Usage                *NetworkZoneUsage                 `json:"usage,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _NetworkZone NetworkZone
+
+// NewNetworkZone instantiates a new NetworkZone object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewNetworkZone() *NetworkZone {
+	this := NetworkZone{}
+	return &this
+}
+
+// NewNetworkZoneWithDefaults instantiates a new NetworkZone object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewNetworkZoneWithDefaults() *NetworkZone {
+	this := NetworkZone{}
+	return &this
+}
+
+// GetAsns returns the Asns field value if set, zero value otherwise.
+func (o *NetworkZone) GetAsns() []string {
+	if o == nil || o.Asns == nil {
+		var ret []string
+		return ret
+	}
+	return o.Asns
+}
+
+// GetAsnsOk returns a tuple with the Asns field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetAsnsOk() ([]string, bool) {
+	if o == nil || o.Asns == nil {
+		return nil, false
+	}
+	return o.Asns, true
+}
+
+// HasAsns returns a boolean if a field has been set.
+func (o *NetworkZone) HasAsns() bool {
+	if o != nil && o.Asns != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAsns gets a reference to the given []string and assigns it to the Asns field.
+func (o *NetworkZone) SetAsns(v []string) {
+	o.Asns = v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *NetworkZone) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *NetworkZone) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *NetworkZone) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetGateways returns the Gateways field value if set, zero value otherwise.
+func (o *NetworkZone) GetGateways() []NetworkZoneAddress {
+	if o == nil || o.Gateways == nil {
+		var ret []NetworkZoneAddress
+		return ret
+	}
+	return o.Gateways
+}
+
+// GetGatewaysOk returns a tuple with the Gateways field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetGatewaysOk() ([]NetworkZoneAddress, bool) {
+	if o == nil || o.Gateways == nil {
+		return nil, false
+	}
+	return o.Gateways, true
+}
+
+// HasGateways returns a boolean if a field has been set.
+func (o *NetworkZone) HasGateways() bool {
+	if o != nil && o.Gateways != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGateways gets a reference to the given []NetworkZoneAddress and assigns it to the Gateways field.
+func (o *NetworkZone) SetGateways(v []NetworkZoneAddress) {
+	o.Gateways = v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *NetworkZone) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *NetworkZone) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *NetworkZone) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *NetworkZone) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *NetworkZone) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *NetworkZone) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLocations returns the Locations field value if set, zero value otherwise.
+func (o *NetworkZone) GetLocations() []NetworkZoneLocation {
+	if o == nil || o.Locations == nil {
+		var ret []NetworkZoneLocation
+		return ret
+	}
+	return o.Locations
+}
+
+// GetLocationsOk returns a tuple with the Locations field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetLocationsOk() ([]NetworkZoneLocation, bool) {
+	if o == nil || o.Locations == nil {
+		return nil, false
+	}
+	return o.Locations, true
+}
+
+// HasLocations returns a boolean if a field has been set.
+func (o *NetworkZone) HasLocations() bool {
+	if o != nil && o.Locations != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLocations gets a reference to the given []NetworkZoneLocation and assigns it to the Locations field.
+func (o *NetworkZone) SetLocations(v []NetworkZoneLocation) {
+	o.Locations = v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *NetworkZone) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *NetworkZone) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *NetworkZone) SetName(v string) {
+	o.Name = &v
+}
+
+// GetProxies returns the Proxies field value if set, zero value otherwise.
+func (o *NetworkZone) GetProxies() []NetworkZoneAddress {
+	if o == nil || o.Proxies == nil {
+		var ret []NetworkZoneAddress
+		return ret
+	}
+	return o.Proxies
+}
+
+// GetProxiesOk returns a tuple with the Proxies field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetProxiesOk() ([]NetworkZoneAddress, bool) {
+	if o == nil || o.Proxies == nil {
+		return nil, false
+	}
+	return o.Proxies, true
+}
+
+// HasProxies returns a boolean if a field has been set.
+func (o *NetworkZone) HasProxies() bool {
+	if o != nil && o.Proxies != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProxies gets a reference to the given []NetworkZoneAddress and assigns it to the Proxies field.
+func (o *NetworkZone) SetProxies(v []NetworkZoneAddress) {
+	o.Proxies = v
+}
+
+// GetProxyType returns the ProxyType field value if set, zero value otherwise.
+func (o *NetworkZone) GetProxyType() string {
+	if o == nil || o.ProxyType == nil {
+		var ret string
+		return ret
+	}
+	return *o.ProxyType
+}
+
+// GetProxyTypeOk returns a tuple with the ProxyType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetProxyTypeOk() (*string, bool) {
+	if o == nil || o.ProxyType == nil {
+		return nil, false
+	}
+	return o.ProxyType, true
+}
+
+// HasProxyType returns a boolean if a field has been set.
+func (o *NetworkZone) HasProxyType() bool {
+	if o != nil && o.ProxyType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProxyType gets a reference to the given string and assigns it to the ProxyType field.
+func (o *NetworkZone) SetProxyType(v string) {
+	o.ProxyType = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *NetworkZone) GetStatus() NetworkZoneStatus {
+	if o == nil || o.Status == nil {
+		var ret NetworkZoneStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetStatusOk() (*NetworkZoneStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *NetworkZone) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given NetworkZoneStatus and assigns it to the Status field.
+func (o *NetworkZone) SetStatus(v NetworkZoneStatus) {
+	o.Status = &v
+}
+
+// GetSystem returns the System field value if set, zero value otherwise.
+func (o *NetworkZone) GetSystem() bool {
+	if o == nil || o.System == nil {
+		var ret bool
+		return ret
+	}
+	return *o.System
+}
+
+// GetSystemOk returns a tuple with the System field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetSystemOk() (*bool, bool) {
+	if o == nil || o.System == nil {
+		return nil, false
+	}
+	return o.System, true
+}
+
+// HasSystem returns a boolean if a field has been set.
+func (o *NetworkZone) HasSystem() bool {
+	if o != nil && o.System != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSystem gets a reference to the given bool and assigns it to the System field.
+func (o *NetworkZone) SetSystem(v bool) {
+	o.System = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *NetworkZone) GetType() NetworkZoneType {
+	if o == nil || o.Type == nil {
+		var ret NetworkZoneType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetTypeOk() (*NetworkZoneType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *NetworkZone) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given NetworkZoneType and assigns it to the Type field.
+func (o *NetworkZone) SetType(v NetworkZoneType) {
+	o.Type = &v
+}
+
+// GetUsage returns the Usage field value if set, zero value otherwise.
+func (o *NetworkZone) GetUsage() NetworkZoneUsage {
+	if o == nil || o.Usage == nil {
+		var ret NetworkZoneUsage
+		return ret
+	}
+	return *o.Usage
+}
+
+// GetUsageOk returns a tuple with the Usage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetUsageOk() (*NetworkZoneUsage, bool) {
+	if o == nil || o.Usage == nil {
+		return nil, false
+	}
+	return o.Usage, true
+}
+
+// HasUsage returns a boolean if a field has been set.
+func (o *NetworkZone) HasUsage() bool {
+	if o != nil && o.Usage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsage gets a reference to the given NetworkZoneUsage and assigns it to the Usage field.
+func (o *NetworkZone) SetUsage(v NetworkZoneUsage) {
+	o.Usage = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *NetworkZone) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZone) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *NetworkZone) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *NetworkZone) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o NetworkZone) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Asns != nil {
+		toSerialize["asns"] = o.Asns
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Gateways != nil {
+		toSerialize["gateways"] = o.Gateways
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Locations != nil {
+		toSerialize["locations"] = o.Locations
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Proxies != nil {
+		toSerialize["proxies"] = o.Proxies
+	}
+	if o.ProxyType != nil {
+		toSerialize["proxyType"] = o.ProxyType
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.System != nil {
+		toSerialize["system"] = o.System
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Usage != nil {
+		toSerialize["usage"] = o.Usage
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *NetworkZone) UnmarshalJSON(bytes []byte) (err error) {
+	varNetworkZone := _NetworkZone{}
+
+	err = json.Unmarshal(bytes, &varNetworkZone)
+	if err == nil {
+		*o = NetworkZone(varNetworkZone)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "asns")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "gateways")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "locations")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "proxies")
+		delete(additionalProperties, "proxyType")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "system")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "usage")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableNetworkZone struct {
+	value *NetworkZone
+	isSet bool
+}
+
+func (v NullableNetworkZone) Get() *NetworkZone {
+	return v.value
+}
+
+func (v *NullableNetworkZone) Set(val *NetworkZone) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNetworkZone) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNetworkZone) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNetworkZone(val *NetworkZone) *NullableNetworkZone {
+	return &NullableNetworkZone{value: val, isSet: true}
+}
+
+func (v NullableNetworkZone) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNetworkZone) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_network_zone_address.go b/okta/model_network_zone_address.go
new file mode 100644
index 000000000..87ebe91b9
--- /dev/null
+++ b/okta/model_network_zone_address.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// NetworkZoneAddress Specifies the value of an IP address expressed using either `range` or `CIDR` form.
+type NetworkZoneAddress struct {
+	Type                 *NetworkZoneAddressType `json:"type,omitempty"`
+	Value                *string                 `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _NetworkZoneAddress NetworkZoneAddress
+
+// NewNetworkZoneAddress instantiates a new NetworkZoneAddress object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewNetworkZoneAddress() *NetworkZoneAddress {
+	this := NetworkZoneAddress{}
+	return &this
+}
+
+// NewNetworkZoneAddressWithDefaults instantiates a new NetworkZoneAddress object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewNetworkZoneAddressWithDefaults() *NetworkZoneAddress {
+	this := NetworkZoneAddress{}
+	return &this
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *NetworkZoneAddress) GetType() NetworkZoneAddressType {
+	if o == nil || o.Type == nil {
+		var ret NetworkZoneAddressType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZoneAddress) GetTypeOk() (*NetworkZoneAddressType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *NetworkZoneAddress) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given NetworkZoneAddressType and assigns it to the Type field.
+func (o *NetworkZoneAddress) SetType(v NetworkZoneAddressType) {
+	o.Type = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *NetworkZoneAddress) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZoneAddress) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *NetworkZoneAddress) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *NetworkZoneAddress) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o NetworkZoneAddress) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *NetworkZoneAddress) UnmarshalJSON(bytes []byte) (err error) {
+	varNetworkZoneAddress := _NetworkZoneAddress{}
+
+	err = json.Unmarshal(bytes, &varNetworkZoneAddress)
+	if err == nil {
+		*o = NetworkZoneAddress(varNetworkZoneAddress)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableNetworkZoneAddress struct {
+	value *NetworkZoneAddress
+	isSet bool
+}
+
+func (v NullableNetworkZoneAddress) Get() *NetworkZoneAddress {
+	return v.value
+}
+
+func (v *NullableNetworkZoneAddress) Set(val *NetworkZoneAddress) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNetworkZoneAddress) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNetworkZoneAddress) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNetworkZoneAddress(val *NetworkZoneAddress) *NullableNetworkZoneAddress {
+	return &NullableNetworkZoneAddress{value: val, isSet: true}
+}
+
+func (v NullableNetworkZoneAddress) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNetworkZoneAddress) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_network_zone_address_type.go b/okta/model_network_zone_address_type.go
new file mode 100644
index 000000000..773705c39
--- /dev/null
+++ b/okta/model_network_zone_address_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// NetworkZoneAddressType the model 'NetworkZoneAddressType'
+type NetworkZoneAddressType string
+
+// List of NetworkZoneAddressType
+const (
+	NETWORKZONEADDRESSTYPE_CIDR  NetworkZoneAddressType = "CIDR"
+	NETWORKZONEADDRESSTYPE_RANGE NetworkZoneAddressType = "RANGE"
+)
+
+// All allowed values of NetworkZoneAddressType enum
+var AllowedNetworkZoneAddressTypeEnumValues = []NetworkZoneAddressType{
+	"CIDR",
+	"RANGE",
+}
+
+func (v *NetworkZoneAddressType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := NetworkZoneAddressType(value)
+	for _, existing := range AllowedNetworkZoneAddressTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid NetworkZoneAddressType", value)
+}
+
+// NewNetworkZoneAddressTypeFromValue returns a pointer to a valid NetworkZoneAddressType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewNetworkZoneAddressTypeFromValue(v string) (*NetworkZoneAddressType, error) {
+	ev := NetworkZoneAddressType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for NetworkZoneAddressType: valid values are %v", v, AllowedNetworkZoneAddressTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v NetworkZoneAddressType) IsValid() bool {
+	for _, existing := range AllowedNetworkZoneAddressTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to NetworkZoneAddressType value
+func (v NetworkZoneAddressType) Ptr() *NetworkZoneAddressType {
+	return &v
+}
+
+type NullableNetworkZoneAddressType struct {
+	value *NetworkZoneAddressType
+	isSet bool
+}
+
+func (v NullableNetworkZoneAddressType) Get() *NetworkZoneAddressType {
+	return v.value
+}
+
+func (v *NullableNetworkZoneAddressType) Set(val *NetworkZoneAddressType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNetworkZoneAddressType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNetworkZoneAddressType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNetworkZoneAddressType(val *NetworkZoneAddressType) *NullableNetworkZoneAddressType {
+	return &NullableNetworkZoneAddressType{value: val, isSet: true}
+}
+
+func (v NullableNetworkZoneAddressType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNetworkZoneAddressType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_network_zone_location.go b/okta/model_network_zone_location.go
new file mode 100644
index 000000000..79b3d8018
--- /dev/null
+++ b/okta/model_network_zone_location.go
@@ -0,0 +1,197 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// NetworkZoneLocation struct for NetworkZoneLocation
+type NetworkZoneLocation struct {
+	// Format of the country value: length 2 [ISO-3166-1](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) country code. Do not use continent codes as they are treated as generic codes for undesignated countries.
+	Country *string `json:"country,omitempty"`
+	// Format of the region value (optional): region code [ISO-3166-2](https://en.wikipedia.org/wiki/ISO_3166-2) appended to country code (`countryCode-regionCode`), or `null` if empty. Do not use continent codes as they are treated as generic codes for undesignated regions.
+	Region               *string `json:"region,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _NetworkZoneLocation NetworkZoneLocation
+
+// NewNetworkZoneLocation instantiates a new NetworkZoneLocation object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewNetworkZoneLocation() *NetworkZoneLocation {
+	this := NetworkZoneLocation{}
+	return &this
+}
+
+// NewNetworkZoneLocationWithDefaults instantiates a new NetworkZoneLocation object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewNetworkZoneLocationWithDefaults() *NetworkZoneLocation {
+	this := NetworkZoneLocation{}
+	return &this
+}
+
+// GetCountry returns the Country field value if set, zero value otherwise.
+func (o *NetworkZoneLocation) GetCountry() string {
+	if o == nil || o.Country == nil {
+		var ret string
+		return ret
+	}
+	return *o.Country
+}
+
+// GetCountryOk returns a tuple with the Country field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZoneLocation) GetCountryOk() (*string, bool) {
+	if o == nil || o.Country == nil {
+		return nil, false
+	}
+	return o.Country, true
+}
+
+// HasCountry returns a boolean if a field has been set.
+func (o *NetworkZoneLocation) HasCountry() bool {
+	if o != nil && o.Country != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCountry gets a reference to the given string and assigns it to the Country field.
+func (o *NetworkZoneLocation) SetCountry(v string) {
+	o.Country = &v
+}
+
+// GetRegion returns the Region field value if set, zero value otherwise.
+func (o *NetworkZoneLocation) GetRegion() string {
+	if o == nil || o.Region == nil {
+		var ret string
+		return ret
+	}
+	return *o.Region
+}
+
+// GetRegionOk returns a tuple with the Region field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *NetworkZoneLocation) GetRegionOk() (*string, bool) {
+	if o == nil || o.Region == nil {
+		return nil, false
+	}
+	return o.Region, true
+}
+
+// HasRegion returns a boolean if a field has been set.
+func (o *NetworkZoneLocation) HasRegion() bool {
+	if o != nil && o.Region != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegion gets a reference to the given string and assigns it to the Region field.
+func (o *NetworkZoneLocation) SetRegion(v string) {
+	o.Region = &v
+}
+
+func (o NetworkZoneLocation) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Country != nil {
+		toSerialize["country"] = o.Country
+	}
+	if o.Region != nil {
+		toSerialize["region"] = o.Region
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *NetworkZoneLocation) UnmarshalJSON(bytes []byte) (err error) {
+	varNetworkZoneLocation := _NetworkZoneLocation{}
+
+	err = json.Unmarshal(bytes, &varNetworkZoneLocation)
+	if err == nil {
+		*o = NetworkZoneLocation(varNetworkZoneLocation)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "country")
+		delete(additionalProperties, "region")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableNetworkZoneLocation struct {
+	value *NetworkZoneLocation
+	isSet bool
+}
+
+func (v NullableNetworkZoneLocation) Get() *NetworkZoneLocation {
+	return v.value
+}
+
+func (v *NullableNetworkZoneLocation) Set(val *NetworkZoneLocation) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNetworkZoneLocation) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNetworkZoneLocation) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNetworkZoneLocation(val *NetworkZoneLocation) *NullableNetworkZoneLocation {
+	return &NullableNetworkZoneLocation{value: val, isSet: true}
+}
+
+func (v NullableNetworkZoneLocation) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNetworkZoneLocation) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_network_zone_status.go b/okta/model_network_zone_status.go
new file mode 100644
index 000000000..c64f6adf0
--- /dev/null
+++ b/okta/model_network_zone_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// NetworkZoneStatus the model 'NetworkZoneStatus'
+type NetworkZoneStatus string
+
+// List of NetworkZoneStatus
+const (
+	NETWORKZONESTATUS_ACTIVE   NetworkZoneStatus = "ACTIVE"
+	NETWORKZONESTATUS_INACTIVE NetworkZoneStatus = "INACTIVE"
+)
+
+// All allowed values of NetworkZoneStatus enum
+var AllowedNetworkZoneStatusEnumValues = []NetworkZoneStatus{
+	"ACTIVE",
+	"INACTIVE",
+}
+
+func (v *NetworkZoneStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := NetworkZoneStatus(value)
+	for _, existing := range AllowedNetworkZoneStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid NetworkZoneStatus", value)
+}
+
+// NewNetworkZoneStatusFromValue returns a pointer to a valid NetworkZoneStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewNetworkZoneStatusFromValue(v string) (*NetworkZoneStatus, error) {
+	ev := NetworkZoneStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for NetworkZoneStatus: valid values are %v", v, AllowedNetworkZoneStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v NetworkZoneStatus) IsValid() bool {
+	for _, existing := range AllowedNetworkZoneStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to NetworkZoneStatus value
+func (v NetworkZoneStatus) Ptr() *NetworkZoneStatus {
+	return &v
+}
+
+type NullableNetworkZoneStatus struct {
+	value *NetworkZoneStatus
+	isSet bool
+}
+
+func (v NullableNetworkZoneStatus) Get() *NetworkZoneStatus {
+	return v.value
+}
+
+func (v *NullableNetworkZoneStatus) Set(val *NetworkZoneStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNetworkZoneStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNetworkZoneStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNetworkZoneStatus(val *NetworkZoneStatus) *NullableNetworkZoneStatus {
+	return &NullableNetworkZoneStatus{value: val, isSet: true}
+}
+
+func (v NullableNetworkZoneStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNetworkZoneStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_network_zone_type.go b/okta/model_network_zone_type.go
new file mode 100644
index 000000000..8ae0dd646
--- /dev/null
+++ b/okta/model_network_zone_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// NetworkZoneType the model 'NetworkZoneType'
+type NetworkZoneType string
+
+// List of NetworkZoneType
+const (
+	NETWORKZONETYPE_DYNAMIC NetworkZoneType = "DYNAMIC"
+	NETWORKZONETYPE_IP      NetworkZoneType = "IP"
+)
+
+// All allowed values of NetworkZoneType enum
+var AllowedNetworkZoneTypeEnumValues = []NetworkZoneType{
+	"DYNAMIC",
+	"IP",
+}
+
+func (v *NetworkZoneType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := NetworkZoneType(value)
+	for _, existing := range AllowedNetworkZoneTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid NetworkZoneType", value)
+}
+
+// NewNetworkZoneTypeFromValue returns a pointer to a valid NetworkZoneType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewNetworkZoneTypeFromValue(v string) (*NetworkZoneType, error) {
+	ev := NetworkZoneType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for NetworkZoneType: valid values are %v", v, AllowedNetworkZoneTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v NetworkZoneType) IsValid() bool {
+	for _, existing := range AllowedNetworkZoneTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to NetworkZoneType value
+func (v NetworkZoneType) Ptr() *NetworkZoneType {
+	return &v
+}
+
+type NullableNetworkZoneType struct {
+	value *NetworkZoneType
+	isSet bool
+}
+
+func (v NullableNetworkZoneType) Get() *NetworkZoneType {
+	return v.value
+}
+
+func (v *NullableNetworkZoneType) Set(val *NetworkZoneType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNetworkZoneType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNetworkZoneType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNetworkZoneType(val *NetworkZoneType) *NullableNetworkZoneType {
+	return &NullableNetworkZoneType{value: val, isSet: true}
+}
+
+func (v NullableNetworkZoneType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNetworkZoneType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_network_zone_usage.go b/okta/model_network_zone_usage.go
new file mode 100644
index 000000000..4da623b69
--- /dev/null
+++ b/okta/model_network_zone_usage.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// NetworkZoneUsage the model 'NetworkZoneUsage'
+type NetworkZoneUsage string
+
+// List of NetworkZoneUsage
+const (
+	NETWORKZONEUSAGE_BLOCKLIST NetworkZoneUsage = "BLOCKLIST"
+	NETWORKZONEUSAGE_POLICY    NetworkZoneUsage = "POLICY"
+)
+
+// All allowed values of NetworkZoneUsage enum
+var AllowedNetworkZoneUsageEnumValues = []NetworkZoneUsage{
+	"BLOCKLIST",
+	"POLICY",
+}
+
+func (v *NetworkZoneUsage) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := NetworkZoneUsage(value)
+	for _, existing := range AllowedNetworkZoneUsageEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid NetworkZoneUsage", value)
+}
+
+// NewNetworkZoneUsageFromValue returns a pointer to a valid NetworkZoneUsage
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewNetworkZoneUsageFromValue(v string) (*NetworkZoneUsage, error) {
+	ev := NetworkZoneUsage(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for NetworkZoneUsage: valid values are %v", v, AllowedNetworkZoneUsageEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v NetworkZoneUsage) IsValid() bool {
+	for _, existing := range AllowedNetworkZoneUsageEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to NetworkZoneUsage value
+func (v NetworkZoneUsage) Ptr() *NetworkZoneUsage {
+	return &v
+}
+
+type NullableNetworkZoneUsage struct {
+	value *NetworkZoneUsage
+	isSet bool
+}
+
+func (v NullableNetworkZoneUsage) Get() *NetworkZoneUsage {
+	return v.value
+}
+
+func (v *NullableNetworkZoneUsage) Set(val *NetworkZoneUsage) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNetworkZoneUsage) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNetworkZoneUsage) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNetworkZoneUsage(val *NetworkZoneUsage) *NullableNetworkZoneUsage {
+	return &NullableNetworkZoneUsage{value: val, isSet: true}
+}
+
+func (v NullableNetworkZoneUsage) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNetworkZoneUsage) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_notification_type.go b/okta/model_notification_type.go
new file mode 100644
index 000000000..a8848fa19
--- /dev/null
+++ b/okta/model_notification_type.go
@@ -0,0 +1,146 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// NotificationType the model 'NotificationType'
+type NotificationType string
+
+// List of NotificationType
+const (
+	NOTIFICATIONTYPE_AD_AGENT                       NotificationType = "AD_AGENT"
+	NOTIFICATIONTYPE_APP_IMPORT                     NotificationType = "APP_IMPORT"
+	NOTIFICATIONTYPE_CONNECTOR_AGENT                NotificationType = "CONNECTOR_AGENT"
+	NOTIFICATIONTYPE_IWA_AGENT                      NotificationType = "IWA_AGENT"
+	NOTIFICATIONTYPE_LDAP_AGENT                     NotificationType = "LDAP_AGENT"
+	NOTIFICATIONTYPE_OKTA_ANNOUNCEMENT              NotificationType = "OKTA_ANNOUNCEMENT"
+	NOTIFICATIONTYPE_OKTA_ISSUE                     NotificationType = "OKTA_ISSUE"
+	NOTIFICATIONTYPE_OKTA_UPDATE                    NotificationType = "OKTA_UPDATE"
+	NOTIFICATIONTYPE_RATELIMIT_NOTIFICATION         NotificationType = "RATELIMIT_NOTIFICATION"
+	NOTIFICATIONTYPE_REPORT_SUSPICIOUS_ACTIVITY     NotificationType = "REPORT_SUSPICIOUS_ACTIVITY"
+	NOTIFICATIONTYPE_USER_DEPROVISION               NotificationType = "USER_DEPROVISION"
+	NOTIFICATIONTYPE_USER_LOCKED_OUT                NotificationType = "USER_LOCKED_OUT"
+	NOTIFICATIONTYPE_AGENT_AUTO_UPDATE_NOTIFICATION NotificationType = "AGENT_AUTO_UPDATE_NOTIFICATION"
+)
+
+// All allowed values of NotificationType enum
+var AllowedNotificationTypeEnumValues = []NotificationType{
+	"AD_AGENT",
+	"APP_IMPORT",
+	"CONNECTOR_AGENT",
+	"IWA_AGENT",
+	"LDAP_AGENT",
+	"OKTA_ANNOUNCEMENT",
+	"OKTA_ISSUE",
+	"OKTA_UPDATE",
+	"RATELIMIT_NOTIFICATION",
+	"REPORT_SUSPICIOUS_ACTIVITY",
+	"USER_DEPROVISION",
+	"USER_LOCKED_OUT",
+	"AGENT_AUTO_UPDATE_NOTIFICATION",
+}
+
+func (v *NotificationType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := NotificationType(value)
+	for _, existing := range AllowedNotificationTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid NotificationType", value)
+}
+
+// NewNotificationTypeFromValue returns a pointer to a valid NotificationType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewNotificationTypeFromValue(v string) (*NotificationType, error) {
+	ev := NotificationType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for NotificationType: valid values are %v", v, AllowedNotificationTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v NotificationType) IsValid() bool {
+	for _, existing := range AllowedNotificationTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to NotificationType value
+func (v NotificationType) Ptr() *NotificationType {
+	return &v
+}
+
+type NullableNotificationType struct {
+	value *NotificationType
+	isSet bool
+}
+
+func (v NullableNotificationType) Get() *NotificationType {
+	return v.value
+}
+
+func (v *NullableNotificationType) Set(val *NotificationType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableNotificationType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableNotificationType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableNotificationType(val *NotificationType) *NullableNotificationType {
+	return &NullableNotificationType{value: val, isSet: true}
+}
+
+func (v NullableNotificationType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableNotificationType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_actor.go b/okta/model_o_auth2_actor.go
new file mode 100644
index 000000000..ce9f7ca86
--- /dev/null
+++ b/okta/model_o_auth2_actor.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuth2Actor struct for OAuth2Actor
+type OAuth2Actor struct {
+	Id                   *string `json:"id,omitempty"`
+	Type                 *string `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2Actor OAuth2Actor
+
+// NewOAuth2Actor instantiates a new OAuth2Actor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2Actor() *OAuth2Actor {
+	this := OAuth2Actor{}
+	return &this
+}
+
+// NewOAuth2ActorWithDefaults instantiates a new OAuth2Actor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ActorWithDefaults() *OAuth2Actor {
+	this := OAuth2Actor{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *OAuth2Actor) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Actor) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *OAuth2Actor) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *OAuth2Actor) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *OAuth2Actor) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Actor) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *OAuth2Actor) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *OAuth2Actor) SetType(v string) {
+	o.Type = &v
+}
+
+func (o OAuth2Actor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2Actor) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2Actor := _OAuth2Actor{}
+
+	err = json.Unmarshal(bytes, &varOAuth2Actor)
+	if err == nil {
+		*o = OAuth2Actor(varOAuth2Actor)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2Actor struct {
+	value *OAuth2Actor
+	isSet bool
+}
+
+func (v NullableOAuth2Actor) Get() *OAuth2Actor {
+	return v.value
+}
+
+func (v *NullableOAuth2Actor) Set(val *OAuth2Actor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2Actor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2Actor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2Actor(val *OAuth2Actor) *NullableOAuth2Actor {
+	return &NullableOAuth2Actor{value: val, isSet: true}
+}
+
+func (v NullableOAuth2Actor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2Actor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_claim.go b/okta/model_o_auth2_claim.go
new file mode 100644
index 000000000..d9ff3fcf0
--- /dev/null
+++ b/okta/model_o_auth2_claim.go
@@ -0,0 +1,528 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuth2Claim struct for OAuth2Claim
+type OAuth2Claim struct {
+	AlwaysIncludeInToken *bool                             `json:"alwaysIncludeInToken,omitempty"`
+	ClaimType            *OAuth2ClaimType                  `json:"claimType,omitempty"`
+	Conditions           *OAuth2ClaimConditions            `json:"conditions,omitempty"`
+	GroupFilterType      *OAuth2ClaimGroupFilterType       `json:"group_filter_type,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Status               *LifecycleStatus                  `json:"status,omitempty"`
+	System               *bool                             `json:"system,omitempty"`
+	Value                *string                           `json:"value,omitempty"`
+	ValueType            *OAuth2ClaimValueType             `json:"valueType,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2Claim OAuth2Claim
+
+// NewOAuth2Claim instantiates a new OAuth2Claim object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2Claim() *OAuth2Claim {
+	this := OAuth2Claim{}
+	return &this
+}
+
+// NewOAuth2ClaimWithDefaults instantiates a new OAuth2Claim object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ClaimWithDefaults() *OAuth2Claim {
+	this := OAuth2Claim{}
+	return &this
+}
+
+// GetAlwaysIncludeInToken returns the AlwaysIncludeInToken field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetAlwaysIncludeInToken() bool {
+	if o == nil || o.AlwaysIncludeInToken == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AlwaysIncludeInToken
+}
+
+// GetAlwaysIncludeInTokenOk returns a tuple with the AlwaysIncludeInToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetAlwaysIncludeInTokenOk() (*bool, bool) {
+	if o == nil || o.AlwaysIncludeInToken == nil {
+		return nil, false
+	}
+	return o.AlwaysIncludeInToken, true
+}
+
+// HasAlwaysIncludeInToken returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasAlwaysIncludeInToken() bool {
+	if o != nil && o.AlwaysIncludeInToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlwaysIncludeInToken gets a reference to the given bool and assigns it to the AlwaysIncludeInToken field.
+func (o *OAuth2Claim) SetAlwaysIncludeInToken(v bool) {
+	o.AlwaysIncludeInToken = &v
+}
+
+// GetClaimType returns the ClaimType field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetClaimType() OAuth2ClaimType {
+	if o == nil || o.ClaimType == nil {
+		var ret OAuth2ClaimType
+		return ret
+	}
+	return *o.ClaimType
+}
+
+// GetClaimTypeOk returns a tuple with the ClaimType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetClaimTypeOk() (*OAuth2ClaimType, bool) {
+	if o == nil || o.ClaimType == nil {
+		return nil, false
+	}
+	return o.ClaimType, true
+}
+
+// HasClaimType returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasClaimType() bool {
+	if o != nil && o.ClaimType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClaimType gets a reference to the given OAuth2ClaimType and assigns it to the ClaimType field.
+func (o *OAuth2Claim) SetClaimType(v OAuth2ClaimType) {
+	o.ClaimType = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetConditions() OAuth2ClaimConditions {
+	if o == nil || o.Conditions == nil {
+		var ret OAuth2ClaimConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetConditionsOk() (*OAuth2ClaimConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given OAuth2ClaimConditions and assigns it to the Conditions field.
+func (o *OAuth2Claim) SetConditions(v OAuth2ClaimConditions) {
+	o.Conditions = &v
+}
+
+// GetGroupFilterType returns the GroupFilterType field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetGroupFilterType() OAuth2ClaimGroupFilterType {
+	if o == nil || o.GroupFilterType == nil {
+		var ret OAuth2ClaimGroupFilterType
+		return ret
+	}
+	return *o.GroupFilterType
+}
+
+// GetGroupFilterTypeOk returns a tuple with the GroupFilterType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetGroupFilterTypeOk() (*OAuth2ClaimGroupFilterType, bool) {
+	if o == nil || o.GroupFilterType == nil {
+		return nil, false
+	}
+	return o.GroupFilterType, true
+}
+
+// HasGroupFilterType returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasGroupFilterType() bool {
+	if o != nil && o.GroupFilterType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroupFilterType gets a reference to the given OAuth2ClaimGroupFilterType and assigns it to the GroupFilterType field.
+func (o *OAuth2Claim) SetGroupFilterType(v OAuth2ClaimGroupFilterType) {
+	o.GroupFilterType = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *OAuth2Claim) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *OAuth2Claim) SetName(v string) {
+	o.Name = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *OAuth2Claim) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetSystem returns the System field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetSystem() bool {
+	if o == nil || o.System == nil {
+		var ret bool
+		return ret
+	}
+	return *o.System
+}
+
+// GetSystemOk returns a tuple with the System field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetSystemOk() (*bool, bool) {
+	if o == nil || o.System == nil {
+		return nil, false
+	}
+	return o.System, true
+}
+
+// HasSystem returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasSystem() bool {
+	if o != nil && o.System != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSystem gets a reference to the given bool and assigns it to the System field.
+func (o *OAuth2Claim) SetSystem(v bool) {
+	o.System = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *OAuth2Claim) SetValue(v string) {
+	o.Value = &v
+}
+
+// GetValueType returns the ValueType field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetValueType() OAuth2ClaimValueType {
+	if o == nil || o.ValueType == nil {
+		var ret OAuth2ClaimValueType
+		return ret
+	}
+	return *o.ValueType
+}
+
+// GetValueTypeOk returns a tuple with the ValueType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetValueTypeOk() (*OAuth2ClaimValueType, bool) {
+	if o == nil || o.ValueType == nil {
+		return nil, false
+	}
+	return o.ValueType, true
+}
+
+// HasValueType returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasValueType() bool {
+	if o != nil && o.ValueType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValueType gets a reference to the given OAuth2ClaimValueType and assigns it to the ValueType field.
+func (o *OAuth2Claim) SetValueType(v OAuth2ClaimValueType) {
+	o.ValueType = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OAuth2Claim) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Claim) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OAuth2Claim) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OAuth2Claim) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OAuth2Claim) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AlwaysIncludeInToken != nil {
+		toSerialize["alwaysIncludeInToken"] = o.AlwaysIncludeInToken
+	}
+	if o.ClaimType != nil {
+		toSerialize["claimType"] = o.ClaimType
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.GroupFilterType != nil {
+		toSerialize["group_filter_type"] = o.GroupFilterType
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.System != nil {
+		toSerialize["system"] = o.System
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+	if o.ValueType != nil {
+		toSerialize["valueType"] = o.ValueType
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2Claim) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2Claim := _OAuth2Claim{}
+
+	err = json.Unmarshal(bytes, &varOAuth2Claim)
+	if err == nil {
+		*o = OAuth2Claim(varOAuth2Claim)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "alwaysIncludeInToken")
+		delete(additionalProperties, "claimType")
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "group_filter_type")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "system")
+		delete(additionalProperties, "value")
+		delete(additionalProperties, "valueType")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2Claim struct {
+	value *OAuth2Claim
+	isSet bool
+}
+
+func (v NullableOAuth2Claim) Get() *OAuth2Claim {
+	return v.value
+}
+
+func (v *NullableOAuth2Claim) Set(val *OAuth2Claim) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2Claim) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2Claim) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2Claim(val *OAuth2Claim) *NullableOAuth2Claim {
+	return &NullableOAuth2Claim{value: val, isSet: true}
+}
+
+func (v NullableOAuth2Claim) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2Claim) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_claim_conditions.go b/okta/model_o_auth2_claim_conditions.go
new file mode 100644
index 000000000..3512fcf0a
--- /dev/null
+++ b/okta/model_o_auth2_claim_conditions.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuth2ClaimConditions struct for OAuth2ClaimConditions
+type OAuth2ClaimConditions struct {
+	Scopes               []string `json:"scopes,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2ClaimConditions OAuth2ClaimConditions
+
+// NewOAuth2ClaimConditions instantiates a new OAuth2ClaimConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2ClaimConditions() *OAuth2ClaimConditions {
+	this := OAuth2ClaimConditions{}
+	return &this
+}
+
+// NewOAuth2ClaimConditionsWithDefaults instantiates a new OAuth2ClaimConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ClaimConditionsWithDefaults() *OAuth2ClaimConditions {
+	this := OAuth2ClaimConditions{}
+	return &this
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *OAuth2ClaimConditions) GetScopes() []string {
+	if o == nil || o.Scopes == nil {
+		var ret []string
+		return ret
+	}
+	return o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ClaimConditions) GetScopesOk() ([]string, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *OAuth2ClaimConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given []string and assigns it to the Scopes field.
+func (o *OAuth2ClaimConditions) SetScopes(v []string) {
+	o.Scopes = v
+}
+
+func (o OAuth2ClaimConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2ClaimConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2ClaimConditions := _OAuth2ClaimConditions{}
+
+	err = json.Unmarshal(bytes, &varOAuth2ClaimConditions)
+	if err == nil {
+		*o = OAuth2ClaimConditions(varOAuth2ClaimConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "scopes")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2ClaimConditions struct {
+	value *OAuth2ClaimConditions
+	isSet bool
+}
+
+func (v NullableOAuth2ClaimConditions) Get() *OAuth2ClaimConditions {
+	return v.value
+}
+
+func (v *NullableOAuth2ClaimConditions) Set(val *OAuth2ClaimConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ClaimConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ClaimConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ClaimConditions(val *OAuth2ClaimConditions) *NullableOAuth2ClaimConditions {
+	return &NullableOAuth2ClaimConditions{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ClaimConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ClaimConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_claim_group_filter_type.go b/okta/model_o_auth2_claim_group_filter_type.go
new file mode 100644
index 000000000..2fd62c01b
--- /dev/null
+++ b/okta/model_o_auth2_claim_group_filter_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuth2ClaimGroupFilterType the model 'OAuth2ClaimGroupFilterType'
+type OAuth2ClaimGroupFilterType string
+
+// List of OAuth2ClaimGroupFilterType
+const (
+	OAUTH2CLAIMGROUPFILTERTYPE_CONTAINS    OAuth2ClaimGroupFilterType = "CONTAINS"
+	OAUTH2CLAIMGROUPFILTERTYPE_EQUALS      OAuth2ClaimGroupFilterType = "EQUALS"
+	OAUTH2CLAIMGROUPFILTERTYPE_REGEX       OAuth2ClaimGroupFilterType = "REGEX"
+	OAUTH2CLAIMGROUPFILTERTYPE_STARTS_WITH OAuth2ClaimGroupFilterType = "STARTS_WITH"
+)
+
+// All allowed values of OAuth2ClaimGroupFilterType enum
+var AllowedOAuth2ClaimGroupFilterTypeEnumValues = []OAuth2ClaimGroupFilterType{
+	"CONTAINS",
+	"EQUALS",
+	"REGEX",
+	"STARTS_WITH",
+}
+
+func (v *OAuth2ClaimGroupFilterType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuth2ClaimGroupFilterType(value)
+	for _, existing := range AllowedOAuth2ClaimGroupFilterTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuth2ClaimGroupFilterType", value)
+}
+
+// NewOAuth2ClaimGroupFilterTypeFromValue returns a pointer to a valid OAuth2ClaimGroupFilterType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuth2ClaimGroupFilterTypeFromValue(v string) (*OAuth2ClaimGroupFilterType, error) {
+	ev := OAuth2ClaimGroupFilterType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuth2ClaimGroupFilterType: valid values are %v", v, AllowedOAuth2ClaimGroupFilterTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuth2ClaimGroupFilterType) IsValid() bool {
+	for _, existing := range AllowedOAuth2ClaimGroupFilterTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuth2ClaimGroupFilterType value
+func (v OAuth2ClaimGroupFilterType) Ptr() *OAuth2ClaimGroupFilterType {
+	return &v
+}
+
+type NullableOAuth2ClaimGroupFilterType struct {
+	value *OAuth2ClaimGroupFilterType
+	isSet bool
+}
+
+func (v NullableOAuth2ClaimGroupFilterType) Get() *OAuth2ClaimGroupFilterType {
+	return v.value
+}
+
+func (v *NullableOAuth2ClaimGroupFilterType) Set(val *OAuth2ClaimGroupFilterType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ClaimGroupFilterType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ClaimGroupFilterType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ClaimGroupFilterType(val *OAuth2ClaimGroupFilterType) *NullableOAuth2ClaimGroupFilterType {
+	return &NullableOAuth2ClaimGroupFilterType{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ClaimGroupFilterType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ClaimGroupFilterType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_claim_type.go b/okta/model_o_auth2_claim_type.go
new file mode 100644
index 000000000..6ff18852a
--- /dev/null
+++ b/okta/model_o_auth2_claim_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuth2ClaimType the model 'OAuth2ClaimType'
+type OAuth2ClaimType string
+
+// List of OAuth2ClaimType
+const (
+	OAUTH2CLAIMTYPE_IDENTITY OAuth2ClaimType = "IDENTITY"
+	OAUTH2CLAIMTYPE_RESOURCE OAuth2ClaimType = "RESOURCE"
+)
+
+// All allowed values of OAuth2ClaimType enum
+var AllowedOAuth2ClaimTypeEnumValues = []OAuth2ClaimType{
+	"IDENTITY",
+	"RESOURCE",
+}
+
+func (v *OAuth2ClaimType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuth2ClaimType(value)
+	for _, existing := range AllowedOAuth2ClaimTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuth2ClaimType", value)
+}
+
+// NewOAuth2ClaimTypeFromValue returns a pointer to a valid OAuth2ClaimType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuth2ClaimTypeFromValue(v string) (*OAuth2ClaimType, error) {
+	ev := OAuth2ClaimType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuth2ClaimType: valid values are %v", v, AllowedOAuth2ClaimTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuth2ClaimType) IsValid() bool {
+	for _, existing := range AllowedOAuth2ClaimTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuth2ClaimType value
+func (v OAuth2ClaimType) Ptr() *OAuth2ClaimType {
+	return &v
+}
+
+type NullableOAuth2ClaimType struct {
+	value *OAuth2ClaimType
+	isSet bool
+}
+
+func (v NullableOAuth2ClaimType) Get() *OAuth2ClaimType {
+	return v.value
+}
+
+func (v *NullableOAuth2ClaimType) Set(val *OAuth2ClaimType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ClaimType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ClaimType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ClaimType(val *OAuth2ClaimType) *NullableOAuth2ClaimType {
+	return &NullableOAuth2ClaimType{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ClaimType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ClaimType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_claim_value_type.go b/okta/model_o_auth2_claim_value_type.go
new file mode 100644
index 000000000..a13182dd6
--- /dev/null
+++ b/okta/model_o_auth2_claim_value_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuth2ClaimValueType the model 'OAuth2ClaimValueType'
+type OAuth2ClaimValueType string
+
+// List of OAuth2ClaimValueType
+const (
+	OAUTH2CLAIMVALUETYPE_EXPRESSION OAuth2ClaimValueType = "EXPRESSION"
+	OAUTH2CLAIMVALUETYPE_GROUPS     OAuth2ClaimValueType = "GROUPS"
+	OAUTH2CLAIMVALUETYPE_SYSTEM     OAuth2ClaimValueType = "SYSTEM"
+)
+
+// All allowed values of OAuth2ClaimValueType enum
+var AllowedOAuth2ClaimValueTypeEnumValues = []OAuth2ClaimValueType{
+	"EXPRESSION",
+	"GROUPS",
+	"SYSTEM",
+}
+
+func (v *OAuth2ClaimValueType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuth2ClaimValueType(value)
+	for _, existing := range AllowedOAuth2ClaimValueTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuth2ClaimValueType", value)
+}
+
+// NewOAuth2ClaimValueTypeFromValue returns a pointer to a valid OAuth2ClaimValueType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuth2ClaimValueTypeFromValue(v string) (*OAuth2ClaimValueType, error) {
+	ev := OAuth2ClaimValueType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuth2ClaimValueType: valid values are %v", v, AllowedOAuth2ClaimValueTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuth2ClaimValueType) IsValid() bool {
+	for _, existing := range AllowedOAuth2ClaimValueTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuth2ClaimValueType value
+func (v OAuth2ClaimValueType) Ptr() *OAuth2ClaimValueType {
+	return &v
+}
+
+type NullableOAuth2ClaimValueType struct {
+	value *OAuth2ClaimValueType
+	isSet bool
+}
+
+func (v NullableOAuth2ClaimValueType) Get() *OAuth2ClaimValueType {
+	return v.value
+}
+
+func (v *NullableOAuth2ClaimValueType) Set(val *OAuth2ClaimValueType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ClaimValueType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ClaimValueType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ClaimValueType(val *OAuth2ClaimValueType) *NullableOAuth2ClaimValueType {
+	return &NullableOAuth2ClaimValueType{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ClaimValueType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ClaimValueType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_client.go b/okta/model_o_auth2_client.go
new file mode 100644
index 000000000..edc527d54
--- /dev/null
+++ b/okta/model_o_auth2_client.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuth2Client struct for OAuth2Client
+type OAuth2Client struct {
+	ClientId             *string                           `json:"client_id,omitempty"`
+	ClientName           *string                           `json:"client_name,omitempty"`
+	ClientUri            *string                           `json:"client_uri,omitempty"`
+	LogoUri              *string                           `json:"logo_uri,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2Client OAuth2Client
+
+// NewOAuth2Client instantiates a new OAuth2Client object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2Client() *OAuth2Client {
+	this := OAuth2Client{}
+	return &this
+}
+
+// NewOAuth2ClientWithDefaults instantiates a new OAuth2Client object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ClientWithDefaults() *OAuth2Client {
+	this := OAuth2Client{}
+	return &this
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *OAuth2Client) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetClientName returns the ClientName field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientName() string {
+	if o == nil || o.ClientName == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientName
+}
+
+// GetClientNameOk returns a tuple with the ClientName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientNameOk() (*string, bool) {
+	if o == nil || o.ClientName == nil {
+		return nil, false
+	}
+	return o.ClientName, true
+}
+
+// HasClientName returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientName() bool {
+	if o != nil && o.ClientName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientName gets a reference to the given string and assigns it to the ClientName field.
+func (o *OAuth2Client) SetClientName(v string) {
+	o.ClientName = &v
+}
+
+// GetClientUri returns the ClientUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetClientUri() string {
+	if o == nil || o.ClientUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientUri
+}
+
+// GetClientUriOk returns a tuple with the ClientUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetClientUriOk() (*string, bool) {
+	if o == nil || o.ClientUri == nil {
+		return nil, false
+	}
+	return o.ClientUri, true
+}
+
+// HasClientUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasClientUri() bool {
+	if o != nil && o.ClientUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientUri gets a reference to the given string and assigns it to the ClientUri field.
+func (o *OAuth2Client) SetClientUri(v string) {
+	o.ClientUri = &v
+}
+
+// GetLogoUri returns the LogoUri field value if set, zero value otherwise.
+func (o *OAuth2Client) GetLogoUri() string {
+	if o == nil || o.LogoUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.LogoUri
+}
+
+// GetLogoUriOk returns a tuple with the LogoUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetLogoUriOk() (*string, bool) {
+	if o == nil || o.LogoUri == nil {
+		return nil, false
+	}
+	return o.LogoUri, true
+}
+
+// HasLogoUri returns a boolean if a field has been set.
+func (o *OAuth2Client) HasLogoUri() bool {
+	if o != nil && o.LogoUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogoUri gets a reference to the given string and assigns it to the LogoUri field.
+func (o *OAuth2Client) SetLogoUri(v string) {
+	o.LogoUri = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OAuth2Client) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OAuth2Client) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OAuth2Client) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OAuth2Client) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ClientId != nil {
+		toSerialize["client_id"] = o.ClientId
+	}
+	if o.ClientName != nil {
+		toSerialize["client_name"] = o.ClientName
+	}
+	if o.ClientUri != nil {
+		toSerialize["client_uri"] = o.ClientUri
+	}
+	if o.LogoUri != nil {
+		toSerialize["logo_uri"] = o.LogoUri
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2Client) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2Client := _OAuth2Client{}
+
+	err = json.Unmarshal(bytes, &varOAuth2Client)
+	if err == nil {
+		*o = OAuth2Client(varOAuth2Client)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "client_id")
+		delete(additionalProperties, "client_name")
+		delete(additionalProperties, "client_uri")
+		delete(additionalProperties, "logo_uri")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2Client struct {
+	value *OAuth2Client
+	isSet bool
+}
+
+func (v NullableOAuth2Client) Get() *OAuth2Client {
+	return v.value
+}
+
+func (v *NullableOAuth2Client) Set(val *OAuth2Client) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2Client) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2Client) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2Client(val *OAuth2Client) *NullableOAuth2Client {
+	return &NullableOAuth2Client{value: val, isSet: true}
+}
+
+func (v NullableOAuth2Client) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2Client) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_refresh_token.go b/okta/model_o_auth2_refresh_token.go
new file mode 100644
index 000000000..1606d5f91
--- /dev/null
+++ b/okta/model_o_auth2_refresh_token.go
@@ -0,0 +1,566 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// OAuth2RefreshToken struct for OAuth2RefreshToken
+type OAuth2RefreshToken struct {
+	ClientId             *string                           `json:"clientId,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	CreatedBy            *OAuth2Actor                      `json:"createdBy,omitempty"`
+	ExpiresAt            *time.Time                        `json:"expiresAt,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Issuer               *string                           `json:"issuer,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Scopes               []string                          `json:"scopes,omitempty"`
+	Status               *GrantOrTokenStatus               `json:"status,omitempty"`
+	UserId               *string                           `json:"userId,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2RefreshToken OAuth2RefreshToken
+
+// NewOAuth2RefreshToken instantiates a new OAuth2RefreshToken object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2RefreshToken() *OAuth2RefreshToken {
+	this := OAuth2RefreshToken{}
+	return &this
+}
+
+// NewOAuth2RefreshTokenWithDefaults instantiates a new OAuth2RefreshToken object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2RefreshTokenWithDefaults() *OAuth2RefreshToken {
+	this := OAuth2RefreshToken{}
+	return &this
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *OAuth2RefreshToken) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *OAuth2RefreshToken) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCreatedBy returns the CreatedBy field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetCreatedBy() OAuth2Actor {
+	if o == nil || o.CreatedBy == nil {
+		var ret OAuth2Actor
+		return ret
+	}
+	return *o.CreatedBy
+}
+
+// GetCreatedByOk returns a tuple with the CreatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetCreatedByOk() (*OAuth2Actor, bool) {
+	if o == nil || o.CreatedBy == nil {
+		return nil, false
+	}
+	return o.CreatedBy, true
+}
+
+// HasCreatedBy returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasCreatedBy() bool {
+	if o != nil && o.CreatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedBy gets a reference to the given OAuth2Actor and assigns it to the CreatedBy field.
+func (o *OAuth2RefreshToken) SetCreatedBy(v OAuth2Actor) {
+	o.CreatedBy = &v
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *OAuth2RefreshToken) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *OAuth2RefreshToken) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetIssuer() string {
+	if o == nil || o.Issuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetIssuerOk() (*string, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given string and assigns it to the Issuer field.
+func (o *OAuth2RefreshToken) SetIssuer(v string) {
+	o.Issuer = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *OAuth2RefreshToken) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetScopes() []string {
+	if o == nil || o.Scopes == nil {
+		var ret []string
+		return ret
+	}
+	return o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetScopesOk() ([]string, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given []string and assigns it to the Scopes field.
+func (o *OAuth2RefreshToken) SetScopes(v []string) {
+	o.Scopes = v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetStatus() GrantOrTokenStatus {
+	if o == nil || o.Status == nil {
+		var ret GrantOrTokenStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetStatusOk() (*GrantOrTokenStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given GrantOrTokenStatus and assigns it to the Status field.
+func (o *OAuth2RefreshToken) SetStatus(v GrantOrTokenStatus) {
+	o.Status = &v
+}
+
+// GetUserId returns the UserId field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetUserId() string {
+	if o == nil || o.UserId == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserId
+}
+
+// GetUserIdOk returns a tuple with the UserId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetUserIdOk() (*string, bool) {
+	if o == nil || o.UserId == nil {
+		return nil, false
+	}
+	return o.UserId, true
+}
+
+// HasUserId returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasUserId() bool {
+	if o != nil && o.UserId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserId gets a reference to the given string and assigns it to the UserId field.
+func (o *OAuth2RefreshToken) SetUserId(v string) {
+	o.UserId = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *OAuth2RefreshToken) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OAuth2RefreshToken) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2RefreshToken) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OAuth2RefreshToken) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OAuth2RefreshToken) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OAuth2RefreshToken) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ClientId != nil {
+		toSerialize["clientId"] = o.ClientId
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.CreatedBy != nil {
+		toSerialize["createdBy"] = o.CreatedBy
+	}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.UserId != nil {
+		toSerialize["userId"] = o.UserId
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2RefreshToken) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2RefreshToken := _OAuth2RefreshToken{}
+
+	err = json.Unmarshal(bytes, &varOAuth2RefreshToken)
+	if err == nil {
+		*o = OAuth2RefreshToken(varOAuth2RefreshToken)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "clientId")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "createdBy")
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "issuer")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "userId")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2RefreshToken struct {
+	value *OAuth2RefreshToken
+	isSet bool
+}
+
+func (v NullableOAuth2RefreshToken) Get() *OAuth2RefreshToken {
+	return v.value
+}
+
+func (v *NullableOAuth2RefreshToken) Set(val *OAuth2RefreshToken) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2RefreshToken) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2RefreshToken) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2RefreshToken(val *OAuth2RefreshToken) *NullableOAuth2RefreshToken {
+	return &NullableOAuth2RefreshToken{value: val, isSet: true}
+}
+
+func (v NullableOAuth2RefreshToken) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2RefreshToken) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_scope.go b/okta/model_o_auth2_scope.go
new file mode 100644
index 000000000..84dfc09a2
--- /dev/null
+++ b/okta/model_o_auth2_scope.go
@@ -0,0 +1,417 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuth2Scope struct for OAuth2Scope
+type OAuth2Scope struct {
+	Consent              *OAuth2ScopeConsentType     `json:"consent,omitempty"`
+	Default              *bool                       `json:"default,omitempty"`
+	Description          *string                     `json:"description,omitempty"`
+	DisplayName          *string                     `json:"displayName,omitempty"`
+	Id                   *string                     `json:"id,omitempty"`
+	MetadataPublish      *OAuth2ScopeMetadataPublish `json:"metadataPublish,omitempty"`
+	Name                 *string                     `json:"name,omitempty"`
+	System               *bool                       `json:"system,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2Scope OAuth2Scope
+
+// NewOAuth2Scope instantiates a new OAuth2Scope object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2Scope() *OAuth2Scope {
+	this := OAuth2Scope{}
+	return &this
+}
+
+// NewOAuth2ScopeWithDefaults instantiates a new OAuth2Scope object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ScopeWithDefaults() *OAuth2Scope {
+	this := OAuth2Scope{}
+	return &this
+}
+
+// GetConsent returns the Consent field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetConsent() OAuth2ScopeConsentType {
+	if o == nil || o.Consent == nil {
+		var ret OAuth2ScopeConsentType
+		return ret
+	}
+	return *o.Consent
+}
+
+// GetConsentOk returns a tuple with the Consent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetConsentOk() (*OAuth2ScopeConsentType, bool) {
+	if o == nil || o.Consent == nil {
+		return nil, false
+	}
+	return o.Consent, true
+}
+
+// HasConsent returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasConsent() bool {
+	if o != nil && o.Consent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConsent gets a reference to the given OAuth2ScopeConsentType and assigns it to the Consent field.
+func (o *OAuth2Scope) SetConsent(v OAuth2ScopeConsentType) {
+	o.Consent = &v
+}
+
+// GetDefault returns the Default field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetDefault() bool {
+	if o == nil || o.Default == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Default
+}
+
+// GetDefaultOk returns a tuple with the Default field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetDefaultOk() (*bool, bool) {
+	if o == nil || o.Default == nil {
+		return nil, false
+	}
+	return o.Default, true
+}
+
+// HasDefault returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasDefault() bool {
+	if o != nil && o.Default != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefault gets a reference to the given bool and assigns it to the Default field.
+func (o *OAuth2Scope) SetDefault(v bool) {
+	o.Default = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *OAuth2Scope) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *OAuth2Scope) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *OAuth2Scope) SetId(v string) {
+	o.Id = &v
+}
+
+// GetMetadataPublish returns the MetadataPublish field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetMetadataPublish() OAuth2ScopeMetadataPublish {
+	if o == nil || o.MetadataPublish == nil {
+		var ret OAuth2ScopeMetadataPublish
+		return ret
+	}
+	return *o.MetadataPublish
+}
+
+// GetMetadataPublishOk returns a tuple with the MetadataPublish field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetMetadataPublishOk() (*OAuth2ScopeMetadataPublish, bool) {
+	if o == nil || o.MetadataPublish == nil {
+		return nil, false
+	}
+	return o.MetadataPublish, true
+}
+
+// HasMetadataPublish returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasMetadataPublish() bool {
+	if o != nil && o.MetadataPublish != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMetadataPublish gets a reference to the given OAuth2ScopeMetadataPublish and assigns it to the MetadataPublish field.
+func (o *OAuth2Scope) SetMetadataPublish(v OAuth2ScopeMetadataPublish) {
+	o.MetadataPublish = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *OAuth2Scope) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSystem returns the System field value if set, zero value otherwise.
+func (o *OAuth2Scope) GetSystem() bool {
+	if o == nil || o.System == nil {
+		var ret bool
+		return ret
+	}
+	return *o.System
+}
+
+// GetSystemOk returns a tuple with the System field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Scope) GetSystemOk() (*bool, bool) {
+	if o == nil || o.System == nil {
+		return nil, false
+	}
+	return o.System, true
+}
+
+// HasSystem returns a boolean if a field has been set.
+func (o *OAuth2Scope) HasSystem() bool {
+	if o != nil && o.System != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSystem gets a reference to the given bool and assigns it to the System field.
+func (o *OAuth2Scope) SetSystem(v bool) {
+	o.System = &v
+}
+
+func (o OAuth2Scope) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Consent != nil {
+		toSerialize["consent"] = o.Consent
+	}
+	if o.Default != nil {
+		toSerialize["default"] = o.Default
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.MetadataPublish != nil {
+		toSerialize["metadataPublish"] = o.MetadataPublish
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.System != nil {
+		toSerialize["system"] = o.System
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2Scope) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2Scope := _OAuth2Scope{}
+
+	err = json.Unmarshal(bytes, &varOAuth2Scope)
+	if err == nil {
+		*o = OAuth2Scope(varOAuth2Scope)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "consent")
+		delete(additionalProperties, "default")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "metadataPublish")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "system")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2Scope struct {
+	value *OAuth2Scope
+	isSet bool
+}
+
+func (v NullableOAuth2Scope) Get() *OAuth2Scope {
+	return v.value
+}
+
+func (v *NullableOAuth2Scope) Set(val *OAuth2Scope) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2Scope) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2Scope) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2Scope(val *OAuth2Scope) *NullableOAuth2Scope {
+	return &NullableOAuth2Scope{value: val, isSet: true}
+}
+
+func (v NullableOAuth2Scope) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2Scope) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_scope_consent_grant.go b/okta/model_o_auth2_scope_consent_grant.go
new file mode 100644
index 000000000..876d02383
--- /dev/null
+++ b/okta/model_o_auth2_scope_consent_grant.go
@@ -0,0 +1,566 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// OAuth2ScopeConsentGrant struct for OAuth2ScopeConsentGrant
+type OAuth2ScopeConsentGrant struct {
+	ClientId             *string                           `json:"clientId,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	CreatedBy            *OAuth2Actor                      `json:"createdBy,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Issuer               *string                           `json:"issuer,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	ScopeId              *string                           `json:"scopeId,omitempty"`
+	Source               *OAuth2ScopeConsentGrantSource    `json:"source,omitempty"`
+	Status               *GrantOrTokenStatus               `json:"status,omitempty"`
+	UserId               *string                           `json:"userId,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2ScopeConsentGrant OAuth2ScopeConsentGrant
+
+// NewOAuth2ScopeConsentGrant instantiates a new OAuth2ScopeConsentGrant object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2ScopeConsentGrant() *OAuth2ScopeConsentGrant {
+	this := OAuth2ScopeConsentGrant{}
+	return &this
+}
+
+// NewOAuth2ScopeConsentGrantWithDefaults instantiates a new OAuth2ScopeConsentGrant object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ScopeConsentGrantWithDefaults() *OAuth2ScopeConsentGrant {
+	this := OAuth2ScopeConsentGrant{}
+	return &this
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *OAuth2ScopeConsentGrant) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *OAuth2ScopeConsentGrant) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCreatedBy returns the CreatedBy field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetCreatedBy() OAuth2Actor {
+	if o == nil || o.CreatedBy == nil {
+		var ret OAuth2Actor
+		return ret
+	}
+	return *o.CreatedBy
+}
+
+// GetCreatedByOk returns a tuple with the CreatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetCreatedByOk() (*OAuth2Actor, bool) {
+	if o == nil || o.CreatedBy == nil {
+		return nil, false
+	}
+	return o.CreatedBy, true
+}
+
+// HasCreatedBy returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasCreatedBy() bool {
+	if o != nil && o.CreatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedBy gets a reference to the given OAuth2Actor and assigns it to the CreatedBy field.
+func (o *OAuth2ScopeConsentGrant) SetCreatedBy(v OAuth2Actor) {
+	o.CreatedBy = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *OAuth2ScopeConsentGrant) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetIssuer() string {
+	if o == nil || o.Issuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetIssuerOk() (*string, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given string and assigns it to the Issuer field.
+func (o *OAuth2ScopeConsentGrant) SetIssuer(v string) {
+	o.Issuer = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *OAuth2ScopeConsentGrant) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetScopeId returns the ScopeId field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetScopeId() string {
+	if o == nil || o.ScopeId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ScopeId
+}
+
+// GetScopeIdOk returns a tuple with the ScopeId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetScopeIdOk() (*string, bool) {
+	if o == nil || o.ScopeId == nil {
+		return nil, false
+	}
+	return o.ScopeId, true
+}
+
+// HasScopeId returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasScopeId() bool {
+	if o != nil && o.ScopeId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopeId gets a reference to the given string and assigns it to the ScopeId field.
+func (o *OAuth2ScopeConsentGrant) SetScopeId(v string) {
+	o.ScopeId = &v
+}
+
+// GetSource returns the Source field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetSource() OAuth2ScopeConsentGrantSource {
+	if o == nil || o.Source == nil {
+		var ret OAuth2ScopeConsentGrantSource
+		return ret
+	}
+	return *o.Source
+}
+
+// GetSourceOk returns a tuple with the Source field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetSourceOk() (*OAuth2ScopeConsentGrantSource, bool) {
+	if o == nil || o.Source == nil {
+		return nil, false
+	}
+	return o.Source, true
+}
+
+// HasSource returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasSource() bool {
+	if o != nil && o.Source != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSource gets a reference to the given OAuth2ScopeConsentGrantSource and assigns it to the Source field.
+func (o *OAuth2ScopeConsentGrant) SetSource(v OAuth2ScopeConsentGrantSource) {
+	o.Source = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetStatus() GrantOrTokenStatus {
+	if o == nil || o.Status == nil {
+		var ret GrantOrTokenStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetStatusOk() (*GrantOrTokenStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given GrantOrTokenStatus and assigns it to the Status field.
+func (o *OAuth2ScopeConsentGrant) SetStatus(v GrantOrTokenStatus) {
+	o.Status = &v
+}
+
+// GetUserId returns the UserId field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetUserId() string {
+	if o == nil || o.UserId == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserId
+}
+
+// GetUserIdOk returns a tuple with the UserId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetUserIdOk() (*string, bool) {
+	if o == nil || o.UserId == nil {
+		return nil, false
+	}
+	return o.UserId, true
+}
+
+// HasUserId returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasUserId() bool {
+	if o != nil && o.UserId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserId gets a reference to the given string and assigns it to the UserId field.
+func (o *OAuth2ScopeConsentGrant) SetUserId(v string) {
+	o.UserId = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *OAuth2ScopeConsentGrant) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OAuth2ScopeConsentGrant) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopeConsentGrant) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OAuth2ScopeConsentGrant) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OAuth2ScopeConsentGrant) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OAuth2ScopeConsentGrant) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ClientId != nil {
+		toSerialize["clientId"] = o.ClientId
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.CreatedBy != nil {
+		toSerialize["createdBy"] = o.CreatedBy
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.ScopeId != nil {
+		toSerialize["scopeId"] = o.ScopeId
+	}
+	if o.Source != nil {
+		toSerialize["source"] = o.Source
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.UserId != nil {
+		toSerialize["userId"] = o.UserId
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2ScopeConsentGrant) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2ScopeConsentGrant := _OAuth2ScopeConsentGrant{}
+
+	err = json.Unmarshal(bytes, &varOAuth2ScopeConsentGrant)
+	if err == nil {
+		*o = OAuth2ScopeConsentGrant(varOAuth2ScopeConsentGrant)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "clientId")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "createdBy")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "issuer")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "scopeId")
+		delete(additionalProperties, "source")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "userId")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2ScopeConsentGrant struct {
+	value *OAuth2ScopeConsentGrant
+	isSet bool
+}
+
+func (v NullableOAuth2ScopeConsentGrant) Get() *OAuth2ScopeConsentGrant {
+	return v.value
+}
+
+func (v *NullableOAuth2ScopeConsentGrant) Set(val *OAuth2ScopeConsentGrant) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ScopeConsentGrant) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ScopeConsentGrant) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ScopeConsentGrant(val *OAuth2ScopeConsentGrant) *NullableOAuth2ScopeConsentGrant {
+	return &NullableOAuth2ScopeConsentGrant{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ScopeConsentGrant) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ScopeConsentGrant) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_scope_consent_grant_source.go b/okta/model_o_auth2_scope_consent_grant_source.go
new file mode 100644
index 000000000..36f95e169
--- /dev/null
+++ b/okta/model_o_auth2_scope_consent_grant_source.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuth2ScopeConsentGrantSource the model 'OAuth2ScopeConsentGrantSource'
+type OAuth2ScopeConsentGrantSource string
+
+// List of OAuth2ScopeConsentGrantSource
+const (
+	OAUTH2SCOPECONSENTGRANTSOURCE_ADMIN    OAuth2ScopeConsentGrantSource = "ADMIN"
+	OAUTH2SCOPECONSENTGRANTSOURCE_END_USER OAuth2ScopeConsentGrantSource = "END_USER"
+)
+
+// All allowed values of OAuth2ScopeConsentGrantSource enum
+var AllowedOAuth2ScopeConsentGrantSourceEnumValues = []OAuth2ScopeConsentGrantSource{
+	"ADMIN",
+	"END_USER",
+}
+
+func (v *OAuth2ScopeConsentGrantSource) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuth2ScopeConsentGrantSource(value)
+	for _, existing := range AllowedOAuth2ScopeConsentGrantSourceEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuth2ScopeConsentGrantSource", value)
+}
+
+// NewOAuth2ScopeConsentGrantSourceFromValue returns a pointer to a valid OAuth2ScopeConsentGrantSource
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuth2ScopeConsentGrantSourceFromValue(v string) (*OAuth2ScopeConsentGrantSource, error) {
+	ev := OAuth2ScopeConsentGrantSource(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuth2ScopeConsentGrantSource: valid values are %v", v, AllowedOAuth2ScopeConsentGrantSourceEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuth2ScopeConsentGrantSource) IsValid() bool {
+	for _, existing := range AllowedOAuth2ScopeConsentGrantSourceEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuth2ScopeConsentGrantSource value
+func (v OAuth2ScopeConsentGrantSource) Ptr() *OAuth2ScopeConsentGrantSource {
+	return &v
+}
+
+type NullableOAuth2ScopeConsentGrantSource struct {
+	value *OAuth2ScopeConsentGrantSource
+	isSet bool
+}
+
+func (v NullableOAuth2ScopeConsentGrantSource) Get() *OAuth2ScopeConsentGrantSource {
+	return v.value
+}
+
+func (v *NullableOAuth2ScopeConsentGrantSource) Set(val *OAuth2ScopeConsentGrantSource) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ScopeConsentGrantSource) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ScopeConsentGrantSource) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ScopeConsentGrantSource(val *OAuth2ScopeConsentGrantSource) *NullableOAuth2ScopeConsentGrantSource {
+	return &NullableOAuth2ScopeConsentGrantSource{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ScopeConsentGrantSource) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ScopeConsentGrantSource) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_scope_consent_type.go b/okta/model_o_auth2_scope_consent_type.go
new file mode 100644
index 000000000..81a19a995
--- /dev/null
+++ b/okta/model_o_auth2_scope_consent_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuth2ScopeConsentType the model 'OAuth2ScopeConsentType'
+type OAuth2ScopeConsentType string
+
+// List of OAuth2ScopeConsentType
+const (
+	OAUTH2SCOPECONSENTTYPE_ADMIN    OAuth2ScopeConsentType = "ADMIN"
+	OAUTH2SCOPECONSENTTYPE_IMPLICIT OAuth2ScopeConsentType = "IMPLICIT"
+	OAUTH2SCOPECONSENTTYPE_REQUIRED OAuth2ScopeConsentType = "REQUIRED"
+)
+
+// All allowed values of OAuth2ScopeConsentType enum
+var AllowedOAuth2ScopeConsentTypeEnumValues = []OAuth2ScopeConsentType{
+	"ADMIN",
+	"IMPLICIT",
+	"REQUIRED",
+}
+
+func (v *OAuth2ScopeConsentType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuth2ScopeConsentType(value)
+	for _, existing := range AllowedOAuth2ScopeConsentTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuth2ScopeConsentType", value)
+}
+
+// NewOAuth2ScopeConsentTypeFromValue returns a pointer to a valid OAuth2ScopeConsentType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuth2ScopeConsentTypeFromValue(v string) (*OAuth2ScopeConsentType, error) {
+	ev := OAuth2ScopeConsentType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuth2ScopeConsentType: valid values are %v", v, AllowedOAuth2ScopeConsentTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuth2ScopeConsentType) IsValid() bool {
+	for _, existing := range AllowedOAuth2ScopeConsentTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuth2ScopeConsentType value
+func (v OAuth2ScopeConsentType) Ptr() *OAuth2ScopeConsentType {
+	return &v
+}
+
+type NullableOAuth2ScopeConsentType struct {
+	value *OAuth2ScopeConsentType
+	isSet bool
+}
+
+func (v NullableOAuth2ScopeConsentType) Get() *OAuth2ScopeConsentType {
+	return v.value
+}
+
+func (v *NullableOAuth2ScopeConsentType) Set(val *OAuth2ScopeConsentType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ScopeConsentType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ScopeConsentType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ScopeConsentType(val *OAuth2ScopeConsentType) *NullableOAuth2ScopeConsentType {
+	return &NullableOAuth2ScopeConsentType{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ScopeConsentType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ScopeConsentType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_scope_metadata_publish.go b/okta/model_o_auth2_scope_metadata_publish.go
new file mode 100644
index 000000000..4ddee986a
--- /dev/null
+++ b/okta/model_o_auth2_scope_metadata_publish.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuth2ScopeMetadataPublish the model 'OAuth2ScopeMetadataPublish'
+type OAuth2ScopeMetadataPublish string
+
+// List of OAuth2ScopeMetadataPublish
+const (
+	OAUTH2SCOPEMETADATAPUBLISH_ALL_CLIENTS OAuth2ScopeMetadataPublish = "ALL_CLIENTS"
+	OAUTH2SCOPEMETADATAPUBLISH_NO_CLIENTS  OAuth2ScopeMetadataPublish = "NO_CLIENTS"
+)
+
+// All allowed values of OAuth2ScopeMetadataPublish enum
+var AllowedOAuth2ScopeMetadataPublishEnumValues = []OAuth2ScopeMetadataPublish{
+	"ALL_CLIENTS",
+	"NO_CLIENTS",
+}
+
+func (v *OAuth2ScopeMetadataPublish) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuth2ScopeMetadataPublish(value)
+	for _, existing := range AllowedOAuth2ScopeMetadataPublishEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuth2ScopeMetadataPublish", value)
+}
+
+// NewOAuth2ScopeMetadataPublishFromValue returns a pointer to a valid OAuth2ScopeMetadataPublish
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuth2ScopeMetadataPublishFromValue(v string) (*OAuth2ScopeMetadataPublish, error) {
+	ev := OAuth2ScopeMetadataPublish(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuth2ScopeMetadataPublish: valid values are %v", v, AllowedOAuth2ScopeMetadataPublishEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuth2ScopeMetadataPublish) IsValid() bool {
+	for _, existing := range AllowedOAuth2ScopeMetadataPublishEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuth2ScopeMetadataPublish value
+func (v OAuth2ScopeMetadataPublish) Ptr() *OAuth2ScopeMetadataPublish {
+	return &v
+}
+
+type NullableOAuth2ScopeMetadataPublish struct {
+	value *OAuth2ScopeMetadataPublish
+	isSet bool
+}
+
+func (v NullableOAuth2ScopeMetadataPublish) Get() *OAuth2ScopeMetadataPublish {
+	return v.value
+}
+
+func (v *NullableOAuth2ScopeMetadataPublish) Set(val *OAuth2ScopeMetadataPublish) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ScopeMetadataPublish) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ScopeMetadataPublish) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ScopeMetadataPublish(val *OAuth2ScopeMetadataPublish) *NullableOAuth2ScopeMetadataPublish {
+	return &NullableOAuth2ScopeMetadataPublish{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ScopeMetadataPublish) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ScopeMetadataPublish) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_scopes_mediation_policy_rule_condition.go b/okta/model_o_auth2_scopes_mediation_policy_rule_condition.go
new file mode 100644
index 000000000..280fbfd4b
--- /dev/null
+++ b/okta/model_o_auth2_scopes_mediation_policy_rule_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuth2ScopesMediationPolicyRuleCondition struct for OAuth2ScopesMediationPolicyRuleCondition
+type OAuth2ScopesMediationPolicyRuleCondition struct {
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2ScopesMediationPolicyRuleCondition OAuth2ScopesMediationPolicyRuleCondition
+
+// NewOAuth2ScopesMediationPolicyRuleCondition instantiates a new OAuth2ScopesMediationPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2ScopesMediationPolicyRuleCondition() *OAuth2ScopesMediationPolicyRuleCondition {
+	this := OAuth2ScopesMediationPolicyRuleCondition{}
+	return &this
+}
+
+// NewOAuth2ScopesMediationPolicyRuleConditionWithDefaults instantiates a new OAuth2ScopesMediationPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2ScopesMediationPolicyRuleConditionWithDefaults() *OAuth2ScopesMediationPolicyRuleCondition {
+	this := OAuth2ScopesMediationPolicyRuleCondition{}
+	return &this
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *OAuth2ScopesMediationPolicyRuleCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ScopesMediationPolicyRuleCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *OAuth2ScopesMediationPolicyRuleCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *OAuth2ScopesMediationPolicyRuleCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o OAuth2ScopesMediationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2ScopesMediationPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2ScopesMediationPolicyRuleCondition := _OAuth2ScopesMediationPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varOAuth2ScopesMediationPolicyRuleCondition)
+	if err == nil {
+		*o = OAuth2ScopesMediationPolicyRuleCondition(varOAuth2ScopesMediationPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2ScopesMediationPolicyRuleCondition struct {
+	value *OAuth2ScopesMediationPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableOAuth2ScopesMediationPolicyRuleCondition) Get() *OAuth2ScopesMediationPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableOAuth2ScopesMediationPolicyRuleCondition) Set(val *OAuth2ScopesMediationPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2ScopesMediationPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2ScopesMediationPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2ScopesMediationPolicyRuleCondition(val *OAuth2ScopesMediationPolicyRuleCondition) *NullableOAuth2ScopesMediationPolicyRuleCondition {
+	return &NullableOAuth2ScopesMediationPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableOAuth2ScopesMediationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2ScopesMediationPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth2_token.go b/okta/model_o_auth2_token.go
new file mode 100644
index 000000000..6c7426aa0
--- /dev/null
+++ b/okta/model_o_auth2_token.go
@@ -0,0 +1,529 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// OAuth2Token struct for OAuth2Token
+type OAuth2Token struct {
+	ClientId             *string                           `json:"clientId,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	ExpiresAt            *time.Time                        `json:"expiresAt,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Issuer               *string                           `json:"issuer,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Scopes               []string                          `json:"scopes,omitempty"`
+	Status               *GrantOrTokenStatus               `json:"status,omitempty"`
+	UserId               *string                           `json:"userId,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuth2Token OAuth2Token
+
+// NewOAuth2Token instantiates a new OAuth2Token object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuth2Token() *OAuth2Token {
+	this := OAuth2Token{}
+	return &this
+}
+
+// NewOAuth2TokenWithDefaults instantiates a new OAuth2Token object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuth2TokenWithDefaults() *OAuth2Token {
+	this := OAuth2Token{}
+	return &this
+}
+
+// GetClientId returns the ClientId field value if set, zero value otherwise.
+func (o *OAuth2Token) GetClientId() string {
+	if o == nil || o.ClientId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetClientIdOk() (*string, bool) {
+	if o == nil || o.ClientId == nil {
+		return nil, false
+	}
+	return o.ClientId, true
+}
+
+// HasClientId returns a boolean if a field has been set.
+func (o *OAuth2Token) HasClientId() bool {
+	if o != nil && o.ClientId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientId gets a reference to the given string and assigns it to the ClientId field.
+func (o *OAuth2Token) SetClientId(v string) {
+	o.ClientId = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *OAuth2Token) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *OAuth2Token) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *OAuth2Token) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *OAuth2Token) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *OAuth2Token) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *OAuth2Token) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *OAuth2Token) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *OAuth2Token) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *OAuth2Token) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *OAuth2Token) GetIssuer() string {
+	if o == nil || o.Issuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetIssuerOk() (*string, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *OAuth2Token) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given string and assigns it to the Issuer field.
+func (o *OAuth2Token) SetIssuer(v string) {
+	o.Issuer = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *OAuth2Token) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *OAuth2Token) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *OAuth2Token) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *OAuth2Token) GetScopes() []string {
+	if o == nil || o.Scopes == nil {
+		var ret []string
+		return ret
+	}
+	return o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetScopesOk() ([]string, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *OAuth2Token) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given []string and assigns it to the Scopes field.
+func (o *OAuth2Token) SetScopes(v []string) {
+	o.Scopes = v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *OAuth2Token) GetStatus() GrantOrTokenStatus {
+	if o == nil || o.Status == nil {
+		var ret GrantOrTokenStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetStatusOk() (*GrantOrTokenStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *OAuth2Token) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given GrantOrTokenStatus and assigns it to the Status field.
+func (o *OAuth2Token) SetStatus(v GrantOrTokenStatus) {
+	o.Status = &v
+}
+
+// GetUserId returns the UserId field value if set, zero value otherwise.
+func (o *OAuth2Token) GetUserId() string {
+	if o == nil || o.UserId == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserId
+}
+
+// GetUserIdOk returns a tuple with the UserId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetUserIdOk() (*string, bool) {
+	if o == nil || o.UserId == nil {
+		return nil, false
+	}
+	return o.UserId, true
+}
+
+// HasUserId returns a boolean if a field has been set.
+func (o *OAuth2Token) HasUserId() bool {
+	if o != nil && o.UserId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserId gets a reference to the given string and assigns it to the UserId field.
+func (o *OAuth2Token) SetUserId(v string) {
+	o.UserId = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *OAuth2Token) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *OAuth2Token) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *OAuth2Token) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OAuth2Token) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Token) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OAuth2Token) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OAuth2Token) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OAuth2Token) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ClientId != nil {
+		toSerialize["clientId"] = o.ClientId
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.UserId != nil {
+		toSerialize["userId"] = o.UserId
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuth2Token) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuth2Token := _OAuth2Token{}
+
+	err = json.Unmarshal(bytes, &varOAuth2Token)
+	if err == nil {
+		*o = OAuth2Token(varOAuth2Token)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "clientId")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "issuer")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "userId")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuth2Token struct {
+	value *OAuth2Token
+	isSet bool
+}
+
+func (v NullableOAuth2Token) Get() *OAuth2Token {
+	return v.value
+}
+
+func (v *NullableOAuth2Token) Set(val *OAuth2Token) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuth2Token) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuth2Token) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuth2Token(val *OAuth2Token) *NullableOAuth2Token {
+	return &NullableOAuth2Token{value: val, isSet: true}
+}
+
+func (v NullableOAuth2Token) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuth2Token) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth_application_credentials.go b/okta/model_o_auth_application_credentials.go
new file mode 100644
index 000000000..efea12baa
--- /dev/null
+++ b/okta/model_o_auth_application_credentials.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuthApplicationCredentials struct for OAuthApplicationCredentials
+type OAuthApplicationCredentials struct {
+	Signing              *ApplicationCredentialsSigning          `json:"signing,omitempty"`
+	UserNameTemplate     *ApplicationCredentialsUsernameTemplate `json:"userNameTemplate,omitempty"`
+	OauthClient          *ApplicationCredentialsOAuthClient      `json:"oauthClient,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuthApplicationCredentials OAuthApplicationCredentials
+
+// NewOAuthApplicationCredentials instantiates a new OAuthApplicationCredentials object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuthApplicationCredentials() *OAuthApplicationCredentials {
+	this := OAuthApplicationCredentials{}
+	return &this
+}
+
+// NewOAuthApplicationCredentialsWithDefaults instantiates a new OAuthApplicationCredentials object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuthApplicationCredentialsWithDefaults() *OAuthApplicationCredentials {
+	this := OAuthApplicationCredentials{}
+	return &this
+}
+
+// GetSigning returns the Signing field value if set, zero value otherwise.
+func (o *OAuthApplicationCredentials) GetSigning() ApplicationCredentialsSigning {
+	if o == nil || o.Signing == nil {
+		var ret ApplicationCredentialsSigning
+		return ret
+	}
+	return *o.Signing
+}
+
+// GetSigningOk returns a tuple with the Signing field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuthApplicationCredentials) GetSigningOk() (*ApplicationCredentialsSigning, bool) {
+	if o == nil || o.Signing == nil {
+		return nil, false
+	}
+	return o.Signing, true
+}
+
+// HasSigning returns a boolean if a field has been set.
+func (o *OAuthApplicationCredentials) HasSigning() bool {
+	if o != nil && o.Signing != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSigning gets a reference to the given ApplicationCredentialsSigning and assigns it to the Signing field.
+func (o *OAuthApplicationCredentials) SetSigning(v ApplicationCredentialsSigning) {
+	o.Signing = &v
+}
+
+// GetUserNameTemplate returns the UserNameTemplate field value if set, zero value otherwise.
+func (o *OAuthApplicationCredentials) GetUserNameTemplate() ApplicationCredentialsUsernameTemplate {
+	if o == nil || o.UserNameTemplate == nil {
+		var ret ApplicationCredentialsUsernameTemplate
+		return ret
+	}
+	return *o.UserNameTemplate
+}
+
+// GetUserNameTemplateOk returns a tuple with the UserNameTemplate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuthApplicationCredentials) GetUserNameTemplateOk() (*ApplicationCredentialsUsernameTemplate, bool) {
+	if o == nil || o.UserNameTemplate == nil {
+		return nil, false
+	}
+	return o.UserNameTemplate, true
+}
+
+// HasUserNameTemplate returns a boolean if a field has been set.
+func (o *OAuthApplicationCredentials) HasUserNameTemplate() bool {
+	if o != nil && o.UserNameTemplate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserNameTemplate gets a reference to the given ApplicationCredentialsUsernameTemplate and assigns it to the UserNameTemplate field.
+func (o *OAuthApplicationCredentials) SetUserNameTemplate(v ApplicationCredentialsUsernameTemplate) {
+	o.UserNameTemplate = &v
+}
+
+// GetOauthClient returns the OauthClient field value if set, zero value otherwise.
+func (o *OAuthApplicationCredentials) GetOauthClient() ApplicationCredentialsOAuthClient {
+	if o == nil || o.OauthClient == nil {
+		var ret ApplicationCredentialsOAuthClient
+		return ret
+	}
+	return *o.OauthClient
+}
+
+// GetOauthClientOk returns a tuple with the OauthClient field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuthApplicationCredentials) GetOauthClientOk() (*ApplicationCredentialsOAuthClient, bool) {
+	if o == nil || o.OauthClient == nil {
+		return nil, false
+	}
+	return o.OauthClient, true
+}
+
+// HasOauthClient returns a boolean if a field has been set.
+func (o *OAuthApplicationCredentials) HasOauthClient() bool {
+	if o != nil && o.OauthClient != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOauthClient gets a reference to the given ApplicationCredentialsOAuthClient and assigns it to the OauthClient field.
+func (o *OAuthApplicationCredentials) SetOauthClient(v ApplicationCredentialsOAuthClient) {
+	o.OauthClient = &v
+}
+
+func (o OAuthApplicationCredentials) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Signing != nil {
+		toSerialize["signing"] = o.Signing
+	}
+	if o.UserNameTemplate != nil {
+		toSerialize["userNameTemplate"] = o.UserNameTemplate
+	}
+	if o.OauthClient != nil {
+		toSerialize["oauthClient"] = o.OauthClient
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuthApplicationCredentials) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuthApplicationCredentials := _OAuthApplicationCredentials{}
+
+	err = json.Unmarshal(bytes, &varOAuthApplicationCredentials)
+	if err == nil {
+		*o = OAuthApplicationCredentials(varOAuthApplicationCredentials)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signing")
+		delete(additionalProperties, "userNameTemplate")
+		delete(additionalProperties, "oauthClient")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuthApplicationCredentials struct {
+	value *OAuthApplicationCredentials
+	isSet bool
+}
+
+func (v NullableOAuthApplicationCredentials) Get() *OAuthApplicationCredentials {
+	return v.value
+}
+
+func (v *NullableOAuthApplicationCredentials) Set(val *OAuthApplicationCredentials) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuthApplicationCredentials) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuthApplicationCredentials) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuthApplicationCredentials(val *OAuthApplicationCredentials) *NullableOAuthApplicationCredentials {
+	return &NullableOAuthApplicationCredentials{value: val, isSet: true}
+}
+
+func (v NullableOAuthApplicationCredentials) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuthApplicationCredentials) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth_application_credentials_all_of.go b/okta/model_o_auth_application_credentials_all_of.go
new file mode 100644
index 000000000..e3fc8b665
--- /dev/null
+++ b/okta/model_o_auth_application_credentials_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OAuthApplicationCredentialsAllOf struct for OAuthApplicationCredentialsAllOf
+type OAuthApplicationCredentialsAllOf struct {
+	OauthClient          *ApplicationCredentialsOAuthClient `json:"oauthClient,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OAuthApplicationCredentialsAllOf OAuthApplicationCredentialsAllOf
+
+// NewOAuthApplicationCredentialsAllOf instantiates a new OAuthApplicationCredentialsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOAuthApplicationCredentialsAllOf() *OAuthApplicationCredentialsAllOf {
+	this := OAuthApplicationCredentialsAllOf{}
+	return &this
+}
+
+// NewOAuthApplicationCredentialsAllOfWithDefaults instantiates a new OAuthApplicationCredentialsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOAuthApplicationCredentialsAllOfWithDefaults() *OAuthApplicationCredentialsAllOf {
+	this := OAuthApplicationCredentialsAllOf{}
+	return &this
+}
+
+// GetOauthClient returns the OauthClient field value if set, zero value otherwise.
+func (o *OAuthApplicationCredentialsAllOf) GetOauthClient() ApplicationCredentialsOAuthClient {
+	if o == nil || o.OauthClient == nil {
+		var ret ApplicationCredentialsOAuthClient
+		return ret
+	}
+	return *o.OauthClient
+}
+
+// GetOauthClientOk returns a tuple with the OauthClient field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuthApplicationCredentialsAllOf) GetOauthClientOk() (*ApplicationCredentialsOAuthClient, bool) {
+	if o == nil || o.OauthClient == nil {
+		return nil, false
+	}
+	return o.OauthClient, true
+}
+
+// HasOauthClient returns a boolean if a field has been set.
+func (o *OAuthApplicationCredentialsAllOf) HasOauthClient() bool {
+	if o != nil && o.OauthClient != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOauthClient gets a reference to the given ApplicationCredentialsOAuthClient and assigns it to the OauthClient field.
+func (o *OAuthApplicationCredentialsAllOf) SetOauthClient(v ApplicationCredentialsOAuthClient) {
+	o.OauthClient = &v
+}
+
+func (o OAuthApplicationCredentialsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.OauthClient != nil {
+		toSerialize["oauthClient"] = o.OauthClient
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OAuthApplicationCredentialsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOAuthApplicationCredentialsAllOf := _OAuthApplicationCredentialsAllOf{}
+
+	err = json.Unmarshal(bytes, &varOAuthApplicationCredentialsAllOf)
+	if err == nil {
+		*o = OAuthApplicationCredentialsAllOf(varOAuthApplicationCredentialsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "oauthClient")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOAuthApplicationCredentialsAllOf struct {
+	value *OAuthApplicationCredentialsAllOf
+	isSet bool
+}
+
+func (v NullableOAuthApplicationCredentialsAllOf) Get() *OAuthApplicationCredentialsAllOf {
+	return v.value
+}
+
+func (v *NullableOAuthApplicationCredentialsAllOf) Set(val *OAuthApplicationCredentialsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuthApplicationCredentialsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuthApplicationCredentialsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuthApplicationCredentialsAllOf(val *OAuthApplicationCredentialsAllOf) *NullableOAuthApplicationCredentialsAllOf {
+	return &NullableOAuthApplicationCredentialsAllOf{value: val, isSet: true}
+}
+
+func (v NullableOAuthApplicationCredentialsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuthApplicationCredentialsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth_endpoint_authentication_method.go b/okta/model_o_auth_endpoint_authentication_method.go
new file mode 100644
index 000000000..763cf2dd7
--- /dev/null
+++ b/okta/model_o_auth_endpoint_authentication_method.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuthEndpointAuthenticationMethod the model 'OAuthEndpointAuthenticationMethod'
+type OAuthEndpointAuthenticationMethod string
+
+// List of OAuthEndpointAuthenticationMethod
+const (
+	OAUTHENDPOINTAUTHENTICATIONMETHOD_CLIENT_SECRET_BASIC OAuthEndpointAuthenticationMethod = "client_secret_basic"
+	OAUTHENDPOINTAUTHENTICATIONMETHOD_CLIENT_SECRET_JWT   OAuthEndpointAuthenticationMethod = "client_secret_jwt"
+	OAUTHENDPOINTAUTHENTICATIONMETHOD_CLIENT_SECRET_POST  OAuthEndpointAuthenticationMethod = "client_secret_post"
+	OAUTHENDPOINTAUTHENTICATIONMETHOD_NONE                OAuthEndpointAuthenticationMethod = "none"
+	OAUTHENDPOINTAUTHENTICATIONMETHOD_PRIVATE_KEY_JWT     OAuthEndpointAuthenticationMethod = "private_key_jwt"
+)
+
+// All allowed values of OAuthEndpointAuthenticationMethod enum
+var AllowedOAuthEndpointAuthenticationMethodEnumValues = []OAuthEndpointAuthenticationMethod{
+	"client_secret_basic",
+	"client_secret_jwt",
+	"client_secret_post",
+	"none",
+	"private_key_jwt",
+}
+
+func (v *OAuthEndpointAuthenticationMethod) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuthEndpointAuthenticationMethod(value)
+	for _, existing := range AllowedOAuthEndpointAuthenticationMethodEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuthEndpointAuthenticationMethod", value)
+}
+
+// NewOAuthEndpointAuthenticationMethodFromValue returns a pointer to a valid OAuthEndpointAuthenticationMethod
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuthEndpointAuthenticationMethodFromValue(v string) (*OAuthEndpointAuthenticationMethod, error) {
+	ev := OAuthEndpointAuthenticationMethod(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuthEndpointAuthenticationMethod: valid values are %v", v, AllowedOAuthEndpointAuthenticationMethodEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuthEndpointAuthenticationMethod) IsValid() bool {
+	for _, existing := range AllowedOAuthEndpointAuthenticationMethodEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuthEndpointAuthenticationMethod value
+func (v OAuthEndpointAuthenticationMethod) Ptr() *OAuthEndpointAuthenticationMethod {
+	return &v
+}
+
+type NullableOAuthEndpointAuthenticationMethod struct {
+	value *OAuthEndpointAuthenticationMethod
+	isSet bool
+}
+
+func (v NullableOAuthEndpointAuthenticationMethod) Get() *OAuthEndpointAuthenticationMethod {
+	return v.value
+}
+
+func (v *NullableOAuthEndpointAuthenticationMethod) Set(val *OAuthEndpointAuthenticationMethod) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuthEndpointAuthenticationMethod) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuthEndpointAuthenticationMethod) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuthEndpointAuthenticationMethod(val *OAuthEndpointAuthenticationMethod) *NullableOAuthEndpointAuthenticationMethod {
+	return &NullableOAuthEndpointAuthenticationMethod{value: val, isSet: true}
+}
+
+func (v NullableOAuthEndpointAuthenticationMethod) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuthEndpointAuthenticationMethod) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth_grant_type.go b/okta/model_o_auth_grant_type.go
new file mode 100644
index 000000000..8d0f29da0
--- /dev/null
+++ b/okta/model_o_auth_grant_type.go
@@ -0,0 +1,138 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuthGrantType the model 'OAuthGrantType'
+type OAuthGrantType string
+
+// List of OAuthGrantType
+const (
+	OAUTHGRANTTYPE_AUTHORIZATION_CODE                         OAuthGrantType = "authorization_code"
+	OAUTHGRANTTYPE_CLIENT_CREDENTIALS                         OAuthGrantType = "client_credentials"
+	OAUTHGRANTTYPE_IMPLICIT                                   OAuthGrantType = "implicit"
+	OAUTHGRANTTYPE_INTERACTION_CODE                           OAuthGrantType = "interaction_code"
+	OAUTHGRANTTYPE_PASSWORD                                   OAuthGrantType = "password"
+	OAUTHGRANTTYPE_REFRESH_TOKEN                              OAuthGrantType = "refresh_token"
+	OAUTHGRANTTYPE_URNIETFPARAMSOAUTHGRANT_TYPEDEVICE_CODE    OAuthGrantType = "urn:ietf:params:oauth:grant-type:device_code"
+	OAUTHGRANTTYPE_URNIETFPARAMSOAUTHGRANT_TYPESAML2_BEARER   OAuthGrantType = "urn:ietf:params:oauth:grant-type:saml2-bearer"
+	OAUTHGRANTTYPE_URNIETFPARAMSOAUTHGRANT_TYPETOKEN_EXCHANGE OAuthGrantType = "urn:ietf:params:oauth:grant-type:token-exchange"
+)
+
+// All allowed values of OAuthGrantType enum
+var AllowedOAuthGrantTypeEnumValues = []OAuthGrantType{
+	"authorization_code",
+	"client_credentials",
+	"implicit",
+	"interaction_code",
+	"password",
+	"refresh_token",
+	"urn:ietf:params:oauth:grant-type:device_code",
+	"urn:ietf:params:oauth:grant-type:saml2-bearer",
+	"urn:ietf:params:oauth:grant-type:token-exchange",
+}
+
+func (v *OAuthGrantType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuthGrantType(value)
+	for _, existing := range AllowedOAuthGrantTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuthGrantType", value)
+}
+
+// NewOAuthGrantTypeFromValue returns a pointer to a valid OAuthGrantType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuthGrantTypeFromValue(v string) (*OAuthGrantType, error) {
+	ev := OAuthGrantType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuthGrantType: valid values are %v", v, AllowedOAuthGrantTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuthGrantType) IsValid() bool {
+	for _, existing := range AllowedOAuthGrantTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuthGrantType value
+func (v OAuthGrantType) Ptr() *OAuthGrantType {
+	return &v
+}
+
+type NullableOAuthGrantType struct {
+	value *OAuthGrantType
+	isSet bool
+}
+
+func (v NullableOAuthGrantType) Get() *OAuthGrantType {
+	return v.value
+}
+
+func (v *NullableOAuthGrantType) Set(val *OAuthGrantType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuthGrantType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuthGrantType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuthGrantType(val *OAuthGrantType) *NullableOAuthGrantType {
+	return &NullableOAuthGrantType{value: val, isSet: true}
+}
+
+func (v NullableOAuthGrantType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuthGrantType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_o_auth_response_type.go b/okta/model_o_auth_response_type.go
new file mode 100644
index 000000000..fc5b9c5dc
--- /dev/null
+++ b/okta/model_o_auth_response_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OAuthResponseType the model 'OAuthResponseType'
+type OAuthResponseType string
+
+// List of OAuthResponseType
+const (
+	OAUTHRESPONSETYPE_CODE     OAuthResponseType = "code"
+	OAUTHRESPONSETYPE_ID_TOKEN OAuthResponseType = "id_token"
+	OAUTHRESPONSETYPE_TOKEN    OAuthResponseType = "token"
+)
+
+// All allowed values of OAuthResponseType enum
+var AllowedOAuthResponseTypeEnumValues = []OAuthResponseType{
+	"code",
+	"id_token",
+	"token",
+}
+
+func (v *OAuthResponseType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OAuthResponseType(value)
+	for _, existing := range AllowedOAuthResponseTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OAuthResponseType", value)
+}
+
+// NewOAuthResponseTypeFromValue returns a pointer to a valid OAuthResponseType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOAuthResponseTypeFromValue(v string) (*OAuthResponseType, error) {
+	ev := OAuthResponseType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OAuthResponseType: valid values are %v", v, AllowedOAuthResponseTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OAuthResponseType) IsValid() bool {
+	for _, existing := range AllowedOAuthResponseTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OAuthResponseType value
+func (v OAuthResponseType) Ptr() *OAuthResponseType {
+	return &v
+}
+
+type NullableOAuthResponseType struct {
+	value *OAuthResponseType
+	isSet bool
+}
+
+func (v NullableOAuthResponseType) Get() *OAuthResponseType {
+	return v.value
+}
+
+func (v *NullableOAuthResponseType) Set(val *OAuthResponseType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOAuthResponseType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOAuthResponseType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOAuthResponseType(val *OAuthResponseType) *NullableOAuthResponseType {
+	return &NullableOAuthResponseType{value: val, isSet: true}
+}
+
+func (v NullableOAuthResponseType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOAuthResponseType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy.go b/okta/model_okta_sign_on_policy.go
new file mode 100644
index 000000000..ae27df5d5
--- /dev/null
+++ b/okta/model_okta_sign_on_policy.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// OktaSignOnPolicy struct for OktaSignOnPolicy
+type OktaSignOnPolicy struct {
+	Policy
+	Conditions           *OktaSignOnPolicyConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OktaSignOnPolicy OktaSignOnPolicy
+
+// NewOktaSignOnPolicy instantiates a new OktaSignOnPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicy() *OktaSignOnPolicy {
+	this := OktaSignOnPolicy{}
+	return &this
+}
+
+// NewOktaSignOnPolicyWithDefaults instantiates a new OktaSignOnPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyWithDefaults() *OktaSignOnPolicy {
+	this := OktaSignOnPolicy{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *OktaSignOnPolicy) GetConditions() OktaSignOnPolicyConditions {
+	if o == nil || o.Conditions == nil {
+		var ret OktaSignOnPolicyConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicy) GetConditionsOk() (*OktaSignOnPolicyConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *OktaSignOnPolicy) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given OktaSignOnPolicyConditions and assigns it to the Conditions field.
+func (o *OktaSignOnPolicy) SetConditions(v OktaSignOnPolicyConditions) {
+	o.Conditions = &v
+}
+
+func (o OktaSignOnPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicy, errPolicy := json.Marshal(o.Policy)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	errPolicy = json.Unmarshal([]byte(serializedPolicy), &toSerialize)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicy) UnmarshalJSON(bytes []byte) (err error) {
+	type OktaSignOnPolicyWithoutEmbeddedStruct struct {
+		Conditions *OktaSignOnPolicyConditions `json:"conditions,omitempty"`
+	}
+
+	varOktaSignOnPolicyWithoutEmbeddedStruct := OktaSignOnPolicyWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyWithoutEmbeddedStruct)
+	if err == nil {
+		varOktaSignOnPolicy := _OktaSignOnPolicy{}
+		varOktaSignOnPolicy.Conditions = varOktaSignOnPolicyWithoutEmbeddedStruct.Conditions
+		*o = OktaSignOnPolicy(varOktaSignOnPolicy)
+	} else {
+		return err
+	}
+
+	varOktaSignOnPolicy := _OktaSignOnPolicy{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicy)
+	if err == nil {
+		o.Policy = varOktaSignOnPolicy.Policy
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicy := reflect.ValueOf(o.Policy)
+		for i := 0; i < reflectPolicy.Type().NumField(); i++ {
+			t := reflectPolicy.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicy struct {
+	value *OktaSignOnPolicy
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicy) Get() *OktaSignOnPolicy {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicy) Set(val *OktaSignOnPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicy(val *OktaSignOnPolicy) *NullableOktaSignOnPolicy {
+	return &NullableOktaSignOnPolicy{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_all_of.go b/okta/model_okta_sign_on_policy_all_of.go
new file mode 100644
index 000000000..5f9aa10e9
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyAllOf struct for OktaSignOnPolicyAllOf
+type OktaSignOnPolicyAllOf struct {
+	Conditions           *OktaSignOnPolicyConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OktaSignOnPolicyAllOf OktaSignOnPolicyAllOf
+
+// NewOktaSignOnPolicyAllOf instantiates a new OktaSignOnPolicyAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyAllOf() *OktaSignOnPolicyAllOf {
+	this := OktaSignOnPolicyAllOf{}
+	return &this
+}
+
+// NewOktaSignOnPolicyAllOfWithDefaults instantiates a new OktaSignOnPolicyAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyAllOfWithDefaults() *OktaSignOnPolicyAllOf {
+	this := OktaSignOnPolicyAllOf{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyAllOf) GetConditions() OktaSignOnPolicyConditions {
+	if o == nil || o.Conditions == nil {
+		var ret OktaSignOnPolicyConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyAllOf) GetConditionsOk() (*OktaSignOnPolicyConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given OktaSignOnPolicyConditions and assigns it to the Conditions field.
+func (o *OktaSignOnPolicyAllOf) SetConditions(v OktaSignOnPolicyConditions) {
+	o.Conditions = &v
+}
+
+func (o OktaSignOnPolicyAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyAllOf := _OktaSignOnPolicyAllOf{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyAllOf)
+	if err == nil {
+		*o = OktaSignOnPolicyAllOf(varOktaSignOnPolicyAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyAllOf struct {
+	value *OktaSignOnPolicyAllOf
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyAllOf) Get() *OktaSignOnPolicyAllOf {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyAllOf) Set(val *OktaSignOnPolicyAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyAllOf(val *OktaSignOnPolicyAllOf) *NullableOktaSignOnPolicyAllOf {
+	return &NullableOktaSignOnPolicyAllOf{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_conditions.go b/okta/model_okta_sign_on_policy_conditions.go
new file mode 100644
index 000000000..d5585a2cf
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_conditions.go
@@ -0,0 +1,898 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyConditions struct for OktaSignOnPolicyConditions
+type OktaSignOnPolicyConditions struct {
+	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
+	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
+	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
+	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
+	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
+	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
+	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
+	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
+	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
+	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
+	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
+	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
+	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
+	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
+	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
+	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
+	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
+	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
+	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
+	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _OktaSignOnPolicyConditions OktaSignOnPolicyConditions
+
+// NewOktaSignOnPolicyConditions instantiates a new OktaSignOnPolicyConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyConditions() *OktaSignOnPolicyConditions {
+	this := OktaSignOnPolicyConditions{}
+	return &this
+}
+
+// NewOktaSignOnPolicyConditionsWithDefaults instantiates a new OktaSignOnPolicyConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyConditionsWithDefaults() *OktaSignOnPolicyConditions {
+	this := OktaSignOnPolicyConditions{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetApp() AppAndInstancePolicyRuleCondition {
+	if o == nil || o.App == nil {
+		var ret AppAndInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given AppAndInstancePolicyRuleCondition and assigns it to the App field.
+func (o *OktaSignOnPolicyConditions) SetApp(v AppAndInstancePolicyRuleCondition) {
+	o.App = &v
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetApps() AppInstancePolicyRuleCondition {
+	if o == nil || o.Apps == nil {
+		var ret AppInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given AppInstancePolicyRuleCondition and assigns it to the Apps field.
+func (o *OktaSignOnPolicyConditions) SetApps(v AppInstancePolicyRuleCondition) {
+	o.Apps = &v
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *OktaSignOnPolicyConditions) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *OktaSignOnPolicyConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetBeforeScheduledAction returns the BeforeScheduledAction field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition {
+	if o == nil || o.BeforeScheduledAction == nil {
+		var ret BeforeScheduledActionPolicyRuleCondition
+		return ret
+	}
+	return *o.BeforeScheduledAction
+}
+
+// GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool) {
+	if o == nil || o.BeforeScheduledAction == nil {
+		return nil, false
+	}
+	return o.BeforeScheduledAction, true
+}
+
+// HasBeforeScheduledAction returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasBeforeScheduledAction() bool {
+	if o != nil && o.BeforeScheduledAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBeforeScheduledAction gets a reference to the given BeforeScheduledActionPolicyRuleCondition and assigns it to the BeforeScheduledAction field.
+func (o *OktaSignOnPolicyConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition) {
+	o.BeforeScheduledAction = &v
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *OktaSignOnPolicyConditions) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetContext returns the Context field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetContext() ContextPolicyRuleCondition {
+	if o == nil || o.Context == nil {
+		var ret ContextPolicyRuleCondition
+		return ret
+	}
+	return *o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetContextOk() (*ContextPolicyRuleCondition, bool) {
+	if o == nil || o.Context == nil {
+		return nil, false
+	}
+	return o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasContext() bool {
+	if o != nil && o.Context != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContext gets a reference to the given ContextPolicyRuleCondition and assigns it to the Context field.
+func (o *OktaSignOnPolicyConditions) SetContext(v ContextPolicyRuleCondition) {
+	o.Context = &v
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetDevice() DevicePolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DevicePolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DevicePolicyRuleCondition and assigns it to the Device field.
+func (o *OktaSignOnPolicyConditions) SetDevice(v DevicePolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *OktaSignOnPolicyConditions) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetGroups() GroupPolicyRuleCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupPolicyRuleCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupPolicyRuleCondition and assigns it to the Groups field.
+func (o *OktaSignOnPolicyConditions) SetGroups(v GroupPolicyRuleCondition) {
+	o.Groups = &v
+}
+
+// GetIdentityProvider returns the IdentityProvider field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition {
+	if o == nil || o.IdentityProvider == nil {
+		var ret IdentityProviderPolicyRuleCondition
+		return ret
+	}
+	return *o.IdentityProvider
+}
+
+// GetIdentityProviderOk returns a tuple with the IdentityProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool) {
+	if o == nil || o.IdentityProvider == nil {
+		return nil, false
+	}
+	return o.IdentityProvider, true
+}
+
+// HasIdentityProvider returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasIdentityProvider() bool {
+	if o != nil && o.IdentityProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityProvider gets a reference to the given IdentityProviderPolicyRuleCondition and assigns it to the IdentityProvider field.
+func (o *OktaSignOnPolicyConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition) {
+	o.IdentityProvider = &v
+}
+
+// GetMdmEnrollment returns the MdmEnrollment field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition {
+	if o == nil || o.MdmEnrollment == nil {
+		var ret MDMEnrollmentPolicyRuleCondition
+		return ret
+	}
+	return *o.MdmEnrollment
+}
+
+// GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool) {
+	if o == nil || o.MdmEnrollment == nil {
+		return nil, false
+	}
+	return o.MdmEnrollment, true
+}
+
+// HasMdmEnrollment returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasMdmEnrollment() bool {
+	if o != nil && o.MdmEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMdmEnrollment gets a reference to the given MDMEnrollmentPolicyRuleCondition and assigns it to the MdmEnrollment field.
+func (o *OktaSignOnPolicyConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition) {
+	o.MdmEnrollment = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *OktaSignOnPolicyConditions) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *OktaSignOnPolicyConditions) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetPlatform() PlatformPolicyRuleCondition {
+	if o == nil || o.Platform == nil {
+		var ret PlatformPolicyRuleCondition
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given PlatformPolicyRuleCondition and assigns it to the Platform field.
+func (o *OktaSignOnPolicyConditions) SetPlatform(v PlatformPolicyRuleCondition) {
+	o.Platform = &v
+}
+
+// GetRisk returns the Risk field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetRisk() RiskPolicyRuleCondition {
+	if o == nil || o.Risk == nil {
+		var ret RiskPolicyRuleCondition
+		return ret
+	}
+	return *o.Risk
+}
+
+// GetRiskOk returns a tuple with the Risk field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool) {
+	if o == nil || o.Risk == nil {
+		return nil, false
+	}
+	return o.Risk, true
+}
+
+// HasRisk returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasRisk() bool {
+	if o != nil && o.Risk != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRisk gets a reference to the given RiskPolicyRuleCondition and assigns it to the Risk field.
+func (o *OktaSignOnPolicyConditions) SetRisk(v RiskPolicyRuleCondition) {
+	o.Risk = &v
+}
+
+// GetRiskScore returns the RiskScore field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetRiskScore() RiskScorePolicyRuleCondition {
+	if o == nil || o.RiskScore == nil {
+		var ret RiskScorePolicyRuleCondition
+		return ret
+	}
+	return *o.RiskScore
+}
+
+// GetRiskScoreOk returns a tuple with the RiskScore field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool) {
+	if o == nil || o.RiskScore == nil {
+		return nil, false
+	}
+	return o.RiskScore, true
+}
+
+// HasRiskScore returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasRiskScore() bool {
+	if o != nil && o.RiskScore != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskScore gets a reference to the given RiskScorePolicyRuleCondition and assigns it to the RiskScore field.
+func (o *OktaSignOnPolicyConditions) SetRiskScore(v RiskScorePolicyRuleCondition) {
+	o.RiskScore = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *OktaSignOnPolicyConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+// GetUserIdentifier returns the UserIdentifier field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition {
+	if o == nil || o.UserIdentifier == nil {
+		var ret UserIdentifierPolicyRuleCondition
+		return ret
+	}
+	return *o.UserIdentifier
+}
+
+// GetUserIdentifierOk returns a tuple with the UserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool) {
+	if o == nil || o.UserIdentifier == nil {
+		return nil, false
+	}
+	return o.UserIdentifier, true
+}
+
+// HasUserIdentifier returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasUserIdentifier() bool {
+	if o != nil && o.UserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserIdentifier gets a reference to the given UserIdentifierPolicyRuleCondition and assigns it to the UserIdentifier field.
+func (o *OktaSignOnPolicyConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition) {
+	o.UserIdentifier = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetUsers() UserPolicyRuleCondition {
+	if o == nil || o.Users == nil {
+		var ret UserPolicyRuleCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetUsersOk() (*UserPolicyRuleCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserPolicyRuleCondition and assigns it to the Users field.
+func (o *OktaSignOnPolicyConditions) SetUsers(v UserPolicyRuleCondition) {
+	o.Users = &v
+}
+
+// GetUserStatus returns the UserStatus field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditions) GetUserStatus() UserStatusPolicyRuleCondition {
+	if o == nil || o.UserStatus == nil {
+		var ret UserStatusPolicyRuleCondition
+		return ret
+	}
+	return *o.UserStatus
+}
+
+// GetUserStatusOk returns a tuple with the UserStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool) {
+	if o == nil || o.UserStatus == nil {
+		return nil, false
+	}
+	return o.UserStatus, true
+}
+
+// HasUserStatus returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditions) HasUserStatus() bool {
+	if o != nil && o.UserStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserStatus gets a reference to the given UserStatusPolicyRuleCondition and assigns it to the UserStatus field.
+func (o *OktaSignOnPolicyConditions) SetUserStatus(v UserStatusPolicyRuleCondition) {
+	o.UserStatus = &v
+}
+
+func (o OktaSignOnPolicyConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.BeforeScheduledAction != nil {
+		toSerialize["beforeScheduledAction"] = o.BeforeScheduledAction
+	}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.Context != nil {
+		toSerialize["context"] = o.Context
+	}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.IdentityProvider != nil {
+		toSerialize["identityProvider"] = o.IdentityProvider
+	}
+	if o.MdmEnrollment != nil {
+		toSerialize["mdmEnrollment"] = o.MdmEnrollment
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Risk != nil {
+		toSerialize["risk"] = o.Risk
+	}
+	if o.RiskScore != nil {
+		toSerialize["riskScore"] = o.RiskScore
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.UserIdentifier != nil {
+		toSerialize["userIdentifier"] = o.UserIdentifier
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.UserStatus != nil {
+		toSerialize["userStatus"] = o.UserStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyConditions := _OktaSignOnPolicyConditions{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyConditions)
+	if err == nil {
+		*o = OktaSignOnPolicyConditions(varOktaSignOnPolicyConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "beforeScheduledAction")
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "context")
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "identityProvider")
+		delete(additionalProperties, "mdmEnrollment")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "risk")
+		delete(additionalProperties, "riskScore")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "userIdentifier")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "userStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyConditions struct {
+	value *OktaSignOnPolicyConditions
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyConditions) Get() *OktaSignOnPolicyConditions {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyConditions) Set(val *OktaSignOnPolicyConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyConditions(val *OktaSignOnPolicyConditions) *NullableOktaSignOnPolicyConditions {
+	return &NullableOktaSignOnPolicyConditions{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_conditions_all_of.go b/okta/model_okta_sign_on_policy_conditions_all_of.go
new file mode 100644
index 000000000..941a83e90
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_conditions_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyConditionsAllOf struct for OktaSignOnPolicyConditionsAllOf
+type OktaSignOnPolicyConditionsAllOf struct {
+	People               *PolicyPeopleCondition `json:"people,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OktaSignOnPolicyConditionsAllOf OktaSignOnPolicyConditionsAllOf
+
+// NewOktaSignOnPolicyConditionsAllOf instantiates a new OktaSignOnPolicyConditionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyConditionsAllOf() *OktaSignOnPolicyConditionsAllOf {
+	this := OktaSignOnPolicyConditionsAllOf{}
+	return &this
+}
+
+// NewOktaSignOnPolicyConditionsAllOfWithDefaults instantiates a new OktaSignOnPolicyConditionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyConditionsAllOfWithDefaults() *OktaSignOnPolicyConditionsAllOf {
+	this := OktaSignOnPolicyConditionsAllOf{}
+	return &this
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyConditionsAllOf) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyConditionsAllOf) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *OktaSignOnPolicyConditionsAllOf) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+func (o OktaSignOnPolicyConditionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyConditionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyConditionsAllOf := _OktaSignOnPolicyConditionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyConditionsAllOf)
+	if err == nil {
+		*o = OktaSignOnPolicyConditionsAllOf(varOktaSignOnPolicyConditionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "people")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyConditionsAllOf struct {
+	value *OktaSignOnPolicyConditionsAllOf
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyConditionsAllOf) Get() *OktaSignOnPolicyConditionsAllOf {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyConditionsAllOf) Set(val *OktaSignOnPolicyConditionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyConditionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyConditionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyConditionsAllOf(val *OktaSignOnPolicyConditionsAllOf) *NullableOktaSignOnPolicyConditionsAllOf {
+	return &NullableOktaSignOnPolicyConditionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyConditionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyConditionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_factor_prompt_mode.go b/okta/model_okta_sign_on_policy_factor_prompt_mode.go
new file mode 100644
index 000000000..1a975b878
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_factor_prompt_mode.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OktaSignOnPolicyFactorPromptMode the model 'OktaSignOnPolicyFactorPromptMode'
+type OktaSignOnPolicyFactorPromptMode string
+
+// List of OktaSignOnPolicyFactorPromptMode
+const (
+	OKTASIGNONPOLICYFACTORPROMPTMODE_ALWAYS  OktaSignOnPolicyFactorPromptMode = "ALWAYS"
+	OKTASIGNONPOLICYFACTORPROMPTMODE_DEVICE  OktaSignOnPolicyFactorPromptMode = "DEVICE"
+	OKTASIGNONPOLICYFACTORPROMPTMODE_SESSION OktaSignOnPolicyFactorPromptMode = "SESSION"
+)
+
+// All allowed values of OktaSignOnPolicyFactorPromptMode enum
+var AllowedOktaSignOnPolicyFactorPromptModeEnumValues = []OktaSignOnPolicyFactorPromptMode{
+	"ALWAYS",
+	"DEVICE",
+	"SESSION",
+}
+
+func (v *OktaSignOnPolicyFactorPromptMode) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OktaSignOnPolicyFactorPromptMode(value)
+	for _, existing := range AllowedOktaSignOnPolicyFactorPromptModeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OktaSignOnPolicyFactorPromptMode", value)
+}
+
+// NewOktaSignOnPolicyFactorPromptModeFromValue returns a pointer to a valid OktaSignOnPolicyFactorPromptMode
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOktaSignOnPolicyFactorPromptModeFromValue(v string) (*OktaSignOnPolicyFactorPromptMode, error) {
+	ev := OktaSignOnPolicyFactorPromptMode(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OktaSignOnPolicyFactorPromptMode: valid values are %v", v, AllowedOktaSignOnPolicyFactorPromptModeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OktaSignOnPolicyFactorPromptMode) IsValid() bool {
+	for _, existing := range AllowedOktaSignOnPolicyFactorPromptModeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OktaSignOnPolicyFactorPromptMode value
+func (v OktaSignOnPolicyFactorPromptMode) Ptr() *OktaSignOnPolicyFactorPromptMode {
+	return &v
+}
+
+type NullableOktaSignOnPolicyFactorPromptMode struct {
+	value *OktaSignOnPolicyFactorPromptMode
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyFactorPromptMode) Get() *OktaSignOnPolicyFactorPromptMode {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyFactorPromptMode) Set(val *OktaSignOnPolicyFactorPromptMode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyFactorPromptMode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyFactorPromptMode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyFactorPromptMode(val *OktaSignOnPolicyFactorPromptMode) *NullableOktaSignOnPolicyFactorPromptMode {
+	return &NullableOktaSignOnPolicyFactorPromptMode{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyFactorPromptMode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyFactorPromptMode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule.go b/okta/model_okta_sign_on_policy_rule.go
new file mode 100644
index 000000000..5b822f4ee
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule.go
@@ -0,0 +1,244 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// OktaSignOnPolicyRule struct for OktaSignOnPolicyRule
+type OktaSignOnPolicyRule struct {
+	PolicyRule
+	Actions              *OktaSignOnPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *OktaSignOnPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OktaSignOnPolicyRule OktaSignOnPolicyRule
+
+// NewOktaSignOnPolicyRule instantiates a new OktaSignOnPolicyRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRule() *OktaSignOnPolicyRule {
+	this := OktaSignOnPolicyRule{}
+	var system bool = false
+	this.System = &system
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleWithDefaults instantiates a new OktaSignOnPolicyRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleWithDefaults() *OktaSignOnPolicyRule {
+	this := OktaSignOnPolicyRule{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRule) GetActions() OktaSignOnPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret OktaSignOnPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRule) GetActionsOk() (*OktaSignOnPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRule) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given OktaSignOnPolicyRuleActions and assigns it to the Actions field.
+func (o *OktaSignOnPolicyRule) SetActions(v OktaSignOnPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRule) GetConditions() OktaSignOnPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret OktaSignOnPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRule) GetConditionsOk() (*OktaSignOnPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRule) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given OktaSignOnPolicyRuleConditions and assigns it to the Conditions field.
+func (o *OktaSignOnPolicyRule) SetConditions(v OktaSignOnPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o OktaSignOnPolicyRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicyRule, errPolicyRule := json.Marshal(o.PolicyRule)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	errPolicyRule = json.Unmarshal([]byte(serializedPolicyRule), &toSerialize)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRule) UnmarshalJSON(bytes []byte) (err error) {
+	type OktaSignOnPolicyRuleWithoutEmbeddedStruct struct {
+		Actions    *OktaSignOnPolicyRuleActions    `json:"actions,omitempty"`
+		Conditions *OktaSignOnPolicyRuleConditions `json:"conditions,omitempty"`
+	}
+
+	varOktaSignOnPolicyRuleWithoutEmbeddedStruct := OktaSignOnPolicyRuleWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleWithoutEmbeddedStruct)
+	if err == nil {
+		varOktaSignOnPolicyRule := _OktaSignOnPolicyRule{}
+		varOktaSignOnPolicyRule.Actions = varOktaSignOnPolicyRuleWithoutEmbeddedStruct.Actions
+		varOktaSignOnPolicyRule.Conditions = varOktaSignOnPolicyRuleWithoutEmbeddedStruct.Conditions
+		*o = OktaSignOnPolicyRule(varOktaSignOnPolicyRule)
+	} else {
+		return err
+	}
+
+	varOktaSignOnPolicyRule := _OktaSignOnPolicyRule{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRule)
+	if err == nil {
+		o.PolicyRule = varOktaSignOnPolicyRule.PolicyRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicyRule := reflect.ValueOf(o.PolicyRule)
+		for i := 0; i < reflectPolicyRule.Type().NumField(); i++ {
+			t := reflectPolicyRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRule struct {
+	value *OktaSignOnPolicyRule
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRule) Get() *OktaSignOnPolicyRule {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRule) Set(val *OktaSignOnPolicyRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRule(val *OktaSignOnPolicyRule) *NullableOktaSignOnPolicyRule {
+	return &NullableOktaSignOnPolicyRule{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule_actions.go b/okta/model_okta_sign_on_policy_rule_actions.go
new file mode 100644
index 000000000..6e94650ae
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule_actions.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyRuleActions struct for OktaSignOnPolicyRuleActions
+type OktaSignOnPolicyRuleActions struct {
+	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
+	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
+	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
+	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
+	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
+	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _OktaSignOnPolicyRuleActions OktaSignOnPolicyRuleActions
+
+// NewOktaSignOnPolicyRuleActions instantiates a new OktaSignOnPolicyRuleActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRuleActions() *OktaSignOnPolicyRuleActions {
+	this := OktaSignOnPolicyRuleActions{}
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleActionsWithDefaults instantiates a new OktaSignOnPolicyRuleActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleActionsWithDefaults() *OktaSignOnPolicyRuleActions {
+	this := OktaSignOnPolicyRuleActions{}
+	return &this
+}
+
+// GetEnroll returns the Enroll field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll {
+	if o == nil || o.Enroll == nil {
+		var ret PolicyRuleActionsEnroll
+		return ret
+	}
+	return *o.Enroll
+}
+
+// GetEnrollOk returns a tuple with the Enroll field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool) {
+	if o == nil || o.Enroll == nil {
+		return nil, false
+	}
+	return o.Enroll, true
+}
+
+// HasEnroll returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleActions) HasEnroll() bool {
+	if o != nil && o.Enroll != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnroll gets a reference to the given PolicyRuleActionsEnroll and assigns it to the Enroll field.
+func (o *OktaSignOnPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll) {
+	o.Enroll = &v
+}
+
+// GetIdp returns the Idp field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleActions) GetIdp() IdpPolicyRuleAction {
+	if o == nil || o.Idp == nil {
+		var ret IdpPolicyRuleAction
+		return ret
+	}
+	return *o.Idp
+}
+
+// GetIdpOk returns a tuple with the Idp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool) {
+	if o == nil || o.Idp == nil {
+		return nil, false
+	}
+	return o.Idp, true
+}
+
+// HasIdp returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleActions) HasIdp() bool {
+	if o != nil && o.Idp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdp gets a reference to the given IdpPolicyRuleAction and assigns it to the Idp field.
+func (o *OktaSignOnPolicyRuleActions) SetIdp(v IdpPolicyRuleAction) {
+	o.Idp = &v
+}
+
+// GetPasswordChange returns the PasswordChange field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction {
+	if o == nil || o.PasswordChange == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.PasswordChange
+}
+
+// GetPasswordChangeOk returns a tuple with the PasswordChange field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.PasswordChange == nil {
+		return nil, false
+	}
+	return o.PasswordChange, true
+}
+
+// HasPasswordChange returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleActions) HasPasswordChange() bool {
+	if o != nil && o.PasswordChange != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChange gets a reference to the given PasswordPolicyRuleAction and assigns it to the PasswordChange field.
+func (o *OktaSignOnPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction) {
+	o.PasswordChange = &v
+}
+
+// GetSelfServicePasswordReset returns the SelfServicePasswordReset field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServicePasswordReset
+}
+
+// GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		return nil, false
+	}
+	return o.SelfServicePasswordReset, true
+}
+
+// HasSelfServicePasswordReset returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleActions) HasSelfServicePasswordReset() bool {
+	if o != nil && o.SelfServicePasswordReset != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServicePasswordReset gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServicePasswordReset field.
+func (o *OktaSignOnPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction) {
+	o.SelfServicePasswordReset = &v
+}
+
+// GetSelfServiceUnlock returns the SelfServiceUnlock field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServiceUnlock == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServiceUnlock
+}
+
+// GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServiceUnlock == nil {
+		return nil, false
+	}
+	return o.SelfServiceUnlock, true
+}
+
+// HasSelfServiceUnlock returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleActions) HasSelfServiceUnlock() bool {
+	if o != nil && o.SelfServiceUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServiceUnlock gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServiceUnlock field.
+func (o *OktaSignOnPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction) {
+	o.SelfServiceUnlock = &v
+}
+
+// GetSignon returns the Signon field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions {
+	if o == nil || o.Signon == nil {
+		var ret OktaSignOnPolicyRuleSignonActions
+		return ret
+	}
+	return *o.Signon
+}
+
+// GetSignonOk returns a tuple with the Signon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool) {
+	if o == nil || o.Signon == nil {
+		return nil, false
+	}
+	return o.Signon, true
+}
+
+// HasSignon returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleActions) HasSignon() bool {
+	if o != nil && o.Signon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignon gets a reference to the given OktaSignOnPolicyRuleSignonActions and assigns it to the Signon field.
+func (o *OktaSignOnPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions) {
+	o.Signon = &v
+}
+
+func (o OktaSignOnPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enroll != nil {
+		toSerialize["enroll"] = o.Enroll
+	}
+	if o.Idp != nil {
+		toSerialize["idp"] = o.Idp
+	}
+	if o.PasswordChange != nil {
+		toSerialize["passwordChange"] = o.PasswordChange
+	}
+	if o.SelfServicePasswordReset != nil {
+		toSerialize["selfServicePasswordReset"] = o.SelfServicePasswordReset
+	}
+	if o.SelfServiceUnlock != nil {
+		toSerialize["selfServiceUnlock"] = o.SelfServiceUnlock
+	}
+	if o.Signon != nil {
+		toSerialize["signon"] = o.Signon
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRuleActions) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyRuleActions := _OktaSignOnPolicyRuleActions{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleActions)
+	if err == nil {
+		*o = OktaSignOnPolicyRuleActions(varOktaSignOnPolicyRuleActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enroll")
+		delete(additionalProperties, "idp")
+		delete(additionalProperties, "passwordChange")
+		delete(additionalProperties, "selfServicePasswordReset")
+		delete(additionalProperties, "selfServiceUnlock")
+		delete(additionalProperties, "signon")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRuleActions struct {
+	value *OktaSignOnPolicyRuleActions
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRuleActions) Get() *OktaSignOnPolicyRuleActions {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRuleActions) Set(val *OktaSignOnPolicyRuleActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRuleActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRuleActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRuleActions(val *OktaSignOnPolicyRuleActions) *NullableOktaSignOnPolicyRuleActions {
+	return &NullableOktaSignOnPolicyRuleActions{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRuleActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule_actions_all_of.go b/okta/model_okta_sign_on_policy_rule_actions_all_of.go
new file mode 100644
index 000000000..cd9262196
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule_actions_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyRuleActionsAllOf struct for OktaSignOnPolicyRuleActionsAllOf
+type OktaSignOnPolicyRuleActionsAllOf struct {
+	Signon               *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OktaSignOnPolicyRuleActionsAllOf OktaSignOnPolicyRuleActionsAllOf
+
+// NewOktaSignOnPolicyRuleActionsAllOf instantiates a new OktaSignOnPolicyRuleActionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRuleActionsAllOf() *OktaSignOnPolicyRuleActionsAllOf {
+	this := OktaSignOnPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleActionsAllOfWithDefaults instantiates a new OktaSignOnPolicyRuleActionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleActionsAllOfWithDefaults() *OktaSignOnPolicyRuleActionsAllOf {
+	this := OktaSignOnPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// GetSignon returns the Signon field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleActionsAllOf) GetSignon() OktaSignOnPolicyRuleSignonActions {
+	if o == nil || o.Signon == nil {
+		var ret OktaSignOnPolicyRuleSignonActions
+		return ret
+	}
+	return *o.Signon
+}
+
+// GetSignonOk returns a tuple with the Signon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleActionsAllOf) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool) {
+	if o == nil || o.Signon == nil {
+		return nil, false
+	}
+	return o.Signon, true
+}
+
+// HasSignon returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleActionsAllOf) HasSignon() bool {
+	if o != nil && o.Signon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignon gets a reference to the given OktaSignOnPolicyRuleSignonActions and assigns it to the Signon field.
+func (o *OktaSignOnPolicyRuleActionsAllOf) SetSignon(v OktaSignOnPolicyRuleSignonActions) {
+	o.Signon = &v
+}
+
+func (o OktaSignOnPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Signon != nil {
+		toSerialize["signon"] = o.Signon
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRuleActionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyRuleActionsAllOf := _OktaSignOnPolicyRuleActionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleActionsAllOf)
+	if err == nil {
+		*o = OktaSignOnPolicyRuleActionsAllOf(varOktaSignOnPolicyRuleActionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signon")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRuleActionsAllOf struct {
+	value *OktaSignOnPolicyRuleActionsAllOf
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRuleActionsAllOf) Get() *OktaSignOnPolicyRuleActionsAllOf {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRuleActionsAllOf) Set(val *OktaSignOnPolicyRuleActionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRuleActionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRuleActionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRuleActionsAllOf(val *OktaSignOnPolicyRuleActionsAllOf) *NullableOktaSignOnPolicyRuleActionsAllOf {
+	return &NullableOktaSignOnPolicyRuleActionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRuleActionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule_all_of.go b/okta/model_okta_sign_on_policy_rule_all_of.go
new file mode 100644
index 000000000..f4528d093
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyRuleAllOf struct for OktaSignOnPolicyRuleAllOf
+type OktaSignOnPolicyRuleAllOf struct {
+	Actions              *OktaSignOnPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *OktaSignOnPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OktaSignOnPolicyRuleAllOf OktaSignOnPolicyRuleAllOf
+
+// NewOktaSignOnPolicyRuleAllOf instantiates a new OktaSignOnPolicyRuleAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRuleAllOf() *OktaSignOnPolicyRuleAllOf {
+	this := OktaSignOnPolicyRuleAllOf{}
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleAllOfWithDefaults instantiates a new OktaSignOnPolicyRuleAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleAllOfWithDefaults() *OktaSignOnPolicyRuleAllOf {
+	this := OktaSignOnPolicyRuleAllOf{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleAllOf) GetActions() OktaSignOnPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret OktaSignOnPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleAllOf) GetActionsOk() (*OktaSignOnPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleAllOf) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given OktaSignOnPolicyRuleActions and assigns it to the Actions field.
+func (o *OktaSignOnPolicyRuleAllOf) SetActions(v OktaSignOnPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleAllOf) GetConditions() OktaSignOnPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret OktaSignOnPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleAllOf) GetConditionsOk() (*OktaSignOnPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given OktaSignOnPolicyRuleConditions and assigns it to the Conditions field.
+func (o *OktaSignOnPolicyRuleAllOf) SetConditions(v OktaSignOnPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o OktaSignOnPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRuleAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyRuleAllOf := _OktaSignOnPolicyRuleAllOf{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleAllOf)
+	if err == nil {
+		*o = OktaSignOnPolicyRuleAllOf(varOktaSignOnPolicyRuleAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRuleAllOf struct {
+	value *OktaSignOnPolicyRuleAllOf
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRuleAllOf) Get() *OktaSignOnPolicyRuleAllOf {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRuleAllOf) Set(val *OktaSignOnPolicyRuleAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRuleAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRuleAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRuleAllOf(val *OktaSignOnPolicyRuleAllOf) *NullableOktaSignOnPolicyRuleAllOf {
+	return &NullableOktaSignOnPolicyRuleAllOf{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRuleAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule_conditions.go b/okta/model_okta_sign_on_policy_rule_conditions.go
new file mode 100644
index 000000000..f5b03ba64
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule_conditions.go
@@ -0,0 +1,898 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyRuleConditions struct for OktaSignOnPolicyRuleConditions
+type OktaSignOnPolicyRuleConditions struct {
+	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
+	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
+	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
+	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
+	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
+	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
+	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
+	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
+	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
+	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
+	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
+	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
+	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
+	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
+	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
+	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
+	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
+	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
+	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
+	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _OktaSignOnPolicyRuleConditions OktaSignOnPolicyRuleConditions
+
+// NewOktaSignOnPolicyRuleConditions instantiates a new OktaSignOnPolicyRuleConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRuleConditions() *OktaSignOnPolicyRuleConditions {
+	this := OktaSignOnPolicyRuleConditions{}
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleConditionsWithDefaults instantiates a new OktaSignOnPolicyRuleConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleConditionsWithDefaults() *OktaSignOnPolicyRuleConditions {
+	this := OktaSignOnPolicyRuleConditions{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition {
+	if o == nil || o.App == nil {
+		var ret AppAndInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given AppAndInstancePolicyRuleCondition and assigns it to the App field.
+func (o *OktaSignOnPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition) {
+	o.App = &v
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition {
+	if o == nil || o.Apps == nil {
+		var ret AppInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given AppInstancePolicyRuleCondition and assigns it to the Apps field.
+func (o *OktaSignOnPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition) {
+	o.Apps = &v
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *OktaSignOnPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *OktaSignOnPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetBeforeScheduledAction returns the BeforeScheduledAction field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition {
+	if o == nil || o.BeforeScheduledAction == nil {
+		var ret BeforeScheduledActionPolicyRuleCondition
+		return ret
+	}
+	return *o.BeforeScheduledAction
+}
+
+// GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool) {
+	if o == nil || o.BeforeScheduledAction == nil {
+		return nil, false
+	}
+	return o.BeforeScheduledAction, true
+}
+
+// HasBeforeScheduledAction returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasBeforeScheduledAction() bool {
+	if o != nil && o.BeforeScheduledAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBeforeScheduledAction gets a reference to the given BeforeScheduledActionPolicyRuleCondition and assigns it to the BeforeScheduledAction field.
+func (o *OktaSignOnPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition) {
+	o.BeforeScheduledAction = &v
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *OktaSignOnPolicyRuleConditions) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetContext returns the Context field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetContext() ContextPolicyRuleCondition {
+	if o == nil || o.Context == nil {
+		var ret ContextPolicyRuleCondition
+		return ret
+	}
+	return *o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool) {
+	if o == nil || o.Context == nil {
+		return nil, false
+	}
+	return o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasContext() bool {
+	if o != nil && o.Context != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContext gets a reference to the given ContextPolicyRuleCondition and assigns it to the Context field.
+func (o *OktaSignOnPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition) {
+	o.Context = &v
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetDevice() DevicePolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DevicePolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DevicePolicyRuleCondition and assigns it to the Device field.
+func (o *OktaSignOnPolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *OktaSignOnPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupPolicyRuleCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupPolicyRuleCondition and assigns it to the Groups field.
+func (o *OktaSignOnPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition) {
+	o.Groups = &v
+}
+
+// GetIdentityProvider returns the IdentityProvider field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition {
+	if o == nil || o.IdentityProvider == nil {
+		var ret IdentityProviderPolicyRuleCondition
+		return ret
+	}
+	return *o.IdentityProvider
+}
+
+// GetIdentityProviderOk returns a tuple with the IdentityProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool) {
+	if o == nil || o.IdentityProvider == nil {
+		return nil, false
+	}
+	return o.IdentityProvider, true
+}
+
+// HasIdentityProvider returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasIdentityProvider() bool {
+	if o != nil && o.IdentityProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityProvider gets a reference to the given IdentityProviderPolicyRuleCondition and assigns it to the IdentityProvider field.
+func (o *OktaSignOnPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition) {
+	o.IdentityProvider = &v
+}
+
+// GetMdmEnrollment returns the MdmEnrollment field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition {
+	if o == nil || o.MdmEnrollment == nil {
+		var ret MDMEnrollmentPolicyRuleCondition
+		return ret
+	}
+	return *o.MdmEnrollment
+}
+
+// GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool) {
+	if o == nil || o.MdmEnrollment == nil {
+		return nil, false
+	}
+	return o.MdmEnrollment, true
+}
+
+// HasMdmEnrollment returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasMdmEnrollment() bool {
+	if o != nil && o.MdmEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMdmEnrollment gets a reference to the given MDMEnrollmentPolicyRuleCondition and assigns it to the MdmEnrollment field.
+func (o *OktaSignOnPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition) {
+	o.MdmEnrollment = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *OktaSignOnPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *OktaSignOnPolicyRuleConditions) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition {
+	if o == nil || o.Platform == nil {
+		var ret PlatformPolicyRuleCondition
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given PlatformPolicyRuleCondition and assigns it to the Platform field.
+func (o *OktaSignOnPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition) {
+	o.Platform = &v
+}
+
+// GetRisk returns the Risk field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition {
+	if o == nil || o.Risk == nil {
+		var ret RiskPolicyRuleCondition
+		return ret
+	}
+	return *o.Risk
+}
+
+// GetRiskOk returns a tuple with the Risk field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool) {
+	if o == nil || o.Risk == nil {
+		return nil, false
+	}
+	return o.Risk, true
+}
+
+// HasRisk returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasRisk() bool {
+	if o != nil && o.Risk != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRisk gets a reference to the given RiskPolicyRuleCondition and assigns it to the Risk field.
+func (o *OktaSignOnPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition) {
+	o.Risk = &v
+}
+
+// GetRiskScore returns the RiskScore field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition {
+	if o == nil || o.RiskScore == nil {
+		var ret RiskScorePolicyRuleCondition
+		return ret
+	}
+	return *o.RiskScore
+}
+
+// GetRiskScoreOk returns a tuple with the RiskScore field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool) {
+	if o == nil || o.RiskScore == nil {
+		return nil, false
+	}
+	return o.RiskScore, true
+}
+
+// HasRiskScore returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasRiskScore() bool {
+	if o != nil && o.RiskScore != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskScore gets a reference to the given RiskScorePolicyRuleCondition and assigns it to the RiskScore field.
+func (o *OktaSignOnPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition) {
+	o.RiskScore = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *OktaSignOnPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+// GetUserIdentifier returns the UserIdentifier field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition {
+	if o == nil || o.UserIdentifier == nil {
+		var ret UserIdentifierPolicyRuleCondition
+		return ret
+	}
+	return *o.UserIdentifier
+}
+
+// GetUserIdentifierOk returns a tuple with the UserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool) {
+	if o == nil || o.UserIdentifier == nil {
+		return nil, false
+	}
+	return o.UserIdentifier, true
+}
+
+// HasUserIdentifier returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasUserIdentifier() bool {
+	if o != nil && o.UserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserIdentifier gets a reference to the given UserIdentifierPolicyRuleCondition and assigns it to the UserIdentifier field.
+func (o *OktaSignOnPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition) {
+	o.UserIdentifier = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetUsers() UserPolicyRuleCondition {
+	if o == nil || o.Users == nil {
+		var ret UserPolicyRuleCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserPolicyRuleCondition and assigns it to the Users field.
+func (o *OktaSignOnPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition) {
+	o.Users = &v
+}
+
+// GetUserStatus returns the UserStatus field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition {
+	if o == nil || o.UserStatus == nil {
+		var ret UserStatusPolicyRuleCondition
+		return ret
+	}
+	return *o.UserStatus
+}
+
+// GetUserStatusOk returns a tuple with the UserStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool) {
+	if o == nil || o.UserStatus == nil {
+		return nil, false
+	}
+	return o.UserStatus, true
+}
+
+// HasUserStatus returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditions) HasUserStatus() bool {
+	if o != nil && o.UserStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserStatus gets a reference to the given UserStatusPolicyRuleCondition and assigns it to the UserStatus field.
+func (o *OktaSignOnPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition) {
+	o.UserStatus = &v
+}
+
+func (o OktaSignOnPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.BeforeScheduledAction != nil {
+		toSerialize["beforeScheduledAction"] = o.BeforeScheduledAction
+	}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.Context != nil {
+		toSerialize["context"] = o.Context
+	}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.IdentityProvider != nil {
+		toSerialize["identityProvider"] = o.IdentityProvider
+	}
+	if o.MdmEnrollment != nil {
+		toSerialize["mdmEnrollment"] = o.MdmEnrollment
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Risk != nil {
+		toSerialize["risk"] = o.Risk
+	}
+	if o.RiskScore != nil {
+		toSerialize["riskScore"] = o.RiskScore
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.UserIdentifier != nil {
+		toSerialize["userIdentifier"] = o.UserIdentifier
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.UserStatus != nil {
+		toSerialize["userStatus"] = o.UserStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRuleConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyRuleConditions := _OktaSignOnPolicyRuleConditions{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleConditions)
+	if err == nil {
+		*o = OktaSignOnPolicyRuleConditions(varOktaSignOnPolicyRuleConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "beforeScheduledAction")
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "context")
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "identityProvider")
+		delete(additionalProperties, "mdmEnrollment")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "risk")
+		delete(additionalProperties, "riskScore")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "userIdentifier")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "userStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRuleConditions struct {
+	value *OktaSignOnPolicyRuleConditions
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRuleConditions) Get() *OktaSignOnPolicyRuleConditions {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRuleConditions) Set(val *OktaSignOnPolicyRuleConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRuleConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRuleConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRuleConditions(val *OktaSignOnPolicyRuleConditions) *NullableOktaSignOnPolicyRuleConditions {
+	return &NullableOktaSignOnPolicyRuleConditions{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRuleConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule_conditions_all_of.go b/okta/model_okta_sign_on_policy_rule_conditions_all_of.go
new file mode 100644
index 000000000..d5b35a952
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule_conditions_all_of.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyRuleConditionsAllOf struct for OktaSignOnPolicyRuleConditionsAllOf
+type OktaSignOnPolicyRuleConditionsAllOf struct {
+	AuthContext          *PolicyRuleAuthContextCondition `json:"authContext,omitempty"`
+	Network              *PolicyNetworkCondition         `json:"network,omitempty"`
+	People               *PolicyPeopleCondition          `json:"people,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OktaSignOnPolicyRuleConditionsAllOf OktaSignOnPolicyRuleConditionsAllOf
+
+// NewOktaSignOnPolicyRuleConditionsAllOf instantiates a new OktaSignOnPolicyRuleConditionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRuleConditionsAllOf() *OktaSignOnPolicyRuleConditionsAllOf {
+	this := OktaSignOnPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleConditionsAllOfWithDefaults instantiates a new OktaSignOnPolicyRuleConditionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleConditionsAllOfWithDefaults() *OktaSignOnPolicyRuleConditionsAllOf {
+	this := OktaSignOnPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *OktaSignOnPolicyRuleConditionsAllOf) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+func (o OktaSignOnPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRuleConditionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyRuleConditionsAllOf := _OktaSignOnPolicyRuleConditionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleConditionsAllOf)
+	if err == nil {
+		*o = OktaSignOnPolicyRuleConditionsAllOf(varOktaSignOnPolicyRuleConditionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRuleConditionsAllOf struct {
+	value *OktaSignOnPolicyRuleConditionsAllOf
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRuleConditionsAllOf) Get() *OktaSignOnPolicyRuleConditionsAllOf {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRuleConditionsAllOf) Set(val *OktaSignOnPolicyRuleConditionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRuleConditionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRuleConditionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRuleConditionsAllOf(val *OktaSignOnPolicyRuleConditionsAllOf) *NullableOktaSignOnPolicyRuleConditionsAllOf {
+	return &NullableOktaSignOnPolicyRuleConditionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRuleConditionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule_signon_actions.go b/okta/model_okta_sign_on_policy_rule_signon_actions.go
new file mode 100644
index 000000000..8f81ce961
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule_signon_actions.go
@@ -0,0 +1,351 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyRuleSignonActions struct for OktaSignOnPolicyRuleSignonActions
+type OktaSignOnPolicyRuleSignonActions struct {
+	Access                  *PolicyAccess                             `json:"access,omitempty"`
+	FactorLifetime          *int32                                    `json:"factorLifetime,omitempty"`
+	FactorPromptMode        *OktaSignOnPolicyFactorPromptMode         `json:"factorPromptMode,omitempty"`
+	RememberDeviceByDefault *bool                                     `json:"rememberDeviceByDefault,omitempty"`
+	RequireFactor           *bool                                     `json:"requireFactor,omitempty"`
+	Session                 *OktaSignOnPolicyRuleSignonSessionActions `json:"session,omitempty"`
+	AdditionalProperties    map[string]interface{}
+}
+
+type _OktaSignOnPolicyRuleSignonActions OktaSignOnPolicyRuleSignonActions
+
+// NewOktaSignOnPolicyRuleSignonActions instantiates a new OktaSignOnPolicyRuleSignonActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRuleSignonActions() *OktaSignOnPolicyRuleSignonActions {
+	this := OktaSignOnPolicyRuleSignonActions{}
+	var rememberDeviceByDefault bool = false
+	this.RememberDeviceByDefault = &rememberDeviceByDefault
+	var requireFactor bool = false
+	this.RequireFactor = &requireFactor
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleSignonActionsWithDefaults instantiates a new OktaSignOnPolicyRuleSignonActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleSignonActionsWithDefaults() *OktaSignOnPolicyRuleSignonActions {
+	this := OktaSignOnPolicyRuleSignonActions{}
+	var rememberDeviceByDefault bool = false
+	this.RememberDeviceByDefault = &rememberDeviceByDefault
+	var requireFactor bool = false
+	this.RequireFactor = &requireFactor
+	return &this
+}
+
+// GetAccess returns the Access field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonActions) GetAccess() PolicyAccess {
+	if o == nil || o.Access == nil {
+		var ret PolicyAccess
+		return ret
+	}
+	return *o.Access
+}
+
+// GetAccessOk returns a tuple with the Access field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) GetAccessOk() (*PolicyAccess, bool) {
+	if o == nil || o.Access == nil {
+		return nil, false
+	}
+	return o.Access, true
+}
+
+// HasAccess returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) HasAccess() bool {
+	if o != nil && o.Access != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccess gets a reference to the given PolicyAccess and assigns it to the Access field.
+func (o *OktaSignOnPolicyRuleSignonActions) SetAccess(v PolicyAccess) {
+	o.Access = &v
+}
+
+// GetFactorLifetime returns the FactorLifetime field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonActions) GetFactorLifetime() int32 {
+	if o == nil || o.FactorLifetime == nil {
+		var ret int32
+		return ret
+	}
+	return *o.FactorLifetime
+}
+
+// GetFactorLifetimeOk returns a tuple with the FactorLifetime field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) GetFactorLifetimeOk() (*int32, bool) {
+	if o == nil || o.FactorLifetime == nil {
+		return nil, false
+	}
+	return o.FactorLifetime, true
+}
+
+// HasFactorLifetime returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) HasFactorLifetime() bool {
+	if o != nil && o.FactorLifetime != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorLifetime gets a reference to the given int32 and assigns it to the FactorLifetime field.
+func (o *OktaSignOnPolicyRuleSignonActions) SetFactorLifetime(v int32) {
+	o.FactorLifetime = &v
+}
+
+// GetFactorPromptMode returns the FactorPromptMode field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonActions) GetFactorPromptMode() OktaSignOnPolicyFactorPromptMode {
+	if o == nil || o.FactorPromptMode == nil {
+		var ret OktaSignOnPolicyFactorPromptMode
+		return ret
+	}
+	return *o.FactorPromptMode
+}
+
+// GetFactorPromptModeOk returns a tuple with the FactorPromptMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) GetFactorPromptModeOk() (*OktaSignOnPolicyFactorPromptMode, bool) {
+	if o == nil || o.FactorPromptMode == nil {
+		return nil, false
+	}
+	return o.FactorPromptMode, true
+}
+
+// HasFactorPromptMode returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) HasFactorPromptMode() bool {
+	if o != nil && o.FactorPromptMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorPromptMode gets a reference to the given OktaSignOnPolicyFactorPromptMode and assigns it to the FactorPromptMode field.
+func (o *OktaSignOnPolicyRuleSignonActions) SetFactorPromptMode(v OktaSignOnPolicyFactorPromptMode) {
+	o.FactorPromptMode = &v
+}
+
+// GetRememberDeviceByDefault returns the RememberDeviceByDefault field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonActions) GetRememberDeviceByDefault() bool {
+	if o == nil || o.RememberDeviceByDefault == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RememberDeviceByDefault
+}
+
+// GetRememberDeviceByDefaultOk returns a tuple with the RememberDeviceByDefault field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) GetRememberDeviceByDefaultOk() (*bool, bool) {
+	if o == nil || o.RememberDeviceByDefault == nil {
+		return nil, false
+	}
+	return o.RememberDeviceByDefault, true
+}
+
+// HasRememberDeviceByDefault returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) HasRememberDeviceByDefault() bool {
+	if o != nil && o.RememberDeviceByDefault != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRememberDeviceByDefault gets a reference to the given bool and assigns it to the RememberDeviceByDefault field.
+func (o *OktaSignOnPolicyRuleSignonActions) SetRememberDeviceByDefault(v bool) {
+	o.RememberDeviceByDefault = &v
+}
+
+// GetRequireFactor returns the RequireFactor field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonActions) GetRequireFactor() bool {
+	if o == nil || o.RequireFactor == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RequireFactor
+}
+
+// GetRequireFactorOk returns a tuple with the RequireFactor field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) GetRequireFactorOk() (*bool, bool) {
+	if o == nil || o.RequireFactor == nil {
+		return nil, false
+	}
+	return o.RequireFactor, true
+}
+
+// HasRequireFactor returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) HasRequireFactor() bool {
+	if o != nil && o.RequireFactor != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequireFactor gets a reference to the given bool and assigns it to the RequireFactor field.
+func (o *OktaSignOnPolicyRuleSignonActions) SetRequireFactor(v bool) {
+	o.RequireFactor = &v
+}
+
+// GetSession returns the Session field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonActions) GetSession() OktaSignOnPolicyRuleSignonSessionActions {
+	if o == nil || o.Session == nil {
+		var ret OktaSignOnPolicyRuleSignonSessionActions
+		return ret
+	}
+	return *o.Session
+}
+
+// GetSessionOk returns a tuple with the Session field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) GetSessionOk() (*OktaSignOnPolicyRuleSignonSessionActions, bool) {
+	if o == nil || o.Session == nil {
+		return nil, false
+	}
+	return o.Session, true
+}
+
+// HasSession returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonActions) HasSession() bool {
+	if o != nil && o.Session != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSession gets a reference to the given OktaSignOnPolicyRuleSignonSessionActions and assigns it to the Session field.
+func (o *OktaSignOnPolicyRuleSignonActions) SetSession(v OktaSignOnPolicyRuleSignonSessionActions) {
+	o.Session = &v
+}
+
+func (o OktaSignOnPolicyRuleSignonActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Access != nil {
+		toSerialize["access"] = o.Access
+	}
+	if o.FactorLifetime != nil {
+		toSerialize["factorLifetime"] = o.FactorLifetime
+	}
+	if o.FactorPromptMode != nil {
+		toSerialize["factorPromptMode"] = o.FactorPromptMode
+	}
+	if o.RememberDeviceByDefault != nil {
+		toSerialize["rememberDeviceByDefault"] = o.RememberDeviceByDefault
+	}
+	if o.RequireFactor != nil {
+		toSerialize["requireFactor"] = o.RequireFactor
+	}
+	if o.Session != nil {
+		toSerialize["session"] = o.Session
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRuleSignonActions) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyRuleSignonActions := _OktaSignOnPolicyRuleSignonActions{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleSignonActions)
+	if err == nil {
+		*o = OktaSignOnPolicyRuleSignonActions(varOktaSignOnPolicyRuleSignonActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "access")
+		delete(additionalProperties, "factorLifetime")
+		delete(additionalProperties, "factorPromptMode")
+		delete(additionalProperties, "rememberDeviceByDefault")
+		delete(additionalProperties, "requireFactor")
+		delete(additionalProperties, "session")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRuleSignonActions struct {
+	value *OktaSignOnPolicyRuleSignonActions
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRuleSignonActions) Get() *OktaSignOnPolicyRuleSignonActions {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRuleSignonActions) Set(val *OktaSignOnPolicyRuleSignonActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRuleSignonActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRuleSignonActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRuleSignonActions(val *OktaSignOnPolicyRuleSignonActions) *NullableOktaSignOnPolicyRuleSignonActions {
+	return &NullableOktaSignOnPolicyRuleSignonActions{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRuleSignonActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRuleSignonActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_okta_sign_on_policy_rule_signon_session_actions.go b/okta/model_okta_sign_on_policy_rule_signon_session_actions.go
new file mode 100644
index 000000000..88e9fa0d1
--- /dev/null
+++ b/okta/model_okta_sign_on_policy_rule_signon_session_actions.go
@@ -0,0 +1,236 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OktaSignOnPolicyRuleSignonSessionActions struct for OktaSignOnPolicyRuleSignonSessionActions
+type OktaSignOnPolicyRuleSignonSessionActions struct {
+	MaxSessionIdleMinutes     *int32 `json:"maxSessionIdleMinutes,omitempty"`
+	MaxSessionLifetimeMinutes *int32 `json:"maxSessionLifetimeMinutes,omitempty"`
+	UsePersistentCookie       *bool  `json:"usePersistentCookie,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _OktaSignOnPolicyRuleSignonSessionActions OktaSignOnPolicyRuleSignonSessionActions
+
+// NewOktaSignOnPolicyRuleSignonSessionActions instantiates a new OktaSignOnPolicyRuleSignonSessionActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOktaSignOnPolicyRuleSignonSessionActions() *OktaSignOnPolicyRuleSignonSessionActions {
+	this := OktaSignOnPolicyRuleSignonSessionActions{}
+	var usePersistentCookie bool = false
+	this.UsePersistentCookie = &usePersistentCookie
+	return &this
+}
+
+// NewOktaSignOnPolicyRuleSignonSessionActionsWithDefaults instantiates a new OktaSignOnPolicyRuleSignonSessionActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOktaSignOnPolicyRuleSignonSessionActionsWithDefaults() *OktaSignOnPolicyRuleSignonSessionActions {
+	this := OktaSignOnPolicyRuleSignonSessionActions{}
+	var usePersistentCookie bool = false
+	this.UsePersistentCookie = &usePersistentCookie
+	return &this
+}
+
+// GetMaxSessionIdleMinutes returns the MaxSessionIdleMinutes field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionIdleMinutes() int32 {
+	if o == nil || o.MaxSessionIdleMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxSessionIdleMinutes
+}
+
+// GetMaxSessionIdleMinutesOk returns a tuple with the MaxSessionIdleMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionIdleMinutesOk() (*int32, bool) {
+	if o == nil || o.MaxSessionIdleMinutes == nil {
+		return nil, false
+	}
+	return o.MaxSessionIdleMinutes, true
+}
+
+// HasMaxSessionIdleMinutes returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) HasMaxSessionIdleMinutes() bool {
+	if o != nil && o.MaxSessionIdleMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxSessionIdleMinutes gets a reference to the given int32 and assigns it to the MaxSessionIdleMinutes field.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) SetMaxSessionIdleMinutes(v int32) {
+	o.MaxSessionIdleMinutes = &v
+}
+
+// GetMaxSessionLifetimeMinutes returns the MaxSessionLifetimeMinutes field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionLifetimeMinutes() int32 {
+	if o == nil || o.MaxSessionLifetimeMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxSessionLifetimeMinutes
+}
+
+// GetMaxSessionLifetimeMinutesOk returns a tuple with the MaxSessionLifetimeMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) GetMaxSessionLifetimeMinutesOk() (*int32, bool) {
+	if o == nil || o.MaxSessionLifetimeMinutes == nil {
+		return nil, false
+	}
+	return o.MaxSessionLifetimeMinutes, true
+}
+
+// HasMaxSessionLifetimeMinutes returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) HasMaxSessionLifetimeMinutes() bool {
+	if o != nil && o.MaxSessionLifetimeMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxSessionLifetimeMinutes gets a reference to the given int32 and assigns it to the MaxSessionLifetimeMinutes field.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) SetMaxSessionLifetimeMinutes(v int32) {
+	o.MaxSessionLifetimeMinutes = &v
+}
+
+// GetUsePersistentCookie returns the UsePersistentCookie field value if set, zero value otherwise.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) GetUsePersistentCookie() bool {
+	if o == nil || o.UsePersistentCookie == nil {
+		var ret bool
+		return ret
+	}
+	return *o.UsePersistentCookie
+}
+
+// GetUsePersistentCookieOk returns a tuple with the UsePersistentCookie field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) GetUsePersistentCookieOk() (*bool, bool) {
+	if o == nil || o.UsePersistentCookie == nil {
+		return nil, false
+	}
+	return o.UsePersistentCookie, true
+}
+
+// HasUsePersistentCookie returns a boolean if a field has been set.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) HasUsePersistentCookie() bool {
+	if o != nil && o.UsePersistentCookie != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsePersistentCookie gets a reference to the given bool and assigns it to the UsePersistentCookie field.
+func (o *OktaSignOnPolicyRuleSignonSessionActions) SetUsePersistentCookie(v bool) {
+	o.UsePersistentCookie = &v
+}
+
+func (o OktaSignOnPolicyRuleSignonSessionActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MaxSessionIdleMinutes != nil {
+		toSerialize["maxSessionIdleMinutes"] = o.MaxSessionIdleMinutes
+	}
+	if o.MaxSessionLifetimeMinutes != nil {
+		toSerialize["maxSessionLifetimeMinutes"] = o.MaxSessionLifetimeMinutes
+	}
+	if o.UsePersistentCookie != nil {
+		toSerialize["usePersistentCookie"] = o.UsePersistentCookie
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OktaSignOnPolicyRuleSignonSessionActions) UnmarshalJSON(bytes []byte) (err error) {
+	varOktaSignOnPolicyRuleSignonSessionActions := _OktaSignOnPolicyRuleSignonSessionActions{}
+
+	err = json.Unmarshal(bytes, &varOktaSignOnPolicyRuleSignonSessionActions)
+	if err == nil {
+		*o = OktaSignOnPolicyRuleSignonSessionActions(varOktaSignOnPolicyRuleSignonSessionActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "maxSessionIdleMinutes")
+		delete(additionalProperties, "maxSessionLifetimeMinutes")
+		delete(additionalProperties, "usePersistentCookie")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOktaSignOnPolicyRuleSignonSessionActions struct {
+	value *OktaSignOnPolicyRuleSignonSessionActions
+	isSet bool
+}
+
+func (v NullableOktaSignOnPolicyRuleSignonSessionActions) Get() *OktaSignOnPolicyRuleSignonSessionActions {
+	return v.value
+}
+
+func (v *NullableOktaSignOnPolicyRuleSignonSessionActions) Set(val *OktaSignOnPolicyRuleSignonSessionActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOktaSignOnPolicyRuleSignonSessionActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOktaSignOnPolicyRuleSignonSessionActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOktaSignOnPolicyRuleSignonSessionActions(val *OktaSignOnPolicyRuleSignonSessionActions) *NullableOktaSignOnPolicyRuleSignonSessionActions {
+	return &NullableOktaSignOnPolicyRuleSignonSessionActions{value: val, isSet: true}
+}
+
+func (v NullableOktaSignOnPolicyRuleSignonSessionActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOktaSignOnPolicyRuleSignonSessionActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application.go b/okta/model_open_id_connect_application.go
new file mode 100644
index 000000000..2d3bd2dcc
--- /dev/null
+++ b/okta/model_open_id_connect_application.go
@@ -0,0 +1,285 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// OpenIdConnectApplication struct for OpenIdConnectApplication
+type OpenIdConnectApplication struct {
+	Application
+	Credentials          *OAuthApplicationCredentials      `json:"credentials,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Settings             *OpenIdConnectApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OpenIdConnectApplication OpenIdConnectApplication
+
+// NewOpenIdConnectApplication instantiates a new OpenIdConnectApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplication() *OpenIdConnectApplication {
+	this := OpenIdConnectApplication{}
+	var name string = "oidc_client"
+	this.Name = &name
+	return &this
+}
+
+// NewOpenIdConnectApplicationWithDefaults instantiates a new OpenIdConnectApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationWithDefaults() *OpenIdConnectApplication {
+	this := OpenIdConnectApplication{}
+	var name string = "oidc_client"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *OpenIdConnectApplication) GetCredentials() OAuthApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret OAuthApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplication) GetCredentialsOk() (*OAuthApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *OpenIdConnectApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given OAuthApplicationCredentials and assigns it to the Credentials field.
+func (o *OpenIdConnectApplication) SetCredentials(v OAuthApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *OpenIdConnectApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *OpenIdConnectApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *OpenIdConnectApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *OpenIdConnectApplication) GetSettings() OpenIdConnectApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret OpenIdConnectApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplication) GetSettingsOk() (*OpenIdConnectApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *OpenIdConnectApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given OpenIdConnectApplicationSettings and assigns it to the Settings field.
+func (o *OpenIdConnectApplication) SetSettings(v OpenIdConnectApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o OpenIdConnectApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type OpenIdConnectApplicationWithoutEmbeddedStruct struct {
+		Credentials *OAuthApplicationCredentials      `json:"credentials,omitempty"`
+		Name        *string                           `json:"name,omitempty"`
+		Settings    *OpenIdConnectApplicationSettings `json:"settings,omitempty"`
+	}
+
+	varOpenIdConnectApplicationWithoutEmbeddedStruct := OpenIdConnectApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varOpenIdConnectApplication := _OpenIdConnectApplication{}
+		varOpenIdConnectApplication.Credentials = varOpenIdConnectApplicationWithoutEmbeddedStruct.Credentials
+		varOpenIdConnectApplication.Name = varOpenIdConnectApplicationWithoutEmbeddedStruct.Name
+		varOpenIdConnectApplication.Settings = varOpenIdConnectApplicationWithoutEmbeddedStruct.Settings
+		*o = OpenIdConnectApplication(varOpenIdConnectApplication)
+	} else {
+		return err
+	}
+
+	varOpenIdConnectApplication := _OpenIdConnectApplication{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplication)
+	if err == nil {
+		o.Application = varOpenIdConnectApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplication struct {
+	value *OpenIdConnectApplication
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplication) Get() *OpenIdConnectApplication {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplication) Set(val *OpenIdConnectApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplication(val *OpenIdConnectApplication) *NullableOpenIdConnectApplication {
+	return &NullableOpenIdConnectApplication{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_all_of.go b/okta/model_open_id_connect_application_all_of.go
new file mode 100644
index 000000000..b254dc1b0
--- /dev/null
+++ b/okta/model_open_id_connect_application_all_of.go
@@ -0,0 +1,236 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OpenIdConnectApplicationAllOf struct for OpenIdConnectApplicationAllOf
+type OpenIdConnectApplicationAllOf struct {
+	Credentials          *OAuthApplicationCredentials      `json:"credentials,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Settings             *OpenIdConnectApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OpenIdConnectApplicationAllOf OpenIdConnectApplicationAllOf
+
+// NewOpenIdConnectApplicationAllOf instantiates a new OpenIdConnectApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplicationAllOf() *OpenIdConnectApplicationAllOf {
+	this := OpenIdConnectApplicationAllOf{}
+	var name string = "oidc_client"
+	this.Name = &name
+	return &this
+}
+
+// NewOpenIdConnectApplicationAllOfWithDefaults instantiates a new OpenIdConnectApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationAllOfWithDefaults() *OpenIdConnectApplicationAllOf {
+	this := OpenIdConnectApplicationAllOf{}
+	var name string = "oidc_client"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationAllOf) GetCredentials() OAuthApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret OAuthApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationAllOf) GetCredentialsOk() (*OAuthApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given OAuthApplicationCredentials and assigns it to the Credentials field.
+func (o *OpenIdConnectApplicationAllOf) SetCredentials(v OAuthApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *OpenIdConnectApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationAllOf) GetSettings() OpenIdConnectApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret OpenIdConnectApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationAllOf) GetSettingsOk() (*OpenIdConnectApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given OpenIdConnectApplicationSettings and assigns it to the Settings field.
+func (o *OpenIdConnectApplicationAllOf) SetSettings(v OpenIdConnectApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o OpenIdConnectApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOpenIdConnectApplicationAllOf := _OpenIdConnectApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationAllOf)
+	if err == nil {
+		*o = OpenIdConnectApplicationAllOf(varOpenIdConnectApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplicationAllOf struct {
+	value *OpenIdConnectApplicationAllOf
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationAllOf) Get() *OpenIdConnectApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationAllOf) Set(val *OpenIdConnectApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationAllOf(val *OpenIdConnectApplicationAllOf) *NullableOpenIdConnectApplicationAllOf {
+	return &NullableOpenIdConnectApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_consent_method.go b/okta/model_open_id_connect_application_consent_method.go
new file mode 100644
index 000000000..00c5faf6c
--- /dev/null
+++ b/okta/model_open_id_connect_application_consent_method.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OpenIdConnectApplicationConsentMethod the model 'OpenIdConnectApplicationConsentMethod'
+type OpenIdConnectApplicationConsentMethod string
+
+// List of OpenIdConnectApplicationConsentMethod
+const (
+	OPENIDCONNECTAPPLICATIONCONSENTMETHOD_REQUIRED OpenIdConnectApplicationConsentMethod = "REQUIRED"
+	OPENIDCONNECTAPPLICATIONCONSENTMETHOD_TRUSTED  OpenIdConnectApplicationConsentMethod = "TRUSTED"
+)
+
+// All allowed values of OpenIdConnectApplicationConsentMethod enum
+var AllowedOpenIdConnectApplicationConsentMethodEnumValues = []OpenIdConnectApplicationConsentMethod{
+	"REQUIRED",
+	"TRUSTED",
+}
+
+func (v *OpenIdConnectApplicationConsentMethod) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OpenIdConnectApplicationConsentMethod(value)
+	for _, existing := range AllowedOpenIdConnectApplicationConsentMethodEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OpenIdConnectApplicationConsentMethod", value)
+}
+
+// NewOpenIdConnectApplicationConsentMethodFromValue returns a pointer to a valid OpenIdConnectApplicationConsentMethod
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOpenIdConnectApplicationConsentMethodFromValue(v string) (*OpenIdConnectApplicationConsentMethod, error) {
+	ev := OpenIdConnectApplicationConsentMethod(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OpenIdConnectApplicationConsentMethod: valid values are %v", v, AllowedOpenIdConnectApplicationConsentMethodEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OpenIdConnectApplicationConsentMethod) IsValid() bool {
+	for _, existing := range AllowedOpenIdConnectApplicationConsentMethodEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OpenIdConnectApplicationConsentMethod value
+func (v OpenIdConnectApplicationConsentMethod) Ptr() *OpenIdConnectApplicationConsentMethod {
+	return &v
+}
+
+type NullableOpenIdConnectApplicationConsentMethod struct {
+	value *OpenIdConnectApplicationConsentMethod
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationConsentMethod) Get() *OpenIdConnectApplicationConsentMethod {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationConsentMethod) Set(val *OpenIdConnectApplicationConsentMethod) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationConsentMethod) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationConsentMethod) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationConsentMethod(val *OpenIdConnectApplicationConsentMethod) *NullableOpenIdConnectApplicationConsentMethod {
+	return &NullableOpenIdConnectApplicationConsentMethod{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationConsentMethod) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationConsentMethod) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_idp_initiated_login.go b/okta/model_open_id_connect_application_idp_initiated_login.go
new file mode 100644
index 000000000..be95bebb5
--- /dev/null
+++ b/okta/model_open_id_connect_application_idp_initiated_login.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OpenIdConnectApplicationIdpInitiatedLogin struct for OpenIdConnectApplicationIdpInitiatedLogin
+type OpenIdConnectApplicationIdpInitiatedLogin struct {
+	DefaultScope         []string `json:"default_scope,omitempty"`
+	Mode                 *string  `json:"mode,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OpenIdConnectApplicationIdpInitiatedLogin OpenIdConnectApplicationIdpInitiatedLogin
+
+// NewOpenIdConnectApplicationIdpInitiatedLogin instantiates a new OpenIdConnectApplicationIdpInitiatedLogin object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplicationIdpInitiatedLogin() *OpenIdConnectApplicationIdpInitiatedLogin {
+	this := OpenIdConnectApplicationIdpInitiatedLogin{}
+	return &this
+}
+
+// NewOpenIdConnectApplicationIdpInitiatedLoginWithDefaults instantiates a new OpenIdConnectApplicationIdpInitiatedLogin object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationIdpInitiatedLoginWithDefaults() *OpenIdConnectApplicationIdpInitiatedLogin {
+	this := OpenIdConnectApplicationIdpInitiatedLogin{}
+	return &this
+}
+
+// GetDefaultScope returns the DefaultScope field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetDefaultScope() []string {
+	if o == nil || o.DefaultScope == nil {
+		var ret []string
+		return ret
+	}
+	return o.DefaultScope
+}
+
+// GetDefaultScopeOk returns a tuple with the DefaultScope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetDefaultScopeOk() ([]string, bool) {
+	if o == nil || o.DefaultScope == nil {
+		return nil, false
+	}
+	return o.DefaultScope, true
+}
+
+// HasDefaultScope returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) HasDefaultScope() bool {
+	if o != nil && o.DefaultScope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefaultScope gets a reference to the given []string and assigns it to the DefaultScope field.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) SetDefaultScope(v []string) {
+	o.DefaultScope = v
+}
+
+// GetMode returns the Mode field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetMode() string {
+	if o == nil || o.Mode == nil {
+		var ret string
+		return ret
+	}
+	return *o.Mode
+}
+
+// GetModeOk returns a tuple with the Mode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) GetModeOk() (*string, bool) {
+	if o == nil || o.Mode == nil {
+		return nil, false
+	}
+	return o.Mode, true
+}
+
+// HasMode returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) HasMode() bool {
+	if o != nil && o.Mode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMode gets a reference to the given string and assigns it to the Mode field.
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) SetMode(v string) {
+	o.Mode = &v
+}
+
+func (o OpenIdConnectApplicationIdpInitiatedLogin) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DefaultScope != nil {
+		toSerialize["default_scope"] = o.DefaultScope
+	}
+	if o.Mode != nil {
+		toSerialize["mode"] = o.Mode
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplicationIdpInitiatedLogin) UnmarshalJSON(bytes []byte) (err error) {
+	varOpenIdConnectApplicationIdpInitiatedLogin := _OpenIdConnectApplicationIdpInitiatedLogin{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationIdpInitiatedLogin)
+	if err == nil {
+		*o = OpenIdConnectApplicationIdpInitiatedLogin(varOpenIdConnectApplicationIdpInitiatedLogin)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "default_scope")
+		delete(additionalProperties, "mode")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplicationIdpInitiatedLogin struct {
+	value *OpenIdConnectApplicationIdpInitiatedLogin
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationIdpInitiatedLogin) Get() *OpenIdConnectApplicationIdpInitiatedLogin {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationIdpInitiatedLogin) Set(val *OpenIdConnectApplicationIdpInitiatedLogin) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationIdpInitiatedLogin) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationIdpInitiatedLogin) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationIdpInitiatedLogin(val *OpenIdConnectApplicationIdpInitiatedLogin) *NullableOpenIdConnectApplicationIdpInitiatedLogin {
+	return &NullableOpenIdConnectApplicationIdpInitiatedLogin{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationIdpInitiatedLogin) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationIdpInitiatedLogin) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_issuer_mode.go b/okta/model_open_id_connect_application_issuer_mode.go
new file mode 100644
index 000000000..2fa793feb
--- /dev/null
+++ b/okta/model_open_id_connect_application_issuer_mode.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OpenIdConnectApplicationIssuerMode the model 'OpenIdConnectApplicationIssuerMode'
+type OpenIdConnectApplicationIssuerMode string
+
+// List of OpenIdConnectApplicationIssuerMode
+const (
+	OPENIDCONNECTAPPLICATIONISSUERMODE_CUSTOM_URL OpenIdConnectApplicationIssuerMode = "CUSTOM_URL"
+	OPENIDCONNECTAPPLICATIONISSUERMODE_DYNAMIC    OpenIdConnectApplicationIssuerMode = "DYNAMIC"
+	OPENIDCONNECTAPPLICATIONISSUERMODE_ORG_URL    OpenIdConnectApplicationIssuerMode = "ORG_URL"
+)
+
+// All allowed values of OpenIdConnectApplicationIssuerMode enum
+var AllowedOpenIdConnectApplicationIssuerModeEnumValues = []OpenIdConnectApplicationIssuerMode{
+	"CUSTOM_URL",
+	"DYNAMIC",
+	"ORG_URL",
+}
+
+func (v *OpenIdConnectApplicationIssuerMode) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OpenIdConnectApplicationIssuerMode(value)
+	for _, existing := range AllowedOpenIdConnectApplicationIssuerModeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OpenIdConnectApplicationIssuerMode", value)
+}
+
+// NewOpenIdConnectApplicationIssuerModeFromValue returns a pointer to a valid OpenIdConnectApplicationIssuerMode
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOpenIdConnectApplicationIssuerModeFromValue(v string) (*OpenIdConnectApplicationIssuerMode, error) {
+	ev := OpenIdConnectApplicationIssuerMode(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OpenIdConnectApplicationIssuerMode: valid values are %v", v, AllowedOpenIdConnectApplicationIssuerModeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OpenIdConnectApplicationIssuerMode) IsValid() bool {
+	for _, existing := range AllowedOpenIdConnectApplicationIssuerModeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OpenIdConnectApplicationIssuerMode value
+func (v OpenIdConnectApplicationIssuerMode) Ptr() *OpenIdConnectApplicationIssuerMode {
+	return &v
+}
+
+type NullableOpenIdConnectApplicationIssuerMode struct {
+	value *OpenIdConnectApplicationIssuerMode
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationIssuerMode) Get() *OpenIdConnectApplicationIssuerMode {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationIssuerMode) Set(val *OpenIdConnectApplicationIssuerMode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationIssuerMode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationIssuerMode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationIssuerMode(val *OpenIdConnectApplicationIssuerMode) *NullableOpenIdConnectApplicationIssuerMode {
+	return &NullableOpenIdConnectApplicationIssuerMode{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationIssuerMode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationIssuerMode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_settings.go b/okta/model_open_id_connect_application_settings.go
new file mode 100644
index 000000000..981026efc
--- /dev/null
+++ b/okta/model_open_id_connect_application_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OpenIdConnectApplicationSettings struct for OpenIdConnectApplicationSettings
+type OpenIdConnectApplicationSettings struct {
+	IdentityStoreId      *string                                 `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                                   `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                                 `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes               `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications       `json:"notifications,omitempty"`
+	OauthClient          *OpenIdConnectApplicationSettingsClient `json:"oauthClient,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OpenIdConnectApplicationSettings OpenIdConnectApplicationSettings
+
+// NewOpenIdConnectApplicationSettings instantiates a new OpenIdConnectApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplicationSettings() *OpenIdConnectApplicationSettings {
+	this := OpenIdConnectApplicationSettings{}
+	return &this
+}
+
+// NewOpenIdConnectApplicationSettingsWithDefaults instantiates a new OpenIdConnectApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationSettingsWithDefaults() *OpenIdConnectApplicationSettings {
+	this := OpenIdConnectApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *OpenIdConnectApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *OpenIdConnectApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *OpenIdConnectApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *OpenIdConnectApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *OpenIdConnectApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetOauthClient returns the OauthClient field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettings) GetOauthClient() OpenIdConnectApplicationSettingsClient {
+	if o == nil || o.OauthClient == nil {
+		var ret OpenIdConnectApplicationSettingsClient
+		return ret
+	}
+	return *o.OauthClient
+}
+
+// GetOauthClientOk returns a tuple with the OauthClient field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettings) GetOauthClientOk() (*OpenIdConnectApplicationSettingsClient, bool) {
+	if o == nil || o.OauthClient == nil {
+		return nil, false
+	}
+	return o.OauthClient, true
+}
+
+// HasOauthClient returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettings) HasOauthClient() bool {
+	if o != nil && o.OauthClient != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOauthClient gets a reference to the given OpenIdConnectApplicationSettingsClient and assigns it to the OauthClient field.
+func (o *OpenIdConnectApplicationSettings) SetOauthClient(v OpenIdConnectApplicationSettingsClient) {
+	o.OauthClient = &v
+}
+
+func (o OpenIdConnectApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.OauthClient != nil {
+		toSerialize["oauthClient"] = o.OauthClient
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varOpenIdConnectApplicationSettings := _OpenIdConnectApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationSettings)
+	if err == nil {
+		*o = OpenIdConnectApplicationSettings(varOpenIdConnectApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "oauthClient")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplicationSettings struct {
+	value *OpenIdConnectApplicationSettings
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationSettings) Get() *OpenIdConnectApplicationSettings {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationSettings) Set(val *OpenIdConnectApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationSettings(val *OpenIdConnectApplicationSettings) *NullableOpenIdConnectApplicationSettings {
+	return &NullableOpenIdConnectApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_settings_all_of.go b/okta/model_open_id_connect_application_settings_all_of.go
new file mode 100644
index 000000000..493d0c301
--- /dev/null
+++ b/okta/model_open_id_connect_application_settings_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OpenIdConnectApplicationSettingsAllOf struct for OpenIdConnectApplicationSettingsAllOf
+type OpenIdConnectApplicationSettingsAllOf struct {
+	OauthClient          *OpenIdConnectApplicationSettingsClient `json:"oauthClient,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OpenIdConnectApplicationSettingsAllOf OpenIdConnectApplicationSettingsAllOf
+
+// NewOpenIdConnectApplicationSettingsAllOf instantiates a new OpenIdConnectApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplicationSettingsAllOf() *OpenIdConnectApplicationSettingsAllOf {
+	this := OpenIdConnectApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewOpenIdConnectApplicationSettingsAllOfWithDefaults instantiates a new OpenIdConnectApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationSettingsAllOfWithDefaults() *OpenIdConnectApplicationSettingsAllOf {
+	this := OpenIdConnectApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetOauthClient returns the OauthClient field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsAllOf) GetOauthClient() OpenIdConnectApplicationSettingsClient {
+	if o == nil || o.OauthClient == nil {
+		var ret OpenIdConnectApplicationSettingsClient
+		return ret
+	}
+	return *o.OauthClient
+}
+
+// GetOauthClientOk returns a tuple with the OauthClient field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsAllOf) GetOauthClientOk() (*OpenIdConnectApplicationSettingsClient, bool) {
+	if o == nil || o.OauthClient == nil {
+		return nil, false
+	}
+	return o.OauthClient, true
+}
+
+// HasOauthClient returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsAllOf) HasOauthClient() bool {
+	if o != nil && o.OauthClient != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOauthClient gets a reference to the given OpenIdConnectApplicationSettingsClient and assigns it to the OauthClient field.
+func (o *OpenIdConnectApplicationSettingsAllOf) SetOauthClient(v OpenIdConnectApplicationSettingsClient) {
+	o.OauthClient = &v
+}
+
+func (o OpenIdConnectApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.OauthClient != nil {
+		toSerialize["oauthClient"] = o.OauthClient
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varOpenIdConnectApplicationSettingsAllOf := _OpenIdConnectApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationSettingsAllOf)
+	if err == nil {
+		*o = OpenIdConnectApplicationSettingsAllOf(varOpenIdConnectApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "oauthClient")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplicationSettingsAllOf struct {
+	value *OpenIdConnectApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationSettingsAllOf) Get() *OpenIdConnectApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsAllOf) Set(val *OpenIdConnectApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationSettingsAllOf(val *OpenIdConnectApplicationSettingsAllOf) *NullableOpenIdConnectApplicationSettingsAllOf {
+	return &NullableOpenIdConnectApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_settings_client.go b/okta/model_open_id_connect_application_settings_client.go
new file mode 100644
index 000000000..088829940
--- /dev/null
+++ b/okta/model_open_id_connect_application_settings_client.go
@@ -0,0 +1,750 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OpenIdConnectApplicationSettingsClient struct for OpenIdConnectApplicationSettingsClient
+type OpenIdConnectApplicationSettingsClient struct {
+	ApplicationType        *OpenIdConnectApplicationType                 `json:"application_type,omitempty"`
+	ClientUri              *string                                       `json:"client_uri,omitempty"`
+	ConsentMethod          *OpenIdConnectApplicationConsentMethod        `json:"consent_method,omitempty"`
+	GrantTypes             []OAuthGrantType                              `json:"grant_types,omitempty"`
+	IdpInitiatedLogin      *OpenIdConnectApplicationIdpInitiatedLogin    `json:"idp_initiated_login,omitempty"`
+	InitiateLoginUri       *string                                       `json:"initiate_login_uri,omitempty"`
+	IssuerMode             *OpenIdConnectApplicationIssuerMode           `json:"issuer_mode,omitempty"`
+	Jwks                   *OpenIdConnectApplicationSettingsClientKeys   `json:"jwks,omitempty"`
+	LogoUri                *string                                       `json:"logo_uri,omitempty"`
+	PolicyUri              *string                                       `json:"policy_uri,omitempty"`
+	PostLogoutRedirectUris []string                                      `json:"post_logout_redirect_uris,omitempty"`
+	RedirectUris           []string                                      `json:"redirect_uris,omitempty"`
+	RefreshToken           *OpenIdConnectApplicationSettingsRefreshToken `json:"refresh_token,omitempty"`
+	ResponseTypes          []OAuthResponseType                           `json:"response_types,omitempty"`
+	TosUri                 *string                                       `json:"tos_uri,omitempty"`
+	WildcardRedirect       *string                                       `json:"wildcard_redirect,omitempty"`
+	JwksUri                *string                                       `json:"jwks_uri,omitempty"`
+	AdditionalProperties   map[string]interface{}
+}
+
+type _OpenIdConnectApplicationSettingsClient OpenIdConnectApplicationSettingsClient
+
+// NewOpenIdConnectApplicationSettingsClient instantiates a new OpenIdConnectApplicationSettingsClient object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplicationSettingsClient() *OpenIdConnectApplicationSettingsClient {
+	this := OpenIdConnectApplicationSettingsClient{}
+	return &this
+}
+
+// NewOpenIdConnectApplicationSettingsClientWithDefaults instantiates a new OpenIdConnectApplicationSettingsClient object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationSettingsClientWithDefaults() *OpenIdConnectApplicationSettingsClient {
+	this := OpenIdConnectApplicationSettingsClient{}
+	return &this
+}
+
+// GetApplicationType returns the ApplicationType field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetApplicationType() OpenIdConnectApplicationType {
+	if o == nil || o.ApplicationType == nil {
+		var ret OpenIdConnectApplicationType
+		return ret
+	}
+	return *o.ApplicationType
+}
+
+// GetApplicationTypeOk returns a tuple with the ApplicationType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetApplicationTypeOk() (*OpenIdConnectApplicationType, bool) {
+	if o == nil || o.ApplicationType == nil {
+		return nil, false
+	}
+	return o.ApplicationType, true
+}
+
+// HasApplicationType returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasApplicationType() bool {
+	if o != nil && o.ApplicationType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApplicationType gets a reference to the given OpenIdConnectApplicationType and assigns it to the ApplicationType field.
+func (o *OpenIdConnectApplicationSettingsClient) SetApplicationType(v OpenIdConnectApplicationType) {
+	o.ApplicationType = &v
+}
+
+// GetClientUri returns the ClientUri field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetClientUri() string {
+	if o == nil || o.ClientUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientUri
+}
+
+// GetClientUriOk returns a tuple with the ClientUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetClientUriOk() (*string, bool) {
+	if o == nil || o.ClientUri == nil {
+		return nil, false
+	}
+	return o.ClientUri, true
+}
+
+// HasClientUri returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasClientUri() bool {
+	if o != nil && o.ClientUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientUri gets a reference to the given string and assigns it to the ClientUri field.
+func (o *OpenIdConnectApplicationSettingsClient) SetClientUri(v string) {
+	o.ClientUri = &v
+}
+
+// GetConsentMethod returns the ConsentMethod field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetConsentMethod() OpenIdConnectApplicationConsentMethod {
+	if o == nil || o.ConsentMethod == nil {
+		var ret OpenIdConnectApplicationConsentMethod
+		return ret
+	}
+	return *o.ConsentMethod
+}
+
+// GetConsentMethodOk returns a tuple with the ConsentMethod field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetConsentMethodOk() (*OpenIdConnectApplicationConsentMethod, bool) {
+	if o == nil || o.ConsentMethod == nil {
+		return nil, false
+	}
+	return o.ConsentMethod, true
+}
+
+// HasConsentMethod returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasConsentMethod() bool {
+	if o != nil && o.ConsentMethod != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConsentMethod gets a reference to the given OpenIdConnectApplicationConsentMethod and assigns it to the ConsentMethod field.
+func (o *OpenIdConnectApplicationSettingsClient) SetConsentMethod(v OpenIdConnectApplicationConsentMethod) {
+	o.ConsentMethod = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypes() []OAuthGrantType {
+	if o == nil || o.GrantTypes == nil {
+		var ret []OAuthGrantType
+		return ret
+	}
+	return o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypesOk() ([]OAuthGrantType, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given []OAuthGrantType and assigns it to the GrantTypes field.
+func (o *OpenIdConnectApplicationSettingsClient) SetGrantTypes(v []OAuthGrantType) {
+	o.GrantTypes = v
+}
+
+// GetIdpInitiatedLogin returns the IdpInitiatedLogin field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetIdpInitiatedLogin() OpenIdConnectApplicationIdpInitiatedLogin {
+	if o == nil || o.IdpInitiatedLogin == nil {
+		var ret OpenIdConnectApplicationIdpInitiatedLogin
+		return ret
+	}
+	return *o.IdpInitiatedLogin
+}
+
+// GetIdpInitiatedLoginOk returns a tuple with the IdpInitiatedLogin field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetIdpInitiatedLoginOk() (*OpenIdConnectApplicationIdpInitiatedLogin, bool) {
+	if o == nil || o.IdpInitiatedLogin == nil {
+		return nil, false
+	}
+	return o.IdpInitiatedLogin, true
+}
+
+// HasIdpInitiatedLogin returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasIdpInitiatedLogin() bool {
+	if o != nil && o.IdpInitiatedLogin != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdpInitiatedLogin gets a reference to the given OpenIdConnectApplicationIdpInitiatedLogin and assigns it to the IdpInitiatedLogin field.
+func (o *OpenIdConnectApplicationSettingsClient) SetIdpInitiatedLogin(v OpenIdConnectApplicationIdpInitiatedLogin) {
+	o.IdpInitiatedLogin = &v
+}
+
+// GetInitiateLoginUri returns the InitiateLoginUri field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetInitiateLoginUri() string {
+	if o == nil || o.InitiateLoginUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.InitiateLoginUri
+}
+
+// GetInitiateLoginUriOk returns a tuple with the InitiateLoginUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetInitiateLoginUriOk() (*string, bool) {
+	if o == nil || o.InitiateLoginUri == nil {
+		return nil, false
+	}
+	return o.InitiateLoginUri, true
+}
+
+// HasInitiateLoginUri returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasInitiateLoginUri() bool {
+	if o != nil && o.InitiateLoginUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInitiateLoginUri gets a reference to the given string and assigns it to the InitiateLoginUri field.
+func (o *OpenIdConnectApplicationSettingsClient) SetInitiateLoginUri(v string) {
+	o.InitiateLoginUri = &v
+}
+
+// GetIssuerMode returns the IssuerMode field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetIssuerMode() OpenIdConnectApplicationIssuerMode {
+	if o == nil || o.IssuerMode == nil {
+		var ret OpenIdConnectApplicationIssuerMode
+		return ret
+	}
+	return *o.IssuerMode
+}
+
+// GetIssuerModeOk returns a tuple with the IssuerMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetIssuerModeOk() (*OpenIdConnectApplicationIssuerMode, bool) {
+	if o == nil || o.IssuerMode == nil {
+		return nil, false
+	}
+	return o.IssuerMode, true
+}
+
+// HasIssuerMode returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasIssuerMode() bool {
+	if o != nil && o.IssuerMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuerMode gets a reference to the given OpenIdConnectApplicationIssuerMode and assigns it to the IssuerMode field.
+func (o *OpenIdConnectApplicationSettingsClient) SetIssuerMode(v OpenIdConnectApplicationIssuerMode) {
+	o.IssuerMode = &v
+}
+
+// GetJwks returns the Jwks field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetJwks() OpenIdConnectApplicationSettingsClientKeys {
+	if o == nil || o.Jwks == nil {
+		var ret OpenIdConnectApplicationSettingsClientKeys
+		return ret
+	}
+	return *o.Jwks
+}
+
+// GetJwksOk returns a tuple with the Jwks field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetJwksOk() (*OpenIdConnectApplicationSettingsClientKeys, bool) {
+	if o == nil || o.Jwks == nil {
+		return nil, false
+	}
+	return o.Jwks, true
+}
+
+// HasJwks returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasJwks() bool {
+	if o != nil && o.Jwks != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJwks gets a reference to the given OpenIdConnectApplicationSettingsClientKeys and assigns it to the Jwks field.
+func (o *OpenIdConnectApplicationSettingsClient) SetJwks(v OpenIdConnectApplicationSettingsClientKeys) {
+	o.Jwks = &v
+}
+
+// GetLogoUri returns the LogoUri field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetLogoUri() string {
+	if o == nil || o.LogoUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.LogoUri
+}
+
+// GetLogoUriOk returns a tuple with the LogoUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetLogoUriOk() (*string, bool) {
+	if o == nil || o.LogoUri == nil {
+		return nil, false
+	}
+	return o.LogoUri, true
+}
+
+// HasLogoUri returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasLogoUri() bool {
+	if o != nil && o.LogoUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogoUri gets a reference to the given string and assigns it to the LogoUri field.
+func (o *OpenIdConnectApplicationSettingsClient) SetLogoUri(v string) {
+	o.LogoUri = &v
+}
+
+// GetPolicyUri returns the PolicyUri field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetPolicyUri() string {
+	if o == nil || o.PolicyUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.PolicyUri
+}
+
+// GetPolicyUriOk returns a tuple with the PolicyUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetPolicyUriOk() (*string, bool) {
+	if o == nil || o.PolicyUri == nil {
+		return nil, false
+	}
+	return o.PolicyUri, true
+}
+
+// HasPolicyUri returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasPolicyUri() bool {
+	if o != nil && o.PolicyUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPolicyUri gets a reference to the given string and assigns it to the PolicyUri field.
+func (o *OpenIdConnectApplicationSettingsClient) SetPolicyUri(v string) {
+	o.PolicyUri = &v
+}
+
+// GetPostLogoutRedirectUris returns the PostLogoutRedirectUris field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetPostLogoutRedirectUris() []string {
+	if o == nil || o.PostLogoutRedirectUris == nil {
+		var ret []string
+		return ret
+	}
+	return o.PostLogoutRedirectUris
+}
+
+// GetPostLogoutRedirectUrisOk returns a tuple with the PostLogoutRedirectUris field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetPostLogoutRedirectUrisOk() ([]string, bool) {
+	if o == nil || o.PostLogoutRedirectUris == nil {
+		return nil, false
+	}
+	return o.PostLogoutRedirectUris, true
+}
+
+// HasPostLogoutRedirectUris returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasPostLogoutRedirectUris() bool {
+	if o != nil && o.PostLogoutRedirectUris != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPostLogoutRedirectUris gets a reference to the given []string and assigns it to the PostLogoutRedirectUris field.
+func (o *OpenIdConnectApplicationSettingsClient) SetPostLogoutRedirectUris(v []string) {
+	o.PostLogoutRedirectUris = v
+}
+
+// GetRedirectUris returns the RedirectUris field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetRedirectUris() []string {
+	if o == nil || o.RedirectUris == nil {
+		var ret []string
+		return ret
+	}
+	return o.RedirectUris
+}
+
+// GetRedirectUrisOk returns a tuple with the RedirectUris field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetRedirectUrisOk() ([]string, bool) {
+	if o == nil || o.RedirectUris == nil {
+		return nil, false
+	}
+	return o.RedirectUris, true
+}
+
+// HasRedirectUris returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasRedirectUris() bool {
+	if o != nil && o.RedirectUris != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRedirectUris gets a reference to the given []string and assigns it to the RedirectUris field.
+func (o *OpenIdConnectApplicationSettingsClient) SetRedirectUris(v []string) {
+	o.RedirectUris = v
+}
+
+// GetRefreshToken returns the RefreshToken field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetRefreshToken() OpenIdConnectApplicationSettingsRefreshToken {
+	if o == nil || o.RefreshToken == nil {
+		var ret OpenIdConnectApplicationSettingsRefreshToken
+		return ret
+	}
+	return *o.RefreshToken
+}
+
+// GetRefreshTokenOk returns a tuple with the RefreshToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetRefreshTokenOk() (*OpenIdConnectApplicationSettingsRefreshToken, bool) {
+	if o == nil || o.RefreshToken == nil {
+		return nil, false
+	}
+	return o.RefreshToken, true
+}
+
+// HasRefreshToken returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasRefreshToken() bool {
+	if o != nil && o.RefreshToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRefreshToken gets a reference to the given OpenIdConnectApplicationSettingsRefreshToken and assigns it to the RefreshToken field.
+func (o *OpenIdConnectApplicationSettingsClient) SetRefreshToken(v OpenIdConnectApplicationSettingsRefreshToken) {
+	o.RefreshToken = &v
+}
+
+// GetResponseTypes returns the ResponseTypes field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetResponseTypes() []OAuthResponseType {
+	if o == nil || o.ResponseTypes == nil {
+		var ret []OAuthResponseType
+		return ret
+	}
+	return o.ResponseTypes
+}
+
+// GetResponseTypesOk returns a tuple with the ResponseTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetResponseTypesOk() ([]OAuthResponseType, bool) {
+	if o == nil || o.ResponseTypes == nil {
+		return nil, false
+	}
+	return o.ResponseTypes, true
+}
+
+// HasResponseTypes returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasResponseTypes() bool {
+	if o != nil && o.ResponseTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResponseTypes gets a reference to the given []OAuthResponseType and assigns it to the ResponseTypes field.
+func (o *OpenIdConnectApplicationSettingsClient) SetResponseTypes(v []OAuthResponseType) {
+	o.ResponseTypes = v
+}
+
+// GetTosUri returns the TosUri field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetTosUri() string {
+	if o == nil || o.TosUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.TosUri
+}
+
+// GetTosUriOk returns a tuple with the TosUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetTosUriOk() (*string, bool) {
+	if o == nil || o.TosUri == nil {
+		return nil, false
+	}
+	return o.TosUri, true
+}
+
+// HasTosUri returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasTosUri() bool {
+	if o != nil && o.TosUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTosUri gets a reference to the given string and assigns it to the TosUri field.
+func (o *OpenIdConnectApplicationSettingsClient) SetTosUri(v string) {
+	o.TosUri = &v
+}
+
+// GetWildcardRedirect returns the WildcardRedirect field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetWildcardRedirect() string {
+	if o == nil || o.WildcardRedirect == nil {
+		var ret string
+		return ret
+	}
+	return *o.WildcardRedirect
+}
+
+// GetWildcardRedirectOk returns a tuple with the WildcardRedirect field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetWildcardRedirectOk() (*string, bool) {
+	if o == nil || o.WildcardRedirect == nil {
+		return nil, false
+	}
+	return o.WildcardRedirect, true
+}
+
+// HasWildcardRedirect returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasWildcardRedirect() bool {
+	if o != nil && o.WildcardRedirect != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWildcardRedirect gets a reference to the given string and assigns it to the WildcardRedirect field.
+func (o *OpenIdConnectApplicationSettingsClient) SetWildcardRedirect(v string) {
+	o.WildcardRedirect = &v
+}
+
+// GetJwksUri returns the JwksUri field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClient) GetJwksUri() string {
+	if o == nil || o.JwksUri == nil {
+		var ret string
+		return ret
+	}
+	return *o.JwksUri
+}
+
+// GetJwksUriOk returns a tuple with the JwksUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClient) GetJwksUriOk() (*string, bool) {
+	if o == nil || o.JwksUri == nil {
+		return nil, false
+	}
+	return o.JwksUri, true
+}
+
+// HasJwksUri returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClient) HasJwksUri() bool {
+	if o != nil && o.JwksUri != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJwksUri gets a reference to the given string and assigns it to the JwksUri field.
+func (o *OpenIdConnectApplicationSettingsClient) SetJwksUri(v string) {
+	o.JwksUri = &v
+}
+
+func (o OpenIdConnectApplicationSettingsClient) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ApplicationType != nil {
+		toSerialize["application_type"] = o.ApplicationType
+	}
+	if o.ClientUri != nil {
+		toSerialize["client_uri"] = o.ClientUri
+	}
+	if o.ConsentMethod != nil {
+		toSerialize["consent_method"] = o.ConsentMethod
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grant_types"] = o.GrantTypes
+	}
+	if o.IdpInitiatedLogin != nil {
+		toSerialize["idp_initiated_login"] = o.IdpInitiatedLogin
+	}
+	if o.InitiateLoginUri != nil {
+		toSerialize["initiate_login_uri"] = o.InitiateLoginUri
+	}
+	if o.IssuerMode != nil {
+		toSerialize["issuer_mode"] = o.IssuerMode
+	}
+	if o.Jwks != nil {
+		toSerialize["jwks"] = o.Jwks
+	}
+	if o.LogoUri != nil {
+		toSerialize["logo_uri"] = o.LogoUri
+	}
+	if o.PolicyUri != nil {
+		toSerialize["policy_uri"] = o.PolicyUri
+	}
+	if o.PostLogoutRedirectUris != nil {
+		toSerialize["post_logout_redirect_uris"] = o.PostLogoutRedirectUris
+	}
+	if o.RedirectUris != nil {
+		toSerialize["redirect_uris"] = o.RedirectUris
+	}
+	if o.RefreshToken != nil {
+		toSerialize["refresh_token"] = o.RefreshToken
+	}
+	if o.ResponseTypes != nil {
+		toSerialize["response_types"] = o.ResponseTypes
+	}
+	if o.TosUri != nil {
+		toSerialize["tos_uri"] = o.TosUri
+	}
+	if o.WildcardRedirect != nil {
+		toSerialize["wildcard_redirect"] = o.WildcardRedirect
+	}
+	if o.JwksUri != nil {
+		toSerialize["jwks_uri"] = o.JwksUri
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplicationSettingsClient) UnmarshalJSON(bytes []byte) (err error) {
+	varOpenIdConnectApplicationSettingsClient := _OpenIdConnectApplicationSettingsClient{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationSettingsClient)
+	if err == nil {
+		*o = OpenIdConnectApplicationSettingsClient(varOpenIdConnectApplicationSettingsClient)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "application_type")
+		delete(additionalProperties, "client_uri")
+		delete(additionalProperties, "consent_method")
+		delete(additionalProperties, "grant_types")
+		delete(additionalProperties, "idp_initiated_login")
+		delete(additionalProperties, "initiate_login_uri")
+		delete(additionalProperties, "issuer_mode")
+		delete(additionalProperties, "jwks")
+		delete(additionalProperties, "logo_uri")
+		delete(additionalProperties, "policy_uri")
+		delete(additionalProperties, "post_logout_redirect_uris")
+		delete(additionalProperties, "redirect_uris")
+		delete(additionalProperties, "refresh_token")
+		delete(additionalProperties, "response_types")
+		delete(additionalProperties, "tos_uri")
+		delete(additionalProperties, "wildcard_redirect")
+		delete(additionalProperties, "jwks_uri")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplicationSettingsClient struct {
+	value *OpenIdConnectApplicationSettingsClient
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationSettingsClient) Get() *OpenIdConnectApplicationSettingsClient {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsClient) Set(val *OpenIdConnectApplicationSettingsClient) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationSettingsClient) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsClient) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationSettingsClient(val *OpenIdConnectApplicationSettingsClient) *NullableOpenIdConnectApplicationSettingsClient {
+	return &NullableOpenIdConnectApplicationSettingsClient{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationSettingsClient) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsClient) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_settings_client_keys.go b/okta/model_open_id_connect_application_settings_client_keys.go
new file mode 100644
index 000000000..272384ffa
--- /dev/null
+++ b/okta/model_open_id_connect_application_settings_client_keys.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OpenIdConnectApplicationSettingsClientKeys struct for OpenIdConnectApplicationSettingsClientKeys
+type OpenIdConnectApplicationSettingsClientKeys struct {
+	Keys                 []JsonWebKey `json:"keys,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OpenIdConnectApplicationSettingsClientKeys OpenIdConnectApplicationSettingsClientKeys
+
+// NewOpenIdConnectApplicationSettingsClientKeys instantiates a new OpenIdConnectApplicationSettingsClientKeys object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplicationSettingsClientKeys() *OpenIdConnectApplicationSettingsClientKeys {
+	this := OpenIdConnectApplicationSettingsClientKeys{}
+	return &this
+}
+
+// NewOpenIdConnectApplicationSettingsClientKeysWithDefaults instantiates a new OpenIdConnectApplicationSettingsClientKeys object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationSettingsClientKeysWithDefaults() *OpenIdConnectApplicationSettingsClientKeys {
+	this := OpenIdConnectApplicationSettingsClientKeys{}
+	return &this
+}
+
+// GetKeys returns the Keys field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsClientKeys) GetKeys() []JsonWebKey {
+	if o == nil || o.Keys == nil {
+		var ret []JsonWebKey
+		return ret
+	}
+	return o.Keys
+}
+
+// GetKeysOk returns a tuple with the Keys field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsClientKeys) GetKeysOk() ([]JsonWebKey, bool) {
+	if o == nil || o.Keys == nil {
+		return nil, false
+	}
+	return o.Keys, true
+}
+
+// HasKeys returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsClientKeys) HasKeys() bool {
+	if o != nil && o.Keys != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetKeys gets a reference to the given []JsonWebKey and assigns it to the Keys field.
+func (o *OpenIdConnectApplicationSettingsClientKeys) SetKeys(v []JsonWebKey) {
+	o.Keys = v
+}
+
+func (o OpenIdConnectApplicationSettingsClientKeys) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Keys != nil {
+		toSerialize["keys"] = o.Keys
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplicationSettingsClientKeys) UnmarshalJSON(bytes []byte) (err error) {
+	varOpenIdConnectApplicationSettingsClientKeys := _OpenIdConnectApplicationSettingsClientKeys{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationSettingsClientKeys)
+	if err == nil {
+		*o = OpenIdConnectApplicationSettingsClientKeys(varOpenIdConnectApplicationSettingsClientKeys)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "keys")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplicationSettingsClientKeys struct {
+	value *OpenIdConnectApplicationSettingsClientKeys
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationSettingsClientKeys) Get() *OpenIdConnectApplicationSettingsClientKeys {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsClientKeys) Set(val *OpenIdConnectApplicationSettingsClientKeys) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationSettingsClientKeys) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsClientKeys) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationSettingsClientKeys(val *OpenIdConnectApplicationSettingsClientKeys) *NullableOpenIdConnectApplicationSettingsClientKeys {
+	return &NullableOpenIdConnectApplicationSettingsClientKeys{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationSettingsClientKeys) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsClientKeys) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_settings_refresh_token.go b/okta/model_open_id_connect_application_settings_refresh_token.go
new file mode 100644
index 000000000..fcb272e8e
--- /dev/null
+++ b/okta/model_open_id_connect_application_settings_refresh_token.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OpenIdConnectApplicationSettingsRefreshToken struct for OpenIdConnectApplicationSettingsRefreshToken
+type OpenIdConnectApplicationSettingsRefreshToken struct {
+	Leeway               *int32                                 `json:"leeway,omitempty"`
+	RotationType         *OpenIdConnectRefreshTokenRotationType `json:"rotation_type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OpenIdConnectApplicationSettingsRefreshToken OpenIdConnectApplicationSettingsRefreshToken
+
+// NewOpenIdConnectApplicationSettingsRefreshToken instantiates a new OpenIdConnectApplicationSettingsRefreshToken object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOpenIdConnectApplicationSettingsRefreshToken() *OpenIdConnectApplicationSettingsRefreshToken {
+	this := OpenIdConnectApplicationSettingsRefreshToken{}
+	return &this
+}
+
+// NewOpenIdConnectApplicationSettingsRefreshTokenWithDefaults instantiates a new OpenIdConnectApplicationSettingsRefreshToken object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOpenIdConnectApplicationSettingsRefreshTokenWithDefaults() *OpenIdConnectApplicationSettingsRefreshToken {
+	this := OpenIdConnectApplicationSettingsRefreshToken{}
+	return &this
+}
+
+// GetLeeway returns the Leeway field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) GetLeeway() int32 {
+	if o == nil || o.Leeway == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Leeway
+}
+
+// GetLeewayOk returns a tuple with the Leeway field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) GetLeewayOk() (*int32, bool) {
+	if o == nil || o.Leeway == nil {
+		return nil, false
+	}
+	return o.Leeway, true
+}
+
+// HasLeeway returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) HasLeeway() bool {
+	if o != nil && o.Leeway != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLeeway gets a reference to the given int32 and assigns it to the Leeway field.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) SetLeeway(v int32) {
+	o.Leeway = &v
+}
+
+// GetRotationType returns the RotationType field value if set, zero value otherwise.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) GetRotationType() OpenIdConnectRefreshTokenRotationType {
+	if o == nil || o.RotationType == nil {
+		var ret OpenIdConnectRefreshTokenRotationType
+		return ret
+	}
+	return *o.RotationType
+}
+
+// GetRotationTypeOk returns a tuple with the RotationType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) GetRotationTypeOk() (*OpenIdConnectRefreshTokenRotationType, bool) {
+	if o == nil || o.RotationType == nil {
+		return nil, false
+	}
+	return o.RotationType, true
+}
+
+// HasRotationType returns a boolean if a field has been set.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) HasRotationType() bool {
+	if o != nil && o.RotationType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRotationType gets a reference to the given OpenIdConnectRefreshTokenRotationType and assigns it to the RotationType field.
+func (o *OpenIdConnectApplicationSettingsRefreshToken) SetRotationType(v OpenIdConnectRefreshTokenRotationType) {
+	o.RotationType = &v
+}
+
+func (o OpenIdConnectApplicationSettingsRefreshToken) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Leeway != nil {
+		toSerialize["leeway"] = o.Leeway
+	}
+	if o.RotationType != nil {
+		toSerialize["rotation_type"] = o.RotationType
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OpenIdConnectApplicationSettingsRefreshToken) UnmarshalJSON(bytes []byte) (err error) {
+	varOpenIdConnectApplicationSettingsRefreshToken := _OpenIdConnectApplicationSettingsRefreshToken{}
+
+	err = json.Unmarshal(bytes, &varOpenIdConnectApplicationSettingsRefreshToken)
+	if err == nil {
+		*o = OpenIdConnectApplicationSettingsRefreshToken(varOpenIdConnectApplicationSettingsRefreshToken)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "leeway")
+		delete(additionalProperties, "rotation_type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOpenIdConnectApplicationSettingsRefreshToken struct {
+	value *OpenIdConnectApplicationSettingsRefreshToken
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationSettingsRefreshToken) Get() *OpenIdConnectApplicationSettingsRefreshToken {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsRefreshToken) Set(val *OpenIdConnectApplicationSettingsRefreshToken) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationSettingsRefreshToken) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsRefreshToken) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationSettingsRefreshToken(val *OpenIdConnectApplicationSettingsRefreshToken) *NullableOpenIdConnectApplicationSettingsRefreshToken {
+	return &NullableOpenIdConnectApplicationSettingsRefreshToken{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationSettingsRefreshToken) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationSettingsRefreshToken) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_application_type.go b/okta/model_open_id_connect_application_type.go
new file mode 100644
index 000000000..fc5a5226e
--- /dev/null
+++ b/okta/model_open_id_connect_application_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OpenIdConnectApplicationType the model 'OpenIdConnectApplicationType'
+type OpenIdConnectApplicationType string
+
+// List of OpenIdConnectApplicationType
+const (
+	OPENIDCONNECTAPPLICATIONTYPE_BROWSER OpenIdConnectApplicationType = "browser"
+	OPENIDCONNECTAPPLICATIONTYPE_NATIVE  OpenIdConnectApplicationType = "native"
+	OPENIDCONNECTAPPLICATIONTYPE_SERVICE OpenIdConnectApplicationType = "service"
+	OPENIDCONNECTAPPLICATIONTYPE_WEB     OpenIdConnectApplicationType = "web"
+)
+
+// All allowed values of OpenIdConnectApplicationType enum
+var AllowedOpenIdConnectApplicationTypeEnumValues = []OpenIdConnectApplicationType{
+	"browser",
+	"native",
+	"service",
+	"web",
+}
+
+func (v *OpenIdConnectApplicationType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OpenIdConnectApplicationType(value)
+	for _, existing := range AllowedOpenIdConnectApplicationTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OpenIdConnectApplicationType", value)
+}
+
+// NewOpenIdConnectApplicationTypeFromValue returns a pointer to a valid OpenIdConnectApplicationType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOpenIdConnectApplicationTypeFromValue(v string) (*OpenIdConnectApplicationType, error) {
+	ev := OpenIdConnectApplicationType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OpenIdConnectApplicationType: valid values are %v", v, AllowedOpenIdConnectApplicationTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OpenIdConnectApplicationType) IsValid() bool {
+	for _, existing := range AllowedOpenIdConnectApplicationTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OpenIdConnectApplicationType value
+func (v OpenIdConnectApplicationType) Ptr() *OpenIdConnectApplicationType {
+	return &v
+}
+
+type NullableOpenIdConnectApplicationType struct {
+	value *OpenIdConnectApplicationType
+	isSet bool
+}
+
+func (v NullableOpenIdConnectApplicationType) Get() *OpenIdConnectApplicationType {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectApplicationType) Set(val *OpenIdConnectApplicationType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectApplicationType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectApplicationType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectApplicationType(val *OpenIdConnectApplicationType) *NullableOpenIdConnectApplicationType {
+	return &NullableOpenIdConnectApplicationType{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectApplicationType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectApplicationType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_open_id_connect_refresh_token_rotation_type.go b/okta/model_open_id_connect_refresh_token_rotation_type.go
new file mode 100644
index 000000000..7746ec6b9
--- /dev/null
+++ b/okta/model_open_id_connect_refresh_token_rotation_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OpenIdConnectRefreshTokenRotationType the model 'OpenIdConnectRefreshTokenRotationType'
+type OpenIdConnectRefreshTokenRotationType string
+
+// List of OpenIdConnectRefreshTokenRotationType
+const (
+	OPENIDCONNECTREFRESHTOKENROTATIONTYPE_ROTATE OpenIdConnectRefreshTokenRotationType = "ROTATE"
+	OPENIDCONNECTREFRESHTOKENROTATIONTYPE_STATIC OpenIdConnectRefreshTokenRotationType = "STATIC"
+)
+
+// All allowed values of OpenIdConnectRefreshTokenRotationType enum
+var AllowedOpenIdConnectRefreshTokenRotationTypeEnumValues = []OpenIdConnectRefreshTokenRotationType{
+	"ROTATE",
+	"STATIC",
+}
+
+func (v *OpenIdConnectRefreshTokenRotationType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OpenIdConnectRefreshTokenRotationType(value)
+	for _, existing := range AllowedOpenIdConnectRefreshTokenRotationTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OpenIdConnectRefreshTokenRotationType", value)
+}
+
+// NewOpenIdConnectRefreshTokenRotationTypeFromValue returns a pointer to a valid OpenIdConnectRefreshTokenRotationType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOpenIdConnectRefreshTokenRotationTypeFromValue(v string) (*OpenIdConnectRefreshTokenRotationType, error) {
+	ev := OpenIdConnectRefreshTokenRotationType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OpenIdConnectRefreshTokenRotationType: valid values are %v", v, AllowedOpenIdConnectRefreshTokenRotationTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OpenIdConnectRefreshTokenRotationType) IsValid() bool {
+	for _, existing := range AllowedOpenIdConnectRefreshTokenRotationTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OpenIdConnectRefreshTokenRotationType value
+func (v OpenIdConnectRefreshTokenRotationType) Ptr() *OpenIdConnectRefreshTokenRotationType {
+	return &v
+}
+
+type NullableOpenIdConnectRefreshTokenRotationType struct {
+	value *OpenIdConnectRefreshTokenRotationType
+	isSet bool
+}
+
+func (v NullableOpenIdConnectRefreshTokenRotationType) Get() *OpenIdConnectRefreshTokenRotationType {
+	return v.value
+}
+
+func (v *NullableOpenIdConnectRefreshTokenRotationType) Set(val *OpenIdConnectRefreshTokenRotationType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOpenIdConnectRefreshTokenRotationType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOpenIdConnectRefreshTokenRotationType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOpenIdConnectRefreshTokenRotationType(val *OpenIdConnectRefreshTokenRotationType) *NullableOpenIdConnectRefreshTokenRotationType {
+	return &NullableOpenIdConnectRefreshTokenRotationType{value: val, isSet: true}
+}
+
+func (v NullableOpenIdConnectRefreshTokenRotationType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOpenIdConnectRefreshTokenRotationType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_operational_status.go b/okta/model_operational_status.go
new file mode 100644
index 000000000..e02c1c0d5
--- /dev/null
+++ b/okta/model_operational_status.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OperationalStatus Operational status of a given agent
+type OperationalStatus string
+
+// List of OperationalStatus
+const (
+	OPERATIONALSTATUS_DEGRADED    OperationalStatus = "DEGRADED"
+	OPERATIONALSTATUS_DISRUPTED   OperationalStatus = "DISRUPTED"
+	OPERATIONALSTATUS_INACTIVE    OperationalStatus = "INACTIVE"
+	OPERATIONALSTATUS_OPERATIONAL OperationalStatus = "OPERATIONAL"
+)
+
+// All allowed values of OperationalStatus enum
+var AllowedOperationalStatusEnumValues = []OperationalStatus{
+	"DEGRADED",
+	"DISRUPTED",
+	"INACTIVE",
+	"OPERATIONAL",
+}
+
+func (v *OperationalStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OperationalStatus(value)
+	for _, existing := range AllowedOperationalStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OperationalStatus", value)
+}
+
+// NewOperationalStatusFromValue returns a pointer to a valid OperationalStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOperationalStatusFromValue(v string) (*OperationalStatus, error) {
+	ev := OperationalStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OperationalStatus: valid values are %v", v, AllowedOperationalStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OperationalStatus) IsValid() bool {
+	for _, existing := range AllowedOperationalStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OperationalStatus value
+func (v OperationalStatus) Ptr() *OperationalStatus {
+	return &v
+}
+
+type NullableOperationalStatus struct {
+	value *OperationalStatus
+	isSet bool
+}
+
+func (v NullableOperationalStatus) Get() *OperationalStatus {
+	return v.value
+}
+
+func (v *NullableOperationalStatus) Set(val *OperationalStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOperationalStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOperationalStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOperationalStatus(val *OperationalStatus) *NullableOperationalStatus {
+	return &NullableOperationalStatus{value: val, isSet: true}
+}
+
+func (v NullableOperationalStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOperationalStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_contact_type.go b/okta/model_org_contact_type.go
new file mode 100644
index 000000000..4aa92aae9
--- /dev/null
+++ b/okta/model_org_contact_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OrgContactType the model 'OrgContactType'
+type OrgContactType string
+
+// List of OrgContactType
+const (
+	ORGCONTACTTYPE_BILLING   OrgContactType = "BILLING"
+	ORGCONTACTTYPE_TECHNICAL OrgContactType = "TECHNICAL"
+)
+
+// All allowed values of OrgContactType enum
+var AllowedOrgContactTypeEnumValues = []OrgContactType{
+	"BILLING",
+	"TECHNICAL",
+}
+
+func (v *OrgContactType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OrgContactType(value)
+	for _, existing := range AllowedOrgContactTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OrgContactType", value)
+}
+
+// NewOrgContactTypeFromValue returns a pointer to a valid OrgContactType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOrgContactTypeFromValue(v string) (*OrgContactType, error) {
+	ev := OrgContactType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OrgContactType: valid values are %v", v, AllowedOrgContactTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OrgContactType) IsValid() bool {
+	for _, existing := range AllowedOrgContactTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OrgContactType value
+func (v OrgContactType) Ptr() *OrgContactType {
+	return &v
+}
+
+type NullableOrgContactType struct {
+	value *OrgContactType
+	isSet bool
+}
+
+func (v NullableOrgContactType) Get() *OrgContactType {
+	return v.value
+}
+
+func (v *NullableOrgContactType) Set(val *OrgContactType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgContactType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgContactType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgContactType(val *OrgContactType) *NullableOrgContactType {
+	return &NullableOrgContactType{value: val, isSet: true}
+}
+
+func (v NullableOrgContactType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgContactType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_contact_type_obj.go b/okta/model_org_contact_type_obj.go
new file mode 100644
index 000000000..ee578fd1e
--- /dev/null
+++ b/okta/model_org_contact_type_obj.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OrgContactTypeObj struct for OrgContactTypeObj
+type OrgContactTypeObj struct {
+	ContactType          *OrgContactType                   `json:"contactType,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OrgContactTypeObj OrgContactTypeObj
+
+// NewOrgContactTypeObj instantiates a new OrgContactTypeObj object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOrgContactTypeObj() *OrgContactTypeObj {
+	this := OrgContactTypeObj{}
+	return &this
+}
+
+// NewOrgContactTypeObjWithDefaults instantiates a new OrgContactTypeObj object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOrgContactTypeObjWithDefaults() *OrgContactTypeObj {
+	this := OrgContactTypeObj{}
+	return &this
+}
+
+// GetContactType returns the ContactType field value if set, zero value otherwise.
+func (o *OrgContactTypeObj) GetContactType() OrgContactType {
+	if o == nil || o.ContactType == nil {
+		var ret OrgContactType
+		return ret
+	}
+	return *o.ContactType
+}
+
+// GetContactTypeOk returns a tuple with the ContactType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgContactTypeObj) GetContactTypeOk() (*OrgContactType, bool) {
+	if o == nil || o.ContactType == nil {
+		return nil, false
+	}
+	return o.ContactType, true
+}
+
+// HasContactType returns a boolean if a field has been set.
+func (o *OrgContactTypeObj) HasContactType() bool {
+	if o != nil && o.ContactType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContactType gets a reference to the given OrgContactType and assigns it to the ContactType field.
+func (o *OrgContactTypeObj) SetContactType(v OrgContactType) {
+	o.ContactType = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OrgContactTypeObj) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgContactTypeObj) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OrgContactTypeObj) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OrgContactTypeObj) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OrgContactTypeObj) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ContactType != nil {
+		toSerialize["contactType"] = o.ContactType
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OrgContactTypeObj) UnmarshalJSON(bytes []byte) (err error) {
+	varOrgContactTypeObj := _OrgContactTypeObj{}
+
+	err = json.Unmarshal(bytes, &varOrgContactTypeObj)
+	if err == nil {
+		*o = OrgContactTypeObj(varOrgContactTypeObj)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "contactType")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOrgContactTypeObj struct {
+	value *OrgContactTypeObj
+	isSet bool
+}
+
+func (v NullableOrgContactTypeObj) Get() *OrgContactTypeObj {
+	return v.value
+}
+
+func (v *NullableOrgContactTypeObj) Set(val *OrgContactTypeObj) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgContactTypeObj) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgContactTypeObj) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgContactTypeObj(val *OrgContactTypeObj) *NullableOrgContactTypeObj {
+	return &NullableOrgContactTypeObj{value: val, isSet: true}
+}
+
+func (v NullableOrgContactTypeObj) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgContactTypeObj) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_contact_user.go b/okta/model_org_contact_user.go
new file mode 100644
index 000000000..38aecf0de
--- /dev/null
+++ b/okta/model_org_contact_user.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OrgContactUser struct for OrgContactUser
+type OrgContactUser struct {
+	UserId               *string                           `json:"userId,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OrgContactUser OrgContactUser
+
+// NewOrgContactUser instantiates a new OrgContactUser object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOrgContactUser() *OrgContactUser {
+	this := OrgContactUser{}
+	return &this
+}
+
+// NewOrgContactUserWithDefaults instantiates a new OrgContactUser object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOrgContactUserWithDefaults() *OrgContactUser {
+	this := OrgContactUser{}
+	return &this
+}
+
+// GetUserId returns the UserId field value if set, zero value otherwise.
+func (o *OrgContactUser) GetUserId() string {
+	if o == nil || o.UserId == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserId
+}
+
+// GetUserIdOk returns a tuple with the UserId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgContactUser) GetUserIdOk() (*string, bool) {
+	if o == nil || o.UserId == nil {
+		return nil, false
+	}
+	return o.UserId, true
+}
+
+// HasUserId returns a boolean if a field has been set.
+func (o *OrgContactUser) HasUserId() bool {
+	if o != nil && o.UserId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserId gets a reference to the given string and assigns it to the UserId field.
+func (o *OrgContactUser) SetUserId(v string) {
+	o.UserId = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OrgContactUser) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgContactUser) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OrgContactUser) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OrgContactUser) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OrgContactUser) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.UserId != nil {
+		toSerialize["userId"] = o.UserId
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OrgContactUser) UnmarshalJSON(bytes []byte) (err error) {
+	varOrgContactUser := _OrgContactUser{}
+
+	err = json.Unmarshal(bytes, &varOrgContactUser)
+	if err == nil {
+		*o = OrgContactUser(varOrgContactUser)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "userId")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOrgContactUser struct {
+	value *OrgContactUser
+	isSet bool
+}
+
+func (v NullableOrgContactUser) Get() *OrgContactUser {
+	return v.value
+}
+
+func (v *NullableOrgContactUser) Set(val *OrgContactUser) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgContactUser) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgContactUser) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgContactUser(val *OrgContactUser) *NullableOrgContactUser {
+	return &NullableOrgContactUser{value: val, isSet: true}
+}
+
+func (v NullableOrgContactUser) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgContactUser) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_okta_communication_setting.go b/okta/model_org_okta_communication_setting.go
new file mode 100644
index 000000000..22a3ade48
--- /dev/null
+++ b/okta/model_org_okta_communication_setting.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OrgOktaCommunicationSetting struct for OrgOktaCommunicationSetting
+type OrgOktaCommunicationSetting struct {
+	OptOutEmailUsers     *bool                             `json:"optOutEmailUsers,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OrgOktaCommunicationSetting OrgOktaCommunicationSetting
+
+// NewOrgOktaCommunicationSetting instantiates a new OrgOktaCommunicationSetting object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOrgOktaCommunicationSetting() *OrgOktaCommunicationSetting {
+	this := OrgOktaCommunicationSetting{}
+	return &this
+}
+
+// NewOrgOktaCommunicationSettingWithDefaults instantiates a new OrgOktaCommunicationSetting object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOrgOktaCommunicationSettingWithDefaults() *OrgOktaCommunicationSetting {
+	this := OrgOktaCommunicationSetting{}
+	return &this
+}
+
+// GetOptOutEmailUsers returns the OptOutEmailUsers field value if set, zero value otherwise.
+func (o *OrgOktaCommunicationSetting) GetOptOutEmailUsers() bool {
+	if o == nil || o.OptOutEmailUsers == nil {
+		var ret bool
+		return ret
+	}
+	return *o.OptOutEmailUsers
+}
+
+// GetOptOutEmailUsersOk returns a tuple with the OptOutEmailUsers field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgOktaCommunicationSetting) GetOptOutEmailUsersOk() (*bool, bool) {
+	if o == nil || o.OptOutEmailUsers == nil {
+		return nil, false
+	}
+	return o.OptOutEmailUsers, true
+}
+
+// HasOptOutEmailUsers returns a boolean if a field has been set.
+func (o *OrgOktaCommunicationSetting) HasOptOutEmailUsers() bool {
+	if o != nil && o.OptOutEmailUsers != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptOutEmailUsers gets a reference to the given bool and assigns it to the OptOutEmailUsers field.
+func (o *OrgOktaCommunicationSetting) SetOptOutEmailUsers(v bool) {
+	o.OptOutEmailUsers = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OrgOktaCommunicationSetting) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgOktaCommunicationSetting) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OrgOktaCommunicationSetting) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OrgOktaCommunicationSetting) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OrgOktaCommunicationSetting) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.OptOutEmailUsers != nil {
+		toSerialize["optOutEmailUsers"] = o.OptOutEmailUsers
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OrgOktaCommunicationSetting) UnmarshalJSON(bytes []byte) (err error) {
+	varOrgOktaCommunicationSetting := _OrgOktaCommunicationSetting{}
+
+	err = json.Unmarshal(bytes, &varOrgOktaCommunicationSetting)
+	if err == nil {
+		*o = OrgOktaCommunicationSetting(varOrgOktaCommunicationSetting)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "optOutEmailUsers")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOrgOktaCommunicationSetting struct {
+	value *OrgOktaCommunicationSetting
+	isSet bool
+}
+
+func (v NullableOrgOktaCommunicationSetting) Get() *OrgOktaCommunicationSetting {
+	return v.value
+}
+
+func (v *NullableOrgOktaCommunicationSetting) Set(val *OrgOktaCommunicationSetting) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgOktaCommunicationSetting) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgOktaCommunicationSetting) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgOktaCommunicationSetting(val *OrgOktaCommunicationSetting) *NullableOrgOktaCommunicationSetting {
+	return &NullableOrgOktaCommunicationSetting{value: val, isSet: true}
+}
+
+func (v NullableOrgOktaCommunicationSetting) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgOktaCommunicationSetting) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_okta_support_setting.go b/okta/model_org_okta_support_setting.go
new file mode 100644
index 000000000..ed9b5544f
--- /dev/null
+++ b/okta/model_org_okta_support_setting.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// OrgOktaSupportSetting the model 'OrgOktaSupportSetting'
+type OrgOktaSupportSetting string
+
+// List of OrgOktaSupportSetting
+const (
+	ORGOKTASUPPORTSETTING_DISABLED OrgOktaSupportSetting = "DISABLED"
+	ORGOKTASUPPORTSETTING_ENABLED  OrgOktaSupportSetting = "ENABLED"
+)
+
+// All allowed values of OrgOktaSupportSetting enum
+var AllowedOrgOktaSupportSettingEnumValues = []OrgOktaSupportSetting{
+	"DISABLED",
+	"ENABLED",
+}
+
+func (v *OrgOktaSupportSetting) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := OrgOktaSupportSetting(value)
+	for _, existing := range AllowedOrgOktaSupportSettingEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid OrgOktaSupportSetting", value)
+}
+
+// NewOrgOktaSupportSettingFromValue returns a pointer to a valid OrgOktaSupportSetting
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOrgOktaSupportSettingFromValue(v string) (*OrgOktaSupportSetting, error) {
+	ev := OrgOktaSupportSetting(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for OrgOktaSupportSetting: valid values are %v", v, AllowedOrgOktaSupportSettingEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v OrgOktaSupportSetting) IsValid() bool {
+	for _, existing := range AllowedOrgOktaSupportSettingEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to OrgOktaSupportSetting value
+func (v OrgOktaSupportSetting) Ptr() *OrgOktaSupportSetting {
+	return &v
+}
+
+type NullableOrgOktaSupportSetting struct {
+	value *OrgOktaSupportSetting
+	isSet bool
+}
+
+func (v NullableOrgOktaSupportSetting) Get() *OrgOktaSupportSetting {
+	return v.value
+}
+
+func (v *NullableOrgOktaSupportSetting) Set(val *OrgOktaSupportSetting) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgOktaSupportSetting) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgOktaSupportSetting) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgOktaSupportSetting(val *OrgOktaSupportSetting) *NullableOrgOktaSupportSetting {
+	return &NullableOrgOktaSupportSetting{value: val, isSet: true}
+}
+
+func (v NullableOrgOktaSupportSetting) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgOktaSupportSetting) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_okta_support_settings_obj.go b/okta/model_org_okta_support_settings_obj.go
new file mode 100644
index 000000000..583d6f0fb
--- /dev/null
+++ b/okta/model_org_okta_support_settings_obj.go
@@ -0,0 +1,233 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// OrgOktaSupportSettingsObj struct for OrgOktaSupportSettingsObj
+type OrgOktaSupportSettingsObj struct {
+	Expiration           *time.Time                        `json:"expiration,omitempty"`
+	Support              *OrgOktaSupportSetting            `json:"support,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OrgOktaSupportSettingsObj OrgOktaSupportSettingsObj
+
+// NewOrgOktaSupportSettingsObj instantiates a new OrgOktaSupportSettingsObj object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOrgOktaSupportSettingsObj() *OrgOktaSupportSettingsObj {
+	this := OrgOktaSupportSettingsObj{}
+	return &this
+}
+
+// NewOrgOktaSupportSettingsObjWithDefaults instantiates a new OrgOktaSupportSettingsObj object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOrgOktaSupportSettingsObjWithDefaults() *OrgOktaSupportSettingsObj {
+	this := OrgOktaSupportSettingsObj{}
+	return &this
+}
+
+// GetExpiration returns the Expiration field value if set, zero value otherwise.
+func (o *OrgOktaSupportSettingsObj) GetExpiration() time.Time {
+	if o == nil || o.Expiration == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Expiration
+}
+
+// GetExpirationOk returns a tuple with the Expiration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgOktaSupportSettingsObj) GetExpirationOk() (*time.Time, bool) {
+	if o == nil || o.Expiration == nil {
+		return nil, false
+	}
+	return o.Expiration, true
+}
+
+// HasExpiration returns a boolean if a field has been set.
+func (o *OrgOktaSupportSettingsObj) HasExpiration() bool {
+	if o != nil && o.Expiration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiration gets a reference to the given time.Time and assigns it to the Expiration field.
+func (o *OrgOktaSupportSettingsObj) SetExpiration(v time.Time) {
+	o.Expiration = &v
+}
+
+// GetSupport returns the Support field value if set, zero value otherwise.
+func (o *OrgOktaSupportSettingsObj) GetSupport() OrgOktaSupportSetting {
+	if o == nil || o.Support == nil {
+		var ret OrgOktaSupportSetting
+		return ret
+	}
+	return *o.Support
+}
+
+// GetSupportOk returns a tuple with the Support field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgOktaSupportSettingsObj) GetSupportOk() (*OrgOktaSupportSetting, bool) {
+	if o == nil || o.Support == nil {
+		return nil, false
+	}
+	return o.Support, true
+}
+
+// HasSupport returns a boolean if a field has been set.
+func (o *OrgOktaSupportSettingsObj) HasSupport() bool {
+	if o != nil && o.Support != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSupport gets a reference to the given OrgOktaSupportSetting and assigns it to the Support field.
+func (o *OrgOktaSupportSettingsObj) SetSupport(v OrgOktaSupportSetting) {
+	o.Support = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OrgOktaSupportSettingsObj) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgOktaSupportSettingsObj) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OrgOktaSupportSettingsObj) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OrgOktaSupportSettingsObj) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OrgOktaSupportSettingsObj) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Expiration != nil {
+		toSerialize["expiration"] = o.Expiration
+	}
+	if o.Support != nil {
+		toSerialize["support"] = o.Support
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OrgOktaSupportSettingsObj) UnmarshalJSON(bytes []byte) (err error) {
+	varOrgOktaSupportSettingsObj := _OrgOktaSupportSettingsObj{}
+
+	err = json.Unmarshal(bytes, &varOrgOktaSupportSettingsObj)
+	if err == nil {
+		*o = OrgOktaSupportSettingsObj(varOrgOktaSupportSettingsObj)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiration")
+		delete(additionalProperties, "support")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOrgOktaSupportSettingsObj struct {
+	value *OrgOktaSupportSettingsObj
+	isSet bool
+}
+
+func (v NullableOrgOktaSupportSettingsObj) Get() *OrgOktaSupportSettingsObj {
+	return v.value
+}
+
+func (v *NullableOrgOktaSupportSettingsObj) Set(val *OrgOktaSupportSettingsObj) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgOktaSupportSettingsObj) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgOktaSupportSettingsObj) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgOktaSupportSettingsObj(val *OrgOktaSupportSettingsObj) *NullableOrgOktaSupportSettingsObj {
+	return &NullableOrgOktaSupportSettingsObj{value: val, isSet: true}
+}
+
+func (v NullableOrgOktaSupportSettingsObj) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgOktaSupportSettingsObj) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_preferences.go b/okta/model_org_preferences.go
new file mode 100644
index 000000000..9aba4c910
--- /dev/null
+++ b/okta/model_org_preferences.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OrgPreferences struct for OrgPreferences
+type OrgPreferences struct {
+	ShowEndUserFooter    *bool                             `json:"showEndUserFooter,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OrgPreferences OrgPreferences
+
+// NewOrgPreferences instantiates a new OrgPreferences object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOrgPreferences() *OrgPreferences {
+	this := OrgPreferences{}
+	return &this
+}
+
+// NewOrgPreferencesWithDefaults instantiates a new OrgPreferences object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOrgPreferencesWithDefaults() *OrgPreferences {
+	this := OrgPreferences{}
+	return &this
+}
+
+// GetShowEndUserFooter returns the ShowEndUserFooter field value if set, zero value otherwise.
+func (o *OrgPreferences) GetShowEndUserFooter() bool {
+	if o == nil || o.ShowEndUserFooter == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ShowEndUserFooter
+}
+
+// GetShowEndUserFooterOk returns a tuple with the ShowEndUserFooter field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgPreferences) GetShowEndUserFooterOk() (*bool, bool) {
+	if o == nil || o.ShowEndUserFooter == nil {
+		return nil, false
+	}
+	return o.ShowEndUserFooter, true
+}
+
+// HasShowEndUserFooter returns a boolean if a field has been set.
+func (o *OrgPreferences) HasShowEndUserFooter() bool {
+	if o != nil && o.ShowEndUserFooter != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetShowEndUserFooter gets a reference to the given bool and assigns it to the ShowEndUserFooter field.
+func (o *OrgPreferences) SetShowEndUserFooter(v bool) {
+	o.ShowEndUserFooter = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OrgPreferences) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgPreferences) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OrgPreferences) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OrgPreferences) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OrgPreferences) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ShowEndUserFooter != nil {
+		toSerialize["showEndUserFooter"] = o.ShowEndUserFooter
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OrgPreferences) UnmarshalJSON(bytes []byte) (err error) {
+	varOrgPreferences := _OrgPreferences{}
+
+	err = json.Unmarshal(bytes, &varOrgPreferences)
+	if err == nil {
+		*o = OrgPreferences(varOrgPreferences)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "showEndUserFooter")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOrgPreferences struct {
+	value *OrgPreferences
+	isSet bool
+}
+
+func (v NullableOrgPreferences) Get() *OrgPreferences {
+	return v.value
+}
+
+func (v *NullableOrgPreferences) Set(val *OrgPreferences) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgPreferences) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgPreferences) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgPreferences(val *OrgPreferences) *NullableOrgPreferences {
+	return &NullableOrgPreferences{value: val, isSet: true}
+}
+
+func (v NullableOrgPreferences) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgPreferences) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_org_setting.go b/okta/model_org_setting.go
new file mode 100644
index 000000000..2cb0ce16a
--- /dev/null
+++ b/okta/model_org_setting.go
@@ -0,0 +1,788 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// OrgSetting struct for OrgSetting
+type OrgSetting struct {
+	Address1              *string                           `json:"address1,omitempty"`
+	Address2              *string                           `json:"address2,omitempty"`
+	City                  *string                           `json:"city,omitempty"`
+	CompanyName           *string                           `json:"companyName,omitempty"`
+	Country               *string                           `json:"country,omitempty"`
+	Created               *time.Time                        `json:"created,omitempty"`
+	EndUserSupportHelpURL *string                           `json:"endUserSupportHelpURL,omitempty"`
+	ExpiresAt             *time.Time                        `json:"expiresAt,omitempty"`
+	Id                    *string                           `json:"id,omitempty"`
+	LastUpdated           *time.Time                        `json:"lastUpdated,omitempty"`
+	PhoneNumber           *string                           `json:"phoneNumber,omitempty"`
+	PostalCode            *string                           `json:"postalCode,omitempty"`
+	State                 *string                           `json:"state,omitempty"`
+	Status                *string                           `json:"status,omitempty"`
+	Subdomain             *string                           `json:"subdomain,omitempty"`
+	SupportPhoneNumber    *string                           `json:"supportPhoneNumber,omitempty"`
+	Website               *string                           `json:"website,omitempty"`
+	Links                 map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _OrgSetting OrgSetting
+
+// NewOrgSetting instantiates a new OrgSetting object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOrgSetting() *OrgSetting {
+	this := OrgSetting{}
+	return &this
+}
+
+// NewOrgSettingWithDefaults instantiates a new OrgSetting object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOrgSettingWithDefaults() *OrgSetting {
+	this := OrgSetting{}
+	return &this
+}
+
+// GetAddress1 returns the Address1 field value if set, zero value otherwise.
+func (o *OrgSetting) GetAddress1() string {
+	if o == nil || o.Address1 == nil {
+		var ret string
+		return ret
+	}
+	return *o.Address1
+}
+
+// GetAddress1Ok returns a tuple with the Address1 field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetAddress1Ok() (*string, bool) {
+	if o == nil || o.Address1 == nil {
+		return nil, false
+	}
+	return o.Address1, true
+}
+
+// HasAddress1 returns a boolean if a field has been set.
+func (o *OrgSetting) HasAddress1() bool {
+	if o != nil && o.Address1 != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAddress1 gets a reference to the given string and assigns it to the Address1 field.
+func (o *OrgSetting) SetAddress1(v string) {
+	o.Address1 = &v
+}
+
+// GetAddress2 returns the Address2 field value if set, zero value otherwise.
+func (o *OrgSetting) GetAddress2() string {
+	if o == nil || o.Address2 == nil {
+		var ret string
+		return ret
+	}
+	return *o.Address2
+}
+
+// GetAddress2Ok returns a tuple with the Address2 field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetAddress2Ok() (*string, bool) {
+	if o == nil || o.Address2 == nil {
+		return nil, false
+	}
+	return o.Address2, true
+}
+
+// HasAddress2 returns a boolean if a field has been set.
+func (o *OrgSetting) HasAddress2() bool {
+	if o != nil && o.Address2 != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAddress2 gets a reference to the given string and assigns it to the Address2 field.
+func (o *OrgSetting) SetAddress2(v string) {
+	o.Address2 = &v
+}
+
+// GetCity returns the City field value if set, zero value otherwise.
+func (o *OrgSetting) GetCity() string {
+	if o == nil || o.City == nil {
+		var ret string
+		return ret
+	}
+	return *o.City
+}
+
+// GetCityOk returns a tuple with the City field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetCityOk() (*string, bool) {
+	if o == nil || o.City == nil {
+		return nil, false
+	}
+	return o.City, true
+}
+
+// HasCity returns a boolean if a field has been set.
+func (o *OrgSetting) HasCity() bool {
+	if o != nil && o.City != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCity gets a reference to the given string and assigns it to the City field.
+func (o *OrgSetting) SetCity(v string) {
+	o.City = &v
+}
+
+// GetCompanyName returns the CompanyName field value if set, zero value otherwise.
+func (o *OrgSetting) GetCompanyName() string {
+	if o == nil || o.CompanyName == nil {
+		var ret string
+		return ret
+	}
+	return *o.CompanyName
+}
+
+// GetCompanyNameOk returns a tuple with the CompanyName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetCompanyNameOk() (*string, bool) {
+	if o == nil || o.CompanyName == nil {
+		return nil, false
+	}
+	return o.CompanyName, true
+}
+
+// HasCompanyName returns a boolean if a field has been set.
+func (o *OrgSetting) HasCompanyName() bool {
+	if o != nil && o.CompanyName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCompanyName gets a reference to the given string and assigns it to the CompanyName field.
+func (o *OrgSetting) SetCompanyName(v string) {
+	o.CompanyName = &v
+}
+
+// GetCountry returns the Country field value if set, zero value otherwise.
+func (o *OrgSetting) GetCountry() string {
+	if o == nil || o.Country == nil {
+		var ret string
+		return ret
+	}
+	return *o.Country
+}
+
+// GetCountryOk returns a tuple with the Country field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetCountryOk() (*string, bool) {
+	if o == nil || o.Country == nil {
+		return nil, false
+	}
+	return o.Country, true
+}
+
+// HasCountry returns a boolean if a field has been set.
+func (o *OrgSetting) HasCountry() bool {
+	if o != nil && o.Country != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCountry gets a reference to the given string and assigns it to the Country field.
+func (o *OrgSetting) SetCountry(v string) {
+	o.Country = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *OrgSetting) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *OrgSetting) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *OrgSetting) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetEndUserSupportHelpURL returns the EndUserSupportHelpURL field value if set, zero value otherwise.
+func (o *OrgSetting) GetEndUserSupportHelpURL() string {
+	if o == nil || o.EndUserSupportHelpURL == nil {
+		var ret string
+		return ret
+	}
+	return *o.EndUserSupportHelpURL
+}
+
+// GetEndUserSupportHelpURLOk returns a tuple with the EndUserSupportHelpURL field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetEndUserSupportHelpURLOk() (*string, bool) {
+	if o == nil || o.EndUserSupportHelpURL == nil {
+		return nil, false
+	}
+	return o.EndUserSupportHelpURL, true
+}
+
+// HasEndUserSupportHelpURL returns a boolean if a field has been set.
+func (o *OrgSetting) HasEndUserSupportHelpURL() bool {
+	if o != nil && o.EndUserSupportHelpURL != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEndUserSupportHelpURL gets a reference to the given string and assigns it to the EndUserSupportHelpURL field.
+func (o *OrgSetting) SetEndUserSupportHelpURL(v string) {
+	o.EndUserSupportHelpURL = &v
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *OrgSetting) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *OrgSetting) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *OrgSetting) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *OrgSetting) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *OrgSetting) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *OrgSetting) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *OrgSetting) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *OrgSetting) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *OrgSetting) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetPhoneNumber returns the PhoneNumber field value if set, zero value otherwise.
+func (o *OrgSetting) GetPhoneNumber() string {
+	if o == nil || o.PhoneNumber == nil {
+		var ret string
+		return ret
+	}
+	return *o.PhoneNumber
+}
+
+// GetPhoneNumberOk returns a tuple with the PhoneNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetPhoneNumberOk() (*string, bool) {
+	if o == nil || o.PhoneNumber == nil {
+		return nil, false
+	}
+	return o.PhoneNumber, true
+}
+
+// HasPhoneNumber returns a boolean if a field has been set.
+func (o *OrgSetting) HasPhoneNumber() bool {
+	if o != nil && o.PhoneNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPhoneNumber gets a reference to the given string and assigns it to the PhoneNumber field.
+func (o *OrgSetting) SetPhoneNumber(v string) {
+	o.PhoneNumber = &v
+}
+
+// GetPostalCode returns the PostalCode field value if set, zero value otherwise.
+func (o *OrgSetting) GetPostalCode() string {
+	if o == nil || o.PostalCode == nil {
+		var ret string
+		return ret
+	}
+	return *o.PostalCode
+}
+
+// GetPostalCodeOk returns a tuple with the PostalCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetPostalCodeOk() (*string, bool) {
+	if o == nil || o.PostalCode == nil {
+		return nil, false
+	}
+	return o.PostalCode, true
+}
+
+// HasPostalCode returns a boolean if a field has been set.
+func (o *OrgSetting) HasPostalCode() bool {
+	if o != nil && o.PostalCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPostalCode gets a reference to the given string and assigns it to the PostalCode field.
+func (o *OrgSetting) SetPostalCode(v string) {
+	o.PostalCode = &v
+}
+
+// GetState returns the State field value if set, zero value otherwise.
+func (o *OrgSetting) GetState() string {
+	if o == nil || o.State == nil {
+		var ret string
+		return ret
+	}
+	return *o.State
+}
+
+// GetStateOk returns a tuple with the State field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetStateOk() (*string, bool) {
+	if o == nil || o.State == nil {
+		return nil, false
+	}
+	return o.State, true
+}
+
+// HasState returns a boolean if a field has been set.
+func (o *OrgSetting) HasState() bool {
+	if o != nil && o.State != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetState gets a reference to the given string and assigns it to the State field.
+func (o *OrgSetting) SetState(v string) {
+	o.State = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *OrgSetting) GetStatus() string {
+	if o == nil || o.Status == nil {
+		var ret string
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetStatusOk() (*string, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *OrgSetting) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given string and assigns it to the Status field.
+func (o *OrgSetting) SetStatus(v string) {
+	o.Status = &v
+}
+
+// GetSubdomain returns the Subdomain field value if set, zero value otherwise.
+func (o *OrgSetting) GetSubdomain() string {
+	if o == nil || o.Subdomain == nil {
+		var ret string
+		return ret
+	}
+	return *o.Subdomain
+}
+
+// GetSubdomainOk returns a tuple with the Subdomain field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetSubdomainOk() (*string, bool) {
+	if o == nil || o.Subdomain == nil {
+		return nil, false
+	}
+	return o.Subdomain, true
+}
+
+// HasSubdomain returns a boolean if a field has been set.
+func (o *OrgSetting) HasSubdomain() bool {
+	if o != nil && o.Subdomain != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubdomain gets a reference to the given string and assigns it to the Subdomain field.
+func (o *OrgSetting) SetSubdomain(v string) {
+	o.Subdomain = &v
+}
+
+// GetSupportPhoneNumber returns the SupportPhoneNumber field value if set, zero value otherwise.
+func (o *OrgSetting) GetSupportPhoneNumber() string {
+	if o == nil || o.SupportPhoneNumber == nil {
+		var ret string
+		return ret
+	}
+	return *o.SupportPhoneNumber
+}
+
+// GetSupportPhoneNumberOk returns a tuple with the SupportPhoneNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetSupportPhoneNumberOk() (*string, bool) {
+	if o == nil || o.SupportPhoneNumber == nil {
+		return nil, false
+	}
+	return o.SupportPhoneNumber, true
+}
+
+// HasSupportPhoneNumber returns a boolean if a field has been set.
+func (o *OrgSetting) HasSupportPhoneNumber() bool {
+	if o != nil && o.SupportPhoneNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSupportPhoneNumber gets a reference to the given string and assigns it to the SupportPhoneNumber field.
+func (o *OrgSetting) SetSupportPhoneNumber(v string) {
+	o.SupportPhoneNumber = &v
+}
+
+// GetWebsite returns the Website field value if set, zero value otherwise.
+func (o *OrgSetting) GetWebsite() string {
+	if o == nil || o.Website == nil {
+		var ret string
+		return ret
+	}
+	return *o.Website
+}
+
+// GetWebsiteOk returns a tuple with the Website field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetWebsiteOk() (*string, bool) {
+	if o == nil || o.Website == nil {
+		return nil, false
+	}
+	return o.Website, true
+}
+
+// HasWebsite returns a boolean if a field has been set.
+func (o *OrgSetting) HasWebsite() bool {
+	if o != nil && o.Website != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWebsite gets a reference to the given string and assigns it to the Website field.
+func (o *OrgSetting) SetWebsite(v string) {
+	o.Website = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *OrgSetting) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OrgSetting) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *OrgSetting) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *OrgSetting) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o OrgSetting) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Address1 != nil {
+		toSerialize["address1"] = o.Address1
+	}
+	if o.Address2 != nil {
+		toSerialize["address2"] = o.Address2
+	}
+	if o.City != nil {
+		toSerialize["city"] = o.City
+	}
+	if o.CompanyName != nil {
+		toSerialize["companyName"] = o.CompanyName
+	}
+	if o.Country != nil {
+		toSerialize["country"] = o.Country
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.EndUserSupportHelpURL != nil {
+		toSerialize["endUserSupportHelpURL"] = o.EndUserSupportHelpURL
+	}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.PhoneNumber != nil {
+		toSerialize["phoneNumber"] = o.PhoneNumber
+	}
+	if o.PostalCode != nil {
+		toSerialize["postalCode"] = o.PostalCode
+	}
+	if o.State != nil {
+		toSerialize["state"] = o.State
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Subdomain != nil {
+		toSerialize["subdomain"] = o.Subdomain
+	}
+	if o.SupportPhoneNumber != nil {
+		toSerialize["supportPhoneNumber"] = o.SupportPhoneNumber
+	}
+	if o.Website != nil {
+		toSerialize["website"] = o.Website
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OrgSetting) UnmarshalJSON(bytes []byte) (err error) {
+	varOrgSetting := _OrgSetting{}
+
+	err = json.Unmarshal(bytes, &varOrgSetting)
+	if err == nil {
+		*o = OrgSetting(varOrgSetting)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "address1")
+		delete(additionalProperties, "address2")
+		delete(additionalProperties, "city")
+		delete(additionalProperties, "companyName")
+		delete(additionalProperties, "country")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "endUserSupportHelpURL")
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "phoneNumber")
+		delete(additionalProperties, "postalCode")
+		delete(additionalProperties, "state")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "subdomain")
+		delete(additionalProperties, "supportPhoneNumber")
+		delete(additionalProperties, "website")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOrgSetting struct {
+	value *OrgSetting
+	isSet bool
+}
+
+func (v NullableOrgSetting) Get() *OrgSetting {
+	return v.value
+}
+
+func (v *NullableOrgSetting) Set(val *OrgSetting) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOrgSetting) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOrgSetting) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOrgSetting(val *OrgSetting) *NullableOrgSetting {
+	return &NullableOrgSetting{value: val, isSet: true}
+}
+
+func (v NullableOrgSetting) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOrgSetting) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_os_version.go b/okta/model_os_version.go
new file mode 100644
index 000000000..ac4d5ce41
--- /dev/null
+++ b/okta/model_os_version.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// OSVersion Current version of the operating system
+type OSVersion struct {
+	Minimum              *string `json:"minimum,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _OSVersion OSVersion
+
+// NewOSVersion instantiates a new OSVersion object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewOSVersion() *OSVersion {
+	this := OSVersion{}
+	return &this
+}
+
+// NewOSVersionWithDefaults instantiates a new OSVersion object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewOSVersionWithDefaults() *OSVersion {
+	this := OSVersion{}
+	return &this
+}
+
+// GetMinimum returns the Minimum field value if set, zero value otherwise.
+func (o *OSVersion) GetMinimum() string {
+	if o == nil || o.Minimum == nil {
+		var ret string
+		return ret
+	}
+	return *o.Minimum
+}
+
+// GetMinimumOk returns a tuple with the Minimum field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OSVersion) GetMinimumOk() (*string, bool) {
+	if o == nil || o.Minimum == nil {
+		return nil, false
+	}
+	return o.Minimum, true
+}
+
+// HasMinimum returns a boolean if a field has been set.
+func (o *OSVersion) HasMinimum() bool {
+	if o != nil && o.Minimum != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinimum gets a reference to the given string and assigns it to the Minimum field.
+func (o *OSVersion) SetMinimum(v string) {
+	o.Minimum = &v
+}
+
+func (o OSVersion) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Minimum != nil {
+		toSerialize["minimum"] = o.Minimum
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *OSVersion) UnmarshalJSON(bytes []byte) (err error) {
+	varOSVersion := _OSVersion{}
+
+	err = json.Unmarshal(bytes, &varOSVersion)
+	if err == nil {
+		*o = OSVersion(varOSVersion)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "minimum")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableOSVersion struct {
+	value *OSVersion
+	isSet bool
+}
+
+func (v NullableOSVersion) Get() *OSVersion {
+	return v.value
+}
+
+func (v *NullableOSVersion) Set(val *OSVersion) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOSVersion) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOSVersion) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOSVersion(val *OSVersion) *NullableOSVersion {
+	return &NullableOSVersion{value: val, isSet: true}
+}
+
+func (v NullableOSVersion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOSVersion) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_page_root.go b/okta/model_page_root.go
new file mode 100644
index 000000000..09a28d463
--- /dev/null
+++ b/okta/model_page_root.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PageRoot struct for PageRoot
+type PageRoot struct {
+	Embedded             *PageRootEmbedded `json:"_embedded,omitempty"`
+	Links                *PageRootLinks    `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PageRoot PageRoot
+
+// NewPageRoot instantiates a new PageRoot object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPageRoot() *PageRoot {
+	this := PageRoot{}
+	return &this
+}
+
+// NewPageRootWithDefaults instantiates a new PageRoot object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPageRootWithDefaults() *PageRoot {
+	this := PageRoot{}
+	return &this
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *PageRoot) GetEmbedded() PageRootEmbedded {
+	if o == nil || o.Embedded == nil {
+		var ret PageRootEmbedded
+		return ret
+	}
+	return *o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRoot) GetEmbeddedOk() (*PageRootEmbedded, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *PageRoot) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given PageRootEmbedded and assigns it to the Embedded field.
+func (o *PageRoot) SetEmbedded(v PageRootEmbedded) {
+	o.Embedded = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *PageRoot) GetLinks() PageRootLinks {
+	if o == nil || o.Links == nil {
+		var ret PageRootLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRoot) GetLinksOk() (*PageRootLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *PageRoot) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given PageRootLinks and assigns it to the Links field.
+func (o *PageRoot) SetLinks(v PageRootLinks) {
+	o.Links = &v
+}
+
+func (o PageRoot) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PageRoot) UnmarshalJSON(bytes []byte) (err error) {
+	varPageRoot := _PageRoot{}
+
+	err = json.Unmarshal(bytes, &varPageRoot)
+	if err == nil {
+		*o = PageRoot(varPageRoot)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePageRoot struct {
+	value *PageRoot
+	isSet bool
+}
+
+func (v NullablePageRoot) Get() *PageRoot {
+	return v.value
+}
+
+func (v *NullablePageRoot) Set(val *PageRoot) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePageRoot) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePageRoot) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePageRoot(val *PageRoot) *NullablePageRoot {
+	return &NullablePageRoot{value: val, isSet: true}
+}
+
+func (v NullablePageRoot) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePageRoot) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_page_root__embedded.go b/okta/model_page_root__embedded.go
new file mode 100644
index 000000000..2ab2f8fb9
--- /dev/null
+++ b/okta/model_page_root__embedded.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PageRootEmbedded struct for PageRootEmbedded
+type PageRootEmbedded struct {
+	Default              *CustomizablePage `json:"default,omitempty"`
+	Customized           *CustomizablePage `json:"customized,omitempty"`
+	CustomizedUrl        *string           `json:"customizedUrl,omitempty"`
+	Preview              *CustomizablePage `json:"preview,omitempty"`
+	PreviewUrl           *string           `json:"previewUrl,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PageRootEmbedded PageRootEmbedded
+
+// NewPageRootEmbedded instantiates a new PageRootEmbedded object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPageRootEmbedded() *PageRootEmbedded {
+	this := PageRootEmbedded{}
+	return &this
+}
+
+// NewPageRootEmbeddedWithDefaults instantiates a new PageRootEmbedded object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPageRootEmbeddedWithDefaults() *PageRootEmbedded {
+	this := PageRootEmbedded{}
+	return &this
+}
+
+// GetDefault returns the Default field value if set, zero value otherwise.
+func (o *PageRootEmbedded) GetDefault() CustomizablePage {
+	if o == nil || o.Default == nil {
+		var ret CustomizablePage
+		return ret
+	}
+	return *o.Default
+}
+
+// GetDefaultOk returns a tuple with the Default field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootEmbedded) GetDefaultOk() (*CustomizablePage, bool) {
+	if o == nil || o.Default == nil {
+		return nil, false
+	}
+	return o.Default, true
+}
+
+// HasDefault returns a boolean if a field has been set.
+func (o *PageRootEmbedded) HasDefault() bool {
+	if o != nil && o.Default != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefault gets a reference to the given CustomizablePage and assigns it to the Default field.
+func (o *PageRootEmbedded) SetDefault(v CustomizablePage) {
+	o.Default = &v
+}
+
+// GetCustomized returns the Customized field value if set, zero value otherwise.
+func (o *PageRootEmbedded) GetCustomized() CustomizablePage {
+	if o == nil || o.Customized == nil {
+		var ret CustomizablePage
+		return ret
+	}
+	return *o.Customized
+}
+
+// GetCustomizedOk returns a tuple with the Customized field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootEmbedded) GetCustomizedOk() (*CustomizablePage, bool) {
+	if o == nil || o.Customized == nil {
+		return nil, false
+	}
+	return o.Customized, true
+}
+
+// HasCustomized returns a boolean if a field has been set.
+func (o *PageRootEmbedded) HasCustomized() bool {
+	if o != nil && o.Customized != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomized gets a reference to the given CustomizablePage and assigns it to the Customized field.
+func (o *PageRootEmbedded) SetCustomized(v CustomizablePage) {
+	o.Customized = &v
+}
+
+// GetCustomizedUrl returns the CustomizedUrl field value if set, zero value otherwise.
+func (o *PageRootEmbedded) GetCustomizedUrl() string {
+	if o == nil || o.CustomizedUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.CustomizedUrl
+}
+
+// GetCustomizedUrlOk returns a tuple with the CustomizedUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootEmbedded) GetCustomizedUrlOk() (*string, bool) {
+	if o == nil || o.CustomizedUrl == nil {
+		return nil, false
+	}
+	return o.CustomizedUrl, true
+}
+
+// HasCustomizedUrl returns a boolean if a field has been set.
+func (o *PageRootEmbedded) HasCustomizedUrl() bool {
+	if o != nil && o.CustomizedUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomizedUrl gets a reference to the given string and assigns it to the CustomizedUrl field.
+func (o *PageRootEmbedded) SetCustomizedUrl(v string) {
+	o.CustomizedUrl = &v
+}
+
+// GetPreview returns the Preview field value if set, zero value otherwise.
+func (o *PageRootEmbedded) GetPreview() CustomizablePage {
+	if o == nil || o.Preview == nil {
+		var ret CustomizablePage
+		return ret
+	}
+	return *o.Preview
+}
+
+// GetPreviewOk returns a tuple with the Preview field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootEmbedded) GetPreviewOk() (*CustomizablePage, bool) {
+	if o == nil || o.Preview == nil {
+		return nil, false
+	}
+	return o.Preview, true
+}
+
+// HasPreview returns a boolean if a field has been set.
+func (o *PageRootEmbedded) HasPreview() bool {
+	if o != nil && o.Preview != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreview gets a reference to the given CustomizablePage and assigns it to the Preview field.
+func (o *PageRootEmbedded) SetPreview(v CustomizablePage) {
+	o.Preview = &v
+}
+
+// GetPreviewUrl returns the PreviewUrl field value if set, zero value otherwise.
+func (o *PageRootEmbedded) GetPreviewUrl() string {
+	if o == nil || o.PreviewUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.PreviewUrl
+}
+
+// GetPreviewUrlOk returns a tuple with the PreviewUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootEmbedded) GetPreviewUrlOk() (*string, bool) {
+	if o == nil || o.PreviewUrl == nil {
+		return nil, false
+	}
+	return o.PreviewUrl, true
+}
+
+// HasPreviewUrl returns a boolean if a field has been set.
+func (o *PageRootEmbedded) HasPreviewUrl() bool {
+	if o != nil && o.PreviewUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreviewUrl gets a reference to the given string and assigns it to the PreviewUrl field.
+func (o *PageRootEmbedded) SetPreviewUrl(v string) {
+	o.PreviewUrl = &v
+}
+
+func (o PageRootEmbedded) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Default != nil {
+		toSerialize["default"] = o.Default
+	}
+	if o.Customized != nil {
+		toSerialize["customized"] = o.Customized
+	}
+	if o.CustomizedUrl != nil {
+		toSerialize["customizedUrl"] = o.CustomizedUrl
+	}
+	if o.Preview != nil {
+		toSerialize["preview"] = o.Preview
+	}
+	if o.PreviewUrl != nil {
+		toSerialize["previewUrl"] = o.PreviewUrl
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PageRootEmbedded) UnmarshalJSON(bytes []byte) (err error) {
+	varPageRootEmbedded := _PageRootEmbedded{}
+
+	err = json.Unmarshal(bytes, &varPageRootEmbedded)
+	if err == nil {
+		*o = PageRootEmbedded(varPageRootEmbedded)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "default")
+		delete(additionalProperties, "customized")
+		delete(additionalProperties, "customizedUrl")
+		delete(additionalProperties, "preview")
+		delete(additionalProperties, "previewUrl")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePageRootEmbedded struct {
+	value *PageRootEmbedded
+	isSet bool
+}
+
+func (v NullablePageRootEmbedded) Get() *PageRootEmbedded {
+	return v.value
+}
+
+func (v *NullablePageRootEmbedded) Set(val *PageRootEmbedded) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePageRootEmbedded) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePageRootEmbedded) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePageRootEmbedded(val *PageRootEmbedded) *NullablePageRootEmbedded {
+	return &NullablePageRootEmbedded{value: val, isSet: true}
+}
+
+func (v NullablePageRootEmbedded) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePageRootEmbedded) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_page_root__links.go b/okta/model_page_root__links.go
new file mode 100644
index 000000000..6988c6283
--- /dev/null
+++ b/okta/model_page_root__links.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PageRootLinks struct for PageRootLinks
+type PageRootLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Default              *HrefObject `json:"default,omitempty"`
+	Customized           *HrefObject `json:"customized,omitempty"`
+	Preview              *HrefObject `json:"preview,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PageRootLinks PageRootLinks
+
+// NewPageRootLinks instantiates a new PageRootLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPageRootLinks() *PageRootLinks {
+	this := PageRootLinks{}
+	return &this
+}
+
+// NewPageRootLinksWithDefaults instantiates a new PageRootLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPageRootLinksWithDefaults() *PageRootLinks {
+	this := PageRootLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *PageRootLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *PageRootLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *PageRootLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetDefault returns the Default field value if set, zero value otherwise.
+func (o *PageRootLinks) GetDefault() HrefObject {
+	if o == nil || o.Default == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Default
+}
+
+// GetDefaultOk returns a tuple with the Default field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootLinks) GetDefaultOk() (*HrefObject, bool) {
+	if o == nil || o.Default == nil {
+		return nil, false
+	}
+	return o.Default, true
+}
+
+// HasDefault returns a boolean if a field has been set.
+func (o *PageRootLinks) HasDefault() bool {
+	if o != nil && o.Default != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefault gets a reference to the given HrefObject and assigns it to the Default field.
+func (o *PageRootLinks) SetDefault(v HrefObject) {
+	o.Default = &v
+}
+
+// GetCustomized returns the Customized field value if set, zero value otherwise.
+func (o *PageRootLinks) GetCustomized() HrefObject {
+	if o == nil || o.Customized == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Customized
+}
+
+// GetCustomizedOk returns a tuple with the Customized field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootLinks) GetCustomizedOk() (*HrefObject, bool) {
+	if o == nil || o.Customized == nil {
+		return nil, false
+	}
+	return o.Customized, true
+}
+
+// HasCustomized returns a boolean if a field has been set.
+func (o *PageRootLinks) HasCustomized() bool {
+	if o != nil && o.Customized != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomized gets a reference to the given HrefObject and assigns it to the Customized field.
+func (o *PageRootLinks) SetCustomized(v HrefObject) {
+	o.Customized = &v
+}
+
+// GetPreview returns the Preview field value if set, zero value otherwise.
+func (o *PageRootLinks) GetPreview() HrefObject {
+	if o == nil || o.Preview == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Preview
+}
+
+// GetPreviewOk returns a tuple with the Preview field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PageRootLinks) GetPreviewOk() (*HrefObject, bool) {
+	if o == nil || o.Preview == nil {
+		return nil, false
+	}
+	return o.Preview, true
+}
+
+// HasPreview returns a boolean if a field has been set.
+func (o *PageRootLinks) HasPreview() bool {
+	if o != nil && o.Preview != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreview gets a reference to the given HrefObject and assigns it to the Preview field.
+func (o *PageRootLinks) SetPreview(v HrefObject) {
+	o.Preview = &v
+}
+
+func (o PageRootLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Default != nil {
+		toSerialize["default"] = o.Default
+	}
+	if o.Customized != nil {
+		toSerialize["customized"] = o.Customized
+	}
+	if o.Preview != nil {
+		toSerialize["preview"] = o.Preview
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PageRootLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varPageRootLinks := _PageRootLinks{}
+
+	err = json.Unmarshal(bytes, &varPageRootLinks)
+	if err == nil {
+		*o = PageRootLinks(varPageRootLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "default")
+		delete(additionalProperties, "customized")
+		delete(additionalProperties, "preview")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePageRootLinks struct {
+	value *PageRootLinks
+	isSet bool
+}
+
+func (v NullablePageRootLinks) Get() *PageRootLinks {
+	return v.value
+}
+
+func (v *NullablePageRootLinks) Set(val *PageRootLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePageRootLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePageRootLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePageRootLinks(val *PageRootLinks) *NullablePageRootLinks {
+	return &NullablePageRootLinks{value: val, isSet: true}
+}
+
+func (v NullablePageRootLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePageRootLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_credential.go b/okta/model_password_credential.go
new file mode 100644
index 000000000..79cd1793d
--- /dev/null
+++ b/okta/model_password_credential.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordCredential struct for PasswordCredential
+type PasswordCredential struct {
+	Hash                 *PasswordCredentialHash `json:"hash,omitempty"`
+	Hook                 *PasswordCredentialHook `json:"hook,omitempty"`
+	Value                *string                 `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordCredential PasswordCredential
+
+// NewPasswordCredential instantiates a new PasswordCredential object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordCredential() *PasswordCredential {
+	this := PasswordCredential{}
+	return &this
+}
+
+// NewPasswordCredentialWithDefaults instantiates a new PasswordCredential object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordCredentialWithDefaults() *PasswordCredential {
+	this := PasswordCredential{}
+	return &this
+}
+
+// GetHash returns the Hash field value if set, zero value otherwise.
+func (o *PasswordCredential) GetHash() PasswordCredentialHash {
+	if o == nil || o.Hash == nil {
+		var ret PasswordCredentialHash
+		return ret
+	}
+	return *o.Hash
+}
+
+// GetHashOk returns a tuple with the Hash field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredential) GetHashOk() (*PasswordCredentialHash, bool) {
+	if o == nil || o.Hash == nil {
+		return nil, false
+	}
+	return o.Hash, true
+}
+
+// HasHash returns a boolean if a field has been set.
+func (o *PasswordCredential) HasHash() bool {
+	if o != nil && o.Hash != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHash gets a reference to the given PasswordCredentialHash and assigns it to the Hash field.
+func (o *PasswordCredential) SetHash(v PasswordCredentialHash) {
+	o.Hash = &v
+}
+
+// GetHook returns the Hook field value if set, zero value otherwise.
+func (o *PasswordCredential) GetHook() PasswordCredentialHook {
+	if o == nil || o.Hook == nil {
+		var ret PasswordCredentialHook
+		return ret
+	}
+	return *o.Hook
+}
+
+// GetHookOk returns a tuple with the Hook field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredential) GetHookOk() (*PasswordCredentialHook, bool) {
+	if o == nil || o.Hook == nil {
+		return nil, false
+	}
+	return o.Hook, true
+}
+
+// HasHook returns a boolean if a field has been set.
+func (o *PasswordCredential) HasHook() bool {
+	if o != nil && o.Hook != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHook gets a reference to the given PasswordCredentialHook and assigns it to the Hook field.
+func (o *PasswordCredential) SetHook(v PasswordCredentialHook) {
+	o.Hook = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *PasswordCredential) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredential) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *PasswordCredential) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *PasswordCredential) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o PasswordCredential) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Hash != nil {
+		toSerialize["hash"] = o.Hash
+	}
+	if o.Hook != nil {
+		toSerialize["hook"] = o.Hook
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordCredential) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordCredential := _PasswordCredential{}
+
+	err = json.Unmarshal(bytes, &varPasswordCredential)
+	if err == nil {
+		*o = PasswordCredential(varPasswordCredential)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "hash")
+		delete(additionalProperties, "hook")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordCredential struct {
+	value *PasswordCredential
+	isSet bool
+}
+
+func (v NullablePasswordCredential) Get() *PasswordCredential {
+	return v.value
+}
+
+func (v *NullablePasswordCredential) Set(val *PasswordCredential) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordCredential) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordCredential) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordCredential(val *PasswordCredential) *NullablePasswordCredential {
+	return &NullablePasswordCredential{value: val, isSet: true}
+}
+
+func (v NullablePasswordCredential) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordCredential) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_credential_hash.go b/okta/model_password_credential_hash.go
new file mode 100644
index 000000000..9579dc39f
--- /dev/null
+++ b/okta/model_password_credential_hash.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordCredentialHash struct for PasswordCredentialHash
+type PasswordCredentialHash struct {
+	Algorithm            *PasswordCredentialHashAlgorithm `json:"algorithm,omitempty"`
+	Salt                 *string                          `json:"salt,omitempty"`
+	SaltOrder            *string                          `json:"saltOrder,omitempty"`
+	Value                *string                          `json:"value,omitempty"`
+	WorkFactor           *int32                           `json:"workFactor,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordCredentialHash PasswordCredentialHash
+
+// NewPasswordCredentialHash instantiates a new PasswordCredentialHash object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordCredentialHash() *PasswordCredentialHash {
+	this := PasswordCredentialHash{}
+	return &this
+}
+
+// NewPasswordCredentialHashWithDefaults instantiates a new PasswordCredentialHash object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordCredentialHashWithDefaults() *PasswordCredentialHash {
+	this := PasswordCredentialHash{}
+	return &this
+}
+
+// GetAlgorithm returns the Algorithm field value if set, zero value otherwise.
+func (o *PasswordCredentialHash) GetAlgorithm() PasswordCredentialHashAlgorithm {
+	if o == nil || o.Algorithm == nil {
+		var ret PasswordCredentialHashAlgorithm
+		return ret
+	}
+	return *o.Algorithm
+}
+
+// GetAlgorithmOk returns a tuple with the Algorithm field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredentialHash) GetAlgorithmOk() (*PasswordCredentialHashAlgorithm, bool) {
+	if o == nil || o.Algorithm == nil {
+		return nil, false
+	}
+	return o.Algorithm, true
+}
+
+// HasAlgorithm returns a boolean if a field has been set.
+func (o *PasswordCredentialHash) HasAlgorithm() bool {
+	if o != nil && o.Algorithm != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlgorithm gets a reference to the given PasswordCredentialHashAlgorithm and assigns it to the Algorithm field.
+func (o *PasswordCredentialHash) SetAlgorithm(v PasswordCredentialHashAlgorithm) {
+	o.Algorithm = &v
+}
+
+// GetSalt returns the Salt field value if set, zero value otherwise.
+func (o *PasswordCredentialHash) GetSalt() string {
+	if o == nil || o.Salt == nil {
+		var ret string
+		return ret
+	}
+	return *o.Salt
+}
+
+// GetSaltOk returns a tuple with the Salt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredentialHash) GetSaltOk() (*string, bool) {
+	if o == nil || o.Salt == nil {
+		return nil, false
+	}
+	return o.Salt, true
+}
+
+// HasSalt returns a boolean if a field has been set.
+func (o *PasswordCredentialHash) HasSalt() bool {
+	if o != nil && o.Salt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSalt gets a reference to the given string and assigns it to the Salt field.
+func (o *PasswordCredentialHash) SetSalt(v string) {
+	o.Salt = &v
+}
+
+// GetSaltOrder returns the SaltOrder field value if set, zero value otherwise.
+func (o *PasswordCredentialHash) GetSaltOrder() string {
+	if o == nil || o.SaltOrder == nil {
+		var ret string
+		return ret
+	}
+	return *o.SaltOrder
+}
+
+// GetSaltOrderOk returns a tuple with the SaltOrder field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredentialHash) GetSaltOrderOk() (*string, bool) {
+	if o == nil || o.SaltOrder == nil {
+		return nil, false
+	}
+	return o.SaltOrder, true
+}
+
+// HasSaltOrder returns a boolean if a field has been set.
+func (o *PasswordCredentialHash) HasSaltOrder() bool {
+	if o != nil && o.SaltOrder != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSaltOrder gets a reference to the given string and assigns it to the SaltOrder field.
+func (o *PasswordCredentialHash) SetSaltOrder(v string) {
+	o.SaltOrder = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *PasswordCredentialHash) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredentialHash) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *PasswordCredentialHash) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *PasswordCredentialHash) SetValue(v string) {
+	o.Value = &v
+}
+
+// GetWorkFactor returns the WorkFactor field value if set, zero value otherwise.
+func (o *PasswordCredentialHash) GetWorkFactor() int32 {
+	if o == nil || o.WorkFactor == nil {
+		var ret int32
+		return ret
+	}
+	return *o.WorkFactor
+}
+
+// GetWorkFactorOk returns a tuple with the WorkFactor field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredentialHash) GetWorkFactorOk() (*int32, bool) {
+	if o == nil || o.WorkFactor == nil {
+		return nil, false
+	}
+	return o.WorkFactor, true
+}
+
+// HasWorkFactor returns a boolean if a field has been set.
+func (o *PasswordCredentialHash) HasWorkFactor() bool {
+	if o != nil && o.WorkFactor != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWorkFactor gets a reference to the given int32 and assigns it to the WorkFactor field.
+func (o *PasswordCredentialHash) SetWorkFactor(v int32) {
+	o.WorkFactor = &v
+}
+
+func (o PasswordCredentialHash) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Algorithm != nil {
+		toSerialize["algorithm"] = o.Algorithm
+	}
+	if o.Salt != nil {
+		toSerialize["salt"] = o.Salt
+	}
+	if o.SaltOrder != nil {
+		toSerialize["saltOrder"] = o.SaltOrder
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+	if o.WorkFactor != nil {
+		toSerialize["workFactor"] = o.WorkFactor
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordCredentialHash) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordCredentialHash := _PasswordCredentialHash{}
+
+	err = json.Unmarshal(bytes, &varPasswordCredentialHash)
+	if err == nil {
+		*o = PasswordCredentialHash(varPasswordCredentialHash)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "algorithm")
+		delete(additionalProperties, "salt")
+		delete(additionalProperties, "saltOrder")
+		delete(additionalProperties, "value")
+		delete(additionalProperties, "workFactor")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordCredentialHash struct {
+	value *PasswordCredentialHash
+	isSet bool
+}
+
+func (v NullablePasswordCredentialHash) Get() *PasswordCredentialHash {
+	return v.value
+}
+
+func (v *NullablePasswordCredentialHash) Set(val *PasswordCredentialHash) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordCredentialHash) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordCredentialHash) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordCredentialHash(val *PasswordCredentialHash) *NullablePasswordCredentialHash {
+	return &NullablePasswordCredentialHash{value: val, isSet: true}
+}
+
+func (v NullablePasswordCredentialHash) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordCredentialHash) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_credential_hash_algorithm.go b/okta/model_password_credential_hash_algorithm.go
new file mode 100644
index 000000000..8baf774ea
--- /dev/null
+++ b/okta/model_password_credential_hash_algorithm.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PasswordCredentialHashAlgorithm the model 'PasswordCredentialHashAlgorithm'
+type PasswordCredentialHashAlgorithm string
+
+// List of PasswordCredentialHashAlgorithm
+const (
+	PASSWORDCREDENTIALHASHALGORITHM_BCRYPT  PasswordCredentialHashAlgorithm = "BCRYPT"
+	PASSWORDCREDENTIALHASHALGORITHM_MD5     PasswordCredentialHashAlgorithm = "MD5"
+	PASSWORDCREDENTIALHASHALGORITHM_SHA_1   PasswordCredentialHashAlgorithm = "SHA-1"
+	PASSWORDCREDENTIALHASHALGORITHM_SHA_256 PasswordCredentialHashAlgorithm = "SHA-256"
+	PASSWORDCREDENTIALHASHALGORITHM_SHA_512 PasswordCredentialHashAlgorithm = "SHA-512"
+)
+
+// All allowed values of PasswordCredentialHashAlgorithm enum
+var AllowedPasswordCredentialHashAlgorithmEnumValues = []PasswordCredentialHashAlgorithm{
+	"BCRYPT",
+	"MD5",
+	"SHA-1",
+	"SHA-256",
+	"SHA-512",
+}
+
+func (v *PasswordCredentialHashAlgorithm) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PasswordCredentialHashAlgorithm(value)
+	for _, existing := range AllowedPasswordCredentialHashAlgorithmEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PasswordCredentialHashAlgorithm", value)
+}
+
+// NewPasswordCredentialHashAlgorithmFromValue returns a pointer to a valid PasswordCredentialHashAlgorithm
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPasswordCredentialHashAlgorithmFromValue(v string) (*PasswordCredentialHashAlgorithm, error) {
+	ev := PasswordCredentialHashAlgorithm(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PasswordCredentialHashAlgorithm: valid values are %v", v, AllowedPasswordCredentialHashAlgorithmEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PasswordCredentialHashAlgorithm) IsValid() bool {
+	for _, existing := range AllowedPasswordCredentialHashAlgorithmEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PasswordCredentialHashAlgorithm value
+func (v PasswordCredentialHashAlgorithm) Ptr() *PasswordCredentialHashAlgorithm {
+	return &v
+}
+
+type NullablePasswordCredentialHashAlgorithm struct {
+	value *PasswordCredentialHashAlgorithm
+	isSet bool
+}
+
+func (v NullablePasswordCredentialHashAlgorithm) Get() *PasswordCredentialHashAlgorithm {
+	return v.value
+}
+
+func (v *NullablePasswordCredentialHashAlgorithm) Set(val *PasswordCredentialHashAlgorithm) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordCredentialHashAlgorithm) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordCredentialHashAlgorithm) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordCredentialHashAlgorithm(val *PasswordCredentialHashAlgorithm) *NullablePasswordCredentialHashAlgorithm {
+	return &NullablePasswordCredentialHashAlgorithm{value: val, isSet: true}
+}
+
+func (v NullablePasswordCredentialHashAlgorithm) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordCredentialHashAlgorithm) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_credential_hook.go b/okta/model_password_credential_hook.go
new file mode 100644
index 000000000..55a7d46e2
--- /dev/null
+++ b/okta/model_password_credential_hook.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordCredentialHook struct for PasswordCredentialHook
+type PasswordCredentialHook struct {
+	Type                 *string `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordCredentialHook PasswordCredentialHook
+
+// NewPasswordCredentialHook instantiates a new PasswordCredentialHook object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordCredentialHook() *PasswordCredentialHook {
+	this := PasswordCredentialHook{}
+	return &this
+}
+
+// NewPasswordCredentialHookWithDefaults instantiates a new PasswordCredentialHook object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordCredentialHookWithDefaults() *PasswordCredentialHook {
+	this := PasswordCredentialHook{}
+	return &this
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *PasswordCredentialHook) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordCredentialHook) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *PasswordCredentialHook) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *PasswordCredentialHook) SetType(v string) {
+	o.Type = &v
+}
+
+func (o PasswordCredentialHook) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordCredentialHook) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordCredentialHook := _PasswordCredentialHook{}
+
+	err = json.Unmarshal(bytes, &varPasswordCredentialHook)
+	if err == nil {
+		*o = PasswordCredentialHook(varPasswordCredentialHook)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordCredentialHook struct {
+	value *PasswordCredentialHook
+	isSet bool
+}
+
+func (v NullablePasswordCredentialHook) Get() *PasswordCredentialHook {
+	return v.value
+}
+
+func (v *NullablePasswordCredentialHook) Set(val *PasswordCredentialHook) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordCredentialHook) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordCredentialHook) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordCredentialHook(val *PasswordCredentialHook) *NullablePasswordCredentialHook {
+	return &NullablePasswordCredentialHook{value: val, isSet: true}
+}
+
+func (v NullablePasswordCredentialHook) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordCredentialHook) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_dictionary.go b/okta/model_password_dictionary.go
new file mode 100644
index 000000000..33fd056ac
--- /dev/null
+++ b/okta/model_password_dictionary.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordDictionary struct for PasswordDictionary
+type PasswordDictionary struct {
+	Common               *PasswordDictionaryCommon `json:"common,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordDictionary PasswordDictionary
+
+// NewPasswordDictionary instantiates a new PasswordDictionary object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordDictionary() *PasswordDictionary {
+	this := PasswordDictionary{}
+	return &this
+}
+
+// NewPasswordDictionaryWithDefaults instantiates a new PasswordDictionary object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordDictionaryWithDefaults() *PasswordDictionary {
+	this := PasswordDictionary{}
+	return &this
+}
+
+// GetCommon returns the Common field value if set, zero value otherwise.
+func (o *PasswordDictionary) GetCommon() PasswordDictionaryCommon {
+	if o == nil || o.Common == nil {
+		var ret PasswordDictionaryCommon
+		return ret
+	}
+	return *o.Common
+}
+
+// GetCommonOk returns a tuple with the Common field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordDictionary) GetCommonOk() (*PasswordDictionaryCommon, bool) {
+	if o == nil || o.Common == nil {
+		return nil, false
+	}
+	return o.Common, true
+}
+
+// HasCommon returns a boolean if a field has been set.
+func (o *PasswordDictionary) HasCommon() bool {
+	if o != nil && o.Common != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCommon gets a reference to the given PasswordDictionaryCommon and assigns it to the Common field.
+func (o *PasswordDictionary) SetCommon(v PasswordDictionaryCommon) {
+	o.Common = &v
+}
+
+func (o PasswordDictionary) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Common != nil {
+		toSerialize["common"] = o.Common
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordDictionary) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordDictionary := _PasswordDictionary{}
+
+	err = json.Unmarshal(bytes, &varPasswordDictionary)
+	if err == nil {
+		*o = PasswordDictionary(varPasswordDictionary)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "common")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordDictionary struct {
+	value *PasswordDictionary
+	isSet bool
+}
+
+func (v NullablePasswordDictionary) Get() *PasswordDictionary {
+	return v.value
+}
+
+func (v *NullablePasswordDictionary) Set(val *PasswordDictionary) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordDictionary) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordDictionary) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordDictionary(val *PasswordDictionary) *NullablePasswordDictionary {
+	return &NullablePasswordDictionary{value: val, isSet: true}
+}
+
+func (v NullablePasswordDictionary) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordDictionary) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_dictionary_common.go b/okta/model_password_dictionary_common.go
new file mode 100644
index 000000000..930f79039
--- /dev/null
+++ b/okta/model_password_dictionary_common.go
@@ -0,0 +1,162 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordDictionaryCommon struct for PasswordDictionaryCommon
+type PasswordDictionaryCommon struct {
+	Exclude              *bool `json:"exclude,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordDictionaryCommon PasswordDictionaryCommon
+
+// NewPasswordDictionaryCommon instantiates a new PasswordDictionaryCommon object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordDictionaryCommon() *PasswordDictionaryCommon {
+	this := PasswordDictionaryCommon{}
+	var exclude bool = false
+	this.Exclude = &exclude
+	return &this
+}
+
+// NewPasswordDictionaryCommonWithDefaults instantiates a new PasswordDictionaryCommon object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordDictionaryCommonWithDefaults() *PasswordDictionaryCommon {
+	this := PasswordDictionaryCommon{}
+	var exclude bool = false
+	this.Exclude = &exclude
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *PasswordDictionaryCommon) GetExclude() bool {
+	if o == nil || o.Exclude == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordDictionaryCommon) GetExcludeOk() (*bool, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *PasswordDictionaryCommon) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given bool and assigns it to the Exclude field.
+func (o *PasswordDictionaryCommon) SetExclude(v bool) {
+	o.Exclude = &v
+}
+
+func (o PasswordDictionaryCommon) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordDictionaryCommon) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordDictionaryCommon := _PasswordDictionaryCommon{}
+
+	err = json.Unmarshal(bytes, &varPasswordDictionaryCommon)
+	if err == nil {
+		*o = PasswordDictionaryCommon(varPasswordDictionaryCommon)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordDictionaryCommon struct {
+	value *PasswordDictionaryCommon
+	isSet bool
+}
+
+func (v NullablePasswordDictionaryCommon) Get() *PasswordDictionaryCommon {
+	return v.value
+}
+
+func (v *NullablePasswordDictionaryCommon) Set(val *PasswordDictionaryCommon) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordDictionaryCommon) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordDictionaryCommon) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordDictionaryCommon(val *PasswordDictionaryCommon) *NullablePasswordDictionaryCommon {
+	return &NullablePasswordDictionaryCommon{value: val, isSet: true}
+}
+
+func (v NullablePasswordDictionaryCommon) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordDictionaryCommon) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_expiration_policy_rule_condition.go b/okta/model_password_expiration_policy_rule_condition.go
new file mode 100644
index 000000000..37e6111fd
--- /dev/null
+++ b/okta/model_password_expiration_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordExpirationPolicyRuleCondition struct for PasswordExpirationPolicyRuleCondition
+type PasswordExpirationPolicyRuleCondition struct {
+	Number               *int32  `json:"number,omitempty"`
+	Unit                 *string `json:"unit,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordExpirationPolicyRuleCondition PasswordExpirationPolicyRuleCondition
+
+// NewPasswordExpirationPolicyRuleCondition instantiates a new PasswordExpirationPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordExpirationPolicyRuleCondition() *PasswordExpirationPolicyRuleCondition {
+	this := PasswordExpirationPolicyRuleCondition{}
+	return &this
+}
+
+// NewPasswordExpirationPolicyRuleConditionWithDefaults instantiates a new PasswordExpirationPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordExpirationPolicyRuleConditionWithDefaults() *PasswordExpirationPolicyRuleCondition {
+	this := PasswordExpirationPolicyRuleCondition{}
+	return &this
+}
+
+// GetNumber returns the Number field value if set, zero value otherwise.
+func (o *PasswordExpirationPolicyRuleCondition) GetNumber() int32 {
+	if o == nil || o.Number == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Number
+}
+
+// GetNumberOk returns a tuple with the Number field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordExpirationPolicyRuleCondition) GetNumberOk() (*int32, bool) {
+	if o == nil || o.Number == nil {
+		return nil, false
+	}
+	return o.Number, true
+}
+
+// HasNumber returns a boolean if a field has been set.
+func (o *PasswordExpirationPolicyRuleCondition) HasNumber() bool {
+	if o != nil && o.Number != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNumber gets a reference to the given int32 and assigns it to the Number field.
+func (o *PasswordExpirationPolicyRuleCondition) SetNumber(v int32) {
+	o.Number = &v
+}
+
+// GetUnit returns the Unit field value if set, zero value otherwise.
+func (o *PasswordExpirationPolicyRuleCondition) GetUnit() string {
+	if o == nil || o.Unit == nil {
+		var ret string
+		return ret
+	}
+	return *o.Unit
+}
+
+// GetUnitOk returns a tuple with the Unit field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordExpirationPolicyRuleCondition) GetUnitOk() (*string, bool) {
+	if o == nil || o.Unit == nil {
+		return nil, false
+	}
+	return o.Unit, true
+}
+
+// HasUnit returns a boolean if a field has been set.
+func (o *PasswordExpirationPolicyRuleCondition) HasUnit() bool {
+	if o != nil && o.Unit != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnit gets a reference to the given string and assigns it to the Unit field.
+func (o *PasswordExpirationPolicyRuleCondition) SetUnit(v string) {
+	o.Unit = &v
+}
+
+func (o PasswordExpirationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Number != nil {
+		toSerialize["number"] = o.Number
+	}
+	if o.Unit != nil {
+		toSerialize["unit"] = o.Unit
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordExpirationPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordExpirationPolicyRuleCondition := _PasswordExpirationPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varPasswordExpirationPolicyRuleCondition)
+	if err == nil {
+		*o = PasswordExpirationPolicyRuleCondition(varPasswordExpirationPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "number")
+		delete(additionalProperties, "unit")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordExpirationPolicyRuleCondition struct {
+	value *PasswordExpirationPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullablePasswordExpirationPolicyRuleCondition) Get() *PasswordExpirationPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullablePasswordExpirationPolicyRuleCondition) Set(val *PasswordExpirationPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordExpirationPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordExpirationPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordExpirationPolicyRuleCondition(val *PasswordExpirationPolicyRuleCondition) *NullablePasswordExpirationPolicyRuleCondition {
+	return &NullablePasswordExpirationPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullablePasswordExpirationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordExpirationPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy.go b/okta/model_password_policy.go
new file mode 100644
index 000000000..040c7214b
--- /dev/null
+++ b/okta/model_password_policy.go
@@ -0,0 +1,242 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// PasswordPolicy struct for PasswordPolicy
+type PasswordPolicy struct {
+	Policy
+	Conditions           *PasswordPolicyConditions `json:"conditions,omitempty"`
+	Settings             *PasswordPolicySettings   `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicy PasswordPolicy
+
+// NewPasswordPolicy instantiates a new PasswordPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicy() *PasswordPolicy {
+	this := PasswordPolicy{}
+	return &this
+}
+
+// NewPasswordPolicyWithDefaults instantiates a new PasswordPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyWithDefaults() *PasswordPolicy {
+	this := PasswordPolicy{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *PasswordPolicy) GetConditions() PasswordPolicyConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PasswordPolicyConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicy) GetConditionsOk() (*PasswordPolicyConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *PasswordPolicy) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PasswordPolicyConditions and assigns it to the Conditions field.
+func (o *PasswordPolicy) SetConditions(v PasswordPolicyConditions) {
+	o.Conditions = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *PasswordPolicy) GetSettings() PasswordPolicySettings {
+	if o == nil || o.Settings == nil {
+		var ret PasswordPolicySettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicy) GetSettingsOk() (*PasswordPolicySettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *PasswordPolicy) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given PasswordPolicySettings and assigns it to the Settings field.
+func (o *PasswordPolicy) SetSettings(v PasswordPolicySettings) {
+	o.Settings = &v
+}
+
+func (o PasswordPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicy, errPolicy := json.Marshal(o.Policy)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	errPolicy = json.Unmarshal([]byte(serializedPolicy), &toSerialize)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicy) UnmarshalJSON(bytes []byte) (err error) {
+	type PasswordPolicyWithoutEmbeddedStruct struct {
+		Conditions *PasswordPolicyConditions `json:"conditions,omitempty"`
+		Settings   *PasswordPolicySettings   `json:"settings,omitempty"`
+	}
+
+	varPasswordPolicyWithoutEmbeddedStruct := PasswordPolicyWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyWithoutEmbeddedStruct)
+	if err == nil {
+		varPasswordPolicy := _PasswordPolicy{}
+		varPasswordPolicy.Conditions = varPasswordPolicyWithoutEmbeddedStruct.Conditions
+		varPasswordPolicy.Settings = varPasswordPolicyWithoutEmbeddedStruct.Settings
+		*o = PasswordPolicy(varPasswordPolicy)
+	} else {
+		return err
+	}
+
+	varPasswordPolicy := _PasswordPolicy{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicy)
+	if err == nil {
+		o.Policy = varPasswordPolicy.Policy
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectPolicy := reflect.ValueOf(o.Policy)
+		for i := 0; i < reflectPolicy.Type().NumField(); i++ {
+			t := reflectPolicy.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicy struct {
+	value *PasswordPolicy
+	isSet bool
+}
+
+func (v NullablePasswordPolicy) Get() *PasswordPolicy {
+	return v.value
+}
+
+func (v *NullablePasswordPolicy) Set(val *PasswordPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicy(val *PasswordPolicy) *NullablePasswordPolicy {
+	return &NullablePasswordPolicy{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_all_of.go b/okta/model_password_policy_all_of.go
new file mode 100644
index 000000000..5c0d1a135
--- /dev/null
+++ b/okta/model_password_policy_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyAllOf struct for PasswordPolicyAllOf
+type PasswordPolicyAllOf struct {
+	Conditions           *PasswordPolicyConditions `json:"conditions,omitempty"`
+	Settings             *PasswordPolicySettings   `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyAllOf PasswordPolicyAllOf
+
+// NewPasswordPolicyAllOf instantiates a new PasswordPolicyAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyAllOf() *PasswordPolicyAllOf {
+	this := PasswordPolicyAllOf{}
+	return &this
+}
+
+// NewPasswordPolicyAllOfWithDefaults instantiates a new PasswordPolicyAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyAllOfWithDefaults() *PasswordPolicyAllOf {
+	this := PasswordPolicyAllOf{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *PasswordPolicyAllOf) GetConditions() PasswordPolicyConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PasswordPolicyConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyAllOf) GetConditionsOk() (*PasswordPolicyConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *PasswordPolicyAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PasswordPolicyConditions and assigns it to the Conditions field.
+func (o *PasswordPolicyAllOf) SetConditions(v PasswordPolicyConditions) {
+	o.Conditions = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *PasswordPolicyAllOf) GetSettings() PasswordPolicySettings {
+	if o == nil || o.Settings == nil {
+		var ret PasswordPolicySettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyAllOf) GetSettingsOk() (*PasswordPolicySettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *PasswordPolicyAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given PasswordPolicySettings and assigns it to the Settings field.
+func (o *PasswordPolicyAllOf) SetSettings(v PasswordPolicySettings) {
+	o.Settings = &v
+}
+
+func (o PasswordPolicyAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyAllOf := _PasswordPolicyAllOf{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyAllOf)
+	if err == nil {
+		*o = PasswordPolicyAllOf(varPasswordPolicyAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyAllOf struct {
+	value *PasswordPolicyAllOf
+	isSet bool
+}
+
+func (v NullablePasswordPolicyAllOf) Get() *PasswordPolicyAllOf {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyAllOf) Set(val *PasswordPolicyAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyAllOf(val *PasswordPolicyAllOf) *NullablePasswordPolicyAllOf {
+	return &NullablePasswordPolicyAllOf{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_authentication_provider_condition.go b/okta/model_password_policy_authentication_provider_condition.go
new file mode 100644
index 000000000..03e839904
--- /dev/null
+++ b/okta/model_password_policy_authentication_provider_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyAuthenticationProviderCondition struct for PasswordPolicyAuthenticationProviderCondition
+type PasswordPolicyAuthenticationProviderCondition struct {
+	Include              []string                                  `json:"include,omitempty"`
+	Provider             *PasswordPolicyAuthenticationProviderType `json:"provider,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyAuthenticationProviderCondition PasswordPolicyAuthenticationProviderCondition
+
+// NewPasswordPolicyAuthenticationProviderCondition instantiates a new PasswordPolicyAuthenticationProviderCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyAuthenticationProviderCondition() *PasswordPolicyAuthenticationProviderCondition {
+	this := PasswordPolicyAuthenticationProviderCondition{}
+	return &this
+}
+
+// NewPasswordPolicyAuthenticationProviderConditionWithDefaults instantiates a new PasswordPolicyAuthenticationProviderCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyAuthenticationProviderConditionWithDefaults() *PasswordPolicyAuthenticationProviderCondition {
+	this := PasswordPolicyAuthenticationProviderCondition{}
+	return &this
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *PasswordPolicyAuthenticationProviderCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyAuthenticationProviderCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *PasswordPolicyAuthenticationProviderCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *PasswordPolicyAuthenticationProviderCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+// GetProvider returns the Provider field value if set, zero value otherwise.
+func (o *PasswordPolicyAuthenticationProviderCondition) GetProvider() PasswordPolicyAuthenticationProviderType {
+	if o == nil || o.Provider == nil {
+		var ret PasswordPolicyAuthenticationProviderType
+		return ret
+	}
+	return *o.Provider
+}
+
+// GetProviderOk returns a tuple with the Provider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyAuthenticationProviderCondition) GetProviderOk() (*PasswordPolicyAuthenticationProviderType, bool) {
+	if o == nil || o.Provider == nil {
+		return nil, false
+	}
+	return o.Provider, true
+}
+
+// HasProvider returns a boolean if a field has been set.
+func (o *PasswordPolicyAuthenticationProviderCondition) HasProvider() bool {
+	if o != nil && o.Provider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProvider gets a reference to the given PasswordPolicyAuthenticationProviderType and assigns it to the Provider field.
+func (o *PasswordPolicyAuthenticationProviderCondition) SetProvider(v PasswordPolicyAuthenticationProviderType) {
+	o.Provider = &v
+}
+
+func (o PasswordPolicyAuthenticationProviderCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+	if o.Provider != nil {
+		toSerialize["provider"] = o.Provider
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyAuthenticationProviderCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyAuthenticationProviderCondition := _PasswordPolicyAuthenticationProviderCondition{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyAuthenticationProviderCondition)
+	if err == nil {
+		*o = PasswordPolicyAuthenticationProviderCondition(varPasswordPolicyAuthenticationProviderCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "include")
+		delete(additionalProperties, "provider")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyAuthenticationProviderCondition struct {
+	value *PasswordPolicyAuthenticationProviderCondition
+	isSet bool
+}
+
+func (v NullablePasswordPolicyAuthenticationProviderCondition) Get() *PasswordPolicyAuthenticationProviderCondition {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyAuthenticationProviderCondition) Set(val *PasswordPolicyAuthenticationProviderCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyAuthenticationProviderCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyAuthenticationProviderCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyAuthenticationProviderCondition(val *PasswordPolicyAuthenticationProviderCondition) *NullablePasswordPolicyAuthenticationProviderCondition {
+	return &NullablePasswordPolicyAuthenticationProviderCondition{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyAuthenticationProviderCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyAuthenticationProviderCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_authentication_provider_type.go b/okta/model_password_policy_authentication_provider_type.go
new file mode 100644
index 000000000..9a146e022
--- /dev/null
+++ b/okta/model_password_policy_authentication_provider_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PasswordPolicyAuthenticationProviderType the model 'PasswordPolicyAuthenticationProviderType'
+type PasswordPolicyAuthenticationProviderType string
+
+// List of PasswordPolicyAuthenticationProviderType
+const (
+	PASSWORDPOLICYAUTHENTICATIONPROVIDERTYPE_ACTIVE_DIRECTORY PasswordPolicyAuthenticationProviderType = "ACTIVE_DIRECTORY"
+	PASSWORDPOLICYAUTHENTICATIONPROVIDERTYPE_ANY              PasswordPolicyAuthenticationProviderType = "ANY"
+	PASSWORDPOLICYAUTHENTICATIONPROVIDERTYPE_LDAP             PasswordPolicyAuthenticationProviderType = "LDAP"
+	PASSWORDPOLICYAUTHENTICATIONPROVIDERTYPE_OKTA             PasswordPolicyAuthenticationProviderType = "OKTA"
+)
+
+// All allowed values of PasswordPolicyAuthenticationProviderType enum
+var AllowedPasswordPolicyAuthenticationProviderTypeEnumValues = []PasswordPolicyAuthenticationProviderType{
+	"ACTIVE_DIRECTORY",
+	"ANY",
+	"LDAP",
+	"OKTA",
+}
+
+func (v *PasswordPolicyAuthenticationProviderType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PasswordPolicyAuthenticationProviderType(value)
+	for _, existing := range AllowedPasswordPolicyAuthenticationProviderTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PasswordPolicyAuthenticationProviderType", value)
+}
+
+// NewPasswordPolicyAuthenticationProviderTypeFromValue returns a pointer to a valid PasswordPolicyAuthenticationProviderType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPasswordPolicyAuthenticationProviderTypeFromValue(v string) (*PasswordPolicyAuthenticationProviderType, error) {
+	ev := PasswordPolicyAuthenticationProviderType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PasswordPolicyAuthenticationProviderType: valid values are %v", v, AllowedPasswordPolicyAuthenticationProviderTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PasswordPolicyAuthenticationProviderType) IsValid() bool {
+	for _, existing := range AllowedPasswordPolicyAuthenticationProviderTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PasswordPolicyAuthenticationProviderType value
+func (v PasswordPolicyAuthenticationProviderType) Ptr() *PasswordPolicyAuthenticationProviderType {
+	return &v
+}
+
+type NullablePasswordPolicyAuthenticationProviderType struct {
+	value *PasswordPolicyAuthenticationProviderType
+	isSet bool
+}
+
+func (v NullablePasswordPolicyAuthenticationProviderType) Get() *PasswordPolicyAuthenticationProviderType {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyAuthenticationProviderType) Set(val *PasswordPolicyAuthenticationProviderType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyAuthenticationProviderType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyAuthenticationProviderType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyAuthenticationProviderType(val *PasswordPolicyAuthenticationProviderType) *NullablePasswordPolicyAuthenticationProviderType {
+	return &NullablePasswordPolicyAuthenticationProviderType{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyAuthenticationProviderType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyAuthenticationProviderType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_conditions.go b/okta/model_password_policy_conditions.go
new file mode 100644
index 000000000..d856752c0
--- /dev/null
+++ b/okta/model_password_policy_conditions.go
@@ -0,0 +1,898 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyConditions struct for PasswordPolicyConditions
+type PasswordPolicyConditions struct {
+	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
+	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
+	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
+	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
+	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
+	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
+	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
+	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
+	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
+	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
+	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
+	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
+	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
+	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
+	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
+	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
+	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
+	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
+	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
+	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _PasswordPolicyConditions PasswordPolicyConditions
+
+// NewPasswordPolicyConditions instantiates a new PasswordPolicyConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyConditions() *PasswordPolicyConditions {
+	this := PasswordPolicyConditions{}
+	return &this
+}
+
+// NewPasswordPolicyConditionsWithDefaults instantiates a new PasswordPolicyConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyConditionsWithDefaults() *PasswordPolicyConditions {
+	this := PasswordPolicyConditions{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetApp() AppAndInstancePolicyRuleCondition {
+	if o == nil || o.App == nil {
+		var ret AppAndInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given AppAndInstancePolicyRuleCondition and assigns it to the App field.
+func (o *PasswordPolicyConditions) SetApp(v AppAndInstancePolicyRuleCondition) {
+	o.App = &v
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetApps() AppInstancePolicyRuleCondition {
+	if o == nil || o.Apps == nil {
+		var ret AppInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given AppInstancePolicyRuleCondition and assigns it to the Apps field.
+func (o *PasswordPolicyConditions) SetApps(v AppInstancePolicyRuleCondition) {
+	o.Apps = &v
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *PasswordPolicyConditions) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *PasswordPolicyConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetBeforeScheduledAction returns the BeforeScheduledAction field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition {
+	if o == nil || o.BeforeScheduledAction == nil {
+		var ret BeforeScheduledActionPolicyRuleCondition
+		return ret
+	}
+	return *o.BeforeScheduledAction
+}
+
+// GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool) {
+	if o == nil || o.BeforeScheduledAction == nil {
+		return nil, false
+	}
+	return o.BeforeScheduledAction, true
+}
+
+// HasBeforeScheduledAction returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasBeforeScheduledAction() bool {
+	if o != nil && o.BeforeScheduledAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBeforeScheduledAction gets a reference to the given BeforeScheduledActionPolicyRuleCondition and assigns it to the BeforeScheduledAction field.
+func (o *PasswordPolicyConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition) {
+	o.BeforeScheduledAction = &v
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *PasswordPolicyConditions) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetContext returns the Context field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetContext() ContextPolicyRuleCondition {
+	if o == nil || o.Context == nil {
+		var ret ContextPolicyRuleCondition
+		return ret
+	}
+	return *o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetContextOk() (*ContextPolicyRuleCondition, bool) {
+	if o == nil || o.Context == nil {
+		return nil, false
+	}
+	return o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasContext() bool {
+	if o != nil && o.Context != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContext gets a reference to the given ContextPolicyRuleCondition and assigns it to the Context field.
+func (o *PasswordPolicyConditions) SetContext(v ContextPolicyRuleCondition) {
+	o.Context = &v
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetDevice() DevicePolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DevicePolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DevicePolicyRuleCondition and assigns it to the Device field.
+func (o *PasswordPolicyConditions) SetDevice(v DevicePolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *PasswordPolicyConditions) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetGroups() GroupPolicyRuleCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupPolicyRuleCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupPolicyRuleCondition and assigns it to the Groups field.
+func (o *PasswordPolicyConditions) SetGroups(v GroupPolicyRuleCondition) {
+	o.Groups = &v
+}
+
+// GetIdentityProvider returns the IdentityProvider field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition {
+	if o == nil || o.IdentityProvider == nil {
+		var ret IdentityProviderPolicyRuleCondition
+		return ret
+	}
+	return *o.IdentityProvider
+}
+
+// GetIdentityProviderOk returns a tuple with the IdentityProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool) {
+	if o == nil || o.IdentityProvider == nil {
+		return nil, false
+	}
+	return o.IdentityProvider, true
+}
+
+// HasIdentityProvider returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasIdentityProvider() bool {
+	if o != nil && o.IdentityProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityProvider gets a reference to the given IdentityProviderPolicyRuleCondition and assigns it to the IdentityProvider field.
+func (o *PasswordPolicyConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition) {
+	o.IdentityProvider = &v
+}
+
+// GetMdmEnrollment returns the MdmEnrollment field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition {
+	if o == nil || o.MdmEnrollment == nil {
+		var ret MDMEnrollmentPolicyRuleCondition
+		return ret
+	}
+	return *o.MdmEnrollment
+}
+
+// GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool) {
+	if o == nil || o.MdmEnrollment == nil {
+		return nil, false
+	}
+	return o.MdmEnrollment, true
+}
+
+// HasMdmEnrollment returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasMdmEnrollment() bool {
+	if o != nil && o.MdmEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMdmEnrollment gets a reference to the given MDMEnrollmentPolicyRuleCondition and assigns it to the MdmEnrollment field.
+func (o *PasswordPolicyConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition) {
+	o.MdmEnrollment = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *PasswordPolicyConditions) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *PasswordPolicyConditions) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetPlatform() PlatformPolicyRuleCondition {
+	if o == nil || o.Platform == nil {
+		var ret PlatformPolicyRuleCondition
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given PlatformPolicyRuleCondition and assigns it to the Platform field.
+func (o *PasswordPolicyConditions) SetPlatform(v PlatformPolicyRuleCondition) {
+	o.Platform = &v
+}
+
+// GetRisk returns the Risk field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetRisk() RiskPolicyRuleCondition {
+	if o == nil || o.Risk == nil {
+		var ret RiskPolicyRuleCondition
+		return ret
+	}
+	return *o.Risk
+}
+
+// GetRiskOk returns a tuple with the Risk field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool) {
+	if o == nil || o.Risk == nil {
+		return nil, false
+	}
+	return o.Risk, true
+}
+
+// HasRisk returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasRisk() bool {
+	if o != nil && o.Risk != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRisk gets a reference to the given RiskPolicyRuleCondition and assigns it to the Risk field.
+func (o *PasswordPolicyConditions) SetRisk(v RiskPolicyRuleCondition) {
+	o.Risk = &v
+}
+
+// GetRiskScore returns the RiskScore field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetRiskScore() RiskScorePolicyRuleCondition {
+	if o == nil || o.RiskScore == nil {
+		var ret RiskScorePolicyRuleCondition
+		return ret
+	}
+	return *o.RiskScore
+}
+
+// GetRiskScoreOk returns a tuple with the RiskScore field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool) {
+	if o == nil || o.RiskScore == nil {
+		return nil, false
+	}
+	return o.RiskScore, true
+}
+
+// HasRiskScore returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasRiskScore() bool {
+	if o != nil && o.RiskScore != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskScore gets a reference to the given RiskScorePolicyRuleCondition and assigns it to the RiskScore field.
+func (o *PasswordPolicyConditions) SetRiskScore(v RiskScorePolicyRuleCondition) {
+	o.RiskScore = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *PasswordPolicyConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+// GetUserIdentifier returns the UserIdentifier field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition {
+	if o == nil || o.UserIdentifier == nil {
+		var ret UserIdentifierPolicyRuleCondition
+		return ret
+	}
+	return *o.UserIdentifier
+}
+
+// GetUserIdentifierOk returns a tuple with the UserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool) {
+	if o == nil || o.UserIdentifier == nil {
+		return nil, false
+	}
+	return o.UserIdentifier, true
+}
+
+// HasUserIdentifier returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasUserIdentifier() bool {
+	if o != nil && o.UserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserIdentifier gets a reference to the given UserIdentifierPolicyRuleCondition and assigns it to the UserIdentifier field.
+func (o *PasswordPolicyConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition) {
+	o.UserIdentifier = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetUsers() UserPolicyRuleCondition {
+	if o == nil || o.Users == nil {
+		var ret UserPolicyRuleCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetUsersOk() (*UserPolicyRuleCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserPolicyRuleCondition and assigns it to the Users field.
+func (o *PasswordPolicyConditions) SetUsers(v UserPolicyRuleCondition) {
+	o.Users = &v
+}
+
+// GetUserStatus returns the UserStatus field value if set, zero value otherwise.
+func (o *PasswordPolicyConditions) GetUserStatus() UserStatusPolicyRuleCondition {
+	if o == nil || o.UserStatus == nil {
+		var ret UserStatusPolicyRuleCondition
+		return ret
+	}
+	return *o.UserStatus
+}
+
+// GetUserStatusOk returns a tuple with the UserStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool) {
+	if o == nil || o.UserStatus == nil {
+		return nil, false
+	}
+	return o.UserStatus, true
+}
+
+// HasUserStatus returns a boolean if a field has been set.
+func (o *PasswordPolicyConditions) HasUserStatus() bool {
+	if o != nil && o.UserStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserStatus gets a reference to the given UserStatusPolicyRuleCondition and assigns it to the UserStatus field.
+func (o *PasswordPolicyConditions) SetUserStatus(v UserStatusPolicyRuleCondition) {
+	o.UserStatus = &v
+}
+
+func (o PasswordPolicyConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.BeforeScheduledAction != nil {
+		toSerialize["beforeScheduledAction"] = o.BeforeScheduledAction
+	}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.Context != nil {
+		toSerialize["context"] = o.Context
+	}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.IdentityProvider != nil {
+		toSerialize["identityProvider"] = o.IdentityProvider
+	}
+	if o.MdmEnrollment != nil {
+		toSerialize["mdmEnrollment"] = o.MdmEnrollment
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Risk != nil {
+		toSerialize["risk"] = o.Risk
+	}
+	if o.RiskScore != nil {
+		toSerialize["riskScore"] = o.RiskScore
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.UserIdentifier != nil {
+		toSerialize["userIdentifier"] = o.UserIdentifier
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.UserStatus != nil {
+		toSerialize["userStatus"] = o.UserStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyConditions := _PasswordPolicyConditions{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyConditions)
+	if err == nil {
+		*o = PasswordPolicyConditions(varPasswordPolicyConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "beforeScheduledAction")
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "context")
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "identityProvider")
+		delete(additionalProperties, "mdmEnrollment")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "risk")
+		delete(additionalProperties, "riskScore")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "userIdentifier")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "userStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyConditions struct {
+	value *PasswordPolicyConditions
+	isSet bool
+}
+
+func (v NullablePasswordPolicyConditions) Get() *PasswordPolicyConditions {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyConditions) Set(val *PasswordPolicyConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyConditions(val *PasswordPolicyConditions) *NullablePasswordPolicyConditions {
+	return &NullablePasswordPolicyConditions{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_conditions_all_of.go b/okta/model_password_policy_conditions_all_of.go
new file mode 100644
index 000000000..ab112d98a
--- /dev/null
+++ b/okta/model_password_policy_conditions_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyConditionsAllOf struct for PasswordPolicyConditionsAllOf
+type PasswordPolicyConditionsAllOf struct {
+	AuthProvider         *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	People               *PolicyPeopleCondition                         `json:"people,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyConditionsAllOf PasswordPolicyConditionsAllOf
+
+// NewPasswordPolicyConditionsAllOf instantiates a new PasswordPolicyConditionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyConditionsAllOf() *PasswordPolicyConditionsAllOf {
+	this := PasswordPolicyConditionsAllOf{}
+	return &this
+}
+
+// NewPasswordPolicyConditionsAllOfWithDefaults instantiates a new PasswordPolicyConditionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyConditionsAllOfWithDefaults() *PasswordPolicyConditionsAllOf {
+	this := PasswordPolicyConditionsAllOf{}
+	return &this
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *PasswordPolicyConditionsAllOf) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditionsAllOf) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *PasswordPolicyConditionsAllOf) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *PasswordPolicyConditionsAllOf) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *PasswordPolicyConditionsAllOf) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *PasswordPolicyConditionsAllOf) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *PasswordPolicyConditionsAllOf) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+func (o PasswordPolicyConditionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyConditionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyConditionsAllOf := _PasswordPolicyConditionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyConditionsAllOf)
+	if err == nil {
+		*o = PasswordPolicyConditionsAllOf(varPasswordPolicyConditionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "people")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyConditionsAllOf struct {
+	value *PasswordPolicyConditionsAllOf
+	isSet bool
+}
+
+func (v NullablePasswordPolicyConditionsAllOf) Get() *PasswordPolicyConditionsAllOf {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyConditionsAllOf) Set(val *PasswordPolicyConditionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyConditionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyConditionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyConditionsAllOf(val *PasswordPolicyConditionsAllOf) *NullablePasswordPolicyConditionsAllOf {
+	return &NullablePasswordPolicyConditionsAllOf{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyConditionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyConditionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_delegation_settings.go b/okta/model_password_policy_delegation_settings.go
new file mode 100644
index 000000000..6d94e4e15
--- /dev/null
+++ b/okta/model_password_policy_delegation_settings.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyDelegationSettings struct for PasswordPolicyDelegationSettings
+type PasswordPolicyDelegationSettings struct {
+	Options              *PasswordPolicyDelegationSettingsOptions `json:"options,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyDelegationSettings PasswordPolicyDelegationSettings
+
+// NewPasswordPolicyDelegationSettings instantiates a new PasswordPolicyDelegationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyDelegationSettings() *PasswordPolicyDelegationSettings {
+	this := PasswordPolicyDelegationSettings{}
+	return &this
+}
+
+// NewPasswordPolicyDelegationSettingsWithDefaults instantiates a new PasswordPolicyDelegationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyDelegationSettingsWithDefaults() *PasswordPolicyDelegationSettings {
+	this := PasswordPolicyDelegationSettings{}
+	return &this
+}
+
+// GetOptions returns the Options field value if set, zero value otherwise.
+func (o *PasswordPolicyDelegationSettings) GetOptions() PasswordPolicyDelegationSettingsOptions {
+	if o == nil || o.Options == nil {
+		var ret PasswordPolicyDelegationSettingsOptions
+		return ret
+	}
+	return *o.Options
+}
+
+// GetOptionsOk returns a tuple with the Options field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyDelegationSettings) GetOptionsOk() (*PasswordPolicyDelegationSettingsOptions, bool) {
+	if o == nil || o.Options == nil {
+		return nil, false
+	}
+	return o.Options, true
+}
+
+// HasOptions returns a boolean if a field has been set.
+func (o *PasswordPolicyDelegationSettings) HasOptions() bool {
+	if o != nil && o.Options != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptions gets a reference to the given PasswordPolicyDelegationSettingsOptions and assigns it to the Options field.
+func (o *PasswordPolicyDelegationSettings) SetOptions(v PasswordPolicyDelegationSettingsOptions) {
+	o.Options = &v
+}
+
+func (o PasswordPolicyDelegationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Options != nil {
+		toSerialize["options"] = o.Options
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyDelegationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyDelegationSettings := _PasswordPolicyDelegationSettings{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyDelegationSettings)
+	if err == nil {
+		*o = PasswordPolicyDelegationSettings(varPasswordPolicyDelegationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "options")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyDelegationSettings struct {
+	value *PasswordPolicyDelegationSettings
+	isSet bool
+}
+
+func (v NullablePasswordPolicyDelegationSettings) Get() *PasswordPolicyDelegationSettings {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyDelegationSettings) Set(val *PasswordPolicyDelegationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyDelegationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyDelegationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyDelegationSettings(val *PasswordPolicyDelegationSettings) *NullablePasswordPolicyDelegationSettings {
+	return &NullablePasswordPolicyDelegationSettings{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyDelegationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyDelegationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_delegation_settings_options.go b/okta/model_password_policy_delegation_settings_options.go
new file mode 100644
index 000000000..27ccd2691
--- /dev/null
+++ b/okta/model_password_policy_delegation_settings_options.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyDelegationSettingsOptions struct for PasswordPolicyDelegationSettingsOptions
+type PasswordPolicyDelegationSettingsOptions struct {
+	SkipUnlock           *bool `json:"skipUnlock,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyDelegationSettingsOptions PasswordPolicyDelegationSettingsOptions
+
+// NewPasswordPolicyDelegationSettingsOptions instantiates a new PasswordPolicyDelegationSettingsOptions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyDelegationSettingsOptions() *PasswordPolicyDelegationSettingsOptions {
+	this := PasswordPolicyDelegationSettingsOptions{}
+	return &this
+}
+
+// NewPasswordPolicyDelegationSettingsOptionsWithDefaults instantiates a new PasswordPolicyDelegationSettingsOptions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyDelegationSettingsOptionsWithDefaults() *PasswordPolicyDelegationSettingsOptions {
+	this := PasswordPolicyDelegationSettingsOptions{}
+	return &this
+}
+
+// GetSkipUnlock returns the SkipUnlock field value if set, zero value otherwise.
+func (o *PasswordPolicyDelegationSettingsOptions) GetSkipUnlock() bool {
+	if o == nil || o.SkipUnlock == nil {
+		var ret bool
+		return ret
+	}
+	return *o.SkipUnlock
+}
+
+// GetSkipUnlockOk returns a tuple with the SkipUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyDelegationSettingsOptions) GetSkipUnlockOk() (*bool, bool) {
+	if o == nil || o.SkipUnlock == nil {
+		return nil, false
+	}
+	return o.SkipUnlock, true
+}
+
+// HasSkipUnlock returns a boolean if a field has been set.
+func (o *PasswordPolicyDelegationSettingsOptions) HasSkipUnlock() bool {
+	if o != nil && o.SkipUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSkipUnlock gets a reference to the given bool and assigns it to the SkipUnlock field.
+func (o *PasswordPolicyDelegationSettingsOptions) SetSkipUnlock(v bool) {
+	o.SkipUnlock = &v
+}
+
+func (o PasswordPolicyDelegationSettingsOptions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.SkipUnlock != nil {
+		toSerialize["skipUnlock"] = o.SkipUnlock
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyDelegationSettingsOptions) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyDelegationSettingsOptions := _PasswordPolicyDelegationSettingsOptions{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyDelegationSettingsOptions)
+	if err == nil {
+		*o = PasswordPolicyDelegationSettingsOptions(varPasswordPolicyDelegationSettingsOptions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "skipUnlock")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyDelegationSettingsOptions struct {
+	value *PasswordPolicyDelegationSettingsOptions
+	isSet bool
+}
+
+func (v NullablePasswordPolicyDelegationSettingsOptions) Get() *PasswordPolicyDelegationSettingsOptions {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyDelegationSettingsOptions) Set(val *PasswordPolicyDelegationSettingsOptions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyDelegationSettingsOptions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyDelegationSettingsOptions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyDelegationSettingsOptions(val *PasswordPolicyDelegationSettingsOptions) *NullablePasswordPolicyDelegationSettingsOptions {
+	return &NullablePasswordPolicyDelegationSettingsOptions{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyDelegationSettingsOptions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyDelegationSettingsOptions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_password_settings.go b/okta/model_password_policy_password_settings.go
new file mode 100644
index 000000000..e7b2919af
--- /dev/null
+++ b/okta/model_password_policy_password_settings.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyPasswordSettings struct for PasswordPolicyPasswordSettings
+type PasswordPolicyPasswordSettings struct {
+	Age                  *PasswordPolicyPasswordSettingsAge        `json:"age,omitempty"`
+	Complexity           *PasswordPolicyPasswordSettingsComplexity `json:"complexity,omitempty"`
+	Lockout              *PasswordPolicyPasswordSettingsLockout    `json:"lockout,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyPasswordSettings PasswordPolicyPasswordSettings
+
+// NewPasswordPolicyPasswordSettings instantiates a new PasswordPolicyPasswordSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyPasswordSettings() *PasswordPolicyPasswordSettings {
+	this := PasswordPolicyPasswordSettings{}
+	return &this
+}
+
+// NewPasswordPolicyPasswordSettingsWithDefaults instantiates a new PasswordPolicyPasswordSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyPasswordSettingsWithDefaults() *PasswordPolicyPasswordSettings {
+	this := PasswordPolicyPasswordSettings{}
+	return &this
+}
+
+// GetAge returns the Age field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettings) GetAge() PasswordPolicyPasswordSettingsAge {
+	if o == nil || o.Age == nil {
+		var ret PasswordPolicyPasswordSettingsAge
+		return ret
+	}
+	return *o.Age
+}
+
+// GetAgeOk returns a tuple with the Age field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettings) GetAgeOk() (*PasswordPolicyPasswordSettingsAge, bool) {
+	if o == nil || o.Age == nil {
+		return nil, false
+	}
+	return o.Age, true
+}
+
+// HasAge returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettings) HasAge() bool {
+	if o != nil && o.Age != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAge gets a reference to the given PasswordPolicyPasswordSettingsAge and assigns it to the Age field.
+func (o *PasswordPolicyPasswordSettings) SetAge(v PasswordPolicyPasswordSettingsAge) {
+	o.Age = &v
+}
+
+// GetComplexity returns the Complexity field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettings) GetComplexity() PasswordPolicyPasswordSettingsComplexity {
+	if o == nil || o.Complexity == nil {
+		var ret PasswordPolicyPasswordSettingsComplexity
+		return ret
+	}
+	return *o.Complexity
+}
+
+// GetComplexityOk returns a tuple with the Complexity field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettings) GetComplexityOk() (*PasswordPolicyPasswordSettingsComplexity, bool) {
+	if o == nil || o.Complexity == nil {
+		return nil, false
+	}
+	return o.Complexity, true
+}
+
+// HasComplexity returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettings) HasComplexity() bool {
+	if o != nil && o.Complexity != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetComplexity gets a reference to the given PasswordPolicyPasswordSettingsComplexity and assigns it to the Complexity field.
+func (o *PasswordPolicyPasswordSettings) SetComplexity(v PasswordPolicyPasswordSettingsComplexity) {
+	o.Complexity = &v
+}
+
+// GetLockout returns the Lockout field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettings) GetLockout() PasswordPolicyPasswordSettingsLockout {
+	if o == nil || o.Lockout == nil {
+		var ret PasswordPolicyPasswordSettingsLockout
+		return ret
+	}
+	return *o.Lockout
+}
+
+// GetLockoutOk returns a tuple with the Lockout field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettings) GetLockoutOk() (*PasswordPolicyPasswordSettingsLockout, bool) {
+	if o == nil || o.Lockout == nil {
+		return nil, false
+	}
+	return o.Lockout, true
+}
+
+// HasLockout returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettings) HasLockout() bool {
+	if o != nil && o.Lockout != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLockout gets a reference to the given PasswordPolicyPasswordSettingsLockout and assigns it to the Lockout field.
+func (o *PasswordPolicyPasswordSettings) SetLockout(v PasswordPolicyPasswordSettingsLockout) {
+	o.Lockout = &v
+}
+
+func (o PasswordPolicyPasswordSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Age != nil {
+		toSerialize["age"] = o.Age
+	}
+	if o.Complexity != nil {
+		toSerialize["complexity"] = o.Complexity
+	}
+	if o.Lockout != nil {
+		toSerialize["lockout"] = o.Lockout
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyPasswordSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyPasswordSettings := _PasswordPolicyPasswordSettings{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyPasswordSettings)
+	if err == nil {
+		*o = PasswordPolicyPasswordSettings(varPasswordPolicyPasswordSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "age")
+		delete(additionalProperties, "complexity")
+		delete(additionalProperties, "lockout")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyPasswordSettings struct {
+	value *PasswordPolicyPasswordSettings
+	isSet bool
+}
+
+func (v NullablePasswordPolicyPasswordSettings) Get() *PasswordPolicyPasswordSettings {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyPasswordSettings) Set(val *PasswordPolicyPasswordSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyPasswordSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyPasswordSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyPasswordSettings(val *PasswordPolicyPasswordSettings) *NullablePasswordPolicyPasswordSettings {
+	return &NullablePasswordPolicyPasswordSettings{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyPasswordSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyPasswordSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_password_settings_age.go b/okta/model_password_policy_password_settings_age.go
new file mode 100644
index 000000000..dbdafb0c2
--- /dev/null
+++ b/okta/model_password_policy_password_settings_age.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyPasswordSettingsAge struct for PasswordPolicyPasswordSettingsAge
+type PasswordPolicyPasswordSettingsAge struct {
+	ExpireWarnDays       *int32 `json:"expireWarnDays,omitempty"`
+	HistoryCount         *int32 `json:"historyCount,omitempty"`
+	MaxAgeDays           *int32 `json:"maxAgeDays,omitempty"`
+	MinAgeMinutes        *int32 `json:"minAgeMinutes,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyPasswordSettingsAge PasswordPolicyPasswordSettingsAge
+
+// NewPasswordPolicyPasswordSettingsAge instantiates a new PasswordPolicyPasswordSettingsAge object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyPasswordSettingsAge() *PasswordPolicyPasswordSettingsAge {
+	this := PasswordPolicyPasswordSettingsAge{}
+	return &this
+}
+
+// NewPasswordPolicyPasswordSettingsAgeWithDefaults instantiates a new PasswordPolicyPasswordSettingsAge object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyPasswordSettingsAgeWithDefaults() *PasswordPolicyPasswordSettingsAge {
+	this := PasswordPolicyPasswordSettingsAge{}
+	return &this
+}
+
+// GetExpireWarnDays returns the ExpireWarnDays field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsAge) GetExpireWarnDays() int32 {
+	if o == nil || o.ExpireWarnDays == nil {
+		var ret int32
+		return ret
+	}
+	return *o.ExpireWarnDays
+}
+
+// GetExpireWarnDaysOk returns a tuple with the ExpireWarnDays field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsAge) GetExpireWarnDaysOk() (*int32, bool) {
+	if o == nil || o.ExpireWarnDays == nil {
+		return nil, false
+	}
+	return o.ExpireWarnDays, true
+}
+
+// HasExpireWarnDays returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsAge) HasExpireWarnDays() bool {
+	if o != nil && o.ExpireWarnDays != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpireWarnDays gets a reference to the given int32 and assigns it to the ExpireWarnDays field.
+func (o *PasswordPolicyPasswordSettingsAge) SetExpireWarnDays(v int32) {
+	o.ExpireWarnDays = &v
+}
+
+// GetHistoryCount returns the HistoryCount field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsAge) GetHistoryCount() int32 {
+	if o == nil || o.HistoryCount == nil {
+		var ret int32
+		return ret
+	}
+	return *o.HistoryCount
+}
+
+// GetHistoryCountOk returns a tuple with the HistoryCount field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsAge) GetHistoryCountOk() (*int32, bool) {
+	if o == nil || o.HistoryCount == nil {
+		return nil, false
+	}
+	return o.HistoryCount, true
+}
+
+// HasHistoryCount returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsAge) HasHistoryCount() bool {
+	if o != nil && o.HistoryCount != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHistoryCount gets a reference to the given int32 and assigns it to the HistoryCount field.
+func (o *PasswordPolicyPasswordSettingsAge) SetHistoryCount(v int32) {
+	o.HistoryCount = &v
+}
+
+// GetMaxAgeDays returns the MaxAgeDays field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsAge) GetMaxAgeDays() int32 {
+	if o == nil || o.MaxAgeDays == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxAgeDays
+}
+
+// GetMaxAgeDaysOk returns a tuple with the MaxAgeDays field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsAge) GetMaxAgeDaysOk() (*int32, bool) {
+	if o == nil || o.MaxAgeDays == nil {
+		return nil, false
+	}
+	return o.MaxAgeDays, true
+}
+
+// HasMaxAgeDays returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsAge) HasMaxAgeDays() bool {
+	if o != nil && o.MaxAgeDays != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxAgeDays gets a reference to the given int32 and assigns it to the MaxAgeDays field.
+func (o *PasswordPolicyPasswordSettingsAge) SetMaxAgeDays(v int32) {
+	o.MaxAgeDays = &v
+}
+
+// GetMinAgeMinutes returns the MinAgeMinutes field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsAge) GetMinAgeMinutes() int32 {
+	if o == nil || o.MinAgeMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinAgeMinutes
+}
+
+// GetMinAgeMinutesOk returns a tuple with the MinAgeMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsAge) GetMinAgeMinutesOk() (*int32, bool) {
+	if o == nil || o.MinAgeMinutes == nil {
+		return nil, false
+	}
+	return o.MinAgeMinutes, true
+}
+
+// HasMinAgeMinutes returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsAge) HasMinAgeMinutes() bool {
+	if o != nil && o.MinAgeMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinAgeMinutes gets a reference to the given int32 and assigns it to the MinAgeMinutes field.
+func (o *PasswordPolicyPasswordSettingsAge) SetMinAgeMinutes(v int32) {
+	o.MinAgeMinutes = &v
+}
+
+func (o PasswordPolicyPasswordSettingsAge) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExpireWarnDays != nil {
+		toSerialize["expireWarnDays"] = o.ExpireWarnDays
+	}
+	if o.HistoryCount != nil {
+		toSerialize["historyCount"] = o.HistoryCount
+	}
+	if o.MaxAgeDays != nil {
+		toSerialize["maxAgeDays"] = o.MaxAgeDays
+	}
+	if o.MinAgeMinutes != nil {
+		toSerialize["minAgeMinutes"] = o.MinAgeMinutes
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyPasswordSettingsAge) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyPasswordSettingsAge := _PasswordPolicyPasswordSettingsAge{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyPasswordSettingsAge)
+	if err == nil {
+		*o = PasswordPolicyPasswordSettingsAge(varPasswordPolicyPasswordSettingsAge)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expireWarnDays")
+		delete(additionalProperties, "historyCount")
+		delete(additionalProperties, "maxAgeDays")
+		delete(additionalProperties, "minAgeMinutes")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyPasswordSettingsAge struct {
+	value *PasswordPolicyPasswordSettingsAge
+	isSet bool
+}
+
+func (v NullablePasswordPolicyPasswordSettingsAge) Get() *PasswordPolicyPasswordSettingsAge {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsAge) Set(val *PasswordPolicyPasswordSettingsAge) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyPasswordSettingsAge) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsAge) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyPasswordSettingsAge(val *PasswordPolicyPasswordSettingsAge) *NullablePasswordPolicyPasswordSettingsAge {
+	return &NullablePasswordPolicyPasswordSettingsAge{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyPasswordSettingsAge) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsAge) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_password_settings_complexity.go b/okta/model_password_policy_password_settings_complexity.go
new file mode 100644
index 000000000..be4b6e1e2
--- /dev/null
+++ b/okta/model_password_policy_password_settings_complexity.go
@@ -0,0 +1,421 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyPasswordSettingsComplexity struct for PasswordPolicyPasswordSettingsComplexity
+type PasswordPolicyPasswordSettingsComplexity struct {
+	Dictionary           *PasswordDictionary `json:"dictionary,omitempty"`
+	ExcludeAttributes    []string            `json:"excludeAttributes,omitempty"`
+	ExcludeUsername      *bool               `json:"excludeUsername,omitempty"`
+	MinLength            *int32              `json:"minLength,omitempty"`
+	MinLowerCase         *int32              `json:"minLowerCase,omitempty"`
+	MinNumber            *int32              `json:"minNumber,omitempty"`
+	MinSymbol            *int32              `json:"minSymbol,omitempty"`
+	MinUpperCase         *int32              `json:"minUpperCase,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyPasswordSettingsComplexity PasswordPolicyPasswordSettingsComplexity
+
+// NewPasswordPolicyPasswordSettingsComplexity instantiates a new PasswordPolicyPasswordSettingsComplexity object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyPasswordSettingsComplexity() *PasswordPolicyPasswordSettingsComplexity {
+	this := PasswordPolicyPasswordSettingsComplexity{}
+	var excludeUsername bool = true
+	this.ExcludeUsername = &excludeUsername
+	return &this
+}
+
+// NewPasswordPolicyPasswordSettingsComplexityWithDefaults instantiates a new PasswordPolicyPasswordSettingsComplexity object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyPasswordSettingsComplexityWithDefaults() *PasswordPolicyPasswordSettingsComplexity {
+	this := PasswordPolicyPasswordSettingsComplexity{}
+	var excludeUsername bool = true
+	this.ExcludeUsername = &excludeUsername
+	return &this
+}
+
+// GetDictionary returns the Dictionary field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetDictionary() PasswordDictionary {
+	if o == nil || o.Dictionary == nil {
+		var ret PasswordDictionary
+		return ret
+	}
+	return *o.Dictionary
+}
+
+// GetDictionaryOk returns a tuple with the Dictionary field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetDictionaryOk() (*PasswordDictionary, bool) {
+	if o == nil || o.Dictionary == nil {
+		return nil, false
+	}
+	return o.Dictionary, true
+}
+
+// HasDictionary returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasDictionary() bool {
+	if o != nil && o.Dictionary != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDictionary gets a reference to the given PasswordDictionary and assigns it to the Dictionary field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetDictionary(v PasswordDictionary) {
+	o.Dictionary = &v
+}
+
+// GetExcludeAttributes returns the ExcludeAttributes field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeAttributes() []string {
+	if o == nil || o.ExcludeAttributes == nil {
+		var ret []string
+		return ret
+	}
+	return o.ExcludeAttributes
+}
+
+// GetExcludeAttributesOk returns a tuple with the ExcludeAttributes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeAttributesOk() ([]string, bool) {
+	if o == nil || o.ExcludeAttributes == nil {
+		return nil, false
+	}
+	return o.ExcludeAttributes, true
+}
+
+// HasExcludeAttributes returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasExcludeAttributes() bool {
+	if o != nil && o.ExcludeAttributes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExcludeAttributes gets a reference to the given []string and assigns it to the ExcludeAttributes field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetExcludeAttributes(v []string) {
+	o.ExcludeAttributes = v
+}
+
+// GetExcludeUsername returns the ExcludeUsername field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeUsername() bool {
+	if o == nil || o.ExcludeUsername == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ExcludeUsername
+}
+
+// GetExcludeUsernameOk returns a tuple with the ExcludeUsername field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetExcludeUsernameOk() (*bool, bool) {
+	if o == nil || o.ExcludeUsername == nil {
+		return nil, false
+	}
+	return o.ExcludeUsername, true
+}
+
+// HasExcludeUsername returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasExcludeUsername() bool {
+	if o != nil && o.ExcludeUsername != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExcludeUsername gets a reference to the given bool and assigns it to the ExcludeUsername field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetExcludeUsername(v bool) {
+	o.ExcludeUsername = &v
+}
+
+// GetMinLength returns the MinLength field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLength() int32 {
+	if o == nil || o.MinLength == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinLength
+}
+
+// GetMinLengthOk returns a tuple with the MinLength field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLengthOk() (*int32, bool) {
+	if o == nil || o.MinLength == nil {
+		return nil, false
+	}
+	return o.MinLength, true
+}
+
+// HasMinLength returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasMinLength() bool {
+	if o != nil && o.MinLength != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinLength gets a reference to the given int32 and assigns it to the MinLength field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetMinLength(v int32) {
+	o.MinLength = &v
+}
+
+// GetMinLowerCase returns the MinLowerCase field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLowerCase() int32 {
+	if o == nil || o.MinLowerCase == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinLowerCase
+}
+
+// GetMinLowerCaseOk returns a tuple with the MinLowerCase field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinLowerCaseOk() (*int32, bool) {
+	if o == nil || o.MinLowerCase == nil {
+		return nil, false
+	}
+	return o.MinLowerCase, true
+}
+
+// HasMinLowerCase returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasMinLowerCase() bool {
+	if o != nil && o.MinLowerCase != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinLowerCase gets a reference to the given int32 and assigns it to the MinLowerCase field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetMinLowerCase(v int32) {
+	o.MinLowerCase = &v
+}
+
+// GetMinNumber returns the MinNumber field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinNumber() int32 {
+	if o == nil || o.MinNumber == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinNumber
+}
+
+// GetMinNumberOk returns a tuple with the MinNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinNumberOk() (*int32, bool) {
+	if o == nil || o.MinNumber == nil {
+		return nil, false
+	}
+	return o.MinNumber, true
+}
+
+// HasMinNumber returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasMinNumber() bool {
+	if o != nil && o.MinNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinNumber gets a reference to the given int32 and assigns it to the MinNumber field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetMinNumber(v int32) {
+	o.MinNumber = &v
+}
+
+// GetMinSymbol returns the MinSymbol field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinSymbol() int32 {
+	if o == nil || o.MinSymbol == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinSymbol
+}
+
+// GetMinSymbolOk returns a tuple with the MinSymbol field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinSymbolOk() (*int32, bool) {
+	if o == nil || o.MinSymbol == nil {
+		return nil, false
+	}
+	return o.MinSymbol, true
+}
+
+// HasMinSymbol returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasMinSymbol() bool {
+	if o != nil && o.MinSymbol != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinSymbol gets a reference to the given int32 and assigns it to the MinSymbol field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetMinSymbol(v int32) {
+	o.MinSymbol = &v
+}
+
+// GetMinUpperCase returns the MinUpperCase field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinUpperCase() int32 {
+	if o == nil || o.MinUpperCase == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinUpperCase
+}
+
+// GetMinUpperCaseOk returns a tuple with the MinUpperCase field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) GetMinUpperCaseOk() (*int32, bool) {
+	if o == nil || o.MinUpperCase == nil {
+		return nil, false
+	}
+	return o.MinUpperCase, true
+}
+
+// HasMinUpperCase returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsComplexity) HasMinUpperCase() bool {
+	if o != nil && o.MinUpperCase != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinUpperCase gets a reference to the given int32 and assigns it to the MinUpperCase field.
+func (o *PasswordPolicyPasswordSettingsComplexity) SetMinUpperCase(v int32) {
+	o.MinUpperCase = &v
+}
+
+func (o PasswordPolicyPasswordSettingsComplexity) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Dictionary != nil {
+		toSerialize["dictionary"] = o.Dictionary
+	}
+	if o.ExcludeAttributes != nil {
+		toSerialize["excludeAttributes"] = o.ExcludeAttributes
+	}
+	if o.ExcludeUsername != nil {
+		toSerialize["excludeUsername"] = o.ExcludeUsername
+	}
+	if o.MinLength != nil {
+		toSerialize["minLength"] = o.MinLength
+	}
+	if o.MinLowerCase != nil {
+		toSerialize["minLowerCase"] = o.MinLowerCase
+	}
+	if o.MinNumber != nil {
+		toSerialize["minNumber"] = o.MinNumber
+	}
+	if o.MinSymbol != nil {
+		toSerialize["minSymbol"] = o.MinSymbol
+	}
+	if o.MinUpperCase != nil {
+		toSerialize["minUpperCase"] = o.MinUpperCase
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyPasswordSettingsComplexity) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyPasswordSettingsComplexity := _PasswordPolicyPasswordSettingsComplexity{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyPasswordSettingsComplexity)
+	if err == nil {
+		*o = PasswordPolicyPasswordSettingsComplexity(varPasswordPolicyPasswordSettingsComplexity)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "dictionary")
+		delete(additionalProperties, "excludeAttributes")
+		delete(additionalProperties, "excludeUsername")
+		delete(additionalProperties, "minLength")
+		delete(additionalProperties, "minLowerCase")
+		delete(additionalProperties, "minNumber")
+		delete(additionalProperties, "minSymbol")
+		delete(additionalProperties, "minUpperCase")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyPasswordSettingsComplexity struct {
+	value *PasswordPolicyPasswordSettingsComplexity
+	isSet bool
+}
+
+func (v NullablePasswordPolicyPasswordSettingsComplexity) Get() *PasswordPolicyPasswordSettingsComplexity {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsComplexity) Set(val *PasswordPolicyPasswordSettingsComplexity) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyPasswordSettingsComplexity) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsComplexity) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyPasswordSettingsComplexity(val *PasswordPolicyPasswordSettingsComplexity) *NullablePasswordPolicyPasswordSettingsComplexity {
+	return &NullablePasswordPolicyPasswordSettingsComplexity{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyPasswordSettingsComplexity) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsComplexity) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_password_settings_lockout.go b/okta/model_password_policy_password_settings_lockout.go
new file mode 100644
index 000000000..180d84c4f
--- /dev/null
+++ b/okta/model_password_policy_password_settings_lockout.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyPasswordSettingsLockout struct for PasswordPolicyPasswordSettingsLockout
+type PasswordPolicyPasswordSettingsLockout struct {
+	AutoUnlockMinutes               *int32   `json:"autoUnlockMinutes,omitempty"`
+	MaxAttempts                     *int32   `json:"maxAttempts,omitempty"`
+	ShowLockoutFailures             *bool    `json:"showLockoutFailures,omitempty"`
+	UserLockoutNotificationChannels []string `json:"userLockoutNotificationChannels,omitempty"`
+	AdditionalProperties            map[string]interface{}
+}
+
+type _PasswordPolicyPasswordSettingsLockout PasswordPolicyPasswordSettingsLockout
+
+// NewPasswordPolicyPasswordSettingsLockout instantiates a new PasswordPolicyPasswordSettingsLockout object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyPasswordSettingsLockout() *PasswordPolicyPasswordSettingsLockout {
+	this := PasswordPolicyPasswordSettingsLockout{}
+	return &this
+}
+
+// NewPasswordPolicyPasswordSettingsLockoutWithDefaults instantiates a new PasswordPolicyPasswordSettingsLockout object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyPasswordSettingsLockoutWithDefaults() *PasswordPolicyPasswordSettingsLockout {
+	this := PasswordPolicyPasswordSettingsLockout{}
+	return &this
+}
+
+// GetAutoUnlockMinutes returns the AutoUnlockMinutes field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsLockout) GetAutoUnlockMinutes() int32 {
+	if o == nil || o.AutoUnlockMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.AutoUnlockMinutes
+}
+
+// GetAutoUnlockMinutesOk returns a tuple with the AutoUnlockMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) GetAutoUnlockMinutesOk() (*int32, bool) {
+	if o == nil || o.AutoUnlockMinutes == nil {
+		return nil, false
+	}
+	return o.AutoUnlockMinutes, true
+}
+
+// HasAutoUnlockMinutes returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) HasAutoUnlockMinutes() bool {
+	if o != nil && o.AutoUnlockMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAutoUnlockMinutes gets a reference to the given int32 and assigns it to the AutoUnlockMinutes field.
+func (o *PasswordPolicyPasswordSettingsLockout) SetAutoUnlockMinutes(v int32) {
+	o.AutoUnlockMinutes = &v
+}
+
+// GetMaxAttempts returns the MaxAttempts field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsLockout) GetMaxAttempts() int32 {
+	if o == nil || o.MaxAttempts == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxAttempts
+}
+
+// GetMaxAttemptsOk returns a tuple with the MaxAttempts field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) GetMaxAttemptsOk() (*int32, bool) {
+	if o == nil || o.MaxAttempts == nil {
+		return nil, false
+	}
+	return o.MaxAttempts, true
+}
+
+// HasMaxAttempts returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) HasMaxAttempts() bool {
+	if o != nil && o.MaxAttempts != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxAttempts gets a reference to the given int32 and assigns it to the MaxAttempts field.
+func (o *PasswordPolicyPasswordSettingsLockout) SetMaxAttempts(v int32) {
+	o.MaxAttempts = &v
+}
+
+// GetShowLockoutFailures returns the ShowLockoutFailures field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsLockout) GetShowLockoutFailures() bool {
+	if o == nil || o.ShowLockoutFailures == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ShowLockoutFailures
+}
+
+// GetShowLockoutFailuresOk returns a tuple with the ShowLockoutFailures field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) GetShowLockoutFailuresOk() (*bool, bool) {
+	if o == nil || o.ShowLockoutFailures == nil {
+		return nil, false
+	}
+	return o.ShowLockoutFailures, true
+}
+
+// HasShowLockoutFailures returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) HasShowLockoutFailures() bool {
+	if o != nil && o.ShowLockoutFailures != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetShowLockoutFailures gets a reference to the given bool and assigns it to the ShowLockoutFailures field.
+func (o *PasswordPolicyPasswordSettingsLockout) SetShowLockoutFailures(v bool) {
+	o.ShowLockoutFailures = &v
+}
+
+// GetUserLockoutNotificationChannels returns the UserLockoutNotificationChannels field value if set, zero value otherwise.
+func (o *PasswordPolicyPasswordSettingsLockout) GetUserLockoutNotificationChannels() []string {
+	if o == nil || o.UserLockoutNotificationChannels == nil {
+		var ret []string
+		return ret
+	}
+	return o.UserLockoutNotificationChannels
+}
+
+// GetUserLockoutNotificationChannelsOk returns a tuple with the UserLockoutNotificationChannels field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) GetUserLockoutNotificationChannelsOk() ([]string, bool) {
+	if o == nil || o.UserLockoutNotificationChannels == nil {
+		return nil, false
+	}
+	return o.UserLockoutNotificationChannels, true
+}
+
+// HasUserLockoutNotificationChannels returns a boolean if a field has been set.
+func (o *PasswordPolicyPasswordSettingsLockout) HasUserLockoutNotificationChannels() bool {
+	if o != nil && o.UserLockoutNotificationChannels != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserLockoutNotificationChannels gets a reference to the given []string and assigns it to the UserLockoutNotificationChannels field.
+func (o *PasswordPolicyPasswordSettingsLockout) SetUserLockoutNotificationChannels(v []string) {
+	o.UserLockoutNotificationChannels = v
+}
+
+func (o PasswordPolicyPasswordSettingsLockout) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AutoUnlockMinutes != nil {
+		toSerialize["autoUnlockMinutes"] = o.AutoUnlockMinutes
+	}
+	if o.MaxAttempts != nil {
+		toSerialize["maxAttempts"] = o.MaxAttempts
+	}
+	if o.ShowLockoutFailures != nil {
+		toSerialize["showLockoutFailures"] = o.ShowLockoutFailures
+	}
+	if o.UserLockoutNotificationChannels != nil {
+		toSerialize["userLockoutNotificationChannels"] = o.UserLockoutNotificationChannels
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyPasswordSettingsLockout) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyPasswordSettingsLockout := _PasswordPolicyPasswordSettingsLockout{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyPasswordSettingsLockout)
+	if err == nil {
+		*o = PasswordPolicyPasswordSettingsLockout(varPasswordPolicyPasswordSettingsLockout)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "autoUnlockMinutes")
+		delete(additionalProperties, "maxAttempts")
+		delete(additionalProperties, "showLockoutFailures")
+		delete(additionalProperties, "userLockoutNotificationChannels")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyPasswordSettingsLockout struct {
+	value *PasswordPolicyPasswordSettingsLockout
+	isSet bool
+}
+
+func (v NullablePasswordPolicyPasswordSettingsLockout) Get() *PasswordPolicyPasswordSettingsLockout {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsLockout) Set(val *PasswordPolicyPasswordSettingsLockout) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyPasswordSettingsLockout) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsLockout) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyPasswordSettingsLockout(val *PasswordPolicyPasswordSettingsLockout) *NullablePasswordPolicyPasswordSettingsLockout {
+	return &NullablePasswordPolicyPasswordSettingsLockout{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyPasswordSettingsLockout) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyPasswordSettingsLockout) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_email.go b/okta/model_password_policy_recovery_email.go
new file mode 100644
index 000000000..eb4009bbc
--- /dev/null
+++ b/okta/model_password_policy_recovery_email.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryEmail struct for PasswordPolicyRecoveryEmail
+type PasswordPolicyRecoveryEmail struct {
+	Properties           *PasswordPolicyRecoveryEmailProperties `json:"properties,omitempty"`
+	Status               *LifecycleStatus                       `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryEmail PasswordPolicyRecoveryEmail
+
+// NewPasswordPolicyRecoveryEmail instantiates a new PasswordPolicyRecoveryEmail object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryEmail() *PasswordPolicyRecoveryEmail {
+	this := PasswordPolicyRecoveryEmail{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryEmailWithDefaults instantiates a new PasswordPolicyRecoveryEmail object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryEmailWithDefaults() *PasswordPolicyRecoveryEmail {
+	this := PasswordPolicyRecoveryEmail{}
+	return &this
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryEmail) GetProperties() PasswordPolicyRecoveryEmailProperties {
+	if o == nil || o.Properties == nil {
+		var ret PasswordPolicyRecoveryEmailProperties
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryEmail) GetPropertiesOk() (*PasswordPolicyRecoveryEmailProperties, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryEmail) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given PasswordPolicyRecoveryEmailProperties and assigns it to the Properties field.
+func (o *PasswordPolicyRecoveryEmail) SetProperties(v PasswordPolicyRecoveryEmailProperties) {
+	o.Properties = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryEmail) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryEmail) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryEmail) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *PasswordPolicyRecoveryEmail) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+func (o PasswordPolicyRecoveryEmail) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryEmail) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryEmail := _PasswordPolicyRecoveryEmail{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryEmail)
+	if err == nil {
+		*o = PasswordPolicyRecoveryEmail(varPasswordPolicyRecoveryEmail)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryEmail struct {
+	value *PasswordPolicyRecoveryEmail
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryEmail) Get() *PasswordPolicyRecoveryEmail {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryEmail) Set(val *PasswordPolicyRecoveryEmail) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryEmail) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryEmail) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryEmail(val *PasswordPolicyRecoveryEmail) *NullablePasswordPolicyRecoveryEmail {
+	return &NullablePasswordPolicyRecoveryEmail{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryEmail) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryEmail) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_email_properties.go b/okta/model_password_policy_recovery_email_properties.go
new file mode 100644
index 000000000..77dc574d6
--- /dev/null
+++ b/okta/model_password_policy_recovery_email_properties.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryEmailProperties struct for PasswordPolicyRecoveryEmailProperties
+type PasswordPolicyRecoveryEmailProperties struct {
+	RecoveryToken        *PasswordPolicyRecoveryEmailRecoveryToken `json:"recoveryToken,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryEmailProperties PasswordPolicyRecoveryEmailProperties
+
+// NewPasswordPolicyRecoveryEmailProperties instantiates a new PasswordPolicyRecoveryEmailProperties object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryEmailProperties() *PasswordPolicyRecoveryEmailProperties {
+	this := PasswordPolicyRecoveryEmailProperties{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryEmailPropertiesWithDefaults instantiates a new PasswordPolicyRecoveryEmailProperties object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryEmailPropertiesWithDefaults() *PasswordPolicyRecoveryEmailProperties {
+	this := PasswordPolicyRecoveryEmailProperties{}
+	return &this
+}
+
+// GetRecoveryToken returns the RecoveryToken field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryEmailProperties) GetRecoveryToken() PasswordPolicyRecoveryEmailRecoveryToken {
+	if o == nil || o.RecoveryToken == nil {
+		var ret PasswordPolicyRecoveryEmailRecoveryToken
+		return ret
+	}
+	return *o.RecoveryToken
+}
+
+// GetRecoveryTokenOk returns a tuple with the RecoveryToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryEmailProperties) GetRecoveryTokenOk() (*PasswordPolicyRecoveryEmailRecoveryToken, bool) {
+	if o == nil || o.RecoveryToken == nil {
+		return nil, false
+	}
+	return o.RecoveryToken, true
+}
+
+// HasRecoveryToken returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryEmailProperties) HasRecoveryToken() bool {
+	if o != nil && o.RecoveryToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRecoveryToken gets a reference to the given PasswordPolicyRecoveryEmailRecoveryToken and assigns it to the RecoveryToken field.
+func (o *PasswordPolicyRecoveryEmailProperties) SetRecoveryToken(v PasswordPolicyRecoveryEmailRecoveryToken) {
+	o.RecoveryToken = &v
+}
+
+func (o PasswordPolicyRecoveryEmailProperties) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.RecoveryToken != nil {
+		toSerialize["recoveryToken"] = o.RecoveryToken
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryEmailProperties) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryEmailProperties := _PasswordPolicyRecoveryEmailProperties{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryEmailProperties)
+	if err == nil {
+		*o = PasswordPolicyRecoveryEmailProperties(varPasswordPolicyRecoveryEmailProperties)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "recoveryToken")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryEmailProperties struct {
+	value *PasswordPolicyRecoveryEmailProperties
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryEmailProperties) Get() *PasswordPolicyRecoveryEmailProperties {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryEmailProperties) Set(val *PasswordPolicyRecoveryEmailProperties) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryEmailProperties) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryEmailProperties) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryEmailProperties(val *PasswordPolicyRecoveryEmailProperties) *NullablePasswordPolicyRecoveryEmailProperties {
+	return &NullablePasswordPolicyRecoveryEmailProperties{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryEmailProperties) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryEmailProperties) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_email_recovery_token.go b/okta/model_password_policy_recovery_email_recovery_token.go
new file mode 100644
index 000000000..867582a08
--- /dev/null
+++ b/okta/model_password_policy_recovery_email_recovery_token.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryEmailRecoveryToken struct for PasswordPolicyRecoveryEmailRecoveryToken
+type PasswordPolicyRecoveryEmailRecoveryToken struct {
+	TokenLifetimeMinutes *int32 `json:"tokenLifetimeMinutes,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryEmailRecoveryToken PasswordPolicyRecoveryEmailRecoveryToken
+
+// NewPasswordPolicyRecoveryEmailRecoveryToken instantiates a new PasswordPolicyRecoveryEmailRecoveryToken object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryEmailRecoveryToken() *PasswordPolicyRecoveryEmailRecoveryToken {
+	this := PasswordPolicyRecoveryEmailRecoveryToken{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryEmailRecoveryTokenWithDefaults instantiates a new PasswordPolicyRecoveryEmailRecoveryToken object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryEmailRecoveryTokenWithDefaults() *PasswordPolicyRecoveryEmailRecoveryToken {
+	this := PasswordPolicyRecoveryEmailRecoveryToken{}
+	return &this
+}
+
+// GetTokenLifetimeMinutes returns the TokenLifetimeMinutes field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryEmailRecoveryToken) GetTokenLifetimeMinutes() int32 {
+	if o == nil || o.TokenLifetimeMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.TokenLifetimeMinutes
+}
+
+// GetTokenLifetimeMinutesOk returns a tuple with the TokenLifetimeMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryEmailRecoveryToken) GetTokenLifetimeMinutesOk() (*int32, bool) {
+	if o == nil || o.TokenLifetimeMinutes == nil {
+		return nil, false
+	}
+	return o.TokenLifetimeMinutes, true
+}
+
+// HasTokenLifetimeMinutes returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryEmailRecoveryToken) HasTokenLifetimeMinutes() bool {
+	if o != nil && o.TokenLifetimeMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenLifetimeMinutes gets a reference to the given int32 and assigns it to the TokenLifetimeMinutes field.
+func (o *PasswordPolicyRecoveryEmailRecoveryToken) SetTokenLifetimeMinutes(v int32) {
+	o.TokenLifetimeMinutes = &v
+}
+
+func (o PasswordPolicyRecoveryEmailRecoveryToken) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.TokenLifetimeMinutes != nil {
+		toSerialize["tokenLifetimeMinutes"] = o.TokenLifetimeMinutes
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryEmailRecoveryToken) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryEmailRecoveryToken := _PasswordPolicyRecoveryEmailRecoveryToken{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryEmailRecoveryToken)
+	if err == nil {
+		*o = PasswordPolicyRecoveryEmailRecoveryToken(varPasswordPolicyRecoveryEmailRecoveryToken)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "tokenLifetimeMinutes")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryEmailRecoveryToken struct {
+	value *PasswordPolicyRecoveryEmailRecoveryToken
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryEmailRecoveryToken) Get() *PasswordPolicyRecoveryEmailRecoveryToken {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryEmailRecoveryToken) Set(val *PasswordPolicyRecoveryEmailRecoveryToken) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryEmailRecoveryToken) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryEmailRecoveryToken) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryEmailRecoveryToken(val *PasswordPolicyRecoveryEmailRecoveryToken) *NullablePasswordPolicyRecoveryEmailRecoveryToken {
+	return &NullablePasswordPolicyRecoveryEmailRecoveryToken{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryEmailRecoveryToken) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryEmailRecoveryToken) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_factor_settings.go b/okta/model_password_policy_recovery_factor_settings.go
new file mode 100644
index 000000000..ac29b74df
--- /dev/null
+++ b/okta/model_password_policy_recovery_factor_settings.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryFactorSettings struct for PasswordPolicyRecoveryFactorSettings
+type PasswordPolicyRecoveryFactorSettings struct {
+	Status               *LifecycleStatus `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryFactorSettings PasswordPolicyRecoveryFactorSettings
+
+// NewPasswordPolicyRecoveryFactorSettings instantiates a new PasswordPolicyRecoveryFactorSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryFactorSettings() *PasswordPolicyRecoveryFactorSettings {
+	this := PasswordPolicyRecoveryFactorSettings{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryFactorSettingsWithDefaults instantiates a new PasswordPolicyRecoveryFactorSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryFactorSettingsWithDefaults() *PasswordPolicyRecoveryFactorSettings {
+	this := PasswordPolicyRecoveryFactorSettings{}
+	return &this
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryFactorSettings) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryFactorSettings) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryFactorSettings) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *PasswordPolicyRecoveryFactorSettings) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+func (o PasswordPolicyRecoveryFactorSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryFactorSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryFactorSettings := _PasswordPolicyRecoveryFactorSettings{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryFactorSettings)
+	if err == nil {
+		*o = PasswordPolicyRecoveryFactorSettings(varPasswordPolicyRecoveryFactorSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryFactorSettings struct {
+	value *PasswordPolicyRecoveryFactorSettings
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryFactorSettings) Get() *PasswordPolicyRecoveryFactorSettings {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryFactorSettings) Set(val *PasswordPolicyRecoveryFactorSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryFactorSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryFactorSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryFactorSettings(val *PasswordPolicyRecoveryFactorSettings) *NullablePasswordPolicyRecoveryFactorSettings {
+	return &NullablePasswordPolicyRecoveryFactorSettings{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryFactorSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryFactorSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_factors.go b/okta/model_password_policy_recovery_factors.go
new file mode 100644
index 000000000..fbcd2cf6e
--- /dev/null
+++ b/okta/model_password_policy_recovery_factors.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryFactors struct for PasswordPolicyRecoveryFactors
+type PasswordPolicyRecoveryFactors struct {
+	OktaCall             *PasswordPolicyRecoveryFactorSettings `json:"okta_call,omitempty"`
+	OktaEmail            *PasswordPolicyRecoveryEmail          `json:"okta_email,omitempty"`
+	OktaSms              *PasswordPolicyRecoveryFactorSettings `json:"okta_sms,omitempty"`
+	RecoveryQuestion     *PasswordPolicyRecoveryQuestion       `json:"recovery_question,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryFactors PasswordPolicyRecoveryFactors
+
+// NewPasswordPolicyRecoveryFactors instantiates a new PasswordPolicyRecoveryFactors object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryFactors() *PasswordPolicyRecoveryFactors {
+	this := PasswordPolicyRecoveryFactors{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryFactorsWithDefaults instantiates a new PasswordPolicyRecoveryFactors object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryFactorsWithDefaults() *PasswordPolicyRecoveryFactors {
+	this := PasswordPolicyRecoveryFactors{}
+	return &this
+}
+
+// GetOktaCall returns the OktaCall field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryFactors) GetOktaCall() PasswordPolicyRecoveryFactorSettings {
+	if o == nil || o.OktaCall == nil {
+		var ret PasswordPolicyRecoveryFactorSettings
+		return ret
+	}
+	return *o.OktaCall
+}
+
+// GetOktaCallOk returns a tuple with the OktaCall field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryFactors) GetOktaCallOk() (*PasswordPolicyRecoveryFactorSettings, bool) {
+	if o == nil || o.OktaCall == nil {
+		return nil, false
+	}
+	return o.OktaCall, true
+}
+
+// HasOktaCall returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryFactors) HasOktaCall() bool {
+	if o != nil && o.OktaCall != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOktaCall gets a reference to the given PasswordPolicyRecoveryFactorSettings and assigns it to the OktaCall field.
+func (o *PasswordPolicyRecoveryFactors) SetOktaCall(v PasswordPolicyRecoveryFactorSettings) {
+	o.OktaCall = &v
+}
+
+// GetOktaEmail returns the OktaEmail field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryFactors) GetOktaEmail() PasswordPolicyRecoveryEmail {
+	if o == nil || o.OktaEmail == nil {
+		var ret PasswordPolicyRecoveryEmail
+		return ret
+	}
+	return *o.OktaEmail
+}
+
+// GetOktaEmailOk returns a tuple with the OktaEmail field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryFactors) GetOktaEmailOk() (*PasswordPolicyRecoveryEmail, bool) {
+	if o == nil || o.OktaEmail == nil {
+		return nil, false
+	}
+	return o.OktaEmail, true
+}
+
+// HasOktaEmail returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryFactors) HasOktaEmail() bool {
+	if o != nil && o.OktaEmail != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOktaEmail gets a reference to the given PasswordPolicyRecoveryEmail and assigns it to the OktaEmail field.
+func (o *PasswordPolicyRecoveryFactors) SetOktaEmail(v PasswordPolicyRecoveryEmail) {
+	o.OktaEmail = &v
+}
+
+// GetOktaSms returns the OktaSms field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryFactors) GetOktaSms() PasswordPolicyRecoveryFactorSettings {
+	if o == nil || o.OktaSms == nil {
+		var ret PasswordPolicyRecoveryFactorSettings
+		return ret
+	}
+	return *o.OktaSms
+}
+
+// GetOktaSmsOk returns a tuple with the OktaSms field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryFactors) GetOktaSmsOk() (*PasswordPolicyRecoveryFactorSettings, bool) {
+	if o == nil || o.OktaSms == nil {
+		return nil, false
+	}
+	return o.OktaSms, true
+}
+
+// HasOktaSms returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryFactors) HasOktaSms() bool {
+	if o != nil && o.OktaSms != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOktaSms gets a reference to the given PasswordPolicyRecoveryFactorSettings and assigns it to the OktaSms field.
+func (o *PasswordPolicyRecoveryFactors) SetOktaSms(v PasswordPolicyRecoveryFactorSettings) {
+	o.OktaSms = &v
+}
+
+// GetRecoveryQuestion returns the RecoveryQuestion field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryFactors) GetRecoveryQuestion() PasswordPolicyRecoveryQuestion {
+	if o == nil || o.RecoveryQuestion == nil {
+		var ret PasswordPolicyRecoveryQuestion
+		return ret
+	}
+	return *o.RecoveryQuestion
+}
+
+// GetRecoveryQuestionOk returns a tuple with the RecoveryQuestion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryFactors) GetRecoveryQuestionOk() (*PasswordPolicyRecoveryQuestion, bool) {
+	if o == nil || o.RecoveryQuestion == nil {
+		return nil, false
+	}
+	return o.RecoveryQuestion, true
+}
+
+// HasRecoveryQuestion returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryFactors) HasRecoveryQuestion() bool {
+	if o != nil && o.RecoveryQuestion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRecoveryQuestion gets a reference to the given PasswordPolicyRecoveryQuestion and assigns it to the RecoveryQuestion field.
+func (o *PasswordPolicyRecoveryFactors) SetRecoveryQuestion(v PasswordPolicyRecoveryQuestion) {
+	o.RecoveryQuestion = &v
+}
+
+func (o PasswordPolicyRecoveryFactors) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.OktaCall != nil {
+		toSerialize["okta_call"] = o.OktaCall
+	}
+	if o.OktaEmail != nil {
+		toSerialize["okta_email"] = o.OktaEmail
+	}
+	if o.OktaSms != nil {
+		toSerialize["okta_sms"] = o.OktaSms
+	}
+	if o.RecoveryQuestion != nil {
+		toSerialize["recovery_question"] = o.RecoveryQuestion
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryFactors) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryFactors := _PasswordPolicyRecoveryFactors{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryFactors)
+	if err == nil {
+		*o = PasswordPolicyRecoveryFactors(varPasswordPolicyRecoveryFactors)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "okta_call")
+		delete(additionalProperties, "okta_email")
+		delete(additionalProperties, "okta_sms")
+		delete(additionalProperties, "recovery_question")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryFactors struct {
+	value *PasswordPolicyRecoveryFactors
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryFactors) Get() *PasswordPolicyRecoveryFactors {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryFactors) Set(val *PasswordPolicyRecoveryFactors) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryFactors) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryFactors) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryFactors(val *PasswordPolicyRecoveryFactors) *NullablePasswordPolicyRecoveryFactors {
+	return &NullablePasswordPolicyRecoveryFactors{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryFactors) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryFactors) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_question.go b/okta/model_password_policy_recovery_question.go
new file mode 100644
index 000000000..45b256874
--- /dev/null
+++ b/okta/model_password_policy_recovery_question.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryQuestion struct for PasswordPolicyRecoveryQuestion
+type PasswordPolicyRecoveryQuestion struct {
+	Properties           *PasswordPolicyRecoveryQuestionProperties `json:"properties,omitempty"`
+	Status               *LifecycleStatus                          `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryQuestion PasswordPolicyRecoveryQuestion
+
+// NewPasswordPolicyRecoveryQuestion instantiates a new PasswordPolicyRecoveryQuestion object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryQuestion() *PasswordPolicyRecoveryQuestion {
+	this := PasswordPolicyRecoveryQuestion{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryQuestionWithDefaults instantiates a new PasswordPolicyRecoveryQuestion object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryQuestionWithDefaults() *PasswordPolicyRecoveryQuestion {
+	this := PasswordPolicyRecoveryQuestion{}
+	return &this
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryQuestion) GetProperties() PasswordPolicyRecoveryQuestionProperties {
+	if o == nil || o.Properties == nil {
+		var ret PasswordPolicyRecoveryQuestionProperties
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryQuestion) GetPropertiesOk() (*PasswordPolicyRecoveryQuestionProperties, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryQuestion) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given PasswordPolicyRecoveryQuestionProperties and assigns it to the Properties field.
+func (o *PasswordPolicyRecoveryQuestion) SetProperties(v PasswordPolicyRecoveryQuestionProperties) {
+	o.Properties = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryQuestion) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryQuestion) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryQuestion) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *PasswordPolicyRecoveryQuestion) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+func (o PasswordPolicyRecoveryQuestion) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryQuestion) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryQuestion := _PasswordPolicyRecoveryQuestion{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryQuestion)
+	if err == nil {
+		*o = PasswordPolicyRecoveryQuestion(varPasswordPolicyRecoveryQuestion)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryQuestion struct {
+	value *PasswordPolicyRecoveryQuestion
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryQuestion) Get() *PasswordPolicyRecoveryQuestion {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestion) Set(val *PasswordPolicyRecoveryQuestion) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryQuestion) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestion) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryQuestion(val *PasswordPolicyRecoveryQuestion) *NullablePasswordPolicyRecoveryQuestion {
+	return &NullablePasswordPolicyRecoveryQuestion{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryQuestion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestion) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_question_complexity.go b/okta/model_password_policy_recovery_question_complexity.go
new file mode 100644
index 000000000..c9ce42437
--- /dev/null
+++ b/okta/model_password_policy_recovery_question_complexity.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryQuestionComplexity struct for PasswordPolicyRecoveryQuestionComplexity
+type PasswordPolicyRecoveryQuestionComplexity struct {
+	MinLength            *int32 `json:"minLength,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryQuestionComplexity PasswordPolicyRecoveryQuestionComplexity
+
+// NewPasswordPolicyRecoveryQuestionComplexity instantiates a new PasswordPolicyRecoveryQuestionComplexity object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryQuestionComplexity() *PasswordPolicyRecoveryQuestionComplexity {
+	this := PasswordPolicyRecoveryQuestionComplexity{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryQuestionComplexityWithDefaults instantiates a new PasswordPolicyRecoveryQuestionComplexity object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryQuestionComplexityWithDefaults() *PasswordPolicyRecoveryQuestionComplexity {
+	this := PasswordPolicyRecoveryQuestionComplexity{}
+	return &this
+}
+
+// GetMinLength returns the MinLength field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryQuestionComplexity) GetMinLength() int32 {
+	if o == nil || o.MinLength == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinLength
+}
+
+// GetMinLengthOk returns a tuple with the MinLength field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryQuestionComplexity) GetMinLengthOk() (*int32, bool) {
+	if o == nil || o.MinLength == nil {
+		return nil, false
+	}
+	return o.MinLength, true
+}
+
+// HasMinLength returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryQuestionComplexity) HasMinLength() bool {
+	if o != nil && o.MinLength != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinLength gets a reference to the given int32 and assigns it to the MinLength field.
+func (o *PasswordPolicyRecoveryQuestionComplexity) SetMinLength(v int32) {
+	o.MinLength = &v
+}
+
+func (o PasswordPolicyRecoveryQuestionComplexity) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MinLength != nil {
+		toSerialize["minLength"] = o.MinLength
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryQuestionComplexity) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryQuestionComplexity := _PasswordPolicyRecoveryQuestionComplexity{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryQuestionComplexity)
+	if err == nil {
+		*o = PasswordPolicyRecoveryQuestionComplexity(varPasswordPolicyRecoveryQuestionComplexity)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "minLength")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryQuestionComplexity struct {
+	value *PasswordPolicyRecoveryQuestionComplexity
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryQuestionComplexity) Get() *PasswordPolicyRecoveryQuestionComplexity {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestionComplexity) Set(val *PasswordPolicyRecoveryQuestionComplexity) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryQuestionComplexity) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestionComplexity) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryQuestionComplexity(val *PasswordPolicyRecoveryQuestionComplexity) *NullablePasswordPolicyRecoveryQuestionComplexity {
+	return &NullablePasswordPolicyRecoveryQuestionComplexity{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryQuestionComplexity) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestionComplexity) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_question_properties.go b/okta/model_password_policy_recovery_question_properties.go
new file mode 100644
index 000000000..bc5e45159
--- /dev/null
+++ b/okta/model_password_policy_recovery_question_properties.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoveryQuestionProperties struct for PasswordPolicyRecoveryQuestionProperties
+type PasswordPolicyRecoveryQuestionProperties struct {
+	Complexity           *PasswordPolicyRecoveryQuestionComplexity `json:"complexity,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoveryQuestionProperties PasswordPolicyRecoveryQuestionProperties
+
+// NewPasswordPolicyRecoveryQuestionProperties instantiates a new PasswordPolicyRecoveryQuestionProperties object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoveryQuestionProperties() *PasswordPolicyRecoveryQuestionProperties {
+	this := PasswordPolicyRecoveryQuestionProperties{}
+	return &this
+}
+
+// NewPasswordPolicyRecoveryQuestionPropertiesWithDefaults instantiates a new PasswordPolicyRecoveryQuestionProperties object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoveryQuestionPropertiesWithDefaults() *PasswordPolicyRecoveryQuestionProperties {
+	this := PasswordPolicyRecoveryQuestionProperties{}
+	return &this
+}
+
+// GetComplexity returns the Complexity field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoveryQuestionProperties) GetComplexity() PasswordPolicyRecoveryQuestionComplexity {
+	if o == nil || o.Complexity == nil {
+		var ret PasswordPolicyRecoveryQuestionComplexity
+		return ret
+	}
+	return *o.Complexity
+}
+
+// GetComplexityOk returns a tuple with the Complexity field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoveryQuestionProperties) GetComplexityOk() (*PasswordPolicyRecoveryQuestionComplexity, bool) {
+	if o == nil || o.Complexity == nil {
+		return nil, false
+	}
+	return o.Complexity, true
+}
+
+// HasComplexity returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoveryQuestionProperties) HasComplexity() bool {
+	if o != nil && o.Complexity != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetComplexity gets a reference to the given PasswordPolicyRecoveryQuestionComplexity and assigns it to the Complexity field.
+func (o *PasswordPolicyRecoveryQuestionProperties) SetComplexity(v PasswordPolicyRecoveryQuestionComplexity) {
+	o.Complexity = &v
+}
+
+func (o PasswordPolicyRecoveryQuestionProperties) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Complexity != nil {
+		toSerialize["complexity"] = o.Complexity
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoveryQuestionProperties) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoveryQuestionProperties := _PasswordPolicyRecoveryQuestionProperties{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoveryQuestionProperties)
+	if err == nil {
+		*o = PasswordPolicyRecoveryQuestionProperties(varPasswordPolicyRecoveryQuestionProperties)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "complexity")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoveryQuestionProperties struct {
+	value *PasswordPolicyRecoveryQuestionProperties
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoveryQuestionProperties) Get() *PasswordPolicyRecoveryQuestionProperties {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestionProperties) Set(val *PasswordPolicyRecoveryQuestionProperties) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoveryQuestionProperties) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestionProperties) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoveryQuestionProperties(val *PasswordPolicyRecoveryQuestionProperties) *NullablePasswordPolicyRecoveryQuestionProperties {
+	return &NullablePasswordPolicyRecoveryQuestionProperties{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoveryQuestionProperties) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoveryQuestionProperties) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_recovery_settings.go b/okta/model_password_policy_recovery_settings.go
new file mode 100644
index 000000000..257900d1f
--- /dev/null
+++ b/okta/model_password_policy_recovery_settings.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRecoverySettings struct for PasswordPolicyRecoverySettings
+type PasswordPolicyRecoverySettings struct {
+	Factors              *PasswordPolicyRecoveryFactors `json:"factors,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRecoverySettings PasswordPolicyRecoverySettings
+
+// NewPasswordPolicyRecoverySettings instantiates a new PasswordPolicyRecoverySettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRecoverySettings() *PasswordPolicyRecoverySettings {
+	this := PasswordPolicyRecoverySettings{}
+	return &this
+}
+
+// NewPasswordPolicyRecoverySettingsWithDefaults instantiates a new PasswordPolicyRecoverySettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRecoverySettingsWithDefaults() *PasswordPolicyRecoverySettings {
+	this := PasswordPolicyRecoverySettings{}
+	return &this
+}
+
+// GetFactors returns the Factors field value if set, zero value otherwise.
+func (o *PasswordPolicyRecoverySettings) GetFactors() PasswordPolicyRecoveryFactors {
+	if o == nil || o.Factors == nil {
+		var ret PasswordPolicyRecoveryFactors
+		return ret
+	}
+	return *o.Factors
+}
+
+// GetFactorsOk returns a tuple with the Factors field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRecoverySettings) GetFactorsOk() (*PasswordPolicyRecoveryFactors, bool) {
+	if o == nil || o.Factors == nil {
+		return nil, false
+	}
+	return o.Factors, true
+}
+
+// HasFactors returns a boolean if a field has been set.
+func (o *PasswordPolicyRecoverySettings) HasFactors() bool {
+	if o != nil && o.Factors != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactors gets a reference to the given PasswordPolicyRecoveryFactors and assigns it to the Factors field.
+func (o *PasswordPolicyRecoverySettings) SetFactors(v PasswordPolicyRecoveryFactors) {
+	o.Factors = &v
+}
+
+func (o PasswordPolicyRecoverySettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Factors != nil {
+		toSerialize["factors"] = o.Factors
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRecoverySettings) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRecoverySettings := _PasswordPolicyRecoverySettings{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRecoverySettings)
+	if err == nil {
+		*o = PasswordPolicyRecoverySettings(varPasswordPolicyRecoverySettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "factors")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRecoverySettings struct {
+	value *PasswordPolicyRecoverySettings
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRecoverySettings) Get() *PasswordPolicyRecoverySettings {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRecoverySettings) Set(val *PasswordPolicyRecoverySettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRecoverySettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRecoverySettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRecoverySettings(val *PasswordPolicyRecoverySettings) *NullablePasswordPolicyRecoverySettings {
+	return &NullablePasswordPolicyRecoverySettings{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRecoverySettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRecoverySettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_rule.go b/okta/model_password_policy_rule.go
new file mode 100644
index 000000000..9021481c8
--- /dev/null
+++ b/okta/model_password_policy_rule.go
@@ -0,0 +1,244 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// PasswordPolicyRule struct for PasswordPolicyRule
+type PasswordPolicyRule struct {
+	PolicyRule
+	Actions              *PasswordPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *PasswordPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRule PasswordPolicyRule
+
+// NewPasswordPolicyRule instantiates a new PasswordPolicyRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRule() *PasswordPolicyRule {
+	this := PasswordPolicyRule{}
+	var system bool = false
+	this.System = &system
+	return &this
+}
+
+// NewPasswordPolicyRuleWithDefaults instantiates a new PasswordPolicyRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRuleWithDefaults() *PasswordPolicyRule {
+	this := PasswordPolicyRule{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *PasswordPolicyRule) GetActions() PasswordPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret PasswordPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRule) GetActionsOk() (*PasswordPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *PasswordPolicyRule) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given PasswordPolicyRuleActions and assigns it to the Actions field.
+func (o *PasswordPolicyRule) SetActions(v PasswordPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *PasswordPolicyRule) GetConditions() PasswordPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PasswordPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRule) GetConditionsOk() (*PasswordPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *PasswordPolicyRule) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PasswordPolicyRuleConditions and assigns it to the Conditions field.
+func (o *PasswordPolicyRule) SetConditions(v PasswordPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o PasswordPolicyRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicyRule, errPolicyRule := json.Marshal(o.PolicyRule)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	errPolicyRule = json.Unmarshal([]byte(serializedPolicyRule), &toSerialize)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRule) UnmarshalJSON(bytes []byte) (err error) {
+	type PasswordPolicyRuleWithoutEmbeddedStruct struct {
+		Actions    *PasswordPolicyRuleActions    `json:"actions,omitempty"`
+		Conditions *PasswordPolicyRuleConditions `json:"conditions,omitempty"`
+	}
+
+	varPasswordPolicyRuleWithoutEmbeddedStruct := PasswordPolicyRuleWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRuleWithoutEmbeddedStruct)
+	if err == nil {
+		varPasswordPolicyRule := _PasswordPolicyRule{}
+		varPasswordPolicyRule.Actions = varPasswordPolicyRuleWithoutEmbeddedStruct.Actions
+		varPasswordPolicyRule.Conditions = varPasswordPolicyRuleWithoutEmbeddedStruct.Conditions
+		*o = PasswordPolicyRule(varPasswordPolicyRule)
+	} else {
+		return err
+	}
+
+	varPasswordPolicyRule := _PasswordPolicyRule{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRule)
+	if err == nil {
+		o.PolicyRule = varPasswordPolicyRule.PolicyRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicyRule := reflect.ValueOf(o.PolicyRule)
+		for i := 0; i < reflectPolicyRule.Type().NumField(); i++ {
+			t := reflectPolicyRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRule struct {
+	value *PasswordPolicyRule
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRule) Get() *PasswordPolicyRule {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRule) Set(val *PasswordPolicyRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRule(val *PasswordPolicyRule) *NullablePasswordPolicyRule {
+	return &NullablePasswordPolicyRule{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_rule_action.go b/okta/model_password_policy_rule_action.go
new file mode 100644
index 000000000..ae4f381f3
--- /dev/null
+++ b/okta/model_password_policy_rule_action.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRuleAction struct for PasswordPolicyRuleAction
+type PasswordPolicyRuleAction struct {
+	Access               *PolicyAccess `json:"access,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRuleAction PasswordPolicyRuleAction
+
+// NewPasswordPolicyRuleAction instantiates a new PasswordPolicyRuleAction object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRuleAction() *PasswordPolicyRuleAction {
+	this := PasswordPolicyRuleAction{}
+	return &this
+}
+
+// NewPasswordPolicyRuleActionWithDefaults instantiates a new PasswordPolicyRuleAction object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRuleActionWithDefaults() *PasswordPolicyRuleAction {
+	this := PasswordPolicyRuleAction{}
+	return &this
+}
+
+// GetAccess returns the Access field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleAction) GetAccess() PolicyAccess {
+	if o == nil || o.Access == nil {
+		var ret PolicyAccess
+		return ret
+	}
+	return *o.Access
+}
+
+// GetAccessOk returns a tuple with the Access field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleAction) GetAccessOk() (*PolicyAccess, bool) {
+	if o == nil || o.Access == nil {
+		return nil, false
+	}
+	return o.Access, true
+}
+
+// HasAccess returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleAction) HasAccess() bool {
+	if o != nil && o.Access != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccess gets a reference to the given PolicyAccess and assigns it to the Access field.
+func (o *PasswordPolicyRuleAction) SetAccess(v PolicyAccess) {
+	o.Access = &v
+}
+
+func (o PasswordPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Access != nil {
+		toSerialize["access"] = o.Access
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRuleAction) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRuleAction := _PasswordPolicyRuleAction{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRuleAction)
+	if err == nil {
+		*o = PasswordPolicyRuleAction(varPasswordPolicyRuleAction)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "access")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRuleAction struct {
+	value *PasswordPolicyRuleAction
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRuleAction) Get() *PasswordPolicyRuleAction {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRuleAction) Set(val *PasswordPolicyRuleAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRuleAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRuleAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRuleAction(val *PasswordPolicyRuleAction) *NullablePasswordPolicyRuleAction {
+	return &NullablePasswordPolicyRuleAction{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRuleAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_rule_actions.go b/okta/model_password_policy_rule_actions.go
new file mode 100644
index 000000000..502f773a9
--- /dev/null
+++ b/okta/model_password_policy_rule_actions.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRuleActions struct for PasswordPolicyRuleActions
+type PasswordPolicyRuleActions struct {
+	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
+	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
+	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
+	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
+	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
+	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _PasswordPolicyRuleActions PasswordPolicyRuleActions
+
+// NewPasswordPolicyRuleActions instantiates a new PasswordPolicyRuleActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRuleActions() *PasswordPolicyRuleActions {
+	this := PasswordPolicyRuleActions{}
+	return &this
+}
+
+// NewPasswordPolicyRuleActionsWithDefaults instantiates a new PasswordPolicyRuleActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRuleActionsWithDefaults() *PasswordPolicyRuleActions {
+	this := PasswordPolicyRuleActions{}
+	return &this
+}
+
+// GetEnroll returns the Enroll field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll {
+	if o == nil || o.Enroll == nil {
+		var ret PolicyRuleActionsEnroll
+		return ret
+	}
+	return *o.Enroll
+}
+
+// GetEnrollOk returns a tuple with the Enroll field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool) {
+	if o == nil || o.Enroll == nil {
+		return nil, false
+	}
+	return o.Enroll, true
+}
+
+// HasEnroll returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActions) HasEnroll() bool {
+	if o != nil && o.Enroll != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnroll gets a reference to the given PolicyRuleActionsEnroll and assigns it to the Enroll field.
+func (o *PasswordPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll) {
+	o.Enroll = &v
+}
+
+// GetIdp returns the Idp field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActions) GetIdp() IdpPolicyRuleAction {
+	if o == nil || o.Idp == nil {
+		var ret IdpPolicyRuleAction
+		return ret
+	}
+	return *o.Idp
+}
+
+// GetIdpOk returns a tuple with the Idp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool) {
+	if o == nil || o.Idp == nil {
+		return nil, false
+	}
+	return o.Idp, true
+}
+
+// HasIdp returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActions) HasIdp() bool {
+	if o != nil && o.Idp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdp gets a reference to the given IdpPolicyRuleAction and assigns it to the Idp field.
+func (o *PasswordPolicyRuleActions) SetIdp(v IdpPolicyRuleAction) {
+	o.Idp = &v
+}
+
+// GetPasswordChange returns the PasswordChange field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction {
+	if o == nil || o.PasswordChange == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.PasswordChange
+}
+
+// GetPasswordChangeOk returns a tuple with the PasswordChange field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.PasswordChange == nil {
+		return nil, false
+	}
+	return o.PasswordChange, true
+}
+
+// HasPasswordChange returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActions) HasPasswordChange() bool {
+	if o != nil && o.PasswordChange != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChange gets a reference to the given PasswordPolicyRuleAction and assigns it to the PasswordChange field.
+func (o *PasswordPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction) {
+	o.PasswordChange = &v
+}
+
+// GetSelfServicePasswordReset returns the SelfServicePasswordReset field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServicePasswordReset
+}
+
+// GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		return nil, false
+	}
+	return o.SelfServicePasswordReset, true
+}
+
+// HasSelfServicePasswordReset returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActions) HasSelfServicePasswordReset() bool {
+	if o != nil && o.SelfServicePasswordReset != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServicePasswordReset gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServicePasswordReset field.
+func (o *PasswordPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction) {
+	o.SelfServicePasswordReset = &v
+}
+
+// GetSelfServiceUnlock returns the SelfServiceUnlock field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServiceUnlock == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServiceUnlock
+}
+
+// GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServiceUnlock == nil {
+		return nil, false
+	}
+	return o.SelfServiceUnlock, true
+}
+
+// HasSelfServiceUnlock returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActions) HasSelfServiceUnlock() bool {
+	if o != nil && o.SelfServiceUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServiceUnlock gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServiceUnlock field.
+func (o *PasswordPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction) {
+	o.SelfServiceUnlock = &v
+}
+
+// GetSignon returns the Signon field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions {
+	if o == nil || o.Signon == nil {
+		var ret OktaSignOnPolicyRuleSignonActions
+		return ret
+	}
+	return *o.Signon
+}
+
+// GetSignonOk returns a tuple with the Signon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool) {
+	if o == nil || o.Signon == nil {
+		return nil, false
+	}
+	return o.Signon, true
+}
+
+// HasSignon returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActions) HasSignon() bool {
+	if o != nil && o.Signon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignon gets a reference to the given OktaSignOnPolicyRuleSignonActions and assigns it to the Signon field.
+func (o *PasswordPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions) {
+	o.Signon = &v
+}
+
+func (o PasswordPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enroll != nil {
+		toSerialize["enroll"] = o.Enroll
+	}
+	if o.Idp != nil {
+		toSerialize["idp"] = o.Idp
+	}
+	if o.PasswordChange != nil {
+		toSerialize["passwordChange"] = o.PasswordChange
+	}
+	if o.SelfServicePasswordReset != nil {
+		toSerialize["selfServicePasswordReset"] = o.SelfServicePasswordReset
+	}
+	if o.SelfServiceUnlock != nil {
+		toSerialize["selfServiceUnlock"] = o.SelfServiceUnlock
+	}
+	if o.Signon != nil {
+		toSerialize["signon"] = o.Signon
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRuleActions) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRuleActions := _PasswordPolicyRuleActions{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRuleActions)
+	if err == nil {
+		*o = PasswordPolicyRuleActions(varPasswordPolicyRuleActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enroll")
+		delete(additionalProperties, "idp")
+		delete(additionalProperties, "passwordChange")
+		delete(additionalProperties, "selfServicePasswordReset")
+		delete(additionalProperties, "selfServiceUnlock")
+		delete(additionalProperties, "signon")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRuleActions struct {
+	value *PasswordPolicyRuleActions
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRuleActions) Get() *PasswordPolicyRuleActions {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRuleActions) Set(val *PasswordPolicyRuleActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRuleActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRuleActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRuleActions(val *PasswordPolicyRuleActions) *NullablePasswordPolicyRuleActions {
+	return &NullablePasswordPolicyRuleActions{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRuleActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_rule_actions_all_of.go b/okta/model_password_policy_rule_actions_all_of.go
new file mode 100644
index 000000000..364a63475
--- /dev/null
+++ b/okta/model_password_policy_rule_actions_all_of.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRuleActionsAllOf struct for PasswordPolicyRuleActionsAllOf
+type PasswordPolicyRuleActionsAllOf struct {
+	PasswordChange           *PasswordPolicyRuleAction `json:"passwordChange,omitempty"`
+	SelfServicePasswordReset *PasswordPolicyRuleAction `json:"selfServicePasswordReset,omitempty"`
+	SelfServiceUnlock        *PasswordPolicyRuleAction `json:"selfServiceUnlock,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _PasswordPolicyRuleActionsAllOf PasswordPolicyRuleActionsAllOf
+
+// NewPasswordPolicyRuleActionsAllOf instantiates a new PasswordPolicyRuleActionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRuleActionsAllOf() *PasswordPolicyRuleActionsAllOf {
+	this := PasswordPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// NewPasswordPolicyRuleActionsAllOfWithDefaults instantiates a new PasswordPolicyRuleActionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRuleActionsAllOfWithDefaults() *PasswordPolicyRuleActionsAllOf {
+	this := PasswordPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// GetPasswordChange returns the PasswordChange field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActionsAllOf) GetPasswordChange() PasswordPolicyRuleAction {
+	if o == nil || o.PasswordChange == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.PasswordChange
+}
+
+// GetPasswordChangeOk returns a tuple with the PasswordChange field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActionsAllOf) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.PasswordChange == nil {
+		return nil, false
+	}
+	return o.PasswordChange, true
+}
+
+// HasPasswordChange returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActionsAllOf) HasPasswordChange() bool {
+	if o != nil && o.PasswordChange != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChange gets a reference to the given PasswordPolicyRuleAction and assigns it to the PasswordChange field.
+func (o *PasswordPolicyRuleActionsAllOf) SetPasswordChange(v PasswordPolicyRuleAction) {
+	o.PasswordChange = &v
+}
+
+// GetSelfServicePasswordReset returns the SelfServicePasswordReset field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActionsAllOf) GetSelfServicePasswordReset() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServicePasswordReset
+}
+
+// GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActionsAllOf) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		return nil, false
+	}
+	return o.SelfServicePasswordReset, true
+}
+
+// HasSelfServicePasswordReset returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActionsAllOf) HasSelfServicePasswordReset() bool {
+	if o != nil && o.SelfServicePasswordReset != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServicePasswordReset gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServicePasswordReset field.
+func (o *PasswordPolicyRuleActionsAllOf) SetSelfServicePasswordReset(v PasswordPolicyRuleAction) {
+	o.SelfServicePasswordReset = &v
+}
+
+// GetSelfServiceUnlock returns the SelfServiceUnlock field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleActionsAllOf) GetSelfServiceUnlock() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServiceUnlock == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServiceUnlock
+}
+
+// GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleActionsAllOf) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServiceUnlock == nil {
+		return nil, false
+	}
+	return o.SelfServiceUnlock, true
+}
+
+// HasSelfServiceUnlock returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleActionsAllOf) HasSelfServiceUnlock() bool {
+	if o != nil && o.SelfServiceUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServiceUnlock gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServiceUnlock field.
+func (o *PasswordPolicyRuleActionsAllOf) SetSelfServiceUnlock(v PasswordPolicyRuleAction) {
+	o.SelfServiceUnlock = &v
+}
+
+func (o PasswordPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.PasswordChange != nil {
+		toSerialize["passwordChange"] = o.PasswordChange
+	}
+	if o.SelfServicePasswordReset != nil {
+		toSerialize["selfServicePasswordReset"] = o.SelfServicePasswordReset
+	}
+	if o.SelfServiceUnlock != nil {
+		toSerialize["selfServiceUnlock"] = o.SelfServiceUnlock
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRuleActionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRuleActionsAllOf := _PasswordPolicyRuleActionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRuleActionsAllOf)
+	if err == nil {
+		*o = PasswordPolicyRuleActionsAllOf(varPasswordPolicyRuleActionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "passwordChange")
+		delete(additionalProperties, "selfServicePasswordReset")
+		delete(additionalProperties, "selfServiceUnlock")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRuleActionsAllOf struct {
+	value *PasswordPolicyRuleActionsAllOf
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRuleActionsAllOf) Get() *PasswordPolicyRuleActionsAllOf {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRuleActionsAllOf) Set(val *PasswordPolicyRuleActionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRuleActionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRuleActionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRuleActionsAllOf(val *PasswordPolicyRuleActionsAllOf) *NullablePasswordPolicyRuleActionsAllOf {
+	return &NullablePasswordPolicyRuleActionsAllOf{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRuleActionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_rule_all_of.go b/okta/model_password_policy_rule_all_of.go
new file mode 100644
index 000000000..5057c12b8
--- /dev/null
+++ b/okta/model_password_policy_rule_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRuleAllOf struct for PasswordPolicyRuleAllOf
+type PasswordPolicyRuleAllOf struct {
+	Actions              *PasswordPolicyRuleActions    `json:"actions,omitempty"`
+	Conditions           *PasswordPolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRuleAllOf PasswordPolicyRuleAllOf
+
+// NewPasswordPolicyRuleAllOf instantiates a new PasswordPolicyRuleAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRuleAllOf() *PasswordPolicyRuleAllOf {
+	this := PasswordPolicyRuleAllOf{}
+	return &this
+}
+
+// NewPasswordPolicyRuleAllOfWithDefaults instantiates a new PasswordPolicyRuleAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRuleAllOfWithDefaults() *PasswordPolicyRuleAllOf {
+	this := PasswordPolicyRuleAllOf{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleAllOf) GetActions() PasswordPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret PasswordPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleAllOf) GetActionsOk() (*PasswordPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleAllOf) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given PasswordPolicyRuleActions and assigns it to the Actions field.
+func (o *PasswordPolicyRuleAllOf) SetActions(v PasswordPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleAllOf) GetConditions() PasswordPolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PasswordPolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleAllOf) GetConditionsOk() (*PasswordPolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PasswordPolicyRuleConditions and assigns it to the Conditions field.
+func (o *PasswordPolicyRuleAllOf) SetConditions(v PasswordPolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o PasswordPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRuleAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRuleAllOf := _PasswordPolicyRuleAllOf{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRuleAllOf)
+	if err == nil {
+		*o = PasswordPolicyRuleAllOf(varPasswordPolicyRuleAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRuleAllOf struct {
+	value *PasswordPolicyRuleAllOf
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRuleAllOf) Get() *PasswordPolicyRuleAllOf {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRuleAllOf) Set(val *PasswordPolicyRuleAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRuleAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRuleAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRuleAllOf(val *PasswordPolicyRuleAllOf) *NullablePasswordPolicyRuleAllOf {
+	return &NullablePasswordPolicyRuleAllOf{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRuleAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_rule_conditions.go b/okta/model_password_policy_rule_conditions.go
new file mode 100644
index 000000000..ec8b65c2f
--- /dev/null
+++ b/okta/model_password_policy_rule_conditions.go
@@ -0,0 +1,898 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRuleConditions struct for PasswordPolicyRuleConditions
+type PasswordPolicyRuleConditions struct {
+	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
+	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
+	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
+	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
+	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
+	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
+	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
+	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
+	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
+	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
+	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
+	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
+	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
+	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
+	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
+	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
+	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
+	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
+	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
+	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _PasswordPolicyRuleConditions PasswordPolicyRuleConditions
+
+// NewPasswordPolicyRuleConditions instantiates a new PasswordPolicyRuleConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRuleConditions() *PasswordPolicyRuleConditions {
+	this := PasswordPolicyRuleConditions{}
+	return &this
+}
+
+// NewPasswordPolicyRuleConditionsWithDefaults instantiates a new PasswordPolicyRuleConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRuleConditionsWithDefaults() *PasswordPolicyRuleConditions {
+	this := PasswordPolicyRuleConditions{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition {
+	if o == nil || o.App == nil {
+		var ret AppAndInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given AppAndInstancePolicyRuleCondition and assigns it to the App field.
+func (o *PasswordPolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition) {
+	o.App = &v
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition {
+	if o == nil || o.Apps == nil {
+		var ret AppInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given AppInstancePolicyRuleCondition and assigns it to the Apps field.
+func (o *PasswordPolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition) {
+	o.Apps = &v
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *PasswordPolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *PasswordPolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetBeforeScheduledAction returns the BeforeScheduledAction field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition {
+	if o == nil || o.BeforeScheduledAction == nil {
+		var ret BeforeScheduledActionPolicyRuleCondition
+		return ret
+	}
+	return *o.BeforeScheduledAction
+}
+
+// GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool) {
+	if o == nil || o.BeforeScheduledAction == nil {
+		return nil, false
+	}
+	return o.BeforeScheduledAction, true
+}
+
+// HasBeforeScheduledAction returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasBeforeScheduledAction() bool {
+	if o != nil && o.BeforeScheduledAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBeforeScheduledAction gets a reference to the given BeforeScheduledActionPolicyRuleCondition and assigns it to the BeforeScheduledAction field.
+func (o *PasswordPolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition) {
+	o.BeforeScheduledAction = &v
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *PasswordPolicyRuleConditions) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetContext returns the Context field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetContext() ContextPolicyRuleCondition {
+	if o == nil || o.Context == nil {
+		var ret ContextPolicyRuleCondition
+		return ret
+	}
+	return *o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool) {
+	if o == nil || o.Context == nil {
+		return nil, false
+	}
+	return o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasContext() bool {
+	if o != nil && o.Context != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContext gets a reference to the given ContextPolicyRuleCondition and assigns it to the Context field.
+func (o *PasswordPolicyRuleConditions) SetContext(v ContextPolicyRuleCondition) {
+	o.Context = &v
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetDevice() DevicePolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DevicePolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DevicePolicyRuleCondition and assigns it to the Device field.
+func (o *PasswordPolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *PasswordPolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetGroups() GroupPolicyRuleCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupPolicyRuleCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupPolicyRuleCondition and assigns it to the Groups field.
+func (o *PasswordPolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition) {
+	o.Groups = &v
+}
+
+// GetIdentityProvider returns the IdentityProvider field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition {
+	if o == nil || o.IdentityProvider == nil {
+		var ret IdentityProviderPolicyRuleCondition
+		return ret
+	}
+	return *o.IdentityProvider
+}
+
+// GetIdentityProviderOk returns a tuple with the IdentityProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool) {
+	if o == nil || o.IdentityProvider == nil {
+		return nil, false
+	}
+	return o.IdentityProvider, true
+}
+
+// HasIdentityProvider returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasIdentityProvider() bool {
+	if o != nil && o.IdentityProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityProvider gets a reference to the given IdentityProviderPolicyRuleCondition and assigns it to the IdentityProvider field.
+func (o *PasswordPolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition) {
+	o.IdentityProvider = &v
+}
+
+// GetMdmEnrollment returns the MdmEnrollment field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition {
+	if o == nil || o.MdmEnrollment == nil {
+		var ret MDMEnrollmentPolicyRuleCondition
+		return ret
+	}
+	return *o.MdmEnrollment
+}
+
+// GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool) {
+	if o == nil || o.MdmEnrollment == nil {
+		return nil, false
+	}
+	return o.MdmEnrollment, true
+}
+
+// HasMdmEnrollment returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasMdmEnrollment() bool {
+	if o != nil && o.MdmEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMdmEnrollment gets a reference to the given MDMEnrollmentPolicyRuleCondition and assigns it to the MdmEnrollment field.
+func (o *PasswordPolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition) {
+	o.MdmEnrollment = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *PasswordPolicyRuleConditions) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *PasswordPolicyRuleConditions) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition {
+	if o == nil || o.Platform == nil {
+		var ret PlatformPolicyRuleCondition
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given PlatformPolicyRuleCondition and assigns it to the Platform field.
+func (o *PasswordPolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition) {
+	o.Platform = &v
+}
+
+// GetRisk returns the Risk field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetRisk() RiskPolicyRuleCondition {
+	if o == nil || o.Risk == nil {
+		var ret RiskPolicyRuleCondition
+		return ret
+	}
+	return *o.Risk
+}
+
+// GetRiskOk returns a tuple with the Risk field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool) {
+	if o == nil || o.Risk == nil {
+		return nil, false
+	}
+	return o.Risk, true
+}
+
+// HasRisk returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasRisk() bool {
+	if o != nil && o.Risk != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRisk gets a reference to the given RiskPolicyRuleCondition and assigns it to the Risk field.
+func (o *PasswordPolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition) {
+	o.Risk = &v
+}
+
+// GetRiskScore returns the RiskScore field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition {
+	if o == nil || o.RiskScore == nil {
+		var ret RiskScorePolicyRuleCondition
+		return ret
+	}
+	return *o.RiskScore
+}
+
+// GetRiskScoreOk returns a tuple with the RiskScore field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool) {
+	if o == nil || o.RiskScore == nil {
+		return nil, false
+	}
+	return o.RiskScore, true
+}
+
+// HasRiskScore returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasRiskScore() bool {
+	if o != nil && o.RiskScore != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskScore gets a reference to the given RiskScorePolicyRuleCondition and assigns it to the RiskScore field.
+func (o *PasswordPolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition) {
+	o.RiskScore = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *PasswordPolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+// GetUserIdentifier returns the UserIdentifier field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition {
+	if o == nil || o.UserIdentifier == nil {
+		var ret UserIdentifierPolicyRuleCondition
+		return ret
+	}
+	return *o.UserIdentifier
+}
+
+// GetUserIdentifierOk returns a tuple with the UserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool) {
+	if o == nil || o.UserIdentifier == nil {
+		return nil, false
+	}
+	return o.UserIdentifier, true
+}
+
+// HasUserIdentifier returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasUserIdentifier() bool {
+	if o != nil && o.UserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserIdentifier gets a reference to the given UserIdentifierPolicyRuleCondition and assigns it to the UserIdentifier field.
+func (o *PasswordPolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition) {
+	o.UserIdentifier = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetUsers() UserPolicyRuleCondition {
+	if o == nil || o.Users == nil {
+		var ret UserPolicyRuleCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserPolicyRuleCondition and assigns it to the Users field.
+func (o *PasswordPolicyRuleConditions) SetUsers(v UserPolicyRuleCondition) {
+	o.Users = &v
+}
+
+// GetUserStatus returns the UserStatus field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition {
+	if o == nil || o.UserStatus == nil {
+		var ret UserStatusPolicyRuleCondition
+		return ret
+	}
+	return *o.UserStatus
+}
+
+// GetUserStatusOk returns a tuple with the UserStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool) {
+	if o == nil || o.UserStatus == nil {
+		return nil, false
+	}
+	return o.UserStatus, true
+}
+
+// HasUserStatus returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditions) HasUserStatus() bool {
+	if o != nil && o.UserStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserStatus gets a reference to the given UserStatusPolicyRuleCondition and assigns it to the UserStatus field.
+func (o *PasswordPolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition) {
+	o.UserStatus = &v
+}
+
+func (o PasswordPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.BeforeScheduledAction != nil {
+		toSerialize["beforeScheduledAction"] = o.BeforeScheduledAction
+	}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.Context != nil {
+		toSerialize["context"] = o.Context
+	}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.IdentityProvider != nil {
+		toSerialize["identityProvider"] = o.IdentityProvider
+	}
+	if o.MdmEnrollment != nil {
+		toSerialize["mdmEnrollment"] = o.MdmEnrollment
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Risk != nil {
+		toSerialize["risk"] = o.Risk
+	}
+	if o.RiskScore != nil {
+		toSerialize["riskScore"] = o.RiskScore
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.UserIdentifier != nil {
+		toSerialize["userIdentifier"] = o.UserIdentifier
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.UserStatus != nil {
+		toSerialize["userStatus"] = o.UserStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRuleConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRuleConditions := _PasswordPolicyRuleConditions{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRuleConditions)
+	if err == nil {
+		*o = PasswordPolicyRuleConditions(varPasswordPolicyRuleConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "beforeScheduledAction")
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "context")
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "identityProvider")
+		delete(additionalProperties, "mdmEnrollment")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "risk")
+		delete(additionalProperties, "riskScore")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "userIdentifier")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "userStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRuleConditions struct {
+	value *PasswordPolicyRuleConditions
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRuleConditions) Get() *PasswordPolicyRuleConditions {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRuleConditions) Set(val *PasswordPolicyRuleConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRuleConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRuleConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRuleConditions(val *PasswordPolicyRuleConditions) *NullablePasswordPolicyRuleConditions {
+	return &NullablePasswordPolicyRuleConditions{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRuleConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_rule_conditions_all_of.go b/okta/model_password_policy_rule_conditions_all_of.go
new file mode 100644
index 000000000..1a389c9f1
--- /dev/null
+++ b/okta/model_password_policy_rule_conditions_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicyRuleConditionsAllOf struct for PasswordPolicyRuleConditionsAllOf
+type PasswordPolicyRuleConditionsAllOf struct {
+	Network              *PolicyNetworkCondition `json:"network,omitempty"`
+	People               *PolicyPeopleCondition  `json:"people,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicyRuleConditionsAllOf PasswordPolicyRuleConditionsAllOf
+
+// NewPasswordPolicyRuleConditionsAllOf instantiates a new PasswordPolicyRuleConditionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicyRuleConditionsAllOf() *PasswordPolicyRuleConditionsAllOf {
+	this := PasswordPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// NewPasswordPolicyRuleConditionsAllOfWithDefaults instantiates a new PasswordPolicyRuleConditionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicyRuleConditionsAllOfWithDefaults() *PasswordPolicyRuleConditionsAllOf {
+	this := PasswordPolicyRuleConditionsAllOf{}
+	return &this
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditionsAllOf) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditionsAllOf) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditionsAllOf) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *PasswordPolicyRuleConditionsAllOf) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *PasswordPolicyRuleConditionsAllOf) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicyRuleConditionsAllOf) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *PasswordPolicyRuleConditionsAllOf) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *PasswordPolicyRuleConditionsAllOf) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+func (o PasswordPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicyRuleConditionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicyRuleConditionsAllOf := _PasswordPolicyRuleConditionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicyRuleConditionsAllOf)
+	if err == nil {
+		*o = PasswordPolicyRuleConditionsAllOf(varPasswordPolicyRuleConditionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicyRuleConditionsAllOf struct {
+	value *PasswordPolicyRuleConditionsAllOf
+	isSet bool
+}
+
+func (v NullablePasswordPolicyRuleConditionsAllOf) Get() *PasswordPolicyRuleConditionsAllOf {
+	return v.value
+}
+
+func (v *NullablePasswordPolicyRuleConditionsAllOf) Set(val *PasswordPolicyRuleConditionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicyRuleConditionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicyRuleConditionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicyRuleConditionsAllOf(val *PasswordPolicyRuleConditionsAllOf) *NullablePasswordPolicyRuleConditionsAllOf {
+	return &NullablePasswordPolicyRuleConditionsAllOf{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicyRuleConditionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicyRuleConditionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_policy_settings.go b/okta/model_password_policy_settings.go
new file mode 100644
index 000000000..3cfe75e63
--- /dev/null
+++ b/okta/model_password_policy_settings.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordPolicySettings struct for PasswordPolicySettings
+type PasswordPolicySettings struct {
+	Delegation           *PasswordPolicyDelegationSettings `json:"delegation,omitempty"`
+	Password             *PasswordPolicyPasswordSettings   `json:"password,omitempty"`
+	Recovery             *PasswordPolicyRecoverySettings   `json:"recovery,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordPolicySettings PasswordPolicySettings
+
+// NewPasswordPolicySettings instantiates a new PasswordPolicySettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordPolicySettings() *PasswordPolicySettings {
+	this := PasswordPolicySettings{}
+	return &this
+}
+
+// NewPasswordPolicySettingsWithDefaults instantiates a new PasswordPolicySettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordPolicySettingsWithDefaults() *PasswordPolicySettings {
+	this := PasswordPolicySettings{}
+	return &this
+}
+
+// GetDelegation returns the Delegation field value if set, zero value otherwise.
+func (o *PasswordPolicySettings) GetDelegation() PasswordPolicyDelegationSettings {
+	if o == nil || o.Delegation == nil {
+		var ret PasswordPolicyDelegationSettings
+		return ret
+	}
+	return *o.Delegation
+}
+
+// GetDelegationOk returns a tuple with the Delegation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicySettings) GetDelegationOk() (*PasswordPolicyDelegationSettings, bool) {
+	if o == nil || o.Delegation == nil {
+		return nil, false
+	}
+	return o.Delegation, true
+}
+
+// HasDelegation returns a boolean if a field has been set.
+func (o *PasswordPolicySettings) HasDelegation() bool {
+	if o != nil && o.Delegation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDelegation gets a reference to the given PasswordPolicyDelegationSettings and assigns it to the Delegation field.
+func (o *PasswordPolicySettings) SetDelegation(v PasswordPolicyDelegationSettings) {
+	o.Delegation = &v
+}
+
+// GetPassword returns the Password field value if set, zero value otherwise.
+func (o *PasswordPolicySettings) GetPassword() PasswordPolicyPasswordSettings {
+	if o == nil || o.Password == nil {
+		var ret PasswordPolicyPasswordSettings
+		return ret
+	}
+	return *o.Password
+}
+
+// GetPasswordOk returns a tuple with the Password field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicySettings) GetPasswordOk() (*PasswordPolicyPasswordSettings, bool) {
+	if o == nil || o.Password == nil {
+		return nil, false
+	}
+	return o.Password, true
+}
+
+// HasPassword returns a boolean if a field has been set.
+func (o *PasswordPolicySettings) HasPassword() bool {
+	if o != nil && o.Password != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassword gets a reference to the given PasswordPolicyPasswordSettings and assigns it to the Password field.
+func (o *PasswordPolicySettings) SetPassword(v PasswordPolicyPasswordSettings) {
+	o.Password = &v
+}
+
+// GetRecovery returns the Recovery field value if set, zero value otherwise.
+func (o *PasswordPolicySettings) GetRecovery() PasswordPolicyRecoverySettings {
+	if o == nil || o.Recovery == nil {
+		var ret PasswordPolicyRecoverySettings
+		return ret
+	}
+	return *o.Recovery
+}
+
+// GetRecoveryOk returns a tuple with the Recovery field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordPolicySettings) GetRecoveryOk() (*PasswordPolicyRecoverySettings, bool) {
+	if o == nil || o.Recovery == nil {
+		return nil, false
+	}
+	return o.Recovery, true
+}
+
+// HasRecovery returns a boolean if a field has been set.
+func (o *PasswordPolicySettings) HasRecovery() bool {
+	if o != nil && o.Recovery != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRecovery gets a reference to the given PasswordPolicyRecoverySettings and assigns it to the Recovery field.
+func (o *PasswordPolicySettings) SetRecovery(v PasswordPolicyRecoverySettings) {
+	o.Recovery = &v
+}
+
+func (o PasswordPolicySettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Delegation != nil {
+		toSerialize["delegation"] = o.Delegation
+	}
+	if o.Password != nil {
+		toSerialize["password"] = o.Password
+	}
+	if o.Recovery != nil {
+		toSerialize["recovery"] = o.Recovery
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordPolicySettings) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordPolicySettings := _PasswordPolicySettings{}
+
+	err = json.Unmarshal(bytes, &varPasswordPolicySettings)
+	if err == nil {
+		*o = PasswordPolicySettings(varPasswordPolicySettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "delegation")
+		delete(additionalProperties, "password")
+		delete(additionalProperties, "recovery")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordPolicySettings struct {
+	value *PasswordPolicySettings
+	isSet bool
+}
+
+func (v NullablePasswordPolicySettings) Get() *PasswordPolicySettings {
+	return v.value
+}
+
+func (v *NullablePasswordPolicySettings) Set(val *PasswordPolicySettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordPolicySettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordPolicySettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordPolicySettings(val *PasswordPolicySettings) *NullablePasswordPolicySettings {
+	return &NullablePasswordPolicySettings{value: val, isSet: true}
+}
+
+func (v NullablePasswordPolicySettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordPolicySettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_protection_warning_trigger.go b/okta/model_password_protection_warning_trigger.go
new file mode 100644
index 000000000..190afa537
--- /dev/null
+++ b/okta/model_password_protection_warning_trigger.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PasswordProtectionWarningTrigger Indicates whether the Password Protection Warning feature is enabled
+type PasswordProtectionWarningTrigger string
+
+// List of PasswordProtectionWarningTrigger
+const (
+	PASSWORDPROTECTIONWARNINGTRIGGER_PASSWORD_PROTECTION_OFF PasswordProtectionWarningTrigger = "PASSWORD_PROTECTION_OFF"
+	PASSWORDPROTECTIONWARNINGTRIGGER_PASSWORD_REUSE          PasswordProtectionWarningTrigger = "PASSWORD_REUSE"
+	PASSWORDPROTECTIONWARNINGTRIGGER_PHISHING_REUSE          PasswordProtectionWarningTrigger = "PHISHING_REUSE"
+)
+
+// All allowed values of PasswordProtectionWarningTrigger enum
+var AllowedPasswordProtectionWarningTriggerEnumValues = []PasswordProtectionWarningTrigger{
+	"PASSWORD_PROTECTION_OFF",
+	"PASSWORD_REUSE",
+	"PHISHING_REUSE",
+}
+
+func (v *PasswordProtectionWarningTrigger) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PasswordProtectionWarningTrigger(value)
+	for _, existing := range AllowedPasswordProtectionWarningTriggerEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PasswordProtectionWarningTrigger", value)
+}
+
+// NewPasswordProtectionWarningTriggerFromValue returns a pointer to a valid PasswordProtectionWarningTrigger
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPasswordProtectionWarningTriggerFromValue(v string) (*PasswordProtectionWarningTrigger, error) {
+	ev := PasswordProtectionWarningTrigger(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PasswordProtectionWarningTrigger: valid values are %v", v, AllowedPasswordProtectionWarningTriggerEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PasswordProtectionWarningTrigger) IsValid() bool {
+	for _, existing := range AllowedPasswordProtectionWarningTriggerEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PasswordProtectionWarningTrigger value
+func (v PasswordProtectionWarningTrigger) Ptr() *PasswordProtectionWarningTrigger {
+	return &v
+}
+
+type NullablePasswordProtectionWarningTrigger struct {
+	value *PasswordProtectionWarningTrigger
+	isSet bool
+}
+
+func (v NullablePasswordProtectionWarningTrigger) Get() *PasswordProtectionWarningTrigger {
+	return v.value
+}
+
+func (v *NullablePasswordProtectionWarningTrigger) Set(val *PasswordProtectionWarningTrigger) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordProtectionWarningTrigger) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordProtectionWarningTrigger) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordProtectionWarningTrigger(val *PasswordProtectionWarningTrigger) *NullablePasswordProtectionWarningTrigger {
+	return &NullablePasswordProtectionWarningTrigger{value: val, isSet: true}
+}
+
+func (v NullablePasswordProtectionWarningTrigger) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordProtectionWarningTrigger) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_password_setting_object.go b/okta/model_password_setting_object.go
new file mode 100644
index 000000000..d2769882c
--- /dev/null
+++ b/okta/model_password_setting_object.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PasswordSettingObject struct for PasswordSettingObject
+type PasswordSettingObject struct {
+	Change               *ChangeEnum    `json:"change,omitempty"`
+	Seed                 *SeedEnum      `json:"seed,omitempty"`
+	Status               *EnabledStatus `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PasswordSettingObject PasswordSettingObject
+
+// NewPasswordSettingObject instantiates a new PasswordSettingObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPasswordSettingObject() *PasswordSettingObject {
+	this := PasswordSettingObject{}
+	return &this
+}
+
+// NewPasswordSettingObjectWithDefaults instantiates a new PasswordSettingObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPasswordSettingObjectWithDefaults() *PasswordSettingObject {
+	this := PasswordSettingObject{}
+	return &this
+}
+
+// GetChange returns the Change field value if set, zero value otherwise.
+func (o *PasswordSettingObject) GetChange() ChangeEnum {
+	if o == nil || o.Change == nil {
+		var ret ChangeEnum
+		return ret
+	}
+	return *o.Change
+}
+
+// GetChangeOk returns a tuple with the Change field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordSettingObject) GetChangeOk() (*ChangeEnum, bool) {
+	if o == nil || o.Change == nil {
+		return nil, false
+	}
+	return o.Change, true
+}
+
+// HasChange returns a boolean if a field has been set.
+func (o *PasswordSettingObject) HasChange() bool {
+	if o != nil && o.Change != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChange gets a reference to the given ChangeEnum and assigns it to the Change field.
+func (o *PasswordSettingObject) SetChange(v ChangeEnum) {
+	o.Change = &v
+}
+
+// GetSeed returns the Seed field value if set, zero value otherwise.
+func (o *PasswordSettingObject) GetSeed() SeedEnum {
+	if o == nil || o.Seed == nil {
+		var ret SeedEnum
+		return ret
+	}
+	return *o.Seed
+}
+
+// GetSeedOk returns a tuple with the Seed field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordSettingObject) GetSeedOk() (*SeedEnum, bool) {
+	if o == nil || o.Seed == nil {
+		return nil, false
+	}
+	return o.Seed, true
+}
+
+// HasSeed returns a boolean if a field has been set.
+func (o *PasswordSettingObject) HasSeed() bool {
+	if o != nil && o.Seed != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSeed gets a reference to the given SeedEnum and assigns it to the Seed field.
+func (o *PasswordSettingObject) SetSeed(v SeedEnum) {
+	o.Seed = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *PasswordSettingObject) GetStatus() EnabledStatus {
+	if o == nil || o.Status == nil {
+		var ret EnabledStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PasswordSettingObject) GetStatusOk() (*EnabledStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *PasswordSettingObject) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given EnabledStatus and assigns it to the Status field.
+func (o *PasswordSettingObject) SetStatus(v EnabledStatus) {
+	o.Status = &v
+}
+
+func (o PasswordSettingObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Change != nil {
+		toSerialize["change"] = o.Change
+	}
+	if o.Seed != nil {
+		toSerialize["seed"] = o.Seed
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PasswordSettingObject) UnmarshalJSON(bytes []byte) (err error) {
+	varPasswordSettingObject := _PasswordSettingObject{}
+
+	err = json.Unmarshal(bytes, &varPasswordSettingObject)
+	if err == nil {
+		*o = PasswordSettingObject(varPasswordSettingObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "change")
+		delete(additionalProperties, "seed")
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePasswordSettingObject struct {
+	value *PasswordSettingObject
+	isSet bool
+}
+
+func (v NullablePasswordSettingObject) Get() *PasswordSettingObject {
+	return v.value
+}
+
+func (v *NullablePasswordSettingObject) Set(val *PasswordSettingObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePasswordSettingObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePasswordSettingObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePasswordSettingObject(val *PasswordSettingObject) *NullablePasswordSettingObject {
+	return &NullablePasswordSettingObject{value: val, isSet: true}
+}
+
+func (v NullablePasswordSettingObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePasswordSettingObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_per_client_rate_limit_mode.go b/okta/model_per_client_rate_limit_mode.go
new file mode 100644
index 000000000..2b81ac128
--- /dev/null
+++ b/okta/model_per_client_rate_limit_mode.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PerClientRateLimitMode the model 'PerClientRateLimitMode'
+type PerClientRateLimitMode string
+
+// List of PerClientRateLimitMode
+const (
+	PERCLIENTRATELIMITMODE_DISABLE PerClientRateLimitMode = "DISABLE"
+	PERCLIENTRATELIMITMODE_ENFORCE PerClientRateLimitMode = "ENFORCE"
+	PERCLIENTRATELIMITMODE_PREVIEW PerClientRateLimitMode = "PREVIEW"
+)
+
+// All allowed values of PerClientRateLimitMode enum
+var AllowedPerClientRateLimitModeEnumValues = []PerClientRateLimitMode{
+	"DISABLE",
+	"ENFORCE",
+	"PREVIEW",
+}
+
+func (v *PerClientRateLimitMode) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PerClientRateLimitMode(value)
+	for _, existing := range AllowedPerClientRateLimitModeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PerClientRateLimitMode", value)
+}
+
+// NewPerClientRateLimitModeFromValue returns a pointer to a valid PerClientRateLimitMode
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPerClientRateLimitModeFromValue(v string) (*PerClientRateLimitMode, error) {
+	ev := PerClientRateLimitMode(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PerClientRateLimitMode: valid values are %v", v, AllowedPerClientRateLimitModeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PerClientRateLimitMode) IsValid() bool {
+	for _, existing := range AllowedPerClientRateLimitModeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PerClientRateLimitMode value
+func (v PerClientRateLimitMode) Ptr() *PerClientRateLimitMode {
+	return &v
+}
+
+type NullablePerClientRateLimitMode struct {
+	value *PerClientRateLimitMode
+	isSet bool
+}
+
+func (v NullablePerClientRateLimitMode) Get() *PerClientRateLimitMode {
+	return v.value
+}
+
+func (v *NullablePerClientRateLimitMode) Set(val *PerClientRateLimitMode) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePerClientRateLimitMode) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePerClientRateLimitMode) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePerClientRateLimitMode(val *PerClientRateLimitMode) *NullablePerClientRateLimitMode {
+	return &NullablePerClientRateLimitMode{value: val, isSet: true}
+}
+
+func (v NullablePerClientRateLimitMode) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePerClientRateLimitMode) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_per_client_rate_limit_settings.go b/okta/model_per_client_rate_limit_settings.go
new file mode 100644
index 000000000..90077d064
--- /dev/null
+++ b/okta/model_per_client_rate_limit_settings.go
@@ -0,0 +1,188 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PerClientRateLimitSettings
+type PerClientRateLimitSettings struct {
+	DefaultMode          PerClientRateLimitMode                          `json:"defaultMode"`
+	UseCaseModeOverrides *PerClientRateLimitSettingsUseCaseModeOverrides `json:"useCaseModeOverrides,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PerClientRateLimitSettings PerClientRateLimitSettings
+
+// NewPerClientRateLimitSettings instantiates a new PerClientRateLimitSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPerClientRateLimitSettings(defaultMode PerClientRateLimitMode) *PerClientRateLimitSettings {
+	this := PerClientRateLimitSettings{}
+	this.DefaultMode = defaultMode
+	return &this
+}
+
+// NewPerClientRateLimitSettingsWithDefaults instantiates a new PerClientRateLimitSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPerClientRateLimitSettingsWithDefaults() *PerClientRateLimitSettings {
+	this := PerClientRateLimitSettings{}
+	return &this
+}
+
+// GetDefaultMode returns the DefaultMode field value
+func (o *PerClientRateLimitSettings) GetDefaultMode() PerClientRateLimitMode {
+	if o == nil {
+		var ret PerClientRateLimitMode
+		return ret
+	}
+
+	return o.DefaultMode
+}
+
+// GetDefaultModeOk returns a tuple with the DefaultMode field value
+// and a boolean to check if the value has been set.
+func (o *PerClientRateLimitSettings) GetDefaultModeOk() (*PerClientRateLimitMode, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.DefaultMode, true
+}
+
+// SetDefaultMode sets field value
+func (o *PerClientRateLimitSettings) SetDefaultMode(v PerClientRateLimitMode) {
+	o.DefaultMode = v
+}
+
+// GetUseCaseModeOverrides returns the UseCaseModeOverrides field value if set, zero value otherwise.
+func (o *PerClientRateLimitSettings) GetUseCaseModeOverrides() PerClientRateLimitSettingsUseCaseModeOverrides {
+	if o == nil || o.UseCaseModeOverrides == nil {
+		var ret PerClientRateLimitSettingsUseCaseModeOverrides
+		return ret
+	}
+	return *o.UseCaseModeOverrides
+}
+
+// GetUseCaseModeOverridesOk returns a tuple with the UseCaseModeOverrides field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PerClientRateLimitSettings) GetUseCaseModeOverridesOk() (*PerClientRateLimitSettingsUseCaseModeOverrides, bool) {
+	if o == nil || o.UseCaseModeOverrides == nil {
+		return nil, false
+	}
+	return o.UseCaseModeOverrides, true
+}
+
+// HasUseCaseModeOverrides returns a boolean if a field has been set.
+func (o *PerClientRateLimitSettings) HasUseCaseModeOverrides() bool {
+	if o != nil && o.UseCaseModeOverrides != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUseCaseModeOverrides gets a reference to the given PerClientRateLimitSettingsUseCaseModeOverrides and assigns it to the UseCaseModeOverrides field.
+func (o *PerClientRateLimitSettings) SetUseCaseModeOverrides(v PerClientRateLimitSettingsUseCaseModeOverrides) {
+	o.UseCaseModeOverrides = &v
+}
+
+func (o PerClientRateLimitSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["defaultMode"] = o.DefaultMode
+	}
+	if o.UseCaseModeOverrides != nil {
+		toSerialize["useCaseModeOverrides"] = o.UseCaseModeOverrides
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PerClientRateLimitSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varPerClientRateLimitSettings := _PerClientRateLimitSettings{}
+
+	err = json.Unmarshal(bytes, &varPerClientRateLimitSettings)
+	if err == nil {
+		*o = PerClientRateLimitSettings(varPerClientRateLimitSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "defaultMode")
+		delete(additionalProperties, "useCaseModeOverrides")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePerClientRateLimitSettings struct {
+	value *PerClientRateLimitSettings
+	isSet bool
+}
+
+func (v NullablePerClientRateLimitSettings) Get() *PerClientRateLimitSettings {
+	return v.value
+}
+
+func (v *NullablePerClientRateLimitSettings) Set(val *PerClientRateLimitSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePerClientRateLimitSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePerClientRateLimitSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePerClientRateLimitSettings(val *PerClientRateLimitSettings) *NullablePerClientRateLimitSettings {
+	return &NullablePerClientRateLimitSettings{value: val, isSet: true}
+}
+
+func (v NullablePerClientRateLimitSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePerClientRateLimitSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_per_client_rate_limit_settings_use_case_mode_overrides.go b/okta/model_per_client_rate_limit_settings_use_case_mode_overrides.go
new file mode 100644
index 000000000..42a08997c
--- /dev/null
+++ b/okta/model_per_client_rate_limit_settings_use_case_mode_overrides.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PerClientRateLimitSettingsUseCaseModeOverrides A map of Per-Client Rate Limit Use Case to the applicable PerClientRateLimitMode. Overrides the `defaultMode` property for the specified use cases.
+type PerClientRateLimitSettingsUseCaseModeOverrides struct {
+	LOGIN_PAGE           *PerClientRateLimitMode `json:"LOGIN_PAGE,omitempty"`
+	OAUTH2AUTHORIZE      *PerClientRateLimitMode `json:"OAUTH2_AUTHORIZE,omitempty"`
+	OIE_APP_INTENT       *PerClientRateLimitMode `json:"OIE_APP_INTENT,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PerClientRateLimitSettingsUseCaseModeOverrides PerClientRateLimitSettingsUseCaseModeOverrides
+
+// NewPerClientRateLimitSettingsUseCaseModeOverrides instantiates a new PerClientRateLimitSettingsUseCaseModeOverrides object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPerClientRateLimitSettingsUseCaseModeOverrides() *PerClientRateLimitSettingsUseCaseModeOverrides {
+	this := PerClientRateLimitSettingsUseCaseModeOverrides{}
+	return &this
+}
+
+// NewPerClientRateLimitSettingsUseCaseModeOverridesWithDefaults instantiates a new PerClientRateLimitSettingsUseCaseModeOverrides object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPerClientRateLimitSettingsUseCaseModeOverridesWithDefaults() *PerClientRateLimitSettingsUseCaseModeOverrides {
+	this := PerClientRateLimitSettingsUseCaseModeOverrides{}
+	return &this
+}
+
+// GetLOGIN_PAGE returns the LOGIN_PAGE field value if set, zero value otherwise.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetLOGIN_PAGE() PerClientRateLimitMode {
+	if o == nil || o.LOGIN_PAGE == nil {
+		var ret PerClientRateLimitMode
+		return ret
+	}
+	return *o.LOGIN_PAGE
+}
+
+// GetLOGIN_PAGEOk returns a tuple with the LOGIN_PAGE field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetLOGIN_PAGEOk() (*PerClientRateLimitMode, bool) {
+	if o == nil || o.LOGIN_PAGE == nil {
+		return nil, false
+	}
+	return o.LOGIN_PAGE, true
+}
+
+// HasLOGIN_PAGE returns a boolean if a field has been set.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) HasLOGIN_PAGE() bool {
+	if o != nil && o.LOGIN_PAGE != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLOGIN_PAGE gets a reference to the given PerClientRateLimitMode and assigns it to the LOGIN_PAGE field.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) SetLOGIN_PAGE(v PerClientRateLimitMode) {
+	o.LOGIN_PAGE = &v
+}
+
+// GetOAUTH2AUTHORIZE returns the OAUTH2AUTHORIZE field value if set, zero value otherwise.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOAUTH2AUTHORIZE() PerClientRateLimitMode {
+	if o == nil || o.OAUTH2AUTHORIZE == nil {
+		var ret PerClientRateLimitMode
+		return ret
+	}
+	return *o.OAUTH2AUTHORIZE
+}
+
+// GetOAUTH2AUTHORIZEOk returns a tuple with the OAUTH2AUTHORIZE field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOAUTH2AUTHORIZEOk() (*PerClientRateLimitMode, bool) {
+	if o == nil || o.OAUTH2AUTHORIZE == nil {
+		return nil, false
+	}
+	return o.OAUTH2AUTHORIZE, true
+}
+
+// HasOAUTH2AUTHORIZE returns a boolean if a field has been set.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) HasOAUTH2AUTHORIZE() bool {
+	if o != nil && o.OAUTH2AUTHORIZE != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOAUTH2AUTHORIZE gets a reference to the given PerClientRateLimitMode and assigns it to the OAUTH2AUTHORIZE field.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) SetOAUTH2AUTHORIZE(v PerClientRateLimitMode) {
+	o.OAUTH2AUTHORIZE = &v
+}
+
+// GetOIE_APP_INTENT returns the OIE_APP_INTENT field value if set, zero value otherwise.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOIE_APP_INTENT() PerClientRateLimitMode {
+	if o == nil || o.OIE_APP_INTENT == nil {
+		var ret PerClientRateLimitMode
+		return ret
+	}
+	return *o.OIE_APP_INTENT
+}
+
+// GetOIE_APP_INTENTOk returns a tuple with the OIE_APP_INTENT field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) GetOIE_APP_INTENTOk() (*PerClientRateLimitMode, bool) {
+	if o == nil || o.OIE_APP_INTENT == nil {
+		return nil, false
+	}
+	return o.OIE_APP_INTENT, true
+}
+
+// HasOIE_APP_INTENT returns a boolean if a field has been set.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) HasOIE_APP_INTENT() bool {
+	if o != nil && o.OIE_APP_INTENT != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOIE_APP_INTENT gets a reference to the given PerClientRateLimitMode and assigns it to the OIE_APP_INTENT field.
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) SetOIE_APP_INTENT(v PerClientRateLimitMode) {
+	o.OIE_APP_INTENT = &v
+}
+
+func (o PerClientRateLimitSettingsUseCaseModeOverrides) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.LOGIN_PAGE != nil {
+		toSerialize["LOGIN_PAGE"] = o.LOGIN_PAGE
+	}
+	if o.OAUTH2AUTHORIZE != nil {
+		toSerialize["OAUTH2_AUTHORIZE"] = o.OAUTH2AUTHORIZE
+	}
+	if o.OIE_APP_INTENT != nil {
+		toSerialize["OIE_APP_INTENT"] = o.OIE_APP_INTENT
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PerClientRateLimitSettingsUseCaseModeOverrides) UnmarshalJSON(bytes []byte) (err error) {
+	varPerClientRateLimitSettingsUseCaseModeOverrides := _PerClientRateLimitSettingsUseCaseModeOverrides{}
+
+	err = json.Unmarshal(bytes, &varPerClientRateLimitSettingsUseCaseModeOverrides)
+	if err == nil {
+		*o = PerClientRateLimitSettingsUseCaseModeOverrides(varPerClientRateLimitSettingsUseCaseModeOverrides)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "LOGIN_PAGE")
+		delete(additionalProperties, "OAUTH2_AUTHORIZE")
+		delete(additionalProperties, "OIE_APP_INTENT")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePerClientRateLimitSettingsUseCaseModeOverrides struct {
+	value *PerClientRateLimitSettingsUseCaseModeOverrides
+	isSet bool
+}
+
+func (v NullablePerClientRateLimitSettingsUseCaseModeOverrides) Get() *PerClientRateLimitSettingsUseCaseModeOverrides {
+	return v.value
+}
+
+func (v *NullablePerClientRateLimitSettingsUseCaseModeOverrides) Set(val *PerClientRateLimitSettingsUseCaseModeOverrides) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePerClientRateLimitSettingsUseCaseModeOverrides) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePerClientRateLimitSettingsUseCaseModeOverrides) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePerClientRateLimitSettingsUseCaseModeOverrides(val *PerClientRateLimitSettingsUseCaseModeOverrides) *NullablePerClientRateLimitSettingsUseCaseModeOverrides {
+	return &NullablePerClientRateLimitSettingsUseCaseModeOverrides{value: val, isSet: true}
+}
+
+func (v NullablePerClientRateLimitSettingsUseCaseModeOverrides) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePerClientRateLimitSettingsUseCaseModeOverrides) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_permission.go b/okta/model_permission.go
new file mode 100644
index 000000000..1654e944a
--- /dev/null
+++ b/okta/model_permission.go
@@ -0,0 +1,273 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Permission struct for Permission
+type Permission struct {
+	// Timestamp when the role was created
+	Created *time.Time `json:"created,omitempty"`
+	// The permission type
+	Label *string `json:"label,omitempty"`
+	// Timestamp when the role was last updated
+	LastUpdated          *time.Time       `json:"lastUpdated,omitempty"`
+	Links                *PermissionLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Permission Permission
+
+// NewPermission instantiates a new Permission object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPermission() *Permission {
+	this := Permission{}
+	return &this
+}
+
+// NewPermissionWithDefaults instantiates a new Permission object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPermissionWithDefaults() *Permission {
+	this := Permission{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Permission) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Permission) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Permission) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Permission) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetLabel returns the Label field value if set, zero value otherwise.
+func (o *Permission) GetLabel() string {
+	if o == nil || o.Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Permission) GetLabelOk() (*string, bool) {
+	if o == nil || o.Label == nil {
+		return nil, false
+	}
+	return o.Label, true
+}
+
+// HasLabel returns a boolean if a field has been set.
+func (o *Permission) HasLabel() bool {
+	if o != nil && o.Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLabel gets a reference to the given string and assigns it to the Label field.
+func (o *Permission) SetLabel(v string) {
+	o.Label = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *Permission) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Permission) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *Permission) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *Permission) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Permission) GetLinks() PermissionLinks {
+	if o == nil || o.Links == nil {
+		var ret PermissionLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Permission) GetLinksOk() (*PermissionLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Permission) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given PermissionLinks and assigns it to the Links field.
+func (o *Permission) SetLinks(v PermissionLinks) {
+	o.Links = &v
+}
+
+func (o Permission) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Label != nil {
+		toSerialize["label"] = o.Label
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Permission) UnmarshalJSON(bytes []byte) (err error) {
+	varPermission := _Permission{}
+
+	err = json.Unmarshal(bytes, &varPermission)
+	if err == nil {
+		*o = Permission(varPermission)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePermission struct {
+	value *Permission
+	isSet bool
+}
+
+func (v NullablePermission) Get() *Permission {
+	return v.value
+}
+
+func (v *NullablePermission) Set(val *Permission) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePermission) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePermission) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePermission(val *Permission) *NullablePermission {
+	return &NullablePermission{value: val, isSet: true}
+}
+
+func (v NullablePermission) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePermission) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_permission__links.go b/okta/model_permission__links.go
new file mode 100644
index 000000000..735d73a81
--- /dev/null
+++ b/okta/model_permission__links.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PermissionLinks struct for PermissionLinks
+type PermissionLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Role                 *HrefObject `json:"role,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PermissionLinks PermissionLinks
+
+// NewPermissionLinks instantiates a new PermissionLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPermissionLinks() *PermissionLinks {
+	this := PermissionLinks{}
+	return &this
+}
+
+// NewPermissionLinksWithDefaults instantiates a new PermissionLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPermissionLinksWithDefaults() *PermissionLinks {
+	this := PermissionLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *PermissionLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PermissionLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *PermissionLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *PermissionLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetRole returns the Role field value if set, zero value otherwise.
+func (o *PermissionLinks) GetRole() HrefObject {
+	if o == nil || o.Role == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Role
+}
+
+// GetRoleOk returns a tuple with the Role field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PermissionLinks) GetRoleOk() (*HrefObject, bool) {
+	if o == nil || o.Role == nil {
+		return nil, false
+	}
+	return o.Role, true
+}
+
+// HasRole returns a boolean if a field has been set.
+func (o *PermissionLinks) HasRole() bool {
+	if o != nil && o.Role != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRole gets a reference to the given HrefObject and assigns it to the Role field.
+func (o *PermissionLinks) SetRole(v HrefObject) {
+	o.Role = &v
+}
+
+func (o PermissionLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Role != nil {
+		toSerialize["role"] = o.Role
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PermissionLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varPermissionLinks := _PermissionLinks{}
+
+	err = json.Unmarshal(bytes, &varPermissionLinks)
+	if err == nil {
+		*o = PermissionLinks(varPermissionLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "role")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePermissionLinks struct {
+	value *PermissionLinks
+	isSet bool
+}
+
+func (v NullablePermissionLinks) Get() *PermissionLinks {
+	return v.value
+}
+
+func (v *NullablePermissionLinks) Set(val *PermissionLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePermissionLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePermissionLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePermissionLinks(val *PermissionLinks) *NullablePermissionLinks {
+	return &NullablePermissionLinks{value: val, isSet: true}
+}
+
+func (v NullablePermissionLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePermissionLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_permissions.go b/okta/model_permissions.go
new file mode 100644
index 000000000..2de6ab421
--- /dev/null
+++ b/okta/model_permissions.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Permissions struct for Permissions
+type Permissions struct {
+	Permissions          []Permission `json:"permissions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Permissions Permissions
+
+// NewPermissions instantiates a new Permissions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPermissions() *Permissions {
+	this := Permissions{}
+	return &this
+}
+
+// NewPermissionsWithDefaults instantiates a new Permissions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPermissionsWithDefaults() *Permissions {
+	this := Permissions{}
+	return &this
+}
+
+// GetPermissions returns the Permissions field value if set, zero value otherwise.
+func (o *Permissions) GetPermissions() []Permission {
+	if o == nil || o.Permissions == nil {
+		var ret []Permission
+		return ret
+	}
+	return o.Permissions
+}
+
+// GetPermissionsOk returns a tuple with the Permissions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Permissions) GetPermissionsOk() ([]Permission, bool) {
+	if o == nil || o.Permissions == nil {
+		return nil, false
+	}
+	return o.Permissions, true
+}
+
+// HasPermissions returns a boolean if a field has been set.
+func (o *Permissions) HasPermissions() bool {
+	if o != nil && o.Permissions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPermissions gets a reference to the given []Permission and assigns it to the Permissions field.
+func (o *Permissions) SetPermissions(v []Permission) {
+	o.Permissions = v
+}
+
+func (o Permissions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Permissions != nil {
+		toSerialize["permissions"] = o.Permissions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Permissions) UnmarshalJSON(bytes []byte) (err error) {
+	varPermissions := _Permissions{}
+
+	err = json.Unmarshal(bytes, &varPermissions)
+	if err == nil {
+		*o = Permissions(varPermissions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "permissions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePermissions struct {
+	value *Permissions
+	isSet bool
+}
+
+func (v NullablePermissions) Get() *Permissions {
+	return v.value
+}
+
+func (v *NullablePermissions) Set(val *Permissions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePermissions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePermissions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePermissions(val *Permissions) *NullablePermissions {
+	return &NullablePermissions{value: val, isSet: true}
+}
+
+func (v NullablePermissions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePermissions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_pipeline_type.go b/okta/model_pipeline_type.go
new file mode 100644
index 000000000..646fa6625
--- /dev/null
+++ b/okta/model_pipeline_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PipelineType The authentication pipeline of the org. `idx` means the org is using the Identity Engine, while `v1` means the org is using the Classic authentication pipeline.
+type PipelineType string
+
+// List of PipelineType
+const (
+	PIPELINETYPE_IDX PipelineType = "idx"
+	PIPELINETYPE_V1  PipelineType = "v1"
+)
+
+// All allowed values of PipelineType enum
+var AllowedPipelineTypeEnumValues = []PipelineType{
+	"idx",
+	"v1",
+}
+
+func (v *PipelineType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PipelineType(value)
+	for _, existing := range AllowedPipelineTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PipelineType", value)
+}
+
+// NewPipelineTypeFromValue returns a pointer to a valid PipelineType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPipelineTypeFromValue(v string) (*PipelineType, error) {
+	ev := PipelineType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PipelineType: valid values are %v", v, AllowedPipelineTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PipelineType) IsValid() bool {
+	for _, existing := range AllowedPipelineTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PipelineType value
+func (v PipelineType) Ptr() *PipelineType {
+	return &v
+}
+
+type NullablePipelineType struct {
+	value *PipelineType
+	isSet bool
+}
+
+func (v NullablePipelineType) Get() *PipelineType {
+	return v.value
+}
+
+func (v *NullablePipelineType) Set(val *PipelineType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePipelineType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePipelineType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePipelineType(val *PipelineType) *NullablePipelineType {
+	return &NullablePipelineType{value: val, isSet: true}
+}
+
+func (v NullablePipelineType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePipelineType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_platform.go b/okta/model_platform.go
new file mode 100644
index 000000000..14a1c40dd
--- /dev/null
+++ b/okta/model_platform.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// Platform the model 'Platform'
+type Platform string
+
+// List of Platform
+const (
+	PLATFORM_ANDROID Platform = "ANDROID"
+	PLATFORM_IOS     Platform = "IOS"
+	PLATFORM_MACOS   Platform = "MACOS"
+	PLATFORM_WINDOWS Platform = "WINDOWS"
+)
+
+// All allowed values of Platform enum
+var AllowedPlatformEnumValues = []Platform{
+	"ANDROID",
+	"IOS",
+	"MACOS",
+	"WINDOWS",
+}
+
+func (v *Platform) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := Platform(value)
+	for _, existing := range AllowedPlatformEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid Platform", value)
+}
+
+// NewPlatformFromValue returns a pointer to a valid Platform
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPlatformFromValue(v string) (*Platform, error) {
+	ev := Platform(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for Platform: valid values are %v", v, AllowedPlatformEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v Platform) IsValid() bool {
+	for _, existing := range AllowedPlatformEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to Platform value
+func (v Platform) Ptr() *Platform {
+	return &v
+}
+
+type NullablePlatform struct {
+	value *Platform
+	isSet bool
+}
+
+func (v NullablePlatform) Get() *Platform {
+	return v.value
+}
+
+func (v *NullablePlatform) Set(val *Platform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePlatform(val *Platform) *NullablePlatform {
+	return &NullablePlatform{value: val, isSet: true}
+}
+
+func (v NullablePlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_platform_condition_evaluator_platform.go b/okta/model_platform_condition_evaluator_platform.go
new file mode 100644
index 000000000..e4b2c2abe
--- /dev/null
+++ b/okta/model_platform_condition_evaluator_platform.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PlatformConditionEvaluatorPlatform struct for PlatformConditionEvaluatorPlatform
+type PlatformConditionEvaluatorPlatform struct {
+	Os                   *PlatformConditionEvaluatorPlatformOperatingSystem `json:"os,omitempty"`
+	Type                 *PolicyPlatformType                                `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PlatformConditionEvaluatorPlatform PlatformConditionEvaluatorPlatform
+
+// NewPlatformConditionEvaluatorPlatform instantiates a new PlatformConditionEvaluatorPlatform object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPlatformConditionEvaluatorPlatform() *PlatformConditionEvaluatorPlatform {
+	this := PlatformConditionEvaluatorPlatform{}
+	return &this
+}
+
+// NewPlatformConditionEvaluatorPlatformWithDefaults instantiates a new PlatformConditionEvaluatorPlatform object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPlatformConditionEvaluatorPlatformWithDefaults() *PlatformConditionEvaluatorPlatform {
+	this := PlatformConditionEvaluatorPlatform{}
+	return &this
+}
+
+// GetOs returns the Os field value if set, zero value otherwise.
+func (o *PlatformConditionEvaluatorPlatform) GetOs() PlatformConditionEvaluatorPlatformOperatingSystem {
+	if o == nil || o.Os == nil {
+		var ret PlatformConditionEvaluatorPlatformOperatingSystem
+		return ret
+	}
+	return *o.Os
+}
+
+// GetOsOk returns a tuple with the Os field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformConditionEvaluatorPlatform) GetOsOk() (*PlatformConditionEvaluatorPlatformOperatingSystem, bool) {
+	if o == nil || o.Os == nil {
+		return nil, false
+	}
+	return o.Os, true
+}
+
+// HasOs returns a boolean if a field has been set.
+func (o *PlatformConditionEvaluatorPlatform) HasOs() bool {
+	if o != nil && o.Os != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOs gets a reference to the given PlatformConditionEvaluatorPlatformOperatingSystem and assigns it to the Os field.
+func (o *PlatformConditionEvaluatorPlatform) SetOs(v PlatformConditionEvaluatorPlatformOperatingSystem) {
+	o.Os = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *PlatformConditionEvaluatorPlatform) GetType() PolicyPlatformType {
+	if o == nil || o.Type == nil {
+		var ret PolicyPlatformType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformConditionEvaluatorPlatform) GetTypeOk() (*PolicyPlatformType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *PlatformConditionEvaluatorPlatform) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given PolicyPlatformType and assigns it to the Type field.
+func (o *PlatformConditionEvaluatorPlatform) SetType(v PolicyPlatformType) {
+	o.Type = &v
+}
+
+func (o PlatformConditionEvaluatorPlatform) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Os != nil {
+		toSerialize["os"] = o.Os
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PlatformConditionEvaluatorPlatform) UnmarshalJSON(bytes []byte) (err error) {
+	varPlatformConditionEvaluatorPlatform := _PlatformConditionEvaluatorPlatform{}
+
+	err = json.Unmarshal(bytes, &varPlatformConditionEvaluatorPlatform)
+	if err == nil {
+		*o = PlatformConditionEvaluatorPlatform(varPlatformConditionEvaluatorPlatform)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "os")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePlatformConditionEvaluatorPlatform struct {
+	value *PlatformConditionEvaluatorPlatform
+	isSet bool
+}
+
+func (v NullablePlatformConditionEvaluatorPlatform) Get() *PlatformConditionEvaluatorPlatform {
+	return v.value
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatform) Set(val *PlatformConditionEvaluatorPlatform) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePlatformConditionEvaluatorPlatform) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatform) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePlatformConditionEvaluatorPlatform(val *PlatformConditionEvaluatorPlatform) *NullablePlatformConditionEvaluatorPlatform {
+	return &NullablePlatformConditionEvaluatorPlatform{value: val, isSet: true}
+}
+
+func (v NullablePlatformConditionEvaluatorPlatform) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatform) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_platform_condition_evaluator_platform_operating_system.go b/okta/model_platform_condition_evaluator_platform_operating_system.go
new file mode 100644
index 000000000..0437dec24
--- /dev/null
+++ b/okta/model_platform_condition_evaluator_platform_operating_system.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PlatformConditionEvaluatorPlatformOperatingSystem struct for PlatformConditionEvaluatorPlatformOperatingSystem
+type PlatformConditionEvaluatorPlatformOperatingSystem struct {
+	Expression           *string                                                   `json:"expression,omitempty"`
+	Type                 *PolicyPlatformOperatingSystemType                        `json:"type,omitempty"`
+	Version              *PlatformConditionEvaluatorPlatformOperatingSystemVersion `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PlatformConditionEvaluatorPlatformOperatingSystem PlatformConditionEvaluatorPlatformOperatingSystem
+
+// NewPlatformConditionEvaluatorPlatformOperatingSystem instantiates a new PlatformConditionEvaluatorPlatformOperatingSystem object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPlatformConditionEvaluatorPlatformOperatingSystem() *PlatformConditionEvaluatorPlatformOperatingSystem {
+	this := PlatformConditionEvaluatorPlatformOperatingSystem{}
+	return &this
+}
+
+// NewPlatformConditionEvaluatorPlatformOperatingSystemWithDefaults instantiates a new PlatformConditionEvaluatorPlatformOperatingSystem object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPlatformConditionEvaluatorPlatformOperatingSystemWithDefaults() *PlatformConditionEvaluatorPlatformOperatingSystem {
+	this := PlatformConditionEvaluatorPlatformOperatingSystem{}
+	return &this
+}
+
+// GetExpression returns the Expression field value if set, zero value otherwise.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetExpression() string {
+	if o == nil || o.Expression == nil {
+		var ret string
+		return ret
+	}
+	return *o.Expression
+}
+
+// GetExpressionOk returns a tuple with the Expression field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetExpressionOk() (*string, bool) {
+	if o == nil || o.Expression == nil {
+		return nil, false
+	}
+	return o.Expression, true
+}
+
+// HasExpression returns a boolean if a field has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) HasExpression() bool {
+	if o != nil && o.Expression != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpression gets a reference to the given string and assigns it to the Expression field.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) SetExpression(v string) {
+	o.Expression = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetType() PolicyPlatformOperatingSystemType {
+	if o == nil || o.Type == nil {
+		var ret PolicyPlatformOperatingSystemType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetTypeOk() (*PolicyPlatformOperatingSystemType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given PolicyPlatformOperatingSystemType and assigns it to the Type field.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) SetType(v PolicyPlatformOperatingSystemType) {
+	o.Type = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetVersion() PlatformConditionEvaluatorPlatformOperatingSystemVersion {
+	if o == nil || o.Version == nil {
+		var ret PlatformConditionEvaluatorPlatformOperatingSystemVersion
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) GetVersionOk() (*PlatformConditionEvaluatorPlatformOperatingSystemVersion, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given PlatformConditionEvaluatorPlatformOperatingSystemVersion and assigns it to the Version field.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) SetVersion(v PlatformConditionEvaluatorPlatformOperatingSystemVersion) {
+	o.Version = &v
+}
+
+func (o PlatformConditionEvaluatorPlatformOperatingSystem) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Expression != nil {
+		toSerialize["expression"] = o.Expression
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PlatformConditionEvaluatorPlatformOperatingSystem) UnmarshalJSON(bytes []byte) (err error) {
+	varPlatformConditionEvaluatorPlatformOperatingSystem := _PlatformConditionEvaluatorPlatformOperatingSystem{}
+
+	err = json.Unmarshal(bytes, &varPlatformConditionEvaluatorPlatformOperatingSystem)
+	if err == nil {
+		*o = PlatformConditionEvaluatorPlatformOperatingSystem(varPlatformConditionEvaluatorPlatformOperatingSystem)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expression")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePlatformConditionEvaluatorPlatformOperatingSystem struct {
+	value *PlatformConditionEvaluatorPlatformOperatingSystem
+	isSet bool
+}
+
+func (v NullablePlatformConditionEvaluatorPlatformOperatingSystem) Get() *PlatformConditionEvaluatorPlatformOperatingSystem {
+	return v.value
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatformOperatingSystem) Set(val *PlatformConditionEvaluatorPlatformOperatingSystem) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePlatformConditionEvaluatorPlatformOperatingSystem) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatformOperatingSystem) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePlatformConditionEvaluatorPlatformOperatingSystem(val *PlatformConditionEvaluatorPlatformOperatingSystem) *NullablePlatformConditionEvaluatorPlatformOperatingSystem {
+	return &NullablePlatformConditionEvaluatorPlatformOperatingSystem{value: val, isSet: true}
+}
+
+func (v NullablePlatformConditionEvaluatorPlatformOperatingSystem) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatformOperatingSystem) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_platform_condition_evaluator_platform_operating_system_version.go b/okta/model_platform_condition_evaluator_platform_operating_system_version.go
new file mode 100644
index 000000000..bc545dcac
--- /dev/null
+++ b/okta/model_platform_condition_evaluator_platform_operating_system_version.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PlatformConditionEvaluatorPlatformOperatingSystemVersion struct for PlatformConditionEvaluatorPlatformOperatingSystemVersion
+type PlatformConditionEvaluatorPlatformOperatingSystemVersion struct {
+	MatchType            *PlatformConditionOperatingSystemVersionMatchType `json:"matchType,omitempty"`
+	Value                *string                                           `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PlatformConditionEvaluatorPlatformOperatingSystemVersion PlatformConditionEvaluatorPlatformOperatingSystemVersion
+
+// NewPlatformConditionEvaluatorPlatformOperatingSystemVersion instantiates a new PlatformConditionEvaluatorPlatformOperatingSystemVersion object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPlatformConditionEvaluatorPlatformOperatingSystemVersion() *PlatformConditionEvaluatorPlatformOperatingSystemVersion {
+	this := PlatformConditionEvaluatorPlatformOperatingSystemVersion{}
+	return &this
+}
+
+// NewPlatformConditionEvaluatorPlatformOperatingSystemVersionWithDefaults instantiates a new PlatformConditionEvaluatorPlatformOperatingSystemVersion object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPlatformConditionEvaluatorPlatformOperatingSystemVersionWithDefaults() *PlatformConditionEvaluatorPlatformOperatingSystemVersion {
+	this := PlatformConditionEvaluatorPlatformOperatingSystemVersion{}
+	return &this
+}
+
+// GetMatchType returns the MatchType field value if set, zero value otherwise.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetMatchType() PlatformConditionOperatingSystemVersionMatchType {
+	if o == nil || o.MatchType == nil {
+		var ret PlatformConditionOperatingSystemVersionMatchType
+		return ret
+	}
+	return *o.MatchType
+}
+
+// GetMatchTypeOk returns a tuple with the MatchType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetMatchTypeOk() (*PlatformConditionOperatingSystemVersionMatchType, bool) {
+	if o == nil || o.MatchType == nil {
+		return nil, false
+	}
+	return o.MatchType, true
+}
+
+// HasMatchType returns a boolean if a field has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) HasMatchType() bool {
+	if o != nil && o.MatchType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMatchType gets a reference to the given PlatformConditionOperatingSystemVersionMatchType and assigns it to the MatchType field.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) SetMatchType(v PlatformConditionOperatingSystemVersionMatchType) {
+	o.MatchType = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o PlatformConditionEvaluatorPlatformOperatingSystemVersion) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MatchType != nil {
+		toSerialize["matchType"] = o.MatchType
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PlatformConditionEvaluatorPlatformOperatingSystemVersion) UnmarshalJSON(bytes []byte) (err error) {
+	varPlatformConditionEvaluatorPlatformOperatingSystemVersion := _PlatformConditionEvaluatorPlatformOperatingSystemVersion{}
+
+	err = json.Unmarshal(bytes, &varPlatformConditionEvaluatorPlatformOperatingSystemVersion)
+	if err == nil {
+		*o = PlatformConditionEvaluatorPlatformOperatingSystemVersion(varPlatformConditionEvaluatorPlatformOperatingSystemVersion)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "matchType")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion struct {
+	value *PlatformConditionEvaluatorPlatformOperatingSystemVersion
+	isSet bool
+}
+
+func (v NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion) Get() *PlatformConditionEvaluatorPlatformOperatingSystemVersion {
+	return v.value
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion) Set(val *PlatformConditionEvaluatorPlatformOperatingSystemVersion) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePlatformConditionEvaluatorPlatformOperatingSystemVersion(val *PlatformConditionEvaluatorPlatformOperatingSystemVersion) *NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion {
+	return &NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion{value: val, isSet: true}
+}
+
+func (v NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePlatformConditionEvaluatorPlatformOperatingSystemVersion) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_platform_condition_operating_system_version_match_type.go b/okta/model_platform_condition_operating_system_version_match_type.go
new file mode 100644
index 000000000..c70fec9d4
--- /dev/null
+++ b/okta/model_platform_condition_operating_system_version_match_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PlatformConditionOperatingSystemVersionMatchType the model 'PlatformConditionOperatingSystemVersionMatchType'
+type PlatformConditionOperatingSystemVersionMatchType string
+
+// List of PlatformConditionOperatingSystemVersionMatchType
+const (
+	PLATFORMCONDITIONOPERATINGSYSTEMVERSIONMATCHTYPE_EXPRESSION PlatformConditionOperatingSystemVersionMatchType = "EXPRESSION"
+	PLATFORMCONDITIONOPERATINGSYSTEMVERSIONMATCHTYPE_SEMVER     PlatformConditionOperatingSystemVersionMatchType = "SEMVER"
+)
+
+// All allowed values of PlatformConditionOperatingSystemVersionMatchType enum
+var AllowedPlatformConditionOperatingSystemVersionMatchTypeEnumValues = []PlatformConditionOperatingSystemVersionMatchType{
+	"EXPRESSION",
+	"SEMVER",
+}
+
+func (v *PlatformConditionOperatingSystemVersionMatchType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PlatformConditionOperatingSystemVersionMatchType(value)
+	for _, existing := range AllowedPlatformConditionOperatingSystemVersionMatchTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PlatformConditionOperatingSystemVersionMatchType", value)
+}
+
+// NewPlatformConditionOperatingSystemVersionMatchTypeFromValue returns a pointer to a valid PlatformConditionOperatingSystemVersionMatchType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPlatformConditionOperatingSystemVersionMatchTypeFromValue(v string) (*PlatformConditionOperatingSystemVersionMatchType, error) {
+	ev := PlatformConditionOperatingSystemVersionMatchType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PlatformConditionOperatingSystemVersionMatchType: valid values are %v", v, AllowedPlatformConditionOperatingSystemVersionMatchTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PlatformConditionOperatingSystemVersionMatchType) IsValid() bool {
+	for _, existing := range AllowedPlatformConditionOperatingSystemVersionMatchTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PlatformConditionOperatingSystemVersionMatchType value
+func (v PlatformConditionOperatingSystemVersionMatchType) Ptr() *PlatformConditionOperatingSystemVersionMatchType {
+	return &v
+}
+
+type NullablePlatformConditionOperatingSystemVersionMatchType struct {
+	value *PlatformConditionOperatingSystemVersionMatchType
+	isSet bool
+}
+
+func (v NullablePlatformConditionOperatingSystemVersionMatchType) Get() *PlatformConditionOperatingSystemVersionMatchType {
+	return v.value
+}
+
+func (v *NullablePlatformConditionOperatingSystemVersionMatchType) Set(val *PlatformConditionOperatingSystemVersionMatchType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePlatformConditionOperatingSystemVersionMatchType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePlatformConditionOperatingSystemVersionMatchType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePlatformConditionOperatingSystemVersionMatchType(val *PlatformConditionOperatingSystemVersionMatchType) *NullablePlatformConditionOperatingSystemVersionMatchType {
+	return &NullablePlatformConditionOperatingSystemVersionMatchType{value: val, isSet: true}
+}
+
+func (v NullablePlatformConditionOperatingSystemVersionMatchType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePlatformConditionOperatingSystemVersionMatchType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_platform_policy_rule_condition.go b/okta/model_platform_policy_rule_condition.go
new file mode 100644
index 000000000..430015f12
--- /dev/null
+++ b/okta/model_platform_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PlatformPolicyRuleCondition struct for PlatformPolicyRuleCondition
+type PlatformPolicyRuleCondition struct {
+	Exclude              []PlatformConditionEvaluatorPlatform `json:"exclude,omitempty"`
+	Include              []PlatformConditionEvaluatorPlatform `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PlatformPolicyRuleCondition PlatformPolicyRuleCondition
+
+// NewPlatformPolicyRuleCondition instantiates a new PlatformPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPlatformPolicyRuleCondition() *PlatformPolicyRuleCondition {
+	this := PlatformPolicyRuleCondition{}
+	return &this
+}
+
+// NewPlatformPolicyRuleConditionWithDefaults instantiates a new PlatformPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPlatformPolicyRuleConditionWithDefaults() *PlatformPolicyRuleCondition {
+	this := PlatformPolicyRuleCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *PlatformPolicyRuleCondition) GetExclude() []PlatformConditionEvaluatorPlatform {
+	if o == nil || o.Exclude == nil {
+		var ret []PlatformConditionEvaluatorPlatform
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformPolicyRuleCondition) GetExcludeOk() ([]PlatformConditionEvaluatorPlatform, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *PlatformPolicyRuleCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []PlatformConditionEvaluatorPlatform and assigns it to the Exclude field.
+func (o *PlatformPolicyRuleCondition) SetExclude(v []PlatformConditionEvaluatorPlatform) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *PlatformPolicyRuleCondition) GetInclude() []PlatformConditionEvaluatorPlatform {
+	if o == nil || o.Include == nil {
+		var ret []PlatformConditionEvaluatorPlatform
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PlatformPolicyRuleCondition) GetIncludeOk() ([]PlatformConditionEvaluatorPlatform, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *PlatformPolicyRuleCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []PlatformConditionEvaluatorPlatform and assigns it to the Include field.
+func (o *PlatformPolicyRuleCondition) SetInclude(v []PlatformConditionEvaluatorPlatform) {
+	o.Include = v
+}
+
+func (o PlatformPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PlatformPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varPlatformPolicyRuleCondition := _PlatformPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varPlatformPolicyRuleCondition)
+	if err == nil {
+		*o = PlatformPolicyRuleCondition(varPlatformPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePlatformPolicyRuleCondition struct {
+	value *PlatformPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullablePlatformPolicyRuleCondition) Get() *PlatformPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullablePlatformPolicyRuleCondition) Set(val *PlatformPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePlatformPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePlatformPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePlatformPolicyRuleCondition(val *PlatformPolicyRuleCondition) *NullablePlatformPolicyRuleCondition {
+	return &NullablePlatformPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullablePlatformPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePlatformPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy.go b/okta/model_policy.go
new file mode 100644
index 000000000..8fc5065aa
--- /dev/null
+++ b/okta/model_policy.go
@@ -0,0 +1,529 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Policy struct for Policy
+type Policy struct {
+	Created              *time.Time                        `json:"created,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Priority             *int32                            `json:"priority,omitempty"`
+	Status               *LifecycleStatus                  `json:"status,omitempty"`
+	System               *bool                             `json:"system,omitempty"`
+	Type                 *PolicyType                       `json:"type,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Policy Policy
+
+// NewPolicy instantiates a new Policy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicy() *Policy {
+	this := Policy{}
+	return &this
+}
+
+// NewPolicyWithDefaults instantiates a new Policy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyWithDefaults() *Policy {
+	this := Policy{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Policy) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Policy) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Policy) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *Policy) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *Policy) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *Policy) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Policy) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Policy) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Policy) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *Policy) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *Policy) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *Policy) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *Policy) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *Policy) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *Policy) SetName(v string) {
+	o.Name = &v
+}
+
+// GetPriority returns the Priority field value if set, zero value otherwise.
+func (o *Policy) GetPriority() int32 {
+	if o == nil || o.Priority == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Priority
+}
+
+// GetPriorityOk returns a tuple with the Priority field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetPriorityOk() (*int32, bool) {
+	if o == nil || o.Priority == nil {
+		return nil, false
+	}
+	return o.Priority, true
+}
+
+// HasPriority returns a boolean if a field has been set.
+func (o *Policy) HasPriority() bool {
+	if o != nil && o.Priority != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPriority gets a reference to the given int32 and assigns it to the Priority field.
+func (o *Policy) SetPriority(v int32) {
+	o.Priority = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Policy) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Policy) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *Policy) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetSystem returns the System field value if set, zero value otherwise.
+func (o *Policy) GetSystem() bool {
+	if o == nil || o.System == nil {
+		var ret bool
+		return ret
+	}
+	return *o.System
+}
+
+// GetSystemOk returns a tuple with the System field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetSystemOk() (*bool, bool) {
+	if o == nil || o.System == nil {
+		return nil, false
+	}
+	return o.System, true
+}
+
+// HasSystem returns a boolean if a field has been set.
+func (o *Policy) HasSystem() bool {
+	if o != nil && o.System != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSystem gets a reference to the given bool and assigns it to the System field.
+func (o *Policy) SetSystem(v bool) {
+	o.System = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *Policy) GetType() PolicyType {
+	if o == nil || o.Type == nil {
+		var ret PolicyType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetTypeOk() (*PolicyType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *Policy) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given PolicyType and assigns it to the Type field.
+func (o *Policy) SetType(v PolicyType) {
+	o.Type = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *Policy) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *Policy) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *Policy) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Policy) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Policy) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Policy) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *Policy) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o Policy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Priority != nil {
+		toSerialize["priority"] = o.Priority
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.System != nil {
+		toSerialize["system"] = o.System
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Policy) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicy := _Policy{}
+
+	err = json.Unmarshal(bytes, &varPolicy)
+	if err == nil {
+		*o = Policy(varPolicy)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "priority")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "system")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicy struct {
+	value *Policy
+	isSet bool
+}
+
+func (v NullablePolicy) Get() *Policy {
+	return v.value
+}
+
+func (v *NullablePolicy) Set(val *Policy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicy(val *Policy) *NullablePolicy {
+	return &NullablePolicy{value: val, isSet: true}
+}
+
+func (v NullablePolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_access.go b/okta/model_policy_access.go
new file mode 100644
index 000000000..7a2546b36
--- /dev/null
+++ b/okta/model_policy_access.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyAccess the model 'PolicyAccess'
+type PolicyAccess string
+
+// List of PolicyAccess
+const (
+	POLICYACCESS_ALLOW PolicyAccess = "ALLOW"
+	POLICYACCESS_DENY  PolicyAccess = "DENY"
+)
+
+// All allowed values of PolicyAccess enum
+var AllowedPolicyAccessEnumValues = []PolicyAccess{
+	"ALLOW",
+	"DENY",
+}
+
+func (v *PolicyAccess) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyAccess(value)
+	for _, existing := range AllowedPolicyAccessEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyAccess", value)
+}
+
+// NewPolicyAccessFromValue returns a pointer to a valid PolicyAccess
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyAccessFromValue(v string) (*PolicyAccess, error) {
+	ev := PolicyAccess(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyAccess: valid values are %v", v, AllowedPolicyAccessEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyAccess) IsValid() bool {
+	for _, existing := range AllowedPolicyAccessEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyAccess value
+func (v PolicyAccess) Ptr() *PolicyAccess {
+	return &v
+}
+
+type NullablePolicyAccess struct {
+	value *PolicyAccess
+	isSet bool
+}
+
+func (v NullablePolicyAccess) Get() *PolicyAccess {
+	return v.value
+}
+
+func (v *NullablePolicyAccess) Set(val *PolicyAccess) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyAccess) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyAccess) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyAccess(val *PolicyAccess) *NullablePolicyAccess {
+	return &NullablePolicyAccess{value: val, isSet: true}
+}
+
+func (v NullablePolicyAccess) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyAccess) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_account_link.go b/okta/model_policy_account_link.go
new file mode 100644
index 000000000..73f3415d0
--- /dev/null
+++ b/okta/model_policy_account_link.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyAccountLink struct for PolicyAccountLink
+type PolicyAccountLink struct {
+	Action               *PolicyAccountLinkAction `json:"action,omitempty"`
+	Filter               *PolicyAccountLinkFilter `json:"filter,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyAccountLink PolicyAccountLink
+
+// NewPolicyAccountLink instantiates a new PolicyAccountLink object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyAccountLink() *PolicyAccountLink {
+	this := PolicyAccountLink{}
+	return &this
+}
+
+// NewPolicyAccountLinkWithDefaults instantiates a new PolicyAccountLink object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyAccountLinkWithDefaults() *PolicyAccountLink {
+	this := PolicyAccountLink{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *PolicyAccountLink) GetAction() PolicyAccountLinkAction {
+	if o == nil || o.Action == nil {
+		var ret PolicyAccountLinkAction
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyAccountLink) GetActionOk() (*PolicyAccountLinkAction, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *PolicyAccountLink) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given PolicyAccountLinkAction and assigns it to the Action field.
+func (o *PolicyAccountLink) SetAction(v PolicyAccountLinkAction) {
+	o.Action = &v
+}
+
+// GetFilter returns the Filter field value if set, zero value otherwise.
+func (o *PolicyAccountLink) GetFilter() PolicyAccountLinkFilter {
+	if o == nil || o.Filter == nil {
+		var ret PolicyAccountLinkFilter
+		return ret
+	}
+	return *o.Filter
+}
+
+// GetFilterOk returns a tuple with the Filter field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyAccountLink) GetFilterOk() (*PolicyAccountLinkFilter, bool) {
+	if o == nil || o.Filter == nil {
+		return nil, false
+	}
+	return o.Filter, true
+}
+
+// HasFilter returns a boolean if a field has been set.
+func (o *PolicyAccountLink) HasFilter() bool {
+	if o != nil && o.Filter != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFilter gets a reference to the given PolicyAccountLinkFilter and assigns it to the Filter field.
+func (o *PolicyAccountLink) SetFilter(v PolicyAccountLinkFilter) {
+	o.Filter = &v
+}
+
+func (o PolicyAccountLink) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+	if o.Filter != nil {
+		toSerialize["filter"] = o.Filter
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyAccountLink) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyAccountLink := _PolicyAccountLink{}
+
+	err = json.Unmarshal(bytes, &varPolicyAccountLink)
+	if err == nil {
+		*o = PolicyAccountLink(varPolicyAccountLink)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		delete(additionalProperties, "filter")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyAccountLink struct {
+	value *PolicyAccountLink
+	isSet bool
+}
+
+func (v NullablePolicyAccountLink) Get() *PolicyAccountLink {
+	return v.value
+}
+
+func (v *NullablePolicyAccountLink) Set(val *PolicyAccountLink) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyAccountLink) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyAccountLink) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyAccountLink(val *PolicyAccountLink) *NullablePolicyAccountLink {
+	return &NullablePolicyAccountLink{value: val, isSet: true}
+}
+
+func (v NullablePolicyAccountLink) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyAccountLink) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_account_link_action.go b/okta/model_policy_account_link_action.go
new file mode 100644
index 000000000..29c27845a
--- /dev/null
+++ b/okta/model_policy_account_link_action.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyAccountLinkAction the model 'PolicyAccountLinkAction'
+type PolicyAccountLinkAction string
+
+// List of PolicyAccountLinkAction
+const (
+	POLICYACCOUNTLINKACTION_AUTO     PolicyAccountLinkAction = "AUTO"
+	POLICYACCOUNTLINKACTION_DISABLED PolicyAccountLinkAction = "DISABLED"
+)
+
+// All allowed values of PolicyAccountLinkAction enum
+var AllowedPolicyAccountLinkActionEnumValues = []PolicyAccountLinkAction{
+	"AUTO",
+	"DISABLED",
+}
+
+func (v *PolicyAccountLinkAction) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyAccountLinkAction(value)
+	for _, existing := range AllowedPolicyAccountLinkActionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyAccountLinkAction", value)
+}
+
+// NewPolicyAccountLinkActionFromValue returns a pointer to a valid PolicyAccountLinkAction
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyAccountLinkActionFromValue(v string) (*PolicyAccountLinkAction, error) {
+	ev := PolicyAccountLinkAction(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyAccountLinkAction: valid values are %v", v, AllowedPolicyAccountLinkActionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyAccountLinkAction) IsValid() bool {
+	for _, existing := range AllowedPolicyAccountLinkActionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyAccountLinkAction value
+func (v PolicyAccountLinkAction) Ptr() *PolicyAccountLinkAction {
+	return &v
+}
+
+type NullablePolicyAccountLinkAction struct {
+	value *PolicyAccountLinkAction
+	isSet bool
+}
+
+func (v NullablePolicyAccountLinkAction) Get() *PolicyAccountLinkAction {
+	return v.value
+}
+
+func (v *NullablePolicyAccountLinkAction) Set(val *PolicyAccountLinkAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyAccountLinkAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyAccountLinkAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyAccountLinkAction(val *PolicyAccountLinkAction) *NullablePolicyAccountLinkAction {
+	return &NullablePolicyAccountLinkAction{value: val, isSet: true}
+}
+
+func (v NullablePolicyAccountLinkAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyAccountLinkAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_account_link_filter.go b/okta/model_policy_account_link_filter.go
new file mode 100644
index 000000000..8a45ff305
--- /dev/null
+++ b/okta/model_policy_account_link_filter.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyAccountLinkFilter struct for PolicyAccountLinkFilter
+type PolicyAccountLinkFilter struct {
+	Groups               *PolicyAccountLinkFilterGroups `json:"groups,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyAccountLinkFilter PolicyAccountLinkFilter
+
+// NewPolicyAccountLinkFilter instantiates a new PolicyAccountLinkFilter object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyAccountLinkFilter() *PolicyAccountLinkFilter {
+	this := PolicyAccountLinkFilter{}
+	return &this
+}
+
+// NewPolicyAccountLinkFilterWithDefaults instantiates a new PolicyAccountLinkFilter object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyAccountLinkFilterWithDefaults() *PolicyAccountLinkFilter {
+	this := PolicyAccountLinkFilter{}
+	return &this
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *PolicyAccountLinkFilter) GetGroups() PolicyAccountLinkFilterGroups {
+	if o == nil || o.Groups == nil {
+		var ret PolicyAccountLinkFilterGroups
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyAccountLinkFilter) GetGroupsOk() (*PolicyAccountLinkFilterGroups, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *PolicyAccountLinkFilter) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given PolicyAccountLinkFilterGroups and assigns it to the Groups field.
+func (o *PolicyAccountLinkFilter) SetGroups(v PolicyAccountLinkFilterGroups) {
+	o.Groups = &v
+}
+
+func (o PolicyAccountLinkFilter) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyAccountLinkFilter) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyAccountLinkFilter := _PolicyAccountLinkFilter{}
+
+	err = json.Unmarshal(bytes, &varPolicyAccountLinkFilter)
+	if err == nil {
+		*o = PolicyAccountLinkFilter(varPolicyAccountLinkFilter)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "groups")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyAccountLinkFilter struct {
+	value *PolicyAccountLinkFilter
+	isSet bool
+}
+
+func (v NullablePolicyAccountLinkFilter) Get() *PolicyAccountLinkFilter {
+	return v.value
+}
+
+func (v *NullablePolicyAccountLinkFilter) Set(val *PolicyAccountLinkFilter) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyAccountLinkFilter) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyAccountLinkFilter) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyAccountLinkFilter(val *PolicyAccountLinkFilter) *NullablePolicyAccountLinkFilter {
+	return &NullablePolicyAccountLinkFilter{value: val, isSet: true}
+}
+
+func (v NullablePolicyAccountLinkFilter) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyAccountLinkFilter) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_account_link_filter_groups.go b/okta/model_policy_account_link_filter_groups.go
new file mode 100644
index 000000000..00f4e8f74
--- /dev/null
+++ b/okta/model_policy_account_link_filter_groups.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyAccountLinkFilterGroups struct for PolicyAccountLinkFilterGroups
+type PolicyAccountLinkFilterGroups struct {
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyAccountLinkFilterGroups PolicyAccountLinkFilterGroups
+
+// NewPolicyAccountLinkFilterGroups instantiates a new PolicyAccountLinkFilterGroups object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyAccountLinkFilterGroups() *PolicyAccountLinkFilterGroups {
+	this := PolicyAccountLinkFilterGroups{}
+	return &this
+}
+
+// NewPolicyAccountLinkFilterGroupsWithDefaults instantiates a new PolicyAccountLinkFilterGroups object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyAccountLinkFilterGroupsWithDefaults() *PolicyAccountLinkFilterGroups {
+	this := PolicyAccountLinkFilterGroups{}
+	return &this
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *PolicyAccountLinkFilterGroups) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyAccountLinkFilterGroups) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *PolicyAccountLinkFilterGroups) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *PolicyAccountLinkFilterGroups) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o PolicyAccountLinkFilterGroups) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyAccountLinkFilterGroups) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyAccountLinkFilterGroups := _PolicyAccountLinkFilterGroups{}
+
+	err = json.Unmarshal(bytes, &varPolicyAccountLinkFilterGroups)
+	if err == nil {
+		*o = PolicyAccountLinkFilterGroups(varPolicyAccountLinkFilterGroups)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyAccountLinkFilterGroups struct {
+	value *PolicyAccountLinkFilterGroups
+	isSet bool
+}
+
+func (v NullablePolicyAccountLinkFilterGroups) Get() *PolicyAccountLinkFilterGroups {
+	return v.value
+}
+
+func (v *NullablePolicyAccountLinkFilterGroups) Set(val *PolicyAccountLinkFilterGroups) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyAccountLinkFilterGroups) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyAccountLinkFilterGroups) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyAccountLinkFilterGroups(val *PolicyAccountLinkFilterGroups) *NullablePolicyAccountLinkFilterGroups {
+	return &NullablePolicyAccountLinkFilterGroups{value: val, isSet: true}
+}
+
+func (v NullablePolicyAccountLinkFilterGroups) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyAccountLinkFilterGroups) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_network_condition.go b/okta/model_policy_network_condition.go
new file mode 100644
index 000000000..457d8ca19
--- /dev/null
+++ b/okta/model_policy_network_condition.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyNetworkCondition struct for PolicyNetworkCondition
+type PolicyNetworkCondition struct {
+	Connection           *PolicyNetworkConnection `json:"connection,omitempty"`
+	Exclude              []string                 `json:"exclude,omitempty"`
+	Include              []string                 `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyNetworkCondition PolicyNetworkCondition
+
+// NewPolicyNetworkCondition instantiates a new PolicyNetworkCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyNetworkCondition() *PolicyNetworkCondition {
+	this := PolicyNetworkCondition{}
+	return &this
+}
+
+// NewPolicyNetworkConditionWithDefaults instantiates a new PolicyNetworkCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyNetworkConditionWithDefaults() *PolicyNetworkCondition {
+	this := PolicyNetworkCondition{}
+	return &this
+}
+
+// GetConnection returns the Connection field value if set, zero value otherwise.
+func (o *PolicyNetworkCondition) GetConnection() PolicyNetworkConnection {
+	if o == nil || o.Connection == nil {
+		var ret PolicyNetworkConnection
+		return ret
+	}
+	return *o.Connection
+}
+
+// GetConnectionOk returns a tuple with the Connection field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyNetworkCondition) GetConnectionOk() (*PolicyNetworkConnection, bool) {
+	if o == nil || o.Connection == nil {
+		return nil, false
+	}
+	return o.Connection, true
+}
+
+// HasConnection returns a boolean if a field has been set.
+func (o *PolicyNetworkCondition) HasConnection() bool {
+	if o != nil && o.Connection != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConnection gets a reference to the given PolicyNetworkConnection and assigns it to the Connection field.
+func (o *PolicyNetworkCondition) SetConnection(v PolicyNetworkConnection) {
+	o.Connection = &v
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *PolicyNetworkCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyNetworkCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *PolicyNetworkCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *PolicyNetworkCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *PolicyNetworkCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyNetworkCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *PolicyNetworkCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *PolicyNetworkCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o PolicyNetworkCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Connection != nil {
+		toSerialize["connection"] = o.Connection
+	}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyNetworkCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyNetworkCondition := _PolicyNetworkCondition{}
+
+	err = json.Unmarshal(bytes, &varPolicyNetworkCondition)
+	if err == nil {
+		*o = PolicyNetworkCondition(varPolicyNetworkCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "connection")
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyNetworkCondition struct {
+	value *PolicyNetworkCondition
+	isSet bool
+}
+
+func (v NullablePolicyNetworkCondition) Get() *PolicyNetworkCondition {
+	return v.value
+}
+
+func (v *NullablePolicyNetworkCondition) Set(val *PolicyNetworkCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyNetworkCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyNetworkCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyNetworkCondition(val *PolicyNetworkCondition) *NullablePolicyNetworkCondition {
+	return &NullablePolicyNetworkCondition{value: val, isSet: true}
+}
+
+func (v NullablePolicyNetworkCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyNetworkCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_network_connection.go b/okta/model_policy_network_connection.go
new file mode 100644
index 000000000..0ed1dcca0
--- /dev/null
+++ b/okta/model_policy_network_connection.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyNetworkConnection the model 'PolicyNetworkConnection'
+type PolicyNetworkConnection string
+
+// List of PolicyNetworkConnection
+const (
+	POLICYNETWORKCONNECTION_ANYWHERE PolicyNetworkConnection = "ANYWHERE"
+	POLICYNETWORKCONNECTION_ZONE     PolicyNetworkConnection = "ZONE"
+)
+
+// All allowed values of PolicyNetworkConnection enum
+var AllowedPolicyNetworkConnectionEnumValues = []PolicyNetworkConnection{
+	"ANYWHERE",
+	"ZONE",
+}
+
+func (v *PolicyNetworkConnection) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyNetworkConnection(value)
+	for _, existing := range AllowedPolicyNetworkConnectionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyNetworkConnection", value)
+}
+
+// NewPolicyNetworkConnectionFromValue returns a pointer to a valid PolicyNetworkConnection
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyNetworkConnectionFromValue(v string) (*PolicyNetworkConnection, error) {
+	ev := PolicyNetworkConnection(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyNetworkConnection: valid values are %v", v, AllowedPolicyNetworkConnectionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyNetworkConnection) IsValid() bool {
+	for _, existing := range AllowedPolicyNetworkConnectionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyNetworkConnection value
+func (v PolicyNetworkConnection) Ptr() *PolicyNetworkConnection {
+	return &v
+}
+
+type NullablePolicyNetworkConnection struct {
+	value *PolicyNetworkConnection
+	isSet bool
+}
+
+func (v NullablePolicyNetworkConnection) Get() *PolicyNetworkConnection {
+	return v.value
+}
+
+func (v *NullablePolicyNetworkConnection) Set(val *PolicyNetworkConnection) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyNetworkConnection) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyNetworkConnection) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyNetworkConnection(val *PolicyNetworkConnection) *NullablePolicyNetworkConnection {
+	return &NullablePolicyNetworkConnection{value: val, isSet: true}
+}
+
+func (v NullablePolicyNetworkConnection) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyNetworkConnection) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_people_condition.go b/okta/model_policy_people_condition.go
new file mode 100644
index 000000000..5691b915f
--- /dev/null
+++ b/okta/model_policy_people_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyPeopleCondition struct for PolicyPeopleCondition
+type PolicyPeopleCondition struct {
+	Groups               *GroupCondition `json:"groups,omitempty"`
+	Users                *UserCondition  `json:"users,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyPeopleCondition PolicyPeopleCondition
+
+// NewPolicyPeopleCondition instantiates a new PolicyPeopleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyPeopleCondition() *PolicyPeopleCondition {
+	this := PolicyPeopleCondition{}
+	return &this
+}
+
+// NewPolicyPeopleConditionWithDefaults instantiates a new PolicyPeopleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyPeopleConditionWithDefaults() *PolicyPeopleCondition {
+	this := PolicyPeopleCondition{}
+	return &this
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *PolicyPeopleCondition) GetGroups() GroupCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyPeopleCondition) GetGroupsOk() (*GroupCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *PolicyPeopleCondition) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupCondition and assigns it to the Groups field.
+func (o *PolicyPeopleCondition) SetGroups(v GroupCondition) {
+	o.Groups = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *PolicyPeopleCondition) GetUsers() UserCondition {
+	if o == nil || o.Users == nil {
+		var ret UserCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyPeopleCondition) GetUsersOk() (*UserCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *PolicyPeopleCondition) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserCondition and assigns it to the Users field.
+func (o *PolicyPeopleCondition) SetUsers(v UserCondition) {
+	o.Users = &v
+}
+
+func (o PolicyPeopleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyPeopleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyPeopleCondition := _PolicyPeopleCondition{}
+
+	err = json.Unmarshal(bytes, &varPolicyPeopleCondition)
+	if err == nil {
+		*o = PolicyPeopleCondition(varPolicyPeopleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "users")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyPeopleCondition struct {
+	value *PolicyPeopleCondition
+	isSet bool
+}
+
+func (v NullablePolicyPeopleCondition) Get() *PolicyPeopleCondition {
+	return v.value
+}
+
+func (v *NullablePolicyPeopleCondition) Set(val *PolicyPeopleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyPeopleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyPeopleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyPeopleCondition(val *PolicyPeopleCondition) *NullablePolicyPeopleCondition {
+	return &NullablePolicyPeopleCondition{value: val, isSet: true}
+}
+
+func (v NullablePolicyPeopleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyPeopleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_platform_operating_system_type.go b/okta/model_policy_platform_operating_system_type.go
new file mode 100644
index 000000000..8b94d3782
--- /dev/null
+++ b/okta/model_policy_platform_operating_system_type.go
@@ -0,0 +1,132 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyPlatformOperatingSystemType the model 'PolicyPlatformOperatingSystemType'
+type PolicyPlatformOperatingSystemType string
+
+// List of PolicyPlatformOperatingSystemType
+const (
+	POLICYPLATFORMOPERATINGSYSTEMTYPE_ANDROID PolicyPlatformOperatingSystemType = "ANDROID"
+	POLICYPLATFORMOPERATINGSYSTEMTYPE_ANY     PolicyPlatformOperatingSystemType = "ANY"
+	POLICYPLATFORMOPERATINGSYSTEMTYPE_IOS     PolicyPlatformOperatingSystemType = "IOS"
+	POLICYPLATFORMOPERATINGSYSTEMTYPE_OSX     PolicyPlatformOperatingSystemType = "OSX"
+	POLICYPLATFORMOPERATINGSYSTEMTYPE_OTHER   PolicyPlatformOperatingSystemType = "OTHER"
+	POLICYPLATFORMOPERATINGSYSTEMTYPE_WINDOWS PolicyPlatformOperatingSystemType = "WINDOWS"
+)
+
+// All allowed values of PolicyPlatformOperatingSystemType enum
+var AllowedPolicyPlatformOperatingSystemTypeEnumValues = []PolicyPlatformOperatingSystemType{
+	"ANDROID",
+	"ANY",
+	"IOS",
+	"OSX",
+	"OTHER",
+	"WINDOWS",
+}
+
+func (v *PolicyPlatformOperatingSystemType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyPlatformOperatingSystemType(value)
+	for _, existing := range AllowedPolicyPlatformOperatingSystemTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyPlatformOperatingSystemType", value)
+}
+
+// NewPolicyPlatformOperatingSystemTypeFromValue returns a pointer to a valid PolicyPlatformOperatingSystemType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyPlatformOperatingSystemTypeFromValue(v string) (*PolicyPlatformOperatingSystemType, error) {
+	ev := PolicyPlatformOperatingSystemType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyPlatformOperatingSystemType: valid values are %v", v, AllowedPolicyPlatformOperatingSystemTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyPlatformOperatingSystemType) IsValid() bool {
+	for _, existing := range AllowedPolicyPlatformOperatingSystemTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyPlatformOperatingSystemType value
+func (v PolicyPlatformOperatingSystemType) Ptr() *PolicyPlatformOperatingSystemType {
+	return &v
+}
+
+type NullablePolicyPlatformOperatingSystemType struct {
+	value *PolicyPlatformOperatingSystemType
+	isSet bool
+}
+
+func (v NullablePolicyPlatformOperatingSystemType) Get() *PolicyPlatformOperatingSystemType {
+	return v.value
+}
+
+func (v *NullablePolicyPlatformOperatingSystemType) Set(val *PolicyPlatformOperatingSystemType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyPlatformOperatingSystemType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyPlatformOperatingSystemType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyPlatformOperatingSystemType(val *PolicyPlatformOperatingSystemType) *NullablePolicyPlatformOperatingSystemType {
+	return &NullablePolicyPlatformOperatingSystemType{value: val, isSet: true}
+}
+
+func (v NullablePolicyPlatformOperatingSystemType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyPlatformOperatingSystemType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_platform_type.go b/okta/model_policy_platform_type.go
new file mode 100644
index 000000000..0f989030c
--- /dev/null
+++ b/okta/model_policy_platform_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyPlatformType the model 'PolicyPlatformType'
+type PolicyPlatformType string
+
+// List of PolicyPlatformType
+const (
+	POLICYPLATFORMTYPE_ANY     PolicyPlatformType = "ANY"
+	POLICYPLATFORMTYPE_DESKTOP PolicyPlatformType = "DESKTOP"
+	POLICYPLATFORMTYPE_MOBILE  PolicyPlatformType = "MOBILE"
+	POLICYPLATFORMTYPE_OTHER   PolicyPlatformType = "OTHER"
+)
+
+// All allowed values of PolicyPlatformType enum
+var AllowedPolicyPlatformTypeEnumValues = []PolicyPlatformType{
+	"ANY",
+	"DESKTOP",
+	"MOBILE",
+	"OTHER",
+}
+
+func (v *PolicyPlatformType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyPlatformType(value)
+	for _, existing := range AllowedPolicyPlatformTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyPlatformType", value)
+}
+
+// NewPolicyPlatformTypeFromValue returns a pointer to a valid PolicyPlatformType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyPlatformTypeFromValue(v string) (*PolicyPlatformType, error) {
+	ev := PolicyPlatformType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyPlatformType: valid values are %v", v, AllowedPolicyPlatformTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyPlatformType) IsValid() bool {
+	for _, existing := range AllowedPolicyPlatformTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyPlatformType value
+func (v PolicyPlatformType) Ptr() *PolicyPlatformType {
+	return &v
+}
+
+type NullablePolicyPlatformType struct {
+	value *PolicyPlatformType
+	isSet bool
+}
+
+func (v NullablePolicyPlatformType) Get() *PolicyPlatformType {
+	return v.value
+}
+
+func (v *NullablePolicyPlatformType) Set(val *PolicyPlatformType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyPlatformType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyPlatformType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyPlatformType(val *PolicyPlatformType) *NullablePolicyPlatformType {
+	return &NullablePolicyPlatformType{value: val, isSet: true}
+}
+
+func (v NullablePolicyPlatformType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyPlatformType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule.go b/okta/model_policy_rule.go
new file mode 100644
index 000000000..ec22fc1b0
--- /dev/null
+++ b/okta/model_policy_rule.go
@@ -0,0 +1,444 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// PolicyRule struct for PolicyRule
+type PolicyRule struct {
+	Created              NullableTime     `json:"created,omitempty"`
+	Id                   *string          `json:"id,omitempty"`
+	LastUpdated          NullableTime     `json:"lastUpdated,omitempty"`
+	Name                 *string          `json:"name,omitempty"`
+	Priority             *int32           `json:"priority,omitempty"`
+	Status               *LifecycleStatus `json:"status,omitempty"`
+	System               *bool            `json:"system,omitempty"`
+	Type                 *PolicyRuleType  `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyRule PolicyRule
+
+// NewPolicyRule instantiates a new PolicyRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyRule() *PolicyRule {
+	this := PolicyRule{}
+	var system bool = false
+	this.System = &system
+	return &this
+}
+
+// NewPolicyRuleWithDefaults instantiates a new PolicyRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyRuleWithDefaults() *PolicyRule {
+	this := PolicyRule{}
+	var system bool = false
+	this.System = &system
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *PolicyRule) GetCreated() time.Time {
+	if o == nil || o.Created.Get() == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created.Get()
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *PolicyRule) GetCreatedOk() (*time.Time, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.Created.Get(), o.Created.IsSet()
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *PolicyRule) HasCreated() bool {
+	if o != nil && o.Created.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given NullableTime and assigns it to the Created field.
+func (o *PolicyRule) SetCreated(v time.Time) {
+	o.Created.Set(&v)
+}
+
+// SetCreatedNil sets the value for Created to be an explicit nil
+func (o *PolicyRule) SetCreatedNil() {
+	o.Created.Set(nil)
+}
+
+// UnsetCreated ensures that no value is present for Created, not even an explicit nil
+func (o *PolicyRule) UnsetCreated() {
+	o.Created.Unset()
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *PolicyRule) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRule) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *PolicyRule) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *PolicyRule) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *PolicyRule) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated.Get() == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated.Get()
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *PolicyRule) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.LastUpdated.Get(), o.LastUpdated.IsSet()
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *PolicyRule) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given NullableTime and assigns it to the LastUpdated field.
+func (o *PolicyRule) SetLastUpdated(v time.Time) {
+	o.LastUpdated.Set(&v)
+}
+
+// SetLastUpdatedNil sets the value for LastUpdated to be an explicit nil
+func (o *PolicyRule) SetLastUpdatedNil() {
+	o.LastUpdated.Set(nil)
+}
+
+// UnsetLastUpdated ensures that no value is present for LastUpdated, not even an explicit nil
+func (o *PolicyRule) UnsetLastUpdated() {
+	o.LastUpdated.Unset()
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *PolicyRule) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRule) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *PolicyRule) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *PolicyRule) SetName(v string) {
+	o.Name = &v
+}
+
+// GetPriority returns the Priority field value if set, zero value otherwise.
+func (o *PolicyRule) GetPriority() int32 {
+	if o == nil || o.Priority == nil {
+		var ret int32
+		return ret
+	}
+	return *o.Priority
+}
+
+// GetPriorityOk returns a tuple with the Priority field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRule) GetPriorityOk() (*int32, bool) {
+	if o == nil || o.Priority == nil {
+		return nil, false
+	}
+	return o.Priority, true
+}
+
+// HasPriority returns a boolean if a field has been set.
+func (o *PolicyRule) HasPriority() bool {
+	if o != nil && o.Priority != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPriority gets a reference to the given int32 and assigns it to the Priority field.
+func (o *PolicyRule) SetPriority(v int32) {
+	o.Priority = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *PolicyRule) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRule) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *PolicyRule) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *PolicyRule) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetSystem returns the System field value if set, zero value otherwise.
+func (o *PolicyRule) GetSystem() bool {
+	if o == nil || o.System == nil {
+		var ret bool
+		return ret
+	}
+	return *o.System
+}
+
+// GetSystemOk returns a tuple with the System field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRule) GetSystemOk() (*bool, bool) {
+	if o == nil || o.System == nil {
+		return nil, false
+	}
+	return o.System, true
+}
+
+// HasSystem returns a boolean if a field has been set.
+func (o *PolicyRule) HasSystem() bool {
+	if o != nil && o.System != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSystem gets a reference to the given bool and assigns it to the System field.
+func (o *PolicyRule) SetSystem(v bool) {
+	o.System = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *PolicyRule) GetType() PolicyRuleType {
+	if o == nil || o.Type == nil {
+		var ret PolicyRuleType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRule) GetTypeOk() (*PolicyRuleType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *PolicyRule) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given PolicyRuleType and assigns it to the Type field.
+func (o *PolicyRule) SetType(v PolicyRuleType) {
+	o.Type = &v
+}
+
+func (o PolicyRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created.IsSet() {
+		toSerialize["created"] = o.Created.Get()
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated.IsSet() {
+		toSerialize["lastUpdated"] = o.LastUpdated.Get()
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Priority != nil {
+		toSerialize["priority"] = o.Priority
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.System != nil {
+		toSerialize["system"] = o.System
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyRule) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyRule := _PolicyRule{}
+
+	err = json.Unmarshal(bytes, &varPolicyRule)
+	if err == nil {
+		*o = PolicyRule(varPolicyRule)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "priority")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "system")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyRule struct {
+	value *PolicyRule
+	isSet bool
+}
+
+func (v NullablePolicyRule) Get() *PolicyRule {
+	return v.value
+}
+
+func (v *NullablePolicyRule) Set(val *PolicyRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRule(val *PolicyRule) *NullablePolicyRule {
+	return &NullablePolicyRule{value: val, isSet: true}
+}
+
+func (v NullablePolicyRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule_actions.go b/okta/model_policy_rule_actions.go
new file mode 100644
index 000000000..c7b4f8246
--- /dev/null
+++ b/okta/model_policy_rule_actions.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyRuleActions struct for PolicyRuleActions
+type PolicyRuleActions struct {
+	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
+	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
+	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
+	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
+	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
+	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _PolicyRuleActions PolicyRuleActions
+
+// NewPolicyRuleActions instantiates a new PolicyRuleActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyRuleActions() *PolicyRuleActions {
+	this := PolicyRuleActions{}
+	return &this
+}
+
+// NewPolicyRuleActionsWithDefaults instantiates a new PolicyRuleActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyRuleActionsWithDefaults() *PolicyRuleActions {
+	this := PolicyRuleActions{}
+	return &this
+}
+
+// GetEnroll returns the Enroll field value if set, zero value otherwise.
+func (o *PolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll {
+	if o == nil || o.Enroll == nil {
+		var ret PolicyRuleActionsEnroll
+		return ret
+	}
+	return *o.Enroll
+}
+
+// GetEnrollOk returns a tuple with the Enroll field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool) {
+	if o == nil || o.Enroll == nil {
+		return nil, false
+	}
+	return o.Enroll, true
+}
+
+// HasEnroll returns a boolean if a field has been set.
+func (o *PolicyRuleActions) HasEnroll() bool {
+	if o != nil && o.Enroll != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnroll gets a reference to the given PolicyRuleActionsEnroll and assigns it to the Enroll field.
+func (o *PolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll) {
+	o.Enroll = &v
+}
+
+// GetIdp returns the Idp field value if set, zero value otherwise.
+func (o *PolicyRuleActions) GetIdp() IdpPolicyRuleAction {
+	if o == nil || o.Idp == nil {
+		var ret IdpPolicyRuleAction
+		return ret
+	}
+	return *o.Idp
+}
+
+// GetIdpOk returns a tuple with the Idp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool) {
+	if o == nil || o.Idp == nil {
+		return nil, false
+	}
+	return o.Idp, true
+}
+
+// HasIdp returns a boolean if a field has been set.
+func (o *PolicyRuleActions) HasIdp() bool {
+	if o != nil && o.Idp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdp gets a reference to the given IdpPolicyRuleAction and assigns it to the Idp field.
+func (o *PolicyRuleActions) SetIdp(v IdpPolicyRuleAction) {
+	o.Idp = &v
+}
+
+// GetPasswordChange returns the PasswordChange field value if set, zero value otherwise.
+func (o *PolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction {
+	if o == nil || o.PasswordChange == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.PasswordChange
+}
+
+// GetPasswordChangeOk returns a tuple with the PasswordChange field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.PasswordChange == nil {
+		return nil, false
+	}
+	return o.PasswordChange, true
+}
+
+// HasPasswordChange returns a boolean if a field has been set.
+func (o *PolicyRuleActions) HasPasswordChange() bool {
+	if o != nil && o.PasswordChange != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChange gets a reference to the given PasswordPolicyRuleAction and assigns it to the PasswordChange field.
+func (o *PolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction) {
+	o.PasswordChange = &v
+}
+
+// GetSelfServicePasswordReset returns the SelfServicePasswordReset field value if set, zero value otherwise.
+func (o *PolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServicePasswordReset
+}
+
+// GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		return nil, false
+	}
+	return o.SelfServicePasswordReset, true
+}
+
+// HasSelfServicePasswordReset returns a boolean if a field has been set.
+func (o *PolicyRuleActions) HasSelfServicePasswordReset() bool {
+	if o != nil && o.SelfServicePasswordReset != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServicePasswordReset gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServicePasswordReset field.
+func (o *PolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction) {
+	o.SelfServicePasswordReset = &v
+}
+
+// GetSelfServiceUnlock returns the SelfServiceUnlock field value if set, zero value otherwise.
+func (o *PolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServiceUnlock == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServiceUnlock
+}
+
+// GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServiceUnlock == nil {
+		return nil, false
+	}
+	return o.SelfServiceUnlock, true
+}
+
+// HasSelfServiceUnlock returns a boolean if a field has been set.
+func (o *PolicyRuleActions) HasSelfServiceUnlock() bool {
+	if o != nil && o.SelfServiceUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServiceUnlock gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServiceUnlock field.
+func (o *PolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction) {
+	o.SelfServiceUnlock = &v
+}
+
+// GetSignon returns the Signon field value if set, zero value otherwise.
+func (o *PolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions {
+	if o == nil || o.Signon == nil {
+		var ret OktaSignOnPolicyRuleSignonActions
+		return ret
+	}
+	return *o.Signon
+}
+
+// GetSignonOk returns a tuple with the Signon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool) {
+	if o == nil || o.Signon == nil {
+		return nil, false
+	}
+	return o.Signon, true
+}
+
+// HasSignon returns a boolean if a field has been set.
+func (o *PolicyRuleActions) HasSignon() bool {
+	if o != nil && o.Signon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignon gets a reference to the given OktaSignOnPolicyRuleSignonActions and assigns it to the Signon field.
+func (o *PolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions) {
+	o.Signon = &v
+}
+
+func (o PolicyRuleActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enroll != nil {
+		toSerialize["enroll"] = o.Enroll
+	}
+	if o.Idp != nil {
+		toSerialize["idp"] = o.Idp
+	}
+	if o.PasswordChange != nil {
+		toSerialize["passwordChange"] = o.PasswordChange
+	}
+	if o.SelfServicePasswordReset != nil {
+		toSerialize["selfServicePasswordReset"] = o.SelfServicePasswordReset
+	}
+	if o.SelfServiceUnlock != nil {
+		toSerialize["selfServiceUnlock"] = o.SelfServiceUnlock
+	}
+	if o.Signon != nil {
+		toSerialize["signon"] = o.Signon
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyRuleActions) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyRuleActions := _PolicyRuleActions{}
+
+	err = json.Unmarshal(bytes, &varPolicyRuleActions)
+	if err == nil {
+		*o = PolicyRuleActions(varPolicyRuleActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enroll")
+		delete(additionalProperties, "idp")
+		delete(additionalProperties, "passwordChange")
+		delete(additionalProperties, "selfServicePasswordReset")
+		delete(additionalProperties, "selfServiceUnlock")
+		delete(additionalProperties, "signon")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyRuleActions struct {
+	value *PolicyRuleActions
+	isSet bool
+}
+
+func (v NullablePolicyRuleActions) Get() *PolicyRuleActions {
+	return v.value
+}
+
+func (v *NullablePolicyRuleActions) Set(val *PolicyRuleActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRuleActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRuleActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRuleActions(val *PolicyRuleActions) *NullablePolicyRuleActions {
+	return &NullablePolicyRuleActions{value: val, isSet: true}
+}
+
+func (v NullablePolicyRuleActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRuleActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule_actions_enroll.go b/okta/model_policy_rule_actions_enroll.go
new file mode 100644
index 000000000..6da14af2a
--- /dev/null
+++ b/okta/model_policy_rule_actions_enroll.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyRuleActionsEnroll struct for PolicyRuleActionsEnroll
+type PolicyRuleActionsEnroll struct {
+	Self                 *PolicyRuleActionsEnrollSelf `json:"self,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyRuleActionsEnroll PolicyRuleActionsEnroll
+
+// NewPolicyRuleActionsEnroll instantiates a new PolicyRuleActionsEnroll object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyRuleActionsEnroll() *PolicyRuleActionsEnroll {
+	this := PolicyRuleActionsEnroll{}
+	return &this
+}
+
+// NewPolicyRuleActionsEnrollWithDefaults instantiates a new PolicyRuleActionsEnroll object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyRuleActionsEnrollWithDefaults() *PolicyRuleActionsEnroll {
+	this := PolicyRuleActionsEnroll{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *PolicyRuleActionsEnroll) GetSelf() PolicyRuleActionsEnrollSelf {
+	if o == nil || o.Self == nil {
+		var ret PolicyRuleActionsEnrollSelf
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleActionsEnroll) GetSelfOk() (*PolicyRuleActionsEnrollSelf, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *PolicyRuleActionsEnroll) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given PolicyRuleActionsEnrollSelf and assigns it to the Self field.
+func (o *PolicyRuleActionsEnroll) SetSelf(v PolicyRuleActionsEnrollSelf) {
+	o.Self = &v
+}
+
+func (o PolicyRuleActionsEnroll) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyRuleActionsEnroll) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyRuleActionsEnroll := _PolicyRuleActionsEnroll{}
+
+	err = json.Unmarshal(bytes, &varPolicyRuleActionsEnroll)
+	if err == nil {
+		*o = PolicyRuleActionsEnroll(varPolicyRuleActionsEnroll)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyRuleActionsEnroll struct {
+	value *PolicyRuleActionsEnroll
+	isSet bool
+}
+
+func (v NullablePolicyRuleActionsEnroll) Get() *PolicyRuleActionsEnroll {
+	return v.value
+}
+
+func (v *NullablePolicyRuleActionsEnroll) Set(val *PolicyRuleActionsEnroll) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRuleActionsEnroll) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRuleActionsEnroll) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRuleActionsEnroll(val *PolicyRuleActionsEnroll) *NullablePolicyRuleActionsEnroll {
+	return &NullablePolicyRuleActionsEnroll{value: val, isSet: true}
+}
+
+func (v NullablePolicyRuleActionsEnroll) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRuleActionsEnroll) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule_actions_enroll_self.go b/okta/model_policy_rule_actions_enroll_self.go
new file mode 100644
index 000000000..7d8d89538
--- /dev/null
+++ b/okta/model_policy_rule_actions_enroll_self.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyRuleActionsEnrollSelf the model 'PolicyRuleActionsEnrollSelf'
+type PolicyRuleActionsEnrollSelf string
+
+// List of PolicyRuleActionsEnrollSelf
+const (
+	POLICYRULEACTIONSENROLLSELF_CHALLENGE PolicyRuleActionsEnrollSelf = "CHALLENGE"
+	POLICYRULEACTIONSENROLLSELF_LOGIN     PolicyRuleActionsEnrollSelf = "LOGIN"
+	POLICYRULEACTIONSENROLLSELF_NEVER     PolicyRuleActionsEnrollSelf = "NEVER"
+)
+
+// All allowed values of PolicyRuleActionsEnrollSelf enum
+var AllowedPolicyRuleActionsEnrollSelfEnumValues = []PolicyRuleActionsEnrollSelf{
+	"CHALLENGE",
+	"LOGIN",
+	"NEVER",
+}
+
+func (v *PolicyRuleActionsEnrollSelf) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyRuleActionsEnrollSelf(value)
+	for _, existing := range AllowedPolicyRuleActionsEnrollSelfEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyRuleActionsEnrollSelf", value)
+}
+
+// NewPolicyRuleActionsEnrollSelfFromValue returns a pointer to a valid PolicyRuleActionsEnrollSelf
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyRuleActionsEnrollSelfFromValue(v string) (*PolicyRuleActionsEnrollSelf, error) {
+	ev := PolicyRuleActionsEnrollSelf(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyRuleActionsEnrollSelf: valid values are %v", v, AllowedPolicyRuleActionsEnrollSelfEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyRuleActionsEnrollSelf) IsValid() bool {
+	for _, existing := range AllowedPolicyRuleActionsEnrollSelfEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyRuleActionsEnrollSelf value
+func (v PolicyRuleActionsEnrollSelf) Ptr() *PolicyRuleActionsEnrollSelf {
+	return &v
+}
+
+type NullablePolicyRuleActionsEnrollSelf struct {
+	value *PolicyRuleActionsEnrollSelf
+	isSet bool
+}
+
+func (v NullablePolicyRuleActionsEnrollSelf) Get() *PolicyRuleActionsEnrollSelf {
+	return v.value
+}
+
+func (v *NullablePolicyRuleActionsEnrollSelf) Set(val *PolicyRuleActionsEnrollSelf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRuleActionsEnrollSelf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRuleActionsEnrollSelf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRuleActionsEnrollSelf(val *PolicyRuleActionsEnrollSelf) *NullablePolicyRuleActionsEnrollSelf {
+	return &NullablePolicyRuleActionsEnrollSelf{value: val, isSet: true}
+}
+
+func (v NullablePolicyRuleActionsEnrollSelf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRuleActionsEnrollSelf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule_auth_context_condition.go b/okta/model_policy_rule_auth_context_condition.go
new file mode 100644
index 000000000..aa12b7a6d
--- /dev/null
+++ b/okta/model_policy_rule_auth_context_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyRuleAuthContextCondition struct for PolicyRuleAuthContextCondition
+type PolicyRuleAuthContextCondition struct {
+	AuthType             *PolicyRuleAuthContextType `json:"authType,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyRuleAuthContextCondition PolicyRuleAuthContextCondition
+
+// NewPolicyRuleAuthContextCondition instantiates a new PolicyRuleAuthContextCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyRuleAuthContextCondition() *PolicyRuleAuthContextCondition {
+	this := PolicyRuleAuthContextCondition{}
+	return &this
+}
+
+// NewPolicyRuleAuthContextConditionWithDefaults instantiates a new PolicyRuleAuthContextCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyRuleAuthContextConditionWithDefaults() *PolicyRuleAuthContextCondition {
+	this := PolicyRuleAuthContextCondition{}
+	return &this
+}
+
+// GetAuthType returns the AuthType field value if set, zero value otherwise.
+func (o *PolicyRuleAuthContextCondition) GetAuthType() PolicyRuleAuthContextType {
+	if o == nil || o.AuthType == nil {
+		var ret PolicyRuleAuthContextType
+		return ret
+	}
+	return *o.AuthType
+}
+
+// GetAuthTypeOk returns a tuple with the AuthType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleAuthContextCondition) GetAuthTypeOk() (*PolicyRuleAuthContextType, bool) {
+	if o == nil || o.AuthType == nil {
+		return nil, false
+	}
+	return o.AuthType, true
+}
+
+// HasAuthType returns a boolean if a field has been set.
+func (o *PolicyRuleAuthContextCondition) HasAuthType() bool {
+	if o != nil && o.AuthType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthType gets a reference to the given PolicyRuleAuthContextType and assigns it to the AuthType field.
+func (o *PolicyRuleAuthContextCondition) SetAuthType(v PolicyRuleAuthContextType) {
+	o.AuthType = &v
+}
+
+func (o PolicyRuleAuthContextCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthType != nil {
+		toSerialize["authType"] = o.AuthType
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyRuleAuthContextCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyRuleAuthContextCondition := _PolicyRuleAuthContextCondition{}
+
+	err = json.Unmarshal(bytes, &varPolicyRuleAuthContextCondition)
+	if err == nil {
+		*o = PolicyRuleAuthContextCondition(varPolicyRuleAuthContextCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authType")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyRuleAuthContextCondition struct {
+	value *PolicyRuleAuthContextCondition
+	isSet bool
+}
+
+func (v NullablePolicyRuleAuthContextCondition) Get() *PolicyRuleAuthContextCondition {
+	return v.value
+}
+
+func (v *NullablePolicyRuleAuthContextCondition) Set(val *PolicyRuleAuthContextCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRuleAuthContextCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRuleAuthContextCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRuleAuthContextCondition(val *PolicyRuleAuthContextCondition) *NullablePolicyRuleAuthContextCondition {
+	return &NullablePolicyRuleAuthContextCondition{value: val, isSet: true}
+}
+
+func (v NullablePolicyRuleAuthContextCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRuleAuthContextCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule_auth_context_type.go b/okta/model_policy_rule_auth_context_type.go
new file mode 100644
index 000000000..5f7d34c89
--- /dev/null
+++ b/okta/model_policy_rule_auth_context_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyRuleAuthContextType the model 'PolicyRuleAuthContextType'
+type PolicyRuleAuthContextType string
+
+// List of PolicyRuleAuthContextType
+const (
+	POLICYRULEAUTHCONTEXTTYPE_ANY    PolicyRuleAuthContextType = "ANY"
+	POLICYRULEAUTHCONTEXTTYPE_RADIUS PolicyRuleAuthContextType = "RADIUS"
+)
+
+// All allowed values of PolicyRuleAuthContextType enum
+var AllowedPolicyRuleAuthContextTypeEnumValues = []PolicyRuleAuthContextType{
+	"ANY",
+	"RADIUS",
+}
+
+func (v *PolicyRuleAuthContextType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyRuleAuthContextType(value)
+	for _, existing := range AllowedPolicyRuleAuthContextTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyRuleAuthContextType", value)
+}
+
+// NewPolicyRuleAuthContextTypeFromValue returns a pointer to a valid PolicyRuleAuthContextType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyRuleAuthContextTypeFromValue(v string) (*PolicyRuleAuthContextType, error) {
+	ev := PolicyRuleAuthContextType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyRuleAuthContextType: valid values are %v", v, AllowedPolicyRuleAuthContextTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyRuleAuthContextType) IsValid() bool {
+	for _, existing := range AllowedPolicyRuleAuthContextTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyRuleAuthContextType value
+func (v PolicyRuleAuthContextType) Ptr() *PolicyRuleAuthContextType {
+	return &v
+}
+
+type NullablePolicyRuleAuthContextType struct {
+	value *PolicyRuleAuthContextType
+	isSet bool
+}
+
+func (v NullablePolicyRuleAuthContextType) Get() *PolicyRuleAuthContextType {
+	return v.value
+}
+
+func (v *NullablePolicyRuleAuthContextType) Set(val *PolicyRuleAuthContextType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRuleAuthContextType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRuleAuthContextType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRuleAuthContextType(val *PolicyRuleAuthContextType) *NullablePolicyRuleAuthContextType {
+	return &NullablePolicyRuleAuthContextType{value: val, isSet: true}
+}
+
+func (v NullablePolicyRuleAuthContextType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRuleAuthContextType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule_conditions.go b/okta/model_policy_rule_conditions.go
new file mode 100644
index 000000000..e0c64c03f
--- /dev/null
+++ b/okta/model_policy_rule_conditions.go
@@ -0,0 +1,898 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyRuleConditions struct for PolicyRuleConditions
+type PolicyRuleConditions struct {
+	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
+	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
+	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
+	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
+	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
+	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
+	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
+	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
+	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
+	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
+	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
+	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
+	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
+	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
+	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
+	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
+	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
+	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
+	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
+	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
+	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _PolicyRuleConditions PolicyRuleConditions
+
+// NewPolicyRuleConditions instantiates a new PolicyRuleConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyRuleConditions() *PolicyRuleConditions {
+	this := PolicyRuleConditions{}
+	return &this
+}
+
+// NewPolicyRuleConditionsWithDefaults instantiates a new PolicyRuleConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyRuleConditionsWithDefaults() *PolicyRuleConditions {
+	this := PolicyRuleConditions{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetApp() AppAndInstancePolicyRuleCondition {
+	if o == nil || o.App == nil {
+		var ret AppAndInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetAppOk() (*AppAndInstancePolicyRuleCondition, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given AppAndInstancePolicyRuleCondition and assigns it to the App field.
+func (o *PolicyRuleConditions) SetApp(v AppAndInstancePolicyRuleCondition) {
+	o.App = &v
+}
+
+// GetApps returns the Apps field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetApps() AppInstancePolicyRuleCondition {
+	if o == nil || o.Apps == nil {
+		var ret AppInstancePolicyRuleCondition
+		return ret
+	}
+	return *o.Apps
+}
+
+// GetAppsOk returns a tuple with the Apps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetAppsOk() (*AppInstancePolicyRuleCondition, bool) {
+	if o == nil || o.Apps == nil {
+		return nil, false
+	}
+	return o.Apps, true
+}
+
+// HasApps returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasApps() bool {
+	if o != nil && o.Apps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApps gets a reference to the given AppInstancePolicyRuleCondition and assigns it to the Apps field.
+func (o *PolicyRuleConditions) SetApps(v AppInstancePolicyRuleCondition) {
+	o.Apps = &v
+}
+
+// GetAuthContext returns the AuthContext field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetAuthContext() PolicyRuleAuthContextCondition {
+	if o == nil || o.AuthContext == nil {
+		var ret PolicyRuleAuthContextCondition
+		return ret
+	}
+	return *o.AuthContext
+}
+
+// GetAuthContextOk returns a tuple with the AuthContext field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetAuthContextOk() (*PolicyRuleAuthContextCondition, bool) {
+	if o == nil || o.AuthContext == nil {
+		return nil, false
+	}
+	return o.AuthContext, true
+}
+
+// HasAuthContext returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasAuthContext() bool {
+	if o != nil && o.AuthContext != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthContext gets a reference to the given PolicyRuleAuthContextCondition and assigns it to the AuthContext field.
+func (o *PolicyRuleConditions) SetAuthContext(v PolicyRuleAuthContextCondition) {
+	o.AuthContext = &v
+}
+
+// GetAuthProvider returns the AuthProvider field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetAuthProvider() PasswordPolicyAuthenticationProviderCondition {
+	if o == nil || o.AuthProvider == nil {
+		var ret PasswordPolicyAuthenticationProviderCondition
+		return ret
+	}
+	return *o.AuthProvider
+}
+
+// GetAuthProviderOk returns a tuple with the AuthProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetAuthProviderOk() (*PasswordPolicyAuthenticationProviderCondition, bool) {
+	if o == nil || o.AuthProvider == nil {
+		return nil, false
+	}
+	return o.AuthProvider, true
+}
+
+// HasAuthProvider returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasAuthProvider() bool {
+	if o != nil && o.AuthProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthProvider gets a reference to the given PasswordPolicyAuthenticationProviderCondition and assigns it to the AuthProvider field.
+func (o *PolicyRuleConditions) SetAuthProvider(v PasswordPolicyAuthenticationProviderCondition) {
+	o.AuthProvider = &v
+}
+
+// GetBeforeScheduledAction returns the BeforeScheduledAction field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetBeforeScheduledAction() BeforeScheduledActionPolicyRuleCondition {
+	if o == nil || o.BeforeScheduledAction == nil {
+		var ret BeforeScheduledActionPolicyRuleCondition
+		return ret
+	}
+	return *o.BeforeScheduledAction
+}
+
+// GetBeforeScheduledActionOk returns a tuple with the BeforeScheduledAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetBeforeScheduledActionOk() (*BeforeScheduledActionPolicyRuleCondition, bool) {
+	if o == nil || o.BeforeScheduledAction == nil {
+		return nil, false
+	}
+	return o.BeforeScheduledAction, true
+}
+
+// HasBeforeScheduledAction returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasBeforeScheduledAction() bool {
+	if o != nil && o.BeforeScheduledAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBeforeScheduledAction gets a reference to the given BeforeScheduledActionPolicyRuleCondition and assigns it to the BeforeScheduledAction field.
+func (o *PolicyRuleConditions) SetBeforeScheduledAction(v BeforeScheduledActionPolicyRuleCondition) {
+	o.BeforeScheduledAction = &v
+}
+
+// GetClients returns the Clients field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetClients() ClientPolicyCondition {
+	if o == nil || o.Clients == nil {
+		var ret ClientPolicyCondition
+		return ret
+	}
+	return *o.Clients
+}
+
+// GetClientsOk returns a tuple with the Clients field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetClientsOk() (*ClientPolicyCondition, bool) {
+	if o == nil || o.Clients == nil {
+		return nil, false
+	}
+	return o.Clients, true
+}
+
+// HasClients returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasClients() bool {
+	if o != nil && o.Clients != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClients gets a reference to the given ClientPolicyCondition and assigns it to the Clients field.
+func (o *PolicyRuleConditions) SetClients(v ClientPolicyCondition) {
+	o.Clients = &v
+}
+
+// GetContext returns the Context field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetContext() ContextPolicyRuleCondition {
+	if o == nil || o.Context == nil {
+		var ret ContextPolicyRuleCondition
+		return ret
+	}
+	return *o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetContextOk() (*ContextPolicyRuleCondition, bool) {
+	if o == nil || o.Context == nil {
+		return nil, false
+	}
+	return o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasContext() bool {
+	if o != nil && o.Context != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetContext gets a reference to the given ContextPolicyRuleCondition and assigns it to the Context field.
+func (o *PolicyRuleConditions) SetContext(v ContextPolicyRuleCondition) {
+	o.Context = &v
+}
+
+// GetDevice returns the Device field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetDevice() DevicePolicyRuleCondition {
+	if o == nil || o.Device == nil {
+		var ret DevicePolicyRuleCondition
+		return ret
+	}
+	return *o.Device
+}
+
+// GetDeviceOk returns a tuple with the Device field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetDeviceOk() (*DevicePolicyRuleCondition, bool) {
+	if o == nil || o.Device == nil {
+		return nil, false
+	}
+	return o.Device, true
+}
+
+// HasDevice returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasDevice() bool {
+	if o != nil && o.Device != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDevice gets a reference to the given DevicePolicyRuleCondition and assigns it to the Device field.
+func (o *PolicyRuleConditions) SetDevice(v DevicePolicyRuleCondition) {
+	o.Device = &v
+}
+
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetGrantTypes() GrantTypePolicyRuleCondition {
+	if o == nil || o.GrantTypes == nil {
+		var ret GrantTypePolicyRuleCondition
+		return ret
+	}
+	return *o.GrantTypes
+}
+
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetGrantTypesOk() (*GrantTypePolicyRuleCondition, bool) {
+	if o == nil || o.GrantTypes == nil {
+		return nil, false
+	}
+	return o.GrantTypes, true
+}
+
+// HasGrantTypes returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasGrantTypes() bool {
+	if o != nil && o.GrantTypes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGrantTypes gets a reference to the given GrantTypePolicyRuleCondition and assigns it to the GrantTypes field.
+func (o *PolicyRuleConditions) SetGrantTypes(v GrantTypePolicyRuleCondition) {
+	o.GrantTypes = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetGroups() GroupPolicyRuleCondition {
+	if o == nil || o.Groups == nil {
+		var ret GroupPolicyRuleCondition
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetGroupsOk() (*GroupPolicyRuleCondition, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given GroupPolicyRuleCondition and assigns it to the Groups field.
+func (o *PolicyRuleConditions) SetGroups(v GroupPolicyRuleCondition) {
+	o.Groups = &v
+}
+
+// GetIdentityProvider returns the IdentityProvider field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetIdentityProvider() IdentityProviderPolicyRuleCondition {
+	if o == nil || o.IdentityProvider == nil {
+		var ret IdentityProviderPolicyRuleCondition
+		return ret
+	}
+	return *o.IdentityProvider
+}
+
+// GetIdentityProviderOk returns a tuple with the IdentityProvider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetIdentityProviderOk() (*IdentityProviderPolicyRuleCondition, bool) {
+	if o == nil || o.IdentityProvider == nil {
+		return nil, false
+	}
+	return o.IdentityProvider, true
+}
+
+// HasIdentityProvider returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasIdentityProvider() bool {
+	if o != nil && o.IdentityProvider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityProvider gets a reference to the given IdentityProviderPolicyRuleCondition and assigns it to the IdentityProvider field.
+func (o *PolicyRuleConditions) SetIdentityProvider(v IdentityProviderPolicyRuleCondition) {
+	o.IdentityProvider = &v
+}
+
+// GetMdmEnrollment returns the MdmEnrollment field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetMdmEnrollment() MDMEnrollmentPolicyRuleCondition {
+	if o == nil || o.MdmEnrollment == nil {
+		var ret MDMEnrollmentPolicyRuleCondition
+		return ret
+	}
+	return *o.MdmEnrollment
+}
+
+// GetMdmEnrollmentOk returns a tuple with the MdmEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetMdmEnrollmentOk() (*MDMEnrollmentPolicyRuleCondition, bool) {
+	if o == nil || o.MdmEnrollment == nil {
+		return nil, false
+	}
+	return o.MdmEnrollment, true
+}
+
+// HasMdmEnrollment returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasMdmEnrollment() bool {
+	if o != nil && o.MdmEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMdmEnrollment gets a reference to the given MDMEnrollmentPolicyRuleCondition and assigns it to the MdmEnrollment field.
+func (o *PolicyRuleConditions) SetMdmEnrollment(v MDMEnrollmentPolicyRuleCondition) {
+	o.MdmEnrollment = &v
+}
+
+// GetNetwork returns the Network field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetNetwork() PolicyNetworkCondition {
+	if o == nil || o.Network == nil {
+		var ret PolicyNetworkCondition
+		return ret
+	}
+	return *o.Network
+}
+
+// GetNetworkOk returns a tuple with the Network field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetNetworkOk() (*PolicyNetworkCondition, bool) {
+	if o == nil || o.Network == nil {
+		return nil, false
+	}
+	return o.Network, true
+}
+
+// HasNetwork returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasNetwork() bool {
+	if o != nil && o.Network != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNetwork gets a reference to the given PolicyNetworkCondition and assigns it to the Network field.
+func (o *PolicyRuleConditions) SetNetwork(v PolicyNetworkCondition) {
+	o.Network = &v
+}
+
+// GetPeople returns the People field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetPeople() PolicyPeopleCondition {
+	if o == nil || o.People == nil {
+		var ret PolicyPeopleCondition
+		return ret
+	}
+	return *o.People
+}
+
+// GetPeopleOk returns a tuple with the People field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetPeopleOk() (*PolicyPeopleCondition, bool) {
+	if o == nil || o.People == nil {
+		return nil, false
+	}
+	return o.People, true
+}
+
+// HasPeople returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasPeople() bool {
+	if o != nil && o.People != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPeople gets a reference to the given PolicyPeopleCondition and assigns it to the People field.
+func (o *PolicyRuleConditions) SetPeople(v PolicyPeopleCondition) {
+	o.People = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetPlatform() PlatformPolicyRuleCondition {
+	if o == nil || o.Platform == nil {
+		var ret PlatformPolicyRuleCondition
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetPlatformOk() (*PlatformPolicyRuleCondition, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given PlatformPolicyRuleCondition and assigns it to the Platform field.
+func (o *PolicyRuleConditions) SetPlatform(v PlatformPolicyRuleCondition) {
+	o.Platform = &v
+}
+
+// GetRisk returns the Risk field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetRisk() RiskPolicyRuleCondition {
+	if o == nil || o.Risk == nil {
+		var ret RiskPolicyRuleCondition
+		return ret
+	}
+	return *o.Risk
+}
+
+// GetRiskOk returns a tuple with the Risk field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetRiskOk() (*RiskPolicyRuleCondition, bool) {
+	if o == nil || o.Risk == nil {
+		return nil, false
+	}
+	return o.Risk, true
+}
+
+// HasRisk returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasRisk() bool {
+	if o != nil && o.Risk != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRisk gets a reference to the given RiskPolicyRuleCondition and assigns it to the Risk field.
+func (o *PolicyRuleConditions) SetRisk(v RiskPolicyRuleCondition) {
+	o.Risk = &v
+}
+
+// GetRiskScore returns the RiskScore field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetRiskScore() RiskScorePolicyRuleCondition {
+	if o == nil || o.RiskScore == nil {
+		var ret RiskScorePolicyRuleCondition
+		return ret
+	}
+	return *o.RiskScore
+}
+
+// GetRiskScoreOk returns a tuple with the RiskScore field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetRiskScoreOk() (*RiskScorePolicyRuleCondition, bool) {
+	if o == nil || o.RiskScore == nil {
+		return nil, false
+	}
+	return o.RiskScore, true
+}
+
+// HasRiskScore returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasRiskScore() bool {
+	if o != nil && o.RiskScore != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskScore gets a reference to the given RiskScorePolicyRuleCondition and assigns it to the RiskScore field.
+func (o *PolicyRuleConditions) SetRiskScore(v RiskScorePolicyRuleCondition) {
+	o.RiskScore = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetScopes() OAuth2ScopesMediationPolicyRuleCondition {
+	if o == nil || o.Scopes == nil {
+		var ret OAuth2ScopesMediationPolicyRuleCondition
+		return ret
+	}
+	return *o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetScopesOk() (*OAuth2ScopesMediationPolicyRuleCondition, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given OAuth2ScopesMediationPolicyRuleCondition and assigns it to the Scopes field.
+func (o *PolicyRuleConditions) SetScopes(v OAuth2ScopesMediationPolicyRuleCondition) {
+	o.Scopes = &v
+}
+
+// GetUserIdentifier returns the UserIdentifier field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetUserIdentifier() UserIdentifierPolicyRuleCondition {
+	if o == nil || o.UserIdentifier == nil {
+		var ret UserIdentifierPolicyRuleCondition
+		return ret
+	}
+	return *o.UserIdentifier
+}
+
+// GetUserIdentifierOk returns a tuple with the UserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetUserIdentifierOk() (*UserIdentifierPolicyRuleCondition, bool) {
+	if o == nil || o.UserIdentifier == nil {
+		return nil, false
+	}
+	return o.UserIdentifier, true
+}
+
+// HasUserIdentifier returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasUserIdentifier() bool {
+	if o != nil && o.UserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserIdentifier gets a reference to the given UserIdentifierPolicyRuleCondition and assigns it to the UserIdentifier field.
+func (o *PolicyRuleConditions) SetUserIdentifier(v UserIdentifierPolicyRuleCondition) {
+	o.UserIdentifier = &v
+}
+
+// GetUsers returns the Users field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetUsers() UserPolicyRuleCondition {
+	if o == nil || o.Users == nil {
+		var ret UserPolicyRuleCondition
+		return ret
+	}
+	return *o.Users
+}
+
+// GetUsersOk returns a tuple with the Users field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetUsersOk() (*UserPolicyRuleCondition, bool) {
+	if o == nil || o.Users == nil {
+		return nil, false
+	}
+	return o.Users, true
+}
+
+// HasUsers returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasUsers() bool {
+	if o != nil && o.Users != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsers gets a reference to the given UserPolicyRuleCondition and assigns it to the Users field.
+func (o *PolicyRuleConditions) SetUsers(v UserPolicyRuleCondition) {
+	o.Users = &v
+}
+
+// GetUserStatus returns the UserStatus field value if set, zero value otherwise.
+func (o *PolicyRuleConditions) GetUserStatus() UserStatusPolicyRuleCondition {
+	if o == nil || o.UserStatus == nil {
+		var ret UserStatusPolicyRuleCondition
+		return ret
+	}
+	return *o.UserStatus
+}
+
+// GetUserStatusOk returns a tuple with the UserStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyRuleConditions) GetUserStatusOk() (*UserStatusPolicyRuleCondition, bool) {
+	if o == nil || o.UserStatus == nil {
+		return nil, false
+	}
+	return o.UserStatus, true
+}
+
+// HasUserStatus returns a boolean if a field has been set.
+func (o *PolicyRuleConditions) HasUserStatus() bool {
+	if o != nil && o.UserStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserStatus gets a reference to the given UserStatusPolicyRuleCondition and assigns it to the UserStatus field.
+func (o *PolicyRuleConditions) SetUserStatus(v UserStatusPolicyRuleCondition) {
+	o.UserStatus = &v
+}
+
+func (o PolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.Apps != nil {
+		toSerialize["apps"] = o.Apps
+	}
+	if o.AuthContext != nil {
+		toSerialize["authContext"] = o.AuthContext
+	}
+	if o.AuthProvider != nil {
+		toSerialize["authProvider"] = o.AuthProvider
+	}
+	if o.BeforeScheduledAction != nil {
+		toSerialize["beforeScheduledAction"] = o.BeforeScheduledAction
+	}
+	if o.Clients != nil {
+		toSerialize["clients"] = o.Clients
+	}
+	if o.Context != nil {
+		toSerialize["context"] = o.Context
+	}
+	if o.Device != nil {
+		toSerialize["device"] = o.Device
+	}
+	if o.GrantTypes != nil {
+		toSerialize["grantTypes"] = o.GrantTypes
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.IdentityProvider != nil {
+		toSerialize["identityProvider"] = o.IdentityProvider
+	}
+	if o.MdmEnrollment != nil {
+		toSerialize["mdmEnrollment"] = o.MdmEnrollment
+	}
+	if o.Network != nil {
+		toSerialize["network"] = o.Network
+	}
+	if o.People != nil {
+		toSerialize["people"] = o.People
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Risk != nil {
+		toSerialize["risk"] = o.Risk
+	}
+	if o.RiskScore != nil {
+		toSerialize["riskScore"] = o.RiskScore
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.UserIdentifier != nil {
+		toSerialize["userIdentifier"] = o.UserIdentifier
+	}
+	if o.Users != nil {
+		toSerialize["users"] = o.Users
+	}
+	if o.UserStatus != nil {
+		toSerialize["userStatus"] = o.UserStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyRuleConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyRuleConditions := _PolicyRuleConditions{}
+
+	err = json.Unmarshal(bytes, &varPolicyRuleConditions)
+	if err == nil {
+		*o = PolicyRuleConditions(varPolicyRuleConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "apps")
+		delete(additionalProperties, "authContext")
+		delete(additionalProperties, "authProvider")
+		delete(additionalProperties, "beforeScheduledAction")
+		delete(additionalProperties, "clients")
+		delete(additionalProperties, "context")
+		delete(additionalProperties, "device")
+		delete(additionalProperties, "grantTypes")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "identityProvider")
+		delete(additionalProperties, "mdmEnrollment")
+		delete(additionalProperties, "network")
+		delete(additionalProperties, "people")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "risk")
+		delete(additionalProperties, "riskScore")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "userIdentifier")
+		delete(additionalProperties, "users")
+		delete(additionalProperties, "userStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyRuleConditions struct {
+	value *PolicyRuleConditions
+	isSet bool
+}
+
+func (v NullablePolicyRuleConditions) Get() *PolicyRuleConditions {
+	return v.value
+}
+
+func (v *NullablePolicyRuleConditions) Set(val *PolicyRuleConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRuleConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRuleConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRuleConditions(val *PolicyRuleConditions) *NullablePolicyRuleConditions {
+	return &NullablePolicyRuleConditions{value: val, isSet: true}
+}
+
+func (v NullablePolicyRuleConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRuleConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_rule_type.go b/okta/model_policy_rule_type.go
new file mode 100644
index 000000000..de451cda3
--- /dev/null
+++ b/okta/model_policy_rule_type.go
@@ -0,0 +1,134 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyRuleType the model 'PolicyRuleType'
+type PolicyRuleType string
+
+// List of PolicyRuleType
+const (
+	POLICYRULETYPE_ACCESS_POLICY      PolicyRuleType = "ACCESS_POLICY"
+	POLICYRULETYPE_IDP_DISCOVERY      PolicyRuleType = "IDP_DISCOVERY"
+	POLICYRULETYPE_MFA_ENROLL         PolicyRuleType = "MFA_ENROLL"
+	POLICYRULETYPE_PASSWORD           PolicyRuleType = "PASSWORD"
+	POLICYRULETYPE_PROFILE_ENROLLMENT PolicyRuleType = "PROFILE_ENROLLMENT"
+	POLICYRULETYPE_RESOURCE_ACCESS    PolicyRuleType = "RESOURCE_ACCESS"
+	POLICYRULETYPE_SIGN_ON            PolicyRuleType = "SIGN_ON"
+)
+
+// All allowed values of PolicyRuleType enum
+var AllowedPolicyRuleTypeEnumValues = []PolicyRuleType{
+	"ACCESS_POLICY",
+	"IDP_DISCOVERY",
+	"MFA_ENROLL",
+	"PASSWORD",
+	"PROFILE_ENROLLMENT",
+	"RESOURCE_ACCESS",
+	"SIGN_ON",
+}
+
+func (v *PolicyRuleType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyRuleType(value)
+	for _, existing := range AllowedPolicyRuleTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyRuleType", value)
+}
+
+// NewPolicyRuleTypeFromValue returns a pointer to a valid PolicyRuleType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyRuleTypeFromValue(v string) (*PolicyRuleType, error) {
+	ev := PolicyRuleType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyRuleType: valid values are %v", v, AllowedPolicyRuleTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyRuleType) IsValid() bool {
+	for _, existing := range AllowedPolicyRuleTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyRuleType value
+func (v PolicyRuleType) Ptr() *PolicyRuleType {
+	return &v
+}
+
+type NullablePolicyRuleType struct {
+	value *PolicyRuleType
+	isSet bool
+}
+
+func (v NullablePolicyRuleType) Get() *PolicyRuleType {
+	return v.value
+}
+
+func (v *NullablePolicyRuleType) Set(val *PolicyRuleType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyRuleType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyRuleType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyRuleType(val *PolicyRuleType) *NullablePolicyRuleType {
+	return &NullablePolicyRuleType{value: val, isSet: true}
+}
+
+func (v NullablePolicyRuleType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyRuleType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_subject.go b/okta/model_policy_subject.go
new file mode 100644
index 000000000..ec831bd9f
--- /dev/null
+++ b/okta/model_policy_subject.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicySubject struct for PolicySubject
+type PolicySubject struct {
+	Filter               *string                 `json:"filter,omitempty"`
+	Format               []string                `json:"format,omitempty"`
+	MatchAttribute       *string                 `json:"matchAttribute,omitempty"`
+	MatchType            *PolicySubjectMatchType `json:"matchType,omitempty"`
+	UserNameTemplate     *PolicyUserNameTemplate `json:"userNameTemplate,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicySubject PolicySubject
+
+// NewPolicySubject instantiates a new PolicySubject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicySubject() *PolicySubject {
+	this := PolicySubject{}
+	return &this
+}
+
+// NewPolicySubjectWithDefaults instantiates a new PolicySubject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicySubjectWithDefaults() *PolicySubject {
+	this := PolicySubject{}
+	return &this
+}
+
+// GetFilter returns the Filter field value if set, zero value otherwise.
+func (o *PolicySubject) GetFilter() string {
+	if o == nil || o.Filter == nil {
+		var ret string
+		return ret
+	}
+	return *o.Filter
+}
+
+// GetFilterOk returns a tuple with the Filter field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicySubject) GetFilterOk() (*string, bool) {
+	if o == nil || o.Filter == nil {
+		return nil, false
+	}
+	return o.Filter, true
+}
+
+// HasFilter returns a boolean if a field has been set.
+func (o *PolicySubject) HasFilter() bool {
+	if o != nil && o.Filter != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFilter gets a reference to the given string and assigns it to the Filter field.
+func (o *PolicySubject) SetFilter(v string) {
+	o.Filter = &v
+}
+
+// GetFormat returns the Format field value if set, zero value otherwise.
+func (o *PolicySubject) GetFormat() []string {
+	if o == nil || o.Format == nil {
+		var ret []string
+		return ret
+	}
+	return o.Format
+}
+
+// GetFormatOk returns a tuple with the Format field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicySubject) GetFormatOk() ([]string, bool) {
+	if o == nil || o.Format == nil {
+		return nil, false
+	}
+	return o.Format, true
+}
+
+// HasFormat returns a boolean if a field has been set.
+func (o *PolicySubject) HasFormat() bool {
+	if o != nil && o.Format != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFormat gets a reference to the given []string and assigns it to the Format field.
+func (o *PolicySubject) SetFormat(v []string) {
+	o.Format = v
+}
+
+// GetMatchAttribute returns the MatchAttribute field value if set, zero value otherwise.
+func (o *PolicySubject) GetMatchAttribute() string {
+	if o == nil || o.MatchAttribute == nil {
+		var ret string
+		return ret
+	}
+	return *o.MatchAttribute
+}
+
+// GetMatchAttributeOk returns a tuple with the MatchAttribute field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicySubject) GetMatchAttributeOk() (*string, bool) {
+	if o == nil || o.MatchAttribute == nil {
+		return nil, false
+	}
+	return o.MatchAttribute, true
+}
+
+// HasMatchAttribute returns a boolean if a field has been set.
+func (o *PolicySubject) HasMatchAttribute() bool {
+	if o != nil && o.MatchAttribute != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMatchAttribute gets a reference to the given string and assigns it to the MatchAttribute field.
+func (o *PolicySubject) SetMatchAttribute(v string) {
+	o.MatchAttribute = &v
+}
+
+// GetMatchType returns the MatchType field value if set, zero value otherwise.
+func (o *PolicySubject) GetMatchType() PolicySubjectMatchType {
+	if o == nil || o.MatchType == nil {
+		var ret PolicySubjectMatchType
+		return ret
+	}
+	return *o.MatchType
+}
+
+// GetMatchTypeOk returns a tuple with the MatchType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicySubject) GetMatchTypeOk() (*PolicySubjectMatchType, bool) {
+	if o == nil || o.MatchType == nil {
+		return nil, false
+	}
+	return o.MatchType, true
+}
+
+// HasMatchType returns a boolean if a field has been set.
+func (o *PolicySubject) HasMatchType() bool {
+	if o != nil && o.MatchType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMatchType gets a reference to the given PolicySubjectMatchType and assigns it to the MatchType field.
+func (o *PolicySubject) SetMatchType(v PolicySubjectMatchType) {
+	o.MatchType = &v
+}
+
+// GetUserNameTemplate returns the UserNameTemplate field value if set, zero value otherwise.
+func (o *PolicySubject) GetUserNameTemplate() PolicyUserNameTemplate {
+	if o == nil || o.UserNameTemplate == nil {
+		var ret PolicyUserNameTemplate
+		return ret
+	}
+	return *o.UserNameTemplate
+}
+
+// GetUserNameTemplateOk returns a tuple with the UserNameTemplate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicySubject) GetUserNameTemplateOk() (*PolicyUserNameTemplate, bool) {
+	if o == nil || o.UserNameTemplate == nil {
+		return nil, false
+	}
+	return o.UserNameTemplate, true
+}
+
+// HasUserNameTemplate returns a boolean if a field has been set.
+func (o *PolicySubject) HasUserNameTemplate() bool {
+	if o != nil && o.UserNameTemplate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserNameTemplate gets a reference to the given PolicyUserNameTemplate and assigns it to the UserNameTemplate field.
+func (o *PolicySubject) SetUserNameTemplate(v PolicyUserNameTemplate) {
+	o.UserNameTemplate = &v
+}
+
+func (o PolicySubject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Filter != nil {
+		toSerialize["filter"] = o.Filter
+	}
+	if o.Format != nil {
+		toSerialize["format"] = o.Format
+	}
+	if o.MatchAttribute != nil {
+		toSerialize["matchAttribute"] = o.MatchAttribute
+	}
+	if o.MatchType != nil {
+		toSerialize["matchType"] = o.MatchType
+	}
+	if o.UserNameTemplate != nil {
+		toSerialize["userNameTemplate"] = o.UserNameTemplate
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicySubject) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicySubject := _PolicySubject{}
+
+	err = json.Unmarshal(bytes, &varPolicySubject)
+	if err == nil {
+		*o = PolicySubject(varPolicySubject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "filter")
+		delete(additionalProperties, "format")
+		delete(additionalProperties, "matchAttribute")
+		delete(additionalProperties, "matchType")
+		delete(additionalProperties, "userNameTemplate")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicySubject struct {
+	value *PolicySubject
+	isSet bool
+}
+
+func (v NullablePolicySubject) Get() *PolicySubject {
+	return v.value
+}
+
+func (v *NullablePolicySubject) Set(val *PolicySubject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicySubject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicySubject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicySubject(val *PolicySubject) *NullablePolicySubject {
+	return &NullablePolicySubject{value: val, isSet: true}
+}
+
+func (v NullablePolicySubject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicySubject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_subject_match_type.go b/okta/model_policy_subject_match_type.go
new file mode 100644
index 000000000..a64c00ccf
--- /dev/null
+++ b/okta/model_policy_subject_match_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicySubjectMatchType the model 'PolicySubjectMatchType'
+type PolicySubjectMatchType string
+
+// List of PolicySubjectMatchType
+const (
+	POLICYSUBJECTMATCHTYPE_CUSTOM_ATTRIBUTE  PolicySubjectMatchType = "CUSTOM_ATTRIBUTE"
+	POLICYSUBJECTMATCHTYPE_EMAIL             PolicySubjectMatchType = "EMAIL"
+	POLICYSUBJECTMATCHTYPE_USERNAME          PolicySubjectMatchType = "USERNAME"
+	POLICYSUBJECTMATCHTYPE_USERNAME_OR_EMAIL PolicySubjectMatchType = "USERNAME_OR_EMAIL"
+)
+
+// All allowed values of PolicySubjectMatchType enum
+var AllowedPolicySubjectMatchTypeEnumValues = []PolicySubjectMatchType{
+	"CUSTOM_ATTRIBUTE",
+	"EMAIL",
+	"USERNAME",
+	"USERNAME_OR_EMAIL",
+}
+
+func (v *PolicySubjectMatchType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicySubjectMatchType(value)
+	for _, existing := range AllowedPolicySubjectMatchTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicySubjectMatchType", value)
+}
+
+// NewPolicySubjectMatchTypeFromValue returns a pointer to a valid PolicySubjectMatchType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicySubjectMatchTypeFromValue(v string) (*PolicySubjectMatchType, error) {
+	ev := PolicySubjectMatchType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicySubjectMatchType: valid values are %v", v, AllowedPolicySubjectMatchTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicySubjectMatchType) IsValid() bool {
+	for _, existing := range AllowedPolicySubjectMatchTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicySubjectMatchType value
+func (v PolicySubjectMatchType) Ptr() *PolicySubjectMatchType {
+	return &v
+}
+
+type NullablePolicySubjectMatchType struct {
+	value *PolicySubjectMatchType
+	isSet bool
+}
+
+func (v NullablePolicySubjectMatchType) Get() *PolicySubjectMatchType {
+	return v.value
+}
+
+func (v *NullablePolicySubjectMatchType) Set(val *PolicySubjectMatchType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicySubjectMatchType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicySubjectMatchType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicySubjectMatchType(val *PolicySubjectMatchType) *NullablePolicySubjectMatchType {
+	return &NullablePolicySubjectMatchType{value: val, isSet: true}
+}
+
+func (v NullablePolicySubjectMatchType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicySubjectMatchType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_type.go b/okta/model_policy_type.go
new file mode 100644
index 000000000..fc8e9fc9d
--- /dev/null
+++ b/okta/model_policy_type.go
@@ -0,0 +1,134 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyType the model 'PolicyType'
+type PolicyType string
+
+// List of PolicyType
+const (
+	POLICYTYPE_ACCESS_POLICY              PolicyType = "ACCESS_POLICY"
+	POLICYTYPE_IDP_DISCOVERY              PolicyType = "IDP_DISCOVERY"
+	POLICYTYPE_MFA_ENROLL                 PolicyType = "MFA_ENROLL"
+	POLICYTYPE_OAUTH_AUTHORIZATION_POLICY PolicyType = "OAUTH_AUTHORIZATION_POLICY"
+	POLICYTYPE_OKTA_SIGN_ON               PolicyType = "OKTA_SIGN_ON"
+	POLICYTYPE_PASSWORD                   PolicyType = "PASSWORD"
+	POLICYTYPE_PROFILE_ENROLLMENT         PolicyType = "PROFILE_ENROLLMENT"
+)
+
+// All allowed values of PolicyType enum
+var AllowedPolicyTypeEnumValues = []PolicyType{
+	"ACCESS_POLICY",
+	"IDP_DISCOVERY",
+	"MFA_ENROLL",
+	"OAUTH_AUTHORIZATION_POLICY",
+	"OKTA_SIGN_ON",
+	"PASSWORD",
+	"PROFILE_ENROLLMENT",
+}
+
+func (v *PolicyType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyType(value)
+	for _, existing := range AllowedPolicyTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyType", value)
+}
+
+// NewPolicyTypeFromValue returns a pointer to a valid PolicyType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyTypeFromValue(v string) (*PolicyType, error) {
+	ev := PolicyType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyType: valid values are %v", v, AllowedPolicyTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyType) IsValid() bool {
+	for _, existing := range AllowedPolicyTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyType value
+func (v PolicyType) Ptr() *PolicyType {
+	return &v
+}
+
+type NullablePolicyType struct {
+	value *PolicyType
+	isSet bool
+}
+
+func (v NullablePolicyType) Get() *PolicyType {
+	return v.value
+}
+
+func (v *NullablePolicyType) Set(val *PolicyType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyType(val *PolicyType) *NullablePolicyType {
+	return &NullablePolicyType{value: val, isSet: true}
+}
+
+func (v NullablePolicyType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_user_name_template.go b/okta/model_policy_user_name_template.go
new file mode 100644
index 000000000..6869ab2e2
--- /dev/null
+++ b/okta/model_policy_user_name_template.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PolicyUserNameTemplate struct for PolicyUserNameTemplate
+type PolicyUserNameTemplate struct {
+	Template             *string `json:"template,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PolicyUserNameTemplate PolicyUserNameTemplate
+
+// NewPolicyUserNameTemplate instantiates a new PolicyUserNameTemplate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPolicyUserNameTemplate() *PolicyUserNameTemplate {
+	this := PolicyUserNameTemplate{}
+	return &this
+}
+
+// NewPolicyUserNameTemplateWithDefaults instantiates a new PolicyUserNameTemplate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPolicyUserNameTemplateWithDefaults() *PolicyUserNameTemplate {
+	this := PolicyUserNameTemplate{}
+	return &this
+}
+
+// GetTemplate returns the Template field value if set, zero value otherwise.
+func (o *PolicyUserNameTemplate) GetTemplate() string {
+	if o == nil || o.Template == nil {
+		var ret string
+		return ret
+	}
+	return *o.Template
+}
+
+// GetTemplateOk returns a tuple with the Template field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PolicyUserNameTemplate) GetTemplateOk() (*string, bool) {
+	if o == nil || o.Template == nil {
+		return nil, false
+	}
+	return o.Template, true
+}
+
+// HasTemplate returns a boolean if a field has been set.
+func (o *PolicyUserNameTemplate) HasTemplate() bool {
+	if o != nil && o.Template != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTemplate gets a reference to the given string and assigns it to the Template field.
+func (o *PolicyUserNameTemplate) SetTemplate(v string) {
+	o.Template = &v
+}
+
+func (o PolicyUserNameTemplate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Template != nil {
+		toSerialize["template"] = o.Template
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PolicyUserNameTemplate) UnmarshalJSON(bytes []byte) (err error) {
+	varPolicyUserNameTemplate := _PolicyUserNameTemplate{}
+
+	err = json.Unmarshal(bytes, &varPolicyUserNameTemplate)
+	if err == nil {
+		*o = PolicyUserNameTemplate(varPolicyUserNameTemplate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "template")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePolicyUserNameTemplate struct {
+	value *PolicyUserNameTemplate
+	isSet bool
+}
+
+func (v NullablePolicyUserNameTemplate) Get() *PolicyUserNameTemplate {
+	return v.value
+}
+
+func (v *NullablePolicyUserNameTemplate) Set(val *PolicyUserNameTemplate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyUserNameTemplate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyUserNameTemplate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyUserNameTemplate(val *PolicyUserNameTemplate) *NullablePolicyUserNameTemplate {
+	return &NullablePolicyUserNameTemplate{value: val, isSet: true}
+}
+
+func (v NullablePolicyUserNameTemplate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyUserNameTemplate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_policy_user_status.go b/okta/model_policy_user_status.go
new file mode 100644
index 000000000..3e63c6ced
--- /dev/null
+++ b/okta/model_policy_user_status.go
@@ -0,0 +1,136 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PolicyUserStatus the model 'PolicyUserStatus'
+type PolicyUserStatus string
+
+// List of PolicyUserStatus
+const (
+	POLICYUSERSTATUS_ACTIVATING       PolicyUserStatus = "ACTIVATING"
+	POLICYUSERSTATUS_ACTIVE           PolicyUserStatus = "ACTIVE"
+	POLICYUSERSTATUS_DELETED          PolicyUserStatus = "DELETED"
+	POLICYUSERSTATUS_DELETING         PolicyUserStatus = "DELETING"
+	POLICYUSERSTATUS_EXPIRED_PASSWORD PolicyUserStatus = "EXPIRED_PASSWORD"
+	POLICYUSERSTATUS_INACTIVE         PolicyUserStatus = "INACTIVE"
+	POLICYUSERSTATUS_PENDING          PolicyUserStatus = "PENDING"
+	POLICYUSERSTATUS_SUSPENDED        PolicyUserStatus = "SUSPENDED"
+)
+
+// All allowed values of PolicyUserStatus enum
+var AllowedPolicyUserStatusEnumValues = []PolicyUserStatus{
+	"ACTIVATING",
+	"ACTIVE",
+	"DELETED",
+	"DELETING",
+	"EXPIRED_PASSWORD",
+	"INACTIVE",
+	"PENDING",
+	"SUSPENDED",
+}
+
+func (v *PolicyUserStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PolicyUserStatus(value)
+	for _, existing := range AllowedPolicyUserStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PolicyUserStatus", value)
+}
+
+// NewPolicyUserStatusFromValue returns a pointer to a valid PolicyUserStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPolicyUserStatusFromValue(v string) (*PolicyUserStatus, error) {
+	ev := PolicyUserStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PolicyUserStatus: valid values are %v", v, AllowedPolicyUserStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PolicyUserStatus) IsValid() bool {
+	for _, existing := range AllowedPolicyUserStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PolicyUserStatus value
+func (v PolicyUserStatus) Ptr() *PolicyUserStatus {
+	return &v
+}
+
+type NullablePolicyUserStatus struct {
+	value *PolicyUserStatus
+	isSet bool
+}
+
+func (v NullablePolicyUserStatus) Get() *PolicyUserStatus {
+	return v.value
+}
+
+func (v *NullablePolicyUserStatus) Set(val *PolicyUserStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePolicyUserStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePolicyUserStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePolicyUserStatus(val *PolicyUserStatus) *NullablePolicyUserStatus {
+	return &NullablePolicyUserStatus{value: val, isSet: true}
+}
+
+func (v NullablePolicyUserStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePolicyUserStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_possession_constraint.go b/okta/model_possession_constraint.go
new file mode 100644
index 000000000..a72eb732a
--- /dev/null
+++ b/okta/model_possession_constraint.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PossessionConstraint struct for PossessionConstraint
+type PossessionConstraint struct {
+	Methods              []string `json:"methods,omitempty"`
+	ReauthenticateIn     *string  `json:"reauthenticateIn,omitempty"`
+	Types                []string `json:"types,omitempty"`
+	DeviceBound          *string  `json:"deviceBound,omitempty"`
+	HardwareProtection   *string  `json:"hardwareProtection,omitempty"`
+	PhishingResistant    *string  `json:"phishingResistant,omitempty"`
+	UserPresence         *string  `json:"userPresence,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PossessionConstraint PossessionConstraint
+
+// NewPossessionConstraint instantiates a new PossessionConstraint object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPossessionConstraint() *PossessionConstraint {
+	this := PossessionConstraint{}
+	return &this
+}
+
+// NewPossessionConstraintWithDefaults instantiates a new PossessionConstraint object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPossessionConstraintWithDefaults() *PossessionConstraint {
+	this := PossessionConstraint{}
+	return &this
+}
+
+// GetMethods returns the Methods field value if set, zero value otherwise.
+func (o *PossessionConstraint) GetMethods() []string {
+	if o == nil || o.Methods == nil {
+		var ret []string
+		return ret
+	}
+	return o.Methods
+}
+
+// GetMethodsOk returns a tuple with the Methods field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraint) GetMethodsOk() ([]string, bool) {
+	if o == nil || o.Methods == nil {
+		return nil, false
+	}
+	return o.Methods, true
+}
+
+// HasMethods returns a boolean if a field has been set.
+func (o *PossessionConstraint) HasMethods() bool {
+	if o != nil && o.Methods != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMethods gets a reference to the given []string and assigns it to the Methods field.
+func (o *PossessionConstraint) SetMethods(v []string) {
+	o.Methods = v
+}
+
+// GetReauthenticateIn returns the ReauthenticateIn field value if set, zero value otherwise.
+func (o *PossessionConstraint) GetReauthenticateIn() string {
+	if o == nil || o.ReauthenticateIn == nil {
+		var ret string
+		return ret
+	}
+	return *o.ReauthenticateIn
+}
+
+// GetReauthenticateInOk returns a tuple with the ReauthenticateIn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraint) GetReauthenticateInOk() (*string, bool) {
+	if o == nil || o.ReauthenticateIn == nil {
+		return nil, false
+	}
+	return o.ReauthenticateIn, true
+}
+
+// HasReauthenticateIn returns a boolean if a field has been set.
+func (o *PossessionConstraint) HasReauthenticateIn() bool {
+	if o != nil && o.ReauthenticateIn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReauthenticateIn gets a reference to the given string and assigns it to the ReauthenticateIn field.
+func (o *PossessionConstraint) SetReauthenticateIn(v string) {
+	o.ReauthenticateIn = &v
+}
+
+// GetTypes returns the Types field value if set, zero value otherwise.
+func (o *PossessionConstraint) GetTypes() []string {
+	if o == nil || o.Types == nil {
+		var ret []string
+		return ret
+	}
+	return o.Types
+}
+
+// GetTypesOk returns a tuple with the Types field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraint) GetTypesOk() ([]string, bool) {
+	if o == nil || o.Types == nil {
+		return nil, false
+	}
+	return o.Types, true
+}
+
+// HasTypes returns a boolean if a field has been set.
+func (o *PossessionConstraint) HasTypes() bool {
+	if o != nil && o.Types != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTypes gets a reference to the given []string and assigns it to the Types field.
+func (o *PossessionConstraint) SetTypes(v []string) {
+	o.Types = v
+}
+
+// GetDeviceBound returns the DeviceBound field value if set, zero value otherwise.
+func (o *PossessionConstraint) GetDeviceBound() string {
+	if o == nil || o.DeviceBound == nil {
+		var ret string
+		return ret
+	}
+	return *o.DeviceBound
+}
+
+// GetDeviceBoundOk returns a tuple with the DeviceBound field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraint) GetDeviceBoundOk() (*string, bool) {
+	if o == nil || o.DeviceBound == nil {
+		return nil, false
+	}
+	return o.DeviceBound, true
+}
+
+// HasDeviceBound returns a boolean if a field has been set.
+func (o *PossessionConstraint) HasDeviceBound() bool {
+	if o != nil && o.DeviceBound != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeviceBound gets a reference to the given string and assigns it to the DeviceBound field.
+func (o *PossessionConstraint) SetDeviceBound(v string) {
+	o.DeviceBound = &v
+}
+
+// GetHardwareProtection returns the HardwareProtection field value if set, zero value otherwise.
+func (o *PossessionConstraint) GetHardwareProtection() string {
+	if o == nil || o.HardwareProtection == nil {
+		var ret string
+		return ret
+	}
+	return *o.HardwareProtection
+}
+
+// GetHardwareProtectionOk returns a tuple with the HardwareProtection field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraint) GetHardwareProtectionOk() (*string, bool) {
+	if o == nil || o.HardwareProtection == nil {
+		return nil, false
+	}
+	return o.HardwareProtection, true
+}
+
+// HasHardwareProtection returns a boolean if a field has been set.
+func (o *PossessionConstraint) HasHardwareProtection() bool {
+	if o != nil && o.HardwareProtection != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHardwareProtection gets a reference to the given string and assigns it to the HardwareProtection field.
+func (o *PossessionConstraint) SetHardwareProtection(v string) {
+	o.HardwareProtection = &v
+}
+
+// GetPhishingResistant returns the PhishingResistant field value if set, zero value otherwise.
+func (o *PossessionConstraint) GetPhishingResistant() string {
+	if o == nil || o.PhishingResistant == nil {
+		var ret string
+		return ret
+	}
+	return *o.PhishingResistant
+}
+
+// GetPhishingResistantOk returns a tuple with the PhishingResistant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraint) GetPhishingResistantOk() (*string, bool) {
+	if o == nil || o.PhishingResistant == nil {
+		return nil, false
+	}
+	return o.PhishingResistant, true
+}
+
+// HasPhishingResistant returns a boolean if a field has been set.
+func (o *PossessionConstraint) HasPhishingResistant() bool {
+	if o != nil && o.PhishingResistant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPhishingResistant gets a reference to the given string and assigns it to the PhishingResistant field.
+func (o *PossessionConstraint) SetPhishingResistant(v string) {
+	o.PhishingResistant = &v
+}
+
+// GetUserPresence returns the UserPresence field value if set, zero value otherwise.
+func (o *PossessionConstraint) GetUserPresence() string {
+	if o == nil || o.UserPresence == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserPresence
+}
+
+// GetUserPresenceOk returns a tuple with the UserPresence field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraint) GetUserPresenceOk() (*string, bool) {
+	if o == nil || o.UserPresence == nil {
+		return nil, false
+	}
+	return o.UserPresence, true
+}
+
+// HasUserPresence returns a boolean if a field has been set.
+func (o *PossessionConstraint) HasUserPresence() bool {
+	if o != nil && o.UserPresence != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserPresence gets a reference to the given string and assigns it to the UserPresence field.
+func (o *PossessionConstraint) SetUserPresence(v string) {
+	o.UserPresence = &v
+}
+
+func (o PossessionConstraint) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Methods != nil {
+		toSerialize["methods"] = o.Methods
+	}
+	if o.ReauthenticateIn != nil {
+		toSerialize["reauthenticateIn"] = o.ReauthenticateIn
+	}
+	if o.Types != nil {
+		toSerialize["types"] = o.Types
+	}
+	if o.DeviceBound != nil {
+		toSerialize["deviceBound"] = o.DeviceBound
+	}
+	if o.HardwareProtection != nil {
+		toSerialize["hardwareProtection"] = o.HardwareProtection
+	}
+	if o.PhishingResistant != nil {
+		toSerialize["phishingResistant"] = o.PhishingResistant
+	}
+	if o.UserPresence != nil {
+		toSerialize["userPresence"] = o.UserPresence
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PossessionConstraint) UnmarshalJSON(bytes []byte) (err error) {
+	varPossessionConstraint := _PossessionConstraint{}
+
+	err = json.Unmarshal(bytes, &varPossessionConstraint)
+	if err == nil {
+		*o = PossessionConstraint(varPossessionConstraint)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "methods")
+		delete(additionalProperties, "reauthenticateIn")
+		delete(additionalProperties, "types")
+		delete(additionalProperties, "deviceBound")
+		delete(additionalProperties, "hardwareProtection")
+		delete(additionalProperties, "phishingResistant")
+		delete(additionalProperties, "userPresence")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePossessionConstraint struct {
+	value *PossessionConstraint
+	isSet bool
+}
+
+func (v NullablePossessionConstraint) Get() *PossessionConstraint {
+	return v.value
+}
+
+func (v *NullablePossessionConstraint) Set(val *PossessionConstraint) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePossessionConstraint) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePossessionConstraint) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePossessionConstraint(val *PossessionConstraint) *NullablePossessionConstraint {
+	return &NullablePossessionConstraint{value: val, isSet: true}
+}
+
+func (v NullablePossessionConstraint) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePossessionConstraint) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_possession_constraint_all_of.go b/okta/model_possession_constraint_all_of.go
new file mode 100644
index 000000000..1d1747672
--- /dev/null
+++ b/okta/model_possession_constraint_all_of.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PossessionConstraintAllOf struct for PossessionConstraintAllOf
+type PossessionConstraintAllOf struct {
+	DeviceBound          *string `json:"deviceBound,omitempty"`
+	HardwareProtection   *string `json:"hardwareProtection,omitempty"`
+	PhishingResistant    *string `json:"phishingResistant,omitempty"`
+	UserPresence         *string `json:"userPresence,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PossessionConstraintAllOf PossessionConstraintAllOf
+
+// NewPossessionConstraintAllOf instantiates a new PossessionConstraintAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPossessionConstraintAllOf() *PossessionConstraintAllOf {
+	this := PossessionConstraintAllOf{}
+	return &this
+}
+
+// NewPossessionConstraintAllOfWithDefaults instantiates a new PossessionConstraintAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPossessionConstraintAllOfWithDefaults() *PossessionConstraintAllOf {
+	this := PossessionConstraintAllOf{}
+	return &this
+}
+
+// GetDeviceBound returns the DeviceBound field value if set, zero value otherwise.
+func (o *PossessionConstraintAllOf) GetDeviceBound() string {
+	if o == nil || o.DeviceBound == nil {
+		var ret string
+		return ret
+	}
+	return *o.DeviceBound
+}
+
+// GetDeviceBoundOk returns a tuple with the DeviceBound field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraintAllOf) GetDeviceBoundOk() (*string, bool) {
+	if o == nil || o.DeviceBound == nil {
+		return nil, false
+	}
+	return o.DeviceBound, true
+}
+
+// HasDeviceBound returns a boolean if a field has been set.
+func (o *PossessionConstraintAllOf) HasDeviceBound() bool {
+	if o != nil && o.DeviceBound != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeviceBound gets a reference to the given string and assigns it to the DeviceBound field.
+func (o *PossessionConstraintAllOf) SetDeviceBound(v string) {
+	o.DeviceBound = &v
+}
+
+// GetHardwareProtection returns the HardwareProtection field value if set, zero value otherwise.
+func (o *PossessionConstraintAllOf) GetHardwareProtection() string {
+	if o == nil || o.HardwareProtection == nil {
+		var ret string
+		return ret
+	}
+	return *o.HardwareProtection
+}
+
+// GetHardwareProtectionOk returns a tuple with the HardwareProtection field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraintAllOf) GetHardwareProtectionOk() (*string, bool) {
+	if o == nil || o.HardwareProtection == nil {
+		return nil, false
+	}
+	return o.HardwareProtection, true
+}
+
+// HasHardwareProtection returns a boolean if a field has been set.
+func (o *PossessionConstraintAllOf) HasHardwareProtection() bool {
+	if o != nil && o.HardwareProtection != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHardwareProtection gets a reference to the given string and assigns it to the HardwareProtection field.
+func (o *PossessionConstraintAllOf) SetHardwareProtection(v string) {
+	o.HardwareProtection = &v
+}
+
+// GetPhishingResistant returns the PhishingResistant field value if set, zero value otherwise.
+func (o *PossessionConstraintAllOf) GetPhishingResistant() string {
+	if o == nil || o.PhishingResistant == nil {
+		var ret string
+		return ret
+	}
+	return *o.PhishingResistant
+}
+
+// GetPhishingResistantOk returns a tuple with the PhishingResistant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraintAllOf) GetPhishingResistantOk() (*string, bool) {
+	if o == nil || o.PhishingResistant == nil {
+		return nil, false
+	}
+	return o.PhishingResistant, true
+}
+
+// HasPhishingResistant returns a boolean if a field has been set.
+func (o *PossessionConstraintAllOf) HasPhishingResistant() bool {
+	if o != nil && o.PhishingResistant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPhishingResistant gets a reference to the given string and assigns it to the PhishingResistant field.
+func (o *PossessionConstraintAllOf) SetPhishingResistant(v string) {
+	o.PhishingResistant = &v
+}
+
+// GetUserPresence returns the UserPresence field value if set, zero value otherwise.
+func (o *PossessionConstraintAllOf) GetUserPresence() string {
+	if o == nil || o.UserPresence == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserPresence
+}
+
+// GetUserPresenceOk returns a tuple with the UserPresence field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PossessionConstraintAllOf) GetUserPresenceOk() (*string, bool) {
+	if o == nil || o.UserPresence == nil {
+		return nil, false
+	}
+	return o.UserPresence, true
+}
+
+// HasUserPresence returns a boolean if a field has been set.
+func (o *PossessionConstraintAllOf) HasUserPresence() bool {
+	if o != nil && o.UserPresence != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserPresence gets a reference to the given string and assigns it to the UserPresence field.
+func (o *PossessionConstraintAllOf) SetUserPresence(v string) {
+	o.UserPresence = &v
+}
+
+func (o PossessionConstraintAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.DeviceBound != nil {
+		toSerialize["deviceBound"] = o.DeviceBound
+	}
+	if o.HardwareProtection != nil {
+		toSerialize["hardwareProtection"] = o.HardwareProtection
+	}
+	if o.PhishingResistant != nil {
+		toSerialize["phishingResistant"] = o.PhishingResistant
+	}
+	if o.UserPresence != nil {
+		toSerialize["userPresence"] = o.UserPresence
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PossessionConstraintAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varPossessionConstraintAllOf := _PossessionConstraintAllOf{}
+
+	err = json.Unmarshal(bytes, &varPossessionConstraintAllOf)
+	if err == nil {
+		*o = PossessionConstraintAllOf(varPossessionConstraintAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "deviceBound")
+		delete(additionalProperties, "hardwareProtection")
+		delete(additionalProperties, "phishingResistant")
+		delete(additionalProperties, "userPresence")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePossessionConstraintAllOf struct {
+	value *PossessionConstraintAllOf
+	isSet bool
+}
+
+func (v NullablePossessionConstraintAllOf) Get() *PossessionConstraintAllOf {
+	return v.value
+}
+
+func (v *NullablePossessionConstraintAllOf) Set(val *PossessionConstraintAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePossessionConstraintAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePossessionConstraintAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePossessionConstraintAllOf(val *PossessionConstraintAllOf) *NullablePossessionConstraintAllOf {
+	return &NullablePossessionConstraintAllOf{value: val, isSet: true}
+}
+
+func (v NullablePossessionConstraintAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePossessionConstraintAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_pre_registration_inline_hook.go b/okta/model_pre_registration_inline_hook.go
new file mode 100644
index 000000000..0a4644af7
--- /dev/null
+++ b/okta/model_pre_registration_inline_hook.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PreRegistrationInlineHook struct for PreRegistrationInlineHook
+type PreRegistrationInlineHook struct {
+	InlineHookId         *string `json:"inlineHookId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PreRegistrationInlineHook PreRegistrationInlineHook
+
+// NewPreRegistrationInlineHook instantiates a new PreRegistrationInlineHook object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPreRegistrationInlineHook() *PreRegistrationInlineHook {
+	this := PreRegistrationInlineHook{}
+	return &this
+}
+
+// NewPreRegistrationInlineHookWithDefaults instantiates a new PreRegistrationInlineHook object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPreRegistrationInlineHookWithDefaults() *PreRegistrationInlineHook {
+	this := PreRegistrationInlineHook{}
+	return &this
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *PreRegistrationInlineHook) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PreRegistrationInlineHook) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *PreRegistrationInlineHook) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *PreRegistrationInlineHook) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+func (o PreRegistrationInlineHook) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PreRegistrationInlineHook) UnmarshalJSON(bytes []byte) (err error) {
+	varPreRegistrationInlineHook := _PreRegistrationInlineHook{}
+
+	err = json.Unmarshal(bytes, &varPreRegistrationInlineHook)
+	if err == nil {
+		*o = PreRegistrationInlineHook(varPreRegistrationInlineHook)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "inlineHookId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePreRegistrationInlineHook struct {
+	value *PreRegistrationInlineHook
+	isSet bool
+}
+
+func (v NullablePreRegistrationInlineHook) Get() *PreRegistrationInlineHook {
+	return v.value
+}
+
+func (v *NullablePreRegistrationInlineHook) Set(val *PreRegistrationInlineHook) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePreRegistrationInlineHook) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePreRegistrationInlineHook) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePreRegistrationInlineHook(val *PreRegistrationInlineHook) *NullablePreRegistrationInlineHook {
+	return &NullablePreRegistrationInlineHook{value: val, isSet: true}
+}
+
+func (v NullablePreRegistrationInlineHook) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePreRegistrationInlineHook) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_principal_rate_limit_entity.go b/okta/model_principal_rate_limit_entity.go
new file mode 100644
index 000000000..fe8d83d35
--- /dev/null
+++ b/okta/model_principal_rate_limit_entity.go
@@ -0,0 +1,478 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// PrincipalRateLimitEntity
+type PrincipalRateLimitEntity struct {
+	CreatedBy                    *string       `json:"createdBy,omitempty"`
+	CreatedDate                  *time.Time    `json:"createdDate,omitempty"`
+	DefaultConcurrencyPercentage *int32        `json:"defaultConcurrencyPercentage,omitempty"`
+	DefaultPercentage            *int32        `json:"defaultPercentage,omitempty"`
+	Id                           *string       `json:"id,omitempty"`
+	LastUpdate                   *time.Time    `json:"lastUpdate,omitempty"`
+	LastUpdatedBy                *string       `json:"lastUpdatedBy,omitempty"`
+	OrgId                        *string       `json:"orgId,omitempty"`
+	PrincipalId                  string        `json:"principalId"`
+	PrincipalType                PrincipalType `json:"principalType"`
+	AdditionalProperties         map[string]interface{}
+}
+
+type _PrincipalRateLimitEntity PrincipalRateLimitEntity
+
+// NewPrincipalRateLimitEntity instantiates a new PrincipalRateLimitEntity object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPrincipalRateLimitEntity(principalId string, principalType PrincipalType) *PrincipalRateLimitEntity {
+	this := PrincipalRateLimitEntity{}
+	this.PrincipalId = principalId
+	this.PrincipalType = principalType
+	return &this
+}
+
+// NewPrincipalRateLimitEntityWithDefaults instantiates a new PrincipalRateLimitEntity object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPrincipalRateLimitEntityWithDefaults() *PrincipalRateLimitEntity {
+	this := PrincipalRateLimitEntity{}
+	return &this
+}
+
+// GetCreatedBy returns the CreatedBy field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetCreatedBy() string {
+	if o == nil || o.CreatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.CreatedBy
+}
+
+// GetCreatedByOk returns a tuple with the CreatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetCreatedByOk() (*string, bool) {
+	if o == nil || o.CreatedBy == nil {
+		return nil, false
+	}
+	return o.CreatedBy, true
+}
+
+// HasCreatedBy returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasCreatedBy() bool {
+	if o != nil && o.CreatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedBy gets a reference to the given string and assigns it to the CreatedBy field.
+func (o *PrincipalRateLimitEntity) SetCreatedBy(v string) {
+	o.CreatedBy = &v
+}
+
+// GetCreatedDate returns the CreatedDate field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetCreatedDate() time.Time {
+	if o == nil || o.CreatedDate == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.CreatedDate
+}
+
+// GetCreatedDateOk returns a tuple with the CreatedDate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetCreatedDateOk() (*time.Time, bool) {
+	if o == nil || o.CreatedDate == nil {
+		return nil, false
+	}
+	return o.CreatedDate, true
+}
+
+// HasCreatedDate returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasCreatedDate() bool {
+	if o != nil && o.CreatedDate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedDate gets a reference to the given time.Time and assigns it to the CreatedDate field.
+func (o *PrincipalRateLimitEntity) SetCreatedDate(v time.Time) {
+	o.CreatedDate = &v
+}
+
+// GetDefaultConcurrencyPercentage returns the DefaultConcurrencyPercentage field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetDefaultConcurrencyPercentage() int32 {
+	if o == nil || o.DefaultConcurrencyPercentage == nil {
+		var ret int32
+		return ret
+	}
+	return *o.DefaultConcurrencyPercentage
+}
+
+// GetDefaultConcurrencyPercentageOk returns a tuple with the DefaultConcurrencyPercentage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetDefaultConcurrencyPercentageOk() (*int32, bool) {
+	if o == nil || o.DefaultConcurrencyPercentage == nil {
+		return nil, false
+	}
+	return o.DefaultConcurrencyPercentage, true
+}
+
+// HasDefaultConcurrencyPercentage returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasDefaultConcurrencyPercentage() bool {
+	if o != nil && o.DefaultConcurrencyPercentage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefaultConcurrencyPercentage gets a reference to the given int32 and assigns it to the DefaultConcurrencyPercentage field.
+func (o *PrincipalRateLimitEntity) SetDefaultConcurrencyPercentage(v int32) {
+	o.DefaultConcurrencyPercentage = &v
+}
+
+// GetDefaultPercentage returns the DefaultPercentage field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetDefaultPercentage() int32 {
+	if o == nil || o.DefaultPercentage == nil {
+		var ret int32
+		return ret
+	}
+	return *o.DefaultPercentage
+}
+
+// GetDefaultPercentageOk returns a tuple with the DefaultPercentage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetDefaultPercentageOk() (*int32, bool) {
+	if o == nil || o.DefaultPercentage == nil {
+		return nil, false
+	}
+	return o.DefaultPercentage, true
+}
+
+// HasDefaultPercentage returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasDefaultPercentage() bool {
+	if o != nil && o.DefaultPercentage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefaultPercentage gets a reference to the given int32 and assigns it to the DefaultPercentage field.
+func (o *PrincipalRateLimitEntity) SetDefaultPercentage(v int32) {
+	o.DefaultPercentage = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *PrincipalRateLimitEntity) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdate returns the LastUpdate field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetLastUpdate() time.Time {
+	if o == nil || o.LastUpdate == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdate
+}
+
+// GetLastUpdateOk returns a tuple with the LastUpdate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetLastUpdateOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdate == nil {
+		return nil, false
+	}
+	return o.LastUpdate, true
+}
+
+// HasLastUpdate returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasLastUpdate() bool {
+	if o != nil && o.LastUpdate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdate gets a reference to the given time.Time and assigns it to the LastUpdate field.
+func (o *PrincipalRateLimitEntity) SetLastUpdate(v time.Time) {
+	o.LastUpdate = &v
+}
+
+// GetLastUpdatedBy returns the LastUpdatedBy field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetLastUpdatedBy() string {
+	if o == nil || o.LastUpdatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdatedBy
+}
+
+// GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetLastUpdatedByOk() (*string, bool) {
+	if o == nil || o.LastUpdatedBy == nil {
+		return nil, false
+	}
+	return o.LastUpdatedBy, true
+}
+
+// HasLastUpdatedBy returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasLastUpdatedBy() bool {
+	if o != nil && o.LastUpdatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdatedBy gets a reference to the given string and assigns it to the LastUpdatedBy field.
+func (o *PrincipalRateLimitEntity) SetLastUpdatedBy(v string) {
+	o.LastUpdatedBy = &v
+}
+
+// GetOrgId returns the OrgId field value if set, zero value otherwise.
+func (o *PrincipalRateLimitEntity) GetOrgId() string {
+	if o == nil || o.OrgId == nil {
+		var ret string
+		return ret
+	}
+	return *o.OrgId
+}
+
+// GetOrgIdOk returns a tuple with the OrgId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetOrgIdOk() (*string, bool) {
+	if o == nil || o.OrgId == nil {
+		return nil, false
+	}
+	return o.OrgId, true
+}
+
+// HasOrgId returns a boolean if a field has been set.
+func (o *PrincipalRateLimitEntity) HasOrgId() bool {
+	if o != nil && o.OrgId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOrgId gets a reference to the given string and assigns it to the OrgId field.
+func (o *PrincipalRateLimitEntity) SetOrgId(v string) {
+	o.OrgId = &v
+}
+
+// GetPrincipalId returns the PrincipalId field value
+func (o *PrincipalRateLimitEntity) GetPrincipalId() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.PrincipalId
+}
+
+// GetPrincipalIdOk returns a tuple with the PrincipalId field value
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetPrincipalIdOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.PrincipalId, true
+}
+
+// SetPrincipalId sets field value
+func (o *PrincipalRateLimitEntity) SetPrincipalId(v string) {
+	o.PrincipalId = v
+}
+
+// GetPrincipalType returns the PrincipalType field value
+func (o *PrincipalRateLimitEntity) GetPrincipalType() PrincipalType {
+	if o == nil {
+		var ret PrincipalType
+		return ret
+	}
+
+	return o.PrincipalType
+}
+
+// GetPrincipalTypeOk returns a tuple with the PrincipalType field value
+// and a boolean to check if the value has been set.
+func (o *PrincipalRateLimitEntity) GetPrincipalTypeOk() (*PrincipalType, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.PrincipalType, true
+}
+
+// SetPrincipalType sets field value
+func (o *PrincipalRateLimitEntity) SetPrincipalType(v PrincipalType) {
+	o.PrincipalType = v
+}
+
+func (o PrincipalRateLimitEntity) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CreatedBy != nil {
+		toSerialize["createdBy"] = o.CreatedBy
+	}
+	if o.CreatedDate != nil {
+		toSerialize["createdDate"] = o.CreatedDate
+	}
+	if o.DefaultConcurrencyPercentage != nil {
+		toSerialize["defaultConcurrencyPercentage"] = o.DefaultConcurrencyPercentage
+	}
+	if o.DefaultPercentage != nil {
+		toSerialize["defaultPercentage"] = o.DefaultPercentage
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdate != nil {
+		toSerialize["lastUpdate"] = o.LastUpdate
+	}
+	if o.LastUpdatedBy != nil {
+		toSerialize["lastUpdatedBy"] = o.LastUpdatedBy
+	}
+	if o.OrgId != nil {
+		toSerialize["orgId"] = o.OrgId
+	}
+	if true {
+		toSerialize["principalId"] = o.PrincipalId
+	}
+	if true {
+		toSerialize["principalType"] = o.PrincipalType
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PrincipalRateLimitEntity) UnmarshalJSON(bytes []byte) (err error) {
+	varPrincipalRateLimitEntity := _PrincipalRateLimitEntity{}
+
+	err = json.Unmarshal(bytes, &varPrincipalRateLimitEntity)
+	if err == nil {
+		*o = PrincipalRateLimitEntity(varPrincipalRateLimitEntity)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "createdBy")
+		delete(additionalProperties, "createdDate")
+		delete(additionalProperties, "defaultConcurrencyPercentage")
+		delete(additionalProperties, "defaultPercentage")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdate")
+		delete(additionalProperties, "lastUpdatedBy")
+		delete(additionalProperties, "orgId")
+		delete(additionalProperties, "principalId")
+		delete(additionalProperties, "principalType")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePrincipalRateLimitEntity struct {
+	value *PrincipalRateLimitEntity
+	isSet bool
+}
+
+func (v NullablePrincipalRateLimitEntity) Get() *PrincipalRateLimitEntity {
+	return v.value
+}
+
+func (v *NullablePrincipalRateLimitEntity) Set(val *PrincipalRateLimitEntity) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePrincipalRateLimitEntity) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePrincipalRateLimitEntity) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePrincipalRateLimitEntity(val *PrincipalRateLimitEntity) *NullablePrincipalRateLimitEntity {
+	return &NullablePrincipalRateLimitEntity{value: val, isSet: true}
+}
+
+func (v NullablePrincipalRateLimitEntity) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePrincipalRateLimitEntity) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_principal_type.go b/okta/model_principal_type.go
new file mode 100644
index 000000000..853c0efec
--- /dev/null
+++ b/okta/model_principal_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// PrincipalType the model 'PrincipalType'
+type PrincipalType string
+
+// List of PrincipalType
+const (
+	PRINCIPALTYPE_SSWS_TOKEN PrincipalType = "SSWS_TOKEN"
+)
+
+// All allowed values of PrincipalType enum
+var AllowedPrincipalTypeEnumValues = []PrincipalType{
+	"SSWS_TOKEN",
+}
+
+func (v *PrincipalType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := PrincipalType(value)
+	for _, existing := range AllowedPrincipalTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid PrincipalType", value)
+}
+
+// NewPrincipalTypeFromValue returns a pointer to a valid PrincipalType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewPrincipalTypeFromValue(v string) (*PrincipalType, error) {
+	ev := PrincipalType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for PrincipalType: valid values are %v", v, AllowedPrincipalTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v PrincipalType) IsValid() bool {
+	for _, existing := range AllowedPrincipalTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to PrincipalType value
+func (v PrincipalType) Ptr() *PrincipalType {
+	return &v
+}
+
+type NullablePrincipalType struct {
+	value *PrincipalType
+	isSet bool
+}
+
+func (v NullablePrincipalType) Get() *PrincipalType {
+	return v.value
+}
+
+func (v *NullablePrincipalType) Set(val *PrincipalType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePrincipalType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePrincipalType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePrincipalType(val *PrincipalType) *NullablePrincipalType {
+	return &NullablePrincipalType{value: val, isSet: true}
+}
+
+func (v NullablePrincipalType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePrincipalType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy.go b/okta/model_profile_enrollment_policy.go
new file mode 100644
index 000000000..3034beef1
--- /dev/null
+++ b/okta/model_profile_enrollment_policy.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// ProfileEnrollmentPolicy struct for ProfileEnrollmentPolicy
+type ProfileEnrollmentPolicy struct {
+	Policy
+	Conditions           *PolicyRuleConditions `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicy ProfileEnrollmentPolicy
+
+// NewProfileEnrollmentPolicy instantiates a new ProfileEnrollmentPolicy object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicy() *ProfileEnrollmentPolicy {
+	this := ProfileEnrollmentPolicy{}
+	return &this
+}
+
+// NewProfileEnrollmentPolicyWithDefaults instantiates a new ProfileEnrollmentPolicy object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyWithDefaults() *ProfileEnrollmentPolicy {
+	this := ProfileEnrollmentPolicy{}
+	return &this
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicy) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicy) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicy) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *ProfileEnrollmentPolicy) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o ProfileEnrollmentPolicy) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicy, errPolicy := json.Marshal(o.Policy)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	errPolicy = json.Unmarshal([]byte(serializedPolicy), &toSerialize)
+	if errPolicy != nil {
+		return []byte{}, errPolicy
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicy) UnmarshalJSON(bytes []byte) (err error) {
+	type ProfileEnrollmentPolicyWithoutEmbeddedStruct struct {
+		Conditions *PolicyRuleConditions `json:"conditions,omitempty"`
+	}
+
+	varProfileEnrollmentPolicyWithoutEmbeddedStruct := ProfileEnrollmentPolicyWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyWithoutEmbeddedStruct)
+	if err == nil {
+		varProfileEnrollmentPolicy := _ProfileEnrollmentPolicy{}
+		varProfileEnrollmentPolicy.Conditions = varProfileEnrollmentPolicyWithoutEmbeddedStruct.Conditions
+		*o = ProfileEnrollmentPolicy(varProfileEnrollmentPolicy)
+	} else {
+		return err
+	}
+
+	varProfileEnrollmentPolicy := _ProfileEnrollmentPolicy{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicy)
+	if err == nil {
+		o.Policy = varProfileEnrollmentPolicy.Policy
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicy := reflect.ValueOf(o.Policy)
+		for i := 0; i < reflectPolicy.Type().NumField(); i++ {
+			t := reflectPolicy.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicy struct {
+	value *ProfileEnrollmentPolicy
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicy) Get() *ProfileEnrollmentPolicy {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicy) Set(val *ProfileEnrollmentPolicy) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicy) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicy) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicy(val *ProfileEnrollmentPolicy) *NullableProfileEnrollmentPolicy {
+	return &NullableProfileEnrollmentPolicy{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicy) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicy) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy_rule.go b/okta/model_profile_enrollment_policy_rule.go
new file mode 100644
index 000000000..48ffa52ac
--- /dev/null
+++ b/okta/model_profile_enrollment_policy_rule.go
@@ -0,0 +1,244 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// ProfileEnrollmentPolicyRule struct for ProfileEnrollmentPolicyRule
+type ProfileEnrollmentPolicyRule struct {
+	PolicyRule
+	Actions              *ProfileEnrollmentPolicyRuleActions `json:"actions,omitempty"`
+	Conditions           *PolicyRuleConditions               `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicyRule ProfileEnrollmentPolicyRule
+
+// NewProfileEnrollmentPolicyRule instantiates a new ProfileEnrollmentPolicyRule object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicyRule() *ProfileEnrollmentPolicyRule {
+	this := ProfileEnrollmentPolicyRule{}
+	var system bool = false
+	this.System = &system
+	return &this
+}
+
+// NewProfileEnrollmentPolicyRuleWithDefaults instantiates a new ProfileEnrollmentPolicyRule object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyRuleWithDefaults() *ProfileEnrollmentPolicyRule {
+	this := ProfileEnrollmentPolicyRule{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRule) GetActions() ProfileEnrollmentPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret ProfileEnrollmentPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRule) GetActionsOk() (*ProfileEnrollmentPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRule) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given ProfileEnrollmentPolicyRuleActions and assigns it to the Actions field.
+func (o *ProfileEnrollmentPolicyRule) SetActions(v ProfileEnrollmentPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRule) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRule) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRule) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *ProfileEnrollmentPolicyRule) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o ProfileEnrollmentPolicyRule) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedPolicyRule, errPolicyRule := json.Marshal(o.PolicyRule)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	errPolicyRule = json.Unmarshal([]byte(serializedPolicyRule), &toSerialize)
+	if errPolicyRule != nil {
+		return []byte{}, errPolicyRule
+	}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicyRule) UnmarshalJSON(bytes []byte) (err error) {
+	type ProfileEnrollmentPolicyRuleWithoutEmbeddedStruct struct {
+		Actions    *ProfileEnrollmentPolicyRuleActions `json:"actions,omitempty"`
+		Conditions *PolicyRuleConditions               `json:"conditions,omitempty"`
+	}
+
+	varProfileEnrollmentPolicyRuleWithoutEmbeddedStruct := ProfileEnrollmentPolicyRuleWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRuleWithoutEmbeddedStruct)
+	if err == nil {
+		varProfileEnrollmentPolicyRule := _ProfileEnrollmentPolicyRule{}
+		varProfileEnrollmentPolicyRule.Actions = varProfileEnrollmentPolicyRuleWithoutEmbeddedStruct.Actions
+		varProfileEnrollmentPolicyRule.Conditions = varProfileEnrollmentPolicyRuleWithoutEmbeddedStruct.Conditions
+		*o = ProfileEnrollmentPolicyRule(varProfileEnrollmentPolicyRule)
+	} else {
+		return err
+	}
+
+	varProfileEnrollmentPolicyRule := _ProfileEnrollmentPolicyRule{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRule)
+	if err == nil {
+		o.PolicyRule = varProfileEnrollmentPolicyRule.PolicyRule
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+
+		// remove fields from embedded structs
+		reflectPolicyRule := reflect.ValueOf(o.PolicyRule)
+		for i := 0; i < reflectPolicyRule.Type().NumField(); i++ {
+			t := reflectPolicyRule.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicyRule struct {
+	value *ProfileEnrollmentPolicyRule
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicyRule) Get() *ProfileEnrollmentPolicyRule {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicyRule) Set(val *ProfileEnrollmentPolicyRule) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicyRule) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicyRule) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicyRule(val *ProfileEnrollmentPolicyRule) *NullableProfileEnrollmentPolicyRule {
+	return &NullableProfileEnrollmentPolicyRule{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicyRule) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicyRule) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy_rule_action.go b/okta/model_profile_enrollment_policy_rule_action.go
new file mode 100644
index 000000000..562637756
--- /dev/null
+++ b/okta/model_profile_enrollment_policy_rule_action.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileEnrollmentPolicyRuleAction struct for ProfileEnrollmentPolicyRuleAction
+type ProfileEnrollmentPolicyRuleAction struct {
+	Access                     *string                                           `json:"access,omitempty"`
+	ActivationRequirements     *ProfileEnrollmentPolicyRuleActivationRequirement `json:"activationRequirements,omitempty"`
+	PreRegistrationInlineHooks []PreRegistrationInlineHook                       `json:"preRegistrationInlineHooks,omitempty"`
+	ProfileAttributes          []ProfileEnrollmentPolicyRuleProfileAttribute     `json:"profileAttributes,omitempty"`
+	TargetGroupIds             []string                                          `json:"targetGroupIds,omitempty"`
+	UnknownUserAction          *string                                           `json:"unknownUserAction,omitempty"`
+	AdditionalProperties       map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicyRuleAction ProfileEnrollmentPolicyRuleAction
+
+// NewProfileEnrollmentPolicyRuleAction instantiates a new ProfileEnrollmentPolicyRuleAction object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicyRuleAction() *ProfileEnrollmentPolicyRuleAction {
+	this := ProfileEnrollmentPolicyRuleAction{}
+	return &this
+}
+
+// NewProfileEnrollmentPolicyRuleActionWithDefaults instantiates a new ProfileEnrollmentPolicyRuleAction object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyRuleActionWithDefaults() *ProfileEnrollmentPolicyRuleAction {
+	this := ProfileEnrollmentPolicyRuleAction{}
+	return &this
+}
+
+// GetAccess returns the Access field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAction) GetAccess() string {
+	if o == nil || o.Access == nil {
+		var ret string
+		return ret
+	}
+	return *o.Access
+}
+
+// GetAccessOk returns a tuple with the Access field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) GetAccessOk() (*string, bool) {
+	if o == nil || o.Access == nil {
+		return nil, false
+	}
+	return o.Access, true
+}
+
+// HasAccess returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) HasAccess() bool {
+	if o != nil && o.Access != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccess gets a reference to the given string and assigns it to the Access field.
+func (o *ProfileEnrollmentPolicyRuleAction) SetAccess(v string) {
+	o.Access = &v
+}
+
+// GetActivationRequirements returns the ActivationRequirements field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAction) GetActivationRequirements() ProfileEnrollmentPolicyRuleActivationRequirement {
+	if o == nil || o.ActivationRequirements == nil {
+		var ret ProfileEnrollmentPolicyRuleActivationRequirement
+		return ret
+	}
+	return *o.ActivationRequirements
+}
+
+// GetActivationRequirementsOk returns a tuple with the ActivationRequirements field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) GetActivationRequirementsOk() (*ProfileEnrollmentPolicyRuleActivationRequirement, bool) {
+	if o == nil || o.ActivationRequirements == nil {
+		return nil, false
+	}
+	return o.ActivationRequirements, true
+}
+
+// HasActivationRequirements returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) HasActivationRequirements() bool {
+	if o != nil && o.ActivationRequirements != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActivationRequirements gets a reference to the given ProfileEnrollmentPolicyRuleActivationRequirement and assigns it to the ActivationRequirements field.
+func (o *ProfileEnrollmentPolicyRuleAction) SetActivationRequirements(v ProfileEnrollmentPolicyRuleActivationRequirement) {
+	o.ActivationRequirements = &v
+}
+
+// GetPreRegistrationInlineHooks returns the PreRegistrationInlineHooks field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAction) GetPreRegistrationInlineHooks() []PreRegistrationInlineHook {
+	if o == nil || o.PreRegistrationInlineHooks == nil {
+		var ret []PreRegistrationInlineHook
+		return ret
+	}
+	return o.PreRegistrationInlineHooks
+}
+
+// GetPreRegistrationInlineHooksOk returns a tuple with the PreRegistrationInlineHooks field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) GetPreRegistrationInlineHooksOk() ([]PreRegistrationInlineHook, bool) {
+	if o == nil || o.PreRegistrationInlineHooks == nil {
+		return nil, false
+	}
+	return o.PreRegistrationInlineHooks, true
+}
+
+// HasPreRegistrationInlineHooks returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) HasPreRegistrationInlineHooks() bool {
+	if o != nil && o.PreRegistrationInlineHooks != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreRegistrationInlineHooks gets a reference to the given []PreRegistrationInlineHook and assigns it to the PreRegistrationInlineHooks field.
+func (o *ProfileEnrollmentPolicyRuleAction) SetPreRegistrationInlineHooks(v []PreRegistrationInlineHook) {
+	o.PreRegistrationInlineHooks = v
+}
+
+// GetProfileAttributes returns the ProfileAttributes field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAction) GetProfileAttributes() []ProfileEnrollmentPolicyRuleProfileAttribute {
+	if o == nil || o.ProfileAttributes == nil {
+		var ret []ProfileEnrollmentPolicyRuleProfileAttribute
+		return ret
+	}
+	return o.ProfileAttributes
+}
+
+// GetProfileAttributesOk returns a tuple with the ProfileAttributes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) GetProfileAttributesOk() ([]ProfileEnrollmentPolicyRuleProfileAttribute, bool) {
+	if o == nil || o.ProfileAttributes == nil {
+		return nil, false
+	}
+	return o.ProfileAttributes, true
+}
+
+// HasProfileAttributes returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) HasProfileAttributes() bool {
+	if o != nil && o.ProfileAttributes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfileAttributes gets a reference to the given []ProfileEnrollmentPolicyRuleProfileAttribute and assigns it to the ProfileAttributes field.
+func (o *ProfileEnrollmentPolicyRuleAction) SetProfileAttributes(v []ProfileEnrollmentPolicyRuleProfileAttribute) {
+	o.ProfileAttributes = v
+}
+
+// GetTargetGroupIds returns the TargetGroupIds field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAction) GetTargetGroupIds() []string {
+	if o == nil || o.TargetGroupIds == nil {
+		var ret []string
+		return ret
+	}
+	return o.TargetGroupIds
+}
+
+// GetTargetGroupIdsOk returns a tuple with the TargetGroupIds field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) GetTargetGroupIdsOk() ([]string, bool) {
+	if o == nil || o.TargetGroupIds == nil {
+		return nil, false
+	}
+	return o.TargetGroupIds, true
+}
+
+// HasTargetGroupIds returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) HasTargetGroupIds() bool {
+	if o != nil && o.TargetGroupIds != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTargetGroupIds gets a reference to the given []string and assigns it to the TargetGroupIds field.
+func (o *ProfileEnrollmentPolicyRuleAction) SetTargetGroupIds(v []string) {
+	o.TargetGroupIds = v
+}
+
+// GetUnknownUserAction returns the UnknownUserAction field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAction) GetUnknownUserAction() string {
+	if o == nil || o.UnknownUserAction == nil {
+		var ret string
+		return ret
+	}
+	return *o.UnknownUserAction
+}
+
+// GetUnknownUserActionOk returns a tuple with the UnknownUserAction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) GetUnknownUserActionOk() (*string, bool) {
+	if o == nil || o.UnknownUserAction == nil {
+		return nil, false
+	}
+	return o.UnknownUserAction, true
+}
+
+// HasUnknownUserAction returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAction) HasUnknownUserAction() bool {
+	if o != nil && o.UnknownUserAction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnknownUserAction gets a reference to the given string and assigns it to the UnknownUserAction field.
+func (o *ProfileEnrollmentPolicyRuleAction) SetUnknownUserAction(v string) {
+	o.UnknownUserAction = &v
+}
+
+func (o ProfileEnrollmentPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Access != nil {
+		toSerialize["access"] = o.Access
+	}
+	if o.ActivationRequirements != nil {
+		toSerialize["activationRequirements"] = o.ActivationRequirements
+	}
+	if o.PreRegistrationInlineHooks != nil {
+		toSerialize["preRegistrationInlineHooks"] = o.PreRegistrationInlineHooks
+	}
+	if o.ProfileAttributes != nil {
+		toSerialize["profileAttributes"] = o.ProfileAttributes
+	}
+	if o.TargetGroupIds != nil {
+		toSerialize["targetGroupIds"] = o.TargetGroupIds
+	}
+	if o.UnknownUserAction != nil {
+		toSerialize["unknownUserAction"] = o.UnknownUserAction
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicyRuleAction) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileEnrollmentPolicyRuleAction := _ProfileEnrollmentPolicyRuleAction{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRuleAction)
+	if err == nil {
+		*o = ProfileEnrollmentPolicyRuleAction(varProfileEnrollmentPolicyRuleAction)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "access")
+		delete(additionalProperties, "activationRequirements")
+		delete(additionalProperties, "preRegistrationInlineHooks")
+		delete(additionalProperties, "profileAttributes")
+		delete(additionalProperties, "targetGroupIds")
+		delete(additionalProperties, "unknownUserAction")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicyRuleAction struct {
+	value *ProfileEnrollmentPolicyRuleAction
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicyRuleAction) Get() *ProfileEnrollmentPolicyRuleAction {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleAction) Set(val *ProfileEnrollmentPolicyRuleAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicyRuleAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicyRuleAction(val *ProfileEnrollmentPolicyRuleAction) *NullableProfileEnrollmentPolicyRuleAction {
+	return &NullableProfileEnrollmentPolicyRuleAction{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy_rule_actions.go b/okta/model_profile_enrollment_policy_rule_actions.go
new file mode 100644
index 000000000..5b5320259
--- /dev/null
+++ b/okta/model_profile_enrollment_policy_rule_actions.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileEnrollmentPolicyRuleActions struct for ProfileEnrollmentPolicyRuleActions
+type ProfileEnrollmentPolicyRuleActions struct {
+	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
+	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
+	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
+	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
+	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
+	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
+	ProfileEnrollment        *ProfileEnrollmentPolicyRuleAction `json:"profileEnrollment,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicyRuleActions ProfileEnrollmentPolicyRuleActions
+
+// NewProfileEnrollmentPolicyRuleActions instantiates a new ProfileEnrollmentPolicyRuleActions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicyRuleActions() *ProfileEnrollmentPolicyRuleActions {
+	this := ProfileEnrollmentPolicyRuleActions{}
+	return &this
+}
+
+// NewProfileEnrollmentPolicyRuleActionsWithDefaults instantiates a new ProfileEnrollmentPolicyRuleActions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyRuleActionsWithDefaults() *ProfileEnrollmentPolicyRuleActions {
+	this := ProfileEnrollmentPolicyRuleActions{}
+	return &this
+}
+
+// GetEnroll returns the Enroll field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActions) GetEnroll() PolicyRuleActionsEnroll {
+	if o == nil || o.Enroll == nil {
+		var ret PolicyRuleActionsEnroll
+		return ret
+	}
+	return *o.Enroll
+}
+
+// GetEnrollOk returns a tuple with the Enroll field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) GetEnrollOk() (*PolicyRuleActionsEnroll, bool) {
+	if o == nil || o.Enroll == nil {
+		return nil, false
+	}
+	return o.Enroll, true
+}
+
+// HasEnroll returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) HasEnroll() bool {
+	if o != nil && o.Enroll != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnroll gets a reference to the given PolicyRuleActionsEnroll and assigns it to the Enroll field.
+func (o *ProfileEnrollmentPolicyRuleActions) SetEnroll(v PolicyRuleActionsEnroll) {
+	o.Enroll = &v
+}
+
+// GetIdp returns the Idp field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActions) GetIdp() IdpPolicyRuleAction {
+	if o == nil || o.Idp == nil {
+		var ret IdpPolicyRuleAction
+		return ret
+	}
+	return *o.Idp
+}
+
+// GetIdpOk returns a tuple with the Idp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) GetIdpOk() (*IdpPolicyRuleAction, bool) {
+	if o == nil || o.Idp == nil {
+		return nil, false
+	}
+	return o.Idp, true
+}
+
+// HasIdp returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) HasIdp() bool {
+	if o != nil && o.Idp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdp gets a reference to the given IdpPolicyRuleAction and assigns it to the Idp field.
+func (o *ProfileEnrollmentPolicyRuleActions) SetIdp(v IdpPolicyRuleAction) {
+	o.Idp = &v
+}
+
+// GetPasswordChange returns the PasswordChange field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActions) GetPasswordChange() PasswordPolicyRuleAction {
+	if o == nil || o.PasswordChange == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.PasswordChange
+}
+
+// GetPasswordChangeOk returns a tuple with the PasswordChange field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) GetPasswordChangeOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.PasswordChange == nil {
+		return nil, false
+	}
+	return o.PasswordChange, true
+}
+
+// HasPasswordChange returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) HasPasswordChange() bool {
+	if o != nil && o.PasswordChange != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChange gets a reference to the given PasswordPolicyRuleAction and assigns it to the PasswordChange field.
+func (o *ProfileEnrollmentPolicyRuleActions) SetPasswordChange(v PasswordPolicyRuleAction) {
+	o.PasswordChange = &v
+}
+
+// GetSelfServicePasswordReset returns the SelfServicePasswordReset field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServicePasswordReset() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServicePasswordReset
+}
+
+// GetSelfServicePasswordResetOk returns a tuple with the SelfServicePasswordReset field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServicePasswordResetOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServicePasswordReset == nil {
+		return nil, false
+	}
+	return o.SelfServicePasswordReset, true
+}
+
+// HasSelfServicePasswordReset returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) HasSelfServicePasswordReset() bool {
+	if o != nil && o.SelfServicePasswordReset != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServicePasswordReset gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServicePasswordReset field.
+func (o *ProfileEnrollmentPolicyRuleActions) SetSelfServicePasswordReset(v PasswordPolicyRuleAction) {
+	o.SelfServicePasswordReset = &v
+}
+
+// GetSelfServiceUnlock returns the SelfServiceUnlock field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServiceUnlock() PasswordPolicyRuleAction {
+	if o == nil || o.SelfServiceUnlock == nil {
+		var ret PasswordPolicyRuleAction
+		return ret
+	}
+	return *o.SelfServiceUnlock
+}
+
+// GetSelfServiceUnlockOk returns a tuple with the SelfServiceUnlock field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) GetSelfServiceUnlockOk() (*PasswordPolicyRuleAction, bool) {
+	if o == nil || o.SelfServiceUnlock == nil {
+		return nil, false
+	}
+	return o.SelfServiceUnlock, true
+}
+
+// HasSelfServiceUnlock returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) HasSelfServiceUnlock() bool {
+	if o != nil && o.SelfServiceUnlock != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelfServiceUnlock gets a reference to the given PasswordPolicyRuleAction and assigns it to the SelfServiceUnlock field.
+func (o *ProfileEnrollmentPolicyRuleActions) SetSelfServiceUnlock(v PasswordPolicyRuleAction) {
+	o.SelfServiceUnlock = &v
+}
+
+// GetSignon returns the Signon field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActions) GetSignon() OktaSignOnPolicyRuleSignonActions {
+	if o == nil || o.Signon == nil {
+		var ret OktaSignOnPolicyRuleSignonActions
+		return ret
+	}
+	return *o.Signon
+}
+
+// GetSignonOk returns a tuple with the Signon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) GetSignonOk() (*OktaSignOnPolicyRuleSignonActions, bool) {
+	if o == nil || o.Signon == nil {
+		return nil, false
+	}
+	return o.Signon, true
+}
+
+// HasSignon returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) HasSignon() bool {
+	if o != nil && o.Signon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignon gets a reference to the given OktaSignOnPolicyRuleSignonActions and assigns it to the Signon field.
+func (o *ProfileEnrollmentPolicyRuleActions) SetSignon(v OktaSignOnPolicyRuleSignonActions) {
+	o.Signon = &v
+}
+
+// GetProfileEnrollment returns the ProfileEnrollment field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActions) GetProfileEnrollment() ProfileEnrollmentPolicyRuleAction {
+	if o == nil || o.ProfileEnrollment == nil {
+		var ret ProfileEnrollmentPolicyRuleAction
+		return ret
+	}
+	return *o.ProfileEnrollment
+}
+
+// GetProfileEnrollmentOk returns a tuple with the ProfileEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) GetProfileEnrollmentOk() (*ProfileEnrollmentPolicyRuleAction, bool) {
+	if o == nil || o.ProfileEnrollment == nil {
+		return nil, false
+	}
+	return o.ProfileEnrollment, true
+}
+
+// HasProfileEnrollment returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActions) HasProfileEnrollment() bool {
+	if o != nil && o.ProfileEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfileEnrollment gets a reference to the given ProfileEnrollmentPolicyRuleAction and assigns it to the ProfileEnrollment field.
+func (o *ProfileEnrollmentPolicyRuleActions) SetProfileEnrollment(v ProfileEnrollmentPolicyRuleAction) {
+	o.ProfileEnrollment = &v
+}
+
+func (o ProfileEnrollmentPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enroll != nil {
+		toSerialize["enroll"] = o.Enroll
+	}
+	if o.Idp != nil {
+		toSerialize["idp"] = o.Idp
+	}
+	if o.PasswordChange != nil {
+		toSerialize["passwordChange"] = o.PasswordChange
+	}
+	if o.SelfServicePasswordReset != nil {
+		toSerialize["selfServicePasswordReset"] = o.SelfServicePasswordReset
+	}
+	if o.SelfServiceUnlock != nil {
+		toSerialize["selfServiceUnlock"] = o.SelfServiceUnlock
+	}
+	if o.Signon != nil {
+		toSerialize["signon"] = o.Signon
+	}
+	if o.ProfileEnrollment != nil {
+		toSerialize["profileEnrollment"] = o.ProfileEnrollment
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicyRuleActions) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileEnrollmentPolicyRuleActions := _ProfileEnrollmentPolicyRuleActions{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRuleActions)
+	if err == nil {
+		*o = ProfileEnrollmentPolicyRuleActions(varProfileEnrollmentPolicyRuleActions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enroll")
+		delete(additionalProperties, "idp")
+		delete(additionalProperties, "passwordChange")
+		delete(additionalProperties, "selfServicePasswordReset")
+		delete(additionalProperties, "selfServiceUnlock")
+		delete(additionalProperties, "signon")
+		delete(additionalProperties, "profileEnrollment")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicyRuleActions struct {
+	value *ProfileEnrollmentPolicyRuleActions
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActions) Get() *ProfileEnrollmentPolicyRuleActions {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActions) Set(val *ProfileEnrollmentPolicyRuleActions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicyRuleActions(val *ProfileEnrollmentPolicyRuleActions) *NullableProfileEnrollmentPolicyRuleActions {
+	return &NullableProfileEnrollmentPolicyRuleActions{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy_rule_actions_all_of.go b/okta/model_profile_enrollment_policy_rule_actions_all_of.go
new file mode 100644
index 000000000..47f64252e
--- /dev/null
+++ b/okta/model_profile_enrollment_policy_rule_actions_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileEnrollmentPolicyRuleActionsAllOf struct for ProfileEnrollmentPolicyRuleActionsAllOf
+type ProfileEnrollmentPolicyRuleActionsAllOf struct {
+	ProfileEnrollment    *ProfileEnrollmentPolicyRuleAction `json:"profileEnrollment,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicyRuleActionsAllOf ProfileEnrollmentPolicyRuleActionsAllOf
+
+// NewProfileEnrollmentPolicyRuleActionsAllOf instantiates a new ProfileEnrollmentPolicyRuleActionsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicyRuleActionsAllOf() *ProfileEnrollmentPolicyRuleActionsAllOf {
+	this := ProfileEnrollmentPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// NewProfileEnrollmentPolicyRuleActionsAllOfWithDefaults instantiates a new ProfileEnrollmentPolicyRuleActionsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyRuleActionsAllOfWithDefaults() *ProfileEnrollmentPolicyRuleActionsAllOf {
+	this := ProfileEnrollmentPolicyRuleActionsAllOf{}
+	return &this
+}
+
+// GetProfileEnrollment returns the ProfileEnrollment field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActionsAllOf) GetProfileEnrollment() ProfileEnrollmentPolicyRuleAction {
+	if o == nil || o.ProfileEnrollment == nil {
+		var ret ProfileEnrollmentPolicyRuleAction
+		return ret
+	}
+	return *o.ProfileEnrollment
+}
+
+// GetProfileEnrollmentOk returns a tuple with the ProfileEnrollment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActionsAllOf) GetProfileEnrollmentOk() (*ProfileEnrollmentPolicyRuleAction, bool) {
+	if o == nil || o.ProfileEnrollment == nil {
+		return nil, false
+	}
+	return o.ProfileEnrollment, true
+}
+
+// HasProfileEnrollment returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActionsAllOf) HasProfileEnrollment() bool {
+	if o != nil && o.ProfileEnrollment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfileEnrollment gets a reference to the given ProfileEnrollmentPolicyRuleAction and assigns it to the ProfileEnrollment field.
+func (o *ProfileEnrollmentPolicyRuleActionsAllOf) SetProfileEnrollment(v ProfileEnrollmentPolicyRuleAction) {
+	o.ProfileEnrollment = &v
+}
+
+func (o ProfileEnrollmentPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ProfileEnrollment != nil {
+		toSerialize["profileEnrollment"] = o.ProfileEnrollment
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicyRuleActionsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileEnrollmentPolicyRuleActionsAllOf := _ProfileEnrollmentPolicyRuleActionsAllOf{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRuleActionsAllOf)
+	if err == nil {
+		*o = ProfileEnrollmentPolicyRuleActionsAllOf(varProfileEnrollmentPolicyRuleActionsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profileEnrollment")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicyRuleActionsAllOf struct {
+	value *ProfileEnrollmentPolicyRuleActionsAllOf
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActionsAllOf) Get() *ProfileEnrollmentPolicyRuleActionsAllOf {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActionsAllOf) Set(val *ProfileEnrollmentPolicyRuleActionsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActionsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActionsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicyRuleActionsAllOf(val *ProfileEnrollmentPolicyRuleActionsAllOf) *NullableProfileEnrollmentPolicyRuleActionsAllOf {
+	return &NullableProfileEnrollmentPolicyRuleActionsAllOf{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActionsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActionsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy_rule_activation_requirement.go b/okta/model_profile_enrollment_policy_rule_activation_requirement.go
new file mode 100644
index 000000000..fce899aa8
--- /dev/null
+++ b/okta/model_profile_enrollment_policy_rule_activation_requirement.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileEnrollmentPolicyRuleActivationRequirement struct for ProfileEnrollmentPolicyRuleActivationRequirement
+type ProfileEnrollmentPolicyRuleActivationRequirement struct {
+	EmailVerification    *bool `json:"emailVerification,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicyRuleActivationRequirement ProfileEnrollmentPolicyRuleActivationRequirement
+
+// NewProfileEnrollmentPolicyRuleActivationRequirement instantiates a new ProfileEnrollmentPolicyRuleActivationRequirement object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicyRuleActivationRequirement() *ProfileEnrollmentPolicyRuleActivationRequirement {
+	this := ProfileEnrollmentPolicyRuleActivationRequirement{}
+	return &this
+}
+
+// NewProfileEnrollmentPolicyRuleActivationRequirementWithDefaults instantiates a new ProfileEnrollmentPolicyRuleActivationRequirement object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyRuleActivationRequirementWithDefaults() *ProfileEnrollmentPolicyRuleActivationRequirement {
+	this := ProfileEnrollmentPolicyRuleActivationRequirement{}
+	return &this
+}
+
+// GetEmailVerification returns the EmailVerification field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleActivationRequirement) GetEmailVerification() bool {
+	if o == nil || o.EmailVerification == nil {
+		var ret bool
+		return ret
+	}
+	return *o.EmailVerification
+}
+
+// GetEmailVerificationOk returns a tuple with the EmailVerification field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleActivationRequirement) GetEmailVerificationOk() (*bool, bool) {
+	if o == nil || o.EmailVerification == nil {
+		return nil, false
+	}
+	return o.EmailVerification, true
+}
+
+// HasEmailVerification returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleActivationRequirement) HasEmailVerification() bool {
+	if o != nil && o.EmailVerification != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmailVerification gets a reference to the given bool and assigns it to the EmailVerification field.
+func (o *ProfileEnrollmentPolicyRuleActivationRequirement) SetEmailVerification(v bool) {
+	o.EmailVerification = &v
+}
+
+func (o ProfileEnrollmentPolicyRuleActivationRequirement) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.EmailVerification != nil {
+		toSerialize["emailVerification"] = o.EmailVerification
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicyRuleActivationRequirement) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileEnrollmentPolicyRuleActivationRequirement := _ProfileEnrollmentPolicyRuleActivationRequirement{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRuleActivationRequirement)
+	if err == nil {
+		*o = ProfileEnrollmentPolicyRuleActivationRequirement(varProfileEnrollmentPolicyRuleActivationRequirement)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "emailVerification")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicyRuleActivationRequirement struct {
+	value *ProfileEnrollmentPolicyRuleActivationRequirement
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActivationRequirement) Get() *ProfileEnrollmentPolicyRuleActivationRequirement {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActivationRequirement) Set(val *ProfileEnrollmentPolicyRuleActivationRequirement) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActivationRequirement) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActivationRequirement) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicyRuleActivationRequirement(val *ProfileEnrollmentPolicyRuleActivationRequirement) *NullableProfileEnrollmentPolicyRuleActivationRequirement {
+	return &NullableProfileEnrollmentPolicyRuleActivationRequirement{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicyRuleActivationRequirement) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleActivationRequirement) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy_rule_all_of.go b/okta/model_profile_enrollment_policy_rule_all_of.go
new file mode 100644
index 000000000..3e71cbf78
--- /dev/null
+++ b/okta/model_profile_enrollment_policy_rule_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileEnrollmentPolicyRuleAllOf struct for ProfileEnrollmentPolicyRuleAllOf
+type ProfileEnrollmentPolicyRuleAllOf struct {
+	Actions              *ProfileEnrollmentPolicyRuleActions `json:"actions,omitempty"`
+	Conditions           *PolicyRuleConditions               `json:"conditions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicyRuleAllOf ProfileEnrollmentPolicyRuleAllOf
+
+// NewProfileEnrollmentPolicyRuleAllOf instantiates a new ProfileEnrollmentPolicyRuleAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicyRuleAllOf() *ProfileEnrollmentPolicyRuleAllOf {
+	this := ProfileEnrollmentPolicyRuleAllOf{}
+	return &this
+}
+
+// NewProfileEnrollmentPolicyRuleAllOfWithDefaults instantiates a new ProfileEnrollmentPolicyRuleAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyRuleAllOfWithDefaults() *ProfileEnrollmentPolicyRuleAllOf {
+	this := ProfileEnrollmentPolicyRuleAllOf{}
+	return &this
+}
+
+// GetActions returns the Actions field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAllOf) GetActions() ProfileEnrollmentPolicyRuleActions {
+	if o == nil || o.Actions == nil {
+		var ret ProfileEnrollmentPolicyRuleActions
+		return ret
+	}
+	return *o.Actions
+}
+
+// GetActionsOk returns a tuple with the Actions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAllOf) GetActionsOk() (*ProfileEnrollmentPolicyRuleActions, bool) {
+	if o == nil || o.Actions == nil {
+		return nil, false
+	}
+	return o.Actions, true
+}
+
+// HasActions returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAllOf) HasActions() bool {
+	if o != nil && o.Actions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActions gets a reference to the given ProfileEnrollmentPolicyRuleActions and assigns it to the Actions field.
+func (o *ProfileEnrollmentPolicyRuleAllOf) SetActions(v ProfileEnrollmentPolicyRuleActions) {
+	o.Actions = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleAllOf) GetConditions() PolicyRuleConditions {
+	if o == nil || o.Conditions == nil {
+		var ret PolicyRuleConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleAllOf) GetConditionsOk() (*PolicyRuleConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleAllOf) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given PolicyRuleConditions and assigns it to the Conditions field.
+func (o *ProfileEnrollmentPolicyRuleAllOf) SetConditions(v PolicyRuleConditions) {
+	o.Conditions = &v
+}
+
+func (o ProfileEnrollmentPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Actions != nil {
+		toSerialize["actions"] = o.Actions
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicyRuleAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileEnrollmentPolicyRuleAllOf := _ProfileEnrollmentPolicyRuleAllOf{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRuleAllOf)
+	if err == nil {
+		*o = ProfileEnrollmentPolicyRuleAllOf(varProfileEnrollmentPolicyRuleAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "actions")
+		delete(additionalProperties, "conditions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicyRuleAllOf struct {
+	value *ProfileEnrollmentPolicyRuleAllOf
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicyRuleAllOf) Get() *ProfileEnrollmentPolicyRuleAllOf {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleAllOf) Set(val *ProfileEnrollmentPolicyRuleAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicyRuleAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicyRuleAllOf(val *ProfileEnrollmentPolicyRuleAllOf) *NullableProfileEnrollmentPolicyRuleAllOf {
+	return &NullableProfileEnrollmentPolicyRuleAllOf{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicyRuleAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_enrollment_policy_rule_profile_attribute.go b/okta/model_profile_enrollment_policy_rule_profile_attribute.go
new file mode 100644
index 000000000..945284697
--- /dev/null
+++ b/okta/model_profile_enrollment_policy_rule_profile_attribute.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileEnrollmentPolicyRuleProfileAttribute struct for ProfileEnrollmentPolicyRuleProfileAttribute
+type ProfileEnrollmentPolicyRuleProfileAttribute struct {
+	Label                *string `json:"label,omitempty"`
+	Name                 *string `json:"name,omitempty"`
+	Required             *bool   `json:"required,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileEnrollmentPolicyRuleProfileAttribute ProfileEnrollmentPolicyRuleProfileAttribute
+
+// NewProfileEnrollmentPolicyRuleProfileAttribute instantiates a new ProfileEnrollmentPolicyRuleProfileAttribute object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileEnrollmentPolicyRuleProfileAttribute() *ProfileEnrollmentPolicyRuleProfileAttribute {
+	this := ProfileEnrollmentPolicyRuleProfileAttribute{}
+	return &this
+}
+
+// NewProfileEnrollmentPolicyRuleProfileAttributeWithDefaults instantiates a new ProfileEnrollmentPolicyRuleProfileAttribute object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileEnrollmentPolicyRuleProfileAttributeWithDefaults() *ProfileEnrollmentPolicyRuleProfileAttribute {
+	this := ProfileEnrollmentPolicyRuleProfileAttribute{}
+	return &this
+}
+
+// GetLabel returns the Label field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetLabel() string {
+	if o == nil || o.Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetLabelOk() (*string, bool) {
+	if o == nil || o.Label == nil {
+		return nil, false
+	}
+	return o.Label, true
+}
+
+// HasLabel returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) HasLabel() bool {
+	if o != nil && o.Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLabel gets a reference to the given string and assigns it to the Label field.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) SetLabel(v string) {
+	o.Label = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) SetName(v string) {
+	o.Name = &v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetRequired() bool {
+	if o == nil || o.Required == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) GetRequiredOk() (*bool, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given bool and assigns it to the Required field.
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) SetRequired(v bool) {
+	o.Required = &v
+}
+
+func (o ProfileEnrollmentPolicyRuleProfileAttribute) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Label != nil {
+		toSerialize["label"] = o.Label
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileEnrollmentPolicyRuleProfileAttribute) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileEnrollmentPolicyRuleProfileAttribute := _ProfileEnrollmentPolicyRuleProfileAttribute{}
+
+	err = json.Unmarshal(bytes, &varProfileEnrollmentPolicyRuleProfileAttribute)
+	if err == nil {
+		*o = ProfileEnrollmentPolicyRuleProfileAttribute(varProfileEnrollmentPolicyRuleProfileAttribute)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "required")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileEnrollmentPolicyRuleProfileAttribute struct {
+	value *ProfileEnrollmentPolicyRuleProfileAttribute
+	isSet bool
+}
+
+func (v NullableProfileEnrollmentPolicyRuleProfileAttribute) Get() *ProfileEnrollmentPolicyRuleProfileAttribute {
+	return v.value
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleProfileAttribute) Set(val *ProfileEnrollmentPolicyRuleProfileAttribute) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileEnrollmentPolicyRuleProfileAttribute) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleProfileAttribute) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileEnrollmentPolicyRuleProfileAttribute(val *ProfileEnrollmentPolicyRuleProfileAttribute) *NullableProfileEnrollmentPolicyRuleProfileAttribute {
+	return &NullableProfileEnrollmentPolicyRuleProfileAttribute{value: val, isSet: true}
+}
+
+func (v NullableProfileEnrollmentPolicyRuleProfileAttribute) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileEnrollmentPolicyRuleProfileAttribute) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_mapping.go b/okta/model_profile_mapping.go
new file mode 100644
index 000000000..8c7de882c
--- /dev/null
+++ b/okta/model_profile_mapping.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileMapping struct for ProfileMapping
+type ProfileMapping struct {
+	Id                   *string                            `json:"id,omitempty"`
+	Properties           *map[string]ProfileMappingProperty `json:"properties,omitempty"`
+	Source               *ProfileMappingSource              `json:"source,omitempty"`
+	Target               *ProfileMappingSource              `json:"target,omitempty"`
+	Links                map[string]map[string]interface{}  `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileMapping ProfileMapping
+
+// NewProfileMapping instantiates a new ProfileMapping object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileMapping() *ProfileMapping {
+	this := ProfileMapping{}
+	return &this
+}
+
+// NewProfileMappingWithDefaults instantiates a new ProfileMapping object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileMappingWithDefaults() *ProfileMapping {
+	this := ProfileMapping{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ProfileMapping) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMapping) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ProfileMapping) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ProfileMapping) SetId(v string) {
+	o.Id = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *ProfileMapping) GetProperties() map[string]ProfileMappingProperty {
+	if o == nil || o.Properties == nil {
+		var ret map[string]ProfileMappingProperty
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMapping) GetPropertiesOk() (*map[string]ProfileMappingProperty, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *ProfileMapping) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given map[string]ProfileMappingProperty and assigns it to the Properties field.
+func (o *ProfileMapping) SetProperties(v map[string]ProfileMappingProperty) {
+	o.Properties = &v
+}
+
+// GetSource returns the Source field value if set, zero value otherwise.
+func (o *ProfileMapping) GetSource() ProfileMappingSource {
+	if o == nil || o.Source == nil {
+		var ret ProfileMappingSource
+		return ret
+	}
+	return *o.Source
+}
+
+// GetSourceOk returns a tuple with the Source field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMapping) GetSourceOk() (*ProfileMappingSource, bool) {
+	if o == nil || o.Source == nil {
+		return nil, false
+	}
+	return o.Source, true
+}
+
+// HasSource returns a boolean if a field has been set.
+func (o *ProfileMapping) HasSource() bool {
+	if o != nil && o.Source != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSource gets a reference to the given ProfileMappingSource and assigns it to the Source field.
+func (o *ProfileMapping) SetSource(v ProfileMappingSource) {
+	o.Source = &v
+}
+
+// GetTarget returns the Target field value if set, zero value otherwise.
+func (o *ProfileMapping) GetTarget() ProfileMappingSource {
+	if o == nil || o.Target == nil {
+		var ret ProfileMappingSource
+		return ret
+	}
+	return *o.Target
+}
+
+// GetTargetOk returns a tuple with the Target field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMapping) GetTargetOk() (*ProfileMappingSource, bool) {
+	if o == nil || o.Target == nil {
+		return nil, false
+	}
+	return o.Target, true
+}
+
+// HasTarget returns a boolean if a field has been set.
+func (o *ProfileMapping) HasTarget() bool {
+	if o != nil && o.Target != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTarget gets a reference to the given ProfileMappingSource and assigns it to the Target field.
+func (o *ProfileMapping) SetTarget(v ProfileMappingSource) {
+	o.Target = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ProfileMapping) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMapping) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ProfileMapping) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ProfileMapping) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ProfileMapping) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Source != nil {
+		toSerialize["source"] = o.Source
+	}
+	if o.Target != nil {
+		toSerialize["target"] = o.Target
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileMapping) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileMapping := _ProfileMapping{}
+
+	err = json.Unmarshal(bytes, &varProfileMapping)
+	if err == nil {
+		*o = ProfileMapping(varProfileMapping)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "source")
+		delete(additionalProperties, "target")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileMapping struct {
+	value *ProfileMapping
+	isSet bool
+}
+
+func (v NullableProfileMapping) Get() *ProfileMapping {
+	return v.value
+}
+
+func (v *NullableProfileMapping) Set(val *ProfileMapping) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileMapping) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileMapping) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileMapping(val *ProfileMapping) *NullableProfileMapping {
+	return &NullableProfileMapping{value: val, isSet: true}
+}
+
+func (v NullableProfileMapping) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileMapping) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_mapping_property.go b/okta/model_profile_mapping_property.go
new file mode 100644
index 000000000..82056c4c3
--- /dev/null
+++ b/okta/model_profile_mapping_property.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileMappingProperty struct for ProfileMappingProperty
+type ProfileMappingProperty struct {
+	Expression           *string                           `json:"expression,omitempty"`
+	PushStatus           *ProfileMappingPropertyPushStatus `json:"pushStatus,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileMappingProperty ProfileMappingProperty
+
+// NewProfileMappingProperty instantiates a new ProfileMappingProperty object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileMappingProperty() *ProfileMappingProperty {
+	this := ProfileMappingProperty{}
+	return &this
+}
+
+// NewProfileMappingPropertyWithDefaults instantiates a new ProfileMappingProperty object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileMappingPropertyWithDefaults() *ProfileMappingProperty {
+	this := ProfileMappingProperty{}
+	return &this
+}
+
+// GetExpression returns the Expression field value if set, zero value otherwise.
+func (o *ProfileMappingProperty) GetExpression() string {
+	if o == nil || o.Expression == nil {
+		var ret string
+		return ret
+	}
+	return *o.Expression
+}
+
+// GetExpressionOk returns a tuple with the Expression field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMappingProperty) GetExpressionOk() (*string, bool) {
+	if o == nil || o.Expression == nil {
+		return nil, false
+	}
+	return o.Expression, true
+}
+
+// HasExpression returns a boolean if a field has been set.
+func (o *ProfileMappingProperty) HasExpression() bool {
+	if o != nil && o.Expression != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpression gets a reference to the given string and assigns it to the Expression field.
+func (o *ProfileMappingProperty) SetExpression(v string) {
+	o.Expression = &v
+}
+
+// GetPushStatus returns the PushStatus field value if set, zero value otherwise.
+func (o *ProfileMappingProperty) GetPushStatus() ProfileMappingPropertyPushStatus {
+	if o == nil || o.PushStatus == nil {
+		var ret ProfileMappingPropertyPushStatus
+		return ret
+	}
+	return *o.PushStatus
+}
+
+// GetPushStatusOk returns a tuple with the PushStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMappingProperty) GetPushStatusOk() (*ProfileMappingPropertyPushStatus, bool) {
+	if o == nil || o.PushStatus == nil {
+		return nil, false
+	}
+	return o.PushStatus, true
+}
+
+// HasPushStatus returns a boolean if a field has been set.
+func (o *ProfileMappingProperty) HasPushStatus() bool {
+	if o != nil && o.PushStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPushStatus gets a reference to the given ProfileMappingPropertyPushStatus and assigns it to the PushStatus field.
+func (o *ProfileMappingProperty) SetPushStatus(v ProfileMappingPropertyPushStatus) {
+	o.PushStatus = &v
+}
+
+func (o ProfileMappingProperty) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Expression != nil {
+		toSerialize["expression"] = o.Expression
+	}
+	if o.PushStatus != nil {
+		toSerialize["pushStatus"] = o.PushStatus
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileMappingProperty) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileMappingProperty := _ProfileMappingProperty{}
+
+	err = json.Unmarshal(bytes, &varProfileMappingProperty)
+	if err == nil {
+		*o = ProfileMappingProperty(varProfileMappingProperty)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expression")
+		delete(additionalProperties, "pushStatus")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileMappingProperty struct {
+	value *ProfileMappingProperty
+	isSet bool
+}
+
+func (v NullableProfileMappingProperty) Get() *ProfileMappingProperty {
+	return v.value
+}
+
+func (v *NullableProfileMappingProperty) Set(val *ProfileMappingProperty) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileMappingProperty) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileMappingProperty) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileMappingProperty(val *ProfileMappingProperty) *NullableProfileMappingProperty {
+	return &NullableProfileMappingProperty{value: val, isSet: true}
+}
+
+func (v NullableProfileMappingProperty) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileMappingProperty) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_mapping_property_push_status.go b/okta/model_profile_mapping_property_push_status.go
new file mode 100644
index 000000000..b9e231b59
--- /dev/null
+++ b/okta/model_profile_mapping_property_push_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProfileMappingPropertyPushStatus the model 'ProfileMappingPropertyPushStatus'
+type ProfileMappingPropertyPushStatus string
+
+// List of ProfileMappingPropertyPushStatus
+const (
+	PROFILEMAPPINGPROPERTYPUSHSTATUS_DONT_PUSH ProfileMappingPropertyPushStatus = "DONT_PUSH"
+	PROFILEMAPPINGPROPERTYPUSHSTATUS_PUSH      ProfileMappingPropertyPushStatus = "PUSH"
+)
+
+// All allowed values of ProfileMappingPropertyPushStatus enum
+var AllowedProfileMappingPropertyPushStatusEnumValues = []ProfileMappingPropertyPushStatus{
+	"DONT_PUSH",
+	"PUSH",
+}
+
+func (v *ProfileMappingPropertyPushStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProfileMappingPropertyPushStatus(value)
+	for _, existing := range AllowedProfileMappingPropertyPushStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProfileMappingPropertyPushStatus", value)
+}
+
+// NewProfileMappingPropertyPushStatusFromValue returns a pointer to a valid ProfileMappingPropertyPushStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProfileMappingPropertyPushStatusFromValue(v string) (*ProfileMappingPropertyPushStatus, error) {
+	ev := ProfileMappingPropertyPushStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProfileMappingPropertyPushStatus: valid values are %v", v, AllowedProfileMappingPropertyPushStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProfileMappingPropertyPushStatus) IsValid() bool {
+	for _, existing := range AllowedProfileMappingPropertyPushStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProfileMappingPropertyPushStatus value
+func (v ProfileMappingPropertyPushStatus) Ptr() *ProfileMappingPropertyPushStatus {
+	return &v
+}
+
+type NullableProfileMappingPropertyPushStatus struct {
+	value *ProfileMappingPropertyPushStatus
+	isSet bool
+}
+
+func (v NullableProfileMappingPropertyPushStatus) Get() *ProfileMappingPropertyPushStatus {
+	return v.value
+}
+
+func (v *NullableProfileMappingPropertyPushStatus) Set(val *ProfileMappingPropertyPushStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileMappingPropertyPushStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileMappingPropertyPushStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileMappingPropertyPushStatus(val *ProfileMappingPropertyPushStatus) *NullableProfileMappingPropertyPushStatus {
+	return &NullableProfileMappingPropertyPushStatus{value: val, isSet: true}
+}
+
+func (v NullableProfileMappingPropertyPushStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileMappingPropertyPushStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_mapping_source.go b/okta/model_profile_mapping_source.go
new file mode 100644
index 000000000..e2eba4d5e
--- /dev/null
+++ b/okta/model_profile_mapping_source.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileMappingSource struct for ProfileMappingSource
+type ProfileMappingSource struct {
+	Id                   *string                           `json:"id,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Type                 *string                           `json:"type,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileMappingSource ProfileMappingSource
+
+// NewProfileMappingSource instantiates a new ProfileMappingSource object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileMappingSource() *ProfileMappingSource {
+	this := ProfileMappingSource{}
+	return &this
+}
+
+// NewProfileMappingSourceWithDefaults instantiates a new ProfileMappingSource object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileMappingSourceWithDefaults() *ProfileMappingSource {
+	this := ProfileMappingSource{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ProfileMappingSource) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMappingSource) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ProfileMappingSource) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ProfileMappingSource) SetId(v string) {
+	o.Id = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *ProfileMappingSource) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMappingSource) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *ProfileMappingSource) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *ProfileMappingSource) SetName(v string) {
+	o.Name = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *ProfileMappingSource) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMappingSource) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *ProfileMappingSource) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *ProfileMappingSource) SetType(v string) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ProfileMappingSource) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileMappingSource) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ProfileMappingSource) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ProfileMappingSource) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ProfileMappingSource) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileMappingSource) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileMappingSource := _ProfileMappingSource{}
+
+	err = json.Unmarshal(bytes, &varProfileMappingSource)
+	if err == nil {
+		*o = ProfileMappingSource(varProfileMappingSource)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileMappingSource struct {
+	value *ProfileMappingSource
+	isSet bool
+}
+
+func (v NullableProfileMappingSource) Get() *ProfileMappingSource {
+	return v.value
+}
+
+func (v *NullableProfileMappingSource) Set(val *ProfileMappingSource) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileMappingSource) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileMappingSource) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileMappingSource(val *ProfileMappingSource) *NullableProfileMappingSource {
+	return &NullableProfileMappingSource{value: val, isSet: true}
+}
+
+func (v NullableProfileMappingSource) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileMappingSource) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_profile_setting_object.go b/okta/model_profile_setting_object.go
new file mode 100644
index 000000000..2583d3a81
--- /dev/null
+++ b/okta/model_profile_setting_object.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProfileSettingObject struct for ProfileSettingObject
+type ProfileSettingObject struct {
+	Status               *EnabledStatus `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProfileSettingObject ProfileSettingObject
+
+// NewProfileSettingObject instantiates a new ProfileSettingObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProfileSettingObject() *ProfileSettingObject {
+	this := ProfileSettingObject{}
+	return &this
+}
+
+// NewProfileSettingObjectWithDefaults instantiates a new ProfileSettingObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProfileSettingObjectWithDefaults() *ProfileSettingObject {
+	this := ProfileSettingObject{}
+	return &this
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *ProfileSettingObject) GetStatus() EnabledStatus {
+	if o == nil || o.Status == nil {
+		var ret EnabledStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProfileSettingObject) GetStatusOk() (*EnabledStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *ProfileSettingObject) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given EnabledStatus and assigns it to the Status field.
+func (o *ProfileSettingObject) SetStatus(v EnabledStatus) {
+	o.Status = &v
+}
+
+func (o ProfileSettingObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProfileSettingObject) UnmarshalJSON(bytes []byte) (err error) {
+	varProfileSettingObject := _ProfileSettingObject{}
+
+	err = json.Unmarshal(bytes, &varProfileSettingObject)
+	if err == nil {
+		*o = ProfileSettingObject(varProfileSettingObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProfileSettingObject struct {
+	value *ProfileSettingObject
+	isSet bool
+}
+
+func (v NullableProfileSettingObject) Get() *ProfileSettingObject {
+	return v.value
+}
+
+func (v *NullableProfileSettingObject) Set(val *ProfileSettingObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProfileSettingObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProfileSettingObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProfileSettingObject(val *ProfileSettingObject) *NullableProfileSettingObject {
+	return &NullableProfileSettingObject{value: val, isSet: true}
+}
+
+func (v NullableProfileSettingObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProfileSettingObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol.go b/okta/model_protocol.go
new file mode 100644
index 000000000..abb768b02
--- /dev/null
+++ b/okta/model_protocol.go
@@ -0,0 +1,417 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Protocol struct for Protocol
+type Protocol struct {
+	Algorithms           *ProtocolAlgorithms          `json:"algorithms,omitempty"`
+	Credentials          *IdentityProviderCredentials `json:"credentials,omitempty"`
+	Endpoints            *ProtocolEndpoints           `json:"endpoints,omitempty"`
+	Issuer               *ProtocolEndpoint            `json:"issuer,omitempty"`
+	RelayState           *ProtocolRelayState          `json:"relayState,omitempty"`
+	Scopes               []string                     `json:"scopes,omitempty"`
+	Settings             *ProtocolSettings            `json:"settings,omitempty"`
+	Type                 *ProtocolType                `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Protocol Protocol
+
+// NewProtocol instantiates a new Protocol object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocol() *Protocol {
+	this := Protocol{}
+	return &this
+}
+
+// NewProtocolWithDefaults instantiates a new Protocol object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolWithDefaults() *Protocol {
+	this := Protocol{}
+	return &this
+}
+
+// GetAlgorithms returns the Algorithms field value if set, zero value otherwise.
+func (o *Protocol) GetAlgorithms() ProtocolAlgorithms {
+	if o == nil || o.Algorithms == nil {
+		var ret ProtocolAlgorithms
+		return ret
+	}
+	return *o.Algorithms
+}
+
+// GetAlgorithmsOk returns a tuple with the Algorithms field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetAlgorithmsOk() (*ProtocolAlgorithms, bool) {
+	if o == nil || o.Algorithms == nil {
+		return nil, false
+	}
+	return o.Algorithms, true
+}
+
+// HasAlgorithms returns a boolean if a field has been set.
+func (o *Protocol) HasAlgorithms() bool {
+	if o != nil && o.Algorithms != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlgorithms gets a reference to the given ProtocolAlgorithms and assigns it to the Algorithms field.
+func (o *Protocol) SetAlgorithms(v ProtocolAlgorithms) {
+	o.Algorithms = &v
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *Protocol) GetCredentials() IdentityProviderCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret IdentityProviderCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetCredentialsOk() (*IdentityProviderCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *Protocol) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given IdentityProviderCredentials and assigns it to the Credentials field.
+func (o *Protocol) SetCredentials(v IdentityProviderCredentials) {
+	o.Credentials = &v
+}
+
+// GetEndpoints returns the Endpoints field value if set, zero value otherwise.
+func (o *Protocol) GetEndpoints() ProtocolEndpoints {
+	if o == nil || o.Endpoints == nil {
+		var ret ProtocolEndpoints
+		return ret
+	}
+	return *o.Endpoints
+}
+
+// GetEndpointsOk returns a tuple with the Endpoints field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetEndpointsOk() (*ProtocolEndpoints, bool) {
+	if o == nil || o.Endpoints == nil {
+		return nil, false
+	}
+	return o.Endpoints, true
+}
+
+// HasEndpoints returns a boolean if a field has been set.
+func (o *Protocol) HasEndpoints() bool {
+	if o != nil && o.Endpoints != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEndpoints gets a reference to the given ProtocolEndpoints and assigns it to the Endpoints field.
+func (o *Protocol) SetEndpoints(v ProtocolEndpoints) {
+	o.Endpoints = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *Protocol) GetIssuer() ProtocolEndpoint {
+	if o == nil || o.Issuer == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetIssuerOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *Protocol) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given ProtocolEndpoint and assigns it to the Issuer field.
+func (o *Protocol) SetIssuer(v ProtocolEndpoint) {
+	o.Issuer = &v
+}
+
+// GetRelayState returns the RelayState field value if set, zero value otherwise.
+func (o *Protocol) GetRelayState() ProtocolRelayState {
+	if o == nil || o.RelayState == nil {
+		var ret ProtocolRelayState
+		return ret
+	}
+	return *o.RelayState
+}
+
+// GetRelayStateOk returns a tuple with the RelayState field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetRelayStateOk() (*ProtocolRelayState, bool) {
+	if o == nil || o.RelayState == nil {
+		return nil, false
+	}
+	return o.RelayState, true
+}
+
+// HasRelayState returns a boolean if a field has been set.
+func (o *Protocol) HasRelayState() bool {
+	if o != nil && o.RelayState != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRelayState gets a reference to the given ProtocolRelayState and assigns it to the RelayState field.
+func (o *Protocol) SetRelayState(v ProtocolRelayState) {
+	o.RelayState = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *Protocol) GetScopes() []string {
+	if o == nil || o.Scopes == nil {
+		var ret []string
+		return ret
+	}
+	return o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetScopesOk() ([]string, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *Protocol) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given []string and assigns it to the Scopes field.
+func (o *Protocol) SetScopes(v []string) {
+	o.Scopes = v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *Protocol) GetSettings() ProtocolSettings {
+	if o == nil || o.Settings == nil {
+		var ret ProtocolSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetSettingsOk() (*ProtocolSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *Protocol) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given ProtocolSettings and assigns it to the Settings field.
+func (o *Protocol) SetSettings(v ProtocolSettings) {
+	o.Settings = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *Protocol) GetType() ProtocolType {
+	if o == nil || o.Type == nil {
+		var ret ProtocolType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Protocol) GetTypeOk() (*ProtocolType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *Protocol) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given ProtocolType and assigns it to the Type field.
+func (o *Protocol) SetType(v ProtocolType) {
+	o.Type = &v
+}
+
+func (o Protocol) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Algorithms != nil {
+		toSerialize["algorithms"] = o.Algorithms
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Endpoints != nil {
+		toSerialize["endpoints"] = o.Endpoints
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+	if o.RelayState != nil {
+		toSerialize["relayState"] = o.RelayState
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Protocol) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocol := _Protocol{}
+
+	err = json.Unmarshal(bytes, &varProtocol)
+	if err == nil {
+		*o = Protocol(varProtocol)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "algorithms")
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "endpoints")
+		delete(additionalProperties, "issuer")
+		delete(additionalProperties, "relayState")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "settings")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocol struct {
+	value *Protocol
+	isSet bool
+}
+
+func (v NullableProtocol) Get() *Protocol {
+	return v.value
+}
+
+func (v *NullableProtocol) Set(val *Protocol) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocol) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocol) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocol(val *Protocol) *NullableProtocol {
+	return &NullableProtocol{value: val, isSet: true}
+}
+
+func (v NullableProtocol) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocol) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_algorithm_type.go b/okta/model_protocol_algorithm_type.go
new file mode 100644
index 000000000..1efe9c13f
--- /dev/null
+++ b/okta/model_protocol_algorithm_type.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProtocolAlgorithmType struct for ProtocolAlgorithmType
+type ProtocolAlgorithmType struct {
+	Signature            *ProtocolAlgorithmTypeSignature `json:"signature,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProtocolAlgorithmType ProtocolAlgorithmType
+
+// NewProtocolAlgorithmType instantiates a new ProtocolAlgorithmType object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocolAlgorithmType() *ProtocolAlgorithmType {
+	this := ProtocolAlgorithmType{}
+	return &this
+}
+
+// NewProtocolAlgorithmTypeWithDefaults instantiates a new ProtocolAlgorithmType object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolAlgorithmTypeWithDefaults() *ProtocolAlgorithmType {
+	this := ProtocolAlgorithmType{}
+	return &this
+}
+
+// GetSignature returns the Signature field value if set, zero value otherwise.
+func (o *ProtocolAlgorithmType) GetSignature() ProtocolAlgorithmTypeSignature {
+	if o == nil || o.Signature == nil {
+		var ret ProtocolAlgorithmTypeSignature
+		return ret
+	}
+	return *o.Signature
+}
+
+// GetSignatureOk returns a tuple with the Signature field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolAlgorithmType) GetSignatureOk() (*ProtocolAlgorithmTypeSignature, bool) {
+	if o == nil || o.Signature == nil {
+		return nil, false
+	}
+	return o.Signature, true
+}
+
+// HasSignature returns a boolean if a field has been set.
+func (o *ProtocolAlgorithmType) HasSignature() bool {
+	if o != nil && o.Signature != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignature gets a reference to the given ProtocolAlgorithmTypeSignature and assigns it to the Signature field.
+func (o *ProtocolAlgorithmType) SetSignature(v ProtocolAlgorithmTypeSignature) {
+	o.Signature = &v
+}
+
+func (o ProtocolAlgorithmType) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Signature != nil {
+		toSerialize["signature"] = o.Signature
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProtocolAlgorithmType) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocolAlgorithmType := _ProtocolAlgorithmType{}
+
+	err = json.Unmarshal(bytes, &varProtocolAlgorithmType)
+	if err == nil {
+		*o = ProtocolAlgorithmType(varProtocolAlgorithmType)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signature")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocolAlgorithmType struct {
+	value *ProtocolAlgorithmType
+	isSet bool
+}
+
+func (v NullableProtocolAlgorithmType) Get() *ProtocolAlgorithmType {
+	return v.value
+}
+
+func (v *NullableProtocolAlgorithmType) Set(val *ProtocolAlgorithmType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolAlgorithmType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolAlgorithmType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolAlgorithmType(val *ProtocolAlgorithmType) *NullableProtocolAlgorithmType {
+	return &NullableProtocolAlgorithmType{value: val, isSet: true}
+}
+
+func (v NullableProtocolAlgorithmType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolAlgorithmType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_algorithm_type_signature.go b/okta/model_protocol_algorithm_type_signature.go
new file mode 100644
index 000000000..3b8a352df
--- /dev/null
+++ b/okta/model_protocol_algorithm_type_signature.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProtocolAlgorithmTypeSignature struct for ProtocolAlgorithmTypeSignature
+type ProtocolAlgorithmTypeSignature struct {
+	Algorithm            *string                              `json:"algorithm,omitempty"`
+	Scope                *ProtocolAlgorithmTypeSignatureScope `json:"scope,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProtocolAlgorithmTypeSignature ProtocolAlgorithmTypeSignature
+
+// NewProtocolAlgorithmTypeSignature instantiates a new ProtocolAlgorithmTypeSignature object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocolAlgorithmTypeSignature() *ProtocolAlgorithmTypeSignature {
+	this := ProtocolAlgorithmTypeSignature{}
+	return &this
+}
+
+// NewProtocolAlgorithmTypeSignatureWithDefaults instantiates a new ProtocolAlgorithmTypeSignature object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolAlgorithmTypeSignatureWithDefaults() *ProtocolAlgorithmTypeSignature {
+	this := ProtocolAlgorithmTypeSignature{}
+	return &this
+}
+
+// GetAlgorithm returns the Algorithm field value if set, zero value otherwise.
+func (o *ProtocolAlgorithmTypeSignature) GetAlgorithm() string {
+	if o == nil || o.Algorithm == nil {
+		var ret string
+		return ret
+	}
+	return *o.Algorithm
+}
+
+// GetAlgorithmOk returns a tuple with the Algorithm field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolAlgorithmTypeSignature) GetAlgorithmOk() (*string, bool) {
+	if o == nil || o.Algorithm == nil {
+		return nil, false
+	}
+	return o.Algorithm, true
+}
+
+// HasAlgorithm returns a boolean if a field has been set.
+func (o *ProtocolAlgorithmTypeSignature) HasAlgorithm() bool {
+	if o != nil && o.Algorithm != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlgorithm gets a reference to the given string and assigns it to the Algorithm field.
+func (o *ProtocolAlgorithmTypeSignature) SetAlgorithm(v string) {
+	o.Algorithm = &v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *ProtocolAlgorithmTypeSignature) GetScope() ProtocolAlgorithmTypeSignatureScope {
+	if o == nil || o.Scope == nil {
+		var ret ProtocolAlgorithmTypeSignatureScope
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolAlgorithmTypeSignature) GetScopeOk() (*ProtocolAlgorithmTypeSignatureScope, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *ProtocolAlgorithmTypeSignature) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given ProtocolAlgorithmTypeSignatureScope and assigns it to the Scope field.
+func (o *ProtocolAlgorithmTypeSignature) SetScope(v ProtocolAlgorithmTypeSignatureScope) {
+	o.Scope = &v
+}
+
+func (o ProtocolAlgorithmTypeSignature) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Algorithm != nil {
+		toSerialize["algorithm"] = o.Algorithm
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProtocolAlgorithmTypeSignature) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocolAlgorithmTypeSignature := _ProtocolAlgorithmTypeSignature{}
+
+	err = json.Unmarshal(bytes, &varProtocolAlgorithmTypeSignature)
+	if err == nil {
+		*o = ProtocolAlgorithmTypeSignature(varProtocolAlgorithmTypeSignature)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "algorithm")
+		delete(additionalProperties, "scope")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocolAlgorithmTypeSignature struct {
+	value *ProtocolAlgorithmTypeSignature
+	isSet bool
+}
+
+func (v NullableProtocolAlgorithmTypeSignature) Get() *ProtocolAlgorithmTypeSignature {
+	return v.value
+}
+
+func (v *NullableProtocolAlgorithmTypeSignature) Set(val *ProtocolAlgorithmTypeSignature) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolAlgorithmTypeSignature) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolAlgorithmTypeSignature) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolAlgorithmTypeSignature(val *ProtocolAlgorithmTypeSignature) *NullableProtocolAlgorithmTypeSignature {
+	return &NullableProtocolAlgorithmTypeSignature{value: val, isSet: true}
+}
+
+func (v NullableProtocolAlgorithmTypeSignature) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolAlgorithmTypeSignature) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_algorithm_type_signature_scope.go b/okta/model_protocol_algorithm_type_signature_scope.go
new file mode 100644
index 000000000..060eb52c9
--- /dev/null
+++ b/okta/model_protocol_algorithm_type_signature_scope.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProtocolAlgorithmTypeSignatureScope the model 'ProtocolAlgorithmTypeSignatureScope'
+type ProtocolAlgorithmTypeSignatureScope string
+
+// List of ProtocolAlgorithmTypeSignatureScope
+const (
+	PROTOCOLALGORITHMTYPESIGNATURESCOPE_ANY      ProtocolAlgorithmTypeSignatureScope = "ANY"
+	PROTOCOLALGORITHMTYPESIGNATURESCOPE_NONE     ProtocolAlgorithmTypeSignatureScope = "NONE"
+	PROTOCOLALGORITHMTYPESIGNATURESCOPE_REQUEST  ProtocolAlgorithmTypeSignatureScope = "REQUEST"
+	PROTOCOLALGORITHMTYPESIGNATURESCOPE_RESPONSE ProtocolAlgorithmTypeSignatureScope = "RESPONSE"
+	PROTOCOLALGORITHMTYPESIGNATURESCOPE_TOKEN    ProtocolAlgorithmTypeSignatureScope = "TOKEN"
+)
+
+// All allowed values of ProtocolAlgorithmTypeSignatureScope enum
+var AllowedProtocolAlgorithmTypeSignatureScopeEnumValues = []ProtocolAlgorithmTypeSignatureScope{
+	"ANY",
+	"NONE",
+	"REQUEST",
+	"RESPONSE",
+	"TOKEN",
+}
+
+func (v *ProtocolAlgorithmTypeSignatureScope) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProtocolAlgorithmTypeSignatureScope(value)
+	for _, existing := range AllowedProtocolAlgorithmTypeSignatureScopeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProtocolAlgorithmTypeSignatureScope", value)
+}
+
+// NewProtocolAlgorithmTypeSignatureScopeFromValue returns a pointer to a valid ProtocolAlgorithmTypeSignatureScope
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProtocolAlgorithmTypeSignatureScopeFromValue(v string) (*ProtocolAlgorithmTypeSignatureScope, error) {
+	ev := ProtocolAlgorithmTypeSignatureScope(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProtocolAlgorithmTypeSignatureScope: valid values are %v", v, AllowedProtocolAlgorithmTypeSignatureScopeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProtocolAlgorithmTypeSignatureScope) IsValid() bool {
+	for _, existing := range AllowedProtocolAlgorithmTypeSignatureScopeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProtocolAlgorithmTypeSignatureScope value
+func (v ProtocolAlgorithmTypeSignatureScope) Ptr() *ProtocolAlgorithmTypeSignatureScope {
+	return &v
+}
+
+type NullableProtocolAlgorithmTypeSignatureScope struct {
+	value *ProtocolAlgorithmTypeSignatureScope
+	isSet bool
+}
+
+func (v NullableProtocolAlgorithmTypeSignatureScope) Get() *ProtocolAlgorithmTypeSignatureScope {
+	return v.value
+}
+
+func (v *NullableProtocolAlgorithmTypeSignatureScope) Set(val *ProtocolAlgorithmTypeSignatureScope) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolAlgorithmTypeSignatureScope) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolAlgorithmTypeSignatureScope) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolAlgorithmTypeSignatureScope(val *ProtocolAlgorithmTypeSignatureScope) *NullableProtocolAlgorithmTypeSignatureScope {
+	return &NullableProtocolAlgorithmTypeSignatureScope{value: val, isSet: true}
+}
+
+func (v NullableProtocolAlgorithmTypeSignatureScope) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolAlgorithmTypeSignatureScope) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_algorithms.go b/okta/model_protocol_algorithms.go
new file mode 100644
index 000000000..8bf865675
--- /dev/null
+++ b/okta/model_protocol_algorithms.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProtocolAlgorithms struct for ProtocolAlgorithms
+type ProtocolAlgorithms struct {
+	Request              *ProtocolAlgorithmType `json:"request,omitempty"`
+	Response             *ProtocolAlgorithmType `json:"response,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProtocolAlgorithms ProtocolAlgorithms
+
+// NewProtocolAlgorithms instantiates a new ProtocolAlgorithms object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocolAlgorithms() *ProtocolAlgorithms {
+	this := ProtocolAlgorithms{}
+	return &this
+}
+
+// NewProtocolAlgorithmsWithDefaults instantiates a new ProtocolAlgorithms object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolAlgorithmsWithDefaults() *ProtocolAlgorithms {
+	this := ProtocolAlgorithms{}
+	return &this
+}
+
+// GetRequest returns the Request field value if set, zero value otherwise.
+func (o *ProtocolAlgorithms) GetRequest() ProtocolAlgorithmType {
+	if o == nil || o.Request == nil {
+		var ret ProtocolAlgorithmType
+		return ret
+	}
+	return *o.Request
+}
+
+// GetRequestOk returns a tuple with the Request field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolAlgorithms) GetRequestOk() (*ProtocolAlgorithmType, bool) {
+	if o == nil || o.Request == nil {
+		return nil, false
+	}
+	return o.Request, true
+}
+
+// HasRequest returns a boolean if a field has been set.
+func (o *ProtocolAlgorithms) HasRequest() bool {
+	if o != nil && o.Request != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequest gets a reference to the given ProtocolAlgorithmType and assigns it to the Request field.
+func (o *ProtocolAlgorithms) SetRequest(v ProtocolAlgorithmType) {
+	o.Request = &v
+}
+
+// GetResponse returns the Response field value if set, zero value otherwise.
+func (o *ProtocolAlgorithms) GetResponse() ProtocolAlgorithmType {
+	if o == nil || o.Response == nil {
+		var ret ProtocolAlgorithmType
+		return ret
+	}
+	return *o.Response
+}
+
+// GetResponseOk returns a tuple with the Response field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolAlgorithms) GetResponseOk() (*ProtocolAlgorithmType, bool) {
+	if o == nil || o.Response == nil {
+		return nil, false
+	}
+	return o.Response, true
+}
+
+// HasResponse returns a boolean if a field has been set.
+func (o *ProtocolAlgorithms) HasResponse() bool {
+	if o != nil && o.Response != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResponse gets a reference to the given ProtocolAlgorithmType and assigns it to the Response field.
+func (o *ProtocolAlgorithms) SetResponse(v ProtocolAlgorithmType) {
+	o.Response = &v
+}
+
+func (o ProtocolAlgorithms) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Request != nil {
+		toSerialize["request"] = o.Request
+	}
+	if o.Response != nil {
+		toSerialize["response"] = o.Response
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProtocolAlgorithms) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocolAlgorithms := _ProtocolAlgorithms{}
+
+	err = json.Unmarshal(bytes, &varProtocolAlgorithms)
+	if err == nil {
+		*o = ProtocolAlgorithms(varProtocolAlgorithms)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "request")
+		delete(additionalProperties, "response")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocolAlgorithms struct {
+	value *ProtocolAlgorithms
+	isSet bool
+}
+
+func (v NullableProtocolAlgorithms) Get() *ProtocolAlgorithms {
+	return v.value
+}
+
+func (v *NullableProtocolAlgorithms) Set(val *ProtocolAlgorithms) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolAlgorithms) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolAlgorithms) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolAlgorithms(val *ProtocolAlgorithms) *NullableProtocolAlgorithms {
+	return &NullableProtocolAlgorithms{value: val, isSet: true}
+}
+
+func (v NullableProtocolAlgorithms) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolAlgorithms) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_endpoint.go b/okta/model_protocol_endpoint.go
new file mode 100644
index 000000000..2645c392c
--- /dev/null
+++ b/okta/model_protocol_endpoint.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProtocolEndpoint struct for ProtocolEndpoint
+type ProtocolEndpoint struct {
+	Binding              *ProtocolEndpointBinding `json:"binding,omitempty"`
+	Destination          *string                  `json:"destination,omitempty"`
+	Type                 *ProtocolEndpointType    `json:"type,omitempty"`
+	Url                  *string                  `json:"url,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProtocolEndpoint ProtocolEndpoint
+
+// NewProtocolEndpoint instantiates a new ProtocolEndpoint object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocolEndpoint() *ProtocolEndpoint {
+	this := ProtocolEndpoint{}
+	return &this
+}
+
+// NewProtocolEndpointWithDefaults instantiates a new ProtocolEndpoint object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolEndpointWithDefaults() *ProtocolEndpoint {
+	this := ProtocolEndpoint{}
+	return &this
+}
+
+// GetBinding returns the Binding field value if set, zero value otherwise.
+func (o *ProtocolEndpoint) GetBinding() ProtocolEndpointBinding {
+	if o == nil || o.Binding == nil {
+		var ret ProtocolEndpointBinding
+		return ret
+	}
+	return *o.Binding
+}
+
+// GetBindingOk returns a tuple with the Binding field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoint) GetBindingOk() (*ProtocolEndpointBinding, bool) {
+	if o == nil || o.Binding == nil {
+		return nil, false
+	}
+	return o.Binding, true
+}
+
+// HasBinding returns a boolean if a field has been set.
+func (o *ProtocolEndpoint) HasBinding() bool {
+	if o != nil && o.Binding != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBinding gets a reference to the given ProtocolEndpointBinding and assigns it to the Binding field.
+func (o *ProtocolEndpoint) SetBinding(v ProtocolEndpointBinding) {
+	o.Binding = &v
+}
+
+// GetDestination returns the Destination field value if set, zero value otherwise.
+func (o *ProtocolEndpoint) GetDestination() string {
+	if o == nil || o.Destination == nil {
+		var ret string
+		return ret
+	}
+	return *o.Destination
+}
+
+// GetDestinationOk returns a tuple with the Destination field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoint) GetDestinationOk() (*string, bool) {
+	if o == nil || o.Destination == nil {
+		return nil, false
+	}
+	return o.Destination, true
+}
+
+// HasDestination returns a boolean if a field has been set.
+func (o *ProtocolEndpoint) HasDestination() bool {
+	if o != nil && o.Destination != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDestination gets a reference to the given string and assigns it to the Destination field.
+func (o *ProtocolEndpoint) SetDestination(v string) {
+	o.Destination = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *ProtocolEndpoint) GetType() ProtocolEndpointType {
+	if o == nil || o.Type == nil {
+		var ret ProtocolEndpointType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoint) GetTypeOk() (*ProtocolEndpointType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *ProtocolEndpoint) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given ProtocolEndpointType and assigns it to the Type field.
+func (o *ProtocolEndpoint) SetType(v ProtocolEndpointType) {
+	o.Type = &v
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *ProtocolEndpoint) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoint) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *ProtocolEndpoint) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *ProtocolEndpoint) SetUrl(v string) {
+	o.Url = &v
+}
+
+func (o ProtocolEndpoint) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Binding != nil {
+		toSerialize["binding"] = o.Binding
+	}
+	if o.Destination != nil {
+		toSerialize["destination"] = o.Destination
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProtocolEndpoint) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocolEndpoint := _ProtocolEndpoint{}
+
+	err = json.Unmarshal(bytes, &varProtocolEndpoint)
+	if err == nil {
+		*o = ProtocolEndpoint(varProtocolEndpoint)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "binding")
+		delete(additionalProperties, "destination")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "url")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocolEndpoint struct {
+	value *ProtocolEndpoint
+	isSet bool
+}
+
+func (v NullableProtocolEndpoint) Get() *ProtocolEndpoint {
+	return v.value
+}
+
+func (v *NullableProtocolEndpoint) Set(val *ProtocolEndpoint) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolEndpoint) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolEndpoint) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolEndpoint(val *ProtocolEndpoint) *NullableProtocolEndpoint {
+	return &NullableProtocolEndpoint{value: val, isSet: true}
+}
+
+func (v NullableProtocolEndpoint) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolEndpoint) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_endpoint_binding.go b/okta/model_protocol_endpoint_binding.go
new file mode 100644
index 000000000..ccc77dc4c
--- /dev/null
+++ b/okta/model_protocol_endpoint_binding.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProtocolEndpointBinding the model 'ProtocolEndpointBinding'
+type ProtocolEndpointBinding string
+
+// List of ProtocolEndpointBinding
+const (
+	PROTOCOLENDPOINTBINDING_POST     ProtocolEndpointBinding = "HTTP-POST"
+	PROTOCOLENDPOINTBINDING_REDIRECT ProtocolEndpointBinding = "HTTP-REDIRECT"
+)
+
+// All allowed values of ProtocolEndpointBinding enum
+var AllowedProtocolEndpointBindingEnumValues = []ProtocolEndpointBinding{
+	"HTTP-POST",
+	"HTTP-REDIRECT",
+}
+
+func (v *ProtocolEndpointBinding) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProtocolEndpointBinding(value)
+	for _, existing := range AllowedProtocolEndpointBindingEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProtocolEndpointBinding", value)
+}
+
+// NewProtocolEndpointBindingFromValue returns a pointer to a valid ProtocolEndpointBinding
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProtocolEndpointBindingFromValue(v string) (*ProtocolEndpointBinding, error) {
+	ev := ProtocolEndpointBinding(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProtocolEndpointBinding: valid values are %v", v, AllowedProtocolEndpointBindingEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProtocolEndpointBinding) IsValid() bool {
+	for _, existing := range AllowedProtocolEndpointBindingEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProtocolEndpointBinding value
+func (v ProtocolEndpointBinding) Ptr() *ProtocolEndpointBinding {
+	return &v
+}
+
+type NullableProtocolEndpointBinding struct {
+	value *ProtocolEndpointBinding
+	isSet bool
+}
+
+func (v NullableProtocolEndpointBinding) Get() *ProtocolEndpointBinding {
+	return v.value
+}
+
+func (v *NullableProtocolEndpointBinding) Set(val *ProtocolEndpointBinding) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolEndpointBinding) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolEndpointBinding) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolEndpointBinding(val *ProtocolEndpointBinding) *NullableProtocolEndpointBinding {
+	return &NullableProtocolEndpointBinding{value: val, isSet: true}
+}
+
+func (v NullableProtocolEndpointBinding) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolEndpointBinding) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_endpoint_type.go b/okta/model_protocol_endpoint_type.go
new file mode 100644
index 000000000..a58476665
--- /dev/null
+++ b/okta/model_protocol_endpoint_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProtocolEndpointType the model 'ProtocolEndpointType'
+type ProtocolEndpointType string
+
+// List of ProtocolEndpointType
+const (
+	PROTOCOLENDPOINTTYPE_INSTANCE ProtocolEndpointType = "INSTANCE"
+	PROTOCOLENDPOINTTYPE_ORG      ProtocolEndpointType = "ORG"
+)
+
+// All allowed values of ProtocolEndpointType enum
+var AllowedProtocolEndpointTypeEnumValues = []ProtocolEndpointType{
+	"INSTANCE",
+	"ORG",
+}
+
+func (v *ProtocolEndpointType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProtocolEndpointType(value)
+	for _, existing := range AllowedProtocolEndpointTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProtocolEndpointType", value)
+}
+
+// NewProtocolEndpointTypeFromValue returns a pointer to a valid ProtocolEndpointType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProtocolEndpointTypeFromValue(v string) (*ProtocolEndpointType, error) {
+	ev := ProtocolEndpointType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProtocolEndpointType: valid values are %v", v, AllowedProtocolEndpointTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProtocolEndpointType) IsValid() bool {
+	for _, existing := range AllowedProtocolEndpointTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProtocolEndpointType value
+func (v ProtocolEndpointType) Ptr() *ProtocolEndpointType {
+	return &v
+}
+
+type NullableProtocolEndpointType struct {
+	value *ProtocolEndpointType
+	isSet bool
+}
+
+func (v NullableProtocolEndpointType) Get() *ProtocolEndpointType {
+	return v.value
+}
+
+func (v *NullableProtocolEndpointType) Set(val *ProtocolEndpointType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolEndpointType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolEndpointType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolEndpointType(val *ProtocolEndpointType) *NullableProtocolEndpointType {
+	return &NullableProtocolEndpointType{value: val, isSet: true}
+}
+
+func (v NullableProtocolEndpointType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolEndpointType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_endpoints.go b/okta/model_protocol_endpoints.go
new file mode 100644
index 000000000..bcc9bddc4
--- /dev/null
+++ b/okta/model_protocol_endpoints.go
@@ -0,0 +1,417 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProtocolEndpoints struct for ProtocolEndpoints
+type ProtocolEndpoints struct {
+	Acs                  *ProtocolEndpoint `json:"acs,omitempty"`
+	Authorization        *ProtocolEndpoint `json:"authorization,omitempty"`
+	Jwks                 *ProtocolEndpoint `json:"jwks,omitempty"`
+	Metadata             *ProtocolEndpoint `json:"metadata,omitempty"`
+	Slo                  *ProtocolEndpoint `json:"slo,omitempty"`
+	Sso                  *ProtocolEndpoint `json:"sso,omitempty"`
+	Token                *ProtocolEndpoint `json:"token,omitempty"`
+	UserInfo             *ProtocolEndpoint `json:"userInfo,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProtocolEndpoints ProtocolEndpoints
+
+// NewProtocolEndpoints instantiates a new ProtocolEndpoints object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocolEndpoints() *ProtocolEndpoints {
+	this := ProtocolEndpoints{}
+	return &this
+}
+
+// NewProtocolEndpointsWithDefaults instantiates a new ProtocolEndpoints object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolEndpointsWithDefaults() *ProtocolEndpoints {
+	this := ProtocolEndpoints{}
+	return &this
+}
+
+// GetAcs returns the Acs field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetAcs() ProtocolEndpoint {
+	if o == nil || o.Acs == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Acs
+}
+
+// GetAcsOk returns a tuple with the Acs field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetAcsOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Acs == nil {
+		return nil, false
+	}
+	return o.Acs, true
+}
+
+// HasAcs returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasAcs() bool {
+	if o != nil && o.Acs != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAcs gets a reference to the given ProtocolEndpoint and assigns it to the Acs field.
+func (o *ProtocolEndpoints) SetAcs(v ProtocolEndpoint) {
+	o.Acs = &v
+}
+
+// GetAuthorization returns the Authorization field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetAuthorization() ProtocolEndpoint {
+	if o == nil || o.Authorization == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Authorization
+}
+
+// GetAuthorizationOk returns a tuple with the Authorization field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetAuthorizationOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Authorization == nil {
+		return nil, false
+	}
+	return o.Authorization, true
+}
+
+// HasAuthorization returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasAuthorization() bool {
+	if o != nil && o.Authorization != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthorization gets a reference to the given ProtocolEndpoint and assigns it to the Authorization field.
+func (o *ProtocolEndpoints) SetAuthorization(v ProtocolEndpoint) {
+	o.Authorization = &v
+}
+
+// GetJwks returns the Jwks field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetJwks() ProtocolEndpoint {
+	if o == nil || o.Jwks == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Jwks
+}
+
+// GetJwksOk returns a tuple with the Jwks field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetJwksOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Jwks == nil {
+		return nil, false
+	}
+	return o.Jwks, true
+}
+
+// HasJwks returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasJwks() bool {
+	if o != nil && o.Jwks != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetJwks gets a reference to the given ProtocolEndpoint and assigns it to the Jwks field.
+func (o *ProtocolEndpoints) SetJwks(v ProtocolEndpoint) {
+	o.Jwks = &v
+}
+
+// GetMetadata returns the Metadata field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetMetadata() ProtocolEndpoint {
+	if o == nil || o.Metadata == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Metadata
+}
+
+// GetMetadataOk returns a tuple with the Metadata field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetMetadataOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Metadata == nil {
+		return nil, false
+	}
+	return o.Metadata, true
+}
+
+// HasMetadata returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasMetadata() bool {
+	if o != nil && o.Metadata != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMetadata gets a reference to the given ProtocolEndpoint and assigns it to the Metadata field.
+func (o *ProtocolEndpoints) SetMetadata(v ProtocolEndpoint) {
+	o.Metadata = &v
+}
+
+// GetSlo returns the Slo field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetSlo() ProtocolEndpoint {
+	if o == nil || o.Slo == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Slo
+}
+
+// GetSloOk returns a tuple with the Slo field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetSloOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Slo == nil {
+		return nil, false
+	}
+	return o.Slo, true
+}
+
+// HasSlo returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasSlo() bool {
+	if o != nil && o.Slo != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSlo gets a reference to the given ProtocolEndpoint and assigns it to the Slo field.
+func (o *ProtocolEndpoints) SetSlo(v ProtocolEndpoint) {
+	o.Slo = &v
+}
+
+// GetSso returns the Sso field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetSso() ProtocolEndpoint {
+	if o == nil || o.Sso == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Sso
+}
+
+// GetSsoOk returns a tuple with the Sso field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetSsoOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Sso == nil {
+		return nil, false
+	}
+	return o.Sso, true
+}
+
+// HasSso returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasSso() bool {
+	if o != nil && o.Sso != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSso gets a reference to the given ProtocolEndpoint and assigns it to the Sso field.
+func (o *ProtocolEndpoints) SetSso(v ProtocolEndpoint) {
+	o.Sso = &v
+}
+
+// GetToken returns the Token field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetToken() ProtocolEndpoint {
+	if o == nil || o.Token == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.Token
+}
+
+// GetTokenOk returns a tuple with the Token field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetTokenOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.Token == nil {
+		return nil, false
+	}
+	return o.Token, true
+}
+
+// HasToken returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasToken() bool {
+	if o != nil && o.Token != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetToken gets a reference to the given ProtocolEndpoint and assigns it to the Token field.
+func (o *ProtocolEndpoints) SetToken(v ProtocolEndpoint) {
+	o.Token = &v
+}
+
+// GetUserInfo returns the UserInfo field value if set, zero value otherwise.
+func (o *ProtocolEndpoints) GetUserInfo() ProtocolEndpoint {
+	if o == nil || o.UserInfo == nil {
+		var ret ProtocolEndpoint
+		return ret
+	}
+	return *o.UserInfo
+}
+
+// GetUserInfoOk returns a tuple with the UserInfo field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolEndpoints) GetUserInfoOk() (*ProtocolEndpoint, bool) {
+	if o == nil || o.UserInfo == nil {
+		return nil, false
+	}
+	return o.UserInfo, true
+}
+
+// HasUserInfo returns a boolean if a field has been set.
+func (o *ProtocolEndpoints) HasUserInfo() bool {
+	if o != nil && o.UserInfo != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserInfo gets a reference to the given ProtocolEndpoint and assigns it to the UserInfo field.
+func (o *ProtocolEndpoints) SetUserInfo(v ProtocolEndpoint) {
+	o.UserInfo = &v
+}
+
+func (o ProtocolEndpoints) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Acs != nil {
+		toSerialize["acs"] = o.Acs
+	}
+	if o.Authorization != nil {
+		toSerialize["authorization"] = o.Authorization
+	}
+	if o.Jwks != nil {
+		toSerialize["jwks"] = o.Jwks
+	}
+	if o.Metadata != nil {
+		toSerialize["metadata"] = o.Metadata
+	}
+	if o.Slo != nil {
+		toSerialize["slo"] = o.Slo
+	}
+	if o.Sso != nil {
+		toSerialize["sso"] = o.Sso
+	}
+	if o.Token != nil {
+		toSerialize["token"] = o.Token
+	}
+	if o.UserInfo != nil {
+		toSerialize["userInfo"] = o.UserInfo
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProtocolEndpoints) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocolEndpoints := _ProtocolEndpoints{}
+
+	err = json.Unmarshal(bytes, &varProtocolEndpoints)
+	if err == nil {
+		*o = ProtocolEndpoints(varProtocolEndpoints)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "acs")
+		delete(additionalProperties, "authorization")
+		delete(additionalProperties, "jwks")
+		delete(additionalProperties, "metadata")
+		delete(additionalProperties, "slo")
+		delete(additionalProperties, "sso")
+		delete(additionalProperties, "token")
+		delete(additionalProperties, "userInfo")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocolEndpoints struct {
+	value *ProtocolEndpoints
+	isSet bool
+}
+
+func (v NullableProtocolEndpoints) Get() *ProtocolEndpoints {
+	return v.value
+}
+
+func (v *NullableProtocolEndpoints) Set(val *ProtocolEndpoints) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolEndpoints) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolEndpoints) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolEndpoints(val *ProtocolEndpoints) *NullableProtocolEndpoints {
+	return &NullableProtocolEndpoints{value: val, isSet: true}
+}
+
+func (v NullableProtocolEndpoints) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolEndpoints) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_relay_state.go b/okta/model_protocol_relay_state.go
new file mode 100644
index 000000000..92f997225
--- /dev/null
+++ b/okta/model_protocol_relay_state.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProtocolRelayState struct for ProtocolRelayState
+type ProtocolRelayState struct {
+	Format               *ProtocolRelayStateFormat `json:"format,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProtocolRelayState ProtocolRelayState
+
+// NewProtocolRelayState instantiates a new ProtocolRelayState object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocolRelayState() *ProtocolRelayState {
+	this := ProtocolRelayState{}
+	return &this
+}
+
+// NewProtocolRelayStateWithDefaults instantiates a new ProtocolRelayState object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolRelayStateWithDefaults() *ProtocolRelayState {
+	this := ProtocolRelayState{}
+	return &this
+}
+
+// GetFormat returns the Format field value if set, zero value otherwise.
+func (o *ProtocolRelayState) GetFormat() ProtocolRelayStateFormat {
+	if o == nil || o.Format == nil {
+		var ret ProtocolRelayStateFormat
+		return ret
+	}
+	return *o.Format
+}
+
+// GetFormatOk returns a tuple with the Format field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolRelayState) GetFormatOk() (*ProtocolRelayStateFormat, bool) {
+	if o == nil || o.Format == nil {
+		return nil, false
+	}
+	return o.Format, true
+}
+
+// HasFormat returns a boolean if a field has been set.
+func (o *ProtocolRelayState) HasFormat() bool {
+	if o != nil && o.Format != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFormat gets a reference to the given ProtocolRelayStateFormat and assigns it to the Format field.
+func (o *ProtocolRelayState) SetFormat(v ProtocolRelayStateFormat) {
+	o.Format = &v
+}
+
+func (o ProtocolRelayState) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Format != nil {
+		toSerialize["format"] = o.Format
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProtocolRelayState) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocolRelayState := _ProtocolRelayState{}
+
+	err = json.Unmarshal(bytes, &varProtocolRelayState)
+	if err == nil {
+		*o = ProtocolRelayState(varProtocolRelayState)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "format")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocolRelayState struct {
+	value *ProtocolRelayState
+	isSet bool
+}
+
+func (v NullableProtocolRelayState) Get() *ProtocolRelayState {
+	return v.value
+}
+
+func (v *NullableProtocolRelayState) Set(val *ProtocolRelayState) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolRelayState) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolRelayState) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolRelayState(val *ProtocolRelayState) *NullableProtocolRelayState {
+	return &NullableProtocolRelayState{value: val, isSet: true}
+}
+
+func (v NullableProtocolRelayState) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolRelayState) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_relay_state_format.go b/okta/model_protocol_relay_state_format.go
new file mode 100644
index 000000000..ffb3c54e8
--- /dev/null
+++ b/okta/model_protocol_relay_state_format.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProtocolRelayStateFormat the model 'ProtocolRelayStateFormat'
+type ProtocolRelayStateFormat string
+
+// List of ProtocolRelayStateFormat
+const (
+	PROTOCOLRELAYSTATEFORMAT_FROM_URL ProtocolRelayStateFormat = "FROM_URL"
+	PROTOCOLRELAYSTATEFORMAT_OPAQUE   ProtocolRelayStateFormat = "OPAQUE"
+)
+
+// All allowed values of ProtocolRelayStateFormat enum
+var AllowedProtocolRelayStateFormatEnumValues = []ProtocolRelayStateFormat{
+	"FROM_URL",
+	"OPAQUE",
+}
+
+func (v *ProtocolRelayStateFormat) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProtocolRelayStateFormat(value)
+	for _, existing := range AllowedProtocolRelayStateFormatEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProtocolRelayStateFormat", value)
+}
+
+// NewProtocolRelayStateFormatFromValue returns a pointer to a valid ProtocolRelayStateFormat
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProtocolRelayStateFormatFromValue(v string) (*ProtocolRelayStateFormat, error) {
+	ev := ProtocolRelayStateFormat(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProtocolRelayStateFormat: valid values are %v", v, AllowedProtocolRelayStateFormatEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProtocolRelayStateFormat) IsValid() bool {
+	for _, existing := range AllowedProtocolRelayStateFormatEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProtocolRelayStateFormat value
+func (v ProtocolRelayStateFormat) Ptr() *ProtocolRelayStateFormat {
+	return &v
+}
+
+type NullableProtocolRelayStateFormat struct {
+	value *ProtocolRelayStateFormat
+	isSet bool
+}
+
+func (v NullableProtocolRelayStateFormat) Get() *ProtocolRelayStateFormat {
+	return v.value
+}
+
+func (v *NullableProtocolRelayStateFormat) Set(val *ProtocolRelayStateFormat) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolRelayStateFormat) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolRelayStateFormat) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolRelayStateFormat(val *ProtocolRelayStateFormat) *NullableProtocolRelayStateFormat {
+	return &NullableProtocolRelayStateFormat{value: val, isSet: true}
+}
+
+func (v NullableProtocolRelayStateFormat) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolRelayStateFormat) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_settings.go b/okta/model_protocol_settings.go
new file mode 100644
index 000000000..45a70e239
--- /dev/null
+++ b/okta/model_protocol_settings.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProtocolSettings struct for ProtocolSettings
+type ProtocolSettings struct {
+	NameFormat           *string `json:"nameFormat,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProtocolSettings ProtocolSettings
+
+// NewProtocolSettings instantiates a new ProtocolSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProtocolSettings() *ProtocolSettings {
+	this := ProtocolSettings{}
+	return &this
+}
+
+// NewProtocolSettingsWithDefaults instantiates a new ProtocolSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProtocolSettingsWithDefaults() *ProtocolSettings {
+	this := ProtocolSettings{}
+	return &this
+}
+
+// GetNameFormat returns the NameFormat field value if set, zero value otherwise.
+func (o *ProtocolSettings) GetNameFormat() string {
+	if o == nil || o.NameFormat == nil {
+		var ret string
+		return ret
+	}
+	return *o.NameFormat
+}
+
+// GetNameFormatOk returns a tuple with the NameFormat field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProtocolSettings) GetNameFormatOk() (*string, bool) {
+	if o == nil || o.NameFormat == nil {
+		return nil, false
+	}
+	return o.NameFormat, true
+}
+
+// HasNameFormat returns a boolean if a field has been set.
+func (o *ProtocolSettings) HasNameFormat() bool {
+	if o != nil && o.NameFormat != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNameFormat gets a reference to the given string and assigns it to the NameFormat field.
+func (o *ProtocolSettings) SetNameFormat(v string) {
+	o.NameFormat = &v
+}
+
+func (o ProtocolSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.NameFormat != nil {
+		toSerialize["nameFormat"] = o.NameFormat
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProtocolSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varProtocolSettings := _ProtocolSettings{}
+
+	err = json.Unmarshal(bytes, &varProtocolSettings)
+	if err == nil {
+		*o = ProtocolSettings(varProtocolSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "nameFormat")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProtocolSettings struct {
+	value *ProtocolSettings
+	isSet bool
+}
+
+func (v NullableProtocolSettings) Get() *ProtocolSettings {
+	return v.value
+}
+
+func (v *NullableProtocolSettings) Set(val *ProtocolSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolSettings(val *ProtocolSettings) *NullableProtocolSettings {
+	return &NullableProtocolSettings{value: val, isSet: true}
+}
+
+func (v NullableProtocolSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_protocol_type.go b/okta/model_protocol_type.go
new file mode 100644
index 000000000..d4b923ab2
--- /dev/null
+++ b/okta/model_protocol_type.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProtocolType the model 'ProtocolType'
+type ProtocolType string
+
+// List of ProtocolType
+const (
+	PROTOCOLTYPE_MTLS   ProtocolType = "MTLS"
+	PROTOCOLTYPE_OAUTH2 ProtocolType = "OAUTH2"
+	PROTOCOLTYPE_OIDC   ProtocolType = "OIDC"
+	PROTOCOLTYPE_SAML2  ProtocolType = "SAML2"
+)
+
+// All allowed values of ProtocolType enum
+var AllowedProtocolTypeEnumValues = []ProtocolType{
+	"MTLS",
+	"OAUTH2",
+	"OIDC",
+	"SAML2",
+}
+
+func (v *ProtocolType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProtocolType(value)
+	for _, existing := range AllowedProtocolTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProtocolType", value)
+}
+
+// NewProtocolTypeFromValue returns a pointer to a valid ProtocolType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProtocolTypeFromValue(v string) (*ProtocolType, error) {
+	ev := ProtocolType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProtocolType: valid values are %v", v, AllowedProtocolTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProtocolType) IsValid() bool {
+	for _, existing := range AllowedProtocolTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProtocolType value
+func (v ProtocolType) Ptr() *ProtocolType {
+	return &v
+}
+
+type NullableProtocolType struct {
+	value *ProtocolType
+	isSet bool
+}
+
+func (v NullableProtocolType) Get() *ProtocolType {
+	return v.value
+}
+
+func (v *NullableProtocolType) Set(val *ProtocolType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProtocolType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProtocolType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProtocolType(val *ProtocolType) *NullableProtocolType {
+	return &NullableProtocolType{value: val, isSet: true}
+}
+
+func (v NullableProtocolType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProtocolType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provider_type.go b/okta/model_provider_type.go
new file mode 100644
index 000000000..dff39853e
--- /dev/null
+++ b/okta/model_provider_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProviderType the model 'ProviderType'
+type ProviderType string
+
+// List of ProviderType
+const (
+	PROVIDERTYPE_APNS ProviderType = "APNS"
+	PROVIDERTYPE_FCM  ProviderType = "FCM"
+)
+
+// All allowed values of ProviderType enum
+var AllowedProviderTypeEnumValues = []ProviderType{
+	"APNS",
+	"FCM",
+}
+
+func (v *ProviderType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProviderType(value)
+	for _, existing := range AllowedProviderTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProviderType", value)
+}
+
+// NewProviderTypeFromValue returns a pointer to a valid ProviderType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProviderTypeFromValue(v string) (*ProviderType, error) {
+	ev := ProviderType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProviderType: valid values are %v", v, AllowedProviderTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProviderType) IsValid() bool {
+	for _, existing := range AllowedProviderTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProviderType value
+func (v ProviderType) Ptr() *ProviderType {
+	return &v
+}
+
+type NullableProviderType struct {
+	value *ProviderType
+	isSet bool
+}
+
+func (v NullableProviderType) Get() *ProviderType {
+	return v.value
+}
+
+func (v *NullableProviderType) Set(val *ProviderType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProviderType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProviderType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProviderType(val *ProviderType) *NullableProviderType {
+	return &NullableProviderType{value: val, isSet: true}
+}
+
+func (v NullableProviderType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProviderType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning.go b/okta/model_provisioning.go
new file mode 100644
index 000000000..a07147b36
--- /dev/null
+++ b/okta/model_provisioning.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Provisioning struct for Provisioning
+type Provisioning struct {
+	Action               *ProvisioningAction     `json:"action,omitempty"`
+	Conditions           *ProvisioningConditions `json:"conditions,omitempty"`
+	Groups               *ProvisioningGroups     `json:"groups,omitempty"`
+	ProfileMaster        *bool                   `json:"profileMaster,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Provisioning Provisioning
+
+// NewProvisioning instantiates a new Provisioning object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioning() *Provisioning {
+	this := Provisioning{}
+	return &this
+}
+
+// NewProvisioningWithDefaults instantiates a new Provisioning object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningWithDefaults() *Provisioning {
+	this := Provisioning{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *Provisioning) GetAction() ProvisioningAction {
+	if o == nil || o.Action == nil {
+		var ret ProvisioningAction
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Provisioning) GetActionOk() (*ProvisioningAction, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *Provisioning) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given ProvisioningAction and assigns it to the Action field.
+func (o *Provisioning) SetAction(v ProvisioningAction) {
+	o.Action = &v
+}
+
+// GetConditions returns the Conditions field value if set, zero value otherwise.
+func (o *Provisioning) GetConditions() ProvisioningConditions {
+	if o == nil || o.Conditions == nil {
+		var ret ProvisioningConditions
+		return ret
+	}
+	return *o.Conditions
+}
+
+// GetConditionsOk returns a tuple with the Conditions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Provisioning) GetConditionsOk() (*ProvisioningConditions, bool) {
+	if o == nil || o.Conditions == nil {
+		return nil, false
+	}
+	return o.Conditions, true
+}
+
+// HasConditions returns a boolean if a field has been set.
+func (o *Provisioning) HasConditions() bool {
+	if o != nil && o.Conditions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConditions gets a reference to the given ProvisioningConditions and assigns it to the Conditions field.
+func (o *Provisioning) SetConditions(v ProvisioningConditions) {
+	o.Conditions = &v
+}
+
+// GetGroups returns the Groups field value if set, zero value otherwise.
+func (o *Provisioning) GetGroups() ProvisioningGroups {
+	if o == nil || o.Groups == nil {
+		var ret ProvisioningGroups
+		return ret
+	}
+	return *o.Groups
+}
+
+// GetGroupsOk returns a tuple with the Groups field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Provisioning) GetGroupsOk() (*ProvisioningGroups, bool) {
+	if o == nil || o.Groups == nil {
+		return nil, false
+	}
+	return o.Groups, true
+}
+
+// HasGroups returns a boolean if a field has been set.
+func (o *Provisioning) HasGroups() bool {
+	if o != nil && o.Groups != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroups gets a reference to the given ProvisioningGroups and assigns it to the Groups field.
+func (o *Provisioning) SetGroups(v ProvisioningGroups) {
+	o.Groups = &v
+}
+
+// GetProfileMaster returns the ProfileMaster field value if set, zero value otherwise.
+func (o *Provisioning) GetProfileMaster() bool {
+	if o == nil || o.ProfileMaster == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ProfileMaster
+}
+
+// GetProfileMasterOk returns a tuple with the ProfileMaster field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Provisioning) GetProfileMasterOk() (*bool, bool) {
+	if o == nil || o.ProfileMaster == nil {
+		return nil, false
+	}
+	return o.ProfileMaster, true
+}
+
+// HasProfileMaster returns a boolean if a field has been set.
+func (o *Provisioning) HasProfileMaster() bool {
+	if o != nil && o.ProfileMaster != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfileMaster gets a reference to the given bool and assigns it to the ProfileMaster field.
+func (o *Provisioning) SetProfileMaster(v bool) {
+	o.ProfileMaster = &v
+}
+
+func (o Provisioning) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+	if o.Conditions != nil {
+		toSerialize["conditions"] = o.Conditions
+	}
+	if o.Groups != nil {
+		toSerialize["groups"] = o.Groups
+	}
+	if o.ProfileMaster != nil {
+		toSerialize["profileMaster"] = o.ProfileMaster
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Provisioning) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioning := _Provisioning{}
+
+	err = json.Unmarshal(bytes, &varProvisioning)
+	if err == nil {
+		*o = Provisioning(varProvisioning)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		delete(additionalProperties, "conditions")
+		delete(additionalProperties, "groups")
+		delete(additionalProperties, "profileMaster")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioning struct {
+	value *Provisioning
+	isSet bool
+}
+
+func (v NullableProvisioning) Get() *Provisioning {
+	return v.value
+}
+
+func (v *NullableProvisioning) Set(val *Provisioning) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioning) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioning) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioning(val *Provisioning) *NullableProvisioning {
+	return &NullableProvisioning{value: val, isSet: true}
+}
+
+func (v NullableProvisioning) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioning) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_action.go b/okta/model_provisioning_action.go
new file mode 100644
index 000000000..471325e18
--- /dev/null
+++ b/okta/model_provisioning_action.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProvisioningAction the model 'ProvisioningAction'
+type ProvisioningAction string
+
+// List of ProvisioningAction
+const (
+	PROVISIONINGACTION_AUTO     ProvisioningAction = "AUTO"
+	PROVISIONINGACTION_CALLOUT  ProvisioningAction = "CALLOUT"
+	PROVISIONINGACTION_DISABLED ProvisioningAction = "DISABLED"
+)
+
+// All allowed values of ProvisioningAction enum
+var AllowedProvisioningActionEnumValues = []ProvisioningAction{
+	"AUTO",
+	"CALLOUT",
+	"DISABLED",
+}
+
+func (v *ProvisioningAction) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProvisioningAction(value)
+	for _, existing := range AllowedProvisioningActionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProvisioningAction", value)
+}
+
+// NewProvisioningActionFromValue returns a pointer to a valid ProvisioningAction
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProvisioningActionFromValue(v string) (*ProvisioningAction, error) {
+	ev := ProvisioningAction(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProvisioningAction: valid values are %v", v, AllowedProvisioningActionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProvisioningAction) IsValid() bool {
+	for _, existing := range AllowedProvisioningActionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProvisioningAction value
+func (v ProvisioningAction) Ptr() *ProvisioningAction {
+	return &v
+}
+
+type NullableProvisioningAction struct {
+	value *ProvisioningAction
+	isSet bool
+}
+
+func (v NullableProvisioningAction) Get() *ProvisioningAction {
+	return v.value
+}
+
+func (v *NullableProvisioningAction) Set(val *ProvisioningAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningAction(val *ProvisioningAction) *NullableProvisioningAction {
+	return &NullableProvisioningAction{value: val, isSet: true}
+}
+
+func (v NullableProvisioningAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_conditions.go b/okta/model_provisioning_conditions.go
new file mode 100644
index 000000000..ace20675b
--- /dev/null
+++ b/okta/model_provisioning_conditions.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProvisioningConditions struct for ProvisioningConditions
+type ProvisioningConditions struct {
+	Deprovisioned        *ProvisioningDeprovisionedCondition `json:"deprovisioned,omitempty"`
+	Suspended            *ProvisioningSuspendedCondition     `json:"suspended,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProvisioningConditions ProvisioningConditions
+
+// NewProvisioningConditions instantiates a new ProvisioningConditions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioningConditions() *ProvisioningConditions {
+	this := ProvisioningConditions{}
+	return &this
+}
+
+// NewProvisioningConditionsWithDefaults instantiates a new ProvisioningConditions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningConditionsWithDefaults() *ProvisioningConditions {
+	this := ProvisioningConditions{}
+	return &this
+}
+
+// GetDeprovisioned returns the Deprovisioned field value if set, zero value otherwise.
+func (o *ProvisioningConditions) GetDeprovisioned() ProvisioningDeprovisionedCondition {
+	if o == nil || o.Deprovisioned == nil {
+		var ret ProvisioningDeprovisionedCondition
+		return ret
+	}
+	return *o.Deprovisioned
+}
+
+// GetDeprovisionedOk returns a tuple with the Deprovisioned field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConditions) GetDeprovisionedOk() (*ProvisioningDeprovisionedCondition, bool) {
+	if o == nil || o.Deprovisioned == nil {
+		return nil, false
+	}
+	return o.Deprovisioned, true
+}
+
+// HasDeprovisioned returns a boolean if a field has been set.
+func (o *ProvisioningConditions) HasDeprovisioned() bool {
+	if o != nil && o.Deprovisioned != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeprovisioned gets a reference to the given ProvisioningDeprovisionedCondition and assigns it to the Deprovisioned field.
+func (o *ProvisioningConditions) SetDeprovisioned(v ProvisioningDeprovisionedCondition) {
+	o.Deprovisioned = &v
+}
+
+// GetSuspended returns the Suspended field value if set, zero value otherwise.
+func (o *ProvisioningConditions) GetSuspended() ProvisioningSuspendedCondition {
+	if o == nil || o.Suspended == nil {
+		var ret ProvisioningSuspendedCondition
+		return ret
+	}
+	return *o.Suspended
+}
+
+// GetSuspendedOk returns a tuple with the Suspended field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConditions) GetSuspendedOk() (*ProvisioningSuspendedCondition, bool) {
+	if o == nil || o.Suspended == nil {
+		return nil, false
+	}
+	return o.Suspended, true
+}
+
+// HasSuspended returns a boolean if a field has been set.
+func (o *ProvisioningConditions) HasSuspended() bool {
+	if o != nil && o.Suspended != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSuspended gets a reference to the given ProvisioningSuspendedCondition and assigns it to the Suspended field.
+func (o *ProvisioningConditions) SetSuspended(v ProvisioningSuspendedCondition) {
+	o.Suspended = &v
+}
+
+func (o ProvisioningConditions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Deprovisioned != nil {
+		toSerialize["deprovisioned"] = o.Deprovisioned
+	}
+	if o.Suspended != nil {
+		toSerialize["suspended"] = o.Suspended
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProvisioningConditions) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioningConditions := _ProvisioningConditions{}
+
+	err = json.Unmarshal(bytes, &varProvisioningConditions)
+	if err == nil {
+		*o = ProvisioningConditions(varProvisioningConditions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "deprovisioned")
+		delete(additionalProperties, "suspended")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioningConditions struct {
+	value *ProvisioningConditions
+	isSet bool
+}
+
+func (v NullableProvisioningConditions) Get() *ProvisioningConditions {
+	return v.value
+}
+
+func (v *NullableProvisioningConditions) Set(val *ProvisioningConditions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningConditions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningConditions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningConditions(val *ProvisioningConditions) *NullableProvisioningConditions {
+	return &NullableProvisioningConditions{value: val, isSet: true}
+}
+
+func (v NullableProvisioningConditions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningConditions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_connection.go b/okta/model_provisioning_connection.go
new file mode 100644
index 000000000..58857f6f5
--- /dev/null
+++ b/okta/model_provisioning_connection.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProvisioningConnection struct for ProvisioningConnection
+type ProvisioningConnection struct {
+	AuthScheme           *ProvisioningConnectionAuthScheme `json:"authScheme,omitempty"`
+	Status               *ProvisioningConnectionStatus     `json:"status,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProvisioningConnection ProvisioningConnection
+
+// NewProvisioningConnection instantiates a new ProvisioningConnection object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioningConnection() *ProvisioningConnection {
+	this := ProvisioningConnection{}
+	return &this
+}
+
+// NewProvisioningConnectionWithDefaults instantiates a new ProvisioningConnection object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningConnectionWithDefaults() *ProvisioningConnection {
+	this := ProvisioningConnection{}
+	return &this
+}
+
+// GetAuthScheme returns the AuthScheme field value if set, zero value otherwise.
+func (o *ProvisioningConnection) GetAuthScheme() ProvisioningConnectionAuthScheme {
+	if o == nil || o.AuthScheme == nil {
+		var ret ProvisioningConnectionAuthScheme
+		return ret
+	}
+	return *o.AuthScheme
+}
+
+// GetAuthSchemeOk returns a tuple with the AuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConnection) GetAuthSchemeOk() (*ProvisioningConnectionAuthScheme, bool) {
+	if o == nil || o.AuthScheme == nil {
+		return nil, false
+	}
+	return o.AuthScheme, true
+}
+
+// HasAuthScheme returns a boolean if a field has been set.
+func (o *ProvisioningConnection) HasAuthScheme() bool {
+	if o != nil && o.AuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthScheme gets a reference to the given ProvisioningConnectionAuthScheme and assigns it to the AuthScheme field.
+func (o *ProvisioningConnection) SetAuthScheme(v ProvisioningConnectionAuthScheme) {
+	o.AuthScheme = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *ProvisioningConnection) GetStatus() ProvisioningConnectionStatus {
+	if o == nil || o.Status == nil {
+		var ret ProvisioningConnectionStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConnection) GetStatusOk() (*ProvisioningConnectionStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *ProvisioningConnection) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given ProvisioningConnectionStatus and assigns it to the Status field.
+func (o *ProvisioningConnection) SetStatus(v ProvisioningConnectionStatus) {
+	o.Status = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ProvisioningConnection) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConnection) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ProvisioningConnection) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ProvisioningConnection) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ProvisioningConnection) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthScheme != nil {
+		toSerialize["authScheme"] = o.AuthScheme
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProvisioningConnection) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioningConnection := _ProvisioningConnection{}
+
+	err = json.Unmarshal(bytes, &varProvisioningConnection)
+	if err == nil {
+		*o = ProvisioningConnection(varProvisioningConnection)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authScheme")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioningConnection struct {
+	value *ProvisioningConnection
+	isSet bool
+}
+
+func (v NullableProvisioningConnection) Get() *ProvisioningConnection {
+	return v.value
+}
+
+func (v *NullableProvisioningConnection) Set(val *ProvisioningConnection) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningConnection) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningConnection) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningConnection(val *ProvisioningConnection) *NullableProvisioningConnection {
+	return &NullableProvisioningConnection{value: val, isSet: true}
+}
+
+func (v NullableProvisioningConnection) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningConnection) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_connection_auth_scheme.go b/okta/model_provisioning_connection_auth_scheme.go
new file mode 100644
index 000000000..c4a9ad0d3
--- /dev/null
+++ b/okta/model_provisioning_connection_auth_scheme.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProvisioningConnectionAuthScheme the model 'ProvisioningConnectionAuthScheme'
+type ProvisioningConnectionAuthScheme string
+
+// List of ProvisioningConnectionAuthScheme
+const (
+	PROVISIONINGCONNECTIONAUTHSCHEME_TOKEN   ProvisioningConnectionAuthScheme = "TOKEN"
+	PROVISIONINGCONNECTIONAUTHSCHEME_UNKNOWN ProvisioningConnectionAuthScheme = "UNKNOWN"
+)
+
+// All allowed values of ProvisioningConnectionAuthScheme enum
+var AllowedProvisioningConnectionAuthSchemeEnumValues = []ProvisioningConnectionAuthScheme{
+	"TOKEN",
+	"UNKNOWN",
+}
+
+func (v *ProvisioningConnectionAuthScheme) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProvisioningConnectionAuthScheme(value)
+	for _, existing := range AllowedProvisioningConnectionAuthSchemeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProvisioningConnectionAuthScheme", value)
+}
+
+// NewProvisioningConnectionAuthSchemeFromValue returns a pointer to a valid ProvisioningConnectionAuthScheme
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProvisioningConnectionAuthSchemeFromValue(v string) (*ProvisioningConnectionAuthScheme, error) {
+	ev := ProvisioningConnectionAuthScheme(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProvisioningConnectionAuthScheme: valid values are %v", v, AllowedProvisioningConnectionAuthSchemeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProvisioningConnectionAuthScheme) IsValid() bool {
+	for _, existing := range AllowedProvisioningConnectionAuthSchemeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProvisioningConnectionAuthScheme value
+func (v ProvisioningConnectionAuthScheme) Ptr() *ProvisioningConnectionAuthScheme {
+	return &v
+}
+
+type NullableProvisioningConnectionAuthScheme struct {
+	value *ProvisioningConnectionAuthScheme
+	isSet bool
+}
+
+func (v NullableProvisioningConnectionAuthScheme) Get() *ProvisioningConnectionAuthScheme {
+	return v.value
+}
+
+func (v *NullableProvisioningConnectionAuthScheme) Set(val *ProvisioningConnectionAuthScheme) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningConnectionAuthScheme) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningConnectionAuthScheme) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningConnectionAuthScheme(val *ProvisioningConnectionAuthScheme) *NullableProvisioningConnectionAuthScheme {
+	return &NullableProvisioningConnectionAuthScheme{value: val, isSet: true}
+}
+
+func (v NullableProvisioningConnectionAuthScheme) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningConnectionAuthScheme) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_connection_profile.go b/okta/model_provisioning_connection_profile.go
new file mode 100644
index 000000000..618414906
--- /dev/null
+++ b/okta/model_provisioning_connection_profile.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProvisioningConnectionProfile struct for ProvisioningConnectionProfile
+type ProvisioningConnectionProfile struct {
+	AuthScheme           *ProvisioningConnectionAuthScheme `json:"authScheme,omitempty"`
+	Token                *string                           `json:"token,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProvisioningConnectionProfile ProvisioningConnectionProfile
+
+// NewProvisioningConnectionProfile instantiates a new ProvisioningConnectionProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioningConnectionProfile() *ProvisioningConnectionProfile {
+	this := ProvisioningConnectionProfile{}
+	return &this
+}
+
+// NewProvisioningConnectionProfileWithDefaults instantiates a new ProvisioningConnectionProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningConnectionProfileWithDefaults() *ProvisioningConnectionProfile {
+	this := ProvisioningConnectionProfile{}
+	return &this
+}
+
+// GetAuthScheme returns the AuthScheme field value if set, zero value otherwise.
+func (o *ProvisioningConnectionProfile) GetAuthScheme() ProvisioningConnectionAuthScheme {
+	if o == nil || o.AuthScheme == nil {
+		var ret ProvisioningConnectionAuthScheme
+		return ret
+	}
+	return *o.AuthScheme
+}
+
+// GetAuthSchemeOk returns a tuple with the AuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConnectionProfile) GetAuthSchemeOk() (*ProvisioningConnectionAuthScheme, bool) {
+	if o == nil || o.AuthScheme == nil {
+		return nil, false
+	}
+	return o.AuthScheme, true
+}
+
+// HasAuthScheme returns a boolean if a field has been set.
+func (o *ProvisioningConnectionProfile) HasAuthScheme() bool {
+	if o != nil && o.AuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthScheme gets a reference to the given ProvisioningConnectionAuthScheme and assigns it to the AuthScheme field.
+func (o *ProvisioningConnectionProfile) SetAuthScheme(v ProvisioningConnectionAuthScheme) {
+	o.AuthScheme = &v
+}
+
+// GetToken returns the Token field value if set, zero value otherwise.
+func (o *ProvisioningConnectionProfile) GetToken() string {
+	if o == nil || o.Token == nil {
+		var ret string
+		return ret
+	}
+	return *o.Token
+}
+
+// GetTokenOk returns a tuple with the Token field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConnectionProfile) GetTokenOk() (*string, bool) {
+	if o == nil || o.Token == nil {
+		return nil, false
+	}
+	return o.Token, true
+}
+
+// HasToken returns a boolean if a field has been set.
+func (o *ProvisioningConnectionProfile) HasToken() bool {
+	if o != nil && o.Token != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetToken gets a reference to the given string and assigns it to the Token field.
+func (o *ProvisioningConnectionProfile) SetToken(v string) {
+	o.Token = &v
+}
+
+func (o ProvisioningConnectionProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthScheme != nil {
+		toSerialize["authScheme"] = o.AuthScheme
+	}
+	if o.Token != nil {
+		toSerialize["token"] = o.Token
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProvisioningConnectionProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioningConnectionProfile := _ProvisioningConnectionProfile{}
+
+	err = json.Unmarshal(bytes, &varProvisioningConnectionProfile)
+	if err == nil {
+		*o = ProvisioningConnectionProfile(varProvisioningConnectionProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authScheme")
+		delete(additionalProperties, "token")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioningConnectionProfile struct {
+	value *ProvisioningConnectionProfile
+	isSet bool
+}
+
+func (v NullableProvisioningConnectionProfile) Get() *ProvisioningConnectionProfile {
+	return v.value
+}
+
+func (v *NullableProvisioningConnectionProfile) Set(val *ProvisioningConnectionProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningConnectionProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningConnectionProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningConnectionProfile(val *ProvisioningConnectionProfile) *NullableProvisioningConnectionProfile {
+	return &NullableProvisioningConnectionProfile{value: val, isSet: true}
+}
+
+func (v NullableProvisioningConnectionProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningConnectionProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_connection_request.go b/okta/model_provisioning_connection_request.go
new file mode 100644
index 000000000..508eadfab
--- /dev/null
+++ b/okta/model_provisioning_connection_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProvisioningConnectionRequest struct for ProvisioningConnectionRequest
+type ProvisioningConnectionRequest struct {
+	Profile              *ProvisioningConnectionProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProvisioningConnectionRequest ProvisioningConnectionRequest
+
+// NewProvisioningConnectionRequest instantiates a new ProvisioningConnectionRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioningConnectionRequest() *ProvisioningConnectionRequest {
+	this := ProvisioningConnectionRequest{}
+	return &this
+}
+
+// NewProvisioningConnectionRequestWithDefaults instantiates a new ProvisioningConnectionRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningConnectionRequestWithDefaults() *ProvisioningConnectionRequest {
+	this := ProvisioningConnectionRequest{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *ProvisioningConnectionRequest) GetProfile() ProvisioningConnectionProfile {
+	if o == nil || o.Profile == nil {
+		var ret ProvisioningConnectionProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningConnectionRequest) GetProfileOk() (*ProvisioningConnectionProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *ProvisioningConnectionRequest) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given ProvisioningConnectionProfile and assigns it to the Profile field.
+func (o *ProvisioningConnectionRequest) SetProfile(v ProvisioningConnectionProfile) {
+	o.Profile = &v
+}
+
+func (o ProvisioningConnectionRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProvisioningConnectionRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioningConnectionRequest := _ProvisioningConnectionRequest{}
+
+	err = json.Unmarshal(bytes, &varProvisioningConnectionRequest)
+	if err == nil {
+		*o = ProvisioningConnectionRequest(varProvisioningConnectionRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioningConnectionRequest struct {
+	value *ProvisioningConnectionRequest
+	isSet bool
+}
+
+func (v NullableProvisioningConnectionRequest) Get() *ProvisioningConnectionRequest {
+	return v.value
+}
+
+func (v *NullableProvisioningConnectionRequest) Set(val *ProvisioningConnectionRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningConnectionRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningConnectionRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningConnectionRequest(val *ProvisioningConnectionRequest) *NullableProvisioningConnectionRequest {
+	return &NullableProvisioningConnectionRequest{value: val, isSet: true}
+}
+
+func (v NullableProvisioningConnectionRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningConnectionRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_connection_status.go b/okta/model_provisioning_connection_status.go
new file mode 100644
index 000000000..9965e8347
--- /dev/null
+++ b/okta/model_provisioning_connection_status.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProvisioningConnectionStatus the model 'ProvisioningConnectionStatus'
+type ProvisioningConnectionStatus string
+
+// List of ProvisioningConnectionStatus
+const (
+	PROVISIONINGCONNECTIONSTATUS_DISABLED ProvisioningConnectionStatus = "DISABLED"
+	PROVISIONINGCONNECTIONSTATUS_ENABLED  ProvisioningConnectionStatus = "ENABLED"
+	PROVISIONINGCONNECTIONSTATUS_UNKNOWN  ProvisioningConnectionStatus = "UNKNOWN"
+)
+
+// All allowed values of ProvisioningConnectionStatus enum
+var AllowedProvisioningConnectionStatusEnumValues = []ProvisioningConnectionStatus{
+	"DISABLED",
+	"ENABLED",
+	"UNKNOWN",
+}
+
+func (v *ProvisioningConnectionStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProvisioningConnectionStatus(value)
+	for _, existing := range AllowedProvisioningConnectionStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProvisioningConnectionStatus", value)
+}
+
+// NewProvisioningConnectionStatusFromValue returns a pointer to a valid ProvisioningConnectionStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProvisioningConnectionStatusFromValue(v string) (*ProvisioningConnectionStatus, error) {
+	ev := ProvisioningConnectionStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProvisioningConnectionStatus: valid values are %v", v, AllowedProvisioningConnectionStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProvisioningConnectionStatus) IsValid() bool {
+	for _, existing := range AllowedProvisioningConnectionStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProvisioningConnectionStatus value
+func (v ProvisioningConnectionStatus) Ptr() *ProvisioningConnectionStatus {
+	return &v
+}
+
+type NullableProvisioningConnectionStatus struct {
+	value *ProvisioningConnectionStatus
+	isSet bool
+}
+
+func (v NullableProvisioningConnectionStatus) Get() *ProvisioningConnectionStatus {
+	return v.value
+}
+
+func (v *NullableProvisioningConnectionStatus) Set(val *ProvisioningConnectionStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningConnectionStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningConnectionStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningConnectionStatus(val *ProvisioningConnectionStatus) *NullableProvisioningConnectionStatus {
+	return &NullableProvisioningConnectionStatus{value: val, isSet: true}
+}
+
+func (v NullableProvisioningConnectionStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningConnectionStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_deprovisioned_action.go b/okta/model_provisioning_deprovisioned_action.go
new file mode 100644
index 000000000..58e728849
--- /dev/null
+++ b/okta/model_provisioning_deprovisioned_action.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProvisioningDeprovisionedAction the model 'ProvisioningDeprovisionedAction'
+type ProvisioningDeprovisionedAction string
+
+// List of ProvisioningDeprovisionedAction
+const (
+	PROVISIONINGDEPROVISIONEDACTION_NONE       ProvisioningDeprovisionedAction = "NONE"
+	PROVISIONINGDEPROVISIONEDACTION_REACTIVATE ProvisioningDeprovisionedAction = "REACTIVATE"
+)
+
+// All allowed values of ProvisioningDeprovisionedAction enum
+var AllowedProvisioningDeprovisionedActionEnumValues = []ProvisioningDeprovisionedAction{
+	"NONE",
+	"REACTIVATE",
+}
+
+func (v *ProvisioningDeprovisionedAction) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProvisioningDeprovisionedAction(value)
+	for _, existing := range AllowedProvisioningDeprovisionedActionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProvisioningDeprovisionedAction", value)
+}
+
+// NewProvisioningDeprovisionedActionFromValue returns a pointer to a valid ProvisioningDeprovisionedAction
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProvisioningDeprovisionedActionFromValue(v string) (*ProvisioningDeprovisionedAction, error) {
+	ev := ProvisioningDeprovisionedAction(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProvisioningDeprovisionedAction: valid values are %v", v, AllowedProvisioningDeprovisionedActionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProvisioningDeprovisionedAction) IsValid() bool {
+	for _, existing := range AllowedProvisioningDeprovisionedActionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProvisioningDeprovisionedAction value
+func (v ProvisioningDeprovisionedAction) Ptr() *ProvisioningDeprovisionedAction {
+	return &v
+}
+
+type NullableProvisioningDeprovisionedAction struct {
+	value *ProvisioningDeprovisionedAction
+	isSet bool
+}
+
+func (v NullableProvisioningDeprovisionedAction) Get() *ProvisioningDeprovisionedAction {
+	return v.value
+}
+
+func (v *NullableProvisioningDeprovisionedAction) Set(val *ProvisioningDeprovisionedAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningDeprovisionedAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningDeprovisionedAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningDeprovisionedAction(val *ProvisioningDeprovisionedAction) *NullableProvisioningDeprovisionedAction {
+	return &NullableProvisioningDeprovisionedAction{value: val, isSet: true}
+}
+
+func (v NullableProvisioningDeprovisionedAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningDeprovisionedAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_deprovisioned_condition.go b/okta/model_provisioning_deprovisioned_condition.go
new file mode 100644
index 000000000..55cf0f48e
--- /dev/null
+++ b/okta/model_provisioning_deprovisioned_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProvisioningDeprovisionedCondition struct for ProvisioningDeprovisionedCondition
+type ProvisioningDeprovisionedCondition struct {
+	Action               *ProvisioningDeprovisionedAction `json:"action,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProvisioningDeprovisionedCondition ProvisioningDeprovisionedCondition
+
+// NewProvisioningDeprovisionedCondition instantiates a new ProvisioningDeprovisionedCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioningDeprovisionedCondition() *ProvisioningDeprovisionedCondition {
+	this := ProvisioningDeprovisionedCondition{}
+	return &this
+}
+
+// NewProvisioningDeprovisionedConditionWithDefaults instantiates a new ProvisioningDeprovisionedCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningDeprovisionedConditionWithDefaults() *ProvisioningDeprovisionedCondition {
+	this := ProvisioningDeprovisionedCondition{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *ProvisioningDeprovisionedCondition) GetAction() ProvisioningDeprovisionedAction {
+	if o == nil || o.Action == nil {
+		var ret ProvisioningDeprovisionedAction
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningDeprovisionedCondition) GetActionOk() (*ProvisioningDeprovisionedAction, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *ProvisioningDeprovisionedCondition) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given ProvisioningDeprovisionedAction and assigns it to the Action field.
+func (o *ProvisioningDeprovisionedCondition) SetAction(v ProvisioningDeprovisionedAction) {
+	o.Action = &v
+}
+
+func (o ProvisioningDeprovisionedCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProvisioningDeprovisionedCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioningDeprovisionedCondition := _ProvisioningDeprovisionedCondition{}
+
+	err = json.Unmarshal(bytes, &varProvisioningDeprovisionedCondition)
+	if err == nil {
+		*o = ProvisioningDeprovisionedCondition(varProvisioningDeprovisionedCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioningDeprovisionedCondition struct {
+	value *ProvisioningDeprovisionedCondition
+	isSet bool
+}
+
+func (v NullableProvisioningDeprovisionedCondition) Get() *ProvisioningDeprovisionedCondition {
+	return v.value
+}
+
+func (v *NullableProvisioningDeprovisionedCondition) Set(val *ProvisioningDeprovisionedCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningDeprovisionedCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningDeprovisionedCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningDeprovisionedCondition(val *ProvisioningDeprovisionedCondition) *NullableProvisioningDeprovisionedCondition {
+	return &NullableProvisioningDeprovisionedCondition{value: val, isSet: true}
+}
+
+func (v NullableProvisioningDeprovisionedCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningDeprovisionedCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_groups.go b/okta/model_provisioning_groups.go
new file mode 100644
index 000000000..84cca1724
--- /dev/null
+++ b/okta/model_provisioning_groups.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProvisioningGroups struct for ProvisioningGroups
+type ProvisioningGroups struct {
+	Action               *ProvisioningGroupsAction `json:"action,omitempty"`
+	Assignments          []string                  `json:"assignments,omitempty"`
+	Filter               []string                  `json:"filter,omitempty"`
+	SourceAttributeName  *string                   `json:"sourceAttributeName,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProvisioningGroups ProvisioningGroups
+
+// NewProvisioningGroups instantiates a new ProvisioningGroups object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioningGroups() *ProvisioningGroups {
+	this := ProvisioningGroups{}
+	return &this
+}
+
+// NewProvisioningGroupsWithDefaults instantiates a new ProvisioningGroups object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningGroupsWithDefaults() *ProvisioningGroups {
+	this := ProvisioningGroups{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *ProvisioningGroups) GetAction() ProvisioningGroupsAction {
+	if o == nil || o.Action == nil {
+		var ret ProvisioningGroupsAction
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningGroups) GetActionOk() (*ProvisioningGroupsAction, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *ProvisioningGroups) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given ProvisioningGroupsAction and assigns it to the Action field.
+func (o *ProvisioningGroups) SetAction(v ProvisioningGroupsAction) {
+	o.Action = &v
+}
+
+// GetAssignments returns the Assignments field value if set, zero value otherwise.
+func (o *ProvisioningGroups) GetAssignments() []string {
+	if o == nil || o.Assignments == nil {
+		var ret []string
+		return ret
+	}
+	return o.Assignments
+}
+
+// GetAssignmentsOk returns a tuple with the Assignments field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningGroups) GetAssignmentsOk() ([]string, bool) {
+	if o == nil || o.Assignments == nil {
+		return nil, false
+	}
+	return o.Assignments, true
+}
+
+// HasAssignments returns a boolean if a field has been set.
+func (o *ProvisioningGroups) HasAssignments() bool {
+	if o != nil && o.Assignments != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAssignments gets a reference to the given []string and assigns it to the Assignments field.
+func (o *ProvisioningGroups) SetAssignments(v []string) {
+	o.Assignments = v
+}
+
+// GetFilter returns the Filter field value if set, zero value otherwise.
+func (o *ProvisioningGroups) GetFilter() []string {
+	if o == nil || o.Filter == nil {
+		var ret []string
+		return ret
+	}
+	return o.Filter
+}
+
+// GetFilterOk returns a tuple with the Filter field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningGroups) GetFilterOk() ([]string, bool) {
+	if o == nil || o.Filter == nil {
+		return nil, false
+	}
+	return o.Filter, true
+}
+
+// HasFilter returns a boolean if a field has been set.
+func (o *ProvisioningGroups) HasFilter() bool {
+	if o != nil && o.Filter != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFilter gets a reference to the given []string and assigns it to the Filter field.
+func (o *ProvisioningGroups) SetFilter(v []string) {
+	o.Filter = v
+}
+
+// GetSourceAttributeName returns the SourceAttributeName field value if set, zero value otherwise.
+func (o *ProvisioningGroups) GetSourceAttributeName() string {
+	if o == nil || o.SourceAttributeName == nil {
+		var ret string
+		return ret
+	}
+	return *o.SourceAttributeName
+}
+
+// GetSourceAttributeNameOk returns a tuple with the SourceAttributeName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningGroups) GetSourceAttributeNameOk() (*string, bool) {
+	if o == nil || o.SourceAttributeName == nil {
+		return nil, false
+	}
+	return o.SourceAttributeName, true
+}
+
+// HasSourceAttributeName returns a boolean if a field has been set.
+func (o *ProvisioningGroups) HasSourceAttributeName() bool {
+	if o != nil && o.SourceAttributeName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSourceAttributeName gets a reference to the given string and assigns it to the SourceAttributeName field.
+func (o *ProvisioningGroups) SetSourceAttributeName(v string) {
+	o.SourceAttributeName = &v
+}
+
+func (o ProvisioningGroups) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+	if o.Assignments != nil {
+		toSerialize["assignments"] = o.Assignments
+	}
+	if o.Filter != nil {
+		toSerialize["filter"] = o.Filter
+	}
+	if o.SourceAttributeName != nil {
+		toSerialize["sourceAttributeName"] = o.SourceAttributeName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProvisioningGroups) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioningGroups := _ProvisioningGroups{}
+
+	err = json.Unmarshal(bytes, &varProvisioningGroups)
+	if err == nil {
+		*o = ProvisioningGroups(varProvisioningGroups)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		delete(additionalProperties, "assignments")
+		delete(additionalProperties, "filter")
+		delete(additionalProperties, "sourceAttributeName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioningGroups struct {
+	value *ProvisioningGroups
+	isSet bool
+}
+
+func (v NullableProvisioningGroups) Get() *ProvisioningGroups {
+	return v.value
+}
+
+func (v *NullableProvisioningGroups) Set(val *ProvisioningGroups) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningGroups) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningGroups) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningGroups(val *ProvisioningGroups) *NullableProvisioningGroups {
+	return &NullableProvisioningGroups{value: val, isSet: true}
+}
+
+func (v NullableProvisioningGroups) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningGroups) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_groups_action.go b/okta/model_provisioning_groups_action.go
new file mode 100644
index 000000000..5b95d3eb5
--- /dev/null
+++ b/okta/model_provisioning_groups_action.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProvisioningGroupsAction the model 'ProvisioningGroupsAction'
+type ProvisioningGroupsAction string
+
+// List of ProvisioningGroupsAction
+const (
+	PROVISIONINGGROUPSACTION_APPEND ProvisioningGroupsAction = "APPEND"
+	PROVISIONINGGROUPSACTION_ASSIGN ProvisioningGroupsAction = "ASSIGN"
+	PROVISIONINGGROUPSACTION_NONE   ProvisioningGroupsAction = "NONE"
+	PROVISIONINGGROUPSACTION_SYNC   ProvisioningGroupsAction = "SYNC"
+)
+
+// All allowed values of ProvisioningGroupsAction enum
+var AllowedProvisioningGroupsActionEnumValues = []ProvisioningGroupsAction{
+	"APPEND",
+	"ASSIGN",
+	"NONE",
+	"SYNC",
+}
+
+func (v *ProvisioningGroupsAction) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProvisioningGroupsAction(value)
+	for _, existing := range AllowedProvisioningGroupsActionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProvisioningGroupsAction", value)
+}
+
+// NewProvisioningGroupsActionFromValue returns a pointer to a valid ProvisioningGroupsAction
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProvisioningGroupsActionFromValue(v string) (*ProvisioningGroupsAction, error) {
+	ev := ProvisioningGroupsAction(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProvisioningGroupsAction: valid values are %v", v, AllowedProvisioningGroupsActionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProvisioningGroupsAction) IsValid() bool {
+	for _, existing := range AllowedProvisioningGroupsActionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProvisioningGroupsAction value
+func (v ProvisioningGroupsAction) Ptr() *ProvisioningGroupsAction {
+	return &v
+}
+
+type NullableProvisioningGroupsAction struct {
+	value *ProvisioningGroupsAction
+	isSet bool
+}
+
+func (v NullableProvisioningGroupsAction) Get() *ProvisioningGroupsAction {
+	return v.value
+}
+
+func (v *NullableProvisioningGroupsAction) Set(val *ProvisioningGroupsAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningGroupsAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningGroupsAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningGroupsAction(val *ProvisioningGroupsAction) *NullableProvisioningGroupsAction {
+	return &NullableProvisioningGroupsAction{value: val, isSet: true}
+}
+
+func (v NullableProvisioningGroupsAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningGroupsAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_suspended_action.go b/okta/model_provisioning_suspended_action.go
new file mode 100644
index 000000000..15f4634d3
--- /dev/null
+++ b/okta/model_provisioning_suspended_action.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ProvisioningSuspendedAction the model 'ProvisioningSuspendedAction'
+type ProvisioningSuspendedAction string
+
+// List of ProvisioningSuspendedAction
+const (
+	PROVISIONINGSUSPENDEDACTION_NONE      ProvisioningSuspendedAction = "NONE"
+	PROVISIONINGSUSPENDEDACTION_UNSUSPEND ProvisioningSuspendedAction = "UNSUSPEND"
+)
+
+// All allowed values of ProvisioningSuspendedAction enum
+var AllowedProvisioningSuspendedActionEnumValues = []ProvisioningSuspendedAction{
+	"NONE",
+	"UNSUSPEND",
+}
+
+func (v *ProvisioningSuspendedAction) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ProvisioningSuspendedAction(value)
+	for _, existing := range AllowedProvisioningSuspendedActionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ProvisioningSuspendedAction", value)
+}
+
+// NewProvisioningSuspendedActionFromValue returns a pointer to a valid ProvisioningSuspendedAction
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewProvisioningSuspendedActionFromValue(v string) (*ProvisioningSuspendedAction, error) {
+	ev := ProvisioningSuspendedAction(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ProvisioningSuspendedAction: valid values are %v", v, AllowedProvisioningSuspendedActionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ProvisioningSuspendedAction) IsValid() bool {
+	for _, existing := range AllowedProvisioningSuspendedActionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ProvisioningSuspendedAction value
+func (v ProvisioningSuspendedAction) Ptr() *ProvisioningSuspendedAction {
+	return &v
+}
+
+type NullableProvisioningSuspendedAction struct {
+	value *ProvisioningSuspendedAction
+	isSet bool
+}
+
+func (v NullableProvisioningSuspendedAction) Get() *ProvisioningSuspendedAction {
+	return v.value
+}
+
+func (v *NullableProvisioningSuspendedAction) Set(val *ProvisioningSuspendedAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningSuspendedAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningSuspendedAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningSuspendedAction(val *ProvisioningSuspendedAction) *NullableProvisioningSuspendedAction {
+	return &NullableProvisioningSuspendedAction{value: val, isSet: true}
+}
+
+func (v NullableProvisioningSuspendedAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningSuspendedAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_provisioning_suspended_condition.go b/okta/model_provisioning_suspended_condition.go
new file mode 100644
index 000000000..473555814
--- /dev/null
+++ b/okta/model_provisioning_suspended_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ProvisioningSuspendedCondition struct for ProvisioningSuspendedCondition
+type ProvisioningSuspendedCondition struct {
+	Action               *ProvisioningSuspendedAction `json:"action,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ProvisioningSuspendedCondition ProvisioningSuspendedCondition
+
+// NewProvisioningSuspendedCondition instantiates a new ProvisioningSuspendedCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewProvisioningSuspendedCondition() *ProvisioningSuspendedCondition {
+	this := ProvisioningSuspendedCondition{}
+	return &this
+}
+
+// NewProvisioningSuspendedConditionWithDefaults instantiates a new ProvisioningSuspendedCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewProvisioningSuspendedConditionWithDefaults() *ProvisioningSuspendedCondition {
+	this := ProvisioningSuspendedCondition{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *ProvisioningSuspendedCondition) GetAction() ProvisioningSuspendedAction {
+	if o == nil || o.Action == nil {
+		var ret ProvisioningSuspendedAction
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ProvisioningSuspendedCondition) GetActionOk() (*ProvisioningSuspendedAction, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *ProvisioningSuspendedCondition) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given ProvisioningSuspendedAction and assigns it to the Action field.
+func (o *ProvisioningSuspendedCondition) SetAction(v ProvisioningSuspendedAction) {
+	o.Action = &v
+}
+
+func (o ProvisioningSuspendedCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ProvisioningSuspendedCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varProvisioningSuspendedCondition := _ProvisioningSuspendedCondition{}
+
+	err = json.Unmarshal(bytes, &varProvisioningSuspendedCondition)
+	if err == nil {
+		*o = ProvisioningSuspendedCondition(varProvisioningSuspendedCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableProvisioningSuspendedCondition struct {
+	value *ProvisioningSuspendedCondition
+	isSet bool
+}
+
+func (v NullableProvisioningSuspendedCondition) Get() *ProvisioningSuspendedCondition {
+	return v.value
+}
+
+func (v *NullableProvisioningSuspendedCondition) Set(val *ProvisioningSuspendedCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableProvisioningSuspendedCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableProvisioningSuspendedCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableProvisioningSuspendedCondition(val *ProvisioningSuspendedCondition) *NullableProvisioningSuspendedCondition {
+	return &NullableProvisioningSuspendedCondition{value: val, isSet: true}
+}
+
+func (v NullableProvisioningSuspendedCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableProvisioningSuspendedCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_push_provider.go b/okta/model_push_provider.go
new file mode 100644
index 000000000..2bc90a6c6
--- /dev/null
+++ b/okta/model_push_provider.go
@@ -0,0 +1,307 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PushProvider struct for PushProvider
+type PushProvider struct {
+	Id              *string `json:"id,omitempty"`
+	LastUpdatedDate *string `json:"lastUpdatedDate,omitempty"`
+	// Display name of the push provider
+	Name                 *string       `json:"name,omitempty"`
+	ProviderType         *ProviderType `json:"providerType,omitempty"`
+	Links                *ApiTokenLink `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PushProvider PushProvider
+
+// NewPushProvider instantiates a new PushProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPushProvider() *PushProvider {
+	this := PushProvider{}
+	return &this
+}
+
+// NewPushProviderWithDefaults instantiates a new PushProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPushProviderWithDefaults() *PushProvider {
+	this := PushProvider{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *PushProvider) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushProvider) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *PushProvider) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *PushProvider) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdatedDate returns the LastUpdatedDate field value if set, zero value otherwise.
+func (o *PushProvider) GetLastUpdatedDate() string {
+	if o == nil || o.LastUpdatedDate == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdatedDate
+}
+
+// GetLastUpdatedDateOk returns a tuple with the LastUpdatedDate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushProvider) GetLastUpdatedDateOk() (*string, bool) {
+	if o == nil || o.LastUpdatedDate == nil {
+		return nil, false
+	}
+	return o.LastUpdatedDate, true
+}
+
+// HasLastUpdatedDate returns a boolean if a field has been set.
+func (o *PushProvider) HasLastUpdatedDate() bool {
+	if o != nil && o.LastUpdatedDate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdatedDate gets a reference to the given string and assigns it to the LastUpdatedDate field.
+func (o *PushProvider) SetLastUpdatedDate(v string) {
+	o.LastUpdatedDate = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *PushProvider) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushProvider) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *PushProvider) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *PushProvider) SetName(v string) {
+	o.Name = &v
+}
+
+// GetProviderType returns the ProviderType field value if set, zero value otherwise.
+func (o *PushProvider) GetProviderType() ProviderType {
+	if o == nil || o.ProviderType == nil {
+		var ret ProviderType
+		return ret
+	}
+	return *o.ProviderType
+}
+
+// GetProviderTypeOk returns a tuple with the ProviderType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushProvider) GetProviderTypeOk() (*ProviderType, bool) {
+	if o == nil || o.ProviderType == nil {
+		return nil, false
+	}
+	return o.ProviderType, true
+}
+
+// HasProviderType returns a boolean if a field has been set.
+func (o *PushProvider) HasProviderType() bool {
+	if o != nil && o.ProviderType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProviderType gets a reference to the given ProviderType and assigns it to the ProviderType field.
+func (o *PushProvider) SetProviderType(v ProviderType) {
+	o.ProviderType = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *PushProvider) GetLinks() ApiTokenLink {
+	if o == nil || o.Links == nil {
+		var ret ApiTokenLink
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushProvider) GetLinksOk() (*ApiTokenLink, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *PushProvider) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ApiTokenLink and assigns it to the Links field.
+func (o *PushProvider) SetLinks(v ApiTokenLink) {
+	o.Links = &v
+}
+
+func (o PushProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdatedDate != nil {
+		toSerialize["lastUpdatedDate"] = o.LastUpdatedDate
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.ProviderType != nil {
+		toSerialize["providerType"] = o.ProviderType
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PushProvider) UnmarshalJSON(bytes []byte) (err error) {
+	varPushProvider := _PushProvider{}
+
+	err = json.Unmarshal(bytes, &varPushProvider)
+	if err == nil {
+		*o = PushProvider(varPushProvider)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdatedDate")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "providerType")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePushProvider struct {
+	value *PushProvider
+	isSet bool
+}
+
+func (v NullablePushProvider) Get() *PushProvider {
+	return v.value
+}
+
+func (v *NullablePushProvider) Set(val *PushProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePushProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePushProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePushProvider(val *PushProvider) *NullablePushProvider {
+	return &NullablePushProvider{value: val, isSet: true}
+}
+
+func (v NullablePushProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePushProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_push_user_factor.go b/okta/model_push_user_factor.go
new file mode 100644
index 000000000..0a5b5db3a
--- /dev/null
+++ b/okta/model_push_user_factor.go
@@ -0,0 +1,282 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+	"time"
+)
+
+// PushUserFactor struct for PushUserFactor
+type PushUserFactor struct {
+	UserFactor
+	ExpiresAt            *time.Time             `json:"expiresAt,omitempty"`
+	FactorResult         *FactorResultType      `json:"factorResult,omitempty"`
+	Profile              *PushUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PushUserFactor PushUserFactor
+
+// NewPushUserFactor instantiates a new PushUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPushUserFactor() *PushUserFactor {
+	this := PushUserFactor{}
+	return &this
+}
+
+// NewPushUserFactorWithDefaults instantiates a new PushUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPushUserFactorWithDefaults() *PushUserFactor {
+	this := PushUserFactor{}
+	return &this
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *PushUserFactor) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactor) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *PushUserFactor) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *PushUserFactor) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetFactorResult returns the FactorResult field value if set, zero value otherwise.
+func (o *PushUserFactor) GetFactorResult() FactorResultType {
+	if o == nil || o.FactorResult == nil {
+		var ret FactorResultType
+		return ret
+	}
+	return *o.FactorResult
+}
+
+// GetFactorResultOk returns a tuple with the FactorResult field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactor) GetFactorResultOk() (*FactorResultType, bool) {
+	if o == nil || o.FactorResult == nil {
+		return nil, false
+	}
+	return o.FactorResult, true
+}
+
+// HasFactorResult returns a boolean if a field has been set.
+func (o *PushUserFactor) HasFactorResult() bool {
+	if o != nil && o.FactorResult != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorResult gets a reference to the given FactorResultType and assigns it to the FactorResult field.
+func (o *PushUserFactor) SetFactorResult(v FactorResultType) {
+	o.FactorResult = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *PushUserFactor) GetProfile() PushUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret PushUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactor) GetProfileOk() (*PushUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *PushUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given PushUserFactorProfile and assigns it to the Profile field.
+func (o *PushUserFactor) SetProfile(v PushUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o PushUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.FactorResult != nil {
+		toSerialize["factorResult"] = o.FactorResult
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PushUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type PushUserFactorWithoutEmbeddedStruct struct {
+		ExpiresAt    *time.Time             `json:"expiresAt,omitempty"`
+		FactorResult *FactorResultType      `json:"factorResult,omitempty"`
+		Profile      *PushUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varPushUserFactorWithoutEmbeddedStruct := PushUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varPushUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varPushUserFactor := _PushUserFactor{}
+		varPushUserFactor.ExpiresAt = varPushUserFactorWithoutEmbeddedStruct.ExpiresAt
+		varPushUserFactor.FactorResult = varPushUserFactorWithoutEmbeddedStruct.FactorResult
+		varPushUserFactor.Profile = varPushUserFactorWithoutEmbeddedStruct.Profile
+		*o = PushUserFactor(varPushUserFactor)
+	} else {
+		return err
+	}
+
+	varPushUserFactor := _PushUserFactor{}
+
+	err = json.Unmarshal(bytes, &varPushUserFactor)
+	if err == nil {
+		o.UserFactor = varPushUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "factorResult")
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePushUserFactor struct {
+	value *PushUserFactor
+	isSet bool
+}
+
+func (v NullablePushUserFactor) Get() *PushUserFactor {
+	return v.value
+}
+
+func (v *NullablePushUserFactor) Set(val *PushUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePushUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePushUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePushUserFactor(val *PushUserFactor) *NullablePushUserFactor {
+	return &NullablePushUserFactor{value: val, isSet: true}
+}
+
+func (v NullablePushUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePushUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_push_user_factor_all_of.go b/okta/model_push_user_factor_all_of.go
new file mode 100644
index 000000000..65b840e2b
--- /dev/null
+++ b/okta/model_push_user_factor_all_of.go
@@ -0,0 +1,233 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// PushUserFactorAllOf struct for PushUserFactorAllOf
+type PushUserFactorAllOf struct {
+	ExpiresAt            *time.Time             `json:"expiresAt,omitempty"`
+	FactorResult         *FactorResultType      `json:"factorResult,omitempty"`
+	Profile              *PushUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PushUserFactorAllOf PushUserFactorAllOf
+
+// NewPushUserFactorAllOf instantiates a new PushUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPushUserFactorAllOf() *PushUserFactorAllOf {
+	this := PushUserFactorAllOf{}
+	return &this
+}
+
+// NewPushUserFactorAllOfWithDefaults instantiates a new PushUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPushUserFactorAllOfWithDefaults() *PushUserFactorAllOf {
+	this := PushUserFactorAllOf{}
+	return &this
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *PushUserFactorAllOf) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorAllOf) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *PushUserFactorAllOf) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *PushUserFactorAllOf) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetFactorResult returns the FactorResult field value if set, zero value otherwise.
+func (o *PushUserFactorAllOf) GetFactorResult() FactorResultType {
+	if o == nil || o.FactorResult == nil {
+		var ret FactorResultType
+		return ret
+	}
+	return *o.FactorResult
+}
+
+// GetFactorResultOk returns a tuple with the FactorResult field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorAllOf) GetFactorResultOk() (*FactorResultType, bool) {
+	if o == nil || o.FactorResult == nil {
+		return nil, false
+	}
+	return o.FactorResult, true
+}
+
+// HasFactorResult returns a boolean if a field has been set.
+func (o *PushUserFactorAllOf) HasFactorResult() bool {
+	if o != nil && o.FactorResult != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorResult gets a reference to the given FactorResultType and assigns it to the FactorResult field.
+func (o *PushUserFactorAllOf) SetFactorResult(v FactorResultType) {
+	o.FactorResult = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *PushUserFactorAllOf) GetProfile() PushUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret PushUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorAllOf) GetProfileOk() (*PushUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *PushUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given PushUserFactorProfile and assigns it to the Profile field.
+func (o *PushUserFactorAllOf) SetProfile(v PushUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o PushUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.FactorResult != nil {
+		toSerialize["factorResult"] = o.FactorResult
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PushUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varPushUserFactorAllOf := _PushUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varPushUserFactorAllOf)
+	if err == nil {
+		*o = PushUserFactorAllOf(varPushUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "factorResult")
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePushUserFactorAllOf struct {
+	value *PushUserFactorAllOf
+	isSet bool
+}
+
+func (v NullablePushUserFactorAllOf) Get() *PushUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullablePushUserFactorAllOf) Set(val *PushUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePushUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePushUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePushUserFactorAllOf(val *PushUserFactorAllOf) *NullablePushUserFactorAllOf {
+	return &NullablePushUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullablePushUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePushUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_push_user_factor_profile.go b/okta/model_push_user_factor_profile.go
new file mode 100644
index 000000000..21e995633
--- /dev/null
+++ b/okta/model_push_user_factor_profile.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// PushUserFactorProfile struct for PushUserFactorProfile
+type PushUserFactorProfile struct {
+	CredentialId         *string `json:"credentialId,omitempty"`
+	DeviceToken          *string `json:"deviceToken,omitempty"`
+	DeviceType           *string `json:"deviceType,omitempty"`
+	Name                 *string `json:"name,omitempty"`
+	Platform             *string `json:"platform,omitempty"`
+	Version              *string `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _PushUserFactorProfile PushUserFactorProfile
+
+// NewPushUserFactorProfile instantiates a new PushUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewPushUserFactorProfile() *PushUserFactorProfile {
+	this := PushUserFactorProfile{}
+	return &this
+}
+
+// NewPushUserFactorProfileWithDefaults instantiates a new PushUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewPushUserFactorProfileWithDefaults() *PushUserFactorProfile {
+	this := PushUserFactorProfile{}
+	return &this
+}
+
+// GetCredentialId returns the CredentialId field value if set, zero value otherwise.
+func (o *PushUserFactorProfile) GetCredentialId() string {
+	if o == nil || o.CredentialId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CredentialId
+}
+
+// GetCredentialIdOk returns a tuple with the CredentialId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorProfile) GetCredentialIdOk() (*string, bool) {
+	if o == nil || o.CredentialId == nil {
+		return nil, false
+	}
+	return o.CredentialId, true
+}
+
+// HasCredentialId returns a boolean if a field has been set.
+func (o *PushUserFactorProfile) HasCredentialId() bool {
+	if o != nil && o.CredentialId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialId gets a reference to the given string and assigns it to the CredentialId field.
+func (o *PushUserFactorProfile) SetCredentialId(v string) {
+	o.CredentialId = &v
+}
+
+// GetDeviceToken returns the DeviceToken field value if set, zero value otherwise.
+func (o *PushUserFactorProfile) GetDeviceToken() string {
+	if o == nil || o.DeviceToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.DeviceToken
+}
+
+// GetDeviceTokenOk returns a tuple with the DeviceToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorProfile) GetDeviceTokenOk() (*string, bool) {
+	if o == nil || o.DeviceToken == nil {
+		return nil, false
+	}
+	return o.DeviceToken, true
+}
+
+// HasDeviceToken returns a boolean if a field has been set.
+func (o *PushUserFactorProfile) HasDeviceToken() bool {
+	if o != nil && o.DeviceToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeviceToken gets a reference to the given string and assigns it to the DeviceToken field.
+func (o *PushUserFactorProfile) SetDeviceToken(v string) {
+	o.DeviceToken = &v
+}
+
+// GetDeviceType returns the DeviceType field value if set, zero value otherwise.
+func (o *PushUserFactorProfile) GetDeviceType() string {
+	if o == nil || o.DeviceType == nil {
+		var ret string
+		return ret
+	}
+	return *o.DeviceType
+}
+
+// GetDeviceTypeOk returns a tuple with the DeviceType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorProfile) GetDeviceTypeOk() (*string, bool) {
+	if o == nil || o.DeviceType == nil {
+		return nil, false
+	}
+	return o.DeviceType, true
+}
+
+// HasDeviceType returns a boolean if a field has been set.
+func (o *PushUserFactorProfile) HasDeviceType() bool {
+	if o != nil && o.DeviceType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDeviceType gets a reference to the given string and assigns it to the DeviceType field.
+func (o *PushUserFactorProfile) SetDeviceType(v string) {
+	o.DeviceType = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *PushUserFactorProfile) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorProfile) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *PushUserFactorProfile) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *PushUserFactorProfile) SetName(v string) {
+	o.Name = &v
+}
+
+// GetPlatform returns the Platform field value if set, zero value otherwise.
+func (o *PushUserFactorProfile) GetPlatform() string {
+	if o == nil || o.Platform == nil {
+		var ret string
+		return ret
+	}
+	return *o.Platform
+}
+
+// GetPlatformOk returns a tuple with the Platform field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorProfile) GetPlatformOk() (*string, bool) {
+	if o == nil || o.Platform == nil {
+		return nil, false
+	}
+	return o.Platform, true
+}
+
+// HasPlatform returns a boolean if a field has been set.
+func (o *PushUserFactorProfile) HasPlatform() bool {
+	if o != nil && o.Platform != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPlatform gets a reference to the given string and assigns it to the Platform field.
+func (o *PushUserFactorProfile) SetPlatform(v string) {
+	o.Platform = &v
+}
+
+// GetVersion returns the Version field value if set, zero value otherwise.
+func (o *PushUserFactorProfile) GetVersion() string {
+	if o == nil || o.Version == nil {
+		var ret string
+		return ret
+	}
+	return *o.Version
+}
+
+// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *PushUserFactorProfile) GetVersionOk() (*string, bool) {
+	if o == nil || o.Version == nil {
+		return nil, false
+	}
+	return o.Version, true
+}
+
+// HasVersion returns a boolean if a field has been set.
+func (o *PushUserFactorProfile) HasVersion() bool {
+	if o != nil && o.Version != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVersion gets a reference to the given string and assigns it to the Version field.
+func (o *PushUserFactorProfile) SetVersion(v string) {
+	o.Version = &v
+}
+
+func (o PushUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CredentialId != nil {
+		toSerialize["credentialId"] = o.CredentialId
+	}
+	if o.DeviceToken != nil {
+		toSerialize["deviceToken"] = o.DeviceToken
+	}
+	if o.DeviceType != nil {
+		toSerialize["deviceType"] = o.DeviceType
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Platform != nil {
+		toSerialize["platform"] = o.Platform
+	}
+	if o.Version != nil {
+		toSerialize["version"] = o.Version
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *PushUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varPushUserFactorProfile := _PushUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varPushUserFactorProfile)
+	if err == nil {
+		*o = PushUserFactorProfile(varPushUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentialId")
+		delete(additionalProperties, "deviceToken")
+		delete(additionalProperties, "deviceType")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "platform")
+		delete(additionalProperties, "version")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullablePushUserFactorProfile struct {
+	value *PushUserFactorProfile
+	isSet bool
+}
+
+func (v NullablePushUserFactorProfile) Get() *PushUserFactorProfile {
+	return v.value
+}
+
+func (v *NullablePushUserFactorProfile) Set(val *PushUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullablePushUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullablePushUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullablePushUserFactorProfile(val *PushUserFactorProfile) *NullablePushUserFactorProfile {
+	return &NullablePushUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullablePushUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullablePushUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_rate_limit_admin_notifications.go b/okta/model_rate_limit_admin_notifications.go
new file mode 100644
index 000000000..a85739957
--- /dev/null
+++ b/okta/model_rate_limit_admin_notifications.go
@@ -0,0 +1,151 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// RateLimitAdminNotifications
+type RateLimitAdminNotifications struct {
+	NotificationsEnabled bool `json:"notificationsEnabled"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _RateLimitAdminNotifications RateLimitAdminNotifications
+
+// NewRateLimitAdminNotifications instantiates a new RateLimitAdminNotifications object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRateLimitAdminNotifications(notificationsEnabled bool) *RateLimitAdminNotifications {
+	this := RateLimitAdminNotifications{}
+	this.NotificationsEnabled = notificationsEnabled
+	return &this
+}
+
+// NewRateLimitAdminNotificationsWithDefaults instantiates a new RateLimitAdminNotifications object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRateLimitAdminNotificationsWithDefaults() *RateLimitAdminNotifications {
+	this := RateLimitAdminNotifications{}
+	return &this
+}
+
+// GetNotificationsEnabled returns the NotificationsEnabled field value
+func (o *RateLimitAdminNotifications) GetNotificationsEnabled() bool {
+	if o == nil {
+		var ret bool
+		return ret
+	}
+
+	return o.NotificationsEnabled
+}
+
+// GetNotificationsEnabledOk returns a tuple with the NotificationsEnabled field value
+// and a boolean to check if the value has been set.
+func (o *RateLimitAdminNotifications) GetNotificationsEnabledOk() (*bool, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.NotificationsEnabled, true
+}
+
+// SetNotificationsEnabled sets field value
+func (o *RateLimitAdminNotifications) SetNotificationsEnabled(v bool) {
+	o.NotificationsEnabled = v
+}
+
+func (o RateLimitAdminNotifications) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["notificationsEnabled"] = o.NotificationsEnabled
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *RateLimitAdminNotifications) UnmarshalJSON(bytes []byte) (err error) {
+	varRateLimitAdminNotifications := _RateLimitAdminNotifications{}
+
+	err = json.Unmarshal(bytes, &varRateLimitAdminNotifications)
+	if err == nil {
+		*o = RateLimitAdminNotifications(varRateLimitAdminNotifications)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "notificationsEnabled")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRateLimitAdminNotifications struct {
+	value *RateLimitAdminNotifications
+	isSet bool
+}
+
+func (v NullableRateLimitAdminNotifications) Get() *RateLimitAdminNotifications {
+	return v.value
+}
+
+func (v *NullableRateLimitAdminNotifications) Set(val *RateLimitAdminNotifications) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRateLimitAdminNotifications) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRateLimitAdminNotifications) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRateLimitAdminNotifications(val *RateLimitAdminNotifications) *NullableRateLimitAdminNotifications {
+	return &NullableRateLimitAdminNotifications{value: val, isSet: true}
+}
+
+func (v NullableRateLimitAdminNotifications) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRateLimitAdminNotifications) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_recovery_question_credential.go b/okta/model_recovery_question_credential.go
new file mode 100644
index 000000000..13988cbf5
--- /dev/null
+++ b/okta/model_recovery_question_credential.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// RecoveryQuestionCredential struct for RecoveryQuestionCredential
+type RecoveryQuestionCredential struct {
+	Answer               *string `json:"answer,omitempty"`
+	Question             *string `json:"question,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _RecoveryQuestionCredential RecoveryQuestionCredential
+
+// NewRecoveryQuestionCredential instantiates a new RecoveryQuestionCredential object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRecoveryQuestionCredential() *RecoveryQuestionCredential {
+	this := RecoveryQuestionCredential{}
+	return &this
+}
+
+// NewRecoveryQuestionCredentialWithDefaults instantiates a new RecoveryQuestionCredential object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRecoveryQuestionCredentialWithDefaults() *RecoveryQuestionCredential {
+	this := RecoveryQuestionCredential{}
+	return &this
+}
+
+// GetAnswer returns the Answer field value if set, zero value otherwise.
+func (o *RecoveryQuestionCredential) GetAnswer() string {
+	if o == nil || o.Answer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Answer
+}
+
+// GetAnswerOk returns a tuple with the Answer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RecoveryQuestionCredential) GetAnswerOk() (*string, bool) {
+	if o == nil || o.Answer == nil {
+		return nil, false
+	}
+	return o.Answer, true
+}
+
+// HasAnswer returns a boolean if a field has been set.
+func (o *RecoveryQuestionCredential) HasAnswer() bool {
+	if o != nil && o.Answer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAnswer gets a reference to the given string and assigns it to the Answer field.
+func (o *RecoveryQuestionCredential) SetAnswer(v string) {
+	o.Answer = &v
+}
+
+// GetQuestion returns the Question field value if set, zero value otherwise.
+func (o *RecoveryQuestionCredential) GetQuestion() string {
+	if o == nil || o.Question == nil {
+		var ret string
+		return ret
+	}
+	return *o.Question
+}
+
+// GetQuestionOk returns a tuple with the Question field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RecoveryQuestionCredential) GetQuestionOk() (*string, bool) {
+	if o == nil || o.Question == nil {
+		return nil, false
+	}
+	return o.Question, true
+}
+
+// HasQuestion returns a boolean if a field has been set.
+func (o *RecoveryQuestionCredential) HasQuestion() bool {
+	if o != nil && o.Question != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetQuestion gets a reference to the given string and assigns it to the Question field.
+func (o *RecoveryQuestionCredential) SetQuestion(v string) {
+	o.Question = &v
+}
+
+func (o RecoveryQuestionCredential) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Answer != nil {
+		toSerialize["answer"] = o.Answer
+	}
+	if o.Question != nil {
+		toSerialize["question"] = o.Question
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *RecoveryQuestionCredential) UnmarshalJSON(bytes []byte) (err error) {
+	varRecoveryQuestionCredential := _RecoveryQuestionCredential{}
+
+	err = json.Unmarshal(bytes, &varRecoveryQuestionCredential)
+	if err == nil {
+		*o = RecoveryQuestionCredential(varRecoveryQuestionCredential)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "answer")
+		delete(additionalProperties, "question")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRecoveryQuestionCredential struct {
+	value *RecoveryQuestionCredential
+	isSet bool
+}
+
+func (v NullableRecoveryQuestionCredential) Get() *RecoveryQuestionCredential {
+	return v.value
+}
+
+func (v *NullableRecoveryQuestionCredential) Set(val *RecoveryQuestionCredential) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRecoveryQuestionCredential) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRecoveryQuestionCredential) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRecoveryQuestionCredential(val *RecoveryQuestionCredential) *NullableRecoveryQuestionCredential {
+	return &NullableRecoveryQuestionCredential{value: val, isSet: true}
+}
+
+func (v NullableRecoveryQuestionCredential) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRecoveryQuestionCredential) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_release_channel.go b/okta/model_release_channel.go
new file mode 100644
index 000000000..c0f52611f
--- /dev/null
+++ b/okta/model_release_channel.go
@@ -0,0 +1,128 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ReleaseChannel Release channel for auto-update
+type ReleaseChannel string
+
+// List of ReleaseChannel
+const (
+	RELEASECHANNEL_BETA ReleaseChannel = "BETA"
+	RELEASECHANNEL_EA   ReleaseChannel = "EA"
+	RELEASECHANNEL_GA   ReleaseChannel = "GA"
+	RELEASECHANNEL_TEST ReleaseChannel = "TEST"
+)
+
+// All allowed values of ReleaseChannel enum
+var AllowedReleaseChannelEnumValues = []ReleaseChannel{
+	"BETA",
+	"EA",
+	"GA",
+	"TEST",
+}
+
+func (v *ReleaseChannel) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ReleaseChannel(value)
+	for _, existing := range AllowedReleaseChannelEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ReleaseChannel", value)
+}
+
+// NewReleaseChannelFromValue returns a pointer to a valid ReleaseChannel
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewReleaseChannelFromValue(v string) (*ReleaseChannel, error) {
+	ev := ReleaseChannel(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ReleaseChannel: valid values are %v", v, AllowedReleaseChannelEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ReleaseChannel) IsValid() bool {
+	for _, existing := range AllowedReleaseChannelEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ReleaseChannel value
+func (v ReleaseChannel) Ptr() *ReleaseChannel {
+	return &v
+}
+
+type NullableReleaseChannel struct {
+	value *ReleaseChannel
+	isSet bool
+}
+
+func (v NullableReleaseChannel) Get() *ReleaseChannel {
+	return v.value
+}
+
+func (v *NullableReleaseChannel) Set(val *ReleaseChannel) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableReleaseChannel) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableReleaseChannel) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableReleaseChannel(val *ReleaseChannel) *NullableReleaseChannel {
+	return &NullableReleaseChannel{value: val, isSet: true}
+}
+
+func (v NullableReleaseChannel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableReleaseChannel) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_required_enum.go b/okta/model_required_enum.go
new file mode 100644
index 000000000..93fe67748
--- /dev/null
+++ b/okta/model_required_enum.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// RequiredEnum the model 'RequiredEnum'
+type RequiredEnum string
+
+// List of RequiredEnum
+const (
+	REQUIREDENUM_ALWAYS         RequiredEnum = "ALWAYS"
+	REQUIREDENUM_HIGH_RISK_ONLY RequiredEnum = "HIGH_RISK_ONLY"
+	REQUIREDENUM_NEVER          RequiredEnum = "NEVER"
+)
+
+// All allowed values of RequiredEnum enum
+var AllowedRequiredEnumEnumValues = []RequiredEnum{
+	"ALWAYS",
+	"HIGH_RISK_ONLY",
+	"NEVER",
+}
+
+func (v *RequiredEnum) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := RequiredEnum(value)
+	for _, existing := range AllowedRequiredEnumEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid RequiredEnum", value)
+}
+
+// NewRequiredEnumFromValue returns a pointer to a valid RequiredEnum
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewRequiredEnumFromValue(v string) (*RequiredEnum, error) {
+	ev := RequiredEnum(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for RequiredEnum: valid values are %v", v, AllowedRequiredEnumEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v RequiredEnum) IsValid() bool {
+	for _, existing := range AllowedRequiredEnumEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to RequiredEnum value
+func (v RequiredEnum) Ptr() *RequiredEnum {
+	return &v
+}
+
+type NullableRequiredEnum struct {
+	value *RequiredEnum
+	isSet bool
+}
+
+func (v NullableRequiredEnum) Get() *RequiredEnum {
+	return v.value
+}
+
+func (v *NullableRequiredEnum) Set(val *RequiredEnum) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRequiredEnum) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRequiredEnum) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRequiredEnum(val *RequiredEnum) *NullableRequiredEnum {
+	return &NullableRequiredEnum{value: val, isSet: true}
+}
+
+func (v NullableRequiredEnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRequiredEnum) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_reset_password_token.go b/okta/model_reset_password_token.go
new file mode 100644
index 000000000..d7ae90968
--- /dev/null
+++ b/okta/model_reset_password_token.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResetPasswordToken struct for ResetPasswordToken
+type ResetPasswordToken struct {
+	ResetPasswordUrl     *string `json:"resetPasswordUrl,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResetPasswordToken ResetPasswordToken
+
+// NewResetPasswordToken instantiates a new ResetPasswordToken object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResetPasswordToken() *ResetPasswordToken {
+	this := ResetPasswordToken{}
+	return &this
+}
+
+// NewResetPasswordTokenWithDefaults instantiates a new ResetPasswordToken object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResetPasswordTokenWithDefaults() *ResetPasswordToken {
+	this := ResetPasswordToken{}
+	return &this
+}
+
+// GetResetPasswordUrl returns the ResetPasswordUrl field value if set, zero value otherwise.
+func (o *ResetPasswordToken) GetResetPasswordUrl() string {
+	if o == nil || o.ResetPasswordUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.ResetPasswordUrl
+}
+
+// GetResetPasswordUrlOk returns a tuple with the ResetPasswordUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResetPasswordToken) GetResetPasswordUrlOk() (*string, bool) {
+	if o == nil || o.ResetPasswordUrl == nil {
+		return nil, false
+	}
+	return o.ResetPasswordUrl, true
+}
+
+// HasResetPasswordUrl returns a boolean if a field has been set.
+func (o *ResetPasswordToken) HasResetPasswordUrl() bool {
+	if o != nil && o.ResetPasswordUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResetPasswordUrl gets a reference to the given string and assigns it to the ResetPasswordUrl field.
+func (o *ResetPasswordToken) SetResetPasswordUrl(v string) {
+	o.ResetPasswordUrl = &v
+}
+
+func (o ResetPasswordToken) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ResetPasswordUrl != nil {
+		toSerialize["resetPasswordUrl"] = o.ResetPasswordUrl
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResetPasswordToken) UnmarshalJSON(bytes []byte) (err error) {
+	varResetPasswordToken := _ResetPasswordToken{}
+
+	err = json.Unmarshal(bytes, &varResetPasswordToken)
+	if err == nil {
+		*o = ResetPasswordToken(varResetPasswordToken)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "resetPasswordUrl")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResetPasswordToken struct {
+	value *ResetPasswordToken
+	isSet bool
+}
+
+func (v NullableResetPasswordToken) Get() *ResetPasswordToken {
+	return v.value
+}
+
+func (v *NullableResetPasswordToken) Set(val *ResetPasswordToken) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResetPasswordToken) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResetPasswordToken) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResetPasswordToken(val *ResetPasswordToken) *NullableResetPasswordToken {
+	return &NullableResetPasswordToken{value: val, isSet: true}
+}
+
+func (v NullableResetPasswordToken) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResetPasswordToken) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set.go b/okta/model_resource_set.go
new file mode 100644
index 000000000..3851e8006
--- /dev/null
+++ b/okta/model_resource_set.go
@@ -0,0 +1,349 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ResourceSet struct for ResourceSet
+type ResourceSet struct {
+	// Timestamp when the role was created
+	Created *time.Time `json:"created,omitempty"`
+	// Description of the resource set
+	Description *string `json:"description,omitempty"`
+	// Unique key for the role
+	Id *string `json:"id,omitempty"`
+	// Unique label for the resource set
+	Label *string `json:"label,omitempty"`
+	// Timestamp when the role was last updated
+	LastUpdated          *time.Time        `json:"lastUpdated,omitempty"`
+	Links                *ResourceSetLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSet ResourceSet
+
+// NewResourceSet instantiates a new ResourceSet object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSet() *ResourceSet {
+	this := ResourceSet{}
+	return &this
+}
+
+// NewResourceSetWithDefaults instantiates a new ResourceSet object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetWithDefaults() *ResourceSet {
+	this := ResourceSet{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *ResourceSet) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSet) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *ResourceSet) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *ResourceSet) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *ResourceSet) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSet) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *ResourceSet) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *ResourceSet) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ResourceSet) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSet) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ResourceSet) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ResourceSet) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLabel returns the Label field value if set, zero value otherwise.
+func (o *ResourceSet) GetLabel() string {
+	if o == nil || o.Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSet) GetLabelOk() (*string, bool) {
+	if o == nil || o.Label == nil {
+		return nil, false
+	}
+	return o.Label, true
+}
+
+// HasLabel returns a boolean if a field has been set.
+func (o *ResourceSet) HasLabel() bool {
+	if o != nil && o.Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLabel gets a reference to the given string and assigns it to the Label field.
+func (o *ResourceSet) SetLabel(v string) {
+	o.Label = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *ResourceSet) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSet) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *ResourceSet) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *ResourceSet) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSet) GetLinks() ResourceSetLinks {
+	if o == nil || o.Links == nil {
+		var ret ResourceSetLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSet) GetLinksOk() (*ResourceSetLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSet) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ResourceSetLinks and assigns it to the Links field.
+func (o *ResourceSet) SetLinks(v ResourceSetLinks) {
+	o.Links = &v
+}
+
+func (o ResourceSet) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Label != nil {
+		toSerialize["label"] = o.Label
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSet) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSet := _ResourceSet{}
+
+	err = json.Unmarshal(bytes, &varResourceSet)
+	if err == nil {
+		*o = ResourceSet(varResourceSet)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSet struct {
+	value *ResourceSet
+	isSet bool
+}
+
+func (v NullableResourceSet) Get() *ResourceSet {
+	return v.value
+}
+
+func (v *NullableResourceSet) Set(val *ResourceSet) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSet) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSet) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSet(val *ResourceSet) *NullableResourceSet {
+	return &NullableResourceSet{value: val, isSet: true}
+}
+
+func (v NullableResourceSet) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSet) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set__links.go b/okta/model_resource_set__links.go
new file mode 100644
index 000000000..783a8689b
--- /dev/null
+++ b/okta/model_resource_set__links.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetLinks struct for ResourceSetLinks
+type ResourceSetLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Resources            *HrefObject `json:"resources,omitempty"`
+	Bindings             *HrefObject `json:"bindings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetLinks ResourceSetLinks
+
+// NewResourceSetLinks instantiates a new ResourceSetLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetLinks() *ResourceSetLinks {
+	this := ResourceSetLinks{}
+	return &this
+}
+
+// NewResourceSetLinksWithDefaults instantiates a new ResourceSetLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetLinksWithDefaults() *ResourceSetLinks {
+	this := ResourceSetLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *ResourceSetLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *ResourceSetLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *ResourceSetLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetResources returns the Resources field value if set, zero value otherwise.
+func (o *ResourceSetLinks) GetResources() HrefObject {
+	if o == nil || o.Resources == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Resources
+}
+
+// GetResourcesOk returns a tuple with the Resources field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetLinks) GetResourcesOk() (*HrefObject, bool) {
+	if o == nil || o.Resources == nil {
+		return nil, false
+	}
+	return o.Resources, true
+}
+
+// HasResources returns a boolean if a field has been set.
+func (o *ResourceSetLinks) HasResources() bool {
+	if o != nil && o.Resources != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResources gets a reference to the given HrefObject and assigns it to the Resources field.
+func (o *ResourceSetLinks) SetResources(v HrefObject) {
+	o.Resources = &v
+}
+
+// GetBindings returns the Bindings field value if set, zero value otherwise.
+func (o *ResourceSetLinks) GetBindings() HrefObject {
+	if o == nil || o.Bindings == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Bindings
+}
+
+// GetBindingsOk returns a tuple with the Bindings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetLinks) GetBindingsOk() (*HrefObject, bool) {
+	if o == nil || o.Bindings == nil {
+		return nil, false
+	}
+	return o.Bindings, true
+}
+
+// HasBindings returns a boolean if a field has been set.
+func (o *ResourceSetLinks) HasBindings() bool {
+	if o != nil && o.Bindings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBindings gets a reference to the given HrefObject and assigns it to the Bindings field.
+func (o *ResourceSetLinks) SetBindings(v HrefObject) {
+	o.Bindings = &v
+}
+
+func (o ResourceSetLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Resources != nil {
+		toSerialize["resources"] = o.Resources
+	}
+	if o.Bindings != nil {
+		toSerialize["bindings"] = o.Bindings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetLinks := _ResourceSetLinks{}
+
+	err = json.Unmarshal(bytes, &varResourceSetLinks)
+	if err == nil {
+		*o = ResourceSetLinks(varResourceSetLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "resources")
+		delete(additionalProperties, "bindings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetLinks struct {
+	value *ResourceSetLinks
+	isSet bool
+}
+
+func (v NullableResourceSetLinks) Get() *ResourceSetLinks {
+	return v.value
+}
+
+func (v *NullableResourceSetLinks) Set(val *ResourceSetLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetLinks(val *ResourceSetLinks) *NullableResourceSetLinks {
+	return &NullableResourceSetLinks{value: val, isSet: true}
+}
+
+func (v NullableResourceSetLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_add_members_request.go b/okta/model_resource_set_binding_add_members_request.go
new file mode 100644
index 000000000..9f4454a84
--- /dev/null
+++ b/okta/model_resource_set_binding_add_members_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingAddMembersRequest struct for ResourceSetBindingAddMembersRequest
+type ResourceSetBindingAddMembersRequest struct {
+	Additions            []string `json:"additions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingAddMembersRequest ResourceSetBindingAddMembersRequest
+
+// NewResourceSetBindingAddMembersRequest instantiates a new ResourceSetBindingAddMembersRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingAddMembersRequest() *ResourceSetBindingAddMembersRequest {
+	this := ResourceSetBindingAddMembersRequest{}
+	return &this
+}
+
+// NewResourceSetBindingAddMembersRequestWithDefaults instantiates a new ResourceSetBindingAddMembersRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingAddMembersRequestWithDefaults() *ResourceSetBindingAddMembersRequest {
+	this := ResourceSetBindingAddMembersRequest{}
+	return &this
+}
+
+// GetAdditions returns the Additions field value if set, zero value otherwise.
+func (o *ResourceSetBindingAddMembersRequest) GetAdditions() []string {
+	if o == nil || o.Additions == nil {
+		var ret []string
+		return ret
+	}
+	return o.Additions
+}
+
+// GetAdditionsOk returns a tuple with the Additions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingAddMembersRequest) GetAdditionsOk() ([]string, bool) {
+	if o == nil || o.Additions == nil {
+		return nil, false
+	}
+	return o.Additions, true
+}
+
+// HasAdditions returns a boolean if a field has been set.
+func (o *ResourceSetBindingAddMembersRequest) HasAdditions() bool {
+	if o != nil && o.Additions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAdditions gets a reference to the given []string and assigns it to the Additions field.
+func (o *ResourceSetBindingAddMembersRequest) SetAdditions(v []string) {
+	o.Additions = v
+}
+
+func (o ResourceSetBindingAddMembersRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Additions != nil {
+		toSerialize["additions"] = o.Additions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingAddMembersRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingAddMembersRequest := _ResourceSetBindingAddMembersRequest{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingAddMembersRequest)
+	if err == nil {
+		*o = ResourceSetBindingAddMembersRequest(varResourceSetBindingAddMembersRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "additions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingAddMembersRequest struct {
+	value *ResourceSetBindingAddMembersRequest
+	isSet bool
+}
+
+func (v NullableResourceSetBindingAddMembersRequest) Get() *ResourceSetBindingAddMembersRequest {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingAddMembersRequest) Set(val *ResourceSetBindingAddMembersRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingAddMembersRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingAddMembersRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingAddMembersRequest(val *ResourceSetBindingAddMembersRequest) *NullableResourceSetBindingAddMembersRequest {
+	return &NullableResourceSetBindingAddMembersRequest{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingAddMembersRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingAddMembersRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_create_request.go b/okta/model_resource_set_binding_create_request.go
new file mode 100644
index 000000000..2af1e628a
--- /dev/null
+++ b/okta/model_resource_set_binding_create_request.go
@@ -0,0 +1,196 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingCreateRequest struct for ResourceSetBindingCreateRequest
+type ResourceSetBindingCreateRequest struct {
+	Members []string `json:"members,omitempty"`
+	// Unique key for the role
+	Role                 *string `json:"role,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingCreateRequest ResourceSetBindingCreateRequest
+
+// NewResourceSetBindingCreateRequest instantiates a new ResourceSetBindingCreateRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingCreateRequest() *ResourceSetBindingCreateRequest {
+	this := ResourceSetBindingCreateRequest{}
+	return &this
+}
+
+// NewResourceSetBindingCreateRequestWithDefaults instantiates a new ResourceSetBindingCreateRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingCreateRequestWithDefaults() *ResourceSetBindingCreateRequest {
+	this := ResourceSetBindingCreateRequest{}
+	return &this
+}
+
+// GetMembers returns the Members field value if set, zero value otherwise.
+func (o *ResourceSetBindingCreateRequest) GetMembers() []string {
+	if o == nil || o.Members == nil {
+		var ret []string
+		return ret
+	}
+	return o.Members
+}
+
+// GetMembersOk returns a tuple with the Members field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingCreateRequest) GetMembersOk() ([]string, bool) {
+	if o == nil || o.Members == nil {
+		return nil, false
+	}
+	return o.Members, true
+}
+
+// HasMembers returns a boolean if a field has been set.
+func (o *ResourceSetBindingCreateRequest) HasMembers() bool {
+	if o != nil && o.Members != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMembers gets a reference to the given []string and assigns it to the Members field.
+func (o *ResourceSetBindingCreateRequest) SetMembers(v []string) {
+	o.Members = v
+}
+
+// GetRole returns the Role field value if set, zero value otherwise.
+func (o *ResourceSetBindingCreateRequest) GetRole() string {
+	if o == nil || o.Role == nil {
+		var ret string
+		return ret
+	}
+	return *o.Role
+}
+
+// GetRoleOk returns a tuple with the Role field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingCreateRequest) GetRoleOk() (*string, bool) {
+	if o == nil || o.Role == nil {
+		return nil, false
+	}
+	return o.Role, true
+}
+
+// HasRole returns a boolean if a field has been set.
+func (o *ResourceSetBindingCreateRequest) HasRole() bool {
+	if o != nil && o.Role != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRole gets a reference to the given string and assigns it to the Role field.
+func (o *ResourceSetBindingCreateRequest) SetRole(v string) {
+	o.Role = &v
+}
+
+func (o ResourceSetBindingCreateRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Members != nil {
+		toSerialize["members"] = o.Members
+	}
+	if o.Role != nil {
+		toSerialize["role"] = o.Role
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingCreateRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingCreateRequest := _ResourceSetBindingCreateRequest{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingCreateRequest)
+	if err == nil {
+		*o = ResourceSetBindingCreateRequest(varResourceSetBindingCreateRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "members")
+		delete(additionalProperties, "role")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingCreateRequest struct {
+	value *ResourceSetBindingCreateRequest
+	isSet bool
+}
+
+func (v NullableResourceSetBindingCreateRequest) Get() *ResourceSetBindingCreateRequest {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingCreateRequest) Set(val *ResourceSetBindingCreateRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingCreateRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingCreateRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingCreateRequest(val *ResourceSetBindingCreateRequest) *NullableResourceSetBindingCreateRequest {
+	return &NullableResourceSetBindingCreateRequest{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingCreateRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingCreateRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_member.go b/okta/model_resource_set_binding_member.go
new file mode 100644
index 000000000..afc4c3687
--- /dev/null
+++ b/okta/model_resource_set_binding_member.go
@@ -0,0 +1,273 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ResourceSetBindingMember struct for ResourceSetBindingMember
+type ResourceSetBindingMember struct {
+	// Timestamp when the role was created
+	Created *time.Time `json:"created,omitempty"`
+	// Unique key for the role
+	Id *string `json:"id,omitempty"`
+	// Timestamp when the role was last updated
+	LastUpdated          *time.Time    `json:"lastUpdated,omitempty"`
+	Links                *ApiTokenLink `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingMember ResourceSetBindingMember
+
+// NewResourceSetBindingMember instantiates a new ResourceSetBindingMember object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingMember() *ResourceSetBindingMember {
+	this := ResourceSetBindingMember{}
+	return &this
+}
+
+// NewResourceSetBindingMemberWithDefaults instantiates a new ResourceSetBindingMember object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingMemberWithDefaults() *ResourceSetBindingMember {
+	this := ResourceSetBindingMember{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *ResourceSetBindingMember) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMember) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *ResourceSetBindingMember) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *ResourceSetBindingMember) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ResourceSetBindingMember) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMember) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ResourceSetBindingMember) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ResourceSetBindingMember) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *ResourceSetBindingMember) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMember) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *ResourceSetBindingMember) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *ResourceSetBindingMember) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSetBindingMember) GetLinks() ApiTokenLink {
+	if o == nil || o.Links == nil {
+		var ret ApiTokenLink
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMember) GetLinksOk() (*ApiTokenLink, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSetBindingMember) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ApiTokenLink and assigns it to the Links field.
+func (o *ResourceSetBindingMember) SetLinks(v ApiTokenLink) {
+	o.Links = &v
+}
+
+func (o ResourceSetBindingMember) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingMember) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingMember := _ResourceSetBindingMember{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingMember)
+	if err == nil {
+		*o = ResourceSetBindingMember(varResourceSetBindingMember)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingMember struct {
+	value *ResourceSetBindingMember
+	isSet bool
+}
+
+func (v NullableResourceSetBindingMember) Get() *ResourceSetBindingMember {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingMember) Set(val *ResourceSetBindingMember) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingMember) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingMember) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingMember(val *ResourceSetBindingMember) *NullableResourceSetBindingMember {
+	return &NullableResourceSetBindingMember{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingMember) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingMember) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_members.go b/okta/model_resource_set_binding_members.go
new file mode 100644
index 000000000..5bd7111ef
--- /dev/null
+++ b/okta/model_resource_set_binding_members.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingMembers struct for ResourceSetBindingMembers
+type ResourceSetBindingMembers struct {
+	Members              []ResourceSetBindingMember      `json:"members,omitempty"`
+	Links                *ResourceSetBindingMembersLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingMembers ResourceSetBindingMembers
+
+// NewResourceSetBindingMembers instantiates a new ResourceSetBindingMembers object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingMembers() *ResourceSetBindingMembers {
+	this := ResourceSetBindingMembers{}
+	return &this
+}
+
+// NewResourceSetBindingMembersWithDefaults instantiates a new ResourceSetBindingMembers object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingMembersWithDefaults() *ResourceSetBindingMembers {
+	this := ResourceSetBindingMembers{}
+	return &this
+}
+
+// GetMembers returns the Members field value if set, zero value otherwise.
+func (o *ResourceSetBindingMembers) GetMembers() []ResourceSetBindingMember {
+	if o == nil || o.Members == nil {
+		var ret []ResourceSetBindingMember
+		return ret
+	}
+	return o.Members
+}
+
+// GetMembersOk returns a tuple with the Members field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMembers) GetMembersOk() ([]ResourceSetBindingMember, bool) {
+	if o == nil || o.Members == nil {
+		return nil, false
+	}
+	return o.Members, true
+}
+
+// HasMembers returns a boolean if a field has been set.
+func (o *ResourceSetBindingMembers) HasMembers() bool {
+	if o != nil && o.Members != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMembers gets a reference to the given []ResourceSetBindingMember and assigns it to the Members field.
+func (o *ResourceSetBindingMembers) SetMembers(v []ResourceSetBindingMember) {
+	o.Members = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSetBindingMembers) GetLinks() ResourceSetBindingMembersLinks {
+	if o == nil || o.Links == nil {
+		var ret ResourceSetBindingMembersLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMembers) GetLinksOk() (*ResourceSetBindingMembersLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSetBindingMembers) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ResourceSetBindingMembersLinks and assigns it to the Links field.
+func (o *ResourceSetBindingMembers) SetLinks(v ResourceSetBindingMembersLinks) {
+	o.Links = &v
+}
+
+func (o ResourceSetBindingMembers) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Members != nil {
+		toSerialize["members"] = o.Members
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingMembers) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingMembers := _ResourceSetBindingMembers{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingMembers)
+	if err == nil {
+		*o = ResourceSetBindingMembers(varResourceSetBindingMembers)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "members")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingMembers struct {
+	value *ResourceSetBindingMembers
+	isSet bool
+}
+
+func (v NullableResourceSetBindingMembers) Get() *ResourceSetBindingMembers {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingMembers) Set(val *ResourceSetBindingMembers) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingMembers) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingMembers) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingMembers(val *ResourceSetBindingMembers) *NullableResourceSetBindingMembers {
+	return &NullableResourceSetBindingMembers{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingMembers) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingMembers) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_members__links.go b/okta/model_resource_set_binding_members__links.go
new file mode 100644
index 000000000..2aada4f68
--- /dev/null
+++ b/okta/model_resource_set_binding_members__links.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingMembersLinks struct for ResourceSetBindingMembersLinks
+type ResourceSetBindingMembersLinks struct {
+	Binding              *HrefObject `json:"binding,omitempty"`
+	Next                 *HrefObject `json:"next,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingMembersLinks ResourceSetBindingMembersLinks
+
+// NewResourceSetBindingMembersLinks instantiates a new ResourceSetBindingMembersLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingMembersLinks() *ResourceSetBindingMembersLinks {
+	this := ResourceSetBindingMembersLinks{}
+	return &this
+}
+
+// NewResourceSetBindingMembersLinksWithDefaults instantiates a new ResourceSetBindingMembersLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingMembersLinksWithDefaults() *ResourceSetBindingMembersLinks {
+	this := ResourceSetBindingMembersLinks{}
+	return &this
+}
+
+// GetBinding returns the Binding field value if set, zero value otherwise.
+func (o *ResourceSetBindingMembersLinks) GetBinding() HrefObject {
+	if o == nil || o.Binding == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Binding
+}
+
+// GetBindingOk returns a tuple with the Binding field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMembersLinks) GetBindingOk() (*HrefObject, bool) {
+	if o == nil || o.Binding == nil {
+		return nil, false
+	}
+	return o.Binding, true
+}
+
+// HasBinding returns a boolean if a field has been set.
+func (o *ResourceSetBindingMembersLinks) HasBinding() bool {
+	if o != nil && o.Binding != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBinding gets a reference to the given HrefObject and assigns it to the Binding field.
+func (o *ResourceSetBindingMembersLinks) SetBinding(v HrefObject) {
+	o.Binding = &v
+}
+
+// GetNext returns the Next field value if set, zero value otherwise.
+func (o *ResourceSetBindingMembersLinks) GetNext() HrefObject {
+	if o == nil || o.Next == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Next
+}
+
+// GetNextOk returns a tuple with the Next field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingMembersLinks) GetNextOk() (*HrefObject, bool) {
+	if o == nil || o.Next == nil {
+		return nil, false
+	}
+	return o.Next, true
+}
+
+// HasNext returns a boolean if a field has been set.
+func (o *ResourceSetBindingMembersLinks) HasNext() bool {
+	if o != nil && o.Next != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNext gets a reference to the given HrefObject and assigns it to the Next field.
+func (o *ResourceSetBindingMembersLinks) SetNext(v HrefObject) {
+	o.Next = &v
+}
+
+func (o ResourceSetBindingMembersLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Binding != nil {
+		toSerialize["binding"] = o.Binding
+	}
+	if o.Next != nil {
+		toSerialize["next"] = o.Next
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingMembersLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingMembersLinks := _ResourceSetBindingMembersLinks{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingMembersLinks)
+	if err == nil {
+		*o = ResourceSetBindingMembersLinks(varResourceSetBindingMembersLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "binding")
+		delete(additionalProperties, "next")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingMembersLinks struct {
+	value *ResourceSetBindingMembersLinks
+	isSet bool
+}
+
+func (v NullableResourceSetBindingMembersLinks) Get() *ResourceSetBindingMembersLinks {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingMembersLinks) Set(val *ResourceSetBindingMembersLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingMembersLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingMembersLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingMembersLinks(val *ResourceSetBindingMembersLinks) *NullableResourceSetBindingMembersLinks {
+	return &NullableResourceSetBindingMembersLinks{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingMembersLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingMembersLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_response.go b/okta/model_resource_set_binding_response.go
new file mode 100644
index 000000000..d71d7f1ce
--- /dev/null
+++ b/okta/model_resource_set_binding_response.go
@@ -0,0 +1,196 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingResponse struct for ResourceSetBindingResponse
+type ResourceSetBindingResponse struct {
+	// `id` of the role
+	Id                   *string                          `json:"id,omitempty"`
+	Links                *ResourceSetBindingResponseLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingResponse ResourceSetBindingResponse
+
+// NewResourceSetBindingResponse instantiates a new ResourceSetBindingResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingResponse() *ResourceSetBindingResponse {
+	this := ResourceSetBindingResponse{}
+	return &this
+}
+
+// NewResourceSetBindingResponseWithDefaults instantiates a new ResourceSetBindingResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingResponseWithDefaults() *ResourceSetBindingResponse {
+	this := ResourceSetBindingResponse{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ResourceSetBindingResponse) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingResponse) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ResourceSetBindingResponse) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ResourceSetBindingResponse) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSetBindingResponse) GetLinks() ResourceSetBindingResponseLinks {
+	if o == nil || o.Links == nil {
+		var ret ResourceSetBindingResponseLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingResponse) GetLinksOk() (*ResourceSetBindingResponseLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSetBindingResponse) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ResourceSetBindingResponseLinks and assigns it to the Links field.
+func (o *ResourceSetBindingResponse) SetLinks(v ResourceSetBindingResponseLinks) {
+	o.Links = &v
+}
+
+func (o ResourceSetBindingResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingResponse := _ResourceSetBindingResponse{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingResponse)
+	if err == nil {
+		*o = ResourceSetBindingResponse(varResourceSetBindingResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingResponse struct {
+	value *ResourceSetBindingResponse
+	isSet bool
+}
+
+func (v NullableResourceSetBindingResponse) Get() *ResourceSetBindingResponse {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingResponse) Set(val *ResourceSetBindingResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingResponse(val *ResourceSetBindingResponse) *NullableResourceSetBindingResponse {
+	return &NullableResourceSetBindingResponse{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_response__links.go b/okta/model_resource_set_binding_response__links.go
new file mode 100644
index 000000000..01c70744e
--- /dev/null
+++ b/okta/model_resource_set_binding_response__links.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingResponseLinks struct for ResourceSetBindingResponseLinks
+type ResourceSetBindingResponseLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Bindings             *HrefObject `json:"bindings,omitempty"`
+	ResourceSet          *HrefObject `json:"resource-set,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingResponseLinks ResourceSetBindingResponseLinks
+
+// NewResourceSetBindingResponseLinks instantiates a new ResourceSetBindingResponseLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingResponseLinks() *ResourceSetBindingResponseLinks {
+	this := ResourceSetBindingResponseLinks{}
+	return &this
+}
+
+// NewResourceSetBindingResponseLinksWithDefaults instantiates a new ResourceSetBindingResponseLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingResponseLinksWithDefaults() *ResourceSetBindingResponseLinks {
+	this := ResourceSetBindingResponseLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *ResourceSetBindingResponseLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingResponseLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *ResourceSetBindingResponseLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *ResourceSetBindingResponseLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetBindings returns the Bindings field value if set, zero value otherwise.
+func (o *ResourceSetBindingResponseLinks) GetBindings() HrefObject {
+	if o == nil || o.Bindings == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Bindings
+}
+
+// GetBindingsOk returns a tuple with the Bindings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingResponseLinks) GetBindingsOk() (*HrefObject, bool) {
+	if o == nil || o.Bindings == nil {
+		return nil, false
+	}
+	return o.Bindings, true
+}
+
+// HasBindings returns a boolean if a field has been set.
+func (o *ResourceSetBindingResponseLinks) HasBindings() bool {
+	if o != nil && o.Bindings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBindings gets a reference to the given HrefObject and assigns it to the Bindings field.
+func (o *ResourceSetBindingResponseLinks) SetBindings(v HrefObject) {
+	o.Bindings = &v
+}
+
+// GetResourceSet returns the ResourceSet field value if set, zero value otherwise.
+func (o *ResourceSetBindingResponseLinks) GetResourceSet() HrefObject {
+	if o == nil || o.ResourceSet == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.ResourceSet
+}
+
+// GetResourceSetOk returns a tuple with the ResourceSet field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingResponseLinks) GetResourceSetOk() (*HrefObject, bool) {
+	if o == nil || o.ResourceSet == nil {
+		return nil, false
+	}
+	return o.ResourceSet, true
+}
+
+// HasResourceSet returns a boolean if a field has been set.
+func (o *ResourceSetBindingResponseLinks) HasResourceSet() bool {
+	if o != nil && o.ResourceSet != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResourceSet gets a reference to the given HrefObject and assigns it to the ResourceSet field.
+func (o *ResourceSetBindingResponseLinks) SetResourceSet(v HrefObject) {
+	o.ResourceSet = &v
+}
+
+func (o ResourceSetBindingResponseLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Bindings != nil {
+		toSerialize["bindings"] = o.Bindings
+	}
+	if o.ResourceSet != nil {
+		toSerialize["resource-set"] = o.ResourceSet
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingResponseLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingResponseLinks := _ResourceSetBindingResponseLinks{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingResponseLinks)
+	if err == nil {
+		*o = ResourceSetBindingResponseLinks(varResourceSetBindingResponseLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "bindings")
+		delete(additionalProperties, "resource-set")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingResponseLinks struct {
+	value *ResourceSetBindingResponseLinks
+	isSet bool
+}
+
+func (v NullableResourceSetBindingResponseLinks) Get() *ResourceSetBindingResponseLinks {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingResponseLinks) Set(val *ResourceSetBindingResponseLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingResponseLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingResponseLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingResponseLinks(val *ResourceSetBindingResponseLinks) *NullableResourceSetBindingResponseLinks {
+	return &NullableResourceSetBindingResponseLinks{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingResponseLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingResponseLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_role.go b/okta/model_resource_set_binding_role.go
new file mode 100644
index 000000000..78d207e0b
--- /dev/null
+++ b/okta/model_resource_set_binding_role.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingRole struct for ResourceSetBindingRole
+type ResourceSetBindingRole struct {
+	Id                   *string                      `json:"id,omitempty"`
+	Links                *ResourceSetBindingRoleLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingRole ResourceSetBindingRole
+
+// NewResourceSetBindingRole instantiates a new ResourceSetBindingRole object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingRole() *ResourceSetBindingRole {
+	this := ResourceSetBindingRole{}
+	return &this
+}
+
+// NewResourceSetBindingRoleWithDefaults instantiates a new ResourceSetBindingRole object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingRoleWithDefaults() *ResourceSetBindingRole {
+	this := ResourceSetBindingRole{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ResourceSetBindingRole) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingRole) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ResourceSetBindingRole) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ResourceSetBindingRole) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSetBindingRole) GetLinks() ResourceSetBindingRoleLinks {
+	if o == nil || o.Links == nil {
+		var ret ResourceSetBindingRoleLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingRole) GetLinksOk() (*ResourceSetBindingRoleLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSetBindingRole) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ResourceSetBindingRoleLinks and assigns it to the Links field.
+func (o *ResourceSetBindingRole) SetLinks(v ResourceSetBindingRoleLinks) {
+	o.Links = &v
+}
+
+func (o ResourceSetBindingRole) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingRole) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingRole := _ResourceSetBindingRole{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingRole)
+	if err == nil {
+		*o = ResourceSetBindingRole(varResourceSetBindingRole)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingRole struct {
+	value *ResourceSetBindingRole
+	isSet bool
+}
+
+func (v NullableResourceSetBindingRole) Get() *ResourceSetBindingRole {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingRole) Set(val *ResourceSetBindingRole) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingRole) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingRole) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingRole(val *ResourceSetBindingRole) *NullableResourceSetBindingRole {
+	return &NullableResourceSetBindingRole{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingRole) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingRole) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_binding_role__links.go b/okta/model_resource_set_binding_role__links.go
new file mode 100644
index 000000000..d14b0d1e9
--- /dev/null
+++ b/okta/model_resource_set_binding_role__links.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindingRoleLinks struct for ResourceSetBindingRoleLinks
+type ResourceSetBindingRoleLinks struct {
+	Self                 *HrefObject `json:"self,omitempty"`
+	Members              *HrefObject `json:"members,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindingRoleLinks ResourceSetBindingRoleLinks
+
+// NewResourceSetBindingRoleLinks instantiates a new ResourceSetBindingRoleLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindingRoleLinks() *ResourceSetBindingRoleLinks {
+	this := ResourceSetBindingRoleLinks{}
+	return &this
+}
+
+// NewResourceSetBindingRoleLinksWithDefaults instantiates a new ResourceSetBindingRoleLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingRoleLinksWithDefaults() *ResourceSetBindingRoleLinks {
+	this := ResourceSetBindingRoleLinks{}
+	return &this
+}
+
+// GetSelf returns the Self field value if set, zero value otherwise.
+func (o *ResourceSetBindingRoleLinks) GetSelf() HrefObject {
+	if o == nil || o.Self == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Self
+}
+
+// GetSelfOk returns a tuple with the Self field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingRoleLinks) GetSelfOk() (*HrefObject, bool) {
+	if o == nil || o.Self == nil {
+		return nil, false
+	}
+	return o.Self, true
+}
+
+// HasSelf returns a boolean if a field has been set.
+func (o *ResourceSetBindingRoleLinks) HasSelf() bool {
+	if o != nil && o.Self != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSelf gets a reference to the given HrefObject and assigns it to the Self field.
+func (o *ResourceSetBindingRoleLinks) SetSelf(v HrefObject) {
+	o.Self = &v
+}
+
+// GetMembers returns the Members field value if set, zero value otherwise.
+func (o *ResourceSetBindingRoleLinks) GetMembers() HrefObject {
+	if o == nil || o.Members == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Members
+}
+
+// GetMembersOk returns a tuple with the Members field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindingRoleLinks) GetMembersOk() (*HrefObject, bool) {
+	if o == nil || o.Members == nil {
+		return nil, false
+	}
+	return o.Members, true
+}
+
+// HasMembers returns a boolean if a field has been set.
+func (o *ResourceSetBindingRoleLinks) HasMembers() bool {
+	if o != nil && o.Members != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMembers gets a reference to the given HrefObject and assigns it to the Members field.
+func (o *ResourceSetBindingRoleLinks) SetMembers(v HrefObject) {
+	o.Members = &v
+}
+
+func (o ResourceSetBindingRoleLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Self != nil {
+		toSerialize["self"] = o.Self
+	}
+	if o.Members != nil {
+		toSerialize["members"] = o.Members
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindingRoleLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindingRoleLinks := _ResourceSetBindingRoleLinks{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindingRoleLinks)
+	if err == nil {
+		*o = ResourceSetBindingRoleLinks(varResourceSetBindingRoleLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "self")
+		delete(additionalProperties, "members")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindingRoleLinks struct {
+	value *ResourceSetBindingRoleLinks
+	isSet bool
+}
+
+func (v NullableResourceSetBindingRoleLinks) Get() *ResourceSetBindingRoleLinks {
+	return v.value
+}
+
+func (v *NullableResourceSetBindingRoleLinks) Set(val *ResourceSetBindingRoleLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindingRoleLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindingRoleLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindingRoleLinks(val *ResourceSetBindingRoleLinks) *NullableResourceSetBindingRoleLinks {
+	return &NullableResourceSetBindingRoleLinks{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindingRoleLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindingRoleLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_bindings.go b/okta/model_resource_set_bindings.go
new file mode 100644
index 000000000..0f72726d6
--- /dev/null
+++ b/okta/model_resource_set_bindings.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetBindings struct for ResourceSetBindings
+type ResourceSetBindings struct {
+	Roles                []ResourceSetBindingRole         `json:"roles,omitempty"`
+	Links                *ResourceSetBindingResponseLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetBindings ResourceSetBindings
+
+// NewResourceSetBindings instantiates a new ResourceSetBindings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetBindings() *ResourceSetBindings {
+	this := ResourceSetBindings{}
+	return &this
+}
+
+// NewResourceSetBindingsWithDefaults instantiates a new ResourceSetBindings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetBindingsWithDefaults() *ResourceSetBindings {
+	this := ResourceSetBindings{}
+	return &this
+}
+
+// GetRoles returns the Roles field value if set, zero value otherwise.
+func (o *ResourceSetBindings) GetRoles() []ResourceSetBindingRole {
+	if o == nil || o.Roles == nil {
+		var ret []ResourceSetBindingRole
+		return ret
+	}
+	return o.Roles
+}
+
+// GetRolesOk returns a tuple with the Roles field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindings) GetRolesOk() ([]ResourceSetBindingRole, bool) {
+	if o == nil || o.Roles == nil {
+		return nil, false
+	}
+	return o.Roles, true
+}
+
+// HasRoles returns a boolean if a field has been set.
+func (o *ResourceSetBindings) HasRoles() bool {
+	if o != nil && o.Roles != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRoles gets a reference to the given []ResourceSetBindingRole and assigns it to the Roles field.
+func (o *ResourceSetBindings) SetRoles(v []ResourceSetBindingRole) {
+	o.Roles = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSetBindings) GetLinks() ResourceSetBindingResponseLinks {
+	if o == nil || o.Links == nil {
+		var ret ResourceSetBindingResponseLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetBindings) GetLinksOk() (*ResourceSetBindingResponseLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSetBindings) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ResourceSetBindingResponseLinks and assigns it to the Links field.
+func (o *ResourceSetBindings) SetLinks(v ResourceSetBindingResponseLinks) {
+	o.Links = &v
+}
+
+func (o ResourceSetBindings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Roles != nil {
+		toSerialize["roles"] = o.Roles
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetBindings) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetBindings := _ResourceSetBindings{}
+
+	err = json.Unmarshal(bytes, &varResourceSetBindings)
+	if err == nil {
+		*o = ResourceSetBindings(varResourceSetBindings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "roles")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetBindings struct {
+	value *ResourceSetBindings
+	isSet bool
+}
+
+func (v NullableResourceSetBindings) Get() *ResourceSetBindings {
+	return v.value
+}
+
+func (v *NullableResourceSetBindings) Set(val *ResourceSetBindings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetBindings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetBindings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetBindings(val *ResourceSetBindings) *NullableResourceSetBindings {
+	return &NullableResourceSetBindings{value: val, isSet: true}
+}
+
+func (v NullableResourceSetBindings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetBindings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_resource.go b/okta/model_resource_set_resource.go
new file mode 100644
index 000000000..ae5949a65
--- /dev/null
+++ b/okta/model_resource_set_resource.go
@@ -0,0 +1,311 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ResourceSetResource struct for ResourceSetResource
+type ResourceSetResource struct {
+	// Timestamp when the role was created
+	Created *time.Time `json:"created,omitempty"`
+	// Description of the resource set
+	Description *string `json:"description,omitempty"`
+	// Unique key for the role
+	Id *string `json:"id,omitempty"`
+	// Timestamp when the role was last updated
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetResource ResourceSetResource
+
+// NewResourceSetResource instantiates a new ResourceSetResource object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetResource() *ResourceSetResource {
+	this := ResourceSetResource{}
+	return &this
+}
+
+// NewResourceSetResourceWithDefaults instantiates a new ResourceSetResource object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetResourceWithDefaults() *ResourceSetResource {
+	this := ResourceSetResource{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *ResourceSetResource) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResource) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *ResourceSetResource) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *ResourceSetResource) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *ResourceSetResource) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResource) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *ResourceSetResource) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *ResourceSetResource) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ResourceSetResource) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResource) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ResourceSetResource) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ResourceSetResource) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *ResourceSetResource) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResource) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *ResourceSetResource) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *ResourceSetResource) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSetResource) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResource) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSetResource) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ResourceSetResource) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ResourceSetResource) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetResource) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetResource := _ResourceSetResource{}
+
+	err = json.Unmarshal(bytes, &varResourceSetResource)
+	if err == nil {
+		*o = ResourceSetResource(varResourceSetResource)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetResource struct {
+	value *ResourceSetResource
+	isSet bool
+}
+
+func (v NullableResourceSetResource) Get() *ResourceSetResource {
+	return v.value
+}
+
+func (v *NullableResourceSetResource) Set(val *ResourceSetResource) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetResource) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetResource) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetResource(val *ResourceSetResource) *NullableResourceSetResource {
+	return &NullableResourceSetResource{value: val, isSet: true}
+}
+
+func (v NullableResourceSetResource) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetResource) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_resource_patch_request.go b/okta/model_resource_set_resource_patch_request.go
new file mode 100644
index 000000000..315a2bf01
--- /dev/null
+++ b/okta/model_resource_set_resource_patch_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetResourcePatchRequest struct for ResourceSetResourcePatchRequest
+type ResourceSetResourcePatchRequest struct {
+	Additions            []string `json:"additions,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetResourcePatchRequest ResourceSetResourcePatchRequest
+
+// NewResourceSetResourcePatchRequest instantiates a new ResourceSetResourcePatchRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetResourcePatchRequest() *ResourceSetResourcePatchRequest {
+	this := ResourceSetResourcePatchRequest{}
+	return &this
+}
+
+// NewResourceSetResourcePatchRequestWithDefaults instantiates a new ResourceSetResourcePatchRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetResourcePatchRequestWithDefaults() *ResourceSetResourcePatchRequest {
+	this := ResourceSetResourcePatchRequest{}
+	return &this
+}
+
+// GetAdditions returns the Additions field value if set, zero value otherwise.
+func (o *ResourceSetResourcePatchRequest) GetAdditions() []string {
+	if o == nil || o.Additions == nil {
+		var ret []string
+		return ret
+	}
+	return o.Additions
+}
+
+// GetAdditionsOk returns a tuple with the Additions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResourcePatchRequest) GetAdditionsOk() ([]string, bool) {
+	if o == nil || o.Additions == nil {
+		return nil, false
+	}
+	return o.Additions, true
+}
+
+// HasAdditions returns a boolean if a field has been set.
+func (o *ResourceSetResourcePatchRequest) HasAdditions() bool {
+	if o != nil && o.Additions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAdditions gets a reference to the given []string and assigns it to the Additions field.
+func (o *ResourceSetResourcePatchRequest) SetAdditions(v []string) {
+	o.Additions = v
+}
+
+func (o ResourceSetResourcePatchRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Additions != nil {
+		toSerialize["additions"] = o.Additions
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetResourcePatchRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetResourcePatchRequest := _ResourceSetResourcePatchRequest{}
+
+	err = json.Unmarshal(bytes, &varResourceSetResourcePatchRequest)
+	if err == nil {
+		*o = ResourceSetResourcePatchRequest(varResourceSetResourcePatchRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "additions")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetResourcePatchRequest struct {
+	value *ResourceSetResourcePatchRequest
+	isSet bool
+}
+
+func (v NullableResourceSetResourcePatchRequest) Get() *ResourceSetResourcePatchRequest {
+	return v.value
+}
+
+func (v *NullableResourceSetResourcePatchRequest) Set(val *ResourceSetResourcePatchRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetResourcePatchRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetResourcePatchRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetResourcePatchRequest(val *ResourceSetResourcePatchRequest) *NullableResourceSetResourcePatchRequest {
+	return &NullableResourceSetResourcePatchRequest{value: val, isSet: true}
+}
+
+func (v NullableResourceSetResourcePatchRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetResourcePatchRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_resources.go b/okta/model_resource_set_resources.go
new file mode 100644
index 000000000..60539d914
--- /dev/null
+++ b/okta/model_resource_set_resources.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetResources struct for ResourceSetResources
+type ResourceSetResources struct {
+	Resources            []ResourceSetResource      `json:"resources,omitempty"`
+	Links                *ResourceSetResourcesLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetResources ResourceSetResources
+
+// NewResourceSetResources instantiates a new ResourceSetResources object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetResources() *ResourceSetResources {
+	this := ResourceSetResources{}
+	return &this
+}
+
+// NewResourceSetResourcesWithDefaults instantiates a new ResourceSetResources object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetResourcesWithDefaults() *ResourceSetResources {
+	this := ResourceSetResources{}
+	return &this
+}
+
+// GetResources returns the Resources field value if set, zero value otherwise.
+func (o *ResourceSetResources) GetResources() []ResourceSetResource {
+	if o == nil || o.Resources == nil {
+		var ret []ResourceSetResource
+		return ret
+	}
+	return o.Resources
+}
+
+// GetResourcesOk returns a tuple with the Resources field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResources) GetResourcesOk() ([]ResourceSetResource, bool) {
+	if o == nil || o.Resources == nil {
+		return nil, false
+	}
+	return o.Resources, true
+}
+
+// HasResources returns a boolean if a field has been set.
+func (o *ResourceSetResources) HasResources() bool {
+	if o != nil && o.Resources != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResources gets a reference to the given []ResourceSetResource and assigns it to the Resources field.
+func (o *ResourceSetResources) SetResources(v []ResourceSetResource) {
+	o.Resources = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSetResources) GetLinks() ResourceSetResourcesLinks {
+	if o == nil || o.Links == nil {
+		var ret ResourceSetResourcesLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResources) GetLinksOk() (*ResourceSetResourcesLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSetResources) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ResourceSetResourcesLinks and assigns it to the Links field.
+func (o *ResourceSetResources) SetLinks(v ResourceSetResourcesLinks) {
+	o.Links = &v
+}
+
+func (o ResourceSetResources) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Resources != nil {
+		toSerialize["resources"] = o.Resources
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetResources) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetResources := _ResourceSetResources{}
+
+	err = json.Unmarshal(bytes, &varResourceSetResources)
+	if err == nil {
+		*o = ResourceSetResources(varResourceSetResources)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "resources")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetResources struct {
+	value *ResourceSetResources
+	isSet bool
+}
+
+func (v NullableResourceSetResources) Get() *ResourceSetResources {
+	return v.value
+}
+
+func (v *NullableResourceSetResources) Set(val *ResourceSetResources) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetResources) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetResources) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetResources(val *ResourceSetResources) *NullableResourceSetResources {
+	return &NullableResourceSetResources{value: val, isSet: true}
+}
+
+func (v NullableResourceSetResources) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetResources) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_set_resources__links.go b/okta/model_resource_set_resources__links.go
new file mode 100644
index 000000000..5507a3140
--- /dev/null
+++ b/okta/model_resource_set_resources__links.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSetResourcesLinks struct for ResourceSetResourcesLinks
+type ResourceSetResourcesLinks struct {
+	Next                 *HrefObject `json:"next,omitempty"`
+	ResourceSet          *HrefObject `json:"resource-set,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSetResourcesLinks ResourceSetResourcesLinks
+
+// NewResourceSetResourcesLinks instantiates a new ResourceSetResourcesLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSetResourcesLinks() *ResourceSetResourcesLinks {
+	this := ResourceSetResourcesLinks{}
+	return &this
+}
+
+// NewResourceSetResourcesLinksWithDefaults instantiates a new ResourceSetResourcesLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetResourcesLinksWithDefaults() *ResourceSetResourcesLinks {
+	this := ResourceSetResourcesLinks{}
+	return &this
+}
+
+// GetNext returns the Next field value if set, zero value otherwise.
+func (o *ResourceSetResourcesLinks) GetNext() HrefObject {
+	if o == nil || o.Next == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Next
+}
+
+// GetNextOk returns a tuple with the Next field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResourcesLinks) GetNextOk() (*HrefObject, bool) {
+	if o == nil || o.Next == nil {
+		return nil, false
+	}
+	return o.Next, true
+}
+
+// HasNext returns a boolean if a field has been set.
+func (o *ResourceSetResourcesLinks) HasNext() bool {
+	if o != nil && o.Next != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNext gets a reference to the given HrefObject and assigns it to the Next field.
+func (o *ResourceSetResourcesLinks) SetNext(v HrefObject) {
+	o.Next = &v
+}
+
+// GetResourceSet returns the ResourceSet field value if set, zero value otherwise.
+func (o *ResourceSetResourcesLinks) GetResourceSet() HrefObject {
+	if o == nil || o.ResourceSet == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.ResourceSet
+}
+
+// GetResourceSetOk returns a tuple with the ResourceSet field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSetResourcesLinks) GetResourceSetOk() (*HrefObject, bool) {
+	if o == nil || o.ResourceSet == nil {
+		return nil, false
+	}
+	return o.ResourceSet, true
+}
+
+// HasResourceSet returns a boolean if a field has been set.
+func (o *ResourceSetResourcesLinks) HasResourceSet() bool {
+	if o != nil && o.ResourceSet != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResourceSet gets a reference to the given HrefObject and assigns it to the ResourceSet field.
+func (o *ResourceSetResourcesLinks) SetResourceSet(v HrefObject) {
+	o.ResourceSet = &v
+}
+
+func (o ResourceSetResourcesLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Next != nil {
+		toSerialize["next"] = o.Next
+	}
+	if o.ResourceSet != nil {
+		toSerialize["resource-set"] = o.ResourceSet
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSetResourcesLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSetResourcesLinks := _ResourceSetResourcesLinks{}
+
+	err = json.Unmarshal(bytes, &varResourceSetResourcesLinks)
+	if err == nil {
+		*o = ResourceSetResourcesLinks(varResourceSetResourcesLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "next")
+		delete(additionalProperties, "resource-set")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSetResourcesLinks struct {
+	value *ResourceSetResourcesLinks
+	isSet bool
+}
+
+func (v NullableResourceSetResourcesLinks) Get() *ResourceSetResourcesLinks {
+	return v.value
+}
+
+func (v *NullableResourceSetResourcesLinks) Set(val *ResourceSetResourcesLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSetResourcesLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSetResourcesLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSetResourcesLinks(val *ResourceSetResourcesLinks) *NullableResourceSetResourcesLinks {
+	return &NullableResourceSetResourcesLinks{value: val, isSet: true}
+}
+
+func (v NullableResourceSetResourcesLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSetResourcesLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_resource_sets.go b/okta/model_resource_sets.go
new file mode 100644
index 000000000..22773da2e
--- /dev/null
+++ b/okta/model_resource_sets.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ResourceSets struct for ResourceSets
+type ResourceSets struct {
+	ResourceSets         []ResourceSet  `json:"resource-sets,omitempty"`
+	Links                *IamRolesLinks `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ResourceSets ResourceSets
+
+// NewResourceSets instantiates a new ResourceSets object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewResourceSets() *ResourceSets {
+	this := ResourceSets{}
+	return &this
+}
+
+// NewResourceSetsWithDefaults instantiates a new ResourceSets object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewResourceSetsWithDefaults() *ResourceSets {
+	this := ResourceSets{}
+	return &this
+}
+
+// GetResourceSets returns the ResourceSets field value if set, zero value otherwise.
+func (o *ResourceSets) GetResourceSets() []ResourceSet {
+	if o == nil || o.ResourceSets == nil {
+		var ret []ResourceSet
+		return ret
+	}
+	return o.ResourceSets
+}
+
+// GetResourceSetsOk returns a tuple with the ResourceSets field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSets) GetResourceSetsOk() ([]ResourceSet, bool) {
+	if o == nil || o.ResourceSets == nil {
+		return nil, false
+	}
+	return o.ResourceSets, true
+}
+
+// HasResourceSets returns a boolean if a field has been set.
+func (o *ResourceSets) HasResourceSets() bool {
+	if o != nil && o.ResourceSets != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResourceSets gets a reference to the given []ResourceSet and assigns it to the ResourceSets field.
+func (o *ResourceSets) SetResourceSets(v []ResourceSet) {
+	o.ResourceSets = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ResourceSets) GetLinks() IamRolesLinks {
+	if o == nil || o.Links == nil {
+		var ret IamRolesLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ResourceSets) GetLinksOk() (*IamRolesLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ResourceSets) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given IamRolesLinks and assigns it to the Links field.
+func (o *ResourceSets) SetLinks(v IamRolesLinks) {
+	o.Links = &v
+}
+
+func (o ResourceSets) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ResourceSets != nil {
+		toSerialize["resource-sets"] = o.ResourceSets
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ResourceSets) UnmarshalJSON(bytes []byte) (err error) {
+	varResourceSets := _ResourceSets{}
+
+	err = json.Unmarshal(bytes, &varResourceSets)
+	if err == nil {
+		*o = ResourceSets(varResourceSets)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "resource-sets")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableResourceSets struct {
+	value *ResourceSets
+	isSet bool
+}
+
+func (v NullableResourceSets) Get() *ResourceSets {
+	return v.value
+}
+
+func (v *NullableResourceSets) Set(val *ResourceSets) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableResourceSets) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableResourceSets) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableResourceSets(val *ResourceSets) *NullableResourceSets {
+	return &NullableResourceSets{value: val, isSet: true}
+}
+
+func (v NullableResourceSets) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableResourceSets) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_risk_event.go b/okta/model_risk_event.go
new file mode 100644
index 000000000..204224cff
--- /dev/null
+++ b/okta/model_risk_event.go
@@ -0,0 +1,228 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// RiskEvent struct for RiskEvent
+type RiskEvent struct {
+	// Time stamp at which the event expires (Expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'). If this optional field is not included, Okta automatically expires the event 24 hours after the event is consumed.
+	ExpiresAt *time.Time         `json:"expiresAt,omitempty"`
+	Subjects  []RiskEventSubject `json:"subjects"`
+	// Time stamp at which the event is produced (Expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z').
+	Timestamp            *time.Time `json:"timestamp,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _RiskEvent RiskEvent
+
+// NewRiskEvent instantiates a new RiskEvent object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRiskEvent(subjects []RiskEventSubject) *RiskEvent {
+	this := RiskEvent{}
+	this.Subjects = subjects
+	return &this
+}
+
+// NewRiskEventWithDefaults instantiates a new RiskEvent object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRiskEventWithDefaults() *RiskEvent {
+	this := RiskEvent{}
+	return &this
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *RiskEvent) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskEvent) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *RiskEvent) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *RiskEvent) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetSubjects returns the Subjects field value
+func (o *RiskEvent) GetSubjects() []RiskEventSubject {
+	if o == nil {
+		var ret []RiskEventSubject
+		return ret
+	}
+
+	return o.Subjects
+}
+
+// GetSubjectsOk returns a tuple with the Subjects field value
+// and a boolean to check if the value has been set.
+func (o *RiskEvent) GetSubjectsOk() ([]RiskEventSubject, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.Subjects, true
+}
+
+// SetSubjects sets field value
+func (o *RiskEvent) SetSubjects(v []RiskEventSubject) {
+	o.Subjects = v
+}
+
+// GetTimestamp returns the Timestamp field value if set, zero value otherwise.
+func (o *RiskEvent) GetTimestamp() time.Time {
+	if o == nil || o.Timestamp == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Timestamp
+}
+
+// GetTimestampOk returns a tuple with the Timestamp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskEvent) GetTimestampOk() (*time.Time, bool) {
+	if o == nil || o.Timestamp == nil {
+		return nil, false
+	}
+	return o.Timestamp, true
+}
+
+// HasTimestamp returns a boolean if a field has been set.
+func (o *RiskEvent) HasTimestamp() bool {
+	if o != nil && o.Timestamp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTimestamp gets a reference to the given time.Time and assigns it to the Timestamp field.
+func (o *RiskEvent) SetTimestamp(v time.Time) {
+	o.Timestamp = &v
+}
+
+func (o RiskEvent) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if true {
+		toSerialize["subjects"] = o.Subjects
+	}
+	if o.Timestamp != nil {
+		toSerialize["timestamp"] = o.Timestamp
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *RiskEvent) UnmarshalJSON(bytes []byte) (err error) {
+	varRiskEvent := _RiskEvent{}
+
+	err = json.Unmarshal(bytes, &varRiskEvent)
+	if err == nil {
+		*o = RiskEvent(varRiskEvent)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "subjects")
+		delete(additionalProperties, "timestamp")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRiskEvent struct {
+	value *RiskEvent
+	isSet bool
+}
+
+func (v NullableRiskEvent) Get() *RiskEvent {
+	return v.value
+}
+
+func (v *NullableRiskEvent) Set(val *RiskEvent) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRiskEvent) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRiskEvent) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRiskEvent(val *RiskEvent) *NullableRiskEvent {
+	return &NullableRiskEvent{value: val, isSet: true}
+}
+
+func (v NullableRiskEvent) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRiskEvent) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_risk_event_subject.go b/okta/model_risk_event_subject.go
new file mode 100644
index 000000000..d4e1bfc36
--- /dev/null
+++ b/okta/model_risk_event_subject.go
@@ -0,0 +1,227 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// RiskEventSubject struct for RiskEventSubject
+type RiskEventSubject struct {
+	// Either an IpV4 or IpV6 address.
+	Ip string `json:"ip"`
+	// Any additional message that the provider can send specifying the reason for the risk level of the IP.
+	Message              *string                    `json:"message,omitempty"`
+	RiskLevel            *RiskEventSubjectRiskLevel `json:"riskLevel,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _RiskEventSubject RiskEventSubject
+
+// NewRiskEventSubject instantiates a new RiskEventSubject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRiskEventSubject(ip string) *RiskEventSubject {
+	this := RiskEventSubject{}
+	this.Ip = ip
+	return &this
+}
+
+// NewRiskEventSubjectWithDefaults instantiates a new RiskEventSubject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRiskEventSubjectWithDefaults() *RiskEventSubject {
+	this := RiskEventSubject{}
+	return &this
+}
+
+// GetIp returns the Ip field value
+func (o *RiskEventSubject) GetIp() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Ip
+}
+
+// GetIpOk returns a tuple with the Ip field value
+// and a boolean to check if the value has been set.
+func (o *RiskEventSubject) GetIpOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Ip, true
+}
+
+// SetIp sets field value
+func (o *RiskEventSubject) SetIp(v string) {
+	o.Ip = v
+}
+
+// GetMessage returns the Message field value if set, zero value otherwise.
+func (o *RiskEventSubject) GetMessage() string {
+	if o == nil || o.Message == nil {
+		var ret string
+		return ret
+	}
+	return *o.Message
+}
+
+// GetMessageOk returns a tuple with the Message field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskEventSubject) GetMessageOk() (*string, bool) {
+	if o == nil || o.Message == nil {
+		return nil, false
+	}
+	return o.Message, true
+}
+
+// HasMessage returns a boolean if a field has been set.
+func (o *RiskEventSubject) HasMessage() bool {
+	if o != nil && o.Message != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMessage gets a reference to the given string and assigns it to the Message field.
+func (o *RiskEventSubject) SetMessage(v string) {
+	o.Message = &v
+}
+
+// GetRiskLevel returns the RiskLevel field value if set, zero value otherwise.
+func (o *RiskEventSubject) GetRiskLevel() RiskEventSubjectRiskLevel {
+	if o == nil || o.RiskLevel == nil {
+		var ret RiskEventSubjectRiskLevel
+		return ret
+	}
+	return *o.RiskLevel
+}
+
+// GetRiskLevelOk returns a tuple with the RiskLevel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskEventSubject) GetRiskLevelOk() (*RiskEventSubjectRiskLevel, bool) {
+	if o == nil || o.RiskLevel == nil {
+		return nil, false
+	}
+	return o.RiskLevel, true
+}
+
+// HasRiskLevel returns a boolean if a field has been set.
+func (o *RiskEventSubject) HasRiskLevel() bool {
+	if o != nil && o.RiskLevel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRiskLevel gets a reference to the given RiskEventSubjectRiskLevel and assigns it to the RiskLevel field.
+func (o *RiskEventSubject) SetRiskLevel(v RiskEventSubjectRiskLevel) {
+	o.RiskLevel = &v
+}
+
+func (o RiskEventSubject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["ip"] = o.Ip
+	}
+	if o.Message != nil {
+		toSerialize["message"] = o.Message
+	}
+	if o.RiskLevel != nil {
+		toSerialize["riskLevel"] = o.RiskLevel
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *RiskEventSubject) UnmarshalJSON(bytes []byte) (err error) {
+	varRiskEventSubject := _RiskEventSubject{}
+
+	err = json.Unmarshal(bytes, &varRiskEventSubject)
+	if err == nil {
+		*o = RiskEventSubject(varRiskEventSubject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "ip")
+		delete(additionalProperties, "message")
+		delete(additionalProperties, "riskLevel")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRiskEventSubject struct {
+	value *RiskEventSubject
+	isSet bool
+}
+
+func (v NullableRiskEventSubject) Get() *RiskEventSubject {
+	return v.value
+}
+
+func (v *NullableRiskEventSubject) Set(val *RiskEventSubject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRiskEventSubject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRiskEventSubject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRiskEventSubject(val *RiskEventSubject) *NullableRiskEventSubject {
+	return &NullableRiskEventSubject{value: val, isSet: true}
+}
+
+func (v NullableRiskEventSubject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRiskEventSubject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_risk_event_subject_risk_level.go b/okta/model_risk_event_subject_risk_level.go
new file mode 100644
index 000000000..732700e7f
--- /dev/null
+++ b/okta/model_risk_event_subject_risk_level.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// RiskEventSubjectRiskLevel the model 'RiskEventSubjectRiskLevel'
+type RiskEventSubjectRiskLevel string
+
+// List of RiskEventSubjectRiskLevel
+const (
+	RISKEVENTSUBJECTRISKLEVEL_HIGH   RiskEventSubjectRiskLevel = "HIGH"
+	RISKEVENTSUBJECTRISKLEVEL_LOW    RiskEventSubjectRiskLevel = "LOW"
+	RISKEVENTSUBJECTRISKLEVEL_MEDIUM RiskEventSubjectRiskLevel = "MEDIUM"
+)
+
+// All allowed values of RiskEventSubjectRiskLevel enum
+var AllowedRiskEventSubjectRiskLevelEnumValues = []RiskEventSubjectRiskLevel{
+	"HIGH",
+	"LOW",
+	"MEDIUM",
+}
+
+func (v *RiskEventSubjectRiskLevel) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := RiskEventSubjectRiskLevel(value)
+	for _, existing := range AllowedRiskEventSubjectRiskLevelEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid RiskEventSubjectRiskLevel", value)
+}
+
+// NewRiskEventSubjectRiskLevelFromValue returns a pointer to a valid RiskEventSubjectRiskLevel
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewRiskEventSubjectRiskLevelFromValue(v string) (*RiskEventSubjectRiskLevel, error) {
+	ev := RiskEventSubjectRiskLevel(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for RiskEventSubjectRiskLevel: valid values are %v", v, AllowedRiskEventSubjectRiskLevelEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v RiskEventSubjectRiskLevel) IsValid() bool {
+	for _, existing := range AllowedRiskEventSubjectRiskLevelEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to RiskEventSubjectRiskLevel value
+func (v RiskEventSubjectRiskLevel) Ptr() *RiskEventSubjectRiskLevel {
+	return &v
+}
+
+type NullableRiskEventSubjectRiskLevel struct {
+	value *RiskEventSubjectRiskLevel
+	isSet bool
+}
+
+func (v NullableRiskEventSubjectRiskLevel) Get() *RiskEventSubjectRiskLevel {
+	return v.value
+}
+
+func (v *NullableRiskEventSubjectRiskLevel) Set(val *RiskEventSubjectRiskLevel) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRiskEventSubjectRiskLevel) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRiskEventSubjectRiskLevel) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRiskEventSubjectRiskLevel(val *RiskEventSubjectRiskLevel) *NullableRiskEventSubjectRiskLevel {
+	return &NullableRiskEventSubjectRiskLevel{value: val, isSet: true}
+}
+
+func (v NullableRiskEventSubjectRiskLevel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRiskEventSubjectRiskLevel) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_risk_policy_rule_condition.go b/okta/model_risk_policy_rule_condition.go
new file mode 100644
index 000000000..45e023991
--- /dev/null
+++ b/okta/model_risk_policy_rule_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// RiskPolicyRuleCondition struct for RiskPolicyRuleCondition
+type RiskPolicyRuleCondition struct {
+	Behaviors            []string `json:"behaviors,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _RiskPolicyRuleCondition RiskPolicyRuleCondition
+
+// NewRiskPolicyRuleCondition instantiates a new RiskPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRiskPolicyRuleCondition() *RiskPolicyRuleCondition {
+	this := RiskPolicyRuleCondition{}
+	return &this
+}
+
+// NewRiskPolicyRuleConditionWithDefaults instantiates a new RiskPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRiskPolicyRuleConditionWithDefaults() *RiskPolicyRuleCondition {
+	this := RiskPolicyRuleCondition{}
+	return &this
+}
+
+// GetBehaviors returns the Behaviors field value if set, zero value otherwise.
+func (o *RiskPolicyRuleCondition) GetBehaviors() []string {
+	if o == nil || o.Behaviors == nil {
+		var ret []string
+		return ret
+	}
+	return o.Behaviors
+}
+
+// GetBehaviorsOk returns a tuple with the Behaviors field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskPolicyRuleCondition) GetBehaviorsOk() ([]string, bool) {
+	if o == nil || o.Behaviors == nil {
+		return nil, false
+	}
+	return o.Behaviors, true
+}
+
+// HasBehaviors returns a boolean if a field has been set.
+func (o *RiskPolicyRuleCondition) HasBehaviors() bool {
+	if o != nil && o.Behaviors != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBehaviors gets a reference to the given []string and assigns it to the Behaviors field.
+func (o *RiskPolicyRuleCondition) SetBehaviors(v []string) {
+	o.Behaviors = v
+}
+
+func (o RiskPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Behaviors != nil {
+		toSerialize["behaviors"] = o.Behaviors
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *RiskPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varRiskPolicyRuleCondition := _RiskPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varRiskPolicyRuleCondition)
+	if err == nil {
+		*o = RiskPolicyRuleCondition(varRiskPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "behaviors")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRiskPolicyRuleCondition struct {
+	value *RiskPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableRiskPolicyRuleCondition) Get() *RiskPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableRiskPolicyRuleCondition) Set(val *RiskPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRiskPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRiskPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRiskPolicyRuleCondition(val *RiskPolicyRuleCondition) *NullableRiskPolicyRuleCondition {
+	return &NullableRiskPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableRiskPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRiskPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_risk_provider.go b/okta/model_risk_provider.go
new file mode 100644
index 000000000..0f920b261
--- /dev/null
+++ b/okta/model_risk_provider.go
@@ -0,0 +1,376 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// RiskProvider struct for RiskProvider
+type RiskProvider struct {
+	Action *RiskProviderAction `json:"action,omitempty"`
+	// The ID of the [OAuth service app](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/#create-a-service-app-and-grant-scopes) that is used to send risk events to Okta
+	ClientId string `json:"clientId"`
+	// Timestamp when the risk provider was created
+	Created *time.Time `json:"created,omitempty"`
+	// The ID of the risk provider
+	Id *string `json:"id,omitempty"`
+	// Timestamp when the risk provider was last updated
+	LastUpdated *time.Time `json:"lastUpdated,omitempty"`
+	// Name of the risk provider
+	Name                 string        `json:"name"`
+	Links                *ApiTokenLink `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _RiskProvider RiskProvider
+
+// NewRiskProvider instantiates a new RiskProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRiskProvider(clientId string, name string) *RiskProvider {
+	this := RiskProvider{}
+	var action RiskProviderAction = RISKPROVIDERACTION_LOG_ONLY
+	this.Action = &action
+	this.ClientId = clientId
+	this.Name = name
+	return &this
+}
+
+// NewRiskProviderWithDefaults instantiates a new RiskProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRiskProviderWithDefaults() *RiskProvider {
+	this := RiskProvider{}
+	var action RiskProviderAction = RISKPROVIDERACTION_LOG_ONLY
+	this.Action = &action
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *RiskProvider) GetAction() RiskProviderAction {
+	if o == nil || o.Action == nil {
+		var ret RiskProviderAction
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskProvider) GetActionOk() (*RiskProviderAction, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *RiskProvider) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given RiskProviderAction and assigns it to the Action field.
+func (o *RiskProvider) SetAction(v RiskProviderAction) {
+	o.Action = &v
+}
+
+// GetClientId returns the ClientId field value
+func (o *RiskProvider) GetClientId() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value
+// and a boolean to check if the value has been set.
+func (o *RiskProvider) GetClientIdOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.ClientId, true
+}
+
+// SetClientId sets field value
+func (o *RiskProvider) SetClientId(v string) {
+	o.ClientId = v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *RiskProvider) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskProvider) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *RiskProvider) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *RiskProvider) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *RiskProvider) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskProvider) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *RiskProvider) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *RiskProvider) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *RiskProvider) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskProvider) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *RiskProvider) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *RiskProvider) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value
+func (o *RiskProvider) GetName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value
+// and a boolean to check if the value has been set.
+func (o *RiskProvider) GetNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.Name, true
+}
+
+// SetName sets field value
+func (o *RiskProvider) SetName(v string) {
+	o.Name = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *RiskProvider) GetLinks() ApiTokenLink {
+	if o == nil || o.Links == nil {
+		var ret ApiTokenLink
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskProvider) GetLinksOk() (*ApiTokenLink, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *RiskProvider) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given ApiTokenLink and assigns it to the Links field.
+func (o *RiskProvider) SetLinks(v ApiTokenLink) {
+	o.Links = &v
+}
+
+func (o RiskProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+	if true {
+		toSerialize["clientId"] = o.ClientId
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if true {
+		toSerialize["name"] = o.Name
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *RiskProvider) UnmarshalJSON(bytes []byte) (err error) {
+	varRiskProvider := _RiskProvider{}
+
+	err = json.Unmarshal(bytes, &varRiskProvider)
+	if err == nil {
+		*o = RiskProvider(varRiskProvider)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		delete(additionalProperties, "clientId")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRiskProvider struct {
+	value *RiskProvider
+	isSet bool
+}
+
+func (v NullableRiskProvider) Get() *RiskProvider {
+	return v.value
+}
+
+func (v *NullableRiskProvider) Set(val *RiskProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRiskProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRiskProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRiskProvider(val *RiskProvider) *NullableRiskProvider {
+	return &NullableRiskProvider{value: val, isSet: true}
+}
+
+func (v NullableRiskProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRiskProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_risk_provider_action.go b/okta/model_risk_provider_action.go
new file mode 100644
index 000000000..192576fa9
--- /dev/null
+++ b/okta/model_risk_provider_action.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// RiskProviderAction The action taken by Okta during authentication attempts based on the risk events sent by this provider. Logging can be found in the SystemLogs.
+type RiskProviderAction string
+
+// List of RiskProviderAction
+const (
+	RISKPROVIDERACTION_ENFORCE_AND_LOG RiskProviderAction = "enforce_and_log"
+	RISKPROVIDERACTION_LOG_ONLY        RiskProviderAction = "log_only"
+	RISKPROVIDERACTION_NONE            RiskProviderAction = "none"
+)
+
+// All allowed values of RiskProviderAction enum
+var AllowedRiskProviderActionEnumValues = []RiskProviderAction{
+	"enforce_and_log",
+	"log_only",
+	"none",
+}
+
+func (v *RiskProviderAction) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := RiskProviderAction(value)
+	for _, existing := range AllowedRiskProviderActionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid RiskProviderAction", value)
+}
+
+// NewRiskProviderActionFromValue returns a pointer to a valid RiskProviderAction
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewRiskProviderActionFromValue(v string) (*RiskProviderAction, error) {
+	ev := RiskProviderAction(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for RiskProviderAction: valid values are %v", v, AllowedRiskProviderActionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v RiskProviderAction) IsValid() bool {
+	for _, existing := range AllowedRiskProviderActionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to RiskProviderAction value
+func (v RiskProviderAction) Ptr() *RiskProviderAction {
+	return &v
+}
+
+type NullableRiskProviderAction struct {
+	value *RiskProviderAction
+	isSet bool
+}
+
+func (v NullableRiskProviderAction) Get() *RiskProviderAction {
+	return v.value
+}
+
+func (v *NullableRiskProviderAction) Set(val *RiskProviderAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRiskProviderAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRiskProviderAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRiskProviderAction(val *RiskProviderAction) *NullableRiskProviderAction {
+	return &NullableRiskProviderAction{value: val, isSet: true}
+}
+
+func (v NullableRiskProviderAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRiskProviderAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_risk_score_policy_rule_condition.go b/okta/model_risk_score_policy_rule_condition.go
new file mode 100644
index 000000000..3f084f9f6
--- /dev/null
+++ b/okta/model_risk_score_policy_rule_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// RiskScorePolicyRuleCondition struct for RiskScorePolicyRuleCondition
+type RiskScorePolicyRuleCondition struct {
+	Level                *string `json:"level,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _RiskScorePolicyRuleCondition RiskScorePolicyRuleCondition
+
+// NewRiskScorePolicyRuleCondition instantiates a new RiskScorePolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRiskScorePolicyRuleCondition() *RiskScorePolicyRuleCondition {
+	this := RiskScorePolicyRuleCondition{}
+	return &this
+}
+
+// NewRiskScorePolicyRuleConditionWithDefaults instantiates a new RiskScorePolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRiskScorePolicyRuleConditionWithDefaults() *RiskScorePolicyRuleCondition {
+	this := RiskScorePolicyRuleCondition{}
+	return &this
+}
+
+// GetLevel returns the Level field value if set, zero value otherwise.
+func (o *RiskScorePolicyRuleCondition) GetLevel() string {
+	if o == nil || o.Level == nil {
+		var ret string
+		return ret
+	}
+	return *o.Level
+}
+
+// GetLevelOk returns a tuple with the Level field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *RiskScorePolicyRuleCondition) GetLevelOk() (*string, bool) {
+	if o == nil || o.Level == nil {
+		return nil, false
+	}
+	return o.Level, true
+}
+
+// HasLevel returns a boolean if a field has been set.
+func (o *RiskScorePolicyRuleCondition) HasLevel() bool {
+	if o != nil && o.Level != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLevel gets a reference to the given string and assigns it to the Level field.
+func (o *RiskScorePolicyRuleCondition) SetLevel(v string) {
+	o.Level = &v
+}
+
+func (o RiskScorePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Level != nil {
+		toSerialize["level"] = o.Level
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *RiskScorePolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varRiskScorePolicyRuleCondition := _RiskScorePolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varRiskScorePolicyRuleCondition)
+	if err == nil {
+		*o = RiskScorePolicyRuleCondition(varRiskScorePolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "level")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRiskScorePolicyRuleCondition struct {
+	value *RiskScorePolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableRiskScorePolicyRuleCondition) Get() *RiskScorePolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableRiskScorePolicyRuleCondition) Set(val *RiskScorePolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRiskScorePolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRiskScorePolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRiskScorePolicyRuleCondition(val *RiskScorePolicyRuleCondition) *NullableRiskScorePolicyRuleCondition {
+	return &NullableRiskScorePolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableRiskScorePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRiskScorePolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_role.go b/okta/model_role.go
new file mode 100644
index 000000000..b67ee4fcd
--- /dev/null
+++ b/okta/model_role.go
@@ -0,0 +1,492 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Role struct for Role
+type Role struct {
+	AssignmentType       *RoleAssignmentType               `json:"assignmentType,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	Label                *string                           `json:"label,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Status               *LifecycleStatus                  `json:"status,omitempty"`
+	Type                 *RoleType                         `json:"type,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Role Role
+
+// NewRole instantiates a new Role object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewRole() *Role {
+	this := Role{}
+	return &this
+}
+
+// NewRoleWithDefaults instantiates a new Role object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewRoleWithDefaults() *Role {
+	this := Role{}
+	return &this
+}
+
+// GetAssignmentType returns the AssignmentType field value if set, zero value otherwise.
+func (o *Role) GetAssignmentType() RoleAssignmentType {
+	if o == nil || o.AssignmentType == nil {
+		var ret RoleAssignmentType
+		return ret
+	}
+	return *o.AssignmentType
+}
+
+// GetAssignmentTypeOk returns a tuple with the AssignmentType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetAssignmentTypeOk() (*RoleAssignmentType, bool) {
+	if o == nil || o.AssignmentType == nil {
+		return nil, false
+	}
+	return o.AssignmentType, true
+}
+
+// HasAssignmentType returns a boolean if a field has been set.
+func (o *Role) HasAssignmentType() bool {
+	if o != nil && o.AssignmentType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAssignmentType gets a reference to the given RoleAssignmentType and assigns it to the AssignmentType field.
+func (o *Role) SetAssignmentType(v RoleAssignmentType) {
+	o.AssignmentType = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *Role) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *Role) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *Role) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *Role) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *Role) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *Role) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Role) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Role) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Role) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLabel returns the Label field value if set, zero value otherwise.
+func (o *Role) GetLabel() string {
+	if o == nil || o.Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.Label
+}
+
+// GetLabelOk returns a tuple with the Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetLabelOk() (*string, bool) {
+	if o == nil || o.Label == nil {
+		return nil, false
+	}
+	return o.Label, true
+}
+
+// HasLabel returns a boolean if a field has been set.
+func (o *Role) HasLabel() bool {
+	if o != nil && o.Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLabel gets a reference to the given string and assigns it to the Label field.
+func (o *Role) SetLabel(v string) {
+	o.Label = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *Role) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *Role) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *Role) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Role) GetStatus() LifecycleStatus {
+	if o == nil || o.Status == nil {
+		var ret LifecycleStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetStatusOk() (*LifecycleStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Role) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given LifecycleStatus and assigns it to the Status field.
+func (o *Role) SetStatus(v LifecycleStatus) {
+	o.Status = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *Role) GetType() RoleType {
+	if o == nil || o.Type == nil {
+		var ret RoleType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetTypeOk() (*RoleType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *Role) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given RoleType and assigns it to the Type field.
+func (o *Role) SetType(v RoleType) {
+	o.Type = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *Role) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *Role) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *Role) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Role) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Role) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Role) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *Role) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o Role) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AssignmentType != nil {
+		toSerialize["assignmentType"] = o.AssignmentType
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Label != nil {
+		toSerialize["label"] = o.Label
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Role) UnmarshalJSON(bytes []byte) (err error) {
+	varRole := _Role{}
+
+	err = json.Unmarshal(bytes, &varRole)
+	if err == nil {
+		*o = Role(varRole)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "assignmentType")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "label")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableRole struct {
+	value *Role
+	isSet bool
+}
+
+func (v NullableRole) Get() *Role {
+	return v.value
+}
+
+func (v *NullableRole) Set(val *Role) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRole) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRole) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRole(val *Role) *NullableRole {
+	return &NullableRole{value: val, isSet: true}
+}
+
+func (v NullableRole) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRole) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_role_assignment_type.go b/okta/model_role_assignment_type.go
new file mode 100644
index 000000000..043d945c6
--- /dev/null
+++ b/okta/model_role_assignment_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// RoleAssignmentType the model 'RoleAssignmentType'
+type RoleAssignmentType string
+
+// List of RoleAssignmentType
+const (
+	ROLEASSIGNMENTTYPE_GROUP RoleAssignmentType = "GROUP"
+	ROLEASSIGNMENTTYPE_USER  RoleAssignmentType = "USER"
+)
+
+// All allowed values of RoleAssignmentType enum
+var AllowedRoleAssignmentTypeEnumValues = []RoleAssignmentType{
+	"GROUP",
+	"USER",
+}
+
+func (v *RoleAssignmentType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := RoleAssignmentType(value)
+	for _, existing := range AllowedRoleAssignmentTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid RoleAssignmentType", value)
+}
+
+// NewRoleAssignmentTypeFromValue returns a pointer to a valid RoleAssignmentType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewRoleAssignmentTypeFromValue(v string) (*RoleAssignmentType, error) {
+	ev := RoleAssignmentType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for RoleAssignmentType: valid values are %v", v, AllowedRoleAssignmentTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v RoleAssignmentType) IsValid() bool {
+	for _, existing := range AllowedRoleAssignmentTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to RoleAssignmentType value
+func (v RoleAssignmentType) Ptr() *RoleAssignmentType {
+	return &v
+}
+
+type NullableRoleAssignmentType struct {
+	value *RoleAssignmentType
+	isSet bool
+}
+
+func (v NullableRoleAssignmentType) Get() *RoleAssignmentType {
+	return v.value
+}
+
+func (v *NullableRoleAssignmentType) Set(val *RoleAssignmentType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRoleAssignmentType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRoleAssignmentType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRoleAssignmentType(val *RoleAssignmentType) *NullableRoleAssignmentType {
+	return &NullableRoleAssignmentType{value: val, isSet: true}
+}
+
+func (v NullableRoleAssignmentType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRoleAssignmentType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_role_permission_type.go b/okta/model_role_permission_type.go
new file mode 100644
index 000000000..ff7f93ebc
--- /dev/null
+++ b/okta/model_role_permission_type.go
@@ -0,0 +1,188 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// RolePermissionType the model 'RolePermissionType'
+type RolePermissionType string
+
+// List of RolePermissionType
+const (
+	ROLEPERMISSIONTYPE_APPS_ASSIGNMENT_MANAGE                  RolePermissionType = "okta.apps.assignment.manage"
+	ROLEPERMISSIONTYPE_APPS_MANAGE                             RolePermissionType = "okta.apps.manage"
+	ROLEPERMISSIONTYPE_APPS_MANAGE_FIRST_PARTY_APPS            RolePermissionType = "okta.apps.manageFirstPartyApps"
+	ROLEPERMISSIONTYPE_APPS_READ                               RolePermissionType = "okta.apps.read"
+	ROLEPERMISSIONTYPE_AUTHZ_SERVERS_MANAGE                    RolePermissionType = "okta.authzServers.manage"
+	ROLEPERMISSIONTYPE_AUTHZ_SERVERS_READ                      RolePermissionType = "okta.authzServers.read"
+	ROLEPERMISSIONTYPE_CUSTOMIZATIONS_MANAGE                   RolePermissionType = "okta.customizations.manage"
+	ROLEPERMISSIONTYPE_CUSTOMIZATIONS_READ                     RolePermissionType = "okta.customizations.read"
+	ROLEPERMISSIONTYPE_GOVERNANCE_ACCESS_CERTIFICATIONS_MANAGE RolePermissionType = "okta.governance.accessCertifications.manage"
+	ROLEPERMISSIONTYPE_GOVERNANCE_ACCESS_REQUESTS_MANAGE       RolePermissionType = "okta.governance.accessRequests.manage"
+	ROLEPERMISSIONTYPE_GROUPS_APP_ASSIGNMENT_MANAGE            RolePermissionType = "okta.groups.appAssignment.manage"
+	ROLEPERMISSIONTYPE_GROUPS_CREATE                           RolePermissionType = "okta.groups.create"
+	ROLEPERMISSIONTYPE_GROUPS_MANAGE                           RolePermissionType = "okta.groups.manage"
+	ROLEPERMISSIONTYPE_GROUPS_MEMBERS_MANAGE                   RolePermissionType = "okta.groups.members.manage"
+	ROLEPERMISSIONTYPE_GROUPS_READ                             RolePermissionType = "okta.groups.read"
+	ROLEPERMISSIONTYPE_PROFILESOURCES_IMPORT_RUN               RolePermissionType = "okta.profilesources.import.run"
+	ROLEPERMISSIONTYPE_USERS_APP_ASSIGNMENT_MANAGE             RolePermissionType = "okta.users.appAssignment.manage"
+	ROLEPERMISSIONTYPE_USERS_CREATE                            RolePermissionType = "okta.users.create"
+	ROLEPERMISSIONTYPE_USERS_CREDENTIALS_EXPIRE_PASSWORD       RolePermissionType = "okta.users.credentials.expirePassword"
+	ROLEPERMISSIONTYPE_USERS_CREDENTIALS_MANAGE                RolePermissionType = "okta.users.credentials.manage"
+	ROLEPERMISSIONTYPE_USERS_CREDENTIALS_RESET_FACTORS         RolePermissionType = "okta.users.credentials.resetFactors"
+	ROLEPERMISSIONTYPE_USERS_CREDENTIALS_RESET_PASSWORD        RolePermissionType = "okta.users.credentials.resetPassword"
+	ROLEPERMISSIONTYPE_USERS_GROUP_MEMBERSHIP_MANAGE           RolePermissionType = "okta.users.groupMembership.manage"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_ACTIVATE                RolePermissionType = "okta.users.lifecycle.activate"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_CLEAR_SESSIONS          RolePermissionType = "okta.users.lifecycle.clearSessions"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_DEACTIVATE              RolePermissionType = "okta.users.lifecycle.deactivate"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_DELETE                  RolePermissionType = "okta.users.lifecycle.delete"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_MANAGE                  RolePermissionType = "okta.users.lifecycle.manage"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_SUSPEND                 RolePermissionType = "okta.users.lifecycle.suspend"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_UNLOCK                  RolePermissionType = "okta.users.lifecycle.unlock"
+	ROLEPERMISSIONTYPE_USERS_LIFECYCLE_UNSUSPEND               RolePermissionType = "okta.users.lifecycle.unsuspend"
+	ROLEPERMISSIONTYPE_USERS_MANAGE                            RolePermissionType = "okta.users.manage"
+	ROLEPERMISSIONTYPE_USERS_READ                              RolePermissionType = "okta.users.read"
+	ROLEPERMISSIONTYPE_USERS_USERPROFILE_MANAGE                RolePermissionType = "okta.users.userprofile.manage"
+)
+
+// All allowed values of RolePermissionType enum
+var AllowedRolePermissionTypeEnumValues = []RolePermissionType{
+	"okta.apps.assignment.manage",
+	"okta.apps.manage",
+	"okta.apps.manageFirstPartyApps",
+	"okta.apps.read",
+	"okta.authzServers.manage",
+	"okta.authzServers.read",
+	"okta.customizations.manage",
+	"okta.customizations.read",
+	"okta.governance.accessCertifications.manage",
+	"okta.governance.accessRequests.manage",
+	"okta.groups.appAssignment.manage",
+	"okta.groups.create",
+	"okta.groups.manage",
+	"okta.groups.members.manage",
+	"okta.groups.read",
+	"okta.profilesources.import.run",
+	"okta.users.appAssignment.manage",
+	"okta.users.create",
+	"okta.users.credentials.expirePassword",
+	"okta.users.credentials.manage",
+	"okta.users.credentials.resetFactors",
+	"okta.users.credentials.resetPassword",
+	"okta.users.groupMembership.manage",
+	"okta.users.lifecycle.activate",
+	"okta.users.lifecycle.clearSessions",
+	"okta.users.lifecycle.deactivate",
+	"okta.users.lifecycle.delete",
+	"okta.users.lifecycle.manage",
+	"okta.users.lifecycle.suspend",
+	"okta.users.lifecycle.unlock",
+	"okta.users.lifecycle.unsuspend",
+	"okta.users.manage",
+	"okta.users.read",
+	"okta.users.userprofile.manage",
+}
+
+func (v *RolePermissionType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := RolePermissionType(value)
+	for _, existing := range AllowedRolePermissionTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid RolePermissionType", value)
+}
+
+// NewRolePermissionTypeFromValue returns a pointer to a valid RolePermissionType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewRolePermissionTypeFromValue(v string) (*RolePermissionType, error) {
+	ev := RolePermissionType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for RolePermissionType: valid values are %v", v, AllowedRolePermissionTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v RolePermissionType) IsValid() bool {
+	for _, existing := range AllowedRolePermissionTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to RolePermissionType value
+func (v RolePermissionType) Ptr() *RolePermissionType {
+	return &v
+}
+
+type NullableRolePermissionType struct {
+	value *RolePermissionType
+	isSet bool
+}
+
+func (v NullableRolePermissionType) Get() *RolePermissionType {
+	return v.value
+}
+
+func (v *NullableRolePermissionType) Set(val *RolePermissionType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRolePermissionType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRolePermissionType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRolePermissionType(val *RolePermissionType) *NullableRolePermissionType {
+	return &NullableRolePermissionType{value: val, isSet: true}
+}
+
+func (v NullableRolePermissionType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRolePermissionType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_role_type.go b/okta/model_role_type.go
new file mode 100644
index 000000000..4a33c3f7c
--- /dev/null
+++ b/okta/model_role_type.go
@@ -0,0 +1,140 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// RoleType the model 'RoleType'
+type RoleType string
+
+// List of RoleType
+const (
+	ROLETYPE_API_ACCESS_MANAGEMENT_ADMIN RoleType = "API_ACCESS_MANAGEMENT_ADMIN"
+	ROLETYPE_APP_ADMIN                   RoleType = "APP_ADMIN"
+	ROLETYPE_GROUP_MEMBERSHIP_ADMIN      RoleType = "GROUP_MEMBERSHIP_ADMIN"
+	ROLETYPE_HELP_DESK_ADMIN             RoleType = "HELP_DESK_ADMIN"
+	ROLETYPE_MOBILE_ADMIN                RoleType = "MOBILE_ADMIN"
+	ROLETYPE_ORG_ADMIN                   RoleType = "ORG_ADMIN"
+	ROLETYPE_READ_ONLY_ADMIN             RoleType = "READ_ONLY_ADMIN"
+	ROLETYPE_REPORT_ADMIN                RoleType = "REPORT_ADMIN"
+	ROLETYPE_SUPER_ADMIN                 RoleType = "SUPER_ADMIN"
+	ROLETYPE_USER_ADMIN                  RoleType = "USER_ADMIN"
+)
+
+// All allowed values of RoleType enum
+var AllowedRoleTypeEnumValues = []RoleType{
+	"API_ACCESS_MANAGEMENT_ADMIN",
+	"APP_ADMIN",
+	"GROUP_MEMBERSHIP_ADMIN",
+	"HELP_DESK_ADMIN",
+	"MOBILE_ADMIN",
+	"ORG_ADMIN",
+	"READ_ONLY_ADMIN",
+	"REPORT_ADMIN",
+	"SUPER_ADMIN",
+	"USER_ADMIN",
+}
+
+func (v *RoleType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := RoleType(value)
+	for _, existing := range AllowedRoleTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid RoleType", value)
+}
+
+// NewRoleTypeFromValue returns a pointer to a valid RoleType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewRoleTypeFromValue(v string) (*RoleType, error) {
+	ev := RoleType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for RoleType: valid values are %v", v, AllowedRoleTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v RoleType) IsValid() bool {
+	for _, existing := range AllowedRoleTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to RoleType value
+func (v RoleType) Ptr() *RoleType {
+	return &v
+}
+
+type NullableRoleType struct {
+	value *RoleType
+	isSet bool
+}
+
+func (v NullableRoleType) Get() *RoleType {
+	return v.value
+}
+
+func (v *NullableRoleType) Set(val *RoleType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableRoleType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableRoleType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableRoleType(val *RoleType) *NullableRoleType {
+	return &NullableRoleType{value: val, isSet: true}
+}
+
+func (v NullableRoleType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableRoleType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_safe_browsing_protection_level.go b/okta/model_safe_browsing_protection_level.go
new file mode 100644
index 000000000..3c24709d1
--- /dev/null
+++ b/okta/model_safe_browsing_protection_level.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SafeBrowsingProtectionLevel Represents the current value of the Safe Browsing protection level
+type SafeBrowsingProtectionLevel string
+
+// List of SafeBrowsingProtectionLevel
+const (
+	SAFEBROWSINGPROTECTIONLEVEL_ENHANCED_PROTECTION SafeBrowsingProtectionLevel = "ENHANCED_PROTECTION"
+	SAFEBROWSINGPROTECTIONLEVEL_NO_SAFE_BROWSING    SafeBrowsingProtectionLevel = "NO_SAFE_BROWSING"
+	SAFEBROWSINGPROTECTIONLEVEL_STANDARD_PROTECTION SafeBrowsingProtectionLevel = "STANDARD_PROTECTION"
+)
+
+// All allowed values of SafeBrowsingProtectionLevel enum
+var AllowedSafeBrowsingProtectionLevelEnumValues = []SafeBrowsingProtectionLevel{
+	"ENHANCED_PROTECTION",
+	"NO_SAFE_BROWSING",
+	"STANDARD_PROTECTION",
+}
+
+func (v *SafeBrowsingProtectionLevel) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SafeBrowsingProtectionLevel(value)
+	for _, existing := range AllowedSafeBrowsingProtectionLevelEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SafeBrowsingProtectionLevel", value)
+}
+
+// NewSafeBrowsingProtectionLevelFromValue returns a pointer to a valid SafeBrowsingProtectionLevel
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSafeBrowsingProtectionLevelFromValue(v string) (*SafeBrowsingProtectionLevel, error) {
+	ev := SafeBrowsingProtectionLevel(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SafeBrowsingProtectionLevel: valid values are %v", v, AllowedSafeBrowsingProtectionLevelEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SafeBrowsingProtectionLevel) IsValid() bool {
+	for _, existing := range AllowedSafeBrowsingProtectionLevelEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SafeBrowsingProtectionLevel value
+func (v SafeBrowsingProtectionLevel) Ptr() *SafeBrowsingProtectionLevel {
+	return &v
+}
+
+type NullableSafeBrowsingProtectionLevel struct {
+	value *SafeBrowsingProtectionLevel
+	isSet bool
+}
+
+func (v NullableSafeBrowsingProtectionLevel) Get() *SafeBrowsingProtectionLevel {
+	return v.value
+}
+
+func (v *NullableSafeBrowsingProtectionLevel) Set(val *SafeBrowsingProtectionLevel) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSafeBrowsingProtectionLevel) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSafeBrowsingProtectionLevel) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSafeBrowsingProtectionLevel(val *SafeBrowsingProtectionLevel) *NullableSafeBrowsingProtectionLevel {
+	return &NullableSafeBrowsingProtectionLevel{value: val, isSet: true}
+}
+
+func (v NullableSafeBrowsingProtectionLevel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSafeBrowsingProtectionLevel) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_saml_application.go b/okta/model_saml_application.go
new file mode 100644
index 000000000..dd67b9480
--- /dev/null
+++ b/okta/model_saml_application.go
@@ -0,0 +1,281 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// SamlApplication struct for SamlApplication
+type SamlApplication struct {
+	Application
+	Credentials          *ApplicationCredentials  `json:"credentials,omitempty"`
+	Name                 *string                  `json:"name,omitempty"`
+	Settings             *SamlApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SamlApplication SamlApplication
+
+// NewSamlApplication instantiates a new SamlApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSamlApplication() *SamlApplication {
+	this := SamlApplication{}
+	return &this
+}
+
+// NewSamlApplicationWithDefaults instantiates a new SamlApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSamlApplicationWithDefaults() *SamlApplication {
+	this := SamlApplication{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *SamlApplication) GetCredentials() ApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret ApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplication) GetCredentialsOk() (*ApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *SamlApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given ApplicationCredentials and assigns it to the Credentials field.
+func (o *SamlApplication) SetCredentials(v ApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *SamlApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *SamlApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *SamlApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *SamlApplication) GetSettings() SamlApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret SamlApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplication) GetSettingsOk() (*SamlApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *SamlApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given SamlApplicationSettings and assigns it to the Settings field.
+func (o *SamlApplication) SetSettings(v SamlApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o SamlApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SamlApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type SamlApplicationWithoutEmbeddedStruct struct {
+		Credentials *ApplicationCredentials  `json:"credentials,omitempty"`
+		Name        *string                  `json:"name,omitempty"`
+		Settings    *SamlApplicationSettings `json:"settings,omitempty"`
+	}
+
+	varSamlApplicationWithoutEmbeddedStruct := SamlApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varSamlApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varSamlApplication := _SamlApplication{}
+		varSamlApplication.Credentials = varSamlApplicationWithoutEmbeddedStruct.Credentials
+		varSamlApplication.Name = varSamlApplicationWithoutEmbeddedStruct.Name
+		varSamlApplication.Settings = varSamlApplicationWithoutEmbeddedStruct.Settings
+		*o = SamlApplication(varSamlApplication)
+	} else {
+		return err
+	}
+
+	varSamlApplication := _SamlApplication{}
+
+	err = json.Unmarshal(bytes, &varSamlApplication)
+	if err == nil {
+		o.Application = varSamlApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSamlApplication struct {
+	value *SamlApplication
+	isSet bool
+}
+
+func (v NullableSamlApplication) Get() *SamlApplication {
+	return v.value
+}
+
+func (v *NullableSamlApplication) Set(val *SamlApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSamlApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSamlApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSamlApplication(val *SamlApplication) *NullableSamlApplication {
+	return &NullableSamlApplication{value: val, isSet: true}
+}
+
+func (v NullableSamlApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSamlApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_saml_application_all_of.go b/okta/model_saml_application_all_of.go
new file mode 100644
index 000000000..4833ee79f
--- /dev/null
+++ b/okta/model_saml_application_all_of.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SamlApplicationAllOf struct for SamlApplicationAllOf
+type SamlApplicationAllOf struct {
+	Credentials          *ApplicationCredentials  `json:"credentials,omitempty"`
+	Name                 *string                  `json:"name,omitempty"`
+	Settings             *SamlApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SamlApplicationAllOf SamlApplicationAllOf
+
+// NewSamlApplicationAllOf instantiates a new SamlApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSamlApplicationAllOf() *SamlApplicationAllOf {
+	this := SamlApplicationAllOf{}
+	return &this
+}
+
+// NewSamlApplicationAllOfWithDefaults instantiates a new SamlApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSamlApplicationAllOfWithDefaults() *SamlApplicationAllOf {
+	this := SamlApplicationAllOf{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *SamlApplicationAllOf) GetCredentials() ApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret ApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationAllOf) GetCredentialsOk() (*ApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *SamlApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given ApplicationCredentials and assigns it to the Credentials field.
+func (o *SamlApplicationAllOf) SetCredentials(v ApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *SamlApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *SamlApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *SamlApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *SamlApplicationAllOf) GetSettings() SamlApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret SamlApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationAllOf) GetSettingsOk() (*SamlApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *SamlApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given SamlApplicationSettings and assigns it to the Settings field.
+func (o *SamlApplicationAllOf) SetSettings(v SamlApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o SamlApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SamlApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSamlApplicationAllOf := _SamlApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varSamlApplicationAllOf)
+	if err == nil {
+		*o = SamlApplicationAllOf(varSamlApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSamlApplicationAllOf struct {
+	value *SamlApplicationAllOf
+	isSet bool
+}
+
+func (v NullableSamlApplicationAllOf) Get() *SamlApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableSamlApplicationAllOf) Set(val *SamlApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSamlApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSamlApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSamlApplicationAllOf(val *SamlApplicationAllOf) *NullableSamlApplicationAllOf {
+	return &NullableSamlApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableSamlApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSamlApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_saml_application_settings.go b/okta/model_saml_application_settings.go
new file mode 100644
index 000000000..efcda863e
--- /dev/null
+++ b/okta/model_saml_application_settings.go
@@ -0,0 +1,380 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SamlApplicationSettings struct for SamlApplicationSettings
+type SamlApplicationSettings struct {
+	IdentityStoreId      *string                             `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                               `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                             `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes           `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications   `json:"notifications,omitempty"`
+	App                  *SamlApplicationSettingsApplication `json:"app,omitempty"`
+	SignOn               *SamlApplicationSettingsSignOn      `json:"signOn,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SamlApplicationSettings SamlApplicationSettings
+
+// NewSamlApplicationSettings instantiates a new SamlApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSamlApplicationSettings() *SamlApplicationSettings {
+	this := SamlApplicationSettings{}
+	return &this
+}
+
+// NewSamlApplicationSettingsWithDefaults instantiates a new SamlApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSamlApplicationSettingsWithDefaults() *SamlApplicationSettings {
+	this := SamlApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *SamlApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *SamlApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *SamlApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *SamlApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *SamlApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *SamlApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *SamlApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *SamlApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *SamlApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *SamlApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *SamlApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *SamlApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *SamlApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *SamlApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *SamlApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *SamlApplicationSettings) GetApp() SamlApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret SamlApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettings) GetAppOk() (*SamlApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *SamlApplicationSettings) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given SamlApplicationSettingsApplication and assigns it to the App field.
+func (o *SamlApplicationSettings) SetApp(v SamlApplicationSettingsApplication) {
+	o.App = &v
+}
+
+// GetSignOn returns the SignOn field value if set, zero value otherwise.
+func (o *SamlApplicationSettings) GetSignOn() SamlApplicationSettingsSignOn {
+	if o == nil || o.SignOn == nil {
+		var ret SamlApplicationSettingsSignOn
+		return ret
+	}
+	return *o.SignOn
+}
+
+// GetSignOnOk returns a tuple with the SignOn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettings) GetSignOnOk() (*SamlApplicationSettingsSignOn, bool) {
+	if o == nil || o.SignOn == nil {
+		return nil, false
+	}
+	return o.SignOn, true
+}
+
+// HasSignOn returns a boolean if a field has been set.
+func (o *SamlApplicationSettings) HasSignOn() bool {
+	if o != nil && o.SignOn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignOn gets a reference to the given SamlApplicationSettingsSignOn and assigns it to the SignOn field.
+func (o *SamlApplicationSettings) SetSignOn(v SamlApplicationSettingsSignOn) {
+	o.SignOn = &v
+}
+
+func (o SamlApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.SignOn != nil {
+		toSerialize["signOn"] = o.SignOn
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SamlApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varSamlApplicationSettings := _SamlApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varSamlApplicationSettings)
+	if err == nil {
+		*o = SamlApplicationSettings(varSamlApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "signOn")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSamlApplicationSettings struct {
+	value *SamlApplicationSettings
+	isSet bool
+}
+
+func (v NullableSamlApplicationSettings) Get() *SamlApplicationSettings {
+	return v.value
+}
+
+func (v *NullableSamlApplicationSettings) Set(val *SamlApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSamlApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSamlApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSamlApplicationSettings(val *SamlApplicationSettings) *NullableSamlApplicationSettings {
+	return &NullableSamlApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableSamlApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSamlApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_saml_application_settings_all_of.go b/okta/model_saml_application_settings_all_of.go
new file mode 100644
index 000000000..36c04dac3
--- /dev/null
+++ b/okta/model_saml_application_settings_all_of.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SamlApplicationSettingsAllOf struct for SamlApplicationSettingsAllOf
+type SamlApplicationSettingsAllOf struct {
+	App                  *SamlApplicationSettingsApplication `json:"app,omitempty"`
+	SignOn               *SamlApplicationSettingsSignOn      `json:"signOn,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SamlApplicationSettingsAllOf SamlApplicationSettingsAllOf
+
+// NewSamlApplicationSettingsAllOf instantiates a new SamlApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSamlApplicationSettingsAllOf() *SamlApplicationSettingsAllOf {
+	this := SamlApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewSamlApplicationSettingsAllOfWithDefaults instantiates a new SamlApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSamlApplicationSettingsAllOfWithDefaults() *SamlApplicationSettingsAllOf {
+	this := SamlApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsAllOf) GetApp() SamlApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret SamlApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsAllOf) GetAppOk() (*SamlApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsAllOf) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given SamlApplicationSettingsApplication and assigns it to the App field.
+func (o *SamlApplicationSettingsAllOf) SetApp(v SamlApplicationSettingsApplication) {
+	o.App = &v
+}
+
+// GetSignOn returns the SignOn field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsAllOf) GetSignOn() SamlApplicationSettingsSignOn {
+	if o == nil || o.SignOn == nil {
+		var ret SamlApplicationSettingsSignOn
+		return ret
+	}
+	return *o.SignOn
+}
+
+// GetSignOnOk returns a tuple with the SignOn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsAllOf) GetSignOnOk() (*SamlApplicationSettingsSignOn, bool) {
+	if o == nil || o.SignOn == nil {
+		return nil, false
+	}
+	return o.SignOn, true
+}
+
+// HasSignOn returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsAllOf) HasSignOn() bool {
+	if o != nil && o.SignOn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignOn gets a reference to the given SamlApplicationSettingsSignOn and assigns it to the SignOn field.
+func (o *SamlApplicationSettingsAllOf) SetSignOn(v SamlApplicationSettingsSignOn) {
+	o.SignOn = &v
+}
+
+func (o SamlApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+	if o.SignOn != nil {
+		toSerialize["signOn"] = o.SignOn
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SamlApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSamlApplicationSettingsAllOf := _SamlApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varSamlApplicationSettingsAllOf)
+	if err == nil {
+		*o = SamlApplicationSettingsAllOf(varSamlApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		delete(additionalProperties, "signOn")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSamlApplicationSettingsAllOf struct {
+	value *SamlApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableSamlApplicationSettingsAllOf) Get() *SamlApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableSamlApplicationSettingsAllOf) Set(val *SamlApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSamlApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSamlApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSamlApplicationSettingsAllOf(val *SamlApplicationSettingsAllOf) *NullableSamlApplicationSettingsAllOf {
+	return &NullableSamlApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableSamlApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSamlApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_saml_application_settings_application.go b/okta/model_saml_application_settings_application.go
new file mode 100644
index 000000000..329645bf2
--- /dev/null
+++ b/okta/model_saml_application_settings_application.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SamlApplicationSettingsApplication struct for SamlApplicationSettingsApplication
+type SamlApplicationSettingsApplication struct {
+	AcsUrl               *string `json:"acsUrl,omitempty"`
+	AudRestriction       *string `json:"audRestriction,omitempty"`
+	BaseUrl              *string `json:"baseUrl,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SamlApplicationSettingsApplication SamlApplicationSettingsApplication
+
+// NewSamlApplicationSettingsApplication instantiates a new SamlApplicationSettingsApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSamlApplicationSettingsApplication() *SamlApplicationSettingsApplication {
+	this := SamlApplicationSettingsApplication{}
+	return &this
+}
+
+// NewSamlApplicationSettingsApplicationWithDefaults instantiates a new SamlApplicationSettingsApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSamlApplicationSettingsApplicationWithDefaults() *SamlApplicationSettingsApplication {
+	this := SamlApplicationSettingsApplication{}
+	return &this
+}
+
+// GetAcsUrl returns the AcsUrl field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsApplication) GetAcsUrl() string {
+	if o == nil || o.AcsUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.AcsUrl
+}
+
+// GetAcsUrlOk returns a tuple with the AcsUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsApplication) GetAcsUrlOk() (*string, bool) {
+	if o == nil || o.AcsUrl == nil {
+		return nil, false
+	}
+	return o.AcsUrl, true
+}
+
+// HasAcsUrl returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsApplication) HasAcsUrl() bool {
+	if o != nil && o.AcsUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAcsUrl gets a reference to the given string and assigns it to the AcsUrl field.
+func (o *SamlApplicationSettingsApplication) SetAcsUrl(v string) {
+	o.AcsUrl = &v
+}
+
+// GetAudRestriction returns the AudRestriction field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsApplication) GetAudRestriction() string {
+	if o == nil || o.AudRestriction == nil {
+		var ret string
+		return ret
+	}
+	return *o.AudRestriction
+}
+
+// GetAudRestrictionOk returns a tuple with the AudRestriction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsApplication) GetAudRestrictionOk() (*string, bool) {
+	if o == nil || o.AudRestriction == nil {
+		return nil, false
+	}
+	return o.AudRestriction, true
+}
+
+// HasAudRestriction returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsApplication) HasAudRestriction() bool {
+	if o != nil && o.AudRestriction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAudRestriction gets a reference to the given string and assigns it to the AudRestriction field.
+func (o *SamlApplicationSettingsApplication) SetAudRestriction(v string) {
+	o.AudRestriction = &v
+}
+
+// GetBaseUrl returns the BaseUrl field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsApplication) GetBaseUrl() string {
+	if o == nil || o.BaseUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.BaseUrl
+}
+
+// GetBaseUrlOk returns a tuple with the BaseUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsApplication) GetBaseUrlOk() (*string, bool) {
+	if o == nil || o.BaseUrl == nil {
+		return nil, false
+	}
+	return o.BaseUrl, true
+}
+
+// HasBaseUrl returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsApplication) HasBaseUrl() bool {
+	if o != nil && o.BaseUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBaseUrl gets a reference to the given string and assigns it to the BaseUrl field.
+func (o *SamlApplicationSettingsApplication) SetBaseUrl(v string) {
+	o.BaseUrl = &v
+}
+
+func (o SamlApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AcsUrl != nil {
+		toSerialize["acsUrl"] = o.AcsUrl
+	}
+	if o.AudRestriction != nil {
+		toSerialize["audRestriction"] = o.AudRestriction
+	}
+	if o.BaseUrl != nil {
+		toSerialize["baseUrl"] = o.BaseUrl
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SamlApplicationSettingsApplication) UnmarshalJSON(bytes []byte) (err error) {
+	varSamlApplicationSettingsApplication := _SamlApplicationSettingsApplication{}
+
+	err = json.Unmarshal(bytes, &varSamlApplicationSettingsApplication)
+	if err == nil {
+		*o = SamlApplicationSettingsApplication(varSamlApplicationSettingsApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "acsUrl")
+		delete(additionalProperties, "audRestriction")
+		delete(additionalProperties, "baseUrl")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSamlApplicationSettingsApplication struct {
+	value *SamlApplicationSettingsApplication
+	isSet bool
+}
+
+func (v NullableSamlApplicationSettingsApplication) Get() *SamlApplicationSettingsApplication {
+	return v.value
+}
+
+func (v *NullableSamlApplicationSettingsApplication) Set(val *SamlApplicationSettingsApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSamlApplicationSettingsApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSamlApplicationSettingsApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSamlApplicationSettingsApplication(val *SamlApplicationSettingsApplication) *NullableSamlApplicationSettingsApplication {
+	return &NullableSamlApplicationSettingsApplication{value: val, isSet: true}
+}
+
+func (v NullableSamlApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSamlApplicationSettingsApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_saml_application_settings_sign_on.go b/okta/model_saml_application_settings_sign_on.go
new file mode 100644
index 000000000..f633ff75e
--- /dev/null
+++ b/okta/model_saml_application_settings_sign_on.go
@@ -0,0 +1,1083 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SamlApplicationSettingsSignOn struct for SamlApplicationSettingsSignOn
+type SamlApplicationSettingsSignOn struct {
+	AcsEndpoints              []AcsEndpoint            `json:"acsEndpoints,omitempty"`
+	AllowMultipleAcsEndpoints *bool                    `json:"allowMultipleAcsEndpoints,omitempty"`
+	AssertionSigned           *bool                    `json:"assertionSigned,omitempty"`
+	AttributeStatements       []SamlAttributeStatement `json:"attributeStatements,omitempty"`
+	Audience                  *string                  `json:"audience,omitempty"`
+	AudienceOverride          *string                  `json:"audienceOverride,omitempty"`
+	AuthnContextClassRef      *string                  `json:"authnContextClassRef,omitempty"`
+	DefaultRelayState         *string                  `json:"defaultRelayState,omitempty"`
+	Destination               *string                  `json:"destination,omitempty"`
+	DestinationOverride       *string                  `json:"destinationOverride,omitempty"`
+	DigestAlgorithm           *string                  `json:"digestAlgorithm,omitempty"`
+	HonorForceAuthn           *bool                    `json:"honorForceAuthn,omitempty"`
+	IdpIssuer                 *string                  `json:"idpIssuer,omitempty"`
+	InlineHooks               []SignOnInlineHook       `json:"inlineHooks,omitempty"`
+	Recipient                 *string                  `json:"recipient,omitempty"`
+	RecipientOverride         *string                  `json:"recipientOverride,omitempty"`
+	RequestCompressed         *bool                    `json:"requestCompressed,omitempty"`
+	ResponseSigned            *bool                    `json:"responseSigned,omitempty"`
+	SignatureAlgorithm        *string                  `json:"signatureAlgorithm,omitempty"`
+	Slo                       *SingleLogout            `json:"slo,omitempty"`
+	SpCertificate             *SpCertificate           `json:"spCertificate,omitempty"`
+	SpIssuer                  *string                  `json:"spIssuer,omitempty"`
+	SsoAcsUrl                 *string                  `json:"ssoAcsUrl,omitempty"`
+	SsoAcsUrlOverride         *string                  `json:"ssoAcsUrlOverride,omitempty"`
+	SubjectNameIdFormat       *string                  `json:"subjectNameIdFormat,omitempty"`
+	SubjectNameIdTemplate     *string                  `json:"subjectNameIdTemplate,omitempty"`
+	AdditionalProperties      map[string]interface{}
+}
+
+type _SamlApplicationSettingsSignOn SamlApplicationSettingsSignOn
+
+// NewSamlApplicationSettingsSignOn instantiates a new SamlApplicationSettingsSignOn object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSamlApplicationSettingsSignOn() *SamlApplicationSettingsSignOn {
+	this := SamlApplicationSettingsSignOn{}
+	return &this
+}
+
+// NewSamlApplicationSettingsSignOnWithDefaults instantiates a new SamlApplicationSettingsSignOn object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSamlApplicationSettingsSignOnWithDefaults() *SamlApplicationSettingsSignOn {
+	this := SamlApplicationSettingsSignOn{}
+	return &this
+}
+
+// GetAcsEndpoints returns the AcsEndpoints field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetAcsEndpoints() []AcsEndpoint {
+	if o == nil || o.AcsEndpoints == nil {
+		var ret []AcsEndpoint
+		return ret
+	}
+	return o.AcsEndpoints
+}
+
+// GetAcsEndpointsOk returns a tuple with the AcsEndpoints field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetAcsEndpointsOk() ([]AcsEndpoint, bool) {
+	if o == nil || o.AcsEndpoints == nil {
+		return nil, false
+	}
+	return o.AcsEndpoints, true
+}
+
+// HasAcsEndpoints returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasAcsEndpoints() bool {
+	if o != nil && o.AcsEndpoints != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAcsEndpoints gets a reference to the given []AcsEndpoint and assigns it to the AcsEndpoints field.
+func (o *SamlApplicationSettingsSignOn) SetAcsEndpoints(v []AcsEndpoint) {
+	o.AcsEndpoints = v
+}
+
+// GetAllowMultipleAcsEndpoints returns the AllowMultipleAcsEndpoints field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetAllowMultipleAcsEndpoints() bool {
+	if o == nil || o.AllowMultipleAcsEndpoints == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AllowMultipleAcsEndpoints
+}
+
+// GetAllowMultipleAcsEndpointsOk returns a tuple with the AllowMultipleAcsEndpoints field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetAllowMultipleAcsEndpointsOk() (*bool, bool) {
+	if o == nil || o.AllowMultipleAcsEndpoints == nil {
+		return nil, false
+	}
+	return o.AllowMultipleAcsEndpoints, true
+}
+
+// HasAllowMultipleAcsEndpoints returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasAllowMultipleAcsEndpoints() bool {
+	if o != nil && o.AllowMultipleAcsEndpoints != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAllowMultipleAcsEndpoints gets a reference to the given bool and assigns it to the AllowMultipleAcsEndpoints field.
+func (o *SamlApplicationSettingsSignOn) SetAllowMultipleAcsEndpoints(v bool) {
+	o.AllowMultipleAcsEndpoints = &v
+}
+
+// GetAssertionSigned returns the AssertionSigned field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetAssertionSigned() bool {
+	if o == nil || o.AssertionSigned == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AssertionSigned
+}
+
+// GetAssertionSignedOk returns a tuple with the AssertionSigned field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetAssertionSignedOk() (*bool, bool) {
+	if o == nil || o.AssertionSigned == nil {
+		return nil, false
+	}
+	return o.AssertionSigned, true
+}
+
+// HasAssertionSigned returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasAssertionSigned() bool {
+	if o != nil && o.AssertionSigned != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAssertionSigned gets a reference to the given bool and assigns it to the AssertionSigned field.
+func (o *SamlApplicationSettingsSignOn) SetAssertionSigned(v bool) {
+	o.AssertionSigned = &v
+}
+
+// GetAttributeStatements returns the AttributeStatements field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetAttributeStatements() []SamlAttributeStatement {
+	if o == nil || o.AttributeStatements == nil {
+		var ret []SamlAttributeStatement
+		return ret
+	}
+	return o.AttributeStatements
+}
+
+// GetAttributeStatementsOk returns a tuple with the AttributeStatements field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetAttributeStatementsOk() ([]SamlAttributeStatement, bool) {
+	if o == nil || o.AttributeStatements == nil {
+		return nil, false
+	}
+	return o.AttributeStatements, true
+}
+
+// HasAttributeStatements returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasAttributeStatements() bool {
+	if o != nil && o.AttributeStatements != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAttributeStatements gets a reference to the given []SamlAttributeStatement and assigns it to the AttributeStatements field.
+func (o *SamlApplicationSettingsSignOn) SetAttributeStatements(v []SamlAttributeStatement) {
+	o.AttributeStatements = v
+}
+
+// GetAudience returns the Audience field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetAudience() string {
+	if o == nil || o.Audience == nil {
+		var ret string
+		return ret
+	}
+	return *o.Audience
+}
+
+// GetAudienceOk returns a tuple with the Audience field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetAudienceOk() (*string, bool) {
+	if o == nil || o.Audience == nil {
+		return nil, false
+	}
+	return o.Audience, true
+}
+
+// HasAudience returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasAudience() bool {
+	if o != nil && o.Audience != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAudience gets a reference to the given string and assigns it to the Audience field.
+func (o *SamlApplicationSettingsSignOn) SetAudience(v string) {
+	o.Audience = &v
+}
+
+// GetAudienceOverride returns the AudienceOverride field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetAudienceOverride() string {
+	if o == nil || o.AudienceOverride == nil {
+		var ret string
+		return ret
+	}
+	return *o.AudienceOverride
+}
+
+// GetAudienceOverrideOk returns a tuple with the AudienceOverride field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetAudienceOverrideOk() (*string, bool) {
+	if o == nil || o.AudienceOverride == nil {
+		return nil, false
+	}
+	return o.AudienceOverride, true
+}
+
+// HasAudienceOverride returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasAudienceOverride() bool {
+	if o != nil && o.AudienceOverride != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAudienceOverride gets a reference to the given string and assigns it to the AudienceOverride field.
+func (o *SamlApplicationSettingsSignOn) SetAudienceOverride(v string) {
+	o.AudienceOverride = &v
+}
+
+// GetAuthnContextClassRef returns the AuthnContextClassRef field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetAuthnContextClassRef() string {
+	if o == nil || o.AuthnContextClassRef == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthnContextClassRef
+}
+
+// GetAuthnContextClassRefOk returns a tuple with the AuthnContextClassRef field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetAuthnContextClassRefOk() (*string, bool) {
+	if o == nil || o.AuthnContextClassRef == nil {
+		return nil, false
+	}
+	return o.AuthnContextClassRef, true
+}
+
+// HasAuthnContextClassRef returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasAuthnContextClassRef() bool {
+	if o != nil && o.AuthnContextClassRef != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthnContextClassRef gets a reference to the given string and assigns it to the AuthnContextClassRef field.
+func (o *SamlApplicationSettingsSignOn) SetAuthnContextClassRef(v string) {
+	o.AuthnContextClassRef = &v
+}
+
+// GetDefaultRelayState returns the DefaultRelayState field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetDefaultRelayState() string {
+	if o == nil || o.DefaultRelayState == nil {
+		var ret string
+		return ret
+	}
+	return *o.DefaultRelayState
+}
+
+// GetDefaultRelayStateOk returns a tuple with the DefaultRelayState field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetDefaultRelayStateOk() (*string, bool) {
+	if o == nil || o.DefaultRelayState == nil {
+		return nil, false
+	}
+	return o.DefaultRelayState, true
+}
+
+// HasDefaultRelayState returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasDefaultRelayState() bool {
+	if o != nil && o.DefaultRelayState != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefaultRelayState gets a reference to the given string and assigns it to the DefaultRelayState field.
+func (o *SamlApplicationSettingsSignOn) SetDefaultRelayState(v string) {
+	o.DefaultRelayState = &v
+}
+
+// GetDestination returns the Destination field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetDestination() string {
+	if o == nil || o.Destination == nil {
+		var ret string
+		return ret
+	}
+	return *o.Destination
+}
+
+// GetDestinationOk returns a tuple with the Destination field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetDestinationOk() (*string, bool) {
+	if o == nil || o.Destination == nil {
+		return nil, false
+	}
+	return o.Destination, true
+}
+
+// HasDestination returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasDestination() bool {
+	if o != nil && o.Destination != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDestination gets a reference to the given string and assigns it to the Destination field.
+func (o *SamlApplicationSettingsSignOn) SetDestination(v string) {
+	o.Destination = &v
+}
+
+// GetDestinationOverride returns the DestinationOverride field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetDestinationOverride() string {
+	if o == nil || o.DestinationOverride == nil {
+		var ret string
+		return ret
+	}
+	return *o.DestinationOverride
+}
+
+// GetDestinationOverrideOk returns a tuple with the DestinationOverride field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetDestinationOverrideOk() (*string, bool) {
+	if o == nil || o.DestinationOverride == nil {
+		return nil, false
+	}
+	return o.DestinationOverride, true
+}
+
+// HasDestinationOverride returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasDestinationOverride() bool {
+	if o != nil && o.DestinationOverride != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDestinationOverride gets a reference to the given string and assigns it to the DestinationOverride field.
+func (o *SamlApplicationSettingsSignOn) SetDestinationOverride(v string) {
+	o.DestinationOverride = &v
+}
+
+// GetDigestAlgorithm returns the DigestAlgorithm field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetDigestAlgorithm() string {
+	if o == nil || o.DigestAlgorithm == nil {
+		var ret string
+		return ret
+	}
+	return *o.DigestAlgorithm
+}
+
+// GetDigestAlgorithmOk returns a tuple with the DigestAlgorithm field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetDigestAlgorithmOk() (*string, bool) {
+	if o == nil || o.DigestAlgorithm == nil {
+		return nil, false
+	}
+	return o.DigestAlgorithm, true
+}
+
+// HasDigestAlgorithm returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasDigestAlgorithm() bool {
+	if o != nil && o.DigestAlgorithm != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDigestAlgorithm gets a reference to the given string and assigns it to the DigestAlgorithm field.
+func (o *SamlApplicationSettingsSignOn) SetDigestAlgorithm(v string) {
+	o.DigestAlgorithm = &v
+}
+
+// GetHonorForceAuthn returns the HonorForceAuthn field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetHonorForceAuthn() bool {
+	if o == nil || o.HonorForceAuthn == nil {
+		var ret bool
+		return ret
+	}
+	return *o.HonorForceAuthn
+}
+
+// GetHonorForceAuthnOk returns a tuple with the HonorForceAuthn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetHonorForceAuthnOk() (*bool, bool) {
+	if o == nil || o.HonorForceAuthn == nil {
+		return nil, false
+	}
+	return o.HonorForceAuthn, true
+}
+
+// HasHonorForceAuthn returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasHonorForceAuthn() bool {
+	if o != nil && o.HonorForceAuthn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHonorForceAuthn gets a reference to the given bool and assigns it to the HonorForceAuthn field.
+func (o *SamlApplicationSettingsSignOn) SetHonorForceAuthn(v bool) {
+	o.HonorForceAuthn = &v
+}
+
+// GetIdpIssuer returns the IdpIssuer field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetIdpIssuer() string {
+	if o == nil || o.IdpIssuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdpIssuer
+}
+
+// GetIdpIssuerOk returns a tuple with the IdpIssuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetIdpIssuerOk() (*string, bool) {
+	if o == nil || o.IdpIssuer == nil {
+		return nil, false
+	}
+	return o.IdpIssuer, true
+}
+
+// HasIdpIssuer returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasIdpIssuer() bool {
+	if o != nil && o.IdpIssuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdpIssuer gets a reference to the given string and assigns it to the IdpIssuer field.
+func (o *SamlApplicationSettingsSignOn) SetIdpIssuer(v string) {
+	o.IdpIssuer = &v
+}
+
+// GetInlineHooks returns the InlineHooks field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetInlineHooks() []SignOnInlineHook {
+	if o == nil || o.InlineHooks == nil {
+		var ret []SignOnInlineHook
+		return ret
+	}
+	return o.InlineHooks
+}
+
+// GetInlineHooksOk returns a tuple with the InlineHooks field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetInlineHooksOk() ([]SignOnInlineHook, bool) {
+	if o == nil || o.InlineHooks == nil {
+		return nil, false
+	}
+	return o.InlineHooks, true
+}
+
+// HasInlineHooks returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasInlineHooks() bool {
+	if o != nil && o.InlineHooks != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHooks gets a reference to the given []SignOnInlineHook and assigns it to the InlineHooks field.
+func (o *SamlApplicationSettingsSignOn) SetInlineHooks(v []SignOnInlineHook) {
+	o.InlineHooks = v
+}
+
+// GetRecipient returns the Recipient field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetRecipient() string {
+	if o == nil || o.Recipient == nil {
+		var ret string
+		return ret
+	}
+	return *o.Recipient
+}
+
+// GetRecipientOk returns a tuple with the Recipient field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetRecipientOk() (*string, bool) {
+	if o == nil || o.Recipient == nil {
+		return nil, false
+	}
+	return o.Recipient, true
+}
+
+// HasRecipient returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasRecipient() bool {
+	if o != nil && o.Recipient != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRecipient gets a reference to the given string and assigns it to the Recipient field.
+func (o *SamlApplicationSettingsSignOn) SetRecipient(v string) {
+	o.Recipient = &v
+}
+
+// GetRecipientOverride returns the RecipientOverride field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetRecipientOverride() string {
+	if o == nil || o.RecipientOverride == nil {
+		var ret string
+		return ret
+	}
+	return *o.RecipientOverride
+}
+
+// GetRecipientOverrideOk returns a tuple with the RecipientOverride field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetRecipientOverrideOk() (*string, bool) {
+	if o == nil || o.RecipientOverride == nil {
+		return nil, false
+	}
+	return o.RecipientOverride, true
+}
+
+// HasRecipientOverride returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasRecipientOverride() bool {
+	if o != nil && o.RecipientOverride != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRecipientOverride gets a reference to the given string and assigns it to the RecipientOverride field.
+func (o *SamlApplicationSettingsSignOn) SetRecipientOverride(v string) {
+	o.RecipientOverride = &v
+}
+
+// GetRequestCompressed returns the RequestCompressed field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetRequestCompressed() bool {
+	if o == nil || o.RequestCompressed == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RequestCompressed
+}
+
+// GetRequestCompressedOk returns a tuple with the RequestCompressed field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetRequestCompressedOk() (*bool, bool) {
+	if o == nil || o.RequestCompressed == nil {
+		return nil, false
+	}
+	return o.RequestCompressed, true
+}
+
+// HasRequestCompressed returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasRequestCompressed() bool {
+	if o != nil && o.RequestCompressed != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequestCompressed gets a reference to the given bool and assigns it to the RequestCompressed field.
+func (o *SamlApplicationSettingsSignOn) SetRequestCompressed(v bool) {
+	o.RequestCompressed = &v
+}
+
+// GetResponseSigned returns the ResponseSigned field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetResponseSigned() bool {
+	if o == nil || o.ResponseSigned == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ResponseSigned
+}
+
+// GetResponseSignedOk returns a tuple with the ResponseSigned field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetResponseSignedOk() (*bool, bool) {
+	if o == nil || o.ResponseSigned == nil {
+		return nil, false
+	}
+	return o.ResponseSigned, true
+}
+
+// HasResponseSigned returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasResponseSigned() bool {
+	if o != nil && o.ResponseSigned != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetResponseSigned gets a reference to the given bool and assigns it to the ResponseSigned field.
+func (o *SamlApplicationSettingsSignOn) SetResponseSigned(v bool) {
+	o.ResponseSigned = &v
+}
+
+// GetSignatureAlgorithm returns the SignatureAlgorithm field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSignatureAlgorithm() string {
+	if o == nil || o.SignatureAlgorithm == nil {
+		var ret string
+		return ret
+	}
+	return *o.SignatureAlgorithm
+}
+
+// GetSignatureAlgorithmOk returns a tuple with the SignatureAlgorithm field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSignatureAlgorithmOk() (*string, bool) {
+	if o == nil || o.SignatureAlgorithm == nil {
+		return nil, false
+	}
+	return o.SignatureAlgorithm, true
+}
+
+// HasSignatureAlgorithm returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSignatureAlgorithm() bool {
+	if o != nil && o.SignatureAlgorithm != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignatureAlgorithm gets a reference to the given string and assigns it to the SignatureAlgorithm field.
+func (o *SamlApplicationSettingsSignOn) SetSignatureAlgorithm(v string) {
+	o.SignatureAlgorithm = &v
+}
+
+// GetSlo returns the Slo field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSlo() SingleLogout {
+	if o == nil || o.Slo == nil {
+		var ret SingleLogout
+		return ret
+	}
+	return *o.Slo
+}
+
+// GetSloOk returns a tuple with the Slo field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSloOk() (*SingleLogout, bool) {
+	if o == nil || o.Slo == nil {
+		return nil, false
+	}
+	return o.Slo, true
+}
+
+// HasSlo returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSlo() bool {
+	if o != nil && o.Slo != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSlo gets a reference to the given SingleLogout and assigns it to the Slo field.
+func (o *SamlApplicationSettingsSignOn) SetSlo(v SingleLogout) {
+	o.Slo = &v
+}
+
+// GetSpCertificate returns the SpCertificate field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSpCertificate() SpCertificate {
+	if o == nil || o.SpCertificate == nil {
+		var ret SpCertificate
+		return ret
+	}
+	return *o.SpCertificate
+}
+
+// GetSpCertificateOk returns a tuple with the SpCertificate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSpCertificateOk() (*SpCertificate, bool) {
+	if o == nil || o.SpCertificate == nil {
+		return nil, false
+	}
+	return o.SpCertificate, true
+}
+
+// HasSpCertificate returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSpCertificate() bool {
+	if o != nil && o.SpCertificate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSpCertificate gets a reference to the given SpCertificate and assigns it to the SpCertificate field.
+func (o *SamlApplicationSettingsSignOn) SetSpCertificate(v SpCertificate) {
+	o.SpCertificate = &v
+}
+
+// GetSpIssuer returns the SpIssuer field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSpIssuer() string {
+	if o == nil || o.SpIssuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.SpIssuer
+}
+
+// GetSpIssuerOk returns a tuple with the SpIssuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSpIssuerOk() (*string, bool) {
+	if o == nil || o.SpIssuer == nil {
+		return nil, false
+	}
+	return o.SpIssuer, true
+}
+
+// HasSpIssuer returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSpIssuer() bool {
+	if o != nil && o.SpIssuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSpIssuer gets a reference to the given string and assigns it to the SpIssuer field.
+func (o *SamlApplicationSettingsSignOn) SetSpIssuer(v string) {
+	o.SpIssuer = &v
+}
+
+// GetSsoAcsUrl returns the SsoAcsUrl field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrl() string {
+	if o == nil || o.SsoAcsUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.SsoAcsUrl
+}
+
+// GetSsoAcsUrlOk returns a tuple with the SsoAcsUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrlOk() (*string, bool) {
+	if o == nil || o.SsoAcsUrl == nil {
+		return nil, false
+	}
+	return o.SsoAcsUrl, true
+}
+
+// HasSsoAcsUrl returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSsoAcsUrl() bool {
+	if o != nil && o.SsoAcsUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSsoAcsUrl gets a reference to the given string and assigns it to the SsoAcsUrl field.
+func (o *SamlApplicationSettingsSignOn) SetSsoAcsUrl(v string) {
+	o.SsoAcsUrl = &v
+}
+
+// GetSsoAcsUrlOverride returns the SsoAcsUrlOverride field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrlOverride() string {
+	if o == nil || o.SsoAcsUrlOverride == nil {
+		var ret string
+		return ret
+	}
+	return *o.SsoAcsUrlOverride
+}
+
+// GetSsoAcsUrlOverrideOk returns a tuple with the SsoAcsUrlOverride field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSsoAcsUrlOverrideOk() (*string, bool) {
+	if o == nil || o.SsoAcsUrlOverride == nil {
+		return nil, false
+	}
+	return o.SsoAcsUrlOverride, true
+}
+
+// HasSsoAcsUrlOverride returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSsoAcsUrlOverride() bool {
+	if o != nil && o.SsoAcsUrlOverride != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSsoAcsUrlOverride gets a reference to the given string and assigns it to the SsoAcsUrlOverride field.
+func (o *SamlApplicationSettingsSignOn) SetSsoAcsUrlOverride(v string) {
+	o.SsoAcsUrlOverride = &v
+}
+
+// GetSubjectNameIdFormat returns the SubjectNameIdFormat field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdFormat() string {
+	if o == nil || o.SubjectNameIdFormat == nil {
+		var ret string
+		return ret
+	}
+	return *o.SubjectNameIdFormat
+}
+
+// GetSubjectNameIdFormatOk returns a tuple with the SubjectNameIdFormat field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdFormatOk() (*string, bool) {
+	if o == nil || o.SubjectNameIdFormat == nil {
+		return nil, false
+	}
+	return o.SubjectNameIdFormat, true
+}
+
+// HasSubjectNameIdFormat returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSubjectNameIdFormat() bool {
+	if o != nil && o.SubjectNameIdFormat != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubjectNameIdFormat gets a reference to the given string and assigns it to the SubjectNameIdFormat field.
+func (o *SamlApplicationSettingsSignOn) SetSubjectNameIdFormat(v string) {
+	o.SubjectNameIdFormat = &v
+}
+
+// GetSubjectNameIdTemplate returns the SubjectNameIdTemplate field value if set, zero value otherwise.
+func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdTemplate() string {
+	if o == nil || o.SubjectNameIdTemplate == nil {
+		var ret string
+		return ret
+	}
+	return *o.SubjectNameIdTemplate
+}
+
+// GetSubjectNameIdTemplateOk returns a tuple with the SubjectNameIdTemplate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlApplicationSettingsSignOn) GetSubjectNameIdTemplateOk() (*string, bool) {
+	if o == nil || o.SubjectNameIdTemplate == nil {
+		return nil, false
+	}
+	return o.SubjectNameIdTemplate, true
+}
+
+// HasSubjectNameIdTemplate returns a boolean if a field has been set.
+func (o *SamlApplicationSettingsSignOn) HasSubjectNameIdTemplate() bool {
+	if o != nil && o.SubjectNameIdTemplate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSubjectNameIdTemplate gets a reference to the given string and assigns it to the SubjectNameIdTemplate field.
+func (o *SamlApplicationSettingsSignOn) SetSubjectNameIdTemplate(v string) {
+	o.SubjectNameIdTemplate = &v
+}
+
+func (o SamlApplicationSettingsSignOn) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AcsEndpoints != nil {
+		toSerialize["acsEndpoints"] = o.AcsEndpoints
+	}
+	if o.AllowMultipleAcsEndpoints != nil {
+		toSerialize["allowMultipleAcsEndpoints"] = o.AllowMultipleAcsEndpoints
+	}
+	if o.AssertionSigned != nil {
+		toSerialize["assertionSigned"] = o.AssertionSigned
+	}
+	if o.AttributeStatements != nil {
+		toSerialize["attributeStatements"] = o.AttributeStatements
+	}
+	if o.Audience != nil {
+		toSerialize["audience"] = o.Audience
+	}
+	if o.AudienceOverride != nil {
+		toSerialize["audienceOverride"] = o.AudienceOverride
+	}
+	if o.AuthnContextClassRef != nil {
+		toSerialize["authnContextClassRef"] = o.AuthnContextClassRef
+	}
+	if o.DefaultRelayState != nil {
+		toSerialize["defaultRelayState"] = o.DefaultRelayState
+	}
+	if o.Destination != nil {
+		toSerialize["destination"] = o.Destination
+	}
+	if o.DestinationOverride != nil {
+		toSerialize["destinationOverride"] = o.DestinationOverride
+	}
+	if o.DigestAlgorithm != nil {
+		toSerialize["digestAlgorithm"] = o.DigestAlgorithm
+	}
+	if o.HonorForceAuthn != nil {
+		toSerialize["honorForceAuthn"] = o.HonorForceAuthn
+	}
+	if o.IdpIssuer != nil {
+		toSerialize["idpIssuer"] = o.IdpIssuer
+	}
+	if o.InlineHooks != nil {
+		toSerialize["inlineHooks"] = o.InlineHooks
+	}
+	if o.Recipient != nil {
+		toSerialize["recipient"] = o.Recipient
+	}
+	if o.RecipientOverride != nil {
+		toSerialize["recipientOverride"] = o.RecipientOverride
+	}
+	if o.RequestCompressed != nil {
+		toSerialize["requestCompressed"] = o.RequestCompressed
+	}
+	if o.ResponseSigned != nil {
+		toSerialize["responseSigned"] = o.ResponseSigned
+	}
+	if o.SignatureAlgorithm != nil {
+		toSerialize["signatureAlgorithm"] = o.SignatureAlgorithm
+	}
+	if o.Slo != nil {
+		toSerialize["slo"] = o.Slo
+	}
+	if o.SpCertificate != nil {
+		toSerialize["spCertificate"] = o.SpCertificate
+	}
+	if o.SpIssuer != nil {
+		toSerialize["spIssuer"] = o.SpIssuer
+	}
+	if o.SsoAcsUrl != nil {
+		toSerialize["ssoAcsUrl"] = o.SsoAcsUrl
+	}
+	if o.SsoAcsUrlOverride != nil {
+		toSerialize["ssoAcsUrlOverride"] = o.SsoAcsUrlOverride
+	}
+	if o.SubjectNameIdFormat != nil {
+		toSerialize["subjectNameIdFormat"] = o.SubjectNameIdFormat
+	}
+	if o.SubjectNameIdTemplate != nil {
+		toSerialize["subjectNameIdTemplate"] = o.SubjectNameIdTemplate
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SamlApplicationSettingsSignOn) UnmarshalJSON(bytes []byte) (err error) {
+	varSamlApplicationSettingsSignOn := _SamlApplicationSettingsSignOn{}
+
+	err = json.Unmarshal(bytes, &varSamlApplicationSettingsSignOn)
+	if err == nil {
+		*o = SamlApplicationSettingsSignOn(varSamlApplicationSettingsSignOn)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "acsEndpoints")
+		delete(additionalProperties, "allowMultipleAcsEndpoints")
+		delete(additionalProperties, "assertionSigned")
+		delete(additionalProperties, "attributeStatements")
+		delete(additionalProperties, "audience")
+		delete(additionalProperties, "audienceOverride")
+		delete(additionalProperties, "authnContextClassRef")
+		delete(additionalProperties, "defaultRelayState")
+		delete(additionalProperties, "destination")
+		delete(additionalProperties, "destinationOverride")
+		delete(additionalProperties, "digestAlgorithm")
+		delete(additionalProperties, "honorForceAuthn")
+		delete(additionalProperties, "idpIssuer")
+		delete(additionalProperties, "inlineHooks")
+		delete(additionalProperties, "recipient")
+		delete(additionalProperties, "recipientOverride")
+		delete(additionalProperties, "requestCompressed")
+		delete(additionalProperties, "responseSigned")
+		delete(additionalProperties, "signatureAlgorithm")
+		delete(additionalProperties, "slo")
+		delete(additionalProperties, "spCertificate")
+		delete(additionalProperties, "spIssuer")
+		delete(additionalProperties, "ssoAcsUrl")
+		delete(additionalProperties, "ssoAcsUrlOverride")
+		delete(additionalProperties, "subjectNameIdFormat")
+		delete(additionalProperties, "subjectNameIdTemplate")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSamlApplicationSettingsSignOn struct {
+	value *SamlApplicationSettingsSignOn
+	isSet bool
+}
+
+func (v NullableSamlApplicationSettingsSignOn) Get() *SamlApplicationSettingsSignOn {
+	return v.value
+}
+
+func (v *NullableSamlApplicationSettingsSignOn) Set(val *SamlApplicationSettingsSignOn) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSamlApplicationSettingsSignOn) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSamlApplicationSettingsSignOn) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSamlApplicationSettingsSignOn(val *SamlApplicationSettingsSignOn) *NullableSamlApplicationSettingsSignOn {
+	return &NullableSamlApplicationSettingsSignOn{value: val, isSet: true}
+}
+
+func (v NullableSamlApplicationSettingsSignOn) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSamlApplicationSettingsSignOn) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_saml_attribute_statement.go b/okta/model_saml_attribute_statement.go
new file mode 100644
index 000000000..fe7548747
--- /dev/null
+++ b/okta/model_saml_attribute_statement.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SamlAttributeStatement struct for SamlAttributeStatement
+type SamlAttributeStatement struct {
+	FilterType           *string  `json:"filterType,omitempty"`
+	FilterValue          *string  `json:"filterValue,omitempty"`
+	Name                 *string  `json:"name,omitempty"`
+	Namespace            *string  `json:"namespace,omitempty"`
+	Type                 *string  `json:"type,omitempty"`
+	Values               []string `json:"values,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SamlAttributeStatement SamlAttributeStatement
+
+// NewSamlAttributeStatement instantiates a new SamlAttributeStatement object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSamlAttributeStatement() *SamlAttributeStatement {
+	this := SamlAttributeStatement{}
+	return &this
+}
+
+// NewSamlAttributeStatementWithDefaults instantiates a new SamlAttributeStatement object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSamlAttributeStatementWithDefaults() *SamlAttributeStatement {
+	this := SamlAttributeStatement{}
+	return &this
+}
+
+// GetFilterType returns the FilterType field value if set, zero value otherwise.
+func (o *SamlAttributeStatement) GetFilterType() string {
+	if o == nil || o.FilterType == nil {
+		var ret string
+		return ret
+	}
+	return *o.FilterType
+}
+
+// GetFilterTypeOk returns a tuple with the FilterType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlAttributeStatement) GetFilterTypeOk() (*string, bool) {
+	if o == nil || o.FilterType == nil {
+		return nil, false
+	}
+	return o.FilterType, true
+}
+
+// HasFilterType returns a boolean if a field has been set.
+func (o *SamlAttributeStatement) HasFilterType() bool {
+	if o != nil && o.FilterType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFilterType gets a reference to the given string and assigns it to the FilterType field.
+func (o *SamlAttributeStatement) SetFilterType(v string) {
+	o.FilterType = &v
+}
+
+// GetFilterValue returns the FilterValue field value if set, zero value otherwise.
+func (o *SamlAttributeStatement) GetFilterValue() string {
+	if o == nil || o.FilterValue == nil {
+		var ret string
+		return ret
+	}
+	return *o.FilterValue
+}
+
+// GetFilterValueOk returns a tuple with the FilterValue field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlAttributeStatement) GetFilterValueOk() (*string, bool) {
+	if o == nil || o.FilterValue == nil {
+		return nil, false
+	}
+	return o.FilterValue, true
+}
+
+// HasFilterValue returns a boolean if a field has been set.
+func (o *SamlAttributeStatement) HasFilterValue() bool {
+	if o != nil && o.FilterValue != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFilterValue gets a reference to the given string and assigns it to the FilterValue field.
+func (o *SamlAttributeStatement) SetFilterValue(v string) {
+	o.FilterValue = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *SamlAttributeStatement) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlAttributeStatement) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *SamlAttributeStatement) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *SamlAttributeStatement) SetName(v string) {
+	o.Name = &v
+}
+
+// GetNamespace returns the Namespace field value if set, zero value otherwise.
+func (o *SamlAttributeStatement) GetNamespace() string {
+	if o == nil || o.Namespace == nil {
+		var ret string
+		return ret
+	}
+	return *o.Namespace
+}
+
+// GetNamespaceOk returns a tuple with the Namespace field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlAttributeStatement) GetNamespaceOk() (*string, bool) {
+	if o == nil || o.Namespace == nil {
+		return nil, false
+	}
+	return o.Namespace, true
+}
+
+// HasNamespace returns a boolean if a field has been set.
+func (o *SamlAttributeStatement) HasNamespace() bool {
+	if o != nil && o.Namespace != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNamespace gets a reference to the given string and assigns it to the Namespace field.
+func (o *SamlAttributeStatement) SetNamespace(v string) {
+	o.Namespace = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *SamlAttributeStatement) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlAttributeStatement) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *SamlAttributeStatement) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *SamlAttributeStatement) SetType(v string) {
+	o.Type = &v
+}
+
+// GetValues returns the Values field value if set, zero value otherwise.
+func (o *SamlAttributeStatement) GetValues() []string {
+	if o == nil || o.Values == nil {
+		var ret []string
+		return ret
+	}
+	return o.Values
+}
+
+// GetValuesOk returns a tuple with the Values field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SamlAttributeStatement) GetValuesOk() ([]string, bool) {
+	if o == nil || o.Values == nil {
+		return nil, false
+	}
+	return o.Values, true
+}
+
+// HasValues returns a boolean if a field has been set.
+func (o *SamlAttributeStatement) HasValues() bool {
+	if o != nil && o.Values != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValues gets a reference to the given []string and assigns it to the Values field.
+func (o *SamlAttributeStatement) SetValues(v []string) {
+	o.Values = v
+}
+
+func (o SamlAttributeStatement) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.FilterType != nil {
+		toSerialize["filterType"] = o.FilterType
+	}
+	if o.FilterValue != nil {
+		toSerialize["filterValue"] = o.FilterValue
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Namespace != nil {
+		toSerialize["namespace"] = o.Namespace
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Values != nil {
+		toSerialize["values"] = o.Values
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SamlAttributeStatement) UnmarshalJSON(bytes []byte) (err error) {
+	varSamlAttributeStatement := _SamlAttributeStatement{}
+
+	err = json.Unmarshal(bytes, &varSamlAttributeStatement)
+	if err == nil {
+		*o = SamlAttributeStatement(varSamlAttributeStatement)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "filterType")
+		delete(additionalProperties, "filterValue")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "namespace")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "values")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSamlAttributeStatement struct {
+	value *SamlAttributeStatement
+	isSet bool
+}
+
+func (v NullableSamlAttributeStatement) Get() *SamlAttributeStatement {
+	return v.value
+}
+
+func (v *NullableSamlAttributeStatement) Set(val *SamlAttributeStatement) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSamlAttributeStatement) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSamlAttributeStatement) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSamlAttributeStatement(val *SamlAttributeStatement) *NullableSamlAttributeStatement {
+	return &NullableSamlAttributeStatement{value: val, isSet: true}
+}
+
+func (v NullableSamlAttributeStatement) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSamlAttributeStatement) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_scheduled_user_lifecycle_action.go b/okta/model_scheduled_user_lifecycle_action.go
new file mode 100644
index 000000000..b25e8b7b8
--- /dev/null
+++ b/okta/model_scheduled_user_lifecycle_action.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ScheduledUserLifecycleAction struct for ScheduledUserLifecycleAction
+type ScheduledUserLifecycleAction struct {
+	Status               *PolicyUserStatus `json:"status,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ScheduledUserLifecycleAction ScheduledUserLifecycleAction
+
+// NewScheduledUserLifecycleAction instantiates a new ScheduledUserLifecycleAction object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewScheduledUserLifecycleAction() *ScheduledUserLifecycleAction {
+	this := ScheduledUserLifecycleAction{}
+	return &this
+}
+
+// NewScheduledUserLifecycleActionWithDefaults instantiates a new ScheduledUserLifecycleAction object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewScheduledUserLifecycleActionWithDefaults() *ScheduledUserLifecycleAction {
+	this := ScheduledUserLifecycleAction{}
+	return &this
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *ScheduledUserLifecycleAction) GetStatus() PolicyUserStatus {
+	if o == nil || o.Status == nil {
+		var ret PolicyUserStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ScheduledUserLifecycleAction) GetStatusOk() (*PolicyUserStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *ScheduledUserLifecycleAction) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given PolicyUserStatus and assigns it to the Status field.
+func (o *ScheduledUserLifecycleAction) SetStatus(v PolicyUserStatus) {
+	o.Status = &v
+}
+
+func (o ScheduledUserLifecycleAction) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ScheduledUserLifecycleAction) UnmarshalJSON(bytes []byte) (err error) {
+	varScheduledUserLifecycleAction := _ScheduledUserLifecycleAction{}
+
+	err = json.Unmarshal(bytes, &varScheduledUserLifecycleAction)
+	if err == nil {
+		*o = ScheduledUserLifecycleAction(varScheduledUserLifecycleAction)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "status")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableScheduledUserLifecycleAction struct {
+	value *ScheduledUserLifecycleAction
+	isSet bool
+}
+
+func (v NullableScheduledUserLifecycleAction) Get() *ScheduledUserLifecycleAction {
+	return v.value
+}
+
+func (v *NullableScheduledUserLifecycleAction) Set(val *ScheduledUserLifecycleAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableScheduledUserLifecycleAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableScheduledUserLifecycleAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableScheduledUserLifecycleAction(val *ScheduledUserLifecycleAction) *NullableScheduledUserLifecycleAction {
+	return &NullableScheduledUserLifecycleAction{value: val, isSet: true}
+}
+
+func (v NullableScheduledUserLifecycleAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableScheduledUserLifecycleAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_scheme_application_credentials.go b/okta/model_scheme_application_credentials.go
new file mode 100644
index 000000000..6b58070df
--- /dev/null
+++ b/okta/model_scheme_application_credentials.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SchemeApplicationCredentials struct for SchemeApplicationCredentials
+type SchemeApplicationCredentials struct {
+	Signing              *ApplicationCredentialsSigning          `json:"signing,omitempty"`
+	UserNameTemplate     *ApplicationCredentialsUsernameTemplate `json:"userNameTemplate,omitempty"`
+	Password             *PasswordCredential                     `json:"password,omitempty"`
+	RevealPassword       *bool                                   `json:"revealPassword,omitempty"`
+	Scheme               *ApplicationCredentialsScheme           `json:"scheme,omitempty"`
+	UserName             *string                                 `json:"userName,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SchemeApplicationCredentials SchemeApplicationCredentials
+
+// NewSchemeApplicationCredentials instantiates a new SchemeApplicationCredentials object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSchemeApplicationCredentials() *SchemeApplicationCredentials {
+	this := SchemeApplicationCredentials{}
+	return &this
+}
+
+// NewSchemeApplicationCredentialsWithDefaults instantiates a new SchemeApplicationCredentials object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSchemeApplicationCredentialsWithDefaults() *SchemeApplicationCredentials {
+	this := SchemeApplicationCredentials{}
+	return &this
+}
+
+// GetSigning returns the Signing field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentials) GetSigning() ApplicationCredentialsSigning {
+	if o == nil || o.Signing == nil {
+		var ret ApplicationCredentialsSigning
+		return ret
+	}
+	return *o.Signing
+}
+
+// GetSigningOk returns a tuple with the Signing field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentials) GetSigningOk() (*ApplicationCredentialsSigning, bool) {
+	if o == nil || o.Signing == nil {
+		return nil, false
+	}
+	return o.Signing, true
+}
+
+// HasSigning returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentials) HasSigning() bool {
+	if o != nil && o.Signing != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSigning gets a reference to the given ApplicationCredentialsSigning and assigns it to the Signing field.
+func (o *SchemeApplicationCredentials) SetSigning(v ApplicationCredentialsSigning) {
+	o.Signing = &v
+}
+
+// GetUserNameTemplate returns the UserNameTemplate field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentials) GetUserNameTemplate() ApplicationCredentialsUsernameTemplate {
+	if o == nil || o.UserNameTemplate == nil {
+		var ret ApplicationCredentialsUsernameTemplate
+		return ret
+	}
+	return *o.UserNameTemplate
+}
+
+// GetUserNameTemplateOk returns a tuple with the UserNameTemplate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentials) GetUserNameTemplateOk() (*ApplicationCredentialsUsernameTemplate, bool) {
+	if o == nil || o.UserNameTemplate == nil {
+		return nil, false
+	}
+	return o.UserNameTemplate, true
+}
+
+// HasUserNameTemplate returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentials) HasUserNameTemplate() bool {
+	if o != nil && o.UserNameTemplate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserNameTemplate gets a reference to the given ApplicationCredentialsUsernameTemplate and assigns it to the UserNameTemplate field.
+func (o *SchemeApplicationCredentials) SetUserNameTemplate(v ApplicationCredentialsUsernameTemplate) {
+	o.UserNameTemplate = &v
+}
+
+// GetPassword returns the Password field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentials) GetPassword() PasswordCredential {
+	if o == nil || o.Password == nil {
+		var ret PasswordCredential
+		return ret
+	}
+	return *o.Password
+}
+
+// GetPasswordOk returns a tuple with the Password field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentials) GetPasswordOk() (*PasswordCredential, bool) {
+	if o == nil || o.Password == nil {
+		return nil, false
+	}
+	return o.Password, true
+}
+
+// HasPassword returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentials) HasPassword() bool {
+	if o != nil && o.Password != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassword gets a reference to the given PasswordCredential and assigns it to the Password field.
+func (o *SchemeApplicationCredentials) SetPassword(v PasswordCredential) {
+	o.Password = &v
+}
+
+// GetRevealPassword returns the RevealPassword field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentials) GetRevealPassword() bool {
+	if o == nil || o.RevealPassword == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RevealPassword
+}
+
+// GetRevealPasswordOk returns a tuple with the RevealPassword field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentials) GetRevealPasswordOk() (*bool, bool) {
+	if o == nil || o.RevealPassword == nil {
+		return nil, false
+	}
+	return o.RevealPassword, true
+}
+
+// HasRevealPassword returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentials) HasRevealPassword() bool {
+	if o != nil && o.RevealPassword != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRevealPassword gets a reference to the given bool and assigns it to the RevealPassword field.
+func (o *SchemeApplicationCredentials) SetRevealPassword(v bool) {
+	o.RevealPassword = &v
+}
+
+// GetScheme returns the Scheme field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentials) GetScheme() ApplicationCredentialsScheme {
+	if o == nil || o.Scheme == nil {
+		var ret ApplicationCredentialsScheme
+		return ret
+	}
+	return *o.Scheme
+}
+
+// GetSchemeOk returns a tuple with the Scheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentials) GetSchemeOk() (*ApplicationCredentialsScheme, bool) {
+	if o == nil || o.Scheme == nil {
+		return nil, false
+	}
+	return o.Scheme, true
+}
+
+// HasScheme returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentials) HasScheme() bool {
+	if o != nil && o.Scheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScheme gets a reference to the given ApplicationCredentialsScheme and assigns it to the Scheme field.
+func (o *SchemeApplicationCredentials) SetScheme(v ApplicationCredentialsScheme) {
+	o.Scheme = &v
+}
+
+// GetUserName returns the UserName field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentials) GetUserName() string {
+	if o == nil || o.UserName == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentials) GetUserNameOk() (*string, bool) {
+	if o == nil || o.UserName == nil {
+		return nil, false
+	}
+	return o.UserName, true
+}
+
+// HasUserName returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentials) HasUserName() bool {
+	if o != nil && o.UserName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserName gets a reference to the given string and assigns it to the UserName field.
+func (o *SchemeApplicationCredentials) SetUserName(v string) {
+	o.UserName = &v
+}
+
+func (o SchemeApplicationCredentials) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Signing != nil {
+		toSerialize["signing"] = o.Signing
+	}
+	if o.UserNameTemplate != nil {
+		toSerialize["userNameTemplate"] = o.UserNameTemplate
+	}
+	if o.Password != nil {
+		toSerialize["password"] = o.Password
+	}
+	if o.RevealPassword != nil {
+		toSerialize["revealPassword"] = o.RevealPassword
+	}
+	if o.Scheme != nil {
+		toSerialize["scheme"] = o.Scheme
+	}
+	if o.UserName != nil {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SchemeApplicationCredentials) UnmarshalJSON(bytes []byte) (err error) {
+	varSchemeApplicationCredentials := _SchemeApplicationCredentials{}
+
+	err = json.Unmarshal(bytes, &varSchemeApplicationCredentials)
+	if err == nil {
+		*o = SchemeApplicationCredentials(varSchemeApplicationCredentials)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signing")
+		delete(additionalProperties, "userNameTemplate")
+		delete(additionalProperties, "password")
+		delete(additionalProperties, "revealPassword")
+		delete(additionalProperties, "scheme")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSchemeApplicationCredentials struct {
+	value *SchemeApplicationCredentials
+	isSet bool
+}
+
+func (v NullableSchemeApplicationCredentials) Get() *SchemeApplicationCredentials {
+	return v.value
+}
+
+func (v *NullableSchemeApplicationCredentials) Set(val *SchemeApplicationCredentials) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSchemeApplicationCredentials) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSchemeApplicationCredentials) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSchemeApplicationCredentials(val *SchemeApplicationCredentials) *NullableSchemeApplicationCredentials {
+	return &NullableSchemeApplicationCredentials{value: val, isSet: true}
+}
+
+func (v NullableSchemeApplicationCredentials) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSchemeApplicationCredentials) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_scheme_application_credentials_all_of.go b/okta/model_scheme_application_credentials_all_of.go
new file mode 100644
index 000000000..64b1e533d
--- /dev/null
+++ b/okta/model_scheme_application_credentials_all_of.go
@@ -0,0 +1,306 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SchemeApplicationCredentialsAllOf struct for SchemeApplicationCredentialsAllOf
+type SchemeApplicationCredentialsAllOf struct {
+	Password             *PasswordCredential            `json:"password,omitempty"`
+	RevealPassword       *bool                          `json:"revealPassword,omitempty"`
+	Scheme               *ApplicationCredentialsScheme  `json:"scheme,omitempty"`
+	Signing              *ApplicationCredentialsSigning `json:"signing,omitempty"`
+	UserName             *string                        `json:"userName,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SchemeApplicationCredentialsAllOf SchemeApplicationCredentialsAllOf
+
+// NewSchemeApplicationCredentialsAllOf instantiates a new SchemeApplicationCredentialsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSchemeApplicationCredentialsAllOf() *SchemeApplicationCredentialsAllOf {
+	this := SchemeApplicationCredentialsAllOf{}
+	return &this
+}
+
+// NewSchemeApplicationCredentialsAllOfWithDefaults instantiates a new SchemeApplicationCredentialsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSchemeApplicationCredentialsAllOfWithDefaults() *SchemeApplicationCredentialsAllOf {
+	this := SchemeApplicationCredentialsAllOf{}
+	return &this
+}
+
+// GetPassword returns the Password field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentialsAllOf) GetPassword() PasswordCredential {
+	if o == nil || o.Password == nil {
+		var ret PasswordCredential
+		return ret
+	}
+	return *o.Password
+}
+
+// GetPasswordOk returns a tuple with the Password field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentialsAllOf) GetPasswordOk() (*PasswordCredential, bool) {
+	if o == nil || o.Password == nil {
+		return nil, false
+	}
+	return o.Password, true
+}
+
+// HasPassword returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentialsAllOf) HasPassword() bool {
+	if o != nil && o.Password != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassword gets a reference to the given PasswordCredential and assigns it to the Password field.
+func (o *SchemeApplicationCredentialsAllOf) SetPassword(v PasswordCredential) {
+	o.Password = &v
+}
+
+// GetRevealPassword returns the RevealPassword field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentialsAllOf) GetRevealPassword() bool {
+	if o == nil || o.RevealPassword == nil {
+		var ret bool
+		return ret
+	}
+	return *o.RevealPassword
+}
+
+// GetRevealPasswordOk returns a tuple with the RevealPassword field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentialsAllOf) GetRevealPasswordOk() (*bool, bool) {
+	if o == nil || o.RevealPassword == nil {
+		return nil, false
+	}
+	return o.RevealPassword, true
+}
+
+// HasRevealPassword returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentialsAllOf) HasRevealPassword() bool {
+	if o != nil && o.RevealPassword != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRevealPassword gets a reference to the given bool and assigns it to the RevealPassword field.
+func (o *SchemeApplicationCredentialsAllOf) SetRevealPassword(v bool) {
+	o.RevealPassword = &v
+}
+
+// GetScheme returns the Scheme field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentialsAllOf) GetScheme() ApplicationCredentialsScheme {
+	if o == nil || o.Scheme == nil {
+		var ret ApplicationCredentialsScheme
+		return ret
+	}
+	return *o.Scheme
+}
+
+// GetSchemeOk returns a tuple with the Scheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentialsAllOf) GetSchemeOk() (*ApplicationCredentialsScheme, bool) {
+	if o == nil || o.Scheme == nil {
+		return nil, false
+	}
+	return o.Scheme, true
+}
+
+// HasScheme returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentialsAllOf) HasScheme() bool {
+	if o != nil && o.Scheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScheme gets a reference to the given ApplicationCredentialsScheme and assigns it to the Scheme field.
+func (o *SchemeApplicationCredentialsAllOf) SetScheme(v ApplicationCredentialsScheme) {
+	o.Scheme = &v
+}
+
+// GetSigning returns the Signing field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentialsAllOf) GetSigning() ApplicationCredentialsSigning {
+	if o == nil || o.Signing == nil {
+		var ret ApplicationCredentialsSigning
+		return ret
+	}
+	return *o.Signing
+}
+
+// GetSigningOk returns a tuple with the Signing field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentialsAllOf) GetSigningOk() (*ApplicationCredentialsSigning, bool) {
+	if o == nil || o.Signing == nil {
+		return nil, false
+	}
+	return o.Signing, true
+}
+
+// HasSigning returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentialsAllOf) HasSigning() bool {
+	if o != nil && o.Signing != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSigning gets a reference to the given ApplicationCredentialsSigning and assigns it to the Signing field.
+func (o *SchemeApplicationCredentialsAllOf) SetSigning(v ApplicationCredentialsSigning) {
+	o.Signing = &v
+}
+
+// GetUserName returns the UserName field value if set, zero value otherwise.
+func (o *SchemeApplicationCredentialsAllOf) GetUserName() string {
+	if o == nil || o.UserName == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SchemeApplicationCredentialsAllOf) GetUserNameOk() (*string, bool) {
+	if o == nil || o.UserName == nil {
+		return nil, false
+	}
+	return o.UserName, true
+}
+
+// HasUserName returns a boolean if a field has been set.
+func (o *SchemeApplicationCredentialsAllOf) HasUserName() bool {
+	if o != nil && o.UserName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserName gets a reference to the given string and assigns it to the UserName field.
+func (o *SchemeApplicationCredentialsAllOf) SetUserName(v string) {
+	o.UserName = &v
+}
+
+func (o SchemeApplicationCredentialsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Password != nil {
+		toSerialize["password"] = o.Password
+	}
+	if o.RevealPassword != nil {
+		toSerialize["revealPassword"] = o.RevealPassword
+	}
+	if o.Scheme != nil {
+		toSerialize["scheme"] = o.Scheme
+	}
+	if o.Signing != nil {
+		toSerialize["signing"] = o.Signing
+	}
+	if o.UserName != nil {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SchemeApplicationCredentialsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSchemeApplicationCredentialsAllOf := _SchemeApplicationCredentialsAllOf{}
+
+	err = json.Unmarshal(bytes, &varSchemeApplicationCredentialsAllOf)
+	if err == nil {
+		*o = SchemeApplicationCredentialsAllOf(varSchemeApplicationCredentialsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "password")
+		delete(additionalProperties, "revealPassword")
+		delete(additionalProperties, "scheme")
+		delete(additionalProperties, "signing")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSchemeApplicationCredentialsAllOf struct {
+	value *SchemeApplicationCredentialsAllOf
+	isSet bool
+}
+
+func (v NullableSchemeApplicationCredentialsAllOf) Get() *SchemeApplicationCredentialsAllOf {
+	return v.value
+}
+
+func (v *NullableSchemeApplicationCredentialsAllOf) Set(val *SchemeApplicationCredentialsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSchemeApplicationCredentialsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSchemeApplicationCredentialsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSchemeApplicationCredentialsAllOf(val *SchemeApplicationCredentialsAllOf) *NullableSchemeApplicationCredentialsAllOf {
+	return &NullableSchemeApplicationCredentialsAllOf{value: val, isSet: true}
+}
+
+func (v NullableSchemeApplicationCredentialsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSchemeApplicationCredentialsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_screen_lock_type.go b/okta/model_screen_lock_type.go
new file mode 100644
index 000000000..75dfb9e9f
--- /dev/null
+++ b/okta/model_screen_lock_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ScreenLockType the model 'ScreenLockType'
+type ScreenLockType string
+
+// List of ScreenLockType
+const (
+	SCREENLOCKTYPE_BIOMETRIC ScreenLockType = "BIOMETRIC"
+	SCREENLOCKTYPE_PASSCODE  ScreenLockType = "PASSCODE"
+)
+
+// All allowed values of ScreenLockType enum
+var AllowedScreenLockTypeEnumValues = []ScreenLockType{
+	"BIOMETRIC",
+	"PASSCODE",
+}
+
+func (v *ScreenLockType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := ScreenLockType(value)
+	for _, existing := range AllowedScreenLockTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid ScreenLockType", value)
+}
+
+// NewScreenLockTypeFromValue returns a pointer to a valid ScreenLockType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewScreenLockTypeFromValue(v string) (*ScreenLockType, error) {
+	ev := ScreenLockType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for ScreenLockType: valid values are %v", v, AllowedScreenLockTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v ScreenLockType) IsValid() bool {
+	for _, existing := range AllowedScreenLockTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to ScreenLockType value
+func (v ScreenLockType) Ptr() *ScreenLockType {
+	return &v
+}
+
+type NullableScreenLockType struct {
+	value *ScreenLockType
+	isSet bool
+}
+
+func (v NullableScreenLockType) Get() *ScreenLockType {
+	return v.value
+}
+
+func (v *NullableScreenLockType) Set(val *ScreenLockType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableScreenLockType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableScreenLockType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableScreenLockType(val *ScreenLockType) *NullableScreenLockType {
+	return &NullableScreenLockType{value: val, isSet: true}
+}
+
+func (v NullableScreenLockType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableScreenLockType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_secure_password_store_application.go b/okta/model_secure_password_store_application.go
new file mode 100644
index 000000000..aa43a68ba
--- /dev/null
+++ b/okta/model_secure_password_store_application.go
@@ -0,0 +1,285 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// SecurePasswordStoreApplication struct for SecurePasswordStoreApplication
+type SecurePasswordStoreApplication struct {
+	Application
+	Credentials          *SchemeApplicationCredentials           `json:"credentials,omitempty"`
+	Name                 *string                                 `json:"name,omitempty"`
+	Settings             *SecurePasswordStoreApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurePasswordStoreApplication SecurePasswordStoreApplication
+
+// NewSecurePasswordStoreApplication instantiates a new SecurePasswordStoreApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurePasswordStoreApplication() *SecurePasswordStoreApplication {
+	this := SecurePasswordStoreApplication{}
+	var name string = "template_sps"
+	this.Name = &name
+	return &this
+}
+
+// NewSecurePasswordStoreApplicationWithDefaults instantiates a new SecurePasswordStoreApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurePasswordStoreApplicationWithDefaults() *SecurePasswordStoreApplication {
+	this := SecurePasswordStoreApplication{}
+	var name string = "template_sps"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplication) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplication) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *SecurePasswordStoreApplication) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *SecurePasswordStoreApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplication) GetSettings() SecurePasswordStoreApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret SecurePasswordStoreApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplication) GetSettingsOk() (*SecurePasswordStoreApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given SecurePasswordStoreApplicationSettings and assigns it to the Settings field.
+func (o *SecurePasswordStoreApplication) SetSettings(v SecurePasswordStoreApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o SecurePasswordStoreApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurePasswordStoreApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type SecurePasswordStoreApplicationWithoutEmbeddedStruct struct {
+		Credentials *SchemeApplicationCredentials           `json:"credentials,omitempty"`
+		Name        *string                                 `json:"name,omitempty"`
+		Settings    *SecurePasswordStoreApplicationSettings `json:"settings,omitempty"`
+	}
+
+	varSecurePasswordStoreApplicationWithoutEmbeddedStruct := SecurePasswordStoreApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varSecurePasswordStoreApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varSecurePasswordStoreApplication := _SecurePasswordStoreApplication{}
+		varSecurePasswordStoreApplication.Credentials = varSecurePasswordStoreApplicationWithoutEmbeddedStruct.Credentials
+		varSecurePasswordStoreApplication.Name = varSecurePasswordStoreApplicationWithoutEmbeddedStruct.Name
+		varSecurePasswordStoreApplication.Settings = varSecurePasswordStoreApplicationWithoutEmbeddedStruct.Settings
+		*o = SecurePasswordStoreApplication(varSecurePasswordStoreApplication)
+	} else {
+		return err
+	}
+
+	varSecurePasswordStoreApplication := _SecurePasswordStoreApplication{}
+
+	err = json.Unmarshal(bytes, &varSecurePasswordStoreApplication)
+	if err == nil {
+		o.Application = varSecurePasswordStoreApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurePasswordStoreApplication struct {
+	value *SecurePasswordStoreApplication
+	isSet bool
+}
+
+func (v NullableSecurePasswordStoreApplication) Get() *SecurePasswordStoreApplication {
+	return v.value
+}
+
+func (v *NullableSecurePasswordStoreApplication) Set(val *SecurePasswordStoreApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurePasswordStoreApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurePasswordStoreApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurePasswordStoreApplication(val *SecurePasswordStoreApplication) *NullableSecurePasswordStoreApplication {
+	return &NullableSecurePasswordStoreApplication{value: val, isSet: true}
+}
+
+func (v NullableSecurePasswordStoreApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurePasswordStoreApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_secure_password_store_application_all_of.go b/okta/model_secure_password_store_application_all_of.go
new file mode 100644
index 000000000..838cb014c
--- /dev/null
+++ b/okta/model_secure_password_store_application_all_of.go
@@ -0,0 +1,236 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SecurePasswordStoreApplicationAllOf struct for SecurePasswordStoreApplicationAllOf
+type SecurePasswordStoreApplicationAllOf struct {
+	Credentials          *SchemeApplicationCredentials           `json:"credentials,omitempty"`
+	Name                 *string                                 `json:"name,omitempty"`
+	Settings             *SecurePasswordStoreApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurePasswordStoreApplicationAllOf SecurePasswordStoreApplicationAllOf
+
+// NewSecurePasswordStoreApplicationAllOf instantiates a new SecurePasswordStoreApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurePasswordStoreApplicationAllOf() *SecurePasswordStoreApplicationAllOf {
+	this := SecurePasswordStoreApplicationAllOf{}
+	var name string = "template_sps"
+	this.Name = &name
+	return &this
+}
+
+// NewSecurePasswordStoreApplicationAllOfWithDefaults instantiates a new SecurePasswordStoreApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurePasswordStoreApplicationAllOfWithDefaults() *SecurePasswordStoreApplicationAllOf {
+	this := SecurePasswordStoreApplicationAllOf{}
+	var name string = "template_sps"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationAllOf) GetCredentials() SchemeApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret SchemeApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationAllOf) GetCredentialsOk() (*SchemeApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given SchemeApplicationCredentials and assigns it to the Credentials field.
+func (o *SecurePasswordStoreApplicationAllOf) SetCredentials(v SchemeApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *SecurePasswordStoreApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationAllOf) GetSettings() SecurePasswordStoreApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret SecurePasswordStoreApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationAllOf) GetSettingsOk() (*SecurePasswordStoreApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given SecurePasswordStoreApplicationSettings and assigns it to the Settings field.
+func (o *SecurePasswordStoreApplicationAllOf) SetSettings(v SecurePasswordStoreApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o SecurePasswordStoreApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurePasswordStoreApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSecurePasswordStoreApplicationAllOf := _SecurePasswordStoreApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varSecurePasswordStoreApplicationAllOf)
+	if err == nil {
+		*o = SecurePasswordStoreApplicationAllOf(varSecurePasswordStoreApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurePasswordStoreApplicationAllOf struct {
+	value *SecurePasswordStoreApplicationAllOf
+	isSet bool
+}
+
+func (v NullableSecurePasswordStoreApplicationAllOf) Get() *SecurePasswordStoreApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableSecurePasswordStoreApplicationAllOf) Set(val *SecurePasswordStoreApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurePasswordStoreApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurePasswordStoreApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurePasswordStoreApplicationAllOf(val *SecurePasswordStoreApplicationAllOf) *NullableSecurePasswordStoreApplicationAllOf {
+	return &NullableSecurePasswordStoreApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableSecurePasswordStoreApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurePasswordStoreApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_secure_password_store_application_settings.go b/okta/model_secure_password_store_application_settings.go
new file mode 100644
index 000000000..49913d596
--- /dev/null
+++ b/okta/model_secure_password_store_application_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SecurePasswordStoreApplicationSettings struct for SecurePasswordStoreApplicationSettings
+type SecurePasswordStoreApplicationSettings struct {
+	IdentityStoreId      *string                                            `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                                              `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                                            `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes                          `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications                  `json:"notifications,omitempty"`
+	App                  *SecurePasswordStoreApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurePasswordStoreApplicationSettings SecurePasswordStoreApplicationSettings
+
+// NewSecurePasswordStoreApplicationSettings instantiates a new SecurePasswordStoreApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurePasswordStoreApplicationSettings() *SecurePasswordStoreApplicationSettings {
+	this := SecurePasswordStoreApplicationSettings{}
+	return &this
+}
+
+// NewSecurePasswordStoreApplicationSettingsWithDefaults instantiates a new SecurePasswordStoreApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurePasswordStoreApplicationSettingsWithDefaults() *SecurePasswordStoreApplicationSettings {
+	this := SecurePasswordStoreApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *SecurePasswordStoreApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *SecurePasswordStoreApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *SecurePasswordStoreApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *SecurePasswordStoreApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *SecurePasswordStoreApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettings) GetApp() SecurePasswordStoreApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret SecurePasswordStoreApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettings) GetAppOk() (*SecurePasswordStoreApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettings) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given SecurePasswordStoreApplicationSettingsApplication and assigns it to the App field.
+func (o *SecurePasswordStoreApplicationSettings) SetApp(v SecurePasswordStoreApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o SecurePasswordStoreApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurePasswordStoreApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varSecurePasswordStoreApplicationSettings := _SecurePasswordStoreApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varSecurePasswordStoreApplicationSettings)
+	if err == nil {
+		*o = SecurePasswordStoreApplicationSettings(varSecurePasswordStoreApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurePasswordStoreApplicationSettings struct {
+	value *SecurePasswordStoreApplicationSettings
+	isSet bool
+}
+
+func (v NullableSecurePasswordStoreApplicationSettings) Get() *SecurePasswordStoreApplicationSettings {
+	return v.value
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettings) Set(val *SecurePasswordStoreApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurePasswordStoreApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurePasswordStoreApplicationSettings(val *SecurePasswordStoreApplicationSettings) *NullableSecurePasswordStoreApplicationSettings {
+	return &NullableSecurePasswordStoreApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableSecurePasswordStoreApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_secure_password_store_application_settings_all_of.go b/okta/model_secure_password_store_application_settings_all_of.go
new file mode 100644
index 000000000..04f3e1d3e
--- /dev/null
+++ b/okta/model_secure_password_store_application_settings_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SecurePasswordStoreApplicationSettingsAllOf struct for SecurePasswordStoreApplicationSettingsAllOf
+type SecurePasswordStoreApplicationSettingsAllOf struct {
+	App                  *SecurePasswordStoreApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurePasswordStoreApplicationSettingsAllOf SecurePasswordStoreApplicationSettingsAllOf
+
+// NewSecurePasswordStoreApplicationSettingsAllOf instantiates a new SecurePasswordStoreApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurePasswordStoreApplicationSettingsAllOf() *SecurePasswordStoreApplicationSettingsAllOf {
+	this := SecurePasswordStoreApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewSecurePasswordStoreApplicationSettingsAllOfWithDefaults instantiates a new SecurePasswordStoreApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurePasswordStoreApplicationSettingsAllOfWithDefaults() *SecurePasswordStoreApplicationSettingsAllOf {
+	this := SecurePasswordStoreApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsAllOf) GetApp() SecurePasswordStoreApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret SecurePasswordStoreApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsAllOf) GetAppOk() (*SecurePasswordStoreApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsAllOf) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given SecurePasswordStoreApplicationSettingsApplication and assigns it to the App field.
+func (o *SecurePasswordStoreApplicationSettingsAllOf) SetApp(v SecurePasswordStoreApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o SecurePasswordStoreApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurePasswordStoreApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSecurePasswordStoreApplicationSettingsAllOf := _SecurePasswordStoreApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varSecurePasswordStoreApplicationSettingsAllOf)
+	if err == nil {
+		*o = SecurePasswordStoreApplicationSettingsAllOf(varSecurePasswordStoreApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurePasswordStoreApplicationSettingsAllOf struct {
+	value *SecurePasswordStoreApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableSecurePasswordStoreApplicationSettingsAllOf) Get() *SecurePasswordStoreApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettingsAllOf) Set(val *SecurePasswordStoreApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurePasswordStoreApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurePasswordStoreApplicationSettingsAllOf(val *SecurePasswordStoreApplicationSettingsAllOf) *NullableSecurePasswordStoreApplicationSettingsAllOf {
+	return &NullableSecurePasswordStoreApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableSecurePasswordStoreApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_secure_password_store_application_settings_application.go b/okta/model_secure_password_store_application_settings_application.go
new file mode 100644
index 000000000..e076a9eb3
--- /dev/null
+++ b/okta/model_secure_password_store_application_settings_application.go
@@ -0,0 +1,454 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SecurePasswordStoreApplicationSettingsApplication struct for SecurePasswordStoreApplicationSettingsApplication
+type SecurePasswordStoreApplicationSettingsApplication struct {
+	OptionalField1       *string `json:"optionalField1,omitempty"`
+	OptionalField1Value  *string `json:"optionalField1Value,omitempty"`
+	OptionalField2       *string `json:"optionalField2,omitempty"`
+	OptionalField2Value  *string `json:"optionalField2Value,omitempty"`
+	OptionalField3       *string `json:"optionalField3,omitempty"`
+	OptionalField3Value  *string `json:"optionalField3Value,omitempty"`
+	PasswordField        *string `json:"passwordField,omitempty"`
+	Url                  *string `json:"url,omitempty"`
+	UsernameField        *string `json:"usernameField,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurePasswordStoreApplicationSettingsApplication SecurePasswordStoreApplicationSettingsApplication
+
+// NewSecurePasswordStoreApplicationSettingsApplication instantiates a new SecurePasswordStoreApplicationSettingsApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurePasswordStoreApplicationSettingsApplication() *SecurePasswordStoreApplicationSettingsApplication {
+	this := SecurePasswordStoreApplicationSettingsApplication{}
+	return &this
+}
+
+// NewSecurePasswordStoreApplicationSettingsApplicationWithDefaults instantiates a new SecurePasswordStoreApplicationSettingsApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurePasswordStoreApplicationSettingsApplicationWithDefaults() *SecurePasswordStoreApplicationSettingsApplication {
+	this := SecurePasswordStoreApplicationSettingsApplication{}
+	return &this
+}
+
+// GetOptionalField1 returns the OptionalField1 field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1() string {
+	if o == nil || o.OptionalField1 == nil {
+		var ret string
+		return ret
+	}
+	return *o.OptionalField1
+}
+
+// GetOptionalField1Ok returns a tuple with the OptionalField1 field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1Ok() (*string, bool) {
+	if o == nil || o.OptionalField1 == nil {
+		return nil, false
+	}
+	return o.OptionalField1, true
+}
+
+// HasOptionalField1 returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField1() bool {
+	if o != nil && o.OptionalField1 != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptionalField1 gets a reference to the given string and assigns it to the OptionalField1 field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField1(v string) {
+	o.OptionalField1 = &v
+}
+
+// GetOptionalField1Value returns the OptionalField1Value field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1Value() string {
+	if o == nil || o.OptionalField1Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.OptionalField1Value
+}
+
+// GetOptionalField1ValueOk returns a tuple with the OptionalField1Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField1ValueOk() (*string, bool) {
+	if o == nil || o.OptionalField1Value == nil {
+		return nil, false
+	}
+	return o.OptionalField1Value, true
+}
+
+// HasOptionalField1Value returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField1Value() bool {
+	if o != nil && o.OptionalField1Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptionalField1Value gets a reference to the given string and assigns it to the OptionalField1Value field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField1Value(v string) {
+	o.OptionalField1Value = &v
+}
+
+// GetOptionalField2 returns the OptionalField2 field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2() string {
+	if o == nil || o.OptionalField2 == nil {
+		var ret string
+		return ret
+	}
+	return *o.OptionalField2
+}
+
+// GetOptionalField2Ok returns a tuple with the OptionalField2 field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2Ok() (*string, bool) {
+	if o == nil || o.OptionalField2 == nil {
+		return nil, false
+	}
+	return o.OptionalField2, true
+}
+
+// HasOptionalField2 returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField2() bool {
+	if o != nil && o.OptionalField2 != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptionalField2 gets a reference to the given string and assigns it to the OptionalField2 field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField2(v string) {
+	o.OptionalField2 = &v
+}
+
+// GetOptionalField2Value returns the OptionalField2Value field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2Value() string {
+	if o == nil || o.OptionalField2Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.OptionalField2Value
+}
+
+// GetOptionalField2ValueOk returns a tuple with the OptionalField2Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField2ValueOk() (*string, bool) {
+	if o == nil || o.OptionalField2Value == nil {
+		return nil, false
+	}
+	return o.OptionalField2Value, true
+}
+
+// HasOptionalField2Value returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField2Value() bool {
+	if o != nil && o.OptionalField2Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptionalField2Value gets a reference to the given string and assigns it to the OptionalField2Value field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField2Value(v string) {
+	o.OptionalField2Value = &v
+}
+
+// GetOptionalField3 returns the OptionalField3 field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3() string {
+	if o == nil || o.OptionalField3 == nil {
+		var ret string
+		return ret
+	}
+	return *o.OptionalField3
+}
+
+// GetOptionalField3Ok returns a tuple with the OptionalField3 field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3Ok() (*string, bool) {
+	if o == nil || o.OptionalField3 == nil {
+		return nil, false
+	}
+	return o.OptionalField3, true
+}
+
+// HasOptionalField3 returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField3() bool {
+	if o != nil && o.OptionalField3 != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptionalField3 gets a reference to the given string and assigns it to the OptionalField3 field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField3(v string) {
+	o.OptionalField3 = &v
+}
+
+// GetOptionalField3Value returns the OptionalField3Value field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3Value() string {
+	if o == nil || o.OptionalField3Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.OptionalField3Value
+}
+
+// GetOptionalField3ValueOk returns a tuple with the OptionalField3Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetOptionalField3ValueOk() (*string, bool) {
+	if o == nil || o.OptionalField3Value == nil {
+		return nil, false
+	}
+	return o.OptionalField3Value, true
+}
+
+// HasOptionalField3Value returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasOptionalField3Value() bool {
+	if o != nil && o.OptionalField3Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOptionalField3Value gets a reference to the given string and assigns it to the OptionalField3Value field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetOptionalField3Value(v string) {
+	o.OptionalField3Value = &v
+}
+
+// GetPasswordField returns the PasswordField field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetPasswordField() string {
+	if o == nil || o.PasswordField == nil {
+		var ret string
+		return ret
+	}
+	return *o.PasswordField
+}
+
+// GetPasswordFieldOk returns a tuple with the PasswordField field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetPasswordFieldOk() (*string, bool) {
+	if o == nil || o.PasswordField == nil {
+		return nil, false
+	}
+	return o.PasswordField, true
+}
+
+// HasPasswordField returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasPasswordField() bool {
+	if o != nil && o.PasswordField != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordField gets a reference to the given string and assigns it to the PasswordField field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetPasswordField(v string) {
+	o.PasswordField = &v
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetUrl(v string) {
+	o.Url = &v
+}
+
+// GetUsernameField returns the UsernameField field value if set, zero value otherwise.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetUsernameField() string {
+	if o == nil || o.UsernameField == nil {
+		var ret string
+		return ret
+	}
+	return *o.UsernameField
+}
+
+// GetUsernameFieldOk returns a tuple with the UsernameField field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) GetUsernameFieldOk() (*string, bool) {
+	if o == nil || o.UsernameField == nil {
+		return nil, false
+	}
+	return o.UsernameField, true
+}
+
+// HasUsernameField returns a boolean if a field has been set.
+func (o *SecurePasswordStoreApplicationSettingsApplication) HasUsernameField() bool {
+	if o != nil && o.UsernameField != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsernameField gets a reference to the given string and assigns it to the UsernameField field.
+func (o *SecurePasswordStoreApplicationSettingsApplication) SetUsernameField(v string) {
+	o.UsernameField = &v
+}
+
+func (o SecurePasswordStoreApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.OptionalField1 != nil {
+		toSerialize["optionalField1"] = o.OptionalField1
+	}
+	if o.OptionalField1Value != nil {
+		toSerialize["optionalField1Value"] = o.OptionalField1Value
+	}
+	if o.OptionalField2 != nil {
+		toSerialize["optionalField2"] = o.OptionalField2
+	}
+	if o.OptionalField2Value != nil {
+		toSerialize["optionalField2Value"] = o.OptionalField2Value
+	}
+	if o.OptionalField3 != nil {
+		toSerialize["optionalField3"] = o.OptionalField3
+	}
+	if o.OptionalField3Value != nil {
+		toSerialize["optionalField3Value"] = o.OptionalField3Value
+	}
+	if o.PasswordField != nil {
+		toSerialize["passwordField"] = o.PasswordField
+	}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+	if o.UsernameField != nil {
+		toSerialize["usernameField"] = o.UsernameField
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurePasswordStoreApplicationSettingsApplication) UnmarshalJSON(bytes []byte) (err error) {
+	varSecurePasswordStoreApplicationSettingsApplication := _SecurePasswordStoreApplicationSettingsApplication{}
+
+	err = json.Unmarshal(bytes, &varSecurePasswordStoreApplicationSettingsApplication)
+	if err == nil {
+		*o = SecurePasswordStoreApplicationSettingsApplication(varSecurePasswordStoreApplicationSettingsApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "optionalField1")
+		delete(additionalProperties, "optionalField1Value")
+		delete(additionalProperties, "optionalField2")
+		delete(additionalProperties, "optionalField2Value")
+		delete(additionalProperties, "optionalField3")
+		delete(additionalProperties, "optionalField3Value")
+		delete(additionalProperties, "passwordField")
+		delete(additionalProperties, "url")
+		delete(additionalProperties, "usernameField")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurePasswordStoreApplicationSettingsApplication struct {
+	value *SecurePasswordStoreApplicationSettingsApplication
+	isSet bool
+}
+
+func (v NullableSecurePasswordStoreApplicationSettingsApplication) Get() *SecurePasswordStoreApplicationSettingsApplication {
+	return v.value
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettingsApplication) Set(val *SecurePasswordStoreApplicationSettingsApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurePasswordStoreApplicationSettingsApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettingsApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurePasswordStoreApplicationSettingsApplication(val *SecurePasswordStoreApplicationSettingsApplication) *NullableSecurePasswordStoreApplicationSettingsApplication {
+	return &NullableSecurePasswordStoreApplicationSettingsApplication{value: val, isSet: true}
+}
+
+func (v NullableSecurePasswordStoreApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurePasswordStoreApplicationSettingsApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_security_question.go b/okta/model_security_question.go
new file mode 100644
index 000000000..f017d34fc
--- /dev/null
+++ b/okta/model_security_question.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SecurityQuestion struct for SecurityQuestion
+type SecurityQuestion struct {
+	Answer               *string `json:"answer,omitempty"`
+	Question             *string `json:"question,omitempty"`
+	QuestionText         *string `json:"questionText,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurityQuestion SecurityQuestion
+
+// NewSecurityQuestion instantiates a new SecurityQuestion object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurityQuestion() *SecurityQuestion {
+	this := SecurityQuestion{}
+	return &this
+}
+
+// NewSecurityQuestionWithDefaults instantiates a new SecurityQuestion object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurityQuestionWithDefaults() *SecurityQuestion {
+	this := SecurityQuestion{}
+	return &this
+}
+
+// GetAnswer returns the Answer field value if set, zero value otherwise.
+func (o *SecurityQuestion) GetAnswer() string {
+	if o == nil || o.Answer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Answer
+}
+
+// GetAnswerOk returns a tuple with the Answer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestion) GetAnswerOk() (*string, bool) {
+	if o == nil || o.Answer == nil {
+		return nil, false
+	}
+	return o.Answer, true
+}
+
+// HasAnswer returns a boolean if a field has been set.
+func (o *SecurityQuestion) HasAnswer() bool {
+	if o != nil && o.Answer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAnswer gets a reference to the given string and assigns it to the Answer field.
+func (o *SecurityQuestion) SetAnswer(v string) {
+	o.Answer = &v
+}
+
+// GetQuestion returns the Question field value if set, zero value otherwise.
+func (o *SecurityQuestion) GetQuestion() string {
+	if o == nil || o.Question == nil {
+		var ret string
+		return ret
+	}
+	return *o.Question
+}
+
+// GetQuestionOk returns a tuple with the Question field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestion) GetQuestionOk() (*string, bool) {
+	if o == nil || o.Question == nil {
+		return nil, false
+	}
+	return o.Question, true
+}
+
+// HasQuestion returns a boolean if a field has been set.
+func (o *SecurityQuestion) HasQuestion() bool {
+	if o != nil && o.Question != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetQuestion gets a reference to the given string and assigns it to the Question field.
+func (o *SecurityQuestion) SetQuestion(v string) {
+	o.Question = &v
+}
+
+// GetQuestionText returns the QuestionText field value if set, zero value otherwise.
+func (o *SecurityQuestion) GetQuestionText() string {
+	if o == nil || o.QuestionText == nil {
+		var ret string
+		return ret
+	}
+	return *o.QuestionText
+}
+
+// GetQuestionTextOk returns a tuple with the QuestionText field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestion) GetQuestionTextOk() (*string, bool) {
+	if o == nil || o.QuestionText == nil {
+		return nil, false
+	}
+	return o.QuestionText, true
+}
+
+// HasQuestionText returns a boolean if a field has been set.
+func (o *SecurityQuestion) HasQuestionText() bool {
+	if o != nil && o.QuestionText != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetQuestionText gets a reference to the given string and assigns it to the QuestionText field.
+func (o *SecurityQuestion) SetQuestionText(v string) {
+	o.QuestionText = &v
+}
+
+func (o SecurityQuestion) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Answer != nil {
+		toSerialize["answer"] = o.Answer
+	}
+	if o.Question != nil {
+		toSerialize["question"] = o.Question
+	}
+	if o.QuestionText != nil {
+		toSerialize["questionText"] = o.QuestionText
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurityQuestion) UnmarshalJSON(bytes []byte) (err error) {
+	varSecurityQuestion := _SecurityQuestion{}
+
+	err = json.Unmarshal(bytes, &varSecurityQuestion)
+	if err == nil {
+		*o = SecurityQuestion(varSecurityQuestion)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "answer")
+		delete(additionalProperties, "question")
+		delete(additionalProperties, "questionText")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurityQuestion struct {
+	value *SecurityQuestion
+	isSet bool
+}
+
+func (v NullableSecurityQuestion) Get() *SecurityQuestion {
+	return v.value
+}
+
+func (v *NullableSecurityQuestion) Set(val *SecurityQuestion) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurityQuestion) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurityQuestion) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurityQuestion(val *SecurityQuestion) *NullableSecurityQuestion {
+	return &NullableSecurityQuestion{value: val, isSet: true}
+}
+
+func (v NullableSecurityQuestion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurityQuestion) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_security_question_user_factor.go b/okta/model_security_question_user_factor.go
new file mode 100644
index 000000000..35d1190e7
--- /dev/null
+++ b/okta/model_security_question_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// SecurityQuestionUserFactor struct for SecurityQuestionUserFactor
+type SecurityQuestionUserFactor struct {
+	UserFactor
+	Profile              *SecurityQuestionUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurityQuestionUserFactor SecurityQuestionUserFactor
+
+// NewSecurityQuestionUserFactor instantiates a new SecurityQuestionUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurityQuestionUserFactor() *SecurityQuestionUserFactor {
+	this := SecurityQuestionUserFactor{}
+	return &this
+}
+
+// NewSecurityQuestionUserFactorWithDefaults instantiates a new SecurityQuestionUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurityQuestionUserFactorWithDefaults() *SecurityQuestionUserFactor {
+	this := SecurityQuestionUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *SecurityQuestionUserFactor) GetProfile() SecurityQuestionUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret SecurityQuestionUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestionUserFactor) GetProfileOk() (*SecurityQuestionUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *SecurityQuestionUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given SecurityQuestionUserFactorProfile and assigns it to the Profile field.
+func (o *SecurityQuestionUserFactor) SetProfile(v SecurityQuestionUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o SecurityQuestionUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurityQuestionUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type SecurityQuestionUserFactorWithoutEmbeddedStruct struct {
+		Profile *SecurityQuestionUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varSecurityQuestionUserFactorWithoutEmbeddedStruct := SecurityQuestionUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varSecurityQuestionUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varSecurityQuestionUserFactor := _SecurityQuestionUserFactor{}
+		varSecurityQuestionUserFactor.Profile = varSecurityQuestionUserFactorWithoutEmbeddedStruct.Profile
+		*o = SecurityQuestionUserFactor(varSecurityQuestionUserFactor)
+	} else {
+		return err
+	}
+
+	varSecurityQuestionUserFactor := _SecurityQuestionUserFactor{}
+
+	err = json.Unmarshal(bytes, &varSecurityQuestionUserFactor)
+	if err == nil {
+		o.UserFactor = varSecurityQuestionUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurityQuestionUserFactor struct {
+	value *SecurityQuestionUserFactor
+	isSet bool
+}
+
+func (v NullableSecurityQuestionUserFactor) Get() *SecurityQuestionUserFactor {
+	return v.value
+}
+
+func (v *NullableSecurityQuestionUserFactor) Set(val *SecurityQuestionUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurityQuestionUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurityQuestionUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurityQuestionUserFactor(val *SecurityQuestionUserFactor) *NullableSecurityQuestionUserFactor {
+	return &NullableSecurityQuestionUserFactor{value: val, isSet: true}
+}
+
+func (v NullableSecurityQuestionUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurityQuestionUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_security_question_user_factor_all_of.go b/okta/model_security_question_user_factor_all_of.go
new file mode 100644
index 000000000..0688a76f6
--- /dev/null
+++ b/okta/model_security_question_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SecurityQuestionUserFactorAllOf struct for SecurityQuestionUserFactorAllOf
+type SecurityQuestionUserFactorAllOf struct {
+	Profile              *SecurityQuestionUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurityQuestionUserFactorAllOf SecurityQuestionUserFactorAllOf
+
+// NewSecurityQuestionUserFactorAllOf instantiates a new SecurityQuestionUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurityQuestionUserFactorAllOf() *SecurityQuestionUserFactorAllOf {
+	this := SecurityQuestionUserFactorAllOf{}
+	return &this
+}
+
+// NewSecurityQuestionUserFactorAllOfWithDefaults instantiates a new SecurityQuestionUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurityQuestionUserFactorAllOfWithDefaults() *SecurityQuestionUserFactorAllOf {
+	this := SecurityQuestionUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *SecurityQuestionUserFactorAllOf) GetProfile() SecurityQuestionUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret SecurityQuestionUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestionUserFactorAllOf) GetProfileOk() (*SecurityQuestionUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *SecurityQuestionUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given SecurityQuestionUserFactorProfile and assigns it to the Profile field.
+func (o *SecurityQuestionUserFactorAllOf) SetProfile(v SecurityQuestionUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o SecurityQuestionUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurityQuestionUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSecurityQuestionUserFactorAllOf := _SecurityQuestionUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varSecurityQuestionUserFactorAllOf)
+	if err == nil {
+		*o = SecurityQuestionUserFactorAllOf(varSecurityQuestionUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurityQuestionUserFactorAllOf struct {
+	value *SecurityQuestionUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableSecurityQuestionUserFactorAllOf) Get() *SecurityQuestionUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableSecurityQuestionUserFactorAllOf) Set(val *SecurityQuestionUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurityQuestionUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurityQuestionUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurityQuestionUserFactorAllOf(val *SecurityQuestionUserFactorAllOf) *NullableSecurityQuestionUserFactorAllOf {
+	return &NullableSecurityQuestionUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableSecurityQuestionUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurityQuestionUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_security_question_user_factor_profile.go b/okta/model_security_question_user_factor_profile.go
new file mode 100644
index 000000000..6c0eb7803
--- /dev/null
+++ b/okta/model_security_question_user_factor_profile.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SecurityQuestionUserFactorProfile struct for SecurityQuestionUserFactorProfile
+type SecurityQuestionUserFactorProfile struct {
+	Answer               *string `json:"answer,omitempty"`
+	Question             *string `json:"question,omitempty"`
+	QuestionText         *string `json:"questionText,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SecurityQuestionUserFactorProfile SecurityQuestionUserFactorProfile
+
+// NewSecurityQuestionUserFactorProfile instantiates a new SecurityQuestionUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSecurityQuestionUserFactorProfile() *SecurityQuestionUserFactorProfile {
+	this := SecurityQuestionUserFactorProfile{}
+	return &this
+}
+
+// NewSecurityQuestionUserFactorProfileWithDefaults instantiates a new SecurityQuestionUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSecurityQuestionUserFactorProfileWithDefaults() *SecurityQuestionUserFactorProfile {
+	this := SecurityQuestionUserFactorProfile{}
+	return &this
+}
+
+// GetAnswer returns the Answer field value if set, zero value otherwise.
+func (o *SecurityQuestionUserFactorProfile) GetAnswer() string {
+	if o == nil || o.Answer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Answer
+}
+
+// GetAnswerOk returns a tuple with the Answer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestionUserFactorProfile) GetAnswerOk() (*string, bool) {
+	if o == nil || o.Answer == nil {
+		return nil, false
+	}
+	return o.Answer, true
+}
+
+// HasAnswer returns a boolean if a field has been set.
+func (o *SecurityQuestionUserFactorProfile) HasAnswer() bool {
+	if o != nil && o.Answer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAnswer gets a reference to the given string and assigns it to the Answer field.
+func (o *SecurityQuestionUserFactorProfile) SetAnswer(v string) {
+	o.Answer = &v
+}
+
+// GetQuestion returns the Question field value if set, zero value otherwise.
+func (o *SecurityQuestionUserFactorProfile) GetQuestion() string {
+	if o == nil || o.Question == nil {
+		var ret string
+		return ret
+	}
+	return *o.Question
+}
+
+// GetQuestionOk returns a tuple with the Question field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestionUserFactorProfile) GetQuestionOk() (*string, bool) {
+	if o == nil || o.Question == nil {
+		return nil, false
+	}
+	return o.Question, true
+}
+
+// HasQuestion returns a boolean if a field has been set.
+func (o *SecurityQuestionUserFactorProfile) HasQuestion() bool {
+	if o != nil && o.Question != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetQuestion gets a reference to the given string and assigns it to the Question field.
+func (o *SecurityQuestionUserFactorProfile) SetQuestion(v string) {
+	o.Question = &v
+}
+
+// GetQuestionText returns the QuestionText field value if set, zero value otherwise.
+func (o *SecurityQuestionUserFactorProfile) GetQuestionText() string {
+	if o == nil || o.QuestionText == nil {
+		var ret string
+		return ret
+	}
+	return *o.QuestionText
+}
+
+// GetQuestionTextOk returns a tuple with the QuestionText field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityQuestionUserFactorProfile) GetQuestionTextOk() (*string, bool) {
+	if o == nil || o.QuestionText == nil {
+		return nil, false
+	}
+	return o.QuestionText, true
+}
+
+// HasQuestionText returns a boolean if a field has been set.
+func (o *SecurityQuestionUserFactorProfile) HasQuestionText() bool {
+	if o != nil && o.QuestionText != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetQuestionText gets a reference to the given string and assigns it to the QuestionText field.
+func (o *SecurityQuestionUserFactorProfile) SetQuestionText(v string) {
+	o.QuestionText = &v
+}
+
+func (o SecurityQuestionUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Answer != nil {
+		toSerialize["answer"] = o.Answer
+	}
+	if o.Question != nil {
+		toSerialize["question"] = o.Question
+	}
+	if o.QuestionText != nil {
+		toSerialize["questionText"] = o.QuestionText
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SecurityQuestionUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varSecurityQuestionUserFactorProfile := _SecurityQuestionUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varSecurityQuestionUserFactorProfile)
+	if err == nil {
+		*o = SecurityQuestionUserFactorProfile(varSecurityQuestionUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "answer")
+		delete(additionalProperties, "question")
+		delete(additionalProperties, "questionText")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSecurityQuestionUserFactorProfile struct {
+	value *SecurityQuestionUserFactorProfile
+	isSet bool
+}
+
+func (v NullableSecurityQuestionUserFactorProfile) Get() *SecurityQuestionUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableSecurityQuestionUserFactorProfile) Set(val *SecurityQuestionUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSecurityQuestionUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSecurityQuestionUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSecurityQuestionUserFactorProfile(val *SecurityQuestionUserFactorProfile) *NullableSecurityQuestionUserFactorProfile {
+	return &NullableSecurityQuestionUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableSecurityQuestionUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSecurityQuestionUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_seed_enum.go b/okta/model_seed_enum.go
new file mode 100644
index 000000000..a22b09eb6
--- /dev/null
+++ b/okta/model_seed_enum.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SeedEnum the model 'SeedEnum'
+type SeedEnum string
+
+// List of SeedEnum
+const (
+	SEEDENUM_OKTA   SeedEnum = "OKTA"
+	SEEDENUM_RANDOM SeedEnum = "RANDOM"
+)
+
+// All allowed values of SeedEnum enum
+var AllowedSeedEnumEnumValues = []SeedEnum{
+	"OKTA",
+	"RANDOM",
+}
+
+func (v *SeedEnum) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SeedEnum(value)
+	for _, existing := range AllowedSeedEnumEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SeedEnum", value)
+}
+
+// NewSeedEnumFromValue returns a pointer to a valid SeedEnum
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSeedEnumFromValue(v string) (*SeedEnum, error) {
+	ev := SeedEnum(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SeedEnum: valid values are %v", v, AllowedSeedEnumEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SeedEnum) IsValid() bool {
+	for _, existing := range AllowedSeedEnumEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SeedEnum value
+func (v SeedEnum) Ptr() *SeedEnum {
+	return &v
+}
+
+type NullableSeedEnum struct {
+	value *SeedEnum
+	isSet bool
+}
+
+func (v NullableSeedEnum) Get() *SeedEnum {
+	return v.value
+}
+
+func (v *NullableSeedEnum) Set(val *SeedEnum) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSeedEnum) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSeedEnum) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSeedEnum(val *SeedEnum) *NullableSeedEnum {
+	return &NullableSeedEnum{value: val, isSet: true}
+}
+
+func (v NullableSeedEnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSeedEnum) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_session.go b/okta/model_session.go
new file mode 100644
index 000000000..00bc7e780
--- /dev/null
+++ b/okta/model_session.go
@@ -0,0 +1,529 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Session struct for Session
+type Session struct {
+	Amr                      []SessionAuthenticationMethod     `json:"amr,omitempty"`
+	CreatedAt                *time.Time                        `json:"createdAt,omitempty"`
+	ExpiresAt                *time.Time                        `json:"expiresAt,omitempty"`
+	Id                       *string                           `json:"id,omitempty"`
+	Idp                      *SessionIdentityProvider          `json:"idp,omitempty"`
+	LastFactorVerification   *time.Time                        `json:"lastFactorVerification,omitempty"`
+	LastPasswordVerification *time.Time                        `json:"lastPasswordVerification,omitempty"`
+	Login                    *string                           `json:"login,omitempty"`
+	Status                   *SessionStatus                    `json:"status,omitempty"`
+	UserId                   *string                           `json:"userId,omitempty"`
+	Links                    map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties     map[string]interface{}
+}
+
+type _Session Session
+
+// NewSession instantiates a new Session object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSession() *Session {
+	this := Session{}
+	return &this
+}
+
+// NewSessionWithDefaults instantiates a new Session object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSessionWithDefaults() *Session {
+	this := Session{}
+	return &this
+}
+
+// GetAmr returns the Amr field value if set, zero value otherwise.
+func (o *Session) GetAmr() []SessionAuthenticationMethod {
+	if o == nil || o.Amr == nil {
+		var ret []SessionAuthenticationMethod
+		return ret
+	}
+	return o.Amr
+}
+
+// GetAmrOk returns a tuple with the Amr field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetAmrOk() ([]SessionAuthenticationMethod, bool) {
+	if o == nil || o.Amr == nil {
+		return nil, false
+	}
+	return o.Amr, true
+}
+
+// HasAmr returns a boolean if a field has been set.
+func (o *Session) HasAmr() bool {
+	if o != nil && o.Amr != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAmr gets a reference to the given []SessionAuthenticationMethod and assigns it to the Amr field.
+func (o *Session) SetAmr(v []SessionAuthenticationMethod) {
+	o.Amr = v
+}
+
+// GetCreatedAt returns the CreatedAt field value if set, zero value otherwise.
+func (o *Session) GetCreatedAt() time.Time {
+	if o == nil || o.CreatedAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.CreatedAt
+}
+
+// GetCreatedAtOk returns a tuple with the CreatedAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetCreatedAtOk() (*time.Time, bool) {
+	if o == nil || o.CreatedAt == nil {
+		return nil, false
+	}
+	return o.CreatedAt, true
+}
+
+// HasCreatedAt returns a boolean if a field has been set.
+func (o *Session) HasCreatedAt() bool {
+	if o != nil && o.CreatedAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedAt gets a reference to the given time.Time and assigns it to the CreatedAt field.
+func (o *Session) SetCreatedAt(v time.Time) {
+	o.CreatedAt = &v
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *Session) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *Session) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *Session) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *Session) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *Session) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *Session) SetId(v string) {
+	o.Id = &v
+}
+
+// GetIdp returns the Idp field value if set, zero value otherwise.
+func (o *Session) GetIdp() SessionIdentityProvider {
+	if o == nil || o.Idp == nil {
+		var ret SessionIdentityProvider
+		return ret
+	}
+	return *o.Idp
+}
+
+// GetIdpOk returns a tuple with the Idp field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetIdpOk() (*SessionIdentityProvider, bool) {
+	if o == nil || o.Idp == nil {
+		return nil, false
+	}
+	return o.Idp, true
+}
+
+// HasIdp returns a boolean if a field has been set.
+func (o *Session) HasIdp() bool {
+	if o != nil && o.Idp != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdp gets a reference to the given SessionIdentityProvider and assigns it to the Idp field.
+func (o *Session) SetIdp(v SessionIdentityProvider) {
+	o.Idp = &v
+}
+
+// GetLastFactorVerification returns the LastFactorVerification field value if set, zero value otherwise.
+func (o *Session) GetLastFactorVerification() time.Time {
+	if o == nil || o.LastFactorVerification == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastFactorVerification
+}
+
+// GetLastFactorVerificationOk returns a tuple with the LastFactorVerification field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetLastFactorVerificationOk() (*time.Time, bool) {
+	if o == nil || o.LastFactorVerification == nil {
+		return nil, false
+	}
+	return o.LastFactorVerification, true
+}
+
+// HasLastFactorVerification returns a boolean if a field has been set.
+func (o *Session) HasLastFactorVerification() bool {
+	if o != nil && o.LastFactorVerification != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastFactorVerification gets a reference to the given time.Time and assigns it to the LastFactorVerification field.
+func (o *Session) SetLastFactorVerification(v time.Time) {
+	o.LastFactorVerification = &v
+}
+
+// GetLastPasswordVerification returns the LastPasswordVerification field value if set, zero value otherwise.
+func (o *Session) GetLastPasswordVerification() time.Time {
+	if o == nil || o.LastPasswordVerification == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastPasswordVerification
+}
+
+// GetLastPasswordVerificationOk returns a tuple with the LastPasswordVerification field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetLastPasswordVerificationOk() (*time.Time, bool) {
+	if o == nil || o.LastPasswordVerification == nil {
+		return nil, false
+	}
+	return o.LastPasswordVerification, true
+}
+
+// HasLastPasswordVerification returns a boolean if a field has been set.
+func (o *Session) HasLastPasswordVerification() bool {
+	if o != nil && o.LastPasswordVerification != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastPasswordVerification gets a reference to the given time.Time and assigns it to the LastPasswordVerification field.
+func (o *Session) SetLastPasswordVerification(v time.Time) {
+	o.LastPasswordVerification = &v
+}
+
+// GetLogin returns the Login field value if set, zero value otherwise.
+func (o *Session) GetLogin() string {
+	if o == nil || o.Login == nil {
+		var ret string
+		return ret
+	}
+	return *o.Login
+}
+
+// GetLoginOk returns a tuple with the Login field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetLoginOk() (*string, bool) {
+	if o == nil || o.Login == nil {
+		return nil, false
+	}
+	return o.Login, true
+}
+
+// HasLogin returns a boolean if a field has been set.
+func (o *Session) HasLogin() bool {
+	if o != nil && o.Login != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogin gets a reference to the given string and assigns it to the Login field.
+func (o *Session) SetLogin(v string) {
+	o.Login = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Session) GetStatus() SessionStatus {
+	if o == nil || o.Status == nil {
+		var ret SessionStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetStatusOk() (*SessionStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Session) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given SessionStatus and assigns it to the Status field.
+func (o *Session) SetStatus(v SessionStatus) {
+	o.Status = &v
+}
+
+// GetUserId returns the UserId field value if set, zero value otherwise.
+func (o *Session) GetUserId() string {
+	if o == nil || o.UserId == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserId
+}
+
+// GetUserIdOk returns a tuple with the UserId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetUserIdOk() (*string, bool) {
+	if o == nil || o.UserId == nil {
+		return nil, false
+	}
+	return o.UserId, true
+}
+
+// HasUserId returns a boolean if a field has been set.
+func (o *Session) HasUserId() bool {
+	if o != nil && o.UserId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserId gets a reference to the given string and assigns it to the UserId field.
+func (o *Session) SetUserId(v string) {
+	o.UserId = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Session) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Session) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Session) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *Session) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o Session) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Amr != nil {
+		toSerialize["amr"] = o.Amr
+	}
+	if o.CreatedAt != nil {
+		toSerialize["createdAt"] = o.CreatedAt
+	}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Idp != nil {
+		toSerialize["idp"] = o.Idp
+	}
+	if o.LastFactorVerification != nil {
+		toSerialize["lastFactorVerification"] = o.LastFactorVerification
+	}
+	if o.LastPasswordVerification != nil {
+		toSerialize["lastPasswordVerification"] = o.LastPasswordVerification
+	}
+	if o.Login != nil {
+		toSerialize["login"] = o.Login
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.UserId != nil {
+		toSerialize["userId"] = o.UserId
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Session) UnmarshalJSON(bytes []byte) (err error) {
+	varSession := _Session{}
+
+	err = json.Unmarshal(bytes, &varSession)
+	if err == nil {
+		*o = Session(varSession)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "amr")
+		delete(additionalProperties, "createdAt")
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "idp")
+		delete(additionalProperties, "lastFactorVerification")
+		delete(additionalProperties, "lastPasswordVerification")
+		delete(additionalProperties, "login")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "userId")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSession struct {
+	value *Session
+	isSet bool
+}
+
+func (v NullableSession) Get() *Session {
+	return v.value
+}
+
+func (v *NullableSession) Set(val *Session) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSession) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSession) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSession(val *Session) *NullableSession {
+	return &NullableSession{value: val, isSet: true}
+}
+
+func (v NullableSession) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSession) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_session_authentication_method.go b/okta/model_session_authentication_method.go
new file mode 100644
index 000000000..1bc0d085a
--- /dev/null
+++ b/okta/model_session_authentication_method.go
@@ -0,0 +1,144 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SessionAuthenticationMethod the model 'SessionAuthenticationMethod'
+type SessionAuthenticationMethod string
+
+// List of SessionAuthenticationMethod
+const (
+	SESSIONAUTHENTICATIONMETHOD_FPT SessionAuthenticationMethod = "fpt"
+	SESSIONAUTHENTICATIONMETHOD_GEO SessionAuthenticationMethod = "geo"
+	SESSIONAUTHENTICATIONMETHOD_HWK SessionAuthenticationMethod = "hwk"
+	SESSIONAUTHENTICATIONMETHOD_KBA SessionAuthenticationMethod = "kba"
+	SESSIONAUTHENTICATIONMETHOD_MCA SessionAuthenticationMethod = "mca"
+	SESSIONAUTHENTICATIONMETHOD_MFA SessionAuthenticationMethod = "mfa"
+	SESSIONAUTHENTICATIONMETHOD_OTP SessionAuthenticationMethod = "otp"
+	SESSIONAUTHENTICATIONMETHOD_PWD SessionAuthenticationMethod = "pwd"
+	SESSIONAUTHENTICATIONMETHOD_SC  SessionAuthenticationMethod = "sc"
+	SESSIONAUTHENTICATIONMETHOD_SMS SessionAuthenticationMethod = "sms"
+	SESSIONAUTHENTICATIONMETHOD_SWK SessionAuthenticationMethod = "swk"
+	SESSIONAUTHENTICATIONMETHOD_TEL SessionAuthenticationMethod = "tel"
+)
+
+// All allowed values of SessionAuthenticationMethod enum
+var AllowedSessionAuthenticationMethodEnumValues = []SessionAuthenticationMethod{
+	"fpt",
+	"geo",
+	"hwk",
+	"kba",
+	"mca",
+	"mfa",
+	"otp",
+	"pwd",
+	"sc",
+	"sms",
+	"swk",
+	"tel",
+}
+
+func (v *SessionAuthenticationMethod) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SessionAuthenticationMethod(value)
+	for _, existing := range AllowedSessionAuthenticationMethodEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SessionAuthenticationMethod", value)
+}
+
+// NewSessionAuthenticationMethodFromValue returns a pointer to a valid SessionAuthenticationMethod
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSessionAuthenticationMethodFromValue(v string) (*SessionAuthenticationMethod, error) {
+	ev := SessionAuthenticationMethod(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SessionAuthenticationMethod: valid values are %v", v, AllowedSessionAuthenticationMethodEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SessionAuthenticationMethod) IsValid() bool {
+	for _, existing := range AllowedSessionAuthenticationMethodEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SessionAuthenticationMethod value
+func (v SessionAuthenticationMethod) Ptr() *SessionAuthenticationMethod {
+	return &v
+}
+
+type NullableSessionAuthenticationMethod struct {
+	value *SessionAuthenticationMethod
+	isSet bool
+}
+
+func (v NullableSessionAuthenticationMethod) Get() *SessionAuthenticationMethod {
+	return v.value
+}
+
+func (v *NullableSessionAuthenticationMethod) Set(val *SessionAuthenticationMethod) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSessionAuthenticationMethod) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSessionAuthenticationMethod) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSessionAuthenticationMethod(val *SessionAuthenticationMethod) *NullableSessionAuthenticationMethod {
+	return &NullableSessionAuthenticationMethod{value: val, isSet: true}
+}
+
+func (v NullableSessionAuthenticationMethod) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSessionAuthenticationMethod) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_session_identity_provider.go b/okta/model_session_identity_provider.go
new file mode 100644
index 000000000..2db1c4a4d
--- /dev/null
+++ b/okta/model_session_identity_provider.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SessionIdentityProvider struct for SessionIdentityProvider
+type SessionIdentityProvider struct {
+	Id                   *string                      `json:"id,omitempty"`
+	Type                 *SessionIdentityProviderType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SessionIdentityProvider SessionIdentityProvider
+
+// NewSessionIdentityProvider instantiates a new SessionIdentityProvider object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSessionIdentityProvider() *SessionIdentityProvider {
+	this := SessionIdentityProvider{}
+	return &this
+}
+
+// NewSessionIdentityProviderWithDefaults instantiates a new SessionIdentityProvider object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSessionIdentityProviderWithDefaults() *SessionIdentityProvider {
+	this := SessionIdentityProvider{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *SessionIdentityProvider) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SessionIdentityProvider) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *SessionIdentityProvider) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *SessionIdentityProvider) SetId(v string) {
+	o.Id = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *SessionIdentityProvider) GetType() SessionIdentityProviderType {
+	if o == nil || o.Type == nil {
+		var ret SessionIdentityProviderType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SessionIdentityProvider) GetTypeOk() (*SessionIdentityProviderType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *SessionIdentityProvider) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given SessionIdentityProviderType and assigns it to the Type field.
+func (o *SessionIdentityProvider) SetType(v SessionIdentityProviderType) {
+	o.Type = &v
+}
+
+func (o SessionIdentityProvider) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SessionIdentityProvider) UnmarshalJSON(bytes []byte) (err error) {
+	varSessionIdentityProvider := _SessionIdentityProvider{}
+
+	err = json.Unmarshal(bytes, &varSessionIdentityProvider)
+	if err == nil {
+		*o = SessionIdentityProvider(varSessionIdentityProvider)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSessionIdentityProvider struct {
+	value *SessionIdentityProvider
+	isSet bool
+}
+
+func (v NullableSessionIdentityProvider) Get() *SessionIdentityProvider {
+	return v.value
+}
+
+func (v *NullableSessionIdentityProvider) Set(val *SessionIdentityProvider) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSessionIdentityProvider) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSessionIdentityProvider) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSessionIdentityProvider(val *SessionIdentityProvider) *NullableSessionIdentityProvider {
+	return &NullableSessionIdentityProvider{value: val, isSet: true}
+}
+
+func (v NullableSessionIdentityProvider) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSessionIdentityProvider) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_session_identity_provider_type.go b/okta/model_session_identity_provider_type.go
new file mode 100644
index 000000000..e4386d132
--- /dev/null
+++ b/okta/model_session_identity_provider_type.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SessionIdentityProviderType the model 'SessionIdentityProviderType'
+type SessionIdentityProviderType string
+
+// List of SessionIdentityProviderType
+const (
+	SESSIONIDENTITYPROVIDERTYPE_ACTIVE_DIRECTORY SessionIdentityProviderType = "ACTIVE_DIRECTORY"
+	SESSIONIDENTITYPROVIDERTYPE_FEDERATION       SessionIdentityProviderType = "FEDERATION"
+	SESSIONIDENTITYPROVIDERTYPE_LDAP             SessionIdentityProviderType = "LDAP"
+	SESSIONIDENTITYPROVIDERTYPE_OKTA             SessionIdentityProviderType = "OKTA"
+	SESSIONIDENTITYPROVIDERTYPE_SOCIAL           SessionIdentityProviderType = "SOCIAL"
+)
+
+// All allowed values of SessionIdentityProviderType enum
+var AllowedSessionIdentityProviderTypeEnumValues = []SessionIdentityProviderType{
+	"ACTIVE_DIRECTORY",
+	"FEDERATION",
+	"LDAP",
+	"OKTA",
+	"SOCIAL",
+}
+
+func (v *SessionIdentityProviderType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SessionIdentityProviderType(value)
+	for _, existing := range AllowedSessionIdentityProviderTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SessionIdentityProviderType", value)
+}
+
+// NewSessionIdentityProviderTypeFromValue returns a pointer to a valid SessionIdentityProviderType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSessionIdentityProviderTypeFromValue(v string) (*SessionIdentityProviderType, error) {
+	ev := SessionIdentityProviderType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SessionIdentityProviderType: valid values are %v", v, AllowedSessionIdentityProviderTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SessionIdentityProviderType) IsValid() bool {
+	for _, existing := range AllowedSessionIdentityProviderTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SessionIdentityProviderType value
+func (v SessionIdentityProviderType) Ptr() *SessionIdentityProviderType {
+	return &v
+}
+
+type NullableSessionIdentityProviderType struct {
+	value *SessionIdentityProviderType
+	isSet bool
+}
+
+func (v NullableSessionIdentityProviderType) Get() *SessionIdentityProviderType {
+	return v.value
+}
+
+func (v *NullableSessionIdentityProviderType) Set(val *SessionIdentityProviderType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSessionIdentityProviderType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSessionIdentityProviderType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSessionIdentityProviderType(val *SessionIdentityProviderType) *NullableSessionIdentityProviderType {
+	return &NullableSessionIdentityProviderType{value: val, isSet: true}
+}
+
+func (v NullableSessionIdentityProviderType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSessionIdentityProviderType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_session_status.go b/okta/model_session_status.go
new file mode 100644
index 000000000..d9bbff331
--- /dev/null
+++ b/okta/model_session_status.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SessionStatus the model 'SessionStatus'
+type SessionStatus string
+
+// List of SessionStatus
+const (
+	SESSIONSTATUS_ACTIVE       SessionStatus = "ACTIVE"
+	SESSIONSTATUS_MFA_ENROLL   SessionStatus = "MFA_ENROLL"
+	SESSIONSTATUS_MFA_REQUIRED SessionStatus = "MFA_REQUIRED"
+)
+
+// All allowed values of SessionStatus enum
+var AllowedSessionStatusEnumValues = []SessionStatus{
+	"ACTIVE",
+	"MFA_ENROLL",
+	"MFA_REQUIRED",
+}
+
+func (v *SessionStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SessionStatus(value)
+	for _, existing := range AllowedSessionStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SessionStatus", value)
+}
+
+// NewSessionStatusFromValue returns a pointer to a valid SessionStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSessionStatusFromValue(v string) (*SessionStatus, error) {
+	ev := SessionStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SessionStatus: valid values are %v", v, AllowedSessionStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SessionStatus) IsValid() bool {
+	for _, existing := range AllowedSessionStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SessionStatus value
+func (v SessionStatus) Ptr() *SessionStatus {
+	return &v
+}
+
+type NullableSessionStatus struct {
+	value *SessionStatus
+	isSet bool
+}
+
+func (v NullableSessionStatus) Get() *SessionStatus {
+	return v.value
+}
+
+func (v *NullableSessionStatus) Set(val *SessionStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSessionStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSessionStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSessionStatus(val *SessionStatus) *NullableSessionStatus {
+	return &NullableSessionStatus{value: val, isSet: true}
+}
+
+func (v NullableSessionStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSessionStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sign_in_page.go b/okta/model_sign_in_page.go
new file mode 100644
index 000000000..25ded3f1d
--- /dev/null
+++ b/okta/model_sign_in_page.go
@@ -0,0 +1,233 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SignInPage struct for SignInPage
+type SignInPage struct {
+	PageContent          *string                              `json:"pageContent,omitempty"`
+	WidgetCustomizations *SignInPageAllOfWidgetCustomizations `json:"widgetCustomizations,omitempty"`
+	// The version specified as a [Semantic Version](https://semver.org/).
+	WidgetVersion        *string `json:"widgetVersion,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SignInPage SignInPage
+
+// NewSignInPage instantiates a new SignInPage object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSignInPage() *SignInPage {
+	this := SignInPage{}
+	return &this
+}
+
+// NewSignInPageWithDefaults instantiates a new SignInPage object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSignInPageWithDefaults() *SignInPage {
+	this := SignInPage{}
+	return &this
+}
+
+// GetPageContent returns the PageContent field value if set, zero value otherwise.
+func (o *SignInPage) GetPageContent() string {
+	if o == nil || o.PageContent == nil {
+		var ret string
+		return ret
+	}
+	return *o.PageContent
+}
+
+// GetPageContentOk returns a tuple with the PageContent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPage) GetPageContentOk() (*string, bool) {
+	if o == nil || o.PageContent == nil {
+		return nil, false
+	}
+	return o.PageContent, true
+}
+
+// HasPageContent returns a boolean if a field has been set.
+func (o *SignInPage) HasPageContent() bool {
+	if o != nil && o.PageContent != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPageContent gets a reference to the given string and assigns it to the PageContent field.
+func (o *SignInPage) SetPageContent(v string) {
+	o.PageContent = &v
+}
+
+// GetWidgetCustomizations returns the WidgetCustomizations field value if set, zero value otherwise.
+func (o *SignInPage) GetWidgetCustomizations() SignInPageAllOfWidgetCustomizations {
+	if o == nil || o.WidgetCustomizations == nil {
+		var ret SignInPageAllOfWidgetCustomizations
+		return ret
+	}
+	return *o.WidgetCustomizations
+}
+
+// GetWidgetCustomizationsOk returns a tuple with the WidgetCustomizations field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPage) GetWidgetCustomizationsOk() (*SignInPageAllOfWidgetCustomizations, bool) {
+	if o == nil || o.WidgetCustomizations == nil {
+		return nil, false
+	}
+	return o.WidgetCustomizations, true
+}
+
+// HasWidgetCustomizations returns a boolean if a field has been set.
+func (o *SignInPage) HasWidgetCustomizations() bool {
+	if o != nil && o.WidgetCustomizations != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWidgetCustomizations gets a reference to the given SignInPageAllOfWidgetCustomizations and assigns it to the WidgetCustomizations field.
+func (o *SignInPage) SetWidgetCustomizations(v SignInPageAllOfWidgetCustomizations) {
+	o.WidgetCustomizations = &v
+}
+
+// GetWidgetVersion returns the WidgetVersion field value if set, zero value otherwise.
+func (o *SignInPage) GetWidgetVersion() string {
+	if o == nil || o.WidgetVersion == nil {
+		var ret string
+		return ret
+	}
+	return *o.WidgetVersion
+}
+
+// GetWidgetVersionOk returns a tuple with the WidgetVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPage) GetWidgetVersionOk() (*string, bool) {
+	if o == nil || o.WidgetVersion == nil {
+		return nil, false
+	}
+	return o.WidgetVersion, true
+}
+
+// HasWidgetVersion returns a boolean if a field has been set.
+func (o *SignInPage) HasWidgetVersion() bool {
+	if o != nil && o.WidgetVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWidgetVersion gets a reference to the given string and assigns it to the WidgetVersion field.
+func (o *SignInPage) SetWidgetVersion(v string) {
+	o.WidgetVersion = &v
+}
+
+func (o SignInPage) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.PageContent != nil {
+		toSerialize["pageContent"] = o.PageContent
+	}
+	if o.WidgetCustomizations != nil {
+		toSerialize["widgetCustomizations"] = o.WidgetCustomizations
+	}
+	if o.WidgetVersion != nil {
+		toSerialize["widgetVersion"] = o.WidgetVersion
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SignInPage) UnmarshalJSON(bytes []byte) (err error) {
+	varSignInPage := _SignInPage{}
+
+	err = json.Unmarshal(bytes, &varSignInPage)
+	if err == nil {
+		*o = SignInPage(varSignInPage)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "pageContent")
+		delete(additionalProperties, "widgetCustomizations")
+		delete(additionalProperties, "widgetVersion")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSignInPage struct {
+	value *SignInPage
+	isSet bool
+}
+
+func (v NullableSignInPage) Get() *SignInPage {
+	return v.value
+}
+
+func (v *NullableSignInPage) Set(val *SignInPage) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSignInPage) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSignInPage) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSignInPage(val *SignInPage) *NullableSignInPage {
+	return &NullableSignInPage{value: val, isSet: true}
+}
+
+func (v NullableSignInPage) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSignInPage) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sign_in_page_all_of.go b/okta/model_sign_in_page_all_of.go
new file mode 100644
index 000000000..55edd4940
--- /dev/null
+++ b/okta/model_sign_in_page_all_of.go
@@ -0,0 +1,196 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SignInPageAllOf struct for SignInPageAllOf
+type SignInPageAllOf struct {
+	WidgetCustomizations *SignInPageAllOfWidgetCustomizations `json:"widgetCustomizations,omitempty"`
+	// The version specified as a [Semantic Version](https://semver.org/).
+	WidgetVersion        *string `json:"widgetVersion,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SignInPageAllOf SignInPageAllOf
+
+// NewSignInPageAllOf instantiates a new SignInPageAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSignInPageAllOf() *SignInPageAllOf {
+	this := SignInPageAllOf{}
+	return &this
+}
+
+// NewSignInPageAllOfWithDefaults instantiates a new SignInPageAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSignInPageAllOfWithDefaults() *SignInPageAllOf {
+	this := SignInPageAllOf{}
+	return &this
+}
+
+// GetWidgetCustomizations returns the WidgetCustomizations field value if set, zero value otherwise.
+func (o *SignInPageAllOf) GetWidgetCustomizations() SignInPageAllOfWidgetCustomizations {
+	if o == nil || o.WidgetCustomizations == nil {
+		var ret SignInPageAllOfWidgetCustomizations
+		return ret
+	}
+	return *o.WidgetCustomizations
+}
+
+// GetWidgetCustomizationsOk returns a tuple with the WidgetCustomizations field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOf) GetWidgetCustomizationsOk() (*SignInPageAllOfWidgetCustomizations, bool) {
+	if o == nil || o.WidgetCustomizations == nil {
+		return nil, false
+	}
+	return o.WidgetCustomizations, true
+}
+
+// HasWidgetCustomizations returns a boolean if a field has been set.
+func (o *SignInPageAllOf) HasWidgetCustomizations() bool {
+	if o != nil && o.WidgetCustomizations != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWidgetCustomizations gets a reference to the given SignInPageAllOfWidgetCustomizations and assigns it to the WidgetCustomizations field.
+func (o *SignInPageAllOf) SetWidgetCustomizations(v SignInPageAllOfWidgetCustomizations) {
+	o.WidgetCustomizations = &v
+}
+
+// GetWidgetVersion returns the WidgetVersion field value if set, zero value otherwise.
+func (o *SignInPageAllOf) GetWidgetVersion() string {
+	if o == nil || o.WidgetVersion == nil {
+		var ret string
+		return ret
+	}
+	return *o.WidgetVersion
+}
+
+// GetWidgetVersionOk returns a tuple with the WidgetVersion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOf) GetWidgetVersionOk() (*string, bool) {
+	if o == nil || o.WidgetVersion == nil {
+		return nil, false
+	}
+	return o.WidgetVersion, true
+}
+
+// HasWidgetVersion returns a boolean if a field has been set.
+func (o *SignInPageAllOf) HasWidgetVersion() bool {
+	if o != nil && o.WidgetVersion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWidgetVersion gets a reference to the given string and assigns it to the WidgetVersion field.
+func (o *SignInPageAllOf) SetWidgetVersion(v string) {
+	o.WidgetVersion = &v
+}
+
+func (o SignInPageAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.WidgetCustomizations != nil {
+		toSerialize["widgetCustomizations"] = o.WidgetCustomizations
+	}
+	if o.WidgetVersion != nil {
+		toSerialize["widgetVersion"] = o.WidgetVersion
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SignInPageAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSignInPageAllOf := _SignInPageAllOf{}
+
+	err = json.Unmarshal(bytes, &varSignInPageAllOf)
+	if err == nil {
+		*o = SignInPageAllOf(varSignInPageAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "widgetCustomizations")
+		delete(additionalProperties, "widgetVersion")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSignInPageAllOf struct {
+	value *SignInPageAllOf
+	isSet bool
+}
+
+func (v NullableSignInPageAllOf) Get() *SignInPageAllOf {
+	return v.value
+}
+
+func (v *NullableSignInPageAllOf) Set(val *SignInPageAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSignInPageAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSignInPageAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSignInPageAllOf(val *SignInPageAllOf) *NullableSignInPageAllOf {
+	return &NullableSignInPageAllOf{value: val, isSet: true}
+}
+
+func (v NullableSignInPageAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSignInPageAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sign_in_page_all_of_widget_customizations.go b/okta/model_sign_in_page_all_of_widget_customizations.go
new file mode 100644
index 000000000..272054a9f
--- /dev/null
+++ b/okta/model_sign_in_page_all_of_widget_customizations.go
@@ -0,0 +1,861 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SignInPageAllOfWidgetCustomizations struct for SignInPageAllOfWidgetCustomizations
+type SignInPageAllOfWidgetCustomizations struct {
+	SignInLabel                             *string `json:"signInLabel,omitempty"`
+	UsernameLabel                           *string `json:"usernameLabel,omitempty"`
+	UsernameInfoTip                         *string `json:"usernameInfoTip,omitempty"`
+	PasswordLabel                           *string `json:"passwordLabel,omitempty"`
+	PasswordInfoTip                         *string `json:"passwordInfoTip,omitempty"`
+	ShowPasswordVisibilityToggle            *bool   `json:"showPasswordVisibilityToggle,omitempty"`
+	ShowUserIdentifier                      *bool   `json:"showUserIdentifier,omitempty"`
+	ForgotPasswordLabel                     *string `json:"forgotPasswordLabel,omitempty"`
+	ForgotPasswordUrl                       *string `json:"forgotPasswordUrl,omitempty"`
+	UnlockAccountLabel                      *string `json:"unlockAccountLabel,omitempty"`
+	UnlockAccountUrl                        *string `json:"unlockAccountUrl,omitempty"`
+	HelpLabel                               *string `json:"helpLabel,omitempty"`
+	HelpUrl                                 *string `json:"helpUrl,omitempty"`
+	CustomLink1Label                        *string `json:"customLink1Label,omitempty"`
+	CustomLink1Url                          *string `json:"customLink1Url,omitempty"`
+	CustomLink2Label                        *string `json:"customLink2Label,omitempty"`
+	CustomLink2Url                          *string `json:"customLink2Url,omitempty"`
+	AuthenticatorPageCustomLinkLabel        *string `json:"authenticatorPageCustomLinkLabel,omitempty"`
+	AuthenticatorPageCustomLinkUrl          *string `json:"authenticatorPageCustomLinkUrl,omitempty"`
+	ClassicRecoveryFlowEmailOrUsernameLabel *string `json:"classicRecoveryFlowEmailOrUsernameLabel,omitempty"`
+	AdditionalProperties                    map[string]interface{}
+}
+
+type _SignInPageAllOfWidgetCustomizations SignInPageAllOfWidgetCustomizations
+
+// NewSignInPageAllOfWidgetCustomizations instantiates a new SignInPageAllOfWidgetCustomizations object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSignInPageAllOfWidgetCustomizations() *SignInPageAllOfWidgetCustomizations {
+	this := SignInPageAllOfWidgetCustomizations{}
+	return &this
+}
+
+// NewSignInPageAllOfWidgetCustomizationsWithDefaults instantiates a new SignInPageAllOfWidgetCustomizations object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSignInPageAllOfWidgetCustomizationsWithDefaults() *SignInPageAllOfWidgetCustomizations {
+	this := SignInPageAllOfWidgetCustomizations{}
+	return &this
+}
+
+// GetSignInLabel returns the SignInLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetSignInLabel() string {
+	if o == nil || o.SignInLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.SignInLabel
+}
+
+// GetSignInLabelOk returns a tuple with the SignInLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetSignInLabelOk() (*string, bool) {
+	if o == nil || o.SignInLabel == nil {
+		return nil, false
+	}
+	return o.SignInLabel, true
+}
+
+// HasSignInLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasSignInLabel() bool {
+	if o != nil && o.SignInLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignInLabel gets a reference to the given string and assigns it to the SignInLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetSignInLabel(v string) {
+	o.SignInLabel = &v
+}
+
+// GetUsernameLabel returns the UsernameLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetUsernameLabel() string {
+	if o == nil || o.UsernameLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.UsernameLabel
+}
+
+// GetUsernameLabelOk returns a tuple with the UsernameLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetUsernameLabelOk() (*string, bool) {
+	if o == nil || o.UsernameLabel == nil {
+		return nil, false
+	}
+	return o.UsernameLabel, true
+}
+
+// HasUsernameLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasUsernameLabel() bool {
+	if o != nil && o.UsernameLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsernameLabel gets a reference to the given string and assigns it to the UsernameLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetUsernameLabel(v string) {
+	o.UsernameLabel = &v
+}
+
+// GetUsernameInfoTip returns the UsernameInfoTip field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetUsernameInfoTip() string {
+	if o == nil || o.UsernameInfoTip == nil {
+		var ret string
+		return ret
+	}
+	return *o.UsernameInfoTip
+}
+
+// GetUsernameInfoTipOk returns a tuple with the UsernameInfoTip field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetUsernameInfoTipOk() (*string, bool) {
+	if o == nil || o.UsernameInfoTip == nil {
+		return nil, false
+	}
+	return o.UsernameInfoTip, true
+}
+
+// HasUsernameInfoTip returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasUsernameInfoTip() bool {
+	if o != nil && o.UsernameInfoTip != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsernameInfoTip gets a reference to the given string and assigns it to the UsernameInfoTip field.
+func (o *SignInPageAllOfWidgetCustomizations) SetUsernameInfoTip(v string) {
+	o.UsernameInfoTip = &v
+}
+
+// GetPasswordLabel returns the PasswordLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetPasswordLabel() string {
+	if o == nil || o.PasswordLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.PasswordLabel
+}
+
+// GetPasswordLabelOk returns a tuple with the PasswordLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetPasswordLabelOk() (*string, bool) {
+	if o == nil || o.PasswordLabel == nil {
+		return nil, false
+	}
+	return o.PasswordLabel, true
+}
+
+// HasPasswordLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasPasswordLabel() bool {
+	if o != nil && o.PasswordLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordLabel gets a reference to the given string and assigns it to the PasswordLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetPasswordLabel(v string) {
+	o.PasswordLabel = &v
+}
+
+// GetPasswordInfoTip returns the PasswordInfoTip field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetPasswordInfoTip() string {
+	if o == nil || o.PasswordInfoTip == nil {
+		var ret string
+		return ret
+	}
+	return *o.PasswordInfoTip
+}
+
+// GetPasswordInfoTipOk returns a tuple with the PasswordInfoTip field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetPasswordInfoTipOk() (*string, bool) {
+	if o == nil || o.PasswordInfoTip == nil {
+		return nil, false
+	}
+	return o.PasswordInfoTip, true
+}
+
+// HasPasswordInfoTip returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasPasswordInfoTip() bool {
+	if o != nil && o.PasswordInfoTip != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordInfoTip gets a reference to the given string and assigns it to the PasswordInfoTip field.
+func (o *SignInPageAllOfWidgetCustomizations) SetPasswordInfoTip(v string) {
+	o.PasswordInfoTip = &v
+}
+
+// GetShowPasswordVisibilityToggle returns the ShowPasswordVisibilityToggle field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetShowPasswordVisibilityToggle() bool {
+	if o == nil || o.ShowPasswordVisibilityToggle == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ShowPasswordVisibilityToggle
+}
+
+// GetShowPasswordVisibilityToggleOk returns a tuple with the ShowPasswordVisibilityToggle field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetShowPasswordVisibilityToggleOk() (*bool, bool) {
+	if o == nil || o.ShowPasswordVisibilityToggle == nil {
+		return nil, false
+	}
+	return o.ShowPasswordVisibilityToggle, true
+}
+
+// HasShowPasswordVisibilityToggle returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasShowPasswordVisibilityToggle() bool {
+	if o != nil && o.ShowPasswordVisibilityToggle != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetShowPasswordVisibilityToggle gets a reference to the given bool and assigns it to the ShowPasswordVisibilityToggle field.
+func (o *SignInPageAllOfWidgetCustomizations) SetShowPasswordVisibilityToggle(v bool) {
+	o.ShowPasswordVisibilityToggle = &v
+}
+
+// GetShowUserIdentifier returns the ShowUserIdentifier field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetShowUserIdentifier() bool {
+	if o == nil || o.ShowUserIdentifier == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ShowUserIdentifier
+}
+
+// GetShowUserIdentifierOk returns a tuple with the ShowUserIdentifier field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetShowUserIdentifierOk() (*bool, bool) {
+	if o == nil || o.ShowUserIdentifier == nil {
+		return nil, false
+	}
+	return o.ShowUserIdentifier, true
+}
+
+// HasShowUserIdentifier returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasShowUserIdentifier() bool {
+	if o != nil && o.ShowUserIdentifier != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetShowUserIdentifier gets a reference to the given bool and assigns it to the ShowUserIdentifier field.
+func (o *SignInPageAllOfWidgetCustomizations) SetShowUserIdentifier(v bool) {
+	o.ShowUserIdentifier = &v
+}
+
+// GetForgotPasswordLabel returns the ForgotPasswordLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordLabel() string {
+	if o == nil || o.ForgotPasswordLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.ForgotPasswordLabel
+}
+
+// GetForgotPasswordLabelOk returns a tuple with the ForgotPasswordLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordLabelOk() (*string, bool) {
+	if o == nil || o.ForgotPasswordLabel == nil {
+		return nil, false
+	}
+	return o.ForgotPasswordLabel, true
+}
+
+// HasForgotPasswordLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasForgotPasswordLabel() bool {
+	if o != nil && o.ForgotPasswordLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetForgotPasswordLabel gets a reference to the given string and assigns it to the ForgotPasswordLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetForgotPasswordLabel(v string) {
+	o.ForgotPasswordLabel = &v
+}
+
+// GetForgotPasswordUrl returns the ForgotPasswordUrl field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordUrl() string {
+	if o == nil || o.ForgotPasswordUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.ForgotPasswordUrl
+}
+
+// GetForgotPasswordUrlOk returns a tuple with the ForgotPasswordUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetForgotPasswordUrlOk() (*string, bool) {
+	if o == nil || o.ForgotPasswordUrl == nil {
+		return nil, false
+	}
+	return o.ForgotPasswordUrl, true
+}
+
+// HasForgotPasswordUrl returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasForgotPasswordUrl() bool {
+	if o != nil && o.ForgotPasswordUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetForgotPasswordUrl gets a reference to the given string and assigns it to the ForgotPasswordUrl field.
+func (o *SignInPageAllOfWidgetCustomizations) SetForgotPasswordUrl(v string) {
+	o.ForgotPasswordUrl = &v
+}
+
+// GetUnlockAccountLabel returns the UnlockAccountLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountLabel() string {
+	if o == nil || o.UnlockAccountLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.UnlockAccountLabel
+}
+
+// GetUnlockAccountLabelOk returns a tuple with the UnlockAccountLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountLabelOk() (*string, bool) {
+	if o == nil || o.UnlockAccountLabel == nil {
+		return nil, false
+	}
+	return o.UnlockAccountLabel, true
+}
+
+// HasUnlockAccountLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasUnlockAccountLabel() bool {
+	if o != nil && o.UnlockAccountLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnlockAccountLabel gets a reference to the given string and assigns it to the UnlockAccountLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetUnlockAccountLabel(v string) {
+	o.UnlockAccountLabel = &v
+}
+
+// GetUnlockAccountUrl returns the UnlockAccountUrl field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountUrl() string {
+	if o == nil || o.UnlockAccountUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.UnlockAccountUrl
+}
+
+// GetUnlockAccountUrlOk returns a tuple with the UnlockAccountUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetUnlockAccountUrlOk() (*string, bool) {
+	if o == nil || o.UnlockAccountUrl == nil {
+		return nil, false
+	}
+	return o.UnlockAccountUrl, true
+}
+
+// HasUnlockAccountUrl returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasUnlockAccountUrl() bool {
+	if o != nil && o.UnlockAccountUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnlockAccountUrl gets a reference to the given string and assigns it to the UnlockAccountUrl field.
+func (o *SignInPageAllOfWidgetCustomizations) SetUnlockAccountUrl(v string) {
+	o.UnlockAccountUrl = &v
+}
+
+// GetHelpLabel returns the HelpLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetHelpLabel() string {
+	if o == nil || o.HelpLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.HelpLabel
+}
+
+// GetHelpLabelOk returns a tuple with the HelpLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetHelpLabelOk() (*string, bool) {
+	if o == nil || o.HelpLabel == nil {
+		return nil, false
+	}
+	return o.HelpLabel, true
+}
+
+// HasHelpLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasHelpLabel() bool {
+	if o != nil && o.HelpLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHelpLabel gets a reference to the given string and assigns it to the HelpLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetHelpLabel(v string) {
+	o.HelpLabel = &v
+}
+
+// GetHelpUrl returns the HelpUrl field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetHelpUrl() string {
+	if o == nil || o.HelpUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.HelpUrl
+}
+
+// GetHelpUrlOk returns a tuple with the HelpUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetHelpUrlOk() (*string, bool) {
+	if o == nil || o.HelpUrl == nil {
+		return nil, false
+	}
+	return o.HelpUrl, true
+}
+
+// HasHelpUrl returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasHelpUrl() bool {
+	if o != nil && o.HelpUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHelpUrl gets a reference to the given string and assigns it to the HelpUrl field.
+func (o *SignInPageAllOfWidgetCustomizations) SetHelpUrl(v string) {
+	o.HelpUrl = &v
+}
+
+// GetCustomLink1Label returns the CustomLink1Label field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1Label() string {
+	if o == nil || o.CustomLink1Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.CustomLink1Label
+}
+
+// GetCustomLink1LabelOk returns a tuple with the CustomLink1Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1LabelOk() (*string, bool) {
+	if o == nil || o.CustomLink1Label == nil {
+		return nil, false
+	}
+	return o.CustomLink1Label, true
+}
+
+// HasCustomLink1Label returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink1Label() bool {
+	if o != nil && o.CustomLink1Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomLink1Label gets a reference to the given string and assigns it to the CustomLink1Label field.
+func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink1Label(v string) {
+	o.CustomLink1Label = &v
+}
+
+// GetCustomLink1Url returns the CustomLink1Url field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1Url() string {
+	if o == nil || o.CustomLink1Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.CustomLink1Url
+}
+
+// GetCustomLink1UrlOk returns a tuple with the CustomLink1Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink1UrlOk() (*string, bool) {
+	if o == nil || o.CustomLink1Url == nil {
+		return nil, false
+	}
+	return o.CustomLink1Url, true
+}
+
+// HasCustomLink1Url returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink1Url() bool {
+	if o != nil && o.CustomLink1Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomLink1Url gets a reference to the given string and assigns it to the CustomLink1Url field.
+func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink1Url(v string) {
+	o.CustomLink1Url = &v
+}
+
+// GetCustomLink2Label returns the CustomLink2Label field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2Label() string {
+	if o == nil || o.CustomLink2Label == nil {
+		var ret string
+		return ret
+	}
+	return *o.CustomLink2Label
+}
+
+// GetCustomLink2LabelOk returns a tuple with the CustomLink2Label field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2LabelOk() (*string, bool) {
+	if o == nil || o.CustomLink2Label == nil {
+		return nil, false
+	}
+	return o.CustomLink2Label, true
+}
+
+// HasCustomLink2Label returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink2Label() bool {
+	if o != nil && o.CustomLink2Label != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomLink2Label gets a reference to the given string and assigns it to the CustomLink2Label field.
+func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink2Label(v string) {
+	o.CustomLink2Label = &v
+}
+
+// GetCustomLink2Url returns the CustomLink2Url field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2Url() string {
+	if o == nil || o.CustomLink2Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.CustomLink2Url
+}
+
+// GetCustomLink2UrlOk returns a tuple with the CustomLink2Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetCustomLink2UrlOk() (*string, bool) {
+	if o == nil || o.CustomLink2Url == nil {
+		return nil, false
+	}
+	return o.CustomLink2Url, true
+}
+
+// HasCustomLink2Url returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasCustomLink2Url() bool {
+	if o != nil && o.CustomLink2Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustomLink2Url gets a reference to the given string and assigns it to the CustomLink2Url field.
+func (o *SignInPageAllOfWidgetCustomizations) SetCustomLink2Url(v string) {
+	o.CustomLink2Url = &v
+}
+
+// GetAuthenticatorPageCustomLinkLabel returns the AuthenticatorPageCustomLinkLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkLabel() string {
+	if o == nil || o.AuthenticatorPageCustomLinkLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthenticatorPageCustomLinkLabel
+}
+
+// GetAuthenticatorPageCustomLinkLabelOk returns a tuple with the AuthenticatorPageCustomLinkLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkLabelOk() (*string, bool) {
+	if o == nil || o.AuthenticatorPageCustomLinkLabel == nil {
+		return nil, false
+	}
+	return o.AuthenticatorPageCustomLinkLabel, true
+}
+
+// HasAuthenticatorPageCustomLinkLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasAuthenticatorPageCustomLinkLabel() bool {
+	if o != nil && o.AuthenticatorPageCustomLinkLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthenticatorPageCustomLinkLabel gets a reference to the given string and assigns it to the AuthenticatorPageCustomLinkLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetAuthenticatorPageCustomLinkLabel(v string) {
+	o.AuthenticatorPageCustomLinkLabel = &v
+}
+
+// GetAuthenticatorPageCustomLinkUrl returns the AuthenticatorPageCustomLinkUrl field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkUrl() string {
+	if o == nil || o.AuthenticatorPageCustomLinkUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthenticatorPageCustomLinkUrl
+}
+
+// GetAuthenticatorPageCustomLinkUrlOk returns a tuple with the AuthenticatorPageCustomLinkUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetAuthenticatorPageCustomLinkUrlOk() (*string, bool) {
+	if o == nil || o.AuthenticatorPageCustomLinkUrl == nil {
+		return nil, false
+	}
+	return o.AuthenticatorPageCustomLinkUrl, true
+}
+
+// HasAuthenticatorPageCustomLinkUrl returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasAuthenticatorPageCustomLinkUrl() bool {
+	if o != nil && o.AuthenticatorPageCustomLinkUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthenticatorPageCustomLinkUrl gets a reference to the given string and assigns it to the AuthenticatorPageCustomLinkUrl field.
+func (o *SignInPageAllOfWidgetCustomizations) SetAuthenticatorPageCustomLinkUrl(v string) {
+	o.AuthenticatorPageCustomLinkUrl = &v
+}
+
+// GetClassicRecoveryFlowEmailOrUsernameLabel returns the ClassicRecoveryFlowEmailOrUsernameLabel field value if set, zero value otherwise.
+func (o *SignInPageAllOfWidgetCustomizations) GetClassicRecoveryFlowEmailOrUsernameLabel() string {
+	if o == nil || o.ClassicRecoveryFlowEmailOrUsernameLabel == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClassicRecoveryFlowEmailOrUsernameLabel
+}
+
+// GetClassicRecoveryFlowEmailOrUsernameLabelOk returns a tuple with the ClassicRecoveryFlowEmailOrUsernameLabel field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignInPageAllOfWidgetCustomizations) GetClassicRecoveryFlowEmailOrUsernameLabelOk() (*string, bool) {
+	if o == nil || o.ClassicRecoveryFlowEmailOrUsernameLabel == nil {
+		return nil, false
+	}
+	return o.ClassicRecoveryFlowEmailOrUsernameLabel, true
+}
+
+// HasClassicRecoveryFlowEmailOrUsernameLabel returns a boolean if a field has been set.
+func (o *SignInPageAllOfWidgetCustomizations) HasClassicRecoveryFlowEmailOrUsernameLabel() bool {
+	if o != nil && o.ClassicRecoveryFlowEmailOrUsernameLabel != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClassicRecoveryFlowEmailOrUsernameLabel gets a reference to the given string and assigns it to the ClassicRecoveryFlowEmailOrUsernameLabel field.
+func (o *SignInPageAllOfWidgetCustomizations) SetClassicRecoveryFlowEmailOrUsernameLabel(v string) {
+	o.ClassicRecoveryFlowEmailOrUsernameLabel = &v
+}
+
+func (o SignInPageAllOfWidgetCustomizations) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.SignInLabel != nil {
+		toSerialize["signInLabel"] = o.SignInLabel
+	}
+	if o.UsernameLabel != nil {
+		toSerialize["usernameLabel"] = o.UsernameLabel
+	}
+	if o.UsernameInfoTip != nil {
+		toSerialize["usernameInfoTip"] = o.UsernameInfoTip
+	}
+	if o.PasswordLabel != nil {
+		toSerialize["passwordLabel"] = o.PasswordLabel
+	}
+	if o.PasswordInfoTip != nil {
+		toSerialize["passwordInfoTip"] = o.PasswordInfoTip
+	}
+	if o.ShowPasswordVisibilityToggle != nil {
+		toSerialize["showPasswordVisibilityToggle"] = o.ShowPasswordVisibilityToggle
+	}
+	if o.ShowUserIdentifier != nil {
+		toSerialize["showUserIdentifier"] = o.ShowUserIdentifier
+	}
+	if o.ForgotPasswordLabel != nil {
+		toSerialize["forgotPasswordLabel"] = o.ForgotPasswordLabel
+	}
+	if o.ForgotPasswordUrl != nil {
+		toSerialize["forgotPasswordUrl"] = o.ForgotPasswordUrl
+	}
+	if o.UnlockAccountLabel != nil {
+		toSerialize["unlockAccountLabel"] = o.UnlockAccountLabel
+	}
+	if o.UnlockAccountUrl != nil {
+		toSerialize["unlockAccountUrl"] = o.UnlockAccountUrl
+	}
+	if o.HelpLabel != nil {
+		toSerialize["helpLabel"] = o.HelpLabel
+	}
+	if o.HelpUrl != nil {
+		toSerialize["helpUrl"] = o.HelpUrl
+	}
+	if o.CustomLink1Label != nil {
+		toSerialize["customLink1Label"] = o.CustomLink1Label
+	}
+	if o.CustomLink1Url != nil {
+		toSerialize["customLink1Url"] = o.CustomLink1Url
+	}
+	if o.CustomLink2Label != nil {
+		toSerialize["customLink2Label"] = o.CustomLink2Label
+	}
+	if o.CustomLink2Url != nil {
+		toSerialize["customLink2Url"] = o.CustomLink2Url
+	}
+	if o.AuthenticatorPageCustomLinkLabel != nil {
+		toSerialize["authenticatorPageCustomLinkLabel"] = o.AuthenticatorPageCustomLinkLabel
+	}
+	if o.AuthenticatorPageCustomLinkUrl != nil {
+		toSerialize["authenticatorPageCustomLinkUrl"] = o.AuthenticatorPageCustomLinkUrl
+	}
+	if o.ClassicRecoveryFlowEmailOrUsernameLabel != nil {
+		toSerialize["classicRecoveryFlowEmailOrUsernameLabel"] = o.ClassicRecoveryFlowEmailOrUsernameLabel
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SignInPageAllOfWidgetCustomizations) UnmarshalJSON(bytes []byte) (err error) {
+	varSignInPageAllOfWidgetCustomizations := _SignInPageAllOfWidgetCustomizations{}
+
+	err = json.Unmarshal(bytes, &varSignInPageAllOfWidgetCustomizations)
+	if err == nil {
+		*o = SignInPageAllOfWidgetCustomizations(varSignInPageAllOfWidgetCustomizations)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "signInLabel")
+		delete(additionalProperties, "usernameLabel")
+		delete(additionalProperties, "usernameInfoTip")
+		delete(additionalProperties, "passwordLabel")
+		delete(additionalProperties, "passwordInfoTip")
+		delete(additionalProperties, "showPasswordVisibilityToggle")
+		delete(additionalProperties, "showUserIdentifier")
+		delete(additionalProperties, "forgotPasswordLabel")
+		delete(additionalProperties, "forgotPasswordUrl")
+		delete(additionalProperties, "unlockAccountLabel")
+		delete(additionalProperties, "unlockAccountUrl")
+		delete(additionalProperties, "helpLabel")
+		delete(additionalProperties, "helpUrl")
+		delete(additionalProperties, "customLink1Label")
+		delete(additionalProperties, "customLink1Url")
+		delete(additionalProperties, "customLink2Label")
+		delete(additionalProperties, "customLink2Url")
+		delete(additionalProperties, "authenticatorPageCustomLinkLabel")
+		delete(additionalProperties, "authenticatorPageCustomLinkUrl")
+		delete(additionalProperties, "classicRecoveryFlowEmailOrUsernameLabel")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSignInPageAllOfWidgetCustomizations struct {
+	value *SignInPageAllOfWidgetCustomizations
+	isSet bool
+}
+
+func (v NullableSignInPageAllOfWidgetCustomizations) Get() *SignInPageAllOfWidgetCustomizations {
+	return v.value
+}
+
+func (v *NullableSignInPageAllOfWidgetCustomizations) Set(val *SignInPageAllOfWidgetCustomizations) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSignInPageAllOfWidgetCustomizations) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSignInPageAllOfWidgetCustomizations) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSignInPageAllOfWidgetCustomizations(val *SignInPageAllOfWidgetCustomizations) *NullableSignInPageAllOfWidgetCustomizations {
+	return &NullableSignInPageAllOfWidgetCustomizations{value: val, isSet: true}
+}
+
+func (v NullableSignInPageAllOfWidgetCustomizations) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSignInPageAllOfWidgetCustomizations) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sign_in_page_touch_point_variant.go b/okta/model_sign_in_page_touch_point_variant.go
new file mode 100644
index 000000000..537882144
--- /dev/null
+++ b/okta/model_sign_in_page_touch_point_variant.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SignInPageTouchPointVariant the model 'SignInPageTouchPointVariant'
+type SignInPageTouchPointVariant string
+
+// List of SignInPageTouchPointVariant
+const (
+	SIGNINPAGETOUCHPOINTVARIANT_BACKGROUND_IMAGE           SignInPageTouchPointVariant = "BACKGROUND_IMAGE"
+	SIGNINPAGETOUCHPOINTVARIANT_BACKGROUND_SECONDARY_COLOR SignInPageTouchPointVariant = "BACKGROUND_SECONDARY_COLOR"
+	SIGNINPAGETOUCHPOINTVARIANT_OKTA_DEFAULT               SignInPageTouchPointVariant = "OKTA_DEFAULT"
+)
+
+// All allowed values of SignInPageTouchPointVariant enum
+var AllowedSignInPageTouchPointVariantEnumValues = []SignInPageTouchPointVariant{
+	"BACKGROUND_IMAGE",
+	"BACKGROUND_SECONDARY_COLOR",
+	"OKTA_DEFAULT",
+}
+
+func (v *SignInPageTouchPointVariant) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SignInPageTouchPointVariant(value)
+	for _, existing := range AllowedSignInPageTouchPointVariantEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SignInPageTouchPointVariant", value)
+}
+
+// NewSignInPageTouchPointVariantFromValue returns a pointer to a valid SignInPageTouchPointVariant
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSignInPageTouchPointVariantFromValue(v string) (*SignInPageTouchPointVariant, error) {
+	ev := SignInPageTouchPointVariant(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SignInPageTouchPointVariant: valid values are %v", v, AllowedSignInPageTouchPointVariantEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SignInPageTouchPointVariant) IsValid() bool {
+	for _, existing := range AllowedSignInPageTouchPointVariantEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SignInPageTouchPointVariant value
+func (v SignInPageTouchPointVariant) Ptr() *SignInPageTouchPointVariant {
+	return &v
+}
+
+type NullableSignInPageTouchPointVariant struct {
+	value *SignInPageTouchPointVariant
+	isSet bool
+}
+
+func (v NullableSignInPageTouchPointVariant) Get() *SignInPageTouchPointVariant {
+	return v.value
+}
+
+func (v *NullableSignInPageTouchPointVariant) Set(val *SignInPageTouchPointVariant) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSignInPageTouchPointVariant) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSignInPageTouchPointVariant) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSignInPageTouchPointVariant(val *SignInPageTouchPointVariant) *NullableSignInPageTouchPointVariant {
+	return &NullableSignInPageTouchPointVariant{value: val, isSet: true}
+}
+
+func (v NullableSignInPageTouchPointVariant) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSignInPageTouchPointVariant) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sign_on_inline_hook.go b/okta/model_sign_on_inline_hook.go
new file mode 100644
index 000000000..982b1b85b
--- /dev/null
+++ b/okta/model_sign_on_inline_hook.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SignOnInlineHook struct for SignOnInlineHook
+type SignOnInlineHook struct {
+	Id                   *string `json:"id,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SignOnInlineHook SignOnInlineHook
+
+// NewSignOnInlineHook instantiates a new SignOnInlineHook object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSignOnInlineHook() *SignOnInlineHook {
+	this := SignOnInlineHook{}
+	return &this
+}
+
+// NewSignOnInlineHookWithDefaults instantiates a new SignOnInlineHook object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSignOnInlineHookWithDefaults() *SignOnInlineHook {
+	this := SignOnInlineHook{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *SignOnInlineHook) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SignOnInlineHook) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *SignOnInlineHook) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *SignOnInlineHook) SetId(v string) {
+	o.Id = &v
+}
+
+func (o SignOnInlineHook) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SignOnInlineHook) UnmarshalJSON(bytes []byte) (err error) {
+	varSignOnInlineHook := _SignOnInlineHook{}
+
+	err = json.Unmarshal(bytes, &varSignOnInlineHook)
+	if err == nil {
+		*o = SignOnInlineHook(varSignOnInlineHook)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSignOnInlineHook struct {
+	value *SignOnInlineHook
+	isSet bool
+}
+
+func (v NullableSignOnInlineHook) Get() *SignOnInlineHook {
+	return v.value
+}
+
+func (v *NullableSignOnInlineHook) Set(val *SignOnInlineHook) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSignOnInlineHook) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSignOnInlineHook) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSignOnInlineHook(val *SignOnInlineHook) *NullableSignOnInlineHook {
+	return &NullableSignOnInlineHook{value: val, isSet: true}
+}
+
+func (v NullableSignOnInlineHook) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSignOnInlineHook) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_single_logout.go b/okta/model_single_logout.go
new file mode 100644
index 000000000..b83d30d01
--- /dev/null
+++ b/okta/model_single_logout.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SingleLogout struct for SingleLogout
+type SingleLogout struct {
+	Enabled              *bool   `json:"enabled,omitempty"`
+	Issuer               *string `json:"issuer,omitempty"`
+	LogoutUrl            *string `json:"logoutUrl,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SingleLogout SingleLogout
+
+// NewSingleLogout instantiates a new SingleLogout object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSingleLogout() *SingleLogout {
+	this := SingleLogout{}
+	return &this
+}
+
+// NewSingleLogoutWithDefaults instantiates a new SingleLogout object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSingleLogoutWithDefaults() *SingleLogout {
+	this := SingleLogout{}
+	return &this
+}
+
+// GetEnabled returns the Enabled field value if set, zero value otherwise.
+func (o *SingleLogout) GetEnabled() bool {
+	if o == nil || o.Enabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Enabled
+}
+
+// GetEnabledOk returns a tuple with the Enabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SingleLogout) GetEnabledOk() (*bool, bool) {
+	if o == nil || o.Enabled == nil {
+		return nil, false
+	}
+	return o.Enabled, true
+}
+
+// HasEnabled returns a boolean if a field has been set.
+func (o *SingleLogout) HasEnabled() bool {
+	if o != nil && o.Enabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnabled gets a reference to the given bool and assigns it to the Enabled field.
+func (o *SingleLogout) SetEnabled(v bool) {
+	o.Enabled = &v
+}
+
+// GetIssuer returns the Issuer field value if set, zero value otherwise.
+func (o *SingleLogout) GetIssuer() string {
+	if o == nil || o.Issuer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Issuer
+}
+
+// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SingleLogout) GetIssuerOk() (*string, bool) {
+	if o == nil || o.Issuer == nil {
+		return nil, false
+	}
+	return o.Issuer, true
+}
+
+// HasIssuer returns a boolean if a field has been set.
+func (o *SingleLogout) HasIssuer() bool {
+	if o != nil && o.Issuer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIssuer gets a reference to the given string and assigns it to the Issuer field.
+func (o *SingleLogout) SetIssuer(v string) {
+	o.Issuer = &v
+}
+
+// GetLogoutUrl returns the LogoutUrl field value if set, zero value otherwise.
+func (o *SingleLogout) GetLogoutUrl() string {
+	if o == nil || o.LogoutUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.LogoutUrl
+}
+
+// GetLogoutUrlOk returns a tuple with the LogoutUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SingleLogout) GetLogoutUrlOk() (*string, bool) {
+	if o == nil || o.LogoutUrl == nil {
+		return nil, false
+	}
+	return o.LogoutUrl, true
+}
+
+// HasLogoutUrl returns a boolean if a field has been set.
+func (o *SingleLogout) HasLogoutUrl() bool {
+	if o != nil && o.LogoutUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogoutUrl gets a reference to the given string and assigns it to the LogoutUrl field.
+func (o *SingleLogout) SetLogoutUrl(v string) {
+	o.LogoutUrl = &v
+}
+
+func (o SingleLogout) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enabled != nil {
+		toSerialize["enabled"] = o.Enabled
+	}
+	if o.Issuer != nil {
+		toSerialize["issuer"] = o.Issuer
+	}
+	if o.LogoutUrl != nil {
+		toSerialize["logoutUrl"] = o.LogoutUrl
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SingleLogout) UnmarshalJSON(bytes []byte) (err error) {
+	varSingleLogout := _SingleLogout{}
+
+	err = json.Unmarshal(bytes, &varSingleLogout)
+	if err == nil {
+		*o = SingleLogout(varSingleLogout)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enabled")
+		delete(additionalProperties, "issuer")
+		delete(additionalProperties, "logoutUrl")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSingleLogout struct {
+	value *SingleLogout
+	isSet bool
+}
+
+func (v NullableSingleLogout) Get() *SingleLogout {
+	return v.value
+}
+
+func (v *NullableSingleLogout) Set(val *SingleLogout) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSingleLogout) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSingleLogout) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSingleLogout(val *SingleLogout) *NullableSingleLogout {
+	return &NullableSingleLogout{value: val, isSet: true}
+}
+
+func (v NullableSingleLogout) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSingleLogout) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sms_template.go b/okta/model_sms_template.go
new file mode 100644
index 000000000..154193cb7
--- /dev/null
+++ b/okta/model_sms_template.go
@@ -0,0 +1,381 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// SmsTemplate struct for SmsTemplate
+type SmsTemplate struct {
+	Created              *time.Time             `json:"created,omitempty"`
+	Id                   *string                `json:"id,omitempty"`
+	LastUpdated          *time.Time             `json:"lastUpdated,omitempty"`
+	Name                 *string                `json:"name,omitempty"`
+	Template             *string                `json:"template,omitempty"`
+	Translations         map[string]interface{} `json:"translations,omitempty"`
+	Type                 *SmsTemplateType       `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SmsTemplate SmsTemplate
+
+// NewSmsTemplate instantiates a new SmsTemplate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSmsTemplate() *SmsTemplate {
+	this := SmsTemplate{}
+	return &this
+}
+
+// NewSmsTemplateWithDefaults instantiates a new SmsTemplate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSmsTemplateWithDefaults() *SmsTemplate {
+	this := SmsTemplate{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *SmsTemplate) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsTemplate) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *SmsTemplate) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *SmsTemplate) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *SmsTemplate) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsTemplate) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *SmsTemplate) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *SmsTemplate) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *SmsTemplate) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsTemplate) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *SmsTemplate) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *SmsTemplate) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *SmsTemplate) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsTemplate) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *SmsTemplate) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *SmsTemplate) SetName(v string) {
+	o.Name = &v
+}
+
+// GetTemplate returns the Template field value if set, zero value otherwise.
+func (o *SmsTemplate) GetTemplate() string {
+	if o == nil || o.Template == nil {
+		var ret string
+		return ret
+	}
+	return *o.Template
+}
+
+// GetTemplateOk returns a tuple with the Template field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsTemplate) GetTemplateOk() (*string, bool) {
+	if o == nil || o.Template == nil {
+		return nil, false
+	}
+	return o.Template, true
+}
+
+// HasTemplate returns a boolean if a field has been set.
+func (o *SmsTemplate) HasTemplate() bool {
+	if o != nil && o.Template != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTemplate gets a reference to the given string and assigns it to the Template field.
+func (o *SmsTemplate) SetTemplate(v string) {
+	o.Template = &v
+}
+
+// GetTranslations returns the Translations field value if set, zero value otherwise.
+func (o *SmsTemplate) GetTranslations() map[string]interface{} {
+	if o == nil || o.Translations == nil {
+		var ret map[string]interface{}
+		return ret
+	}
+	return o.Translations
+}
+
+// GetTranslationsOk returns a tuple with the Translations field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsTemplate) GetTranslationsOk() (map[string]interface{}, bool) {
+	if o == nil || o.Translations == nil {
+		return nil, false
+	}
+	return o.Translations, true
+}
+
+// HasTranslations returns a boolean if a field has been set.
+func (o *SmsTemplate) HasTranslations() bool {
+	if o != nil && o.Translations != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTranslations gets a reference to the given map[string]interface{} and assigns it to the Translations field.
+func (o *SmsTemplate) SetTranslations(v map[string]interface{}) {
+	o.Translations = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *SmsTemplate) GetType() SmsTemplateType {
+	if o == nil || o.Type == nil {
+		var ret SmsTemplateType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsTemplate) GetTypeOk() (*SmsTemplateType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *SmsTemplate) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given SmsTemplateType and assigns it to the Type field.
+func (o *SmsTemplate) SetType(v SmsTemplateType) {
+	o.Type = &v
+}
+
+func (o SmsTemplate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Template != nil {
+		toSerialize["template"] = o.Template
+	}
+	if o.Translations != nil {
+		toSerialize["translations"] = o.Translations
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SmsTemplate) UnmarshalJSON(bytes []byte) (err error) {
+	varSmsTemplate := _SmsTemplate{}
+
+	err = json.Unmarshal(bytes, &varSmsTemplate)
+	if err == nil {
+		*o = SmsTemplate(varSmsTemplate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "template")
+		delete(additionalProperties, "translations")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSmsTemplate struct {
+	value *SmsTemplate
+	isSet bool
+}
+
+func (v NullableSmsTemplate) Get() *SmsTemplate {
+	return v.value
+}
+
+func (v *NullableSmsTemplate) Set(val *SmsTemplate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSmsTemplate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSmsTemplate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSmsTemplate(val *SmsTemplate) *NullableSmsTemplate {
+	return &NullableSmsTemplate{value: val, isSet: true}
+}
+
+func (v NullableSmsTemplate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSmsTemplate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sms_template_type.go b/okta/model_sms_template_type.go
new file mode 100644
index 000000000..ec1971d3c
--- /dev/null
+++ b/okta/model_sms_template_type.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SmsTemplateType the model 'SmsTemplateType'
+type SmsTemplateType string
+
+// List of SmsTemplateType
+const (
+	SMSTEMPLATETYPE_SMS_VERIFY_CODE SmsTemplateType = "SMS_VERIFY_CODE"
+)
+
+// All allowed values of SmsTemplateType enum
+var AllowedSmsTemplateTypeEnumValues = []SmsTemplateType{
+	"SMS_VERIFY_CODE",
+}
+
+func (v *SmsTemplateType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SmsTemplateType(value)
+	for _, existing := range AllowedSmsTemplateTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SmsTemplateType", value)
+}
+
+// NewSmsTemplateTypeFromValue returns a pointer to a valid SmsTemplateType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSmsTemplateTypeFromValue(v string) (*SmsTemplateType, error) {
+	ev := SmsTemplateType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SmsTemplateType: valid values are %v", v, AllowedSmsTemplateTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SmsTemplateType) IsValid() bool {
+	for _, existing := range AllowedSmsTemplateTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SmsTemplateType value
+func (v SmsTemplateType) Ptr() *SmsTemplateType {
+	return &v
+}
+
+type NullableSmsTemplateType struct {
+	value *SmsTemplateType
+	isSet bool
+}
+
+func (v NullableSmsTemplateType) Get() *SmsTemplateType {
+	return v.value
+}
+
+func (v *NullableSmsTemplateType) Set(val *SmsTemplateType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSmsTemplateType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSmsTemplateType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSmsTemplateType(val *SmsTemplateType) *NullableSmsTemplateType {
+	return &NullableSmsTemplateType{value: val, isSet: true}
+}
+
+func (v NullableSmsTemplateType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSmsTemplateType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sms_user_factor.go b/okta/model_sms_user_factor.go
new file mode 100644
index 000000000..2531dd81e
--- /dev/null
+++ b/okta/model_sms_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// SmsUserFactor struct for SmsUserFactor
+type SmsUserFactor struct {
+	UserFactor
+	Profile              *SmsUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SmsUserFactor SmsUserFactor
+
+// NewSmsUserFactor instantiates a new SmsUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSmsUserFactor() *SmsUserFactor {
+	this := SmsUserFactor{}
+	return &this
+}
+
+// NewSmsUserFactorWithDefaults instantiates a new SmsUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSmsUserFactorWithDefaults() *SmsUserFactor {
+	this := SmsUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *SmsUserFactor) GetProfile() SmsUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret SmsUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsUserFactor) GetProfileOk() (*SmsUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *SmsUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given SmsUserFactorProfile and assigns it to the Profile field.
+func (o *SmsUserFactor) SetProfile(v SmsUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o SmsUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SmsUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type SmsUserFactorWithoutEmbeddedStruct struct {
+		Profile *SmsUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varSmsUserFactorWithoutEmbeddedStruct := SmsUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varSmsUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varSmsUserFactor := _SmsUserFactor{}
+		varSmsUserFactor.Profile = varSmsUserFactorWithoutEmbeddedStruct.Profile
+		*o = SmsUserFactor(varSmsUserFactor)
+	} else {
+		return err
+	}
+
+	varSmsUserFactor := _SmsUserFactor{}
+
+	err = json.Unmarshal(bytes, &varSmsUserFactor)
+	if err == nil {
+		o.UserFactor = varSmsUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSmsUserFactor struct {
+	value *SmsUserFactor
+	isSet bool
+}
+
+func (v NullableSmsUserFactor) Get() *SmsUserFactor {
+	return v.value
+}
+
+func (v *NullableSmsUserFactor) Set(val *SmsUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSmsUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSmsUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSmsUserFactor(val *SmsUserFactor) *NullableSmsUserFactor {
+	return &NullableSmsUserFactor{value: val, isSet: true}
+}
+
+func (v NullableSmsUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSmsUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sms_user_factor_all_of.go b/okta/model_sms_user_factor_all_of.go
new file mode 100644
index 000000000..c11d3d5e1
--- /dev/null
+++ b/okta/model_sms_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SmsUserFactorAllOf struct for SmsUserFactorAllOf
+type SmsUserFactorAllOf struct {
+	Profile              *SmsUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SmsUserFactorAllOf SmsUserFactorAllOf
+
+// NewSmsUserFactorAllOf instantiates a new SmsUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSmsUserFactorAllOf() *SmsUserFactorAllOf {
+	this := SmsUserFactorAllOf{}
+	return &this
+}
+
+// NewSmsUserFactorAllOfWithDefaults instantiates a new SmsUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSmsUserFactorAllOfWithDefaults() *SmsUserFactorAllOf {
+	this := SmsUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *SmsUserFactorAllOf) GetProfile() SmsUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret SmsUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsUserFactorAllOf) GetProfileOk() (*SmsUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *SmsUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given SmsUserFactorProfile and assigns it to the Profile field.
+func (o *SmsUserFactorAllOf) SetProfile(v SmsUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o SmsUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SmsUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSmsUserFactorAllOf := _SmsUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varSmsUserFactorAllOf)
+	if err == nil {
+		*o = SmsUserFactorAllOf(varSmsUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSmsUserFactorAllOf struct {
+	value *SmsUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableSmsUserFactorAllOf) Get() *SmsUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableSmsUserFactorAllOf) Set(val *SmsUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSmsUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSmsUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSmsUserFactorAllOf(val *SmsUserFactorAllOf) *NullableSmsUserFactorAllOf {
+	return &NullableSmsUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableSmsUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSmsUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sms_user_factor_profile.go b/okta/model_sms_user_factor_profile.go
new file mode 100644
index 000000000..109e55d86
--- /dev/null
+++ b/okta/model_sms_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SmsUserFactorProfile struct for SmsUserFactorProfile
+type SmsUserFactorProfile struct {
+	PhoneNumber          *string `json:"phoneNumber,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SmsUserFactorProfile SmsUserFactorProfile
+
+// NewSmsUserFactorProfile instantiates a new SmsUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSmsUserFactorProfile() *SmsUserFactorProfile {
+	this := SmsUserFactorProfile{}
+	return &this
+}
+
+// NewSmsUserFactorProfileWithDefaults instantiates a new SmsUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSmsUserFactorProfileWithDefaults() *SmsUserFactorProfile {
+	this := SmsUserFactorProfile{}
+	return &this
+}
+
+// GetPhoneNumber returns the PhoneNumber field value if set, zero value otherwise.
+func (o *SmsUserFactorProfile) GetPhoneNumber() string {
+	if o == nil || o.PhoneNumber == nil {
+		var ret string
+		return ret
+	}
+	return *o.PhoneNumber
+}
+
+// GetPhoneNumberOk returns a tuple with the PhoneNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SmsUserFactorProfile) GetPhoneNumberOk() (*string, bool) {
+	if o == nil || o.PhoneNumber == nil {
+		return nil, false
+	}
+	return o.PhoneNumber, true
+}
+
+// HasPhoneNumber returns a boolean if a field has been set.
+func (o *SmsUserFactorProfile) HasPhoneNumber() bool {
+	if o != nil && o.PhoneNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPhoneNumber gets a reference to the given string and assigns it to the PhoneNumber field.
+func (o *SmsUserFactorProfile) SetPhoneNumber(v string) {
+	o.PhoneNumber = &v
+}
+
+func (o SmsUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.PhoneNumber != nil {
+		toSerialize["phoneNumber"] = o.PhoneNumber
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SmsUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varSmsUserFactorProfile := _SmsUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varSmsUserFactorProfile)
+	if err == nil {
+		*o = SmsUserFactorProfile(varSmsUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "phoneNumber")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSmsUserFactorProfile struct {
+	value *SmsUserFactorProfile
+	isSet bool
+}
+
+func (v NullableSmsUserFactorProfile) Get() *SmsUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableSmsUserFactorProfile) Set(val *SmsUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSmsUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSmsUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSmsUserFactorProfile(val *SmsUserFactorProfile) *NullableSmsUserFactorProfile {
+	return &NullableSmsUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableSmsUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSmsUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_social_auth_token.go b/okta/model_social_auth_token.go
new file mode 100644
index 000000000..e95297e57
--- /dev/null
+++ b/okta/model_social_auth_token.go
@@ -0,0 +1,344 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// SocialAuthToken struct for SocialAuthToken
+type SocialAuthToken struct {
+	ExpiresAt            *time.Time `json:"expiresAt,omitempty"`
+	Id                   *string    `json:"id,omitempty"`
+	Scopes               []string   `json:"scopes,omitempty"`
+	Token                *string    `json:"token,omitempty"`
+	TokenAuthScheme      *string    `json:"tokenAuthScheme,omitempty"`
+	TokenType            *string    `json:"tokenType,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SocialAuthToken SocialAuthToken
+
+// NewSocialAuthToken instantiates a new SocialAuthToken object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSocialAuthToken() *SocialAuthToken {
+	this := SocialAuthToken{}
+	return &this
+}
+
+// NewSocialAuthTokenWithDefaults instantiates a new SocialAuthToken object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSocialAuthTokenWithDefaults() *SocialAuthToken {
+	this := SocialAuthToken{}
+	return &this
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *SocialAuthToken) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SocialAuthToken) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *SocialAuthToken) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *SocialAuthToken) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *SocialAuthToken) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SocialAuthToken) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *SocialAuthToken) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *SocialAuthToken) SetId(v string) {
+	o.Id = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *SocialAuthToken) GetScopes() []string {
+	if o == nil || o.Scopes == nil {
+		var ret []string
+		return ret
+	}
+	return o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SocialAuthToken) GetScopesOk() ([]string, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *SocialAuthToken) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given []string and assigns it to the Scopes field.
+func (o *SocialAuthToken) SetScopes(v []string) {
+	o.Scopes = v
+}
+
+// GetToken returns the Token field value if set, zero value otherwise.
+func (o *SocialAuthToken) GetToken() string {
+	if o == nil || o.Token == nil {
+		var ret string
+		return ret
+	}
+	return *o.Token
+}
+
+// GetTokenOk returns a tuple with the Token field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SocialAuthToken) GetTokenOk() (*string, bool) {
+	if o == nil || o.Token == nil {
+		return nil, false
+	}
+	return o.Token, true
+}
+
+// HasToken returns a boolean if a field has been set.
+func (o *SocialAuthToken) HasToken() bool {
+	if o != nil && o.Token != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetToken gets a reference to the given string and assigns it to the Token field.
+func (o *SocialAuthToken) SetToken(v string) {
+	o.Token = &v
+}
+
+// GetTokenAuthScheme returns the TokenAuthScheme field value if set, zero value otherwise.
+func (o *SocialAuthToken) GetTokenAuthScheme() string {
+	if o == nil || o.TokenAuthScheme == nil {
+		var ret string
+		return ret
+	}
+	return *o.TokenAuthScheme
+}
+
+// GetTokenAuthSchemeOk returns a tuple with the TokenAuthScheme field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SocialAuthToken) GetTokenAuthSchemeOk() (*string, bool) {
+	if o == nil || o.TokenAuthScheme == nil {
+		return nil, false
+	}
+	return o.TokenAuthScheme, true
+}
+
+// HasTokenAuthScheme returns a boolean if a field has been set.
+func (o *SocialAuthToken) HasTokenAuthScheme() bool {
+	if o != nil && o.TokenAuthScheme != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenAuthScheme gets a reference to the given string and assigns it to the TokenAuthScheme field.
+func (o *SocialAuthToken) SetTokenAuthScheme(v string) {
+	o.TokenAuthScheme = &v
+}
+
+// GetTokenType returns the TokenType field value if set, zero value otherwise.
+func (o *SocialAuthToken) GetTokenType() string {
+	if o == nil || o.TokenType == nil {
+		var ret string
+		return ret
+	}
+	return *o.TokenType
+}
+
+// GetTokenTypeOk returns a tuple with the TokenType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SocialAuthToken) GetTokenTypeOk() (*string, bool) {
+	if o == nil || o.TokenType == nil {
+		return nil, false
+	}
+	return o.TokenType, true
+}
+
+// HasTokenType returns a boolean if a field has been set.
+func (o *SocialAuthToken) HasTokenType() bool {
+	if o != nil && o.TokenType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTokenType gets a reference to the given string and assigns it to the TokenType field.
+func (o *SocialAuthToken) SetTokenType(v string) {
+	o.TokenType = &v
+}
+
+func (o SocialAuthToken) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.Token != nil {
+		toSerialize["token"] = o.Token
+	}
+	if o.TokenAuthScheme != nil {
+		toSerialize["tokenAuthScheme"] = o.TokenAuthScheme
+	}
+	if o.TokenType != nil {
+		toSerialize["tokenType"] = o.TokenType
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SocialAuthToken) UnmarshalJSON(bytes []byte) (err error) {
+	varSocialAuthToken := _SocialAuthToken{}
+
+	err = json.Unmarshal(bytes, &varSocialAuthToken)
+	if err == nil {
+		*o = SocialAuthToken(varSocialAuthToken)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "token")
+		delete(additionalProperties, "tokenAuthScheme")
+		delete(additionalProperties, "tokenType")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSocialAuthToken struct {
+	value *SocialAuthToken
+	isSet bool
+}
+
+func (v NullableSocialAuthToken) Get() *SocialAuthToken {
+	return v.value
+}
+
+func (v *NullableSocialAuthToken) Set(val *SocialAuthToken) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSocialAuthToken) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSocialAuthToken) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSocialAuthToken(val *SocialAuthToken) *NullableSocialAuthToken {
+	return &NullableSocialAuthToken{value: val, isSet: true}
+}
+
+func (v NullableSocialAuthToken) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSocialAuthToken) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_sp_certificate.go b/okta/model_sp_certificate.go
new file mode 100644
index 000000000..21e4415f3
--- /dev/null
+++ b/okta/model_sp_certificate.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SpCertificate struct for SpCertificate
+type SpCertificate struct {
+	X5c                  []string `json:"x5c,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SpCertificate SpCertificate
+
+// NewSpCertificate instantiates a new SpCertificate object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSpCertificate() *SpCertificate {
+	this := SpCertificate{}
+	return &this
+}
+
+// NewSpCertificateWithDefaults instantiates a new SpCertificate object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSpCertificateWithDefaults() *SpCertificate {
+	this := SpCertificate{}
+	return &this
+}
+
+// GetX5c returns the X5c field value if set, zero value otherwise.
+func (o *SpCertificate) GetX5c() []string {
+	if o == nil || o.X5c == nil {
+		var ret []string
+		return ret
+	}
+	return o.X5c
+}
+
+// GetX5cOk returns a tuple with the X5c field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SpCertificate) GetX5cOk() ([]string, bool) {
+	if o == nil || o.X5c == nil {
+		return nil, false
+	}
+	return o.X5c, true
+}
+
+// HasX5c returns a boolean if a field has been set.
+func (o *SpCertificate) HasX5c() bool {
+	if o != nil && o.X5c != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetX5c gets a reference to the given []string and assigns it to the X5c field.
+func (o *SpCertificate) SetX5c(v []string) {
+	o.X5c = v
+}
+
+func (o SpCertificate) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.X5c != nil {
+		toSerialize["x5c"] = o.X5c
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SpCertificate) UnmarshalJSON(bytes []byte) (err error) {
+	varSpCertificate := _SpCertificate{}
+
+	err = json.Unmarshal(bytes, &varSpCertificate)
+	if err == nil {
+		*o = SpCertificate(varSpCertificate)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "x5c")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSpCertificate struct {
+	value *SpCertificate
+	isSet bool
+}
+
+func (v NullableSpCertificate) Get() *SpCertificate {
+	return v.value
+}
+
+func (v *NullableSpCertificate) Set(val *SpCertificate) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSpCertificate) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSpCertificate) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSpCertificate(val *SpCertificate) *NullableSpCertificate {
+	return &NullableSpCertificate{value: val, isSet: true}
+}
+
+func (v NullableSpCertificate) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSpCertificate) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_subscription.go b/okta/model_subscription.go
new file mode 100644
index 000000000..35c1c64bd
--- /dev/null
+++ b/okta/model_subscription.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Subscription struct for Subscription
+type Subscription struct {
+	Channels             []string                          `json:"channels,omitempty"`
+	NotificationType     *NotificationType                 `json:"notificationType,omitempty"`
+	Status               *SubscriptionStatus               `json:"status,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _Subscription Subscription
+
+// NewSubscription instantiates a new Subscription object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSubscription() *Subscription {
+	this := Subscription{}
+	return &this
+}
+
+// NewSubscriptionWithDefaults instantiates a new Subscription object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSubscriptionWithDefaults() *Subscription {
+	this := Subscription{}
+	return &this
+}
+
+// GetChannels returns the Channels field value if set, zero value otherwise.
+func (o *Subscription) GetChannels() []string {
+	if o == nil || o.Channels == nil {
+		var ret []string
+		return ret
+	}
+	return o.Channels
+}
+
+// GetChannelsOk returns a tuple with the Channels field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Subscription) GetChannelsOk() ([]string, bool) {
+	if o == nil || o.Channels == nil {
+		return nil, false
+	}
+	return o.Channels, true
+}
+
+// HasChannels returns a boolean if a field has been set.
+func (o *Subscription) HasChannels() bool {
+	if o != nil && o.Channels != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetChannels gets a reference to the given []string and assigns it to the Channels field.
+func (o *Subscription) SetChannels(v []string) {
+	o.Channels = v
+}
+
+// GetNotificationType returns the NotificationType field value if set, zero value otherwise.
+func (o *Subscription) GetNotificationType() NotificationType {
+	if o == nil || o.NotificationType == nil {
+		var ret NotificationType
+		return ret
+	}
+	return *o.NotificationType
+}
+
+// GetNotificationTypeOk returns a tuple with the NotificationType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Subscription) GetNotificationTypeOk() (*NotificationType, bool) {
+	if o == nil || o.NotificationType == nil {
+		return nil, false
+	}
+	return o.NotificationType, true
+}
+
+// HasNotificationType returns a boolean if a field has been set.
+func (o *Subscription) HasNotificationType() bool {
+	if o != nil && o.NotificationType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotificationType gets a reference to the given NotificationType and assigns it to the NotificationType field.
+func (o *Subscription) SetNotificationType(v NotificationType) {
+	o.NotificationType = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *Subscription) GetStatus() SubscriptionStatus {
+	if o == nil || o.Status == nil {
+		var ret SubscriptionStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Subscription) GetStatusOk() (*SubscriptionStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *Subscription) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given SubscriptionStatus and assigns it to the Status field.
+func (o *Subscription) SetStatus(v SubscriptionStatus) {
+	o.Status = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Subscription) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Subscription) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Subscription) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *Subscription) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o Subscription) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Channels != nil {
+		toSerialize["channels"] = o.Channels
+	}
+	if o.NotificationType != nil {
+		toSerialize["notificationType"] = o.NotificationType
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Subscription) UnmarshalJSON(bytes []byte) (err error) {
+	varSubscription := _Subscription{}
+
+	err = json.Unmarshal(bytes, &varSubscription)
+	if err == nil {
+		*o = Subscription(varSubscription)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "channels")
+		delete(additionalProperties, "notificationType")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSubscription struct {
+	value *Subscription
+	isSet bool
+}
+
+func (v NullableSubscription) Get() *Subscription {
+	return v.value
+}
+
+func (v *NullableSubscription) Set(val *Subscription) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSubscription) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSubscription) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSubscription(val *Subscription) *NullableSubscription {
+	return &NullableSubscription{value: val, isSet: true}
+}
+
+func (v NullableSubscription) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSubscription) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_subscription_status.go b/okta/model_subscription_status.go
new file mode 100644
index 000000000..764123846
--- /dev/null
+++ b/okta/model_subscription_status.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// SubscriptionStatus the model 'SubscriptionStatus'
+type SubscriptionStatus string
+
+// List of SubscriptionStatus
+const (
+	SUBSCRIPTIONSTATUS_SUBSCRIBED   SubscriptionStatus = "subscribed"
+	SUBSCRIPTIONSTATUS_UNSUBSCRIBED SubscriptionStatus = "unsubscribed"
+)
+
+// All allowed values of SubscriptionStatus enum
+var AllowedSubscriptionStatusEnumValues = []SubscriptionStatus{
+	"subscribed",
+	"unsubscribed",
+}
+
+func (v *SubscriptionStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := SubscriptionStatus(value)
+	for _, existing := range AllowedSubscriptionStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid SubscriptionStatus", value)
+}
+
+// NewSubscriptionStatusFromValue returns a pointer to a valid SubscriptionStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewSubscriptionStatusFromValue(v string) (*SubscriptionStatus, error) {
+	ev := SubscriptionStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for SubscriptionStatus: valid values are %v", v, AllowedSubscriptionStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v SubscriptionStatus) IsValid() bool {
+	for _, existing := range AllowedSubscriptionStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to SubscriptionStatus value
+func (v SubscriptionStatus) Ptr() *SubscriptionStatus {
+	return &v
+}
+
+type NullableSubscriptionStatus struct {
+	value *SubscriptionStatus
+	isSet bool
+}
+
+func (v NullableSubscriptionStatus) Get() *SubscriptionStatus {
+	return v.value
+}
+
+func (v *NullableSubscriptionStatus) Set(val *SubscriptionStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSubscriptionStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSubscriptionStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSubscriptionStatus(val *SubscriptionStatus) *NullableSubscriptionStatus {
+	return &NullableSubscriptionStatus{value: val, isSet: true}
+}
+
+func (v NullableSubscriptionStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSubscriptionStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_swa_application_settings.go b/okta/model_swa_application_settings.go
new file mode 100644
index 000000000..fab278f60
--- /dev/null
+++ b/okta/model_swa_application_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SwaApplicationSettings struct for SwaApplicationSettings
+type SwaApplicationSettings struct {
+	IdentityStoreId      *string                            `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                              `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                            `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes          `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications  `json:"notifications,omitempty"`
+	App                  *SwaApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SwaApplicationSettings SwaApplicationSettings
+
+// NewSwaApplicationSettings instantiates a new SwaApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSwaApplicationSettings() *SwaApplicationSettings {
+	this := SwaApplicationSettings{}
+	return &this
+}
+
+// NewSwaApplicationSettingsWithDefaults instantiates a new SwaApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSwaApplicationSettingsWithDefaults() *SwaApplicationSettings {
+	this := SwaApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *SwaApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *SwaApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *SwaApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *SwaApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *SwaApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *SwaApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *SwaApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *SwaApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *SwaApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *SwaApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *SwaApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *SwaApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *SwaApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *SwaApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *SwaApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *SwaApplicationSettings) GetApp() SwaApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret SwaApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettings) GetAppOk() (*SwaApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *SwaApplicationSettings) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given SwaApplicationSettingsApplication and assigns it to the App field.
+func (o *SwaApplicationSettings) SetApp(v SwaApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o SwaApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SwaApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varSwaApplicationSettings := _SwaApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varSwaApplicationSettings)
+	if err == nil {
+		*o = SwaApplicationSettings(varSwaApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSwaApplicationSettings struct {
+	value *SwaApplicationSettings
+	isSet bool
+}
+
+func (v NullableSwaApplicationSettings) Get() *SwaApplicationSettings {
+	return v.value
+}
+
+func (v *NullableSwaApplicationSettings) Set(val *SwaApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSwaApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSwaApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSwaApplicationSettings(val *SwaApplicationSettings) *NullableSwaApplicationSettings {
+	return &NullableSwaApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableSwaApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSwaApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_swa_application_settings_all_of.go b/okta/model_swa_application_settings_all_of.go
new file mode 100644
index 000000000..261728a31
--- /dev/null
+++ b/okta/model_swa_application_settings_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SwaApplicationSettingsAllOf struct for SwaApplicationSettingsAllOf
+type SwaApplicationSettingsAllOf struct {
+	App                  *SwaApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SwaApplicationSettingsAllOf SwaApplicationSettingsAllOf
+
+// NewSwaApplicationSettingsAllOf instantiates a new SwaApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSwaApplicationSettingsAllOf() *SwaApplicationSettingsAllOf {
+	this := SwaApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewSwaApplicationSettingsAllOfWithDefaults instantiates a new SwaApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSwaApplicationSettingsAllOfWithDefaults() *SwaApplicationSettingsAllOf {
+	this := SwaApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsAllOf) GetApp() SwaApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret SwaApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsAllOf) GetAppOk() (*SwaApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsAllOf) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given SwaApplicationSettingsApplication and assigns it to the App field.
+func (o *SwaApplicationSettingsAllOf) SetApp(v SwaApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o SwaApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SwaApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varSwaApplicationSettingsAllOf := _SwaApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varSwaApplicationSettingsAllOf)
+	if err == nil {
+		*o = SwaApplicationSettingsAllOf(varSwaApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSwaApplicationSettingsAllOf struct {
+	value *SwaApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableSwaApplicationSettingsAllOf) Get() *SwaApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableSwaApplicationSettingsAllOf) Set(val *SwaApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSwaApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSwaApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSwaApplicationSettingsAllOf(val *SwaApplicationSettingsAllOf) *NullableSwaApplicationSettingsAllOf {
+	return &NullableSwaApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableSwaApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSwaApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_swa_application_settings_application.go b/okta/model_swa_application_settings_application.go
new file mode 100644
index 000000000..571fb4cbf
--- /dev/null
+++ b/okta/model_swa_application_settings_application.go
@@ -0,0 +1,602 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// SwaApplicationSettingsApplication struct for SwaApplicationSettingsApplication
+type SwaApplicationSettingsApplication struct {
+	ButtonField          *string `json:"buttonField,omitempty"`
+	ButtonSelector       *string `json:"buttonSelector,omitempty"`
+	Checkbox             *string `json:"checkbox,omitempty"`
+	ExtraFieldSelector   *string `json:"extraFieldSelector,omitempty"`
+	ExtraFieldValue      *string `json:"extraFieldValue,omitempty"`
+	LoginUrlRegex        *string `json:"loginUrlRegex,omitempty"`
+	PasswordField        *string `json:"passwordField,omitempty"`
+	PasswordSelector     *string `json:"passwordSelector,omitempty"`
+	RedirectUrl          *string `json:"redirectUrl,omitempty"`
+	TargetURL            *string `json:"targetURL,omitempty"`
+	Url                  *string `json:"url,omitempty"`
+	UsernameField        *string `json:"usernameField,omitempty"`
+	UserNameSelector     *string `json:"userNameSelector,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _SwaApplicationSettingsApplication SwaApplicationSettingsApplication
+
+// NewSwaApplicationSettingsApplication instantiates a new SwaApplicationSettingsApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewSwaApplicationSettingsApplication() *SwaApplicationSettingsApplication {
+	this := SwaApplicationSettingsApplication{}
+	return &this
+}
+
+// NewSwaApplicationSettingsApplicationWithDefaults instantiates a new SwaApplicationSettingsApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewSwaApplicationSettingsApplicationWithDefaults() *SwaApplicationSettingsApplication {
+	this := SwaApplicationSettingsApplication{}
+	return &this
+}
+
+// GetButtonField returns the ButtonField field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetButtonField() string {
+	if o == nil || o.ButtonField == nil {
+		var ret string
+		return ret
+	}
+	return *o.ButtonField
+}
+
+// GetButtonFieldOk returns a tuple with the ButtonField field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetButtonFieldOk() (*string, bool) {
+	if o == nil || o.ButtonField == nil {
+		return nil, false
+	}
+	return o.ButtonField, true
+}
+
+// HasButtonField returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasButtonField() bool {
+	if o != nil && o.ButtonField != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetButtonField gets a reference to the given string and assigns it to the ButtonField field.
+func (o *SwaApplicationSettingsApplication) SetButtonField(v string) {
+	o.ButtonField = &v
+}
+
+// GetButtonSelector returns the ButtonSelector field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetButtonSelector() string {
+	if o == nil || o.ButtonSelector == nil {
+		var ret string
+		return ret
+	}
+	return *o.ButtonSelector
+}
+
+// GetButtonSelectorOk returns a tuple with the ButtonSelector field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetButtonSelectorOk() (*string, bool) {
+	if o == nil || o.ButtonSelector == nil {
+		return nil, false
+	}
+	return o.ButtonSelector, true
+}
+
+// HasButtonSelector returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasButtonSelector() bool {
+	if o != nil && o.ButtonSelector != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetButtonSelector gets a reference to the given string and assigns it to the ButtonSelector field.
+func (o *SwaApplicationSettingsApplication) SetButtonSelector(v string) {
+	o.ButtonSelector = &v
+}
+
+// GetCheckbox returns the Checkbox field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetCheckbox() string {
+	if o == nil || o.Checkbox == nil {
+		var ret string
+		return ret
+	}
+	return *o.Checkbox
+}
+
+// GetCheckboxOk returns a tuple with the Checkbox field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetCheckboxOk() (*string, bool) {
+	if o == nil || o.Checkbox == nil {
+		return nil, false
+	}
+	return o.Checkbox, true
+}
+
+// HasCheckbox returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasCheckbox() bool {
+	if o != nil && o.Checkbox != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCheckbox gets a reference to the given string and assigns it to the Checkbox field.
+func (o *SwaApplicationSettingsApplication) SetCheckbox(v string) {
+	o.Checkbox = &v
+}
+
+// GetExtraFieldSelector returns the ExtraFieldSelector field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetExtraFieldSelector() string {
+	if o == nil || o.ExtraFieldSelector == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExtraFieldSelector
+}
+
+// GetExtraFieldSelectorOk returns a tuple with the ExtraFieldSelector field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetExtraFieldSelectorOk() (*string, bool) {
+	if o == nil || o.ExtraFieldSelector == nil {
+		return nil, false
+	}
+	return o.ExtraFieldSelector, true
+}
+
+// HasExtraFieldSelector returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasExtraFieldSelector() bool {
+	if o != nil && o.ExtraFieldSelector != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExtraFieldSelector gets a reference to the given string and assigns it to the ExtraFieldSelector field.
+func (o *SwaApplicationSettingsApplication) SetExtraFieldSelector(v string) {
+	o.ExtraFieldSelector = &v
+}
+
+// GetExtraFieldValue returns the ExtraFieldValue field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetExtraFieldValue() string {
+	if o == nil || o.ExtraFieldValue == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExtraFieldValue
+}
+
+// GetExtraFieldValueOk returns a tuple with the ExtraFieldValue field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetExtraFieldValueOk() (*string, bool) {
+	if o == nil || o.ExtraFieldValue == nil {
+		return nil, false
+	}
+	return o.ExtraFieldValue, true
+}
+
+// HasExtraFieldValue returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasExtraFieldValue() bool {
+	if o != nil && o.ExtraFieldValue != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExtraFieldValue gets a reference to the given string and assigns it to the ExtraFieldValue field.
+func (o *SwaApplicationSettingsApplication) SetExtraFieldValue(v string) {
+	o.ExtraFieldValue = &v
+}
+
+// GetLoginUrlRegex returns the LoginUrlRegex field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetLoginUrlRegex() string {
+	if o == nil || o.LoginUrlRegex == nil {
+		var ret string
+		return ret
+	}
+	return *o.LoginUrlRegex
+}
+
+// GetLoginUrlRegexOk returns a tuple with the LoginUrlRegex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetLoginUrlRegexOk() (*string, bool) {
+	if o == nil || o.LoginUrlRegex == nil {
+		return nil, false
+	}
+	return o.LoginUrlRegex, true
+}
+
+// HasLoginUrlRegex returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasLoginUrlRegex() bool {
+	if o != nil && o.LoginUrlRegex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLoginUrlRegex gets a reference to the given string and assigns it to the LoginUrlRegex field.
+func (o *SwaApplicationSettingsApplication) SetLoginUrlRegex(v string) {
+	o.LoginUrlRegex = &v
+}
+
+// GetPasswordField returns the PasswordField field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetPasswordField() string {
+	if o == nil || o.PasswordField == nil {
+		var ret string
+		return ret
+	}
+	return *o.PasswordField
+}
+
+// GetPasswordFieldOk returns a tuple with the PasswordField field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetPasswordFieldOk() (*string, bool) {
+	if o == nil || o.PasswordField == nil {
+		return nil, false
+	}
+	return o.PasswordField, true
+}
+
+// HasPasswordField returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasPasswordField() bool {
+	if o != nil && o.PasswordField != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordField gets a reference to the given string and assigns it to the PasswordField field.
+func (o *SwaApplicationSettingsApplication) SetPasswordField(v string) {
+	o.PasswordField = &v
+}
+
+// GetPasswordSelector returns the PasswordSelector field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetPasswordSelector() string {
+	if o == nil || o.PasswordSelector == nil {
+		var ret string
+		return ret
+	}
+	return *o.PasswordSelector
+}
+
+// GetPasswordSelectorOk returns a tuple with the PasswordSelector field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetPasswordSelectorOk() (*string, bool) {
+	if o == nil || o.PasswordSelector == nil {
+		return nil, false
+	}
+	return o.PasswordSelector, true
+}
+
+// HasPasswordSelector returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasPasswordSelector() bool {
+	if o != nil && o.PasswordSelector != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordSelector gets a reference to the given string and assigns it to the PasswordSelector field.
+func (o *SwaApplicationSettingsApplication) SetPasswordSelector(v string) {
+	o.PasswordSelector = &v
+}
+
+// GetRedirectUrl returns the RedirectUrl field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetRedirectUrl() string {
+	if o == nil || o.RedirectUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.RedirectUrl
+}
+
+// GetRedirectUrlOk returns a tuple with the RedirectUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetRedirectUrlOk() (*string, bool) {
+	if o == nil || o.RedirectUrl == nil {
+		return nil, false
+	}
+	return o.RedirectUrl, true
+}
+
+// HasRedirectUrl returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasRedirectUrl() bool {
+	if o != nil && o.RedirectUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRedirectUrl gets a reference to the given string and assigns it to the RedirectUrl field.
+func (o *SwaApplicationSettingsApplication) SetRedirectUrl(v string) {
+	o.RedirectUrl = &v
+}
+
+// GetTargetURL returns the TargetURL field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetTargetURL() string {
+	if o == nil || o.TargetURL == nil {
+		var ret string
+		return ret
+	}
+	return *o.TargetURL
+}
+
+// GetTargetURLOk returns a tuple with the TargetURL field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetTargetURLOk() (*string, bool) {
+	if o == nil || o.TargetURL == nil {
+		return nil, false
+	}
+	return o.TargetURL, true
+}
+
+// HasTargetURL returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasTargetURL() bool {
+	if o != nil && o.TargetURL != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTargetURL gets a reference to the given string and assigns it to the TargetURL field.
+func (o *SwaApplicationSettingsApplication) SetTargetURL(v string) {
+	o.TargetURL = &v
+}
+
+// GetUrl returns the Url field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetUrl() string {
+	if o == nil || o.Url == nil {
+		var ret string
+		return ret
+	}
+	return *o.Url
+}
+
+// GetUrlOk returns a tuple with the Url field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetUrlOk() (*string, bool) {
+	if o == nil || o.Url == nil {
+		return nil, false
+	}
+	return o.Url, true
+}
+
+// HasUrl returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasUrl() bool {
+	if o != nil && o.Url != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUrl gets a reference to the given string and assigns it to the Url field.
+func (o *SwaApplicationSettingsApplication) SetUrl(v string) {
+	o.Url = &v
+}
+
+// GetUsernameField returns the UsernameField field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetUsernameField() string {
+	if o == nil || o.UsernameField == nil {
+		var ret string
+		return ret
+	}
+	return *o.UsernameField
+}
+
+// GetUsernameFieldOk returns a tuple with the UsernameField field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetUsernameFieldOk() (*string, bool) {
+	if o == nil || o.UsernameField == nil {
+		return nil, false
+	}
+	return o.UsernameField, true
+}
+
+// HasUsernameField returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasUsernameField() bool {
+	if o != nil && o.UsernameField != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsernameField gets a reference to the given string and assigns it to the UsernameField field.
+func (o *SwaApplicationSettingsApplication) SetUsernameField(v string) {
+	o.UsernameField = &v
+}
+
+// GetUserNameSelector returns the UserNameSelector field value if set, zero value otherwise.
+func (o *SwaApplicationSettingsApplication) GetUserNameSelector() string {
+	if o == nil || o.UserNameSelector == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserNameSelector
+}
+
+// GetUserNameSelectorOk returns a tuple with the UserNameSelector field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SwaApplicationSettingsApplication) GetUserNameSelectorOk() (*string, bool) {
+	if o == nil || o.UserNameSelector == nil {
+		return nil, false
+	}
+	return o.UserNameSelector, true
+}
+
+// HasUserNameSelector returns a boolean if a field has been set.
+func (o *SwaApplicationSettingsApplication) HasUserNameSelector() bool {
+	if o != nil && o.UserNameSelector != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserNameSelector gets a reference to the given string and assigns it to the UserNameSelector field.
+func (o *SwaApplicationSettingsApplication) SetUserNameSelector(v string) {
+	o.UserNameSelector = &v
+}
+
+func (o SwaApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ButtonField != nil {
+		toSerialize["buttonField"] = o.ButtonField
+	}
+	if o.ButtonSelector != nil {
+		toSerialize["buttonSelector"] = o.ButtonSelector
+	}
+	if o.Checkbox != nil {
+		toSerialize["checkbox"] = o.Checkbox
+	}
+	if o.ExtraFieldSelector != nil {
+		toSerialize["extraFieldSelector"] = o.ExtraFieldSelector
+	}
+	if o.ExtraFieldValue != nil {
+		toSerialize["extraFieldValue"] = o.ExtraFieldValue
+	}
+	if o.LoginUrlRegex != nil {
+		toSerialize["loginUrlRegex"] = o.LoginUrlRegex
+	}
+	if o.PasswordField != nil {
+		toSerialize["passwordField"] = o.PasswordField
+	}
+	if o.PasswordSelector != nil {
+		toSerialize["passwordSelector"] = o.PasswordSelector
+	}
+	if o.RedirectUrl != nil {
+		toSerialize["redirectUrl"] = o.RedirectUrl
+	}
+	if o.TargetURL != nil {
+		toSerialize["targetURL"] = o.TargetURL
+	}
+	if o.Url != nil {
+		toSerialize["url"] = o.Url
+	}
+	if o.UsernameField != nil {
+		toSerialize["usernameField"] = o.UsernameField
+	}
+	if o.UserNameSelector != nil {
+		toSerialize["userNameSelector"] = o.UserNameSelector
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *SwaApplicationSettingsApplication) UnmarshalJSON(bytes []byte) (err error) {
+	varSwaApplicationSettingsApplication := _SwaApplicationSettingsApplication{}
+
+	err = json.Unmarshal(bytes, &varSwaApplicationSettingsApplication)
+	if err == nil {
+		*o = SwaApplicationSettingsApplication(varSwaApplicationSettingsApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "buttonField")
+		delete(additionalProperties, "buttonSelector")
+		delete(additionalProperties, "checkbox")
+		delete(additionalProperties, "extraFieldSelector")
+		delete(additionalProperties, "extraFieldValue")
+		delete(additionalProperties, "loginUrlRegex")
+		delete(additionalProperties, "passwordField")
+		delete(additionalProperties, "passwordSelector")
+		delete(additionalProperties, "redirectUrl")
+		delete(additionalProperties, "targetURL")
+		delete(additionalProperties, "url")
+		delete(additionalProperties, "usernameField")
+		delete(additionalProperties, "userNameSelector")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableSwaApplicationSettingsApplication struct {
+	value *SwaApplicationSettingsApplication
+	isSet bool
+}
+
+func (v NullableSwaApplicationSettingsApplication) Get() *SwaApplicationSettingsApplication {
+	return v.value
+}
+
+func (v *NullableSwaApplicationSettingsApplication) Set(val *SwaApplicationSettingsApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableSwaApplicationSettingsApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableSwaApplicationSettingsApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableSwaApplicationSettingsApplication(val *SwaApplicationSettingsApplication) *NullableSwaApplicationSettingsApplication {
+	return &NullableSwaApplicationSettingsApplication{value: val, isSet: true}
+}
+
+func (v NullableSwaApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableSwaApplicationSettingsApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_temp_password.go b/okta/model_temp_password.go
new file mode 100644
index 000000000..fafbdf91c
--- /dev/null
+++ b/okta/model_temp_password.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TempPassword struct for TempPassword
+type TempPassword struct {
+	TempPassword         *string `json:"tempPassword,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TempPassword TempPassword
+
+// NewTempPassword instantiates a new TempPassword object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTempPassword() *TempPassword {
+	this := TempPassword{}
+	return &this
+}
+
+// NewTempPasswordWithDefaults instantiates a new TempPassword object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTempPasswordWithDefaults() *TempPassword {
+	this := TempPassword{}
+	return &this
+}
+
+// GetTempPassword returns the TempPassword field value if set, zero value otherwise.
+func (o *TempPassword) GetTempPassword() string {
+	if o == nil || o.TempPassword == nil {
+		var ret string
+		return ret
+	}
+	return *o.TempPassword
+}
+
+// GetTempPasswordOk returns a tuple with the TempPassword field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TempPassword) GetTempPasswordOk() (*string, bool) {
+	if o == nil || o.TempPassword == nil {
+		return nil, false
+	}
+	return o.TempPassword, true
+}
+
+// HasTempPassword returns a boolean if a field has been set.
+func (o *TempPassword) HasTempPassword() bool {
+	if o != nil && o.TempPassword != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTempPassword gets a reference to the given string and assigns it to the TempPassword field.
+func (o *TempPassword) SetTempPassword(v string) {
+	o.TempPassword = &v
+}
+
+func (o TempPassword) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.TempPassword != nil {
+		toSerialize["tempPassword"] = o.TempPassword
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TempPassword) UnmarshalJSON(bytes []byte) (err error) {
+	varTempPassword := _TempPassword{}
+
+	err = json.Unmarshal(bytes, &varTempPassword)
+	if err == nil {
+		*o = TempPassword(varTempPassword)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "tempPassword")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTempPassword struct {
+	value *TempPassword
+	isSet bool
+}
+
+func (v NullableTempPassword) Get() *TempPassword {
+	return v.value
+}
+
+func (v *NullableTempPassword) Set(val *TempPassword) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTempPassword) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTempPassword) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTempPassword(val *TempPassword) *NullableTempPassword {
+	return &NullableTempPassword{value: val, isSet: true}
+}
+
+func (v NullableTempPassword) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTempPassword) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_theme.go b/okta/model_theme.go
new file mode 100644
index 000000000..d98a764b2
--- /dev/null
+++ b/okta/model_theme.go
@@ -0,0 +1,528 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// Theme struct for Theme
+type Theme struct {
+	BackgroundImage                   *string                            `json:"backgroundImage,omitempty"`
+	EmailTemplateTouchPointVariant    *EmailTemplateTouchPointVariant    `json:"emailTemplateTouchPointVariant,omitempty"`
+	EndUserDashboardTouchPointVariant *EndUserDashboardTouchPointVariant `json:"endUserDashboardTouchPointVariant,omitempty"`
+	ErrorPageTouchPointVariant        *ErrorPageTouchPointVariant        `json:"errorPageTouchPointVariant,omitempty"`
+	LoadingPageTouchPointVariant      *LoadingPageTouchPointVariant      `json:"loadingPageTouchPointVariant,omitempty"`
+	PrimaryColorContrastHex           *string                            `json:"primaryColorContrastHex,omitempty"`
+	PrimaryColorHex                   *string                            `json:"primaryColorHex,omitempty"`
+	SecondaryColorContrastHex         *string                            `json:"secondaryColorContrastHex,omitempty"`
+	SecondaryColorHex                 *string                            `json:"secondaryColorHex,omitempty"`
+	SignInPageTouchPointVariant       *SignInPageTouchPointVariant       `json:"signInPageTouchPointVariant,omitempty"`
+	Links                             map[string]map[string]interface{}  `json:"_links,omitempty"`
+	AdditionalProperties              map[string]interface{}
+}
+
+type _Theme Theme
+
+// NewTheme instantiates a new Theme object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTheme() *Theme {
+	this := Theme{}
+	return &this
+}
+
+// NewThemeWithDefaults instantiates a new Theme object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewThemeWithDefaults() *Theme {
+	this := Theme{}
+	return &this
+}
+
+// GetBackgroundImage returns the BackgroundImage field value if set, zero value otherwise.
+func (o *Theme) GetBackgroundImage() string {
+	if o == nil || o.BackgroundImage == nil {
+		var ret string
+		return ret
+	}
+	return *o.BackgroundImage
+}
+
+// GetBackgroundImageOk returns a tuple with the BackgroundImage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetBackgroundImageOk() (*string, bool) {
+	if o == nil || o.BackgroundImage == nil {
+		return nil, false
+	}
+	return o.BackgroundImage, true
+}
+
+// HasBackgroundImage returns a boolean if a field has been set.
+func (o *Theme) HasBackgroundImage() bool {
+	if o != nil && o.BackgroundImage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBackgroundImage gets a reference to the given string and assigns it to the BackgroundImage field.
+func (o *Theme) SetBackgroundImage(v string) {
+	o.BackgroundImage = &v
+}
+
+// GetEmailTemplateTouchPointVariant returns the EmailTemplateTouchPointVariant field value if set, zero value otherwise.
+func (o *Theme) GetEmailTemplateTouchPointVariant() EmailTemplateTouchPointVariant {
+	if o == nil || o.EmailTemplateTouchPointVariant == nil {
+		var ret EmailTemplateTouchPointVariant
+		return ret
+	}
+	return *o.EmailTemplateTouchPointVariant
+}
+
+// GetEmailTemplateTouchPointVariantOk returns a tuple with the EmailTemplateTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetEmailTemplateTouchPointVariantOk() (*EmailTemplateTouchPointVariant, bool) {
+	if o == nil || o.EmailTemplateTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.EmailTemplateTouchPointVariant, true
+}
+
+// HasEmailTemplateTouchPointVariant returns a boolean if a field has been set.
+func (o *Theme) HasEmailTemplateTouchPointVariant() bool {
+	if o != nil && o.EmailTemplateTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmailTemplateTouchPointVariant gets a reference to the given EmailTemplateTouchPointVariant and assigns it to the EmailTemplateTouchPointVariant field.
+func (o *Theme) SetEmailTemplateTouchPointVariant(v EmailTemplateTouchPointVariant) {
+	o.EmailTemplateTouchPointVariant = &v
+}
+
+// GetEndUserDashboardTouchPointVariant returns the EndUserDashboardTouchPointVariant field value if set, zero value otherwise.
+func (o *Theme) GetEndUserDashboardTouchPointVariant() EndUserDashboardTouchPointVariant {
+	if o == nil || o.EndUserDashboardTouchPointVariant == nil {
+		var ret EndUserDashboardTouchPointVariant
+		return ret
+	}
+	return *o.EndUserDashboardTouchPointVariant
+}
+
+// GetEndUserDashboardTouchPointVariantOk returns a tuple with the EndUserDashboardTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetEndUserDashboardTouchPointVariantOk() (*EndUserDashboardTouchPointVariant, bool) {
+	if o == nil || o.EndUserDashboardTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.EndUserDashboardTouchPointVariant, true
+}
+
+// HasEndUserDashboardTouchPointVariant returns a boolean if a field has been set.
+func (o *Theme) HasEndUserDashboardTouchPointVariant() bool {
+	if o != nil && o.EndUserDashboardTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEndUserDashboardTouchPointVariant gets a reference to the given EndUserDashboardTouchPointVariant and assigns it to the EndUserDashboardTouchPointVariant field.
+func (o *Theme) SetEndUserDashboardTouchPointVariant(v EndUserDashboardTouchPointVariant) {
+	o.EndUserDashboardTouchPointVariant = &v
+}
+
+// GetErrorPageTouchPointVariant returns the ErrorPageTouchPointVariant field value if set, zero value otherwise.
+func (o *Theme) GetErrorPageTouchPointVariant() ErrorPageTouchPointVariant {
+	if o == nil || o.ErrorPageTouchPointVariant == nil {
+		var ret ErrorPageTouchPointVariant
+		return ret
+	}
+	return *o.ErrorPageTouchPointVariant
+}
+
+// GetErrorPageTouchPointVariantOk returns a tuple with the ErrorPageTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetErrorPageTouchPointVariantOk() (*ErrorPageTouchPointVariant, bool) {
+	if o == nil || o.ErrorPageTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.ErrorPageTouchPointVariant, true
+}
+
+// HasErrorPageTouchPointVariant returns a boolean if a field has been set.
+func (o *Theme) HasErrorPageTouchPointVariant() bool {
+	if o != nil && o.ErrorPageTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorPageTouchPointVariant gets a reference to the given ErrorPageTouchPointVariant and assigns it to the ErrorPageTouchPointVariant field.
+func (o *Theme) SetErrorPageTouchPointVariant(v ErrorPageTouchPointVariant) {
+	o.ErrorPageTouchPointVariant = &v
+}
+
+// GetLoadingPageTouchPointVariant returns the LoadingPageTouchPointVariant field value if set, zero value otherwise.
+func (o *Theme) GetLoadingPageTouchPointVariant() LoadingPageTouchPointVariant {
+	if o == nil || o.LoadingPageTouchPointVariant == nil {
+		var ret LoadingPageTouchPointVariant
+		return ret
+	}
+	return *o.LoadingPageTouchPointVariant
+}
+
+// GetLoadingPageTouchPointVariantOk returns a tuple with the LoadingPageTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetLoadingPageTouchPointVariantOk() (*LoadingPageTouchPointVariant, bool) {
+	if o == nil || o.LoadingPageTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.LoadingPageTouchPointVariant, true
+}
+
+// HasLoadingPageTouchPointVariant returns a boolean if a field has been set.
+func (o *Theme) HasLoadingPageTouchPointVariant() bool {
+	if o != nil && o.LoadingPageTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLoadingPageTouchPointVariant gets a reference to the given LoadingPageTouchPointVariant and assigns it to the LoadingPageTouchPointVariant field.
+func (o *Theme) SetLoadingPageTouchPointVariant(v LoadingPageTouchPointVariant) {
+	o.LoadingPageTouchPointVariant = &v
+}
+
+// GetPrimaryColorContrastHex returns the PrimaryColorContrastHex field value if set, zero value otherwise.
+func (o *Theme) GetPrimaryColorContrastHex() string {
+	if o == nil || o.PrimaryColorContrastHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.PrimaryColorContrastHex
+}
+
+// GetPrimaryColorContrastHexOk returns a tuple with the PrimaryColorContrastHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetPrimaryColorContrastHexOk() (*string, bool) {
+	if o == nil || o.PrimaryColorContrastHex == nil {
+		return nil, false
+	}
+	return o.PrimaryColorContrastHex, true
+}
+
+// HasPrimaryColorContrastHex returns a boolean if a field has been set.
+func (o *Theme) HasPrimaryColorContrastHex() bool {
+	if o != nil && o.PrimaryColorContrastHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrimaryColorContrastHex gets a reference to the given string and assigns it to the PrimaryColorContrastHex field.
+func (o *Theme) SetPrimaryColorContrastHex(v string) {
+	o.PrimaryColorContrastHex = &v
+}
+
+// GetPrimaryColorHex returns the PrimaryColorHex field value if set, zero value otherwise.
+func (o *Theme) GetPrimaryColorHex() string {
+	if o == nil || o.PrimaryColorHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.PrimaryColorHex
+}
+
+// GetPrimaryColorHexOk returns a tuple with the PrimaryColorHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetPrimaryColorHexOk() (*string, bool) {
+	if o == nil || o.PrimaryColorHex == nil {
+		return nil, false
+	}
+	return o.PrimaryColorHex, true
+}
+
+// HasPrimaryColorHex returns a boolean if a field has been set.
+func (o *Theme) HasPrimaryColorHex() bool {
+	if o != nil && o.PrimaryColorHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrimaryColorHex gets a reference to the given string and assigns it to the PrimaryColorHex field.
+func (o *Theme) SetPrimaryColorHex(v string) {
+	o.PrimaryColorHex = &v
+}
+
+// GetSecondaryColorContrastHex returns the SecondaryColorContrastHex field value if set, zero value otherwise.
+func (o *Theme) GetSecondaryColorContrastHex() string {
+	if o == nil || o.SecondaryColorContrastHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.SecondaryColorContrastHex
+}
+
+// GetSecondaryColorContrastHexOk returns a tuple with the SecondaryColorContrastHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetSecondaryColorContrastHexOk() (*string, bool) {
+	if o == nil || o.SecondaryColorContrastHex == nil {
+		return nil, false
+	}
+	return o.SecondaryColorContrastHex, true
+}
+
+// HasSecondaryColorContrastHex returns a boolean if a field has been set.
+func (o *Theme) HasSecondaryColorContrastHex() bool {
+	if o != nil && o.SecondaryColorContrastHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecondaryColorContrastHex gets a reference to the given string and assigns it to the SecondaryColorContrastHex field.
+func (o *Theme) SetSecondaryColorContrastHex(v string) {
+	o.SecondaryColorContrastHex = &v
+}
+
+// GetSecondaryColorHex returns the SecondaryColorHex field value if set, zero value otherwise.
+func (o *Theme) GetSecondaryColorHex() string {
+	if o == nil || o.SecondaryColorHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.SecondaryColorHex
+}
+
+// GetSecondaryColorHexOk returns a tuple with the SecondaryColorHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetSecondaryColorHexOk() (*string, bool) {
+	if o == nil || o.SecondaryColorHex == nil {
+		return nil, false
+	}
+	return o.SecondaryColorHex, true
+}
+
+// HasSecondaryColorHex returns a boolean if a field has been set.
+func (o *Theme) HasSecondaryColorHex() bool {
+	if o != nil && o.SecondaryColorHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecondaryColorHex gets a reference to the given string and assigns it to the SecondaryColorHex field.
+func (o *Theme) SetSecondaryColorHex(v string) {
+	o.SecondaryColorHex = &v
+}
+
+// GetSignInPageTouchPointVariant returns the SignInPageTouchPointVariant field value if set, zero value otherwise.
+func (o *Theme) GetSignInPageTouchPointVariant() SignInPageTouchPointVariant {
+	if o == nil || o.SignInPageTouchPointVariant == nil {
+		var ret SignInPageTouchPointVariant
+		return ret
+	}
+	return *o.SignInPageTouchPointVariant
+}
+
+// GetSignInPageTouchPointVariantOk returns a tuple with the SignInPageTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetSignInPageTouchPointVariantOk() (*SignInPageTouchPointVariant, bool) {
+	if o == nil || o.SignInPageTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.SignInPageTouchPointVariant, true
+}
+
+// HasSignInPageTouchPointVariant returns a boolean if a field has been set.
+func (o *Theme) HasSignInPageTouchPointVariant() bool {
+	if o != nil && o.SignInPageTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignInPageTouchPointVariant gets a reference to the given SignInPageTouchPointVariant and assigns it to the SignInPageTouchPointVariant field.
+func (o *Theme) SetSignInPageTouchPointVariant(v SignInPageTouchPointVariant) {
+	o.SignInPageTouchPointVariant = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *Theme) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *Theme) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *Theme) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *Theme) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o Theme) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BackgroundImage != nil {
+		toSerialize["backgroundImage"] = o.BackgroundImage
+	}
+	if o.EmailTemplateTouchPointVariant != nil {
+		toSerialize["emailTemplateTouchPointVariant"] = o.EmailTemplateTouchPointVariant
+	}
+	if o.EndUserDashboardTouchPointVariant != nil {
+		toSerialize["endUserDashboardTouchPointVariant"] = o.EndUserDashboardTouchPointVariant
+	}
+	if o.ErrorPageTouchPointVariant != nil {
+		toSerialize["errorPageTouchPointVariant"] = o.ErrorPageTouchPointVariant
+	}
+	if o.LoadingPageTouchPointVariant != nil {
+		toSerialize["loadingPageTouchPointVariant"] = o.LoadingPageTouchPointVariant
+	}
+	if o.PrimaryColorContrastHex != nil {
+		toSerialize["primaryColorContrastHex"] = o.PrimaryColorContrastHex
+	}
+	if o.PrimaryColorHex != nil {
+		toSerialize["primaryColorHex"] = o.PrimaryColorHex
+	}
+	if o.SecondaryColorContrastHex != nil {
+		toSerialize["secondaryColorContrastHex"] = o.SecondaryColorContrastHex
+	}
+	if o.SecondaryColorHex != nil {
+		toSerialize["secondaryColorHex"] = o.SecondaryColorHex
+	}
+	if o.SignInPageTouchPointVariant != nil {
+		toSerialize["signInPageTouchPointVariant"] = o.SignInPageTouchPointVariant
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *Theme) UnmarshalJSON(bytes []byte) (err error) {
+	varTheme := _Theme{}
+
+	err = json.Unmarshal(bytes, &varTheme)
+	if err == nil {
+		*o = Theme(varTheme)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "backgroundImage")
+		delete(additionalProperties, "emailTemplateTouchPointVariant")
+		delete(additionalProperties, "endUserDashboardTouchPointVariant")
+		delete(additionalProperties, "errorPageTouchPointVariant")
+		delete(additionalProperties, "loadingPageTouchPointVariant")
+		delete(additionalProperties, "primaryColorContrastHex")
+		delete(additionalProperties, "primaryColorHex")
+		delete(additionalProperties, "secondaryColorContrastHex")
+		delete(additionalProperties, "secondaryColorHex")
+		delete(additionalProperties, "signInPageTouchPointVariant")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTheme struct {
+	value *Theme
+	isSet bool
+}
+
+func (v NullableTheme) Get() *Theme {
+	return v.value
+}
+
+func (v *NullableTheme) Set(val *Theme) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTheme) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTheme) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTheme(val *Theme) *NullableTheme {
+	return &NullableTheme{value: val, isSet: true}
+}
+
+func (v NullableTheme) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTheme) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_theme_response.go b/okta/model_theme_response.go
new file mode 100644
index 000000000..87798b7ad
--- /dev/null
+++ b/okta/model_theme_response.go
@@ -0,0 +1,639 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// ThemeResponse struct for ThemeResponse
+type ThemeResponse struct {
+	BackgroundImage                   *string                            `json:"backgroundImage,omitempty"`
+	EmailTemplateTouchPointVariant    *EmailTemplateTouchPointVariant    `json:"emailTemplateTouchPointVariant,omitempty"`
+	EndUserDashboardTouchPointVariant *EndUserDashboardTouchPointVariant `json:"endUserDashboardTouchPointVariant,omitempty"`
+	ErrorPageTouchPointVariant        *ErrorPageTouchPointVariant        `json:"errorPageTouchPointVariant,omitempty"`
+	Favicon                           *string                            `json:"favicon,omitempty"`
+	Id                                *string                            `json:"id,omitempty"`
+	LoadingPageTouchPointVariant      *LoadingPageTouchPointVariant      `json:"loadingPageTouchPointVariant,omitempty"`
+	Logo                              *string                            `json:"logo,omitempty"`
+	PrimaryColorContrastHex           *string                            `json:"primaryColorContrastHex,omitempty"`
+	PrimaryColorHex                   *string                            `json:"primaryColorHex,omitempty"`
+	SecondaryColorContrastHex         *string                            `json:"secondaryColorContrastHex,omitempty"`
+	SecondaryColorHex                 *string                            `json:"secondaryColorHex,omitempty"`
+	SignInPageTouchPointVariant       *SignInPageTouchPointVariant       `json:"signInPageTouchPointVariant,omitempty"`
+	Links                             map[string]map[string]interface{}  `json:"_links,omitempty"`
+	AdditionalProperties              map[string]interface{}
+}
+
+type _ThemeResponse ThemeResponse
+
+// NewThemeResponse instantiates a new ThemeResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewThemeResponse() *ThemeResponse {
+	this := ThemeResponse{}
+	return &this
+}
+
+// NewThemeResponseWithDefaults instantiates a new ThemeResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewThemeResponseWithDefaults() *ThemeResponse {
+	this := ThemeResponse{}
+	return &this
+}
+
+// GetBackgroundImage returns the BackgroundImage field value if set, zero value otherwise.
+func (o *ThemeResponse) GetBackgroundImage() string {
+	if o == nil || o.BackgroundImage == nil {
+		var ret string
+		return ret
+	}
+	return *o.BackgroundImage
+}
+
+// GetBackgroundImageOk returns a tuple with the BackgroundImage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetBackgroundImageOk() (*string, bool) {
+	if o == nil || o.BackgroundImage == nil {
+		return nil, false
+	}
+	return o.BackgroundImage, true
+}
+
+// HasBackgroundImage returns a boolean if a field has been set.
+func (o *ThemeResponse) HasBackgroundImage() bool {
+	if o != nil && o.BackgroundImage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBackgroundImage gets a reference to the given string and assigns it to the BackgroundImage field.
+func (o *ThemeResponse) SetBackgroundImage(v string) {
+	o.BackgroundImage = &v
+}
+
+// GetEmailTemplateTouchPointVariant returns the EmailTemplateTouchPointVariant field value if set, zero value otherwise.
+func (o *ThemeResponse) GetEmailTemplateTouchPointVariant() EmailTemplateTouchPointVariant {
+	if o == nil || o.EmailTemplateTouchPointVariant == nil {
+		var ret EmailTemplateTouchPointVariant
+		return ret
+	}
+	return *o.EmailTemplateTouchPointVariant
+}
+
+// GetEmailTemplateTouchPointVariantOk returns a tuple with the EmailTemplateTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetEmailTemplateTouchPointVariantOk() (*EmailTemplateTouchPointVariant, bool) {
+	if o == nil || o.EmailTemplateTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.EmailTemplateTouchPointVariant, true
+}
+
+// HasEmailTemplateTouchPointVariant returns a boolean if a field has been set.
+func (o *ThemeResponse) HasEmailTemplateTouchPointVariant() bool {
+	if o != nil && o.EmailTemplateTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmailTemplateTouchPointVariant gets a reference to the given EmailTemplateTouchPointVariant and assigns it to the EmailTemplateTouchPointVariant field.
+func (o *ThemeResponse) SetEmailTemplateTouchPointVariant(v EmailTemplateTouchPointVariant) {
+	o.EmailTemplateTouchPointVariant = &v
+}
+
+// GetEndUserDashboardTouchPointVariant returns the EndUserDashboardTouchPointVariant field value if set, zero value otherwise.
+func (o *ThemeResponse) GetEndUserDashboardTouchPointVariant() EndUserDashboardTouchPointVariant {
+	if o == nil || o.EndUserDashboardTouchPointVariant == nil {
+		var ret EndUserDashboardTouchPointVariant
+		return ret
+	}
+	return *o.EndUserDashboardTouchPointVariant
+}
+
+// GetEndUserDashboardTouchPointVariantOk returns a tuple with the EndUserDashboardTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetEndUserDashboardTouchPointVariantOk() (*EndUserDashboardTouchPointVariant, bool) {
+	if o == nil || o.EndUserDashboardTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.EndUserDashboardTouchPointVariant, true
+}
+
+// HasEndUserDashboardTouchPointVariant returns a boolean if a field has been set.
+func (o *ThemeResponse) HasEndUserDashboardTouchPointVariant() bool {
+	if o != nil && o.EndUserDashboardTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEndUserDashboardTouchPointVariant gets a reference to the given EndUserDashboardTouchPointVariant and assigns it to the EndUserDashboardTouchPointVariant field.
+func (o *ThemeResponse) SetEndUserDashboardTouchPointVariant(v EndUserDashboardTouchPointVariant) {
+	o.EndUserDashboardTouchPointVariant = &v
+}
+
+// GetErrorPageTouchPointVariant returns the ErrorPageTouchPointVariant field value if set, zero value otherwise.
+func (o *ThemeResponse) GetErrorPageTouchPointVariant() ErrorPageTouchPointVariant {
+	if o == nil || o.ErrorPageTouchPointVariant == nil {
+		var ret ErrorPageTouchPointVariant
+		return ret
+	}
+	return *o.ErrorPageTouchPointVariant
+}
+
+// GetErrorPageTouchPointVariantOk returns a tuple with the ErrorPageTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetErrorPageTouchPointVariantOk() (*ErrorPageTouchPointVariant, bool) {
+	if o == nil || o.ErrorPageTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.ErrorPageTouchPointVariant, true
+}
+
+// HasErrorPageTouchPointVariant returns a boolean if a field has been set.
+func (o *ThemeResponse) HasErrorPageTouchPointVariant() bool {
+	if o != nil && o.ErrorPageTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetErrorPageTouchPointVariant gets a reference to the given ErrorPageTouchPointVariant and assigns it to the ErrorPageTouchPointVariant field.
+func (o *ThemeResponse) SetErrorPageTouchPointVariant(v ErrorPageTouchPointVariant) {
+	o.ErrorPageTouchPointVariant = &v
+}
+
+// GetFavicon returns the Favicon field value if set, zero value otherwise.
+func (o *ThemeResponse) GetFavicon() string {
+	if o == nil || o.Favicon == nil {
+		var ret string
+		return ret
+	}
+	return *o.Favicon
+}
+
+// GetFaviconOk returns a tuple with the Favicon field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetFaviconOk() (*string, bool) {
+	if o == nil || o.Favicon == nil {
+		return nil, false
+	}
+	return o.Favicon, true
+}
+
+// HasFavicon returns a boolean if a field has been set.
+func (o *ThemeResponse) HasFavicon() bool {
+	if o != nil && o.Favicon != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFavicon gets a reference to the given string and assigns it to the Favicon field.
+func (o *ThemeResponse) SetFavicon(v string) {
+	o.Favicon = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *ThemeResponse) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *ThemeResponse) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *ThemeResponse) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLoadingPageTouchPointVariant returns the LoadingPageTouchPointVariant field value if set, zero value otherwise.
+func (o *ThemeResponse) GetLoadingPageTouchPointVariant() LoadingPageTouchPointVariant {
+	if o == nil || o.LoadingPageTouchPointVariant == nil {
+		var ret LoadingPageTouchPointVariant
+		return ret
+	}
+	return *o.LoadingPageTouchPointVariant
+}
+
+// GetLoadingPageTouchPointVariantOk returns a tuple with the LoadingPageTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetLoadingPageTouchPointVariantOk() (*LoadingPageTouchPointVariant, bool) {
+	if o == nil || o.LoadingPageTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.LoadingPageTouchPointVariant, true
+}
+
+// HasLoadingPageTouchPointVariant returns a boolean if a field has been set.
+func (o *ThemeResponse) HasLoadingPageTouchPointVariant() bool {
+	if o != nil && o.LoadingPageTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLoadingPageTouchPointVariant gets a reference to the given LoadingPageTouchPointVariant and assigns it to the LoadingPageTouchPointVariant field.
+func (o *ThemeResponse) SetLoadingPageTouchPointVariant(v LoadingPageTouchPointVariant) {
+	o.LoadingPageTouchPointVariant = &v
+}
+
+// GetLogo returns the Logo field value if set, zero value otherwise.
+func (o *ThemeResponse) GetLogo() string {
+	if o == nil || o.Logo == nil {
+		var ret string
+		return ret
+	}
+	return *o.Logo
+}
+
+// GetLogoOk returns a tuple with the Logo field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetLogoOk() (*string, bool) {
+	if o == nil || o.Logo == nil {
+		return nil, false
+	}
+	return o.Logo, true
+}
+
+// HasLogo returns a boolean if a field has been set.
+func (o *ThemeResponse) HasLogo() bool {
+	if o != nil && o.Logo != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogo gets a reference to the given string and assigns it to the Logo field.
+func (o *ThemeResponse) SetLogo(v string) {
+	o.Logo = &v
+}
+
+// GetPrimaryColorContrastHex returns the PrimaryColorContrastHex field value if set, zero value otherwise.
+func (o *ThemeResponse) GetPrimaryColorContrastHex() string {
+	if o == nil || o.PrimaryColorContrastHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.PrimaryColorContrastHex
+}
+
+// GetPrimaryColorContrastHexOk returns a tuple with the PrimaryColorContrastHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetPrimaryColorContrastHexOk() (*string, bool) {
+	if o == nil || o.PrimaryColorContrastHex == nil {
+		return nil, false
+	}
+	return o.PrimaryColorContrastHex, true
+}
+
+// HasPrimaryColorContrastHex returns a boolean if a field has been set.
+func (o *ThemeResponse) HasPrimaryColorContrastHex() bool {
+	if o != nil && o.PrimaryColorContrastHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrimaryColorContrastHex gets a reference to the given string and assigns it to the PrimaryColorContrastHex field.
+func (o *ThemeResponse) SetPrimaryColorContrastHex(v string) {
+	o.PrimaryColorContrastHex = &v
+}
+
+// GetPrimaryColorHex returns the PrimaryColorHex field value if set, zero value otherwise.
+func (o *ThemeResponse) GetPrimaryColorHex() string {
+	if o == nil || o.PrimaryColorHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.PrimaryColorHex
+}
+
+// GetPrimaryColorHexOk returns a tuple with the PrimaryColorHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetPrimaryColorHexOk() (*string, bool) {
+	if o == nil || o.PrimaryColorHex == nil {
+		return nil, false
+	}
+	return o.PrimaryColorHex, true
+}
+
+// HasPrimaryColorHex returns a boolean if a field has been set.
+func (o *ThemeResponse) HasPrimaryColorHex() bool {
+	if o != nil && o.PrimaryColorHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrimaryColorHex gets a reference to the given string and assigns it to the PrimaryColorHex field.
+func (o *ThemeResponse) SetPrimaryColorHex(v string) {
+	o.PrimaryColorHex = &v
+}
+
+// GetSecondaryColorContrastHex returns the SecondaryColorContrastHex field value if set, zero value otherwise.
+func (o *ThemeResponse) GetSecondaryColorContrastHex() string {
+	if o == nil || o.SecondaryColorContrastHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.SecondaryColorContrastHex
+}
+
+// GetSecondaryColorContrastHexOk returns a tuple with the SecondaryColorContrastHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetSecondaryColorContrastHexOk() (*string, bool) {
+	if o == nil || o.SecondaryColorContrastHex == nil {
+		return nil, false
+	}
+	return o.SecondaryColorContrastHex, true
+}
+
+// HasSecondaryColorContrastHex returns a boolean if a field has been set.
+func (o *ThemeResponse) HasSecondaryColorContrastHex() bool {
+	if o != nil && o.SecondaryColorContrastHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecondaryColorContrastHex gets a reference to the given string and assigns it to the SecondaryColorContrastHex field.
+func (o *ThemeResponse) SetSecondaryColorContrastHex(v string) {
+	o.SecondaryColorContrastHex = &v
+}
+
+// GetSecondaryColorHex returns the SecondaryColorHex field value if set, zero value otherwise.
+func (o *ThemeResponse) GetSecondaryColorHex() string {
+	if o == nil || o.SecondaryColorHex == nil {
+		var ret string
+		return ret
+	}
+	return *o.SecondaryColorHex
+}
+
+// GetSecondaryColorHexOk returns a tuple with the SecondaryColorHex field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetSecondaryColorHexOk() (*string, bool) {
+	if o == nil || o.SecondaryColorHex == nil {
+		return nil, false
+	}
+	return o.SecondaryColorHex, true
+}
+
+// HasSecondaryColorHex returns a boolean if a field has been set.
+func (o *ThemeResponse) HasSecondaryColorHex() bool {
+	if o != nil && o.SecondaryColorHex != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecondaryColorHex gets a reference to the given string and assigns it to the SecondaryColorHex field.
+func (o *ThemeResponse) SetSecondaryColorHex(v string) {
+	o.SecondaryColorHex = &v
+}
+
+// GetSignInPageTouchPointVariant returns the SignInPageTouchPointVariant field value if set, zero value otherwise.
+func (o *ThemeResponse) GetSignInPageTouchPointVariant() SignInPageTouchPointVariant {
+	if o == nil || o.SignInPageTouchPointVariant == nil {
+		var ret SignInPageTouchPointVariant
+		return ret
+	}
+	return *o.SignInPageTouchPointVariant
+}
+
+// GetSignInPageTouchPointVariantOk returns a tuple with the SignInPageTouchPointVariant field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetSignInPageTouchPointVariantOk() (*SignInPageTouchPointVariant, bool) {
+	if o == nil || o.SignInPageTouchPointVariant == nil {
+		return nil, false
+	}
+	return o.SignInPageTouchPointVariant, true
+}
+
+// HasSignInPageTouchPointVariant returns a boolean if a field has been set.
+func (o *ThemeResponse) HasSignInPageTouchPointVariant() bool {
+	if o != nil && o.SignInPageTouchPointVariant != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSignInPageTouchPointVariant gets a reference to the given SignInPageTouchPointVariant and assigns it to the SignInPageTouchPointVariant field.
+func (o *ThemeResponse) SetSignInPageTouchPointVariant(v SignInPageTouchPointVariant) {
+	o.SignInPageTouchPointVariant = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ThemeResponse) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThemeResponse) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ThemeResponse) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ThemeResponse) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ThemeResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BackgroundImage != nil {
+		toSerialize["backgroundImage"] = o.BackgroundImage
+	}
+	if o.EmailTemplateTouchPointVariant != nil {
+		toSerialize["emailTemplateTouchPointVariant"] = o.EmailTemplateTouchPointVariant
+	}
+	if o.EndUserDashboardTouchPointVariant != nil {
+		toSerialize["endUserDashboardTouchPointVariant"] = o.EndUserDashboardTouchPointVariant
+	}
+	if o.ErrorPageTouchPointVariant != nil {
+		toSerialize["errorPageTouchPointVariant"] = o.ErrorPageTouchPointVariant
+	}
+	if o.Favicon != nil {
+		toSerialize["favicon"] = o.Favicon
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LoadingPageTouchPointVariant != nil {
+		toSerialize["loadingPageTouchPointVariant"] = o.LoadingPageTouchPointVariant
+	}
+	if o.Logo != nil {
+		toSerialize["logo"] = o.Logo
+	}
+	if o.PrimaryColorContrastHex != nil {
+		toSerialize["primaryColorContrastHex"] = o.PrimaryColorContrastHex
+	}
+	if o.PrimaryColorHex != nil {
+		toSerialize["primaryColorHex"] = o.PrimaryColorHex
+	}
+	if o.SecondaryColorContrastHex != nil {
+		toSerialize["secondaryColorContrastHex"] = o.SecondaryColorContrastHex
+	}
+	if o.SecondaryColorHex != nil {
+		toSerialize["secondaryColorHex"] = o.SecondaryColorHex
+	}
+	if o.SignInPageTouchPointVariant != nil {
+		toSerialize["signInPageTouchPointVariant"] = o.SignInPageTouchPointVariant
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ThemeResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varThemeResponse := _ThemeResponse{}
+
+	err = json.Unmarshal(bytes, &varThemeResponse)
+	if err == nil {
+		*o = ThemeResponse(varThemeResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "backgroundImage")
+		delete(additionalProperties, "emailTemplateTouchPointVariant")
+		delete(additionalProperties, "endUserDashboardTouchPointVariant")
+		delete(additionalProperties, "errorPageTouchPointVariant")
+		delete(additionalProperties, "favicon")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "loadingPageTouchPointVariant")
+		delete(additionalProperties, "logo")
+		delete(additionalProperties, "primaryColorContrastHex")
+		delete(additionalProperties, "primaryColorHex")
+		delete(additionalProperties, "secondaryColorContrastHex")
+		delete(additionalProperties, "secondaryColorHex")
+		delete(additionalProperties, "signInPageTouchPointVariant")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableThemeResponse struct {
+	value *ThemeResponse
+	isSet bool
+}
+
+func (v NullableThemeResponse) Get() *ThemeResponse {
+	return v.value
+}
+
+func (v *NullableThemeResponse) Set(val *ThemeResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableThemeResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableThemeResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableThemeResponse(val *ThemeResponse) *NullableThemeResponse {
+	return &NullableThemeResponse{value: val, isSet: true}
+}
+
+func (v NullableThemeResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableThemeResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_threat_insight_configuration.go b/okta/model_threat_insight_configuration.go
new file mode 100644
index 000000000..01f30f8a0
--- /dev/null
+++ b/okta/model_threat_insight_configuration.go
@@ -0,0 +1,307 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ThreatInsightConfiguration struct for ThreatInsightConfiguration
+type ThreatInsightConfiguration struct {
+	Action               *string                           `json:"action,omitempty"`
+	Created              *time.Time                        `json:"created,omitempty"`
+	ExcludeZones         []string                          `json:"excludeZones,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _ThreatInsightConfiguration ThreatInsightConfiguration
+
+// NewThreatInsightConfiguration instantiates a new ThreatInsightConfiguration object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewThreatInsightConfiguration() *ThreatInsightConfiguration {
+	this := ThreatInsightConfiguration{}
+	return &this
+}
+
+// NewThreatInsightConfigurationWithDefaults instantiates a new ThreatInsightConfiguration object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewThreatInsightConfigurationWithDefaults() *ThreatInsightConfiguration {
+	this := ThreatInsightConfiguration{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *ThreatInsightConfiguration) GetAction() string {
+	if o == nil || o.Action == nil {
+		var ret string
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThreatInsightConfiguration) GetActionOk() (*string, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *ThreatInsightConfiguration) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given string and assigns it to the Action field.
+func (o *ThreatInsightConfiguration) SetAction(v string) {
+	o.Action = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *ThreatInsightConfiguration) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThreatInsightConfiguration) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *ThreatInsightConfiguration) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *ThreatInsightConfiguration) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetExcludeZones returns the ExcludeZones field value if set, zero value otherwise.
+func (o *ThreatInsightConfiguration) GetExcludeZones() []string {
+	if o == nil || o.ExcludeZones == nil {
+		var ret []string
+		return ret
+	}
+	return o.ExcludeZones
+}
+
+// GetExcludeZonesOk returns a tuple with the ExcludeZones field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThreatInsightConfiguration) GetExcludeZonesOk() ([]string, bool) {
+	if o == nil || o.ExcludeZones == nil {
+		return nil, false
+	}
+	return o.ExcludeZones, true
+}
+
+// HasExcludeZones returns a boolean if a field has been set.
+func (o *ThreatInsightConfiguration) HasExcludeZones() bool {
+	if o != nil && o.ExcludeZones != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExcludeZones gets a reference to the given []string and assigns it to the ExcludeZones field.
+func (o *ThreatInsightConfiguration) SetExcludeZones(v []string) {
+	o.ExcludeZones = v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *ThreatInsightConfiguration) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThreatInsightConfiguration) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *ThreatInsightConfiguration) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *ThreatInsightConfiguration) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *ThreatInsightConfiguration) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *ThreatInsightConfiguration) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *ThreatInsightConfiguration) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *ThreatInsightConfiguration) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o ThreatInsightConfiguration) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.ExcludeZones != nil {
+		toSerialize["excludeZones"] = o.ExcludeZones
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *ThreatInsightConfiguration) UnmarshalJSON(bytes []byte) (err error) {
+	varThreatInsightConfiguration := _ThreatInsightConfiguration{}
+
+	err = json.Unmarshal(bytes, &varThreatInsightConfiguration)
+	if err == nil {
+		*o = ThreatInsightConfiguration(varThreatInsightConfiguration)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "excludeZones")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableThreatInsightConfiguration struct {
+	value *ThreatInsightConfiguration
+	isSet bool
+}
+
+func (v NullableThreatInsightConfiguration) Get() *ThreatInsightConfiguration {
+	return v.value
+}
+
+func (v *NullableThreatInsightConfiguration) Set(val *ThreatInsightConfiguration) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableThreatInsightConfiguration) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableThreatInsightConfiguration) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableThreatInsightConfiguration(val *ThreatInsightConfiguration) *NullableThreatInsightConfiguration {
+	return &NullableThreatInsightConfiguration{value: val, isSet: true}
+}
+
+func (v NullableThreatInsightConfiguration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableThreatInsightConfiguration) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_token_authorization_server_policy_rule_action.go b/okta/model_token_authorization_server_policy_rule_action.go
new file mode 100644
index 000000000..5ac33bb66
--- /dev/null
+++ b/okta/model_token_authorization_server_policy_rule_action.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TokenAuthorizationServerPolicyRuleAction struct for TokenAuthorizationServerPolicyRuleAction
+type TokenAuthorizationServerPolicyRuleAction struct {
+	AccessTokenLifetimeMinutes  *int32                                              `json:"accessTokenLifetimeMinutes,omitempty"`
+	InlineHook                  *TokenAuthorizationServerPolicyRuleActionInlineHook `json:"inlineHook,omitempty"`
+	RefreshTokenLifetimeMinutes *int32                                              `json:"refreshTokenLifetimeMinutes,omitempty"`
+	RefreshTokenWindowMinutes   *int32                                              `json:"refreshTokenWindowMinutes,omitempty"`
+	AdditionalProperties        map[string]interface{}
+}
+
+type _TokenAuthorizationServerPolicyRuleAction TokenAuthorizationServerPolicyRuleAction
+
+// NewTokenAuthorizationServerPolicyRuleAction instantiates a new TokenAuthorizationServerPolicyRuleAction object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTokenAuthorizationServerPolicyRuleAction() *TokenAuthorizationServerPolicyRuleAction {
+	this := TokenAuthorizationServerPolicyRuleAction{}
+	return &this
+}
+
+// NewTokenAuthorizationServerPolicyRuleActionWithDefaults instantiates a new TokenAuthorizationServerPolicyRuleAction object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTokenAuthorizationServerPolicyRuleActionWithDefaults() *TokenAuthorizationServerPolicyRuleAction {
+	this := TokenAuthorizationServerPolicyRuleAction{}
+	return &this
+}
+
+// GetAccessTokenLifetimeMinutes returns the AccessTokenLifetimeMinutes field value if set, zero value otherwise.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetAccessTokenLifetimeMinutes() int32 {
+	if o == nil || o.AccessTokenLifetimeMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.AccessTokenLifetimeMinutes
+}
+
+// GetAccessTokenLifetimeMinutesOk returns a tuple with the AccessTokenLifetimeMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetAccessTokenLifetimeMinutesOk() (*int32, bool) {
+	if o == nil || o.AccessTokenLifetimeMinutes == nil {
+		return nil, false
+	}
+	return o.AccessTokenLifetimeMinutes, true
+}
+
+// HasAccessTokenLifetimeMinutes returns a boolean if a field has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) HasAccessTokenLifetimeMinutes() bool {
+	if o != nil && o.AccessTokenLifetimeMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAccessTokenLifetimeMinutes gets a reference to the given int32 and assigns it to the AccessTokenLifetimeMinutes field.
+func (o *TokenAuthorizationServerPolicyRuleAction) SetAccessTokenLifetimeMinutes(v int32) {
+	o.AccessTokenLifetimeMinutes = &v
+}
+
+// GetInlineHook returns the InlineHook field value if set, zero value otherwise.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetInlineHook() TokenAuthorizationServerPolicyRuleActionInlineHook {
+	if o == nil || o.InlineHook == nil {
+		var ret TokenAuthorizationServerPolicyRuleActionInlineHook
+		return ret
+	}
+	return *o.InlineHook
+}
+
+// GetInlineHookOk returns a tuple with the InlineHook field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetInlineHookOk() (*TokenAuthorizationServerPolicyRuleActionInlineHook, bool) {
+	if o == nil || o.InlineHook == nil {
+		return nil, false
+	}
+	return o.InlineHook, true
+}
+
+// HasInlineHook returns a boolean if a field has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) HasInlineHook() bool {
+	if o != nil && o.InlineHook != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHook gets a reference to the given TokenAuthorizationServerPolicyRuleActionInlineHook and assigns it to the InlineHook field.
+func (o *TokenAuthorizationServerPolicyRuleAction) SetInlineHook(v TokenAuthorizationServerPolicyRuleActionInlineHook) {
+	o.InlineHook = &v
+}
+
+// GetRefreshTokenLifetimeMinutes returns the RefreshTokenLifetimeMinutes field value if set, zero value otherwise.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenLifetimeMinutes() int32 {
+	if o == nil || o.RefreshTokenLifetimeMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.RefreshTokenLifetimeMinutes
+}
+
+// GetRefreshTokenLifetimeMinutesOk returns a tuple with the RefreshTokenLifetimeMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenLifetimeMinutesOk() (*int32, bool) {
+	if o == nil || o.RefreshTokenLifetimeMinutes == nil {
+		return nil, false
+	}
+	return o.RefreshTokenLifetimeMinutes, true
+}
+
+// HasRefreshTokenLifetimeMinutes returns a boolean if a field has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) HasRefreshTokenLifetimeMinutes() bool {
+	if o != nil && o.RefreshTokenLifetimeMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRefreshTokenLifetimeMinutes gets a reference to the given int32 and assigns it to the RefreshTokenLifetimeMinutes field.
+func (o *TokenAuthorizationServerPolicyRuleAction) SetRefreshTokenLifetimeMinutes(v int32) {
+	o.RefreshTokenLifetimeMinutes = &v
+}
+
+// GetRefreshTokenWindowMinutes returns the RefreshTokenWindowMinutes field value if set, zero value otherwise.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenWindowMinutes() int32 {
+	if o == nil || o.RefreshTokenWindowMinutes == nil {
+		var ret int32
+		return ret
+	}
+	return *o.RefreshTokenWindowMinutes
+}
+
+// GetRefreshTokenWindowMinutesOk returns a tuple with the RefreshTokenWindowMinutes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) GetRefreshTokenWindowMinutesOk() (*int32, bool) {
+	if o == nil || o.RefreshTokenWindowMinutes == nil {
+		return nil, false
+	}
+	return o.RefreshTokenWindowMinutes, true
+}
+
+// HasRefreshTokenWindowMinutes returns a boolean if a field has been set.
+func (o *TokenAuthorizationServerPolicyRuleAction) HasRefreshTokenWindowMinutes() bool {
+	if o != nil && o.RefreshTokenWindowMinutes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRefreshTokenWindowMinutes gets a reference to the given int32 and assigns it to the RefreshTokenWindowMinutes field.
+func (o *TokenAuthorizationServerPolicyRuleAction) SetRefreshTokenWindowMinutes(v int32) {
+	o.RefreshTokenWindowMinutes = &v
+}
+
+func (o TokenAuthorizationServerPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AccessTokenLifetimeMinutes != nil {
+		toSerialize["accessTokenLifetimeMinutes"] = o.AccessTokenLifetimeMinutes
+	}
+	if o.InlineHook != nil {
+		toSerialize["inlineHook"] = o.InlineHook
+	}
+	if o.RefreshTokenLifetimeMinutes != nil {
+		toSerialize["refreshTokenLifetimeMinutes"] = o.RefreshTokenLifetimeMinutes
+	}
+	if o.RefreshTokenWindowMinutes != nil {
+		toSerialize["refreshTokenWindowMinutes"] = o.RefreshTokenWindowMinutes
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TokenAuthorizationServerPolicyRuleAction) UnmarshalJSON(bytes []byte) (err error) {
+	varTokenAuthorizationServerPolicyRuleAction := _TokenAuthorizationServerPolicyRuleAction{}
+
+	err = json.Unmarshal(bytes, &varTokenAuthorizationServerPolicyRuleAction)
+	if err == nil {
+		*o = TokenAuthorizationServerPolicyRuleAction(varTokenAuthorizationServerPolicyRuleAction)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "accessTokenLifetimeMinutes")
+		delete(additionalProperties, "inlineHook")
+		delete(additionalProperties, "refreshTokenLifetimeMinutes")
+		delete(additionalProperties, "refreshTokenWindowMinutes")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTokenAuthorizationServerPolicyRuleAction struct {
+	value *TokenAuthorizationServerPolicyRuleAction
+	isSet bool
+}
+
+func (v NullableTokenAuthorizationServerPolicyRuleAction) Get() *TokenAuthorizationServerPolicyRuleAction {
+	return v.value
+}
+
+func (v *NullableTokenAuthorizationServerPolicyRuleAction) Set(val *TokenAuthorizationServerPolicyRuleAction) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTokenAuthorizationServerPolicyRuleAction) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTokenAuthorizationServerPolicyRuleAction) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTokenAuthorizationServerPolicyRuleAction(val *TokenAuthorizationServerPolicyRuleAction) *NullableTokenAuthorizationServerPolicyRuleAction {
+	return &NullableTokenAuthorizationServerPolicyRuleAction{value: val, isSet: true}
+}
+
+func (v NullableTokenAuthorizationServerPolicyRuleAction) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTokenAuthorizationServerPolicyRuleAction) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_token_authorization_server_policy_rule_action_inline_hook.go b/okta/model_token_authorization_server_policy_rule_action_inline_hook.go
new file mode 100644
index 000000000..ea097697f
--- /dev/null
+++ b/okta/model_token_authorization_server_policy_rule_action_inline_hook.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TokenAuthorizationServerPolicyRuleActionInlineHook struct for TokenAuthorizationServerPolicyRuleActionInlineHook
+type TokenAuthorizationServerPolicyRuleActionInlineHook struct {
+	Id                   *string `json:"id,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TokenAuthorizationServerPolicyRuleActionInlineHook TokenAuthorizationServerPolicyRuleActionInlineHook
+
+// NewTokenAuthorizationServerPolicyRuleActionInlineHook instantiates a new TokenAuthorizationServerPolicyRuleActionInlineHook object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTokenAuthorizationServerPolicyRuleActionInlineHook() *TokenAuthorizationServerPolicyRuleActionInlineHook {
+	this := TokenAuthorizationServerPolicyRuleActionInlineHook{}
+	return &this
+}
+
+// NewTokenAuthorizationServerPolicyRuleActionInlineHookWithDefaults instantiates a new TokenAuthorizationServerPolicyRuleActionInlineHook object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTokenAuthorizationServerPolicyRuleActionInlineHookWithDefaults() *TokenAuthorizationServerPolicyRuleActionInlineHook {
+	this := TokenAuthorizationServerPolicyRuleActionInlineHook{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) SetId(v string) {
+	o.Id = &v
+}
+
+func (o TokenAuthorizationServerPolicyRuleActionInlineHook) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TokenAuthorizationServerPolicyRuleActionInlineHook) UnmarshalJSON(bytes []byte) (err error) {
+	varTokenAuthorizationServerPolicyRuleActionInlineHook := _TokenAuthorizationServerPolicyRuleActionInlineHook{}
+
+	err = json.Unmarshal(bytes, &varTokenAuthorizationServerPolicyRuleActionInlineHook)
+	if err == nil {
+		*o = TokenAuthorizationServerPolicyRuleActionInlineHook(varTokenAuthorizationServerPolicyRuleActionInlineHook)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTokenAuthorizationServerPolicyRuleActionInlineHook struct {
+	value *TokenAuthorizationServerPolicyRuleActionInlineHook
+	isSet bool
+}
+
+func (v NullableTokenAuthorizationServerPolicyRuleActionInlineHook) Get() *TokenAuthorizationServerPolicyRuleActionInlineHook {
+	return v.value
+}
+
+func (v *NullableTokenAuthorizationServerPolicyRuleActionInlineHook) Set(val *TokenAuthorizationServerPolicyRuleActionInlineHook) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTokenAuthorizationServerPolicyRuleActionInlineHook) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTokenAuthorizationServerPolicyRuleActionInlineHook) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTokenAuthorizationServerPolicyRuleActionInlineHook(val *TokenAuthorizationServerPolicyRuleActionInlineHook) *NullableTokenAuthorizationServerPolicyRuleActionInlineHook {
+	return &NullableTokenAuthorizationServerPolicyRuleActionInlineHook{value: val, isSet: true}
+}
+
+func (v NullableTokenAuthorizationServerPolicyRuleActionInlineHook) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTokenAuthorizationServerPolicyRuleActionInlineHook) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_token_user_factor.go b/okta/model_token_user_factor.go
new file mode 100644
index 000000000..292a57e02
--- /dev/null
+++ b/okta/model_token_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// TokenUserFactor struct for TokenUserFactor
+type TokenUserFactor struct {
+	UserFactor
+	Profile              *TokenUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TokenUserFactor TokenUserFactor
+
+// NewTokenUserFactor instantiates a new TokenUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTokenUserFactor() *TokenUserFactor {
+	this := TokenUserFactor{}
+	return &this
+}
+
+// NewTokenUserFactorWithDefaults instantiates a new TokenUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTokenUserFactorWithDefaults() *TokenUserFactor {
+	this := TokenUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *TokenUserFactor) GetProfile() TokenUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret TokenUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenUserFactor) GetProfileOk() (*TokenUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *TokenUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given TokenUserFactorProfile and assigns it to the Profile field.
+func (o *TokenUserFactor) SetProfile(v TokenUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o TokenUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TokenUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type TokenUserFactorWithoutEmbeddedStruct struct {
+		Profile *TokenUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varTokenUserFactorWithoutEmbeddedStruct := TokenUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varTokenUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varTokenUserFactor := _TokenUserFactor{}
+		varTokenUserFactor.Profile = varTokenUserFactorWithoutEmbeddedStruct.Profile
+		*o = TokenUserFactor(varTokenUserFactor)
+	} else {
+		return err
+	}
+
+	varTokenUserFactor := _TokenUserFactor{}
+
+	err = json.Unmarshal(bytes, &varTokenUserFactor)
+	if err == nil {
+		o.UserFactor = varTokenUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTokenUserFactor struct {
+	value *TokenUserFactor
+	isSet bool
+}
+
+func (v NullableTokenUserFactor) Get() *TokenUserFactor {
+	return v.value
+}
+
+func (v *NullableTokenUserFactor) Set(val *TokenUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTokenUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTokenUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTokenUserFactor(val *TokenUserFactor) *NullableTokenUserFactor {
+	return &NullableTokenUserFactor{value: val, isSet: true}
+}
+
+func (v NullableTokenUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTokenUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_token_user_factor_all_of.go b/okta/model_token_user_factor_all_of.go
new file mode 100644
index 000000000..7d1fd129c
--- /dev/null
+++ b/okta/model_token_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TokenUserFactorAllOf struct for TokenUserFactorAllOf
+type TokenUserFactorAllOf struct {
+	Profile              *TokenUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TokenUserFactorAllOf TokenUserFactorAllOf
+
+// NewTokenUserFactorAllOf instantiates a new TokenUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTokenUserFactorAllOf() *TokenUserFactorAllOf {
+	this := TokenUserFactorAllOf{}
+	return &this
+}
+
+// NewTokenUserFactorAllOfWithDefaults instantiates a new TokenUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTokenUserFactorAllOfWithDefaults() *TokenUserFactorAllOf {
+	this := TokenUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *TokenUserFactorAllOf) GetProfile() TokenUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret TokenUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenUserFactorAllOf) GetProfileOk() (*TokenUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *TokenUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given TokenUserFactorProfile and assigns it to the Profile field.
+func (o *TokenUserFactorAllOf) SetProfile(v TokenUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o TokenUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TokenUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varTokenUserFactorAllOf := _TokenUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varTokenUserFactorAllOf)
+	if err == nil {
+		*o = TokenUserFactorAllOf(varTokenUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTokenUserFactorAllOf struct {
+	value *TokenUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableTokenUserFactorAllOf) Get() *TokenUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableTokenUserFactorAllOf) Set(val *TokenUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTokenUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTokenUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTokenUserFactorAllOf(val *TokenUserFactorAllOf) *NullableTokenUserFactorAllOf {
+	return &NullableTokenUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableTokenUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTokenUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_token_user_factor_profile.go b/okta/model_token_user_factor_profile.go
new file mode 100644
index 000000000..aa4bcae21
--- /dev/null
+++ b/okta/model_token_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TokenUserFactorProfile struct for TokenUserFactorProfile
+type TokenUserFactorProfile struct {
+	CredentialId         *string `json:"credentialId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TokenUserFactorProfile TokenUserFactorProfile
+
+// NewTokenUserFactorProfile instantiates a new TokenUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTokenUserFactorProfile() *TokenUserFactorProfile {
+	this := TokenUserFactorProfile{}
+	return &this
+}
+
+// NewTokenUserFactorProfileWithDefaults instantiates a new TokenUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTokenUserFactorProfileWithDefaults() *TokenUserFactorProfile {
+	this := TokenUserFactorProfile{}
+	return &this
+}
+
+// GetCredentialId returns the CredentialId field value if set, zero value otherwise.
+func (o *TokenUserFactorProfile) GetCredentialId() string {
+	if o == nil || o.CredentialId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CredentialId
+}
+
+// GetCredentialIdOk returns a tuple with the CredentialId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TokenUserFactorProfile) GetCredentialIdOk() (*string, bool) {
+	if o == nil || o.CredentialId == nil {
+		return nil, false
+	}
+	return o.CredentialId, true
+}
+
+// HasCredentialId returns a boolean if a field has been set.
+func (o *TokenUserFactorProfile) HasCredentialId() bool {
+	if o != nil && o.CredentialId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialId gets a reference to the given string and assigns it to the CredentialId field.
+func (o *TokenUserFactorProfile) SetCredentialId(v string) {
+	o.CredentialId = &v
+}
+
+func (o TokenUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CredentialId != nil {
+		toSerialize["credentialId"] = o.CredentialId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TokenUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varTokenUserFactorProfile := _TokenUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varTokenUserFactorProfile)
+	if err == nil {
+		*o = TokenUserFactorProfile(varTokenUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentialId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTokenUserFactorProfile struct {
+	value *TokenUserFactorProfile
+	isSet bool
+}
+
+func (v NullableTokenUserFactorProfile) Get() *TokenUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableTokenUserFactorProfile) Set(val *TokenUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTokenUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTokenUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTokenUserFactorProfile(val *TokenUserFactorProfile) *NullableTokenUserFactorProfile {
+	return &NullableTokenUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableTokenUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTokenUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_totp_user_factor.go b/okta/model_totp_user_factor.go
new file mode 100644
index 000000000..e2e7bef48
--- /dev/null
+++ b/okta/model_totp_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// TotpUserFactor struct for TotpUserFactor
+type TotpUserFactor struct {
+	UserFactor
+	Profile              *TotpUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TotpUserFactor TotpUserFactor
+
+// NewTotpUserFactor instantiates a new TotpUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTotpUserFactor() *TotpUserFactor {
+	this := TotpUserFactor{}
+	return &this
+}
+
+// NewTotpUserFactorWithDefaults instantiates a new TotpUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTotpUserFactorWithDefaults() *TotpUserFactor {
+	this := TotpUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *TotpUserFactor) GetProfile() TotpUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret TotpUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TotpUserFactor) GetProfileOk() (*TotpUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *TotpUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given TotpUserFactorProfile and assigns it to the Profile field.
+func (o *TotpUserFactor) SetProfile(v TotpUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o TotpUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TotpUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type TotpUserFactorWithoutEmbeddedStruct struct {
+		Profile *TotpUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varTotpUserFactorWithoutEmbeddedStruct := TotpUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varTotpUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varTotpUserFactor := _TotpUserFactor{}
+		varTotpUserFactor.Profile = varTotpUserFactorWithoutEmbeddedStruct.Profile
+		*o = TotpUserFactor(varTotpUserFactor)
+	} else {
+		return err
+	}
+
+	varTotpUserFactor := _TotpUserFactor{}
+
+	err = json.Unmarshal(bytes, &varTotpUserFactor)
+	if err == nil {
+		o.UserFactor = varTotpUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTotpUserFactor struct {
+	value *TotpUserFactor
+	isSet bool
+}
+
+func (v NullableTotpUserFactor) Get() *TotpUserFactor {
+	return v.value
+}
+
+func (v *NullableTotpUserFactor) Set(val *TotpUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTotpUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTotpUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTotpUserFactor(val *TotpUserFactor) *NullableTotpUserFactor {
+	return &NullableTotpUserFactor{value: val, isSet: true}
+}
+
+func (v NullableTotpUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTotpUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_totp_user_factor_all_of.go b/okta/model_totp_user_factor_all_of.go
new file mode 100644
index 000000000..942245556
--- /dev/null
+++ b/okta/model_totp_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TotpUserFactorAllOf struct for TotpUserFactorAllOf
+type TotpUserFactorAllOf struct {
+	Profile              *TotpUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TotpUserFactorAllOf TotpUserFactorAllOf
+
+// NewTotpUserFactorAllOf instantiates a new TotpUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTotpUserFactorAllOf() *TotpUserFactorAllOf {
+	this := TotpUserFactorAllOf{}
+	return &this
+}
+
+// NewTotpUserFactorAllOfWithDefaults instantiates a new TotpUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTotpUserFactorAllOfWithDefaults() *TotpUserFactorAllOf {
+	this := TotpUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *TotpUserFactorAllOf) GetProfile() TotpUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret TotpUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TotpUserFactorAllOf) GetProfileOk() (*TotpUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *TotpUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given TotpUserFactorProfile and assigns it to the Profile field.
+func (o *TotpUserFactorAllOf) SetProfile(v TotpUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o TotpUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TotpUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varTotpUserFactorAllOf := _TotpUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varTotpUserFactorAllOf)
+	if err == nil {
+		*o = TotpUserFactorAllOf(varTotpUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTotpUserFactorAllOf struct {
+	value *TotpUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableTotpUserFactorAllOf) Get() *TotpUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableTotpUserFactorAllOf) Set(val *TotpUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTotpUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTotpUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTotpUserFactorAllOf(val *TotpUserFactorAllOf) *NullableTotpUserFactorAllOf {
+	return &NullableTotpUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableTotpUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTotpUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_totp_user_factor_profile.go b/okta/model_totp_user_factor_profile.go
new file mode 100644
index 000000000..d51f613bd
--- /dev/null
+++ b/okta/model_totp_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TotpUserFactorProfile struct for TotpUserFactorProfile
+type TotpUserFactorProfile struct {
+	CredentialId         *string `json:"credentialId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TotpUserFactorProfile TotpUserFactorProfile
+
+// NewTotpUserFactorProfile instantiates a new TotpUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTotpUserFactorProfile() *TotpUserFactorProfile {
+	this := TotpUserFactorProfile{}
+	return &this
+}
+
+// NewTotpUserFactorProfileWithDefaults instantiates a new TotpUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTotpUserFactorProfileWithDefaults() *TotpUserFactorProfile {
+	this := TotpUserFactorProfile{}
+	return &this
+}
+
+// GetCredentialId returns the CredentialId field value if set, zero value otherwise.
+func (o *TotpUserFactorProfile) GetCredentialId() string {
+	if o == nil || o.CredentialId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CredentialId
+}
+
+// GetCredentialIdOk returns a tuple with the CredentialId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TotpUserFactorProfile) GetCredentialIdOk() (*string, bool) {
+	if o == nil || o.CredentialId == nil {
+		return nil, false
+	}
+	return o.CredentialId, true
+}
+
+// HasCredentialId returns a boolean if a field has been set.
+func (o *TotpUserFactorProfile) HasCredentialId() bool {
+	if o != nil && o.CredentialId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialId gets a reference to the given string and assigns it to the CredentialId field.
+func (o *TotpUserFactorProfile) SetCredentialId(v string) {
+	o.CredentialId = &v
+}
+
+func (o TotpUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CredentialId != nil {
+		toSerialize["credentialId"] = o.CredentialId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TotpUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varTotpUserFactorProfile := _TotpUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varTotpUserFactorProfile)
+	if err == nil {
+		*o = TotpUserFactorProfile(varTotpUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentialId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTotpUserFactorProfile struct {
+	value *TotpUserFactorProfile
+	isSet bool
+}
+
+func (v NullableTotpUserFactorProfile) Get() *TotpUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableTotpUserFactorProfile) Set(val *TotpUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTotpUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTotpUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTotpUserFactorProfile(val *TotpUserFactorProfile) *NullableTotpUserFactorProfile {
+	return &NullableTotpUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableTotpUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTotpUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_trusted_origin.go b/okta/model_trusted_origin.go
new file mode 100644
index 000000000..47fdc76c9
--- /dev/null
+++ b/okta/model_trusted_origin.go
@@ -0,0 +1,492 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// TrustedOrigin struct for TrustedOrigin
+type TrustedOrigin struct {
+	Created              *time.Time                        `json:"created,omitempty"`
+	CreatedBy            *string                           `json:"createdBy,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	LastUpdatedBy        *string                           `json:"lastUpdatedBy,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Origin               *string                           `json:"origin,omitempty"`
+	Scopes               []TrustedOriginScope              `json:"scopes,omitempty"`
+	Status               *string                           `json:"status,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TrustedOrigin TrustedOrigin
+
+// NewTrustedOrigin instantiates a new TrustedOrigin object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTrustedOrigin() *TrustedOrigin {
+	this := TrustedOrigin{}
+	return &this
+}
+
+// NewTrustedOriginWithDefaults instantiates a new TrustedOrigin object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTrustedOriginWithDefaults() *TrustedOrigin {
+	this := TrustedOrigin{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *TrustedOrigin) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCreatedBy returns the CreatedBy field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetCreatedBy() string {
+	if o == nil || o.CreatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.CreatedBy
+}
+
+// GetCreatedByOk returns a tuple with the CreatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetCreatedByOk() (*string, bool) {
+	if o == nil || o.CreatedBy == nil {
+		return nil, false
+	}
+	return o.CreatedBy, true
+}
+
+// HasCreatedBy returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasCreatedBy() bool {
+	if o != nil && o.CreatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedBy gets a reference to the given string and assigns it to the CreatedBy field.
+func (o *TrustedOrigin) SetCreatedBy(v string) {
+	o.CreatedBy = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *TrustedOrigin) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *TrustedOrigin) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLastUpdatedBy returns the LastUpdatedBy field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetLastUpdatedBy() string {
+	if o == nil || o.LastUpdatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdatedBy
+}
+
+// GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetLastUpdatedByOk() (*string, bool) {
+	if o == nil || o.LastUpdatedBy == nil {
+		return nil, false
+	}
+	return o.LastUpdatedBy, true
+}
+
+// HasLastUpdatedBy returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasLastUpdatedBy() bool {
+	if o != nil && o.LastUpdatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdatedBy gets a reference to the given string and assigns it to the LastUpdatedBy field.
+func (o *TrustedOrigin) SetLastUpdatedBy(v string) {
+	o.LastUpdatedBy = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *TrustedOrigin) SetName(v string) {
+	o.Name = &v
+}
+
+// GetOrigin returns the Origin field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetOrigin() string {
+	if o == nil || o.Origin == nil {
+		var ret string
+		return ret
+	}
+	return *o.Origin
+}
+
+// GetOriginOk returns a tuple with the Origin field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetOriginOk() (*string, bool) {
+	if o == nil || o.Origin == nil {
+		return nil, false
+	}
+	return o.Origin, true
+}
+
+// HasOrigin returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasOrigin() bool {
+	if o != nil && o.Origin != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOrigin gets a reference to the given string and assigns it to the Origin field.
+func (o *TrustedOrigin) SetOrigin(v string) {
+	o.Origin = &v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetScopes() []TrustedOriginScope {
+	if o == nil || o.Scopes == nil {
+		var ret []TrustedOriginScope
+		return ret
+	}
+	return o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetScopesOk() ([]TrustedOriginScope, bool) {
+	if o == nil || o.Scopes == nil {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasScopes() bool {
+	if o != nil && o.Scopes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given []TrustedOriginScope and assigns it to the Scopes field.
+func (o *TrustedOrigin) SetScopes(v []TrustedOriginScope) {
+	o.Scopes = v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetStatus() string {
+	if o == nil || o.Status == nil {
+		var ret string
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetStatusOk() (*string, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given string and assigns it to the Status field.
+func (o *TrustedOrigin) SetStatus(v string) {
+	o.Status = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *TrustedOrigin) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOrigin) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *TrustedOrigin) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *TrustedOrigin) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o TrustedOrigin) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.CreatedBy != nil {
+		toSerialize["createdBy"] = o.CreatedBy
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.LastUpdatedBy != nil {
+		toSerialize["lastUpdatedBy"] = o.LastUpdatedBy
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Origin != nil {
+		toSerialize["origin"] = o.Origin
+	}
+	if o.Scopes != nil {
+		toSerialize["scopes"] = o.Scopes
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TrustedOrigin) UnmarshalJSON(bytes []byte) (err error) {
+	varTrustedOrigin := _TrustedOrigin{}
+
+	err = json.Unmarshal(bytes, &varTrustedOrigin)
+	if err == nil {
+		*o = TrustedOrigin(varTrustedOrigin)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "createdBy")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "lastUpdatedBy")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "origin")
+		delete(additionalProperties, "scopes")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTrustedOrigin struct {
+	value *TrustedOrigin
+	isSet bool
+}
+
+func (v NullableTrustedOrigin) Get() *TrustedOrigin {
+	return v.value
+}
+
+func (v *NullableTrustedOrigin) Set(val *TrustedOrigin) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTrustedOrigin) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTrustedOrigin) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTrustedOrigin(val *TrustedOrigin) *NullableTrustedOrigin {
+	return &NullableTrustedOrigin{value: val, isSet: true}
+}
+
+func (v NullableTrustedOrigin) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTrustedOrigin) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_trusted_origin_scope.go b/okta/model_trusted_origin_scope.go
new file mode 100644
index 000000000..1792f8c66
--- /dev/null
+++ b/okta/model_trusted_origin_scope.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// TrustedOriginScope struct for TrustedOriginScope
+type TrustedOriginScope struct {
+	AllowedOktaApps      []IframeEmbedScopeAllowedApps `json:"allowedOktaApps,omitempty"`
+	Type                 *TrustedOriginScopeType       `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _TrustedOriginScope TrustedOriginScope
+
+// NewTrustedOriginScope instantiates a new TrustedOriginScope object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewTrustedOriginScope() *TrustedOriginScope {
+	this := TrustedOriginScope{}
+	return &this
+}
+
+// NewTrustedOriginScopeWithDefaults instantiates a new TrustedOriginScope object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewTrustedOriginScopeWithDefaults() *TrustedOriginScope {
+	this := TrustedOriginScope{}
+	return &this
+}
+
+// GetAllowedOktaApps returns the AllowedOktaApps field value if set, zero value otherwise.
+func (o *TrustedOriginScope) GetAllowedOktaApps() []IframeEmbedScopeAllowedApps {
+	if o == nil || o.AllowedOktaApps == nil {
+		var ret []IframeEmbedScopeAllowedApps
+		return ret
+	}
+	return o.AllowedOktaApps
+}
+
+// GetAllowedOktaAppsOk returns a tuple with the AllowedOktaApps field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOriginScope) GetAllowedOktaAppsOk() ([]IframeEmbedScopeAllowedApps, bool) {
+	if o == nil || o.AllowedOktaApps == nil {
+		return nil, false
+	}
+	return o.AllowedOktaApps, true
+}
+
+// HasAllowedOktaApps returns a boolean if a field has been set.
+func (o *TrustedOriginScope) HasAllowedOktaApps() bool {
+	if o != nil && o.AllowedOktaApps != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAllowedOktaApps gets a reference to the given []IframeEmbedScopeAllowedApps and assigns it to the AllowedOktaApps field.
+func (o *TrustedOriginScope) SetAllowedOktaApps(v []IframeEmbedScopeAllowedApps) {
+	o.AllowedOktaApps = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *TrustedOriginScope) GetType() TrustedOriginScopeType {
+	if o == nil || o.Type == nil {
+		var ret TrustedOriginScopeType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *TrustedOriginScope) GetTypeOk() (*TrustedOriginScopeType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *TrustedOriginScope) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given TrustedOriginScopeType and assigns it to the Type field.
+func (o *TrustedOriginScope) SetType(v TrustedOriginScopeType) {
+	o.Type = &v
+}
+
+func (o TrustedOriginScope) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AllowedOktaApps != nil {
+		toSerialize["allowedOktaApps"] = o.AllowedOktaApps
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *TrustedOriginScope) UnmarshalJSON(bytes []byte) (err error) {
+	varTrustedOriginScope := _TrustedOriginScope{}
+
+	err = json.Unmarshal(bytes, &varTrustedOriginScope)
+	if err == nil {
+		*o = TrustedOriginScope(varTrustedOriginScope)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "allowedOktaApps")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableTrustedOriginScope struct {
+	value *TrustedOriginScope
+	isSet bool
+}
+
+func (v NullableTrustedOriginScope) Get() *TrustedOriginScope {
+	return v.value
+}
+
+func (v *NullableTrustedOriginScope) Set(val *TrustedOriginScope) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTrustedOriginScope) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTrustedOriginScope) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTrustedOriginScope(val *TrustedOriginScope) *NullableTrustedOriginScope {
+	return &NullableTrustedOriginScope{value: val, isSet: true}
+}
+
+func (v NullableTrustedOriginScope) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTrustedOriginScope) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_trusted_origin_scope_type.go b/okta/model_trusted_origin_scope_type.go
new file mode 100644
index 000000000..06baaecf2
--- /dev/null
+++ b/okta/model_trusted_origin_scope_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// TrustedOriginScopeType the model 'TrustedOriginScopeType'
+type TrustedOriginScopeType string
+
+// List of TrustedOriginScopeType
+const (
+	TRUSTEDORIGINSCOPETYPE_CORS         TrustedOriginScopeType = "CORS"
+	TRUSTEDORIGINSCOPETYPE_IFRAME_EMBED TrustedOriginScopeType = "IFRAME_EMBED"
+	TRUSTEDORIGINSCOPETYPE_REDIRECT     TrustedOriginScopeType = "REDIRECT"
+)
+
+// All allowed values of TrustedOriginScopeType enum
+var AllowedTrustedOriginScopeTypeEnumValues = []TrustedOriginScopeType{
+	"CORS",
+	"IFRAME_EMBED",
+	"REDIRECT",
+}
+
+func (v *TrustedOriginScopeType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := TrustedOriginScopeType(value)
+	for _, existing := range AllowedTrustedOriginScopeTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid TrustedOriginScopeType", value)
+}
+
+// NewTrustedOriginScopeTypeFromValue returns a pointer to a valid TrustedOriginScopeType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewTrustedOriginScopeTypeFromValue(v string) (*TrustedOriginScopeType, error) {
+	ev := TrustedOriginScopeType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for TrustedOriginScopeType: valid values are %v", v, AllowedTrustedOriginScopeTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v TrustedOriginScopeType) IsValid() bool {
+	for _, existing := range AllowedTrustedOriginScopeTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to TrustedOriginScopeType value
+func (v TrustedOriginScopeType) Ptr() *TrustedOriginScopeType {
+	return &v
+}
+
+type NullableTrustedOriginScopeType struct {
+	value *TrustedOriginScopeType
+	isSet bool
+}
+
+func (v NullableTrustedOriginScopeType) Get() *TrustedOriginScopeType {
+	return v.value
+}
+
+func (v *NullableTrustedOriginScopeType) Set(val *TrustedOriginScopeType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTrustedOriginScopeType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTrustedOriginScopeType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTrustedOriginScopeType(val *TrustedOriginScopeType) *NullableTrustedOriginScopeType {
+	return &NullableTrustedOriginScopeType{value: val, isSet: true}
+}
+
+func (v NullableTrustedOriginScopeType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableTrustedOriginScopeType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_u2f_user_factor.go b/okta/model_u2f_user_factor.go
new file mode 100644
index 000000000..1ea4d686a
--- /dev/null
+++ b/okta/model_u2f_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// U2fUserFactor struct for U2fUserFactor
+type U2fUserFactor struct {
+	UserFactor
+	Profile              *U2fUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _U2fUserFactor U2fUserFactor
+
+// NewU2fUserFactor instantiates a new U2fUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewU2fUserFactor() *U2fUserFactor {
+	this := U2fUserFactor{}
+	return &this
+}
+
+// NewU2fUserFactorWithDefaults instantiates a new U2fUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewU2fUserFactorWithDefaults() *U2fUserFactor {
+	this := U2fUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *U2fUserFactor) GetProfile() U2fUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret U2fUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *U2fUserFactor) GetProfileOk() (*U2fUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *U2fUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given U2fUserFactorProfile and assigns it to the Profile field.
+func (o *U2fUserFactor) SetProfile(v U2fUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o U2fUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *U2fUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type U2fUserFactorWithoutEmbeddedStruct struct {
+		Profile *U2fUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varU2fUserFactorWithoutEmbeddedStruct := U2fUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varU2fUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varU2fUserFactor := _U2fUserFactor{}
+		varU2fUserFactor.Profile = varU2fUserFactorWithoutEmbeddedStruct.Profile
+		*o = U2fUserFactor(varU2fUserFactor)
+	} else {
+		return err
+	}
+
+	varU2fUserFactor := _U2fUserFactor{}
+
+	err = json.Unmarshal(bytes, &varU2fUserFactor)
+	if err == nil {
+		o.UserFactor = varU2fUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableU2fUserFactor struct {
+	value *U2fUserFactor
+	isSet bool
+}
+
+func (v NullableU2fUserFactor) Get() *U2fUserFactor {
+	return v.value
+}
+
+func (v *NullableU2fUserFactor) Set(val *U2fUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableU2fUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableU2fUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableU2fUserFactor(val *U2fUserFactor) *NullableU2fUserFactor {
+	return &NullableU2fUserFactor{value: val, isSet: true}
+}
+
+func (v NullableU2fUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableU2fUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_u2f_user_factor_all_of.go b/okta/model_u2f_user_factor_all_of.go
new file mode 100644
index 000000000..d103bc435
--- /dev/null
+++ b/okta/model_u2f_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// U2fUserFactorAllOf struct for U2fUserFactorAllOf
+type U2fUserFactorAllOf struct {
+	Profile              *U2fUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _U2fUserFactorAllOf U2fUserFactorAllOf
+
+// NewU2fUserFactorAllOf instantiates a new U2fUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewU2fUserFactorAllOf() *U2fUserFactorAllOf {
+	this := U2fUserFactorAllOf{}
+	return &this
+}
+
+// NewU2fUserFactorAllOfWithDefaults instantiates a new U2fUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewU2fUserFactorAllOfWithDefaults() *U2fUserFactorAllOf {
+	this := U2fUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *U2fUserFactorAllOf) GetProfile() U2fUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret U2fUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *U2fUserFactorAllOf) GetProfileOk() (*U2fUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *U2fUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given U2fUserFactorProfile and assigns it to the Profile field.
+func (o *U2fUserFactorAllOf) SetProfile(v U2fUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o U2fUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *U2fUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varU2fUserFactorAllOf := _U2fUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varU2fUserFactorAllOf)
+	if err == nil {
+		*o = U2fUserFactorAllOf(varU2fUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableU2fUserFactorAllOf struct {
+	value *U2fUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableU2fUserFactorAllOf) Get() *U2fUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableU2fUserFactorAllOf) Set(val *U2fUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableU2fUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableU2fUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableU2fUserFactorAllOf(val *U2fUserFactorAllOf) *NullableU2fUserFactorAllOf {
+	return &NullableU2fUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableU2fUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableU2fUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_u2f_user_factor_profile.go b/okta/model_u2f_user_factor_profile.go
new file mode 100644
index 000000000..d146a212a
--- /dev/null
+++ b/okta/model_u2f_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// U2fUserFactorProfile struct for U2fUserFactorProfile
+type U2fUserFactorProfile struct {
+	CredentialId         *string `json:"credentialId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _U2fUserFactorProfile U2fUserFactorProfile
+
+// NewU2fUserFactorProfile instantiates a new U2fUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewU2fUserFactorProfile() *U2fUserFactorProfile {
+	this := U2fUserFactorProfile{}
+	return &this
+}
+
+// NewU2fUserFactorProfileWithDefaults instantiates a new U2fUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewU2fUserFactorProfileWithDefaults() *U2fUserFactorProfile {
+	this := U2fUserFactorProfile{}
+	return &this
+}
+
+// GetCredentialId returns the CredentialId field value if set, zero value otherwise.
+func (o *U2fUserFactorProfile) GetCredentialId() string {
+	if o == nil || o.CredentialId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CredentialId
+}
+
+// GetCredentialIdOk returns a tuple with the CredentialId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *U2fUserFactorProfile) GetCredentialIdOk() (*string, bool) {
+	if o == nil || o.CredentialId == nil {
+		return nil, false
+	}
+	return o.CredentialId, true
+}
+
+// HasCredentialId returns a boolean if a field has been set.
+func (o *U2fUserFactorProfile) HasCredentialId() bool {
+	if o != nil && o.CredentialId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialId gets a reference to the given string and assigns it to the CredentialId field.
+func (o *U2fUserFactorProfile) SetCredentialId(v string) {
+	o.CredentialId = &v
+}
+
+func (o U2fUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CredentialId != nil {
+		toSerialize["credentialId"] = o.CredentialId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *U2fUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varU2fUserFactorProfile := _U2fUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varU2fUserFactorProfile)
+	if err == nil {
+		*o = U2fUserFactorProfile(varU2fUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentialId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableU2fUserFactorProfile struct {
+	value *U2fUserFactorProfile
+	isSet bool
+}
+
+func (v NullableU2fUserFactorProfile) Get() *U2fUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableU2fUserFactorProfile) Set(val *U2fUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableU2fUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableU2fUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableU2fUserFactorProfile(val *U2fUserFactorProfile) *NullableU2fUserFactorProfile {
+	return &NullableU2fUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableU2fUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableU2fUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_update_domain.go b/okta/model_update_domain.go
new file mode 100644
index 000000000..9f2d83fa6
--- /dev/null
+++ b/okta/model_update_domain.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UpdateDomain struct for UpdateDomain
+type UpdateDomain struct {
+	BrandId              *string `json:"brandId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UpdateDomain UpdateDomain
+
+// NewUpdateDomain instantiates a new UpdateDomain object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUpdateDomain() *UpdateDomain {
+	this := UpdateDomain{}
+	return &this
+}
+
+// NewUpdateDomainWithDefaults instantiates a new UpdateDomain object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUpdateDomainWithDefaults() *UpdateDomain {
+	this := UpdateDomain{}
+	return &this
+}
+
+// GetBrandId returns the BrandId field value if set, zero value otherwise.
+func (o *UpdateDomain) GetBrandId() string {
+	if o == nil || o.BrandId == nil {
+		var ret string
+		return ret
+	}
+	return *o.BrandId
+}
+
+// GetBrandIdOk returns a tuple with the BrandId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UpdateDomain) GetBrandIdOk() (*string, bool) {
+	if o == nil || o.BrandId == nil {
+		return nil, false
+	}
+	return o.BrandId, true
+}
+
+// HasBrandId returns a boolean if a field has been set.
+func (o *UpdateDomain) HasBrandId() bool {
+	if o != nil && o.BrandId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBrandId gets a reference to the given string and assigns it to the BrandId field.
+func (o *UpdateDomain) SetBrandId(v string) {
+	o.BrandId = &v
+}
+
+func (o UpdateDomain) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.BrandId != nil {
+		toSerialize["brandId"] = o.BrandId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UpdateDomain) UnmarshalJSON(bytes []byte) (err error) {
+	varUpdateDomain := _UpdateDomain{}
+
+	err = json.Unmarshal(bytes, &varUpdateDomain)
+	if err == nil {
+		*o = UpdateDomain(varUpdateDomain)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "brandId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUpdateDomain struct {
+	value *UpdateDomain
+	isSet bool
+}
+
+func (v NullableUpdateDomain) Get() *UpdateDomain {
+	return v.value
+}
+
+func (v *NullableUpdateDomain) Set(val *UpdateDomain) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUpdateDomain) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUpdateDomain) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUpdateDomain(val *UpdateDomain) *NullableUpdateDomain {
+	return &NullableUpdateDomain{value: val, isSet: true}
+}
+
+func (v NullableUpdateDomain) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUpdateDomain) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_update_email_domain.go b/okta/model_update_email_domain.go
new file mode 100644
index 000000000..376ee2a3d
--- /dev/null
+++ b/okta/model_update_email_domain.go
@@ -0,0 +1,181 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UpdateEmailDomain struct for UpdateEmailDomain
+type UpdateEmailDomain struct {
+	DisplayName          string `json:"displayName"`
+	UserName             string `json:"userName"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UpdateEmailDomain UpdateEmailDomain
+
+// NewUpdateEmailDomain instantiates a new UpdateEmailDomain object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUpdateEmailDomain(displayName string, userName string) *UpdateEmailDomain {
+	this := UpdateEmailDomain{}
+	this.DisplayName = displayName
+	this.UserName = userName
+	return &this
+}
+
+// NewUpdateEmailDomainWithDefaults instantiates a new UpdateEmailDomain object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUpdateEmailDomainWithDefaults() *UpdateEmailDomain {
+	this := UpdateEmailDomain{}
+	return &this
+}
+
+// GetDisplayName returns the DisplayName field value
+func (o *UpdateEmailDomain) GetDisplayName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value
+// and a boolean to check if the value has been set.
+func (o *UpdateEmailDomain) GetDisplayNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.DisplayName, true
+}
+
+// SetDisplayName sets field value
+func (o *UpdateEmailDomain) SetDisplayName(v string) {
+	o.DisplayName = v
+}
+
+// GetUserName returns the UserName field value
+func (o *UpdateEmailDomain) GetUserName() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.UserName
+}
+
+// GetUserNameOk returns a tuple with the UserName field value
+// and a boolean to check if the value has been set.
+func (o *UpdateEmailDomain) GetUserNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.UserName, true
+}
+
+// SetUserName sets field value
+func (o *UpdateEmailDomain) SetUserName(v string) {
+	o.UserName = v
+}
+
+func (o UpdateEmailDomain) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if true {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if true {
+		toSerialize["userName"] = o.UserName
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UpdateEmailDomain) UnmarshalJSON(bytes []byte) (err error) {
+	varUpdateEmailDomain := _UpdateEmailDomain{}
+
+	err = json.Unmarshal(bytes, &varUpdateEmailDomain)
+	if err == nil {
+		*o = UpdateEmailDomain(varUpdateEmailDomain)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "userName")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUpdateEmailDomain struct {
+	value *UpdateEmailDomain
+	isSet bool
+}
+
+func (v NullableUpdateEmailDomain) Get() *UpdateEmailDomain {
+	return v.value
+}
+
+func (v *NullableUpdateEmailDomain) Set(val *UpdateEmailDomain) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUpdateEmailDomain) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUpdateEmailDomain) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUpdateEmailDomain(val *UpdateEmailDomain) *NullableUpdateEmailDomain {
+	return &NullableUpdateEmailDomain{value: val, isSet: true}
+}
+
+func (v NullableUpdateEmailDomain) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUpdateEmailDomain) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_update_user_request.go b/okta/model_update_user_request.go
new file mode 100644
index 000000000..64b9b677a
--- /dev/null
+++ b/okta/model_update_user_request.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UpdateUserRequest struct for UpdateUserRequest
+type UpdateUserRequest struct {
+	Credentials          *UserCredentials `json:"credentials,omitempty"`
+	Profile              *UserProfile     `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UpdateUserRequest UpdateUserRequest
+
+// NewUpdateUserRequest instantiates a new UpdateUserRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUpdateUserRequest() *UpdateUserRequest {
+	this := UpdateUserRequest{}
+	return &this
+}
+
+// NewUpdateUserRequestWithDefaults instantiates a new UpdateUserRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUpdateUserRequestWithDefaults() *UpdateUserRequest {
+	this := UpdateUserRequest{}
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *UpdateUserRequest) GetCredentials() UserCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret UserCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UpdateUserRequest) GetCredentialsOk() (*UserCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *UpdateUserRequest) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given UserCredentials and assigns it to the Credentials field.
+func (o *UpdateUserRequest) SetCredentials(v UserCredentials) {
+	o.Credentials = &v
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *UpdateUserRequest) GetProfile() UserProfile {
+	if o == nil || o.Profile == nil {
+		var ret UserProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UpdateUserRequest) GetProfileOk() (*UserProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *UpdateUserRequest) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given UserProfile and assigns it to the Profile field.
+func (o *UpdateUserRequest) SetProfile(v UserProfile) {
+	o.Profile = &v
+}
+
+func (o UpdateUserRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UpdateUserRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varUpdateUserRequest := _UpdateUserRequest{}
+
+	err = json.Unmarshal(bytes, &varUpdateUserRequest)
+	if err == nil {
+		*o = UpdateUserRequest(varUpdateUserRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUpdateUserRequest struct {
+	value *UpdateUserRequest
+	isSet bool
+}
+
+func (v NullableUpdateUserRequest) Get() *UpdateUserRequest {
+	return v.value
+}
+
+func (v *NullableUpdateUserRequest) Set(val *UpdateUserRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUpdateUserRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUpdateUserRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUpdateUserRequest(val *UpdateUserRequest) *NullableUpdateUserRequest {
+	return &NullableUpdateUserRequest{value: val, isSet: true}
+}
+
+func (v NullableUpdateUserRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUpdateUserRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user.go b/okta/model_user.go
new file mode 100644
index 000000000..9f3934a89
--- /dev/null
+++ b/okta/model_user.go
@@ -0,0 +1,684 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// User struct for User
+type User struct {
+	Activated             NullableTime                      `json:"activated,omitempty"`
+	Created               *time.Time                        `json:"created,omitempty"`
+	Credentials           *UserCredentials                  `json:"credentials,omitempty"`
+	Id                    *string                           `json:"id,omitempty"`
+	LastLogin             NullableTime                      `json:"lastLogin,omitempty"`
+	LastUpdated           *time.Time                        `json:"lastUpdated,omitempty"`
+	PasswordChanged       NullableTime                      `json:"passwordChanged,omitempty"`
+	Profile               *UserProfile                      `json:"profile,omitempty"`
+	Status                *UserStatus                       `json:"status,omitempty"`
+	StatusChanged         NullableTime                      `json:"statusChanged,omitempty"`
+	TransitioningToStatus *UserStatus                       `json:"transitioningToStatus,omitempty"`
+	Type                  *UserType                         `json:"type,omitempty"`
+	Embedded              map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                 map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties  map[string]interface{}
+}
+
+type _User User
+
+// NewUser instantiates a new User object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUser() *User {
+	this := User{}
+	return &this
+}
+
+// NewUserWithDefaults instantiates a new User object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserWithDefaults() *User {
+	this := User{}
+	return &this
+}
+
+// GetActivated returns the Activated field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *User) GetActivated() time.Time {
+	if o == nil || o.Activated.Get() == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Activated.Get()
+}
+
+// GetActivatedOk returns a tuple with the Activated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *User) GetActivatedOk() (*time.Time, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.Activated.Get(), o.Activated.IsSet()
+}
+
+// HasActivated returns a boolean if a field has been set.
+func (o *User) HasActivated() bool {
+	if o != nil && o.Activated.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetActivated gets a reference to the given NullableTime and assigns it to the Activated field.
+func (o *User) SetActivated(v time.Time) {
+	o.Activated.Set(&v)
+}
+
+// SetActivatedNil sets the value for Activated to be an explicit nil
+func (o *User) SetActivatedNil() {
+	o.Activated.Set(nil)
+}
+
+// UnsetActivated ensures that no value is present for Activated, not even an explicit nil
+func (o *User) UnsetActivated() {
+	o.Activated.Unset()
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *User) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *User) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *User) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *User) GetCredentials() UserCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret UserCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetCredentialsOk() (*UserCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *User) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given UserCredentials and assigns it to the Credentials field.
+func (o *User) SetCredentials(v UserCredentials) {
+	o.Credentials = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *User) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *User) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *User) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastLogin returns the LastLogin field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *User) GetLastLogin() time.Time {
+	if o == nil || o.LastLogin.Get() == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastLogin.Get()
+}
+
+// GetLastLoginOk returns a tuple with the LastLogin field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *User) GetLastLoginOk() (*time.Time, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.LastLogin.Get(), o.LastLogin.IsSet()
+}
+
+// HasLastLogin returns a boolean if a field has been set.
+func (o *User) HasLastLogin() bool {
+	if o != nil && o.LastLogin.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetLastLogin gets a reference to the given NullableTime and assigns it to the LastLogin field.
+func (o *User) SetLastLogin(v time.Time) {
+	o.LastLogin.Set(&v)
+}
+
+// SetLastLoginNil sets the value for LastLogin to be an explicit nil
+func (o *User) SetLastLoginNil() {
+	o.LastLogin.Set(nil)
+}
+
+// UnsetLastLogin ensures that no value is present for LastLogin, not even an explicit nil
+func (o *User) UnsetLastLogin() {
+	o.LastLogin.Unset()
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *User) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *User) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *User) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetPasswordChanged returns the PasswordChanged field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *User) GetPasswordChanged() time.Time {
+	if o == nil || o.PasswordChanged.Get() == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.PasswordChanged.Get()
+}
+
+// GetPasswordChangedOk returns a tuple with the PasswordChanged field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *User) GetPasswordChangedOk() (*time.Time, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.PasswordChanged.Get(), o.PasswordChanged.IsSet()
+}
+
+// HasPasswordChanged returns a boolean if a field has been set.
+func (o *User) HasPasswordChanged() bool {
+	if o != nil && o.PasswordChanged.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordChanged gets a reference to the given NullableTime and assigns it to the PasswordChanged field.
+func (o *User) SetPasswordChanged(v time.Time) {
+	o.PasswordChanged.Set(&v)
+}
+
+// SetPasswordChangedNil sets the value for PasswordChanged to be an explicit nil
+func (o *User) SetPasswordChangedNil() {
+	o.PasswordChanged.Set(nil)
+}
+
+// UnsetPasswordChanged ensures that no value is present for PasswordChanged, not even an explicit nil
+func (o *User) UnsetPasswordChanged() {
+	o.PasswordChanged.Unset()
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *User) GetProfile() UserProfile {
+	if o == nil || o.Profile == nil {
+		var ret UserProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetProfileOk() (*UserProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *User) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given UserProfile and assigns it to the Profile field.
+func (o *User) SetProfile(v UserProfile) {
+	o.Profile = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *User) GetStatus() UserStatus {
+	if o == nil || o.Status == nil {
+		var ret UserStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetStatusOk() (*UserStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *User) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given UserStatus and assigns it to the Status field.
+func (o *User) SetStatus(v UserStatus) {
+	o.Status = &v
+}
+
+// GetStatusChanged returns the StatusChanged field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *User) GetStatusChanged() time.Time {
+	if o == nil || o.StatusChanged.Get() == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.StatusChanged.Get()
+}
+
+// GetStatusChangedOk returns a tuple with the StatusChanged field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *User) GetStatusChangedOk() (*time.Time, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.StatusChanged.Get(), o.StatusChanged.IsSet()
+}
+
+// HasStatusChanged returns a boolean if a field has been set.
+func (o *User) HasStatusChanged() bool {
+	if o != nil && o.StatusChanged.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetStatusChanged gets a reference to the given NullableTime and assigns it to the StatusChanged field.
+func (o *User) SetStatusChanged(v time.Time) {
+	o.StatusChanged.Set(&v)
+}
+
+// SetStatusChangedNil sets the value for StatusChanged to be an explicit nil
+func (o *User) SetStatusChangedNil() {
+	o.StatusChanged.Set(nil)
+}
+
+// UnsetStatusChanged ensures that no value is present for StatusChanged, not even an explicit nil
+func (o *User) UnsetStatusChanged() {
+	o.StatusChanged.Unset()
+}
+
+// GetTransitioningToStatus returns the TransitioningToStatus field value if set, zero value otherwise.
+func (o *User) GetTransitioningToStatus() UserStatus {
+	if o == nil || o.TransitioningToStatus == nil {
+		var ret UserStatus
+		return ret
+	}
+	return *o.TransitioningToStatus
+}
+
+// GetTransitioningToStatusOk returns a tuple with the TransitioningToStatus field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetTransitioningToStatusOk() (*UserStatus, bool) {
+	if o == nil || o.TransitioningToStatus == nil {
+		return nil, false
+	}
+	return o.TransitioningToStatus, true
+}
+
+// HasTransitioningToStatus returns a boolean if a field has been set.
+func (o *User) HasTransitioningToStatus() bool {
+	if o != nil && o.TransitioningToStatus != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTransitioningToStatus gets a reference to the given UserStatus and assigns it to the TransitioningToStatus field.
+func (o *User) SetTransitioningToStatus(v UserStatus) {
+	o.TransitioningToStatus = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *User) GetType() UserType {
+	if o == nil || o.Type == nil {
+		var ret UserType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetTypeOk() (*UserType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *User) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given UserType and assigns it to the Type field.
+func (o *User) SetType(v UserType) {
+	o.Type = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *User) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *User) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *User) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *User) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *User) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *User) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *User) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o User) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Activated.IsSet() {
+		toSerialize["activated"] = o.Activated.Get()
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastLogin.IsSet() {
+		toSerialize["lastLogin"] = o.LastLogin.Get()
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.PasswordChanged.IsSet() {
+		toSerialize["passwordChanged"] = o.PasswordChanged.Get()
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.StatusChanged.IsSet() {
+		toSerialize["statusChanged"] = o.StatusChanged.Get()
+	}
+	if o.TransitioningToStatus != nil {
+		toSerialize["transitioningToStatus"] = o.TransitioningToStatus
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *User) UnmarshalJSON(bytes []byte) (err error) {
+	varUser := _User{}
+
+	err = json.Unmarshal(bytes, &varUser)
+	if err == nil {
+		*o = User(varUser)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "activated")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastLogin")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "passwordChanged")
+		delete(additionalProperties, "profile")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "statusChanged")
+		delete(additionalProperties, "transitioningToStatus")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUser struct {
+	value *User
+	isSet bool
+}
+
+func (v NullableUser) Get() *User {
+	return v.value
+}
+
+func (v *NullableUser) Set(val *User) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUser) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUser) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUser(val *User) *NullableUser {
+	return &NullableUser{value: val, isSet: true}
+}
+
+func (v NullableUser) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUser) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_activation_token.go b/okta/model_user_activation_token.go
new file mode 100644
index 000000000..36d151751
--- /dev/null
+++ b/okta/model_user_activation_token.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserActivationToken struct for UserActivationToken
+type UserActivationToken struct {
+	ActivationToken      *string `json:"activationToken,omitempty"`
+	ActivationUrl        *string `json:"activationUrl,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserActivationToken UserActivationToken
+
+// NewUserActivationToken instantiates a new UserActivationToken object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserActivationToken() *UserActivationToken {
+	this := UserActivationToken{}
+	return &this
+}
+
+// NewUserActivationTokenWithDefaults instantiates a new UserActivationToken object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserActivationTokenWithDefaults() *UserActivationToken {
+	this := UserActivationToken{}
+	return &this
+}
+
+// GetActivationToken returns the ActivationToken field value if set, zero value otherwise.
+func (o *UserActivationToken) GetActivationToken() string {
+	if o == nil || o.ActivationToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.ActivationToken
+}
+
+// GetActivationTokenOk returns a tuple with the ActivationToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserActivationToken) GetActivationTokenOk() (*string, bool) {
+	if o == nil || o.ActivationToken == nil {
+		return nil, false
+	}
+	return o.ActivationToken, true
+}
+
+// HasActivationToken returns a boolean if a field has been set.
+func (o *UserActivationToken) HasActivationToken() bool {
+	if o != nil && o.ActivationToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActivationToken gets a reference to the given string and assigns it to the ActivationToken field.
+func (o *UserActivationToken) SetActivationToken(v string) {
+	o.ActivationToken = &v
+}
+
+// GetActivationUrl returns the ActivationUrl field value if set, zero value otherwise.
+func (o *UserActivationToken) GetActivationUrl() string {
+	if o == nil || o.ActivationUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.ActivationUrl
+}
+
+// GetActivationUrlOk returns a tuple with the ActivationUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserActivationToken) GetActivationUrlOk() (*string, bool) {
+	if o == nil || o.ActivationUrl == nil {
+		return nil, false
+	}
+	return o.ActivationUrl, true
+}
+
+// HasActivationUrl returns a boolean if a field has been set.
+func (o *UserActivationToken) HasActivationUrl() bool {
+	if o != nil && o.ActivationUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActivationUrl gets a reference to the given string and assigns it to the ActivationUrl field.
+func (o *UserActivationToken) SetActivationUrl(v string) {
+	o.ActivationUrl = &v
+}
+
+func (o UserActivationToken) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ActivationToken != nil {
+		toSerialize["activationToken"] = o.ActivationToken
+	}
+	if o.ActivationUrl != nil {
+		toSerialize["activationUrl"] = o.ActivationUrl
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserActivationToken) UnmarshalJSON(bytes []byte) (err error) {
+	varUserActivationToken := _UserActivationToken{}
+
+	err = json.Unmarshal(bytes, &varUserActivationToken)
+	if err == nil {
+		*o = UserActivationToken(varUserActivationToken)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "activationToken")
+		delete(additionalProperties, "activationUrl")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserActivationToken struct {
+	value *UserActivationToken
+	isSet bool
+}
+
+func (v NullableUserActivationToken) Get() *UserActivationToken {
+	return v.value
+}
+
+func (v *NullableUserActivationToken) Set(val *UserActivationToken) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserActivationToken) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserActivationToken) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserActivationToken(val *UserActivationToken) *NullableUserActivationToken {
+	return &NullableUserActivationToken{value: val, isSet: true}
+}
+
+func (v NullableUserActivationToken) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserActivationToken) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_block.go b/okta/model_user_block.go
new file mode 100644
index 000000000..32e64a919
--- /dev/null
+++ b/okta/model_user_block.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserBlock struct for UserBlock
+type UserBlock struct {
+	AppliesTo            *string `json:"appliesTo,omitempty"`
+	Type                 *string `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserBlock UserBlock
+
+// NewUserBlock instantiates a new UserBlock object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserBlock() *UserBlock {
+	this := UserBlock{}
+	return &this
+}
+
+// NewUserBlockWithDefaults instantiates a new UserBlock object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserBlockWithDefaults() *UserBlock {
+	this := UserBlock{}
+	return &this
+}
+
+// GetAppliesTo returns the AppliesTo field value if set, zero value otherwise.
+func (o *UserBlock) GetAppliesTo() string {
+	if o == nil || o.AppliesTo == nil {
+		var ret string
+		return ret
+	}
+	return *o.AppliesTo
+}
+
+// GetAppliesToOk returns a tuple with the AppliesTo field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserBlock) GetAppliesToOk() (*string, bool) {
+	if o == nil || o.AppliesTo == nil {
+		return nil, false
+	}
+	return o.AppliesTo, true
+}
+
+// HasAppliesTo returns a boolean if a field has been set.
+func (o *UserBlock) HasAppliesTo() bool {
+	if o != nil && o.AppliesTo != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAppliesTo gets a reference to the given string and assigns it to the AppliesTo field.
+func (o *UserBlock) SetAppliesTo(v string) {
+	o.AppliesTo = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserBlock) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserBlock) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserBlock) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *UserBlock) SetType(v string) {
+	o.Type = &v
+}
+
+func (o UserBlock) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AppliesTo != nil {
+		toSerialize["appliesTo"] = o.AppliesTo
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserBlock) UnmarshalJSON(bytes []byte) (err error) {
+	varUserBlock := _UserBlock{}
+
+	err = json.Unmarshal(bytes, &varUserBlock)
+	if err == nil {
+		*o = UserBlock(varUserBlock)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "appliesTo")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserBlock struct {
+	value *UserBlock
+	isSet bool
+}
+
+func (v NullableUserBlock) Get() *UserBlock {
+	return v.value
+}
+
+func (v *NullableUserBlock) Set(val *UserBlock) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserBlock) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserBlock) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserBlock(val *UserBlock) *NullableUserBlock {
+	return &NullableUserBlock{value: val, isSet: true}
+}
+
+func (v NullableUserBlock) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserBlock) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_condition.go b/okta/model_user_condition.go
new file mode 100644
index 000000000..af4e6b618
--- /dev/null
+++ b/okta/model_user_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserCondition struct for UserCondition
+type UserCondition struct {
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserCondition UserCondition
+
+// NewUserCondition instantiates a new UserCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserCondition() *UserCondition {
+	this := UserCondition{}
+	return &this
+}
+
+// NewUserConditionWithDefaults instantiates a new UserCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserConditionWithDefaults() *UserCondition {
+	this := UserCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *UserCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *UserCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *UserCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *UserCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *UserCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *UserCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o UserCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varUserCondition := _UserCondition{}
+
+	err = json.Unmarshal(bytes, &varUserCondition)
+	if err == nil {
+		*o = UserCondition(varUserCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserCondition struct {
+	value *UserCondition
+	isSet bool
+}
+
+func (v NullableUserCondition) Get() *UserCondition {
+	return v.value
+}
+
+func (v *NullableUserCondition) Set(val *UserCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserCondition(val *UserCondition) *NullableUserCondition {
+	return &NullableUserCondition{value: val, isSet: true}
+}
+
+func (v NullableUserCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_credentials.go b/okta/model_user_credentials.go
new file mode 100644
index 000000000..5cc324a11
--- /dev/null
+++ b/okta/model_user_credentials.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserCredentials struct for UserCredentials
+type UserCredentials struct {
+	Password             *PasswordCredential         `json:"password,omitempty"`
+	Provider             *AuthenticationProvider     `json:"provider,omitempty"`
+	RecoveryQuestion     *RecoveryQuestionCredential `json:"recovery_question,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserCredentials UserCredentials
+
+// NewUserCredentials instantiates a new UserCredentials object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserCredentials() *UserCredentials {
+	this := UserCredentials{}
+	return &this
+}
+
+// NewUserCredentialsWithDefaults instantiates a new UserCredentials object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserCredentialsWithDefaults() *UserCredentials {
+	this := UserCredentials{}
+	return &this
+}
+
+// GetPassword returns the Password field value if set, zero value otherwise.
+func (o *UserCredentials) GetPassword() PasswordCredential {
+	if o == nil || o.Password == nil {
+		var ret PasswordCredential
+		return ret
+	}
+	return *o.Password
+}
+
+// GetPasswordOk returns a tuple with the Password field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserCredentials) GetPasswordOk() (*PasswordCredential, bool) {
+	if o == nil || o.Password == nil {
+		return nil, false
+	}
+	return o.Password, true
+}
+
+// HasPassword returns a boolean if a field has been set.
+func (o *UserCredentials) HasPassword() bool {
+	if o != nil && o.Password != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassword gets a reference to the given PasswordCredential and assigns it to the Password field.
+func (o *UserCredentials) SetPassword(v PasswordCredential) {
+	o.Password = &v
+}
+
+// GetProvider returns the Provider field value if set, zero value otherwise.
+func (o *UserCredentials) GetProvider() AuthenticationProvider {
+	if o == nil || o.Provider == nil {
+		var ret AuthenticationProvider
+		return ret
+	}
+	return *o.Provider
+}
+
+// GetProviderOk returns a tuple with the Provider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserCredentials) GetProviderOk() (*AuthenticationProvider, bool) {
+	if o == nil || o.Provider == nil {
+		return nil, false
+	}
+	return o.Provider, true
+}
+
+// HasProvider returns a boolean if a field has been set.
+func (o *UserCredentials) HasProvider() bool {
+	if o != nil && o.Provider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProvider gets a reference to the given AuthenticationProvider and assigns it to the Provider field.
+func (o *UserCredentials) SetProvider(v AuthenticationProvider) {
+	o.Provider = &v
+}
+
+// GetRecoveryQuestion returns the RecoveryQuestion field value if set, zero value otherwise.
+func (o *UserCredentials) GetRecoveryQuestion() RecoveryQuestionCredential {
+	if o == nil || o.RecoveryQuestion == nil {
+		var ret RecoveryQuestionCredential
+		return ret
+	}
+	return *o.RecoveryQuestion
+}
+
+// GetRecoveryQuestionOk returns a tuple with the RecoveryQuestion field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserCredentials) GetRecoveryQuestionOk() (*RecoveryQuestionCredential, bool) {
+	if o == nil || o.RecoveryQuestion == nil {
+		return nil, false
+	}
+	return o.RecoveryQuestion, true
+}
+
+// HasRecoveryQuestion returns a boolean if a field has been set.
+func (o *UserCredentials) HasRecoveryQuestion() bool {
+	if o != nil && o.RecoveryQuestion != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRecoveryQuestion gets a reference to the given RecoveryQuestionCredential and assigns it to the RecoveryQuestion field.
+func (o *UserCredentials) SetRecoveryQuestion(v RecoveryQuestionCredential) {
+	o.RecoveryQuestion = &v
+}
+
+func (o UserCredentials) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Password != nil {
+		toSerialize["password"] = o.Password
+	}
+	if o.Provider != nil {
+		toSerialize["provider"] = o.Provider
+	}
+	if o.RecoveryQuestion != nil {
+		toSerialize["recovery_question"] = o.RecoveryQuestion
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserCredentials) UnmarshalJSON(bytes []byte) (err error) {
+	varUserCredentials := _UserCredentials{}
+
+	err = json.Unmarshal(bytes, &varUserCredentials)
+	if err == nil {
+		*o = UserCredentials(varUserCredentials)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "password")
+		delete(additionalProperties, "provider")
+		delete(additionalProperties, "recovery_question")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserCredentials struct {
+	value *UserCredentials
+	isSet bool
+}
+
+func (v NullableUserCredentials) Get() *UserCredentials {
+	return v.value
+}
+
+func (v *NullableUserCredentials) Set(val *UserCredentials) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserCredentials) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserCredentials) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserCredentials(val *UserCredentials) *NullableUserCredentials {
+	return &NullableUserCredentials{value: val, isSet: true}
+}
+
+func (v NullableUserCredentials) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserCredentials) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_factor.go b/okta/model_user_factor.go
new file mode 100644
index 000000000..a472d2df8
--- /dev/null
+++ b/okta/model_user_factor.go
@@ -0,0 +1,455 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// UserFactor struct for UserFactor
+type UserFactor struct {
+	Created              *time.Time                        `json:"created,omitempty"`
+	FactorType           *FactorType                       `json:"factorType,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	Provider             *FactorProvider                   `json:"provider,omitempty"`
+	Status               *FactorStatus                     `json:"status,omitempty"`
+	Verify               *VerifyFactorRequest              `json:"verify,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserFactor UserFactor
+
+// NewUserFactor instantiates a new UserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserFactor() *UserFactor {
+	this := UserFactor{}
+	return &this
+}
+
+// NewUserFactorWithDefaults instantiates a new UserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserFactorWithDefaults() *UserFactor {
+	this := UserFactor{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *UserFactor) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *UserFactor) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *UserFactor) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetFactorType returns the FactorType field value if set, zero value otherwise.
+func (o *UserFactor) GetFactorType() FactorType {
+	if o == nil || o.FactorType == nil {
+		var ret FactorType
+		return ret
+	}
+	return *o.FactorType
+}
+
+// GetFactorTypeOk returns a tuple with the FactorType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetFactorTypeOk() (*FactorType, bool) {
+	if o == nil || o.FactorType == nil {
+		return nil, false
+	}
+	return o.FactorType, true
+}
+
+// HasFactorType returns a boolean if a field has been set.
+func (o *UserFactor) HasFactorType() bool {
+	if o != nil && o.FactorType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorType gets a reference to the given FactorType and assigns it to the FactorType field.
+func (o *UserFactor) SetFactorType(v FactorType) {
+	o.FactorType = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *UserFactor) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *UserFactor) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *UserFactor) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *UserFactor) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *UserFactor) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *UserFactor) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetProvider returns the Provider field value if set, zero value otherwise.
+func (o *UserFactor) GetProvider() FactorProvider {
+	if o == nil || o.Provider == nil {
+		var ret FactorProvider
+		return ret
+	}
+	return *o.Provider
+}
+
+// GetProviderOk returns a tuple with the Provider field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetProviderOk() (*FactorProvider, bool) {
+	if o == nil || o.Provider == nil {
+		return nil, false
+	}
+	return o.Provider, true
+}
+
+// HasProvider returns a boolean if a field has been set.
+func (o *UserFactor) HasProvider() bool {
+	if o != nil && o.Provider != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProvider gets a reference to the given FactorProvider and assigns it to the Provider field.
+func (o *UserFactor) SetProvider(v FactorProvider) {
+	o.Provider = &v
+}
+
+// GetStatus returns the Status field value if set, zero value otherwise.
+func (o *UserFactor) GetStatus() FactorStatus {
+	if o == nil || o.Status == nil {
+		var ret FactorStatus
+		return ret
+	}
+	return *o.Status
+}
+
+// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetStatusOk() (*FactorStatus, bool) {
+	if o == nil || o.Status == nil {
+		return nil, false
+	}
+	return o.Status, true
+}
+
+// HasStatus returns a boolean if a field has been set.
+func (o *UserFactor) HasStatus() bool {
+	if o != nil && o.Status != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStatus gets a reference to the given FactorStatus and assigns it to the Status field.
+func (o *UserFactor) SetStatus(v FactorStatus) {
+	o.Status = &v
+}
+
+// GetVerify returns the Verify field value if set, zero value otherwise.
+func (o *UserFactor) GetVerify() VerifyFactorRequest {
+	if o == nil || o.Verify == nil {
+		var ret VerifyFactorRequest
+		return ret
+	}
+	return *o.Verify
+}
+
+// GetVerifyOk returns a tuple with the Verify field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetVerifyOk() (*VerifyFactorRequest, bool) {
+	if o == nil || o.Verify == nil {
+		return nil, false
+	}
+	return o.Verify, true
+}
+
+// HasVerify returns a boolean if a field has been set.
+func (o *UserFactor) HasVerify() bool {
+	if o != nil && o.Verify != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetVerify gets a reference to the given VerifyFactorRequest and assigns it to the Verify field.
+func (o *UserFactor) SetVerify(v VerifyFactorRequest) {
+	o.Verify = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *UserFactor) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *UserFactor) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *UserFactor) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *UserFactor) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserFactor) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *UserFactor) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *UserFactor) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o UserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.FactorType != nil {
+		toSerialize["factorType"] = o.FactorType
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Provider != nil {
+		toSerialize["provider"] = o.Provider
+	}
+	if o.Status != nil {
+		toSerialize["status"] = o.Status
+	}
+	if o.Verify != nil {
+		toSerialize["verify"] = o.Verify
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	varUserFactor := _UserFactor{}
+
+	err = json.Unmarshal(bytes, &varUserFactor)
+	if err == nil {
+		*o = UserFactor(varUserFactor)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "factorType")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "provider")
+		delete(additionalProperties, "status")
+		delete(additionalProperties, "verify")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserFactor struct {
+	value *UserFactor
+	isSet bool
+}
+
+func (v NullableUserFactor) Get() *UserFactor {
+	return v.value
+}
+
+func (v *NullableUserFactor) Set(val *UserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserFactor(val *UserFactor) *NullableUserFactor {
+	return &NullableUserFactor{value: val, isSet: true}
+}
+
+func (v NullableUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_identifier_condition_evaluator_pattern.go b/okta/model_user_identifier_condition_evaluator_pattern.go
new file mode 100644
index 000000000..afb6f3300
--- /dev/null
+++ b/okta/model_user_identifier_condition_evaluator_pattern.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserIdentifierConditionEvaluatorPattern struct for UserIdentifierConditionEvaluatorPattern
+type UserIdentifierConditionEvaluatorPattern struct {
+	MatchType            *UserIdentifierMatchType `json:"matchType,omitempty"`
+	Value                *string                  `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserIdentifierConditionEvaluatorPattern UserIdentifierConditionEvaluatorPattern
+
+// NewUserIdentifierConditionEvaluatorPattern instantiates a new UserIdentifierConditionEvaluatorPattern object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserIdentifierConditionEvaluatorPattern() *UserIdentifierConditionEvaluatorPattern {
+	this := UserIdentifierConditionEvaluatorPattern{}
+	return &this
+}
+
+// NewUserIdentifierConditionEvaluatorPatternWithDefaults instantiates a new UserIdentifierConditionEvaluatorPattern object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserIdentifierConditionEvaluatorPatternWithDefaults() *UserIdentifierConditionEvaluatorPattern {
+	this := UserIdentifierConditionEvaluatorPattern{}
+	return &this
+}
+
+// GetMatchType returns the MatchType field value if set, zero value otherwise.
+func (o *UserIdentifierConditionEvaluatorPattern) GetMatchType() UserIdentifierMatchType {
+	if o == nil || o.MatchType == nil {
+		var ret UserIdentifierMatchType
+		return ret
+	}
+	return *o.MatchType
+}
+
+// GetMatchTypeOk returns a tuple with the MatchType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserIdentifierConditionEvaluatorPattern) GetMatchTypeOk() (*UserIdentifierMatchType, bool) {
+	if o == nil || o.MatchType == nil {
+		return nil, false
+	}
+	return o.MatchType, true
+}
+
+// HasMatchType returns a boolean if a field has been set.
+func (o *UserIdentifierConditionEvaluatorPattern) HasMatchType() bool {
+	if o != nil && o.MatchType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMatchType gets a reference to the given UserIdentifierMatchType and assigns it to the MatchType field.
+func (o *UserIdentifierConditionEvaluatorPattern) SetMatchType(v UserIdentifierMatchType) {
+	o.MatchType = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *UserIdentifierConditionEvaluatorPattern) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserIdentifierConditionEvaluatorPattern) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *UserIdentifierConditionEvaluatorPattern) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *UserIdentifierConditionEvaluatorPattern) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o UserIdentifierConditionEvaluatorPattern) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.MatchType != nil {
+		toSerialize["matchType"] = o.MatchType
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserIdentifierConditionEvaluatorPattern) UnmarshalJSON(bytes []byte) (err error) {
+	varUserIdentifierConditionEvaluatorPattern := _UserIdentifierConditionEvaluatorPattern{}
+
+	err = json.Unmarshal(bytes, &varUserIdentifierConditionEvaluatorPattern)
+	if err == nil {
+		*o = UserIdentifierConditionEvaluatorPattern(varUserIdentifierConditionEvaluatorPattern)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "matchType")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserIdentifierConditionEvaluatorPattern struct {
+	value *UserIdentifierConditionEvaluatorPattern
+	isSet bool
+}
+
+func (v NullableUserIdentifierConditionEvaluatorPattern) Get() *UserIdentifierConditionEvaluatorPattern {
+	return v.value
+}
+
+func (v *NullableUserIdentifierConditionEvaluatorPattern) Set(val *UserIdentifierConditionEvaluatorPattern) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserIdentifierConditionEvaluatorPattern) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserIdentifierConditionEvaluatorPattern) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserIdentifierConditionEvaluatorPattern(val *UserIdentifierConditionEvaluatorPattern) *NullableUserIdentifierConditionEvaluatorPattern {
+	return &NullableUserIdentifierConditionEvaluatorPattern{value: val, isSet: true}
+}
+
+func (v NullableUserIdentifierConditionEvaluatorPattern) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserIdentifierConditionEvaluatorPattern) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_identifier_match_type.go b/okta/model_user_identifier_match_type.go
new file mode 100644
index 000000000..f5c955d50
--- /dev/null
+++ b/okta/model_user_identifier_match_type.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserIdentifierMatchType the model 'UserIdentifierMatchType'
+type UserIdentifierMatchType string
+
+// List of UserIdentifierMatchType
+const (
+	USERIDENTIFIERMATCHTYPE_CONTAINS    UserIdentifierMatchType = "CONTAINS"
+	USERIDENTIFIERMATCHTYPE_EQUALS      UserIdentifierMatchType = "EQUALS"
+	USERIDENTIFIERMATCHTYPE_EXPRESSION  UserIdentifierMatchType = "EXPRESSION"
+	USERIDENTIFIERMATCHTYPE_STARTS_WITH UserIdentifierMatchType = "STARTS_WITH"
+	USERIDENTIFIERMATCHTYPE_SUFFIX      UserIdentifierMatchType = "SUFFIX"
+)
+
+// All allowed values of UserIdentifierMatchType enum
+var AllowedUserIdentifierMatchTypeEnumValues = []UserIdentifierMatchType{
+	"CONTAINS",
+	"EQUALS",
+	"EXPRESSION",
+	"STARTS_WITH",
+	"SUFFIX",
+}
+
+func (v *UserIdentifierMatchType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserIdentifierMatchType(value)
+	for _, existing := range AllowedUserIdentifierMatchTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserIdentifierMatchType", value)
+}
+
+// NewUserIdentifierMatchTypeFromValue returns a pointer to a valid UserIdentifierMatchType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserIdentifierMatchTypeFromValue(v string) (*UserIdentifierMatchType, error) {
+	ev := UserIdentifierMatchType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserIdentifierMatchType: valid values are %v", v, AllowedUserIdentifierMatchTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserIdentifierMatchType) IsValid() bool {
+	for _, existing := range AllowedUserIdentifierMatchTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserIdentifierMatchType value
+func (v UserIdentifierMatchType) Ptr() *UserIdentifierMatchType {
+	return &v
+}
+
+type NullableUserIdentifierMatchType struct {
+	value *UserIdentifierMatchType
+	isSet bool
+}
+
+func (v NullableUserIdentifierMatchType) Get() *UserIdentifierMatchType {
+	return v.value
+}
+
+func (v *NullableUserIdentifierMatchType) Set(val *UserIdentifierMatchType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserIdentifierMatchType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserIdentifierMatchType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserIdentifierMatchType(val *UserIdentifierMatchType) *NullableUserIdentifierMatchType {
+	return &NullableUserIdentifierMatchType{value: val, isSet: true}
+}
+
+func (v NullableUserIdentifierMatchType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserIdentifierMatchType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_identifier_policy_rule_condition.go b/okta/model_user_identifier_policy_rule_condition.go
new file mode 100644
index 000000000..52cd3b1af
--- /dev/null
+++ b/okta/model_user_identifier_policy_rule_condition.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserIdentifierPolicyRuleCondition struct for UserIdentifierPolicyRuleCondition
+type UserIdentifierPolicyRuleCondition struct {
+	Attribute            *string                                   `json:"attribute,omitempty"`
+	Patterns             []UserIdentifierConditionEvaluatorPattern `json:"patterns,omitempty"`
+	Type                 *UserIdentifierType                       `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserIdentifierPolicyRuleCondition UserIdentifierPolicyRuleCondition
+
+// NewUserIdentifierPolicyRuleCondition instantiates a new UserIdentifierPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserIdentifierPolicyRuleCondition() *UserIdentifierPolicyRuleCondition {
+	this := UserIdentifierPolicyRuleCondition{}
+	return &this
+}
+
+// NewUserIdentifierPolicyRuleConditionWithDefaults instantiates a new UserIdentifierPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserIdentifierPolicyRuleConditionWithDefaults() *UserIdentifierPolicyRuleCondition {
+	this := UserIdentifierPolicyRuleCondition{}
+	return &this
+}
+
+// GetAttribute returns the Attribute field value if set, zero value otherwise.
+func (o *UserIdentifierPolicyRuleCondition) GetAttribute() string {
+	if o == nil || o.Attribute == nil {
+		var ret string
+		return ret
+	}
+	return *o.Attribute
+}
+
+// GetAttributeOk returns a tuple with the Attribute field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserIdentifierPolicyRuleCondition) GetAttributeOk() (*string, bool) {
+	if o == nil || o.Attribute == nil {
+		return nil, false
+	}
+	return o.Attribute, true
+}
+
+// HasAttribute returns a boolean if a field has been set.
+func (o *UserIdentifierPolicyRuleCondition) HasAttribute() bool {
+	if o != nil && o.Attribute != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAttribute gets a reference to the given string and assigns it to the Attribute field.
+func (o *UserIdentifierPolicyRuleCondition) SetAttribute(v string) {
+	o.Attribute = &v
+}
+
+// GetPatterns returns the Patterns field value if set, zero value otherwise.
+func (o *UserIdentifierPolicyRuleCondition) GetPatterns() []UserIdentifierConditionEvaluatorPattern {
+	if o == nil || o.Patterns == nil {
+		var ret []UserIdentifierConditionEvaluatorPattern
+		return ret
+	}
+	return o.Patterns
+}
+
+// GetPatternsOk returns a tuple with the Patterns field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserIdentifierPolicyRuleCondition) GetPatternsOk() ([]UserIdentifierConditionEvaluatorPattern, bool) {
+	if o == nil || o.Patterns == nil {
+		return nil, false
+	}
+	return o.Patterns, true
+}
+
+// HasPatterns returns a boolean if a field has been set.
+func (o *UserIdentifierPolicyRuleCondition) HasPatterns() bool {
+	if o != nil && o.Patterns != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPatterns gets a reference to the given []UserIdentifierConditionEvaluatorPattern and assigns it to the Patterns field.
+func (o *UserIdentifierPolicyRuleCondition) SetPatterns(v []UserIdentifierConditionEvaluatorPattern) {
+	o.Patterns = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserIdentifierPolicyRuleCondition) GetType() UserIdentifierType {
+	if o == nil || o.Type == nil {
+		var ret UserIdentifierType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserIdentifierPolicyRuleCondition) GetTypeOk() (*UserIdentifierType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserIdentifierPolicyRuleCondition) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given UserIdentifierType and assigns it to the Type field.
+func (o *UserIdentifierPolicyRuleCondition) SetType(v UserIdentifierType) {
+	o.Type = &v
+}
+
+func (o UserIdentifierPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Attribute != nil {
+		toSerialize["attribute"] = o.Attribute
+	}
+	if o.Patterns != nil {
+		toSerialize["patterns"] = o.Patterns
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserIdentifierPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varUserIdentifierPolicyRuleCondition := _UserIdentifierPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varUserIdentifierPolicyRuleCondition)
+	if err == nil {
+		*o = UserIdentifierPolicyRuleCondition(varUserIdentifierPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "attribute")
+		delete(additionalProperties, "patterns")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserIdentifierPolicyRuleCondition struct {
+	value *UserIdentifierPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableUserIdentifierPolicyRuleCondition) Get() *UserIdentifierPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableUserIdentifierPolicyRuleCondition) Set(val *UserIdentifierPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserIdentifierPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserIdentifierPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserIdentifierPolicyRuleCondition(val *UserIdentifierPolicyRuleCondition) *NullableUserIdentifierPolicyRuleCondition {
+	return &NullableUserIdentifierPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableUserIdentifierPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserIdentifierPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_identifier_type.go b/okta/model_user_identifier_type.go
new file mode 100644
index 000000000..1025a5728
--- /dev/null
+++ b/okta/model_user_identifier_type.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserIdentifierType the model 'UserIdentifierType'
+type UserIdentifierType string
+
+// List of UserIdentifierType
+const (
+	USERIDENTIFIERTYPE_ATTRIBUTE  UserIdentifierType = "ATTRIBUTE"
+	USERIDENTIFIERTYPE_IDENTIFIER UserIdentifierType = "IDENTIFIER"
+)
+
+// All allowed values of UserIdentifierType enum
+var AllowedUserIdentifierTypeEnumValues = []UserIdentifierType{
+	"ATTRIBUTE",
+	"IDENTIFIER",
+}
+
+func (v *UserIdentifierType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserIdentifierType(value)
+	for _, existing := range AllowedUserIdentifierTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserIdentifierType", value)
+}
+
+// NewUserIdentifierTypeFromValue returns a pointer to a valid UserIdentifierType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserIdentifierTypeFromValue(v string) (*UserIdentifierType, error) {
+	ev := UserIdentifierType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserIdentifierType: valid values are %v", v, AllowedUserIdentifierTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserIdentifierType) IsValid() bool {
+	for _, existing := range AllowedUserIdentifierTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserIdentifierType value
+func (v UserIdentifierType) Ptr() *UserIdentifierType {
+	return &v
+}
+
+type NullableUserIdentifierType struct {
+	value *UserIdentifierType
+	isSet bool
+}
+
+func (v NullableUserIdentifierType) Get() *UserIdentifierType {
+	return v.value
+}
+
+func (v *NullableUserIdentifierType) Set(val *UserIdentifierType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserIdentifierType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserIdentifierType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserIdentifierType(val *UserIdentifierType) *NullableUserIdentifierType {
+	return &NullableUserIdentifierType{value: val, isSet: true}
+}
+
+func (v NullableUserIdentifierType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserIdentifierType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_identity_provider_link_request.go b/okta/model_user_identity_provider_link_request.go
new file mode 100644
index 000000000..41dc51f18
--- /dev/null
+++ b/okta/model_user_identity_provider_link_request.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserIdentityProviderLinkRequest struct for UserIdentityProviderLinkRequest
+type UserIdentityProviderLinkRequest struct {
+	ExternalId           *string `json:"externalId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserIdentityProviderLinkRequest UserIdentityProviderLinkRequest
+
+// NewUserIdentityProviderLinkRequest instantiates a new UserIdentityProviderLinkRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserIdentityProviderLinkRequest() *UserIdentityProviderLinkRequest {
+	this := UserIdentityProviderLinkRequest{}
+	return &this
+}
+
+// NewUserIdentityProviderLinkRequestWithDefaults instantiates a new UserIdentityProviderLinkRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserIdentityProviderLinkRequestWithDefaults() *UserIdentityProviderLinkRequest {
+	this := UserIdentityProviderLinkRequest{}
+	return &this
+}
+
+// GetExternalId returns the ExternalId field value if set, zero value otherwise.
+func (o *UserIdentityProviderLinkRequest) GetExternalId() string {
+	if o == nil || o.ExternalId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalId
+}
+
+// GetExternalIdOk returns a tuple with the ExternalId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserIdentityProviderLinkRequest) GetExternalIdOk() (*string, bool) {
+	if o == nil || o.ExternalId == nil {
+		return nil, false
+	}
+	return o.ExternalId, true
+}
+
+// HasExternalId returns a boolean if a field has been set.
+func (o *UserIdentityProviderLinkRequest) HasExternalId() bool {
+	if o != nil && o.ExternalId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalId gets a reference to the given string and assigns it to the ExternalId field.
+func (o *UserIdentityProviderLinkRequest) SetExternalId(v string) {
+	o.ExternalId = &v
+}
+
+func (o UserIdentityProviderLinkRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExternalId != nil {
+		toSerialize["externalId"] = o.ExternalId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserIdentityProviderLinkRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varUserIdentityProviderLinkRequest := _UserIdentityProviderLinkRequest{}
+
+	err = json.Unmarshal(bytes, &varUserIdentityProviderLinkRequest)
+	if err == nil {
+		*o = UserIdentityProviderLinkRequest(varUserIdentityProviderLinkRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "externalId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserIdentityProviderLinkRequest struct {
+	value *UserIdentityProviderLinkRequest
+	isSet bool
+}
+
+func (v NullableUserIdentityProviderLinkRequest) Get() *UserIdentityProviderLinkRequest {
+	return v.value
+}
+
+func (v *NullableUserIdentityProviderLinkRequest) Set(val *UserIdentityProviderLinkRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserIdentityProviderLinkRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserIdentityProviderLinkRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserIdentityProviderLinkRequest(val *UserIdentityProviderLinkRequest) *NullableUserIdentityProviderLinkRequest {
+	return &NullableUserIdentityProviderLinkRequest{value: val, isSet: true}
+}
+
+func (v NullableUserIdentityProviderLinkRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserIdentityProviderLinkRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_lifecycle_attribute_policy_rule_condition.go b/okta/model_user_lifecycle_attribute_policy_rule_condition.go
new file mode 100644
index 000000000..bd4b784b1
--- /dev/null
+++ b/okta/model_user_lifecycle_attribute_policy_rule_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserLifecycleAttributePolicyRuleCondition struct for UserLifecycleAttributePolicyRuleCondition
+type UserLifecycleAttributePolicyRuleCondition struct {
+	AttributeName        *string `json:"attributeName,omitempty"`
+	MatchingValue        *string `json:"matchingValue,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserLifecycleAttributePolicyRuleCondition UserLifecycleAttributePolicyRuleCondition
+
+// NewUserLifecycleAttributePolicyRuleCondition instantiates a new UserLifecycleAttributePolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserLifecycleAttributePolicyRuleCondition() *UserLifecycleAttributePolicyRuleCondition {
+	this := UserLifecycleAttributePolicyRuleCondition{}
+	return &this
+}
+
+// NewUserLifecycleAttributePolicyRuleConditionWithDefaults instantiates a new UserLifecycleAttributePolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserLifecycleAttributePolicyRuleConditionWithDefaults() *UserLifecycleAttributePolicyRuleCondition {
+	this := UserLifecycleAttributePolicyRuleCondition{}
+	return &this
+}
+
+// GetAttributeName returns the AttributeName field value if set, zero value otherwise.
+func (o *UserLifecycleAttributePolicyRuleCondition) GetAttributeName() string {
+	if o == nil || o.AttributeName == nil {
+		var ret string
+		return ret
+	}
+	return *o.AttributeName
+}
+
+// GetAttributeNameOk returns a tuple with the AttributeName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserLifecycleAttributePolicyRuleCondition) GetAttributeNameOk() (*string, bool) {
+	if o == nil || o.AttributeName == nil {
+		return nil, false
+	}
+	return o.AttributeName, true
+}
+
+// HasAttributeName returns a boolean if a field has been set.
+func (o *UserLifecycleAttributePolicyRuleCondition) HasAttributeName() bool {
+	if o != nil && o.AttributeName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAttributeName gets a reference to the given string and assigns it to the AttributeName field.
+func (o *UserLifecycleAttributePolicyRuleCondition) SetAttributeName(v string) {
+	o.AttributeName = &v
+}
+
+// GetMatchingValue returns the MatchingValue field value if set, zero value otherwise.
+func (o *UserLifecycleAttributePolicyRuleCondition) GetMatchingValue() string {
+	if o == nil || o.MatchingValue == nil {
+		var ret string
+		return ret
+	}
+	return *o.MatchingValue
+}
+
+// GetMatchingValueOk returns a tuple with the MatchingValue field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserLifecycleAttributePolicyRuleCondition) GetMatchingValueOk() (*string, bool) {
+	if o == nil || o.MatchingValue == nil {
+		return nil, false
+	}
+	return o.MatchingValue, true
+}
+
+// HasMatchingValue returns a boolean if a field has been set.
+func (o *UserLifecycleAttributePolicyRuleCondition) HasMatchingValue() bool {
+	if o != nil && o.MatchingValue != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMatchingValue gets a reference to the given string and assigns it to the MatchingValue field.
+func (o *UserLifecycleAttributePolicyRuleCondition) SetMatchingValue(v string) {
+	o.MatchingValue = &v
+}
+
+func (o UserLifecycleAttributePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AttributeName != nil {
+		toSerialize["attributeName"] = o.AttributeName
+	}
+	if o.MatchingValue != nil {
+		toSerialize["matchingValue"] = o.MatchingValue
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserLifecycleAttributePolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varUserLifecycleAttributePolicyRuleCondition := _UserLifecycleAttributePolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varUserLifecycleAttributePolicyRuleCondition)
+	if err == nil {
+		*o = UserLifecycleAttributePolicyRuleCondition(varUserLifecycleAttributePolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "attributeName")
+		delete(additionalProperties, "matchingValue")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserLifecycleAttributePolicyRuleCondition struct {
+	value *UserLifecycleAttributePolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableUserLifecycleAttributePolicyRuleCondition) Get() *UserLifecycleAttributePolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableUserLifecycleAttributePolicyRuleCondition) Set(val *UserLifecycleAttributePolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserLifecycleAttributePolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserLifecycleAttributePolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserLifecycleAttributePolicyRuleCondition(val *UserLifecycleAttributePolicyRuleCondition) *NullableUserLifecycleAttributePolicyRuleCondition {
+	return &NullableUserLifecycleAttributePolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableUserLifecycleAttributePolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserLifecycleAttributePolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_lockout_settings.go b/okta/model_user_lockout_settings.go
new file mode 100644
index 000000000..60f2190c8
--- /dev/null
+++ b/okta/model_user_lockout_settings.go
@@ -0,0 +1,159 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserLockoutSettings struct for UserLockoutSettings
+type UserLockoutSettings struct {
+	// Prevents brute-force lockout from unknown devices for the password authenticator.
+	PreventBruteForceLockoutFromUnknownDevices *bool `json:"preventBruteForceLockoutFromUnknownDevices,omitempty"`
+	AdditionalProperties                       map[string]interface{}
+}
+
+type _UserLockoutSettings UserLockoutSettings
+
+// NewUserLockoutSettings instantiates a new UserLockoutSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserLockoutSettings() *UserLockoutSettings {
+	this := UserLockoutSettings{}
+	return &this
+}
+
+// NewUserLockoutSettingsWithDefaults instantiates a new UserLockoutSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserLockoutSettingsWithDefaults() *UserLockoutSettings {
+	this := UserLockoutSettings{}
+	return &this
+}
+
+// GetPreventBruteForceLockoutFromUnknownDevices returns the PreventBruteForceLockoutFromUnknownDevices field value if set, zero value otherwise.
+func (o *UserLockoutSettings) GetPreventBruteForceLockoutFromUnknownDevices() bool {
+	if o == nil || o.PreventBruteForceLockoutFromUnknownDevices == nil {
+		var ret bool
+		return ret
+	}
+	return *o.PreventBruteForceLockoutFromUnknownDevices
+}
+
+// GetPreventBruteForceLockoutFromUnknownDevicesOk returns a tuple with the PreventBruteForceLockoutFromUnknownDevices field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserLockoutSettings) GetPreventBruteForceLockoutFromUnknownDevicesOk() (*bool, bool) {
+	if o == nil || o.PreventBruteForceLockoutFromUnknownDevices == nil {
+		return nil, false
+	}
+	return o.PreventBruteForceLockoutFromUnknownDevices, true
+}
+
+// HasPreventBruteForceLockoutFromUnknownDevices returns a boolean if a field has been set.
+func (o *UserLockoutSettings) HasPreventBruteForceLockoutFromUnknownDevices() bool {
+	if o != nil && o.PreventBruteForceLockoutFromUnknownDevices != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreventBruteForceLockoutFromUnknownDevices gets a reference to the given bool and assigns it to the PreventBruteForceLockoutFromUnknownDevices field.
+func (o *UserLockoutSettings) SetPreventBruteForceLockoutFromUnknownDevices(v bool) {
+	o.PreventBruteForceLockoutFromUnknownDevices = &v
+}
+
+func (o UserLockoutSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.PreventBruteForceLockoutFromUnknownDevices != nil {
+		toSerialize["preventBruteForceLockoutFromUnknownDevices"] = o.PreventBruteForceLockoutFromUnknownDevices
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserLockoutSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varUserLockoutSettings := _UserLockoutSettings{}
+
+	err = json.Unmarshal(bytes, &varUserLockoutSettings)
+	if err == nil {
+		*o = UserLockoutSettings(varUserLockoutSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "preventBruteForceLockoutFromUnknownDevices")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserLockoutSettings struct {
+	value *UserLockoutSettings
+	isSet bool
+}
+
+func (v NullableUserLockoutSettings) Get() *UserLockoutSettings {
+	return v.value
+}
+
+func (v *NullableUserLockoutSettings) Set(val *UserLockoutSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserLockoutSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserLockoutSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserLockoutSettings(val *UserLockoutSettings) *NullableUserLockoutSettings {
+	return &NullableUserLockoutSettings{value: val, isSet: true}
+}
+
+func (v NullableUserLockoutSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserLockoutSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_next_login.go b/okta/model_user_next_login.go
new file mode 100644
index 000000000..9edaf2f09
--- /dev/null
+++ b/okta/model_user_next_login.go
@@ -0,0 +1,122 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserNextLogin the model 'UserNextLogin'
+type UserNextLogin string
+
+// List of UserNextLogin
+const (
+	USERNEXTLOGIN_CHANGE_PASSWORD UserNextLogin = "changePassword"
+)
+
+// All allowed values of UserNextLogin enum
+var AllowedUserNextLoginEnumValues = []UserNextLogin{
+	"changePassword",
+}
+
+func (v *UserNextLogin) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserNextLogin(value)
+	for _, existing := range AllowedUserNextLoginEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserNextLogin", value)
+}
+
+// NewUserNextLoginFromValue returns a pointer to a valid UserNextLogin
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserNextLoginFromValue(v string) (*UserNextLogin, error) {
+	ev := UserNextLogin(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserNextLogin: valid values are %v", v, AllowedUserNextLoginEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserNextLogin) IsValid() bool {
+	for _, existing := range AllowedUserNextLoginEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserNextLogin value
+func (v UserNextLogin) Ptr() *UserNextLogin {
+	return &v
+}
+
+type NullableUserNextLogin struct {
+	value *UserNextLogin
+	isSet bool
+}
+
+func (v NullableUserNextLogin) Get() *UserNextLogin {
+	return v.value
+}
+
+func (v *NullableUserNextLogin) Set(val *UserNextLogin) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserNextLogin) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserNextLogin) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserNextLogin(val *UserNextLogin) *NullableUserNextLogin {
+	return &NullableUserNextLogin{value: val, isSet: true}
+}
+
+func (v NullableUserNextLogin) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserNextLogin) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_policy_rule_condition.go b/okta/model_user_policy_rule_condition.go
new file mode 100644
index 000000000..4fb1f3099
--- /dev/null
+++ b/okta/model_user_policy_rule_condition.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserPolicyRuleCondition struct for UserPolicyRuleCondition
+type UserPolicyRuleCondition struct {
+	Exclude                []string                                   `json:"exclude,omitempty"`
+	Inactivity             *InactivityPolicyRuleCondition             `json:"inactivity,omitempty"`
+	Include                []string                                   `json:"include,omitempty"`
+	LifecycleExpiration    *LifecycleExpirationPolicyRuleCondition    `json:"lifecycleExpiration,omitempty"`
+	PasswordExpiration     *PasswordExpirationPolicyRuleCondition     `json:"passwordExpiration,omitempty"`
+	UserLifecycleAttribute *UserLifecycleAttributePolicyRuleCondition `json:"userLifecycleAttribute,omitempty"`
+	AdditionalProperties   map[string]interface{}
+}
+
+type _UserPolicyRuleCondition UserPolicyRuleCondition
+
+// NewUserPolicyRuleCondition instantiates a new UserPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserPolicyRuleCondition() *UserPolicyRuleCondition {
+	this := UserPolicyRuleCondition{}
+	return &this
+}
+
+// NewUserPolicyRuleConditionWithDefaults instantiates a new UserPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserPolicyRuleConditionWithDefaults() *UserPolicyRuleCondition {
+	this := UserPolicyRuleCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *UserPolicyRuleCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserPolicyRuleCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *UserPolicyRuleCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *UserPolicyRuleCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInactivity returns the Inactivity field value if set, zero value otherwise.
+func (o *UserPolicyRuleCondition) GetInactivity() InactivityPolicyRuleCondition {
+	if o == nil || o.Inactivity == nil {
+		var ret InactivityPolicyRuleCondition
+		return ret
+	}
+	return *o.Inactivity
+}
+
+// GetInactivityOk returns a tuple with the Inactivity field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserPolicyRuleCondition) GetInactivityOk() (*InactivityPolicyRuleCondition, bool) {
+	if o == nil || o.Inactivity == nil {
+		return nil, false
+	}
+	return o.Inactivity, true
+}
+
+// HasInactivity returns a boolean if a field has been set.
+func (o *UserPolicyRuleCondition) HasInactivity() bool {
+	if o != nil && o.Inactivity != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInactivity gets a reference to the given InactivityPolicyRuleCondition and assigns it to the Inactivity field.
+func (o *UserPolicyRuleCondition) SetInactivity(v InactivityPolicyRuleCondition) {
+	o.Inactivity = &v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *UserPolicyRuleCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserPolicyRuleCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *UserPolicyRuleCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *UserPolicyRuleCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+// GetLifecycleExpiration returns the LifecycleExpiration field value if set, zero value otherwise.
+func (o *UserPolicyRuleCondition) GetLifecycleExpiration() LifecycleExpirationPolicyRuleCondition {
+	if o == nil || o.LifecycleExpiration == nil {
+		var ret LifecycleExpirationPolicyRuleCondition
+		return ret
+	}
+	return *o.LifecycleExpiration
+}
+
+// GetLifecycleExpirationOk returns a tuple with the LifecycleExpiration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserPolicyRuleCondition) GetLifecycleExpirationOk() (*LifecycleExpirationPolicyRuleCondition, bool) {
+	if o == nil || o.LifecycleExpiration == nil {
+		return nil, false
+	}
+	return o.LifecycleExpiration, true
+}
+
+// HasLifecycleExpiration returns a boolean if a field has been set.
+func (o *UserPolicyRuleCondition) HasLifecycleExpiration() bool {
+	if o != nil && o.LifecycleExpiration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLifecycleExpiration gets a reference to the given LifecycleExpirationPolicyRuleCondition and assigns it to the LifecycleExpiration field.
+func (o *UserPolicyRuleCondition) SetLifecycleExpiration(v LifecycleExpirationPolicyRuleCondition) {
+	o.LifecycleExpiration = &v
+}
+
+// GetPasswordExpiration returns the PasswordExpiration field value if set, zero value otherwise.
+func (o *UserPolicyRuleCondition) GetPasswordExpiration() PasswordExpirationPolicyRuleCondition {
+	if o == nil || o.PasswordExpiration == nil {
+		var ret PasswordExpirationPolicyRuleCondition
+		return ret
+	}
+	return *o.PasswordExpiration
+}
+
+// GetPasswordExpirationOk returns a tuple with the PasswordExpiration field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserPolicyRuleCondition) GetPasswordExpirationOk() (*PasswordExpirationPolicyRuleCondition, bool) {
+	if o == nil || o.PasswordExpiration == nil {
+		return nil, false
+	}
+	return o.PasswordExpiration, true
+}
+
+// HasPasswordExpiration returns a boolean if a field has been set.
+func (o *UserPolicyRuleCondition) HasPasswordExpiration() bool {
+	if o != nil && o.PasswordExpiration != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPasswordExpiration gets a reference to the given PasswordExpirationPolicyRuleCondition and assigns it to the PasswordExpiration field.
+func (o *UserPolicyRuleCondition) SetPasswordExpiration(v PasswordExpirationPolicyRuleCondition) {
+	o.PasswordExpiration = &v
+}
+
+// GetUserLifecycleAttribute returns the UserLifecycleAttribute field value if set, zero value otherwise.
+func (o *UserPolicyRuleCondition) GetUserLifecycleAttribute() UserLifecycleAttributePolicyRuleCondition {
+	if o == nil || o.UserLifecycleAttribute == nil {
+		var ret UserLifecycleAttributePolicyRuleCondition
+		return ret
+	}
+	return *o.UserLifecycleAttribute
+}
+
+// GetUserLifecycleAttributeOk returns a tuple with the UserLifecycleAttribute field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserPolicyRuleCondition) GetUserLifecycleAttributeOk() (*UserLifecycleAttributePolicyRuleCondition, bool) {
+	if o == nil || o.UserLifecycleAttribute == nil {
+		return nil, false
+	}
+	return o.UserLifecycleAttribute, true
+}
+
+// HasUserLifecycleAttribute returns a boolean if a field has been set.
+func (o *UserPolicyRuleCondition) HasUserLifecycleAttribute() bool {
+	if o != nil && o.UserLifecycleAttribute != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserLifecycleAttribute gets a reference to the given UserLifecycleAttributePolicyRuleCondition and assigns it to the UserLifecycleAttribute field.
+func (o *UserPolicyRuleCondition) SetUserLifecycleAttribute(v UserLifecycleAttributePolicyRuleCondition) {
+	o.UserLifecycleAttribute = &v
+}
+
+func (o UserPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Inactivity != nil {
+		toSerialize["inactivity"] = o.Inactivity
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+	if o.LifecycleExpiration != nil {
+		toSerialize["lifecycleExpiration"] = o.LifecycleExpiration
+	}
+	if o.PasswordExpiration != nil {
+		toSerialize["passwordExpiration"] = o.PasswordExpiration
+	}
+	if o.UserLifecycleAttribute != nil {
+		toSerialize["userLifecycleAttribute"] = o.UserLifecycleAttribute
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varUserPolicyRuleCondition := _UserPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varUserPolicyRuleCondition)
+	if err == nil {
+		*o = UserPolicyRuleCondition(varUserPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "inactivity")
+		delete(additionalProperties, "include")
+		delete(additionalProperties, "lifecycleExpiration")
+		delete(additionalProperties, "passwordExpiration")
+		delete(additionalProperties, "userLifecycleAttribute")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserPolicyRuleCondition struct {
+	value *UserPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableUserPolicyRuleCondition) Get() *UserPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableUserPolicyRuleCondition) Set(val *UserPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserPolicyRuleCondition(val *UserPolicyRuleCondition) *NullableUserPolicyRuleCondition {
+	return &NullableUserPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableUserPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_profile.go b/okta/model_user_profile.go
new file mode 100644
index 000000000..c1fae658a
--- /dev/null
+++ b/okta/model_user_profile.go
@@ -0,0 +1,1390 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserProfile struct for UserProfile
+type UserProfile struct {
+	City            NullableString `json:"city,omitempty"`
+	CostCenter      *string        `json:"costCenter,omitempty"`
+	CountryCode     NullableString `json:"countryCode,omitempty"`
+	Department      *string        `json:"department,omitempty"`
+	DisplayName     *string        `json:"displayName,omitempty"`
+	Division        *string        `json:"division,omitempty"`
+	Email           *string        `json:"email,omitempty"`
+	EmployeeNumber  *string        `json:"employeeNumber,omitempty"`
+	FirstName       NullableString `json:"firstName,omitempty"`
+	HonorificPrefix *string        `json:"honorificPrefix,omitempty"`
+	HonorificSuffix *string        `json:"honorificSuffix,omitempty"`
+	LastName        NullableString `json:"lastName,omitempty"`
+	// The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646).
+	Locale               *string        `json:"locale,omitempty"`
+	Login                *string        `json:"login,omitempty"`
+	Manager              *string        `json:"manager,omitempty"`
+	ManagerId            *string        `json:"managerId,omitempty"`
+	MiddleName           *string        `json:"middleName,omitempty"`
+	MobilePhone          NullableString `json:"mobilePhone,omitempty"`
+	NickName             *string        `json:"nickName,omitempty"`
+	Organization         *string        `json:"organization,omitempty"`
+	PostalAddress        NullableString `json:"postalAddress,omitempty"`
+	PreferredLanguage    *string        `json:"preferredLanguage,omitempty"`
+	PrimaryPhone         NullableString `json:"primaryPhone,omitempty"`
+	ProfileUrl           *string        `json:"profileUrl,omitempty"`
+	SecondEmail          NullableString `json:"secondEmail,omitempty"`
+	State                NullableString `json:"state,omitempty"`
+	StreetAddress        NullableString `json:"streetAddress,omitempty"`
+	Timezone             *string        `json:"timezone,omitempty"`
+	Title                *string        `json:"title,omitempty"`
+	UserType             *string        `json:"userType,omitempty"`
+	ZipCode              NullableString `json:"zipCode,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserProfile UserProfile
+
+// NewUserProfile instantiates a new UserProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserProfile() *UserProfile {
+	this := UserProfile{}
+	return &this
+}
+
+// NewUserProfileWithDefaults instantiates a new UserProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserProfileWithDefaults() *UserProfile {
+	this := UserProfile{}
+	return &this
+}
+
+// GetCity returns the City field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetCity() string {
+	if o == nil || o.City.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.City.Get()
+}
+
+// GetCityOk returns a tuple with the City field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetCityOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.City.Get(), o.City.IsSet()
+}
+
+// HasCity returns a boolean if a field has been set.
+func (o *UserProfile) HasCity() bool {
+	if o != nil && o.City.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetCity gets a reference to the given NullableString and assigns it to the City field.
+func (o *UserProfile) SetCity(v string) {
+	o.City.Set(&v)
+}
+
+// SetCityNil sets the value for City to be an explicit nil
+func (o *UserProfile) SetCityNil() {
+	o.City.Set(nil)
+}
+
+// UnsetCity ensures that no value is present for City, not even an explicit nil
+func (o *UserProfile) UnsetCity() {
+	o.City.Unset()
+}
+
+// GetCostCenter returns the CostCenter field value if set, zero value otherwise.
+func (o *UserProfile) GetCostCenter() string {
+	if o == nil || o.CostCenter == nil {
+		var ret string
+		return ret
+	}
+	return *o.CostCenter
+}
+
+// GetCostCenterOk returns a tuple with the CostCenter field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetCostCenterOk() (*string, bool) {
+	if o == nil || o.CostCenter == nil {
+		return nil, false
+	}
+	return o.CostCenter, true
+}
+
+// HasCostCenter returns a boolean if a field has been set.
+func (o *UserProfile) HasCostCenter() bool {
+	if o != nil && o.CostCenter != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCostCenter gets a reference to the given string and assigns it to the CostCenter field.
+func (o *UserProfile) SetCostCenter(v string) {
+	o.CostCenter = &v
+}
+
+// GetCountryCode returns the CountryCode field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetCountryCode() string {
+	if o == nil || o.CountryCode.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.CountryCode.Get()
+}
+
+// GetCountryCodeOk returns a tuple with the CountryCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetCountryCodeOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.CountryCode.Get(), o.CountryCode.IsSet()
+}
+
+// HasCountryCode returns a boolean if a field has been set.
+func (o *UserProfile) HasCountryCode() bool {
+	if o != nil && o.CountryCode.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetCountryCode gets a reference to the given NullableString and assigns it to the CountryCode field.
+func (o *UserProfile) SetCountryCode(v string) {
+	o.CountryCode.Set(&v)
+}
+
+// SetCountryCodeNil sets the value for CountryCode to be an explicit nil
+func (o *UserProfile) SetCountryCodeNil() {
+	o.CountryCode.Set(nil)
+}
+
+// UnsetCountryCode ensures that no value is present for CountryCode, not even an explicit nil
+func (o *UserProfile) UnsetCountryCode() {
+	o.CountryCode.Unset()
+}
+
+// GetDepartment returns the Department field value if set, zero value otherwise.
+func (o *UserProfile) GetDepartment() string {
+	if o == nil || o.Department == nil {
+		var ret string
+		return ret
+	}
+	return *o.Department
+}
+
+// GetDepartmentOk returns a tuple with the Department field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetDepartmentOk() (*string, bool) {
+	if o == nil || o.Department == nil {
+		return nil, false
+	}
+	return o.Department, true
+}
+
+// HasDepartment returns a boolean if a field has been set.
+func (o *UserProfile) HasDepartment() bool {
+	if o != nil && o.Department != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDepartment gets a reference to the given string and assigns it to the Department field.
+func (o *UserProfile) SetDepartment(v string) {
+	o.Department = &v
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *UserProfile) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *UserProfile) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *UserProfile) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetDivision returns the Division field value if set, zero value otherwise.
+func (o *UserProfile) GetDivision() string {
+	if o == nil || o.Division == nil {
+		var ret string
+		return ret
+	}
+	return *o.Division
+}
+
+// GetDivisionOk returns a tuple with the Division field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetDivisionOk() (*string, bool) {
+	if o == nil || o.Division == nil {
+		return nil, false
+	}
+	return o.Division, true
+}
+
+// HasDivision returns a boolean if a field has been set.
+func (o *UserProfile) HasDivision() bool {
+	if o != nil && o.Division != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDivision gets a reference to the given string and assigns it to the Division field.
+func (o *UserProfile) SetDivision(v string) {
+	o.Division = &v
+}
+
+// GetEmail returns the Email field value if set, zero value otherwise.
+func (o *UserProfile) GetEmail() string {
+	if o == nil || o.Email == nil {
+		var ret string
+		return ret
+	}
+	return *o.Email
+}
+
+// GetEmailOk returns a tuple with the Email field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetEmailOk() (*string, bool) {
+	if o == nil || o.Email == nil {
+		return nil, false
+	}
+	return o.Email, true
+}
+
+// HasEmail returns a boolean if a field has been set.
+func (o *UserProfile) HasEmail() bool {
+	if o != nil && o.Email != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmail gets a reference to the given string and assigns it to the Email field.
+func (o *UserProfile) SetEmail(v string) {
+	o.Email = &v
+}
+
+// GetEmployeeNumber returns the EmployeeNumber field value if set, zero value otherwise.
+func (o *UserProfile) GetEmployeeNumber() string {
+	if o == nil || o.EmployeeNumber == nil {
+		var ret string
+		return ret
+	}
+	return *o.EmployeeNumber
+}
+
+// GetEmployeeNumberOk returns a tuple with the EmployeeNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetEmployeeNumberOk() (*string, bool) {
+	if o == nil || o.EmployeeNumber == nil {
+		return nil, false
+	}
+	return o.EmployeeNumber, true
+}
+
+// HasEmployeeNumber returns a boolean if a field has been set.
+func (o *UserProfile) HasEmployeeNumber() bool {
+	if o != nil && o.EmployeeNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmployeeNumber gets a reference to the given string and assigns it to the EmployeeNumber field.
+func (o *UserProfile) SetEmployeeNumber(v string) {
+	o.EmployeeNumber = &v
+}
+
+// GetFirstName returns the FirstName field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetFirstName() string {
+	if o == nil || o.FirstName.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.FirstName.Get()
+}
+
+// GetFirstNameOk returns a tuple with the FirstName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetFirstNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.FirstName.Get(), o.FirstName.IsSet()
+}
+
+// HasFirstName returns a boolean if a field has been set.
+func (o *UserProfile) HasFirstName() bool {
+	if o != nil && o.FirstName.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetFirstName gets a reference to the given NullableString and assigns it to the FirstName field.
+func (o *UserProfile) SetFirstName(v string) {
+	o.FirstName.Set(&v)
+}
+
+// SetFirstNameNil sets the value for FirstName to be an explicit nil
+func (o *UserProfile) SetFirstNameNil() {
+	o.FirstName.Set(nil)
+}
+
+// UnsetFirstName ensures that no value is present for FirstName, not even an explicit nil
+func (o *UserProfile) UnsetFirstName() {
+	o.FirstName.Unset()
+}
+
+// GetHonorificPrefix returns the HonorificPrefix field value if set, zero value otherwise.
+func (o *UserProfile) GetHonorificPrefix() string {
+	if o == nil || o.HonorificPrefix == nil {
+		var ret string
+		return ret
+	}
+	return *o.HonorificPrefix
+}
+
+// GetHonorificPrefixOk returns a tuple with the HonorificPrefix field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetHonorificPrefixOk() (*string, bool) {
+	if o == nil || o.HonorificPrefix == nil {
+		return nil, false
+	}
+	return o.HonorificPrefix, true
+}
+
+// HasHonorificPrefix returns a boolean if a field has been set.
+func (o *UserProfile) HasHonorificPrefix() bool {
+	if o != nil && o.HonorificPrefix != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHonorificPrefix gets a reference to the given string and assigns it to the HonorificPrefix field.
+func (o *UserProfile) SetHonorificPrefix(v string) {
+	o.HonorificPrefix = &v
+}
+
+// GetHonorificSuffix returns the HonorificSuffix field value if set, zero value otherwise.
+func (o *UserProfile) GetHonorificSuffix() string {
+	if o == nil || o.HonorificSuffix == nil {
+		var ret string
+		return ret
+	}
+	return *o.HonorificSuffix
+}
+
+// GetHonorificSuffixOk returns a tuple with the HonorificSuffix field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetHonorificSuffixOk() (*string, bool) {
+	if o == nil || o.HonorificSuffix == nil {
+		return nil, false
+	}
+	return o.HonorificSuffix, true
+}
+
+// HasHonorificSuffix returns a boolean if a field has been set.
+func (o *UserProfile) HasHonorificSuffix() bool {
+	if o != nil && o.HonorificSuffix != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHonorificSuffix gets a reference to the given string and assigns it to the HonorificSuffix field.
+func (o *UserProfile) SetHonorificSuffix(v string) {
+	o.HonorificSuffix = &v
+}
+
+// GetLastName returns the LastName field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetLastName() string {
+	if o == nil || o.LastName.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastName.Get()
+}
+
+// GetLastNameOk returns a tuple with the LastName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetLastNameOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.LastName.Get(), o.LastName.IsSet()
+}
+
+// HasLastName returns a boolean if a field has been set.
+func (o *UserProfile) HasLastName() bool {
+	if o != nil && o.LastName.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetLastName gets a reference to the given NullableString and assigns it to the LastName field.
+func (o *UserProfile) SetLastName(v string) {
+	o.LastName.Set(&v)
+}
+
+// SetLastNameNil sets the value for LastName to be an explicit nil
+func (o *UserProfile) SetLastNameNil() {
+	o.LastName.Set(nil)
+}
+
+// UnsetLastName ensures that no value is present for LastName, not even an explicit nil
+func (o *UserProfile) UnsetLastName() {
+	o.LastName.Unset()
+}
+
+// GetLocale returns the Locale field value if set, zero value otherwise.
+func (o *UserProfile) GetLocale() string {
+	if o == nil || o.Locale == nil {
+		var ret string
+		return ret
+	}
+	return *o.Locale
+}
+
+// GetLocaleOk returns a tuple with the Locale field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetLocaleOk() (*string, bool) {
+	if o == nil || o.Locale == nil {
+		return nil, false
+	}
+	return o.Locale, true
+}
+
+// HasLocale returns a boolean if a field has been set.
+func (o *UserProfile) HasLocale() bool {
+	if o != nil && o.Locale != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLocale gets a reference to the given string and assigns it to the Locale field.
+func (o *UserProfile) SetLocale(v string) {
+	o.Locale = &v
+}
+
+// GetLogin returns the Login field value if set, zero value otherwise.
+func (o *UserProfile) GetLogin() string {
+	if o == nil || o.Login == nil {
+		var ret string
+		return ret
+	}
+	return *o.Login
+}
+
+// GetLoginOk returns a tuple with the Login field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetLoginOk() (*string, bool) {
+	if o == nil || o.Login == nil {
+		return nil, false
+	}
+	return o.Login, true
+}
+
+// HasLogin returns a boolean if a field has been set.
+func (o *UserProfile) HasLogin() bool {
+	if o != nil && o.Login != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogin gets a reference to the given string and assigns it to the Login field.
+func (o *UserProfile) SetLogin(v string) {
+	o.Login = &v
+}
+
+// GetManager returns the Manager field value if set, zero value otherwise.
+func (o *UserProfile) GetManager() string {
+	if o == nil || o.Manager == nil {
+		var ret string
+		return ret
+	}
+	return *o.Manager
+}
+
+// GetManagerOk returns a tuple with the Manager field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetManagerOk() (*string, bool) {
+	if o == nil || o.Manager == nil {
+		return nil, false
+	}
+	return o.Manager, true
+}
+
+// HasManager returns a boolean if a field has been set.
+func (o *UserProfile) HasManager() bool {
+	if o != nil && o.Manager != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetManager gets a reference to the given string and assigns it to the Manager field.
+func (o *UserProfile) SetManager(v string) {
+	o.Manager = &v
+}
+
+// GetManagerId returns the ManagerId field value if set, zero value otherwise.
+func (o *UserProfile) GetManagerId() string {
+	if o == nil || o.ManagerId == nil {
+		var ret string
+		return ret
+	}
+	return *o.ManagerId
+}
+
+// GetManagerIdOk returns a tuple with the ManagerId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetManagerIdOk() (*string, bool) {
+	if o == nil || o.ManagerId == nil {
+		return nil, false
+	}
+	return o.ManagerId, true
+}
+
+// HasManagerId returns a boolean if a field has been set.
+func (o *UserProfile) HasManagerId() bool {
+	if o != nil && o.ManagerId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetManagerId gets a reference to the given string and assigns it to the ManagerId field.
+func (o *UserProfile) SetManagerId(v string) {
+	o.ManagerId = &v
+}
+
+// GetMiddleName returns the MiddleName field value if set, zero value otherwise.
+func (o *UserProfile) GetMiddleName() string {
+	if o == nil || o.MiddleName == nil {
+		var ret string
+		return ret
+	}
+	return *o.MiddleName
+}
+
+// GetMiddleNameOk returns a tuple with the MiddleName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetMiddleNameOk() (*string, bool) {
+	if o == nil || o.MiddleName == nil {
+		return nil, false
+	}
+	return o.MiddleName, true
+}
+
+// HasMiddleName returns a boolean if a field has been set.
+func (o *UserProfile) HasMiddleName() bool {
+	if o != nil && o.MiddleName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMiddleName gets a reference to the given string and assigns it to the MiddleName field.
+func (o *UserProfile) SetMiddleName(v string) {
+	o.MiddleName = &v
+}
+
+// GetMobilePhone returns the MobilePhone field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetMobilePhone() string {
+	if o == nil || o.MobilePhone.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.MobilePhone.Get()
+}
+
+// GetMobilePhoneOk returns a tuple with the MobilePhone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetMobilePhoneOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.MobilePhone.Get(), o.MobilePhone.IsSet()
+}
+
+// HasMobilePhone returns a boolean if a field has been set.
+func (o *UserProfile) HasMobilePhone() bool {
+	if o != nil && o.MobilePhone.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetMobilePhone gets a reference to the given NullableString and assigns it to the MobilePhone field.
+func (o *UserProfile) SetMobilePhone(v string) {
+	o.MobilePhone.Set(&v)
+}
+
+// SetMobilePhoneNil sets the value for MobilePhone to be an explicit nil
+func (o *UserProfile) SetMobilePhoneNil() {
+	o.MobilePhone.Set(nil)
+}
+
+// UnsetMobilePhone ensures that no value is present for MobilePhone, not even an explicit nil
+func (o *UserProfile) UnsetMobilePhone() {
+	o.MobilePhone.Unset()
+}
+
+// GetNickName returns the NickName field value if set, zero value otherwise.
+func (o *UserProfile) GetNickName() string {
+	if o == nil || o.NickName == nil {
+		var ret string
+		return ret
+	}
+	return *o.NickName
+}
+
+// GetNickNameOk returns a tuple with the NickName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetNickNameOk() (*string, bool) {
+	if o == nil || o.NickName == nil {
+		return nil, false
+	}
+	return o.NickName, true
+}
+
+// HasNickName returns a boolean if a field has been set.
+func (o *UserProfile) HasNickName() bool {
+	if o != nil && o.NickName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNickName gets a reference to the given string and assigns it to the NickName field.
+func (o *UserProfile) SetNickName(v string) {
+	o.NickName = &v
+}
+
+// GetOrganization returns the Organization field value if set, zero value otherwise.
+func (o *UserProfile) GetOrganization() string {
+	if o == nil || o.Organization == nil {
+		var ret string
+		return ret
+	}
+	return *o.Organization
+}
+
+// GetOrganizationOk returns a tuple with the Organization field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetOrganizationOk() (*string, bool) {
+	if o == nil || o.Organization == nil {
+		return nil, false
+	}
+	return o.Organization, true
+}
+
+// HasOrganization returns a boolean if a field has been set.
+func (o *UserProfile) HasOrganization() bool {
+	if o != nil && o.Organization != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOrganization gets a reference to the given string and assigns it to the Organization field.
+func (o *UserProfile) SetOrganization(v string) {
+	o.Organization = &v
+}
+
+// GetPostalAddress returns the PostalAddress field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetPostalAddress() string {
+	if o == nil || o.PostalAddress.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.PostalAddress.Get()
+}
+
+// GetPostalAddressOk returns a tuple with the PostalAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetPostalAddressOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.PostalAddress.Get(), o.PostalAddress.IsSet()
+}
+
+// HasPostalAddress returns a boolean if a field has been set.
+func (o *UserProfile) HasPostalAddress() bool {
+	if o != nil && o.PostalAddress.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetPostalAddress gets a reference to the given NullableString and assigns it to the PostalAddress field.
+func (o *UserProfile) SetPostalAddress(v string) {
+	o.PostalAddress.Set(&v)
+}
+
+// SetPostalAddressNil sets the value for PostalAddress to be an explicit nil
+func (o *UserProfile) SetPostalAddressNil() {
+	o.PostalAddress.Set(nil)
+}
+
+// UnsetPostalAddress ensures that no value is present for PostalAddress, not even an explicit nil
+func (o *UserProfile) UnsetPostalAddress() {
+	o.PostalAddress.Unset()
+}
+
+// GetPreferredLanguage returns the PreferredLanguage field value if set, zero value otherwise.
+func (o *UserProfile) GetPreferredLanguage() string {
+	if o == nil || o.PreferredLanguage == nil {
+		var ret string
+		return ret
+	}
+	return *o.PreferredLanguage
+}
+
+// GetPreferredLanguageOk returns a tuple with the PreferredLanguage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetPreferredLanguageOk() (*string, bool) {
+	if o == nil || o.PreferredLanguage == nil {
+		return nil, false
+	}
+	return o.PreferredLanguage, true
+}
+
+// HasPreferredLanguage returns a boolean if a field has been set.
+func (o *UserProfile) HasPreferredLanguage() bool {
+	if o != nil && o.PreferredLanguage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreferredLanguage gets a reference to the given string and assigns it to the PreferredLanguage field.
+func (o *UserProfile) SetPreferredLanguage(v string) {
+	o.PreferredLanguage = &v
+}
+
+// GetPrimaryPhone returns the PrimaryPhone field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetPrimaryPhone() string {
+	if o == nil || o.PrimaryPhone.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.PrimaryPhone.Get()
+}
+
+// GetPrimaryPhoneOk returns a tuple with the PrimaryPhone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetPrimaryPhoneOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.PrimaryPhone.Get(), o.PrimaryPhone.IsSet()
+}
+
+// HasPrimaryPhone returns a boolean if a field has been set.
+func (o *UserProfile) HasPrimaryPhone() bool {
+	if o != nil && o.PrimaryPhone.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetPrimaryPhone gets a reference to the given NullableString and assigns it to the PrimaryPhone field.
+func (o *UserProfile) SetPrimaryPhone(v string) {
+	o.PrimaryPhone.Set(&v)
+}
+
+// SetPrimaryPhoneNil sets the value for PrimaryPhone to be an explicit nil
+func (o *UserProfile) SetPrimaryPhoneNil() {
+	o.PrimaryPhone.Set(nil)
+}
+
+// UnsetPrimaryPhone ensures that no value is present for PrimaryPhone, not even an explicit nil
+func (o *UserProfile) UnsetPrimaryPhone() {
+	o.PrimaryPhone.Unset()
+}
+
+// GetProfileUrl returns the ProfileUrl field value if set, zero value otherwise.
+func (o *UserProfile) GetProfileUrl() string {
+	if o == nil || o.ProfileUrl == nil {
+		var ret string
+		return ret
+	}
+	return *o.ProfileUrl
+}
+
+// GetProfileUrlOk returns a tuple with the ProfileUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetProfileUrlOk() (*string, bool) {
+	if o == nil || o.ProfileUrl == nil {
+		return nil, false
+	}
+	return o.ProfileUrl, true
+}
+
+// HasProfileUrl returns a boolean if a field has been set.
+func (o *UserProfile) HasProfileUrl() bool {
+	if o != nil && o.ProfileUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfileUrl gets a reference to the given string and assigns it to the ProfileUrl field.
+func (o *UserProfile) SetProfileUrl(v string) {
+	o.ProfileUrl = &v
+}
+
+// GetSecondEmail returns the SecondEmail field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetSecondEmail() string {
+	if o == nil || o.SecondEmail.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.SecondEmail.Get()
+}
+
+// GetSecondEmailOk returns a tuple with the SecondEmail field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetSecondEmailOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.SecondEmail.Get(), o.SecondEmail.IsSet()
+}
+
+// HasSecondEmail returns a boolean if a field has been set.
+func (o *UserProfile) HasSecondEmail() bool {
+	if o != nil && o.SecondEmail.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetSecondEmail gets a reference to the given NullableString and assigns it to the SecondEmail field.
+func (o *UserProfile) SetSecondEmail(v string) {
+	o.SecondEmail.Set(&v)
+}
+
+// SetSecondEmailNil sets the value for SecondEmail to be an explicit nil
+func (o *UserProfile) SetSecondEmailNil() {
+	o.SecondEmail.Set(nil)
+}
+
+// UnsetSecondEmail ensures that no value is present for SecondEmail, not even an explicit nil
+func (o *UserProfile) UnsetSecondEmail() {
+	o.SecondEmail.Unset()
+}
+
+// GetState returns the State field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetState() string {
+	if o == nil || o.State.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.State.Get()
+}
+
+// GetStateOk returns a tuple with the State field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetStateOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.State.Get(), o.State.IsSet()
+}
+
+// HasState returns a boolean if a field has been set.
+func (o *UserProfile) HasState() bool {
+	if o != nil && o.State.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetState gets a reference to the given NullableString and assigns it to the State field.
+func (o *UserProfile) SetState(v string) {
+	o.State.Set(&v)
+}
+
+// SetStateNil sets the value for State to be an explicit nil
+func (o *UserProfile) SetStateNil() {
+	o.State.Set(nil)
+}
+
+// UnsetState ensures that no value is present for State, not even an explicit nil
+func (o *UserProfile) UnsetState() {
+	o.State.Unset()
+}
+
+// GetStreetAddress returns the StreetAddress field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetStreetAddress() string {
+	if o == nil || o.StreetAddress.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.StreetAddress.Get()
+}
+
+// GetStreetAddressOk returns a tuple with the StreetAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetStreetAddressOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.StreetAddress.Get(), o.StreetAddress.IsSet()
+}
+
+// HasStreetAddress returns a boolean if a field has been set.
+func (o *UserProfile) HasStreetAddress() bool {
+	if o != nil && o.StreetAddress.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetStreetAddress gets a reference to the given NullableString and assigns it to the StreetAddress field.
+func (o *UserProfile) SetStreetAddress(v string) {
+	o.StreetAddress.Set(&v)
+}
+
+// SetStreetAddressNil sets the value for StreetAddress to be an explicit nil
+func (o *UserProfile) SetStreetAddressNil() {
+	o.StreetAddress.Set(nil)
+}
+
+// UnsetStreetAddress ensures that no value is present for StreetAddress, not even an explicit nil
+func (o *UserProfile) UnsetStreetAddress() {
+	o.StreetAddress.Unset()
+}
+
+// GetTimezone returns the Timezone field value if set, zero value otherwise.
+func (o *UserProfile) GetTimezone() string {
+	if o == nil || o.Timezone == nil {
+		var ret string
+		return ret
+	}
+	return *o.Timezone
+}
+
+// GetTimezoneOk returns a tuple with the Timezone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetTimezoneOk() (*string, bool) {
+	if o == nil || o.Timezone == nil {
+		return nil, false
+	}
+	return o.Timezone, true
+}
+
+// HasTimezone returns a boolean if a field has been set.
+func (o *UserProfile) HasTimezone() bool {
+	if o != nil && o.Timezone != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTimezone gets a reference to the given string and assigns it to the Timezone field.
+func (o *UserProfile) SetTimezone(v string) {
+	o.Timezone = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *UserProfile) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *UserProfile) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *UserProfile) SetTitle(v string) {
+	o.Title = &v
+}
+
+// GetUserType returns the UserType field value if set, zero value otherwise.
+func (o *UserProfile) GetUserType() string {
+	if o == nil || o.UserType == nil {
+		var ret string
+		return ret
+	}
+	return *o.UserType
+}
+
+// GetUserTypeOk returns a tuple with the UserType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserProfile) GetUserTypeOk() (*string, bool) {
+	if o == nil || o.UserType == nil {
+		return nil, false
+	}
+	return o.UserType, true
+}
+
+// HasUserType returns a boolean if a field has been set.
+func (o *UserProfile) HasUserType() bool {
+	if o != nil && o.UserType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserType gets a reference to the given string and assigns it to the UserType field.
+func (o *UserProfile) SetUserType(v string) {
+	o.UserType = &v
+}
+
+// GetZipCode returns the ZipCode field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *UserProfile) GetZipCode() string {
+	if o == nil || o.ZipCode.Get() == nil {
+		var ret string
+		return ret
+	}
+	return *o.ZipCode.Get()
+}
+
+// GetZipCodeOk returns a tuple with the ZipCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *UserProfile) GetZipCodeOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.ZipCode.Get(), o.ZipCode.IsSet()
+}
+
+// HasZipCode returns a boolean if a field has been set.
+func (o *UserProfile) HasZipCode() bool {
+	if o != nil && o.ZipCode.IsSet() {
+		return true
+	}
+
+	return false
+}
+
+// SetZipCode gets a reference to the given NullableString and assigns it to the ZipCode field.
+func (o *UserProfile) SetZipCode(v string) {
+	o.ZipCode.Set(&v)
+}
+
+// SetZipCodeNil sets the value for ZipCode to be an explicit nil
+func (o *UserProfile) SetZipCodeNil() {
+	o.ZipCode.Set(nil)
+}
+
+// UnsetZipCode ensures that no value is present for ZipCode, not even an explicit nil
+func (o *UserProfile) UnsetZipCode() {
+	o.ZipCode.Unset()
+}
+
+func (o UserProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.City.IsSet() {
+		toSerialize["city"] = o.City.Get()
+	}
+	if o.CostCenter != nil {
+		toSerialize["costCenter"] = o.CostCenter
+	}
+	if o.CountryCode.IsSet() {
+		toSerialize["countryCode"] = o.CountryCode.Get()
+	}
+	if o.Department != nil {
+		toSerialize["department"] = o.Department
+	}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Division != nil {
+		toSerialize["division"] = o.Division
+	}
+	if o.Email != nil {
+		toSerialize["email"] = o.Email
+	}
+	if o.EmployeeNumber != nil {
+		toSerialize["employeeNumber"] = o.EmployeeNumber
+	}
+	if o.FirstName.IsSet() {
+		toSerialize["firstName"] = o.FirstName.Get()
+	}
+	if o.HonorificPrefix != nil {
+		toSerialize["honorificPrefix"] = o.HonorificPrefix
+	}
+	if o.HonorificSuffix != nil {
+		toSerialize["honorificSuffix"] = o.HonorificSuffix
+	}
+	if o.LastName.IsSet() {
+		toSerialize["lastName"] = o.LastName.Get()
+	}
+	if o.Locale != nil {
+		toSerialize["locale"] = o.Locale
+	}
+	if o.Login != nil {
+		toSerialize["login"] = o.Login
+	}
+	if o.Manager != nil {
+		toSerialize["manager"] = o.Manager
+	}
+	if o.ManagerId != nil {
+		toSerialize["managerId"] = o.ManagerId
+	}
+	if o.MiddleName != nil {
+		toSerialize["middleName"] = o.MiddleName
+	}
+	if o.MobilePhone.IsSet() {
+		toSerialize["mobilePhone"] = o.MobilePhone.Get()
+	}
+	if o.NickName != nil {
+		toSerialize["nickName"] = o.NickName
+	}
+	if o.Organization != nil {
+		toSerialize["organization"] = o.Organization
+	}
+	if o.PostalAddress.IsSet() {
+		toSerialize["postalAddress"] = o.PostalAddress.Get()
+	}
+	if o.PreferredLanguage != nil {
+		toSerialize["preferredLanguage"] = o.PreferredLanguage
+	}
+	if o.PrimaryPhone.IsSet() {
+		toSerialize["primaryPhone"] = o.PrimaryPhone.Get()
+	}
+	if o.ProfileUrl != nil {
+		toSerialize["profileUrl"] = o.ProfileUrl
+	}
+	if o.SecondEmail.IsSet() {
+		toSerialize["secondEmail"] = o.SecondEmail.Get()
+	}
+	if o.State.IsSet() {
+		toSerialize["state"] = o.State.Get()
+	}
+	if o.StreetAddress.IsSet() {
+		toSerialize["streetAddress"] = o.StreetAddress.Get()
+	}
+	if o.Timezone != nil {
+		toSerialize["timezone"] = o.Timezone
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.UserType != nil {
+		toSerialize["userType"] = o.UserType
+	}
+	if o.ZipCode.IsSet() {
+		toSerialize["zipCode"] = o.ZipCode.Get()
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varUserProfile := _UserProfile{}
+
+	err = json.Unmarshal(bytes, &varUserProfile)
+	if err == nil {
+		*o = UserProfile(varUserProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "city")
+		delete(additionalProperties, "costCenter")
+		delete(additionalProperties, "countryCode")
+		delete(additionalProperties, "department")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "division")
+		delete(additionalProperties, "email")
+		delete(additionalProperties, "employeeNumber")
+		delete(additionalProperties, "firstName")
+		delete(additionalProperties, "honorificPrefix")
+		delete(additionalProperties, "honorificSuffix")
+		delete(additionalProperties, "lastName")
+		delete(additionalProperties, "locale")
+		delete(additionalProperties, "login")
+		delete(additionalProperties, "manager")
+		delete(additionalProperties, "managerId")
+		delete(additionalProperties, "middleName")
+		delete(additionalProperties, "mobilePhone")
+		delete(additionalProperties, "nickName")
+		delete(additionalProperties, "organization")
+		delete(additionalProperties, "postalAddress")
+		delete(additionalProperties, "preferredLanguage")
+		delete(additionalProperties, "primaryPhone")
+		delete(additionalProperties, "profileUrl")
+		delete(additionalProperties, "secondEmail")
+		delete(additionalProperties, "state")
+		delete(additionalProperties, "streetAddress")
+		delete(additionalProperties, "timezone")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "userType")
+		delete(additionalProperties, "zipCode")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserProfile struct {
+	value *UserProfile
+	isSet bool
+}
+
+func (v NullableUserProfile) Get() *UserProfile {
+	return v.value
+}
+
+func (v *NullableUserProfile) Set(val *UserProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserProfile(val *UserProfile) *NullableUserProfile {
+	return &NullableUserProfile{value: val, isSet: true}
+}
+
+func (v NullableUserProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema.go b/okta/model_user_schema.go
new file mode 100644
index 000000000..ca85374f5
--- /dev/null
+++ b/okta/model_user_schema.go
@@ -0,0 +1,491 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchema struct for UserSchema
+type UserSchema struct {
+	Schema               *string                           `json:"$schema,omitempty"`
+	Created              *string                           `json:"created,omitempty"`
+	Definitions          *UserSchemaDefinitions            `json:"definitions,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *string                           `json:"lastUpdated,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Properties           *UserSchemaProperties             `json:"properties,omitempty"`
+	Title                *string                           `json:"title,omitempty"`
+	Type                 *string                           `json:"type,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchema UserSchema
+
+// NewUserSchema instantiates a new UserSchema object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchema() *UserSchema {
+	this := UserSchema{}
+	return &this
+}
+
+// NewUserSchemaWithDefaults instantiates a new UserSchema object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaWithDefaults() *UserSchema {
+	this := UserSchema{}
+	return &this
+}
+
+// GetSchema returns the Schema field value if set, zero value otherwise.
+func (o *UserSchema) GetSchema() string {
+	if o == nil || o.Schema == nil {
+		var ret string
+		return ret
+	}
+	return *o.Schema
+}
+
+// GetSchemaOk returns a tuple with the Schema field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetSchemaOk() (*string, bool) {
+	if o == nil || o.Schema == nil {
+		return nil, false
+	}
+	return o.Schema, true
+}
+
+// HasSchema returns a boolean if a field has been set.
+func (o *UserSchema) HasSchema() bool {
+	if o != nil && o.Schema != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSchema gets a reference to the given string and assigns it to the Schema field.
+func (o *UserSchema) SetSchema(v string) {
+	o.Schema = &v
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *UserSchema) GetCreated() string {
+	if o == nil || o.Created == nil {
+		var ret string
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetCreatedOk() (*string, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *UserSchema) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given string and assigns it to the Created field.
+func (o *UserSchema) SetCreated(v string) {
+	o.Created = &v
+}
+
+// GetDefinitions returns the Definitions field value if set, zero value otherwise.
+func (o *UserSchema) GetDefinitions() UserSchemaDefinitions {
+	if o == nil || o.Definitions == nil {
+		var ret UserSchemaDefinitions
+		return ret
+	}
+	return *o.Definitions
+}
+
+// GetDefinitionsOk returns a tuple with the Definitions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetDefinitionsOk() (*UserSchemaDefinitions, bool) {
+	if o == nil || o.Definitions == nil {
+		return nil, false
+	}
+	return o.Definitions, true
+}
+
+// HasDefinitions returns a boolean if a field has been set.
+func (o *UserSchema) HasDefinitions() bool {
+	if o != nil && o.Definitions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefinitions gets a reference to the given UserSchemaDefinitions and assigns it to the Definitions field.
+func (o *UserSchema) SetDefinitions(v UserSchemaDefinitions) {
+	o.Definitions = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *UserSchema) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *UserSchema) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *UserSchema) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *UserSchema) GetLastUpdated() string {
+	if o == nil || o.LastUpdated == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetLastUpdatedOk() (*string, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *UserSchema) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given string and assigns it to the LastUpdated field.
+func (o *UserSchema) SetLastUpdated(v string) {
+	o.LastUpdated = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *UserSchema) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *UserSchema) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *UserSchema) SetName(v string) {
+	o.Name = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *UserSchema) GetProperties() UserSchemaProperties {
+	if o == nil || o.Properties == nil {
+		var ret UserSchemaProperties
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetPropertiesOk() (*UserSchemaProperties, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *UserSchema) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given UserSchemaProperties and assigns it to the Properties field.
+func (o *UserSchema) SetProperties(v UserSchemaProperties) {
+	o.Properties = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *UserSchema) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *UserSchema) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *UserSchema) SetTitle(v string) {
+	o.Title = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserSchema) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserSchema) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *UserSchema) SetType(v string) {
+	o.Type = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *UserSchema) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchema) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *UserSchema) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *UserSchema) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o UserSchema) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Schema != nil {
+		toSerialize["$schema"] = o.Schema
+	}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.Definitions != nil {
+		toSerialize["definitions"] = o.Definitions
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchema) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchema := _UserSchema{}
+
+	err = json.Unmarshal(bytes, &varUserSchema)
+	if err == nil {
+		*o = UserSchema(varUserSchema)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "$schema")
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "definitions")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchema struct {
+	value *UserSchema
+	isSet bool
+}
+
+func (v NullableUserSchema) Get() *UserSchema {
+	return v.value
+}
+
+func (v *NullableUserSchema) Set(val *UserSchema) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchema) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchema) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchema(val *UserSchema) *NullableUserSchema {
+	return &NullableUserSchema{value: val, isSet: true}
+}
+
+func (v NullableUserSchema) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchema) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute.go b/okta/model_user_schema_attribute.go
new file mode 100644
index 000000000..694312d1d
--- /dev/null
+++ b/okta/model_user_schema_attribute.go
@@ -0,0 +1,787 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaAttribute struct for UserSchemaAttribute
+type UserSchemaAttribute struct {
+	Description          *string                         `json:"description,omitempty"`
+	Enum                 []string                        `json:"enum,omitempty"`
+	ExternalName         *string                         `json:"externalName,omitempty"`
+	ExternalNamespace    *string                         `json:"externalNamespace,omitempty"`
+	Items                *UserSchemaAttributeItems       `json:"items,omitempty"`
+	Master               *UserSchemaAttributeMaster      `json:"master,omitempty"`
+	MaxLength            *int32                          `json:"maxLength,omitempty"`
+	MinLength            *int32                          `json:"minLength,omitempty"`
+	Mutability           *string                         `json:"mutability,omitempty"`
+	OneOf                []UserSchemaAttributeEnum       `json:"oneOf,omitempty"`
+	Pattern              *string                         `json:"pattern,omitempty"`
+	Permissions          []UserSchemaAttributePermission `json:"permissions,omitempty"`
+	Required             *bool                           `json:"required,omitempty"`
+	Scope                *UserSchemaAttributeScope       `json:"scope,omitempty"`
+	Title                *string                         `json:"title,omitempty"`
+	Type                 *UserSchemaAttributeType        `json:"type,omitempty"`
+	Union                *UserSchemaAttributeUnion       `json:"union,omitempty"`
+	Unique               *string                         `json:"unique,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaAttribute UserSchemaAttribute
+
+// NewUserSchemaAttribute instantiates a new UserSchemaAttribute object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaAttribute() *UserSchemaAttribute {
+	this := UserSchemaAttribute{}
+	return &this
+}
+
+// NewUserSchemaAttributeWithDefaults instantiates a new UserSchemaAttribute object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaAttributeWithDefaults() *UserSchemaAttribute {
+	this := UserSchemaAttribute{}
+	return &this
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *UserSchemaAttribute) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetEnum returns the Enum field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetEnum() []string {
+	if o == nil || o.Enum == nil {
+		var ret []string
+		return ret
+	}
+	return o.Enum
+}
+
+// GetEnumOk returns a tuple with the Enum field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetEnumOk() ([]string, bool) {
+	if o == nil || o.Enum == nil {
+		return nil, false
+	}
+	return o.Enum, true
+}
+
+// HasEnum returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasEnum() bool {
+	if o != nil && o.Enum != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnum gets a reference to the given []string and assigns it to the Enum field.
+func (o *UserSchemaAttribute) SetEnum(v []string) {
+	o.Enum = v
+}
+
+// GetExternalName returns the ExternalName field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetExternalName() string {
+	if o == nil || o.ExternalName == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalName
+}
+
+// GetExternalNameOk returns a tuple with the ExternalName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetExternalNameOk() (*string, bool) {
+	if o == nil || o.ExternalName == nil {
+		return nil, false
+	}
+	return o.ExternalName, true
+}
+
+// HasExternalName returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasExternalName() bool {
+	if o != nil && o.ExternalName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalName gets a reference to the given string and assigns it to the ExternalName field.
+func (o *UserSchemaAttribute) SetExternalName(v string) {
+	o.ExternalName = &v
+}
+
+// GetExternalNamespace returns the ExternalNamespace field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetExternalNamespace() string {
+	if o == nil || o.ExternalNamespace == nil {
+		var ret string
+		return ret
+	}
+	return *o.ExternalNamespace
+}
+
+// GetExternalNamespaceOk returns a tuple with the ExternalNamespace field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetExternalNamespaceOk() (*string, bool) {
+	if o == nil || o.ExternalNamespace == nil {
+		return nil, false
+	}
+	return o.ExternalNamespace, true
+}
+
+// HasExternalNamespace returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasExternalNamespace() bool {
+	if o != nil && o.ExternalNamespace != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExternalNamespace gets a reference to the given string and assigns it to the ExternalNamespace field.
+func (o *UserSchemaAttribute) SetExternalNamespace(v string) {
+	o.ExternalNamespace = &v
+}
+
+// GetItems returns the Items field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetItems() UserSchemaAttributeItems {
+	if o == nil || o.Items == nil {
+		var ret UserSchemaAttributeItems
+		return ret
+	}
+	return *o.Items
+}
+
+// GetItemsOk returns a tuple with the Items field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetItemsOk() (*UserSchemaAttributeItems, bool) {
+	if o == nil || o.Items == nil {
+		return nil, false
+	}
+	return o.Items, true
+}
+
+// HasItems returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasItems() bool {
+	if o != nil && o.Items != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetItems gets a reference to the given UserSchemaAttributeItems and assigns it to the Items field.
+func (o *UserSchemaAttribute) SetItems(v UserSchemaAttributeItems) {
+	o.Items = &v
+}
+
+// GetMaster returns the Master field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetMaster() UserSchemaAttributeMaster {
+	if o == nil || o.Master == nil {
+		var ret UserSchemaAttributeMaster
+		return ret
+	}
+	return *o.Master
+}
+
+// GetMasterOk returns a tuple with the Master field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetMasterOk() (*UserSchemaAttributeMaster, bool) {
+	if o == nil || o.Master == nil {
+		return nil, false
+	}
+	return o.Master, true
+}
+
+// HasMaster returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasMaster() bool {
+	if o != nil && o.Master != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaster gets a reference to the given UserSchemaAttributeMaster and assigns it to the Master field.
+func (o *UserSchemaAttribute) SetMaster(v UserSchemaAttributeMaster) {
+	o.Master = &v
+}
+
+// GetMaxLength returns the MaxLength field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetMaxLength() int32 {
+	if o == nil || o.MaxLength == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MaxLength
+}
+
+// GetMaxLengthOk returns a tuple with the MaxLength field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetMaxLengthOk() (*int32, bool) {
+	if o == nil || o.MaxLength == nil {
+		return nil, false
+	}
+	return o.MaxLength, true
+}
+
+// HasMaxLength returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasMaxLength() bool {
+	if o != nil && o.MaxLength != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMaxLength gets a reference to the given int32 and assigns it to the MaxLength field.
+func (o *UserSchemaAttribute) SetMaxLength(v int32) {
+	o.MaxLength = &v
+}
+
+// GetMinLength returns the MinLength field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetMinLength() int32 {
+	if o == nil || o.MinLength == nil {
+		var ret int32
+		return ret
+	}
+	return *o.MinLength
+}
+
+// GetMinLengthOk returns a tuple with the MinLength field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetMinLengthOk() (*int32, bool) {
+	if o == nil || o.MinLength == nil {
+		return nil, false
+	}
+	return o.MinLength, true
+}
+
+// HasMinLength returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasMinLength() bool {
+	if o != nil && o.MinLength != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinLength gets a reference to the given int32 and assigns it to the MinLength field.
+func (o *UserSchemaAttribute) SetMinLength(v int32) {
+	o.MinLength = &v
+}
+
+// GetMutability returns the Mutability field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetMutability() string {
+	if o == nil || o.Mutability == nil {
+		var ret string
+		return ret
+	}
+	return *o.Mutability
+}
+
+// GetMutabilityOk returns a tuple with the Mutability field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetMutabilityOk() (*string, bool) {
+	if o == nil || o.Mutability == nil {
+		return nil, false
+	}
+	return o.Mutability, true
+}
+
+// HasMutability returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasMutability() bool {
+	if o != nil && o.Mutability != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMutability gets a reference to the given string and assigns it to the Mutability field.
+func (o *UserSchemaAttribute) SetMutability(v string) {
+	o.Mutability = &v
+}
+
+// GetOneOf returns the OneOf field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetOneOf() []UserSchemaAttributeEnum {
+	if o == nil || o.OneOf == nil {
+		var ret []UserSchemaAttributeEnum
+		return ret
+	}
+	return o.OneOf
+}
+
+// GetOneOfOk returns a tuple with the OneOf field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetOneOfOk() ([]UserSchemaAttributeEnum, bool) {
+	if o == nil || o.OneOf == nil {
+		return nil, false
+	}
+	return o.OneOf, true
+}
+
+// HasOneOf returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasOneOf() bool {
+	if o != nil && o.OneOf != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOneOf gets a reference to the given []UserSchemaAttributeEnum and assigns it to the OneOf field.
+func (o *UserSchemaAttribute) SetOneOf(v []UserSchemaAttributeEnum) {
+	o.OneOf = v
+}
+
+// GetPattern returns the Pattern field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetPattern() string {
+	if o == nil || o.Pattern == nil {
+		var ret string
+		return ret
+	}
+	return *o.Pattern
+}
+
+// GetPatternOk returns a tuple with the Pattern field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetPatternOk() (*string, bool) {
+	if o == nil || o.Pattern == nil {
+		return nil, false
+	}
+	return o.Pattern, true
+}
+
+// HasPattern returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasPattern() bool {
+	if o != nil && o.Pattern != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPattern gets a reference to the given string and assigns it to the Pattern field.
+func (o *UserSchemaAttribute) SetPattern(v string) {
+	o.Pattern = &v
+}
+
+// GetPermissions returns the Permissions field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetPermissions() []UserSchemaAttributePermission {
+	if o == nil || o.Permissions == nil {
+		var ret []UserSchemaAttributePermission
+		return ret
+	}
+	return o.Permissions
+}
+
+// GetPermissionsOk returns a tuple with the Permissions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetPermissionsOk() ([]UserSchemaAttributePermission, bool) {
+	if o == nil || o.Permissions == nil {
+		return nil, false
+	}
+	return o.Permissions, true
+}
+
+// HasPermissions returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasPermissions() bool {
+	if o != nil && o.Permissions != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPermissions gets a reference to the given []UserSchemaAttributePermission and assigns it to the Permissions field.
+func (o *UserSchemaAttribute) SetPermissions(v []UserSchemaAttributePermission) {
+	o.Permissions = v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetRequired() bool {
+	if o == nil || o.Required == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetRequiredOk() (*bool, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given bool and assigns it to the Required field.
+func (o *UserSchemaAttribute) SetRequired(v bool) {
+	o.Required = &v
+}
+
+// GetScope returns the Scope field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetScope() UserSchemaAttributeScope {
+	if o == nil || o.Scope == nil {
+		var ret UserSchemaAttributeScope
+		return ret
+	}
+	return *o.Scope
+}
+
+// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetScopeOk() (*UserSchemaAttributeScope, bool) {
+	if o == nil || o.Scope == nil {
+		return nil, false
+	}
+	return o.Scope, true
+}
+
+// HasScope returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasScope() bool {
+	if o != nil && o.Scope != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetScope gets a reference to the given UserSchemaAttributeScope and assigns it to the Scope field.
+func (o *UserSchemaAttribute) SetScope(v UserSchemaAttributeScope) {
+	o.Scope = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *UserSchemaAttribute) SetTitle(v string) {
+	o.Title = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetType() UserSchemaAttributeType {
+	if o == nil || o.Type == nil {
+		var ret UserSchemaAttributeType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetTypeOk() (*UserSchemaAttributeType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given UserSchemaAttributeType and assigns it to the Type field.
+func (o *UserSchemaAttribute) SetType(v UserSchemaAttributeType) {
+	o.Type = &v
+}
+
+// GetUnion returns the Union field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetUnion() UserSchemaAttributeUnion {
+	if o == nil || o.Union == nil {
+		var ret UserSchemaAttributeUnion
+		return ret
+	}
+	return *o.Union
+}
+
+// GetUnionOk returns a tuple with the Union field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetUnionOk() (*UserSchemaAttributeUnion, bool) {
+	if o == nil || o.Union == nil {
+		return nil, false
+	}
+	return o.Union, true
+}
+
+// HasUnion returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasUnion() bool {
+	if o != nil && o.Union != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnion gets a reference to the given UserSchemaAttributeUnion and assigns it to the Union field.
+func (o *UserSchemaAttribute) SetUnion(v UserSchemaAttributeUnion) {
+	o.Union = &v
+}
+
+// GetUnique returns the Unique field value if set, zero value otherwise.
+func (o *UserSchemaAttribute) GetUnique() string {
+	if o == nil || o.Unique == nil {
+		var ret string
+		return ret
+	}
+	return *o.Unique
+}
+
+// GetUniqueOk returns a tuple with the Unique field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttribute) GetUniqueOk() (*string, bool) {
+	if o == nil || o.Unique == nil {
+		return nil, false
+	}
+	return o.Unique, true
+}
+
+// HasUnique returns a boolean if a field has been set.
+func (o *UserSchemaAttribute) HasUnique() bool {
+	if o != nil && o.Unique != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUnique gets a reference to the given string and assigns it to the Unique field.
+func (o *UserSchemaAttribute) SetUnique(v string) {
+	o.Unique = &v
+}
+
+func (o UserSchemaAttribute) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.Enum != nil {
+		toSerialize["enum"] = o.Enum
+	}
+	if o.ExternalName != nil {
+		toSerialize["externalName"] = o.ExternalName
+	}
+	if o.ExternalNamespace != nil {
+		toSerialize["externalNamespace"] = o.ExternalNamespace
+	}
+	if o.Items != nil {
+		toSerialize["items"] = o.Items
+	}
+	if o.Master != nil {
+		toSerialize["master"] = o.Master
+	}
+	if o.MaxLength != nil {
+		toSerialize["maxLength"] = o.MaxLength
+	}
+	if o.MinLength != nil {
+		toSerialize["minLength"] = o.MinLength
+	}
+	if o.Mutability != nil {
+		toSerialize["mutability"] = o.Mutability
+	}
+	if o.OneOf != nil {
+		toSerialize["oneOf"] = o.OneOf
+	}
+	if o.Pattern != nil {
+		toSerialize["pattern"] = o.Pattern
+	}
+	if o.Permissions != nil {
+		toSerialize["permissions"] = o.Permissions
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Scope != nil {
+		toSerialize["scope"] = o.Scope
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Union != nil {
+		toSerialize["union"] = o.Union
+	}
+	if o.Unique != nil {
+		toSerialize["unique"] = o.Unique
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaAttribute) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaAttribute := _UserSchemaAttribute{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaAttribute)
+	if err == nil {
+		*o = UserSchemaAttribute(varUserSchemaAttribute)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "enum")
+		delete(additionalProperties, "externalName")
+		delete(additionalProperties, "externalNamespace")
+		delete(additionalProperties, "items")
+		delete(additionalProperties, "master")
+		delete(additionalProperties, "maxLength")
+		delete(additionalProperties, "minLength")
+		delete(additionalProperties, "mutability")
+		delete(additionalProperties, "oneOf")
+		delete(additionalProperties, "pattern")
+		delete(additionalProperties, "permissions")
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "scope")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "union")
+		delete(additionalProperties, "unique")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaAttribute struct {
+	value *UserSchemaAttribute
+	isSet bool
+}
+
+func (v NullableUserSchemaAttribute) Get() *UserSchemaAttribute {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttribute) Set(val *UserSchemaAttribute) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttribute) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttribute) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttribute(val *UserSchemaAttribute) *NullableUserSchemaAttribute {
+	return &NullableUserSchemaAttribute{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttribute) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttribute) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_enum.go b/okta/model_user_schema_attribute_enum.go
new file mode 100644
index 000000000..6553bda9d
--- /dev/null
+++ b/okta/model_user_schema_attribute_enum.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaAttributeEnum struct for UserSchemaAttributeEnum
+type UserSchemaAttributeEnum struct {
+	Const                *string `json:"const,omitempty"`
+	Title                *string `json:"title,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaAttributeEnum UserSchemaAttributeEnum
+
+// NewUserSchemaAttributeEnum instantiates a new UserSchemaAttributeEnum object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaAttributeEnum() *UserSchemaAttributeEnum {
+	this := UserSchemaAttributeEnum{}
+	return &this
+}
+
+// NewUserSchemaAttributeEnumWithDefaults instantiates a new UserSchemaAttributeEnum object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaAttributeEnumWithDefaults() *UserSchemaAttributeEnum {
+	this := UserSchemaAttributeEnum{}
+	return &this
+}
+
+// GetConst returns the Const field value if set, zero value otherwise.
+func (o *UserSchemaAttributeEnum) GetConst() string {
+	if o == nil || o.Const == nil {
+		var ret string
+		return ret
+	}
+	return *o.Const
+}
+
+// GetConstOk returns a tuple with the Const field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeEnum) GetConstOk() (*string, bool) {
+	if o == nil || o.Const == nil {
+		return nil, false
+	}
+	return o.Const, true
+}
+
+// HasConst returns a boolean if a field has been set.
+func (o *UserSchemaAttributeEnum) HasConst() bool {
+	if o != nil && o.Const != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConst gets a reference to the given string and assigns it to the Const field.
+func (o *UserSchemaAttributeEnum) SetConst(v string) {
+	o.Const = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *UserSchemaAttributeEnum) GetTitle() string {
+	if o == nil || o.Title == nil {
+		var ret string
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeEnum) GetTitleOk() (*string, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *UserSchemaAttributeEnum) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given string and assigns it to the Title field.
+func (o *UserSchemaAttributeEnum) SetTitle(v string) {
+	o.Title = &v
+}
+
+func (o UserSchemaAttributeEnum) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Const != nil {
+		toSerialize["const"] = o.Const
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaAttributeEnum) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaAttributeEnum := _UserSchemaAttributeEnum{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaAttributeEnum)
+	if err == nil {
+		*o = UserSchemaAttributeEnum(varUserSchemaAttributeEnum)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "const")
+		delete(additionalProperties, "title")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaAttributeEnum struct {
+	value *UserSchemaAttributeEnum
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeEnum) Get() *UserSchemaAttributeEnum {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeEnum) Set(val *UserSchemaAttributeEnum) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeEnum) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeEnum) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeEnum(val *UserSchemaAttributeEnum) *NullableUserSchemaAttributeEnum {
+	return &NullableUserSchemaAttributeEnum{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeEnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeEnum) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_items.go b/okta/model_user_schema_attribute_items.go
new file mode 100644
index 000000000..5e82f4ab3
--- /dev/null
+++ b/okta/model_user_schema_attribute_items.go
@@ -0,0 +1,232 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaAttributeItems struct for UserSchemaAttributeItems
+type UserSchemaAttributeItems struct {
+	Enum                 []string                  `json:"enum,omitempty"`
+	OneOf                []UserSchemaAttributeEnum `json:"oneOf,omitempty"`
+	Type                 *string                   `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaAttributeItems UserSchemaAttributeItems
+
+// NewUserSchemaAttributeItems instantiates a new UserSchemaAttributeItems object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaAttributeItems() *UserSchemaAttributeItems {
+	this := UserSchemaAttributeItems{}
+	return &this
+}
+
+// NewUserSchemaAttributeItemsWithDefaults instantiates a new UserSchemaAttributeItems object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaAttributeItemsWithDefaults() *UserSchemaAttributeItems {
+	this := UserSchemaAttributeItems{}
+	return &this
+}
+
+// GetEnum returns the Enum field value if set, zero value otherwise.
+func (o *UserSchemaAttributeItems) GetEnum() []string {
+	if o == nil || o.Enum == nil {
+		var ret []string
+		return ret
+	}
+	return o.Enum
+}
+
+// GetEnumOk returns a tuple with the Enum field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeItems) GetEnumOk() ([]string, bool) {
+	if o == nil || o.Enum == nil {
+		return nil, false
+	}
+	return o.Enum, true
+}
+
+// HasEnum returns a boolean if a field has been set.
+func (o *UserSchemaAttributeItems) HasEnum() bool {
+	if o != nil && o.Enum != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEnum gets a reference to the given []string and assigns it to the Enum field.
+func (o *UserSchemaAttributeItems) SetEnum(v []string) {
+	o.Enum = v
+}
+
+// GetOneOf returns the OneOf field value if set, zero value otherwise.
+func (o *UserSchemaAttributeItems) GetOneOf() []UserSchemaAttributeEnum {
+	if o == nil || o.OneOf == nil {
+		var ret []UserSchemaAttributeEnum
+		return ret
+	}
+	return o.OneOf
+}
+
+// GetOneOfOk returns a tuple with the OneOf field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeItems) GetOneOfOk() ([]UserSchemaAttributeEnum, bool) {
+	if o == nil || o.OneOf == nil {
+		return nil, false
+	}
+	return o.OneOf, true
+}
+
+// HasOneOf returns a boolean if a field has been set.
+func (o *UserSchemaAttributeItems) HasOneOf() bool {
+	if o != nil && o.OneOf != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOneOf gets a reference to the given []UserSchemaAttributeEnum and assigns it to the OneOf field.
+func (o *UserSchemaAttributeItems) SetOneOf(v []UserSchemaAttributeEnum) {
+	o.OneOf = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserSchemaAttributeItems) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeItems) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserSchemaAttributeItems) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *UserSchemaAttributeItems) SetType(v string) {
+	o.Type = &v
+}
+
+func (o UserSchemaAttributeItems) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Enum != nil {
+		toSerialize["enum"] = o.Enum
+	}
+	if o.OneOf != nil {
+		toSerialize["oneOf"] = o.OneOf
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaAttributeItems) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaAttributeItems := _UserSchemaAttributeItems{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaAttributeItems)
+	if err == nil {
+		*o = UserSchemaAttributeItems(varUserSchemaAttributeItems)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "enum")
+		delete(additionalProperties, "oneOf")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaAttributeItems struct {
+	value *UserSchemaAttributeItems
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeItems) Get() *UserSchemaAttributeItems {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeItems) Set(val *UserSchemaAttributeItems) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeItems) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeItems) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeItems(val *UserSchemaAttributeItems) *NullableUserSchemaAttributeItems {
+	return &NullableUserSchemaAttributeItems{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeItems) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeItems) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_master.go b/okta/model_user_schema_attribute_master.go
new file mode 100644
index 000000000..f42b61252
--- /dev/null
+++ b/okta/model_user_schema_attribute_master.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaAttributeMaster struct for UserSchemaAttributeMaster
+type UserSchemaAttributeMaster struct {
+	Priority             []UserSchemaAttributeMasterPriority `json:"priority,omitempty"`
+	Type                 *UserSchemaAttributeMasterType      `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaAttributeMaster UserSchemaAttributeMaster
+
+// NewUserSchemaAttributeMaster instantiates a new UserSchemaAttributeMaster object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaAttributeMaster() *UserSchemaAttributeMaster {
+	this := UserSchemaAttributeMaster{}
+	return &this
+}
+
+// NewUserSchemaAttributeMasterWithDefaults instantiates a new UserSchemaAttributeMaster object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaAttributeMasterWithDefaults() *UserSchemaAttributeMaster {
+	this := UserSchemaAttributeMaster{}
+	return &this
+}
+
+// GetPriority returns the Priority field value if set, zero value otherwise.
+func (o *UserSchemaAttributeMaster) GetPriority() []UserSchemaAttributeMasterPriority {
+	if o == nil || o.Priority == nil {
+		var ret []UserSchemaAttributeMasterPriority
+		return ret
+	}
+	return o.Priority
+}
+
+// GetPriorityOk returns a tuple with the Priority field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeMaster) GetPriorityOk() ([]UserSchemaAttributeMasterPriority, bool) {
+	if o == nil || o.Priority == nil {
+		return nil, false
+	}
+	return o.Priority, true
+}
+
+// HasPriority returns a boolean if a field has been set.
+func (o *UserSchemaAttributeMaster) HasPriority() bool {
+	if o != nil && o.Priority != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPriority gets a reference to the given []UserSchemaAttributeMasterPriority and assigns it to the Priority field.
+func (o *UserSchemaAttributeMaster) SetPriority(v []UserSchemaAttributeMasterPriority) {
+	o.Priority = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserSchemaAttributeMaster) GetType() UserSchemaAttributeMasterType {
+	if o == nil || o.Type == nil {
+		var ret UserSchemaAttributeMasterType
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeMaster) GetTypeOk() (*UserSchemaAttributeMasterType, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserSchemaAttributeMaster) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given UserSchemaAttributeMasterType and assigns it to the Type field.
+func (o *UserSchemaAttributeMaster) SetType(v UserSchemaAttributeMasterType) {
+	o.Type = &v
+}
+
+func (o UserSchemaAttributeMaster) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Priority != nil {
+		toSerialize["priority"] = o.Priority
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaAttributeMaster) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaAttributeMaster := _UserSchemaAttributeMaster{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaAttributeMaster)
+	if err == nil {
+		*o = UserSchemaAttributeMaster(varUserSchemaAttributeMaster)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "priority")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaAttributeMaster struct {
+	value *UserSchemaAttributeMaster
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeMaster) Get() *UserSchemaAttributeMaster {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeMaster) Set(val *UserSchemaAttributeMaster) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeMaster) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeMaster) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeMaster(val *UserSchemaAttributeMaster) *NullableUserSchemaAttributeMaster {
+	return &NullableUserSchemaAttributeMaster{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeMaster) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeMaster) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_master_priority.go b/okta/model_user_schema_attribute_master_priority.go
new file mode 100644
index 000000000..f10278761
--- /dev/null
+++ b/okta/model_user_schema_attribute_master_priority.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaAttributeMasterPriority struct for UserSchemaAttributeMasterPriority
+type UserSchemaAttributeMasterPriority struct {
+	Type                 *string `json:"type,omitempty"`
+	Value                *string `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaAttributeMasterPriority UserSchemaAttributeMasterPriority
+
+// NewUserSchemaAttributeMasterPriority instantiates a new UserSchemaAttributeMasterPriority object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaAttributeMasterPriority() *UserSchemaAttributeMasterPriority {
+	this := UserSchemaAttributeMasterPriority{}
+	return &this
+}
+
+// NewUserSchemaAttributeMasterPriorityWithDefaults instantiates a new UserSchemaAttributeMasterPriority object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaAttributeMasterPriorityWithDefaults() *UserSchemaAttributeMasterPriority {
+	this := UserSchemaAttributeMasterPriority{}
+	return &this
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserSchemaAttributeMasterPriority) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeMasterPriority) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserSchemaAttributeMasterPriority) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *UserSchemaAttributeMasterPriority) SetType(v string) {
+	o.Type = &v
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *UserSchemaAttributeMasterPriority) GetValue() string {
+	if o == nil || o.Value == nil {
+		var ret string
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributeMasterPriority) GetValueOk() (*string, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *UserSchemaAttributeMasterPriority) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given string and assigns it to the Value field.
+func (o *UserSchemaAttributeMasterPriority) SetValue(v string) {
+	o.Value = &v
+}
+
+func (o UserSchemaAttributeMasterPriority) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaAttributeMasterPriority) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaAttributeMasterPriority := _UserSchemaAttributeMasterPriority{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaAttributeMasterPriority)
+	if err == nil {
+		*o = UserSchemaAttributeMasterPriority(varUserSchemaAttributeMasterPriority)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "type")
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaAttributeMasterPriority struct {
+	value *UserSchemaAttributeMasterPriority
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeMasterPriority) Get() *UserSchemaAttributeMasterPriority {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeMasterPriority) Set(val *UserSchemaAttributeMasterPriority) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeMasterPriority) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeMasterPriority) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeMasterPriority(val *UserSchemaAttributeMasterPriority) *NullableUserSchemaAttributeMasterPriority {
+	return &NullableUserSchemaAttributeMasterPriority{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeMasterPriority) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeMasterPriority) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_master_type.go b/okta/model_user_schema_attribute_master_type.go
new file mode 100644
index 000000000..3386a0ac4
--- /dev/null
+++ b/okta/model_user_schema_attribute_master_type.go
@@ -0,0 +1,126 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserSchemaAttributeMasterType the model 'UserSchemaAttributeMasterType'
+type UserSchemaAttributeMasterType string
+
+// List of UserSchemaAttributeMasterType
+const (
+	USERSCHEMAATTRIBUTEMASTERTYPE_OKTA           UserSchemaAttributeMasterType = "OKTA"
+	USERSCHEMAATTRIBUTEMASTERTYPE_OVERRIDE       UserSchemaAttributeMasterType = "OVERRIDE"
+	USERSCHEMAATTRIBUTEMASTERTYPE_PROFILE_MASTER UserSchemaAttributeMasterType = "PROFILE_MASTER"
+)
+
+// All allowed values of UserSchemaAttributeMasterType enum
+var AllowedUserSchemaAttributeMasterTypeEnumValues = []UserSchemaAttributeMasterType{
+	"OKTA",
+	"OVERRIDE",
+	"PROFILE_MASTER",
+}
+
+func (v *UserSchemaAttributeMasterType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserSchemaAttributeMasterType(value)
+	for _, existing := range AllowedUserSchemaAttributeMasterTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserSchemaAttributeMasterType", value)
+}
+
+// NewUserSchemaAttributeMasterTypeFromValue returns a pointer to a valid UserSchemaAttributeMasterType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserSchemaAttributeMasterTypeFromValue(v string) (*UserSchemaAttributeMasterType, error) {
+	ev := UserSchemaAttributeMasterType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserSchemaAttributeMasterType: valid values are %v", v, AllowedUserSchemaAttributeMasterTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserSchemaAttributeMasterType) IsValid() bool {
+	for _, existing := range AllowedUserSchemaAttributeMasterTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserSchemaAttributeMasterType value
+func (v UserSchemaAttributeMasterType) Ptr() *UserSchemaAttributeMasterType {
+	return &v
+}
+
+type NullableUserSchemaAttributeMasterType struct {
+	value *UserSchemaAttributeMasterType
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeMasterType) Get() *UserSchemaAttributeMasterType {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeMasterType) Set(val *UserSchemaAttributeMasterType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeMasterType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeMasterType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeMasterType(val *UserSchemaAttributeMasterType) *NullableUserSchemaAttributeMasterType {
+	return &NullableUserSchemaAttributeMasterType{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeMasterType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeMasterType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_permission.go b/okta/model_user_schema_attribute_permission.go
new file mode 100644
index 000000000..86302fdc1
--- /dev/null
+++ b/okta/model_user_schema_attribute_permission.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaAttributePermission struct for UserSchemaAttributePermission
+type UserSchemaAttributePermission struct {
+	Action               *string `json:"action,omitempty"`
+	Principal            *string `json:"principal,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaAttributePermission UserSchemaAttributePermission
+
+// NewUserSchemaAttributePermission instantiates a new UserSchemaAttributePermission object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaAttributePermission() *UserSchemaAttributePermission {
+	this := UserSchemaAttributePermission{}
+	return &this
+}
+
+// NewUserSchemaAttributePermissionWithDefaults instantiates a new UserSchemaAttributePermission object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaAttributePermissionWithDefaults() *UserSchemaAttributePermission {
+	this := UserSchemaAttributePermission{}
+	return &this
+}
+
+// GetAction returns the Action field value if set, zero value otherwise.
+func (o *UserSchemaAttributePermission) GetAction() string {
+	if o == nil || o.Action == nil {
+		var ret string
+		return ret
+	}
+	return *o.Action
+}
+
+// GetActionOk returns a tuple with the Action field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributePermission) GetActionOk() (*string, bool) {
+	if o == nil || o.Action == nil {
+		return nil, false
+	}
+	return o.Action, true
+}
+
+// HasAction returns a boolean if a field has been set.
+func (o *UserSchemaAttributePermission) HasAction() bool {
+	if o != nil && o.Action != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAction gets a reference to the given string and assigns it to the Action field.
+func (o *UserSchemaAttributePermission) SetAction(v string) {
+	o.Action = &v
+}
+
+// GetPrincipal returns the Principal field value if set, zero value otherwise.
+func (o *UserSchemaAttributePermission) GetPrincipal() string {
+	if o == nil || o.Principal == nil {
+		var ret string
+		return ret
+	}
+	return *o.Principal
+}
+
+// GetPrincipalOk returns a tuple with the Principal field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaAttributePermission) GetPrincipalOk() (*string, bool) {
+	if o == nil || o.Principal == nil {
+		return nil, false
+	}
+	return o.Principal, true
+}
+
+// HasPrincipal returns a boolean if a field has been set.
+func (o *UserSchemaAttributePermission) HasPrincipal() bool {
+	if o != nil && o.Principal != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrincipal gets a reference to the given string and assigns it to the Principal field.
+func (o *UserSchemaAttributePermission) SetPrincipal(v string) {
+	o.Principal = &v
+}
+
+func (o UserSchemaAttributePermission) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Action != nil {
+		toSerialize["action"] = o.Action
+	}
+	if o.Principal != nil {
+		toSerialize["principal"] = o.Principal
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaAttributePermission) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaAttributePermission := _UserSchemaAttributePermission{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaAttributePermission)
+	if err == nil {
+		*o = UserSchemaAttributePermission(varUserSchemaAttributePermission)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "action")
+		delete(additionalProperties, "principal")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaAttributePermission struct {
+	value *UserSchemaAttributePermission
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributePermission) Get() *UserSchemaAttributePermission {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributePermission) Set(val *UserSchemaAttributePermission) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributePermission) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributePermission) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributePermission(val *UserSchemaAttributePermission) *NullableUserSchemaAttributePermission {
+	return &NullableUserSchemaAttributePermission{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributePermission) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributePermission) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_scope.go b/okta/model_user_schema_attribute_scope.go
new file mode 100644
index 000000000..2604daee8
--- /dev/null
+++ b/okta/model_user_schema_attribute_scope.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserSchemaAttributeScope the model 'UserSchemaAttributeScope'
+type UserSchemaAttributeScope string
+
+// List of UserSchemaAttributeScope
+const (
+	USERSCHEMAATTRIBUTESCOPE_NONE UserSchemaAttributeScope = "NONE"
+	USERSCHEMAATTRIBUTESCOPE_SELF UserSchemaAttributeScope = "SELF"
+)
+
+// All allowed values of UserSchemaAttributeScope enum
+var AllowedUserSchemaAttributeScopeEnumValues = []UserSchemaAttributeScope{
+	"NONE",
+	"SELF",
+}
+
+func (v *UserSchemaAttributeScope) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserSchemaAttributeScope(value)
+	for _, existing := range AllowedUserSchemaAttributeScopeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserSchemaAttributeScope", value)
+}
+
+// NewUserSchemaAttributeScopeFromValue returns a pointer to a valid UserSchemaAttributeScope
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserSchemaAttributeScopeFromValue(v string) (*UserSchemaAttributeScope, error) {
+	ev := UserSchemaAttributeScope(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserSchemaAttributeScope: valid values are %v", v, AllowedUserSchemaAttributeScopeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserSchemaAttributeScope) IsValid() bool {
+	for _, existing := range AllowedUserSchemaAttributeScopeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserSchemaAttributeScope value
+func (v UserSchemaAttributeScope) Ptr() *UserSchemaAttributeScope {
+	return &v
+}
+
+type NullableUserSchemaAttributeScope struct {
+	value *UserSchemaAttributeScope
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeScope) Get() *UserSchemaAttributeScope {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeScope) Set(val *UserSchemaAttributeScope) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeScope) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeScope) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeScope(val *UserSchemaAttributeScope) *NullableUserSchemaAttributeScope {
+	return &NullableUserSchemaAttributeScope{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeScope) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeScope) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_type.go b/okta/model_user_schema_attribute_type.go
new file mode 100644
index 000000000..d67b8600f
--- /dev/null
+++ b/okta/model_user_schema_attribute_type.go
@@ -0,0 +1,130 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserSchemaAttributeType the model 'UserSchemaAttributeType'
+type UserSchemaAttributeType string
+
+// List of UserSchemaAttributeType
+const (
+	USERSCHEMAATTRIBUTETYPE_ARRAY   UserSchemaAttributeType = "array"
+	USERSCHEMAATTRIBUTETYPE_BOOLEAN UserSchemaAttributeType = "boolean"
+	USERSCHEMAATTRIBUTETYPE_INTEGER UserSchemaAttributeType = "integer"
+	USERSCHEMAATTRIBUTETYPE_NUMBER  UserSchemaAttributeType = "number"
+	USERSCHEMAATTRIBUTETYPE_STRING  UserSchemaAttributeType = "string"
+)
+
+// All allowed values of UserSchemaAttributeType enum
+var AllowedUserSchemaAttributeTypeEnumValues = []UserSchemaAttributeType{
+	"array",
+	"boolean",
+	"integer",
+	"number",
+	"string",
+}
+
+func (v *UserSchemaAttributeType) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserSchemaAttributeType(value)
+	for _, existing := range AllowedUserSchemaAttributeTypeEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserSchemaAttributeType", value)
+}
+
+// NewUserSchemaAttributeTypeFromValue returns a pointer to a valid UserSchemaAttributeType
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserSchemaAttributeTypeFromValue(v string) (*UserSchemaAttributeType, error) {
+	ev := UserSchemaAttributeType(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserSchemaAttributeType: valid values are %v", v, AllowedUserSchemaAttributeTypeEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserSchemaAttributeType) IsValid() bool {
+	for _, existing := range AllowedUserSchemaAttributeTypeEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserSchemaAttributeType value
+func (v UserSchemaAttributeType) Ptr() *UserSchemaAttributeType {
+	return &v
+}
+
+type NullableUserSchemaAttributeType struct {
+	value *UserSchemaAttributeType
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeType) Get() *UserSchemaAttributeType {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeType) Set(val *UserSchemaAttributeType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeType(val *UserSchemaAttributeType) *NullableUserSchemaAttributeType {
+	return &NullableUserSchemaAttributeType{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_attribute_union.go b/okta/model_user_schema_attribute_union.go
new file mode 100644
index 000000000..ed9bc61c0
--- /dev/null
+++ b/okta/model_user_schema_attribute_union.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserSchemaAttributeUnion the model 'UserSchemaAttributeUnion'
+type UserSchemaAttributeUnion string
+
+// List of UserSchemaAttributeUnion
+const (
+	USERSCHEMAATTRIBUTEUNION_DISABLE UserSchemaAttributeUnion = "DISABLE"
+	USERSCHEMAATTRIBUTEUNION_ENABLE  UserSchemaAttributeUnion = "ENABLE"
+)
+
+// All allowed values of UserSchemaAttributeUnion enum
+var AllowedUserSchemaAttributeUnionEnumValues = []UserSchemaAttributeUnion{
+	"DISABLE",
+	"ENABLE",
+}
+
+func (v *UserSchemaAttributeUnion) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserSchemaAttributeUnion(value)
+	for _, existing := range AllowedUserSchemaAttributeUnionEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserSchemaAttributeUnion", value)
+}
+
+// NewUserSchemaAttributeUnionFromValue returns a pointer to a valid UserSchemaAttributeUnion
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserSchemaAttributeUnionFromValue(v string) (*UserSchemaAttributeUnion, error) {
+	ev := UserSchemaAttributeUnion(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserSchemaAttributeUnion: valid values are %v", v, AllowedUserSchemaAttributeUnionEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserSchemaAttributeUnion) IsValid() bool {
+	for _, existing := range AllowedUserSchemaAttributeUnionEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserSchemaAttributeUnion value
+func (v UserSchemaAttributeUnion) Ptr() *UserSchemaAttributeUnion {
+	return &v
+}
+
+type NullableUserSchemaAttributeUnion struct {
+	value *UserSchemaAttributeUnion
+	isSet bool
+}
+
+func (v NullableUserSchemaAttributeUnion) Get() *UserSchemaAttributeUnion {
+	return v.value
+}
+
+func (v *NullableUserSchemaAttributeUnion) Set(val *UserSchemaAttributeUnion) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaAttributeUnion) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaAttributeUnion) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaAttributeUnion(val *UserSchemaAttributeUnion) *NullableUserSchemaAttributeUnion {
+	return &NullableUserSchemaAttributeUnion{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaAttributeUnion) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaAttributeUnion) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_base.go b/okta/model_user_schema_base.go
new file mode 100644
index 000000000..b31b15c9d
--- /dev/null
+++ b/okta/model_user_schema_base.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaBase struct for UserSchemaBase
+type UserSchemaBase struct {
+	Id                   *string                   `json:"id,omitempty"`
+	Properties           *UserSchemaBaseProperties `json:"properties,omitempty"`
+	Required             []string                  `json:"required,omitempty"`
+	Type                 *string                   `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaBase UserSchemaBase
+
+// NewUserSchemaBase instantiates a new UserSchemaBase object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaBase() *UserSchemaBase {
+	this := UserSchemaBase{}
+	return &this
+}
+
+// NewUserSchemaBaseWithDefaults instantiates a new UserSchemaBase object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaBaseWithDefaults() *UserSchemaBase {
+	this := UserSchemaBase{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *UserSchemaBase) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBase) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *UserSchemaBase) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *UserSchemaBase) SetId(v string) {
+	o.Id = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *UserSchemaBase) GetProperties() UserSchemaBaseProperties {
+	if o == nil || o.Properties == nil {
+		var ret UserSchemaBaseProperties
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBase) GetPropertiesOk() (*UserSchemaBaseProperties, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *UserSchemaBase) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given UserSchemaBaseProperties and assigns it to the Properties field.
+func (o *UserSchemaBase) SetProperties(v UserSchemaBaseProperties) {
+	o.Properties = &v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *UserSchemaBase) GetRequired() []string {
+	if o == nil || o.Required == nil {
+		var ret []string
+		return ret
+	}
+	return o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBase) GetRequiredOk() ([]string, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *UserSchemaBase) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given []string and assigns it to the Required field.
+func (o *UserSchemaBase) SetRequired(v []string) {
+	o.Required = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserSchemaBase) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBase) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserSchemaBase) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *UserSchemaBase) SetType(v string) {
+	o.Type = &v
+}
+
+func (o UserSchemaBase) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaBase) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaBase := _UserSchemaBase{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaBase)
+	if err == nil {
+		*o = UserSchemaBase(varUserSchemaBase)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaBase struct {
+	value *UserSchemaBase
+	isSet bool
+}
+
+func (v NullableUserSchemaBase) Get() *UserSchemaBase {
+	return v.value
+}
+
+func (v *NullableUserSchemaBase) Set(val *UserSchemaBase) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaBase) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaBase) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaBase(val *UserSchemaBase) *NullableUserSchemaBase {
+	return &NullableUserSchemaBase{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaBase) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaBase) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_base_properties.go b/okta/model_user_schema_base_properties.go
new file mode 100644
index 000000000..02374f96c
--- /dev/null
+++ b/okta/model_user_schema_base_properties.go
@@ -0,0 +1,1268 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaBaseProperties struct for UserSchemaBaseProperties
+type UserSchemaBaseProperties struct {
+	City                 *UserSchemaAttribute `json:"city,omitempty"`
+	CostCenter           *UserSchemaAttribute `json:"costCenter,omitempty"`
+	CountryCode          *UserSchemaAttribute `json:"countryCode,omitempty"`
+	Department           *UserSchemaAttribute `json:"department,omitempty"`
+	DisplayName          *UserSchemaAttribute `json:"displayName,omitempty"`
+	Division             *UserSchemaAttribute `json:"division,omitempty"`
+	Email                *UserSchemaAttribute `json:"email,omitempty"`
+	EmployeeNumber       *UserSchemaAttribute `json:"employeeNumber,omitempty"`
+	FirstName            *UserSchemaAttribute `json:"firstName,omitempty"`
+	HonorificPrefix      *UserSchemaAttribute `json:"honorificPrefix,omitempty"`
+	HonorificSuffix      *UserSchemaAttribute `json:"honorificSuffix,omitempty"`
+	LastName             *UserSchemaAttribute `json:"lastName,omitempty"`
+	Locale               *UserSchemaAttribute `json:"locale,omitempty"`
+	Login                *UserSchemaAttribute `json:"login,omitempty"`
+	Manager              *UserSchemaAttribute `json:"manager,omitempty"`
+	ManagerId            *UserSchemaAttribute `json:"managerId,omitempty"`
+	MiddleName           *UserSchemaAttribute `json:"middleName,omitempty"`
+	MobilePhone          *UserSchemaAttribute `json:"mobilePhone,omitempty"`
+	NickName             *UserSchemaAttribute `json:"nickName,omitempty"`
+	Organization         *UserSchemaAttribute `json:"organization,omitempty"`
+	PostalAddress        *UserSchemaAttribute `json:"postalAddress,omitempty"`
+	PreferredLanguage    *UserSchemaAttribute `json:"preferredLanguage,omitempty"`
+	PrimaryPhone         *UserSchemaAttribute `json:"primaryPhone,omitempty"`
+	ProfileUrl           *UserSchemaAttribute `json:"profileUrl,omitempty"`
+	SecondEmail          *UserSchemaAttribute `json:"secondEmail,omitempty"`
+	State                *UserSchemaAttribute `json:"state,omitempty"`
+	StreetAddress        *UserSchemaAttribute `json:"streetAddress,omitempty"`
+	Timezone             *UserSchemaAttribute `json:"timezone,omitempty"`
+	Title                *UserSchemaAttribute `json:"title,omitempty"`
+	UserType             *UserSchemaAttribute `json:"userType,omitempty"`
+	ZipCode              *UserSchemaAttribute `json:"zipCode,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaBaseProperties UserSchemaBaseProperties
+
+// NewUserSchemaBaseProperties instantiates a new UserSchemaBaseProperties object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaBaseProperties() *UserSchemaBaseProperties {
+	this := UserSchemaBaseProperties{}
+	return &this
+}
+
+// NewUserSchemaBasePropertiesWithDefaults instantiates a new UserSchemaBaseProperties object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaBasePropertiesWithDefaults() *UserSchemaBaseProperties {
+	this := UserSchemaBaseProperties{}
+	return &this
+}
+
+// GetCity returns the City field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetCity() UserSchemaAttribute {
+	if o == nil || o.City == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.City
+}
+
+// GetCityOk returns a tuple with the City field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetCityOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.City == nil {
+		return nil, false
+	}
+	return o.City, true
+}
+
+// HasCity returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasCity() bool {
+	if o != nil && o.City != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCity gets a reference to the given UserSchemaAttribute and assigns it to the City field.
+func (o *UserSchemaBaseProperties) SetCity(v UserSchemaAttribute) {
+	o.City = &v
+}
+
+// GetCostCenter returns the CostCenter field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetCostCenter() UserSchemaAttribute {
+	if o == nil || o.CostCenter == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.CostCenter
+}
+
+// GetCostCenterOk returns a tuple with the CostCenter field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetCostCenterOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.CostCenter == nil {
+		return nil, false
+	}
+	return o.CostCenter, true
+}
+
+// HasCostCenter returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasCostCenter() bool {
+	if o != nil && o.CostCenter != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCostCenter gets a reference to the given UserSchemaAttribute and assigns it to the CostCenter field.
+func (o *UserSchemaBaseProperties) SetCostCenter(v UserSchemaAttribute) {
+	o.CostCenter = &v
+}
+
+// GetCountryCode returns the CountryCode field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetCountryCode() UserSchemaAttribute {
+	if o == nil || o.CountryCode == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.CountryCode
+}
+
+// GetCountryCodeOk returns a tuple with the CountryCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetCountryCodeOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.CountryCode == nil {
+		return nil, false
+	}
+	return o.CountryCode, true
+}
+
+// HasCountryCode returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasCountryCode() bool {
+	if o != nil && o.CountryCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCountryCode gets a reference to the given UserSchemaAttribute and assigns it to the CountryCode field.
+func (o *UserSchemaBaseProperties) SetCountryCode(v UserSchemaAttribute) {
+	o.CountryCode = &v
+}
+
+// GetDepartment returns the Department field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetDepartment() UserSchemaAttribute {
+	if o == nil || o.Department == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Department
+}
+
+// GetDepartmentOk returns a tuple with the Department field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetDepartmentOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Department == nil {
+		return nil, false
+	}
+	return o.Department, true
+}
+
+// HasDepartment returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasDepartment() bool {
+	if o != nil && o.Department != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDepartment gets a reference to the given UserSchemaAttribute and assigns it to the Department field.
+func (o *UserSchemaBaseProperties) SetDepartment(v UserSchemaAttribute) {
+	o.Department = &v
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetDisplayName() UserSchemaAttribute {
+	if o == nil || o.DisplayName == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetDisplayNameOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given UserSchemaAttribute and assigns it to the DisplayName field.
+func (o *UserSchemaBaseProperties) SetDisplayName(v UserSchemaAttribute) {
+	o.DisplayName = &v
+}
+
+// GetDivision returns the Division field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetDivision() UserSchemaAttribute {
+	if o == nil || o.Division == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Division
+}
+
+// GetDivisionOk returns a tuple with the Division field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetDivisionOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Division == nil {
+		return nil, false
+	}
+	return o.Division, true
+}
+
+// HasDivision returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasDivision() bool {
+	if o != nil && o.Division != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDivision gets a reference to the given UserSchemaAttribute and assigns it to the Division field.
+func (o *UserSchemaBaseProperties) SetDivision(v UserSchemaAttribute) {
+	o.Division = &v
+}
+
+// GetEmail returns the Email field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetEmail() UserSchemaAttribute {
+	if o == nil || o.Email == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Email
+}
+
+// GetEmailOk returns a tuple with the Email field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetEmailOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Email == nil {
+		return nil, false
+	}
+	return o.Email, true
+}
+
+// HasEmail returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasEmail() bool {
+	if o != nil && o.Email != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmail gets a reference to the given UserSchemaAttribute and assigns it to the Email field.
+func (o *UserSchemaBaseProperties) SetEmail(v UserSchemaAttribute) {
+	o.Email = &v
+}
+
+// GetEmployeeNumber returns the EmployeeNumber field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetEmployeeNumber() UserSchemaAttribute {
+	if o == nil || o.EmployeeNumber == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.EmployeeNumber
+}
+
+// GetEmployeeNumberOk returns a tuple with the EmployeeNumber field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetEmployeeNumberOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.EmployeeNumber == nil {
+		return nil, false
+	}
+	return o.EmployeeNumber, true
+}
+
+// HasEmployeeNumber returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasEmployeeNumber() bool {
+	if o != nil && o.EmployeeNumber != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmployeeNumber gets a reference to the given UserSchemaAttribute and assigns it to the EmployeeNumber field.
+func (o *UserSchemaBaseProperties) SetEmployeeNumber(v UserSchemaAttribute) {
+	o.EmployeeNumber = &v
+}
+
+// GetFirstName returns the FirstName field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetFirstName() UserSchemaAttribute {
+	if o == nil || o.FirstName == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.FirstName
+}
+
+// GetFirstNameOk returns a tuple with the FirstName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetFirstNameOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.FirstName == nil {
+		return nil, false
+	}
+	return o.FirstName, true
+}
+
+// HasFirstName returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasFirstName() bool {
+	if o != nil && o.FirstName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFirstName gets a reference to the given UserSchemaAttribute and assigns it to the FirstName field.
+func (o *UserSchemaBaseProperties) SetFirstName(v UserSchemaAttribute) {
+	o.FirstName = &v
+}
+
+// GetHonorificPrefix returns the HonorificPrefix field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetHonorificPrefix() UserSchemaAttribute {
+	if o == nil || o.HonorificPrefix == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.HonorificPrefix
+}
+
+// GetHonorificPrefixOk returns a tuple with the HonorificPrefix field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetHonorificPrefixOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.HonorificPrefix == nil {
+		return nil, false
+	}
+	return o.HonorificPrefix, true
+}
+
+// HasHonorificPrefix returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasHonorificPrefix() bool {
+	if o != nil && o.HonorificPrefix != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHonorificPrefix gets a reference to the given UserSchemaAttribute and assigns it to the HonorificPrefix field.
+func (o *UserSchemaBaseProperties) SetHonorificPrefix(v UserSchemaAttribute) {
+	o.HonorificPrefix = &v
+}
+
+// GetHonorificSuffix returns the HonorificSuffix field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetHonorificSuffix() UserSchemaAttribute {
+	if o == nil || o.HonorificSuffix == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.HonorificSuffix
+}
+
+// GetHonorificSuffixOk returns a tuple with the HonorificSuffix field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetHonorificSuffixOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.HonorificSuffix == nil {
+		return nil, false
+	}
+	return o.HonorificSuffix, true
+}
+
+// HasHonorificSuffix returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasHonorificSuffix() bool {
+	if o != nil && o.HonorificSuffix != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetHonorificSuffix gets a reference to the given UserSchemaAttribute and assigns it to the HonorificSuffix field.
+func (o *UserSchemaBaseProperties) SetHonorificSuffix(v UserSchemaAttribute) {
+	o.HonorificSuffix = &v
+}
+
+// GetLastName returns the LastName field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetLastName() UserSchemaAttribute {
+	if o == nil || o.LastName == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.LastName
+}
+
+// GetLastNameOk returns a tuple with the LastName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetLastNameOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.LastName == nil {
+		return nil, false
+	}
+	return o.LastName, true
+}
+
+// HasLastName returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasLastName() bool {
+	if o != nil && o.LastName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastName gets a reference to the given UserSchemaAttribute and assigns it to the LastName field.
+func (o *UserSchemaBaseProperties) SetLastName(v UserSchemaAttribute) {
+	o.LastName = &v
+}
+
+// GetLocale returns the Locale field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetLocale() UserSchemaAttribute {
+	if o == nil || o.Locale == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Locale
+}
+
+// GetLocaleOk returns a tuple with the Locale field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetLocaleOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Locale == nil {
+		return nil, false
+	}
+	return o.Locale, true
+}
+
+// HasLocale returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasLocale() bool {
+	if o != nil && o.Locale != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLocale gets a reference to the given UserSchemaAttribute and assigns it to the Locale field.
+func (o *UserSchemaBaseProperties) SetLocale(v UserSchemaAttribute) {
+	o.Locale = &v
+}
+
+// GetLogin returns the Login field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetLogin() UserSchemaAttribute {
+	if o == nil || o.Login == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Login
+}
+
+// GetLoginOk returns a tuple with the Login field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetLoginOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Login == nil {
+		return nil, false
+	}
+	return o.Login, true
+}
+
+// HasLogin returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasLogin() bool {
+	if o != nil && o.Login != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLogin gets a reference to the given UserSchemaAttribute and assigns it to the Login field.
+func (o *UserSchemaBaseProperties) SetLogin(v UserSchemaAttribute) {
+	o.Login = &v
+}
+
+// GetManager returns the Manager field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetManager() UserSchemaAttribute {
+	if o == nil || o.Manager == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Manager
+}
+
+// GetManagerOk returns a tuple with the Manager field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetManagerOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Manager == nil {
+		return nil, false
+	}
+	return o.Manager, true
+}
+
+// HasManager returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasManager() bool {
+	if o != nil && o.Manager != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetManager gets a reference to the given UserSchemaAttribute and assigns it to the Manager field.
+func (o *UserSchemaBaseProperties) SetManager(v UserSchemaAttribute) {
+	o.Manager = &v
+}
+
+// GetManagerId returns the ManagerId field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetManagerId() UserSchemaAttribute {
+	if o == nil || o.ManagerId == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.ManagerId
+}
+
+// GetManagerIdOk returns a tuple with the ManagerId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetManagerIdOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.ManagerId == nil {
+		return nil, false
+	}
+	return o.ManagerId, true
+}
+
+// HasManagerId returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasManagerId() bool {
+	if o != nil && o.ManagerId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetManagerId gets a reference to the given UserSchemaAttribute and assigns it to the ManagerId field.
+func (o *UserSchemaBaseProperties) SetManagerId(v UserSchemaAttribute) {
+	o.ManagerId = &v
+}
+
+// GetMiddleName returns the MiddleName field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetMiddleName() UserSchemaAttribute {
+	if o == nil || o.MiddleName == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.MiddleName
+}
+
+// GetMiddleNameOk returns a tuple with the MiddleName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetMiddleNameOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.MiddleName == nil {
+		return nil, false
+	}
+	return o.MiddleName, true
+}
+
+// HasMiddleName returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasMiddleName() bool {
+	if o != nil && o.MiddleName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMiddleName gets a reference to the given UserSchemaAttribute and assigns it to the MiddleName field.
+func (o *UserSchemaBaseProperties) SetMiddleName(v UserSchemaAttribute) {
+	o.MiddleName = &v
+}
+
+// GetMobilePhone returns the MobilePhone field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetMobilePhone() UserSchemaAttribute {
+	if o == nil || o.MobilePhone == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.MobilePhone
+}
+
+// GetMobilePhoneOk returns a tuple with the MobilePhone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetMobilePhoneOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.MobilePhone == nil {
+		return nil, false
+	}
+	return o.MobilePhone, true
+}
+
+// HasMobilePhone returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasMobilePhone() bool {
+	if o != nil && o.MobilePhone != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMobilePhone gets a reference to the given UserSchemaAttribute and assigns it to the MobilePhone field.
+func (o *UserSchemaBaseProperties) SetMobilePhone(v UserSchemaAttribute) {
+	o.MobilePhone = &v
+}
+
+// GetNickName returns the NickName field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetNickName() UserSchemaAttribute {
+	if o == nil || o.NickName == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.NickName
+}
+
+// GetNickNameOk returns a tuple with the NickName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetNickNameOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.NickName == nil {
+		return nil, false
+	}
+	return o.NickName, true
+}
+
+// HasNickName returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasNickName() bool {
+	if o != nil && o.NickName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNickName gets a reference to the given UserSchemaAttribute and assigns it to the NickName field.
+func (o *UserSchemaBaseProperties) SetNickName(v UserSchemaAttribute) {
+	o.NickName = &v
+}
+
+// GetOrganization returns the Organization field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetOrganization() UserSchemaAttribute {
+	if o == nil || o.Organization == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Organization
+}
+
+// GetOrganizationOk returns a tuple with the Organization field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetOrganizationOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Organization == nil {
+		return nil, false
+	}
+	return o.Organization, true
+}
+
+// HasOrganization returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasOrganization() bool {
+	if o != nil && o.Organization != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOrganization gets a reference to the given UserSchemaAttribute and assigns it to the Organization field.
+func (o *UserSchemaBaseProperties) SetOrganization(v UserSchemaAttribute) {
+	o.Organization = &v
+}
+
+// GetPostalAddress returns the PostalAddress field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetPostalAddress() UserSchemaAttribute {
+	if o == nil || o.PostalAddress == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.PostalAddress
+}
+
+// GetPostalAddressOk returns a tuple with the PostalAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetPostalAddressOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.PostalAddress == nil {
+		return nil, false
+	}
+	return o.PostalAddress, true
+}
+
+// HasPostalAddress returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasPostalAddress() bool {
+	if o != nil && o.PostalAddress != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPostalAddress gets a reference to the given UserSchemaAttribute and assigns it to the PostalAddress field.
+func (o *UserSchemaBaseProperties) SetPostalAddress(v UserSchemaAttribute) {
+	o.PostalAddress = &v
+}
+
+// GetPreferredLanguage returns the PreferredLanguage field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetPreferredLanguage() UserSchemaAttribute {
+	if o == nil || o.PreferredLanguage == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.PreferredLanguage
+}
+
+// GetPreferredLanguageOk returns a tuple with the PreferredLanguage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetPreferredLanguageOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.PreferredLanguage == nil {
+		return nil, false
+	}
+	return o.PreferredLanguage, true
+}
+
+// HasPreferredLanguage returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasPreferredLanguage() bool {
+	if o != nil && o.PreferredLanguage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPreferredLanguage gets a reference to the given UserSchemaAttribute and assigns it to the PreferredLanguage field.
+func (o *UserSchemaBaseProperties) SetPreferredLanguage(v UserSchemaAttribute) {
+	o.PreferredLanguage = &v
+}
+
+// GetPrimaryPhone returns the PrimaryPhone field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetPrimaryPhone() UserSchemaAttribute {
+	if o == nil || o.PrimaryPhone == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.PrimaryPhone
+}
+
+// GetPrimaryPhoneOk returns a tuple with the PrimaryPhone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetPrimaryPhoneOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.PrimaryPhone == nil {
+		return nil, false
+	}
+	return o.PrimaryPhone, true
+}
+
+// HasPrimaryPhone returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasPrimaryPhone() bool {
+	if o != nil && o.PrimaryPhone != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPrimaryPhone gets a reference to the given UserSchemaAttribute and assigns it to the PrimaryPhone field.
+func (o *UserSchemaBaseProperties) SetPrimaryPhone(v UserSchemaAttribute) {
+	o.PrimaryPhone = &v
+}
+
+// GetProfileUrl returns the ProfileUrl field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetProfileUrl() UserSchemaAttribute {
+	if o == nil || o.ProfileUrl == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.ProfileUrl
+}
+
+// GetProfileUrlOk returns a tuple with the ProfileUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetProfileUrlOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.ProfileUrl == nil {
+		return nil, false
+	}
+	return o.ProfileUrl, true
+}
+
+// HasProfileUrl returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasProfileUrl() bool {
+	if o != nil && o.ProfileUrl != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfileUrl gets a reference to the given UserSchemaAttribute and assigns it to the ProfileUrl field.
+func (o *UserSchemaBaseProperties) SetProfileUrl(v UserSchemaAttribute) {
+	o.ProfileUrl = &v
+}
+
+// GetSecondEmail returns the SecondEmail field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetSecondEmail() UserSchemaAttribute {
+	if o == nil || o.SecondEmail == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.SecondEmail
+}
+
+// GetSecondEmailOk returns a tuple with the SecondEmail field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetSecondEmailOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.SecondEmail == nil {
+		return nil, false
+	}
+	return o.SecondEmail, true
+}
+
+// HasSecondEmail returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasSecondEmail() bool {
+	if o != nil && o.SecondEmail != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSecondEmail gets a reference to the given UserSchemaAttribute and assigns it to the SecondEmail field.
+func (o *UserSchemaBaseProperties) SetSecondEmail(v UserSchemaAttribute) {
+	o.SecondEmail = &v
+}
+
+// GetState returns the State field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetState() UserSchemaAttribute {
+	if o == nil || o.State == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.State
+}
+
+// GetStateOk returns a tuple with the State field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetStateOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.State == nil {
+		return nil, false
+	}
+	return o.State, true
+}
+
+// HasState returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasState() bool {
+	if o != nil && o.State != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetState gets a reference to the given UserSchemaAttribute and assigns it to the State field.
+func (o *UserSchemaBaseProperties) SetState(v UserSchemaAttribute) {
+	o.State = &v
+}
+
+// GetStreetAddress returns the StreetAddress field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetStreetAddress() UserSchemaAttribute {
+	if o == nil || o.StreetAddress == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.StreetAddress
+}
+
+// GetStreetAddressOk returns a tuple with the StreetAddress field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetStreetAddressOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.StreetAddress == nil {
+		return nil, false
+	}
+	return o.StreetAddress, true
+}
+
+// HasStreetAddress returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasStreetAddress() bool {
+	if o != nil && o.StreetAddress != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStreetAddress gets a reference to the given UserSchemaAttribute and assigns it to the StreetAddress field.
+func (o *UserSchemaBaseProperties) SetStreetAddress(v UserSchemaAttribute) {
+	o.StreetAddress = &v
+}
+
+// GetTimezone returns the Timezone field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetTimezone() UserSchemaAttribute {
+	if o == nil || o.Timezone == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Timezone
+}
+
+// GetTimezoneOk returns a tuple with the Timezone field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetTimezoneOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Timezone == nil {
+		return nil, false
+	}
+	return o.Timezone, true
+}
+
+// HasTimezone returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasTimezone() bool {
+	if o != nil && o.Timezone != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTimezone gets a reference to the given UserSchemaAttribute and assigns it to the Timezone field.
+func (o *UserSchemaBaseProperties) SetTimezone(v UserSchemaAttribute) {
+	o.Timezone = &v
+}
+
+// GetTitle returns the Title field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetTitle() UserSchemaAttribute {
+	if o == nil || o.Title == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.Title
+}
+
+// GetTitleOk returns a tuple with the Title field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetTitleOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.Title == nil {
+		return nil, false
+	}
+	return o.Title, true
+}
+
+// HasTitle returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasTitle() bool {
+	if o != nil && o.Title != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetTitle gets a reference to the given UserSchemaAttribute and assigns it to the Title field.
+func (o *UserSchemaBaseProperties) SetTitle(v UserSchemaAttribute) {
+	o.Title = &v
+}
+
+// GetUserType returns the UserType field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetUserType() UserSchemaAttribute {
+	if o == nil || o.UserType == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.UserType
+}
+
+// GetUserTypeOk returns a tuple with the UserType field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetUserTypeOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.UserType == nil {
+		return nil, false
+	}
+	return o.UserType, true
+}
+
+// HasUserType returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasUserType() bool {
+	if o != nil && o.UserType != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUserType gets a reference to the given UserSchemaAttribute and assigns it to the UserType field.
+func (o *UserSchemaBaseProperties) SetUserType(v UserSchemaAttribute) {
+	o.UserType = &v
+}
+
+// GetZipCode returns the ZipCode field value if set, zero value otherwise.
+func (o *UserSchemaBaseProperties) GetZipCode() UserSchemaAttribute {
+	if o == nil || o.ZipCode == nil {
+		var ret UserSchemaAttribute
+		return ret
+	}
+	return *o.ZipCode
+}
+
+// GetZipCodeOk returns a tuple with the ZipCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaBaseProperties) GetZipCodeOk() (*UserSchemaAttribute, bool) {
+	if o == nil || o.ZipCode == nil {
+		return nil, false
+	}
+	return o.ZipCode, true
+}
+
+// HasZipCode returns a boolean if a field has been set.
+func (o *UserSchemaBaseProperties) HasZipCode() bool {
+	if o != nil && o.ZipCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetZipCode gets a reference to the given UserSchemaAttribute and assigns it to the ZipCode field.
+func (o *UserSchemaBaseProperties) SetZipCode(v UserSchemaAttribute) {
+	o.ZipCode = &v
+}
+
+func (o UserSchemaBaseProperties) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.City != nil {
+		toSerialize["city"] = o.City
+	}
+	if o.CostCenter != nil {
+		toSerialize["costCenter"] = o.CostCenter
+	}
+	if o.CountryCode != nil {
+		toSerialize["countryCode"] = o.CountryCode
+	}
+	if o.Department != nil {
+		toSerialize["department"] = o.Department
+	}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Division != nil {
+		toSerialize["division"] = o.Division
+	}
+	if o.Email != nil {
+		toSerialize["email"] = o.Email
+	}
+	if o.EmployeeNumber != nil {
+		toSerialize["employeeNumber"] = o.EmployeeNumber
+	}
+	if o.FirstName != nil {
+		toSerialize["firstName"] = o.FirstName
+	}
+	if o.HonorificPrefix != nil {
+		toSerialize["honorificPrefix"] = o.HonorificPrefix
+	}
+	if o.HonorificSuffix != nil {
+		toSerialize["honorificSuffix"] = o.HonorificSuffix
+	}
+	if o.LastName != nil {
+		toSerialize["lastName"] = o.LastName
+	}
+	if o.Locale != nil {
+		toSerialize["locale"] = o.Locale
+	}
+	if o.Login != nil {
+		toSerialize["login"] = o.Login
+	}
+	if o.Manager != nil {
+		toSerialize["manager"] = o.Manager
+	}
+	if o.ManagerId != nil {
+		toSerialize["managerId"] = o.ManagerId
+	}
+	if o.MiddleName != nil {
+		toSerialize["middleName"] = o.MiddleName
+	}
+	if o.MobilePhone != nil {
+		toSerialize["mobilePhone"] = o.MobilePhone
+	}
+	if o.NickName != nil {
+		toSerialize["nickName"] = o.NickName
+	}
+	if o.Organization != nil {
+		toSerialize["organization"] = o.Organization
+	}
+	if o.PostalAddress != nil {
+		toSerialize["postalAddress"] = o.PostalAddress
+	}
+	if o.PreferredLanguage != nil {
+		toSerialize["preferredLanguage"] = o.PreferredLanguage
+	}
+	if o.PrimaryPhone != nil {
+		toSerialize["primaryPhone"] = o.PrimaryPhone
+	}
+	if o.ProfileUrl != nil {
+		toSerialize["profileUrl"] = o.ProfileUrl
+	}
+	if o.SecondEmail != nil {
+		toSerialize["secondEmail"] = o.SecondEmail
+	}
+	if o.State != nil {
+		toSerialize["state"] = o.State
+	}
+	if o.StreetAddress != nil {
+		toSerialize["streetAddress"] = o.StreetAddress
+	}
+	if o.Timezone != nil {
+		toSerialize["timezone"] = o.Timezone
+	}
+	if o.Title != nil {
+		toSerialize["title"] = o.Title
+	}
+	if o.UserType != nil {
+		toSerialize["userType"] = o.UserType
+	}
+	if o.ZipCode != nil {
+		toSerialize["zipCode"] = o.ZipCode
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaBaseProperties) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaBaseProperties := _UserSchemaBaseProperties{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaBaseProperties)
+	if err == nil {
+		*o = UserSchemaBaseProperties(varUserSchemaBaseProperties)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "city")
+		delete(additionalProperties, "costCenter")
+		delete(additionalProperties, "countryCode")
+		delete(additionalProperties, "department")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "division")
+		delete(additionalProperties, "email")
+		delete(additionalProperties, "employeeNumber")
+		delete(additionalProperties, "firstName")
+		delete(additionalProperties, "honorificPrefix")
+		delete(additionalProperties, "honorificSuffix")
+		delete(additionalProperties, "lastName")
+		delete(additionalProperties, "locale")
+		delete(additionalProperties, "login")
+		delete(additionalProperties, "manager")
+		delete(additionalProperties, "managerId")
+		delete(additionalProperties, "middleName")
+		delete(additionalProperties, "mobilePhone")
+		delete(additionalProperties, "nickName")
+		delete(additionalProperties, "organization")
+		delete(additionalProperties, "postalAddress")
+		delete(additionalProperties, "preferredLanguage")
+		delete(additionalProperties, "primaryPhone")
+		delete(additionalProperties, "profileUrl")
+		delete(additionalProperties, "secondEmail")
+		delete(additionalProperties, "state")
+		delete(additionalProperties, "streetAddress")
+		delete(additionalProperties, "timezone")
+		delete(additionalProperties, "title")
+		delete(additionalProperties, "userType")
+		delete(additionalProperties, "zipCode")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaBaseProperties struct {
+	value *UserSchemaBaseProperties
+	isSet bool
+}
+
+func (v NullableUserSchemaBaseProperties) Get() *UserSchemaBaseProperties {
+	return v.value
+}
+
+func (v *NullableUserSchemaBaseProperties) Set(val *UserSchemaBaseProperties) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaBaseProperties) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaBaseProperties) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaBaseProperties(val *UserSchemaBaseProperties) *NullableUserSchemaBaseProperties {
+	return &NullableUserSchemaBaseProperties{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaBaseProperties) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaBaseProperties) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_definitions.go b/okta/model_user_schema_definitions.go
new file mode 100644
index 000000000..5d0bccb24
--- /dev/null
+++ b/okta/model_user_schema_definitions.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaDefinitions struct for UserSchemaDefinitions
+type UserSchemaDefinitions struct {
+	Base                 *UserSchemaBase   `json:"base,omitempty"`
+	Custom               *UserSchemaPublic `json:"custom,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaDefinitions UserSchemaDefinitions
+
+// NewUserSchemaDefinitions instantiates a new UserSchemaDefinitions object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaDefinitions() *UserSchemaDefinitions {
+	this := UserSchemaDefinitions{}
+	return &this
+}
+
+// NewUserSchemaDefinitionsWithDefaults instantiates a new UserSchemaDefinitions object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaDefinitionsWithDefaults() *UserSchemaDefinitions {
+	this := UserSchemaDefinitions{}
+	return &this
+}
+
+// GetBase returns the Base field value if set, zero value otherwise.
+func (o *UserSchemaDefinitions) GetBase() UserSchemaBase {
+	if o == nil || o.Base == nil {
+		var ret UserSchemaBase
+		return ret
+	}
+	return *o.Base
+}
+
+// GetBaseOk returns a tuple with the Base field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaDefinitions) GetBaseOk() (*UserSchemaBase, bool) {
+	if o == nil || o.Base == nil {
+		return nil, false
+	}
+	return o.Base, true
+}
+
+// HasBase returns a boolean if a field has been set.
+func (o *UserSchemaDefinitions) HasBase() bool {
+	if o != nil && o.Base != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBase gets a reference to the given UserSchemaBase and assigns it to the Base field.
+func (o *UserSchemaDefinitions) SetBase(v UserSchemaBase) {
+	o.Base = &v
+}
+
+// GetCustom returns the Custom field value if set, zero value otherwise.
+func (o *UserSchemaDefinitions) GetCustom() UserSchemaPublic {
+	if o == nil || o.Custom == nil {
+		var ret UserSchemaPublic
+		return ret
+	}
+	return *o.Custom
+}
+
+// GetCustomOk returns a tuple with the Custom field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaDefinitions) GetCustomOk() (*UserSchemaPublic, bool) {
+	if o == nil || o.Custom == nil {
+		return nil, false
+	}
+	return o.Custom, true
+}
+
+// HasCustom returns a boolean if a field has been set.
+func (o *UserSchemaDefinitions) HasCustom() bool {
+	if o != nil && o.Custom != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCustom gets a reference to the given UserSchemaPublic and assigns it to the Custom field.
+func (o *UserSchemaDefinitions) SetCustom(v UserSchemaPublic) {
+	o.Custom = &v
+}
+
+func (o UserSchemaDefinitions) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Base != nil {
+		toSerialize["base"] = o.Base
+	}
+	if o.Custom != nil {
+		toSerialize["custom"] = o.Custom
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaDefinitions) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaDefinitions := _UserSchemaDefinitions{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaDefinitions)
+	if err == nil {
+		*o = UserSchemaDefinitions(varUserSchemaDefinitions)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "base")
+		delete(additionalProperties, "custom")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaDefinitions struct {
+	value *UserSchemaDefinitions
+	isSet bool
+}
+
+func (v NullableUserSchemaDefinitions) Get() *UserSchemaDefinitions {
+	return v.value
+}
+
+func (v *NullableUserSchemaDefinitions) Set(val *UserSchemaDefinitions) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaDefinitions) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaDefinitions) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaDefinitions(val *UserSchemaDefinitions) *NullableUserSchemaDefinitions {
+	return &NullableUserSchemaDefinitions{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaDefinitions) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaDefinitions) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_properties.go b/okta/model_user_schema_properties.go
new file mode 100644
index 000000000..73d802e69
--- /dev/null
+++ b/okta/model_user_schema_properties.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaProperties struct for UserSchemaProperties
+type UserSchemaProperties struct {
+	Profile              *UserSchemaPropertiesProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaProperties UserSchemaProperties
+
+// NewUserSchemaProperties instantiates a new UserSchemaProperties object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaProperties() *UserSchemaProperties {
+	this := UserSchemaProperties{}
+	return &this
+}
+
+// NewUserSchemaPropertiesWithDefaults instantiates a new UserSchemaProperties object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaPropertiesWithDefaults() *UserSchemaProperties {
+	this := UserSchemaProperties{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *UserSchemaProperties) GetProfile() UserSchemaPropertiesProfile {
+	if o == nil || o.Profile == nil {
+		var ret UserSchemaPropertiesProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaProperties) GetProfileOk() (*UserSchemaPropertiesProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *UserSchemaProperties) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given UserSchemaPropertiesProfile and assigns it to the Profile field.
+func (o *UserSchemaProperties) SetProfile(v UserSchemaPropertiesProfile) {
+	o.Profile = &v
+}
+
+func (o UserSchemaProperties) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaProperties) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaProperties := _UserSchemaProperties{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaProperties)
+	if err == nil {
+		*o = UserSchemaProperties(varUserSchemaProperties)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaProperties struct {
+	value *UserSchemaProperties
+	isSet bool
+}
+
+func (v NullableUserSchemaProperties) Get() *UserSchemaProperties {
+	return v.value
+}
+
+func (v *NullableUserSchemaProperties) Set(val *UserSchemaProperties) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaProperties) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaProperties) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaProperties(val *UserSchemaProperties) *NullableUserSchemaProperties {
+	return &NullableUserSchemaProperties{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaProperties) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaProperties) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_properties_profile.go b/okta/model_user_schema_properties_profile.go
new file mode 100644
index 000000000..4d5d5822b
--- /dev/null
+++ b/okta/model_user_schema_properties_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaPropertiesProfile struct for UserSchemaPropertiesProfile
+type UserSchemaPropertiesProfile struct {
+	AllOf                []UserSchemaPropertiesProfileItem `json:"allOf,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaPropertiesProfile UserSchemaPropertiesProfile
+
+// NewUserSchemaPropertiesProfile instantiates a new UserSchemaPropertiesProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaPropertiesProfile() *UserSchemaPropertiesProfile {
+	this := UserSchemaPropertiesProfile{}
+	return &this
+}
+
+// NewUserSchemaPropertiesProfileWithDefaults instantiates a new UserSchemaPropertiesProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaPropertiesProfileWithDefaults() *UserSchemaPropertiesProfile {
+	this := UserSchemaPropertiesProfile{}
+	return &this
+}
+
+// GetAllOf returns the AllOf field value if set, zero value otherwise.
+func (o *UserSchemaPropertiesProfile) GetAllOf() []UserSchemaPropertiesProfileItem {
+	if o == nil || o.AllOf == nil {
+		var ret []UserSchemaPropertiesProfileItem
+		return ret
+	}
+	return o.AllOf
+}
+
+// GetAllOfOk returns a tuple with the AllOf field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaPropertiesProfile) GetAllOfOk() ([]UserSchemaPropertiesProfileItem, bool) {
+	if o == nil || o.AllOf == nil {
+		return nil, false
+	}
+	return o.AllOf, true
+}
+
+// HasAllOf returns a boolean if a field has been set.
+func (o *UserSchemaPropertiesProfile) HasAllOf() bool {
+	if o != nil && o.AllOf != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAllOf gets a reference to the given []UserSchemaPropertiesProfileItem and assigns it to the AllOf field.
+func (o *UserSchemaPropertiesProfile) SetAllOf(v []UserSchemaPropertiesProfileItem) {
+	o.AllOf = v
+}
+
+func (o UserSchemaPropertiesProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AllOf != nil {
+		toSerialize["allOf"] = o.AllOf
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaPropertiesProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaPropertiesProfile := _UserSchemaPropertiesProfile{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaPropertiesProfile)
+	if err == nil {
+		*o = UserSchemaPropertiesProfile(varUserSchemaPropertiesProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "allOf")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaPropertiesProfile struct {
+	value *UserSchemaPropertiesProfile
+	isSet bool
+}
+
+func (v NullableUserSchemaPropertiesProfile) Get() *UserSchemaPropertiesProfile {
+	return v.value
+}
+
+func (v *NullableUserSchemaPropertiesProfile) Set(val *UserSchemaPropertiesProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaPropertiesProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaPropertiesProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaPropertiesProfile(val *UserSchemaPropertiesProfile) *NullableUserSchemaPropertiesProfile {
+	return &NullableUserSchemaPropertiesProfile{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaPropertiesProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaPropertiesProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_properties_profile_item.go b/okta/model_user_schema_properties_profile_item.go
new file mode 100644
index 000000000..e14496efc
--- /dev/null
+++ b/okta/model_user_schema_properties_profile_item.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaPropertiesProfileItem struct for UserSchemaPropertiesProfileItem
+type UserSchemaPropertiesProfileItem struct {
+	Ref                  *string `json:"$ref,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaPropertiesProfileItem UserSchemaPropertiesProfileItem
+
+// NewUserSchemaPropertiesProfileItem instantiates a new UserSchemaPropertiesProfileItem object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaPropertiesProfileItem() *UserSchemaPropertiesProfileItem {
+	this := UserSchemaPropertiesProfileItem{}
+	return &this
+}
+
+// NewUserSchemaPropertiesProfileItemWithDefaults instantiates a new UserSchemaPropertiesProfileItem object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaPropertiesProfileItemWithDefaults() *UserSchemaPropertiesProfileItem {
+	this := UserSchemaPropertiesProfileItem{}
+	return &this
+}
+
+// GetRef returns the Ref field value if set, zero value otherwise.
+func (o *UserSchemaPropertiesProfileItem) GetRef() string {
+	if o == nil || o.Ref == nil {
+		var ret string
+		return ret
+	}
+	return *o.Ref
+}
+
+// GetRefOk returns a tuple with the Ref field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaPropertiesProfileItem) GetRefOk() (*string, bool) {
+	if o == nil || o.Ref == nil {
+		return nil, false
+	}
+	return o.Ref, true
+}
+
+// HasRef returns a boolean if a field has been set.
+func (o *UserSchemaPropertiesProfileItem) HasRef() bool {
+	if o != nil && o.Ref != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRef gets a reference to the given string and assigns it to the Ref field.
+func (o *UserSchemaPropertiesProfileItem) SetRef(v string) {
+	o.Ref = &v
+}
+
+func (o UserSchemaPropertiesProfileItem) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Ref != nil {
+		toSerialize["$ref"] = o.Ref
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaPropertiesProfileItem) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaPropertiesProfileItem := _UserSchemaPropertiesProfileItem{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaPropertiesProfileItem)
+	if err == nil {
+		*o = UserSchemaPropertiesProfileItem(varUserSchemaPropertiesProfileItem)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "$ref")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaPropertiesProfileItem struct {
+	value *UserSchemaPropertiesProfileItem
+	isSet bool
+}
+
+func (v NullableUserSchemaPropertiesProfileItem) Get() *UserSchemaPropertiesProfileItem {
+	return v.value
+}
+
+func (v *NullableUserSchemaPropertiesProfileItem) Set(val *UserSchemaPropertiesProfileItem) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaPropertiesProfileItem) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaPropertiesProfileItem) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaPropertiesProfileItem(val *UserSchemaPropertiesProfileItem) *NullableUserSchemaPropertiesProfileItem {
+	return &NullableUserSchemaPropertiesProfileItem{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaPropertiesProfileItem) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaPropertiesProfileItem) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_schema_public.go b/okta/model_user_schema_public.go
new file mode 100644
index 000000000..0e985dd0c
--- /dev/null
+++ b/okta/model_user_schema_public.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserSchemaPublic struct for UserSchemaPublic
+type UserSchemaPublic struct {
+	Id                   *string                         `json:"id,omitempty"`
+	Properties           *map[string]UserSchemaAttribute `json:"properties,omitempty"`
+	Required             []string                        `json:"required,omitempty"`
+	Type                 *string                         `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserSchemaPublic UserSchemaPublic
+
+// NewUserSchemaPublic instantiates a new UserSchemaPublic object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserSchemaPublic() *UserSchemaPublic {
+	this := UserSchemaPublic{}
+	return &this
+}
+
+// NewUserSchemaPublicWithDefaults instantiates a new UserSchemaPublic object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserSchemaPublicWithDefaults() *UserSchemaPublic {
+	this := UserSchemaPublic{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *UserSchemaPublic) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaPublic) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *UserSchemaPublic) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *UserSchemaPublic) SetId(v string) {
+	o.Id = &v
+}
+
+// GetProperties returns the Properties field value if set, zero value otherwise.
+func (o *UserSchemaPublic) GetProperties() map[string]UserSchemaAttribute {
+	if o == nil || o.Properties == nil {
+		var ret map[string]UserSchemaAttribute
+		return ret
+	}
+	return *o.Properties
+}
+
+// GetPropertiesOk returns a tuple with the Properties field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaPublic) GetPropertiesOk() (*map[string]UserSchemaAttribute, bool) {
+	if o == nil || o.Properties == nil {
+		return nil, false
+	}
+	return o.Properties, true
+}
+
+// HasProperties returns a boolean if a field has been set.
+func (o *UserSchemaPublic) HasProperties() bool {
+	if o != nil && o.Properties != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProperties gets a reference to the given map[string]UserSchemaAttribute and assigns it to the Properties field.
+func (o *UserSchemaPublic) SetProperties(v map[string]UserSchemaAttribute) {
+	o.Properties = &v
+}
+
+// GetRequired returns the Required field value if set, zero value otherwise.
+func (o *UserSchemaPublic) GetRequired() []string {
+	if o == nil || o.Required == nil {
+		var ret []string
+		return ret
+	}
+	return o.Required
+}
+
+// GetRequiredOk returns a tuple with the Required field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaPublic) GetRequiredOk() ([]string, bool) {
+	if o == nil || o.Required == nil {
+		return nil, false
+	}
+	return o.Required, true
+}
+
+// HasRequired returns a boolean if a field has been set.
+func (o *UserSchemaPublic) HasRequired() bool {
+	if o != nil && o.Required != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRequired gets a reference to the given []string and assigns it to the Required field.
+func (o *UserSchemaPublic) SetRequired(v []string) {
+	o.Required = v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *UserSchemaPublic) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserSchemaPublic) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *UserSchemaPublic) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *UserSchemaPublic) SetType(v string) {
+	o.Type = &v
+}
+
+func (o UserSchemaPublic) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Properties != nil {
+		toSerialize["properties"] = o.Properties
+	}
+	if o.Required != nil {
+		toSerialize["required"] = o.Required
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserSchemaPublic) UnmarshalJSON(bytes []byte) (err error) {
+	varUserSchemaPublic := _UserSchemaPublic{}
+
+	err = json.Unmarshal(bytes, &varUserSchemaPublic)
+	if err == nil {
+		*o = UserSchemaPublic(varUserSchemaPublic)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "properties")
+		delete(additionalProperties, "required")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserSchemaPublic struct {
+	value *UserSchemaPublic
+	isSet bool
+}
+
+func (v NullableUserSchemaPublic) Get() *UserSchemaPublic {
+	return v.value
+}
+
+func (v *NullableUserSchemaPublic) Set(val *UserSchemaPublic) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserSchemaPublic) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserSchemaPublic) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserSchemaPublic(val *UserSchemaPublic) *NullableUserSchemaPublic {
+	return &NullableUserSchemaPublic{value: val, isSet: true}
+}
+
+func (v NullableUserSchemaPublic) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserSchemaPublic) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_status.go b/okta/model_user_status.go
new file mode 100644
index 000000000..1cd3cbfaf
--- /dev/null
+++ b/okta/model_user_status.go
@@ -0,0 +1,136 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserStatus the model 'UserStatus'
+type UserStatus string
+
+// List of UserStatus
+const (
+	USERSTATUS_ACTIVE           UserStatus = "ACTIVE"
+	USERSTATUS_DEPROVISIONED    UserStatus = "DEPROVISIONED"
+	USERSTATUS_LOCKED_OUT       UserStatus = "LOCKED_OUT"
+	USERSTATUS_PASSWORD_EXPIRED UserStatus = "PASSWORD_EXPIRED"
+	USERSTATUS_PROVISIONED      UserStatus = "PROVISIONED"
+	USERSTATUS_RECOVERY         UserStatus = "RECOVERY"
+	USERSTATUS_STAGED           UserStatus = "STAGED"
+	USERSTATUS_SUSPENDED        UserStatus = "SUSPENDED"
+)
+
+// All allowed values of UserStatus enum
+var AllowedUserStatusEnumValues = []UserStatus{
+	"ACTIVE",
+	"DEPROVISIONED",
+	"LOCKED_OUT",
+	"PASSWORD_EXPIRED",
+	"PROVISIONED",
+	"RECOVERY",
+	"STAGED",
+	"SUSPENDED",
+}
+
+func (v *UserStatus) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserStatus(value)
+	for _, existing := range AllowedUserStatusEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserStatus", value)
+}
+
+// NewUserStatusFromValue returns a pointer to a valid UserStatus
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserStatusFromValue(v string) (*UserStatus, error) {
+	ev := UserStatus(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserStatus: valid values are %v", v, AllowedUserStatusEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserStatus) IsValid() bool {
+	for _, existing := range AllowedUserStatusEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserStatus value
+func (v UserStatus) Ptr() *UserStatus {
+	return &v
+}
+
+type NullableUserStatus struct {
+	value *UserStatus
+	isSet bool
+}
+
+func (v NullableUserStatus) Get() *UserStatus {
+	return v.value
+}
+
+func (v *NullableUserStatus) Set(val *UserStatus) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserStatus) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserStatus) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserStatus(val *UserStatus) *NullableUserStatus {
+	return &NullableUserStatus{value: val, isSet: true}
+}
+
+func (v NullableUserStatus) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserStatus) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_status_policy_rule_condition.go b/okta/model_user_status_policy_rule_condition.go
new file mode 100644
index 000000000..764158055
--- /dev/null
+++ b/okta/model_user_status_policy_rule_condition.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserStatusPolicyRuleCondition struct for UserStatusPolicyRuleCondition
+type UserStatusPolicyRuleCondition struct {
+	Value                *PolicyUserStatus `json:"value,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserStatusPolicyRuleCondition UserStatusPolicyRuleCondition
+
+// NewUserStatusPolicyRuleCondition instantiates a new UserStatusPolicyRuleCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserStatusPolicyRuleCondition() *UserStatusPolicyRuleCondition {
+	this := UserStatusPolicyRuleCondition{}
+	return &this
+}
+
+// NewUserStatusPolicyRuleConditionWithDefaults instantiates a new UserStatusPolicyRuleCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserStatusPolicyRuleConditionWithDefaults() *UserStatusPolicyRuleCondition {
+	this := UserStatusPolicyRuleCondition{}
+	return &this
+}
+
+// GetValue returns the Value field value if set, zero value otherwise.
+func (o *UserStatusPolicyRuleCondition) GetValue() PolicyUserStatus {
+	if o == nil || o.Value == nil {
+		var ret PolicyUserStatus
+		return ret
+	}
+	return *o.Value
+}
+
+// GetValueOk returns a tuple with the Value field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserStatusPolicyRuleCondition) GetValueOk() (*PolicyUserStatus, bool) {
+	if o == nil || o.Value == nil {
+		return nil, false
+	}
+	return o.Value, true
+}
+
+// HasValue returns a boolean if a field has been set.
+func (o *UserStatusPolicyRuleCondition) HasValue() bool {
+	if o != nil && o.Value != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetValue gets a reference to the given PolicyUserStatus and assigns it to the Value field.
+func (o *UserStatusPolicyRuleCondition) SetValue(v PolicyUserStatus) {
+	o.Value = &v
+}
+
+func (o UserStatusPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Value != nil {
+		toSerialize["value"] = o.Value
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserStatusPolicyRuleCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varUserStatusPolicyRuleCondition := _UserStatusPolicyRuleCondition{}
+
+	err = json.Unmarshal(bytes, &varUserStatusPolicyRuleCondition)
+	if err == nil {
+		*o = UserStatusPolicyRuleCondition(varUserStatusPolicyRuleCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "value")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserStatusPolicyRuleCondition struct {
+	value *UserStatusPolicyRuleCondition
+	isSet bool
+}
+
+func (v NullableUserStatusPolicyRuleCondition) Get() *UserStatusPolicyRuleCondition {
+	return v.value
+}
+
+func (v *NullableUserStatusPolicyRuleCondition) Set(val *UserStatusPolicyRuleCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserStatusPolicyRuleCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserStatusPolicyRuleCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserStatusPolicyRuleCondition(val *UserStatusPolicyRuleCondition) *NullableUserStatusPolicyRuleCondition {
+	return &NullableUserStatusPolicyRuleCondition{value: val, isSet: true}
+}
+
+func (v NullableUserStatusPolicyRuleCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserStatusPolicyRuleCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_type.go b/okta/model_user_type.go
new file mode 100644
index 000000000..09dde9305
--- /dev/null
+++ b/okta/model_user_type.go
@@ -0,0 +1,492 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// UserType struct for UserType
+type UserType struct {
+	Created              *time.Time                        `json:"created,omitempty"`
+	CreatedBy            *string                           `json:"createdBy,omitempty"`
+	Default              *bool                             `json:"default,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	DisplayName          *string                           `json:"displayName,omitempty"`
+	Id                   *string                           `json:"id,omitempty"`
+	LastUpdated          *time.Time                        `json:"lastUpdated,omitempty"`
+	LastUpdatedBy        *string                           `json:"lastUpdatedBy,omitempty"`
+	Name                 *string                           `json:"name,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserType UserType
+
+// NewUserType instantiates a new UserType object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserType() *UserType {
+	this := UserType{}
+	return &this
+}
+
+// NewUserTypeWithDefaults instantiates a new UserType object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserTypeWithDefaults() *UserType {
+	this := UserType{}
+	return &this
+}
+
+// GetCreated returns the Created field value if set, zero value otherwise.
+func (o *UserType) GetCreated() time.Time {
+	if o == nil || o.Created == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.Created
+}
+
+// GetCreatedOk returns a tuple with the Created field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetCreatedOk() (*time.Time, bool) {
+	if o == nil || o.Created == nil {
+		return nil, false
+	}
+	return o.Created, true
+}
+
+// HasCreated returns a boolean if a field has been set.
+func (o *UserType) HasCreated() bool {
+	if o != nil && o.Created != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreated gets a reference to the given time.Time and assigns it to the Created field.
+func (o *UserType) SetCreated(v time.Time) {
+	o.Created = &v
+}
+
+// GetCreatedBy returns the CreatedBy field value if set, zero value otherwise.
+func (o *UserType) GetCreatedBy() string {
+	if o == nil || o.CreatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.CreatedBy
+}
+
+// GetCreatedByOk returns a tuple with the CreatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetCreatedByOk() (*string, bool) {
+	if o == nil || o.CreatedBy == nil {
+		return nil, false
+	}
+	return o.CreatedBy, true
+}
+
+// HasCreatedBy returns a boolean if a field has been set.
+func (o *UserType) HasCreatedBy() bool {
+	if o != nil && o.CreatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCreatedBy gets a reference to the given string and assigns it to the CreatedBy field.
+func (o *UserType) SetCreatedBy(v string) {
+	o.CreatedBy = &v
+}
+
+// GetDefault returns the Default field value if set, zero value otherwise.
+func (o *UserType) GetDefault() bool {
+	if o == nil || o.Default == nil {
+		var ret bool
+		return ret
+	}
+	return *o.Default
+}
+
+// GetDefaultOk returns a tuple with the Default field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetDefaultOk() (*bool, bool) {
+	if o == nil || o.Default == nil {
+		return nil, false
+	}
+	return o.Default, true
+}
+
+// HasDefault returns a boolean if a field has been set.
+func (o *UserType) HasDefault() bool {
+	if o != nil && o.Default != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDefault gets a reference to the given bool and assigns it to the Default field.
+func (o *UserType) SetDefault(v bool) {
+	o.Default = &v
+}
+
+// GetDescription returns the Description field value if set, zero value otherwise.
+func (o *UserType) GetDescription() string {
+	if o == nil || o.Description == nil {
+		var ret string
+		return ret
+	}
+	return *o.Description
+}
+
+// GetDescriptionOk returns a tuple with the Description field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetDescriptionOk() (*string, bool) {
+	if o == nil || o.Description == nil {
+		return nil, false
+	}
+	return o.Description, true
+}
+
+// HasDescription returns a boolean if a field has been set.
+func (o *UserType) HasDescription() bool {
+	if o != nil && o.Description != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDescription gets a reference to the given string and assigns it to the Description field.
+func (o *UserType) SetDescription(v string) {
+	o.Description = &v
+}
+
+// GetDisplayName returns the DisplayName field value if set, zero value otherwise.
+func (o *UserType) GetDisplayName() string {
+	if o == nil || o.DisplayName == nil {
+		var ret string
+		return ret
+	}
+	return *o.DisplayName
+}
+
+// GetDisplayNameOk returns a tuple with the DisplayName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetDisplayNameOk() (*string, bool) {
+	if o == nil || o.DisplayName == nil {
+		return nil, false
+	}
+	return o.DisplayName, true
+}
+
+// HasDisplayName returns a boolean if a field has been set.
+func (o *UserType) HasDisplayName() bool {
+	if o != nil && o.DisplayName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetDisplayName gets a reference to the given string and assigns it to the DisplayName field.
+func (o *UserType) SetDisplayName(v string) {
+	o.DisplayName = &v
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *UserType) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *UserType) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *UserType) SetId(v string) {
+	o.Id = &v
+}
+
+// GetLastUpdated returns the LastUpdated field value if set, zero value otherwise.
+func (o *UserType) GetLastUpdated() time.Time {
+	if o == nil || o.LastUpdated == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.LastUpdated
+}
+
+// GetLastUpdatedOk returns a tuple with the LastUpdated field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetLastUpdatedOk() (*time.Time, bool) {
+	if o == nil || o.LastUpdated == nil {
+		return nil, false
+	}
+	return o.LastUpdated, true
+}
+
+// HasLastUpdated returns a boolean if a field has been set.
+func (o *UserType) HasLastUpdated() bool {
+	if o != nil && o.LastUpdated != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdated gets a reference to the given time.Time and assigns it to the LastUpdated field.
+func (o *UserType) SetLastUpdated(v time.Time) {
+	o.LastUpdated = &v
+}
+
+// GetLastUpdatedBy returns the LastUpdatedBy field value if set, zero value otherwise.
+func (o *UserType) GetLastUpdatedBy() string {
+	if o == nil || o.LastUpdatedBy == nil {
+		var ret string
+		return ret
+	}
+	return *o.LastUpdatedBy
+}
+
+// GetLastUpdatedByOk returns a tuple with the LastUpdatedBy field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetLastUpdatedByOk() (*string, bool) {
+	if o == nil || o.LastUpdatedBy == nil {
+		return nil, false
+	}
+	return o.LastUpdatedBy, true
+}
+
+// HasLastUpdatedBy returns a boolean if a field has been set.
+func (o *UserType) HasLastUpdatedBy() bool {
+	if o != nil && o.LastUpdatedBy != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLastUpdatedBy gets a reference to the given string and assigns it to the LastUpdatedBy field.
+func (o *UserType) SetLastUpdatedBy(v string) {
+	o.LastUpdatedBy = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *UserType) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *UserType) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *UserType) SetName(v string) {
+	o.Name = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *UserType) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserType) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *UserType) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *UserType) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o UserType) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Created != nil {
+		toSerialize["created"] = o.Created
+	}
+	if o.CreatedBy != nil {
+		toSerialize["createdBy"] = o.CreatedBy
+	}
+	if o.Default != nil {
+		toSerialize["default"] = o.Default
+	}
+	if o.Description != nil {
+		toSerialize["description"] = o.Description
+	}
+	if o.DisplayName != nil {
+		toSerialize["displayName"] = o.DisplayName
+	}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.LastUpdated != nil {
+		toSerialize["lastUpdated"] = o.LastUpdated
+	}
+	if o.LastUpdatedBy != nil {
+		toSerialize["lastUpdatedBy"] = o.LastUpdatedBy
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserType) UnmarshalJSON(bytes []byte) (err error) {
+	varUserType := _UserType{}
+
+	err = json.Unmarshal(bytes, &varUserType)
+	if err == nil {
+		*o = UserType(varUserType)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "created")
+		delete(additionalProperties, "createdBy")
+		delete(additionalProperties, "default")
+		delete(additionalProperties, "description")
+		delete(additionalProperties, "displayName")
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "lastUpdated")
+		delete(additionalProperties, "lastUpdatedBy")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserType struct {
+	value *UserType
+	isSet bool
+}
+
+func (v NullableUserType) Get() *UserType {
+	return v.value
+}
+
+func (v *NullableUserType) Set(val *UserType) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserType) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserType) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserType(val *UserType) *NullableUserType {
+	return &NullableUserType{value: val, isSet: true}
+}
+
+func (v NullableUserType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserType) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_type_condition.go b/okta/model_user_type_condition.go
new file mode 100644
index 000000000..b320caf6a
--- /dev/null
+++ b/okta/model_user_type_condition.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// UserTypeCondition struct for UserTypeCondition
+type UserTypeCondition struct {
+	Exclude              []string `json:"exclude,omitempty"`
+	Include              []string `json:"include,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _UserTypeCondition UserTypeCondition
+
+// NewUserTypeCondition instantiates a new UserTypeCondition object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewUserTypeCondition() *UserTypeCondition {
+	this := UserTypeCondition{}
+	return &this
+}
+
+// NewUserTypeConditionWithDefaults instantiates a new UserTypeCondition object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewUserTypeConditionWithDefaults() *UserTypeCondition {
+	this := UserTypeCondition{}
+	return &this
+}
+
+// GetExclude returns the Exclude field value if set, zero value otherwise.
+func (o *UserTypeCondition) GetExclude() []string {
+	if o == nil || o.Exclude == nil {
+		var ret []string
+		return ret
+	}
+	return o.Exclude
+}
+
+// GetExcludeOk returns a tuple with the Exclude field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserTypeCondition) GetExcludeOk() ([]string, bool) {
+	if o == nil || o.Exclude == nil {
+		return nil, false
+	}
+	return o.Exclude, true
+}
+
+// HasExclude returns a boolean if a field has been set.
+func (o *UserTypeCondition) HasExclude() bool {
+	if o != nil && o.Exclude != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExclude gets a reference to the given []string and assigns it to the Exclude field.
+func (o *UserTypeCondition) SetExclude(v []string) {
+	o.Exclude = v
+}
+
+// GetInclude returns the Include field value if set, zero value otherwise.
+func (o *UserTypeCondition) GetInclude() []string {
+	if o == nil || o.Include == nil {
+		var ret []string
+		return ret
+	}
+	return o.Include
+}
+
+// GetIncludeOk returns a tuple with the Include field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *UserTypeCondition) GetIncludeOk() ([]string, bool) {
+	if o == nil || o.Include == nil {
+		return nil, false
+	}
+	return o.Include, true
+}
+
+// HasInclude returns a boolean if a field has been set.
+func (o *UserTypeCondition) HasInclude() bool {
+	if o != nil && o.Include != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInclude gets a reference to the given []string and assigns it to the Include field.
+func (o *UserTypeCondition) SetInclude(v []string) {
+	o.Include = v
+}
+
+func (o UserTypeCondition) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Exclude != nil {
+		toSerialize["exclude"] = o.Exclude
+	}
+	if o.Include != nil {
+		toSerialize["include"] = o.Include
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *UserTypeCondition) UnmarshalJSON(bytes []byte) (err error) {
+	varUserTypeCondition := _UserTypeCondition{}
+
+	err = json.Unmarshal(bytes, &varUserTypeCondition)
+	if err == nil {
+		*o = UserTypeCondition(varUserTypeCondition)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "exclude")
+		delete(additionalProperties, "include")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableUserTypeCondition struct {
+	value *UserTypeCondition
+	isSet bool
+}
+
+func (v NullableUserTypeCondition) Get() *UserTypeCondition {
+	return v.value
+}
+
+func (v *NullableUserTypeCondition) Set(val *UserTypeCondition) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserTypeCondition) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserTypeCondition) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserTypeCondition(val *UserTypeCondition) *NullableUserTypeCondition {
+	return &NullableUserTypeCondition{value: val, isSet: true}
+}
+
+func (v NullableUserTypeCondition) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserTypeCondition) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_user_verification_enum.go b/okta/model_user_verification_enum.go
new file mode 100644
index 000000000..13127d635
--- /dev/null
+++ b/okta/model_user_verification_enum.go
@@ -0,0 +1,124 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// UserVerificationEnum the model 'UserVerificationEnum'
+type UserVerificationEnum string
+
+// List of UserVerificationEnum
+const (
+	USERVERIFICATIONENUM_PREFERRED UserVerificationEnum = "PREFERRED"
+	USERVERIFICATIONENUM_REQUIRED  UserVerificationEnum = "REQUIRED"
+)
+
+// All allowed values of UserVerificationEnum enum
+var AllowedUserVerificationEnumEnumValues = []UserVerificationEnum{
+	"PREFERRED",
+	"REQUIRED",
+}
+
+func (v *UserVerificationEnum) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := UserVerificationEnum(value)
+	for _, existing := range AllowedUserVerificationEnumEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid UserVerificationEnum", value)
+}
+
+// NewUserVerificationEnumFromValue returns a pointer to a valid UserVerificationEnum
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewUserVerificationEnumFromValue(v string) (*UserVerificationEnum, error) {
+	ev := UserVerificationEnum(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for UserVerificationEnum: valid values are %v", v, AllowedUserVerificationEnumEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v UserVerificationEnum) IsValid() bool {
+	for _, existing := range AllowedUserVerificationEnumEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to UserVerificationEnum value
+func (v UserVerificationEnum) Ptr() *UserVerificationEnum {
+	return &v
+}
+
+type NullableUserVerificationEnum struct {
+	value *UserVerificationEnum
+	isSet bool
+}
+
+func (v NullableUserVerificationEnum) Get() *UserVerificationEnum {
+	return v.value
+}
+
+func (v *NullableUserVerificationEnum) Set(val *UserVerificationEnum) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableUserVerificationEnum) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableUserVerificationEnum) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableUserVerificationEnum(val *UserVerificationEnum) *NullableUserVerificationEnum {
+	return &NullableUserVerificationEnum{value: val, isSet: true}
+}
+
+func (v NullableUserVerificationEnum) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableUserVerificationEnum) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_verification_method.go b/okta/model_verification_method.go
new file mode 100644
index 000000000..a4b3c370b
--- /dev/null
+++ b/okta/model_verification_method.go
@@ -0,0 +1,269 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// VerificationMethod struct for VerificationMethod
+type VerificationMethod struct {
+	Constraints          []AccessPolicyConstraints `json:"constraints,omitempty"`
+	FactorMode           *string                   `json:"factorMode,omitempty"`
+	ReauthenticateIn     *string                   `json:"reauthenticateIn,omitempty"`
+	Type                 *string                   `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _VerificationMethod VerificationMethod
+
+// NewVerificationMethod instantiates a new VerificationMethod object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewVerificationMethod() *VerificationMethod {
+	this := VerificationMethod{}
+	return &this
+}
+
+// NewVerificationMethodWithDefaults instantiates a new VerificationMethod object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewVerificationMethodWithDefaults() *VerificationMethod {
+	this := VerificationMethod{}
+	return &this
+}
+
+// GetConstraints returns the Constraints field value if set, zero value otherwise.
+func (o *VerificationMethod) GetConstraints() []AccessPolicyConstraints {
+	if o == nil || o.Constraints == nil {
+		var ret []AccessPolicyConstraints
+		return ret
+	}
+	return o.Constraints
+}
+
+// GetConstraintsOk returns a tuple with the Constraints field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerificationMethod) GetConstraintsOk() ([]AccessPolicyConstraints, bool) {
+	if o == nil || o.Constraints == nil {
+		return nil, false
+	}
+	return o.Constraints, true
+}
+
+// HasConstraints returns a boolean if a field has been set.
+func (o *VerificationMethod) HasConstraints() bool {
+	if o != nil && o.Constraints != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetConstraints gets a reference to the given []AccessPolicyConstraints and assigns it to the Constraints field.
+func (o *VerificationMethod) SetConstraints(v []AccessPolicyConstraints) {
+	o.Constraints = v
+}
+
+// GetFactorMode returns the FactorMode field value if set, zero value otherwise.
+func (o *VerificationMethod) GetFactorMode() string {
+	if o == nil || o.FactorMode == nil {
+		var ret string
+		return ret
+	}
+	return *o.FactorMode
+}
+
+// GetFactorModeOk returns a tuple with the FactorMode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerificationMethod) GetFactorModeOk() (*string, bool) {
+	if o == nil || o.FactorMode == nil {
+		return nil, false
+	}
+	return o.FactorMode, true
+}
+
+// HasFactorMode returns a boolean if a field has been set.
+func (o *VerificationMethod) HasFactorMode() bool {
+	if o != nil && o.FactorMode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorMode gets a reference to the given string and assigns it to the FactorMode field.
+func (o *VerificationMethod) SetFactorMode(v string) {
+	o.FactorMode = &v
+}
+
+// GetReauthenticateIn returns the ReauthenticateIn field value if set, zero value otherwise.
+func (o *VerificationMethod) GetReauthenticateIn() string {
+	if o == nil || o.ReauthenticateIn == nil {
+		var ret string
+		return ret
+	}
+	return *o.ReauthenticateIn
+}
+
+// GetReauthenticateInOk returns a tuple with the ReauthenticateIn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerificationMethod) GetReauthenticateInOk() (*string, bool) {
+	if o == nil || o.ReauthenticateIn == nil {
+		return nil, false
+	}
+	return o.ReauthenticateIn, true
+}
+
+// HasReauthenticateIn returns a boolean if a field has been set.
+func (o *VerificationMethod) HasReauthenticateIn() bool {
+	if o != nil && o.ReauthenticateIn != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetReauthenticateIn gets a reference to the given string and assigns it to the ReauthenticateIn field.
+func (o *VerificationMethod) SetReauthenticateIn(v string) {
+	o.ReauthenticateIn = &v
+}
+
+// GetType returns the Type field value if set, zero value otherwise.
+func (o *VerificationMethod) GetType() string {
+	if o == nil || o.Type == nil {
+		var ret string
+		return ret
+	}
+	return *o.Type
+}
+
+// GetTypeOk returns a tuple with the Type field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerificationMethod) GetTypeOk() (*string, bool) {
+	if o == nil || o.Type == nil {
+		return nil, false
+	}
+	return o.Type, true
+}
+
+// HasType returns a boolean if a field has been set.
+func (o *VerificationMethod) HasType() bool {
+	if o != nil && o.Type != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetType gets a reference to the given string and assigns it to the Type field.
+func (o *VerificationMethod) SetType(v string) {
+	o.Type = &v
+}
+
+func (o VerificationMethod) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Constraints != nil {
+		toSerialize["constraints"] = o.Constraints
+	}
+	if o.FactorMode != nil {
+		toSerialize["factorMode"] = o.FactorMode
+	}
+	if o.ReauthenticateIn != nil {
+		toSerialize["reauthenticateIn"] = o.ReauthenticateIn
+	}
+	if o.Type != nil {
+		toSerialize["type"] = o.Type
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *VerificationMethod) UnmarshalJSON(bytes []byte) (err error) {
+	varVerificationMethod := _VerificationMethod{}
+
+	err = json.Unmarshal(bytes, &varVerificationMethod)
+	if err == nil {
+		*o = VerificationMethod(varVerificationMethod)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "constraints")
+		delete(additionalProperties, "factorMode")
+		delete(additionalProperties, "reauthenticateIn")
+		delete(additionalProperties, "type")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableVerificationMethod struct {
+	value *VerificationMethod
+	isSet bool
+}
+
+func (v NullableVerificationMethod) Get() *VerificationMethod {
+	return v.value
+}
+
+func (v *NullableVerificationMethod) Set(val *VerificationMethod) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableVerificationMethod) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableVerificationMethod) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableVerificationMethod(val *VerificationMethod) *NullableVerificationMethod {
+	return &NullableVerificationMethod{value: val, isSet: true}
+}
+
+func (v NullableVerificationMethod) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableVerificationMethod) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_verify_factor_request.go b/okta/model_verify_factor_request.go
new file mode 100644
index 000000000..db04cc793
--- /dev/null
+++ b/okta/model_verify_factor_request.go
@@ -0,0 +1,417 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// VerifyFactorRequest struct for VerifyFactorRequest
+type VerifyFactorRequest struct {
+	ActivationToken      *string `json:"activationToken,omitempty"`
+	Answer               *string `json:"answer,omitempty"`
+	Attestation          *string `json:"attestation,omitempty"`
+	ClientData           *string `json:"clientData,omitempty"`
+	NextPassCode         *string `json:"nextPassCode,omitempty"`
+	PassCode             *string `json:"passCode,omitempty"`
+	RegistrationData     *string `json:"registrationData,omitempty"`
+	StateToken           *string `json:"stateToken,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _VerifyFactorRequest VerifyFactorRequest
+
+// NewVerifyFactorRequest instantiates a new VerifyFactorRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewVerifyFactorRequest() *VerifyFactorRequest {
+	this := VerifyFactorRequest{}
+	return &this
+}
+
+// NewVerifyFactorRequestWithDefaults instantiates a new VerifyFactorRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewVerifyFactorRequestWithDefaults() *VerifyFactorRequest {
+	this := VerifyFactorRequest{}
+	return &this
+}
+
+// GetActivationToken returns the ActivationToken field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetActivationToken() string {
+	if o == nil || o.ActivationToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.ActivationToken
+}
+
+// GetActivationTokenOk returns a tuple with the ActivationToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetActivationTokenOk() (*string, bool) {
+	if o == nil || o.ActivationToken == nil {
+		return nil, false
+	}
+	return o.ActivationToken, true
+}
+
+// HasActivationToken returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasActivationToken() bool {
+	if o != nil && o.ActivationToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetActivationToken gets a reference to the given string and assigns it to the ActivationToken field.
+func (o *VerifyFactorRequest) SetActivationToken(v string) {
+	o.ActivationToken = &v
+}
+
+// GetAnswer returns the Answer field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetAnswer() string {
+	if o == nil || o.Answer == nil {
+		var ret string
+		return ret
+	}
+	return *o.Answer
+}
+
+// GetAnswerOk returns a tuple with the Answer field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetAnswerOk() (*string, bool) {
+	if o == nil || o.Answer == nil {
+		return nil, false
+	}
+	return o.Answer, true
+}
+
+// HasAnswer returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasAnswer() bool {
+	if o != nil && o.Answer != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAnswer gets a reference to the given string and assigns it to the Answer field.
+func (o *VerifyFactorRequest) SetAnswer(v string) {
+	o.Answer = &v
+}
+
+// GetAttestation returns the Attestation field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetAttestation() string {
+	if o == nil || o.Attestation == nil {
+		var ret string
+		return ret
+	}
+	return *o.Attestation
+}
+
+// GetAttestationOk returns a tuple with the Attestation field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetAttestationOk() (*string, bool) {
+	if o == nil || o.Attestation == nil {
+		return nil, false
+	}
+	return o.Attestation, true
+}
+
+// HasAttestation returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasAttestation() bool {
+	if o != nil && o.Attestation != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAttestation gets a reference to the given string and assigns it to the Attestation field.
+func (o *VerifyFactorRequest) SetAttestation(v string) {
+	o.Attestation = &v
+}
+
+// GetClientData returns the ClientData field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetClientData() string {
+	if o == nil || o.ClientData == nil {
+		var ret string
+		return ret
+	}
+	return *o.ClientData
+}
+
+// GetClientDataOk returns a tuple with the ClientData field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetClientDataOk() (*string, bool) {
+	if o == nil || o.ClientData == nil {
+		return nil, false
+	}
+	return o.ClientData, true
+}
+
+// HasClientData returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasClientData() bool {
+	if o != nil && o.ClientData != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetClientData gets a reference to the given string and assigns it to the ClientData field.
+func (o *VerifyFactorRequest) SetClientData(v string) {
+	o.ClientData = &v
+}
+
+// GetNextPassCode returns the NextPassCode field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetNextPassCode() string {
+	if o == nil || o.NextPassCode == nil {
+		var ret string
+		return ret
+	}
+	return *o.NextPassCode
+}
+
+// GetNextPassCodeOk returns a tuple with the NextPassCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetNextPassCodeOk() (*string, bool) {
+	if o == nil || o.NextPassCode == nil {
+		return nil, false
+	}
+	return o.NextPassCode, true
+}
+
+// HasNextPassCode returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasNextPassCode() bool {
+	if o != nil && o.NextPassCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNextPassCode gets a reference to the given string and assigns it to the NextPassCode field.
+func (o *VerifyFactorRequest) SetNextPassCode(v string) {
+	o.NextPassCode = &v
+}
+
+// GetPassCode returns the PassCode field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetPassCode() string {
+	if o == nil || o.PassCode == nil {
+		var ret string
+		return ret
+	}
+	return *o.PassCode
+}
+
+// GetPassCodeOk returns a tuple with the PassCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetPassCodeOk() (*string, bool) {
+	if o == nil || o.PassCode == nil {
+		return nil, false
+	}
+	return o.PassCode, true
+}
+
+// HasPassCode returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasPassCode() bool {
+	if o != nil && o.PassCode != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPassCode gets a reference to the given string and assigns it to the PassCode field.
+func (o *VerifyFactorRequest) SetPassCode(v string) {
+	o.PassCode = &v
+}
+
+// GetRegistrationData returns the RegistrationData field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetRegistrationData() string {
+	if o == nil || o.RegistrationData == nil {
+		var ret string
+		return ret
+	}
+	return *o.RegistrationData
+}
+
+// GetRegistrationDataOk returns a tuple with the RegistrationData field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetRegistrationDataOk() (*string, bool) {
+	if o == nil || o.RegistrationData == nil {
+		return nil, false
+	}
+	return o.RegistrationData, true
+}
+
+// HasRegistrationData returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasRegistrationData() bool {
+	if o != nil && o.RegistrationData != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRegistrationData gets a reference to the given string and assigns it to the RegistrationData field.
+func (o *VerifyFactorRequest) SetRegistrationData(v string) {
+	o.RegistrationData = &v
+}
+
+// GetStateToken returns the StateToken field value if set, zero value otherwise.
+func (o *VerifyFactorRequest) GetStateToken() string {
+	if o == nil || o.StateToken == nil {
+		var ret string
+		return ret
+	}
+	return *o.StateToken
+}
+
+// GetStateTokenOk returns a tuple with the StateToken field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyFactorRequest) GetStateTokenOk() (*string, bool) {
+	if o == nil || o.StateToken == nil {
+		return nil, false
+	}
+	return o.StateToken, true
+}
+
+// HasStateToken returns a boolean if a field has been set.
+func (o *VerifyFactorRequest) HasStateToken() bool {
+	if o != nil && o.StateToken != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetStateToken gets a reference to the given string and assigns it to the StateToken field.
+func (o *VerifyFactorRequest) SetStateToken(v string) {
+	o.StateToken = &v
+}
+
+func (o VerifyFactorRequest) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ActivationToken != nil {
+		toSerialize["activationToken"] = o.ActivationToken
+	}
+	if o.Answer != nil {
+		toSerialize["answer"] = o.Answer
+	}
+	if o.Attestation != nil {
+		toSerialize["attestation"] = o.Attestation
+	}
+	if o.ClientData != nil {
+		toSerialize["clientData"] = o.ClientData
+	}
+	if o.NextPassCode != nil {
+		toSerialize["nextPassCode"] = o.NextPassCode
+	}
+	if o.PassCode != nil {
+		toSerialize["passCode"] = o.PassCode
+	}
+	if o.RegistrationData != nil {
+		toSerialize["registrationData"] = o.RegistrationData
+	}
+	if o.StateToken != nil {
+		toSerialize["stateToken"] = o.StateToken
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *VerifyFactorRequest) UnmarshalJSON(bytes []byte) (err error) {
+	varVerifyFactorRequest := _VerifyFactorRequest{}
+
+	err = json.Unmarshal(bytes, &varVerifyFactorRequest)
+	if err == nil {
+		*o = VerifyFactorRequest(varVerifyFactorRequest)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "activationToken")
+		delete(additionalProperties, "answer")
+		delete(additionalProperties, "attestation")
+		delete(additionalProperties, "clientData")
+		delete(additionalProperties, "nextPassCode")
+		delete(additionalProperties, "passCode")
+		delete(additionalProperties, "registrationData")
+		delete(additionalProperties, "stateToken")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableVerifyFactorRequest struct {
+	value *VerifyFactorRequest
+	isSet bool
+}
+
+func (v NullableVerifyFactorRequest) Get() *VerifyFactorRequest {
+	return v.value
+}
+
+func (v *NullableVerifyFactorRequest) Set(val *VerifyFactorRequest) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableVerifyFactorRequest) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableVerifyFactorRequest) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableVerifyFactorRequest(val *VerifyFactorRequest) *NullableVerifyFactorRequest {
+	return &NullableVerifyFactorRequest{value: val, isSet: true}
+}
+
+func (v NullableVerifyFactorRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableVerifyFactorRequest) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_verify_user_factor_response.go b/okta/model_verify_user_factor_response.go
new file mode 100644
index 000000000..446b0099b
--- /dev/null
+++ b/okta/model_verify_user_factor_response.go
@@ -0,0 +1,307 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// VerifyUserFactorResponse struct for VerifyUserFactorResponse
+type VerifyUserFactorResponse struct {
+	ExpiresAt            *time.Time                        `json:"expiresAt,omitempty"`
+	FactorResult         *VerifyUserFactorResult           `json:"factorResult,omitempty"`
+	FactorResultMessage  *string                           `json:"factorResultMessage,omitempty"`
+	Embedded             map[string]map[string]interface{} `json:"_embedded,omitempty"`
+	Links                map[string]map[string]interface{} `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _VerifyUserFactorResponse VerifyUserFactorResponse
+
+// NewVerifyUserFactorResponse instantiates a new VerifyUserFactorResponse object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewVerifyUserFactorResponse() *VerifyUserFactorResponse {
+	this := VerifyUserFactorResponse{}
+	return &this
+}
+
+// NewVerifyUserFactorResponseWithDefaults instantiates a new VerifyUserFactorResponse object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewVerifyUserFactorResponseWithDefaults() *VerifyUserFactorResponse {
+	this := VerifyUserFactorResponse{}
+	return &this
+}
+
+// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
+func (o *VerifyUserFactorResponse) GetExpiresAt() time.Time {
+	if o == nil || o.ExpiresAt == nil {
+		var ret time.Time
+		return ret
+	}
+	return *o.ExpiresAt
+}
+
+// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserFactorResponse) GetExpiresAtOk() (*time.Time, bool) {
+	if o == nil || o.ExpiresAt == nil {
+		return nil, false
+	}
+	return o.ExpiresAt, true
+}
+
+// HasExpiresAt returns a boolean if a field has been set.
+func (o *VerifyUserFactorResponse) HasExpiresAt() bool {
+	if o != nil && o.ExpiresAt != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetExpiresAt gets a reference to the given time.Time and assigns it to the ExpiresAt field.
+func (o *VerifyUserFactorResponse) SetExpiresAt(v time.Time) {
+	o.ExpiresAt = &v
+}
+
+// GetFactorResult returns the FactorResult field value if set, zero value otherwise.
+func (o *VerifyUserFactorResponse) GetFactorResult() VerifyUserFactorResult {
+	if o == nil || o.FactorResult == nil {
+		var ret VerifyUserFactorResult
+		return ret
+	}
+	return *o.FactorResult
+}
+
+// GetFactorResultOk returns a tuple with the FactorResult field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserFactorResponse) GetFactorResultOk() (*VerifyUserFactorResult, bool) {
+	if o == nil || o.FactorResult == nil {
+		return nil, false
+	}
+	return o.FactorResult, true
+}
+
+// HasFactorResult returns a boolean if a field has been set.
+func (o *VerifyUserFactorResponse) HasFactorResult() bool {
+	if o != nil && o.FactorResult != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorResult gets a reference to the given VerifyUserFactorResult and assigns it to the FactorResult field.
+func (o *VerifyUserFactorResponse) SetFactorResult(v VerifyUserFactorResult) {
+	o.FactorResult = &v
+}
+
+// GetFactorResultMessage returns the FactorResultMessage field value if set, zero value otherwise.
+func (o *VerifyUserFactorResponse) GetFactorResultMessage() string {
+	if o == nil || o.FactorResultMessage == nil {
+		var ret string
+		return ret
+	}
+	return *o.FactorResultMessage
+}
+
+// GetFactorResultMessageOk returns a tuple with the FactorResultMessage field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserFactorResponse) GetFactorResultMessageOk() (*string, bool) {
+	if o == nil || o.FactorResultMessage == nil {
+		return nil, false
+	}
+	return o.FactorResultMessage, true
+}
+
+// HasFactorResultMessage returns a boolean if a field has been set.
+func (o *VerifyUserFactorResponse) HasFactorResultMessage() bool {
+	if o != nil && o.FactorResultMessage != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetFactorResultMessage gets a reference to the given string and assigns it to the FactorResultMessage field.
+func (o *VerifyUserFactorResponse) SetFactorResultMessage(v string) {
+	o.FactorResultMessage = &v
+}
+
+// GetEmbedded returns the Embedded field value if set, zero value otherwise.
+func (o *VerifyUserFactorResponse) GetEmbedded() map[string]map[string]interface{} {
+	if o == nil || o.Embedded == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Embedded
+}
+
+// GetEmbeddedOk returns a tuple with the Embedded field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserFactorResponse) GetEmbeddedOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Embedded == nil {
+		return nil, false
+	}
+	return o.Embedded, true
+}
+
+// HasEmbedded returns a boolean if a field has been set.
+func (o *VerifyUserFactorResponse) HasEmbedded() bool {
+	if o != nil && o.Embedded != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetEmbedded gets a reference to the given map[string]map[string]interface{} and assigns it to the Embedded field.
+func (o *VerifyUserFactorResponse) SetEmbedded(v map[string]map[string]interface{}) {
+	o.Embedded = v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *VerifyUserFactorResponse) GetLinks() map[string]map[string]interface{} {
+	if o == nil || o.Links == nil {
+		var ret map[string]map[string]interface{}
+		return ret
+	}
+	return o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserFactorResponse) GetLinksOk() (map[string]map[string]interface{}, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *VerifyUserFactorResponse) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given map[string]map[string]interface{} and assigns it to the Links field.
+func (o *VerifyUserFactorResponse) SetLinks(v map[string]map[string]interface{}) {
+	o.Links = v
+}
+
+func (o VerifyUserFactorResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.ExpiresAt != nil {
+		toSerialize["expiresAt"] = o.ExpiresAt
+	}
+	if o.FactorResult != nil {
+		toSerialize["factorResult"] = o.FactorResult
+	}
+	if o.FactorResultMessage != nil {
+		toSerialize["factorResultMessage"] = o.FactorResultMessage
+	}
+	if o.Embedded != nil {
+		toSerialize["_embedded"] = o.Embedded
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *VerifyUserFactorResponse) UnmarshalJSON(bytes []byte) (err error) {
+	varVerifyUserFactorResponse := _VerifyUserFactorResponse{}
+
+	err = json.Unmarshal(bytes, &varVerifyUserFactorResponse)
+	if err == nil {
+		*o = VerifyUserFactorResponse(varVerifyUserFactorResponse)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "expiresAt")
+		delete(additionalProperties, "factorResult")
+		delete(additionalProperties, "factorResultMessage")
+		delete(additionalProperties, "_embedded")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableVerifyUserFactorResponse struct {
+	value *VerifyUserFactorResponse
+	isSet bool
+}
+
+func (v NullableVerifyUserFactorResponse) Get() *VerifyUserFactorResponse {
+	return v.value
+}
+
+func (v *NullableVerifyUserFactorResponse) Set(val *VerifyUserFactorResponse) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableVerifyUserFactorResponse) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableVerifyUserFactorResponse) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableVerifyUserFactorResponse(val *VerifyUserFactorResponse) *NullableVerifyUserFactorResponse {
+	return &NullableVerifyUserFactorResponse{value: val, isSet: true}
+}
+
+func (v NullableVerifyUserFactorResponse) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableVerifyUserFactorResponse) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_verify_user_factor_result.go b/okta/model_verify_user_factor_result.go
new file mode 100644
index 000000000..7e07854de
--- /dev/null
+++ b/okta/model_verify_user_factor_result.go
@@ -0,0 +1,140 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// VerifyUserFactorResult the model 'VerifyUserFactorResult'
+type VerifyUserFactorResult string
+
+// List of VerifyUserFactorResult
+const (
+	VERIFYUSERFACTORRESULT_CHALLENGE            VerifyUserFactorResult = "CHALLENGE"
+	VERIFYUSERFACTORRESULT_ERROR                VerifyUserFactorResult = "ERROR"
+	VERIFYUSERFACTORRESULT_EXPIRED              VerifyUserFactorResult = "EXPIRED"
+	VERIFYUSERFACTORRESULT_FAILED               VerifyUserFactorResult = "FAILED"
+	VERIFYUSERFACTORRESULT_PASSCODE_REPLAYED    VerifyUserFactorResult = "PASSCODE_REPLAYED"
+	VERIFYUSERFACTORRESULT_REJECTED             VerifyUserFactorResult = "REJECTED"
+	VERIFYUSERFACTORRESULT_SUCCESS              VerifyUserFactorResult = "SUCCESS"
+	VERIFYUSERFACTORRESULT_TIMEOUT              VerifyUserFactorResult = "TIMEOUT"
+	VERIFYUSERFACTORRESULT_TIME_WINDOW_EXCEEDED VerifyUserFactorResult = "TIME_WINDOW_EXCEEDED"
+	VERIFYUSERFACTORRESULT_WAITING              VerifyUserFactorResult = "WAITING"
+)
+
+// All allowed values of VerifyUserFactorResult enum
+var AllowedVerifyUserFactorResultEnumValues = []VerifyUserFactorResult{
+	"CHALLENGE",
+	"ERROR",
+	"EXPIRED",
+	"FAILED",
+	"PASSCODE_REPLAYED",
+	"REJECTED",
+	"SUCCESS",
+	"TIMEOUT",
+	"TIME_WINDOW_EXCEEDED",
+	"WAITING",
+}
+
+func (v *VerifyUserFactorResult) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := VerifyUserFactorResult(value)
+	for _, existing := range AllowedVerifyUserFactorResultEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid VerifyUserFactorResult", value)
+}
+
+// NewVerifyUserFactorResultFromValue returns a pointer to a valid VerifyUserFactorResult
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewVerifyUserFactorResultFromValue(v string) (*VerifyUserFactorResult, error) {
+	ev := VerifyUserFactorResult(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for VerifyUserFactorResult: valid values are %v", v, AllowedVerifyUserFactorResultEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v VerifyUserFactorResult) IsValid() bool {
+	for _, existing := range AllowedVerifyUserFactorResultEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to VerifyUserFactorResult value
+func (v VerifyUserFactorResult) Ptr() *VerifyUserFactorResult {
+	return &v
+}
+
+type NullableVerifyUserFactorResult struct {
+	value *VerifyUserFactorResult
+	isSet bool
+}
+
+func (v NullableVerifyUserFactorResult) Get() *VerifyUserFactorResult {
+	return v.value
+}
+
+func (v *NullableVerifyUserFactorResult) Set(val *VerifyUserFactorResult) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableVerifyUserFactorResult) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableVerifyUserFactorResult) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableVerifyUserFactorResult(val *VerifyUserFactorResult) *NullableVerifyUserFactorResult {
+	return &NullableVerifyUserFactorResult{value: val, isSet: true}
+}
+
+func (v NullableVerifyUserFactorResult) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableVerifyUserFactorResult) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_version_object.go b/okta/model_version_object.go
new file mode 100644
index 000000000..64d0b2d18
--- /dev/null
+++ b/okta/model_version_object.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// VersionObject struct for VersionObject
+type VersionObject struct {
+	Minimum              *string `json:"minimum,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _VersionObject VersionObject
+
+// NewVersionObject instantiates a new VersionObject object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewVersionObject() *VersionObject {
+	this := VersionObject{}
+	return &this
+}
+
+// NewVersionObjectWithDefaults instantiates a new VersionObject object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewVersionObjectWithDefaults() *VersionObject {
+	this := VersionObject{}
+	return &this
+}
+
+// GetMinimum returns the Minimum field value if set, zero value otherwise.
+func (o *VersionObject) GetMinimum() string {
+	if o == nil || o.Minimum == nil {
+		var ret string
+		return ret
+	}
+	return *o.Minimum
+}
+
+// GetMinimumOk returns a tuple with the Minimum field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VersionObject) GetMinimumOk() (*string, bool) {
+	if o == nil || o.Minimum == nil {
+		return nil, false
+	}
+	return o.Minimum, true
+}
+
+// HasMinimum returns a boolean if a field has been set.
+func (o *VersionObject) HasMinimum() bool {
+	if o != nil && o.Minimum != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetMinimum gets a reference to the given string and assigns it to the Minimum field.
+func (o *VersionObject) SetMinimum(v string) {
+	o.Minimum = &v
+}
+
+func (o VersionObject) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Minimum != nil {
+		toSerialize["minimum"] = o.Minimum
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *VersionObject) UnmarshalJSON(bytes []byte) (err error) {
+	varVersionObject := _VersionObject{}
+
+	err = json.Unmarshal(bytes, &varVersionObject)
+	if err == nil {
+		*o = VersionObject(varVersionObject)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "minimum")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableVersionObject struct {
+	value *VersionObject
+	isSet bool
+}
+
+func (v NullableVersionObject) Get() *VersionObject {
+	return v.value
+}
+
+func (v *NullableVersionObject) Set(val *VersionObject) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableVersionObject) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableVersionObject) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableVersionObject(val *VersionObject) *NullableVersionObject {
+	return &NullableVersionObject{value: val, isSet: true}
+}
+
+func (v NullableVersionObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableVersionObject) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_web_authn_user_factor.go b/okta/model_web_authn_user_factor.go
new file mode 100644
index 000000000..008df3af9
--- /dev/null
+++ b/okta/model_web_authn_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// WebAuthnUserFactor struct for WebAuthnUserFactor
+type WebAuthnUserFactor struct {
+	UserFactor
+	Profile              *WebAuthnUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WebAuthnUserFactor WebAuthnUserFactor
+
+// NewWebAuthnUserFactor instantiates a new WebAuthnUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWebAuthnUserFactor() *WebAuthnUserFactor {
+	this := WebAuthnUserFactor{}
+	return &this
+}
+
+// NewWebAuthnUserFactorWithDefaults instantiates a new WebAuthnUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWebAuthnUserFactorWithDefaults() *WebAuthnUserFactor {
+	this := WebAuthnUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *WebAuthnUserFactor) GetProfile() WebAuthnUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret WebAuthnUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WebAuthnUserFactor) GetProfileOk() (*WebAuthnUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *WebAuthnUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given WebAuthnUserFactorProfile and assigns it to the Profile field.
+func (o *WebAuthnUserFactor) SetProfile(v WebAuthnUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o WebAuthnUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WebAuthnUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type WebAuthnUserFactorWithoutEmbeddedStruct struct {
+		Profile *WebAuthnUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varWebAuthnUserFactorWithoutEmbeddedStruct := WebAuthnUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varWebAuthnUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varWebAuthnUserFactor := _WebAuthnUserFactor{}
+		varWebAuthnUserFactor.Profile = varWebAuthnUserFactorWithoutEmbeddedStruct.Profile
+		*o = WebAuthnUserFactor(varWebAuthnUserFactor)
+	} else {
+		return err
+	}
+
+	varWebAuthnUserFactor := _WebAuthnUserFactor{}
+
+	err = json.Unmarshal(bytes, &varWebAuthnUserFactor)
+	if err == nil {
+		o.UserFactor = varWebAuthnUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWebAuthnUserFactor struct {
+	value *WebAuthnUserFactor
+	isSet bool
+}
+
+func (v NullableWebAuthnUserFactor) Get() *WebAuthnUserFactor {
+	return v.value
+}
+
+func (v *NullableWebAuthnUserFactor) Set(val *WebAuthnUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWebAuthnUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWebAuthnUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWebAuthnUserFactor(val *WebAuthnUserFactor) *NullableWebAuthnUserFactor {
+	return &NullableWebAuthnUserFactor{value: val, isSet: true}
+}
+
+func (v NullableWebAuthnUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWebAuthnUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_web_authn_user_factor_all_of.go b/okta/model_web_authn_user_factor_all_of.go
new file mode 100644
index 000000000..c5e81aa46
--- /dev/null
+++ b/okta/model_web_authn_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WebAuthnUserFactorAllOf struct for WebAuthnUserFactorAllOf
+type WebAuthnUserFactorAllOf struct {
+	Profile              *WebAuthnUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WebAuthnUserFactorAllOf WebAuthnUserFactorAllOf
+
+// NewWebAuthnUserFactorAllOf instantiates a new WebAuthnUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWebAuthnUserFactorAllOf() *WebAuthnUserFactorAllOf {
+	this := WebAuthnUserFactorAllOf{}
+	return &this
+}
+
+// NewWebAuthnUserFactorAllOfWithDefaults instantiates a new WebAuthnUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWebAuthnUserFactorAllOfWithDefaults() *WebAuthnUserFactorAllOf {
+	this := WebAuthnUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *WebAuthnUserFactorAllOf) GetProfile() WebAuthnUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret WebAuthnUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WebAuthnUserFactorAllOf) GetProfileOk() (*WebAuthnUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *WebAuthnUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given WebAuthnUserFactorProfile and assigns it to the Profile field.
+func (o *WebAuthnUserFactorAllOf) SetProfile(v WebAuthnUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o WebAuthnUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WebAuthnUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varWebAuthnUserFactorAllOf := _WebAuthnUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varWebAuthnUserFactorAllOf)
+	if err == nil {
+		*o = WebAuthnUserFactorAllOf(varWebAuthnUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWebAuthnUserFactorAllOf struct {
+	value *WebAuthnUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableWebAuthnUserFactorAllOf) Get() *WebAuthnUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableWebAuthnUserFactorAllOf) Set(val *WebAuthnUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWebAuthnUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWebAuthnUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWebAuthnUserFactorAllOf(val *WebAuthnUserFactorAllOf) *NullableWebAuthnUserFactorAllOf {
+	return &NullableWebAuthnUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableWebAuthnUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWebAuthnUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_web_authn_user_factor_profile.go b/okta/model_web_authn_user_factor_profile.go
new file mode 100644
index 000000000..9e5010326
--- /dev/null
+++ b/okta/model_web_authn_user_factor_profile.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WebAuthnUserFactorProfile struct for WebAuthnUserFactorProfile
+type WebAuthnUserFactorProfile struct {
+	AuthenticatorName    *string `json:"authenticatorName,omitempty"`
+	CredentialId         *string `json:"credentialId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WebAuthnUserFactorProfile WebAuthnUserFactorProfile
+
+// NewWebAuthnUserFactorProfile instantiates a new WebAuthnUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWebAuthnUserFactorProfile() *WebAuthnUserFactorProfile {
+	this := WebAuthnUserFactorProfile{}
+	return &this
+}
+
+// NewWebAuthnUserFactorProfileWithDefaults instantiates a new WebAuthnUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWebAuthnUserFactorProfileWithDefaults() *WebAuthnUserFactorProfile {
+	this := WebAuthnUserFactorProfile{}
+	return &this
+}
+
+// GetAuthenticatorName returns the AuthenticatorName field value if set, zero value otherwise.
+func (o *WebAuthnUserFactorProfile) GetAuthenticatorName() string {
+	if o == nil || o.AuthenticatorName == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthenticatorName
+}
+
+// GetAuthenticatorNameOk returns a tuple with the AuthenticatorName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WebAuthnUserFactorProfile) GetAuthenticatorNameOk() (*string, bool) {
+	if o == nil || o.AuthenticatorName == nil {
+		return nil, false
+	}
+	return o.AuthenticatorName, true
+}
+
+// HasAuthenticatorName returns a boolean if a field has been set.
+func (o *WebAuthnUserFactorProfile) HasAuthenticatorName() bool {
+	if o != nil && o.AuthenticatorName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthenticatorName gets a reference to the given string and assigns it to the AuthenticatorName field.
+func (o *WebAuthnUserFactorProfile) SetAuthenticatorName(v string) {
+	o.AuthenticatorName = &v
+}
+
+// GetCredentialId returns the CredentialId field value if set, zero value otherwise.
+func (o *WebAuthnUserFactorProfile) GetCredentialId() string {
+	if o == nil || o.CredentialId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CredentialId
+}
+
+// GetCredentialIdOk returns a tuple with the CredentialId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WebAuthnUserFactorProfile) GetCredentialIdOk() (*string, bool) {
+	if o == nil || o.CredentialId == nil {
+		return nil, false
+	}
+	return o.CredentialId, true
+}
+
+// HasCredentialId returns a boolean if a field has been set.
+func (o *WebAuthnUserFactorProfile) HasCredentialId() bool {
+	if o != nil && o.CredentialId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialId gets a reference to the given string and assigns it to the CredentialId field.
+func (o *WebAuthnUserFactorProfile) SetCredentialId(v string) {
+	o.CredentialId = &v
+}
+
+func (o WebAuthnUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AuthenticatorName != nil {
+		toSerialize["authenticatorName"] = o.AuthenticatorName
+	}
+	if o.CredentialId != nil {
+		toSerialize["credentialId"] = o.CredentialId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WebAuthnUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varWebAuthnUserFactorProfile := _WebAuthnUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varWebAuthnUserFactorProfile)
+	if err == nil {
+		*o = WebAuthnUserFactorProfile(varWebAuthnUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "authenticatorName")
+		delete(additionalProperties, "credentialId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWebAuthnUserFactorProfile struct {
+	value *WebAuthnUserFactorProfile
+	isSet bool
+}
+
+func (v NullableWebAuthnUserFactorProfile) Get() *WebAuthnUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableWebAuthnUserFactorProfile) Set(val *WebAuthnUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWebAuthnUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWebAuthnUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWebAuthnUserFactorProfile(val *WebAuthnUserFactorProfile) *NullableWebAuthnUserFactorProfile {
+	return &NullableWebAuthnUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableWebAuthnUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWebAuthnUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_web_user_factor.go b/okta/model_web_user_factor.go
new file mode 100644
index 000000000..c397b669d
--- /dev/null
+++ b/okta/model_web_user_factor.go
@@ -0,0 +1,203 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// WebUserFactor struct for WebUserFactor
+type WebUserFactor struct {
+	UserFactor
+	Profile              *WebUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WebUserFactor WebUserFactor
+
+// NewWebUserFactor instantiates a new WebUserFactor object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWebUserFactor() *WebUserFactor {
+	this := WebUserFactor{}
+	return &this
+}
+
+// NewWebUserFactorWithDefaults instantiates a new WebUserFactor object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWebUserFactorWithDefaults() *WebUserFactor {
+	this := WebUserFactor{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *WebUserFactor) GetProfile() WebUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret WebUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WebUserFactor) GetProfileOk() (*WebUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *WebUserFactor) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given WebUserFactorProfile and assigns it to the Profile field.
+func (o *WebUserFactor) SetProfile(v WebUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o WebUserFactor) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedUserFactor, errUserFactor := json.Marshal(o.UserFactor)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	errUserFactor = json.Unmarshal([]byte(serializedUserFactor), &toSerialize)
+	if errUserFactor != nil {
+		return []byte{}, errUserFactor
+	}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WebUserFactor) UnmarshalJSON(bytes []byte) (err error) {
+	type WebUserFactorWithoutEmbeddedStruct struct {
+		Profile *WebUserFactorProfile `json:"profile,omitempty"`
+	}
+
+	varWebUserFactorWithoutEmbeddedStruct := WebUserFactorWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varWebUserFactorWithoutEmbeddedStruct)
+	if err == nil {
+		varWebUserFactor := _WebUserFactor{}
+		varWebUserFactor.Profile = varWebUserFactorWithoutEmbeddedStruct.Profile
+		*o = WebUserFactor(varWebUserFactor)
+	} else {
+		return err
+	}
+
+	varWebUserFactor := _WebUserFactor{}
+
+	err = json.Unmarshal(bytes, &varWebUserFactor)
+	if err == nil {
+		o.UserFactor = varWebUserFactor.UserFactor
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+
+		// remove fields from embedded structs
+		reflectUserFactor := reflect.ValueOf(o.UserFactor)
+		for i := 0; i < reflectUserFactor.Type().NumField(); i++ {
+			t := reflectUserFactor.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWebUserFactor struct {
+	value *WebUserFactor
+	isSet bool
+}
+
+func (v NullableWebUserFactor) Get() *WebUserFactor {
+	return v.value
+}
+
+func (v *NullableWebUserFactor) Set(val *WebUserFactor) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWebUserFactor) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWebUserFactor) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWebUserFactor(val *WebUserFactor) *NullableWebUserFactor {
+	return &NullableWebUserFactor{value: val, isSet: true}
+}
+
+func (v NullableWebUserFactor) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWebUserFactor) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_web_user_factor_all_of.go b/okta/model_web_user_factor_all_of.go
new file mode 100644
index 000000000..62fc04b96
--- /dev/null
+++ b/okta/model_web_user_factor_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WebUserFactorAllOf struct for WebUserFactorAllOf
+type WebUserFactorAllOf struct {
+	Profile              *WebUserFactorProfile `json:"profile,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WebUserFactorAllOf WebUserFactorAllOf
+
+// NewWebUserFactorAllOf instantiates a new WebUserFactorAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWebUserFactorAllOf() *WebUserFactorAllOf {
+	this := WebUserFactorAllOf{}
+	return &this
+}
+
+// NewWebUserFactorAllOfWithDefaults instantiates a new WebUserFactorAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWebUserFactorAllOfWithDefaults() *WebUserFactorAllOf {
+	this := WebUserFactorAllOf{}
+	return &this
+}
+
+// GetProfile returns the Profile field value if set, zero value otherwise.
+func (o *WebUserFactorAllOf) GetProfile() WebUserFactorProfile {
+	if o == nil || o.Profile == nil {
+		var ret WebUserFactorProfile
+		return ret
+	}
+	return *o.Profile
+}
+
+// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WebUserFactorAllOf) GetProfileOk() (*WebUserFactorProfile, bool) {
+	if o == nil || o.Profile == nil {
+		return nil, false
+	}
+	return o.Profile, true
+}
+
+// HasProfile returns a boolean if a field has been set.
+func (o *WebUserFactorAllOf) HasProfile() bool {
+	if o != nil && o.Profile != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetProfile gets a reference to the given WebUserFactorProfile and assigns it to the Profile field.
+func (o *WebUserFactorAllOf) SetProfile(v WebUserFactorProfile) {
+	o.Profile = &v
+}
+
+func (o WebUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Profile != nil {
+		toSerialize["profile"] = o.Profile
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WebUserFactorAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varWebUserFactorAllOf := _WebUserFactorAllOf{}
+
+	err = json.Unmarshal(bytes, &varWebUserFactorAllOf)
+	if err == nil {
+		*o = WebUserFactorAllOf(varWebUserFactorAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "profile")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWebUserFactorAllOf struct {
+	value *WebUserFactorAllOf
+	isSet bool
+}
+
+func (v NullableWebUserFactorAllOf) Get() *WebUserFactorAllOf {
+	return v.value
+}
+
+func (v *NullableWebUserFactorAllOf) Set(val *WebUserFactorAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWebUserFactorAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWebUserFactorAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWebUserFactorAllOf(val *WebUserFactorAllOf) *NullableWebUserFactorAllOf {
+	return &NullableWebUserFactorAllOf{value: val, isSet: true}
+}
+
+func (v NullableWebUserFactorAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWebUserFactorAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_web_user_factor_profile.go b/okta/model_web_user_factor_profile.go
new file mode 100644
index 000000000..99dec0ee6
--- /dev/null
+++ b/okta/model_web_user_factor_profile.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WebUserFactorProfile struct for WebUserFactorProfile
+type WebUserFactorProfile struct {
+	CredentialId         *string `json:"credentialId,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WebUserFactorProfile WebUserFactorProfile
+
+// NewWebUserFactorProfile instantiates a new WebUserFactorProfile object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWebUserFactorProfile() *WebUserFactorProfile {
+	this := WebUserFactorProfile{}
+	return &this
+}
+
+// NewWebUserFactorProfileWithDefaults instantiates a new WebUserFactorProfile object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWebUserFactorProfileWithDefaults() *WebUserFactorProfile {
+	this := WebUserFactorProfile{}
+	return &this
+}
+
+// GetCredentialId returns the CredentialId field value if set, zero value otherwise.
+func (o *WebUserFactorProfile) GetCredentialId() string {
+	if o == nil || o.CredentialId == nil {
+		var ret string
+		return ret
+	}
+	return *o.CredentialId
+}
+
+// GetCredentialIdOk returns a tuple with the CredentialId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WebUserFactorProfile) GetCredentialIdOk() (*string, bool) {
+	if o == nil || o.CredentialId == nil {
+		return nil, false
+	}
+	return o.CredentialId, true
+}
+
+// HasCredentialId returns a boolean if a field has been set.
+func (o *WebUserFactorProfile) HasCredentialId() bool {
+	if o != nil && o.CredentialId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentialId gets a reference to the given string and assigns it to the CredentialId field.
+func (o *WebUserFactorProfile) SetCredentialId(v string) {
+	o.CredentialId = &v
+}
+
+func (o WebUserFactorProfile) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.CredentialId != nil {
+		toSerialize["credentialId"] = o.CredentialId
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WebUserFactorProfile) UnmarshalJSON(bytes []byte) (err error) {
+	varWebUserFactorProfile := _WebUserFactorProfile{}
+
+	err = json.Unmarshal(bytes, &varWebUserFactorProfile)
+	if err == nil {
+		*o = WebUserFactorProfile(varWebUserFactorProfile)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentialId")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWebUserFactorProfile struct {
+	value *WebUserFactorProfile
+	isSet bool
+}
+
+func (v NullableWebUserFactorProfile) Get() *WebUserFactorProfile {
+	return v.value
+}
+
+func (v *NullableWebUserFactorProfile) Set(val *WebUserFactorProfile) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWebUserFactorProfile) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWebUserFactorProfile) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWebUserFactorProfile(val *WebUserFactorProfile) *NullableWebUserFactorProfile {
+	return &NullableWebUserFactorProfile{value: val, isSet: true}
+}
+
+func (v NullableWebUserFactorProfile) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWebUserFactorProfile) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_well_known_org_metadata.go b/okta/model_well_known_org_metadata.go
new file mode 100644
index 000000000..6a78f037c
--- /dev/null
+++ b/okta/model_well_known_org_metadata.go
@@ -0,0 +1,270 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WellKnownOrgMetadata struct for WellKnownOrgMetadata
+type WellKnownOrgMetadata struct {
+	// The unique identifier of the Org
+	Id                   *string                       `json:"id,omitempty"`
+	Pipeline             *PipelineType                 `json:"pipeline,omitempty"`
+	Settings             *WellKnownOrgMetadataSettings `json:"settings,omitempty"`
+	Links                *WellKnownOrgMetadataLinks    `json:"_links,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WellKnownOrgMetadata WellKnownOrgMetadata
+
+// NewWellKnownOrgMetadata instantiates a new WellKnownOrgMetadata object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWellKnownOrgMetadata() *WellKnownOrgMetadata {
+	this := WellKnownOrgMetadata{}
+	return &this
+}
+
+// NewWellKnownOrgMetadataWithDefaults instantiates a new WellKnownOrgMetadata object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWellKnownOrgMetadataWithDefaults() *WellKnownOrgMetadata {
+	this := WellKnownOrgMetadata{}
+	return &this
+}
+
+// GetId returns the Id field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadata) GetId() string {
+	if o == nil || o.Id == nil {
+		var ret string
+		return ret
+	}
+	return *o.Id
+}
+
+// GetIdOk returns a tuple with the Id field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadata) GetIdOk() (*string, bool) {
+	if o == nil || o.Id == nil {
+		return nil, false
+	}
+	return o.Id, true
+}
+
+// HasId returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadata) HasId() bool {
+	if o != nil && o.Id != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetId gets a reference to the given string and assigns it to the Id field.
+func (o *WellKnownOrgMetadata) SetId(v string) {
+	o.Id = &v
+}
+
+// GetPipeline returns the Pipeline field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadata) GetPipeline() PipelineType {
+	if o == nil || o.Pipeline == nil {
+		var ret PipelineType
+		return ret
+	}
+	return *o.Pipeline
+}
+
+// GetPipelineOk returns a tuple with the Pipeline field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadata) GetPipelineOk() (*PipelineType, bool) {
+	if o == nil || o.Pipeline == nil {
+		return nil, false
+	}
+	return o.Pipeline, true
+}
+
+// HasPipeline returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadata) HasPipeline() bool {
+	if o != nil && o.Pipeline != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetPipeline gets a reference to the given PipelineType and assigns it to the Pipeline field.
+func (o *WellKnownOrgMetadata) SetPipeline(v PipelineType) {
+	o.Pipeline = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadata) GetSettings() WellKnownOrgMetadataSettings {
+	if o == nil || o.Settings == nil {
+		var ret WellKnownOrgMetadataSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadata) GetSettingsOk() (*WellKnownOrgMetadataSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadata) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given WellKnownOrgMetadataSettings and assigns it to the Settings field.
+func (o *WellKnownOrgMetadata) SetSettings(v WellKnownOrgMetadataSettings) {
+	o.Settings = &v
+}
+
+// GetLinks returns the Links field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadata) GetLinks() WellKnownOrgMetadataLinks {
+	if o == nil || o.Links == nil {
+		var ret WellKnownOrgMetadataLinks
+		return ret
+	}
+	return *o.Links
+}
+
+// GetLinksOk returns a tuple with the Links field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadata) GetLinksOk() (*WellKnownOrgMetadataLinks, bool) {
+	if o == nil || o.Links == nil {
+		return nil, false
+	}
+	return o.Links, true
+}
+
+// HasLinks returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadata) HasLinks() bool {
+	if o != nil && o.Links != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetLinks gets a reference to the given WellKnownOrgMetadataLinks and assigns it to the Links field.
+func (o *WellKnownOrgMetadata) SetLinks(v WellKnownOrgMetadataLinks) {
+	o.Links = &v
+}
+
+func (o WellKnownOrgMetadata) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Id != nil {
+		toSerialize["id"] = o.Id
+	}
+	if o.Pipeline != nil {
+		toSerialize["pipeline"] = o.Pipeline
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+	if o.Links != nil {
+		toSerialize["_links"] = o.Links
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WellKnownOrgMetadata) UnmarshalJSON(bytes []byte) (err error) {
+	varWellKnownOrgMetadata := _WellKnownOrgMetadata{}
+
+	err = json.Unmarshal(bytes, &varWellKnownOrgMetadata)
+	if err == nil {
+		*o = WellKnownOrgMetadata(varWellKnownOrgMetadata)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "id")
+		delete(additionalProperties, "pipeline")
+		delete(additionalProperties, "settings")
+		delete(additionalProperties, "_links")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWellKnownOrgMetadata struct {
+	value *WellKnownOrgMetadata
+	isSet bool
+}
+
+func (v NullableWellKnownOrgMetadata) Get() *WellKnownOrgMetadata {
+	return v.value
+}
+
+func (v *NullableWellKnownOrgMetadata) Set(val *WellKnownOrgMetadata) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWellKnownOrgMetadata) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWellKnownOrgMetadata) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWellKnownOrgMetadata(val *WellKnownOrgMetadata) *NullableWellKnownOrgMetadata {
+	return &NullableWellKnownOrgMetadata{value: val, isSet: true}
+}
+
+func (v NullableWellKnownOrgMetadata) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWellKnownOrgMetadata) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_well_known_org_metadata__links.go b/okta/model_well_known_org_metadata__links.go
new file mode 100644
index 000000000..93e01e924
--- /dev/null
+++ b/okta/model_well_known_org_metadata__links.go
@@ -0,0 +1,195 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WellKnownOrgMetadataLinks struct for WellKnownOrgMetadataLinks
+type WellKnownOrgMetadataLinks struct {
+	Alternate            *HrefObject `json:"alternate,omitempty"`
+	Organization         *HrefObject `json:"organization,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WellKnownOrgMetadataLinks WellKnownOrgMetadataLinks
+
+// NewWellKnownOrgMetadataLinks instantiates a new WellKnownOrgMetadataLinks object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWellKnownOrgMetadataLinks() *WellKnownOrgMetadataLinks {
+	this := WellKnownOrgMetadataLinks{}
+	return &this
+}
+
+// NewWellKnownOrgMetadataLinksWithDefaults instantiates a new WellKnownOrgMetadataLinks object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWellKnownOrgMetadataLinksWithDefaults() *WellKnownOrgMetadataLinks {
+	this := WellKnownOrgMetadataLinks{}
+	return &this
+}
+
+// GetAlternate returns the Alternate field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadataLinks) GetAlternate() HrefObject {
+	if o == nil || o.Alternate == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Alternate
+}
+
+// GetAlternateOk returns a tuple with the Alternate field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadataLinks) GetAlternateOk() (*HrefObject, bool) {
+	if o == nil || o.Alternate == nil {
+		return nil, false
+	}
+	return o.Alternate, true
+}
+
+// HasAlternate returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadataLinks) HasAlternate() bool {
+	if o != nil && o.Alternate != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAlternate gets a reference to the given HrefObject and assigns it to the Alternate field.
+func (o *WellKnownOrgMetadataLinks) SetAlternate(v HrefObject) {
+	o.Alternate = &v
+}
+
+// GetOrganization returns the Organization field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadataLinks) GetOrganization() HrefObject {
+	if o == nil || o.Organization == nil {
+		var ret HrefObject
+		return ret
+	}
+	return *o.Organization
+}
+
+// GetOrganizationOk returns a tuple with the Organization field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadataLinks) GetOrganizationOk() (*HrefObject, bool) {
+	if o == nil || o.Organization == nil {
+		return nil, false
+	}
+	return o.Organization, true
+}
+
+// HasOrganization returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadataLinks) HasOrganization() bool {
+	if o != nil && o.Organization != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOrganization gets a reference to the given HrefObject and assigns it to the Organization field.
+func (o *WellKnownOrgMetadataLinks) SetOrganization(v HrefObject) {
+	o.Organization = &v
+}
+
+func (o WellKnownOrgMetadataLinks) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Alternate != nil {
+		toSerialize["alternate"] = o.Alternate
+	}
+	if o.Organization != nil {
+		toSerialize["organization"] = o.Organization
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WellKnownOrgMetadataLinks) UnmarshalJSON(bytes []byte) (err error) {
+	varWellKnownOrgMetadataLinks := _WellKnownOrgMetadataLinks{}
+
+	err = json.Unmarshal(bytes, &varWellKnownOrgMetadataLinks)
+	if err == nil {
+		*o = WellKnownOrgMetadataLinks(varWellKnownOrgMetadataLinks)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "alternate")
+		delete(additionalProperties, "organization")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWellKnownOrgMetadataLinks struct {
+	value *WellKnownOrgMetadataLinks
+	isSet bool
+}
+
+func (v NullableWellKnownOrgMetadataLinks) Get() *WellKnownOrgMetadataLinks {
+	return v.value
+}
+
+func (v *NullableWellKnownOrgMetadataLinks) Set(val *WellKnownOrgMetadataLinks) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWellKnownOrgMetadataLinks) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWellKnownOrgMetadataLinks) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWellKnownOrgMetadataLinks(val *WellKnownOrgMetadataLinks) *NullableWellKnownOrgMetadataLinks {
+	return &NullableWellKnownOrgMetadataLinks{value: val, isSet: true}
+}
+
+func (v NullableWellKnownOrgMetadataLinks) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWellKnownOrgMetadataLinks) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_well_known_org_metadata_settings.go b/okta/model_well_known_org_metadata_settings.go
new file mode 100644
index 000000000..1332e01c0
--- /dev/null
+++ b/okta/model_well_known_org_metadata_settings.go
@@ -0,0 +1,233 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WellKnownOrgMetadataSettings struct for WellKnownOrgMetadataSettings
+type WellKnownOrgMetadataSettings struct {
+	AnalyticsCollectionEnabled *bool `json:"analyticsCollectionEnabled,omitempty"`
+	BugReportingEnabled        *bool `json:"bugReportingEnabled,omitempty"`
+	// Whether the legacy Okta Mobile application is enabled for the org
+	OmEnabled            *bool `json:"omEnabled,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WellKnownOrgMetadataSettings WellKnownOrgMetadataSettings
+
+// NewWellKnownOrgMetadataSettings instantiates a new WellKnownOrgMetadataSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWellKnownOrgMetadataSettings() *WellKnownOrgMetadataSettings {
+	this := WellKnownOrgMetadataSettings{}
+	return &this
+}
+
+// NewWellKnownOrgMetadataSettingsWithDefaults instantiates a new WellKnownOrgMetadataSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWellKnownOrgMetadataSettingsWithDefaults() *WellKnownOrgMetadataSettings {
+	this := WellKnownOrgMetadataSettings{}
+	return &this
+}
+
+// GetAnalyticsCollectionEnabled returns the AnalyticsCollectionEnabled field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadataSettings) GetAnalyticsCollectionEnabled() bool {
+	if o == nil || o.AnalyticsCollectionEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.AnalyticsCollectionEnabled
+}
+
+// GetAnalyticsCollectionEnabledOk returns a tuple with the AnalyticsCollectionEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadataSettings) GetAnalyticsCollectionEnabledOk() (*bool, bool) {
+	if o == nil || o.AnalyticsCollectionEnabled == nil {
+		return nil, false
+	}
+	return o.AnalyticsCollectionEnabled, true
+}
+
+// HasAnalyticsCollectionEnabled returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadataSettings) HasAnalyticsCollectionEnabled() bool {
+	if o != nil && o.AnalyticsCollectionEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAnalyticsCollectionEnabled gets a reference to the given bool and assigns it to the AnalyticsCollectionEnabled field.
+func (o *WellKnownOrgMetadataSettings) SetAnalyticsCollectionEnabled(v bool) {
+	o.AnalyticsCollectionEnabled = &v
+}
+
+// GetBugReportingEnabled returns the BugReportingEnabled field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadataSettings) GetBugReportingEnabled() bool {
+	if o == nil || o.BugReportingEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.BugReportingEnabled
+}
+
+// GetBugReportingEnabledOk returns a tuple with the BugReportingEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadataSettings) GetBugReportingEnabledOk() (*bool, bool) {
+	if o == nil || o.BugReportingEnabled == nil {
+		return nil, false
+	}
+	return o.BugReportingEnabled, true
+}
+
+// HasBugReportingEnabled returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadataSettings) HasBugReportingEnabled() bool {
+	if o != nil && o.BugReportingEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetBugReportingEnabled gets a reference to the given bool and assigns it to the BugReportingEnabled field.
+func (o *WellKnownOrgMetadataSettings) SetBugReportingEnabled(v bool) {
+	o.BugReportingEnabled = &v
+}
+
+// GetOmEnabled returns the OmEnabled field value if set, zero value otherwise.
+func (o *WellKnownOrgMetadataSettings) GetOmEnabled() bool {
+	if o == nil || o.OmEnabled == nil {
+		var ret bool
+		return ret
+	}
+	return *o.OmEnabled
+}
+
+// GetOmEnabledOk returns a tuple with the OmEnabled field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WellKnownOrgMetadataSettings) GetOmEnabledOk() (*bool, bool) {
+	if o == nil || o.OmEnabled == nil {
+		return nil, false
+	}
+	return o.OmEnabled, true
+}
+
+// HasOmEnabled returns a boolean if a field has been set.
+func (o *WellKnownOrgMetadataSettings) HasOmEnabled() bool {
+	if o != nil && o.OmEnabled != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetOmEnabled gets a reference to the given bool and assigns it to the OmEnabled field.
+func (o *WellKnownOrgMetadataSettings) SetOmEnabled(v bool) {
+	o.OmEnabled = &v
+}
+
+func (o WellKnownOrgMetadataSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AnalyticsCollectionEnabled != nil {
+		toSerialize["analyticsCollectionEnabled"] = o.AnalyticsCollectionEnabled
+	}
+	if o.BugReportingEnabled != nil {
+		toSerialize["bugReportingEnabled"] = o.BugReportingEnabled
+	}
+	if o.OmEnabled != nil {
+		toSerialize["omEnabled"] = o.OmEnabled
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WellKnownOrgMetadataSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varWellKnownOrgMetadataSettings := _WellKnownOrgMetadataSettings{}
+
+	err = json.Unmarshal(bytes, &varWellKnownOrgMetadataSettings)
+	if err == nil {
+		*o = WellKnownOrgMetadataSettings(varWellKnownOrgMetadataSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "analyticsCollectionEnabled")
+		delete(additionalProperties, "bugReportingEnabled")
+		delete(additionalProperties, "omEnabled")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWellKnownOrgMetadataSettings struct {
+	value *WellKnownOrgMetadataSettings
+	isSet bool
+}
+
+func (v NullableWellKnownOrgMetadataSettings) Get() *WellKnownOrgMetadataSettings {
+	return v.value
+}
+
+func (v *NullableWellKnownOrgMetadataSettings) Set(val *WellKnownOrgMetadataSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWellKnownOrgMetadataSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWellKnownOrgMetadataSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWellKnownOrgMetadataSettings(val *WellKnownOrgMetadataSettings) *NullableWellKnownOrgMetadataSettings {
+	return &NullableWellKnownOrgMetadataSettings{value: val, isSet: true}
+}
+
+func (v NullableWellKnownOrgMetadataSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWellKnownOrgMetadataSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_ws_federation_application.go b/okta/model_ws_federation_application.go
new file mode 100644
index 000000000..f4a5fc044
--- /dev/null
+++ b/okta/model_ws_federation_application.go
@@ -0,0 +1,285 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"reflect"
+	"strings"
+)
+
+// WsFederationApplication struct for WsFederationApplication
+type WsFederationApplication struct {
+	Application
+	Credentials          *ApplicationCredentials          `json:"credentials,omitempty"`
+	Name                 *string                          `json:"name,omitempty"`
+	Settings             *WsFederationApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WsFederationApplication WsFederationApplication
+
+// NewWsFederationApplication instantiates a new WsFederationApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWsFederationApplication() *WsFederationApplication {
+	this := WsFederationApplication{}
+	var name string = "template_wsfed"
+	this.Name = &name
+	return &this
+}
+
+// NewWsFederationApplicationWithDefaults instantiates a new WsFederationApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWsFederationApplicationWithDefaults() *WsFederationApplication {
+	this := WsFederationApplication{}
+	var name string = "template_wsfed"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *WsFederationApplication) GetCredentials() ApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret ApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplication) GetCredentialsOk() (*ApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *WsFederationApplication) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given ApplicationCredentials and assigns it to the Credentials field.
+func (o *WsFederationApplication) SetCredentials(v ApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *WsFederationApplication) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplication) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *WsFederationApplication) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *WsFederationApplication) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *WsFederationApplication) GetSettings() WsFederationApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret WsFederationApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplication) GetSettingsOk() (*WsFederationApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *WsFederationApplication) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given WsFederationApplicationSettings and assigns it to the Settings field.
+func (o *WsFederationApplication) SetSettings(v WsFederationApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o WsFederationApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	serializedApplication, errApplication := json.Marshal(o.Application)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	errApplication = json.Unmarshal([]byte(serializedApplication), &toSerialize)
+	if errApplication != nil {
+		return []byte{}, errApplication
+	}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WsFederationApplication) UnmarshalJSON(bytes []byte) (err error) {
+	type WsFederationApplicationWithoutEmbeddedStruct struct {
+		Credentials *ApplicationCredentials          `json:"credentials,omitempty"`
+		Name        *string                          `json:"name,omitempty"`
+		Settings    *WsFederationApplicationSettings `json:"settings,omitempty"`
+	}
+
+	varWsFederationApplicationWithoutEmbeddedStruct := WsFederationApplicationWithoutEmbeddedStruct{}
+
+	err = json.Unmarshal(bytes, &varWsFederationApplicationWithoutEmbeddedStruct)
+	if err == nil {
+		varWsFederationApplication := _WsFederationApplication{}
+		varWsFederationApplication.Credentials = varWsFederationApplicationWithoutEmbeddedStruct.Credentials
+		varWsFederationApplication.Name = varWsFederationApplicationWithoutEmbeddedStruct.Name
+		varWsFederationApplication.Settings = varWsFederationApplicationWithoutEmbeddedStruct.Settings
+		*o = WsFederationApplication(varWsFederationApplication)
+	} else {
+		return err
+	}
+
+	varWsFederationApplication := _WsFederationApplication{}
+
+	err = json.Unmarshal(bytes, &varWsFederationApplication)
+	if err == nil {
+		o.Application = varWsFederationApplication.Application
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+
+		// remove fields from embedded structs
+		reflectApplication := reflect.ValueOf(o.Application)
+		for i := 0; i < reflectApplication.Type().NumField(); i++ {
+			t := reflectApplication.Type().Field(i)
+
+			if jsonTag := t.Tag.Get("json"); jsonTag != "" {
+				fieldName := ""
+				if commaIdx := strings.Index(jsonTag, ","); commaIdx > 0 {
+					fieldName = jsonTag[:commaIdx]
+				} else {
+					fieldName = jsonTag
+				}
+				if fieldName != "AdditionalProperties" {
+					delete(additionalProperties, fieldName)
+				}
+			}
+		}
+
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWsFederationApplication struct {
+	value *WsFederationApplication
+	isSet bool
+}
+
+func (v NullableWsFederationApplication) Get() *WsFederationApplication {
+	return v.value
+}
+
+func (v *NullableWsFederationApplication) Set(val *WsFederationApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWsFederationApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWsFederationApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWsFederationApplication(val *WsFederationApplication) *NullableWsFederationApplication {
+	return &NullableWsFederationApplication{value: val, isSet: true}
+}
+
+func (v NullableWsFederationApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWsFederationApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_ws_federation_application_all_of.go b/okta/model_ws_federation_application_all_of.go
new file mode 100644
index 000000000..8ca2864ed
--- /dev/null
+++ b/okta/model_ws_federation_application_all_of.go
@@ -0,0 +1,236 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WsFederationApplicationAllOf struct for WsFederationApplicationAllOf
+type WsFederationApplicationAllOf struct {
+	Credentials          *ApplicationCredentials          `json:"credentials,omitempty"`
+	Name                 *string                          `json:"name,omitempty"`
+	Settings             *WsFederationApplicationSettings `json:"settings,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WsFederationApplicationAllOf WsFederationApplicationAllOf
+
+// NewWsFederationApplicationAllOf instantiates a new WsFederationApplicationAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWsFederationApplicationAllOf() *WsFederationApplicationAllOf {
+	this := WsFederationApplicationAllOf{}
+	var name string = "template_wsfed"
+	this.Name = &name
+	return &this
+}
+
+// NewWsFederationApplicationAllOfWithDefaults instantiates a new WsFederationApplicationAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWsFederationApplicationAllOfWithDefaults() *WsFederationApplicationAllOf {
+	this := WsFederationApplicationAllOf{}
+	var name string = "template_wsfed"
+	this.Name = &name
+	return &this
+}
+
+// GetCredentials returns the Credentials field value if set, zero value otherwise.
+func (o *WsFederationApplicationAllOf) GetCredentials() ApplicationCredentials {
+	if o == nil || o.Credentials == nil {
+		var ret ApplicationCredentials
+		return ret
+	}
+	return *o.Credentials
+}
+
+// GetCredentialsOk returns a tuple with the Credentials field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationAllOf) GetCredentialsOk() (*ApplicationCredentials, bool) {
+	if o == nil || o.Credentials == nil {
+		return nil, false
+	}
+	return o.Credentials, true
+}
+
+// HasCredentials returns a boolean if a field has been set.
+func (o *WsFederationApplicationAllOf) HasCredentials() bool {
+	if o != nil && o.Credentials != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetCredentials gets a reference to the given ApplicationCredentials and assigns it to the Credentials field.
+func (o *WsFederationApplicationAllOf) SetCredentials(v ApplicationCredentials) {
+	o.Credentials = &v
+}
+
+// GetName returns the Name field value if set, zero value otherwise.
+func (o *WsFederationApplicationAllOf) GetName() string {
+	if o == nil || o.Name == nil {
+		var ret string
+		return ret
+	}
+	return *o.Name
+}
+
+// GetNameOk returns a tuple with the Name field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationAllOf) GetNameOk() (*string, bool) {
+	if o == nil || o.Name == nil {
+		return nil, false
+	}
+	return o.Name, true
+}
+
+// HasName returns a boolean if a field has been set.
+func (o *WsFederationApplicationAllOf) HasName() bool {
+	if o != nil && o.Name != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetName gets a reference to the given string and assigns it to the Name field.
+func (o *WsFederationApplicationAllOf) SetName(v string) {
+	o.Name = &v
+}
+
+// GetSettings returns the Settings field value if set, zero value otherwise.
+func (o *WsFederationApplicationAllOf) GetSettings() WsFederationApplicationSettings {
+	if o == nil || o.Settings == nil {
+		var ret WsFederationApplicationSettings
+		return ret
+	}
+	return *o.Settings
+}
+
+// GetSettingsOk returns a tuple with the Settings field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationAllOf) GetSettingsOk() (*WsFederationApplicationSettings, bool) {
+	if o == nil || o.Settings == nil {
+		return nil, false
+	}
+	return o.Settings, true
+}
+
+// HasSettings returns a boolean if a field has been set.
+func (o *WsFederationApplicationAllOf) HasSettings() bool {
+	if o != nil && o.Settings != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSettings gets a reference to the given WsFederationApplicationSettings and assigns it to the Settings field.
+func (o *WsFederationApplicationAllOf) SetSettings(v WsFederationApplicationSettings) {
+	o.Settings = &v
+}
+
+func (o WsFederationApplicationAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.Credentials != nil {
+		toSerialize["credentials"] = o.Credentials
+	}
+	if o.Name != nil {
+		toSerialize["name"] = o.Name
+	}
+	if o.Settings != nil {
+		toSerialize["settings"] = o.Settings
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WsFederationApplicationAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varWsFederationApplicationAllOf := _WsFederationApplicationAllOf{}
+
+	err = json.Unmarshal(bytes, &varWsFederationApplicationAllOf)
+	if err == nil {
+		*o = WsFederationApplicationAllOf(varWsFederationApplicationAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "credentials")
+		delete(additionalProperties, "name")
+		delete(additionalProperties, "settings")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWsFederationApplicationAllOf struct {
+	value *WsFederationApplicationAllOf
+	isSet bool
+}
+
+func (v NullableWsFederationApplicationAllOf) Get() *WsFederationApplicationAllOf {
+	return v.value
+}
+
+func (v *NullableWsFederationApplicationAllOf) Set(val *WsFederationApplicationAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWsFederationApplicationAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWsFederationApplicationAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWsFederationApplicationAllOf(val *WsFederationApplicationAllOf) *NullableWsFederationApplicationAllOf {
+	return &NullableWsFederationApplicationAllOf{value: val, isSet: true}
+}
+
+func (v NullableWsFederationApplicationAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWsFederationApplicationAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_ws_federation_application_settings.go b/okta/model_ws_federation_application_settings.go
new file mode 100644
index 000000000..b05ea2bfd
--- /dev/null
+++ b/okta/model_ws_federation_application_settings.go
@@ -0,0 +1,343 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WsFederationApplicationSettings struct for WsFederationApplicationSettings
+type WsFederationApplicationSettings struct {
+	IdentityStoreId      *string                                     `json:"identityStoreId,omitempty"`
+	ImplicitAssignment   *bool                                       `json:"implicitAssignment,omitempty"`
+	InlineHookId         *string                                     `json:"inlineHookId,omitempty"`
+	Notes                *ApplicationSettingsNotes                   `json:"notes,omitempty"`
+	Notifications        *ApplicationSettingsNotifications           `json:"notifications,omitempty"`
+	App                  *WsFederationApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WsFederationApplicationSettings WsFederationApplicationSettings
+
+// NewWsFederationApplicationSettings instantiates a new WsFederationApplicationSettings object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWsFederationApplicationSettings() *WsFederationApplicationSettings {
+	this := WsFederationApplicationSettings{}
+	return &this
+}
+
+// NewWsFederationApplicationSettingsWithDefaults instantiates a new WsFederationApplicationSettings object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWsFederationApplicationSettingsWithDefaults() *WsFederationApplicationSettings {
+	this := WsFederationApplicationSettings{}
+	return &this
+}
+
+// GetIdentityStoreId returns the IdentityStoreId field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettings) GetIdentityStoreId() string {
+	if o == nil || o.IdentityStoreId == nil {
+		var ret string
+		return ret
+	}
+	return *o.IdentityStoreId
+}
+
+// GetIdentityStoreIdOk returns a tuple with the IdentityStoreId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettings) GetIdentityStoreIdOk() (*string, bool) {
+	if o == nil || o.IdentityStoreId == nil {
+		return nil, false
+	}
+	return o.IdentityStoreId, true
+}
+
+// HasIdentityStoreId returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettings) HasIdentityStoreId() bool {
+	if o != nil && o.IdentityStoreId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetIdentityStoreId gets a reference to the given string and assigns it to the IdentityStoreId field.
+func (o *WsFederationApplicationSettings) SetIdentityStoreId(v string) {
+	o.IdentityStoreId = &v
+}
+
+// GetImplicitAssignment returns the ImplicitAssignment field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettings) GetImplicitAssignment() bool {
+	if o == nil || o.ImplicitAssignment == nil {
+		var ret bool
+		return ret
+	}
+	return *o.ImplicitAssignment
+}
+
+// GetImplicitAssignmentOk returns a tuple with the ImplicitAssignment field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettings) GetImplicitAssignmentOk() (*bool, bool) {
+	if o == nil || o.ImplicitAssignment == nil {
+		return nil, false
+	}
+	return o.ImplicitAssignment, true
+}
+
+// HasImplicitAssignment returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettings) HasImplicitAssignment() bool {
+	if o != nil && o.ImplicitAssignment != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetImplicitAssignment gets a reference to the given bool and assigns it to the ImplicitAssignment field.
+func (o *WsFederationApplicationSettings) SetImplicitAssignment(v bool) {
+	o.ImplicitAssignment = &v
+}
+
+// GetInlineHookId returns the InlineHookId field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettings) GetInlineHookId() string {
+	if o == nil || o.InlineHookId == nil {
+		var ret string
+		return ret
+	}
+	return *o.InlineHookId
+}
+
+// GetInlineHookIdOk returns a tuple with the InlineHookId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettings) GetInlineHookIdOk() (*string, bool) {
+	if o == nil || o.InlineHookId == nil {
+		return nil, false
+	}
+	return o.InlineHookId, true
+}
+
+// HasInlineHookId returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettings) HasInlineHookId() bool {
+	if o != nil && o.InlineHookId != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetInlineHookId gets a reference to the given string and assigns it to the InlineHookId field.
+func (o *WsFederationApplicationSettings) SetInlineHookId(v string) {
+	o.InlineHookId = &v
+}
+
+// GetNotes returns the Notes field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettings) GetNotes() ApplicationSettingsNotes {
+	if o == nil || o.Notes == nil {
+		var ret ApplicationSettingsNotes
+		return ret
+	}
+	return *o.Notes
+}
+
+// GetNotesOk returns a tuple with the Notes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettings) GetNotesOk() (*ApplicationSettingsNotes, bool) {
+	if o == nil || o.Notes == nil {
+		return nil, false
+	}
+	return o.Notes, true
+}
+
+// HasNotes returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettings) HasNotes() bool {
+	if o != nil && o.Notes != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotes gets a reference to the given ApplicationSettingsNotes and assigns it to the Notes field.
+func (o *WsFederationApplicationSettings) SetNotes(v ApplicationSettingsNotes) {
+	o.Notes = &v
+}
+
+// GetNotifications returns the Notifications field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettings) GetNotifications() ApplicationSettingsNotifications {
+	if o == nil || o.Notifications == nil {
+		var ret ApplicationSettingsNotifications
+		return ret
+	}
+	return *o.Notifications
+}
+
+// GetNotificationsOk returns a tuple with the Notifications field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettings) GetNotificationsOk() (*ApplicationSettingsNotifications, bool) {
+	if o == nil || o.Notifications == nil {
+		return nil, false
+	}
+	return o.Notifications, true
+}
+
+// HasNotifications returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettings) HasNotifications() bool {
+	if o != nil && o.Notifications != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNotifications gets a reference to the given ApplicationSettingsNotifications and assigns it to the Notifications field.
+func (o *WsFederationApplicationSettings) SetNotifications(v ApplicationSettingsNotifications) {
+	o.Notifications = &v
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettings) GetApp() WsFederationApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret WsFederationApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettings) GetAppOk() (*WsFederationApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettings) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given WsFederationApplicationSettingsApplication and assigns it to the App field.
+func (o *WsFederationApplicationSettings) SetApp(v WsFederationApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o WsFederationApplicationSettings) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.IdentityStoreId != nil {
+		toSerialize["identityStoreId"] = o.IdentityStoreId
+	}
+	if o.ImplicitAssignment != nil {
+		toSerialize["implicitAssignment"] = o.ImplicitAssignment
+	}
+	if o.InlineHookId != nil {
+		toSerialize["inlineHookId"] = o.InlineHookId
+	}
+	if o.Notes != nil {
+		toSerialize["notes"] = o.Notes
+	}
+	if o.Notifications != nil {
+		toSerialize["notifications"] = o.Notifications
+	}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WsFederationApplicationSettings) UnmarshalJSON(bytes []byte) (err error) {
+	varWsFederationApplicationSettings := _WsFederationApplicationSettings{}
+
+	err = json.Unmarshal(bytes, &varWsFederationApplicationSettings)
+	if err == nil {
+		*o = WsFederationApplicationSettings(varWsFederationApplicationSettings)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "identityStoreId")
+		delete(additionalProperties, "implicitAssignment")
+		delete(additionalProperties, "inlineHookId")
+		delete(additionalProperties, "notes")
+		delete(additionalProperties, "notifications")
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWsFederationApplicationSettings struct {
+	value *WsFederationApplicationSettings
+	isSet bool
+}
+
+func (v NullableWsFederationApplicationSettings) Get() *WsFederationApplicationSettings {
+	return v.value
+}
+
+func (v *NullableWsFederationApplicationSettings) Set(val *WsFederationApplicationSettings) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWsFederationApplicationSettings) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWsFederationApplicationSettings) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWsFederationApplicationSettings(val *WsFederationApplicationSettings) *NullableWsFederationApplicationSettings {
+	return &NullableWsFederationApplicationSettings{value: val, isSet: true}
+}
+
+func (v NullableWsFederationApplicationSettings) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWsFederationApplicationSettings) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_ws_federation_application_settings_all_of.go b/okta/model_ws_federation_application_settings_all_of.go
new file mode 100644
index 000000000..27fa83269
--- /dev/null
+++ b/okta/model_ws_federation_application_settings_all_of.go
@@ -0,0 +1,158 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WsFederationApplicationSettingsAllOf struct for WsFederationApplicationSettingsAllOf
+type WsFederationApplicationSettingsAllOf struct {
+	App                  *WsFederationApplicationSettingsApplication `json:"app,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WsFederationApplicationSettingsAllOf WsFederationApplicationSettingsAllOf
+
+// NewWsFederationApplicationSettingsAllOf instantiates a new WsFederationApplicationSettingsAllOf object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWsFederationApplicationSettingsAllOf() *WsFederationApplicationSettingsAllOf {
+	this := WsFederationApplicationSettingsAllOf{}
+	return &this
+}
+
+// NewWsFederationApplicationSettingsAllOfWithDefaults instantiates a new WsFederationApplicationSettingsAllOf object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWsFederationApplicationSettingsAllOfWithDefaults() *WsFederationApplicationSettingsAllOf {
+	this := WsFederationApplicationSettingsAllOf{}
+	return &this
+}
+
+// GetApp returns the App field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsAllOf) GetApp() WsFederationApplicationSettingsApplication {
+	if o == nil || o.App == nil {
+		var ret WsFederationApplicationSettingsApplication
+		return ret
+	}
+	return *o.App
+}
+
+// GetAppOk returns a tuple with the App field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsAllOf) GetAppOk() (*WsFederationApplicationSettingsApplication, bool) {
+	if o == nil || o.App == nil {
+		return nil, false
+	}
+	return o.App, true
+}
+
+// HasApp returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsAllOf) HasApp() bool {
+	if o != nil && o.App != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetApp gets a reference to the given WsFederationApplicationSettingsApplication and assigns it to the App field.
+func (o *WsFederationApplicationSettingsAllOf) SetApp(v WsFederationApplicationSettingsApplication) {
+	o.App = &v
+}
+
+func (o WsFederationApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.App != nil {
+		toSerialize["app"] = o.App
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WsFederationApplicationSettingsAllOf) UnmarshalJSON(bytes []byte) (err error) {
+	varWsFederationApplicationSettingsAllOf := _WsFederationApplicationSettingsAllOf{}
+
+	err = json.Unmarshal(bytes, &varWsFederationApplicationSettingsAllOf)
+	if err == nil {
+		*o = WsFederationApplicationSettingsAllOf(varWsFederationApplicationSettingsAllOf)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "app")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWsFederationApplicationSettingsAllOf struct {
+	value *WsFederationApplicationSettingsAllOf
+	isSet bool
+}
+
+func (v NullableWsFederationApplicationSettingsAllOf) Get() *WsFederationApplicationSettingsAllOf {
+	return v.value
+}
+
+func (v *NullableWsFederationApplicationSettingsAllOf) Set(val *WsFederationApplicationSettingsAllOf) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWsFederationApplicationSettingsAllOf) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWsFederationApplicationSettingsAllOf) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWsFederationApplicationSettingsAllOf(val *WsFederationApplicationSettingsAllOf) *NullableWsFederationApplicationSettingsAllOf {
+	return &NullableWsFederationApplicationSettingsAllOf{value: val, isSet: true}
+}
+
+func (v NullableWsFederationApplicationSettingsAllOf) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWsFederationApplicationSettingsAllOf) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/model_ws_federation_application_settings_application.go b/okta/model_ws_federation_application_settings_application.go
new file mode 100644
index 000000000..5d8688540
--- /dev/null
+++ b/okta/model_ws_federation_application_settings_application.go
@@ -0,0 +1,565 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+)
+
+// WsFederationApplicationSettingsApplication struct for WsFederationApplicationSettingsApplication
+type WsFederationApplicationSettingsApplication struct {
+	AttributeStatements  *string `json:"attributeStatements,omitempty"`
+	AudienceRestriction  *string `json:"audienceRestriction,omitempty"`
+	AuthnContextClassRef *string `json:"authnContextClassRef,omitempty"`
+	GroupFilter          *string `json:"groupFilter,omitempty"`
+	GroupName            *string `json:"groupName,omitempty"`
+	GroupValueFormat     *string `json:"groupValueFormat,omitempty"`
+	NameIDFormat         *string `json:"nameIDFormat,omitempty"`
+	Realm                *string `json:"realm,omitempty"`
+	SiteURL              *string `json:"siteURL,omitempty"`
+	UsernameAttribute    *string `json:"usernameAttribute,omitempty"`
+	WReplyOverride       *bool   `json:"wReplyOverride,omitempty"`
+	WReplyURL            *string `json:"wReplyURL,omitempty"`
+	AdditionalProperties map[string]interface{}
+}
+
+type _WsFederationApplicationSettingsApplication WsFederationApplicationSettingsApplication
+
+// NewWsFederationApplicationSettingsApplication instantiates a new WsFederationApplicationSettingsApplication object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewWsFederationApplicationSettingsApplication() *WsFederationApplicationSettingsApplication {
+	this := WsFederationApplicationSettingsApplication{}
+	return &this
+}
+
+// NewWsFederationApplicationSettingsApplicationWithDefaults instantiates a new WsFederationApplicationSettingsApplication object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewWsFederationApplicationSettingsApplicationWithDefaults() *WsFederationApplicationSettingsApplication {
+	this := WsFederationApplicationSettingsApplication{}
+	return &this
+}
+
+// GetAttributeStatements returns the AttributeStatements field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetAttributeStatements() string {
+	if o == nil || o.AttributeStatements == nil {
+		var ret string
+		return ret
+	}
+	return *o.AttributeStatements
+}
+
+// GetAttributeStatementsOk returns a tuple with the AttributeStatements field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetAttributeStatementsOk() (*string, bool) {
+	if o == nil || o.AttributeStatements == nil {
+		return nil, false
+	}
+	return o.AttributeStatements, true
+}
+
+// HasAttributeStatements returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasAttributeStatements() bool {
+	if o != nil && o.AttributeStatements != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAttributeStatements gets a reference to the given string and assigns it to the AttributeStatements field.
+func (o *WsFederationApplicationSettingsApplication) SetAttributeStatements(v string) {
+	o.AttributeStatements = &v
+}
+
+// GetAudienceRestriction returns the AudienceRestriction field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetAudienceRestriction() string {
+	if o == nil || o.AudienceRestriction == nil {
+		var ret string
+		return ret
+	}
+	return *o.AudienceRestriction
+}
+
+// GetAudienceRestrictionOk returns a tuple with the AudienceRestriction field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetAudienceRestrictionOk() (*string, bool) {
+	if o == nil || o.AudienceRestriction == nil {
+		return nil, false
+	}
+	return o.AudienceRestriction, true
+}
+
+// HasAudienceRestriction returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasAudienceRestriction() bool {
+	if o != nil && o.AudienceRestriction != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAudienceRestriction gets a reference to the given string and assigns it to the AudienceRestriction field.
+func (o *WsFederationApplicationSettingsApplication) SetAudienceRestriction(v string) {
+	o.AudienceRestriction = &v
+}
+
+// GetAuthnContextClassRef returns the AuthnContextClassRef field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetAuthnContextClassRef() string {
+	if o == nil || o.AuthnContextClassRef == nil {
+		var ret string
+		return ret
+	}
+	return *o.AuthnContextClassRef
+}
+
+// GetAuthnContextClassRefOk returns a tuple with the AuthnContextClassRef field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetAuthnContextClassRefOk() (*string, bool) {
+	if o == nil || o.AuthnContextClassRef == nil {
+		return nil, false
+	}
+	return o.AuthnContextClassRef, true
+}
+
+// HasAuthnContextClassRef returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasAuthnContextClassRef() bool {
+	if o != nil && o.AuthnContextClassRef != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetAuthnContextClassRef gets a reference to the given string and assigns it to the AuthnContextClassRef field.
+func (o *WsFederationApplicationSettingsApplication) SetAuthnContextClassRef(v string) {
+	o.AuthnContextClassRef = &v
+}
+
+// GetGroupFilter returns the GroupFilter field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetGroupFilter() string {
+	if o == nil || o.GroupFilter == nil {
+		var ret string
+		return ret
+	}
+	return *o.GroupFilter
+}
+
+// GetGroupFilterOk returns a tuple with the GroupFilter field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetGroupFilterOk() (*string, bool) {
+	if o == nil || o.GroupFilter == nil {
+		return nil, false
+	}
+	return o.GroupFilter, true
+}
+
+// HasGroupFilter returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasGroupFilter() bool {
+	if o != nil && o.GroupFilter != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroupFilter gets a reference to the given string and assigns it to the GroupFilter field.
+func (o *WsFederationApplicationSettingsApplication) SetGroupFilter(v string) {
+	o.GroupFilter = &v
+}
+
+// GetGroupName returns the GroupName field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetGroupName() string {
+	if o == nil || o.GroupName == nil {
+		var ret string
+		return ret
+	}
+	return *o.GroupName
+}
+
+// GetGroupNameOk returns a tuple with the GroupName field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetGroupNameOk() (*string, bool) {
+	if o == nil || o.GroupName == nil {
+		return nil, false
+	}
+	return o.GroupName, true
+}
+
+// HasGroupName returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasGroupName() bool {
+	if o != nil && o.GroupName != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroupName gets a reference to the given string and assigns it to the GroupName field.
+func (o *WsFederationApplicationSettingsApplication) SetGroupName(v string) {
+	o.GroupName = &v
+}
+
+// GetGroupValueFormat returns the GroupValueFormat field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetGroupValueFormat() string {
+	if o == nil || o.GroupValueFormat == nil {
+		var ret string
+		return ret
+	}
+	return *o.GroupValueFormat
+}
+
+// GetGroupValueFormatOk returns a tuple with the GroupValueFormat field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetGroupValueFormatOk() (*string, bool) {
+	if o == nil || o.GroupValueFormat == nil {
+		return nil, false
+	}
+	return o.GroupValueFormat, true
+}
+
+// HasGroupValueFormat returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasGroupValueFormat() bool {
+	if o != nil && o.GroupValueFormat != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetGroupValueFormat gets a reference to the given string and assigns it to the GroupValueFormat field.
+func (o *WsFederationApplicationSettingsApplication) SetGroupValueFormat(v string) {
+	o.GroupValueFormat = &v
+}
+
+// GetNameIDFormat returns the NameIDFormat field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetNameIDFormat() string {
+	if o == nil || o.NameIDFormat == nil {
+		var ret string
+		return ret
+	}
+	return *o.NameIDFormat
+}
+
+// GetNameIDFormatOk returns a tuple with the NameIDFormat field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetNameIDFormatOk() (*string, bool) {
+	if o == nil || o.NameIDFormat == nil {
+		return nil, false
+	}
+	return o.NameIDFormat, true
+}
+
+// HasNameIDFormat returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasNameIDFormat() bool {
+	if o != nil && o.NameIDFormat != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetNameIDFormat gets a reference to the given string and assigns it to the NameIDFormat field.
+func (o *WsFederationApplicationSettingsApplication) SetNameIDFormat(v string) {
+	o.NameIDFormat = &v
+}
+
+// GetRealm returns the Realm field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetRealm() string {
+	if o == nil || o.Realm == nil {
+		var ret string
+		return ret
+	}
+	return *o.Realm
+}
+
+// GetRealmOk returns a tuple with the Realm field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetRealmOk() (*string, bool) {
+	if o == nil || o.Realm == nil {
+		return nil, false
+	}
+	return o.Realm, true
+}
+
+// HasRealm returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasRealm() bool {
+	if o != nil && o.Realm != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetRealm gets a reference to the given string and assigns it to the Realm field.
+func (o *WsFederationApplicationSettingsApplication) SetRealm(v string) {
+	o.Realm = &v
+}
+
+// GetSiteURL returns the SiteURL field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetSiteURL() string {
+	if o == nil || o.SiteURL == nil {
+		var ret string
+		return ret
+	}
+	return *o.SiteURL
+}
+
+// GetSiteURLOk returns a tuple with the SiteURL field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetSiteURLOk() (*string, bool) {
+	if o == nil || o.SiteURL == nil {
+		return nil, false
+	}
+	return o.SiteURL, true
+}
+
+// HasSiteURL returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasSiteURL() bool {
+	if o != nil && o.SiteURL != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetSiteURL gets a reference to the given string and assigns it to the SiteURL field.
+func (o *WsFederationApplicationSettingsApplication) SetSiteURL(v string) {
+	o.SiteURL = &v
+}
+
+// GetUsernameAttribute returns the UsernameAttribute field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetUsernameAttribute() string {
+	if o == nil || o.UsernameAttribute == nil {
+		var ret string
+		return ret
+	}
+	return *o.UsernameAttribute
+}
+
+// GetUsernameAttributeOk returns a tuple with the UsernameAttribute field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetUsernameAttributeOk() (*string, bool) {
+	if o == nil || o.UsernameAttribute == nil {
+		return nil, false
+	}
+	return o.UsernameAttribute, true
+}
+
+// HasUsernameAttribute returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasUsernameAttribute() bool {
+	if o != nil && o.UsernameAttribute != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetUsernameAttribute gets a reference to the given string and assigns it to the UsernameAttribute field.
+func (o *WsFederationApplicationSettingsApplication) SetUsernameAttribute(v string) {
+	o.UsernameAttribute = &v
+}
+
+// GetWReplyOverride returns the WReplyOverride field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetWReplyOverride() bool {
+	if o == nil || o.WReplyOverride == nil {
+		var ret bool
+		return ret
+	}
+	return *o.WReplyOverride
+}
+
+// GetWReplyOverrideOk returns a tuple with the WReplyOverride field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetWReplyOverrideOk() (*bool, bool) {
+	if o == nil || o.WReplyOverride == nil {
+		return nil, false
+	}
+	return o.WReplyOverride, true
+}
+
+// HasWReplyOverride returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasWReplyOverride() bool {
+	if o != nil && o.WReplyOverride != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWReplyOverride gets a reference to the given bool and assigns it to the WReplyOverride field.
+func (o *WsFederationApplicationSettingsApplication) SetWReplyOverride(v bool) {
+	o.WReplyOverride = &v
+}
+
+// GetWReplyURL returns the WReplyURL field value if set, zero value otherwise.
+func (o *WsFederationApplicationSettingsApplication) GetWReplyURL() string {
+	if o == nil || o.WReplyURL == nil {
+		var ret string
+		return ret
+	}
+	return *o.WReplyURL
+}
+
+// GetWReplyURLOk returns a tuple with the WReplyURL field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *WsFederationApplicationSettingsApplication) GetWReplyURLOk() (*string, bool) {
+	if o == nil || o.WReplyURL == nil {
+		return nil, false
+	}
+	return o.WReplyURL, true
+}
+
+// HasWReplyURL returns a boolean if a field has been set.
+func (o *WsFederationApplicationSettingsApplication) HasWReplyURL() bool {
+	if o != nil && o.WReplyURL != nil {
+		return true
+	}
+
+	return false
+}
+
+// SetWReplyURL gets a reference to the given string and assigns it to the WReplyURL field.
+func (o *WsFederationApplicationSettingsApplication) SetWReplyURL(v string) {
+	o.WReplyURL = &v
+}
+
+func (o WsFederationApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.AttributeStatements != nil {
+		toSerialize["attributeStatements"] = o.AttributeStatements
+	}
+	if o.AudienceRestriction != nil {
+		toSerialize["audienceRestriction"] = o.AudienceRestriction
+	}
+	if o.AuthnContextClassRef != nil {
+		toSerialize["authnContextClassRef"] = o.AuthnContextClassRef
+	}
+	if o.GroupFilter != nil {
+		toSerialize["groupFilter"] = o.GroupFilter
+	}
+	if o.GroupName != nil {
+		toSerialize["groupName"] = o.GroupName
+	}
+	if o.GroupValueFormat != nil {
+		toSerialize["groupValueFormat"] = o.GroupValueFormat
+	}
+	if o.NameIDFormat != nil {
+		toSerialize["nameIDFormat"] = o.NameIDFormat
+	}
+	if o.Realm != nil {
+		toSerialize["realm"] = o.Realm
+	}
+	if o.SiteURL != nil {
+		toSerialize["siteURL"] = o.SiteURL
+	}
+	if o.UsernameAttribute != nil {
+		toSerialize["usernameAttribute"] = o.UsernameAttribute
+	}
+	if o.WReplyOverride != nil {
+		toSerialize["wReplyOverride"] = o.WReplyOverride
+	}
+	if o.WReplyURL != nil {
+		toSerialize["wReplyURL"] = o.WReplyURL
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+
+	return json.Marshal(toSerialize)
+}
+
+func (o *WsFederationApplicationSettingsApplication) UnmarshalJSON(bytes []byte) (err error) {
+	varWsFederationApplicationSettingsApplication := _WsFederationApplicationSettingsApplication{}
+
+	err = json.Unmarshal(bytes, &varWsFederationApplicationSettingsApplication)
+	if err == nil {
+		*o = WsFederationApplicationSettingsApplication(varWsFederationApplicationSettingsApplication)
+	} else {
+		return err
+	}
+
+	additionalProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(bytes, &additionalProperties)
+	if err == nil {
+		delete(additionalProperties, "attributeStatements")
+		delete(additionalProperties, "audienceRestriction")
+		delete(additionalProperties, "authnContextClassRef")
+		delete(additionalProperties, "groupFilter")
+		delete(additionalProperties, "groupName")
+		delete(additionalProperties, "groupValueFormat")
+		delete(additionalProperties, "nameIDFormat")
+		delete(additionalProperties, "realm")
+		delete(additionalProperties, "siteURL")
+		delete(additionalProperties, "usernameAttribute")
+		delete(additionalProperties, "wReplyOverride")
+		delete(additionalProperties, "wReplyURL")
+		o.AdditionalProperties = additionalProperties
+	} else {
+		return err
+	}
+
+	return err
+}
+
+type NullableWsFederationApplicationSettingsApplication struct {
+	value *WsFederationApplicationSettingsApplication
+	isSet bool
+}
+
+func (v NullableWsFederationApplicationSettingsApplication) Get() *WsFederationApplicationSettingsApplication {
+	return v.value
+}
+
+func (v *NullableWsFederationApplicationSettingsApplication) Set(val *WsFederationApplicationSettingsApplication) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableWsFederationApplicationSettingsApplication) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableWsFederationApplicationSettingsApplication) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableWsFederationApplicationSettingsApplication(val *WsFederationApplicationSettingsApplication) *NullableWsFederationApplicationSettingsApplication {
+	return &NullableWsFederationApplicationSettingsApplication{value: val, isSet: true}
+}
+
+func (v NullableWsFederationApplicationSettingsApplication) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableWsFederationApplicationSettingsApplication) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/multifactorEnrollmentPolicy.go b/okta/multifactorEnrollmentPolicy.go
deleted file mode 100644
index 43a8f1af2..000000000
--- a/okta/multifactorEnrollmentPolicy.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type MultifactorEnrollmentPolicy struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Conditions  *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	Description string                `json:"description,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Name        string                `json:"name,omitempty"`
-	Priority    int64                 `json:"-"`
-	PriorityPtr *int64                `json:"priority,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	System      *bool                 `json:"system,omitempty"`
-	Type        string                `json:"type,omitempty"`
-}
-
-func NewMultifactorEnrollmentPolicy() *MultifactorEnrollmentPolicy {
-	return &MultifactorEnrollmentPolicy{
-		Type: "MFA_ENROLL",
-	}
-}
-
-func (a *MultifactorEnrollmentPolicy) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *MultifactorEnrollmentPolicy) MarshalJSON() ([]byte, error) {
-	type Alias MultifactorEnrollmentPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *MultifactorEnrollmentPolicy) UnmarshalJSON(data []byte) error {
-	type Alias MultifactorEnrollmentPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/multifactorEnrollmentPolicyAuthenticatorSettings.go b/okta/multifactorEnrollmentPolicyAuthenticatorSettings.go
deleted file mode 100644
index 9da8ac48c..000000000
--- a/okta/multifactorEnrollmentPolicyAuthenticatorSettings.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type MultifactorEnrollmentPolicyAuthenticatorSettings struct {
-	Constraints string `json:"constraints,omitempty"`
-	Enroll      string `json:"enroll,omitempty"`
-	Key         string `json:"key,omitempty"`
-}
-
-func NewMultifactorEnrollmentPolicyAuthenticatorSettings() *MultifactorEnrollmentPolicyAuthenticatorSettings {
-	return &MultifactorEnrollmentPolicyAuthenticatorSettings{}
-}
-
-func (a *MultifactorEnrollmentPolicyAuthenticatorSettings) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/multifactorEnrollmentPolicyAuthenticatorStatus.go b/okta/multifactorEnrollmentPolicyAuthenticatorStatus.go
deleted file mode 100644
index c04552d07..000000000
--- a/okta/multifactorEnrollmentPolicyAuthenticatorStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type MultifactorEnrollmentPolicyAuthenticatorStatus string
diff --git a/okta/multifactorEnrollmentPolicyAuthenticatorType.go b/okta/multifactorEnrollmentPolicyAuthenticatorType.go
deleted file mode 100644
index 4ae4e1e2f..000000000
--- a/okta/multifactorEnrollmentPolicyAuthenticatorType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type MultifactorEnrollmentPolicyAuthenticatorType string
diff --git a/okta/multifactorEnrollmentPolicySettings.go b/okta/multifactorEnrollmentPolicySettings.go
deleted file mode 100644
index 2a576332a..000000000
--- a/okta/multifactorEnrollmentPolicySettings.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type MultifactorEnrollmentPolicySettings struct {
-	Authenticators []*MultifactorEnrollmentPolicyAuthenticatorSettings `json:"authenticators,omitempty"`
-	Type           string                                              `json:"type,omitempty"`
-}
-
-func NewMultifactorEnrollmentPolicySettings() *MultifactorEnrollmentPolicySettings {
-	return &MultifactorEnrollmentPolicySettings{}
-}
-
-func (a *MultifactorEnrollmentPolicySettings) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/multifactorEnrollmentPolicySettingsType.go b/okta/multifactorEnrollmentPolicySettingsType.go
deleted file mode 100644
index 9a3783cdb..000000000
--- a/okta/multifactorEnrollmentPolicySettingsType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type MultifactorEnrollmentPolicySettingsType string
diff --git a/okta/networkZone.go b/okta/networkZone.go
deleted file mode 100644
index 69693e3d9..000000000
--- a/okta/networkZone.go
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type NetworkZoneResource resource
-
-type NetworkZone struct {
-	Links       interface{}            `json:"_links,omitempty"`
-	Asns        []string               `json:"asns,omitempty"`
-	Created     *time.Time             `json:"created,omitempty"`
-	Gateways    []*NetworkZoneAddress  `json:"gateways,omitempty"`
-	Id          string                 `json:"id,omitempty"`
-	LastUpdated *time.Time             `json:"lastUpdated,omitempty"`
-	Locations   []*NetworkZoneLocation `json:"locations,omitempty"`
-	Name        string                 `json:"name,omitempty"`
-	Proxies     []*NetworkZoneAddress  `json:"proxies,omitempty"`
-	ProxyType   string                 `json:"proxyType,omitempty"`
-	Status      string                 `json:"status,omitempty"`
-	System      *bool                  `json:"system,omitempty"`
-	Type        string                 `json:"type,omitempty"`
-	Usage       string                 `json:"usage,omitempty"`
-}
-
-// Fetches a network zone from your Okta organization by &#x60;id&#x60;.
-func (m *NetworkZoneResource) GetNetworkZone(ctx context.Context, zoneId string) (*NetworkZone, *Response, error) {
-	url := fmt.Sprintf("/api/v1/zones/%v", zoneId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var networkZone *NetworkZone
-
-	resp, err := rq.Do(ctx, req, &networkZone)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return networkZone, resp, nil
-}
-
-// Updates a network zone in your organization.
-func (m *NetworkZoneResource) UpdateNetworkZone(ctx context.Context, zoneId string, body NetworkZone) (*NetworkZone, *Response, error) {
-	url := fmt.Sprintf("/api/v1/zones/%v", zoneId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var networkZone *NetworkZone
-
-	resp, err := rq.Do(ctx, req, &networkZone)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return networkZone, resp, nil
-}
-
-// Removes network zone.
-func (m *NetworkZoneResource) DeleteNetworkZone(ctx context.Context, zoneId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/zones/%v", zoneId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.
-func (m *NetworkZoneResource) ListNetworkZones(ctx context.Context, qp *query.Params) ([]*NetworkZone, *Response, error) {
-	url := fmt.Sprintf("/api/v1/zones")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var networkZone []*NetworkZone
-
-	resp, err := rq.Do(ctx, req, &networkZone)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return networkZone, resp, nil
-}
-
-// Adds a new network zone to your Okta organization.
-func (m *NetworkZoneResource) CreateNetworkZone(ctx context.Context, body NetworkZone) (*NetworkZone, *Response, error) {
-	url := fmt.Sprintf("/api/v1/zones")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var networkZone *NetworkZone
-
-	resp, err := rq.Do(ctx, req, &networkZone)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return networkZone, resp, nil
-}
-
-// Activate Network Zone
-func (m *NetworkZoneResource) ActivateNetworkZone(ctx context.Context, zoneId string) (*NetworkZone, *Response, error) {
-	url := fmt.Sprintf("/api/v1/zones/%v/lifecycle/activate", zoneId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var networkZone *NetworkZone
-
-	resp, err := rq.Do(ctx, req, &networkZone)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return networkZone, resp, nil
-}
-
-// Deactivates a network zone.
-func (m *NetworkZoneResource) DeactivateNetworkZone(ctx context.Context, zoneId string) (*NetworkZone, *Response, error) {
-	url := fmt.Sprintf("/api/v1/zones/%v/lifecycle/deactivate", zoneId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var networkZone *NetworkZone
-
-	resp, err := rq.Do(ctx, req, &networkZone)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return networkZone, resp, nil
-}
diff --git a/okta/networkZoneAddress.go b/okta/networkZoneAddress.go
deleted file mode 100644
index d5ca4c43c..000000000
--- a/okta/networkZoneAddress.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type NetworkZoneAddress struct {
-	Type  string `json:"type,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/networkZoneAddressType.go b/okta/networkZoneAddressType.go
deleted file mode 100644
index a923f907a..000000000
--- a/okta/networkZoneAddressType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type NetworkZoneAddressType string
diff --git a/okta/networkZoneLocation.go b/okta/networkZoneLocation.go
deleted file mode 100644
index 3b72b9034..000000000
--- a/okta/networkZoneLocation.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type NetworkZoneLocation struct {
-	Country string `json:"country,omitempty"`
-	Region  string `json:"region,omitempty"`
-}
diff --git a/okta/networkZoneStatus.go b/okta/networkZoneStatus.go
deleted file mode 100644
index 9343a2c28..000000000
--- a/okta/networkZoneStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type NetworkZoneStatus string
diff --git a/okta/networkZoneType.go b/okta/networkZoneType.go
deleted file mode 100644
index d7b6149f1..000000000
--- a/okta/networkZoneType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type NetworkZoneType string
diff --git a/okta/networkZoneUsage.go b/okta/networkZoneUsage.go
deleted file mode 100644
index 494984775..000000000
--- a/okta/networkZoneUsage.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type NetworkZoneUsage string
diff --git a/okta/noopcache.go b/okta/noopcache.go
new file mode 100644
index 000000000..1e881bd36
--- /dev/null
+++ b/okta/noopcache.go
@@ -0,0 +1,33 @@
+package okta
+
+import "net/http"
+
+type NoOpCache struct{}
+
+func NewNoOpCache() Cache {
+	return NoOpCache{}
+}
+
+func (c NoOpCache) Get(key string) *http.Response {
+	return nil
+}
+
+func (c NoOpCache) Set(key string, value *http.Response) {
+}
+
+func (c NoOpCache) GetString(key string) string {
+	return ""
+}
+
+func (c NoOpCache) SetString(key string, value string) {
+}
+
+func (c NoOpCache) Delete(key string) {
+}
+
+func (c NoOpCache) Clear() {
+}
+
+func (c NoOpCache) Has(key string) bool {
+	return false
+}
diff --git a/okta/notificationType.go b/okta/notificationType.go
deleted file mode 100644
index 8d8fe2e8c..000000000
--- a/okta/notificationType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type NotificationType string
diff --git a/okta/oAuth2Actor.go b/okta/oAuth2Actor.go
deleted file mode 100644
index 88ea04b9d..000000000
--- a/okta/oAuth2Actor.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2Actor struct {
-	Id   string `json:"id,omitempty"`
-	Type string `json:"type,omitempty"`
-}
diff --git a/okta/oAuth2Claim.go b/okta/oAuth2Claim.go
deleted file mode 100644
index c89a02c68..000000000
--- a/okta/oAuth2Claim.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2Claim struct {
-	Links                interface{}            `json:"_links,omitempty"`
-	AlwaysIncludeInToken *bool                  `json:"alwaysIncludeInToken,omitempty"`
-	ClaimType            string                 `json:"claimType,omitempty"`
-	Conditions           *OAuth2ClaimConditions `json:"conditions,omitempty"`
-	GroupFilterType      string                 `json:"group_filter_type,omitempty"`
-	Id                   string                 `json:"id,omitempty"`
-	Name                 string                 `json:"name,omitempty"`
-	Status               string                 `json:"status,omitempty"`
-	System               *bool                  `json:"system,omitempty"`
-	Value                string                 `json:"value,omitempty"`
-	ValueType            string                 `json:"valueType,omitempty"`
-}
diff --git a/okta/oAuth2ClaimConditions.go b/okta/oAuth2ClaimConditions.go
deleted file mode 100644
index 8c7ed5077..000000000
--- a/okta/oAuth2ClaimConditions.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2ClaimConditions struct {
-	Scopes []string `json:"scopes,omitempty"`
-}
diff --git a/okta/oAuth2Client.go b/okta/oAuth2Client.go
deleted file mode 100644
index f393aa2d5..000000000
--- a/okta/oAuth2Client.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2Client struct {
-	Links      interface{} `json:"_links,omitempty"`
-	ClientId   string      `json:"client_id,omitempty"`
-	ClientName string      `json:"client_name,omitempty"`
-	ClientUri  string      `json:"client_uri,omitempty"`
-	LogoUri    string      `json:"logo_uri,omitempty"`
-}
diff --git a/okta/oAuth2RefreshToken.go b/okta/oAuth2RefreshToken.go
deleted file mode 100644
index 32bef7fc6..000000000
--- a/okta/oAuth2RefreshToken.go
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type OAuth2RefreshToken struct {
-	Embedded    interface{}  `json:"_embedded,omitempty"`
-	Links       interface{}  `json:"_links,omitempty"`
-	ClientId    string       `json:"clientId,omitempty"`
-	Created     *time.Time   `json:"created,omitempty"`
-	CreatedBy   *OAuth2Actor `json:"createdBy,omitempty"`
-	ExpiresAt   *time.Time   `json:"expiresAt,omitempty"`
-	Id          string       `json:"id,omitempty"`
-	Issuer      string       `json:"issuer,omitempty"`
-	LastUpdated *time.Time   `json:"lastUpdated,omitempty"`
-	Scopes      []string     `json:"scopes,omitempty"`
-	Status      string       `json:"status,omitempty"`
-	UserId      string       `json:"userId,omitempty"`
-}
diff --git a/okta/oAuth2Scope.go b/okta/oAuth2Scope.go
deleted file mode 100644
index b285e4b55..000000000
--- a/okta/oAuth2Scope.go
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2Scope struct {
-	Consent         string `json:"consent,omitempty"`
-	Default         *bool  `json:"default,omitempty"`
-	Description     string `json:"description,omitempty"`
-	DisplayName     string `json:"displayName,omitempty"`
-	Id              string `json:"id,omitempty"`
-	MetadataPublish string `json:"metadataPublish,omitempty"`
-	Name            string `json:"name,omitempty"`
-	System          *bool  `json:"system,omitempty"`
-}
diff --git a/okta/oAuth2ScopeConsentGrant.go b/okta/oAuth2ScopeConsentGrant.go
deleted file mode 100644
index 66387f814..000000000
--- a/okta/oAuth2ScopeConsentGrant.go
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type OAuth2ScopeConsentGrant struct {
-	Embedded    interface{}  `json:"_embedded,omitempty"`
-	Links       interface{}  `json:"_links,omitempty"`
-	ClientId    string       `json:"clientId,omitempty"`
-	Created     *time.Time   `json:"created,omitempty"`
-	CreatedBy   *OAuth2Actor `json:"createdBy,omitempty"`
-	Id          string       `json:"id,omitempty"`
-	Issuer      string       `json:"issuer,omitempty"`
-	LastUpdated *time.Time   `json:"lastUpdated,omitempty"`
-	ScopeId     string       `json:"scopeId,omitempty"`
-	Source      string       `json:"source,omitempty"`
-	Status      string       `json:"status,omitempty"`
-	UserId      string       `json:"userId,omitempty"`
-}
diff --git a/okta/oAuth2ScopeConsentGrantSource.go b/okta/oAuth2ScopeConsentGrantSource.go
deleted file mode 100644
index 02aa497f8..000000000
--- a/okta/oAuth2ScopeConsentGrantSource.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2ScopeConsentGrantSource string
diff --git a/okta/oAuth2ScopeConsentGrantStatus.go b/okta/oAuth2ScopeConsentGrantStatus.go
deleted file mode 100644
index 9148d67f9..000000000
--- a/okta/oAuth2ScopeConsentGrantStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2ScopeConsentGrantStatus string
diff --git a/okta/oAuth2ScopesMediationPolicyRuleCondition.go b/okta/oAuth2ScopesMediationPolicyRuleCondition.go
deleted file mode 100644
index 419d8a6c3..000000000
--- a/okta/oAuth2ScopesMediationPolicyRuleCondition.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuth2ScopesMediationPolicyRuleCondition struct {
-	Include []string `json:"include,omitempty"`
-}
diff --git a/okta/oAuth2Token.go b/okta/oAuth2Token.go
deleted file mode 100644
index ecdc62565..000000000
--- a/okta/oAuth2Token.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type OAuth2Token struct {
-	Embedded    interface{} `json:"_embedded,omitempty"`
-	Links       interface{} `json:"_links,omitempty"`
-	ClientId    string      `json:"clientId,omitempty"`
-	Created     *time.Time  `json:"created,omitempty"`
-	ExpiresAt   *time.Time  `json:"expiresAt,omitempty"`
-	Id          string      `json:"id,omitempty"`
-	Issuer      string      `json:"issuer,omitempty"`
-	LastUpdated *time.Time  `json:"lastUpdated,omitempty"`
-	Scopes      []string    `json:"scopes,omitempty"`
-	Status      string      `json:"status,omitempty"`
-	UserId      string      `json:"userId,omitempty"`
-}
diff --git a/okta/oAuthApplicationCredentials.go b/okta/oAuthApplicationCredentials.go
deleted file mode 100644
index 8e1492858..000000000
--- a/okta/oAuthApplicationCredentials.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuthApplicationCredentials struct {
-	Signing          *ApplicationCredentialsSigning          `json:"signing,omitempty"`
-	UserNameTemplate *ApplicationCredentialsUsernameTemplate `json:"userNameTemplate,omitempty"`
-	OauthClient      *ApplicationCredentialsOAuthClient      `json:"oauthClient,omitempty"`
-}
diff --git a/okta/oAuthAuthorizationPolicy.go b/okta/oAuthAuthorizationPolicy.go
deleted file mode 100644
index 143192ea1..000000000
--- a/okta/oAuthAuthorizationPolicy.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type OAuthAuthorizationPolicy struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Conditions  *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	Description string                `json:"description,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Name        string                `json:"name,omitempty"`
-	Priority    int64                 `json:"-"`
-	PriorityPtr *int64                `json:"priority,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	System      *bool                 `json:"system,omitempty"`
-	Type        string                `json:"type,omitempty"`
-}
-
-func NewOAuthAuthorizationPolicy() *OAuthAuthorizationPolicy {
-	return &OAuthAuthorizationPolicy{
-		Type: "OAUTH_AUTHORIZATION_POLICY",
-	}
-}
-
-func (a *OAuthAuthorizationPolicy) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *OAuthAuthorizationPolicy) MarshalJSON() ([]byte, error) {
-	type Alias OAuthAuthorizationPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *OAuthAuthorizationPolicy) UnmarshalJSON(data []byte) error {
-	type Alias OAuthAuthorizationPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/oAuthEndpointAuthenticationMethod.go b/okta/oAuthEndpointAuthenticationMethod.go
deleted file mode 100644
index e6a84f491..000000000
--- a/okta/oAuthEndpointAuthenticationMethod.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuthEndpointAuthenticationMethod string
diff --git a/okta/oAuthGrantType.go b/okta/oAuthGrantType.go
deleted file mode 100644
index 74f0f6f32..000000000
--- a/okta/oAuthGrantType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuthGrantType string
diff --git a/okta/oAuthResponseType.go b/okta/oAuthResponseType.go
deleted file mode 100644
index 121ac76ef..000000000
--- a/okta/oAuthResponseType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OAuthResponseType string
diff --git a/okta/okta.go b/okta/okta.go
deleted file mode 100644
index f1d40a9aa..000000000
--- a/okta/okta.go
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"io/ioutil"
-	"os/user"
-	"path"
-	"path/filepath"
-	"runtime"
-
-	"github.com/kelseyhightower/envconfig"
-	"github.com/okta/okta-sdk-golang/v2/okta/cache"
-	"gopkg.in/yaml.v3"
-)
-
-const Version = "2.17.0"
-
-type Client struct {
-	config                     *config
-	requestExecutor            *RequestExecutor
-	resource                   resource
-	Application                *ApplicationResource
-	Authenticator              *AuthenticatorResource
-	AuthorizationServer        *AuthorizationServerResource
-	Brand                      *BrandResource
-	Domain                     *DomainResource
-	EventHook                  *EventHookResource
-	Feature                    *FeatureResource
-	Group                      *GroupResource
-	GroupSchema                *GroupSchemaResource
-	IdentityProvider           *IdentityProviderResource
-	InlineHook                 *InlineHookResource
-	LinkedObject               *LinkedObjectResource
-	LogEvent                   *LogEventResource
-	NetworkZone                *NetworkZoneResource
-	OrgSetting                 *OrgSettingResource
-	Policy                     *PolicyResource
-	ProfileMapping             *ProfileMappingResource
-	Session                    *SessionResource
-	SmsTemplate                *SmsTemplateResource
-	Subscription               *SubscriptionResource
-	ThreatInsightConfiguration *ThreatInsightConfigurationResource
-	TrustedOrigin              *TrustedOriginResource
-	User                       *UserResource
-	UserFactor                 *UserFactorResource
-	UserSchema                 *UserSchemaResource
-	UserType                   *UserTypeResource
-}
-
-type resource struct {
-	client *Client
-}
-
-type clientContextKey struct{}
-
-func NewClient(ctx context.Context, conf ...ConfigSetter) (context.Context, *Client, error) {
-	config := &config{}
-
-	setConfigDefaults(config)
-	config = readConfigFromSystem(*config)
-	config = readConfigFromApplication(*config)
-	config = readConfigFromEnvironment(*config)
-
-	for _, confSetter := range conf {
-		confSetter(config)
-	}
-
-	var oktaCache cache.Cache
-	if !config.Okta.Client.Cache.Enabled {
-		oktaCache = cache.NewNoOpCache()
-	} else {
-		if config.CacheManager == nil {
-			oktaCache = cache.NewGoCache(config.Okta.Client.Cache.DefaultTtl,
-				config.Okta.Client.Cache.DefaultTti)
-		} else {
-			oktaCache = config.CacheManager
-		}
-	}
-
-	config.CacheManager = oktaCache
-
-	config, err := validateConfig(config)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	c := &Client{}
-	c.config = config
-	c.requestExecutor = NewRequestExecutor(config.HttpClient, oktaCache, config)
-
-	c.resource.client = c
-
-	c.Application = (*ApplicationResource)(&c.resource)
-	c.Authenticator = (*AuthenticatorResource)(&c.resource)
-	c.AuthorizationServer = (*AuthorizationServerResource)(&c.resource)
-	c.Brand = (*BrandResource)(&c.resource)
-	c.Domain = (*DomainResource)(&c.resource)
-	c.EventHook = (*EventHookResource)(&c.resource)
-	c.Feature = (*FeatureResource)(&c.resource)
-	c.Group = (*GroupResource)(&c.resource)
-	c.GroupSchema = (*GroupSchemaResource)(&c.resource)
-	c.IdentityProvider = (*IdentityProviderResource)(&c.resource)
-	c.InlineHook = (*InlineHookResource)(&c.resource)
-	c.LinkedObject = (*LinkedObjectResource)(&c.resource)
-	c.LogEvent = (*LogEventResource)(&c.resource)
-	c.NetworkZone = (*NetworkZoneResource)(&c.resource)
-	c.OrgSetting = (*OrgSettingResource)(&c.resource)
-	c.Policy = (*PolicyResource)(&c.resource)
-	c.ProfileMapping = (*ProfileMappingResource)(&c.resource)
-	c.Session = (*SessionResource)(&c.resource)
-	c.SmsTemplate = (*SmsTemplateResource)(&c.resource)
-	c.Subscription = (*SubscriptionResource)(&c.resource)
-	c.ThreatInsightConfiguration = (*ThreatInsightConfigurationResource)(&c.resource)
-	c.TrustedOrigin = (*TrustedOriginResource)(&c.resource)
-	c.User = (*UserResource)(&c.resource)
-	c.UserFactor = (*UserFactorResource)(&c.resource)
-	c.UserSchema = (*UserSchemaResource)(&c.resource)
-	c.UserType = (*UserTypeResource)(&c.resource)
-
-	contextReturn := context.WithValue(ctx, clientContextKey{}, c)
-
-	return contextReturn, c, nil
-}
-
-func ClientFromContext(ctx context.Context) (*Client, bool) {
-	u, ok := ctx.Value(clientContextKey{}).(*Client)
-	return u, ok
-}
-
-func (c *Client) GetConfig() *config {
-	return c.config
-}
-
-func (c *Client) SetConfig(conf ...ConfigSetter) (err error) {
-	config := c.config
-	for _, confSetter := range conf {
-		confSetter(config)
-	}
-	_, err = validateConfig(config)
-	if err != nil {
-		return
-	}
-	c.config = config
-	return
-}
-
-// GetRequestExecutor returns underlying request executor
-// Deprecated: please use CloneRequestExecutor() to avoid race conditions
-func (c *Client) GetRequestExecutor() *RequestExecutor {
-	return c.requestExecutor
-}
-
-// CloneRequestExecutor create a clone of the underlying request executor
-func (c *Client) CloneRequestExecutor() *RequestExecutor {
-	a := *c.requestExecutor
-	return &a
-}
-
-func setConfigDefaults(c *config) {
-	conf := []ConfigSetter{
-		WithConnectionTimeout(60),
-		WithCache(true),
-		WithCacheTtl(300),
-		WithCacheTti(300),
-		WithUserAgentExtra(""),
-		WithTestingDisableHttpsCheck(false),
-		WithRequestTimeout(0),
-		WithRateLimitMaxBackOff(30),
-		WithRateLimitMaxRetries(2),
-		WithAuthorizationMode("SSWS"),
-	}
-	for _, confSetter := range conf {
-		confSetter(c)
-	}
-}
-
-func readConfigFromFile(location string, c config) (*config, error) {
-	yamlConfig, err := ioutil.ReadFile(location)
-	if err != nil {
-		return nil, err
-	}
-	err = yaml.Unmarshal(yamlConfig, &c)
-	if err != nil {
-		return nil, err
-	}
-	return &c, err
-}
-
-func readConfigFromSystem(c config) *config {
-	currUser, err := user.Current()
-	if err != nil {
-		return &c
-	}
-	if currUser.HomeDir == "" {
-		return &c
-	}
-	conf, err := readConfigFromFile(currUser.HomeDir+"/.okta/okta.yaml", c)
-	if err != nil {
-		return &c
-	}
-	return conf
-}
-
-// read config from the project's root directory
-func readConfigFromApplication(c config) *config {
-	_, b, _, _ := runtime.Caller(0)
-	conf, err := readConfigFromFile(filepath.Join(filepath.Dir(path.Join(path.Dir(b))), ".okta.yaml"), c)
-	if err != nil {
-		return &c
-	}
-	return conf
-}
-
-func readConfigFromEnvironment(c config) *config {
-	err := envconfig.Process("okta", &c)
-	if err != nil {
-		fmt.Println("error parsing")
-		return &c
-	}
-	return &c
-}
-
-func boolPtr(b bool) *bool {
-	return &b
-}
-
-func Int64Ptr(i int64) *int64 {
-	return &i
-}
diff --git a/okta/oktaSignOnPolicy.go b/okta/oktaSignOnPolicy.go
deleted file mode 100644
index 8acf7dad7..000000000
--- a/okta/oktaSignOnPolicy.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type OktaSignOnPolicy struct {
-	Embedded    interface{}                 `json:"_embedded,omitempty"`
-	Links       interface{}                 `json:"_links,omitempty"`
-	Conditions  *OktaSignOnPolicyConditions `json:"conditions,omitempty"`
-	Created     *time.Time                  `json:"created,omitempty"`
-	Description string                      `json:"description,omitempty"`
-	Id          string                      `json:"id,omitempty"`
-	LastUpdated *time.Time                  `json:"lastUpdated,omitempty"`
-	Name        string                      `json:"name,omitempty"`
-	Priority    int64                       `json:"-"`
-	PriorityPtr *int64                      `json:"priority,omitempty"`
-	Status      string                      `json:"status,omitempty"`
-	System      *bool                       `json:"system,omitempty"`
-	Type        string                      `json:"type,omitempty"`
-}
-
-func NewOktaSignOnPolicy() *OktaSignOnPolicy {
-	return &OktaSignOnPolicy{
-		Type: "OKTA_SIGN_ON",
-	}
-}
-
-func (a *OktaSignOnPolicy) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *OktaSignOnPolicy) MarshalJSON() ([]byte, error) {
-	type Alias OktaSignOnPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *OktaSignOnPolicy) UnmarshalJSON(data []byte) error {
-	type Alias OktaSignOnPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/oktaSignOnPolicyConditions.go b/okta/oktaSignOnPolicyConditions.go
deleted file mode 100644
index be9bfba31..000000000
--- a/okta/oktaSignOnPolicyConditions.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OktaSignOnPolicyConditions struct {
-	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
-	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
-	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
-	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
-	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
-	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
-	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
-	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
-	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
-	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
-	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
-	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
-	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
-	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
-	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
-	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
-	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
-	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
-	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
-	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
-	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
-}
-
-func NewOktaSignOnPolicyConditions() *OktaSignOnPolicyConditions {
-	return &OktaSignOnPolicyConditions{}
-}
-
-func (a *OktaSignOnPolicyConditions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/oktaSignOnPolicyRule.go b/okta/oktaSignOnPolicyRule.go
deleted file mode 100644
index cda657ae7..000000000
--- a/okta/oktaSignOnPolicyRule.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type OktaSignOnPolicyRule struct {
-	Actions     *OktaSignOnPolicyRuleActions    `json:"actions,omitempty"`
-	Conditions  *OktaSignOnPolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time                      `json:"created,omitempty"`
-	Id          string                          `json:"id,omitempty"`
-	LastUpdated *time.Time                      `json:"lastUpdated,omitempty"`
-	Name        string                          `json:"name,omitempty"`
-	Priority    int64                           `json:"-"`
-	PriorityPtr *int64                          `json:"priority,omitempty"`
-	Status      string                          `json:"status,omitempty"`
-	System      *bool                           `json:"system,omitempty"`
-	Type        string                          `json:"type,omitempty"`
-}
-
-func NewOktaSignOnPolicyRule() *OktaSignOnPolicyRule {
-	return &OktaSignOnPolicyRule{
-		Status: "ACTIVE",
-		System: boolPtr(false),
-		Type:   "SIGN_ON",
-	}
-}
-
-func (a *OktaSignOnPolicyRule) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *OktaSignOnPolicyRule) MarshalJSON() ([]byte, error) {
-	type Alias OktaSignOnPolicyRule
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *OktaSignOnPolicyRule) UnmarshalJSON(data []byte) error {
-	type Alias OktaSignOnPolicyRule
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/oktaSignOnPolicyRuleActions.go b/okta/oktaSignOnPolicyRuleActions.go
deleted file mode 100644
index 9f04f1077..000000000
--- a/okta/oktaSignOnPolicyRuleActions.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OktaSignOnPolicyRuleActions struct {
-	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
-	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
-	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
-	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
-	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
-	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
-}
-
-func NewOktaSignOnPolicyRuleActions() *OktaSignOnPolicyRuleActions {
-	return &OktaSignOnPolicyRuleActions{}
-}
-
-func (a *OktaSignOnPolicyRuleActions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/oktaSignOnPolicyRuleConditions.go b/okta/oktaSignOnPolicyRuleConditions.go
deleted file mode 100644
index 6e592d407..000000000
--- a/okta/oktaSignOnPolicyRuleConditions.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OktaSignOnPolicyRuleConditions struct {
-	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
-	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
-	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
-	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
-	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
-	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
-	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
-	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
-	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
-	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
-	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
-	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
-	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
-	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
-	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
-	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
-	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
-	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
-	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
-	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
-	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
-}
-
-func NewOktaSignOnPolicyRuleConditions() *OktaSignOnPolicyRuleConditions {
-	return &OktaSignOnPolicyRuleConditions{}
-}
-
-func (a *OktaSignOnPolicyRuleConditions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/oktaSignOnPolicyRuleSignonActions.go b/okta/oktaSignOnPolicyRuleSignonActions.go
deleted file mode 100644
index ab0ccbca3..000000000
--- a/okta/oktaSignOnPolicyRuleSignonActions.go
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type OktaSignOnPolicyRuleSignonActions struct {
-	Access                  string                                    `json:"access,omitempty"`
-	FactorLifetime          int64                                     `json:"-"`
-	FactorLifetimePtr       *int64                                    `json:"factorLifetime,omitempty"`
-	FactorPromptMode        string                                    `json:"factorPromptMode,omitempty"`
-	RememberDeviceByDefault *bool                                     `json:"rememberDeviceByDefault,omitempty"`
-	RequireFactor           *bool                                     `json:"requireFactor,omitempty"`
-	Session                 *OktaSignOnPolicyRuleSignonSessionActions `json:"session,omitempty"`
-}
-
-func NewOktaSignOnPolicyRuleSignonActions() *OktaSignOnPolicyRuleSignonActions {
-	return &OktaSignOnPolicyRuleSignonActions{
-		RememberDeviceByDefault: boolPtr(false),
-		RequireFactor:           boolPtr(false),
-	}
-}
-
-func (a *OktaSignOnPolicyRuleSignonActions) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *OktaSignOnPolicyRuleSignonActions) MarshalJSON() ([]byte, error) {
-	type Alias OktaSignOnPolicyRuleSignonActions
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.FactorLifetime != 0 {
-		result.FactorLifetimePtr = Int64Ptr(a.FactorLifetime)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *OktaSignOnPolicyRuleSignonActions) UnmarshalJSON(data []byte) error {
-	type Alias OktaSignOnPolicyRuleSignonActions
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.FactorLifetimePtr != nil {
-		a.FactorLifetime = *result.FactorLifetimePtr
-		a.FactorLifetimePtr = result.FactorLifetimePtr
-	}
-	return nil
-}
diff --git a/okta/oktaSignOnPolicyRuleSignonSessionActions.go b/okta/oktaSignOnPolicyRuleSignonSessionActions.go
deleted file mode 100644
index 3797793d5..000000000
--- a/okta/oktaSignOnPolicyRuleSignonSessionActions.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type OktaSignOnPolicyRuleSignonSessionActions struct {
-	MaxSessionIdleMinutes        int64  `json:"-"`
-	MaxSessionIdleMinutesPtr     *int64 `json:"maxSessionIdleMinutes"`
-	MaxSessionLifetimeMinutes    int64  `json:"-"`
-	MaxSessionLifetimeMinutesPtr *int64 `json:"maxSessionLifetimeMinutes"`
-	UsePersistentCookie          *bool  `json:"usePersistentCookie,omitempty"`
-}
-
-func NewOktaSignOnPolicyRuleSignonSessionActions() *OktaSignOnPolicyRuleSignonSessionActions {
-	return &OktaSignOnPolicyRuleSignonSessionActions{
-		MaxSessionIdleMinutes:        120,
-		MaxSessionIdleMinutesPtr:     Int64Ptr(120),
-		MaxSessionLifetimeMinutes:    0,
-		MaxSessionLifetimeMinutesPtr: Int64Ptr(0),
-		UsePersistentCookie:          boolPtr(false),
-	}
-}
-
-func (a *OktaSignOnPolicyRuleSignonSessionActions) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *OktaSignOnPolicyRuleSignonSessionActions) MarshalJSON() ([]byte, error) {
-	type Alias OktaSignOnPolicyRuleSignonSessionActions
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.MaxSessionIdleMinutes != 0 {
-		result.MaxSessionIdleMinutesPtr = Int64Ptr(a.MaxSessionIdleMinutes)
-	}
-	if a.MaxSessionLifetimeMinutes != 0 {
-		result.MaxSessionLifetimeMinutesPtr = Int64Ptr(a.MaxSessionLifetimeMinutes)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *OktaSignOnPolicyRuleSignonSessionActions) UnmarshalJSON(data []byte) error {
-	type Alias OktaSignOnPolicyRuleSignonSessionActions
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.MaxSessionIdleMinutesPtr != nil {
-		a.MaxSessionIdleMinutes = *result.MaxSessionIdleMinutesPtr
-		a.MaxSessionIdleMinutesPtr = result.MaxSessionIdleMinutesPtr
-	}
-	if result.MaxSessionLifetimeMinutesPtr != nil {
-		a.MaxSessionLifetimeMinutes = *result.MaxSessionLifetimeMinutesPtr
-		a.MaxSessionLifetimeMinutesPtr = result.MaxSessionLifetimeMinutesPtr
-	}
-	return nil
-}
diff --git a/okta/openIdConnectApplication.go b/okta/openIdConnectApplication.go
deleted file mode 100644
index c3f6f051a..000000000
--- a/okta/openIdConnectApplication.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type OpenIdConnectApplication struct {
-	Embedded      interface{}                       `json:"_embedded,omitempty"`
-	Links         interface{}                       `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility         `json:"accessibility,omitempty"`
-	Created       *time.Time                        `json:"created,omitempty"`
-	Credentials   *OAuthApplicationCredentials      `json:"credentials,omitempty"`
-	Features      []string                          `json:"features,omitempty"`
-	Id            string                            `json:"id,omitempty"`
-	Label         string                            `json:"label,omitempty"`
-	LastUpdated   *time.Time                        `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing             `json:"licensing,omitempty"`
-	Name          string                            `json:"name,omitempty"`
-	Profile       interface{}                       `json:"profile,omitempty"`
-	Settings      *OpenIdConnectApplicationSettings `json:"settings,omitempty"`
-	SignOnMode    string                            `json:"signOnMode,omitempty"`
-	Status        string                            `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility            `json:"visibility,omitempty"`
-}
-
-func NewOpenIdConnectApplication() *OpenIdConnectApplication {
-	return &OpenIdConnectApplication{
-		Name:       "oidc_client",
-		SignOnMode: "OPENID_CONNECT",
-	}
-}
-
-func (a *OpenIdConnectApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/openIdConnectApplicationConsentMethod.go b/okta/openIdConnectApplicationConsentMethod.go
deleted file mode 100644
index 5eac14749..000000000
--- a/okta/openIdConnectApplicationConsentMethod.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectApplicationConsentMethod string
diff --git a/okta/openIdConnectApplicationIdpInitiatedLogin.go b/okta/openIdConnectApplicationIdpInitiatedLogin.go
deleted file mode 100644
index 9839fb53b..000000000
--- a/okta/openIdConnectApplicationIdpInitiatedLogin.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectApplicationIdpInitiatedLogin struct {
-	DefaultScope []string `json:"default_scope"`
-	Mode         string   `json:"mode,omitempty"`
-}
diff --git a/okta/openIdConnectApplicationIssuerMode.go b/okta/openIdConnectApplicationIssuerMode.go
deleted file mode 100644
index c99130c22..000000000
--- a/okta/openIdConnectApplicationIssuerMode.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectApplicationIssuerMode string
diff --git a/okta/openIdConnectApplicationSettings.go b/okta/openIdConnectApplicationSettings.go
deleted file mode 100644
index e729e885e..000000000
--- a/okta/openIdConnectApplicationSettings.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectApplicationSettings struct {
-	App                *ApplicationSettingsApplication         `json:"app,omitempty"`
-	ImplicitAssignment *bool                                   `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                                  `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes               `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications       `json:"notifications,omitempty"`
-	OauthClient        *OpenIdConnectApplicationSettingsClient `json:"oauthClient,omitempty"`
-}
diff --git a/okta/openIdConnectApplicationSettingsClient.go b/okta/openIdConnectApplicationSettingsClient.go
deleted file mode 100644
index 12411e0b5..000000000
--- a/okta/openIdConnectApplicationSettingsClient.go
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectApplicationSettingsClient struct {
-	ApplicationType        string                                        `json:"application_type,omitempty"`
-	ClientUri              string                                        `json:"client_uri,omitempty"`
-	ConsentMethod          string                                        `json:"consent_method,omitempty"`
-	GrantTypes             []*OAuthGrantType                             `json:"grant_types,omitempty"`
-	IdpInitiatedLogin      *OpenIdConnectApplicationIdpInitiatedLogin    `json:"idp_initiated_login,omitempty"`
-	InitiateLoginUri       string                                        `json:"initiate_login_uri,omitempty"`
-	IssuerMode             string                                        `json:"issuer_mode,omitempty"`
-	Jwks                   *OpenIdConnectApplicationSettingsClientKeys   `json:"jwks,omitempty"`
-	LogoUri                string                                        `json:"logo_uri,omitempty"`
-	PolicyUri              string                                        `json:"policy_uri,omitempty"`
-	PostLogoutRedirectUris []string                                      `json:"post_logout_redirect_uris,omitempty"`
-	RedirectUris           []string                                      `json:"redirect_uris,omitempty"`
-	RefreshToken           *OpenIdConnectApplicationSettingsRefreshToken `json:"refresh_token,omitempty"`
-	ResponseTypes          []*OAuthResponseType                          `json:"response_types,omitempty"`
-	TosUri                 string                                        `json:"tos_uri,omitempty"`
-	WildcardRedirect       string                                        `json:"wildcard_redirect,omitempty"`
-}
diff --git a/okta/openIdConnectApplicationSettingsClientKeys.go b/okta/openIdConnectApplicationSettingsClientKeys.go
deleted file mode 100644
index 7cc1a5534..000000000
--- a/okta/openIdConnectApplicationSettingsClientKeys.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectApplicationSettingsClientKeys struct {
-	Keys []*JsonWebKey `json:"keys,omitempty"`
-}
diff --git a/okta/openIdConnectApplicationSettingsRefreshToken.go b/okta/openIdConnectApplicationSettingsRefreshToken.go
deleted file mode 100644
index d4b71465d..000000000
--- a/okta/openIdConnectApplicationSettingsRefreshToken.go
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type OpenIdConnectApplicationSettingsRefreshToken struct {
-	Leeway       int64  `json:"-"`
-	LeewayPtr    *int64 `json:"leeway"`
-	RotationType string `json:"rotation_type,omitempty"`
-}
-
-func (a *OpenIdConnectApplicationSettingsRefreshToken) MarshalJSON() ([]byte, error) {
-	type Alias OpenIdConnectApplicationSettingsRefreshToken
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Leeway != 0 {
-		result.LeewayPtr = Int64Ptr(a.Leeway)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *OpenIdConnectApplicationSettingsRefreshToken) UnmarshalJSON(data []byte) error {
-	type Alias OpenIdConnectApplicationSettingsRefreshToken
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.LeewayPtr != nil {
-		a.Leeway = *result.LeewayPtr
-		a.LeewayPtr = result.LeewayPtr
-	}
-	return nil
-}
diff --git a/okta/openIdConnectApplicationType.go b/okta/openIdConnectApplicationType.go
deleted file mode 100644
index e7089fa06..000000000
--- a/okta/openIdConnectApplicationType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectApplicationType string
diff --git a/okta/openIdConnectRefreshTokenRotationType.go b/okta/openIdConnectRefreshTokenRotationType.go
deleted file mode 100644
index 4233f4b1e..000000000
--- a/okta/openIdConnectRefreshTokenRotationType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OpenIdConnectRefreshTokenRotationType string
diff --git a/okta/org2OrgApplication.go b/okta/org2OrgApplication.go
deleted file mode 100644
index 47adbd734..000000000
--- a/okta/org2OrgApplication.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type Org2OrgApplication struct {
-	Settings      *Org2OrgApplicationSettings `json:"settings,omitempty"`
-	Embedded      interface{}                 `json:"_embedded,omitempty"`
-	Links         interface{}                 `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility   `json:"accessibility,omitempty"`
-	Created       *time.Time                  `json:"created,omitempty"`
-	Credentials   *ApplicationCredentials     `json:"credentials,omitempty"`
-	Features      []string                    `json:"features,omitempty"`
-	Id            string                      `json:"id,omitempty"`
-	Label         string                      `json:"label,omitempty"`
-	LastUpdated   *time.Time                  `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing       `json:"licensing,omitempty"`
-	Name          string                      `json:"name,omitempty"`
-	Profile       interface{}                 `json:"profile,omitempty"`
-	SignOnMode    string                      `json:"signOnMode,omitempty"`
-	Status        string                      `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility      `json:"visibility,omitempty"`
-}
-
-func NewOrg2OrgApplication() *Org2OrgApplication {
-	return &Org2OrgApplication{
-		Name: "okta_org2org",
-	}
-}
-
-func (a *Org2OrgApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/org2OrgApplicationSettings.go b/okta/org2OrgApplicationSettings.go
deleted file mode 100644
index fa952dd42..000000000
--- a/okta/org2OrgApplicationSettings.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type Org2OrgApplicationSettings struct {
-	SignOn             *SamlApplicationSettingsSignOn    `json:"signOn,omitempty"`
-	App                *Org2OrgApplicationSettingsApp    `json:"app,omitempty"`
-	ImplicitAssignment *bool                             `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                            `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes         `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications `json:"notifications,omitempty"`
-}
-
-func NewOrg2OrgApplicationSettings() *Org2OrgApplicationSettings {
-	return &Org2OrgApplicationSettings{}
-}
-
-func (a *Org2OrgApplicationSettings) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/org2OrgApplicationSettingsApp.go b/okta/org2OrgApplicationSettingsApp.go
deleted file mode 100644
index 50c471fe7..000000000
--- a/okta/org2OrgApplicationSettingsApp.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type Org2OrgApplicationSettingsApp struct {
-	AcsUrl         string `json:"acsUrl,omitempty"`
-	AudRestriction string `json:"audRestriction,omitempty"`
-	BaseUrl        string `json:"baseUrl,omitempty"`
-}
-
-func NewOrg2OrgApplicationSettingsApp() *Org2OrgApplicationSettingsApp {
-	return &Org2OrgApplicationSettingsApp{}
-}
-
-func (a *Org2OrgApplicationSettingsApp) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/orgContactType.go b/okta/orgContactType.go
deleted file mode 100644
index e93068de0..000000000
--- a/okta/orgContactType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OrgContactType string
diff --git a/okta/orgContactTypeObj.go b/okta/orgContactTypeObj.go
deleted file mode 100644
index fa8594494..000000000
--- a/okta/orgContactTypeObj.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OrgContactTypeObj struct {
-	Links       interface{} `json:"_links,omitempty"`
-	ContactType string      `json:"contactType,omitempty"`
-}
diff --git a/okta/orgContactUser.go b/okta/orgContactUser.go
deleted file mode 100644
index ee373b7c6..000000000
--- a/okta/orgContactUser.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OrgContactUserResource resource
-
-type OrgContactUser struct {
-	Links  interface{} `json:"_links,omitempty"`
-	UserId string      `json:"userId,omitempty"`
-}
diff --git a/okta/orgOktaCommunicationSetting.go b/okta/orgOktaCommunicationSetting.go
deleted file mode 100644
index a1dced500..000000000
--- a/okta/orgOktaCommunicationSetting.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OrgOktaCommunicationSettingResource resource
-
-type OrgOktaCommunicationSetting struct {
-	Links            interface{} `json:"_links,omitempty"`
-	OptOutEmailUsers *bool       `json:"optOutEmailUsers,omitempty"`
-}
diff --git a/okta/orgOktaSupportSetting.go b/okta/orgOktaSupportSetting.go
deleted file mode 100644
index 9a98fca89..000000000
--- a/okta/orgOktaSupportSetting.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OrgOktaSupportSetting string
diff --git a/okta/orgOktaSupportSettingsObj.go b/okta/orgOktaSupportSettingsObj.go
deleted file mode 100644
index 7498e8ddd..000000000
--- a/okta/orgOktaSupportSettingsObj.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type OrgOktaSupportSettingsObjResource resource
-
-type OrgOktaSupportSettingsObj struct {
-	Links      interface{} `json:"_links,omitempty"`
-	Expiration *time.Time  `json:"expiration,omitempty"`
-	Support    string      `json:"support,omitempty"`
-}
diff --git a/okta/orgPreferences.go b/okta/orgPreferences.go
deleted file mode 100644
index 82b362bc1..000000000
--- a/okta/orgPreferences.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type OrgPreferencesResource resource
-
-type OrgPreferences struct {
-	Links             interface{} `json:"_links,omitempty"`
-	ShowEndUserFooter *bool       `json:"showEndUserFooter,omitempty"`
-}
diff --git a/okta/orgSetting.go b/okta/orgSetting.go
deleted file mode 100644
index 380ea670d..000000000
--- a/okta/orgSetting.go
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"os"
-	"time"
-)
-
-type OrgSettingResource resource
-
-type OrgSetting struct {
-	Links                 interface{} `json:"_links,omitempty"`
-	Address1              string      `json:"address1,omitempty"`
-	Address2              string      `json:"address2,omitempty"`
-	City                  string      `json:"city,omitempty"`
-	CompanyName           string      `json:"companyName,omitempty"`
-	Country               string      `json:"country,omitempty"`
-	Created               *time.Time  `json:"created,omitempty"`
-	EndUserSupportHelpURL string      `json:"endUserSupportHelpURL,omitempty"`
-	ExpiresAt             *time.Time  `json:"expiresAt,omitempty"`
-	Id                    string      `json:"id,omitempty"`
-	LastUpdated           *time.Time  `json:"lastUpdated,omitempty"`
-	PhoneNumber           string      `json:"phoneNumber,omitempty"`
-	PostalCode            string      `json:"postalCode,omitempty"`
-	State                 string      `json:"state,omitempty"`
-	Status                string      `json:"status,omitempty"`
-	Subdomain             string      `json:"subdomain,omitempty"`
-	SupportPhoneNumber    string      `json:"supportPhoneNumber,omitempty"`
-	Website               string      `json:"website,omitempty"`
-}
-
-// Get settings of your organization.
-func (m *OrgSettingResource) GetOrgSettings(ctx context.Context) (*OrgSetting, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgSetting *OrgSetting
-
-	resp, err := rq.Do(ctx, req, &orgSetting)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgSetting, resp, nil
-}
-
-// Update settings of your organization.
-func (m *OrgSettingResource) UpdateOrgSetting(ctx context.Context, body OrgSetting) (*OrgSetting, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgSetting *OrgSetting
-
-	resp, err := rq.Do(ctx, req, &orgSetting)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgSetting, resp, nil
-}
-
-// Partial update settings of your organization.
-func (m *OrgSettingResource) PartialUpdateOrgSetting(ctx context.Context, body OrgSetting) (*OrgSetting, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgSetting *OrgSetting
-
-	resp, err := rq.Do(ctx, req, &orgSetting)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgSetting, resp, nil
-}
-
-// Gets Contact Types of your organization.
-func (m *OrgSettingResource) GetOrgContactTypes(ctx context.Context) ([]*OrgContactTypeObj, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/contacts")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgContactTypeObj []*OrgContactTypeObj
-
-	resp, err := rq.Do(ctx, req, &orgContactTypeObj)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgContactTypeObj, resp, nil
-}
-
-// Retrieves the URL of the User associated with the specified Contact Type.
-func (m *OrgSettingResource) GetOrgContactUser(ctx context.Context, contactType string) (*OrgContactUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/contacts/%v", contactType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgContactUser *OrgContactUser
-
-	resp, err := rq.Do(ctx, req, &orgContactUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgContactUser, resp, nil
-}
-
-// Updates the User associated with the specified Contact Type.
-func (m *OrgSettingResource) UpdateOrgContactUser(ctx context.Context, contactType string, body UserIdString) (*OrgContactUser, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/contacts/%v", contactType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgContactUser *OrgContactUser
-
-	resp, err := rq.Do(ctx, req, &orgContactUser)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgContactUser, resp, nil
-}
-
-// Updates the logo for your organization.
-func (m *OrgSettingResource) UpdateOrgLogo(ctx context.Context, file string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/org/logo")
-
-	rq := m.client.CloneRequestExecutor()
-
-	fo, err := os.Open(file)
-	if err != nil {
-		return nil, err
-	}
-	defer fo.Close()
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	fw, err := writer.CreateFormFile("file", file)
-	if err != nil {
-		return nil, err
-	}
-	_, err = io.Copy(fw, fo)
-	if err != nil {
-		return nil, err
-	}
-	_ = writer.Close()
-
-	req, err := rq.WithAccept("application/json").WithContentType(writer.FormDataContentType()).NewRequest("POST", url, body)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets preferences of your organization.
-func (m *OrgSettingResource) GetOrgPreferences(ctx context.Context) (*OrgPreferences, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/preferences")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgPreferences *OrgPreferences
-
-	resp, err := rq.Do(ctx, req, &orgPreferences)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgPreferences, resp, nil
-}
-
-// Hide the Okta UI footer for all end users of your organization.
-func (m *OrgSettingResource) HideOktaUIFooter(ctx context.Context) (*OrgPreferences, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/preferences/hideEndUserFooter")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgPreferences *OrgPreferences
-
-	resp, err := rq.Do(ctx, req, &orgPreferences)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgPreferences, resp, nil
-}
-
-// Makes the Okta UI footer visible for all end users of your organization.
-func (m *OrgSettingResource) ShowOktaUIFooter(ctx context.Context) (*OrgPreferences, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/preferences/showEndUserFooter")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgPreferences *OrgPreferences
-
-	resp, err := rq.Do(ctx, req, &orgPreferences)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgPreferences, resp, nil
-}
-
-// Gets Okta Communication Settings of your organization.
-func (m *OrgSettingResource) GetOktaCommunicationSettings(ctx context.Context) (*OrgOktaCommunicationSetting, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/privacy/oktaCommunication")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgOktaCommunicationSetting *OrgOktaCommunicationSetting
-
-	resp, err := rq.Do(ctx, req, &orgOktaCommunicationSetting)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgOktaCommunicationSetting, resp, nil
-}
-
-// Opts in all users of this org to Okta Communication emails.
-func (m *OrgSettingResource) OptInUsersToOktaCommunicationEmails(ctx context.Context) (*OrgOktaCommunicationSetting, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/privacy/oktaCommunication/optIn")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgOktaCommunicationSetting *OrgOktaCommunicationSetting
-
-	resp, err := rq.Do(ctx, req, &orgOktaCommunicationSetting)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgOktaCommunicationSetting, resp, nil
-}
-
-// Opts out all users of this org from Okta Communication emails.
-func (m *OrgSettingResource) OptOutUsersFromOktaCommunicationEmails(ctx context.Context) (*OrgOktaCommunicationSetting, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/privacy/oktaCommunication/optOut")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgOktaCommunicationSetting *OrgOktaCommunicationSetting
-
-	resp, err := rq.Do(ctx, req, &orgOktaCommunicationSetting)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgOktaCommunicationSetting, resp, nil
-}
-
-// Gets Okta Support Settings of your organization.
-func (m *OrgSettingResource) GetOrgOktaSupportSettings(ctx context.Context) (*OrgOktaSupportSettingsObj, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/privacy/oktaSupport")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgOktaSupportSettingsObj *OrgOktaSupportSettingsObj
-
-	resp, err := rq.Do(ctx, req, &orgOktaSupportSettingsObj)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgOktaSupportSettingsObj, resp, nil
-}
-
-// Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.
-func (m *OrgSettingResource) ExtendOktaSupport(ctx context.Context) (*OrgOktaSupportSettingsObj, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/privacy/oktaSupport/extend")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgOktaSupportSettingsObj *OrgOktaSupportSettingsObj
-
-	resp, err := rq.Do(ctx, req, &orgOktaSupportSettingsObj)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgOktaSupportSettingsObj, resp, nil
-}
-
-// Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.
-func (m *OrgSettingResource) GrantOktaSupport(ctx context.Context) (*OrgOktaSupportSettingsObj, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/privacy/oktaSupport/grant")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgOktaSupportSettingsObj *OrgOktaSupportSettingsObj
-
-	resp, err := rq.Do(ctx, req, &orgOktaSupportSettingsObj)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgOktaSupportSettingsObj, resp, nil
-}
-
-// Revokes Okta Support access to your organization.
-func (m *OrgSettingResource) RevokeOktaSupport(ctx context.Context) (*OrgOktaSupportSettingsObj, *Response, error) {
-	url := fmt.Sprintf("/api/v1/org/privacy/oktaSupport/revoke")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var orgOktaSupportSettingsObj *OrgOktaSupportSettingsObj
-
-	resp, err := rq.Do(ctx, req, &orgOktaSupportSettingsObj)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return orgOktaSupportSettingsObj, resp, nil
-}
diff --git a/okta/passwordCredential.go b/okta/passwordCredential.go
deleted file mode 100644
index e73117835..000000000
--- a/okta/passwordCredential.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordCredential struct {
-	Hash  *PasswordCredentialHash `json:"hash,omitempty"`
-	Hook  *PasswordCredentialHook `json:"hook,omitempty"`
-	Value string                  `json:"value,omitempty"`
-}
diff --git a/okta/passwordCredentialHash.go b/okta/passwordCredentialHash.go
deleted file mode 100644
index 0eb4184e5..000000000
--- a/okta/passwordCredentialHash.go
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type PasswordCredentialHash struct {
-	Algorithm     string `json:"algorithm,omitempty"`
-	Salt          string `json:"salt,omitempty"`
-	SaltOrder     string `json:"saltOrder,omitempty"`
-	Value         string `json:"value,omitempty"`
-	WorkFactor    int64  `json:"-"`
-	WorkFactorPtr *int64 `json:"workFactor,omitempty"`
-}
-
-func (a *PasswordCredentialHash) MarshalJSON() ([]byte, error) {
-	type Alias PasswordCredentialHash
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.WorkFactor != 0 {
-		result.WorkFactorPtr = Int64Ptr(a.WorkFactor)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordCredentialHash) UnmarshalJSON(data []byte) error {
-	type Alias PasswordCredentialHash
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.WorkFactorPtr != nil {
-		a.WorkFactor = *result.WorkFactorPtr
-		a.WorkFactorPtr = result.WorkFactorPtr
-	}
-	return nil
-}
diff --git a/okta/passwordCredentialHashAlgorithm.go b/okta/passwordCredentialHashAlgorithm.go
deleted file mode 100644
index 9a4034800..000000000
--- a/okta/passwordCredentialHashAlgorithm.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordCredentialHashAlgorithm string
diff --git a/okta/passwordCredentialHook.go b/okta/passwordCredentialHook.go
deleted file mode 100644
index 1a6a96151..000000000
--- a/okta/passwordCredentialHook.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordCredentialHook struct {
-	Type string `json:"type,omitempty"`
-}
diff --git a/okta/passwordDictionary.go b/okta/passwordDictionary.go
deleted file mode 100644
index bb4412d0a..000000000
--- a/okta/passwordDictionary.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordDictionary struct {
-	Common *PasswordDictionaryCommon `json:"common,omitempty"`
-}
-
-func NewPasswordDictionary() *PasswordDictionary {
-	return &PasswordDictionary{}
-}
-
-func (a *PasswordDictionary) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordDictionaryCommon.go b/okta/passwordDictionaryCommon.go
deleted file mode 100644
index d17863c5f..000000000
--- a/okta/passwordDictionaryCommon.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordDictionaryCommon struct {
-	Exclude *bool `json:"exclude,omitempty"`
-}
-
-func NewPasswordDictionaryCommon() *PasswordDictionaryCommon {
-	return &PasswordDictionaryCommon{
-		Exclude: boolPtr(false),
-	}
-}
-
-func (a *PasswordDictionaryCommon) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordExpirationPolicyRuleCondition.go b/okta/passwordExpirationPolicyRuleCondition.go
deleted file mode 100644
index c09cab356..000000000
--- a/okta/passwordExpirationPolicyRuleCondition.go
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type PasswordExpirationPolicyRuleCondition struct {
-	Number    int64  `json:"-"`
-	NumberPtr *int64 `json:"number,omitempty"`
-	Unit      string `json:"unit,omitempty"`
-}
-
-func NewPasswordExpirationPolicyRuleCondition() *PasswordExpirationPolicyRuleCondition {
-	return &PasswordExpirationPolicyRuleCondition{}
-}
-
-func (a *PasswordExpirationPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordExpirationPolicyRuleCondition) MarshalJSON() ([]byte, error) {
-	type Alias PasswordExpirationPolicyRuleCondition
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Number != 0 {
-		result.NumberPtr = Int64Ptr(a.Number)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordExpirationPolicyRuleCondition) UnmarshalJSON(data []byte) error {
-	type Alias PasswordExpirationPolicyRuleCondition
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.NumberPtr != nil {
-		a.Number = *result.NumberPtr
-		a.NumberPtr = result.NumberPtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicy.go b/okta/passwordPolicy.go
deleted file mode 100644
index 57ed3ba3f..000000000
--- a/okta/passwordPolicy.go
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type PasswordPolicy struct {
-	Embedded    interface{}               `json:"_embedded,omitempty"`
-	Links       interface{}               `json:"_links,omitempty"`
-	Conditions  *PasswordPolicyConditions `json:"conditions,omitempty"`
-	Created     *time.Time                `json:"created,omitempty"`
-	Description string                    `json:"description,omitempty"`
-	Id          string                    `json:"id,omitempty"`
-	LastUpdated *time.Time                `json:"lastUpdated,omitempty"`
-	Name        string                    `json:"name,omitempty"`
-	Priority    int64                     `json:"-"`
-	PriorityPtr *int64                    `json:"priority,omitempty"`
-	Status      string                    `json:"status,omitempty"`
-	System      *bool                     `json:"system,omitempty"`
-	Type        string                    `json:"type,omitempty"`
-	Settings    *PasswordPolicySettings   `json:"settings,omitempty"`
-}
-
-func NewPasswordPolicy() *PasswordPolicy {
-	return &PasswordPolicy{
-		Type: "PASSWORD",
-	}
-}
-
-func (a *PasswordPolicy) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordPolicy) MarshalJSON() ([]byte, error) {
-	type Alias PasswordPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordPolicy) UnmarshalJSON(data []byte) error {
-	type Alias PasswordPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicyAuthenticationProviderCondition.go b/okta/passwordPolicyAuthenticationProviderCondition.go
deleted file mode 100644
index 25718182e..000000000
--- a/okta/passwordPolicyAuthenticationProviderCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyAuthenticationProviderCondition struct {
-	Include  []string `json:"include,omitempty"`
-	Provider string   `json:"provider,omitempty"`
-}
-
-func NewPasswordPolicyAuthenticationProviderCondition() *PasswordPolicyAuthenticationProviderCondition {
-	return &PasswordPolicyAuthenticationProviderCondition{}
-}
-
-func (a *PasswordPolicyAuthenticationProviderCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyConditions.go b/okta/passwordPolicyConditions.go
deleted file mode 100644
index d35f20437..000000000
--- a/okta/passwordPolicyConditions.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyConditions struct {
-	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
-	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
-	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
-	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
-	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
-	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
-	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
-	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
-	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
-	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
-	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
-	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
-	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
-	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
-	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
-	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
-	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
-	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
-	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
-	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
-	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
-}
-
-func NewPasswordPolicyConditions() *PasswordPolicyConditions {
-	return &PasswordPolicyConditions{}
-}
-
-func (a *PasswordPolicyConditions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyDelegationSettings.go b/okta/passwordPolicyDelegationSettings.go
deleted file mode 100644
index a6be81188..000000000
--- a/okta/passwordPolicyDelegationSettings.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyDelegationSettings struct {
-	Options *PasswordPolicyDelegationSettingsOptions `json:"options,omitempty"`
-}
-
-func NewPasswordPolicyDelegationSettings() *PasswordPolicyDelegationSettings {
-	return &PasswordPolicyDelegationSettings{}
-}
-
-func (a *PasswordPolicyDelegationSettings) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyDelegationSettingsOptions.go b/okta/passwordPolicyDelegationSettingsOptions.go
deleted file mode 100644
index 9639a08d1..000000000
--- a/okta/passwordPolicyDelegationSettingsOptions.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyDelegationSettingsOptions struct {
-	SkipUnlock *bool `json:"skipUnlock,omitempty"`
-}
-
-func NewPasswordPolicyDelegationSettingsOptions() *PasswordPolicyDelegationSettingsOptions {
-	return &PasswordPolicyDelegationSettingsOptions{}
-}
-
-func (a *PasswordPolicyDelegationSettingsOptions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyPasswordSettings.go b/okta/passwordPolicyPasswordSettings.go
deleted file mode 100644
index 08e991504..000000000
--- a/okta/passwordPolicyPasswordSettings.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyPasswordSettings struct {
-	Age        *PasswordPolicyPasswordSettingsAge        `json:"age,omitempty"`
-	Complexity *PasswordPolicyPasswordSettingsComplexity `json:"complexity,omitempty"`
-	Lockout    *PasswordPolicyPasswordSettingsLockout    `json:"lockout,omitempty"`
-}
-
-func NewPasswordPolicyPasswordSettings() *PasswordPolicyPasswordSettings {
-	return &PasswordPolicyPasswordSettings{}
-}
-
-func (a *PasswordPolicyPasswordSettings) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyPasswordSettingsAge.go b/okta/passwordPolicyPasswordSettingsAge.go
deleted file mode 100644
index 7f7b0fc31..000000000
--- a/okta/passwordPolicyPasswordSettingsAge.go
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type PasswordPolicyPasswordSettingsAge struct {
-	ExpireWarnDays    int64  `json:"-"`
-	ExpireWarnDaysPtr *int64 `json:"expireWarnDays,omitempty"`
-	HistoryCount      int64  `json:"-"`
-	HistoryCountPtr   *int64 `json:"historyCount,omitempty"`
-	MaxAgeDays        int64  `json:"-"`
-	MaxAgeDaysPtr     *int64 `json:"maxAgeDays,omitempty"`
-	MinAgeMinutes     int64  `json:"-"`
-	MinAgeMinutesPtr  *int64 `json:"minAgeMinutes,omitempty"`
-}
-
-func NewPasswordPolicyPasswordSettingsAge() *PasswordPolicyPasswordSettingsAge {
-	return &PasswordPolicyPasswordSettingsAge{
-		ExpireWarnDays:    0,
-		ExpireWarnDaysPtr: Int64Ptr(0),
-		HistoryCount:      0,
-		HistoryCountPtr:   Int64Ptr(0),
-		MaxAgeDays:        0,
-		MaxAgeDaysPtr:     Int64Ptr(0),
-		MinAgeMinutes:     0,
-		MinAgeMinutesPtr:  Int64Ptr(0),
-	}
-}
-
-func (a *PasswordPolicyPasswordSettingsAge) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordPolicyPasswordSettingsAge) MarshalJSON() ([]byte, error) {
-	type Alias PasswordPolicyPasswordSettingsAge
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.ExpireWarnDays != 0 {
-		result.ExpireWarnDaysPtr = Int64Ptr(a.ExpireWarnDays)
-	}
-	if a.HistoryCount != 0 {
-		result.HistoryCountPtr = Int64Ptr(a.HistoryCount)
-	}
-	if a.MaxAgeDays != 0 {
-		result.MaxAgeDaysPtr = Int64Ptr(a.MaxAgeDays)
-	}
-	if a.MinAgeMinutes != 0 {
-		result.MinAgeMinutesPtr = Int64Ptr(a.MinAgeMinutes)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordPolicyPasswordSettingsAge) UnmarshalJSON(data []byte) error {
-	type Alias PasswordPolicyPasswordSettingsAge
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.ExpireWarnDaysPtr != nil {
-		a.ExpireWarnDays = *result.ExpireWarnDaysPtr
-		a.ExpireWarnDaysPtr = result.ExpireWarnDaysPtr
-	}
-	if result.HistoryCountPtr != nil {
-		a.HistoryCount = *result.HistoryCountPtr
-		a.HistoryCountPtr = result.HistoryCountPtr
-	}
-	if result.MaxAgeDaysPtr != nil {
-		a.MaxAgeDays = *result.MaxAgeDaysPtr
-		a.MaxAgeDaysPtr = result.MaxAgeDaysPtr
-	}
-	if result.MinAgeMinutesPtr != nil {
-		a.MinAgeMinutes = *result.MinAgeMinutesPtr
-		a.MinAgeMinutesPtr = result.MinAgeMinutesPtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicyPasswordSettingsComplexity.go b/okta/passwordPolicyPasswordSettingsComplexity.go
deleted file mode 100644
index 9fb0928a2..000000000
--- a/okta/passwordPolicyPasswordSettingsComplexity.go
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type PasswordPolicyPasswordSettingsComplexity struct {
-	Dictionary        *PasswordDictionary `json:"dictionary,omitempty"`
-	ExcludeAttributes []string            `json:"excludeAttributes,omitempty"`
-	ExcludeUsername   *bool               `json:"excludeUsername,omitempty"`
-	MinLength         int64               `json:"-"`
-	MinLengthPtr      *int64              `json:"minLength,omitempty"`
-	MinLowerCase      int64               `json:"-"`
-	MinLowerCasePtr   *int64              `json:"minLowerCase"`
-	MinNumber         int64               `json:"-"`
-	MinNumberPtr      *int64              `json:"minNumber"`
-	MinSymbol         int64               `json:"-"`
-	MinSymbolPtr      *int64              `json:"minSymbol"`
-	MinUpperCase      int64               `json:"-"`
-	MinUpperCasePtr   *int64              `json:"minUpperCase"`
-}
-
-func NewPasswordPolicyPasswordSettingsComplexity() *PasswordPolicyPasswordSettingsComplexity {
-	return &PasswordPolicyPasswordSettingsComplexity{
-		ExcludeAttributes: []string{},
-		ExcludeUsername:   boolPtr(true),
-		MinLength:         8,
-		MinLengthPtr:      Int64Ptr(8),
-		MinLowerCase:      1,
-		MinLowerCasePtr:   Int64Ptr(1),
-		MinNumber:         1,
-		MinNumberPtr:      Int64Ptr(1),
-		MinSymbol:         1,
-		MinSymbolPtr:      Int64Ptr(1),
-		MinUpperCase:      1,
-		MinUpperCasePtr:   Int64Ptr(1),
-	}
-}
-
-func (a *PasswordPolicyPasswordSettingsComplexity) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordPolicyPasswordSettingsComplexity) MarshalJSON() ([]byte, error) {
-	type Alias PasswordPolicyPasswordSettingsComplexity
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.MinLength != 0 {
-		result.MinLengthPtr = Int64Ptr(a.MinLength)
-	}
-	if a.MinLowerCase != 0 {
-		result.MinLowerCasePtr = Int64Ptr(a.MinLowerCase)
-	}
-	if a.MinNumber != 0 {
-		result.MinNumberPtr = Int64Ptr(a.MinNumber)
-	}
-	if a.MinSymbol != 0 {
-		result.MinSymbolPtr = Int64Ptr(a.MinSymbol)
-	}
-	if a.MinUpperCase != 0 {
-		result.MinUpperCasePtr = Int64Ptr(a.MinUpperCase)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordPolicyPasswordSettingsComplexity) UnmarshalJSON(data []byte) error {
-	type Alias PasswordPolicyPasswordSettingsComplexity
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.MinLengthPtr != nil {
-		a.MinLength = *result.MinLengthPtr
-		a.MinLengthPtr = result.MinLengthPtr
-	}
-	if result.MinLowerCasePtr != nil {
-		a.MinLowerCase = *result.MinLowerCasePtr
-		a.MinLowerCasePtr = result.MinLowerCasePtr
-	}
-	if result.MinNumberPtr != nil {
-		a.MinNumber = *result.MinNumberPtr
-		a.MinNumberPtr = result.MinNumberPtr
-	}
-	if result.MinSymbolPtr != nil {
-		a.MinSymbol = *result.MinSymbolPtr
-		a.MinSymbolPtr = result.MinSymbolPtr
-	}
-	if result.MinUpperCasePtr != nil {
-		a.MinUpperCase = *result.MinUpperCasePtr
-		a.MinUpperCasePtr = result.MinUpperCasePtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicyPasswordSettingsLockout.go b/okta/passwordPolicyPasswordSettingsLockout.go
deleted file mode 100644
index 09804b285..000000000
--- a/okta/passwordPolicyPasswordSettingsLockout.go
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type PasswordPolicyPasswordSettingsLockout struct {
-	AutoUnlockMinutes               int64    `json:"-"`
-	AutoUnlockMinutesPtr            *int64   `json:"autoUnlockMinutes,omitempty"`
-	MaxAttempts                     int64    `json:"-"`
-	MaxAttemptsPtr                  *int64   `json:"maxAttempts,omitempty"`
-	ShowLockoutFailures             *bool    `json:"showLockoutFailures,omitempty"`
-	UserLockoutNotificationChannels []string `json:"userLockoutNotificationChannels,omitempty"`
-}
-
-func NewPasswordPolicyPasswordSettingsLockout() *PasswordPolicyPasswordSettingsLockout {
-	return &PasswordPolicyPasswordSettingsLockout{}
-}
-
-func (a *PasswordPolicyPasswordSettingsLockout) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordPolicyPasswordSettingsLockout) MarshalJSON() ([]byte, error) {
-	type Alias PasswordPolicyPasswordSettingsLockout
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.AutoUnlockMinutes != 0 {
-		result.AutoUnlockMinutesPtr = Int64Ptr(a.AutoUnlockMinutes)
-	}
-	if a.MaxAttempts != 0 {
-		result.MaxAttemptsPtr = Int64Ptr(a.MaxAttempts)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordPolicyPasswordSettingsLockout) UnmarshalJSON(data []byte) error {
-	type Alias PasswordPolicyPasswordSettingsLockout
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.AutoUnlockMinutesPtr != nil {
-		a.AutoUnlockMinutes = *result.AutoUnlockMinutesPtr
-		a.AutoUnlockMinutesPtr = result.AutoUnlockMinutesPtr
-	}
-	if result.MaxAttemptsPtr != nil {
-		a.MaxAttempts = *result.MaxAttemptsPtr
-		a.MaxAttemptsPtr = result.MaxAttemptsPtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicyRecoveryEmail.go b/okta/passwordPolicyRecoveryEmail.go
deleted file mode 100644
index 1e1379c51..000000000
--- a/okta/passwordPolicyRecoveryEmail.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRecoveryEmail struct {
-	Properties *PasswordPolicyRecoveryEmailProperties `json:"properties,omitempty"`
-	Status     string                                 `json:"status,omitempty"`
-}
-
-func NewPasswordPolicyRecoveryEmail() *PasswordPolicyRecoveryEmail {
-	return &PasswordPolicyRecoveryEmail{}
-}
-
-func (a *PasswordPolicyRecoveryEmail) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRecoveryEmailProperties.go b/okta/passwordPolicyRecoveryEmailProperties.go
deleted file mode 100644
index a767fc9fc..000000000
--- a/okta/passwordPolicyRecoveryEmailProperties.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRecoveryEmailProperties struct {
-	RecoveryToken *PasswordPolicyRecoveryEmailRecoveryToken `json:"recoveryToken,omitempty"`
-}
-
-func NewPasswordPolicyRecoveryEmailProperties() *PasswordPolicyRecoveryEmailProperties {
-	return &PasswordPolicyRecoveryEmailProperties{}
-}
-
-func (a *PasswordPolicyRecoveryEmailProperties) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRecoveryEmailRecoveryToken.go b/okta/passwordPolicyRecoveryEmailRecoveryToken.go
deleted file mode 100644
index 5ec02c7e0..000000000
--- a/okta/passwordPolicyRecoveryEmailRecoveryToken.go
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type PasswordPolicyRecoveryEmailRecoveryToken struct {
-	TokenLifetimeMinutes    int64  `json:"-"`
-	TokenLifetimeMinutesPtr *int64 `json:"tokenLifetimeMinutes"`
-}
-
-func NewPasswordPolicyRecoveryEmailRecoveryToken() *PasswordPolicyRecoveryEmailRecoveryToken {
-	return &PasswordPolicyRecoveryEmailRecoveryToken{
-		TokenLifetimeMinutes:    10080,
-		TokenLifetimeMinutesPtr: Int64Ptr(10080),
-	}
-}
-
-func (a *PasswordPolicyRecoveryEmailRecoveryToken) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordPolicyRecoveryEmailRecoveryToken) MarshalJSON() ([]byte, error) {
-	type Alias PasswordPolicyRecoveryEmailRecoveryToken
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.TokenLifetimeMinutes != 0 {
-		result.TokenLifetimeMinutesPtr = Int64Ptr(a.TokenLifetimeMinutes)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordPolicyRecoveryEmailRecoveryToken) UnmarshalJSON(data []byte) error {
-	type Alias PasswordPolicyRecoveryEmailRecoveryToken
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.TokenLifetimeMinutesPtr != nil {
-		a.TokenLifetimeMinutes = *result.TokenLifetimeMinutesPtr
-		a.TokenLifetimeMinutesPtr = result.TokenLifetimeMinutesPtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicyRecoveryFactorSettings.go b/okta/passwordPolicyRecoveryFactorSettings.go
deleted file mode 100644
index b73d7b346..000000000
--- a/okta/passwordPolicyRecoveryFactorSettings.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRecoveryFactorSettings struct {
-	Status string `json:"status,omitempty"`
-}
-
-func NewPasswordPolicyRecoveryFactorSettings() *PasswordPolicyRecoveryFactorSettings {
-	return &PasswordPolicyRecoveryFactorSettings{
-		Status: "INACTIVE",
-	}
-}
-
-func (a *PasswordPolicyRecoveryFactorSettings) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRecoveryFactors.go b/okta/passwordPolicyRecoveryFactors.go
deleted file mode 100644
index 3decdb439..000000000
--- a/okta/passwordPolicyRecoveryFactors.go
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRecoveryFactors struct {
-	OktaCall         *PasswordPolicyRecoveryFactorSettings `json:"okta_call,omitempty"`
-	OktaEmail        *PasswordPolicyRecoveryEmail          `json:"okta_email,omitempty"`
-	OktaSms          *PasswordPolicyRecoveryFactorSettings `json:"okta_sms,omitempty"`
-	RecoveryQuestion *PasswordPolicyRecoveryQuestion       `json:"recovery_question,omitempty"`
-}
-
-func NewPasswordPolicyRecoveryFactors() *PasswordPolicyRecoveryFactors {
-	return &PasswordPolicyRecoveryFactors{}
-}
-
-func (a *PasswordPolicyRecoveryFactors) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRecoveryQuestion.go b/okta/passwordPolicyRecoveryQuestion.go
deleted file mode 100644
index dfc25ffa5..000000000
--- a/okta/passwordPolicyRecoveryQuestion.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRecoveryQuestion struct {
-	Properties *PasswordPolicyRecoveryQuestionProperties `json:"properties,omitempty"`
-	Status     string                                    `json:"status,omitempty"`
-}
-
-func NewPasswordPolicyRecoveryQuestion() *PasswordPolicyRecoveryQuestion {
-	return &PasswordPolicyRecoveryQuestion{}
-}
-
-func (a *PasswordPolicyRecoveryQuestion) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRecoveryQuestionComplexity.go b/okta/passwordPolicyRecoveryQuestionComplexity.go
deleted file mode 100644
index eed0d519d..000000000
--- a/okta/passwordPolicyRecoveryQuestionComplexity.go
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type PasswordPolicyRecoveryQuestionComplexity struct {
-	MinLength    int64  `json:"-"`
-	MinLengthPtr *int64 `json:"minLength,omitempty"`
-}
-
-func NewPasswordPolicyRecoveryQuestionComplexity() *PasswordPolicyRecoveryQuestionComplexity {
-	return &PasswordPolicyRecoveryQuestionComplexity{}
-}
-
-func (a *PasswordPolicyRecoveryQuestionComplexity) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordPolicyRecoveryQuestionComplexity) MarshalJSON() ([]byte, error) {
-	type Alias PasswordPolicyRecoveryQuestionComplexity
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.MinLength != 0 {
-		result.MinLengthPtr = Int64Ptr(a.MinLength)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordPolicyRecoveryQuestionComplexity) UnmarshalJSON(data []byte) error {
-	type Alias PasswordPolicyRecoveryQuestionComplexity
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.MinLengthPtr != nil {
-		a.MinLength = *result.MinLengthPtr
-		a.MinLengthPtr = result.MinLengthPtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicyRecoveryQuestionProperties.go b/okta/passwordPolicyRecoveryQuestionProperties.go
deleted file mode 100644
index d54bb7867..000000000
--- a/okta/passwordPolicyRecoveryQuestionProperties.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRecoveryQuestionProperties struct {
-	Complexity *PasswordPolicyRecoveryQuestionComplexity `json:"complexity,omitempty"`
-}
-
-func NewPasswordPolicyRecoveryQuestionProperties() *PasswordPolicyRecoveryQuestionProperties {
-	return &PasswordPolicyRecoveryQuestionProperties{}
-}
-
-func (a *PasswordPolicyRecoveryQuestionProperties) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRecoverySettings.go b/okta/passwordPolicyRecoverySettings.go
deleted file mode 100644
index 9032ecc81..000000000
--- a/okta/passwordPolicyRecoverySettings.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRecoverySettings struct {
-	Factors *PasswordPolicyRecoveryFactors `json:"factors,omitempty"`
-}
-
-func NewPasswordPolicyRecoverySettings() *PasswordPolicyRecoverySettings {
-	return &PasswordPolicyRecoverySettings{}
-}
-
-func (a *PasswordPolicyRecoverySettings) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRule.go b/okta/passwordPolicyRule.go
deleted file mode 100644
index 440d25f63..000000000
--- a/okta/passwordPolicyRule.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type PasswordPolicyRule struct {
-	Actions     *PasswordPolicyRuleActions    `json:"actions,omitempty"`
-	Conditions  *PasswordPolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time                    `json:"created,omitempty"`
-	Id          string                        `json:"id,omitempty"`
-	LastUpdated *time.Time                    `json:"lastUpdated,omitempty"`
-	Name        string                        `json:"name,omitempty"`
-	Priority    int64                         `json:"-"`
-	PriorityPtr *int64                        `json:"priority,omitempty"`
-	Status      string                        `json:"status,omitempty"`
-	System      *bool                         `json:"system,omitempty"`
-	Type        string                        `json:"type,omitempty"`
-}
-
-func NewPasswordPolicyRule() *PasswordPolicyRule {
-	return &PasswordPolicyRule{
-		Status: "ACTIVE",
-		System: boolPtr(false),
-		Type:   "PASSWORD",
-	}
-}
-
-func (a *PasswordPolicyRule) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *PasswordPolicyRule) MarshalJSON() ([]byte, error) {
-	type Alias PasswordPolicyRule
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PasswordPolicyRule) UnmarshalJSON(data []byte) error {
-	type Alias PasswordPolicyRule
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/passwordPolicyRuleAction.go b/okta/passwordPolicyRuleAction.go
deleted file mode 100644
index c267fbf13..000000000
--- a/okta/passwordPolicyRuleAction.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRuleAction struct {
-	Access string `json:"access,omitempty"`
-}
-
-func NewPasswordPolicyRuleAction() *PasswordPolicyRuleAction {
-	return &PasswordPolicyRuleAction{}
-}
-
-func (a *PasswordPolicyRuleAction) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRuleActions.go b/okta/passwordPolicyRuleActions.go
deleted file mode 100644
index bccf60a16..000000000
--- a/okta/passwordPolicyRuleActions.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRuleActions struct {
-	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
-	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
-	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
-	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
-	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
-	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
-}
-
-func NewPasswordPolicyRuleActions() *PasswordPolicyRuleActions {
-	return &PasswordPolicyRuleActions{}
-}
-
-func (a *PasswordPolicyRuleActions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicyRuleConditions.go b/okta/passwordPolicyRuleConditions.go
deleted file mode 100644
index 3f962c5c4..000000000
--- a/okta/passwordPolicyRuleConditions.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicyRuleConditions struct {
-	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
-	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
-	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
-	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
-	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
-	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
-	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
-	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
-	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
-	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
-	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
-	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
-	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
-	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
-	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
-	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
-	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
-	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
-	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
-	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
-	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
-}
-
-func NewPasswordPolicyRuleConditions() *PasswordPolicyRuleConditions {
-	return &PasswordPolicyRuleConditions{}
-}
-
-func (a *PasswordPolicyRuleConditions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordPolicySettings.go b/okta/passwordPolicySettings.go
deleted file mode 100644
index 79bab063a..000000000
--- a/okta/passwordPolicySettings.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordPolicySettings struct {
-	Delegation *PasswordPolicyDelegationSettings `json:"delegation,omitempty"`
-	Password   *PasswordPolicyPasswordSettings   `json:"password,omitempty"`
-	Recovery   *PasswordPolicyRecoverySettings   `json:"recovery,omitempty"`
-}
-
-func NewPasswordPolicySettings() *PasswordPolicySettings {
-	return &PasswordPolicySettings{}
-}
-
-func (a *PasswordPolicySettings) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/passwordSettingObject.go b/okta/passwordSettingObject.go
deleted file mode 100644
index fc720fd0e..000000000
--- a/okta/passwordSettingObject.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PasswordSettingObject struct {
-	Change string `json:"change,omitempty"`
-	Seed   string `json:"seed,omitempty"`
-	Status string `json:"status,omitempty"`
-}
-
-func NewPasswordSettingObject() *PasswordSettingObject {
-	return &PasswordSettingObject{}
-}
-
-func (a *PasswordSettingObject) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/platformConditionEvaluatorPlatform.go b/okta/platformConditionEvaluatorPlatform.go
deleted file mode 100644
index 90894135a..000000000
--- a/okta/platformConditionEvaluatorPlatform.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PlatformConditionEvaluatorPlatform struct {
-	Os   *PlatformConditionEvaluatorPlatformOperatingSystem `json:"os,omitempty"`
-	Type string                                             `json:"type,omitempty"`
-}
-
-func NewPlatformConditionEvaluatorPlatform() *PlatformConditionEvaluatorPlatform {
-	return &PlatformConditionEvaluatorPlatform{}
-}
-
-func (a *PlatformConditionEvaluatorPlatform) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/platformConditionEvaluatorPlatformOperatingSystem.go b/okta/platformConditionEvaluatorPlatformOperatingSystem.go
deleted file mode 100644
index 924ed10b5..000000000
--- a/okta/platformConditionEvaluatorPlatformOperatingSystem.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PlatformConditionEvaluatorPlatformOperatingSystem struct {
-	Expression string                                                    `json:"expression,omitempty"`
-	Type       string                                                    `json:"type,omitempty"`
-	Version    *PlatformConditionEvaluatorPlatformOperatingSystemVersion `json:"version,omitempty"`
-}
-
-func NewPlatformConditionEvaluatorPlatformOperatingSystem() *PlatformConditionEvaluatorPlatformOperatingSystem {
-	return &PlatformConditionEvaluatorPlatformOperatingSystem{}
-}
-
-func (a *PlatformConditionEvaluatorPlatformOperatingSystem) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/platformConditionEvaluatorPlatformOperatingSystemVersion.go b/okta/platformConditionEvaluatorPlatformOperatingSystemVersion.go
deleted file mode 100644
index be10afc83..000000000
--- a/okta/platformConditionEvaluatorPlatformOperatingSystemVersion.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PlatformConditionEvaluatorPlatformOperatingSystemVersion struct {
-	MatchType string `json:"matchType,omitempty"`
-	Value     string `json:"value,omitempty"`
-}
-
-func NewPlatformConditionEvaluatorPlatformOperatingSystemVersion() *PlatformConditionEvaluatorPlatformOperatingSystemVersion {
-	return &PlatformConditionEvaluatorPlatformOperatingSystemVersion{}
-}
-
-func (a *PlatformConditionEvaluatorPlatformOperatingSystemVersion) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/platformPolicyRuleCondition.go b/okta/platformPolicyRuleCondition.go
deleted file mode 100644
index 524fd5635..000000000
--- a/okta/platformPolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PlatformPolicyRuleCondition struct {
-	Exclude []*PlatformConditionEvaluatorPlatform `json:"exclude,omitempty"`
-	Include []*PlatformConditionEvaluatorPlatform `json:"include,omitempty"`
-}
-
-func NewPlatformPolicyRuleCondition() *PlatformPolicyRuleCondition {
-	return &PlatformPolicyRuleCondition{}
-}
-
-func (a *PlatformPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policy.go b/okta/policy.go
deleted file mode 100644
index 77ae1d38e..000000000
--- a/okta/policy.go
+++ /dev/null
@@ -1,383 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type Policies interface {
-	IsPolicyInstance() bool
-}
-
-type PolicyResource resource
-
-type Policy struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Conditions  *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	Description string                `json:"description,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Name        string                `json:"name,omitempty"`
-	Priority    int64                 `json:"-"`
-	PriorityPtr *int64                `json:"priority,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	System      *bool                 `json:"system,omitempty"`
-	Type        string                `json:"type,omitempty"`
-}
-
-func NewPolicy() *Policy {
-	return &Policy{}
-}
-
-func (a *Policy) IsPolicyInstance() bool {
-	return true
-}
-
-// Gets a policy.
-func (m *PolicyResource) GetPolicy(ctx context.Context, policyId string, policyInstance Policies, qp *query.Params) (Policies, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v", policyId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	policy := policyInstance
-
-	resp, err := rq.Do(ctx, req, &policy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policy, resp, nil
-}
-
-// Updates a policy.
-func (m *PolicyResource) UpdatePolicy(ctx context.Context, policyId string, body Policies) (Policies, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v", policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	policy := body
-
-	resp, err := rq.Do(ctx, req, &policy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policy, resp, nil
-}
-
-// Removes a policy.
-func (m *PolicyResource) DeletePolicy(ctx context.Context, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v", policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets all policies with the specified type.
-func (m *PolicyResource) ListPolicies(ctx context.Context, qp *query.Params) ([]Policies, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var policy []Policy
-
-	resp, err := rq.Do(ctx, req, &policy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	policies := make([]Policies, len(policy))
-	for i := range policy {
-		policies[i] = &policy[i]
-	}
-	return policies, resp, nil
-}
-
-// Creates a policy.
-func (m *PolicyResource) CreatePolicy(ctx context.Context, body Policies, qp *query.Params) (Policies, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	policy := body
-
-	resp, err := rq.Do(ctx, req, &policy)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policy, resp, nil
-}
-
-// Activates a policy.
-func (m *PolicyResource) ActivatePolicy(ctx context.Context, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/lifecycle/activate", policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Deactivates a policy.
-func (m *PolicyResource) DeactivatePolicy(ctx context.Context, policyId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/lifecycle/deactivate", policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates all policy rules.
-func (m *PolicyResource) ListPolicyRules(ctx context.Context, policyId string) ([]*PolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules", policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var policyRule []*PolicyRule
-
-	resp, err := rq.Do(ctx, req, &policyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policyRule, resp, nil
-}
-
-// Creates a policy rule.
-func (m *PolicyResource) CreatePolicyRule(ctx context.Context, policyId string, body PolicyRule) (*PolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules", policyId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var policyRule *PolicyRule
-
-	resp, err := rq.Do(ctx, req, &policyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policyRule, resp, nil
-}
-
-// Removes a policy rule.
-func (m *PolicyResource) DeletePolicyRule(ctx context.Context, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules/%v", policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets a policy rule.
-func (m *PolicyResource) GetPolicyRule(ctx context.Context, policyId string, ruleId string) (*PolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules/%v", policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var policyRule *PolicyRule
-
-	resp, err := rq.Do(ctx, req, &policyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policyRule, resp, nil
-}
-
-// Updates a policy rule.
-func (m *PolicyResource) UpdatePolicyRule(ctx context.Context, policyId string, ruleId string, body PolicyRule) (*PolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules/%v", policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var policyRule *PolicyRule
-
-	resp, err := rq.Do(ctx, req, &policyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policyRule, resp, nil
-}
-
-// Activates a policy rule.
-func (m *PolicyResource) ActivatePolicyRule(ctx context.Context, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules/%v/lifecycle/activate", policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Deactivates a policy rule.
-func (m *PolicyResource) DeactivatePolicyRule(ctx context.Context, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules/%v/lifecycle/deactivate", policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (a *Policy) MarshalJSON() ([]byte, error) {
-	type Alias Policy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *Policy) UnmarshalJSON(data []byte) error {
-	type Alias Policy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/policyAccountLink.go b/okta/policyAccountLink.go
deleted file mode 100644
index b68c929b2..000000000
--- a/okta/policyAccountLink.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyAccountLink struct {
-	Action string                   `json:"action,omitempty"`
-	Filter *PolicyAccountLinkFilter `json:"filter,omitempty"`
-}
-
-func NewPolicyAccountLink() *PolicyAccountLink {
-	return &PolicyAccountLink{}
-}
-
-func (a *PolicyAccountLink) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyAccountLinkFilter.go b/okta/policyAccountLinkFilter.go
deleted file mode 100644
index 00c176440..000000000
--- a/okta/policyAccountLinkFilter.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyAccountLinkFilter struct {
-	Groups *PolicyAccountLinkFilterGroups `json:"groups,omitempty"`
-}
-
-func NewPolicyAccountLinkFilter() *PolicyAccountLinkFilter {
-	return &PolicyAccountLinkFilter{}
-}
-
-func (a *PolicyAccountLinkFilter) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyAccountLinkFilterGroups.go b/okta/policyAccountLinkFilterGroups.go
deleted file mode 100644
index ad9ef1ed6..000000000
--- a/okta/policyAccountLinkFilterGroups.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyAccountLinkFilterGroups struct {
-	Include []string `json:"include,omitempty"`
-}
-
-func NewPolicyAccountLinkFilterGroups() *PolicyAccountLinkFilterGroups {
-	return &PolicyAccountLinkFilterGroups{}
-}
-
-func (a *PolicyAccountLinkFilterGroups) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyNetworkCondition.go b/okta/policyNetworkCondition.go
deleted file mode 100644
index c3a3cc5cd..000000000
--- a/okta/policyNetworkCondition.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyNetworkCondition struct {
-	Connection string   `json:"connection,omitempty"`
-	Exclude    []string `json:"exclude,omitempty"`
-	Include    []string `json:"include,omitempty"`
-}
-
-func NewPolicyNetworkCondition() *PolicyNetworkCondition {
-	return &PolicyNetworkCondition{}
-}
-
-func (a *PolicyNetworkCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyPeopleCondition.go b/okta/policyPeopleCondition.go
deleted file mode 100644
index 5380cebcb..000000000
--- a/okta/policyPeopleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyPeopleCondition struct {
-	Groups *GroupCondition `json:"groups,omitempty"`
-	Users  *UserCondition  `json:"users,omitempty"`
-}
-
-func NewPolicyPeopleCondition() *PolicyPeopleCondition {
-	return &PolicyPeopleCondition{}
-}
-
-func (a *PolicyPeopleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyRule.go b/okta/policyRule.go
deleted file mode 100644
index 1ad6ea2f0..000000000
--- a/okta/policyRule.go
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"time"
-)
-
-type PolicyRuleResource resource
-
-type PolicyRule struct {
-	Actions     *PolicyRuleActions    `json:"actions,omitempty"`
-	Conditions  *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Name        string                `json:"name,omitempty"`
-	Priority    int64                 `json:"-"`
-	PriorityPtr *int64                `json:"priority,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	System      *bool                 `json:"system,omitempty"`
-	Type        string                `json:"type,omitempty"`
-}
-
-func NewPolicyRule() *PolicyRule {
-	return &PolicyRule{
-		Status: "ACTIVE",
-		System: boolPtr(false),
-	}
-}
-
-func (a *PolicyRule) IsPolicyInstance() bool {
-	return true
-}
-
-// Updates a policy rule.
-func (m *PolicyRuleResource) UpdatePolicyRule(ctx context.Context, policyId string, ruleId string, body PolicyRule) (*PolicyRule, *Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules/%v", policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var policyRule *PolicyRule
-
-	resp, err := rq.Do(ctx, req, &policyRule)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return policyRule, resp, nil
-}
-
-// Removes a policy rule.
-func (m *PolicyRuleResource) DeletePolicyRule(ctx context.Context, policyId string, ruleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/policies/%v/rules/%v", policyId, ruleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (a *PolicyRule) MarshalJSON() ([]byte, error) {
-	type Alias PolicyRule
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *PolicyRule) UnmarshalJSON(data []byte) error {
-	type Alias PolicyRule
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/policyRuleActions.go b/okta/policyRuleActions.go
deleted file mode 100644
index 60440528f..000000000
--- a/okta/policyRuleActions.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyRuleActions struct {
-	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
-	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
-	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
-	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
-	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
-	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
-}
-
-func NewPolicyRuleActions() *PolicyRuleActions {
-	return &PolicyRuleActions{}
-}
-
-func (a *PolicyRuleActions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyRuleActionsEnroll.go b/okta/policyRuleActionsEnroll.go
deleted file mode 100644
index a3f183083..000000000
--- a/okta/policyRuleActionsEnroll.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyRuleActionsEnroll struct {
-	Self string `json:"self,omitempty"`
-}
-
-func NewPolicyRuleActionsEnroll() *PolicyRuleActionsEnroll {
-	return &PolicyRuleActionsEnroll{}
-}
-
-func (a *PolicyRuleActionsEnroll) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyRuleActionsEnrollSelf.go b/okta/policyRuleActionsEnrollSelf.go
deleted file mode 100644
index 7543e738b..000000000
--- a/okta/policyRuleActionsEnrollSelf.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyRuleActionsEnrollSelf string
diff --git a/okta/policyRuleAuthContextCondition.go b/okta/policyRuleAuthContextCondition.go
deleted file mode 100644
index 63743b14a..000000000
--- a/okta/policyRuleAuthContextCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyRuleAuthContextCondition struct {
-	AuthType string `json:"authType,omitempty"`
-}
-
-func NewPolicyRuleAuthContextCondition() *PolicyRuleAuthContextCondition {
-	return &PolicyRuleAuthContextCondition{}
-}
-
-func (a *PolicyRuleAuthContextCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policyRuleConditions.go b/okta/policyRuleConditions.go
deleted file mode 100644
index 96702a9d8..000000000
--- a/okta/policyRuleConditions.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyRuleConditions struct {
-	App                   *AppAndInstancePolicyRuleCondition             `json:"app,omitempty"`
-	Apps                  *AppInstancePolicyRuleCondition                `json:"apps,omitempty"`
-	AuthContext           *PolicyRuleAuthContextCondition                `json:"authContext,omitempty"`
-	AuthProvider          *PasswordPolicyAuthenticationProviderCondition `json:"authProvider,omitempty"`
-	BeforeScheduledAction *BeforeScheduledActionPolicyRuleCondition      `json:"beforeScheduledAction,omitempty"`
-	Clients               *ClientPolicyCondition                         `json:"clients,omitempty"`
-	Context               *ContextPolicyRuleCondition                    `json:"context,omitempty"`
-	Device                *DevicePolicyRuleCondition                     `json:"device,omitempty"`
-	GrantTypes            *GrantTypePolicyRuleCondition                  `json:"grantTypes,omitempty"`
-	Groups                *GroupPolicyRuleCondition                      `json:"groups,omitempty"`
-	IdentityProvider      *IdentityProviderPolicyRuleCondition           `json:"identityProvider,omitempty"`
-	MdmEnrollment         *MDMEnrollmentPolicyRuleCondition              `json:"mdmEnrollment,omitempty"`
-	Network               *PolicyNetworkCondition                        `json:"network,omitempty"`
-	People                *PolicyPeopleCondition                         `json:"people,omitempty"`
-	Platform              *PlatformPolicyRuleCondition                   `json:"platform,omitempty"`
-	Risk                  *RiskPolicyRuleCondition                       `json:"risk,omitempty"`
-	RiskScore             *RiskScorePolicyRuleCondition                  `json:"riskScore,omitempty"`
-	Scopes                *OAuth2ScopesMediationPolicyRuleCondition      `json:"scopes,omitempty"`
-	UserIdentifier        *UserIdentifierPolicyRuleCondition             `json:"userIdentifier,omitempty"`
-	UserStatus            *UserStatusPolicyRuleCondition                 `json:"userStatus,omitempty"`
-	Users                 *UserPolicyRuleCondition                       `json:"users,omitempty"`
-}
-
-func NewPolicyRuleConditions() *PolicyRuleConditions {
-	return &PolicyRuleConditions{}
-}
-
-func (a *PolicyRuleConditions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policySubject.go b/okta/policySubject.go
deleted file mode 100644
index cbc0c01fb..000000000
--- a/okta/policySubject.go
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicySubject struct {
-	Filter           string                  `json:"filter,omitempty"`
-	Format           []string                `json:"format,omitempty"`
-	MatchAttribute   string                  `json:"matchAttribute,omitempty"`
-	MatchType        string                  `json:"matchType,omitempty"`
-	UserNameTemplate *PolicyUserNameTemplate `json:"userNameTemplate,omitempty"`
-}
-
-func NewPolicySubject() *PolicySubject {
-	return &PolicySubject{}
-}
-
-func (a *PolicySubject) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/policySubjectMatchType.go b/okta/policySubjectMatchType.go
deleted file mode 100644
index e685660dd..000000000
--- a/okta/policySubjectMatchType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicySubjectMatchType string
diff --git a/okta/policyType.go b/okta/policyType.go
deleted file mode 100644
index 18dad0989..000000000
--- a/okta/policyType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyType string
diff --git a/okta/policyUserNameTemplate.go b/okta/policyUserNameTemplate.go
deleted file mode 100644
index 5339b6166..000000000
--- a/okta/policyUserNameTemplate.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PolicyUserNameTemplate struct {
-	Template string `json:"template,omitempty"`
-}
-
-func NewPolicyUserNameTemplate() *PolicyUserNameTemplate {
-	return &PolicyUserNameTemplate{}
-}
-
-func (a *PolicyUserNameTemplate) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/possessionConstraint.go b/okta/possessionConstraint.go
deleted file mode 100644
index 7900c38a1..000000000
--- a/okta/possessionConstraint.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PossessionConstraint struct {
-	Methods            []string `json:"methods,omitempty"`
-	ReauthenticateIn   string   `json:"reauthenticateIn,omitempty"`
-	Types              []string `json:"types,omitempty"`
-	DeviceBound        string   `json:"deviceBound,omitempty"`
-	HardwareProtection string   `json:"hardwareProtection,omitempty"`
-	PhishingResistant  string   `json:"phishingResistant,omitempty"`
-	UserPresence       string   `json:"userPresence,omitempty"`
-}
-
-func NewPossessionConstraint() *PossessionConstraint {
-	return &PossessionConstraint{}
-}
-
-func (a *PossessionConstraint) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/preRegistrationInlineHook.go b/okta/preRegistrationInlineHook.go
deleted file mode 100644
index b704590da..000000000
--- a/okta/preRegistrationInlineHook.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PreRegistrationInlineHook struct {
-	InlineHookId string `json:"inlineHookId,omitempty"`
-}
-
-func NewPreRegistrationInlineHook() *PreRegistrationInlineHook {
-	return &PreRegistrationInlineHook{}
-}
-
-func (a *PreRegistrationInlineHook) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/private_key_test.go b/okta/private_key_test.go
new file mode 100644
index 000000000..0ec3731a6
--- /dev/null
+++ b/okta/private_key_test.go
@@ -0,0 +1,42 @@
+package okta
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_Private_Key_Request_Can_Create_User(t *testing.T) {
+	if os.Getenv("OKTA_CCI") != "yes" {
+		t.Skip("Skipping testing not in CI environment")
+	}
+	configuration := NewConfiguration(WithAuthorizationMode("PrivateKey"), WithScopes([]string{"okta.users.manage"}))
+	client := NewAPIClient(configuration)
+	uc := testFactory.NewValidTestUserCredentialsWithPassword()
+	profile := testFactory.NewValidTestUserProfile()
+	body := CreateUserRequest{Credentials: uc, Profile: profile}
+	user, _, err := client.UserApi.CreateUser(apiClient.cfg.Context).Body(body).Execute()
+	require.NoError(t, err, "Creating a new user should not error")
+	assert.NotNil(t, user, "User should not be nil")
+}
+
+func Test_JWT_Request_Can_Create_User(t *testing.T) {
+	if os.Getenv("OKTA_CCI") != "yes" {
+		t.Skip("Skipping testing not in CI environment")
+	}
+	configuration := NewConfiguration(WithAuthorizationMode("JWT"), WithScopes([]string{"okta.users.manage"}))
+	privateKeySigner, err := createKeySigner(configuration.Okta.Client.PrivateKey, configuration.Okta.Client.PrivateKeyId)
+	require.NoError(t, err)
+	clientAssertion, err := createClientAssertion(configuration.Okta.Client.OrgUrl, configuration.Okta.Client.ClientId, privateKeySigner)
+	require.NoError(t, err)
+	configuration.Okta.Client.ClientAssertion = clientAssertion
+	client := NewAPIClient(configuration)
+	uc := testFactory.NewValidTestUserCredentialsWithPassword()
+	profile := testFactory.NewValidTestUserProfile()
+	body := CreateUserRequest{Credentials: uc, Profile: profile}
+	user, _, err := client.UserApi.CreateUser(apiClient.cfg.Context).Body(body).Execute()
+	require.NoError(t, err, "Creating a new user should not error")
+	assert.NotNil(t, user, "User should not be nil")
+}
diff --git a/okta/profileEnrollmentPolicy.go b/okta/profileEnrollmentPolicy.go
deleted file mode 100644
index 019a59537..000000000
--- a/okta/profileEnrollmentPolicy.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type ProfileEnrollmentPolicy struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Conditions  *PolicyRuleConditions `json:"conditions,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	Description string                `json:"description,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Name        string                `json:"name,omitempty"`
-	Priority    int64                 `json:"-"`
-	PriorityPtr *int64                `json:"priority,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	System      *bool                 `json:"system,omitempty"`
-	Type        string                `json:"type,omitempty"`
-}
-
-func NewProfileEnrollmentPolicy() *ProfileEnrollmentPolicy {
-	return &ProfileEnrollmentPolicy{
-		Type: "PROFILE_ENROLLMENT",
-	}
-}
-
-func (a *ProfileEnrollmentPolicy) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *ProfileEnrollmentPolicy) MarshalJSON() ([]byte, error) {
-	type Alias ProfileEnrollmentPolicy
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *ProfileEnrollmentPolicy) UnmarshalJSON(data []byte) error {
-	type Alias ProfileEnrollmentPolicy
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/profileEnrollmentPolicyRule.go b/okta/profileEnrollmentPolicyRule.go
deleted file mode 100644
index 6ac611aa5..000000000
--- a/okta/profileEnrollmentPolicyRule.go
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type ProfileEnrollmentPolicyRule struct {
-	Actions     *ProfileEnrollmentPolicyRuleActions `json:"actions,omitempty"`
-	Conditions  *PolicyRuleConditions               `json:"conditions,omitempty"`
-	Created     *time.Time                          `json:"created,omitempty"`
-	Id          string                              `json:"id,omitempty"`
-	LastUpdated *time.Time                          `json:"lastUpdated,omitempty"`
-	Name        string                              `json:"name,omitempty"`
-	Priority    int64                               `json:"-"`
-	PriorityPtr *int64                              `json:"priority,omitempty"`
-	Status      string                              `json:"status,omitempty"`
-	System      *bool                               `json:"system,omitempty"`
-	Type        string                              `json:"type,omitempty"`
-}
-
-func NewProfileEnrollmentPolicyRule() *ProfileEnrollmentPolicyRule {
-	return &ProfileEnrollmentPolicyRule{
-		Status: "ACTIVE",
-		System: boolPtr(false),
-		Type:   "PROFILE_ENROLLMENT",
-	}
-}
-
-func (a *ProfileEnrollmentPolicyRule) IsPolicyInstance() bool {
-	return true
-}
-
-func (a *ProfileEnrollmentPolicyRule) MarshalJSON() ([]byte, error) {
-	type Alias ProfileEnrollmentPolicyRule
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.Priority != 0 {
-		result.PriorityPtr = Int64Ptr(a.Priority)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *ProfileEnrollmentPolicyRule) UnmarshalJSON(data []byte) error {
-	type Alias ProfileEnrollmentPolicyRule
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.PriorityPtr != nil {
-		a.Priority = *result.PriorityPtr
-		a.PriorityPtr = result.PriorityPtr
-	}
-	return nil
-}
diff --git a/okta/profileEnrollmentPolicyRuleAction.go b/okta/profileEnrollmentPolicyRuleAction.go
deleted file mode 100644
index c27332966..000000000
--- a/okta/profileEnrollmentPolicyRuleAction.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileEnrollmentPolicyRuleAction struct {
-	Access                     string                                            `json:"access,omitempty"`
-	ActivationRequirements     *ProfileEnrollmentPolicyRuleActivationRequirement `json:"activationRequirements,omitempty"`
-	PreRegistrationInlineHooks []*PreRegistrationInlineHook                      `json:"preRegistrationInlineHooks,omitempty"`
-	ProfileAttributes          []*ProfileEnrollmentPolicyRuleProfileAttribute    `json:"profileAttributes,omitempty"`
-	TargetGroupIds             []string                                          `json:"targetGroupIds,omitempty"`
-	UiSchemaId                 string                                            `json:"uiSchemaId,omitempty"`
-	UnknownUserAction          string                                            `json:"unknownUserAction,omitempty"`
-}
-
-func NewProfileEnrollmentPolicyRuleAction() *ProfileEnrollmentPolicyRuleAction {
-	return &ProfileEnrollmentPolicyRuleAction{}
-}
-
-func (a *ProfileEnrollmentPolicyRuleAction) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/profileEnrollmentPolicyRuleActions.go b/okta/profileEnrollmentPolicyRuleActions.go
deleted file mode 100644
index b2a46bf9d..000000000
--- a/okta/profileEnrollmentPolicyRuleActions.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileEnrollmentPolicyRuleActions struct {
-	Enroll                   *PolicyRuleActionsEnroll           `json:"enroll,omitempty"`
-	Idp                      *IdpPolicyRuleAction               `json:"idp,omitempty"`
-	PasswordChange           *PasswordPolicyRuleAction          `json:"passwordChange,omitempty"`
-	SelfServicePasswordReset *PasswordPolicyRuleAction          `json:"selfServicePasswordReset,omitempty"`
-	SelfServiceUnlock        *PasswordPolicyRuleAction          `json:"selfServiceUnlock,omitempty"`
-	Signon                   *OktaSignOnPolicyRuleSignonActions `json:"signon,omitempty"`
-	ProfileEnrollment        *ProfileEnrollmentPolicyRuleAction `json:"profileEnrollment,omitempty"`
-}
-
-func NewProfileEnrollmentPolicyRuleActions() *ProfileEnrollmentPolicyRuleActions {
-	return &ProfileEnrollmentPolicyRuleActions{}
-}
-
-func (a *ProfileEnrollmentPolicyRuleActions) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/profileEnrollmentPolicyRuleActivationRequirement.go b/okta/profileEnrollmentPolicyRuleActivationRequirement.go
deleted file mode 100644
index b0fb8b2eb..000000000
--- a/okta/profileEnrollmentPolicyRuleActivationRequirement.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileEnrollmentPolicyRuleActivationRequirement struct {
-	EmailVerification *bool `json:"emailVerification,omitempty"`
-}
-
-func NewProfileEnrollmentPolicyRuleActivationRequirement() *ProfileEnrollmentPolicyRuleActivationRequirement {
-	return &ProfileEnrollmentPolicyRuleActivationRequirement{}
-}
-
-func (a *ProfileEnrollmentPolicyRuleActivationRequirement) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/profileEnrollmentPolicyRuleProfileAttribute.go b/okta/profileEnrollmentPolicyRuleProfileAttribute.go
deleted file mode 100644
index b29c92565..000000000
--- a/okta/profileEnrollmentPolicyRuleProfileAttribute.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileEnrollmentPolicyRuleProfileAttribute struct {
-	Label    string `json:"label,omitempty"`
-	Name     string `json:"name,omitempty"`
-	Required *bool  `json:"required,omitempty"`
-}
-
-func NewProfileEnrollmentPolicyRuleProfileAttribute() *ProfileEnrollmentPolicyRuleProfileAttribute {
-	return &ProfileEnrollmentPolicyRuleProfileAttribute{}
-}
-
-func (a *ProfileEnrollmentPolicyRuleProfileAttribute) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/profileMapping.go b/okta/profileMapping.go
deleted file mode 100644
index ab919da50..000000000
--- a/okta/profileMapping.go
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type ProfileMappingResource resource
-
-type ProfileMapping struct {
-	Links      interface{}                        `json:"_links,omitempty"`
-	Id         string                             `json:"id,omitempty"`
-	Properties map[string]*ProfileMappingProperty `json:"properties,omitempty"`
-	Source     *ProfileMappingSource              `json:"source,omitempty"`
-	Target     *ProfileMappingSource              `json:"target,omitempty"`
-}
-
-// Fetches a single Profile Mapping referenced by its ID.
-func (m *ProfileMappingResource) GetProfileMapping(ctx context.Context, mappingId string) (*ProfileMapping, *Response, error) {
-	url := fmt.Sprintf("/api/v1/mappings/%v", mappingId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var profileMapping *ProfileMapping
-
-	resp, err := rq.Do(ctx, req, &profileMapping)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return profileMapping, resp, nil
-}
-
-// Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.
-func (m *ProfileMappingResource) UpdateProfileMapping(ctx context.Context, mappingId string, body ProfileMapping) (*ProfileMapping, *Response, error) {
-	url := fmt.Sprintf("/api/v1/mappings/%v", mappingId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var profileMapping *ProfileMapping
-
-	resp, err := rq.Do(ctx, req, &profileMapping)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return profileMapping, resp, nil
-}
-
-// Enumerates Profile Mappings in your organization with pagination.
-func (m *ProfileMappingResource) ListProfileMappings(ctx context.Context, qp *query.Params) ([]*ProfileMapping, *Response, error) {
-	url := fmt.Sprintf("/api/v1/mappings")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var profileMapping []*ProfileMapping
-
-	resp, err := rq.Do(ctx, req, &profileMapping)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return profileMapping, resp, nil
-}
diff --git a/okta/profileMappingProperty.go b/okta/profileMappingProperty.go
deleted file mode 100644
index 3ac74acdd..000000000
--- a/okta/profileMappingProperty.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileMappingProperty struct {
-	Expression string `json:"expression,omitempty"`
-	PushStatus string `json:"pushStatus,omitempty"`
-}
diff --git a/okta/profileMappingPropertyPushStatus.go b/okta/profileMappingPropertyPushStatus.go
deleted file mode 100644
index a0038165a..000000000
--- a/okta/profileMappingPropertyPushStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileMappingPropertyPushStatus string
diff --git a/okta/profileMappingSource.go b/okta/profileMappingSource.go
deleted file mode 100644
index f62a039c1..000000000
--- a/okta/profileMappingSource.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileMappingSource struct {
-	Links interface{} `json:"_links,omitempty"`
-	Id    string      `json:"id,omitempty"`
-	Name  string      `json:"name,omitempty"`
-	Type  string      `json:"type,omitempty"`
-}
diff --git a/okta/profileSettingObject.go b/okta/profileSettingObject.go
deleted file mode 100644
index e118a5969..000000000
--- a/okta/profileSettingObject.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProfileSettingObject struct {
-	Status string `json:"status,omitempty"`
-}
-
-func NewProfileSettingObject() *ProfileSettingObject {
-	return &ProfileSettingObject{}
-}
-
-func (a *ProfileSettingObject) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/protocol.go b/okta/protocol.go
deleted file mode 100644
index 1de13dcd2..000000000
--- a/okta/protocol.go
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type Protocol struct {
-	Algorithms  *ProtocolAlgorithms          `json:"algorithms,omitempty"`
-	Credentials *IdentityProviderCredentials `json:"credentials,omitempty"`
-	Endpoints   *ProtocolEndpoints           `json:"endpoints,omitempty"`
-	Issuer      *ProtocolEndpoint            `json:"issuer,omitempty"`
-	RelayState  *ProtocolRelayState          `json:"relayState,omitempty"`
-	Scopes      []string                     `json:"scopes,omitempty"`
-	Settings    *ProtocolSettings            `json:"settings,omitempty"`
-	Type        string                       `json:"type,omitempty"`
-}
diff --git a/okta/protocolAlgorithmType.go b/okta/protocolAlgorithmType.go
deleted file mode 100644
index bbd6df186..000000000
--- a/okta/protocolAlgorithmType.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolAlgorithmType struct {
-	Signature *ProtocolAlgorithmTypeSignature `json:"signature,omitempty"`
-}
diff --git a/okta/protocolAlgorithmTypeSignature.go b/okta/protocolAlgorithmTypeSignature.go
deleted file mode 100644
index 5f0999002..000000000
--- a/okta/protocolAlgorithmTypeSignature.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolAlgorithmTypeSignature struct {
-	Algorithm string `json:"algorithm,omitempty"`
-	Scope     string `json:"scope,omitempty"`
-}
diff --git a/okta/protocolAlgorithms.go b/okta/protocolAlgorithms.go
deleted file mode 100644
index a66008a06..000000000
--- a/okta/protocolAlgorithms.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolAlgorithms struct {
-	Request  *ProtocolAlgorithmType `json:"request,omitempty"`
-	Response *ProtocolAlgorithmType `json:"response,omitempty"`
-}
diff --git a/okta/protocolEndpoint.go b/okta/protocolEndpoint.go
deleted file mode 100644
index d4119041e..000000000
--- a/okta/protocolEndpoint.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolEndpoint struct {
-	Binding     string `json:"binding,omitempty"`
-	Destination string `json:"destination,omitempty"`
-	Type        string `json:"type,omitempty"`
-	Url         string `json:"url,omitempty"`
-}
diff --git a/okta/protocolEndpoints.go b/okta/protocolEndpoints.go
deleted file mode 100644
index e7975bc24..000000000
--- a/okta/protocolEndpoints.go
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolEndpoints struct {
-	Acs           *ProtocolEndpoint `json:"acs,omitempty"`
-	Authorization *ProtocolEndpoint `json:"authorization,omitempty"`
-	Jwks          *ProtocolEndpoint `json:"jwks,omitempty"`
-	Metadata      *ProtocolEndpoint `json:"metadata,omitempty"`
-	Slo           *ProtocolEndpoint `json:"slo,omitempty"`
-	Sso           *ProtocolEndpoint `json:"sso,omitempty"`
-	Token         *ProtocolEndpoint `json:"token,omitempty"`
-	UserInfo      *ProtocolEndpoint `json:"userInfo,omitempty"`
-}
diff --git a/okta/protocolRelayState.go b/okta/protocolRelayState.go
deleted file mode 100644
index d5be49768..000000000
--- a/okta/protocolRelayState.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolRelayState struct {
-	Format string `json:"format,omitempty"`
-}
diff --git a/okta/protocolRelayStateFormat.go b/okta/protocolRelayStateFormat.go
deleted file mode 100644
index 595618e93..000000000
--- a/okta/protocolRelayStateFormat.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolRelayStateFormat string
diff --git a/okta/protocolSettings.go b/okta/protocolSettings.go
deleted file mode 100644
index 57951d940..000000000
--- a/okta/protocolSettings.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProtocolSettings struct {
-	NameFormat string `json:"nameFormat,omitempty"`
-}
diff --git a/okta/provisioning.go b/okta/provisioning.go
deleted file mode 100644
index e77aa5850..000000000
--- a/okta/provisioning.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type Provisioning struct {
-	Action        string                  `json:"action,omitempty"`
-	Conditions    *ProvisioningConditions `json:"conditions,omitempty"`
-	Groups        *ProvisioningGroups     `json:"groups,omitempty"`
-	ProfileMaster *bool                   `json:"profileMaster,omitempty"`
-}
diff --git a/okta/provisioningConditions.go b/okta/provisioningConditions.go
deleted file mode 100644
index 4d0ada83f..000000000
--- a/okta/provisioningConditions.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningConditions struct {
-	Deprovisioned *ProvisioningDeprovisionedCondition `json:"deprovisioned,omitempty"`
-	Suspended     *ProvisioningSuspendedCondition     `json:"suspended,omitempty"`
-}
diff --git a/okta/provisioningConnection.go b/okta/provisioningConnection.go
deleted file mode 100644
index e6bfdad1e..000000000
--- a/okta/provisioningConnection.go
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningConnectionResource resource
-
-type ProvisioningConnection struct {
-	Links      interface{} `json:"_links,omitempty"`
-	AuthScheme string      `json:"authScheme,omitempty"`
-	Status     string      `json:"status,omitempty"`
-}
-
-func NewProvisioningConnection() *ProvisioningConnection {
-	return &ProvisioningConnection{}
-}
-
-func (a *ProvisioningConnection) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/provisioningConnectionAuthScheme.go b/okta/provisioningConnectionAuthScheme.go
deleted file mode 100644
index 23a127305..000000000
--- a/okta/provisioningConnectionAuthScheme.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningConnectionAuthScheme string
diff --git a/okta/provisioningConnectionProfile.go b/okta/provisioningConnectionProfile.go
deleted file mode 100644
index 8898dd397..000000000
--- a/okta/provisioningConnectionProfile.go
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningConnectionProfileResource resource
-
-type ProvisioningConnectionProfile struct {
-	AuthScheme string `json:"authScheme,omitempty"`
-	Token      string `json:"token,omitempty"`
-}
-
-func NewProvisioningConnectionProfile() *ProvisioningConnectionProfile {
-	return &ProvisioningConnectionProfile{}
-}
-
-func (a *ProvisioningConnectionProfile) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/provisioningConnectionRequest.go b/okta/provisioningConnectionRequest.go
deleted file mode 100644
index 6a4ecf5fe..000000000
--- a/okta/provisioningConnectionRequest.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningConnectionRequest struct {
-	Profile *ProvisioningConnectionProfile `json:"profile,omitempty"`
-}
-
-func NewProvisioningConnectionRequest() *ProvisioningConnectionRequest {
-	return &ProvisioningConnectionRequest{}
-}
-
-func (a *ProvisioningConnectionRequest) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/provisioningConnectionStatus.go b/okta/provisioningConnectionStatus.go
deleted file mode 100644
index d3f6c3e5d..000000000
--- a/okta/provisioningConnectionStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningConnectionStatus string
diff --git a/okta/provisioningDeprovisionedCondition.go b/okta/provisioningDeprovisionedCondition.go
deleted file mode 100644
index f0f8c3405..000000000
--- a/okta/provisioningDeprovisionedCondition.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningDeprovisionedCondition struct {
-	Action string `json:"action,omitempty"`
-}
diff --git a/okta/provisioningGroups.go b/okta/provisioningGroups.go
deleted file mode 100644
index 40723fbde..000000000
--- a/okta/provisioningGroups.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningGroups struct {
-	Action              string   `json:"action,omitempty"`
-	Assignments         []string `json:"assignments,omitempty"`
-	Filter              []string `json:"filter,omitempty"`
-	SourceAttributeName string   `json:"sourceAttributeName,omitempty"`
-}
diff --git a/okta/provisioningSuspendedCondition.go b/okta/provisioningSuspendedCondition.go
deleted file mode 100644
index 141783d12..000000000
--- a/okta/provisioningSuspendedCondition.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ProvisioningSuspendedCondition struct {
-	Action string `json:"action,omitempty"`
-}
diff --git a/okta/proxy_test.go b/okta/proxy_test.go
new file mode 100644
index 000000000..8ba26bae7
--- /dev/null
+++ b/okta/proxy_test.go
@@ -0,0 +1,44 @@
+package okta
+
+import (
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strconv"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_Config_Proxy(t *testing.T) {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("This is proxy server end point"))
+	})
+	proxyServer := httptest.NewServer(mux)
+	defer proxyServer.Close()
+	configuration := NewConfiguration()
+	configuration.Debug = false
+	proxyURL, err := url.Parse(proxyServer.URL)
+	require.NoError(t, err, "Parse url should not error")
+	password, _ := proxyURL.User.Password()
+	hp := strings.Split(proxyURL.Host, ":")
+	require.Equal(t, 2, len(hp), "Host should only host and port")
+	intVar, err := strconv.Atoi(hp[1])
+	require.NoError(t, err, "Convert string to int should not error")
+	configuration.Okta.Client.Proxy.Host = hp[0]
+	configuration.Okta.Client.Proxy.Port = int32(intVar)
+	configuration.Okta.Client.Proxy.Username = proxyURL.User.Username()
+	configuration.Okta.Client.Proxy.Password = password
+	proxyClient := NewAPIClient(configuration)
+	req, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
+	require.NoError(t, err, "Create new http request should not error")
+	resp, err := proxyClient.callAPI(req)
+	require.NoError(t, err, "Make http request should not error")
+	b, err := io.ReadAll(resp.Body)
+	require.NoError(t, err, "Read http response should not error")
+	assert.Equal(t, "This is proxy server end point", string(b))
+}
diff --git a/okta/pushUserFactor.go b/okta/pushUserFactor.go
deleted file mode 100644
index 1204116a0..000000000
--- a/okta/pushUserFactor.go
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type PushUserFactor struct {
-	Embedded     interface{}            `json:"_embedded,omitempty"`
-	Links        interface{}            `json:"_links,omitempty"`
-	Created      *time.Time             `json:"created,omitempty"`
-	FactorType   string                 `json:"factorType,omitempty"`
-	Id           string                 `json:"id,omitempty"`
-	LastUpdated  *time.Time             `json:"lastUpdated,omitempty"`
-	Provider     string                 `json:"provider,omitempty"`
-	Status       string                 `json:"status,omitempty"`
-	Verify       *VerifyFactorRequest   `json:"verify,omitempty"`
-	ExpiresAt    *time.Time             `json:"expiresAt,omitempty"`
-	FactorResult string                 `json:"factorResult,omitempty"`
-	Profile      *PushUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewPushUserFactor() *PushUserFactor {
-	return &PushUserFactor{
-		FactorType: "push",
-	}
-}
-
-func (a *PushUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/pushUserFactorProfile.go b/okta/pushUserFactorProfile.go
deleted file mode 100644
index fcf1fdedb..000000000
--- a/okta/pushUserFactorProfile.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type PushUserFactorProfile struct {
-	CredentialId string `json:"credentialId,omitempty"`
-	DeviceToken  string `json:"deviceToken,omitempty"`
-	DeviceType   string `json:"deviceType,omitempty"`
-	Name         string `json:"name,omitempty"`
-	Platform     string `json:"platform,omitempty"`
-	Version      string `json:"version,omitempty"`
-}
-
-func NewPushUserFactorProfile() *PushUserFactorProfile {
-	return &PushUserFactorProfile{}
-}
-
-func (a *PushUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/query/query.go b/okta/query/query.go
deleted file mode 100644
index 050d0586a..000000000
--- a/okta/query/query.go
+++ /dev/null
@@ -1,419 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package query
-
-import (
-	"net/url"
-	"strconv"
-)
-
-type Params struct {
-	Q                    string      `json:"q,omitempty"`
-	After                string      `json:"after,omitempty"`
-	Limit                int64       `json:"limit,omitempty"`
-	Filter               string      `json:"filter,omitempty"`
-	Expand               string      `json:"expand,omitempty"`
-	IncludeNonDeleted    *bool       `json:"includeNonDeleted,omitempty"`
-	Activate             *bool       `json:"activate,omitempty"`
-	ValidityYears        int64       `json:"validityYears,omitempty"`
-	TargetAid            string      `json:"targetAid,omitempty"`
-	Kid                  string      `json:"kid,omitempty"`
-	QueryScope           string      `json:"query_scope,omitempty"`
-	SendEmail            *bool       `json:"sendEmail,omitempty"`
-	Cursor               string      `json:"cursor,omitempty"`
-	Mode                 string      `json:"mode,omitempty"`
-	Search               string      `json:"search,omitempty"`
-	RemoveUsers          *bool       `json:"removeUsers,omitempty"`
-	DisableNotifications *bool       `json:"disableNotifications,omitempty"`
-	Type                 string      `json:"type,omitempty"`
-	TargetIdpId          string      `json:"targetIdpId,omitempty"`
-	Since                string      `json:"since,omitempty"`
-	Until                string      `json:"until,omitempty"`
-	SortOrder            string      `json:"sortOrder,omitempty"`
-	SourceId             string      `json:"sourceId,omitempty"`
-	TargetId             string      `json:"targetId,omitempty"`
-	Status               string      `json:"status,omitempty"`
-	TemplateType         string      `json:"templateType,omitempty"`
-	SortBy               string      `json:"sortBy,omitempty"`
-	Provider             interface{} `json:"provider,omitempty"`
-	NextLogin            string      `json:"nextLogin,omitempty"`
-	Strict               *bool       `json:"strict,omitempty"`
-	UpdatePhone          *bool       `json:"updatePhone,omitempty"`
-	TemplateId           string      `json:"templateId,omitempty"`
-	TokenLifetimeSeconds int64       `json:"tokenLifetimeSeconds,omitempty"`
-	ScopeId              string      `json:"scopeId,omitempty"`
-	OauthTokens          *bool       `json:"oauthTokens,omitempty"`
-}
-
-func NewQueryParams(paramOpt ...ParamOptions) *Params {
-	p := &Params{}
-
-	for _, par := range paramOpt {
-		par(p)
-	}
-
-	return p
-}
-
-type ParamOptions func(*Params)
-
-func WithQ(queryQ string) ParamOptions {
-	return func(p *Params) {
-		p.Q = queryQ
-	}
-}
-
-func WithAfter(queryAfter string) ParamOptions {
-	return func(p *Params) {
-		p.After = queryAfter
-	}
-}
-
-func WithLimit(queryLimit int64) ParamOptions {
-	return func(p *Params) {
-		p.Limit = queryLimit
-	}
-}
-
-func WithFilter(queryFilter string) ParamOptions {
-	return func(p *Params) {
-		p.Filter = queryFilter
-	}
-}
-
-func WithExpand(queryExpand string) ParamOptions {
-	return func(p *Params) {
-		p.Expand = queryExpand
-	}
-}
-
-func WithIncludeNonDeleted(queryIncludeNonDeleted bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = queryIncludeNonDeleted
-		p.IncludeNonDeleted = b
-	}
-}
-
-func WithActivate(queryActivate bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = queryActivate
-		p.Activate = b
-	}
-}
-
-func WithValidityYears(queryValidityYears int64) ParamOptions {
-	return func(p *Params) {
-		p.ValidityYears = queryValidityYears
-	}
-}
-
-func WithTargetAid(queryTargetAid string) ParamOptions {
-	return func(p *Params) {
-		p.TargetAid = queryTargetAid
-	}
-}
-
-func WithKid(queryKid string) ParamOptions {
-	return func(p *Params) {
-		p.Kid = queryKid
-	}
-}
-
-func WithQueryScope(queryQueryScope string) ParamOptions {
-	return func(p *Params) {
-		p.QueryScope = queryQueryScope
-	}
-}
-
-func WithSendEmail(querySendEmail bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = querySendEmail
-		p.SendEmail = b
-	}
-}
-
-func WithCursor(queryCursor string) ParamOptions {
-	return func(p *Params) {
-		p.Cursor = queryCursor
-	}
-}
-
-func WithMode(queryMode string) ParamOptions {
-	return func(p *Params) {
-		p.Mode = queryMode
-	}
-}
-
-func WithSearch(querySearch string) ParamOptions {
-	return func(p *Params) {
-		p.Search = querySearch
-	}
-}
-
-func WithRemoveUsers(queryRemoveUsers bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = queryRemoveUsers
-		p.RemoveUsers = b
-	}
-}
-
-func WithDisableNotifications(queryDisableNotifications bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = queryDisableNotifications
-		p.DisableNotifications = b
-	}
-}
-
-func WithType(queryType string) ParamOptions {
-	return func(p *Params) {
-		p.Type = queryType
-	}
-}
-
-func WithTargetIdpId(queryTargetIdpId string) ParamOptions {
-	return func(p *Params) {
-		p.TargetIdpId = queryTargetIdpId
-	}
-}
-
-func WithSince(querySince string) ParamOptions {
-	return func(p *Params) {
-		p.Since = querySince
-	}
-}
-
-func WithUntil(queryUntil string) ParamOptions {
-	return func(p *Params) {
-		p.Until = queryUntil
-	}
-}
-
-func WithSortOrder(querySortOrder string) ParamOptions {
-	return func(p *Params) {
-		p.SortOrder = querySortOrder
-	}
-}
-
-func WithSourceId(querySourceId string) ParamOptions {
-	return func(p *Params) {
-		p.SourceId = querySourceId
-	}
-}
-
-func WithTargetId(queryTargetId string) ParamOptions {
-	return func(p *Params) {
-		p.TargetId = queryTargetId
-	}
-}
-
-func WithStatus(queryStatus string) ParamOptions {
-	return func(p *Params) {
-		p.Status = queryStatus
-	}
-}
-
-func WithTemplateType(queryTemplateType string) ParamOptions {
-	return func(p *Params) {
-		p.TemplateType = queryTemplateType
-	}
-}
-
-func WithSortBy(querySortBy string) ParamOptions {
-	return func(p *Params) {
-		p.SortBy = querySortBy
-	}
-}
-
-func WithProvider(queryProvider interface{}) ParamOptions {
-	return func(p *Params) {
-		p.Provider = queryProvider
-	}
-}
-
-func WithNextLogin(queryNextLogin string) ParamOptions {
-	return func(p *Params) {
-		p.NextLogin = queryNextLogin
-	}
-}
-
-func WithStrict(queryStrict bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = queryStrict
-		p.Strict = b
-	}
-}
-
-func WithUpdatePhone(queryUpdatePhone bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = queryUpdatePhone
-		p.UpdatePhone = b
-	}
-}
-
-func WithTemplateId(queryTemplateId string) ParamOptions {
-	return func(p *Params) {
-		p.TemplateId = queryTemplateId
-	}
-}
-
-func WithTokenLifetimeSeconds(queryTokenLifetimeSeconds int64) ParamOptions {
-	return func(p *Params) {
-		p.TokenLifetimeSeconds = queryTokenLifetimeSeconds
-	}
-}
-
-func WithScopeId(queryScopeId string) ParamOptions {
-	return func(p *Params) {
-		p.ScopeId = queryScopeId
-	}
-}
-
-func WithOauthTokens(queryOauthTokens bool) ParamOptions {
-	return func(p *Params) {
-		b := new(bool)
-		*b = queryOauthTokens
-		p.OauthTokens = b
-	}
-}
-
-func (p *Params) String() string {
-	qs := url.Values{}
-
-	if p.Q != "" {
-		qs.Add(`q`, p.Q)
-	}
-	if p.After != "" {
-		qs.Add(`after`, p.After)
-	}
-	if p.Limit != 0 {
-		qs.Add(`limit`, strconv.FormatInt(p.Limit, 10))
-	}
-	if p.Filter != "" {
-		qs.Add(`filter`, p.Filter)
-	}
-	if p.Expand != "" {
-		qs.Add(`expand`, p.Expand)
-	}
-	if p.IncludeNonDeleted != nil {
-		qs.Add(`includeNonDeleted`, strconv.FormatBool(*p.IncludeNonDeleted))
-	}
-	if p.Activate != nil {
-		qs.Add(`activate`, strconv.FormatBool(*p.Activate))
-	}
-	if p.ValidityYears != 0 {
-		qs.Add(`validityYears`, strconv.FormatInt(p.ValidityYears, 10))
-	}
-	if p.TargetAid != "" {
-		qs.Add(`targetAid`, p.TargetAid)
-	}
-	if p.Kid != "" {
-		qs.Add(`kid`, p.Kid)
-	}
-	if p.QueryScope != "" {
-		qs.Add(`query_scope`, p.QueryScope)
-	}
-	if p.SendEmail != nil {
-		qs.Add(`sendEmail`, strconv.FormatBool(*p.SendEmail))
-	}
-	if p.Cursor != "" {
-		qs.Add(`cursor`, p.Cursor)
-	}
-	if p.Mode != "" {
-		qs.Add(`mode`, p.Mode)
-	}
-	if p.Search != "" {
-		qs.Add(`search`, p.Search)
-	}
-	if p.RemoveUsers != nil {
-		qs.Add(`removeUsers`, strconv.FormatBool(*p.RemoveUsers))
-	}
-	if p.DisableNotifications != nil {
-		qs.Add(`disableNotifications`, strconv.FormatBool(*p.DisableNotifications))
-	}
-	if p.Type != "" {
-		qs.Add(`type`, p.Type)
-	}
-	if p.TargetIdpId != "" {
-		qs.Add(`targetIdpId`, p.TargetIdpId)
-	}
-	if p.Since != "" {
-		qs.Add(`since`, p.Since)
-	}
-	if p.Until != "" {
-		qs.Add(`until`, p.Until)
-	}
-	if p.SortOrder != "" {
-		qs.Add(`sortOrder`, p.SortOrder)
-	}
-	if p.SourceId != "" {
-		qs.Add(`sourceId`, p.SourceId)
-	}
-	if p.TargetId != "" {
-		qs.Add(`targetId`, p.TargetId)
-	}
-	if p.Status != "" {
-		qs.Add(`status`, p.Status)
-	}
-	if p.TemplateType != "" {
-		qs.Add(`templateType`, p.TemplateType)
-	}
-	if p.SortBy != "" {
-		qs.Add(`sortBy`, p.SortBy)
-	}
-	if p.Provider != nil {
-		if b, ok := p.Provider.(bool); ok {
-			qs.Add(`provider`, strconv.FormatBool(b))
-		} else {
-			qs.Add(`provider`, p.Provider.(string))
-		}
-	}
-	if p.NextLogin != "" {
-		qs.Add(`nextLogin`, p.NextLogin)
-	}
-	if p.Strict != nil {
-		qs.Add(`strict`, strconv.FormatBool(*p.Strict))
-	}
-	if p.UpdatePhone != nil {
-		qs.Add(`updatePhone`, strconv.FormatBool(*p.UpdatePhone))
-	}
-	if p.TemplateId != "" {
-		qs.Add(`templateId`, p.TemplateId)
-	}
-	if p.TokenLifetimeSeconds != 0 {
-		qs.Add(`tokenLifetimeSeconds`, strconv.FormatInt(p.TokenLifetimeSeconds, 10))
-	}
-	if p.ScopeId != "" {
-		qs.Add(`scopeId`, p.ScopeId)
-	}
-	if p.OauthTokens != nil {
-		qs.Add(`oauthTokens`, strconv.FormatBool(*p.OauthTokens))
-	}
-
-	if len(qs) != 0 {
-		return "?" + qs.Encode()
-	}
-	return ""
-}
diff --git a/okta/query/query_test.go b/okta/query/query_test.go
deleted file mode 100644
index 022c1ee59..000000000
--- a/okta/query/query_test.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package query
-
-import "testing"
-
-func TestEmpty(t *testing.T) {
-	p := NewQueryParams()
-	qs := p.String()
-	if qs != "" {
-		t.Fatalf("expected empty string got '%s'", qs)
-	}
-}
-
-func TestInt64(t *testing.T) {
-	p := NewQueryParams(WithLimit(100))
-	qs := p.String()
-	if qs != `?limit=100` {
-		t.Fatalf("expected '?limit=100' got '%s'", qs)
-	}
-}
-
-func TestBool(t *testing.T) {
-	p := NewQueryParams(WithActivate(false))
-	qs := p.String()
-	if qs != `?activate=false` {
-		t.Fatalf("expected '?activate=false' got '%s'", qs)
-	}
-
-	p = NewQueryParams(WithActivate(true))
-	qs = p.String()
-	if qs != `?activate=true` {
-		t.Fatalf("expected '?activate=true' got '%s'", qs)
-	}
-}
-
-func TestString(t *testing.T) {
-	p := NewQueryParams(WithQ(`x`))
-	qs := p.String()
-	if qs != "?q=x" {
-		t.Fatalf("expected '?q=x' got '%s'", qs)
-	}
-
-	// Testing if we are applying URL encoding to a reserved char
-	p = NewQueryParams(WithQ(`x=/`))
-	qs = p.String()
-	if qs != `?q=x%3D%2F` {
-		t.Fatalf(`expected '%s' got '%s'`, `?q=x%3D%2F`, qs)
-	}
-}
-
-func TestMultiple(t *testing.T) {
-	p := NewQueryParams(WithQ(`x`), WithLimit(100), WithActivate(true))
-	qs := p.String()
-	if qs != "?activate=true&limit=100&q=x" {
-		t.Fatalf("expected '?activate=true&limit=100&q=x' got '%s'", qs)
-	}
-}
-
-func TestWithProvider(t *testing.T) {
-	p := NewQueryParams(WithProvider(true))
-	qs := p.String()
-	if qs != "?provider=true" {
-		t.Fatalf("expected '?provider=true' got '%s'", qs)
-	}
-
-	p = NewQueryParams(WithProvider("FEDERATION"))
-	qs = p.String()
-	if qs != "?provider=FEDERATION" {
-		t.Fatalf("expected '?provider=FEDERATION' got '%s'", qs)
-	}
-}
diff --git a/okta/recoveryQuestionCredential.go b/okta/recoveryQuestionCredential.go
deleted file mode 100644
index e71839d7c..000000000
--- a/okta/recoveryQuestionCredential.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type RecoveryQuestionCredential struct {
-	Answer   string `json:"answer,omitempty"`
-	Question string `json:"question,omitempty"`
-}
diff --git a/okta/requestExecutor.go b/okta/requestExecutor.go
deleted file mode 100644
index 23a224f23..000000000
--- a/okta/requestExecutor.go
+++ /dev/null
@@ -1,703 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package okta
-
-import (
-	"bytes"
-	"context"
-	"crypto/x509"
-	"encoding/json"
-	"encoding/pem"
-	"encoding/xml"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	urlpkg "net/url"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/BurntSushi/toml"
-	"github.com/cenkalti/backoff/v4"
-	"github.com/go-jose/go-jose/v3"
-	"github.com/go-jose/go-jose/v3/jwt"
-	"github.com/okta/okta-sdk-golang/v2/okta/cache"
-	goCache "github.com/patrickmn/go-cache"
-)
-
-const AccessTokenCacheKey = "OKTA_ACCESS_TOKEN"
-
-type RequestExecutor struct {
-	httpClient        *http.Client
-	config            *config
-	BaseUrl           *urlpkg.URL
-	cache             cache.Cache
-	tokenCache        *goCache.Cache
-	binary            bool
-	headerAccept      string
-	headerContentType string
-	freshCache        bool
-}
-
-type ClientAssertionClaims struct {
-	Issuer   string           `json:"iss,omitempty"`
-	Subject  string           `json:"sub,omitempty"`
-	Audience string           `json:"aud,omitempty"`
-	Expiry   *jwt.NumericDate `json:"exp,omitempty"`
-	IssuedAt *jwt.NumericDate `json:"iat,omitempty"`
-	ID       string           `json:"jti,omitempty"`
-}
-
-type RequestAccessToken struct {
-	TokenType   string `json:"token_type,omitempty"`
-	ExpiresIn   int    `json:"expires_in,omitempty"`
-	AccessToken string `json:"access_token,omitempty"`
-	Scope       string `json:"scope,omitempty"`
-}
-
-type Authorization interface {
-	Authorize() error
-}
-
-type SSWSAuth struct {
-	token string
-	req   *http.Request
-}
-
-func NewSSWSAuth(token string, req *http.Request) *SSWSAuth {
-	return &SSWSAuth{token: token, req: req}
-}
-
-func (a *SSWSAuth) Authorize() error {
-	a.req.Header.Add("Authorization", "SSWS "+a.token)
-	return nil
-}
-
-type BearerAuth struct {
-	token string
-	req   *http.Request
-}
-
-func NewBearerAuth(token string, req *http.Request) *BearerAuth {
-	return &BearerAuth{token: token, req: req}
-}
-
-func (a *BearerAuth) Authorize() error {
-	a.req.Header.Add("Authorization", "Bearer "+a.token)
-	return nil
-}
-
-type PrivateKeyAuth struct {
-	tokenCache       *goCache.Cache
-	httpClient       *http.Client
-	privateKeySigner jose.Signer
-	privateKey       string
-	privateKeyId     string
-	clientId         string
-	orgURL           string
-	scopes           []string
-	maxRetries       int32
-	maxBackoff       int64
-	req              *http.Request
-}
-
-type PrivateKeyAuthConfig struct {
-	TokenCache       *goCache.Cache
-	HttpClient       *http.Client
-	PrivateKeySigner jose.Signer
-	PrivateKey       string
-	PrivateKeyId     string
-	ClientId         string
-	OrgURL           string
-	Scopes           []string
-	MaxRetries       int32
-	MaxBackoff       int64
-	Req              *http.Request
-}
-
-func NewPrivateKeyAuth(config PrivateKeyAuthConfig) *PrivateKeyAuth {
-	return &PrivateKeyAuth{
-		tokenCache:       config.TokenCache,
-		httpClient:       config.HttpClient,
-		privateKeySigner: config.PrivateKeySigner,
-		privateKey:       config.PrivateKey,
-		privateKeyId:     config.PrivateKeyId,
-		clientId:         config.ClientId,
-		orgURL:           config.OrgURL,
-		scopes:           config.Scopes,
-		maxRetries:       config.MaxRetries,
-		maxBackoff:       config.MaxBackoff,
-		req:              config.Req,
-	}
-}
-
-func (a *PrivateKeyAuth) Authorize() error {
-	accessToken, hasToken := a.tokenCache.Get(AccessTokenCacheKey)
-	if hasToken {
-		a.req.Header.Add("Authorization", "Bearer "+accessToken.(string))
-	} else {
-		if a.privateKeySigner == nil {
-			var err error
-			a.privateKeySigner, err = CreateKeySigner(a.privateKey, a.privateKeyId)
-			if err != nil {
-				return err
-			}
-		}
-
-		clientAssertion, err := CreateClientAssertion(a.orgURL, a.clientId, a.privateKeySigner)
-		if err != nil {
-			return err
-		}
-
-		accessToken, err := getAccessTokenForPrivateKey(a.httpClient, a.orgURL, clientAssertion, a.scopes, a.maxRetries, a.maxBackoff)
-		if err != nil {
-			return err
-		}
-
-		a.req.Header.Add("Authorization", "Bearer "+accessToken.AccessToken)
-
-		// Trim a couple of seconds off calculated expiry so cache expiry
-		// occures before Okta server side expiry.
-		expiration := accessToken.ExpiresIn - 2
-		a.tokenCache.Set(AccessTokenCacheKey, accessToken.AccessToken, time.Second*time.Duration(expiration))
-	}
-	return nil
-}
-
-type JWTAuth struct {
-	tokenCache      *goCache.Cache
-	httpClient      *http.Client
-	orgURL          string
-	scopes          []string
-	clientAssertion string
-	maxRetries      int32
-	maxBackoff      int64
-	req             *http.Request
-}
-
-type JWTAuthConfig struct {
-	TokenCache      *goCache.Cache
-	HttpClient      *http.Client
-	OrgURL          string
-	Scopes          []string
-	ClientAssertion string
-	MaxRetries      int32
-	MaxBackoff      int64
-	Req             *http.Request
-}
-
-func NewJWTAuth(config JWTAuthConfig) *JWTAuth {
-	return &JWTAuth{
-		tokenCache:      config.TokenCache,
-		httpClient:      config.HttpClient,
-		orgURL:          config.OrgURL,
-		scopes:          config.Scopes,
-		clientAssertion: config.ClientAssertion,
-		maxRetries:      config.MaxRetries,
-		maxBackoff:      config.MaxBackoff,
-		req:             config.Req,
-	}
-}
-
-func (a *JWTAuth) Authorize() error {
-	accessToken, hasToken := a.tokenCache.Get(AccessTokenCacheKey)
-	if hasToken {
-		a.req.Header.Add("Authorization", "Bearer "+accessToken.(string))
-	} else {
-		accessToken, err := getAccessTokenForPrivateKey(a.httpClient, a.orgURL, a.clientAssertion, a.scopes, a.maxRetries, a.maxBackoff)
-		if err != nil {
-			return err
-		}
-		a.req.Header.Add("Authorization", "Bearer "+accessToken.AccessToken)
-
-		// Trim a couple of seconds off calculated expiry so cache expiry
-		// occures before Okta server side expiry.
-		expiration := accessToken.ExpiresIn - 2
-		a.tokenCache.Set(AccessTokenCacheKey, accessToken.AccessToken, time.Second*time.Duration(expiration))
-	}
-	return nil
-}
-
-func CreateKeySigner(privateKey, privateKeyID string) (jose.Signer, error) {
-	priv := []byte(strings.ReplaceAll(privateKey, `\n`, "\n"))
-
-	privPem, _ := pem.Decode(priv)
-	if privPem == nil {
-		return nil, errors.New("invalid private key")
-	}
-	if privPem.Type != "RSA PRIVATE KEY" {
-		return nil, fmt.Errorf("RSA private key is of the wrong type")
-	}
-
-	parsedKey, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)
-	if err != nil {
-		return nil, err
-	}
-
-	var signerOptions *jose.SignerOptions
-	if privateKeyID != "" {
-		signerOptions = (&jose.SignerOptions{}).WithHeader("kid", privateKeyID)
-	}
-
-	return jose.NewSigner(jose.SigningKey{Algorithm: jose.RS256, Key: parsedKey}, signerOptions)
-}
-
-func CreateClientAssertion(orgURL, clientID string, privateKeySinger jose.Signer) (clientAssertion string, err error) {
-	claims := ClientAssertionClaims{
-		Subject:  clientID,
-		IssuedAt: jwt.NewNumericDate(time.Now()),
-		Expiry:   jwt.NewNumericDate(time.Now().Add(time.Hour * time.Duration(1))),
-		Issuer:   clientID,
-		Audience: orgURL + "/oauth2/v1/token",
-	}
-	jwtBuilder := jwt.Signed(privateKeySinger).Claims(claims)
-	return jwtBuilder.CompactSerialize()
-}
-
-func getAccessTokenForPrivateKey(httpClient *http.Client, orgURL, clientAssertion string, scopes []string, maxRetries int32, maxBackoff int64) (*RequestAccessToken, error) {
-	var tokenRequestBuff io.ReadWriter
-	query := urlpkg.Values{}
-	tokenRequestURL := orgURL + "/oauth2/v1/token"
-
-	query.Add("grant_type", "client_credentials")
-	query.Add("scope", strings.Join(scopes, " "))
-	query.Add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
-	query.Add("client_assertion", clientAssertion)
-	tokenRequestURL += "?" + query.Encode()
-	tokenRequest, err := http.NewRequest("POST", tokenRequestURL, tokenRequestBuff)
-	if err != nil {
-		return nil, err
-	}
-
-	tokenRequest.Header.Add("Accept", "application/json")
-	tokenRequest.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-
-	bOff := &oktaBackoff{
-		ctx:             context.TODO(),
-		maxRetries:      maxRetries,
-		backoffDuration: time.Duration(maxBackoff),
-	}
-	var tokenResponse *http.Response
-	operation := func() error {
-		tokenResponse, err = httpClient.Do(tokenRequest)
-		bOff.retryCount++
-		return err
-	}
-	err = backoff.Retry(operation, bOff)
-	if err != nil {
-		return nil, err
-	}
-
-	respBody, err := io.ReadAll(tokenResponse.Body)
-	if err != nil {
-		return nil, err
-	}
-	origResp := io.NopCloser(bytes.NewBuffer(respBody))
-	tokenResponse.Body = origResp
-	var accessToken *RequestAccessToken
-
-	_, err = buildResponse(tokenResponse, nil, &accessToken)
-	if err != nil {
-		return nil, err
-	}
-	return accessToken, nil
-}
-
-func NewRequestExecutor(httpClient *http.Client, cache cache.Cache, config *config) *RequestExecutor {
-	re := RequestExecutor{
-		tokenCache: goCache.New(5*time.Minute, 10*time.Minute),
-	}
-
-	re.httpClient = httpClient
-	re.config = config
-	re.cache = cache
-	re.binary = false
-	re.headerAccept = "application/json"
-	re.headerContentType = "application/json"
-
-	if httpClient == nil {
-		tr := &http.Transport{
-			IdleConnTimeout: 30 * time.Second,
-		}
-		re.httpClient = &http.Client{
-			Transport: tr,
-			Timeout:   time.Second * time.Duration(re.config.Okta.Client.ConnectionTimeout),
-		}
-	}
-
-	return &re
-}
-
-func (re *RequestExecutor) NewRequest(method string, url string, body interface{}) (*http.Request, error) {
-	var buff io.ReadWriter
-	if body != nil {
-		switch v := body.(type) {
-		case []byte:
-			buff = bytes.NewBuffer(v)
-		case *bytes.Buffer:
-			buff = v
-		default:
-			buff = new(bytes.Buffer)
-			encoder := json.NewEncoder(buff)
-			encoder.SetEscapeHTML(false)
-			err := encoder.Encode(body)
-			if err != nil {
-				return nil, err
-			}
-		}
-	}
-	url = re.config.Okta.Client.OrgUrl + url
-
-	req, err := http.NewRequest(method, url, buff)
-	if err != nil {
-		return nil, err
-	}
-
-	var auth Authorization
-
-	switch re.config.Okta.Client.AuthorizationMode {
-	case "SSWS":
-		auth = NewSSWSAuth(re.config.Okta.Client.Token, req)
-	case "Bearer":
-		auth = NewBearerAuth(re.config.Okta.Client.Token, req)
-	case "PrivateKey":
-		auth = NewPrivateKeyAuth(PrivateKeyAuthConfig{
-			TokenCache:       re.tokenCache,
-			HttpClient:       re.httpClient,
-			PrivateKeySigner: re.config.PrivateKeySigner,
-			PrivateKey:       re.config.Okta.Client.PrivateKey,
-			PrivateKeyId:     re.config.Okta.Client.PrivateKeyId,
-			ClientId:         re.config.Okta.Client.ClientId,
-			OrgURL:           re.config.Okta.Client.OrgUrl,
-			Scopes:           re.config.Okta.Client.Scopes,
-			MaxRetries:       re.config.Okta.Client.RateLimit.MaxRetries,
-			MaxBackoff:       re.config.Okta.Client.RateLimit.MaxBackoff,
-			Req:              req,
-		})
-	case "JWT":
-		auth = NewJWTAuth(JWTAuthConfig{
-			TokenCache:      re.tokenCache,
-			HttpClient:      re.httpClient,
-			OrgURL:          re.config.Okta.Client.OrgUrl,
-			Scopes:          re.config.Okta.Client.Scopes,
-			ClientAssertion: re.config.Okta.Client.ClientAssertion,
-			MaxRetries:      re.config.Okta.Client.RateLimit.MaxRetries,
-			MaxBackoff:      re.config.Okta.Client.RateLimit.MaxBackoff,
-			Req:             req,
-		})
-	default:
-		return nil, fmt.Errorf("unknown authorization mode %v", re.config.Okta.Client.AuthorizationMode)
-	}
-
-	err = auth.Authorize()
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Add("User-Agent", NewUserAgent(re.config).String())
-	req.Header.Add("Accept", re.headerAccept)
-
-	if body != nil {
-		req.Header.Set("Content-Type", re.headerContentType)
-	}
-
-	// Force reset defaults
-	re.binary = false
-	re.headerAccept = "application/json"
-	re.headerContentType = "application/json"
-	return req, nil
-}
-
-func (re *RequestExecutor) AsBinary() *RequestExecutor {
-	re.binary = true
-	return re
-}
-
-func (re *RequestExecutor) WithAccept(acceptHeader string) *RequestExecutor {
-	re.headerAccept = acceptHeader
-	return re
-}
-
-func (re *RequestExecutor) WithContentType(contentTypeHeader string) *RequestExecutor {
-	re.headerContentType = contentTypeHeader
-	return re
-}
-
-func (re *RequestExecutor) RefreshNext() *RequestExecutor {
-	re.freshCache = true
-	return re
-}
-
-func (re *RequestExecutor) Do(ctx context.Context, req *http.Request, v interface{}) (*Response, error) {
-	cacheKey := cache.CreateCacheKey(req)
-	if req.Method != http.MethodGet {
-		re.cache.Delete(cacheKey)
-	}
-	inCache := re.cache.Has(cacheKey)
-	if re.freshCache {
-		re.cache.Delete(cacheKey)
-		inCache = false
-		re.freshCache = false
-	}
-	if !inCache {
-		resp, done, err := re.doWithRetries(ctx, req)
-		defer done()
-		if err != nil {
-			return nil, err
-		}
-		if resp.StatusCode >= 200 && resp.StatusCode <= 299 && req.Method == http.MethodGet && v != nil && reflect.TypeOf(v).Kind() != reflect.Slice {
-			re.cache.Set(cacheKey, resp)
-		}
-		return buildResponse(resp, re, &v)
-	}
-	resp := re.cache.Get(cacheKey)
-	return buildResponse(resp, re, &v)
-}
-
-type oktaBackoff struct {
-	retryCount, maxRetries int32
-	backoffDuration        time.Duration
-	ctx                    context.Context
-}
-
-// NextBackOff returns the duration to wait before retrying the operation,
-// or backoff. Stop to indicate that no more retries should be made.
-func (o *oktaBackoff) NextBackOff() time.Duration {
-	// stop retrying if operation reached retry limit
-	if o.retryCount > o.maxRetries {
-		return backoff.Stop
-	}
-	return o.backoffDuration
-}
-
-// Reset to initial state.
-func (o *oktaBackoff) Reset() {}
-
-func (o *oktaBackoff) Context() context.Context {
-	return o.ctx
-}
-
-func (re *RequestExecutor) doWithRetries(ctx context.Context, req *http.Request) (*http.Response, func(), error) {
-	var bodyReader func() io.ReadCloser
-	done := func() {}
-	if req.Body != nil {
-		buf, err := io.ReadAll(req.Body)
-		if err != nil {
-			return nil, done, err
-		}
-		bodyReader = func() io.ReadCloser {
-			return io.NopCloser(bytes.NewReader(buf))
-		}
-	}
-	var (
-		resp *http.Response
-		err  error
-	)
-	if re.config.Okta.Client.RequestTimeout > 0 {
-		ctx, done = context.WithTimeout(ctx, time.Second*time.Duration(re.config.Okta.Client.RequestTimeout))
-	}
-	bOff := &oktaBackoff{
-		ctx:        ctx,
-		maxRetries: re.config.Okta.Client.RateLimit.MaxRetries,
-	}
-	operation := func() error {
-		// Always rewind the request body when non-nil.
-		if bodyReader != nil {
-			req.Body = bodyReader()
-		}
-		resp, err = re.httpClient.Do(req.WithContext(ctx))
-		if errors.Is(err, io.EOF) {
-			// retry on EOF errors, which might be caused by network connectivity issues
-			return fmt.Errorf("network error: %w", err)
-		} else if err != nil {
-			// this is error is considered to be permanent and should not be retried
-			return backoff.Permanent(err)
-		}
-		if !tooManyRequests(resp) {
-			return nil
-		}
-		if err = tryDrainBody(resp.Body); err != nil {
-			return err
-		}
-		backoffDuration, err := Get429BackoffTime(resp)
-		if err != nil {
-			return err
-		}
-		if re.config.Okta.Client.RateLimit.MaxBackoff < backoffDuration {
-			backoffDuration = re.config.Okta.Client.RateLimit.MaxBackoff
-		}
-		bOff.backoffDuration = time.Second * time.Duration(backoffDuration)
-		bOff.retryCount++
-		req.Header.Add("X-Okta-Retry-For", resp.Header.Get("X-Okta-Request-Id"))
-		req.Header.Add("X-Okta-Retry-Count", fmt.Sprint(bOff.retryCount))
-		return errors.New("too many requests")
-	}
-	err = backoff.Retry(operation, bOff)
-	return resp, done, err
-}
-
-func tooManyRequests(resp *http.Response) bool {
-	return resp != nil && resp.StatusCode == http.StatusTooManyRequests
-}
-
-func tryDrainBody(body io.ReadCloser) error {
-	defer body.Close()
-	_, err := io.Copy(io.Discard, io.LimitReader(body, 4096))
-	return err
-}
-
-func Get429BackoffTime(resp *http.Response) (int64, error) {
-	requestDate, err := time.Parse("Mon, 02 Jan 2006 15:04:05 GMT", resp.Header.Get("Date"))
-	if err != nil {
-		// this is error is considered to be permanent and should not be retried
-		return 0, backoff.Permanent(fmt.Errorf("date header is missing or invalid: %w", err))
-	}
-	rateLimitReset, err := strconv.Atoi(resp.Header.Get("X-Rate-Limit-Reset"))
-	if err != nil {
-		// this is error is considered to be permanent and should not be retried
-		return 0, backoff.Permanent(fmt.Errorf("X-Rate-Limit-Reset header is missing or invalid: %w", err))
-	}
-	return int64(rateLimitReset) - requestDate.Unix() + 1, nil
-}
-
-type Response struct {
-	*http.Response
-	re       *RequestExecutor
-	Self     string
-	NextPage string
-}
-
-func (r *Response) Next(ctx context.Context, v interface{}) (*Response, error) {
-	if r.re == nil {
-		return nil, errors.New("no initial response provided from previous request")
-	}
-	req, err := r.re.NewRequest("GET", r.NextPage, nil)
-	if err != nil {
-		return nil, err
-	}
-	return r.re.Do(ctx, req, v)
-}
-
-func (r *Response) HasNextPage() bool {
-	return r.NextPage != ""
-}
-
-func newResponse(r *http.Response, re *RequestExecutor) *Response {
-	response := &Response{Response: r, re: re}
-	links := r.Header["Link"]
-
-	if len(links) > 0 {
-		for _, link := range links {
-			splitLinkHeader := strings.Split(link, ";")
-			if len(splitLinkHeader) < 2 {
-				continue
-			}
-			rawLink := strings.TrimRight(strings.TrimLeft(splitLinkHeader[0], "<"), ">")
-			rawURL, _ := urlpkg.Parse(rawLink)
-			rawURL.Scheme = ""
-			rawURL.Host = ""
-			if r.Request != nil {
-				q := r.Request.URL.Query()
-				for k, v := range rawURL.Query() {
-					q.Set(k, v[0])
-				}
-				rawURL.RawQuery = q.Encode()
-			}
-			if strings.Contains(link, `rel="self"`) {
-				response.Self = rawURL.String()
-			}
-			if strings.Contains(link, `rel="next"`) {
-				response.NextPage = rawURL.String()
-			}
-		}
-	}
-
-	return response
-}
-
-func CheckResponseForError(resp *http.Response) error {
-	statusCode := resp.StatusCode
-	if statusCode >= http.StatusOK && statusCode < http.StatusBadRequest {
-		return nil
-	}
-	e := Error{}
-	if (statusCode == http.StatusUnauthorized || statusCode == http.StatusForbidden) &&
-		strings.Contains(resp.Header.Get("Www-Authenticate"), "Bearer") {
-		for _, v := range strings.Split(resp.Header.Get("Www-Authenticate"), ", ") {
-			if strings.Contains(v, "error_description") {
-				_, err := toml.Decode(v, &e)
-				if err != nil {
-					e.ErrorSummary = "unauthorized"
-				}
-				return &e
-			}
-		}
-	}
-	bodyBytes, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return err
-	}
-	copyBodyBytes := make([]byte, len(bodyBytes))
-	copy(copyBodyBytes, bodyBytes)
-	_ = resp.Body.Close()
-	resp.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-	_ = json.NewDecoder(bytes.NewReader(copyBodyBytes)).Decode(&e)
-	if statusCode == http.StatusInternalServerError {
-		e.ErrorSummary += fmt.Sprintf(", x-okta-request-id=%s", resp.Header.Get("x-okta-request-id"))
-	}
-	return &e
-}
-
-func buildResponse(resp *http.Response, re *RequestExecutor, v interface{}) (*Response, error) {
-	ct := resp.Header.Get("Content-Type")
-	response := newResponse(resp, re)
-	err := CheckResponseForError(resp)
-	if err != nil {
-		return response, err
-	}
-	bodyBytes, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	copyBodyBytes := make([]byte, len(bodyBytes))
-	copy(copyBodyBytes, bodyBytes)
-	_ = resp.Body.Close()                                // close it to avoid memory leaks
-	resp.Body = io.NopCloser(bytes.NewBuffer(bodyBytes)) // restore the original response body
-	if len(copyBodyBytes) == 0 {
-		return response, nil
-	}
-	switch {
-	case strings.Contains(ct, "application/xml"):
-		err = xml.NewDecoder(bytes.NewReader(copyBodyBytes)).Decode(v)
-	case strings.Contains(ct, "application/json"):
-		err = json.NewDecoder(bytes.NewReader(copyBodyBytes)).Decode(v)
-	case strings.Contains(ct, "application/octet-stream"):
-		// since the response is arbitrary binary data, we leave it to the user to decode it
-		return response, nil
-	default:
-		return nil, errors.New("could not build a response for type: " + ct)
-	}
-	if err == io.EOF {
-		err = nil
-	}
-	if err != nil {
-		return nil, err
-	}
-	return response, nil
-}
diff --git a/okta/requiredEnum.go b/okta/requiredEnum.go
deleted file mode 100644
index f3f321bca..000000000
--- a/okta/requiredEnum.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type RequiredEnum string
diff --git a/okta/resetPasswordToken.go b/okta/resetPasswordToken.go
deleted file mode 100644
index bf087771e..000000000
--- a/okta/resetPasswordToken.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ResetPasswordToken struct {
-	ResetPasswordUrl string `json:"resetPasswordUrl,omitempty"`
-}
diff --git a/okta/response.go b/okta/response.go
new file mode 100644
index 000000000..a3d5762d4
--- /dev/null
+++ b/okta/response.go
@@ -0,0 +1,228 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"bytes"
+	"encoding/json"
+	"encoding/xml"
+	"errors"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+// APIResponse stores the API response returned by the server.
+type APIResponse struct {
+	*http.Response
+	cli *APIClient
+	pg  Pagination
+}
+
+func newAPIResponse(r *http.Response, cli *APIClient, v interface{}) *APIResponse {
+	var pg Pagination
+	// switch v
+	pg = newPaginationInHeader(r)
+	response := &APIResponse{Response: r, cli: cli, pg: pg}
+	return response
+}
+
+func buildResponse(resp *http.Response, cli *APIClient, v interface{}) (*APIResponse, error) {
+	ct := resp.Header.Get("Content-Type")
+	response := newAPIResponse(resp, cli, v)
+	err := cli.checkResponseForError(resp)
+	if err != nil {
+		return response, err
+	}
+	bodyBytes, _ := ioutil.ReadAll(resp.Body)
+	copyBodyBytes := make([]byte, len(bodyBytes))
+	copy(copyBodyBytes, bodyBytes)
+	_ = resp.Body.Close()                                    // close it to avoid memory leaks
+	resp.Body = ioutil.NopCloser(bytes.NewBuffer(bodyBytes)) // restore the original response body
+	if len(copyBodyBytes) == 0 {
+		return response, nil
+	}
+	switch {
+	case strings.Contains(ct, "application/xml"):
+		err = xml.NewDecoder(bytes.NewReader(copyBodyBytes)).Decode(v)
+	case strings.Contains(ct, "application/json"):
+		err = json.NewDecoder(bytes.NewReader(copyBodyBytes)).Decode(v)
+	case strings.Contains(ct, "application/octet-stream"):
+		// since the response is arbitrary binary data, we leave it to the user to decode it
+		return response, nil
+	default:
+		return nil, errors.New("could not build a response for type: " + ct)
+	}
+	if err == io.EOF {
+		err = nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return response, nil
+}
+
+// TODO check to use model_error
+// TODO copy body
+func (c *APIClient) checkResponseForError(resp *http.Response) error {
+	localVarBody, _ := ioutil.ReadAll(resp.Body)
+	resp.Body.Close()
+	resp.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+	if resp.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: resp.Status,
+		}
+		if resp.StatusCode == 403 {
+			var v Error
+			err := c.decode(&v, localVarBody, resp.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return newErr
+			}
+			newErr.model = v
+			return newErr
+		}
+		if resp.StatusCode == 404 {
+			var v Error
+			err := c.decode(&v, localVarBody, resp.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return newErr
+			}
+			newErr.model = v
+			return newErr
+		}
+		if resp.StatusCode == 429 {
+			var v Error
+			err := c.decode(&v, localVarBody, resp.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return newErr
+			}
+			newErr.model = v
+			return newErr
+		}
+	}
+	return nil
+}
+
+func (res *APIResponse) Next(v interface{}) (*APIResponse, error) {
+	if res.cli == nil {
+		return nil, errors.New("no initial response provided from previous request")
+	}
+	req, err := res.cli.prepareRequest(res.cli.cfg.Context, res.NextPage(), http.MethodGet, nil, map[string]string{"Accept": "application/json"}, nil, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := res.cli.do(res.cli.cfg.Context, req)
+	if err != nil {
+		return nil, err
+	}
+	return buildResponse(resp, res.cli, v)
+}
+
+func (res *APIResponse) Self() string {
+	return res.pg.Self()
+}
+
+func (res *APIResponse) NextPage() string {
+	return res.pg.NextPage()
+}
+
+func (res *APIResponse) HasNextPage() bool {
+	return res.pg.NextPage() != ""
+}
+
+type Pagination interface {
+	Self() string
+	NextPage() string
+}
+
+type PaginationInHeader struct {
+	r *http.Response
+}
+
+func newPaginationInHeader(r *http.Response) *PaginationInHeader {
+	return &PaginationInHeader{r: r}
+}
+
+func (pg *PaginationInHeader) Self() (self string) {
+	links := pg.r.Header["Link"]
+	if len(links) > 0 {
+		for _, link := range links {
+			splitLinkHeader := strings.Split(link, ";")
+			if len(splitLinkHeader) < 2 {
+				continue
+			}
+			rawLink := strings.TrimRight(strings.TrimLeft(splitLinkHeader[0], "<"), ">")
+			rawURL, _ := url.Parse(rawLink)
+			rawURL.Scheme = ""
+			rawURL.Host = ""
+			if pg.r.Request != nil {
+				q := pg.r.Request.URL.Query()
+				for k, v := range rawURL.Query() {
+					q.Set(k, v[0])
+				}
+				rawURL.RawQuery = q.Encode()
+			}
+			if strings.Contains(link, `rel="self"`) {
+				self = rawURL.String()
+			}
+		}
+	}
+	return
+}
+
+func (pg *PaginationInHeader) NextPage() (next string) {
+	links := pg.r.Header["Link"]
+	if len(links) > 0 {
+		for _, link := range links {
+			splitLinkHeader := strings.Split(link, ";")
+			if len(splitLinkHeader) < 2 {
+				continue
+			}
+			rawLink := strings.TrimRight(strings.TrimLeft(splitLinkHeader[0], "<"), ">")
+			rawURL, _ := url.Parse(rawLink)
+			rawURL.Scheme = ""
+			rawURL.Host = ""
+			if pg.r.Request != nil {
+				q := pg.r.Request.URL.Query()
+				for k, v := range rawURL.Query() {
+					q.Set(k, v[0])
+				}
+				rawURL.RawQuery = q.Encode()
+			}
+			if strings.Contains(link, `rel="next"`) {
+				next = rawURL.String()
+			}
+		}
+	}
+	return
+}
+
+type PaginationInBody struct{}
diff --git a/okta/responseLinks.go b/okta/responseLinks.go
deleted file mode 100644
index 458e55615..000000000
--- a/okta/responseLinks.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ResponseLinks struct {
-	Links interface{} `json:"_links,omitempty"`
-}
diff --git a/okta/retry_logic_test.go b/okta/retry_logic_test.go
new file mode 100644
index 000000000..d613cf8a6
--- /dev/null
+++ b/okta/retry_logic_test.go
@@ -0,0 +1,83 @@
+package okta
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/jarcoal/httpmock"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_429_Will_Automatically_Retry(t *testing.T) {
+	httpmock.Activate()
+	defer httpmock.DeactivateAndReset()
+	configuration := NewConfiguration()
+	configuration.Okta.Client.RateLimit.MaxRetries = 2
+	configuration.Debug = true
+	proxyClient := NewAPIClient(configuration)
+	httpmock.RegisterResponder("GET", "/api/v1/users",
+		MockResponse(
+			Mock429Response(),
+			MockValidResponse(),
+		),
+	)
+
+	_, resp, err := proxyClient.UserApi.ListUsers(apiClient.cfg.Context).Execute()
+	require.Nil(t, err, "Error should have been nil")
+	require.NotNil(t, resp, "Response was nil")
+
+	httpmock.GetTotalCallCount()
+	info := httpmock.GetCallCountInfo()
+	require.Equal(t, 2, info["GET /api/v1/users"], "did not make exactly 2 call to /api/v1/users")
+}
+
+func MockResponse(responses ...*http.Response) httpmock.Responder {
+	return func(req *http.Request) (*http.Response, error) {
+		httpmock.GetTotalCallCount()
+		info := httpmock.GetCallCountInfo()
+		count := info[req.Method+" "+req.URL.Path]
+
+		if len(responses) >= count {
+			return responses[count-1], nil
+		}
+
+		return nil, fmt.Errorf("no response found for call %v to %s", count, req.URL.Path)
+	}
+}
+
+func Mock429Response() *http.Response {
+	loc, _ := time.LoadLocation("UTC")
+	zulu := time.Now().In(loc)
+	header := http.Header{}
+	header.Add("X-Okta-Now", strconv.FormatInt(zulu.Unix(), 10))
+	header.Add("X-Rate-Limit-Reset", strconv.FormatInt(time.Now().Unix()+1, 10))
+	header.Add("X-Okta-Request-id", "a-request-id")
+	header.Add("Content-Type", "application/json")
+	header.Add("Date", zulu.Format("Mon, 02 Jan 2006 15:04:05 GMT"))
+
+	return &http.Response{
+		Status:        strconv.Itoa(429),
+		StatusCode:    429,
+		Body:          httpmock.NewRespBodyFromString("{}"),
+		Header:        header,
+		ContentLength: -1,
+	}
+}
+
+func MockValidResponse() *http.Response {
+	header := http.Header{}
+	header.Add("X-Okta-Request-id", "another-request-id")
+	header.Add("Content-Type", "application/json")
+	header.Add("Date", time.Now().Add(time.Second*10).Format(time.RFC3339))
+
+	return &http.Response{
+		Status:        strconv.Itoa(200),
+		StatusCode:    200,
+		Body:          httpmock.NewRespBodyFromString("[]"),
+		Header:        header,
+		ContentLength: -1,
+	}
+}
diff --git a/okta/riskPolicyRuleCondition.go b/okta/riskPolicyRuleCondition.go
deleted file mode 100644
index da687ccb4..000000000
--- a/okta/riskPolicyRuleCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type RiskPolicyRuleCondition struct {
-	Behaviors []string `json:"behaviors,omitempty"`
-}
-
-func NewRiskPolicyRuleCondition() *RiskPolicyRuleCondition {
-	return &RiskPolicyRuleCondition{}
-}
-
-func (a *RiskPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/riskScorePolicyRuleCondition.go b/okta/riskScorePolicyRuleCondition.go
deleted file mode 100644
index 117e2a609..000000000
--- a/okta/riskScorePolicyRuleCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type RiskScorePolicyRuleCondition struct {
-	Level string `json:"level,omitempty"`
-}
-
-func NewRiskScorePolicyRuleCondition() *RiskScorePolicyRuleCondition {
-	return &RiskScorePolicyRuleCondition{}
-}
-
-func (a *RiskScorePolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/role.go b/okta/role.go
deleted file mode 100644
index 8d401cfeb..000000000
--- a/okta/role.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type Role struct {
-	Embedded       interface{} `json:"_embedded,omitempty"`
-	Links          interface{} `json:"_links,omitempty"`
-	AssignmentType string      `json:"assignmentType,omitempty"`
-	Created        *time.Time  `json:"created,omitempty"`
-	Description    string      `json:"description,omitempty"`
-	Id             string      `json:"id,omitempty"`
-	Label          string      `json:"label,omitempty"`
-	LastUpdated    *time.Time  `json:"lastUpdated,omitempty"`
-	Status         string      `json:"status,omitempty"`
-	Type           string      `json:"type,omitempty"`
-}
diff --git a/okta/roleAssignmentType.go b/okta/roleAssignmentType.go
deleted file mode 100644
index de4ea39ed..000000000
--- a/okta/roleAssignmentType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type RoleAssignmentType string
diff --git a/okta/roleStatus.go b/okta/roleStatus.go
deleted file mode 100644
index 007d98966..000000000
--- a/okta/roleStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type RoleStatus string
diff --git a/okta/roleType.go b/okta/roleType.go
deleted file mode 100644
index eb4a56780..000000000
--- a/okta/roleType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type RoleType string
diff --git a/okta/samlApplication.go b/okta/samlApplication.go
deleted file mode 100644
index 8093210e6..000000000
--- a/okta/samlApplication.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type SamlApplication struct {
-	Embedded      interface{}               `json:"_embedded,omitempty"`
-	Links         interface{}               `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility `json:"accessibility,omitempty"`
-	Created       *time.Time                `json:"created,omitempty"`
-	Credentials   *ApplicationCredentials   `json:"credentials,omitempty"`
-	Features      []string                  `json:"features,omitempty"`
-	Id            string                    `json:"id,omitempty"`
-	Label         string                    `json:"label,omitempty"`
-	LastUpdated   *time.Time                `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing     `json:"licensing,omitempty"`
-	Name          string                    `json:"name,omitempty"`
-	Profile       interface{}               `json:"profile,omitempty"`
-	Settings      *SamlApplicationSettings  `json:"settings,omitempty"`
-	SignOnMode    string                    `json:"signOnMode,omitempty"`
-	Status        string                    `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility    `json:"visibility,omitempty"`
-}
-
-func NewSamlApplication() *SamlApplication {
-	return &SamlApplication{
-		SignOnMode: "SAML_2_0",
-	}
-}
-
-func (a *SamlApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/samlApplicationSettings.go b/okta/samlApplicationSettings.go
deleted file mode 100644
index 7dc2dd839..000000000
--- a/okta/samlApplicationSettings.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SamlApplicationSettings struct {
-	App                *ApplicationSettingsApplication   `json:"app,omitempty"`
-	ImplicitAssignment *bool                             `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                            `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes         `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications `json:"notifications,omitempty"`
-	SignOn             *SamlApplicationSettingsSignOn    `json:"signOn,omitempty"`
-}
diff --git a/okta/samlApplicationSettingsSignOn.go b/okta/samlApplicationSettingsSignOn.go
deleted file mode 100644
index 0c2d4bd08..000000000
--- a/okta/samlApplicationSettingsSignOn.go
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SamlApplicationSettingsSignOn struct {
-	AcsEndpoints              []*AcsEndpoint            `json:"acsEndpoints,omitempty"`
-	AllowMultipleAcsEndpoints *bool                     `json:"allowMultipleAcsEndpoints,omitempty"`
-	AssertionSigned           *bool                     `json:"assertionSigned,omitempty"`
-	AttributeStatements       []*SamlAttributeStatement `json:"attributeStatements"`
-	Audience                  string                    `json:"audience,omitempty"`
-	AudienceOverride          string                    `json:"audienceOverride"`
-	AuthnContextClassRef      string                    `json:"authnContextClassRef,omitempty"`
-	DefaultRelayState         string                    `json:"defaultRelayState"`
-	Destination               string                    `json:"destination,omitempty"`
-	DestinationOverride       string                    `json:"destinationOverride"`
-	DigestAlgorithm           string                    `json:"digestAlgorithm,omitempty"`
-	HonorForceAuthn           *bool                     `json:"honorForceAuthn,omitempty"`
-	IdpIssuer                 string                    `json:"idpIssuer,omitempty"`
-	InlineHooks               []*SignOnInlineHook       `json:"inlineHooks,omitempty"`
-	Recipient                 string                    `json:"recipient,omitempty"`
-	RecipientOverride         string                    `json:"recipientOverride"`
-	RequestCompressed         *bool                     `json:"requestCompressed,omitempty"`
-	ResponseSigned            *bool                     `json:"responseSigned,omitempty"`
-	SamlSignedRequestEnabled  *bool                     `json:"samlSignedRequestEnabled,omitempty"`
-	SignatureAlgorithm        string                    `json:"signatureAlgorithm,omitempty"`
-	Slo                       *SingleLogout             `json:"slo,omitempty"`
-	SpCertificate             *SpCertificate            `json:"spCertificate,omitempty"`
-	SpIssuer                  string                    `json:"spIssuer,omitempty"`
-	SsoAcsUrl                 string                    `json:"ssoAcsUrl,omitempty"`
-	SsoAcsUrlOverride         string                    `json:"ssoAcsUrlOverride"`
-	SubjectNameIdFormat       string                    `json:"subjectNameIdFormat,omitempty"`
-	SubjectNameIdTemplate     string                    `json:"subjectNameIdTemplate,omitempty"`
-}
diff --git a/okta/samlAttributeStatement.go b/okta/samlAttributeStatement.go
deleted file mode 100644
index bc21b970c..000000000
--- a/okta/samlAttributeStatement.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SamlAttributeStatement struct {
-	FilterType  string   `json:"filterType,omitempty"`
-	FilterValue string   `json:"filterValue,omitempty"`
-	Name        string   `json:"name,omitempty"`
-	Namespace   string   `json:"namespace,omitempty"`
-	Type        string   `json:"type,omitempty"`
-	Values      []string `json:"values,omitempty"`
-}
diff --git a/okta/scheduledUserLifecycleAction.go b/okta/scheduledUserLifecycleAction.go
deleted file mode 100644
index e69c6437b..000000000
--- a/okta/scheduledUserLifecycleAction.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ScheduledUserLifecycleAction struct {
-	Status string `json:"status,omitempty"`
-}
-
-func NewScheduledUserLifecycleAction() *ScheduledUserLifecycleAction {
-	return &ScheduledUserLifecycleAction{}
-}
-
-func (a *ScheduledUserLifecycleAction) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/schemeApplicationCredentials.go b/okta/schemeApplicationCredentials.go
deleted file mode 100644
index 0061e1c3e..000000000
--- a/okta/schemeApplicationCredentials.go
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SchemeApplicationCredentials struct {
-	Signing          *ApplicationCredentialsSigning          `json:"signing,omitempty"`
-	UserNameTemplate *ApplicationCredentialsUsernameTemplate `json:"userNameTemplate,omitempty"`
-	Password         *PasswordCredential                     `json:"password,omitempty"`
-	RevealPassword   *bool                                   `json:"revealPassword,omitempty"`
-	Scheme           string                                  `json:"scheme,omitempty"`
-	UserName         string                                  `json:"userName"`
-}
diff --git a/okta/scope.go b/okta/scope.go
deleted file mode 100644
index 31d2324b8..000000000
--- a/okta/scope.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type Scope struct {
-	AllowedOktaApps []*IframeEmbedScopeAllowedApps `json:"allowedOktaApps,omitempty"`
-	StringValue     string                         `json:"stringValue,omitempty"`
-	Type            string                         `json:"type,omitempty"`
-}
diff --git a/okta/scopeType.go b/okta/scopeType.go
deleted file mode 100644
index 509879cbb..000000000
--- a/okta/scopeType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ScopeType string
diff --git a/okta/securePasswordStoreApplication.go b/okta/securePasswordStoreApplication.go
deleted file mode 100644
index 541338bb4..000000000
--- a/okta/securePasswordStoreApplication.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type SecurePasswordStoreApplication struct {
-	Embedded      interface{}                             `json:"_embedded,omitempty"`
-	Links         interface{}                             `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility               `json:"accessibility,omitempty"`
-	Created       *time.Time                              `json:"created,omitempty"`
-	Credentials   *SchemeApplicationCredentials           `json:"credentials,omitempty"`
-	Features      []string                                `json:"features,omitempty"`
-	Id            string                                  `json:"id,omitempty"`
-	Label         string                                  `json:"label,omitempty"`
-	LastUpdated   *time.Time                              `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing                   `json:"licensing,omitempty"`
-	Name          string                                  `json:"name,omitempty"`
-	Profile       interface{}                             `json:"profile,omitempty"`
-	Settings      *SecurePasswordStoreApplicationSettings `json:"settings,omitempty"`
-	SignOnMode    string                                  `json:"signOnMode,omitempty"`
-	Status        string                                  `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility                  `json:"visibility,omitempty"`
-}
-
-func NewSecurePasswordStoreApplication() *SecurePasswordStoreApplication {
-	return &SecurePasswordStoreApplication{
-		Name:       "template_sps",
-		SignOnMode: "SECURE_PASSWORD_STORE",
-	}
-}
-
-func (a *SecurePasswordStoreApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/securePasswordStoreApplicationSettings.go b/okta/securePasswordStoreApplicationSettings.go
deleted file mode 100644
index bddfbad30..000000000
--- a/okta/securePasswordStoreApplicationSettings.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SecurePasswordStoreApplicationSettings struct {
-	App                *SecurePasswordStoreApplicationSettingsApplication `json:"app,omitempty"`
-	ImplicitAssignment *bool                                              `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                                             `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes                          `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications                  `json:"notifications,omitempty"`
-}
diff --git a/okta/securePasswordStoreApplicationSettingsApplication.go b/okta/securePasswordStoreApplicationSettingsApplication.go
deleted file mode 100644
index 3978fce2f..000000000
--- a/okta/securePasswordStoreApplicationSettingsApplication.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SecurePasswordStoreApplicationSettingsApplication struct {
-	OptionalField1      string `json:"optionalField1,omitempty"`
-	OptionalField1Value string `json:"optionalField1Value,omitempty"`
-	OptionalField2      string `json:"optionalField2,omitempty"`
-	OptionalField2Value string `json:"optionalField2Value,omitempty"`
-	OptionalField3      string `json:"optionalField3,omitempty"`
-	OptionalField3Value string `json:"optionalField3Value,omitempty"`
-	PasswordField       string `json:"passwordField,omitempty"`
-	Url                 string `json:"url,omitempty"`
-	UsernameField       string `json:"usernameField,omitempty"`
-}
diff --git a/okta/securityQuestion.go b/okta/securityQuestion.go
deleted file mode 100644
index 0f7edc614..000000000
--- a/okta/securityQuestion.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SecurityQuestion struct {
-	Answer       string `json:"answer,omitempty"`
-	Question     string `json:"question,omitempty"`
-	QuestionText string `json:"questionText,omitempty"`
-}
-
-func NewSecurityQuestion() *SecurityQuestion {
-	return &SecurityQuestion{}
-}
-
-func (a *SecurityQuestion) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/securityQuestionUserFactor.go b/okta/securityQuestionUserFactor.go
deleted file mode 100644
index 87a40f2a3..000000000
--- a/okta/securityQuestionUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type SecurityQuestionUserFactor struct {
-	Embedded    interface{}                        `json:"_embedded,omitempty"`
-	Links       interface{}                        `json:"_links,omitempty"`
-	Created     *time.Time                         `json:"created,omitempty"`
-	FactorType  string                             `json:"factorType,omitempty"`
-	Id          string                             `json:"id,omitempty"`
-	LastUpdated *time.Time                         `json:"lastUpdated,omitempty"`
-	Provider    string                             `json:"provider,omitempty"`
-	Status      string                             `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest               `json:"verify,omitempty"`
-	Profile     *SecurityQuestionUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewSecurityQuestionUserFactor() *SecurityQuestionUserFactor {
-	return &SecurityQuestionUserFactor{
-		FactorType: "question",
-	}
-}
-
-func (a *SecurityQuestionUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/securityQuestionUserFactorProfile.go b/okta/securityQuestionUserFactorProfile.go
deleted file mode 100644
index 975a27239..000000000
--- a/okta/securityQuestionUserFactorProfile.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SecurityQuestionUserFactorProfile struct {
-	Answer       string `json:"answer,omitempty"`
-	Question     string `json:"question,omitempty"`
-	QuestionText string `json:"questionText,omitempty"`
-}
-
-func NewSecurityQuestionUserFactorProfile() *SecurityQuestionUserFactorProfile {
-	return &SecurityQuestionUserFactorProfile{}
-}
-
-func (a *SecurityQuestionUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/seedEnum.go b/okta/seedEnum.go
deleted file mode 100644
index 3c3714670..000000000
--- a/okta/seedEnum.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SeedEnum string
diff --git a/okta/session.go b/okta/session.go
deleted file mode 100644
index 0ee3abdb0..000000000
--- a/okta/session.go
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-)
-
-type SessionResource resource
-
-type Session struct {
-	Links                    interface{}                    `json:"_links,omitempty"`
-	Amr                      []*SessionAuthenticationMethod `json:"amr,omitempty"`
-	CreatedAt                *time.Time                     `json:"createdAt,omitempty"`
-	ExpiresAt                *time.Time                     `json:"expiresAt,omitempty"`
-	Id                       string                         `json:"id,omitempty"`
-	Idp                      *SessionIdentityProvider       `json:"idp,omitempty"`
-	LastFactorVerification   *time.Time                     `json:"lastFactorVerification,omitempty"`
-	LastPasswordVerification *time.Time                     `json:"lastPasswordVerification,omitempty"`
-	Login                    string                         `json:"login,omitempty"`
-	Status                   string                         `json:"status,omitempty"`
-	UserId                   string                         `json:"userId,omitempty"`
-}
-
-// Get details about a session.
-func (m *SessionResource) GetSession(ctx context.Context, sessionId string) (*Session, *Response, error) {
-	url := fmt.Sprintf("/api/v1/sessions/%v", sessionId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var session *Session
-
-	resp, err := rq.Do(ctx, req, &session)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return session, resp, nil
-}
-
-func (m *SessionResource) EndSession(ctx context.Context, sessionId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/sessions/%v", sessionId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.
-func (m *SessionResource) CreateSession(ctx context.Context, body CreateSessionRequest) (*Session, *Response, error) {
-	url := fmt.Sprintf("/api/v1/sessions")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var session *Session
-
-	resp, err := rq.Do(ctx, req, &session)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return session, resp, nil
-}
-
-func (m *SessionResource) RefreshSession(ctx context.Context, sessionId string) (*Session, *Response, error) {
-	url := fmt.Sprintf("/api/v1/sessions/%v/lifecycle/refresh", sessionId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var session *Session
-
-	resp, err := rq.Do(ctx, req, &session)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return session, resp, nil
-}
diff --git a/okta/sessionAuthenticationMethod.go b/okta/sessionAuthenticationMethod.go
deleted file mode 100644
index 77ecd36aa..000000000
--- a/okta/sessionAuthenticationMethod.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SessionAuthenticationMethod string
diff --git a/okta/sessionIdentityProvider.go b/okta/sessionIdentityProvider.go
deleted file mode 100644
index bce066832..000000000
--- a/okta/sessionIdentityProvider.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SessionIdentityProvider struct {
-	Id   string `json:"id,omitempty"`
-	Type string `json:"type,omitempty"`
-}
diff --git a/okta/sessionIdentityProviderType.go b/okta/sessionIdentityProviderType.go
deleted file mode 100644
index 213014fcf..000000000
--- a/okta/sessionIdentityProviderType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SessionIdentityProviderType string
diff --git a/okta/sessionStatus.go b/okta/sessionStatus.go
deleted file mode 100644
index f3501d0fb..000000000
--- a/okta/sessionStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SessionStatus string
diff --git a/okta/signInPageTouchPointVariant.go b/okta/signInPageTouchPointVariant.go
deleted file mode 100644
index 95c4f19c8..000000000
--- a/okta/signInPageTouchPointVariant.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SignInPageTouchPointVariant string
diff --git a/okta/signOnInlineHook.go b/okta/signOnInlineHook.go
deleted file mode 100644
index 1e056ceef..000000000
--- a/okta/signOnInlineHook.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SignOnInlineHook struct {
-	Id string `json:"id,omitempty"`
-}
diff --git a/okta/singleLogout.go b/okta/singleLogout.go
deleted file mode 100644
index 09aa70c6f..000000000
--- a/okta/singleLogout.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SingleLogout struct {
-	Enabled   *bool  `json:"enabled,omitempty"`
-	Issuer    string `json:"issuer,omitempty"`
-	LogoutUrl string `json:"logoutUrl,omitempty"`
-}
diff --git a/okta/smsTemplate.go b/okta/smsTemplate.go
deleted file mode 100644
index ecffe9704..000000000
--- a/okta/smsTemplate.go
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type SmsTemplateResource resource
-
-type SmsTemplate struct {
-	Created      *time.Time               `json:"created,omitempty"`
-	Id           string                   `json:"id,omitempty"`
-	LastUpdated  *time.Time               `json:"lastUpdated,omitempty"`
-	Name         string                   `json:"name,omitempty"`
-	Template     string                   `json:"template,omitempty"`
-	Translations *SmsTemplateTranslations `json:"translations,omitempty"`
-	Type         string                   `json:"type,omitempty"`
-}
-
-// Adds a new custom SMS template to your organization.
-func (m *SmsTemplateResource) CreateSmsTemplate(ctx context.Context, body SmsTemplate) (*SmsTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/templates/sms")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var smsTemplate *SmsTemplate
-
-	resp, err := rq.Do(ctx, req, &smsTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return smsTemplate, resp, nil
-}
-
-// Fetches a specific template by &#x60;id&#x60;
-func (m *SmsTemplateResource) GetSmsTemplate(ctx context.Context, templateId string) (*SmsTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/templates/sms/%v", templateId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var smsTemplate *SmsTemplate
-
-	resp, err := rq.Do(ctx, req, &smsTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return smsTemplate, resp, nil
-}
-
-// Updates the SMS template.
-func (m *SmsTemplateResource) UpdateSmsTemplate(ctx context.Context, templateId string, body SmsTemplate) (*SmsTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/templates/sms/%v", templateId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var smsTemplate *SmsTemplate
-
-	resp, err := rq.Do(ctx, req, &smsTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return smsTemplate, resp, nil
-}
-
-// Removes an SMS template.
-func (m *SmsTemplateResource) DeleteSmsTemplate(ctx context.Context, templateId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/templates/sms/%v", templateId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.
-func (m *SmsTemplateResource) ListSmsTemplates(ctx context.Context, qp *query.Params) ([]*SmsTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/templates/sms")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var smsTemplate []*SmsTemplate
-
-	resp, err := rq.Do(ctx, req, &smsTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return smsTemplate, resp, nil
-}
-
-// Updates only some of the SMS template properties:
-func (m *SmsTemplateResource) PartialUpdateSmsTemplate(ctx context.Context, templateId string, body SmsTemplate) (*SmsTemplate, *Response, error) {
-	url := fmt.Sprintf("/api/v1/templates/sms/%v", templateId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var smsTemplate *SmsTemplate
-
-	resp, err := rq.Do(ctx, req, &smsTemplate)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return smsTemplate, resp, nil
-}
diff --git a/okta/smsTemplateTranslations.go b/okta/smsTemplateTranslations.go
deleted file mode 100644
index c873f6521..000000000
--- a/okta/smsTemplateTranslations.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SmsTemplateTranslations map[string]interface{}
diff --git a/okta/smsTemplateType.go b/okta/smsTemplateType.go
deleted file mode 100644
index ec520677b..000000000
--- a/okta/smsTemplateType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SmsTemplateType string
diff --git a/okta/smsUserFactor.go b/okta/smsUserFactor.go
deleted file mode 100644
index 079ed6875..000000000
--- a/okta/smsUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type SmsUserFactor struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	FactorType  string                `json:"factorType,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Provider    string                `json:"provider,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest  `json:"verify,omitempty"`
-	Profile     *SmsUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewSmsUserFactor() *SmsUserFactor {
-	return &SmsUserFactor{
-		FactorType: "sms",
-	}
-}
-
-func (a *SmsUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/smsUserFactorProfile.go b/okta/smsUserFactorProfile.go
deleted file mode 100644
index 24824c293..000000000
--- a/okta/smsUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SmsUserFactorProfile struct {
-	PhoneNumber string `json:"phoneNumber,omitempty"`
-}
-
-func NewSmsUserFactorProfile() *SmsUserFactorProfile {
-	return &SmsUserFactorProfile{}
-}
-
-func (a *SmsUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/socialAuthToken.go b/okta/socialAuthToken.go
deleted file mode 100644
index 44deeb914..000000000
--- a/okta/socialAuthToken.go
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type SocialAuthToken struct {
-	ExpiresAt       *time.Time `json:"expiresAt,omitempty"`
-	Id              string     `json:"id,omitempty"`
-	Scopes          []string   `json:"scopes,omitempty"`
-	Token           string     `json:"token,omitempty"`
-	TokenAuthScheme string     `json:"tokenAuthScheme,omitempty"`
-	TokenType       string     `json:"tokenType,omitempty"`
-}
-
-func (a *SocialAuthToken) UnmarshalJSON(data []byte) error {
-	if string(data) == "null" || string(data) == `""` {
-		return nil
-	}
-	var token map[string]interface{}
-	err := json.Unmarshal(data, &token)
-	if err != nil {
-		return err
-	}
-	if ea, found := token["expiresAt"]; found {
-		if expiresAt, err := time.Parse(time.RFC3339, ea.(string)); err == nil {
-			a.ExpiresAt = &expiresAt
-		}
-	}
-	a.Id, _ = token["id"].(string)
-	if scopes, found := token["scopes"]; found {
-		_scopes := scopes.([]interface{})
-		a.Scopes = make([]string, len(_scopes))
-		for i, scope := range _scopes {
-			a.Scopes[i] = scope.(string)
-		}
-	}
-	a.Token, _ = token["token"].(string)
-	a.TokenAuthScheme, _ = token["tokenAuthScheme"].(string)
-	a.TokenType, _ = token["tokenType"].(string)
-
-	return nil
-}
diff --git a/okta/spCertificate.go b/okta/spCertificate.go
deleted file mode 100644
index a956de0c5..000000000
--- a/okta/spCertificate.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SpCertificate struct {
-	X5c []string `json:"x5c,omitempty"`
-}
diff --git a/okta/subscription.go b/okta/subscription.go
deleted file mode 100644
index ccd67cff2..000000000
--- a/okta/subscription.go
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-)
-
-type SubscriptionResource resource
-
-type Subscription struct {
-	Links            interface{} `json:"_links,omitempty"`
-	Channels         []string    `json:"channels,omitempty"`
-	NotificationType string      `json:"notificationType,omitempty"`
-	Status           string      `json:"status,omitempty"`
-}
-
-// When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role
-func (m *SubscriptionResource) ListRoleSubscriptions(ctx context.Context, roleTypeOrRoleId string) ([]*Subscription, *Response, error) {
-	url := fmt.Sprintf("/api/v1/roles/%v/subscriptions", roleTypeOrRoleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var subscription []*Subscription
-
-	resp, err := rq.Do(ctx, req, &subscription)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return subscription, resp, nil
-}
-
-// When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.
-func (m *SubscriptionResource) GetRoleSubscriptionByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) (*Subscription, *Response, error) {
-	url := fmt.Sprintf("/api/v1/roles/%v/subscriptions/%v", roleTypeOrRoleId, notificationType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var subscription *Subscription
-
-	resp, err := rq.Do(ctx, req, &subscription)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return subscription, resp, nil
-}
-
-// When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.
-func (m *SubscriptionResource) SubscribeRoleSubscriptionByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/roles/%v/subscriptions/%v/subscribe", roleTypeOrRoleId, notificationType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.
-func (m *SubscriptionResource) UnsubscribeRoleSubscriptionByNotificationType(ctx context.Context, roleTypeOrRoleId string, notificationType string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/roles/%v/subscriptions/%v/unsubscribe", roleTypeOrRoleId, notificationType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
-func (m *SubscriptionResource) SubscribeUserSubscriptionByNotificationType(ctx context.Context, userId string, notificationType string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/subscriptions/%v/subscribe", userId, notificationType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
-func (m *SubscriptionResource) UnsubscribeUserSubscriptionByNotificationType(ctx context.Context, userId string, notificationType string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/subscriptions/%v/unsubscribe", userId, notificationType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
diff --git a/okta/subscriptionStatus.go b/okta/subscriptionStatus.go
deleted file mode 100644
index 8b78979e1..000000000
--- a/okta/subscriptionStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SubscriptionStatus string
diff --git a/okta/swaApplication.go b/okta/swaApplication.go
deleted file mode 100644
index bca4de3f1..000000000
--- a/okta/swaApplication.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type SwaApplication struct {
-	Credentials   *SchemeApplicationCredentials `json:"credentials,omitempty"`
-	Embedded      interface{}                   `json:"_embedded,omitempty"`
-	Links         interface{}                   `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility     `json:"accessibility,omitempty"`
-	Created       *time.Time                    `json:"created,omitempty"`
-	Features      []string                      `json:"features,omitempty"`
-	Id            string                        `json:"id,omitempty"`
-	Label         string                        `json:"label,omitempty"`
-	LastUpdated   *time.Time                    `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing         `json:"licensing,omitempty"`
-	Name          string                        `json:"name,omitempty"`
-	Profile       interface{}                   `json:"profile,omitempty"`
-	Settings      *SwaApplicationSettings       `json:"settings,omitempty"`
-	SignOnMode    string                        `json:"signOnMode,omitempty"`
-	Status        string                        `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility        `json:"visibility,omitempty"`
-}
-
-func NewSwaApplication() *SwaApplication {
-	return &SwaApplication{
-		Name:       "template_swa",
-		SignOnMode: "BROWSER_PLUGIN",
-	}
-}
-
-func (a *SwaApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/swaApplicationSettings.go b/okta/swaApplicationSettings.go
deleted file mode 100644
index 5767cdeae..000000000
--- a/okta/swaApplicationSettings.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SwaApplicationSettings struct {
-	App                *SwaApplicationSettingsApplication `json:"app,omitempty"`
-	ImplicitAssignment *bool                              `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                             `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes          `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications  `json:"notifications,omitempty"`
-}
diff --git a/okta/swaApplicationSettingsApplication.go b/okta/swaApplicationSettingsApplication.go
deleted file mode 100644
index 0c0abe430..000000000
--- a/okta/swaApplicationSettingsApplication.go
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SwaApplicationSettingsApplication struct {
-	ButtonField   string `json:"buttonField,omitempty"`
-	Checkbox      string `json:"checkbox,omitempty"`
-	LoginUrlRegex string `json:"loginUrlRegex,omitempty"`
-	PasswordField string `json:"passwordField,omitempty"`
-	RedirectUrl   string `json:"redirectUrl,omitempty"`
-	Url           string `json:"url,omitempty"`
-	UsernameField string `json:"usernameField,omitempty"`
-}
diff --git a/okta/swaThreeFieldApplication.go b/okta/swaThreeFieldApplication.go
deleted file mode 100644
index 5c977b7d9..000000000
--- a/okta/swaThreeFieldApplication.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type SwaThreeFieldApplication struct {
-	Credentials   *SchemeApplicationCredentials     `json:"credentials,omitempty"`
-	Embedded      interface{}                       `json:"_embedded,omitempty"`
-	Links         interface{}                       `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility         `json:"accessibility,omitempty"`
-	Created       *time.Time                        `json:"created,omitempty"`
-	Features      []string                          `json:"features,omitempty"`
-	Id            string                            `json:"id,omitempty"`
-	Label         string                            `json:"label,omitempty"`
-	LastUpdated   *time.Time                        `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing             `json:"licensing,omitempty"`
-	Name          string                            `json:"name,omitempty"`
-	Profile       interface{}                       `json:"profile,omitempty"`
-	Settings      *SwaThreeFieldApplicationSettings `json:"settings,omitempty"`
-	SignOnMode    string                            `json:"signOnMode,omitempty"`
-	Status        string                            `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility            `json:"visibility,omitempty"`
-}
-
-func NewSwaThreeFieldApplication() *SwaThreeFieldApplication {
-	return &SwaThreeFieldApplication{
-		Name:       "template_swa3field",
-		SignOnMode: "BROWSER_PLUGIN",
-	}
-}
-
-func (a *SwaThreeFieldApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/swaThreeFieldApplicationSettings.go b/okta/swaThreeFieldApplicationSettings.go
deleted file mode 100644
index f98b8d978..000000000
--- a/okta/swaThreeFieldApplicationSettings.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SwaThreeFieldApplicationSettings struct {
-	App                *SwaThreeFieldApplicationSettingsApplication `json:"app,omitempty"`
-	ImplicitAssignment *bool                                        `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                                       `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes                    `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications            `json:"notifications,omitempty"`
-}
diff --git a/okta/swaThreeFieldApplicationSettingsApplication.go b/okta/swaThreeFieldApplicationSettingsApplication.go
deleted file mode 100644
index 093ee9e52..000000000
--- a/okta/swaThreeFieldApplicationSettingsApplication.go
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type SwaThreeFieldApplicationSettingsApplication struct {
-	ButtonSelector     string `json:"buttonSelector,omitempty"`
-	ExtraFieldSelector string `json:"extraFieldSelector,omitempty"`
-	ExtraFieldValue    string `json:"extraFieldValue,omitempty"`
-	LoginUrlRegex      string `json:"loginUrlRegex,omitempty"`
-	PasswordSelector   string `json:"passwordSelector,omitempty"`
-	TargetURL          string `json:"targetURL,omitempty"`
-	UserNameSelector   string `json:"userNameSelector,omitempty"`
-}
diff --git a/okta/tempPassword.go b/okta/tempPassword.go
deleted file mode 100644
index 9ccfeb9d0..000000000
--- a/okta/tempPassword.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type TempPassword struct {
-	TempPassword string `json:"tempPassword,omitempty"`
-}
diff --git a/okta/test_helpers.go b/okta/test_helpers.go
new file mode 100644
index 000000000..e8f94db49
--- /dev/null
+++ b/okta/test_helpers.go
@@ -0,0 +1,325 @@
+package okta
+
+import (
+	"encoding/json"
+	"fmt"
+	"math/rand"
+	"time"
+)
+
+const (
+	charSetAlphaUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	charSetAlphaLower = "abcdefghijklmnopqrstuvwxyz"
+	charSetNumeric    = "0123456789"
+	charSetAlpha      = charSetAlphaLower + charSetAlphaUpper + charSetNumeric
+	testPrefix        = "SDK_TEST_"
+)
+
+func randomEmail() string {
+	return randomTestString() + "@example.com"
+}
+
+// randStringFromCharSet generates a random string of 15 lower case letters
+func randomTestString() string {
+	rand.Seed(time.Now().UnixNano())
+	result := make([]byte, 15)
+	for i := 0; i < 15; i++ {
+		result[i] = charSetAlphaLower[rand.Intn(len(charSetAlphaLower))]
+	}
+	return testPrefix + string(result)
+}
+
+// testPassword generates a random string of at least 4 characters in length
+func testPassword(length int) string {
+	if length < 5 {
+		length = 4
+	}
+	result := make([]byte, length)
+	result[0] = charSetAlphaLower[rand.Intn(len(charSetAlphaLower))]
+	result[1] = charSetAlphaUpper[rand.Intn(len(charSetAlphaUpper))]
+	result[2] = charSetNumeric[rand.Intn(len(charSetNumeric))]
+	for i := 3; i < length; i++ {
+		result[i] = charSetAlpha[rand.Intn(len(charSetAlpha))]
+	}
+	return string(result)
+}
+
+func testName(name string) string {
+	s := fmt.Sprintf("%s %s", randomTestString(), name)
+	if len(s) > 50 {
+		s = s[:50]
+	}
+	return s
+}
+
+func contain(searchPhrase string, searchList []string) (res bool) {
+	for _, searchResult := range searchList {
+		if searchPhrase == searchResult {
+			res = true
+			break
+		}
+	}
+	return
+}
+
+type TestFactory struct{}
+
+var testFactory TestFactory
+
+func (t *TestFactory) NewValidTestUserProfile() UserProfile {
+	email := randomEmail()
+	firstName := "John"
+	lastName := "Doe"
+	return UserProfile{
+		FirstName: NullableString{value: &firstName, isSet: true},
+		LastName:  NullableString{value: &lastName, isSet: true},
+		Email:     &email,
+		Login:     &email,
+	}
+}
+
+func (t *TestFactory) NewValidTestUserCredentialsWithPassword() *UserCredentials {
+	pc := t.NewValidTestPasswordCredential()
+	return &UserCredentials{Password: pc}
+}
+
+func (t *TestFactory) NewValidTestPasswordCredential() *PasswordCredential {
+	p := testPassword(10)
+	return &PasswordCredential{Value: &p}
+}
+
+func (t *TestFactory) NewValidTestRecoveryQuestionCredential() *RecoveryQuestionCredential {
+	question := "How many roads must a man walk down?"
+	answer := "forty two"
+	return &RecoveryQuestionCredential{Question: &question, Answer: &answer}
+}
+
+func (t *TestFactory) NewValidTestIdentityProvider() *IdentityProvider {
+	res := IdentityProvider{}
+	res.SetType(IDENTITYPROVIDERTYPE_OIDC)
+	res.SetName(randomTestString())
+	res.SetProtocol(*t.NewValidTestProtocol())
+	res.SetPolicy(*t.NewValidTestIdentityProviderPolicy())
+	return &res
+}
+
+func (t *TestFactory) NewValidTestProtocol() *Protocol {
+	payload := `{
+		"algorithms": {
+			"request": {
+				"signature": {
+					"algorithm": "SHA-256",
+					"scope": "REQUEST"
+				}
+			},
+			"response": {
+				"signature": {
+					"algorithm": "SHA-256",
+					"scope": "ANY"
+				}
+			}
+		},
+		"endpoints": {
+			"acs": {
+				"binding": "HTTP-POST",
+				"type": "INSTANCE"
+			},
+			"authorization": {
+				"binding": "HTTP-REDIRECT",
+				"url": "https://idp.example.com/authorize"
+			},
+			"token": {
+				"binding": "HTTP-POST",
+				"url": "https://idp.example.com/token"
+			},
+			"userInfo": {
+				"binding": "HTTP-REDIRECT",
+				"url": "https://idp.example.com/userinfo"
+			},
+			"jwks": {
+				"binding": "HTTP-REDIRECT",
+				"url": "https://idp.example.com/keys"
+			}
+		},
+		"scopes": [
+			"openid",
+			"profile",
+			"email"
+		],
+		"type": "OIDC",
+		"credentials": {
+			"client": {
+				"client_id": "your-client-id",
+				"client_secret": "your-client-secret"
+			}
+		},
+		"issuer": {
+			"url": "https://idp.example.com"
+		}
+	}`
+	var ptc Protocol
+	err := json.Unmarshal([]byte(payload), &ptc)
+	if err != nil {
+		return nil
+	}
+	return &ptc
+}
+
+func (t *TestFactory) NewValidTestIdentityProviderPolicy() *IdentityProviderPolicy {
+	payload := `{
+		"accountLink": {
+			"action": "AUTO",
+			"filter": null
+		},
+		"provisioning": {
+			"action": "AUTO",
+			"conditions": {
+				"deprovisioned": {
+					"action": "NONE"
+				},
+				"suspended": {
+					"action": "NONE"
+				}
+			},
+			"groups": {
+				"action": "NONE"
+			}
+		},
+		"maxClockSkew": 120000,
+		"subject": {
+			"userNameTemplate": {
+				"template": "idpuser.email"
+			},
+			"matchType": "USERNAME"
+		}
+	
+	}`
+	var policy IdentityProviderPolicy
+	err := json.Unmarshal([]byte(payload), &policy)
+	if err != nil {
+		return nil
+	}
+	return &policy
+}
+
+func (t *TestFactory) NewValidTestJsonWebKey() *JsonWebKey {
+	keys := []string{`@"MIIDnjCCAoagAwIBAgIGAVG3MN+PMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p
+	YTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMM
+	B2V4YW1wbGUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTUxMjE4MjIyMjMyWhcNMjUxMjE4MjIyMzMyWjCB
+	jzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9r
+	dGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdleGFtcGxlMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29t
+	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcnyvuVCrsFEKCwHDenS3Ocjed8eWDv3zLtD2K/iZfE8BMj2wpTf
+	n6Ry8zCYey3mWlKdxIybnV9amrujGRnE0ab6Q16v9D6RlFQLOG6dwqoRKuZy33Uyg8PGdEudZjGbWuKCqqXEp+UKALJHV+k4
+	wWeVH8g5d1n3KyR2TVajVJpCrPhLFmq1Il4G/IUnPe4MvjXqB6CpKkog1+ThWsItPRJPAM+RweFHXq7KfChXsYE7Mmfuly8s
+	DQlvBmQyxZnFHVuiPfCvGHJjpvHy11YlHdOjfgqHRvZbmo30+y0X/oY/yV4YEJ00LL6eJWU4wi7ViY3HP6/VCdRjHoRdr5L/
+	DwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCzzhOFkvyYLNFj2WDcq1YqD4sBy1iCia9QpRH3rjQvMKDwQDYWbi6EdOX0TQ/I
+	YR7UWGj+2pXd6v0t33lYtoKocp/4lUvT3tfBnWZ5KnObi+J2uY2teUqoYkASN7F+GRPVOuMVoVgm05ss8tuMb2dLc9vsx93s
+	Dt+XlMTv/2qi5VPwaDtqduKkzwW9lUfn4xIMkTiVvCpe0X2HneD2Bpuao3/U8Rk0uiPfq6TooWaoW3kjsmErhEAs9bA7xuqo
+	1KKY9CdHcFhkSsMhoeaZylZHtzbnoipUlQKSLMdJQiiYZQ0bYL83/Ta9fulr1EERICMFt3GUmtYaZZKHpWSfdJp9"`}
+	return &JsonWebKey{X5c: keys}
+}
+
+func (t *TestFactory) NewValidTestCSRMetadata() *CsrMetadata {
+	payload := `{
+		"subject": {
+		  "countryName"            : "US",
+		  "stateOrProvinceName"    : "California",
+		  "localityName"           : "San Francisco",
+		  "organizationName"       : "Okta, Inc.",
+		  "organizationalUnitName" : "Dev",
+		  "commonName"             : "SP Issuer"
+		},
+		"subjectAltNames": 
+		  {
+			"dnsNames": [ "dev.example.com" ] 
+		  }
+	  }`
+	var csrm CsrMetadata
+	err := json.Unmarshal([]byte(payload), &csrm)
+	if err != nil {
+		return nil
+	}
+	return &csrm
+}
+
+func (t *TestFactory) NewValidAccessPolicy(name string) *AccessPolicy {
+	policyRule := NewPolicyRuleConditions()
+	res := AccessPolicy{}
+	res.SetType(POLICYTYPE_ACCESS_POLICY)
+	res.SetDescription(randomTestString())
+	res.SetPriority(int32(1))
+	res.SetConditions(*policyRule)
+	res.SetName(name)
+	return &res
+}
+
+func (t *TestFactory) NewValidBasicAuthApplication(label string) *BasicAuthApplication {
+	app := NewBasicApplicationSettingsApplication()
+	app.SetAuthURL("https://example.com/auth.html")
+	app.SetUrl("https://example.com/auth.html")
+	setting := NewBasicApplicationSettings()
+	setting.SetApp(*app)
+	res := BasicAuthApplication{}
+	res.SetSettings(*setting)
+	res.SetName("template_basic_auth")
+	res.SetSignOnMode(APPLICATIONSIGNONMODE_BASIC_AUTH)
+	res.SetLabel(label)
+	return &res
+}
+
+func (t *TestFactory) NewValidBookmarkApplication(label string) *BookmarkApplication {
+	app := NewBookmarkApplicationSettingsApplication()
+	app.SetRequestIntegration(false)
+	app.SetUrl("https://example.com/bookmark.html")
+	setting := NewBookmarkApplicationSettings()
+	setting.SetApp(*app)
+	res := BookmarkApplication{}
+	res.SetSettings(*setting)
+	res.SetName("bookmark")
+	res.SetSignOnMode(APPLICATIONSIGNONMODE_BOOKMARK)
+	res.SetLabel(label)
+	return &res
+}
+
+func (t *TestFactory) NewValidOrg2OrgApplication(label string) *SamlApplication {
+	app := NewSamlApplicationSettingsApplication()
+	app.SetAcsUrl("https://example.okta.com/sso/saml2/exampleid")
+	app.SetAudRestriction("https://www.okta.com/saml2/service-provider/examplei")
+	app.SetBaseUrl("https://example.okta.com")
+	setting := NewSamlApplicationSettings()
+	setting.SetApp(*app)
+	res := SamlApplication{}
+	res.SetSettings(*setting)
+	res.SetName("okta_org2org")
+	res.SetSignOnMode(APPLICATIONSIGNONMODE_SAML_2_0)
+	res.SetLabel(label)
+	return &res
+}
+
+func (t *TestFactory) NewValidOIDCApplication(label string) *OpenIdConnectApplication {
+	settingClient := NewOpenIdConnectApplicationSettingsClient()
+	settingClient.SetClientUri("https://example.com/client")
+	settingClient.SetLogoUri("https://example.com/assets/images/logo-new.png")
+	settingClient.SetResponseTypes([]OAuthResponseType{OAUTHRESPONSETYPE_TOKEN, OAUTHRESPONSETYPE_ID_TOKEN, OAUTHRESPONSETYPE_CODE})
+	settingClient.SetRedirectUris([]string{"https://example.com/oauth2/callback", "myapp://callback"})
+	settingClient.SetPostLogoutRedirectUris([]string{"https://example.com/postlogout", "myapp://postlogoutcallback"})
+	settingClient.SetGrantTypes([]OAuthGrantType{OAUTHGRANTTYPE_IMPLICIT, OAUTHGRANTTYPE_AUTHORIZATION_CODE})
+	settingClient.SetApplicationType(OPENIDCONNECTAPPLICATIONTYPE_NATIVE)
+	settingClient.SetTosUri("https://example.com/client/tos")
+	settingClient.SetPolicyUri("https://example.com/client/policy")
+	setting := NewOpenIdConnectApplicationSettings()
+	setting.SetOauthClient(*settingClient)
+	credClient := NewApplicationCredentialsOAuthClient()
+	credClient.SetTokenEndpointAuthMethod(OAUTHENDPOINTAUTHENTICATIONMETHOD_CLIENT_SECRET_POST)
+	credClient.SetClientId(randomTestString())
+	credClient.SetAutoKeyRotation(true)
+	credentials := NewOAuthApplicationCredentials()
+	credentials.SetOauthClient(*credClient)
+	res := OpenIdConnectApplication{}
+	res.SetSettings(*setting)
+	res.SetCredentials(*credentials)
+	res.SetName("oidc_client")
+	res.SetSignOnMode(APPLICATIONSIGNONMODE_OPENID_CONNECT)
+	res.SetLabel(label)
+	return &res
+}
diff --git a/okta/theme.go b/okta/theme.go
deleted file mode 100644
index 8cda0f01a..000000000
--- a/okta/theme.go
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-)
-
-type ThemeResource resource
-
-type Theme struct {
-	Links                             interface{} `json:"_links,omitempty"`
-	BackgroundImage                   string      `json:"backgroundImage,omitempty"`
-	EmailTemplateTouchPointVariant    string      `json:"emailTemplateTouchPointVariant,omitempty"`
-	EndUserDashboardTouchPointVariant string      `json:"endUserDashboardTouchPointVariant,omitempty"`
-	ErrorPageTouchPointVariant        string      `json:"errorPageTouchPointVariant,omitempty"`
-	PrimaryColorContrastHex           string      `json:"primaryColorContrastHex,omitempty"`
-	PrimaryColorHex                   string      `json:"primaryColorHex,omitempty"`
-	SecondaryColorContrastHex         string      `json:"secondaryColorContrastHex,omitempty"`
-	SecondaryColorHex                 string      `json:"secondaryColorHex,omitempty"`
-	SignInPageTouchPointVariant       string      `json:"signInPageTouchPointVariant,omitempty"`
-}
-
-// Fetches a theme for a brand
-func (m *ThemeResource) GetBrandTheme(ctx context.Context, brandId string, themeId string) (*ThemeResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var themeResponse *ThemeResponse
-
-	resp, err := rq.Do(ctx, req, &themeResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return themeResponse, resp, nil
-}
-
-// Updates a theme for a brand
-func (m *ThemeResource) UpdateBrandTheme(ctx context.Context, brandId string, themeId string, body Theme) (*ThemeResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/brands/%v/themes/%v", brandId, themeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var themeResponse *ThemeResponse
-
-	resp, err := rq.Do(ctx, req, &themeResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return themeResponse, resp, nil
-}
diff --git a/okta/themeResponse.go b/okta/themeResponse.go
deleted file mode 100644
index 7251093ac..000000000
--- a/okta/themeResponse.go
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type ThemeResponse struct {
-	Links                             interface{} `json:"_links,omitempty"`
-	BackgroundImage                   string      `json:"backgroundImage,omitempty"`
-	EmailTemplateTouchPointVariant    string      `json:"emailTemplateTouchPointVariant,omitempty"`
-	EndUserDashboardTouchPointVariant string      `json:"endUserDashboardTouchPointVariant,omitempty"`
-	ErrorPageTouchPointVariant        string      `json:"errorPageTouchPointVariant,omitempty"`
-	Favicon                           string      `json:"favicon,omitempty"`
-	Id                                string      `json:"id,omitempty"`
-	Logo                              string      `json:"logo,omitempty"`
-	PrimaryColorContrastHex           string      `json:"primaryColorContrastHex,omitempty"`
-	PrimaryColorHex                   string      `json:"primaryColorHex,omitempty"`
-	SecondaryColorContrastHex         string      `json:"secondaryColorContrastHex,omitempty"`
-	SecondaryColorHex                 string      `json:"secondaryColorHex,omitempty"`
-	SignInPageTouchPointVariant       string      `json:"signInPageTouchPointVariant,omitempty"`
-}
diff --git a/okta/threatInsightConfiguration.go b/okta/threatInsightConfiguration.go
deleted file mode 100644
index 99942a08a..000000000
--- a/okta/threatInsightConfiguration.go
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-)
-
-type ThreatInsightConfigurationResource resource
-
-type ThreatInsightConfiguration struct {
-	Links        interface{} `json:"_links,omitempty"`
-	Action       string      `json:"action,omitempty"`
-	Created      *time.Time  `json:"created,omitempty"`
-	ExcludeZones []string    `json:"excludeZones,omitempty"`
-	LastUpdated  *time.Time  `json:"lastUpdated,omitempty"`
-}
-
-// Gets current ThreatInsight configuration
-func (m *ThreatInsightConfigurationResource) GetCurrentConfiguration(ctx context.Context) (*ThreatInsightConfiguration, *Response, error) {
-	url := fmt.Sprintf("/api/v1/threats/configuration")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var threatInsightConfiguration *ThreatInsightConfiguration
-
-	resp, err := rq.Do(ctx, req, &threatInsightConfiguration)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return threatInsightConfiguration, resp, nil
-}
-
-// Updates ThreatInsight configuration
-func (m *ThreatInsightConfigurationResource) UpdateConfiguration(ctx context.Context, body ThreatInsightConfiguration) (*ThreatInsightConfiguration, *Response, error) {
-	url := fmt.Sprintf("/api/v1/threats/configuration")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var threatInsightConfiguration *ThreatInsightConfiguration
-
-	resp, err := rq.Do(ctx, req, &threatInsightConfiguration)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return threatInsightConfiguration, resp, nil
-}
diff --git a/okta/tokenAuthorizationServerPolicyRuleAction.go b/okta/tokenAuthorizationServerPolicyRuleAction.go
deleted file mode 100644
index a0f27de46..000000000
--- a/okta/tokenAuthorizationServerPolicyRuleAction.go
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type TokenAuthorizationServerPolicyRuleAction struct {
-	AccessTokenLifetimeMinutes     int64                                               `json:"-"`
-	AccessTokenLifetimeMinutesPtr  *int64                                              `json:"accessTokenLifetimeMinutes"`
-	InlineHook                     *TokenAuthorizationServerPolicyRuleActionInlineHook `json:"inlineHook,omitempty"`
-	RefreshTokenLifetimeMinutes    int64                                               `json:"-"`
-	RefreshTokenLifetimeMinutesPtr *int64                                              `json:"refreshTokenLifetimeMinutes"`
-	RefreshTokenWindowMinutes      int64                                               `json:"-"`
-	RefreshTokenWindowMinutesPtr   *int64                                              `json:"refreshTokenWindowMinutes"`
-}
-
-func (a *TokenAuthorizationServerPolicyRuleAction) MarshalJSON() ([]byte, error) {
-	type Alias TokenAuthorizationServerPolicyRuleAction
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.AccessTokenLifetimeMinutes != 0 {
-		result.AccessTokenLifetimeMinutesPtr = Int64Ptr(a.AccessTokenLifetimeMinutes)
-	}
-	if a.RefreshTokenLifetimeMinutes != 0 {
-		result.RefreshTokenLifetimeMinutesPtr = Int64Ptr(a.RefreshTokenLifetimeMinutes)
-	}
-	if a.RefreshTokenWindowMinutes != 0 {
-		result.RefreshTokenWindowMinutesPtr = Int64Ptr(a.RefreshTokenWindowMinutes)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *TokenAuthorizationServerPolicyRuleAction) UnmarshalJSON(data []byte) error {
-	type Alias TokenAuthorizationServerPolicyRuleAction
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.AccessTokenLifetimeMinutesPtr != nil {
-		a.AccessTokenLifetimeMinutes = *result.AccessTokenLifetimeMinutesPtr
-		a.AccessTokenLifetimeMinutesPtr = result.AccessTokenLifetimeMinutesPtr
-	}
-	if result.RefreshTokenLifetimeMinutesPtr != nil {
-		a.RefreshTokenLifetimeMinutes = *result.RefreshTokenLifetimeMinutesPtr
-		a.RefreshTokenLifetimeMinutesPtr = result.RefreshTokenLifetimeMinutesPtr
-	}
-	if result.RefreshTokenWindowMinutesPtr != nil {
-		a.RefreshTokenWindowMinutes = *result.RefreshTokenWindowMinutesPtr
-		a.RefreshTokenWindowMinutesPtr = result.RefreshTokenWindowMinutesPtr
-	}
-	return nil
-}
diff --git a/okta/tokenAuthorizationServerPolicyRuleActionInlineHook.go b/okta/tokenAuthorizationServerPolicyRuleActionInlineHook.go
deleted file mode 100644
index 173017811..000000000
--- a/okta/tokenAuthorizationServerPolicyRuleActionInlineHook.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type TokenAuthorizationServerPolicyRuleActionInlineHook struct {
-	Id string `json:"id,omitempty"`
-}
diff --git a/okta/tokenUserFactor.go b/okta/tokenUserFactor.go
deleted file mode 100644
index 44ea5307a..000000000
--- a/okta/tokenUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type TokenUserFactor struct {
-	Embedded    interface{}             `json:"_embedded,omitempty"`
-	Links       interface{}             `json:"_links,omitempty"`
-	Created     *time.Time              `json:"created,omitempty"`
-	FactorType  string                  `json:"factorType,omitempty"`
-	Id          string                  `json:"id,omitempty"`
-	LastUpdated *time.Time              `json:"lastUpdated,omitempty"`
-	Provider    string                  `json:"provider,omitempty"`
-	Status      string                  `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest    `json:"verify,omitempty"`
-	Profile     *TokenUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewTokenUserFactor() *TokenUserFactor {
-	return &TokenUserFactor{
-		FactorType: "token",
-	}
-}
-
-func (a *TokenUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/tokenUserFactorProfile.go b/okta/tokenUserFactorProfile.go
deleted file mode 100644
index 297428ae6..000000000
--- a/okta/tokenUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type TokenUserFactorProfile struct {
-	CredentialId string `json:"credentialId,omitempty"`
-}
-
-func NewTokenUserFactorProfile() *TokenUserFactorProfile {
-	return &TokenUserFactorProfile{}
-}
-
-func (a *TokenUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/totpUserFactor.go b/okta/totpUserFactor.go
deleted file mode 100644
index f4c9e863f..000000000
--- a/okta/totpUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type TotpUserFactor struct {
-	Embedded    interface{}            `json:"_embedded,omitempty"`
-	Links       interface{}            `json:"_links,omitempty"`
-	Created     *time.Time             `json:"created,omitempty"`
-	FactorType  string                 `json:"factorType,omitempty"`
-	Id          string                 `json:"id,omitempty"`
-	LastUpdated *time.Time             `json:"lastUpdated,omitempty"`
-	Provider    string                 `json:"provider,omitempty"`
-	Status      string                 `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest   `json:"verify,omitempty"`
-	Profile     *TotpUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewTotpUserFactor() *TotpUserFactor {
-	return &TotpUserFactor{
-		FactorType: "token:software:totp",
-	}
-}
-
-func (a *TotpUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/totpUserFactorProfile.go b/okta/totpUserFactorProfile.go
deleted file mode 100644
index 695cd7d4e..000000000
--- a/okta/totpUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type TotpUserFactorProfile struct {
-	CredentialId string `json:"credentialId,omitempty"`
-}
-
-func NewTotpUserFactorProfile() *TotpUserFactorProfile {
-	return &TotpUserFactorProfile{}
-}
-
-func (a *TotpUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/trustedOrigin.go b/okta/trustedOrigin.go
deleted file mode 100644
index db36001ca..000000000
--- a/okta/trustedOrigin.go
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type TrustedOriginResource resource
-
-type TrustedOrigin struct {
-	Links         interface{} `json:"_links,omitempty"`
-	Created       *time.Time  `json:"created,omitempty"`
-	CreatedBy     string      `json:"createdBy,omitempty"`
-	Id            string      `json:"id,omitempty"`
-	LastUpdated   *time.Time  `json:"lastUpdated,omitempty"`
-	LastUpdatedBy string      `json:"lastUpdatedBy,omitempty"`
-	Name          string      `json:"name,omitempty"`
-	Origin        string      `json:"origin,omitempty"`
-	Scopes        []*Scope    `json:"scopes,omitempty"`
-	Status        string      `json:"status,omitempty"`
-}
-
-func (m *TrustedOriginResource) CreateOrigin(ctx context.Context, body TrustedOrigin) (*TrustedOrigin, *Response, error) {
-	url := fmt.Sprintf("/api/v1/trustedOrigins")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var trustedOrigin *TrustedOrigin
-
-	resp, err := rq.Do(ctx, req, &trustedOrigin)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return trustedOrigin, resp, nil
-}
-
-func (m *TrustedOriginResource) GetOrigin(ctx context.Context, trustedOriginId string) (*TrustedOrigin, *Response, error) {
-	url := fmt.Sprintf("/api/v1/trustedOrigins/%v", trustedOriginId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var trustedOrigin *TrustedOrigin
-
-	resp, err := rq.Do(ctx, req, &trustedOrigin)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return trustedOrigin, resp, nil
-}
-
-func (m *TrustedOriginResource) UpdateOrigin(ctx context.Context, trustedOriginId string, body TrustedOrigin) (*TrustedOrigin, *Response, error) {
-	url := fmt.Sprintf("/api/v1/trustedOrigins/%v", trustedOriginId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var trustedOrigin *TrustedOrigin
-
-	resp, err := rq.Do(ctx, req, &trustedOrigin)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return trustedOrigin, resp, nil
-}
-
-func (m *TrustedOriginResource) DeleteOrigin(ctx context.Context, trustedOriginId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/trustedOrigins/%v", trustedOriginId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *TrustedOriginResource) ListOrigins(ctx context.Context, qp *query.Params) ([]*TrustedOrigin, *Response, error) {
-	url := fmt.Sprintf("/api/v1/trustedOrigins")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var trustedOrigin []*TrustedOrigin
-
-	resp, err := rq.Do(ctx, req, &trustedOrigin)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return trustedOrigin, resp, nil
-}
-
-func (m *TrustedOriginResource) ActivateOrigin(ctx context.Context, trustedOriginId string) (*TrustedOrigin, *Response, error) {
-	url := fmt.Sprintf("/api/v1/trustedOrigins/%v/lifecycle/activate", trustedOriginId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var trustedOrigin *TrustedOrigin
-
-	resp, err := rq.Do(ctx, req, &trustedOrigin)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return trustedOrigin, resp, nil
-}
-
-func (m *TrustedOriginResource) DeactivateOrigin(ctx context.Context, trustedOriginId string) (*TrustedOrigin, *Response, error) {
-	url := fmt.Sprintf("/api/v1/trustedOrigins/%v/lifecycle/deactivate", trustedOriginId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var trustedOrigin *TrustedOrigin
-
-	resp, err := rq.Do(ctx, req, &trustedOrigin)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return trustedOrigin, resp, nil
-}
diff --git a/okta/u2fUserFactor.go b/okta/u2fUserFactor.go
deleted file mode 100644
index e50e63b2d..000000000
--- a/okta/u2fUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type U2fUserFactor struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	FactorType  string                `json:"factorType,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Provider    string                `json:"provider,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest  `json:"verify,omitempty"`
-	Profile     *U2fUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewU2fUserFactor() *U2fUserFactor {
-	return &U2fUserFactor{
-		FactorType: "u2f",
-	}
-}
-
-func (a *U2fUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/u2fUserFactorProfile.go b/okta/u2fUserFactorProfile.go
deleted file mode 100644
index 7f62ffcfe..000000000
--- a/okta/u2fUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type U2fUserFactorProfile struct {
-	CredentialId string `json:"credentialId,omitempty"`
-}
-
-func NewU2fUserFactorProfile() *U2fUserFactorProfile {
-	return &U2fUserFactorProfile{}
-}
-
-func (a *U2fUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/user.go b/okta/user.go
deleted file mode 100644
index fd0c9f874..000000000
--- a/okta/user.go
+++ /dev/null
@@ -1,1177 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type UserResource resource
-
-type User struct {
-	Embedded              interface{}      `json:"_embedded,omitempty"`
-	Links                 interface{}      `json:"_links,omitempty"`
-	Activated             *time.Time       `json:"activated,omitempty"`
-	Created               *time.Time       `json:"created,omitempty"`
-	Credentials           *UserCredentials `json:"credentials,omitempty"`
-	Id                    string           `json:"id,omitempty"`
-	LastLogin             *time.Time       `json:"lastLogin,omitempty"`
-	LastUpdated           *time.Time       `json:"lastUpdated,omitempty"`
-	PasswordChanged       *time.Time       `json:"passwordChanged,omitempty"`
-	Profile               *UserProfile     `json:"profile,omitempty"`
-	Status                string           `json:"status,omitempty"`
-	StatusChanged         *time.Time       `json:"statusChanged,omitempty"`
-	TransitioningToStatus string           `json:"transitioningToStatus,omitempty"`
-	Type                  *UserType        `json:"type,omitempty"`
-}
-
-// Creates a new user in your Okta organization with or without credentials.
-func (m *UserResource) CreateUser(ctx context.Context, body CreateUserRequest, qp *query.Params) (*User, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var user *User
-
-	resp, err := rq.Do(ctx, req, &user)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return user, resp, nil
-}
-
-// Fetches a user from your Okta organization.
-func (m *UserResource) GetUser(ctx context.Context, userId string) (*User, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var user *User
-
-	resp, err := rq.Do(ctx, req, &user)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return user, resp, nil
-}
-
-// Update a user&#x27;s profile and/or credentials using strict-update semantics.
-func (m *UserResource) UpdateUser(ctx context.Context, userId string, body User, qp *query.Params) (*User, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var user *User
-
-	resp, err := rq.Do(ctx, req, &user)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return user, resp, nil
-}
-
-// Deletes a user permanently.  This operation can only be performed on users that have a &#x60;DEPROVISIONED&#x60; status.  **This action cannot be recovered!**
-func (m *UserResource) DeactivateOrDeleteUser(ctx context.Context, userId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Lists users that do not have a status of &#x27;DEPROVISIONED&#x27; (by default), up to the maximum (200 for most orgs), with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.
-func (m *UserResource) ListUsers(ctx context.Context, qp *query.Params) ([]*User, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users")
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var user []*User
-
-	resp, err := rq.Do(ctx, req, &user)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return user, resp, nil
-}
-
-func (m *UserResource) SetLinkedObjectForUser(ctx context.Context, associatedUserId string, primaryRelationshipName string, primaryUserId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/linkedObjects/%v/%v", associatedUserId, primaryRelationshipName, primaryUserId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Update a user&#x27;s profile or credentials with partial update semantics.
-func (m *UserResource) PartialUpdateUser(ctx context.Context, userId string, body User, qp *query.Params) (*User, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var user *User
-
-	resp, err := rq.Do(ctx, req, &user)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return user, resp, nil
-}
-
-// Fetches appLinks for all direct or indirect (via group membership) assigned applications.
-func (m *UserResource) ListAppLinks(ctx context.Context, userId string) ([]*AppLink, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/appLinks", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var appLink []*AppLink
-
-	resp, err := rq.Do(ctx, req, &appLink)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return appLink, resp, nil
-}
-
-// Lists all client resources for which the specified user has grants or tokens.
-func (m *UserResource) ListUserClients(ctx context.Context, userId string) ([]*OAuth2Client, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/clients", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2Client []*OAuth2Client
-
-	resp, err := rq.Do(ctx, req, &oAuth2Client)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2Client, resp, nil
-}
-
-// Revokes all grants for the specified user and client
-func (m *UserResource) RevokeGrantsForUserAndClient(ctx context.Context, userId string, clientId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/clients/%v/grants", userId, clientId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Lists all grants for a specified user and client
-func (m *UserResource) ListGrantsForUserAndClient(ctx context.Context, userId string, clientId string, qp *query.Params) ([]*OAuth2ScopeConsentGrant, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/clients/%v/grants", userId, clientId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2ScopeConsentGrant []*OAuth2ScopeConsentGrant
-
-	resp, err := rq.Do(ctx, req, &oAuth2ScopeConsentGrant)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2ScopeConsentGrant, resp, nil
-}
-
-// Revokes all refresh tokens issued for the specified User and Client.
-func (m *UserResource) RevokeTokensForUserAndClient(ctx context.Context, userId string, clientId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/clients/%v/tokens", userId, clientId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Lists all refresh tokens issued for the specified User and Client.
-func (m *UserResource) ListRefreshTokensForUserAndClient(ctx context.Context, userId string, clientId string, qp *query.Params) ([]*OAuth2RefreshToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/clients/%v/tokens", userId, clientId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2RefreshToken []*OAuth2RefreshToken
-
-	resp, err := rq.Do(ctx, req, &oAuth2RefreshToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2RefreshToken, resp, nil
-}
-
-// Revokes the specified refresh token.
-func (m *UserResource) RevokeTokenForUserAndClient(ctx context.Context, userId string, clientId string, tokenId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/clients/%v/tokens/%v", userId, clientId, tokenId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets a refresh token issued for the specified User and Client.
-func (m *UserResource) GetRefreshTokenForUserAndClient(ctx context.Context, userId string, clientId string, tokenId string, qp *query.Params) (*OAuth2RefreshToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/clients/%v/tokens/%v", userId, clientId, tokenId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2RefreshToken *OAuth2RefreshToken
-
-	resp, err := rq.Do(ctx, req, &oAuth2RefreshToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2RefreshToken, resp, nil
-}
-
-// Changes a user&#x27;s password by validating the user&#x27;s current password. This operation can only be performed on users in &#x60;STAGED&#x60;, &#x60;ACTIVE&#x60;, &#x60;PASSWORD_EXPIRED&#x60;, or &#x60;RECOVERY&#x60; status that have a valid password credential
-func (m *UserResource) ChangePassword(ctx context.Context, userId string, body ChangePasswordRequest, qp *query.Params) (*UserCredentials, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/credentials/change_password", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userCredentials *UserCredentials
-
-	resp, err := rq.Do(ctx, req, &userCredentials)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userCredentials, resp, nil
-}
-
-// Changes a user&#x27;s recovery question &amp; answer credential by validating the user&#x27;s current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** &#x60;status&#x60; that have a valid password credential
-func (m *UserResource) ChangeRecoveryQuestion(ctx context.Context, userId string, body UserCredentials) (*UserCredentials, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/credentials/change_recovery_question", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userCredentials *UserCredentials
-
-	resp, err := rq.Do(ctx, req, &userCredentials)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userCredentials, resp, nil
-}
-
-// Generates a one-time token (OTT) that can be used to reset a user&#x27;s password
-func (m *UserResource) ForgotPasswordGenerateOneTimeToken(ctx context.Context, userId string, qp *query.Params) (*ForgotPasswordResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/credentials/forgot_password", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var forgotPasswordResponse *ForgotPasswordResponse
-
-	resp, err := rq.Do(ctx, req, &forgotPasswordResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return forgotPasswordResponse, resp, nil
-}
-
-// Sets a new password for a user by validating the user&#x27;s answer to their current recovery question
-func (m *UserResource) ForgotPasswordSetNewPassword(ctx context.Context, userId string, body UserCredentials, qp *query.Params) (*ForgotPasswordResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/credentials/forgot_password", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var forgotPasswordResponse *ForgotPasswordResponse
-
-	resp, err := rq.Do(ctx, req, &forgotPasswordResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return forgotPasswordResponse, resp, nil
-}
-
-// Revokes all grants for a specified user
-func (m *UserResource) RevokeUserGrants(ctx context.Context, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/grants", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Lists all grants for the specified user
-func (m *UserResource) ListUserGrants(ctx context.Context, userId string, qp *query.Params) ([]*OAuth2ScopeConsentGrant, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/grants", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2ScopeConsentGrant []*OAuth2ScopeConsentGrant
-
-	resp, err := rq.Do(ctx, req, &oAuth2ScopeConsentGrant)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2ScopeConsentGrant, resp, nil
-}
-
-// Revokes one grant for a specified user
-func (m *UserResource) RevokeUserGrant(ctx context.Context, userId string, grantId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/grants/%v", userId, grantId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets a grant for the specified user
-func (m *UserResource) GetUserGrant(ctx context.Context, userId string, grantId string, qp *query.Params) (*OAuth2ScopeConsentGrant, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/grants/%v", userId, grantId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var oAuth2ScopeConsentGrant *OAuth2ScopeConsentGrant
-
-	resp, err := rq.Do(ctx, req, &oAuth2ScopeConsentGrant)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return oAuth2ScopeConsentGrant, resp, nil
-}
-
-// Fetches the groups of which the user is a member.
-func (m *UserResource) ListUserGroups(ctx context.Context, userId string) ([]*Group, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/groups", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var group []*Group
-
-	resp, err := rq.Do(ctx, req, &group)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return group, resp, nil
-}
-
-// Lists the IdPs associated with the user.
-func (m *UserResource) ListUserIdentityProviders(ctx context.Context, userId string) ([]*IdentityProvider, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/idps", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var identityProvider []*IdentityProvider
-
-	resp, err := rq.Do(ctx, req, &identityProvider)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return identityProvider, resp, nil
-}
-
-// Activates a user.  This operation can only be performed on users with a &#x60;STAGED&#x60; status.  Activation of a user is an asynchronous operation. The user will have the &#x60;transitioningToStatus&#x60; property with a value of &#x60;ACTIVE&#x60; during activation to indicate that the user hasn&#x27;t completed the asynchronous operation.  The user will have a status of &#x60;ACTIVE&#x60; when the activation process is complete.
-func (m *UserResource) ActivateUser(ctx context.Context, userId string, qp *query.Params) (*UserActivationToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/activate", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userActivationToken *UserActivationToken
-
-	resp, err := rq.Do(ctx, req, &userActivationToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userActivationToken, resp, nil
-}
-
-// Deactivates a user. This operation can only be performed on users that do not have a &#x60;DEPROVISIONED&#x60; status. While the asynchronous operation (triggered by HTTP header &#x60;Prefer: respond-async&#x60;) is proceeding the user&#x27;s &#x60;transitioningToStatus&#x60; property is &#x60;DEPROVISIONED&#x60;. The user&#x27;s status is &#x60;DEPROVISIONED&#x60; when the deactivation process is complete.
-func (m *UserResource) DeactivateUser(ctx context.Context, userId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/deactivate", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// This operation transitions the user to the status of &#x60;PASSWORD_EXPIRED&#x60; so that the user is required to change their password at their next login.
-func (m *UserResource) ExpirePassword(ctx context.Context, userId string) (*User, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/expire_password?tempPassword=false", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var user *User
-
-	resp, err := rq.Do(ctx, req, &user)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return user, resp, nil
-}
-
-// This operation transitions the user to the status of &#x60;PASSWORD_EXPIRED&#x60; and the user&#x27;s password is reset to a temporary password that is returned.
-func (m *UserResource) ExpirePasswordAndGetTemporaryPassword(ctx context.Context, userId string) (*TempPassword, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/expire_password?tempPassword=true", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var tempPassword *TempPassword
-
-	resp, err := rq.Do(ctx, req, &tempPassword)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return tempPassword, resp, nil
-}
-
-// Reactivates a user.  This operation can only be performed on users with a &#x60;PROVISIONED&#x60; status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
-func (m *UserResource) ReactivateUser(ctx context.Context, userId string, qp *query.Params) (*UserActivationToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/reactivate", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userActivationToken *UserActivationToken
-
-	resp, err := rq.Do(ctx, req, &userActivationToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userActivationToken, resp, nil
-}
-
-// This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user&#x27;s status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
-func (m *UserResource) ResetFactors(ctx context.Context, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/reset_factors", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Generates a one-time token (OTT) that can be used to reset a user&#x27;s password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
-func (m *UserResource) ResetPassword(ctx context.Context, userId string, qp *query.Params) (*ResetPasswordToken, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/reset_password", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var resetPasswordToken *ResetPasswordToken
-
-	resp, err := rq.Do(ctx, req, &resetPasswordToken)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return resetPasswordToken, resp, nil
-}
-
-// Suspends a user.  This operation can only be performed on users with an &#x60;ACTIVE&#x60; status.  The user will have a status of &#x60;SUSPENDED&#x60; when the process is complete.
-func (m *UserResource) SuspendUser(ctx context.Context, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/suspend", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Unlocks a user with a &#x60;LOCKED_OUT&#x60; status and returns them to &#x60;ACTIVE&#x60; status.  Users will be able to login with their current password.
-func (m *UserResource) UnlockUser(ctx context.Context, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/unlock", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Unsuspends a user and returns them to the &#x60;ACTIVE&#x60; state.  This operation can only be performed on users that have a &#x60;SUSPENDED&#x60; status.
-func (m *UserResource) UnsuspendUser(ctx context.Context, userId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/lifecycle/unsuspend", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Delete linked objects for a user, relationshipName can be ONLY a primary relationship name
-func (m *UserResource) RemoveLinkedObjectForUser(ctx context.Context, userId string, relationshipName string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/linkedObjects/%v", userId, relationshipName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Get linked objects for a user, relationshipName can be a primary or associated relationship name
-func (m *UserResource) GetLinkedObjectsForUser(ctx context.Context, userId string, relationshipName string, qp *query.Params) ([]*ResponseLinks, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/linkedObjects/%v", userId, relationshipName)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var responseLinks []*ResponseLinks
-
-	resp, err := rq.Do(ctx, req, &responseLinks)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return responseLinks, resp, nil
-}
-
-// Lists all roles assigned to a user.
-func (m *UserResource) ListAssignedRolesForUser(ctx context.Context, userId string, qp *query.Params) ([]*Role, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var role []*Role
-
-	resp, err := rq.Do(ctx, req, &role)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return role, resp, nil
-}
-
-// Assigns a role to a user.
-func (m *UserResource) AssignRoleToUser(ctx context.Context, userId string, body AssignRoleRequest, qp *query.Params) (*Role, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var role *Role
-
-	resp, err := rq.Do(ctx, req, &role)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return role, resp, nil
-}
-
-// Unassigns a role from a user.
-func (m *UserResource) RemoveRoleFromUser(ctx context.Context, userId string, roleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v", userId, roleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Gets role that is assigne to user.
-func (m *UserResource) GetUserRole(ctx context.Context, userId string, roleId string) (*Role, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v", userId, roleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var role *Role
-
-	resp, err := rq.Do(ctx, req, &role)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return role, resp, nil
-}
-
-// Lists all App targets for an &#x60;APP_ADMIN&#x60; Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an &#x60;ID&#x60; value, while Application will not have an ID.
-func (m *UserResource) ListApplicationTargetsForApplicationAdministratorRoleForUser(ctx context.Context, userId string, roleId string, qp *query.Params) ([]*CatalogApplication, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/catalog/apps", userId, roleId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var catalogApplication []*CatalogApplication
-
-	resp, err := rq.Do(ctx, req, &catalogApplication)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return catalogApplication, resp, nil
-}
-
-func (m *UserResource) AddAllAppsAsTargetToRole(ctx context.Context, userId string, roleId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/catalog/apps", userId, roleId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *UserResource) RemoveApplicationTargetFromApplicationAdministratorRoleForUser(ctx context.Context, userId string, roleId string, appName string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/catalog/apps/%v", userId, roleId, appName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *UserResource) AddApplicationTargetToAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/catalog/apps/%v", userId, roleId, appName)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Remove App Instance Target to App Administrator Role given to a User
-func (m *UserResource) RemoveApplicationTargetFromAdministratorRoleForUser(ctx context.Context, userId string, roleId string, appName string, applicationId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/catalog/apps/%v/%v", userId, roleId, appName, applicationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Add App Instance Target to App Administrator Role given to a User
-func (m *UserResource) AddApplicationTargetToAppAdminRoleForUser(ctx context.Context, userId string, roleId string, appName string, applicationId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/catalog/apps/%v/%v", userId, roleId, appName, applicationId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *UserResource) ListGroupTargetsForRole(ctx context.Context, userId string, roleId string, qp *query.Params) ([]*Group, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/groups", userId, roleId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var group []*Group
-
-	resp, err := rq.Do(ctx, req, &group)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return group, resp, nil
-}
-
-func (m *UserResource) RemoveGroupTargetFromRole(ctx context.Context, userId string, roleId string, groupId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/groups/%v", userId, roleId, groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-func (m *UserResource) AddGroupTargetToRole(ctx context.Context, userId string, roleId string, groupId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/roles/%v/targets/groups/%v", userId, roleId, groupId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
-func (m *UserResource) ClearUserSessions(ctx context.Context, userId string, qp *query.Params) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/sessions", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
-func (m *UserResource) ListUserSubscriptions(ctx context.Context, userId string) ([]*Subscription, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/subscriptions", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var subscription []*Subscription
-
-	resp, err := rq.Do(ctx, req, &subscription)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return subscription, resp, nil
-}
-
-// Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
-func (m *UserResource) GetUserSubscriptionByNotificationType(ctx context.Context, userId string, notificationType string) (*Subscription, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/subscriptions/%v", userId, notificationType)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var subscription *Subscription
-
-	resp, err := rq.Do(ctx, req, &subscription)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return subscription, resp, nil
-}
diff --git a/okta/userActivationToken.go b/okta/userActivationToken.go
deleted file mode 100644
index 3c4cc069c..000000000
--- a/okta/userActivationToken.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserActivationToken struct {
-	ActivationToken string `json:"activationToken,omitempty"`
-	ActivationUrl   string `json:"activationUrl,omitempty"`
-}
diff --git a/okta/userAgent.go b/okta/userAgent.go
deleted file mode 100644
index 65156851e..000000000
--- a/okta/userAgent.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package okta
-
-import "runtime"
-
-type UserAgent struct {
-	goVersion string
-
-	osName string
-
-	osVersion string
-
-	config *config
-}
-
-func NewUserAgent(config *config) UserAgent {
-	ua := UserAgent{}
-	ua.config = config
-	ua.goVersion = runtime.Version()
-	ua.osName = runtime.GOOS
-	ua.osVersion = runtime.GOARCH
-
-	return ua
-}
-
-func (ua UserAgent) String() string {
-	userAgentString := "okta-sdk-golang/" + Version + " "
-	userAgentString += "golang/" + ua.goVersion + " "
-	userAgentString += ua.osName + "/" + ua.osVersion
-
-	if ua.config.UserAgentExtra != "" {
-		userAgentString += " " + ua.config.UserAgentExtra
-	}
-
-	return userAgentString
-}
diff --git a/okta/userCondition.go b/okta/userCondition.go
deleted file mode 100644
index ea8067ecf..000000000
--- a/okta/userCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserCondition struct {
-	Exclude []string `json:"exclude,omitempty"`
-	Include []string `json:"include,omitempty"`
-}
-
-func NewUserCondition() *UserCondition {
-	return &UserCondition{}
-}
-
-func (a *UserCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userCredentials.go b/okta/userCredentials.go
deleted file mode 100644
index 6a6f8b338..000000000
--- a/okta/userCredentials.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserCredentials struct {
-	Password         *PasswordCredential         `json:"password,omitempty"`
-	Provider         *AuthenticationProvider     `json:"provider,omitempty"`
-	RecoveryQuestion *RecoveryQuestionCredential `json:"recovery_question,omitempty"`
-}
diff --git a/okta/userFactor.go b/okta/userFactor.go
deleted file mode 100644
index e92765721..000000000
--- a/okta/userFactor.go
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-)
-
-type Factor interface {
-	IsUserFactorInstance() bool
-}
-
-type UserFactorResource resource
-
-type UserFactor struct {
-	Embedded    interface{}          `json:"_embedded,omitempty"`
-	Links       interface{}          `json:"_links,omitempty"`
-	Created     *time.Time           `json:"created,omitempty"`
-	FactorType  string               `json:"factorType,omitempty"`
-	Id          string               `json:"id,omitempty"`
-	LastUpdated *time.Time           `json:"lastUpdated,omitempty"`
-	Provider    string               `json:"provider,omitempty"`
-	Status      string               `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest `json:"verify,omitempty"`
-}
-
-func NewUserFactor() *UserFactor {
-	return &UserFactor{}
-}
-
-func (a *UserFactor) IsUserFactorInstance() bool {
-	return true
-}
-
-// Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
-func (m *UserFactorResource) DeleteFactor(ctx context.Context, userId string, factorId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors/%v", userId, factorId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Enumerates all the enrolled factors for the specified user
-func (m *UserFactorResource) ListFactors(ctx context.Context, userId string) ([]Factor, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userFactor []UserFactor
-
-	resp, err := rq.Do(ctx, req, &userFactor)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	factors := make([]Factor, len(userFactor))
-	for i := range userFactor {
-		factors[i] = &userFactor[i]
-	}
-	return factors, resp, nil
-}
-
-// Enrolls a user with a supported factor.
-func (m *UserFactorResource) EnrollFactor(ctx context.Context, userId string, body Factor, qp *query.Params) (Factor, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors", userId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	userFactor := body
-
-	resp, err := rq.Do(ctx, req, &userFactor)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userFactor, resp, nil
-}
-
-// Enumerates all the supported factors that can be enrolled for the specified user
-func (m *UserFactorResource) ListSupportedFactors(ctx context.Context, userId string) ([]Factor, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors/catalog", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userFactor []UserFactor
-
-	resp, err := rq.Do(ctx, req, &userFactor)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	factors := make([]Factor, len(userFactor))
-	for i := range userFactor {
-		factors[i] = &userFactor[i]
-	}
-	return factors, resp, nil
-}
-
-// Enumerates all available security questions for a user&#x27;s &#x60;question&#x60; factor
-func (m *UserFactorResource) ListSupportedSecurityQuestions(ctx context.Context, userId string) ([]*SecurityQuestion, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors/questions", userId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var securityQuestion []*SecurityQuestion
-
-	resp, err := rq.Do(ctx, req, &securityQuestion)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return securityQuestion, resp, nil
-}
-
-// Fetches a factor for the specified user
-func (m *UserFactorResource) GetFactor(ctx context.Context, userId string, factorId string, factorInstance Factor) (Factor, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors/%v", userId, factorId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	userFactor := factorInstance
-
-	resp, err := rq.Do(ctx, req, &userFactor)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userFactor, resp, nil
-}
-
-// The &#x60;sms&#x60; and &#x60;token:software:totp&#x60; factor types require activation to complete the enrollment process.
-func (m *UserFactorResource) ActivateFactor(ctx context.Context, userId string, factorId string, body ActivateFactorRequest, factorInstance Factor) (Factor, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors/%v/lifecycle/activate", userId, factorId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	userFactor := factorInstance
-
-	resp, err := rq.Do(ctx, req, &userFactor)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userFactor, resp, nil
-}
-
-// Polls factors verification transaction for status.
-func (m *UserFactorResource) GetFactorTransactionStatus(ctx context.Context, userId string, factorId string, transactionId string) (*VerifyUserFactorResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors/%v/transactions/%v", userId, factorId, transactionId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var verifyUserFactorResponse *VerifyUserFactorResponse
-
-	resp, err := rq.Do(ctx, req, &verifyUserFactorResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return verifyUserFactorResponse, resp, nil
-}
-
-// Verifies an OTP for a &#x60;token&#x60; or &#x60;token:hardware&#x60; factor
-func (m *UserFactorResource) VerifyFactor(ctx context.Context, userId string, factorId string, body VerifyFactorRequest, factorInstance Factor, qp *query.Params) (*VerifyUserFactorResponse, *Response, error) {
-	url := fmt.Sprintf("/api/v1/users/%v/factors/%v/verify", userId, factorId)
-	if qp != nil {
-		url = url + qp.String()
-	}
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var verifyUserFactorResponse *VerifyUserFactorResponse
-
-	resp, err := rq.Do(ctx, req, &verifyUserFactorResponse)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return verifyUserFactorResponse, resp, nil
-}
diff --git a/okta/userIdString.go b/okta/userIdString.go
deleted file mode 100644
index 5c22ac953..000000000
--- a/okta/userIdString.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserIdString struct {
-	Links  interface{} `json:"_links,omitempty"`
-	UserId string      `json:"userId,omitempty"`
-}
diff --git a/okta/userIdentifierConditionEvaluatorPattern.go b/okta/userIdentifierConditionEvaluatorPattern.go
deleted file mode 100644
index d0a7d3f0d..000000000
--- a/okta/userIdentifierConditionEvaluatorPattern.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserIdentifierConditionEvaluatorPattern struct {
-	MatchType string `json:"matchType,omitempty"`
-	Value     string `json:"value,omitempty"`
-}
-
-func NewUserIdentifierConditionEvaluatorPattern() *UserIdentifierConditionEvaluatorPattern {
-	return &UserIdentifierConditionEvaluatorPattern{}
-}
-
-func (a *UserIdentifierConditionEvaluatorPattern) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userIdentifierPolicyRuleCondition.go b/okta/userIdentifierPolicyRuleCondition.go
deleted file mode 100644
index a5b6570f4..000000000
--- a/okta/userIdentifierPolicyRuleCondition.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserIdentifierPolicyRuleCondition struct {
-	Attribute string                                     `json:"attribute,omitempty"`
-	Patterns  []*UserIdentifierConditionEvaluatorPattern `json:"patterns,omitempty"`
-	Type      string                                     `json:"type,omitempty"`
-}
-
-func NewUserIdentifierPolicyRuleCondition() *UserIdentifierPolicyRuleCondition {
-	return &UserIdentifierPolicyRuleCondition{}
-}
-
-func (a *UserIdentifierPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userIdentityProviderLinkRequest.go b/okta/userIdentityProviderLinkRequest.go
deleted file mode 100644
index 03352dca2..000000000
--- a/okta/userIdentityProviderLinkRequest.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserIdentityProviderLinkRequest struct {
-	ExternalId string `json:"externalId,omitempty"`
-}
-
-func NewUserIdentityProviderLinkRequest() *UserIdentityProviderLinkRequest {
-	return &UserIdentityProviderLinkRequest{}
-}
-
-func (a *UserIdentityProviderLinkRequest) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userLifecycleAttributePolicyRuleCondition.go b/okta/userLifecycleAttributePolicyRuleCondition.go
deleted file mode 100644
index a14271b22..000000000
--- a/okta/userLifecycleAttributePolicyRuleCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserLifecycleAttributePolicyRuleCondition struct {
-	AttributeName string `json:"attributeName,omitempty"`
-	MatchingValue string `json:"matchingValue,omitempty"`
-}
-
-func NewUserLifecycleAttributePolicyRuleCondition() *UserLifecycleAttributePolicyRuleCondition {
-	return &UserLifecycleAttributePolicyRuleCondition{}
-}
-
-func (a *UserLifecycleAttributePolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userNextLogin.go b/okta/userNextLogin.go
deleted file mode 100644
index 8242440fd..000000000
--- a/okta/userNextLogin.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserNextLogin string
diff --git a/okta/userPolicyRuleCondition.go b/okta/userPolicyRuleCondition.go
deleted file mode 100644
index 6499a7fe5..000000000
--- a/okta/userPolicyRuleCondition.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserPolicyRuleCondition struct {
-	Exclude                []string                                   `json:"exclude,omitempty"`
-	Inactivity             *InactivityPolicyRuleCondition             `json:"inactivity,omitempty"`
-	Include                []string                                   `json:"include,omitempty"`
-	LifecycleExpiration    *LifecycleExpirationPolicyRuleCondition    `json:"lifecycleExpiration,omitempty"`
-	PasswordExpiration     *PasswordExpirationPolicyRuleCondition     `json:"passwordExpiration,omitempty"`
-	UserLifecycleAttribute *UserLifecycleAttributePolicyRuleCondition `json:"userLifecycleAttribute,omitempty"`
-}
-
-func NewUserPolicyRuleCondition() *UserPolicyRuleCondition {
-	return &UserPolicyRuleCondition{}
-}
-
-func (a *UserPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userProfile.go b/okta/userProfile.go
deleted file mode 100644
index d76ef8ee4..000000000
--- a/okta/userProfile.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserProfile map[string]interface{}
diff --git a/okta/userSchema.go b/okta/userSchema.go
deleted file mode 100644
index a514de4e4..000000000
--- a/okta/userSchema.go
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-)
-
-type UserSchemaResource resource
-
-type UserSchema struct {
-	Schema      string                 `json:"$schema,omitempty"`
-	Links       interface{}            `json:"_links,omitempty"`
-	Created     string                 `json:"created,omitempty"`
-	Definitions *UserSchemaDefinitions `json:"definitions,omitempty"`
-	Id          string                 `json:"id,omitempty"`
-	LastUpdated string                 `json:"lastUpdated,omitempty"`
-	Name        string                 `json:"name,omitempty"`
-	Properties  *UserSchemaProperties  `json:"properties,omitempty"`
-	Title       string                 `json:"title,omitempty"`
-	Type        string                 `json:"type,omitempty"`
-}
-
-// Fetches the Schema for an App User
-func (m *UserSchemaResource) GetApplicationUserSchema(ctx context.Context, appInstanceId string) (*UserSchema, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/apps/%v/default", appInstanceId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userSchema *UserSchema
-
-	resp, err := rq.Do(ctx, req, &userSchema)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userSchema, resp, nil
-}
-
-// Partial updates on the User Profile properties of the Application User Schema.
-func (m *UserSchemaResource) UpdateApplicationUserProfile(ctx context.Context, appInstanceId string, body UserSchema) (*UserSchema, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/apps/%v/default", appInstanceId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userSchema *UserSchema
-
-	resp, err := rq.Do(ctx, req, &userSchema)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userSchema, resp, nil
-}
-
-// Fetches the schema for a Schema Id.
-func (m *UserSchemaResource) GetUserSchema(ctx context.Context, schemaId string) (*UserSchema, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/user/%v", schemaId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userSchema *UserSchema
-
-	resp, err := rq.Do(ctx, req, &userSchema)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userSchema, resp, nil
-}
-
-// Partial updates on the User Profile properties of the user schema.
-func (m *UserSchemaResource) UpdateUserProfile(ctx context.Context, schemaId string, body UserSchema) (*UserSchema, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/schemas/user/%v", schemaId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userSchema *UserSchema
-
-	resp, err := rq.Do(ctx, req, &userSchema)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userSchema, resp, nil
-}
diff --git a/okta/userSchemaAttribute.go b/okta/userSchemaAttribute.go
deleted file mode 100644
index 489d6465d..000000000
--- a/okta/userSchemaAttribute.go
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import "encoding/json"
-
-type UserSchemaAttribute struct {
-	Description       string                           `json:"description,omitempty"`
-	Enum              []interface{}                    `json:"enum,omitempty"`
-	ExternalName      string                           `json:"externalName,omitempty"`
-	ExternalNamespace string                           `json:"externalNamespace,omitempty"`
-	Items             *UserSchemaAttributeItems        `json:"items,omitempty"`
-	Master            *UserSchemaAttributeMaster       `json:"master,omitempty"`
-	MaxLength         int64                            `json:"-"`
-	MaxLengthPtr      *int64                           `json:"maxLength,omitempty"`
-	MinLength         int64                            `json:"-"`
-	MinLengthPtr      *int64                           `json:"minLength,omitempty"`
-	Mutability        string                           `json:"mutability,omitempty"`
-	OneOf             []*UserSchemaAttributeEnum       `json:"oneOf,omitempty"`
-	Pattern           *string                          `json:"pattern,omitempty"`
-	Permissions       []*UserSchemaAttributePermission `json:"permissions,omitempty"`
-	Required          *bool                            `json:"required,omitempty"`
-	Scope             string                           `json:"scope,omitempty"`
-	Title             string                           `json:"title,omitempty"`
-	Type              string                           `json:"type,omitempty"`
-	Union             string                           `json:"union,omitempty"`
-	Unique            string                           `json:"unique,omitempty"`
-}
-
-func (a *UserSchemaAttribute) MarshalJSON() ([]byte, error) {
-	type Alias UserSchemaAttribute
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	if a.MaxLength != 0 {
-		result.MaxLengthPtr = Int64Ptr(a.MaxLength)
-	}
-	if a.MinLength != 0 {
-		result.MinLengthPtr = Int64Ptr(a.MinLength)
-	}
-	return json.Marshal(&result)
-}
-
-func (a *UserSchemaAttribute) UnmarshalJSON(data []byte) error {
-	type Alias UserSchemaAttribute
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	if result.MaxLengthPtr != nil {
-		a.MaxLength = *result.MaxLengthPtr
-		a.MaxLengthPtr = result.MaxLengthPtr
-	}
-	if result.MinLengthPtr != nil {
-		a.MinLength = *result.MinLengthPtr
-		a.MinLengthPtr = result.MinLengthPtr
-	}
-	return nil
-}
diff --git a/okta/userSchemaAttributeEnum.go b/okta/userSchemaAttributeEnum.go
deleted file mode 100644
index cc6a6a93e..000000000
--- a/okta/userSchemaAttributeEnum.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeEnum struct {
-	Const interface{} `json:"const,omitempty"`
-	Title string      `json:"title,omitempty"`
-}
diff --git a/okta/userSchemaAttributeItems.go b/okta/userSchemaAttributeItems.go
deleted file mode 100644
index e496e7d50..000000000
--- a/okta/userSchemaAttributeItems.go
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeItems struct {
-	Enum  []interface{}              `json:"enum,omitempty"`
-	OneOf []*UserSchemaAttributeEnum `json:"oneOf,omitempty"`
-	Type  string                     `json:"type,omitempty"`
-}
diff --git a/okta/userSchemaAttributeMaster.go b/okta/userSchemaAttributeMaster.go
deleted file mode 100644
index 08a66cbde..000000000
--- a/okta/userSchemaAttributeMaster.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeMaster struct {
-	Priority []*UserSchemaAttributeMasterPriority `json:"priority,omitempty"`
-	Type     string                               `json:"type,omitempty"`
-}
diff --git a/okta/userSchemaAttributeMasterPriority.go b/okta/userSchemaAttributeMasterPriority.go
deleted file mode 100644
index da9b328c7..000000000
--- a/okta/userSchemaAttributeMasterPriority.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeMasterPriority struct {
-	Type  string `json:"type,omitempty"`
-	Value string `json:"value,omitempty"`
-}
diff --git a/okta/userSchemaAttributeMasterType.go b/okta/userSchemaAttributeMasterType.go
deleted file mode 100644
index 5a4b2d667..000000000
--- a/okta/userSchemaAttributeMasterType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeMasterType string
diff --git a/okta/userSchemaAttributePermission.go b/okta/userSchemaAttributePermission.go
deleted file mode 100644
index 3c3ba986b..000000000
--- a/okta/userSchemaAttributePermission.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributePermission struct {
-	Action    string `json:"action,omitempty"`
-	Principal string `json:"principal,omitempty"`
-}
diff --git a/okta/userSchemaAttributeScope.go b/okta/userSchemaAttributeScope.go
deleted file mode 100644
index bbb2cbbba..000000000
--- a/okta/userSchemaAttributeScope.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeScope string
diff --git a/okta/userSchemaAttributeType.go b/okta/userSchemaAttributeType.go
deleted file mode 100644
index 8845e8be6..000000000
--- a/okta/userSchemaAttributeType.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeType string
diff --git a/okta/userSchemaAttributeUnion.go b/okta/userSchemaAttributeUnion.go
deleted file mode 100644
index 837e78371..000000000
--- a/okta/userSchemaAttributeUnion.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaAttributeUnion string
diff --git a/okta/userSchemaBase.go b/okta/userSchemaBase.go
deleted file mode 100644
index e4d6ce0ea..000000000
--- a/okta/userSchemaBase.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaBase struct {
-	Id         string                          `json:"id,omitempty"`
-	Properties map[string]*UserSchemaAttribute `json:"properties,omitempty"`
-	Required   []string                        `json:"required,omitempty"`
-	Type       string                          `json:"type,omitempty"`
-}
diff --git a/okta/userSchemaBaseProperties.go b/okta/userSchemaBaseProperties.go
deleted file mode 100644
index e4bd48067..000000000
--- a/okta/userSchemaBaseProperties.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaBaseProperties struct {
-	City              *UserSchemaAttribute `json:"city,omitempty"`
-	CostCenter        *UserSchemaAttribute `json:"costCenter,omitempty"`
-	CountryCode       *UserSchemaAttribute `json:"countryCode,omitempty"`
-	Department        *UserSchemaAttribute `json:"department,omitempty"`
-	DisplayName       *UserSchemaAttribute `json:"displayName,omitempty"`
-	Division          *UserSchemaAttribute `json:"division,omitempty"`
-	Email             *UserSchemaAttribute `json:"email,omitempty"`
-	EmployeeNumber    *UserSchemaAttribute `json:"employeeNumber,omitempty"`
-	FirstName         *UserSchemaAttribute `json:"firstName,omitempty"`
-	HonorificPrefix   *UserSchemaAttribute `json:"honorificPrefix,omitempty"`
-	HonorificSuffix   *UserSchemaAttribute `json:"honorificSuffix,omitempty"`
-	LastName          *UserSchemaAttribute `json:"lastName,omitempty"`
-	Locale            *UserSchemaAttribute `json:"locale,omitempty"`
-	Login             *UserSchemaAttribute `json:"login,omitempty"`
-	Manager           *UserSchemaAttribute `json:"manager,omitempty"`
-	ManagerId         *UserSchemaAttribute `json:"managerId,omitempty"`
-	MiddleName        *UserSchemaAttribute `json:"middleName,omitempty"`
-	MobilePhone       *UserSchemaAttribute `json:"mobilePhone,omitempty"`
-	NickName          *UserSchemaAttribute `json:"nickName,omitempty"`
-	Organization      *UserSchemaAttribute `json:"organization,omitempty"`
-	PostalAddress     *UserSchemaAttribute `json:"postalAddress,omitempty"`
-	PreferredLanguage *UserSchemaAttribute `json:"preferredLanguage,omitempty"`
-	PrimaryPhone      *UserSchemaAttribute `json:"primaryPhone,omitempty"`
-	ProfileUrl        *UserSchemaAttribute `json:"profileUrl,omitempty"`
-	SecondEmail       *UserSchemaAttribute `json:"secondEmail,omitempty"`
-	State             *UserSchemaAttribute `json:"state,omitempty"`
-	StreetAddress     *UserSchemaAttribute `json:"streetAddress,omitempty"`
-	Timezone          *UserSchemaAttribute `json:"timezone,omitempty"`
-	Title             *UserSchemaAttribute `json:"title,omitempty"`
-	UserType          *UserSchemaAttribute `json:"userType,omitempty"`
-	ZipCode           *UserSchemaAttribute `json:"zipCode,omitempty"`
-}
diff --git a/okta/userSchemaDefinitions.go b/okta/userSchemaDefinitions.go
deleted file mode 100644
index 572bf918d..000000000
--- a/okta/userSchemaDefinitions.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaDefinitions struct {
-	Base   *UserSchemaBase   `json:"base,omitempty"`
-	Custom *UserSchemaPublic `json:"custom,omitempty"`
-}
diff --git a/okta/userSchemaProperties.go b/okta/userSchemaProperties.go
deleted file mode 100644
index 74eb1c525..000000000
--- a/okta/userSchemaProperties.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaProperties struct {
-	Profile *UserSchemaPropertiesProfile `json:"profile,omitempty"`
-}
diff --git a/okta/userSchemaPropertiesProfile.go b/okta/userSchemaPropertiesProfile.go
deleted file mode 100644
index 55f90607b..000000000
--- a/okta/userSchemaPropertiesProfile.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaPropertiesProfile struct {
-	AllOf []*UserSchemaPropertiesProfileItem `json:"allOf,omitempty"`
-}
diff --git a/okta/userSchemaPropertiesProfileItem.go b/okta/userSchemaPropertiesProfileItem.go
deleted file mode 100644
index a738b1860..000000000
--- a/okta/userSchemaPropertiesProfileItem.go
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaPropertiesProfileItem struct {
-	Ref string `json:"$ref,omitempty"`
-}
diff --git a/okta/userSchemaPublic.go b/okta/userSchemaPublic.go
deleted file mode 100644
index ef9e1fad9..000000000
--- a/okta/userSchemaPublic.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserSchemaPublic struct {
-	Id         string                          `json:"id,omitempty"`
-	Properties map[string]*UserSchemaAttribute `json:"properties,omitempty"`
-	Required   []string                        `json:"required,omitempty"`
-	Type       string                          `json:"type,omitempty"`
-}
diff --git a/okta/userStatus.go b/okta/userStatus.go
deleted file mode 100644
index 2924c6752..000000000
--- a/okta/userStatus.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserStatus string
diff --git a/okta/userStatusPolicyRuleCondition.go b/okta/userStatusPolicyRuleCondition.go
deleted file mode 100644
index ef6e1ede2..000000000
--- a/okta/userStatusPolicyRuleCondition.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserStatusPolicyRuleCondition struct {
-	Value string `json:"value,omitempty"`
-}
-
-func NewUserStatusPolicyRuleCondition() *UserStatusPolicyRuleCondition {
-	return &UserStatusPolicyRuleCondition{}
-}
-
-func (a *UserStatusPolicyRuleCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userType.go b/okta/userType.go
deleted file mode 100644
index 89fe7398d..000000000
--- a/okta/userType.go
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"time"
-)
-
-type UserTypeResource resource
-
-type UserType struct {
-	Links         interface{} `json:"_links,omitempty"`
-	Created       *time.Time  `json:"created,omitempty"`
-	CreatedBy     string      `json:"createdBy,omitempty"`
-	Default       *bool       `json:"default,omitempty"`
-	Description   string      `json:"description,omitempty"`
-	DisplayName   string      `json:"displayName,omitempty"`
-	Id            string      `json:"id,omitempty"`
-	LastUpdated   *time.Time  `json:"lastUpdated,omitempty"`
-	LastUpdatedBy string      `json:"lastUpdatedBy,omitempty"`
-	Name          string      `json:"name,omitempty"`
-}
-
-// Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.
-func (m *UserTypeResource) CreateUserType(ctx context.Context, body UserType) (*UserType, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/types/user")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userType *UserType
-
-	resp, err := rq.Do(ctx, req, &userType)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userType, resp, nil
-}
-
-// Updates an existing User Type
-func (m *UserTypeResource) UpdateUserType(ctx context.Context, typeId string, body UserType) (*UserType, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/types/user/%v", typeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("POST", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userType *UserType
-
-	resp, err := rq.Do(ctx, req, &userType)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userType, resp, nil
-}
-
-// Fetches a User Type by ID. The special identifier &#x60;default&#x60; may be used to fetch the default User Type.
-func (m *UserTypeResource) GetUserType(ctx context.Context, typeId string) (*UserType, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/types/user/%v", typeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userType *UserType
-
-	resp, err := rq.Do(ctx, req, &userType)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userType, resp, nil
-}
-
-// Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users
-func (m *UserTypeResource) DeleteUserType(ctx context.Context, typeId string) (*Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/types/user/%v", typeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("DELETE", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		return resp, err
-	}
-
-	return resp, nil
-}
-
-// Fetches all User Types in your org
-func (m *UserTypeResource) ListUserTypes(ctx context.Context) ([]*UserType, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/types/user")
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userType []*UserType
-
-	resp, err := rq.Do(ctx, req, &userType)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userType, resp, nil
-}
-
-// Replace an existing User Type
-func (m *UserTypeResource) ReplaceUserType(ctx context.Context, typeId string, body UserType) (*UserType, *Response, error) {
-	url := fmt.Sprintf("/api/v1/meta/types/user/%v", typeId)
-
-	rq := m.client.CloneRequestExecutor()
-
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, body)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var userType *UserType
-
-	resp, err := rq.Do(ctx, req, &userType)
-	if err != nil {
-		return nil, resp, err
-	}
-
-	return userType, resp, nil
-}
diff --git a/okta/userTypeCondition.go b/okta/userTypeCondition.go
deleted file mode 100644
index 044a9e907..000000000
--- a/okta/userTypeCondition.go
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserTypeCondition struct {
-	Exclude []string `json:"exclude,omitempty"`
-	Include []string `json:"include,omitempty"`
-}
-
-func NewUserTypeCondition() *UserTypeCondition {
-	return &UserTypeCondition{}
-}
-
-func (a *UserTypeCondition) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/userVerificationEnum.go b/okta/userVerificationEnum.go
deleted file mode 100644
index 8bf6970df..000000000
--- a/okta/userVerificationEnum.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type UserVerificationEnum string
diff --git a/okta/utils.go b/okta/utils.go
new file mode 100644
index 000000000..708f555ec
--- /dev/null
+++ b/okta/utils.go
@@ -0,0 +1,342 @@
+/*
+Okta Admin Management
+
+Allows customers to easily access the Okta Management APIs
+
+Copyright 2018 - Present Okta, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+API version: 4.0.0
+Contact: devex-public@okta.com
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+package okta
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// PtrBool is a helper routine that returns a pointer to given boolean value.
+func PtrBool(v bool) *bool { return &v }
+
+// PtrInt is a helper routine that returns a pointer to given integer value.
+func PtrInt(v int) *int { return &v }
+
+// PtrInt32 is a helper routine that returns a pointer to given integer value.
+func PtrInt32(v int32) *int32 { return &v }
+
+// PtrInt64 is a helper routine that returns a pointer to given integer value.
+func PtrInt64(v int64) *int64 { return &v }
+
+// PtrFloat32 is a helper routine that returns a pointer to given float value.
+func PtrFloat32(v float32) *float32 { return &v }
+
+// PtrFloat64 is a helper routine that returns a pointer to given float value.
+func PtrFloat64(v float64) *float64 { return &v }
+
+// PtrString is a helper routine that returns a pointer to given string value.
+func PtrString(v string) *string { return &v }
+
+// PtrTime is helper routine that returns a pointer to given Time value.
+func PtrTime(v time.Time) *time.Time { return &v }
+
+type NullableBool struct {
+	value *bool
+	isSet bool
+}
+
+func (v NullableBool) Get() *bool {
+	return v.value
+}
+
+func (v *NullableBool) Set(val *bool) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableBool) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableBool) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableBool(val *bool) *NullableBool {
+	return &NullableBool{value: val, isSet: true}
+}
+
+func (v NullableBool) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableBool) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableInt struct {
+	value *int
+	isSet bool
+}
+
+func (v NullableInt) Get() *int {
+	return v.value
+}
+
+func (v *NullableInt) Set(val *int) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInt) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInt) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInt(val *int) *NullableInt {
+	return &NullableInt{value: val, isSet: true}
+}
+
+func (v NullableInt) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInt) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableInt32 struct {
+	value *int32
+	isSet bool
+}
+
+func (v NullableInt32) Get() *int32 {
+	return v.value
+}
+
+func (v *NullableInt32) Set(val *int32) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInt32) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInt32) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInt32(val *int32) *NullableInt32 {
+	return &NullableInt32{value: val, isSet: true}
+}
+
+func (v NullableInt32) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInt32) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableInt64 struct {
+	value *int64
+	isSet bool
+}
+
+func (v NullableInt64) Get() *int64 {
+	return v.value
+}
+
+func (v *NullableInt64) Set(val *int64) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableInt64) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableInt64) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableInt64(val *int64) *NullableInt64 {
+	return &NullableInt64{value: val, isSet: true}
+}
+
+func (v NullableInt64) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableInt64) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableFloat32 struct {
+	value *float32
+	isSet bool
+}
+
+func (v NullableFloat32) Get() *float32 {
+	return v.value
+}
+
+func (v *NullableFloat32) Set(val *float32) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFloat32) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFloat32) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFloat32(val *float32) *NullableFloat32 {
+	return &NullableFloat32{value: val, isSet: true}
+}
+
+func (v NullableFloat32) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFloat32) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableFloat64 struct {
+	value *float64
+	isSet bool
+}
+
+func (v NullableFloat64) Get() *float64 {
+	return v.value
+}
+
+func (v *NullableFloat64) Set(val *float64) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableFloat64) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableFloat64) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableFloat64(val *float64) *NullableFloat64 {
+	return &NullableFloat64{value: val, isSet: true}
+}
+
+func (v NullableFloat64) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableFloat64) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableString struct {
+	value *string
+	isSet bool
+}
+
+func (v NullableString) Get() *string {
+	return v.value
+}
+
+func (v *NullableString) Set(val *string) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableString) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableString) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableString(val *string) *NullableString {
+	return &NullableString{value: val, isSet: true}
+}
+
+func (v NullableString) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableString) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+type NullableTime struct {
+	value *time.Time
+	isSet bool
+}
+
+func (v NullableTime) Get() *time.Time {
+	return v.value
+}
+
+func (v *NullableTime) Set(val *time.Time) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableTime) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableTime) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableTime(val *time.Time) *NullableTime {
+	return &NullableTime{value: val, isSet: true}
+}
+
+func (v NullableTime) MarshalJSON() ([]byte, error) {
+	return v.value.MarshalJSON()
+}
+
+func (v *NullableTime) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
diff --git a/okta/validator.go b/okta/validator.go
deleted file mode 100644
index b41cb15fb..000000000
--- a/okta/validator.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package okta
-
-import (
-	"errors"
-	"strings"
-)
-
-func validateConfig(c *config) (*config, error) {
-	var err error
-
-	err = validateOktaDomain(c)
-	if err != nil {
-		return nil, err
-	}
-
-	if c.Okta.Client.AuthorizationMode == "SSWS" || c.Okta.Client.AuthorizationMode == "Bearer" {
-		err = validateAPIToken(c)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	err = validateAuthorization(c)
-	if err != nil {
-		return nil, err
-	}
-
-	return c, nil
-}
-
-func validateOktaDomain(c *config) error {
-	if c.Okta.Client.OrgUrl == "" {
-		return errors.New("your Okta URL is missing. You can copy your domain from the Okta Developer Console. Follow these instructions to find it: https://bit.ly/finding-okta-domain")
-	}
-
-	if strings.Contains(c.Okta.Client.OrgUrl, "{yourOktaDomain}") {
-		return errors.New("replace {yourOktaDomain} with your Okta domain. You can copy your domain from the Okta Developer Console. Follow these instructions to find it: https://bit.ly/finding-okta-domain")
-	}
-
-	if strings.Contains(c.Okta.Client.OrgUrl, "-admin.okta.com") ||
-		strings.Contains(c.Okta.Client.OrgUrl, "-admin.oktapreview.com") ||
-		strings.Contains(c.Okta.Client.OrgUrl, "-admin.okta-emea.com") {
-		return errors.New("your Okta domain should not contain -admin. Current value: " + c.Okta.Client.OrgUrl + ". You can copy your domain from the Okta Developer Console. Follow these instructions to find it: https://bit.ly/finding-okta-domain")
-	}
-
-	if strings.HasSuffix(c.Okta.Client.OrgUrl, ".com.com") {
-		return errors.New("it looks like there's a typo in your Okta domain. Current value: " + c.Okta.Client.OrgUrl + ". You can copy your domain from the Okta Developer Console. Follow these instructions to find it: https://bit.ly/finding-okta-domain")
-	}
-
-	if !c.Okta.Testing.DisableHttpsCheck && !strings.HasPrefix(c.Okta.Client.OrgUrl, "https://") {
-		return errors.New("your Okta URL must start with https. Current value: " + c.Okta.Client.OrgUrl + ". You can copy your domain from the Okta Developer Console. Follow these instructions to find it: https://bit.ly/finding-okta-domain")
-	}
-	return nil
-}
-
-func validateAPIToken(c *config) error {
-	if c.Okta.Client.Token == "" {
-		return errors.New("your Okta API token is missing. You can generate one in the Okta Developer Console. Follow these instructions: https://bit.ly/get-okta-api-token")
-	}
-
-	if strings.Contains(c.Okta.Client.Token, "{apiToken}") {
-		return errors.New("replace {apiToken} with your Okta API token. You can generate one in the Okta Developer Console. Follow these instructions: https://bit.ly/get-okta-api-token")
-	}
-	return nil
-}
-
-func validateAuthorization(c *config) error {
-	if c.Okta.Client.AuthorizationMode != "SSWS" &&
-		c.Okta.Client.AuthorizationMode != "PrivateKey" &&
-		c.Okta.Client.AuthorizationMode != "Bearer" &&
-		c.Okta.Client.AuthorizationMode != "JWT" {
-		return errors.New("the AuthorizaitonMode config option must be one of [SSWS, Bearer, PrivateKey, JWT]. You provided the SDK with " + c.Okta.Client.AuthorizationMode)
-	}
-
-	if c.Okta.Client.AuthorizationMode == "PrivateKey" &&
-		(c.Okta.Client.ClientId == "" ||
-			c.Okta.Client.Scopes == nil ||
-			(c.Okta.Client.PrivateKey == "" &&
-				c.PrivateKeySigner == nil)) {
-		return errors.New("when using AuthorizationMode 'PrivateKey', you must supply 'ClientId', 'Scopes', and 'PrivateKey' or 'PrivateKeySigner'")
-	}
-
-	if c.Okta.Client.AuthorizationMode == "JWT" && (c.Okta.Client.Scopes == nil || c.Okta.Client.ClientAssertion == "") {
-		return errors.New("when using AuthorizationMode 'JWT', you must supply 'Scopes', 'ClientAssertion'")
-	}
-
-	return nil
-}
diff --git a/okta/verificationMethod.go b/okta/verificationMethod.go
deleted file mode 100644
index 3ff91c83a..000000000
--- a/okta/verificationMethod.go
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type VerificationMethod struct {
-	Constraints      []*AccessPolicyConstraints `json:"constraints,omitempty"`
-	FactorMode       string                     `json:"factorMode,omitempty"`
-	InactivityPeriod string                     `json:"inactivityPeriod,omitempty"`
-	ReauthenticateIn string                     `json:"reauthenticateIn,omitempty"`
-	Type             string                     `json:"type,omitempty"`
-}
-
-func NewVerificationMethod() *VerificationMethod {
-	return &VerificationMethod{}
-}
-
-func (a *VerificationMethod) IsPolicyInstance() bool {
-	return true
-}
diff --git a/okta/verifyFactorRequest.go b/okta/verifyFactorRequest.go
deleted file mode 100644
index bb1ad41f1..000000000
--- a/okta/verifyFactorRequest.go
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type VerifyFactorRequest struct {
-	ActivationToken  string `json:"activationToken,omitempty"`
-	Answer           string `json:"answer,omitempty"`
-	Attestation      string `json:"attestation,omitempty"`
-	ClientData       string `json:"clientData,omitempty"`
-	NextPassCode     string `json:"nextPassCode,omitempty"`
-	PassCode         string `json:"passCode,omitempty"`
-	RegistrationData string `json:"registrationData,omitempty"`
-	StateToken       string `json:"stateToken,omitempty"`
-}
-
-func NewVerifyFactorRequest() *VerifyFactorRequest {
-	return &VerifyFactorRequest{}
-}
-
-func (a *VerifyFactorRequest) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/verifyUserFactorResponse.go b/okta/verifyUserFactorResponse.go
deleted file mode 100644
index 54fbc0f6f..000000000
--- a/okta/verifyUserFactorResponse.go
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type VerifyUserFactorResponse struct {
-	Embedded            interface{} `json:"_embedded,omitempty"`
-	Links               interface{} `json:"_links,omitempty"`
-	ExpiresAt           *time.Time  `json:"expiresAt,omitempty"`
-	FactorResult        string      `json:"factorResult,omitempty"`
-	FactorResultMessage string      `json:"factorResultMessage,omitempty"`
-}
-
-func NewVerifyUserFactorResponse() *VerifyUserFactorResponse {
-	return &VerifyUserFactorResponse{}
-}
-
-func (a *VerifyUserFactorResponse) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/webAuthnUserFactor.go b/okta/webAuthnUserFactor.go
deleted file mode 100644
index 0ca3a21d0..000000000
--- a/okta/webAuthnUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type WebAuthnUserFactor struct {
-	Embedded    interface{}                `json:"_embedded,omitempty"`
-	Links       interface{}                `json:"_links,omitempty"`
-	Created     *time.Time                 `json:"created,omitempty"`
-	FactorType  string                     `json:"factorType,omitempty"`
-	Id          string                     `json:"id,omitempty"`
-	LastUpdated *time.Time                 `json:"lastUpdated,omitempty"`
-	Provider    string                     `json:"provider,omitempty"`
-	Status      string                     `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest       `json:"verify,omitempty"`
-	Profile     *WebAuthnUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewWebAuthnUserFactor() *WebAuthnUserFactor {
-	return &WebAuthnUserFactor{
-		FactorType: "webauthn",
-	}
-}
-
-func (a *WebAuthnUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/webAuthnUserFactorProfile.go b/okta/webAuthnUserFactorProfile.go
deleted file mode 100644
index 3a31cd9dc..000000000
--- a/okta/webAuthnUserFactorProfile.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type WebAuthnUserFactorProfile struct {
-	AuthenticatorName string `json:"authenticatorName,omitempty"`
-	CredentialId      string `json:"credentialId,omitempty"`
-}
diff --git a/okta/webUserFactor.go b/okta/webUserFactor.go
deleted file mode 100644
index 249dfc47d..000000000
--- a/okta/webUserFactor.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type WebUserFactor struct {
-	Embedded    interface{}           `json:"_embedded,omitempty"`
-	Links       interface{}           `json:"_links,omitempty"`
-	Created     *time.Time            `json:"created,omitempty"`
-	FactorType  string                `json:"factorType,omitempty"`
-	Id          string                `json:"id,omitempty"`
-	LastUpdated *time.Time            `json:"lastUpdated,omitempty"`
-	Provider    string                `json:"provider,omitempty"`
-	Status      string                `json:"status,omitempty"`
-	Verify      *VerifyFactorRequest  `json:"verify,omitempty"`
-	Profile     *WebUserFactorProfile `json:"profile,omitempty"`
-}
-
-func NewWebUserFactor() *WebUserFactor {
-	return &WebUserFactor{
-		FactorType: "web",
-	}
-}
-
-func (a *WebUserFactor) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/webUserFactorProfile.go b/okta/webUserFactorProfile.go
deleted file mode 100644
index 47ad43186..000000000
--- a/okta/webUserFactorProfile.go
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type WebUserFactorProfile struct {
-	CredentialId string `json:"credentialId,omitempty"`
-}
-
-func NewWebUserFactorProfile() *WebUserFactorProfile {
-	return &WebUserFactorProfile{}
-}
-
-func (a *WebUserFactorProfile) IsUserFactorInstance() bool {
-	return true
-}
diff --git a/okta/wsFederationApplication.go b/okta/wsFederationApplication.go
deleted file mode 100644
index ae38f4ffc..000000000
--- a/okta/wsFederationApplication.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-import (
-	"time"
-)
-
-type WsFederationApplication struct {
-	Embedded      interface{}                      `json:"_embedded,omitempty"`
-	Links         interface{}                      `json:"_links,omitempty"`
-	Accessibility *ApplicationAccessibility        `json:"accessibility,omitempty"`
-	Created       *time.Time                       `json:"created,omitempty"`
-	Credentials   *ApplicationCredentials          `json:"credentials,omitempty"`
-	Features      []string                         `json:"features,omitempty"`
-	Id            string                           `json:"id,omitempty"`
-	Label         string                           `json:"label,omitempty"`
-	LastUpdated   *time.Time                       `json:"lastUpdated,omitempty"`
-	Licensing     *ApplicationLicensing            `json:"licensing,omitempty"`
-	Name          string                           `json:"name,omitempty"`
-	Profile       interface{}                      `json:"profile,omitempty"`
-	Settings      *WsFederationApplicationSettings `json:"settings,omitempty"`
-	SignOnMode    string                           `json:"signOnMode,omitempty"`
-	Status        string                           `json:"status,omitempty"`
-	Visibility    *ApplicationVisibility           `json:"visibility,omitempty"`
-}
-
-func NewWsFederationApplication() *WsFederationApplication {
-	return &WsFederationApplication{
-		Name:       "template_wsfed",
-		SignOnMode: "WS_FEDERATION",
-	}
-}
-
-func (a *WsFederationApplication) IsApplicationInstance() bool {
-	return true
-}
diff --git a/okta/wsFederationApplicationSettings.go b/okta/wsFederationApplicationSettings.go
deleted file mode 100644
index 9297385eb..000000000
--- a/okta/wsFederationApplicationSettings.go
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type WsFederationApplicationSettings struct {
-	App                *WsFederationApplicationSettingsApplication `json:"app,omitempty"`
-	ImplicitAssignment *bool                                       `json:"implicitAssignment,omitempty"`
-	InlineHookId       string                                      `json:"inlineHookId,omitempty"`
-	Notes              *ApplicationSettingsNotes                   `json:"notes,omitempty"`
-	Notifications      *ApplicationSettingsNotifications           `json:"notifications,omitempty"`
-}
diff --git a/okta/wsFederationApplicationSettingsApplication.go b/okta/wsFederationApplicationSettingsApplication.go
deleted file mode 100644
index c064ad952..000000000
--- a/okta/wsFederationApplicationSettingsApplication.go
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
- */
-
-// Code generated by okta openapi generator. DO NOT EDIT.
-
-package okta
-
-type WsFederationApplicationSettingsApplication struct {
-	AttributeStatements  string `json:"attributeStatements"`
-	AudienceRestriction  string `json:"audienceRestriction,omitempty"`
-	AuthnContextClassRef string `json:"authnContextClassRef,omitempty"`
-	GroupFilter          string `json:"groupFilter,omitempty"`
-	GroupName            string `json:"groupName,omitempty"`
-	GroupValueFormat     string `json:"groupValueFormat,omitempty"`
-	NameIDFormat         string `json:"nameIDFormat,omitempty"`
-	Realm                string `json:"realm,omitempty"`
-	SiteURL              string `json:"siteURL,omitempty"`
-	UsernameAttribute    string `json:"usernameAttribute,omitempty"`
-	WReplyOverride       *bool  `json:"wReplyOverride,omitempty"`
-	WReplyURL            string `json:"wReplyURL,omitempty"`
-}
diff --git a/openapi/.gitignore b/openapi/.gitignore
deleted file mode 100644
index 5cec2c1b1..000000000
--- a/openapi/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-node_modules
-package-lock.json
-spec.json
-yarn.lock
diff --git a/openapi/generator/cleanFiles.js b/openapi/generator/cleanFiles.js
deleted file mode 100644
index 1e7b4e878..000000000
--- a/openapi/generator/cleanFiles.js
+++ /dev/null
@@ -1,15 +0,0 @@
-let fs = require("fs")
-
-let filesJson = fs.readFileSync("./generator/createdFiles.json")
-
-try {
-  for (let file of JSON.parse(filesJson)) {
-    fs.unlinkSync("../" + file.dest)
-  }
-} catch (e) {
-
-}
-
-fs.writeFile("./generator/createdFiles.json", JSON.stringify(""), function(error) {
-  console.log(error)
-});
diff --git a/openapi/generator/createdFiles.json b/openapi/generator/createdFiles.json
deleted file mode 100644
index 214f76b11..000000000
--- a/openapi/generator/createdFiles.json
+++ /dev/null
@@ -1 +0,0 @@
-[{"src":"templates/query.go.hbs","dest":"okta/query/query.go","context":{"queryOptions":[{"name":"q","type":"string"},{"name":"after","type":"string"},{"name":"limit","type":"int64"},{"name":"filter","type":"string"},{"name":"expand","type":"string"},{"name":"includeNonDeleted","type":"bool"},{"name":"activate","type":"bool"},{"name":"validityYears","type":"int64"},{"name":"targetAid","type":"string"},{"name":"kid","type":"string"},{"name":"query_scope","type":"string"},{"name":"sendEmail","type":"bool"},{"name":"cursor","type":"string"},{"name":"mode","type":"string"},{"name":"search","type":"string"},{"name":"removeUsers","type":"bool"},{"name":"disableNotifications","type":"bool"},{"name":"type","type":"string"},{"name":"targetIdpId","type":"string"},{"name":"since","type":"string"},{"name":"until","type":"string"},{"name":"sortOrder","type":"string"},{"name":"sourceId","type":"string"},{"name":"targetId","type":"string"},{"name":"status","type":"string"},{"name":"templateType","type":"string"},{"name":"sortBy","type":"string"},{"name":"provider","type":"bool"},{"name":"nextLogin","type":"string"},{"name":"strict","type":"bool"},{"name":"updatePhone","type":"bool"},{"name":"templateId","type":"string"},{"name":"tokenLifetimeSeconds","type":"int64"},{"name":"scopeId","type":"string"},{"name":"oauthTokens","type":"bool"}]}},{"src":"templates/okta.go.hbs","dest":"okta/okta.go","context":{"operations":[{"path":"/api/v1/apps","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters apps by status, user.id, group.id or credentials.signing.kid expression","in":"query","name":"filter","type":"string"},{"description":"Traverses users link relationship and optionally embeds Application User resource","in":"query","name":"expand","type":"string"},{"default":false,"in":"query","name":"includeNonDeleted","type":"boolean"}],"pathParams":[],"operationId":"listApplications","description":"Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.","summary":"List Applications","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Application"},"type":"array"}}},"parameters":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters apps by status, user.id, group.id or credentials.signing.kid expression","in":"query","name":"filter","type":"string"},{"description":"Traverses users link relationship and optionally embeds Application User resource","in":"query","name":"expand","type":"string"},{"default":false,"in":"query","name":"includeNonDeleted","type":"boolean"}],"formData":[],"responseModel":"Application","isArray":true},{"path":"/api/v1/apps","method":"post","queryParams":[{"default":true,"description":"Executes activation lifecycle operation when creating the app","in":"query","name":"activate","type":"boolean"}],"pathParams":[],"operationId":"createApplication","description":"Adds a new application to your Okta organization.","summary":"Add Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}},{"default":true,"description":"Executes activation lifecycle operation when creating the app","in":"query","name":"activate","type":"boolean"},{"in":"header","name":"OktaAccessGateway-Agent","type":"string"}],"bodyModel":"Application","formData":[],"responseModel":"Application"},{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"},{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"},{"path":"/api/v1/apps/{appId}/connections/default","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getDefaultProvisioningConnectionForApplication","description":"Get default Provisioning Connection for application","summary":"Fetches the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ProvisioningConnection"},{"path":"/api/v1/apps/{appId}/connections/default","method":"post","queryParams":[{"in":"query","name":"activate","type":"boolean"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"setDefaultProvisioningConnectionForApplication","description":"Set default Provisioning Connection for application","summary":"Sets the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"profile","required":true,"schema":{"$ref":"#/definitions/ProvisioningConnectionRequest"}},{"in":"query","name":"activate","type":"boolean"}],"bodyModel":"ProvisioningConnectionRequest","formData":[],"responseModel":"ProvisioningConnection"},{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateDefaultProvisioningConnectionForApplication","description":"Activates the default Provisioning Connection for an application.","summary":"Activate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateDefaultProvisioningConnectionForApplication","description":"Deactivates the default Provisioning Connection for an application.","summary":"Deactivate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true},{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"},{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"},{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/apps/{appId}/credentials/secrets","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listClientSecretsForApplication","description":"Enumerates the client's collection of secrets","summary":"List client secrets","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ClientSecret"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret","isArray":true},{"path":"/api/v1/apps/{appId}/credentials/secrets","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"createNewClientSecretForApplication","description":"Adds a new secret to the client's collection of secrets.","summary":"Add new client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/ClientSecretMetadata"}}],"bodyModel":"ClientSecretMetadata","formData":[],"responseModel":"ClientSecret"},{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"deleteClientSecretForApplication","description":"Removes a secret from the client's collection of secrets.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"getClientSecretForApplication","description":"Gets a specific client secret by secretId","summary":"Get client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret"},{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"activateClientSecretForApplication","description":"Activates a specific client secret by secretId","summary":"Activate a client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret"},{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"deactivateClientSecretForApplication","description":"Deactivates a specific client secret by secretId","summary":"Deactivate a client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret"},{"path":"/api/v1/apps/{appId}/features","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listFeaturesForApplication","description":"List Features for application","summary":"Fetches the Feature objects for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationFeature"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature","isArray":true},{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"},{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"},{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true},{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"},{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"},{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true},{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteApplicationGroupAssignment","description":"Removes a group assignment from an application.","summary":"Remove Group from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"},{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"},{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]},{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/sso/saml/metadata","method":"get","queryParams":[{"description":"unique key identifier of an Application Key Credential","in":"query","name":"kid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"previewSAMLAppMetadata","description":"Previews SAML metadata based on a specific key credential for an application","tags":["Application"],"consumes":["application/json"],"produces":["application/xml"],"responses":{"200":{"description":"Success","schema":{"properties":{"EntityDescriptor":{"properties":{"IDPSSODescriptor":{"properties":{"KeyDescriptor":{"properties":{"KeyInfo":{"properties":{"X509Data":{"properties":{"X509Certificate":{"type":"string"}},"type":"object"}},"type":"object"},"use":{"type":"string","xml":{"attribute":true}}},"type":"object"},"NameIDFormat":{"items":{"type":"string"},"type":"array"},"SingleLogoutService":{"items":{"type":"string"},"properties":{"Binding":{"type":"string","xml":{"attribute":true}},"Location":{"type":"string","xml":{"attribute":true}}},"type":"array"},"SingleSignOnService":{"items":{"type":"string"},"properties":{"Binding":{"type":"string","xml":{"attribute":true}},"Location":{"type":"string","xml":{"attribute":true}}},"type":"array"},"WantAuthnRequestsSigned":{"type":"boolean","xml":{"attribute":true}},"protocolSupportEnumeration":{"type":"string","xml":{"attribute":true}}},"type":"object"},"entityID":{"type":"string","xml":{"attribute":true}}},"type":"object"}},"type":"object"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"description":"unique key identifier of an Application Key Credential","in":"query","name":"kid","required":true,"type":"string"}],"formData":[],"returnType":"object"},{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true},{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"},{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true},{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"},{"path":"/api/v1/apps/{appId}/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deleteApplicationUser","description":"Removes an assignment for a user from an application.","summary":"Remove User from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]},{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"},{"path":"/api/v1/apps/{appId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateApplicationUser","description":"Updates a user's profile for an application","summary":"Update Application Profile for Assigned User","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"},{"path":"/api/v1/authenticators","method":"get","queryParams":[],"pathParams":[],"operationId":"listAuthenticators","description":"List Authenticators","summary":"Lists all available Authenticators","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Authenticator"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"Authenticator","isArray":true},{"path":"/api/v1/authenticators","method":"post","queryParams":[{"in":"query","name":"activate","type":"boolean"}],"pathParams":[],"operationId":"createAuthenticator","description":"Create Authenticator","summary":"Create an Authenticator","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"query","name":"activate","type":"boolean"},{"in":"body","name":"authenticator","required":true,"schema":{"$ref":"#/definitions/Authenticator"}}],"bodyModel":"Authenticator","formData":[],"responseModel":"Authenticator"},{"path":"/api/v1/authenticators/{authenticatorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"getAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"},{"path":"/api/v1/authenticators/{authenticatorId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"updateAuthenticator","description":"Updates an authenticator","summary":"Update Authenticator","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"},{"in":"body","name":"authenticator","required":true,"schema":{"$ref":"#/definitions/Authenticator"}}],"bodyModel":"Authenticator","formData":[],"responseModel":"Authenticator"},{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"activateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"},{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"deactivateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"},{"path":"/api/v1/authorizationServers","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"limit","type":"string"},{"in":"query","name":"after","type":"string"}],"pathParams":[],"operationId":"listAuthorizationServers","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServer"},"type":"array"}}},"parameters":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"limit","type":"string"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"AuthorizationServer","isArray":true},{"path":"/api/v1/authorizationServers","method":"post","queryParams":[],"pathParams":[],"operationId":"createAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}},"201":{"description":"Created"}},"parameters":[{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"},{"path":"/api/v1/authorizationServers/{authServerId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"getAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServer"},{"path":"/api/v1/authorizationServers/{authServerId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"updateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"},{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Claims","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Claim"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2Claim"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"},{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"deleteOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"getOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim"},{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"updateOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"},{"path":"/api/v1/authorizationServers/{authServerId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2ClientsForAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"},{"path":"/api/v1/authorizationServers/{authServerId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"rotateAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"use","required":true,"schema":{"$ref":"#/definitions/JwkUse"}}],"bodyModel":"JwkUse","formData":[],"responseModel":"JsonWebKey","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"activateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicies","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicy"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}},"201":{"description":"Created"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy"},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicy","description":"Activate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicy","description":"Deactivate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicyRules","description":"Enumerates all policy rules for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicyRule","description":"Creates a policy rule for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicyRule","description":"Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicyRule","description":"Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule"},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicyRule","description":"Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicyRule","description":"Activate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicyRule","description":"Deactivate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Scopes","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Scope"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Scope","isArray":true},{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"},{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"deleteOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"getOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Scope"},{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"updateOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"},{"path":"/api/v1/brands","method":"get","queryParams":[],"pathParams":[],"operationId":"listBrands","description":"List all the brands in your org.","summary":"List Brands","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Brand"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"Brand","isArray":true},{"path":"/api/v1/brands/{brandId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"getBrand","description":"Fetches a brand by `brandId`","summary":"Get Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"}],"formData":[],"responseModel":"Brand"},{"path":"/api/v1/brands/{brandId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"updateBrand","description":"Updates a brand by `brandId`","summary":"Update Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"400":{"description":"Bad Request"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"body","name":"brand","required":true,"schema":{"$ref":"#/definitions/Brand"}}],"bodyModel":"Brand","formData":[],"responseModel":"Brand"},{"path":"/api/v1/brands/{brandId}/templates/email","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of email templates.","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of results returned (maximum 200)","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"listEmailTemplates","description":"List email templates in your organization with pagination.","summary":"List Email Templates","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EmailTemplate"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of email templates.","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of results returned (maximum 200)","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"EmailTemplate","isArray":true},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplate","description":"Fetch an email template by templateName","summary":"Get Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplate"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplate"},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomizations","description":"Delete all customizations for an email template. Also known as “Reset to Default”.","summary":"Delete Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"listEmailTemplateCustomizations","description":"List all email customizations for an email template","summary":"List Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EmailTemplateCustomization"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization","isArray":true},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"createEmailTemplateCustomization","description":"Create an email customization","summary":"Create Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomization","description":"Delete an email customization","summary":"Delete Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomization","description":"Fetch an email customization by id.","summary":"Get Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization"},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"updateEmailTemplateCustomization","description":"Update an email customization","summary":"Update Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomizationPreview","description":"Get a preview of an email template customization.","summary":"Get Preview Content of Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContent","description":"Fetch the default content for an email template.","summary":"Get Default Content of Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContentPreview","description":"Fetch a preview of an email template's default content by populating velocity references with the current user's environment.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"},{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/test","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"sendTestEmail","description":"Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateTestRequest"}}],"bodyModel":"EmailTemplateTestRequest","formData":[]},{"path":"/api/v1/brands/{brandId}/themes","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"listBrandThemes","description":"List all the themes in your brand","summary":"Get Brand Themes","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ThemeResponse"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"}],"formData":[],"responseModel":"ThemeResponse","isArray":true},{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"getBrandTheme","description":"Fetches a theme for a brand","summary":"Get a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[],"responseModel":"ThemeResponse"},{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"updateBrandTheme","description":"Updates a theme for a brand","summary":"Update a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"body","name":"theme","required":true,"schema":{"$ref":"#/definitions/Theme"}}],"bodyModel":"Theme","formData":[],"responseModel":"ThemeResponse"},{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeBackgroundImage","description":"Deletes a Theme background image","summary":"Deletes a Theme background image","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeBackgroundImage","description":"Updates the background image for your Theme","summary":"Updates the background image for your Theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"},{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeFavicon","description":"Deletes a Theme favicon. The org then uses the Okta default favicon.","summary":"Deletes a Theme favicon. The org then uses the Okta default favicon.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeFavicon","description":"Updates the favicon for your theme","summary":"Updates the favicon for your theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"},{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeLogo","description":"Deletes a Theme logo. The org then uses the Okta default logo.","summary":"Deletes a Theme logo. The org then uses the Okta default logo.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeLogo","description":"Updates the logo for your Theme","summary":"Update a themes logo","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"},{"path":"/api/v1/domains","method":"get","queryParams":[],"pathParams":[],"operationId":"listDomains","description":"List all verified custom Domains for the org.","summary":"List Domains","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/DomainListResponse"}}},"parameters":[],"formData":[],"responseModel":"DomainListResponse"},{"path":"/api/v1/domains","method":"post","queryParams":[],"pathParams":[],"operationId":"createDomain","description":"Creates your domain.","summary":"Create Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Domain"}}},"parameters":[{"in":"body","name":"domain","required":true,"schema":{"$ref":"#/definitions/Domain"}}],"bodyModel":"Domain","formData":[],"responseModel":"Domain"},{"path":"/api/v1/domains/{domainId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"deleteDomain","description":"Deletes a Domain by `id`.","summary":"Delete Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/domains/{domainId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"getDomain","description":"Fetches a Domain by `id`.","summary":"Get Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Domain"}}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"}],"formData":[],"responseModel":"Domain"},{"path":"/api/v1/domains/{domainId}/certificate","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"createCertificate","description":"Creates the Certificate for the Domain.","summary":"Create Certificate","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"},{"in":"body","name":"certificate","required":true,"schema":{"$ref":"#/definitions/DomainCertificate"}}],"bodyModel":"DomainCertificate","formData":[]},{"path":"/api/v1/domains/{domainId}/verify","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"verifyDomain","description":"Verifies the Domain by `id`.","summary":"Verify Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Domain"}}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"}],"formData":[],"responseModel":"Domain"},{"path":"/api/v1/eventHooks","method":"get","queryParams":[],"pathParams":[],"operationId":"listEventHooks","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EventHook"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"EventHook","isArray":true},{"path":"/api/v1/eventHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"},{"path":"/api/v1/eventHooks/{eventHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deleteEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/eventHooks/{eventHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"getEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"},{"path":"/api/v1/eventHooks/{eventHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"updateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"},{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"},{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"activateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"},{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deactivateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"},{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/verify","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"verifyEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"},{"path":"/api/v1/features","method":"get","queryParams":[],"pathParams":[],"operationId":"listFeatures","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"Feature","isArray":true},{"path":"/api/v1/features/{featureId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"getFeature","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature"},{"path":"/api/v1/features/{featureId}/dependencies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependencies","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true},{"path":"/api/v1/features/{featureId}/dependents","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependents","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true},{"path":"/api/v1/features/{featureId}/{lifecycle}","method":"post","queryParams":[{"in":"query","name":"mode","type":"string"}],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"}],"operationId":"updateFeatureLifecycle","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"},{"in":"query","name":"mode","type":"string"}],"formData":[],"responseModel":"Feature"},{"path":"/api/v1/groups","method":"get","queryParams":[{"description":"Searches the name property of groups for matching value","in":"query","name":"q","type":"string"},{"description":"Filter expression for groups","in":"query","name":"filter","type":"string"},{"description":"Specifies the pagination cursor for the next page of groups","in":"query","name":"after","type":"string"},{"default":10000,"description":"Specifies the number of group results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"If specified, it causes additional metadata to be included in the response.","in":"query","name":"expand","type":"string"},{"description":"Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass","in":"query","name":"search","type":"string"}],"pathParams":[],"operationId":"listGroups","description":"Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.","summary":"List Groups","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"description":"Searches the name property of groups for matching value","in":"query","name":"q","type":"string"},{"description":"Filter expression for groups","in":"query","name":"filter","type":"string"},{"description":"Specifies the pagination cursor for the next page of groups","in":"query","name":"after","type":"string"},{"default":10000,"description":"Specifies the number of group results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"If specified, it causes additional metadata to be included in the response.","in":"query","name":"expand","type":"string"},{"description":"Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass","in":"query","name":"search","type":"string"}],"formData":[],"responseModel":"Group","isArray":true},{"path":"/api/v1/groups","method":"post","queryParams":[],"pathParams":[],"operationId":"createGroup","description":"Adds a new group with `OKTA_GROUP` type to your organization.","summary":"Add Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"body","name":"group","required":true,"schema":{"$ref":"#/definitions/Group"}}],"bodyModel":"Group","formData":[],"responseModel":"Group"},{"path":"/api/v1/groups/rules","method":"get","queryParams":[{"default":50,"description":"Specifies the number of rule results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Specifies the pagination cursor for the next page of rules","in":"query","name":"after","type":"string"},{"description":"Specifies the keyword to search fules for","in":"query","name":"search","type":"string"},{"description":"If specified as `groupIdToGroupNameMap`, then show group names","in":"query","name":"expand","type":"string","x-okta-added-version":"1.3.0"}],"pathParams":[],"operationId":"listGroupRules","description":"Lists all group rules for your organization.","summary":"List Group Rules","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/GroupRule"},"type":"array"}}},"parameters":[{"default":50,"description":"Specifies the number of rule results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Specifies the pagination cursor for the next page of rules","in":"query","name":"after","type":"string"},{"description":"Specifies the keyword to search fules for","in":"query","name":"search","type":"string"},{"description":"If specified as `groupIdToGroupNameMap`, then show group names","in":"query","name":"expand","type":"string","x-okta-added-version":"1.3.0"}],"formData":[],"responseModel":"GroupRule","isArray":true},{"path":"/api/v1/groups/rules","method":"post","queryParams":[],"pathParams":[],"operationId":"createGroupRule","description":"Creates a group rule to dynamically add users to the specified group if they match the condition","summary":"Create Group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"body","name":"groupRule","required":true,"schema":{"$ref":"#/definitions/GroupRule"}}],"bodyModel":"GroupRule","formData":[],"responseModel":"GroupRule"},{"path":"/api/v1/groups/rules/{ruleId}","method":"delete","queryParams":[{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteGroupRule","description":"Removes a specific group rule by id from your organization","summary":"Delete a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"Accepted"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"formData":[]},{"path":"/api/v1/groups/rules/{ruleId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getGroupRule","description":"Fetches a specific group rule by id from your organization","summary":"Get Group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"GroupRule"},{"path":"/api/v1/groups/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateGroupRule","description":"Updates a group rule. Only `INACTIVE` rules can be updated.","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"groupRule","required":true,"schema":{"$ref":"#/definitions/GroupRule"}}],"bodyModel":"GroupRule","formData":[],"responseModel":"GroupRule"},{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateGroupRule","description":"Activates a specific group rule by id from your organization","summary":"Activate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateGroupRule","description":"Deactivates a specific group rule by id from your organization","summary":"Deactivate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteGroup","description":"Removes a group with `OKTA_GROUP` type from your organization.","summary":"Remove Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getGroup","description":"Fetches a group from your organization.","summary":"List Group Rules","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[],"responseModel":"Group"},{"path":"/api/v1/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"updateGroup","description":"Updates the profile for a group with `OKTA_GROUP` type from your organization.","summary":"Update Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"group","required":true,"schema":{"$ref":"#/definitions/Group"}}],"bodyModel":"Group","formData":[],"responseModel":"Group"},{"path":"/api/v1/groups/{groupId}/apps","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listAssignedApplicationsForGroup","description":"Enumerates all applications that are assigned to a group.","summary":"List Assigned Applications","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Application"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Application","isArray":true},{"path":"/api/v1/groups/{groupId}/roles","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listGroupAssignedRoles","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Role"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Role","isArray":true},{"path":"/api/v1/groups/{groupId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"assignRoleToGroup","description":"Assigns a Role to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}},"201":{"description":"Success"}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"},{"path":"/api/v1/groups/{groupId}/roles/{roleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"removeRoleFromGroup","description":"Unassigns a Role from a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/roles/{roleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"getRole","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[],"responseModel":"Role"},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listApplicationTargetsForApplicationAdministratorRoleForGroup","description":"Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/CatalogApplication"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"CatalogApplication","isArray":true},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleGivenToGroup","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromAdministratorRoleGivenToGroup","description":"Remove App Instance Target to App Administrator Role given to a Group","summary":"Remove App Instance Target to App Administrator Role given to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationInstanceTargetToAppAdminRoleGivenToGroup","description":"Add App Instance Target to App Administrator Role given to a Group","summary":"Add App Instance Target to App Administrator Role given to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listGroupTargetsForGroupRole","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Group","isArray":true},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"operationId":"removeGroupTargetFromGroupAdministratorRoleGivenToGroup","description":"","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"operationId":"addGroupTargetToGroupAdministratorRoleForGroup","description":"","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/users","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listGroupUsers","description":"Enumerates all users that are a member of a group.","summary":"List Group Members","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/User"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"User","isArray":true},{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"removeUserFromGroup","description":"Removes a user from a group with 'OKTA_GROUP' type.","summary":"Remove User from Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"addUserToGroup","description":"Adds a user to a group with 'OKTA_GROUP' type.","summary":"Add User to Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/idps","method":"get","queryParams":[{"description":"Searches the name property of IdPs for matching value","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of IdPs","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of IdP results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters IdPs by type","in":"query","name":"type","type":"string"}],"pathParams":[],"operationId":"listIdentityProviders","description":"Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.","summary":"List Identity Providers","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProvider"},"type":"array"}}},"parameters":[{"description":"Searches the name property of IdPs for matching value","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of IdPs","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of IdP results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters IdPs by type","in":"query","name":"type","type":"string"}],"formData":[],"responseModel":"IdentityProvider","isArray":true},{"path":"/api/v1/idps","method":"post","queryParams":[],"pathParams":[],"operationId":"createIdentityProvider","description":"Adds a new IdP to your organization.","summary":"Add Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"},{"path":"/api/v1/idps/credentials/keys","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of keys","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of key results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[],"operationId":"listIdentityProviderKeys","description":"Enumerates IdP key credentials.","summary":"List Keys","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"description":"Specifies the pagination cursor for the next page of keys","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of key results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},{"path":"/api/v1/idps/credentials/keys","method":"post","queryParams":[],"pathParams":[],"operationId":"createIdentityProviderKey","description":"Adds a new X.509 certificate credential to the IdP key store.","summary":"Add X.509 Certificate Public Key","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"body","name":"jsonWebKey","required":true,"schema":{"$ref":"#/definitions/JsonWebKey"}}],"bodyModel":"JsonWebKey","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/credentials/keys/{keyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"deleteIdentityProviderKey","description":"Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP.","summary":"Delete Key","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/idps/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getIdentityProviderKey","description":"Gets a specific IdP Key Credential by `kid`","summary":"Get Key","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deleteIdentityProvider","description":"Removes an IdP from your organization.","summary":"Delete Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/idps/{idpId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"getIdentityProvider","description":"Fetches an IdP by `id`.","summary":"Get Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"},{"path":"/api/v1/idps/{idpId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"updateIdentityProvider","description":"Updates the configuration for an IdP.","summary":"Update Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"},{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listCsrsForIdentityProvider","description":"Enumerates Certificate Signing Requests for an IdP","summary":"List Certificate Signing Requests for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true},{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateCsrForIdentityProvider","description":"Generates a new key pair and returns a Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"},{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrForIdentityProvider","description":"Revoke a Certificate Signing Request and delete the key pair from the IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForIdentityProvider","description":"Gets a specific Certificate Signing Request model by id","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"},{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderSigningKeys","description":"Enumerates signing key credentials for an IdP","summary":"List Signing Key Credentials for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},{"path":"/api/v1/idps/{idpId}/credentials/keys/generate","method":"post","queryParams":[{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateIdentityProviderSigningKey","description":"Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP","summary":"Generate New IdP Signing Key Credential","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getIdentityProviderSigningKey","description":"Gets a specific IdP Key Credential by `kid`","summary":"Get Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneIdentityProviderKey","description":"Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP","summary":"Clone Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},{"path":"/api/v1/idps/{idpId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"activateIdentityProvider","description":"Activates an inactive IdP.","summary":"Activate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"},{"path":"/api/v1/idps/{idpId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deactivateIdentityProvider","description":"Deactivates an active IdP.","summary":"Deactivate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"},{"path":"/api/v1/idps/{idpId}/users","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderApplicationUsers","description":"Find all the users linked to an identity provider","summary":"Find Users","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProviderApplicationUser"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser","isArray":true},{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlinkUserFromIdentityProvider","description":"Removes the link between the Okta user and the IdP user.","summary":"Unlink User from IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getIdentityProviderApplicationUser","description":"Fetches a linked IdP user by ID","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser"},{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"linkUserToIdentityProvider","description":"Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type","summary":"Link a user to a Social IdP without a transaction","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"userIdentityProviderLinkRequest","required":true,"schema":{"$ref":"#/definitions/UserIdentityProviderLinkRequest"}}],"bodyModel":"UserIdentityProviderLinkRequest","formData":[],"responseModel":"IdentityProviderApplicationUser"},{"path":"/api/v1/idps/{idpId}/users/{userId}/credentials/tokens","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSocialAuthTokens","description":"Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.","summary":"Social Authentication Token Operation","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SocialAuthToken"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SocialAuthToken","isArray":true},{"path":"/api/v1/inlineHooks","method":"get","queryParams":[{"in":"query","name":"type","type":"string"}],"pathParams":[],"operationId":"listInlineHooks","description":"Success","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/InlineHook"},"type":"array"}}},"parameters":[{"in":"query","name":"type","type":"string"}],"formData":[],"responseModel":"InlineHook","isArray":true},{"path":"/api/v1/inlineHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createInlineHook","description":"Success","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"},{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deleteInlineHook","description":"Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"getInlineHook","description":"Gets an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"},{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"updateInlineHook","description":"Updates an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"},{"path":"/api/v1/inlineHooks/{inlineHookId}/execute","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"executeInlineHook","description":"Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHookResponse"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"payloadData","required":true,"schema":{"$ref":"#/definitions/InlineHookPayload"}}],"bodyModel":"InlineHookPayload","formData":[],"responseModel":"InlineHookResponse"},{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"activateInlineHook","description":"Activates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"},{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deactivateInlineHook","description":"Deactivates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"},{"path":"/api/v1/logs","method":"get","queryParams":[{"format":"date-time","in":"query","name":"since","type":"string"},{"format":"date-time","in":"query","name":"until","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"q","type":"string"},{"default":100,"in":"query","name":"limit","type":"integer"},{"default":"ASCENDING","in":"query","name":"sortOrder","type":"string"},{"in":"query","name":"after","type":"string"}],"pathParams":[],"operationId":"getLogs","description":"The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API","summary":"Fetch a list of events from your Okta organization system log.","tags":["Log"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/LogEvent"},"type":"array"}}},"parameters":[{"format":"date-time","in":"query","name":"since","type":"string"},{"format":"date-time","in":"query","name":"until","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"q","type":"string"},{"default":100,"in":"query","name":"limit","type":"integer"},{"default":"ASCENDING","in":"query","name":"sortOrder","type":"string"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"LogEvent","isArray":true},{"path":"/api/v1/mappings","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"sourceId","type":"string"},{"default":"","in":"query","name":"targetId","type":"string"}],"pathParams":[],"operationId":"listProfileMappings","description":"Enumerates Profile Mappings in your organization with pagination.","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ProfileMapping"},"type":"array"}}},"parameters":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"sourceId","type":"string"},{"default":"","in":"query","name":"targetId","type":"string"}],"formData":[],"responseModel":"ProfileMapping","isArray":true},{"path":"/api/v1/mappings/{mappingId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"getProfileMapping","description":"Fetches a single Profile Mapping referenced by its ID.","summary":"Get Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"formData":[],"responseModel":"ProfileMapping"},{"path":"/api/v1/mappings/{mappingId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"updateProfileMapping","description":"Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.","summary":"Update Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"},{"in":"body","name":"profileMapping","required":true,"schema":{"$ref":"#/definitions/ProfileMapping"}}],"bodyModel":"ProfileMapping","formData":[],"responseModel":"ProfileMapping"},{"path":"/api/v1/meta/schemas/apps/{appInstanceId}/default","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appInstanceId","required":true,"type":"string"}],"operationId":"getApplicationUserSchema","description":"Fetches the Schema for an App User","summary":"Fetches the Schema for an App User","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"appInstanceId","required":true,"type":"string"}],"formData":[],"responseModel":"UserSchema"},{"path":"/api/v1/meta/schemas/apps/{appInstanceId}/default","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appInstanceId","required":true,"type":"string"}],"operationId":"updateApplicationUserProfile","description":"Partial updates on the User Profile properties of the Application User Schema.","summary":"Partial updates on the User Profile properties of the Application User Schema.","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"appInstanceId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/UserSchema"}}],"bodyModel":"UserSchema","formData":[],"responseModel":"UserSchema"},{"path":"/api/v1/meta/schemas/group/default","method":"get","queryParams":[],"pathParams":[],"operationId":"getGroupSchema","description":"Fetches the group schema","summary":"Fetches the group schema","tags":["GroupSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GroupSchema"}}},"parameters":[],"formData":[],"responseModel":"GroupSchema"},{"path":"/api/v1/meta/schemas/group/default","method":"post","queryParams":[],"pathParams":[],"operationId":"updateGroupSchema","description":"Updates, adds ore removes one or more custom Group Profile properties in the schema","summary":"Updates, adds ore removes one or more custom Group Profile properties in the schema","tags":["GroupSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GroupSchema"}}},"parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/GroupSchema"}}],"bodyModel":"GroupSchema","formData":[],"responseModel":"GroupSchema"},{"path":"/api/v1/meta/schemas/user/linkedObjects","method":"get","queryParams":[],"pathParams":[],"operationId":"listLinkedObjectDefinitions","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/LinkedObject"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"LinkedObject","isArray":true},{"path":"/api/v1/meta/schemas/user/linkedObjects","method":"post","queryParams":[],"pathParams":[],"operationId":"addLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"body","name":"linkedObject","required":true,"schema":{"$ref":"#/definitions/LinkedObject"}}],"bodyModel":"LinkedObject","formData":[],"responseModel":"LinkedObject"},{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"deleteLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"getLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[],"responseModel":"LinkedObject"},{"path":"/api/v1/meta/schemas/user/{schemaId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"schemaId","required":true,"type":"string"}],"operationId":"getUserSchema","description":"Fetches the schema for a Schema Id.","summary":"Fetches the schema for a Schema Id.","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"schemaId","required":true,"type":"string"}],"formData":[],"responseModel":"UserSchema"},{"path":"/api/v1/meta/schemas/user/{schemaId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"schemaId","required":true,"type":"string"}],"operationId":"updateUserProfile","description":"Partial updates on the User Profile properties of the user schema.","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"schemaId","required":true,"type":"string"},{"in":"body","name":"userSchema","required":true,"schema":{"$ref":"#/definitions/UserSchema"}}],"bodyModel":"UserSchema","formData":[],"responseModel":"UserSchema"},{"path":"/api/v1/meta/types/user","method":"get","queryParams":[],"pathParams":[],"operationId":"listUserTypes","description":"Fetches all User Types in your org","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserType"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"UserType","isArray":true},{"path":"/api/v1/meta/types/user","method":"post","queryParams":[],"pathParams":[],"operationId":"createUserType","description":"Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"},{"path":"/api/v1/meta/types/user/{typeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"deleteUserType","description":"Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/meta/types/user/{typeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"getUserType","description":"Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[],"responseModel":"UserType"},{"path":"/api/v1/meta/types/user/{typeId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"updateUserType","description":"Updates an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"},{"path":"/api/v1/meta/types/user/{typeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"replaceUserType","description":"Replace an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"},{"path":"/api/v1/org","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgSettings","description":"Get settings of your organization.","summary":"Get org settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgSetting"},{"path":"/api/v1/org","method":"post","queryParams":[],"pathParams":[],"operationId":"partialUpdateOrgSetting","description":"Partial update settings of your organization.","summary":"Partial update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"},{"path":"/api/v1/org","method":"put","queryParams":[],"pathParams":[],"operationId":"updateOrgSetting","description":"Update settings of your organization.","summary":"Update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"},{"path":"/api/v1/org/contacts","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgContactTypes","description":"Gets Contact Types of your organization.","summary":"Get org contact types","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OrgContactTypeObj"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"OrgContactTypeObj","isArray":true},{"path":"/api/v1/org/contacts/{contactType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"getOrgContactUser","description":"Retrieves the URL of the User associated with the specified Contact Type.","summary":"Get org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"}],"formData":[],"responseModel":"OrgContactUser"},{"path":"/api/v1/org/contacts/{contactType}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"updateOrgContactUser","description":"Updates the User associated with the specified Contact Type.","summary":"Update org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"},{"in":"body","name":"userId","required":true,"schema":{"$ref":"#/definitions/UserIdString"}}],"bodyModel":"UserIdString","formData":[],"responseModel":"OrgContactUser"},{"path":"/api/v1/org/logo","method":"post","queryParams":[],"pathParams":[],"operationId":"updateOrgLogo","description":"Updates the logo for your organization.","summary":"Update org logo","tags":["Org"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"}},"parameters":[{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]},{"path":"/api/v1/org/preferences","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgPreferences","description":"Gets preferences of your organization.","summary":"Get org preferences","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"},{"path":"/api/v1/org/preferences/hideEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"hideOktaUIFooter","description":"Hide the Okta UI footer for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"},{"path":"/api/v1/org/preferences/showEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"showOktaUIFooter","description":"Makes the Okta UI footer visible for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"},{"path":"/api/v1/org/privacy/oktaCommunication","method":"get","queryParams":[],"pathParams":[],"operationId":"getOktaCommunicationSettings","description":"Gets Okta Communication Settings of your organization.","summary":"Get Okta Communication Settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"},{"path":"/api/v1/org/privacy/oktaCommunication/optIn","method":"post","queryParams":[],"pathParams":[],"operationId":"optInUsersToOktaCommunicationEmails","description":"Opts in all users of this org to Okta Communication emails.","summary":"Opt in all users to Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"},{"path":"/api/v1/org/privacy/oktaCommunication/optOut","method":"post","queryParams":[],"pathParams":[],"operationId":"optOutUsersFromOktaCommunicationEmails","description":"Opts out all users of this org from Okta Communication emails.","summary":"Opt out all users from Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"},{"path":"/api/v1/org/privacy/oktaSupport","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgOktaSupportSettings","description":"Gets Okta Support Settings of your organization.","summary":"Get Okta Support settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"},{"path":"/api/v1/org/privacy/oktaSupport/extend","method":"post","queryParams":[],"pathParams":[],"operationId":"extendOktaSupport","description":"Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"},{"path":"/api/v1/org/privacy/oktaSupport/grant","method":"post","queryParams":[],"pathParams":[],"operationId":"grantOktaSupport","description":"Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.","summary":"Grant Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"},{"path":"/api/v1/org/privacy/oktaSupport/revoke","method":"post","queryParams":[],"pathParams":[],"operationId":"revokeOktaSupport","description":"Revokes Okta Support access to your organization.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"},{"path":"/api/v1/policies","method":"get","queryParams":[{"in":"query","name":"type","required":true,"type":"string"},{"in":"query","name":"status","type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[],"operationId":"listPolicies","description":"Gets all policies with the specified type.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Policy"},"type":"array"}}},"parameters":[{"in":"query","name":"type","required":true,"type":"string"},{"in":"query","name":"status","type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy","isArray":true},{"path":"/api/v1/policies","method":"post","queryParams":[{"default":true,"in":"query","name":"activate","type":"boolean"}],"pathParams":[],"operationId":"createPolicy","description":"Creates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"default":true,"in":"query","name":"activate","type":"boolean"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"},{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"},{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"},{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true},{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"},{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"},{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"},{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"operationId":"listRoleSubscriptions","description":"When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role","summary":"List all subscriptions of a Custom Role","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true},{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getRoleSubscriptionByNotificationType","description":"When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.","summary":"Get subscriptions of a Custom Role with a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"},{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeRoleSubscriptionByNotificationType","description":"When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Subscribe a Custom Role to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeRoleSubscriptionByNotificationType","description":"When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Unsubscribe a Custom Role from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/sessions","method":"post","queryParams":[],"pathParams":[],"operationId":"createSession","description":"Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.","summary":"Create Session with Session Token","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}},"400":{"description":"Bad Request"}},"parameters":[{"in":"body","name":"createSessionRequest","required":true,"schema":{"$ref":"#/definitions/CreateSessionRequest"}}],"bodyModel":"CreateSessionRequest","formData":[],"responseModel":"Session"},{"path":"/api/v1/sessions/{sessionId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"endSession","description":"","summary":"Close Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/sessions/{sessionId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"getSession","description":"Get details about a session.","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"},{"path":"/api/v1/sessions/{sessionId}/lifecycle/refresh","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"refreshSession","description":"","summary":"Refresh Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"},{"path":"/api/v1/templates/sms","method":"get","queryParams":[{"in":"query","name":"templateType","type":"string","model":"SmsTemplateType"}],"pathParams":[],"operationId":"listSmsTemplates","description":"Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.","summary":"List SMS Templates","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SmsTemplate"},"type":"array"}}},"parameters":[{"in":"query","name":"templateType","type":"string","model":"SmsTemplateType"}],"formData":[],"responseModel":"SmsTemplate","isArray":true},{"path":"/api/v1/templates/sms","method":"post","queryParams":[],"pathParams":[],"operationId":"createSmsTemplate","description":"Adds a new custom SMS template to your organization.","summary":"Add SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"},{"path":"/api/v1/templates/sms/{templateId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"deleteSmsTemplate","description":"Removes an SMS template.","summary":"Remove SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/templates/sms/{templateId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"getSmsTemplate","description":"Fetches a specific template by `id`","summary":"Get SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[],"responseModel":"SmsTemplate"},{"path":"/api/v1/templates/sms/{templateId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"partialUpdateSmsTemplate","description":"Updates only some of the SMS template properties:","summary":"Partial SMS Template Update","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"},{"path":"/api/v1/templates/sms/{templateId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"updateSmsTemplate","description":"Updates the SMS template.","summary":"Update SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"},{"path":"/api/v1/threats/configuration","method":"get","queryParams":[],"pathParams":[],"operationId":"getCurrentConfiguration","description":"Gets current ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[],"formData":[],"responseModel":"ThreatInsightConfiguration"},{"path":"/api/v1/threats/configuration","method":"post","queryParams":[],"pathParams":[],"operationId":"updateConfiguration","description":"Updates ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[{"in":"body","name":"ThreatInsightConfiguration","required":true,"schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}],"bodyModel":"ThreatInsightConfiguration","formData":[],"responseModel":"ThreatInsightConfiguration"},{"path":"/api/v1/trustedOrigins","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[],"operationId":"listOrigins","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/TrustedOrigin"},"type":"array"}}},"parameters":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"TrustedOrigin","isArray":true},{"path":"/api/v1/trustedOrigins","method":"post","queryParams":[],"pathParams":[],"operationId":"createOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"},{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"deleteOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"getOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"},{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"updateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"},{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"},{"path":"/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"activateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"},{"path":"/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"deactivateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"},{"path":"/api/v1/users","method":"get","queryParams":[{"description":"Finds a user that matches firstName, lastName, and email properties","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":10,"description":"Specifies the number of results returned","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters users with a supported expression for a subset of properties","in":"query","name":"filter","type":"string"},{"description":"Searches for users with a supported filtering  expression for most properties","in":"query","name":"search","type":"string"},{"in":"query","name":"sortBy","type":"string"},{"in":"query","name":"sortOrder","type":"string"}],"pathParams":[],"operationId":"listUsers","description":"Lists users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.","summary":"List Users","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/User"},"type":"array"}}},"parameters":[{"description":"Finds a user that matches firstName, lastName, and email properties","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":10,"description":"Specifies the number of results returned","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters users with a supported expression for a subset of properties","in":"query","name":"filter","type":"string"},{"description":"Searches for users with a supported filtering  expression for most properties","in":"query","name":"search","type":"string"},{"in":"query","name":"sortBy","type":"string"},{"in":"query","name":"sortOrder","type":"string"}],"formData":[],"responseModel":"User","isArray":true},{"path":"/api/v1/users","method":"post","queryParams":[{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"pathParams":[],"operationId":"createUser","description":"Creates a new user in your Okta organization with or without credentials.","summary":"Create User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/CreateUserRequest"}},{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"bodyModel":"CreateUserRequest","formData":[],"responseModel":"User"},{"path":"/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"operationId":"setLinkedObjectForUser","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateOrDeleteUser","description":"Deletes a user permanently.  This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**","summary":"Delete User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"ACCEPTED"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]},{"path":"/api/v1/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getUser","description":"Fetches a user from your Okta organization.","summary":"Get User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"},{"path":"/api/v1/users/{userId}","method":"post","queryParams":[{"in":"query","name":"strict","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"partialUpdateUser","description":"Update a user's profile or credentials with partial update semantics.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/User"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean"}],"bodyModel":"User","formData":[],"responseModel":"User"},{"path":"/api/v1/users/{userId}","method":"put","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateUser","description":"Update a user's profile and/or credentials using strict-update semantics.","summary":"Update User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/User"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"User","formData":[],"responseModel":"User"},{"path":"/api/v1/users/{userId}/appLinks","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAppLinks","description":"Fetches appLinks for all direct or indirect (via group membership) assigned applications.","summary":"Get Assigned App Links","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppLink"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"AppLink","isArray":true},{"path":"/api/v1/users/{userId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserClients","description":"Lists all client resources for which the specified user has grants or tokens.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true},{"path":"/api/v1/users/{userId}/clients/{clientId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeGrantsForUserAndClient","description":"Revokes all grants for the specified user and client","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/clients/{clientId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listGrantsForUserAndClient","description":"Lists all grants for a specified user and client","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true},{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeTokensForUserAndClient","description":"Revokes all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForUserAndClient","description":"Lists all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true},{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeTokenForUserAndClient","description":"Revokes the specified refresh token.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForUserAndClient","description":"Gets a refresh token issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"},{"path":"/api/v1/users/{userId}/credentials/change_password","method":"post","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changePassword","description":"Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential","summary":"Change Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"changePasswordRequest","required":true,"schema":{"$ref":"#/definitions/ChangePasswordRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"ChangePasswordRequest","formData":[],"responseModel":"UserCredentials"},{"path":"/api/v1/users/{userId}/credentials/change_recovery_question","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changeRecoveryQuestion","description":"Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential","summary":"Change Recovery Question","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"userCredentials","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"UserCredentials"},{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordGenerateOneTimeToken","description":"Generates a one-time token (OTT) that can be used to reset a user's password","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"ForgotPasswordResponse"},{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordSetNewPassword","description":"Sets a new password for a user by validating the user's answer to their current recovery question","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"ForgotPasswordResponse"},{"path":"/api/v1/users/{userId}/factors","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listFactors","description":"Enumerates all the enrolled factors for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true},{"path":"/api/v1/users/{userId}/factors","method":"post","queryParams":[{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"enrollFactor","description":"Enrolls a user with a supported factor.","summary":"Enroll Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"description":"Factor","in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/UserFactor"}},{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"bodyModel":"UserFactor","formData":[],"responseModel":"UserFactor"},{"path":"/api/v1/users/{userId}/factors/catalog","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedFactors","description":"Enumerates all the supported factors that can be enrolled for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true},{"path":"/api/v1/users/{userId}/factors/questions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedSecurityQuestions","description":"Enumerates all available security questions for a user's `question` factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SecurityQuestion"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SecurityQuestion","isArray":true},{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"getFactor","description":"Fetches a factor for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor"},{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"},{"path":"/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"path","name":"transactionId","required":true,"type":"string"}],"operationId":"getFactorTransactionStatus","description":"Polls factors verification transaction for status.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"path","name":"transactionId","required":true,"type":"string"}],"formData":[],"responseModel":"VerifyUserFactorResponse"},{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"},{"path":"/api/v1/users/{userId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"revokeUserGrants","description":"Revokes all grants for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/grants","method":"get","queryParams":[{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGrants","description":"Lists all grants for the specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true},{"path":"/api/v1/users/{userId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeUserGrant","description":"Revokes one grant for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getUserGrant","description":"Gets a grant for the specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"},{"path":"/api/v1/users/{userId}/groups","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGroups","description":"Fetches the groups of which the user is a member.","summary":"Get Member Groups","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Group","isArray":true},{"path":"/api/v1/users/{userId}/idps","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserIdentityProviders","description":"Lists the IdPs associated with the user.","summary":"Listing IdPs associated with a user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProvider"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider","isArray":true},{"path":"/api/v1/users/{userId}/lifecycle/activate","method":"post","queryParams":[{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"activateUser","description":"Activates a user.  This operation can only be performed on users with a `STAGED` status.  Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.  The user will have a status of `ACTIVE` when the activation process is complete.","summary":"Activate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"},{"path":"/api/v1/users/{userId}/lifecycle/deactivate","method":"post","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateUser","description":"Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.","summary":"Deactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]},{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"},{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePasswordAndGetTemporaryPassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` and the user's password is reset to a temporary password that is returned.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TempPassword"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"TempPassword"},{"path":"/api/v1/users/{userId}/lifecycle/reactivate","method":"post","queryParams":[{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"reactivateUser","description":"Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).","summary":"Reactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"},{"path":"/api/v1/users/{userId}/lifecycle/reset_factors","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetFactors","description":"This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.","summary":"Reset Factors","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/lifecycle/reset_password","method":"post","queryParams":[{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetPassword","description":"Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.","summary":"Reset Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ResetPasswordToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"ResetPasswordToken"},{"path":"/api/v1/users/{userId}/lifecycle/suspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"suspendUser","description":"Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.","summary":"Suspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/lifecycle/unlock","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlockUser","description":"Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status.  Users will be able to login with their current password.","summary":"Unlock User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/lifecycle/unsuspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unsuspendUser","description":"Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.","summary":"Unsuspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"removeLinkedObjectForUser","description":"Delete linked objects for a user, relationshipName can be ONLY a primary relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"getLinkedObjectsForUser","description":"Get linked objects for a user, relationshipName can be a primary or associated relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ResponseLinks"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"ResponseLinks","isArray":true},{"path":"/api/v1/users/{userId}/roles","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAssignedRolesForUser","description":"Lists all roles assigned to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Role"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Role","isArray":true},{"path":"/api/v1/users/{userId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"assignRoleToUser","description":"Assigns a role to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"},{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"removeRoleFromUser","description":"Unassigns a role from a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"getUserRole","description":"Gets role that is assigne to user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[],"responseModel":"Role"},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listApplicationTargetsForApplicationAdministratorRoleForUser","description":"Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/CatalogApplication"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"CatalogApplication","isArray":true},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"addAllAppsAsTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromApplicationAdministratorRoleForUser","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleForUser","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromAdministratorRoleForUser","description":"Remove App Instance Target to App Administrator Role given to a User","summary":"Remove App Instance Target to App Administrator Role given to a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationTargetToAppAdminRoleForUser","description":"Add App Instance Target to App Administrator Role given to a User","summary":"Add App Instance Target to App Administrator Role given to a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listGroupTargetsForRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Group","isArray":true},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"removeGroupTargetFromRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"addGroupTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/sessions","method":"delete","queryParams":[{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"clearUserSessions","description":"Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"formData":[]},{"path":"/api/v1/users/{userId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserSubscriptions","description":"List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"List subscriptions of a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true},{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getUserSubscriptionByNotificationType","description":"Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"Get the subscription of a User with a specific notification type","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"},{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeUserSubscriptionByNotificationType","description":"Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Subscribe to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeUserSubscriptionByNotificationType","description":"Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Unsubscribe from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/zones","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of network zones","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters zones by usage or id expression","in":"query","name":"filter","type":"string"}],"pathParams":[],"operationId":"listNetworkZones","description":"Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.","summary":"List Network Zones","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/NetworkZone"},"type":"array"}}},"parameters":[{"description":"Specifies the pagination cursor for the next page of network zones","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters zones by usage or id expression","in":"query","name":"filter","type":"string"}],"formData":[],"responseModel":"NetworkZone","isArray":true},{"path":"/api/v1/zones","method":"post","queryParams":[],"pathParams":[],"operationId":"createNetworkZone","description":"Adds a new network zone to your Okta organization.","summary":"Add Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"body","name":"zone","required":true,"schema":{"$ref":"#/definitions/NetworkZone"}}],"bodyModel":"NetworkZone","formData":[],"responseModel":"NetworkZone"},{"path":"/api/v1/zones/{zoneId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deleteNetworkZone","description":"Removes network zone.","summary":"Delete Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[]},{"path":"/api/v1/zones/{zoneId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"getNetworkZone","description":"Fetches a network zone from your Okta organization by `id`.","summary":"Get Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"},{"path":"/api/v1/zones/{zoneId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"updateNetworkZone","description":"Updates a network zone in your organization.","summary":"Update Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"},{"in":"body","name":"zone","required":true,"schema":{"$ref":"#/definitions/NetworkZone"}}],"bodyModel":"NetworkZone","formData":[],"responseModel":"NetworkZone"},{"path":"/api/v1/zones/{zoneId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"activateNetworkZone","description":"Activate Network Zone","summary":"Activate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"},{"path":"/api/v1/zones/{zoneId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deactivateNetworkZone","description":"Deactivates a network zone.","summary":"Deactivate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}],"models":[{"modelName":"AccessPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"ACCESS_POLICY"}},{"modelName":"AccessPolicyConstraint","properties":[{"propertyName":"methods","commonType":"array","isArray":true,"model":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"AccessPolicyConstraints","properties":[{"$ref":"#/definitions/KnowledgeConstraint","propertyName":"knowledge","commonType":"object","isObject":true,"model":"KnowledgeConstraint"},{"$ref":"#/definitions/PossessionConstraint","propertyName":"possession","commonType":"object","isObject":true,"model":"PossessionConstraint"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"AccessPolicyRule","properties":[{"$ref":"#/definitions/AccessPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"AccessPolicyRuleActions"},{"$ref":"#/definitions/AccessPolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"AccessPolicyRuleConditions"},{"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"ACCESS_POLICY"}},{"modelName":"AccessPolicyRuleActions","properties":[{"$ref":"#/definitions/AccessPolicyRuleApplicationSignOn","propertyName":"appSignOn","commonType":"object","isObject":true,"model":"AccessPolicyRuleApplicationSignOn"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"AccessPolicyRuleApplicationSignOn","properties":[{"propertyName":"access","commonType":"string"},{"$ref":"#/definitions/VerificationMethod","propertyName":"verificationMethod","commonType":"object","isObject":true,"model":"VerificationMethod"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"AccessPolicyRuleConditions","properties":[{"$ref":"#/definitions/DeviceAccessPolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DeviceAccessPolicyRuleCondition"},{"$ref":"#/definitions/AccessPolicyRuleCustomCondition","propertyName":"elCondition","commonType":"object","isObject":true,"model":"AccessPolicyRuleCustomCondition"},{"$ref":"#/definitions/UserTypeCondition","propertyName":"userType","commonType":"object","isObject":true,"model":"UserTypeCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"AccessPolicyRuleCustomCondition","properties":[{"propertyName":"condition","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"AcsEndpoint","properties":[{"propertyName":"index","commonType":"integer"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ActivateFactorRequest","properties":[{"propertyName":"attestation","commonType":"string"},{"propertyName":"clientData","commonType":"string"},{"propertyName":"passCode","commonType":"string"},{"propertyName":"registrationData","commonType":"string"},{"propertyName":"stateToken","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"AllowedForEnum","enum":["recovery","sso","any","none"],"tags":["Authenticator"]},{"modelName":"AppAndInstanceConditionEvaluatorAppOrInstance","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"name","commonType":"string"},{"enum":["APP_TYPE","APP"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"AppAndInstancePolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"AppAndInstanceConditionEvaluatorAppOrInstance"},{"propertyName":"include","commonType":"array","isArray":true,"model":"AppAndInstanceConditionEvaluatorAppOrInstance"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"AppInstancePolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"AppLink","properties":[{"readOnly":true,"propertyName":"appAssignmentId","commonType":"string"},{"readOnly":true,"propertyName":"appInstanceId","commonType":"string"},{"readOnly":true,"propertyName":"appName","commonType":"string"},{"readOnly":true,"propertyName":"credentialsSetup","commonType":"boolean"},{"readOnly":true,"propertyName":"hidden","commonType":"boolean"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"linkUrl","commonType":"string"},{"readOnly":true,"propertyName":"logoUrl","commonType":"string"},{"readOnly":true,"propertyName":"sortOrder","commonType":"integer"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"AppUser","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/AppUserCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"AppUserCredentials"},{"readOnly":true,"propertyName":"externalId","commonType":"string"},{"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastSync","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"passwordChanged","commonType":"dateTime"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"scope","commonType":"string"},{"readOnly":true,"propertyName":"status","commonType":"string"},{"readOnly":true,"propertyName":"statusChanged","commonType":"dateTime"},{"readOnly":true,"propertyName":"syncState","commonType":"string"}],"methods":[],"crud":[{"alias":"update","arguments":[{"dest":"appId","parentSrc":"appId"},{"dest":"userId","src":"id"},{"dest":"appUser","self":true}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateApplicationUser","description":"Updates a user's profile for an application","summary":"Update Application Profile for Assigned User","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"delete","arguments":[{"dest":"appId","parentSrc":"appId"},{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deleteApplicationUser","description":"Removes an assignment for a user from an application.","summary":"Remove User from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]}}],"tags":["Application"],"isExtensible":false},{"modelName":"AppUserCredentials","properties":[{"$ref":"#/definitions/AppUserPasswordCredential","propertyName":"password","commonType":"object","isObject":true,"model":"AppUserPasswordCredential"},{"propertyName":"userName","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"AppUserPasswordCredential","properties":[{"propertyName":"value","commonType":"password"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},{"modelName":"ApplicationAccessibility","properties":[{"propertyName":"errorRedirectUrl","commonType":"string"},{"propertyName":"loginRedirectUrl","commonType":"string"},{"propertyName":"selfService","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"$ref":"#/definitions/ApplicationCredentialsUsernameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"ApplicationCredentialsUsernameTemplate"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationCredentialsOAuthClient","properties":[{"propertyName":"autoKeyRotation","commonType":"boolean"},{"propertyName":"client_id","commonType":"string"},{"propertyName":"client_secret","commonType":"string"},{"propertyName":"pkce_required","commonType":"boolean"},{"$ref":"#/definitions/OAuthEndpointAuthenticationMethod","propertyName":"token_endpoint_auth_method","commonType":"enum","isEnum":true,"model":"OAuthEndpointAuthenticationMethod"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationCredentialsScheme","enum":["SHARED_USERNAME_AND_PASSWORD","EXTERNAL_PASSWORD_SYNC","EDIT_USERNAME_AND_PASSWORD","EDIT_PASSWORD_ONLY","ADMIN_SETS_CREDENTIALS"],"tags":["Application"]},{"modelName":"ApplicationCredentialsSigning","properties":[{"propertyName":"kid","commonType":"string"},{"readOnly":true,"propertyName":"lastRotated","commonType":"dateTime"},{"readOnly":true,"propertyName":"nextRotation","commonType":"dateTime"},{"propertyName":"rotationMode","commonType":"string"},{"$ref":"#/definitions/ApplicationCredentialsSigningUse","propertyName":"use","commonType":"enum","isEnum":true,"model":"ApplicationCredentialsSigningUse"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationCredentialsSigningUse","enum":["sig"],"tags":["AuthorizationServer"]},{"modelName":"ApplicationCredentialsUsernameTemplate","properties":[{"propertyName":"pushStatus","commonType":"string"},{"propertyName":"suffix","commonType":"string"},{"propertyName":"template","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationFeature","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/CapabilitiesObject","propertyName":"capabilities","commonType":"object","isObject":true,"model":"CapabilitiesObject"},{"propertyName":"description","commonType":"string"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[{"alias":"listFeaturesForApplication","operation":{"path":"/api/v1/apps/{appId}/features","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listFeaturesForApplication","description":"List Features for application","summary":"Fetches the Feature objects for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationFeature"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature","isArray":true}}],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationGroupAssignment","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[{"alias":"delete","arguments":[{"dest":"appId","parentSrc":"appId"},{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteApplicationGroupAssignment","description":"Removes a group assignment from an application.","summary":"Remove Group from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationLicensing","properties":[{"propertyName":"seatCount","commonType":"integer"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationSettingsNotes","properties":[{"propertyName":"admin","commonType":"string"},{"propertyName":"enduser","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationSettingsNotifications","properties":[{"$ref":"#/definitions/ApplicationSettingsNotificationsVpn","propertyName":"vpn","commonType":"object","isObject":true,"model":"ApplicationSettingsNotificationsVpn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationSettingsNotificationsVpn","properties":[{"propertyName":"helpUrl","commonType":"string"},{"propertyName":"message","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotificationsVpnNetwork","propertyName":"network","commonType":"object","isObject":true,"model":"ApplicationSettingsNotificationsVpnNetwork"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationSettingsNotificationsVpnNetwork","properties":[{"propertyName":"connection","commonType":"string"},{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationSignOnMode","enum":["BOOKMARK","BASIC_AUTH","BROWSER_PLUGIN","SECURE_PASSWORD_STORE","AUTO_LOGIN","WS_FEDERATION","SAML_2_0","OPENID_CONNECT","SAML_1_1"],"tags":["Application"]},{"modelName":"ApplicationVisibility","properties":[{"propertyName":"appLinks","commonType":"hash","isHash":true,"model":"boolean"},{"propertyName":"autoLaunch","commonType":"boolean"},{"propertyName":"autoSubmitToolbar","commonType":"boolean"},{"$ref":"#/definitions/ApplicationVisibilityHide","propertyName":"hide","commonType":"object","isObject":true,"model":"ApplicationVisibilityHide"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ApplicationVisibilityHide","properties":[{"propertyName":"iOS","commonType":"boolean"},{"propertyName":"web","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"AssignRoleRequest","properties":[{"$ref":"#/definitions/RoleType","readOnly":false,"propertyName":"type","commonType":"enum","isEnum":true,"model":"RoleType"}],"methods":[],"crud":[],"tags":["Role"],"isExtensible":false},{"modelName":"AuthenticationProvider","properties":[{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/AuthenticationProviderType","propertyName":"type","commonType":"enum","isEnum":true,"model":"AuthenticationProviderType"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"AuthenticationProviderType","enum":["ACTIVE_DIRECTORY","FEDERATION","LDAP","OKTA","SOCIAL","IMPORT"],"tags":["User"]},{"modelName":"Authenticator","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"key","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/AuthenticatorProvider","propertyName":"provider","commonType":"object","isObject":true,"model":"AuthenticatorProvider"},{"$ref":"#/definitions/AuthenticatorSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"AuthenticatorSettings"},{"$ref":"#/definitions/AuthenticatorStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"AuthenticatorStatus"},{"$ref":"#/definitions/AuthenticatorType","propertyName":"type","commonType":"enum","isEnum":true,"model":"AuthenticatorType"}],"methods":[{"alias":"activate","arguments":[{"dest":"authenticatorId","src":"id"}],"operation":{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"activateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"}},{"alias":"deactivate","arguments":[{"dest":"authenticatorId","src":"id"}],"operation":{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"deactivateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"}}],"crud":[{"alias":"read","arguments":[],"operation":{"path":"/api/v1/authenticators/{authenticatorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"getAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"}},{"alias":"update","arguments":[{"dest":"authenticatorId","src":"id"},{"dest":"authenticator","self":true}],"operation":{"path":"/api/v1/authenticators/{authenticatorId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"updateAuthenticator","description":"Updates an authenticator","summary":"Update Authenticator","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"},{"in":"body","name":"authenticator","required":true,"schema":{"$ref":"#/definitions/Authenticator"}}],"bodyModel":"Authenticator","formData":[],"responseModel":"Authenticator"}}],"tags":["Authenticator"],"isExtensible":false},{"modelName":"AuthenticatorProvider","properties":[{"$ref":"#/definitions/AuthenticatorProviderConfiguration","propertyName":"configuration","commonType":"object","isObject":true,"model":"AuthenticatorProviderConfiguration"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false},{"modelName":"AuthenticatorProviderConfiguration","properties":[{"propertyName":"authPort","commonType":"integer"},{"propertyName":"host","commonType":"string"},{"propertyName":"hostName","commonType":"string"},{"propertyName":"instanceId","commonType":"string"},{"propertyName":"integrationKey","commonType":"string"},{"propertyName":"secretKey","commonType":"string"},{"propertyName":"sharedSecret","commonType":"string"},{"$ref":"#/definitions/AuthenticatorProviderConfigurationUserNamePlate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"AuthenticatorProviderConfigurationUserNamePlate"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false},{"modelName":"AuthenticatorProviderConfigurationUserNamePlate","properties":[{"propertyName":"template","commonType":"string"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false},{"modelName":"AuthenticatorSettings","properties":[{"$ref":"#/definitions/AllowedForEnum","propertyName":"allowedFor","commonType":"enum","isEnum":true,"model":"AllowedForEnum"},{"propertyName":"appInstanceId","commonType":"string"},{"$ref":"#/definitions/ChannelBinding","propertyName":"channelBinding","commonType":"object","isObject":true,"model":"ChannelBinding"},{"$ref":"#/definitions/Compliance","propertyName":"compliance","commonType":"object","isObject":true,"model":"Compliance"},{"propertyName":"tokenLifetimeInMinutes","commonType":"integer"},{"$ref":"#/definitions/UserVerificationEnum","propertyName":"userVerification","commonType":"enum","isEnum":true,"model":"UserVerificationEnum"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false},{"modelName":"AuthenticatorStatus","enum":["ACTIVE","INACTIVE"],"tags":["Authenticator"]},{"modelName":"AuthenticatorType","enum":["app","password","security_question","phone","email","security_key","federated"],"tags":["Authenticator"]},{"modelName":"AuthorizationServer","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"audiences","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/AuthorizationServerCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"AuthorizationServerCredentials"},{"readOnly":true,"propertyName":"default","commonType":"boolean"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"enum":["ORG_URL","CUSTOM_URL","DYNAMIC"],"propertyName":"issuerMode","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"}],"methods":[{"alias":"listOAuth2Claims","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Claims","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Claim"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim","isArray":true}},{"alias":"createOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2Claim"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"}},{"alias":"deleteOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"deleteOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"getOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim"}},{"alias":"updateOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"updateOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"}},{"alias":"listOAuth2Clients","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2ClientsForAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true}},{"alias":"revokeRefreshTokensForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]}},{"alias":"listRefreshTokensForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true}},{"alias":"getRefreshTokenForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"}},{"alias":"revokeRefreshTokenForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"listKeys","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"rotateKeys","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"rotateAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"use","required":true,"schema":{"$ref":"#/definitions/JwkUse"}}],"bodyModel":"JwkUse","formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"activate","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"activateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicies","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicies","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicy"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy","isArray":true}},{"alias":"createPolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}},"201":{"description":"Created"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"deletePolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"getPolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"updatePolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"listOAuth2Scopes","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Scopes","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Scope"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Scope","isArray":true}},{"alias":"createOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"}},{"alias":"deleteOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"deleteOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"getOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Scope"}},{"alias":"updateOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"updateOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"}}],"crud":[{"alias":"create","arguments":[{"dest":"authorizationServer","self":true}],"operation":{"path":"/api/v1/authorizationServers","method":"post","queryParams":[],"pathParams":[],"operationId":"createAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}},"201":{"description":"Created"}},"parameters":[{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/authorizationServers/{authServerId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"getAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServer"}},{"alias":"update","arguments":[{"dest":"authServerId","src":"id"},{"dest":"authorizationServer","self":true}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"updateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"}},{"alias":"delete","arguments":[{"dest":"authServerId","src":"id"},{"dest":"authorizationServer","self":true}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]}}],"tags":["AuthorizationServer"],"isExtensible":false},{"modelName":"AuthorizationServerCredentials","properties":[{"$ref":"#/definitions/AuthorizationServerCredentialsSigningConfig","propertyName":"signing","commonType":"object","isObject":true,"model":"AuthorizationServerCredentialsSigningConfig"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"AuthorizationServerCredentialsRotationMode","enum":["AUTO","MANUAL"],"tags":["AuthorizationServer"]},{"modelName":"AuthorizationServerCredentialsSigningConfig","properties":[{"propertyName":"kid","commonType":"string"},{"readOnly":true,"propertyName":"lastRotated","commonType":"dateTime"},{"readOnly":true,"propertyName":"nextRotation","commonType":"dateTime"},{"$ref":"#/definitions/AuthorizationServerCredentialsRotationMode","propertyName":"rotationMode","commonType":"enum","isEnum":true,"model":"AuthorizationServerCredentialsRotationMode"},{"$ref":"#/definitions/AuthorizationServerCredentialsUse","propertyName":"use","commonType":"enum","isEnum":true,"model":"AuthorizationServerCredentialsUse"}],"methods":[],"crud":[],"tags":["AuthorizationServer"],"isExtensible":false},{"modelName":"AuthorizationServerCredentialsUse","enum":["sig"],"tags":["AuthorizationServer"]},{"modelName":"AuthorizationServerPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicyRules","description":"Enumerates all policy rules for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule","isArray":true}},{"alias":"createPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicyRule","description":"Creates a policy rule for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicyRule","description":"Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule"}},{"alias":"deletePolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicyRule","description":"Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicy","description":"Activate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicy","description":"Deactivate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["AuthorizationServer"],"isExtensible":false},{"modelName":"AuthorizationServerPolicyRule","properties":[{"$ref":"#/definitions/AuthorizationServerPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"AuthorizationServerPolicyRuleActions"},{"$ref":"#/definitions/AuthorizationServerPolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"AuthorizationServerPolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["RESOURCE_ACCESS"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicyRule","description":"Activate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicyRule","description":"Deactivate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicyRule","description":"Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicyRule","description":"Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["AuthorizationServerPolicy"],"isExtensible":false},{"modelName":"AuthorizationServerPolicyRuleActions","properties":[{"$ref":"#/definitions/TokenAuthorizationServerPolicyRuleAction","propertyName":"token","commonType":"object","isObject":true,"model":"TokenAuthorizationServerPolicyRuleAction"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false},{"modelName":"AuthorizationServerPolicyRuleConditions","properties":[{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false},{"modelName":"AutoLoginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"$ref":"#/definitions/AutoLoginApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"AutoLoginApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"AUTO_LOGIN"}},{"modelName":"AutoLoginApplicationSettings","properties":[{"$ref":"#/definitions/AutoLoginApplicationSettingsSignOn","propertyName":"signOn","commonType":"object","isObject":true,"model":"AutoLoginApplicationSettingsSignOn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"AutoLoginApplicationSettingsSignOn","properties":[{"propertyName":"loginUrl","commonType":"string"},{"propertyName":"redirectUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"BasicApplicationSettings","properties":[{"$ref":"#/definitions/BasicApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"BasicApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"BasicApplicationSettingsApplication","properties":[{"propertyName":"authURL","commonType":"string"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"BasicAuthApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"default":"template_basic_auth","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/BasicApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"BasicApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BASIC_AUTH"}},{"modelName":"BeforeScheduledActionPolicyRuleCondition","properties":[{"$ref":"#/definitions/Duration","propertyName":"duration","commonType":"object","isObject":true,"model":"Duration"},{"$ref":"#/definitions/ScheduledUserLifecycleAction","propertyName":"lifecycleAction","commonType":"object","isObject":true,"model":"ScheduledUserLifecycleAction"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"BookmarkApplication","properties":[{"default":"bookmark","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/BookmarkApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"BookmarkApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BOOKMARK"}},{"modelName":"BookmarkApplicationSettings","properties":[{"$ref":"#/definitions/BookmarkApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"BookmarkApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"BookmarkApplicationSettingsApplication","properties":[{"propertyName":"requestIntegration","commonType":"boolean"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"Brand","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"agreeToCustomPrivacyPolicy","commonType":"boolean"},{"propertyName":"customPrivacyPolicyUrl","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"removePoweredByOkta","commonType":"boolean"}],"methods":[],"crud":[{"alias":"read","arguments":[{"dest":"brandId","src":"id"}],"operation":{"path":"/api/v1/brands/{brandId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"getBrand","description":"Fetches a brand by `brandId`","summary":"Get Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"}],"formData":[],"responseModel":"Brand"}},{"alias":"update","arguments":[{"dest":"brandId","src":"id"},{"dest":"brand","self":true}],"operation":{"path":"/api/v1/brands/{brandId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"updateBrand","description":"Updates a brand by `brandId`","summary":"Update Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"400":{"description":"Bad Request"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"body","name":"brand","required":true,"schema":{"$ref":"#/definitions/Brand"}}],"bodyModel":"Brand","formData":[],"responseModel":"Brand"}}],"tags":["Brand"],"isExtensible":false},{"modelName":"BrowserPluginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"template_swa":"SwaApplication","template_swa3field":"SwaThreeFieldApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}},{"modelName":"CallUserFactor","properties":[{"$ref":"#/definitions/CallUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"CallUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"call"}},{"modelName":"CallUserFactorProfile","properties":[{"propertyName":"phoneExtension","commonType":"string"},{"propertyName":"phoneNumber","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"CapabilitiesCreateObject","properties":[{"$ref":"#/definitions/LifecycleCreateSettingObject","propertyName":"lifecycleCreate","commonType":"object","isObject":true,"model":"LifecycleCreateSettingObject"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"CapabilitiesObject","properties":[{"$ref":"#/definitions/CapabilitiesCreateObject","propertyName":"create","commonType":"object","isObject":true,"model":"CapabilitiesCreateObject"},{"$ref":"#/definitions/CapabilitiesUpdateObject","propertyName":"update","commonType":"object","isObject":true,"model":"CapabilitiesUpdateObject"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"CapabilitiesUpdateObject","properties":[{"$ref":"#/definitions/LifecycleDeactivateSettingObject","propertyName":"lifecycleDeactivate","commonType":"object","isObject":true,"model":"LifecycleDeactivateSettingObject"},{"$ref":"#/definitions/PasswordSettingObject","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordSettingObject"},{"$ref":"#/definitions/ProfileSettingObject","propertyName":"profile","commonType":"object","isObject":true,"model":"ProfileSettingObject"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"CatalogApplication","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"category","commonType":"string"},{"propertyName":"description","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"signOnModes","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/CatalogApplicationStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"CatalogApplicationStatus"},{"propertyName":"verificationStatus","commonType":"string"},{"propertyName":"website","commonType":"string"}],"methods":[],"crud":[],"tags":["Role"],"isExtensible":false},{"modelName":"CatalogApplicationStatus","enum":["ACTIVE","INACTIVE"],"tags":["Role"]},{"modelName":"ChangeEnum","enum":["KEEP_EXISTING","CHANGE"],"tags":["Application"]},{"modelName":"ChangePasswordRequest","properties":[{"$ref":"#/definitions/PasswordCredential","propertyName":"newPassword","commonType":"object","isObject":true,"model":"PasswordCredential"},{"$ref":"#/definitions/PasswordCredential","propertyName":"oldPassword","commonType":"object","isObject":true,"model":"PasswordCredential"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"ChannelBinding","properties":[{"$ref":"#/definitions/RequiredEnum","propertyName":"required","commonType":"enum","isEnum":true,"model":"RequiredEnum"},{"propertyName":"style","commonType":"string"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false},{"modelName":"ClientPolicyCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"ClientSecret","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"client_secret","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"secret_hash","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ClientSecretMetadata","properties":[{"propertyName":"client_secret","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"Compliance","properties":[{"$ref":"#/definitions/FipsEnum","propertyName":"fips","commonType":"enum","isEnum":true,"model":"FipsEnum"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false},{"modelName":"ContextPolicyRuleCondition","properties":[{"propertyName":"expression","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"CreateSessionRequest","properties":[{"propertyName":"sessionToken","commonType":"string"}],"methods":[],"crud":[],"tags":["Session"],"isExtensible":false},{"modelName":"CreateUserRequest","properties":[{"$ref":"#/definitions/UserCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"UserCredentials"},{"propertyName":"groupIds","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/UserProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"UserProfile"},{"$ref":"#/definitions/UserType","propertyName":"type","commonType":"object","isObject":true,"model":"UserType"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"Csr","properties":[{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"csr","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"kty","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"CsrMetadata","properties":[{"$ref":"#/definitions/CsrMetadataSubject","propertyName":"subject","commonType":"object","isObject":true,"model":"CsrMetadataSubject"},{"$ref":"#/definitions/CsrMetadataSubjectAltNames","propertyName":"subjectAltNames","commonType":"object","isObject":true,"model":"CsrMetadataSubjectAltNames"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"CsrMetadataSubject","properties":[{"propertyName":"commonName","commonType":"string"},{"propertyName":"countryName","commonType":"string"},{"propertyName":"localityName","commonType":"string"},{"propertyName":"organizationName","commonType":"string"},{"propertyName":"organizationalUnitName","commonType":"string"},{"propertyName":"stateOrProvinceName","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"CsrMetadataSubjectAltNames","properties":[{"propertyName":"dnsNames","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"CustomHotpUserFactor","properties":[{"propertyName":"factorProfileId","commonType":"string"},{"$ref":"#/definitions/CustomHotpUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"CustomHotpUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token:hotp"}},{"modelName":"CustomHotpUserFactorProfile","properties":[{"propertyName":"sharedSecret","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"DNSRecord","properties":[{"propertyName":"expiration","commonType":"string"},{"propertyName":"fqdn","commonType":"string"},{"$ref":"#/definitions/DNSRecordType","propertyName":"recordType","commonType":"enum","isEnum":true,"model":"DNSRecordType"},{"propertyName":"values","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false},{"modelName":"DNSRecordType","enum":["TXT","CNAME"],"tags":["Domain"]},{"modelName":"DeviceAccessPolicyRuleCondition","properties":[{"propertyName":"managed","commonType":"boolean"},{"propertyName":"registered","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"DevicePolicyRuleCondition","parent":{"modelName":"DevicePolicyRuleCondition","properties":[{"propertyName":"migrated","commonType":"boolean"},{"$ref":"#/definitions/DevicePolicyRuleConditionPlatform","propertyName":"platform","commonType":"object","isObject":true,"model":"DevicePolicyRuleConditionPlatform"},{"propertyName":"rooted","commonType":"boolean"},{"enum":["ANY","TRUSTED"],"propertyName":"trustLevel","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"DevicePolicyRuleCondition","properties":[{"propertyName":"migrated","commonType":"boolean"},{"$ref":"#/definitions/DevicePolicyRuleConditionPlatform","propertyName":"platform","commonType":"object","isObject":true,"model":"DevicePolicyRuleConditionPlatform"},{"propertyName":"rooted","commonType":"boolean"},{"enum":["ANY","TRUSTED"],"propertyName":"trustLevel","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"DevicePolicyRuleConditionPlatform","properties":[{"propertyName":"supportedMDMFrameworks","commonType":"array","isArray":true,"model":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"Domain","properties":[{"$ref":"#/definitions/DomainCertificateSourceType","propertyName":"certificateSourceType","commonType":"enum","isEnum":true,"model":"DomainCertificateSourceType"},{"propertyName":"dnsRecords","commonType":"array","isArray":true,"model":"DNSRecord"},{"propertyName":"domain","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/DomainCertificateMetadata","propertyName":"publicCertificate","commonType":"object","isObject":true,"model":"DomainCertificateMetadata"},{"$ref":"#/definitions/DomainValidationStatus","propertyName":"validationStatus","commonType":"enum","isEnum":true,"model":"DomainValidationStatus"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false},{"modelName":"DomainCertificate","properties":[{"propertyName":"certificate","commonType":"string"},{"propertyName":"certificateChain","commonType":"string"},{"propertyName":"privateKey","commonType":"string"},{"$ref":"#/definitions/DomainCertificateType","propertyName":"type","commonType":"enum","isEnum":true,"model":"DomainCertificateType"}],"methods":[{"alias":"createCertificate","arguments":[{"dest":"certificate","self":true}],"operation":{"path":"/api/v1/domains/{domainId}/certificate","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"createCertificate","description":"Creates the Certificate for the Domain.","summary":"Create Certificate","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"},{"in":"body","name":"certificate","required":true,"schema":{"$ref":"#/definitions/DomainCertificate"}}],"bodyModel":"DomainCertificate","formData":[]}}],"crud":[],"tags":["Domain"],"isExtensible":false},{"modelName":"DomainCertificateMetadata","properties":[{"propertyName":"expiration","commonType":"string"},{"propertyName":"fingerprint","commonType":"string"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false},{"modelName":"DomainCertificateSourceType","enum":["MANUAL","OKTA_MANAGED"],"tags":["Domain"]},{"modelName":"DomainCertificateType","enum":["PEM"],"tags":["Domain"]},{"modelName":"DomainListResponse","properties":[{"propertyName":"domains","commonType":"array","isArray":true,"model":"Domain"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false},{"modelName":"DomainValidationStatus","enum":["NOT_STARTED","IN_PROGRESS","VERIFIED","FAILED_TO_VERIFY","DOMAIN_TAKEN","COMPLETED"],"tags":["Domain"]},{"modelName":"Duration","properties":[{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"EmailTemplate","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"name","commonType":"string"}],"methods":[{"alias":"getEmailTemplate","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplate","description":"Fetch an email template by templateName","summary":"Get Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplate"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplate"}},{"alias":"deleteEmailTemplateCustomizations","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomizations","description":"Delete all customizations for an email template. Also known as “Reset to Default”.","summary":"Delete Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[]}},{"alias":"listEmailTemplateCustomizations","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"listEmailTemplateCustomizations","description":"List all email customizations for an email template","summary":"List Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EmailTemplateCustomization"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization","isArray":true}},{"alias":"createEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"createEmailTemplateCustomization","description":"Create an email customization","summary":"Create Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"}},{"alias":"deleteEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomization","description":"Delete an email customization","summary":"Delete Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[]}},{"alias":"getEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomization","description":"Fetch an email customization by id.","summary":"Get Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization"}},{"alias":"updateEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"updateEmailTemplateCustomization","description":"Update an email customization","summary":"Update Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"}},{"alias":"getEmailTemplateCustomizationPreview","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomizationPreview","description":"Get a preview of an email template customization.","summary":"Get Preview Content of Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"}},{"alias":"getEmailTemplateDefaultContent","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContent","description":"Fetch the default content for an email template.","summary":"Get Default Content of Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"}},{"alias":"getEmailTemplateDefaultContentPreview","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContentPreview","description":"Fetch a preview of an email template's default content by populating velocity references with the current user's environment.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"}},{"alias":"sendTestEmail","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/test","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"sendTestEmail","description":"Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateTestRequest"}}],"bodyModel":"EmailTemplateTestRequest","formData":[]}}],"crud":[{"alias":"read","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplate","description":"Fetch an email template by templateName","summary":"Get Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplate"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplate"}}],"tags":["Brands"],"isExtensible":false},{"modelName":"EmailTemplateContent","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"body","commonType":"string"},{"propertyName":"fromAddress","commonType":"string"},{"propertyName":"fromName","commonType":"string"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false},{"modelName":"EmailTemplateCustomization","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"body","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"isDefault","commonType":"boolean"},{"description":"unique under each email template","propertyName":"language","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false},{"modelName":"EmailTemplateCustomizationRequest","properties":[{"propertyName":"body","commonType":"string"},{"propertyName":"isDefault","commonType":"boolean"},{"description":"unique under each email template","propertyName":"language","commonType":"string"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false},{"modelName":"EmailTemplateTestRequest","properties":[{"propertyName":"customizationId","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false},{"modelName":"EmailTemplateTouchPointVariant","enum":["OKTA_DEFAULT","FULL_THEME"],"tags":["Brand"]},{"modelName":"EmailUserFactor","properties":[{"$ref":"#/definitions/EmailUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"EmailUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"email"}},{"modelName":"EmailUserFactorProfile","properties":[{"propertyName":"email","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"EnabledStatus","enum":["ENABLED","DISABLED"],"tags":["Common"]},{"modelName":"EndUserDashboardTouchPointVariant","enum":["OKTA_DEFAULT","WHITE_LOGO_BACKGROUND","FULL_THEME","LOGO_ON_FULL_WHITE_BACKGROUND"],"tags":["Brand"]},{"modelName":"ErrorPageTouchPointVariant","enum":["OKTA_DEFAULT","BACKGROUND_SECONDARY_COLOR","BACKGROUND_IMAGE"],"tags":["Brand"]},{"modelName":"EventHook","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/EventHookChannel","propertyName":"channel","commonType":"object","isObject":true,"model":"EventHookChannel"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"createdBy","commonType":"string"},{"$ref":"#/definitions/EventSubscriptions","propertyName":"events","commonType":"object","isObject":true,"model":"EventSubscriptions"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"enum":["UNVERIFIED","VERIFIED"],"propertyName":"verificationStatus","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"activateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}},{"alias":"deactivate","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deactivateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}},{"alias":"verify","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/verify","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"verifyEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}}],"crud":[{"alias":"create","arguments":[{"dest":"eventHook","self":true}],"operation":{"path":"/api/v1/eventHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/eventHooks/{eventHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"getEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}},{"alias":"update","arguments":[{"dest":"eventHookId","src":"id"},{"dest":"eventHook","self":true}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"updateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"},{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"}},{"alias":"delete","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deleteEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[]}}],"tags":["EventHook"],"isExtensible":false},{"modelName":"EventHookChannel","properties":[{"$ref":"#/definitions/EventHookChannelConfig","readOnly":false,"propertyName":"config","commonType":"object","isObject":true,"model":"EventHookChannelConfig"},{"enum":["HTTP"],"readOnly":false,"propertyName":"type","commonType":"string"},{"readOnly":false,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false},{"modelName":"EventHookChannelConfig","properties":[{"$ref":"#/definitions/EventHookChannelConfigAuthScheme","propertyName":"authScheme","commonType":"object","isObject":true,"model":"EventHookChannelConfigAuthScheme"},{"propertyName":"headers","commonType":"array","isArray":true,"model":"EventHookChannelConfigHeader"},{"propertyName":"uri","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false},{"modelName":"EventHookChannelConfigAuthScheme","properties":[{"propertyName":"key","commonType":"string"},{"$ref":"#/definitions/EventHookChannelConfigAuthSchemeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"EventHookChannelConfigAuthSchemeType"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false},{"modelName":"EventHookChannelConfigAuthSchemeType","enum":["HEADER"],"tags":["EventHook"]},{"modelName":"EventHookChannelConfigHeader","properties":[{"propertyName":"key","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false},{"modelName":"EventSubscriptions","properties":[{"propertyName":"items","commonType":"array","isArray":true,"model":"string"},{"enum":["EVENT_TYPE","FLOW_EVENT"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false},{"modelName":"FactorProvider","enum":["OKTA","RSA","FIDO","GOOGLE","SYMANTEC","DUO","YUBICO","CUSTOM","APPLE"],"tags":["UserFactor"]},{"modelName":"FactorResultType","enum":["SUCCESS","CHALLENGE","WAITING","FAILED","REJECTED","TIMEOUT","TIME_WINDOW_EXCEEDED","PASSCODE_REPLAYED","ERROR","CANCELLED"],"tags":["UserFactor"]},{"modelName":"FactorStatus","enum":["PENDING_ACTIVATION","ACTIVE","INACTIVE","NOT_SETUP","ENROLLED","DISABLED","EXPIRED"],"tags":["UserFactor"]},{"modelName":"FactorType","enum":["call","email","hotp","push","question","sms","token:hardware","token:hotp","token:software:totp","token","u2f","web","webauthn"],"tags":["UserFactor"]},{"modelName":"Feature","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/FeatureStage","propertyName":"stage","commonType":"object","isObject":true,"model":"FeatureStage"},{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"},{"$ref":"#/definitions/FeatureType","propertyName":"type","commonType":"enum","isEnum":true,"model":"FeatureType"}],"methods":[{"alias":"updateLifecycle","arguments":[{"dest":"featureId","src":"id"}],"operation":{"path":"/api/v1/features/{featureId}/{lifecycle}","method":"post","queryParams":[{"in":"query","name":"mode","type":"string"}],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"}],"operationId":"updateFeatureLifecycle","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"},{"in":"query","name":"mode","type":"string"}],"formData":[],"responseModel":"Feature"}},{"alias":"getDependents","arguments":[{"dest":"featureId","src":"id"}],"operation":{"path":"/api/v1/features/{featureId}/dependents","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependents","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true}},{"alias":"getDependencies","arguments":[{"dest":"featureId","src":"id"}],"operation":{"path":"/api/v1/features/{featureId}/dependencies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependencies","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true}}],"crud":[{"alias":"read","arguments":[],"operation":{"path":"/api/v1/features/{featureId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"getFeature","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature"}}],"tags":["Feature"],"isExtensible":false},{"modelName":"FeatureStage","properties":[{"$ref":"#/definitions/FeatureStageState","propertyName":"state","commonType":"enum","isEnum":true,"model":"FeatureStageState"},{"$ref":"#/definitions/FeatureStageValue","propertyName":"value","commonType":"enum","isEnum":true,"model":"FeatureStageValue"}],"methods":[],"crud":[],"tags":["Feature"],"isExtensible":false},{"modelName":"FeatureStageState","enum":["OPEN","CLOSED"],"tags":["Feature"]},{"modelName":"FeatureStageValue","enum":["EA","BETA"],"tags":["Feature"]},{"modelName":"FeatureType","enum":["self-service"],"tags":["Feature"]},{"modelName":"FipsEnum","enum":["REQUIRED","OPTIONAL"],"tags":["Authenticator"]},{"modelName":"ForgotPasswordResponse","properties":[{"readOnly":true,"propertyName":"resetPasswordUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"GrantTypePolicyRuleCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"Group","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastMembershipUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"objectClass","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/GroupProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"GroupProfile"},{"$ref":"#/definitions/GroupType","readOnly":true,"propertyName":"type","commonType":"enum","isEnum":true,"model":"GroupType"}],"methods":[{"alias":"removeUser","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"removeUserFromGroup","description":"Removes a user from a group with 'OKTA_GROUP' type.","summary":"Remove User from Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"listUsers","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/users","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listGroupUsers","description":"Enumerates all users that are a member of a group.","summary":"List Group Members","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/User"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"User","isArray":true}},{"alias":"listApplications","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/apps","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listAssignedApplicationsForGroup","description":"Enumerates all applications that are assigned to a group.","summary":"List Assigned Applications","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Application"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Application","isArray":true}},{"alias":"assignRole","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"assignRoleToGroup","description":"Assigns a Role to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}},"201":{"description":"Success"}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"}}],"crud":[{"alias":"update","arguments":[{"dest":"groupId","src":"id"},{"dest":"group","self":true}],"operation":{"path":"/api/v1/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"updateGroup","description":"Updates the profile for a group with `OKTA_GROUP` type from your organization.","summary":"Update Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"group","required":true,"schema":{"$ref":"#/definitions/Group"}}],"bodyModel":"Group","formData":[],"responseModel":"Group"}},{"alias":"delete","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteGroup","description":"Removes a group with `OKTA_GROUP` type from your organization.","summary":"Remove Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}}],"tags":["Group"],"isExtensible":false},{"modelName":"GroupCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"GroupPolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"GroupProfile","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"name","commonType":"string"}],"methods":[],"crud":[],"tags":["Group"],"isExtensible":true},{"modelName":"GroupRule","properties":[{"$ref":"#/definitions/GroupRuleAction","propertyName":"actions","commonType":"object","isObject":true,"model":"GroupRuleAction"},{"$ref":"#/definitions/GroupRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"GroupRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/GroupRuleStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"GroupRuleStatus"},{"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"}],"operation":{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateGroupRule","description":"Activates a specific group rule by id from your organization","summary":"Activate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"}],"operation":{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateGroupRule","description":"Deactivates a specific group rule by id from your organization","summary":"Deactivate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"groupRule","self":true}],"operation":{"path":"/api/v1/groups/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateGroupRule","description":"Updates a group rule. Only `INACTIVE` rules can be updated.","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"groupRule","required":true,"schema":{"$ref":"#/definitions/GroupRule"}}],"bodyModel":"GroupRule","formData":[],"responseModel":"GroupRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"}],"operation":{"path":"/api/v1/groups/rules/{ruleId}","method":"delete","queryParams":[{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteGroupRule","description":"Removes a specific group rule by id from your organization","summary":"Delete a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"Accepted"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"formData":[]}}],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupRuleAction","properties":[{"$ref":"#/definitions/GroupRuleGroupAssignment","propertyName":"assignUserToGroups","commonType":"object","isObject":true,"model":"GroupRuleGroupAssignment"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupRuleConditions","properties":[{"$ref":"#/definitions/GroupRuleExpression","propertyName":"expression","commonType":"object","isObject":true,"model":"GroupRuleExpression"},{"$ref":"#/definitions/GroupRulePeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"GroupRulePeopleCondition"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupRuleExpression","properties":[{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupRuleGroupAssignment","properties":[{"propertyName":"groupIds","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupRuleGroupCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupRulePeopleCondition","properties":[{"$ref":"#/definitions/GroupRuleGroupCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupRuleGroupCondition"},{"$ref":"#/definitions/GroupRuleUserCondition","propertyName":"users","commonType":"object","isObject":true,"model":"GroupRuleUserCondition"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupRuleStatus","enum":["ACTIVE","INACTIVE","INVALID"],"tags":["GroupRule"]},{"modelName":"GroupRuleUserCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false},{"modelName":"GroupSchema","properties":[{"readOnly":true,"propertyName":"$schema","commonType":"string"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"string"},{"$ref":"#/definitions/GroupSchemaDefinitions","propertyName":"definitions","commonType":"object","isObject":true,"model":"GroupSchemaDefinitions"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"string"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/UserSchemaProperties","readOnly":true,"propertyName":"properties","commonType":"object","isObject":true,"model":"UserSchemaProperties"},{"propertyName":"title","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false},{"modelName":"GroupSchemaAttribute","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"enum","commonType":"array","isArray":true,"model":"string"},{"propertyName":"externalName","commonType":"string"},{"propertyName":"externalNamespace","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeItems","propertyName":"items","commonType":"object","isObject":true,"model":"UserSchemaAttributeItems"},{"$ref":"#/definitions/UserSchemaAttributeMaster","propertyName":"master","commonType":"object","isObject":true,"model":"UserSchemaAttributeMaster"},{"propertyName":"maxLength","commonType":"integer"},{"propertyName":"minLength","commonType":"integer"},{"propertyName":"mutability","commonType":"string"},{"propertyName":"oneOf","commonType":"array","isArray":true,"model":"UserSchemaAttributeEnum"},{"propertyName":"permissions","commonType":"array","isArray":true,"model":"UserSchemaAttributePermission"},{"propertyName":"required","commonType":"boolean"},{"$ref":"#/definitions/UserSchemaAttributeScope","propertyName":"scope","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeScope"},{"propertyName":"title","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeType"},{"$ref":"#/definitions/UserSchemaAttributeUnion","propertyName":"union","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeUnion"},{"propertyName":"unique","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false},{"modelName":"GroupSchemaBase","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/GroupSchemaBaseProperties","propertyName":"properties","commonType":"object","isObject":true,"model":"GroupSchemaBaseProperties"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false},{"modelName":"GroupSchemaBaseProperties","properties":[{"$ref":"#/definitions/GroupSchemaAttribute","propertyName":"description","commonType":"object","isObject":true,"model":"GroupSchemaAttribute"},{"$ref":"#/definitions/GroupSchemaAttribute","propertyName":"name","commonType":"object","isObject":true,"model":"GroupSchemaAttribute"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false},{"modelName":"GroupSchemaCustom","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"properties","commonType":"hash","isHash":true,"model":"GroupSchemaAttribute"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false},{"modelName":"GroupSchemaDefinitions","properties":[{"$ref":"#/definitions/GroupSchemaBase","propertyName":"base","commonType":"object","isObject":true,"model":"GroupSchemaBase"},{"$ref":"#/definitions/GroupSchemaCustom","propertyName":"custom","commonType":"object","isObject":true,"model":"GroupSchemaCustom"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false},{"modelName":"GroupType","enum":["OKTA_GROUP","APP_GROUP","BUILT_IN"],"tags":["Group"]},{"modelName":"HardwareUserFactor","properties":[{"$ref":"#/definitions/HardwareUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"HardwareUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token:hardware"}},{"modelName":"HardwareUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"IdentityProvider","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"enum":["ORG_URL","CUSTOM_URL","DYNAMIC"],"propertyName":"issuerMode","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/IdentityProviderPolicy","propertyName":"policy","commonType":"object","isObject":true,"model":"IdentityProviderPolicy"},{"$ref":"#/definitions/Protocol","propertyName":"protocol","commonType":"object","isObject":true,"model":"Protocol"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"enum":["SAML2","GOOGLE","FACEBOOK","LINKEDIN","MICROSOFT","OIDC","OKTA","IWA","AgentlessDSSO","X509"],"propertyName":"type","commonType":"string","knownValues":["SAML2","GOOGLE","FACEBOOK","LINKEDIN","MICROSOFT","OIDC","OKTA","IWA","AgentlessDSSO","X509"]}],"methods":[{"alias":"listSigningCsrs","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listCsrsForIdentityProvider","description":"Enumerates Certificate Signing Requests for an IdP","summary":"List Certificate Signing Requests for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"generateCsr","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateCsrForIdentityProvider","description":"Generates a new key pair and returns a Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"deleteSigningCsr","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrForIdentityProvider","description":"Revoke a Certificate Signing Request and delete the key pair from the IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"getSigningCsr","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForIdentityProvider","description":"Gets a specific Certificate Signing Request model by id","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"listSigningKeys","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderSigningKeys","description":"Enumerates signing key credentials for an IdP","summary":"List Signing Key Credentials for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateSigningKey","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys/generate","method":"post","queryParams":[{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateIdentityProviderSigningKey","description":"Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP","summary":"Generate New IdP Signing Key Credential","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getSigningKey","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getIdentityProviderSigningKey","description":"Gets a specific IdP Key Credential by `kid`","summary":"Get Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"cloneKey","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneIdentityProviderKey","description":"Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP","summary":"Clone Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"activate","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"activateIdentityProvider","description":"Activates an inactive IdP.","summary":"Activate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"}},{"alias":"deactivate","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deactivateIdentityProvider","description":"Deactivates an active IdP.","summary":"Deactivate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"}},{"alias":"listUsers","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderApplicationUsers","description":"Find all the users linked to an identity provider","summary":"Find Users","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProviderApplicationUser"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser","isArray":true}},{"alias":"unlinkUser","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlinkUserFromIdentityProvider","description":"Removes the link between the Okta user and the IdP user.","summary":"Unlink User from IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"getUser","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getIdentityProviderApplicationUser","description":"Fetches a linked IdP user by ID","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser"}},{"alias":"linkUser","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"linkUserToIdentityProvider","description":"Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type","summary":"Link a user to a Social IdP without a transaction","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"userIdentityProviderLinkRequest","required":true,"schema":{"$ref":"#/definitions/UserIdentityProviderLinkRequest"}}],"bodyModel":"UserIdentityProviderLinkRequest","formData":[],"responseModel":"IdentityProviderApplicationUser"}},{"alias":"listSocialAuthTokens","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}/credentials/tokens","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSocialAuthTokens","description":"Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.","summary":"Social Authentication Token Operation","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SocialAuthToken"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SocialAuthToken","isArray":true}}],"crud":[{"alias":"create","arguments":[{"dest":"idpTrust","self":true}],"operation":{"path":"/api/v1/idps","method":"post","queryParams":[],"pathParams":[],"operationId":"createIdentityProvider","description":"Adds a new IdP to your organization.","summary":"Add Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/idps/{idpId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"getIdentityProvider","description":"Fetches an IdP by `id`.","summary":"Get Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"}},{"alias":"update","arguments":[{"dest":"idpId","src":"id"},{"dest":"idpTrust","self":true}],"operation":{"path":"/api/v1/idps/{idpId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"updateIdentityProvider","description":"Updates the configuration for an IdP.","summary":"Update Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"}},{"alias":"delete","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deleteIdentityProvider","description":"Removes an IdP from your organization.","summary":"Delete Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[]}}],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"IdentityProviderApplicationUser","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"created","commonType":"string"},{"propertyName":"externalId","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"lastUpdated","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"IdentityProviderCredentials","properties":[{"$ref":"#/definitions/IdentityProviderCredentialsClient","propertyName":"client","commonType":"object","isObject":true,"model":"IdentityProviderCredentialsClient"},{"$ref":"#/definitions/IdentityProviderCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"IdentityProviderCredentialsSigning"},{"$ref":"#/definitions/IdentityProviderCredentialsTrust","propertyName":"trust","commonType":"object","isObject":true,"model":"IdentityProviderCredentialsTrust"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"IdentityProviderCredentialsClient","properties":[{"propertyName":"client_id","commonType":"string"},{"propertyName":"client_secret","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"IdentityProviderCredentialsSigning","properties":[{"propertyName":"kid","commonType":"string"},{"propertyName":"privateKey","commonType":"string"},{"propertyName":"teamId","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"IdentityProviderCredentialsTrust","properties":[{"propertyName":"audience","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"propertyName":"kid","commonType":"string"},{"enum":["CRL","DELTA_CRL","OCSP"],"propertyName":"revocation","commonType":"string"},{"propertyName":"revocationCacheLifetime","commonType":"integer"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"IdentityProviderPolicy","properties":[{"$ref":"#/definitions/PolicyAccountLink","propertyName":"accountLink","commonType":"object","isObject":true,"model":"PolicyAccountLink"},{"propertyName":"maxClockSkew","commonType":"integer"},{"$ref":"#/definitions/Provisioning","propertyName":"provisioning","commonType":"object","isObject":true,"model":"Provisioning"},{"$ref":"#/definitions/PolicySubject","propertyName":"subject","commonType":"object","isObject":true,"model":"PolicySubject"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"IDP_DISCOVERY"}},{"modelName":"IdentityProviderPolicyRuleCondition","properties":[{"propertyName":"idpIds","commonType":"array","isArray":true,"model":"string"},{"enum":["ANY","OKTA","SPECIFIC_IDP"],"propertyName":"provider","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"IdpPolicyRuleAction","properties":[{"propertyName":"providers","commonType":"array","isArray":true,"model":"IdpPolicyRuleActionProvider"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"IdpPolicyRuleActionProvider","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"IframeEmbedScopeAllowedApps","enum":["OKTA_ENDUSER"],"tags":["Role"]},{"modelName":"ImageUploadResponse","properties":[{"readOnly":true,"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Brand"],"isExtensible":false},{"modelName":"InactivityPolicyRuleCondition","properties":[{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"InlineHook","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/InlineHookChannel","propertyName":"channel","commonType":"object","isObject":true,"model":"InlineHookChannel"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/InlineHookStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"InlineHookStatus"},{"$ref":"#/definitions/InlineHookType","propertyName":"type","commonType":"enum","isEnum":true,"model":"InlineHookType"},{"propertyName":"version","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"activateInlineHook","description":"Activates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"}},{"alias":"deactivate","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deactivateInlineHook","description":"Deactivates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"}},{"alias":"execute","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}/execute","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"executeInlineHook","description":"Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHookResponse"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"payloadData","required":true,"schema":{"$ref":"#/definitions/InlineHookPayload"}}],"bodyModel":"InlineHookPayload","formData":[],"responseModel":"InlineHookResponse"}}],"crud":[{"alias":"create","arguments":[{"dest":"inlineHook","self":true}],"operation":{"path":"/api/v1/inlineHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createInlineHook","description":"Success","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"getInlineHook","description":"Gets an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"}},{"alias":"update","arguments":[{"dest":"inlineHookId","src":"id"},{"dest":"inlineHook","self":true}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"updateInlineHook","description":"Updates an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"}},{"alias":"delete","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deleteInlineHook","description":"Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[]}}],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookChannel","properties":[{"$ref":"#/definitions/InlineHookChannelConfig","readOnly":false,"propertyName":"config","commonType":"object","isObject":true,"model":"InlineHookChannelConfig"},{"enum":["HTTP"],"readOnly":false,"propertyName":"type","commonType":"string"},{"readOnly":false,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookChannelConfig","properties":[{"$ref":"#/definitions/InlineHookChannelConfigAuthScheme","propertyName":"authScheme","commonType":"object","isObject":true,"model":"InlineHookChannelConfigAuthScheme"},{"propertyName":"headers","commonType":"array","isArray":true,"model":"InlineHookChannelConfigHeaders"},{"propertyName":"method","commonType":"string"},{"propertyName":"uri","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookChannelConfigAuthScheme","properties":[{"propertyName":"key","commonType":"string"},{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookChannelConfigHeaders","properties":[{"propertyName":"key","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookPayload","properties":[],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":true},{"modelName":"InlineHookResponse","properties":[{"propertyName":"commands","commonType":"array","isArray":true,"model":"InlineHookResponseCommands"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookResponseCommandValue","properties":[{"propertyName":"op","commonType":"string"},{"propertyName":"path","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookResponseCommands","properties":[{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"array","isArray":true,"model":"InlineHookResponseCommandValue"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false},{"modelName":"InlineHookStatus","enum":["ACTIVE","INACTIVE"],"tags":["InlineHook"]},{"modelName":"InlineHookType","enum":["com.okta.oauth2.tokens.transform","com.okta.import.transform","com.okta.saml.tokens.transform","com.okta.user.pre-registration","com.okta.user.credential.password.import"],"tags":["InlineHook"]},{"modelName":"IonField","properties":[{"$ref":"#/definitions/IonForm","propertyName":"form","commonType":"object","isObject":true,"model":"IonForm"},{"propertyName":"label","commonType":"string"},{"propertyName":"mutable","commonType":"boolean"},{"propertyName":"name","commonType":"string"},{"propertyName":"required","commonType":"boolean"},{"propertyName":"secret","commonType":"boolean"},{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"visible","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Ion"],"isExtensible":false},{"modelName":"IonForm","properties":[{"propertyName":"accepts","commonType":"string"},{"propertyName":"href","commonType":"string"},{"propertyName":"method","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"produces","commonType":"string"},{"propertyName":"refresh","commonType":"integer"},{"propertyName":"rel","commonType":"array","isArray":true,"model":"string"},{"propertyName":"relatesTo","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"value","commonType":"array","isArray":true,"model":"IonField"}],"methods":[],"crud":[],"tags":["Ion"],"isExtensible":false},{"modelName":"JsonWebKey","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":false,"propertyName":"alg","commonType":"string"},{"readOnly":false,"propertyName":"created","commonType":"dateTime"},{"readOnly":false,"propertyName":"e","commonType":"string"},{"readOnly":false,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":false,"propertyName":"key_ops","commonType":"array","isArray":true,"model":"string"},{"readOnly":false,"propertyName":"kid","commonType":"string"},{"readOnly":false,"propertyName":"kty","commonType":"string"},{"readOnly":false,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":false,"propertyName":"n","commonType":"string"},{"readOnly":false,"propertyName":"status","commonType":"string"},{"readOnly":false,"propertyName":"use","commonType":"string"},{"readOnly":false,"propertyName":"x5c","commonType":"array","isArray":true,"model":"string"},{"readOnly":false,"propertyName":"x5t","commonType":"string"},{"readOnly":false,"propertyName":"x5t#S256","commonType":"string"},{"readOnly":false,"propertyName":"x5u","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"JwkUse","properties":[{"enum":["sig"],"propertyName":"use","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"KnowledgeConstraint","properties":[],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"AccessPolicyConstraint","parent":{"modelName":"AccessPolicyConstraint","properties":[{"propertyName":"methods","commonType":"array","isArray":true,"model":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"LifecycleCreateSettingObject","properties":[{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"LifecycleDeactivateSettingObject","properties":[{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"LifecycleExpirationPolicyRuleCondition","properties":[{"propertyName":"lifecycleStatus","commonType":"string"},{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"LinkedObject","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/LinkedObjectDetails","propertyName":"associated","commonType":"object","isObject":true,"model":"LinkedObjectDetails"},{"$ref":"#/definitions/LinkedObjectDetails","propertyName":"primary","commonType":"object","isObject":true,"model":"LinkedObjectDetails"}],"methods":[],"crud":[{"alias":"create","arguments":[{"dest":"linkedObjectDefinition","self":true}],"operation":{"path":"/api/v1/meta/schemas/user/linkedObjects","method":"post","queryParams":[],"pathParams":[],"operationId":"addLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"body","name":"linkedObject","required":true,"schema":{"$ref":"#/definitions/LinkedObject"}}],"bodyModel":"LinkedObject","formData":[],"responseModel":"LinkedObject"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"getLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[],"responseModel":"LinkedObject"}},{"alias":"delete","arguments":[{"dest":"linkedObjectName","self":true}],"operation":{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"deleteLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[]}}],"tags":["LinkedObject"],"isExtensible":false},{"modelName":"LinkedObjectDetails","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"title","commonType":"string"},{"$ref":"#/definitions/LinkedObjectDetailsType","propertyName":"type","commonType":"enum","isEnum":true,"model":"LinkedObjectDetailsType"}],"methods":[],"crud":[],"tags":["LinkedObject"],"isExtensible":false},{"modelName":"LinkedObjectDetailsType","enum":["USER"],"tags":["LinkedObject"]},{"modelName":"LogActor","properties":[{"readOnly":true,"propertyName":"alternateId","commonType":"string"},{"readOnly":true,"propertyName":"detail","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"displayName","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogAuthenticationContext","properties":[{"$ref":"#/definitions/LogAuthenticationProvider","readOnly":true,"propertyName":"authenticationProvider","commonType":"enum","isEnum":true,"model":"LogAuthenticationProvider"},{"readOnly":true,"propertyName":"authenticationStep","commonType":"integer"},{"$ref":"#/definitions/LogCredentialProvider","propertyName":"credentialProvider","commonType":"enum","isEnum":true,"model":"LogCredentialProvider"},{"$ref":"#/definitions/LogCredentialType","propertyName":"credentialType","commonType":"enum","isEnum":true,"model":"LogCredentialType"},{"readOnly":true,"propertyName":"externalSessionId","commonType":"string"},{"readOnly":true,"propertyName":"interface","commonType":"string"},{"$ref":"#/definitions/LogIssuer","readOnly":true,"propertyName":"issuer","commonType":"object","isObject":true,"model":"LogIssuer"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogAuthenticationProvider","enum":["OKTA_AUTHENTICATION_PROVIDER","ACTIVE_DIRECTORY","LDAP","FEDERATION","SOCIAL","FACTOR_PROVIDER"],"tags":["Log"]},{"modelName":"LogClient","properties":[{"readOnly":true,"propertyName":"device","commonType":"string"},{"$ref":"#/definitions/LogGeographicalContext","readOnly":true,"propertyName":"geographicalContext","commonType":"object","isObject":true,"model":"LogGeographicalContext"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"ipAddress","commonType":"string"},{"$ref":"#/definitions/LogUserAgent","readOnly":true,"propertyName":"userAgent","commonType":"object","isObject":true,"model":"LogUserAgent"},{"readOnly":true,"propertyName":"zone","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogCredentialProvider","enum":["OKTA_AUTHENTICATION_PROVIDER","OKTA_CREDENTIAL_PROVIDER","RSA","SYMANTEC","GOOGLE","DUO","YUBIKEY","APPLE"],"tags":["Log"]},{"modelName":"LogCredentialType","enum":["OTP","SMS","PASSWORD","ASSERTION","IWA","EMAIL","OAUTH2","JWT"],"tags":["Log"]},{"modelName":"LogDebugContext","properties":[{"readOnly":true,"propertyName":"debugData","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogEvent","properties":[{"$ref":"#/definitions/LogActor","readOnly":true,"propertyName":"actor","commonType":"object","isObject":true,"model":"LogActor"},{"$ref":"#/definitions/LogAuthenticationContext","readOnly":true,"propertyName":"authenticationContext","commonType":"object","isObject":true,"model":"LogAuthenticationContext"},{"$ref":"#/definitions/LogClient","readOnly":true,"propertyName":"client","commonType":"object","isObject":true,"model":"LogClient"},{"$ref":"#/definitions/LogDebugContext","readOnly":true,"propertyName":"debugContext","commonType":"object","isObject":true,"model":"LogDebugContext"},{"readOnly":true,"propertyName":"displayMessage","commonType":"string"},{"readOnly":true,"propertyName":"eventType","commonType":"string"},{"readOnly":true,"propertyName":"legacyEventType","commonType":"string"},{"$ref":"#/definitions/LogOutcome","readOnly":true,"propertyName":"outcome","commonType":"object","isObject":true,"model":"LogOutcome"},{"readOnly":true,"propertyName":"published","commonType":"dateTime"},{"$ref":"#/definitions/LogRequest","readOnly":true,"propertyName":"request","commonType":"object","isObject":true,"model":"LogRequest"},{"$ref":"#/definitions/LogSecurityContext","readOnly":true,"propertyName":"securityContext","commonType":"object","isObject":true,"model":"LogSecurityContext"},{"$ref":"#/definitions/LogSeverity","readOnly":true,"propertyName":"severity","commonType":"enum","isEnum":true,"model":"LogSeverity"},{"readOnly":true,"propertyName":"target","commonType":"array","isArray":true,"model":"LogTarget"},{"$ref":"#/definitions/LogTransaction","readOnly":true,"propertyName":"transaction","commonType":"object","isObject":true,"model":"LogTransaction"},{"readOnly":true,"propertyName":"uuid","commonType":"string"},{"readOnly":true,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogGeographicalContext","properties":[{"readOnly":true,"propertyName":"city","commonType":"string"},{"readOnly":true,"propertyName":"country","commonType":"string"},{"$ref":"#/definitions/LogGeolocation","readOnly":true,"propertyName":"geolocation","commonType":"object","isObject":true,"model":"LogGeolocation"},{"readOnly":true,"propertyName":"postalCode","commonType":"string"},{"readOnly":true,"propertyName":"state","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogGeolocation","properties":[{"readOnly":true,"propertyName":"lat","commonType":"double"},{"readOnly":true,"propertyName":"lon","commonType":"double"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogIpAddress","properties":[{"$ref":"#/definitions/LogGeographicalContext","readOnly":true,"propertyName":"geographicalContext","commonType":"object","isObject":true,"model":"LogGeographicalContext"},{"readOnly":true,"propertyName":"ip","commonType":"string"},{"readOnly":true,"propertyName":"source","commonType":"string"},{"readOnly":true,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogIssuer","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogOutcome","properties":[{"readOnly":true,"propertyName":"reason","commonType":"string"},{"readOnly":true,"propertyName":"result","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogRequest","properties":[{"readOnly":true,"propertyName":"ipChain","commonType":"array","isArray":true,"model":"LogIpAddress"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogSecurityContext","properties":[{"readOnly":true,"propertyName":"asNumber","commonType":"integer"},{"readOnly":true,"propertyName":"asOrg","commonType":"string"},{"readOnly":true,"propertyName":"domain","commonType":"string"},{"readOnly":true,"propertyName":"isProxy","commonType":"boolean"},{"readOnly":true,"propertyName":"isp","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogSeverity","enum":["DEBUG","INFO","WARN","ERROR"],"tags":["Log"]},{"modelName":"LogTarget","properties":[{"readOnly":true,"propertyName":"alternateId","commonType":"string"},{"readOnly":true,"propertyName":"detailEntry","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"displayName","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogTransaction","properties":[{"readOnly":true,"propertyName":"detail","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"LogUserAgent","properties":[{"readOnly":true,"propertyName":"browser","commonType":"string"},{"readOnly":true,"propertyName":"os","commonType":"string"},{"readOnly":true,"propertyName":"rawUserAgent","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false},{"modelName":"MDMEnrollmentPolicyRuleCondition","properties":[{"propertyName":"blockNonSafeAndroid","commonType":"boolean"},{"enum":["OMM","ANY_OR_NONE"],"propertyName":"enrollment","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"MultifactorEnrollmentPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"MFA_ENROLL"}},{"modelName":"MultifactorEnrollmentPolicyAuthenticatorSettings","properties":[{"minimum":0,"properties":{"aaguidGroups":{"items":{"type":"string","uniqueItems":true},"type":"array"}},"x-okta-lifecycle":{"features":["WEBAUTHN_MDS_CATALOG_BASED_AAGUID_ALLOWLIST"]},"propertyName":"constraints","commonType":"object","isObject":true},{"properties":{"self":{"$ref":"#/definitions/MultifactorEnrollmentPolicyAuthenticatorStatus"}},"propertyName":"enroll","commonType":"object","isObject":true},{"$ref":"#/definitions/MultifactorEnrollmentPolicyAuthenticatorType","propertyName":"key","commonType":"enum","isEnum":true,"model":"MultifactorEnrollmentPolicyAuthenticatorType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"MultifactorEnrollmentPolicyAuthenticatorStatus","enum":["NOT_ALLOWED","OPTIONAL","REQUIRED"],"tags":["Policy"]},{"modelName":"MultifactorEnrollmentPolicyAuthenticatorType","enum":["custom_app","custom_otp","duo","external_idp","google_otp","okta_email","okta_password","okta_verify","onprem_mfa","phone_number","rsa_token","security_question","symantec_vip","webauthn","yubikey_token"],"tags":["Policy"]},{"modelName":"MultifactorEnrollmentPolicySettings","properties":[{"propertyName":"authenticators","commonType":"array","isArray":true,"model":"MultifactorEnrollmentPolicyAuthenticatorSettings"},{"$ref":"#/definitions/MultifactorEnrollmentPolicySettingsType","propertyName":"type","commonType":"enum","isEnum":true,"model":"MultifactorEnrollmentPolicySettingsType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"MultifactorEnrollmentPolicySettingsType","enum":["AUTHENTICATORS"],"tags":["Policy"]},{"modelName":"NetworkZone","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"asns","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"gateways","commonType":"array","isArray":true,"model":"NetworkZoneAddress"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"locations","commonType":"array","isArray":true,"model":"NetworkZoneLocation"},{"propertyName":"name","commonType":"string"},{"propertyName":"proxies","commonType":"array","isArray":true,"model":"NetworkZoneAddress"},{"propertyName":"proxyType","commonType":"string"},{"$ref":"#/definitions/NetworkZoneStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"NetworkZoneStatus"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/NetworkZoneType","propertyName":"type","commonType":"enum","isEnum":true,"model":"NetworkZoneType"},{"$ref":"#/definitions/NetworkZoneUsage","propertyName":"usage","commonType":"enum","isEnum":true,"model":"NetworkZoneUsage"}],"methods":[{"alias":"activate","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"activateNetworkZone","description":"Activate Network Zone","summary":"Activate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}},{"alias":"deactivate","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deactivateNetworkZone","description":"Deactivates a network zone.","summary":"Deactivate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}}],"crud":[{"alias":"read","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"getNetworkZone","description":"Fetches a network zone from your Okta organization by `id`.","summary":"Get Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}},{"alias":"update","arguments":[{"dest":"zoneId","src":"id"},{"dest":"zone","self":true}],"operation":{"path":"/api/v1/zones/{zoneId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"updateNetworkZone","description":"Updates a network zone in your organization.","summary":"Update Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"},{"in":"body","name":"zone","required":true,"schema":{"$ref":"#/definitions/NetworkZone"}}],"bodyModel":"NetworkZone","formData":[],"responseModel":"NetworkZone"}},{"alias":"delete","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deleteNetworkZone","description":"Removes network zone.","summary":"Delete Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[]}}],"tags":["NetworkZone"],"isExtensible":false},{"modelName":"NetworkZoneAddress","properties":[{"$ref":"#/definitions/NetworkZoneAddressType","propertyName":"type","commonType":"enum","isEnum":true,"model":"NetworkZoneAddressType"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["NetworkZone"],"isExtensible":false},{"modelName":"NetworkZoneAddressType","enum":["CIDR","RANGE"],"tags":["NetworkZone"]},{"modelName":"NetworkZoneLocation","properties":[{"propertyName":"country","commonType":"string"},{"propertyName":"region","commonType":"string"}],"methods":[],"crud":[],"tags":["NetworkZone"],"isExtensible":false},{"modelName":"NetworkZoneStatus","enum":["ACTIVE","INACTIVE"],"tags":["NetworkZone"]},{"modelName":"NetworkZoneType","enum":["IP","DYNAMIC"],"tags":["NetworkZone"]},{"modelName":"NetworkZoneUsage","enum":["POLICY","BLOCKLIST"],"tags":["NetworkZone"]},{"modelName":"NotificationType","enum":["CONNECTOR_AGENT","USER_LOCKED_OUT","APP_IMPORT","LDAP_AGENT","AD_AGENT","OKTA_ANNOUNCEMENT","OKTA_ISSUE","OKTA_UPDATE","IWA_AGENT","USER_DEPROVISION","REPORT_SUSPICIOUS_ACTIVITY","RATELIMIT_NOTIFICATION"],"tags":["Subscription"]},{"modelName":"OAuth2Actor","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2Claim","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"alwaysIncludeInToken","commonType":"boolean"},{"enum":["IDENTITY","RESOURCE"],"propertyName":"claimType","commonType":"string"},{"$ref":"#/definitions/OAuth2ClaimConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"OAuth2ClaimConditions"},{"enum":["STARTS_WITH","EQUALS","CONTAINS","REGEX"],"propertyName":"group_filter_type","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"name","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"propertyName":"value","commonType":"string"},{"enum":["EXPRESSION","GROUPS","SYSTEM"],"propertyName":"valueType","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2ClaimConditions","properties":[{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2Client","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"client_id","commonType":"string"},{"readOnly":true,"propertyName":"client_name","commonType":"string"},{"readOnly":true,"propertyName":"client_uri","commonType":"string"},{"readOnly":true,"propertyName":"logo_uri","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2RefreshToken","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"clientId","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/OAuth2Actor","propertyName":"createdBy","commonType":"object","isObject":true,"model":"OAuth2Actor"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"enum":["ACTIVE","REVOKED"],"propertyName":"status","commonType":"string"},{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2Scope","properties":[{"enum":["REQUIRED","IMPLICIT","ADMIN"],"propertyName":"consent","commonType":"string"},{"propertyName":"default","commonType":"boolean"},{"propertyName":"description","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"enum":["ALL_CLIENTS","NO_CLIENTS"],"propertyName":"metadataPublish","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"system","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2ScopeConsentGrant","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"clientId","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/OAuth2Actor","propertyName":"createdBy","commonType":"object","isObject":true,"model":"OAuth2Actor"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"scopeId","commonType":"string"},{"$ref":"#/definitions/OAuth2ScopeConsentGrantSource","propertyName":"source","commonType":"enum","isEnum":true,"model":"OAuth2ScopeConsentGrantSource"},{"$ref":"#/definitions/OAuth2ScopeConsentGrantStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"OAuth2ScopeConsentGrantStatus"},{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2ScopeConsentGrantSource","enum":["END_USER","ADMIN"],"tags":["Application"]},{"modelName":"OAuth2ScopeConsentGrantStatus","enum":["ACTIVE","REVOKED"],"tags":["Application"]},{"modelName":"OAuth2ScopesMediationPolicyRuleCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuth2Token","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"clientId","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"enum":["ACTIVE","REVOKED"],"propertyName":"status","commonType":"string"},{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OAuthApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsOAuthClient","propertyName":"oauthClient","commonType":"object","isObject":true,"model":"ApplicationCredentialsOAuthClient"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationCredentials","parent":{"modelName":"ApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"$ref":"#/definitions/ApplicationCredentialsUsernameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"ApplicationCredentialsUsernameTemplate"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"OAuthAuthorizationPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"OAUTH_AUTHORIZATION_POLICY"}},{"modelName":"OAuthEndpointAuthenticationMethod","enum":["none","client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"],"tags":["Application"]},{"modelName":"OAuthGrantType","enum":["authorization_code","implicit","password","refresh_token","client_credentials","saml2_bearer","device_code","token_exchange","interaction_code"],"tags":["Application"]},{"modelName":"OAuthResponseType","enum":["code","token","id_token"],"tags":["Application"]},{"modelName":"OktaSignOnPolicy","properties":[{"$ref":"#/definitions/OktaSignOnPolicyConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"OktaSignOnPolicyConditions"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"OKTA_SIGN_ON"}},{"modelName":"OktaSignOnPolicyConditions","properties":[{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"OktaSignOnPolicyRule","properties":[{"$ref":"#/definitions/OktaSignOnPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleActions"},{"$ref":"#/definitions/OktaSignOnPolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleConditions"},{"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"SIGN_ON"}},{"modelName":"OktaSignOnPolicyRuleActions","properties":[{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"OktaSignOnPolicyRuleConditions","properties":[{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"OktaSignOnPolicyRuleSignonActions","properties":[{"enum":["ALLOW","DENY"],"propertyName":"access","commonType":"string"},{"propertyName":"factorLifetime","commonType":"integer"},{"enum":["ALWAYS","DEVICE","SESSION"],"propertyName":"factorPromptMode","commonType":"string"},{"default":false,"propertyName":"rememberDeviceByDefault","commonType":"boolean"},{"default":false,"propertyName":"requireFactor","commonType":"boolean"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonSessionActions","propertyName":"session","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonSessionActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"OktaSignOnPolicyRuleSignonSessionActions","properties":[{"default":120,"propertyName":"maxSessionIdleMinutes","commonType":"integer"},{"default":0,"propertyName":"maxSessionLifetimeMinutes","commonType":"integer"},{"default":false,"propertyName":"usePersistentCookie","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"OpenIdConnectApplication","properties":[{"$ref":"#/definitions/OAuthApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"OAuthApplicationCredentials"},{"default":"oidc_client","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/OpenIdConnectApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"OPENID_CONNECT"}},{"modelName":"OpenIdConnectApplicationConsentMethod","enum":["REQUIRED","TRUSTED"],"tags":["Application"]},{"modelName":"OpenIdConnectApplicationIdpInitiatedLogin","properties":[{"propertyName":"default_scope","commonType":"array","isArray":true,"model":"string"},{"propertyName":"mode","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OpenIdConnectApplicationIssuerMode","enum":["CUSTOM_URL","ORG_URL","DYNAMIC"],"tags":["Application"]},{"modelName":"OpenIdConnectApplicationSettings","properties":[{"$ref":"#/definitions/OpenIdConnectApplicationSettingsClient","propertyName":"oauthClient","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettingsClient"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"OpenIdConnectApplicationSettingsClient","properties":[{"$ref":"#/definitions/OpenIdConnectApplicationType","propertyName":"application_type","commonType":"enum","isEnum":true,"model":"OpenIdConnectApplicationType"},{"propertyName":"client_uri","commonType":"string"},{"$ref":"#/definitions/OpenIdConnectApplicationConsentMethod","propertyName":"consent_method","commonType":"enum","isEnum":true,"model":"OpenIdConnectApplicationConsentMethod"},{"propertyName":"grant_types","commonType":"array","isArray":true,"model":"OAuthGrantType"},{"$ref":"#/definitions/OpenIdConnectApplicationIdpInitiatedLogin","propertyName":"idp_initiated_login","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationIdpInitiatedLogin"},{"propertyName":"initiate_login_uri","commonType":"string"},{"$ref":"#/definitions/OpenIdConnectApplicationIssuerMode","propertyName":"issuer_mode","commonType":"enum","isEnum":true,"model":"OpenIdConnectApplicationIssuerMode"},{"$ref":"#/definitions/OpenIdConnectApplicationSettingsClientKeys","propertyName":"jwks","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettingsClientKeys"},{"propertyName":"logo_uri","commonType":"string"},{"propertyName":"policy_uri","commonType":"string"},{"propertyName":"post_logout_redirect_uris","commonType":"array","isArray":true,"model":"string"},{"propertyName":"redirect_uris","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/OpenIdConnectApplicationSettingsRefreshToken","propertyName":"refresh_token","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettingsRefreshToken"},{"propertyName":"response_types","commonType":"array","isArray":true,"model":"OAuthResponseType"},{"propertyName":"tos_uri","commonType":"string"},{"propertyName":"wildcard_redirect","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OpenIdConnectApplicationSettingsClientKeys","properties":[{"propertyName":"keys","commonType":"array","isArray":true,"model":"JsonWebKey"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OpenIdConnectApplicationSettingsRefreshToken","properties":[{"propertyName":"leeway","commonType":"integer"},{"$ref":"#/definitions/OpenIdConnectRefreshTokenRotationType","propertyName":"rotation_type","commonType":"enum","isEnum":true,"model":"OpenIdConnectRefreshTokenRotationType"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"OpenIdConnectApplicationType","enum":["web","native","browser","service"],"tags":["Application"]},{"modelName":"OpenIdConnectRefreshTokenRotationType","enum":["rotate","static"],"tags":["Application"]},{"modelName":"Org2OrgApplication","properties":[{"default":"okta_org2org","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/Org2OrgApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"Org2OrgApplicationSettings"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"SamlApplication","parent":{"modelName":"SamlApplication","properties":[{"$ref":"#/definitions/SamlApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SamlApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"okta_org2org":"Org2OrgApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"SAML_2_0"}},"resolution":{"fieldName":"name","fieldValue":"okta_org2org"}},{"modelName":"Org2OrgApplicationSettings","properties":[{"$ref":"#/definitions/Org2OrgApplicationSettingsApp","propertyName":"app","commonType":"object","isObject":true,"model":"Org2OrgApplicationSettingsApp"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"SamlApplicationSettings","parent":{"modelName":"SamlApplicationSettings","properties":[{"$ref":"#/definitions/SamlApplicationSettingsSignOn","propertyName":"signOn","commonType":"object","isObject":true,"model":"SamlApplicationSettingsSignOn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"modelName":"Org2OrgApplicationSettingsApp","properties":[{"propertyName":"acsUrl","commonType":"string"},{"propertyName":"audRestriction","commonType":"string"},{"propertyName":"baseUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"OrgContactType","enum":["BILLING","TECHNICAL"],"tags":["Org"]},{"modelName":"OrgContactTypeObj","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"$ref":"#/definitions/OrgContactType","propertyName":"contactType","commonType":"enum","isEnum":true,"model":"OrgContactType"}],"methods":[],"crud":[],"tags":["Org"],"isExtensible":false},{"modelName":"OrgContactUser","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"userId","commonType":"string"}],"methods":[{"alias":"updateContactUser","arguments":[{"dest":"userId","src":"userId"}],"operation":{"path":"/api/v1/org/contacts/{contactType}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"updateOrgContactUser","description":"Updates the User associated with the specified Contact Type.","summary":"Update org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"},{"in":"body","name":"userId","required":true,"schema":{"$ref":"#/definitions/UserIdString"}}],"bodyModel":"UserIdString","formData":[],"responseModel":"OrgContactUser"}}],"crud":[],"tags":["Org"],"isExtensible":false},{"modelName":"OrgOktaCommunicationSetting","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"readOnly":true,"propertyName":"optOutEmailUsers","commonType":"boolean"}],"methods":[{"alias":"optInUsersToOktaCommunicationEmails","operation":{"path":"/api/v1/org/privacy/oktaCommunication/optIn","method":"post","queryParams":[],"pathParams":[],"operationId":"optInUsersToOktaCommunicationEmails","description":"Opts in all users of this org to Okta Communication emails.","summary":"Opt in all users to Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"}},{"alias":"optOutUsersFromOktaCommunicationEmails","operation":{"path":"/api/v1/org/privacy/oktaCommunication/optOut","method":"post","queryParams":[],"pathParams":[],"operationId":"optOutUsersFromOktaCommunicationEmails","description":"Opts out all users of this org from Okta Communication emails.","summary":"Opt out all users from Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"}}],"crud":[],"tags":["Org"],"isExtensible":false},{"modelName":"OrgOktaSupportSetting","enum":["DISABLED","ENABLED"],"tags":["Org"]},{"modelName":"OrgOktaSupportSettingsObj","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"readOnly":true,"propertyName":"expiration","commonType":"dateTime"},{"$ref":"#/definitions/OrgOktaSupportSetting","readOnly":true,"propertyName":"support","commonType":"enum","isEnum":true,"model":"OrgOktaSupportSetting"}],"methods":[{"alias":"extendOktaSupport","operation":{"path":"/api/v1/org/privacy/oktaSupport/extend","method":"post","queryParams":[],"pathParams":[],"operationId":"extendOktaSupport","description":"Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}},{"alias":"grantOktaSupport","operation":{"path":"/api/v1/org/privacy/oktaSupport/grant","method":"post","queryParams":[],"pathParams":[],"operationId":"grantOktaSupport","description":"Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.","summary":"Grant Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}},{"alias":"revokeOktaSupport","operation":{"path":"/api/v1/org/privacy/oktaSupport/revoke","method":"post","queryParams":[],"pathParams":[],"operationId":"revokeOktaSupport","description":"Revokes Okta Support access to your organization.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}}],"crud":[],"tags":["Org"],"isExtensible":false},{"modelName":"OrgPreferences","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"readOnly":true,"propertyName":"showEndUserFooter","commonType":"boolean"}],"methods":[{"alias":"hideEndUserFooter","operation":{"path":"/api/v1/org/preferences/hideEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"hideOktaUIFooter","description":"Hide the Okta UI footer for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"showEndUserFooter","operation":{"path":"/api/v1/org/preferences/showEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"showOktaUIFooter","description":"Makes the Okta UI footer visible for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}}],"crud":[],"tags":["Org"],"isExtensible":false},{"modelName":"OrgSetting","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"propertyName":"address1","commonType":"string"},{"propertyName":"address2","commonType":"string"},{"propertyName":"city","commonType":"string"},{"propertyName":"companyName","commonType":"string"},{"propertyName":"country","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"endUserSupportHelpURL","commonType":"string"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"phoneNumber","commonType":"string"},{"propertyName":"postalCode","commonType":"string"},{"propertyName":"state","commonType":"string"},{"readOnly":true,"propertyName":"status","commonType":"string"},{"readOnly":true,"propertyName":"subdomain","commonType":"string"},{"propertyName":"supportPhoneNumber","commonType":"string"},{"propertyName":"website","commonType":"string"}],"methods":[{"alias":"partialUpdate","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org","method":"post","queryParams":[],"pathParams":[],"operationId":"partialUpdateOrgSetting","description":"Partial update settings of your organization.","summary":"Partial update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"}},{"alias":"getContactTypes","operation":{"path":"/api/v1/org/contacts","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgContactTypes","description":"Gets Contact Types of your organization.","summary":"Get org contact types","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OrgContactTypeObj"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"OrgContactTypeObj","isArray":true}},{"alias":"getOrgContactUser","operation":{"path":"/api/v1/org/contacts/{contactType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"getOrgContactUser","description":"Retrieves the URL of the User associated with the specified Contact Type.","summary":"Get org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"}],"formData":[],"responseModel":"OrgContactUser"}},{"alias":"getSupportSettings","operation":{"path":"/api/v1/org/privacy/oktaSupport","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgOktaSupportSettings","description":"Gets Okta Support Settings of your organization.","summary":"Get Okta Support settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}},{"alias":"communicationSettings","operation":{"path":"/api/v1/org/privacy/oktaCommunication","method":"get","queryParams":[],"pathParams":[],"operationId":"getOktaCommunicationSettings","description":"Gets Okta Communication Settings of your organization.","summary":"Get Okta Communication Settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"}},{"alias":"orgPreferences","operation":{"path":"/api/v1/org/preferences","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgPreferences","description":"Gets preferences of your organization.","summary":"Get org preferences","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"showFooter","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org/preferences/showEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"showOktaUIFooter","description":"Makes the Okta UI footer visible for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"hideFooter","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org/preferences/hideEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"hideOktaUIFooter","description":"Hide the Okta UI footer for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"updateOrgLogo","operation":{"path":"/api/v1/org/logo","method":"post","queryParams":[],"pathParams":[],"operationId":"updateOrgLogo","description":"Updates the logo for your organization.","summary":"Update org logo","tags":["Org"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"}},"parameters":[{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}}],"crud":[{"alias":"read","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgSettings","description":"Get settings of your organization.","summary":"Get org settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgSetting"}},{"alias":"update","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org","method":"put","queryParams":[],"pathParams":[],"operationId":"updateOrgSetting","description":"Update settings of your organization.","summary":"Update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"}}],"tags":["Org"],"isExtensible":false},{"modelName":"PasswordCredential","properties":[{"$ref":"#/definitions/PasswordCredentialHash","propertyName":"hash","commonType":"object","isObject":true,"model":"PasswordCredentialHash"},{"$ref":"#/definitions/PasswordCredentialHook","propertyName":"hook","commonType":"object","isObject":true,"model":"PasswordCredentialHook"},{"propertyName":"value","commonType":"password"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"PasswordCredentialHash","properties":[{"$ref":"#/definitions/PasswordCredentialHashAlgorithm","propertyName":"algorithm","commonType":"enum","isEnum":true,"model":"PasswordCredentialHashAlgorithm"},{"propertyName":"salt","commonType":"string"},{"propertyName":"saltOrder","commonType":"string"},{"propertyName":"value","commonType":"string"},{"propertyName":"workFactor","commonType":"integer"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"PasswordCredentialHashAlgorithm","enum":["BCRYPT","SHA-512","SHA-256","SHA-1","MD5"],"tags":["User"]},{"modelName":"PasswordCredentialHook","properties":[{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"PasswordDictionary","properties":[{"$ref":"#/definitions/PasswordDictionaryCommon","propertyName":"common","commonType":"object","isObject":true,"model":"PasswordDictionaryCommon"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordDictionaryCommon","properties":[{"default":false,"propertyName":"exclude","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordExpirationPolicyRuleCondition","properties":[{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicy","properties":[{"$ref":"#/definitions/PasswordPolicyConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PasswordPolicyConditions"},{"$ref":"#/definitions/PasswordPolicySettings","propertyName":"settings","commonType":"object","isObject":true,"model":"PasswordPolicySettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"PASSWORD"}},{"modelName":"PasswordPolicyAuthenticationProviderCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"},{"enum":["ACTIVE_DIRECTORY","ANY","LDAP","OKTA"],"propertyName":"provider","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyConditions","properties":[{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"PasswordPolicyDelegationSettings","properties":[{"$ref":"#/definitions/PasswordPolicyDelegationSettingsOptions","propertyName":"options","commonType":"object","isObject":true,"model":"PasswordPolicyDelegationSettingsOptions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyDelegationSettingsOptions","properties":[{"propertyName":"skipUnlock","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyPasswordSettings","properties":[{"$ref":"#/definitions/PasswordPolicyPasswordSettingsAge","propertyName":"age","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettingsAge"},{"$ref":"#/definitions/PasswordPolicyPasswordSettingsComplexity","propertyName":"complexity","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettingsComplexity"},{"$ref":"#/definitions/PasswordPolicyPasswordSettingsLockout","propertyName":"lockout","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettingsLockout"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyPasswordSettingsAge","properties":[{"default":0,"propertyName":"expireWarnDays","commonType":"integer"},{"default":0,"propertyName":"historyCount","commonType":"integer"},{"default":0,"propertyName":"maxAgeDays","commonType":"integer"},{"default":0,"propertyName":"minAgeMinutes","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyPasswordSettingsComplexity","properties":[{"$ref":"#/definitions/PasswordDictionary","propertyName":"dictionary","commonType":"object","isObject":true,"model":"PasswordDictionary"},{"default":1,"propertyName":"excludeAttributes","commonType":"array","isArray":true,"model":"string"},{"default":true,"propertyName":"excludeUsername","commonType":"boolean"},{"default":8,"propertyName":"minLength","commonType":"integer"},{"default":1,"propertyName":"minLowerCase","commonType":"integer"},{"default":1,"propertyName":"minNumber","commonType":"integer"},{"default":1,"propertyName":"minSymbol","commonType":"integer"},{"default":1,"propertyName":"minUpperCase","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyPasswordSettingsLockout","properties":[{"propertyName":"autoUnlockMinutes","commonType":"integer"},{"propertyName":"maxAttempts","commonType":"integer"},{"propertyName":"showLockoutFailures","commonType":"boolean"},{"propertyName":"userLockoutNotificationChannels","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryEmail","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryEmailProperties","propertyName":"properties","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryEmailProperties"},{"enum":["ACTIVE","INACTIVE"],"readOnly":true,"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryEmailProperties","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryEmailRecoveryToken","propertyName":"recoveryToken","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryEmailRecoveryToken"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryEmailRecoveryToken","properties":[{"default":10080,"propertyName":"tokenLifetimeMinutes","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryFactorSettings","properties":[{"default":"INACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryFactors","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryFactorSettings","propertyName":"okta_call","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryFactorSettings"},{"$ref":"#/definitions/PasswordPolicyRecoveryEmail","propertyName":"okta_email","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryEmail"},{"$ref":"#/definitions/PasswordPolicyRecoveryFactorSettings","propertyName":"okta_sms","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryFactorSettings"},{"$ref":"#/definitions/PasswordPolicyRecoveryQuestion","propertyName":"recovery_question","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryQuestion"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryQuestion","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryQuestionProperties","readOnly":true,"propertyName":"properties","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryQuestionProperties"},{"enum":["ACTIVE","INACTIVE"],"readOnly":true,"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryQuestionComplexity","properties":[{"readOnly":true,"propertyName":"minLength","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoveryQuestionProperties","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryQuestionComplexity","readOnly":true,"propertyName":"complexity","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryQuestionComplexity"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRecoverySettings","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryFactors","propertyName":"factors","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryFactors"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRule","properties":[{"$ref":"#/definitions/PasswordPolicyRuleActions","readOnly":false,"propertyName":"actions","commonType":"object","isObject":true,"model":"PasswordPolicyRuleActions"},{"$ref":"#/definitions/PasswordPolicyRuleConditions","readOnly":false,"propertyName":"conditions","commonType":"object","isObject":true,"model":"PasswordPolicyRuleConditions"},{"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"PASSWORD"}},{"modelName":"PasswordPolicyRuleAction","properties":[{"enum":["ALLOW","DENY"],"readOnly":false,"propertyName":"access","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordPolicyRuleActions","properties":[{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"PasswordPolicyRuleConditions","properties":[{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"PasswordPolicySettings","properties":[{"$ref":"#/definitions/PasswordPolicyDelegationSettings","propertyName":"delegation","commonType":"object","isObject":true,"model":"PasswordPolicyDelegationSettings"},{"$ref":"#/definitions/PasswordPolicyPasswordSettings","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettings"},{"$ref":"#/definitions/PasswordPolicyRecoverySettings","propertyName":"recovery","commonType":"object","isObject":true,"model":"PasswordPolicyRecoverySettings"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PasswordSettingObject","properties":[{"$ref":"#/definitions/ChangeEnum","propertyName":"change","commonType":"enum","isEnum":true,"model":"ChangeEnum"},{"$ref":"#/definitions/SeedEnum","propertyName":"seed","commonType":"enum","isEnum":true,"model":"SeedEnum"},{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"PlatformConditionEvaluatorPlatform","properties":[{"$ref":"#/definitions/PlatformConditionEvaluatorPlatformOperatingSystem","propertyName":"os","commonType":"object","isObject":true,"model":"PlatformConditionEvaluatorPlatformOperatingSystem"},{"enum":["DESKTOP","MOBILE","OTHER","ANY"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PlatformConditionEvaluatorPlatformOperatingSystem","properties":[{"propertyName":"expression","commonType":"string"},{"enum":["ANDROID","IOS","WINDOWS","OSX","OTHER","ANY"],"propertyName":"type","commonType":"string"},{"$ref":"#/definitions/PlatformConditionEvaluatorPlatformOperatingSystemVersion","propertyName":"version","commonType":"object","isObject":true,"model":"PlatformConditionEvaluatorPlatformOperatingSystemVersion"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PlatformConditionEvaluatorPlatformOperatingSystemVersion","properties":[{"enum":["EXPRESSION","SEMVER"],"propertyName":"matchType","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PlatformPolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"PlatformConditionEvaluatorPlatform"},{"propertyName":"include","commonType":"array","isArray":true,"model":"PlatformConditionEvaluatorPlatform"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},{"modelName":"PolicyAccountLink","properties":[{"enum":["AUTO","DISABLED"],"propertyName":"action","commonType":"string"},{"$ref":"#/definitions/PolicyAccountLinkFilter","propertyName":"filter","commonType":"object","isObject":true,"model":"PolicyAccountLinkFilter"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyAccountLinkFilter","properties":[{"$ref":"#/definitions/PolicyAccountLinkFilterGroups","propertyName":"groups","commonType":"object","isObject":true,"model":"PolicyAccountLinkFilterGroups"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyAccountLinkFilterGroups","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyNetworkCondition","properties":[{"enum":["ANYWHERE","ZONE"],"propertyName":"connection","commonType":"string"},{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyPeopleCondition","properties":[{"$ref":"#/definitions/GroupCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupCondition"},{"$ref":"#/definitions/UserCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyRuleActionsEnroll","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnrollSelf","propertyName":"self","commonType":"enum","isEnum":true,"model":"PolicyRuleActionsEnrollSelf"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyRuleActionsEnrollSelf","enum":["CHALLENGE","LOGIN","NEVER"],"tags":["Policy"]},{"modelName":"PolicyRuleAuthContextCondition","properties":[{"enum":["ANY","RADIUS"],"propertyName":"authType","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicySubject","properties":[{"propertyName":"filter","commonType":"string"},{"propertyName":"format","commonType":"array","isArray":true,"model":"string"},{"propertyName":"matchAttribute","commonType":"string"},{"$ref":"#/definitions/PolicySubjectMatchType","propertyName":"matchType","commonType":"enum","isEnum":true,"model":"PolicySubjectMatchType"},{"$ref":"#/definitions/PolicyUserNameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"PolicyUserNameTemplate"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PolicySubjectMatchType","enum":["USERNAME","EMAIL","USERNAME_OR_EMAIL","CUSTOM_ATTRIBUTE"],"tags":["Policy"]},{"modelName":"PolicyType","enum":["OAUTH_AUTHORIZATION_POLICY","OKTA_SIGN_ON","PASSWORD","IDP_DISCOVERY","PROFILE_ENROLLMENT","ACCESS_POLICY","MFA_ENROLL"],"tags":["Policy"]},{"modelName":"PolicyUserNameTemplate","properties":[{"propertyName":"template","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"PossessionConstraint","properties":[{"propertyName":"deviceBound","commonType":"string"},{"propertyName":"hardwareProtection","commonType":"string"},{"propertyName":"phishingResistant","commonType":"string"},{"propertyName":"userPresence","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"AccessPolicyConstraint","parent":{"modelName":"AccessPolicyConstraint","properties":[{"propertyName":"methods","commonType":"array","isArray":true,"model":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"PreRegistrationInlineHook","properties":[{"propertyName":"inlineHookId","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"ProfileEnrollmentPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"PROFILE_ENROLLMENT"}},{"modelName":"ProfileEnrollmentPolicyRule","properties":[{"$ref":"#/definitions/ProfileEnrollmentPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"ProfileEnrollmentPolicyRuleActions"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"PROFILE_ENROLLMENT"}},{"modelName":"ProfileEnrollmentPolicyRuleAction","properties":[{"propertyName":"access","commonType":"string"},{"$ref":"#/definitions/ProfileEnrollmentPolicyRuleActivationRequirement","propertyName":"activationRequirements","commonType":"object","isObject":true,"model":"ProfileEnrollmentPolicyRuleActivationRequirement"},{"propertyName":"preRegistrationInlineHooks","commonType":"array","isArray":true,"model":"PreRegistrationInlineHook"},{"propertyName":"profileAttributes","commonType":"array","isArray":true,"model":"ProfileEnrollmentPolicyRuleProfileAttribute"},{"propertyName":"targetGroupIds","commonType":"array","isArray":true,"model":"string"},{"propertyName":"uiSchemaId","commonType":"string"},{"propertyName":"unknownUserAction","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"ProfileEnrollmentPolicyRuleActions","properties":[{"$ref":"#/definitions/ProfileEnrollmentPolicyRuleAction","propertyName":"profileEnrollment","commonType":"object","isObject":true,"model":"ProfileEnrollmentPolicyRuleAction"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}},{"modelName":"ProfileEnrollmentPolicyRuleActivationRequirement","properties":[{"propertyName":"emailVerification","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"ProfileEnrollmentPolicyRuleProfileAttribute","properties":[{"propertyName":"label","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"required","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"ProfileMapping","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"properties","commonType":"hash","isHash":true,"model":"ProfileMappingProperty"},{"$ref":"#/definitions/ProfileMappingSource","propertyName":"source","commonType":"object","isObject":true,"model":"ProfileMappingSource"},{"$ref":"#/definitions/ProfileMappingSource","propertyName":"target","commonType":"object","isObject":true,"model":"ProfileMappingSource"}],"methods":[],"crud":[{"alias":"read","arguments":[{"dest":"mappingId","src":"id"}],"operation":{"path":"/api/v1/mappings/{mappingId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"getProfileMapping","description":"Fetches a single Profile Mapping referenced by its ID.","summary":"Get Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"formData":[],"responseModel":"ProfileMapping"}},{"alias":"update","arguments":[{"dest":"mappingId","src":"id"}],"operation":{"path":"/api/v1/mappings/{mappingId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"updateProfileMapping","description":"Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.","summary":"Update Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"},{"in":"body","name":"profileMapping","required":true,"schema":{"$ref":"#/definitions/ProfileMapping"}}],"bodyModel":"ProfileMapping","formData":[],"responseModel":"ProfileMapping"}}],"tags":["ProfileMapping"],"isExtensible":false},{"modelName":"ProfileMappingProperty","properties":[{"propertyName":"expression","commonType":"string"},{"$ref":"#/definitions/ProfileMappingPropertyPushStatus","propertyName":"pushStatus","commonType":"enum","isEnum":true,"model":"ProfileMappingPropertyPushStatus"}],"methods":[],"crud":[],"tags":["ProfileMapping"],"isExtensible":false},{"modelName":"ProfileMappingPropertyPushStatus","enum":["PUSH","DONT_PUSH"],"tags":["ProfileMapping"]},{"modelName":"ProfileMappingSource","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["ProfileMapping"],"isExtensible":false},{"modelName":"ProfileSettingObject","properties":[{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"Protocol","properties":[{"$ref":"#/definitions/ProtocolAlgorithms","propertyName":"algorithms","commonType":"object","isObject":true,"model":"ProtocolAlgorithms"},{"$ref":"#/definitions/IdentityProviderCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"IdentityProviderCredentials"},{"$ref":"#/definitions/ProtocolEndpoints","propertyName":"endpoints","commonType":"object","isObject":true,"model":"ProtocolEndpoints"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"issuer","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolRelayState","propertyName":"relayState","commonType":"object","isObject":true,"model":"ProtocolRelayState"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/ProtocolSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ProtocolSettings"},{"enum":["SAML2","OIDC","OAUTH2","MTLS"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProtocolAlgorithmType","properties":[{"$ref":"#/definitions/ProtocolAlgorithmTypeSignature","propertyName":"signature","commonType":"object","isObject":true,"model":"ProtocolAlgorithmTypeSignature"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProtocolAlgorithmTypeSignature","properties":[{"propertyName":"algorithm","commonType":"string"},{"enum":["RESPONSE","TOKEN","ANY","REQUEST","NONE"],"propertyName":"scope","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProtocolAlgorithms","properties":[{"$ref":"#/definitions/ProtocolAlgorithmType","propertyName":"request","commonType":"object","isObject":true,"model":"ProtocolAlgorithmType"},{"$ref":"#/definitions/ProtocolAlgorithmType","propertyName":"response","commonType":"object","isObject":true,"model":"ProtocolAlgorithmType"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProtocolEndpoint","properties":[{"enum":["HTTP-POST","HTTP-REDIRECT"],"propertyName":"binding","commonType":"string"},{"propertyName":"destination","commonType":"string"},{"enum":["INSTANCE","ORG"],"propertyName":"type","commonType":"string"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProtocolEndpoints","properties":[{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"acs","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"authorization","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"jwks","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"metadata","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"slo","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"sso","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"token","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"userInfo","commonType":"object","isObject":true,"model":"ProtocolEndpoint"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProtocolRelayState","properties":[{"$ref":"#/definitions/ProtocolRelayStateFormat","propertyName":"format","commonType":"enum","isEnum":true,"model":"ProtocolRelayStateFormat"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProtocolRelayStateFormat","enum":["OPAQUE","FROM_URL"],"tags":["IdentityProvider"]},{"modelName":"ProtocolSettings","properties":[{"propertyName":"nameFormat","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"Provisioning","properties":[{"enum":["AUTO","CALLOUT","DISABLED"],"propertyName":"action","commonType":"string"},{"$ref":"#/definitions/ProvisioningConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"ProvisioningConditions"},{"$ref":"#/definitions/ProvisioningGroups","propertyName":"groups","commonType":"object","isObject":true,"model":"ProvisioningGroups"},{"propertyName":"profileMaster","commonType":"boolean"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProvisioningConditions","properties":[{"$ref":"#/definitions/ProvisioningDeprovisionedCondition","propertyName":"deprovisioned","commonType":"object","isObject":true,"model":"ProvisioningDeprovisionedCondition"},{"$ref":"#/definitions/ProvisioningSuspendedCondition","propertyName":"suspended","commonType":"object","isObject":true,"model":"ProvisioningSuspendedCondition"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProvisioningConnection","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ProvisioningConnectionAuthScheme","propertyName":"authScheme","commonType":"enum","isEnum":true,"model":"ProvisioningConnectionAuthScheme"},{"$ref":"#/definitions/ProvisioningConnectionStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"ProvisioningConnectionStatus"}],"methods":[{"alias":"getDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getDefaultProvisioningConnectionForApplication","description":"Get default Provisioning Connection for application","summary":"Fetches the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ProvisioningConnection"}},{"alias":"activateDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateDefaultProvisioningConnectionForApplication","description":"Activates the default Provisioning Connection for an application.","summary":"Activate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivateDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateDefaultProvisioningConnectionForApplication","description":"Deactivates the default Provisioning Connection for an application.","summary":"Deactivate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ProvisioningConnectionAuthScheme","enum":["TOKEN","UNKNOWN"],"tags":["Application"]},{"modelName":"ProvisioningConnectionProfile","properties":[{"$ref":"#/definitions/ProvisioningConnectionAuthScheme","propertyName":"authScheme","commonType":"enum","isEnum":true,"model":"ProvisioningConnectionAuthScheme"},{"propertyName":"token","commonType":"string"}],"methods":[{"alias":"setDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default","method":"post","queryParams":[{"in":"query","name":"activate","type":"boolean"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"setDefaultProvisioningConnectionForApplication","description":"Set default Provisioning Connection for application","summary":"Sets the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"profile","required":true,"schema":{"$ref":"#/definitions/ProvisioningConnectionRequest"}},{"in":"query","name":"activate","type":"boolean"}],"bodyModel":"ProvisioningConnectionRequest","formData":[],"responseModel":"ProvisioningConnection"}}],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ProvisioningConnectionRequest","properties":[{"$ref":"#/definitions/ProvisioningConnectionProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"ProvisioningConnectionProfile"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ProvisioningConnectionStatus","enum":["DISABLED","ENABLED","UNKNOWN"],"tags":["Application"]},{"modelName":"ProvisioningDeprovisionedCondition","properties":[{"enum":["NONE","REACTIVATE"],"propertyName":"action","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProvisioningGroups","properties":[{"enum":["NONE","APPEND","SYNC","ASSIGN"],"propertyName":"action","commonType":"string"},{"propertyName":"assignments","commonType":"array","isArray":true,"model":"string"},{"propertyName":"filter","commonType":"array","isArray":true,"model":"string"},{"propertyName":"sourceAttributeName","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"ProvisioningSuspendedCondition","properties":[{"enum":["NONE","UNSUSPEND"],"propertyName":"action","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"PushUserFactor","properties":[{"propertyName":"expiresAt","commonType":"dateTime"},{"$ref":"#/definitions/FactorResultType","propertyName":"factorResult","commonType":"enum","isEnum":true,"model":"FactorResultType"},{"$ref":"#/definitions/PushUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"PushUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"push"}},{"modelName":"PushUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"},{"propertyName":"deviceToken","commonType":"string"},{"propertyName":"deviceType","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"platform","commonType":"string"},{"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"RecoveryQuestionCredential","properties":[{"propertyName":"answer","commonType":"string"},{"propertyName":"question","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"RequiredEnum","enum":["ALWAYS","HIGH_RISK_ONLY","NEVER"],"tags":["Authenticator"]},{"modelName":"ResetPasswordToken","properties":[{"readOnly":true,"propertyName":"resetPasswordUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"ResponseLinks","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"RiskPolicyRuleCondition","properties":[{"uniqueItems":true,"propertyName":"behaviors","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"RiskScorePolicyRuleCondition","properties":[{"propertyName":"level","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"Role","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/RoleAssignmentType","propertyName":"assignmentType","commonType":"enum","isEnum":true,"model":"RoleAssignmentType"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/RoleStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"RoleStatus"},{"$ref":"#/definitions/RoleType","propertyName":"type","commonType":"enum","isEnum":true,"model":"RoleType"}],"methods":[{"alias":"addAdminGroupTarget","arguments":[{"dest":"roleId","src":"id"},{"dest":"groupId","parentSrc":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"operationId":"addGroupTargetToGroupAdministratorRoleForGroup","description":"","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppInstanceTargetToAdminRole","arguments":[{"dest":"roleId","src":"id"},{"dest":"groupId","parentSrc":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationInstanceTargetToAppAdminRoleGivenToGroup","description":"Add App Instance Target to App Administrator Role given to a Group","summary":"Add App Instance Target to App Administrator Role given to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppTargetToAdminRole","arguments":[{"dest":"roleId","src":"id"},{"dest":"groupId","parentSrc":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleGivenToGroup","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]}},{"alias":"addAllAppsAsTargetToRole","arguments":[{"dest":"roleId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"addAllAppsAsTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppTargetToAppAdminRoleForUser","arguments":[{"dest":"roleId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationTargetToAppAdminRoleForUser","description":"Add App Instance Target to App Administrator Role given to a User","summary":"Add App Instance Target to App Administrator Role given to a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppTargetToAdminRoleForUser","arguments":[{"dest":"roleId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleForUser","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]}}],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"RoleAssignmentType","enum":["GROUP","USER"],"tags":["Role"]},{"modelName":"RoleStatus","enum":["ACTIVE","INACTIVE"],"tags":["User"]},{"modelName":"RoleType","enum":["SUPER_ADMIN","ORG_ADMIN","APP_ADMIN","USER_ADMIN","HELP_DESK_ADMIN","READ_ONLY_ADMIN","MOBILE_ADMIN","API_ACCESS_MANAGEMENT_ADMIN","REPORT_ADMIN","GROUP_MEMBERSHIP_ADMIN","CUSTOM"],"tags":["Role"]},{"modelName":"SamlApplication","properties":[{"$ref":"#/definitions/SamlApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SamlApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"okta_org2org":"Org2OrgApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"SAML_2_0"}},{"modelName":"SamlApplicationSettings","properties":[{"$ref":"#/definitions/SamlApplicationSettingsSignOn","propertyName":"signOn","commonType":"object","isObject":true,"model":"SamlApplicationSettingsSignOn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"SamlApplicationSettingsSignOn","properties":[{"propertyName":"acsEndpoints","commonType":"array","isArray":true,"model":"AcsEndpoint"},{"propertyName":"allowMultipleAcsEndpoints","commonType":"boolean"},{"propertyName":"assertionSigned","commonType":"boolean"},{"propertyName":"attributeStatements","commonType":"array","isArray":true,"model":"SamlAttributeStatement"},{"propertyName":"audience","commonType":"string"},{"propertyName":"audienceOverride","commonType":"string"},{"propertyName":"authnContextClassRef","commonType":"string"},{"propertyName":"defaultRelayState","commonType":"string"},{"propertyName":"destination","commonType":"string"},{"propertyName":"destinationOverride","commonType":"string"},{"propertyName":"digestAlgorithm","commonType":"string"},{"propertyName":"honorForceAuthn","commonType":"boolean"},{"propertyName":"idpIssuer","commonType":"string"},{"propertyName":"inlineHooks","commonType":"array","isArray":true,"model":"SignOnInlineHook"},{"propertyName":"recipient","commonType":"string"},{"propertyName":"recipientOverride","commonType":"string"},{"propertyName":"requestCompressed","commonType":"boolean"},{"propertyName":"responseSigned","commonType":"boolean"},{"propertyName":"samlSignedRequestEnabled","commonType":"boolean"},{"propertyName":"signatureAlgorithm","commonType":"string"},{"$ref":"#/definitions/SingleLogout","propertyName":"slo","commonType":"object","isObject":true,"model":"SingleLogout"},{"$ref":"#/definitions/SpCertificate","propertyName":"spCertificate","commonType":"object","isObject":true,"model":"SpCertificate"},{"propertyName":"spIssuer","commonType":"string"},{"propertyName":"ssoAcsUrl","commonType":"string"},{"propertyName":"ssoAcsUrlOverride","commonType":"string"},{"propertyName":"subjectNameIdFormat","commonType":"string"},{"propertyName":"subjectNameIdTemplate","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"SamlAttributeStatement","properties":[{"propertyName":"filterType","commonType":"string"},{"propertyName":"filterValue","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"namespace","commonType":"string"},{"propertyName":"type","commonType":"string"},{"propertyName":"values","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"ScheduledUserLifecycleAction","properties":[{"enum":["ACTIVE","INACTIVE","PENDING","DELETED","EXPIRED_PASSWORD","ACTIVATING","SUSPENDED","DELETING"],"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"SchemeApplicationCredentials","properties":[{"$ref":"#/definitions/PasswordCredential","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordCredential"},{"propertyName":"revealPassword","commonType":"boolean"},{"$ref":"#/definitions/ApplicationCredentialsScheme","propertyName":"scheme","commonType":"enum","isEnum":true,"model":"ApplicationCredentialsScheme"},{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"propertyName":"userName","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationCredentials","parent":{"modelName":"ApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"$ref":"#/definitions/ApplicationCredentialsUsernameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"ApplicationCredentialsUsernameTemplate"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"Scope","properties":[{"propertyName":"allowedOktaApps","commonType":"array","isArray":true,"model":"IframeEmbedScopeAllowedApps"},{"propertyName":"stringValue","commonType":"string"},{"$ref":"#/definitions/ScopeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"ScopeType"}],"methods":[],"crud":[],"tags":["Role"],"isExtensible":false},{"modelName":"ScopeType","enum":["CORS","REDIRECT","IFRAME_EMBED"],"tags":["Role"]},{"modelName":"SecurePasswordStoreApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"default":"template_sps","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/SecurePasswordStoreApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SecurePasswordStoreApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"SECURE_PASSWORD_STORE"}},{"modelName":"SecurePasswordStoreApplicationSettings","properties":[{"$ref":"#/definitions/SecurePasswordStoreApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"SecurePasswordStoreApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"SecurePasswordStoreApplicationSettingsApplication","properties":[{"propertyName":"optionalField1","commonType":"string"},{"propertyName":"optionalField1Value","commonType":"string"},{"propertyName":"optionalField2","commonType":"string"},{"propertyName":"optionalField2Value","commonType":"string"},{"propertyName":"optionalField3","commonType":"string"},{"propertyName":"optionalField3Value","commonType":"string"},{"propertyName":"passwordField","commonType":"string"},{"propertyName":"url","commonType":"string"},{"propertyName":"usernameField","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"SecurityQuestion","properties":[{"propertyName":"answer","commonType":"string"},{"propertyName":"question","commonType":"string"},{"propertyName":"questionText","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"SecurityQuestionUserFactor","properties":[{"$ref":"#/definitions/SecurityQuestionUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"SecurityQuestionUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"question"}},{"modelName":"SecurityQuestionUserFactorProfile","properties":[{"propertyName":"answer","commonType":"string"},{"propertyName":"question","commonType":"string"},{"propertyName":"questionText","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"SeedEnum","enum":["OKTA","RANDOM"],"tags":["Application"]},{"modelName":"Session","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"amr","commonType":"array","isArray":true,"model":"SessionAuthenticationMethod"},{"readOnly":true,"propertyName":"createdAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/SessionIdentityProvider","readOnly":true,"propertyName":"idp","commonType":"object","isObject":true,"model":"SessionIdentityProvider"},{"readOnly":true,"propertyName":"lastFactorVerification","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastPasswordVerification","commonType":"dateTime"},{"readOnly":true,"propertyName":"login","commonType":"string"},{"$ref":"#/definitions/SessionStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"SessionStatus"},{"readOnly":true,"propertyName":"userId","commonType":"string"}],"methods":[{"alias":"refresh","arguments":[{"dest":"sessionId","src":"id"}],"operation":{"path":"/api/v1/sessions/{sessionId}/lifecycle/refresh","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"refreshSession","description":"","summary":"Refresh Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"}}],"crud":[{"alias":"read","arguments":[{"dest":"sessionId","src":"id"}],"operation":{"path":"/api/v1/sessions/{sessionId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"getSession","description":"Get details about a session.","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"}},{"alias":"delete","arguments":[{"dest":"sessionId","src":"id"}],"operation":{"path":"/api/v1/sessions/{sessionId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"endSession","description":"","summary":"Close Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[]}}],"tags":["Session"],"isExtensible":false},{"modelName":"SessionAuthenticationMethod","enum":["pwd","swk","hwk","otp","sms","tel","geo","fpt","kba","mfa","mca","sc"],"tags":["Session"]},{"modelName":"SessionIdentityProvider","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/SessionIdentityProviderType","readOnly":true,"propertyName":"type","commonType":"enum","isEnum":true,"model":"SessionIdentityProviderType"}],"methods":[],"crud":[],"tags":["Session"],"isExtensible":false},{"modelName":"SessionIdentityProviderType","enum":["ACTIVE_DIRECTORY","LDAP","OKTA","FEDERATION","SOCIAL"],"tags":["Session"]},{"modelName":"SessionStatus","enum":["ACTIVE","MFA_ENROLL","MFA_REQUIRED"],"tags":["Session"]},{"modelName":"SignInPageTouchPointVariant","enum":["OKTA_DEFAULT","BACKGROUND_SECONDARY_COLOR","BACKGROUND_IMAGE"],"tags":["Brand"]},{"modelName":"SignOnInlineHook","properties":[{"propertyName":"id","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"SingleLogout","properties":[{"propertyName":"enabled","commonType":"boolean"},{"propertyName":"issuer","commonType":"string"},{"propertyName":"logoutUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"SmsTemplate","properties":[{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"template","commonType":"string"},{"$ref":"#/definitions/SmsTemplateTranslations","propertyName":"translations","commonType":"object","isObject":true,"model":"SmsTemplateTranslations"},{"$ref":"#/definitions/SmsTemplateType","propertyName":"type","commonType":"enum","isEnum":true,"model":"SmsTemplateType"}],"methods":[{"alias":"partialUpdate","arguments":[{"dest":"templateId","src":"id"},{"dest":"smsTemplate","self":true}],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"partialUpdateSmsTemplate","description":"Updates only some of the SMS template properties:","summary":"Partial SMS Template Update","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"}}],"crud":[{"alias":"create","arguments":[{"dest":"smsTemplate","self":true}],"operation":{"path":"/api/v1/templates/sms","method":"post","queryParams":[],"pathParams":[],"operationId":"createSmsTemplate","description":"Adds a new custom SMS template to your organization.","summary":"Add SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"getSmsTemplate","description":"Fetches a specific template by `id`","summary":"Get SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[],"responseModel":"SmsTemplate"}},{"alias":"update","arguments":[{"dest":"templateId","src":"id"},{"dest":"smsTemplate","self":true}],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"updateSmsTemplate","description":"Updates the SMS template.","summary":"Update SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"}},{"alias":"delete","arguments":[{"dest":"templateId","src":"id"}],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"deleteSmsTemplate","description":"Removes an SMS template.","summary":"Remove SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[]}}],"tags":["Template"],"isExtensible":false},{"modelName":"SmsTemplateTranslations","properties":[],"methods":[],"crud":[],"tags":["Template"],"isExtensible":true},{"modelName":"SmsTemplateType","enum":["SMS_VERIFY_CODE"],"tags":["Template"]},{"modelName":"SmsUserFactor","properties":[{"$ref":"#/definitions/SmsUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"SmsUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"sms"}},{"modelName":"SmsUserFactorProfile","properties":[{"propertyName":"phoneNumber","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"SocialAuthToken","properties":[{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"propertyName":"token","commonType":"string"},{"propertyName":"tokenAuthScheme","commonType":"string"},{"propertyName":"tokenType","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false},{"modelName":"SpCertificate","properties":[{"readOnly":false,"propertyName":"x5c","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false},{"modelName":"Subscription","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"channels","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/NotificationType","propertyName":"notificationType","commonType":"enum","isEnum":true,"model":"NotificationType"},{"$ref":"#/definitions/SubscriptionStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"SubscriptionStatus"}],"methods":[{"alias":"listRoleSubscriptions","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"operationId":"listRoleSubscriptions","description":"When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role","summary":"List all subscriptions of a Custom Role","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true}},{"alias":"getRoleSubscriptionByNotificationType","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getRoleSubscriptionByNotificationType","description":"When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.","summary":"Get subscriptions of a Custom Role with a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"}},{"alias":"getUserSubscriptionByNotificationType","operation":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getUserSubscriptionByNotificationType","description":"Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"Get the subscription of a User with a specific notification type","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"}},{"alias":"listUserSubscriptions","operation":{"path":"/api/v1/users/{userId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserSubscriptions","description":"List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"List subscriptions of a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true}},{"alias":"subscribeUserSubscriptionByNotificationType","operation":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeUserSubscriptionByNotificationType","description":"Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Subscribe to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}},{"alias":"unsubscribeRoleSubscriptionByNotificationType","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeRoleSubscriptionByNotificationType","description":"When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Unsubscribe a Custom Role from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}},{"alias":"subscribeRoleSubscriptionByNotificationType","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeRoleSubscriptionByNotificationType","description":"When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Subscribe a Custom Role to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}},{"alias":"unsubscribeUserSubscriptionByNotificationType","operation":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeUserSubscriptionByNotificationType","description":"Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Unsubscribe from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}}],"crud":[],"tags":["Role"],"isExtensible":false},{"modelName":"SubscriptionStatus","enum":["subscribed","unsubscribed"],"tags":["Role"]},{"modelName":"SwaApplication","properties":[{"default":"template_swa","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/SwaApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SwaApplicationSettings"},{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"BrowserPluginApplication","parent":{"modelName":"BrowserPluginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"template_swa":"SwaApplication","template_swa3field":"SwaThreeFieldApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}},{"modelName":"SwaApplicationSettings","properties":[{"$ref":"#/definitions/SwaApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"SwaApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"SwaApplicationSettingsApplication","properties":[{"propertyName":"buttonField","commonType":"string"},{"propertyName":"checkbox","commonType":"string"},{"propertyName":"loginUrlRegex","commonType":"string"},{"propertyName":"passwordField","commonType":"string"},{"propertyName":"redirectUrl","commonType":"string"},{"propertyName":"url","commonType":"string"},{"propertyName":"usernameField","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"SwaThreeFieldApplication","properties":[{"default":"template_swa3field","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/SwaThreeFieldApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SwaThreeFieldApplicationSettings"},{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"BrowserPluginApplication","parent":{"modelName":"BrowserPluginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"template_swa":"SwaApplication","template_swa3field":"SwaThreeFieldApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}},{"modelName":"SwaThreeFieldApplicationSettings","properties":[{"$ref":"#/definitions/SwaThreeFieldApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"SwaThreeFieldApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"SwaThreeFieldApplicationSettingsApplication","properties":[{"propertyName":"buttonSelector","commonType":"string"},{"propertyName":"extraFieldSelector","commonType":"string"},{"propertyName":"extraFieldValue","commonType":"string"},{"propertyName":"loginUrlRegex","commonType":"string"},{"propertyName":"passwordSelector","commonType":"string"},{"propertyName":"targetURL","commonType":"string"},{"propertyName":"userNameSelector","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"TempPassword","properties":[{"readOnly":true,"propertyName":"tempPassword","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"Theme","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"backgroundImage","commonType":"string"},{"$ref":"#/definitions/EmailTemplateTouchPointVariant","propertyName":"emailTemplateTouchPointVariant","commonType":"enum","isEnum":true,"model":"EmailTemplateTouchPointVariant"},{"$ref":"#/definitions/EndUserDashboardTouchPointVariant","propertyName":"endUserDashboardTouchPointVariant","commonType":"enum","isEnum":true,"model":"EndUserDashboardTouchPointVariant"},{"$ref":"#/definitions/ErrorPageTouchPointVariant","propertyName":"errorPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"ErrorPageTouchPointVariant"},{"propertyName":"primaryColorContrastHex","commonType":"string"},{"propertyName":"primaryColorHex","commonType":"string"},{"propertyName":"secondaryColorContrastHex","commonType":"string"},{"propertyName":"secondaryColorHex","commonType":"string"},{"$ref":"#/definitions/SignInPageTouchPointVariant","propertyName":"signInPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"SignInPageTouchPointVariant"}],"methods":[{"alias":"uploadBrandThemeLogo","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeLogo","description":"Updates the logo for your Theme","summary":"Update a themes logo","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"}},{"alias":"deleteBrandThemeLogo","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeLogo","description":"Deletes a Theme logo. The org then uses the Okta default logo.","summary":"Deletes a Theme logo. The org then uses the Okta default logo.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]}},{"alias":"updateBrandThemeFavicon","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeFavicon","description":"Updates the favicon for your theme","summary":"Updates the favicon for your theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"}},{"alias":"deleteBrandThemeFavicon","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeFavicon","description":"Deletes a Theme favicon. The org then uses the Okta default favicon.","summary":"Deletes a Theme favicon. The org then uses the Okta default favicon.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]}},{"alias":"updateBrandThemeBackgroundImage","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeBackgroundImage","description":"Updates the background image for your Theme","summary":"Updates the background image for your Theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"}},{"alias":"deleteBrandThemeBackgroundImage","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeBackgroundImage","description":"Deletes a Theme background image","summary":"Deletes a Theme background image","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"getBrandTheme","description":"Fetches a theme for a brand","summary":"Get a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[],"responseModel":"ThemeResponse"}},{"alias":"update","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"updateBrandTheme","description":"Updates a theme for a brand","summary":"Update a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"body","name":"theme","required":true,"schema":{"$ref":"#/definitions/Theme"}}],"bodyModel":"Theme","formData":[],"responseModel":"ThemeResponse"}}],"tags":["Brand"],"isExtensible":false},{"modelName":"ThemeResponse","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"backgroundImage","commonType":"string"},{"$ref":"#/definitions/EmailTemplateTouchPointVariant","propertyName":"emailTemplateTouchPointVariant","commonType":"enum","isEnum":true,"model":"EmailTemplateTouchPointVariant"},{"$ref":"#/definitions/EndUserDashboardTouchPointVariant","propertyName":"endUserDashboardTouchPointVariant","commonType":"enum","isEnum":true,"model":"EndUserDashboardTouchPointVariant"},{"$ref":"#/definitions/ErrorPageTouchPointVariant","propertyName":"errorPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"ErrorPageTouchPointVariant"},{"readOnly":true,"propertyName":"favicon","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"logo","commonType":"string"},{"propertyName":"primaryColorContrastHex","commonType":"string"},{"propertyName":"primaryColorHex","commonType":"string"},{"propertyName":"secondaryColorContrastHex","commonType":"string"},{"propertyName":"secondaryColorHex","commonType":"string"},{"$ref":"#/definitions/SignInPageTouchPointVariant","propertyName":"signInPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"SignInPageTouchPointVariant"}],"methods":[],"crud":[],"tags":["Brand"],"isExtensible":false},{"modelName":"ThreatInsightConfiguration","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"action","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"excludeZones","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"}],"methods":[],"crud":[{"alias":"read","arguments":[],"operation":{"path":"/api/v1/threats/configuration","method":"get","queryParams":[],"pathParams":[],"operationId":"getCurrentConfiguration","description":"Gets current ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[],"formData":[],"responseModel":"ThreatInsightConfiguration"}},{"alias":"update","arguments":[{"dest":"threatInsightConfiguration","self":true}],"operation":{"path":"/api/v1/threats/configuration","method":"post","queryParams":[],"pathParams":[],"operationId":"updateConfiguration","description":"Updates ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[{"in":"body","name":"ThreatInsightConfiguration","required":true,"schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}],"bodyModel":"ThreatInsightConfiguration","formData":[],"responseModel":"ThreatInsightConfiguration"}}],"tags":["ThreatInsight"],"isExtensible":false},{"modelName":"TokenAuthorizationServerPolicyRuleAction","properties":[{"propertyName":"accessTokenLifetimeMinutes","commonType":"integer"},{"$ref":"#/definitions/TokenAuthorizationServerPolicyRuleActionInlineHook","propertyName":"inlineHook","commonType":"object","isObject":true,"model":"TokenAuthorizationServerPolicyRuleActionInlineHook"},{"propertyName":"refreshTokenLifetimeMinutes","commonType":"integer"},{"propertyName":"refreshTokenWindowMinutes","commonType":"integer"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false},{"modelName":"TokenAuthorizationServerPolicyRuleActionInlineHook","properties":[{"propertyName":"id","commonType":"string"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false},{"modelName":"TokenUserFactor","properties":[{"$ref":"#/definitions/TokenUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"TokenUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token"}},{"modelName":"TokenUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"TotpUserFactor","properties":[{"$ref":"#/definitions/TotpUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"TotpUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token:software:totp"}},{"modelName":"TotpUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"TrustedOrigin","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"createdBy","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"lastUpdatedBy","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"origin","commonType":"string"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"Scope"},{"propertyName":"status","commonType":"string"}],"methods":[],"crud":[{"alias":"create","arguments":[{"dest":"trustedOrigin","self":true}],"operation":{"path":"/api/v1/trustedOrigins","method":"post","queryParams":[],"pathParams":[],"operationId":"createOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"getOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"}},{"alias":"update","arguments":[{"dest":"trustedOriginId","src":"id"},{"dest":"trustedOrigin","self":true}],"operation":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"updateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"},{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"}},{"alias":"delete","arguments":[{"dest":"trustedOriginId","src":"id"}],"operation":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"deleteOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[]}}],"tags":["TrustedOrigin"],"isExtensible":false},{"modelName":"U2fUserFactor","properties":[{"$ref":"#/definitions/U2fUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"U2fUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"u2f"}},{"modelName":"U2fUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"User","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"activated","commonType":"dateTime"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/UserCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"UserCredentials"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastLogin","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"passwordChanged","commonType":"dateTime"},{"$ref":"#/definitions/UserProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"UserProfile"},{"$ref":"#/definitions/UserStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"UserStatus"},{"readOnly":true,"propertyName":"statusChanged","commonType":"dateTime"},{"$ref":"#/definitions/UserStatus","readOnly":true,"propertyName":"transitioningToStatus","commonType":"enum","isEnum":true,"model":"UserStatus"},{"$ref":"#/definitions/UserType","propertyName":"type","commonType":"object","isObject":true,"model":"UserType"}],"methods":[{"alias":"listAppLinks","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/appLinks","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAppLinks","description":"Fetches appLinks for all direct or indirect (via group membership) assigned applications.","summary":"Get Assigned App Links","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppLink"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"AppLink","isArray":true}},{"alias":"changePassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/change_password","method":"post","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changePassword","description":"Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential","summary":"Change Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"changePasswordRequest","required":true,"schema":{"$ref":"#/definitions/ChangePasswordRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"ChangePasswordRequest","formData":[],"responseModel":"UserCredentials"}},{"alias":"changeRecoveryQuestion","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/change_recovery_question","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changeRecoveryQuestion","description":"Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential","summary":"Change Recovery Question","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"userCredentials","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"UserCredentials"}},{"alias":"forgotPasswordSetNewPassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordSetNewPassword","description":"Sets a new password for a user by validating the user's answer to their current recovery question","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"ForgotPasswordResponse"}},{"alias":"forgotPasswordGenerateOneTimeToken","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordGenerateOneTimeToken","description":"Generates a one-time token (OTT) that can be used to reset a user's password","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"ForgotPasswordResponse"}},{"alias":"assignRole","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"assignRoleToUser","description":"Assigns a role to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"}},{"alias":"getRole","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"getUserRole","description":"Gets role that is assigne to user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[],"responseModel":"Role"}},{"alias":"removeRole","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"removeRoleFromUser","description":"Unassigns a role from a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]}},{"alias":"listGroupTargets","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listGroupTargetsForRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Group","isArray":true}},{"alias":"removeGroupTarget","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"removeGroupTargetFromRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}},{"alias":"addGroupTarget","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"addGroupTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}},{"alias":"listAssignedRoles","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAssignedRolesForUser","description":"Lists all roles assigned to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Role"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Role","isArray":true}},{"alias":"addAllAppsAsTarget","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"addAllAppsAsTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]}},{"alias":"listGroups","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/groups","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGroups","description":"Fetches the groups of which the user is a member.","summary":"Get Member Groups","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Group","isArray":true}},{"alias":"listGrants","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/grants","method":"get","queryParams":[{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGrants","description":"Lists all grants for the specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"revokeGrants","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"revokeUserGrants","description":"Revokes all grants for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"revokeGrant","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeUserGrant","description":"Revokes one grant for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"revokeGrantsForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeGrantsForUserAndClient","description":"Revokes all grants for the specified user and client","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]}},{"alias":"listRefreshTokensForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForUserAndClient","description":"Lists all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true}},{"alias":"revokeTokenForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeTokenForUserAndClient","description":"Revokes the specified refresh token.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getRefreshTokenForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForUserAndClient","description":"Gets a refresh token issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"}},{"alias":"revokeTokensForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeTokensForUserAndClient","description":"Revokes all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]}},{"alias":"listClients","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserClients","description":"Lists all client resources for which the specified user has grants or tokens.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true}},{"alias":"activate","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/activate","method":"post","queryParams":[{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"activateUser","description":"Activates a user.  This operation can only be performed on users with a `STAGED` status.  Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.  The user will have a status of `ACTIVE` when the activation process is complete.","summary":"Activate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"}},{"alias":"reactivate","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/reactivate","method":"post","queryParams":[{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"reactivateUser","description":"Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).","summary":"Reactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"}},{"alias":"deactivate","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/deactivate","method":"post","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateUser","description":"Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.","summary":"Deactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]}},{"alias":"suspend","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/suspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"suspendUser","description":"Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.","summary":"Suspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"unsuspend","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/unsuspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unsuspendUser","description":"Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.","summary":"Unsuspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"resetPassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/reset_password","method":"post","queryParams":[{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetPassword","description":"Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.","summary":"Reset Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ResetPasswordToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"ResetPasswordToken"}},{"alias":"expirePassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"}},{"alias":"expirePasswordAndGetTemporaryPassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePasswordAndGetTemporaryPassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` and the user's password is reset to a temporary password that is returned.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TempPassword"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"TempPassword"}},{"alias":"unlock","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/unlock","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlockUser","description":"Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status.  Users will be able to login with their current password.","summary":"Unlock User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"resetFactors","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/reset_factors","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetFactors","description":"This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.","summary":"Reset Factors","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"deleteFactor","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}},{"alias":"addToGroup","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"addUserToGroup","description":"Adds a user to a group with 'OKTA_GROUP' type.","summary":"Add User to Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"enrollFactor","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors","method":"post","queryParams":[{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"enrollFactor","description":"Enrolls a user with a supported factor.","summary":"Enroll Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"description":"Factor","in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/UserFactor"}},{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"bodyModel":"UserFactor","formData":[],"responseModel":"UserFactor"}},{"alias":"listSupportedFactors","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/catalog","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedFactors","description":"Enumerates all the supported factors that can be enrolled for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true}},{"alias":"listFactors","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listFactors","description":"Enumerates all the enrolled factors for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true}},{"alias":"listSupportedSecurityQuestions","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/questions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedSecurityQuestions","description":"Enumerates all available security questions for a user's `question` factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SecurityQuestion"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SecurityQuestion","isArray":true}},{"alias":"getFactor","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"getFactor","description":"Fetches a factor for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor"}},{"alias":"setLinkedObject","arguments":[{"dest":"associatedUserId","src":"id"}],"operation":{"path":"/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"operationId":"setLinkedObjectForUser","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"formData":[]}},{"alias":"listIdentityProviders","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/idps","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserIdentityProviders","description":"Lists the IdPs associated with the user.","summary":"Listing IdPs associated with a user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProvider"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider","isArray":true}},{"alias":"getLinkedObjects","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"getLinkedObjectsForUser","description":"Get linked objects for a user, relationshipName can be a primary or associated relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ResponseLinks"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"ResponseLinks","isArray":true}},{"alias":"clearSessions","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/sessions","method":"delete","queryParams":[{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"clearUserSessions","description":"Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"formData":[]}},{"alias":"removeLinkedObject","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"removeLinkedObjectForUser","description":"Delete linked objects for a user, relationshipName can be ONLY a primary relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"create","arguments":[{"dest":"user","self":true}],"operation":{"path":"/api/v1/users","method":"post","queryParams":[{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"pathParams":[],"operationId":"createUser","description":"Creates a new user in your Okta organization with or without credentials.","summary":"Create User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/CreateUserRequest"}},{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"bodyModel":"CreateUserRequest","formData":[],"responseModel":"User"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getUser","description":"Fetches a user from your Okta organization.","summary":"Get User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"}},{"alias":"update","arguments":[{"dest":"userId","src":"id"},{"dest":"user","self":true}],"operation":{"path":"/api/v1/users/{userId}","method":"put","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateUser","description":"Update a user's profile and/or credentials using strict-update semantics.","summary":"Update User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/User"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"User","formData":[],"responseModel":"User"}},{"alias":"delete","arguments":[{"dest":"userId","src":"id"},{"dest":"user","self":true}],"operation":{"path":"/api/v1/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateOrDeleteUser","description":"Deletes a user permanently.  This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**","summary":"Delete User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"ACCEPTED"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]}}],"tags":["User"],"isExtensible":false},{"modelName":"UserActivationToken","properties":[{"readOnly":true,"propertyName":"activationToken","commonType":"string"},{"readOnly":true,"propertyName":"activationUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"UserCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserCredentials","properties":[{"$ref":"#/definitions/PasswordCredential","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordCredential"},{"$ref":"#/definitions/AuthenticationProvider","propertyName":"provider","commonType":"object","isObject":true,"model":"AuthenticationProvider"},{"$ref":"#/definitions/RecoveryQuestionCredential","propertyName":"recovery_question","commonType":"object","isObject":true,"model":"RecoveryQuestionCredential"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false},{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},{"modelName":"UserIdString","properties":[{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Org"],"isExtensible":false,"extends":"OrgContactUser","parent":{"modelName":"OrgContactUser","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"userId","commonType":"string"}],"methods":[{"alias":"updateContactUser","arguments":[{"dest":"userId","src":"userId"}],"operation":{"path":"/api/v1/org/contacts/{contactType}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"updateOrgContactUser","description":"Updates the User associated with the specified Contact Type.","summary":"Update org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"},{"in":"body","name":"userId","required":true,"schema":{"$ref":"#/definitions/UserIdString"}}],"bodyModel":"UserIdString","formData":[],"responseModel":"OrgContactUser"}}],"crud":[],"tags":["Org"],"isExtensible":false}},{"modelName":"UserIdentifierConditionEvaluatorPattern","properties":[{"enum":["SUFFIX","EXPRESSION","STARTS_WITH","EQUALS","CONTAINS"],"propertyName":"matchType","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserIdentifierPolicyRuleCondition","properties":[{"propertyName":"attribute","commonType":"string"},{"propertyName":"patterns","commonType":"array","isArray":true,"model":"UserIdentifierConditionEvaluatorPattern"},{"enum":["IDENTIFIER","ATTRIBUTE"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserIdentityProviderLinkRequest","properties":[{"propertyName":"externalId","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserLifecycleAttributePolicyRuleCondition","properties":[{"propertyName":"attributeName","commonType":"string"},{"propertyName":"matchingValue","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserNextLogin","enum":["changePassword"],"tags":["User"]},{"modelName":"UserPolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/InactivityPolicyRuleCondition","propertyName":"inactivity","commonType":"object","isObject":true,"model":"InactivityPolicyRuleCondition"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/LifecycleExpirationPolicyRuleCondition","propertyName":"lifecycleExpiration","commonType":"object","isObject":true,"model":"LifecycleExpirationPolicyRuleCondition"},{"$ref":"#/definitions/PasswordExpirationPolicyRuleCondition","propertyName":"passwordExpiration","commonType":"object","isObject":true,"model":"PasswordExpirationPolicyRuleCondition"},{"$ref":"#/definitions/UserLifecycleAttributePolicyRuleCondition","propertyName":"userLifecycleAttribute","commonType":"object","isObject":true,"model":"UserLifecycleAttributePolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserProfile","properties":[{"propertyName":"city","commonType":"string"},{"propertyName":"costCenter","commonType":"string"},{"propertyName":"countryCode","commonType":"string"},{"propertyName":"department","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"propertyName":"division","commonType":"string"},{"propertyName":"email","commonType":"string"},{"propertyName":"employeeNumber","commonType":"string"},{"propertyName":"firstName","commonType":"string"},{"propertyName":"honorificPrefix","commonType":"string"},{"propertyName":"honorificSuffix","commonType":"string"},{"propertyName":"lastName","commonType":"string"},{"propertyName":"locale","commonType":"string"},{"propertyName":"login","commonType":"string"},{"propertyName":"manager","commonType":"string"},{"propertyName":"managerId","commonType":"string"},{"propertyName":"middleName","commonType":"string"},{"propertyName":"mobilePhone","commonType":"string"},{"propertyName":"nickName","commonType":"string"},{"propertyName":"organization","commonType":"string"},{"propertyName":"postalAddress","commonType":"string"},{"propertyName":"preferredLanguage","commonType":"string"},{"propertyName":"primaryPhone","commonType":"string"},{"propertyName":"profileUrl","commonType":"string"},{"propertyName":"secondEmail","commonType":"string"},{"propertyName":"state","commonType":"string"},{"propertyName":"streetAddress","commonType":"string"},{"propertyName":"timezone","commonType":"string"},{"propertyName":"title","commonType":"string"},{"propertyName":"userType","commonType":"string"},{"propertyName":"zipCode","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":true},{"modelName":"UserSchema","properties":[{"readOnly":true,"propertyName":"$schema","commonType":"string"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"string"},{"$ref":"#/definitions/UserSchemaDefinitions","propertyName":"definitions","commonType":"object","isObject":true,"model":"UserSchemaDefinitions"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"string"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/UserSchemaProperties","readOnly":true,"propertyName":"properties","commonType":"object","isObject":true,"model":"UserSchemaProperties"},{"propertyName":"title","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaAttribute","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"enum","commonType":"array","isArray":true,"model":"string"},{"propertyName":"externalName","commonType":"string"},{"propertyName":"externalNamespace","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeItems","propertyName":"items","commonType":"object","isObject":true,"model":"UserSchemaAttributeItems"},{"$ref":"#/definitions/UserSchemaAttributeMaster","propertyName":"master","commonType":"object","isObject":true,"model":"UserSchemaAttributeMaster"},{"propertyName":"maxLength","commonType":"integer"},{"propertyName":"minLength","commonType":"integer"},{"propertyName":"mutability","commonType":"string"},{"propertyName":"oneOf","commonType":"array","isArray":true,"model":"UserSchemaAttributeEnum"},{"propertyName":"pattern","commonType":"string"},{"propertyName":"permissions","commonType":"array","isArray":true,"model":"UserSchemaAttributePermission"},{"propertyName":"required","commonType":"boolean"},{"$ref":"#/definitions/UserSchemaAttributeScope","propertyName":"scope","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeScope"},{"propertyName":"title","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeType"},{"$ref":"#/definitions/UserSchemaAttributeUnion","propertyName":"union","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeUnion"},{"propertyName":"unique","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaAttributeEnum","properties":[{"propertyName":"const","commonType":"string"},{"propertyName":"title","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaAttributeItems","properties":[{"propertyName":"enum","commonType":"array","isArray":true,"model":"string"},{"propertyName":"oneOf","commonType":"array","isArray":true,"model":"UserSchemaAttributeEnum"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaAttributeMaster","properties":[{"propertyName":"priority","commonType":"array","isArray":true,"model":"UserSchemaAttributeMasterPriority"},{"$ref":"#/definitions/UserSchemaAttributeMasterType","propertyName":"type","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeMasterType"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaAttributeMasterPriority","properties":[{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaAttributeMasterType","enum":["PROFILE_MASTER","OKTA","OVERRIDE"],"tags":["UserSchema"]},{"modelName":"UserSchemaAttributePermission","properties":[{"propertyName":"action","commonType":"string"},{"propertyName":"principal","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaAttributeScope","enum":["SELF","NONE"],"tags":["UserSchema"]},{"modelName":"UserSchemaAttributeType","enum":["string","boolean","number","integer","array"],"tags":["UserSchema"]},{"modelName":"UserSchemaAttributeUnion","enum":["DISABLE","ENABLE"],"tags":["UserSchema"]},{"modelName":"UserSchemaBase","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/UserSchemaBaseProperties","propertyName":"properties","commonType":"object","isObject":true,"model":"UserSchemaBaseProperties"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaBaseProperties","properties":[{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"city","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"costCenter","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"countryCode","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"department","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"displayName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"division","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"email","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"employeeNumber","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"firstName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"honorificPrefix","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"honorificSuffix","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"lastName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"locale","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"login","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"manager","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"managerId","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"middleName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"mobilePhone","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"nickName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"organization","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"postalAddress","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"preferredLanguage","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"primaryPhone","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"profileUrl","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"secondEmail","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"state","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"streetAddress","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"timezone","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"title","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"userType","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"zipCode","commonType":"object","isObject":true,"model":"UserSchemaAttribute"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaDefinitions","properties":[{"$ref":"#/definitions/UserSchemaBase","propertyName":"base","commonType":"object","isObject":true,"model":"UserSchemaBase"},{"$ref":"#/definitions/UserSchemaPublic","propertyName":"custom","commonType":"object","isObject":true,"model":"UserSchemaPublic"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaProperties","properties":[{"$ref":"#/definitions/UserSchemaPropertiesProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"UserSchemaPropertiesProfile"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaPropertiesProfile","properties":[{"propertyName":"allOf","commonType":"array","isArray":true,"model":"UserSchemaPropertiesProfileItem"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaPropertiesProfileItem","properties":[{"propertyName":"$ref","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserSchemaPublic","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"properties","commonType":"hash","isHash":true,"model":"UserSchemaAttribute"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false},{"modelName":"UserStatus","enum":["ACTIVE","DEPROVISIONED","LOCKED_OUT","PASSWORD_EXPIRED","PROVISIONED","RECOVERY","STAGED","SUSPENDED"],"tags":["User"]},{"modelName":"UserStatusPolicyRuleCondition","properties":[{"enum":["ACTIVE","INACTIVE","PENDING","DELETED","EXPIRED_PASSWORD","ACTIVATING","SUSPENDED","DELETING"],"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserType","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"createdBy","commonType":"string"},{"readOnly":true,"propertyName":"default","commonType":"boolean"},{"propertyName":"description","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdatedBy","commonType":"string"},{"propertyName":"name","commonType":"string"}],"methods":[{"alias":"replaceUserType","arguments":[{"dest":"roleId","src":"id"}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"replaceUserType","description":"Replace an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"}}],"crud":[{"alias":"create","arguments":[{"dest":"userType","self":true}],"operation":{"path":"/api/v1/meta/types/user","method":"post","queryParams":[],"pathParams":[],"operationId":"createUserType","description":"Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"}},{"alias":"update","arguments":[{"dest":"typeId","src":"id"},{"dest":"userType","self":true}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"updateUserType","description":"Updates an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"}},{"alias":"read","arguments":[{"dest":"typeId","src":"id"}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"getUserType","description":"Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[],"responseModel":"UserType"}},{"alias":"delete","arguments":[{"dest":"typeId","src":"id"}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"deleteUserType","description":"Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserType"],"isExtensible":false},{"modelName":"UserTypeCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"UserVerificationEnum","enum":["REQUIRED","PREFERRED"],"tags":["Authenticator"]},{"modelName":"VerificationMethod","properties":[{"propertyName":"constraints","commonType":"array","isArray":true,"model":"AccessPolicyConstraints"},{"propertyName":"factorMode","commonType":"string"},{"propertyName":"inactivityPeriod","commonType":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false},{"modelName":"VerifyFactorRequest","properties":[{"propertyName":"activationToken","commonType":"string"},{"propertyName":"answer","commonType":"string"},{"propertyName":"attestation","commonType":"string"},{"propertyName":"clientData","commonType":"string"},{"propertyName":"nextPassCode","commonType":"string"},{"propertyName":"passCode","commonType":"string"},{"propertyName":"registrationData","commonType":"string"},{"propertyName":"stateToken","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"VerifyUserFactorResponse","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"enum":["SUCCESS","EXPIRED","CHALLENGE","WAITING","FAILED","REJECTED","TIMEOUT","TIME_WINDOW_EXCEEDED","PASSCODE_REPLAYED","ERROR"],"propertyName":"factorResult","commonType":"string"},{"propertyName":"factorResultMessage","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"WebAuthnUserFactor","properties":[{"$ref":"#/definitions/WebAuthnUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"WebAuthnUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"webauthn"}},{"modelName":"WebAuthnUserFactorProfile","properties":[{"propertyName":"authenticatorName","commonType":"string"},{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"WebUserFactor","properties":[{"$ref":"#/definitions/WebUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"WebUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"web"}},{"modelName":"WebUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false},{"modelName":"WsFederationApplication","properties":[{"default":"template_wsfed","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/WsFederationApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"WsFederationApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"WS_FEDERATION"}},{"modelName":"WsFederationApplicationSettings","properties":[{"$ref":"#/definitions/WsFederationApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"WsFederationApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}},{"modelName":"WsFederationApplicationSettingsApplication","properties":[{"propertyName":"attributeStatements","commonType":"string"},{"propertyName":"audienceRestriction","commonType":"string"},{"propertyName":"authnContextClassRef","commonType":"string"},{"propertyName":"groupFilter","commonType":"string"},{"propertyName":"groupName","commonType":"string"},{"propertyName":"groupValueFormat","commonType":"string"},{"propertyName":"nameIDFormat","commonType":"string"},{"propertyName":"realm","commonType":"string"},{"propertyName":"siteURL","commonType":"string"},{"propertyName":"usernameAttribute","commonType":"string"},{"propertyName":"wReplyOverride","commonType":"boolean"},{"propertyName":"wReplyURL","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}],"version":"2.17.0"}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicy.go","context":{"operations":{},"model":{"modelName":"AccessPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"ACCESS_POLICY"}}}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicyConstraint.go","context":{"operations":{},"model":{"modelName":"AccessPolicyConstraint","properties":[{"propertyName":"methods","commonType":"array","isArray":true,"model":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicyConstraints.go","context":{"operations":{},"model":{"modelName":"AccessPolicyConstraints","properties":[{"$ref":"#/definitions/KnowledgeConstraint","propertyName":"knowledge","commonType":"object","isObject":true,"model":"KnowledgeConstraint"},{"$ref":"#/definitions/PossessionConstraint","propertyName":"possession","commonType":"object","isObject":true,"model":"PossessionConstraint"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicyRule.go","context":{"operations":{},"model":{"modelName":"AccessPolicyRule","properties":[{"$ref":"#/definitions/AccessPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"AccessPolicyRuleActions"},{"$ref":"#/definitions/AccessPolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"AccessPolicyRuleConditions"},{"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"ACCESS_POLICY"}}}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicyRuleActions.go","context":{"operations":{},"model":{"modelName":"AccessPolicyRuleActions","properties":[{"$ref":"#/definitions/AccessPolicyRuleApplicationSignOn","propertyName":"appSignOn","commonType":"object","isObject":true,"model":"AccessPolicyRuleApplicationSignOn"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicyRuleApplicationSignOn.go","context":{"operations":{},"model":{"modelName":"AccessPolicyRuleApplicationSignOn","properties":[{"propertyName":"access","commonType":"string"},{"$ref":"#/definitions/VerificationMethod","propertyName":"verificationMethod","commonType":"object","isObject":true,"model":"VerificationMethod"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicyRuleConditions.go","context":{"operations":{},"model":{"modelName":"AccessPolicyRuleConditions","properties":[{"$ref":"#/definitions/DeviceAccessPolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DeviceAccessPolicyRuleCondition"},{"$ref":"#/definitions/AccessPolicyRuleCustomCondition","propertyName":"elCondition","commonType":"object","isObject":true,"model":"AccessPolicyRuleCustomCondition"},{"$ref":"#/definitions/UserTypeCondition","propertyName":"userType","commonType":"object","isObject":true,"model":"UserTypeCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/accessPolicyRuleCustomCondition.go","context":{"operations":{},"model":{"modelName":"AccessPolicyRuleCustomCondition","properties":[{"propertyName":"condition","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/acsEndpoint.go","context":{"operations":{},"model":{"modelName":"AcsEndpoint","properties":[{"propertyName":"index","commonType":"integer"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/activateFactorRequest.go","context":{"operations":{},"model":{"modelName":"ActivateFactorRequest","properties":[{"propertyName":"attestation","commonType":"string"},{"propertyName":"clientData","commonType":"string"},{"propertyName":"passCode","commonType":"string"},{"propertyName":"registrationData","commonType":"string"},{"propertyName":"stateToken","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/allowedForEnum.go","context":{"operations":{},"model":{"modelName":"AllowedForEnum","enum":["recovery","sso","any","none"],"tags":["Authenticator"]}}},{"src":"templates/model.go.hbs","dest":"okta/appAndInstanceConditionEvaluatorAppOrInstance.go","context":{"operations":{},"model":{"modelName":"AppAndInstanceConditionEvaluatorAppOrInstance","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"name","commonType":"string"},{"enum":["APP_TYPE","APP"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/appAndInstancePolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"AppAndInstancePolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"AppAndInstanceConditionEvaluatorAppOrInstance"},{"propertyName":"include","commonType":"array","isArray":true,"model":"AppAndInstanceConditionEvaluatorAppOrInstance"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/appInstancePolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"AppInstancePolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/appLink.go","context":{"operations":{},"model":{"modelName":"AppLink","properties":[{"readOnly":true,"propertyName":"appAssignmentId","commonType":"string"},{"readOnly":true,"propertyName":"appInstanceId","commonType":"string"},{"readOnly":true,"propertyName":"appName","commonType":"string"},{"readOnly":true,"propertyName":"credentialsSetup","commonType":"boolean"},{"readOnly":true,"propertyName":"hidden","commonType":"boolean"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"linkUrl","commonType":"string"},{"readOnly":true,"propertyName":"logoUrl","commonType":"string"},{"readOnly":true,"propertyName":"sortOrder","commonType":"integer"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/appUser.go","context":{"operations":{"updateApplicationUser":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateApplicationUser","description":"Updates a user's profile for an application","summary":"Update Application Profile for Assigned User","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"},"deleteApplicationUser":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deleteApplicationUser","description":"Removes an assignment for a user from an application.","summary":"Remove User from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]}},"model":{"modelName":"AppUser","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/AppUserCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"AppUserCredentials"},{"readOnly":true,"propertyName":"externalId","commonType":"string"},{"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastSync","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"passwordChanged","commonType":"dateTime"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"scope","commonType":"string"},{"readOnly":true,"propertyName":"status","commonType":"string"},{"readOnly":true,"propertyName":"statusChanged","commonType":"dateTime"},{"readOnly":true,"propertyName":"syncState","commonType":"string"}],"methods":[],"crud":[{"alias":"update","arguments":[{"dest":"appId","parentSrc":"appId"},{"dest":"userId","src":"id"},{"dest":"appUser","self":true}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateApplicationUser","description":"Updates a user's profile for an application","summary":"Update Application Profile for Assigned User","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"delete","arguments":[{"dest":"appId","parentSrc":"appId"},{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deleteApplicationUser","description":"Removes an assignment for a user from an application.","summary":"Remove User from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]}}],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/appUserCredentials.go","context":{"operations":{},"model":{"modelName":"AppUserCredentials","properties":[{"$ref":"#/definitions/AppUserPasswordCredential","propertyName":"password","commonType":"object","isObject":true,"model":"AppUserPasswordCredential"},{"propertyName":"userName","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/appUserPasswordCredential.go","context":{"operations":{},"model":{"modelName":"AppUserPasswordCredential","properties":[{"propertyName":"value","commonType":"password"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/application.go","context":{"operations":{"getApplication":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"},"updateApplication":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"},"deleteApplication":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},"listApplications":{"path":"/api/v1/apps","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters apps by status, user.id, group.id or credentials.signing.kid expression","in":"query","name":"filter","type":"string"},{"description":"Traverses users link relationship and optionally embeds Application User resource","in":"query","name":"expand","type":"string"},{"default":false,"in":"query","name":"includeNonDeleted","type":"boolean"}],"pathParams":[],"operationId":"listApplications","description":"Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.","summary":"List Applications","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Application"},"type":"array"}}},"parameters":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters apps by status, user.id, group.id or credentials.signing.kid expression","in":"query","name":"filter","type":"string"},{"description":"Traverses users link relationship and optionally embeds Application User resource","in":"query","name":"expand","type":"string"},{"default":false,"in":"query","name":"includeNonDeleted","type":"boolean"}],"formData":[],"responseModel":"Application","isArray":true},"createApplication":{"path":"/api/v1/apps","method":"post","queryParams":[{"default":true,"description":"Executes activation lifecycle operation when creating the app","in":"query","name":"activate","type":"boolean"}],"pathParams":[],"operationId":"createApplication","description":"Adds a new application to your Okta organization.","summary":"Add Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}},{"default":true,"description":"Executes activation lifecycle operation when creating the app","in":"query","name":"activate","type":"boolean"},{"in":"header","name":"OktaAccessGateway-Agent","type":"string"}],"bodyModel":"Application","formData":[],"responseModel":"Application"},"getDefaultProvisioningConnectionForApplication":{"path":"/api/v1/apps/{appId}/connections/default","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getDefaultProvisioningConnectionForApplication","description":"Get default Provisioning Connection for application","summary":"Fetches the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ProvisioningConnection"},"setDefaultProvisioningConnectionForApplication":{"path":"/api/v1/apps/{appId}/connections/default","method":"post","queryParams":[{"in":"query","name":"activate","type":"boolean"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"setDefaultProvisioningConnectionForApplication","description":"Set default Provisioning Connection for application","summary":"Sets the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"profile","required":true,"schema":{"$ref":"#/definitions/ProvisioningConnectionRequest"}},{"in":"query","name":"activate","type":"boolean"}],"bodyModel":"ProvisioningConnectionRequest","formData":[],"responseModel":"ProvisioningConnection"},"activateDefaultProvisioningConnectionForApplication":{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateDefaultProvisioningConnectionForApplication","description":"Activates the default Provisioning Connection for an application.","summary":"Activate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},"deactivateDefaultProvisioningConnectionForApplication":{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateDefaultProvisioningConnectionForApplication","description":"Deactivates the default Provisioning Connection for an application.","summary":"Deactivate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},"listCsrsForApplication":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true},"generateCsrForApplication":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"},"revokeCsrFromApplication":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]},"getCsrForApplication":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"},"publishCerCert":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},"publishBinaryCerCert":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},"publishDerCert":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},"publishBinaryDerCert":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},"publishBinaryPemCert":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},"listApplicationKeys":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},"generateApplicationKey":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"},"getApplicationKey":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},"cloneApplicationKey":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},"listClientSecretsForApplication":{"path":"/api/v1/apps/{appId}/credentials/secrets","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listClientSecretsForApplication","description":"Enumerates the client's collection of secrets","summary":"List client secrets","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ClientSecret"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret","isArray":true},"createNewClientSecretForApplication":{"path":"/api/v1/apps/{appId}/credentials/secrets","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"createNewClientSecretForApplication","description":"Adds a new secret to the client's collection of secrets.","summary":"Add new client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/ClientSecretMetadata"}}],"bodyModel":"ClientSecretMetadata","formData":[],"responseModel":"ClientSecret"},"deleteClientSecretForApplication":{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"deleteClientSecretForApplication","description":"Removes a secret from the client's collection of secrets.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[]},"getClientSecretForApplication":{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"getClientSecretForApplication","description":"Gets a specific client secret by secretId","summary":"Get client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret"},"activateClientSecretForApplication":{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"activateClientSecretForApplication","description":"Activates a specific client secret by secretId","summary":"Activate a client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret"},"deactivateClientSecretForApplication":{"path":"/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"operationId":"deactivateClientSecretForApplication","description":"Deactivates a specific client secret by secretId","summary":"Deactivate a client secret","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ClientSecret"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"secretId","required":true,"type":"string"}],"formData":[],"responseModel":"ClientSecret"},"listFeaturesForApplication":{"path":"/api/v1/apps/{appId}/features","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listFeaturesForApplication","description":"List Features for application","summary":"Fetches the Feature objects for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationFeature"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature","isArray":true},"getFeatureForApplication":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"},"updateFeatureForApplication":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"},"listScopeConsentGrants":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true},"grantConsentToScope":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"},"revokeScopeConsentGrant":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]},"getScopeConsentGrant":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"},"listApplicationGroupAssignments":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true},"deleteApplicationGroupAssignment":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteApplicationGroupAssignment","description":"Removes a group assignment from an application.","summary":"Remove Group from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},"getApplicationGroupAssignment":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"},"createApplicationGroupAssignment":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"},"activateApplication":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},"deactivateApplication":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},"uploadApplicationLogo":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]},"updateApplicationPolicy":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},"previewSAMLAppMetadata":{"path":"/api/v1/apps/{appId}/sso/saml/metadata","method":"get","queryParams":[{"description":"unique key identifier of an Application Key Credential","in":"query","name":"kid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"previewSAMLAppMetadata","description":"Previews SAML metadata based on a specific key credential for an application","tags":["Application"],"consumes":["application/json"],"produces":["application/xml"],"responses":{"200":{"description":"Success","schema":{"properties":{"EntityDescriptor":{"properties":{"IDPSSODescriptor":{"properties":{"KeyDescriptor":{"properties":{"KeyInfo":{"properties":{"X509Data":{"properties":{"X509Certificate":{"type":"string"}},"type":"object"}},"type":"object"},"use":{"type":"string","xml":{"attribute":true}}},"type":"object"},"NameIDFormat":{"items":{"type":"string"},"type":"array"},"SingleLogoutService":{"items":{"type":"string"},"properties":{"Binding":{"type":"string","xml":{"attribute":true}},"Location":{"type":"string","xml":{"attribute":true}}},"type":"array"},"SingleSignOnService":{"items":{"type":"string"},"properties":{"Binding":{"type":"string","xml":{"attribute":true}},"Location":{"type":"string","xml":{"attribute":true}}},"type":"array"},"WantAuthnRequestsSigned":{"type":"boolean","xml":{"attribute":true}},"protocolSupportEnumeration":{"type":"string","xml":{"attribute":true}}},"type":"object"},"entityID":{"type":"string","xml":{"attribute":true}}},"type":"object"}},"type":"object"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"description":"unique key identifier of an Application Key Credential","in":"query","name":"kid","required":true,"type":"string"}],"formData":[],"returnType":"object"},"revokeOAuth2TokensForApplication":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]},"listOAuth2TokensForApplication":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true},"revokeOAuth2TokenForApplication":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]},"getOAuth2TokenForApplication":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"},"listApplicationUsers":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true},"assignUserToApplication":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"},"deleteApplicationUser":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deleteApplicationUser","description":"Removes an assignment for a user from an application.","summary":"Remove User from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]},"getApplicationUser":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"},"updateApplicationUser":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateApplicationUser","description":"Updates a user's profile for an application","summary":"Update Application Profile for Assigned User","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},"model":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}}}},{"src":"templates/model.go.hbs","dest":"okta/applicationAccessibility.go","context":{"operations":{},"model":{"modelName":"ApplicationAccessibility","properties":[{"propertyName":"errorRedirectUrl","commonType":"string"},{"propertyName":"loginRedirectUrl","commonType":"string"},{"propertyName":"selfService","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationCredentials.go","context":{"operations":{},"model":{"modelName":"ApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"$ref":"#/definitions/ApplicationCredentialsUsernameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"ApplicationCredentialsUsernameTemplate"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationCredentialsOAuthClient.go","context":{"operations":{},"model":{"modelName":"ApplicationCredentialsOAuthClient","properties":[{"propertyName":"autoKeyRotation","commonType":"boolean"},{"propertyName":"client_id","commonType":"string"},{"propertyName":"client_secret","commonType":"string"},{"propertyName":"pkce_required","commonType":"boolean"},{"$ref":"#/definitions/OAuthEndpointAuthenticationMethod","propertyName":"token_endpoint_auth_method","commonType":"enum","isEnum":true,"model":"OAuthEndpointAuthenticationMethod"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationCredentialsScheme.go","context":{"operations":{},"model":{"modelName":"ApplicationCredentialsScheme","enum":["SHARED_USERNAME_AND_PASSWORD","EXTERNAL_PASSWORD_SYNC","EDIT_USERNAME_AND_PASSWORD","EDIT_PASSWORD_ONLY","ADMIN_SETS_CREDENTIALS"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/applicationCredentialsSigning.go","context":{"operations":{},"model":{"modelName":"ApplicationCredentialsSigning","properties":[{"propertyName":"kid","commonType":"string"},{"readOnly":true,"propertyName":"lastRotated","commonType":"dateTime"},{"readOnly":true,"propertyName":"nextRotation","commonType":"dateTime"},{"propertyName":"rotationMode","commonType":"string"},{"$ref":"#/definitions/ApplicationCredentialsSigningUse","propertyName":"use","commonType":"enum","isEnum":true,"model":"ApplicationCredentialsSigningUse"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationCredentialsSigningUse.go","context":{"operations":{},"model":{"modelName":"ApplicationCredentialsSigningUse","enum":["sig"],"tags":["AuthorizationServer"]}}},{"src":"templates/model.go.hbs","dest":"okta/applicationCredentialsUsernameTemplate.go","context":{"operations":{},"model":{"modelName":"ApplicationCredentialsUsernameTemplate","properties":[{"propertyName":"pushStatus","commonType":"string"},{"propertyName":"suffix","commonType":"string"},{"propertyName":"template","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationFeature.go","context":{"operations":{},"model":{"modelName":"ApplicationFeature","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/CapabilitiesObject","propertyName":"capabilities","commonType":"object","isObject":true,"model":"CapabilitiesObject"},{"propertyName":"description","commonType":"string"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[{"alias":"listFeaturesForApplication","operation":{"path":"/api/v1/apps/{appId}/features","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listFeaturesForApplication","description":"List Features for application","summary":"Fetches the Feature objects for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationFeature"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature","isArray":true}}],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationGroupAssignment.go","context":{"operations":{"deleteApplicationGroupAssignment":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteApplicationGroupAssignment","description":"Removes a group assignment from an application.","summary":"Remove Group from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}},"model":{"modelName":"ApplicationGroupAssignment","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[{"alias":"delete","arguments":[{"dest":"appId","parentSrc":"appId"},{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteApplicationGroupAssignment","description":"Removes a group assignment from an application.","summary":"Remove Group from Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationLicensing.go","context":{"operations":{},"model":{"modelName":"ApplicationLicensing","properties":[{"propertyName":"seatCount","commonType":"integer"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationSettings.go","context":{"operations":{},"model":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationSettingsApplication.go","context":{"operations":{},"model":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationSettingsNotes.go","context":{"operations":{},"model":{"modelName":"ApplicationSettingsNotes","properties":[{"propertyName":"admin","commonType":"string"},{"propertyName":"enduser","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationSettingsNotifications.go","context":{"operations":{},"model":{"modelName":"ApplicationSettingsNotifications","properties":[{"$ref":"#/definitions/ApplicationSettingsNotificationsVpn","propertyName":"vpn","commonType":"object","isObject":true,"model":"ApplicationSettingsNotificationsVpn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationSettingsNotificationsVpn.go","context":{"operations":{},"model":{"modelName":"ApplicationSettingsNotificationsVpn","properties":[{"propertyName":"helpUrl","commonType":"string"},{"propertyName":"message","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotificationsVpnNetwork","propertyName":"network","commonType":"object","isObject":true,"model":"ApplicationSettingsNotificationsVpnNetwork"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationSettingsNotificationsVpnNetwork.go","context":{"operations":{},"model":{"modelName":"ApplicationSettingsNotificationsVpnNetwork","properties":[{"propertyName":"connection","commonType":"string"},{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationSignOnMode.go","context":{"operations":{},"model":{"modelName":"ApplicationSignOnMode","enum":["BOOKMARK","BASIC_AUTH","BROWSER_PLUGIN","SECURE_PASSWORD_STORE","AUTO_LOGIN","WS_FEDERATION","SAML_2_0","OPENID_CONNECT","SAML_1_1"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/applicationVisibility.go","context":{"operations":{},"model":{"modelName":"ApplicationVisibility","properties":[{"propertyName":"appLinks","commonType":"hash","isHash":true,"model":"boolean"},{"propertyName":"autoLaunch","commonType":"boolean"},{"propertyName":"autoSubmitToolbar","commonType":"boolean"},{"$ref":"#/definitions/ApplicationVisibilityHide","propertyName":"hide","commonType":"object","isObject":true,"model":"ApplicationVisibilityHide"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/applicationVisibilityHide.go","context":{"operations":{},"model":{"modelName":"ApplicationVisibilityHide","properties":[{"propertyName":"iOS","commonType":"boolean"},{"propertyName":"web","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/assignRoleRequest.go","context":{"operations":{},"model":{"modelName":"AssignRoleRequest","properties":[{"$ref":"#/definitions/RoleType","readOnly":false,"propertyName":"type","commonType":"enum","isEnum":true,"model":"RoleType"}],"methods":[],"crud":[],"tags":["Role"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authenticationProvider.go","context":{"operations":{},"model":{"modelName":"AuthenticationProvider","properties":[{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/AuthenticationProviderType","propertyName":"type","commonType":"enum","isEnum":true,"model":"AuthenticationProviderType"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authenticationProviderType.go","context":{"operations":{},"model":{"modelName":"AuthenticationProviderType","enum":["ACTIVE_DIRECTORY","FEDERATION","LDAP","OKTA","SOCIAL","IMPORT"],"tags":["User"]}}},{"src":"templates/model.go.hbs","dest":"okta/authenticator.go","context":{"operations":{"getAuthenticator":{"path":"/api/v1/authenticators/{authenticatorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"getAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"},"updateAuthenticator":{"path":"/api/v1/authenticators/{authenticatorId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"updateAuthenticator","description":"Updates an authenticator","summary":"Update Authenticator","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"},{"in":"body","name":"authenticator","required":true,"schema":{"$ref":"#/definitions/Authenticator"}}],"bodyModel":"Authenticator","formData":[],"responseModel":"Authenticator"},"listAuthenticators":{"path":"/api/v1/authenticators","method":"get","queryParams":[],"pathParams":[],"operationId":"listAuthenticators","description":"List Authenticators","summary":"Lists all available Authenticators","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Authenticator"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"Authenticator","isArray":true},"createAuthenticator":{"path":"/api/v1/authenticators","method":"post","queryParams":[{"in":"query","name":"activate","type":"boolean"}],"pathParams":[],"operationId":"createAuthenticator","description":"Create Authenticator","summary":"Create an Authenticator","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"query","name":"activate","type":"boolean"},{"in":"body","name":"authenticator","required":true,"schema":{"$ref":"#/definitions/Authenticator"}}],"bodyModel":"Authenticator","formData":[],"responseModel":"Authenticator"},"activateAuthenticator":{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"activateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"},"deactivateAuthenticator":{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"deactivateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"}},"model":{"modelName":"Authenticator","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"key","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/AuthenticatorProvider","propertyName":"provider","commonType":"object","isObject":true,"model":"AuthenticatorProvider"},{"$ref":"#/definitions/AuthenticatorSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"AuthenticatorSettings"},{"$ref":"#/definitions/AuthenticatorStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"AuthenticatorStatus"},{"$ref":"#/definitions/AuthenticatorType","propertyName":"type","commonType":"enum","isEnum":true,"model":"AuthenticatorType"}],"methods":[{"alias":"activate","arguments":[{"dest":"authenticatorId","src":"id"}],"operation":{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"activateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"}},{"alias":"deactivate","arguments":[{"dest":"authenticatorId","src":"id"}],"operation":{"path":"/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"deactivateAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"}}],"crud":[{"alias":"read","arguments":[],"operation":{"path":"/api/v1/authenticators/{authenticatorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"getAuthenticator","description":"Success","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"formData":[],"responseModel":"Authenticator"}},{"alias":"update","arguments":[{"dest":"authenticatorId","src":"id"},{"dest":"authenticator","self":true}],"operation":{"path":"/api/v1/authenticators/{authenticatorId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authenticatorId","required":true,"type":"string"}],"operationId":"updateAuthenticator","description":"Updates an authenticator","summary":"Update Authenticator","tags":["Authenticator"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Authenticator"}}},"parameters":[{"in":"path","name":"authenticatorId","required":true,"type":"string"},{"in":"body","name":"authenticator","required":true,"schema":{"$ref":"#/definitions/Authenticator"}}],"bodyModel":"Authenticator","formData":[],"responseModel":"Authenticator"}}],"tags":["Authenticator"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authenticatorProvider.go","context":{"operations":{},"model":{"modelName":"AuthenticatorProvider","properties":[{"$ref":"#/definitions/AuthenticatorProviderConfiguration","propertyName":"configuration","commonType":"object","isObject":true,"model":"AuthenticatorProviderConfiguration"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authenticatorProviderConfiguration.go","context":{"operations":{},"model":{"modelName":"AuthenticatorProviderConfiguration","properties":[{"propertyName":"authPort","commonType":"integer"},{"propertyName":"host","commonType":"string"},{"propertyName":"hostName","commonType":"string"},{"propertyName":"instanceId","commonType":"string"},{"propertyName":"integrationKey","commonType":"string"},{"propertyName":"secretKey","commonType":"string"},{"propertyName":"sharedSecret","commonType":"string"},{"$ref":"#/definitions/AuthenticatorProviderConfigurationUserNamePlate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"AuthenticatorProviderConfigurationUserNamePlate"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authenticatorProviderConfigurationUserNamePlate.go","context":{"operations":{},"model":{"modelName":"AuthenticatorProviderConfigurationUserNamePlate","properties":[{"propertyName":"template","commonType":"string"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authenticatorSettings.go","context":{"operations":{},"model":{"modelName":"AuthenticatorSettings","properties":[{"$ref":"#/definitions/AllowedForEnum","propertyName":"allowedFor","commonType":"enum","isEnum":true,"model":"AllowedForEnum"},{"propertyName":"appInstanceId","commonType":"string"},{"$ref":"#/definitions/ChannelBinding","propertyName":"channelBinding","commonType":"object","isObject":true,"model":"ChannelBinding"},{"$ref":"#/definitions/Compliance","propertyName":"compliance","commonType":"object","isObject":true,"model":"Compliance"},{"propertyName":"tokenLifetimeInMinutes","commonType":"integer"},{"$ref":"#/definitions/UserVerificationEnum","propertyName":"userVerification","commonType":"enum","isEnum":true,"model":"UserVerificationEnum"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authenticatorStatus.go","context":{"operations":{},"model":{"modelName":"AuthenticatorStatus","enum":["ACTIVE","INACTIVE"],"tags":["Authenticator"]}}},{"src":"templates/model.go.hbs","dest":"okta/authenticatorType.go","context":{"operations":{},"model":{"modelName":"AuthenticatorType","enum":["app","password","security_question","phone","email","security_key","federated"],"tags":["Authenticator"]}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServer.go","context":{"operations":{"createAuthorizationServer":{"path":"/api/v1/authorizationServers","method":"post","queryParams":[],"pathParams":[],"operationId":"createAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}},"201":{"description":"Created"}},"parameters":[{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"},"getAuthorizationServer":{"path":"/api/v1/authorizationServers/{authServerId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"getAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServer"},"updateAuthorizationServer":{"path":"/api/v1/authorizationServers/{authServerId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"updateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"},"deleteAuthorizationServer":{"path":"/api/v1/authorizationServers/{authServerId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]},"listAuthorizationServers":{"path":"/api/v1/authorizationServers","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"limit","type":"string"},{"in":"query","name":"after","type":"string"}],"pathParams":[],"operationId":"listAuthorizationServers","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServer"},"type":"array"}}},"parameters":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"limit","type":"string"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"AuthorizationServer","isArray":true},"listOAuth2Claims":{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Claims","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Claim"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim","isArray":true},"createOAuth2Claim":{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2Claim"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"},"deleteOAuth2Claim":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"deleteOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[]},"getOAuth2Claim":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"getOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim"},"updateOAuth2Claim":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"updateOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"},"listOAuth2ClientsForAuthorizationServer":{"path":"/api/v1/authorizationServers/{authServerId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2ClientsForAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true},"revokeRefreshTokensForAuthorizationServerAndClient":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]},"listRefreshTokensForAuthorizationServerAndClient":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true},"revokeRefreshTokenForAuthorizationServerAndClient":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]},"getRefreshTokenForAuthorizationServerAndClient":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"},"listAuthorizationServerKeys":{"path":"/api/v1/authorizationServers/{authServerId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},"rotateAuthorizationServerKeys":{"path":"/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"rotateAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"use","required":true,"schema":{"$ref":"#/definitions/JwkUse"}}],"bodyModel":"JwkUse","formData":[],"responseModel":"JsonWebKey","isArray":true},"activateAuthorizationServer":{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"activateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]},"deactivateAuthorizationServer":{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]},"listAuthorizationServerPolicies":{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicies","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicy"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy","isArray":true},"createAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}},"201":{"description":"Created"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"},"deleteAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},"getAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy"},"updateAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"},"activateAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicy","description":"Activate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},"deactivateAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicy","description":"Deactivate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},"listAuthorizationServerPolicyRules":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicyRules","description":"Enumerates all policy rules for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule","isArray":true},"createAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicyRule","description":"Creates a policy rule for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"},"deleteAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicyRule","description":"Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},"getAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicyRule","description":"Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule"},"updateAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicyRule","description":"Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"},"activateAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicyRule","description":"Activate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},"deactivateAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicyRule","description":"Deactivate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},"listOAuth2Scopes":{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Scopes","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Scope"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Scope","isArray":true},"createOAuth2Scope":{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"},"deleteOAuth2Scope":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"deleteOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[]},"getOAuth2Scope":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"getOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Scope"},"updateOAuth2Scope":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"updateOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"}},"model":{"modelName":"AuthorizationServer","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"audiences","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/AuthorizationServerCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"AuthorizationServerCredentials"},{"readOnly":true,"propertyName":"default","commonType":"boolean"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"enum":["ORG_URL","CUSTOM_URL","DYNAMIC"],"propertyName":"issuerMode","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"}],"methods":[{"alias":"listOAuth2Claims","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Claims","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Claim"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim","isArray":true}},{"alias":"createOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2Claim"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"}},{"alias":"deleteOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"deleteOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"getOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Claim"}},{"alias":"updateOAuth2Claim","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/claims/{claimId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"}],"operationId":"updateOAuth2Claim","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Claim"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"claimId","required":true,"type":"string"},{"in":"body","name":"oAuth2Claim","required":true,"schema":{"$ref":"#/definitions/OAuth2Claim"}}],"bodyModel":"OAuth2Claim","formData":[],"responseModel":"OAuth2Claim"}},{"alias":"listOAuth2Clients","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2ClientsForAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true}},{"alias":"revokeRefreshTokensForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]}},{"alias":"listRefreshTokensForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true}},{"alias":"getRefreshTokenForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"}},{"alias":"revokeRefreshTokenForClient","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeRefreshTokenForAuthorizationServerAndClient","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"listKeys","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"rotateKeys","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"rotateAuthorizationServerKeys","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"use","required":true,"schema":{"$ref":"#/definitions/JwkUse"}}],"bodyModel":"JwkUse","formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"activate","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"activateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicies","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicies","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicy"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy","isArray":true}},{"alias":"createPolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}},"201":{"description":"Created"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"deletePolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"getPolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"updatePolicy","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"listOAuth2Scopes","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"listOAuth2Scopes","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Scope"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"cursor","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Scope","isArray":true}},{"alias":"createOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"createOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}},"201":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"}},{"alias":"deleteOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"deleteOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"getOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Scope"}},{"alias":"updateOAuth2Scope","arguments":[{"dest":"authServerId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"}],"operationId":"updateOAuth2Scope","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Scope"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"scopeId","required":true,"type":"string"},{"in":"body","name":"oAuth2Scope","required":true,"schema":{"$ref":"#/definitions/OAuth2Scope"}}],"bodyModel":"OAuth2Scope","formData":[],"responseModel":"OAuth2Scope"}}],"crud":[{"alias":"create","arguments":[{"dest":"authorizationServer","self":true}],"operation":{"path":"/api/v1/authorizationServers","method":"post","queryParams":[],"pathParams":[],"operationId":"createAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}},"201":{"description":"Created"}},"parameters":[{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/authorizationServers/{authServerId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"getAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServer"}},{"alias":"update","arguments":[{"dest":"authServerId","src":"id"},{"dest":"authorizationServer","self":true}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"updateAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServer"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"body","name":"authorizationServer","required":true,"schema":{"$ref":"#/definitions/AuthorizationServer"}}],"bodyModel":"AuthorizationServer","formData":[],"responseModel":"AuthorizationServer"}},{"alias":"delete","arguments":[{"dest":"authServerId","src":"id"},{"dest":"authorizationServer","self":true}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServer","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"}],"formData":[]}}],"tags":["AuthorizationServer"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerCredentials.go","context":{"operations":{},"model":{"modelName":"AuthorizationServerCredentials","properties":[{"$ref":"#/definitions/AuthorizationServerCredentialsSigningConfig","propertyName":"signing","commonType":"object","isObject":true,"model":"AuthorizationServerCredentialsSigningConfig"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerCredentialsRotationMode.go","context":{"operations":{},"model":{"modelName":"AuthorizationServerCredentialsRotationMode","enum":["AUTO","MANUAL"],"tags":["AuthorizationServer"]}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerCredentialsSigningConfig.go","context":{"operations":{},"model":{"modelName":"AuthorizationServerCredentialsSigningConfig","properties":[{"propertyName":"kid","commonType":"string"},{"readOnly":true,"propertyName":"lastRotated","commonType":"dateTime"},{"readOnly":true,"propertyName":"nextRotation","commonType":"dateTime"},{"$ref":"#/definitions/AuthorizationServerCredentialsRotationMode","propertyName":"rotationMode","commonType":"enum","isEnum":true,"model":"AuthorizationServerCredentialsRotationMode"},{"$ref":"#/definitions/AuthorizationServerCredentialsUse","propertyName":"use","commonType":"enum","isEnum":true,"model":"AuthorizationServerCredentialsUse"}],"methods":[],"crud":[],"tags":["AuthorizationServer"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerCredentialsUse.go","context":{"operations":{},"model":{"modelName":"AuthorizationServerCredentialsUse","enum":["sig"],"tags":["AuthorizationServer"]}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerPolicy.go","context":{"operations":{"getAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy"},"updateAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"},"deleteAuthorizationServerPolicy":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},"model":{"modelName":"AuthorizationServerPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listAuthorizationServerPolicyRules","description":"Enumerates all policy rules for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AuthorizationServerPolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule","isArray":true}},{"alias":"createPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createAuthorizationServerPolicyRule","description":"Creates a policy rule for the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicyRule","description":"Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicyRule"}},{"alias":"deletePolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicyRule","description":"Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicy","description":"Activate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicy","description":"Deactivate Authorization Server Policy","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicy"}}],"bodyModel":"AuthorizationServerPolicy","formData":[],"responseModel":"AuthorizationServerPolicy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicy","description":"Success","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["AuthorizationServer"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerPolicyRule.go","context":{"operations":{"updateAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicyRule","description":"Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"},"deleteAuthorizationServerPolicyRule":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicyRule","description":"Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},"model":{"modelName":"AuthorizationServerPolicyRule","properties":[{"$ref":"#/definitions/AuthorizationServerPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"AuthorizationServerPolicyRuleActions"},{"$ref":"#/definitions/AuthorizationServerPolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"AuthorizationServerPolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["RESOURCE_ACCESS"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateAuthorizationServerPolicyRule","description":"Activate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateAuthorizationServerPolicyRule","description":"Deactivate Authorization Server Policy Rule","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateAuthorizationServerPolicyRule","description":"Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/AuthorizationServerPolicyRule"}}],"bodyModel":"AuthorizationServerPolicyRule","formData":[],"responseModel":"AuthorizationServerPolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteAuthorizationServerPolicyRule","description":"Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.","tags":["AuthorizationServer"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"authServerId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["AuthorizationServerPolicy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerPolicyRuleActions.go","context":{"operations":{},"model":{"modelName":"AuthorizationServerPolicyRuleActions","properties":[{"$ref":"#/definitions/TokenAuthorizationServerPolicyRuleAction","propertyName":"token","commonType":"object","isObject":true,"model":"TokenAuthorizationServerPolicyRuleAction"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/authorizationServerPolicyRuleConditions.go","context":{"operations":{},"model":{"modelName":"AuthorizationServerPolicyRuleConditions","properties":[{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/autoLoginApplication.go","context":{"operations":{},"model":{"modelName":"AutoLoginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"$ref":"#/definitions/AutoLoginApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"AutoLoginApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"AUTO_LOGIN"}}}},{"src":"templates/model.go.hbs","dest":"okta/autoLoginApplicationSettings.go","context":{"operations":{},"model":{"modelName":"AutoLoginApplicationSettings","properties":[{"$ref":"#/definitions/AutoLoginApplicationSettingsSignOn","propertyName":"signOn","commonType":"object","isObject":true,"model":"AutoLoginApplicationSettingsSignOn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/autoLoginApplicationSettingsSignOn.go","context":{"operations":{},"model":{"modelName":"AutoLoginApplicationSettingsSignOn","properties":[{"propertyName":"loginUrl","commonType":"string"},{"propertyName":"redirectUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/basicApplicationSettings.go","context":{"operations":{},"model":{"modelName":"BasicApplicationSettings","properties":[{"$ref":"#/definitions/BasicApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"BasicApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/basicApplicationSettingsApplication.go","context":{"operations":{},"model":{"modelName":"BasicApplicationSettingsApplication","properties":[{"propertyName":"authURL","commonType":"string"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/basicAuthApplication.go","context":{"operations":{},"model":{"modelName":"BasicAuthApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"default":"template_basic_auth","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/BasicApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"BasicApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BASIC_AUTH"}}}},{"src":"templates/model.go.hbs","dest":"okta/beforeScheduledActionPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"BeforeScheduledActionPolicyRuleCondition","properties":[{"$ref":"#/definitions/Duration","propertyName":"duration","commonType":"object","isObject":true,"model":"Duration"},{"$ref":"#/definitions/ScheduledUserLifecycleAction","propertyName":"lifecycleAction","commonType":"object","isObject":true,"model":"ScheduledUserLifecycleAction"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/bookmarkApplication.go","context":{"operations":{},"model":{"modelName":"BookmarkApplication","properties":[{"default":"bookmark","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/BookmarkApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"BookmarkApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BOOKMARK"}}}},{"src":"templates/model.go.hbs","dest":"okta/bookmarkApplicationSettings.go","context":{"operations":{},"model":{"modelName":"BookmarkApplicationSettings","properties":[{"$ref":"#/definitions/BookmarkApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"BookmarkApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/bookmarkApplicationSettingsApplication.go","context":{"operations":{},"model":{"modelName":"BookmarkApplicationSettingsApplication","properties":[{"propertyName":"requestIntegration","commonType":"boolean"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/brand.go","context":{"operations":{"getBrand":{"path":"/api/v1/brands/{brandId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"getBrand","description":"Fetches a brand by `brandId`","summary":"Get Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"}],"formData":[],"responseModel":"Brand"},"updateBrand":{"path":"/api/v1/brands/{brandId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"updateBrand","description":"Updates a brand by `brandId`","summary":"Update Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"400":{"description":"Bad Request"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"body","name":"brand","required":true,"schema":{"$ref":"#/definitions/Brand"}}],"bodyModel":"Brand","formData":[],"responseModel":"Brand"},"listBrands":{"path":"/api/v1/brands","method":"get","queryParams":[],"pathParams":[],"operationId":"listBrands","description":"List all the brands in your org.","summary":"List Brands","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Brand"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"Brand","isArray":true},"listEmailTemplates":{"path":"/api/v1/brands/{brandId}/templates/email","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of email templates.","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of results returned (maximum 200)","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"listEmailTemplates","description":"List email templates in your organization with pagination.","summary":"List Email Templates","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EmailTemplate"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of email templates.","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of results returned (maximum 200)","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"EmailTemplate","isArray":true},"getEmailTemplate":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplate","description":"Fetch an email template by templateName","summary":"Get Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplate"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplate"},"deleteEmailTemplateCustomizations":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomizations","description":"Delete all customizations for an email template. Also known as “Reset to Default”.","summary":"Delete Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[]},"listEmailTemplateCustomizations":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"listEmailTemplateCustomizations","description":"List all email customizations for an email template","summary":"List Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EmailTemplateCustomization"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization","isArray":true},"createEmailTemplateCustomization":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"createEmailTemplateCustomization","description":"Create an email customization","summary":"Create Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"},"deleteEmailTemplateCustomization":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomization","description":"Delete an email customization","summary":"Delete Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[]},"getEmailTemplateCustomization":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomization","description":"Fetch an email customization by id.","summary":"Get Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization"},"updateEmailTemplateCustomization":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"updateEmailTemplateCustomization","description":"Update an email customization","summary":"Update Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"},"getEmailTemplateCustomizationPreview":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomizationPreview","description":"Get a preview of an email template customization.","summary":"Get Preview Content of Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"},"getEmailTemplateDefaultContent":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContent","description":"Fetch the default content for an email template.","summary":"Get Default Content of Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"},"getEmailTemplateDefaultContentPreview":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContentPreview","description":"Fetch a preview of an email template's default content by populating velocity references with the current user's environment.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"},"sendTestEmail":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/test","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"sendTestEmail","description":"Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateTestRequest"}}],"bodyModel":"EmailTemplateTestRequest","formData":[]},"listBrandThemes":{"path":"/api/v1/brands/{brandId}/themes","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"listBrandThemes","description":"List all the themes in your brand","summary":"Get Brand Themes","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ThemeResponse"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"}],"formData":[],"responseModel":"ThemeResponse","isArray":true},"getBrandTheme":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"getBrandTheme","description":"Fetches a theme for a brand","summary":"Get a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[],"responseModel":"ThemeResponse"},"updateBrandTheme":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"updateBrandTheme","description":"Updates a theme for a brand","summary":"Update a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"body","name":"theme","required":true,"schema":{"$ref":"#/definitions/Theme"}}],"bodyModel":"Theme","formData":[],"responseModel":"ThemeResponse"},"deleteBrandThemeBackgroundImage":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeBackgroundImage","description":"Deletes a Theme background image","summary":"Deletes a Theme background image","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]},"uploadBrandThemeBackgroundImage":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeBackgroundImage","description":"Updates the background image for your Theme","summary":"Updates the background image for your Theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"},"deleteBrandThemeFavicon":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeFavicon","description":"Deletes a Theme favicon. The org then uses the Okta default favicon.","summary":"Deletes a Theme favicon. The org then uses the Okta default favicon.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]},"uploadBrandThemeFavicon":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeFavicon","description":"Updates the favicon for your theme","summary":"Updates the favicon for your theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"},"deleteBrandThemeLogo":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeLogo","description":"Deletes a Theme logo. The org then uses the Okta default logo.","summary":"Deletes a Theme logo. The org then uses the Okta default logo.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]},"uploadBrandThemeLogo":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeLogo","description":"Updates the logo for your Theme","summary":"Update a themes logo","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"}},"model":{"modelName":"Brand","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"agreeToCustomPrivacyPolicy","commonType":"boolean"},{"propertyName":"customPrivacyPolicyUrl","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"removePoweredByOkta","commonType":"boolean"}],"methods":[],"crud":[{"alias":"read","arguments":[{"dest":"brandId","src":"id"}],"operation":{"path":"/api/v1/brands/{brandId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"getBrand","description":"Fetches a brand by `brandId`","summary":"Get Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"}],"formData":[],"responseModel":"Brand"}},{"alias":"update","arguments":[{"dest":"brandId","src":"id"},{"dest":"brand","self":true}],"operation":{"path":"/api/v1/brands/{brandId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"}],"operationId":"updateBrand","description":"Updates a brand by `brandId`","summary":"Update Brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Brand"}},"400":{"description":"Bad Request"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"body","name":"brand","required":true,"schema":{"$ref":"#/definitions/Brand"}}],"bodyModel":"Brand","formData":[],"responseModel":"Brand"}}],"tags":["Brand"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/browserPluginApplication.go","context":{"operations":{},"model":{"modelName":"BrowserPluginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"template_swa":"SwaApplication","template_swa3field":"SwaThreeFieldApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}}}},{"src":"templates/model.go.hbs","dest":"okta/callUserFactor.go","context":{"operations":{},"model":{"modelName":"CallUserFactor","properties":[{"$ref":"#/definitions/CallUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"CallUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"call"}}}},{"src":"templates/model.go.hbs","dest":"okta/callUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"CallUserFactorProfile","properties":[{"propertyName":"phoneExtension","commonType":"string"},{"propertyName":"phoneNumber","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/capabilitiesCreateObject.go","context":{"operations":{},"model":{"modelName":"CapabilitiesCreateObject","properties":[{"$ref":"#/definitions/LifecycleCreateSettingObject","propertyName":"lifecycleCreate","commonType":"object","isObject":true,"model":"LifecycleCreateSettingObject"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/capabilitiesObject.go","context":{"operations":{},"model":{"modelName":"CapabilitiesObject","properties":[{"$ref":"#/definitions/CapabilitiesCreateObject","propertyName":"create","commonType":"object","isObject":true,"model":"CapabilitiesCreateObject"},{"$ref":"#/definitions/CapabilitiesUpdateObject","propertyName":"update","commonType":"object","isObject":true,"model":"CapabilitiesUpdateObject"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/capabilitiesUpdateObject.go","context":{"operations":{},"model":{"modelName":"CapabilitiesUpdateObject","properties":[{"$ref":"#/definitions/LifecycleDeactivateSettingObject","propertyName":"lifecycleDeactivate","commonType":"object","isObject":true,"model":"LifecycleDeactivateSettingObject"},{"$ref":"#/definitions/PasswordSettingObject","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordSettingObject"},{"$ref":"#/definitions/ProfileSettingObject","propertyName":"profile","commonType":"object","isObject":true,"model":"ProfileSettingObject"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/catalogApplication.go","context":{"operations":{},"model":{"modelName":"CatalogApplication","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"category","commonType":"string"},{"propertyName":"description","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"signOnModes","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/CatalogApplicationStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"CatalogApplicationStatus"},{"propertyName":"verificationStatus","commonType":"string"},{"propertyName":"website","commonType":"string"}],"methods":[],"crud":[],"tags":["Role"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/catalogApplicationStatus.go","context":{"operations":{},"model":{"modelName":"CatalogApplicationStatus","enum":["ACTIVE","INACTIVE"],"tags":["Role"]}}},{"src":"templates/model.go.hbs","dest":"okta/changeEnum.go","context":{"operations":{},"model":{"modelName":"ChangeEnum","enum":["KEEP_EXISTING","CHANGE"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/changePasswordRequest.go","context":{"operations":{},"model":{"modelName":"ChangePasswordRequest","properties":[{"$ref":"#/definitions/PasswordCredential","propertyName":"newPassword","commonType":"object","isObject":true,"model":"PasswordCredential"},{"$ref":"#/definitions/PasswordCredential","propertyName":"oldPassword","commonType":"object","isObject":true,"model":"PasswordCredential"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/channelBinding.go","context":{"operations":{},"model":{"modelName":"ChannelBinding","properties":[{"$ref":"#/definitions/RequiredEnum","propertyName":"required","commonType":"enum","isEnum":true,"model":"RequiredEnum"},{"propertyName":"style","commonType":"string"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/clientPolicyCondition.go","context":{"operations":{},"model":{"modelName":"ClientPolicyCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/clientSecret.go","context":{"operations":{},"model":{"modelName":"ClientSecret","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"client_secret","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"secret_hash","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/clientSecretMetadata.go","context":{"operations":{},"model":{"modelName":"ClientSecretMetadata","properties":[{"propertyName":"client_secret","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/compliance.go","context":{"operations":{},"model":{"modelName":"Compliance","properties":[{"$ref":"#/definitions/FipsEnum","propertyName":"fips","commonType":"enum","isEnum":true,"model":"FipsEnum"}],"methods":[],"crud":[],"tags":["Authenticator"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/contextPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"ContextPolicyRuleCondition","properties":[{"propertyName":"expression","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/createSessionRequest.go","context":{"operations":{},"model":{"modelName":"CreateSessionRequest","properties":[{"propertyName":"sessionToken","commonType":"string"}],"methods":[],"crud":[],"tags":["Session"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/createUserRequest.go","context":{"operations":{},"model":{"modelName":"CreateUserRequest","properties":[{"$ref":"#/definitions/UserCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"UserCredentials"},{"propertyName":"groupIds","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/UserProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"UserProfile"},{"$ref":"#/definitions/UserType","propertyName":"type","commonType":"object","isObject":true,"model":"UserType"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/csr.go","context":{"operations":{},"model":{"modelName":"Csr","properties":[{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"csr","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"kty","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/csrMetadata.go","context":{"operations":{},"model":{"modelName":"CsrMetadata","properties":[{"$ref":"#/definitions/CsrMetadataSubject","propertyName":"subject","commonType":"object","isObject":true,"model":"CsrMetadataSubject"},{"$ref":"#/definitions/CsrMetadataSubjectAltNames","propertyName":"subjectAltNames","commonType":"object","isObject":true,"model":"CsrMetadataSubjectAltNames"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/csrMetadataSubject.go","context":{"operations":{},"model":{"modelName":"CsrMetadataSubject","properties":[{"propertyName":"commonName","commonType":"string"},{"propertyName":"countryName","commonType":"string"},{"propertyName":"localityName","commonType":"string"},{"propertyName":"organizationName","commonType":"string"},{"propertyName":"organizationalUnitName","commonType":"string"},{"propertyName":"stateOrProvinceName","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/csrMetadataSubjectAltNames.go","context":{"operations":{},"model":{"modelName":"CsrMetadataSubjectAltNames","properties":[{"propertyName":"dnsNames","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/customHotpUserFactor.go","context":{"operations":{},"model":{"modelName":"CustomHotpUserFactor","properties":[{"propertyName":"factorProfileId","commonType":"string"},{"$ref":"#/definitions/CustomHotpUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"CustomHotpUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token:hotp"}}}},{"src":"templates/model.go.hbs","dest":"okta/customHotpUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"CustomHotpUserFactorProfile","properties":[{"propertyName":"sharedSecret","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/dnsRecord.go","context":{"operations":{},"model":{"modelName":"DNSRecord","properties":[{"propertyName":"expiration","commonType":"string"},{"propertyName":"fqdn","commonType":"string"},{"$ref":"#/definitions/DNSRecordType","propertyName":"recordType","commonType":"enum","isEnum":true,"model":"DNSRecordType"},{"propertyName":"values","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/dnsRecordType.go","context":{"operations":{},"model":{"modelName":"DNSRecordType","enum":["TXT","CNAME"],"tags":["Domain"]}}},{"src":"templates/model.go.hbs","dest":"okta/deviceAccessPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"DeviceAccessPolicyRuleCondition","properties":[{"propertyName":"managed","commonType":"boolean"},{"propertyName":"registered","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"DevicePolicyRuleCondition","parent":{"modelName":"DevicePolicyRuleCondition","properties":[{"propertyName":"migrated","commonType":"boolean"},{"$ref":"#/definitions/DevicePolicyRuleConditionPlatform","propertyName":"platform","commonType":"object","isObject":true,"model":"DevicePolicyRuleConditionPlatform"},{"propertyName":"rooted","commonType":"boolean"},{"enum":["ANY","TRUSTED"],"propertyName":"trustLevel","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/devicePolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"DevicePolicyRuleCondition","properties":[{"propertyName":"migrated","commonType":"boolean"},{"$ref":"#/definitions/DevicePolicyRuleConditionPlatform","propertyName":"platform","commonType":"object","isObject":true,"model":"DevicePolicyRuleConditionPlatform"},{"propertyName":"rooted","commonType":"boolean"},{"enum":["ANY","TRUSTED"],"propertyName":"trustLevel","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/devicePolicyRuleConditionPlatform.go","context":{"operations":{},"model":{"modelName":"DevicePolicyRuleConditionPlatform","properties":[{"propertyName":"supportedMDMFrameworks","commonType":"array","isArray":true,"model":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/domain.go","context":{"operations":{"listDomains":{"path":"/api/v1/domains","method":"get","queryParams":[],"pathParams":[],"operationId":"listDomains","description":"List all verified custom Domains for the org.","summary":"List Domains","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/DomainListResponse"}}},"parameters":[],"formData":[],"responseModel":"DomainListResponse"},"createDomain":{"path":"/api/v1/domains","method":"post","queryParams":[],"pathParams":[],"operationId":"createDomain","description":"Creates your domain.","summary":"Create Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Domain"}}},"parameters":[{"in":"body","name":"domain","required":true,"schema":{"$ref":"#/definitions/Domain"}}],"bodyModel":"Domain","formData":[],"responseModel":"Domain"},"deleteDomain":{"path":"/api/v1/domains/{domainId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"deleteDomain","description":"Deletes a Domain by `id`.","summary":"Delete Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"}],"formData":[]},"getDomain":{"path":"/api/v1/domains/{domainId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"getDomain","description":"Fetches a Domain by `id`.","summary":"Get Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Domain"}}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"}],"formData":[],"responseModel":"Domain"},"createCertificate":{"path":"/api/v1/domains/{domainId}/certificate","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"createCertificate","description":"Creates the Certificate for the Domain.","summary":"Create Certificate","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"},{"in":"body","name":"certificate","required":true,"schema":{"$ref":"#/definitions/DomainCertificate"}}],"bodyModel":"DomainCertificate","formData":[]},"verifyDomain":{"path":"/api/v1/domains/{domainId}/verify","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"verifyDomain","description":"Verifies the Domain by `id`.","summary":"Verify Domain","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Domain"}}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"}],"formData":[],"responseModel":"Domain"}},"model":{"modelName":"Domain","properties":[{"$ref":"#/definitions/DomainCertificateSourceType","propertyName":"certificateSourceType","commonType":"enum","isEnum":true,"model":"DomainCertificateSourceType"},{"propertyName":"dnsRecords","commonType":"array","isArray":true,"model":"DNSRecord"},{"propertyName":"domain","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/DomainCertificateMetadata","propertyName":"publicCertificate","commonType":"object","isObject":true,"model":"DomainCertificateMetadata"},{"$ref":"#/definitions/DomainValidationStatus","propertyName":"validationStatus","commonType":"enum","isEnum":true,"model":"DomainValidationStatus"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/domainCertificate.go","context":{"operations":{},"model":{"modelName":"DomainCertificate","properties":[{"propertyName":"certificate","commonType":"string"},{"propertyName":"certificateChain","commonType":"string"},{"propertyName":"privateKey","commonType":"string"},{"$ref":"#/definitions/DomainCertificateType","propertyName":"type","commonType":"enum","isEnum":true,"model":"DomainCertificateType"}],"methods":[{"alias":"createCertificate","arguments":[{"dest":"certificate","self":true}],"operation":{"path":"/api/v1/domains/{domainId}/certificate","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"domainId","required":true,"type":"string"}],"operationId":"createCertificate","description":"Creates the Certificate for the Domain.","summary":"Create Certificate","tags":["Domain"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"domainId","required":true,"type":"string"},{"in":"body","name":"certificate","required":true,"schema":{"$ref":"#/definitions/DomainCertificate"}}],"bodyModel":"DomainCertificate","formData":[]}}],"crud":[],"tags":["Domain"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/domainCertificateMetadata.go","context":{"operations":{},"model":{"modelName":"DomainCertificateMetadata","properties":[{"propertyName":"expiration","commonType":"string"},{"propertyName":"fingerprint","commonType":"string"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/domainCertificateSourceType.go","context":{"operations":{},"model":{"modelName":"DomainCertificateSourceType","enum":["MANUAL","OKTA_MANAGED"],"tags":["Domain"]}}},{"src":"templates/model.go.hbs","dest":"okta/domainCertificateType.go","context":{"operations":{},"model":{"modelName":"DomainCertificateType","enum":["PEM"],"tags":["Domain"]}}},{"src":"templates/model.go.hbs","dest":"okta/domainListResponse.go","context":{"operations":{},"model":{"modelName":"DomainListResponse","properties":[{"propertyName":"domains","commonType":"array","isArray":true,"model":"Domain"}],"methods":[],"crud":[],"tags":["Domain"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/domainValidationStatus.go","context":{"operations":{},"model":{"modelName":"DomainValidationStatus","enum":["NOT_STARTED","IN_PROGRESS","VERIFIED","FAILED_TO_VERIFY","DOMAIN_TAKEN","COMPLETED"],"tags":["Domain"]}}},{"src":"templates/model.go.hbs","dest":"okta/duration.go","context":{"operations":{},"model":{"modelName":"Duration","properties":[{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/emailTemplate.go","context":{"operations":{"getEmailTemplate":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplate","description":"Fetch an email template by templateName","summary":"Get Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplate"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplate"}},"model":{"modelName":"EmailTemplate","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"name","commonType":"string"}],"methods":[{"alias":"getEmailTemplate","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplate","description":"Fetch an email template by templateName","summary":"Get Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplate"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplate"}},{"alias":"deleteEmailTemplateCustomizations","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomizations","description":"Delete all customizations for an email template. Also known as “Reset to Default”.","summary":"Delete Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[]}},{"alias":"listEmailTemplateCustomizations","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"listEmailTemplateCustomizations","description":"List all email customizations for an email template","summary":"List Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EmailTemplateCustomization"},"type":"array"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization","isArray":true}},{"alias":"createEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"createEmailTemplateCustomization","description":"Create an email customization","summary":"Create Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"}},{"alias":"deleteEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"deleteEmailTemplateCustomization","description":"Delete an email customization","summary":"Delete Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[]}},{"alias":"getEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomization","description":"Fetch an email customization by id.","summary":"Get Email Template Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateCustomization"}},{"alias":"updateEmailTemplateCustomization","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"updateEmailTemplateCustomization","description":"Update an email customization","summary":"Update Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateCustomization"}},"409":{"description":"Conflict"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateCustomizationRequest"}}],"bodyModel":"EmailTemplateCustomizationRequest","formData":[],"responseModel":"EmailTemplateCustomization"}},{"alias":"getEmailTemplateCustomizationPreview","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"operationId":"getEmailTemplateCustomizationPreview","description":"Get a preview of an email template customization.","summary":"Get Preview Content of Email Customization","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"path","name":"customizationId","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"}},{"alias":"getEmailTemplateDefaultContent","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContent","description":"Fetch the default content for an email template.","summary":"Get Default Content of Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"}},{"alias":"getEmailTemplateDefaultContentPreview","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplateDefaultContentPreview","description":"Fetch a preview of an email template's default content by populating velocity references with the current user's environment.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplateContent"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplateContent"}},{"alias":"sendTestEmail","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}/test","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"sendTestEmail","description":"Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.","summary":"Get Preview of Email Template Default Content","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"},{"in":"body","name":"customization","required":true,"schema":{"$ref":"#/definitions/EmailTemplateTestRequest"}}],"bodyModel":"EmailTemplateTestRequest","formData":[]}}],"crud":[{"alias":"read","operation":{"path":"/api/v1/brands/{brandId}/templates/email/{templateName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"operationId":"getEmailTemplate","description":"Fetch an email template by templateName","summary":"Get Email Template","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EmailTemplate"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"templateName","required":true,"type":"string"}],"formData":[],"responseModel":"EmailTemplate"}}],"tags":["Brands"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/emailTemplateContent.go","context":{"operations":{},"model":{"modelName":"EmailTemplateContent","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"body","commonType":"string"},{"propertyName":"fromAddress","commonType":"string"},{"propertyName":"fromName","commonType":"string"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/emailTemplateCustomization.go","context":{"operations":{},"model":{"modelName":"EmailTemplateCustomization","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"body","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"isDefault","commonType":"boolean"},{"description":"unique under each email template","propertyName":"language","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/emailTemplateCustomizationRequest.go","context":{"operations":{},"model":{"modelName":"EmailTemplateCustomizationRequest","properties":[{"propertyName":"body","commonType":"string"},{"propertyName":"isDefault","commonType":"boolean"},{"description":"unique under each email template","propertyName":"language","commonType":"string"},{"propertyName":"subject","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/emailTemplateTestRequest.go","context":{"operations":{},"model":{"modelName":"EmailTemplateTestRequest","properties":[{"propertyName":"customizationId","commonType":"string"}],"methods":[],"crud":[],"tags":["Brands"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/emailTemplateTouchPointVariant.go","context":{"operations":{},"model":{"modelName":"EmailTemplateTouchPointVariant","enum":["OKTA_DEFAULT","FULL_THEME"],"tags":["Brand"]}}},{"src":"templates/model.go.hbs","dest":"okta/emailUserFactor.go","context":{"operations":{},"model":{"modelName":"EmailUserFactor","properties":[{"$ref":"#/definitions/EmailUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"EmailUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"email"}}}},{"src":"templates/model.go.hbs","dest":"okta/emailUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"EmailUserFactorProfile","properties":[{"propertyName":"email","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/enabledStatus.go","context":{"operations":{},"model":{"modelName":"EnabledStatus","enum":["ENABLED","DISABLED"],"tags":["Common"]}}},{"src":"templates/model.go.hbs","dest":"okta/endUserDashboardTouchPointVariant.go","context":{"operations":{},"model":{"modelName":"EndUserDashboardTouchPointVariant","enum":["OKTA_DEFAULT","WHITE_LOGO_BACKGROUND","FULL_THEME","LOGO_ON_FULL_WHITE_BACKGROUND"],"tags":["Brand"]}}},{"src":"templates/model.go.hbs","dest":"okta/errorPageTouchPointVariant.go","context":{"operations":{},"model":{"modelName":"ErrorPageTouchPointVariant","enum":["OKTA_DEFAULT","BACKGROUND_SECONDARY_COLOR","BACKGROUND_IMAGE"],"tags":["Brand"]}}},{"src":"templates/model.go.hbs","dest":"okta/eventHook.go","context":{"operations":{"createEventHook":{"path":"/api/v1/eventHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"},"getEventHook":{"path":"/api/v1/eventHooks/{eventHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"getEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"},"updateEventHook":{"path":"/api/v1/eventHooks/{eventHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"updateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"},{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"},"deleteEventHook":{"path":"/api/v1/eventHooks/{eventHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deleteEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[]},"listEventHooks":{"path":"/api/v1/eventHooks","method":"get","queryParams":[],"pathParams":[],"operationId":"listEventHooks","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/EventHook"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"EventHook","isArray":true},"activateEventHook":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"activateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"},"deactivateEventHook":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deactivateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"},"verifyEventHook":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/verify","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"verifyEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}},"model":{"modelName":"EventHook","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/EventHookChannel","propertyName":"channel","commonType":"object","isObject":true,"model":"EventHookChannel"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"createdBy","commonType":"string"},{"$ref":"#/definitions/EventSubscriptions","propertyName":"events","commonType":"object","isObject":true,"model":"EventSubscriptions"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"enum":["UNVERIFIED","VERIFIED"],"propertyName":"verificationStatus","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"activateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}},{"alias":"deactivate","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deactivateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}},{"alias":"verify","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}/lifecycle/verify","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"verifyEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}}],"crud":[{"alias":"create","arguments":[{"dest":"eventHook","self":true}],"operation":{"path":"/api/v1/eventHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/eventHooks/{eventHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"getEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[],"responseModel":"EventHook"}},{"alias":"update","arguments":[{"dest":"eventHookId","src":"id"},{"dest":"eventHook","self":true}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"updateEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EventHook"}}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"},{"in":"body","name":"eventHook","required":true,"schema":{"$ref":"#/definitions/EventHook"}}],"bodyModel":"EventHook","formData":[],"responseModel":"EventHook"}},{"alias":"delete","arguments":[{"dest":"eventHookId","src":"id"}],"operation":{"path":"/api/v1/eventHooks/{eventHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"operationId":"deleteEventHook","description":"Success","tags":["EventHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"eventHookId","required":true,"type":"string"}],"formData":[]}}],"tags":["EventHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/eventHookChannel.go","context":{"operations":{},"model":{"modelName":"EventHookChannel","properties":[{"$ref":"#/definitions/EventHookChannelConfig","readOnly":false,"propertyName":"config","commonType":"object","isObject":true,"model":"EventHookChannelConfig"},{"enum":["HTTP"],"readOnly":false,"propertyName":"type","commonType":"string"},{"readOnly":false,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/eventHookChannelConfig.go","context":{"operations":{},"model":{"modelName":"EventHookChannelConfig","properties":[{"$ref":"#/definitions/EventHookChannelConfigAuthScheme","propertyName":"authScheme","commonType":"object","isObject":true,"model":"EventHookChannelConfigAuthScheme"},{"propertyName":"headers","commonType":"array","isArray":true,"model":"EventHookChannelConfigHeader"},{"propertyName":"uri","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/eventHookChannelConfigAuthScheme.go","context":{"operations":{},"model":{"modelName":"EventHookChannelConfigAuthScheme","properties":[{"propertyName":"key","commonType":"string"},{"$ref":"#/definitions/EventHookChannelConfigAuthSchemeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"EventHookChannelConfigAuthSchemeType"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/eventHookChannelConfigAuthSchemeType.go","context":{"operations":{},"model":{"modelName":"EventHookChannelConfigAuthSchemeType","enum":["HEADER"],"tags":["EventHook"]}}},{"src":"templates/model.go.hbs","dest":"okta/eventHookChannelConfigHeader.go","context":{"operations":{},"model":{"modelName":"EventHookChannelConfigHeader","properties":[{"propertyName":"key","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/eventSubscriptions.go","context":{"operations":{},"model":{"modelName":"EventSubscriptions","properties":[{"propertyName":"items","commonType":"array","isArray":true,"model":"string"},{"enum":["EVENT_TYPE","FLOW_EVENT"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["EventHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/factorProvider.go","context":{"operations":{},"model":{"modelName":"FactorProvider","enum":["OKTA","RSA","FIDO","GOOGLE","SYMANTEC","DUO","YUBICO","CUSTOM","APPLE"],"tags":["UserFactor"]}}},{"src":"templates/model.go.hbs","dest":"okta/factorResultType.go","context":{"operations":{},"model":{"modelName":"FactorResultType","enum":["SUCCESS","CHALLENGE","WAITING","FAILED","REJECTED","TIMEOUT","TIME_WINDOW_EXCEEDED","PASSCODE_REPLAYED","ERROR","CANCELLED"],"tags":["UserFactor"]}}},{"src":"templates/model.go.hbs","dest":"okta/factorStatus.go","context":{"operations":{},"model":{"modelName":"FactorStatus","enum":["PENDING_ACTIVATION","ACTIVE","INACTIVE","NOT_SETUP","ENROLLED","DISABLED","EXPIRED"],"tags":["UserFactor"]}}},{"src":"templates/model.go.hbs","dest":"okta/factorType.go","context":{"operations":{},"model":{"modelName":"FactorType","enum":["call","email","hotp","push","question","sms","token:hardware","token:hotp","token:software:totp","token","u2f","web","webauthn"],"tags":["UserFactor"]}}},{"src":"templates/model.go.hbs","dest":"okta/feature.go","context":{"operations":{"getFeature":{"path":"/api/v1/features/{featureId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"getFeature","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature"},"listFeatures":{"path":"/api/v1/features","method":"get","queryParams":[],"pathParams":[],"operationId":"listFeatures","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"Feature","isArray":true},"listFeatureDependencies":{"path":"/api/v1/features/{featureId}/dependencies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependencies","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true},"listFeatureDependents":{"path":"/api/v1/features/{featureId}/dependents","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependents","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true},"updateFeatureLifecycle":{"path":"/api/v1/features/{featureId}/{lifecycle}","method":"post","queryParams":[{"in":"query","name":"mode","type":"string"}],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"}],"operationId":"updateFeatureLifecycle","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"},{"in":"query","name":"mode","type":"string"}],"formData":[],"responseModel":"Feature"}},"model":{"modelName":"Feature","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/FeatureStage","propertyName":"stage","commonType":"object","isObject":true,"model":"FeatureStage"},{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"},{"$ref":"#/definitions/FeatureType","propertyName":"type","commonType":"enum","isEnum":true,"model":"FeatureType"}],"methods":[{"alias":"updateLifecycle","arguments":[{"dest":"featureId","src":"id"}],"operation":{"path":"/api/v1/features/{featureId}/{lifecycle}","method":"post","queryParams":[{"in":"query","name":"mode","type":"string"}],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"}],"operationId":"updateFeatureLifecycle","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"},{"in":"path","name":"lifecycle","required":true,"type":"string"},{"in":"query","name":"mode","type":"string"}],"formData":[],"responseModel":"Feature"}},{"alias":"getDependents","arguments":[{"dest":"featureId","src":"id"}],"operation":{"path":"/api/v1/features/{featureId}/dependents","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependents","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true}},{"alias":"getDependencies","arguments":[{"dest":"featureId","src":"id"}],"operation":{"path":"/api/v1/features/{featureId}/dependencies","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"listFeatureDependencies","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Feature"},"type":"array"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature","isArray":true}}],"crud":[{"alias":"read","arguments":[],"operation":{"path":"/api/v1/features/{featureId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"featureId","required":true,"type":"string"}],"operationId":"getFeature","description":"Success","tags":["Feature"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Feature"}}},"parameters":[{"in":"path","name":"featureId","required":true,"type":"string"}],"formData":[],"responseModel":"Feature"}}],"tags":["Feature"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/featureStage.go","context":{"operations":{},"model":{"modelName":"FeatureStage","properties":[{"$ref":"#/definitions/FeatureStageState","propertyName":"state","commonType":"enum","isEnum":true,"model":"FeatureStageState"},{"$ref":"#/definitions/FeatureStageValue","propertyName":"value","commonType":"enum","isEnum":true,"model":"FeatureStageValue"}],"methods":[],"crud":[],"tags":["Feature"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/featureStageState.go","context":{"operations":{},"model":{"modelName":"FeatureStageState","enum":["OPEN","CLOSED"],"tags":["Feature"]}}},{"src":"templates/model.go.hbs","dest":"okta/featureStageValue.go","context":{"operations":{},"model":{"modelName":"FeatureStageValue","enum":["EA","BETA"],"tags":["Feature"]}}},{"src":"templates/model.go.hbs","dest":"okta/featureType.go","context":{"operations":{},"model":{"modelName":"FeatureType","enum":["self-service"],"tags":["Feature"]}}},{"src":"templates/model.go.hbs","dest":"okta/fipsEnum.go","context":{"operations":{},"model":{"modelName":"FipsEnum","enum":["REQUIRED","OPTIONAL"],"tags":["Authenticator"]}}},{"src":"templates/model.go.hbs","dest":"okta/forgotPasswordResponse.go","context":{"operations":{},"model":{"modelName":"ForgotPasswordResponse","properties":[{"readOnly":true,"propertyName":"resetPasswordUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/grantTypePolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"GrantTypePolicyRuleCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/group.go","context":{"operations":{"updateGroup":{"path":"/api/v1/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"updateGroup","description":"Updates the profile for a group with `OKTA_GROUP` type from your organization.","summary":"Update Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"group","required":true,"schema":{"$ref":"#/definitions/Group"}}],"bodyModel":"Group","formData":[],"responseModel":"Group"},"deleteGroup":{"path":"/api/v1/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteGroup","description":"Removes a group with `OKTA_GROUP` type from your organization.","summary":"Remove Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},"listGroups":{"path":"/api/v1/groups","method":"get","queryParams":[{"description":"Searches the name property of groups for matching value","in":"query","name":"q","type":"string"},{"description":"Filter expression for groups","in":"query","name":"filter","type":"string"},{"description":"Specifies the pagination cursor for the next page of groups","in":"query","name":"after","type":"string"},{"default":10000,"description":"Specifies the number of group results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"If specified, it causes additional metadata to be included in the response.","in":"query","name":"expand","type":"string"},{"description":"Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass","in":"query","name":"search","type":"string"}],"pathParams":[],"operationId":"listGroups","description":"Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.","summary":"List Groups","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"description":"Searches the name property of groups for matching value","in":"query","name":"q","type":"string"},{"description":"Filter expression for groups","in":"query","name":"filter","type":"string"},{"description":"Specifies the pagination cursor for the next page of groups","in":"query","name":"after","type":"string"},{"default":10000,"description":"Specifies the number of group results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"If specified, it causes additional metadata to be included in the response.","in":"query","name":"expand","type":"string"},{"description":"Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass","in":"query","name":"search","type":"string"}],"formData":[],"responseModel":"Group","isArray":true},"createGroup":{"path":"/api/v1/groups","method":"post","queryParams":[],"pathParams":[],"operationId":"createGroup","description":"Adds a new group with `OKTA_GROUP` type to your organization.","summary":"Add Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"body","name":"group","required":true,"schema":{"$ref":"#/definitions/Group"}}],"bodyModel":"Group","formData":[],"responseModel":"Group"},"listGroupRules":{"path":"/api/v1/groups/rules","method":"get","queryParams":[{"default":50,"description":"Specifies the number of rule results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Specifies the pagination cursor for the next page of rules","in":"query","name":"after","type":"string"},{"description":"Specifies the keyword to search fules for","in":"query","name":"search","type":"string"},{"description":"If specified as `groupIdToGroupNameMap`, then show group names","in":"query","name":"expand","type":"string","x-okta-added-version":"1.3.0"}],"pathParams":[],"operationId":"listGroupRules","description":"Lists all group rules for your organization.","summary":"List Group Rules","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/GroupRule"},"type":"array"}}},"parameters":[{"default":50,"description":"Specifies the number of rule results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Specifies the pagination cursor for the next page of rules","in":"query","name":"after","type":"string"},{"description":"Specifies the keyword to search fules for","in":"query","name":"search","type":"string"},{"description":"If specified as `groupIdToGroupNameMap`, then show group names","in":"query","name":"expand","type":"string","x-okta-added-version":"1.3.0"}],"formData":[],"responseModel":"GroupRule","isArray":true},"createGroupRule":{"path":"/api/v1/groups/rules","method":"post","queryParams":[],"pathParams":[],"operationId":"createGroupRule","description":"Creates a group rule to dynamically add users to the specified group if they match the condition","summary":"Create Group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"body","name":"groupRule","required":true,"schema":{"$ref":"#/definitions/GroupRule"}}],"bodyModel":"GroupRule","formData":[],"responseModel":"GroupRule"},"deleteGroupRule":{"path":"/api/v1/groups/rules/{ruleId}","method":"delete","queryParams":[{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteGroupRule","description":"Removes a specific group rule by id from your organization","summary":"Delete a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"Accepted"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"formData":[]},"getGroupRule":{"path":"/api/v1/groups/rules/{ruleId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getGroupRule","description":"Fetches a specific group rule by id from your organization","summary":"Get Group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"GroupRule"},"updateGroupRule":{"path":"/api/v1/groups/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateGroupRule","description":"Updates a group rule. Only `INACTIVE` rules can be updated.","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"groupRule","required":true,"schema":{"$ref":"#/definitions/GroupRule"}}],"bodyModel":"GroupRule","formData":[],"responseModel":"GroupRule"},"activateGroupRule":{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateGroupRule","description":"Activates a specific group rule by id from your organization","summary":"Activate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},"deactivateGroupRule":{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateGroupRule","description":"Deactivates a specific group rule by id from your organization","summary":"Deactivate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},"getGroup":{"path":"/api/v1/groups/{groupId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getGroup","description":"Fetches a group from your organization.","summary":"List Group Rules","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[],"responseModel":"Group"},"listAssignedApplicationsForGroup":{"path":"/api/v1/groups/{groupId}/apps","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listAssignedApplicationsForGroup","description":"Enumerates all applications that are assigned to a group.","summary":"List Assigned Applications","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Application"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Application","isArray":true},"listGroupAssignedRoles":{"path":"/api/v1/groups/{groupId}/roles","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listGroupAssignedRoles","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Role"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Role","isArray":true},"assignRoleToGroup":{"path":"/api/v1/groups/{groupId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"assignRoleToGroup","description":"Assigns a Role to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}},"201":{"description":"Success"}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"},"removeRoleFromGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"removeRoleFromGroup","description":"Unassigns a Role from a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]},"getRole":{"path":"/api/v1/groups/{groupId}/roles/{roleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"getRole","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[],"responseModel":"Role"},"listApplicationTargetsForApplicationAdministratorRoleForGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listApplicationTargetsForApplicationAdministratorRoleForGroup","description":"Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/CatalogApplication"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"CatalogApplication","isArray":true},"removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},"addApplicationTargetToAdminRoleGivenToGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleGivenToGroup","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},"removeApplicationTargetFromAdministratorRoleGivenToGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromAdministratorRoleGivenToGroup","description":"Remove App Instance Target to App Administrator Role given to a Group","summary":"Remove App Instance Target to App Administrator Role given to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},"addApplicationInstanceTargetToAppAdminRoleGivenToGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationInstanceTargetToAppAdminRoleGivenToGroup","description":"Add App Instance Target to App Administrator Role given to a Group","summary":"Add App Instance Target to App Administrator Role given to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},"listGroupTargetsForGroupRole":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listGroupTargetsForGroupRole","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Group","isArray":true},"removeGroupTargetFromGroupAdministratorRoleGivenToGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"operationId":"removeGroupTargetFromGroupAdministratorRoleGivenToGroup","description":"","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"formData":[]},"addGroupTargetToGroupAdministratorRoleForGroup":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"operationId":"addGroupTargetToGroupAdministratorRoleForGroup","description":"","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"formData":[]},"listGroupUsers":{"path":"/api/v1/groups/{groupId}/users","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listGroupUsers","description":"Enumerates all users that are a member of a group.","summary":"List Group Members","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/User"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"User","isArray":true},"removeUserFromGroup":{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"removeUserFromGroup","description":"Removes a user from a group with 'OKTA_GROUP' type.","summary":"Remove User from Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},"addUserToGroup":{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"addUserToGroup","description":"Adds a user to a group with 'OKTA_GROUP' type.","summary":"Add User to Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},"model":{"modelName":"Group","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastMembershipUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"objectClass","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/GroupProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"GroupProfile"},{"$ref":"#/definitions/GroupType","readOnly":true,"propertyName":"type","commonType":"enum","isEnum":true,"model":"GroupType"}],"methods":[{"alias":"removeUser","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"removeUserFromGroup","description":"Removes a user from a group with 'OKTA_GROUP' type.","summary":"Remove User from Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"listUsers","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/users","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listGroupUsers","description":"Enumerates all users that are a member of a group.","summary":"List Group Members","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/User"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":1000,"description":"Specifies the number of user results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"User","isArray":true}},{"alias":"listApplications","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/apps","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"listAssignedApplicationsForGroup","description":"Enumerates all applications that are assigned to a group.","summary":"List Assigned Applications","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Application"},"type":"array"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"description":"Specifies the pagination cursor for the next page of apps","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of app results for a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Application","isArray":true}},{"alias":"assignRole","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"assignRoleToGroup","description":"Assigns a Role to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}},"201":{"description":"Success"}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"}}],"crud":[{"alias":"update","arguments":[{"dest":"groupId","src":"id"},{"dest":"group","self":true}],"operation":{"path":"/api/v1/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"updateGroup","description":"Updates the profile for a group with `OKTA_GROUP` type from your organization.","summary":"Update Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Group"}}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"group","required":true,"schema":{"$ref":"#/definitions/Group"}}],"bodyModel":"Group","formData":[],"responseModel":"Group"}},{"alias":"delete","arguments":[{"dest":"groupId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"deleteGroup","description":"Removes a group with `OKTA_GROUP` type from your organization.","summary":"Remove Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}}],"tags":["Group"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupCondition.go","context":{"operations":{},"model":{"modelName":"GroupCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"GroupPolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupProfile.go","context":{"operations":{},"model":{"modelName":"GroupProfile","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"name","commonType":"string"}],"methods":[],"crud":[],"tags":["Group"],"isExtensible":true}}},{"src":"templates/model.go.hbs","dest":"okta/groupRule.go","context":{"operations":{"updateGroupRule":{"path":"/api/v1/groups/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateGroupRule","description":"Updates a group rule. Only `INACTIVE` rules can be updated.","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"groupRule","required":true,"schema":{"$ref":"#/definitions/GroupRule"}}],"bodyModel":"GroupRule","formData":[],"responseModel":"GroupRule"},"deleteGroupRule":{"path":"/api/v1/groups/rules/{ruleId}","method":"delete","queryParams":[{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteGroupRule","description":"Removes a specific group rule by id from your organization","summary":"Delete a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"Accepted"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"formData":[]}},"model":{"modelName":"GroupRule","properties":[{"$ref":"#/definitions/GroupRuleAction","propertyName":"actions","commonType":"object","isObject":true,"model":"GroupRuleAction"},{"$ref":"#/definitions/GroupRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"GroupRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/GroupRuleStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"GroupRuleStatus"},{"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"}],"operation":{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activateGroupRule","description":"Activates a specific group rule by id from your organization","summary":"Activate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"}],"operation":{"path":"/api/v1/groups/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivateGroupRule","description":"Deactivates a specific group rule by id from your organization","summary":"Deactivate a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"groupRule","self":true}],"operation":{"path":"/api/v1/groups/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updateGroupRule","description":"Updates a group rule. Only `INACTIVE` rules can be updated.","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/GroupRule"}}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"groupRule","required":true,"schema":{"$ref":"#/definitions/GroupRule"}}],"bodyModel":"GroupRule","formData":[],"responseModel":"GroupRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"}],"operation":{"path":"/api/v1/groups/rules/{ruleId}","method":"delete","queryParams":[{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"pathParams":[{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deleteGroupRule","description":"Removes a specific group rule by id from your organization","summary":"Delete a group Rule","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"Accepted"}},"parameters":[{"in":"path","name":"ruleId","required":true,"type":"string"},{"description":"Indicates whether to keep or remove users from groups assigned by this rule.","in":"query","name":"removeUsers","type":"boolean"}],"formData":[]}}],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupRuleAction.go","context":{"operations":{},"model":{"modelName":"GroupRuleAction","properties":[{"$ref":"#/definitions/GroupRuleGroupAssignment","propertyName":"assignUserToGroups","commonType":"object","isObject":true,"model":"GroupRuleGroupAssignment"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupRuleConditions.go","context":{"operations":{},"model":{"modelName":"GroupRuleConditions","properties":[{"$ref":"#/definitions/GroupRuleExpression","propertyName":"expression","commonType":"object","isObject":true,"model":"GroupRuleExpression"},{"$ref":"#/definitions/GroupRulePeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"GroupRulePeopleCondition"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupRuleExpression.go","context":{"operations":{},"model":{"modelName":"GroupRuleExpression","properties":[{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupRuleGroupAssignment.go","context":{"operations":{},"model":{"modelName":"GroupRuleGroupAssignment","properties":[{"propertyName":"groupIds","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupRuleGroupCondition.go","context":{"operations":{},"model":{"modelName":"GroupRuleGroupCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupRulePeopleCondition.go","context":{"operations":{},"model":{"modelName":"GroupRulePeopleCondition","properties":[{"$ref":"#/definitions/GroupRuleGroupCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupRuleGroupCondition"},{"$ref":"#/definitions/GroupRuleUserCondition","propertyName":"users","commonType":"object","isObject":true,"model":"GroupRuleUserCondition"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupRuleStatus.go","context":{"operations":{},"model":{"modelName":"GroupRuleStatus","enum":["ACTIVE","INACTIVE","INVALID"],"tags":["GroupRule"]}}},{"src":"templates/model.go.hbs","dest":"okta/groupRuleUserCondition.go","context":{"operations":{},"model":{"modelName":"GroupRuleUserCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["GroupRule"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupSchema.go","context":{"operations":{"getGroupSchema":{"path":"/api/v1/meta/schemas/group/default","method":"get","queryParams":[],"pathParams":[],"operationId":"getGroupSchema","description":"Fetches the group schema","summary":"Fetches the group schema","tags":["GroupSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GroupSchema"}}},"parameters":[],"formData":[],"responseModel":"GroupSchema"},"updateGroupSchema":{"path":"/api/v1/meta/schemas/group/default","method":"post","queryParams":[],"pathParams":[],"operationId":"updateGroupSchema","description":"Updates, adds ore removes one or more custom Group Profile properties in the schema","summary":"Updates, adds ore removes one or more custom Group Profile properties in the schema","tags":["GroupSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GroupSchema"}}},"parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/GroupSchema"}}],"bodyModel":"GroupSchema","formData":[],"responseModel":"GroupSchema"}},"model":{"modelName":"GroupSchema","properties":[{"readOnly":true,"propertyName":"$schema","commonType":"string"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"string"},{"$ref":"#/definitions/GroupSchemaDefinitions","propertyName":"definitions","commonType":"object","isObject":true,"model":"GroupSchemaDefinitions"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"string"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/UserSchemaProperties","readOnly":true,"propertyName":"properties","commonType":"object","isObject":true,"model":"UserSchemaProperties"},{"propertyName":"title","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupSchemaAttribute.go","context":{"operations":{},"model":{"modelName":"GroupSchemaAttribute","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"enum","commonType":"array","isArray":true,"model":"string"},{"propertyName":"externalName","commonType":"string"},{"propertyName":"externalNamespace","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeItems","propertyName":"items","commonType":"object","isObject":true,"model":"UserSchemaAttributeItems"},{"$ref":"#/definitions/UserSchemaAttributeMaster","propertyName":"master","commonType":"object","isObject":true,"model":"UserSchemaAttributeMaster"},{"propertyName":"maxLength","commonType":"integer"},{"propertyName":"minLength","commonType":"integer"},{"propertyName":"mutability","commonType":"string"},{"propertyName":"oneOf","commonType":"array","isArray":true,"model":"UserSchemaAttributeEnum"},{"propertyName":"permissions","commonType":"array","isArray":true,"model":"UserSchemaAttributePermission"},{"propertyName":"required","commonType":"boolean"},{"$ref":"#/definitions/UserSchemaAttributeScope","propertyName":"scope","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeScope"},{"propertyName":"title","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeType"},{"$ref":"#/definitions/UserSchemaAttributeUnion","propertyName":"union","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeUnion"},{"propertyName":"unique","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupSchemaBase.go","context":{"operations":{},"model":{"modelName":"GroupSchemaBase","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/GroupSchemaBaseProperties","propertyName":"properties","commonType":"object","isObject":true,"model":"GroupSchemaBaseProperties"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupSchemaBaseProperties.go","context":{"operations":{},"model":{"modelName":"GroupSchemaBaseProperties","properties":[{"$ref":"#/definitions/GroupSchemaAttribute","propertyName":"description","commonType":"object","isObject":true,"model":"GroupSchemaAttribute"},{"$ref":"#/definitions/GroupSchemaAttribute","propertyName":"name","commonType":"object","isObject":true,"model":"GroupSchemaAttribute"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupSchemaCustom.go","context":{"operations":{},"model":{"modelName":"GroupSchemaCustom","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"properties","commonType":"hash","isHash":true,"model":"GroupSchemaAttribute"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupSchemaDefinitions.go","context":{"operations":{},"model":{"modelName":"GroupSchemaDefinitions","properties":[{"$ref":"#/definitions/GroupSchemaBase","propertyName":"base","commonType":"object","isObject":true,"model":"GroupSchemaBase"},{"$ref":"#/definitions/GroupSchemaCustom","propertyName":"custom","commonType":"object","isObject":true,"model":"GroupSchemaCustom"}],"methods":[],"crud":[],"tags":["GroupSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/groupType.go","context":{"operations":{},"model":{"modelName":"GroupType","enum":["OKTA_GROUP","APP_GROUP","BUILT_IN"],"tags":["Group"]}}},{"src":"templates/model.go.hbs","dest":"okta/hardwareUserFactor.go","context":{"operations":{},"model":{"modelName":"HardwareUserFactor","properties":[{"$ref":"#/definitions/HardwareUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"HardwareUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token:hardware"}}}},{"src":"templates/model.go.hbs","dest":"okta/hardwareUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"HardwareUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/identityProvider.go","context":{"operations":{"createIdentityProvider":{"path":"/api/v1/idps","method":"post","queryParams":[],"pathParams":[],"operationId":"createIdentityProvider","description":"Adds a new IdP to your organization.","summary":"Add Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"},"getIdentityProvider":{"path":"/api/v1/idps/{idpId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"getIdentityProvider","description":"Fetches an IdP by `id`.","summary":"Get Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"},"updateIdentityProvider":{"path":"/api/v1/idps/{idpId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"updateIdentityProvider","description":"Updates the configuration for an IdP.","summary":"Update Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"},"deleteIdentityProvider":{"path":"/api/v1/idps/{idpId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deleteIdentityProvider","description":"Removes an IdP from your organization.","summary":"Delete Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[]},"listIdentityProviders":{"path":"/api/v1/idps","method":"get","queryParams":[{"description":"Searches the name property of IdPs for matching value","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of IdPs","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of IdP results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters IdPs by type","in":"query","name":"type","type":"string"}],"pathParams":[],"operationId":"listIdentityProviders","description":"Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.","summary":"List Identity Providers","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProvider"},"type":"array"}}},"parameters":[{"description":"Searches the name property of IdPs for matching value","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of IdPs","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of IdP results in a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters IdPs by type","in":"query","name":"type","type":"string"}],"formData":[],"responseModel":"IdentityProvider","isArray":true},"listIdentityProviderKeys":{"path":"/api/v1/idps/credentials/keys","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of keys","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of key results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[],"operationId":"listIdentityProviderKeys","description":"Enumerates IdP key credentials.","summary":"List Keys","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"description":"Specifies the pagination cursor for the next page of keys","in":"query","name":"after","type":"string"},{"default":20,"description":"Specifies the number of key results in a page","format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},"createIdentityProviderKey":{"path":"/api/v1/idps/credentials/keys","method":"post","queryParams":[],"pathParams":[],"operationId":"createIdentityProviderKey","description":"Adds a new X.509 certificate credential to the IdP key store.","summary":"Add X.509 Certificate Public Key","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"body","name":"jsonWebKey","required":true,"schema":{"$ref":"#/definitions/JsonWebKey"}}],"bodyModel":"JsonWebKey","formData":[],"responseModel":"JsonWebKey"},"deleteIdentityProviderKey":{"path":"/api/v1/idps/credentials/keys/{keyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"deleteIdentityProviderKey","description":"Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP.","summary":"Delete Key","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[]},"getIdentityProviderKey":{"path":"/api/v1/idps/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getIdentityProviderKey","description":"Gets a specific IdP Key Credential by `kid`","summary":"Get Key","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},"listCsrsForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listCsrsForIdentityProvider","description":"Enumerates Certificate Signing Requests for an IdP","summary":"List Certificate Signing Requests for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true},"generateCsrForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateCsrForIdentityProvider","description":"Generates a new key pair and returns a Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"},"revokeCsrForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrForIdentityProvider","description":"Revoke a Certificate Signing Request and delete the key pair from the IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]},"getCsrForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForIdentityProvider","description":"Gets a specific Certificate Signing Request model by id","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"},"publishCerCertForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},"publishBinaryCerCertForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},"publishDerCertForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"},"publishBinaryDerCertForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},"publishBinaryPemCertForIdentityProvider":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCertForIdentityProvider","description":"Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.","tags":["IdentityProvider"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"},"listIdentityProviderSigningKeys":{"path":"/api/v1/idps/{idpId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderSigningKeys","description":"Enumerates signing key credentials for an IdP","summary":"List Signing Key Credentials for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true},"generateIdentityProviderSigningKey":{"path":"/api/v1/idps/{idpId}/credentials/keys/generate","method":"post","queryParams":[{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateIdentityProviderSigningKey","description":"Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP","summary":"Generate New IdP Signing Key Credential","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"formData":[],"responseModel":"JsonWebKey"},"getIdentityProviderSigningKey":{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getIdentityProviderSigningKey","description":"Gets a specific IdP Key Credential by `kid`","summary":"Get Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},"cloneIdentityProviderKey":{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneIdentityProviderKey","description":"Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP","summary":"Clone Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"},"activateIdentityProvider":{"path":"/api/v1/idps/{idpId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"activateIdentityProvider","description":"Activates an inactive IdP.","summary":"Activate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"},"deactivateIdentityProvider":{"path":"/api/v1/idps/{idpId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deactivateIdentityProvider","description":"Deactivates an active IdP.","summary":"Deactivate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"},"listIdentityProviderApplicationUsers":{"path":"/api/v1/idps/{idpId}/users","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderApplicationUsers","description":"Find all the users linked to an identity provider","summary":"Find Users","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProviderApplicationUser"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser","isArray":true},"unlinkUserFromIdentityProvider":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlinkUserFromIdentityProvider","description":"Removes the link between the Okta user and the IdP user.","summary":"Unlink User from IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},"getIdentityProviderApplicationUser":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getIdentityProviderApplicationUser","description":"Fetches a linked IdP user by ID","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser"},"linkUserToIdentityProvider":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"linkUserToIdentityProvider","description":"Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type","summary":"Link a user to a Social IdP without a transaction","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"userIdentityProviderLinkRequest","required":true,"schema":{"$ref":"#/definitions/UserIdentityProviderLinkRequest"}}],"bodyModel":"UserIdentityProviderLinkRequest","formData":[],"responseModel":"IdentityProviderApplicationUser"},"listSocialAuthTokens":{"path":"/api/v1/idps/{idpId}/users/{userId}/credentials/tokens","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSocialAuthTokens","description":"Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.","summary":"Social Authentication Token Operation","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SocialAuthToken"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SocialAuthToken","isArray":true}},"model":{"modelName":"IdentityProvider","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"enum":["ORG_URL","CUSTOM_URL","DYNAMIC"],"propertyName":"issuerMode","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/IdentityProviderPolicy","propertyName":"policy","commonType":"object","isObject":true,"model":"IdentityProviderPolicy"},{"$ref":"#/definitions/Protocol","propertyName":"protocol","commonType":"object","isObject":true,"model":"Protocol"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"enum":["SAML2","GOOGLE","FACEBOOK","LINKEDIN","MICROSOFT","OIDC","OKTA","IWA","AgentlessDSSO","X509"],"propertyName":"type","commonType":"string","knownValues":["SAML2","GOOGLE","FACEBOOK","LINKEDIN","MICROSOFT","OIDC","OKTA","IWA","AgentlessDSSO","X509"]}],"methods":[{"alias":"listSigningCsrs","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listCsrsForIdentityProvider","description":"Enumerates Certificate Signing Requests for an IdP","summary":"List Certificate Signing Requests for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"generateCsr","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateCsrForIdentityProvider","description":"Generates a new key pair and returns a Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"deleteSigningCsr","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrForIdentityProvider","description":"Revoke a Certificate Signing Request and delete the key pair from the IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"getSigningCsr","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForIdentityProvider","description":"Gets a specific Certificate Signing Request model by id","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"listSigningKeys","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderSigningKeys","description":"Enumerates signing key credentials for an IdP","summary":"List Signing Key Credentials for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateSigningKey","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys/generate","method":"post","queryParams":[{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"generateIdentityProviderSigningKey","description":"Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP","summary":"Generate New IdP Signing Key Credential","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"description":"expiry of the IdP Key Credential","format":"int32","in":"query","name":"validityYears","required":true,"type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getSigningKey","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getIdentityProviderSigningKey","description":"Gets a specific IdP Key Credential by `kid`","summary":"Get Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"cloneKey","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneIdentityProviderKey","description":"Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP","summary":"Clone Signing Key Credential for IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"in":"query","name":"targetIdpId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"activate","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"activateIdentityProvider","description":"Activates an inactive IdP.","summary":"Activate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"}},{"alias":"deactivate","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deactivateIdentityProvider","description":"Deactivates an active IdP.","summary":"Deactivate Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"}},{"alias":"listUsers","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"listIdentityProviderApplicationUsers","description":"Find all the users linked to an identity provider","summary":"Find Users","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProviderApplicationUser"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser","isArray":true}},{"alias":"unlinkUser","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlinkUserFromIdentityProvider","description":"Removes the link between the Okta user and the IdP user.","summary":"Unlink User from IdP","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"getUser","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getIdentityProviderApplicationUser","description":"Fetches a linked IdP user by ID","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProviderApplicationUser"}},{"alias":"linkUser","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"linkUserToIdentityProvider","description":"Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type","summary":"Link a user to a Social IdP without a transaction","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProviderApplicationUser"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"body","name":"userIdentityProviderLinkRequest","required":true,"schema":{"$ref":"#/definitions/UserIdentityProviderLinkRequest"}}],"bodyModel":"UserIdentityProviderLinkRequest","formData":[],"responseModel":"IdentityProviderApplicationUser"}},{"alias":"listSocialAuthTokens","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}/users/{userId}/credentials/tokens","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSocialAuthTokens","description":"Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.","summary":"Social Authentication Token Operation","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SocialAuthToken"},"type":"array"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SocialAuthToken","isArray":true}}],"crud":[{"alias":"create","arguments":[{"dest":"idpTrust","self":true}],"operation":{"path":"/api/v1/idps","method":"post","queryParams":[],"pathParams":[],"operationId":"createIdentityProvider","description":"Adds a new IdP to your organization.","summary":"Add Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/idps/{idpId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"getIdentityProvider","description":"Fetches an IdP by `id`.","summary":"Get Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider"}},{"alias":"update","arguments":[{"dest":"idpId","src":"id"},{"dest":"idpTrust","self":true}],"operation":{"path":"/api/v1/idps/{idpId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"updateIdentityProvider","description":"Updates the configuration for an IdP.","summary":"Update Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/IdentityProvider"}}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"},{"in":"body","name":"identityProvider","required":true,"schema":{"$ref":"#/definitions/IdentityProvider"}}],"bodyModel":"IdentityProvider","formData":[],"responseModel":"IdentityProvider"}},{"alias":"delete","arguments":[{"dest":"idpId","src":"id"}],"operation":{"path":"/api/v1/idps/{idpId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"idpId","required":true,"type":"string"}],"operationId":"deleteIdentityProvider","description":"Removes an IdP from your organization.","summary":"Delete Identity Provider","tags":["IdentityProvider"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"idpId","required":true,"type":"string"}],"formData":[]}}],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/identityProviderApplicationUser.go","context":{"operations":{},"model":{"modelName":"IdentityProviderApplicationUser","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"created","commonType":"string"},{"propertyName":"externalId","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"lastUpdated","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/identityProviderCredentials.go","context":{"operations":{},"model":{"modelName":"IdentityProviderCredentials","properties":[{"$ref":"#/definitions/IdentityProviderCredentialsClient","propertyName":"client","commonType":"object","isObject":true,"model":"IdentityProviderCredentialsClient"},{"$ref":"#/definitions/IdentityProviderCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"IdentityProviderCredentialsSigning"},{"$ref":"#/definitions/IdentityProviderCredentialsTrust","propertyName":"trust","commonType":"object","isObject":true,"model":"IdentityProviderCredentialsTrust"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/identityProviderCredentialsClient.go","context":{"operations":{},"model":{"modelName":"IdentityProviderCredentialsClient","properties":[{"propertyName":"client_id","commonType":"string"},{"propertyName":"client_secret","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/identityProviderCredentialsSigning.go","context":{"operations":{},"model":{"modelName":"IdentityProviderCredentialsSigning","properties":[{"propertyName":"kid","commonType":"string"},{"propertyName":"privateKey","commonType":"string"},{"propertyName":"teamId","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/identityProviderCredentialsTrust.go","context":{"operations":{},"model":{"modelName":"IdentityProviderCredentialsTrust","properties":[{"propertyName":"audience","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"propertyName":"kid","commonType":"string"},{"enum":["CRL","DELTA_CRL","OCSP"],"propertyName":"revocation","commonType":"string"},{"propertyName":"revocationCacheLifetime","commonType":"integer"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/identityProviderPolicy.go","context":{"operations":{},"model":{"modelName":"IdentityProviderPolicy","properties":[{"$ref":"#/definitions/PolicyAccountLink","propertyName":"accountLink","commonType":"object","isObject":true,"model":"PolicyAccountLink"},{"propertyName":"maxClockSkew","commonType":"integer"},{"$ref":"#/definitions/Provisioning","propertyName":"provisioning","commonType":"object","isObject":true,"model":"Provisioning"},{"$ref":"#/definitions/PolicySubject","propertyName":"subject","commonType":"object","isObject":true,"model":"PolicySubject"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"IDP_DISCOVERY"}}}},{"src":"templates/model.go.hbs","dest":"okta/identityProviderPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"IdentityProviderPolicyRuleCondition","properties":[{"propertyName":"idpIds","commonType":"array","isArray":true,"model":"string"},{"enum":["ANY","OKTA","SPECIFIC_IDP"],"propertyName":"provider","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/idpPolicyRuleAction.go","context":{"operations":{},"model":{"modelName":"IdpPolicyRuleAction","properties":[{"propertyName":"providers","commonType":"array","isArray":true,"model":"IdpPolicyRuleActionProvider"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/idpPolicyRuleActionProvider.go","context":{"operations":{},"model":{"modelName":"IdpPolicyRuleActionProvider","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/iframeEmbedScopeAllowedApps.go","context":{"operations":{},"model":{"modelName":"IframeEmbedScopeAllowedApps","enum":["OKTA_ENDUSER"],"tags":["Role"]}}},{"src":"templates/model.go.hbs","dest":"okta/imageUploadResponse.go","context":{"operations":{},"model":{"modelName":"ImageUploadResponse","properties":[{"readOnly":true,"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["Brand"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inactivityPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"InactivityPolicyRuleCondition","properties":[{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHook.go","context":{"operations":{"createInlineHook":{"path":"/api/v1/inlineHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createInlineHook","description":"Success","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"},"getInlineHook":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"getInlineHook","description":"Gets an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"},"updateInlineHook":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"updateInlineHook","description":"Updates an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"},"deleteInlineHook":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deleteInlineHook","description":"Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[]},"listInlineHooks":{"path":"/api/v1/inlineHooks","method":"get","queryParams":[{"in":"query","name":"type","type":"string"}],"pathParams":[],"operationId":"listInlineHooks","description":"Success","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/InlineHook"},"type":"array"}}},"parameters":[{"in":"query","name":"type","type":"string"}],"formData":[],"responseModel":"InlineHook","isArray":true},"executeInlineHook":{"path":"/api/v1/inlineHooks/{inlineHookId}/execute","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"executeInlineHook","description":"Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHookResponse"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"payloadData","required":true,"schema":{"$ref":"#/definitions/InlineHookPayload"}}],"bodyModel":"InlineHookPayload","formData":[],"responseModel":"InlineHookResponse"},"activateInlineHook":{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"activateInlineHook","description":"Activates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"},"deactivateInlineHook":{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deactivateInlineHook","description":"Deactivates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"}},"model":{"modelName":"InlineHook","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/InlineHookChannel","propertyName":"channel","commonType":"object","isObject":true,"model":"InlineHookChannel"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/InlineHookStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"InlineHookStatus"},{"$ref":"#/definitions/InlineHookType","propertyName":"type","commonType":"enum","isEnum":true,"model":"InlineHookType"},{"propertyName":"version","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"activateInlineHook","description":"Activates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"}},{"alias":"deactivate","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deactivateInlineHook","description":"Deactivates the Inline Hook matching the provided id","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"}},{"alias":"execute","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}/execute","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"executeInlineHook","description":"Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHookResponse"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"payloadData","required":true,"schema":{"$ref":"#/definitions/InlineHookPayload"}}],"bodyModel":"InlineHookPayload","formData":[],"responseModel":"InlineHookResponse"}}],"crud":[{"alias":"create","arguments":[{"dest":"inlineHook","self":true}],"operation":{"path":"/api/v1/inlineHooks","method":"post","queryParams":[],"pathParams":[],"operationId":"createInlineHook","description":"Success","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"getInlineHook","description":"Gets an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[],"responseModel":"InlineHook"}},{"alias":"update","arguments":[{"dest":"inlineHookId","src":"id"},{"dest":"inlineHook","self":true}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"updateInlineHook","description":"Updates an inline hook by ID","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/InlineHook"}}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"},{"in":"body","name":"inlineHook","required":true,"schema":{"$ref":"#/definitions/InlineHook"}}],"bodyModel":"InlineHook","formData":[],"responseModel":"InlineHook"}},{"alias":"delete","arguments":[{"dest":"inlineHookId","src":"id"}],"operation":{"path":"/api/v1/inlineHooks/{inlineHookId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"operationId":"deleteInlineHook","description":"Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.","tags":["InlineHook"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"inlineHookId","required":true,"type":"string"}],"formData":[]}}],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookChannel.go","context":{"operations":{},"model":{"modelName":"InlineHookChannel","properties":[{"$ref":"#/definitions/InlineHookChannelConfig","readOnly":false,"propertyName":"config","commonType":"object","isObject":true,"model":"InlineHookChannelConfig"},{"enum":["HTTP"],"readOnly":false,"propertyName":"type","commonType":"string"},{"readOnly":false,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookChannelConfig.go","context":{"operations":{},"model":{"modelName":"InlineHookChannelConfig","properties":[{"$ref":"#/definitions/InlineHookChannelConfigAuthScheme","propertyName":"authScheme","commonType":"object","isObject":true,"model":"InlineHookChannelConfigAuthScheme"},{"propertyName":"headers","commonType":"array","isArray":true,"model":"InlineHookChannelConfigHeaders"},{"propertyName":"method","commonType":"string"},{"propertyName":"uri","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookChannelConfigAuthScheme.go","context":{"operations":{},"model":{"modelName":"InlineHookChannelConfigAuthScheme","properties":[{"propertyName":"key","commonType":"string"},{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookChannelConfigHeaders.go","context":{"operations":{},"model":{"modelName":"InlineHookChannelConfigHeaders","properties":[{"propertyName":"key","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookPayload.go","context":{"operations":{},"model":{"modelName":"InlineHookPayload","properties":[],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":true}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookResponse.go","context":{"operations":{},"model":{"modelName":"InlineHookResponse","properties":[{"propertyName":"commands","commonType":"array","isArray":true,"model":"InlineHookResponseCommands"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookResponseCommandValue.go","context":{"operations":{},"model":{"modelName":"InlineHookResponseCommandValue","properties":[{"propertyName":"op","commonType":"string"},{"propertyName":"path","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookResponseCommands.go","context":{"operations":{},"model":{"modelName":"InlineHookResponseCommands","properties":[{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"array","isArray":true,"model":"InlineHookResponseCommandValue"}],"methods":[],"crud":[],"tags":["InlineHook"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookStatus.go","context":{"operations":{},"model":{"modelName":"InlineHookStatus","enum":["ACTIVE","INACTIVE"],"tags":["InlineHook"]}}},{"src":"templates/model.go.hbs","dest":"okta/inlineHookType.go","context":{"operations":{},"model":{"modelName":"InlineHookType","enum":["com.okta.oauth2.tokens.transform","com.okta.import.transform","com.okta.saml.tokens.transform","com.okta.user.pre-registration","com.okta.user.credential.password.import"],"tags":["InlineHook"]}}},{"src":"templates/model.go.hbs","dest":"okta/ionField.go","context":{"operations":{},"model":{"modelName":"IonField","properties":[{"$ref":"#/definitions/IonForm","propertyName":"form","commonType":"object","isObject":true,"model":"IonForm"},{"propertyName":"label","commonType":"string"},{"propertyName":"mutable","commonType":"boolean"},{"propertyName":"name","commonType":"string"},{"propertyName":"required","commonType":"boolean"},{"propertyName":"secret","commonType":"boolean"},{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"visible","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Ion"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/ionForm.go","context":{"operations":{},"model":{"modelName":"IonForm","properties":[{"propertyName":"accepts","commonType":"string"},{"propertyName":"href","commonType":"string"},{"propertyName":"method","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"produces","commonType":"string"},{"propertyName":"refresh","commonType":"integer"},{"propertyName":"rel","commonType":"array","isArray":true,"model":"string"},{"propertyName":"relatesTo","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"value","commonType":"array","isArray":true,"model":"IonField"}],"methods":[],"crud":[],"tags":["Ion"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/jsonWebKey.go","context":{"operations":{},"model":{"modelName":"JsonWebKey","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":false,"propertyName":"alg","commonType":"string"},{"readOnly":false,"propertyName":"created","commonType":"dateTime"},{"readOnly":false,"propertyName":"e","commonType":"string"},{"readOnly":false,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":false,"propertyName":"key_ops","commonType":"array","isArray":true,"model":"string"},{"readOnly":false,"propertyName":"kid","commonType":"string"},{"readOnly":false,"propertyName":"kty","commonType":"string"},{"readOnly":false,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":false,"propertyName":"n","commonType":"string"},{"readOnly":false,"propertyName":"status","commonType":"string"},{"readOnly":false,"propertyName":"use","commonType":"string"},{"readOnly":false,"propertyName":"x5c","commonType":"array","isArray":true,"model":"string"},{"readOnly":false,"propertyName":"x5t","commonType":"string"},{"readOnly":false,"propertyName":"x5t#S256","commonType":"string"},{"readOnly":false,"propertyName":"x5u","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/jwkUse.go","context":{"operations":{},"model":{"modelName":"JwkUse","properties":[{"enum":["sig"],"propertyName":"use","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/knowledgeConstraint.go","context":{"operations":{},"model":{"modelName":"KnowledgeConstraint","properties":[],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"AccessPolicyConstraint","parent":{"modelName":"AccessPolicyConstraint","properties":[{"propertyName":"methods","commonType":"array","isArray":true,"model":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/lifecycleCreateSettingObject.go","context":{"operations":{},"model":{"modelName":"LifecycleCreateSettingObject","properties":[{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/lifecycleDeactivateSettingObject.go","context":{"operations":{},"model":{"modelName":"LifecycleDeactivateSettingObject","properties":[{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/lifecycleExpirationPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"LifecycleExpirationPolicyRuleCondition","properties":[{"propertyName":"lifecycleStatus","commonType":"string"},{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/linkedObject.go","context":{"operations":{"addLinkedObjectDefinition":{"path":"/api/v1/meta/schemas/user/linkedObjects","method":"post","queryParams":[],"pathParams":[],"operationId":"addLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"body","name":"linkedObject","required":true,"schema":{"$ref":"#/definitions/LinkedObject"}}],"bodyModel":"LinkedObject","formData":[],"responseModel":"LinkedObject"},"getLinkedObjectDefinition":{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"getLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[],"responseModel":"LinkedObject"},"deleteLinkedObjectDefinition":{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"deleteLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[]},"listLinkedObjectDefinitions":{"path":"/api/v1/meta/schemas/user/linkedObjects","method":"get","queryParams":[],"pathParams":[],"operationId":"listLinkedObjectDefinitions","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/LinkedObject"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"LinkedObject","isArray":true}},"model":{"modelName":"LinkedObject","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/LinkedObjectDetails","propertyName":"associated","commonType":"object","isObject":true,"model":"LinkedObjectDetails"},{"$ref":"#/definitions/LinkedObjectDetails","propertyName":"primary","commonType":"object","isObject":true,"model":"LinkedObjectDetails"}],"methods":[],"crud":[{"alias":"create","arguments":[{"dest":"linkedObjectDefinition","self":true}],"operation":{"path":"/api/v1/meta/schemas/user/linkedObjects","method":"post","queryParams":[],"pathParams":[],"operationId":"addLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"body","name":"linkedObject","required":true,"schema":{"$ref":"#/definitions/LinkedObject"}}],"bodyModel":"LinkedObject","formData":[],"responseModel":"LinkedObject"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"getLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/LinkedObject"}}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[],"responseModel":"LinkedObject"}},{"alias":"delete","arguments":[{"dest":"linkedObjectName","self":true}],"operation":{"path":"/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"operationId":"deleteLinkedObjectDefinition","description":"Success","tags":["LinkedObject"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"linkedObjectName","required":true,"type":"string"}],"formData":[]}}],"tags":["LinkedObject"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/linkedObjectDetails.go","context":{"operations":{},"model":{"modelName":"LinkedObjectDetails","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"title","commonType":"string"},{"$ref":"#/definitions/LinkedObjectDetailsType","propertyName":"type","commonType":"enum","isEnum":true,"model":"LinkedObjectDetailsType"}],"methods":[],"crud":[],"tags":["LinkedObject"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/linkedObjectDetailsType.go","context":{"operations":{},"model":{"modelName":"LinkedObjectDetailsType","enum":["USER"],"tags":["LinkedObject"]}}},{"src":"templates/model.go.hbs","dest":"okta/logActor.go","context":{"operations":{},"model":{"modelName":"LogActor","properties":[{"readOnly":true,"propertyName":"alternateId","commonType":"string"},{"readOnly":true,"propertyName":"detail","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"displayName","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logAuthenticationContext.go","context":{"operations":{},"model":{"modelName":"LogAuthenticationContext","properties":[{"$ref":"#/definitions/LogAuthenticationProvider","readOnly":true,"propertyName":"authenticationProvider","commonType":"enum","isEnum":true,"model":"LogAuthenticationProvider"},{"readOnly":true,"propertyName":"authenticationStep","commonType":"integer"},{"$ref":"#/definitions/LogCredentialProvider","propertyName":"credentialProvider","commonType":"enum","isEnum":true,"model":"LogCredentialProvider"},{"$ref":"#/definitions/LogCredentialType","propertyName":"credentialType","commonType":"enum","isEnum":true,"model":"LogCredentialType"},{"readOnly":true,"propertyName":"externalSessionId","commonType":"string"},{"readOnly":true,"propertyName":"interface","commonType":"string"},{"$ref":"#/definitions/LogIssuer","readOnly":true,"propertyName":"issuer","commonType":"object","isObject":true,"model":"LogIssuer"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logAuthenticationProvider.go","context":{"operations":{},"model":{"modelName":"LogAuthenticationProvider","enum":["OKTA_AUTHENTICATION_PROVIDER","ACTIVE_DIRECTORY","LDAP","FEDERATION","SOCIAL","FACTOR_PROVIDER"],"tags":["Log"]}}},{"src":"templates/model.go.hbs","dest":"okta/logClient.go","context":{"operations":{},"model":{"modelName":"LogClient","properties":[{"readOnly":true,"propertyName":"device","commonType":"string"},{"$ref":"#/definitions/LogGeographicalContext","readOnly":true,"propertyName":"geographicalContext","commonType":"object","isObject":true,"model":"LogGeographicalContext"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"ipAddress","commonType":"string"},{"$ref":"#/definitions/LogUserAgent","readOnly":true,"propertyName":"userAgent","commonType":"object","isObject":true,"model":"LogUserAgent"},{"readOnly":true,"propertyName":"zone","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logCredentialProvider.go","context":{"operations":{},"model":{"modelName":"LogCredentialProvider","enum":["OKTA_AUTHENTICATION_PROVIDER","OKTA_CREDENTIAL_PROVIDER","RSA","SYMANTEC","GOOGLE","DUO","YUBIKEY","APPLE"],"tags":["Log"]}}},{"src":"templates/model.go.hbs","dest":"okta/logCredentialType.go","context":{"operations":{},"model":{"modelName":"LogCredentialType","enum":["OTP","SMS","PASSWORD","ASSERTION","IWA","EMAIL","OAUTH2","JWT"],"tags":["Log"]}}},{"src":"templates/model.go.hbs","dest":"okta/logDebugContext.go","context":{"operations":{},"model":{"modelName":"LogDebugContext","properties":[{"readOnly":true,"propertyName":"debugData","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logEvent.go","context":{"operations":{"getLogs":{"path":"/api/v1/logs","method":"get","queryParams":[{"format":"date-time","in":"query","name":"since","type":"string"},{"format":"date-time","in":"query","name":"until","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"q","type":"string"},{"default":100,"in":"query","name":"limit","type":"integer"},{"default":"ASCENDING","in":"query","name":"sortOrder","type":"string"},{"in":"query","name":"after","type":"string"}],"pathParams":[],"operationId":"getLogs","description":"The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API","summary":"Fetch a list of events from your Okta organization system log.","tags":["Log"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/LogEvent"},"type":"array"}}},"parameters":[{"format":"date-time","in":"query","name":"since","type":"string"},{"format":"date-time","in":"query","name":"until","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"q","type":"string"},{"default":100,"in":"query","name":"limit","type":"integer"},{"default":"ASCENDING","in":"query","name":"sortOrder","type":"string"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"LogEvent","isArray":true}},"model":{"modelName":"LogEvent","properties":[{"$ref":"#/definitions/LogActor","readOnly":true,"propertyName":"actor","commonType":"object","isObject":true,"model":"LogActor"},{"$ref":"#/definitions/LogAuthenticationContext","readOnly":true,"propertyName":"authenticationContext","commonType":"object","isObject":true,"model":"LogAuthenticationContext"},{"$ref":"#/definitions/LogClient","readOnly":true,"propertyName":"client","commonType":"object","isObject":true,"model":"LogClient"},{"$ref":"#/definitions/LogDebugContext","readOnly":true,"propertyName":"debugContext","commonType":"object","isObject":true,"model":"LogDebugContext"},{"readOnly":true,"propertyName":"displayMessage","commonType":"string"},{"readOnly":true,"propertyName":"eventType","commonType":"string"},{"readOnly":true,"propertyName":"legacyEventType","commonType":"string"},{"$ref":"#/definitions/LogOutcome","readOnly":true,"propertyName":"outcome","commonType":"object","isObject":true,"model":"LogOutcome"},{"readOnly":true,"propertyName":"published","commonType":"dateTime"},{"$ref":"#/definitions/LogRequest","readOnly":true,"propertyName":"request","commonType":"object","isObject":true,"model":"LogRequest"},{"$ref":"#/definitions/LogSecurityContext","readOnly":true,"propertyName":"securityContext","commonType":"object","isObject":true,"model":"LogSecurityContext"},{"$ref":"#/definitions/LogSeverity","readOnly":true,"propertyName":"severity","commonType":"enum","isEnum":true,"model":"LogSeverity"},{"readOnly":true,"propertyName":"target","commonType":"array","isArray":true,"model":"LogTarget"},{"$ref":"#/definitions/LogTransaction","readOnly":true,"propertyName":"transaction","commonType":"object","isObject":true,"model":"LogTransaction"},{"readOnly":true,"propertyName":"uuid","commonType":"string"},{"readOnly":true,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logGeographicalContext.go","context":{"operations":{},"model":{"modelName":"LogGeographicalContext","properties":[{"readOnly":true,"propertyName":"city","commonType":"string"},{"readOnly":true,"propertyName":"country","commonType":"string"},{"$ref":"#/definitions/LogGeolocation","readOnly":true,"propertyName":"geolocation","commonType":"object","isObject":true,"model":"LogGeolocation"},{"readOnly":true,"propertyName":"postalCode","commonType":"string"},{"readOnly":true,"propertyName":"state","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logGeolocation.go","context":{"operations":{},"model":{"modelName":"LogGeolocation","properties":[{"readOnly":true,"propertyName":"lat","commonType":"double"},{"readOnly":true,"propertyName":"lon","commonType":"double"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logIpAddress.go","context":{"operations":{},"model":{"modelName":"LogIpAddress","properties":[{"$ref":"#/definitions/LogGeographicalContext","readOnly":true,"propertyName":"geographicalContext","commonType":"object","isObject":true,"model":"LogGeographicalContext"},{"readOnly":true,"propertyName":"ip","commonType":"string"},{"readOnly":true,"propertyName":"source","commonType":"string"},{"readOnly":true,"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logIssuer.go","context":{"operations":{},"model":{"modelName":"LogIssuer","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logOutcome.go","context":{"operations":{},"model":{"modelName":"LogOutcome","properties":[{"readOnly":true,"propertyName":"reason","commonType":"string"},{"readOnly":true,"propertyName":"result","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logRequest.go","context":{"operations":{},"model":{"modelName":"LogRequest","properties":[{"readOnly":true,"propertyName":"ipChain","commonType":"array","isArray":true,"model":"LogIpAddress"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logSecurityContext.go","context":{"operations":{},"model":{"modelName":"LogSecurityContext","properties":[{"readOnly":true,"propertyName":"asNumber","commonType":"integer"},{"readOnly":true,"propertyName":"asOrg","commonType":"string"},{"readOnly":true,"propertyName":"domain","commonType":"string"},{"readOnly":true,"propertyName":"isProxy","commonType":"boolean"},{"readOnly":true,"propertyName":"isp","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logSeverity.go","context":{"operations":{},"model":{"modelName":"LogSeverity","enum":["DEBUG","INFO","WARN","ERROR"],"tags":["Log"]}}},{"src":"templates/model.go.hbs","dest":"okta/logTarget.go","context":{"operations":{},"model":{"modelName":"LogTarget","properties":[{"readOnly":true,"propertyName":"alternateId","commonType":"string"},{"readOnly":true,"propertyName":"detailEntry","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"displayName","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logTransaction.go","context":{"operations":{},"model":{"modelName":"LogTransaction","properties":[{"readOnly":true,"propertyName":"detail","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/logUserAgent.go","context":{"operations":{},"model":{"modelName":"LogUserAgent","properties":[{"readOnly":true,"propertyName":"browser","commonType":"string"},{"readOnly":true,"propertyName":"os","commonType":"string"},{"readOnly":true,"propertyName":"rawUserAgent","commonType":"string"}],"methods":[],"crud":[],"tags":["Log"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/mdmEnrollmentPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"MDMEnrollmentPolicyRuleCondition","properties":[{"propertyName":"blockNonSafeAndroid","commonType":"boolean"},{"enum":["OMM","ANY_OR_NONE"],"propertyName":"enrollment","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/multifactorEnrollmentPolicy.go","context":{"operations":{},"model":{"modelName":"MultifactorEnrollmentPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"MFA_ENROLL"}}}},{"src":"templates/model.go.hbs","dest":"okta/multifactorEnrollmentPolicyAuthenticatorSettings.go","context":{"operations":{},"model":{"modelName":"MultifactorEnrollmentPolicyAuthenticatorSettings","properties":[{"minimum":0,"properties":{"aaguidGroups":{"items":{"type":"string","uniqueItems":true},"type":"array"}},"x-okta-lifecycle":{"features":["WEBAUTHN_MDS_CATALOG_BASED_AAGUID_ALLOWLIST"]},"propertyName":"constraints","commonType":"object","isObject":true},{"properties":{"self":{"$ref":"#/definitions/MultifactorEnrollmentPolicyAuthenticatorStatus"}},"propertyName":"enroll","commonType":"object","isObject":true},{"$ref":"#/definitions/MultifactorEnrollmentPolicyAuthenticatorType","propertyName":"key","commonType":"enum","isEnum":true,"model":"MultifactorEnrollmentPolicyAuthenticatorType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/multifactorEnrollmentPolicyAuthenticatorStatus.go","context":{"operations":{},"model":{"modelName":"MultifactorEnrollmentPolicyAuthenticatorStatus","enum":["NOT_ALLOWED","OPTIONAL","REQUIRED"],"tags":["Policy"]}}},{"src":"templates/model.go.hbs","dest":"okta/multifactorEnrollmentPolicyAuthenticatorType.go","context":{"operations":{},"model":{"modelName":"MultifactorEnrollmentPolicyAuthenticatorType","enum":["custom_app","custom_otp","duo","external_idp","google_otp","okta_email","okta_password","okta_verify","onprem_mfa","phone_number","rsa_token","security_question","symantec_vip","webauthn","yubikey_token"],"tags":["Policy"]}}},{"src":"templates/model.go.hbs","dest":"okta/multifactorEnrollmentPolicySettings.go","context":{"operations":{},"model":{"modelName":"MultifactorEnrollmentPolicySettings","properties":[{"propertyName":"authenticators","commonType":"array","isArray":true,"model":"MultifactorEnrollmentPolicyAuthenticatorSettings"},{"$ref":"#/definitions/MultifactorEnrollmentPolicySettingsType","propertyName":"type","commonType":"enum","isEnum":true,"model":"MultifactorEnrollmentPolicySettingsType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/multifactorEnrollmentPolicySettingsType.go","context":{"operations":{},"model":{"modelName":"MultifactorEnrollmentPolicySettingsType","enum":["AUTHENTICATORS"],"tags":["Policy"]}}},{"src":"templates/model.go.hbs","dest":"okta/networkZone.go","context":{"operations":{"getNetworkZone":{"path":"/api/v1/zones/{zoneId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"getNetworkZone","description":"Fetches a network zone from your Okta organization by `id`.","summary":"Get Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"},"updateNetworkZone":{"path":"/api/v1/zones/{zoneId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"updateNetworkZone","description":"Updates a network zone in your organization.","summary":"Update Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"},{"in":"body","name":"zone","required":true,"schema":{"$ref":"#/definitions/NetworkZone"}}],"bodyModel":"NetworkZone","formData":[],"responseModel":"NetworkZone"},"deleteNetworkZone":{"path":"/api/v1/zones/{zoneId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deleteNetworkZone","description":"Removes network zone.","summary":"Delete Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[]},"listNetworkZones":{"path":"/api/v1/zones","method":"get","queryParams":[{"description":"Specifies the pagination cursor for the next page of network zones","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters zones by usage or id expression","in":"query","name":"filter","type":"string"}],"pathParams":[],"operationId":"listNetworkZones","description":"Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.","summary":"List Network Zones","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/NetworkZone"},"type":"array"}}},"parameters":[{"description":"Specifies the pagination cursor for the next page of network zones","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters zones by usage or id expression","in":"query","name":"filter","type":"string"}],"formData":[],"responseModel":"NetworkZone","isArray":true},"createNetworkZone":{"path":"/api/v1/zones","method":"post","queryParams":[],"pathParams":[],"operationId":"createNetworkZone","description":"Adds a new network zone to your Okta organization.","summary":"Add Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"body","name":"zone","required":true,"schema":{"$ref":"#/definitions/NetworkZone"}}],"bodyModel":"NetworkZone","formData":[],"responseModel":"NetworkZone"},"activateNetworkZone":{"path":"/api/v1/zones/{zoneId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"activateNetworkZone","description":"Activate Network Zone","summary":"Activate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"},"deactivateNetworkZone":{"path":"/api/v1/zones/{zoneId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deactivateNetworkZone","description":"Deactivates a network zone.","summary":"Deactivate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}},"model":{"modelName":"NetworkZone","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"asns","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"gateways","commonType":"array","isArray":true,"model":"NetworkZoneAddress"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"locations","commonType":"array","isArray":true,"model":"NetworkZoneLocation"},{"propertyName":"name","commonType":"string"},{"propertyName":"proxies","commonType":"array","isArray":true,"model":"NetworkZoneAddress"},{"propertyName":"proxyType","commonType":"string"},{"$ref":"#/definitions/NetworkZoneStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"NetworkZoneStatus"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/NetworkZoneType","propertyName":"type","commonType":"enum","isEnum":true,"model":"NetworkZoneType"},{"$ref":"#/definitions/NetworkZoneUsage","propertyName":"usage","commonType":"enum","isEnum":true,"model":"NetworkZoneUsage"}],"methods":[{"alias":"activate","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"activateNetworkZone","description":"Activate Network Zone","summary":"Activate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}},{"alias":"deactivate","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deactivateNetworkZone","description":"Deactivates a network zone.","summary":"Deactivate Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}}],"crud":[{"alias":"read","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"getNetworkZone","description":"Fetches a network zone from your Okta organization by `id`.","summary":"Get Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[],"responseModel":"NetworkZone"}},{"alias":"update","arguments":[{"dest":"zoneId","src":"id"},{"dest":"zone","self":true}],"operation":{"path":"/api/v1/zones/{zoneId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"updateNetworkZone","description":"Updates a network zone in your organization.","summary":"Update Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/NetworkZone"}}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"},{"in":"body","name":"zone","required":true,"schema":{"$ref":"#/definitions/NetworkZone"}}],"bodyModel":"NetworkZone","formData":[],"responseModel":"NetworkZone"}},{"alias":"delete","arguments":[{"dest":"zoneId","src":"id"}],"operation":{"path":"/api/v1/zones/{zoneId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"operationId":"deleteNetworkZone","description":"Removes network zone.","summary":"Delete Network Zone","tags":["NetworkZone"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"zoneId","required":true,"type":"string"}],"formData":[]}}],"tags":["NetworkZone"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/networkZoneAddress.go","context":{"operations":{},"model":{"modelName":"NetworkZoneAddress","properties":[{"$ref":"#/definitions/NetworkZoneAddressType","propertyName":"type","commonType":"enum","isEnum":true,"model":"NetworkZoneAddressType"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["NetworkZone"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/networkZoneAddressType.go","context":{"operations":{},"model":{"modelName":"NetworkZoneAddressType","enum":["CIDR","RANGE"],"tags":["NetworkZone"]}}},{"src":"templates/model.go.hbs","dest":"okta/networkZoneLocation.go","context":{"operations":{},"model":{"modelName":"NetworkZoneLocation","properties":[{"propertyName":"country","commonType":"string"},{"propertyName":"region","commonType":"string"}],"methods":[],"crud":[],"tags":["NetworkZone"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/networkZoneStatus.go","context":{"operations":{},"model":{"modelName":"NetworkZoneStatus","enum":["ACTIVE","INACTIVE"],"tags":["NetworkZone"]}}},{"src":"templates/model.go.hbs","dest":"okta/networkZoneType.go","context":{"operations":{},"model":{"modelName":"NetworkZoneType","enum":["IP","DYNAMIC"],"tags":["NetworkZone"]}}},{"src":"templates/model.go.hbs","dest":"okta/networkZoneUsage.go","context":{"operations":{},"model":{"modelName":"NetworkZoneUsage","enum":["POLICY","BLOCKLIST"],"tags":["NetworkZone"]}}},{"src":"templates/model.go.hbs","dest":"okta/notificationType.go","context":{"operations":{},"model":{"modelName":"NotificationType","enum":["CONNECTOR_AGENT","USER_LOCKED_OUT","APP_IMPORT","LDAP_AGENT","AD_AGENT","OKTA_ANNOUNCEMENT","OKTA_ISSUE","OKTA_UPDATE","IWA_AGENT","USER_DEPROVISION","REPORT_SUSPICIOUS_ACTIVITY","RATELIMIT_NOTIFICATION"],"tags":["Subscription"]}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2Actor.go","context":{"operations":{},"model":{"modelName":"OAuth2Actor","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2Claim.go","context":{"operations":{},"model":{"modelName":"OAuth2Claim","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"alwaysIncludeInToken","commonType":"boolean"},{"enum":["IDENTITY","RESOURCE"],"propertyName":"claimType","commonType":"string"},{"$ref":"#/definitions/OAuth2ClaimConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"OAuth2ClaimConditions"},{"enum":["STARTS_WITH","EQUALS","CONTAINS","REGEX"],"propertyName":"group_filter_type","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"name","commonType":"string"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"propertyName":"value","commonType":"string"},{"enum":["EXPRESSION","GROUPS","SYSTEM"],"propertyName":"valueType","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2ClaimConditions.go","context":{"operations":{},"model":{"modelName":"OAuth2ClaimConditions","properties":[{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2Client.go","context":{"operations":{},"model":{"modelName":"OAuth2Client","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"client_id","commonType":"string"},{"readOnly":true,"propertyName":"client_name","commonType":"string"},{"readOnly":true,"propertyName":"client_uri","commonType":"string"},{"readOnly":true,"propertyName":"logo_uri","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2RefreshToken.go","context":{"operations":{},"model":{"modelName":"OAuth2RefreshToken","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"clientId","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/OAuth2Actor","propertyName":"createdBy","commonType":"object","isObject":true,"model":"OAuth2Actor"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"enum":["ACTIVE","REVOKED"],"propertyName":"status","commonType":"string"},{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2Scope.go","context":{"operations":{},"model":{"modelName":"OAuth2Scope","properties":[{"enum":["REQUIRED","IMPLICIT","ADMIN"],"propertyName":"consent","commonType":"string"},{"propertyName":"default","commonType":"boolean"},{"propertyName":"description","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"enum":["ALL_CLIENTS","NO_CLIENTS"],"propertyName":"metadataPublish","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"system","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2ScopeConsentGrant.go","context":{"operations":{},"model":{"modelName":"OAuth2ScopeConsentGrant","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"clientId","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/OAuth2Actor","propertyName":"createdBy","commonType":"object","isObject":true,"model":"OAuth2Actor"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"scopeId","commonType":"string"},{"$ref":"#/definitions/OAuth2ScopeConsentGrantSource","propertyName":"source","commonType":"enum","isEnum":true,"model":"OAuth2ScopeConsentGrantSource"},{"$ref":"#/definitions/OAuth2ScopeConsentGrantStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"OAuth2ScopeConsentGrantStatus"},{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2ScopeConsentGrantSource.go","context":{"operations":{},"model":{"modelName":"OAuth2ScopeConsentGrantSource","enum":["END_USER","ADMIN"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2ScopeConsentGrantStatus.go","context":{"operations":{},"model":{"modelName":"OAuth2ScopeConsentGrantStatus","enum":["ACTIVE","REVOKED"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2ScopesMediationPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"OAuth2ScopesMediationPolicyRuleCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuth2Token.go","context":{"operations":{},"model":{"modelName":"OAuth2Token","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"clientId","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"issuer","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"enum":["ACTIVE","REVOKED"],"propertyName":"status","commonType":"string"},{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oAuthApplicationCredentials.go","context":{"operations":{},"model":{"modelName":"OAuthApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsOAuthClient","propertyName":"oauthClient","commonType":"object","isObject":true,"model":"ApplicationCredentialsOAuthClient"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationCredentials","parent":{"modelName":"ApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"$ref":"#/definitions/ApplicationCredentialsUsernameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"ApplicationCredentialsUsernameTemplate"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/oAuthAuthorizationPolicy.go","context":{"operations":{},"model":{"modelName":"OAuthAuthorizationPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"OAUTH_AUTHORIZATION_POLICY"}}}},{"src":"templates/model.go.hbs","dest":"okta/oAuthEndpointAuthenticationMethod.go","context":{"operations":{},"model":{"modelName":"OAuthEndpointAuthenticationMethod","enum":["none","client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/oAuthGrantType.go","context":{"operations":{},"model":{"modelName":"OAuthGrantType","enum":["authorization_code","implicit","password","refresh_token","client_credentials","saml2_bearer","device_code","token_exchange","interaction_code"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/oAuthResponseType.go","context":{"operations":{},"model":{"modelName":"OAuthResponseType","enum":["code","token","id_token"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/oktaSignOnPolicy.go","context":{"operations":{},"model":{"modelName":"OktaSignOnPolicy","properties":[{"$ref":"#/definitions/OktaSignOnPolicyConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"OktaSignOnPolicyConditions"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"OKTA_SIGN_ON"}}}},{"src":"templates/model.go.hbs","dest":"okta/oktaSignOnPolicyConditions.go","context":{"operations":{},"model":{"modelName":"OktaSignOnPolicyConditions","properties":[{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/oktaSignOnPolicyRule.go","context":{"operations":{},"model":{"modelName":"OktaSignOnPolicyRule","properties":[{"$ref":"#/definitions/OktaSignOnPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleActions"},{"$ref":"#/definitions/OktaSignOnPolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleConditions"},{"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"SIGN_ON"}}}},{"src":"templates/model.go.hbs","dest":"okta/oktaSignOnPolicyRuleActions.go","context":{"operations":{},"model":{"modelName":"OktaSignOnPolicyRuleActions","properties":[{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/oktaSignOnPolicyRuleConditions.go","context":{"operations":{},"model":{"modelName":"OktaSignOnPolicyRuleConditions","properties":[{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/oktaSignOnPolicyRuleSignonActions.go","context":{"operations":{},"model":{"modelName":"OktaSignOnPolicyRuleSignonActions","properties":[{"enum":["ALLOW","DENY"],"propertyName":"access","commonType":"string"},{"propertyName":"factorLifetime","commonType":"integer"},{"enum":["ALWAYS","DEVICE","SESSION"],"propertyName":"factorPromptMode","commonType":"string"},{"default":false,"propertyName":"rememberDeviceByDefault","commonType":"boolean"},{"default":false,"propertyName":"requireFactor","commonType":"boolean"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonSessionActions","propertyName":"session","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonSessionActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/oktaSignOnPolicyRuleSignonSessionActions.go","context":{"operations":{},"model":{"modelName":"OktaSignOnPolicyRuleSignonSessionActions","properties":[{"default":120,"propertyName":"maxSessionIdleMinutes","commonType":"integer"},{"default":0,"propertyName":"maxSessionLifetimeMinutes","commonType":"integer"},{"default":false,"propertyName":"usePersistentCookie","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplication.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplication","properties":[{"$ref":"#/definitions/OAuthApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"OAuthApplicationCredentials"},{"default":"oidc_client","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/OpenIdConnectApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"OPENID_CONNECT"}}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationConsentMethod.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationConsentMethod","enum":["REQUIRED","TRUSTED"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationIdpInitiatedLogin.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationIdpInitiatedLogin","properties":[{"propertyName":"default_scope","commonType":"array","isArray":true,"model":"string"},{"propertyName":"mode","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationIssuerMode.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationIssuerMode","enum":["CUSTOM_URL","ORG_URL","DYNAMIC"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationSettings.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationSettings","properties":[{"$ref":"#/definitions/OpenIdConnectApplicationSettingsClient","propertyName":"oauthClient","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettingsClient"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationSettingsClient.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationSettingsClient","properties":[{"$ref":"#/definitions/OpenIdConnectApplicationType","propertyName":"application_type","commonType":"enum","isEnum":true,"model":"OpenIdConnectApplicationType"},{"propertyName":"client_uri","commonType":"string"},{"$ref":"#/definitions/OpenIdConnectApplicationConsentMethod","propertyName":"consent_method","commonType":"enum","isEnum":true,"model":"OpenIdConnectApplicationConsentMethod"},{"propertyName":"grant_types","commonType":"array","isArray":true,"model":"OAuthGrantType"},{"$ref":"#/definitions/OpenIdConnectApplicationIdpInitiatedLogin","propertyName":"idp_initiated_login","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationIdpInitiatedLogin"},{"propertyName":"initiate_login_uri","commonType":"string"},{"$ref":"#/definitions/OpenIdConnectApplicationIssuerMode","propertyName":"issuer_mode","commonType":"enum","isEnum":true,"model":"OpenIdConnectApplicationIssuerMode"},{"$ref":"#/definitions/OpenIdConnectApplicationSettingsClientKeys","propertyName":"jwks","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettingsClientKeys"},{"propertyName":"logo_uri","commonType":"string"},{"propertyName":"policy_uri","commonType":"string"},{"propertyName":"post_logout_redirect_uris","commonType":"array","isArray":true,"model":"string"},{"propertyName":"redirect_uris","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/OpenIdConnectApplicationSettingsRefreshToken","propertyName":"refresh_token","commonType":"object","isObject":true,"model":"OpenIdConnectApplicationSettingsRefreshToken"},{"propertyName":"response_types","commonType":"array","isArray":true,"model":"OAuthResponseType"},{"propertyName":"tos_uri","commonType":"string"},{"propertyName":"wildcard_redirect","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationSettingsClientKeys.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationSettingsClientKeys","properties":[{"propertyName":"keys","commonType":"array","isArray":true,"model":"JsonWebKey"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationSettingsRefreshToken.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationSettingsRefreshToken","properties":[{"propertyName":"leeway","commonType":"integer"},{"$ref":"#/definitions/OpenIdConnectRefreshTokenRotationType","propertyName":"rotation_type","commonType":"enum","isEnum":true,"model":"OpenIdConnectRefreshTokenRotationType"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectApplicationType.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectApplicationType","enum":["web","native","browser","service"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/openIdConnectRefreshTokenRotationType.go","context":{"operations":{},"model":{"modelName":"OpenIdConnectRefreshTokenRotationType","enum":["rotate","static"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/org2OrgApplication.go","context":{"operations":{},"model":{"modelName":"Org2OrgApplication","properties":[{"default":"okta_org2org","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/Org2OrgApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"Org2OrgApplicationSettings"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"SamlApplication","parent":{"modelName":"SamlApplication","properties":[{"$ref":"#/definitions/SamlApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SamlApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"okta_org2org":"Org2OrgApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"SAML_2_0"}},"resolution":{"fieldName":"name","fieldValue":"okta_org2org"}}}},{"src":"templates/model.go.hbs","dest":"okta/org2OrgApplicationSettings.go","context":{"operations":{},"model":{"modelName":"Org2OrgApplicationSettings","properties":[{"$ref":"#/definitions/Org2OrgApplicationSettingsApp","propertyName":"app","commonType":"object","isObject":true,"model":"Org2OrgApplicationSettingsApp"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"SamlApplicationSettings","parent":{"modelName":"SamlApplicationSettings","properties":[{"$ref":"#/definitions/SamlApplicationSettingsSignOn","propertyName":"signOn","commonType":"object","isObject":true,"model":"SamlApplicationSettingsSignOn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}}},{"src":"templates/model.go.hbs","dest":"okta/org2OrgApplicationSettingsApp.go","context":{"operations":{},"model":{"modelName":"Org2OrgApplicationSettingsApp","properties":[{"propertyName":"acsUrl","commonType":"string"},{"propertyName":"audRestriction","commonType":"string"},{"propertyName":"baseUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/orgContactType.go","context":{"operations":{},"model":{"modelName":"OrgContactType","enum":["BILLING","TECHNICAL"],"tags":["Org"]}}},{"src":"templates/model.go.hbs","dest":"okta/orgContactTypeObj.go","context":{"operations":{},"model":{"modelName":"OrgContactTypeObj","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"$ref":"#/definitions/OrgContactType","propertyName":"contactType","commonType":"enum","isEnum":true,"model":"OrgContactType"}],"methods":[],"crud":[],"tags":["Org"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/orgContactUser.go","context":{"operations":{},"model":{"modelName":"OrgContactUser","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"userId","commonType":"string"}],"methods":[{"alias":"updateContactUser","arguments":[{"dest":"userId","src":"userId"}],"operation":{"path":"/api/v1/org/contacts/{contactType}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"updateOrgContactUser","description":"Updates the User associated with the specified Contact Type.","summary":"Update org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"},{"in":"body","name":"userId","required":true,"schema":{"$ref":"#/definitions/UserIdString"}}],"bodyModel":"UserIdString","formData":[],"responseModel":"OrgContactUser"}}],"crud":[],"tags":["Org"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/orgOktaCommunicationSetting.go","context":{"operations":{},"model":{"modelName":"OrgOktaCommunicationSetting","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"readOnly":true,"propertyName":"optOutEmailUsers","commonType":"boolean"}],"methods":[{"alias":"optInUsersToOktaCommunicationEmails","operation":{"path":"/api/v1/org/privacy/oktaCommunication/optIn","method":"post","queryParams":[],"pathParams":[],"operationId":"optInUsersToOktaCommunicationEmails","description":"Opts in all users of this org to Okta Communication emails.","summary":"Opt in all users to Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"}},{"alias":"optOutUsersFromOktaCommunicationEmails","operation":{"path":"/api/v1/org/privacy/oktaCommunication/optOut","method":"post","queryParams":[],"pathParams":[],"operationId":"optOutUsersFromOktaCommunicationEmails","description":"Opts out all users of this org from Okta Communication emails.","summary":"Opt out all users from Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"}}],"crud":[],"tags":["Org"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/orgOktaSupportSetting.go","context":{"operations":{},"model":{"modelName":"OrgOktaSupportSetting","enum":["DISABLED","ENABLED"],"tags":["Org"]}}},{"src":"templates/model.go.hbs","dest":"okta/orgOktaSupportSettingsObj.go","context":{"operations":{},"model":{"modelName":"OrgOktaSupportSettingsObj","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"readOnly":true,"propertyName":"expiration","commonType":"dateTime"},{"$ref":"#/definitions/OrgOktaSupportSetting","readOnly":true,"propertyName":"support","commonType":"enum","isEnum":true,"model":"OrgOktaSupportSetting"}],"methods":[{"alias":"extendOktaSupport","operation":{"path":"/api/v1/org/privacy/oktaSupport/extend","method":"post","queryParams":[],"pathParams":[],"operationId":"extendOktaSupport","description":"Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}},{"alias":"grantOktaSupport","operation":{"path":"/api/v1/org/privacy/oktaSupport/grant","method":"post","queryParams":[],"pathParams":[],"operationId":"grantOktaSupport","description":"Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.","summary":"Grant Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}},{"alias":"revokeOktaSupport","operation":{"path":"/api/v1/org/privacy/oktaSupport/revoke","method":"post","queryParams":[],"pathParams":[],"operationId":"revokeOktaSupport","description":"Revokes Okta Support access to your organization.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}}],"crud":[],"tags":["Org"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/orgPreferences.go","context":{"operations":{},"model":{"modelName":"OrgPreferences","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"readOnly":true,"propertyName":"showEndUserFooter","commonType":"boolean"}],"methods":[{"alias":"hideEndUserFooter","operation":{"path":"/api/v1/org/preferences/hideEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"hideOktaUIFooter","description":"Hide the Okta UI footer for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"showEndUserFooter","operation":{"path":"/api/v1/org/preferences/showEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"showOktaUIFooter","description":"Makes the Okta UI footer visible for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}}],"crud":[],"tags":["Org"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/orgSetting.go","context":{"operations":{"getOrgSettings":{"path":"/api/v1/org","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgSettings","description":"Get settings of your organization.","summary":"Get org settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgSetting"},"updateOrgSetting":{"path":"/api/v1/org","method":"put","queryParams":[],"pathParams":[],"operationId":"updateOrgSetting","description":"Update settings of your organization.","summary":"Update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"},"partialUpdateOrgSetting":{"path":"/api/v1/org","method":"post","queryParams":[],"pathParams":[],"operationId":"partialUpdateOrgSetting","description":"Partial update settings of your organization.","summary":"Partial update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"},"getOrgContactTypes":{"path":"/api/v1/org/contacts","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgContactTypes","description":"Gets Contact Types of your organization.","summary":"Get org contact types","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OrgContactTypeObj"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"OrgContactTypeObj","isArray":true},"getOrgContactUser":{"path":"/api/v1/org/contacts/{contactType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"getOrgContactUser","description":"Retrieves the URL of the User associated with the specified Contact Type.","summary":"Get org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"}],"formData":[],"responseModel":"OrgContactUser"},"updateOrgContactUser":{"path":"/api/v1/org/contacts/{contactType}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"updateOrgContactUser","description":"Updates the User associated with the specified Contact Type.","summary":"Update org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"},{"in":"body","name":"userId","required":true,"schema":{"$ref":"#/definitions/UserIdString"}}],"bodyModel":"UserIdString","formData":[],"responseModel":"OrgContactUser"},"updateOrgLogo":{"path":"/api/v1/org/logo","method":"post","queryParams":[],"pathParams":[],"operationId":"updateOrgLogo","description":"Updates the logo for your organization.","summary":"Update org logo","tags":["Org"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"}},"parameters":[{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]},"getOrgPreferences":{"path":"/api/v1/org/preferences","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgPreferences","description":"Gets preferences of your organization.","summary":"Get org preferences","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"},"hideOktaUIFooter":{"path":"/api/v1/org/preferences/hideEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"hideOktaUIFooter","description":"Hide the Okta UI footer for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"},"showOktaUIFooter":{"path":"/api/v1/org/preferences/showEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"showOktaUIFooter","description":"Makes the Okta UI footer visible for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"},"getOktaCommunicationSettings":{"path":"/api/v1/org/privacy/oktaCommunication","method":"get","queryParams":[],"pathParams":[],"operationId":"getOktaCommunicationSettings","description":"Gets Okta Communication Settings of your organization.","summary":"Get Okta Communication Settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"},"optInUsersToOktaCommunicationEmails":{"path":"/api/v1/org/privacy/oktaCommunication/optIn","method":"post","queryParams":[],"pathParams":[],"operationId":"optInUsersToOktaCommunicationEmails","description":"Opts in all users of this org to Okta Communication emails.","summary":"Opt in all users to Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"},"optOutUsersFromOktaCommunicationEmails":{"path":"/api/v1/org/privacy/oktaCommunication/optOut","method":"post","queryParams":[],"pathParams":[],"operationId":"optOutUsersFromOktaCommunicationEmails","description":"Opts out all users of this org from Okta Communication emails.","summary":"Opt out all users from Okta Communication emails","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"},"getOrgOktaSupportSettings":{"path":"/api/v1/org/privacy/oktaSupport","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgOktaSupportSettings","description":"Gets Okta Support Settings of your organization.","summary":"Get Okta Support settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"},"extendOktaSupport":{"path":"/api/v1/org/privacy/oktaSupport/extend","method":"post","queryParams":[],"pathParams":[],"operationId":"extendOktaSupport","description":"Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"},"grantOktaSupport":{"path":"/api/v1/org/privacy/oktaSupport/grant","method":"post","queryParams":[],"pathParams":[],"operationId":"grantOktaSupport","description":"Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.","summary":"Grant Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"},"revokeOktaSupport":{"path":"/api/v1/org/privacy/oktaSupport/revoke","method":"post","queryParams":[],"pathParams":[],"operationId":"revokeOktaSupport","description":"Revokes Okta Support access to your organization.","summary":"Extend Okta Support","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}},"model":{"modelName":"OrgSetting","properties":[{"propertyName":"_links","commonType":"object","isObject":true,"model":"object"},{"propertyName":"address1","commonType":"string"},{"propertyName":"address2","commonType":"string"},{"propertyName":"city","commonType":"string"},{"propertyName":"companyName","commonType":"string"},{"propertyName":"country","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"endUserSupportHelpURL","commonType":"string"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"phoneNumber","commonType":"string"},{"propertyName":"postalCode","commonType":"string"},{"propertyName":"state","commonType":"string"},{"readOnly":true,"propertyName":"status","commonType":"string"},{"readOnly":true,"propertyName":"subdomain","commonType":"string"},{"propertyName":"supportPhoneNumber","commonType":"string"},{"propertyName":"website","commonType":"string"}],"methods":[{"alias":"partialUpdate","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org","method":"post","queryParams":[],"pathParams":[],"operationId":"partialUpdateOrgSetting","description":"Partial update settings of your organization.","summary":"Partial update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"}},{"alias":"getContactTypes","operation":{"path":"/api/v1/org/contacts","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgContactTypes","description":"Gets Contact Types of your organization.","summary":"Get org contact types","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OrgContactTypeObj"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"OrgContactTypeObj","isArray":true}},{"alias":"getOrgContactUser","operation":{"path":"/api/v1/org/contacts/{contactType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"getOrgContactUser","description":"Retrieves the URL of the User associated with the specified Contact Type.","summary":"Get org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"}],"formData":[],"responseModel":"OrgContactUser"}},{"alias":"getSupportSettings","operation":{"path":"/api/v1/org/privacy/oktaSupport","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgOktaSupportSettings","description":"Gets Okta Support Settings of your organization.","summary":"Get Okta Support settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaSupportSettingsObj"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaSupportSettingsObj"}},{"alias":"communicationSettings","operation":{"path":"/api/v1/org/privacy/oktaCommunication","method":"get","queryParams":[],"pathParams":[],"operationId":"getOktaCommunicationSettings","description":"Gets Okta Communication Settings of your organization.","summary":"Get Okta Communication Settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgOktaCommunicationSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgOktaCommunicationSetting"}},{"alias":"orgPreferences","operation":{"path":"/api/v1/org/preferences","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgPreferences","description":"Gets preferences of your organization.","summary":"Get org preferences","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"showFooter","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org/preferences/showEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"showOktaUIFooter","description":"Makes the Okta UI footer visible for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"hideFooter","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org/preferences/hideEndUserFooter","method":"post","queryParams":[],"pathParams":[],"operationId":"hideOktaUIFooter","description":"Hide the Okta UI footer for all end users of your organization.","summary":"Show Okta UI Footer","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgPreferences"}}},"parameters":[],"formData":[],"responseModel":"OrgPreferences"}},{"alias":"updateOrgLogo","operation":{"path":"/api/v1/org/logo","method":"post","queryParams":[],"pathParams":[],"operationId":"updateOrgLogo","description":"Updates the logo for your organization.","summary":"Update org logo","tags":["Org"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"}},"parameters":[{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}}],"crud":[{"alias":"read","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org","method":"get","queryParams":[],"pathParams":[],"operationId":"getOrgSettings","description":"Get settings of your organization.","summary":"Get org settings","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[],"formData":[],"responseModel":"OrgSetting"}},{"alias":"update","arguments":[{"dest":"orgSetting","self":true}],"operation":{"path":"/api/v1/org","method":"put","queryParams":[],"pathParams":[],"operationId":"updateOrgSetting","description":"Update settings of your organization.","summary":"Update Org setting","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgSetting"}}},"parameters":[{"in":"body","name":"orgSetting","required":true,"schema":{"$ref":"#/definitions/OrgSetting"}}],"bodyModel":"OrgSetting","formData":[],"responseModel":"OrgSetting"}}],"tags":["Org"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordCredential.go","context":{"operations":{},"model":{"modelName":"PasswordCredential","properties":[{"$ref":"#/definitions/PasswordCredentialHash","propertyName":"hash","commonType":"object","isObject":true,"model":"PasswordCredentialHash"},{"$ref":"#/definitions/PasswordCredentialHook","propertyName":"hook","commonType":"object","isObject":true,"model":"PasswordCredentialHook"},{"propertyName":"value","commonType":"password"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordCredentialHash.go","context":{"operations":{},"model":{"modelName":"PasswordCredentialHash","properties":[{"$ref":"#/definitions/PasswordCredentialHashAlgorithm","propertyName":"algorithm","commonType":"enum","isEnum":true,"model":"PasswordCredentialHashAlgorithm"},{"propertyName":"salt","commonType":"string"},{"propertyName":"saltOrder","commonType":"string"},{"propertyName":"value","commonType":"string"},{"propertyName":"workFactor","commonType":"integer"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordCredentialHashAlgorithm.go","context":{"operations":{},"model":{"modelName":"PasswordCredentialHashAlgorithm","enum":["BCRYPT","SHA-512","SHA-256","SHA-1","MD5"],"tags":["User"]}}},{"src":"templates/model.go.hbs","dest":"okta/passwordCredentialHook.go","context":{"operations":{},"model":{"modelName":"PasswordCredentialHook","properties":[{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordDictionary.go","context":{"operations":{},"model":{"modelName":"PasswordDictionary","properties":[{"$ref":"#/definitions/PasswordDictionaryCommon","propertyName":"common","commonType":"object","isObject":true,"model":"PasswordDictionaryCommon"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordDictionaryCommon.go","context":{"operations":{},"model":{"modelName":"PasswordDictionaryCommon","properties":[{"default":false,"propertyName":"exclude","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordExpirationPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"PasswordExpirationPolicyRuleCondition","properties":[{"propertyName":"number","commonType":"integer"},{"propertyName":"unit","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicy.go","context":{"operations":{},"model":{"modelName":"PasswordPolicy","properties":[{"$ref":"#/definitions/PasswordPolicyConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PasswordPolicyConditions"},{"$ref":"#/definitions/PasswordPolicySettings","propertyName":"settings","commonType":"object","isObject":true,"model":"PasswordPolicySettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"PASSWORD"}}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyAuthenticationProviderCondition.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyAuthenticationProviderCondition","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"},{"enum":["ACTIVE_DIRECTORY","ANY","LDAP","OKTA"],"propertyName":"provider","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyConditions.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyConditions","properties":[{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyDelegationSettings.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyDelegationSettings","properties":[{"$ref":"#/definitions/PasswordPolicyDelegationSettingsOptions","propertyName":"options","commonType":"object","isObject":true,"model":"PasswordPolicyDelegationSettingsOptions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyDelegationSettingsOptions.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyDelegationSettingsOptions","properties":[{"propertyName":"skipUnlock","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyPasswordSettings.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyPasswordSettings","properties":[{"$ref":"#/definitions/PasswordPolicyPasswordSettingsAge","propertyName":"age","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettingsAge"},{"$ref":"#/definitions/PasswordPolicyPasswordSettingsComplexity","propertyName":"complexity","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettingsComplexity"},{"$ref":"#/definitions/PasswordPolicyPasswordSettingsLockout","propertyName":"lockout","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettingsLockout"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyPasswordSettingsAge.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyPasswordSettingsAge","properties":[{"default":0,"propertyName":"expireWarnDays","commonType":"integer"},{"default":0,"propertyName":"historyCount","commonType":"integer"},{"default":0,"propertyName":"maxAgeDays","commonType":"integer"},{"default":0,"propertyName":"minAgeMinutes","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyPasswordSettingsComplexity.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyPasswordSettingsComplexity","properties":[{"$ref":"#/definitions/PasswordDictionary","propertyName":"dictionary","commonType":"object","isObject":true,"model":"PasswordDictionary"},{"default":1,"propertyName":"excludeAttributes","commonType":"array","isArray":true,"model":"string"},{"default":true,"propertyName":"excludeUsername","commonType":"boolean"},{"default":8,"propertyName":"minLength","commonType":"integer"},{"default":1,"propertyName":"minLowerCase","commonType":"integer"},{"default":1,"propertyName":"minNumber","commonType":"integer"},{"default":1,"propertyName":"minSymbol","commonType":"integer"},{"default":1,"propertyName":"minUpperCase","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyPasswordSettingsLockout.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyPasswordSettingsLockout","properties":[{"propertyName":"autoUnlockMinutes","commonType":"integer"},{"propertyName":"maxAttempts","commonType":"integer"},{"propertyName":"showLockoutFailures","commonType":"boolean"},{"propertyName":"userLockoutNotificationChannels","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryEmail.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryEmail","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryEmailProperties","propertyName":"properties","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryEmailProperties"},{"enum":["ACTIVE","INACTIVE"],"readOnly":true,"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryEmailProperties.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryEmailProperties","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryEmailRecoveryToken","propertyName":"recoveryToken","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryEmailRecoveryToken"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryEmailRecoveryToken.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryEmailRecoveryToken","properties":[{"default":10080,"propertyName":"tokenLifetimeMinutes","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryFactorSettings.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryFactorSettings","properties":[{"default":"INACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryFactors.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryFactors","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryFactorSettings","propertyName":"okta_call","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryFactorSettings"},{"$ref":"#/definitions/PasswordPolicyRecoveryEmail","propertyName":"okta_email","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryEmail"},{"$ref":"#/definitions/PasswordPolicyRecoveryFactorSettings","propertyName":"okta_sms","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryFactorSettings"},{"$ref":"#/definitions/PasswordPolicyRecoveryQuestion","propertyName":"recovery_question","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryQuestion"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryQuestion.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryQuestion","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryQuestionProperties","readOnly":true,"propertyName":"properties","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryQuestionProperties"},{"enum":["ACTIVE","INACTIVE"],"readOnly":true,"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryQuestionComplexity.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryQuestionComplexity","properties":[{"readOnly":true,"propertyName":"minLength","commonType":"integer"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoveryQuestionProperties.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoveryQuestionProperties","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryQuestionComplexity","readOnly":true,"propertyName":"complexity","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryQuestionComplexity"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRecoverySettings.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRecoverySettings","properties":[{"$ref":"#/definitions/PasswordPolicyRecoveryFactors","propertyName":"factors","commonType":"object","isObject":true,"model":"PasswordPolicyRecoveryFactors"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRule.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRule","properties":[{"$ref":"#/definitions/PasswordPolicyRuleActions","readOnly":false,"propertyName":"actions","commonType":"object","isObject":true,"model":"PasswordPolicyRuleActions"},{"$ref":"#/definitions/PasswordPolicyRuleConditions","readOnly":false,"propertyName":"conditions","commonType":"object","isObject":true,"model":"PasswordPolicyRuleConditions"},{"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"PASSWORD"}}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRuleAction.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRuleAction","properties":[{"enum":["ALLOW","DENY"],"readOnly":false,"propertyName":"access","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRuleActions.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRuleActions","properties":[{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicyRuleConditions.go","context":{"operations":{},"model":{"modelName":"PasswordPolicyRuleConditions","properties":[{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleConditions","parent":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/passwordPolicySettings.go","context":{"operations":{},"model":{"modelName":"PasswordPolicySettings","properties":[{"$ref":"#/definitions/PasswordPolicyDelegationSettings","propertyName":"delegation","commonType":"object","isObject":true,"model":"PasswordPolicyDelegationSettings"},{"$ref":"#/definitions/PasswordPolicyPasswordSettings","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordPolicyPasswordSettings"},{"$ref":"#/definitions/PasswordPolicyRecoverySettings","propertyName":"recovery","commonType":"object","isObject":true,"model":"PasswordPolicyRecoverySettings"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/passwordSettingObject.go","context":{"operations":{},"model":{"modelName":"PasswordSettingObject","properties":[{"$ref":"#/definitions/ChangeEnum","propertyName":"change","commonType":"enum","isEnum":true,"model":"ChangeEnum"},{"$ref":"#/definitions/SeedEnum","propertyName":"seed","commonType":"enum","isEnum":true,"model":"SeedEnum"},{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/platformConditionEvaluatorPlatform.go","context":{"operations":{},"model":{"modelName":"PlatformConditionEvaluatorPlatform","properties":[{"$ref":"#/definitions/PlatformConditionEvaluatorPlatformOperatingSystem","propertyName":"os","commonType":"object","isObject":true,"model":"PlatformConditionEvaluatorPlatformOperatingSystem"},{"enum":["DESKTOP","MOBILE","OTHER","ANY"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/platformConditionEvaluatorPlatformOperatingSystem.go","context":{"operations":{},"model":{"modelName":"PlatformConditionEvaluatorPlatformOperatingSystem","properties":[{"propertyName":"expression","commonType":"string"},{"enum":["ANDROID","IOS","WINDOWS","OSX","OTHER","ANY"],"propertyName":"type","commonType":"string"},{"$ref":"#/definitions/PlatformConditionEvaluatorPlatformOperatingSystemVersion","propertyName":"version","commonType":"object","isObject":true,"model":"PlatformConditionEvaluatorPlatformOperatingSystemVersion"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/platformConditionEvaluatorPlatformOperatingSystemVersion.go","context":{"operations":{},"model":{"modelName":"PlatformConditionEvaluatorPlatformOperatingSystemVersion","properties":[{"enum":["EXPRESSION","SEMVER"],"propertyName":"matchType","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/platformPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"PlatformPolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"PlatformConditionEvaluatorPlatform"},{"propertyName":"include","commonType":"array","isArray":true,"model":"PlatformConditionEvaluatorPlatform"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policy.go","context":{"operations":{"getPolicy":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"},"updatePolicy":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"},"deletePolicy":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},"listPolicies":{"path":"/api/v1/policies","method":"get","queryParams":[{"in":"query","name":"type","required":true,"type":"string"},{"in":"query","name":"status","type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[],"operationId":"listPolicies","description":"Gets all policies with the specified type.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Policy"},"type":"array"}}},"parameters":[{"in":"query","name":"type","required":true,"type":"string"},{"in":"query","name":"status","type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy","isArray":true},"createPolicy":{"path":"/api/v1/policies","method":"post","queryParams":[{"default":true,"in":"query","name":"activate","type":"boolean"}],"pathParams":[],"operationId":"createPolicy","description":"Creates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"default":true,"in":"query","name":"activate","type":"boolean"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"},"activatePolicy":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},"deactivatePolicy":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]},"listPolicyRules":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true},"createPolicyRule":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"},"deletePolicyRule":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},"getPolicyRule":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"},"updatePolicyRule":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"},"activatePolicyRule":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]},"deactivatePolicyRule":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},"model":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}}}},{"src":"templates/model.go.hbs","dest":"okta/policyAccountLink.go","context":{"operations":{},"model":{"modelName":"PolicyAccountLink","properties":[{"enum":["AUTO","DISABLED"],"propertyName":"action","commonType":"string"},{"$ref":"#/definitions/PolicyAccountLinkFilter","propertyName":"filter","commonType":"object","isObject":true,"model":"PolicyAccountLinkFilter"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyAccountLinkFilter.go","context":{"operations":{},"model":{"modelName":"PolicyAccountLinkFilter","properties":[{"$ref":"#/definitions/PolicyAccountLinkFilterGroups","propertyName":"groups","commonType":"object","isObject":true,"model":"PolicyAccountLinkFilterGroups"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyAccountLinkFilterGroups.go","context":{"operations":{},"model":{"modelName":"PolicyAccountLinkFilterGroups","properties":[{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyNetworkCondition.go","context":{"operations":{},"model":{"modelName":"PolicyNetworkCondition","properties":[{"enum":["ANYWHERE","ZONE"],"propertyName":"connection","commonType":"string"},{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyPeopleCondition.go","context":{"operations":{},"model":{"modelName":"PolicyPeopleCondition","properties":[{"$ref":"#/definitions/GroupCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupCondition"},{"$ref":"#/definitions/UserCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyRule.go","context":{"operations":{"updatePolicyRule":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"},"deletePolicyRule":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},"model":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}}}},{"src":"templates/model.go.hbs","dest":"okta/policyRuleActions.go","context":{"operations":{},"model":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyRuleActionsEnroll.go","context":{"operations":{},"model":{"modelName":"PolicyRuleActionsEnroll","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnrollSelf","propertyName":"self","commonType":"enum","isEnum":true,"model":"PolicyRuleActionsEnrollSelf"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyRuleActionsEnrollSelf.go","context":{"operations":{},"model":{"modelName":"PolicyRuleActionsEnrollSelf","enum":["CHALLENGE","LOGIN","NEVER"],"tags":["Policy"]}}},{"src":"templates/model.go.hbs","dest":"okta/policyRuleAuthContextCondition.go","context":{"operations":{},"model":{"modelName":"PolicyRuleAuthContextCondition","properties":[{"enum":["ANY","RADIUS"],"propertyName":"authType","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policyRuleConditions.go","context":{"operations":{},"model":{"modelName":"PolicyRuleConditions","properties":[{"$ref":"#/definitions/AppAndInstancePolicyRuleCondition","propertyName":"app","commonType":"object","isObject":true,"model":"AppAndInstancePolicyRuleCondition"},{"$ref":"#/definitions/AppInstancePolicyRuleCondition","propertyName":"apps","commonType":"object","isObject":true,"model":"AppInstancePolicyRuleCondition"},{"$ref":"#/definitions/PolicyRuleAuthContextCondition","propertyName":"authContext","commonType":"object","isObject":true,"model":"PolicyRuleAuthContextCondition"},{"$ref":"#/definitions/PasswordPolicyAuthenticationProviderCondition","propertyName":"authProvider","commonType":"object","isObject":true,"model":"PasswordPolicyAuthenticationProviderCondition"},{"$ref":"#/definitions/BeforeScheduledActionPolicyRuleCondition","propertyName":"beforeScheduledAction","commonType":"object","isObject":true,"model":"BeforeScheduledActionPolicyRuleCondition"},{"$ref":"#/definitions/ClientPolicyCondition","propertyName":"clients","commonType":"object","isObject":true,"model":"ClientPolicyCondition"},{"$ref":"#/definitions/ContextPolicyRuleCondition","propertyName":"context","commonType":"object","isObject":true,"model":"ContextPolicyRuleCondition"},{"$ref":"#/definitions/DevicePolicyRuleCondition","propertyName":"device","commonType":"object","isObject":true,"model":"DevicePolicyRuleCondition"},{"$ref":"#/definitions/GrantTypePolicyRuleCondition","propertyName":"grantTypes","commonType":"object","isObject":true,"model":"GrantTypePolicyRuleCondition"},{"$ref":"#/definitions/GroupPolicyRuleCondition","propertyName":"groups","commonType":"object","isObject":true,"model":"GroupPolicyRuleCondition"},{"$ref":"#/definitions/IdentityProviderPolicyRuleCondition","propertyName":"identityProvider","commonType":"object","isObject":true,"model":"IdentityProviderPolicyRuleCondition"},{"$ref":"#/definitions/MDMEnrollmentPolicyRuleCondition","propertyName":"mdmEnrollment","commonType":"object","isObject":true,"model":"MDMEnrollmentPolicyRuleCondition"},{"$ref":"#/definitions/PolicyNetworkCondition","propertyName":"network","commonType":"object","isObject":true,"model":"PolicyNetworkCondition"},{"$ref":"#/definitions/PolicyPeopleCondition","propertyName":"people","commonType":"object","isObject":true,"model":"PolicyPeopleCondition"},{"$ref":"#/definitions/PlatformPolicyRuleCondition","propertyName":"platform","commonType":"object","isObject":true,"model":"PlatformPolicyRuleCondition"},{"$ref":"#/definitions/RiskPolicyRuleCondition","propertyName":"risk","commonType":"object","isObject":true,"model":"RiskPolicyRuleCondition"},{"$ref":"#/definitions/RiskScorePolicyRuleCondition","propertyName":"riskScore","commonType":"object","isObject":true,"model":"RiskScorePolicyRuleCondition"},{"$ref":"#/definitions/OAuth2ScopesMediationPolicyRuleCondition","propertyName":"scopes","commonType":"object","isObject":true,"model":"OAuth2ScopesMediationPolicyRuleCondition"},{"$ref":"#/definitions/UserIdentifierPolicyRuleCondition","propertyName":"userIdentifier","commonType":"object","isObject":true,"model":"UserIdentifierPolicyRuleCondition"},{"$ref":"#/definitions/UserStatusPolicyRuleCondition","propertyName":"userStatus","commonType":"object","isObject":true,"model":"UserStatusPolicyRuleCondition"},{"$ref":"#/definitions/UserPolicyRuleCondition","propertyName":"users","commonType":"object","isObject":true,"model":"UserPolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policySubject.go","context":{"operations":{},"model":{"modelName":"PolicySubject","properties":[{"propertyName":"filter","commonType":"string"},{"propertyName":"format","commonType":"array","isArray":true,"model":"string"},{"propertyName":"matchAttribute","commonType":"string"},{"$ref":"#/definitions/PolicySubjectMatchType","propertyName":"matchType","commonType":"enum","isEnum":true,"model":"PolicySubjectMatchType"},{"$ref":"#/definitions/PolicyUserNameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"PolicyUserNameTemplate"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/policySubjectMatchType.go","context":{"operations":{},"model":{"modelName":"PolicySubjectMatchType","enum":["USERNAME","EMAIL","USERNAME_OR_EMAIL","CUSTOM_ATTRIBUTE"],"tags":["Policy"]}}},{"src":"templates/model.go.hbs","dest":"okta/policyType.go","context":{"operations":{},"model":{"modelName":"PolicyType","enum":["OAUTH_AUTHORIZATION_POLICY","OKTA_SIGN_ON","PASSWORD","IDP_DISCOVERY","PROFILE_ENROLLMENT","ACCESS_POLICY","MFA_ENROLL"],"tags":["Policy"]}}},{"src":"templates/model.go.hbs","dest":"okta/policyUserNameTemplate.go","context":{"operations":{},"model":{"modelName":"PolicyUserNameTemplate","properties":[{"propertyName":"template","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/possessionConstraint.go","context":{"operations":{},"model":{"modelName":"PossessionConstraint","properties":[{"propertyName":"deviceBound","commonType":"string"},{"propertyName":"hardwareProtection","commonType":"string"},{"propertyName":"phishingResistant","commonType":"string"},{"propertyName":"userPresence","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"AccessPolicyConstraint","parent":{"modelName":"AccessPolicyConstraint","properties":[{"propertyName":"methods","commonType":"array","isArray":true,"model":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"types","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/preRegistrationInlineHook.go","context":{"operations":{},"model":{"modelName":"PreRegistrationInlineHook","properties":[{"propertyName":"inlineHookId","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/profileEnrollmentPolicy.go","context":{"operations":{},"model":{"modelName":"ProfileEnrollmentPolicy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"Policy","parent":{"modelName":"Policy","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"propertyName":"system","commonType":"boolean"},{"$ref":"#/definitions/PolicyType","propertyName":"type","commonType":"enum","isEnum":true,"model":"PolicyType"}],"methods":[{"alias":"activate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"activatePolicy","description":"Activates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deactivatePolicy","description":"Deactivates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}},{"alias":"listPolicyRules","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"listPolicyRules","description":"Enumerates all policy rules.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/PolicyRule"},"type":"array"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule","isArray":true}},{"alias":"createRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"createPolicyRule","description":"Creates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"getPolicyRule","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"getPolicyRule","description":"Gets a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[],"responseModel":"PolicyRule"}}],"crud":[{"alias":"read","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"get","queryParams":[{"default":"","in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"getPolicy","description":"Gets a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"default":"","in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Policy"}},{"alias":"update","arguments":[{"dest":"policyId","src":"id"},{"dest":"policy","self":true}],"operation":{"path":"/api/v1/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updatePolicy","description":"Updates a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Policy"}}},"parameters":[{"in":"body","name":"policy","required":true,"schema":{"$ref":"#/definitions/Policy"}},{"in":"path","name":"policyId","required":true,"type":"string"}],"bodyModel":"Policy","formData":[],"responseModel":"Policy"}},{"alias":"delete","arguments":[{"dest":"policyId","src":"id"}],"operation":{"path":"/api/v1/policies/{policyId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"deletePolicy","description":"Removes a policy.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicy","IDP_DISCOVERY":"IdentityProviderPolicy","MFA_ENROLL":"MultifactorEnrollmentPolicy","OAUTH_AUTHORIZATION_POLICY":"OAuthAuthorizationPolicy","OKTA_SIGN_ON":"OktaSignOnPolicy","PASSWORD":"PasswordPolicy","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicy"}}},"resolution":{"fieldName":"type","fieldValue":"PROFILE_ENROLLMENT"}}}},{"src":"templates/model.go.hbs","dest":"okta/profileEnrollmentPolicyRule.go","context":{"operations":{},"model":{"modelName":"ProfileEnrollmentPolicyRule","properties":[{"$ref":"#/definitions/ProfileEnrollmentPolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"ProfileEnrollmentPolicyRuleActions"},{"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRule","parent":{"modelName":"PolicyRule","properties":[{"$ref":"#/definitions/PolicyRuleActions","propertyName":"actions","commonType":"object","isObject":true,"model":"PolicyRuleActions"},{"$ref":"#/definitions/PolicyRuleConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"PolicyRuleConditions"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"priority","commonType":"integer"},{"default":"ACTIVE","enum":["ACTIVE","INACTIVE"],"propertyName":"status","commonType":"string"},{"default":false,"propertyName":"system","commonType":"boolean"},{"enum":["SIGN_ON","PASSWORD"],"propertyName":"type","commonType":"string"}],"methods":[{"alias":"activate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"activatePolicyRule","description":"Activates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deactivatePolicyRule","description":"Deactivates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"update","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyRule","self":true},{"dest":"policyId","parentSrc":"id"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"updatePolicyRule","description":"Updates a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/PolicyRule"}}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"},{"in":"body","name":"policyRule","required":true,"schema":{"$ref":"#/definitions/PolicyRule"}}],"bodyModel":"PolicyRule","formData":[],"responseModel":"PolicyRule"}},{"alias":"delete","arguments":[{"dest":"ruleId","src":"id"},{"dest":"policyId","parentSrc":"policyId"}],"operation":{"path":"/api/v1/policies/{policyId}/rules/{ruleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"operationId":"deletePolicyRule","description":"Removes a policy rule.","tags":["Policy"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"policyId","required":true,"type":"string"},{"in":"path","name":"ruleId","required":true,"type":"string"}],"formData":[]}}],"tags":["Policy"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"type","valueToModelMapping":{"ACCESS_POLICY":"AccessPolicyRule","PASSWORD":"PasswordPolicyRule","PROFILE_ENROLLMENT":"ProfileEnrollmentPolicyRule","SIGN_ON":"OktaSignOnPolicyRule"}}},"resolution":{"fieldName":"type","fieldValue":"PROFILE_ENROLLMENT"}}}},{"src":"templates/model.go.hbs","dest":"okta/profileEnrollmentPolicyRuleAction.go","context":{"operations":{},"model":{"modelName":"ProfileEnrollmentPolicyRuleAction","properties":[{"propertyName":"access","commonType":"string"},{"$ref":"#/definitions/ProfileEnrollmentPolicyRuleActivationRequirement","propertyName":"activationRequirements","commonType":"object","isObject":true,"model":"ProfileEnrollmentPolicyRuleActivationRequirement"},{"propertyName":"preRegistrationInlineHooks","commonType":"array","isArray":true,"model":"PreRegistrationInlineHook"},{"propertyName":"profileAttributes","commonType":"array","isArray":true,"model":"ProfileEnrollmentPolicyRuleProfileAttribute"},{"propertyName":"targetGroupIds","commonType":"array","isArray":true,"model":"string"},{"propertyName":"uiSchemaId","commonType":"string"},{"propertyName":"unknownUserAction","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/profileEnrollmentPolicyRuleActions.go","context":{"operations":{},"model":{"modelName":"ProfileEnrollmentPolicyRuleActions","properties":[{"$ref":"#/definitions/ProfileEnrollmentPolicyRuleAction","propertyName":"profileEnrollment","commonType":"object","isObject":true,"model":"ProfileEnrollmentPolicyRuleAction"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false,"extends":"PolicyRuleActions","parent":{"modelName":"PolicyRuleActions","properties":[{"$ref":"#/definitions/PolicyRuleActionsEnroll","propertyName":"enroll","commonType":"object","isObject":true,"model":"PolicyRuleActionsEnroll"},{"$ref":"#/definitions/IdpPolicyRuleAction","propertyName":"idp","commonType":"object","isObject":true,"model":"IdpPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"passwordChange","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServicePasswordReset","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/PasswordPolicyRuleAction","propertyName":"selfServiceUnlock","commonType":"object","isObject":true,"model":"PasswordPolicyRuleAction"},{"$ref":"#/definitions/OktaSignOnPolicyRuleSignonActions","propertyName":"signon","commonType":"object","isObject":true,"model":"OktaSignOnPolicyRuleSignonActions"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/profileEnrollmentPolicyRuleActivationRequirement.go","context":{"operations":{},"model":{"modelName":"ProfileEnrollmentPolicyRuleActivationRequirement","properties":[{"propertyName":"emailVerification","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/profileEnrollmentPolicyRuleProfileAttribute.go","context":{"operations":{},"model":{"modelName":"ProfileEnrollmentPolicyRuleProfileAttribute","properties":[{"propertyName":"label","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"required","commonType":"boolean"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/profileMapping.go","context":{"operations":{"getProfileMapping":{"path":"/api/v1/mappings/{mappingId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"getProfileMapping","description":"Fetches a single Profile Mapping referenced by its ID.","summary":"Get Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"formData":[],"responseModel":"ProfileMapping"},"updateProfileMapping":{"path":"/api/v1/mappings/{mappingId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"updateProfileMapping","description":"Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.","summary":"Update Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"},{"in":"body","name":"profileMapping","required":true,"schema":{"$ref":"#/definitions/ProfileMapping"}}],"bodyModel":"ProfileMapping","formData":[],"responseModel":"ProfileMapping"},"listProfileMappings":{"path":"/api/v1/mappings","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"sourceId","type":"string"},{"default":"","in":"query","name":"targetId","type":"string"}],"pathParams":[],"operationId":"listProfileMappings","description":"Enumerates Profile Mappings in your organization with pagination.","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ProfileMapping"},"type":"array"}}},"parameters":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"sourceId","type":"string"},{"default":"","in":"query","name":"targetId","type":"string"}],"formData":[],"responseModel":"ProfileMapping","isArray":true}},"model":{"modelName":"ProfileMapping","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"properties","commonType":"hash","isHash":true,"model":"ProfileMappingProperty"},{"$ref":"#/definitions/ProfileMappingSource","propertyName":"source","commonType":"object","isObject":true,"model":"ProfileMappingSource"},{"$ref":"#/definitions/ProfileMappingSource","propertyName":"target","commonType":"object","isObject":true,"model":"ProfileMappingSource"}],"methods":[],"crud":[{"alias":"read","arguments":[{"dest":"mappingId","src":"id"}],"operation":{"path":"/api/v1/mappings/{mappingId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"getProfileMapping","description":"Fetches a single Profile Mapping referenced by its ID.","summary":"Get Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"formData":[],"responseModel":"ProfileMapping"}},{"alias":"update","arguments":[{"dest":"mappingId","src":"id"}],"operation":{"path":"/api/v1/mappings/{mappingId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"mappingId","required":true,"type":"string"}],"operationId":"updateProfileMapping","description":"Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.","summary":"Update Profile Mapping","tags":["ProfileMapping"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProfileMapping"}}},"parameters":[{"in":"path","name":"mappingId","required":true,"type":"string"},{"in":"body","name":"profileMapping","required":true,"schema":{"$ref":"#/definitions/ProfileMapping"}}],"bodyModel":"ProfileMapping","formData":[],"responseModel":"ProfileMapping"}}],"tags":["ProfileMapping"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/profileMappingProperty.go","context":{"operations":{},"model":{"modelName":"ProfileMappingProperty","properties":[{"propertyName":"expression","commonType":"string"},{"$ref":"#/definitions/ProfileMappingPropertyPushStatus","propertyName":"pushStatus","commonType":"enum","isEnum":true,"model":"ProfileMappingPropertyPushStatus"}],"methods":[],"crud":[],"tags":["ProfileMapping"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/profileMappingPropertyPushStatus.go","context":{"operations":{},"model":{"modelName":"ProfileMappingPropertyPushStatus","enum":["PUSH","DONT_PUSH"],"tags":["ProfileMapping"]}}},{"src":"templates/model.go.hbs","dest":"okta/profileMappingSource.go","context":{"operations":{},"model":{"modelName":"ProfileMappingSource","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["ProfileMapping"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/profileSettingObject.go","context":{"operations":{},"model":{"modelName":"ProfileSettingObject","properties":[{"$ref":"#/definitions/EnabledStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"EnabledStatus"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocol.go","context":{"operations":{},"model":{"modelName":"Protocol","properties":[{"$ref":"#/definitions/ProtocolAlgorithms","propertyName":"algorithms","commonType":"object","isObject":true,"model":"ProtocolAlgorithms"},{"$ref":"#/definitions/IdentityProviderCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"IdentityProviderCredentials"},{"$ref":"#/definitions/ProtocolEndpoints","propertyName":"endpoints","commonType":"object","isObject":true,"model":"ProtocolEndpoints"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"issuer","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolRelayState","propertyName":"relayState","commonType":"object","isObject":true,"model":"ProtocolRelayState"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/ProtocolSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ProtocolSettings"},{"enum":["SAML2","OIDC","OAUTH2","MTLS"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocolAlgorithmType.go","context":{"operations":{},"model":{"modelName":"ProtocolAlgorithmType","properties":[{"$ref":"#/definitions/ProtocolAlgorithmTypeSignature","propertyName":"signature","commonType":"object","isObject":true,"model":"ProtocolAlgorithmTypeSignature"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocolAlgorithmTypeSignature.go","context":{"operations":{},"model":{"modelName":"ProtocolAlgorithmTypeSignature","properties":[{"propertyName":"algorithm","commonType":"string"},{"enum":["RESPONSE","TOKEN","ANY","REQUEST","NONE"],"propertyName":"scope","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocolAlgorithms.go","context":{"operations":{},"model":{"modelName":"ProtocolAlgorithms","properties":[{"$ref":"#/definitions/ProtocolAlgorithmType","propertyName":"request","commonType":"object","isObject":true,"model":"ProtocolAlgorithmType"},{"$ref":"#/definitions/ProtocolAlgorithmType","propertyName":"response","commonType":"object","isObject":true,"model":"ProtocolAlgorithmType"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocolEndpoint.go","context":{"operations":{},"model":{"modelName":"ProtocolEndpoint","properties":[{"enum":["HTTP-POST","HTTP-REDIRECT"],"propertyName":"binding","commonType":"string"},{"propertyName":"destination","commonType":"string"},{"enum":["INSTANCE","ORG"],"propertyName":"type","commonType":"string"},{"propertyName":"url","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocolEndpoints.go","context":{"operations":{},"model":{"modelName":"ProtocolEndpoints","properties":[{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"acs","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"authorization","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"jwks","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"metadata","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"slo","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"sso","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"token","commonType":"object","isObject":true,"model":"ProtocolEndpoint"},{"$ref":"#/definitions/ProtocolEndpoint","propertyName":"userInfo","commonType":"object","isObject":true,"model":"ProtocolEndpoint"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocolRelayState.go","context":{"operations":{},"model":{"modelName":"ProtocolRelayState","properties":[{"$ref":"#/definitions/ProtocolRelayStateFormat","propertyName":"format","commonType":"enum","isEnum":true,"model":"ProtocolRelayStateFormat"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/protocolRelayStateFormat.go","context":{"operations":{},"model":{"modelName":"ProtocolRelayStateFormat","enum":["OPAQUE","FROM_URL"],"tags":["IdentityProvider"]}}},{"src":"templates/model.go.hbs","dest":"okta/protocolSettings.go","context":{"operations":{},"model":{"modelName":"ProtocolSettings","properties":[{"propertyName":"nameFormat","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioning.go","context":{"operations":{},"model":{"modelName":"Provisioning","properties":[{"enum":["AUTO","CALLOUT","DISABLED"],"propertyName":"action","commonType":"string"},{"$ref":"#/definitions/ProvisioningConditions","propertyName":"conditions","commonType":"object","isObject":true,"model":"ProvisioningConditions"},{"$ref":"#/definitions/ProvisioningGroups","propertyName":"groups","commonType":"object","isObject":true,"model":"ProvisioningGroups"},{"propertyName":"profileMaster","commonType":"boolean"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningConditions.go","context":{"operations":{},"model":{"modelName":"ProvisioningConditions","properties":[{"$ref":"#/definitions/ProvisioningDeprovisionedCondition","propertyName":"deprovisioned","commonType":"object","isObject":true,"model":"ProvisioningDeprovisionedCondition"},{"$ref":"#/definitions/ProvisioningSuspendedCondition","propertyName":"suspended","commonType":"object","isObject":true,"model":"ProvisioningSuspendedCondition"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningConnection.go","context":{"operations":{},"model":{"modelName":"ProvisioningConnection","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ProvisioningConnectionAuthScheme","propertyName":"authScheme","commonType":"enum","isEnum":true,"model":"ProvisioningConnectionAuthScheme"},{"$ref":"#/definitions/ProvisioningConnectionStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"ProvisioningConnectionStatus"}],"methods":[{"alias":"getDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getDefaultProvisioningConnectionForApplication","description":"Get default Provisioning Connection for application","summary":"Fetches the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"ProvisioningConnection"}},{"alias":"activateDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateDefaultProvisioningConnectionForApplication","description":"Activates the default Provisioning Connection for an application.","summary":"Activate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivateDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateDefaultProvisioningConnectionForApplication","description":"Deactivates the default Provisioning Connection for an application.","summary":"Deactivate default Provisioning Connection for application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningConnectionAuthScheme.go","context":{"operations":{},"model":{"modelName":"ProvisioningConnectionAuthScheme","enum":["TOKEN","UNKNOWN"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningConnectionProfile.go","context":{"operations":{},"model":{"modelName":"ProvisioningConnectionProfile","properties":[{"$ref":"#/definitions/ProvisioningConnectionAuthScheme","propertyName":"authScheme","commonType":"enum","isEnum":true,"model":"ProvisioningConnectionAuthScheme"},{"propertyName":"token","commonType":"string"}],"methods":[{"alias":"setDefaultProvisioningConnectionForApplication","operation":{"path":"/api/v1/apps/{appId}/connections/default","method":"post","queryParams":[{"in":"query","name":"activate","type":"boolean"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"setDefaultProvisioningConnectionForApplication","description":"Set default Provisioning Connection for application","summary":"Sets the default Provisioning Connection for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ProvisioningConnection"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"profile","required":true,"schema":{"$ref":"#/definitions/ProvisioningConnectionRequest"}},{"in":"query","name":"activate","type":"boolean"}],"bodyModel":"ProvisioningConnectionRequest","formData":[],"responseModel":"ProvisioningConnection"}}],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningConnectionRequest.go","context":{"operations":{},"model":{"modelName":"ProvisioningConnectionRequest","properties":[{"$ref":"#/definitions/ProvisioningConnectionProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"ProvisioningConnectionProfile"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningConnectionStatus.go","context":{"operations":{},"model":{"modelName":"ProvisioningConnectionStatus","enum":["DISABLED","ENABLED","UNKNOWN"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningDeprovisionedCondition.go","context":{"operations":{},"model":{"modelName":"ProvisioningDeprovisionedCondition","properties":[{"enum":["NONE","REACTIVATE"],"propertyName":"action","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningGroups.go","context":{"operations":{},"model":{"modelName":"ProvisioningGroups","properties":[{"enum":["NONE","APPEND","SYNC","ASSIGN"],"propertyName":"action","commonType":"string"},{"propertyName":"assignments","commonType":"array","isArray":true,"model":"string"},{"propertyName":"filter","commonType":"array","isArray":true,"model":"string"},{"propertyName":"sourceAttributeName","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/provisioningSuspendedCondition.go","context":{"operations":{},"model":{"modelName":"ProvisioningSuspendedCondition","properties":[{"enum":["NONE","UNSUSPEND"],"propertyName":"action","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/pushUserFactor.go","context":{"operations":{},"model":{"modelName":"PushUserFactor","properties":[{"propertyName":"expiresAt","commonType":"dateTime"},{"$ref":"#/definitions/FactorResultType","propertyName":"factorResult","commonType":"enum","isEnum":true,"model":"FactorResultType"},{"$ref":"#/definitions/PushUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"PushUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"push"}}}},{"src":"templates/model.go.hbs","dest":"okta/pushUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"PushUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"},{"propertyName":"deviceToken","commonType":"string"},{"propertyName":"deviceType","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"platform","commonType":"string"},{"propertyName":"version","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/recoveryQuestionCredential.go","context":{"operations":{},"model":{"modelName":"RecoveryQuestionCredential","properties":[{"propertyName":"answer","commonType":"string"},{"propertyName":"question","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/requiredEnum.go","context":{"operations":{},"model":{"modelName":"RequiredEnum","enum":["ALWAYS","HIGH_RISK_ONLY","NEVER"],"tags":["Authenticator"]}}},{"src":"templates/model.go.hbs","dest":"okta/resetPasswordToken.go","context":{"operations":{},"model":{"modelName":"ResetPasswordToken","properties":[{"readOnly":true,"propertyName":"resetPasswordUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/responseLinks.go","context":{"operations":{},"model":{"modelName":"ResponseLinks","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/riskPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"RiskPolicyRuleCondition","properties":[{"uniqueItems":true,"propertyName":"behaviors","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/riskScorePolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"RiskScorePolicyRuleCondition","properties":[{"propertyName":"level","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/role.go","context":{"operations":{},"model":{"modelName":"Role","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/RoleAssignmentType","propertyName":"assignmentType","commonType":"enum","isEnum":true,"model":"RoleAssignmentType"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"description","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/RoleStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"RoleStatus"},{"$ref":"#/definitions/RoleType","propertyName":"type","commonType":"enum","isEnum":true,"model":"RoleType"}],"methods":[{"alias":"addAdminGroupTarget","arguments":[{"dest":"roleId","src":"id"},{"dest":"groupId","parentSrc":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"operationId":"addGroupTargetToGroupAdministratorRoleForGroup","description":"","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"targetGroupId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppInstanceTargetToAdminRole","arguments":[{"dest":"roleId","src":"id"},{"dest":"groupId","parentSrc":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationInstanceTargetToAppAdminRoleGivenToGroup","description":"Add App Instance Target to App Administrator Role given to a Group","summary":"Add App Instance Target to App Administrator Role given to a Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppTargetToAdminRole","arguments":[{"dest":"roleId","src":"id"},{"dest":"groupId","parentSrc":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleGivenToGroup","description":"Success","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]}},{"alias":"addAllAppsAsTargetToRole","arguments":[{"dest":"roleId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"addAllAppsAsTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppTargetToAppAdminRoleForUser","arguments":[{"dest":"roleId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationTargetToAppAdminRoleForUser","description":"Add App Instance Target to App Administrator Role given to a User","summary":"Add App Instance Target to App Administrator Role given to a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]}},{"alias":"addAppTargetToAdminRoleForUser","arguments":[{"dest":"roleId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleForUser","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]}}],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/roleAssignmentType.go","context":{"operations":{},"model":{"modelName":"RoleAssignmentType","enum":["GROUP","USER"],"tags":["Role"]}}},{"src":"templates/model.go.hbs","dest":"okta/roleStatus.go","context":{"operations":{},"model":{"modelName":"RoleStatus","enum":["ACTIVE","INACTIVE"],"tags":["User"]}}},{"src":"templates/model.go.hbs","dest":"okta/roleType.go","context":{"operations":{},"model":{"modelName":"RoleType","enum":["SUPER_ADMIN","ORG_ADMIN","APP_ADMIN","USER_ADMIN","HELP_DESK_ADMIN","READ_ONLY_ADMIN","MOBILE_ADMIN","API_ACCESS_MANAGEMENT_ADMIN","REPORT_ADMIN","GROUP_MEMBERSHIP_ADMIN","CUSTOM"],"tags":["Role"]}}},{"src":"templates/model.go.hbs","dest":"okta/samlApplication.go","context":{"operations":{},"model":{"modelName":"SamlApplication","properties":[{"$ref":"#/definitions/SamlApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SamlApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"okta_org2org":"Org2OrgApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"SAML_2_0"}}}},{"src":"templates/model.go.hbs","dest":"okta/samlApplicationSettings.go","context":{"operations":{},"model":{"modelName":"SamlApplicationSettings","properties":[{"$ref":"#/definitions/SamlApplicationSettingsSignOn","propertyName":"signOn","commonType":"object","isObject":true,"model":"SamlApplicationSettingsSignOn"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/samlApplicationSettingsSignOn.go","context":{"operations":{},"model":{"modelName":"SamlApplicationSettingsSignOn","properties":[{"propertyName":"acsEndpoints","commonType":"array","isArray":true,"model":"AcsEndpoint"},{"propertyName":"allowMultipleAcsEndpoints","commonType":"boolean"},{"propertyName":"assertionSigned","commonType":"boolean"},{"propertyName":"attributeStatements","commonType":"array","isArray":true,"model":"SamlAttributeStatement"},{"propertyName":"audience","commonType":"string"},{"propertyName":"audienceOverride","commonType":"string"},{"propertyName":"authnContextClassRef","commonType":"string"},{"propertyName":"defaultRelayState","commonType":"string"},{"propertyName":"destination","commonType":"string"},{"propertyName":"destinationOverride","commonType":"string"},{"propertyName":"digestAlgorithm","commonType":"string"},{"propertyName":"honorForceAuthn","commonType":"boolean"},{"propertyName":"idpIssuer","commonType":"string"},{"propertyName":"inlineHooks","commonType":"array","isArray":true,"model":"SignOnInlineHook"},{"propertyName":"recipient","commonType":"string"},{"propertyName":"recipientOverride","commonType":"string"},{"propertyName":"requestCompressed","commonType":"boolean"},{"propertyName":"responseSigned","commonType":"boolean"},{"propertyName":"samlSignedRequestEnabled","commonType":"boolean"},{"propertyName":"signatureAlgorithm","commonType":"string"},{"$ref":"#/definitions/SingleLogout","propertyName":"slo","commonType":"object","isObject":true,"model":"SingleLogout"},{"$ref":"#/definitions/SpCertificate","propertyName":"spCertificate","commonType":"object","isObject":true,"model":"SpCertificate"},{"propertyName":"spIssuer","commonType":"string"},{"propertyName":"ssoAcsUrl","commonType":"string"},{"propertyName":"ssoAcsUrlOverride","commonType":"string"},{"propertyName":"subjectNameIdFormat","commonType":"string"},{"propertyName":"subjectNameIdTemplate","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/samlAttributeStatement.go","context":{"operations":{},"model":{"modelName":"SamlAttributeStatement","properties":[{"propertyName":"filterType","commonType":"string"},{"propertyName":"filterValue","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"namespace","commonType":"string"},{"propertyName":"type","commonType":"string"},{"propertyName":"values","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/scheduledUserLifecycleAction.go","context":{"operations":{},"model":{"modelName":"ScheduledUserLifecycleAction","properties":[{"enum":["ACTIVE","INACTIVE","PENDING","DELETED","EXPIRED_PASSWORD","ACTIVATING","SUSPENDED","DELETING"],"propertyName":"status","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/schemeApplicationCredentials.go","context":{"operations":{},"model":{"modelName":"SchemeApplicationCredentials","properties":[{"$ref":"#/definitions/PasswordCredential","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordCredential"},{"propertyName":"revealPassword","commonType":"boolean"},{"$ref":"#/definitions/ApplicationCredentialsScheme","propertyName":"scheme","commonType":"enum","isEnum":true,"model":"ApplicationCredentialsScheme"},{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"propertyName":"userName","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationCredentials","parent":{"modelName":"ApplicationCredentials","properties":[{"$ref":"#/definitions/ApplicationCredentialsSigning","propertyName":"signing","commonType":"object","isObject":true,"model":"ApplicationCredentialsSigning"},{"$ref":"#/definitions/ApplicationCredentialsUsernameTemplate","propertyName":"userNameTemplate","commonType":"object","isObject":true,"model":"ApplicationCredentialsUsernameTemplate"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/scope.go","context":{"operations":{},"model":{"modelName":"Scope","properties":[{"propertyName":"allowedOktaApps","commonType":"array","isArray":true,"model":"IframeEmbedScopeAllowedApps"},{"propertyName":"stringValue","commonType":"string"},{"$ref":"#/definitions/ScopeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"ScopeType"}],"methods":[],"crud":[],"tags":["Role"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/scopeType.go","context":{"operations":{},"model":{"modelName":"ScopeType","enum":["CORS","REDIRECT","IFRAME_EMBED"],"tags":["Role"]}}},{"src":"templates/model.go.hbs","dest":"okta/securePasswordStoreApplication.go","context":{"operations":{},"model":{"modelName":"SecurePasswordStoreApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"default":"template_sps","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/SecurePasswordStoreApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SecurePasswordStoreApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"SECURE_PASSWORD_STORE"}}}},{"src":"templates/model.go.hbs","dest":"okta/securePasswordStoreApplicationSettings.go","context":{"operations":{},"model":{"modelName":"SecurePasswordStoreApplicationSettings","properties":[{"$ref":"#/definitions/SecurePasswordStoreApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"SecurePasswordStoreApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/securePasswordStoreApplicationSettingsApplication.go","context":{"operations":{},"model":{"modelName":"SecurePasswordStoreApplicationSettingsApplication","properties":[{"propertyName":"optionalField1","commonType":"string"},{"propertyName":"optionalField1Value","commonType":"string"},{"propertyName":"optionalField2","commonType":"string"},{"propertyName":"optionalField2Value","commonType":"string"},{"propertyName":"optionalField3","commonType":"string"},{"propertyName":"optionalField3Value","commonType":"string"},{"propertyName":"passwordField","commonType":"string"},{"propertyName":"url","commonType":"string"},{"propertyName":"usernameField","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/securityQuestion.go","context":{"operations":{},"model":{"modelName":"SecurityQuestion","properties":[{"propertyName":"answer","commonType":"string"},{"propertyName":"question","commonType":"string"},{"propertyName":"questionText","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/securityQuestionUserFactor.go","context":{"operations":{},"model":{"modelName":"SecurityQuestionUserFactor","properties":[{"$ref":"#/definitions/SecurityQuestionUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"SecurityQuestionUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"question"}}}},{"src":"templates/model.go.hbs","dest":"okta/securityQuestionUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"SecurityQuestionUserFactorProfile","properties":[{"propertyName":"answer","commonType":"string"},{"propertyName":"question","commonType":"string"},{"propertyName":"questionText","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/seedEnum.go","context":{"operations":{},"model":{"modelName":"SeedEnum","enum":["OKTA","RANDOM"],"tags":["Application"]}}},{"src":"templates/model.go.hbs","dest":"okta/session.go","context":{"operations":{"getSession":{"path":"/api/v1/sessions/{sessionId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"getSession","description":"Get details about a session.","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"},"endSession":{"path":"/api/v1/sessions/{sessionId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"endSession","description":"","summary":"Close Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[]},"createSession":{"path":"/api/v1/sessions","method":"post","queryParams":[],"pathParams":[],"operationId":"createSession","description":"Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.","summary":"Create Session with Session Token","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}},"400":{"description":"Bad Request"}},"parameters":[{"in":"body","name":"createSessionRequest","required":true,"schema":{"$ref":"#/definitions/CreateSessionRequest"}}],"bodyModel":"CreateSessionRequest","formData":[],"responseModel":"Session"},"refreshSession":{"path":"/api/v1/sessions/{sessionId}/lifecycle/refresh","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"refreshSession","description":"","summary":"Refresh Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"}},"model":{"modelName":"Session","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"amr","commonType":"array","isArray":true,"model":"SessionAuthenticationMethod"},{"readOnly":true,"propertyName":"createdAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/SessionIdentityProvider","readOnly":true,"propertyName":"idp","commonType":"object","isObject":true,"model":"SessionIdentityProvider"},{"readOnly":true,"propertyName":"lastFactorVerification","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastPasswordVerification","commonType":"dateTime"},{"readOnly":true,"propertyName":"login","commonType":"string"},{"$ref":"#/definitions/SessionStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"SessionStatus"},{"readOnly":true,"propertyName":"userId","commonType":"string"}],"methods":[{"alias":"refresh","arguments":[{"dest":"sessionId","src":"id"}],"operation":{"path":"/api/v1/sessions/{sessionId}/lifecycle/refresh","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"refreshSession","description":"","summary":"Refresh Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"}}],"crud":[{"alias":"read","arguments":[{"dest":"sessionId","src":"id"}],"operation":{"path":"/api/v1/sessions/{sessionId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"getSession","description":"Get details about a session.","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Session"}}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[],"responseModel":"Session"}},{"alias":"delete","arguments":[{"dest":"sessionId","src":"id"}],"operation":{"path":"/api/v1/sessions/{sessionId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"operationId":"endSession","description":"","summary":"Close Session","tags":["Session"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"sessionId","required":true,"type":"string"}],"formData":[]}}],"tags":["Session"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/sessionAuthenticationMethod.go","context":{"operations":{},"model":{"modelName":"SessionAuthenticationMethod","enum":["pwd","swk","hwk","otp","sms","tel","geo","fpt","kba","mfa","mca","sc"],"tags":["Session"]}}},{"src":"templates/model.go.hbs","dest":"okta/sessionIdentityProvider.go","context":{"operations":{},"model":{"modelName":"SessionIdentityProvider","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/SessionIdentityProviderType","readOnly":true,"propertyName":"type","commonType":"enum","isEnum":true,"model":"SessionIdentityProviderType"}],"methods":[],"crud":[],"tags":["Session"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/sessionIdentityProviderType.go","context":{"operations":{},"model":{"modelName":"SessionIdentityProviderType","enum":["ACTIVE_DIRECTORY","LDAP","OKTA","FEDERATION","SOCIAL"],"tags":["Session"]}}},{"src":"templates/model.go.hbs","dest":"okta/sessionStatus.go","context":{"operations":{},"model":{"modelName":"SessionStatus","enum":["ACTIVE","MFA_ENROLL","MFA_REQUIRED"],"tags":["Session"]}}},{"src":"templates/model.go.hbs","dest":"okta/signInPageTouchPointVariant.go","context":{"operations":{},"model":{"modelName":"SignInPageTouchPointVariant","enum":["OKTA_DEFAULT","BACKGROUND_SECONDARY_COLOR","BACKGROUND_IMAGE"],"tags":["Brand"]}}},{"src":"templates/model.go.hbs","dest":"okta/signOnInlineHook.go","context":{"operations":{},"model":{"modelName":"SignOnInlineHook","properties":[{"propertyName":"id","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/singleLogout.go","context":{"operations":{},"model":{"modelName":"SingleLogout","properties":[{"propertyName":"enabled","commonType":"boolean"},{"propertyName":"issuer","commonType":"string"},{"propertyName":"logoutUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/smsTemplate.go","context":{"operations":{"createSmsTemplate":{"path":"/api/v1/templates/sms","method":"post","queryParams":[],"pathParams":[],"operationId":"createSmsTemplate","description":"Adds a new custom SMS template to your organization.","summary":"Add SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"},"getSmsTemplate":{"path":"/api/v1/templates/sms/{templateId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"getSmsTemplate","description":"Fetches a specific template by `id`","summary":"Get SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[],"responseModel":"SmsTemplate"},"updateSmsTemplate":{"path":"/api/v1/templates/sms/{templateId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"updateSmsTemplate","description":"Updates the SMS template.","summary":"Update SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"},"deleteSmsTemplate":{"path":"/api/v1/templates/sms/{templateId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"deleteSmsTemplate","description":"Removes an SMS template.","summary":"Remove SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[]},"listSmsTemplates":{"path":"/api/v1/templates/sms","method":"get","queryParams":[{"in":"query","name":"templateType","type":"string","model":"SmsTemplateType"}],"pathParams":[],"operationId":"listSmsTemplates","description":"Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.","summary":"List SMS Templates","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SmsTemplate"},"type":"array"}}},"parameters":[{"in":"query","name":"templateType","type":"string","model":"SmsTemplateType"}],"formData":[],"responseModel":"SmsTemplate","isArray":true},"partialUpdateSmsTemplate":{"path":"/api/v1/templates/sms/{templateId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"partialUpdateSmsTemplate","description":"Updates only some of the SMS template properties:","summary":"Partial SMS Template Update","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"}},"model":{"modelName":"SmsTemplate","properties":[{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"name","commonType":"string"},{"propertyName":"template","commonType":"string"},{"$ref":"#/definitions/SmsTemplateTranslations","propertyName":"translations","commonType":"object","isObject":true,"model":"SmsTemplateTranslations"},{"$ref":"#/definitions/SmsTemplateType","propertyName":"type","commonType":"enum","isEnum":true,"model":"SmsTemplateType"}],"methods":[{"alias":"partialUpdate","arguments":[{"dest":"templateId","src":"id"},{"dest":"smsTemplate","self":true}],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"partialUpdateSmsTemplate","description":"Updates only some of the SMS template properties:","summary":"Partial SMS Template Update","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"}}],"crud":[{"alias":"create","arguments":[{"dest":"smsTemplate","self":true}],"operation":{"path":"/api/v1/templates/sms","method":"post","queryParams":[],"pathParams":[],"operationId":"createSmsTemplate","description":"Adds a new custom SMS template to your organization.","summary":"Add SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"getSmsTemplate","description":"Fetches a specific template by `id`","summary":"Get SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[],"responseModel":"SmsTemplate"}},{"alias":"update","arguments":[{"dest":"templateId","src":"id"},{"dest":"smsTemplate","self":true}],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"updateSmsTemplate","description":"Updates the SMS template.","summary":"Update SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/SmsTemplate"}}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"},{"in":"body","name":"smsTemplate","required":true,"schema":{"$ref":"#/definitions/SmsTemplate"}}],"bodyModel":"SmsTemplate","formData":[],"responseModel":"SmsTemplate"}},{"alias":"delete","arguments":[{"dest":"templateId","src":"id"}],"operation":{"path":"/api/v1/templates/sms/{templateId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"templateId","required":true,"type":"string"}],"operationId":"deleteSmsTemplate","description":"Removes an SMS template.","summary":"Remove SMS Template","tags":["Template"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"templateId","required":true,"type":"string"}],"formData":[]}}],"tags":["Template"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/smsTemplateTranslations.go","context":{"operations":{},"model":{"modelName":"SmsTemplateTranslations","properties":[],"methods":[],"crud":[],"tags":["Template"],"isExtensible":true}}},{"src":"templates/model.go.hbs","dest":"okta/smsTemplateType.go","context":{"operations":{},"model":{"modelName":"SmsTemplateType","enum":["SMS_VERIFY_CODE"],"tags":["Template"]}}},{"src":"templates/model.go.hbs","dest":"okta/smsUserFactor.go","context":{"operations":{},"model":{"modelName":"SmsUserFactor","properties":[{"$ref":"#/definitions/SmsUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"SmsUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"sms"}}}},{"src":"templates/model.go.hbs","dest":"okta/smsUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"SmsUserFactorProfile","properties":[{"propertyName":"phoneNumber","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/socialAuthToken.go","context":{"operations":{},"model":{"modelName":"SocialAuthToken","properties":[{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"string"},{"propertyName":"token","commonType":"string"},{"propertyName":"tokenAuthScheme","commonType":"string"},{"propertyName":"tokenType","commonType":"string"}],"methods":[],"crud":[],"tags":["IdentityProvider"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/spCertificate.go","context":{"operations":{},"model":{"modelName":"SpCertificate","properties":[{"readOnly":false,"propertyName":"x5c","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/subscription.go","context":{"operations":{"listRoleSubscriptions":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"operationId":"listRoleSubscriptions","description":"When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role","summary":"List all subscriptions of a Custom Role","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true},"getRoleSubscriptionByNotificationType":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getRoleSubscriptionByNotificationType","description":"When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.","summary":"Get subscriptions of a Custom Role with a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"},"subscribeRoleSubscriptionByNotificationType":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeRoleSubscriptionByNotificationType","description":"When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Subscribe a Custom Role to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]},"unsubscribeRoleSubscriptionByNotificationType":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeRoleSubscriptionByNotificationType","description":"When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Unsubscribe a Custom Role from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]},"subscribeUserSubscriptionByNotificationType":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeUserSubscriptionByNotificationType","description":"Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Subscribe to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]},"unsubscribeUserSubscriptionByNotificationType":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeUserSubscriptionByNotificationType","description":"Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Unsubscribe from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}},"model":{"modelName":"Subscription","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"channels","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/NotificationType","propertyName":"notificationType","commonType":"enum","isEnum":true,"model":"NotificationType"},{"$ref":"#/definitions/SubscriptionStatus","propertyName":"status","commonType":"enum","isEnum":true,"model":"SubscriptionStatus"}],"methods":[{"alias":"listRoleSubscriptions","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"operationId":"listRoleSubscriptions","description":"When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role","summary":"List all subscriptions of a Custom Role","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true}},{"alias":"getRoleSubscriptionByNotificationType","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getRoleSubscriptionByNotificationType","description":"When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.","summary":"Get subscriptions of a Custom Role with a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"}},{"alias":"getUserSubscriptionByNotificationType","operation":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getUserSubscriptionByNotificationType","description":"Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"Get the subscription of a User with a specific notification type","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"}},{"alias":"listUserSubscriptions","operation":{"path":"/api/v1/users/{userId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserSubscriptions","description":"List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"List subscriptions of a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true}},{"alias":"subscribeUserSubscriptionByNotificationType","operation":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeUserSubscriptionByNotificationType","description":"Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Subscribe to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}},{"alias":"unsubscribeRoleSubscriptionByNotificationType","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeRoleSubscriptionByNotificationType","description":"When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Unsubscribe a Custom Role from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}},{"alias":"subscribeRoleSubscriptionByNotificationType","operation":{"path":"/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"subscribeRoleSubscriptionByNotificationType","description":"When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.","summary":"Subscribe a Custom Role to a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"roleTypeOrRoleId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}},{"alias":"unsubscribeUserSubscriptionByNotificationType","operation":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"unsubscribeUserSubscriptionByNotificationType","description":"Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.","summary":"Unsubscribe from a specific notification type","tags":["Subscription"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[]}}],"crud":[],"tags":["Role"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/subscriptionStatus.go","context":{"operations":{},"model":{"modelName":"SubscriptionStatus","enum":["subscribed","unsubscribed"],"tags":["Role"]}}},{"src":"templates/model.go.hbs","dest":"okta/swaApplication.go","context":{"operations":{},"model":{"modelName":"SwaApplication","properties":[{"default":"template_swa","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/SwaApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SwaApplicationSettings"},{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"BrowserPluginApplication","parent":{"modelName":"BrowserPluginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"template_swa":"SwaApplication","template_swa3field":"SwaThreeFieldApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}}}},{"src":"templates/model.go.hbs","dest":"okta/swaApplicationSettings.go","context":{"operations":{},"model":{"modelName":"SwaApplicationSettings","properties":[{"$ref":"#/definitions/SwaApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"SwaApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/swaApplicationSettingsApplication.go","context":{"operations":{},"model":{"modelName":"SwaApplicationSettingsApplication","properties":[{"propertyName":"buttonField","commonType":"string"},{"propertyName":"checkbox","commonType":"string"},{"propertyName":"loginUrlRegex","commonType":"string"},{"propertyName":"passwordField","commonType":"string"},{"propertyName":"redirectUrl","commonType":"string"},{"propertyName":"url","commonType":"string"},{"propertyName":"usernameField","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/swaThreeFieldApplication.go","context":{"operations":{},"model":{"modelName":"SwaThreeFieldApplication","properties":[{"default":"template_swa3field","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/SwaThreeFieldApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"SwaThreeFieldApplicationSettings"},{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"BrowserPluginApplication","parent":{"modelName":"BrowserPluginApplication","properties":[{"$ref":"#/definitions/SchemeApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"SchemeApplicationCredentials"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"extends":"Application","resolutionStrategy":{"propertyName":"name","valueToModelMapping":{"template_swa":"SwaApplication","template_swa3field":"SwaThreeFieldApplication"}},"parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}},"resolution":{"fieldName":"signOnMode","fieldValue":"BROWSER_PLUGIN"}}}},{"src":"templates/model.go.hbs","dest":"okta/swaThreeFieldApplicationSettings.go","context":{"operations":{},"model":{"modelName":"SwaThreeFieldApplicationSettings","properties":[{"$ref":"#/definitions/SwaThreeFieldApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"SwaThreeFieldApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/swaThreeFieldApplicationSettingsApplication.go","context":{"operations":{},"model":{"modelName":"SwaThreeFieldApplicationSettingsApplication","properties":[{"propertyName":"buttonSelector","commonType":"string"},{"propertyName":"extraFieldSelector","commonType":"string"},{"propertyName":"extraFieldValue","commonType":"string"},{"propertyName":"loginUrlRegex","commonType":"string"},{"propertyName":"passwordSelector","commonType":"string"},{"propertyName":"targetURL","commonType":"string"},{"propertyName":"userNameSelector","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/tempPassword.go","context":{"operations":{},"model":{"modelName":"TempPassword","properties":[{"readOnly":true,"propertyName":"tempPassword","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/theme.go","context":{"operations":{"getBrandTheme":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"getBrandTheme","description":"Fetches a theme for a brand","summary":"Get a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[],"responseModel":"ThemeResponse"},"updateBrandTheme":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"updateBrandTheme","description":"Updates a theme for a brand","summary":"Update a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"body","name":"theme","required":true,"schema":{"$ref":"#/definitions/Theme"}}],"bodyModel":"Theme","formData":[],"responseModel":"ThemeResponse"}},"model":{"modelName":"Theme","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"backgroundImage","commonType":"string"},{"$ref":"#/definitions/EmailTemplateTouchPointVariant","propertyName":"emailTemplateTouchPointVariant","commonType":"enum","isEnum":true,"model":"EmailTemplateTouchPointVariant"},{"$ref":"#/definitions/EndUserDashboardTouchPointVariant","propertyName":"endUserDashboardTouchPointVariant","commonType":"enum","isEnum":true,"model":"EndUserDashboardTouchPointVariant"},{"$ref":"#/definitions/ErrorPageTouchPointVariant","propertyName":"errorPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"ErrorPageTouchPointVariant"},{"propertyName":"primaryColorContrastHex","commonType":"string"},{"propertyName":"primaryColorHex","commonType":"string"},{"propertyName":"secondaryColorContrastHex","commonType":"string"},{"propertyName":"secondaryColorHex","commonType":"string"},{"$ref":"#/definitions/SignInPageTouchPointVariant","propertyName":"signInPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"SignInPageTouchPointVariant"}],"methods":[{"alias":"uploadBrandThemeLogo","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeLogo","description":"Updates the logo for your Theme","summary":"Update a themes logo","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"}},{"alias":"deleteBrandThemeLogo","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/logo","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeLogo","description":"Deletes a Theme logo. The org then uses the Okta default logo.","summary":"Deletes a Theme logo. The org then uses the Okta default logo.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]}},{"alias":"updateBrandThemeFavicon","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeFavicon","description":"Updates the favicon for your theme","summary":"Updates the favicon for your theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"}},{"alias":"deleteBrandThemeFavicon","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/favicon","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeFavicon","description":"Deletes a Theme favicon. The org then uses the Okta default favicon.","summary":"Deletes a Theme favicon. The org then uses the Okta default favicon.","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]}},{"alias":"updateBrandThemeBackgroundImage","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"uploadBrandThemeBackgroundImage","description":"Updates the background image for your Theme","summary":"Updates the background image for your Theme","tags":["Brand"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/ImageUploadResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}],"responseModel":"ImageUploadResponse"}},{"alias":"deleteBrandThemeBackgroundImage","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}/background-image","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"deleteBrandThemeBackgroundImage","description":"Deletes a Theme background image","summary":"Deletes a Theme background image","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"getBrandTheme","description":"Fetches a theme for a brand","summary":"Get a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"formData":[],"responseModel":"ThemeResponse"}},{"alias":"update","operation":{"path":"/api/v1/brands/{brandId}/themes/{themeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"}],"operationId":"updateBrandTheme","description":"Updates a theme for a brand","summary":"Update a theme for a brand","tags":["Brand"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThemeResponse"}},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"brandId","required":true,"type":"string"},{"in":"path","name":"themeId","required":true,"type":"string"},{"in":"body","name":"theme","required":true,"schema":{"$ref":"#/definitions/Theme"}}],"bodyModel":"Theme","formData":[],"responseModel":"ThemeResponse"}}],"tags":["Brand"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/themeResponse.go","context":{"operations":{},"model":{"modelName":"ThemeResponse","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"backgroundImage","commonType":"string"},{"$ref":"#/definitions/EmailTemplateTouchPointVariant","propertyName":"emailTemplateTouchPointVariant","commonType":"enum","isEnum":true,"model":"EmailTemplateTouchPointVariant"},{"$ref":"#/definitions/EndUserDashboardTouchPointVariant","propertyName":"endUserDashboardTouchPointVariant","commonType":"enum","isEnum":true,"model":"EndUserDashboardTouchPointVariant"},{"$ref":"#/definitions/ErrorPageTouchPointVariant","propertyName":"errorPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"ErrorPageTouchPointVariant"},{"readOnly":true,"propertyName":"favicon","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"logo","commonType":"string"},{"propertyName":"primaryColorContrastHex","commonType":"string"},{"propertyName":"primaryColorHex","commonType":"string"},{"propertyName":"secondaryColorContrastHex","commonType":"string"},{"propertyName":"secondaryColorHex","commonType":"string"},{"$ref":"#/definitions/SignInPageTouchPointVariant","propertyName":"signInPageTouchPointVariant","commonType":"enum","isEnum":true,"model":"SignInPageTouchPointVariant"}],"methods":[],"crud":[],"tags":["Brand"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/threatInsightConfiguration.go","context":{"operations":{"getCurrentConfiguration":{"path":"/api/v1/threats/configuration","method":"get","queryParams":[],"pathParams":[],"operationId":"getCurrentConfiguration","description":"Gets current ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[],"formData":[],"responseModel":"ThreatInsightConfiguration"},"updateConfiguration":{"path":"/api/v1/threats/configuration","method":"post","queryParams":[],"pathParams":[],"operationId":"updateConfiguration","description":"Updates ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[{"in":"body","name":"ThreatInsightConfiguration","required":true,"schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}],"bodyModel":"ThreatInsightConfiguration","formData":[],"responseModel":"ThreatInsightConfiguration"}},"model":{"modelName":"ThreatInsightConfiguration","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"action","commonType":"string"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"excludeZones","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"}],"methods":[],"crud":[{"alias":"read","arguments":[],"operation":{"path":"/api/v1/threats/configuration","method":"get","queryParams":[],"pathParams":[],"operationId":"getCurrentConfiguration","description":"Gets current ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[],"formData":[],"responseModel":"ThreatInsightConfiguration"}},{"alias":"update","arguments":[{"dest":"threatInsightConfiguration","self":true}],"operation":{"path":"/api/v1/threats/configuration","method":"post","queryParams":[],"pathParams":[],"operationId":"updateConfiguration","description":"Updates ThreatInsight configuration","tags":["ThreatInsight"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}},"parameters":[{"in":"body","name":"ThreatInsightConfiguration","required":true,"schema":{"$ref":"#/definitions/ThreatInsightConfiguration"}}],"bodyModel":"ThreatInsightConfiguration","formData":[],"responseModel":"ThreatInsightConfiguration"}}],"tags":["ThreatInsight"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/tokenAuthorizationServerPolicyRuleAction.go","context":{"operations":{},"model":{"modelName":"TokenAuthorizationServerPolicyRuleAction","properties":[{"propertyName":"accessTokenLifetimeMinutes","commonType":"integer"},{"$ref":"#/definitions/TokenAuthorizationServerPolicyRuleActionInlineHook","propertyName":"inlineHook","commonType":"object","isObject":true,"model":"TokenAuthorizationServerPolicyRuleActionInlineHook"},{"propertyName":"refreshTokenLifetimeMinutes","commonType":"integer"},{"propertyName":"refreshTokenWindowMinutes","commonType":"integer"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/tokenAuthorizationServerPolicyRuleActionInlineHook.go","context":{"operations":{},"model":{"modelName":"TokenAuthorizationServerPolicyRuleActionInlineHook","properties":[{"propertyName":"id","commonType":"string"}],"methods":[],"crud":[],"tags":["AuthorizationServerPolicy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/tokenUserFactor.go","context":{"operations":{},"model":{"modelName":"TokenUserFactor","properties":[{"$ref":"#/definitions/TokenUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"TokenUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token"}}}},{"src":"templates/model.go.hbs","dest":"okta/tokenUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"TokenUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/totpUserFactor.go","context":{"operations":{},"model":{"modelName":"TotpUserFactor","properties":[{"$ref":"#/definitions/TotpUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"TotpUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"token:software:totp"}}}},{"src":"templates/model.go.hbs","dest":"okta/totpUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"TotpUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/trustedOrigin.go","context":{"operations":{"createOrigin":{"path":"/api/v1/trustedOrigins","method":"post","queryParams":[],"pathParams":[],"operationId":"createOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"},"getOrigin":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"getOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"},"updateOrigin":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"updateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"},{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"},"deleteOrigin":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"deleteOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[]},"listOrigins":{"path":"/api/v1/trustedOrigins","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[],"operationId":"listOrigins","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/TrustedOrigin"},"type":"array"}}},"parameters":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"TrustedOrigin","isArray":true},"activateOrigin":{"path":"/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"activateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"},"deactivateOrigin":{"path":"/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"deactivateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"}},"model":{"modelName":"TrustedOrigin","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"propertyName":"createdBy","commonType":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"propertyName":"lastUpdatedBy","commonType":"string"},{"propertyName":"name","commonType":"string"},{"propertyName":"origin","commonType":"string"},{"propertyName":"scopes","commonType":"array","isArray":true,"model":"Scope"},{"propertyName":"status","commonType":"string"}],"methods":[],"crud":[{"alias":"create","arguments":[{"dest":"trustedOrigin","self":true}],"operation":{"path":"/api/v1/trustedOrigins","method":"post","queryParams":[],"pathParams":[],"operationId":"createOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"getOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[],"responseModel":"TrustedOrigin"}},{"alias":"update","arguments":[{"dest":"trustedOriginId","src":"id"},{"dest":"trustedOrigin","self":true}],"operation":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"updateOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TrustedOrigin"}}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"},{"in":"body","name":"trustedOrigin","required":true,"schema":{"$ref":"#/definitions/TrustedOrigin"}}],"bodyModel":"TrustedOrigin","formData":[],"responseModel":"TrustedOrigin"}},{"alias":"delete","arguments":[{"dest":"trustedOriginId","src":"id"}],"operation":{"path":"/api/v1/trustedOrigins/{trustedOriginId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"operationId":"deleteOrigin","description":"Success","tags":["TrustedOrigin"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"trustedOriginId","required":true,"type":"string"}],"formData":[]}}],"tags":["TrustedOrigin"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/u2fUserFactor.go","context":{"operations":{},"model":{"modelName":"U2fUserFactor","properties":[{"$ref":"#/definitions/U2fUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"U2fUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"u2f"}}}},{"src":"templates/model.go.hbs","dest":"okta/u2fUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"U2fUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/user.go","context":{"operations":{"createUser":{"path":"/api/v1/users","method":"post","queryParams":[{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"pathParams":[],"operationId":"createUser","description":"Creates a new user in your Okta organization with or without credentials.","summary":"Create User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/CreateUserRequest"}},{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"bodyModel":"CreateUserRequest","formData":[],"responseModel":"User"},"getUser":{"path":"/api/v1/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getUser","description":"Fetches a user from your Okta organization.","summary":"Get User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"},"updateUser":{"path":"/api/v1/users/{userId}","method":"put","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateUser","description":"Update a user's profile and/or credentials using strict-update semantics.","summary":"Update User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/User"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"User","formData":[],"responseModel":"User"},"deactivateOrDeleteUser":{"path":"/api/v1/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateOrDeleteUser","description":"Deletes a user permanently.  This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**","summary":"Delete User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"ACCEPTED"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]},"listUsers":{"path":"/api/v1/users","method":"get","queryParams":[{"description":"Finds a user that matches firstName, lastName, and email properties","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":10,"description":"Specifies the number of results returned","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters users with a supported expression for a subset of properties","in":"query","name":"filter","type":"string"},{"description":"Searches for users with a supported filtering  expression for most properties","in":"query","name":"search","type":"string"},{"in":"query","name":"sortBy","type":"string"},{"in":"query","name":"sortOrder","type":"string"}],"pathParams":[],"operationId":"listUsers","description":"Lists users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.","summary":"List Users","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/User"},"type":"array"}}},"parameters":[{"description":"Finds a user that matches firstName, lastName, and email properties","in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of users","in":"query","name":"after","type":"string"},{"default":10,"description":"Specifies the number of results returned","format":"int32","in":"query","name":"limit","type":"integer"},{"description":"Filters users with a supported expression for a subset of properties","in":"query","name":"filter","type":"string"},{"description":"Searches for users with a supported filtering  expression for most properties","in":"query","name":"search","type":"string"},{"in":"query","name":"sortBy","type":"string"},{"in":"query","name":"sortOrder","type":"string"}],"formData":[],"responseModel":"User","isArray":true},"setLinkedObjectForUser":{"path":"/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"operationId":"setLinkedObjectForUser","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"formData":[]},"partialUpdateUser":{"path":"/api/v1/users/{userId}","method":"post","queryParams":[{"in":"query","name":"strict","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"partialUpdateUser","description":"Update a user's profile or credentials with partial update semantics.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/User"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean"}],"bodyModel":"User","formData":[],"responseModel":"User"},"listAppLinks":{"path":"/api/v1/users/{userId}/appLinks","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAppLinks","description":"Fetches appLinks for all direct or indirect (via group membership) assigned applications.","summary":"Get Assigned App Links","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppLink"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"AppLink","isArray":true},"listUserClients":{"path":"/api/v1/users/{userId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserClients","description":"Lists all client resources for which the specified user has grants or tokens.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true},"revokeGrantsForUserAndClient":{"path":"/api/v1/users/{userId}/clients/{clientId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeGrantsForUserAndClient","description":"Revokes all grants for the specified user and client","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]},"listGrantsForUserAndClient":{"path":"/api/v1/users/{userId}/clients/{clientId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listGrantsForUserAndClient","description":"Lists all grants for a specified user and client","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true},"revokeTokensForUserAndClient":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeTokensForUserAndClient","description":"Revokes all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]},"listRefreshTokensForUserAndClient":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForUserAndClient","description":"Lists all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true},"revokeTokenForUserAndClient":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeTokenForUserAndClient","description":"Revokes the specified refresh token.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]},"getRefreshTokenForUserAndClient":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForUserAndClient","description":"Gets a refresh token issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"},"changePassword":{"path":"/api/v1/users/{userId}/credentials/change_password","method":"post","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changePassword","description":"Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential","summary":"Change Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"changePasswordRequest","required":true,"schema":{"$ref":"#/definitions/ChangePasswordRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"ChangePasswordRequest","formData":[],"responseModel":"UserCredentials"},"changeRecoveryQuestion":{"path":"/api/v1/users/{userId}/credentials/change_recovery_question","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changeRecoveryQuestion","description":"Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential","summary":"Change Recovery Question","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"userCredentials","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"UserCredentials"},"forgotPasswordGenerateOneTimeToken":{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordGenerateOneTimeToken","description":"Generates a one-time token (OTT) that can be used to reset a user's password","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"ForgotPasswordResponse"},"forgotPasswordSetNewPassword":{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordSetNewPassword","description":"Sets a new password for a user by validating the user's answer to their current recovery question","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"ForgotPasswordResponse"},"revokeUserGrants":{"path":"/api/v1/users/{userId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"revokeUserGrants","description":"Revokes all grants for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},"listUserGrants":{"path":"/api/v1/users/{userId}/grants","method":"get","queryParams":[{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGrants","description":"Lists all grants for the specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true},"revokeUserGrant":{"path":"/api/v1/users/{userId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeUserGrant","description":"Revokes one grant for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]},"getUserGrant":{"path":"/api/v1/users/{userId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getUserGrant","description":"Gets a grant for the specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"},"listUserGroups":{"path":"/api/v1/users/{userId}/groups","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGroups","description":"Fetches the groups of which the user is a member.","summary":"Get Member Groups","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Group","isArray":true},"listUserIdentityProviders":{"path":"/api/v1/users/{userId}/idps","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserIdentityProviders","description":"Lists the IdPs associated with the user.","summary":"Listing IdPs associated with a user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProvider"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider","isArray":true},"activateUser":{"path":"/api/v1/users/{userId}/lifecycle/activate","method":"post","queryParams":[{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"activateUser","description":"Activates a user.  This operation can only be performed on users with a `STAGED` status.  Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.  The user will have a status of `ACTIVE` when the activation process is complete.","summary":"Activate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"},"deactivateUser":{"path":"/api/v1/users/{userId}/lifecycle/deactivate","method":"post","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateUser","description":"Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.","summary":"Deactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]},"expirePassword":{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"},"expirePasswordAndGetTemporaryPassword":{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePasswordAndGetTemporaryPassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` and the user's password is reset to a temporary password that is returned.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TempPassword"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"TempPassword"},"reactivateUser":{"path":"/api/v1/users/{userId}/lifecycle/reactivate","method":"post","queryParams":[{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"reactivateUser","description":"Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).","summary":"Reactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"},"resetFactors":{"path":"/api/v1/users/{userId}/lifecycle/reset_factors","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetFactors","description":"This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.","summary":"Reset Factors","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},"resetPassword":{"path":"/api/v1/users/{userId}/lifecycle/reset_password","method":"post","queryParams":[{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetPassword","description":"Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.","summary":"Reset Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ResetPasswordToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"ResetPasswordToken"},"suspendUser":{"path":"/api/v1/users/{userId}/lifecycle/suspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"suspendUser","description":"Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.","summary":"Suspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},"unlockUser":{"path":"/api/v1/users/{userId}/lifecycle/unlock","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlockUser","description":"Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status.  Users will be able to login with their current password.","summary":"Unlock User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},"unsuspendUser":{"path":"/api/v1/users/{userId}/lifecycle/unsuspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unsuspendUser","description":"Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.","summary":"Unsuspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]},"removeLinkedObjectForUser":{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"removeLinkedObjectForUser","description":"Delete linked objects for a user, relationshipName can be ONLY a primary relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"formData":[]},"getLinkedObjectsForUser":{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"getLinkedObjectsForUser","description":"Get linked objects for a user, relationshipName can be a primary or associated relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ResponseLinks"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"ResponseLinks","isArray":true},"listAssignedRolesForUser":{"path":"/api/v1/users/{userId}/roles","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAssignedRolesForUser","description":"Lists all roles assigned to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Role"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Role","isArray":true},"assignRoleToUser":{"path":"/api/v1/users/{userId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"assignRoleToUser","description":"Assigns a role to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"},"removeRoleFromUser":{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"removeRoleFromUser","description":"Unassigns a role from a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]},"getUserRole":{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"getUserRole","description":"Gets role that is assigne to user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[],"responseModel":"Role"},"listApplicationTargetsForApplicationAdministratorRoleForUser":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listApplicationTargetsForApplicationAdministratorRoleForUser","description":"Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/CatalogApplication"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"CatalogApplication","isArray":true},"addAllAppsAsTargetToRole":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"addAllAppsAsTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]},"removeApplicationTargetFromApplicationAdministratorRoleForUser":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromApplicationAdministratorRoleForUser","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},"addApplicationTargetToAdminRoleForUser":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"operationId":"addApplicationTargetToAdminRoleForUser","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"}],"formData":[]},"removeApplicationTargetFromAdministratorRoleForUser":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"removeApplicationTargetFromAdministratorRoleForUser","description":"Remove App Instance Target to App Administrator Role given to a User","summary":"Remove App Instance Target to App Administrator Role given to a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},"addApplicationTargetToAppAdminRoleForUser":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"operationId":"addApplicationTargetToAppAdminRoleForUser","description":"Add App Instance Target to App Administrator Role given to a User","summary":"Add App Instance Target to App Administrator Role given to a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"appName","required":true,"type":"string"},{"in":"path","name":"applicationId","required":true,"type":"string"}],"formData":[]},"listGroupTargetsForRole":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listGroupTargetsForRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Group","isArray":true},"removeGroupTargetFromRole":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"removeGroupTargetFromRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},"addGroupTargetToRole":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"addGroupTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]},"clearUserSessions":{"path":"/api/v1/users/{userId}/sessions","method":"delete","queryParams":[{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"clearUserSessions","description":"Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"formData":[]},"listUserSubscriptions":{"path":"/api/v1/users/{userId}/subscriptions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserSubscriptions","description":"List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"List subscriptions of a User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Subscription"},"type":"array"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription","isArray":true},"getUserSubscriptionByNotificationType":{"path":"/api/v1/users/{userId}/subscriptions/{notificationType}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"operationId":"getUserSubscriptionByNotificationType","description":"Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.","summary":"Get the subscription of a User with a specific notification type","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Subscription"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"notificationType","required":true,"type":"string"}],"formData":[],"responseModel":"Subscription"}},"model":{"modelName":"User","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"activated","commonType":"dateTime"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/UserCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"UserCredentials"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastLogin","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"passwordChanged","commonType":"dateTime"},{"$ref":"#/definitions/UserProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"UserProfile"},{"$ref":"#/definitions/UserStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"UserStatus"},{"readOnly":true,"propertyName":"statusChanged","commonType":"dateTime"},{"$ref":"#/definitions/UserStatus","readOnly":true,"propertyName":"transitioningToStatus","commonType":"enum","isEnum":true,"model":"UserStatus"},{"$ref":"#/definitions/UserType","propertyName":"type","commonType":"object","isObject":true,"model":"UserType"}],"methods":[{"alias":"listAppLinks","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/appLinks","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAppLinks","description":"Fetches appLinks for all direct or indirect (via group membership) assigned applications.","summary":"Get Assigned App Links","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppLink"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"AppLink","isArray":true}},{"alias":"changePassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/change_password","method":"post","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changePassword","description":"Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential","summary":"Change Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"changePasswordRequest","required":true,"schema":{"$ref":"#/definitions/ChangePasswordRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"ChangePasswordRequest","formData":[],"responseModel":"UserCredentials"}},{"alias":"changeRecoveryQuestion","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/change_recovery_question","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"changeRecoveryQuestion","description":"Changes a user's recovery question & answer credential by validating the user's current password.  This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential","summary":"Change Recovery Question","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserCredentials"}}},"parameters":[{"in":"body","name":"userCredentials","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"UserCredentials"}},{"alias":"forgotPasswordSetNewPassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordSetNewPassword","description":"Sets a new password for a user by validating the user's answer to their current recovery question","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/UserCredentials"}},{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"bodyModel":"UserCredentials","formData":[],"responseModel":"ForgotPasswordResponse"}},{"alias":"forgotPasswordGenerateOneTimeToken","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/credentials/forgot_password","method":"post","queryParams":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"forgotPasswordGenerateOneTimeToken","description":"Generates a one-time token (OTT) that can be used to reset a user's password","summary":"Forgot Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ForgotPasswordResponse"}}},"parameters":[{"default":true,"in":"query","name":"sendEmail","type":"boolean"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"ForgotPasswordResponse"}},{"alias":"assignRole","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles","method":"post","queryParams":[{"in":"query","name":"disableNotifications","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"assignRoleToUser","description":"Assigns a role to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"body","name":"assignRoleRequest","required":true,"schema":{"$ref":"#/definitions/AssignRoleRequest"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"disableNotifications","type":"boolean"}],"bodyModel":"AssignRoleRequest","formData":[],"responseModel":"Role"}},{"alias":"getRole","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"getUserRole","description":"Gets role that is assigne to user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Role"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[],"responseModel":"Role"}},{"alias":"removeRole","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"removeRoleFromUser","description":"Unassigns a role from a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]}},{"alias":"listGroupTargets","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"listGroupTargetsForRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"Group","isArray":true}},{"alias":"removeGroupTarget","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"removeGroupTargetFromRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}},{"alias":"addGroupTarget","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"addGroupTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"formData":[]}},{"alias":"listAssignedRoles","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listAssignedRolesForUser","description":"Lists all roles assigned to a user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Role"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Role","isArray":true}},{"alias":"addAllAppsAsTarget","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"operationId":"addAllAppsAsTargetToRole","description":"Success","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"roleId","required":true,"type":"string"}],"formData":[]}},{"alias":"listGroups","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/groups","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGroups","description":"Fetches the groups of which the user is a member.","summary":"Get Member Groups","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Group"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"Group","isArray":true}},{"alias":"listGrants","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/grants","method":"get","queryParams":[{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserGrants","description":"Lists all grants for the specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"scopeId","type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"revokeGrants","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"revokeUserGrants","description":"Revokes all grants for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"revokeGrant","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeUserGrant","description":"Revokes one grant for a specified user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"revokeGrantsForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/grants","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeGrantsForUserAndClient","description":"Revokes all grants for the specified user and client","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]}},{"alias":"listRefreshTokensForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"listRefreshTokensForUserAndClient","description":"Lists all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2RefreshToken"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2RefreshToken","isArray":true}},{"alias":"revokeTokenForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeTokenForUserAndClient","description":"Revokes the specified refresh token.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getRefreshTokenForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getRefreshTokenForUserAndClient","description":"Gets a refresh token issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2RefreshToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"default":20,"in":"query","name":"limit","type":"integer"},{"in":"query","name":"after","type":"string"}],"formData":[],"responseModel":"OAuth2RefreshToken"}},{"alias":"revokeTokensForUserAndClient","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients/{clientId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"operationId":"revokeTokensForUserAndClient","description":"Revokes all refresh tokens issued for the specified User and Client.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"clientId","required":true,"type":"string"}],"formData":[]}},{"alias":"listClients","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/clients","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserClients","description":"Lists all client resources for which the specified user has grants or tokens.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Client"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"OAuth2Client","isArray":true}},{"alias":"activate","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/activate","method":"post","queryParams":[{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"activateUser","description":"Activates a user.  This operation can only be performed on users with a `STAGED` status.  Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.  The user will have a status of `ACTIVE` when the activation process is complete.","summary":"Activate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":true,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"}},{"alias":"reactivate","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/reactivate","method":"post","queryParams":[{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"reactivateUser","description":"Reactivates a user.  This operation can only be performed on users with a `PROVISIONED` status.  This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).","summary":"Reactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserActivationToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Sends an activation email to the user if true","in":"query","name":"sendEmail","type":"boolean"}],"formData":[],"responseModel":"UserActivationToken"}},{"alias":"deactivate","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/deactivate","method":"post","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateUser","description":"Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.","summary":"Deactivate User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]}},{"alias":"suspend","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/suspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"suspendUser","description":"Suspends a user.  This operation can only be performed on users with an `ACTIVE` status.  The user will have a status of `SUSPENDED` when the process is complete.","summary":"Suspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"unsuspend","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/unsuspend","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unsuspendUser","description":"Unsuspends a user and returns them to the `ACTIVE` state.  This operation can only be performed on users that have a `SUSPENDED` status.","summary":"Unsuspend User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"resetPassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/reset_password","method":"post","queryParams":[{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetPassword","description":"Generates a one-time token (OTT) that can be used to reset a user's password.  The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.","summary":"Reset Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ResetPasswordToken"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"sendEmail","required":true,"type":"boolean"}],"formData":[],"responseModel":"ResetPasswordToken"}},{"alias":"expirePassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"}},{"alias":"expirePasswordAndGetTemporaryPassword","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"expirePasswordAndGetTemporaryPassword","description":"This operation transitions the user to the status of `PASSWORD_EXPIRED` and the user's password is reset to a temporary password that is returned.","summary":"Expire Password","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/TempPassword"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"TempPassword"}},{"alias":"unlock","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/unlock","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"unlockUser","description":"Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status.  Users will be able to login with their current password.","summary":"Unlock User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"resetFactors","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/lifecycle/reset_factors","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"resetFactors","description":"This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.","summary":"Reset Factors","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"OK"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"deleteFactor","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}},{"alias":"addToGroup","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/groups/{groupId}/users/{userId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"addUserToGroup","description":"Adds a user to a group with 'OKTA_GROUP' type.","summary":"Add User to Group","tags":["Group"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[]}},{"alias":"enrollFactor","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors","method":"post","queryParams":[{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"enrollFactor","description":"Enrolls a user with a supported factor.","summary":"Enroll Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"description":"Factor","in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/UserFactor"}},{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"bodyModel":"UserFactor","formData":[],"responseModel":"UserFactor"}},{"alias":"listSupportedFactors","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/catalog","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedFactors","description":"Enumerates all the supported factors that can be enrolled for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true}},{"alias":"listFactors","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listFactors","description":"Enumerates all the enrolled factors for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true}},{"alias":"listSupportedSecurityQuestions","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/questions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedSecurityQuestions","description":"Enumerates all available security questions for a user's `question` factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SecurityQuestion"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SecurityQuestion","isArray":true}},{"alias":"getFactor","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"getFactor","description":"Fetches a factor for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor"}},{"alias":"setLinkedObject","arguments":[{"dest":"associatedUserId","src":"id"}],"operation":{"path":"/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"operationId":"setLinkedObjectForUser","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"Success"}},"parameters":[{"in":"path","name":"associatedUserId","required":true,"type":"string"},{"in":"path","name":"primaryRelationshipName","required":true,"type":"string"},{"in":"path","name":"primaryUserId","required":true,"type":"string"}],"formData":[]}},{"alias":"listIdentityProviders","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/idps","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listUserIdentityProviders","description":"Lists the IdPs associated with the user.","summary":"Listing IdPs associated with a user","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/IdentityProvider"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"IdentityProvider","isArray":true}},{"alias":"getLinkedObjects","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"get","queryParams":[{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"getLinkedObjectsForUser","description":"Get linked objects for a user, relationshipName can be a primary or associated relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ResponseLinks"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"},{"in":"query","name":"after","type":"string"},{"default":-1,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"ResponseLinks","isArray":true}},{"alias":"clearSessions","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/sessions","method":"delete","queryParams":[{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"clearUserSessions","description":"Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"description":"Revoke issued OpenID Connect and OAuth refresh and access tokens","in":"query","name":"oauthTokens","type":"boolean"}],"formData":[]}},{"alias":"removeLinkedObject","arguments":[{"dest":"userId","src":"id"}],"operation":{"path":"/api/v1/users/{userId}/linkedObjects/{relationshipName}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"operationId":"removeLinkedObjectForUser","description":"Delete linked objects for a user, relationshipName can be ONLY a primary relationship name","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"relationshipName","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"create","arguments":[{"dest":"user","self":true}],"operation":{"path":"/api/v1/users","method":"post","queryParams":[{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"pathParams":[],"operationId":"createUser","description":"Creates a new user in your Okta organization with or without credentials.","summary":"Create User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/CreateUserRequest"}},{"default":true,"description":"Executes activation lifecycle operation when creating the user","in":"query","name":"activate","type":"boolean"},{"default":false,"description":"Indicates whether to create a user with a specified authentication provider","in":"query","name":"provider","type":"boolean"},{"default":"","description":"With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in.","in":"query","name":"nextLogin","type":"string","x-okta-added-version":"0.14.0","model":"UserNextLogin"}],"bodyModel":"CreateUserRequest","formData":[],"responseModel":"User"}},{"alias":"read","arguments":[],"operation":{"path":"/api/v1/users/{userId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getUser","description":"Fetches a user from your Okta organization.","summary":"Get User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"User"}},{"alias":"update","arguments":[{"dest":"userId","src":"id"},{"dest":"user","self":true}],"operation":{"path":"/api/v1/users/{userId}","method":"put","queryParams":[{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"updateUser","description":"Update a user's profile and/or credentials using strict-update semantics.","summary":"Update User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/User"}}},"parameters":[{"in":"body","name":"user","required":true,"schema":{"$ref":"#/definitions/User"}},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"strict","type":"boolean","x-okta-added-version":"1.10.0"}],"bodyModel":"User","formData":[],"responseModel":"User"}},{"alias":"delete","arguments":[{"dest":"userId","src":"id"},{"dest":"user","self":true}],"operation":{"path":"/api/v1/users/{userId}","method":"delete","queryParams":[{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"deactivateOrDeleteUser","description":"Deletes a user permanently.  This operation can only be performed on users that have a `DEPROVISIONED` status.  **This action cannot be recovered!**","summary":"Delete User","tags":["User"],"consumes":["application/json"],"produces":["application/json"],"responses":{"202":{"description":"ACCEPTED"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"default":false,"in":"query","name":"sendEmail","type":"boolean","x-okta-added-version":"1.5.0"}],"formData":[]}}],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userActivationToken.go","context":{"operations":{},"model":{"modelName":"UserActivationToken","properties":[{"readOnly":true,"propertyName":"activationToken","commonType":"string"},{"readOnly":true,"propertyName":"activationUrl","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userCondition.go","context":{"operations":{},"model":{"modelName":"UserCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userCredentials.go","context":{"operations":{},"model":{"modelName":"UserCredentials","properties":[{"$ref":"#/definitions/PasswordCredential","propertyName":"password","commonType":"object","isObject":true,"model":"PasswordCredential"},{"$ref":"#/definitions/AuthenticationProvider","propertyName":"provider","commonType":"object","isObject":true,"model":"AuthenticationProvider"},{"$ref":"#/definitions/RecoveryQuestionCredential","propertyName":"recovery_question","commonType":"object","isObject":true,"model":"RecoveryQuestionCredential"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userFactor.go","context":{"operations":{"deleteFactor":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]},"listFactors":{"path":"/api/v1/users/{userId}/factors","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listFactors","description":"Enumerates all the enrolled factors for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true},"enrollFactor":{"path":"/api/v1/users/{userId}/factors","method":"post","queryParams":[{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"enrollFactor","description":"Enrolls a user with a supported factor.","summary":"Enroll Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"description":"Factor","in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/UserFactor"}},{"default":false,"in":"query","name":"updatePhone","type":"boolean"},{"description":"id of SMS template (only for SMS factor)","in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"default":false,"in":"query","name":"activate","type":"boolean","x-okta-added-version":"1.3.0"}],"bodyModel":"UserFactor","formData":[],"responseModel":"UserFactor"},"listSupportedFactors":{"path":"/api/v1/users/{userId}/factors/catalog","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedFactors","description":"Enumerates all the supported factors that can be enrolled for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserFactor"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor","isArray":true},"listSupportedSecurityQuestions":{"path":"/api/v1/users/{userId}/factors/questions","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"listSupportedSecurityQuestions","description":"Enumerates all available security questions for a user's `question` factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/SecurityQuestion"},"type":"array"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"}],"formData":[],"responseModel":"SecurityQuestion","isArray":true},"getFactor":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"getFactor","description":"Fetches a factor for the specified user","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[],"responseModel":"UserFactor"},"activateFactor":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"},"getFactorTransactionStatus":{"path":"/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"path","name":"transactionId","required":true,"type":"string"}],"operationId":"getFactorTransactionStatus","description":"Polls factors verification transaction for status.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"path","name":"transactionId","required":true,"type":"string"}],"formData":[],"responseModel":"VerifyUserFactorResponse"},"verifyFactor":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}},"model":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}}}},{"src":"templates/model.go.hbs","dest":"okta/userIdString.go","context":{"operations":{},"model":{"modelName":"UserIdString","properties":[{"propertyName":"userId","commonType":"string"}],"methods":[],"crud":[],"tags":["Org"],"isExtensible":false,"extends":"OrgContactUser","parent":{"modelName":"OrgContactUser","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"propertyName":"userId","commonType":"string"}],"methods":[{"alias":"updateContactUser","arguments":[{"dest":"userId","src":"userId"}],"operation":{"path":"/api/v1/org/contacts/{contactType}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"contactType","required":true,"type":"string"}],"operationId":"updateOrgContactUser","description":"Updates the User associated with the specified Contact Type.","summary":"Update org contact user","tags":["Org"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OrgContactUser"}}},"parameters":[{"in":"path","name":"contactType","required":true,"type":"string"},{"in":"body","name":"userId","required":true,"schema":{"$ref":"#/definitions/UserIdString"}}],"bodyModel":"UserIdString","formData":[],"responseModel":"OrgContactUser"}}],"crud":[],"tags":["Org"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/userIdentifierConditionEvaluatorPattern.go","context":{"operations":{},"model":{"modelName":"UserIdentifierConditionEvaluatorPattern","properties":[{"enum":["SUFFIX","EXPRESSION","STARTS_WITH","EQUALS","CONTAINS"],"propertyName":"matchType","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userIdentifierPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"UserIdentifierPolicyRuleCondition","properties":[{"propertyName":"attribute","commonType":"string"},{"propertyName":"patterns","commonType":"array","isArray":true,"model":"UserIdentifierConditionEvaluatorPattern"},{"enum":["IDENTIFIER","ATTRIBUTE"],"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userIdentityProviderLinkRequest.go","context":{"operations":{},"model":{"modelName":"UserIdentityProviderLinkRequest","properties":[{"propertyName":"externalId","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userLifecycleAttributePolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"UserLifecycleAttributePolicyRuleCondition","properties":[{"propertyName":"attributeName","commonType":"string"},{"propertyName":"matchingValue","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userNextLogin.go","context":{"operations":{},"model":{"modelName":"UserNextLogin","enum":["changePassword"],"tags":["User"]}}},{"src":"templates/model.go.hbs","dest":"okta/userPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"UserPolicyRuleCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/InactivityPolicyRuleCondition","propertyName":"inactivity","commonType":"object","isObject":true,"model":"InactivityPolicyRuleCondition"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"},{"$ref":"#/definitions/LifecycleExpirationPolicyRuleCondition","propertyName":"lifecycleExpiration","commonType":"object","isObject":true,"model":"LifecycleExpirationPolicyRuleCondition"},{"$ref":"#/definitions/PasswordExpirationPolicyRuleCondition","propertyName":"passwordExpiration","commonType":"object","isObject":true,"model":"PasswordExpirationPolicyRuleCondition"},{"$ref":"#/definitions/UserLifecycleAttributePolicyRuleCondition","propertyName":"userLifecycleAttribute","commonType":"object","isObject":true,"model":"UserLifecycleAttributePolicyRuleCondition"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userProfile.go","context":{"operations":{},"model":{"modelName":"UserProfile","properties":[{"propertyName":"city","commonType":"string"},{"propertyName":"costCenter","commonType":"string"},{"propertyName":"countryCode","commonType":"string"},{"propertyName":"department","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"propertyName":"division","commonType":"string"},{"propertyName":"email","commonType":"string"},{"propertyName":"employeeNumber","commonType":"string"},{"propertyName":"firstName","commonType":"string"},{"propertyName":"honorificPrefix","commonType":"string"},{"propertyName":"honorificSuffix","commonType":"string"},{"propertyName":"lastName","commonType":"string"},{"propertyName":"locale","commonType":"string"},{"propertyName":"login","commonType":"string"},{"propertyName":"manager","commonType":"string"},{"propertyName":"managerId","commonType":"string"},{"propertyName":"middleName","commonType":"string"},{"propertyName":"mobilePhone","commonType":"string"},{"propertyName":"nickName","commonType":"string"},{"propertyName":"organization","commonType":"string"},{"propertyName":"postalAddress","commonType":"string"},{"propertyName":"preferredLanguage","commonType":"string"},{"propertyName":"primaryPhone","commonType":"string"},{"propertyName":"profileUrl","commonType":"string"},{"propertyName":"secondEmail","commonType":"string"},{"propertyName":"state","commonType":"string"},{"propertyName":"streetAddress","commonType":"string"},{"propertyName":"timezone","commonType":"string"},{"propertyName":"title","commonType":"string"},{"propertyName":"userType","commonType":"string"},{"propertyName":"zipCode","commonType":"string"}],"methods":[],"crud":[],"tags":["User"],"isExtensible":true}}},{"src":"templates/model.go.hbs","dest":"okta/userSchema.go","context":{"operations":{"getApplicationUserSchema":{"path":"/api/v1/meta/schemas/apps/{appInstanceId}/default","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appInstanceId","required":true,"type":"string"}],"operationId":"getApplicationUserSchema","description":"Fetches the Schema for an App User","summary":"Fetches the Schema for an App User","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"appInstanceId","required":true,"type":"string"}],"formData":[],"responseModel":"UserSchema"},"updateApplicationUserProfile":{"path":"/api/v1/meta/schemas/apps/{appInstanceId}/default","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appInstanceId","required":true,"type":"string"}],"operationId":"updateApplicationUserProfile","description":"Partial updates on the User Profile properties of the Application User Schema.","summary":"Partial updates on the User Profile properties of the Application User Schema.","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"appInstanceId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/UserSchema"}}],"bodyModel":"UserSchema","formData":[],"responseModel":"UserSchema"},"getUserSchema":{"path":"/api/v1/meta/schemas/user/{schemaId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"schemaId","required":true,"type":"string"}],"operationId":"getUserSchema","description":"Fetches the schema for a Schema Id.","summary":"Fetches the schema for a Schema Id.","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"schemaId","required":true,"type":"string"}],"formData":[],"responseModel":"UserSchema"},"updateUserProfile":{"path":"/api/v1/meta/schemas/user/{schemaId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"schemaId","required":true,"type":"string"}],"operationId":"updateUserProfile","description":"Partial updates on the User Profile properties of the user schema.","tags":["UserSchema"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserSchema"}}},"parameters":[{"in":"path","name":"schemaId","required":true,"type":"string"},{"in":"body","name":"userSchema","required":true,"schema":{"$ref":"#/definitions/UserSchema"}}],"bodyModel":"UserSchema","formData":[],"responseModel":"UserSchema"}},"model":{"modelName":"UserSchema","properties":[{"readOnly":true,"propertyName":"$schema","commonType":"string"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"string"},{"$ref":"#/definitions/UserSchemaDefinitions","propertyName":"definitions","commonType":"object","isObject":true,"model":"UserSchemaDefinitions"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"string"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"$ref":"#/definitions/UserSchemaProperties","readOnly":true,"propertyName":"properties","commonType":"object","isObject":true,"model":"UserSchemaProperties"},{"propertyName":"title","commonType":"string"},{"readOnly":true,"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttribute.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttribute","properties":[{"propertyName":"description","commonType":"string"},{"propertyName":"enum","commonType":"array","isArray":true,"model":"string"},{"propertyName":"externalName","commonType":"string"},{"propertyName":"externalNamespace","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeItems","propertyName":"items","commonType":"object","isObject":true,"model":"UserSchemaAttributeItems"},{"$ref":"#/definitions/UserSchemaAttributeMaster","propertyName":"master","commonType":"object","isObject":true,"model":"UserSchemaAttributeMaster"},{"propertyName":"maxLength","commonType":"integer"},{"propertyName":"minLength","commonType":"integer"},{"propertyName":"mutability","commonType":"string"},{"propertyName":"oneOf","commonType":"array","isArray":true,"model":"UserSchemaAttributeEnum"},{"propertyName":"pattern","commonType":"string"},{"propertyName":"permissions","commonType":"array","isArray":true,"model":"UserSchemaAttributePermission"},{"propertyName":"required","commonType":"boolean"},{"$ref":"#/definitions/UserSchemaAttributeScope","propertyName":"scope","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeScope"},{"propertyName":"title","commonType":"string"},{"$ref":"#/definitions/UserSchemaAttributeType","propertyName":"type","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeType"},{"$ref":"#/definitions/UserSchemaAttributeUnion","propertyName":"union","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeUnion"},{"propertyName":"unique","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeEnum.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeEnum","properties":[{"propertyName":"const","commonType":"string"},{"propertyName":"title","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeItems.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeItems","properties":[{"propertyName":"enum","commonType":"array","isArray":true,"model":"string"},{"propertyName":"oneOf","commonType":"array","isArray":true,"model":"UserSchemaAttributeEnum"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeMaster.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeMaster","properties":[{"propertyName":"priority","commonType":"array","isArray":true,"model":"UserSchemaAttributeMasterPriority"},{"$ref":"#/definitions/UserSchemaAttributeMasterType","propertyName":"type","commonType":"enum","isEnum":true,"model":"UserSchemaAttributeMasterType"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeMasterPriority.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeMasterPriority","properties":[{"propertyName":"type","commonType":"string"},{"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeMasterType.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeMasterType","enum":["PROFILE_MASTER","OKTA","OVERRIDE"],"tags":["UserSchema"]}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributePermission.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributePermission","properties":[{"propertyName":"action","commonType":"string"},{"propertyName":"principal","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeScope.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeScope","enum":["SELF","NONE"],"tags":["UserSchema"]}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeType.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeType","enum":["string","boolean","number","integer","array"],"tags":["UserSchema"]}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaAttributeUnion.go","context":{"operations":{},"model":{"modelName":"UserSchemaAttributeUnion","enum":["DISABLE","ENABLE"],"tags":["UserSchema"]}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaBase.go","context":{"operations":{},"model":{"modelName":"UserSchemaBase","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"$ref":"#/definitions/UserSchemaBaseProperties","propertyName":"properties","commonType":"object","isObject":true,"model":"UserSchemaBaseProperties"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaBaseProperties.go","context":{"operations":{},"model":{"modelName":"UserSchemaBaseProperties","properties":[{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"city","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"costCenter","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"countryCode","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"department","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"displayName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"division","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"email","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"employeeNumber","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"firstName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"honorificPrefix","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"honorificSuffix","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"lastName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"locale","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"login","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"manager","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"managerId","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"middleName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"mobilePhone","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"nickName","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"organization","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"postalAddress","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"preferredLanguage","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"primaryPhone","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"profileUrl","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"secondEmail","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"state","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"streetAddress","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"timezone","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"title","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"userType","commonType":"object","isObject":true,"model":"UserSchemaAttribute"},{"$ref":"#/definitions/UserSchemaAttribute","propertyName":"zipCode","commonType":"object","isObject":true,"model":"UserSchemaAttribute"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaDefinitions.go","context":{"operations":{},"model":{"modelName":"UserSchemaDefinitions","properties":[{"$ref":"#/definitions/UserSchemaBase","propertyName":"base","commonType":"object","isObject":true,"model":"UserSchemaBase"},{"$ref":"#/definitions/UserSchemaPublic","propertyName":"custom","commonType":"object","isObject":true,"model":"UserSchemaPublic"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaProperties.go","context":{"operations":{},"model":{"modelName":"UserSchemaProperties","properties":[{"$ref":"#/definitions/UserSchemaPropertiesProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"UserSchemaPropertiesProfile"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaPropertiesProfile.go","context":{"operations":{},"model":{"modelName":"UserSchemaPropertiesProfile","properties":[{"propertyName":"allOf","commonType":"array","isArray":true,"model":"UserSchemaPropertiesProfileItem"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaPropertiesProfileItem.go","context":{"operations":{},"model":{"modelName":"UserSchemaPropertiesProfileItem","properties":[{"propertyName":"$ref","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userSchemaPublic.go","context":{"operations":{},"model":{"modelName":"UserSchemaPublic","properties":[{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"properties","commonType":"hash","isHash":true,"model":"UserSchemaAttribute"},{"propertyName":"required","commonType":"array","isArray":true,"model":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["UserSchema"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userStatus.go","context":{"operations":{},"model":{"modelName":"UserStatus","enum":["ACTIVE","DEPROVISIONED","LOCKED_OUT","PASSWORD_EXPIRED","PROVISIONED","RECOVERY","STAGED","SUSPENDED"],"tags":["User"]}}},{"src":"templates/model.go.hbs","dest":"okta/userStatusPolicyRuleCondition.go","context":{"operations":{},"model":{"modelName":"UserStatusPolicyRuleCondition","properties":[{"enum":["ACTIVE","INACTIVE","PENDING","DELETED","EXPIRED_PASSWORD","ACTIVATING","SUSPENDED","DELETING"],"propertyName":"value","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userType.go","context":{"operations":{"createUserType":{"path":"/api/v1/meta/types/user","method":"post","queryParams":[],"pathParams":[],"operationId":"createUserType","description":"Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"},"updateUserType":{"path":"/api/v1/meta/types/user/{typeId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"updateUserType","description":"Updates an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"},"getUserType":{"path":"/api/v1/meta/types/user/{typeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"getUserType","description":"Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[],"responseModel":"UserType"},"deleteUserType":{"path":"/api/v1/meta/types/user/{typeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"deleteUserType","description":"Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[]},"listUserTypes":{"path":"/api/v1/meta/types/user","method":"get","queryParams":[],"pathParams":[],"operationId":"listUserTypes","description":"Fetches all User Types in your org","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/UserType"},"type":"array"}}},"parameters":[],"formData":[],"responseModel":"UserType","isArray":true},"replaceUserType":{"path":"/api/v1/meta/types/user/{typeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"replaceUserType","description":"Replace an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"}},"model":{"modelName":"UserType","properties":[{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"readOnly":true,"propertyName":"createdBy","commonType":"string"},{"readOnly":true,"propertyName":"default","commonType":"boolean"},{"propertyName":"description","commonType":"string"},{"propertyName":"displayName","commonType":"string"},{"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"readOnly":true,"propertyName":"lastUpdatedBy","commonType":"string"},{"propertyName":"name","commonType":"string"}],"methods":[{"alias":"replaceUserType","arguments":[{"dest":"roleId","src":"id"}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"replaceUserType","description":"Replace an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"}}],"crud":[{"alias":"create","arguments":[{"dest":"userType","self":true}],"operation":{"path":"/api/v1/meta/types/user","method":"post","queryParams":[],"pathParams":[],"operationId":"createUserType","description":"Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"}},{"alias":"update","arguments":[{"dest":"typeId","src":"id"},{"dest":"userType","self":true}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"updateUserType","description":"Updates an existing User Type","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"},{"in":"body","name":"userType","required":true,"schema":{"$ref":"#/definitions/UserType"}}],"bodyModel":"UserType","formData":[],"responseModel":"UserType"}},{"alias":"read","arguments":[{"dest":"typeId","src":"id"}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"getUserType","description":"Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserType"}}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[],"responseModel":"UserType"}},{"alias":"delete","arguments":[{"dest":"typeId","src":"id"}],"operation":{"path":"/api/v1/meta/types/user/{typeId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"typeId","required":true,"type":"string"}],"operationId":"deleteUserType","description":"Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users","tags":["UserType"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"typeId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserType"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userTypeCondition.go","context":{"operations":{},"model":{"modelName":"UserTypeCondition","properties":[{"propertyName":"exclude","commonType":"array","isArray":true,"model":"string"},{"propertyName":"include","commonType":"array","isArray":true,"model":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/userVerificationEnum.go","context":{"operations":{},"model":{"modelName":"UserVerificationEnum","enum":["REQUIRED","PREFERRED"],"tags":["Authenticator"]}}},{"src":"templates/model.go.hbs","dest":"okta/verificationMethod.go","context":{"operations":{},"model":{"modelName":"VerificationMethod","properties":[{"propertyName":"constraints","commonType":"array","isArray":true,"model":"AccessPolicyConstraints"},{"propertyName":"factorMode","commonType":"string"},{"propertyName":"inactivityPeriod","commonType":"string"},{"propertyName":"reauthenticateIn","commonType":"string"},{"propertyName":"type","commonType":"string"}],"methods":[],"crud":[],"tags":["Policy"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/verifyFactorRequest.go","context":{"operations":{},"model":{"modelName":"VerifyFactorRequest","properties":[{"propertyName":"activationToken","commonType":"string"},{"propertyName":"answer","commonType":"string"},{"propertyName":"attestation","commonType":"string"},{"propertyName":"clientData","commonType":"string"},{"propertyName":"nextPassCode","commonType":"string"},{"propertyName":"passCode","commonType":"string"},{"propertyName":"registrationData","commonType":"string"},{"propertyName":"stateToken","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/verifyUserFactorResponse.go","context":{"operations":{},"model":{"modelName":"VerifyUserFactorResponse","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"expiresAt","commonType":"dateTime"},{"enum":["SUCCESS","EXPIRED","CHALLENGE","WAITING","FAILED","REJECTED","TIMEOUT","TIME_WINDOW_EXCEEDED","PASSCODE_REPLAYED","ERROR"],"propertyName":"factorResult","commonType":"string"},{"propertyName":"factorResultMessage","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/webAuthnUserFactor.go","context":{"operations":{},"model":{"modelName":"WebAuthnUserFactor","properties":[{"$ref":"#/definitions/WebAuthnUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"WebAuthnUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"webauthn"}}}},{"src":"templates/model.go.hbs","dest":"okta/webAuthnUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"WebAuthnUserFactorProfile","properties":[{"propertyName":"authenticatorName","commonType":"string"},{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/webUserFactor.go","context":{"operations":{},"model":{"modelName":"WebUserFactor","properties":[{"$ref":"#/definitions/WebUserFactorProfile","propertyName":"profile","commonType":"object","isObject":true,"model":"WebUserFactorProfile"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false,"extends":"UserFactor","parent":{"modelName":"UserFactor","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/FactorType","propertyName":"factorType","commonType":"enum","isEnum":true,"model":"FactorType"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/FactorProvider","propertyName":"provider","commonType":"enum","isEnum":true,"model":"FactorProvider"},{"$ref":"#/definitions/FactorStatus","readOnly":true,"propertyName":"status","commonType":"enum","isEnum":true,"model":"FactorStatus"},{"$ref":"#/definitions/VerifyFactorRequest","propertyName":"verify","commonType":"object","isObject":true,"model":"VerifyFactorRequest"}],"methods":[{"alias":"activate","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"activateFactor","description":"The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.","summary":"Activate Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserFactor"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/ActivateFactorRequest"}}],"bodyModel":"ActivateFactorRequest","formData":[],"responseModel":"UserFactor"}},{"alias":"verify","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}/verify","method":"post","queryParams":[{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"}],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"verifyFactor","description":"Verifies an OTP for a `token` or `token:hardware` factor","summary":"Verify MFA Factor","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/VerifyUserFactorResponse"}}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"},{"in":"query","name":"templateId","type":"string"},{"default":300,"format":"int32","in":"query","name":"tokenLifetimeSeconds","type":"integer","x-okta-added-version":"1.3.0"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/VerifyFactorRequest"}},{"in":"header","name":"X-Forwarded-For","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"User-Agent","type":"string","x-okta-added-version":"1.11.0"},{"in":"header","name":"Accept-Language","type":"string"}],"bodyModel":"VerifyFactorRequest","formData":[],"responseModel":"VerifyUserFactorResponse"}}],"crud":[{"alias":"delete","arguments":[{"dest":"factorId","src":"id"},{"dest":"userId","parentSrc":"id"}],"operation":{"path":"/api/v1/users/{userId}/factors/{factorId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"operationId":"deleteFactor","description":"Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.","tags":["UserFactor"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"userId","required":true,"type":"string"},{"in":"path","name":"factorId","required":true,"type":"string"}],"formData":[]}}],"tags":["UserFactor"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"factorType","valueToModelMapping":{"call":"CallUserFactor","email":"EmailUserFactor","hotp":"CustomHotpUserFactor","push":"PushUserFactor","question":"SecurityQuestionUserFactor","sms":"SmsUserFactor","token":"TokenUserFactor","token:hardware":"HardwareUserFactor","token:hotp":"CustomHotpUserFactor","token:software:totp":"TotpUserFactor","u2f":"U2fUserFactor","web":"WebUserFactor","webauthn":"WebAuthnUserFactor"}}},"resolution":{"fieldName":"factorType","fieldValue":"web"}}}},{"src":"templates/model.go.hbs","dest":"okta/webUserFactorProfile.go","context":{"operations":{},"model":{"modelName":"WebUserFactorProfile","properties":[{"propertyName":"credentialId","commonType":"string"}],"methods":[],"crud":[],"tags":["UserFactor"],"isExtensible":false}}},{"src":"templates/model.go.hbs","dest":"okta/wsFederationApplication.go","context":{"operations":{},"model":{"modelName":"WsFederationApplication","properties":[{"default":"template_wsfed","propertyName":"name","commonType":"object","isObject":true},{"$ref":"#/definitions/WsFederationApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"WsFederationApplicationSettings"},{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"Application","parent":{"modelName":"Application","properties":[{"readOnly":true,"propertyName":"_embedded","commonType":"hash","isHash":true,"model":"object"},{"readOnly":true,"propertyName":"_links","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationAccessibility","propertyName":"accessibility","commonType":"object","isObject":true,"model":"ApplicationAccessibility"},{"readOnly":true,"propertyName":"created","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationCredentials","propertyName":"credentials","commonType":"object","isObject":true,"model":"ApplicationCredentials"},{"propertyName":"features","commonType":"array","isArray":true,"model":"string"},{"readOnly":true,"propertyName":"id","commonType":"string"},{"propertyName":"label","commonType":"string"},{"readOnly":true,"propertyName":"lastUpdated","commonType":"dateTime"},{"$ref":"#/definitions/ApplicationLicensing","propertyName":"licensing","commonType":"object","isObject":true,"model":"ApplicationLicensing"},{"readOnly":true,"propertyName":"name","commonType":"string"},{"propertyName":"profile","commonType":"hash","isHash":true,"model":"object"},{"$ref":"#/definitions/ApplicationSettings","propertyName":"settings","commonType":"object","isObject":true,"model":"ApplicationSettings"},{"$ref":"#/definitions/ApplicationSignOnMode","propertyName":"signOnMode","commonType":"enum","isEnum":true,"model":"ApplicationSignOnMode"},{"enum":["ACTIVE","INACTIVE","DELETED"],"readOnly":true,"propertyName":"status","commonType":"string"},{"$ref":"#/definitions/ApplicationVisibility","propertyName":"visibility","commonType":"object","isObject":true,"model":"ApplicationVisibility"}],"methods":[{"alias":"activate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/activate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"activateApplication","description":"Activates an inactive application.","summary":"Activate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"deactivate","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/lifecycle/deactivate","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deactivateApplication","description":"Deactivates an active application.","summary":"Deactivate Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listApplicationUsers","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationUsers","description":"Enumerates all assigned [application users](#application-user-model) for an application.","summary":"List Users Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/AppUser"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"in":"query","name":"query_scope","type":"string"},{"description":"specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"filter","type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser","isArray":true}},{"alias":"assignUserToApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"assignUserToApplication","description":"Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.","summary":"Assign User to Application for SSO & Provisioning","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"appUser","required":true,"schema":{"$ref":"#/definitions/AppUser"}}],"bodyModel":"AppUser","formData":[],"responseModel":"AppUser"}},{"alias":"getApplicationUser","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/users/{userId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"}],"operationId":"getApplicationUser","description":"Fetches a specific user assignment for application by `id`.","summary":"Get Assigned User for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AppUser"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"userId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"AppUser"}},{"alias":"createApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"createApplicationGroupAssignment","description":"Assigns a group to an application","summary":"Assign Group to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"body","name":"applicationGroupAssignment","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}],"bodyModel":"ApplicationGroupAssignment","formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"getApplicationGroupAssignment","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups/{groupId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"}],"operationId":"getApplicationGroupAssignment","description":"Fetches an application group assignment","summary":"Get Assigned Group for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationGroupAssignment"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"groupId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment"}},{"alias":"cloneApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone","method":"post","queryParams":[{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"cloneApplicationKey","description":"Clones a X.509 certificate for an application key credential from a source application to target application.","summary":"Clone Application Key Credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"},{"description":"Unique key of the target Application","in":"query","name":"targetAid","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"getApplicationKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/{keyId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"operationId":"getApplicationKey","description":"Gets a specific application key credential by kid","summary":"Get Key Credential for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"keyId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"listGroupAssignments","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/groups","method":"get","queryParams":[{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationGroupAssignments","description":"Enumerates group assignments for an application.","summary":"List Groups Assigned to Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/ApplicationGroupAssignment"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"q","type":"string"},{"description":"Specifies the pagination cursor for the next page of assignments","in":"query","name":"after","type":"string"},{"default":-1,"description":"Specifies the number of results for a page","format":"int32","in":"query","name":"limit","type":"integer"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"ApplicationGroupAssignment","isArray":true}},{"alias":"listKeys","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listApplicationKeys","description":"Enumerates key credentials for an application","summary":"List Key Credentials for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/JsonWebKey"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"JsonWebKey","isArray":true}},{"alias":"generateKey","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/keys/generate","method":"post","queryParams":[{"in":"query","name":"validityYears","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateApplicationKey","description":"Generates a new X.509 certificate for an application key credential","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"validityYears","type":"integer"}],"formData":[],"responseModel":"JsonWebKey"}},{"alias":"generateCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"generateCsrForApplication","description":"Generates a new key pair and returns the Certificate Signing Request for it.","summary":"Generate Certificate Signing Request for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"metadata","required":true,"schema":{"$ref":"#/definitions/CsrMetadata"}}],"bodyModel":"CsrMetadata","formData":[],"responseModel":"Csr"}},{"alias":"getCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"getCsrForApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Csr"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr"}},{"alias":"revokeCsr","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"revokeCsrFromApplication","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"formData":[]}},{"alias":"listCsrs","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listCsrsForApplication","description":"Enumerates Certificate Signing Requests for an application","summary":"List Certificate Signing Requests for Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/Csr"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[],"responseModel":"Csr","isArray":true}},{"alias":"publishCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryCerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryCerCert","tags":["Application"],"consumes":["application/x-x509-ca-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"encoding":"base64","parameters":[{"in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryDerCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryDerCert","tags":["Application"],"consumes":["application/pkix-cert"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"publishBinaryPemCert","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"operationId":"publishBinaryPemCert","tags":["Application"],"consumes":["application/x-pem-file"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/JsonWebKey"}}},"parameters":[{"format":"binary","in":"body","name":"certificate","required":true,"type":"string"},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"csrId","required":true,"type":"string"}],"bodyModel":"string","bodyFormat":"binary","formData":[],"responseModel":"JsonWebKey"}},{"alias":"listOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listOAuth2TokensForApplication","description":"Lists all tokens for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2Token"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"},{"in":"query","name":"after","type":"string"},{"default":20,"format":"int32","in":"query","name":"limit","type":"integer"}],"formData":[],"responseModel":"OAuth2Token","isArray":true}},{"alias":"revokeOAuth2TokenForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokenForApplication","description":"Revokes the specified token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"formData":[]}},{"alias":"getOAuth2Token","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens/{tokenId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"}],"operationId":"getOAuth2TokenForApplication","description":"Gets a token for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2Token"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"tokenId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2Token"}},{"alias":"revokeOAuth2Tokens","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/tokens","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"revokeOAuth2TokensForApplication","description":"Revokes all tokens for the specified application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}},{"alias":"listScopeConsentGrants","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"listScopeConsentGrants","description":"Lists all scope consent grants for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"items":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"},"type":"array"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant","isArray":true}},{"alias":"grantConsentToScope","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"grantConsentToScope","description":"Grants consent for the application to request an OAuth 2.0 Okta scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"201":{"description":"Created","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"oAuth2ScopeConsentGrant","required":true,"schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}],"bodyModel":"OAuth2ScopeConsentGrant","formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"revokeScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"revokeScopeConsentGrant","description":"Revokes permission for the application to request the given scope","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"formData":[]}},{"alias":"getScopeConsentGrant","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/grants/{grantId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"}],"operationId":"getScopeConsentGrant","description":"Fetches a single scope consent grant for the application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/OAuth2ScopeConsentGrant"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"grantId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"OAuth2ScopeConsentGrant"}},{"alias":"uploadApplicationLogo","operation":{"path":"/api/v1/apps/{appId}/logo","method":"post","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"uploadApplicationLogo","description":"Update the logo for an application.","summary":"The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.","tags":["Application"],"consumes":["multipart/form-data"],"produces":["application/json"],"responses":{"201":{"description":"Created"},"400":{"description":"Bad Request"},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"formData","name":"file","required":true,"type":"file"}],"formData":[{"in":"formData","name":"file","required":true,"type":"file"}]}},{"alias":"getFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"get","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"getFeatureForApplication","description":"Fetches a Feature object for an application.","summary":"Fetches a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateFeatureForApplication","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/features/{name}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"operationId":"updateFeatureForApplication","description":"Updates a Feature object for an application.","summary":"Updates a Feature object for an application.","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ApplicationFeature"}},"404":{"description":"Not Found"}},"parameters":[{"in":"body","name":"capabilities","required":true,"schema":{"$ref":"#/definitions/CapabilitiesObject"}},{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"name","required":true,"type":"string"}],"bodyModel":"CapabilitiesObject","formData":[],"responseModel":"ApplicationFeature"}},{"alias":"updateApplicationPolicy","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}/policies/{policyId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"operationId":"updateApplicationPolicy","description":"Assign an application to a specific policy. This unassigns the application from its currently assigned policy.","summary":"Update application policy","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"204":{"description":"No Content"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"path","name":"policyId","required":true,"type":"string"}],"formData":[]}}],"crud":[{"alias":"read","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"get","queryParams":[{"in":"query","name":"expand","type":"string"}],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"getApplication","description":"Fetches an application from your Okta organization by `id`.","summary":"Get Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"query","name":"expand","type":"string"}],"formData":[],"responseModel":"Application"}},{"alias":"update","arguments":[{"dest":"appId","src":"id"},{"dest":"application","self":true}],"operation":{"path":"/api/v1/apps/{appId}","method":"put","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"updateApplication","description":"Updates an application in your organization.","summary":"Update Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/Application"}}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"},{"in":"body","name":"application","required":true,"schema":{"$ref":"#/definitions/Application"}}],"bodyModel":"Application","formData":[],"responseModel":"Application"}},{"alias":"delete","arguments":[{"dest":"appId","src":"id"}],"operation":{"path":"/api/v1/apps/{appId}","method":"delete","queryParams":[],"pathParams":[{"in":"path","name":"appId","required":true,"type":"string"}],"operationId":"deleteApplication","description":"Removes an inactive application.","summary":"Delete Application","tags":["Application"],"consumes":["application/json"],"produces":["application/json"],"responses":{"200":{"description":"Success"}},"parameters":[{"in":"path","name":"appId","required":true,"type":"string"}],"formData":[]}}],"tags":["Application"],"isExtensible":false,"requiresResolution":true,"resolutionStrategy":{"propertyName":"signOnMode","valueToModelMapping":{"AUTO_LOGIN":"AutoLoginApplication","BASIC_AUTH":"BasicAuthApplication","BOOKMARK":"BookmarkApplication","BROWSER_PLUGIN":"BrowserPluginApplication","OPENID_CONNECT":"OpenIdConnectApplication","SAML_1_1":"SamlApplication","SAML_2_0":"SamlApplication","SECURE_PASSWORD_STORE":"SecurePasswordStoreApplication","WS_FEDERATION":"WsFederationApplication"}}},"resolution":{"fieldName":"signOnMode","fieldValue":"WS_FEDERATION"}}}},{"src":"templates/model.go.hbs","dest":"okta/wsFederationApplicationSettings.go","context":{"operations":{},"model":{"modelName":"WsFederationApplicationSettings","properties":[{"$ref":"#/definitions/WsFederationApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"WsFederationApplicationSettingsApplication"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettings","parent":{"modelName":"ApplicationSettings","properties":[{"$ref":"#/definitions/ApplicationSettingsApplication","propertyName":"app","commonType":"object","isObject":true,"model":"ApplicationSettingsApplication"},{"propertyName":"implicitAssignment","commonType":"boolean"},{"propertyName":"inlineHookId","commonType":"string"},{"$ref":"#/definitions/ApplicationSettingsNotes","propertyName":"notes","commonType":"object","isObject":true,"model":"ApplicationSettingsNotes"},{"$ref":"#/definitions/ApplicationSettingsNotifications","propertyName":"notifications","commonType":"object","isObject":true,"model":"ApplicationSettingsNotifications"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}},{"src":"templates/model.go.hbs","dest":"okta/wsFederationApplicationSettingsApplication.go","context":{"operations":{},"model":{"modelName":"WsFederationApplicationSettingsApplication","properties":[{"propertyName":"attributeStatements","commonType":"string"},{"propertyName":"audienceRestriction","commonType":"string"},{"propertyName":"authnContextClassRef","commonType":"string"},{"propertyName":"groupFilter","commonType":"string"},{"propertyName":"groupName","commonType":"string"},{"propertyName":"groupValueFormat","commonType":"string"},{"propertyName":"nameIDFormat","commonType":"string"},{"propertyName":"realm","commonType":"string"},{"propertyName":"siteURL","commonType":"string"},{"propertyName":"usernameAttribute","commonType":"string"},{"propertyName":"wReplyOverride","commonType":"boolean"},{"propertyName":"wReplyURL","commonType":"string"}],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false,"extends":"ApplicationSettingsApplication","parent":{"modelName":"ApplicationSettingsApplication","properties":[],"methods":[],"crud":[],"tags":["Application"],"isExtensible":false}}}}]
\ No newline at end of file
diff --git a/openapi/generator/index.js b/openapi/generator/index.js
deleted file mode 100644
index b6327a556..000000000
--- a/openapi/generator/index.js
+++ /dev/null
@@ -1,827 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-const _ = require('lodash');
-_.mixin(require('lodash-inflection'));
-const fs = require('fs');
-const path = require('path');
-
-const golang = module.exports;
-
-function getType(obj, prefix = "") {
-  switch (obj.commonType) {
-    case 'dateTime' :
-      return String.raw`*time.Time`;
-    case 'integer' :
-      return String.raw`int64`;
-    case 'boolean' :
-      return String.raw`*bool`;
-    case 'hash' :
-      if (obj.model === 'object') {
-        return String.raw`interface{}`;
-      }
-      if (obj.model === 'boolean') {
-        return String.raw`map[string]bool`;
-      }
-      return String.raw`map[string]*` + obj.model;
-    case 'array' :
-      if (obj.propertyName === "enum" && obj.model === "string") {
-        // edge case for property "enum" on GroupSchemaAttribute, UserSchemaAttribute, UserSchemaAttributeItems
-        // Slice values can be variable typed as string, number, boolean, integer, array
-        return String.raw`[]interface{}`;
-      }
-      if (obj.model === undefined || obj.model === "string") {
-        return String.raw`[]string`;
-      } else {
-        return String.raw`[]` + prefix + obj.model;
-      }
-    case 'enum' :
-    case '':
-    case 'null' :
-    case 'password' :
-    case 'binary' :
-      return String.raw`string`;
-    case 'double':
-      return String.raw`float64`;
-    case 'object' :
-      // edge case from org settings
-      if (obj.propertyName === "_links") {
-        return "interface{}";
-      }
-      if (obj.model === "UserSchemaBaseProperties") {
-        return String.raw`map[string]*UserSchemaAttribute`;
-      }
-      if (obj.model === "GroupSchemaBaseProperties") {
-        return String.raw`map[string]*GroupSchemaAttribute`;
-      }
-      if (obj.model === undefined) {
-        return String.raw`string`;
-      } else {
-        if (prefix !== "") {
-          return prefix + obj.model;
-        }
-        return obj.model;
-      }
-    default:
-      if (obj.propertyName === "pattern" || obj.propertyName === "admin" || obj.propertyName === "enduser") {
-        return String.raw`*string`;
-      }
-      // edge case for UserSchemaAttributeEnum property "const"
-      // Value can be variable typed as string, number, boolean, integer, array
-      if (obj.propertyName === "const") {
-        return "interface{}";
-      }
-      return obj.commonType;
-  }
-}
-
-function lowercaseFirstLetter(text) {
-  // Only works for standard english characters
-  const isSingleCap = /^[A-Z][^A-Z]/;
-  const isAllCap = /^[A-Z]*$/;
-  const isMultiCap = /^[A-Z]{2,}/;
-  if (text.match(isSingleCap)) {
-    return text.charAt(0).toLowerCase() + text.slice(1);
-  } else if (text.match(isAllCap)) {
-    return text.toLowerCase();
-  } else if (text.match(isMultiCap)) {
-    return text.replace(/^([A-Z]*)([A-Z])/, function (match, leading, keep, offset, remaining) {
-      return leading.toLowerCase() + keep;
-    });
-  } else {
-    return text;
-  }
-}
-
-function ucFirst(text) {
-  switch (text) {
-    case 'csr':
-      return 'Csr';
-    case 'csrMetadata':
-      return 'CsrMetadata';
-    case 'csrMetadataSubject':
-      return 'CsrMetadataSubject';
-    case 'csrMetadataSubjectAltNames':
-      return 'CsrMetadataSubjectAllNames';
-    default:
-      return text.charAt(0).toUpperCase() + text.slice(1);
-  }
-
-}
-
-function strToUpper(string) {
-  return string.toUpperCase(string)
-}
-
-function structProp(prop) {
-  prop = prop.replace(/#/g, "");
-  prop = prop.replace(/\$/g, "");
-  prop = prop.replace(/(_\w)/g, function (m) {
-    return m[1].toUpperCase();
-  });
-
-  prop = prop.charAt(0).toUpperCase() + prop.slice(1);
-
-  return prop;
-}
-
-function paramType(query) {
-  if (query.name === "provider") {
-    return "interface{}";
-  }
-  return query.type;
-}
-
-function getImports(object) {
-  let imports = [];
-
-  if (object.model.properties !== undefined) {
-    for (let property of object.model.properties) {
-      switch (property.commonType) {
-        case 'dateTime' :
-          imports.push("time");
-      }
-    }
-  }
-  if (object.model.parent !== undefined) {
-    for (let property of object.model.parent.properties) {
-      switch (property.commonType) {
-        case 'dateTime' :
-          imports.push("time");
-      }
-    }
-
-    if (object.model.parent.parent !== undefined) {
-      for (let property of object.model.parent.parent.properties) {
-        switch (property.commonType) {
-          case 'dateTime' :
-            imports.push("time");
-        }
-      }
-    }
-  }
-
-  if (object.operations !== undefined) {
-    for (let operation in object.operations) {
-      if (object.operations[operation].queryParams.length) {
-        imports.push("github.com/okta/okta-sdk-golang/v2/okta/query")
-        imports.push("context");
-      }
-
-      if (object.operations[operation].formData && object.operations[operation].formData.length) {
-        imports.push("os");
-        imports.push("bytes");
-        imports.push("io");
-        imports.push("mime/multipart");
-      }
-    }
-  }
-
-  if (object.model.methods !== undefined) {
-    for (let method of object.model.methods) {
-
-      if (method.operation.queryParams.length) {
-        imports.push("github.com/okta/okta-sdk-golang/v2/okta/query")
-      }
-      imports.push("fmt");
-      imports.push("context");
-      if (method.operation.responseModel !== undefined) {
-        imports.push("fmt");
-      }
-
-      if (method.operation.bodyModel !== undefined) {
-        imports.push("fmt");
-      }
-    }
-  }
-
-  if (object.model.crud !== undefined) {
-    for (let method of object.model.crud) {
-      if (method.operation.queryParams.length) {
-        imports.push("github.com/okta/okta-sdk-golang/v2/okta/query");
-      }
-      imports.push("fmt");
-      imports.push("context");
-      if (method.operation.responseModel !== undefined) {
-        imports.push("fmt");
-      }
-
-      if (method.operation.bodyModel !== undefined) {
-        imports.push("fmt");
-      }
-    }
-  }
-
-  if (object.model.modelName === "LogEvent") {
-    imports.push("fmt");
-  }
-
-  if (object.model.modelName === "UserSchema") {
-    imports.push("fmt");
-    imports.push("context");
-  }
-
-  if (object.model.modelName === "Domain") {
-    imports.push("fmt");
-    imports.push("context");
-  }
-
-  if (object.model.modelName === "DomainCertificate") {
-    imports = [];
-  }
-
-  imports = [...new Set(imports)];
-
-  if (object.model.modelName === "Role") {
-    imports.splice(imports.indexOf("context"), 1);
-    imports.splice(imports.indexOf("fmt"), 1);
-  }
-
-  if (object.model.modelName === "GroupProfile") {
-    imports.push("encoding/json");
-  }
-
-  return imports;
-}
-
-function operationArgumentBuilder(operation) {
-  const args = [];
-
-  args.push("ctx context.Context");
-
-  if (operation.path === '/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules') {
-      args.push('authServerId string');
-      args.push('policyId string');
-  } else if (operation.path === '/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}') {
-      args.push('authServerId string');
-      args.push('policyId string');
-      args.push('ruleId string');
-  } else {
-    operation.pathParams.map((arg) => args.push(arg.name + " " + arg.type));
-  }
-
-  if ((operation.method === 'post' || operation.method === 'put') && operation.bodyModel) {
-    let bodyModel = ucFirst(_.camelCase(operation.bodyModel));
-
-    if (bodyModel === "Application") {
-      bodyModel = "App";
-    }
-
-    if (bodyModel === "UserFactor") {
-      bodyModel = "Factor";
-    }
-
-    if (bodyModel === "Policy") {
-      bodyModel = "Policies";
-    }
-
-    if (bodyModel === "String") {
-      bodyModel = "string";
-    }
-
-    args.push(`body ` + bodyModel);
-  }
-
-  if (operation.operationId === "getApplication") {
-    args.push(`appInstance App`);
-  }
-
-  if (operation.operationId === "getFactor" ||
-    operation.operationId === "activateFactor" ||
-    operation.operationId === "verifyFactor") {
-    args.push(`factorInstance Factor`);
-  }
-
-  if (operation.operationId === "getPolicy") {
-    args.push(`policyInstance Policies`);
-  }
-
-  if (operation.formData && operation.formData.length) {
-    for (let prop of operation.formData) {
-      let propType = prop.type;
-      if (propType == 'file') {
-        propType = "string"
-      }
-      args.push(prop.name + ` ` + propType)
-    }
-  }
-
-  if (operation.queryParams.length) {
-    args.push('qp *query.Params');
-  }
-
-  return args.join(', ');
-}
-
-function getPath(operation) {
-  let path = operation.path;
-  for (let param of operation.pathParams) {
-    path = path.replace(`{${param.name}}`, String.raw`%v`);
-  }
-
-  return `"${path}"`;
-}
-
-function getPathParams(operation) {
-  const args = []
-  if (operation.path === '/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules') {
-      args.push('authServerId');
-      args.push('policyId');
-  } else if (operation.path === '/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}') {
-      args.push('authServerId');
-      args.push('policyId');
-      args.push('ruleId');
-  } else {
-    for (let param of operation.pathParams) {
-      args.push(param.name);
-    }
-  }
-  return args.join(', ');
-}
-
-function returnType(operation) {
-  if (operation.responseModel !== undefined) {
-    let responseModel = "*" + operation.responseModel
-    if (responseModel === "*Application") {
-      if (applicationModelInterface) {
-        responseModel = "App"
-      } else {
-        responseModel = "interface{}"
-      }
-    }
-    if (responseModel === "*UserFactor") {
-      if (factorModelInterface) {
-        responseModel = "Factor"
-      } else {
-        responseModel = "interface{}"
-      }
-    }
-    if (responseModel === "*Policy") {
-      if (policyModelInterface) {
-        responseModel = "Policies"
-      } else {
-        responseModel = "interface{}"
-      }
-    }
-    if (operation.isArray !== undefined && operation.isArray === true) {
-      return " ([]" + responseModel + ", *Response, error) ";
-    }
-    return " (" + responseModel + ", *Response, error) ";
-  }
-
-  return " (*Response, error) ";
-}
-
-function getClientTags(operations) {
-  let tags = []
-  for (let operation of operations) {
-
-    tags.push(operation.tags[0]);
-  }
-
-  tags = [...new Set(tags)];
-
-  return tags;
-
-}
-
-function responseModelInterface(operationId) {
-  return operationId === "listFactors" ||
-    operationId === "listSupportedFactors" ||
-    operationId === "listPolicies" ||
-    operationId === "listApplications" ||
-    operationId === "listAppTargetsForRole" ||
-    operationId === "listApplicationTargetsForApplicationAdministratorRoleForGroup" ||
-    operationId === "listApplicationTargetsForApplicationAdministratorRoleForUser" ||
-    operationId === "listAssignedApplicationsForGroup" ||
-    operationId === "listAssignedApplicationsForUser";
-}
-
-function applicationModelInterface(operationId) {
-  return operationId === "listApplications" ||
-    operationId === "listAppTargetsForRole" ||
-    operationId === "listAssignedApplicationsForGroup" ||
-    operationId === "listAssignedApplicationsForUser";
-}
-
-function factorModelInterface(operationId) {
-  return operationId === "listFactors" ||
-    operationId === "listSupportedFactors";
-}
-
-function policyModelInterface(operationId) {
-  return operationId === "listPolicies";
-}
-
-function catalogApplicationInterface(operationId) {
-  return operationId === "listApplicationTargetsForApplicationAdministratorRoleForGroup" ||
-    operationId === "listApplicationTargetsForApplicationAdministratorRoleForUser";
-}
-
-function factorInstanceOperation(operationId) {
-  return operationId === "getFactor" ||
-    operationId === "activateFactor" ||
-    operationId === "verifyFactor";
-}
-
-function policyInstanceOperation(operationId) {
-  return operationId === "getPolicy" ||
-    operationId === "updatePolicy";
-}
-
-function getClientTagResources(operations) {
-  let tags = getClientTags(operations);
-  let tagResources = []
-  for (let tag of tags) {
-    if (tag === "AuthServer") tag = "AuthorizationServer";
-    if (tag === "Template") tag = "SmsTemplate";
-    if (tag === "Idp") tag = "IdpTrust";
-    if (tag === "UserFactor") tag = "UserFactor";
-    if (tag === "Log") tag = "LogEvent";
-    if (tag === "Org") tag = "OrgSetting";
-    if (tag === "ThreatInsight") tag = "ThreatInsightConfiguration";
-    tagResources.push(structProp(tag) + " *" + structProp(tag) + "Resource")
-  }
-  tagResources.sort();
-  return tagResources.join("\n\t");
-}
-
-function getNewClientTagProps(operations) {
-  let tags = getClientTags(operations);
-  let tagResources = []
-  for (let tag of tags) {
-    if (tag === "AuthServer") tag = "AuthorizationServer";
-    if (tag === "Template") tag = "SmsTemplate";
-    if (tag === "Idp") tag = "IdpTrust";
-    if (tag === "UserFactor") tag = "UserFactor";
-    if (tag === "Log") tag = "LogEvent";
-    if (tag === "Org") tag = "OrgSetting";
-    if (tag === "ThreatInsight") tag = "ThreatInsightConfiguration";
-    tagResources.push("c." + structProp(tag) + " = (*" + structProp(tag) + "Resource)(&c.resource)")
-  }
-  tagResources.sort();
-  return tagResources.join("\n\t");
-}
-
-function buildProperties(model) {
-  const properties = {};
-
-  if (model.parent !== undefined) {
-    for (let parentProperty of model.parent.properties) {
-      properties[parentProperty.propertyName] = parentProperty;
-    }
-    if (model.parent.parent !== undefined) {
-      for (let parentProperty of model.parent.parent.properties) {
-        properties[parentProperty.propertyName] = parentProperty;
-      }
-    }
-  }
-
-  if (model.properties !== undefined) {
-    for (let modelProperty of model.properties) {
-      properties[modelProperty.propertyName] = modelProperty;
-    }
-  }
-
-  return properties;
-}
-
-function buildModelProperties(model) {
-  const finalProps = [];
-  const properties = buildProperties(model);
-
-  for (let propKey in properties) {
-    var type = getType(properties[propKey], "");
-    if (type === "int64") {
-      finalProps.push(structProp(properties[propKey].propertyName) + " " +
-        getType(properties[propKey], "*") + " `json:\"-\"`");
-      finalProps.push(structProp(properties[propKey].propertyName) + "Ptr *" +
-        getType(properties[propKey], "*") + createJsonTag(properties[propKey].propertyName));
-    } else {
-      finalProps.push(structProp(properties[propKey].propertyName) + " " +
-        getType(properties[propKey], "*") + createJsonTag(properties[propKey].propertyName));
-    }
-  }
-
-  return finalProps.join("\n\t");
-}
-
-function hasInt64Ptrs(model) {
-  const properties = buildProperties(model);
-
-  for (let propKey in properties) {
-    var type = getType(properties[propKey], "");
-    if (type === "int64") {
-      return true;
-    }
-  }
-
-  return false;
-}
-
-function buildModelPropertiesForMarshal(model) {
-  const lines = [];
-  const properties = buildProperties(model);
-  for (let propKey in properties) {
-    var type = getType(properties[propKey], "");
-    if (type === "int64") {
-      var propertyName = structProp(properties[propKey].propertyName);
-      var propertyNamePtr = structProp(properties[propKey].propertyName + "Ptr");
-      lines.push("\tif a." + propertyName + " != 0 {");
-      lines.push("\t\tresult." + propertyNamePtr + " = Int64Ptr(a." + propertyName + ")");
-      lines.push("\t}");
-    }
-  }
-  return lines.join("\n\t");
-}
-
-function buildModelPropertiesForUnmarshal(model) {
-  const lines = [];
-  const properties = buildProperties(model);
-  for (let propKey in properties) {
-    var type = getType(properties[propKey], "");
-    if (type === "int64") {
-      var propertyName = structProp(properties[propKey].propertyName);
-      var propertyNamePtr = structProp(properties[propKey].propertyName + "Ptr");
-      lines.push("\tif result." + propertyNamePtr + " != nil {");
-      lines.push("\t\ta." + propertyName + " = *result." + propertyNamePtr);
-      lines.push("\t\ta." + propertyNamePtr + " = result." + propertyNamePtr);
-      lines.push("\t}");
-    }
-  }
-  return lines.join("\n\t");
-}
-
-function createJsonTag(propertyName) {
-  if (propertyName === "tokenLifetimeMinutes" ||
-    propertyName === "accessTokenLifetimeMinutes" ||
-    propertyName === "minLowerCase" ||
-    propertyName === "minUpperCase" ||
-    propertyName === "minNumber" ||
-    propertyName === "minSymbol" ||
-    propertyName === "maxSessionLifetimeMinutes" ||
-    propertyName === "refreshTokenLifetimeMinutes" ||
-    propertyName === "refreshTokenWindowMinutes" ||
-    propertyName === "default_scope" ||
-    propertyName === "userName" ||
-    propertyName === "leeway" ||
-    propertyName === "audienceOverride" ||
-    propertyName === "defaultRelayState" ||
-    propertyName === "destinationOverride" ||
-    propertyName === "recipientOverride" ||
-    propertyName === "ssoAcsUrlOverride" ||
-    propertyName === "attributeStatements" ||
-    propertyName === "admin" ||
-    propertyName === "enduser" ||
-    propertyName === "maxSessionIdleMinutes") {
-    return " `json:\"" + propertyName + "\"`"
-  } else {
-    return " `json:\"" + propertyName + ",omitempty\"`"
-  }
-}
-
-function isInstance(model) {
-  if (model.modelName === "Csr" ||
-    model.modelName === "CsrMetadata" ||
-    model.modelName === "CsrMetadataSubject" ||
-    model.modelName === "CsrMetadataSubjectAltNames" ||
-    model.modelName === "OAuth2Claim" ||
-    model.modelName === "OAuth2ScopeConsentGrant" ||
-    model.modelName === "AcsEndpoint" ||
-    model.modelName === "JwkUse" ||
-    model.modelName === "OAuth2Actor" ||
-    model.modelName === "OAuth2Client" ||
-    model.modelName === "OAuth2RefreshToken" ||
-    model.modelName === "OAuth2ClaimConditions" ||
-    model.modelName === "OAuth2Scope" ||
-    model.modelName === "WebAuthnUserFactorProfile" ||
-    model.modelName === "OpenIdConnectApplicationSettingsClientKeys" ||
-    model.modelName === "OpenIdConnectApplicationSettingsRefreshToken" ||
-    model.modelName === "SingleLogout" ||
-    model.modelName === "SpCertificate" ||
-    model.modelName === "OpenIdConnectApplicationIdpInitiatedLogin" ||
-    model.modelName === "ApplicationAccessibility" ||
-    model.modelName === "ApplicationCredentials" ||
-    model.modelName === "ApplicationCredentialsOAuthClient" ||
-    model.modelName === "ApplicationCredentialsSigning" ||
-    model.modelName === "ApplicationCredentialsUsernameTemplate" ||
-    model.modelName === "ApplicationGroupAssignment" ||
-    model.modelName === "ApplicationLicensing" ||
-    model.modelName === "ApplicationSettings" ||
-    model.modelName === "ApplicationSettingsApplication" ||
-    model.modelName === "ApplicationSettingsNotes" ||
-    model.modelName === "ApplicationSettingsNotifications" ||
-    model.modelName === "ApplicationSettingsNotificationsVpn" ||
-    model.modelName === "ApplicationSettingsNotificationsVpnNetwork" ||
-    model.modelName === "ApplicationVisibility" ||
-    model.modelName === "ApplicationVisibilityHide" ||
-    model.modelName === "AppUser" ||
-    model.modelName === "AppUserCredentials" ||
-    model.modelName === "AppUserPasswordCredential" ||
-    model.modelName === "AuthorizationServerCredentials" ||
-    model.modelName === "AutoLoginApplicationSettings" ||
-    model.modelName === "AutoLoginApplicationSettingsSignOn" ||
-    model.modelName === "BasicApplicationSettings" ||
-    model.modelName === "BasicApplicationSettingsApplication" ||
-    model.modelName === "BookmarkApplicationSettings" ||
-    model.modelName === "BookmarkApplicationSettingsApplication" ||
-    model.modelName === "JsonWebKey" ||
-    model.modelName === "OAuth2Token" ||
-    model.modelName === "OAuthApplicationCredentials" ||
-    model.modelName === "OpenIdConnectApplicationSettings" ||
-    model.modelName === "OpenIdConnectApplicationSettingsClient" ||
-    model.modelName === "SamlApplicationSettings" ||
-    model.modelName === "SamlApplicationSettingsSignOn" ||
-    model.modelName === "SamlAttributeStatement" ||
-    model.modelName === "SchemeApplicationCredentials" ||
-    model.modelName === "SecurePasswordStoreApplicationSettings" ||
-    model.modelName === "SecurePasswordStoreApplicationSettingsApplication" ||
-    model.modelName === "SignOnInlineHook" ||
-    model.modelName === "SwaApplicationSettings" ||
-    model.modelName === "SwaApplicationSettingsApplication" ||
-    model.modelName === "SwaThreeFieldApplicationSettings" ||
-    model.modelName === "SwaThreeFieldApplicationSettingsApplication" ||
-    model.modelName === "WsFederationApplicationSettings" ||
-    model.modelName === "WsFederationApplicationSettingsApplication" ||
-    model.modelName === "OAuth2ScopesMediationPolicyRuleCondition") {
-    return false
-  }
-
-  var tag = model.tags[0];
-  return tag === "Application" || tag == "Policy" || tag === "UserFactor";
-}
-
-function log(item) {
-  console.log(item);
-}
-
-function missingProperty(name, properties) {
-  if (name === undefined || properties === undefined) {
-    return true;
-  }
-  var found = properties.some(function (item) {
-    return item.default !== undefined && item.propertyName === name;
-  });
-  return !found;
-}
-
-golang.process = ({spec, operations, models, handlebars}) => {
-  golang.spec = spec;
-  const templates = [];
-  const queryOptionsTemp = [];
-  const queryOptions = [];
-  const modelsByName = [];
-
-  for (let model of models) {
-    modelsByName[model.modelName] = model
-  }
-
-  for (let operation of operations) {
-    for (let param of operation.queryParams) {
-      queryOptionsTemp[param.name] = param.type;
-    }
-  }
-
-  for (let key in queryOptionsTemp) {
-    if (queryOptionsTemp[key] === "boolean") {
-      queryOptionsTemp[key] = "bool";
-    }
-    if (queryOptionsTemp[key] === "integer") {
-      queryOptionsTemp[key] = "int64";
-    }
-    queryOptions.push({name: key, type: queryOptionsTemp[key]});
-  }
-
-  templates.push({
-    src: 'templates/query.go.hbs',
-    dest: 'okta/query/query.go',
-    context: {
-      "queryOptions": queryOptions
-    }
-  });
-
-  const version = process.env.OKTA_SDK_GOLANG_VERISON || spec.info.version;
-  templates.push({
-    src: 'templates/okta.go.hbs',
-    dest: 'okta/okta.go',
-    context: {
-      "operations": operations,
-      "models": models,
-      "version": version
-    }
-  });
-
-  for (let model of models) {
-
-    if (model.extends !== undefined) {
-      model.parent = modelsByName[model.extends];
-
-      if (model.parent.resolutionStrategy !== undefined) {
-        for (let value in model.parent.resolutionStrategy.valueToModelMapping) {
-          if (model.modelName)
-            if (model.parent.resolutionStrategy.valueToModelMapping[value] === model.modelName) {
-              model.resolution = {fieldName: model.parent.resolutionStrategy.propertyName, fieldValue: value};
-              let result = new Map()
-              for (let value of model.properties) {
-                result.set(value.propertyName, value)
-              }
-              for (let value of model.parent.properties) {
-                if (!result.has(value.propertyName)) {
-                  result.set(value.propertyName, value)
-                }
-              }
-              model.properties = [...result].map(([name, value]) => (value));
-            }
-        }
-      }
-
-      if (model.parent.parent !== undefined && model.parent.parent.resolutionStrategy !== undefined) {
-        model.resolution = model.parent.resolution;
-      }
-    }
-
-    let modelOperations = {}
-
-    if (model.crud !== undefined) {
-      for (let modelCrud of model.crud) {
-        modelOperations[modelCrud.operation.operationId] = modelCrud.operation;
-      }
-    }
-
-    for (let operation of operations) {
-      let tag = operation.tags[0];
-      if (tag === "AuthServer") tag = "AuthorizationServer";
-      if (tag === "Template") tag = "SmsTemplate";
-      if (tag === "Idp") tag = "IdpTrust";
-      if (tag === "UserFactor") tag = "UserFactor";
-      if (tag === "Log") tag = "LogEvent";
-      if (tag === "Org") tag = "OrgSetting";
-      if (tag === model.modelName) {
-        modelOperations[operation.operationId] = operation;
-      }
-    }
-
-    templates.push({
-      src: 'templates/model.go.hbs',
-      dest: 'okta/' + lowercaseFirstLetter(model.modelName) + '.go',
-      context: {
-        "operations": modelOperations,
-        "model": model
-      }
-    });
-  }
-
-  handlebars.registerHelper({
-    getType,
-    structProp,
-    paramType,
-    log,
-    ucFirst,
-    operationArgumentBuilder,
-    getPath,
-    getPathParams,
-    returnType,
-    getImports,
-    strToUpper,
-    lowercaseFirstLetter,
-    getClientTagResources,
-    getNewClientTagProps,
-    buildModelProperties,
-    hasInt64Ptrs,
-    buildModelPropertiesForMarshal,
-    buildModelPropertiesForUnmarshal,
-    responseModelInterface,
-    applicationModelInterface,
-    factorModelInterface,
-    policyModelInterface,
-    factorInstanceOperation,
-    policyInstanceOperation,
-    isInstance,
-    catalogApplicationInterface,
-    missingProperty
-  });
-
-  handlebars.registerPartial('partials.copyHeader', fs.readFileSync('generator/templates/partials/copyHeader.hbs', 'utf8'));
-  handlebars.registerPartial('struct.withProp', fs.readFileSync('generator/templates/struct/withProp.go.hbs', 'utf8'));
-  handlebars.registerPartial('model.imports', fs.readFileSync('generator/templates/model/imports.go.hbs', 'utf8'));
-  handlebars.registerPartial('model.defaultMethod', fs.readFileSync('generator/templates/model/defaultMethod.go.hbs', 'utf8'));
-  handlebars.registerPartial('model.multipartFileMethod', fs.readFileSync('generator/templates/model/multipartFileMethod.go.hbs', 'utf8'));
-
-  fs.writeFile("generator/createdFiles.json", JSON.stringify(templates), function (error) {
-    console.log(error);
-  });
-  return templates;
-};
diff --git a/openapi/generator/templates/model.go.hbs b/openapi/generator/templates/model.go.hbs
deleted file mode 100644
index 2dd3d36be..000000000
--- a/openapi/generator/templates/model.go.hbs
+++ /dev/null
@@ -1,198 +0,0 @@
-{{> partials.copyHeader }}
-
-package okta
-
-{{#if (or (eq model.modelName "UserProfile") (eq model.modelName "SmsTemplateTranslations"))}}
-type {{model.modelName}} map[string]interface{}
-{{else}}
-{{> model.imports this}}
-
-{{#if (eq model.modelName "Application")}}
-type App interface {
-	IsApplicationInstance() bool
-}
-
-{{else if (eq model.modelName "UserFactor")}}
-type Factor interface {
-	IsUserFactorInstance() bool
-}
-
-{{else if (eq model.modelName "Policy")}}
-type Policies interface {
-	IsPolicyInstance() bool
-}
-
-{{/if}}
-{{#if (eq model.modelName "GroupSchema")}}
-type {{model.modelName}}Resource resource
-
-{{/if}}
-{{#if (and
-    (or
-      (or (gt model.methods.length 0)
-          (gt model.crud.length 0))
-      (or
-          (eq model.modelName "LogEvent")
-          (or (eq model.modelName "Domain") (eq model.modelName "UserSchema")))
-    )
-    (ne model.modelName "Role")
-)}}
-type {{model.modelName}}Resource resource
-
-{{/if}}
-{{#if (eq model.modelName "GroupProfile")}}
-type {{model.modelName}}Map map[string]interface{}
-
-{{/if}}
-{{#if (eq model.modelName "ApplicationSettingsApplication")}}
-type {{model.modelName}} map[string]interface{}
-{{else if model.enum}}
-type {{model.modelName}} string
-{{else}}
-type {{model.modelName}} struct {
-	{{{buildModelProperties model}}}
-{{#if (eq model.modelName "GroupProfile")}}
-    {{model.modelName}}Map
-{{/if}}
-}
-{{/if}}
-{{#if model.enum}}
-{{else}}
-{{#if (isInstance model) }}
-func New{{model.modelName}}() *{{model.modelName}} {
-	return &{{model.modelName}}{
-		{{#each model.properties as |prop|}}
-		{{#if (ne prop.default undefined) }}
-			{{#if (or (eq prop.commonType "string") (eq prop.commonType "object")) }}
-		{{structProp prop.propertyName}}: "{{prop.default}}",
-			{{else if (and (eq prop.commonType "array") (eq prop.model "string")) }}
-		{{structProp prop.propertyName}}: []string{},
-			{{else if (eq prop.commonType "boolean") }}
-		{{structProp prop.propertyName}}: boolPtr({{prop.default}}),
-			{{else if (eq prop.commonType "integer") }}
-		{{structProp prop.propertyName}}: {{prop.default}},
-		{{structProp prop.propertyName}}Ptr: Int64Ptr({{prop.default}}),
-			{{else}}
-		{{structProp prop.propertyName}}: {{prop.default}},
-			{{/if}}
-		{{/if}}
-		{{/each}}
-		{{#if (and (ne model.resolution undefined) (missingProperty model.resolution.fieldName model.properties)) }}
-		{{structProp model.resolution.fieldName}}: "{{model.resolution.fieldValue}}",
-		{{/if}}
-	}
-}
-
-func (a *{{model.modelName}}) Is{{model.tags.[0]}}Instance() bool {
-	return true
-}
-
-{{/if}}
-{{/if}}
-{{#each operations as |operation|}}
-{{#if (and (ne operation.formData undefined) (ne operation.formData.length 0) ) }}
-{{> model.multipartFileMethod  operation=operation alias=alias modelName=../model.modelName}}
-{{else}}
-{{> model.defaultMethod  operation=operation alias=alias modelName=../model.modelName}}
-{{/if}}
-{{/each}}
-{{/if}}
-
-{{#if (eq model.modelName "GroupProfile")}}
-func (a *{{model.modelName}}) UnmarshalJSON(data []byte) error {
-	if string(data) == "null" || string(data) == `""` {
-		return nil
-	}
-	var profile map[string]interface{}
-	err := json.Unmarshal(data, &profile)
-	if err != nil {
-		return err
-	}
-	a.Name, _ = profile["name"].(string)
-	a.Description, _ = profile["description"].(string)
-	delete(profile, "name")
-	delete(profile, "description")
-	a.{{model.modelName}}Map = profile
-	return nil
-}
-
-func (a {{model.modelName}}) MarshalJSON() ([]byte, error) {
-	if len(a.{{model.modelName}}Map) == 0 {
-		return  json.Marshal(&struct {
-			Name        string `json:"name"`
-			Description string `json:"description"`
-		}{
-			Name:        a.Name,
-			Description: a.Description,
-		})
-	}
-	if a.Name != "" {
-		a.{{model.modelName}}Map["name"] = a.Name
-	}
-	if a.Description != "" {
-		a.{{model.modelName}}Map["description"] = a.Description
-	}
-	return json.Marshal(a.{{model.modelName}}Map)
-}
-
-{{/if}}
-{{#unless (eq model.modelName "GroupProfile")}}
-{{#if (hasInt64Ptrs model) }}
-func (a *{{model.modelName}}) MarshalJSON() ([]byte, error) {
-	type Alias {{model.modelName}}
-	type local struct {
-		*Alias
-	}
-	result := local{Alias: (*Alias)(a)}
-	{{{buildModelPropertiesForMarshal model}}}
-	return json.Marshal(&result)
-}
-
-func (a *{{model.modelName}}) UnmarshalJSON(data []byte) error {
-	type Alias {{model.modelName}}
-
-	result := &struct {
-		*Alias
-	}{
-		Alias: (*Alias)(a),
-	}
-	if err := json.Unmarshal(data, &result); err != nil {
-		return err
-	}
-	{{{buildModelPropertiesForUnmarshal model}}}
-	return nil
-}
-
-{{/if}}
-{{/unless}}
-{{#if (eq model.modelName "SocialAuthToken")}}
-func (a *{{model.modelName}}) UnmarshalJSON(data []byte) error {
-	if string(data) == "null" || string(data) == `""` {
-		return nil
-	}
-	var token map[string]interface{}
-	err := json.Unmarshal(data, &token)
-	if err != nil {
-		return err
-	}
-	if ea, found := token["expiresAt"]; found {
-		if expiresAt, err := time.Parse(time.RFC3339, ea.(string)); err == nil {
-			a.ExpiresAt = &expiresAt
-		}
-	}
-	a.Id, _ = token["id"].(string)
-	if scopes, found := token["scopes"]; found {
-		_scopes := scopes.([]interface{})
-		a.Scopes = make([]string, len(_scopes))
-		for i, scope := range _scopes {
-			a.Scopes[i] = scope.(string)
-		}
-	}
-	a.Token, _ = token["token"].(string)
-	a.TokenAuthScheme, _ = token["tokenAuthScheme"].(string)
-	a.TokenType, _ = token["tokenType"].(string)
-
-	return nil
-}
-
-{{/if}}
\ No newline at end of file
diff --git a/openapi/generator/templates/model/defaultMethod.go.hbs b/openapi/generator/templates/model/defaultMethod.go.hbs
deleted file mode 100644
index 10ce9e890..000000000
--- a/openapi/generator/templates/model/defaultMethod.go.hbs
+++ /dev/null
@@ -1,110 +0,0 @@
-
-{{#if (and (ne operation.description undefined) (ne operation.description "Success") )}}// {{operation.description}}{{/if}}
-func (m *{{modelName}}Resource) {{ucFirst operation.operationId}}({{operationArgumentBuilder operation}}) {{returnType
-	operation}}{
-	url := fmt.Sprintf({{{getPath operation}}}, {{getPathParams operation}})
-	{{#if operation.queryParams.length}}
-	if qp != nil {
-		url = url + qp.String()
-	}
-	{{/if}}
-
-	rq := m.client.CloneRequestExecutor()
-
-	{{#if (ne operation.bodyModel undefined)}}
-	{{#if (eq operation.bodyFormat "binary")}}
-	req, err := rq.AsBinary().WithAccept("{{operation.produces.[0]}}").WithContentType("{{operation.consumes.[0]}}").NewRequest("{{strToUpper operation.method}}", url, body)
-	{{else}}
-	req, err := rq.WithAccept("{{operation.produces.[0]}}").WithContentType("{{operation.consumes.[0]}}").NewRequest("{{strToUpper operation.method}}", url, body)
-	{{/if}}
-	{{else}}
-	req, err := rq.WithAccept("{{operation.produces.[0]}}").WithContentType("{{operation.consumes.[0]}}").NewRequest("{{strToUpper operation.method}}", url, nil)
-	{{/if}}
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, nil, err
-		{{else}}
-		return nil, err
-		{{/if}}
-	}
-
-
-	{{#if (ne operation.responseModel undefined)}}
-	{{#if (ne operation.isArray undefined)}}
-	{{#if (responseModelInterface operation.operationId) }}
-	{{#if (applicationModelInterface operation.operationId) }}
-	var {{lowercaseFirstLetter operation.responseModel}} []Application
-	{{else if (factorModelInterface operation.operationId) }}
-	var {{lowercaseFirstLetter operation.responseModel}} []UserFactor
-	{{else if (policyModelInterface operation.operationId) }}
-	var {{lowercaseFirstLetter operation.responseModel}} []Policy
-	{{else if (catalogApplicationInterface operation.operationId) }}
-    var {{lowercaseFirstLetter operation.responseModel}} []*CatalogApplication
-	{{else}}
-	var {{lowercaseFirstLetter operation.responseModel}} []interface{}
-	{{/if}}
-	{{else}}
-	var {{lowercaseFirstLetter operation.responseModel}} []*{{operation.responseModel}}
-	{{/if}}
-	{{else}}
-	{{#if (or (or (eq operation.responseModel "Application") (eq operation.responseModel "Policy")) (or (eq operation.responseModel "Factor") (eq operation.responseModel "UserFactor")))}}
-	{{#if (eq operation.operationId "getApplication")}}
-	{{lowercaseFirstLetter operation.responseModel}} := appInstance
-	{{else if (factorInstanceOperation operation.operationId) }}
-	{{lowercaseFirstLetter operation.responseModel}} := factorInstance
-	{{else if (and (policyInstanceOperation operation.operationId) (eq operation.method "get"))  }}
-	{{lowercaseFirstLetter operation.responseModel}} := policyInstance
-	{{else}}
-	{{lowercaseFirstLetter operation.responseModel}} := body
-	{{/if}}
-	{{else}}
-	var {{lowercaseFirstLetter operation.responseModel}} *{{operation.responseModel}}
-	{{/if}}
-	{{/if}}
-
-	resp, err := rq.Do(ctx, req, &{{lowercaseFirstLetter operation.responseModel}})
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, resp, err
-		{{/if}}
-	}
-
-	{{#if (applicationModelInterface operation.operationId) }}
-	apps := make([]App, len({{lowercaseFirstLetter operation.responseModel}}))
-	for i := range {{lowercaseFirstLetter operation.responseModel}} {
-		apps[i] = &{{lowercaseFirstLetter operation.responseModel}}[i]
-	}
-	return apps, resp, nil
-
-	{{else if (policyModelInterface operation.operationId) }}
-	policies := make([]Policies, len({{lowercaseFirstLetter operation.responseModel}}))
-	for i := range {{lowercaseFirstLetter operation.responseModel}} {
-		policies[i] = &{{lowercaseFirstLetter operation.responseModel}}[i]
-	}
-	return policies, resp, nil
-
-	{{else if (factorModelInterface operation.operationId) }}
-	factors := make([]Factor, len({{lowercaseFirstLetter operation.responseModel}}))
-	for i := range {{lowercaseFirstLetter operation.responseModel}} {
-		factors[i] = &{{lowercaseFirstLetter operation.responseModel}}[i]
-	}
-	return factors, resp, nil
-
-	{{else}}
-
-	return {{lowercaseFirstLetter operation.responseModel}}, resp, nil
-	{{/if}}
-	{{else}}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, resp, err
-		{{else if (eq operation.responseModel undefined)}}
-		return resp, err
-		{{/if}}
-	}
-
-	return resp, nil
-	{{/if}}
-}
diff --git a/openapi/generator/templates/model/imports.go.hbs b/openapi/generator/templates/model/imports.go.hbs
deleted file mode 100644
index 7368cbb8a..000000000
--- a/openapi/generator/templates/model/imports.go.hbs
+++ /dev/null
@@ -1,5 +0,0 @@
-import (
-{{#each (getImports this) as |import|}}
-	"{{import}}"
-{{/each}}
-)
diff --git a/openapi/generator/templates/model/multipartFileMethod.go.hbs b/openapi/generator/templates/model/multipartFileMethod.go.hbs
deleted file mode 100644
index cef2a0598..000000000
--- a/openapi/generator/templates/model/multipartFileMethod.go.hbs
+++ /dev/null
@@ -1,122 +0,0 @@
-{{#if (and (ne operation.description undefined) (ne operation.description "Success") )}}// {{operation.description}}{{/if}}
-func (m *{{modelName}}Resource) {{ucFirst operation.operationId}}({{operationArgumentBuilder operation}}) {{returnType
-	operation}}{
-	url := fmt.Sprintf({{{getPath operation}}}, {{getPathParams operation}})
-	{{#if operation.queryParams.length}}
-	if qp != nil {
-		url = url + qp.String()
-	}
-	{{/if}}
-
-	rq := m.client.CloneRequestExecutor()
-
-	fo, err := os.Open({{operation.formData.0.name}})
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, nil, err
-		{{else}}
-		return nil, err
-		{{/if}}
-	}
-	defer fo.Close()
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	fw, err := writer.CreateFormFile("{{operation.formData.0.name}}", {{operation.formData.0.name}})
-
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, nil, err
-		{{else}}
-		return nil, err
-		{{/if}}
-	}
-	_, err = io.Copy(fw, fo)
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, nil, err
-		{{else}}
-		return nil, err
-		{{/if}}
-	}
-	_ = writer.Close()
-
-	req, err := rq.WithAccept("{{operation.produces.[0]}}").WithContentType(writer.FormDataContentType()).NewRequest("{{strToUpper operation.method}}", url, body)
-
-
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, nil, err
-		{{else}}
-		return nil, err
-		{{/if}}
-	}
-
-
-	{{#if (ne operation.responseModel undefined)}}
-	{{#if (ne operation.isArray undefined)}}
-	{{#if (responseModelInterface operation.operationId) }}
-	{{#if (applicationModelInterface operation.operationId) }}
-	var {{lowercaseFirstLetter operation.responseModel}} []Application
-	{{else if (factorModelInterface operation.operationId) }}
-	var {{lowercaseFirstLetter operation.responseModel}} []UserFactor
-	{{else if (catalogApplicationInterface operation.operationId) }}
-    var {{lowercaseFirstLetter operation.responseModel}} []*CatalogApplication
-	{{else}}
-	var {{lowercaseFirstLetter operation.responseModel}} []interface{}
-	{{/if}}
-	{{else}}
-	var {{lowercaseFirstLetter operation.responseModel}} []*{{operation.responseModel}}
-	{{/if}}
-	{{else}}
-	{{#if (or (eq operation.responseModel "Application") (eq operation.responseModel "Factor"))}}
-	{{#if (eq operation.operationId "getApplication")}}
-	{{lowercaseFirstLetter operation.responseModel}} := appInstance
-	{{else if (factorInstanceOperation operation.operationId) }}
-	{{lowercaseFirstLetter operation.responseModel}} := factorInstance
-	{{else}}
-	{{lowercaseFirstLetter operation.responseModel}} := body
-	{{/if}}
-	{{else}}
-	var {{lowercaseFirstLetter operation.responseModel}} *{{operation.responseModel}}
-	{{/if}}
-	{{/if}}
-
-	resp, err := rq.Do(ctx, req, &{{lowercaseFirstLetter operation.responseModel}})
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, resp, err
-		{{/if}}
-	}
-
-	{{#if (applicationModelInterface operation.operationId) }}
-	apps := make([]App, len({{lowercaseFirstLetter operation.responseModel}}))
-	for i := range {{lowercaseFirstLetter operation.responseModel}} {
-		apps[i] = &{{lowercaseFirstLetter operation.responseModel}}[i]
-	}
-	return apps, resp, nil
-
-	{{else if (factorModelInterface operation.operationId) }}
-	factors := make([]Factor, len({{lowercaseFirstLetter operation.responseModel}}))
-	for i := range {{lowercaseFirstLetter operation.responseModel}} {
-		factors[i] = &{{lowercaseFirstLetter operation.responseModel}}[i]
-	}
-	return factors, resp, nil
-
-	{{else}}
-
-	return {{lowercaseFirstLetter operation.responseModel}}, resp, nil
-	{{/if}}
-	{{else}}
-
-	resp, err := m.client.requestExecutor.Do(ctx, req, nil)
-	if err != nil {
-		{{#if (ne operation.responseModel undefined)}}
-		return nil, resp, err
-		{{else if (eq operation.responseModel undefined)}}
-		return resp, err
-		{{/if}}
-	}
-
-	return resp, nil
-	{{/if}}
-}
diff --git a/openapi/generator/templates/okta.go.hbs b/openapi/generator/templates/okta.go.hbs
deleted file mode 100644
index 3eed1ea6a..000000000
--- a/openapi/generator/templates/okta.go.hbs
+++ /dev/null
@@ -1,182 +0,0 @@
-{{> partials.copyHeader }}
-
-package okta
-
-import (
-	"context"
-	"fmt"
-	"io/ioutil"
-	"os/user"
-	"path"
-	"path/filepath"
-	"runtime"
-
-	"github.com/kelseyhightower/envconfig"
-	"github.com/okta/okta-sdk-golang/v2/okta/cache"
-	"gopkg.in/yaml.v3"
-)
-
-const Version = "{{ version }}"
-
-type Client struct {
-	config *config
-	requestExecutor *RequestExecutor
-	resource resource
-	{{getClientTagResources operations}}
-}
-
-type resource struct {
-	client *Client
-}
-
-type clientContextKey struct{}
-
-func NewClient(ctx context.Context, conf ...ConfigSetter) (context.Context, *Client, error) {
-	config := &config{}
-
-	setConfigDefaults(config)
-	config = readConfigFromSystem(*config)
-	config = readConfigFromApplication(*config)
-	config = readConfigFromEnvironment(*config)
-
-	for _, confSetter := range conf {
-		confSetter(config)
-	}
-
-	var oktaCache cache.Cache
-	if !config.Okta.Client.Cache.Enabled {
-		oktaCache = cache.NewNoOpCache()
-	} else {
-		if config.CacheManager == nil {
-			oktaCache = cache.NewGoCache(config.Okta.Client.Cache.DefaultTtl,
-				config.Okta.Client.Cache.DefaultTti)
-		} else {
-			oktaCache = config.CacheManager
-		}
-	}
-
-	config.CacheManager = oktaCache
-
-	config, err := validateConfig(config)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	c := &Client{}
-	c.config = config
-	c.requestExecutor = NewRequestExecutor(config.HttpClient, oktaCache, config)
-
-	c.resource.client = c
-
-	{{{getNewClientTagProps operations}}}
-
-	contextReturn := context.WithValue(ctx, clientContextKey{}, c)
-
-	return contextReturn, c, nil
-}
-
-func ClientFromContext(ctx context.Context) (*Client, bool) {
-	u, ok := ctx.Value(clientContextKey{}).(*Client)
-	return u, ok
-}
-
-func (c *Client) GetConfig() *config {
-	return c.config
-}
-
-func (c *Client) SetConfig(conf ...ConfigSetter) (err error) {
-	config := c.config
-	for _, confSetter := range conf {
-		confSetter(config)
-	}
-	_, err = validateConfig(config)
-	if err != nil {
-		return
-	}
-	c.config = config
-	return 
-}
-
-// GetRequestExecutor returns underlying request executor
-// Deprecated: please use CloneRequestExecutor() to avoid race conditions
-func (c *Client) GetRequestExecutor() *RequestExecutor {
-	return c.requestExecutor
-}
-
-// CloneRequestExecutor create a clone of the underlying request executor
-func (c *Client) CloneRequestExecutor() *RequestExecutor {
-	a := *c.requestExecutor
-	return &a
-}
-
-func setConfigDefaults(c *config) {
-	conf := []ConfigSetter{
-		WithConnectionTimeout(60),
-		WithCache(true),
-		WithCacheTtl(300),
-		WithCacheTti(300),
-		WithUserAgentExtra(""),
-		WithTestingDisableHttpsCheck(false),
-		WithRequestTimeout(0),
-		WithRateLimitMaxBackOff(30),
-		WithRateLimitMaxRetries(2),
-		WithAuthorizationMode("SSWS"),
-	}
-	for _, confSetter := range conf {
-		confSetter(c)
-	}
-}
-
-func readConfigFromFile(location string, c config) (*config, error) {
-	yamlConfig, err := ioutil.ReadFile(location)
-	if err != nil {
-		return nil, err
-	}
-	err = yaml.Unmarshal(yamlConfig, &c)
-	if err != nil {
-		return nil, err
-	}
-	return &c, err
-}
-
-func readConfigFromSystem(c config) *config {
-	currUser, err := user.Current()
-	if err != nil {
-		return &c
-	}
-	if currUser.HomeDir == "" {
-		return &c
-	}
-	conf, err := readConfigFromFile(currUser.HomeDir+"/.okta/okta.yaml", c)
-	if err != nil {
-		return &c
-	}
-	return conf
-}
-
-// read config from the project's root directory
-func readConfigFromApplication(c config) *config {
-	_, b, _, _ := runtime.Caller(0)
-	conf, err := readConfigFromFile(filepath.Join(filepath.Dir(path.Join(path.Dir(b))), ".okta.yaml"), c)
-	if err != nil {
-		return &c
-	}
-	return conf
-}
-
-func readConfigFromEnvironment(c config) *config {
-	err := envconfig.Process("okta", &c)
-	if err != nil {
-		fmt.Println("error parsing")
-		return &c
-	}
-	return &c
-}
-
-func boolPtr(b bool) *bool {
-	return &b
-}
-
-func Int64Ptr(i int64) *int64 {
-	return &i
-}
diff --git a/openapi/generator/templates/partials/copyHeader.hbs b/openapi/generator/templates/partials/copyHeader.hbs
deleted file mode 100644
index 80093ceb4..000000000
--- a/openapi/generator/templates/partials/copyHeader.hbs
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
-* Copyright 2018 - Present Okta, Inc.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*      http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-
-// Code generated by okta openapi generator. DO NOT EDIT.
diff --git a/openapi/generator/templates/query.go.hbs b/openapi/generator/templates/query.go.hbs
deleted file mode 100644
index 6d36165ef..000000000
--- a/openapi/generator/templates/query.go.hbs
+++ /dev/null
@@ -1,84 +0,0 @@
-{{> partials.copyHeader }}
-
-package query
-
-import (
-	"net/url"
-	"strconv"
-)
-
-type Params struct {
-{{#each queryOptions as |query|}}
-	{{#if (eq query.name "provider")}}
-	{{structProp query.name}} interface{} `json:"{{query.name}},omitempty"`
-	{{else if (eq query.type "bool")}}
-	{{structProp query.name}} *{{query.type}} `json:"{{query.name}},omitempty"`
-	{{else}}
-	{{structProp query.name}} {{query.type}} `json:"{{query.name}},omitempty"`
-	{{/if}}
-{{/each}}
-}
-
-func NewQueryParams(paramOpt ...ParamOptions) *Params {
-	p := &Params{}
-
-	for _, par := range paramOpt {
-		par(p)
-	}
-
-	return p
-}
-
-type ParamOptions func(*Params)
-
-{{#each queryOptions as |query|}}
-func With{{structProp query.name}}(query{{structProp query.name}} {{paramType query}}) ParamOptions {
-	return func(p *Params) {
-		{{#if (eq query.name "provider")}}
-		p.{{structProp query.name}} = query{{structProp query.name}}
-		{{else if (eq query.type "bool")}}
-		b := new(bool)
-		*b = query{{structProp query.name}}
-		p.{{structProp query.name}} = b
-		{{else}}
-		p.{{structProp query.name}} = query{{structProp query.name}}
-		{{/if}}
-	}
-}
-{{/each}}
-
-func (p *Params) String() string {
-	qs := url.Values{}
-
-{{#each queryOptions as |query|}}
-	{{#if (eq query.name "provider")}}
-	if (p.{{structProp query.name}} != nil) {
-		if b, ok := p.{{structProp query.name}}.(bool); ok {
-			qs.Add(`{{query.name}}`, strconv.FormatBool(b))
-		} else {
-			qs.Add(`{{query.name}}`, p.{{structProp query.name}}.(string))
-		}
-	}
-	{{else if (eq query.type "bool")}}
-	if (p.{{structProp query.name}} != nil) {
-		qs.Add(`{{query.name}}`, strconv.FormatBool(*p.{{structProp query.name}}))
-	}
-	{{else if (eq query.type "int64")}}
-	if (p.{{structProp query.name}} != 0) {
-		qs.Add(`{{query.name}}`, strconv.FormatInt(p.{{structProp query.name}}, 10))
-	}
-	{{else if (eq query.type "string")}}
-	if (p.{{structProp query.name}} != "") {
-		qs.Add(`{{query.name}}`, p.{{structProp query.name}})
-	}
-	{{else}}
-	{{log "query.go.hbs: unknown type for Params.String()" level="error"}}
-	{{/if}}
-{{/each}}
-
-	if len(qs) != 0 {
-		return "?" + qs.Encode()
-	}
-	return ""
-}
-
diff --git a/openapi/generator/templates/struct/withProp.go.hbs b/openapi/generator/templates/struct/withProp.go.hbs
deleted file mode 100644
index 1e4840254..000000000
--- a/openapi/generator/templates/struct/withProp.go.hbs
+++ /dev/null
@@ -1,8 +0,0 @@
-{{#each properties as |property|}}
-	{{#unless readOnly}}
-func (m *{{../modelName}}) With{{structProp propertyName}}(v {{getType this}}) *{{../modelName}} {
-	m.{{structProp propertyName}} = v
-	return m
-}
-	{{/unless}}
-{{/each}}
diff --git a/openapi/package.json b/openapi/package.json
deleted file mode 100644
index a84dfbd86..000000000
--- a/openapi/package.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "name": "okta-sdk-golang-openapi",
-  "private": true,
-  "version": "0.1.0",
-  "scripts": {
-    "generator": "okta-sdk-generator -t generator -o ../ ",
-    "cleanFiles": " node ./generator/cleanFiles.js"
-  },
-  "devDependencies": {
-    "@okta/openapi": "^2.12.0",
-    "lodash": "^4.17.19",
-    "lodash-inflection": "^1.5.0"
-  },
-  "dependencies": {
-    "json-stable-stringify": "^1.0.1"
-  }
-}
diff --git a/openapi/utilities/clean-up-gen.sh b/openapi/utilities/clean-up-gen.sh
deleted file mode 100644
index e69de29bb..000000000
diff --git a/openapitools.json b/openapitools.json
new file mode 100644
index 000000000..061a77219
--- /dev/null
+++ b/openapitools.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
+  "spaces": 2,
+  "generator-cli": {
+    "version": "6.0.1"
+  }
+}
diff --git a/tests/fixtures/logo.svg b/tests/fixtures/logo.svg
deleted file mode 100644
index 95b1c1ccc..000000000
--- a/tests/fixtures/logo.svg
+++ /dev/null
@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 400 134.7" style="enable-background:new 0 0 400 134.7;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:#00297A;}
-</style>
-<g>
-	<g>
-		<g>
-			<path class="st0" d="M50.3,33.8C22.5,33.8,0,56.3,0,84.1s22.5,50.3,50.3,50.3s50.3-22.5,50.3-50.3S78.1,33.8,50.3,33.8z
-				 M50.3,109.3c-13.9,0-25.2-11.3-25.2-25.2s11.3-25.2,25.2-25.2s25.2,11.3,25.2,25.2S64.2,109.3,50.3,109.3z"/>
-		</g>
-		<path class="st0" d="M138.7,101c0-4,4.8-5.9,7.6-3.1c12.6,12.8,33.4,34.8,33.5,34.9c0.3,0.3,0.6,0.8,1.8,1.2
-			c0.5,0.2,1.3,0.2,2.2,0.2l22.7,0c4.1,0,5.3-4.7,3.4-7.1l-37.6-38.5l-2-2c-4.3-5.1-3.8-7.1,1.1-12.3L201.2,41c1.9-2.4,0.7-7-3.5-7
-			h-20.6c-0.8,0-1.4,0-2,0.2c-1.2,0.4-1.7,0.8-2,1.2c-0.1,0.1-16.6,17.9-26.8,28.8c-2.8,3-7.8,1-7.8-3.1l0-57.1c0-2.9-2.4-4-4.3-4
-			h-16.8c-2.9,0-4.3,1.9-4.3,3.6v126.6c0,2.9,2.4,3.7,4.4,3.7h16.8c2.6,0,4.3-1.9,4.3-3.8v-1.3V101z"/>
-		<path class="st0" d="M275.9,129.6l-1.8-16.8c-0.2-2.3-2.4-3.9-4.7-3.5c-1.3,0.2-2.6,0.3-3.9,0.3c-13.4,0-24.3-10.5-25.1-23.8
-			c0-0.4,0-0.9,0-1.4V63.8c0-2.7,2-4.9,4.7-4.9l22.5,0c1.6,0,4-1.4,4-4.3V38.7c0-3.1-2-4.7-3.8-4.7h-22.7c-2.6,0-4.7-1.9-4.8-4.5
-			l0-25.5c0-1.6-1.2-4-4.3-4h-16.7c-2.1,0-4.1,1.3-4.1,3.9c0,0,0,81.5,0,81.9c0.7,27.2,23,48.9,50.3,48.9c2.3,0,4.5-0.2,6.7-0.5
-			C274.6,133.9,276.2,131.9,275.9,129.6z"/>
-	</g>
-	<g>
-		<path class="st0" d="M397.1,108.5c-14.2,0-16.4-5.1-16.4-24.2c0-0.1,0-0.1,0-0.2l0-45.9c0-1.6-1.2-4.3-4.4-4.3h-16.8
-			c-2.1,0-4.4,1.7-4.4,4.3l0,2.1c-7.3-4.2-15.8-6.6-24.8-6.6c-27.8,0-50.3,22.5-50.3,50.3c0,27.8,22.5,50.3,50.3,50.3
-			c12.5,0,23.9-4.6,32.7-12.1c4.7,7.2,12.3,12,24.2,12.1c2,0,12.8,0.4,12.8-4.7v-17.9C400,110.2,398.8,108.5,397.1,108.5z
-			 M330.4,109.3c-13.9,0-25.2-11.3-25.2-25.2c0-13.9,11.3-25.2,25.2-25.2c13.9,0,25.2,11.3,25.2,25.2
-			C355.5,98,344.2,109.3,330.4,109.3z"/>
-	</g>
-</g>
-</svg>
diff --git a/tests/integration/admin_roles_test.go b/tests/integration/admin_roles_test.go
deleted file mode 100644
index f184037d2..000000000
--- a/tests/integration/admin_roles_test.go
+++ /dev/null
@@ -1,465 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const ADMIN_GROUP_NAME = "Assign Admin Role To Group"
-
-func Test_can_add_an_admin_role_to_user(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "add_admin_role"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-
-	user, _, err := client.User.CreateUser(ctx, *u, nil)
-	require.NoError(t, err, "Creating a new user should not error")
-	role := okta.AssignRoleRequest{
-		Type: "SUPER_ADMIN",
-	}
-	createdRole, response, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
-	assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/users/"+user.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, createdRole.Id, "id should not be empty")
-	assert.NotEmpty(t, createdRole.Label, "label should not be empty")
-	assert.NotEmpty(t, createdRole.Type, "type should not be empty")
-	assert.NotEmpty(t, createdRole.Status, "status should not be empty")
-	assert.NotEmpty(t, createdRole.Created, "created should not be empty")
-	assert.NotEmpty(t, createdRole.LastUpdated, "lastUpdated should not be empty")
-
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func Test_can_add_an_admin_role_to_group(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	gp := &okta.GroupProfile{
-		Name: testName(ADMIN_GROUP_NAME),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	role := okta.AssignRoleRequest{
-		Type: "ORG_ADMIN",
-	}
-	createdRole, response, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
-	assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, createdRole.Id, "id should not be empty")
-	assert.NotEmpty(t, createdRole.Label, "label should not be empty")
-	assert.NotEmpty(t, createdRole.Type, "type should not be empty")
-	assert.NotEmpty(t, createdRole.Status, "status should not be empty")
-	assert.NotEmpty(t, createdRole.Created, "created should not be empty")
-	assert.NotEmpty(t, createdRole.LastUpdated, "lastUpdated should not be empty")
-
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func Test_can_remove_an_admin_role_to_user(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "delete_admin_role"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-
-	user, _, err := client.User.CreateUser(ctx, *u, nil)
-	require.NoError(t, err, "Creating a new user should not error")
-	role := okta.AssignRoleRequest{
-		Type: "SUPER_ADMIN",
-	}
-	createdRole, response, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
-	assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/users/"+user.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	response, err = client.User.RemoveRoleFromUser(ctx, user.Id, createdRole.Id)
-	require.NoError(t, err, "removing role from user must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	assert.Equal(t, 204, response.StatusCode, "did not return a 204")
-
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func Test_can_remove_an_admin_role_to_group(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	gp := &okta.GroupProfile{
-		Name: testName(ADMIN_GROUP_NAME),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	role := okta.AssignRoleRequest{
-		Type: "ORG_ADMIN",
-	}
-	createdRole, response, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, &okta.Role{}, createdRole, "did not return `*okta.Role` as first variable")
-	assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	response, err = client.Group.RemoveRoleFromGroup(ctx, group.Id, createdRole.Id)
-	require.NoError(t, err, "removing role from group must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	assert.Equal(t, 204, response.StatusCode, "did not return a 204")
-
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func Test_can_list_roles_assigned_to_a_user(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "list_roles"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-
-	user, _, err := client.User.CreateUser(ctx, *u, nil)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	role := okta.AssignRoleRequest{
-		Type: "SUPER_ADMIN",
-	}
-
-	_, _, err = client.User.AssignRoleToUser(ctx, user.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-
-	roles, response, err := client.User.ListAssignedRolesForUser(ctx, user.Id, nil)
-
-	require.NoError(t, err, "listing administrator roles must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, []*okta.Role{}, roles, "did not return `[]*okta.Role` as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/users/"+user.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, roles, "listing roles result should not be empty")
-
-	assert.NotEmpty(t, roles[0].Id, "id should not be empty")
-	assert.NotEmpty(t, roles[0].Label, "label should not be empty")
-	assert.NotEmpty(t, roles[0].Type, "type should not be empty")
-	assert.NotEmpty(t, roles[0].Status, "status should not be empty")
-	assert.NotEmpty(t, roles[0].Created, "created should not be empty")
-	assert.NotEmpty(t, roles[0].LastUpdated, "lastUpdated should not be empty")
-	assert.NotEmpty(t, roles[0].AssignmentType, "assignmentType should not be empty")
-
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func Test_can_list_roles_assigned_to_a_group(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	gp := &okta.GroupProfile{
-		Name: testName(ADMIN_GROUP_NAME),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	role := okta.AssignRoleRequest{
-		Type: "ORG_ADMIN",
-	}
-	_, _, err = client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-
-	roles, response, err := client.Group.ListGroupAssignedRoles(ctx, group.Id, nil)
-
-	require.NoError(t, err, "listing administrator roles must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, []*okta.Role{}, roles, "did not return `[]*okta.Role` as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, roles, "listing roles result should not be empty")
-
-	assert.NotEmpty(t, roles[0].Id, "id should not be empty")
-	assert.NotEmpty(t, roles[0].Label, "label should not be empty")
-	assert.NotEmpty(t, roles[0].Type, "type should not be empty")
-	assert.NotEmpty(t, roles[0].Status, "status should not be empty")
-	assert.NotEmpty(t, roles[0].Created, "created should not be empty")
-	assert.NotEmpty(t, roles[0].LastUpdated, "lastUpdated should not be empty")
-	assert.NotEmpty(t, roles[0].AssignmentType, "assignmentType should not be empty")
-
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func Test_can_add_group_targets_for_the_group_administrator_role_given_to_a_user(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "add-group-targets"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-
-	user, _, err := client.User.CreateUser(ctx, *u, nil)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	role := okta.AssignRoleRequest{
-		Type: "USER_ADMIN",
-	}
-
-	gp := &okta.GroupProfile{
-		Name: testName(ADMIN_GROUP_NAME),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-
-	addedRole, _, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-
-	response, err := client.User.AddGroupTargetToRole(ctx, user.Id, addedRole.Id, group.Id)
-	require.NoError(t, err, "list group assignments must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/users/"+user.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
-
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func Test_can_add_group_targets_for_the_group_administrator_role_given_to_a_group(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	role := okta.AssignRoleRequest{
-		Type: "USER_ADMIN",
-	}
-
-	gp := &okta.GroupProfile{
-		Name: testName(ADMIN_GROUP_NAME),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-
-	addedRole, _, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-
-	response, err := client.Group.AddGroupTargetToGroupAdministratorRoleForGroup(ctx, group.Id, addedRole.Id, group.Id)
-	require.NoError(t, err, "list group assignments must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
-
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func Test_can_list_group_targets_for_the_group_administrator_role_given_to_a_user(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "add-group-targets"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-
-	user, _, err := client.User.CreateUser(ctx, *u, nil)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	role := okta.AssignRoleRequest{
-		Type: "USER_ADMIN",
-	}
-
-	gp := &okta.GroupProfile{
-		Name: testName(ADMIN_GROUP_NAME),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-
-	addedRole, _, err := client.User.AssignRoleToUser(ctx, user.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-
-	response, err := client.User.AddGroupTargetToRole(ctx, user.Id, addedRole.Id, group.Id)
-	require.NoError(t, err, "list group assignments must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/users/"+user.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
-
-	listRoles, response, err := client.User.ListGroupTargetsForRole(ctx, user.Id, addedRole.Id, nil)
-	require.NoError(t, err, "list group assignments must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, []*okta.Group{}, listRoles, "did not return `[]*okta.Group` type as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/users/"+user.Id+"/roles/"+addedRole.Id+"/targets/groups", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, listRoles[0].Id, "id should not be empty")
-	assert.NotEmpty(t, listRoles[0].ObjectClass, "objectClass should not be empty")
-	assert.NotEmpty(t, listRoles[0].Profile, "profile should not be empty")
-	assert.IsType(t, &okta.GroupProfile{}, listRoles[0].Profile, "profile should be instance of *okta.GroupProfile")
-
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func Test_can_list_group_targets_for_the_group_administrator_role_given_to_a_group(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	role := okta.AssignRoleRequest{
-		Type: "USER_ADMIN",
-	}
-
-	gp := &okta.GroupProfile{
-		Name: testName(ADMIN_GROUP_NAME),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-
-	addedRole, _, err := client.Group.AssignRoleToGroup(ctx, group.Id, role, nil)
-	require.NoError(t, err, "adding role to user must not error")
-
-	response, err := client.Group.AddGroupTargetToGroupAdministratorRoleForGroup(ctx, group.Id, addedRole.Id, group.Id)
-	require.NoError(t, err, "list group assignments must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	assert.Equal(t, "PUT", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles/"+addedRole.Id+"/targets/groups/"+group.Id, response.Response.Request.URL.Path, "path for request was incorrect")
-
-	listRoles, response, err := client.Group.ListGroupTargetsForGroupRole(ctx, group.Id, addedRole.Id, nil)
-	require.NoError(t, err, "list group assignments must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, []*okta.Group{}, listRoles, "did not return `[]*okta.Group` type as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/groups/"+group.Id+"/roles/"+addedRole.Id+"/targets/groups", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, listRoles[0].Id, "id should not be empty")
-	assert.NotEmpty(t, listRoles[0].ObjectClass, "objectClass should not be empty")
-	assert.NotEmpty(t, listRoles[0].Profile, "profile should not be empty")
-	assert.IsType(t, &okta.GroupProfile{}, listRoles[0].Profile, "profile should be instance of *okta.GroupProfile")
-
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
diff --git a/tests/integration/application_test.go b/tests/integration/application_test.go
deleted file mode 100644
index 46db66b52..000000000
--- a/tests/integration/application_test.go
+++ /dev/null
@@ -1,584 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"path"
-	"strings"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-
-	"github.com/okta/okta-sdk-golang/v2/tests"
-)
-
-func TestCanGetApplicationByID(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	appId := application.(*okta.BasicAuthApplication).Id
-
-	foundApplication, _, err := client.Application.GetApplication(ctx, appId, okta.NewBasicAuthApplication(), nil)
-	require.NoError(t, err, "Should not error when getting an applicaiton by id")
-
-	assert.Equal(t, appId, foundApplication.(*okta.BasicAuthApplication).Id, "Application found was not correct")
-
-	client.Application.DeactivateApplication(ctx, appId)
-	_, err = client.Application.DeleteApplication(ctx, appId)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanUpdateApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	appId := application.(*okta.BasicAuthApplication).Id
-
-	newBasicApplication := okta.NewBasicAuthApplication()
-	newBasicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.org/auth.html",
-			Url:     "https://example.org/auth.html",
-		},
-	}
-
-	newApp, _, err := client.Application.UpdateApplication(ctx, appId, newBasicApplication)
-	require.NoError(t, err, "Updating an application caused an error")
-
-	assert.Equal(t, "https://example.org/auth.html", newApp.(*okta.BasicAuthApplication).Settings.App.Url, "The application did not update")
-
-	_, err = client.Application.DeactivateApplication(ctx, appId)
-	require.NoError(t, err, "Deactivating an application should not error")
-
-	_, err = client.Application.DeleteApplication(ctx, appId)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanCreateABookmarkApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	bookmarkApplication := okta.NewBookmarkApplication()
-	bookmarkApplication.Settings = &okta.BookmarkApplicationSettings{
-		App: &okta.BookmarkApplicationSettingsApplication{
-			RequestIntegration: new(bool),
-			Url:                "https://example.com/bookmark.htm",
-		},
-	}
-
-	assert.Empty(t, bookmarkApplication.Id)
-	application, _, err := client.Application.CreateApplication(ctx, bookmarkApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	assert.IsType(t, &okta.BookmarkApplication{}, application, "Application type returned was incorrect")
-	assert.NotEmpty(t, application.(*okta.BookmarkApplication).Id)
-
-	client.Application.DeactivateApplication(ctx, application.(*okta.BookmarkApplication).Id)
-	_, err = client.Application.DeleteApplication(ctx, application.(*okta.BookmarkApplication).Id)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanCreateABasicAuthenticationApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	assert.Empty(t, basicApplication.Id)
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	assert.IsType(t, &okta.BasicAuthApplication{}, application, "Application type returned was incorrect")
-	assert.NotEmpty(t, application.(*okta.BasicAuthApplication).Id)
-	assert.NotEmpty(t, basicApplication.Id)
-
-	client.Application.DeactivateApplication(ctx, application.(*okta.BasicAuthApplication).Id)
-	_, err = client.Application.DeleteApplication(ctx, application.(*okta.BasicAuthApplication).Id)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestListApplicationAllowsCastingToCorrectType(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	app1, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	bookmarkApplication := okta.NewBookmarkApplication()
-	bookmarkApplication.Settings = &okta.BookmarkApplicationSettings{
-		App: &okta.BookmarkApplicationSettingsApplication{
-			RequestIntegration: new(bool),
-			Url:                "https://example.com/bookmark.htm",
-		},
-	}
-
-	app2, _, err := client.Application.CreateApplication(ctx, bookmarkApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	applist, _, err := client.Application.ListApplications(ctx, nil)
-	require.NoError(t, err, "List applications should not error")
-
-	for _, a := range applist {
-		if a.(*okta.Application).Name == "bookmark" {
-			if a.(*okta.Application).Id == app2.(*okta.BookmarkApplication).Id {
-				ba, _, _ := client.Application.GetApplication(ctx, a.(*okta.Application).Id, okta.NewBookmarkApplication(), nil)
-				requestIntegration := ba.(*okta.BookmarkApplication).Settings.App.RequestIntegration
-				assert.False(t, *requestIntegration)
-			}
-		}
-	}
-
-	client.Application.DeactivateApplication(ctx, app1.(*okta.BasicAuthApplication).Id)
-	_, err = client.Application.DeleteApplication(ctx, app1.(*okta.BasicAuthApplication).Id)
-
-	require.NoError(t, err, "Deleting an application should not error")
-
-	client.Application.DeactivateApplication(ctx, app2.(*okta.BookmarkApplication).Id)
-	_, err = client.Application.DeleteApplication(ctx, app2.(*okta.BookmarkApplication).Id)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanActivateApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, query.NewQueryParams(query.WithActivate(false)))
-	require.NoError(t, err, "Creating an application should not error")
-
-	appId := application.(*okta.BasicAuthApplication).Id
-
-	assert.Equal(t, "INACTIVE", application.(*okta.BasicAuthApplication).Status, "Application is not inactive")
-
-	_, err = client.Application.ActivateApplication(ctx, appId)
-	require.NoError(t, err, "Activationg an application should not error")
-	application, _, _ = client.Application.GetApplication(ctx, appId, okta.NewBasicAuthApplication(), nil)
-	assert.Equal(t, "ACTIVE", application.(*okta.BasicAuthApplication).Status, "Application is not inactive")
-
-	client.Application.DeactivateApplication(ctx, appId)
-	_, err = client.Application.DeleteApplication(ctx, appId)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanDeactivateApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, query.NewQueryParams(query.WithActivate(true)))
-	require.NoError(t, err, "Creating an application should not error")
-
-	appId := application.(*okta.BasicAuthApplication).Id
-
-	assert.Equal(t, "ACTIVE", application.(*okta.BasicAuthApplication).Status, "Application is not inactive")
-
-	_, err = client.Application.DeactivateApplication(ctx, appId)
-	require.NoError(t, err, "Deactivating an application should not error")
-	application, _, err = client.Application.GetApplication(ctx, appId, okta.NewBasicAuthApplication(), nil)
-	assert.Equal(t, "INACTIVE", application.(*okta.BasicAuthApplication).Status, "Application is not inactive")
-
-	_, err = client.Application.DeleteApplication(ctx, appId)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanAddAndRemoveApplicationUsers(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	appId := application.(*okta.BasicAuthApplication).Id
-
-	appUserList, _, _ := client.Application.ListApplicationUsers(ctx, appId, nil)
-	assert.Empty(t, appUserList, "App Users should be empty")
-
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Get-User"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(false))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	req := okta.AppUser{
-		Credentials: &okta.AppUserCredentials{
-			Password: &okta.AppUserPasswordCredential{
-				Value: "abcd1234",
-			},
-			UserName: "appUser",
-		},
-		Id: user.Id,
-	}
-
-	appUser, _, err := client.Application.AssignUserToApplication(ctx, appId, req)
-	require.NoError(t, err, "Assigning user to application show not error")
-
-	assert.IsType(t, okta.AppUser{}, *appUser, "Type returned from assigning user to application was incorrect")
-
-	appUserList, _, _ = client.Application.ListApplicationUsers(ctx, appId, nil)
-	assert.NotEmpty(t, appUserList, "App Users should not be empty")
-
-	client.Application.DeleteApplicationUser(ctx, appId, appUser.Id, nil)
-	client.GetRequestExecutor().RefreshNext()
-	appUserList, _, _ = client.Application.ListApplicationUsers(ctx, appId, nil)
-	assert.Empty(t, appUserList, "App Users should be empty after deleting")
-
-	client.Application.DeactivateApplication(ctx, appId)
-	_, err = client.Application.DeleteApplication(ctx, appId)
-
-	require.NoError(t, err, "Deleting an application should not error")
-
-	client.User.DeactivateUser(ctx, user.Id, nil)
-	client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-}
-
-func TestCanSetApplicationSettingsDuringCreation(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	assert.Empty(t, basicApplication.Id)
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	assert.IsType(t, okta.BasicApplicationSettingsApplication{}, *application.(*okta.BasicAuthApplication).Settings.App, "The returned type of application settings application was not correct type")
-	assert.Equal(t, "https://example.com/auth.html", application.(*okta.BasicAuthApplication).Settings.App.Url)
-
-	appId := application.(*okta.BasicAuthApplication).Id
-	client.Application.DeactivateApplication(ctx, appId)
-	_, err = client.Application.DeleteApplication(ctx, appId)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanSetApplicationSettingsDuringUpdate(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	assert.Empty(t, basicApplication.Id)
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	appId := application.(*okta.BasicAuthApplication).Id
-
-	myApp, _, err := client.Application.GetApplication(ctx, appId, okta.NewBasicAuthApplication(), nil)
-	app := myApp.(*okta.BasicAuthApplication)
-	myAppId := app.Id
-	myAppSettingsApp := app.Settings.App
-
-	myAppSettingsApp.Url = "https://okta.com/auth"
-
-	_, _, _ = client.Application.UpdateApplication(ctx, myAppId, app)
-
-	updatedApp, _, err := client.Application.GetApplication(ctx, appId, okta.NewBasicAuthApplication(), nil)
-	assert.Equal(t, "https://okta.com/auth", updatedApp.(*okta.BasicAuthApplication).Settings.App.Url, "The URL was not updated'")
-
-	client.Application.DeactivateApplication(ctx, appId)
-	_, err = client.Application.DeleteApplication(ctx, appId)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestCanCreateCSRForApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	application := createBasicAuthApplication(t)
-
-	subject := okta.CsrMetadataSubject{
-		CountryName:            "US",
-		StateOrProvinceName:    "California",
-		LocalityName:           "San Francisco",
-		OrganizationName:       "Okta, Inc",
-		OrganizationalUnitName: "Dev",
-		CommonName:             "SP Issuer",
-	}
-
-	subjectAltNames := okta.CsrMetadataSubjectAltNames{
-		DnsNames: []string{"dev.okta.com"},
-	}
-
-	csr := okta.CsrMetadata{
-		Subject:         &subject,
-		SubjectAltNames: &subjectAltNames,
-	}
-
-	csrs, _, err := client.Application.GenerateCsrForApplication(ctx, application.Id, csr)
-	require.NoError(t, err, "Creating an application Csr should not error")
-
-	assert.IsType(t, &okta.Csr{}, csrs, "did not return a `okta.Csr` object")
-
-	client.Application.DeactivateApplication(ctx, application.Id)
-	_, err = client.Application.DeleteApplication(ctx, application.Id)
-
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestGetDefaultProvisioningConnectionForApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	application := createOrg2OrgApplication(t)
-
-	conn, _, err := client.Application.GetDefaultProvisioningConnectionForApplication(ctx, application.Id)
-	require.NoError(t, err, "getting default provisioning connection for application should not error.")
-	assert.NotEmpty(t, conn.AuthScheme, "connection auth scheme shouldn't be empty")
-	assert.NotEmpty(t, conn.Status, "connection status shouldn't be empty")
-
-	client.Application.DeactivateApplication(ctx, application.Id)
-	_, err = client.Application.DeleteApplication(ctx, application.Id)
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestSetDefaultProvisioningConnectionForApplication(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	application := createOrg2OrgApplication(t)
-
-	provisionConnectionRequest := okta.ProvisioningConnectionRequest{
-		Profile: &okta.ProvisioningConnectionProfile{
-			AuthScheme: "TOKEN",
-			Token:      "TEST",
-		},
-	}
-
-	conn, _, err := client.Application.SetDefaultProvisioningConnectionForApplication(ctx, application.Id, provisionConnectionRequest, query.NewQueryParams(query.WithActivate(false)))
-	require.NoError(t, err, "setting default provisioning connection for application should not error.")
-	assert.Equal(t, "TOKEN", conn.AuthScheme, "expected auth scheme %q, go %q", "TOKEN", conn.AuthScheme)
-
-	client.Application.DeactivateApplication(ctx, application.Id)
-	_, err = client.Application.DeleteApplication(ctx, application.Id)
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestListFeaturesForApplication(t *testing.T) {
-	t.Skip("listing application features is specific to an org2org")
-
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	application := createOrg2OrgApplication(t)
-
-	// FIXME this needs a second org to run against for this IT to work
-	// need to activate a provisioning connection between orgs
-	provisionConnectionRequest := okta.ProvisioningConnectionRequest{
-		Profile: &okta.ProvisioningConnectionProfile{
-			AuthScheme: "TOKEN",
-			Token:      "FIXME_WITH_REAL_ORG_TOKEN",
-		},
-	}
-	_, _, err = client.Application.SetDefaultProvisioningConnectionForApplication(ctx, application.Id, provisionConnectionRequest, query.NewQueryParams(query.WithActivate(false)))
-	require.NoError(t, err, "setting default provisioning connection for application should not error.")
-
-	features, _, err := client.Application.ListFeaturesForApplication(ctx, application.Id)
-	require.NoError(t, err, "listing features for application should not error.")
-
-	foundUserProvisiontingFeature := false
-	for _, feature := range features {
-		// NOTE: Provisioning must be enabled for the application. To activate
-		// provisioning, see Provisioning Connections. The only application
-		// Feature currently supported is USER_PROVISIONING.
-		// https://developer.okta.com/docs/reference/api/apps/#list-features-for-application
-		if feature.Name == "USER_PROVISIONING" {
-			foundUserProvisiontingFeature = true
-			break
-		}
-	}
-	if !foundUserProvisiontingFeature {
-		assert.FailNow(t, "the org2org application should at least have USER_PROVISIONING feature")
-	}
-
-	client.Application.DeactivateApplication(ctx, application.Id)
-	_, err = client.Application.DeleteApplication(ctx, application.Id)
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func TestUploadApplicationLogo(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	application := createBasicAuthApplication(t)
-
-	fileDir, _ := os.Getwd()
-	fileName := "../fixtures/logo.png"
-	filePath := path.Join(fileDir, fileName)
-	_, err = client.Application.UploadApplicationLogo(ctx, application.Id, filePath)
-	require.NoError(t, err, "uploading application logo should not error.")
-
-	client.Application.DeactivateApplication(ctx, application.Id)
-	_, err = client.Application.DeleteApplication(ctx, application.Id)
-	require.NoError(t, err, "Deleting an application should not error")
-}
-
-func createBasicAuthApplication(t *testing.T) *okta.BasicAuthApplication {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	basicApplication := okta.NewBasicAuthApplication()
-	basicApplication.Settings = &okta.BasicApplicationSettings{
-		App: &okta.BasicApplicationSettingsApplication{
-			AuthURL: "https://example.com/auth.html",
-			Url:     "https://example.com/auth.html",
-		},
-	}
-
-	application, _, err := client.Application.CreateApplication(ctx, basicApplication, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	return application.(*okta.BasicAuthApplication)
-}
-
-func createOrg2OrgApplication(t *testing.T) *okta.Org2OrgApplication {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	application := okta.NewOrg2OrgApplication()
-	application.Label = "Sample Okta Org2Org App"
-	application.Name = "okta_org2org"
-	application.Settings = &okta.Org2OrgApplicationSettings{
-		App: &okta.Org2OrgApplicationSettingsApp{
-			AcsUrl:         "https://example.okta.com/sso/saml2/exampleid",
-			AudRestriction: "https://www.okta.com/saml2/service-provider/exampleid",
-			BaseUrl:        "https://example.okta.com",
-		},
-	}
-
-	app, _, err := client.Application.CreateApplication(ctx, application, query.NewQueryParams(query.WithActivate(true)))
-	require.NoError(t, err, "Creating an application should not error")
-
-	return app.(*okta.Org2OrgApplication)
-}
-
-func deleteAllApps(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	applicationList, _, err := client.Application.ListApplications(ctx, nil)
-	if err != nil {
-		fmt.Printf("%+v\n", err)
-	}
-
-	for _, a := range applicationList {
-		if strings.HasPrefix(a.(*okta.Application).Label, "Template Basic Auth App") ||
-			strings.HasPrefix(a.(*okta.Application).Label, "Bookmark App") {
-			client.Application.DeactivateApplication(ctx, a.(*okta.Application).Id)
-			client.Application.DeleteApplication(ctx, a.(*okta.Application).Id)
-		}
-	}
-}
diff --git a/tests/integration/authenticators_test.go b/tests/integration/authenticators_test.go
deleted file mode 100644
index 9b04ff649..000000000
--- a/tests/integration/authenticators_test.go
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"fmt"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const (
-	PhoneNumberKey = "phone_number"
-	EmailKey       = "okta_email"
-)
-
-func TestListAuthenticators(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	authenticators, resp, err := client.Authenticator.ListAuthenticators(ctx)
-	require.NoError(t, err)
-	assert.Equal(t, resp.StatusCode, 200, "List authenticators should have 200 status.")
-	assert.True(t, len(authenticators) > 0, "One or more authenticators should be present.")
-
-	_, err = pickAuthenticator(PhoneNumberKey, authenticators)
-	require.NoError(t, err, "There should at least be a phone authenticator.")
-}
-
-func TestGetAuthenticator(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	phoneAuthenticator, err := fetchAuthenticator(PhoneNumberKey, ctx, client)
-	require.NoError(t, err)
-
-	authenticator, resp, err := client.Authenticator.GetAuthenticator(ctx, phoneAuthenticator.Id)
-	require.NoError(t, err)
-	assert.Equal(t, resp.StatusCode, 200, "Get authenticator should have 200 status.")
-	assert.Equal(t, authenticator.Id, phoneAuthenticator.Id, "Expected authenticator getter should equal phone authenticator.")
-}
-
-func TestUpdateAuthenticator(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	emailAuthenticator, err := fetchAuthenticator(EmailKey, ctx, client)
-	require.NoError(t, err)
-
-	tokenLifetimeInMinutes := emailAuthenticator.Settings.TokenLifetimeInMinutes + 1
-	if tokenLifetimeInMinutes > 10 {
-		tokenLifetimeInMinutes = int64(5)
-	}
-
-	updateAuthenticator := okta.Authenticator{
-		Name: emailAuthenticator.Name,
-		Settings: &okta.AuthenticatorSettings{
-			TokenLifetimeInMinutes: tokenLifetimeInMinutes,
-		},
-	}
-	authenticator, resp, err := client.Authenticator.UpdateAuthenticator(ctx, emailAuthenticator.Id, okta.Authenticator(updateAuthenticator))
-	require.NoError(t, err)
-	assert.Equal(t, resp.StatusCode, 200)
-	assert.Equal(t, authenticator.Id, emailAuthenticator.Id)
-	assert.Equal(t, authenticator.Settings.TokenLifetimeInMinutes, tokenLifetimeInMinutes, "Expected authenticator token life in minutes to be updated.")
-}
-
-func TestActivateDeactivateAuthenticator(t *testing.T) {
-	t.Skip("Activating and deactiving the phone authenticator is flapping as other tests add that authenticator to policies.")
-
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	err = setupDisablePhoneNumberOnMFAEnrollPolicy()
-	require.NoError(t, err)
-
-	// Find the phone authenticator. Activate it if inactive, then deactivate
-	// it. Else, deactivate it, then activate it.
-	authenticator, err := fetchAuthenticator(PhoneNumberKey, ctx, client)
-	require.NoError(t, err)
-
-	var ops []string
-
-	if authenticator.Status == "INACTIVE" {
-		ops = []string{"activate", "deactivate"}
-	} else {
-		ops = []string{"deactivate", "activate"}
-	}
-
-	for _, op := range ops {
-		switch op {
-		case "activate":
-			result, _, err := client.Authenticator.ActivateAuthenticator(ctx, authenticator.Id)
-			require.NoError(t, err, "authenticator: "+authenticator.Id)
-			assert.Equal(t, "ACTIVE", result.Status, "Expected authenticator status to be active ("+authenticator.Id+").")
-		case "deactivate":
-			result, _, err := client.Authenticator.DeactivateAuthenticator(ctx, authenticator.Id)
-			require.NoError(t, err, "authenticator: "+authenticator.Id)
-			assert.Equal(t, "INACTIVE", result.Status, "Expected authenticator status to be inactive ("+authenticator.Id+").")
-		}
-	}
-}
-
-// pickAuthenticator helper to pick the phone authenticator from the
-// authenticators list
-func pickAuthenticator(key string, authenticators []*okta.Authenticator) (*okta.Authenticator, error) {
-	for _, authenticator := range authenticators {
-		if authenticator.Key == key {
-			return authenticator, nil
-		}
-	}
-
-	return nil, fmt.Errorf("%q authenticator not found", key)
-}
-
-// fetchAuthenticator helper to get the phone authenticator from the API
-func fetchAuthenticator(key string, ctx context.Context, client *okta.Client) (*okta.Authenticator, error) {
-	authenticators, _, err := client.Authenticator.ListAuthenticators(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return pickAuthenticator(key, authenticators)
-}
-
-func setupDisablePhoneNumberOnMFAEnrollPolicy() error {
-	ctx, client, err := tests.NewClient(context.TODO())
-	if err != nil {
-		return err
-	}
-
-	rq := client.CloneRequestExecutor()
-	url := "/api/v1/policies?type=MFA_ENROLL"
-	req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url, nil)
-	if err != nil {
-		return err
-	}
-
-	var policies []interface{}
-	_, err = client.GetRequestExecutor().Do(ctx, req, &policies)
-	if err != nil {
-		return err
-	}
-
-	// note: updating policy settings directly using generic golang structs
-	policy := policies[0].(map[string]interface{})
-	if settings, ok := policy["settings"].(map[string]interface{}); ok {
-		if authenticators, ok := settings["authenticators"].([]interface{}); ok {
-			for _, authenticator := range authenticators {
-				key := authenticator.(map[string]interface{})["key"]
-				if key != "phone_number" {
-					continue
-				}
-				enroll := authenticator.(map[string]interface{})["enroll"].(map[string]interface{})
-				enroll["self"] = "NOT_ALLOWED"
-				break
-			}
-		}
-	}
-
-	url = fmt.Sprintf("/api/v1/policies/%s", policy["id"])
-	req, err = rq.WithAccept("application/json").WithContentType("application/json").NewRequest("PUT", url, policy)
-	if err != nil {
-		return err
-	}
-
-	// note: have executor read an interface to prevent a panic
-	var result interface{}
-	_, err = client.GetRequestExecutor().Do(ctx, req, &result)
-
-	return err
-}
diff --git a/tests/integration/authorization_server_test.go b/tests/integration/authorization_server_test.go
deleted file mode 100644
index 158ad60c6..000000000
--- a/tests/integration/authorization_server_test.go
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_can_create_an_authorizaiton_server(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	as := okta.AuthorizationServer{
-		Name:        testName("Sample Authorizaiton Server - Golang"),
-		Description: "Sample Authorizaiton Server Description for Golang",
-		Audiences:   []string{"api://default"},
-	}
-
-	authorizationServer, response, err := client.AuthorizationServer.CreateAuthorizationServer(ctx, as)
-	require.NoError(t, err, "creating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers")
-
-	assert_authorization_server_model(t, authorizationServer)
-
-	_, err = client.AuthorizationServer.DeleteAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err)
-}
-
-func Test_can_get_an_authorizaiton_server(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	as := okta.AuthorizationServer{
-		Name:        testName("Sample Authorizaiton Server - Golang"),
-		Description: "Sample Authorizaiton Server Description for Golang",
-		Audiences:   []string{"api://default"},
-	}
-
-	// NOTE: Org needs FF API_ACCESS_MANAGEMENT else 401s will occur
-	authorizationServer, response, err := client.AuthorizationServer.CreateAuthorizationServer(ctx, as)
-	require.NoError(t, err, "creating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers")
-
-	authorizationServer, response, err = client.AuthorizationServer.GetAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err, "getting an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "GET", "/api/v1/authorizationServers/"+authorizationServer.Id)
-
-	assert_authorization_server_model(t, authorizationServer)
-
-	assert.Equal(t, as.Name, authorizationServer.Name, "did not return the same authorization server name")
-	assert.Equal(t, as.Description, authorizationServer.Description, "did not return the same authorization server description")
-
-	_, err = client.AuthorizationServer.DeleteAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err)
-}
-
-func Test_can_update_an_authorizaiton_server(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	as := okta.AuthorizationServer{
-		Name:        testName("Sample Authorizaiton Server - Golang"),
-		Description: "Sample Authorizaiton Server Description for Golang",
-		Audiences:   []string{"api://default"},
-	}
-
-	authorizationServer, response, err := client.AuthorizationServer.CreateAuthorizationServer(ctx, as)
-	require.NoError(t, err, "creating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers")
-
-	authorizationServer, response, err = client.AuthorizationServer.GetAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err, "getting an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "GET", "/api/v1/authorizationServers/"+authorizationServer.Id)
-
-	assert_authorization_server_model(t, authorizationServer)
-
-	assert.Equal(t, as.Name, authorizationServer.Name, "did not return the same authorization server name")
-	assert.Equal(t, as.Description, authorizationServer.Description, "did not return the same authorization server description")
-
-	updatedName := "Updated Authorization Server - Golang"
-	updatedDescription := "Updated Authorization Server Description"
-	authorizationServer.Name = updatedName
-	authorizationServer.Description = updatedDescription
-
-	authorizationServer, response, err = client.AuthorizationServer.UpdateAuthorizationServer(ctx, authorizationServer.Id, *authorizationServer)
-	require.NoError(t, err, "getting an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "PUT", "/api/v1/authorizationServers/"+authorizationServer.Id)
-
-	assert_authorization_server_model(t, authorizationServer)
-
-	assert.Equal(t, updatedName, authorizationServer.Name, "did not return the same authorization server name")
-	assert.Equal(t, updatedDescription, authorizationServer.Description, "did not return the same authorization server description")
-
-	_, err = client.AuthorizationServer.DeleteAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err)
-}
-
-func Test_can_delete_an_authorizaiton_server(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	as := okta.AuthorizationServer{
-		Name:        testName("Sample Authorizaiton Server - Golang"),
-		Description: "Sample Authorizaiton Server Description for Golang",
-		Audiences:   []string{"api://default"},
-	}
-
-	authorizationServer, response, err := client.AuthorizationServer.CreateAuthorizationServer(ctx, as)
-	require.NoError(t, err, "creating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers")
-
-	authorizationServer, response, err = client.AuthorizationServer.GetAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err, "getting an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "GET", "/api/v1/authorizationServers/"+authorizationServer.Id)
-
-	assert_authorization_server_model(t, authorizationServer)
-
-	assert.Equal(t, as.Name, authorizationServer.Name, "did not return the same authorization server name")
-	assert.Equal(t, as.Description, authorizationServer.Description, "did not return the same authorization server description")
-
-	response, err = client.AuthorizationServer.DeleteAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err)
-	assert.Equal(t, http.StatusNoContent, response.StatusCode, "did not return a 204 status code during delete")
-
-	_, response, err = client.AuthorizationServer.GetAuthorizationServer(ctx, authorizationServer.Id)
-	assert.Error(t, err, "Finding an authorization server by id should have reported an error")
-	assert.Equal(t, http.StatusNotFound, response.StatusCode, "Should have resulted in a 404 when finding a deleted authorization server")
-}
-
-func Test_can_list_authorizaiton_servers(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	as := okta.AuthorizationServer{
-		Name:        testName("Sample Authorizaiton Server - Golang"),
-		Description: "Sample Authorizaiton Server Description for Golang",
-		Audiences:   []string{"api://default"},
-	}
-
-	authorizationServer, response, err := client.AuthorizationServer.CreateAuthorizationServer(ctx, as)
-	require.NoError(t, err, "creating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers")
-
-	authorizationServerList, response, err := client.AuthorizationServer.ListAuthorizationServers(ctx, nil)
-	require.NoError(t, err, "list authorizaiton servers should not error")
-	tests.AssertResponse(t, response, "GET", "/api/v1/authorizationServers")
-
-	found := false
-	for _, authServer := range authorizationServerList {
-		if authServer.Id == authorizationServer.Id {
-			assert_authorization_server_model(t, authServer)
-			found = true
-		}
-	}
-	assert.True(t, found, "Could not find authorization from list")
-
-	_, err = client.AuthorizationServer.DeleteAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err)
-}
-
-func Test_can_activate_an_authorizaiton_server(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	as := okta.AuthorizationServer{
-		Name:        testName("Sample Authorizaiton Server - Golang"),
-		Description: "Sample Authorizaiton Server Description for Golang",
-		Audiences:   []string{"api://default"},
-	}
-
-	authorizationServer, response, err := client.AuthorizationServer.CreateAuthorizationServer(ctx, as)
-	require.NoError(t, err, "creating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers")
-	assert.Equal(t, "ACTIVE", authorizationServer.Status, "should have active status after creating")
-
-	response, err = client.AuthorizationServer.DeactivateAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err, "deactivating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers/"+authorizationServer.Id+"/lifecycle/deactivate")
-
-	authorizationServer, _, _ = client.AuthorizationServer.GetAuthorizationServer(ctx, authorizationServer.Id)
-	assert.Equal(t, "INACTIVE", authorizationServer.Status, "should have inactive status after deactivating")
-
-	response, err = client.AuthorizationServer.ActivateAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err, "activating an authorizaiton server should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/authorizationServers/"+authorizationServer.Id+"/lifecycle/activate")
-
-	// authorizationServer, response, _ = client.AuthorizationServer.GetAuthorizationServer(authorizationServer.Id)
-	// assert.Equal(t, "ACTIVE", authorizationServer.Status, "should have active status after activating")
-
-	_, err = client.AuthorizationServer.DeleteAuthorizationServer(ctx, authorizationServer.Id)
-	require.NoError(t, err)
-}
-
-func assert_authorization_server_model(t *testing.T, authorizationServer *okta.AuthorizationServer) {
-	require.IsType(t, &okta.AuthorizationServer{}, authorizationServer, "did not return `*okta.AuthorizationServer` type as first variable")
-	assert.NotEmpty(t, authorizationServer.Id, "id should not be empty")
-	assert.NotEmpty(t, authorizationServer.Audiences, "audiences should not be empty")
-	assert.NotEmpty(t, authorizationServer.Created, "created should not be empty")
-	assert.IsType(t, &time.Time{}, authorizationServer.Created, "created should not be of type `*time.Time`")
-	assert.NotEmpty(t, authorizationServer.Credentials, "credentials should not be empty")
-	assert.IsType(t, &okta.AuthorizationServerCredentials{}, authorizationServer.Credentials, "credentials should not be of type `*okta.AuthorizationServerCredentials`")
-	assert.NotEmpty(t, authorizationServer.Description, "description should not be empty")
-	assert.NotEmpty(t, authorizationServer.Issuer, "issuer should not be empty")
-	assert.NotEmpty(t, authorizationServer.IssuerMode, "issuerMode should not be empty")
-	assert.NotEmpty(t, authorizationServer.LastUpdated, "lastUpdated should not be empty")
-	assert.IsType(t, &time.Time{}, authorizationServer.LastUpdated, "lastUpdated should not be of type `*time.Time`")
-	assert.NotEmpty(t, authorizationServer.Name, "name should not be empty")
-	assert.NotEmpty(t, authorizationServer.Status, "status should not be empty")
-}
diff --git a/tests/integration/event_hooks_test.go b/tests/integration/event_hooks_test.go
deleted file mode 100644
index 10e120f7e..000000000
--- a/tests/integration/event_hooks_test.go
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_create_an_event_hook(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	eventHookRequest := createEventHookRequestObject("Create an event hook")
-
-	eventHook, response, err := client.EventHook.CreateEventHook(ctx, eventHookRequest)
-
-	require.NoError(t, err, "creating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks")
-
-	assert_event_hook_model(t, eventHook)
-
-	_, _, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	_, err = client.EventHook.DeleteEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deleting an event hook should not error")
-}
-
-func Test_get_an_event_hook(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	eventHookRequest := createEventHookRequestObject("get an event hook")
-
-	eventHook, response, err := client.EventHook.CreateEventHook(ctx, eventHookRequest)
-
-	require.NoError(t, err, "creating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks")
-
-	foundEventHook, response, err := client.EventHook.GetEventHook(ctx, eventHook.Id)
-
-	require.NoError(t, err, "get an event hook should not error")
-	tests.AssertResponse(t, response, "GET", "/api/v1/eventHooks/"+eventHook.Id)
-
-	assert_event_hook_model(t, foundEventHook)
-	require.Equal(t, eventHook.Id, foundEventHook.Id, "did not find the same event hook from id")
-
-	_, _, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	_, err = client.EventHook.DeleteEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deleting an event hook should not error")
-}
-
-func Test_update_an_event_hook(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	eventHookRequest := createEventHookRequestObject("Create an event hook")
-
-	eventHook, response, err := client.EventHook.CreateEventHook(ctx, eventHookRequest)
-
-	require.NoError(t, err, "creating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks")
-
-	eventHook.Name = "GO SDK: Updated Event Hook"
-	updatedEventHook, response, err := client.EventHook.UpdateEventHook(ctx, eventHook.Id, *eventHook)
-
-	assert_event_hook_model(t, updatedEventHook)
-	require.Equal(t, eventHook.Name, updatedEventHook.Name, "update of event hook did not work")
-
-	_, _, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	_, err = client.EventHook.DeleteEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deleting an event hook should not error")
-}
-
-func Test_deactivate_and_delete_an_event_hook(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	eventHookRequest := createEventHookRequestObject("deactivate and delete an event hook")
-
-	eventHook, response, err := client.EventHook.CreateEventHook(ctx, eventHookRequest)
-
-	require.NoError(t, err, "creating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks")
-
-	assert_event_hook_model(t, eventHook)
-	require.Equal(t, "ACTIVE", eventHook.Status, "event hook was not active")
-
-	_, response, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks/"+eventHook.Id+"/lifecycle/deactivate")
-
-	foundEventHook, _, err := client.EventHook.GetEventHook(ctx, eventHook.Id)
-
-	require.NoError(t, err, "get an event hook should not error")
-	require.Equal(t, "INACTIVE", foundEventHook.Status, "event hook was not inactive after deactivate")
-
-	response, err = client.EventHook.DeleteEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deleting an event hook should not error")
-	tests.AssertResponse(t, response, "DELETE", "/api/v1/eventHooks/"+eventHook.Id)
-}
-
-func Test_activate_an_event_hook(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	eventHookRequest := createEventHookRequestObject("activate an event hook")
-
-	eventHook, response, err := client.EventHook.CreateEventHook(ctx, eventHookRequest)
-
-	require.NoError(t, err, "creating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks")
-
-	assert_event_hook_model(t, eventHook)
-	require.Equal(t, "ACTIVE", eventHook.Status, "event hook was not active")
-
-	eventHook, response, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks/"+eventHook.Id+"/lifecycle/deactivate")
-	require.Equal(t, "INACTIVE", eventHook.Status, "event hook was not active")
-
-	eventHook, response, err = client.EventHook.ActivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "activating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks/"+eventHook.Id+"/lifecycle/activate")
-	require.Equal(t, "ACTIVE", eventHook.Status, "event hook was not active")
-
-	_, _, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	response, err = client.EventHook.DeleteEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deleting an event hook should not error")
-}
-
-func Test_list_event_hooks(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	eventHookRequest := createEventHookRequestObject("List event hooks")
-
-	eventHook, response, err := client.EventHook.CreateEventHook(ctx, eventHookRequest)
-
-	require.NoError(t, err, "creating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks")
-
-	eventHookList, response, err := client.EventHook.ListEventHooks(ctx)
-	assert.IsType(t, []*okta.EventHook{}, eventHookList, "did not return a list of eventHook objects")
-
-	found := false
-	for _, eh := range eventHookList {
-		if eh.Id == eventHook.Id {
-			found = true
-		}
-	}
-
-	assert.True(t, found, "did not find the eventHook in the list")
-
-	_, _, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	_, err = client.EventHook.DeleteEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deleting an event hook should not error")
-}
-
-func Test_verify_an_event_hook(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	eventHookRequest := createEventHookRequestObject("Verify an event hook")
-
-	eventHook, response, err := client.EventHook.CreateEventHook(ctx, eventHookRequest)
-
-	require.NoError(t, err, "creating an event hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks")
-
-	_, response, err = client.EventHook.VerifyEventHook(ctx, eventHook.Id)
-
-	// We expect this call to error.  Our test is just making sure we have the correct endpoint.
-	// To fully test this, we have to have an acutal endpoint that will respond to event hooks.
-	require.Error(t, err, "should have thrown an error because our event hook uri does not actually exist")
-	require.Equal(t, 400, response.StatusCode, "Should have errored with a 400 status code")
-	tests.AssertResponse(t, response, "POST", "/api/v1/eventHooks/"+eventHook.Id+"/lifecycle/verify")
-
-	_, _, err = client.EventHook.DeactivateEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deactivating an event hook should not error")
-	_, err = client.EventHook.DeleteEventHook(ctx, eventHook.Id)
-	require.NoError(t, err, "deleting an event hook should not error")
-}
-
-func createEventHookRequestObject(name string) okta.EventHook {
-	eventHookEvent := okta.EventSubscriptions{
-		Type: "EVENT_TYPE",
-		Items: []string{
-			"user.lifecycle.create",
-			"user.lifecycle.activate",
-		},
-	}
-
-	eventHookChannelConfigHeader := okta.EventHookChannelConfigHeader{
-		Key:   "X-Other-Header",
-		Value: "some-other-value",
-	}
-
-	eventHookChannelConfigAuthScheme := okta.EventHookChannelConfigAuthScheme{
-		Type:  "HEADER",
-		Key:   "Authorization",
-		Value: "MyApiKey",
-	}
-
-	eventHookChannelConfig := okta.EventHookChannelConfig{
-		Uri: "https://www.example.com/eventHooks",
-		Headers: []*okta.EventHookChannelConfigHeader{
-			&eventHookChannelConfigHeader,
-		},
-		AuthScheme: &eventHookChannelConfigAuthScheme,
-	}
-
-	eventHookChannel := okta.EventHookChannel{
-		Type:    "HTTP",
-		Version: "1.0.0",
-		Config:  &eventHookChannelConfig,
-	}
-
-	eventHookRequest := okta.EventHook{
-		Name:    "GO SDK: " + name,
-		Events:  &eventHookEvent,
-		Channel: &eventHookChannel,
-	}
-
-	return eventHookRequest
-}
-
-func assert_event_hook_model(t *testing.T, eventHook *okta.EventHook) {
-	require.IsType(t, &okta.EventHook{}, eventHook, "did not return `*okta.EventHook` type as first variable")
-	assert.NotEmpty(t, eventHook.Links, "links should not be empty")
-	assert.NotEmpty(t, eventHook.Channel, "created should not be empty")
-	assert.IsType(t, &okta.EventHookChannel{}, eventHook.Channel, "channel should be of type `*okta.EventHookChannel`")
-	assert.NotEmpty(t, eventHook.Created, "created should not be empty")
-	assert.IsType(t, &time.Time{}, eventHook.Created, "created should not be of type `*time.Time`")
-	assert.NotEmpty(t, eventHook.CreatedBy, "createdBy should not be empty")
-	assert.NotEmpty(t, eventHook.Events, "events should not be empty")
-	assert.IsType(t, &okta.EventSubscriptions{}, eventHook.Events, "events should be of type `*okta.EventSubscriptions`")
-	assert.NotEmpty(t, eventHook.Id, "id should not be empty")
-	assert.NotEmpty(t, eventHook.LastUpdated, "lastUpdated should not be empty")
-	assert.IsType(t, &time.Time{}, eventHook.LastUpdated, "lastUpdated should not be of type `*time.Time`")
-	assert.NotEmpty(t, eventHook.Name, "name should not be empty")
-	assert.NotEmpty(t, eventHook.Status, "status should not be empty")
-	assert.NotEmpty(t, eventHook.VerificationStatus, "verificationStatus should not be empty")
-}
diff --git a/tests/integration/factor_test.go b/tests/integration/factor_test.go
deleted file mode 100644
index 3e6b47fdc..000000000
--- a/tests/integration/factor_test.go
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_exercise_factor_lifecycle(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Factor-Lifecycle"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(false))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	allowedFactors, _, _ := client.UserFactor.ListSupportedFactors(ctx, user.Id)
-	continueTesting := false
-	for _, f := range allowedFactors {
-		if f.(*okta.UserFactor).FactorType == "sms" {
-			continueTesting = true
-		}
-	}
-
-	if continueTesting {
-		factors, _, listFactorsError := client.UserFactor.ListFactors(ctx, user.Id)
-		require.NoError(t, listFactorsError, "Should not error when listing factors")
-
-		assert.Empty(t, factors, "Factors list should be empty")
-
-		factorProfile := okta.NewSmsUserFactorProfile()
-		factorProfile.PhoneNumber = "16284001133"
-
-		factor := okta.NewSmsUserFactor()
-		factor.Profile = factorProfile
-
-		addedFactor, resp, err := client.UserFactor.EnrollFactor(ctx, user.Id, factor, nil)
-		require.NotEmpty(t, resp, "Response should not be empty")
-		require.NoError(t, err, "Adding factor should not error")
-		assert.IsType(t, okta.NewSmsUserFactor(), addedFactor)
-
-		foundFactor, _, err := client.UserFactor.GetFactor(ctx, user.Id, addedFactor.(*okta.SmsUserFactor).Id, okta.NewSmsUserFactor())
-		require.NoError(t, err, "Getting the factor should not error")
-
-		client.UserFactor.DeleteFactor(ctx, user.Id, foundFactor.(*okta.SmsUserFactor).Id)
-	} else {
-		t.Skip("Skipping exercise factor lifecycle testing. SMS factor was not enabled")
-	}
-
-	client.User.DeactivateUser(ctx, user.Id, nil)
-	client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-}
diff --git a/tests/integration/feature_test.go b/tests/integration/feature_test.go
deleted file mode 100644
index e61e4ed1c..000000000
--- a/tests/integration/feature_test.go
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_can_list_all_features_for_organization(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	features, response, err := client.Feature.ListFeatures(ctx)
-
-	require.NoError(t, err, "listing features must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, []*okta.Feature{}, features, "did not return `[]*okta.Feature` as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/features", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, features, "listing features result should not be empty")
-
-	assert.NotEmpty(t, features[0].Description, "description should not be empty")
-	assert.NotEmpty(t, features[0].Id, "id should not be empty")
-	assert.NotEmpty(t, features[0].Name, "name should not be empty")
-	assert.NotEmpty(t, features[0].Stage, "stage should not be empty")
-	assert.NotEmpty(t, features[0].Status, "status should not be empty")
-	assert.NotEmpty(t, features[0].Type, "type should not be empty")
-}
-
-func Test_can_get_a_feature(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	features, _, err := client.Feature.ListFeatures(ctx)
-	require.NoError(t, err, "listing features must not error")
-
-	firstFeatureId := features[0].Id
-	feature, response, err := client.Feature.GetFeature(ctx, firstFeatureId)
-
-	require.NoError(t, err, "getting a feature must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, &okta.Feature{}, feature, "did not return `okta.Feature` as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/features/"+firstFeatureId, response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.NotEmpty(t, feature, "listing features result should not be empty")
-
-	assert.NotEmpty(t, feature.Description, "description should not be empty")
-	assert.NotEmpty(t, feature.Id, "id should not be empty")
-	assert.NotEmpty(t, feature.Name, "name should not be empty")
-	assert.NotEmpty(t, feature.Stage, "stage should not be empty")
-	assert.NotEmpty(t, feature.Status, "status should not be empty")
-	assert.NotEmpty(t, feature.Type, "type should not be empty")
-}
-
-func Test_can_get_feature_dependencies(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	features, _, err := client.Feature.ListFeatures(ctx)
-	require.NoError(t, err, "listing features must not error")
-
-	firstFeatureId := features[0].Id
-	featureDependencies, response, err := client.Feature.ListFeatureDependencies(ctx, firstFeatureId)
-
-	require.NoError(t, err, "getting a features dependencies must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, []*okta.Feature{}, featureDependencies, "did not return `[]*okta.Feature` as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/features/"+firstFeatureId+"/dependencies", response.Response.Request.URL.Path, "path for request was incorrect")
-}
-
-func Test_can_get_feature_dependants(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	features, _, err := client.Feature.ListFeatures(ctx)
-	require.NoError(t, err, "listing features must not error")
-
-	firstFeatureId := features[0].Id
-	featureDependants, response, err := client.Feature.ListFeatureDependents(ctx, firstFeatureId)
-
-	require.NoError(t, err, "getting a features dependants must not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, []*okta.Feature{}, featureDependants, "did not return `[]*okta.Feature` as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/features/"+firstFeatureId+"/dependents", response.Response.Request.URL.Path, "path for request was incorrect")
-}
-
-func Test_can_update_a_feature_lifecycle(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	features, _, err := client.Feature.ListFeatures(ctx)
-	require.NoError(t, err, "listing features must not error")
-
-	firstFeatureId := features[0].Id
-	origStatus := features[0].Status
-	statusTo := "disable"
-	if origStatus == "DISABLED" {
-		statusTo = "enable"
-	}
-	statusChange, response, err := client.Feature.UpdateFeatureLifecycle(ctx, firstFeatureId, statusTo, nil)
-
-	require.NoError(t, err, "updating feature status should not error")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, &okta.Feature{}, statusChange, "did not return `[]*okta.Feature` as first variable")
-	assert.Equal(t, "POST", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/features/"+firstFeatureId+"/"+statusTo, response.Response.Request.URL.Path, "path for request was incorrect")
-	assert.NotEqual(t, origStatus, statusChange.Status, "did not change the status")
-
-	toOrigStatus := "enable"
-	if origStatus == "DISABLED" {
-		toOrigStatus = "disable"
-	}
-	updatedStatusChange, response, err := client.Feature.UpdateFeatureLifecycle(ctx, firstFeatureId, toOrigStatus, nil)
-	require.NoError(t, err, "updating feature status should not error")
-	assert.Equal(t, origStatus, updatedStatusChange.Status, "did not change the status back")
-	assert.Equal(t, "/api/v1/features/"+firstFeatureId+"/"+toOrigStatus, response.Response.Request.URL.Path, "path for request was incorrect")
-}
diff --git a/tests/integration/group_schema_test.go b/tests/integration/group_schema_test.go
deleted file mode 100644
index 005432c2b..000000000
--- a/tests/integration/group_schema_test.go
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestCanGetGroupProperties(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	gc, response, err := client.GroupSchema.GetGroupSchema(ctx)
-	require.NoError(t, err, "getting group schema must not error")
-	require.NotNil(t, gc, "group schema should not be nil")
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	require.IsType(t, &okta.GroupSchema{}, gc, "did not return `*okta.GroupSchema{}` as first variable")
-	assert.Equal(t, "GET", response.Response.Request.Method, "did not make a get request")
-	assert.Equal(t, "/api/v1/meta/schemas/group/default", response.Response.Request.URL.Path, "path for request was incorrect")
-
-	assert.Equal(t, "#custom", gc.Definitions.Custom.Id)
-	assert.Equal(t, "#base", gc.Definitions.Base.Id)
-	assert.Equal(t, "Name", gc.Definitions.Base.Properties["name"].Title)
-	assert.Equal(t, "Description", gc.Definitions.Base.Properties["description"].Title)
-}
-
-func TestCanUpdateCustomGroupProperty(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	gc, _, err := client.GroupSchema.GetGroupSchema(ctx)
-	require.NoError(t, err, "getting group schema must not error")
-	require.NotNil(t, gc, "group schema should not be nil")
-
-	testProperty1 := randomTestString()
-	testProperty2 := randomTestString()
-
-	gc.Definitions.Custom.Properties[testProperty1] = &okta.GroupSchemaAttribute{
-		Description: "testing",
-		Items: &okta.UserSchemaAttributeItems{
-			Enum: []interface{}{"test", "1", "2"},
-			OneOf: []*okta.UserSchemaAttributeEnum{
-				{
-					Const: "test",
-					Title: "test",
-				},
-				{
-					Const: "1",
-					Title: "1",
-				},
-				{
-					Const: "2",
-					Title: "2",
-				},
-			},
-			Type: "string",
-		},
-		Master: &okta.UserSchemaAttributeMaster{
-			Type: "OKTA",
-		},
-		Mutability: "READ_WRITE",
-		Permissions: []*okta.UserSchemaAttributePermission{
-			{
-				Action:    "READ_ONLY",
-				Principal: "SELF",
-			},
-		},
-		Scope: "NONE",
-		Title: "Property Title",
-		Type:  "array",
-	}
-	var max int64 = 20
-	var min int64 = 1
-	gc.Definitions.Custom.Properties[testProperty2] = &okta.GroupSchemaAttribute{
-		Description:  "User's username for twitter.com",
-		ExternalName: "External Twitter username",
-		Master: &okta.UserSchemaAttributeMaster{
-			Type: "PROFILE_MASTER",
-		},
-		MaxLength:  max,
-		MinLength:  min,
-		Mutability: "READ_WRITE",
-		Permissions: []*okta.UserSchemaAttributePermission{
-			{
-				Action:    "READ_WRITE",
-				Principal: "SELF",
-			},
-		},
-		Scope:  "NONE",
-		Title:  "Twitter username",
-		Type:   "string",
-		Unique: "UNIQUE_VALIDATED",
-	}
-	updatedGC, _, err := client.GroupSchema.UpdateGroupSchema(ctx, *gc)
-	require.NoError(t, err, "updating group schema must not error")
-	require.NotNil(t, updatedGC, "updated group schema should not be nil")
-
-	assert.Equal(t, "Property Title", updatedGC.Definitions.Custom.Properties[testProperty1].Title)
-	assert.Equal(t, 3, len(updatedGC.Definitions.Custom.Properties[testProperty1].Items.Enum))
-	assert.Equal(t, 3, len(updatedGC.Definitions.Custom.Properties[testProperty1].Items.OneOf))
-	assert.Equal(t, "string", updatedGC.Definitions.Custom.Properties[testProperty1].Items.Type)
-	// assert.Equal(t, "OKTA", updatedGC.Definitions.Custom.Properties[testProperty1].Master.Type)
-
-	assert.Equal(t, "Twitter username", updatedGC.Definitions.Custom.Properties[testProperty2].Title)
-	assert.Nil(t, updatedGC.Definitions.Custom.Properties[testProperty2].Items)
-	// assert.Equal(t, "PROFILE_MASTER", updatedGC.Definitions.Custom.Properties[testProperty2].Master.Type)
-	assert.Equal(t, int64(1), updatedGC.Definitions.Custom.Properties[testProperty2].MinLength)
-	assert.Equal(t, int64(20), updatedGC.Definitions.Custom.Properties[testProperty2].MaxLength)
-	assert.Equal(t, "UNIQUE_VALIDATED", updatedGC.Definitions.Custom.Properties[testProperty2].Unique)
-
-	updatedGC.Definitions.Custom.Properties[testProperty1] = nil
-	updatedGC.Definitions.Custom.Properties[testProperty2] = nil
-
-	noCustomGC, _, err := client.GroupSchema.UpdateGroupSchema(ctx, *updatedGC)
-	require.NoError(t, err, "updating group schema must not error")
-	require.NotNil(t, noCustomGC, "updated group schema should not be nil")
-
-	assert.Nil(t, noCustomGC.Definitions.Custom.Properties[testProperty1], "property should be removed")
-	assert.Nil(t, noCustomGC.Definitions.Custom.Properties[testProperty2], "property should be removed")
-}
-
-func TestCanUpdateCustomGroupPropertyAsNumber(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	gc, _, err := client.GroupSchema.GetGroupSchema(ctx)
-	require.NoError(t, err, "getting group schema must not error")
-	require.NotNil(t, gc, "group schema should not be nil")
-
-	testProperty1 := randomTestString()
-
-	gc.Definitions.Custom.Properties[testProperty1] = &okta.GroupSchemaAttribute{
-		Description: "testing",
-		Items: &okta.UserSchemaAttributeItems{
-			Enum: []interface{}{1.0, 2.0, 3.0},
-			OneOf: []*okta.UserSchemaAttributeEnum{
-				{
-					Const: 1.0,
-					Title: "one",
-				},
-				{
-					Const: 2.0,
-					Title: "two",
-				},
-				{
-					Const: 3.0,
-					Title: "three",
-				},
-			},
-			Type: "number",
-		},
-		Master: &okta.UserSchemaAttributeMaster{
-			Type: "OKTA",
-		},
-		Mutability: "READ_WRITE",
-		Permissions: []*okta.UserSchemaAttributePermission{
-			{
-				Action:    "READ_ONLY",
-				Principal: "SELF",
-			},
-		},
-		Scope: "NONE",
-		Title: "Property Title",
-		Type:  "array",
-	}
-	updatedGC, _, err := client.GroupSchema.UpdateGroupSchema(ctx, *gc)
-	require.NoError(t, err, "updating group schema must not error")
-	require.NotNil(t, updatedGC, "updated group schema should not be nil")
-
-	assert.Equal(t, "Property Title", updatedGC.Definitions.Custom.Properties[testProperty1].Title)
-	assert.Equal(t, 3, len(updatedGC.Definitions.Custom.Properties[testProperty1].Items.Enum))
-	oneNumber := updatedGC.Definitions.Custom.Properties[testProperty1].Items.Enum[0]
-	assert.Equal(t, 1.0, oneNumber)
-	assert.Equal(t, 3, len(updatedGC.Definitions.Custom.Properties[testProperty1].Items.OneOf))
-	oneConstNumber := updatedGC.Definitions.Custom.Properties[testProperty1].Items.OneOf[0]
-	assert.Equal(t, 1.0, oneConstNumber.Const)
-	assert.Equal(t, "one", oneConstNumber.Title)
-	assert.Equal(t, "number", updatedGC.Definitions.Custom.Properties[testProperty1].Items.Type)
-
-	updatedGC.Definitions.Custom.Properties[testProperty1] = nil
-
-	noCustomGC, _, err := client.GroupSchema.UpdateGroupSchema(ctx, *updatedGC)
-	require.NoError(t, err, "updating group schema must not error")
-	require.NotNil(t, noCustomGC, "updated group schema should not be nil")
-
-	assert.Nil(t, noCustomGC.Definitions.Custom.Properties[testProperty1], "property should be removed")
-}
diff --git a/tests/integration/group_test.go b/tests/integration/group_test.go
deleted file mode 100644
index f53dff169..000000000
--- a/tests/integration/group_test.go
+++ /dev/null
@@ -1,457 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/cenkalti/backoff/v4"
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestCanGetAGroup(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-	// Create a new group → POST /api/v1/groups
-	gp := &okta.GroupProfile{
-		Name: testName("SDK_TEST Get Test Group"),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	assert.IsType(t, &okta.Group{}, group)
-
-	// Get the group by ID → GET /api/v1/groups/{{groupId}}
-	foundGroup, _, err := client.Group.GetGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when finding a group")
-	assert.Equal(t, group.Id, foundGroup.Id, "Group that was found was not correct")
-
-	// Delete the group → DELETE /api/v1/groups/{{groupId}}
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-
-	// Verify that the group is deleted by calling get on group (Exception thrown with 404 error message) → GET /api/v1/groups/{{groupId}}
-	_, resp, err := client.Group.GetGroup(ctx, group.Id)
-	assert.Error(t, err, "Finding a group by id should have reported an error")
-	assert.Equal(t, http.StatusNotFound, resp.StatusCode,
-		"Should have resulted in a 404 when finding a deleted group")
-}
-
-func TestCanListGroups(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-	// Create a new group → POST /api/v1/groups
-	gp := &okta.GroupProfile{
-		Name: testName("SDK_TEST List Test Group"),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	assert.IsType(t, &okta.Group{}, group)
-
-	// List all groups and find the group created → GET /api/v1/groups
-	groupList, _, err := client.Group.ListGroups(ctx, nil)
-	require.NoError(t, err, "Listing groups should not error")
-	found := false
-	for _, grp := range groupList {
-		if grp.Id == group.Id {
-			found = true
-		}
-	}
-	assert.True(t, found, "Could not find group from list")
-
-	// Delete the group → DELETE /api/v1/groups/{{groupId}}
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func TestCanSearchForAGroup(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-	// Create a new group → POST /api/v1/groups
-	groupName := testName("SDK_TEST Search Test Group")
-	gp := &okta.GroupProfile{
-		Name: groupName,
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	assert.IsType(t, &okta.Group{}, group)
-
-	// Search the group by name with query parameter → GET /api/v1/groups?q=Search
-	groupList, _, err := client.Group.ListGroups(ctx, query.NewQueryParams(query.WithQ(groupName)))
-	assert.Len(t, groupList, 1, "Did not find correct amount of groups")
-	require.NoError(t, err, "Listing groups should not error")
-	found := false
-	for _, grp := range groupList {
-		if grp.Id == group.Id {
-			found = true
-		}
-	}
-	assert.True(t, found, "Could not find group from list")
-
-	// Delete the group → DELETE /api/v1/groups/{{groupId}}
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func TestCanUpdateAGroup(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-	// Create a new group → POST /api/v1/groups
-	groupName := testName("SDK_TEST Update Test Group")
-	gp := &okta.GroupProfile{
-		Name: groupName,
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	assert.IsType(t, &okta.Group{}, group)
-
-	// Update the group name and description → PUT /api/v1/groups/{{groupId}}
-	newGroupName := testName("SDK_TEST Updated Name")
-	ngp := &okta.GroupProfile{
-		Name: newGroupName,
-	}
-	client.Group.UpdateGroup(ctx, group.Id, okta.Group{Profile: ngp})
-
-	// Verify that group profile is updated by calling get on the group and verifying the profile → GET /api/v1/groups/{{groupId}}
-	updatedGroup, _, err := client.Group.GetGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when getting updated group")
-	assert.Equal(t, newGroupName, updatedGroup.Profile.Name, "The group was not updated")
-
-	// Delete the group → DELETE /api/v1/groups/{{groupId}}
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func TestGroupUserOperations(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-	// Create a user with credentials → POST /api/v1/users?activate=false
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "With-Group"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(false))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-	assert.IsType(t, &okta.User{}, user)
-
-	// Create a new group → POST /api/v1/groups
-	gp := &okta.GroupProfile{
-		Name: testName("SDK_TEST Group-Member API Test Group"),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	assert.IsType(t, &okta.Group{}, group)
-
-	// Add user to the group  → POST /api/v1/groups/{{groupId}}/users/{{userId}}
-	_, err = client.Group.AddUserToGroup(ctx, group.Id, user.Id)
-	require.NoError(t, err, "Should not error when adding user to group")
-
-	// Validate user present in group → GET /api/v1/groups/{{groupId}}/users
-	users, _, err := client.Group.ListGroupUsers(ctx, group.Id, nil)
-	require.NoError(t, err)
-	found := false
-	for _, tmpuser := range users {
-		if tmpuser.Id == user.Id {
-			found = true
-		}
-	}
-	assert.True(t, found, "Could not find user in group")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Delete the group →  DELETE /api/v1/groups/{{groupId}}
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting a group")
-}
-
-func TestGroupRuleOperations(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-	// Create a user with credentials, activated by default → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: testPassword(10),
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "With-Group-Rule"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-	assert.IsType(t, &okta.User{}, user)
-
-	// Create a new group → POST /api/v1/groups
-	gp := &okta.GroupProfile{
-		Name: testName("SDK_TEST Group-Member-Rule API Test Group"),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	assert.IsType(t, &okta.Group{}, group)
-
-	// Create a group rule and verify rule executes → POST /api/v1/groups/rules
-	// The rule below adds the user created in step 1 to the group created in step 2 upon rule execution/activation
-	lastName := profile["lastName"].(string)
-	grce := &okta.GroupRuleExpression{
-		Type:  "urn:okta:expression:1.0",
-		Value: "user.lastName==\"" + lastName + "\"",
-	}
-	grc := &okta.GroupRuleConditions{
-		Expression: grce,
-	}
-	grga := &okta.GroupRuleGroupAssignment{
-		GroupIds: []string{group.Id},
-	}
-	gra := &okta.GroupRuleAction{
-		AssignUserToGroups: grga,
-	}
-	gr := &okta.GroupRule{
-		Actions:    gra,
-		Conditions: grc,
-		Type:       "group_rule",
-		Name:       testName("SDK_TEST group rule"),
-	}
-	groupRule, _, err := client.Group.CreateGroupRule(ctx, *gr)
-	require.NoError(t, err, "Should not error when creating a group Rule")
-	assert.IsType(t, &okta.GroupRule{}, groupRule)
-
-	// Activate the above rule and verify that user is added to the group → POST /api/v1/groups/rules/{{ruleId}}/lifecycle/activate
-	_, err = client.Group.ActivateGroupRule(ctx, groupRule.Id)
-	require.NoError(t, err, "Should not error when activating rule")
-
-	users := []*okta.User{}
-
-	// Use a backoff to check the user is in the group as there can be eventual
-	// consistency issues in adding users to groups.
-	operation := func() error {
-		users, _, err = client.Group.ListGroupUsers(ctx, group.Id, nil)
-		if err != nil {
-			return err
-		}
-		for _, tmpuser := range users {
-			if tmpuser.Id == user.Id {
-				return nil
-			}
-		}
-		return fmt.Errorf("returning error so backoff continues to looking for user being added")
-	}
-	bOff := backoff.NewExponentialBackOff()
-	bOff.MaxElapsedTime = 30 * time.Second
-	err = backoff.Retry(operation, bOff)
-	require.NoError(t, err, "Inspecting group for user addition had an issue.")
-
-	// List the group rules and validate the above rule is present → POST /api/v1/groups/rules
-	groupRules, _, err := client.Group.ListGroupRules(ctx, nil)
-	require.NoError(t, err, "Error should not happen when listing rules")
-	found := false
-	for _, tmpRules := range groupRules {
-		if tmpRules.Id == groupRule.Id {
-			found = true
-		}
-	}
-	assert.True(t, found, "Group rule execution did not happen")
-
-	// Deactivate the rule  → POST /api/v1/groups/rules/{{ruleId}}/lifecycle/deactivate
-	_, err = client.Group.DeactivateGroupRule(ctx, groupRule.Id)
-	require.NoError(t, err, "Error should not happen when deactivating rule")
-
-	// Update the rule (Rule can only be updated when it's deactivated) → POST /api/v1/groups/rules/{{ruleId}}
-	grce = &okta.GroupRuleExpression{
-		Type:  "urn:okta:expression:1.0",
-		Value: "user.lastName==\"Incorrect\"",
-	}
-	grc = &okta.GroupRuleConditions{
-		Expression: grce,
-	}
-	grga = &okta.GroupRuleGroupAssignment{
-		GroupIds: []string{group.Id},
-	}
-	gra = &okta.GroupRuleAction{
-		AssignUserToGroups: grga,
-	}
-	gr = &okta.GroupRule{
-		Actions:    gra,
-		Conditions: grc,
-		Type:       "group_rule",
-		Name:       testName("SDK_TEST group rule Updated"),
-	}
-	newGroupRule, _, err := client.Group.UpdateGroupRule(ctx, groupRule.Id, *gr)
-	require.NoError(t, err, "Should not error when updating rule")
-
-	// Activate the updated rule and verify that the user is removed from the group →  POST /api/v1/groups/rules/{{ruleId}}/lifecycle/activate
-	_, err = client.Group.ActivateGroupRule(ctx, newGroupRule.Id)
-	require.NoError(t, err, "Should not error when activating the group rule")
-
-	bOff.Reset()
-	// Use a backoff to check the user has been removed from the group as there
-	// can be eventual consistency issues in removing users from groups.
-	operation = func() error {
-		users, _, err = client.Group.ListGroupUsers(ctx, group.Id, nil)
-		if err != nil {
-			return err
-		}
-		for _, tmpuser := range users {
-			if tmpuser.Id == user.Id {
-				return fmt.Errorf("returning error so backoff continues user still listed in group")
-			}
-		}
-		return nil
-	}
-	err = backoff.Retry(operation, bOff)
-	require.NoError(t, err, "Inspecting group for user removal had an issue.")
-
-	// Deactivate the user, group and group rule → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.Group.DeactivateGroupRule(ctx, newGroupRule.Id)
-	require.NoError(t, err, "should not error when deactivating rule")
-
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "should not error when deactivating user")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting user")
-
-	// Delete the group → DELETE /api/v1/groups/{{groupId}}
-	_, err = client.Group.DeleteGroup(ctx, group.Id)
-	require.NoError(t, err, "Should not error when deleting Group")
-
-	// Delete the group rule → DELETE /api/v1/groups/rules/{{ruleId}}
-	_, err = client.Group.DeleteGroupRule(ctx, groupRule.Id, &query.Params{})
-	require.NoError(t, err, "Should not error when deleting Rule")
-}
-
-func TestGroupProfileSerialization(t *testing.T) {
-	gp := okta.GroupProfile{
-		Name:        "test",
-		Description: "tester",
-		GroupProfileMap: okta.GroupProfileMap{
-			"custom": "value",
-		},
-	}
-
-	gpExpected := okta.GroupProfile{
-		Name:        "test",
-		Description: "tester",
-		GroupProfileMap: okta.GroupProfileMap{
-			"custom": "value",
-		},
-	}
-
-	b, err := json.Marshal(&gp)
-	require.NoError(t, err)
-
-	var gpCopy okta.GroupProfile
-	err = json.Unmarshal(b, &gpCopy)
-	require.NoError(t, err)
-
-	assert.Equal(t, gpExpected, gpCopy, "expected marshal to unmarshal to produce exact copy of group profile")
-}
-
-func TestListAssignedApplicationsForGroup(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-
-	gp := &okta.GroupProfile{
-		Name: testName("SDK_TEST Get Test Group"),
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Should not error when creating a group")
-	assert.IsType(t, &okta.Group{}, group)
-
-	apps, _, err := client.Group.ListAssignedApplicationsForGroup(ctx, group.Id, nil)
-	require.NoError(t, err, "Should not error when listing assigned apps for group")
-	assert.Equal(t, 0, len(apps), "there shouldn't be any apps assigned to group")
-
-	app := okta.NewBookmarkApplication()
-	app.Settings = &okta.BookmarkApplicationSettings{
-		App: &okta.BookmarkApplicationSettingsApplication{
-			RequestIntegration: new(bool),
-			Url:                "https://example.com/bookmark.htm",
-		},
-	}
-	_, _, err = client.Application.CreateApplication(ctx, app, nil)
-	require.NoError(t, err, "Creating an application should not error")
-
-	_, _, err = client.Application.CreateApplicationGroupAssignment(ctx, app.Id, group.Id, okta.ApplicationGroupAssignment{})
-	require.NoError(t, err, "Assigning application to group should not error")
-
-	apps, _, err = client.Group.ListAssignedApplicationsForGroup(ctx, group.Id, nil)
-	require.NoError(t, err, "Should not error when listing assigned apps for group")
-	assert.Equal(t, 1, len(apps), "there should be one app assigned to group")
-
-	// teardown
-	client.Application.DeactivateApplication(ctx, app.Id)
-	client.Application.DeleteApplication(ctx, app.Id)
-	client.Group.DeleteGroup(ctx, group.Id)
-}
diff --git a/tests/integration/idps_test.go b/tests/integration/idps_test.go
deleted file mode 100644
index 3d8bf7d13..000000000
--- a/tests/integration/idps_test.go
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"encoding/json"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestCreateIdentityProvider(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	idpName := testName("Test Identity Provider")
-	testIdp, err := createIdentityProvider(idpName)
-	require.NoError(t, err)
-
-	resultIpd, response, err := client.IdentityProvider.CreateIdentityProvider(ctx, *testIdp)
-	go cleanupTestIdentityProvider(ctx, client, resultIpd)
-
-	require.NoError(t, err, "creating an identity provider hook should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/idps")
-	assert.Equal(t, idpName, resultIpd.Name)
-}
-
-func cleanupTestIdentityProvider(ctx context.Context, client *okta.Client, idp *okta.IdentityProvider) {
-	if idp == nil || idp.Name == "" {
-		return
-	}
-	_, _ = client.IdentityProvider.DeleteIdentityProvider(ctx, idp.Id)
-}
-
-func createIdentityProvider(name string) (*okta.IdentityProvider, error) {
-	jsonIDP := `
-		{
-			"type": "OIDC",
-			"name": "` + name + `",
-			"protocol": {
-			  "algorithms": {
-				"request": {
-				  "signature": {
-					"algorithm": "SHA-256",
-					"scope": "REQUEST"
-				  }
-				},
-				"response": {
-				  "signature": {
-					"algorithm": "SHA-256",
-					"scope": "ANY"
-				  }
-				}
-			  },
-			  "endpoints": {
-				"acs": {
-				  "binding": "HTTP-POST",
-				  "type": "INSTANCE"
-				},
-				"authorization": {
-				  "binding": "HTTP-REDIRECT",
-				  "url": "https://idp.example.com/authorize"
-				},
-				"token": {
-				  "binding": "HTTP-POST",
-				  "url": "https://idp.example.com/token"
-				},
-				"userInfo": {
-				  "binding": "HTTP-REDIRECT",
-				  "url": "https://idp.example.com/userinfo"
-				},
-				"jwks": {
-				  "binding": "HTTP-REDIRECT",
-				  "url": "https://idp.example.com/keys"
-				}
-			  },
-			  "scopes": [
-				"openid",
-				"profile",
-				"email"
-			  ],
-			  "type": "OIDC",
-			  "credentials": {
-				"client": {
-				  "client_id": "your-client-id",
-				  "client_secret": "your-client-secret"
-				}
-			  },
-			  "issuer": {
-				"url": "https://idp.example.com"
-			  }
-			},
-			"policy": {
-			  "accountLink": {
-				"action": "AUTO",
-				"filter": null
-			  },
-			  "provisioning": {
-				"action": "AUTO",
-				"conditions": {
-				  "deprovisioned": {
-					"action": "NONE"
-				  },
-				  "suspended": {
-					"action": "NONE"
-				  }
-				},
-				"groups": {
-				  "action": "NONE"
-				}
-			  },
-			  "maxClockSkew": 120000,
-			  "subject": {
-				"userNameTemplate": {
-				  "template": "idpuser.email"
-				},
-				"matchType": "USERNAME"
-			  }
-			}
-		  }
-	`
-
-	var idp okta.IdentityProvider
-
-	err := json.Unmarshal([]byte(jsonIDP), &idp)
-	if err != nil {
-		return nil, err
-	}
-
-	return &idp, nil
-}
diff --git a/tests/integration/main_test.go b/tests/integration/main_test.go
deleted file mode 100644
index 376265aaa..000000000
--- a/tests/integration/main_test.go
+++ /dev/null
@@ -1,169 +0,0 @@
-package integration
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"math/rand"
-	"os"
-	"testing"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-)
-
-func init() {
-	rand.Seed(time.Now().UTC().UnixNano())
-}
-
-func TestMain(m *testing.M) {
-	err := sweep()
-	if err != nil {
-		log.Printf("failed to clean up organization before integration tests: %v", err)
-	}
-	exitVal := m.Run()
-	err = sweep()
-	if err != nil {
-		log.Printf("failed to clean up organization after integration tests: %v", err)
-	}
-	os.Exit(exitVal)
-}
-
-// sweep the resources before running integration tests
-func sweep() error {
-	log.Println("[INFO] sweeping test users, groups and rules")
-	ctx, client, err := tests.NewClient(context.Background())
-	if err != nil {
-		return err
-	}
-	err = sweepUsers(ctx, client)
-	if err != nil {
-		return err
-	}
-	err = sweepGroups(ctx, client)
-	if err != nil {
-		return err
-	}
-	return sweepGroupRules(ctx, client)
-}
-
-func sweepGroups(ctx context.Context, client *okta.Client) error {
-	groups, _, err := client.Group.ListGroups(ctx, &query.Params{Q: "SDK_TEST"})
-	if err != nil {
-		return err
-	}
-	for _, g := range groups {
-		_, err = client.Group.DeleteGroup(ctx, g.Id)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func sweepGroupRules(ctx context.Context, client *okta.Client) error {
-	groupRules, _, err := client.Group.ListGroupRules(ctx, &query.Params{Q: "SDK_TEST"})
-	if err != nil {
-		return err
-	}
-	for _, g := range groupRules {
-		if g.Status == "ACTIVE" {
-			_, err = client.Group.DeactivateGroupRule(ctx, g.Id)
-			if err != nil {
-				return err
-			}
-		}
-		_, err = client.Group.DeleteGroupRule(ctx, g.Id, &query.Params{})
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func sweepUsers(ctx context.Context, client *okta.Client) error {
-	users, resp, err := client.User.ListUsers(ctx, &query.Params{Q: "SDK_TEST", Limit: 200})
-	if err != nil {
-		return err
-	}
-	for _, u := range users {
-		if err := ensureUserDelete(ctx, client, u.Id, u.Status); err != nil {
-			return err
-		}
-	}
-	for resp.HasNextPage() {
-		var users []*okta.User
-		resp, err = resp.Next(ctx, &users)
-		if err != nil {
-			return err
-		}
-		for _, u := range users {
-			if err := ensureUserDelete(ctx, client, u.Id, u.Status); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func ensureUserDelete(ctx context.Context, client *okta.Client, id, status string) error {
-	// only deprovisioned users can be deleted fully from okta
-	// make two passes on the user if they aren't deprovisioned already to deprovision them first
-	passes := 2
-	if status == "DEPROVISIONED" {
-		passes = 1
-	}
-	for i := 0; i < passes; i++ {
-		_, err := client.User.DeactivateOrDeleteUser(ctx, id, nil)
-		if err != nil {
-			return fmt.Errorf("failed to deprovision or delete user: %w", err)
-		}
-	}
-	return nil
-}
-
-const (
-	charSetAlphaUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	charSetAlphaLower = "abcdefghijklmnopqrstuvwxyz"
-	charSetNumeric    = "0123456789"
-	charSetAlpha      = charSetAlphaLower + charSetAlphaUpper + charSetNumeric
-	testPrefix        = "SDK_TEST_"
-)
-
-func randomEmail() string {
-	return randomTestString() + "@example.com"
-}
-
-// randStringFromCharSet generates a random string of 15 lower case letters
-func randomTestString() string {
-	result := make([]byte, 15)
-	for i := 0; i < 15; i++ {
-		result[i] = charSetAlphaLower[rand.Intn(len(charSetAlphaLower))]
-	}
-	return testPrefix + string(result)
-}
-
-// testPassword generates a random string of at least 4 characters in length
-func testPassword(length int) string {
-	if length < 5 {
-		length = 4
-	}
-	result := make([]byte, length)
-	result[0] = charSetAlphaLower[rand.Intn(len(charSetAlphaLower))]
-	result[1] = charSetAlphaUpper[rand.Intn(len(charSetAlphaUpper))]
-	result[2] = charSetNumeric[rand.Intn(len(charSetNumeric))]
-	for i := 3; i < length; i++ {
-		result[i] = charSetAlpha[rand.Intn(len(charSetAlpha))]
-	}
-	return string(result)
-}
-
-func testName(name string) string {
-	s := fmt.Sprintf("%s %s", randomTestString(), name)
-	if len(s) > 50 {
-		s = s[:50]
-	}
-	return s
-}
diff --git a/tests/integration/orgs_test.go b/tests/integration/orgs_test.go
deleted file mode 100644
index 8b5b71670..000000000
--- a/tests/integration/orgs_test.go
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"fmt"
-	"testing"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestGetOrgContactTypes(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	contactTypes, _, err := client.OrgSetting.GetOrgContactTypes(ctx)
-	require.NoError(t, err)
-
-	// there should be a billing and technical contact type
-	var foundBilling, foundTechnical bool
-	for _, concontactType := range contactTypes {
-		if concontactType.ContactType == "BILLING" {
-			foundBilling = true
-		}
-		if concontactType.ContactType == "TECHNICAL" {
-			foundTechnical = true
-		}
-	}
-	assert.True(t, foundBilling, "There should be billing contact type.")
-	assert.True(t, foundTechnical, "There should be technical contact type.")
-}
-
-func TestGetAndUpdateOrgContactUser(t *testing.T) {
-	// switch the billing and technical contacts
-
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	technicalUser, _, err := client.OrgSetting.GetOrgContactUser(ctx, "TECHNICAL")
-	require.NoError(t, err)
-
-	billingUser, _, err := client.OrgSetting.GetOrgContactUser(ctx, "BILLING")
-	require.NoError(t, err)
-
-	_, _, err = client.OrgSetting.UpdateOrgContactUser(ctx, "TECHNICAL", okta.UserIdString{UserId: billingUser.UserId})
-	require.NoError(t, err)
-
-	_, _, err = client.OrgSetting.UpdateOrgContactUser(ctx, "BILLING", okta.UserIdString{UserId: technicalUser.UserId})
-	require.NoError(t, err)
-}
-
-func TestOptInOptOutOktaCommunicationSettings(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	// get the communication settings
-	// if opted in, opt out, then opt in
-	// if opted opted out, opt in, then opt out
-
-	settings, _, err := client.OrgSetting.GetOktaCommunicationSettings(ctx)
-	require.NoError(t, err)
-
-	var foundOptIn, foundOptOut bool
-	links := settings.Links.(map[string]interface{})
-	_, foundOptIn = links["optIn"]
-	_, foundOptOut = links["optOut"]
-
-	assert.True(t, (foundOptIn || foundOptOut), "There should be optIn or optOut setting")
-
-	if foundOptIn {
-		_, _, err := client.OrgSetting.OptInUsersToOktaCommunicationEmails(ctx)
-		require.NoError(t, err)
-		_, _, err = client.OrgSetting.OptOutUsersFromOktaCommunicationEmails(ctx)
-		require.NoError(t, err)
-	}
-
-	if foundOptOut {
-		_, _, err := client.OrgSetting.OptOutUsersFromOktaCommunicationEmails(ctx)
-		require.NoError(t, err)
-		_, _, err = client.OrgSetting.OptInUsersToOktaCommunicationEmails(ctx)
-		require.NoError(t, err)
-	}
-}
-
-func TestGetGrantExtentRevokeOktaCommunicationSettings(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	// get the support settings
-	// if support not granted, grant it, extend it, revoke it
-	// if support granted, revoke it, grant it, extend it
-
-	settings, _, err := client.OrgSetting.GetOrgOktaSupportSettings(ctx)
-	require.NoError(t, err)
-
-	ops := []string{"revoke", "grant", "extend"}
-	opIndex := 0
-	if settings.Support != "ENABLED" {
-		opIndex = 1
-	}
-
-	// will grant, extend, revoke
-	// or will revoke, grant, extend
-	countOps := 0
-	for countOps < len(ops) {
-		switch ops[opIndex] {
-		case "revoke":
-			_, _, err := client.OrgSetting.RevokeOktaSupport(ctx)
-			require.NoError(t, err)
-		case "grant":
-			_, _, err := client.OrgSetting.GrantOktaSupport(ctx)
-			require.NoError(t, err)
-		case "extend":
-			_, _, err := client.OrgSetting.ExtendOktaSupport(ctx)
-			require.NoError(t, err)
-		}
-
-		opIndex++
-		if opIndex >= len(ops) {
-			opIndex = 0
-		}
-		countOps++
-	}
-}
-
-func TestGetPerfsShowHideFooter(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	// get the org preferences
-	// if hidden footer, show it, then hide it
-	// if showing footer, hide it, then show it
-
-	preferences, _, err := client.OrgSetting.GetOrgPreferences(ctx)
-	require.NoError(t, err)
-
-	var showEndUserFooter, hideEndUserFooter bool
-	links := preferences.Links.(map[string]interface{})
-	_, showEndUserFooter = links["showEndUserFooter"]
-	_, hideEndUserFooter = links["hideEndUserFooter"]
-	assert.True(t, (showEndUserFooter || hideEndUserFooter), "There should be show or hide end user preference")
-
-	if showEndUserFooter {
-		_, _, err = client.OrgSetting.HideOktaUIFooter(ctx)
-		require.NoError(t, err)
-		_, _, err := client.OrgSetting.ShowOktaUIFooter(ctx)
-		require.NoError(t, err)
-	}
-
-	if hideEndUserFooter {
-		_, _, err := client.OrgSetting.ShowOktaUIFooter(ctx)
-		require.NoError(t, err)
-		_, _, err = client.OrgSetting.HideOktaUIFooter(ctx)
-		require.NoError(t, err)
-	}
-}
-
-func TestGetAndPartialUpdateOrgSettings(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	// get org settings, partial update org with new website
-	settings, _, err := client.OrgSetting.GetOrgSettings(ctx)
-	require.NoError(t, err)
-
-	website := fmt.Sprintf("https://developer.okta.com/golang-sdk-oie/testing/%d", time.Now().UnixNano())
-	assert.True(t, settings.Website != website)
-
-	partialSettings := okta.OrgSetting{Website: website}
-	newSettings, _, err := client.OrgSetting.PartialUpdateOrgSetting(ctx, partialSettings)
-	require.NoError(t, err)
-
-	assert.True(t, newSettings.Website == website, "Expected org website %q, got %q", website, newSettings.Website)
-}
diff --git a/tests/integration/policies_test.go b/tests/integration/policies_test.go
deleted file mode 100644
index ca198488b..000000000
--- a/tests/integration/policies_test.go
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestListPolicies(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	policies, resp, err := client.Policy.ListPolicies(ctx, &query.Params{Type: "OKTA_SIGN_ON"})
-	require.NoError(t, err)
-	tests.AssertResponse(t, resp, "GET", "/api/v1/policies")
-
-	assert.True(t, len(policies) > 0, "there should be policies")
-}
diff --git a/tests/integration/request_test.go b/tests/integration/request_test.go
deleted file mode 100644
index 2c52ecffb..000000000
--- a/tests/integration/request_test.go
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"io"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_private_key_request_contains_bearer_token(t *testing.T) {
-	var buff io.ReadWriter
-
-	_, client, err := tests.NewClient(context.TODO(), okta.WithAuthorizationMode("PrivateKey"), okta.WithScopes(([]string{"okta.users.manage"})))
-	require.NoError(t, err)
-
-	request, err := client.CloneRequestExecutor().NewRequest("GET", "https://example.com/", buff)
-	require.NoError(t, err)
-
-	assert.Contains(t, request.Header.Get("Authorization"), "Bearer", "does not contain a bearer token for the request")
-}
-
-func Test_jwt_request_contains_bearer_token(t *testing.T) {
-	var buff io.ReadWriter
-
-	_, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	privateKeySigner, err := okta.CreateKeySigner(client.GetConfig().Okta.Client.PrivateKey, client.GetConfig().Okta.Client.PrivateKeyId)
-	require.NoError(t, err)
-
-	clientAssertion, err := okta.CreateClientAssertion(client.GetConfig().Okta.Client.OrgUrl, client.GetConfig().Okta.Client.ClientId, privateKeySigner)
-	require.NoError(t, err)
-
-	err = client.SetConfig(okta.WithAuthorizationMode("JWT"), okta.WithScopes(([]string{"okta.users.manage"})), okta.WithClientAssertion(clientAssertion))
-	require.NoError(t, err)
-
-	request, err := client.CloneRequestExecutor().NewRequest("GET", "https://example.com/", buff)
-	require.NoError(t, err)
-
-	assert.Contains(t, request.Header.Get("Authorization"), "Bearer", "does not contain a bearer token for the request")
-}
-
-func Test_private_key_request_can_create_a_user(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithAuthorizationMode("PrivateKey"), okta.WithScopes(([]string{"okta.users.manage"})))
-	require.NoError(t, err)
-
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	email := randomEmail()
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Private_Key"
-	profile["email"] = email
-	profile["login"] = email
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-
-	qp := query.NewQueryParams(query.WithActivate(false))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-	assert.NotEmpty(t, user.Id, "appears the user was not created")
-	tempProfile := *user.Profile
-	assert.Equal(t, email, tempProfile["email"], "did not get the correct user")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
diff --git a/tests/integration/subscription_test.go b/tests/integration/subscription_test.go
deleted file mode 100644
index b6f9cf817..000000000
--- a/tests/integration/subscription_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestListRoleSubscriptions(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	subscriptions, _, err := client.Subscription.ListRoleSubscriptions(ctx, "SUPER_ADMIN")
-	require.NoError(t, err, "Getting subscriptions for a role should not error")
-
-	assert.True(t, len(subscriptions) > 0, "There should be subscriptions")
-}
-
-func TestGetRoleSubscriptionByNotificationType(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	subscription, _, err := client.Subscription.GetRoleSubscriptionByNotificationType(ctx, "SUPER_ADMIN", "OKTA_ANNOUNCEMENT")
-	require.NoError(t, err, "Getting subscription for a role by a notification type should not error")
-
-	assert.True(t, subscription.NotificationType == "OKTA_ANNOUNCEMENT", "There should be a subscription")
-}
-
-func TestSubscribeRoleSubscriptionByNotificationType(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	_, err = client.Subscription.SubscribeRoleSubscriptionByNotificationType(ctx, "SUPER_ADMIN", "OKTA_ANNOUNCEMENT")
-	require.NoError(t, err, "Subscribing for a role by a notification type should not error")
-}
-
-func TestUnsubscribeRoleSubscriptionByNotificationType(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	_, err = client.Subscription.UnsubscribeRoleSubscriptionByNotificationType(ctx, "SUPER_ADMIN", "OKTA_ANNOUNCEMENT")
-	require.NoError(t, err, "Unsubscribing for a role by a notification type should not error")
-}
-
-func TestSubscribeUserSubscriptionByNotificationType(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	user, _, err := client.User.GetUser(ctx, "me")
-	require.NoError(t, err, "Getting the current user should not error")
-
-	_, err = client.Subscription.SubscribeUserSubscriptionByNotificationType(ctx, user.Id, "OKTA_ANNOUNCEMENT")
-	require.NoError(t, err, "Subscribing user by a notification type should not error")
-}
-
-func TestUnsubscribeUserSubscriptionByNotificationType(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	user, _, err := client.User.GetUser(ctx, "me")
-	require.NoError(t, err, "Getting the current user should not error")
-
-	_, err = client.Subscription.UnsubscribeUserSubscriptionByNotificationType(ctx, user.Id, "OKTA_ANNOUNCEMENT")
-	require.NoError(t, err, "Unsubscribing user by a notification type should not error")
-}
diff --git a/tests/integration/trusted_origin_test.go b/tests/integration/trusted_origin_test.go
deleted file mode 100644
index 6f3d085f1..000000000
--- a/tests/integration/trusted_origin_test.go
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_trusted_origin_for_iframe_embedding(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	scopeCors := &okta.Scope{
-		Type: "CORS",
-	}
-	scopeIframe := &okta.Scope{
-		Type: "IFRAME_EMBED",
-	}
-	scopes := make([]*okta.Scope, 2)
-	scopes[0] = scopeCors
-	scopes[1] = scopeIframe
-
-	trustedOrigin := &okta.TrustedOrigin{
-		Name:   "Trusted Origin",
-		Origin: "http://example.com",
-		Scopes: scopes,
-	}
-
-	to, _, err := client.TrustedOrigin.CreateOrigin(ctx, *trustedOrigin)
-
-	require.NoError(t, err)
-
-	assert.IsType(t, &okta.TrustedOrigin{}, to)
-
-	client.TrustedOrigin.DeleteOrigin(ctx, to.Id)
-}
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
deleted file mode 100644
index 2c5ddadc9..000000000
--- a/tests/integration/user_test.go
+++ /dev/null
@@ -1,797 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestCanGetAUser(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create user with credentials → POST /api/v1/users?activate=false
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Get-User"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(false))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Get the user by ID → GET /api/v1/users/{{userId}}
-	ubid, _, err := client.User.GetUser(ctx, user.Id)
-	require.NoError(t, err, "Getting a user by id should not error")
-	assert.Equal(t, user.Id, ubid.Id, "Could not find user by Id")
-
-	// Get the user by login name → GET /api/v1/users/{{login}}
-	ubln, _, err := client.User.GetUser(ctx, profile["login"].(string))
-	require.NoError(t, err, "Getting a user by login should not error")
-	assert.Equal(t, user.Id, ubln.Id, "Could not find user by Login")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, _, err = client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-}
-
-func TestCanActivateAUser(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create user with credentials → POST /api/v1/users?activate=false
-	uc := &okta.UserCredentials{
-		Password: &okta.PasswordCredential{
-			Value: "Abcd1234",
-		},
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Activate"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(false))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Activate the user → POST /api/v1/users/{{userId}}/lifecycle/activate?sendEmail=false
-	token, _, err := client.User.ActivateUser(ctx, user.Id, query.NewQueryParams(query.WithSendEmail(false)))
-	require.NoError(t, err, "Could not activate the user")
-	assert.NotEmpty(t, token, "Token was not provided")
-	assert.IsType(t, &okta.UserActivationToken{}, token, "Activation did not return correct type")
-
-	crUser, _, err := client.User.GetUser(ctx, user.Id)
-	require.NoError(t, err, "Could not get user by ID")
-	assert.NotNil(t, crUser.Activated, "users activation time is missing")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func TestCanUpdateUserProfile(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create user with credentials → POST /api/v1/users?activate=false
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Profile-Update"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(false))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Update the user's profile by adding a nickname → PUT /api/v1/users/{{userId}}
-	newProfile := *user.Profile
-	newProfile["nickName"] = "Batman"
-	updatedUser := &okta.User{
-		Profile: &newProfile,
-	}
-	_, _, err = client.User.UpdateUser(ctx, user.Id, *updatedUser, nil)
-	require.NoError(t, err, "Could not update the user")
-
-	// Verify that user profile is updated by calling get on the user → GET /api/v1/users/{{userId}}
-	tmpUser, _, err := client.User.GetUser(ctx, user.Id)
-	require.NoError(t, err, "User was not available to get")
-	tmpProfile := *tmpUser.Profile
-	assert.Equal(t, "Batman", tmpProfile["nickName"])
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func TestCanSuspendAUser(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create user with credentials → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Suspend"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Suspend the user → POST /api/v1/users/{{userId}}/lifecycle/suspend
-	_, err = client.User.SuspendUser(ctx, user.Id)
-	require.NoError(t, err, "Could not suspend the user")
-
-	// Verify that user is in the list of suspended users → GET /api/v1/users?filter=status eq "SUSPENDED"
-	filter := query.NewQueryParams(query.WithFilter("status eq \"SUSPENDED\""))
-	users, _, err := client.User.ListUsers(ctx, filter)
-	require.NoError(t, err, "Could not get suspended users")
-	found := false
-	for _, u := range users {
-		if user.Id == u.Id {
-			found = true
-		}
-	}
-	assert.True(t, found, "The user was not found")
-
-	// Unsuspend the user →  POST /api/v1/users/{{userId}}/lifecycle/unsuspend
-	_, err = client.User.UnsuspendUser(ctx, user.Id)
-	require.NoError(t, err, "Could not unsuspend the user")
-
-	// Verify that user is in the list of active users → GET /api/v1/users?filter=status eq "ACTIVE"
-	filter = query.NewQueryParams(query.WithFilter("status eq \"ACTIVE\""))
-	users, _, err = client.User.ListUsers(ctx, filter)
-	require.NoError(t, err, "Could not get active users")
-	found = false
-	for _, u := range users {
-		if user.Id == u.Id {
-			found = true
-		}
-	}
-	assert.True(t, found, "The user was not found")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func TestCanChangeUsersPassword(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create user with credentials → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Change-Password"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Sleep 1 second to make sure time has passed for password chagned timestamps
-	time.Sleep(1 * time.Second)
-
-	// Change the password to '1234Abcd' → POST /api/v1/users/{{userId}}/credentials/change_password
-	op := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	np := &okta.PasswordCredential{
-		Value: "1234Abcd",
-	}
-	npr := &okta.ChangePasswordRequest{
-		OldPassword: op,
-		NewPassword: np,
-	}
-	_, _, err = client.User.ChangePassword(ctx, user.Id, *npr, nil)
-	require.NoError(t, err, "Could not change password")
-
-	// Get the user and verify that 'passwordChanged' field has increased → GET /api/v1/users/{{userId}}/
-	ubid, _, err := client.User.GetUser(ctx, user.Id)
-	require.NoError(t, err, "Getting a user by login should not error")
-	assert.Equal(t, user.Id, ubid.Id, "Could not find user by Login")
-	assert.True(t, ubid.PasswordChanged.After(*user.PasswordChanged), "Appears that password change did not happen")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, _, err = client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-}
-
-func TestCanGetResetPasswordLinkForUser(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create user with credentials → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Get-Reset-Password-Url"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Reset the user password → POST /api/v1/users/{{userId}}/lifecycle/reset_password?sendEmail=false
-	rpt, _, err := client.User.ResetPassword(ctx, user.Id, query.NewQueryParams(query.WithSendEmail(false)))
-	require.NoError(t, err, "Could not reset password")
-
-	// Verify that the response returned contains the reset password link
-	assert.IsType(t, &okta.ResetPasswordToken{}, rpt)
-	assert.NotEmpty(t, rpt.ResetPasswordUrl, "Reset Password is not set")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, _, err = client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-}
-
-func TestCanExpireAUsersPasswordAndGetATempOne(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create a user with credentials, activated by default → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Expire-Password"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Expire the user password → POST /api/v1/users/{{userId}}/lifecycle/expire_password?tempPassword=true
-	ep, _, err := client.User.ExpirePasswordAndGetTemporaryPassword(ctx, user.Id)
-	require.NoError(t, err, "Could not reset password")
-
-	// Verify that the returned response contains a temporary password
-	assert.IsType(t, &okta.TempPassword{}, ep)
-	assert.NotEmpty(t, ep.TempPassword, "Temp Password not provided")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, _, err = client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-}
-
-func TestCanChangeUserRecoveryQuestion(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create a user with credentials, activated by default → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Change-Recovery-Question"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Update the user's recovery question → POST /api/v1/users/{{userId}}/credentials/change_recovery_question
-	nucp := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	nucrq := &okta.RecoveryQuestionCredential{
-		Question: "How many roads must a man walk down?",
-		Answer:   "forty two",
-	}
-	nuc := &okta.UserCredentials{
-		Password:         nucp,
-		RecoveryQuestion: nucrq,
-	}
-	tmpuc, _, err := client.User.ChangeRecoveryQuestion(ctx, user.Id, *nuc)
-	require.NoError(t, err, "Could not change recovery question")
-	assert.IsType(t, &okta.UserCredentials{}, tmpuc)
-
-	// Update the user's password using updated recovery question credentials passing the body below → POST /api/v1/users/{{userId}}/credentials/forgot_password
-	np := &okta.PasswordCredential{
-		Value: "1234Abcd",
-	}
-	rq := &okta.RecoveryQuestionCredential{
-		Answer: "forty two",
-	}
-	ucfp := &okta.UserCredentials{
-		Password:         np,
-		RecoveryQuestion: rq,
-	}
-	_, _, err = client.User.ForgotPasswordSetNewPassword(ctx, user.Id, *ucfp, nil)
-	require.NoError(t, err, "Could not change password with recovery question")
-
-	// Get the user and verify that 'passwordChanged' field has increased → GET /api/v1/users/{{userId}}
-	ubid, _, err := client.User.GetUser(ctx, user.Id)
-	require.NoError(t, err, "Getting a user by login should not error")
-	assert.Equal(t, user.Id, ubid.Id, "Could not find user by Login")
-	assert.True(t, ubid.PasswordChanged.After(*user.PasswordChanged), "Appears that password change did not happen")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, _, err = client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-}
-
-func TestCanAssignAUserToARole(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-	// Create a user with credentials, activated by default → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Role"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Add 'USER_ADMIN' role to the user → POST /api/v1/users/{{userId}}/roles (Body → { type: 'USER_ADMIN'  })
-	arr := &okta.AssignRoleRequest{
-		Type: "USER_ADMIN",
-	}
-	_, _, err = client.User.AssignRoleToUser(ctx, user.Id, *arr, nil)
-	require.NoError(t, err, "Should not have had an error when adding role to user")
-
-	// List roles for the user and verify added role → GET /api/v1/users/{{userId}}/roles
-	roles, _, err := client.User.ListAssignedRolesForUser(ctx, user.Id, nil)
-	require.NoError(t, err)
-	found := false
-	roleId := ""
-	for _, role := range roles {
-		if role.Type == "USER_ADMIN" {
-			found = true
-			roleId = role.Id
-		}
-	}
-	assert.True(t, found, "Could not verify USER_ADMIN was added to the user")
-
-	// Remove role for the user → DELETE /api/v1/users/{{userId}}//roles/{{roleId}}/
-	_, err = client.User.RemoveRoleFromUser(ctx, user.Id, roleId)
-	require.NoError(t, err, "Should not have had an error when removing role to user")
-
-	// List roles for user and verify role was removed → GET /api/v1/users/{{userId}}/roles
-	roles, _, err = client.User.ListAssignedRolesForUser(ctx, user.Id, nil)
-	require.NoError(t, err)
-	found = false
-	for _, role := range roles {
-		if role.Type == "USER_ADMIN" {
-			found = true
-		}
-	}
-	assert.False(t, found, "Could not verify USER_ADMIN was removed to the user")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, resp, err := client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-	assert.Equal(t, http.StatusNotFound, resp.StatusCode, "Should not have been able to find user")
-}
-
-func TestUserGroupTargetRole(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-	// Create a user with credentials, activated by default → POST /api/v1/users?activate=true
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Group-Target"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	user, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	// Create a new group → POST /api/v1/groups
-	gp := &okta.GroupProfile{
-		Name: "SDK_TEST Group-Target Test Group",
-	}
-	g := &okta.Group{
-		Profile: gp,
-	}
-	group, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err, "Creating an group should not error")
-
-	// Add 'USER_ADMIN' role to the user → POST /api/v1/users/{{userId}}/roles (Body → { type: 'USER_ADMIN'  })
-	arr := &okta.AssignRoleRequest{
-		Type: "USER_ADMIN",
-	}
-	r, _, err := client.User.AssignRoleToUser(ctx, user.Id, *arr, nil)
-	require.NoError(t, err, "Should not have had an error when adding role to user")
-
-	// Add Group Target to 'USER_ADMIN' role → PUT /api/v1/users/{{userId}}/roles/{{roleId}}/targets/groups/{{groupId}}
-	_, err = client.User.AddGroupTargetToRole(ctx, user.Id, r.Id, group.Id)
-	require.NoError(t, err, "Should not have had an error when adding group target to role")
-
-	// List Group Targets for role → GET  /api/v1/users/{{userId}}/roles/{{roleId}}/targets/groups
-	groups, _, err := client.User.ListGroupTargetsForRole(ctx, user.Id, r.Id, nil)
-	require.NoError(t, err)
-	found := false
-	for _, tmpgroup := range groups {
-		if tmpgroup.Id == group.Id {
-			found = true
-		}
-	}
-	assert.True(t, found, "Could not verify group target")
-
-	// Remove Group Target from Admin User Role and verify removed → DELETE /api/v1/users/{{userId}}/roles/{{roleId}}/targets/groups/{{groupId}}
-	gp = &okta.GroupProfile{
-		Name: "SDK_TEST TMP - Group-Target Test Group",
-	}
-	g = &okta.Group{
-		Profile: gp,
-	}
-	newgroup, _, err := client.Group.CreateGroup(ctx, *g)
-	require.NoError(t, err)
-	_, err = client.User.AddGroupTargetToRole(ctx, user.Id, r.Id, newgroup.Id)
-	require.NoError(t, err)
-	_, err = client.User.RemoveGroupTargetFromRole(ctx, user.Id, r.Id, group.Id)
-	require.NoError(t, err, "Should not have had an error when removing group target to role")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, resp, err := client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-	assert.Equal(t, http.StatusNotFound, resp.StatusCode, "Should not have been able to find user")
-
-	// Delete the group → DELETE /api/v1/groups/{{groupId}}
-	client.Group.DeleteGroup(ctx, group.Id)
-	client.Group.DeleteGroup(ctx, newgroup.Id)
-}
-
-func TestCanGetUserWithCacheEnabled(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile := okta.UserProfile{}
-	profile["firstName"] = "John"
-	profile["lastName"] = "Test-Cache"
-	profile["email"] = randomEmail()
-	profile["login"] = profile["email"]
-	u := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	createdUser, _, err := client.User.CreateUser(ctx, *u, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	for i := 0; i < 50; i++ {
-		user, resp, err := client.User.GetUser(ctx, profile["email"].(string))
-		assert.NoError(t, err, "Should not error when getting user")
-		assert.NotNil(t, user, "user should not be nil")
-		assert.NotNil(t, resp, "resp should not be nil")
-	}
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, createdUser.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, createdUser.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func TestCanPaginateAcrossUsers(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-
-	p := &okta.PasswordCredential{
-		Value: "Abcd1234",
-	}
-	uc := &okta.UserCredentials{
-		Password: p,
-	}
-	profile1 := okta.UserProfile{}
-	profile1["firstName"] = "John"
-	profile1["lastName"] = "page-test"
-	profile1["email"] = "john-page-1@example.com"
-	profile1["login"] = "SDK_TESTjohn-page-1@example.com"
-	u1 := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile1,
-	}
-	profile2 := okta.UserProfile{}
-	profile2["firstName"] = "John"
-	profile2["lastName"] = "page-test"
-	profile2["email"] = "john-page-2@example.com"
-	profile2["login"] = "SDK_TESTjohn-page-2@example.com"
-	u2 := &okta.CreateUserRequest{
-		Credentials: uc,
-		Profile:     &profile2,
-	}
-	qp := query.NewQueryParams(query.WithActivate(true))
-
-	createdUser1, _, err := client.User.CreateUser(ctx, *u1, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-	createdUser2, _, err := client.User.CreateUser(ctx, *u2, qp)
-	require.NoError(t, err, "Creating a new user should not error")
-
-	query := query.NewQueryParams(query.WithLimit(1))
-	user1, resp, err := client.User.ListUsers(ctx, query)
-	require.NoError(t, err)
-	assert.Equal(t, 1, len(user1), "User1 did not reutrn 1 user")
-	user1Profile := *user1[0].Profile
-
-	hasNext := resp.HasNextPage()
-	assert.True(t, hasNext, "Should return true for HasNextPage")
-
-	var user2 []*okta.User
-	_, err = resp.Next(ctx, &user2)
-	require.NoError(t, err)
-
-	assert.Equal(t, 1, len(user2), "User2 did not reutrn 1 user")
-	user2Profile := *user2[0].Profile
-
-	assert.NotEqual(t, user2Profile["email"], user1Profile["email"], "Emails should not be the same")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, createdUser1.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, createdUser1.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, createdUser2.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, createdUser2.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-}
-
-func TestListUserSubscriptions(t *testing.T) {
-	// FIXME list users is getting an API error due to this documentated limitation:
-	//
-	// List subscriptions of a User. Only lists subscriptions for current user.
-	// An AccessDeniedException message is sent if requests are made from other
-	// users.
-	//
-	// Have tried creating a user and getting the current user: GET /api/v1/users/me
-	t.Skip("Need to determine how to set up environment for ListUserSubscriptions")
-
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-
-	user, _, err := client.User.GetUser(ctx, "me")
-	require.NoError(t, err, "Getting the current user should not error")
-
-	subscriptions, _, err := client.User.ListUserSubscriptions(ctx, user.Id)
-	require.NoError(t, err, "Should not error listing user subscriptions")
-
-	assert.True(t, len(subscriptions) > 0, "User should have subscriptions")
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, resp, err := client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-	assert.Equal(t, http.StatusNotFound, resp.StatusCode, "Should not have been able to find user")
-}
-
-func TestGetUserSubscriptionByNotificationType(t *testing.T) {
-	// FIXME get user subscriptions by notification type is getting an API error
-	// due to this documentated limitation:
-	//
-	// Get the subscriptions of a User with a specific notification type. Only
-	// gets subscriptions for current user. An AccessDeniedException message is
-	// sent if requests are made from other users.
-	//
-	// Have tried creating a user and getting the current user: GET /api/v1/users/me
-	t.Skip("Need to determine how to set up environment for GetUserSubscriptionByNotificationType")
-
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err)
-
-	user, _, err := client.User.GetUser(ctx, "me")
-	require.NoError(t, err, "Getting the current user should not error")
-
-	expectedNotificationType := "OKTA_ANNOUNCEMENT"
-	subscription, _, err := client.User.GetUserSubscriptionByNotificationType(ctx, user.Id, expectedNotificationType)
-	require.NoError(t, err, "Should not error getting user subscription by notification types")
-
-	assert.True(t, subscription.NotificationType == "OKTA_ANNOUNCEMENT", "User should have subscription notification type %q, got %q", expectedNotificationType, subscription.NotificationType)
-
-	// Deactivate the user → POST /api/v1/users/{{userId}}/lifecycle/deactivate
-	_, err = client.User.DeactivateUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deactivating")
-
-	// Delete the user → DELETE /api/v1/users/{{userId}}
-	_, err = client.User.DeactivateOrDeleteUser(ctx, user.Id, nil)
-	require.NoError(t, err, "Should not error when deleting")
-
-	// Verify that the user is deleted by calling get on user (Exception thrown with 404 error message) → GET /api/v1/users/{{userId}}
-	_, resp, err := client.User.GetUser(ctx, user.Id)
-	require.Error(t, err, "User should not exist, but does")
-	assert.Equal(t, http.StatusNotFound, resp.StatusCode, "Should not have been able to find user")
-}
diff --git a/tests/integration/user_type_test.go b/tests/integration/user_type_test.go
deleted file mode 100644
index 490ad10ce..000000000
--- a/tests/integration/user_type_test.go
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package integration
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_can_create_user_type(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	ut := okta.UserType{
-		Description: "My Custom User Type",
-		DisplayName: "Display Name",
-		Name:        randomTestString(),
-	}
-
-	userType, response, err := client.UserType.CreateUserType(ctx, ut)
-	require.NoError(t, err, "creating a user type should not error")
-	tests.AssertResponse(t, response, "POST", "/api/v1/meta/types/user")
-
-	assert_user_type_model(t, userType)
-
-	_, err = client.UserType.DeleteUserType(ctx, userType.Id)
-	require.NoError(t, err, "deleting a user type should not error")
-}
-
-func Test_can_list_user_types(t *testing.T) {
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err)
-
-	userTypes, response, err := client.UserType.ListUserTypes(ctx)
-	require.NoError(t, err, "list user types should not error")
-	tests.AssertResponse(t, response, "GET", "/api/v1/meta/types/user")
-
-	assert_user_type_model(t, userTypes[0])
-}
-
-func assert_user_type_model(t *testing.T, userType *okta.UserType) {
-	assert.NotEmpty(t, userType.Id, "id should not be empty")
-	assert.NotEmpty(t, userType.Created, "created should not be empty")
-	assert.IsType(t, &time.Time{}, userType.Created, "created should not be of type `*time.Time`")
-	assert.NotEmpty(t, userType.CreatedBy, "createdBy should not be empty")
-	assert.NotEmpty(t, userType.DisplayName, "displayName should not be empty")
-	assert.NotEmpty(t, userType.LastUpdated, "lastUpdated should not be empty")
-	assert.IsType(t, &time.Time{}, userType.LastUpdated, "lastUpdated should not be of type `*time.Time`")
-	assert.NotEmpty(t, userType.LastUpdatedBy, "lastUpdatedBy should not be empty")
-	assert.NotEmpty(t, userType.Name, "name should not be empty")
-}
diff --git a/tests/mocks.go b/tests/mocks.go
deleted file mode 100644
index b1f9d26a0..000000000
--- a/tests/mocks.go
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package tests
-
-import (
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/jarcoal/httpmock"
-)
-
-func Mock429Response() *http.Response {
-	loc, _ := time.LoadLocation("UTC")
-	zulu := time.Now().In(loc)
-	header := http.Header{}
-	header.Add("X-Okta-Now", strconv.FormatInt(zulu.Unix(), 10))
-	header.Add("X-Rate-Limit-Reset", strconv.FormatInt(time.Now().Unix()+1, 10))
-	header.Add("X-Okta-Request-id", "a-request-id")
-	header.Add("Content-Type", "application/json")
-	header.Add("Date", zulu.Format("Mon, 02 Jan 2006 15:04:05 GMT"))
-
-	return &http.Response{
-		Status:        strconv.Itoa(429),
-		StatusCode:    429,
-		Body:          httpmock.NewRespBodyFromString("{}"),
-		Header:        header,
-		ContentLength: -1,
-	}
-}
-
-func Mock429ResponseNoResetHeader() *http.Response {
-	loc, _ := time.LoadLocation("UTC")
-	zulu := time.Now().In(loc)
-	header := http.Header{}
-	header.Add("X-Okta-Now", strconv.FormatInt(zulu.Unix(), 10))
-	header.Add("X-Okta-Request-id", "a-request-id")
-	header.Add("Content-Type", "application/json")
-	header.Add("Date", zulu.Format("Mon, 02 Jan 2006 15:04:05 GMT"))
-
-	return &http.Response{
-		Status:        strconv.Itoa(429),
-		StatusCode:    429,
-		Body:          httpmock.NewRespBodyFromString("{}"),
-		Header:        header,
-		ContentLength: -1,
-	}
-}
-
-func Mock429ResponseNoDateHeader() *http.Response {
-	loc, _ := time.LoadLocation("UTC")
-	zulu := time.Now().In(loc)
-	header := http.Header{}
-	header.Add("X-Okta-Now", strconv.FormatInt(zulu.Unix(), 10))
-	header.Add("X-Rate-Limit-Reset", strconv.FormatInt(time.Now().Unix()+1, 10))
-	header.Add("X-Okta-Request-id", "a-request-id")
-	header.Add("Content-Type", "application/json")
-
-	return &http.Response{
-		Status:        strconv.Itoa(429),
-		StatusCode:    429,
-		Body:          httpmock.NewRespBodyFromString("{}"),
-		Header:        header,
-		ContentLength: -1,
-	}
-}
-
-func Mock429ResponseMultipleHeaders() *http.Response {
-	loc, _ := time.LoadLocation("UTC")
-	zulu := time.Now().In(loc)
-	header := http.Header{}
-	header.Add("X-Okta-Now", strconv.FormatInt(zulu.Unix(), 10))
-	header.Add("X-Rate-Limit-Reset", strconv.FormatInt(time.Now().Unix()+20, 10))
-	header.Add("X-Rate-Limit-Reset", strconv.FormatInt(time.Now().Unix()+10, 10))
-	header.Add("X-Okta-Request-id", "a-request-id")
-	header.Add("Content-Type", "application/json")
-	header.Add("Date", zulu.Format("Mon, 02 Jan 2006 15:04:05 GMT"))
-
-	return &http.Response{
-		Status:        strconv.Itoa(429),
-		StatusCode:    429,
-		Body:          httpmock.NewRespBodyFromString("{}"),
-		Header:        header,
-		ContentLength: -1,
-	}
-}
-
-func MockValidResponse() *http.Response {
-	header := http.Header{}
-	header.Add("X-Okta-Request-id", "another-request-id")
-	header.Add("Content-Type", "application/json")
-	header.Add("Date", time.Now().Add(time.Second*10).Format(time.RFC3339))
-
-	return &http.Response{
-		Status:        strconv.Itoa(200),
-		StatusCode:    200,
-		Body:          httpmock.NewRespBodyFromString("[]"),
-		Header:        header,
-		ContentLength: -1,
-	}
-}
-
-func MockSessionCreateResponse() *http.Response {
-	header := http.Header{}
-	header.Add("X-Okta-Request-id", "another-request-id")
-	header.Add("Content-Type", "application/json")
-	header.Add("Accept", "application/json")
-	header.Add("Date", time.Now().Add(time.Second*10).Format(time.RFC3339))
-
-	return &http.Response{
-		Status:     strconv.Itoa(200),
-		StatusCode: 200,
-		Body: httpmock.NewRespBodyFromString(`{
-			"id": "101W_juydrDRByB7fUdRyE2JQ",
-			"login": "user@example.com",
-			"userId": "00ubgaSARVOQDIOXMORI",
-			"expiresAt": "2015-08-30T18:41:35.818Z",
-			"status": "ACTIVE",
-			"lastPasswordVerification": "2015-08-30T18:41:35.818Z",
-			"lastFactorVerification": null,
-			"amr": [
-			  "pwd"
-			],
-			"idp": {
-			  "id": "00oi5cpnylv792IcF0g3",
-			  "type": "OKTA"
-			},
-			"mfaActive": false}`),
-		Header:        header,
-		ContentLength: -1,
-	}
-}
diff --git a/tests/testCommon.go b/tests/testCommon.go
deleted file mode 100644
index 5799ae6f5..000000000
--- a/tests/testCommon.go
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package tests
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/jarcoal/httpmock"
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func NewClient(ctx context.Context, conf ...okta.ConfigSetter) (context.Context, *okta.Client, error) {
-	return okta.NewClient(ctx, conf...)
-}
-
-func MockResponse(responses ...*http.Response) httpmock.Responder {
-	return func(req *http.Request) (*http.Response, error) {
-		httpmock.GetTotalCallCount()
-		info := httpmock.GetCallCountInfo()
-		count := info[req.Method+" "+req.URL.Path]
-
-		if len(responses) >= count {
-			return responses[count-1], nil
-		}
-
-		return nil, fmt.Errorf("no response found for call %v to %s", count, req.URL.Path)
-	}
-}
-
-func AssertResponse(t *testing.T, response *okta.Response, requestMethod string, requestPath string) {
-	require.IsType(t, &okta.Response{}, response, "did not return `*okta.Response` type as second variable")
-	assert.Equal(t, requestMethod, response.Response.Request.Method, "did not make a requestMethod request")
-	assert.Equal(t, requestPath, response.Response.Request.URL.Path, "path for request was incorrect")
-}
diff --git a/tests/unit/cache_test.go b/tests/unit/cache_test.go
deleted file mode 100644
index 84f2b60c6..000000000
--- a/tests/unit/cache_test.go
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package unit
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/jarcoal/httpmock"
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/okta/cache"
-	"github.com/okta/okta-sdk-golang/v2/okta/query"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_cache_key_can_be_created_from_request_object(t *testing.T) {
-	var buff io.ReadWriter
-	request, _ := http.NewRequest("GET", "https://example.com/sample/cache-key/test+test@test."+
-		"com?with=a&query=string",
-		buff)
-
-	cacheKey := cache.CreateCacheKey(request)
-
-	assert.Equal(t, "https://example.com/sample/cache-key/test+test@test.com?with=a&query=string", cacheKey,
-		"The cache key was not created correctly.")
-}
-
-func Test_an_item_can_be_stored_in_cache(t *testing.T) {
-	var buff io.ReadWriter
-	url := "https://example.com/sample/cache-key/"
-	request, _ := http.NewRequest("GET", url, buff)
-
-	cacheKey := cache.CreateCacheKey(request)
-
-	myCache := cache.NewGoCache(30, 30)
-
-	found := myCache.Has(cacheKey)
-	assert.False(t, found, "item already existed in cache")
-
-	toCache := "test Item"
-	record := httptest.NewRecorder()
-	record.WriteString(toCache)
-	result := record.Result()
-
-	myCache.Set(cacheKey, result)
-
-	found = myCache.Has(cacheKey)
-	assert.True(t, found, "item does not exist in cache")
-
-	pulledFromCache := myCache.Get(cacheKey)
-
-	assert.NotEqual(t, result, pulledFromCache, "Item pulled from cache was not a copy")
-	cachedBody, _ := ioutil.ReadAll(pulledFromCache.Body)
-	assert.Equal(t, toCache, string(cachedBody), "Item pulled from cache was not correct")
-}
-
-func Test_an_item_can_be_deleted_from_cache(t *testing.T) {
-	var buff io.ReadWriter
-	url := "https://example.com/sample/cache-key/delete"
-	request, _ := http.NewRequest("GET", url, buff)
-
-	cacheKey := cache.CreateCacheKey(request)
-
-	myCache := cache.NewGoCache(30, 30)
-
-	record := httptest.NewRecorder()
-	record.WriteString("test Item")
-	result := record.Result()
-
-	myCache.Set(cacheKey, result)
-
-	found := myCache.Has(cacheKey)
-	assert.True(t, found, "item does not exist in cache")
-
-	myCache.Delete(cacheKey)
-
-	found = myCache.Has(cacheKey)
-	assert.False(t, found, "item was not deleted from cache")
-}
-
-func Test_cache_can_be_cleared(t *testing.T) {
-	var buff io.ReadWriter
-	url := "https://example.com/sample/cache-key/clear"
-	request, _ := http.NewRequest("GET", url, buff)
-
-	cacheKey := cache.CreateCacheKey(request)
-
-	myCache := cache.NewGoCache(30, 30)
-
-	record := httptest.NewRecorder()
-	record.WriteString("test Item")
-	result := record.Result()
-
-	myCache.Set(cacheKey, result)
-
-	found := myCache.Has(cacheKey)
-	assert.True(t, found, "item does not exist in cache")
-
-	myCache.Clear()
-
-	found = myCache.Has(cacheKey)
-	assert.False(t, found, "cache was not cleared")
-}
-
-// TestOAuthTokensAlwaysCached demonstrates oauth tokens are always cached even
-// when the client has request caching disabled.
-func TestOAuthTokensAlwaysCached(t *testing.T) {
-	httpmock.Activate()
-	defer httpmock.DeactivateAndReset()
-
-	ctx, client, err := tests.NewClient(context.TODO(),
-		okta.WithCache(false),
-		okta.WithOrgUrl("https://testing.oktapreview.com"),
-		okta.WithAuthorizationMode("PrivateKey"),
-		okta.WithClientId("abc"),
-		okta.WithPrivateKey(`
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
-KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
-o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
-TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
-9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
-v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
-/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
------END RSA PRIVATE KEY-----
-		`),
-		okta.WithScopes(([]string{"okta.apps.read"})))
-	require.NoError(t, err)
-
-	accessToken := okta.RequestAccessToken{
-		TokenType:   "Bearer",
-		ExpiresIn:   3600,
-		AccessToken: "xyz",
-		Scope:       "okta.apps.read",
-	}
-	httpmockTokenURLRegex := `=~^https://testing\.oktapreview\.com/oauth2/v1/token\?client_assertion=.*\z`
-	jsonResp, err := httpmock.NewJsonResponder(200, accessToken)
-	require.NoError(t, err)
-	httpmock.RegisterResponder("POST", httpmockTokenURLRegex, jsonResp)
-
-	adminConsole := []okta.Application{{
-		Id:     "abc123",
-		Name:   "saasure",
-		Label:  "Okta Admin Console",
-		Status: "ACTIVE",
-	}}
-	jsonResp, err = httpmock.NewJsonResponder(200, adminConsole)
-	require.NoError(t, err)
-	httpmockAdminConsoleRegex := `=~^https://testing\.oktapreview\.com/api/v1/apps?.*q\=Okta\+Admin\+Console.*\z`
-	httpmock.RegisterResponder("GET", httpmockAdminConsoleRegex, jsonResp)
-
-	dashboard := []okta.Application{{
-		Id:     "def456",
-		Name:   "okta_enduser",
-		Label:  "Okta Dashboard",
-		Status: "ACTIVE",
-	}}
-	jsonResp, err = httpmock.NewJsonResponder(200, dashboard)
-	require.NoError(t, err)
-	httpmockDashboardRegex := `=~^https://testing\.oktapreview\.com/api/v1/apps?.*q\=Okta\+Dashboard.*\z`
-	httpmock.RegisterResponder("GET", httpmockDashboardRegex, jsonResp)
-
-	_, _, err = client.Application.ListApplications(ctx, &query.Params{Limit: 1, Filter: "status eq ACTIVE", Q: "Okta Admin Console"})
-	require.NoError(t, err)
-	_, _, err = client.Application.ListApplications(ctx, &query.Params{Limit: 1, Filter: "status eq ACTIVE", Q: "Okta Admin Console"})
-	require.NoError(t, err)
-
-	_, _, err = client.Application.ListApplications(ctx, &query.Params{Limit: 1, Filter: "status eq ACTIVE", Q: "Okta Dashboard"})
-	require.NoError(t, err)
-	_, _, err = client.Application.ListApplications(ctx, &query.Params{Limit: 1, Filter: "status eq ACTIVE", Q: "Okta Dashboard"})
-	require.NoError(t, err)
-
-	info := httpmock.GetCallCountInfo()
-	totalCalls := httpmock.GetTotalCallCount()
-
-	assert.Equal(t, 5, totalCalls, fmt.Sprintf("there should only be 5 API calls in this test but there were %d calls", totalCalls))
-
-	// Tokens from requests should be cached.
-	require.True(t, info[fmt.Sprintf("POST %s", httpmockTokenURLRegex)] == 1, "tokens endpoint should only be called once")
-
-	// But all other requests should not be cached.
-	require.True(t, info[fmt.Sprintf("GET %s", httpmockAdminConsoleRegex)] == 2)
-	require.True(t, info[fmt.Sprintf("GET %s", httpmockDashboardRegex)] == 2)
-}
diff --git a/tests/unit/client_config_test.go b/tests/unit/client_config_test.go
deleted file mode 100644
index 226c0f2e4..000000000
--- a/tests/unit/client_config_test.go
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package unit
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/jarcoal/httpmock"
-	"github.com/okta/okta-sdk-golang/v2/okta"
-
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_error_on_empty_url(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithOrgUrl(""))
-	assert.Error(t, err, "Does not error when org url is missing")
-}
-
-func Test_error_when_url_contains_yourOktaDomain(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithOrgUrl("https://{yourOktaDomain}"))
-	assert.Error(t, err, "Does not error when org url contains {yourOktaDomain}")
-}
-
-func Test_error_when_url_contains_admin_okta_com(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithOrgUrl("https://test-admin.okta.com"))
-	assert.Error(t, err, "Does not error when org url contains test-admin.okta.com")
-}
-
-func Test_error_when_url_contains_admin_oktapreview_com(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithOrgUrl("https://test-admin.oktapreview.com"))
-	assert.Error(t, err, "Does not error when org url contains test-admin.oktapreview.com")
-}
-
-func Test_error_when_url_contains_admin_okta_emea_com(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithOrgUrl("https://test-admin.okta-emea.com"))
-	assert.Error(t, err, "Does not error when org url contains test-admin.okta-emea.com")
-}
-
-func Test_error_when_url_contains_com_com(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithOrgUrl("https://test.okta.com.com"))
-	assert.Error(t, err, "Does not error when org url contains .com.com")
-}
-
-func Test_error_when_url_does_not_begin_with_https(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithTestingDisableHttpsCheck(false), okta.WithOrgUrl("http://test.okta.com"))
-	assert.Error(t, err, "Does not error when url contains only http")
-}
-
-func Test_error_when_api_token_is_empty(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithToken(""))
-	assert.Error(t, err, "Does not error when api token is empty")
-}
-
-func Test_error_when_api_token_contains_placeholder(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithToken("{apiToken}"))
-	assert.Error(t, err, "Does not error when api token contains {apiToken}")
-}
-
-func Test_error_when_authorization_mode_is_not_valid(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithAuthorizationMode("invalid"))
-	assert.Error(t, err, "Does not error when authorization mode is invalid")
-}
-
-func Test_does_not_error_when_authorization_mode_is_valid(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithAuthorizationMode("SSWS"))
-	assert.NoError(t, err, "Should not error when authorization mode is SSWS")
-}
-
-func Test_does_not_error_when_authorization_mode_is_brearer(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithAuthorizationMode("Bearer"))
-	assert.NoError(t, err, "Should not error when authorization mode is Bearer")
-}
-
-func Test_will_error_if_private_key_authorization_type_with_missing_properties(t *testing.T) {
-	_, _, err := tests.NewClient(context.TODO(), okta.WithAuthorizationMode("PrivateKey"), okta.WithClientId(""))
-	assert.Error(t, err, "Does not error if private key selected with no other required options")
-}
-
-type InterceptingRoundTripperTest struct {
-	Name                    string
-	Blocking                bool
-	Interceptor             func(*http.Request) error
-	ExpectedTransportCalls  int
-	ExpectInterceptorCalled bool
-	ExpectSdkErrorThrown    bool
-}
-
-func Test_Intercepting_RoundTripper(t *testing.T) {
-	interceptorCalled := false
-	testsToRun := []InterceptingRoundTripperTest{
-		{
-			Name:     "Calls interceptor",
-			Blocking: false,
-			Interceptor: func(r *http.Request) error {
-				interceptorCalled = true
-				return nil
-			},
-			ExpectedTransportCalls:  1,
-			ExpectInterceptorCalled: true,
-			ExpectSdkErrorThrown:    false,
-		},
-		{
-			Name:     "Does not call transport when interceptor panics when blocking",
-			Blocking: true,
-			Interceptor: func(r *http.Request) error {
-				interceptorCalled = true
-				panic("Some err")
-			},
-			ExpectedTransportCalls:  0,
-			ExpectInterceptorCalled: true,
-			ExpectSdkErrorThrown:    true,
-		},
-		{
-			Name:     "Calls transport when interceptor panics when non blocking",
-			Blocking: false,
-			Interceptor: func(r *http.Request) error {
-				interceptorCalled = true
-				panic("Some err")
-			},
-			ExpectedTransportCalls:  1,
-			ExpectInterceptorCalled: true,
-			ExpectSdkErrorThrown:    false,
-		},
-		{
-			Name:     "Does not call transport when interceptor throws err when blocking",
-			Blocking: true,
-			Interceptor: func(r *http.Request) error {
-				interceptorCalled = true
-				return fmt.Errorf("Some error")
-			},
-			ExpectedTransportCalls:  0,
-			ExpectInterceptorCalled: true,
-			ExpectSdkErrorThrown:    true,
-		},
-		{
-			Name:     "Calls transport when interceptor throws err when not blocking",
-			Blocking: false,
-			Interceptor: func(r *http.Request) error {
-				interceptorCalled = true
-				return fmt.Errorf("Some error")
-			},
-			ExpectedTransportCalls:  1,
-			ExpectInterceptorCalled: true,
-			ExpectSdkErrorThrown:    false,
-		},
-	}
-
-	for _, test := range testsToRun {
-		t.Run(
-			test.Name,
-			func(t *testing.T) {
-				mockHttpClient := http.DefaultClient
-				mockTransport := httpmock.DefaultTransport
-				mockTransport.RegisterNoResponder(func(r *http.Request) (*http.Response, error) {
-					return &http.Response{StatusCode: 200}, nil
-				})
-				mockHttpClient.Transport = mockTransport
-
-				_, oktaClient, err := tests.NewClient(
-					context.TODO(),
-					okta.WithHttpInterceptorAndHttpClientPtr(test.Interceptor, mockHttpClient, test.Blocking),
-				)
-				assert.NoError(t, err)
-
-				_, _, err = oktaClient.IdentityProvider.ActivateIdentityProvider(context.TODO(), "Anything")
-
-				if test.ExpectSdkErrorThrown {
-					assert.Error(t, err)
-				} else {
-					assert.NoError(t, err)
-				}
-
-				assert.Equal(t, test.ExpectInterceptorCalled, interceptorCalled)
-
-				callCount := mockTransport.GetTotalCallCount()
-
-				assert.Equal(t, test.ExpectedTransportCalls, callCount)
-
-				interceptorCalled = false
-				mockTransport.ZeroCallCounters()
-			},
-		)
-	}
-}
diff --git a/tests/unit/int64PtrMarshal_test.go b/tests/unit/int64PtrMarshal_test.go
deleted file mode 100644
index 83a510c6d..000000000
--- a/tests/unit/int64PtrMarshal_test.go
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package unit
-
-import (
-	"encoding/json"
-	"testing"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/stretchr/testify/require"
-)
-
-// TestInt64PtrMarshal tests the generated code marshaling for the int64
-// pointers using PasswordPolicy as test case.
-func TestInt64PtrMarshal(t *testing.T) {
-	// Example mainting old behavior, Priority is 0 so it doesn't get
-	// marshalled/unmarshalled at all and the pointer is not utilized. This is
-	// to keep the code backwards compatible.
-	example := okta.PasswordPolicy{Priority: 0}
-	_json, _ := json.Marshal(&example)
-	var passwordPolicy okta.PasswordPolicy
-	_ = json.Unmarshal(_json, &passwordPolicy)
-	require.Equal(t, int64(0), passwordPolicy.Priority)
-	require.Nil(t, passwordPolicy.PriorityPtr)
-
-	// Example mainting old behavior, Priority is 1 so it gets
-	// marshalled/marshalled untilizing the int pointer. This is to keep the
-	// code backwards compatible.
-	example = okta.PasswordPolicy{Priority: 1}
-	_json, _ = json.Marshal(&example)
-	passwordPolicy = okta.PasswordPolicy{}
-	_ = json.Unmarshal(_json, &passwordPolicy)
-	require.Equal(t, int64(1), passwordPolicy.Priority)
-	require.NotNil(t, passwordPolicy.PriorityPtr)
-	require.Equal(t, int64(1), *passwordPolicy.PriorityPtr)
-
-	// Exmaple new behavior, int pointer maintains value during
-	// marshal/unmarshal
-	example = okta.PasswordPolicy{PriorityPtr: okta.Int64Ptr(9)}
-	_json, _ = json.Marshal(&example)
-	passwordPolicy = okta.PasswordPolicy{}
-	_ = json.Unmarshal(_json, &passwordPolicy)
-	require.Equal(t, int64(9), passwordPolicy.Priority)
-	require.NotNil(t, passwordPolicy.PriorityPtr)
-	require.Equal(t, int64(9), *passwordPolicy.PriorityPtr)
-}
diff --git a/tests/unit/request_executor_test.go b/tests/unit/request_executor_test.go
deleted file mode 100644
index 1450115e8..000000000
--- a/tests/unit/request_executor_test.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package unit
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/assert"
-)
-
-// readerFun makes it easier to implement an inline reader as a closure function.
-type readerFun func(p []byte) (n int, err error)
-
-// Read, part of io.Reader interface.
-func (r readerFun) Read(p []byte) (n int, err error) { return r(p) }
-
-// slowTransport provides a dummy http-like transport serving fixed content, but slowly.
-type slowTransport struct{}
-
-// RoundTrip, part of http.Transport interface. This servers 42 as a JSON response, but slowly.
-// In particular, we serve the response immediately, but getting the body takes some milliseconds.
-func (t slowTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	realBody := strings.NewReader("42")
-	// This body takes 1 millisecond to read. It also needs a valid context for the whole duration.
-	slowBody := func(p []byte) (n int, err error) {
-		select {
-		case <-req.Context().Done():
-			return 0, req.Context().Err()
-		case <-time.After(1 * time.Millisecond):
-			return realBody.Read(p)
-		}
-	}
-
-	rsp := &http.Response{
-		StatusCode: 200,
-		Body:       io.NopCloser(readerFun(slowBody)),
-		Header:     http.Header{},
-		Request:    req,
-	}
-	rsp.Header.Set("Content-Type", "application/json")
-	return rsp, nil
-}
-
-// TestExecuteRequest tests that the request executor can handle a slow response.
-// In particular, we want to make sure that the context is properly passed through
-// and not canceled too early.
-func TestExecuteRequest(t *testing.T) {
-	cfg := []okta.ConfigSetter{
-		okta.WithOrgUrl("https://fakeurl"),                               // This is ignored, but required for validator.
-		okta.WithToken("foo"),                                            // ditto.
-		okta.WithHttpClientPtr(&http.Client{Transport: slowTransport{}}), // Use our more realistic transport.
-		okta.WithRequestTimeout(10),                                      // The context issues are gated with actually having a timeout.
-	}
-	ctx, cl, err := tests.NewClient(context.Background(), cfg...)
-	assert.NoError(t, err, "Basic client errors")
-	req, err := http.NewRequest("GET", "https://fakeurl", http.NoBody)
-	assert.NoError(t, err, "Request building")
-	var out int
-	rs, err := cl.GetRequestExecutor().Do(ctx, req, &out)
-	assert.NoError(t, err, "Request execution")
-	if rs.StatusCode != 200 || out != 42 {
-		t.Errorf("Got val=%d status=%d, want 42 status=200", out, rs.StatusCode)
-	}
-}
diff --git a/tests/unit/retry_logic_test.go b/tests/unit/retry_logic_test.go
deleted file mode 100644
index a2ad9debb..000000000
--- a/tests/unit/retry_logic_test.go
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package unit
-
-import (
-	"context"
-	"testing"
-
-	"github.com/jarcoal/httpmock"
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_429_Will_Automatically_Retry(t *testing.T) {
-	httpmock.Activate()
-	defer httpmock.DeactivateAndReset()
-
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err, "failed to create client")
-
-	httpmock.RegisterResponder("GET", "/api/v1/users",
-		tests.MockResponse(
-			tests.Mock429Response(),
-			tests.MockValidResponse(),
-		),
-	)
-
-	_, resp, err := client.User.ListUsers(ctx, nil)
-	require.Nil(t, err, "Error should have been nil")
-	require.NotNil(t, resp, "Response was nil")
-
-	httpmock.GetTotalCallCount()
-	info := httpmock.GetCallCountInfo()
-	require.Equal(t, 2, info["GET /api/v1/users"], "did not make exactly 2 call to /api/v1/users")
-}
-
-func Test_Will_Stop_Retrying_Based_On_Max_Retry_Configuration(t *testing.T) {
-	httpmock.Activate()
-	defer httpmock.DeactivateAndReset()
-
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithRequestTimeout(0), okta.WithRateLimitMaxRetries(1))
-	require.NoError(t, err)
-
-	httpmock.RegisterResponder("GET", "/api/v1/users",
-		tests.MockResponse(
-			tests.Mock429Response(),
-			tests.Mock429Response(),
-		),
-	)
-
-	_, _, err = client.User.ListUsers(ctx, nil)
-	require.NotNil(t, err, "error was nil, but should have told the user they reached their max retry limit")
-
-	httpmock.GetTotalCallCount()
-	info := httpmock.GetCallCountInfo()
-
-	require.False(t, info["GET /api/v1/users"] < 2, "should have done at least one retry call to /api/v1/users")
-	require.Equal(t, 2, info["GET /api/v1/users"], "should have thrown error after first retry to /api/v1/users")
-}
-
-func Test_Will_Handle_Backoff_Strategy_For_429(t *testing.T) {
-	httpmock.Activate()
-	defer httpmock.DeactivateAndReset()
-
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithRequestTimeout(1), okta.WithRateLimitMaxRetries(3))
-	require.NoError(t, err, "failed to create client")
-
-	httpmock.RegisterResponder("GET", "/api/v1/users",
-		tests.MockResponse(
-			tests.Mock429Response(),
-			tests.Mock429Response(),
-			tests.Mock429Response(),
-			tests.MockValidResponse(),
-		),
-	)
-
-	_, _, err = client.User.ListUsers(ctx, nil)
-	require.NotNil(t, err, "error was nil, but should have told the user they reached their max retry limit")
-
-	httpmock.GetTotalCallCount()
-	info := httpmock.GetCallCountInfo()
-
-	require.Equal(t, 1, info["GET /api/v1/users"], "should have thrown error before first retry to /api/v1/users due to request timeout")
-}
-
-func Test_a_429_with_x_reset_header_throws_error(t *testing.T) {
-	httpmock.Activate()
-	defer httpmock.DeactivateAndReset()
-
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err, "failed to create client")
-
-	httpmock.RegisterResponder("GET", "/api/v1/users",
-		tests.MockResponse(
-			tests.Mock429ResponseNoResetHeader(),
-		),
-	)
-
-	_, _, err = client.User.ListUsers(ctx, nil)
-
-	require.NotNil(t, err, "error should not be nil. It should let user know the reset header is required")
-}
-
-func Test_a_429_with_no_date_header_throws_error(t *testing.T) {
-	httpmock.Activate()
-	defer httpmock.DeactivateAndReset()
-
-	ctx, client, err := tests.NewClient(context.TODO())
-	require.NoError(t, err, "failed to create client")
-
-	httpmock.RegisterResponder("GET", "/api/v1/users",
-		tests.MockResponse(
-			tests.Mock429ResponseNoDateHeader(),
-		),
-	)
-
-	_, _, err = client.User.ListUsers(ctx, nil)
-
-	require.NotNil(t, err, "error should not be nil. It should let user know the date header is required")
-}
-
-func Test_gets_the_correct_backoff_time(t *testing.T) {
-	backoff, err := okta.Get429BackoffTime(tests.Mock429Response())
-	require.NoError(t, err)
-
-	require.Equal(t, int64(2), backoff, "backoff time should have only been 1 second")
-}
diff --git a/tests/unit/session_test.go b/tests/unit/session_test.go
deleted file mode 100644
index dc8255fdb..000000000
--- a/tests/unit/session_test.go
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package unit
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-
-	"github.com/jarcoal/httpmock"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-)
-
-func Test_Create_Session(t *testing.T) {
-	httpmock.Activate()
-	defer httpmock.DeactivateAndReset()
-
-	ctx, client, err := tests.NewClient(context.TODO(), okta.WithCache(false))
-	require.NoError(t, err, "failed to create client")
-
-	httpmock.RegisterResponder("POST", "/api/v1/sessions",
-		tests.MockResponse(
-			tests.MockSessionCreateResponse(),
-		),
-	)
-
-	csr := okta.CreateSessionRequest{
-		SessionToken: "abc123",
-	}
-
-	_, resp, err := client.Session.CreateSession(ctx, csr)
-	require.Nil(t, err, "Error should have been nil")
-	require.NotNil(t, resp, "Response was nil")
-
-	httpmock.GetTotalCallCount()
-	info := httpmock.GetCallCountInfo()
-	require.Equal(t, 1, info["POST /api/v1/sessions"], "did not make exactly 1 call to /api/v1/sessions")
-}
diff --git a/tests/unit/socialAuthToken_test.go b/tests/unit/socialAuthToken_test.go
deleted file mode 100644
index 013d9cd18..000000000
--- a/tests/unit/socialAuthToken_test.go
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package unit
-
-import (
-	"encoding/json"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-)
-
-func TestSocialAuthTokenMarshaling(t *testing.T) {
-	type errorTestCases struct {
-		name              string
-		_json             []byte
-		expectedScopes    []string
-		expectedExpiredAt string
-	}
-
-	for _, scenario := range []errorTestCases{
-		{
-			name: "social auth base case",
-			_json: []byte(`
-				{
-					"id": "<unique token identifier>",
-					"token": "JBTWGV22G4ZGKV3N",
-					"tokenType" : "urn:ietf:params:oauth:token-type:access_token",
-					"tokenAuthScheme": "Bearer",
-					"expiresAt" : "2014-08-06T16:56:31.000Z",
-					"scopes" : [
-						"email",
-						"openid",
-						"profile"
-					]
-			  	}
-			`),
-			expectedScopes:    []string{"email", "openid", "profile"},
-			expectedExpiredAt: "2014-08-06T16:56:31.000Z",
-		},
-		{
-			name: "social auth token with blank exiresAt",
-			_json: []byte(`
-				{
-					"id": "<unique token identifier>",
-					"token": "JBTWGV22G4ZGKV3N",
-					"tokenType" : "urn:ietf:params:oauth:token-type:access_token",
-					"tokenAuthScheme": null,
-					"expiresAt" : "",
-					"scopes" : []
-			  	}
-			`),
-			expectedScopes: []string{},
-		},
-	} {
-		t.Run(scenario.name, func(t *testing.T) {
-			var token okta.SocialAuthToken
-			err := json.Unmarshal(scenario._json, &token)
-			require.NoError(t, err)
-
-			if scenario.expectedExpiredAt == "" {
-				require.Nil(t, token.ExpiresAt)
-			} else {
-				expectedExpiredAt, err := time.Parse(time.RFC3339, scenario.expectedExpiredAt)
-				require.NoError(t, err)
-				require.Equal(t, &expectedExpiredAt, token.ExpiresAt)
-			}
-
-			require.Equal(t, scenario.expectedScopes, token.Scopes)
-		})
-	}
-}
diff --git a/tests/unit/user_agent_test.go b/tests/unit/user_agent_test.go
deleted file mode 100644
index a4adab677..000000000
--- a/tests/unit/user_agent_test.go
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2018 - Present Okta, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package unit
-
-import (
-	"context"
-	"runtime"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/okta/okta-sdk-golang/v2/okta"
-	"github.com/okta/okta-sdk-golang/v2/tests"
-)
-
-func TestUserAgent(t *testing.T) {
-	_, client, _ := tests.NewClient(context.TODO(), okta.WithOrgUrl("https://example.com"))
-	agent := okta.NewUserAgent(client.GetConfig())
-	userAgent := "okta-sdk-golang/" + okta.Version + " golang/" + runtime.Version() + " " + runtime.GOOS + "/" + runtime.GOARCH
-	require.Equal(t, userAgent, agent.String())
-}
-
-func TestUserAgentWithExtra(t *testing.T) {
-	_, client, _ := tests.NewClient(context.TODO(),
-		okta.WithOrgUrl("https://example.com"),
-		okta.WithUserAgentExtra("extra"),
-	)
-	agent := okta.NewUserAgent(client.GetConfig())
-	userAgent := "okta-sdk-golang/" + okta.Version + " golang/" + runtime.Version() + " " + runtime.GOOS + "/" + runtime.GOARCH + " extra"
-	require.Equal(t, userAgent, agent.String())
-}